xref: /linux/drivers/net/wireless/ath/ath10k/mac.c (revision 86941382508850d58c11bdafe0fec646dfd31b09)
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
7  * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
8  */
9 
10 #include "mac.h"
11 
12 #include <net/cfg80211.h>
13 #include <net/mac80211.h>
14 #include <linux/etherdevice.h>
15 #include <linux/acpi.h>
16 #include <linux/of.h>
17 #include <linux/bitfield.h>
18 
19 #include "hif.h"
20 #include "core.h"
21 #include "debug.h"
22 #include "wmi.h"
23 #include "htt.h"
24 #include "txrx.h"
25 #include "testmode.h"
26 #include "wmi-tlv.h"
27 #include "wmi-ops.h"
28 #include "wow.h"
29 #include "leds.h"
30 
31 /*********/
32 /* Rates */
33 /*********/
34 
35 static struct ieee80211_rate ath10k_rates[] = {
36 	{ .bitrate = 10,
37 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
38 	{ .bitrate = 20,
39 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
40 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
41 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
42 	{ .bitrate = 55,
43 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
44 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
45 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
46 	{ .bitrate = 110,
47 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
48 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
49 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
50 
51 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
52 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
53 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
54 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
55 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
56 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
57 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
58 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
59 };
60 
61 static struct ieee80211_rate ath10k_rates_rev2[] = {
62 	{ .bitrate = 10,
63 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
64 	{ .bitrate = 20,
65 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
66 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
67 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
68 	{ .bitrate = 55,
69 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
70 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
71 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
72 	{ .bitrate = 110,
73 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
74 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
75 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
76 
77 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
78 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
79 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
80 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
81 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
82 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
83 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
84 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
85 };
86 
87 static const struct cfg80211_sar_freq_ranges ath10k_sar_freq_ranges[] = {
88 	{.start_freq = 2402, .end_freq = 2494 },
89 	{.start_freq = 5170, .end_freq = 5875 },
90 };
91 
92 static const struct cfg80211_sar_capa ath10k_sar_capa = {
93 	.type = NL80211_SAR_TYPE_POWER,
94 	.num_freq_ranges = (ARRAY_SIZE(ath10k_sar_freq_ranges)),
95 	.freq_ranges = &ath10k_sar_freq_ranges[0],
96 };
97 
98 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
99 
100 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
101 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
102 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
103 #define ath10k_g_rates (ath10k_rates + 0)
104 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
105 
106 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
107 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
108 
109 #define ath10k_wmi_legacy_rates ath10k_rates
110 
111 static bool ath10k_mac_bitrate_is_cck(int bitrate)
112 {
113 	switch (bitrate) {
114 	case 10:
115 	case 20:
116 	case 55:
117 	case 110:
118 		return true;
119 	}
120 
121 	return false;
122 }
123 
124 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
125 {
126 	return DIV_ROUND_UP(bitrate, 5) |
127 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
128 }
129 
130 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
131 			     u8 hw_rate, bool cck)
132 {
133 	const struct ieee80211_rate *rate;
134 	int i;
135 
136 	for (i = 0; i < sband->n_bitrates; i++) {
137 		rate = &sband->bitrates[i];
138 
139 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
140 			continue;
141 
142 		if (rate->hw_value == hw_rate)
143 			return i;
144 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
145 			 rate->hw_value_short == hw_rate)
146 			return i;
147 	}
148 
149 	return 0;
150 }
151 
152 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
153 			     u32 bitrate)
154 {
155 	int i;
156 
157 	for (i = 0; i < sband->n_bitrates; i++)
158 		if (sband->bitrates[i].bitrate == bitrate)
159 			return i;
160 
161 	return 0;
162 }
163 
164 static int ath10k_mac_get_rate_hw_value(int bitrate)
165 {
166 	int i;
167 	u8 hw_value_prefix = 0;
168 
169 	if (ath10k_mac_bitrate_is_cck(bitrate))
170 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
171 
172 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
173 		if (ath10k_rates[i].bitrate == bitrate)
174 			return hw_value_prefix | ath10k_rates[i].hw_value;
175 	}
176 
177 	return -EINVAL;
178 }
179 
180 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
181 {
182 	switch ((mcs_map >> (2 * nss)) & 0x3) {
183 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
184 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
185 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
186 	}
187 	return 0;
188 }
189 
190 static u32
191 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
192 {
193 	int nss;
194 
195 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
196 		if (ht_mcs_mask[nss])
197 			return nss + 1;
198 
199 	return 1;
200 }
201 
202 static u32
203 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
204 {
205 	int nss;
206 
207 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
208 		if (vht_mcs_mask[nss])
209 			return nss + 1;
210 
211 	return 1;
212 }
213 
214 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
215 {
216 	enum wmi_host_platform_type platform_type;
217 	int ret;
218 
219 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
220 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
221 	else
222 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
223 
224 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
225 
226 	if (ret && ret != -EOPNOTSUPP) {
227 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
228 		return ret;
229 	}
230 
231 	return 0;
232 }
233 
234 /**********/
235 /* Crypto */
236 /**********/
237 
238 static int ath10k_send_key(struct ath10k_vif *arvif,
239 			   struct ieee80211_key_conf *key,
240 			   enum set_key_cmd cmd,
241 			   const u8 *macaddr, u32 flags)
242 {
243 	struct ath10k *ar = arvif->ar;
244 	struct wmi_vdev_install_key_arg arg = {
245 		.vdev_id = arvif->vdev_id,
246 		.key_idx = key->keyidx,
247 		.key_len = key->keylen,
248 		.key_data = key->key,
249 		.key_flags = flags,
250 		.macaddr = macaddr,
251 	};
252 
253 	lockdep_assert_held(&arvif->ar->conf_mutex);
254 
255 	switch (key->cipher) {
256 	case WLAN_CIPHER_SUITE_CCMP:
257 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
258 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
259 		break;
260 	case WLAN_CIPHER_SUITE_TKIP:
261 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
262 		arg.key_txmic_len = 8;
263 		arg.key_rxmic_len = 8;
264 		break;
265 	case WLAN_CIPHER_SUITE_WEP40:
266 	case WLAN_CIPHER_SUITE_WEP104:
267 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
268 		break;
269 	case WLAN_CIPHER_SUITE_CCMP_256:
270 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
271 		break;
272 	case WLAN_CIPHER_SUITE_GCMP:
273 	case WLAN_CIPHER_SUITE_GCMP_256:
274 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
275 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
276 		break;
277 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
278 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
279 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
280 	case WLAN_CIPHER_SUITE_AES_CMAC:
281 		WARN_ON(1);
282 		return -EINVAL;
283 	default:
284 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
285 		return -EOPNOTSUPP;
286 	}
287 
288 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
289 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
290 
291 	if (cmd == DISABLE_KEY) {
292 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
293 		arg.key_data = NULL;
294 	}
295 
296 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
297 }
298 
299 static int ath10k_install_key(struct ath10k_vif *arvif,
300 			      struct ieee80211_key_conf *key,
301 			      enum set_key_cmd cmd,
302 			      const u8 *macaddr, u32 flags)
303 {
304 	struct ath10k *ar = arvif->ar;
305 	int ret;
306 	unsigned long time_left;
307 
308 	lockdep_assert_held(&ar->conf_mutex);
309 
310 	reinit_completion(&ar->install_key_done);
311 
312 	if (arvif->nohwcrypt)
313 		return 1;
314 
315 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
316 	if (ret)
317 		return ret;
318 
319 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
320 	if (time_left == 0)
321 		return -ETIMEDOUT;
322 
323 	return 0;
324 }
325 
326 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
327 					const u8 *addr)
328 {
329 	struct ath10k *ar = arvif->ar;
330 	struct ath10k_peer *peer;
331 	int ret;
332 	int i;
333 	u32 flags;
334 
335 	lockdep_assert_held(&ar->conf_mutex);
336 
337 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
338 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
339 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
340 		return -EINVAL;
341 
342 	spin_lock_bh(&ar->data_lock);
343 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
344 	spin_unlock_bh(&ar->data_lock);
345 
346 	if (!peer)
347 		return -ENOENT;
348 
349 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
350 		if (arvif->wep_keys[i] == NULL)
351 			continue;
352 
353 		switch (arvif->vif->type) {
354 		case NL80211_IFTYPE_AP:
355 			flags = WMI_KEY_PAIRWISE;
356 
357 			if (arvif->def_wep_key_idx == i)
358 				flags |= WMI_KEY_TX_USAGE;
359 
360 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
361 						 SET_KEY, addr, flags);
362 			if (ret < 0)
363 				return ret;
364 			break;
365 		case NL80211_IFTYPE_ADHOC:
366 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
367 						 SET_KEY, addr,
368 						 WMI_KEY_PAIRWISE);
369 			if (ret < 0)
370 				return ret;
371 
372 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
373 						 SET_KEY, addr, WMI_KEY_GROUP);
374 			if (ret < 0)
375 				return ret;
376 			break;
377 		default:
378 			WARN_ON(1);
379 			return -EINVAL;
380 		}
381 
382 		spin_lock_bh(&ar->data_lock);
383 		peer->keys[i] = arvif->wep_keys[i];
384 		spin_unlock_bh(&ar->data_lock);
385 	}
386 
387 	/* In some cases (notably with static WEP IBSS with multiple keys)
388 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
389 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
390 	 * didn't seem help. Using def_keyid vdev parameter seems to be
391 	 * effective so use that.
392 	 *
393 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
394 	 */
395 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
396 		return 0;
397 
398 	if (arvif->def_wep_key_idx == -1)
399 		return 0;
400 
401 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
402 					arvif->vdev_id,
403 					arvif->ar->wmi.vdev_param->def_keyid,
404 					arvif->def_wep_key_idx);
405 	if (ret) {
406 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
407 			    arvif->vdev_id, ret);
408 		return ret;
409 	}
410 
411 	return 0;
412 }
413 
414 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
415 				  const u8 *addr)
416 {
417 	struct ath10k *ar = arvif->ar;
418 	struct ath10k_peer *peer;
419 	int first_errno = 0;
420 	int ret;
421 	int i;
422 	u32 flags = 0;
423 
424 	lockdep_assert_held(&ar->conf_mutex);
425 
426 	spin_lock_bh(&ar->data_lock);
427 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
428 	spin_unlock_bh(&ar->data_lock);
429 
430 	if (!peer)
431 		return -ENOENT;
432 
433 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
434 		if (peer->keys[i] == NULL)
435 			continue;
436 
437 		/* key flags are not required to delete the key */
438 		ret = ath10k_install_key(arvif, peer->keys[i],
439 					 DISABLE_KEY, addr, flags);
440 		if (ret < 0 && first_errno == 0)
441 			first_errno = ret;
442 
443 		if (ret < 0)
444 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
445 				    i, ret);
446 
447 		spin_lock_bh(&ar->data_lock);
448 		peer->keys[i] = NULL;
449 		spin_unlock_bh(&ar->data_lock);
450 	}
451 
452 	return first_errno;
453 }
454 
455 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
456 				    u8 keyidx)
457 {
458 	struct ath10k_peer *peer;
459 	int i;
460 
461 	lockdep_assert_held(&ar->data_lock);
462 
463 	/* We don't know which vdev this peer belongs to,
464 	 * since WMI doesn't give us that information.
465 	 *
466 	 * FIXME: multi-bss needs to be handled.
467 	 */
468 	peer = ath10k_peer_find(ar, 0, addr);
469 	if (!peer)
470 		return false;
471 
472 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
473 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
474 			return true;
475 	}
476 
477 	return false;
478 }
479 
480 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
481 				 struct ieee80211_key_conf *key)
482 {
483 	struct ath10k *ar = arvif->ar;
484 	struct ath10k_peer *peer;
485 	u8 addr[ETH_ALEN];
486 	int first_errno = 0;
487 	int ret;
488 	int i;
489 	u32 flags = 0;
490 
491 	lockdep_assert_held(&ar->conf_mutex);
492 
493 	for (;;) {
494 		/* since ath10k_install_key we can't hold data_lock all the
495 		 * time, so we try to remove the keys incrementally
496 		 */
497 		spin_lock_bh(&ar->data_lock);
498 		i = 0;
499 		list_for_each_entry(peer, &ar->peers, list) {
500 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
501 				if (peer->keys[i] == key) {
502 					ether_addr_copy(addr, peer->addr);
503 					peer->keys[i] = NULL;
504 					break;
505 				}
506 			}
507 
508 			if (i < ARRAY_SIZE(peer->keys))
509 				break;
510 		}
511 		spin_unlock_bh(&ar->data_lock);
512 
513 		if (i == ARRAY_SIZE(peer->keys))
514 			break;
515 		/* key flags are not required to delete the key */
516 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
517 		if (ret < 0 && first_errno == 0)
518 			first_errno = ret;
519 
520 		if (ret)
521 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
522 				    addr, ret);
523 	}
524 
525 	return first_errno;
526 }
527 
528 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
529 					 struct ieee80211_key_conf *key)
530 {
531 	struct ath10k *ar = arvif->ar;
532 	struct ath10k_peer *peer;
533 	int ret;
534 
535 	lockdep_assert_held(&ar->conf_mutex);
536 
537 	list_for_each_entry(peer, &ar->peers, list) {
538 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
539 			continue;
540 
541 		if (ether_addr_equal(peer->addr, arvif->bssid))
542 			continue;
543 
544 		if (peer->keys[key->keyidx] == key)
545 			continue;
546 
547 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
548 			   arvif->vdev_id, key->keyidx);
549 
550 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
551 		if (ret) {
552 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
553 				    arvif->vdev_id, peer->addr, ret);
554 			return ret;
555 		}
556 	}
557 
558 	return 0;
559 }
560 
561 /*********************/
562 /* General utilities */
563 /*********************/
564 
565 static inline enum wmi_phy_mode
566 chan_to_phymode(const struct cfg80211_chan_def *chandef)
567 {
568 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
569 
570 	switch (chandef->chan->band) {
571 	case NL80211_BAND_2GHZ:
572 		switch (chandef->width) {
573 		case NL80211_CHAN_WIDTH_20_NOHT:
574 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
575 				phymode = MODE_11B;
576 			else
577 				phymode = MODE_11G;
578 			break;
579 		case NL80211_CHAN_WIDTH_20:
580 			phymode = MODE_11NG_HT20;
581 			break;
582 		case NL80211_CHAN_WIDTH_40:
583 			phymode = MODE_11NG_HT40;
584 			break;
585 		default:
586 			phymode = MODE_UNKNOWN;
587 			break;
588 		}
589 		break;
590 	case NL80211_BAND_5GHZ:
591 		switch (chandef->width) {
592 		case NL80211_CHAN_WIDTH_20_NOHT:
593 			phymode = MODE_11A;
594 			break;
595 		case NL80211_CHAN_WIDTH_20:
596 			phymode = MODE_11NA_HT20;
597 			break;
598 		case NL80211_CHAN_WIDTH_40:
599 			phymode = MODE_11NA_HT40;
600 			break;
601 		case NL80211_CHAN_WIDTH_80:
602 			phymode = MODE_11AC_VHT80;
603 			break;
604 		case NL80211_CHAN_WIDTH_160:
605 			phymode = MODE_11AC_VHT160;
606 			break;
607 		case NL80211_CHAN_WIDTH_80P80:
608 			phymode = MODE_11AC_VHT80_80;
609 			break;
610 		default:
611 			phymode = MODE_UNKNOWN;
612 			break;
613 		}
614 		break;
615 	default:
616 		break;
617 	}
618 
619 	WARN_ON(phymode == MODE_UNKNOWN);
620 	return phymode;
621 }
622 
623 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
624 {
625 /*
626  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
627  *   0 for no restriction
628  *   1 for 1/4 us
629  *   2 for 1/2 us
630  *   3 for 1 us
631  *   4 for 2 us
632  *   5 for 4 us
633  *   6 for 8 us
634  *   7 for 16 us
635  */
636 	switch (mpdudensity) {
637 	case 0:
638 		return 0;
639 	case 1:
640 	case 2:
641 	case 3:
642 	/* Our lower layer calculations limit our precision to
643 	 * 1 microsecond
644 	 */
645 		return 1;
646 	case 4:
647 		return 2;
648 	case 5:
649 		return 4;
650 	case 6:
651 		return 8;
652 	case 7:
653 		return 16;
654 	default:
655 		return 0;
656 	}
657 }
658 
659 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
660 			struct cfg80211_chan_def *def)
661 {
662 	struct ieee80211_chanctx_conf *conf;
663 
664 	rcu_read_lock();
665 	conf = rcu_dereference(vif->bss_conf.chanctx_conf);
666 	if (!conf) {
667 		rcu_read_unlock();
668 		return -ENOENT;
669 	}
670 
671 	*def = conf->def;
672 	rcu_read_unlock();
673 
674 	return 0;
675 }
676 
677 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
678 					 struct ieee80211_chanctx_conf *conf,
679 					 void *data)
680 {
681 	int *num = data;
682 
683 	(*num)++;
684 }
685 
686 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
687 {
688 	int num = 0;
689 
690 	ieee80211_iter_chan_contexts_atomic(ar->hw,
691 					    ath10k_mac_num_chanctxs_iter,
692 					    &num);
693 
694 	return num;
695 }
696 
697 static void
698 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
699 				struct ieee80211_chanctx_conf *conf,
700 				void *data)
701 {
702 	struct cfg80211_chan_def **def = data;
703 
704 	*def = &conf->def;
705 }
706 
707 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
708 					     const u8 *addr)
709 {
710 	unsigned long time_left;
711 	int ret;
712 
713 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
714 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
715 		if (ret) {
716 			ath10k_warn(ar, "failed wait for peer deleted");
717 			return;
718 		}
719 
720 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
721 							5 * HZ);
722 		if (!time_left)
723 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
724 	}
725 }
726 
727 static int ath10k_peer_create(struct ath10k *ar,
728 			      struct ieee80211_vif *vif,
729 			      struct ieee80211_sta *sta,
730 			      u32 vdev_id,
731 			      const u8 *addr,
732 			      enum wmi_peer_type peer_type)
733 {
734 	struct ath10k_peer *peer;
735 	int ret;
736 
737 	lockdep_assert_held(&ar->conf_mutex);
738 
739 	/* Each vdev consumes a peer entry as well. */
740 	if (ar->num_peers + list_count_nodes(&ar->arvifs) >= ar->max_num_peers)
741 		return -ENOBUFS;
742 
743 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
744 	if (ret) {
745 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
746 			    addr, vdev_id, ret);
747 		return ret;
748 	}
749 
750 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
751 	if (ret) {
752 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
753 			    addr, vdev_id, ret);
754 		return ret;
755 	}
756 
757 	spin_lock_bh(&ar->data_lock);
758 
759 	peer = ath10k_peer_find(ar, vdev_id, addr);
760 	if (!peer) {
761 		spin_unlock_bh(&ar->data_lock);
762 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
763 			    addr, vdev_id);
764 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
765 		return -ENOENT;
766 	}
767 
768 	peer->vif = vif;
769 	peer->sta = sta;
770 
771 	spin_unlock_bh(&ar->data_lock);
772 
773 	ar->num_peers++;
774 
775 	return 0;
776 }
777 
778 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
779 {
780 	struct ath10k *ar = arvif->ar;
781 	u32 param;
782 	int ret;
783 
784 	param = ar->wmi.pdev_param->sta_kickout_th;
785 	ret = ath10k_wmi_pdev_set_param(ar, param,
786 					ATH10K_KICKOUT_THRESHOLD);
787 	if (ret) {
788 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
789 			    arvif->vdev_id, ret);
790 		return ret;
791 	}
792 
793 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
794 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
795 					ATH10K_KEEPALIVE_MIN_IDLE);
796 	if (ret) {
797 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
798 			    arvif->vdev_id, ret);
799 		return ret;
800 	}
801 
802 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
803 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
804 					ATH10K_KEEPALIVE_MAX_IDLE);
805 	if (ret) {
806 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
807 			    arvif->vdev_id, ret);
808 		return ret;
809 	}
810 
811 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
812 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
813 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
814 	if (ret) {
815 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
816 			    arvif->vdev_id, ret);
817 		return ret;
818 	}
819 
820 	return 0;
821 }
822 
823 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
824 {
825 	struct ath10k *ar = arvif->ar;
826 	u32 vdev_param;
827 
828 	vdev_param = ar->wmi.vdev_param->rts_threshold;
829 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
830 }
831 
832 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
833 {
834 	int ret;
835 
836 	lockdep_assert_held(&ar->conf_mutex);
837 
838 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
839 	if (ret)
840 		return ret;
841 
842 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
843 	if (ret)
844 		return ret;
845 
846 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
847 		unsigned long time_left;
848 
849 		time_left = wait_for_completion_timeout
850 			    (&ar->peer_delete_done, 5 * HZ);
851 
852 		if (!time_left) {
853 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
854 			return -ETIMEDOUT;
855 		}
856 	}
857 
858 	ar->num_peers--;
859 
860 	return 0;
861 }
862 
863 static void ath10k_peer_map_cleanup(struct ath10k *ar, struct ath10k_peer *peer)
864 {
865 	int peer_id, i;
866 
867 	lockdep_assert_held(&ar->conf_mutex);
868 
869 	for_each_set_bit(peer_id, peer->peer_ids,
870 			 ATH10K_MAX_NUM_PEER_IDS) {
871 		ar->peer_map[peer_id] = NULL;
872 	}
873 
874 	/* Double check that peer is properly un-referenced from
875 	 * the peer_map
876 	 */
877 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
878 		if (ar->peer_map[i] == peer) {
879 			ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %p idx %d)\n",
880 				    peer->addr, peer, i);
881 			ar->peer_map[i] = NULL;
882 		}
883 	}
884 
885 	list_del(&peer->list);
886 	kfree(peer);
887 	ar->num_peers--;
888 }
889 
890 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
891 {
892 	struct ath10k_peer *peer, *tmp;
893 
894 	lockdep_assert_held(&ar->conf_mutex);
895 
896 	spin_lock_bh(&ar->data_lock);
897 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
898 		if (peer->vdev_id != vdev_id)
899 			continue;
900 
901 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
902 			    peer->addr, vdev_id);
903 
904 		ath10k_peer_map_cleanup(ar, peer);
905 	}
906 	spin_unlock_bh(&ar->data_lock);
907 }
908 
909 static void ath10k_peer_cleanup_all(struct ath10k *ar)
910 {
911 	struct ath10k_peer *peer, *tmp;
912 	int i;
913 
914 	lockdep_assert_held(&ar->conf_mutex);
915 
916 	spin_lock_bh(&ar->data_lock);
917 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
918 		list_del(&peer->list);
919 		kfree(peer);
920 	}
921 
922 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
923 		ar->peer_map[i] = NULL;
924 
925 	spin_unlock_bh(&ar->data_lock);
926 
927 	ar->num_peers = 0;
928 	ar->num_stations = 0;
929 }
930 
931 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
932 				       struct ieee80211_sta *sta,
933 				       enum wmi_tdls_peer_state state)
934 {
935 	int ret;
936 	struct wmi_tdls_peer_update_cmd_arg arg = {};
937 	struct wmi_tdls_peer_capab_arg cap = {};
938 	struct wmi_channel_arg chan_arg = {};
939 
940 	lockdep_assert_held(&ar->conf_mutex);
941 
942 	arg.vdev_id = vdev_id;
943 	arg.peer_state = state;
944 	ether_addr_copy(arg.addr, sta->addr);
945 
946 	cap.peer_max_sp = sta->max_sp;
947 	cap.peer_uapsd_queues = sta->uapsd_queues;
948 
949 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
950 	    !sta->tdls_initiator)
951 		cap.is_peer_responder = 1;
952 
953 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
954 	if (ret) {
955 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
956 			    arg.addr, vdev_id, ret);
957 		return ret;
958 	}
959 
960 	return 0;
961 }
962 
963 /************************/
964 /* Interface management */
965 /************************/
966 
967 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
968 {
969 	struct ath10k *ar = arvif->ar;
970 
971 	lockdep_assert_held(&ar->data_lock);
972 
973 	if (!arvif->beacon)
974 		return;
975 
976 	if (!arvif->beacon_buf)
977 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
978 				 arvif->beacon->len, DMA_TO_DEVICE);
979 
980 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
981 		    arvif->beacon_state != ATH10K_BEACON_SENT))
982 		return;
983 
984 	dev_kfree_skb_any(arvif->beacon);
985 
986 	arvif->beacon = NULL;
987 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
988 }
989 
990 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
991 {
992 	struct ath10k *ar = arvif->ar;
993 
994 	lockdep_assert_held(&ar->data_lock);
995 
996 	ath10k_mac_vif_beacon_free(arvif);
997 
998 	if (arvif->beacon_buf) {
999 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
1000 			kfree(arvif->beacon_buf);
1001 		else
1002 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
1003 					  arvif->beacon_buf,
1004 					  arvif->beacon_paddr);
1005 		arvif->beacon_buf = NULL;
1006 	}
1007 }
1008 
1009 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
1010 {
1011 	unsigned long time_left;
1012 
1013 	lockdep_assert_held(&ar->conf_mutex);
1014 
1015 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1016 		return -ESHUTDOWN;
1017 
1018 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1019 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1020 	if (time_left == 0)
1021 		return -ETIMEDOUT;
1022 
1023 	return ar->last_wmi_vdev_start_status;
1024 }
1025 
1026 static inline int ath10k_vdev_delete_sync(struct ath10k *ar)
1027 {
1028 	unsigned long time_left;
1029 
1030 	lockdep_assert_held(&ar->conf_mutex);
1031 
1032 	if (!test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map))
1033 		return 0;
1034 
1035 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1036 		return -ESHUTDOWN;
1037 
1038 	time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
1039 						ATH10K_VDEV_DELETE_TIMEOUT_HZ);
1040 	if (time_left == 0)
1041 		return -ETIMEDOUT;
1042 
1043 	return 0;
1044 }
1045 
1046 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1047 {
1048 	struct cfg80211_chan_def *chandef = NULL;
1049 	struct ieee80211_channel *channel = NULL;
1050 	struct wmi_vdev_start_request_arg arg = {};
1051 	int ret = 0;
1052 
1053 	lockdep_assert_held(&ar->conf_mutex);
1054 
1055 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1056 					    ath10k_mac_get_any_chandef_iter,
1057 					    &chandef);
1058 	if (WARN_ON_ONCE(!chandef))
1059 		return -ENOENT;
1060 
1061 	channel = chandef->chan;
1062 
1063 	arg.vdev_id = vdev_id;
1064 	arg.channel.freq = channel->center_freq;
1065 	arg.channel.band_center_freq1 = chandef->center_freq1;
1066 	arg.channel.band_center_freq2 = chandef->center_freq2;
1067 
1068 	/* TODO setup this dynamically, what in case we
1069 	 * don't have any vifs?
1070 	 */
1071 	arg.channel.mode = chan_to_phymode(chandef);
1072 	arg.channel.chan_radar =
1073 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1074 
1075 	arg.channel.min_power = 0;
1076 	arg.channel.max_power = channel->max_power * 2;
1077 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1078 	arg.channel.max_antenna_gain = channel->max_antenna_gain;
1079 
1080 	reinit_completion(&ar->vdev_setup_done);
1081 	reinit_completion(&ar->vdev_delete_done);
1082 
1083 	ret = ath10k_wmi_vdev_start(ar, &arg);
1084 	if (ret) {
1085 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1086 			    vdev_id, ret);
1087 		return ret;
1088 	}
1089 
1090 	ret = ath10k_vdev_setup_sync(ar);
1091 	if (ret) {
1092 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1093 			    vdev_id, ret);
1094 		return ret;
1095 	}
1096 
1097 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1098 	if (ret) {
1099 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1100 			    vdev_id, ret);
1101 		goto vdev_stop;
1102 	}
1103 
1104 	ar->monitor_vdev_id = vdev_id;
1105 
1106 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1107 		   ar->monitor_vdev_id);
1108 	return 0;
1109 
1110 vdev_stop:
1111 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1112 	if (ret)
1113 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1114 			    ar->monitor_vdev_id, ret);
1115 
1116 	return ret;
1117 }
1118 
1119 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1120 {
1121 	int ret = 0;
1122 
1123 	lockdep_assert_held(&ar->conf_mutex);
1124 
1125 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1126 	if (ret)
1127 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1128 			    ar->monitor_vdev_id, ret);
1129 
1130 	reinit_completion(&ar->vdev_setup_done);
1131 	reinit_completion(&ar->vdev_delete_done);
1132 
1133 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1134 	if (ret)
1135 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1136 			    ar->monitor_vdev_id, ret);
1137 
1138 	ret = ath10k_vdev_setup_sync(ar);
1139 	if (ret)
1140 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1141 			    ar->monitor_vdev_id, ret);
1142 
1143 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1144 		   ar->monitor_vdev_id);
1145 	return ret;
1146 }
1147 
1148 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1149 {
1150 	int bit, ret = 0;
1151 
1152 	lockdep_assert_held(&ar->conf_mutex);
1153 
1154 	if (ar->free_vdev_map == 0) {
1155 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1156 		return -ENOMEM;
1157 	}
1158 
1159 	bit = __ffs64(ar->free_vdev_map);
1160 
1161 	ar->monitor_vdev_id = bit;
1162 
1163 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1164 				     WMI_VDEV_TYPE_MONITOR,
1165 				     0, ar->mac_addr);
1166 	if (ret) {
1167 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1168 			    ar->monitor_vdev_id, ret);
1169 		return ret;
1170 	}
1171 
1172 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1173 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1174 		   ar->monitor_vdev_id);
1175 
1176 	return 0;
1177 }
1178 
1179 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1180 {
1181 	int ret = 0;
1182 
1183 	lockdep_assert_held(&ar->conf_mutex);
1184 
1185 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1186 	if (ret) {
1187 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1188 			    ar->monitor_vdev_id, ret);
1189 		return ret;
1190 	}
1191 
1192 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1193 
1194 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1195 		   ar->monitor_vdev_id);
1196 	return ret;
1197 }
1198 
1199 static int ath10k_monitor_start(struct ath10k *ar)
1200 {
1201 	int ret;
1202 
1203 	lockdep_assert_held(&ar->conf_mutex);
1204 
1205 	ret = ath10k_monitor_vdev_create(ar);
1206 	if (ret) {
1207 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1208 		return ret;
1209 	}
1210 
1211 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1212 	if (ret) {
1213 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1214 		ath10k_monitor_vdev_delete(ar);
1215 		return ret;
1216 	}
1217 
1218 	ar->monitor_started = true;
1219 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1220 
1221 	return 0;
1222 }
1223 
1224 static int ath10k_monitor_stop(struct ath10k *ar)
1225 {
1226 	int ret;
1227 
1228 	lockdep_assert_held(&ar->conf_mutex);
1229 
1230 	ret = ath10k_monitor_vdev_stop(ar);
1231 	if (ret) {
1232 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1233 		return ret;
1234 	}
1235 
1236 	ret = ath10k_monitor_vdev_delete(ar);
1237 	if (ret) {
1238 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1239 		return ret;
1240 	}
1241 
1242 	ar->monitor_started = false;
1243 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1244 
1245 	return 0;
1246 }
1247 
1248 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1249 {
1250 	int num_ctx;
1251 
1252 	/* At least one chanctx is required to derive a channel to start
1253 	 * monitor vdev on.
1254 	 */
1255 	num_ctx = ath10k_mac_num_chanctxs(ar);
1256 	if (num_ctx == 0)
1257 		return false;
1258 
1259 	/* If there's already an existing special monitor interface then don't
1260 	 * bother creating another monitor vdev.
1261 	 */
1262 	if (ar->monitor_arvif)
1263 		return false;
1264 
1265 	return ar->monitor ||
1266 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1267 			  ar->running_fw->fw_file.fw_features) &&
1268 		(ar->filter_flags & (FIF_OTHER_BSS | FIF_MCAST_ACTION))) ||
1269 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1270 }
1271 
1272 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1273 {
1274 	int num_ctx;
1275 
1276 	num_ctx = ath10k_mac_num_chanctxs(ar);
1277 
1278 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1279 	 * shouldn't allow this but make sure to prevent handling the following
1280 	 * case anyway since multi-channel DFS hasn't been tested at all.
1281 	 */
1282 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1283 		return false;
1284 
1285 	return true;
1286 }
1287 
1288 static int ath10k_monitor_recalc(struct ath10k *ar)
1289 {
1290 	bool needed;
1291 	bool allowed;
1292 	int ret;
1293 
1294 	lockdep_assert_held(&ar->conf_mutex);
1295 
1296 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1297 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1298 
1299 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1300 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1301 		   ar->monitor_started, needed, allowed);
1302 
1303 	if (WARN_ON(needed && !allowed)) {
1304 		if (ar->monitor_started) {
1305 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1306 
1307 			ret = ath10k_monitor_stop(ar);
1308 			if (ret)
1309 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1310 					    ret);
1311 				/* not serious */
1312 		}
1313 
1314 		return -EPERM;
1315 	}
1316 
1317 	if (needed == ar->monitor_started)
1318 		return 0;
1319 
1320 	if (needed)
1321 		return ath10k_monitor_start(ar);
1322 	else
1323 		return ath10k_monitor_stop(ar);
1324 }
1325 
1326 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1327 {
1328 	struct ath10k *ar = arvif->ar;
1329 
1330 	lockdep_assert_held(&ar->conf_mutex);
1331 
1332 	if (!arvif->is_started) {
1333 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1334 		return false;
1335 	}
1336 
1337 	return true;
1338 }
1339 
1340 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1341 {
1342 	struct ath10k *ar = arvif->ar;
1343 	u32 vdev_param;
1344 
1345 	lockdep_assert_held(&ar->conf_mutex);
1346 
1347 	vdev_param = ar->wmi.vdev_param->protection_mode;
1348 
1349 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1350 		   arvif->vdev_id, arvif->use_cts_prot);
1351 
1352 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1353 					 arvif->use_cts_prot ? 1 : 0);
1354 }
1355 
1356 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1357 {
1358 	struct ath10k *ar = arvif->ar;
1359 	u32 vdev_param, rts_cts = 0;
1360 
1361 	lockdep_assert_held(&ar->conf_mutex);
1362 
1363 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1364 
1365 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1366 
1367 	if (arvif->num_legacy_stations > 0)
1368 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1369 			      WMI_RTSCTS_PROFILE);
1370 	else
1371 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1372 			      WMI_RTSCTS_PROFILE);
1373 
1374 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1375 		   arvif->vdev_id, rts_cts);
1376 
1377 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1378 					 rts_cts);
1379 }
1380 
1381 static int ath10k_start_cac(struct ath10k *ar)
1382 {
1383 	int ret;
1384 
1385 	lockdep_assert_held(&ar->conf_mutex);
1386 
1387 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1388 
1389 	ret = ath10k_monitor_recalc(ar);
1390 	if (ret) {
1391 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1392 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1393 		return ret;
1394 	}
1395 
1396 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1397 		   ar->monitor_vdev_id);
1398 
1399 	return 0;
1400 }
1401 
1402 static int ath10k_stop_cac(struct ath10k *ar)
1403 {
1404 	lockdep_assert_held(&ar->conf_mutex);
1405 
1406 	/* CAC is not running - do nothing */
1407 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1408 		return 0;
1409 
1410 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1411 	ath10k_monitor_stop(ar);
1412 
1413 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1414 
1415 	return 0;
1416 }
1417 
1418 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1419 				      struct ieee80211_chanctx_conf *conf,
1420 				      void *data)
1421 {
1422 	bool *ret = data;
1423 
1424 	if (!*ret && conf->radar_enabled)
1425 		*ret = true;
1426 }
1427 
1428 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1429 {
1430 	bool has_radar = false;
1431 
1432 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1433 					    ath10k_mac_has_radar_iter,
1434 					    &has_radar);
1435 
1436 	return has_radar;
1437 }
1438 
1439 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1440 {
1441 	int ret;
1442 
1443 	lockdep_assert_held(&ar->conf_mutex);
1444 
1445 	ath10k_stop_cac(ar);
1446 
1447 	if (!ath10k_mac_has_radar_enabled(ar))
1448 		return;
1449 
1450 	if (ar->num_started_vdevs > 0)
1451 		return;
1452 
1453 	ret = ath10k_start_cac(ar);
1454 	if (ret) {
1455 		/*
1456 		 * Not possible to start CAC on current channel so starting
1457 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1458 		 * by indicating that radar was detected.
