xref: /linux/drivers/net/wireless/ath/ath10k/mac.c (revision 6dfafbd0299a60bfb5d5e277fdf100037c7ded07) 
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
7  */
8 
9 #include "mac.h"
10 
11 #include <linux/export.h>
12 #include <net/cfg80211.h>
13 #include <net/mac80211.h>
14 #include <linux/etherdevice.h>
15 #include <linux/acpi.h>
16 #include <linux/of.h>
17 #include <linux/bitfield.h>
18 #include <linux/random.h>
19 
20 #include "hif.h"
21 #include "core.h"
22 #include "debug.h"
23 #include "wmi.h"
24 #include "htt.h"
25 #include "txrx.h"
26 #include "testmode.h"
27 #include "wmi-tlv.h"
28 #include "wmi-ops.h"
29 #include "wow.h"
30 #include "leds.h"
31 
32 /*********/
33 /* Rates */
34 /*********/
35 
36 static struct ieee80211_rate ath10k_rates[] = {
37 	{ .bitrate = 10,
38 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
39 	{ .bitrate = 20,
40 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
41 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
42 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
43 	{ .bitrate = 55,
44 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
45 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
46 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
47 	{ .bitrate = 110,
48 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
49 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
50 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
51 
52 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
53 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
54 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
55 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
56 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
57 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
58 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
59 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
60 };
61 
62 static struct ieee80211_rate ath10k_rates_rev2[] = {
63 	{ .bitrate = 10,
64 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
65 	{ .bitrate = 20,
66 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
67 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
68 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
69 	{ .bitrate = 55,
70 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
71 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
72 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
73 	{ .bitrate = 110,
74 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
75 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
76 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
77 
78 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
79 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
80 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
81 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
82 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
83 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
84 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
85 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
86 };
87 
88 static const struct cfg80211_sar_freq_ranges ath10k_sar_freq_ranges[] = {
89 	{.start_freq = 2402, .end_freq = 2494 },
90 	{.start_freq = 5170, .end_freq = 5875 },
91 };
92 
93 static const struct cfg80211_sar_capa ath10k_sar_capa = {
94 	.type = NL80211_SAR_TYPE_POWER,
95 	.num_freq_ranges = (ARRAY_SIZE(ath10k_sar_freq_ranges)),
96 	.freq_ranges = &ath10k_sar_freq_ranges[0],
97 };
98 
99 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
100 
101 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
102 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
103 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
104 #define ath10k_g_rates (ath10k_rates + 0)
105 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
106 
107 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
108 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
109 
110 #define ath10k_wmi_legacy_rates ath10k_rates
111 
112 static bool ath10k_mac_bitrate_is_cck(int bitrate)
113 {
114 	switch (bitrate) {
115 	case 10:
116 	case 20:
117 	case 55:
118 	case 110:
119 		return true;
120 	}
121 
122 	return false;
123 }
124 
125 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
126 {
127 	return DIV_ROUND_UP(bitrate, 5) |
128 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
129 }
130 
131 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
132 			     u8 hw_rate, bool cck)
133 {
134 	const struct ieee80211_rate *rate;
135 	int i;
136 
137 	for (i = 0; i < sband->n_bitrates; i++) {
138 		rate = &sband->bitrates[i];
139 
140 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
141 			continue;
142 
143 		if (rate->hw_value == hw_rate)
144 			return i;
145 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
146 			 rate->hw_value_short == hw_rate)
147 			return i;
148 	}
149 
150 	return 0;
151 }
152 
153 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
154 			     u32 bitrate)
155 {
156 	int i;
157 
158 	for (i = 0; i < sband->n_bitrates; i++)
159 		if (sband->bitrates[i].bitrate == bitrate)
160 			return i;
161 
162 	return 0;
163 }
164 
165 static int ath10k_mac_get_rate_hw_value(int bitrate)
166 {
167 	int i;
168 	u8 hw_value_prefix = 0;
169 
170 	if (ath10k_mac_bitrate_is_cck(bitrate))
171 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
172 
173 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
174 		if (ath10k_rates[i].bitrate == bitrate)
175 			return hw_value_prefix | ath10k_rates[i].hw_value;
176 	}
177 
178 	return -EINVAL;
179 }
180 
181 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
182 {
183 	switch ((mcs_map >> (2 * nss)) & 0x3) {
184 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
185 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
186 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
187 	}
188 	return 0;
189 }
190 
191 static u32
192 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
193 {
194 	int nss;
195 
196 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
197 		if (ht_mcs_mask[nss])
198 			return nss + 1;
199 
200 	return 1;
201 }
202 
203 static u32
204 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
205 {
206 	int nss;
207 
208 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
209 		if (vht_mcs_mask[nss])
210 			return nss + 1;
211 
212 	return 1;
213 }
214 
215 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
216 {
217 	enum wmi_host_platform_type platform_type;
218 	int ret;
219 
220 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
221 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
222 	else
223 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
224 
225 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
226 
227 	if (ret && ret != -EOPNOTSUPP) {
228 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
229 		return ret;
230 	}
231 
232 	return 0;
233 }
234 
235 /**********/
236 /* Crypto */
237 /**********/
238 
239 static int ath10k_send_key(struct ath10k_vif *arvif,
240 			   struct ieee80211_key_conf *key,
241 			   enum set_key_cmd cmd,
242 			   const u8 *macaddr, u32 flags)
243 {
244 	struct ath10k *ar = arvif->ar;
245 	struct wmi_vdev_install_key_arg arg = {
246 		.vdev_id = arvif->vdev_id,
247 		.key_idx = key->keyidx,
248 		.key_len = key->keylen,
249 		.key_data = key->key,
250 		.key_flags = flags,
251 		.macaddr = macaddr,
252 	};
253 
254 	lockdep_assert_held(&arvif->ar->conf_mutex);
255 
256 	switch (key->cipher) {
257 	case WLAN_CIPHER_SUITE_CCMP:
258 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
259 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
260 		break;
261 	case WLAN_CIPHER_SUITE_TKIP:
262 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
263 		arg.key_txmic_len = 8;
264 		arg.key_rxmic_len = 8;
265 		break;
266 	case WLAN_CIPHER_SUITE_WEP40:
267 	case WLAN_CIPHER_SUITE_WEP104:
268 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
269 		break;
270 	case WLAN_CIPHER_SUITE_CCMP_256:
271 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
272 		break;
273 	case WLAN_CIPHER_SUITE_GCMP:
274 	case WLAN_CIPHER_SUITE_GCMP_256:
275 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
276 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
277 		break;
278 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
279 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
280 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
281 	case WLAN_CIPHER_SUITE_AES_CMAC:
282 		WARN_ON(1);
283 		return -EINVAL;
284 	default:
285 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
286 		return -EOPNOTSUPP;
287 	}
288 
289 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
290 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
291 
292 	if (cmd == DISABLE_KEY) {
293 		if (flags & WMI_KEY_GROUP) {
294 			/* Not all hardware handles group-key deletion operation
295 			 * correctly. Replace the key with a junk value to invalidate it.
296 			 */
297 			get_random_bytes(key->key, key->keylen);
298 		} else {
299 			arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
300 			arg.key_data = NULL;
301 		}
302 	}
303 
304 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
305 }
306 
307 static int ath10k_install_key(struct ath10k_vif *arvif,
308 			      struct ieee80211_key_conf *key,
309 			      enum set_key_cmd cmd,
310 			      const u8 *macaddr, u32 flags)
311 {
312 	struct ath10k *ar = arvif->ar;
313 	int ret;
314 	unsigned long time_left;
315 
316 	lockdep_assert_held(&ar->conf_mutex);
317 
318 	reinit_completion(&ar->install_key_done);
319 
320 	if (arvif->nohwcrypt)
321 		return 1;
322 
323 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
324 	if (ret)
325 		return ret;
326 
327 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
328 	if (time_left == 0)
329 		return -ETIMEDOUT;
330 
331 	return 0;
332 }
333 
334 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
335 					const u8 *addr)
336 {
337 	struct ath10k *ar = arvif->ar;
338 	struct ath10k_peer *peer;
339 	int ret;
340 	int i;
341 	u32 flags;
342 
343 	lockdep_assert_held(&ar->conf_mutex);
344 
345 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
346 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
347 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
348 		return -EINVAL;
349 
350 	spin_lock_bh(&ar->data_lock);
351 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
352 	spin_unlock_bh(&ar->data_lock);
353 
354 	if (!peer)
355 		return -ENOENT;
356 
357 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
358 		if (arvif->wep_keys[i] == NULL)
359 			continue;
360 
361 		switch (arvif->vif->type) {
362 		case NL80211_IFTYPE_AP:
363 			flags = WMI_KEY_PAIRWISE;
364 
365 			if (arvif->def_wep_key_idx == i)
366 				flags |= WMI_KEY_TX_USAGE;
367 
368 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
369 						 SET_KEY, addr, flags);
370 			if (ret < 0)
371 				return ret;
372 			break;
373 		case NL80211_IFTYPE_ADHOC:
374 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
375 						 SET_KEY, addr,
376 						 WMI_KEY_PAIRWISE);
377 			if (ret < 0)
378 				return ret;
379 
380 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
381 						 SET_KEY, addr, WMI_KEY_GROUP);
382 			if (ret < 0)
383 				return ret;
384 			break;
385 		default:
386 			WARN_ON(1);
387 			return -EINVAL;
388 		}
389 
390 		spin_lock_bh(&ar->data_lock);
391 		peer->keys[i] = arvif->wep_keys[i];
392 		spin_unlock_bh(&ar->data_lock);
393 	}
394 
395 	/* In some cases (notably with static WEP IBSS with multiple keys)
396 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
397 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
398 	 * didn't seem help. Using def_keyid vdev parameter seems to be
399 	 * effective so use that.
400 	 *
401 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
402 	 */
403 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
404 		return 0;
405 
406 	if (arvif->def_wep_key_idx == -1)
407 		return 0;
408 
409 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
410 					arvif->vdev_id,
411 					arvif->ar->wmi.vdev_param->def_keyid,
412 					arvif->def_wep_key_idx);
413 	if (ret) {
414 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
415 			    arvif->vdev_id, ret);
416 		return ret;
417 	}
418 
419 	return 0;
420 }
421 
422 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
423 				  const u8 *addr)
424 {
425 	struct ath10k *ar = arvif->ar;
426 	struct ath10k_peer *peer;
427 	int first_errno = 0;
428 	int ret;
429 	int i;
430 	u32 flags = 0;
431 
432 	lockdep_assert_held(&ar->conf_mutex);
433 
434 	spin_lock_bh(&ar->data_lock);
435 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
436 	spin_unlock_bh(&ar->data_lock);
437 
438 	if (!peer)
439 		return -ENOENT;
440 
441 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
442 		if (peer->keys[i] == NULL)
443 			continue;
444 
445 		/* key flags are not required to delete the key */
446 		ret = ath10k_install_key(arvif, peer->keys[i],
447 					 DISABLE_KEY, addr, flags);
448 		if (ret < 0 && first_errno == 0)
449 			first_errno = ret;
450 
451 		if (ret < 0)
452 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
453 				    i, ret);
454 
455 		spin_lock_bh(&ar->data_lock);
456 		peer->keys[i] = NULL;
457 		spin_unlock_bh(&ar->data_lock);
458 	}
459 
460 	return first_errno;
461 }
462 
463 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
464 				    u8 keyidx)
465 {
466 	struct ath10k_peer *peer;
467 	int i;
468 
469 	lockdep_assert_held(&ar->data_lock);
470 
471 	/* We don't know which vdev this peer belongs to,
472 	 * since WMI doesn't give us that information.
473 	 *
474 	 * FIXME: multi-bss needs to be handled.
475 	 */
476 	peer = ath10k_peer_find(ar, 0, addr);
477 	if (!peer)
478 		return false;
479 
480 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
481 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
482 			return true;
483 	}
484 
485 	return false;
486 }
487 
488 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
489 				 struct ieee80211_key_conf *key)
490 {
491 	struct ath10k *ar = arvif->ar;
492 	struct ath10k_peer *peer;
493 	u8 addr[ETH_ALEN];
494 	int first_errno = 0;
495 	int ret;
496 	int i;
497 	u32 flags = 0;
498 
499 	lockdep_assert_held(&ar->conf_mutex);
500 
501 	for (;;) {
502 		/* since ath10k_install_key we can't hold data_lock all the
503 		 * time, so we try to remove the keys incrementally
504 		 */
505 		spin_lock_bh(&ar->data_lock);
506 		i = 0;
507 		list_for_each_entry(peer, &ar->peers, list) {
508 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
509 				if (peer->keys[i] == key) {
510 					ether_addr_copy(addr, peer->addr);
511 					peer->keys[i] = NULL;
512 					break;
513 				}
514 			}
515 
516 			if (i < ARRAY_SIZE(peer->keys))
517 				break;
518 		}
519 		spin_unlock_bh(&ar->data_lock);
520 
521 		if (i == ARRAY_SIZE(peer->keys))
522 			break;
523 		/* key flags are not required to delete the key */
524 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
525 		if (ret < 0 && first_errno == 0)
526 			first_errno = ret;
527 
528 		if (ret)
529 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
530 				    addr, ret);
531 	}
532 
533 	return first_errno;
534 }
535 
536 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
537 					 struct ieee80211_key_conf *key)
538 {
539 	struct ath10k *ar = arvif->ar;
540 	struct ath10k_peer *peer;
541 	int ret;
542 
543 	lockdep_assert_held(&ar->conf_mutex);
544 
545 	list_for_each_entry(peer, &ar->peers, list) {
546 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
547 			continue;
548 
549 		if (ether_addr_equal(peer->addr, arvif->bssid))
550 			continue;
551 
552 		if (peer->keys[key->keyidx] == key)
553 			continue;
554 
555 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
556 			   arvif->vdev_id, key->keyidx);
557 
558 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
559 		if (ret) {
560 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
561 				    arvif->vdev_id, peer->addr, ret);
562 			return ret;
563 		}
564 	}
565 
566 	return 0;
567 }
568 
569 /*********************/
570 /* General utilities */
571 /*********************/
572 
573 static inline enum wmi_phy_mode
574 chan_to_phymode(const struct cfg80211_chan_def *chandef)
575 {
576 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
577 
578 	switch (chandef->chan->band) {
579 	case NL80211_BAND_2GHZ:
580 		switch (chandef->width) {
581 		case NL80211_CHAN_WIDTH_20_NOHT:
582 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
583 				phymode = MODE_11B;
584 			else
585 				phymode = MODE_11G;
586 			break;
587 		case NL80211_CHAN_WIDTH_20:
588 			phymode = MODE_11NG_HT20;
589 			break;
590 		case NL80211_CHAN_WIDTH_40:
591 			phymode = MODE_11NG_HT40;
592 			break;
593 		default:
594 			phymode = MODE_UNKNOWN;
595 			break;
596 		}
597 		break;
598 	case NL80211_BAND_5GHZ:
599 		switch (chandef->width) {
600 		case NL80211_CHAN_WIDTH_20_NOHT:
601 			phymode = MODE_11A;
602 			break;
603 		case NL80211_CHAN_WIDTH_20:
604 			phymode = MODE_11NA_HT20;
605 			break;
606 		case NL80211_CHAN_WIDTH_40:
607 			phymode = MODE_11NA_HT40;
608 			break;
609 		case NL80211_CHAN_WIDTH_80:
610 			phymode = MODE_11AC_VHT80;
611 			break;
612 		case NL80211_CHAN_WIDTH_160:
613 			phymode = MODE_11AC_VHT160;
614 			break;
615 		case NL80211_CHAN_WIDTH_80P80:
616 			phymode = MODE_11AC_VHT80_80;
617 			break;
618 		default:
619 			phymode = MODE_UNKNOWN;
620 			break;
621 		}
622 		break;
623 	default:
624 		break;
625 	}
626 
627 	WARN_ON(phymode == MODE_UNKNOWN);
628 	return phymode;
629 }
630 
631 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
632 {
633 /*
634  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
635  *   0 for no restriction
636  *   1 for 1/4 us
637  *   2 for 1/2 us
638  *   3 for 1 us
639  *   4 for 2 us
640  *   5 for 4 us
641  *   6 for 8 us
642  *   7 for 16 us
643  */
644 	switch (mpdudensity) {
645 	case 0:
646 		return 0;
647 	case 1:
648 	case 2:
649 	case 3:
650 	/* Our lower layer calculations limit our precision to
651 	 * 1 microsecond
652 	 */
653 		return 1;
654 	case 4:
655 		return 2;
656 	case 5:
657 		return 4;
658 	case 6:
659 		return 8;
660 	case 7:
661 		return 16;
662 	default:
663 		return 0;
664 	}
665 }
666 
667 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
668 			struct cfg80211_chan_def *def)
669 {
670 	struct ieee80211_chanctx_conf *conf;
671 
672 	rcu_read_lock();
673 	conf = rcu_dereference(vif->bss_conf.chanctx_conf);
674 	if (!conf) {
675 		rcu_read_unlock();
676 		return -ENOENT;
677 	}
678 
679 	*def = conf->def;
680 	rcu_read_unlock();
681 
682 	return 0;
683 }
684 
685 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
686 					 struct ieee80211_chanctx_conf *conf,
687 					 void *data)
688 {
689 	int *num = data;
690 
691 	(*num)++;
692 }
693 
694 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
695 {
696 	int num = 0;
697 
698 	ieee80211_iter_chan_contexts_atomic(ar->hw,
699 					    ath10k_mac_num_chanctxs_iter,
700 					    &num);
701 
702 	return num;
703 }
704 
705 static void
706 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
707 				struct ieee80211_chanctx_conf *conf,
708 				void *data)
709 {
710 	struct cfg80211_chan_def **def = data;
711 
712 	*def = &conf->def;
713 }
714 
715 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
716 					     const u8 *addr)
717 {
718 	unsigned long time_left;
719 	int ret;
720 
721 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
722 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
723 		if (ret) {
724 			ath10k_warn(ar, "failed wait for peer deleted");
725 			return;
726 		}
727 
728 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
729 							5 * HZ);
730 		if (!time_left)
731 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
732 	}
733 }
734 
735 static int ath10k_peer_create(struct ath10k *ar,
736 			      struct ieee80211_vif *vif,
737 			      struct ieee80211_sta *sta,
738 			      u32 vdev_id,
739 			      const u8 *addr,
740 			      enum wmi_peer_type peer_type)
741 {
742 	struct ath10k_peer *peer;
743 	int ret;
744 
745 	lockdep_assert_held(&ar->conf_mutex);
746 
747 	/* Each vdev consumes a peer entry as well. */
748 	if (ar->num_peers + list_count_nodes(&ar->arvifs) >= ar->max_num_peers)
749 		return -ENOBUFS;
750 
751 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
752 	if (ret) {
753 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
754 			    addr, vdev_id, ret);
755 		return ret;
756 	}
757 
758 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
759 	if (ret) {
760 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
761 			    addr, vdev_id, ret);
762 		return ret;
763 	}
764 
765 	spin_lock_bh(&ar->data_lock);
766 
767 	peer = ath10k_peer_find(ar, vdev_id, addr);
768 	if (!peer) {
769 		spin_unlock_bh(&ar->data_lock);
770 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
771 			    addr, vdev_id);
772 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
773 		return -ENOENT;
774 	}
775 
776 	peer->vif = vif;
777 	peer->sta = sta;
778 
779 	spin_unlock_bh(&ar->data_lock);
780 
781 	ar->num_peers++;
782 
783 	return 0;
784 }
785 
786 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
787 {
788 	struct ath10k *ar = arvif->ar;
789 	u32 param;
790 	int ret;
791 
792 	param = ar->wmi.pdev_param->sta_kickout_th;
793 	ret = ath10k_wmi_pdev_set_param(ar, param,
794 					ATH10K_KICKOUT_THRESHOLD);
795 	if (ret) {
796 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
797 			    arvif->vdev_id, ret);
798 		return ret;
799 	}
800 
801 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
802 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
803 					ATH10K_KEEPALIVE_MIN_IDLE);
804 	if (ret) {
805 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
806 			    arvif->vdev_id, ret);
807 		return ret;
808 	}
809 
810 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
811 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
812 					ATH10K_KEEPALIVE_MAX_IDLE);
813 	if (ret) {
814 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
815 			    arvif->vdev_id, ret);
816 		return ret;
817 	}
818 
819 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
820 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
821 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
822 	if (ret) {
823 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
824 			    arvif->vdev_id, ret);
825 		return ret;
826 	}
827 
828 	return 0;
829 }
830 
831 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
832 {
833 	struct ath10k *ar = arvif->ar;
834 	u32 vdev_param;
835 
836 	vdev_param = ar->wmi.vdev_param->rts_threshold;
837 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
838 }
839 
840 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
841 {
842 	int ret;
843 
844 	lockdep_assert_held(&ar->conf_mutex);
845 
846 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
847 	if (ret)
848 		return ret;
849 
850 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
851 	if (ret)
852 		return ret;
853 
854 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
855 		unsigned long time_left;
856 
857 		time_left = wait_for_completion_timeout
858 			    (&ar->peer_delete_done, 5 * HZ);
859 
860 		if (!time_left) {
861 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
862 			return -ETIMEDOUT;
863 		}
864 	}
865 
866 	ar->num_peers--;
867 
868 	return 0;
869 }
870 
871 static void ath10k_peer_map_cleanup(struct ath10k *ar, struct ath10k_peer *peer)
872 {
873 	int peer_id, i;
874 
875 	lockdep_assert_held(&ar->conf_mutex);
876 
877 	for_each_set_bit(peer_id, peer->peer_ids,
878 			 ATH10K_MAX_NUM_PEER_IDS) {
879 		ar->peer_map[peer_id] = NULL;
880 	}
881 
882 	/* Double check that peer is properly un-referenced from
883 	 * the peer_map
884 	 */
885 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
886 		if (ar->peer_map[i] == peer) {
887 			ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %p idx %d)\n",
888 				    peer->addr, peer, i);
889 			ar->peer_map[i] = NULL;
890 		}
891 	}
892 
893 	list_del(&peer->list);
894 	kfree(peer);
895 	ar->num_peers--;
896 }
897 
898 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
899 {
900 	struct ath10k_peer *peer, *tmp;
901 
902 	lockdep_assert_held(&ar->conf_mutex);
903 
904 	spin_lock_bh(&ar->data_lock);
905 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
906 		if (peer->vdev_id != vdev_id)
907 			continue;
908 
909 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
910 			    peer->addr, vdev_id);
911 
912 		ath10k_peer_map_cleanup(ar, peer);
913 	}
914 	spin_unlock_bh(&ar->data_lock);
915 }
916 
917 static void ath10k_peer_cleanup_all(struct ath10k *ar)
918 {
919 	struct ath10k_peer *peer, *tmp;
920 	int i;
921 
922 	lockdep_assert_held(&ar->conf_mutex);
923 
924 	spin_lock_bh(&ar->data_lock);
925 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
926 		list_del(&peer->list);
927 		kfree(peer);
928 	}
929 
930 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
931 		ar->peer_map[i] = NULL;
932 
933 	spin_unlock_bh(&ar->data_lock);
934 
935 	ar->num_peers = 0;
936 	ar->num_stations = 0;
937 }
938 
939 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
940 				       struct ieee80211_sta *sta,
941 				       enum wmi_tdls_peer_state state)
942 {
943 	int ret;
944 	struct wmi_tdls_peer_update_cmd_arg arg = {};
945 	struct wmi_tdls_peer_capab_arg cap = {};
946 	struct wmi_channel_arg chan_arg = {};
947 
948 	lockdep_assert_held(&ar->conf_mutex);
949 
950 	arg.vdev_id = vdev_id;
951 	arg.peer_state = state;
952 	ether_addr_copy(arg.addr, sta->addr);
953 
954 	cap.peer_max_sp = sta->max_sp;
955 	cap.peer_uapsd_queues = sta->uapsd_queues;
956 
957 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
958 	    !sta->tdls_initiator)
959 		cap.is_peer_responder = 1;
960 
961 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
962 	if (ret) {
963 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
964 			    arg.addr, vdev_id, ret);
965 		return ret;
966 	}
967 
968 	return 0;
969 }
970 
971 /************************/
972 /* Interface management */
973 /************************/
974 
975 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
976 {
977 	struct ath10k *ar = arvif->ar;
978 
979 	lockdep_assert_held(&ar->data_lock);
980 
981 	if (!arvif->beacon)
982 		return;
983 
984 	if (!arvif->beacon_buf)
985 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
986 				 arvif->beacon->len, DMA_TO_DEVICE);
987 
988 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
989 		    arvif->beacon_state != ATH10K_BEACON_SENT))
990 		return;
991 
992 	dev_kfree_skb_any(arvif->beacon);
993 
994 	arvif->beacon = NULL;
995 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
996 }
997 
998 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
999 {
1000 	struct ath10k *ar = arvif->ar;
1001 
1002 	lockdep_assert_held(&ar->data_lock);
1003 
1004 	ath10k_mac_vif_beacon_free(arvif);
1005 
1006 	if (arvif->beacon_buf) {
1007 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
1008 			kfree(arvif->beacon_buf);
1009 		else
1010 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
1011 					  arvif->beacon_buf,
1012 					  arvif->beacon_paddr);
1013 		arvif->beacon_buf = NULL;
1014 	}
1015 }
1016 
1017 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
1018 {
1019 	unsigned long time_left;
1020 
1021 	lockdep_assert_held(&ar->conf_mutex);
1022 
1023 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1024 		return -ESHUTDOWN;
1025 
1026 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1027 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1028 	if (time_left == 0)
1029 		return -ETIMEDOUT;
1030 
1031 	return ar->last_wmi_vdev_start_status;
1032 }
1033 
1034 static inline int ath10k_vdev_delete_sync(struct ath10k *ar)
1035 {
1036 	unsigned long time_left;
1037 
1038 	lockdep_assert_held(&ar->conf_mutex);
1039 
1040 	if (!test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map))
1041 		return 0;
1042 
1043 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1044 		return -ESHUTDOWN;
1045 
1046 	time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
1047 						ATH10K_VDEV_DELETE_TIMEOUT_HZ);
1048 	if (time_left == 0)
1049 		return -ETIMEDOUT;
1050 
1051 	return 0;
1052 }
1053 
1054 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1055 {
1056 	struct cfg80211_chan_def *chandef = NULL;
1057 	struct ieee80211_channel *channel = NULL;
1058 	struct wmi_vdev_start_request_arg arg = {};
1059 	int ret = 0;
1060 
1061 	lockdep_assert_held(&ar->conf_mutex);
1062 
1063 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1064 					    ath10k_mac_get_any_chandef_iter,
1065 					    &chandef);
1066 	if (WARN_ON_ONCE(!chandef))
1067 		return -ENOENT;
1068 
1069 	channel = chandef->chan;
1070 
1071 	arg.vdev_id = vdev_id;
1072 	arg.channel.freq = channel->center_freq;
1073 	arg.channel.band_center_freq1 = chandef->center_freq1;
1074 	arg.channel.band_center_freq2 = chandef->center_freq2;
1075 
1076 	/* TODO setup this dynamically, what in case we
1077 	 * don't have any vifs?
1078 	 */
1079 	arg.channel.mode = chan_to_phymode(chandef);
1080 	arg.channel.chan_radar =
1081 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1082 
1083 	arg.channel.min_power = 0;
1084 	arg.channel.max_power = channel->max_power * 2;
1085 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1086 	arg.channel.max_antenna_gain = channel->max_antenna_gain;
1087 
1088 	reinit_completion(&ar->vdev_setup_done);
1089 	reinit_completion(&ar->vdev_delete_done);
1090 
1091 	ret = ath10k_wmi_vdev_start(ar, &arg);
1092 	if (ret) {
1093 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1094 			    vdev_id, ret);
1095 		return ret;
1096 	}
1097 
1098 	ret = ath10k_vdev_setup_sync(ar);
1099 	if (ret) {
1100 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1101 			    vdev_id, ret);
1102 		return ret;
1103 	}
1104 
1105 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1106 	if (ret) {
1107 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1108 			    vdev_id, ret);
1109 		goto vdev_stop;
1110 	}
1111 
1112 	ar->monitor_vdev_id = vdev_id;
1113 
1114 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1115 		   ar->monitor_vdev_id);
1116 	return 0;
1117 
1118 vdev_stop:
1119 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1120 	if (ret)
1121 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1122 			    ar->monitor_vdev_id, ret);
1123 
1124 	return ret;
1125 }
1126 
1127 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1128 {
1129 	int ret = 0;
1130 
1131 	lockdep_assert_held(&ar->conf_mutex);
1132 
1133 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1134 	if (ret)
1135 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1136 			    ar->monitor_vdev_id, ret);
1137 
1138 	reinit_completion(&ar->vdev_setup_done);
1139 	reinit_completion(&ar->vdev_delete_done);
1140 
1141 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1142 	if (ret)
1143 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1144 			    ar->monitor_vdev_id, ret);
1145 
1146 	ret = ath10k_vdev_setup_sync(ar);
1147 	if (ret)
1148 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1149 			    ar->monitor_vdev_id, ret);
1150 
1151 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1152 		   ar->monitor_vdev_id);
1153 	return ret;
1154 }
1155 
1156 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1157 {
1158 	int bit, ret = 0;
1159 
1160 	lockdep_assert_held(&ar->conf_mutex);
1161 
1162 	if (ar->free_vdev_map == 0) {
1163 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1164 		return -ENOMEM;
1165 	}
1166 
1167 	bit = __ffs64(ar->free_vdev_map);
1168 
1169 	ar->monitor_vdev_id = bit;
1170 
1171 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1172 				     WMI_VDEV_TYPE_MONITOR,
1173 				     0, ar->mac_addr);
1174 	if (ret) {
1175 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1176 			    ar->monitor_vdev_id, ret);
1177 		return ret;
1178 	}
1179 
1180 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1181 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1182 		   ar->monitor_vdev_id);
1183 
1184 	return 0;
1185 }
1186 
1187 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1188 {
1189 	int ret = 0;
1190 
1191 	lockdep_assert_held(&ar->conf_mutex);
1192 
1193 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1194 	if (ret) {
1195 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1196 			    ar->monitor_vdev_id, ret);
1197 		return ret;
1198 	}
1199 
1200 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1201 
1202 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1203 		   ar->monitor_vdev_id);
1204 	return ret;
1205 }
1206 
1207 static int ath10k_monitor_start(struct ath10k *ar)
1208 {
1209 	int ret;
1210 
1211 	lockdep_assert_held(&ar->conf_mutex);
1212 
1213 	ret = ath10k_monitor_vdev_create(ar);
1214 	if (ret) {
1215 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1216 		return ret;
1217 	}
1218 
1219 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1220 	if (ret) {
1221 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1222 		ath10k_monitor_vdev_delete(ar);
1223 		return ret;
1224 	}
1225 
1226 	ar->monitor_started = true;
1227 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1228 
1229 	return 0;
1230 }
1231 
1232 static int ath10k_monitor_stop(struct ath10k *ar)
1233 {
1234 	int ret;
1235 
1236 	lockdep_assert_held(&ar->conf_mutex);
1237 
1238 	ret = ath10k_monitor_vdev_stop(ar);
1239 	if (ret) {
1240 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1241 		return ret;
1242 	}
1243 
1244 	ret = ath10k_monitor_vdev_delete(ar);
1245 	if (ret) {
1246 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1247 		return ret;
1248 	}
1249 
1250 	ar->monitor_started = false;
1251 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1252 
1253 	return 0;
1254 }
1255 
1256 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1257 {
1258 	int num_ctx;
1259 
1260 	/* At least one chanctx is required to derive a channel to start
1261 	 * monitor vdev on.
1262 	 */
1263 	num_ctx = ath10k_mac_num_chanctxs(ar);
1264 	if (num_ctx == 0)
1265 		return false;
1266 
1267 	/* If there's already an existing special monitor interface then don't
1268 	 * bother creating another monitor vdev.
1269 	 */
1270 	if (ar->monitor_arvif)
1271 		return false;
1272 
1273 	return ar->monitor ||
1274 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1275 			  ar->running_fw->fw_file.fw_features) &&
1276 		(ar->filter_flags & (FIF_OTHER_BSS | FIF_MCAST_ACTION))) ||
1277 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1278 }
1279 
1280 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1281 {
1282 	int num_ctx;
1283 
1284 	num_ctx = ath10k_mac_num_chanctxs(ar);
1285 
1286 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1287 	 * shouldn't allow this but make sure to prevent handling the following
1288 	 * case anyway since multi-channel DFS hasn't been tested at all.
1289 	 */
1290 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1291 		return false;
1292 
1293 	return true;
1294 }
1295 
1296 static int ath10k_monitor_recalc(struct ath10k *ar)
1297 {
1298 	bool needed;
1299 	bool allowed;
1300 	int ret;
1301 
1302 	lockdep_assert_held(&ar->conf_mutex);
1303 
1304 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1305 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1306 
1307 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1308 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1309 		   ar->monitor_started, needed, allowed);
1310 
1311 	if (WARN_ON(needed && !allowed)) {
1312 		if (ar->monitor_started) {
1313 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1314 
1315 			ret = ath10k_monitor_stop(ar);
1316 			if (ret)
1317 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1318 					    ret);
1319 				/* not serious */
1320 		}
1321 
1322 		return -EPERM;
1323 	}
1324 
1325 	if (needed == ar->monitor_started)
1326 		return 0;
1327 
1328 	if (needed)
1329 		return ath10k_monitor_start(ar);
1330 	else
1331 		return ath10k_monitor_stop(ar);
1332 }
1333 
1334 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1335 {
1336 	struct ath10k *ar = arvif->ar;
1337 
1338 	lockdep_assert_held(&ar->conf_mutex);
1339 
1340 	if (!arvif->is_started) {
1341 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1342 		return false;
1343 	}
1344 
1345 	return true;
1346 }
1347 
1348 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1349 {
1350 	struct ath10k *ar = arvif->ar;
1351 	u32 vdev_param;
1352 
1353 	lockdep_assert_held(&ar->conf_mutex);
1354 
1355 	vdev_param = ar->wmi.vdev_param->protection_mode;
1356 
1357 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1358 		   arvif->vdev_id, arvif->use_cts_prot);
1359 
1360 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1361 					 arvif->use_cts_prot ? 1 : 0);
1362 }
1363 
1364 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1365 {
1366 	struct ath10k *ar = arvif->ar;
1367 	u32 vdev_param, rts_cts = 0;
1368 
1369 	lockdep_assert_held(&ar->conf_mutex);
1370 
1371 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1372 
1373 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1374 
1375 	if (arvif->num_legacy_stations > 0)
1376 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1377 			      WMI_RTSCTS_PROFILE);
1378 	else
1379 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1380 			      WMI_RTSCTS_PROFILE);
1381 
1382 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1383 		   arvif->vdev_id, rts_cts);
1384 
1385 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1386 					 rts_cts);
1387 }
1388 
1389 static int ath10k_start_cac(struct ath10k *ar)
1390 {
1391 	int ret;
1392 
1393 	lockdep_assert_held(&ar->conf_mutex);
1394 
1395 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1396 
1397 	ret = ath10k_monitor_recalc(ar);
1398 	if (ret) {
1399 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1400 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1401 		return ret;
1402 	}
1403 
1404 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1405 		   ar->monitor_vdev_id);
1406 
1407 	return 0;
1408 }
1409 
1410 static int ath10k_stop_cac(struct ath10k *ar)
1411 {
1412 	lockdep_assert_held(&ar->conf_mutex);
1413 
1414 	/* CAC is not running - do nothing */
1415 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1416 		return 0;
1417 
1418 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1419 	ath10k_monitor_stop(ar);
1420 
1421 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1422 
1423 	return 0;
1424 }
1425 
1426 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1427 				      struct ieee80211_chanctx_conf *conf,
1428 				      void *data)
1429 {
1430 	bool *ret = data;
1431 
1432 	if (!*ret && conf->radar_enabled)
1433 		*ret = true;
1434 }
1435 
1436 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1437 {
1438 	bool has_radar = false;
1439 
1440 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1441 					    ath10k_mac_has_radar_iter,
1442 					    &has_radar);
1443 
1444 	return has_radar;
1445 }
1446 
1447 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1448 {
1449 	int ret;
1450 
1451 	lockdep_assert_held(&ar->conf_mutex);
1452 
1453 	ath10k_stop_cac(ar);
1454 
1455 	if (!ath10k_mac_has_radar_enabled(ar))
1456 		return;
1457 
1458 	if (ar->num_started_vdevs > 0)
1459 		return;
1460 
1461 	ret = ath10k_start_cac(ar);
1462 	if (ret) {
1463 		/*
1464 		 * Not possible to start CAC on current channel so starting
1465 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1466 		 * by indicating that radar was detected.
