xref: /linux/drivers/net/wireless/ath/ath10k/mac.c (revision 9009b455811b0fa1f6b0adfa94db136984db5a38)
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  */
7 
8 #include "mac.h"
9 
10 #include <net/cfg80211.h>
11 #include <net/mac80211.h>
12 #include <linux/etherdevice.h>
13 #include <linux/acpi.h>
14 #include <linux/of.h>
15 #include <linux/bitfield.h>
16 
17 #include "hif.h"
18 #include "core.h"
19 #include "debug.h"
20 #include "wmi.h"
21 #include "htt.h"
22 #include "txrx.h"
23 #include "testmode.h"
24 #include "wmi-tlv.h"
25 #include "wmi-ops.h"
26 #include "wow.h"
27 
28 /*********/
29 /* Rates */
30 /*********/
31 
32 static struct ieee80211_rate ath10k_rates[] = {
33 	{ .bitrate = 10,
34 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
35 	{ .bitrate = 20,
36 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
37 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
38 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
39 	{ .bitrate = 55,
40 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
41 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
42 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
43 	{ .bitrate = 110,
44 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
45 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
46 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
47 
48 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
49 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
50 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
51 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
52 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
53 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
54 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
55 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
56 };
57 
58 static struct ieee80211_rate ath10k_rates_rev2[] = {
59 	{ .bitrate = 10,
60 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
61 	{ .bitrate = 20,
62 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
63 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
64 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
65 	{ .bitrate = 55,
66 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
67 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
68 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
69 	{ .bitrate = 110,
70 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
71 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
72 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
73 
74 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
75 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
76 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
77 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
78 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
79 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
80 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
81 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
82 };
83 
84 static const struct cfg80211_sar_freq_ranges ath10k_sar_freq_ranges[] = {
85 	{.start_freq = 2402, .end_freq = 2494 },
86 	{.start_freq = 5170, .end_freq = 5875 },
87 };
88 
89 static const struct cfg80211_sar_capa ath10k_sar_capa = {
90 	.type = NL80211_SAR_TYPE_POWER,
91 	.num_freq_ranges = (ARRAY_SIZE(ath10k_sar_freq_ranges)),
92 	.freq_ranges = &ath10k_sar_freq_ranges[0],
93 };
94 
95 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
96 
97 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
98 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
99 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
100 #define ath10k_g_rates (ath10k_rates + 0)
101 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
102 
103 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
104 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
105 
106 #define ath10k_wmi_legacy_rates ath10k_rates
107 
108 static bool ath10k_mac_bitrate_is_cck(int bitrate)
109 {
110 	switch (bitrate) {
111 	case 10:
112 	case 20:
113 	case 55:
114 	case 110:
115 		return true;
116 	}
117 
118 	return false;
119 }
120 
121 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
122 {
123 	return DIV_ROUND_UP(bitrate, 5) |
124 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
125 }
126 
127 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
128 			     u8 hw_rate, bool cck)
129 {
130 	const struct ieee80211_rate *rate;
131 	int i;
132 
133 	for (i = 0; i < sband->n_bitrates; i++) {
134 		rate = &sband->bitrates[i];
135 
136 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
137 			continue;
138 
139 		if (rate->hw_value == hw_rate)
140 			return i;
141 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
142 			 rate->hw_value_short == hw_rate)
143 			return i;
144 	}
145 
146 	return 0;
147 }
148 
149 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
150 			     u32 bitrate)
151 {
152 	int i;
153 
154 	for (i = 0; i < sband->n_bitrates; i++)
155 		if (sband->bitrates[i].bitrate == bitrate)
156 			return i;
157 
158 	return 0;
159 }
160 
161 static int ath10k_mac_get_rate_hw_value(int bitrate)
162 {
163 	int i;
164 	u8 hw_value_prefix = 0;
165 
166 	if (ath10k_mac_bitrate_is_cck(bitrate))
167 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
168 
169 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
170 		if (ath10k_rates[i].bitrate == bitrate)
171 			return hw_value_prefix | ath10k_rates[i].hw_value;
172 	}
173 
174 	return -EINVAL;
175 }
176 
177 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
178 {
179 	switch ((mcs_map >> (2 * nss)) & 0x3) {
180 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
181 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
182 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
183 	}
184 	return 0;
185 }
186 
187 static u32
188 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
189 {
190 	int nss;
191 
192 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
193 		if (ht_mcs_mask[nss])
194 			return nss + 1;
195 
196 	return 1;
197 }
198 
199 static u32
200 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
201 {
202 	int nss;
203 
204 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
205 		if (vht_mcs_mask[nss])
206 			return nss + 1;
207 
208 	return 1;
209 }
210 
211 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
212 {
213 	enum wmi_host_platform_type platform_type;
214 	int ret;
215 
216 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
217 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
218 	else
219 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
220 
221 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
222 
223 	if (ret && ret != -EOPNOTSUPP) {
224 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
225 		return ret;
226 	}
227 
228 	return 0;
229 }
230 
231 /**********/
232 /* Crypto */
233 /**********/
234 
235 static int ath10k_send_key(struct ath10k_vif *arvif,
236 			   struct ieee80211_key_conf *key,
237 			   enum set_key_cmd cmd,
238 			   const u8 *macaddr, u32 flags)
239 {
240 	struct ath10k *ar = arvif->ar;
241 	struct wmi_vdev_install_key_arg arg = {
242 		.vdev_id = arvif->vdev_id,
243 		.key_idx = key->keyidx,
244 		.key_len = key->keylen,
245 		.key_data = key->key,
246 		.key_flags = flags,
247 		.macaddr = macaddr,
248 	};
249 
250 	lockdep_assert_held(&arvif->ar->conf_mutex);
251 
252 	switch (key->cipher) {
253 	case WLAN_CIPHER_SUITE_CCMP:
254 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
255 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
256 		break;
257 	case WLAN_CIPHER_SUITE_TKIP:
258 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
259 		arg.key_txmic_len = 8;
260 		arg.key_rxmic_len = 8;
261 		break;
262 	case WLAN_CIPHER_SUITE_WEP40:
263 	case WLAN_CIPHER_SUITE_WEP104:
264 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
265 		break;
266 	case WLAN_CIPHER_SUITE_CCMP_256:
267 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
268 		break;
269 	case WLAN_CIPHER_SUITE_GCMP:
270 	case WLAN_CIPHER_SUITE_GCMP_256:
271 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
272 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
273 		break;
274 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
275 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
276 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
277 	case WLAN_CIPHER_SUITE_AES_CMAC:
278 		WARN_ON(1);
279 		return -EINVAL;
280 	default:
281 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
282 		return -EOPNOTSUPP;
283 	}
284 
285 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
286 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
287 
288 	if (cmd == DISABLE_KEY) {
289 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
290 		arg.key_data = NULL;
291 	}
292 
293 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
294 }
295 
296 static int ath10k_install_key(struct ath10k_vif *arvif,
297 			      struct ieee80211_key_conf *key,
298 			      enum set_key_cmd cmd,
299 			      const u8 *macaddr, u32 flags)
300 {
301 	struct ath10k *ar = arvif->ar;
302 	int ret;
303 	unsigned long time_left;
304 
305 	lockdep_assert_held(&ar->conf_mutex);
306 
307 	reinit_completion(&ar->install_key_done);
308 
309 	if (arvif->nohwcrypt)
310 		return 1;
311 
312 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
313 	if (ret)
314 		return ret;
315 
316 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
317 	if (time_left == 0)
318 		return -ETIMEDOUT;
319 
320 	return 0;
321 }
322 
323 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
324 					const u8 *addr)
325 {
326 	struct ath10k *ar = arvif->ar;
327 	struct ath10k_peer *peer;
328 	int ret;
329 	int i;
330 	u32 flags;
331 
332 	lockdep_assert_held(&ar->conf_mutex);
333 
334 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
335 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
336 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
337 		return -EINVAL;
338 
339 	spin_lock_bh(&ar->data_lock);
340 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
341 	spin_unlock_bh(&ar->data_lock);
342 
343 	if (!peer)
344 		return -ENOENT;
345 
346 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
347 		if (arvif->wep_keys[i] == NULL)
348 			continue;
349 
350 		switch (arvif->vif->type) {
351 		case NL80211_IFTYPE_AP:
352 			flags = WMI_KEY_PAIRWISE;
353 
354 			if (arvif->def_wep_key_idx == i)
355 				flags |= WMI_KEY_TX_USAGE;
356 
357 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
358 						 SET_KEY, addr, flags);
359 			if (ret < 0)
360 				return ret;
361 			break;
362 		case NL80211_IFTYPE_ADHOC:
363 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
364 						 SET_KEY, addr,
365 						 WMI_KEY_PAIRWISE);
366 			if (ret < 0)
367 				return ret;
368 
369 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
370 						 SET_KEY, addr, WMI_KEY_GROUP);
371 			if (ret < 0)
372 				return ret;
373 			break;
374 		default:
375 			WARN_ON(1);
376 			return -EINVAL;
377 		}
378 
379 		spin_lock_bh(&ar->data_lock);
380 		peer->keys[i] = arvif->wep_keys[i];
381 		spin_unlock_bh(&ar->data_lock);
382 	}
383 
384 	/* In some cases (notably with static WEP IBSS with multiple keys)
385 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
386 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
387 	 * didn't seem help. Using def_keyid vdev parameter seems to be
388 	 * effective so use that.
389 	 *
390 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
391 	 */
392 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
393 		return 0;
394 
395 	if (arvif->def_wep_key_idx == -1)
396 		return 0;
397 
398 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
399 					arvif->vdev_id,
400 					arvif->ar->wmi.vdev_param->def_keyid,
401 					arvif->def_wep_key_idx);
402 	if (ret) {
403 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
404 			    arvif->vdev_id, ret);
405 		return ret;
406 	}
407 
408 	return 0;
409 }
410 
411 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
412 				  const u8 *addr)
413 {
414 	struct ath10k *ar = arvif->ar;
415 	struct ath10k_peer *peer;
416 	int first_errno = 0;
417 	int ret;
418 	int i;
419 	u32 flags = 0;
420 
421 	lockdep_assert_held(&ar->conf_mutex);
422 
423 	spin_lock_bh(&ar->data_lock);
424 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
425 	spin_unlock_bh(&ar->data_lock);
426 
427 	if (!peer)
428 		return -ENOENT;
429 
430 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
431 		if (peer->keys[i] == NULL)
432 			continue;
433 
434 		/* key flags are not required to delete the key */
435 		ret = ath10k_install_key(arvif, peer->keys[i],
436 					 DISABLE_KEY, addr, flags);
437 		if (ret < 0 && first_errno == 0)
438 			first_errno = ret;
439 
440 		if (ret < 0)
441 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
442 				    i, ret);
443 
444 		spin_lock_bh(&ar->data_lock);
445 		peer->keys[i] = NULL;
446 		spin_unlock_bh(&ar->data_lock);
447 	}
448 
449 	return first_errno;
450 }
451 
452 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
453 				    u8 keyidx)
454 {
455 	struct ath10k_peer *peer;
456 	int i;
457 
458 	lockdep_assert_held(&ar->data_lock);
459 
460 	/* We don't know which vdev this peer belongs to,
461 	 * since WMI doesn't give us that information.
462 	 *
463 	 * FIXME: multi-bss needs to be handled.
464 	 */
465 	peer = ath10k_peer_find(ar, 0, addr);
466 	if (!peer)
467 		return false;
468 
469 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
470 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
471 			return true;
472 	}
473 
474 	return false;
475 }
476 
477 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
478 				 struct ieee80211_key_conf *key)
479 {
480 	struct ath10k *ar = arvif->ar;
481 	struct ath10k_peer *peer;
482 	u8 addr[ETH_ALEN];
483 	int first_errno = 0;
484 	int ret;
485 	int i;
486 	u32 flags = 0;
487 
488 	lockdep_assert_held(&ar->conf_mutex);
489 
490 	for (;;) {
491 		/* since ath10k_install_key we can't hold data_lock all the
492 		 * time, so we try to remove the keys incrementally
493 		 */
494 		spin_lock_bh(&ar->data_lock);
495 		i = 0;
496 		list_for_each_entry(peer, &ar->peers, list) {
497 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
498 				if (peer->keys[i] == key) {
499 					ether_addr_copy(addr, peer->addr);
500 					peer->keys[i] = NULL;
501 					break;
502 				}
503 			}
504 
505 			if (i < ARRAY_SIZE(peer->keys))
506 				break;
507 		}
508 		spin_unlock_bh(&ar->data_lock);
509 
510 		if (i == ARRAY_SIZE(peer->keys))
511 			break;
512 		/* key flags are not required to delete the key */
513 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
514 		if (ret < 0 && first_errno == 0)
515 			first_errno = ret;
516 
517 		if (ret)
518 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
519 				    addr, ret);
520 	}
521 
522 	return first_errno;
523 }
524 
525 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
526 					 struct ieee80211_key_conf *key)
527 {
528 	struct ath10k *ar = arvif->ar;
529 	struct ath10k_peer *peer;
530 	int ret;
531 
532 	lockdep_assert_held(&ar->conf_mutex);
533 
534 	list_for_each_entry(peer, &ar->peers, list) {
535 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
536 			continue;
537 
538 		if (ether_addr_equal(peer->addr, arvif->bssid))
539 			continue;
540 
541 		if (peer->keys[key->keyidx] == key)
542 			continue;
543 
544 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
545 			   arvif->vdev_id, key->keyidx);
546 
547 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
548 		if (ret) {
549 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
550 				    arvif->vdev_id, peer->addr, ret);
551 			return ret;
552 		}
553 	}
554 
555 	return 0;
556 }
557 
558 /*********************/
559 /* General utilities */
560 /*********************/
561 
562 static inline enum wmi_phy_mode
563 chan_to_phymode(const struct cfg80211_chan_def *chandef)
564 {
565 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
566 
567 	switch (chandef->chan->band) {
568 	case NL80211_BAND_2GHZ:
569 		switch (chandef->width) {
570 		case NL80211_CHAN_WIDTH_20_NOHT:
571 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
572 				phymode = MODE_11B;
573 			else
574 				phymode = MODE_11G;
575 			break;
576 		case NL80211_CHAN_WIDTH_20:
577 			phymode = MODE_11NG_HT20;
578 			break;
579 		case NL80211_CHAN_WIDTH_40:
580 			phymode = MODE_11NG_HT40;
581 			break;
582 		default:
583 			phymode = MODE_UNKNOWN;
584 			break;
585 		}
586 		break;
587 	case NL80211_BAND_5GHZ:
588 		switch (chandef->width) {
589 		case NL80211_CHAN_WIDTH_20_NOHT:
590 			phymode = MODE_11A;
591 			break;
592 		case NL80211_CHAN_WIDTH_20:
593 			phymode = MODE_11NA_HT20;
594 			break;
595 		case NL80211_CHAN_WIDTH_40:
596 			phymode = MODE_11NA_HT40;
597 			break;
598 		case NL80211_CHAN_WIDTH_80:
599 			phymode = MODE_11AC_VHT80;
600 			break;
601 		case NL80211_CHAN_WIDTH_160:
602 			phymode = MODE_11AC_VHT160;
603 			break;
604 		case NL80211_CHAN_WIDTH_80P80:
605 			phymode = MODE_11AC_VHT80_80;
606 			break;
607 		default:
608 			phymode = MODE_UNKNOWN;
609 			break;
610 		}
611 		break;
612 	default:
613 		break;
614 	}
615 
616 	WARN_ON(phymode == MODE_UNKNOWN);
617 	return phymode;
618 }
619 
620 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
621 {
622 /*
623  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
624  *   0 for no restriction
625  *   1 for 1/4 us
626  *   2 for 1/2 us
627  *   3 for 1 us
628  *   4 for 2 us
629  *   5 for 4 us
630  *   6 for 8 us
631  *   7 for 16 us
632  */
633 	switch (mpdudensity) {
634 	case 0:
635 		return 0;
636 	case 1:
637 	case 2:
638 	case 3:
639 	/* Our lower layer calculations limit our precision to
640 	 * 1 microsecond
641 	 */
642 		return 1;
643 	case 4:
644 		return 2;
645 	case 5:
646 		return 4;
647 	case 6:
648 		return 8;
649 	case 7:
650 		return 16;
651 	default:
652 		return 0;
653 	}
654 }
655 
656 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
657 			struct cfg80211_chan_def *def)
658 {
659 	struct ieee80211_chanctx_conf *conf;
660 
661 	rcu_read_lock();
662 	conf = rcu_dereference(vif->chanctx_conf);
663 	if (!conf) {
664 		rcu_read_unlock();
665 		return -ENOENT;
666 	}
667 
668 	*def = conf->def;
669 	rcu_read_unlock();
670 
671 	return 0;
672 }
673 
674 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
675 					 struct ieee80211_chanctx_conf *conf,
676 					 void *data)
677 {
678 	int *num = data;
679 
680 	(*num)++;
681 }
682 
683 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
684 {
685 	int num = 0;
686 
687 	ieee80211_iter_chan_contexts_atomic(ar->hw,
688 					    ath10k_mac_num_chanctxs_iter,
689 					    &num);
690 
691 	return num;
692 }
693 
694 static void
695 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
696 				struct ieee80211_chanctx_conf *conf,
697 				void *data)
698 {
699 	struct cfg80211_chan_def **def = data;
700 
701 	*def = &conf->def;
702 }
703 
704 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
705 					     const u8 *addr)
706 {
707 	unsigned long time_left;
708 	int ret;
709 
710 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
711 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
712 		if (ret) {
713 			ath10k_warn(ar, "failed wait for peer deleted");
714 			return;
715 		}
716 
717 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
718 							5 * HZ);
719 		if (!time_left)
720 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
721 	}
722 }
723 
724 static int ath10k_peer_create(struct ath10k *ar,
725 			      struct ieee80211_vif *vif,
726 			      struct ieee80211_sta *sta,
727 			      u32 vdev_id,
728 			      const u8 *addr,
729 			      enum wmi_peer_type peer_type)
730 {
731 	struct ath10k_vif *arvif;
732 	struct ath10k_peer *peer;
733 	int num_peers = 0;
734 	int ret;
735 
736 	lockdep_assert_held(&ar->conf_mutex);
737 
738 	num_peers = ar->num_peers;
739 
740 	/* Each vdev consumes a peer entry as well */
741 	list_for_each_entry(arvif, &ar->arvifs, list)
742 		num_peers++;
743 
744 	if (num_peers >= ar->max_num_peers)
745 		return -ENOBUFS;
746 
747 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
748 	if (ret) {
749 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
750 			    addr, vdev_id, ret);
751 		return ret;
752 	}
753 
754 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
755 	if (ret) {
756 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
757 			    addr, vdev_id, ret);
758 		return ret;
759 	}
760 
761 	spin_lock_bh(&ar->data_lock);
762 
763 	peer = ath10k_peer_find(ar, vdev_id, addr);
764 	if (!peer) {
765 		spin_unlock_bh(&ar->data_lock);
766 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
767 			    addr, vdev_id);
768 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
769 		return -ENOENT;
770 	}
771 
772 	peer->vif = vif;
773 	peer->sta = sta;
774 
775 	spin_unlock_bh(&ar->data_lock);
776 
777 	ar->num_peers++;
778 
779 	return 0;
780 }
781 
782 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
783 {
784 	struct ath10k *ar = arvif->ar;
785 	u32 param;
786 	int ret;
787 
788 	param = ar->wmi.pdev_param->sta_kickout_th;
789 	ret = ath10k_wmi_pdev_set_param(ar, param,
790 					ATH10K_KICKOUT_THRESHOLD);
791 	if (ret) {
792 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
793 			    arvif->vdev_id, ret);
794 		return ret;
795 	}
796 
797 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
798 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
799 					ATH10K_KEEPALIVE_MIN_IDLE);
800 	if (ret) {
801 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
802 			    arvif->vdev_id, ret);
803 		return ret;
804 	}
805 
806 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
807 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
808 					ATH10K_KEEPALIVE_MAX_IDLE);
809 	if (ret) {
810 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
811 			    arvif->vdev_id, ret);
812 		return ret;
813 	}
814 
815 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
816 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
817 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
818 	if (ret) {
819 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
820 			    arvif->vdev_id, ret);
821 		return ret;
822 	}
823 
824 	return 0;
825 }
826 
827 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
828 {
829 	struct ath10k *ar = arvif->ar;
830 	u32 vdev_param;
831 
832 	vdev_param = ar->wmi.vdev_param->rts_threshold;
833 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
834 }
835 
836 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
837 {
838 	int ret;
839 
840 	lockdep_assert_held(&ar->conf_mutex);
841 
842 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
843 	if (ret)
844 		return ret;
845 
846 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
847 	if (ret)
848 		return ret;
849 
850 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
851 		unsigned long time_left;
852 
853 		time_left = wait_for_completion_timeout
854 			    (&ar->peer_delete_done, 5 * HZ);
855 
856 		if (!time_left) {
857 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
858 			return -ETIMEDOUT;
859 		}
860 	}
861 
862 	ar->num_peers--;
863 
864 	return 0;
865 }
866 
867 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
868 {
869 	struct ath10k_peer *peer, *tmp;
870 	int peer_id;
871 	int i;
872 
873 	lockdep_assert_held(&ar->conf_mutex);
874 
875 	spin_lock_bh(&ar->data_lock);
876 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
877 		if (peer->vdev_id != vdev_id)
878 			continue;
879 
880 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
881 			    peer->addr, vdev_id);
882 
883 		for_each_set_bit(peer_id, peer->peer_ids,
884 				 ATH10K_MAX_NUM_PEER_IDS) {
885 			ar->peer_map[peer_id] = NULL;
886 		}
887 
888 		/* Double check that peer is properly un-referenced from
889 		 * the peer_map
890 		 */
891 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
892 			if (ar->peer_map[i] == peer) {
893 				ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
894 					    peer->addr, peer, i);
895 				ar->peer_map[i] = NULL;
896 			}
897 		}
898 
899 		list_del(&peer->list);
900 		kfree(peer);
901 		ar->num_peers--;
902 	}
903 	spin_unlock_bh(&ar->data_lock);
904 }
905 
906 static void ath10k_peer_cleanup_all(struct ath10k *ar)
907 {
908 	struct ath10k_peer *peer, *tmp;
909 	int i;
910 
911 	lockdep_assert_held(&ar->conf_mutex);
912 
913 	spin_lock_bh(&ar->data_lock);
914 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
915 		list_del(&peer->list);
916 		kfree(peer);
917 	}
918 
919 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
920 		ar->peer_map[i] = NULL;
921 
922 	spin_unlock_bh(&ar->data_lock);
923 
924 	ar->num_peers = 0;
925 	ar->num_stations = 0;
926 }
927 
928 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
929 				       struct ieee80211_sta *sta,
930 				       enum wmi_tdls_peer_state state)
931 {
932 	int ret;
933 	struct wmi_tdls_peer_update_cmd_arg arg = {};
934 	struct wmi_tdls_peer_capab_arg cap = {};
935 	struct wmi_channel_arg chan_arg = {};
936 
937 	lockdep_assert_held(&ar->conf_mutex);
938 
939 	arg.vdev_id = vdev_id;
940 	arg.peer_state = state;
941 	ether_addr_copy(arg.addr, sta->addr);
942 
943 	cap.peer_max_sp = sta->max_sp;
944 	cap.peer_uapsd_queues = sta->uapsd_queues;
945 
946 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
947 	    !sta->tdls_initiator)
948 		cap.is_peer_responder = 1;
949 
950 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
951 	if (ret) {
952 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
953 			    arg.addr, vdev_id, ret);
954 		return ret;
955 	}
956 
957 	return 0;
958 }
959 
960 /************************/
961 /* Interface management */
962 /************************/
963 
964 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
965 {
966 	struct ath10k *ar = arvif->ar;
967 
968 	lockdep_assert_held(&ar->data_lock);
969 
970 	if (!arvif->beacon)
971 		return;
972 
973 	if (!arvif->beacon_buf)
974 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
975 				 arvif->beacon->len, DMA_TO_DEVICE);
976 
977 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
978 		    arvif->beacon_state != ATH10K_BEACON_SENT))
979 		return;
980 
981 	dev_kfree_skb_any(arvif->beacon);
982 
983 	arvif->beacon = NULL;
984 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
985 }
986 
987 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
988 {
989 	struct ath10k *ar = arvif->ar;
990 
991 	lockdep_assert_held(&ar->data_lock);
992 
993 	ath10k_mac_vif_beacon_free(arvif);
994 
995 	if (arvif->beacon_buf) {
996 		dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
997 				  arvif->beacon_buf, arvif->beacon_paddr);
998 		arvif->beacon_buf = NULL;
999 	}
1000 }
1001 
1002 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
1003 {
1004 	unsigned long time_left;
1005 
1006 	lockdep_assert_held(&ar->conf_mutex);
1007 
1008 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1009 		return -ESHUTDOWN;
1010 
1011 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1012 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1013 	if (time_left == 0)
1014 		return -ETIMEDOUT;
1015 
1016 	return ar->last_wmi_vdev_start_status;
1017 }
1018 
1019 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1020 {
1021 	struct cfg80211_chan_def *chandef = NULL;
1022 	struct ieee80211_channel *channel = NULL;
1023 	struct wmi_vdev_start_request_arg arg = {};
1024 	int ret = 0;
1025 
1026 	lockdep_assert_held(&ar->conf_mutex);
1027 
1028 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1029 					    ath10k_mac_get_any_chandef_iter,
1030 					    &chandef);
1031 	if (WARN_ON_ONCE(!chandef))
1032 		return -ENOENT;
1033 
1034 	channel = chandef->chan;
1035 
1036 	arg.vdev_id = vdev_id;
1037 	arg.channel.freq = channel->center_freq;
1038 	arg.channel.band_center_freq1 = chandef->center_freq1;
1039 	arg.channel.band_center_freq2 = chandef->center_freq2;
1040 
1041 	/* TODO setup this dynamically, what in case we
1042 	 * don't have any vifs?