1459 		 */
1460 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1461 		ieee80211_radar_detected(ar->hw, NULL);
1462 	}
1463 }
1464 
1465 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1466 {
1467 	struct ath10k *ar = arvif->ar;
1468 	int ret;
1469 
1470 	lockdep_assert_held(&ar->conf_mutex);
1471 
1472 	reinit_completion(&ar->vdev_setup_done);
1473 	reinit_completion(&ar->vdev_delete_done);
1474 
1475 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1476 	if (ret) {
1477 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1478 			    arvif->vdev_id, ret);
1479 		return ret;
1480 	}
1481 
1482 	ret = ath10k_vdev_setup_sync(ar);
1483 	if (ret) {
1484 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1485 			    arvif->vdev_id, ret);
1486 		return ret;
1487 	}
1488 
1489 	WARN_ON(ar->num_started_vdevs == 0);
1490 
1491 	if (ar->num_started_vdevs != 0) {
1492 		ar->num_started_vdevs--;
1493 		ath10k_recalc_radar_detection(ar);
1494 	}
1495 
1496 	return ret;
1497 }
1498 
1499 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1500 				     const struct cfg80211_chan_def *chandef,
1501 				     bool restart)
1502 {
1503 	struct ath10k *ar = arvif->ar;
1504 	struct wmi_vdev_start_request_arg arg = {};
1505 	int ret = 0;
1506 
1507 	lockdep_assert_held(&ar->conf_mutex);
1508 
1509 	reinit_completion(&ar->vdev_setup_done);
1510 	reinit_completion(&ar->vdev_delete_done);
1511 
1512 	arg.vdev_id = arvif->vdev_id;
1513 	arg.dtim_period = arvif->dtim_period;
1514 	arg.bcn_intval = arvif->beacon_interval;
1515 
1516 	arg.channel.freq = chandef->chan->center_freq;
1517 	arg.channel.band_center_freq1 = chandef->center_freq1;
1518 	arg.channel.band_center_freq2 = chandef->center_freq2;
1519 	arg.channel.mode = chan_to_phymode(chandef);
1520 
1521 	arg.channel.min_power = 0;
1522 	arg.channel.max_power = chandef->chan->max_power * 2;
1523 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1524 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
1525 
1526 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1527 		arg.ssid = arvif->u.ap.ssid;
1528 		arg.ssid_len = arvif->u.ap.ssid_len;
1529 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1530 
1531 		/* For now allow DFS for AP mode */
1532 		arg.channel.chan_radar =
1533 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1534 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1535 		arg.ssid = arvif->vif->cfg.ssid;
1536 		arg.ssid_len = arvif->vif->cfg.ssid_len;
1537 	}
1538 
1539 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1540 		   "mac vdev %d start center_freq %d phymode %s\n",
1541 		   arg.vdev_id, arg.channel.freq,
1542 		   ath10k_wmi_phymode_str(arg.channel.mode));
1543 
1544 	if (restart)
1545 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1546 	else
1547 		ret = ath10k_wmi_vdev_start(ar, &arg);
1548 
1549 	if (ret) {
1550 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1551 			    arg.vdev_id, ret);
1552 		return ret;
1553 	}
1554 
1555 	ret = ath10k_vdev_setup_sync(ar);
1556 	if (ret) {
1557 		ath10k_warn(ar,
1558 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1559 			    arg.vdev_id, restart, ret);
1560 		return ret;
1561 	}
1562 
1563 	ar->num_started_vdevs++;
1564 	ath10k_recalc_radar_detection(ar);
1565 
1566 	return ret;
1567 }
1568 
1569 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1570 			     const struct cfg80211_chan_def *def)
1571 {
1572 	return ath10k_vdev_start_restart(arvif, def, false);
1573 }
1574 
1575 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1576 			       const struct cfg80211_chan_def *def)
1577 {
1578 	return ath10k_vdev_start_restart(arvif, def, true);
1579 }
1580 
1581 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1582 				       struct sk_buff *bcn)
1583 {
1584 	struct ath10k *ar = arvif->ar;
1585 	struct ieee80211_mgmt *mgmt;
1586 	const u8 *p2p_ie;
1587 	int ret;
1588 
1589 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1590 		return 0;
1591 
1592 	mgmt = (void *)bcn->data;
1593 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1594 					 mgmt->u.beacon.variable,
1595 					 bcn->len - (mgmt->u.beacon.variable -
1596 						     bcn->data));
1597 	if (!p2p_ie)
1598 		return -ENOENT;
1599 
1600 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1601 	if (ret) {
1602 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1603 			    arvif->vdev_id, ret);
1604 		return ret;
1605 	}
1606 
1607 	return 0;
1608 }
1609 
1610 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1611 				       u8 oui_type, size_t ie_offset)
1612 {
1613 	size_t len;
1614 	const u8 *next;
1615 	const u8 *end;
1616 	u8 *ie;
1617 
1618 	if (WARN_ON(skb->len < ie_offset))
1619 		return -EINVAL;
1620 
1621 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1622 					   skb->data + ie_offset,
1623 					   skb->len - ie_offset);
1624 	if (!ie)
1625 		return -ENOENT;
1626 
1627 	len = ie[1] + 2;
1628 	end = skb->data + skb->len;
1629 	next = ie + len;
1630 
1631 	if (WARN_ON(next > end))
1632 		return -EINVAL;
1633 
1634 	memmove(ie, next, end - next);
1635 	skb_trim(skb, skb->len - len);
1636 
1637 	return 0;
1638 }
1639 
1640 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1641 {
1642 	struct ath10k *ar = arvif->ar;
1643 	struct ieee80211_hw *hw = ar->hw;
1644 	struct ieee80211_vif *vif = arvif->vif;
1645 	struct ieee80211_mutable_offsets offs = {};
1646 	struct sk_buff *bcn;
1647 	int ret;
1648 
1649 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1650 		return 0;
1651 
1652 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1653 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1654 		return 0;
1655 
1656 	bcn = ieee80211_beacon_get_template(hw, vif, &offs, 0);
1657 	if (!bcn) {
1658 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1659 		return -EPERM;
1660 	}
1661 
1662 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1663 	if (ret) {
1664 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1665 		kfree_skb(bcn);
1666 		return ret;
1667 	}
1668 
1669 	/* P2P IE is inserted by firmware automatically (as configured above)
1670 	 * so remove it from the base beacon template to avoid duplicate P2P
1671 	 * IEs in beacon frames.
1672 	 */
1673 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1674 				    offsetof(struct ieee80211_mgmt,
1675 					     u.beacon.variable));
1676 
1677 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1678 				  0, NULL, 0);
1679 	kfree_skb(bcn);
1680 
1681 	if (ret) {
1682 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1683 			    ret);
1684 		return ret;
1685 	}
1686 
1687 	return 0;
1688 }
1689 
1690 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1691 {
1692 	struct ath10k *ar = arvif->ar;
1693 	struct ieee80211_hw *hw = ar->hw;
1694 	struct ieee80211_vif *vif = arvif->vif;
1695 	struct sk_buff *prb;
1696 	int ret;
1697 
1698 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1699 		return 0;
1700 
1701 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1702 		return 0;
1703 
1704 	 /* For mesh, probe response and beacon share the same template */
1705 	if (ieee80211_vif_is_mesh(vif))
1706 		return 0;
1707 
1708 	prb = ieee80211_proberesp_get(hw, vif);
1709 	if (!prb) {
1710 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1711 		return -EPERM;
1712 	}
1713 
1714 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1715 	kfree_skb(prb);
1716 
1717 	if (ret) {
1718 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1719 			    ret);
1720 		return ret;
1721 	}
1722 
1723 	return 0;
1724 }
1725 
1726 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1727 {
1728 	struct ath10k *ar = arvif->ar;
1729 	struct cfg80211_chan_def def;
1730 	int ret;
1731 
1732 	/* When originally vdev is started during assign_vif_chanctx() some
1733 	 * information is missing, notably SSID. Firmware revisions with beacon
1734 	 * offloading require the SSID to be provided during vdev (re)start to
1735 	 * handle hidden SSID properly.
1736 	 *
1737 	 * Vdev restart must be done after vdev has been both started and
1738 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1739 	 * deliver vdev restart response event causing timeouts during vdev
1740 	 * syncing in ath10k.
1741 	 *
1742 	 * Note: The vdev down/up and template reinstallation could be skipped
1743 	 * since only wmi-tlv firmware are known to have beacon offload and
1744 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1745 	 * response delivery. It's probably more robust to keep it as is.
1746 	 */
1747 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1748 		return 0;
1749 
1750 	if (WARN_ON(!arvif->is_started))
1751 		return -EINVAL;
1752 
1753 	if (WARN_ON(!arvif->is_up))
1754 		return -EINVAL;
1755 
1756 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1757 		return -EINVAL;
1758 
1759 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1760 	if (ret) {
1761 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1762 			    arvif->vdev_id, ret);
1763 		return ret;
1764 	}
1765 
1766 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1767 	 * firmware will crash upon vdev up.
1768 	 */
1769 
1770 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1771 	if (ret) {
1772 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1773 		return ret;
1774 	}
1775 
1776 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1777 	if (ret) {
1778 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1779 		return ret;
1780 	}
1781 
1782 	ret = ath10k_vdev_restart(arvif, &def);
1783 	if (ret) {
1784 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1785 			    arvif->vdev_id, ret);
1786 		return ret;
1787 	}
1788 
1789 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1790 				 arvif->bssid);
1791 	if (ret) {
1792 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1793 			    arvif->vdev_id, ret);
1794 		return ret;
1795 	}
1796 
1797 	return 0;
1798 }
1799 
1800 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1801 				     struct ieee80211_bss_conf *info)
1802 {
1803 	struct ath10k *ar = arvif->ar;
1804 	int ret = 0;
1805 
1806 	lockdep_assert_held(&arvif->ar->conf_mutex);
1807 
1808 	if (!info->enable_beacon) {
1809 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1810 		if (ret)
1811 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1812 				    arvif->vdev_id, ret);
1813 
1814 		arvif->is_up = false;
1815 
1816 		spin_lock_bh(&arvif->ar->data_lock);
1817 		ath10k_mac_vif_beacon_free(arvif);
1818 		spin_unlock_bh(&arvif->ar->data_lock);
1819 
1820 		return;
1821 	}
1822 
1823 	arvif->tx_seq_no = 0x1000;
1824 
1825 	arvif->aid = 0;
1826 	ether_addr_copy(arvif->bssid, info->bssid);
1827 
1828 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1829 				 arvif->bssid);
1830 	if (ret) {
1831 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1832 			    arvif->vdev_id, ret);
1833 		return;
1834 	}
1835 
1836 	arvif->is_up = true;
1837 
1838 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1839 	if (ret) {
1840 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1841 			    arvif->vdev_id, ret);
1842 		return;
1843 	}
1844 
1845 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1846 }
1847 
1848 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1849 				struct ieee80211_vif *vif)
1850 {
1851 	struct ath10k *ar = arvif->ar;
1852 	u32 vdev_param;
1853 	int ret = 0;
1854 
1855 	lockdep_assert_held(&arvif->ar->conf_mutex);
1856 
1857 	if (!vif->cfg.ibss_joined) {
1858 		if (is_zero_ether_addr(arvif->bssid))
1859 			return;
1860 
1861 		eth_zero_addr(arvif->bssid);
1862 
1863 		return;
1864 	}
1865 
1866 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1867 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1868 					ATH10K_DEFAULT_ATIM);
1869 	if (ret)
1870 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1871 			    arvif->vdev_id, ret);
1872 }
1873 
1874 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1875 {
1876 	struct ath10k *ar = arvif->ar;
1877 	u32 param;
1878 	u32 value;
1879 	int ret;
1880 
1881 	lockdep_assert_held(&arvif->ar->conf_mutex);
1882 
1883 	if (arvif->u.sta.uapsd)
1884 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1885 	else
1886 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1887 
1888 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1889 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1890 	if (ret) {
1891 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1892 			    value, arvif->vdev_id, ret);
1893 		return ret;
1894 	}
1895 
1896 	return 0;
1897 }
1898 
1899 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1900 {
1901 	struct ath10k *ar = arvif->ar;
1902 	u32 param;
1903 	u32 value;
1904 	int ret;
1905 
1906 	lockdep_assert_held(&arvif->ar->conf_mutex);
1907 
1908 	if (arvif->u.sta.uapsd)
1909 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1910 	else
1911 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1912 
1913 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1914 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1915 					  param, value);
1916 	if (ret) {
1917 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1918 			    value, arvif->vdev_id, ret);
1919 		return ret;
1920 	}
1921 
1922 	return 0;
1923 }
1924 
1925 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1926 {
1927 	struct ath10k_vif *arvif;
1928 	int num = 0;
1929 
1930 	lockdep_assert_held(&ar->conf_mutex);
1931 
1932 	list_for_each_entry(arvif, &ar->arvifs, list)
1933 		if (arvif->is_started)
1934 			num++;
1935 
1936 	return num;
1937 }
1938 
1939 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1940 {
1941 	struct ath10k *ar = arvif->ar;
1942 	struct ieee80211_vif *vif = arvif->vif;
1943 	struct ieee80211_conf *conf = &ar->hw->conf;
1944 	enum wmi_sta_powersave_param param;
1945 	enum wmi_sta_ps_mode psmode;
1946 	int ret;
1947 	int ps_timeout;
1948 	bool enable_ps;
1949 
1950 	lockdep_assert_held(&arvif->ar->conf_mutex);
1951 
1952 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1953 		return 0;
1954 
1955 	enable_ps = arvif->ps;
1956 
1957 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1958 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1959 		      ar->running_fw->fw_file.fw_features)) {
1960 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1961 			    arvif->vdev_id);
1962 		enable_ps = false;
1963 	}
1964 
1965 	if (!arvif->is_started) {
1966 		/* mac80211 can update vif powersave state while disconnected.
1967 		 * Firmware doesn't behave nicely and consumes more power than
1968 		 * necessary if PS is disabled on a non-started vdev. Hence
1969 		 * force-enable PS for non-running vdevs.
1970 		 */
1971 		psmode = WMI_STA_PS_MODE_ENABLED;
1972 	} else if (enable_ps) {
1973 		psmode = WMI_STA_PS_MODE_ENABLED;
1974 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1975 
1976 		ps_timeout = conf->dynamic_ps_timeout;
1977 		if (ps_timeout == 0) {
1978 			/* Firmware doesn't like 0 */
1979 			ps_timeout = ieee80211_tu_to_usec(
1980 				vif->bss_conf.beacon_int) / 1000;
1981 		}
1982 
1983 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1984 						  ps_timeout);
1985 		if (ret) {
1986 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1987 				    arvif->vdev_id, ret);
1988 			return ret;
1989 		}
1990 	} else {
1991 		psmode = WMI_STA_PS_MODE_DISABLED;
1992 	}
1993 
1994 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1995 		   arvif->vdev_id, psmode ? "enable" : "disable");
1996 
1997 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1998 	if (ret) {
1999 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
2000 			    psmode, arvif->vdev_id, ret);
2001 		return ret;
2002 	}
2003 
2004 	return 0;
2005 }
2006 
2007 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
2008 {
2009 	struct ath10k *ar = arvif->ar;
2010 	struct wmi_sta_keepalive_arg arg = {};
2011 	int ret;
2012 
2013 	lockdep_assert_held(&arvif->ar->conf_mutex);
2014 
2015 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
2016 		return 0;
2017 
2018 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
2019 		return 0;
2020 
2021 	/* Some firmware revisions have a bug and ignore the `enabled` field.
2022 	 * Instead use the interval to disable the keepalive.
2023 	 */
2024 	arg.vdev_id = arvif->vdev_id;
2025 	arg.enabled = 1;
2026 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
2027 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
2028 
2029 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
2030 	if (ret) {
2031 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
2032 			    arvif->vdev_id, ret);
2033 		return ret;
2034 	}
2035 
2036 	return 0;
2037 }
2038 
2039 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2040 {
2041 	struct ath10k *ar = arvif->ar;
2042 	struct ieee80211_vif *vif = arvif->vif;
2043 	int ret;
2044 
2045 	lockdep_assert_held(&arvif->ar->conf_mutex);
2046 
2047 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2048 		return;
2049 
2050 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2051 		return;
2052 
2053 	if (!vif->bss_conf.csa_active)
2054 		return;
2055 
2056 	if (!arvif->is_up)
2057 		return;
2058 
2059 	if (!ieee80211_beacon_cntdwn_is_complete(vif, 0)) {
2060 		ieee80211_beacon_update_cntdwn(vif, 0);
2061 
2062 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2063 		if (ret)
2064 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2065 				    ret);
2066 
2067 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2068 		if (ret)
2069 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2070 				    ret);
2071 	} else {
2072 		ieee80211_csa_finish(vif, 0);
2073 	}
2074 }
2075 
2076 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2077 {
2078 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2079 						ap_csa_work);
2080 	struct ath10k *ar = arvif->ar;
2081 
2082 	mutex_lock(&ar->conf_mutex);
2083 	ath10k_mac_vif_ap_csa_count_down(arvif);
2084 	mutex_unlock(&ar->conf_mutex);
2085 }
2086 
2087 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2088 					  struct ieee80211_vif *vif)
2089 {
2090 	struct sk_buff *skb = data;
2091 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2092 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2093 
2094 	if (vif->type != NL80211_IFTYPE_STATION)
2095 		return;
2096 
2097 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2098 		return;
2099 
2100 	cancel_delayed_work(&arvif->connection_loss_work);
2101 }
2102 
2103 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2104 {
2105 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2106 						   ATH10K_ITER_NORMAL_FLAGS,
2107 						   ath10k_mac_handle_beacon_iter,
2108 						   skb);
2109 }
2110 
2111 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2112 					       struct ieee80211_vif *vif)
2113 {
2114 	u32 *vdev_id = data;
2115 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2116 	struct ath10k *ar = arvif->ar;
2117 	struct ieee80211_hw *hw = ar->hw;
2118 
2119 	if (arvif->vdev_id != *vdev_id)
2120 		return;
2121 
2122 	if (!arvif->is_up)
2123 		return;
2124 
2125 	ieee80211_beacon_loss(vif);
2126 
2127 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2128 	 * (done by mac80211) succeeds but beacons do not resume then it
2129 	 * doesn't make sense to continue operation. Queue connection loss work
2130 	 * which can be cancelled when beacon is received.
2131 	 */
2132 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2133 				     ATH10K_CONNECTION_LOSS_HZ);
2134 }
2135 
2136 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2137 {
2138 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2139 						   ATH10K_ITER_NORMAL_FLAGS,
2140 						   ath10k_mac_handle_beacon_miss_iter,
2141 						   &vdev_id);
2142 }
2143 
2144 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2145 {
2146 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2147 						connection_loss_work.work);
2148 	struct ieee80211_vif *vif = arvif->vif;
2149 
2150 	if (!arvif->is_up)
2151 		return;
2152 
2153 	ieee80211_connection_loss(vif);
2154 }
2155 
2156 /**********************/
2157 /* Station management */
2158 /**********************/
2159 
2160 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2161 					     struct ieee80211_vif *vif)
2162 {
2163 	/* Some firmware revisions have unstable STA powersave when listen
2164 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2165 	 * generate NullFunc frames properly even if buffered frames have been
2166 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2167 	 * buffered frames. Often pinging the device from AP would simply fail.
2168 	 *
2169 	 * As a workaround set it to 1.
2170 	 */
2171 	if (vif->type == NL80211_IFTYPE_STATION)
2172 		return 1;
2173 
2174 	return ar->hw->conf.listen_interval;
2175 }
2176 
2177 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2178 				      struct ieee80211_vif *vif,
2179 				      struct ieee80211_sta *sta,
2180 				      struct wmi_peer_assoc_complete_arg *arg)
2181 {
2182 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2183 	u32 aid;
2184 
2185 	lockdep_assert_held(&ar->conf_mutex);
2186 
2187 	if (vif->type == NL80211_IFTYPE_STATION)
2188 		aid = vif->cfg.aid;
2189 	else
2190 		aid = sta->aid;
2191 
2192 	ether_addr_copy(arg->addr, sta->addr);
2193 	arg->vdev_id = arvif->vdev_id;
2194 	arg->peer_aid = aid;
2195 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2196 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2197 	arg->peer_num_spatial_streams = 1;
2198 	arg->peer_caps = vif->bss_conf.assoc_capability;
2199 }
2200 
2201 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2202 				       struct ieee80211_vif *vif,
2203 				       struct ieee80211_sta *sta,
2204 				       struct wmi_peer_assoc_complete_arg *arg)
2205 {
2206 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2207 	struct cfg80211_chan_def def;
2208 	struct cfg80211_bss *bss;
2209 	const u8 *rsnie = NULL;
2210 	const u8 *wpaie = NULL;
2211 
2212 	lockdep_assert_held(&ar->conf_mutex);
2213 
2214 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2215 		return;
2216 
2217 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid,
2218 			       vif->cfg.ssid_len ? vif->cfg.ssid : NULL,
2219 			       vif->cfg.ssid_len,
2220 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2221 	if (bss) {
2222 		const struct cfg80211_bss_ies *ies;
2223 
2224 		rcu_read_lock();
2225 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2226 
2227 		ies = rcu_dereference(bss->ies);
2228 
2229 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2230 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2231 						ies->data,
2232 						ies->len);
2233 		rcu_read_unlock();
2234 		cfg80211_put_bss(ar->hw->wiphy, bss);
2235 	}
2236 
2237 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2238 	if (rsnie || wpaie) {
2239 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2240 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2241 	}
2242 
2243 	if (wpaie) {
2244 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2245 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2246 	}
2247 
2248 	if (sta->mfp &&
2249 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2250 		     ar->running_fw->fw_file.fw_features)) {
2251 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2252 	}
2253 }
2254 
2255 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2256 				      struct ieee80211_vif *vif,
2257 				      struct ieee80211_sta *sta,
2258 				      struct wmi_peer_assoc_complete_arg *arg)
2259 {
2260 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2261 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2262 	struct cfg80211_chan_def def;
2263 	const struct ieee80211_supported_band *sband;
2264 	const struct ieee80211_rate *rates;
2265 	enum nl80211_band band;
2266 	u32 ratemask;
2267 	u8 rate;
2268 	int i;
2269 
2270 	lockdep_assert_held(&ar->conf_mutex);
2271 
2272 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2273 		return;
2274 
2275 	band = def.chan->band;
2276 	sband = ar->hw->wiphy->bands[band];
2277 	ratemask = sta->deflink.supp_rates[band];
2278 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2279 	rates = sband->bitrates;
2280 
2281 	rateset->num_rates = 0;
2282 
2283 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2284 		if (!(ratemask & 1))
2285 			continue;
2286 
2287 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2288 		rateset->rates[rateset->num_rates] = rate;
2289 		rateset->num_rates++;
2290 	}
2291 }
2292 
2293 static bool
2294 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2295 {
2296 	int nss;
2297 
2298 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2299 		if (ht_mcs_mask[nss])
2300 			return false;
2301 
2302 	return true;
2303 }
2304 
2305 static bool
2306 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2307 {
2308 	int nss;
2309 
2310 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2311 		if (vht_mcs_mask[nss])
2312 			return false;
2313 
2314 	return true;
2315 }
2316 
2317 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2318 				   struct ieee80211_vif *vif,
2319 				   struct ieee80211_sta *sta,
2320 				   struct wmi_peer_assoc_complete_arg *arg)
2321 {
2322 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
2323 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2324 	struct cfg80211_chan_def def;
2325 	enum nl80211_band band;
2326 	const u8 *ht_mcs_mask;
2327 	const u16 *vht_mcs_mask;
2328 	int i, n;
2329 	u8 max_nss;
2330 	u32 stbc;
2331 
2332 	lockdep_assert_held(&ar->conf_mutex);
2333 
2334 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2335 		return;
2336 
2337 	if (!ht_cap->ht_supported)
2338 		return;
2339 
2340 	band = def.chan->band;
2341 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2342 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2343 
2344 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2345 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2346 		return;
2347 
2348 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2349 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2350 				    ht_cap->ampdu_factor)) - 1;
2351 
2352 	arg->peer_mpdu_density =
2353 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2354 
2355 	arg->peer_ht_caps = ht_cap->cap;
2356 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2357 
2358 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2359 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2360 
2361 	if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40) {
2362 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2363 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2364 	}
2365 
2366 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2367 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2368 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2369 
2370 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2371 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2372 	}
2373 
2374 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2375 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2376 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2377 	}
2378 
2379 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2380 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2381 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2382 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2383 		arg->peer_rate_caps |= stbc;
2384 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2385 	}
2386 
2387 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2388 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2389 	else if (ht_cap->mcs.rx_mask[1])
2390 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2391 
2392 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2393 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2394 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2395 			max_nss = (i / 8) + 1;
2396 			arg->peer_ht_rates.rates[n++] = i;
2397 		}
2398 
2399 	/*
2400 	 * This is a workaround for HT-enabled STAs which break the spec
2401 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2402 	 *
2403 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2404 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2405 	 *
2406 	 * Firmware asserts if such situation occurs.
2407 	 */
2408 	if (n == 0) {
2409 		arg->peer_ht_rates.num_rates = 8;
2410 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2411 			arg->peer_ht_rates.rates[i] = i;
2412 	} else {
2413 		arg->peer_ht_rates.num_rates = n;
2414 		arg->peer_num_spatial_streams = min(sta->deflink.rx_nss,
2415 						    max_nss);
2416 	}
2417 
2418 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2419 		   arg->addr,
2420 		   arg->peer_ht_rates.num_rates,
2421 		   arg->peer_num_spatial_streams);
2422 }
2423 
2424 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2425 				    struct ath10k_vif *arvif,
2426 				    struct ieee80211_sta *sta)
2427 {
2428 	u32 uapsd = 0;
2429 	u32 max_sp = 0;
2430 	int ret = 0;
2431 
2432 	lockdep_assert_held(&ar->conf_mutex);
2433 
2434 	if (sta->wme && sta->uapsd_queues) {
2435 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2436 			   sta->uapsd_queues, sta->max_sp);
2437 
2438 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2439 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2440 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2441 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2442 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2443 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2444 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2445 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2446 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2447 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2448 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2449 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2450 
2451 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2452 			max_sp = sta->max_sp;
2453 
2454 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2455 						 sta->addr,
2456 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2457 						 uapsd);
2458 		if (ret) {
2459 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2460 				    arvif->vdev_id, ret);
2461 			return ret;
2462 		}
2463 
2464 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2465 						 sta->addr,
2466 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2467 						 max_sp);
2468 		if (ret) {
2469 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2470 				    arvif->vdev_id, ret);
2471 			return ret;
2472 		}
2473 
2474 		/* TODO setup this based on STA listen interval and
2475 		 * beacon interval. Currently we don't know
2476 		 * sta->listen_interval - mac80211 patch required.
2477 		 * Currently use 10 seconds
2478 		 */
2479 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2480 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2481 						 10);
2482 		if (ret) {
2483 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2484 				    arvif->vdev_id, ret);
2485 			return ret;
2486 		}
2487 	}
2488 
2489 	return 0;
2490 }
2491 
2492 static u16
2493 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2494 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2495 {
2496 	int idx_limit;
2497 	int nss;
2498 	u16 mcs_map;
2499 	u16 mcs;
2500 
2501 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2502 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2503 			  vht_mcs_limit[nss];
2504 
2505 		if (mcs_map)
2506 			idx_limit = fls(mcs_map) - 1;
2507 		else
2508 			idx_limit = -1;
2509 
2510 		switch (idx_limit) {
2511 		case 0:
2512 		case 1:
2513 		case 2:
2514 		case 3:
2515 		case 4:
2516 		case 5:
2517 		case 6:
2518 		default:
2519 			/* see ath10k_mac_can_set_bitrate_mask() */
2520 			WARN_ON(1);
2521 			fallthrough;
2522 		case -1:
2523 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2524 			break;
2525 		case 7:
2526 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2527 			break;
2528 		case 8:
2529 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2530 			break;
2531 		case 9:
2532 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2533 			break;
2534 		}
2535 
2536 		tx_mcs_set &= ~(0x3 << (nss * 2));
2537 		tx_mcs_set |= mcs << (nss * 2);
2538 	}
2539 
2540 	return tx_mcs_set;
2541 }
2542 
2543 static u32 get_160mhz_nss_from_maxrate(int rate)
2544 {
2545 	u32 nss;
2546 
2547 	switch (rate) {
2548 	case 780:
2549 		nss = 1;
2550 		break;
2551 	case 1560:
2552 		nss = 2;
2553 		break;
2554 	case 2106:
2555 		nss = 3; /* not support MCS9 from spec*/
2556 		break;
2557 	case 3120:
2558 		nss = 4;
2559 		break;
2560 	default:
2561 		 nss = 1;
2562 	}
2563 
2564 	return nss;
2565 }
2566 
2567 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2568 				    struct ieee80211_vif *vif,
2569 				    struct ieee80211_sta *sta,
2570 				    struct wmi_peer_assoc_complete_arg *arg)
2571 {
2572 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2573 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2574 	struct ath10k_hw_params *hw = &ar->hw_params;
2575 	struct cfg80211_chan_def def;
2576 	enum nl80211_band band;
2577 	const u16 *vht_mcs_mask;
2578 	u8 ampdu_factor;
2579 	u8 max_nss, vht_mcs;
2580 	int i;
2581 
2582 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2583 		return;
2584 
2585 	if (!vht_cap->vht_supported)
2586 		return;
2587 
2588 	band = def.chan->band;
2589 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2590 
2591 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2592 		return;
2593 
2594 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2595 
2596 	if (def.chan->band == NL80211_BAND_2GHZ)
2597 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2598 
2599 	arg->peer_vht_caps = vht_cap->cap;
2600 
2601 	ampdu_factor = (vht_cap->cap &
2602 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2603 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2604 
2605 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2606 	 * zero in VHT IE. Using it would result in degraded throughput.
2607 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2608 	 * it if VHT max_mpdu is smaller.
2609 	 */
2610 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2611 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2612 					ampdu_factor)) - 1);
2613 
2614 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2615 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2616 
2617 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
2618 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2619 
2620 	/* Calculate peer NSS capability from VHT capabilities if STA
2621 	 * supports VHT.
2622 	 */
2623 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2624 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2625 			  (2 * i) & 3;
2626 
2627 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2628 		    vht_mcs_mask[i])
2629 			max_nss = i + 1;
2630 	}
2631 	arg->peer_num_spatial_streams = min(sta->deflink.rx_nss, max_nss);
2632 	arg->peer_vht_rates.rx_max_rate =
2633 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2634 	arg->peer_vht_rates.rx_mcs_set =
2635 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2636 	arg->peer_vht_rates.tx_max_rate =
2637 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2638 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2639 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2640 
2641 	/* Configure bandwidth-NSS mapping to FW
2642 	 * for the chip's tx chains setting on 160Mhz bw
2643 	 */
2644 	if (arg->peer_phymode == MODE_11AC_VHT160 ||
2645 	    arg->peer_phymode == MODE_11AC_VHT80_80) {
2646 		u32 rx_nss;
2647 		u32 max_rate;
2648 
2649 		max_rate = arg->peer_vht_rates.rx_max_rate;
2650 		rx_nss = get_160mhz_nss_from_maxrate(max_rate);
2651 
2652 		if (rx_nss == 0)
2653 			rx_nss = arg->peer_num_spatial_streams;
2654 		else
2655 			rx_nss = min(arg->peer_num_spatial_streams, rx_nss);
2656 
2657 		max_rate = hw->vht160_mcs_tx_highest;
2658 		rx_nss = min(rx_nss, get_160mhz_nss_from_maxrate(max_rate));
2659 
2660 		arg->peer_bw_rxnss_override =
2661 			FIELD_PREP(WMI_PEER_NSS_MAP_ENABLE, 1) |
2662 			FIELD_PREP(WMI_PEER_NSS_160MHZ_MASK, (rx_nss - 1));
2663 
2664 		if (arg->peer_phymode == MODE_11AC_VHT80_80) {
2665 			arg->peer_bw_rxnss_override |=
2666 			FIELD_PREP(WMI_PEER_NSS_80_80MHZ_MASK, (rx_nss - 1));
2667 		}
2668 	}
2669 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2670 		   "mac vht peer %pM max_mpdu %d flags 0x%x peer_rx_nss_override 0x%x\n",
2671 		   sta->addr, arg->peer_max_mpdu,
2672 		   arg->peer_flags, arg->peer_bw_rxnss_override);
2673 }
2674 
2675 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2676 				    struct ieee80211_vif *vif,
2677 				    struct ieee80211_sta *sta,
2678 				    struct wmi_peer_assoc_complete_arg *arg)
2679 {
2680 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2681 
2682 	switch (arvif->vdev_type) {
2683 	case WMI_VDEV_TYPE_AP:
2684 		if (sta->wme)
2685 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2686 
2687 		if (sta->wme && sta->uapsd_queues) {
2688 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2689 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2690 		}
2691 		break;
2692 	case WMI_VDEV_TYPE_STA:
2693 		if (sta->wme)
2694 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2695 		break;
2696 	case WMI_VDEV_TYPE_IBSS:
2697 		if (sta->wme)
2698 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2699 		break;
2700 	default:
2701 		break;
2702 	}
2703 
2704 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2705 		   sta->addr, !!(arg->peer_flags &
2706 		   arvif->ar->wmi.peer_flags->qos));
2707 }
2708 
2709 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2710 {
2711 	return sta->deflink.supp_rates[NL80211_BAND_2GHZ] >>
2712 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2713 }
2714 
2715 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2716 						    struct ieee80211_sta *sta)
2717 {
2718 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2719 
2720 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160) {
2721 		switch (vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2722 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2723 			return MODE_11AC_VHT160;
2724 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2725 			return MODE_11AC_VHT80_80;
2726 		default:
2727 			/* not sure if this is a valid case? */
2728 			return MODE_11AC_VHT160;
2729 		}
2730 	}
2731 
2732 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2733 		return MODE_11AC_VHT80;
2734 
2735 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2736 		return MODE_11AC_VHT40;
2737 
2738 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
2739 		return MODE_11AC_VHT20;
2740 
2741 	return MODE_UNKNOWN;
2742 }
2743 
2744 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2745 					struct ieee80211_vif *vif,
2746 					struct ieee80211_sta *sta,
2747 					struct wmi_peer_assoc_complete_arg *arg)
2748 {
2749 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2750 	struct cfg80211_chan_def def;
2751 	enum nl80211_band band;
2752 	const u8 *ht_mcs_mask;
2753 	const u16 *vht_mcs_mask;
2754 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2755 
2756 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2757 		return;
2758 
2759 	band = def.chan->band;
2760 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2761 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2762 
2763 	switch (band) {
2764 	case NL80211_BAND_2GHZ:
2765 		if (sta->deflink.vht_cap.vht_supported &&
2766 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2767 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2768 				phymode = MODE_11AC_VHT40;
2769 			else
2770 				phymode = MODE_11AC_VHT20;
2771 		} else if (sta->deflink.ht_cap.ht_supported &&
2772 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2773 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2774 				phymode = MODE_11NG_HT40;
2775 			else
2776 				phymode = MODE_11NG_HT20;
2777 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2778 			phymode = MODE_11G;
2779 		} else {
2780 			phymode = MODE_11B;
2781 		}
2782 
2783 		break;
2784 	case NL80211_BAND_5GHZ:
2785 		/*
2786 		 * Check VHT first.
2787 		 */
2788 		if (sta->deflink.vht_cap.vht_supported &&
2789 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2790 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2791 		} else if (sta->deflink.ht_cap.ht_supported &&
2792 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2793 			if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40)
2794 				phymode = MODE_11NA_HT40;
2795 			else
2796 				phymode = MODE_11NA_HT20;
2797 		} else {
2798 			phymode = MODE_11A;
2799 		}
2800 
2801 		break;
2802 	default:
2803 		break;
2804 	}
2805 
2806 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2807 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2808 
2809 	arg->peer_phymode = phymode;
2810 	WARN_ON(phymode == MODE_UNKNOWN);
2811 }
2812 
2813 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2814 				     struct ieee80211_vif *vif,
2815 				     struct ieee80211_sta *sta,
2816 				     struct wmi_peer_assoc_complete_arg *arg)
2817 {
2818 	lockdep_assert_held(&ar->conf_mutex);
2819 
2820 	memset(arg, 0, sizeof(*arg));
2821 
2822 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2823 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2824 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2825 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2826 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2827 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2828 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2829 
2830 	return 0;
2831 }
2832 
2833 static const u32 ath10k_smps_map[] = {
2834 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2835 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2836 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2837 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2838 };
2839 
2840 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2841 				  const u8 *addr,
2842 				  const struct ieee80211_sta_ht_cap *ht_cap)
2843 {
2844 	int smps;
2845 
2846 	if (!ht_cap->ht_supported)
2847 		return 0;
2848 
2849 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2850 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2851 
2852 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2853 		return -EINVAL;
2854 
2855 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2856 					 ar->wmi.peer_param->smps_state,
2857 					 ath10k_smps_map[smps]);
2858 }
2859 
2860 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2861 				      struct ieee80211_vif *vif,
2862 				      struct ieee80211_sta_vht_cap vht_cap)
2863 {
2864 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2865 	int ret;
2866 	u32 param;
2867 	u32 value;
2868 
2869 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2870 		return 0;
2871 
2872 	if (!(ar->vht_cap_info &
2873 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2874 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2875 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2876 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2877 		return 0;
2878 
2879 	param = ar->wmi.vdev_param->txbf;
2880 	value = 0;
2881 
2882 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2883 		return 0;
2884 
2885 	/* The following logic is correct. If a remote STA advertises support
2886 	 * for being a beamformer then we should enable us being a beamformee.