1467 		 */
1468 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1469 		ieee80211_radar_detected(ar->hw, NULL);
1470 	}
1471 }
1472 
1473 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1474 {
1475 	struct ath10k *ar = arvif->ar;
1476 	int ret;
1477 
1478 	lockdep_assert_held(&ar->conf_mutex);
1479 
1480 	reinit_completion(&ar->vdev_setup_done);
1481 	reinit_completion(&ar->vdev_delete_done);
1482 
1483 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1484 	if (ret) {
1485 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1486 			    arvif->vdev_id, ret);
1487 		return ret;
1488 	}
1489 
1490 	ret = ath10k_vdev_setup_sync(ar);
1491 	if (ret) {
1492 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1493 			    arvif->vdev_id, ret);
1494 		return ret;
1495 	}
1496 
1497 	WARN_ON(ar->num_started_vdevs == 0);
1498 
1499 	if (ar->num_started_vdevs != 0) {
1500 		ar->num_started_vdevs--;
1501 		ath10k_recalc_radar_detection(ar);
1502 	}
1503 
1504 	return ret;
1505 }
1506 
1507 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1508 				     const struct cfg80211_chan_def *chandef,
1509 				     bool restart)
1510 {
1511 	struct ath10k *ar = arvif->ar;
1512 	struct wmi_vdev_start_request_arg arg = {};
1513 	int ret = 0;
1514 
1515 	lockdep_assert_held(&ar->conf_mutex);
1516 
1517 	reinit_completion(&ar->vdev_setup_done);
1518 	reinit_completion(&ar->vdev_delete_done);
1519 
1520 	arg.vdev_id = arvif->vdev_id;
1521 	arg.dtim_period = arvif->dtim_period;
1522 	arg.bcn_intval = arvif->beacon_interval;
1523 
1524 	arg.channel.freq = chandef->chan->center_freq;
1525 	arg.channel.band_center_freq1 = chandef->center_freq1;
1526 	arg.channel.band_center_freq2 = chandef->center_freq2;
1527 	arg.channel.mode = chan_to_phymode(chandef);
1528 
1529 	arg.channel.min_power = 0;
1530 	arg.channel.max_power = chandef->chan->max_power * 2;
1531 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1532 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
1533 
1534 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1535 		arg.ssid = arvif->u.ap.ssid;
1536 		arg.ssid_len = arvif->u.ap.ssid_len;
1537 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1538 
1539 		/* For now allow DFS for AP mode */
1540 		arg.channel.chan_radar =
1541 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1542 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1543 		arg.ssid = arvif->vif->cfg.ssid;
1544 		arg.ssid_len = arvif->vif->cfg.ssid_len;
1545 	}
1546 
1547 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1548 		   "mac vdev %d start center_freq %d phymode %s\n",
1549 		   arg.vdev_id, arg.channel.freq,
1550 		   ath10k_wmi_phymode_str(arg.channel.mode));
1551 
1552 	if (restart)
1553 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1554 	else
1555 		ret = ath10k_wmi_vdev_start(ar, &arg);
1556 
1557 	if (ret) {
1558 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1559 			    arg.vdev_id, ret);
1560 		return ret;
1561 	}
1562 
1563 	ret = ath10k_vdev_setup_sync(ar);
1564 	if (ret) {
1565 		ath10k_warn(ar,
1566 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1567 			    arg.vdev_id, restart, ret);
1568 		return ret;
1569 	}
1570 
1571 	ar->num_started_vdevs++;
1572 	ath10k_recalc_radar_detection(ar);
1573 
1574 	return ret;
1575 }
1576 
1577 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1578 			     const struct cfg80211_chan_def *def)
1579 {
1580 	return ath10k_vdev_start_restart(arvif, def, false);
1581 }
1582 
1583 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1584 			       const struct cfg80211_chan_def *def)
1585 {
1586 	return ath10k_vdev_start_restart(arvif, def, true);
1587 }
1588 
1589 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1590 				       struct sk_buff *bcn)
1591 {
1592 	struct ath10k *ar = arvif->ar;
1593 	struct ieee80211_mgmt *mgmt;
1594 	const u8 *p2p_ie;
1595 	int ret;
1596 
1597 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1598 		return 0;
1599 
1600 	mgmt = (void *)bcn->data;
1601 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1602 					 mgmt->u.beacon.variable,
1603 					 bcn->len - (mgmt->u.beacon.variable -
1604 						     bcn->data));
1605 	if (!p2p_ie)
1606 		return -ENOENT;
1607 
1608 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1609 	if (ret) {
1610 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1611 			    arvif->vdev_id, ret);
1612 		return ret;
1613 	}
1614 
1615 	return 0;
1616 }
1617 
1618 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1619 				       u8 oui_type, size_t ie_offset)
1620 {
1621 	size_t len;
1622 	const u8 *next;
1623 	const u8 *end;
1624 	u8 *ie;
1625 
1626 	if (WARN_ON(skb->len < ie_offset))
1627 		return -EINVAL;
1628 
1629 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1630 					   skb->data + ie_offset,
1631 					   skb->len - ie_offset);
1632 	if (!ie)
1633 		return -ENOENT;
1634 
1635 	len = ie[1] + 2;
1636 	end = skb->data + skb->len;
1637 	next = ie + len;
1638 
1639 	if (WARN_ON(next > end))
1640 		return -EINVAL;
1641 
1642 	memmove(ie, next, end - next);
1643 	skb_trim(skb, skb->len - len);
1644 
1645 	return 0;
1646 }
1647 
1648 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1649 {
1650 	struct ath10k *ar = arvif->ar;
1651 	struct ieee80211_hw *hw = ar->hw;
1652 	struct ieee80211_vif *vif = arvif->vif;
1653 	struct ieee80211_mutable_offsets offs = {};
1654 	struct sk_buff *bcn;
1655 	int ret;
1656 
1657 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1658 		return 0;
1659 
1660 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1661 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1662 		return 0;
1663 
1664 	bcn = ieee80211_beacon_get_template(hw, vif, &offs, 0);
1665 	if (!bcn) {
1666 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1667 		return -EPERM;
1668 	}
1669 
1670 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1671 	if (ret) {
1672 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1673 		kfree_skb(bcn);
1674 		return ret;
1675 	}
1676 
1677 	/* P2P IE is inserted by firmware automatically (as configured above)
1678 	 * so remove it from the base beacon template to avoid duplicate P2P
1679 	 * IEs in beacon frames.
1680 	 */
1681 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1682 				    offsetof(struct ieee80211_mgmt,
1683 					     u.beacon.variable));
1684 
1685 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1686 				  0, NULL, 0);
1687 	kfree_skb(bcn);
1688 
1689 	if (ret) {
1690 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1691 			    ret);
1692 		return ret;
1693 	}
1694 
1695 	return 0;
1696 }
1697 
1698 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1699 {
1700 	struct ath10k *ar = arvif->ar;
1701 	struct ieee80211_hw *hw = ar->hw;
1702 	struct ieee80211_vif *vif = arvif->vif;
1703 	struct sk_buff *prb;
1704 	int ret;
1705 
1706 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1707 		return 0;
1708 
1709 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1710 		return 0;
1711 
1712 	 /* For mesh, probe response and beacon share the same template */
1713 	if (ieee80211_vif_is_mesh(vif))
1714 		return 0;
1715 
1716 	prb = ieee80211_proberesp_get(hw, vif);
1717 	if (!prb) {
1718 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1719 		return -EPERM;
1720 	}
1721 
1722 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1723 	kfree_skb(prb);
1724 
1725 	if (ret) {
1726 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1727 			    ret);
1728 		return ret;
1729 	}
1730 
1731 	return 0;
1732 }
1733 
1734 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1735 {
1736 	struct ath10k *ar = arvif->ar;
1737 	struct cfg80211_chan_def def;
1738 	int ret;
1739 
1740 	/* When originally vdev is started during assign_vif_chanctx() some
1741 	 * information is missing, notably SSID. Firmware revisions with beacon
1742 	 * offloading require the SSID to be provided during vdev (re)start to
1743 	 * handle hidden SSID properly.
1744 	 *
1745 	 * Vdev restart must be done after vdev has been both started and
1746 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1747 	 * deliver vdev restart response event causing timeouts during vdev
1748 	 * syncing in ath10k.
1749 	 *
1750 	 * Note: The vdev down/up and template reinstallation could be skipped
1751 	 * since only wmi-tlv firmware are known to have beacon offload and
1752 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1753 	 * response delivery. It's probably more robust to keep it as is.
1754 	 */
1755 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1756 		return 0;
1757 
1758 	if (WARN_ON(!arvif->is_started))
1759 		return -EINVAL;
1760 
1761 	if (WARN_ON(!arvif->is_up))
1762 		return -EINVAL;
1763 
1764 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1765 		return -EINVAL;
1766 
1767 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1768 	if (ret) {
1769 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1770 			    arvif->vdev_id, ret);
1771 		return ret;
1772 	}
1773 
1774 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1775 	 * firmware will crash upon vdev up.
1776 	 */
1777 
1778 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1779 	if (ret) {
1780 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1781 		return ret;
1782 	}
1783 
1784 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1785 	if (ret) {
1786 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1787 		return ret;
1788 	}
1789 
1790 	ret = ath10k_vdev_restart(arvif, &def);
1791 	if (ret) {
1792 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1793 			    arvif->vdev_id, ret);
1794 		return ret;
1795 	}
1796 
1797 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1798 				 arvif->bssid);
1799 	if (ret) {
1800 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1801 			    arvif->vdev_id, ret);
1802 		return ret;
1803 	}
1804 
1805 	return 0;
1806 }
1807 
1808 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1809 				     struct ieee80211_bss_conf *info)
1810 {
1811 	struct ath10k *ar = arvif->ar;
1812 	int ret = 0;
1813 
1814 	lockdep_assert_held(&arvif->ar->conf_mutex);
1815 
1816 	if (!info->enable_beacon) {
1817 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1818 		if (ret)
1819 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1820 				    arvif->vdev_id, ret);
1821 
1822 		arvif->is_up = false;
1823 
1824 		spin_lock_bh(&arvif->ar->data_lock);
1825 		ath10k_mac_vif_beacon_free(arvif);
1826 		spin_unlock_bh(&arvif->ar->data_lock);
1827 
1828 		return;
1829 	}
1830 
1831 	arvif->tx_seq_no = 0x1000;
1832 
1833 	arvif->aid = 0;
1834 	ether_addr_copy(arvif->bssid, info->bssid);
1835 
1836 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1837 				 arvif->bssid);
1838 	if (ret) {
1839 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1840 			    arvif->vdev_id, ret);
1841 		return;
1842 	}
1843 
1844 	arvif->is_up = true;
1845 
1846 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1847 	if (ret) {
1848 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1849 			    arvif->vdev_id, ret);
1850 		return;
1851 	}
1852 
1853 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1854 }
1855 
1856 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1857 				struct ieee80211_vif *vif)
1858 {
1859 	struct ath10k *ar = arvif->ar;
1860 	u32 vdev_param;
1861 	int ret = 0;
1862 
1863 	lockdep_assert_held(&arvif->ar->conf_mutex);
1864 
1865 	if (!vif->cfg.ibss_joined) {
1866 		if (is_zero_ether_addr(arvif->bssid))
1867 			return;
1868 
1869 		eth_zero_addr(arvif->bssid);
1870 
1871 		return;
1872 	}
1873 
1874 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1875 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1876 					ATH10K_DEFAULT_ATIM);
1877 	if (ret)
1878 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1879 			    arvif->vdev_id, ret);
1880 }
1881 
1882 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1883 {
1884 	struct ath10k *ar = arvif->ar;
1885 	u32 param;
1886 	u32 value;
1887 	int ret;
1888 
1889 	lockdep_assert_held(&arvif->ar->conf_mutex);
1890 
1891 	if (arvif->u.sta.uapsd)
1892 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1893 	else
1894 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1895 
1896 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1897 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1898 	if (ret) {
1899 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1900 			    value, arvif->vdev_id, ret);
1901 		return ret;
1902 	}
1903 
1904 	return 0;
1905 }
1906 
1907 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1908 {
1909 	struct ath10k *ar = arvif->ar;
1910 	u32 param;
1911 	u32 value;
1912 	int ret;
1913 
1914 	lockdep_assert_held(&arvif->ar->conf_mutex);
1915 
1916 	if (arvif->u.sta.uapsd)
1917 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1918 	else
1919 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1920 
1921 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1922 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1923 					  param, value);
1924 	if (ret) {
1925 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1926 			    value, arvif->vdev_id, ret);
1927 		return ret;
1928 	}
1929 
1930 	return 0;
1931 }
1932 
1933 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1934 {
1935 	struct ath10k_vif *arvif;
1936 	int num = 0;
1937 
1938 	lockdep_assert_held(&ar->conf_mutex);
1939 
1940 	list_for_each_entry(arvif, &ar->arvifs, list)
1941 		if (arvif->is_started)
1942 			num++;
1943 
1944 	return num;
1945 }
1946 
1947 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1948 {
1949 	struct ath10k *ar = arvif->ar;
1950 	struct ieee80211_vif *vif = arvif->vif;
1951 	struct ieee80211_conf *conf = &ar->hw->conf;
1952 	enum wmi_sta_powersave_param param;
1953 	enum wmi_sta_ps_mode psmode;
1954 	int ret;
1955 	int ps_timeout;
1956 	bool enable_ps;
1957 
1958 	lockdep_assert_held(&arvif->ar->conf_mutex);
1959 
1960 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1961 		return 0;
1962 
1963 	enable_ps = arvif->ps;
1964 
1965 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1966 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1967 		      ar->running_fw->fw_file.fw_features)) {
1968 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1969 			    arvif->vdev_id);
1970 		enable_ps = false;
1971 	}
1972 
1973 	if (!arvif->is_started) {
1974 		/* mac80211 can update vif powersave state while disconnected.
1975 		 * Firmware doesn't behave nicely and consumes more power than
1976 		 * necessary if PS is disabled on a non-started vdev. Hence
1977 		 * force-enable PS for non-running vdevs.
1978 		 */
1979 		psmode = WMI_STA_PS_MODE_ENABLED;
1980 	} else if (enable_ps) {
1981 		psmode = WMI_STA_PS_MODE_ENABLED;
1982 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1983 
1984 		ps_timeout = conf->dynamic_ps_timeout;
1985 		if (ps_timeout == 0) {
1986 			/* Firmware doesn't like 0 */
1987 			ps_timeout = ieee80211_tu_to_usec(
1988 				vif->bss_conf.beacon_int) / 1000;
1989 		}
1990 
1991 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1992 						  ps_timeout);
1993 		if (ret) {
1994 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1995 				    arvif->vdev_id, ret);
1996 			return ret;
1997 		}
1998 	} else {
1999 		psmode = WMI_STA_PS_MODE_DISABLED;
2000 	}
2001 
2002 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
2003 		   arvif->vdev_id, psmode ? "enable" : "disable");
2004 
2005 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
2006 	if (ret) {
2007 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
2008 			    psmode, arvif->vdev_id, ret);
2009 		return ret;
2010 	}
2011 
2012 	return 0;
2013 }
2014 
2015 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
2016 {
2017 	struct ath10k *ar = arvif->ar;
2018 	struct wmi_sta_keepalive_arg arg = {};
2019 	int ret;
2020 
2021 	lockdep_assert_held(&arvif->ar->conf_mutex);
2022 
2023 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
2024 		return 0;
2025 
2026 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
2027 		return 0;
2028 
2029 	/* Some firmware revisions have a bug and ignore the `enabled` field.
2030 	 * Instead use the interval to disable the keepalive.
2031 	 */
2032 	arg.vdev_id = arvif->vdev_id;
2033 	arg.enabled = 1;
2034 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
2035 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
2036 
2037 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
2038 	if (ret) {
2039 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
2040 			    arvif->vdev_id, ret);
2041 		return ret;
2042 	}
2043 
2044 	return 0;
2045 }
2046 
2047 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2048 {
2049 	struct ath10k *ar = arvif->ar;
2050 	struct ieee80211_vif *vif = arvif->vif;
2051 	int ret;
2052 
2053 	lockdep_assert_held(&arvif->ar->conf_mutex);
2054 
2055 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2056 		return;
2057 
2058 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2059 		return;
2060 
2061 	if (!vif->bss_conf.csa_active)
2062 		return;
2063 
2064 	if (!arvif->is_up)
2065 		return;
2066 
2067 	if (!ieee80211_beacon_cntdwn_is_complete(vif, 0)) {
2068 		ieee80211_beacon_update_cntdwn(vif, 0);
2069 
2070 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2071 		if (ret)
2072 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2073 				    ret);
2074 
2075 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2076 		if (ret)
2077 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2078 				    ret);
2079 	} else {
2080 		ieee80211_csa_finish(vif, 0);
2081 	}
2082 }
2083 
2084 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2085 {
2086 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2087 						ap_csa_work);
2088 	struct ath10k *ar = arvif->ar;
2089 
2090 	mutex_lock(&ar->conf_mutex);
2091 	ath10k_mac_vif_ap_csa_count_down(arvif);
2092 	mutex_unlock(&ar->conf_mutex);
2093 }
2094 
2095 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2096 					  struct ieee80211_vif *vif)
2097 {
2098 	struct sk_buff *skb = data;
2099 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2100 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2101 
2102 	if (vif->type != NL80211_IFTYPE_STATION)
2103 		return;
2104 
2105 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2106 		return;
2107 
2108 	cancel_delayed_work(&arvif->connection_loss_work);
2109 }
2110 
2111 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2112 {
2113 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2114 						   ATH10K_ITER_NORMAL_FLAGS,
2115 						   ath10k_mac_handle_beacon_iter,
2116 						   skb);
2117 }
2118 
2119 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2120 					       struct ieee80211_vif *vif)
2121 {
2122 	u32 *vdev_id = data;
2123 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2124 	struct ath10k *ar = arvif->ar;
2125 	struct ieee80211_hw *hw = ar->hw;
2126 
2127 	if (arvif->vdev_id != *vdev_id)
2128 		return;
2129 
2130 	if (!arvif->is_up)
2131 		return;
2132 
2133 	ieee80211_beacon_loss(vif);
2134 
2135 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2136 	 * (done by mac80211) succeeds but beacons do not resume then it
2137 	 * doesn't make sense to continue operation. Queue connection loss work
2138 	 * which can be cancelled when beacon is received.
2139 	 */
2140 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2141 				     ATH10K_CONNECTION_LOSS_HZ);
2142 }
2143 
2144 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2145 {
2146 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2147 						   ATH10K_ITER_NORMAL_FLAGS,
2148 						   ath10k_mac_handle_beacon_miss_iter,
2149 						   &vdev_id);
2150 }
2151 
2152 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2153 {
2154 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2155 						connection_loss_work.work);
2156 	struct ieee80211_vif *vif = arvif->vif;
2157 
2158 	if (!arvif->is_up)
2159 		return;
2160 
2161 	ieee80211_connection_loss(vif);
2162 }
2163 
2164 /**********************/
2165 /* Station management */
2166 /**********************/
2167 
2168 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2169 					     struct ieee80211_vif *vif)
2170 {
2171 	/* Some firmware revisions have unstable STA powersave when listen
2172 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2173 	 * generate NullFunc frames properly even if buffered frames have been
2174 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2175 	 * buffered frames. Often pinging the device from AP would simply fail.
2176 	 *
2177 	 * As a workaround set it to 1.
2178 	 */
2179 	if (vif->type == NL80211_IFTYPE_STATION)
2180 		return 1;
2181 
2182 	return ar->hw->conf.listen_interval;
2183 }
2184 
2185 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2186 				      struct ieee80211_vif *vif,
2187 				      struct ieee80211_sta *sta,
2188 				      struct wmi_peer_assoc_complete_arg *arg)
2189 {
2190 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2191 	u32 aid;
2192 
2193 	lockdep_assert_held(&ar->conf_mutex);
2194 
2195 	if (vif->type == NL80211_IFTYPE_STATION)
2196 		aid = vif->cfg.aid;
2197 	else
2198 		aid = sta->aid;
2199 
2200 	ether_addr_copy(arg->addr, sta->addr);
2201 	arg->vdev_id = arvif->vdev_id;
2202 	arg->peer_aid = aid;
2203 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2204 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2205 	arg->peer_num_spatial_streams = 1;
2206 	arg->peer_caps = vif->bss_conf.assoc_capability;
2207 }
2208 
2209 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2210 				       struct ieee80211_vif *vif,
2211 				       struct ieee80211_sta *sta,
2212 				       struct wmi_peer_assoc_complete_arg *arg)
2213 {
2214 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2215 	struct cfg80211_chan_def def;
2216 	struct cfg80211_bss *bss;
2217 	const u8 *rsnie = NULL;
2218 	const u8 *wpaie = NULL;
2219 
2220 	lockdep_assert_held(&ar->conf_mutex);
2221 
2222 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2223 		return;
2224 
2225 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid,
2226 			       vif->cfg.ssid_len ? vif->cfg.ssid : NULL,
2227 			       vif->cfg.ssid_len,
2228 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2229 	if (bss) {
2230 		const struct cfg80211_bss_ies *ies;
2231 
2232 		rcu_read_lock();
2233 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2234 
2235 		ies = rcu_dereference(bss->ies);
2236 
2237 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2238 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2239 						ies->data,
2240 						ies->len);
2241 		rcu_read_unlock();
2242 		cfg80211_put_bss(ar->hw->wiphy, bss);
2243 	}
2244 
2245 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2246 	if (rsnie || wpaie) {
2247 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2248 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2249 	}
2250 
2251 	if (wpaie) {
2252 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2253 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2254 	}
2255 
2256 	if (sta->mfp &&
2257 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2258 		     ar->running_fw->fw_file.fw_features)) {
2259 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2260 	}
2261 }
2262 
2263 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2264 				      struct ieee80211_vif *vif,
2265 				      struct ieee80211_sta *sta,
2266 				      struct wmi_peer_assoc_complete_arg *arg)
2267 {
2268 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2269 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2270 	struct cfg80211_chan_def def;
2271 	const struct ieee80211_supported_band *sband;
2272 	const struct ieee80211_rate *rates;
2273 	enum nl80211_band band;
2274 	u32 ratemask;
2275 	u8 rate;
2276 	int i;
2277 
2278 	lockdep_assert_held(&ar->conf_mutex);
2279 
2280 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2281 		return;
2282 
2283 	band = def.chan->band;
2284 	sband = ar->hw->wiphy->bands[band];
2285 	ratemask = sta->deflink.supp_rates[band];
2286 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2287 	rates = sband->bitrates;
2288 
2289 	rateset->num_rates = 0;
2290 
2291 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2292 		if (!(ratemask & 1))
2293 			continue;
2294 
2295 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2296 		rateset->rates[rateset->num_rates] = rate;
2297 		rateset->num_rates++;
2298 	}
2299 }
2300 
2301 static bool
2302 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2303 {
2304 	int nss;
2305 
2306 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2307 		if (ht_mcs_mask[nss])
2308 			return false;
2309 
2310 	return true;
2311 }
2312 
2313 static bool
2314 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2315 {
2316 	int nss;
2317 
2318 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2319 		if (vht_mcs_mask[nss])
2320 			return false;
2321 
2322 	return true;
2323 }
2324 
2325 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2326 				   struct ieee80211_vif *vif,
2327 				   struct ieee80211_sta *sta,
2328 				   struct wmi_peer_assoc_complete_arg *arg)
2329 {
2330 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
2331 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2332 	struct cfg80211_chan_def def;
2333 	enum nl80211_band band;
2334 	const u8 *ht_mcs_mask;
2335 	const u16 *vht_mcs_mask;
2336 	int i, n;
2337 	u8 max_nss;
2338 	u32 stbc;
2339 
2340 	lockdep_assert_held(&ar->conf_mutex);
2341 
2342 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2343 		return;
2344 
2345 	if (!ht_cap->ht_supported)
2346 		return;
2347 
2348 	band = def.chan->band;
2349 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2350 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2351 
2352 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2353 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2354 		return;
2355 
2356 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2357 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2358 				    ht_cap->ampdu_factor)) - 1;
2359 
2360 	arg->peer_mpdu_density =
2361 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2362 
2363 	arg->peer_ht_caps = ht_cap->cap;
2364 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2365 
2366 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2367 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2368 
2369 	if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40) {
2370 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2371 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2372 	}
2373 
2374 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2375 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2376 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2377 
2378 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2379 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2380 	}
2381 
2382 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2383 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2384 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2385 	}
2386 
2387 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2388 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2389 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2390 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2391 		arg->peer_rate_caps |= stbc;
2392 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2393 	}
2394 
2395 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2396 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2397 	else if (ht_cap->mcs.rx_mask[1])
2398 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2399 
2400 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2401 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2402 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2403 			max_nss = (i / 8) + 1;
2404 			arg->peer_ht_rates.rates[n++] = i;
2405 		}
2406 
2407 	/*
2408 	 * This is a workaround for HT-enabled STAs which break the spec
2409 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2410 	 *
2411 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2412 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2413 	 *
2414 	 * Firmware asserts if such situation occurs.
2415 	 */
2416 	if (n == 0) {
2417 		arg->peer_ht_rates.num_rates = 8;
2418 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2419 			arg->peer_ht_rates.rates[i] = i;
2420 	} else {
2421 		arg->peer_ht_rates.num_rates = n;
2422 		arg->peer_num_spatial_streams = min(sta->deflink.rx_nss,
2423 						    max_nss);
2424 	}
2425 
2426 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2427 		   arg->addr,
2428 		   arg->peer_ht_rates.num_rates,
2429 		   arg->peer_num_spatial_streams);
2430 }
2431 
2432 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2433 				    struct ath10k_vif *arvif,
2434 				    struct ieee80211_sta *sta)
2435 {
2436 	u32 uapsd = 0;
2437 	u32 max_sp = 0;
2438 	int ret = 0;
2439 
2440 	lockdep_assert_held(&ar->conf_mutex);
2441 
2442 	if (sta->wme && sta->uapsd_queues) {
2443 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2444 			   sta->uapsd_queues, sta->max_sp);
2445 
2446 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2447 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2448 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2449 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2450 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2451 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2452 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2453 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2454 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2455 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2456 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2457 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2458 
2459 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2460 			max_sp = sta->max_sp;
2461 
2462 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2463 						 sta->addr,
2464 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2465 						 uapsd);
2466 		if (ret) {
2467 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2468 				    arvif->vdev_id, ret);
2469 			return ret;
2470 		}
2471 
2472 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2473 						 sta->addr,
2474 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2475 						 max_sp);
2476 		if (ret) {
2477 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2478 				    arvif->vdev_id, ret);
2479 			return ret;
2480 		}
2481 
2482 		/* TODO setup this based on STA listen interval and
2483 		 * beacon interval. Currently we don't know
2484 		 * sta->listen_interval - mac80211 patch required.
2485 		 * Currently use 10 seconds
2486 		 */
2487 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2488 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2489 						 10);
2490 		if (ret) {
2491 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2492 				    arvif->vdev_id, ret);
2493 			return ret;
2494 		}
2495 	}
2496 
2497 	return 0;
2498 }
2499 
2500 static u16
2501 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2502 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2503 {
2504 	int idx_limit;
2505 	int nss;
2506 	u16 mcs_map;
2507 	u16 mcs;
2508 
2509 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2510 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2511 			  vht_mcs_limit[nss];
2512 
2513 		if (mcs_map)
2514 			idx_limit = fls(mcs_map) - 1;
2515 		else
2516 			idx_limit = -1;
2517 
2518 		switch (idx_limit) {
2519 		case 0:
2520 		case 1:
2521 		case 2:
2522 		case 3:
2523 		case 4:
2524 		case 5:
2525 		case 6:
2526 		default:
2527 			/* see ath10k_mac_can_set_bitrate_mask() */
2528 			WARN_ON(1);
2529 			fallthrough;
2530 		case -1:
2531 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2532 			break;
2533 		case 7:
2534 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2535 			break;
2536 		case 8:
2537 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2538 			break;
2539 		case 9:
2540 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2541 			break;
2542 		}
2543 
2544 		tx_mcs_set &= ~(0x3 << (nss * 2));
2545 		tx_mcs_set |= mcs << (nss * 2);
2546 	}
2547 
2548 	return tx_mcs_set;
2549 }
2550 
2551 static u32 get_160mhz_nss_from_maxrate(int rate)
2552 {
2553 	u32 nss;
2554 
2555 	switch (rate) {
2556 	case 780:
2557 		nss = 1;
2558 		break;
2559 	case 1560:
2560 		nss = 2;
2561 		break;
2562 	case 2106:
2563 		nss = 3; /* not support MCS9 from spec*/
2564 		break;
2565 	case 3120:
2566 		nss = 4;
2567 		break;
2568 	default:
2569 		 nss = 1;
2570 	}
2571 
2572 	return nss;
2573 }
2574 
2575 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2576 				    struct ieee80211_vif *vif,
2577 				    struct ieee80211_sta *sta,
2578 				    struct wmi_peer_assoc_complete_arg *arg)
2579 {
2580 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2581 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2582 	struct ath10k_hw_params *hw = &ar->hw_params;
2583 	struct cfg80211_chan_def def;
2584 	enum nl80211_band band;
2585 	const u16 *vht_mcs_mask;
2586 	u8 ampdu_factor;
2587 	u8 max_nss, vht_mcs;
2588 	int i;
2589 
2590 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2591 		return;
2592 
2593 	if (!vht_cap->vht_supported)
2594 		return;
2595 
2596 	band = def.chan->band;
2597 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2598 
2599 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2600 		return;
2601 
2602 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2603 
2604 	if (def.chan->band == NL80211_BAND_2GHZ)
2605 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2606 
2607 	arg->peer_vht_caps = vht_cap->cap;
2608 
2609 	ampdu_factor = (vht_cap->cap &
2610 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2611 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2612 
2613 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2614 	 * zero in VHT IE. Using it would result in degraded throughput.
2615 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2616 	 * it if VHT max_mpdu is smaller.
2617 	 */
2618 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2619 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2620 					ampdu_factor)) - 1);
2621 
2622 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2623 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2624 
2625 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
2626 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2627 
2628 	/* Calculate peer NSS capability from VHT capabilities if STA
2629 	 * supports VHT.
2630 	 */
2631 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2632 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2633 			  (2 * i) & 3;
2634 
2635 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2636 		    vht_mcs_mask[i])
2637 			max_nss = i + 1;
2638 	}
2639 	arg->peer_num_spatial_streams = min(sta->deflink.rx_nss, max_nss);
2640 	arg->peer_vht_rates.rx_max_rate =
2641 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2642 	arg->peer_vht_rates.rx_mcs_set =
2643 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2644 	arg->peer_vht_rates.tx_max_rate =
2645 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2646 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2647 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2648 
2649 	/* Configure bandwidth-NSS mapping to FW
2650 	 * for the chip's tx chains setting on 160Mhz bw
2651 	 */
2652 	if (arg->peer_phymode == MODE_11AC_VHT160 ||
2653 	    arg->peer_phymode == MODE_11AC_VHT80_80) {
2654 		u32 rx_nss;
2655 		u32 max_rate;
2656 
2657 		max_rate = arg->peer_vht_rates.rx_max_rate;
2658 		rx_nss = get_160mhz_nss_from_maxrate(max_rate);
2659 
2660 		if (rx_nss == 0)
2661 			rx_nss = arg->peer_num_spatial_streams;
2662 		else
2663 			rx_nss = min(arg->peer_num_spatial_streams, rx_nss);
2664 
2665 		max_rate = hw->vht160_mcs_tx_highest;
2666 		rx_nss = min(rx_nss, get_160mhz_nss_from_maxrate(max_rate));
2667 
2668 		arg->peer_bw_rxnss_override =
2669 			FIELD_PREP(WMI_PEER_NSS_MAP_ENABLE, 1) |
2670 			FIELD_PREP(WMI_PEER_NSS_160MHZ_MASK, (rx_nss - 1));
2671 
2672 		if (arg->peer_phymode == MODE_11AC_VHT80_80) {
2673 			arg->peer_bw_rxnss_override |=
2674 			FIELD_PREP(WMI_PEER_NSS_80_80MHZ_MASK, (rx_nss - 1));
2675 		}
2676 	}
2677 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2678 		   "mac vht peer %pM max_mpdu %d flags 0x%x peer_rx_nss_override 0x%x\n",
2679 		   sta->addr, arg->peer_max_mpdu,
2680 		   arg->peer_flags, arg->peer_bw_rxnss_override);
2681 }
2682 
2683 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2684 				    struct ieee80211_vif *vif,
2685 				    struct ieee80211_sta *sta,
2686 				    struct wmi_peer_assoc_complete_arg *arg)
2687 {
2688 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2689 
2690 	switch (arvif->vdev_type) {
2691 	case WMI_VDEV_TYPE_AP:
2692 		if (sta->wme)
2693 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2694 
2695 		if (sta->wme && sta->uapsd_queues) {
2696 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2697 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2698 		}
2699 		break;
2700 	case WMI_VDEV_TYPE_STA:
2701 		if (sta->wme)
2702 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2703 		break;
2704 	case WMI_VDEV_TYPE_IBSS:
2705 		if (sta->wme)
2706 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2707 		break;
2708 	default:
2709 		break;
2710 	}
2711 
2712 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2713 		   sta->addr, !!(arg->peer_flags &
2714 		   arvif->ar->wmi.peer_flags->qos));
2715 }
2716 
2717 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2718 {
2719 	return sta->deflink.supp_rates[NL80211_BAND_2GHZ] >>
2720 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2721 }
2722 
2723 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2724 						    struct ieee80211_sta *sta)
2725 {
2726 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2727 
2728 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160) {
2729 		switch (vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2730 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2731 			return MODE_11AC_VHT160;
2732 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2733 			return MODE_11AC_VHT80_80;
2734 		default:
2735 			/* not sure if this is a valid case? */
2736 			return MODE_11AC_VHT160;
2737 		}
2738 	}
2739 
2740 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2741 		return MODE_11AC_VHT80;
2742 
2743 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2744 		return MODE_11AC_VHT40;
2745 
2746 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
2747 		return MODE_11AC_VHT20;
2748 
2749 	return MODE_UNKNOWN;
2750 }
2751 
2752 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2753 					struct ieee80211_vif *vif,
2754 					struct ieee80211_sta *sta,
2755 					struct wmi_peer_assoc_complete_arg *arg)
2756 {
2757 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2758 	struct cfg80211_chan_def def;
2759 	enum nl80211_band band;
2760 	const u8 *ht_mcs_mask;
2761 	const u16 *vht_mcs_mask;
2762 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2763 
2764 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2765 		return;
2766 
2767 	band = def.chan->band;
2768 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2769 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2770 
2771 	switch (band) {
2772 	case NL80211_BAND_2GHZ:
2773 		if (sta->deflink.vht_cap.vht_supported &&
2774 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2775 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2776 				phymode = MODE_11AC_VHT40;
2777 			else
2778 				phymode = MODE_11AC_VHT20;
2779 		} else if (sta->deflink.ht_cap.ht_supported &&
2780 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2781 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2782 				phymode = MODE_11NG_HT40;
2783 			else
2784 				phymode = MODE_11NG_HT20;
2785 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2786 			phymode = MODE_11G;
2787 		} else {
2788 			phymode = MODE_11B;
2789 		}
2790 
2791 		break;
2792 	case NL80211_BAND_5GHZ:
2793 		/*
2794 		 * Check VHT first.
2795 		 */
2796 		if (sta->deflink.vht_cap.vht_supported &&
2797 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2798 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2799 		} else if (sta->deflink.ht_cap.ht_supported &&
2800 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2801 			if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40)
2802 				phymode = MODE_11NA_HT40;
2803 			else
2804 				phymode = MODE_11NA_HT20;
2805 		} else {
2806 			phymode = MODE_11A;
2807 		}
2808 
2809 		break;
2810 	default:
2811 		break;
2812 	}
2813 
2814 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2815 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2816 
2817 	arg->peer_phymode = phymode;
2818 	WARN_ON(phymode == MODE_UNKNOWN);
2819 }
2820 
2821 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2822 				     struct ieee80211_vif *vif,
2823 				     struct ieee80211_sta *sta,
2824 				     struct wmi_peer_assoc_complete_arg *arg)
2825 {
2826 	lockdep_assert_held(&ar->conf_mutex);
2827 
2828 	memset(arg, 0, sizeof(*arg));
2829 
2830 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2831 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2832 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2833 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2834 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2835 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2836 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2837 
2838 	return 0;
2839 }
2840 
2841 static const u32 ath10k_smps_map[] = {
2842 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2843 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2844 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2845 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2846 };
2847 
2848 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2849 				  const u8 *addr,
2850 				  const struct ieee80211_sta_ht_cap *ht_cap)
2851 {
2852 	int smps;
2853 
2854 	if (!ht_cap->ht_supported)
2855 		return 0;
2856 
2857 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2858 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2859 
2860 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2861 		return -EINVAL;
2862 
2863 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2864 					 ar->wmi.peer_param->smps_state,
2865 					 ath10k_smps_map[smps]);
2866 }
2867 
2868 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2869 				      struct ieee80211_vif *vif,
2870 				      struct ieee80211_sta_vht_cap vht_cap)
2871 {
2872 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2873 	int ret;
2874 	u32 param;
2875 	u32 value;
2876 
2877 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2878 		return 0;
2879 
2880 	if (!(ar->vht_cap_info &
2881 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2882 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2883 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2884 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2885 		return 0;
2886 
2887 	param = ar->wmi.vdev_param->txbf;
2888 	value = 0;
2889 
2890 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2891 		return 0;
2892 
2893 	/* The following logic is correct. If a remote STA advertises support
2894 	 * for being a beamformer then we should enable us being a beamformee.