1043 	 */
1044 	arg.channel.mode = chan_to_phymode(chandef);
1045 	arg.channel.chan_radar =
1046 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1047 
1048 	arg.channel.min_power = 0;
1049 	arg.channel.max_power = channel->max_power * 2;
1050 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1051 	arg.channel.max_antenna_gain = channel->max_antenna_gain * 2;
1052 
1053 	reinit_completion(&ar->vdev_setup_done);
1054 	reinit_completion(&ar->vdev_delete_done);
1055 
1056 	ret = ath10k_wmi_vdev_start(ar, &arg);
1057 	if (ret) {
1058 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1059 			    vdev_id, ret);
1060 		return ret;
1061 	}
1062 
1063 	ret = ath10k_vdev_setup_sync(ar);
1064 	if (ret) {
1065 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1066 			    vdev_id, ret);
1067 		return ret;
1068 	}
1069 
1070 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1071 	if (ret) {
1072 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1073 			    vdev_id, ret);
1074 		goto vdev_stop;
1075 	}
1076 
1077 	ar->monitor_vdev_id = vdev_id;
1078 
1079 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1080 		   ar->monitor_vdev_id);
1081 	return 0;
1082 
1083 vdev_stop:
1084 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1085 	if (ret)
1086 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1087 			    ar->monitor_vdev_id, ret);
1088 
1089 	return ret;
1090 }
1091 
1092 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1093 {
1094 	int ret = 0;
1095 
1096 	lockdep_assert_held(&ar->conf_mutex);
1097 
1098 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1099 	if (ret)
1100 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1101 			    ar->monitor_vdev_id, ret);
1102 
1103 	reinit_completion(&ar->vdev_setup_done);
1104 	reinit_completion(&ar->vdev_delete_done);
1105 
1106 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1107 	if (ret)
1108 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1109 			    ar->monitor_vdev_id, ret);
1110 
1111 	ret = ath10k_vdev_setup_sync(ar);
1112 	if (ret)
1113 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1114 			    ar->monitor_vdev_id, ret);
1115 
1116 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1117 		   ar->monitor_vdev_id);
1118 	return ret;
1119 }
1120 
1121 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1122 {
1123 	int bit, ret = 0;
1124 
1125 	lockdep_assert_held(&ar->conf_mutex);
1126 
1127 	if (ar->free_vdev_map == 0) {
1128 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1129 		return -ENOMEM;
1130 	}
1131 
1132 	bit = __ffs64(ar->free_vdev_map);
1133 
1134 	ar->monitor_vdev_id = bit;
1135 
1136 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1137 				     WMI_VDEV_TYPE_MONITOR,
1138 				     0, ar->mac_addr);
1139 	if (ret) {
1140 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1141 			    ar->monitor_vdev_id, ret);
1142 		return ret;
1143 	}
1144 
1145 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1146 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1147 		   ar->monitor_vdev_id);
1148 
1149 	return 0;
1150 }
1151 
1152 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1153 {
1154 	int ret = 0;
1155 
1156 	lockdep_assert_held(&ar->conf_mutex);
1157 
1158 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1159 	if (ret) {
1160 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1161 			    ar->monitor_vdev_id, ret);
1162 		return ret;
1163 	}
1164 
1165 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1166 
1167 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1168 		   ar->monitor_vdev_id);
1169 	return ret;
1170 }
1171 
1172 static int ath10k_monitor_start(struct ath10k *ar)
1173 {
1174 	int ret;
1175 
1176 	lockdep_assert_held(&ar->conf_mutex);
1177 
1178 	ret = ath10k_monitor_vdev_create(ar);
1179 	if (ret) {
1180 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1181 		return ret;
1182 	}
1183 
1184 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1185 	if (ret) {
1186 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1187 		ath10k_monitor_vdev_delete(ar);
1188 		return ret;
1189 	}
1190 
1191 	ar->monitor_started = true;
1192 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1193 
1194 	return 0;
1195 }
1196 
1197 static int ath10k_monitor_stop(struct ath10k *ar)
1198 {
1199 	int ret;
1200 
1201 	lockdep_assert_held(&ar->conf_mutex);
1202 
1203 	ret = ath10k_monitor_vdev_stop(ar);
1204 	if (ret) {
1205 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1206 		return ret;
1207 	}
1208 
1209 	ret = ath10k_monitor_vdev_delete(ar);
1210 	if (ret) {
1211 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1212 		return ret;
1213 	}
1214 
1215 	ar->monitor_started = false;
1216 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1217 
1218 	return 0;
1219 }
1220 
1221 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1222 {
1223 	int num_ctx;
1224 
1225 	/* At least one chanctx is required to derive a channel to start
1226 	 * monitor vdev on.
1227 	 */
1228 	num_ctx = ath10k_mac_num_chanctxs(ar);
1229 	if (num_ctx == 0)
1230 		return false;
1231 
1232 	/* If there's already an existing special monitor interface then don't
1233 	 * bother creating another monitor vdev.
1234 	 */
1235 	if (ar->monitor_arvif)
1236 		return false;
1237 
1238 	return ar->monitor ||
1239 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1240 			  ar->running_fw->fw_file.fw_features) &&
1241 		(ar->filter_flags & FIF_OTHER_BSS)) ||
1242 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1243 }
1244 
1245 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1246 {
1247 	int num_ctx;
1248 
1249 	num_ctx = ath10k_mac_num_chanctxs(ar);
1250 
1251 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1252 	 * shouldn't allow this but make sure to prevent handling the following
1253 	 * case anyway since multi-channel DFS hasn't been tested at all.
1254 	 */
1255 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1256 		return false;
1257 
1258 	return true;
1259 }
1260 
1261 static int ath10k_monitor_recalc(struct ath10k *ar)
1262 {
1263 	bool needed;
1264 	bool allowed;
1265 	int ret;
1266 
1267 	lockdep_assert_held(&ar->conf_mutex);
1268 
1269 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1270 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1271 
1272 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1273 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1274 		   ar->monitor_started, needed, allowed);
1275 
1276 	if (WARN_ON(needed && !allowed)) {
1277 		if (ar->monitor_started) {
1278 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1279 
1280 			ret = ath10k_monitor_stop(ar);
1281 			if (ret)
1282 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1283 					    ret);
1284 				/* not serious */
1285 		}
1286 
1287 		return -EPERM;
1288 	}
1289 
1290 	if (needed == ar->monitor_started)
1291 		return 0;
1292 
1293 	if (needed)
1294 		return ath10k_monitor_start(ar);
1295 	else
1296 		return ath10k_monitor_stop(ar);
1297 }
1298 
1299 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1300 {
1301 	struct ath10k *ar = arvif->ar;
1302 
1303 	lockdep_assert_held(&ar->conf_mutex);
1304 
1305 	if (!arvif->is_started) {
1306 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1307 		return false;
1308 	}
1309 
1310 	return true;
1311 }
1312 
1313 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1314 {
1315 	struct ath10k *ar = arvif->ar;
1316 	u32 vdev_param;
1317 
1318 	lockdep_assert_held(&ar->conf_mutex);
1319 
1320 	vdev_param = ar->wmi.vdev_param->protection_mode;
1321 
1322 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1323 		   arvif->vdev_id, arvif->use_cts_prot);
1324 
1325 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1326 					 arvif->use_cts_prot ? 1 : 0);
1327 }
1328 
1329 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1330 {
1331 	struct ath10k *ar = arvif->ar;
1332 	u32 vdev_param, rts_cts = 0;
1333 
1334 	lockdep_assert_held(&ar->conf_mutex);
1335 
1336 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1337 
1338 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1339 
1340 	if (arvif->num_legacy_stations > 0)
1341 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1342 			      WMI_RTSCTS_PROFILE);
1343 	else
1344 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1345 			      WMI_RTSCTS_PROFILE);
1346 
1347 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1348 		   arvif->vdev_id, rts_cts);
1349 
1350 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1351 					 rts_cts);
1352 }
1353 
1354 static int ath10k_start_cac(struct ath10k *ar)
1355 {
1356 	int ret;
1357 
1358 	lockdep_assert_held(&ar->conf_mutex);
1359 
1360 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1361 
1362 	ret = ath10k_monitor_recalc(ar);
1363 	if (ret) {
1364 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1365 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1366 		return ret;
1367 	}
1368 
1369 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1370 		   ar->monitor_vdev_id);
1371 
1372 	return 0;
1373 }
1374 
1375 static int ath10k_stop_cac(struct ath10k *ar)
1376 {
1377 	lockdep_assert_held(&ar->conf_mutex);
1378 
1379 	/* CAC is not running - do nothing */
1380 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1381 		return 0;
1382 
1383 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1384 	ath10k_monitor_stop(ar);
1385 
1386 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1387 
1388 	return 0;
1389 }
1390 
1391 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1392 				      struct ieee80211_chanctx_conf *conf,
1393 				      void *data)
1394 {
1395 	bool *ret = data;
1396 
1397 	if (!*ret && conf->radar_enabled)
1398 		*ret = true;
1399 }
1400 
1401 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1402 {
1403 	bool has_radar = false;
1404 
1405 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1406 					    ath10k_mac_has_radar_iter,
1407 					    &has_radar);
1408 
1409 	return has_radar;
1410 }
1411 
1412 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1413 {
1414 	int ret;
1415 
1416 	lockdep_assert_held(&ar->conf_mutex);
1417 
1418 	ath10k_stop_cac(ar);
1419 
1420 	if (!ath10k_mac_has_radar_enabled(ar))
1421 		return;
1422 
1423 	if (ar->num_started_vdevs > 0)
1424 		return;
1425 
1426 	ret = ath10k_start_cac(ar);
1427 	if (ret) {
1428 		/*
1429 		 * Not possible to start CAC on current channel so starting
1430 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1431 		 * by indicating that radar was detected.
1432 		 */
1433 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1434 		ieee80211_radar_detected(ar->hw);
1435 	}
1436 }
1437 
1438 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1439 {
1440 	struct ath10k *ar = arvif->ar;
1441 	int ret;
1442 
1443 	lockdep_assert_held(&ar->conf_mutex);
1444 
1445 	reinit_completion(&ar->vdev_setup_done);
1446 	reinit_completion(&ar->vdev_delete_done);
1447 
1448 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1449 	if (ret) {
1450 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1451 			    arvif->vdev_id, ret);
1452 		return ret;
1453 	}
1454 
1455 	ret = ath10k_vdev_setup_sync(ar);
1456 	if (ret) {
1457 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1458 			    arvif->vdev_id, ret);
1459 		return ret;
1460 	}
1461 
1462 	WARN_ON(ar->num_started_vdevs == 0);
1463 
1464 	if (ar->num_started_vdevs != 0) {
1465 		ar->num_started_vdevs--;
1466 		ath10k_recalc_radar_detection(ar);
1467 	}
1468 
1469 	return ret;
1470 }
1471 
1472 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1473 				     const struct cfg80211_chan_def *chandef,
1474 				     bool restart)
1475 {
1476 	struct ath10k *ar = arvif->ar;
1477 	struct wmi_vdev_start_request_arg arg = {};
1478 	int ret = 0;
1479 
1480 	lockdep_assert_held(&ar->conf_mutex);
1481 
1482 	reinit_completion(&ar->vdev_setup_done);
1483 	reinit_completion(&ar->vdev_delete_done);
1484 
1485 	arg.vdev_id = arvif->vdev_id;
1486 	arg.dtim_period = arvif->dtim_period;
1487 	arg.bcn_intval = arvif->beacon_interval;
1488 
1489 	arg.channel.freq = chandef->chan->center_freq;
1490 	arg.channel.band_center_freq1 = chandef->center_freq1;
1491 	arg.channel.band_center_freq2 = chandef->center_freq2;
1492 	arg.channel.mode = chan_to_phymode(chandef);
1493 
1494 	arg.channel.min_power = 0;
1495 	arg.channel.max_power = chandef->chan->max_power * 2;
1496 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1497 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain * 2;
1498 
1499 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1500 		arg.ssid = arvif->u.ap.ssid;
1501 		arg.ssid_len = arvif->u.ap.ssid_len;
1502 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1503 
1504 		/* For now allow DFS for AP mode */
1505 		arg.channel.chan_radar =
1506 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1507 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1508 		arg.ssid = arvif->vif->bss_conf.ssid;
1509 		arg.ssid_len = arvif->vif->bss_conf.ssid_len;
1510 	}
1511 
1512 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1513 		   "mac vdev %d start center_freq %d phymode %s\n",
1514 		   arg.vdev_id, arg.channel.freq,
1515 		   ath10k_wmi_phymode_str(arg.channel.mode));
1516 
1517 	if (restart)
1518 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1519 	else
1520 		ret = ath10k_wmi_vdev_start(ar, &arg);
1521 
1522 	if (ret) {
1523 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1524 			    arg.vdev_id, ret);
1525 		return ret;
1526 	}
1527 
1528 	ret = ath10k_vdev_setup_sync(ar);
1529 	if (ret) {
1530 		ath10k_warn(ar,
1531 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1532 			    arg.vdev_id, restart, ret);
1533 		return ret;
1534 	}
1535 
1536 	ar->num_started_vdevs++;
1537 	ath10k_recalc_radar_detection(ar);
1538 
1539 	return ret;
1540 }
1541 
1542 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1543 			     const struct cfg80211_chan_def *def)
1544 {
1545 	return ath10k_vdev_start_restart(arvif, def, false);
1546 }
1547 
1548 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1549 			       const struct cfg80211_chan_def *def)
1550 {
1551 	return ath10k_vdev_start_restart(arvif, def, true);
1552 }
1553 
1554 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1555 				       struct sk_buff *bcn)
1556 {
1557 	struct ath10k *ar = arvif->ar;
1558 	struct ieee80211_mgmt *mgmt;
1559 	const u8 *p2p_ie;
1560 	int ret;
1561 
1562 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1563 		return 0;
1564 
1565 	mgmt = (void *)bcn->data;
1566 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1567 					 mgmt->u.beacon.variable,
1568 					 bcn->len - (mgmt->u.beacon.variable -
1569 						     bcn->data));
1570 	if (!p2p_ie)
1571 		return -ENOENT;
1572 
1573 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1574 	if (ret) {
1575 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1576 			    arvif->vdev_id, ret);
1577 		return ret;
1578 	}
1579 
1580 	return 0;
1581 }
1582 
1583 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1584 				       u8 oui_type, size_t ie_offset)
1585 {
1586 	size_t len;
1587 	const u8 *next;
1588 	const u8 *end;
1589 	u8 *ie;
1590 
1591 	if (WARN_ON(skb->len < ie_offset))
1592 		return -EINVAL;
1593 
1594 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1595 					   skb->data + ie_offset,
1596 					   skb->len - ie_offset);
1597 	if (!ie)
1598 		return -ENOENT;
1599 
1600 	len = ie[1] + 2;
1601 	end = skb->data + skb->len;
1602 	next = ie + len;
1603 
1604 	if (WARN_ON(next > end))
1605 		return -EINVAL;
1606 
1607 	memmove(ie, next, end - next);
1608 	skb_trim(skb, skb->len - len);
1609 
1610 	return 0;
1611 }
1612 
1613 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1614 {
1615 	struct ath10k *ar = arvif->ar;
1616 	struct ieee80211_hw *hw = ar->hw;
1617 	struct ieee80211_vif *vif = arvif->vif;
1618 	struct ieee80211_mutable_offsets offs = {};
1619 	struct sk_buff *bcn;
1620 	int ret;
1621 
1622 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1623 		return 0;
1624 
1625 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1626 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1627 		return 0;
1628 
1629 	bcn = ieee80211_beacon_get_template(hw, vif, &offs);
1630 	if (!bcn) {
1631 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1632 		return -EPERM;
1633 	}
1634 
1635 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1636 	if (ret) {
1637 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1638 		kfree_skb(bcn);
1639 		return ret;
1640 	}
1641 
1642 	/* P2P IE is inserted by firmware automatically (as configured above)
1643 	 * so remove it from the base beacon template to avoid duplicate P2P
1644 	 * IEs in beacon frames.
1645 	 */
1646 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1647 				    offsetof(struct ieee80211_mgmt,
1648 					     u.beacon.variable));
1649 
1650 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1651 				  0, NULL, 0);
1652 	kfree_skb(bcn);
1653 
1654 	if (ret) {
1655 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1656 			    ret);
1657 		return ret;
1658 	}
1659 
1660 	return 0;
1661 }
1662 
1663 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1664 {
1665 	struct ath10k *ar = arvif->ar;
1666 	struct ieee80211_hw *hw = ar->hw;
1667 	struct ieee80211_vif *vif = arvif->vif;
1668 	struct sk_buff *prb;
1669 	int ret;
1670 
1671 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1672 		return 0;
1673 
1674 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1675 		return 0;
1676 
1677 	 /* For mesh, probe response and beacon share the same template */
1678 	if (ieee80211_vif_is_mesh(vif))
1679 		return 0;
1680 
1681 	prb = ieee80211_proberesp_get(hw, vif);
1682 	if (!prb) {
1683 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1684 		return -EPERM;
1685 	}
1686 
1687 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1688 	kfree_skb(prb);
1689 
1690 	if (ret) {
1691 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1692 			    ret);
1693 		return ret;
1694 	}
1695 
1696 	return 0;
1697 }
1698 
1699 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1700 {
1701 	struct ath10k *ar = arvif->ar;
1702 	struct cfg80211_chan_def def;
1703 	int ret;
1704 
1705 	/* When originally vdev is started during assign_vif_chanctx() some
1706 	 * information is missing, notably SSID. Firmware revisions with beacon
1707 	 * offloading require the SSID to be provided during vdev (re)start to
1708 	 * handle hidden SSID properly.
1709 	 *
1710 	 * Vdev restart must be done after vdev has been both started and
1711 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1712 	 * deliver vdev restart response event causing timeouts during vdev
1713 	 * syncing in ath10k.
1714 	 *
1715 	 * Note: The vdev down/up and template reinstallation could be skipped
1716 	 * since only wmi-tlv firmware are known to have beacon offload and
1717 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1718 	 * response delivery. It's probably more robust to keep it as is.
1719 	 */
1720 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1721 		return 0;
1722 
1723 	if (WARN_ON(!arvif->is_started))
1724 		return -EINVAL;
1725 
1726 	if (WARN_ON(!arvif->is_up))
1727 		return -EINVAL;
1728 
1729 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1730 		return -EINVAL;
1731 
1732 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1733 	if (ret) {
1734 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1735 			    arvif->vdev_id, ret);
1736 		return ret;
1737 	}
1738 
1739 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1740 	 * firmware will crash upon vdev up.