2887 	 */
2888 
2889 	if (ar->vht_cap_info &
2890 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2891 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2892 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2893 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2894 
2895 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2896 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2897 	}
2898 
2899 	if (ar->vht_cap_info &
2900 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2901 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2902 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2903 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2904 
2905 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2906 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2907 	}
2908 
2909 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2910 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2911 
2912 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2913 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2914 
2915 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2916 	if (ret) {
2917 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2918 			    value, ret);
2919 		return ret;
2920 	}
2921 
2922 	return 0;
2923 }
2924 
2925 static bool ath10k_mac_is_connected(struct ath10k *ar)
2926 {
2927 	struct ath10k_vif *arvif;
2928 
2929 	list_for_each_entry(arvif, &ar->arvifs, list) {
2930 		if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
2931 			return true;
2932 	}
2933 
2934 	return false;
2935 }
2936 
2937 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
2938 {
2939 	int ret;
2940 	u32 param;
2941 	int tx_power_2g, tx_power_5g;
2942 	bool connected;
2943 
2944 	lockdep_assert_held(&ar->conf_mutex);
2945 
2946 	/* ath10k internally uses unit of 0.5 dBm so multiply by 2 */
2947 	tx_power_2g = txpower * 2;
2948 	tx_power_5g = txpower * 2;
2949 
2950 	connected = ath10k_mac_is_connected(ar);
2951 
2952 	if (connected && ar->tx_power_2g_limit)
2953 		if (tx_power_2g > ar->tx_power_2g_limit)
2954 			tx_power_2g = ar->tx_power_2g_limit;
2955 
2956 	if (connected && ar->tx_power_5g_limit)
2957 		if (tx_power_5g > ar->tx_power_5g_limit)
2958 			tx_power_5g = ar->tx_power_5g_limit;
2959 
2960 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower 2g: %d, 5g: %d\n",
2961 		   tx_power_2g, tx_power_5g);
2962 
2963 	param = ar->wmi.pdev_param->txpower_limit2g;
2964 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_2g);
2965 	if (ret) {
2966 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
2967 			    tx_power_2g, ret);
2968 		return ret;
2969 	}
2970 
2971 	param = ar->wmi.pdev_param->txpower_limit5g;
2972 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_5g);
2973 	if (ret) {
2974 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
2975 			    tx_power_5g, ret);
2976 		return ret;
2977 	}
2978 
2979 	return 0;
2980 }
2981 
2982 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
2983 {
2984 	struct ath10k_vif *arvif;
2985 	int ret, txpower = -1;
2986 
2987 	lockdep_assert_held(&ar->conf_mutex);
2988 
2989 	list_for_each_entry(arvif, &ar->arvifs, list) {
2990 		/* txpower not initialized yet? */
2991 		if (arvif->txpower == INT_MIN)
2992 			continue;
2993 
2994 		if (txpower == -1)
2995 			txpower = arvif->txpower;
2996 		else
2997 			txpower = min(txpower, arvif->txpower);
2998 	}
2999 
3000 	if (txpower == -1)
3001 		return 0;
3002 
3003 	ret = ath10k_mac_txpower_setup(ar, txpower);
3004 	if (ret) {
3005 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
3006 			    txpower, ret);
3007 		return ret;
3008 	}
3009 
3010 	return 0;
3011 }
3012 
3013 static int ath10k_mac_set_sar_power(struct ath10k *ar)
3014 {
3015 	if (!ar->hw_params.dynamic_sar_support)
3016 		return -EOPNOTSUPP;
3017 
3018 	if (!ath10k_mac_is_connected(ar))
3019 		return 0;
3020 
3021 	/* if connected, then arvif->txpower must be valid */
3022 	return ath10k_mac_txpower_recalc(ar);
3023 }
3024 
3025 static int ath10k_mac_set_sar_specs(struct ieee80211_hw *hw,
3026 				    const struct cfg80211_sar_specs *sar)
3027 {
3028 	const struct cfg80211_sar_sub_specs *sub_specs;
3029 	struct ath10k *ar = hw->priv;
3030 	u32 i;
3031 	int ret;
3032 
3033 	mutex_lock(&ar->conf_mutex);
3034 
3035 	if (!ar->hw_params.dynamic_sar_support) {
3036 		ret = -EOPNOTSUPP;
3037 		goto err;
3038 	}
3039 
3040 	if (!sar || sar->type != NL80211_SAR_TYPE_POWER ||
3041 	    sar->num_sub_specs == 0) {
3042 		ret = -EINVAL;
3043 		goto err;
3044 	}
3045 
3046 	sub_specs = sar->sub_specs;
3047 
3048 	/* 0dbm is not a practical value for ath10k, so use 0
3049 	 * as no SAR limitation on it.
3050 	 */
3051 	ar->tx_power_2g_limit = 0;
3052 	ar->tx_power_5g_limit = 0;
3053 
3054 	/* note the power is in 0.25dbm unit, while ath10k uses
3055 	 * 0.5dbm unit.
3056 	 */
3057 	for (i = 0; i < sar->num_sub_specs; i++) {
3058 		if (sub_specs->freq_range_index == 0)
3059 			ar->tx_power_2g_limit = sub_specs->power / 2;
3060 		else if (sub_specs->freq_range_index == 1)
3061 			ar->tx_power_5g_limit = sub_specs->power / 2;
3062 
3063 		sub_specs++;
3064 	}
3065 
3066 	ret = ath10k_mac_set_sar_power(ar);
3067 	if (ret) {
3068 		ath10k_warn(ar, "failed to set sar power: %d", ret);
3069 		goto err;
3070 	}
3071 
3072 err:
3073 	mutex_unlock(&ar->conf_mutex);
3074 	return ret;
3075 }
3076 
3077 /* can be called only in mac80211 callbacks due to `key_count` usage */
3078 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
3079 			     struct ieee80211_vif *vif,
3080 			     struct ieee80211_bss_conf *bss_conf)
3081 {
3082 	struct ath10k *ar = hw->priv;
3083 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3084 	struct ieee80211_sta_ht_cap ht_cap;
3085 	struct ieee80211_sta_vht_cap vht_cap;
3086 	struct wmi_peer_assoc_complete_arg peer_arg;
3087 	struct ieee80211_sta *ap_sta;
3088 	int ret;
3089 
3090 	lockdep_assert_held(&ar->conf_mutex);
3091 
3092 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
3093 		   arvif->vdev_id, arvif->bssid, arvif->aid);
3094 
3095 	rcu_read_lock();
3096 
3097 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
3098 	if (!ap_sta) {
3099 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
3100 			    bss_conf->bssid, arvif->vdev_id);
3101 		rcu_read_unlock();
3102 		return;
3103 	}
3104 
3105 	/* ap_sta must be accessed only within rcu section which must be left
3106 	 * before calling ath10k_setup_peer_smps() which might sleep.
3107 	 */
3108 	ht_cap = ap_sta->deflink.ht_cap;
3109 	vht_cap = ap_sta->deflink.vht_cap;
3110 
3111 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
3112 	if (ret) {
3113 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
3114 			    bss_conf->bssid, arvif->vdev_id, ret);
3115 		rcu_read_unlock();
3116 		return;
3117 	}
3118 
3119 	rcu_read_unlock();
3120 
3121 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3122 	if (ret) {
3123 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
3124 			    bss_conf->bssid, arvif->vdev_id, ret);
3125 		return;
3126 	}
3127 
3128 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
3129 	if (ret) {
3130 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
3131 			    arvif->vdev_id, ret);
3132 		return;
3133 	}
3134 
3135 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3136 	if (ret) {
3137 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
3138 			    arvif->vdev_id, bss_conf->bssid, ret);
3139 		return;
3140 	}
3141 
3142 	ath10k_dbg(ar, ATH10K_DBG_MAC,
3143 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
3144 		   arvif->vdev_id, bss_conf->bssid, vif->cfg.aid);
3145 
3146 	WARN_ON(arvif->is_up);
3147 
3148 	arvif->aid = vif->cfg.aid;
3149 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
3150 
3151 	ret = ath10k_wmi_pdev_set_param(ar,
3152 					ar->wmi.pdev_param->peer_stats_info_enable, 1);
3153 	if (ret)
3154 		ath10k_warn(ar, "failed to enable peer stats info: %d\n", ret);
3155 
3156 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
3157 	if (ret) {
3158 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
3159 			    arvif->vdev_id, ret);
3160 		return;
3161 	}
3162 
3163 	arvif->is_up = true;
3164 
3165 	ath10k_mac_set_sar_power(ar);
3166 
3167 	/* Workaround: Some firmware revisions (tested with qca6174
3168 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
3169 	 * poked with peer param command.
3170 	 */
3171 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
3172 					ar->wmi.peer_param->dummy_var, 1);
3173 	if (ret) {
3174 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
3175 			    arvif->bssid, arvif->vdev_id, ret);
3176 		return;
3177 	}
3178 }
3179 
3180 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
3181 				struct ieee80211_vif *vif)
3182 {
3183 	struct ath10k *ar = hw->priv;
3184 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3185 	struct ieee80211_sta_vht_cap vht_cap = {};
3186 	int ret;
3187 
3188 	lockdep_assert_held(&ar->conf_mutex);
3189 
3190 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
3191 		   arvif->vdev_id, arvif->bssid);
3192 
3193 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
3194 	if (ret)
3195 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
3196 			    arvif->vdev_id, ret);
3197 
3198 	arvif->def_wep_key_idx = -1;
3199 
3200 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3201 	if (ret) {
3202 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
3203 			    arvif->vdev_id, ret);
3204 		return;
3205 	}
3206 
3207 	arvif->is_up = false;
3208 
3209 	ath10k_mac_txpower_recalc(ar);
3210 
3211 	cancel_delayed_work_sync(&arvif->connection_loss_work);
3212 }
3213 
3214 static int ath10k_new_peer_tid_config(struct ath10k *ar,
3215 				      struct ieee80211_sta *sta,
3216 				      struct ath10k_vif *arvif)
3217 {
3218 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
3219 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3220 	bool config_apply;
3221 	int ret, i;
3222 
3223 	for (i = 0; i < ATH10K_TID_MAX; i++) {
3224 		config_apply = false;
3225 		if (arvif->retry_long[i] || arvif->ampdu[i] ||
3226 		    arvif->rate_ctrl[i] || arvif->rtscts[i]) {
3227 			config_apply = true;
3228 			arg.tid = i;
3229 			arg.vdev_id = arvif->vdev_id;
3230 			arg.retry_count = arvif->retry_long[i];
3231 			arg.aggr_control = arvif->ampdu[i];
3232 			arg.rate_ctrl = arvif->rate_ctrl[i];
3233 			arg.rcode_flags = arvif->rate_code[i];
3234 
3235 			if (arvif->rtscts[i])
3236 				arg.ext_tid_cfg_bitmap =
3237 					WMI_EXT_TID_RTS_CTS_CONFIG;
3238 			else
3239 				arg.ext_tid_cfg_bitmap = 0;
3240 
3241 			arg.rtscts_ctrl = arvif->rtscts[i];
3242 		}
3243 
3244 		if (arvif->noack[i]) {
3245 			arg.ack_policy = arvif->noack[i];
3246 			arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
3247 			arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
3248 			config_apply = true;
3249 		}
3250 
3251 		/* Assign default value(-1) to newly connected station.
3252 		 * This is to identify station specific tid configuration not
3253 		 * configured for the station.
3254 		 */
3255 		arsta->retry_long[i] = -1;
3256 		arsta->noack[i] = -1;
3257 		arsta->ampdu[i] = -1;
3258 
3259 		if (!config_apply)
3260 			continue;
3261 
3262 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
3263 
3264 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
3265 		if (ret) {
3266 			ath10k_warn(ar, "failed to set per tid retry/aggr config for sta %pM: %d\n",
3267 				    sta->addr, ret);
3268 			return ret;
3269 		}
3270 
3271 		memset(&arg, 0, sizeof(arg));
3272 	}
3273 
3274 	return 0;
3275 }
3276 
3277 static int ath10k_station_assoc(struct ath10k *ar,
3278 				struct ieee80211_vif *vif,
3279 				struct ieee80211_sta *sta,
3280 				bool reassoc)
3281 {
3282 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3283 	struct wmi_peer_assoc_complete_arg peer_arg;
3284 	int ret = 0;
3285 
3286 	lockdep_assert_held(&ar->conf_mutex);
3287 
3288 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
3289 	if (ret) {
3290 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
3291 			    sta->addr, arvif->vdev_id, ret);
3292 		return ret;
3293 	}
3294 
3295 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3296 	if (ret) {
3297 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
3298 			    sta->addr, arvif->vdev_id, ret);
3299 		return ret;
3300 	}
3301 
3302 	/* Re-assoc is run only to update supported rates for given station. It
3303 	 * doesn't make much sense to reconfigure the peer completely.
3304 	 */
3305 	if (!reassoc) {
3306 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3307 					     &sta->deflink.ht_cap);
3308 		if (ret) {
3309 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3310 				    arvif->vdev_id, ret);
3311 			return ret;
3312 		}
3313 
3314 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3315 		if (ret) {
3316 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3317 				    sta->addr, arvif->vdev_id, ret);
3318 			return ret;
3319 		}
3320 
3321 		if (!sta->wme) {
3322 			arvif->num_legacy_stations++;
3323 			ret  = ath10k_recalc_rtscts_prot(arvif);
3324 			if (ret) {
3325 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3326 					    arvif->vdev_id, ret);
3327 				return ret;
3328 			}
3329 		}
3330 
3331 		/* Plumb cached keys only for static WEP */
3332 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3333 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3334 			if (ret) {
3335 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3336 					    arvif->vdev_id, ret);
3337 				return ret;
3338 			}
3339 		}
3340 	}
3341 
3342 	if (!test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map))
3343 		return ret;
3344 
3345 	return ath10k_new_peer_tid_config(ar, sta, arvif);
3346 }
3347 
3348 static int ath10k_station_disassoc(struct ath10k *ar,
3349 				   struct ieee80211_vif *vif,
3350 				   struct ieee80211_sta *sta)
3351 {
3352 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3353 	int ret = 0;
3354 
3355 	lockdep_assert_held(&ar->conf_mutex);
3356 
3357 	if (!sta->wme) {
3358 		arvif->num_legacy_stations--;
3359 		ret = ath10k_recalc_rtscts_prot(arvif);
3360 		if (ret) {
3361 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3362 				    arvif->vdev_id, ret);
3363 			return ret;
3364 		}
3365 	}
3366 
3367 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3368 	if (ret) {
3369 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3370 			    arvif->vdev_id, ret);
3371 		return ret;
3372 	}
3373 
3374 	return ret;
3375 }
3376 
3377 /**************/
3378 /* Regulatory */
3379 /**************/
3380 
3381 static int ath10k_update_channel_list(struct ath10k *ar)
3382 {
3383 	struct ieee80211_hw *hw = ar->hw;
3384 	struct ieee80211_supported_band **bands;
3385 	enum nl80211_band band;
3386 	struct ieee80211_channel *channel;
3387 	struct wmi_scan_chan_list_arg arg = {0};
3388 	struct wmi_channel_arg *ch;
3389 	bool passive;
3390 	int len;
3391 	int ret;
3392 	int i;
3393 
3394 	lockdep_assert_held(&ar->conf_mutex);
3395 
3396 	bands = hw->wiphy->bands;
3397 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3398 		if (!bands[band])
3399 			continue;
3400 
3401 		for (i = 0; i < bands[band]->n_channels; i++) {
3402 			if (bands[band]->channels[i].flags &
3403 			    IEEE80211_CHAN_DISABLED)
3404 				continue;
3405 
3406 			arg.n_channels++;
3407 		}
3408 	}
3409 
3410 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3411 	arg.channels = kzalloc(len, GFP_KERNEL);
3412 	if (!arg.channels)
3413 		return -ENOMEM;
3414 
3415 	ch = arg.channels;
3416 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3417 		if (!bands[band])
3418 			continue;
3419 
3420 		for (i = 0; i < bands[band]->n_channels; i++) {
3421 			channel = &bands[band]->channels[i];
3422 
3423 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3424 				continue;
3425 
3426 			ch->allow_ht = true;
3427 
3428 			/* FIXME: when should we really allow VHT? */
3429 			ch->allow_vht = true;
3430 
3431 			ch->allow_ibss =
3432 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3433 
3434 			ch->ht40plus =
3435 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3436 
3437 			ch->chan_radar =
3438 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3439 
3440 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3441 			ch->passive = passive;
3442 
3443 			/* the firmware is ignoring the "radar" flag of the
3444 			 * channel and is scanning actively using Probe Requests
3445 			 * on "Radar detection"/DFS channels which are not
3446 			 * marked as "available"
3447 			 */
3448 			ch->passive |= ch->chan_radar;
3449 
3450 			ch->freq = channel->center_freq;
3451 			ch->band_center_freq1 = channel->center_freq;
3452 			ch->min_power = 0;
3453 			ch->max_power = channel->max_power * 2;
3454 			ch->max_reg_power = channel->max_reg_power * 2;
3455 			ch->max_antenna_gain = channel->max_antenna_gain;
3456 			ch->reg_class_id = 0; /* FIXME */
3457 
3458 			/* FIXME: why use only legacy modes, why not any
3459 			 * HT/VHT modes? Would that even make any
3460 			 * difference?
3461 			 */
3462 			if (channel->band == NL80211_BAND_2GHZ)
3463 				ch->mode = MODE_11G;
3464 			else
3465 				ch->mode = MODE_11A;
3466 
3467 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3468 				continue;
3469 
3470 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3471 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3472 				    ch - arg.channels, arg.n_channels,
3473 				   ch->freq, ch->max_power, ch->max_reg_power,
3474 				   ch->max_antenna_gain, ch->mode);
3475 
3476 			ch++;
3477 		}
3478 	}
3479 
3480 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3481 	kfree(arg.channels);
3482 
3483 	return ret;
3484 }
3485 
3486 static enum wmi_dfs_region
3487 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3488 {
3489 	switch (dfs_region) {
3490 	case NL80211_DFS_UNSET:
3491 		return WMI_UNINIT_DFS_DOMAIN;
3492 	case NL80211_DFS_FCC:
3493 		return WMI_FCC_DFS_DOMAIN;
3494 	case NL80211_DFS_ETSI:
3495 		return WMI_ETSI_DFS_DOMAIN;
3496 	case NL80211_DFS_JP:
3497 		return WMI_MKK4_DFS_DOMAIN;
3498 	}
3499 	return WMI_UNINIT_DFS_DOMAIN;
3500 }
3501 
3502 static void ath10k_regd_update(struct ath10k *ar)
3503 {
3504 	struct reg_dmn_pair_mapping *regpair;
3505 	int ret;
3506 	enum wmi_dfs_region wmi_dfs_reg;
3507 	enum nl80211_dfs_regions nl_dfs_reg;
3508 
3509 	lockdep_assert_held(&ar->conf_mutex);
3510 
3511 	ret = ath10k_update_channel_list(ar);
3512 	if (ret)
3513 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3514 
3515 	regpair = ar->ath_common.regulatory.regpair;
3516 
3517 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3518 		nl_dfs_reg = ar->dfs_detector->region;
3519 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3520 	} else {
3521 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3522 	}
3523 
3524 	/* Target allows setting up per-band regdomain but ath_common provides
3525 	 * a combined one only
3526 	 */
3527 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3528 					    regpair->reg_domain,
3529 					    regpair->reg_domain, /* 2ghz */
3530 					    regpair->reg_domain, /* 5ghz */
3531 					    regpair->reg_2ghz_ctl,
3532 					    regpair->reg_5ghz_ctl,
3533 					    wmi_dfs_reg);
3534 	if (ret)
3535 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3536 }
3537 
3538 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3539 					   struct ieee80211_supported_band *band)
3540 {
3541 	int i;
3542 
3543 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3544 		for (i = 0; i < band->n_channels; i++) {
3545 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3546 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3547 				band->channels[i].flags |=
3548 					IEEE80211_CHAN_DISABLED;
3549 		}
3550 	}
3551 }
3552 
3553 static void ath10k_reg_notifier(struct wiphy *wiphy,
3554 				struct regulatory_request *request)
3555 {
3556 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3557 	struct ath10k *ar = hw->priv;
3558 	bool result;
3559 
3560 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3561 
3562 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3563 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3564 			   request->dfs_region);
3565 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3566 							  request->dfs_region);
3567 		if (!result)
3568 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3569 				    request->dfs_region);
3570 	}
3571 
3572 	mutex_lock(&ar->conf_mutex);
3573 	if (ar->state == ATH10K_STATE_ON)
3574 		ath10k_regd_update(ar);
3575 	mutex_unlock(&ar->conf_mutex);
3576 
3577 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3578 		ath10k_mac_update_channel_list(ar,
3579 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3580 }
3581 
3582 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3583 {
3584 	spin_lock_bh(&ar->data_lock);
3585 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3586 	spin_unlock_bh(&ar->data_lock);
3587 
3588 	cancel_work_sync(&ar->radar_confirmation_work);
3589 }
3590 
3591 /***************/
3592 /* TX handlers */
3593 /***************/
3594 
3595 enum ath10k_mac_tx_path {
3596 	ATH10K_MAC_TX_HTT,
3597 	ATH10K_MAC_TX_HTT_MGMT,
3598 	ATH10K_MAC_TX_WMI_MGMT,
3599 	ATH10K_MAC_TX_UNKNOWN,
3600 };
3601 
3602 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3603 {
3604 	lockdep_assert_held(&ar->htt.tx_lock);
3605 
3606 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3607 	ar->tx_paused |= BIT(reason);
3608 	ieee80211_stop_queues(ar->hw);
3609 }
3610 
3611 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3612 				      struct ieee80211_vif *vif)
3613 {
3614 	struct ath10k *ar = data;
3615 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3616 
3617 	if (arvif->tx_paused)
3618 		return;
3619 
3620 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3621 }
3622 
3623 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3624 {
3625 	lockdep_assert_held(&ar->htt.tx_lock);
3626 
3627 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3628 	ar->tx_paused &= ~BIT(reason);
3629 
3630 	if (ar->tx_paused)
3631 		return;
3632 
3633 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3634 						   ATH10K_ITER_RESUME_FLAGS,
3635 						   ath10k_mac_tx_unlock_iter,
3636 						   ar);
3637 
3638 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3639 }
3640 
3641 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3642 {
3643 	struct ath10k *ar = arvif->ar;
3644 
3645 	lockdep_assert_held(&ar->htt.tx_lock);
3646 
3647 	WARN_ON(reason >= BITS_PER_LONG);
3648 	arvif->tx_paused |= BIT(reason);
3649 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3650 }
3651 
3652 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3653 {
3654 	struct ath10k *ar = arvif->ar;
3655 
3656 	lockdep_assert_held(&ar->htt.tx_lock);
3657 
3658 	WARN_ON(reason >= BITS_PER_LONG);
3659 	arvif->tx_paused &= ~BIT(reason);
3660 
3661 	if (ar->tx_paused)
3662 		return;
3663 
3664 	if (arvif->tx_paused)
3665 		return;
3666 
3667 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3668 }
3669 
3670 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3671 					   enum wmi_tlv_tx_pause_id pause_id,
3672 					   enum wmi_tlv_tx_pause_action action)
3673 {
3674 	struct ath10k *ar = arvif->ar;
3675 
3676 	lockdep_assert_held(&ar->htt.tx_lock);
3677 
3678 	switch (action) {
3679 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3680 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3681 		break;
3682 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3683 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3684 		break;
3685 	default:
3686 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3687 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3688 			    action, arvif->vdev_id);
3689 		break;
3690 	}
3691 }
3692 
3693 struct ath10k_mac_tx_pause {
3694 	u32 vdev_id;
3695 	enum wmi_tlv_tx_pause_id pause_id;
3696 	enum wmi_tlv_tx_pause_action action;
3697 };
3698 
3699 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3700 					    struct ieee80211_vif *vif)
3701 {
3702 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3703 	struct ath10k_mac_tx_pause *arg = data;
3704 
3705 	if (arvif->vdev_id != arg->vdev_id)
3706 		return;
3707 
3708 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3709 }
3710 
3711 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3712 				     enum wmi_tlv_tx_pause_id pause_id,
3713 				     enum wmi_tlv_tx_pause_action action)
3714 {
3715 	struct ath10k_mac_tx_pause arg = {
3716 		.vdev_id = vdev_id,
3717 		.pause_id = pause_id,
3718 		.action = action,
3719 	};
3720 
3721 	spin_lock_bh(&ar->htt.tx_lock);
3722 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3723 						   ATH10K_ITER_RESUME_FLAGS,
3724 						   ath10k_mac_handle_tx_pause_iter,
3725 						   &arg);
3726 	spin_unlock_bh(&ar->htt.tx_lock);
3727 }
3728 
3729 static enum ath10k_hw_txrx_mode
3730 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3731 			   struct ieee80211_vif *vif,
3732 			   struct ieee80211_sta *sta,
3733 			   struct sk_buff *skb)
3734 {
3735 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3736 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3737 	__le16 fc = hdr->frame_control;
3738 
3739 	if (IEEE80211_SKB_CB(skb)->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)
3740 		return ATH10K_HW_TXRX_ETHERNET;
3741 
3742 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3743 		return ATH10K_HW_TXRX_RAW;
3744 
3745 	if (ieee80211_is_mgmt(fc))
3746 		return ATH10K_HW_TXRX_MGMT;
3747 
3748 	/* Workaround:
3749 	 *
3750 	 * NullFunc frames are mostly used to ping if a client or AP are still
3751 	 * reachable and responsive. This implies tx status reports must be
3752 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3753 	 * come to a conclusion that the other end disappeared and tear down
3754 	 * BSS connection or it can never disconnect from BSS/client (which is
3755 	 * the case).
3756 	 *
3757 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3758 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3759 	 * which seems to deliver correct tx reports for NullFunc frames. The
3760 	 * downside of using it is it ignores client powersave state so it can
3761 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3762 	 * mode though because AP don't sleep.
3763 	 */
3764 	if (ar->htt.target_version_major < 3 &&
3765 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3766 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3767 		      ar->running_fw->fw_file.fw_features))
3768 		return ATH10K_HW_TXRX_MGMT;
3769 
3770 	/* Workaround:
3771 	 *
3772 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3773 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3774 	 * to work with Ethernet txmode so use it.
3775 	 *
3776 	 * FIXME: Check if raw mode works with TDLS.
3777 	 */
3778 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3779 		return ATH10K_HW_TXRX_ETHERNET;
3780 
3781 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3782 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3783 		return ATH10K_HW_TXRX_RAW;
3784 
3785 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3786 }
3787 
3788 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3789 				     struct sk_buff *skb)
3790 {
3791 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3792 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3793 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3794 			 IEEE80211_TX_CTL_INJECTED;
3795 
3796 	if (!ieee80211_has_protected(hdr->frame_control))
3797 		return false;
3798 
3799 	if ((info->flags & mask) == mask)
3800 		return false;
3801 
3802 	if (vif)
3803 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3804 
3805 	return true;
3806 }
3807 
3808 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3809  * Control in the header.
3810  */
3811 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3812 {
3813 	struct ieee80211_hdr *hdr = (void *)skb->data;
3814 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3815 	u8 *qos_ctl;
3816 
3817 	if (!ieee80211_is_data_qos(hdr->frame_control))
3818 		return;
3819 
3820 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3821 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3822 		skb->data, (void *)qos_ctl - (void *)skb->data);
3823 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3824 
3825 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3826 	 * These frames are mainly used for CQM purposes so it doesn't really
3827 	 * matter whether QoS NullFunc or NullFunc are sent.
3828 	 */
3829 	hdr = (void *)skb->data;
3830 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3831 		cb->flags &= ~ATH10K_SKB_F_QOS;
3832 
3833 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3834 }
3835 
3836 static void ath10k_tx_h_8023(struct sk_buff *skb)
3837 {
3838 	struct ieee80211_hdr *hdr;
3839 	struct rfc1042_hdr *rfc1042;
3840 	struct ethhdr *eth;
3841 	size_t hdrlen;
3842 	u8 da[ETH_ALEN];
3843 	u8 sa[ETH_ALEN];
3844 	__be16 type;
3845 
3846 	hdr = (void *)skb->data;
3847 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3848 	rfc1042 = (void *)skb->data + hdrlen;
3849 
3850 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3851 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3852 	type = rfc1042->snap_type;
3853 
3854 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3855 	skb_push(skb, sizeof(*eth));
3856 
3857 	eth = (void *)skb->data;
3858 	ether_addr_copy(eth->h_dest, da);
3859 	ether_addr_copy(eth->h_source, sa);
3860 	eth->h_proto = type;
3861 }
3862 
3863 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3864 				       struct ieee80211_vif *vif,
3865 				       struct sk_buff *skb)
3866 {
3867 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3868 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3869 
3870 	/* This is case only for P2P_GO */
3871 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3872 		return;
3873 
3874 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3875 		spin_lock_bh(&ar->data_lock);
3876 		if (arvif->u.ap.noa_data)
3877 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3878 					      GFP_ATOMIC))
3879 				skb_put_data(skb, arvif->u.ap.noa_data,
3880 					     arvif->u.ap.noa_len);
3881 		spin_unlock_bh(&ar->data_lock);
3882 	}
3883 }
3884 
3885 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3886 				    struct ieee80211_vif *vif,
3887 				    struct ieee80211_txq *txq,
3888 				    struct ieee80211_sta *sta,
3889 				    struct sk_buff *skb, u16 airtime)
3890 {
3891 	struct ieee80211_hdr *hdr = (void *)skb->data;
3892 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3893 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3894 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3895 			ieee80211_is_data_qos(hdr->frame_control);
3896 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3897 	struct ath10k_sta *arsta;
3898 	u8 tid, *qos_ctl;
3899 	bool noack = false;
3900 
3901 	cb->flags = 0;
3902 
3903 	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3904 		cb->flags |= ATH10K_SKB_F_QOS;	/* Assume data frames are QoS */
3905 		goto finish_cb_fill;
3906 	}
3907 
3908 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3909 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3910 
3911 	if (ieee80211_is_mgmt(hdr->frame_control))
3912 		cb->flags |= ATH10K_SKB_F_MGMT;
3913 
3914 	if (ieee80211_is_data_qos(hdr->frame_control)) {
3915 		cb->flags |= ATH10K_SKB_F_QOS;
3916 		qos_ctl = ieee80211_get_qos_ctl(hdr);
3917 		tid = (*qos_ctl) & IEEE80211_QOS_CTL_TID_MASK;
3918 
3919 		if (arvif->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3920 			noack = true;
3921 
3922 		if (sta) {
3923 			arsta = (struct ath10k_sta *)sta->drv_priv;
3924 
3925 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3926 				noack = true;
3927 
3928 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_ACK)
3929 				noack = false;
3930 		}
3931 
3932 		if (noack)
3933 			cb->flags |= ATH10K_SKB_F_NOACK_TID;
3934 	}
3935 
3936 	/* Data frames encrypted in software will be posted to firmware
3937 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3938 	 * for a specific VLAN group will always be encrypted in software.
3939 	 */
3940 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3941 	    !info->control.hw_key) {
3942 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3943 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3944 	}
3945 
3946 finish_cb_fill:
3947 	cb->vif = vif;
3948 	cb->txq = txq;
3949 	cb->airtime_est = airtime;
3950 	if (sta) {
3951 		arsta = (struct ath10k_sta *)sta->drv_priv;
3952 		spin_lock_bh(&ar->data_lock);
3953 		cb->ucast_cipher = arsta->ucast_cipher;
3954 		spin_unlock_bh(&ar->data_lock);
3955 	}
3956 }
3957 
3958 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3959 {
3960 	/* FIXME: Not really sure since when the behaviour changed. At some
3961 	 * point new firmware stopped requiring creation of peer entries for
3962 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3963 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3964 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3965 	 */
3966 	return (ar->htt.target_version_major >= 3 &&
3967 		ar->htt.target_version_minor >= 4 &&
3968 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3969 }
3970 
3971 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3972 {
3973 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3974 
3975 	if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
3976 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3977 		return -ENOSPC;
3978 	}
3979 
3980 	skb_queue_tail(q, skb);
3981 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3982 
3983 	return 0;
3984 }
3985 
3986 static enum ath10k_mac_tx_path
3987 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3988 			   struct sk_buff *skb,
3989 			   enum ath10k_hw_txrx_mode txmode)
3990 {
3991 	switch (txmode) {
3992 	case ATH10K_HW_TXRX_RAW:
3993 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3994 	case ATH10K_HW_TXRX_ETHERNET:
3995 		return ATH10K_MAC_TX_HTT;
3996 	case ATH10K_HW_TXRX_MGMT:
3997 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3998 			     ar->running_fw->fw_file.fw_features) ||
3999 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
4000 				      ar->wmi.svc_map))
4001 			return ATH10K_MAC_TX_WMI_MGMT;
4002 		else if (ar->htt.target_version_major >= 3)
4003 			return ATH10K_MAC_TX_HTT;
4004 		else
4005 			return ATH10K_MAC_TX_HTT_MGMT;
4006 	}
4007 
4008 	return ATH10K_MAC_TX_UNKNOWN;
4009 }
4010 
4011 static int ath10k_mac_tx_submit(struct ath10k *ar,
4012 				enum ath10k_hw_txrx_mode txmode,
4013 				enum ath10k_mac_tx_path txpath,
4014 				struct sk_buff *skb)
4015 {
4016 	struct ath10k_htt *htt = &ar->htt;
4017 	int ret = -EINVAL;
4018 
4019 	switch (txpath) {
4020 	case ATH10K_MAC_TX_HTT:
4021 		ret = ath10k_htt_tx(htt, txmode, skb);
4022 		break;
4023 	case ATH10K_MAC_TX_HTT_MGMT:
4024 		ret = ath10k_htt_mgmt_tx(htt, skb);
4025 		break;
4026 	case ATH10K_MAC_TX_WMI_MGMT:
4027 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
4028 		break;
4029 	case ATH10K_MAC_TX_UNKNOWN:
4030 		WARN_ON_ONCE(1);
4031 		ret = -EINVAL;
4032 		break;
4033 	}
4034 
4035 	if (ret) {
4036 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
4037 			    ret);
4038 		ieee80211_free_txskb(ar->hw, skb);
4039 	}
4040 
4041 	return ret;
4042 }
4043 
4044 /* This function consumes the sk_buff regardless of return value as far as
4045  * caller is concerned so no freeing is necessary afterwards.
4046  */
4047 static int ath10k_mac_tx(struct ath10k *ar,
4048 			 struct ieee80211_vif *vif,
4049 			 enum ath10k_hw_txrx_mode txmode,
4050 			 enum ath10k_mac_tx_path txpath,
4051 			 struct sk_buff *skb, bool noque_offchan)
4052 {
4053 	struct ieee80211_hw *hw = ar->hw;
4054 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4055 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
4056 	int ret;
4057 
4058 	/* We should disable CCK RATE due to P2P */
4059 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
4060 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
4061 
4062 	switch (txmode) {
4063 	case ATH10K_HW_TXRX_MGMT:
4064 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4065 		ath10k_tx_h_nwifi(hw, skb);
4066 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
4067 		ath10k_tx_h_seq_no(vif, skb);
4068 		break;
4069 	case ATH10K_HW_TXRX_ETHERNET:
4070 		/* Convert 802.11->802.3 header only if the frame was earlier
4071 		 * encapsulated to 802.11 by mac80211. Otherwise pass it as is.
4072 		 */
4073 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP))
4074 			ath10k_tx_h_8023(skb);
4075 		break;
4076 	case ATH10K_HW_TXRX_RAW:
4077 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
4078 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
4079 			WARN_ON_ONCE(1);
4080 			ieee80211_free_txskb(hw, skb);
4081 			return -EOPNOTSUPP;
4082 		}
4083 	}
4084 
4085 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
4086 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
4087 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %p len %d\n",
4088 				   skb, skb->len);
4089 
4090 			skb_queue_tail(&ar->offchan_tx_queue, skb);
4091 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
4092 			return 0;
4093 		}
4094 	}
4095 
4096 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
4097 	if (ret) {
4098 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
4099 		return ret;
4100 	}
4101 
4102 	return 0;
4103 }
4104 
4105 void ath10k_offchan_tx_purge(struct ath10k *ar)
4106 {
4107 	struct sk_buff *skb;
4108 
4109 	for (;;) {
4110 		skb = skb_dequeue(&ar->offchan_tx_queue);
4111 		if (!skb)
4112 			break;
4113 
4114 		ieee80211_free_txskb(ar->hw, skb);
4115 	}
4116 }
4117 
4118 void ath10k_offchan_tx_work(struct work_struct *work)
4119 {
4120 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
4121 	struct ath10k_peer *peer;
4122 	struct ath10k_vif *arvif;
4123 	enum ath10k_hw_txrx_mode txmode;
4124 	enum ath10k_mac_tx_path txpath;
4125 	struct ieee80211_hdr *hdr;
4126 	struct ieee80211_vif *vif;
4127 	struct ieee80211_sta *sta;
4128 	struct sk_buff *skb;
4129 	const u8 *peer_addr;
4130 	int vdev_id;
4131 	int ret;
4132 	unsigned long time_left;
4133 	bool tmp_peer_created = false;
4134 
4135 	/* FW requirement: We must create a peer before FW will send out
4136 	 * an offchannel frame. Otherwise the frame will be stuck and
4137 	 * never transmitted. We delete the peer upon tx completion.
4138 	 * It is unlikely that a peer for offchannel tx will already be
4139 	 * present. However it may be in some rare cases so account for that.
4140 	 * Otherwise we might remove a legitimate peer and break stuff.
4141 	 */
4142 
4143 	for (;;) {
4144 		skb = skb_dequeue(&ar->offchan_tx_queue);
4145 		if (!skb)
4146 			break;
4147 
4148 		mutex_lock(&ar->conf_mutex);
4149 
4150 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %p len %d\n",
4151 			   skb, skb->len);
4152 
4153 		hdr = (struct ieee80211_hdr *)skb->data;
4154 		peer_addr = ieee80211_get_DA(hdr);
4155 
4156 		spin_lock_bh(&ar->data_lock);
4157 		vdev_id = ar->scan.vdev_id;
4158 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
4159 		spin_unlock_bh(&ar->data_lock);
4160 
4161 		if (peer) {
4162 			ath10k_warn(ar, "peer %pM on vdev %d already present\n",
4163 				    peer_addr, vdev_id);
4164 		} else {
4165 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
4166 						 peer_addr,
4167 						 WMI_PEER_TYPE_DEFAULT);
4168 			if (ret)
4169 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
4170 					    peer_addr, vdev_id, ret);
4171 			tmp_peer_created = (ret == 0);
4172 		}
4173 
4174 		spin_lock_bh(&ar->data_lock);
4175 		reinit_completion(&ar->offchan_tx_completed);
4176 		ar->offchan_tx_skb = skb;
4177 		spin_unlock_bh(&ar->data_lock);
4178 
4179 		/* It's safe to access vif and sta - conf_mutex guarantees that
4180 		 * sta_state() and remove_interface() are locked exclusively
4181 		 * out wrt to this offchannel worker.