2895 	 */
2896 
2897 	if (ar->vht_cap_info &
2898 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2899 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2900 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2901 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2902 
2903 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2904 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2905 	}
2906 
2907 	if (ar->vht_cap_info &
2908 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2909 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2910 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2911 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2912 
2913 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2914 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2915 	}
2916 
2917 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2918 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2919 
2920 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2921 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2922 
2923 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2924 	if (ret) {
2925 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2926 			    value, ret);
2927 		return ret;
2928 	}
2929 
2930 	return 0;
2931 }
2932 
2933 static bool ath10k_mac_is_connected(struct ath10k *ar)
2934 {
2935 	struct ath10k_vif *arvif;
2936 
2937 	list_for_each_entry(arvif, &ar->arvifs, list) {
2938 		if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
2939 			return true;
2940 	}
2941 
2942 	return false;
2943 }
2944 
2945 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
2946 {
2947 	int ret;
2948 	u32 param;
2949 	int tx_power_2g, tx_power_5g;
2950 	bool connected;
2951 
2952 	lockdep_assert_held(&ar->conf_mutex);
2953 
2954 	/* ath10k internally uses unit of 0.5 dBm so multiply by 2 */
2955 	tx_power_2g = txpower * 2;
2956 	tx_power_5g = txpower * 2;
2957 
2958 	connected = ath10k_mac_is_connected(ar);
2959 
2960 	if (connected && ar->tx_power_2g_limit)
2961 		if (tx_power_2g > ar->tx_power_2g_limit)
2962 			tx_power_2g = ar->tx_power_2g_limit;
2963 
2964 	if (connected && ar->tx_power_5g_limit)
2965 		if (tx_power_5g > ar->tx_power_5g_limit)
2966 			tx_power_5g = ar->tx_power_5g_limit;
2967 
2968 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower 2g: %d, 5g: %d\n",
2969 		   tx_power_2g, tx_power_5g);
2970 
2971 	param = ar->wmi.pdev_param->txpower_limit2g;
2972 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_2g);
2973 	if (ret) {
2974 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
2975 			    tx_power_2g, ret);
2976 		return ret;
2977 	}
2978 
2979 	param = ar->wmi.pdev_param->txpower_limit5g;
2980 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_5g);
2981 	if (ret) {
2982 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
2983 			    tx_power_5g, ret);
2984 		return ret;
2985 	}
2986 
2987 	return 0;
2988 }
2989 
2990 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
2991 {
2992 	struct ath10k_vif *arvif;
2993 	int ret, txpower = -1;
2994 
2995 	lockdep_assert_held(&ar->conf_mutex);
2996 
2997 	list_for_each_entry(arvif, &ar->arvifs, list) {
2998 		/* txpower not initialized yet? */
2999 		if (arvif->txpower == INT_MIN)
3000 			continue;
3001 
3002 		if (txpower == -1)
3003 			txpower = arvif->txpower;
3004 		else
3005 			txpower = min(txpower, arvif->txpower);
3006 	}
3007 
3008 	if (txpower == -1)
3009 		return 0;
3010 
3011 	ret = ath10k_mac_txpower_setup(ar, txpower);
3012 	if (ret) {
3013 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
3014 			    txpower, ret);
3015 		return ret;
3016 	}
3017 
3018 	return 0;
3019 }
3020 
3021 static int ath10k_mac_set_sar_power(struct ath10k *ar)
3022 {
3023 	if (!ar->hw_params.dynamic_sar_support)
3024 		return -EOPNOTSUPP;
3025 
3026 	if (!ath10k_mac_is_connected(ar))
3027 		return 0;
3028 
3029 	/* if connected, then arvif->txpower must be valid */
3030 	return ath10k_mac_txpower_recalc(ar);
3031 }
3032 
3033 static int ath10k_mac_set_sar_specs(struct ieee80211_hw *hw,
3034 				    const struct cfg80211_sar_specs *sar)
3035 {
3036 	const struct cfg80211_sar_sub_specs *sub_specs;
3037 	struct ath10k *ar = hw->priv;
3038 	u32 i;
3039 	int ret;
3040 
3041 	mutex_lock(&ar->conf_mutex);
3042 
3043 	if (!ar->hw_params.dynamic_sar_support) {
3044 		ret = -EOPNOTSUPP;
3045 		goto err;
3046 	}
3047 
3048 	if (!sar || sar->type != NL80211_SAR_TYPE_POWER ||
3049 	    sar->num_sub_specs == 0) {
3050 		ret = -EINVAL;
3051 		goto err;
3052 	}
3053 
3054 	sub_specs = sar->sub_specs;
3055 
3056 	/* 0dbm is not a practical value for ath10k, so use 0
3057 	 * as no SAR limitation on it.
3058 	 */
3059 	ar->tx_power_2g_limit = 0;
3060 	ar->tx_power_5g_limit = 0;
3061 
3062 	/* note the power is in 0.25dbm unit, while ath10k uses
3063 	 * 0.5dbm unit.
3064 	 */
3065 	for (i = 0; i < sar->num_sub_specs; i++) {
3066 		if (sub_specs->freq_range_index == 0)
3067 			ar->tx_power_2g_limit = sub_specs->power / 2;
3068 		else if (sub_specs->freq_range_index == 1)
3069 			ar->tx_power_5g_limit = sub_specs->power / 2;
3070 
3071 		sub_specs++;
3072 	}
3073 
3074 	ret = ath10k_mac_set_sar_power(ar);
3075 	if (ret) {
3076 		ath10k_warn(ar, "failed to set sar power: %d", ret);
3077 		goto err;
3078 	}
3079 
3080 err:
3081 	mutex_unlock(&ar->conf_mutex);
3082 	return ret;
3083 }
3084 
3085 /* can be called only in mac80211 callbacks due to `key_count` usage */
3086 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
3087 			     struct ieee80211_vif *vif,
3088 			     struct ieee80211_bss_conf *bss_conf)
3089 {
3090 	struct ath10k *ar = hw->priv;
3091 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3092 	struct ieee80211_sta_ht_cap ht_cap;
3093 	struct ieee80211_sta_vht_cap vht_cap;
3094 	struct wmi_peer_assoc_complete_arg peer_arg;
3095 	struct ieee80211_sta *ap_sta;
3096 	int ret;
3097 
3098 	lockdep_assert_held(&ar->conf_mutex);
3099 
3100 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
3101 		   arvif->vdev_id, arvif->bssid, arvif->aid);
3102 
3103 	rcu_read_lock();
3104 
3105 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
3106 	if (!ap_sta) {
3107 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
3108 			    bss_conf->bssid, arvif->vdev_id);
3109 		rcu_read_unlock();
3110 		return;
3111 	}
3112 
3113 	/* ap_sta must be accessed only within rcu section which must be left
3114 	 * before calling ath10k_setup_peer_smps() which might sleep.
3115 	 */
3116 	ht_cap = ap_sta->deflink.ht_cap;
3117 	vht_cap = ap_sta->deflink.vht_cap;
3118 
3119 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
3120 	if (ret) {
3121 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
3122 			    bss_conf->bssid, arvif->vdev_id, ret);
3123 		rcu_read_unlock();
3124 		return;
3125 	}
3126 
3127 	rcu_read_unlock();
3128 
3129 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3130 	if (ret) {
3131 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
3132 			    bss_conf->bssid, arvif->vdev_id, ret);
3133 		return;
3134 	}
3135 
3136 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
3137 	if (ret) {
3138 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
3139 			    arvif->vdev_id, ret);
3140 		return;
3141 	}
3142 
3143 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3144 	if (ret) {
3145 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
3146 			    arvif->vdev_id, bss_conf->bssid, ret);
3147 		return;
3148 	}
3149 
3150 	ath10k_dbg(ar, ATH10K_DBG_MAC,
3151 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
3152 		   arvif->vdev_id, bss_conf->bssid, vif->cfg.aid);
3153 
3154 	WARN_ON(arvif->is_up);
3155 
3156 	arvif->aid = vif->cfg.aid;
3157 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
3158 
3159 	ret = ath10k_wmi_pdev_set_param(ar,
3160 					ar->wmi.pdev_param->peer_stats_info_enable, 1);
3161 	if (ret)
3162 		ath10k_warn(ar, "failed to enable peer stats info: %d\n", ret);
3163 
3164 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
3165 	if (ret) {
3166 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
3167 			    arvif->vdev_id, ret);
3168 		return;
3169 	}
3170 
3171 	arvif->is_up = true;
3172 
3173 	ath10k_mac_set_sar_power(ar);
3174 
3175 	/* Workaround: Some firmware revisions (tested with qca6174
3176 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
3177 	 * poked with peer param command.
3178 	 */
3179 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
3180 					ar->wmi.peer_param->dummy_var, 1);
3181 	if (ret) {
3182 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
3183 			    arvif->bssid, arvif->vdev_id, ret);
3184 		return;
3185 	}
3186 }
3187 
3188 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
3189 				struct ieee80211_vif *vif)
3190 {
3191 	struct ath10k *ar = hw->priv;
3192 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3193 	struct ieee80211_sta_vht_cap vht_cap = {};
3194 	int ret;
3195 
3196 	lockdep_assert_held(&ar->conf_mutex);
3197 
3198 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
3199 		   arvif->vdev_id, arvif->bssid);
3200 
3201 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
3202 	if (ret)
3203 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
3204 			    arvif->vdev_id, ret);
3205 
3206 	arvif->def_wep_key_idx = -1;
3207 
3208 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3209 	if (ret) {
3210 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
3211 			    arvif->vdev_id, ret);
3212 		return;
3213 	}
3214 
3215 	arvif->is_up = false;
3216 
3217 	ath10k_mac_txpower_recalc(ar);
3218 
3219 	cancel_delayed_work_sync(&arvif->connection_loss_work);
3220 }
3221 
3222 static int ath10k_new_peer_tid_config(struct ath10k *ar,
3223 				      struct ieee80211_sta *sta,
3224 				      struct ath10k_vif *arvif)
3225 {
3226 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
3227 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3228 	bool config_apply;
3229 	int ret, i;
3230 
3231 	for (i = 0; i < ATH10K_TID_MAX; i++) {
3232 		config_apply = false;
3233 		if (arvif->retry_long[i] || arvif->ampdu[i] ||
3234 		    arvif->rate_ctrl[i] || arvif->rtscts[i]) {
3235 			config_apply = true;
3236 			arg.tid = i;
3237 			arg.vdev_id = arvif->vdev_id;
3238 			arg.retry_count = arvif->retry_long[i];
3239 			arg.aggr_control = arvif->ampdu[i];
3240 			arg.rate_ctrl = arvif->rate_ctrl[i];
3241 			arg.rcode_flags = arvif->rate_code[i];
3242 
3243 			if (arvif->rtscts[i])
3244 				arg.ext_tid_cfg_bitmap =
3245 					WMI_EXT_TID_RTS_CTS_CONFIG;
3246 			else
3247 				arg.ext_tid_cfg_bitmap = 0;
3248 
3249 			arg.rtscts_ctrl = arvif->rtscts[i];
3250 		}
3251 
3252 		if (arvif->noack[i]) {
3253 			arg.ack_policy = arvif->noack[i];
3254 			arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
3255 			arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
3256 			config_apply = true;
3257 		}
3258 
3259 		/* Assign default value(-1) to newly connected station.
3260 		 * This is to identify station specific tid configuration not
3261 		 * configured for the station.
3262 		 */
3263 		arsta->retry_long[i] = -1;
3264 		arsta->noack[i] = -1;
3265 		arsta->ampdu[i] = -1;
3266 
3267 		if (!config_apply)
3268 			continue;
3269 
3270 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
3271 
3272 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
3273 		if (ret) {
3274 			ath10k_warn(ar, "failed to set per tid retry/aggr config for sta %pM: %d\n",
3275 				    sta->addr, ret);
3276 			return ret;
3277 		}
3278 
3279 		memset(&arg, 0, sizeof(arg));
3280 	}
3281 
3282 	return 0;
3283 }
3284 
3285 static int ath10k_station_assoc(struct ath10k *ar,
3286 				struct ieee80211_vif *vif,
3287 				struct ieee80211_sta *sta,
3288 				bool reassoc)
3289 {
3290 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3291 	struct wmi_peer_assoc_complete_arg peer_arg;
3292 	int ret = 0;
3293 
3294 	lockdep_assert_held(&ar->conf_mutex);
3295 
3296 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
3297 	if (ret) {
3298 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
3299 			    sta->addr, arvif->vdev_id, ret);
3300 		return ret;
3301 	}
3302 
3303 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3304 	if (ret) {
3305 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
3306 			    sta->addr, arvif->vdev_id, ret);
3307 		return ret;
3308 	}
3309 
3310 	/* Re-assoc is run only to update supported rates for given station. It
3311 	 * doesn't make much sense to reconfigure the peer completely.
3312 	 */
3313 	if (!reassoc) {
3314 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3315 					     &sta->deflink.ht_cap);
3316 		if (ret) {
3317 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3318 				    arvif->vdev_id, ret);
3319 			return ret;
3320 		}
3321 
3322 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3323 		if (ret) {
3324 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3325 				    sta->addr, arvif->vdev_id, ret);
3326 			return ret;
3327 		}
3328 
3329 		if (!sta->wme) {
3330 			arvif->num_legacy_stations++;
3331 			ret  = ath10k_recalc_rtscts_prot(arvif);
3332 			if (ret) {
3333 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3334 					    arvif->vdev_id, ret);
3335 				return ret;
3336 			}
3337 		}
3338 
3339 		/* Plumb cached keys only for static WEP */
3340 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3341 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3342 			if (ret) {
3343 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3344 					    arvif->vdev_id, ret);
3345 				return ret;
3346 			}
3347 		}
3348 	}
3349 
3350 	if (!test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map))
3351 		return ret;
3352 
3353 	return ath10k_new_peer_tid_config(ar, sta, arvif);
3354 }
3355 
3356 static int ath10k_station_disassoc(struct ath10k *ar,
3357 				   struct ieee80211_vif *vif,
3358 				   struct ieee80211_sta *sta)
3359 {
3360 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3361 	int ret = 0;
3362 
3363 	lockdep_assert_held(&ar->conf_mutex);
3364 
3365 	if (!sta->wme) {
3366 		arvif->num_legacy_stations--;
3367 		ret = ath10k_recalc_rtscts_prot(arvif);
3368 		if (ret) {
3369 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3370 				    arvif->vdev_id, ret);
3371 			return ret;
3372 		}
3373 	}
3374 
3375 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3376 	if (ret) {
3377 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3378 			    arvif->vdev_id, ret);
3379 		return ret;
3380 	}
3381 
3382 	return ret;
3383 }
3384 
3385 /**************/
3386 /* Regulatory */
3387 /**************/
3388 
3389 static int ath10k_update_channel_list(struct ath10k *ar)
3390 {
3391 	struct ieee80211_hw *hw = ar->hw;
3392 	struct ieee80211_supported_band **bands;
3393 	enum nl80211_band band;
3394 	struct ieee80211_channel *channel;
3395 	struct wmi_scan_chan_list_arg arg = {};
3396 	struct wmi_channel_arg *ch;
3397 	bool passive;
3398 	int len;
3399 	int ret;
3400 	int i;
3401 
3402 	lockdep_assert_held(&ar->conf_mutex);
3403 
3404 	bands = hw->wiphy->bands;
3405 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3406 		if (!bands[band])
3407 			continue;
3408 
3409 		for (i = 0; i < bands[band]->n_channels; i++) {
3410 			if (bands[band]->channels[i].flags &
3411 			    IEEE80211_CHAN_DISABLED)
3412 				continue;
3413 
3414 			arg.n_channels++;
3415 		}
3416 	}
3417 
3418 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3419 	arg.channels = kzalloc(len, GFP_KERNEL);
3420 	if (!arg.channels)
3421 		return -ENOMEM;
3422 
3423 	ch = arg.channels;
3424 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3425 		if (!bands[band])
3426 			continue;
3427 
3428 		for (i = 0; i < bands[band]->n_channels; i++) {
3429 			channel = &bands[band]->channels[i];
3430 
3431 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3432 				continue;
3433 
3434 			ch->allow_ht = true;
3435 
3436 			/* FIXME: when should we really allow VHT? */
3437 			ch->allow_vht = true;
3438 
3439 			ch->allow_ibss =
3440 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3441 
3442 			ch->ht40plus =
3443 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3444 
3445 			ch->chan_radar =
3446 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3447 
3448 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3449 			ch->passive = passive;
3450 
3451 			/* the firmware is ignoring the "radar" flag of the
3452 			 * channel and is scanning actively using Probe Requests
3453 			 * on "Radar detection"/DFS channels which are not
3454 			 * marked as "available"
3455 			 */
3456 			ch->passive |= ch->chan_radar;
3457 
3458 			ch->freq = channel->center_freq;
3459 			ch->band_center_freq1 = channel->center_freq;
3460 			ch->min_power = 0;
3461 			ch->max_power = channel->max_power * 2;
3462 			ch->max_reg_power = channel->max_reg_power * 2;
3463 			ch->max_antenna_gain = channel->max_antenna_gain;
3464 			ch->reg_class_id = 0; /* FIXME */
3465 
3466 			/* FIXME: why use only legacy modes, why not any
3467 			 * HT/VHT modes? Would that even make any
3468 			 * difference?
3469 			 */
3470 			if (channel->band == NL80211_BAND_2GHZ)
3471 				ch->mode = MODE_11G;
3472 			else
3473 				ch->mode = MODE_11A;
3474 
3475 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3476 				continue;
3477 
3478 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3479 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3480 				    ch - arg.channels, arg.n_channels,
3481 				   ch->freq, ch->max_power, ch->max_reg_power,
3482 				   ch->max_antenna_gain, ch->mode);
3483 
3484 			ch++;
3485 		}
3486 	}
3487 
3488 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3489 	kfree(arg.channels);
3490 
3491 	return ret;
3492 }
3493 
3494 static enum wmi_dfs_region
3495 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3496 {
3497 	switch (dfs_region) {
3498 	case NL80211_DFS_UNSET:
3499 		return WMI_UNINIT_DFS_DOMAIN;
3500 	case NL80211_DFS_FCC:
3501 		return WMI_FCC_DFS_DOMAIN;
3502 	case NL80211_DFS_ETSI:
3503 		return WMI_ETSI_DFS_DOMAIN;
3504 	case NL80211_DFS_JP:
3505 		return WMI_MKK4_DFS_DOMAIN;
3506 	}
3507 	return WMI_UNINIT_DFS_DOMAIN;
3508 }
3509 
3510 static void ath10k_regd_update(struct ath10k *ar)
3511 {
3512 	struct reg_dmn_pair_mapping *regpair;
3513 	int ret;
3514 	enum wmi_dfs_region wmi_dfs_reg;
3515 	enum nl80211_dfs_regions nl_dfs_reg;
3516 
3517 	lockdep_assert_held(&ar->conf_mutex);
3518 
3519 	ret = ath10k_update_channel_list(ar);
3520 	if (ret)
3521 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3522 
3523 	regpair = ar->ath_common.regulatory.regpair;
3524 
3525 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3526 		nl_dfs_reg = ar->dfs_detector->region;
3527 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3528 	} else {
3529 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3530 	}
3531 
3532 	/* Target allows setting up per-band regdomain but ath_common provides
3533 	 * a combined one only
3534 	 */
3535 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3536 					    regpair->reg_domain,
3537 					    regpair->reg_domain, /* 2ghz */
3538 					    regpair->reg_domain, /* 5ghz */
3539 					    regpair->reg_2ghz_ctl,
3540 					    regpair->reg_5ghz_ctl,
3541 					    wmi_dfs_reg);
3542 	if (ret)
3543 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3544 }
3545 
3546 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3547 					   struct ieee80211_supported_band *band)
3548 {
3549 	int i;
3550 
3551 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3552 		for (i = 0; i < band->n_channels; i++) {
3553 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3554 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3555 				band->channels[i].flags |=
3556 					IEEE80211_CHAN_DISABLED;
3557 		}
3558 	}
3559 }
3560 
3561 static void ath10k_reg_notifier(struct wiphy *wiphy,
3562 				struct regulatory_request *request)
3563 {
3564 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3565 	struct ath10k *ar = hw->priv;
3566 	bool result;
3567 
3568 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3569 
3570 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3571 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3572 			   request->dfs_region);
3573 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3574 							  request->dfs_region);
3575 		if (!result)
3576 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3577 				    request->dfs_region);
3578 	}
3579 
3580 	mutex_lock(&ar->conf_mutex);
3581 	if (ar->state == ATH10K_STATE_ON)
3582 		ath10k_regd_update(ar);
3583 	mutex_unlock(&ar->conf_mutex);
3584 
3585 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3586 		ath10k_mac_update_channel_list(ar,
3587 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3588 }
3589 
3590 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3591 {
3592 	spin_lock_bh(&ar->data_lock);
3593 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3594 	spin_unlock_bh(&ar->data_lock);
3595 
3596 	cancel_work_sync(&ar->radar_confirmation_work);
3597 }
3598 
3599 /***************/
3600 /* TX handlers */
3601 /***************/
3602 
3603 enum ath10k_mac_tx_path {
3604 	ATH10K_MAC_TX_HTT,
3605 	ATH10K_MAC_TX_HTT_MGMT,
3606 	ATH10K_MAC_TX_WMI_MGMT,
3607 	ATH10K_MAC_TX_UNKNOWN,
3608 };
3609 
3610 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3611 {
3612 	lockdep_assert_held(&ar->htt.tx_lock);
3613 
3614 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3615 	ar->tx_paused |= BIT(reason);
3616 	ieee80211_stop_queues(ar->hw);
3617 }
3618 
3619 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3620 				      struct ieee80211_vif *vif)
3621 {
3622 	struct ath10k *ar = data;
3623 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3624 
3625 	if (arvif->tx_paused)
3626 		return;
3627 
3628 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3629 }
3630 
3631 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3632 {
3633 	lockdep_assert_held(&ar->htt.tx_lock);
3634 
3635 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3636 	ar->tx_paused &= ~BIT(reason);
3637 
3638 	if (ar->tx_paused)
3639 		return;
3640 
3641 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3642 						   ATH10K_ITER_RESUME_FLAGS,
3643 						   ath10k_mac_tx_unlock_iter,
3644 						   ar);
3645 
3646 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3647 }
3648 
3649 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3650 {
3651 	struct ath10k *ar = arvif->ar;
3652 
3653 	lockdep_assert_held(&ar->htt.tx_lock);
3654 
3655 	WARN_ON(reason >= BITS_PER_LONG);
3656 	arvif->tx_paused |= BIT(reason);
3657 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3658 }
3659 
3660 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3661 {
3662 	struct ath10k *ar = arvif->ar;
3663 
3664 	lockdep_assert_held(&ar->htt.tx_lock);
3665 
3666 	WARN_ON(reason >= BITS_PER_LONG);
3667 	arvif->tx_paused &= ~BIT(reason);
3668 
3669 	if (ar->tx_paused)
3670 		return;
3671 
3672 	if (arvif->tx_paused)
3673 		return;
3674 
3675 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3676 }
3677 
3678 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3679 					   enum wmi_tlv_tx_pause_id pause_id,
3680 					   enum wmi_tlv_tx_pause_action action)
3681 {
3682 	struct ath10k *ar = arvif->ar;
3683 
3684 	lockdep_assert_held(&ar->htt.tx_lock);
3685 
3686 	switch (action) {
3687 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3688 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3689 		break;
3690 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3691 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3692 		break;
3693 	default:
3694 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3695 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3696 			    action, arvif->vdev_id);
3697 		break;
3698 	}
3699 }
3700 
3701 struct ath10k_mac_tx_pause {
3702 	u32 vdev_id;
3703 	enum wmi_tlv_tx_pause_id pause_id;
3704 	enum wmi_tlv_tx_pause_action action;
3705 };
3706 
3707 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3708 					    struct ieee80211_vif *vif)
3709 {
3710 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3711 	struct ath10k_mac_tx_pause *arg = data;
3712 
3713 	if (arvif->vdev_id != arg->vdev_id)
3714 		return;
3715 
3716 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3717 }
3718 
3719 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3720 				     enum wmi_tlv_tx_pause_id pause_id,
3721 				     enum wmi_tlv_tx_pause_action action)
3722 {
3723 	struct ath10k_mac_tx_pause arg = {
3724 		.vdev_id = vdev_id,
3725 		.pause_id = pause_id,
3726 		.action = action,
3727 	};
3728 
3729 	spin_lock_bh(&ar->htt.tx_lock);
3730 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3731 						   ATH10K_ITER_RESUME_FLAGS,
3732 						   ath10k_mac_handle_tx_pause_iter,
3733 						   &arg);
3734 	spin_unlock_bh(&ar->htt.tx_lock);
3735 }
3736 
3737 static enum ath10k_hw_txrx_mode
3738 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3739 			   struct ieee80211_vif *vif,
3740 			   struct ieee80211_sta *sta,
3741 			   struct sk_buff *skb)
3742 {
3743 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3744 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3745 	__le16 fc = hdr->frame_control;
3746 
3747 	if (IEEE80211_SKB_CB(skb)->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)
3748 		return ATH10K_HW_TXRX_ETHERNET;
3749 
3750 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3751 		return ATH10K_HW_TXRX_RAW;
3752 
3753 	if (ieee80211_is_mgmt(fc))
3754 		return ATH10K_HW_TXRX_MGMT;
3755 
3756 	/* Workaround:
3757 	 *
3758 	 * NullFunc frames are mostly used to ping if a client or AP are still
3759 	 * reachable and responsive. This implies tx status reports must be
3760 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3761 	 * come to a conclusion that the other end disappeared and tear down
3762 	 * BSS connection or it can never disconnect from BSS/client (which is
3763 	 * the case).
3764 	 *
3765 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3766 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3767 	 * which seems to deliver correct tx reports for NullFunc frames. The
3768 	 * downside of using it is it ignores client powersave state so it can
3769 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3770 	 * mode though because AP don't sleep.
3771 	 */
3772 	if (ar->htt.target_version_major < 3 &&
3773 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3774 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3775 		      ar->running_fw->fw_file.fw_features))
3776 		return ATH10K_HW_TXRX_MGMT;
3777 
3778 	/* Workaround:
3779 	 *
3780 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3781 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3782 	 * to work with Ethernet txmode so use it.
3783 	 *
3784 	 * FIXME: Check if raw mode works with TDLS.
3785 	 */
3786 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3787 		return ATH10K_HW_TXRX_ETHERNET;
3788 
3789 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3790 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3791 		return ATH10K_HW_TXRX_RAW;
3792 
3793 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3794 }
3795 
3796 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3797 				     struct sk_buff *skb)
3798 {
3799 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3800 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3801 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3802 			 IEEE80211_TX_CTL_INJECTED;
3803 
3804 	if (!ieee80211_has_protected(hdr->frame_control))
3805 		return false;
3806 
3807 	if ((info->flags & mask) == mask)
3808 		return false;
3809 
3810 	if (vif)
3811 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3812 
3813 	return true;
3814 }
3815 
3816 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3817  * Control in the header.
3818  */
3819 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3820 {
3821 	struct ieee80211_hdr *hdr = (void *)skb->data;
3822 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3823 	u8 *qos_ctl;
3824 
3825 	if (!ieee80211_is_data_qos(hdr->frame_control))
3826 		return;
3827 
3828 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3829 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3830 		skb->data, (void *)qos_ctl - (void *)skb->data);
3831 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3832 
3833 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3834 	 * These frames are mainly used for CQM purposes so it doesn't really
3835 	 * matter whether QoS NullFunc or NullFunc are sent.
3836 	 */
3837 	hdr = (void *)skb->data;
3838 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3839 		cb->flags &= ~ATH10K_SKB_F_QOS;
3840 
3841 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3842 }
3843 
3844 static void ath10k_tx_h_8023(struct sk_buff *skb)
3845 {
3846 	struct ieee80211_hdr *hdr;
3847 	struct rfc1042_hdr *rfc1042;
3848 	struct ethhdr *eth;
3849 	size_t hdrlen;
3850 	u8 da[ETH_ALEN];
3851 	u8 sa[ETH_ALEN];
3852 	__be16 type;
3853 
3854 	hdr = (void *)skb->data;
3855 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3856 	rfc1042 = (void *)skb->data + hdrlen;
3857 
3858 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3859 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3860 	type = rfc1042->snap_type;
3861 
3862 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3863 	skb_push(skb, sizeof(*eth));
3864 
3865 	eth = (void *)skb->data;
3866 	ether_addr_copy(eth->h_dest, da);
3867 	ether_addr_copy(eth->h_source, sa);
3868 	eth->h_proto = type;
3869 }
3870 
3871 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3872 				       struct ieee80211_vif *vif,
3873 				       struct sk_buff *skb)
3874 {
3875 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3876 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3877 
3878 	/* This is case only for P2P_GO */
3879 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3880 		return;
3881 
3882 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3883 		spin_lock_bh(&ar->data_lock);
3884 		if (arvif->u.ap.noa_data)
3885 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3886 					      GFP_ATOMIC))
3887 				skb_put_data(skb, arvif->u.ap.noa_data,
3888 					     arvif->u.ap.noa_len);
3889 		spin_unlock_bh(&ar->data_lock);
3890 	}
3891 }
3892 
3893 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3894 				    struct ieee80211_vif *vif,
3895 				    struct ieee80211_txq *txq,
3896 				    struct ieee80211_sta *sta,
3897 				    struct sk_buff *skb, u16 airtime)
3898 {
3899 	struct ieee80211_hdr *hdr = (void *)skb->data;
3900 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3901 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3902 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3903 			ieee80211_is_data_qos(hdr->frame_control);
3904 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3905 	struct ath10k_sta *arsta;
3906 	u8 tid, *qos_ctl;
3907 	bool noack = false;
3908 
3909 	cb->flags = 0;
3910 
3911 	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3912 		cb->flags |= ATH10K_SKB_F_QOS;	/* Assume data frames are QoS */
3913 		goto finish_cb_fill;
3914 	}
3915 
3916 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3917 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3918 
3919 	if (ieee80211_is_mgmt(hdr->frame_control))
3920 		cb->flags |= ATH10K_SKB_F_MGMT;
3921 
3922 	if (ieee80211_is_data_qos(hdr->frame_control)) {
3923 		cb->flags |= ATH10K_SKB_F_QOS;
3924 		qos_ctl = ieee80211_get_qos_ctl(hdr);
3925 		tid = (*qos_ctl) & IEEE80211_QOS_CTL_TID_MASK;
3926 
3927 		if (arvif->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3928 			noack = true;
3929 
3930 		if (sta) {
3931 			arsta = (struct ath10k_sta *)sta->drv_priv;
3932 
3933 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3934 				noack = true;
3935 
3936 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_ACK)
3937 				noack = false;
3938 		}
3939 
3940 		if (noack)
3941 			cb->flags |= ATH10K_SKB_F_NOACK_TID;
3942 	}
3943 
3944 	/* Data frames encrypted in software will be posted to firmware
3945 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3946 	 * for a specific VLAN group will always be encrypted in software.
3947 	 */
3948 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3949 	    !info->control.hw_key) {
3950 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3951 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3952 	}
3953 
3954 finish_cb_fill:
3955 	cb->vif = vif;
3956 	cb->txq = txq;
3957 	cb->airtime_est = airtime;
3958 	if (sta) {
3959 		arsta = (struct ath10k_sta *)sta->drv_priv;
3960 		spin_lock_bh(&ar->data_lock);
3961 		cb->ucast_cipher = arsta->ucast_cipher;
3962 		spin_unlock_bh(&ar->data_lock);
3963 	}
3964 }
3965 
3966 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3967 {
3968 	/* FIXME: Not really sure since when the behaviour changed. At some
3969 	 * point new firmware stopped requiring creation of peer entries for
3970 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3971 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3972 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3973 	 */
3974 	return (ar->htt.target_version_major >= 3 &&
3975 		ar->htt.target_version_minor >= 4 &&
3976 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3977 }
3978 
3979 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3980 {
3981 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3982 
3983 	if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
3984 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3985 		return -ENOSPC;
3986 	}
3987 
3988 	skb_queue_tail(q, skb);
3989 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3990 
3991 	return 0;
3992 }
3993 
3994 static enum ath10k_mac_tx_path
3995 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3996 			   struct sk_buff *skb,
3997 			   enum ath10k_hw_txrx_mode txmode)
3998 {
3999 	switch (txmode) {
4000 	case ATH10K_HW_TXRX_RAW:
4001 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4002 	case ATH10K_HW_TXRX_ETHERNET:
4003 		return ATH10K_MAC_TX_HTT;
4004 	case ATH10K_HW_TXRX_MGMT:
4005 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
4006 			     ar->running_fw->fw_file.fw_features) ||
4007 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
4008 				      ar->wmi.svc_map))
4009 			return ATH10K_MAC_TX_WMI_MGMT;
4010 		else if (ar->htt.target_version_major >= 3)
4011 			return ATH10K_MAC_TX_HTT;
4012 		else
4013 			return ATH10K_MAC_TX_HTT_MGMT;
4014 	}
4015 
4016 	return ATH10K_MAC_TX_UNKNOWN;
4017 }
4018 
4019 static int ath10k_mac_tx_submit(struct ath10k *ar,
4020 				enum ath10k_hw_txrx_mode txmode,
4021 				enum ath10k_mac_tx_path txpath,
4022 				struct sk_buff *skb)
4023 {
4024 	struct ath10k_htt *htt = &ar->htt;
4025 	int ret = -EINVAL;
4026 
4027 	switch (txpath) {
4028 	case ATH10K_MAC_TX_HTT:
4029 		ret = ath10k_htt_tx(htt, txmode, skb);
4030 		break;
4031 	case ATH10K_MAC_TX_HTT_MGMT:
4032 		ret = ath10k_htt_mgmt_tx(htt, skb);
4033 		break;
4034 	case ATH10K_MAC_TX_WMI_MGMT:
4035 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
4036 		break;
4037 	case ATH10K_MAC_TX_UNKNOWN:
4038 		WARN_ON_ONCE(1);
4039 		ret = -EINVAL;
4040 		break;
4041 	}
4042 
4043 	if (ret) {
4044 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
4045 			    ret);
4046 		ieee80211_free_txskb(ar->hw, skb);
4047 	}
4048 
4049 	return ret;
4050 }
4051 
4052 /* This function consumes the sk_buff regardless of return value as far as
4053  * caller is concerned so no freeing is necessary afterwards.
4054  */
4055 static int ath10k_mac_tx(struct ath10k *ar,
4056 			 struct ieee80211_vif *vif,
4057 			 enum ath10k_hw_txrx_mode txmode,
4058 			 enum ath10k_mac_tx_path txpath,
4059 			 struct sk_buff *skb, bool noque_offchan)
4060 {
4061 	struct ieee80211_hw *hw = ar->hw;
4062 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4063 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
4064 	int ret;
4065 
4066 	/* We should disable CCK RATE due to P2P */
4067 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
4068 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
4069 
4070 	switch (txmode) {
4071 	case ATH10K_HW_TXRX_MGMT:
4072 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4073 		ath10k_tx_h_nwifi(hw, skb);
4074 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
4075 		ath10k_tx_h_seq_no(vif, skb);
4076 		break;
4077 	case ATH10K_HW_TXRX_ETHERNET:
4078 		/* Convert 802.11->802.3 header only if the frame was earlier
4079 		 * encapsulated to 802.11 by mac80211. Otherwise pass it as is.
4080 		 */
4081 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP))
4082 			ath10k_tx_h_8023(skb);
4083 		break;
4084 	case ATH10K_HW_TXRX_RAW:
4085 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
4086 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
4087 			WARN_ON_ONCE(1);
4088 			ieee80211_free_txskb(hw, skb);
4089 			return -EOPNOTSUPP;
4090 		}
4091 	}
4092 
4093 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
4094 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
4095 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %p len %d\n",
4096 				   skb, skb->len);
4097 
4098 			skb_queue_tail(&ar->offchan_tx_queue, skb);
4099 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
4100 			return 0;
4101 		}
4102 	}
4103 
4104 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
4105 	if (ret) {
4106 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
4107 		return ret;
4108 	}
4109 
4110 	return 0;
4111 }
4112 
4113 void ath10k_offchan_tx_purge(struct ath10k *ar)
4114 {
4115 	struct sk_buff *skb;
4116 
4117 	for (;;) {
4118 		skb = skb_dequeue(&ar->offchan_tx_queue);
4119 		if (!skb)
4120 			break;
4121 
4122 		ieee80211_free_txskb(ar->hw, skb);
4123 	}
4124 }
4125 
4126 void ath10k_offchan_tx_work(struct work_struct *work)
4127 {
4128 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
4129 	struct ath10k_peer *peer;
4130 	struct ath10k_vif *arvif;
4131 	enum ath10k_hw_txrx_mode txmode;
4132 	enum ath10k_mac_tx_path txpath;
4133 	struct ieee80211_hdr *hdr;
4134 	struct ieee80211_vif *vif;
4135 	struct ieee80211_sta *sta;
4136 	struct sk_buff *skb;
4137 	const u8 *peer_addr;
4138 	int vdev_id;
4139 	int ret;
4140 	unsigned long time_left;
4141 	bool tmp_peer_created = false;
4142 
4143 	/* FW requirement: We must create a peer before FW will send out
4144 	 * an offchannel frame. Otherwise the frame will be stuck and
4145 	 * never transmitted. We delete the peer upon tx completion.
4146 	 * It is unlikely that a peer for offchannel tx will already be
4147 	 * present. However it may be in some rare cases so account for that.
4148 	 * Otherwise we might remove a legitimate peer and break stuff.
4149 	 */
4150 
4151 	for (;;) {
4152 		skb = skb_dequeue(&ar->offchan_tx_queue);
4153 		if (!skb)
4154 			break;
4155 
4156 		mutex_lock(&ar->conf_mutex);
4157 
4158 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %p len %d\n",
4159 			   skb, skb->len);
4160 
4161 		hdr = (struct ieee80211_hdr *)skb->data;
4162 		peer_addr = ieee80211_get_DA(hdr);
4163 
4164 		spin_lock_bh(&ar->data_lock);
4165 		vdev_id = ar->scan.vdev_id;
4166 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
4167 		spin_unlock_bh(&ar->data_lock);
4168 
4169 		if (peer) {
4170 			ath10k_warn(ar, "peer %pM on vdev %d already present\n",
4171 				    peer_addr, vdev_id);
4172 		} else {
4173 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
4174 						 peer_addr,
4175 						 WMI_PEER_TYPE_DEFAULT);
4176 			if (ret)
4177 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
4178 					    peer_addr, vdev_id, ret);
4179 			tmp_peer_created = (ret == 0);
4180 		}
4181 
4182 		spin_lock_bh(&ar->data_lock);
4183 		reinit_completion(&ar->offchan_tx_completed);
4184 		ar->offchan_tx_skb = skb;
4185 		spin_unlock_bh(&ar->data_lock);
4186 
4187 		/* It's safe to access vif and sta - conf_mutex guarantees that
4188 		 * sta_state() and remove_interface() are locked exclusively
4189 		 * out wrt to this offchannel worker.