1741 	 */
1742 
1743 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1744 	if (ret) {
1745 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1746 		return ret;
1747 	}
1748 
1749 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1750 	if (ret) {
1751 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1752 		return ret;
1753 	}
1754 
1755 	ret = ath10k_vdev_restart(arvif, &def);
1756 	if (ret) {
1757 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1758 			    arvif->vdev_id, ret);
1759 		return ret;
1760 	}
1761 
1762 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1763 				 arvif->bssid);
1764 	if (ret) {
1765 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1766 			    arvif->vdev_id, ret);
1767 		return ret;
1768 	}
1769 
1770 	return 0;
1771 }
1772 
1773 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1774 				     struct ieee80211_bss_conf *info)
1775 {
1776 	struct ath10k *ar = arvif->ar;
1777 	int ret = 0;
1778 
1779 	lockdep_assert_held(&arvif->ar->conf_mutex);
1780 
1781 	if (!info->enable_beacon) {
1782 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1783 		if (ret)
1784 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1785 				    arvif->vdev_id, ret);
1786 
1787 		arvif->is_up = false;
1788 
1789 		spin_lock_bh(&arvif->ar->data_lock);
1790 		ath10k_mac_vif_beacon_free(arvif);
1791 		spin_unlock_bh(&arvif->ar->data_lock);
1792 
1793 		return;
1794 	}
1795 
1796 	arvif->tx_seq_no = 0x1000;
1797 
1798 	arvif->aid = 0;
1799 	ether_addr_copy(arvif->bssid, info->bssid);
1800 
1801 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1802 				 arvif->bssid);
1803 	if (ret) {
1804 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1805 			    arvif->vdev_id, ret);
1806 		return;
1807 	}
1808 
1809 	arvif->is_up = true;
1810 
1811 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1812 	if (ret) {
1813 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1814 			    arvif->vdev_id, ret);
1815 		return;
1816 	}
1817 
1818 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1819 }
1820 
1821 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1822 				struct ieee80211_bss_conf *info,
1823 				const u8 self_peer[ETH_ALEN])
1824 {
1825 	struct ath10k *ar = arvif->ar;
1826 	u32 vdev_param;
1827 	int ret = 0;
1828 
1829 	lockdep_assert_held(&arvif->ar->conf_mutex);
1830 
1831 	if (!info->ibss_joined) {
1832 		if (is_zero_ether_addr(arvif->bssid))
1833 			return;
1834 
1835 		eth_zero_addr(arvif->bssid);
1836 
1837 		return;
1838 	}
1839 
1840 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1841 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1842 					ATH10K_DEFAULT_ATIM);
1843 	if (ret)
1844 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1845 			    arvif->vdev_id, ret);
1846 }
1847 
1848 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1849 {
1850 	struct ath10k *ar = arvif->ar;
1851 	u32 param;
1852 	u32 value;
1853 	int ret;
1854 
1855 	lockdep_assert_held(&arvif->ar->conf_mutex);
1856 
1857 	if (arvif->u.sta.uapsd)
1858 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1859 	else
1860 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1861 
1862 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1863 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1864 	if (ret) {
1865 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1866 			    value, arvif->vdev_id, ret);
1867 		return ret;
1868 	}
1869 
1870 	return 0;
1871 }
1872 
1873 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1874 {
1875 	struct ath10k *ar = arvif->ar;
1876 	u32 param;
1877 	u32 value;
1878 	int ret;
1879 
1880 	lockdep_assert_held(&arvif->ar->conf_mutex);
1881 
1882 	if (arvif->u.sta.uapsd)
1883 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1884 	else
1885 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1886 
1887 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1888 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1889 					  param, value);
1890 	if (ret) {
1891 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1892 			    value, arvif->vdev_id, ret);
1893 		return ret;
1894 	}
1895 
1896 	return 0;
1897 }
1898 
1899 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1900 {
1901 	struct ath10k_vif *arvif;
1902 	int num = 0;
1903 
1904 	lockdep_assert_held(&ar->conf_mutex);
1905 
1906 	list_for_each_entry(arvif, &ar->arvifs, list)
1907 		if (arvif->is_started)
1908 			num++;
1909 
1910 	return num;
1911 }
1912 
1913 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1914 {
1915 	struct ath10k *ar = arvif->ar;
1916 	struct ieee80211_vif *vif = arvif->vif;
1917 	struct ieee80211_conf *conf = &ar->hw->conf;
1918 	enum wmi_sta_powersave_param param;
1919 	enum wmi_sta_ps_mode psmode;
1920 	int ret;
1921 	int ps_timeout;
1922 	bool enable_ps;
1923 
1924 	lockdep_assert_held(&arvif->ar->conf_mutex);
1925 
1926 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1927 		return 0;
1928 
1929 	enable_ps = arvif->ps;
1930 
1931 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1932 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1933 		      ar->running_fw->fw_file.fw_features)) {
1934 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1935 			    arvif->vdev_id);
1936 		enable_ps = false;
1937 	}
1938 
1939 	if (!arvif->is_started) {
1940 		/* mac80211 can update vif powersave state while disconnected.
1941 		 * Firmware doesn't behave nicely and consumes more power than
1942 		 * necessary if PS is disabled on a non-started vdev. Hence
1943 		 * force-enable PS for non-running vdevs.
1944 		 */
1945 		psmode = WMI_STA_PS_MODE_ENABLED;
1946 	} else if (enable_ps) {
1947 		psmode = WMI_STA_PS_MODE_ENABLED;
1948 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1949 
1950 		ps_timeout = conf->dynamic_ps_timeout;
1951 		if (ps_timeout == 0) {
1952 			/* Firmware doesn't like 0 */
1953 			ps_timeout = ieee80211_tu_to_usec(
1954 				vif->bss_conf.beacon_int) / 1000;
1955 		}
1956 
1957 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1958 						  ps_timeout);
1959 		if (ret) {
1960 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1961 				    arvif->vdev_id, ret);
1962 			return ret;
1963 		}
1964 	} else {
1965 		psmode = WMI_STA_PS_MODE_DISABLED;
1966 	}
1967 
1968 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1969 		   arvif->vdev_id, psmode ? "enable" : "disable");
1970 
1971 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1972 	if (ret) {
1973 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
1974 			    psmode, arvif->vdev_id, ret);
1975 		return ret;
1976 	}
1977 
1978 	return 0;
1979 }
1980 
1981 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
1982 {
1983 	struct ath10k *ar = arvif->ar;
1984 	struct wmi_sta_keepalive_arg arg = {};
1985 	int ret;
1986 
1987 	lockdep_assert_held(&arvif->ar->conf_mutex);
1988 
1989 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
1990 		return 0;
1991 
1992 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
1993 		return 0;
1994 
1995 	/* Some firmware revisions have a bug and ignore the `enabled` field.
1996 	 * Instead use the interval to disable the keepalive.
1997 	 */
1998 	arg.vdev_id = arvif->vdev_id;
1999 	arg.enabled = 1;
2000 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
2001 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
2002 
2003 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
2004 	if (ret) {
2005 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
2006 			    arvif->vdev_id, ret);
2007 		return ret;
2008 	}
2009 
2010 	return 0;
2011 }
2012 
2013 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2014 {
2015 	struct ath10k *ar = arvif->ar;
2016 	struct ieee80211_vif *vif = arvif->vif;
2017 	int ret;
2018 
2019 	lockdep_assert_held(&arvif->ar->conf_mutex);
2020 
2021 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2022 		return;
2023 
2024 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2025 		return;
2026 
2027 	if (!vif->csa_active)
2028 		return;
2029 
2030 	if (!arvif->is_up)
2031 		return;
2032 
2033 	if (!ieee80211_beacon_cntdwn_is_complete(vif)) {
2034 		ieee80211_beacon_update_cntdwn(vif);
2035 
2036 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2037 		if (ret)
2038 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2039 				    ret);
2040 
2041 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2042 		if (ret)
2043 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2044 				    ret);
2045 	} else {
2046 		ieee80211_csa_finish(vif);
2047 	}
2048 }
2049 
2050 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2051 {
2052 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2053 						ap_csa_work);
2054 	struct ath10k *ar = arvif->ar;
2055 
2056 	mutex_lock(&ar->conf_mutex);
2057 	ath10k_mac_vif_ap_csa_count_down(arvif);
2058 	mutex_unlock(&ar->conf_mutex);
2059 }
2060 
2061 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2062 					  struct ieee80211_vif *vif)
2063 {
2064 	struct sk_buff *skb = data;
2065 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2066 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2067 
2068 	if (vif->type != NL80211_IFTYPE_STATION)
2069 		return;
2070 
2071 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2072 		return;
2073 
2074 	cancel_delayed_work(&arvif->connection_loss_work);
2075 }
2076 
2077 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2078 {
2079 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2080 						   ATH10K_ITER_NORMAL_FLAGS,
2081 						   ath10k_mac_handle_beacon_iter,
2082 						   skb);
2083 }
2084 
2085 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2086 					       struct ieee80211_vif *vif)
2087 {
2088 	u32 *vdev_id = data;
2089 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2090 	struct ath10k *ar = arvif->ar;
2091 	struct ieee80211_hw *hw = ar->hw;
2092 
2093 	if (arvif->vdev_id != *vdev_id)
2094 		return;
2095 
2096 	if (!arvif->is_up)
2097 		return;
2098 
2099 	ieee80211_beacon_loss(vif);
2100 
2101 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2102 	 * (done by mac80211) succeeds but beacons do not resume then it
2103 	 * doesn't make sense to continue operation. Queue connection loss work
2104 	 * which can be cancelled when beacon is received.
2105 	 */
2106 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2107 				     ATH10K_CONNECTION_LOSS_HZ);
2108 }
2109 
2110 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2111 {
2112 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2113 						   ATH10K_ITER_NORMAL_FLAGS,
2114 						   ath10k_mac_handle_beacon_miss_iter,
2115 						   &vdev_id);
2116 }
2117 
2118 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2119 {
2120 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2121 						connection_loss_work.work);
2122 	struct ieee80211_vif *vif = arvif->vif;
2123 
2124 	if (!arvif->is_up)
2125 		return;
2126 
2127 	ieee80211_connection_loss(vif);
2128 }
2129 
2130 /**********************/
2131 /* Station management */
2132 /**********************/
2133 
2134 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2135 					     struct ieee80211_vif *vif)
2136 {
2137 	/* Some firmware revisions have unstable STA powersave when listen
2138 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2139 	 * generate NullFunc frames properly even if buffered frames have been
2140 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2141 	 * buffered frames. Often pinging the device from AP would simply fail.
2142 	 *
2143 	 * As a workaround set it to 1.
2144 	 */
2145 	if (vif->type == NL80211_IFTYPE_STATION)
2146 		return 1;
2147 
2148 	return ar->hw->conf.listen_interval;
2149 }
2150 
2151 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2152 				      struct ieee80211_vif *vif,
2153 				      struct ieee80211_sta *sta,
2154 				      struct wmi_peer_assoc_complete_arg *arg)
2155 {
2156 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2157 	u32 aid;
2158 
2159 	lockdep_assert_held(&ar->conf_mutex);
2160 
2161 	if (vif->type == NL80211_IFTYPE_STATION)
2162 		aid = vif->bss_conf.aid;
2163 	else
2164 		aid = sta->aid;
2165 
2166 	ether_addr_copy(arg->addr, sta->addr);
2167 	arg->vdev_id = arvif->vdev_id;
2168 	arg->peer_aid = aid;
2169 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2170 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2171 	arg->peer_num_spatial_streams = 1;
2172 	arg->peer_caps = vif->bss_conf.assoc_capability;
2173 }
2174 
2175 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2176 				       struct ieee80211_vif *vif,
2177 				       struct ieee80211_sta *sta,
2178 				       struct wmi_peer_assoc_complete_arg *arg)
2179 {
2180 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2181 	struct cfg80211_chan_def def;
2182 	struct cfg80211_bss *bss;
2183 	const u8 *rsnie = NULL;
2184 	const u8 *wpaie = NULL;
2185 
2186 	lockdep_assert_held(&ar->conf_mutex);
2187 
2188 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2189 		return;
2190 
2191 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid,
2192 			       info->ssid_len ? info->ssid : NULL, info->ssid_len,
2193 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2194 	if (bss) {
2195 		const struct cfg80211_bss_ies *ies;
2196 
2197 		rcu_read_lock();
2198 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2199 
2200 		ies = rcu_dereference(bss->ies);
2201 
2202 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2203 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2204 						ies->data,
2205 						ies->len);
2206 		rcu_read_unlock();
2207 		cfg80211_put_bss(ar->hw->wiphy, bss);
2208 	}
2209 
2210 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2211 	if (rsnie || wpaie) {
2212 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2213 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2214 	}
2215 
2216 	if (wpaie) {
2217 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2218 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2219 	}
2220 
2221 	if (sta->mfp &&
2222 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2223 		     ar->running_fw->fw_file.fw_features)) {
2224 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2225 	}
2226 }
2227 
2228 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2229 				      struct ieee80211_vif *vif,
2230 				      struct ieee80211_sta *sta,
2231 				      struct wmi_peer_assoc_complete_arg *arg)
2232 {
2233 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2234 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2235 	struct cfg80211_chan_def def;
2236 	const struct ieee80211_supported_band *sband;
2237 	const struct ieee80211_rate *rates;
2238 	enum nl80211_band band;
2239 	u32 ratemask;
2240 	u8 rate;
2241 	int i;
2242 
2243 	lockdep_assert_held(&ar->conf_mutex);
2244 
2245 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2246 		return;
2247 
2248 	band = def.chan->band;
2249 	sband = ar->hw->wiphy->bands[band];
2250 	ratemask = sta->supp_rates[band];
2251 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2252 	rates = sband->bitrates;
2253 
2254 	rateset->num_rates = 0;
2255 
2256 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2257 		if (!(ratemask & 1))
2258 			continue;
2259 
2260 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2261 		rateset->rates[rateset->num_rates] = rate;
2262 		rateset->num_rates++;
2263 	}
2264 }
2265 
2266 static bool
2267 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2268 {
2269 	int nss;
2270 
2271 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2272 		if (ht_mcs_mask[nss])
2273 			return false;
2274 
2275 	return true;
2276 }
2277 
2278 static bool
2279 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2280 {
2281 	int nss;
2282 
2283 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2284 		if (vht_mcs_mask[nss])
2285 			return false;
2286 
2287 	return true;
2288 }
2289 
2290 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2291 				   struct ieee80211_vif *vif,
2292 				   struct ieee80211_sta *sta,
2293 				   struct wmi_peer_assoc_complete_arg *arg)
2294 {
2295 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->ht_cap;
2296 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2297 	struct cfg80211_chan_def def;
2298 	enum nl80211_band band;
2299 	const u8 *ht_mcs_mask;
2300 	const u16 *vht_mcs_mask;
2301 	int i, n;
2302 	u8 max_nss;
2303 	u32 stbc;
2304 
2305 	lockdep_assert_held(&ar->conf_mutex);
2306 
2307 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2308 		return;
2309 
2310 	if (!ht_cap->ht_supported)
2311 		return;
2312 
2313 	band = def.chan->band;
2314 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2315 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2316 
2317 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2318 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2319 		return;
2320 
2321 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2322 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2323 				    ht_cap->ampdu_factor)) - 1;
2324 
2325 	arg->peer_mpdu_density =
2326 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2327 
2328 	arg->peer_ht_caps = ht_cap->cap;
2329 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2330 
2331 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2332 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2333 
2334 	if (sta->bandwidth >= IEEE80211_STA_RX_BW_40) {
2335 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2336 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2337 	}
2338 
2339 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2340 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2341 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2342 
2343 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2344 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2345 	}
2346 
2347 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2348 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2349 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2350 	}
2351 
2352 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2353 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2354 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2355 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2356 		arg->peer_rate_caps |= stbc;
2357 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2358 	}
2359 
2360 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2361 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2362 	else if (ht_cap->mcs.rx_mask[1])
2363 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2364 
2365 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2366 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2367 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2368 			max_nss = (i / 8) + 1;
2369 			arg->peer_ht_rates.rates[n++] = i;
2370 		}
2371 
2372 	/*
2373 	 * This is a workaround for HT-enabled STAs which break the spec
2374 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2375 	 *
2376 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2377 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2378 	 *
2379 	 * Firmware asserts if such situation occurs.
2380 	 */
2381 	if (n == 0) {
2382 		arg->peer_ht_rates.num_rates = 8;
2383 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2384 			arg->peer_ht_rates.rates[i] = i;
2385 	} else {
2386 		arg->peer_ht_rates.num_rates = n;
2387 		arg->peer_num_spatial_streams = min(sta->rx_nss, max_nss);
2388 	}
2389 
2390 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2391 		   arg->addr,
2392 		   arg->peer_ht_rates.num_rates,
2393 		   arg->peer_num_spatial_streams);
2394 }
2395 
2396 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2397 				    struct ath10k_vif *arvif,
2398 				    struct ieee80211_sta *sta)
2399 {
2400 	u32 uapsd = 0;
2401 	u32 max_sp = 0;
2402 	int ret = 0;
2403 
2404 	lockdep_assert_held(&ar->conf_mutex);
2405 
2406 	if (sta->wme && sta->uapsd_queues) {
2407 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2408 			   sta->uapsd_queues, sta->max_sp);
2409 
2410 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2411 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2412 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2413 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2414 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2415 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2416 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2417 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2418 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2419 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2420 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2421 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2422 
2423 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2424 			max_sp = sta->max_sp;
2425 
2426 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2427 						 sta->addr,
2428 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2429 						 uapsd);
2430 		if (ret) {
2431 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2432 				    arvif->vdev_id, ret);
2433 			return ret;
2434 		}
2435 
2436 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2437 						 sta->addr,
2438 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2439 						 max_sp);
2440 		if (ret) {
2441 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2442 				    arvif->vdev_id, ret);
2443 			return ret;
2444 		}
2445 
2446 		/* TODO setup this based on STA listen interval and
2447 		 * beacon interval. Currently we don't know
2448 		 * sta->listen_interval - mac80211 patch required.
2449 		 * Currently use 10 seconds
2450 		 */
2451 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2452 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2453 						 10);
2454 		if (ret) {
2455 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2456 				    arvif->vdev_id, ret);
2457 			return ret;
2458 		}
2459 	}
2460 
2461 	return 0;
2462 }
2463 
2464 static u16
2465 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2466 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2467 {
2468 	int idx_limit;
2469 	int nss;
2470 	u16 mcs_map;
2471 	u16 mcs;
2472 
2473 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2474 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2475 			  vht_mcs_limit[nss];
2476 
2477 		if (mcs_map)
2478 			idx_limit = fls(mcs_map) - 1;
2479 		else
2480 			idx_limit = -1;
2481 
2482 		switch (idx_limit) {
2483 		case 0:
2484 		case 1:
2485 		case 2:
2486 		case 3:
2487 		case 4:
2488 		case 5:
2489 		case 6:
2490 		default:
2491 			/* see ath10k_mac_can_set_bitrate_mask() */
2492 			WARN_ON(1);
2493 			fallthrough;
2494 		case -1:
2495 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2496 			break;
2497 		case 7:
2498 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2499 			break;
2500 		case 8:
2501 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2502 			break;
2503 		case 9:
2504 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2505 			break;
2506 		}
2507 
2508 		tx_mcs_set &= ~(0x3 << (nss * 2));
2509 		tx_mcs_set |= mcs << (nss * 2);
2510 	}
2511 
2512 	return tx_mcs_set;
2513 }
2514 
2515 static u32 get_160mhz_nss_from_maxrate(int rate)
2516 {
2517 	u32 nss;
2518 
2519 	switch (rate) {
2520 	case 780:
2521 		nss = 1;
2522 		break;
2523 	case 1560:
2524 		nss = 2;
2525 		break;
2526 	case 2106:
2527 		nss = 3; /* not support MCS9 from spec*/
2528 		break;
2529 	case 3120:
2530 		nss = 4;
2531 		break;
2532 	default:
2533 		 nss = 1;
2534 	}
2535 
2536 	return nss;
2537 }
2538 
2539 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2540 				    struct ieee80211_vif *vif,
2541 				    struct ieee80211_sta *sta,
2542 				    struct wmi_peer_assoc_complete_arg *arg)
2543 {
2544 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->vht_cap;
2545 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2546 	struct ath10k_hw_params *hw = &ar->hw_params;
2547 	struct cfg80211_chan_def def;
2548 	enum nl80211_band band;
2549 	const u16 *vht_mcs_mask;
2550 	u8 ampdu_factor;
2551 	u8 max_nss, vht_mcs;
2552 	int i;
2553 
2554 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2555 		return;
2556 
2557 	if (!vht_cap->vht_supported)
2558 		return;
2559 
2560 	band = def.chan->band;
2561 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2562 
2563 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2564 		return;
2565 
2566 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2567 
2568 	if (def.chan->band == NL80211_BAND_2GHZ)
2569 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2570 
2571 	arg->peer_vht_caps = vht_cap->cap;
2572 
2573 	ampdu_factor = (vht_cap->cap &
2574 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2575 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2576 
2577 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2578 	 * zero in VHT IE. Using it would result in degraded throughput.
2579 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2580 	 * it if VHT max_mpdu is smaller.
2581 	 */
2582 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2583 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2584 					ampdu_factor)) - 1);
2585 
2586 	if (sta->bandwidth == IEEE80211_STA_RX_BW_80)
2587 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2588 
2589 	if (sta->bandwidth == IEEE80211_STA_RX_BW_160)
2590 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2591 
2592 	/* Calculate peer NSS capability from VHT capabilities if STA
2593 	 * supports VHT.
2594 	 */
2595 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2596 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2597 			  (2 * i) & 3;
2598 
2599 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2600 		    vht_mcs_mask[i])
2601 			max_nss = i + 1;
2602 	}
2603 	arg->peer_num_spatial_streams = min(sta->rx_nss, max_nss);
2604 	arg->peer_vht_rates.rx_max_rate =
2605 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2606 	arg->peer_vht_rates.rx_mcs_set =
2607 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2608 	arg->peer_vht_rates.tx_max_rate =
2609 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2610 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2611 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2612 
2613 	/* Configure bandwidth-NSS mapping to FW
2614 	 * for the chip's tx chains setting on 160Mhz bw
2615 	 */
2616 	if (arg->peer_phymode == MODE_11AC_VHT160 ||
2617 	    arg->peer_phymode == MODE_11AC_VHT80_80) {
2618 		u32 rx_nss;
2619 		u32 max_rate;
2620 
2621 		max_rate = arg->peer_vht_rates.rx_max_rate;
2622 		rx_nss = get_160mhz_nss_from_maxrate(max_rate);
2623 
2624 		if (rx_nss == 0)
2625 			rx_nss = arg->peer_num_spatial_streams;
2626 		else
2627 			rx_nss = min(arg->peer_num_spatial_streams, rx_nss);
2628 
2629 		max_rate = hw->vht160_mcs_tx_highest;
2630 		rx_nss = min(rx_nss, get_160mhz_nss_from_maxrate(max_rate));
2631 
2632 		arg->peer_bw_rxnss_override =
2633 			FIELD_PREP(WMI_PEER_NSS_MAP_ENABLE, 1) |
2634 			FIELD_PREP(WMI_PEER_NSS_160MHZ_MASK, (rx_nss - 1));
2635 
2636 		if (arg->peer_phymode == MODE_11AC_VHT80_80) {
2637 			arg->peer_bw_rxnss_override |=
2638 			FIELD_PREP(WMI_PEER_NSS_80_80MHZ_MASK, (rx_nss - 1));
2639 		}
2640 	}
2641 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2642 		   "mac vht peer %pM max_mpdu %d flags 0x%x peer_rx_nss_override 0x%x\n",
2643 		   sta->addr, arg->peer_max_mpdu,
2644 		   arg->peer_flags, arg->peer_bw_rxnss_override);
2645 }
2646 
2647 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2648 				    struct ieee80211_vif *vif,
2649 				    struct ieee80211_sta *sta,
2650 				    struct wmi_peer_assoc_complete_arg *arg)
2651 {
2652 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2653 
2654 	switch (arvif->vdev_type) {
2655 	case WMI_VDEV_TYPE_AP:
2656 		if (sta->wme)
2657 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2658 
2659 		if (sta->wme && sta->uapsd_queues) {
2660 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2661 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2662 		}
2663 		break;
2664 	case WMI_VDEV_TYPE_STA:
2665 		if (sta->wme)
2666 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2667 		break;
2668 	case WMI_VDEV_TYPE_IBSS:
2669 		if (sta->wme)
2670 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2671 		break;
2672 	default:
2673 		break;
2674 	}
2675 
2676 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2677 		   sta->addr, !!(arg->peer_flags &
2678 		   arvif->ar->wmi.peer_flags->qos));
2679 }
2680 
2681 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2682 {
2683 	return sta->supp_rates[NL80211_BAND_2GHZ] >>
2684 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2685 }
2686 
2687 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2688 						    struct ieee80211_sta *sta)
2689 {
2690 	if (sta->bandwidth == IEEE80211_STA_RX_BW_160) {
2691 		switch (sta->vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2692 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2693 			return MODE_11AC_VHT160;
2694 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2695 			return MODE_11AC_VHT80_80;
2696 		default:
2697 			/* not sure if this is a valid case? */
2698 			return MODE_11AC_VHT160;
2699 		}
2700 	}
2701 
2702 	if (sta->bandwidth == IEEE80211_STA_RX_BW_80)
2703 		return MODE_11AC_VHT80;
2704 
2705 	if (sta->bandwidth == IEEE80211_STA_RX_BW_40)
2706 		return MODE_11AC_VHT40;
2707 
2708 	if (sta->bandwidth == IEEE80211_STA_RX_BW_20)
2709 		return MODE_11AC_VHT20;
2710 
2711 	return MODE_UNKNOWN;
2712 }
2713 
2714 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2715 					struct ieee80211_vif *vif,
2716 					struct ieee80211_sta *sta,
2717 					struct wmi_peer_assoc_complete_arg *arg)
2718 {
2719 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2720 	struct cfg80211_chan_def def;
2721 	enum nl80211_band band;
2722 	const u8 *ht_mcs_mask;
2723 	const u16 *vht_mcs_mask;
2724 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2725 
2726 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2727 		return;
2728 
2729 	band = def.chan->band;
2730 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2731 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2732 
2733 	switch (band) {
2734 	case NL80211_BAND_2GHZ:
2735 		if (sta->vht_cap.vht_supported &&
2736 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2737 			if (sta->bandwidth == IEEE80211_STA_RX_BW_40)
2738 				phymode = MODE_11AC_VHT40;
2739 			else
2740 				phymode = MODE_11AC_VHT20;
2741 		} else if (sta->ht_cap.ht_supported &&
2742 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2743 			if (sta->bandwidth == IEEE80211_STA_RX_BW_40)
2744 				phymode = MODE_11NG_HT40;
2745 			else
2746 				phymode = MODE_11NG_HT20;
2747 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2748 			phymode = MODE_11G;
2749 		} else {
2750 			phymode = MODE_11B;
2751 		}
2752 
2753 		break;
2754 	case NL80211_BAND_5GHZ:
2755 		/*
2756 		 * Check VHT first.