4182 		 */
4183 		arvif = ath10k_get_arvif(ar, vdev_id);
4184 		if (arvif) {
4185 			vif = arvif->vif;
4186 			sta = ieee80211_find_sta(vif, peer_addr);
4187 		} else {
4188 			vif = NULL;
4189 			sta = NULL;
4190 		}
4191 
4192 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4193 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4194 
4195 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
4196 		if (ret) {
4197 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
4198 				    ret);
4199 			/* not serious */
4200 		}
4201 
4202 		time_left =
4203 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
4204 		if (time_left == 0)
4205 			ath10k_warn(ar, "timed out waiting for offchannel skb %p, len: %d\n",
4206 				    skb, skb->len);
4207 
4208 		if (!peer && tmp_peer_created) {
4209 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
4210 			if (ret)
4211 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
4212 					    peer_addr, vdev_id, ret);
4213 		}
4214 
4215 		mutex_unlock(&ar->conf_mutex);
4216 	}
4217 }
4218 
4219 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
4220 {
4221 	struct sk_buff *skb;
4222 
4223 	for (;;) {
4224 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4225 		if (!skb)
4226 			break;
4227 
4228 		ieee80211_free_txskb(ar->hw, skb);
4229 	}
4230 }
4231 
4232 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
4233 {
4234 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
4235 	struct sk_buff *skb;
4236 	dma_addr_t paddr;
4237 	int ret;
4238 
4239 	for (;;) {
4240 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4241 		if (!skb)
4242 			break;
4243 
4244 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
4245 			     ar->running_fw->fw_file.fw_features)) {
4246 			paddr = dma_map_single(ar->dev, skb->data,
4247 					       skb->len, DMA_TO_DEVICE);
4248 			if (dma_mapping_error(ar->dev, paddr)) {
4249 				ieee80211_free_txskb(ar->hw, skb);
4250 				continue;
4251 			}
4252 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
4253 			if (ret) {
4254 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
4255 					    ret);
4256 				/* remove this msdu from idr tracking */
4257 				ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
4258 
4259 				dma_unmap_single(ar->dev, paddr, skb->len,
4260 						 DMA_TO_DEVICE);
4261 				ieee80211_free_txskb(ar->hw, skb);
4262 			}
4263 		} else {
4264 			ret = ath10k_wmi_mgmt_tx(ar, skb);
4265 			if (ret) {
4266 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
4267 					    ret);
4268 				ieee80211_free_txskb(ar->hw, skb);
4269 			}
4270 		}
4271 	}
4272 }
4273 
4274 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
4275 {
4276 	struct ath10k_txq *artxq;
4277 
4278 	if (!txq)
4279 		return;
4280 
4281 	artxq = (void *)txq->drv_priv;
4282 	INIT_LIST_HEAD(&artxq->list);
4283 }
4284 
4285 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
4286 {
4287 	struct ath10k_skb_cb *cb;
4288 	struct sk_buff *msdu;
4289 	int msdu_id;
4290 
4291 	if (!txq)
4292 		return;
4293 
4294 	spin_lock_bh(&ar->htt.tx_lock);
4295 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
4296 		cb = ATH10K_SKB_CB(msdu);
4297 		if (cb->txq == txq)
4298 			cb->txq = NULL;
4299 	}
4300 	spin_unlock_bh(&ar->htt.tx_lock);
4301 }
4302 
4303 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
4304 					    u16 peer_id,
4305 					    u8 tid)
4306 {
4307 	struct ath10k_peer *peer;
4308 
4309 	lockdep_assert_held(&ar->data_lock);
4310 
4311 	peer = ar->peer_map[peer_id];
4312 	if (!peer)
4313 		return NULL;
4314 
4315 	if (peer->removed)
4316 		return NULL;
4317 
4318 	if (peer->sta)
4319 		return peer->sta->txq[tid];
4320 	else if (peer->vif)
4321 		return peer->vif->txq;
4322 	else
4323 		return NULL;
4324 }
4325 
4326 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
4327 				   struct ieee80211_txq *txq)
4328 {
4329 	struct ath10k *ar = hw->priv;
4330 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4331 
4332 	/* No need to get locks */
4333 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
4334 		return true;
4335 
4336 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
4337 		return true;
4338 
4339 	if (artxq->num_fw_queued < artxq->num_push_allowed)
4340 		return true;
4341 
4342 	return false;
4343 }
4344 
4345 /* Return estimated airtime in microsecond, which is calculated using last
4346  * reported TX rate. This is just a rough estimation because host driver has no
4347  * knowledge of the actual transmit rate, retries or aggregation. If actual
4348  * airtime can be reported by firmware, then delta between estimated and actual
4349  * airtime can be adjusted from deficit.
4350  */
4351 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4352 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4353 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4354 				     struct ieee80211_txq *txq,
4355 				     struct sk_buff *skb)
4356 {
4357 	struct ath10k_sta *arsta;
4358 	u32 pktlen;
4359 	u16 airtime = 0;
4360 
4361 	if (!txq || !txq->sta)
4362 		return airtime;
4363 
4364 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4365 		return airtime;
4366 
4367 	spin_lock_bh(&ar->data_lock);
4368 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4369 
4370 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4371 	if (arsta->last_tx_bitrate) {
4372 		/* airtime in us, last_tx_bitrate in 100kbps */
4373 		airtime = (pktlen * 8 * (1000 / 100))
4374 				/ arsta->last_tx_bitrate;
4375 		/* overhead for media access time and IFS */
4376 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4377 	} else {
4378 		/* This is mostly for throttle excessive BC/MC frames, and the
4379 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4380 		 * in 2G get some discount, which helps prevent very low rate
4381 		 * frames from being blocked for too long.
4382 		 */
4383 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4384 		airtime += IEEE80211_ATF_OVERHEAD;
4385 	}
4386 	spin_unlock_bh(&ar->data_lock);
4387 
4388 	return airtime;
4389 }
4390 
4391 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4392 			   struct ieee80211_txq *txq)
4393 {
4394 	struct ath10k *ar = hw->priv;
4395 	struct ath10k_htt *htt = &ar->htt;
4396 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4397 	struct ieee80211_vif *vif = txq->vif;
4398 	struct ieee80211_sta *sta = txq->sta;
4399 	enum ath10k_hw_txrx_mode txmode;
4400 	enum ath10k_mac_tx_path txpath;
4401 	struct sk_buff *skb;
4402 	struct ieee80211_hdr *hdr;
4403 	size_t skb_len;
4404 	bool is_mgmt, is_presp;
4405 	int ret;
4406 	u16 airtime;
4407 
4408 	spin_lock_bh(&ar->htt.tx_lock);
4409 	ret = ath10k_htt_tx_inc_pending(htt);
4410 	spin_unlock_bh(&ar->htt.tx_lock);
4411 
4412 	if (ret)
4413 		return ret;
4414 
4415 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4416 	if (!skb) {
4417 		spin_lock_bh(&ar->htt.tx_lock);
4418 		ath10k_htt_tx_dec_pending(htt);
4419 		spin_unlock_bh(&ar->htt.tx_lock);
4420 
4421 		return -ENOENT;
4422 	}
4423 
4424 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4425 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4426 
4427 	skb_len = skb->len;
4428 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4429 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4430 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4431 
4432 	if (is_mgmt) {
4433 		hdr = (struct ieee80211_hdr *)skb->data;
4434 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4435 
4436 		spin_lock_bh(&ar->htt.tx_lock);
4437 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4438 
4439 		if (ret) {
4440 			ath10k_htt_tx_dec_pending(htt);
4441 			spin_unlock_bh(&ar->htt.tx_lock);
4442 			return ret;
4443 		}
4444 		spin_unlock_bh(&ar->htt.tx_lock);
4445 	}
4446 
4447 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4448 	if (unlikely(ret)) {
4449 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4450 
4451 		spin_lock_bh(&ar->htt.tx_lock);
4452 		ath10k_htt_tx_dec_pending(htt);
4453 		if (is_mgmt)
4454 			ath10k_htt_tx_mgmt_dec_pending(htt);
4455 		spin_unlock_bh(&ar->htt.tx_lock);
4456 
4457 		return ret;
4458 	}
4459 
4460 	spin_lock_bh(&ar->htt.tx_lock);
4461 	artxq->num_fw_queued++;
4462 	spin_unlock_bh(&ar->htt.tx_lock);
4463 
4464 	return skb_len;
4465 }
4466 
4467 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4468 {
4469 	struct ieee80211_txq *txq;
4470 	int ret = 0;
4471 
4472 	ieee80211_txq_schedule_start(hw, ac);
4473 	while ((txq = ieee80211_next_txq(hw, ac))) {
4474 		while (ath10k_mac_tx_can_push(hw, txq)) {
4475 			ret = ath10k_mac_tx_push_txq(hw, txq);
4476 			if (ret < 0)
4477 				break;
4478 		}
4479 		ieee80211_return_txq(hw, txq, false);
4480 		ath10k_htt_tx_txq_update(hw, txq);
4481 		if (ret == -EBUSY)
4482 			break;
4483 	}
4484 	ieee80211_txq_schedule_end(hw, ac);
4485 
4486 	return ret;
4487 }
4488 
4489 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4490 {
4491 	struct ieee80211_hw *hw = ar->hw;
4492 	u32 ac;
4493 
4494 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4495 		return;
4496 
4497 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4498 		return;
4499 
4500 	rcu_read_lock();
4501 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4502 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4503 			break;
4504 	}
4505 	rcu_read_unlock();
4506 }
4507 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4508 
4509 /************/
4510 /* Scanning */
4511 /************/
4512 
4513 void __ath10k_scan_finish(struct ath10k *ar)
4514 {
4515 	lockdep_assert_held(&ar->data_lock);
4516 
4517 	switch (ar->scan.state) {
4518 	case ATH10K_SCAN_IDLE:
4519 		break;
4520 	case ATH10K_SCAN_RUNNING:
4521 	case ATH10K_SCAN_ABORTING:
4522 		if (ar->scan.is_roc && ar->scan.roc_notify)
4523 			ieee80211_remain_on_channel_expired(ar->hw);
4524 		fallthrough;
4525 	case ATH10K_SCAN_STARTING:
4526 		if (!ar->scan.is_roc) {
4527 			struct cfg80211_scan_info info = {
4528 				.aborted = ((ar->scan.state ==
4529 					    ATH10K_SCAN_ABORTING) ||
4530 					    (ar->scan.state ==
4531 					    ATH10K_SCAN_STARTING)),
4532 			};
4533 
4534 			ieee80211_scan_completed(ar->hw, &info);
4535 		}
4536 
4537 		ar->scan.state = ATH10K_SCAN_IDLE;
4538 		ar->scan_channel = NULL;
4539 		ar->scan.roc_freq = 0;
4540 		ath10k_offchan_tx_purge(ar);
4541 		cancel_delayed_work(&ar->scan.timeout);
4542 		complete(&ar->scan.completed);
4543 		break;
4544 	}
4545 }
4546 
4547 void ath10k_scan_finish(struct ath10k *ar)
4548 {
4549 	spin_lock_bh(&ar->data_lock);
4550 	__ath10k_scan_finish(ar);
4551 	spin_unlock_bh(&ar->data_lock);
4552 }
4553 
4554 static int ath10k_scan_stop(struct ath10k *ar)
4555 {
4556 	struct wmi_stop_scan_arg arg = {
4557 		.req_id = 1, /* FIXME */
4558 		.req_type = WMI_SCAN_STOP_ONE,
4559 		.u.scan_id = ATH10K_SCAN_ID,
4560 	};
4561 	int ret;
4562 
4563 	lockdep_assert_held(&ar->conf_mutex);
4564 
4565 	ret = ath10k_wmi_stop_scan(ar, &arg);
4566 	if (ret) {
4567 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4568 		goto out;
4569 	}
4570 
4571 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4572 	if (ret == 0) {
4573 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4574 		ret = -ETIMEDOUT;
4575 	} else if (ret > 0) {
4576 		ret = 0;
4577 	}
4578 
4579 out:
4580 	/* Scan state should be updated upon scan completion but in case
4581 	 * firmware fails to deliver the event (for whatever reason) it is
4582 	 * desired to clean up scan state anyway. Firmware may have just
4583 	 * dropped the scan completion event delivery due to transport pipe
4584 	 * being overflown with data and/or it can recover on its own before
4585 	 * next scan request is submitted.
4586 	 */
4587 	spin_lock_bh(&ar->data_lock);
4588 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4589 		__ath10k_scan_finish(ar);
4590 	spin_unlock_bh(&ar->data_lock);
4591 
4592 	return ret;
4593 }
4594 
4595 static void ath10k_scan_abort(struct ath10k *ar)
4596 {
4597 	int ret;
4598 
4599 	lockdep_assert_held(&ar->conf_mutex);
4600 
4601 	spin_lock_bh(&ar->data_lock);
4602 
4603 	switch (ar->scan.state) {
4604 	case ATH10K_SCAN_IDLE:
4605 		/* This can happen if timeout worker kicked in and called
4606 		 * abortion while scan completion was being processed.
4607 		 */
4608 		break;
4609 	case ATH10K_SCAN_STARTING:
4610 	case ATH10K_SCAN_ABORTING:
4611 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4612 			    ath10k_scan_state_str(ar->scan.state),
4613 			    ar->scan.state);
4614 		break;
4615 	case ATH10K_SCAN_RUNNING:
4616 		ar->scan.state = ATH10K_SCAN_ABORTING;
4617 		spin_unlock_bh(&ar->data_lock);
4618 
4619 		ret = ath10k_scan_stop(ar);
4620 		if (ret)
4621 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4622 
4623 		spin_lock_bh(&ar->data_lock);
4624 		break;
4625 	}
4626 
4627 	spin_unlock_bh(&ar->data_lock);
4628 }
4629 
4630 void ath10k_scan_timeout_work(struct work_struct *work)
4631 {
4632 	struct ath10k *ar = container_of(work, struct ath10k,
4633 					 scan.timeout.work);
4634 
4635 	mutex_lock(&ar->conf_mutex);
4636 	ath10k_scan_abort(ar);
4637 	mutex_unlock(&ar->conf_mutex);
4638 }
4639 
4640 static int ath10k_start_scan(struct ath10k *ar,
4641 			     const struct wmi_start_scan_arg *arg)
4642 {
4643 	int ret;
4644 
4645 	lockdep_assert_held(&ar->conf_mutex);
4646 
4647 	ret = ath10k_wmi_start_scan(ar, arg);
4648 	if (ret)
4649 		return ret;
4650 
4651 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4652 	if (ret == 0) {
4653 		ret = ath10k_scan_stop(ar);
4654 		if (ret)
4655 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4656 
4657 		return -ETIMEDOUT;
4658 	}
4659 
4660 	/* If we failed to start the scan, return error code at
4661 	 * this point.  This is probably due to some issue in the
4662 	 * firmware, but no need to wedge the driver due to that...
4663 	 */
4664 	spin_lock_bh(&ar->data_lock);
4665 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4666 		spin_unlock_bh(&ar->data_lock);
4667 		return -EINVAL;
4668 	}
4669 	spin_unlock_bh(&ar->data_lock);
4670 
4671 	return 0;
4672 }
4673 
4674 /**********************/
4675 /* mac80211 callbacks */
4676 /**********************/
4677 
4678 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4679 			     struct ieee80211_tx_control *control,
4680 			     struct sk_buff *skb)
4681 {
4682 	struct ath10k *ar = hw->priv;
4683 	struct ath10k_htt *htt = &ar->htt;
4684 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4685 	struct ieee80211_vif *vif = info->control.vif;
4686 	struct ieee80211_sta *sta = control->sta;
4687 	struct ieee80211_txq *txq = NULL;
4688 	enum ath10k_hw_txrx_mode txmode;
4689 	enum ath10k_mac_tx_path txpath;
4690 	bool is_htt;
4691 	bool is_mgmt;
4692 	int ret;
4693 	u16 airtime;
4694 
4695 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4696 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4697 
4698 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4699 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4700 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4701 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4702 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4703 
4704 	if (is_htt) {
4705 		bool is_presp = false;
4706 
4707 		spin_lock_bh(&ar->htt.tx_lock);
4708 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)) {
4709 			struct ieee80211_hdr *hdr = (void *)skb->data;
4710 
4711 			is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4712 		}
4713 
4714 		ret = ath10k_htt_tx_inc_pending(htt);
4715 		if (ret) {
4716 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4717 				    ret);
4718 			spin_unlock_bh(&ar->htt.tx_lock);
4719 			ieee80211_free_txskb(ar->hw, skb);
4720 			return;
4721 		}
4722 
4723 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4724 		if (ret) {
4725 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4726 				   ret);
4727 			ath10k_htt_tx_dec_pending(htt);
4728 			spin_unlock_bh(&ar->htt.tx_lock);
4729 			ieee80211_free_txskb(ar->hw, skb);
4730 			return;
4731 		}
4732 		spin_unlock_bh(&ar->htt.tx_lock);
4733 	}
4734 
4735 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4736 	if (ret) {
4737 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4738 		if (is_htt) {
4739 			spin_lock_bh(&ar->htt.tx_lock);
4740 			ath10k_htt_tx_dec_pending(htt);
4741 			if (is_mgmt)
4742 				ath10k_htt_tx_mgmt_dec_pending(htt);
4743 			spin_unlock_bh(&ar->htt.tx_lock);
4744 		}
4745 		return;
4746 	}
4747 }
4748 
4749 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4750 					struct ieee80211_txq *txq)
4751 {
4752 	struct ath10k *ar = hw->priv;
4753 	int ret;
4754 	u8 ac = txq->ac;
4755 
4756 	ath10k_htt_tx_txq_update(hw, txq);
4757 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4758 		return;
4759 
4760 	spin_lock_bh(&ar->queue_lock[ac]);
4761 
4762 	ieee80211_txq_schedule_start(hw, ac);
4763 	txq = ieee80211_next_txq(hw, ac);
4764 	if (!txq)
4765 		goto out;
4766 
4767 	while (ath10k_mac_tx_can_push(hw, txq)) {
4768 		ret = ath10k_mac_tx_push_txq(hw, txq);
4769 		if (ret < 0)
4770 			break;
4771 	}
4772 	ieee80211_return_txq(hw, txq, false);
4773 	ath10k_htt_tx_txq_update(hw, txq);
4774 out:
4775 	ieee80211_txq_schedule_end(hw, ac);
4776 	spin_unlock_bh(&ar->queue_lock[ac]);
4777 }
4778 
4779 /* Must not be called with conf_mutex held as workers can use that also. */
4780 void ath10k_drain_tx(struct ath10k *ar)
4781 {
4782 	lockdep_assert_not_held(&ar->conf_mutex);
4783 
4784 	/* make sure rcu-protected mac80211 tx path itself is drained */
4785 	synchronize_net();
4786 
4787 	ath10k_offchan_tx_purge(ar);
4788 	ath10k_mgmt_over_wmi_tx_purge(ar);
4789 
4790 	cancel_work_sync(&ar->offchan_tx_work);
4791 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4792 }
4793 
4794 void ath10k_halt(struct ath10k *ar)
4795 {
4796 	struct ath10k_vif *arvif;
4797 
4798 	lockdep_assert_held(&ar->conf_mutex);
4799 
4800 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4801 	ar->filter_flags = 0;
4802 	ar->monitor = false;
4803 	ar->monitor_arvif = NULL;
4804 
4805 	if (ar->monitor_started)
4806 		ath10k_monitor_stop(ar);
4807 
4808 	ar->monitor_started = false;
4809 	ar->tx_paused = 0;
4810 
4811 	ath10k_scan_finish(ar);
4812 	ath10k_peer_cleanup_all(ar);
4813 	ath10k_stop_radar_confirmation(ar);
4814 	ath10k_core_stop(ar);
4815 	ath10k_hif_power_down(ar);
4816 
4817 	spin_lock_bh(&ar->data_lock);
4818 	list_for_each_entry(arvif, &ar->arvifs, list)
4819 		ath10k_mac_vif_beacon_cleanup(arvif);
4820 	spin_unlock_bh(&ar->data_lock);
4821 }
4822 
4823 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4824 {
4825 	struct ath10k *ar = hw->priv;
4826 
4827 	mutex_lock(&ar->conf_mutex);
4828 
4829 	*tx_ant = ar->cfg_tx_chainmask;
4830 	*rx_ant = ar->cfg_rx_chainmask;
4831 
4832 	mutex_unlock(&ar->conf_mutex);
4833 
4834 	return 0;
4835 }
4836 
4837 static bool ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4838 {
4839 	/* It is not clear that allowing gaps in chainmask
4840 	 * is helpful.  Probably it will not do what user
4841 	 * is hoping for, so warn in that case.
4842 	 */
4843 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4844 		return true;
4845 
4846 	ath10k_warn(ar, "mac %s antenna chainmask is invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4847 		    dbg, cm);
4848 	return false;
4849 }
4850 
4851 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4852 {
4853 	int nsts = ar->vht_cap_info;
4854 
4855 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4856 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4857 
4858 	/* If firmware does not deliver to host number of space-time
4859 	 * streams supported, assume it support up to 4 BF STS and return
4860 	 * the value for VHT CAP: nsts-1)
4861 	 */
4862 	if (nsts == 0)
4863 		return 3;
4864 
4865 	return nsts;
4866 }
4867 
4868 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4869 {
4870 	int sound_dim = ar->vht_cap_info;
4871 
4872 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4873 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4874 
4875 	/* If the sounding dimension is not advertised by the firmware,
4876 	 * let's use a default value of 1
4877 	 */
4878 	if (sound_dim == 0)
4879 		return 1;
4880 
4881 	return sound_dim;
4882 }
4883 
4884 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4885 {
4886 	struct ieee80211_sta_vht_cap vht_cap = {0};
4887 	struct ath10k_hw_params *hw = &ar->hw_params;
4888 	u16 mcs_map;
4889 	u32 val;
4890 	int i;
4891 
4892 	vht_cap.vht_supported = 1;
4893 	vht_cap.cap = ar->vht_cap_info;
4894 
4895 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4896 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4897 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4898 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4899 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4900 
4901 		vht_cap.cap |= val;
4902 	}
4903 
4904 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4905 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4906 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4907 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4908 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4909 
4910 		vht_cap.cap |= val;
4911 	}
4912 
4913 	mcs_map = 0;
4914 	for (i = 0; i < 8; i++) {
4915 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4916 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4917 		else
4918 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4919 	}
4920 
4921 	if (ar->cfg_tx_chainmask <= 1)
4922 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4923 
4924 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4925 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4926 
4927 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4928 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4929 	 * user-space a clue if that is the case.
4930 	 */
4931 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4932 	    (hw->vht160_mcs_rx_highest != 0 ||
4933 	     hw->vht160_mcs_tx_highest != 0)) {
4934 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4935 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4936 	}
4937 
4938 	return vht_cap;
4939 }
4940 
4941 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4942 {
4943 	int i;
4944 	struct ieee80211_sta_ht_cap ht_cap = {0};
4945 
4946 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4947 		return ht_cap;
4948 
4949 	ht_cap.ht_supported = 1;
4950 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4951 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4952 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4953 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4954 	ht_cap.cap |=
4955 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4956 
4957 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4958 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4959 
4960 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4961 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4962 
4963 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4964 		u32 smps;
4965 
4966 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4967 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4968 
4969 		ht_cap.cap |= smps;
4970 	}
4971 
4972 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4973 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4974 
4975 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4976 		u32 stbc;
4977 
4978 		stbc   = ar->ht_cap_info;
4979 		stbc  &= WMI_HT_CAP_RX_STBC;
4980 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4981 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4982 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4983 
4984 		ht_cap.cap |= stbc;
4985 	}
4986 
4987 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4988 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4989 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4990 
4991 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4992 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4993 
4994 	/* max AMSDU is implicitly taken from vht_cap_info */
4995 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4996 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4997 
4998 	for (i = 0; i < ar->num_rf_chains; i++) {
4999 		if (ar->cfg_rx_chainmask & BIT(i))
5000 			ht_cap.mcs.rx_mask[i] = 0xFF;
5001 	}
5002 
5003 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
5004 
5005 	return ht_cap;
5006 }
5007 
5008 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
5009 {
5010 	struct ieee80211_supported_band *band;
5011 	struct ieee80211_sta_vht_cap vht_cap;
5012 	struct ieee80211_sta_ht_cap ht_cap;
5013 
5014 	ht_cap = ath10k_get_ht_cap(ar);
5015 	vht_cap = ath10k_create_vht_cap(ar);
5016 
5017 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
5018 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
5019 		band->ht_cap = ht_cap;
5020 	}
5021 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
5022 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
5023 		band->ht_cap = ht_cap;
5024 		band->vht_cap = vht_cap;
5025 	}
5026 }
5027 
5028 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
5029 {
5030 	int ret;
5031 	bool is_valid_tx_chain_mask, is_valid_rx_chain_mask;
5032 
5033 	lockdep_assert_held(&ar->conf_mutex);
5034 
5035 	is_valid_tx_chain_mask = ath10k_check_chain_mask(ar, tx_ant, "tx");
5036 	is_valid_rx_chain_mask = ath10k_check_chain_mask(ar, rx_ant, "rx");
5037 
5038 	if (!is_valid_tx_chain_mask || !is_valid_rx_chain_mask)
5039 		return -EINVAL;
5040 
5041 	ar->cfg_tx_chainmask = tx_ant;
5042 	ar->cfg_rx_chainmask = rx_ant;
5043 
5044 	if ((ar->state != ATH10K_STATE_ON) &&
5045 	    (ar->state != ATH10K_STATE_RESTARTED))
5046 		return 0;
5047 
5048 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
5049 					tx_ant);
5050 	if (ret) {
5051 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
5052 			    ret, tx_ant);
5053 		return ret;
5054 	}
5055 
5056 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
5057 					rx_ant);
5058 	if (ret) {
5059 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
5060 			    ret, rx_ant);
5061 		return ret;
5062 	}
5063 
5064 	/* Reload HT/VHT capability */
5065 	ath10k_mac_setup_ht_vht_cap(ar);
5066 
5067 	return 0;
5068 }
5069 
5070 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
5071 {
5072 	struct ath10k *ar = hw->priv;
5073 	int ret;
5074 
5075 	mutex_lock(&ar->conf_mutex);
5076 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
5077 	mutex_unlock(&ar->conf_mutex);
5078 	return ret;
5079 }
5080 
5081 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
5082 				       struct wmi_bb_timing_cfg_arg *bb_timing)
5083 {
5084 	struct device_node *node;
5085 	const char *fem_name;
5086 	int ret;
5087 
5088 	node = ar->dev->of_node;
5089 	if (!node)
5090 		return -ENOENT;
5091 
5092 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
5093 	if (ret)
5094 		return -ENOENT;
5095 
5096 	/*
5097 	 * If external Front End module used in hardware, then default base band timing
5098 	 * parameter cannot be used since they were fine tuned for reference hardware,
5099 	 * so choosing different value suitable for that external FEM.
5100 	 */
5101 	if (!strcmp("microsemi-lx5586", fem_name)) {
5102 		bb_timing->bb_tx_timing = 0x00;
5103 		bb_timing->bb_xpa_timing = 0x0101;
5104 	} else {
5105 		return -ENOENT;
5106 	}
5107 
5108 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
5109 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
5110 	return 0;
5111 }
5112 
5113 static int ath10k_mac_rfkill_config(struct ath10k *ar)
5114 {
5115 	u32 param;
5116 	int ret;
5117 
5118 	if (ar->hw_values->rfkill_pin == 0) {
5119 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
5120 		return -EOPNOTSUPP;
5121 	}
5122 
5123 	ath10k_dbg(ar, ATH10K_DBG_MAC,
5124 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
5125 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
5126 		   ar->hw_values->rfkill_on_level);
5127 
5128 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
5129 			   ar->hw_values->rfkill_on_level) |
5130 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
5131 			   ar->hw_values->rfkill_pin) |
5132 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
5133 			   ar->hw_values->rfkill_cfg);
5134 
5135 	ret = ath10k_wmi_pdev_set_param(ar,
5136 					ar->wmi.pdev_param->rfkill_config,
5137 					param);
5138 	if (ret) {
5139 		ath10k_warn(ar,
5140 			    "failed to set rfkill config 0x%x: %d\n",
5141 			    param, ret);
5142 		return ret;
5143 	}
5144 	return 0;
5145 }
5146 
5147 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
5148 {
5149 	enum wmi_tlv_rfkill_enable_radio param;
5150 	int ret;
5151 
5152 	if (enable)
5153 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
5154 	else
5155 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
5156 
5157 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
5158 
5159 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
5160 					param);
5161 	if (ret) {
5162 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
5163 			    param, ret);
5164 		return ret;
5165 	}
5166 
5167 	return 0;
5168 }
5169 
5170 static int ath10k_start(struct ieee80211_hw *hw)
5171 {
5172 	struct ath10k *ar = hw->priv;
5173 	u32 param;
5174 	int ret = 0;
5175 	struct wmi_bb_timing_cfg_arg bb_timing = {0};
5176 
5177 	/*
5178 	 * This makes sense only when restarting hw. It is harmless to call
5179 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
5180 	 * commands will be submitted while restarting.
5181 	 */
5182 	ath10k_drain_tx(ar);
5183 
5184 	mutex_lock(&ar->conf_mutex);
5185 
5186 	switch (ar->state) {
5187 	case ATH10K_STATE_OFF:
5188 		ar->state = ATH10K_STATE_ON;
5189 		break;
5190 	case ATH10K_STATE_RESTARTING:
5191 		ar->state = ATH10K_STATE_RESTARTED;
5192 		break;
5193 	case ATH10K_STATE_ON:
5194 	case ATH10K_STATE_RESTARTED:
5195 	case ATH10K_STATE_WEDGED:
5196 		WARN_ON(1);
5197 		ret = -EINVAL;
5198 		goto err;
5199 	case ATH10K_STATE_UTF:
5200 		ret = -EBUSY;
5201 		goto err;
5202 	}
5203 
5204 	spin_lock_bh(&ar->data_lock);
5205 
5206 	if (ar->hw_rfkill_on) {
5207 		ar->hw_rfkill_on = false;
5208 		spin_unlock_bh(&ar->data_lock);
5209 		goto err;
5210 	}
5211 
5212 	spin_unlock_bh(&ar->data_lock);
5213 
5214 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
5215 	if (ret) {
5216 		ath10k_err(ar, "Could not init hif: %d\n", ret);
5217 		goto err_off;
5218 	}
5219 
5220 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
5221 				&ar->normal_mode_fw);
5222 	if (ret) {
5223 		ath10k_err(ar, "Could not init core: %d\n", ret);
5224 		goto err_power_down;
5225 	}
5226 
5227 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
5228 		ret = ath10k_mac_rfkill_config(ar);
5229 		if (ret && ret != -EOPNOTSUPP) {
5230 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
5231 			goto err_core_stop;
5232 		}
5233 	}
5234 
5235 	param = ar->wmi.pdev_param->pmf_qos;
5236 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5237 	if (ret) {
5238 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
5239 		goto err_core_stop;
5240 	}
5241 
5242 	param = ar->wmi.pdev_param->dynamic_bw;
5243 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5244 	if (ret) {
5245 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
5246 		goto err_core_stop;
5247 	}
5248 
5249 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
5250 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
5251 		if (ret) {
5252 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
5253 			goto err_core_stop;
5254 		}
5255 	}
5256 
5257 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
5258 		ret = ath10k_wmi_adaptive_qcs(ar, true);
5259 		if (ret) {
5260 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
5261 				    ret);
5262 			goto err_core_stop;
5263 		}
5264 	}
5265 
5266 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
5267 		param = ar->wmi.pdev_param->burst_enable;
5268 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5269 		if (ret) {
5270 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
5271 			goto err_core_stop;
5272 		}
5273 	}
5274 
5275 	param = ar->wmi.pdev_param->idle_ps_config;
5276 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5277 	if (ret && ret != -EOPNOTSUPP) {
5278 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
5279 		goto err_core_stop;
5280 	}
5281 
5282 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
5283 
5284 	/*
5285 	 * By default FW set ARP frames ac to voice (6). In that case ARP
5286 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
5287 	 * which arrives with access category 0 are processed by network stack
5288 	 * and send back with access category 0, but FW changes access category
5289 	 * to 6. Set ARP frames access category to best effort (0) solves
5290 	 * this problem.
5291 	 */
5292 
5293 	param = ar->wmi.pdev_param->arp_ac_override;
5294 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5295 	if (ret) {
5296 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
5297 			    ret);
5298 		goto err_core_stop;
5299 	}
5300 
5301 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
5302 		     ar->running_fw->fw_file.fw_features)) {
5303 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
5304 							  WMI_CCA_DETECT_LEVEL_AUTO,
5305 							  WMI_CCA_DETECT_MARGIN_AUTO);
5306 		if (ret) {
5307 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
5308 				    ret);
5309 			goto err_core_stop;
5310 		}
5311 	}
5312 
5313 	param = ar->wmi.pdev_param->ani_enable;
5314 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5315 	if (ret) {
5316 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
5317 			    ret);
5318 		goto err_core_stop;
5319 	}
5320 
5321 	ar->ani_enabled = true;
5322 
5323 	if (ath10k_peer_stats_enabled(ar)) {
5324 		param = ar->wmi.pdev_param->peer_stats_update_period;
5325 		ret = ath10k_wmi_pdev_set_param(ar, param,
5326 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
5327 		if (ret) {
5328 			ath10k_warn(ar,
5329 				    "failed to set peer stats period : %d\n",
5330 				    ret);
5331 			goto err_core_stop;
5332 		}
5333 	}
5334 
5335 	param = ar->wmi.pdev_param->enable_btcoex;
5336 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
5337 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
5338 		     ar->running_fw->fw_file.fw_features) &&
5339 	    ar->coex_support) {
5340 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5341 		if (ret) {
5342 			ath10k_warn(ar,
5343 				    "failed to set btcoex param: %d\n", ret);
5344 			goto err_core_stop;
5345 		}
5346 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
5347 	}
5348 
5349 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
5350 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
5351 		if (!ret) {
5352 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
5353 			if (ret) {
5354 				ath10k_warn(ar,
5355 					    "failed to set bb timings: %d\n",
5356 					    ret);
5357 				goto err_core_stop;
5358 			}
5359 		}
5360 	}
5361 
5362 	ar->num_started_vdevs = 0;
5363 	ath10k_regd_update(ar);
5364 
5365 	ath10k_spectral_start(ar);
5366 	ath10k_thermal_set_throttling(ar);
5367 
5368 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5369 
5370 	mutex_unlock(&ar->conf_mutex);
5371 	return 0;
5372 
5373 err_core_stop:
5374 	ath10k_core_stop(ar);
5375 
5376 err_power_down:
5377 	ath10k_hif_power_down(ar);
5378 
5379 err_off:
5380 	ar->state = ATH10K_STATE_OFF;
5381 
5382 err:
5383 	mutex_unlock(&ar->conf_mutex);
5384 	return ret;
5385 }
5386 
5387 static void ath10k_stop(struct ieee80211_hw *hw, bool suspend)
5388 {
5389 	struct ath10k *ar = hw->priv;
5390 	u32 opt;
5391 
5392 	ath10k_drain_tx(ar);
5393 
5394 	mutex_lock(&ar->conf_mutex);
5395 	if (ar->state != ATH10K_STATE_OFF) {
5396 		if (!ar->hw_rfkill_on) {
5397 			/* If the current driver state is RESTARTING but not yet
5398 			 * fully RESTARTED because of incoming suspend event,
5399 			 * then ath10k_halt() is already called via
5400 			 * ath10k_core_restart() and should not be called here.
5401 			 */
5402 			if (ar->state != ATH10K_STATE_RESTARTING) {
5403 				ath10k_halt(ar);
5404 			} else {
5405 				/* Suspending here, because when in RESTARTING
5406 				 * state, ath10k_core_stop() skips
5407 				 * ath10k_wait_for_suspend().
5408 				 */
5409 				opt = WMI_PDEV_SUSPEND_AND_DISABLE_INTR;
5410 				ath10k_wait_for_suspend(ar, opt);
5411 			}
5412 		}
5413 		ar->state = ATH10K_STATE_OFF;
5414 	}
5415 	mutex_unlock(&ar->conf_mutex);
5416 
5417 	cancel_work_sync(&ar->set_coverage_class_work);
5418 	cancel_delayed_work_sync(&ar->scan.timeout);
5419 	cancel_work_sync(&ar->restart_work);
5420 }
5421 
5422 static int ath10k_config_ps(struct ath10k *ar)
5423 {
5424 	struct ath10k_vif *arvif;
5425 	int ret = 0;
5426 
5427 	lockdep_assert_held(&ar->conf_mutex);
5428 
5429 	list_for_each_entry(arvif, &ar->arvifs, list) {
5430 		ret = ath10k_mac_vif_setup_ps(arvif);
5431 		if (ret) {
5432 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5433 			break;
5434 		}
5435 	}
5436 
5437 	return ret;
5438 }
5439 
5440 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
5441 {
5442 	struct ath10k *ar = hw->priv;
5443 	struct ieee80211_conf *conf = &hw->conf;
5444 	int ret = 0;
5445 
5446 	mutex_lock(&ar->conf_mutex);
5447 
5448 	if (changed & IEEE80211_CONF_CHANGE_PS)
5449 		ath10k_config_ps(ar);
5450 
5451 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5452 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5453 		ret = ath10k_monitor_recalc(ar);
5454 		if (ret)
5455 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5456 	}
5457 
5458 	mutex_unlock(&ar->conf_mutex);
5459 	return ret;
5460 }
5461 
5462 static u32 get_nss_from_chainmask(u16 chain_mask)
5463 {
5464 	if ((chain_mask & 0xf) == 0xf)
5465 		return 4;
5466 	else if ((chain_mask & 0x7) == 0x7)
5467 		return 3;
5468 	else if ((chain_mask & 0x3) == 0x3)
5469 		return 2;
5470 	return 1;
5471 }
5472 
5473 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5474 {
5475 	u32 value = 0;
5476 	struct ath10k *ar = arvif->ar;
5477 	int nsts;
5478 	int sound_dim;
5479 
5480 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5481 		return 0;
5482 
5483 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5484 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5485 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5486 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5487 
5488 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5489 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5490 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5491 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5492 
5493 	if (!value)
5494 		return 0;
5495 
5496 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5497 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5498 
5499 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5500 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5501 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5502 
5503 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5504 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5505 
5506 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5507 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5508 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5509 
5510 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5511 					 ar->wmi.vdev_param->txbf, value);
5512 }
5513 
5514 static void ath10k_update_vif_offload(struct ieee80211_hw *hw,
5515 				      struct ieee80211_vif *vif)
5516 {
5517 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5518 	struct ath10k *ar = hw->priv;
5519 	u32 vdev_param;
5520 	int ret;
5521 
5522 	if (ath10k_frame_mode != ATH10K_HW_TXRX_ETHERNET ||
5523 	    ar->wmi.vdev_param->tx_encap_type == WMI_VDEV_PARAM_UNSUPPORTED ||
5524 	     (vif->type != NL80211_IFTYPE_STATION &&
5525 	      vif->type != NL80211_IFTYPE_AP))
5526 		vif->offload_flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
5527 
5528 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5529 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5530 					ATH10K_HW_TXRX_NATIVE_WIFI);
5531 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5532 	if (ret && ret != -EOPNOTSUPP) {
5533 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5534 			    arvif->vdev_id, ret);
5535 	}
5536 }
5537 
5538 /*
5539  * TODO:
5540  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5541  * because we will send mgmt frames without CCK. This requirement
5542  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5543  * in the TX packet.