4190 		 */
4191 		arvif = ath10k_get_arvif(ar, vdev_id);
4192 		if (arvif) {
4193 			vif = arvif->vif;
4194 			sta = ieee80211_find_sta(vif, peer_addr);
4195 		} else {
4196 			vif = NULL;
4197 			sta = NULL;
4198 		}
4199 
4200 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4201 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4202 
4203 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
4204 		if (ret) {
4205 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
4206 				    ret);
4207 			/* not serious */
4208 		}
4209 
4210 		time_left =
4211 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
4212 		if (time_left == 0)
4213 			ath10k_warn(ar, "timed out waiting for offchannel skb %p, len: %d\n",
4214 				    skb, skb->len);
4215 
4216 		if (!peer && tmp_peer_created) {
4217 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
4218 			if (ret)
4219 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
4220 					    peer_addr, vdev_id, ret);
4221 		}
4222 
4223 		mutex_unlock(&ar->conf_mutex);
4224 	}
4225 }
4226 
4227 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
4228 {
4229 	struct sk_buff *skb;
4230 
4231 	for (;;) {
4232 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4233 		if (!skb)
4234 			break;
4235 
4236 		ieee80211_free_txskb(ar->hw, skb);
4237 	}
4238 }
4239 
4240 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
4241 {
4242 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
4243 	struct sk_buff *skb;
4244 	dma_addr_t paddr;
4245 	int ret;
4246 
4247 	for (;;) {
4248 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4249 		if (!skb)
4250 			break;
4251 
4252 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
4253 			     ar->running_fw->fw_file.fw_features)) {
4254 			paddr = dma_map_single(ar->dev, skb->data,
4255 					       skb->len, DMA_TO_DEVICE);
4256 			if (dma_mapping_error(ar->dev, paddr)) {
4257 				ieee80211_free_txskb(ar->hw, skb);
4258 				continue;
4259 			}
4260 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
4261 			if (ret) {
4262 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
4263 					    ret);
4264 				/* remove this msdu from idr tracking */
4265 				ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
4266 
4267 				dma_unmap_single(ar->dev, paddr, skb->len,
4268 						 DMA_TO_DEVICE);
4269 				ieee80211_free_txskb(ar->hw, skb);
4270 			}
4271 		} else {
4272 			ret = ath10k_wmi_mgmt_tx(ar, skb);
4273 			if (ret) {
4274 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
4275 					    ret);
4276 				ieee80211_free_txskb(ar->hw, skb);
4277 			}
4278 		}
4279 	}
4280 }
4281 
4282 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
4283 {
4284 	struct ath10k_txq *artxq;
4285 
4286 	if (!txq)
4287 		return;
4288 
4289 	artxq = (void *)txq->drv_priv;
4290 	INIT_LIST_HEAD(&artxq->list);
4291 }
4292 
4293 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
4294 {
4295 	struct ath10k_skb_cb *cb;
4296 	struct sk_buff *msdu;
4297 	int msdu_id;
4298 
4299 	if (!txq)
4300 		return;
4301 
4302 	spin_lock_bh(&ar->htt.tx_lock);
4303 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
4304 		cb = ATH10K_SKB_CB(msdu);
4305 		if (cb->txq == txq)
4306 			cb->txq = NULL;
4307 	}
4308 	spin_unlock_bh(&ar->htt.tx_lock);
4309 }
4310 
4311 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
4312 					    u16 peer_id,
4313 					    u8 tid)
4314 {
4315 	struct ath10k_peer *peer;
4316 
4317 	lockdep_assert_held(&ar->data_lock);
4318 
4319 	peer = ar->peer_map[peer_id];
4320 	if (!peer)
4321 		return NULL;
4322 
4323 	if (peer->removed)
4324 		return NULL;
4325 
4326 	if (peer->sta)
4327 		return peer->sta->txq[tid];
4328 	else if (peer->vif)
4329 		return peer->vif->txq;
4330 	else
4331 		return NULL;
4332 }
4333 
4334 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
4335 				   struct ieee80211_txq *txq)
4336 {
4337 	struct ath10k *ar = hw->priv;
4338 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4339 
4340 	/* No need to get locks */
4341 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
4342 		return true;
4343 
4344 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
4345 		return true;
4346 
4347 	if (artxq->num_fw_queued < artxq->num_push_allowed)
4348 		return true;
4349 
4350 	return false;
4351 }
4352 
4353 /* Return estimated airtime in microsecond, which is calculated using last
4354  * reported TX rate. This is just a rough estimation because host driver has no
4355  * knowledge of the actual transmit rate, retries or aggregation. If actual
4356  * airtime can be reported by firmware, then delta between estimated and actual
4357  * airtime can be adjusted from deficit.
4358  */
4359 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4360 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4361 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4362 				     struct ieee80211_txq *txq,
4363 				     struct sk_buff *skb)
4364 {
4365 	struct ath10k_sta *arsta;
4366 	u32 pktlen;
4367 	u16 airtime = 0;
4368 
4369 	if (!txq || !txq->sta)
4370 		return airtime;
4371 
4372 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4373 		return airtime;
4374 
4375 	spin_lock_bh(&ar->data_lock);
4376 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4377 
4378 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4379 	if (arsta->last_tx_bitrate) {
4380 		/* airtime in us, last_tx_bitrate in 100kbps */
4381 		airtime = (pktlen * 8 * (1000 / 100))
4382 				/ arsta->last_tx_bitrate;
4383 		/* overhead for media access time and IFS */
4384 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4385 	} else {
4386 		/* This is mostly for throttle excessive BC/MC frames, and the
4387 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4388 		 * in 2G get some discount, which helps prevent very low rate
4389 		 * frames from being blocked for too long.
4390 		 */
4391 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4392 		airtime += IEEE80211_ATF_OVERHEAD;
4393 	}
4394 	spin_unlock_bh(&ar->data_lock);
4395 
4396 	return airtime;
4397 }
4398 
4399 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4400 			   struct ieee80211_txq *txq)
4401 {
4402 	struct ath10k *ar = hw->priv;
4403 	struct ath10k_htt *htt = &ar->htt;
4404 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4405 	struct ieee80211_vif *vif = txq->vif;
4406 	struct ieee80211_sta *sta = txq->sta;
4407 	enum ath10k_hw_txrx_mode txmode;
4408 	enum ath10k_mac_tx_path txpath;
4409 	struct sk_buff *skb;
4410 	struct ieee80211_hdr *hdr;
4411 	size_t skb_len;
4412 	bool is_mgmt, is_presp;
4413 	int ret;
4414 	u16 airtime;
4415 
4416 	spin_lock_bh(&ar->htt.tx_lock);
4417 	ret = ath10k_htt_tx_inc_pending(htt);
4418 	spin_unlock_bh(&ar->htt.tx_lock);
4419 
4420 	if (ret)
4421 		return ret;
4422 
4423 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4424 	if (!skb) {
4425 		spin_lock_bh(&ar->htt.tx_lock);
4426 		ath10k_htt_tx_dec_pending(htt);
4427 		spin_unlock_bh(&ar->htt.tx_lock);
4428 
4429 		return -ENOENT;
4430 	}
4431 
4432 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4433 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4434 
4435 	skb_len = skb->len;
4436 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4437 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4438 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4439 
4440 	if (is_mgmt) {
4441 		hdr = (struct ieee80211_hdr *)skb->data;
4442 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4443 
4444 		spin_lock_bh(&ar->htt.tx_lock);
4445 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4446 
4447 		if (ret) {
4448 			ath10k_htt_tx_dec_pending(htt);
4449 			spin_unlock_bh(&ar->htt.tx_lock);
4450 			return ret;
4451 		}
4452 		spin_unlock_bh(&ar->htt.tx_lock);
4453 	}
4454 
4455 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4456 	if (unlikely(ret)) {
4457 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4458 
4459 		spin_lock_bh(&ar->htt.tx_lock);
4460 		ath10k_htt_tx_dec_pending(htt);
4461 		if (is_mgmt)
4462 			ath10k_htt_tx_mgmt_dec_pending(htt);
4463 		spin_unlock_bh(&ar->htt.tx_lock);
4464 
4465 		return ret;
4466 	}
4467 
4468 	spin_lock_bh(&ar->htt.tx_lock);
4469 	artxq->num_fw_queued++;
4470 	spin_unlock_bh(&ar->htt.tx_lock);
4471 
4472 	return skb_len;
4473 }
4474 
4475 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4476 {
4477 	struct ieee80211_txq *txq;
4478 	int ret = 0;
4479 
4480 	ieee80211_txq_schedule_start(hw, ac);
4481 	while ((txq = ieee80211_next_txq(hw, ac))) {
4482 		while (ath10k_mac_tx_can_push(hw, txq)) {
4483 			ret = ath10k_mac_tx_push_txq(hw, txq);
4484 			if (ret < 0)
4485 				break;
4486 		}
4487 		ieee80211_return_txq(hw, txq, false);
4488 		ath10k_htt_tx_txq_update(hw, txq);
4489 		if (ret == -EBUSY)
4490 			break;
4491 	}
4492 	ieee80211_txq_schedule_end(hw, ac);
4493 
4494 	return ret;
4495 }
4496 
4497 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4498 {
4499 	struct ieee80211_hw *hw = ar->hw;
4500 	u32 ac;
4501 
4502 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4503 		return;
4504 
4505 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4506 		return;
4507 
4508 	rcu_read_lock();
4509 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4510 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4511 			break;
4512 	}
4513 	rcu_read_unlock();
4514 }
4515 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4516 
4517 /************/
4518 /* Scanning */
4519 /************/
4520 
4521 void __ath10k_scan_finish(struct ath10k *ar)
4522 {
4523 	lockdep_assert_held(&ar->data_lock);
4524 
4525 	switch (ar->scan.state) {
4526 	case ATH10K_SCAN_IDLE:
4527 		break;
4528 	case ATH10K_SCAN_RUNNING:
4529 	case ATH10K_SCAN_ABORTING:
4530 		if (ar->scan.is_roc && ar->scan.roc_notify)
4531 			ieee80211_remain_on_channel_expired(ar->hw);
4532 		fallthrough;
4533 	case ATH10K_SCAN_STARTING:
4534 		if (!ar->scan.is_roc) {
4535 			struct cfg80211_scan_info info = {
4536 				.aborted = ((ar->scan.state ==
4537 					    ATH10K_SCAN_ABORTING) ||
4538 					    (ar->scan.state ==
4539 					    ATH10K_SCAN_STARTING)),
4540 			};
4541 
4542 			ieee80211_scan_completed(ar->hw, &info);
4543 		}
4544 
4545 		ar->scan.state = ATH10K_SCAN_IDLE;
4546 		ar->scan_channel = NULL;
4547 		ar->scan.roc_freq = 0;
4548 		ath10k_offchan_tx_purge(ar);
4549 		cancel_delayed_work(&ar->scan.timeout);
4550 		complete(&ar->scan.completed);
4551 		break;
4552 	}
4553 }
4554 
4555 void ath10k_scan_finish(struct ath10k *ar)
4556 {
4557 	spin_lock_bh(&ar->data_lock);
4558 	__ath10k_scan_finish(ar);
4559 	spin_unlock_bh(&ar->data_lock);
4560 }
4561 
4562 static int ath10k_scan_stop(struct ath10k *ar)
4563 {
4564 	struct wmi_stop_scan_arg arg = {
4565 		.req_id = 1, /* FIXME */
4566 		.req_type = WMI_SCAN_STOP_ONE,
4567 		.u.scan_id = ATH10K_SCAN_ID,
4568 	};
4569 	int ret;
4570 
4571 	lockdep_assert_held(&ar->conf_mutex);
4572 
4573 	ret = ath10k_wmi_stop_scan(ar, &arg);
4574 	if (ret) {
4575 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4576 		goto out;
4577 	}
4578 
4579 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4580 	if (ret == 0) {
4581 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4582 		ret = -ETIMEDOUT;
4583 	} else if (ret > 0) {
4584 		ret = 0;
4585 	}
4586 
4587 out:
4588 	/* Scan state should be updated upon scan completion but in case
4589 	 * firmware fails to deliver the event (for whatever reason) it is
4590 	 * desired to clean up scan state anyway. Firmware may have just
4591 	 * dropped the scan completion event delivery due to transport pipe
4592 	 * being overflown with data and/or it can recover on its own before
4593 	 * next scan request is submitted.
4594 	 */
4595 	spin_lock_bh(&ar->data_lock);
4596 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4597 		__ath10k_scan_finish(ar);
4598 	spin_unlock_bh(&ar->data_lock);
4599 
4600 	return ret;
4601 }
4602 
4603 static void ath10k_scan_abort(struct ath10k *ar)
4604 {
4605 	int ret;
4606 
4607 	lockdep_assert_held(&ar->conf_mutex);
4608 
4609 	spin_lock_bh(&ar->data_lock);
4610 
4611 	switch (ar->scan.state) {
4612 	case ATH10K_SCAN_IDLE:
4613 		/* This can happen if timeout worker kicked in and called
4614 		 * abortion while scan completion was being processed.
4615 		 */
4616 		break;
4617 	case ATH10K_SCAN_STARTING:
4618 	case ATH10K_SCAN_ABORTING:
4619 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4620 			    ath10k_scan_state_str(ar->scan.state),
4621 			    ar->scan.state);
4622 		break;
4623 	case ATH10K_SCAN_RUNNING:
4624 		ar->scan.state = ATH10K_SCAN_ABORTING;
4625 		spin_unlock_bh(&ar->data_lock);
4626 
4627 		ret = ath10k_scan_stop(ar);
4628 		if (ret)
4629 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4630 
4631 		spin_lock_bh(&ar->data_lock);
4632 		break;
4633 	}
4634 
4635 	spin_unlock_bh(&ar->data_lock);
4636 }
4637 
4638 void ath10k_scan_timeout_work(struct work_struct *work)
4639 {
4640 	struct ath10k *ar = container_of(work, struct ath10k,
4641 					 scan.timeout.work);
4642 
4643 	mutex_lock(&ar->conf_mutex);
4644 	ath10k_scan_abort(ar);
4645 	mutex_unlock(&ar->conf_mutex);
4646 }
4647 
4648 static int ath10k_start_scan(struct ath10k *ar,
4649 			     const struct wmi_start_scan_arg *arg)
4650 {
4651 	int ret;
4652 
4653 	lockdep_assert_held(&ar->conf_mutex);
4654 
4655 	ret = ath10k_wmi_start_scan(ar, arg);
4656 	if (ret)
4657 		return ret;
4658 
4659 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4660 	if (ret == 0) {
4661 		ret = ath10k_scan_stop(ar);
4662 		if (ret)
4663 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4664 
4665 		return -ETIMEDOUT;
4666 	}
4667 
4668 	/* If we failed to start the scan, return error code at
4669 	 * this point.  This is probably due to some issue in the
4670 	 * firmware, but no need to wedge the driver due to that...
4671 	 */
4672 	spin_lock_bh(&ar->data_lock);
4673 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4674 		spin_unlock_bh(&ar->data_lock);
4675 		return -EINVAL;
4676 	}
4677 	spin_unlock_bh(&ar->data_lock);
4678 
4679 	return 0;
4680 }
4681 
4682 /**********************/
4683 /* mac80211 callbacks */
4684 /**********************/
4685 
4686 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4687 			     struct ieee80211_tx_control *control,
4688 			     struct sk_buff *skb)
4689 {
4690 	struct ath10k *ar = hw->priv;
4691 	struct ath10k_htt *htt = &ar->htt;
4692 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4693 	struct ieee80211_vif *vif = info->control.vif;
4694 	struct ieee80211_sta *sta = control->sta;
4695 	struct ieee80211_txq *txq = NULL;
4696 	enum ath10k_hw_txrx_mode txmode;
4697 	enum ath10k_mac_tx_path txpath;
4698 	bool is_htt;
4699 	bool is_mgmt;
4700 	int ret;
4701 	u16 airtime;
4702 
4703 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4704 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4705 
4706 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4707 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4708 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4709 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4710 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4711 
4712 	if (is_htt) {
4713 		bool is_presp = false;
4714 
4715 		spin_lock_bh(&ar->htt.tx_lock);
4716 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)) {
4717 			struct ieee80211_hdr *hdr = (void *)skb->data;
4718 
4719 			is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4720 		}
4721 
4722 		ret = ath10k_htt_tx_inc_pending(htt);
4723 		if (ret) {
4724 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4725 				    ret);
4726 			spin_unlock_bh(&ar->htt.tx_lock);
4727 			ieee80211_free_txskb(ar->hw, skb);
4728 			return;
4729 		}
4730 
4731 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4732 		if (ret) {
4733 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4734 				   ret);
4735 			ath10k_htt_tx_dec_pending(htt);
4736 			spin_unlock_bh(&ar->htt.tx_lock);
4737 			ieee80211_free_txskb(ar->hw, skb);
4738 			return;
4739 		}
4740 		spin_unlock_bh(&ar->htt.tx_lock);
4741 	}
4742 
4743 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4744 	if (ret) {
4745 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4746 		if (is_htt) {
4747 			spin_lock_bh(&ar->htt.tx_lock);
4748 			ath10k_htt_tx_dec_pending(htt);
4749 			if (is_mgmt)
4750 				ath10k_htt_tx_mgmt_dec_pending(htt);
4751 			spin_unlock_bh(&ar->htt.tx_lock);
4752 		}
4753 		return;
4754 	}
4755 }
4756 
4757 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4758 					struct ieee80211_txq *txq)
4759 {
4760 	struct ath10k *ar = hw->priv;
4761 	int ret;
4762 	u8 ac = txq->ac;
4763 
4764 	ath10k_htt_tx_txq_update(hw, txq);
4765 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4766 		return;
4767 
4768 	spin_lock_bh(&ar->queue_lock[ac]);
4769 
4770 	ieee80211_txq_schedule_start(hw, ac);
4771 	txq = ieee80211_next_txq(hw, ac);
4772 	if (!txq)
4773 		goto out;
4774 
4775 	while (ath10k_mac_tx_can_push(hw, txq)) {
4776 		ret = ath10k_mac_tx_push_txq(hw, txq);
4777 		if (ret < 0)
4778 			break;
4779 	}
4780 	ieee80211_return_txq(hw, txq, false);
4781 	ath10k_htt_tx_txq_update(hw, txq);
4782 out:
4783 	ieee80211_txq_schedule_end(hw, ac);
4784 	spin_unlock_bh(&ar->queue_lock[ac]);
4785 }
4786 
4787 /* Must not be called with conf_mutex held as workers can use that also. */
4788 void ath10k_drain_tx(struct ath10k *ar)
4789 {
4790 	lockdep_assert_not_held(&ar->conf_mutex);
4791 
4792 	/* make sure rcu-protected mac80211 tx path itself is drained */
4793 	synchronize_net();
4794 
4795 	ath10k_offchan_tx_purge(ar);
4796 	ath10k_mgmt_over_wmi_tx_purge(ar);
4797 
4798 	cancel_work_sync(&ar->offchan_tx_work);
4799 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4800 }
4801 
4802 void ath10k_halt(struct ath10k *ar)
4803 {
4804 	struct ath10k_vif *arvif;
4805 
4806 	lockdep_assert_held(&ar->conf_mutex);
4807 
4808 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4809 	ar->filter_flags = 0;
4810 	ar->monitor = false;
4811 	ar->monitor_arvif = NULL;
4812 
4813 	if (ar->monitor_started)
4814 		ath10k_monitor_stop(ar);
4815 
4816 	ar->monitor_started = false;
4817 	ar->tx_paused = 0;
4818 
4819 	ath10k_scan_finish(ar);
4820 	ath10k_peer_cleanup_all(ar);
4821 	ath10k_stop_radar_confirmation(ar);
4822 	ath10k_core_stop(ar);
4823 	ath10k_hif_power_down(ar);
4824 
4825 	spin_lock_bh(&ar->data_lock);
4826 	list_for_each_entry(arvif, &ar->arvifs, list)
4827 		ath10k_mac_vif_beacon_cleanup(arvif);
4828 	spin_unlock_bh(&ar->data_lock);
4829 }
4830 
4831 static int ath10k_get_antenna(struct ieee80211_hw *hw, int radio_idx,
4832 			      u32 *tx_ant, u32 *rx_ant)
4833 {
4834 	struct ath10k *ar = hw->priv;
4835 
4836 	mutex_lock(&ar->conf_mutex);
4837 
4838 	*tx_ant = ar->cfg_tx_chainmask;
4839 	*rx_ant = ar->cfg_rx_chainmask;
4840 
4841 	mutex_unlock(&ar->conf_mutex);
4842 
4843 	return 0;
4844 }
4845 
4846 static bool ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4847 {
4848 	/* It is not clear that allowing gaps in chainmask
4849 	 * is helpful.  Probably it will not do what user
4850 	 * is hoping for, so warn in that case.
4851 	 */
4852 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4853 		return true;
4854 
4855 	ath10k_warn(ar, "mac %s antenna chainmask is invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4856 		    dbg, cm);
4857 	return false;
4858 }
4859 
4860 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4861 {
4862 	int nsts = ar->vht_cap_info;
4863 
4864 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4865 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4866 
4867 	/* If firmware does not deliver to host number of space-time
4868 	 * streams supported, assume it support up to 4 BF STS and return
4869 	 * the value for VHT CAP: nsts-1)
4870 	 */
4871 	if (nsts == 0)
4872 		return 3;
4873 
4874 	return nsts;
4875 }
4876 
4877 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4878 {
4879 	int sound_dim = ar->vht_cap_info;
4880 
4881 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4882 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4883 
4884 	/* If the sounding dimension is not advertised by the firmware,
4885 	 * let's use a default value of 1
4886 	 */
4887 	if (sound_dim == 0)
4888 		return 1;
4889 
4890 	return sound_dim;
4891 }
4892 
4893 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4894 {
4895 	struct ieee80211_sta_vht_cap vht_cap = {};
4896 	struct ath10k_hw_params *hw = &ar->hw_params;
4897 	u16 mcs_map;
4898 	u32 val;
4899 	int i;
4900 
4901 	vht_cap.vht_supported = 1;
4902 	vht_cap.cap = ar->vht_cap_info;
4903 
4904 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4905 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4906 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4907 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4908 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4909 
4910 		vht_cap.cap |= val;
4911 	}
4912 
4913 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4914 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4915 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4916 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4917 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4918 
4919 		vht_cap.cap |= val;
4920 	}
4921 
4922 	mcs_map = 0;
4923 	for (i = 0; i < 8; i++) {
4924 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4925 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4926 		else
4927 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4928 	}
4929 
4930 	if (ar->cfg_tx_chainmask <= 1)
4931 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4932 
4933 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4934 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4935 
4936 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4937 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4938 	 * user-space a clue if that is the case.
4939 	 */
4940 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4941 	    (hw->vht160_mcs_rx_highest != 0 ||
4942 	     hw->vht160_mcs_tx_highest != 0)) {
4943 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4944 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4945 	}
4946 
4947 	return vht_cap;
4948 }
4949 
4950 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4951 {
4952 	int i;
4953 	struct ieee80211_sta_ht_cap ht_cap = {};
4954 
4955 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4956 		return ht_cap;
4957 
4958 	ht_cap.ht_supported = 1;
4959 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4960 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4961 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4962 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4963 	ht_cap.cap |=
4964 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4965 
4966 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4967 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4968 
4969 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4970 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4971 
4972 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4973 		u32 smps;
4974 
4975 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4976 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4977 
4978 		ht_cap.cap |= smps;
4979 	}
4980 
4981 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4982 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4983 
4984 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4985 		u32 stbc;
4986 
4987 		stbc   = ar->ht_cap_info;
4988 		stbc  &= WMI_HT_CAP_RX_STBC;
4989 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4990 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4991 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4992 
4993 		ht_cap.cap |= stbc;
4994 	}
4995 
4996 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4997 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4998 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4999 
5000 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
5001 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
5002 
5003 	/* max AMSDU is implicitly taken from vht_cap_info */
5004 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
5005 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
5006 
5007 	for (i = 0; i < ar->num_rf_chains; i++) {
5008 		if (ar->cfg_rx_chainmask & BIT(i))
5009 			ht_cap.mcs.rx_mask[i] = 0xFF;
5010 	}
5011 
5012 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
5013 
5014 	return ht_cap;
5015 }
5016 
5017 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
5018 {
5019 	struct ieee80211_supported_band *band;
5020 	struct ieee80211_sta_vht_cap vht_cap;
5021 	struct ieee80211_sta_ht_cap ht_cap;
5022 
5023 	ht_cap = ath10k_get_ht_cap(ar);
5024 	vht_cap = ath10k_create_vht_cap(ar);
5025 
5026 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
5027 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
5028 		band->ht_cap = ht_cap;
5029 	}
5030 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
5031 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
5032 		band->ht_cap = ht_cap;
5033 		band->vht_cap = vht_cap;
5034 	}
5035 }
5036 
5037 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
5038 {
5039 	int ret;
5040 	bool is_valid_tx_chain_mask, is_valid_rx_chain_mask;
5041 
5042 	lockdep_assert_held(&ar->conf_mutex);
5043 
5044 	is_valid_tx_chain_mask = ath10k_check_chain_mask(ar, tx_ant, "tx");
5045 	is_valid_rx_chain_mask = ath10k_check_chain_mask(ar, rx_ant, "rx");
5046 
5047 	if (!is_valid_tx_chain_mask || !is_valid_rx_chain_mask)
5048 		return -EINVAL;
5049 
5050 	ar->cfg_tx_chainmask = tx_ant;
5051 	ar->cfg_rx_chainmask = rx_ant;
5052 
5053 	if ((ar->state != ATH10K_STATE_ON) &&
5054 	    (ar->state != ATH10K_STATE_RESTARTED))
5055 		return 0;
5056 
5057 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
5058 					tx_ant);
5059 	if (ret) {
5060 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
5061 			    ret, tx_ant);
5062 		return ret;
5063 	}
5064 
5065 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
5066 					rx_ant);
5067 	if (ret) {
5068 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
5069 			    ret, rx_ant);
5070 		return ret;
5071 	}
5072 
5073 	/* Reload HT/VHT capability */
5074 	ath10k_mac_setup_ht_vht_cap(ar);
5075 
5076 	return 0;
5077 }
5078 
5079 static int ath10k_set_antenna(struct ieee80211_hw *hw, int radio_idx,
5080 			      u32 tx_ant, u32 rx_ant)
5081 {
5082 	struct ath10k *ar = hw->priv;
5083 	int ret;
5084 
5085 	mutex_lock(&ar->conf_mutex);
5086 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
5087 	mutex_unlock(&ar->conf_mutex);
5088 	return ret;
5089 }
5090 
5091 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
5092 				       struct wmi_bb_timing_cfg_arg *bb_timing)
5093 {
5094 	struct device_node *node;
5095 	const char *fem_name;
5096 	int ret;
5097 
5098 	node = ar->dev->of_node;
5099 	if (!node)
5100 		return -ENOENT;
5101 
5102 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
5103 	if (ret)
5104 		return -ENOENT;
5105 
5106 	/*
5107 	 * If external Front End module used in hardware, then default base band timing
5108 	 * parameter cannot be used since they were fine tuned for reference hardware,
5109 	 * so choosing different value suitable for that external FEM.
5110 	 */
5111 	if (!strcmp("microsemi-lx5586", fem_name)) {
5112 		bb_timing->bb_tx_timing = 0x00;
5113 		bb_timing->bb_xpa_timing = 0x0101;
5114 	} else {
5115 		return -ENOENT;
5116 	}
5117 
5118 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
5119 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
5120 	return 0;
5121 }
5122 
5123 static int ath10k_mac_rfkill_config(struct ath10k *ar)
5124 {
5125 	u32 param;
5126 	int ret;
5127 
5128 	if (ar->hw_values->rfkill_pin == 0) {
5129 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
5130 		return -EOPNOTSUPP;
5131 	}
5132 
5133 	ath10k_dbg(ar, ATH10K_DBG_MAC,
5134 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
5135 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
5136 		   ar->hw_values->rfkill_on_level);
5137 
5138 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
5139 			   ar->hw_values->rfkill_on_level) |
5140 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
5141 			   ar->hw_values->rfkill_pin) |
5142 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
5143 			   ar->hw_values->rfkill_cfg);
5144 
5145 	ret = ath10k_wmi_pdev_set_param(ar,
5146 					ar->wmi.pdev_param->rfkill_config,
5147 					param);
5148 	if (ret) {
5149 		ath10k_warn(ar,
5150 			    "failed to set rfkill config 0x%x: %d\n",
5151 			    param, ret);
5152 		return ret;
5153 	}
5154 	return 0;
5155 }
5156 
5157 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
5158 {
5159 	enum wmi_tlv_rfkill_enable_radio param;
5160 	int ret;
5161 
5162 	if (enable)
5163 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
5164 	else
5165 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
5166 
5167 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
5168 
5169 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
5170 					param);
5171 	if (ret) {
5172 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
5173 			    param, ret);
5174 		return ret;
5175 	}
5176 
5177 	return 0;
5178 }
5179 
5180 static int ath10k_start(struct ieee80211_hw *hw)
5181 {
5182 	struct ath10k *ar = hw->priv;
5183 	u32 param;
5184 	int ret = 0;
5185 	struct wmi_bb_timing_cfg_arg bb_timing = {};
5186 
5187 	/*
5188 	 * This makes sense only when restarting hw. It is harmless to call
5189 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
5190 	 * commands will be submitted while restarting.
5191 	 */
5192 	ath10k_drain_tx(ar);
5193 
5194 	mutex_lock(&ar->conf_mutex);
5195 
5196 	switch (ar->state) {
5197 	case ATH10K_STATE_OFF:
5198 		ar->state = ATH10K_STATE_ON;
5199 		break;
5200 	case ATH10K_STATE_RESTARTING:
5201 		ar->state = ATH10K_STATE_RESTARTED;
5202 		break;
5203 	case ATH10K_STATE_ON:
5204 	case ATH10K_STATE_RESTARTED:
5205 	case ATH10K_STATE_WEDGED:
5206 		WARN_ON(1);
5207 		ret = -EINVAL;
5208 		goto err;
5209 	case ATH10K_STATE_UTF:
5210 		ret = -EBUSY;
5211 		goto err;
5212 	}
5213 
5214 	spin_lock_bh(&ar->data_lock);
5215 
5216 	if (ar->hw_rfkill_on) {
5217 		ar->hw_rfkill_on = false;
5218 		spin_unlock_bh(&ar->data_lock);
5219 		goto err;
5220 	}
5221 
5222 	spin_unlock_bh(&ar->data_lock);
5223 
5224 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
5225 	if (ret) {
5226 		ath10k_err(ar, "Could not init hif: %d\n", ret);
5227 		goto err_off;
5228 	}
5229 
5230 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
5231 				&ar->normal_mode_fw);
5232 	if (ret) {
5233 		ath10k_err(ar, "Could not init core: %d\n", ret);
5234 		goto err_power_down;
5235 	}
5236 
5237 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
5238 		ret = ath10k_mac_rfkill_config(ar);
5239 		if (ret && ret != -EOPNOTSUPP) {
5240 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
5241 			goto err_core_stop;
5242 		}
5243 	}
5244 
5245 	param = ar->wmi.pdev_param->pmf_qos;
5246 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5247 	if (ret) {
5248 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
5249 		goto err_core_stop;
5250 	}
5251 
5252 	param = ar->wmi.pdev_param->dynamic_bw;
5253 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5254 	if (ret) {
5255 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
5256 		goto err_core_stop;
5257 	}
5258 
5259 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
5260 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
5261 		if (ret) {
5262 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
5263 			goto err_core_stop;
5264 		}
5265 	}
5266 
5267 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
5268 		ret = ath10k_wmi_adaptive_qcs(ar, true);
5269 		if (ret) {
5270 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
5271 				    ret);
5272 			goto err_core_stop;
5273 		}
5274 	}
5275 
5276 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
5277 		param = ar->wmi.pdev_param->burst_enable;
5278 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5279 		if (ret) {
5280 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
5281 			goto err_core_stop;
5282 		}
5283 	}
5284 
5285 	param = ar->wmi.pdev_param->idle_ps_config;
5286 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5287 	if (ret && ret != -EOPNOTSUPP) {
5288 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
5289 		goto err_core_stop;
5290 	}
5291 
5292 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
5293 
5294 	/*
5295 	 * By default FW set ARP frames ac to voice (6). In that case ARP
5296 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
5297 	 * which arrives with access category 0 are processed by network stack
5298 	 * and send back with access category 0, but FW changes access category
5299 	 * to 6. Set ARP frames access category to best effort (0) solves
5300 	 * this problem.
5301 	 */
5302 
5303 	param = ar->wmi.pdev_param->arp_ac_override;
5304 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5305 	if (ret) {
5306 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
5307 			    ret);
5308 		goto err_core_stop;
5309 	}
5310 
5311 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
5312 		     ar->running_fw->fw_file.fw_features)) {
5313 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
5314 							  WMI_CCA_DETECT_LEVEL_AUTO,
5315 							  WMI_CCA_DETECT_MARGIN_AUTO);
5316 		if (ret) {
5317 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
5318 				    ret);
5319 			goto err_core_stop;
5320 		}
5321 	}
5322 
5323 	param = ar->wmi.pdev_param->ani_enable;
5324 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5325 	if (ret) {
5326 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
5327 			    ret);
5328 		goto err_core_stop;
5329 	}
5330 
5331 	ar->ani_enabled = true;
5332 
5333 	if (ath10k_peer_stats_enabled(ar)) {
5334 		param = ar->wmi.pdev_param->peer_stats_update_period;
5335 		ret = ath10k_wmi_pdev_set_param(ar, param,
5336 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
5337 		if (ret) {
5338 			ath10k_warn(ar,
5339 				    "failed to set peer stats period : %d\n",
5340 				    ret);
5341 			goto err_core_stop;
5342 		}
5343 	}
5344 
5345 	param = ar->wmi.pdev_param->enable_btcoex;
5346 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
5347 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
5348 		     ar->running_fw->fw_file.fw_features) &&
5349 	    ar->coex_support) {
5350 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5351 		if (ret) {
5352 			ath10k_warn(ar,
5353 				    "failed to set btcoex param: %d\n", ret);
5354 			goto err_core_stop;
5355 		}
5356 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
5357 	}
5358 
5359 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
5360 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
5361 		if (!ret) {
5362 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
5363 			if (ret) {
5364 				ath10k_warn(ar,
5365 					    "failed to set bb timings: %d\n",
5366 					    ret);
5367 				goto err_core_stop;
5368 			}
5369 		}
5370 	}
5371 
5372 	ar->num_started_vdevs = 0;
5373 	ath10k_regd_update(ar);
5374 
5375 	ath10k_spectral_start(ar);
5376 	ath10k_thermal_set_throttling(ar);
5377 
5378 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5379 
5380 	mutex_unlock(&ar->conf_mutex);
5381 	return 0;
5382 
5383 err_core_stop:
5384 	ath10k_core_stop(ar);
5385 
5386 err_power_down:
5387 	ath10k_hif_power_down(ar);
5388 
5389 err_off:
5390 	ar->state = ATH10K_STATE_OFF;
5391 
5392 err:
5393 	mutex_unlock(&ar->conf_mutex);
5394 	return ret;
5395 }
5396 
5397 static void ath10k_stop(struct ieee80211_hw *hw, bool suspend)
5398 {
5399 	struct ath10k *ar = hw->priv;
5400 	u32 opt;
5401 
5402 	ath10k_drain_tx(ar);
5403 
5404 	mutex_lock(&ar->conf_mutex);
5405 	if (ar->state != ATH10K_STATE_OFF) {
5406 		if (!ar->hw_rfkill_on) {
5407 			/* If the current driver state is RESTARTING but not yet
5408 			 * fully RESTARTED because of incoming suspend event,
5409 			 * then ath10k_halt() is already called via
5410 			 * ath10k_core_restart() and should not be called here.
5411 			 */
5412 			if (ar->state != ATH10K_STATE_RESTARTING) {
5413 				ath10k_halt(ar);
5414 			} else {
5415 				/* Suspending here, because when in RESTARTING
5416 				 * state, ath10k_core_stop() skips
5417 				 * ath10k_wait_for_suspend().
5418 				 */
5419 				opt = WMI_PDEV_SUSPEND_AND_DISABLE_INTR;
5420 				ath10k_wait_for_suspend(ar, opt);
5421 			}
5422 		}
5423 		ar->state = ATH10K_STATE_OFF;
5424 	}
5425 	mutex_unlock(&ar->conf_mutex);
5426 
5427 	cancel_work_sync(&ar->set_coverage_class_work);
5428 	cancel_delayed_work_sync(&ar->scan.timeout);
5429 	cancel_work_sync(&ar->restart_work);
5430 	cancel_work_sync(&ar->recovery_check_work);
5431 }
5432 
5433 static int ath10k_config_ps(struct ath10k *ar)
5434 {
5435 	struct ath10k_vif *arvif;
5436 	int ret = 0;
5437 
5438 	lockdep_assert_held(&ar->conf_mutex);
5439 
5440 	list_for_each_entry(arvif, &ar->arvifs, list) {
5441 		ret = ath10k_mac_vif_setup_ps(arvif);
5442 		if (ret) {
5443 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5444 			break;
5445 		}
5446 	}
5447 
5448 	return ret;
5449 }
5450 
5451 static int ath10k_config(struct ieee80211_hw *hw, int radio_idx, u32 changed)
5452 {
5453 	struct ath10k *ar = hw->priv;
5454 	struct ieee80211_conf *conf = &hw->conf;
5455 	int ret = 0;
5456 
5457 	mutex_lock(&ar->conf_mutex);
5458 
5459 	if (changed & IEEE80211_CONF_CHANGE_PS)
5460 		ath10k_config_ps(ar);
5461 
5462 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5463 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5464 		ret = ath10k_monitor_recalc(ar);
5465 		if (ret)
5466 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5467 	}
5468 
5469 	mutex_unlock(&ar->conf_mutex);
5470 	return ret;
5471 }
5472 
5473 static u32 get_nss_from_chainmask(u16 chain_mask)
5474 {
5475 	if ((chain_mask & 0xf) == 0xf)
5476 		return 4;
5477 	else if ((chain_mask & 0x7) == 0x7)
5478 		return 3;
5479 	else if ((chain_mask & 0x3) == 0x3)
5480 		return 2;
5481 	return 1;
5482 }
5483 
5484 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5485 {
5486 	u32 value = 0;
5487 	struct ath10k *ar = arvif->ar;
5488 	int nsts;
5489 	int sound_dim;
5490 
5491 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5492 		return 0;
5493 
5494 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5495 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5496 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5497 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5498 
5499 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5500 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5501 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5502 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5503 
5504 	if (!value)
5505 		return 0;
5506 
5507 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5508 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5509 
5510 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5511 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5512 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5513 
5514 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5515 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5516 
5517 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5518 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5519 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5520 
5521 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5522 					 ar->wmi.vdev_param->txbf, value);
5523 }
5524 
5525 static void ath10k_update_vif_offload(struct ieee80211_hw *hw,
5526 				      struct ieee80211_vif *vif)
5527 {
5528 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5529 	struct ath10k *ar = hw->priv;
5530 	u32 vdev_param;
5531 	int ret;
5532 
5533 	if (ath10k_frame_mode != ATH10K_HW_TXRX_ETHERNET ||
5534 	    ar->wmi.vdev_param->tx_encap_type == WMI_VDEV_PARAM_UNSUPPORTED ||
5535 	     (vif->type != NL80211_IFTYPE_STATION &&
5536 	      vif->type != NL80211_IFTYPE_AP))
5537 		vif->offload_flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
5538 
5539 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5540 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5541 					ATH10K_HW_TXRX_NATIVE_WIFI);
5542 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5543 	if (ret && ret != -EOPNOTSUPP) {
5544 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5545 			    arvif->vdev_id, ret);
5546 	}
5547 }
5548 
5549 /*
5550  * TODO:
5551  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5552  * because we will send mgmt frames without CCK. This requirement
5553  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5554  * in the TX packet.