2757 		 */
2758 		if (sta->vht_cap.vht_supported &&
2759 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2760 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2761 		} else if (sta->ht_cap.ht_supported &&
2762 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2763 			if (sta->bandwidth >= IEEE80211_STA_RX_BW_40)
2764 				phymode = MODE_11NA_HT40;
2765 			else
2766 				phymode = MODE_11NA_HT20;
2767 		} else {
2768 			phymode = MODE_11A;
2769 		}
2770 
2771 		break;
2772 	default:
2773 		break;
2774 	}
2775 
2776 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2777 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2778 
2779 	arg->peer_phymode = phymode;
2780 	WARN_ON(phymode == MODE_UNKNOWN);
2781 }
2782 
2783 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2784 				     struct ieee80211_vif *vif,
2785 				     struct ieee80211_sta *sta,
2786 				     struct wmi_peer_assoc_complete_arg *arg)
2787 {
2788 	lockdep_assert_held(&ar->conf_mutex);
2789 
2790 	memset(arg, 0, sizeof(*arg));
2791 
2792 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2793 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2794 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2795 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2796 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2797 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2798 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2799 
2800 	return 0;
2801 }
2802 
2803 static const u32 ath10k_smps_map[] = {
2804 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2805 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2806 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2807 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2808 };
2809 
2810 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2811 				  const u8 *addr,
2812 				  const struct ieee80211_sta_ht_cap *ht_cap)
2813 {
2814 	int smps;
2815 
2816 	if (!ht_cap->ht_supported)
2817 		return 0;
2818 
2819 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2820 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2821 
2822 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2823 		return -EINVAL;
2824 
2825 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2826 					 ar->wmi.peer_param->smps_state,
2827 					 ath10k_smps_map[smps]);
2828 }
2829 
2830 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2831 				      struct ieee80211_vif *vif,
2832 				      struct ieee80211_sta_vht_cap vht_cap)
2833 {
2834 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2835 	int ret;
2836 	u32 param;
2837 	u32 value;
2838 
2839 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2840 		return 0;
2841 
2842 	if (!(ar->vht_cap_info &
2843 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2844 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2845 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2846 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2847 		return 0;
2848 
2849 	param = ar->wmi.vdev_param->txbf;
2850 	value = 0;
2851 
2852 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2853 		return 0;
2854 
2855 	/* The following logic is correct. If a remote STA advertises support
2856 	 * for being a beamformer then we should enable us being a beamformee.
2857 	 */
2858 
2859 	if (ar->vht_cap_info &
2860 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2861 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2862 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2863 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2864 
2865 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2866 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2867 	}
2868 
2869 	if (ar->vht_cap_info &
2870 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2871 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2872 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2873 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2874 
2875 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2876 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2877 	}
2878 
2879 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2880 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2881 
2882 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2883 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2884 
2885 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2886 	if (ret) {
2887 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2888 			    value, ret);
2889 		return ret;
2890 	}
2891 
2892 	return 0;
2893 }
2894 
2895 static bool ath10k_mac_is_connected(struct ath10k *ar)
2896 {
2897 	struct ath10k_vif *arvif;
2898 
2899 	list_for_each_entry(arvif, &ar->arvifs, list) {
2900 		if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
2901 			return true;
2902 	}
2903 
2904 	return false;
2905 }
2906 
2907 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
2908 {
2909 	int ret;
2910 	u32 param;
2911 	int tx_power_2g, tx_power_5g;
2912 	bool connected;
2913 
2914 	lockdep_assert_held(&ar->conf_mutex);
2915 
2916 	/* ath10k internally uses unit of 0.5 dBm so multiply by 2 */
2917 	tx_power_2g = txpower * 2;
2918 	tx_power_5g = txpower * 2;
2919 
2920 	connected = ath10k_mac_is_connected(ar);
2921 
2922 	if (connected && ar->tx_power_2g_limit)
2923 		if (tx_power_2g > ar->tx_power_2g_limit)
2924 			tx_power_2g = ar->tx_power_2g_limit;
2925 
2926 	if (connected && ar->tx_power_5g_limit)
2927 		if (tx_power_5g > ar->tx_power_5g_limit)
2928 			tx_power_5g = ar->tx_power_5g_limit;
2929 
2930 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower 2g: %d, 5g: %d\n",
2931 		   tx_power_2g, tx_power_5g);
2932 
2933 	param = ar->wmi.pdev_param->txpower_limit2g;
2934 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_2g);
2935 	if (ret) {
2936 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
2937 			    tx_power_2g, ret);
2938 		return ret;
2939 	}
2940 
2941 	param = ar->wmi.pdev_param->txpower_limit5g;
2942 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_5g);
2943 	if (ret) {
2944 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
2945 			    tx_power_5g, ret);
2946 		return ret;
2947 	}
2948 
2949 	return 0;
2950 }
2951 
2952 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
2953 {
2954 	struct ath10k_vif *arvif;
2955 	int ret, txpower = -1;
2956 
2957 	lockdep_assert_held(&ar->conf_mutex);
2958 
2959 	list_for_each_entry(arvif, &ar->arvifs, list) {
2960 		/* txpower not initialized yet? */
2961 		if (arvif->txpower == INT_MIN)
2962 			continue;
2963 
2964 		if (txpower == -1)
2965 			txpower = arvif->txpower;
2966 		else
2967 			txpower = min(txpower, arvif->txpower);
2968 	}
2969 
2970 	if (txpower == -1)
2971 		return 0;
2972 
2973 	ret = ath10k_mac_txpower_setup(ar, txpower);
2974 	if (ret) {
2975 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
2976 			    txpower, ret);
2977 		return ret;
2978 	}
2979 
2980 	return 0;
2981 }
2982 
2983 static int ath10k_mac_set_sar_power(struct ath10k *ar)
2984 {
2985 	if (!ar->hw_params.dynamic_sar_support)
2986 		return -EOPNOTSUPP;
2987 
2988 	if (!ath10k_mac_is_connected(ar))
2989 		return 0;
2990 
2991 	/* if connected, then arvif->txpower must be valid */
2992 	return ath10k_mac_txpower_recalc(ar);
2993 }
2994 
2995 static int ath10k_mac_set_sar_specs(struct ieee80211_hw *hw,
2996 				    const struct cfg80211_sar_specs *sar)
2997 {
2998 	const struct cfg80211_sar_sub_specs *sub_specs;
2999 	struct ath10k *ar = hw->priv;
3000 	u32 i;
3001 	int ret;
3002 
3003 	mutex_lock(&ar->conf_mutex);
3004 
3005 	if (!ar->hw_params.dynamic_sar_support) {
3006 		ret = -EOPNOTSUPP;
3007 		goto err;
3008 	}
3009 
3010 	if (!sar || sar->type != NL80211_SAR_TYPE_POWER ||
3011 	    sar->num_sub_specs == 0) {
3012 		ret = -EINVAL;
3013 		goto err;
3014 	}
3015 
3016 	sub_specs = sar->sub_specs;
3017 
3018 	/* 0dbm is not a practical value for ath10k, so use 0
3019 	 * as no SAR limitation on it.
3020 	 */
3021 	ar->tx_power_2g_limit = 0;
3022 	ar->tx_power_5g_limit = 0;
3023 
3024 	/* note the power is in 0.25dbm unit, while ath10k uses
3025 	 * 0.5dbm unit.
3026 	 */
3027 	for (i = 0; i < sar->num_sub_specs; i++) {
3028 		if (sub_specs->freq_range_index == 0)
3029 			ar->tx_power_2g_limit = sub_specs->power / 2;
3030 		else if (sub_specs->freq_range_index == 1)
3031 			ar->tx_power_5g_limit = sub_specs->power / 2;
3032 
3033 		sub_specs++;
3034 	}
3035 
3036 	ret = ath10k_mac_set_sar_power(ar);
3037 	if (ret) {
3038 		ath10k_warn(ar, "failed to set sar power: %d", ret);
3039 		goto err;
3040 	}
3041 
3042 err:
3043 	mutex_unlock(&ar->conf_mutex);
3044 	return ret;
3045 }
3046 
3047 /* can be called only in mac80211 callbacks due to `key_count` usage */
3048 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
3049 			     struct ieee80211_vif *vif,
3050 			     struct ieee80211_bss_conf *bss_conf)
3051 {
3052 	struct ath10k *ar = hw->priv;
3053 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3054 	struct ieee80211_sta_ht_cap ht_cap;
3055 	struct ieee80211_sta_vht_cap vht_cap;
3056 	struct wmi_peer_assoc_complete_arg peer_arg;
3057 	struct ieee80211_sta *ap_sta;
3058 	int ret;
3059 
3060 	lockdep_assert_held(&ar->conf_mutex);
3061 
3062 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
3063 		   arvif->vdev_id, arvif->bssid, arvif->aid);
3064 
3065 	rcu_read_lock();
3066 
3067 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
3068 	if (!ap_sta) {
3069 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
3070 			    bss_conf->bssid, arvif->vdev_id);
3071 		rcu_read_unlock();
3072 		return;
3073 	}
3074 
3075 	/* ap_sta must be accessed only within rcu section which must be left
3076 	 * before calling ath10k_setup_peer_smps() which might sleep.
3077 	 */
3078 	ht_cap = ap_sta->ht_cap;
3079 	vht_cap = ap_sta->vht_cap;
3080 
3081 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
3082 	if (ret) {
3083 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
3084 			    bss_conf->bssid, arvif->vdev_id, ret);
3085 		rcu_read_unlock();
3086 		return;
3087 	}
3088 
3089 	rcu_read_unlock();
3090 
3091 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3092 	if (ret) {
3093 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
3094 			    bss_conf->bssid, arvif->vdev_id, ret);
3095 		return;
3096 	}
3097 
3098 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
3099 	if (ret) {
3100 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
3101 			    arvif->vdev_id, ret);
3102 		return;
3103 	}
3104 
3105 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3106 	if (ret) {
3107 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
3108 			    arvif->vdev_id, bss_conf->bssid, ret);
3109 		return;
3110 	}
3111 
3112 	ath10k_dbg(ar, ATH10K_DBG_MAC,
3113 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
3114 		   arvif->vdev_id, bss_conf->bssid, bss_conf->aid);
3115 
3116 	WARN_ON(arvif->is_up);
3117 
3118 	arvif->aid = bss_conf->aid;
3119 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
3120 
3121 	ret = ath10k_wmi_pdev_set_param(ar,
3122 					ar->wmi.pdev_param->peer_stats_info_enable, 1);
3123 	if (ret)
3124 		ath10k_warn(ar, "failed to enable peer stats info: %d\n", ret);
3125 
3126 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
3127 	if (ret) {
3128 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
3129 			    arvif->vdev_id, ret);
3130 		return;
3131 	}
3132 
3133 	arvif->is_up = true;
3134 
3135 	ath10k_mac_set_sar_power(ar);
3136 
3137 	/* Workaround: Some firmware revisions (tested with qca6174
3138 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
3139 	 * poked with peer param command.
3140 	 */
3141 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
3142 					ar->wmi.peer_param->dummy_var, 1);
3143 	if (ret) {
3144 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
3145 			    arvif->bssid, arvif->vdev_id, ret);
3146 		return;
3147 	}
3148 }
3149 
3150 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
3151 				struct ieee80211_vif *vif)
3152 {
3153 	struct ath10k *ar = hw->priv;
3154 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3155 	struct ieee80211_sta_vht_cap vht_cap = {};
3156 	int ret;
3157 
3158 	lockdep_assert_held(&ar->conf_mutex);
3159 
3160 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
3161 		   arvif->vdev_id, arvif->bssid);
3162 
3163 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
3164 	if (ret)
3165 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
3166 			    arvif->vdev_id, ret);
3167 
3168 	arvif->def_wep_key_idx = -1;
3169 
3170 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3171 	if (ret) {
3172 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
3173 			    arvif->vdev_id, ret);
3174 		return;
3175 	}
3176 
3177 	arvif->is_up = false;
3178 
3179 	ath10k_mac_txpower_recalc(ar);
3180 
3181 	cancel_delayed_work_sync(&arvif->connection_loss_work);
3182 }
3183 
3184 static int ath10k_new_peer_tid_config(struct ath10k *ar,
3185 				      struct ieee80211_sta *sta,
3186 				      struct ath10k_vif *arvif)
3187 {
3188 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
3189 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3190 	bool config_apply;
3191 	int ret, i;
3192 
3193 	for (i = 0; i < ATH10K_TID_MAX; i++) {
3194 		config_apply = false;
3195 		if (arvif->retry_long[i] || arvif->ampdu[i] ||
3196 		    arvif->rate_ctrl[i] || arvif->rtscts[i]) {
3197 			config_apply = true;
3198 			arg.tid = i;
3199 			arg.vdev_id = arvif->vdev_id;
3200 			arg.retry_count = arvif->retry_long[i];
3201 			arg.aggr_control = arvif->ampdu[i];
3202 			arg.rate_ctrl = arvif->rate_ctrl[i];
3203 			arg.rcode_flags = arvif->rate_code[i];
3204 
3205 			if (arvif->rtscts[i])
3206 				arg.ext_tid_cfg_bitmap =
3207 					WMI_EXT_TID_RTS_CTS_CONFIG;
3208 			else
3209 				arg.ext_tid_cfg_bitmap = 0;
3210 
3211 			arg.rtscts_ctrl = arvif->rtscts[i];
3212 		}
3213 
3214 		if (arvif->noack[i]) {
3215 			arg.ack_policy = arvif->noack[i];
3216 			arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
3217 			arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
3218 			config_apply = true;
3219 		}
3220 
3221 		/* Assign default value(-1) to newly connected station.
3222 		 * This is to identify station specific tid configuration not
3223 		 * configured for the station.
3224 		 */
3225 		arsta->retry_long[i] = -1;
3226 		arsta->noack[i] = -1;
3227 		arsta->ampdu[i] = -1;
3228 
3229 		if (!config_apply)
3230 			continue;
3231 
3232 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
3233 
3234 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
3235 		if (ret) {
3236 			ath10k_warn(ar, "failed to set per tid retry/aggr config for sta %pM: %d\n",
3237 				    sta->addr, ret);
3238 			return ret;
3239 		}
3240 
3241 		memset(&arg, 0, sizeof(arg));
3242 	}
3243 
3244 	return 0;
3245 }
3246 
3247 static int ath10k_station_assoc(struct ath10k *ar,
3248 				struct ieee80211_vif *vif,
3249 				struct ieee80211_sta *sta,
3250 				bool reassoc)
3251 {
3252 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3253 	struct wmi_peer_assoc_complete_arg peer_arg;
3254 	int ret = 0;
3255 
3256 	lockdep_assert_held(&ar->conf_mutex);
3257 
3258 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
3259 	if (ret) {
3260 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
3261 			    sta->addr, arvif->vdev_id, ret);
3262 		return ret;
3263 	}
3264 
3265 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3266 	if (ret) {
3267 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
3268 			    sta->addr, arvif->vdev_id, ret);
3269 		return ret;
3270 	}
3271 
3272 	/* Re-assoc is run only to update supported rates for given station. It
3273 	 * doesn't make much sense to reconfigure the peer completely.
3274 	 */
3275 	if (!reassoc) {
3276 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3277 					     &sta->ht_cap);
3278 		if (ret) {
3279 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3280 				    arvif->vdev_id, ret);
3281 			return ret;
3282 		}
3283 
3284 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3285 		if (ret) {
3286 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3287 				    sta->addr, arvif->vdev_id, ret);
3288 			return ret;
3289 		}
3290 
3291 		if (!sta->wme) {
3292 			arvif->num_legacy_stations++;
3293 			ret  = ath10k_recalc_rtscts_prot(arvif);
3294 			if (ret) {
3295 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3296 					    arvif->vdev_id, ret);
3297 				return ret;
3298 			}
3299 		}
3300 
3301 		/* Plumb cached keys only for static WEP */
3302 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3303 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3304 			if (ret) {
3305 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3306 					    arvif->vdev_id, ret);
3307 				return ret;
3308 			}
3309 		}
3310 	}
3311 
3312 	if (!test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map))
3313 		return ret;
3314 
3315 	return ath10k_new_peer_tid_config(ar, sta, arvif);
3316 }
3317 
3318 static int ath10k_station_disassoc(struct ath10k *ar,
3319 				   struct ieee80211_vif *vif,
3320 				   struct ieee80211_sta *sta)
3321 {
3322 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3323 	int ret = 0;
3324 
3325 	lockdep_assert_held(&ar->conf_mutex);
3326 
3327 	if (!sta->wme) {
3328 		arvif->num_legacy_stations--;
3329 		ret = ath10k_recalc_rtscts_prot(arvif);
3330 		if (ret) {
3331 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3332 				    arvif->vdev_id, ret);
3333 			return ret;
3334 		}
3335 	}
3336 
3337 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3338 	if (ret) {
3339 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3340 			    arvif->vdev_id, ret);
3341 		return ret;
3342 	}
3343 
3344 	return ret;
3345 }
3346 
3347 /**************/
3348 /* Regulatory */
3349 /**************/
3350 
3351 static int ath10k_update_channel_list(struct ath10k *ar)
3352 {
3353 	struct ieee80211_hw *hw = ar->hw;
3354 	struct ieee80211_supported_band **bands;
3355 	enum nl80211_band band;
3356 	struct ieee80211_channel *channel;
3357 	struct wmi_scan_chan_list_arg arg = {0};
3358 	struct wmi_channel_arg *ch;
3359 	bool passive;
3360 	int len;
3361 	int ret;
3362 	int i;
3363 
3364 	lockdep_assert_held(&ar->conf_mutex);
3365 
3366 	bands = hw->wiphy->bands;
3367 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3368 		if (!bands[band])
3369 			continue;
3370 
3371 		for (i = 0; i < bands[band]->n_channels; i++) {
3372 			if (bands[band]->channels[i].flags &
3373 			    IEEE80211_CHAN_DISABLED)
3374 				continue;
3375 
3376 			arg.n_channels++;
3377 		}
3378 	}
3379 
3380 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3381 	arg.channels = kzalloc(len, GFP_KERNEL);
3382 	if (!arg.channels)
3383 		return -ENOMEM;
3384 
3385 	ch = arg.channels;
3386 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3387 		if (!bands[band])
3388 			continue;
3389 
3390 		for (i = 0; i < bands[band]->n_channels; i++) {
3391 			channel = &bands[band]->channels[i];
3392 
3393 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3394 				continue;
3395 
3396 			ch->allow_ht = true;
3397 
3398 			/* FIXME: when should we really allow VHT? */
3399 			ch->allow_vht = true;
3400 
3401 			ch->allow_ibss =
3402 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3403 
3404 			ch->ht40plus =
3405 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3406 
3407 			ch->chan_radar =
3408 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3409 
3410 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3411 			ch->passive = passive;
3412 
3413 			/* the firmware is ignoring the "radar" flag of the
3414 			 * channel and is scanning actively using Probe Requests
3415 			 * on "Radar detection"/DFS channels which are not
3416 			 * marked as "available"
3417 			 */
3418 			ch->passive |= ch->chan_radar;
3419 
3420 			ch->freq = channel->center_freq;
3421 			ch->band_center_freq1 = channel->center_freq;
3422 			ch->min_power = 0;
3423 			ch->max_power = channel->max_power * 2;
3424 			ch->max_reg_power = channel->max_reg_power * 2;
3425 			ch->max_antenna_gain = channel->max_antenna_gain * 2;
3426 			ch->reg_class_id = 0; /* FIXME */
3427 
3428 			/* FIXME: why use only legacy modes, why not any
3429 			 * HT/VHT modes? Would that even make any
3430 			 * difference?