5544  */
5545 static int ath10k_add_interface(struct ieee80211_hw *hw,
5546 				struct ieee80211_vif *vif)
5547 {
5548 	struct ath10k *ar = hw->priv;
5549 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5550 	struct ath10k_peer *peer;
5551 	enum wmi_sta_powersave_param param;
5552 	int ret = 0;
5553 	u32 value;
5554 	int bit;
5555 	int i;
5556 	u32 vdev_param;
5557 
5558 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5559 
5560 	mutex_lock(&ar->conf_mutex);
5561 
5562 	memset(arvif, 0, sizeof(*arvif));
5563 	ath10k_mac_txq_init(vif->txq);
5564 
5565 	arvif->ar = ar;
5566 	arvif->vif = vif;
5567 
5568 	INIT_LIST_HEAD(&arvif->list);
5569 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5570 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5571 			  ath10k_mac_vif_sta_connection_loss_work);
5572 
5573 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5574 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5575 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5576 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5577 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5578 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5579 	}
5580 
5581 	if (ar->num_peers >= ar->max_num_peers) {
5582 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5583 		ret = -ENOBUFS;
5584 		goto err;
5585 	}
5586 
5587 	if (ar->free_vdev_map == 0) {
5588 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5589 		ret = -EBUSY;
5590 		goto err;
5591 	}
5592 	bit = __ffs64(ar->free_vdev_map);
5593 
5594 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5595 		   bit, ar->free_vdev_map);
5596 
5597 	arvif->vdev_id = bit;
5598 	arvif->vdev_subtype =
5599 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5600 
5601 	switch (vif->type) {
5602 	case NL80211_IFTYPE_P2P_DEVICE:
5603 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5604 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5605 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5606 		break;
5607 	case NL80211_IFTYPE_UNSPECIFIED:
5608 	case NL80211_IFTYPE_STATION:
5609 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5610 		if (vif->p2p)
5611 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5612 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5613 		break;
5614 	case NL80211_IFTYPE_ADHOC:
5615 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5616 		break;
5617 	case NL80211_IFTYPE_MESH_POINT:
5618 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5619 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5620 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5621 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5622 			ret = -EINVAL;
5623 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5624 			goto err;
5625 		}
5626 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5627 		break;
5628 	case NL80211_IFTYPE_AP:
5629 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5630 
5631 		if (vif->p2p)
5632 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5633 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5634 		break;
5635 	case NL80211_IFTYPE_MONITOR:
5636 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5637 		break;
5638 	default:
5639 		WARN_ON(1);
5640 		break;
5641 	}
5642 
5643 	/* Using vdev_id as queue number will make it very easy to do per-vif
5644 	 * tx queue locking. This shouldn't wrap due to interface combinations
5645 	 * but do a modulo for correctness sake and prevent using offchannel tx
5646 	 * queues for regular vif tx.
5647 	 */
5648 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5649 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5650 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5651 
5652 	/* Some firmware revisions don't wait for beacon tx completion before
5653 	 * sending another SWBA event. This could lead to hardware using old
5654 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5655 	 * combined with missed TBTT. This is very rare.
5656 	 *
5657 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5658 	 * because hw could beacon some random data on the air.  On
5659 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5660 	 * device would crash.
5661 	 *
5662 	 * Since there are no beacon tx completions (implicit nor explicit)
5663 	 * propagated to host the only workaround for this is to allocate a
5664 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5665 	 * beacon tx commands. Worst case for this approach is some beacons may
5666 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5667 	 */
5668 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5669 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5670 	    vif->type == NL80211_IFTYPE_AP) {
5671 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
5672 			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
5673 						    GFP_KERNEL);
5674 
5675 			/* Using a kernel pointer in place of a dma_addr_t
5676 			 * token can lead to undefined behavior if that
5677 			 * makes it into cache management functions. Use a
5678 			 * known-invalid address token instead, which
5679 			 * avoids the warning and makes it easier to catch
5680 			 * bugs if it does end up getting used.
5681 			 */
5682 			arvif->beacon_paddr = DMA_MAPPING_ERROR;
5683 		} else {
5684 			arvif->beacon_buf =
5685 				dma_alloc_coherent(ar->dev,
5686 						   IEEE80211_MAX_FRAME_LEN,
5687 						   &arvif->beacon_paddr,
5688 						   GFP_ATOMIC);
5689 		}
5690 		if (!arvif->beacon_buf) {
5691 			ret = -ENOMEM;
5692 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5693 				    ret);
5694 			goto err;
5695 		}
5696 	}
5697 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5698 		arvif->nohwcrypt = true;
5699 
5700 	if (arvif->nohwcrypt &&
5701 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5702 		ret = -EINVAL;
5703 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5704 		goto err;
5705 	}
5706 
5707 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5708 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5709 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5710 
5711 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5712 				     arvif->vdev_subtype, vif->addr);
5713 	if (ret) {
5714 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5715 			    arvif->vdev_id, ret);
5716 		goto err;
5717 	}
5718 
5719 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5720 		     ar->wmi.svc_map)) {
5721 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5722 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5723 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5724 		if (ret && ret != -EOPNOTSUPP) {
5725 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5726 				    arvif->vdev_id, ret);
5727 		}
5728 	}
5729 
5730 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5731 	spin_lock_bh(&ar->data_lock);
5732 	list_add(&arvif->list, &ar->arvifs);
5733 	spin_unlock_bh(&ar->data_lock);
5734 
5735 	/* It makes no sense to have firmware do keepalives. mac80211 already
5736 	 * takes care of this with idle connection polling.
5737 	 */
5738 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5739 	if (ret) {
5740 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5741 			    arvif->vdev_id, ret);
5742 		goto err_vdev_delete;
5743 	}
5744 
5745 	arvif->def_wep_key_idx = -1;
5746 
5747 	ath10k_update_vif_offload(hw, vif);
5748 
5749 	/* Configuring number of spatial stream for monitor interface is causing
5750 	 * target assert in qca9888 and qca6174.
5751 	 */
5752 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5753 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5754 
5755 		vdev_param = ar->wmi.vdev_param->nss;
5756 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5757 						nss);
5758 		if (ret) {
5759 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5760 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5761 				    ret);
5762 			goto err_vdev_delete;
5763 		}
5764 	}
5765 
5766 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5767 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5768 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5769 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5770 		if (ret) {
5771 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5772 				    arvif->vdev_id, ret);
5773 			goto err_vdev_delete;
5774 		}
5775 
5776 		spin_lock_bh(&ar->data_lock);
5777 
5778 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5779 		if (!peer) {
5780 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5781 				    vif->addr, arvif->vdev_id);
5782 			spin_unlock_bh(&ar->data_lock);
5783 			ret = -ENOENT;
5784 			goto err_peer_delete;
5785 		}
5786 
5787 		arvif->peer_id = find_first_bit(peer->peer_ids,
5788 						ATH10K_MAX_NUM_PEER_IDS);
5789 
5790 		spin_unlock_bh(&ar->data_lock);
5791 	} else {
5792 		arvif->peer_id = HTT_INVALID_PEERID;
5793 	}
5794 
5795 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5796 		ret = ath10k_mac_set_kickout(arvif);
5797 		if (ret) {
5798 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5799 				    arvif->vdev_id, ret);
5800 			goto err_peer_delete;
5801 		}
5802 	}
5803 
5804 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5805 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5806 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5807 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5808 						  param, value);
5809 		if (ret) {
5810 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5811 				    arvif->vdev_id, ret);
5812 			goto err_peer_delete;
5813 		}
5814 
5815 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5816 		if (ret) {
5817 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5818 				    arvif->vdev_id, ret);
5819 			goto err_peer_delete;
5820 		}
5821 
5822 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5823 		if (ret) {
5824 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5825 				    arvif->vdev_id, ret);
5826 			goto err_peer_delete;
5827 		}
5828 	}
5829 
5830 	ret = ath10k_mac_set_txbf_conf(arvif);
5831 	if (ret) {
5832 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5833 			    arvif->vdev_id, ret);
5834 		goto err_peer_delete;
5835 	}
5836 
5837 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5838 	if (ret) {
5839 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5840 			    arvif->vdev_id, ret);
5841 		goto err_peer_delete;
5842 	}
5843 
5844 	arvif->txpower = vif->bss_conf.txpower;
5845 	ret = ath10k_mac_txpower_recalc(ar);
5846 	if (ret) {
5847 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5848 		goto err_peer_delete;
5849 	}
5850 
5851 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5852 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5853 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5854 						arvif->ftm_responder);
5855 
5856 		/* It is harmless to not set FTM role. Do not warn */
5857 		if (ret && ret != -EOPNOTSUPP)
5858 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5859 				    arvif->vdev_id, ret);
5860 	}
5861 
5862 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5863 		ar->monitor_arvif = arvif;
5864 		ret = ath10k_monitor_recalc(ar);
5865 		if (ret) {
5866 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5867 			goto err_peer_delete;
5868 		}
5869 	}
5870 
5871 	spin_lock_bh(&ar->htt.tx_lock);
5872 	if (!ar->tx_paused)
5873 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5874 	spin_unlock_bh(&ar->htt.tx_lock);
5875 
5876 	mutex_unlock(&ar->conf_mutex);
5877 	return 0;
5878 
5879 err_peer_delete:
5880 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5881 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5882 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5883 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5884 						 vif->addr);
5885 	}
5886 
5887 err_vdev_delete:
5888 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5889 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5890 	spin_lock_bh(&ar->data_lock);
5891 	list_del(&arvif->list);
5892 	spin_unlock_bh(&ar->data_lock);
5893 
5894 err:
5895 	if (arvif->beacon_buf) {
5896 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
5897 			kfree(arvif->beacon_buf);
5898 		else
5899 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5900 					  arvif->beacon_buf,
5901 					  arvif->beacon_paddr);
5902 		arvif->beacon_buf = NULL;
5903 	}
5904 
5905 	mutex_unlock(&ar->conf_mutex);
5906 
5907 	return ret;
5908 }
5909 
5910 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5911 {
5912 	int i;
5913 
5914 	for (i = 0; i < BITS_PER_LONG; i++)
5915 		ath10k_mac_vif_tx_unlock(arvif, i);
5916 }
5917 
5918 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5919 				    struct ieee80211_vif *vif)
5920 {
5921 	struct ath10k *ar = hw->priv;
5922 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5923 	struct ath10k_peer *peer;
5924 	int ret;
5925 	int i;
5926 
5927 	cancel_work_sync(&arvif->ap_csa_work);
5928 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5929 
5930 	mutex_lock(&ar->conf_mutex);
5931 
5932 	ret = ath10k_spectral_vif_stop(arvif);
5933 	if (ret)
5934 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5935 			    arvif->vdev_id, ret);
5936 
5937 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5938 	spin_lock_bh(&ar->data_lock);
5939 	list_del(&arvif->list);
5940 	spin_unlock_bh(&ar->data_lock);
5941 
5942 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5943 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5944 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5945 					     vif->addr);
5946 		if (ret)
5947 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5948 				    arvif->vdev_id, ret);
5949 
5950 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5951 						 vif->addr);
5952 		kfree(arvif->u.ap.noa_data);
5953 	}
5954 
5955 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5956 		   arvif->vdev_id);
5957 
5958 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5959 	if (ret)
5960 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5961 			    arvif->vdev_id, ret);
5962 
5963 	ret = ath10k_vdev_delete_sync(ar);
5964 	if (ret) {
5965 		ath10k_warn(ar, "Error in receiving vdev delete response: %d\n", ret);
5966 		goto out;
5967 	}
5968 
5969 	/* Some firmware revisions don't notify host about self-peer removal
5970 	 * until after associated vdev is deleted.
5971 	 */
5972 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5973 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5974 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5975 						   vif->addr);
5976 		if (ret)
5977 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5978 				    arvif->vdev_id, ret);
5979 
5980 		spin_lock_bh(&ar->data_lock);
5981 		ar->num_peers--;
5982 		spin_unlock_bh(&ar->data_lock);
5983 	}
5984 
5985 	spin_lock_bh(&ar->data_lock);
5986 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5987 		peer = ar->peer_map[i];
5988 		if (!peer)
5989 			continue;
5990 
5991 		if (peer->vif == vif) {
5992 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5993 				    vif->addr, arvif->vdev_id);
5994 			peer->vif = NULL;
5995 		}
5996 	}
5997 
5998 	/* Clean this up late, less opportunity for firmware to access
5999 	 * DMA memory we have deleted.
6000 	 */
6001 	ath10k_mac_vif_beacon_cleanup(arvif);
6002 	spin_unlock_bh(&ar->data_lock);
6003 
6004 	ath10k_peer_cleanup(ar, arvif->vdev_id);
6005 	ath10k_mac_txq_unref(ar, vif->txq);
6006 
6007 	if (vif->type == NL80211_IFTYPE_MONITOR) {
6008 		ar->monitor_arvif = NULL;
6009 		ret = ath10k_monitor_recalc(ar);
6010 		if (ret)
6011 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
6012 	}
6013 
6014 	ret = ath10k_mac_txpower_recalc(ar);
6015 	if (ret)
6016 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6017 
6018 	spin_lock_bh(&ar->htt.tx_lock);
6019 	ath10k_mac_vif_tx_unlock_all(arvif);
6020 	spin_unlock_bh(&ar->htt.tx_lock);
6021 
6022 	ath10k_mac_txq_unref(ar, vif->txq);
6023 
6024 out:
6025 	mutex_unlock(&ar->conf_mutex);
6026 }
6027 
6028 /*
6029  * FIXME: Has to be verified.
6030  */
6031 #define SUPPORTED_FILTERS			\
6032 	(FIF_ALLMULTI |				\
6033 	FIF_CONTROL |				\
6034 	FIF_PSPOLL |				\
6035 	FIF_OTHER_BSS |				\
6036 	FIF_BCN_PRBRESP_PROMISC |		\
6037 	FIF_PROBE_REQ |				\
6038 	FIF_FCSFAIL)
6039 
6040 static void ath10k_configure_filter(struct ieee80211_hw *hw,
6041 				    unsigned int changed_flags,
6042 				    unsigned int *total_flags,
6043 				    u64 multicast)
6044 {
6045 	struct ath10k *ar = hw->priv;
6046 	int ret;
6047 	unsigned int supported = SUPPORTED_FILTERS;
6048 
6049 	mutex_lock(&ar->conf_mutex);
6050 
6051 	if (ar->hw_params.mcast_frame_registration)
6052 		supported |= FIF_MCAST_ACTION;
6053 
6054 	*total_flags &= supported;
6055 
6056 	ar->filter_flags = *total_flags;
6057 
6058 	ret = ath10k_monitor_recalc(ar);
6059 	if (ret)
6060 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
6061 
6062 	mutex_unlock(&ar->conf_mutex);
6063 }
6064 
6065 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
6066 					 struct ieee80211_vif *vif,
6067 					 struct cfg80211_chan_def *def)
6068 {
6069 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6070 	const struct ieee80211_supported_band *sband;
6071 	u8 basic_rate_idx;
6072 	int hw_rate_code;
6073 	u32 vdev_param;
6074 	u16 bitrate;
6075 	int ret;
6076 
6077 	lockdep_assert_held(&ar->conf_mutex);
6078 
6079 	sband = ar->hw->wiphy->bands[def->chan->band];
6080 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
6081 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
6082 
6083 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
6084 	if (hw_rate_code < 0) {
6085 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
6086 		return;
6087 	}
6088 
6089 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
6090 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6091 					hw_rate_code);
6092 	if (ret)
6093 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
6094 }
6095 
6096 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
6097 				    struct ieee80211_vif *vif,
6098 				    struct ieee80211_bss_conf *info,
6099 				    u64 changed)
6100 {
6101 	struct ath10k *ar = hw->priv;
6102 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6103 	struct cfg80211_chan_def def;
6104 	u32 vdev_param, pdev_param, slottime, preamble;
6105 	u16 bitrate, hw_value;
6106 	u8 rate, rateidx;
6107 	int ret = 0, mcast_rate;
6108 	enum nl80211_band band;
6109 
6110 	mutex_lock(&ar->conf_mutex);
6111 
6112 	if (changed & BSS_CHANGED_IBSS)
6113 		ath10k_control_ibss(arvif, vif);
6114 
6115 	if (changed & BSS_CHANGED_BEACON_INT) {
6116 		arvif->beacon_interval = info->beacon_int;
6117 		vdev_param = ar->wmi.vdev_param->beacon_interval;
6118 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6119 						arvif->beacon_interval);
6120 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6121 			   "mac vdev %d beacon_interval %d\n",
6122 			   arvif->vdev_id, arvif->beacon_interval);
6123 
6124 		if (ret)
6125 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
6126 				    arvif->vdev_id, ret);
6127 	}
6128 
6129 	if (changed & BSS_CHANGED_BEACON) {
6130 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6131 			   "vdev %d set beacon tx mode to staggered\n",
6132 			   arvif->vdev_id);
6133 
6134 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
6135 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
6136 						WMI_BEACON_STAGGERED_MODE);
6137 		if (ret)
6138 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
6139 				    arvif->vdev_id, ret);
6140 
6141 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
6142 		if (ret)
6143 			ath10k_warn(ar, "failed to update beacon template: %d\n",
6144 				    ret);
6145 
6146 		if (ieee80211_vif_is_mesh(vif)) {
6147 			/* mesh doesn't use SSID but firmware needs it */
6148 			arvif->u.ap.ssid_len = 4;
6149 			memcpy(arvif->u.ap.ssid, "mesh", arvif->u.ap.ssid_len);
6150 		}
6151 	}
6152 
6153 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
6154 		ret = ath10k_mac_setup_prb_tmpl(arvif);
6155 		if (ret)
6156 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
6157 				    arvif->vdev_id, ret);
6158 	}
6159 
6160 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
6161 		arvif->dtim_period = info->dtim_period;
6162 
6163 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6164 			   "mac vdev %d dtim_period %d\n",
6165 			   arvif->vdev_id, arvif->dtim_period);
6166 
6167 		vdev_param = ar->wmi.vdev_param->dtim_period;
6168 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6169 						arvif->dtim_period);
6170 		if (ret)
6171 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
6172 				    arvif->vdev_id, ret);
6173 	}
6174 
6175 	if (changed & BSS_CHANGED_SSID &&
6176 	    vif->type == NL80211_IFTYPE_AP) {
6177 		arvif->u.ap.ssid_len = vif->cfg.ssid_len;
6178 		if (vif->cfg.ssid_len)
6179 			memcpy(arvif->u.ap.ssid, vif->cfg.ssid,
6180 			       vif->cfg.ssid_len);
6181 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
6182 	}
6183 
6184 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
6185 		ether_addr_copy(arvif->bssid, info->bssid);
6186 
6187 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
6188 	    arvif->ftm_responder != info->ftm_responder &&
6189 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
6190 		arvif->ftm_responder = info->ftm_responder;
6191 
6192 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
6193 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6194 						arvif->ftm_responder);
6195 
6196 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6197 			   "mac vdev %d ftm_responder %d:ret %d\n",
6198 			   arvif->vdev_id, arvif->ftm_responder, ret);
6199 	}
6200 
6201 	if (changed & BSS_CHANGED_BEACON_ENABLED)
6202 		ath10k_control_beaconing(arvif, info);
6203 
6204 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
6205 		arvif->use_cts_prot = info->use_cts_prot;
6206 
6207 		ret = ath10k_recalc_rtscts_prot(arvif);
6208 		if (ret)
6209 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
6210 				    arvif->vdev_id, ret);
6211 
6212 		if (ath10k_mac_can_set_cts_prot(arvif)) {
6213 			ret = ath10k_mac_set_cts_prot(arvif);
6214 			if (ret)
6215 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
6216 					    arvif->vdev_id, ret);
6217 		}
6218 	}
6219 
6220 	if (changed & BSS_CHANGED_ERP_SLOT) {
6221 		if (info->use_short_slot)
6222 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
6223 
6224 		else
6225 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
6226 
6227 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
6228 			   arvif->vdev_id, slottime);
6229 
6230 		vdev_param = ar->wmi.vdev_param->slot_time;
6231 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6232 						slottime);
6233 		if (ret)
6234 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
6235 				    arvif->vdev_id, ret);
6236 	}
6237 
6238 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
6239 		if (info->use_short_preamble)
6240 			preamble = WMI_VDEV_PREAMBLE_SHORT;
6241 		else
6242 			preamble = WMI_VDEV_PREAMBLE_LONG;
6243 
6244 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6245 			   "mac vdev %d preamble %dn",
6246 			   arvif->vdev_id, preamble);
6247 
6248 		vdev_param = ar->wmi.vdev_param->preamble;
6249 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6250 						preamble);
6251 		if (ret)
6252 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
6253 				    arvif->vdev_id, ret);
6254 	}
6255 
6256 	if (changed & BSS_CHANGED_ASSOC) {
6257 		if (vif->cfg.assoc) {
6258 			/* Workaround: Make sure monitor vdev is not running
6259 			 * when associating to prevent some firmware revisions
6260 			 * (e.g. 10.1 and 10.2) from crashing.
6261 			 */
6262 			if (ar->monitor_started)
6263 				ath10k_monitor_stop(ar);
6264 			ath10k_bss_assoc(hw, vif, info);
6265 			ath10k_monitor_recalc(ar);
6266 		} else {
6267 			ath10k_bss_disassoc(hw, vif);
6268 		}
6269 	}
6270 
6271 	if (changed & BSS_CHANGED_TXPOWER) {
6272 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
6273 			   arvif->vdev_id, info->txpower);
6274 
6275 		arvif->txpower = info->txpower;
6276 		ret = ath10k_mac_txpower_recalc(ar);
6277 		if (ret)
6278 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6279 	}
6280 
6281 	if (changed & BSS_CHANGED_PS) {
6282 		arvif->ps = vif->cfg.ps;
6283 
6284 		ret = ath10k_config_ps(ar);
6285 		if (ret)
6286 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
6287 				    arvif->vdev_id, ret);
6288 	}
6289 
6290 	if (changed & BSS_CHANGED_MCAST_RATE &&
6291 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
6292 		band = def.chan->band;
6293 		mcast_rate = vif->bss_conf.mcast_rate[band];
6294 		if (mcast_rate > 0)
6295 			rateidx = mcast_rate - 1;
6296 		else
6297 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
6298 
6299 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6300 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6301 
6302 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
6303 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
6304 		if (ath10k_mac_bitrate_is_cck(bitrate))
6305 			preamble = WMI_RATE_PREAMBLE_CCK;
6306 		else
6307 			preamble = WMI_RATE_PREAMBLE_OFDM;
6308 
6309 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
6310 
6311 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6312 			   "mac vdev %d mcast_rate %x\n",
6313 			   arvif->vdev_id, rate);
6314 
6315 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
6316 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6317 						vdev_param, rate);
6318 		if (ret)
6319 			ath10k_warn(ar,
6320 				    "failed to set mcast rate on vdev %i: %d\n",
6321 				    arvif->vdev_id,  ret);
6322 
6323 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
6324 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6325 						vdev_param, rate);
6326 		if (ret)
6327 			ath10k_warn(ar,
6328 				    "failed to set bcast rate on vdev %i: %d\n",
6329 				    arvif->vdev_id,  ret);
6330 	}
6331 
6332 	if (changed & BSS_CHANGED_BASIC_RATES &&
6333 	    !ath10k_mac_vif_chan(arvif->vif, &def))
6334 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
6335 
6336 	mutex_unlock(&ar->conf_mutex);
6337 }
6338 
6339 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
6340 {
6341 	struct ath10k *ar = hw->priv;
6342 
6343 	/* This function should never be called if setting the coverage class
6344 	 * is not supported on this hardware.
6345 	 */
6346 	if (!ar->hw_params.hw_ops->set_coverage_class) {
6347 		WARN_ON_ONCE(1);
6348 		return;
6349 	}
6350 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
6351 }
6352 
6353 struct ath10k_mac_tdls_iter_data {
6354 	u32 num_tdls_stations;
6355 	struct ieee80211_vif *curr_vif;
6356 };
6357 
6358 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6359 						    struct ieee80211_sta *sta)
6360 {
6361 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6362 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6363 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6364 
6365 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6366 		iter_data->num_tdls_stations++;
6367 }
6368 
6369 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6370 					      struct ieee80211_vif *vif)
6371 {
6372 	struct ath10k_mac_tdls_iter_data data = {};
6373 
6374 	data.curr_vif = vif;
6375 
6376 	ieee80211_iterate_stations_atomic(hw,
6377 					  ath10k_mac_tdls_vif_stations_count_iter,
6378 					  &data);
6379 	return data.num_tdls_stations;
6380 }
6381 
6382 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6383 			  struct ieee80211_vif *vif,
6384 			  struct ieee80211_scan_request *hw_req)
6385 {
6386 	struct ath10k *ar = hw->priv;
6387 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6388 	struct cfg80211_scan_request *req = &hw_req->req;
6389 	struct wmi_start_scan_arg *arg = NULL;
6390 	int ret = 0;
6391 	int i;
6392 	u32 scan_timeout;
6393 
6394 	mutex_lock(&ar->conf_mutex);
6395 
6396 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6397 		ret = -EBUSY;
6398 		goto exit;
6399 	}
6400 
6401 	spin_lock_bh(&ar->data_lock);
6402 	switch (ar->scan.state) {
6403 	case ATH10K_SCAN_IDLE:
6404 		reinit_completion(&ar->scan.started);
6405 		reinit_completion(&ar->scan.completed);
6406 		ar->scan.state = ATH10K_SCAN_STARTING;
6407 		ar->scan.is_roc = false;
6408 		ar->scan.vdev_id = arvif->vdev_id;
6409 		ret = 0;
6410 		break;
6411 	case ATH10K_SCAN_STARTING:
6412 	case ATH10K_SCAN_RUNNING:
6413 	case ATH10K_SCAN_ABORTING:
6414 		ret = -EBUSY;
6415 		break;
6416 	}
6417 	spin_unlock_bh(&ar->data_lock);
6418 
6419 	if (ret)
6420 		goto exit;
6421 
6422 	arg = kzalloc(sizeof(*arg), GFP_KERNEL);
6423 	if (!arg) {
6424 		ret = -ENOMEM;
6425 		goto exit;
6426 	}
6427 
6428 	ath10k_wmi_start_scan_init(ar, arg);
6429 	arg->vdev_id = arvif->vdev_id;
6430 	arg->scan_id = ATH10K_SCAN_ID;
6431 
6432 	if (req->ie_len) {
6433 		arg->ie_len = req->ie_len;
6434 		memcpy(arg->ie, req->ie, arg->ie_len);
6435 	}
6436 
6437 	if (req->n_ssids) {
6438 		arg->n_ssids = req->n_ssids;
6439 		for (i = 0; i < arg->n_ssids; i++) {
6440 			arg->ssids[i].len  = req->ssids[i].ssid_len;
6441 			arg->ssids[i].ssid = req->ssids[i].ssid;
6442 		}
6443 	} else {
6444 		arg->scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6445 	}
6446 
6447 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6448 		arg->scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6449 		ether_addr_copy(arg->mac_addr.addr, req->mac_addr);
6450 		ether_addr_copy(arg->mac_mask.addr, req->mac_addr_mask);
6451 	}
6452 
6453 	if (req->n_channels) {
6454 		arg->n_channels = req->n_channels;
6455 		for (i = 0; i < arg->n_channels; i++)
6456 			arg->channels[i] = req->channels[i]->center_freq;
6457 	}
6458 
6459 	/* if duration is set, default dwell times will be overwritten */
6460 	if (req->duration) {
6461 		arg->dwell_time_active = req->duration;
6462 		arg->dwell_time_passive = req->duration;
6463 		arg->burst_duration_ms = req->duration;
6464 
6465 		scan_timeout = min_t(u32, arg->max_rest_time *
6466 				(arg->n_channels - 1) + (req->duration +
6467 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6468 				arg->n_channels, arg->max_scan_time);
6469 	} else {
6470 		scan_timeout = arg->max_scan_time;
6471 	}
6472 
6473 	/* Add a 200ms margin to account for event/command processing */
6474 	scan_timeout += 200;
6475 
6476 	ret = ath10k_start_scan(ar, arg);
6477 	if (ret) {
6478 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6479 		spin_lock_bh(&ar->data_lock);
6480 		ar->scan.state = ATH10K_SCAN_IDLE;
6481 		spin_unlock_bh(&ar->data_lock);
6482 	}
6483 
6484 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6485 				     msecs_to_jiffies(scan_timeout));
6486 
6487 exit:
6488 	kfree(arg);
6489 
6490 	mutex_unlock(&ar->conf_mutex);
6491 	return ret;
6492 }
6493 
6494 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6495 				  struct ieee80211_vif *vif)
6496 {
6497 	struct ath10k *ar = hw->priv;
6498 
6499 	mutex_lock(&ar->conf_mutex);
6500 	ath10k_scan_abort(ar);
6501 	mutex_unlock(&ar->conf_mutex);
6502 
6503 	cancel_delayed_work_sync(&ar->scan.timeout);
6504 }
6505 
6506 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6507 					struct ath10k_vif *arvif,
6508 					enum set_key_cmd cmd,
6509 					struct ieee80211_key_conf *key)
6510 {
6511 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6512 	int ret;
6513 
6514 	/* 10.1 firmware branch requires default key index to be set to group
6515 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6516 	 * frames with multi-vif APs. This is not required for main firmware
6517 	 * branch (e.g. 636).
6518 	 *
6519 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6520 	 *
6521 	 * FIXME: It remains unknown if this is required for multi-vif STA
6522 	 * interfaces on 10.1.
6523 	 */
6524 
6525 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6526 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6527 		return;
6528 
6529 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6530 		return;
6531 
6532 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6533 		return;
6534 
6535 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6536 		return;
6537 
6538 	if (cmd != SET_KEY)
6539 		return;
6540 
6541 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6542 					key->keyidx);
6543 	if (ret)
6544 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6545 			    arvif->vdev_id, ret);
6546 }
6547 
6548 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6549 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6550 			  struct ieee80211_key_conf *key)
6551 {
6552 	struct ath10k *ar = hw->priv;
6553 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6554 	struct ath10k_sta *arsta;
6555 	struct ath10k_peer *peer;
6556 	const u8 *peer_addr;
6557 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6558 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6559 	int ret = 0;
6560 	int ret2;
6561 	u32 flags = 0;
6562 	u32 flags2;
6563 
6564 	/* this one needs to be done in software */
6565 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6566 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6567 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6568 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6569 		return 1;
6570 
6571 	if (arvif->nohwcrypt)
6572 		return 1;
6573 
6574 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6575 		return -ENOSPC;
6576 
6577 	mutex_lock(&ar->conf_mutex);
6578 
6579 	if (sta) {
6580 		arsta = (struct ath10k_sta *)sta->drv_priv;
6581 		peer_addr = sta->addr;
6582 		spin_lock_bh(&ar->data_lock);
6583 		arsta->ucast_cipher = key->cipher;
6584 		spin_unlock_bh(&ar->data_lock);
6585 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
6586 		peer_addr = vif->bss_conf.bssid;
6587 	} else {
6588 		peer_addr = vif->addr;
6589 	}
6590 
6591 	key->hw_key_idx = key->keyidx;
6592 
6593 	if (is_wep) {
6594 		if (cmd == SET_KEY)
6595 			arvif->wep_keys[key->keyidx] = key;
6596 		else
6597 			arvif->wep_keys[key->keyidx] = NULL;
6598 	}
6599 
6600 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6601 	 * we already hold conf_mutex. we just make sure its there now.
6602 	 */
6603 	spin_lock_bh(&ar->data_lock);
6604 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6605 	spin_unlock_bh(&ar->data_lock);
6606 
6607 	if (!peer) {
6608 		if (cmd == SET_KEY) {
6609 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6610 				    peer_addr);
6611 			ret = -EOPNOTSUPP;
6612 			goto exit;
6613 		} else {
6614 			/* if the peer doesn't exist there is no key to disable anymore */
6615 			goto exit;
6616 		}
6617 	}
6618 
6619 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6620 		flags |= WMI_KEY_PAIRWISE;
6621 	else
6622 		flags |= WMI_KEY_GROUP;
6623 
6624 	if (is_wep) {
6625 		if (cmd == DISABLE_KEY)
6626 			ath10k_clear_vdev_key(arvif, key);
6627 
6628 		/* When WEP keys are uploaded it's possible that there are
6629 		 * stations associated already (e.g. when merging) without any
6630 		 * keys. Static WEP needs an explicit per-peer key upload.
6631 		 */
6632 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6633 		    cmd == SET_KEY)
6634 			ath10k_mac_vif_update_wep_key(arvif, key);
6635 
6636 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6637 		 * call changes default tx key.
6638 		 *
6639 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6640 		 * after first set_key().
6641 		 */
6642 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6643 			flags |= WMI_KEY_TX_USAGE;
6644 	}
6645 
6646 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6647 	if (ret) {
6648 		WARN_ON(ret > 0);
6649 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6650 			    arvif->vdev_id, peer_addr, ret);
6651 		goto exit;
6652 	}
6653 
6654 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6655 	 * them to be installed twice as both pairwise and groupwise.