5555  */
5556 static int ath10k_add_interface(struct ieee80211_hw *hw,
5557 				struct ieee80211_vif *vif)
5558 {
5559 	struct ath10k *ar = hw->priv;
5560 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5561 	struct ath10k_peer *peer;
5562 	enum wmi_sta_powersave_param param;
5563 	int ret = 0;
5564 	u32 value;
5565 	int bit;
5566 	int i;
5567 	u32 vdev_param;
5568 
5569 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5570 
5571 	mutex_lock(&ar->conf_mutex);
5572 
5573 	memset(arvif, 0, sizeof(*arvif));
5574 	ath10k_mac_txq_init(vif->txq);
5575 
5576 	arvif->ar = ar;
5577 	arvif->vif = vif;
5578 
5579 	INIT_LIST_HEAD(&arvif->list);
5580 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5581 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5582 			  ath10k_mac_vif_sta_connection_loss_work);
5583 
5584 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5585 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5586 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5587 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5588 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5589 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5590 	}
5591 
5592 	if (ar->num_peers >= ar->max_num_peers) {
5593 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5594 		ret = -ENOBUFS;
5595 		goto err;
5596 	}
5597 
5598 	if (ar->free_vdev_map == 0) {
5599 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5600 		ret = -EBUSY;
5601 		goto err;
5602 	}
5603 	bit = __ffs64(ar->free_vdev_map);
5604 
5605 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5606 		   bit, ar->free_vdev_map);
5607 
5608 	arvif->vdev_id = bit;
5609 	arvif->vdev_subtype =
5610 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5611 
5612 	switch (vif->type) {
5613 	case NL80211_IFTYPE_P2P_DEVICE:
5614 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5615 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5616 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5617 		break;
5618 	case NL80211_IFTYPE_UNSPECIFIED:
5619 	case NL80211_IFTYPE_STATION:
5620 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5621 		if (vif->p2p)
5622 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5623 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5624 		break;
5625 	case NL80211_IFTYPE_ADHOC:
5626 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5627 		break;
5628 	case NL80211_IFTYPE_MESH_POINT:
5629 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5630 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5631 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5632 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5633 			ret = -EINVAL;
5634 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5635 			goto err;
5636 		}
5637 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5638 		break;
5639 	case NL80211_IFTYPE_AP:
5640 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5641 
5642 		if (vif->p2p)
5643 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5644 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5645 		break;
5646 	case NL80211_IFTYPE_MONITOR:
5647 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5648 		break;
5649 	default:
5650 		WARN_ON(1);
5651 		break;
5652 	}
5653 
5654 	/* Using vdev_id as queue number will make it very easy to do per-vif
5655 	 * tx queue locking. This shouldn't wrap due to interface combinations
5656 	 * but do a modulo for correctness sake and prevent using offchannel tx
5657 	 * queues for regular vif tx.
5658 	 */
5659 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5660 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5661 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5662 
5663 	/* Some firmware revisions don't wait for beacon tx completion before
5664 	 * sending another SWBA event. This could lead to hardware using old
5665 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5666 	 * combined with missed TBTT. This is very rare.
5667 	 *
5668 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5669 	 * because hw could beacon some random data on the air.  On
5670 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5671 	 * device would crash.
5672 	 *
5673 	 * Since there are no beacon tx completions (implicit nor explicit)
5674 	 * propagated to host the only workaround for this is to allocate a
5675 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5676 	 * beacon tx commands. Worst case for this approach is some beacons may
5677 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5678 	 */
5679 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5680 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5681 	    vif->type == NL80211_IFTYPE_AP) {
5682 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
5683 			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
5684 						    GFP_KERNEL);
5685 
5686 			/* Using a kernel pointer in place of a dma_addr_t
5687 			 * token can lead to undefined behavior if that
5688 			 * makes it into cache management functions. Use a
5689 			 * known-invalid address token instead, which
5690 			 * avoids the warning and makes it easier to catch
5691 			 * bugs if it does end up getting used.
5692 			 */
5693 			arvif->beacon_paddr = DMA_MAPPING_ERROR;
5694 		} else {
5695 			arvif->beacon_buf =
5696 				dma_alloc_coherent(ar->dev,
5697 						   IEEE80211_MAX_FRAME_LEN,
5698 						   &arvif->beacon_paddr,
5699 						   GFP_ATOMIC);
5700 		}
5701 		if (!arvif->beacon_buf) {
5702 			ret = -ENOMEM;
5703 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5704 				    ret);
5705 			goto err;
5706 		}
5707 	}
5708 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5709 		arvif->nohwcrypt = true;
5710 
5711 	if (arvif->nohwcrypt &&
5712 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5713 		ret = -EINVAL;
5714 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5715 		goto err;
5716 	}
5717 
5718 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5719 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5720 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5721 
5722 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5723 				     arvif->vdev_subtype, vif->addr);
5724 	if (ret) {
5725 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5726 			    arvif->vdev_id, ret);
5727 		goto err;
5728 	}
5729 
5730 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5731 		     ar->wmi.svc_map)) {
5732 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5733 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5734 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5735 		if (ret && ret != -EOPNOTSUPP) {
5736 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5737 				    arvif->vdev_id, ret);
5738 		}
5739 	}
5740 
5741 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5742 	spin_lock_bh(&ar->data_lock);
5743 	list_add(&arvif->list, &ar->arvifs);
5744 	spin_unlock_bh(&ar->data_lock);
5745 
5746 	/* It makes no sense to have firmware do keepalives. mac80211 already
5747 	 * takes care of this with idle connection polling.
5748 	 */
5749 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5750 	if (ret) {
5751 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5752 			    arvif->vdev_id, ret);
5753 		goto err_vdev_delete;
5754 	}
5755 
5756 	arvif->def_wep_key_idx = -1;
5757 
5758 	ath10k_update_vif_offload(hw, vif);
5759 
5760 	/* Configuring number of spatial stream for monitor interface is causing
5761 	 * target assert in qca9888 and qca6174.
5762 	 */
5763 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5764 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5765 
5766 		vdev_param = ar->wmi.vdev_param->nss;
5767 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5768 						nss);
5769 		if (ret) {
5770 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5771 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5772 				    ret);
5773 			goto err_vdev_delete;
5774 		}
5775 	}
5776 
5777 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5778 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5779 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5780 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5781 		if (ret) {
5782 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5783 				    arvif->vdev_id, ret);
5784 			goto err_vdev_delete;
5785 		}
5786 
5787 		spin_lock_bh(&ar->data_lock);
5788 
5789 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5790 		if (!peer) {
5791 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5792 				    vif->addr, arvif->vdev_id);
5793 			spin_unlock_bh(&ar->data_lock);
5794 			ret = -ENOENT;
5795 			goto err_peer_delete;
5796 		}
5797 
5798 		arvif->peer_id = find_first_bit(peer->peer_ids,
5799 						ATH10K_MAX_NUM_PEER_IDS);
5800 
5801 		spin_unlock_bh(&ar->data_lock);
5802 	} else {
5803 		arvif->peer_id = HTT_INVALID_PEERID;
5804 	}
5805 
5806 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5807 		ret = ath10k_mac_set_kickout(arvif);
5808 		if (ret) {
5809 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5810 				    arvif->vdev_id, ret);
5811 			goto err_peer_delete;
5812 		}
5813 	}
5814 
5815 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5816 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5817 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5818 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5819 						  param, value);
5820 		if (ret) {
5821 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5822 				    arvif->vdev_id, ret);
5823 			goto err_peer_delete;
5824 		}
5825 
5826 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5827 		if (ret) {
5828 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5829 				    arvif->vdev_id, ret);
5830 			goto err_peer_delete;
5831 		}
5832 
5833 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5834 		if (ret) {
5835 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5836 				    arvif->vdev_id, ret);
5837 			goto err_peer_delete;
5838 		}
5839 	}
5840 
5841 	ret = ath10k_mac_set_txbf_conf(arvif);
5842 	if (ret) {
5843 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5844 			    arvif->vdev_id, ret);
5845 		goto err_peer_delete;
5846 	}
5847 
5848 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5849 	if (ret) {
5850 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5851 			    arvif->vdev_id, ret);
5852 		goto err_peer_delete;
5853 	}
5854 
5855 	arvif->txpower = vif->bss_conf.txpower;
5856 	ret = ath10k_mac_txpower_recalc(ar);
5857 	if (ret) {
5858 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5859 		goto err_peer_delete;
5860 	}
5861 
5862 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5863 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5864 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5865 						arvif->ftm_responder);
5866 
5867 		/* It is harmless to not set FTM role. Do not warn */
5868 		if (ret && ret != -EOPNOTSUPP)
5869 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5870 				    arvif->vdev_id, ret);
5871 	}
5872 
5873 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5874 		ar->monitor_arvif = arvif;
5875 		ret = ath10k_monitor_recalc(ar);
5876 		if (ret) {
5877 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5878 			goto err_peer_delete;
5879 		}
5880 	}
5881 
5882 	spin_lock_bh(&ar->htt.tx_lock);
5883 	if (!ar->tx_paused)
5884 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5885 	spin_unlock_bh(&ar->htt.tx_lock);
5886 
5887 	mutex_unlock(&ar->conf_mutex);
5888 	return 0;
5889 
5890 err_peer_delete:
5891 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5892 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5893 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5894 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5895 						 vif->addr);
5896 	}
5897 
5898 err_vdev_delete:
5899 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5900 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5901 	spin_lock_bh(&ar->data_lock);
5902 	list_del(&arvif->list);
5903 	spin_unlock_bh(&ar->data_lock);
5904 
5905 err:
5906 	if (arvif->beacon_buf) {
5907 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
5908 			kfree(arvif->beacon_buf);
5909 		else
5910 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5911 					  arvif->beacon_buf,
5912 					  arvif->beacon_paddr);
5913 		arvif->beacon_buf = NULL;
5914 	}
5915 
5916 	mutex_unlock(&ar->conf_mutex);
5917 
5918 	return ret;
5919 }
5920 
5921 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5922 {
5923 	int i;
5924 
5925 	for (i = 0; i < BITS_PER_LONG; i++)
5926 		ath10k_mac_vif_tx_unlock(arvif, i);
5927 }
5928 
5929 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5930 				    struct ieee80211_vif *vif)
5931 {
5932 	struct ath10k *ar = hw->priv;
5933 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5934 	struct ath10k_peer *peer;
5935 	int ret;
5936 	int i;
5937 
5938 	cancel_work_sync(&arvif->ap_csa_work);
5939 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5940 
5941 	mutex_lock(&ar->conf_mutex);
5942 
5943 	ret = ath10k_spectral_vif_stop(arvif);
5944 	if (ret)
5945 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5946 			    arvif->vdev_id, ret);
5947 
5948 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5949 	spin_lock_bh(&ar->data_lock);
5950 	list_del(&arvif->list);
5951 	spin_unlock_bh(&ar->data_lock);
5952 
5953 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5954 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5955 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5956 					     vif->addr);
5957 		if (ret)
5958 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5959 				    arvif->vdev_id, ret);
5960 
5961 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5962 						 vif->addr);
5963 		kfree(arvif->u.ap.noa_data);
5964 	}
5965 
5966 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5967 		   arvif->vdev_id);
5968 
5969 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5970 	if (ret)
5971 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5972 			    arvif->vdev_id, ret);
5973 
5974 	ret = ath10k_vdev_delete_sync(ar);
5975 	if (ret) {
5976 		ath10k_warn(ar, "Error in receiving vdev delete response: %d\n", ret);
5977 		goto out;
5978 	}
5979 
5980 	/* Some firmware revisions don't notify host about self-peer removal
5981 	 * until after associated vdev is deleted.
5982 	 */
5983 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5984 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5985 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5986 						   vif->addr);
5987 		if (ret)
5988 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5989 				    arvif->vdev_id, ret);
5990 
5991 		spin_lock_bh(&ar->data_lock);
5992 		ar->num_peers--;
5993 		spin_unlock_bh(&ar->data_lock);
5994 	}
5995 
5996 	spin_lock_bh(&ar->data_lock);
5997 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5998 		peer = ar->peer_map[i];
5999 		if (!peer)
6000 			continue;
6001 
6002 		if (peer->vif == vif) {
6003 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
6004 				    vif->addr, arvif->vdev_id);
6005 			peer->vif = NULL;
6006 		}
6007 	}
6008 
6009 	/* Clean this up late, less opportunity for firmware to access
6010 	 * DMA memory we have deleted.
6011 	 */
6012 	ath10k_mac_vif_beacon_cleanup(arvif);
6013 	spin_unlock_bh(&ar->data_lock);
6014 
6015 	ath10k_peer_cleanup(ar, arvif->vdev_id);
6016 	ath10k_mac_txq_unref(ar, vif->txq);
6017 
6018 	if (vif->type == NL80211_IFTYPE_MONITOR) {
6019 		ar->monitor_arvif = NULL;
6020 		ret = ath10k_monitor_recalc(ar);
6021 		if (ret)
6022 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
6023 	}
6024 
6025 	ret = ath10k_mac_txpower_recalc(ar);
6026 	if (ret)
6027 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6028 
6029 	spin_lock_bh(&ar->htt.tx_lock);
6030 	ath10k_mac_vif_tx_unlock_all(arvif);
6031 	spin_unlock_bh(&ar->htt.tx_lock);
6032 
6033 	ath10k_mac_txq_unref(ar, vif->txq);
6034 
6035 out:
6036 	mutex_unlock(&ar->conf_mutex);
6037 }
6038 
6039 /*
6040  * FIXME: Has to be verified.
6041  */
6042 #define SUPPORTED_FILTERS			\
6043 	(FIF_ALLMULTI |				\
6044 	FIF_CONTROL |				\
6045 	FIF_PSPOLL |				\
6046 	FIF_OTHER_BSS |				\
6047 	FIF_BCN_PRBRESP_PROMISC |		\
6048 	FIF_PROBE_REQ |				\
6049 	FIF_FCSFAIL)
6050 
6051 static void ath10k_configure_filter(struct ieee80211_hw *hw,
6052 				    unsigned int changed_flags,
6053 				    unsigned int *total_flags,
6054 				    u64 multicast)
6055 {
6056 	struct ath10k *ar = hw->priv;
6057 	int ret;
6058 	unsigned int supported = SUPPORTED_FILTERS;
6059 
6060 	mutex_lock(&ar->conf_mutex);
6061 
6062 	if (ar->hw_params.mcast_frame_registration)
6063 		supported |= FIF_MCAST_ACTION;
6064 
6065 	*total_flags &= supported;
6066 
6067 	ar->filter_flags = *total_flags;
6068 
6069 	ret = ath10k_monitor_recalc(ar);
6070 	if (ret)
6071 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
6072 
6073 	mutex_unlock(&ar->conf_mutex);
6074 }
6075 
6076 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
6077 					 struct ieee80211_vif *vif,
6078 					 struct cfg80211_chan_def *def)
6079 {
6080 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6081 	const struct ieee80211_supported_band *sband;
6082 	u8 basic_rate_idx;
6083 	int hw_rate_code;
6084 	u32 vdev_param;
6085 	u16 bitrate;
6086 	int ret;
6087 
6088 	lockdep_assert_held(&ar->conf_mutex);
6089 
6090 	sband = ar->hw->wiphy->bands[def->chan->band];
6091 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
6092 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
6093 
6094 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
6095 	if (hw_rate_code < 0) {
6096 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
6097 		return;
6098 	}
6099 
6100 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
6101 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6102 					hw_rate_code);
6103 	if (ret)
6104 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
6105 }
6106 
6107 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
6108 				    struct ieee80211_vif *vif,
6109 				    struct ieee80211_bss_conf *info,
6110 				    u64 changed)
6111 {
6112 	struct ath10k *ar = hw->priv;
6113 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6114 	struct cfg80211_chan_def def;
6115 	u32 vdev_param, pdev_param, slottime, preamble;
6116 	u16 bitrate, hw_value;
6117 	u8 rate, rateidx;
6118 	int ret = 0, mcast_rate;
6119 	enum nl80211_band band;
6120 
6121 	mutex_lock(&ar->conf_mutex);
6122 
6123 	if (changed & BSS_CHANGED_IBSS)
6124 		ath10k_control_ibss(arvif, vif);
6125 
6126 	if (changed & BSS_CHANGED_BEACON_INT) {
6127 		arvif->beacon_interval = info->beacon_int;
6128 		vdev_param = ar->wmi.vdev_param->beacon_interval;
6129 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6130 						arvif->beacon_interval);
6131 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6132 			   "mac vdev %d beacon_interval %d\n",
6133 			   arvif->vdev_id, arvif->beacon_interval);
6134 
6135 		if (ret)
6136 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
6137 				    arvif->vdev_id, ret);
6138 	}
6139 
6140 	if (changed & BSS_CHANGED_BEACON) {
6141 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6142 			   "vdev %d set beacon tx mode to staggered\n",
6143 			   arvif->vdev_id);
6144 
6145 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
6146 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
6147 						WMI_BEACON_STAGGERED_MODE);
6148 		if (ret)
6149 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
6150 				    arvif->vdev_id, ret);
6151 
6152 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
6153 		if (ret)
6154 			ath10k_warn(ar, "failed to update beacon template: %d\n",
6155 				    ret);
6156 
6157 		if (ieee80211_vif_is_mesh(vif)) {
6158 			/* mesh doesn't use SSID but firmware needs it */
6159 			arvif->u.ap.ssid_len = 4;
6160 			memcpy(arvif->u.ap.ssid, "mesh", arvif->u.ap.ssid_len);
6161 		}
6162 	}
6163 
6164 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
6165 		ret = ath10k_mac_setup_prb_tmpl(arvif);
6166 		if (ret)
6167 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
6168 				    arvif->vdev_id, ret);
6169 	}
6170 
6171 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
6172 		arvif->dtim_period = info->dtim_period;
6173 
6174 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6175 			   "mac vdev %d dtim_period %d\n",
6176 			   arvif->vdev_id, arvif->dtim_period);
6177 
6178 		vdev_param = ar->wmi.vdev_param->dtim_period;
6179 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6180 						arvif->dtim_period);
6181 		if (ret)
6182 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
6183 				    arvif->vdev_id, ret);
6184 	}
6185 
6186 	if (changed & BSS_CHANGED_SSID &&
6187 	    vif->type == NL80211_IFTYPE_AP) {
6188 		arvif->u.ap.ssid_len = vif->cfg.ssid_len;
6189 		if (vif->cfg.ssid_len)
6190 			memcpy(arvif->u.ap.ssid, vif->cfg.ssid,
6191 			       vif->cfg.ssid_len);
6192 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
6193 	}
6194 
6195 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
6196 		ether_addr_copy(arvif->bssid, info->bssid);
6197 
6198 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
6199 	    arvif->ftm_responder != info->ftm_responder &&
6200 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
6201 		arvif->ftm_responder = info->ftm_responder;
6202 
6203 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
6204 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6205 						arvif->ftm_responder);
6206 
6207 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6208 			   "mac vdev %d ftm_responder %d:ret %d\n",
6209 			   arvif->vdev_id, arvif->ftm_responder, ret);
6210 	}
6211 
6212 	if (changed & BSS_CHANGED_BEACON_ENABLED)
6213 		ath10k_control_beaconing(arvif, info);
6214 
6215 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
6216 		arvif->use_cts_prot = info->use_cts_prot;
6217 
6218 		ret = ath10k_recalc_rtscts_prot(arvif);
6219 		if (ret)
6220 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
6221 				    arvif->vdev_id, ret);
6222 
6223 		if (ath10k_mac_can_set_cts_prot(arvif)) {
6224 			ret = ath10k_mac_set_cts_prot(arvif);
6225 			if (ret)
6226 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
6227 					    arvif->vdev_id, ret);
6228 		}
6229 	}
6230 
6231 	if (changed & BSS_CHANGED_ERP_SLOT) {
6232 		if (info->use_short_slot)
6233 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
6234 
6235 		else
6236 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
6237 
6238 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
6239 			   arvif->vdev_id, slottime);
6240 
6241 		vdev_param = ar->wmi.vdev_param->slot_time;
6242 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6243 						slottime);
6244 		if (ret)
6245 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
6246 				    arvif->vdev_id, ret);
6247 	}
6248 
6249 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
6250 		if (info->use_short_preamble)
6251 			preamble = WMI_VDEV_PREAMBLE_SHORT;
6252 		else
6253 			preamble = WMI_VDEV_PREAMBLE_LONG;
6254 
6255 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6256 			   "mac vdev %d preamble %dn",
6257 			   arvif->vdev_id, preamble);
6258 
6259 		vdev_param = ar->wmi.vdev_param->preamble;
6260 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6261 						preamble);
6262 		if (ret)
6263 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
6264 				    arvif->vdev_id, ret);
6265 	}
6266 
6267 	if (changed & BSS_CHANGED_ASSOC) {
6268 		if (vif->cfg.assoc) {
6269 			/* Workaround: Make sure monitor vdev is not running
6270 			 * when associating to prevent some firmware revisions
6271 			 * (e.g. 10.1 and 10.2) from crashing.
6272 			 */
6273 			if (ar->monitor_started)
6274 				ath10k_monitor_stop(ar);
6275 			ath10k_bss_assoc(hw, vif, info);
6276 			ath10k_monitor_recalc(ar);
6277 		} else {
6278 			ath10k_bss_disassoc(hw, vif);
6279 		}
6280 	}
6281 
6282 	if (changed & BSS_CHANGED_TXPOWER) {
6283 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
6284 			   arvif->vdev_id, info->txpower);
6285 
6286 		arvif->txpower = info->txpower;
6287 		ret = ath10k_mac_txpower_recalc(ar);
6288 		if (ret)
6289 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6290 	}
6291 
6292 	if (changed & BSS_CHANGED_PS) {
6293 		arvif->ps = vif->cfg.ps;
6294 
6295 		ret = ath10k_config_ps(ar);
6296 		if (ret)
6297 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
6298 				    arvif->vdev_id, ret);
6299 	}
6300 
6301 	if (changed & BSS_CHANGED_MCAST_RATE &&
6302 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
6303 		band = def.chan->band;
6304 		mcast_rate = vif->bss_conf.mcast_rate[band];
6305 		if (mcast_rate > 0)
6306 			rateidx = mcast_rate - 1;
6307 		else
6308 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
6309 
6310 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6311 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6312 
6313 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
6314 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
6315 		if (ath10k_mac_bitrate_is_cck(bitrate))
6316 			preamble = WMI_RATE_PREAMBLE_CCK;
6317 		else
6318 			preamble = WMI_RATE_PREAMBLE_OFDM;
6319 
6320 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
6321 
6322 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6323 			   "mac vdev %d mcast_rate %x\n",
6324 			   arvif->vdev_id, rate);
6325 
6326 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
6327 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6328 						vdev_param, rate);
6329 		if (ret)
6330 			ath10k_warn(ar,
6331 				    "failed to set mcast rate on vdev %i: %d\n",
6332 				    arvif->vdev_id,  ret);
6333 
6334 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
6335 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6336 						vdev_param, rate);
6337 		if (ret)
6338 			ath10k_warn(ar,
6339 				    "failed to set bcast rate on vdev %i: %d\n",
6340 				    arvif->vdev_id,  ret);
6341 	}
6342 
6343 	if (changed & BSS_CHANGED_BASIC_RATES &&
6344 	    !ath10k_mac_vif_chan(arvif->vif, &def))
6345 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
6346 
6347 	mutex_unlock(&ar->conf_mutex);
6348 }
6349 
6350 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, int radio_idx,
6351 					     s16 value)
6352 {
6353 	struct ath10k *ar = hw->priv;
6354 
6355 	/* This function should never be called if setting the coverage class
6356 	 * is not supported on this hardware.
6357 	 */
6358 	if (!ar->hw_params.hw_ops->set_coverage_class) {
6359 		WARN_ON_ONCE(1);
6360 		return;
6361 	}
6362 	ar->hw_params.hw_ops->set_coverage_class(ar, -1, value);
6363 }
6364 
6365 struct ath10k_mac_tdls_iter_data {
6366 	u32 num_tdls_stations;
6367 	struct ieee80211_vif *curr_vif;
6368 };
6369 
6370 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6371 						    struct ieee80211_sta *sta)
6372 {
6373 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6374 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6375 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6376 
6377 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6378 		iter_data->num_tdls_stations++;
6379 }
6380 
6381 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6382 					      struct ieee80211_vif *vif)
6383 {
6384 	struct ath10k_mac_tdls_iter_data data = {};
6385 
6386 	data.curr_vif = vif;
6387 
6388 	ieee80211_iterate_stations_atomic(hw,
6389 					  ath10k_mac_tdls_vif_stations_count_iter,
6390 					  &data);
6391 	return data.num_tdls_stations;
6392 }
6393 
6394 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6395 			  struct ieee80211_vif *vif,
6396 			  struct ieee80211_scan_request *hw_req)
6397 {
6398 	struct ath10k *ar = hw->priv;
6399 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6400 	struct cfg80211_scan_request *req = &hw_req->req;
6401 	struct wmi_start_scan_arg *arg = NULL;
6402 	int ret = 0;
6403 	int i;
6404 	u32 scan_timeout;
6405 
6406 	mutex_lock(&ar->conf_mutex);
6407 
6408 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6409 		ret = -EBUSY;
6410 		goto exit;
6411 	}
6412 
6413 	spin_lock_bh(&ar->data_lock);
6414 	switch (ar->scan.state) {
6415 	case ATH10K_SCAN_IDLE:
6416 		reinit_completion(&ar->scan.started);
6417 		reinit_completion(&ar->scan.completed);
6418 		ar->scan.state = ATH10K_SCAN_STARTING;
6419 		ar->scan.is_roc = false;
6420 		ar->scan.vdev_id = arvif->vdev_id;
6421 		ret = 0;
6422 		break;
6423 	case ATH10K_SCAN_STARTING:
6424 	case ATH10K_SCAN_RUNNING:
6425 	case ATH10K_SCAN_ABORTING:
6426 		ret = -EBUSY;
6427 		break;
6428 	}
6429 	spin_unlock_bh(&ar->data_lock);
6430 
6431 	if (ret)
6432 		goto exit;
6433 
6434 	arg = kzalloc(sizeof(*arg), GFP_KERNEL);
6435 	if (!arg) {
6436 		ret = -ENOMEM;
6437 		goto exit;
6438 	}
6439 
6440 	ath10k_wmi_start_scan_init(ar, arg);
6441 	arg->vdev_id = arvif->vdev_id;
6442 	arg->scan_id = ATH10K_SCAN_ID;
6443 
6444 	if (req->ie_len) {
6445 		arg->ie_len = req->ie_len;
6446 		memcpy(arg->ie, req->ie, arg->ie_len);
6447 	}
6448 
6449 	if (req->n_ssids) {
6450 		arg->n_ssids = req->n_ssids;
6451 		for (i = 0; i < arg->n_ssids; i++) {
6452 			arg->ssids[i].len  = req->ssids[i].ssid_len;
6453 			arg->ssids[i].ssid = req->ssids[i].ssid;
6454 		}
6455 	} else {
6456 		arg->scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6457 	}
6458 
6459 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6460 		arg->scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6461 		ether_addr_copy(arg->mac_addr.addr, req->mac_addr);
6462 		ether_addr_copy(arg->mac_mask.addr, req->mac_addr_mask);
6463 	}
6464 
6465 	if (req->n_channels) {
6466 		arg->n_channels = req->n_channels;
6467 		for (i = 0; i < arg->n_channels; i++)
6468 			arg->channels[i] = req->channels[i]->center_freq;
6469 	}
6470 
6471 	/* if duration is set, default dwell times will be overwritten */
6472 	if (req->duration) {
6473 		arg->dwell_time_active = req->duration;
6474 		arg->dwell_time_passive = req->duration;
6475 		arg->burst_duration_ms = req->duration;
6476 
6477 		scan_timeout = min_t(u32, arg->max_rest_time *
6478 				(arg->n_channels - 1) + (req->duration +
6479 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6480 				arg->n_channels, arg->max_scan_time);
6481 	} else {
6482 		scan_timeout = arg->max_scan_time;
6483 	}
6484 
6485 	/* Add a 200ms margin to account for event/command processing */
6486 	scan_timeout += 200;
6487 
6488 	ret = ath10k_start_scan(ar, arg);
6489 	if (ret) {
6490 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6491 		spin_lock_bh(&ar->data_lock);
6492 		ar->scan.state = ATH10K_SCAN_IDLE;
6493 		spin_unlock_bh(&ar->data_lock);
6494 	}
6495 
6496 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6497 				     msecs_to_jiffies(scan_timeout));
6498 
6499 exit:
6500 	kfree(arg);
6501 
6502 	mutex_unlock(&ar->conf_mutex);
6503 	return ret;
6504 }
6505 
6506 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6507 				  struct ieee80211_vif *vif)
6508 {
6509 	struct ath10k *ar = hw->priv;
6510 
6511 	mutex_lock(&ar->conf_mutex);
6512 	ath10k_scan_abort(ar);
6513 	mutex_unlock(&ar->conf_mutex);
6514 
6515 	cancel_delayed_work_sync(&ar->scan.timeout);
6516 }
6517 
6518 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6519 					struct ath10k_vif *arvif,
6520 					enum set_key_cmd cmd,
6521 					struct ieee80211_key_conf *key)
6522 {
6523 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6524 	int ret;
6525 
6526 	/* 10.1 firmware branch requires default key index to be set to group
6527 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6528 	 * frames with multi-vif APs. This is not required for main firmware
6529 	 * branch (e.g. 636).
6530 	 *
6531 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6532 	 *
6533 	 * FIXME: It remains unknown if this is required for multi-vif STA
6534 	 * interfaces on 10.1.
6535 	 */
6536 
6537 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6538 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6539 		return;
6540 
6541 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6542 		return;
6543 
6544 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6545 		return;
6546 
6547 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6548 		return;
6549 
6550 	if (cmd != SET_KEY)
6551 		return;
6552 
6553 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6554 					key->keyidx);
6555 	if (ret)
6556 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6557 			    arvif->vdev_id, ret);
6558 }
6559 
6560 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6561 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6562 			  struct ieee80211_key_conf *key)
6563 {
6564 	struct ath10k *ar = hw->priv;
6565 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6566 	struct ath10k_sta *arsta;
6567 	struct ath10k_peer *peer;
6568 	const u8 *peer_addr;
6569 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6570 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6571 	int ret = 0;
6572 	int ret2;
6573 	u32 flags = 0;
6574 	u32 flags2;
6575 
6576 	/* this one needs to be done in software */
6577 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6578 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6579 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6580 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6581 		return 1;
6582 
6583 	if (arvif->nohwcrypt)
6584 		return 1;
6585 
6586 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6587 		return -ENOSPC;
6588 
6589 	mutex_lock(&ar->conf_mutex);
6590 
6591 	if (sta) {
6592 		arsta = (struct ath10k_sta *)sta->drv_priv;
6593 		peer_addr = sta->addr;
6594 		spin_lock_bh(&ar->data_lock);
6595 		arsta->ucast_cipher = key->cipher;
6596 		spin_unlock_bh(&ar->data_lock);
6597 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
6598 		peer_addr = vif->bss_conf.bssid;
6599 	} else {
6600 		peer_addr = vif->addr;
6601 	}
6602 
6603 	key->hw_key_idx = key->keyidx;
6604 
6605 	if (is_wep) {
6606 		if (cmd == SET_KEY)
6607 			arvif->wep_keys[key->keyidx] = key;
6608 		else
6609 			arvif->wep_keys[key->keyidx] = NULL;
6610 	}
6611 
6612 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6613 	 * we already hold conf_mutex. we just make sure its there now.
6614 	 */
6615 	spin_lock_bh(&ar->data_lock);
6616 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6617 	spin_unlock_bh(&ar->data_lock);
6618 
6619 	if (!peer) {
6620 		if (cmd == SET_KEY) {
6621 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6622 				    peer_addr);
6623 			ret = -EOPNOTSUPP;
6624 			goto exit;
6625 		} else {
6626 			/* if the peer doesn't exist there is no key to disable anymore */
6627 			goto exit;
6628 		}
6629 	}
6630 
6631 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6632 		flags |= WMI_KEY_PAIRWISE;
6633 	else
6634 		flags |= WMI_KEY_GROUP;
6635 
6636 	if (is_wep) {
6637 		if (cmd == DISABLE_KEY)
6638 			ath10k_clear_vdev_key(arvif, key);
6639 
6640 		/* When WEP keys are uploaded it's possible that there are
6641 		 * stations associated already (e.g. when merging) without any
6642 		 * keys. Static WEP needs an explicit per-peer key upload.
6643 		 */
6644 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6645 		    cmd == SET_KEY)
6646 			ath10k_mac_vif_update_wep_key(arvif, key);
6647 
6648 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6649 		 * call changes default tx key.
6650 		 *
6651 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6652 		 * after first set_key().
6653 		 */
6654 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6655 			flags |= WMI_KEY_TX_USAGE;
6656 	}
6657 
6658 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6659 	if (ret) {
6660 		WARN_ON(ret > 0);
6661 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6662 			    arvif->vdev_id, peer_addr, ret);
6663 		goto exit;
6664 	}
6665 
6666 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6667 	 * them to be installed twice as both pairwise and groupwise.