3431 			 */
3432 			if (channel->band == NL80211_BAND_2GHZ)
3433 				ch->mode = MODE_11G;
3434 			else
3435 				ch->mode = MODE_11A;
3436 
3437 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3438 				continue;
3439 
3440 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3441 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3442 				    ch - arg.channels, arg.n_channels,
3443 				   ch->freq, ch->max_power, ch->max_reg_power,
3444 				   ch->max_antenna_gain, ch->mode);
3445 
3446 			ch++;
3447 		}
3448 	}
3449 
3450 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3451 	kfree(arg.channels);
3452 
3453 	return ret;
3454 }
3455 
3456 static enum wmi_dfs_region
3457 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3458 {
3459 	switch (dfs_region) {
3460 	case NL80211_DFS_UNSET:
3461 		return WMI_UNINIT_DFS_DOMAIN;
3462 	case NL80211_DFS_FCC:
3463 		return WMI_FCC_DFS_DOMAIN;
3464 	case NL80211_DFS_ETSI:
3465 		return WMI_ETSI_DFS_DOMAIN;
3466 	case NL80211_DFS_JP:
3467 		return WMI_MKK4_DFS_DOMAIN;
3468 	}
3469 	return WMI_UNINIT_DFS_DOMAIN;
3470 }
3471 
3472 static void ath10k_regd_update(struct ath10k *ar)
3473 {
3474 	struct reg_dmn_pair_mapping *regpair;
3475 	int ret;
3476 	enum wmi_dfs_region wmi_dfs_reg;
3477 	enum nl80211_dfs_regions nl_dfs_reg;
3478 
3479 	lockdep_assert_held(&ar->conf_mutex);
3480 
3481 	ret = ath10k_update_channel_list(ar);
3482 	if (ret)
3483 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3484 
3485 	regpair = ar->ath_common.regulatory.regpair;
3486 
3487 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3488 		nl_dfs_reg = ar->dfs_detector->region;
3489 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3490 	} else {
3491 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3492 	}
3493 
3494 	/* Target allows setting up per-band regdomain but ath_common provides
3495 	 * a combined one only
3496 	 */
3497 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3498 					    regpair->reg_domain,
3499 					    regpair->reg_domain, /* 2ghz */
3500 					    regpair->reg_domain, /* 5ghz */
3501 					    regpair->reg_2ghz_ctl,
3502 					    regpair->reg_5ghz_ctl,
3503 					    wmi_dfs_reg);
3504 	if (ret)
3505 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3506 }
3507 
3508 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3509 					   struct ieee80211_supported_band *band)
3510 {
3511 	int i;
3512 
3513 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3514 		for (i = 0; i < band->n_channels; i++) {
3515 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3516 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3517 				band->channels[i].flags |=
3518 					IEEE80211_CHAN_DISABLED;
3519 		}
3520 	}
3521 }
3522 
3523 static void ath10k_reg_notifier(struct wiphy *wiphy,
3524 				struct regulatory_request *request)
3525 {
3526 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3527 	struct ath10k *ar = hw->priv;
3528 	bool result;
3529 
3530 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3531 
3532 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3533 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3534 			   request->dfs_region);
3535 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3536 							  request->dfs_region);
3537 		if (!result)
3538 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3539 				    request->dfs_region);
3540 	}
3541 
3542 	mutex_lock(&ar->conf_mutex);
3543 	if (ar->state == ATH10K_STATE_ON)
3544 		ath10k_regd_update(ar);
3545 	mutex_unlock(&ar->conf_mutex);
3546 
3547 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3548 		ath10k_mac_update_channel_list(ar,
3549 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3550 }
3551 
3552 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3553 {
3554 	spin_lock_bh(&ar->data_lock);
3555 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3556 	spin_unlock_bh(&ar->data_lock);
3557 
3558 	cancel_work_sync(&ar->radar_confirmation_work);
3559 }
3560 
3561 /***************/
3562 /* TX handlers */
3563 /***************/
3564 
3565 enum ath10k_mac_tx_path {
3566 	ATH10K_MAC_TX_HTT,
3567 	ATH10K_MAC_TX_HTT_MGMT,
3568 	ATH10K_MAC_TX_WMI_MGMT,
3569 	ATH10K_MAC_TX_UNKNOWN,
3570 };
3571 
3572 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3573 {
3574 	lockdep_assert_held(&ar->htt.tx_lock);
3575 
3576 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3577 	ar->tx_paused |= BIT(reason);
3578 	ieee80211_stop_queues(ar->hw);
3579 }
3580 
3581 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3582 				      struct ieee80211_vif *vif)
3583 {
3584 	struct ath10k *ar = data;
3585 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3586 
3587 	if (arvif->tx_paused)
3588 		return;
3589 
3590 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3591 }
3592 
3593 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3594 {
3595 	lockdep_assert_held(&ar->htt.tx_lock);
3596 
3597 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3598 	ar->tx_paused &= ~BIT(reason);
3599 
3600 	if (ar->tx_paused)
3601 		return;
3602 
3603 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3604 						   ATH10K_ITER_RESUME_FLAGS,
3605 						   ath10k_mac_tx_unlock_iter,
3606 						   ar);
3607 
3608 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3609 }
3610 
3611 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3612 {
3613 	struct ath10k *ar = arvif->ar;
3614 
3615 	lockdep_assert_held(&ar->htt.tx_lock);
3616 
3617 	WARN_ON(reason >= BITS_PER_LONG);
3618 	arvif->tx_paused |= BIT(reason);
3619 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3620 }
3621 
3622 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3623 {
3624 	struct ath10k *ar = arvif->ar;
3625 
3626 	lockdep_assert_held(&ar->htt.tx_lock);
3627 
3628 	WARN_ON(reason >= BITS_PER_LONG);
3629 	arvif->tx_paused &= ~BIT(reason);
3630 
3631 	if (ar->tx_paused)
3632 		return;
3633 
3634 	if (arvif->tx_paused)
3635 		return;
3636 
3637 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3638 }
3639 
3640 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3641 					   enum wmi_tlv_tx_pause_id pause_id,
3642 					   enum wmi_tlv_tx_pause_action action)
3643 {
3644 	struct ath10k *ar = arvif->ar;
3645 
3646 	lockdep_assert_held(&ar->htt.tx_lock);
3647 
3648 	switch (action) {
3649 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3650 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3651 		break;
3652 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3653 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3654 		break;
3655 	default:
3656 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3657 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3658 			    action, arvif->vdev_id);
3659 		break;
3660 	}
3661 }
3662 
3663 struct ath10k_mac_tx_pause {
3664 	u32 vdev_id;
3665 	enum wmi_tlv_tx_pause_id pause_id;
3666 	enum wmi_tlv_tx_pause_action action;
3667 };
3668 
3669 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3670 					    struct ieee80211_vif *vif)
3671 {
3672 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3673 	struct ath10k_mac_tx_pause *arg = data;
3674 
3675 	if (arvif->vdev_id != arg->vdev_id)
3676 		return;
3677 
3678 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3679 }
3680 
3681 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3682 				     enum wmi_tlv_tx_pause_id pause_id,
3683 				     enum wmi_tlv_tx_pause_action action)
3684 {
3685 	struct ath10k_mac_tx_pause arg = {
3686 		.vdev_id = vdev_id,
3687 		.pause_id = pause_id,
3688 		.action = action,
3689 	};
3690 
3691 	spin_lock_bh(&ar->htt.tx_lock);
3692 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3693 						   ATH10K_ITER_RESUME_FLAGS,
3694 						   ath10k_mac_handle_tx_pause_iter,
3695 						   &arg);
3696 	spin_unlock_bh(&ar->htt.tx_lock);
3697 }
3698 
3699 static enum ath10k_hw_txrx_mode
3700 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3701 			   struct ieee80211_vif *vif,
3702 			   struct ieee80211_sta *sta,
3703 			   struct sk_buff *skb)
3704 {
3705 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3706 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3707 	__le16 fc = hdr->frame_control;
3708 
3709 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3710 		return ATH10K_HW_TXRX_RAW;
3711 
3712 	if (ieee80211_is_mgmt(fc))
3713 		return ATH10K_HW_TXRX_MGMT;
3714 
3715 	/* Workaround:
3716 	 *
3717 	 * NullFunc frames are mostly used to ping if a client or AP are still
3718 	 * reachable and responsive. This implies tx status reports must be
3719 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3720 	 * come to a conclusion that the other end disappeared and tear down
3721 	 * BSS connection or it can never disconnect from BSS/client (which is
3722 	 * the case).
3723 	 *
3724 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3725 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3726 	 * which seems to deliver correct tx reports for NullFunc frames. The
3727 	 * downside of using it is it ignores client powersave state so it can
3728 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3729 	 * mode though because AP don't sleep.
3730 	 */
3731 	if (ar->htt.target_version_major < 3 &&
3732 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3733 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3734 		      ar->running_fw->fw_file.fw_features))
3735 		return ATH10K_HW_TXRX_MGMT;
3736 
3737 	/* Workaround:
3738 	 *
3739 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3740 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3741 	 * to work with Ethernet txmode so use it.
3742 	 *
3743 	 * FIXME: Check if raw mode works with TDLS.
3744 	 */
3745 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3746 		return ATH10K_HW_TXRX_ETHERNET;
3747 
3748 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3749 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3750 		return ATH10K_HW_TXRX_RAW;
3751 
3752 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3753 }
3754 
3755 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3756 				     struct sk_buff *skb)
3757 {
3758 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3759 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3760 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3761 			 IEEE80211_TX_CTL_INJECTED;
3762 
3763 	if (!ieee80211_has_protected(hdr->frame_control))
3764 		return false;
3765 
3766 	if ((info->flags & mask) == mask)
3767 		return false;
3768 
3769 	if (vif)
3770 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3771 
3772 	return true;
3773 }
3774 
3775 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3776  * Control in the header.
3777  */
3778 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3779 {
3780 	struct ieee80211_hdr *hdr = (void *)skb->data;
3781 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3782 	u8 *qos_ctl;
3783 
3784 	if (!ieee80211_is_data_qos(hdr->frame_control))
3785 		return;
3786 
3787 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3788 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3789 		skb->data, (void *)qos_ctl - (void *)skb->data);
3790 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3791 
3792 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3793 	 * These frames are mainly used for CQM purposes so it doesn't really
3794 	 * matter whether QoS NullFunc or NullFunc are sent.
3795 	 */
3796 	hdr = (void *)skb->data;
3797 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3798 		cb->flags &= ~ATH10K_SKB_F_QOS;
3799 
3800 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3801 }
3802 
3803 static void ath10k_tx_h_8023(struct sk_buff *skb)
3804 {
3805 	struct ieee80211_hdr *hdr;
3806 	struct rfc1042_hdr *rfc1042;
3807 	struct ethhdr *eth;
3808 	size_t hdrlen;
3809 	u8 da[ETH_ALEN];
3810 	u8 sa[ETH_ALEN];
3811 	__be16 type;
3812 
3813 	hdr = (void *)skb->data;
3814 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3815 	rfc1042 = (void *)skb->data + hdrlen;
3816 
3817 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3818 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3819 	type = rfc1042->snap_type;
3820 
3821 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3822 	skb_push(skb, sizeof(*eth));
3823 
3824 	eth = (void *)skb->data;
3825 	ether_addr_copy(eth->h_dest, da);
3826 	ether_addr_copy(eth->h_source, sa);
3827 	eth->h_proto = type;
3828 }
3829 
3830 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3831 				       struct ieee80211_vif *vif,
3832 				       struct sk_buff *skb)
3833 {
3834 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3835 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3836 
3837 	/* This is case only for P2P_GO */
3838 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3839 		return;
3840 
3841 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3842 		spin_lock_bh(&ar->data_lock);
3843 		if (arvif->u.ap.noa_data)
3844 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3845 					      GFP_ATOMIC))
3846 				skb_put_data(skb, arvif->u.ap.noa_data,
3847 					     arvif->u.ap.noa_len);
3848 		spin_unlock_bh(&ar->data_lock);
3849 	}
3850 }
3851 
3852 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3853 				    struct ieee80211_vif *vif,
3854 				    struct ieee80211_txq *txq,
3855 				    struct ieee80211_sta *sta,
3856 				    struct sk_buff *skb, u16 airtime)
3857 {
3858 	struct ieee80211_hdr *hdr = (void *)skb->data;
3859 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3860 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3861 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3862 			ieee80211_is_data_qos(hdr->frame_control);
3863 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3864 	struct ath10k_sta *arsta;
3865 	u8 tid, *qos_ctl;
3866 	bool noack = false;
3867 
3868 	cb->flags = 0;
3869 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3870 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3871 
3872 	if (ieee80211_is_mgmt(hdr->frame_control))
3873 		cb->flags |= ATH10K_SKB_F_MGMT;
3874 
3875 	if (ieee80211_is_data_qos(hdr->frame_control)) {
3876 		cb->flags |= ATH10K_SKB_F_QOS;
3877 		qos_ctl = ieee80211_get_qos_ctl(hdr);
3878 		tid = (*qos_ctl) & IEEE80211_QOS_CTL_TID_MASK;
3879 
3880 		if (arvif->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3881 			noack = true;
3882 
3883 		if (sta) {
3884 			arsta = (struct ath10k_sta *)sta->drv_priv;
3885 
3886 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3887 				noack = true;
3888 
3889 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_ACK)
3890 				noack = false;
3891 		}
3892 
3893 		if (noack)
3894 			cb->flags |= ATH10K_SKB_F_NOACK_TID;
3895 	}
3896 
3897 	/* Data frames encrypted in software will be posted to firmware
3898 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3899 	 * for a specific VLAN group will always be encrypted in software.
3900 	 */
3901 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3902 	    !info->control.hw_key) {
3903 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3904 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3905 	}
3906 
3907 	cb->vif = vif;
3908 	cb->txq = txq;
3909 	cb->airtime_est = airtime;
3910 	if (sta) {
3911 		arsta = (struct ath10k_sta *)sta->drv_priv;
3912 		spin_lock_bh(&ar->data_lock);
3913 		cb->ucast_cipher = arsta->ucast_cipher;
3914 		spin_unlock_bh(&ar->data_lock);
3915 	}
3916 }
3917 
3918 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3919 {
3920 	/* FIXME: Not really sure since when the behaviour changed. At some
3921 	 * point new firmware stopped requiring creation of peer entries for
3922 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3923 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3924 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3925 	 */
3926 	return (ar->htt.target_version_major >= 3 &&
3927 		ar->htt.target_version_minor >= 4 &&
3928 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3929 }
3930 
3931 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3932 {
3933 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3934 
3935 	if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
3936 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3937 		return -ENOSPC;
3938 	}
3939 
3940 	skb_queue_tail(q, skb);
3941 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3942 
3943 	return 0;
3944 }
3945 
3946 static enum ath10k_mac_tx_path
3947 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3948 			   struct sk_buff *skb,
3949 			   enum ath10k_hw_txrx_mode txmode)
3950 {
3951 	switch (txmode) {
3952 	case ATH10K_HW_TXRX_RAW:
3953 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3954 	case ATH10K_HW_TXRX_ETHERNET:
3955 		return ATH10K_MAC_TX_HTT;
3956 	case ATH10K_HW_TXRX_MGMT:
3957 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3958 			     ar->running_fw->fw_file.fw_features) ||
3959 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
3960 				      ar->wmi.svc_map))
3961 			return ATH10K_MAC_TX_WMI_MGMT;
3962 		else if (ar->htt.target_version_major >= 3)
3963 			return ATH10K_MAC_TX_HTT;
3964 		else
3965 			return ATH10K_MAC_TX_HTT_MGMT;
3966 	}
3967 
3968 	return ATH10K_MAC_TX_UNKNOWN;
3969 }
3970 
3971 static int ath10k_mac_tx_submit(struct ath10k *ar,
3972 				enum ath10k_hw_txrx_mode txmode,
3973 				enum ath10k_mac_tx_path txpath,
3974 				struct sk_buff *skb)
3975 {
3976 	struct ath10k_htt *htt = &ar->htt;
3977 	int ret = -EINVAL;
3978 
3979 	switch (txpath) {
3980 	case ATH10K_MAC_TX_HTT:
3981 		ret = ath10k_htt_tx(htt, txmode, skb);
3982 		break;
3983 	case ATH10K_MAC_TX_HTT_MGMT:
3984 		ret = ath10k_htt_mgmt_tx(htt, skb);
3985 		break;
3986 	case ATH10K_MAC_TX_WMI_MGMT:
3987 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
3988 		break;
3989 	case ATH10K_MAC_TX_UNKNOWN:
3990 		WARN_ON_ONCE(1);
3991 		ret = -EINVAL;
3992 		break;
3993 	}
3994 
3995 	if (ret) {
3996 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
3997 			    ret);
3998 		ieee80211_free_txskb(ar->hw, skb);
3999 	}
4000 
4001 	return ret;
4002 }
4003 
4004 /* This function consumes the sk_buff regardless of return value as far as
4005  * caller is concerned so no freeing is necessary afterwards.
4006  */
4007 static int ath10k_mac_tx(struct ath10k *ar,
4008 			 struct ieee80211_vif *vif,
4009 			 enum ath10k_hw_txrx_mode txmode,
4010 			 enum ath10k_mac_tx_path txpath,
4011 			 struct sk_buff *skb, bool noque_offchan)
4012 {
4013 	struct ieee80211_hw *hw = ar->hw;
4014 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4015 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
4016 	int ret;
4017 
4018 	/* We should disable CCK RATE due to P2P */
4019 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
4020 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
4021 
4022 	switch (txmode) {
4023 	case ATH10K_HW_TXRX_MGMT:
4024 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4025 		ath10k_tx_h_nwifi(hw, skb);
4026 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
4027 		ath10k_tx_h_seq_no(vif, skb);
4028 		break;
4029 	case ATH10K_HW_TXRX_ETHERNET:
4030 		ath10k_tx_h_8023(skb);
4031 		break;
4032 	case ATH10K_HW_TXRX_RAW:
4033 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
4034 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
4035 			WARN_ON_ONCE(1);
4036 			ieee80211_free_txskb(hw, skb);
4037 			return -ENOTSUPP;
4038 		}
4039 	}
4040 
4041 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
4042 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
4043 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %pK len %d\n",
4044 				   skb, skb->len);
4045 
4046 			skb_queue_tail(&ar->offchan_tx_queue, skb);
4047 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
4048 			return 0;
4049 		}
4050 	}
4051 
4052 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
4053 	if (ret) {
4054 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
4055 		return ret;
4056 	}
4057 
4058 	return 0;
4059 }
4060 
4061 void ath10k_offchan_tx_purge(struct ath10k *ar)
4062 {
4063 	struct sk_buff *skb;
4064 
4065 	for (;;) {
4066 		skb = skb_dequeue(&ar->offchan_tx_queue);
4067 		if (!skb)
4068 			break;
4069 
4070 		ieee80211_free_txskb(ar->hw, skb);
4071 	}
4072 }
4073 
4074 void ath10k_offchan_tx_work(struct work_struct *work)
4075 {
4076 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
4077 	struct ath10k_peer *peer;
4078 	struct ath10k_vif *arvif;
4079 	enum ath10k_hw_txrx_mode txmode;
4080 	enum ath10k_mac_tx_path txpath;
4081 	struct ieee80211_hdr *hdr;
4082 	struct ieee80211_vif *vif;
4083 	struct ieee80211_sta *sta;
4084 	struct sk_buff *skb;
4085 	const u8 *peer_addr;
4086 	int vdev_id;
4087 	int ret;
4088 	unsigned long time_left;
4089 	bool tmp_peer_created = false;
4090 
4091 	/* FW requirement: We must create a peer before FW will send out
4092 	 * an offchannel frame. Otherwise the frame will be stuck and
4093 	 * never transmitted. We delete the peer upon tx completion.
4094 	 * It is unlikely that a peer for offchannel tx will already be
4095 	 * present. However it may be in some rare cases so account for that.
4096 	 * Otherwise we might remove a legitimate peer and break stuff.
4097 	 */
4098 
4099 	for (;;) {
4100 		skb = skb_dequeue(&ar->offchan_tx_queue);
4101 		if (!skb)
4102 			break;
4103 
4104 		mutex_lock(&ar->conf_mutex);
4105 
4106 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %pK len %d\n",
4107 			   skb, skb->len);
4108 
4109 		hdr = (struct ieee80211_hdr *)skb->data;
4110 		peer_addr = ieee80211_get_DA(hdr);
4111 
4112 		spin_lock_bh(&ar->data_lock);
4113 		vdev_id = ar->scan.vdev_id;
4114 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
4115 		spin_unlock_bh(&ar->data_lock);
4116 
4117 		if (peer)
4118 			ath10k_warn(ar, "peer %pM on vdev %d already present\n",
4119 				    peer_addr, vdev_id);
4120 
4121 		if (!peer) {
4122 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
4123 						 peer_addr,
4124 						 WMI_PEER_TYPE_DEFAULT);
4125 			if (ret)
4126 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
4127 					    peer_addr, vdev_id, ret);
4128 			tmp_peer_created = (ret == 0);
4129 		}
4130 
4131 		spin_lock_bh(&ar->data_lock);
4132 		reinit_completion(&ar->offchan_tx_completed);
4133 		ar->offchan_tx_skb = skb;
4134 		spin_unlock_bh(&ar->data_lock);
4135 
4136 		/* It's safe to access vif and sta - conf_mutex guarantees that
4137 		 * sta_state() and remove_interface() are locked exclusively
4138 		 * out wrt to this offchannel worker.