6656 	 */
6657 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6658 		flags2 = flags;
6659 		flags2 &= ~WMI_KEY_GROUP;
6660 		flags2 |= WMI_KEY_PAIRWISE;
6661 
6662 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6663 		if (ret) {
6664 			WARN_ON(ret > 0);
6665 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6666 				    arvif->vdev_id, peer_addr, ret);
6667 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6668 						  peer_addr, flags);
6669 			if (ret2) {
6670 				WARN_ON(ret2 > 0);
6671 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6672 					    arvif->vdev_id, peer_addr, ret2);
6673 			}
6674 			goto exit;
6675 		}
6676 	}
6677 
6678 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6679 
6680 	spin_lock_bh(&ar->data_lock);
6681 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6682 	if (peer && cmd == SET_KEY)
6683 		peer->keys[key->keyidx] = key;
6684 	else if (peer && cmd == DISABLE_KEY)
6685 		peer->keys[key->keyidx] = NULL;
6686 	else if (peer == NULL)
6687 		/* impossible unless FW goes crazy */
6688 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6689 	spin_unlock_bh(&ar->data_lock);
6690 
6691 	if (sta && sta->tdls)
6692 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6693 					  ar->wmi.peer_param->authorize, 1);
6694 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6695 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6696 					  ar->wmi.peer_param->authorize, 1);
6697 
6698 exit:
6699 	mutex_unlock(&ar->conf_mutex);
6700 	return ret;
6701 }
6702 
6703 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6704 					   struct ieee80211_vif *vif,
6705 					   int keyidx)
6706 {
6707 	struct ath10k *ar = hw->priv;
6708 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6709 	int ret;
6710 
6711 	mutex_lock(&arvif->ar->conf_mutex);
6712 
6713 	if (arvif->ar->state != ATH10K_STATE_ON)
6714 		goto unlock;
6715 
6716 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6717 		   arvif->vdev_id, keyidx);
6718 
6719 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6720 					arvif->vdev_id,
6721 					arvif->ar->wmi.vdev_param->def_keyid,
6722 					keyidx);
6723 
6724 	if (ret) {
6725 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6726 			    arvif->vdev_id,
6727 			    ret);
6728 		goto unlock;
6729 	}
6730 
6731 	arvif->def_wep_key_idx = keyidx;
6732 
6733 unlock:
6734 	mutex_unlock(&arvif->ar->conf_mutex);
6735 }
6736 
6737 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6738 {
6739 	struct ath10k *ar;
6740 	struct ath10k_vif *arvif;
6741 	struct ath10k_sta *arsta;
6742 	struct ieee80211_sta *sta;
6743 	struct cfg80211_chan_def def;
6744 	enum nl80211_band band;
6745 	const u8 *ht_mcs_mask;
6746 	const u16 *vht_mcs_mask;
6747 	u32 changed, bw, nss, smps;
6748 	int err;
6749 
6750 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6751 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6752 	arvif = arsta->arvif;
6753 	ar = arvif->ar;
6754 
6755 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6756 		return;
6757 
6758 	band = def.chan->band;
6759 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6760 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6761 
6762 	spin_lock_bh(&ar->data_lock);
6763 
6764 	changed = arsta->changed;
6765 	arsta->changed = 0;
6766 
6767 	bw = arsta->bw;
6768 	nss = arsta->nss;
6769 	smps = arsta->smps;
6770 
6771 	spin_unlock_bh(&ar->data_lock);
6772 
6773 	mutex_lock(&ar->conf_mutex);
6774 
6775 	nss = max_t(u32, 1, nss);
6776 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6777 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6778 
6779 	if (changed & IEEE80211_RC_BW_CHANGED) {
6780 		enum wmi_phy_mode mode;
6781 
6782 		mode = chan_to_phymode(&def);
6783 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM peer bw %d phymode %d\n",
6784 			   sta->addr, bw, mode);
6785 
6786 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6787 						ar->wmi.peer_param->phymode, mode);
6788 		if (err) {
6789 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6790 				    sta->addr, mode, err);
6791 			goto exit;
6792 		}
6793 
6794 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6795 						ar->wmi.peer_param->chan_width, bw);
6796 		if (err)
6797 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6798 				    sta->addr, bw, err);
6799 	}
6800 
6801 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6802 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM nss %d\n",
6803 			   sta->addr, nss);
6804 
6805 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6806 						ar->wmi.peer_param->nss, nss);
6807 		if (err)
6808 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6809 				    sta->addr, nss, err);
6810 	}
6811 
6812 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6813 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM smps %d\n",
6814 			   sta->addr, smps);
6815 
6816 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6817 						ar->wmi.peer_param->smps_state, smps);
6818 		if (err)
6819 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6820 				    sta->addr, smps, err);
6821 	}
6822 
6823 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6824 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM supp rates\n",
6825 			   sta->addr);
6826 
6827 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6828 		if (err)
6829 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6830 				    sta->addr);
6831 	}
6832 
6833 exit:
6834 	mutex_unlock(&ar->conf_mutex);
6835 }
6836 
6837 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6838 				       struct ieee80211_sta *sta)
6839 {
6840 	struct ath10k *ar = arvif->ar;
6841 
6842 	lockdep_assert_held(&ar->conf_mutex);
6843 
6844 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6845 		return 0;
6846 
6847 	if (ar->num_stations >= ar->max_num_stations)
6848 		return -ENOBUFS;
6849 
6850 	ar->num_stations++;
6851 
6852 	return 0;
6853 }
6854 
6855 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6856 					struct ieee80211_sta *sta)
6857 {
6858 	struct ath10k *ar = arvif->ar;
6859 
6860 	lockdep_assert_held(&ar->conf_mutex);
6861 
6862 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6863 		return;
6864 
6865 	ar->num_stations--;
6866 }
6867 
6868 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6869 				struct ieee80211_vif *vif,
6870 				struct ieee80211_sta *sta)
6871 {
6872 	struct ath10k *ar = hw->priv;
6873 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6874 	int ret = 0;
6875 	s16 txpwr;
6876 
6877 	if (sta->deflink.txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6878 		txpwr = 0;
6879 	} else {
6880 		txpwr = sta->deflink.txpwr.power;
6881 		if (!txpwr)
6882 			return -EINVAL;
6883 	}
6884 
6885 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6886 		return -EINVAL;
6887 
6888 	mutex_lock(&ar->conf_mutex);
6889 
6890 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6891 					ar->wmi.peer_param->use_fixed_power, txpwr);
6892 	if (ret) {
6893 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6894 			    ret);
6895 		goto out;
6896 	}
6897 
6898 out:
6899 	mutex_unlock(&ar->conf_mutex);
6900 	return ret;
6901 }
6902 
6903 struct ath10k_mac_iter_tid_conf_data {
6904 	struct ieee80211_vif *curr_vif;
6905 	struct ath10k *ar;
6906 	bool reset_config;
6907 };
6908 
6909 static bool
6910 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6911 					enum nl80211_band band,
6912 					const struct cfg80211_bitrate_mask *mask,
6913 					int *vht_num_rates)
6914 {
6915 	int num_rates = 0;
6916 	int i, tmp;
6917 
6918 	num_rates += hweight32(mask->control[band].legacy);
6919 
6920 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6921 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6922 
6923 	*vht_num_rates = 0;
6924 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6925 		tmp = hweight16(mask->control[band].vht_mcs[i]);
6926 		num_rates += tmp;
6927 		*vht_num_rates += tmp;
6928 	}
6929 
6930 	return num_rates == 1;
6931 }
6932 
6933 static int
6934 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6935 					enum nl80211_band band,
6936 					const struct cfg80211_bitrate_mask *mask,
6937 					u8 *rate, u8 *nss, bool vht_only)
6938 {
6939 	int rate_idx;
6940 	int i;
6941 	u16 bitrate;
6942 	u8 preamble;
6943 	u8 hw_rate;
6944 
6945 	if (vht_only)
6946 		goto next;
6947 
6948 	if (hweight32(mask->control[band].legacy) == 1) {
6949 		rate_idx = ffs(mask->control[band].legacy) - 1;
6950 
6951 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6952 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6953 
6954 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
6955 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
6956 
6957 		if (ath10k_mac_bitrate_is_cck(bitrate))
6958 			preamble = WMI_RATE_PREAMBLE_CCK;
6959 		else
6960 			preamble = WMI_RATE_PREAMBLE_OFDM;
6961 
6962 		*nss = 1;
6963 		*rate = preamble << 6 |
6964 			(*nss - 1) << 4 |
6965 			hw_rate << 0;
6966 
6967 		return 0;
6968 	}
6969 
6970 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6971 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6972 			*nss = i + 1;
6973 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6974 				(*nss - 1) << 4 |
6975 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6976 
6977 			return 0;
6978 		}
6979 	}
6980 
6981 next:
6982 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6983 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6984 			*nss = i + 1;
6985 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6986 				(*nss - 1) << 4 |
6987 				(ffs(mask->control[band].vht_mcs[i]) - 1);
6988 
6989 			return 0;
6990 		}
6991 	}
6992 
6993 	return -EINVAL;
6994 }
6995 
6996 static int ath10k_mac_validate_rate_mask(struct ath10k *ar,
6997 					 struct ieee80211_sta *sta,
6998 					 u32 rate_ctrl_flag, u8 nss)
6999 {
7000 	struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
7001 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
7002 
7003 	if (nss > sta->deflink.rx_nss) {
7004 		ath10k_warn(ar, "Invalid nss field, configured %u limit %u\n",
7005 			    nss, sta->deflink.rx_nss);
7006 		return -EINVAL;
7007 	}
7008 
7009 	if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_VHT) {
7010 		if (!vht_cap->vht_supported) {
7011 			ath10k_warn(ar, "Invalid VHT rate for sta %pM\n",
7012 				    sta->addr);
7013 			return -EINVAL;
7014 		}
7015 	} else if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_HT) {
7016 		if (!ht_cap->ht_supported || vht_cap->vht_supported) {
7017 			ath10k_warn(ar, "Invalid HT rate for sta %pM\n",
7018 				    sta->addr);
7019 			return -EINVAL;
7020 		}
7021 	} else {
7022 		if (ht_cap->ht_supported || vht_cap->vht_supported)
7023 			return -EINVAL;
7024 	}
7025 
7026 	return 0;
7027 }
7028 
7029 static int
7030 ath10k_mac_tid_bitrate_config(struct ath10k *ar,
7031 			      struct ieee80211_vif *vif,
7032 			      struct ieee80211_sta *sta,
7033 			      u32 *rate_ctrl_flag, u8 *rate_ctrl,
7034 			      enum nl80211_tx_rate_setting txrate_type,
7035 			      const struct cfg80211_bitrate_mask *mask)
7036 {
7037 	struct cfg80211_chan_def def;
7038 	enum nl80211_band band;
7039 	u8 nss, rate;
7040 	int vht_num_rates, ret;
7041 
7042 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
7043 		return -EINVAL;
7044 
7045 	if (txrate_type == NL80211_TX_RATE_AUTOMATIC) {
7046 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7047 		*rate_ctrl_flag = 0;
7048 		return 0;
7049 	}
7050 
7051 	band = def.chan->band;
7052 
7053 	if (!ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
7054 						     &vht_num_rates)) {
7055 		return -EINVAL;
7056 	}
7057 
7058 	ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
7059 						      &rate, &nss, false);
7060 	if (ret) {
7061 		ath10k_warn(ar, "failed to get single rate: %d\n",
7062 			    ret);
7063 		return ret;
7064 	}
7065 
7066 	*rate_ctrl_flag = rate;
7067 
7068 	if (sta && ath10k_mac_validate_rate_mask(ar, sta, *rate_ctrl_flag, nss))
7069 		return -EINVAL;
7070 
7071 	if (txrate_type == NL80211_TX_RATE_FIXED)
7072 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_FIXED_RATE;
7073 	else if (txrate_type == NL80211_TX_RATE_LIMITED &&
7074 		 (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
7075 			   ar->wmi.svc_map)))
7076 		*rate_ctrl = WMI_PEER_TID_CONFIG_RATE_UPPER_CAP;
7077 	else
7078 		return -EOPNOTSUPP;
7079 
7080 	return 0;
7081 }
7082 
7083 static int ath10k_mac_set_tid_config(struct ath10k *ar, struct ieee80211_sta *sta,
7084 				     struct ieee80211_vif *vif, u32 changed,
7085 				     struct wmi_per_peer_per_tid_cfg_arg *arg)
7086 {
7087 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7088 	struct ath10k_sta *arsta;
7089 	int ret;
7090 
7091 	if (sta) {
7092 		if (!sta->wme)
7093 			return -EOPNOTSUPP;
7094 
7095 		arsta = (struct ath10k_sta *)sta->drv_priv;
7096 
7097 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7098 			if ((arsta->retry_long[arg->tid] > 0 ||
7099 			     arsta->rate_code[arg->tid] > 0 ||
7100 			     arsta->ampdu[arg->tid] ==
7101 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7102 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7103 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7104 				arg->ack_policy = 0;
7105 				arg->aggr_control = 0;
7106 				arg->rate_ctrl = 0;
7107 				arg->rcode_flags = 0;
7108 			}
7109 		}
7110 
7111 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7112 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7113 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7114 				arg->aggr_control = 0;
7115 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7116 			}
7117 		}
7118 
7119 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7120 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7121 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7122 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7123 				arg->rate_ctrl = 0;
7124 				arg->rcode_flags = 0;
7125 			}
7126 		}
7127 
7128 		ether_addr_copy(arg->peer_macaddr.addr, sta->addr);
7129 
7130 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, arg);
7131 		if (ret)
7132 			return ret;
7133 
7134 		/* Store the configured parameters in success case */
7135 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7136 			arsta->noack[arg->tid] = arg->ack_policy;
7137 			arg->ack_policy = 0;
7138 			arg->aggr_control = 0;
7139 			arg->rate_ctrl = 0;
7140 			arg->rcode_flags = 0;
7141 		}
7142 
7143 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7144 			arsta->retry_long[arg->tid] = arg->retry_count;
7145 			arg->retry_count = 0;
7146 		}
7147 
7148 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7149 			arsta->ampdu[arg->tid] = arg->aggr_control;
7150 			arg->aggr_control = 0;
7151 		}
7152 
7153 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7154 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7155 			arsta->rate_ctrl[arg->tid] = arg->rate_ctrl;
7156 			arg->rate_ctrl = 0;
7157 			arg->rcode_flags = 0;
7158 		}
7159 
7160 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7161 			arsta->rtscts[arg->tid] = arg->rtscts_ctrl;
7162 			arg->ext_tid_cfg_bitmap = 0;
7163 		}
7164 	} else {
7165 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7166 			if ((arvif->retry_long[arg->tid] ||
7167 			     arvif->rate_code[arg->tid] ||
7168 			     arvif->ampdu[arg->tid] ==
7169 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7170 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7171 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7172 			} else {
7173 				arvif->noack[arg->tid] = arg->ack_policy;
7174 				arvif->ampdu[arg->tid] = arg->aggr_control;
7175 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7176 			}
7177 		}
7178 
7179 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7180 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7181 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7182 			else
7183 				arvif->retry_long[arg->tid] = arg->retry_count;
7184 		}
7185 
7186 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7187 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7188 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
7189 			else
7190 				arvif->ampdu[arg->tid] = arg->aggr_control;
7191 		}
7192 
7193 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7194 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7195 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7196 				changed &= ~(BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7197 					     BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE));
7198 			} else {
7199 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7200 				arvif->rate_code[arg->tid] = arg->rcode_flags;
7201 			}
7202 		}
7203 
7204 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7205 			arvif->rtscts[arg->tid] = arg->rtscts_ctrl;
7206 			arg->ext_tid_cfg_bitmap = 0;
7207 		}
7208 
7209 		if (changed)
7210 			arvif->tid_conf_changed[arg->tid] |= changed;
7211 	}
7212 
7213 	return 0;
7214 }
7215 
7216 static int
7217 ath10k_mac_parse_tid_config(struct ath10k *ar,
7218 			    struct ieee80211_sta *sta,
7219 			    struct ieee80211_vif *vif,
7220 			    struct cfg80211_tid_cfg *tid_conf,
7221 			    struct wmi_per_peer_per_tid_cfg_arg *arg)
7222 {
7223 	u32 changed = tid_conf->mask;
7224 	int ret = 0, i = 0;
7225 
7226 	if (!changed)
7227 		return -EINVAL;
7228 
7229 	while (i < ATH10K_TID_MAX) {
7230 		if (!(tid_conf->tids & BIT(i))) {
7231 			i++;
7232 			continue;
7233 		}
7234 
7235 		arg->tid = i;
7236 
7237 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7238 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE) {
7239 				arg->ack_policy = WMI_PEER_TID_CONFIG_NOACK;
7240 				arg->rate_ctrl =
7241 				WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
7242 				arg->aggr_control =
7243 					WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7244 			} else {
7245 				arg->ack_policy =
7246 					WMI_PEER_TID_CONFIG_ACK;
7247 				arg->rate_ctrl =
7248 					WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7249 				arg->aggr_control =
7250 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7251 			}
7252 		}
7253 
7254 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG))
7255 			arg->retry_count = tid_conf->retry_long;
7256 
7257 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7258 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE)
7259 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7260 			else
7261 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7262 		}
7263 
7264 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7265 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7266 			ret = ath10k_mac_tid_bitrate_config(ar, vif, sta,
7267 							    &arg->rcode_flags,
7268 							    &arg->rate_ctrl,
7269 							    tid_conf->txrate_type,
7270 							&tid_conf->txrate_mask);
7271 			if (ret) {
7272 				ath10k_warn(ar, "failed to configure bitrate mask %d\n",
7273 					    ret);
7274 				arg->rcode_flags = 0;
7275 				arg->rate_ctrl = 0;
7276 			}
7277 		}
7278 
7279 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7280 			if (tid_conf->rtscts)
7281 				arg->rtscts_ctrl = tid_conf->rtscts;
7282 
7283 			arg->ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7284 		}
7285 
7286 		ret = ath10k_mac_set_tid_config(ar, sta, vif, changed, arg);
7287 		if (ret)
7288 			return ret;
7289 		i++;
7290 	}
7291 
7292 	return ret;
7293 }
7294 
7295 static int ath10k_mac_reset_tid_config(struct ath10k *ar,
7296 				       struct ieee80211_sta *sta,
7297 				       struct ath10k_vif *arvif,
7298 				       u8 tids)
7299 {
7300 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7301 	struct wmi_per_peer_per_tid_cfg_arg arg;
7302 	int ret = 0, i = 0;
7303 
7304 	arg.vdev_id = arvif->vdev_id;
7305 	while (i < ATH10K_TID_MAX) {
7306 		if (!(tids & BIT(i))) {
7307 			i++;
7308 			continue;
7309 		}
7310 
7311 		arg.tid = i;
7312 		arg.ack_policy = WMI_PEER_TID_CONFIG_ACK;
7313 		arg.retry_count = ATH10K_MAX_RETRY_COUNT;
7314 		arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7315 		arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7316 		arg.rtscts_ctrl = WMI_TID_CONFIG_RTSCTS_CONTROL_ENABLE;
7317 		arg.ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7318 
7319 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7320 
7321 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7322 		if (ret)
7323 			return ret;
7324 
7325 		if (!arvif->tids_rst) {
7326 			arsta->retry_long[i] = -1;
7327 			arsta->noack[i] = -1;
7328 			arsta->ampdu[i] = -1;
7329 			arsta->rate_code[i] = -1;
7330 			arsta->rate_ctrl[i] = 0;
7331 			arsta->rtscts[i] = -1;
7332 		} else {
7333 			arvif->retry_long[i] = 0;
7334 			arvif->noack[i] = 0;
7335 			arvif->ampdu[i] = 0;
7336 			arvif->rate_code[i] = 0;
7337 			arvif->rate_ctrl[i] = 0;
7338 			arvif->rtscts[i] = 0;
7339 		}
7340 
7341 		i++;
7342 	}
7343 
7344 	return ret;
7345 }
7346 
7347 static void ath10k_sta_tid_cfg_wk(struct work_struct *wk)
7348 {
7349 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
7350 	struct ieee80211_sta *sta;
7351 	struct ath10k_sta *arsta;
7352 	struct ath10k_vif *arvif;
7353 	struct ath10k *ar;
7354 	bool config_apply;
7355 	int ret, i;
7356 	u32 changed;
7357 	u8 nss;
7358 
7359 	arsta = container_of(wk, struct ath10k_sta, tid_config_wk);
7360 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
7361 	arvif = arsta->arvif;
7362 	ar = arvif->ar;
7363 
7364 	mutex_lock(&ar->conf_mutex);
7365 
7366 	if (arvif->tids_rst) {
7367 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif,
7368 						  arvif->tids_rst);
7369 		goto exit;
7370 	}
7371 
7372 	ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7373 
7374 	for (i = 0; i < ATH10K_TID_MAX; i++) {
7375 		config_apply = false;
7376 		changed = arvif->tid_conf_changed[i];
7377 
7378 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7379 			if (arsta->noack[i] != -1) {
7380 				arg.ack_policy  = 0;
7381 			} else {
7382 				config_apply = true;
7383 				arg.ack_policy = arvif->noack[i];
7384 				arg.aggr_control = arvif->ampdu[i];
7385 				arg.rate_ctrl = arvif->rate_ctrl[i];
7386 			}
7387 		}
7388 
7389 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7390 			if (arsta->retry_long[i] != -1 ||
7391 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7392 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7393 				arg.retry_count = 0;
7394 			} else {
7395 				arg.retry_count = arvif->retry_long[i];
7396 				config_apply = true;
7397 			}
7398 		}
7399 
7400 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7401 			if (arsta->ampdu[i] != -1 ||
7402 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7403 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7404 				arg.aggr_control = 0;
7405 			} else {
7406 				arg.aggr_control = arvif->ampdu[i];
7407 				config_apply = true;
7408 			}
7409 		}
7410 
7411 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7412 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7413 			nss = ATH10K_HW_NSS(arvif->rate_code[i]);
7414 			ret = ath10k_mac_validate_rate_mask(ar, sta,
7415 							    arvif->rate_code[i],
7416 							    nss);
7417 			if (ret &&
7418 			    arvif->rate_ctrl[i] > WMI_TID_CONFIG_RATE_CONTROL_AUTO) {
7419 				arg.rate_ctrl = 0;
7420 				arg.rcode_flags = 0;
7421 			}
7422 
7423 			if (arsta->rate_ctrl[i] >
7424 			    WMI_TID_CONFIG_RATE_CONTROL_AUTO ||
7425 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7426 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7427 				arg.rate_ctrl = 0;
7428 				arg.rcode_flags = 0;
7429 			} else {
7430 				arg.rate_ctrl = arvif->rate_ctrl[i];
7431 				arg.rcode_flags = arvif->rate_code[i];
7432 				config_apply = true;
7433 			}
7434 		}
7435 
7436 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7437 			if (arsta->rtscts[i]) {
7438 				arg.rtscts_ctrl = 0;
7439 				arg.ext_tid_cfg_bitmap = 0;
7440 			} else {
7441 				arg.rtscts_ctrl = arvif->rtscts[i] - 1;
7442 				arg.ext_tid_cfg_bitmap =
7443 					WMI_EXT_TID_RTS_CTS_CONFIG;
7444 				config_apply = true;
7445 			}
7446 		}
7447 
7448 		arg.tid = i;
7449 
7450 		if (config_apply) {
7451 			ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7452 			if (ret)
7453 				ath10k_warn(ar, "failed to set per tid config for sta %pM: %d\n",
7454 					    sta->addr, ret);
7455 		}
7456 
7457 		arg.ack_policy  = 0;
7458 		arg.retry_count  = 0;
7459 		arg.aggr_control  = 0;
7460 		arg.rate_ctrl = 0;
7461 		arg.rcode_flags = 0;
7462 	}
7463 
7464 exit:
7465 	mutex_unlock(&ar->conf_mutex);
7466 }
7467 
7468 static void ath10k_mac_vif_stations_tid_conf(void *data,
7469 					     struct ieee80211_sta *sta)
7470 {
7471 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7472 	struct ath10k_mac_iter_tid_conf_data *iter_data = data;
7473 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
7474 
7475 	if (sta_vif != iter_data->curr_vif || !sta->wme)
7476 		return;
7477 
7478 	ieee80211_queue_work(iter_data->ar->hw, &arsta->tid_config_wk);
7479 }
7480 
7481 static int ath10k_sta_state(struct ieee80211_hw *hw,
7482 			    struct ieee80211_vif *vif,
7483 			    struct ieee80211_sta *sta,
7484 			    enum ieee80211_sta_state old_state,
7485 			    enum ieee80211_sta_state new_state)
7486 {
7487 	struct ath10k *ar = hw->priv;
7488 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7489 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7490 	struct ath10k_peer *peer;
7491 	int ret = 0;
7492 	int i;
7493 
7494 	if (old_state == IEEE80211_STA_NOTEXIST &&
7495 	    new_state == IEEE80211_STA_NONE) {
7496 		memset(arsta, 0, sizeof(*arsta));
7497 		arsta->arvif = arvif;
7498 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
7499 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
7500 		INIT_WORK(&arsta->tid_config_wk, ath10k_sta_tid_cfg_wk);
7501 
7502 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7503 			ath10k_mac_txq_init(sta->txq[i]);
7504 	}
7505 
7506 	/* cancel must be done outside the mutex to avoid deadlock */
7507 	if ((old_state == IEEE80211_STA_NONE &&
7508 	     new_state == IEEE80211_STA_NOTEXIST)) {
7509 		cancel_work_sync(&arsta->update_wk);
7510 		cancel_work_sync(&arsta->tid_config_wk);
7511 	}
7512 
7513 	mutex_lock(&ar->conf_mutex);
7514 
7515 	if (old_state == IEEE80211_STA_NOTEXIST &&
7516 	    new_state == IEEE80211_STA_NONE) {
7517 		/*
7518 		 * New station addition.
7519 		 */
7520 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
7521 		u32 num_tdls_stations;
7522 
7523 		ath10k_dbg(ar, ATH10K_DBG_STA,
7524 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
7525 			   arvif->vdev_id, sta->addr,
7526 			   ar->num_stations + 1, ar->max_num_stations,
7527 			   ar->num_peers + 1, ar->max_num_peers);
7528 
7529 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
7530 
7531 		if (sta->tdls) {
7532 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
7533 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
7534 					    arvif->vdev_id,
7535 					    ar->max_num_tdls_vdevs);
7536 				ret = -ELNRNG;
7537 				goto exit;
7538 			}
7539 			peer_type = WMI_PEER_TYPE_TDLS;
7540 		}
7541 
7542 		ret = ath10k_mac_inc_num_stations(arvif, sta);
7543 		if (ret) {
7544 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
7545 				    ar->max_num_stations);
7546 			goto exit;
7547 		}
7548 
7549 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7550 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
7551 						  GFP_KERNEL);
7552 			if (!arsta->tx_stats) {
7553 				ath10k_mac_dec_num_stations(arvif, sta);
7554 				ret = -ENOMEM;
7555 				goto exit;
7556 			}
7557 		}
7558 
7559 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
7560 					 sta->addr, peer_type);
7561 		if (ret) {
7562 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
7563 				    sta->addr, arvif->vdev_id, ret);
7564 			ath10k_mac_dec_num_stations(arvif, sta);
7565 			kfree(arsta->tx_stats);
7566 			goto exit;
7567 		}
7568 
7569 		spin_lock_bh(&ar->data_lock);
7570 
7571 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7572 		if (!peer) {
7573 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
7574 				    vif->addr, arvif->vdev_id);
7575 			spin_unlock_bh(&ar->data_lock);
7576 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7577 			ath10k_mac_dec_num_stations(arvif, sta);
7578 			kfree(arsta->tx_stats);
7579 			ret = -ENOENT;
7580 			goto exit;
7581 		}
7582 
7583 		arsta->peer_id = find_first_bit(peer->peer_ids,
7584 						ATH10K_MAX_NUM_PEER_IDS);
7585 
7586 		spin_unlock_bh(&ar->data_lock);
7587 
7588 		if (!sta->tdls)
7589 			goto exit;
7590 
7591 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7592 						      WMI_TDLS_ENABLE_ACTIVE);
7593 		if (ret) {
7594 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7595 				    arvif->vdev_id, ret);
7596 			ath10k_peer_delete(ar, arvif->vdev_id,
7597 					   sta->addr);
7598 			ath10k_mac_dec_num_stations(arvif, sta);
7599 			kfree(arsta->tx_stats);
7600 			goto exit;
7601 		}
7602 
7603 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7604 						  WMI_TDLS_PEER_STATE_PEERING);
7605 		if (ret) {
7606 			ath10k_warn(ar,
7607 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
7608 				    sta->addr, arvif->vdev_id, ret);
7609 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7610 			ath10k_mac_dec_num_stations(arvif, sta);
7611 			kfree(arsta->tx_stats);
7612 
7613 			if (num_tdls_stations != 0)
7614 				goto exit;
7615 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7616 							WMI_TDLS_DISABLE);
7617 		}
7618 	} else if ((old_state == IEEE80211_STA_NONE &&
7619 		    new_state == IEEE80211_STA_NOTEXIST)) {
7620 		/*
7621 		 * Existing station deletion.
7622 		 */
7623 		ath10k_dbg(ar, ATH10K_DBG_STA,
7624 			   "mac vdev %d peer delete %pM sta %p (sta gone)\n",
7625 			   arvif->vdev_id, sta->addr, sta);
7626 
7627 		if (sta->tdls) {
7628 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
7629 							  sta,
7630 							  WMI_TDLS_PEER_STATE_TEARDOWN);
7631 			if (ret)
7632 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
7633 					    sta->addr,
7634 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
7635 		}
7636 
7637 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7638 		if (ret)
7639 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
7640 				    sta->addr, arvif->vdev_id, ret);
7641 
7642 		ath10k_mac_dec_num_stations(arvif, sta);
7643 
7644 		spin_lock_bh(&ar->data_lock);
7645 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
7646 			peer = ar->peer_map[i];
7647 			if (!peer)
7648 				continue;
7649 
7650 			if (peer->sta == sta) {
7651 				ath10k_warn(ar, "found sta peer %pM (ptr %p id %d) entry on vdev %i after it was supposedly removed\n",
7652 					    sta->addr, peer, i, arvif->vdev_id);
7653 				peer->sta = NULL;
7654 
7655 				/* Clean up the peer object as well since we
7656 				 * must have failed to do this above.
7657 				 */
7658 				ath10k_peer_map_cleanup(ar, peer);
7659 			}
7660 		}
7661 		spin_unlock_bh(&ar->data_lock);
7662 
7663 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7664 			kfree(arsta->tx_stats);
7665 			arsta->tx_stats = NULL;
7666 		}
7667 
7668 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7669 			ath10k_mac_txq_unref(ar, sta->txq[i]);
7670 
7671 		if (!sta->tdls)
7672 			goto exit;
7673 
7674 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
7675 			goto exit;
7676 
7677 		/* This was the last tdls peer in current vif */
7678 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7679 						      WMI_TDLS_DISABLE);
7680 		if (ret) {
7681 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7682 				    arvif->vdev_id, ret);
7683 		}
7684 	} else if (old_state == IEEE80211_STA_AUTH &&
7685 		   new_state == IEEE80211_STA_ASSOC &&
7686 		   (vif->type == NL80211_IFTYPE_AP ||
7687 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
7688 		    vif->type == NL80211_IFTYPE_ADHOC)) {
7689 		/*
7690 		 * New association.
7691 		 */
7692 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM associated\n",
7693 			   sta->addr);
7694 
7695 		ret = ath10k_station_assoc(ar, vif, sta, false);
7696 		if (ret)
7697 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
7698 				    sta->addr, arvif->vdev_id, ret);
7699 	} else if (old_state == IEEE80211_STA_ASSOC &&
7700 		   new_state == IEEE80211_STA_AUTHORIZED &&
7701 		   sta->tdls) {
7702 		/*
7703 		 * Tdls station authorized.
7704 		 */
7705 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac tdls sta %pM authorized\n",
7706 			   sta->addr);
7707 
7708 		ret = ath10k_station_assoc(ar, vif, sta, false);
7709 		if (ret) {
7710 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
7711 				    sta->addr, arvif->vdev_id, ret);
7712 			goto exit;
7713 		}
7714 
7715 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7716 						  WMI_TDLS_PEER_STATE_CONNECTED);
7717 		if (ret)
7718 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
7719 				    sta->addr, arvif->vdev_id, ret);
7720 	} else if (old_state == IEEE80211_STA_ASSOC &&
7721 		    new_state == IEEE80211_STA_AUTH &&
7722 		    (vif->type == NL80211_IFTYPE_AP ||
7723 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
7724 		     vif->type == NL80211_IFTYPE_ADHOC)) {
7725 		/*
7726 		 * Disassociation.
7727 		 */
7728 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM disassociated\n",
7729 			   sta->addr);
7730 
7731 		ret = ath10k_station_disassoc(ar, vif, sta);
7732 		if (ret)
7733 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
7734 				    sta->addr, arvif->vdev_id, ret);
7735 	}
7736 exit:
7737 	mutex_unlock(&ar->conf_mutex);
7738 	return ret;
7739 }
7740 
7741 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
7742 				u16 ac, bool enable)
7743 {
7744 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7745 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
7746 	u32 prio = 0, acc = 0;
7747 	u32 value = 0;
7748 	int ret = 0;
7749 
7750 	lockdep_assert_held(&ar->conf_mutex);
7751 
7752 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
7753 		return 0;
7754 
7755 	switch (ac) {
7756 	case IEEE80211_AC_VO:
7757 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
7758 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
7759 		prio = 7;
7760 		acc = 3;
7761 		break;
7762 	case IEEE80211_AC_VI:
7763 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
7764 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
7765 		prio = 5;
7766 		acc = 2;
7767 		break;
7768 	case IEEE80211_AC_BE:
7769 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
7770 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
7771 		prio = 2;
7772 		acc = 1;
7773 		break;
7774 	case IEEE80211_AC_BK:
7775 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
7776 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
7777 		prio = 0;
7778 		acc = 0;
7779 		break;
7780 	}
7781 
7782 	if (enable)
7783 		arvif->u.sta.uapsd |= value;
7784 	else
7785 		arvif->u.sta.uapsd &= ~value;
7786 
7787 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7788 					  WMI_STA_PS_PARAM_UAPSD,
7789 					  arvif->u.sta.uapsd);
7790 	if (ret) {
7791 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
7792 		goto exit;
7793 	}
7794 
7795 	if (arvif->u.sta.uapsd)
7796 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
7797 	else
7798 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
7799 
7800 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7801 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
7802 					  value);
7803 	if (ret)
7804 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
7805 
7806 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
7807 	if (ret) {
7808 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
7809 			    arvif->vdev_id, ret);
7810 		return ret;
7811 	}
7812 
7813 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
7814 	if (ret) {
7815 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
7816 			    arvif->vdev_id, ret);
7817 		return ret;
7818 	}
7819 
7820 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
7821 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
7822 		/* Only userspace can make an educated decision when to send
7823 		 * trigger frame. The following effectively disables u-UAPSD
7824 		 * autotrigger in firmware (which is enabled by default
7825 		 * provided the autotrigger service is available).
7826 		 */
7827 
7828 		arg.wmm_ac = acc;
7829 		arg.user_priority = prio;
7830 		arg.service_interval = 0;
7831 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7832 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7833 
7834 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
7835 						arvif->bssid, &arg, 1);
7836 		if (ret) {
7837 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
7838 				    ret);
7839 			return ret;
7840 		}
7841 	}
7842 
7843 exit:
7844 	return ret;
7845 }
7846 
7847 static int ath10k_conf_tx(struct ieee80211_hw *hw,
7848 			  struct ieee80211_vif *vif,
7849 			  unsigned int link_id, u16 ac,
7850 			  const struct ieee80211_tx_queue_params *params)
7851 {
7852 	struct ath10k *ar = hw->priv;
7853 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7854 	struct wmi_wmm_params_arg *p = NULL;
7855 	int ret;
7856 
7857 	mutex_lock(&ar->conf_mutex);
7858 
7859 	switch (ac) {
7860 	case IEEE80211_AC_VO:
7861 		p = &arvif->wmm_params.ac_vo;
7862 		break;
7863 	case IEEE80211_AC_VI:
7864 		p = &arvif->wmm_params.ac_vi;
7865 		break;
7866 	case IEEE80211_AC_BE:
7867 		p = &arvif->wmm_params.ac_be;
7868 		break;
7869 	case IEEE80211_AC_BK:
7870 		p = &arvif->wmm_params.ac_bk;
7871 		break;
7872 	}
7873 
7874 	if (WARN_ON(!p)) {
7875 		ret = -EINVAL;
7876 		goto exit;
7877 	}
7878 
7879 	p->cwmin = params->cw_min;
7880 	p->cwmax = params->cw_max;
7881 	p->aifs = params->aifs;
7882 
7883 	/*
7884 	 * The channel time duration programmed in the HW is in absolute
7885 	 * microseconds, while mac80211 gives the txop in units of
7886 	 * 32 microseconds.
7887 	 */
7888 	p->txop = params->txop * 32;
7889 
7890 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
7891 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
7892 					       &arvif->wmm_params);
7893 		if (ret) {
7894 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
7895 				    arvif->vdev_id, ret);
7896 			goto exit;
7897 		}
7898 	} else {
7899 		/* This won't work well with multi-interface cases but it's
7900 		 * better than nothing.
7901 		 */
7902 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
7903 		if (ret) {
7904 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
7905 			goto exit;
7906 		}
7907 	}
7908 
7909 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
7910 	if (ret)
7911 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
7912 
7913 exit:
7914 	mutex_unlock(&ar->conf_mutex);
7915 	return ret;
7916 }
7917 
7918 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
7919 				    struct ieee80211_vif *vif,
7920 				    struct ieee80211_channel *chan,
7921 				    int duration,
7922 				    enum ieee80211_roc_type type)
7923 {
7924 	struct ath10k *ar = hw->priv;
7925 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7926 	struct wmi_start_scan_arg *arg = NULL;
7927 	int ret = 0;
7928 	u32 scan_time_msec;
7929 
7930 	mutex_lock(&ar->conf_mutex);
7931 
7932 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
7933 		ret = -EBUSY;
7934 		goto exit;
7935 	}
7936 
7937 	spin_lock_bh(&ar->data_lock);
7938 	switch (ar->scan.state) {
7939 	case ATH10K_SCAN_IDLE:
7940 		reinit_completion(&ar->scan.started);
7941 		reinit_completion(&ar->scan.completed);
7942 		reinit_completion(&ar->scan.on_channel);
7943 		ar->scan.state = ATH10K_SCAN_STARTING;
7944 		ar->scan.is_roc = true;
7945 		ar->scan.vdev_id = arvif->vdev_id;
7946 		ar->scan.roc_freq = chan->center_freq;
7947 		ar->scan.roc_notify = true;
7948 		ret = 0;
7949 		break;
7950 	case ATH10K_SCAN_STARTING:
7951 	case ATH10K_SCAN_RUNNING:
7952 	case ATH10K_SCAN_ABORTING:
7953 		ret = -EBUSY;
7954 		break;
7955 	}
7956 	spin_unlock_bh(&ar->data_lock);
7957 
7958 	if (ret)
7959 		goto exit;
7960 
7961 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7962 
7963 	arg = kzalloc(sizeof(*arg), GFP_KERNEL);
7964 	if (!arg) {
7965 		ret = -ENOMEM;
7966 		goto exit;
7967 	}
7968 
7969 	ath10k_wmi_start_scan_init(ar, arg);
7970 	arg->vdev_id = arvif->vdev_id;
7971 	arg->scan_id = ATH10K_SCAN_ID;
7972 	arg->n_channels = 1;
7973 	arg->channels[0] = chan->center_freq;
7974 	arg->dwell_time_active = scan_time_msec;
7975 	arg->dwell_time_passive = scan_time_msec;
7976 	arg->max_scan_time = scan_time_msec;
7977 	arg->scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7978 	arg->scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7979 	arg->burst_duration_ms = duration;
7980 
7981 	ret = ath10k_start_scan(ar, arg);
7982 	if (ret) {
7983 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7984 		spin_lock_bh(&ar->data_lock);
7985 		ar->scan.state = ATH10K_SCAN_IDLE;
7986 		spin_unlock_bh(&ar->data_lock);
7987 		goto exit;
7988 	}
7989 
7990 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
7991 	if (ret == 0) {
7992 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
7993 
7994 		ret = ath10k_scan_stop(ar);
7995 		if (ret)
7996 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
7997 
7998 		ret = -ETIMEDOUT;
7999 		goto exit;
8000 	}
8001 
8002 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
8003 				     msecs_to_jiffies(duration));
8004 
8005 	ret = 0;
8006 exit:
8007 	kfree(arg);
8008 
8009 	mutex_unlock(&ar->conf_mutex);
8010 	return ret;
8011 }
8012 
8013 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
8014 					   struct ieee80211_vif *vif)
8015 {
8016 	struct ath10k *ar = hw->priv;
8017 
8018 	mutex_lock(&ar->conf_mutex);
8019 
8020 	spin_lock_bh(&ar->data_lock);
8021 	ar->scan.roc_notify = false;
8022 	spin_unlock_bh(&ar->data_lock);
8023 
8024 	ath10k_scan_abort(ar);
8025 
8026 	mutex_unlock(&ar->conf_mutex);
8027 
8028 	cancel_delayed_work_sync(&ar->scan.timeout);
8029 
8030 	return 0;
8031 }
8032 
8033 /*
8034  * Both RTS and Fragmentation threshold are interface-specific
8035  * in ath10k, but device-specific in mac80211.