6668 	 */
6669 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6670 		flags2 = flags;
6671 		flags2 &= ~WMI_KEY_GROUP;
6672 		flags2 |= WMI_KEY_PAIRWISE;
6673 
6674 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6675 		if (ret) {
6676 			WARN_ON(ret > 0);
6677 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6678 				    arvif->vdev_id, peer_addr, ret);
6679 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6680 						  peer_addr, flags);
6681 			if (ret2) {
6682 				WARN_ON(ret2 > 0);
6683 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6684 					    arvif->vdev_id, peer_addr, ret2);
6685 			}
6686 			goto exit;
6687 		}
6688 	}
6689 
6690 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6691 
6692 	spin_lock_bh(&ar->data_lock);
6693 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6694 	if (peer && cmd == SET_KEY)
6695 		peer->keys[key->keyidx] = key;
6696 	else if (peer && cmd == DISABLE_KEY)
6697 		peer->keys[key->keyidx] = NULL;
6698 	else if (peer == NULL)
6699 		/* impossible unless FW goes crazy */
6700 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6701 	spin_unlock_bh(&ar->data_lock);
6702 
6703 	if (sta && sta->tdls)
6704 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6705 					  ar->wmi.peer_param->authorize, 1);
6706 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6707 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6708 					  ar->wmi.peer_param->authorize, 1);
6709 
6710 exit:
6711 	mutex_unlock(&ar->conf_mutex);
6712 	return ret;
6713 }
6714 
6715 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6716 					   struct ieee80211_vif *vif,
6717 					   int keyidx)
6718 {
6719 	struct ath10k *ar = hw->priv;
6720 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6721 	int ret;
6722 
6723 	mutex_lock(&arvif->ar->conf_mutex);
6724 
6725 	if (arvif->ar->state != ATH10K_STATE_ON)
6726 		goto unlock;
6727 
6728 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6729 		   arvif->vdev_id, keyidx);
6730 
6731 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6732 					arvif->vdev_id,
6733 					arvif->ar->wmi.vdev_param->def_keyid,
6734 					keyidx);
6735 
6736 	if (ret) {
6737 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6738 			    arvif->vdev_id,
6739 			    ret);
6740 		goto unlock;
6741 	}
6742 
6743 	arvif->def_wep_key_idx = keyidx;
6744 
6745 unlock:
6746 	mutex_unlock(&arvif->ar->conf_mutex);
6747 }
6748 
6749 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6750 {
6751 	struct ath10k *ar;
6752 	struct ath10k_vif *arvif;
6753 	struct ath10k_sta *arsta;
6754 	struct ieee80211_sta *sta;
6755 	struct cfg80211_chan_def def;
6756 	enum nl80211_band band;
6757 	const u8 *ht_mcs_mask;
6758 	const u16 *vht_mcs_mask;
6759 	u32 changed, bw, nss, smps;
6760 	int err;
6761 
6762 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6763 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6764 	arvif = arsta->arvif;
6765 	ar = arvif->ar;
6766 
6767 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6768 		return;
6769 
6770 	band = def.chan->band;
6771 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6772 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6773 
6774 	spin_lock_bh(&ar->data_lock);
6775 
6776 	changed = arsta->changed;
6777 	arsta->changed = 0;
6778 
6779 	bw = arsta->bw;
6780 	nss = arsta->nss;
6781 	smps = arsta->smps;
6782 
6783 	spin_unlock_bh(&ar->data_lock);
6784 
6785 	mutex_lock(&ar->conf_mutex);
6786 
6787 	nss = max_t(u32, 1, nss);
6788 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6789 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6790 
6791 	if (changed & IEEE80211_RC_BW_CHANGED) {
6792 		enum wmi_phy_mode mode;
6793 
6794 		mode = chan_to_phymode(&def);
6795 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM peer bw %d phymode %d\n",
6796 			   sta->addr, bw, mode);
6797 
6798 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6799 						ar->wmi.peer_param->phymode, mode);
6800 		if (err) {
6801 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6802 				    sta->addr, mode, err);
6803 			goto exit;
6804 		}
6805 
6806 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6807 						ar->wmi.peer_param->chan_width, bw);
6808 		if (err)
6809 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6810 				    sta->addr, bw, err);
6811 	}
6812 
6813 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6814 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM nss %d\n",
6815 			   sta->addr, nss);
6816 
6817 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6818 						ar->wmi.peer_param->nss, nss);
6819 		if (err)
6820 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6821 				    sta->addr, nss, err);
6822 	}
6823 
6824 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6825 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM smps %d\n",
6826 			   sta->addr, smps);
6827 
6828 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6829 						ar->wmi.peer_param->smps_state, smps);
6830 		if (err)
6831 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6832 				    sta->addr, smps, err);
6833 	}
6834 
6835 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6836 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM supp rates\n",
6837 			   sta->addr);
6838 
6839 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6840 		if (err)
6841 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6842 				    sta->addr);
6843 	}
6844 
6845 exit:
6846 	mutex_unlock(&ar->conf_mutex);
6847 }
6848 
6849 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6850 				       struct ieee80211_sta *sta)
6851 {
6852 	struct ath10k *ar = arvif->ar;
6853 
6854 	lockdep_assert_held(&ar->conf_mutex);
6855 
6856 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6857 		return 0;
6858 
6859 	if (ar->num_stations >= ar->max_num_stations)
6860 		return -ENOBUFS;
6861 
6862 	ar->num_stations++;
6863 
6864 	return 0;
6865 }
6866 
6867 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6868 					struct ieee80211_sta *sta)
6869 {
6870 	struct ath10k *ar = arvif->ar;
6871 
6872 	lockdep_assert_held(&ar->conf_mutex);
6873 
6874 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6875 		return;
6876 
6877 	ar->num_stations--;
6878 }
6879 
6880 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6881 				struct ieee80211_vif *vif,
6882 				struct ieee80211_sta *sta)
6883 {
6884 	struct ath10k *ar = hw->priv;
6885 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6886 	int ret = 0;
6887 	s16 txpwr;
6888 
6889 	if (sta->deflink.txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6890 		txpwr = 0;
6891 	} else {
6892 		txpwr = sta->deflink.txpwr.power;
6893 		if (!txpwr)
6894 			return -EINVAL;
6895 	}
6896 
6897 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6898 		return -EINVAL;
6899 
6900 	mutex_lock(&ar->conf_mutex);
6901 
6902 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6903 					ar->wmi.peer_param->use_fixed_power, txpwr);
6904 	if (ret) {
6905 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6906 			    ret);
6907 		goto out;
6908 	}
6909 
6910 out:
6911 	mutex_unlock(&ar->conf_mutex);
6912 	return ret;
6913 }
6914 
6915 struct ath10k_mac_iter_tid_conf_data {
6916 	struct ieee80211_vif *curr_vif;
6917 	struct ath10k *ar;
6918 	bool reset_config;
6919 };
6920 
6921 static bool
6922 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6923 					enum nl80211_band band,
6924 					const struct cfg80211_bitrate_mask *mask,
6925 					int *vht_num_rates)
6926 {
6927 	int num_rates = 0;
6928 	int i, tmp;
6929 
6930 	num_rates += hweight32(mask->control[band].legacy);
6931 
6932 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6933 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6934 
6935 	*vht_num_rates = 0;
6936 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6937 		tmp = hweight16(mask->control[band].vht_mcs[i]);
6938 		num_rates += tmp;
6939 		*vht_num_rates += tmp;
6940 	}
6941 
6942 	return num_rates == 1;
6943 }
6944 
6945 static int
6946 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6947 					enum nl80211_band band,
6948 					const struct cfg80211_bitrate_mask *mask,
6949 					u8 *rate, u8 *nss, bool vht_only)
6950 {
6951 	int rate_idx;
6952 	int i;
6953 	u16 bitrate;
6954 	u8 preamble;
6955 	u8 hw_rate;
6956 
6957 	if (vht_only)
6958 		goto next;
6959 
6960 	if (hweight32(mask->control[band].legacy) == 1) {
6961 		rate_idx = ffs(mask->control[band].legacy) - 1;
6962 
6963 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6964 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6965 
6966 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
6967 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
6968 
6969 		if (ath10k_mac_bitrate_is_cck(bitrate))
6970 			preamble = WMI_RATE_PREAMBLE_CCK;
6971 		else
6972 			preamble = WMI_RATE_PREAMBLE_OFDM;
6973 
6974 		*nss = 1;
6975 		*rate = preamble << 6 |
6976 			(*nss - 1) << 4 |
6977 			hw_rate << 0;
6978 
6979 		return 0;
6980 	}
6981 
6982 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6983 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6984 			*nss = i + 1;
6985 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6986 				(*nss - 1) << 4 |
6987 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6988 
6989 			return 0;
6990 		}
6991 	}
6992 
6993 next:
6994 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6995 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6996 			*nss = i + 1;
6997 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6998 				(*nss - 1) << 4 |
6999 				(ffs(mask->control[band].vht_mcs[i]) - 1);
7000 
7001 			return 0;
7002 		}
7003 	}
7004 
7005 	return -EINVAL;
7006 }
7007 
7008 static int ath10k_mac_validate_rate_mask(struct ath10k *ar,
7009 					 struct ieee80211_sta *sta,
7010 					 u32 rate_ctrl_flag, u8 nss)
7011 {
7012 	struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
7013 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
7014 
7015 	if (nss > sta->deflink.rx_nss) {
7016 		ath10k_warn(ar, "Invalid nss field, configured %u limit %u\n",
7017 			    nss, sta->deflink.rx_nss);
7018 		return -EINVAL;
7019 	}
7020 
7021 	if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_VHT) {
7022 		if (!vht_cap->vht_supported) {
7023 			ath10k_warn(ar, "Invalid VHT rate for sta %pM\n",
7024 				    sta->addr);
7025 			return -EINVAL;
7026 		}
7027 	} else if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_HT) {
7028 		if (!ht_cap->ht_supported || vht_cap->vht_supported) {
7029 			ath10k_warn(ar, "Invalid HT rate for sta %pM\n",
7030 				    sta->addr);
7031 			return -EINVAL;
7032 		}
7033 	} else {
7034 		if (ht_cap->ht_supported || vht_cap->vht_supported)
7035 			return -EINVAL;
7036 	}
7037 
7038 	return 0;
7039 }
7040 
7041 static int
7042 ath10k_mac_tid_bitrate_config(struct ath10k *ar,
7043 			      struct ieee80211_vif *vif,
7044 			      struct ieee80211_sta *sta,
7045 			      u32 *rate_ctrl_flag, u8 *rate_ctrl,
7046 			      enum nl80211_tx_rate_setting txrate_type,
7047 			      const struct cfg80211_bitrate_mask *mask)
7048 {
7049 	struct cfg80211_chan_def def;
7050 	enum nl80211_band band;
7051 	u8 nss, rate;
7052 	int vht_num_rates, ret;
7053 
7054 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
7055 		return -EINVAL;
7056 
7057 	if (txrate_type == NL80211_TX_RATE_AUTOMATIC) {
7058 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7059 		*rate_ctrl_flag = 0;
7060 		return 0;
7061 	}
7062 
7063 	band = def.chan->band;
7064 
7065 	if (!ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
7066 						     &vht_num_rates)) {
7067 		return -EINVAL;
7068 	}
7069 
7070 	ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
7071 						      &rate, &nss, false);
7072 	if (ret) {
7073 		ath10k_warn(ar, "failed to get single rate: %d\n",
7074 			    ret);
7075 		return ret;
7076 	}
7077 
7078 	*rate_ctrl_flag = rate;
7079 
7080 	if (sta && ath10k_mac_validate_rate_mask(ar, sta, *rate_ctrl_flag, nss))
7081 		return -EINVAL;
7082 
7083 	if (txrate_type == NL80211_TX_RATE_FIXED)
7084 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_FIXED_RATE;
7085 	else if (txrate_type == NL80211_TX_RATE_LIMITED &&
7086 		 (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
7087 			   ar->wmi.svc_map)))
7088 		*rate_ctrl = WMI_PEER_TID_CONFIG_RATE_UPPER_CAP;
7089 	else
7090 		return -EOPNOTSUPP;
7091 
7092 	return 0;
7093 }
7094 
7095 static int ath10k_mac_set_tid_config(struct ath10k *ar, struct ieee80211_sta *sta,
7096 				     struct ieee80211_vif *vif, u32 changed,
7097 				     struct wmi_per_peer_per_tid_cfg_arg *arg)
7098 {
7099 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7100 	struct ath10k_sta *arsta;
7101 	int ret;
7102 
7103 	if (sta) {
7104 		if (!sta->wme)
7105 			return -EOPNOTSUPP;
7106 
7107 		arsta = (struct ath10k_sta *)sta->drv_priv;
7108 
7109 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7110 			if ((arsta->retry_long[arg->tid] > 0 ||
7111 			     arsta->rate_code[arg->tid] > 0 ||
7112 			     arsta->ampdu[arg->tid] ==
7113 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7114 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7115 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7116 				arg->ack_policy = 0;
7117 				arg->aggr_control = 0;
7118 				arg->rate_ctrl = 0;
7119 				arg->rcode_flags = 0;
7120 			}
7121 		}
7122 
7123 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7124 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7125 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7126 				arg->aggr_control = 0;
7127 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7128 			}
7129 		}
7130 
7131 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7132 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7133 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7134 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7135 				arg->rate_ctrl = 0;
7136 				arg->rcode_flags = 0;
7137 			}
7138 		}
7139 
7140 		ether_addr_copy(arg->peer_macaddr.addr, sta->addr);
7141 
7142 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, arg);
7143 		if (ret)
7144 			return ret;
7145 
7146 		/* Store the configured parameters in success case */
7147 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7148 			arsta->noack[arg->tid] = arg->ack_policy;
7149 			arg->ack_policy = 0;
7150 			arg->aggr_control = 0;
7151 			arg->rate_ctrl = 0;
7152 			arg->rcode_flags = 0;
7153 		}
7154 
7155 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7156 			arsta->retry_long[arg->tid] = arg->retry_count;
7157 			arg->retry_count = 0;
7158 		}
7159 
7160 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7161 			arsta->ampdu[arg->tid] = arg->aggr_control;
7162 			arg->aggr_control = 0;
7163 		}
7164 
7165 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7166 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7167 			arsta->rate_ctrl[arg->tid] = arg->rate_ctrl;
7168 			arg->rate_ctrl = 0;
7169 			arg->rcode_flags = 0;
7170 		}
7171 
7172 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7173 			arsta->rtscts[arg->tid] = arg->rtscts_ctrl;
7174 			arg->ext_tid_cfg_bitmap = 0;
7175 		}
7176 	} else {
7177 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7178 			if ((arvif->retry_long[arg->tid] ||
7179 			     arvif->rate_code[arg->tid] ||
7180 			     arvif->ampdu[arg->tid] ==
7181 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7182 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7183 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7184 			} else {
7185 				arvif->noack[arg->tid] = arg->ack_policy;
7186 				arvif->ampdu[arg->tid] = arg->aggr_control;
7187 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7188 			}
7189 		}
7190 
7191 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7192 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7193 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7194 			else
7195 				arvif->retry_long[arg->tid] = arg->retry_count;
7196 		}
7197 
7198 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7199 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7200 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
7201 			else
7202 				arvif->ampdu[arg->tid] = arg->aggr_control;
7203 		}
7204 
7205 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7206 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7207 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7208 				changed &= ~(BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7209 					     BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE));
7210 			} else {
7211 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7212 				arvif->rate_code[arg->tid] = arg->rcode_flags;
7213 			}
7214 		}
7215 
7216 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7217 			arvif->rtscts[arg->tid] = arg->rtscts_ctrl;
7218 			arg->ext_tid_cfg_bitmap = 0;
7219 		}
7220 
7221 		if (changed)
7222 			arvif->tid_conf_changed[arg->tid] |= changed;
7223 	}
7224 
7225 	return 0;
7226 }
7227 
7228 static int
7229 ath10k_mac_parse_tid_config(struct ath10k *ar,
7230 			    struct ieee80211_sta *sta,
7231 			    struct ieee80211_vif *vif,
7232 			    struct cfg80211_tid_cfg *tid_conf,
7233 			    struct wmi_per_peer_per_tid_cfg_arg *arg)
7234 {
7235 	u32 changed = tid_conf->mask;
7236 	int ret = 0, i = 0;
7237 
7238 	if (!changed)
7239 		return -EINVAL;
7240 
7241 	while (i < ATH10K_TID_MAX) {
7242 		if (!(tid_conf->tids & BIT(i))) {
7243 			i++;
7244 			continue;
7245 		}
7246 
7247 		arg->tid = i;
7248 
7249 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7250 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE) {
7251 				arg->ack_policy = WMI_PEER_TID_CONFIG_NOACK;
7252 				arg->rate_ctrl =
7253 				WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
7254 				arg->aggr_control =
7255 					WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7256 			} else {
7257 				arg->ack_policy =
7258 					WMI_PEER_TID_CONFIG_ACK;
7259 				arg->rate_ctrl =
7260 					WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7261 				arg->aggr_control =
7262 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7263 			}
7264 		}
7265 
7266 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG))
7267 			arg->retry_count = tid_conf->retry_long;
7268 
7269 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7270 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE)
7271 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7272 			else
7273 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7274 		}
7275 
7276 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7277 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7278 			ret = ath10k_mac_tid_bitrate_config(ar, vif, sta,
7279 							    &arg->rcode_flags,
7280 							    &arg->rate_ctrl,
7281 							    tid_conf->txrate_type,
7282 							&tid_conf->txrate_mask);
7283 			if (ret) {
7284 				ath10k_warn(ar, "failed to configure bitrate mask %d\n",
7285 					    ret);
7286 				arg->rcode_flags = 0;
7287 				arg->rate_ctrl = 0;
7288 			}
7289 		}
7290 
7291 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7292 			if (tid_conf->rtscts)
7293 				arg->rtscts_ctrl = tid_conf->rtscts;
7294 
7295 			arg->ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7296 		}
7297 
7298 		ret = ath10k_mac_set_tid_config(ar, sta, vif, changed, arg);
7299 		if (ret)
7300 			return ret;
7301 		i++;
7302 	}
7303 
7304 	return ret;
7305 }
7306 
7307 static int ath10k_mac_reset_tid_config(struct ath10k *ar,
7308 				       struct ieee80211_sta *sta,
7309 				       struct ath10k_vif *arvif,
7310 				       u8 tids)
7311 {
7312 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7313 	struct wmi_per_peer_per_tid_cfg_arg arg;
7314 	int ret = 0, i = 0;
7315 
7316 	arg.vdev_id = arvif->vdev_id;
7317 	while (i < ATH10K_TID_MAX) {
7318 		if (!(tids & BIT(i))) {
7319 			i++;
7320 			continue;
7321 		}
7322 
7323 		arg.tid = i;
7324 		arg.ack_policy = WMI_PEER_TID_CONFIG_ACK;
7325 		arg.retry_count = ATH10K_MAX_RETRY_COUNT;
7326 		arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7327 		arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7328 		arg.rtscts_ctrl = WMI_TID_CONFIG_RTSCTS_CONTROL_ENABLE;
7329 		arg.ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7330 
7331 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7332 
7333 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7334 		if (ret)
7335 			return ret;
7336 
7337 		if (!arvif->tids_rst) {
7338 			arsta->retry_long[i] = -1;
7339 			arsta->noack[i] = -1;
7340 			arsta->ampdu[i] = -1;
7341 			arsta->rate_code[i] = -1;
7342 			arsta->rate_ctrl[i] = 0;
7343 			arsta->rtscts[i] = -1;
7344 		} else {
7345 			arvif->retry_long[i] = 0;
7346 			arvif->noack[i] = 0;
7347 			arvif->ampdu[i] = 0;
7348 			arvif->rate_code[i] = 0;
7349 			arvif->rate_ctrl[i] = 0;
7350 			arvif->rtscts[i] = 0;
7351 		}
7352 
7353 		i++;
7354 	}
7355 
7356 	return ret;
7357 }
7358 
7359 static void ath10k_sta_tid_cfg_wk(struct work_struct *wk)
7360 {
7361 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
7362 	struct ieee80211_sta *sta;
7363 	struct ath10k_sta *arsta;
7364 	struct ath10k_vif *arvif;
7365 	struct ath10k *ar;
7366 	bool config_apply;
7367 	int ret, i;
7368 	u32 changed;
7369 	u8 nss;
7370 
7371 	arsta = container_of(wk, struct ath10k_sta, tid_config_wk);
7372 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
7373 	arvif = arsta->arvif;
7374 	ar = arvif->ar;
7375 
7376 	mutex_lock(&ar->conf_mutex);
7377 
7378 	if (arvif->tids_rst) {
7379 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif,
7380 						  arvif->tids_rst);
7381 		goto exit;
7382 	}
7383 
7384 	ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7385 
7386 	for (i = 0; i < ATH10K_TID_MAX; i++) {
7387 		config_apply = false;
7388 		changed = arvif->tid_conf_changed[i];
7389 
7390 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7391 			if (arsta->noack[i] != -1) {
7392 				arg.ack_policy  = 0;
7393 			} else {
7394 				config_apply = true;
7395 				arg.ack_policy = arvif->noack[i];
7396 				arg.aggr_control = arvif->ampdu[i];
7397 				arg.rate_ctrl = arvif->rate_ctrl[i];
7398 			}
7399 		}
7400 
7401 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7402 			if (arsta->retry_long[i] != -1 ||
7403 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7404 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7405 				arg.retry_count = 0;
7406 			} else {
7407 				arg.retry_count = arvif->retry_long[i];
7408 				config_apply = true;
7409 			}
7410 		}
7411 
7412 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7413 			if (arsta->ampdu[i] != -1 ||
7414 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7415 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7416 				arg.aggr_control = 0;
7417 			} else {
7418 				arg.aggr_control = arvif->ampdu[i];
7419 				config_apply = true;
7420 			}
7421 		}
7422 
7423 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7424 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7425 			nss = ATH10K_HW_NSS(arvif->rate_code[i]);
7426 			ret = ath10k_mac_validate_rate_mask(ar, sta,
7427 							    arvif->rate_code[i],
7428 							    nss);
7429 			if (ret &&
7430 			    arvif->rate_ctrl[i] > WMI_TID_CONFIG_RATE_CONTROL_AUTO) {
7431 				arg.rate_ctrl = 0;
7432 				arg.rcode_flags = 0;
7433 			}
7434 
7435 			if (arsta->rate_ctrl[i] >
7436 			    WMI_TID_CONFIG_RATE_CONTROL_AUTO ||
7437 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7438 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7439 				arg.rate_ctrl = 0;
7440 				arg.rcode_flags = 0;
7441 			} else {
7442 				arg.rate_ctrl = arvif->rate_ctrl[i];
7443 				arg.rcode_flags = arvif->rate_code[i];
7444 				config_apply = true;
7445 			}
7446 		}
7447 
7448 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7449 			if (arsta->rtscts[i]) {
7450 				arg.rtscts_ctrl = 0;
7451 				arg.ext_tid_cfg_bitmap = 0;
7452 			} else {
7453 				arg.rtscts_ctrl = arvif->rtscts[i] - 1;
7454 				arg.ext_tid_cfg_bitmap =
7455 					WMI_EXT_TID_RTS_CTS_CONFIG;
7456 				config_apply = true;
7457 			}
7458 		}
7459 
7460 		arg.tid = i;
7461 
7462 		if (config_apply) {
7463 			ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7464 			if (ret)
7465 				ath10k_warn(ar, "failed to set per tid config for sta %pM: %d\n",
7466 					    sta->addr, ret);
7467 		}
7468 
7469 		arg.ack_policy  = 0;
7470 		arg.retry_count  = 0;
7471 		arg.aggr_control  = 0;
7472 		arg.rate_ctrl = 0;
7473 		arg.rcode_flags = 0;
7474 	}
7475 
7476 exit:
7477 	mutex_unlock(&ar->conf_mutex);
7478 }
7479 
7480 static void ath10k_mac_vif_stations_tid_conf(void *data,
7481 					     struct ieee80211_sta *sta)
7482 {
7483 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7484 	struct ath10k_mac_iter_tid_conf_data *iter_data = data;
7485 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
7486 
7487 	if (sta_vif != iter_data->curr_vif || !sta->wme)
7488 		return;
7489 
7490 	ieee80211_queue_work(iter_data->ar->hw, &arsta->tid_config_wk);
7491 }
7492 
7493 static int ath10k_sta_state(struct ieee80211_hw *hw,
7494 			    struct ieee80211_vif *vif,
7495 			    struct ieee80211_sta *sta,
7496 			    enum ieee80211_sta_state old_state,
7497 			    enum ieee80211_sta_state new_state)
7498 {
7499 	struct ath10k *ar = hw->priv;
7500 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7501 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7502 	struct ath10k_peer *peer;
7503 	int ret = 0;
7504 	int i;
7505 
7506 	if (old_state == IEEE80211_STA_NOTEXIST &&
7507 	    new_state == IEEE80211_STA_NONE) {
7508 		memset(arsta, 0, sizeof(*arsta));
7509 		arsta->arvif = arvif;
7510 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
7511 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
7512 		INIT_WORK(&arsta->tid_config_wk, ath10k_sta_tid_cfg_wk);
7513 
7514 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7515 			ath10k_mac_txq_init(sta->txq[i]);
7516 	}
7517 
7518 	/* cancel must be done outside the mutex to avoid deadlock */
7519 	if ((old_state == IEEE80211_STA_NONE &&
7520 	     new_state == IEEE80211_STA_NOTEXIST)) {
7521 		cancel_work_sync(&arsta->update_wk);
7522 		cancel_work_sync(&arsta->tid_config_wk);
7523 	}
7524 
7525 	mutex_lock(&ar->conf_mutex);
7526 
7527 	if (old_state == IEEE80211_STA_NOTEXIST &&
7528 	    new_state == IEEE80211_STA_NONE) {
7529 		/*
7530 		 * New station addition.
7531 		 */
7532 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
7533 		u32 num_tdls_stations;
7534 
7535 		ath10k_dbg(ar, ATH10K_DBG_STA,
7536 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
7537 			   arvif->vdev_id, sta->addr,
7538 			   ar->num_stations + 1, ar->max_num_stations,
7539 			   ar->num_peers + 1, ar->max_num_peers);
7540 
7541 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
7542 
7543 		if (sta->tdls) {
7544 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
7545 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
7546 					    arvif->vdev_id,
7547 					    ar->max_num_tdls_vdevs);
7548 				ret = -ELNRNG;
7549 				goto exit;
7550 			}
7551 			peer_type = WMI_PEER_TYPE_TDLS;
7552 		}
7553 
7554 		ret = ath10k_mac_inc_num_stations(arvif, sta);
7555 		if (ret) {
7556 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
7557 				    ar->max_num_stations);
7558 			goto exit;
7559 		}
7560 
7561 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7562 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
7563 						  GFP_KERNEL);
7564 			if (!arsta->tx_stats) {
7565 				ath10k_mac_dec_num_stations(arvif, sta);
7566 				ret = -ENOMEM;
7567 				goto exit;
7568 			}
7569 		}
7570 
7571 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
7572 					 sta->addr, peer_type);
7573 		if (ret) {
7574 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
7575 				    sta->addr, arvif->vdev_id, ret);
7576 			ath10k_mac_dec_num_stations(arvif, sta);
7577 			kfree(arsta->tx_stats);
7578 			goto exit;
7579 		}
7580 
7581 		spin_lock_bh(&ar->data_lock);
7582 
7583 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7584 		if (!peer) {
7585 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
7586 				    vif->addr, arvif->vdev_id);
7587 			spin_unlock_bh(&ar->data_lock);
7588 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7589 			ath10k_mac_dec_num_stations(arvif, sta);
7590 			kfree(arsta->tx_stats);
7591 			ret = -ENOENT;
7592 			goto exit;
7593 		}
7594 
7595 		arsta->peer_id = find_first_bit(peer->peer_ids,
7596 						ATH10K_MAX_NUM_PEER_IDS);
7597 
7598 		spin_unlock_bh(&ar->data_lock);
7599 
7600 		if (!sta->tdls)
7601 			goto exit;
7602 
7603 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7604 						      WMI_TDLS_ENABLE_ACTIVE);
7605 		if (ret) {
7606 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7607 				    arvif->vdev_id, ret);
7608 			ath10k_peer_delete(ar, arvif->vdev_id,
7609 					   sta->addr);
7610 			ath10k_mac_dec_num_stations(arvif, sta);
7611 			kfree(arsta->tx_stats);
7612 			goto exit;
7613 		}
7614 
7615 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7616 						  WMI_TDLS_PEER_STATE_PEERING);
7617 		if (ret) {
7618 			ath10k_warn(ar,
7619 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
7620 				    sta->addr, arvif->vdev_id, ret);
7621 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7622 			ath10k_mac_dec_num_stations(arvif, sta);
7623 			kfree(arsta->tx_stats);
7624 
7625 			if (num_tdls_stations != 0)
7626 				goto exit;
7627 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7628 							WMI_TDLS_DISABLE);
7629 		}
7630 	} else if ((old_state == IEEE80211_STA_NONE &&
7631 		    new_state == IEEE80211_STA_NOTEXIST)) {
7632 		/*
7633 		 * Existing station deletion.
7634 		 */
7635 		ath10k_dbg(ar, ATH10K_DBG_STA,
7636 			   "mac vdev %d peer delete %pM sta %p (sta gone)\n",
7637 			   arvif->vdev_id, sta->addr, sta);
7638 
7639 		if (sta->tdls) {
7640 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
7641 							  sta,
7642 							  WMI_TDLS_PEER_STATE_TEARDOWN);
7643 			if (ret)
7644 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
7645 					    sta->addr,
7646 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
7647 		}
7648 
7649 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7650 		if (ret)
7651 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
7652 				    sta->addr, arvif->vdev_id, ret);
7653 
7654 		ath10k_mac_dec_num_stations(arvif, sta);
7655 
7656 		spin_lock_bh(&ar->data_lock);
7657 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
7658 			peer = ar->peer_map[i];
7659 			if (!peer)
7660 				continue;
7661 
7662 			if (peer->sta == sta) {
7663 				ath10k_warn(ar, "found sta peer %pM (ptr %p id %d) entry on vdev %i after it was supposedly removed\n",
7664 					    sta->addr, peer, i, arvif->vdev_id);
7665 				peer->sta = NULL;
7666 
7667 				/* Clean up the peer object as well since we
7668 				 * must have failed to do this above.
7669 				 */
7670 				ath10k_peer_map_cleanup(ar, peer);
7671 			}
7672 		}
7673 		spin_unlock_bh(&ar->data_lock);
7674 
7675 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7676 			kfree(arsta->tx_stats);
7677 			arsta->tx_stats = NULL;
7678 		}
7679 
7680 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7681 			ath10k_mac_txq_unref(ar, sta->txq[i]);
7682 
7683 		if (!sta->tdls)
7684 			goto exit;
7685 
7686 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
7687 			goto exit;
7688 
7689 		/* This was the last tdls peer in current vif */
7690 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7691 						      WMI_TDLS_DISABLE);
7692 		if (ret) {
7693 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7694 				    arvif->vdev_id, ret);
7695 		}
7696 	} else if (old_state == IEEE80211_STA_AUTH &&
7697 		   new_state == IEEE80211_STA_ASSOC &&
7698 		   (vif->type == NL80211_IFTYPE_AP ||
7699 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
7700 		    vif->type == NL80211_IFTYPE_ADHOC)) {
7701 		/*
7702 		 * New association.
7703 		 */
7704 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM associated\n",
7705 			   sta->addr);
7706 
7707 		ret = ath10k_station_assoc(ar, vif, sta, false);
7708 		if (ret)
7709 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
7710 				    sta->addr, arvif->vdev_id, ret);
7711 	} else if (old_state == IEEE80211_STA_ASSOC &&
7712 		   new_state == IEEE80211_STA_AUTHORIZED &&
7713 		   sta->tdls) {
7714 		/*
7715 		 * Tdls station authorized.
7716 		 */
7717 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac tdls sta %pM authorized\n",
7718 			   sta->addr);
7719 
7720 		ret = ath10k_station_assoc(ar, vif, sta, false);
7721 		if (ret) {
7722 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
7723 				    sta->addr, arvif->vdev_id, ret);
7724 			goto exit;
7725 		}
7726 
7727 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7728 						  WMI_TDLS_PEER_STATE_CONNECTED);
7729 		if (ret)
7730 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
7731 				    sta->addr, arvif->vdev_id, ret);
7732 	} else if (old_state == IEEE80211_STA_ASSOC &&
7733 		    new_state == IEEE80211_STA_AUTH &&
7734 		    (vif->type == NL80211_IFTYPE_AP ||
7735 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
7736 		     vif->type == NL80211_IFTYPE_ADHOC)) {
7737 		/*
7738 		 * Disassociation.
7739 		 */
7740 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM disassociated\n",
7741 			   sta->addr);
7742 
7743 		ret = ath10k_station_disassoc(ar, vif, sta);
7744 		if (ret)
7745 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
7746 				    sta->addr, arvif->vdev_id, ret);
7747 	}
7748 exit:
7749 	mutex_unlock(&ar->conf_mutex);
7750 	return ret;
7751 }
7752 
7753 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
7754 				u16 ac, bool enable)
7755 {
7756 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7757 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
7758 	u32 prio = 0, acc = 0;
7759 	u32 value = 0;
7760 	int ret = 0;
7761 
7762 	lockdep_assert_held(&ar->conf_mutex);
7763 
7764 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
7765 		return 0;
7766 
7767 	switch (ac) {
7768 	case IEEE80211_AC_VO:
7769 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
7770 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
7771 		prio = 7;
7772 		acc = 3;
7773 		break;
7774 	case IEEE80211_AC_VI:
7775 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
7776 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
7777 		prio = 5;
7778 		acc = 2;
7779 		break;
7780 	case IEEE80211_AC_BE:
7781 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
7782 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
7783 		prio = 2;
7784 		acc = 1;
7785 		break;
7786 	case IEEE80211_AC_BK:
7787 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
7788 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
7789 		prio = 0;
7790 		acc = 0;
7791 		break;
7792 	}
7793 
7794 	if (enable)
7795 		arvif->u.sta.uapsd |= value;
7796 	else
7797 		arvif->u.sta.uapsd &= ~value;
7798 
7799 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7800 					  WMI_STA_PS_PARAM_UAPSD,
7801 					  arvif->u.sta.uapsd);
7802 	if (ret) {
7803 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
7804 		goto exit;
7805 	}
7806 
7807 	if (arvif->u.sta.uapsd)
7808 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
7809 	else
7810 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
7811 
7812 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7813 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
7814 					  value);
7815 	if (ret)
7816 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
7817 
7818 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
7819 	if (ret) {
7820 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
7821 			    arvif->vdev_id, ret);
7822 		return ret;
7823 	}
7824 
7825 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
7826 	if (ret) {
7827 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
7828 			    arvif->vdev_id, ret);
7829 		return ret;
7830 	}
7831 
7832 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
7833 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
7834 		/* Only userspace can make an educated decision when to send
7835 		 * trigger frame. The following effectively disables u-UAPSD
7836 		 * autotrigger in firmware (which is enabled by default
7837 		 * provided the autotrigger service is available).
7838 		 */
7839 
7840 		arg.wmm_ac = acc;
7841 		arg.user_priority = prio;
7842 		arg.service_interval = 0;
7843 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7844 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7845 
7846 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
7847 						arvif->bssid, &arg, 1);
7848 		if (ret) {
7849 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
7850 				    ret);
7851 			return ret;
7852 		}
7853 	}
7854 
7855 exit:
7856 	return ret;
7857 }
7858 
7859 static int ath10k_conf_tx(struct ieee80211_hw *hw,
7860 			  struct ieee80211_vif *vif,
7861 			  unsigned int link_id, u16 ac,
7862 			  const struct ieee80211_tx_queue_params *params)
7863 {
7864 	struct ath10k *ar = hw->priv;
7865 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7866 	struct wmi_wmm_params_arg *p = NULL;
7867 	int ret;
7868 
7869 	mutex_lock(&ar->conf_mutex);
7870 
7871 	switch (ac) {
7872 	case IEEE80211_AC_VO:
7873 		p = &arvif->wmm_params.ac_vo;
7874 		break;
7875 	case IEEE80211_AC_VI:
7876 		p = &arvif->wmm_params.ac_vi;
7877 		break;
7878 	case IEEE80211_AC_BE:
7879 		p = &arvif->wmm_params.ac_be;
7880 		break;
7881 	case IEEE80211_AC_BK:
7882 		p = &arvif->wmm_params.ac_bk;
7883 		break;
7884 	}
7885 
7886 	if (WARN_ON(!p)) {
7887 		ret = -EINVAL;
7888 		goto exit;
7889 	}
7890 
7891 	p->cwmin = params->cw_min;
7892 	p->cwmax = params->cw_max;
7893 	p->aifs = params->aifs;
7894 
7895 	/*
7896 	 * The channel time duration programmed in the HW is in absolute
7897 	 * microseconds, while mac80211 gives the txop in units of
7898 	 * 32 microseconds.
7899 	 */
7900 	p->txop = params->txop * 32;
7901 
7902 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
7903 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
7904 					       &arvif->wmm_params);
7905 		if (ret) {
7906 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
7907 				    arvif->vdev_id, ret);
7908 			goto exit;
7909 		}
7910 	} else {
7911 		/* This won't work well with multi-interface cases but it's
7912 		 * better than nothing.
7913 		 */
7914 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
7915 		if (ret) {
7916 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
7917 			goto exit;
7918 		}
7919 	}
7920 
7921 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
7922 	if (ret)
7923 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
7924 
7925 exit:
7926 	mutex_unlock(&ar->conf_mutex);
7927 	return ret;
7928 }
7929 
7930 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
7931 				    struct ieee80211_vif *vif,
7932 				    struct ieee80211_channel *chan,
7933 				    int duration,
7934 				    enum ieee80211_roc_type type)
7935 {
7936 	struct ath10k *ar = hw->priv;
7937 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7938 	struct wmi_start_scan_arg *arg = NULL;
7939 	int ret = 0;
7940 	u32 scan_time_msec;
7941 
7942 	mutex_lock(&ar->conf_mutex);
7943 
7944 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
7945 		ret = -EBUSY;
7946 		goto exit;
7947 	}
7948 
7949 	spin_lock_bh(&ar->data_lock);
7950 	switch (ar->scan.state) {
7951 	case ATH10K_SCAN_IDLE:
7952 		reinit_completion(&ar->scan.started);
7953 		reinit_completion(&ar->scan.completed);
7954 		reinit_completion(&ar->scan.on_channel);
7955 		ar->scan.state = ATH10K_SCAN_STARTING;
7956 		ar->scan.is_roc = true;
7957 		ar->scan.vdev_id = arvif->vdev_id;
7958 		ar->scan.roc_freq = chan->center_freq;
7959 		ar->scan.roc_notify = true;
7960 		ret = 0;
7961 		break;
7962 	case ATH10K_SCAN_STARTING:
7963 	case ATH10K_SCAN_RUNNING:
7964 	case ATH10K_SCAN_ABORTING:
7965 		ret = -EBUSY;
7966 		break;
7967 	}
7968 	spin_unlock_bh(&ar->data_lock);
7969 
7970 	if (ret)
7971 		goto exit;
7972 
7973 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7974 
7975 	arg = kzalloc(sizeof(*arg), GFP_KERNEL);
7976 	if (!arg) {
7977 		ret = -ENOMEM;
7978 		goto exit;
7979 	}
7980 
7981 	ath10k_wmi_start_scan_init(ar, arg);
7982 	arg->vdev_id = arvif->vdev_id;
7983 	arg->scan_id = ATH10K_SCAN_ID;
7984 	arg->n_channels = 1;
7985 	arg->channels[0] = chan->center_freq;
7986 	arg->dwell_time_active = scan_time_msec;
7987 	arg->dwell_time_passive = scan_time_msec;
7988 	arg->max_scan_time = scan_time_msec;
7989 	arg->scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7990 	arg->scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7991 	arg->burst_duration_ms = duration;
7992 
7993 	ret = ath10k_start_scan(ar, arg);
7994 	if (ret) {
7995 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7996 		spin_lock_bh(&ar->data_lock);
7997 		ar->scan.state = ATH10K_SCAN_IDLE;
7998 		spin_unlock_bh(&ar->data_lock);
7999 		goto exit;
8000 	}
8001 
8002 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
8003 	if (ret == 0) {
8004 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
8005 
8006 		ret = ath10k_scan_stop(ar);
8007 		if (ret)
8008 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
8009 
8010 		ret = -ETIMEDOUT;
8011 		goto exit;
8012 	}
8013 
8014 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
8015 				     msecs_to_jiffies(duration));
8016 
8017 	ret = 0;
8018 exit:
8019 	kfree(arg);
8020 
8021 	mutex_unlock(&ar->conf_mutex);
8022 	return ret;
8023 }
8024 
8025 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
8026 					   struct ieee80211_vif *vif)
8027 {
8028 	struct ath10k *ar = hw->priv;
8029 
8030 	mutex_lock(&ar->conf_mutex);
8031 
8032 	spin_lock_bh(&ar->data_lock);
8033 	ar->scan.roc_notify = false;
8034 	spin_unlock_bh(&ar->data_lock);
8035 
8036 	ath10k_scan_abort(ar);
8037 
8038 	mutex_unlock(&ar->conf_mutex);
8039 
8040 	cancel_delayed_work_sync(&ar->scan.timeout);
8041 
8042 	return 0;
8043 }
8044 
8045 /*
8046  * Both RTS and Fragmentation threshold are interface-specific
8047  * in ath10k, but device-specific in mac80211.