4139 		 */
4140 		arvif = ath10k_get_arvif(ar, vdev_id);
4141 		if (arvif) {
4142 			vif = arvif->vif;
4143 			sta = ieee80211_find_sta(vif, peer_addr);
4144 		} else {
4145 			vif = NULL;
4146 			sta = NULL;
4147 		}
4148 
4149 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4150 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4151 
4152 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
4153 		if (ret) {
4154 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
4155 				    ret);
4156 			/* not serious */
4157 		}
4158 
4159 		time_left =
4160 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
4161 		if (time_left == 0)
4162 			ath10k_warn(ar, "timed out waiting for offchannel skb %pK, len: %d\n",
4163 				    skb, skb->len);
4164 
4165 		if (!peer && tmp_peer_created) {
4166 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
4167 			if (ret)
4168 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
4169 					    peer_addr, vdev_id, ret);
4170 		}
4171 
4172 		mutex_unlock(&ar->conf_mutex);
4173 	}
4174 }
4175 
4176 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
4177 {
4178 	struct sk_buff *skb;
4179 
4180 	for (;;) {
4181 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4182 		if (!skb)
4183 			break;
4184 
4185 		ieee80211_free_txskb(ar->hw, skb);
4186 	}
4187 }
4188 
4189 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
4190 {
4191 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
4192 	struct sk_buff *skb;
4193 	dma_addr_t paddr;
4194 	int ret;
4195 
4196 	for (;;) {
4197 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4198 		if (!skb)
4199 			break;
4200 
4201 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
4202 			     ar->running_fw->fw_file.fw_features)) {
4203 			paddr = dma_map_single(ar->dev, skb->data,
4204 					       skb->len, DMA_TO_DEVICE);
4205 			if (dma_mapping_error(ar->dev, paddr)) {
4206 				ieee80211_free_txskb(ar->hw, skb);
4207 				continue;
4208 			}
4209 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
4210 			if (ret) {
4211 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
4212 					    ret);
4213 				/* remove this msdu from idr tracking */
4214 				ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
4215 
4216 				dma_unmap_single(ar->dev, paddr, skb->len,
4217 						 DMA_TO_DEVICE);
4218 				ieee80211_free_txskb(ar->hw, skb);
4219 			}
4220 		} else {
4221 			ret = ath10k_wmi_mgmt_tx(ar, skb);
4222 			if (ret) {
4223 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
4224 					    ret);
4225 				ieee80211_free_txskb(ar->hw, skb);
4226 			}
4227 		}
4228 	}
4229 }
4230 
4231 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
4232 {
4233 	struct ath10k_txq *artxq;
4234 
4235 	if (!txq)
4236 		return;
4237 
4238 	artxq = (void *)txq->drv_priv;
4239 	INIT_LIST_HEAD(&artxq->list);
4240 }
4241 
4242 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
4243 {
4244 	struct ath10k_skb_cb *cb;
4245 	struct sk_buff *msdu;
4246 	int msdu_id;
4247 
4248 	if (!txq)
4249 		return;
4250 
4251 	spin_lock_bh(&ar->htt.tx_lock);
4252 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
4253 		cb = ATH10K_SKB_CB(msdu);
4254 		if (cb->txq == txq)
4255 			cb->txq = NULL;
4256 	}
4257 	spin_unlock_bh(&ar->htt.tx_lock);
4258 }
4259 
4260 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
4261 					    u16 peer_id,
4262 					    u8 tid)
4263 {
4264 	struct ath10k_peer *peer;
4265 
4266 	lockdep_assert_held(&ar->data_lock);
4267 
4268 	peer = ar->peer_map[peer_id];
4269 	if (!peer)
4270 		return NULL;
4271 
4272 	if (peer->removed)
4273 		return NULL;
4274 
4275 	if (peer->sta)
4276 		return peer->sta->txq[tid];
4277 	else if (peer->vif)
4278 		return peer->vif->txq;
4279 	else
4280 		return NULL;
4281 }
4282 
4283 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
4284 				   struct ieee80211_txq *txq)
4285 {
4286 	struct ath10k *ar = hw->priv;
4287 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4288 
4289 	/* No need to get locks */
4290 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
4291 		return true;
4292 
4293 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
4294 		return true;
4295 
4296 	if (artxq->num_fw_queued < artxq->num_push_allowed)
4297 		return true;
4298 
4299 	return false;
4300 }
4301 
4302 /* Return estimated airtime in microsecond, which is calculated using last
4303  * reported TX rate. This is just a rough estimation because host driver has no
4304  * knowledge of the actual transmit rate, retries or aggregation. If actual
4305  * airtime can be reported by firmware, then delta between estimated and actual
4306  * airtime can be adjusted from deficit.
4307  */
4308 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4309 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4310 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4311 				     struct ieee80211_txq *txq,
4312 				     struct sk_buff *skb)
4313 {
4314 	struct ath10k_sta *arsta;
4315 	u32 pktlen;
4316 	u16 airtime = 0;
4317 
4318 	if (!txq || !txq->sta)
4319 		return airtime;
4320 
4321 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4322 		return airtime;
4323 
4324 	spin_lock_bh(&ar->data_lock);
4325 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4326 
4327 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4328 	if (arsta->last_tx_bitrate) {
4329 		/* airtime in us, last_tx_bitrate in 100kbps */
4330 		airtime = (pktlen * 8 * (1000 / 100))
4331 				/ arsta->last_tx_bitrate;
4332 		/* overhead for media access time and IFS */
4333 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4334 	} else {
4335 		/* This is mostly for throttle excessive BC/MC frames, and the
4336 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4337 		 * in 2G get some discount, which helps prevent very low rate
4338 		 * frames from being blocked for too long.
4339 		 */
4340 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4341 		airtime += IEEE80211_ATF_OVERHEAD;
4342 	}
4343 	spin_unlock_bh(&ar->data_lock);
4344 
4345 	return airtime;
4346 }
4347 
4348 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4349 			   struct ieee80211_txq *txq)
4350 {
4351 	struct ath10k *ar = hw->priv;
4352 	struct ath10k_htt *htt = &ar->htt;
4353 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4354 	struct ieee80211_vif *vif = txq->vif;
4355 	struct ieee80211_sta *sta = txq->sta;
4356 	enum ath10k_hw_txrx_mode txmode;
4357 	enum ath10k_mac_tx_path txpath;
4358 	struct sk_buff *skb;
4359 	struct ieee80211_hdr *hdr;
4360 	size_t skb_len;
4361 	bool is_mgmt, is_presp;
4362 	int ret;
4363 	u16 airtime;
4364 
4365 	spin_lock_bh(&ar->htt.tx_lock);
4366 	ret = ath10k_htt_tx_inc_pending(htt);
4367 	spin_unlock_bh(&ar->htt.tx_lock);
4368 
4369 	if (ret)
4370 		return ret;
4371 
4372 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4373 	if (!skb) {
4374 		spin_lock_bh(&ar->htt.tx_lock);
4375 		ath10k_htt_tx_dec_pending(htt);
4376 		spin_unlock_bh(&ar->htt.tx_lock);
4377 
4378 		return -ENOENT;
4379 	}
4380 
4381 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4382 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4383 
4384 	skb_len = skb->len;
4385 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4386 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4387 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4388 
4389 	if (is_mgmt) {
4390 		hdr = (struct ieee80211_hdr *)skb->data;
4391 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4392 
4393 		spin_lock_bh(&ar->htt.tx_lock);
4394 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4395 
4396 		if (ret) {
4397 			ath10k_htt_tx_dec_pending(htt);
4398 			spin_unlock_bh(&ar->htt.tx_lock);
4399 			return ret;
4400 		}
4401 		spin_unlock_bh(&ar->htt.tx_lock);
4402 	}
4403 
4404 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4405 	if (unlikely(ret)) {
4406 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4407 
4408 		spin_lock_bh(&ar->htt.tx_lock);
4409 		ath10k_htt_tx_dec_pending(htt);
4410 		if (is_mgmt)
4411 			ath10k_htt_tx_mgmt_dec_pending(htt);
4412 		spin_unlock_bh(&ar->htt.tx_lock);
4413 
4414 		return ret;
4415 	}
4416 
4417 	spin_lock_bh(&ar->htt.tx_lock);
4418 	artxq->num_fw_queued++;
4419 	spin_unlock_bh(&ar->htt.tx_lock);
4420 
4421 	return skb_len;
4422 }
4423 
4424 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4425 {
4426 	struct ieee80211_txq *txq;
4427 	int ret = 0;
4428 
4429 	ieee80211_txq_schedule_start(hw, ac);
4430 	while ((txq = ieee80211_next_txq(hw, ac))) {
4431 		while (ath10k_mac_tx_can_push(hw, txq)) {
4432 			ret = ath10k_mac_tx_push_txq(hw, txq);
4433 			if (ret < 0)
4434 				break;
4435 		}
4436 		ieee80211_return_txq(hw, txq, false);
4437 		ath10k_htt_tx_txq_update(hw, txq);
4438 		if (ret == -EBUSY)
4439 			break;
4440 	}
4441 	ieee80211_txq_schedule_end(hw, ac);
4442 
4443 	return ret;
4444 }
4445 
4446 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4447 {
4448 	struct ieee80211_hw *hw = ar->hw;
4449 	u32 ac;
4450 
4451 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4452 		return;
4453 
4454 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4455 		return;
4456 
4457 	rcu_read_lock();
4458 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4459 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4460 			break;
4461 	}
4462 	rcu_read_unlock();
4463 }
4464 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4465 
4466 /************/
4467 /* Scanning */
4468 /************/
4469 
4470 void __ath10k_scan_finish(struct ath10k *ar)
4471 {
4472 	lockdep_assert_held(&ar->data_lock);
4473 
4474 	switch (ar->scan.state) {
4475 	case ATH10K_SCAN_IDLE:
4476 		break;
4477 	case ATH10K_SCAN_RUNNING:
4478 	case ATH10K_SCAN_ABORTING:
4479 		if (!ar->scan.is_roc) {
4480 			struct cfg80211_scan_info info = {
4481 				.aborted = (ar->scan.state ==
4482 					    ATH10K_SCAN_ABORTING),
4483 			};
4484 
4485 			ieee80211_scan_completed(ar->hw, &info);
4486 		} else if (ar->scan.roc_notify) {
4487 			ieee80211_remain_on_channel_expired(ar->hw);
4488 		}
4489 		fallthrough;
4490 	case ATH10K_SCAN_STARTING:
4491 		ar->scan.state = ATH10K_SCAN_IDLE;
4492 		ar->scan_channel = NULL;
4493 		ar->scan.roc_freq = 0;
4494 		ath10k_offchan_tx_purge(ar);
4495 		cancel_delayed_work(&ar->scan.timeout);
4496 		complete(&ar->scan.completed);
4497 		break;
4498 	}
4499 }
4500 
4501 void ath10k_scan_finish(struct ath10k *ar)
4502 {
4503 	spin_lock_bh(&ar->data_lock);
4504 	__ath10k_scan_finish(ar);
4505 	spin_unlock_bh(&ar->data_lock);
4506 }
4507 
4508 static int ath10k_scan_stop(struct ath10k *ar)
4509 {
4510 	struct wmi_stop_scan_arg arg = {
4511 		.req_id = 1, /* FIXME */
4512 		.req_type = WMI_SCAN_STOP_ONE,
4513 		.u.scan_id = ATH10K_SCAN_ID,
4514 	};
4515 	int ret;
4516 
4517 	lockdep_assert_held(&ar->conf_mutex);
4518 
4519 	ret = ath10k_wmi_stop_scan(ar, &arg);
4520 	if (ret) {
4521 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4522 		goto out;
4523 	}
4524 
4525 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4526 	if (ret == 0) {
4527 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4528 		ret = -ETIMEDOUT;
4529 	} else if (ret > 0) {
4530 		ret = 0;
4531 	}
4532 
4533 out:
4534 	/* Scan state should be updated upon scan completion but in case
4535 	 * firmware fails to deliver the event (for whatever reason) it is
4536 	 * desired to clean up scan state anyway. Firmware may have just
4537 	 * dropped the scan completion event delivery due to transport pipe
4538 	 * being overflown with data and/or it can recover on its own before
4539 	 * next scan request is submitted.
4540 	 */
4541 	spin_lock_bh(&ar->data_lock);
4542 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4543 		__ath10k_scan_finish(ar);
4544 	spin_unlock_bh(&ar->data_lock);
4545 
4546 	return ret;
4547 }
4548 
4549 static void ath10k_scan_abort(struct ath10k *ar)
4550 {
4551 	int ret;
4552 
4553 	lockdep_assert_held(&ar->conf_mutex);
4554 
4555 	spin_lock_bh(&ar->data_lock);
4556 
4557 	switch (ar->scan.state) {
4558 	case ATH10K_SCAN_IDLE:
4559 		/* This can happen if timeout worker kicked in and called
4560 		 * abortion while scan completion was being processed.
4561 		 */
4562 		break;
4563 	case ATH10K_SCAN_STARTING:
4564 	case ATH10K_SCAN_ABORTING:
4565 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4566 			    ath10k_scan_state_str(ar->scan.state),
4567 			    ar->scan.state);
4568 		break;
4569 	case ATH10K_SCAN_RUNNING:
4570 		ar->scan.state = ATH10K_SCAN_ABORTING;
4571 		spin_unlock_bh(&ar->data_lock);
4572 
4573 		ret = ath10k_scan_stop(ar);
4574 		if (ret)
4575 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4576 
4577 		spin_lock_bh(&ar->data_lock);
4578 		break;
4579 	}
4580 
4581 	spin_unlock_bh(&ar->data_lock);
4582 }
4583 
4584 void ath10k_scan_timeout_work(struct work_struct *work)
4585 {
4586 	struct ath10k *ar = container_of(work, struct ath10k,
4587 					 scan.timeout.work);
4588 
4589 	mutex_lock(&ar->conf_mutex);
4590 	ath10k_scan_abort(ar);
4591 	mutex_unlock(&ar->conf_mutex);
4592 }
4593 
4594 static int ath10k_start_scan(struct ath10k *ar,
4595 			     const struct wmi_start_scan_arg *arg)
4596 {
4597 	int ret;
4598 
4599 	lockdep_assert_held(&ar->conf_mutex);
4600 
4601 	ret = ath10k_wmi_start_scan(ar, arg);
4602 	if (ret)
4603 		return ret;
4604 
4605 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4606 	if (ret == 0) {
4607 		ret = ath10k_scan_stop(ar);
4608 		if (ret)
4609 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4610 
4611 		return -ETIMEDOUT;
4612 	}
4613 
4614 	/* If we failed to start the scan, return error code at
4615 	 * this point.  This is probably due to some issue in the
4616 	 * firmware, but no need to wedge the driver due to that...
4617 	 */
4618 	spin_lock_bh(&ar->data_lock);
4619 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4620 		spin_unlock_bh(&ar->data_lock);
4621 		return -EINVAL;
4622 	}
4623 	spin_unlock_bh(&ar->data_lock);
4624 
4625 	return 0;
4626 }
4627 
4628 /**********************/
4629 /* mac80211 callbacks */
4630 /**********************/
4631 
4632 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4633 			     struct ieee80211_tx_control *control,
4634 			     struct sk_buff *skb)
4635 {
4636 	struct ath10k *ar = hw->priv;
4637 	struct ath10k_htt *htt = &ar->htt;
4638 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4639 	struct ieee80211_vif *vif = info->control.vif;
4640 	struct ieee80211_sta *sta = control->sta;
4641 	struct ieee80211_txq *txq = NULL;
4642 	struct ieee80211_hdr *hdr = (void *)skb->data;
4643 	enum ath10k_hw_txrx_mode txmode;
4644 	enum ath10k_mac_tx_path txpath;
4645 	bool is_htt;
4646 	bool is_mgmt;
4647 	bool is_presp;
4648 	int ret;
4649 	u16 airtime;
4650 
4651 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4652 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4653 
4654 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4655 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4656 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4657 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4658 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4659 
4660 	if (is_htt) {
4661 		spin_lock_bh(&ar->htt.tx_lock);
4662 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4663 
4664 		ret = ath10k_htt_tx_inc_pending(htt);
4665 		if (ret) {
4666 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4667 				    ret);
4668 			spin_unlock_bh(&ar->htt.tx_lock);
4669 			ieee80211_free_txskb(ar->hw, skb);
4670 			return;
4671 		}
4672 
4673 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4674 		if (ret) {
4675 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4676 				   ret);
4677 			ath10k_htt_tx_dec_pending(htt);
4678 			spin_unlock_bh(&ar->htt.tx_lock);
4679 			ieee80211_free_txskb(ar->hw, skb);
4680 			return;
4681 		}
4682 		spin_unlock_bh(&ar->htt.tx_lock);
4683 	}
4684 
4685 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4686 	if (ret) {
4687 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4688 		if (is_htt) {
4689 			spin_lock_bh(&ar->htt.tx_lock);
4690 			ath10k_htt_tx_dec_pending(htt);
4691 			if (is_mgmt)
4692 				ath10k_htt_tx_mgmt_dec_pending(htt);
4693 			spin_unlock_bh(&ar->htt.tx_lock);
4694 		}
4695 		return;
4696 	}
4697 }
4698 
4699 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4700 					struct ieee80211_txq *txq)
4701 {
4702 	struct ath10k *ar = hw->priv;
4703 	int ret;
4704 	u8 ac;
4705 
4706 	ath10k_htt_tx_txq_update(hw, txq);
4707 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4708 		return;
4709 
4710 	ac = txq->ac;
4711 	ieee80211_txq_schedule_start(hw, ac);
4712 	txq = ieee80211_next_txq(hw, ac);
4713 	if (!txq)
4714 		goto out;
4715 
4716 	while (ath10k_mac_tx_can_push(hw, txq)) {
4717 		ret = ath10k_mac_tx_push_txq(hw, txq);
4718 		if (ret < 0)
4719 			break;
4720 	}
4721 	ieee80211_return_txq(hw, txq, false);
4722 	ath10k_htt_tx_txq_update(hw, txq);
4723 out:
4724 	ieee80211_txq_schedule_end(hw, ac);
4725 }
4726 
4727 /* Must not be called with conf_mutex held as workers can use that also. */
4728 void ath10k_drain_tx(struct ath10k *ar)
4729 {
4730 	lockdep_assert_not_held(&ar->conf_mutex);
4731 
4732 	/* make sure rcu-protected mac80211 tx path itself is drained */
4733 	synchronize_net();
4734 
4735 	ath10k_offchan_tx_purge(ar);
4736 	ath10k_mgmt_over_wmi_tx_purge(ar);
4737 
4738 	cancel_work_sync(&ar->offchan_tx_work);
4739 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4740 }
4741 
4742 void ath10k_halt(struct ath10k *ar)
4743 {
4744 	struct ath10k_vif *arvif;
4745 
4746 	lockdep_assert_held(&ar->conf_mutex);
4747 
4748 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4749 	ar->filter_flags = 0;
4750 	ar->monitor = false;
4751 	ar->monitor_arvif = NULL;
4752 
4753 	if (ar->monitor_started)
4754 		ath10k_monitor_stop(ar);
4755 
4756 	ar->monitor_started = false;
4757 	ar->tx_paused = 0;
4758 
4759 	ath10k_scan_finish(ar);
4760 	ath10k_peer_cleanup_all(ar);
4761 	ath10k_stop_radar_confirmation(ar);
4762 	ath10k_core_stop(ar);
4763 	ath10k_hif_power_down(ar);
4764 
4765 	spin_lock_bh(&ar->data_lock);
4766 	list_for_each_entry(arvif, &ar->arvifs, list)
4767 		ath10k_mac_vif_beacon_cleanup(arvif);
4768 	spin_unlock_bh(&ar->data_lock);
4769 }
4770 
4771 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4772 {
4773 	struct ath10k *ar = hw->priv;
4774 
4775 	mutex_lock(&ar->conf_mutex);
4776 
4777 	*tx_ant = ar->cfg_tx_chainmask;
4778 	*rx_ant = ar->cfg_rx_chainmask;
4779 
4780 	mutex_unlock(&ar->conf_mutex);
4781 
4782 	return 0;
4783 }
4784 
4785 static bool ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4786 {
4787 	/* It is not clear that allowing gaps in chainmask
4788 	 * is helpful.  Probably it will not do what user
4789 	 * is hoping for, so warn in that case.
4790 	 */
4791 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4792 		return true;
4793 
4794 	ath10k_warn(ar, "mac %s antenna chainmask is invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4795 		    dbg, cm);
4796 	return false;
4797 }
4798 
4799 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4800 {
4801 	int nsts = ar->vht_cap_info;
4802 
4803 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4804 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4805 
4806 	/* If firmware does not deliver to host number of space-time
4807 	 * streams supported, assume it support up to 4 BF STS and return
4808 	 * the value for VHT CAP: nsts-1)
4809 	 */
4810 	if (nsts == 0)
4811 		return 3;
4812 
4813 	return nsts;
4814 }
4815 
4816 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4817 {
4818 	int sound_dim = ar->vht_cap_info;
4819 
4820 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4821 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4822 
4823 	/* If the sounding dimension is not advertised by the firmware,
4824 	 * let's use a default value of 1
4825 	 */
4826 	if (sound_dim == 0)
4827 		return 1;
4828 
4829 	return sound_dim;
4830 }
4831 
4832 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4833 {
4834 	struct ieee80211_sta_vht_cap vht_cap = {0};
4835 	struct ath10k_hw_params *hw = &ar->hw_params;
4836 	u16 mcs_map;
4837 	u32 val;
4838 	int i;
4839 
4840 	vht_cap.vht_supported = 1;
4841 	vht_cap.cap = ar->vht_cap_info;
4842 
4843 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4844 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4845 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4846 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4847 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4848 
4849 		vht_cap.cap |= val;
4850 	}
4851 
4852 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4853 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4854 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4855 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4856 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4857 
4858 		vht_cap.cap |= val;
4859 	}
4860 
4861 	mcs_map = 0;
4862 	for (i = 0; i < 8; i++) {
4863 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4864 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4865 		else
4866 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4867 	}
4868 
4869 	if (ar->cfg_tx_chainmask <= 1)
4870 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4871 
4872 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4873 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4874 
4875 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4876 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4877 	 * user-space a clue if that is the case.
4878 	 */
4879 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4880 	    (hw->vht160_mcs_rx_highest != 0 ||
4881 	     hw->vht160_mcs_tx_highest != 0)) {
4882 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4883 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4884 	}
4885 
4886 	return vht_cap;
4887 }
4888 
4889 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4890 {
4891 	int i;
4892 	struct ieee80211_sta_ht_cap ht_cap = {0};
4893 
4894 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4895 		return ht_cap;
4896 
4897 	ht_cap.ht_supported = 1;
4898 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4899 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4900 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4901 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4902 	ht_cap.cap |=
4903 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4904 
4905 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4906 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4907 
4908 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4909 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4910 
4911 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4912 		u32 smps;
4913 
4914 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4915 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4916 
4917 		ht_cap.cap |= smps;
4918 	}
4919 
4920 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4921 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4922 
4923 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4924 		u32 stbc;
4925 
4926 		stbc   = ar->ht_cap_info;
4927 		stbc  &= WMI_HT_CAP_RX_STBC;
4928 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4929 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4930 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4931 
4932 		ht_cap.cap |= stbc;
4933 	}
4934 
4935 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4936 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4937 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4938 
4939 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4940 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4941 
4942 	/* max AMSDU is implicitly taken from vht_cap_info */
4943 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4944 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4945 
4946 	for (i = 0; i < ar->num_rf_chains; i++) {
4947 		if (ar->cfg_rx_chainmask & BIT(i))
4948 			ht_cap.mcs.rx_mask[i] = 0xFF;
4949 	}
4950 
4951 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
4952 
4953 	return ht_cap;
4954 }
4955 
4956 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
4957 {
4958 	struct ieee80211_supported_band *band;
4959 	struct ieee80211_sta_vht_cap vht_cap;
4960 	struct ieee80211_sta_ht_cap ht_cap;
4961 
4962 	ht_cap = ath10k_get_ht_cap(ar);
4963 	vht_cap = ath10k_create_vht_cap(ar);
4964 
4965 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
4966 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
4967 		band->ht_cap = ht_cap;
4968 	}
4969 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
4970 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
4971 		band->ht_cap = ht_cap;
4972 		band->vht_cap = vht_cap;
4973 	}
4974 }
4975 
4976 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
4977 {
4978 	int ret;
4979 	bool is_valid_tx_chain_mask, is_valid_rx_chain_mask;
4980 
4981 	lockdep_assert_held(&ar->conf_mutex);
4982 
4983 	is_valid_tx_chain_mask = ath10k_check_chain_mask(ar, tx_ant, "tx");
4984 	is_valid_rx_chain_mask = ath10k_check_chain_mask(ar, rx_ant, "rx");
4985 
4986 	if (!is_valid_tx_chain_mask || !is_valid_rx_chain_mask)
4987 		return -EINVAL;
4988 
4989 	ar->cfg_tx_chainmask = tx_ant;
4990 	ar->cfg_rx_chainmask = rx_ant;
4991 
4992 	if ((ar->state != ATH10K_STATE_ON) &&
4993 	    (ar->state != ATH10K_STATE_RESTARTED))
4994 		return 0;
4995 
4996 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
4997 					tx_ant);
4998 	if (ret) {
4999 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
5000 			    ret, tx_ant);
5001 		return ret;
5002 	}
5003 
5004 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
5005 					rx_ant);
5006 	if (ret) {
5007 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
5008 			    ret, rx_ant);
5009 		return ret;
5010 	}
5011 
5012 	/* Reload HT/VHT capability */
5013 	ath10k_mac_setup_ht_vht_cap(ar);
5014 
5015 	return 0;
5016 }
5017 
5018 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
5019 {
5020 	struct ath10k *ar = hw->priv;
5021 	int ret;
5022 
5023 	mutex_lock(&ar->conf_mutex);
5024 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
5025 	mutex_unlock(&ar->conf_mutex);
5026 	return ret;
5027 }
5028 
5029 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
5030 				       struct wmi_bb_timing_cfg_arg *bb_timing)
5031 {
5032 	struct device_node *node;
5033 	const char *fem_name;
5034 	int ret;
5035 
5036 	node = ar->dev->of_node;
5037 	if (!node)
5038 		return -ENOENT;
5039 
5040 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
5041 	if (ret)
5042 		return -ENOENT;
5043 
5044 	/*
5045 	 * If external Front End module used in hardware, then default base band timing
5046 	 * parameter cannot be used since they were fine tuned for reference hardware,
5047 	 * so choosing different value suitable for that external FEM.