8036  */
8037 
8038 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
8039 {
8040 	struct ath10k *ar = hw->priv;
8041 	struct ath10k_vif *arvif;
8042 	int ret = 0;
8043 
8044 	mutex_lock(&ar->conf_mutex);
8045 	list_for_each_entry(arvif, &ar->arvifs, list) {
8046 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
8047 			   arvif->vdev_id, value);
8048 
8049 		ret = ath10k_mac_set_rts(arvif, value);
8050 		if (ret) {
8051 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
8052 				    arvif->vdev_id, ret);
8053 			break;
8054 		}
8055 	}
8056 	mutex_unlock(&ar->conf_mutex);
8057 
8058 	return ret;
8059 }
8060 
8061 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
8062 {
8063 	/* Even though there's a WMI enum for fragmentation threshold no known
8064 	 * firmware actually implements it. Moreover it is not possible to rely
8065 	 * frame fragmentation to mac80211 because firmware clears the "more
8066 	 * fragments" bit in frame control making it impossible for remote
8067 	 * devices to reassemble frames.
8068 	 *
8069 	 * Hence implement a dummy callback just to say fragmentation isn't
8070 	 * supported. This effectively prevents mac80211 from doing frame
8071 	 * fragmentation in software.
8072 	 */
8073 	return -EOPNOTSUPP;
8074 }
8075 
8076 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
8077 {
8078 	bool skip;
8079 	long time_left;
8080 
8081 	/* mac80211 doesn't care if we really xmit queued frames or not
8082 	 * we'll collect those frames either way if we stop/delete vdevs
8083 	 */
8084 
8085 	if (ar->state == ATH10K_STATE_WEDGED)
8086 		return;
8087 
8088 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
8089 			bool empty;
8090 
8091 			spin_lock_bh(&ar->htt.tx_lock);
8092 			empty = (ar->htt.num_pending_tx == 0);
8093 			spin_unlock_bh(&ar->htt.tx_lock);
8094 
8095 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
8096 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
8097 					&ar->dev_flags);
8098 
8099 			(empty || skip);
8100 		}), ATH10K_FLUSH_TIMEOUT_HZ);
8101 
8102 	if (time_left == 0 || skip)
8103 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
8104 			    skip, ar->state, time_left);
8105 }
8106 
8107 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
8108 			 u32 queues, bool drop)
8109 {
8110 	struct ath10k *ar = hw->priv;
8111 	struct ath10k_vif *arvif;
8112 	u32 bitmap;
8113 
8114 	if (drop) {
8115 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
8116 			bitmap = ~(1 << WMI_MGMT_TID);
8117 			list_for_each_entry(arvif, &ar->arvifs, list) {
8118 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
8119 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
8120 							      arvif->bssid, bitmap);
8121 			}
8122 			ath10k_htt_flush_tx(&ar->htt);
8123 		}
8124 		return;
8125 	}
8126 
8127 	mutex_lock(&ar->conf_mutex);
8128 	ath10k_mac_wait_tx_complete(ar);
8129 	mutex_unlock(&ar->conf_mutex);
8130 }
8131 
8132 /* TODO: Implement this function properly
8133  * For now it is needed to reply to Probe Requests in IBSS mode.
8134  * Probably we need this information from FW.
8135  */
8136 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
8137 {
8138 	return 1;
8139 }
8140 
8141 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
8142 				     enum ieee80211_reconfig_type reconfig_type)
8143 {
8144 	struct ath10k *ar = hw->priv;
8145 	struct ath10k_vif *arvif;
8146 
8147 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
8148 		return;
8149 
8150 	mutex_lock(&ar->conf_mutex);
8151 
8152 	/* If device failed to restart it will be in a different state, e.g.
8153 	 * ATH10K_STATE_WEDGED
8154 	 */
8155 	if (ar->state == ATH10K_STATE_RESTARTED) {
8156 		ath10k_info(ar, "device successfully recovered\n");
8157 		ar->state = ATH10K_STATE_ON;
8158 		ieee80211_wake_queues(ar->hw);
8159 		clear_bit(ATH10K_FLAG_RESTARTING, &ar->dev_flags);
8160 		if (ar->hw_params.hw_restart_disconnect) {
8161 			list_for_each_entry(arvif, &ar->arvifs, list) {
8162 				if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
8163 					ieee80211_hw_restart_disconnect(arvif->vif);
8164 				}
8165 		}
8166 	}
8167 
8168 	mutex_unlock(&ar->conf_mutex);
8169 }
8170 
8171 static void
8172 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
8173 				  struct ieee80211_channel *channel)
8174 {
8175 	int ret;
8176 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
8177 
8178 	lockdep_assert_held(&ar->conf_mutex);
8179 
8180 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
8181 	    (ar->rx_channel != channel))
8182 		return;
8183 
8184 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
8185 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
8186 		return;
8187 	}
8188 
8189 	reinit_completion(&ar->bss_survey_done);
8190 
8191 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
8192 	if (ret) {
8193 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
8194 		return;
8195 	}
8196 
8197 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
8198 	if (!ret) {
8199 		ath10k_warn(ar, "bss channel survey timed out\n");
8200 		return;
8201 	}
8202 }
8203 
8204 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
8205 			     struct survey_info *survey)
8206 {
8207 	struct ath10k *ar = hw->priv;
8208 	struct ieee80211_supported_band *sband;
8209 	struct survey_info *ar_survey = &ar->survey[idx];
8210 	int ret = 0;
8211 
8212 	mutex_lock(&ar->conf_mutex);
8213 
8214 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
8215 	if (sband && idx >= sband->n_channels) {
8216 		idx -= sband->n_channels;
8217 		sband = NULL;
8218 	}
8219 
8220 	if (!sband)
8221 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
8222 
8223 	if (!sband || idx >= sband->n_channels) {
8224 		ret = -ENOENT;
8225 		goto exit;
8226 	}
8227 
8228 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
8229 
8230 	spin_lock_bh(&ar->data_lock);
8231 	memcpy(survey, ar_survey, sizeof(*survey));
8232 	spin_unlock_bh(&ar->data_lock);
8233 
8234 	survey->channel = &sband->channels[idx];
8235 
8236 	if (ar->rx_channel == survey->channel)
8237 		survey->filled |= SURVEY_INFO_IN_USE;
8238 
8239 exit:
8240 	mutex_unlock(&ar->conf_mutex);
8241 	return ret;
8242 }
8243 
8244 static bool
8245 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
8246 				       enum nl80211_band band,
8247 				       const struct cfg80211_bitrate_mask *mask,
8248 				       int *nss)
8249 {
8250 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
8251 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8252 	u8 ht_nss_mask = 0;
8253 	u8 vht_nss_mask = 0;
8254 	int i;
8255 
8256 	if (mask->control[band].legacy)
8257 		return false;
8258 
8259 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
8260 		if (mask->control[band].ht_mcs[i] == 0)
8261 			continue;
8262 		else if (mask->control[band].ht_mcs[i] ==
8263 			 sband->ht_cap.mcs.rx_mask[i])
8264 			ht_nss_mask |= BIT(i);
8265 		else
8266 			return false;
8267 	}
8268 
8269 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
8270 		if (mask->control[band].vht_mcs[i] == 0)
8271 			continue;
8272 		else if (mask->control[band].vht_mcs[i] ==
8273 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
8274 			vht_nss_mask |= BIT(i);
8275 		else
8276 			return false;
8277 	}
8278 
8279 	if (ht_nss_mask != vht_nss_mask)
8280 		return false;
8281 
8282 	if (ht_nss_mask == 0)
8283 		return false;
8284 
8285 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
8286 		return false;
8287 
8288 	*nss = fls(ht_nss_mask);
8289 
8290 	return true;
8291 }
8292 
8293 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
8294 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
8295 {
8296 	struct ath10k *ar = arvif->ar;
8297 	u32 vdev_param;
8298 	int ret;
8299 
8300 	lockdep_assert_held(&ar->conf_mutex);
8301 
8302 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02x nss %u sgi %u\n",
8303 		   arvif->vdev_id, rate, nss, sgi);
8304 
8305 	vdev_param = ar->wmi.vdev_param->fixed_rate;
8306 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
8307 	if (ret) {
8308 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
8309 			    rate, ret);
8310 		return ret;
8311 	}
8312 
8313 	vdev_param = ar->wmi.vdev_param->nss;
8314 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
8315 	if (ret) {
8316 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
8317 		return ret;
8318 	}
8319 
8320 	vdev_param = ar->wmi.vdev_param->sgi;
8321 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
8322 	if (ret) {
8323 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
8324 		return ret;
8325 	}
8326 
8327 	vdev_param = ar->wmi.vdev_param->ldpc;
8328 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
8329 	if (ret) {
8330 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
8331 		return ret;
8332 	}
8333 
8334 	return 0;
8335 }
8336 
8337 static bool
8338 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
8339 				enum nl80211_band band,
8340 				const struct cfg80211_bitrate_mask *mask,
8341 				bool allow_pfr)
8342 {
8343 	int i;
8344 	u16 vht_mcs;
8345 
8346 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
8347 	 * to express all VHT MCS rate masks. Effectively only the following
8348 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
8349 	 */
8350 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8351 		vht_mcs = mask->control[band].vht_mcs[i];
8352 
8353 		switch (vht_mcs) {
8354 		case 0:
8355 		case BIT(8) - 1:
8356 		case BIT(9) - 1:
8357 		case BIT(10) - 1:
8358 			break;
8359 		default:
8360 			if (!allow_pfr)
8361 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
8362 			return false;
8363 		}
8364 	}
8365 
8366 	return true;
8367 }
8368 
8369 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
8370 						  struct ath10k_vif *arvif,
8371 						  struct ieee80211_sta *sta)
8372 {
8373 	int err;
8374 	u8 rate = arvif->vht_pfr;
8375 
8376 	/* skip non vht and multiple rate peers */
8377 	if (!sta->deflink.vht_cap.vht_supported || arvif->vht_num_rates != 1)
8378 		return false;
8379 
8380 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8381 					WMI_PEER_PARAM_FIXED_RATE, rate);
8382 	if (err)
8383 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
8384 			    sta->addr, err);
8385 
8386 	return true;
8387 }
8388 
8389 static void ath10k_mac_set_bitrate_mask_iter(void *data,
8390 					     struct ieee80211_sta *sta)
8391 {
8392 	struct ath10k_vif *arvif = data;
8393 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8394 	struct ath10k *ar = arvif->ar;
8395 
8396 	if (arsta->arvif != arvif)
8397 		return;
8398 
8399 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
8400 		return;
8401 
8402 	spin_lock_bh(&ar->data_lock);
8403 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
8404 	spin_unlock_bh(&ar->data_lock);
8405 
8406 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
8407 }
8408 
8409 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
8410 					     struct ieee80211_sta *sta)
8411 {
8412 	struct ath10k_vif *arvif = data;
8413 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8414 	struct ath10k *ar = arvif->ar;
8415 	int err;
8416 
8417 	/* clear vht peers only */
8418 	if (arsta->arvif != arvif || !sta->deflink.vht_cap.vht_supported)
8419 		return;
8420 
8421 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8422 					WMI_PEER_PARAM_FIXED_RATE,
8423 					WMI_FIXED_RATE_NONE);
8424 	if (err)
8425 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
8426 			    sta->addr, err);
8427 }
8428 
8429 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
8430 					  struct ieee80211_vif *vif,
8431 					  const struct cfg80211_bitrate_mask *mask)
8432 {
8433 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8434 	struct cfg80211_chan_def def;
8435 	struct ath10k *ar = arvif->ar;
8436 	enum nl80211_band band;
8437 	const u8 *ht_mcs_mask;
8438 	const u16 *vht_mcs_mask;
8439 	u8 rate;
8440 	u8 nss;
8441 	u8 sgi;
8442 	u8 ldpc;
8443 	int single_nss;
8444 	int ret;
8445 	int vht_num_rates, allow_pfr;
8446 	u8 vht_pfr;
8447 	bool update_bitrate_mask = true;
8448 
8449 	if (ath10k_mac_vif_chan(vif, &def))
8450 		return -EPERM;
8451 
8452 	band = def.chan->band;
8453 	ht_mcs_mask = mask->control[band].ht_mcs;
8454 	vht_mcs_mask = mask->control[band].vht_mcs;
8455 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
8456 
8457 	sgi = mask->control[band].gi;
8458 	if (sgi == NL80211_TXRATE_FORCE_LGI)
8459 		return -EINVAL;
8460 
8461 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
8462 			     ar->normal_mode_fw.fw_file.fw_features);
8463 	if (allow_pfr) {
8464 		mutex_lock(&ar->conf_mutex);
8465 		ieee80211_iterate_stations_atomic(ar->hw,
8466 						  ath10k_mac_clr_bitrate_mask_iter,
8467 						  arvif);
8468 		mutex_unlock(&ar->conf_mutex);
8469 	}
8470 
8471 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
8472 						    &vht_num_rates)) {
8473 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8474 							      &rate, &nss,
8475 							      false);
8476 		if (ret) {
8477 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
8478 				    arvif->vdev_id, ret);
8479 			return ret;
8480 		}
8481 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
8482 							  &single_nss)) {
8483 		rate = WMI_FIXED_RATE_NONE;
8484 		nss = single_nss;
8485 	} else {
8486 		rate = WMI_FIXED_RATE_NONE;
8487 		nss = min(ar->num_rf_chains,
8488 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
8489 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
8490 
8491 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
8492 						     allow_pfr)) {
8493 			u8 vht_nss;
8494 
8495 			if (!allow_pfr || vht_num_rates != 1)
8496 				return -EINVAL;
8497 
8498 			/* Reach here, firmware supports peer fixed rate and has
8499 			 * single vht rate, and don't update vif birate_mask, as
8500 			 * the rate only for specific peer.
8501 			 */
8502 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8503 								&vht_pfr,
8504 								&vht_nss,
8505 								true);
8506 			update_bitrate_mask = false;
8507 		} else {
8508 			vht_pfr = 0;
8509 		}
8510 
8511 		mutex_lock(&ar->conf_mutex);
8512 
8513 		if (update_bitrate_mask)
8514 			arvif->bitrate_mask = *mask;
8515 		arvif->vht_num_rates = vht_num_rates;
8516 		arvif->vht_pfr = vht_pfr;
8517 		ieee80211_iterate_stations_atomic(ar->hw,
8518 						  ath10k_mac_set_bitrate_mask_iter,
8519 						  arvif);
8520 
8521 		mutex_unlock(&ar->conf_mutex);
8522 	}
8523 
8524 	mutex_lock(&ar->conf_mutex);
8525 
8526 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
8527 	if (ret) {
8528 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
8529 			    arvif->vdev_id, ret);
8530 		goto exit;
8531 	}
8532 
8533 exit:
8534 	mutex_unlock(&ar->conf_mutex);
8535 
8536 	return ret;
8537 }
8538 
8539 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
8540 				 struct ieee80211_vif *vif,
8541 				 struct ieee80211_link_sta *link_sta,
8542 				 u32 changed)
8543 {
8544 	struct ieee80211_sta *sta = link_sta->sta;
8545 	struct ath10k *ar = hw->priv;
8546 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8547 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8548 	struct ath10k_peer *peer;
8549 	u32 bw, smps;
8550 
8551 	spin_lock_bh(&ar->data_lock);
8552 
8553 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
8554 	if (!peer) {
8555 		spin_unlock_bh(&ar->data_lock);
8556 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
8557 			    sta->addr, arvif->vdev_id);
8558 		return;
8559 	}
8560 
8561 	ath10k_dbg(ar, ATH10K_DBG_STA,
8562 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
8563 		   sta->addr, changed, sta->deflink.bandwidth,
8564 		   sta->deflink.rx_nss,
8565 		   sta->deflink.smps_mode);
8566 
8567 	if (changed & IEEE80211_RC_BW_CHANGED) {
8568 		bw = WMI_PEER_CHWIDTH_20MHZ;
8569 
8570 		switch (sta->deflink.bandwidth) {
8571 		case IEEE80211_STA_RX_BW_20:
8572 			bw = WMI_PEER_CHWIDTH_20MHZ;
8573 			break;
8574 		case IEEE80211_STA_RX_BW_40:
8575 			bw = WMI_PEER_CHWIDTH_40MHZ;
8576 			break;
8577 		case IEEE80211_STA_RX_BW_80:
8578 			bw = WMI_PEER_CHWIDTH_80MHZ;
8579 			break;
8580 		case IEEE80211_STA_RX_BW_160:
8581 			bw = WMI_PEER_CHWIDTH_160MHZ;
8582 			break;
8583 		default:
8584 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
8585 				    sta->deflink.bandwidth, sta->addr);
8586 			bw = WMI_PEER_CHWIDTH_20MHZ;
8587 			break;
8588 		}
8589 
8590 		arsta->bw = bw;
8591 	}
8592 
8593 	if (changed & IEEE80211_RC_NSS_CHANGED)
8594 		arsta->nss = sta->deflink.rx_nss;
8595 
8596 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
8597 		smps = WMI_PEER_SMPS_PS_NONE;
8598 
8599 		switch (sta->deflink.smps_mode) {
8600 		case IEEE80211_SMPS_AUTOMATIC:
8601 		case IEEE80211_SMPS_OFF:
8602 			smps = WMI_PEER_SMPS_PS_NONE;
8603 			break;
8604 		case IEEE80211_SMPS_STATIC:
8605 			smps = WMI_PEER_SMPS_STATIC;
8606 			break;
8607 		case IEEE80211_SMPS_DYNAMIC:
8608 			smps = WMI_PEER_SMPS_DYNAMIC;
8609 			break;
8610 		case IEEE80211_SMPS_NUM_MODES:
8611 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
8612 				    sta->deflink.smps_mode, sta->addr);
8613 			smps = WMI_PEER_SMPS_PS_NONE;
8614 			break;
8615 		}
8616 
8617 		arsta->smps = smps;
8618 	}
8619 
8620 	arsta->changed |= changed;
8621 
8622 	spin_unlock_bh(&ar->data_lock);
8623 
8624 	ieee80211_queue_work(hw, &arsta->update_wk);
8625 }
8626 
8627 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
8628 			      struct ieee80211_vif *vif, s64 tsf_offset)
8629 {
8630 	struct ath10k *ar = hw->priv;
8631 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8632 	u32 offset, vdev_param;
8633 	int ret;
8634 
8635 	if (tsf_offset < 0) {
8636 		vdev_param = ar->wmi.vdev_param->dec_tsf;
8637 		offset = -tsf_offset;
8638 	} else {
8639 		vdev_param = ar->wmi.vdev_param->inc_tsf;
8640 		offset = tsf_offset;
8641 	}
8642 
8643 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
8644 					vdev_param, offset);
8645 
8646 	if (ret && ret != -EOPNOTSUPP)
8647 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
8648 			    offset, vdev_param, ret);
8649 }
8650 
8651 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
8652 			       struct ieee80211_vif *vif,
8653 			       struct ieee80211_ampdu_params *params)
8654 {
8655 	struct ath10k *ar = hw->priv;
8656 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8657 	struct ieee80211_sta *sta = params->sta;
8658 	enum ieee80211_ampdu_mlme_action action = params->action;
8659 	u16 tid = params->tid;
8660 
8661 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %u action %d\n",
8662 		   arvif->vdev_id, sta->addr, tid, action);
8663 
8664 	switch (action) {
8665 	case IEEE80211_AMPDU_RX_START:
8666 	case IEEE80211_AMPDU_RX_STOP:
8667 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
8668 		 * creation/removal. Do we need to verify this?
8669 		 */
8670 		return 0;
8671 	case IEEE80211_AMPDU_TX_START:
8672 	case IEEE80211_AMPDU_TX_STOP_CONT:
8673 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
8674 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
8675 	case IEEE80211_AMPDU_TX_OPERATIONAL:
8676 		/* Firmware offloads Tx aggregation entirely so deny mac80211
8677 		 * Tx aggregation requests.
8678 		 */
8679 		return -EOPNOTSUPP;
8680 	}
8681 
8682 	return -EINVAL;
8683 }
8684 
8685 static void
8686 ath10k_mac_update_rx_channel(struct ath10k *ar,
8687 			     struct ieee80211_chanctx_conf *ctx,
8688 			     struct ieee80211_vif_chanctx_switch *vifs,
8689 			     int n_vifs)
8690 {
8691 	struct cfg80211_chan_def *def = NULL;
8692 
8693 	/* Both locks are required because ar->rx_channel is modified. This
8694 	 * allows readers to hold either lock.
8695 	 */
8696 	lockdep_assert_held(&ar->conf_mutex);
8697 	lockdep_assert_held(&ar->data_lock);
8698 
8699 	WARN_ON(ctx && vifs);
8700 	WARN_ON(vifs && !n_vifs);
8701 
8702 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
8703 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
8704 	 * ppdu on Rx may reduce performance on low-end systems. It should be
8705 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
8706 	 * cpu data cache lines though regarding sizes) but to keep the initial
8707 	 * implementation simple and less intrusive fallback to the slow lookup
8708 	 * only for multi-channel cases. Single-channel cases will remain to
8709 	 * use the old channel derival and thus performance should not be
8710 	 * affected much.
8711 	 */
8712 	rcu_read_lock();
8713 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
8714 		ieee80211_iter_chan_contexts_atomic(ar->hw,
8715 						    ath10k_mac_get_any_chandef_iter,
8716 						    &def);
8717 
8718 		if (vifs)
8719 			def = &vifs[0].new_ctx->def;
8720 
8721 		ar->rx_channel = def->chan;
8722 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
8723 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
8724 		/* During driver restart due to firmware assert, since mac80211
8725 		 * already has valid channel context for given radio, channel
8726 		 * context iteration return num_chanctx > 0. So fix rx_channel
8727 		 * when restart is in progress.
8728 		 */
8729 		ar->rx_channel = ctx->def.chan;
8730 	} else {
8731 		ar->rx_channel = NULL;
8732 	}
8733 	rcu_read_unlock();
8734 }
8735 
8736 static void
8737 ath10k_mac_update_vif_chan(struct ath10k *ar,
8738 			   struct ieee80211_vif_chanctx_switch *vifs,
8739 			   int n_vifs)
8740 {
8741 	struct ath10k_vif *arvif;
8742 	int ret;
8743 	int i;
8744 
8745 	lockdep_assert_held(&ar->conf_mutex);
8746 
8747 	/* First stop monitor interface. Some FW versions crash if there's a
8748 	 * lone monitor interface.
8749 	 */
8750 	if (ar->monitor_started)
8751 		ath10k_monitor_stop(ar);
8752 
8753 	for (i = 0; i < n_vifs; i++) {
8754 		arvif = (void *)vifs[i].vif->drv_priv;
8755 
8756 		ath10k_dbg(ar, ATH10K_DBG_MAC,
8757 			   "mac chanctx switch vdev_id %i freq %u->%u width %d->%d\n",
8758 			   arvif->vdev_id,
8759 			   vifs[i].old_ctx->def.chan->center_freq,
8760 			   vifs[i].new_ctx->def.chan->center_freq,
8761 			   vifs[i].old_ctx->def.width,
8762 			   vifs[i].new_ctx->def.width);
8763 
8764 		if (WARN_ON(!arvif->is_started))
8765 			continue;
8766 
8767 		if (WARN_ON(!arvif->is_up))
8768 			continue;
8769 
8770 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8771 		if (ret) {
8772 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
8773 				    arvif->vdev_id, ret);
8774 			continue;
8775 		}
8776 	}
8777 
8778 	/* All relevant vdevs are downed and associated channel resources
8779 	 * should be available for the channel switch now.
8780 	 */
8781 
8782 	spin_lock_bh(&ar->data_lock);
8783 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
8784 	spin_unlock_bh(&ar->data_lock);
8785 
8786 	for (i = 0; i < n_vifs; i++) {
8787 		arvif = (void *)vifs[i].vif->drv_priv;
8788 
8789 		if (WARN_ON(!arvif->is_started))
8790 			continue;
8791 
8792 		if (WARN_ON(!arvif->is_up))
8793 			continue;
8794 
8795 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
8796 		if (ret)
8797 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
8798 				    ret);
8799 
8800 		ret = ath10k_mac_setup_prb_tmpl(arvif);
8801 		if (ret)
8802 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
8803 				    ret);
8804 
8805 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
8806 		if (ret) {
8807 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
8808 				    arvif->vdev_id, ret);
8809 			continue;
8810 		}
8811 
8812 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
8813 					 arvif->bssid);
8814 		if (ret) {
8815 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
8816 				    arvif->vdev_id, ret);
8817 			continue;
8818 		}
8819 	}
8820 
8821 	ath10k_monitor_recalc(ar);
8822 }
8823 
8824 static int
8825 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
8826 			  struct ieee80211_chanctx_conf *ctx)
8827 {
8828 	struct ath10k *ar = hw->priv;
8829 
8830 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8831 		   "mac chanctx add freq %u width %d ptr %p\n",
8832 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8833 
8834 	mutex_lock(&ar->conf_mutex);
8835 
8836 	spin_lock_bh(&ar->data_lock);
8837 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
8838 	spin_unlock_bh(&ar->data_lock);
8839 
8840 	ath10k_recalc_radar_detection(ar);
8841 	ath10k_monitor_recalc(ar);
8842 
8843 	mutex_unlock(&ar->conf_mutex);
8844 
8845 	return 0;
8846 }
8847 
8848 static void
8849 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
8850 			     struct ieee80211_chanctx_conf *ctx)
8851 {
8852 	struct ath10k *ar = hw->priv;
8853 
8854 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8855 		   "mac chanctx remove freq %u width %d ptr %p\n",
8856 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8857 
8858 	mutex_lock(&ar->conf_mutex);
8859 
8860 	spin_lock_bh(&ar->data_lock);
8861 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
8862 	spin_unlock_bh(&ar->data_lock);
8863 
8864 	ath10k_recalc_radar_detection(ar);
8865 	ath10k_monitor_recalc(ar);
8866 
8867 	mutex_unlock(&ar->conf_mutex);
8868 }
8869 
8870 struct ath10k_mac_change_chanctx_arg {
8871 	struct ieee80211_chanctx_conf *ctx;
8872 	struct ieee80211_vif_chanctx_switch *vifs;
8873 	int n_vifs;
8874 	int next_vif;
8875 };
8876 
8877 static void
8878 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8879 				   struct ieee80211_vif *vif)
8880 {
8881 	struct ath10k_mac_change_chanctx_arg *arg = data;
8882 
8883 	if (rcu_access_pointer(vif->bss_conf.chanctx_conf) != arg->ctx)
8884 		return;
8885 
8886 	arg->n_vifs++;
8887 }
8888 
8889 static void
8890 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8891 				    struct ieee80211_vif *vif)
8892 {
8893 	struct ath10k_mac_change_chanctx_arg *arg = data;
8894 	struct ieee80211_chanctx_conf *ctx;
8895 
8896 	ctx = rcu_access_pointer(vif->bss_conf.chanctx_conf);
8897 	if (ctx != arg->ctx)
8898 		return;
8899 
8900 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8901 		return;
8902 
8903 	arg->vifs[arg->next_vif].vif = vif;
8904 	arg->vifs[arg->next_vif].old_ctx = ctx;
8905 	arg->vifs[arg->next_vif].new_ctx = ctx;
8906 	arg->next_vif++;
8907 }
8908 
8909 static void
8910 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8911 			     struct ieee80211_chanctx_conf *ctx,
8912 			     u32 changed)
8913 {
8914 	struct ath10k *ar = hw->priv;
8915 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8916 
8917 	mutex_lock(&ar->conf_mutex);
8918 
8919 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8920 		   "mac chanctx change freq %u width %d ptr %p changed %x\n",
8921 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8922 
8923 	/* This shouldn't really happen because channel switching should use
8924 	 * switch_vif_chanctx().
8925 	 */
8926 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8927 		goto unlock;
8928 
8929 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8930 		ieee80211_iterate_active_interfaces_atomic(
8931 					hw,
8932 					ATH10K_ITER_NORMAL_FLAGS,
8933 					ath10k_mac_change_chanctx_cnt_iter,
8934 					&arg);
8935 		if (arg.n_vifs == 0)
8936 			goto radar;
8937 
8938 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8939 				   GFP_KERNEL);
8940 		if (!arg.vifs)
8941 			goto radar;
8942 
8943 		ieee80211_iterate_active_interfaces_atomic(
8944 					hw,
8945 					ATH10K_ITER_NORMAL_FLAGS,
8946 					ath10k_mac_change_chanctx_fill_iter,
8947 					&arg);
8948 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8949 		kfree(arg.vifs);
8950 	}
8951 
8952 radar:
8953 	ath10k_recalc_radar_detection(ar);
8954 
8955 	/* FIXME: How to configure Rx chains properly? */
8956 
8957 	/* No other actions are actually necessary. Firmware maintains channel
8958 	 * definitions per vdev internally and there's no host-side channel
8959 	 * context abstraction to configure, e.g. channel width.