8048  */
8049 
8050 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, int radio_idx,
8051 				    u32 value)
8052 {
8053 	struct ath10k *ar = hw->priv;
8054 	struct ath10k_vif *arvif;
8055 	int ret = 0;
8056 
8057 	mutex_lock(&ar->conf_mutex);
8058 	list_for_each_entry(arvif, &ar->arvifs, list) {
8059 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
8060 			   arvif->vdev_id, value);
8061 
8062 		ret = ath10k_mac_set_rts(arvif, value);
8063 		if (ret) {
8064 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
8065 				    arvif->vdev_id, ret);
8066 			break;
8067 		}
8068 	}
8069 	mutex_unlock(&ar->conf_mutex);
8070 
8071 	return ret;
8072 }
8073 
8074 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw,
8075 					    int radio_idx, u32 value)
8076 {
8077 	/* Even though there's a WMI enum for fragmentation threshold no known
8078 	 * firmware actually implements it. Moreover it is not possible to rely
8079 	 * frame fragmentation to mac80211 because firmware clears the "more
8080 	 * fragments" bit in frame control making it impossible for remote
8081 	 * devices to reassemble frames.
8082 	 *
8083 	 * Hence implement a dummy callback just to say fragmentation isn't
8084 	 * supported. This effectively prevents mac80211 from doing frame
8085 	 * fragmentation in software.
8086 	 */
8087 	return -EOPNOTSUPP;
8088 }
8089 
8090 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
8091 {
8092 	bool skip;
8093 	long time_left;
8094 
8095 	/* mac80211 doesn't care if we really xmit queued frames or not
8096 	 * we'll collect those frames either way if we stop/delete vdevs
8097 	 */
8098 
8099 	if (ar->state == ATH10K_STATE_WEDGED)
8100 		return;
8101 
8102 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
8103 			bool empty;
8104 
8105 			spin_lock_bh(&ar->htt.tx_lock);
8106 			empty = (ar->htt.num_pending_tx == 0);
8107 			spin_unlock_bh(&ar->htt.tx_lock);
8108 
8109 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
8110 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
8111 					&ar->dev_flags);
8112 
8113 			(empty || skip);
8114 		}), ATH10K_FLUSH_TIMEOUT_HZ);
8115 
8116 	if (time_left == 0 || skip)
8117 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
8118 			    skip, ar->state, time_left);
8119 }
8120 
8121 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
8122 			 u32 queues, bool drop)
8123 {
8124 	struct ath10k *ar = hw->priv;
8125 	struct ath10k_vif *arvif;
8126 	u32 bitmap;
8127 
8128 	if (drop) {
8129 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
8130 			bitmap = ~(1 << WMI_MGMT_TID);
8131 			list_for_each_entry(arvif, &ar->arvifs, list) {
8132 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
8133 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
8134 							      arvif->bssid, bitmap);
8135 			}
8136 			ath10k_htt_flush_tx(&ar->htt);
8137 		}
8138 		return;
8139 	}
8140 
8141 	mutex_lock(&ar->conf_mutex);
8142 	ath10k_mac_wait_tx_complete(ar);
8143 	mutex_unlock(&ar->conf_mutex);
8144 }
8145 
8146 /* TODO: Implement this function properly
8147  * For now it is needed to reply to Probe Requests in IBSS mode.
8148  * Probably we need this information from FW.
8149  */
8150 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
8151 {
8152 	return 1;
8153 }
8154 
8155 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
8156 				     enum ieee80211_reconfig_type reconfig_type)
8157 {
8158 	struct ath10k *ar = hw->priv;
8159 	struct ath10k_vif *arvif;
8160 
8161 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
8162 		return;
8163 
8164 	mutex_lock(&ar->conf_mutex);
8165 
8166 	/* If device failed to restart it will be in a different state, e.g.
8167 	 * ATH10K_STATE_WEDGED
8168 	 */
8169 	if (ar->state == ATH10K_STATE_RESTARTED) {
8170 		ath10k_info(ar, "device successfully recovered\n");
8171 		ar->state = ATH10K_STATE_ON;
8172 		ieee80211_wake_queues(ar->hw);
8173 
8174 		/* Clear recovery state. */
8175 		complete(&ar->driver_recovery);
8176 		atomic_set(&ar->fail_cont_count, 0);
8177 		atomic_set(&ar->pending_recovery, 0);
8178 
8179 		if (ar->hw_params.hw_restart_disconnect) {
8180 			list_for_each_entry(arvif, &ar->arvifs, list) {
8181 				if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
8182 					ieee80211_hw_restart_disconnect(arvif->vif);
8183 				}
8184 		}
8185 	}
8186 
8187 	mutex_unlock(&ar->conf_mutex);
8188 }
8189 
8190 static void
8191 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
8192 				  struct ieee80211_channel *channel)
8193 {
8194 	int ret;
8195 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
8196 
8197 	lockdep_assert_held(&ar->conf_mutex);
8198 
8199 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
8200 	    (ar->rx_channel != channel))
8201 		return;
8202 
8203 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
8204 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
8205 		return;
8206 	}
8207 
8208 	reinit_completion(&ar->bss_survey_done);
8209 
8210 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
8211 	if (ret) {
8212 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
8213 		return;
8214 	}
8215 
8216 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
8217 	if (!ret) {
8218 		ath10k_warn(ar, "bss channel survey timed out\n");
8219 		return;
8220 	}
8221 }
8222 
8223 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
8224 			     struct survey_info *survey)
8225 {
8226 	struct ath10k *ar = hw->priv;
8227 	struct ieee80211_supported_band *sband;
8228 	struct survey_info *ar_survey = &ar->survey[idx];
8229 	int ret = 0;
8230 
8231 	mutex_lock(&ar->conf_mutex);
8232 
8233 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
8234 	if (sband && idx >= sband->n_channels) {
8235 		idx -= sband->n_channels;
8236 		sband = NULL;
8237 	}
8238 
8239 	if (!sband)
8240 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
8241 
8242 	if (!sband || idx >= sband->n_channels) {
8243 		ret = -ENOENT;
8244 		goto exit;
8245 	}
8246 
8247 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
8248 
8249 	spin_lock_bh(&ar->data_lock);
8250 	memcpy(survey, ar_survey, sizeof(*survey));
8251 	spin_unlock_bh(&ar->data_lock);
8252 
8253 	survey->channel = &sband->channels[idx];
8254 
8255 	if (ar->rx_channel == survey->channel)
8256 		survey->filled |= SURVEY_INFO_IN_USE;
8257 
8258 exit:
8259 	mutex_unlock(&ar->conf_mutex);
8260 	return ret;
8261 }
8262 
8263 static bool
8264 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
8265 				       enum nl80211_band band,
8266 				       const struct cfg80211_bitrate_mask *mask,
8267 				       int *nss)
8268 {
8269 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
8270 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8271 	u8 ht_nss_mask = 0;
8272 	u8 vht_nss_mask = 0;
8273 	int i;
8274 
8275 	if (mask->control[band].legacy)
8276 		return false;
8277 
8278 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
8279 		if (mask->control[band].ht_mcs[i] == 0)
8280 			continue;
8281 		else if (mask->control[band].ht_mcs[i] ==
8282 			 sband->ht_cap.mcs.rx_mask[i])
8283 			ht_nss_mask |= BIT(i);
8284 		else
8285 			return false;
8286 	}
8287 
8288 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
8289 		if (mask->control[band].vht_mcs[i] == 0)
8290 			continue;
8291 		else if (mask->control[band].vht_mcs[i] ==
8292 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
8293 			vht_nss_mask |= BIT(i);
8294 		else
8295 			return false;
8296 	}
8297 
8298 	if (ht_nss_mask != vht_nss_mask)
8299 		return false;
8300 
8301 	if (ht_nss_mask == 0)
8302 		return false;
8303 
8304 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
8305 		return false;
8306 
8307 	*nss = fls(ht_nss_mask);
8308 
8309 	return true;
8310 }
8311 
8312 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
8313 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
8314 {
8315 	struct ath10k *ar = arvif->ar;
8316 	u32 vdev_param;
8317 	int ret;
8318 
8319 	lockdep_assert_held(&ar->conf_mutex);
8320 
8321 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02x nss %u sgi %u\n",
8322 		   arvif->vdev_id, rate, nss, sgi);
8323 
8324 	vdev_param = ar->wmi.vdev_param->fixed_rate;
8325 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
8326 	if (ret) {
8327 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
8328 			    rate, ret);
8329 		return ret;
8330 	}
8331 
8332 	vdev_param = ar->wmi.vdev_param->nss;
8333 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
8334 	if (ret) {
8335 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
8336 		return ret;
8337 	}
8338 
8339 	vdev_param = ar->wmi.vdev_param->sgi;
8340 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
8341 	if (ret) {
8342 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
8343 		return ret;
8344 	}
8345 
8346 	vdev_param = ar->wmi.vdev_param->ldpc;
8347 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
8348 	if (ret) {
8349 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
8350 		return ret;
8351 	}
8352 
8353 	return 0;
8354 }
8355 
8356 static bool
8357 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
8358 				enum nl80211_band band,
8359 				const struct cfg80211_bitrate_mask *mask,
8360 				bool allow_pfr)
8361 {
8362 	int i;
8363 	u16 vht_mcs;
8364 
8365 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
8366 	 * to express all VHT MCS rate masks. Effectively only the following
8367 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
8368 	 */
8369 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8370 		vht_mcs = mask->control[band].vht_mcs[i];
8371 
8372 		switch (vht_mcs) {
8373 		case 0:
8374 		case BIT(8) - 1:
8375 		case BIT(9) - 1:
8376 		case BIT(10) - 1:
8377 			break;
8378 		default:
8379 			if (!allow_pfr)
8380 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
8381 			return false;
8382 		}
8383 	}
8384 
8385 	return true;
8386 }
8387 
8388 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
8389 						  struct ath10k_vif *arvif,
8390 						  struct ieee80211_sta *sta)
8391 {
8392 	int err;
8393 	u8 rate = arvif->vht_pfr;
8394 
8395 	/* skip non vht and multiple rate peers */
8396 	if (!sta->deflink.vht_cap.vht_supported || arvif->vht_num_rates != 1)
8397 		return false;
8398 
8399 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8400 					WMI_PEER_PARAM_FIXED_RATE, rate);
8401 	if (err)
8402 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
8403 			    sta->addr, err);
8404 
8405 	return true;
8406 }
8407 
8408 static void ath10k_mac_set_bitrate_mask_iter(void *data,
8409 					     struct ieee80211_sta *sta)
8410 {
8411 	struct ath10k_vif *arvif = data;
8412 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8413 	struct ath10k *ar = arvif->ar;
8414 
8415 	if (arsta->arvif != arvif)
8416 		return;
8417 
8418 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
8419 		return;
8420 
8421 	spin_lock_bh(&ar->data_lock);
8422 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
8423 	spin_unlock_bh(&ar->data_lock);
8424 
8425 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
8426 }
8427 
8428 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
8429 					     struct ieee80211_sta *sta)
8430 {
8431 	struct ath10k_vif *arvif = data;
8432 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8433 	struct ath10k *ar = arvif->ar;
8434 	int err;
8435 
8436 	/* clear vht peers only */
8437 	if (arsta->arvif != arvif || !sta->deflink.vht_cap.vht_supported)
8438 		return;
8439 
8440 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8441 					WMI_PEER_PARAM_FIXED_RATE,
8442 					WMI_FIXED_RATE_NONE);
8443 	if (err)
8444 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
8445 			    sta->addr, err);
8446 }
8447 
8448 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
8449 					  struct ieee80211_vif *vif,
8450 					  const struct cfg80211_bitrate_mask *mask)
8451 {
8452 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8453 	struct cfg80211_chan_def def;
8454 	struct ath10k *ar = arvif->ar;
8455 	enum nl80211_band band;
8456 	const u8 *ht_mcs_mask;
8457 	const u16 *vht_mcs_mask;
8458 	u8 rate;
8459 	u8 nss;
8460 	u8 sgi;
8461 	u8 ldpc;
8462 	int single_nss;
8463 	int ret;
8464 	int vht_num_rates, allow_pfr;
8465 	u8 vht_pfr;
8466 	bool update_bitrate_mask = true;
8467 
8468 	if (ath10k_mac_vif_chan(vif, &def))
8469 		return -EPERM;
8470 
8471 	band = def.chan->band;
8472 	ht_mcs_mask = mask->control[band].ht_mcs;
8473 	vht_mcs_mask = mask->control[band].vht_mcs;
8474 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
8475 
8476 	sgi = mask->control[band].gi;
8477 	if (sgi == NL80211_TXRATE_FORCE_LGI)
8478 		return -EINVAL;
8479 
8480 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
8481 			     ar->normal_mode_fw.fw_file.fw_features);
8482 	if (allow_pfr) {
8483 		mutex_lock(&ar->conf_mutex);
8484 		ieee80211_iterate_stations_atomic(ar->hw,
8485 						  ath10k_mac_clr_bitrate_mask_iter,
8486 						  arvif);
8487 		mutex_unlock(&ar->conf_mutex);
8488 	}
8489 
8490 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
8491 						    &vht_num_rates)) {
8492 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8493 							      &rate, &nss,
8494 							      false);
8495 		if (ret) {
8496 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
8497 				    arvif->vdev_id, ret);
8498 			return ret;
8499 		}
8500 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
8501 							  &single_nss)) {
8502 		rate = WMI_FIXED_RATE_NONE;
8503 		nss = single_nss;
8504 	} else {
8505 		rate = WMI_FIXED_RATE_NONE;
8506 		nss = min(ar->num_rf_chains,
8507 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
8508 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
8509 
8510 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
8511 						     allow_pfr)) {
8512 			u8 vht_nss;
8513 
8514 			if (!allow_pfr || vht_num_rates != 1)
8515 				return -EINVAL;
8516 
8517 			/* Reach here, firmware supports peer fixed rate and has
8518 			 * single vht rate, and don't update vif birate_mask, as
8519 			 * the rate only for specific peer.
8520 			 */
8521 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8522 								&vht_pfr,
8523 								&vht_nss,
8524 								true);
8525 			update_bitrate_mask = false;
8526 		} else {
8527 			vht_pfr = 0;
8528 		}
8529 
8530 		mutex_lock(&ar->conf_mutex);
8531 
8532 		if (update_bitrate_mask)
8533 			arvif->bitrate_mask = *mask;
8534 		arvif->vht_num_rates = vht_num_rates;
8535 		arvif->vht_pfr = vht_pfr;
8536 		ieee80211_iterate_stations_atomic(ar->hw,
8537 						  ath10k_mac_set_bitrate_mask_iter,
8538 						  arvif);
8539 
8540 		mutex_unlock(&ar->conf_mutex);
8541 	}
8542 
8543 	mutex_lock(&ar->conf_mutex);
8544 
8545 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
8546 	if (ret) {
8547 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
8548 			    arvif->vdev_id, ret);
8549 		goto exit;
8550 	}
8551 
8552 exit:
8553 	mutex_unlock(&ar->conf_mutex);
8554 
8555 	return ret;
8556 }
8557 
8558 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
8559 				 struct ieee80211_vif *vif,
8560 				 struct ieee80211_link_sta *link_sta,
8561 				 u32 changed)
8562 {
8563 	struct ieee80211_sta *sta = link_sta->sta;
8564 	struct ath10k *ar = hw->priv;
8565 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8566 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8567 	struct ath10k_peer *peer;
8568 	u32 bw, smps;
8569 
8570 	spin_lock_bh(&ar->data_lock);
8571 
8572 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
8573 	if (!peer) {
8574 		spin_unlock_bh(&ar->data_lock);
8575 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
8576 			    sta->addr, arvif->vdev_id);
8577 		return;
8578 	}
8579 
8580 	ath10k_dbg(ar, ATH10K_DBG_STA,
8581 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
8582 		   sta->addr, changed, sta->deflink.bandwidth,
8583 		   sta->deflink.rx_nss,
8584 		   sta->deflink.smps_mode);
8585 
8586 	if (changed & IEEE80211_RC_BW_CHANGED) {
8587 		bw = WMI_PEER_CHWIDTH_20MHZ;
8588 
8589 		switch (sta->deflink.bandwidth) {
8590 		case IEEE80211_STA_RX_BW_20:
8591 			bw = WMI_PEER_CHWIDTH_20MHZ;
8592 			break;
8593 		case IEEE80211_STA_RX_BW_40:
8594 			bw = WMI_PEER_CHWIDTH_40MHZ;
8595 			break;
8596 		case IEEE80211_STA_RX_BW_80:
8597 			bw = WMI_PEER_CHWIDTH_80MHZ;
8598 			break;
8599 		case IEEE80211_STA_RX_BW_160:
8600 			bw = WMI_PEER_CHWIDTH_160MHZ;
8601 			break;
8602 		default:
8603 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
8604 				    sta->deflink.bandwidth, sta->addr);
8605 			bw = WMI_PEER_CHWIDTH_20MHZ;
8606 			break;
8607 		}
8608 
8609 		arsta->bw = bw;
8610 	}
8611 
8612 	if (changed & IEEE80211_RC_NSS_CHANGED)
8613 		arsta->nss = sta->deflink.rx_nss;
8614 
8615 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
8616 		smps = WMI_PEER_SMPS_PS_NONE;
8617 
8618 		switch (sta->deflink.smps_mode) {
8619 		case IEEE80211_SMPS_AUTOMATIC:
8620 		case IEEE80211_SMPS_OFF:
8621 			smps = WMI_PEER_SMPS_PS_NONE;
8622 			break;
8623 		case IEEE80211_SMPS_STATIC:
8624 			smps = WMI_PEER_SMPS_STATIC;
8625 			break;
8626 		case IEEE80211_SMPS_DYNAMIC:
8627 			smps = WMI_PEER_SMPS_DYNAMIC;
8628 			break;
8629 		case IEEE80211_SMPS_NUM_MODES:
8630 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
8631 				    sta->deflink.smps_mode, sta->addr);
8632 			smps = WMI_PEER_SMPS_PS_NONE;
8633 			break;
8634 		}
8635 
8636 		arsta->smps = smps;
8637 	}
8638 
8639 	arsta->changed |= changed;
8640 
8641 	spin_unlock_bh(&ar->data_lock);
8642 
8643 	ieee80211_queue_work(hw, &arsta->update_wk);
8644 }
8645 
8646 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
8647 			      struct ieee80211_vif *vif, s64 tsf_offset)
8648 {
8649 	struct ath10k *ar = hw->priv;
8650 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8651 	u32 offset, vdev_param;
8652 	int ret;
8653 
8654 	if (tsf_offset < 0) {
8655 		vdev_param = ar->wmi.vdev_param->dec_tsf;
8656 		offset = -tsf_offset;
8657 	} else {
8658 		vdev_param = ar->wmi.vdev_param->inc_tsf;
8659 		offset = tsf_offset;
8660 	}
8661 
8662 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
8663 					vdev_param, offset);
8664 
8665 	if (ret && ret != -EOPNOTSUPP)
8666 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
8667 			    offset, vdev_param, ret);
8668 }
8669 
8670 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
8671 			       struct ieee80211_vif *vif,
8672 			       struct ieee80211_ampdu_params *params)
8673 {
8674 	struct ath10k *ar = hw->priv;
8675 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8676 	struct ieee80211_sta *sta = params->sta;
8677 	enum ieee80211_ampdu_mlme_action action = params->action;
8678 	u16 tid = params->tid;
8679 
8680 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %u action %d\n",
8681 		   arvif->vdev_id, sta->addr, tid, action);
8682 
8683 	switch (action) {
8684 	case IEEE80211_AMPDU_RX_START:
8685 	case IEEE80211_AMPDU_RX_STOP:
8686 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
8687 		 * creation/removal. Do we need to verify this?
8688 		 */
8689 		return 0;
8690 	case IEEE80211_AMPDU_TX_START:
8691 	case IEEE80211_AMPDU_TX_STOP_CONT:
8692 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
8693 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
8694 	case IEEE80211_AMPDU_TX_OPERATIONAL:
8695 		/* Firmware offloads Tx aggregation entirely so deny mac80211
8696 		 * Tx aggregation requests.
8697 		 */
8698 		return -EOPNOTSUPP;
8699 	}
8700 
8701 	return -EINVAL;
8702 }
8703 
8704 static void
8705 ath10k_mac_update_rx_channel(struct ath10k *ar,
8706 			     struct ieee80211_chanctx_conf *ctx,
8707 			     struct ieee80211_vif_chanctx_switch *vifs,
8708 			     int n_vifs)
8709 {
8710 	struct cfg80211_chan_def *def = NULL;
8711 
8712 	/* Both locks are required because ar->rx_channel is modified. This
8713 	 * allows readers to hold either lock.
8714 	 */
8715 	lockdep_assert_held(&ar->conf_mutex);
8716 	lockdep_assert_held(&ar->data_lock);
8717 
8718 	WARN_ON(ctx && vifs);
8719 	WARN_ON(vifs && !n_vifs);
8720 
8721 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
8722 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
8723 	 * ppdu on Rx may reduce performance on low-end systems. It should be
8724 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
8725 	 * cpu data cache lines though regarding sizes) but to keep the initial
8726 	 * implementation simple and less intrusive fallback to the slow lookup
8727 	 * only for multi-channel cases. Single-channel cases will remain to
8728 	 * use the old channel derival and thus performance should not be
8729 	 * affected much.
8730 	 */
8731 	rcu_read_lock();
8732 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
8733 		ieee80211_iter_chan_contexts_atomic(ar->hw,
8734 						    ath10k_mac_get_any_chandef_iter,
8735 						    &def);
8736 
8737 		if (vifs)
8738 			def = &vifs[0].new_ctx->def;
8739 
8740 		ar->rx_channel = def->chan;
8741 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
8742 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
8743 		/* During driver restart due to firmware assert, since mac80211
8744 		 * already has valid channel context for given radio, channel
8745 		 * context iteration return num_chanctx > 0. So fix rx_channel
8746 		 * when restart is in progress.
8747 		 */
8748 		ar->rx_channel = ctx->def.chan;
8749 	} else {
8750 		ar->rx_channel = NULL;
8751 	}
8752 	rcu_read_unlock();
8753 }
8754 
8755 static void
8756 ath10k_mac_update_vif_chan(struct ath10k *ar,
8757 			   struct ieee80211_vif_chanctx_switch *vifs,
8758 			   int n_vifs)
8759 {
8760 	struct ath10k_vif *arvif;
8761 	int ret;
8762 	int i;
8763 
8764 	lockdep_assert_held(&ar->conf_mutex);
8765 
8766 	/* First stop monitor interface. Some FW versions crash if there's a
8767 	 * lone monitor interface.
8768 	 */
8769 	if (ar->monitor_started)
8770 		ath10k_monitor_stop(ar);
8771 
8772 	for (i = 0; i < n_vifs; i++) {
8773 		arvif = (void *)vifs[i].vif->drv_priv;
8774 
8775 		ath10k_dbg(ar, ATH10K_DBG_MAC,
8776 			   "mac chanctx switch vdev_id %i freq %u->%u width %d->%d\n",
8777 			   arvif->vdev_id,
8778 			   vifs[i].old_ctx->def.chan->center_freq,
8779 			   vifs[i].new_ctx->def.chan->center_freq,
8780 			   vifs[i].old_ctx->def.width,
8781 			   vifs[i].new_ctx->def.width);
8782 
8783 		if (WARN_ON(!arvif->is_started))
8784 			continue;
8785 
8786 		if (WARN_ON(!arvif->is_up))
8787 			continue;
8788 
8789 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8790 		if (ret) {
8791 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
8792 				    arvif->vdev_id, ret);
8793 			continue;
8794 		}
8795 	}
8796 
8797 	/* All relevant vdevs are downed and associated channel resources
8798 	 * should be available for the channel switch now.
8799 	 */
8800 
8801 	spin_lock_bh(&ar->data_lock);
8802 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
8803 	spin_unlock_bh(&ar->data_lock);
8804 
8805 	for (i = 0; i < n_vifs; i++) {
8806 		arvif = (void *)vifs[i].vif->drv_priv;
8807 
8808 		if (WARN_ON(!arvif->is_started))
8809 			continue;
8810 
8811 		if (WARN_ON(!arvif->is_up))
8812 			continue;
8813 
8814 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
8815 		if (ret)
8816 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
8817 				    ret);
8818 
8819 		ret = ath10k_mac_setup_prb_tmpl(arvif);
8820 		if (ret)
8821 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
8822 				    ret);
8823 
8824 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
8825 		if (ret) {
8826 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
8827 				    arvif->vdev_id, ret);
8828 			continue;
8829 		}
8830 
8831 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
8832 					 arvif->bssid);
8833 		if (ret) {
8834 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
8835 				    arvif->vdev_id, ret);
8836 			continue;
8837 		}
8838 	}
8839 
8840 	ath10k_monitor_recalc(ar);
8841 }
8842 
8843 static int
8844 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
8845 			  struct ieee80211_chanctx_conf *ctx)
8846 {
8847 	struct ath10k *ar = hw->priv;
8848 
8849 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8850 		   "mac chanctx add freq %u width %d ptr %p\n",
8851 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8852 
8853 	mutex_lock(&ar->conf_mutex);
8854 
8855 	spin_lock_bh(&ar->data_lock);
8856 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
8857 	spin_unlock_bh(&ar->data_lock);
8858 
8859 	ath10k_recalc_radar_detection(ar);
8860 	ath10k_monitor_recalc(ar);
8861 
8862 	mutex_unlock(&ar->conf_mutex);
8863 
8864 	return 0;
8865 }
8866 
8867 static void
8868 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
8869 			     struct ieee80211_chanctx_conf *ctx)
8870 {
8871 	struct ath10k *ar = hw->priv;
8872 
8873 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8874 		   "mac chanctx remove freq %u width %d ptr %p\n",
8875 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8876 
8877 	mutex_lock(&ar->conf_mutex);
8878 
8879 	spin_lock_bh(&ar->data_lock);
8880 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
8881 	spin_unlock_bh(&ar->data_lock);
8882 
8883 	ath10k_recalc_radar_detection(ar);
8884 	ath10k_monitor_recalc(ar);
8885 
8886 	mutex_unlock(&ar->conf_mutex);
8887 }
8888 
8889 struct ath10k_mac_change_chanctx_arg {
8890 	struct ieee80211_chanctx_conf *ctx;
8891 	struct ieee80211_vif_chanctx_switch *vifs;
8892 	int n_vifs;
8893 	int next_vif;
8894 };
8895 
8896 static void
8897 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8898 				   struct ieee80211_vif *vif)
8899 {
8900 	struct ath10k_mac_change_chanctx_arg *arg = data;
8901 
8902 	if (rcu_access_pointer(vif->bss_conf.chanctx_conf) != arg->ctx)
8903 		return;
8904 
8905 	arg->n_vifs++;
8906 }
8907 
8908 static void
8909 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8910 				    struct ieee80211_vif *vif)
8911 {
8912 	struct ath10k_mac_change_chanctx_arg *arg = data;
8913 	struct ieee80211_chanctx_conf *ctx;
8914 
8915 	ctx = rcu_access_pointer(vif->bss_conf.chanctx_conf);
8916 	if (ctx != arg->ctx)
8917 		return;
8918 
8919 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8920 		return;
8921 
8922 	arg->vifs[arg->next_vif].vif = vif;
8923 	arg->vifs[arg->next_vif].old_ctx = ctx;
8924 	arg->vifs[arg->next_vif].new_ctx = ctx;
8925 	arg->next_vif++;
8926 }
8927 
8928 static void
8929 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8930 			     struct ieee80211_chanctx_conf *ctx,
8931 			     u32 changed)
8932 {
8933 	struct ath10k *ar = hw->priv;
8934 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8935 
8936 	mutex_lock(&ar->conf_mutex);
8937 
8938 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8939 		   "mac chanctx change freq %u width %d ptr %p changed %x\n",
8940 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8941 
8942 	/* This shouldn't really happen because channel switching should use
8943 	 * switch_vif_chanctx().
8944 	 */
8945 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8946 		goto unlock;
8947 
8948 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8949 		ieee80211_iterate_active_interfaces_atomic(
8950 					hw,
8951 					ATH10K_ITER_NORMAL_FLAGS,
8952 					ath10k_mac_change_chanctx_cnt_iter,
8953 					&arg);
8954 		if (arg.n_vifs == 0)
8955 			goto radar;
8956 
8957 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8958 				   GFP_KERNEL);
8959 		if (!arg.vifs)
8960 			goto radar;
8961 
8962 		ieee80211_iterate_active_interfaces_atomic(
8963 					hw,
8964 					ATH10K_ITER_NORMAL_FLAGS,
8965 					ath10k_mac_change_chanctx_fill_iter,
8966 					&arg);
8967 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8968 		kfree(arg.vifs);
8969 	}
8970 
8971 radar:
8972 	ath10k_recalc_radar_detection(ar);
8973 
8974 	/* FIXME: How to configure Rx chains properly? */
8975 
8976 	/* No other actions are actually necessary. Firmware maintains channel
8977 	 * definitions per vdev internally and there's no host-side channel
8978 	 * context abstraction to configure, e.g. channel width.