5048 	 */
5049 	if (!strcmp("microsemi-lx5586", fem_name)) {
5050 		bb_timing->bb_tx_timing = 0x00;
5051 		bb_timing->bb_xpa_timing = 0x0101;
5052 	} else {
5053 		return -ENOENT;
5054 	}
5055 
5056 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
5057 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
5058 	return 0;
5059 }
5060 
5061 static int ath10k_mac_rfkill_config(struct ath10k *ar)
5062 {
5063 	u32 param;
5064 	int ret;
5065 
5066 	if (ar->hw_values->rfkill_pin == 0) {
5067 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
5068 		return -EOPNOTSUPP;
5069 	}
5070 
5071 	ath10k_dbg(ar, ATH10K_DBG_MAC,
5072 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
5073 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
5074 		   ar->hw_values->rfkill_on_level);
5075 
5076 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
5077 			   ar->hw_values->rfkill_on_level) |
5078 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
5079 			   ar->hw_values->rfkill_pin) |
5080 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
5081 			   ar->hw_values->rfkill_cfg);
5082 
5083 	ret = ath10k_wmi_pdev_set_param(ar,
5084 					ar->wmi.pdev_param->rfkill_config,
5085 					param);
5086 	if (ret) {
5087 		ath10k_warn(ar,
5088 			    "failed to set rfkill config 0x%x: %d\n",
5089 			    param, ret);
5090 		return ret;
5091 	}
5092 	return 0;
5093 }
5094 
5095 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
5096 {
5097 	enum wmi_tlv_rfkill_enable_radio param;
5098 	int ret;
5099 
5100 	if (enable)
5101 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
5102 	else
5103 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
5104 
5105 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
5106 
5107 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
5108 					param);
5109 	if (ret) {
5110 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
5111 			    param, ret);
5112 		return ret;
5113 	}
5114 
5115 	return 0;
5116 }
5117 
5118 static int ath10k_start(struct ieee80211_hw *hw)
5119 {
5120 	struct ath10k *ar = hw->priv;
5121 	u32 param;
5122 	int ret = 0;
5123 	struct wmi_bb_timing_cfg_arg bb_timing = {0};
5124 
5125 	/*
5126 	 * This makes sense only when restarting hw. It is harmless to call
5127 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
5128 	 * commands will be submitted while restarting.
5129 	 */
5130 	ath10k_drain_tx(ar);
5131 
5132 	mutex_lock(&ar->conf_mutex);
5133 
5134 	switch (ar->state) {
5135 	case ATH10K_STATE_OFF:
5136 		ar->state = ATH10K_STATE_ON;
5137 		break;
5138 	case ATH10K_STATE_RESTARTING:
5139 		ar->state = ATH10K_STATE_RESTARTED;
5140 		break;
5141 	case ATH10K_STATE_ON:
5142 	case ATH10K_STATE_RESTARTED:
5143 	case ATH10K_STATE_WEDGED:
5144 		WARN_ON(1);
5145 		ret = -EINVAL;
5146 		goto err;
5147 	case ATH10K_STATE_UTF:
5148 		ret = -EBUSY;
5149 		goto err;
5150 	}
5151 
5152 	spin_lock_bh(&ar->data_lock);
5153 
5154 	if (ar->hw_rfkill_on) {
5155 		ar->hw_rfkill_on = false;
5156 		spin_unlock_bh(&ar->data_lock);
5157 		goto err;
5158 	}
5159 
5160 	spin_unlock_bh(&ar->data_lock);
5161 
5162 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
5163 	if (ret) {
5164 		ath10k_err(ar, "Could not init hif: %d\n", ret);
5165 		goto err_off;
5166 	}
5167 
5168 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
5169 				&ar->normal_mode_fw);
5170 	if (ret) {
5171 		ath10k_err(ar, "Could not init core: %d\n", ret);
5172 		goto err_power_down;
5173 	}
5174 
5175 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
5176 		ret = ath10k_mac_rfkill_config(ar);
5177 		if (ret && ret != -EOPNOTSUPP) {
5178 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
5179 			goto err_core_stop;
5180 		}
5181 	}
5182 
5183 	param = ar->wmi.pdev_param->pmf_qos;
5184 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5185 	if (ret) {
5186 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
5187 		goto err_core_stop;
5188 	}
5189 
5190 	param = ar->wmi.pdev_param->dynamic_bw;
5191 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5192 	if (ret) {
5193 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
5194 		goto err_core_stop;
5195 	}
5196 
5197 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
5198 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
5199 		if (ret) {
5200 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
5201 			goto err_core_stop;
5202 		}
5203 	}
5204 
5205 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
5206 		ret = ath10k_wmi_adaptive_qcs(ar, true);
5207 		if (ret) {
5208 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
5209 				    ret);
5210 			goto err_core_stop;
5211 		}
5212 	}
5213 
5214 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
5215 		param = ar->wmi.pdev_param->burst_enable;
5216 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5217 		if (ret) {
5218 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
5219 			goto err_core_stop;
5220 		}
5221 	}
5222 
5223 	param = ar->wmi.pdev_param->idle_ps_config;
5224 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5225 	if (ret && ret != -EOPNOTSUPP) {
5226 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
5227 		goto err_core_stop;
5228 	}
5229 
5230 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
5231 
5232 	/*
5233 	 * By default FW set ARP frames ac to voice (6). In that case ARP
5234 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
5235 	 * which arrives with access category 0 are processed by network stack
5236 	 * and send back with access category 0, but FW changes access category
5237 	 * to 6. Set ARP frames access category to best effort (0) solves
5238 	 * this problem.
5239 	 */
5240 
5241 	param = ar->wmi.pdev_param->arp_ac_override;
5242 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5243 	if (ret) {
5244 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
5245 			    ret);
5246 		goto err_core_stop;
5247 	}
5248 
5249 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
5250 		     ar->running_fw->fw_file.fw_features)) {
5251 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
5252 							  WMI_CCA_DETECT_LEVEL_AUTO,
5253 							  WMI_CCA_DETECT_MARGIN_AUTO);
5254 		if (ret) {
5255 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
5256 				    ret);
5257 			goto err_core_stop;
5258 		}
5259 	}
5260 
5261 	param = ar->wmi.pdev_param->ani_enable;
5262 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5263 	if (ret) {
5264 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
5265 			    ret);
5266 		goto err_core_stop;
5267 	}
5268 
5269 	ar->ani_enabled = true;
5270 
5271 	if (ath10k_peer_stats_enabled(ar)) {
5272 		param = ar->wmi.pdev_param->peer_stats_update_period;
5273 		ret = ath10k_wmi_pdev_set_param(ar, param,
5274 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
5275 		if (ret) {
5276 			ath10k_warn(ar,
5277 				    "failed to set peer stats period : %d\n",
5278 				    ret);
5279 			goto err_core_stop;
5280 		}
5281 	}
5282 
5283 	param = ar->wmi.pdev_param->enable_btcoex;
5284 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
5285 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
5286 		     ar->running_fw->fw_file.fw_features) &&
5287 	    ar->coex_support) {
5288 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5289 		if (ret) {
5290 			ath10k_warn(ar,
5291 				    "failed to set btcoex param: %d\n", ret);
5292 			goto err_core_stop;
5293 		}
5294 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
5295 	}
5296 
5297 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
5298 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
5299 		if (!ret) {
5300 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
5301 			if (ret) {
5302 				ath10k_warn(ar,
5303 					    "failed to set bb timings: %d\n",
5304 					    ret);
5305 				goto err_core_stop;
5306 			}
5307 		}
5308 	}
5309 
5310 	ar->num_started_vdevs = 0;
5311 	ath10k_regd_update(ar);
5312 
5313 	ath10k_spectral_start(ar);
5314 	ath10k_thermal_set_throttling(ar);
5315 
5316 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5317 
5318 	mutex_unlock(&ar->conf_mutex);
5319 	return 0;
5320 
5321 err_core_stop:
5322 	ath10k_core_stop(ar);
5323 
5324 err_power_down:
5325 	ath10k_hif_power_down(ar);
5326 
5327 err_off:
5328 	ar->state = ATH10K_STATE_OFF;
5329 
5330 err:
5331 	mutex_unlock(&ar->conf_mutex);
5332 	return ret;
5333 }
5334 
5335 static void ath10k_stop(struct ieee80211_hw *hw)
5336 {
5337 	struct ath10k *ar = hw->priv;
5338 
5339 	ath10k_drain_tx(ar);
5340 
5341 	mutex_lock(&ar->conf_mutex);
5342 	if (ar->state != ATH10K_STATE_OFF) {
5343 		if (!ar->hw_rfkill_on)
5344 			ath10k_halt(ar);
5345 		ar->state = ATH10K_STATE_OFF;
5346 	}
5347 	mutex_unlock(&ar->conf_mutex);
5348 
5349 	cancel_work_sync(&ar->set_coverage_class_work);
5350 	cancel_delayed_work_sync(&ar->scan.timeout);
5351 	cancel_work_sync(&ar->restart_work);
5352 }
5353 
5354 static int ath10k_config_ps(struct ath10k *ar)
5355 {
5356 	struct ath10k_vif *arvif;
5357 	int ret = 0;
5358 
5359 	lockdep_assert_held(&ar->conf_mutex);
5360 
5361 	list_for_each_entry(arvif, &ar->arvifs, list) {
5362 		ret = ath10k_mac_vif_setup_ps(arvif);
5363 		if (ret) {
5364 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5365 			break;
5366 		}
5367 	}
5368 
5369 	return ret;
5370 }
5371 
5372 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
5373 {
5374 	struct ath10k *ar = hw->priv;
5375 	struct ieee80211_conf *conf = &hw->conf;
5376 	int ret = 0;
5377 
5378 	mutex_lock(&ar->conf_mutex);
5379 
5380 	if (changed & IEEE80211_CONF_CHANGE_PS)
5381 		ath10k_config_ps(ar);
5382 
5383 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5384 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5385 		ret = ath10k_monitor_recalc(ar);
5386 		if (ret)
5387 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5388 	}
5389 
5390 	mutex_unlock(&ar->conf_mutex);
5391 	return ret;
5392 }
5393 
5394 static u32 get_nss_from_chainmask(u16 chain_mask)
5395 {
5396 	if ((chain_mask & 0xf) == 0xf)
5397 		return 4;
5398 	else if ((chain_mask & 0x7) == 0x7)
5399 		return 3;
5400 	else if ((chain_mask & 0x3) == 0x3)
5401 		return 2;
5402 	return 1;
5403 }
5404 
5405 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5406 {
5407 	u32 value = 0;
5408 	struct ath10k *ar = arvif->ar;
5409 	int nsts;
5410 	int sound_dim;
5411 
5412 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5413 		return 0;
5414 
5415 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5416 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5417 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5418 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5419 
5420 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5421 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5422 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5423 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5424 
5425 	if (!value)
5426 		return 0;
5427 
5428 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5429 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5430 
5431 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5432 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5433 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5434 
5435 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5436 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5437 
5438 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5439 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5440 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5441 
5442 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5443 					 ar->wmi.vdev_param->txbf, value);
5444 }
5445 
5446 /*
5447  * TODO:
5448  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5449  * because we will send mgmt frames without CCK. This requirement
5450  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5451  * in the TX packet.
5452  */
5453 static int ath10k_add_interface(struct ieee80211_hw *hw,
5454 				struct ieee80211_vif *vif)
5455 {
5456 	struct ath10k *ar = hw->priv;
5457 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5458 	struct ath10k_peer *peer;
5459 	enum wmi_sta_powersave_param param;
5460 	int ret = 0;
5461 	u32 value;
5462 	int bit;
5463 	int i;
5464 	u32 vdev_param;
5465 
5466 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5467 
5468 	mutex_lock(&ar->conf_mutex);
5469 
5470 	memset(arvif, 0, sizeof(*arvif));
5471 	ath10k_mac_txq_init(vif->txq);
5472 
5473 	arvif->ar = ar;
5474 	arvif->vif = vif;
5475 
5476 	INIT_LIST_HEAD(&arvif->list);
5477 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5478 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5479 			  ath10k_mac_vif_sta_connection_loss_work);
5480 
5481 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5482 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5483 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5484 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5485 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5486 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5487 	}
5488 
5489 	if (ar->num_peers >= ar->max_num_peers) {
5490 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5491 		ret = -ENOBUFS;
5492 		goto err;
5493 	}
5494 
5495 	if (ar->free_vdev_map == 0) {
5496 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5497 		ret = -EBUSY;
5498 		goto err;
5499 	}
5500 	bit = __ffs64(ar->free_vdev_map);
5501 
5502 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5503 		   bit, ar->free_vdev_map);
5504 
5505 	arvif->vdev_id = bit;
5506 	arvif->vdev_subtype =
5507 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5508 
5509 	switch (vif->type) {
5510 	case NL80211_IFTYPE_P2P_DEVICE:
5511 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5512 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5513 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5514 		break;
5515 	case NL80211_IFTYPE_UNSPECIFIED:
5516 	case NL80211_IFTYPE_STATION:
5517 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5518 		if (vif->p2p)
5519 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5520 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5521 		break;
5522 	case NL80211_IFTYPE_ADHOC:
5523 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5524 		break;
5525 	case NL80211_IFTYPE_MESH_POINT:
5526 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5527 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5528 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5529 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5530 			ret = -EINVAL;
5531 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5532 			goto err;
5533 		}
5534 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5535 		break;
5536 	case NL80211_IFTYPE_AP:
5537 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5538 
5539 		if (vif->p2p)
5540 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5541 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5542 		break;
5543 	case NL80211_IFTYPE_MONITOR:
5544 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5545 		break;
5546 	default:
5547 		WARN_ON(1);
5548 		break;
5549 	}
5550 
5551 	/* Using vdev_id as queue number will make it very easy to do per-vif
5552 	 * tx queue locking. This shouldn't wrap due to interface combinations
5553 	 * but do a modulo for correctness sake and prevent using offchannel tx
5554 	 * queues for regular vif tx.
5555 	 */
5556 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5557 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5558 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5559 
5560 	/* Some firmware revisions don't wait for beacon tx completion before
5561 	 * sending another SWBA event. This could lead to hardware using old
5562 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5563 	 * combined with missed TBTT. This is very rare.
5564 	 *
5565 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5566 	 * because hw could beacon some random data on the air.  On
5567 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5568 	 * device would crash.
5569 	 *
5570 	 * Since there are no beacon tx completions (implicit nor explicit)
5571 	 * propagated to host the only workaround for this is to allocate a
5572 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5573 	 * beacon tx commands. Worst case for this approach is some beacons may
5574 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5575 	 */
5576 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5577 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5578 	    vif->type == NL80211_IFTYPE_AP) {
5579 		arvif->beacon_buf = dma_alloc_coherent(ar->dev,
5580 						       IEEE80211_MAX_FRAME_LEN,
5581 						       &arvif->beacon_paddr,
5582 						       GFP_ATOMIC);
5583 		if (!arvif->beacon_buf) {
5584 			ret = -ENOMEM;
5585 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5586 				    ret);
5587 			goto err;
5588 		}
5589 	}
5590 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5591 		arvif->nohwcrypt = true;
5592 
5593 	if (arvif->nohwcrypt &&
5594 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5595 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5596 		goto err;
5597 	}
5598 
5599 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5600 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5601 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5602 
5603 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5604 				     arvif->vdev_subtype, vif->addr);
5605 	if (ret) {
5606 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5607 			    arvif->vdev_id, ret);
5608 		goto err;
5609 	}
5610 
5611 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5612 		     ar->wmi.svc_map)) {
5613 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5614 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5615 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5616 		if (ret && ret != -EOPNOTSUPP) {
5617 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5618 				    arvif->vdev_id, ret);
5619 		}
5620 	}
5621 
5622 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5623 	spin_lock_bh(&ar->data_lock);
5624 	list_add(&arvif->list, &ar->arvifs);
5625 	spin_unlock_bh(&ar->data_lock);
5626 
5627 	/* It makes no sense to have firmware do keepalives. mac80211 already
5628 	 * takes care of this with idle connection polling.
5629 	 */
5630 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5631 	if (ret) {
5632 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5633 			    arvif->vdev_id, ret);
5634 		goto err_vdev_delete;
5635 	}
5636 
5637 	arvif->def_wep_key_idx = -1;
5638 
5639 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5640 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5641 					ATH10K_HW_TXRX_NATIVE_WIFI);
5642 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5643 	if (ret && ret != -EOPNOTSUPP) {
5644 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5645 			    arvif->vdev_id, ret);
5646 		goto err_vdev_delete;
5647 	}
5648 
5649 	/* Configuring number of spatial stream for monitor interface is causing
5650 	 * target assert in qca9888 and qca6174.
5651 	 */
5652 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5653 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5654 
5655 		vdev_param = ar->wmi.vdev_param->nss;
5656 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5657 						nss);
5658 		if (ret) {
5659 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5660 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5661 				    ret);
5662 			goto err_vdev_delete;
5663 		}
5664 	}
5665 
5666 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5667 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5668 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5669 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5670 		if (ret) {
5671 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5672 				    arvif->vdev_id, ret);
5673 			goto err_vdev_delete;
5674 		}
5675 
5676 		spin_lock_bh(&ar->data_lock);
5677 
5678 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5679 		if (!peer) {
5680 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5681 				    vif->addr, arvif->vdev_id);
5682 			spin_unlock_bh(&ar->data_lock);
5683 			ret = -ENOENT;
5684 			goto err_peer_delete;
5685 		}
5686 
5687 		arvif->peer_id = find_first_bit(peer->peer_ids,
5688 						ATH10K_MAX_NUM_PEER_IDS);
5689 
5690 		spin_unlock_bh(&ar->data_lock);
5691 	} else {
5692 		arvif->peer_id = HTT_INVALID_PEERID;
5693 	}
5694 
5695 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5696 		ret = ath10k_mac_set_kickout(arvif);
5697 		if (ret) {
5698 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5699 				    arvif->vdev_id, ret);
5700 			goto err_peer_delete;
5701 		}
5702 	}
5703 
5704 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5705 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5706 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5707 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5708 						  param, value);
5709 		if (ret) {
5710 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5711 				    arvif->vdev_id, ret);
5712 			goto err_peer_delete;
5713 		}
5714 
5715 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5716 		if (ret) {
5717 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5718 				    arvif->vdev_id, ret);
5719 			goto err_peer_delete;
5720 		}
5721 
5722 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5723 		if (ret) {
5724 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5725 				    arvif->vdev_id, ret);
5726 			goto err_peer_delete;
5727 		}
5728 	}
5729 
5730 	ret = ath10k_mac_set_txbf_conf(arvif);
5731 	if (ret) {
5732 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5733 			    arvif->vdev_id, ret);
5734 		goto err_peer_delete;
5735 	}
5736 
5737 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5738 	if (ret) {
5739 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5740 			    arvif->vdev_id, ret);
5741 		goto err_peer_delete;
5742 	}
5743 
5744 	arvif->txpower = vif->bss_conf.txpower;
5745 	ret = ath10k_mac_txpower_recalc(ar);
5746 	if (ret) {
5747 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5748 		goto err_peer_delete;
5749 	}
5750 
5751 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5752 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5753 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5754 						arvif->ftm_responder);
5755 
5756 		/* It is harmless to not set FTM role. Do not warn */
5757 		if (ret && ret != -EOPNOTSUPP)
5758 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5759 				    arvif->vdev_id, ret);
5760 	}
5761 
5762 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5763 		ar->monitor_arvif = arvif;
5764 		ret = ath10k_monitor_recalc(ar);
5765 		if (ret) {
5766 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5767 			goto err_peer_delete;
5768 		}
5769 	}
5770 
5771 	spin_lock_bh(&ar->htt.tx_lock);
5772 	if (!ar->tx_paused)
5773 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5774 	spin_unlock_bh(&ar->htt.tx_lock);
5775 
5776 	mutex_unlock(&ar->conf_mutex);
5777 	return 0;
5778 
5779 err_peer_delete:
5780 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5781 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5782 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5783 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5784 						 vif->addr);
5785 	}
5786 
5787 err_vdev_delete:
5788 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5789 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5790 	spin_lock_bh(&ar->data_lock);
5791 	list_del(&arvif->list);
5792 	spin_unlock_bh(&ar->data_lock);
5793 
5794 err:
5795 	if (arvif->beacon_buf) {
5796 		dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5797 				  arvif->beacon_buf, arvif->beacon_paddr);
5798 		arvif->beacon_buf = NULL;
5799 	}
5800 
5801 	mutex_unlock(&ar->conf_mutex);
5802 
5803 	return ret;
5804 }
5805 
5806 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5807 {
5808 	int i;
5809 
5810 	for (i = 0; i < BITS_PER_LONG; i++)
5811 		ath10k_mac_vif_tx_unlock(arvif, i);
5812 }
5813 
5814 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5815 				    struct ieee80211_vif *vif)
5816 {
5817 	struct ath10k *ar = hw->priv;
5818 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5819 	struct ath10k_peer *peer;
5820 	unsigned long time_left;
5821 	int ret;
5822 	int i;
5823 
5824 	cancel_work_sync(&arvif->ap_csa_work);
5825 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5826 
5827 	mutex_lock(&ar->conf_mutex);
5828 
5829 	ret = ath10k_spectral_vif_stop(arvif);
5830 	if (ret)
5831 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5832 			    arvif->vdev_id, ret);
5833 
5834 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5835 	spin_lock_bh(&ar->data_lock);
5836 	list_del(&arvif->list);
5837 	spin_unlock_bh(&ar->data_lock);
5838 
5839 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5840 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5841 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5842 					     vif->addr);
5843 		if (ret)
5844 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5845 				    arvif->vdev_id, ret);
5846 
5847 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5848 						 vif->addr);
5849 		kfree(arvif->u.ap.noa_data);
5850 	}
5851 
5852 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5853 		   arvif->vdev_id);
5854 
5855 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5856 	if (ret)
5857 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5858 			    arvif->vdev_id, ret);
5859 
5860 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
5861 		time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
5862 							ATH10K_VDEV_DELETE_TIMEOUT_HZ);
5863 		if (time_left == 0) {
5864 			ath10k_warn(ar, "Timeout in receiving vdev delete response\n");
5865 			goto out;
5866 		}
5867 	}
5868 
5869 	/* Some firmware revisions don't notify host about self-peer removal
5870 	 * until after associated vdev is deleted.