8960 	 */
8961 
8962 unlock:
8963 	mutex_unlock(&ar->conf_mutex);
8964 }
8965 
8966 static int
8967 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8968 				 struct ieee80211_vif *vif,
8969 				 struct ieee80211_bss_conf *link_conf,
8970 				 struct ieee80211_chanctx_conf *ctx)
8971 {
8972 	struct ath10k *ar = hw->priv;
8973 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8974 	int ret;
8975 
8976 	mutex_lock(&ar->conf_mutex);
8977 
8978 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8979 		   "mac chanctx assign ptr %p vdev_id %i\n",
8980 		   ctx, arvif->vdev_id);
8981 
8982 	if (WARN_ON(arvif->is_started)) {
8983 		mutex_unlock(&ar->conf_mutex);
8984 		return -EBUSY;
8985 	}
8986 
8987 	ret = ath10k_vdev_start(arvif, &ctx->def);
8988 	if (ret) {
8989 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
8990 			    arvif->vdev_id, vif->addr,
8991 			    ctx->def.chan->center_freq, ret);
8992 		goto err;
8993 	}
8994 
8995 	arvif->is_started = true;
8996 
8997 	ret = ath10k_mac_vif_setup_ps(arvif);
8998 	if (ret) {
8999 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
9000 			    arvif->vdev_id, ret);
9001 		goto err_stop;
9002 	}
9003 
9004 	if (vif->type == NL80211_IFTYPE_MONITOR) {
9005 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
9006 		if (ret) {
9007 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
9008 				    arvif->vdev_id, ret);
9009 			goto err_stop;
9010 		}
9011 
9012 		arvif->is_up = true;
9013 	}
9014 
9015 	if (ath10k_mac_can_set_cts_prot(arvif)) {
9016 		ret = ath10k_mac_set_cts_prot(arvif);
9017 		if (ret)
9018 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
9019 				    arvif->vdev_id, ret);
9020 	}
9021 
9022 	if (ath10k_peer_stats_enabled(ar) &&
9023 	    ar->hw_params.tx_stats_over_pktlog) {
9024 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
9025 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
9026 						    ar->pktlog_filter);
9027 		if (ret) {
9028 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
9029 			goto err_stop;
9030 		}
9031 	}
9032 
9033 	mutex_unlock(&ar->conf_mutex);
9034 	return 0;
9035 
9036 err_stop:
9037 	ath10k_vdev_stop(arvif);
9038 	arvif->is_started = false;
9039 	ath10k_mac_vif_setup_ps(arvif);
9040 
9041 err:
9042 	mutex_unlock(&ar->conf_mutex);
9043 	return ret;
9044 }
9045 
9046 static void
9047 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
9048 				   struct ieee80211_vif *vif,
9049 				   struct ieee80211_bss_conf *link_conf,
9050 				   struct ieee80211_chanctx_conf *ctx)
9051 {
9052 	struct ath10k *ar = hw->priv;
9053 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9054 	int ret;
9055 
9056 	mutex_lock(&ar->conf_mutex);
9057 
9058 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9059 		   "mac chanctx unassign ptr %p vdev_id %i\n",
9060 		   ctx, arvif->vdev_id);
9061 
9062 	WARN_ON(!arvif->is_started);
9063 
9064 	if (vif->type == NL80211_IFTYPE_MONITOR) {
9065 		WARN_ON(!arvif->is_up);
9066 
9067 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
9068 		if (ret)
9069 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
9070 				    arvif->vdev_id, ret);
9071 
9072 		arvif->is_up = false;
9073 	}
9074 
9075 	ret = ath10k_vdev_stop(arvif);
9076 	if (ret)
9077 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
9078 			    arvif->vdev_id, ret);
9079 
9080 	arvif->is_started = false;
9081 
9082 	mutex_unlock(&ar->conf_mutex);
9083 }
9084 
9085 static int
9086 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
9087 				 struct ieee80211_vif_chanctx_switch *vifs,
9088 				 int n_vifs,
9089 				 enum ieee80211_chanctx_switch_mode mode)
9090 {
9091 	struct ath10k *ar = hw->priv;
9092 
9093 	mutex_lock(&ar->conf_mutex);
9094 
9095 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9096 		   "mac chanctx switch n_vifs %d mode %d\n",
9097 		   n_vifs, mode);
9098 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
9099 
9100 	mutex_unlock(&ar->conf_mutex);
9101 	return 0;
9102 }
9103 
9104 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
9105 					     struct ieee80211_vif *vif,
9106 					     struct ieee80211_sta *sta)
9107 {
9108 	struct ath10k *ar;
9109 	struct ath10k_peer *peer;
9110 
9111 	ar = hw->priv;
9112 
9113 	list_for_each_entry(peer, &ar->peers, list)
9114 		if (peer->sta == sta)
9115 			peer->removed = true;
9116 }
9117 
9118 /* HT MCS parameters with Nss = 1 */
9119 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss1[] = {
9120 	/* MCS  L20   L40   S20  S40 */
9121 	{0,  { 65,  135,  72,  150} },
9122 	{1,  { 130, 270,  144, 300} },
9123 	{2,  { 195, 405,  217, 450} },
9124 	{3,  { 260, 540,  289, 600} },
9125 	{4,  { 390, 810,  433, 900} },
9126 	{5,  { 520, 1080, 578, 1200} },
9127 	{6,  { 585, 1215, 650, 1350} },
9128 	{7,  { 650, 1350, 722, 1500} }
9129 };
9130 
9131 /* HT MCS parameters with Nss = 2 */
9132 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss2[] = {
9133 	/* MCS  L20    L40   S20   S40 */
9134 	{0,  {130,  270,  144,  300} },
9135 	{1,  {260,  540,  289,  600} },
9136 	{2,  {390,  810,  433,  900} },
9137 	{3,  {520,  1080, 578,  1200} },
9138 	{4,  {780,  1620, 867,  1800} },
9139 	{5,  {1040, 2160, 1156, 2400} },
9140 	{6,  {1170, 2430, 1300, 2700} },
9141 	{7,  {1300, 2700, 1444, 3000} }
9142 };
9143 
9144 /* MCS parameters with Nss = 1 */
9145 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[] = {
9146 	/* MCS  L80    S80     L40   S40    L20   S20 */
9147 	{0,  {293,  325},  {135,  150},  {65,   72} },
9148 	{1,  {585,  650},  {270,  300},  {130,  144} },
9149 	{2,  {878,  975},  {405,  450},  {195,  217} },
9150 	{3,  {1170, 1300}, {540,  600},  {260,  289} },
9151 	{4,  {1755, 1950}, {810,  900},  {390,  433} },
9152 	{5,  {2340, 2600}, {1080, 1200}, {520,  578} },
9153 	{6,  {2633, 2925}, {1215, 1350}, {585,  650} },
9154 	{7,  {2925, 3250}, {1350, 1500}, {650,  722} },
9155 	{8,  {3510, 3900}, {1620, 1800}, {780,  867} },
9156 	{9,  {3900, 4333}, {1800, 2000}, {865,  960} }
9157 };
9158 
9159 /*MCS parameters with Nss = 2 */
9160 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[] = {
9161 	/* MCS  L80    S80     L40   S40    L20   S20 */
9162 	{0,  {585,  650},  {270,  300},  {130,  144} },
9163 	{1,  {1170, 1300}, {540,  600},  {260,  289} },
9164 	{2,  {1755, 1950}, {810,  900},  {390,  433} },
9165 	{3,  {2340, 2600}, {1080, 1200}, {520,  578} },
9166 	{4,  {3510, 3900}, {1620, 1800}, {780,  867} },
9167 	{5,  {4680, 5200}, {2160, 2400}, {1040, 1156} },
9168 	{6,  {5265, 5850}, {2430, 2700}, {1170, 1300} },
9169 	{7,  {5850, 6500}, {2700, 3000}, {1300, 1444} },
9170 	{8,  {7020, 7800}, {3240, 3600}, {1560, 1733} },
9171 	{9,  {7800, 8667}, {3600, 4000}, {1730, 1920} }
9172 };
9173 
9174 static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9175 					 u8 *flags, u8 *bw)
9176 {
9177 	struct ath10k_index_ht_data_rate_type *mcs_rate;
9178 	u8 index;
9179 	size_t len_nss1 = ARRAY_SIZE(supported_ht_mcs_rate_nss1);
9180 	size_t len_nss2 = ARRAY_SIZE(supported_ht_mcs_rate_nss2);
9181 
9182 	if (mcs >= (len_nss1 + len_nss2)) {
9183 		ath10k_warn(ar, "not supported mcs %d in current rate table", mcs);
9184 		return;
9185 	}
9186 
9187 	mcs_rate = (struct ath10k_index_ht_data_rate_type *)
9188 		   ((nss == 1) ? &supported_ht_mcs_rate_nss1 :
9189 		   &supported_ht_mcs_rate_nss2);
9190 
9191 	if (mcs >= len_nss1)
9192 		index = mcs - len_nss1;
9193 	else
9194 		index = mcs;
9195 
9196 	if (rate == mcs_rate[index].supported_rate[0]) {
9197 		*bw = RATE_INFO_BW_20;
9198 	} else if (rate == mcs_rate[index].supported_rate[1]) {
9199 		*bw |= RATE_INFO_BW_40;
9200 	} else if (rate == mcs_rate[index].supported_rate[2]) {
9201 		*bw |= RATE_INFO_BW_20;
9202 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9203 	} else if (rate == mcs_rate[index].supported_rate[3]) {
9204 		*bw |= RATE_INFO_BW_40;
9205 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9206 	} else {
9207 		ath10k_warn(ar, "invalid ht params rate %d 100kbps nss %d mcs %d",
9208 			    rate, nss, mcs);
9209 	}
9210 }
9211 
9212 static void ath10k_mac_get_rate_flags_vht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9213 					  u8 *flags, u8 *bw)
9214 {
9215 	struct ath10k_index_vht_data_rate_type *mcs_rate;
9216 
9217 	mcs_rate = (struct ath10k_index_vht_data_rate_type *)
9218 		   ((nss == 1) ? &supported_vht_mcs_rate_nss1 :
9219 		   &supported_vht_mcs_rate_nss2);
9220 
9221 	if (rate == mcs_rate[mcs].supported_VHT80_rate[0]) {
9222 		*bw = RATE_INFO_BW_80;
9223 	} else if (rate == mcs_rate[mcs].supported_VHT80_rate[1]) {
9224 		*bw = RATE_INFO_BW_80;
9225 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9226 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[0]) {
9227 		*bw = RATE_INFO_BW_40;
9228 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[1]) {
9229 		*bw = RATE_INFO_BW_40;
9230 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9231 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[0]) {
9232 		*bw = RATE_INFO_BW_20;
9233 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[1]) {
9234 		*bw = RATE_INFO_BW_20;
9235 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9236 	} else {
9237 		ath10k_warn(ar, "invalid vht params rate %d 100kbps nss %d mcs %d",
9238 			    rate, nss, mcs);
9239 	}
9240 }
9241 
9242 static void ath10k_mac_get_rate_flags(struct ath10k *ar, u32 rate,
9243 				      enum ath10k_phy_mode mode, u8 nss, u8 mcs,
9244 				      u8 *flags, u8 *bw)
9245 {
9246 	if (mode == ATH10K_PHY_MODE_HT) {
9247 		*flags = RATE_INFO_FLAGS_MCS;
9248 		ath10k_mac_get_rate_flags_ht(ar, rate, nss, mcs, flags, bw);
9249 	} else if (mode == ATH10K_PHY_MODE_VHT) {
9250 		*flags = RATE_INFO_FLAGS_VHT_MCS;
9251 		ath10k_mac_get_rate_flags_vht(ar, rate, nss, mcs, flags, bw);
9252 	}
9253 }
9254 
9255 static void ath10k_mac_parse_bitrate(struct ath10k *ar, u32 rate_code,
9256 				     u32 bitrate_kbps, struct rate_info *rate)
9257 {
9258 	enum ath10k_phy_mode mode = ATH10K_PHY_MODE_LEGACY;
9259 	enum wmi_rate_preamble preamble = WMI_TLV_GET_HW_RC_PREAM_V1(rate_code);
9260 	u8 nss = WMI_TLV_GET_HW_RC_NSS_V1(rate_code) + 1;
9261 	u8 mcs = WMI_TLV_GET_HW_RC_RATE_V1(rate_code);
9262 	u8 flags = 0, bw = 0;
9263 
9264 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac parse rate code 0x%x bitrate %d kbps\n",
9265 		   rate_code, bitrate_kbps);
9266 
9267 	if (preamble == WMI_RATE_PREAMBLE_HT)
9268 		mode = ATH10K_PHY_MODE_HT;
9269 	else if (preamble == WMI_RATE_PREAMBLE_VHT)
9270 		mode = ATH10K_PHY_MODE_VHT;
9271 
9272 	ath10k_mac_get_rate_flags(ar, bitrate_kbps / 100, mode, nss, mcs, &flags, &bw);
9273 
9274 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9275 		   "mac parse bitrate preamble %d mode %d nss %d mcs %d flags %x bw %d\n",
9276 		   preamble, mode, nss, mcs, flags, bw);
9277 
9278 	rate->flags = flags;
9279 	rate->bw = bw;
9280 	rate->legacy = bitrate_kbps / 100;
9281 	rate->nss = nss;
9282 	rate->mcs = mcs;
9283 }
9284 
9285 static void ath10k_mac_sta_get_peer_stats_info(struct ath10k *ar,
9286 					       struct ieee80211_sta *sta,
9287 					       struct station_info *sinfo)
9288 {
9289 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9290 	struct ath10k_peer *peer;
9291 	unsigned long time_left;
9292 	int ret;
9293 
9294 	if (!(ar->hw_params.supports_peer_stats_info &&
9295 	      arsta->arvif->vdev_type == WMI_VDEV_TYPE_STA))
9296 		return;
9297 
9298 	spin_lock_bh(&ar->data_lock);
9299 	peer = ath10k_peer_find(ar, arsta->arvif->vdev_id, sta->addr);
9300 	spin_unlock_bh(&ar->data_lock);
9301 	if (!peer)
9302 		return;
9303 
9304 	reinit_completion(&ar->peer_stats_info_complete);
9305 
9306 	ret = ath10k_wmi_request_peer_stats_info(ar,
9307 						 arsta->arvif->vdev_id,
9308 						 WMI_REQUEST_ONE_PEER_STATS_INFO,
9309 						 arsta->arvif->bssid,
9310 						 0);
9311 	if (ret && ret != -EOPNOTSUPP) {
9312 		ath10k_warn(ar, "could not request peer stats info: %d\n", ret);
9313 		return;
9314 	}
9315 
9316 	time_left = wait_for_completion_timeout(&ar->peer_stats_info_complete, 3 * HZ);
9317 	if (time_left == 0) {
9318 		ath10k_warn(ar, "timed out waiting peer stats info\n");
9319 		return;
9320 	}
9321 
9322 	if (arsta->rx_rate_code != 0 && arsta->rx_bitrate_kbps != 0) {
9323 		ath10k_mac_parse_bitrate(ar, arsta->rx_rate_code,
9324 					 arsta->rx_bitrate_kbps,
9325 					 &sinfo->rxrate);
9326 
9327 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
9328 		arsta->rx_rate_code = 0;
9329 		arsta->rx_bitrate_kbps = 0;
9330 	}
9331 
9332 	if (arsta->tx_rate_code != 0 && arsta->tx_bitrate_kbps != 0) {
9333 		ath10k_mac_parse_bitrate(ar, arsta->tx_rate_code,
9334 					 arsta->tx_bitrate_kbps,
9335 					 &sinfo->txrate);
9336 
9337 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9338 		arsta->tx_rate_code = 0;
9339 		arsta->tx_bitrate_kbps = 0;
9340 	}
9341 }
9342 
9343 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
9344 				  struct ieee80211_vif *vif,
9345 				  struct ieee80211_sta *sta,
9346 				  struct station_info *sinfo)
9347 {
9348 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9349 	struct ath10k *ar = arsta->arvif->ar;
9350 
9351 	if (!ath10k_peer_stats_enabled(ar))
9352 		return;
9353 
9354 	mutex_lock(&ar->conf_mutex);
9355 	ath10k_debug_fw_stats_request(ar);
9356 	mutex_unlock(&ar->conf_mutex);
9357 
9358 	sinfo->rx_duration = arsta->rx_duration;
9359 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
9360 
9361 	if (arsta->txrate.legacy || arsta->txrate.nss) {
9362 		if (arsta->txrate.legacy) {
9363 			sinfo->txrate.legacy = arsta->txrate.legacy;
9364 		} else {
9365 			sinfo->txrate.mcs = arsta->txrate.mcs;
9366 			sinfo->txrate.nss = arsta->txrate.nss;
9367 			sinfo->txrate.bw = arsta->txrate.bw;
9368 		}
9369 		sinfo->txrate.flags = arsta->txrate.flags;
9370 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9371 	}
9372 
9373 	if (ar->htt.disable_tx_comp) {
9374 		sinfo->tx_failed = arsta->tx_failed;
9375 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
9376 	}
9377 
9378 	sinfo->tx_retries = arsta->tx_retries;
9379 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
9380 
9381 	ath10k_mac_sta_get_peer_stats_info(ar, sta, sinfo);
9382 }
9383 
9384 static int ath10k_mac_op_set_tid_config(struct ieee80211_hw *hw,
9385 					struct ieee80211_vif *vif,
9386 					struct ieee80211_sta *sta,
9387 					struct cfg80211_tid_config *tid_config)
9388 {
9389 	struct ath10k *ar = hw->priv;
9390 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9391 	struct ath10k_mac_iter_tid_conf_data data = {};
9392 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
9393 	int ret, i;
9394 
9395 	mutex_lock(&ar->conf_mutex);
9396 	arg.vdev_id = arvif->vdev_id;
9397 
9398 	arvif->tids_rst = 0;
9399 	memset(arvif->tid_conf_changed, 0, sizeof(arvif->tid_conf_changed));
9400 
9401 	for (i = 0; i < tid_config->n_tid_conf; i++) {
9402 		ret = ath10k_mac_parse_tid_config(ar, sta, vif,
9403 						  &tid_config->tid_conf[i],
9404 						  &arg);
9405 		if (ret)
9406 			goto exit;
9407 	}
9408 
9409 	ret = 0;
9410 
9411 	if (sta)
9412 		goto exit;
9413 
9414 	arvif->tids_rst = 0;
9415 	data.curr_vif = vif;
9416 	data.ar = ar;
9417 
9418 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9419 					  &data);
9420 
9421 exit:
9422 	mutex_unlock(&ar->conf_mutex);
9423 	return ret;
9424 }
9425 
9426 static int ath10k_mac_op_reset_tid_config(struct ieee80211_hw *hw,
9427 					  struct ieee80211_vif *vif,
9428 					  struct ieee80211_sta *sta,
9429 					  u8 tids)
9430 {
9431 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9432 	struct ath10k_mac_iter_tid_conf_data data = {};
9433 	struct ath10k *ar = hw->priv;
9434 	int ret = 0;
9435 
9436 	mutex_lock(&ar->conf_mutex);
9437 
9438 	if (sta) {
9439 		arvif->tids_rst = 0;
9440 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif, tids);
9441 		goto exit;
9442 	}
9443 
9444 	arvif->tids_rst = tids;
9445 	data.curr_vif = vif;
9446 	data.ar = ar;
9447 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9448 					  &data);
9449 
9450 exit:
9451 	mutex_unlock(&ar->conf_mutex);
9452 	return ret;
9453 }
9454 
9455 static const struct ieee80211_ops ath10k_ops = {
9456 	.tx				= ath10k_mac_op_tx,
9457 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
9458 	.start				= ath10k_start,
9459 	.stop				= ath10k_stop,
9460 	.config				= ath10k_config,
9461 	.add_interface			= ath10k_add_interface,
9462 	.update_vif_offload		= ath10k_update_vif_offload,
9463 	.remove_interface		= ath10k_remove_interface,
9464 	.configure_filter		= ath10k_configure_filter,
9465 	.bss_info_changed		= ath10k_bss_info_changed,
9466 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
9467 	.hw_scan			= ath10k_hw_scan,
9468 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
9469 	.set_key			= ath10k_set_key,
9470 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
9471 	.sta_state			= ath10k_sta_state,
9472 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
9473 	.conf_tx			= ath10k_conf_tx,
9474 	.remain_on_channel		= ath10k_remain_on_channel,
9475 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
9476 	.set_rts_threshold		= ath10k_set_rts_threshold,
9477 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
9478 	.flush				= ath10k_flush,
9479 	.tx_last_beacon			= ath10k_tx_last_beacon,
9480 	.set_antenna			= ath10k_set_antenna,
9481 	.get_antenna			= ath10k_get_antenna,
9482 	.reconfig_complete		= ath10k_reconfig_complete,
9483 	.get_survey			= ath10k_get_survey,
9484 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
9485 	.link_sta_rc_update		= ath10k_sta_rc_update,
9486 	.offset_tsf			= ath10k_offset_tsf,
9487 	.ampdu_action			= ath10k_ampdu_action,
9488 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
9489 	.get_et_stats			= ath10k_debug_get_et_stats,
9490 	.get_et_strings			= ath10k_debug_get_et_strings,
9491 	.add_chanctx			= ath10k_mac_op_add_chanctx,
9492 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
9493 	.change_chanctx			= ath10k_mac_op_change_chanctx,
9494 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
9495 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
9496 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
9497 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
9498 	.sta_statistics			= ath10k_sta_statistics,
9499 	.set_tid_config			= ath10k_mac_op_set_tid_config,
9500 	.reset_tid_config		= ath10k_mac_op_reset_tid_config,
9501 
9502 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
9503 
9504 #ifdef CONFIG_PM
9505 	.suspend			= ath10k_wow_op_suspend,
9506 	.resume				= ath10k_wow_op_resume,
9507 	.set_wakeup			= ath10k_wow_op_set_wakeup,
9508 #endif
9509 #ifdef CONFIG_MAC80211_DEBUGFS
9510 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
9511 #endif
9512 	.set_sar_specs			= ath10k_mac_set_sar_specs,
9513 };
9514 
9515 #define CHAN2G(_channel, _freq, _flags) { \
9516 	.band			= NL80211_BAND_2GHZ, \
9517 	.hw_value		= (_channel), \
9518 	.center_freq		= (_freq), \
9519 	.flags			= (_flags), \
9520 	.max_antenna_gain	= 0, \
9521 	.max_power		= 30, \
9522 }
9523 
9524 #define CHAN5G(_channel, _freq, _flags) { \
9525 	.band			= NL80211_BAND_5GHZ, \
9526 	.hw_value		= (_channel), \
9527 	.center_freq		= (_freq), \
9528 	.flags			= (_flags), \
9529 	.max_antenna_gain	= 0, \
9530 	.max_power		= 30, \
9531 }
9532 
9533 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
9534 	CHAN2G(1, 2412, 0),
9535 	CHAN2G(2, 2417, 0),
9536 	CHAN2G(3, 2422, 0),
9537 	CHAN2G(4, 2427, 0),
9538 	CHAN2G(5, 2432, 0),
9539 	CHAN2G(6, 2437, 0),
9540 	CHAN2G(7, 2442, 0),
9541 	CHAN2G(8, 2447, 0),
9542 	CHAN2G(9, 2452, 0),
9543 	CHAN2G(10, 2457, 0),
9544 	CHAN2G(11, 2462, 0),
9545 	CHAN2G(12, 2467, 0),
9546 	CHAN2G(13, 2472, 0),
9547 	CHAN2G(14, 2484, 0),
9548 };
9549 
9550 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
9551 	CHAN5G(36, 5180, 0),
9552 	CHAN5G(40, 5200, 0),
9553 	CHAN5G(44, 5220, 0),
9554 	CHAN5G(48, 5240, 0),
9555 	CHAN5G(52, 5260, 0),
9556 	CHAN5G(56, 5280, 0),
9557 	CHAN5G(60, 5300, 0),
9558 	CHAN5G(64, 5320, 0),
9559 	CHAN5G(100, 5500, 0),
9560 	CHAN5G(104, 5520, 0),
9561 	CHAN5G(108, 5540, 0),
9562 	CHAN5G(112, 5560, 0),
9563 	CHAN5G(116, 5580, 0),
9564 	CHAN5G(120, 5600, 0),
9565 	CHAN5G(124, 5620, 0),
9566 	CHAN5G(128, 5640, 0),
9567 	CHAN5G(132, 5660, 0),
9568 	CHAN5G(136, 5680, 0),
9569 	CHAN5G(140, 5700, 0),
9570 	CHAN5G(144, 5720, 0),
9571 	CHAN5G(149, 5745, 0),
9572 	CHAN5G(153, 5765, 0),
9573 	CHAN5G(157, 5785, 0),
9574 	CHAN5G(161, 5805, 0),
9575 	CHAN5G(165, 5825, 0),
9576 	CHAN5G(169, 5845, 0),
9577 	CHAN5G(173, 5865, 0),
9578 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
9579 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
9580 };
9581 
9582 struct ath10k *ath10k_mac_create(size_t priv_size)
9583 {
9584 	struct ieee80211_hw *hw;
9585 	struct ieee80211_ops *ops;
9586 	struct ath10k *ar;
9587 
9588 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
9589 	if (!ops)
9590 		return NULL;
9591 
9592 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
9593 	if (!hw) {
9594 		kfree(ops);
9595 		return NULL;
9596 	}
9597 
9598 	ar = hw->priv;
9599 	ar->hw = hw;
9600 	ar->ops = ops;
9601 
9602 	return ar;
9603 }
9604 
9605 void ath10k_mac_destroy(struct ath10k *ar)
9606 {
9607 	struct ieee80211_ops *ops = ar->ops;
9608 
9609 	ieee80211_free_hw(ar->hw);
9610 	kfree(ops);
9611 }
9612 
9613 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
9614 	{
9615 		.max	= 8,
9616 		.types	= BIT(NL80211_IFTYPE_STATION)
9617 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
9618 	},
9619 	{
9620 		.max	= 3,
9621 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
9622 	},
9623 	{
9624 		.max	= 1,
9625 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
9626 	},
9627 	{
9628 		.max	= 7,
9629 		.types	= BIT(NL80211_IFTYPE_AP)
9630 #ifdef CONFIG_MAC80211_MESH
9631 			| BIT(NL80211_IFTYPE_MESH_POINT)
9632 #endif
9633 	},
9634 };
9635 
9636 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
9637 	{
9638 		.max	= 8,
9639 		.types	= BIT(NL80211_IFTYPE_AP)
9640 #ifdef CONFIG_MAC80211_MESH
9641 			| BIT(NL80211_IFTYPE_MESH_POINT)
9642 #endif
9643 	},
9644 	{
9645 		.max	= 1,
9646 		.types	= BIT(NL80211_IFTYPE_STATION)
9647 	},
9648 };
9649 
9650 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
9651 	{
9652 		.limits = ath10k_if_limits,
9653 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
9654 		.max_interfaces = 8,
9655 		.num_different_channels = 1,
9656 		.beacon_int_infra_match = true,
9657 	},
9658 };
9659 
9660 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
9661 	{
9662 		.limits = ath10k_10x_if_limits,
9663 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
9664 		.max_interfaces = 8,
9665 		.num_different_channels = 1,
9666 		.beacon_int_infra_match = true,
9667 		.beacon_int_min_gcd = 1,
9668 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9669 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9670 					BIT(NL80211_CHAN_WIDTH_20) |
9671 					BIT(NL80211_CHAN_WIDTH_40) |
9672 					BIT(NL80211_CHAN_WIDTH_80),
9673 #endif
9674 	},
9675 };
9676 
9677 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
9678 	{
9679 		.max = 2,
9680 		.types = BIT(NL80211_IFTYPE_STATION),
9681 	},
9682 	{
9683 		.max = 2,
9684 		.types = BIT(NL80211_IFTYPE_AP) |
9685 #ifdef CONFIG_MAC80211_MESH
9686 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9687 #endif
9688 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
9689 			 BIT(NL80211_IFTYPE_P2P_GO),
9690 	},
9691 	{
9692 		.max = 1,
9693 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9694 	},
9695 };
9696 
9697 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
9698 	{
9699 		.max = 2,
9700 		.types = BIT(NL80211_IFTYPE_STATION),
9701 	},
9702 	{
9703 		.max = 2,
9704 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
9705 	},
9706 	{
9707 		.max = 1,
9708 		.types = BIT(NL80211_IFTYPE_AP) |
9709 #ifdef CONFIG_MAC80211_MESH
9710 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9711 #endif
9712 			 BIT(NL80211_IFTYPE_P2P_GO),
9713 	},
9714 	{
9715 		.max = 1,
9716 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9717 	},
9718 };
9719 
9720 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
9721 	{
9722 		.max = 1,
9723 		.types = BIT(NL80211_IFTYPE_STATION),
9724 	},
9725 	{
9726 		.max = 1,
9727 		.types = BIT(NL80211_IFTYPE_ADHOC),
9728 	},
9729 };
9730 
9731 /* FIXME: This is not thoroughly tested. These combinations may over- or
9732  * underestimate hw/fw capabilities.
9733  */
9734 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
9735 	{
9736 		.limits = ath10k_tlv_if_limit,
9737 		.num_different_channels = 1,
9738 		.max_interfaces = 4,
9739 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9740 	},
9741 	{
9742 		.limits = ath10k_tlv_if_limit_ibss,
9743 		.num_different_channels = 1,
9744 		.max_interfaces = 2,
9745 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9746 	},
9747 };
9748 
9749 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
9750 	{
9751 		.limits = ath10k_tlv_if_limit,
9752 		.num_different_channels = 1,
9753 		.max_interfaces = 4,
9754 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9755 	},
9756 	{
9757 		.limits = ath10k_tlv_qcs_if_limit,
9758 		.num_different_channels = 2,
9759 		.max_interfaces = 4,
9760 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
9761 	},
9762 	{
9763 		.limits = ath10k_tlv_if_limit_ibss,
9764 		.num_different_channels = 1,
9765 		.max_interfaces = 2,
9766 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9767 	},
9768 };
9769 
9770 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
9771 	{
9772 		.max = 1,
9773 		.types = BIT(NL80211_IFTYPE_STATION),
9774 	},
9775 	{
9776 		.max	= 16,
9777 		.types	= BIT(NL80211_IFTYPE_AP)
9778 #ifdef CONFIG_MAC80211_MESH
9779 			| BIT(NL80211_IFTYPE_MESH_POINT)
9780 #endif
9781 	},
9782 };
9783 
9784 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
9785 	{
9786 		.limits = ath10k_10_4_if_limits,
9787 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9788 		.max_interfaces = 16,
9789 		.num_different_channels = 1,
9790 		.beacon_int_infra_match = true,
9791 		.beacon_int_min_gcd = 1,
9792 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9793 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9794 					BIT(NL80211_CHAN_WIDTH_20) |
9795 					BIT(NL80211_CHAN_WIDTH_40) |
9796 					BIT(NL80211_CHAN_WIDTH_80) |
9797 					BIT(NL80211_CHAN_WIDTH_80P80) |
9798 					BIT(NL80211_CHAN_WIDTH_160),
9799 #endif
9800 	},
9801 };
9802 
9803 static const struct
9804 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
9805 	{
9806 		.limits = ath10k_10_4_if_limits,
9807 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9808 		.max_interfaces = 16,
9809 		.num_different_channels = 1,
9810 		.beacon_int_infra_match = true,
9811 		.beacon_int_min_gcd = 100,
9812 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9813 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9814 					BIT(NL80211_CHAN_WIDTH_20) |
9815 					BIT(NL80211_CHAN_WIDTH_40) |
9816 					BIT(NL80211_CHAN_WIDTH_80) |
9817 					BIT(NL80211_CHAN_WIDTH_80P80) |
9818 					BIT(NL80211_CHAN_WIDTH_160),
9819 #endif
9820 	},
9821 };
9822 
9823 static void ath10k_get_arvif_iter(void *data, u8 *mac,
9824 				  struct ieee80211_vif *vif)
9825 {
9826 	struct ath10k_vif_iter *arvif_iter = data;
9827 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9828 
9829 	if (arvif->vdev_id == arvif_iter->vdev_id)
9830 		arvif_iter->arvif = arvif;
9831 }
9832 
9833 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
9834 {
9835 	struct ath10k_vif_iter arvif_iter;
9836 
9837 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
9838 	arvif_iter.vdev_id = vdev_id;
9839 
9840 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
9841 						   ATH10K_ITER_RESUME_FLAGS,
9842 						   ath10k_get_arvif_iter,
9843 						   &arvif_iter);
9844 	if (!arvif_iter.arvif) {
9845 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
9846 		return NULL;
9847 	}
9848 
9849 	return arvif_iter.arvif;
9850 }
9851 
9852 #define WRD_METHOD "WRDD"
9853 #define WRDD_WIFI  (0x07)
9854 
9855 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
9856 {
9857 	union acpi_object *mcc_pkg;
9858 	union acpi_object *domain_type;
9859 	union acpi_object *mcc_value;
9860 	u32 i;
9861 
9862 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
9863 	    wrdd->package.count < 2 ||
9864 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
9865 	    wrdd->package.elements[0].integer.value != 0) {
9866 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
9867 		return 0;
9868 	}
9869 
9870 	for (i = 1; i < wrdd->package.count; ++i) {
9871 		mcc_pkg = &wrdd->package.elements[i];
9872 
9873 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
9874 			continue;
9875 		if (mcc_pkg->package.count < 2)
9876 			continue;
9877 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
9878 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
9879 			continue;
9880 
9881 		domain_type = &mcc_pkg->package.elements[0];
9882 		if (domain_type->integer.value != WRDD_WIFI)
9883 			continue;
9884 
9885 		mcc_value = &mcc_pkg->package.elements[1];
9886 		return mcc_value->integer.value;
9887 	}
9888 	return 0;
9889 }
9890 
9891 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
9892 {
9893 	acpi_handle root_handle;
9894 	acpi_handle handle;
9895 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
9896 	acpi_status status;
9897 	u32 alpha2_code;
9898 	char alpha2[3];
9899 
9900 	root_handle = ACPI_HANDLE(ar->dev);
9901 	if (!root_handle)
9902 		return -EOPNOTSUPP;
9903 
9904 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
9905 	if (ACPI_FAILURE(status)) {
9906 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9907 			   "failed to get wrd method %d\n", status);
9908 		return -EIO;
9909 	}
9910 
9911 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
9912 	if (ACPI_FAILURE(status)) {
9913 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9914 			   "failed to call wrdc %d\n", status);
9915 		return -EIO;
9916 	}
9917 
9918 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
9919 	kfree(wrdd.pointer);
9920 	if (!alpha2_code)
9921 		return -EIO;
9922 
9923 	alpha2[0] = (alpha2_code >> 8) & 0xff;
9924 	alpha2[1] = (alpha2_code >> 0) & 0xff;
9925 	alpha2[2] = '\0';
9926 
9927 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
9928 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
9929 
9930 	*rd = ath_regd_find_country_by_name(alpha2);
9931 	if (*rd == 0xffff)
9932 		return -EIO;
9933 
9934 	*rd |= COUNTRY_ERD_FLAG;
9935 	return 0;
9936 }
9937 
9938 static int ath10k_mac_init_rd(struct ath10k *ar)
9939 {
9940 	int ret;
9941 	u16 rd;
9942 
9943 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
9944 	if (ret) {
9945 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9946 			   "fallback to eeprom programmed regulatory settings\n");
9947 		rd = ar->hw_eeprom_rd;
9948 	}
9949 
9950 	ar->ath_common.regulatory.current_rd = rd;
9951 	return 0;
9952 }
9953 
9954 int ath10k_mac_register(struct ath10k *ar)
9955 {
9956 	static const u32 cipher_suites[] = {
9957 		WLAN_CIPHER_SUITE_WEP40,
9958 		WLAN_CIPHER_SUITE_WEP104,
9959 		WLAN_CIPHER_SUITE_TKIP,
9960 		WLAN_CIPHER_SUITE_CCMP,
9961 
9962 		/* Do not add hardware supported ciphers before this line.
9963 		 * Allow software encryption for all chips. Don't forget to
9964 		 * update n_cipher_suites below.
9965 		 */
9966 		WLAN_CIPHER_SUITE_AES_CMAC,
9967 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
9968 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
9969 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
9970 
9971 		/* Only QCA99x0 and QCA4019 variants support GCMP-128, GCMP-256
9972 		 * and CCMP-256 in hardware.
9973 		 */
9974 		WLAN_CIPHER_SUITE_GCMP,
9975 		WLAN_CIPHER_SUITE_GCMP_256,
9976 		WLAN_CIPHER_SUITE_CCMP_256,
9977 	};
9978 	struct ieee80211_supported_band *band;
9979 	void *channels;
9980 	int ret;
9981 
9982 	if (!is_valid_ether_addr(ar->mac_addr)) {
9983 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
9984 		eth_random_addr(ar->mac_addr);
9985 	}
9986 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
9987 
9988 	SET_IEEE80211_DEV(ar->hw, ar->dev);
9989 
9990 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
9991 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
9992 		     ATH10K_NUM_CHANS);
9993 
9994 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
9995 		channels = kmemdup(ath10k_2ghz_channels,
9996 				   sizeof(ath10k_2ghz_channels),
9997 				   GFP_KERNEL);
9998 		if (!channels) {
9999 			ret = -ENOMEM;
10000 			goto err_free;
10001 		}
10002 
10003 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
10004 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
10005 		band->channels = channels;
10006 
10007 		if (ar->hw_params.cck_rate_map_rev2) {
10008 			band->n_bitrates = ath10k_g_rates_rev2_size;
10009 			band->bitrates = ath10k_g_rates_rev2;
10010 		} else {
10011 			band->n_bitrates = ath10k_g_rates_size;
10012 			band->bitrates = ath10k_g_rates;
10013 		}
10014 
10015 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
10016 	}
10017 
10018 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
10019 		channels = kmemdup(ath10k_5ghz_channels,
10020 				   sizeof(ath10k_5ghz_channels),
10021 				   GFP_KERNEL);
10022 		if (!channels) {
10023 			ret = -ENOMEM;
10024 			goto err_free;
10025 		}
10026 
10027 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
10028 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
10029 		band->channels = channels;
10030 		band->n_bitrates = ath10k_a_rates_size;
10031 		band->bitrates = ath10k_a_rates;
10032 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
10033 	}
10034 
10035 	wiphy_read_of_freq_limits(ar->hw->wiphy);
10036 	ath10k_mac_setup_ht_vht_cap(ar);
10037 
10038 	ar->hw->wiphy->interface_modes =
10039 		BIT(NL80211_IFTYPE_STATION) |
10040 		BIT(NL80211_IFTYPE_AP) |
10041 		BIT(NL80211_IFTYPE_MESH_POINT);
10042 
10043 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
10044 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
10045 
10046 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
10047 		ar->hw->wiphy->interface_modes |=
10048 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
10049 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
10050 			BIT(NL80211_IFTYPE_P2P_GO);
10051 
10052 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
10053 
10054 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
10055 		      ar->running_fw->fw_file.fw_features)) {
10056 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
10057 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
10058 	}
10059 
10060 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
10061 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
10062 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
10063 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
10064 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
10065 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
10066 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
10067 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
10068 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
10069 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
10070 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
10071 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
10072 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
10073 
10074 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10075 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
10076 
10077 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
10078 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
10079 
10080 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
10081 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
10082 
10083 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
10084 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
10085 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
10086 	}
10087 
10088 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
10089 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
10090 
10091 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
10092 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
10093 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
10094 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
10095 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
10096 		ar->hw->wiphy->max_sched_scan_plan_interval =
10097 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
10098 		ar->hw->wiphy->max_sched_scan_plan_iterations =
10099 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
10100 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
10101 	}
10102 
10103 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
10104 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
10105 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
10106 
10107 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
10108 
10109 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
10110 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
10111 
10112 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
10113 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
10114 		 * correct Probe Responses. This is more of a hack advert..
10115 		 */
10116 		ar->hw->wiphy->probe_resp_offload |=
10117 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
10118 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
10119 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
10120 	}
10121 
10122 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
10123 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
10124 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
10125 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
10126 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
10127 	}
10128 
10129 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
10130 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
10131 
10132 	if (ath10k_frame_mode == ATH10K_HW_TXRX_ETHERNET) {
10133 		if (ar->wmi.vdev_param->tx_encap_type !=
10134 		    WMI_VDEV_PARAM_UNSUPPORTED)
10135 			ieee80211_hw_set(ar->hw, SUPPORTS_TX_ENCAP_OFFLOAD);
10136 	}
10137 
10138 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
10139 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
10140 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
10141 
10142 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
10143 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
10144 				   NL80211_FEATURE_AP_SCAN;
10145 
10146 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
10147 
10148 	ret = ath10k_wow_init(ar);
10149 	if (ret) {
10150 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
10151 		goto err_free;
10152 	}
10153 
10154 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
10155 	wiphy_ext_feature_set(ar->hw->wiphy,
10156 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
10157 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
10158 
10159 	if (ar->hw_params.mcast_frame_registration)
10160 		wiphy_ext_feature_set(ar->hw->wiphy,
10161 				      NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS);
10162 
10163 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
10164 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
10165 		wiphy_ext_feature_set(ar->hw->wiphy,
10166 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
10167 
10168 	if (ath10k_peer_stats_enabled(ar) ||
10169 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
10170 		wiphy_ext_feature_set(ar->hw->wiphy,
10171 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
10172 
10173 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
10174 		wiphy_ext_feature_set(ar->hw->wiphy,
10175 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
10176 
10177 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
10178 		wiphy_ext_feature_set(ar->hw->wiphy,
10179 				      NL80211_EXT_FEATURE_STA_TX_PWR);
10180 
10181 	if (test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map)) {
10182 		ar->hw->wiphy->tid_config_support.vif |=
10183 				BIT(NL80211_TID_CONFIG_ATTR_NOACK) |
10184 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT) |
10185 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG) |
10186 				BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL) |
10187 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
10188 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
10189 
10190 		if (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
10191 			     ar->wmi.svc_map)) {
10192 			ar->hw->wiphy->tid_config_support.vif |=
10193 				BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
10194 		}
10195 
10196 		ar->hw->wiphy->tid_config_support.peer =
10197 				ar->hw->wiphy->tid_config_support.vif;
10198 		ar->hw->wiphy->max_data_retry_count = ATH10K_MAX_RETRY_COUNT;
10199 	} else {
10200 		ar->ops->set_tid_config = NULL;
10201 	}
10202 	/*
10203 	 * on LL hardware queues are managed entirely by the FW
10204 	 * so we only advertise to mac we can do the queues thing
10205 	 */
10206 	ar->hw->queues = IEEE80211_MAX_QUEUES;
10207 
10208 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
10209 	 * something that vdev_ids can't reach so that we don't stop the queue
10210 	 * accidentally.
10211 	 */
10212 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
10213 
10214 	switch (ar->running_fw->fw_file.wmi_op_version) {
10215 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
10216 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
10217 		ar->hw->wiphy->n_iface_combinations =
10218 			ARRAY_SIZE(ath10k_if_comb);
10219 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10220 		break;
10221 	case ATH10K_FW_WMI_OP_VERSION_TLV:
10222 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
10223 			ar->hw->wiphy->iface_combinations =
10224 				ath10k_tlv_qcs_if_comb;
10225 			ar->hw->wiphy->n_iface_combinations =
10226 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
10227 		} else {
10228 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
10229 			ar->hw->wiphy->n_iface_combinations =
10230 				ARRAY_SIZE(ath10k_tlv_if_comb);
10231 		}
10232 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10233 		break;
10234 	case ATH10K_FW_WMI_OP_VERSION_10_1:
10235 	case ATH10K_FW_WMI_OP_VERSION_10_2:
10236 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
10237 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
10238 		ar->hw->wiphy->n_iface_combinations =
10239 			ARRAY_SIZE(ath10k_10x_if_comb);
10240 		break;
10241 	case ATH10K_FW_WMI_OP_VERSION_10_4:
10242 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
10243 		ar->hw->wiphy->n_iface_combinations =
10244 			ARRAY_SIZE(ath10k_10_4_if_comb);
10245 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
10246 			     ar->wmi.svc_map)) {
10247 			ar->hw->wiphy->iface_combinations =
10248 				ath10k_10_4_bcn_int_if_comb;
10249 			ar->hw->wiphy->n_iface_combinations =
10250 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
10251 		}
10252 		break;
10253 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
10254 	case ATH10K_FW_WMI_OP_VERSION_MAX:
10255 		WARN_ON(1);
10256 		ret = -EINVAL;
10257 		goto err_free;
10258 	}
10259 
10260 	if (ar->hw_params.dynamic_sar_support)
10261 		ar->hw->wiphy->sar_capa = &ath10k_sar_capa;
10262 
10263 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10264 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
10265 
10266 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
10267 		/* Init ath dfs pattern detector */
10268 		ar->ath_common.debug_mask = ATH_DBG_DFS;
10269 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
10270 							     NL80211_DFS_UNSET);
10271 
10272 		if (!ar->dfs_detector)
10273 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
10274 	}
10275 
10276 	ret = ath10k_mac_init_rd(ar);
10277 	if (ret) {
10278 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
10279 		goto err_dfs_detector_exit;
10280 	}
10281 
10282 	/* Disable set_coverage_class for chipsets that do not support it. */
10283 	if (!ar->hw_params.hw_ops->set_coverage_class)
10284 		ar->ops->set_coverage_class = NULL;
10285 
10286 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
10287 			    ath10k_reg_notifier);
10288 	if (ret) {
10289 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
10290 		goto err_dfs_detector_exit;
10291 	}
10292 
10293 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
10294 		ar->hw->wiphy->features |=
10295 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
10296 	}
10297 
10298 	ar->hw->wiphy->cipher_suites = cipher_suites;
10299 
10300 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
10301 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
10302 	 * from chip specific hw_param table.
10303 	 */
10304 	if (!ar->hw_params.n_cipher_suites ||
10305 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
10306 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
10307 			   ar->hw_params.n_cipher_suites);
10308 		ar->hw_params.n_cipher_suites = 8;
10309 	}
10310 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
10311 
10312 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
10313 
10314 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
10315 
10316 	ret = ieee80211_register_hw(ar->hw);
10317 	if (ret) {
10318 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
10319 		goto err_dfs_detector_exit;
10320 	}
10321 
10322 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
10323 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
10324 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
10325 	}
10326 
10327 	if (!ath_is_world_regd(&ar->ath_common.reg_world_copy) &&
10328 	    !ath_is_world_regd(&ar->ath_common.regulatory)) {
10329 		ret = regulatory_hint(ar->hw->wiphy,
10330 				      ar->ath_common.regulatory.alpha2);
10331 		if (ret)
10332 			goto err_unregister;
10333 	}
10334 
10335 	return 0;
10336 
10337 err_unregister:
10338 	ieee80211_unregister_hw(ar->hw);
10339 
10340 err_dfs_detector_exit:
10341 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10342 		ar->dfs_detector->exit(ar->dfs_detector);
10343 
10344 err_free:
10345 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10346 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10347 
10348 	SET_IEEE80211_DEV(ar->hw, NULL);
10349 	return ret;
10350 }
10351 
10352 void ath10k_mac_unregister(struct ath10k *ar)
10353 {
10354 	ieee80211_unregister_hw(ar->hw);
10355 
10356 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10357 		ar->dfs_detector->exit(ar->dfs_detector);
10358 
10359 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10360 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10361 
10362 	SET_IEEE80211_DEV(ar->hw, NULL);
10363 }
10364