8979 	 */
8980 
8981 unlock:
8982 	mutex_unlock(&ar->conf_mutex);
8983 }
8984 
8985 static int
8986 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8987 				 struct ieee80211_vif *vif,
8988 				 struct ieee80211_bss_conf *link_conf,
8989 				 struct ieee80211_chanctx_conf *ctx)
8990 {
8991 	struct ath10k *ar = hw->priv;
8992 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8993 	int ret;
8994 
8995 	mutex_lock(&ar->conf_mutex);
8996 
8997 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8998 		   "mac chanctx assign ptr %p vdev_id %i\n",
8999 		   ctx, arvif->vdev_id);
9000 
9001 	if (WARN_ON(arvif->is_started)) {
9002 		mutex_unlock(&ar->conf_mutex);
9003 		return -EBUSY;
9004 	}
9005 
9006 	ret = ath10k_vdev_start(arvif, &ctx->def);
9007 	if (ret) {
9008 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
9009 			    arvif->vdev_id, vif->addr,
9010 			    ctx->def.chan->center_freq, ret);
9011 		goto err;
9012 	}
9013 
9014 	arvif->is_started = true;
9015 
9016 	ret = ath10k_mac_vif_setup_ps(arvif);
9017 	if (ret) {
9018 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
9019 			    arvif->vdev_id, ret);
9020 		goto err_stop;
9021 	}
9022 
9023 	if (vif->type == NL80211_IFTYPE_MONITOR) {
9024 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
9025 		if (ret) {
9026 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
9027 				    arvif->vdev_id, ret);
9028 			goto err_stop;
9029 		}
9030 
9031 		arvif->is_up = true;
9032 	}
9033 
9034 	if (ath10k_mac_can_set_cts_prot(arvif)) {
9035 		ret = ath10k_mac_set_cts_prot(arvif);
9036 		if (ret)
9037 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
9038 				    arvif->vdev_id, ret);
9039 	}
9040 
9041 	if (ath10k_peer_stats_enabled(ar) &&
9042 	    ar->hw_params.tx_stats_over_pktlog) {
9043 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
9044 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
9045 						    ar->pktlog_filter);
9046 		if (ret) {
9047 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
9048 			goto err_stop;
9049 		}
9050 	}
9051 
9052 	mutex_unlock(&ar->conf_mutex);
9053 	return 0;
9054 
9055 err_stop:
9056 	ath10k_vdev_stop(arvif);
9057 	arvif->is_started = false;
9058 	ath10k_mac_vif_setup_ps(arvif);
9059 
9060 err:
9061 	mutex_unlock(&ar->conf_mutex);
9062 	return ret;
9063 }
9064 
9065 static void
9066 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
9067 				   struct ieee80211_vif *vif,
9068 				   struct ieee80211_bss_conf *link_conf,
9069 				   struct ieee80211_chanctx_conf *ctx)
9070 {
9071 	struct ath10k *ar = hw->priv;
9072 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9073 	int ret;
9074 
9075 	mutex_lock(&ar->conf_mutex);
9076 
9077 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9078 		   "mac chanctx unassign ptr %p vdev_id %i\n",
9079 		   ctx, arvif->vdev_id);
9080 
9081 	WARN_ON(!arvif->is_started);
9082 
9083 	if (vif->type == NL80211_IFTYPE_MONITOR) {
9084 		WARN_ON(!arvif->is_up);
9085 
9086 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
9087 		if (ret)
9088 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
9089 				    arvif->vdev_id, ret);
9090 
9091 		arvif->is_up = false;
9092 	}
9093 
9094 	ret = ath10k_vdev_stop(arvif);
9095 	if (ret)
9096 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
9097 			    arvif->vdev_id, ret);
9098 
9099 	arvif->is_started = false;
9100 
9101 	mutex_unlock(&ar->conf_mutex);
9102 }
9103 
9104 static int
9105 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
9106 				 struct ieee80211_vif_chanctx_switch *vifs,
9107 				 int n_vifs,
9108 				 enum ieee80211_chanctx_switch_mode mode)
9109 {
9110 	struct ath10k *ar = hw->priv;
9111 
9112 	mutex_lock(&ar->conf_mutex);
9113 
9114 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9115 		   "mac chanctx switch n_vifs %d mode %d\n",
9116 		   n_vifs, mode);
9117 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
9118 
9119 	mutex_unlock(&ar->conf_mutex);
9120 	return 0;
9121 }
9122 
9123 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
9124 					     struct ieee80211_vif *vif,
9125 					     struct ieee80211_sta *sta)
9126 {
9127 	struct ath10k *ar;
9128 	struct ath10k_peer *peer;
9129 
9130 	ar = hw->priv;
9131 
9132 	list_for_each_entry(peer, &ar->peers, list)
9133 		if (peer->sta == sta)
9134 			peer->removed = true;
9135 }
9136 
9137 /* HT MCS parameters with Nss = 1 */
9138 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss1[] = {
9139 	/* MCS  L20   L40   S20  S40 */
9140 	{0,  { 65,  135,  72,  150} },
9141 	{1,  { 130, 270,  144, 300} },
9142 	{2,  { 195, 405,  217, 450} },
9143 	{3,  { 260, 540,  289, 600} },
9144 	{4,  { 390, 810,  433, 900} },
9145 	{5,  { 520, 1080, 578, 1200} },
9146 	{6,  { 585, 1215, 650, 1350} },
9147 	{7,  { 650, 1350, 722, 1500} }
9148 };
9149 
9150 /* HT MCS parameters with Nss = 2 */
9151 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss2[] = {
9152 	/* MCS  L20    L40   S20   S40 */
9153 	{0,  {130,  270,  144,  300} },
9154 	{1,  {260,  540,  289,  600} },
9155 	{2,  {390,  810,  433,  900} },
9156 	{3,  {520,  1080, 578,  1200} },
9157 	{4,  {780,  1620, 867,  1800} },
9158 	{5,  {1040, 2160, 1156, 2400} },
9159 	{6,  {1170, 2430, 1300, 2700} },
9160 	{7,  {1300, 2700, 1444, 3000} }
9161 };
9162 
9163 /* MCS parameters with Nss = 1 */
9164 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[] = {
9165 	/* MCS  L80    S80     L40   S40    L20   S20 */
9166 	{0,  {293,  325},  {135,  150},  {65,   72} },
9167 	{1,  {585,  650},  {270,  300},  {130,  144} },
9168 	{2,  {878,  975},  {405,  450},  {195,  217} },
9169 	{3,  {1170, 1300}, {540,  600},  {260,  289} },
9170 	{4,  {1755, 1950}, {810,  900},  {390,  433} },
9171 	{5,  {2340, 2600}, {1080, 1200}, {520,  578} },
9172 	{6,  {2633, 2925}, {1215, 1350}, {585,  650} },
9173 	{7,  {2925, 3250}, {1350, 1500}, {650,  722} },
9174 	{8,  {3510, 3900}, {1620, 1800}, {780,  867} },
9175 	{9,  {3900, 4333}, {1800, 2000}, {865,  960} }
9176 };
9177 
9178 /*MCS parameters with Nss = 2 */
9179 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[] = {
9180 	/* MCS  L80    S80     L40   S40    L20   S20 */
9181 	{0,  {585,  650},  {270,  300},  {130,  144} },
9182 	{1,  {1170, 1300}, {540,  600},  {260,  289} },
9183 	{2,  {1755, 1950}, {810,  900},  {390,  433} },
9184 	{3,  {2340, 2600}, {1080, 1200}, {520,  578} },
9185 	{4,  {3510, 3900}, {1620, 1800}, {780,  867} },
9186 	{5,  {4680, 5200}, {2160, 2400}, {1040, 1156} },
9187 	{6,  {5265, 5850}, {2430, 2700}, {1170, 1300} },
9188 	{7,  {5850, 6500}, {2700, 3000}, {1300, 1444} },
9189 	{8,  {7020, 7800}, {3240, 3600}, {1560, 1733} },
9190 	{9,  {7800, 8667}, {3600, 4000}, {1730, 1920} }
9191 };
9192 
9193 static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9194 					 u8 *flags, u8 *bw)
9195 {
9196 	struct ath10k_index_ht_data_rate_type *mcs_rate;
9197 	u8 index;
9198 	size_t len_nss1 = ARRAY_SIZE(supported_ht_mcs_rate_nss1);
9199 	size_t len_nss2 = ARRAY_SIZE(supported_ht_mcs_rate_nss2);
9200 
9201 	if (mcs >= (len_nss1 + len_nss2)) {
9202 		ath10k_warn(ar, "not supported mcs %d in current rate table", mcs);
9203 		return;
9204 	}
9205 
9206 	mcs_rate = (struct ath10k_index_ht_data_rate_type *)
9207 		   ((nss == 1) ? &supported_ht_mcs_rate_nss1 :
9208 		   &supported_ht_mcs_rate_nss2);
9209 
9210 	if (mcs >= len_nss1)
9211 		index = mcs - len_nss1;
9212 	else
9213 		index = mcs;
9214 
9215 	if (rate == mcs_rate[index].supported_rate[0]) {
9216 		*bw = RATE_INFO_BW_20;
9217 	} else if (rate == mcs_rate[index].supported_rate[1]) {
9218 		*bw |= RATE_INFO_BW_40;
9219 	} else if (rate == mcs_rate[index].supported_rate[2]) {
9220 		*bw |= RATE_INFO_BW_20;
9221 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9222 	} else if (rate == mcs_rate[index].supported_rate[3]) {
9223 		*bw |= RATE_INFO_BW_40;
9224 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9225 	} else {
9226 		ath10k_warn(ar, "invalid ht params rate %d 100kbps nss %d mcs %d",
9227 			    rate, nss, mcs);
9228 	}
9229 }
9230 
9231 static void ath10k_mac_get_rate_flags_vht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9232 					  u8 *flags, u8 *bw)
9233 {
9234 	struct ath10k_index_vht_data_rate_type *mcs_rate;
9235 
9236 	mcs_rate = (struct ath10k_index_vht_data_rate_type *)
9237 		   ((nss == 1) ? &supported_vht_mcs_rate_nss1 :
9238 		   &supported_vht_mcs_rate_nss2);
9239 
9240 	if (rate == mcs_rate[mcs].supported_VHT80_rate[0]) {
9241 		*bw = RATE_INFO_BW_80;
9242 	} else if (rate == mcs_rate[mcs].supported_VHT80_rate[1]) {
9243 		*bw = RATE_INFO_BW_80;
9244 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9245 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[0]) {
9246 		*bw = RATE_INFO_BW_40;
9247 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[1]) {
9248 		*bw = RATE_INFO_BW_40;
9249 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9250 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[0]) {
9251 		*bw = RATE_INFO_BW_20;
9252 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[1]) {
9253 		*bw = RATE_INFO_BW_20;
9254 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9255 	} else {
9256 		ath10k_warn(ar, "invalid vht params rate %d 100kbps nss %d mcs %d",
9257 			    rate, nss, mcs);
9258 	}
9259 }
9260 
9261 static void ath10k_mac_get_rate_flags(struct ath10k *ar, u32 rate,
9262 				      enum ath10k_phy_mode mode, u8 nss, u8 mcs,
9263 				      u8 *flags, u8 *bw)
9264 {
9265 	if (mode == ATH10K_PHY_MODE_HT) {
9266 		*flags = RATE_INFO_FLAGS_MCS;
9267 		ath10k_mac_get_rate_flags_ht(ar, rate, nss, mcs, flags, bw);
9268 	} else if (mode == ATH10K_PHY_MODE_VHT) {
9269 		*flags = RATE_INFO_FLAGS_VHT_MCS;
9270 		ath10k_mac_get_rate_flags_vht(ar, rate, nss, mcs, flags, bw);
9271 	}
9272 }
9273 
9274 static void ath10k_mac_parse_bitrate(struct ath10k *ar, u32 rate_code,
9275 				     u32 bitrate_kbps, struct rate_info *rate)
9276 {
9277 	enum ath10k_phy_mode mode = ATH10K_PHY_MODE_LEGACY;
9278 	enum wmi_rate_preamble preamble = WMI_TLV_GET_HW_RC_PREAM_V1(rate_code);
9279 	u8 nss = WMI_TLV_GET_HW_RC_NSS_V1(rate_code) + 1;
9280 	u8 mcs = WMI_TLV_GET_HW_RC_RATE_V1(rate_code);
9281 	u8 flags = 0, bw = 0;
9282 
9283 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac parse rate code 0x%x bitrate %d kbps\n",
9284 		   rate_code, bitrate_kbps);
9285 
9286 	if (preamble == WMI_RATE_PREAMBLE_HT)
9287 		mode = ATH10K_PHY_MODE_HT;
9288 	else if (preamble == WMI_RATE_PREAMBLE_VHT)
9289 		mode = ATH10K_PHY_MODE_VHT;
9290 
9291 	ath10k_mac_get_rate_flags(ar, bitrate_kbps / 100, mode, nss, mcs, &flags, &bw);
9292 
9293 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9294 		   "mac parse bitrate preamble %d mode %d nss %d mcs %d flags %x bw %d\n",
9295 		   preamble, mode, nss, mcs, flags, bw);
9296 
9297 	rate->flags = flags;
9298 	rate->bw = bw;
9299 	rate->legacy = bitrate_kbps / 100;
9300 	rate->nss = nss;
9301 	rate->mcs = mcs;
9302 }
9303 
9304 static void ath10k_mac_sta_get_peer_stats_info(struct ath10k *ar,
9305 					       struct ieee80211_sta *sta,
9306 					       struct station_info *sinfo)
9307 {
9308 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9309 	struct ath10k_peer *peer;
9310 	unsigned long time_left;
9311 	int ret;
9312 
9313 	if (!(ar->hw_params.supports_peer_stats_info &&
9314 	      arsta->arvif->vdev_type == WMI_VDEV_TYPE_STA))
9315 		return;
9316 
9317 	spin_lock_bh(&ar->data_lock);
9318 	peer = ath10k_peer_find(ar, arsta->arvif->vdev_id, sta->addr);
9319 	spin_unlock_bh(&ar->data_lock);
9320 	if (!peer)
9321 		return;
9322 
9323 	reinit_completion(&ar->peer_stats_info_complete);
9324 
9325 	ret = ath10k_wmi_request_peer_stats_info(ar,
9326 						 arsta->arvif->vdev_id,
9327 						 WMI_REQUEST_ONE_PEER_STATS_INFO,
9328 						 arsta->arvif->bssid,
9329 						 0);
9330 	if (ret && ret != -EOPNOTSUPP) {
9331 		ath10k_warn(ar, "could not request peer stats info: %d\n", ret);
9332 		return;
9333 	}
9334 
9335 	time_left = wait_for_completion_timeout(&ar->peer_stats_info_complete, 3 * HZ);
9336 	if (time_left == 0) {
9337 		ath10k_warn(ar, "timed out waiting peer stats info\n");
9338 		return;
9339 	}
9340 
9341 	if (arsta->rx_rate_code != 0 && arsta->rx_bitrate_kbps != 0) {
9342 		ath10k_mac_parse_bitrate(ar, arsta->rx_rate_code,
9343 					 arsta->rx_bitrate_kbps,
9344 					 &sinfo->rxrate);
9345 
9346 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
9347 		arsta->rx_rate_code = 0;
9348 		arsta->rx_bitrate_kbps = 0;
9349 	}
9350 
9351 	if (arsta->tx_rate_code != 0 && arsta->tx_bitrate_kbps != 0) {
9352 		ath10k_mac_parse_bitrate(ar, arsta->tx_rate_code,
9353 					 arsta->tx_bitrate_kbps,
9354 					 &sinfo->txrate);
9355 
9356 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9357 		arsta->tx_rate_code = 0;
9358 		arsta->tx_bitrate_kbps = 0;
9359 	}
9360 }
9361 
9362 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
9363 				  struct ieee80211_vif *vif,
9364 				  struct ieee80211_sta *sta,
9365 				  struct station_info *sinfo)
9366 {
9367 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9368 	struct ath10k *ar = arsta->arvif->ar;
9369 
9370 	if (!ath10k_peer_stats_enabled(ar))
9371 		return;
9372 
9373 	mutex_lock(&ar->conf_mutex);
9374 	ath10k_debug_fw_stats_request(ar);
9375 	mutex_unlock(&ar->conf_mutex);
9376 
9377 	sinfo->rx_duration = arsta->rx_duration;
9378 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
9379 
9380 	if (arsta->txrate.legacy || arsta->txrate.nss) {
9381 		if (arsta->txrate.legacy) {
9382 			sinfo->txrate.legacy = arsta->txrate.legacy;
9383 		} else {
9384 			sinfo->txrate.mcs = arsta->txrate.mcs;
9385 			sinfo->txrate.nss = arsta->txrate.nss;
9386 			sinfo->txrate.bw = arsta->txrate.bw;
9387 		}
9388 		sinfo->txrate.flags = arsta->txrate.flags;
9389 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9390 	}
9391 
9392 	if (ar->htt.disable_tx_comp) {
9393 		sinfo->tx_failed = arsta->tx_failed;
9394 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
9395 	}
9396 
9397 	sinfo->tx_retries = arsta->tx_retries;
9398 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
9399 
9400 	ath10k_mac_sta_get_peer_stats_info(ar, sta, sinfo);
9401 }
9402 
9403 static int ath10k_mac_op_set_tid_config(struct ieee80211_hw *hw,
9404 					struct ieee80211_vif *vif,
9405 					struct ieee80211_sta *sta,
9406 					struct cfg80211_tid_config *tid_config)
9407 {
9408 	struct ath10k *ar = hw->priv;
9409 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9410 	struct ath10k_mac_iter_tid_conf_data data = {};
9411 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
9412 	int ret, i;
9413 
9414 	mutex_lock(&ar->conf_mutex);
9415 	arg.vdev_id = arvif->vdev_id;
9416 
9417 	arvif->tids_rst = 0;
9418 	memset(arvif->tid_conf_changed, 0, sizeof(arvif->tid_conf_changed));
9419 
9420 	for (i = 0; i < tid_config->n_tid_conf; i++) {
9421 		ret = ath10k_mac_parse_tid_config(ar, sta, vif,
9422 						  &tid_config->tid_conf[i],
9423 						  &arg);
9424 		if (ret)
9425 			goto exit;
9426 	}
9427 
9428 	ret = 0;
9429 
9430 	if (sta)
9431 		goto exit;
9432 
9433 	arvif->tids_rst = 0;
9434 	data.curr_vif = vif;
9435 	data.ar = ar;
9436 
9437 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9438 					  &data);
9439 
9440 exit:
9441 	mutex_unlock(&ar->conf_mutex);
9442 	return ret;
9443 }
9444 
9445 static int ath10k_mac_op_reset_tid_config(struct ieee80211_hw *hw,
9446 					  struct ieee80211_vif *vif,
9447 					  struct ieee80211_sta *sta,
9448 					  u8 tids)
9449 {
9450 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9451 	struct ath10k_mac_iter_tid_conf_data data = {};
9452 	struct ath10k *ar = hw->priv;
9453 	int ret = 0;
9454 
9455 	mutex_lock(&ar->conf_mutex);
9456 
9457 	if (sta) {
9458 		arvif->tids_rst = 0;
9459 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif, tids);
9460 		goto exit;
9461 	}
9462 
9463 	arvif->tids_rst = tids;
9464 	data.curr_vif = vif;
9465 	data.ar = ar;
9466 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9467 					  &data);
9468 
9469 exit:
9470 	mutex_unlock(&ar->conf_mutex);
9471 	return ret;
9472 }
9473 
9474 static const struct ieee80211_ops ath10k_ops = {
9475 	.tx				= ath10k_mac_op_tx,
9476 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
9477 	.start				= ath10k_start,
9478 	.stop				= ath10k_stop,
9479 	.config				= ath10k_config,
9480 	.add_interface			= ath10k_add_interface,
9481 	.update_vif_offload		= ath10k_update_vif_offload,
9482 	.remove_interface		= ath10k_remove_interface,
9483 	.configure_filter		= ath10k_configure_filter,
9484 	.bss_info_changed		= ath10k_bss_info_changed,
9485 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
9486 	.hw_scan			= ath10k_hw_scan,
9487 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
9488 	.set_key			= ath10k_set_key,
9489 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
9490 	.sta_state			= ath10k_sta_state,
9491 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
9492 	.conf_tx			= ath10k_conf_tx,
9493 	.remain_on_channel		= ath10k_remain_on_channel,
9494 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
9495 	.set_rts_threshold		= ath10k_set_rts_threshold,
9496 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
9497 	.flush				= ath10k_flush,
9498 	.tx_last_beacon			= ath10k_tx_last_beacon,
9499 	.set_antenna			= ath10k_set_antenna,
9500 	.get_antenna			= ath10k_get_antenna,
9501 	.reconfig_complete		= ath10k_reconfig_complete,
9502 	.get_survey			= ath10k_get_survey,
9503 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
9504 	.link_sta_rc_update		= ath10k_sta_rc_update,
9505 	.offset_tsf			= ath10k_offset_tsf,
9506 	.ampdu_action			= ath10k_ampdu_action,
9507 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
9508 	.get_et_stats			= ath10k_debug_get_et_stats,
9509 	.get_et_strings			= ath10k_debug_get_et_strings,
9510 	.add_chanctx			= ath10k_mac_op_add_chanctx,
9511 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
9512 	.change_chanctx			= ath10k_mac_op_change_chanctx,
9513 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
9514 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
9515 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
9516 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
9517 	.sta_statistics			= ath10k_sta_statistics,
9518 	.set_tid_config			= ath10k_mac_op_set_tid_config,
9519 	.reset_tid_config		= ath10k_mac_op_reset_tid_config,
9520 
9521 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
9522 
9523 #ifdef CONFIG_PM
9524 	.suspend			= ath10k_wow_op_suspend,
9525 	.resume				= ath10k_wow_op_resume,
9526 	.set_wakeup			= ath10k_wow_op_set_wakeup,
9527 #endif
9528 #ifdef CONFIG_MAC80211_DEBUGFS
9529 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
9530 #endif
9531 	.set_sar_specs			= ath10k_mac_set_sar_specs,
9532 };
9533 
9534 #define CHAN2G(_channel, _freq, _flags) { \
9535 	.band			= NL80211_BAND_2GHZ, \
9536 	.hw_value		= (_channel), \
9537 	.center_freq		= (_freq), \
9538 	.flags			= (_flags), \
9539 	.max_antenna_gain	= 0, \
9540 	.max_power		= 30, \
9541 }
9542 
9543 #define CHAN5G(_channel, _freq, _flags) { \
9544 	.band			= NL80211_BAND_5GHZ, \
9545 	.hw_value		= (_channel), \
9546 	.center_freq		= (_freq), \
9547 	.flags			= (_flags), \
9548 	.max_antenna_gain	= 0, \
9549 	.max_power		= 30, \
9550 }
9551 
9552 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
9553 	CHAN2G(1, 2412, 0),
9554 	CHAN2G(2, 2417, 0),
9555 	CHAN2G(3, 2422, 0),
9556 	CHAN2G(4, 2427, 0),
9557 	CHAN2G(5, 2432, 0),
9558 	CHAN2G(6, 2437, 0),
9559 	CHAN2G(7, 2442, 0),
9560 	CHAN2G(8, 2447, 0),
9561 	CHAN2G(9, 2452, 0),
9562 	CHAN2G(10, 2457, 0),
9563 	CHAN2G(11, 2462, 0),
9564 	CHAN2G(12, 2467, 0),
9565 	CHAN2G(13, 2472, 0),
9566 	CHAN2G(14, 2484, 0),
9567 };
9568 
9569 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
9570 	CHAN5G(36, 5180, 0),
9571 	CHAN5G(40, 5200, 0),
9572 	CHAN5G(44, 5220, 0),
9573 	CHAN5G(48, 5240, 0),
9574 	CHAN5G(52, 5260, 0),
9575 	CHAN5G(56, 5280, 0),
9576 	CHAN5G(60, 5300, 0),
9577 	CHAN5G(64, 5320, 0),
9578 	CHAN5G(100, 5500, 0),
9579 	CHAN5G(104, 5520, 0),
9580 	CHAN5G(108, 5540, 0),
9581 	CHAN5G(112, 5560, 0),
9582 	CHAN5G(116, 5580, 0),
9583 	CHAN5G(120, 5600, 0),
9584 	CHAN5G(124, 5620, 0),
9585 	CHAN5G(128, 5640, 0),
9586 	CHAN5G(132, 5660, 0),
9587 	CHAN5G(136, 5680, 0),
9588 	CHAN5G(140, 5700, 0),
9589 	CHAN5G(144, 5720, 0),
9590 	CHAN5G(149, 5745, 0),
9591 	CHAN5G(153, 5765, 0),
9592 	CHAN5G(157, 5785, 0),
9593 	CHAN5G(161, 5805, 0),
9594 	CHAN5G(165, 5825, 0),
9595 	CHAN5G(169, 5845, 0),
9596 	CHAN5G(173, 5865, 0),
9597 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
9598 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
9599 };
9600 
9601 struct ath10k *ath10k_mac_create(size_t priv_size)
9602 {
9603 	struct ieee80211_hw *hw;
9604 	struct ieee80211_ops *ops;
9605 	struct ath10k *ar;
9606 
9607 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
9608 	if (!ops)
9609 		return NULL;
9610 
9611 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
9612 	if (!hw) {
9613 		kfree(ops);
9614 		return NULL;
9615 	}
9616 
9617 	ar = hw->priv;
9618 	ar->hw = hw;
9619 	ar->ops = ops;
9620 
9621 	return ar;
9622 }
9623 
9624 void ath10k_mac_destroy(struct ath10k *ar)
9625 {
9626 	struct ieee80211_ops *ops = ar->ops;
9627 
9628 	ieee80211_free_hw(ar->hw);
9629 	kfree(ops);
9630 }
9631 
9632 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
9633 	{
9634 		.max	= 8,
9635 		.types	= BIT(NL80211_IFTYPE_STATION)
9636 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
9637 	},
9638 	{
9639 		.max	= 3,
9640 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
9641 	},
9642 	{
9643 		.max	= 1,
9644 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
9645 	},
9646 	{
9647 		.max	= 7,
9648 		.types	= BIT(NL80211_IFTYPE_AP)
9649 #ifdef CONFIG_MAC80211_MESH
9650 			| BIT(NL80211_IFTYPE_MESH_POINT)
9651 #endif
9652 	},
9653 };
9654 
9655 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
9656 	{
9657 		.max	= 8,
9658 		.types	= BIT(NL80211_IFTYPE_AP)
9659 #ifdef CONFIG_MAC80211_MESH
9660 			| BIT(NL80211_IFTYPE_MESH_POINT)
9661 #endif
9662 	},
9663 	{
9664 		.max	= 1,
9665 		.types	= BIT(NL80211_IFTYPE_STATION)
9666 	},
9667 };
9668 
9669 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
9670 	{
9671 		.limits = ath10k_if_limits,
9672 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
9673 		.max_interfaces = 8,
9674 		.num_different_channels = 1,
9675 		.beacon_int_infra_match = true,
9676 	},
9677 };
9678 
9679 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
9680 	{
9681 		.limits = ath10k_10x_if_limits,
9682 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
9683 		.max_interfaces = 8,
9684 		.num_different_channels = 1,
9685 		.beacon_int_infra_match = true,
9686 		.beacon_int_min_gcd = 1,
9687 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9688 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9689 					BIT(NL80211_CHAN_WIDTH_20) |
9690 					BIT(NL80211_CHAN_WIDTH_40) |
9691 					BIT(NL80211_CHAN_WIDTH_80),
9692 #endif
9693 	},
9694 };
9695 
9696 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
9697 	{
9698 		.max = 2,
9699 		.types = BIT(NL80211_IFTYPE_STATION),
9700 	},
9701 	{
9702 		.max = 2,
9703 		.types = BIT(NL80211_IFTYPE_AP) |
9704 #ifdef CONFIG_MAC80211_MESH
9705 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9706 #endif
9707 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
9708 			 BIT(NL80211_IFTYPE_P2P_GO),
9709 	},
9710 	{
9711 		.max = 1,
9712 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9713 	},
9714 };
9715 
9716 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
9717 	{
9718 		.max = 2,
9719 		.types = BIT(NL80211_IFTYPE_STATION),
9720 	},
9721 	{
9722 		.max = 2,
9723 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
9724 	},
9725 	{
9726 		.max = 1,
9727 		.types = BIT(NL80211_IFTYPE_AP) |
9728 #ifdef CONFIG_MAC80211_MESH
9729 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9730 #endif
9731 			 BIT(NL80211_IFTYPE_P2P_GO),
9732 	},
9733 	{
9734 		.max = 1,
9735 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9736 	},
9737 };
9738 
9739 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
9740 	{
9741 		.max = 1,
9742 		.types = BIT(NL80211_IFTYPE_STATION),
9743 	},
9744 	{
9745 		.max = 1,
9746 		.types = BIT(NL80211_IFTYPE_ADHOC),
9747 	},
9748 };
9749 
9750 /* FIXME: This is not thoroughly tested. These combinations may over- or
9751  * underestimate hw/fw capabilities.
9752  */
9753 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
9754 	{
9755 		.limits = ath10k_tlv_if_limit,
9756 		.num_different_channels = 1,
9757 		.max_interfaces = 4,
9758 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9759 	},
9760 	{
9761 		.limits = ath10k_tlv_if_limit_ibss,
9762 		.num_different_channels = 1,
9763 		.max_interfaces = 2,
9764 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9765 	},
9766 };
9767 
9768 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
9769 	{
9770 		.limits = ath10k_tlv_if_limit,
9771 		.num_different_channels = 1,
9772 		.max_interfaces = 4,
9773 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9774 	},
9775 	{
9776 		.limits = ath10k_tlv_qcs_if_limit,
9777 		.num_different_channels = 2,
9778 		.max_interfaces = 4,
9779 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
9780 	},
9781 	{
9782 		.limits = ath10k_tlv_if_limit_ibss,
9783 		.num_different_channels = 1,
9784 		.max_interfaces = 2,
9785 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9786 	},
9787 };
9788 
9789 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
9790 	{
9791 		.max = 1,
9792 		.types = BIT(NL80211_IFTYPE_STATION),
9793 	},
9794 	{
9795 		.max	= 16,
9796 		.types	= BIT(NL80211_IFTYPE_AP)
9797 #ifdef CONFIG_MAC80211_MESH
9798 			| BIT(NL80211_IFTYPE_MESH_POINT)
9799 #endif
9800 	},
9801 };
9802 
9803 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
9804 	{
9805 		.limits = ath10k_10_4_if_limits,
9806 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9807 		.max_interfaces = 16,
9808 		.num_different_channels = 1,
9809 		.beacon_int_infra_match = true,
9810 		.beacon_int_min_gcd = 1,
9811 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9812 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9813 					BIT(NL80211_CHAN_WIDTH_20) |
9814 					BIT(NL80211_CHAN_WIDTH_40) |
9815 					BIT(NL80211_CHAN_WIDTH_80) |
9816 					BIT(NL80211_CHAN_WIDTH_80P80) |
9817 					BIT(NL80211_CHAN_WIDTH_160),
9818 #endif
9819 	},
9820 };
9821 
9822 static const struct
9823 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
9824 	{
9825 		.limits = ath10k_10_4_if_limits,
9826 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9827 		.max_interfaces = 16,
9828 		.num_different_channels = 1,
9829 		.beacon_int_infra_match = true,
9830 		.beacon_int_min_gcd = 100,
9831 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9832 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9833 					BIT(NL80211_CHAN_WIDTH_20) |
9834 					BIT(NL80211_CHAN_WIDTH_40) |
9835 					BIT(NL80211_CHAN_WIDTH_80) |
9836 					BIT(NL80211_CHAN_WIDTH_80P80) |
9837 					BIT(NL80211_CHAN_WIDTH_160),
9838 #endif
9839 	},
9840 };
9841 
9842 static void ath10k_get_arvif_iter(void *data, u8 *mac,
9843 				  struct ieee80211_vif *vif)
9844 {
9845 	struct ath10k_vif_iter *arvif_iter = data;
9846 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9847 
9848 	if (arvif->vdev_id == arvif_iter->vdev_id)
9849 		arvif_iter->arvif = arvif;
9850 }
9851 
9852 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
9853 {
9854 	struct ath10k_vif_iter arvif_iter;
9855 
9856 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
9857 	arvif_iter.vdev_id = vdev_id;
9858 
9859 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
9860 						   ATH10K_ITER_RESUME_FLAGS,
9861 						   ath10k_get_arvif_iter,
9862 						   &arvif_iter);
9863 	if (!arvif_iter.arvif) {
9864 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
9865 		return NULL;
9866 	}
9867 
9868 	return arvif_iter.arvif;
9869 }
9870 
9871 #define WRD_METHOD "WRDD"
9872 #define WRDD_WIFI  (0x07)
9873 
9874 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
9875 {
9876 	union acpi_object *mcc_pkg;
9877 	union acpi_object *domain_type;
9878 	union acpi_object *mcc_value;
9879 	u32 i;
9880 
9881 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
9882 	    wrdd->package.count < 2 ||
9883 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
9884 	    wrdd->package.elements[0].integer.value != 0) {
9885 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
9886 		return 0;
9887 	}
9888 
9889 	for (i = 1; i < wrdd->package.count; ++i) {
9890 		mcc_pkg = &wrdd->package.elements[i];
9891 
9892 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
9893 			continue;
9894 		if (mcc_pkg->package.count < 2)
9895 			continue;
9896 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
9897 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
9898 			continue;
9899 
9900 		domain_type = &mcc_pkg->package.elements[0];
9901 		if (domain_type->integer.value != WRDD_WIFI)
9902 			continue;
9903 
9904 		mcc_value = &mcc_pkg->package.elements[1];
9905 		return mcc_value->integer.value;
9906 	}
9907 	return 0;
9908 }
9909 
9910 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
9911 {
9912 	acpi_handle root_handle;
9913 	acpi_handle handle;
9914 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
9915 	acpi_status status;
9916 	u32 alpha2_code;
9917 	char alpha2[3];
9918 
9919 	root_handle = ACPI_HANDLE(ar->dev);
9920 	if (!root_handle)
9921 		return -EOPNOTSUPP;
9922 
9923 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
9924 	if (ACPI_FAILURE(status)) {
9925 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9926 			   "failed to get wrd method %d\n", status);
9927 		return -EIO;
9928 	}
9929 
9930 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
9931 	if (ACPI_FAILURE(status)) {
9932 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9933 			   "failed to call wrdc %d\n", status);
9934 		return -EIO;
9935 	}
9936 
9937 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
9938 	kfree(wrdd.pointer);
9939 	if (!alpha2_code)
9940 		return -EIO;
9941 
9942 	alpha2[0] = (alpha2_code >> 8) & 0xff;
9943 	alpha2[1] = (alpha2_code >> 0) & 0xff;
9944 	alpha2[2] = '\0';
9945 
9946 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
9947 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
9948 
9949 	*rd = ath_regd_find_country_by_name(alpha2);
9950 	if (*rd == 0xffff)
9951 		return -EIO;
9952 
9953 	*rd |= COUNTRY_ERD_FLAG;
9954 	return 0;
9955 }
9956 
9957 static int ath10k_mac_init_rd(struct ath10k *ar)
9958 {
9959 	int ret;
9960 	u16 rd;
9961 
9962 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
9963 	if (ret) {
9964 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9965 			   "fallback to eeprom programmed regulatory settings\n");
9966 		rd = ar->hw_eeprom_rd;
9967 	}
9968 
9969 	ar->ath_common.regulatory.current_rd = rd;
9970 	return 0;
9971 }
9972 
9973 int ath10k_mac_register(struct ath10k *ar)
9974 {
9975 	static const u32 cipher_suites[] = {
9976 		WLAN_CIPHER_SUITE_WEP40,
9977 		WLAN_CIPHER_SUITE_WEP104,
9978 		WLAN_CIPHER_SUITE_TKIP,
9979 		WLAN_CIPHER_SUITE_CCMP,
9980 
9981 		/* Do not add hardware supported ciphers before this line.
9982 		 * Allow software encryption for all chips. Don't forget to
9983 		 * update n_cipher_suites below.
9984 		 */
9985 		WLAN_CIPHER_SUITE_AES_CMAC,
9986 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
9987 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
9988 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
9989 
9990 		/* Only QCA99x0 and QCA4019 variants support GCMP-128, GCMP-256
9991 		 * and CCMP-256 in hardware.
9992 		 */
9993 		WLAN_CIPHER_SUITE_GCMP,
9994 		WLAN_CIPHER_SUITE_GCMP_256,
9995 		WLAN_CIPHER_SUITE_CCMP_256,
9996 	};
9997 	struct ieee80211_supported_band *band;
9998 	void *channels;
9999 	int ret;
10000 
10001 	if (!is_valid_ether_addr(ar->mac_addr)) {
10002 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
10003 		eth_random_addr(ar->mac_addr);
10004 	}
10005 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
10006 
10007 	SET_IEEE80211_DEV(ar->hw, ar->dev);
10008 
10009 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
10010 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
10011 		     ATH10K_NUM_CHANS);
10012 
10013 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
10014 		channels = kmemdup(ath10k_2ghz_channels,
10015 				   sizeof(ath10k_2ghz_channels),
10016 				   GFP_KERNEL);
10017 		if (!channels) {
10018 			ret = -ENOMEM;
10019 			goto err_free;
10020 		}
10021 
10022 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
10023 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
10024 		band->channels = channels;
10025 
10026 		if (ar->hw_params.cck_rate_map_rev2) {
10027 			band->n_bitrates = ath10k_g_rates_rev2_size;
10028 			band->bitrates = ath10k_g_rates_rev2;
10029 		} else {
10030 			band->n_bitrates = ath10k_g_rates_size;
10031 			band->bitrates = ath10k_g_rates;
10032 		}
10033 
10034 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
10035 	}
10036 
10037 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
10038 		channels = kmemdup(ath10k_5ghz_channels,
10039 				   sizeof(ath10k_5ghz_channels),
10040 				   GFP_KERNEL);
10041 		if (!channels) {
10042 			ret = -ENOMEM;
10043 			goto err_free;
10044 		}
10045 
10046 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
10047 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
10048 		band->channels = channels;
10049 		band->n_bitrates = ath10k_a_rates_size;
10050 		band->bitrates = ath10k_a_rates;
10051 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
10052 	}
10053 
10054 	wiphy_read_of_freq_limits(ar->hw->wiphy);
10055 	ath10k_mac_setup_ht_vht_cap(ar);
10056 
10057 	ar->hw->wiphy->interface_modes =
10058 		BIT(NL80211_IFTYPE_STATION) |
10059 		BIT(NL80211_IFTYPE_AP) |
10060 		BIT(NL80211_IFTYPE_MESH_POINT);
10061 
10062 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
10063 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
10064 
10065 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
10066 		ar->hw->wiphy->interface_modes |=
10067 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
10068 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
10069 			BIT(NL80211_IFTYPE_P2P_GO);
10070 
10071 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
10072 
10073 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
10074 		      ar->running_fw->fw_file.fw_features)) {
10075 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
10076 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
10077 	}
10078 
10079 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
10080 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
10081 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
10082 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
10083 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
10084 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
10085 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
10086 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
10087 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
10088 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
10089 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
10090 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
10091 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
10092 
10093 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10094 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
10095 
10096 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
10097 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
10098 
10099 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
10100 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
10101 
10102 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
10103 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
10104 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
10105 	}
10106 
10107 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
10108 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
10109 
10110 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
10111 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
10112 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
10113 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
10114 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
10115 		ar->hw->wiphy->max_sched_scan_plan_interval =
10116 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
10117 		ar->hw->wiphy->max_sched_scan_plan_iterations =
10118 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
10119 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
10120 	}
10121 
10122 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
10123 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
10124 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
10125 
10126 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
10127 
10128 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
10129 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
10130 
10131 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
10132 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
10133 		 * correct Probe Responses. This is more of a hack advert..
10134 		 */
10135 		ar->hw->wiphy->probe_resp_offload |=
10136 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
10137 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
10138 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
10139 	}
10140 
10141 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
10142 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
10143 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
10144 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
10145 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
10146 	}
10147 
10148 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
10149 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
10150 
10151 	if (ath10k_frame_mode == ATH10K_HW_TXRX_ETHERNET) {
10152 		if (ar->wmi.vdev_param->tx_encap_type !=
10153 		    WMI_VDEV_PARAM_UNSUPPORTED)
10154 			ieee80211_hw_set(ar->hw, SUPPORTS_TX_ENCAP_OFFLOAD);
10155 	}
10156 
10157 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
10158 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
10159 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
10160 
10161 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
10162 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
10163 				   NL80211_FEATURE_AP_SCAN;
10164 
10165 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
10166 
10167 	ret = ath10k_wow_init(ar);
10168 	if (ret) {
10169 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
10170 		goto err_free;
10171 	}
10172 
10173 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
10174 	wiphy_ext_feature_set(ar->hw->wiphy,
10175 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
10176 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
10177 
10178 	if (ar->hw_params.mcast_frame_registration)
10179 		wiphy_ext_feature_set(ar->hw->wiphy,
10180 				      NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS);
10181 
10182 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
10183 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
10184 		wiphy_ext_feature_set(ar->hw->wiphy,
10185 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
10186 
10187 	if (ath10k_peer_stats_enabled(ar) ||
10188 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
10189 		wiphy_ext_feature_set(ar->hw->wiphy,
10190 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
10191 
10192 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
10193 		wiphy_ext_feature_set(ar->hw->wiphy,
10194 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
10195 
10196 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
10197 		wiphy_ext_feature_set(ar->hw->wiphy,
10198 				      NL80211_EXT_FEATURE_STA_TX_PWR);
10199 
10200 	if (test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map)) {
10201 		ar->hw->wiphy->tid_config_support.vif |=
10202 				BIT(NL80211_TID_CONFIG_ATTR_NOACK) |
10203 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT) |
10204 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG) |
10205 				BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL) |
10206 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
10207 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
10208 
10209 		if (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
10210 			     ar->wmi.svc_map)) {
10211 			ar->hw->wiphy->tid_config_support.vif |=
10212 				BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
10213 		}
10214 
10215 		ar->hw->wiphy->tid_config_support.peer =
10216 				ar->hw->wiphy->tid_config_support.vif;
10217 		ar->hw->wiphy->max_data_retry_count = ATH10K_MAX_RETRY_COUNT;
10218 	} else {
10219 		ar->ops->set_tid_config = NULL;
10220 	}
10221 	/*
10222 	 * on LL hardware queues are managed entirely by the FW
10223 	 * so we only advertise to mac we can do the queues thing
10224 	 */
10225 	ar->hw->queues = IEEE80211_MAX_QUEUES;
10226 
10227 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
10228 	 * something that vdev_ids can't reach so that we don't stop the queue
10229 	 * accidentally.
10230 	 */
10231 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
10232 
10233 	switch (ar->running_fw->fw_file.wmi_op_version) {
10234 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
10235 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
10236 		ar->hw->wiphy->n_iface_combinations =
10237 			ARRAY_SIZE(ath10k_if_comb);
10238 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10239 		break;
10240 	case ATH10K_FW_WMI_OP_VERSION_TLV:
10241 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
10242 			ar->hw->wiphy->iface_combinations =
10243 				ath10k_tlv_qcs_if_comb;
10244 			ar->hw->wiphy->n_iface_combinations =
10245 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
10246 		} else {
10247 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
10248 			ar->hw->wiphy->n_iface_combinations =
10249 				ARRAY_SIZE(ath10k_tlv_if_comb);
10250 		}
10251 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10252 		break;
10253 	case ATH10K_FW_WMI_OP_VERSION_10_1:
10254 	case ATH10K_FW_WMI_OP_VERSION_10_2:
10255 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
10256 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
10257 		ar->hw->wiphy->n_iface_combinations =
10258 			ARRAY_SIZE(ath10k_10x_if_comb);
10259 		break;
10260 	case ATH10K_FW_WMI_OP_VERSION_10_4:
10261 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
10262 		ar->hw->wiphy->n_iface_combinations =
10263 			ARRAY_SIZE(ath10k_10_4_if_comb);
10264 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
10265 			     ar->wmi.svc_map)) {
10266 			ar->hw->wiphy->iface_combinations =
10267 				ath10k_10_4_bcn_int_if_comb;
10268 			ar->hw->wiphy->n_iface_combinations =
10269 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
10270 		}
10271 		break;
10272 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
10273 	case ATH10K_FW_WMI_OP_VERSION_MAX:
10274 		WARN_ON(1);
10275 		ret = -EINVAL;
10276 		goto err_free;
10277 	}
10278 
10279 	if (ar->hw_params.dynamic_sar_support)
10280 		ar->hw->wiphy->sar_capa = &ath10k_sar_capa;
10281 
10282 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10283 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
10284 
10285 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
10286 		/* Init ath dfs pattern detector */
10287 		ar->ath_common.debug_mask = ATH_DBG_DFS;
10288 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
10289 							     NL80211_DFS_UNSET);
10290 
10291 		if (!ar->dfs_detector)
10292 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
10293 	}
10294 
10295 	ret = ath10k_mac_init_rd(ar);
10296 	if (ret) {
10297 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
10298 		goto err_dfs_detector_exit;
10299 	}
10300 
10301 	/* Disable set_coverage_class for chipsets that do not support it. */
10302 	if (!ar->hw_params.hw_ops->set_coverage_class)
10303 		ar->ops->set_coverage_class = NULL;
10304 
10305 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
10306 			    ath10k_reg_notifier);
10307 	if (ret) {
10308 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
10309 		goto err_dfs_detector_exit;
10310 	}
10311 
10312 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
10313 		ar->hw->wiphy->features |=
10314 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
10315 	}
10316 
10317 	ar->hw->wiphy->cipher_suites = cipher_suites;
10318 
10319 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
10320 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
10321 	 * from chip specific hw_param table.
10322 	 */
10323 	if (!ar->hw_params.n_cipher_suites ||
10324 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
10325 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
10326 			   ar->hw_params.n_cipher_suites);
10327 		ar->hw_params.n_cipher_suites = 8;
10328 	}
10329 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
10330 
10331 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
10332 
10333 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
10334 
10335 	ret = ieee80211_register_hw(ar->hw);
10336 	if (ret) {
10337 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
10338 		goto err_dfs_detector_exit;
10339 	}
10340 
10341 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
10342 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
10343 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
10344 	}
10345 
10346 	if (!ath_is_world_regd(&ar->ath_common.reg_world_copy) &&
10347 	    !ath_is_world_regd(&ar->ath_common.regulatory)) {
10348 		ret = regulatory_hint(ar->hw->wiphy,
10349 				      ar->ath_common.regulatory.alpha2);
10350 		if (ret)
10351 			goto err_unregister;
10352 	}
10353 
10354 	return 0;
10355 
10356 err_unregister:
10357 	ieee80211_unregister_hw(ar->hw);
10358 
10359 err_dfs_detector_exit:
10360 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10361 		ar->dfs_detector->exit(ar->dfs_detector);
10362 
10363 err_free:
10364 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10365 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10366 
10367 	SET_IEEE80211_DEV(ar->hw, NULL);
10368 	return ret;
10369 }
10370 
10371 void ath10k_mac_unregister(struct ath10k *ar)
10372 {
10373 	ieee80211_unregister_hw(ar->hw);
10374 
10375 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10376 		ar->dfs_detector->exit(ar->dfs_detector);
10377 
10378 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10379 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10380 
10381 	SET_IEEE80211_DEV(ar->hw, NULL);
10382 }
10383