5871 	 */
5872 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5873 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5874 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5875 						   vif->addr);
5876 		if (ret)
5877 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5878 				    arvif->vdev_id, ret);
5879 
5880 		spin_lock_bh(&ar->data_lock);
5881 		ar->num_peers--;
5882 		spin_unlock_bh(&ar->data_lock);
5883 	}
5884 
5885 	spin_lock_bh(&ar->data_lock);
5886 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5887 		peer = ar->peer_map[i];
5888 		if (!peer)
5889 			continue;
5890 
5891 		if (peer->vif == vif) {
5892 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5893 				    vif->addr, arvif->vdev_id);
5894 			peer->vif = NULL;
5895 		}
5896 	}
5897 
5898 	/* Clean this up late, less opportunity for firmware to access
5899 	 * DMA memory we have deleted.
5900 	 */
5901 	ath10k_mac_vif_beacon_cleanup(arvif);
5902 	spin_unlock_bh(&ar->data_lock);
5903 
5904 	ath10k_peer_cleanup(ar, arvif->vdev_id);
5905 	ath10k_mac_txq_unref(ar, vif->txq);
5906 
5907 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5908 		ar->monitor_arvif = NULL;
5909 		ret = ath10k_monitor_recalc(ar);
5910 		if (ret)
5911 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5912 	}
5913 
5914 	ret = ath10k_mac_txpower_recalc(ar);
5915 	if (ret)
5916 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5917 
5918 	spin_lock_bh(&ar->htt.tx_lock);
5919 	ath10k_mac_vif_tx_unlock_all(arvif);
5920 	spin_unlock_bh(&ar->htt.tx_lock);
5921 
5922 	ath10k_mac_txq_unref(ar, vif->txq);
5923 
5924 out:
5925 	mutex_unlock(&ar->conf_mutex);
5926 }
5927 
5928 /*
5929  * FIXME: Has to be verified.
5930  */
5931 #define SUPPORTED_FILTERS			\
5932 	(FIF_ALLMULTI |				\
5933 	FIF_CONTROL |				\
5934 	FIF_PSPOLL |				\
5935 	FIF_OTHER_BSS |				\
5936 	FIF_BCN_PRBRESP_PROMISC |		\
5937 	FIF_PROBE_REQ |				\
5938 	FIF_FCSFAIL)
5939 
5940 static void ath10k_configure_filter(struct ieee80211_hw *hw,
5941 				    unsigned int changed_flags,
5942 				    unsigned int *total_flags,
5943 				    u64 multicast)
5944 {
5945 	struct ath10k *ar = hw->priv;
5946 	int ret;
5947 
5948 	mutex_lock(&ar->conf_mutex);
5949 
5950 	changed_flags &= SUPPORTED_FILTERS;
5951 	*total_flags &= SUPPORTED_FILTERS;
5952 	ar->filter_flags = *total_flags;
5953 
5954 	ret = ath10k_monitor_recalc(ar);
5955 	if (ret)
5956 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5957 
5958 	mutex_unlock(&ar->conf_mutex);
5959 }
5960 
5961 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
5962 					 struct ieee80211_vif *vif,
5963 					 struct cfg80211_chan_def *def)
5964 {
5965 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5966 	const struct ieee80211_supported_band *sband;
5967 	u8 basic_rate_idx;
5968 	int hw_rate_code;
5969 	u32 vdev_param;
5970 	u16 bitrate;
5971 	int ret;
5972 
5973 	lockdep_assert_held(&ar->conf_mutex);
5974 
5975 	sband = ar->hw->wiphy->bands[def->chan->band];
5976 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
5977 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
5978 
5979 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
5980 	if (hw_rate_code < 0) {
5981 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
5982 		return;
5983 	}
5984 
5985 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
5986 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5987 					hw_rate_code);
5988 	if (ret)
5989 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
5990 }
5991 
5992 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
5993 				    struct ieee80211_vif *vif,
5994 				    struct ieee80211_bss_conf *info,
5995 				    u32 changed)
5996 {
5997 	struct ath10k *ar = hw->priv;
5998 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5999 	struct cfg80211_chan_def def;
6000 	u32 vdev_param, pdev_param, slottime, preamble;
6001 	u16 bitrate, hw_value;
6002 	u8 rate, rateidx;
6003 	int ret = 0, mcast_rate;
6004 	enum nl80211_band band;
6005 
6006 	mutex_lock(&ar->conf_mutex);
6007 
6008 	if (changed & BSS_CHANGED_IBSS)
6009 		ath10k_control_ibss(arvif, info, vif->addr);
6010 
6011 	if (changed & BSS_CHANGED_BEACON_INT) {
6012 		arvif->beacon_interval = info->beacon_int;
6013 		vdev_param = ar->wmi.vdev_param->beacon_interval;
6014 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6015 						arvif->beacon_interval);
6016 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6017 			   "mac vdev %d beacon_interval %d\n",
6018 			   arvif->vdev_id, arvif->beacon_interval);
6019 
6020 		if (ret)
6021 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
6022 				    arvif->vdev_id, ret);
6023 	}
6024 
6025 	if (changed & BSS_CHANGED_BEACON) {
6026 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6027 			   "vdev %d set beacon tx mode to staggered\n",
6028 			   arvif->vdev_id);
6029 
6030 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
6031 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
6032 						WMI_BEACON_STAGGERED_MODE);
6033 		if (ret)
6034 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
6035 				    arvif->vdev_id, ret);
6036 
6037 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
6038 		if (ret)
6039 			ath10k_warn(ar, "failed to update beacon template: %d\n",
6040 				    ret);
6041 
6042 		if (ieee80211_vif_is_mesh(vif)) {
6043 			/* mesh doesn't use SSID but firmware needs it */
6044 			strncpy(arvif->u.ap.ssid, "mesh",
6045 				sizeof(arvif->u.ap.ssid));
6046 			arvif->u.ap.ssid_len = 4;
6047 		}
6048 	}
6049 
6050 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
6051 		ret = ath10k_mac_setup_prb_tmpl(arvif);
6052 		if (ret)
6053 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
6054 				    arvif->vdev_id, ret);
6055 	}
6056 
6057 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
6058 		arvif->dtim_period = info->dtim_period;
6059 
6060 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6061 			   "mac vdev %d dtim_period %d\n",
6062 			   arvif->vdev_id, arvif->dtim_period);
6063 
6064 		vdev_param = ar->wmi.vdev_param->dtim_period;
6065 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6066 						arvif->dtim_period);
6067 		if (ret)
6068 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
6069 				    arvif->vdev_id, ret);
6070 	}
6071 
6072 	if (changed & BSS_CHANGED_SSID &&
6073 	    vif->type == NL80211_IFTYPE_AP) {
6074 		arvif->u.ap.ssid_len = info->ssid_len;
6075 		if (info->ssid_len)
6076 			memcpy(arvif->u.ap.ssid, info->ssid, info->ssid_len);
6077 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
6078 	}
6079 
6080 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
6081 		ether_addr_copy(arvif->bssid, info->bssid);
6082 
6083 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
6084 	    arvif->ftm_responder != info->ftm_responder &&
6085 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
6086 		arvif->ftm_responder = info->ftm_responder;
6087 
6088 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
6089 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6090 						arvif->ftm_responder);
6091 
6092 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6093 			   "mac vdev %d ftm_responder %d:ret %d\n",
6094 			   arvif->vdev_id, arvif->ftm_responder, ret);
6095 	}
6096 
6097 	if (changed & BSS_CHANGED_BEACON_ENABLED)
6098 		ath10k_control_beaconing(arvif, info);
6099 
6100 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
6101 		arvif->use_cts_prot = info->use_cts_prot;
6102 
6103 		ret = ath10k_recalc_rtscts_prot(arvif);
6104 		if (ret)
6105 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
6106 				    arvif->vdev_id, ret);
6107 
6108 		if (ath10k_mac_can_set_cts_prot(arvif)) {
6109 			ret = ath10k_mac_set_cts_prot(arvif);
6110 			if (ret)
6111 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
6112 					    arvif->vdev_id, ret);
6113 		}
6114 	}
6115 
6116 	if (changed & BSS_CHANGED_ERP_SLOT) {
6117 		if (info->use_short_slot)
6118 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
6119 
6120 		else
6121 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
6122 
6123 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
6124 			   arvif->vdev_id, slottime);
6125 
6126 		vdev_param = ar->wmi.vdev_param->slot_time;
6127 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6128 						slottime);
6129 		if (ret)
6130 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
6131 				    arvif->vdev_id, ret);
6132 	}
6133 
6134 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
6135 		if (info->use_short_preamble)
6136 			preamble = WMI_VDEV_PREAMBLE_SHORT;
6137 		else
6138 			preamble = WMI_VDEV_PREAMBLE_LONG;
6139 
6140 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6141 			   "mac vdev %d preamble %dn",
6142 			   arvif->vdev_id, preamble);
6143 
6144 		vdev_param = ar->wmi.vdev_param->preamble;
6145 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6146 						preamble);
6147 		if (ret)
6148 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
6149 				    arvif->vdev_id, ret);
6150 	}
6151 
6152 	if (changed & BSS_CHANGED_ASSOC) {
6153 		if (info->assoc) {
6154 			/* Workaround: Make sure monitor vdev is not running
6155 			 * when associating to prevent some firmware revisions
6156 			 * (e.g. 10.1 and 10.2) from crashing.
6157 			 */
6158 			if (ar->monitor_started)
6159 				ath10k_monitor_stop(ar);
6160 			ath10k_bss_assoc(hw, vif, info);
6161 			ath10k_monitor_recalc(ar);
6162 		} else {
6163 			ath10k_bss_disassoc(hw, vif);
6164 		}
6165 	}
6166 
6167 	if (changed & BSS_CHANGED_TXPOWER) {
6168 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
6169 			   arvif->vdev_id, info->txpower);
6170 
6171 		arvif->txpower = info->txpower;
6172 		ret = ath10k_mac_txpower_recalc(ar);
6173 		if (ret)
6174 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6175 	}
6176 
6177 	if (changed & BSS_CHANGED_PS) {
6178 		arvif->ps = vif->bss_conf.ps;
6179 
6180 		ret = ath10k_config_ps(ar);
6181 		if (ret)
6182 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
6183 				    arvif->vdev_id, ret);
6184 	}
6185 
6186 	if (changed & BSS_CHANGED_MCAST_RATE &&
6187 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
6188 		band = def.chan->band;
6189 		mcast_rate = vif->bss_conf.mcast_rate[band];
6190 		if (mcast_rate > 0)
6191 			rateidx = mcast_rate - 1;
6192 		else
6193 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
6194 
6195 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6196 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6197 
6198 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
6199 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
6200 		if (ath10k_mac_bitrate_is_cck(bitrate))
6201 			preamble = WMI_RATE_PREAMBLE_CCK;
6202 		else
6203 			preamble = WMI_RATE_PREAMBLE_OFDM;
6204 
6205 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
6206 
6207 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6208 			   "mac vdev %d mcast_rate %x\n",
6209 			   arvif->vdev_id, rate);
6210 
6211 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
6212 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6213 						vdev_param, rate);
6214 		if (ret)
6215 			ath10k_warn(ar,
6216 				    "failed to set mcast rate on vdev %i: %d\n",
6217 				    arvif->vdev_id,  ret);
6218 
6219 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
6220 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6221 						vdev_param, rate);
6222 		if (ret)
6223 			ath10k_warn(ar,
6224 				    "failed to set bcast rate on vdev %i: %d\n",
6225 				    arvif->vdev_id,  ret);
6226 	}
6227 
6228 	if (changed & BSS_CHANGED_BASIC_RATES &&
6229 	    !ath10k_mac_vif_chan(arvif->vif, &def))
6230 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
6231 
6232 	mutex_unlock(&ar->conf_mutex);
6233 }
6234 
6235 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
6236 {
6237 	struct ath10k *ar = hw->priv;
6238 
6239 	/* This function should never be called if setting the coverage class
6240 	 * is not supported on this hardware.
6241 	 */
6242 	if (!ar->hw_params.hw_ops->set_coverage_class) {
6243 		WARN_ON_ONCE(1);
6244 		return;
6245 	}
6246 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
6247 }
6248 
6249 struct ath10k_mac_tdls_iter_data {
6250 	u32 num_tdls_stations;
6251 	struct ieee80211_vif *curr_vif;
6252 };
6253 
6254 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6255 						    struct ieee80211_sta *sta)
6256 {
6257 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6258 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6259 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6260 
6261 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6262 		iter_data->num_tdls_stations++;
6263 }
6264 
6265 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6266 					      struct ieee80211_vif *vif)
6267 {
6268 	struct ath10k_mac_tdls_iter_data data = {};
6269 
6270 	data.curr_vif = vif;
6271 
6272 	ieee80211_iterate_stations_atomic(hw,
6273 					  ath10k_mac_tdls_vif_stations_count_iter,
6274 					  &data);
6275 	return data.num_tdls_stations;
6276 }
6277 
6278 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6279 			  struct ieee80211_vif *vif,
6280 			  struct ieee80211_scan_request *hw_req)
6281 {
6282 	struct ath10k *ar = hw->priv;
6283 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6284 	struct cfg80211_scan_request *req = &hw_req->req;
6285 	struct wmi_start_scan_arg arg;
6286 	int ret = 0;
6287 	int i;
6288 	u32 scan_timeout;
6289 
6290 	mutex_lock(&ar->conf_mutex);
6291 
6292 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6293 		ret = -EBUSY;
6294 		goto exit;
6295 	}
6296 
6297 	spin_lock_bh(&ar->data_lock);
6298 	switch (ar->scan.state) {
6299 	case ATH10K_SCAN_IDLE:
6300 		reinit_completion(&ar->scan.started);
6301 		reinit_completion(&ar->scan.completed);
6302 		ar->scan.state = ATH10K_SCAN_STARTING;
6303 		ar->scan.is_roc = false;
6304 		ar->scan.vdev_id = arvif->vdev_id;
6305 		ret = 0;
6306 		break;
6307 	case ATH10K_SCAN_STARTING:
6308 	case ATH10K_SCAN_RUNNING:
6309 	case ATH10K_SCAN_ABORTING:
6310 		ret = -EBUSY;
6311 		break;
6312 	}
6313 	spin_unlock_bh(&ar->data_lock);
6314 
6315 	if (ret)
6316 		goto exit;
6317 
6318 	memset(&arg, 0, sizeof(arg));
6319 	ath10k_wmi_start_scan_init(ar, &arg);
6320 	arg.vdev_id = arvif->vdev_id;
6321 	arg.scan_id = ATH10K_SCAN_ID;
6322 
6323 	if (req->ie_len) {
6324 		arg.ie_len = req->ie_len;
6325 		memcpy(arg.ie, req->ie, arg.ie_len);
6326 	}
6327 
6328 	if (req->n_ssids) {
6329 		arg.n_ssids = req->n_ssids;
6330 		for (i = 0; i < arg.n_ssids; i++) {
6331 			arg.ssids[i].len  = req->ssids[i].ssid_len;
6332 			arg.ssids[i].ssid = req->ssids[i].ssid;
6333 		}
6334 	} else {
6335 		arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6336 	}
6337 
6338 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6339 		arg.scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6340 		ether_addr_copy(arg.mac_addr.addr, req->mac_addr);
6341 		ether_addr_copy(arg.mac_mask.addr, req->mac_addr_mask);
6342 	}
6343 
6344 	if (req->n_channels) {
6345 		arg.n_channels = req->n_channels;
6346 		for (i = 0; i < arg.n_channels; i++)
6347 			arg.channels[i] = req->channels[i]->center_freq;
6348 	}
6349 
6350 	/* if duration is set, default dwell times will be overwritten */
6351 	if (req->duration) {
6352 		arg.dwell_time_active = req->duration;
6353 		arg.dwell_time_passive = req->duration;
6354 		arg.burst_duration_ms = req->duration;
6355 
6356 		scan_timeout = min_t(u32, arg.max_rest_time *
6357 				(arg.n_channels - 1) + (req->duration +
6358 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6359 				arg.n_channels, arg.max_scan_time + 200);
6360 
6361 	} else {
6362 		/* Add a 200ms margin to account for event/command processing */
6363 		scan_timeout = arg.max_scan_time + 200;
6364 	}
6365 
6366 	ret = ath10k_start_scan(ar, &arg);
6367 	if (ret) {
6368 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6369 		spin_lock_bh(&ar->data_lock);
6370 		ar->scan.state = ATH10K_SCAN_IDLE;
6371 		spin_unlock_bh(&ar->data_lock);
6372 	}
6373 
6374 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6375 				     msecs_to_jiffies(scan_timeout));
6376 
6377 exit:
6378 	mutex_unlock(&ar->conf_mutex);
6379 	return ret;
6380 }
6381 
6382 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6383 				  struct ieee80211_vif *vif)
6384 {
6385 	struct ath10k *ar = hw->priv;
6386 
6387 	mutex_lock(&ar->conf_mutex);
6388 	ath10k_scan_abort(ar);
6389 	mutex_unlock(&ar->conf_mutex);
6390 
6391 	cancel_delayed_work_sync(&ar->scan.timeout);
6392 }
6393 
6394 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6395 					struct ath10k_vif *arvif,
6396 					enum set_key_cmd cmd,
6397 					struct ieee80211_key_conf *key)
6398 {
6399 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6400 	int ret;
6401 
6402 	/* 10.1 firmware branch requires default key index to be set to group
6403 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6404 	 * frames with multi-vif APs. This is not required for main firmware
6405 	 * branch (e.g. 636).
6406 	 *
6407 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6408 	 *
6409 	 * FIXME: It remains unknown if this is required for multi-vif STA
6410 	 * interfaces on 10.1.
6411 	 */
6412 
6413 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6414 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6415 		return;
6416 
6417 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6418 		return;
6419 
6420 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6421 		return;
6422 
6423 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6424 		return;
6425 
6426 	if (cmd != SET_KEY)
6427 		return;
6428 
6429 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6430 					key->keyidx);
6431 	if (ret)
6432 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6433 			    arvif->vdev_id, ret);
6434 }
6435 
6436 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6437 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6438 			  struct ieee80211_key_conf *key)
6439 {
6440 	struct ath10k *ar = hw->priv;
6441 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6442 	struct ath10k_sta *arsta;
6443 	struct ath10k_peer *peer;
6444 	const u8 *peer_addr;
6445 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6446 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6447 	int ret = 0;
6448 	int ret2;
6449 	u32 flags = 0;
6450 	u32 flags2;
6451 
6452 	/* this one needs to be done in software */
6453 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6454 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6455 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6456 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6457 		return 1;
6458 
6459 	if (arvif->nohwcrypt)
6460 		return 1;
6461 
6462 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6463 		return -ENOSPC;
6464 
6465 	mutex_lock(&ar->conf_mutex);
6466 
6467 	if (sta) {
6468 		arsta = (struct ath10k_sta *)sta->drv_priv;
6469 		peer_addr = sta->addr;
6470 		spin_lock_bh(&ar->data_lock);
6471 		arsta->ucast_cipher = key->cipher;
6472 		spin_unlock_bh(&ar->data_lock);
6473 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
6474 		peer_addr = vif->bss_conf.bssid;
6475 	} else {
6476 		peer_addr = vif->addr;
6477 	}
6478 
6479 	key->hw_key_idx = key->keyidx;
6480 
6481 	if (is_wep) {
6482 		if (cmd == SET_KEY)
6483 			arvif->wep_keys[key->keyidx] = key;
6484 		else
6485 			arvif->wep_keys[key->keyidx] = NULL;
6486 	}
6487 
6488 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6489 	 * we already hold conf_mutex. we just make sure its there now.
6490 	 */
6491 	spin_lock_bh(&ar->data_lock);
6492 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6493 	spin_unlock_bh(&ar->data_lock);
6494 
6495 	if (!peer) {
6496 		if (cmd == SET_KEY) {
6497 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6498 				    peer_addr);
6499 			ret = -EOPNOTSUPP;
6500 			goto exit;
6501 		} else {
6502 			/* if the peer doesn't exist there is no key to disable anymore */
6503 			goto exit;
6504 		}
6505 	}
6506 
6507 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6508 		flags |= WMI_KEY_PAIRWISE;
6509 	else
6510 		flags |= WMI_KEY_GROUP;
6511 
6512 	if (is_wep) {
6513 		if (cmd == DISABLE_KEY)
6514 			ath10k_clear_vdev_key(arvif, key);
6515 
6516 		/* When WEP keys are uploaded it's possible that there are
6517 		 * stations associated already (e.g. when merging) without any
6518 		 * keys. Static WEP needs an explicit per-peer key upload.
6519 		 */
6520 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6521 		    cmd == SET_KEY)
6522 			ath10k_mac_vif_update_wep_key(arvif, key);
6523 
6524 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6525 		 * call changes default tx key.
6526 		 *
6527 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6528 		 * after first set_key().
6529 		 */
6530 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6531 			flags |= WMI_KEY_TX_USAGE;
6532 	}
6533 
6534 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6535 	if (ret) {
6536 		WARN_ON(ret > 0);
6537 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6538 			    arvif->vdev_id, peer_addr, ret);
6539 		goto exit;
6540 	}
6541 
6542 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6543 	 * them to be installed twice as both pairwise and groupwise.
6544 	 */
6545 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6546 		flags2 = flags;
6547 		flags2 &= ~WMI_KEY_GROUP;
6548 		flags2 |= WMI_KEY_PAIRWISE;
6549 
6550 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6551 		if (ret) {
6552 			WARN_ON(ret > 0);
6553 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6554 				    arvif->vdev_id, peer_addr, ret);
6555 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6556 						  peer_addr, flags);
6557 			if (ret2) {
6558 				WARN_ON(ret2 > 0);
6559 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6560 					    arvif->vdev_id, peer_addr, ret2);
6561 			}
6562 			goto exit;
6563 		}
6564 	}
6565 
6566 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6567 
6568 	spin_lock_bh(&ar->data_lock);
6569 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6570 	if (peer && cmd == SET_KEY)
6571 		peer->keys[key->keyidx] = key;
6572 	else if (peer && cmd == DISABLE_KEY)
6573 		peer->keys[key->keyidx] = NULL;
6574 	else if (peer == NULL)
6575 		/* impossible unless FW goes crazy */
6576 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6577 	spin_unlock_bh(&ar->data_lock);
6578 
6579 	if (sta && sta->tdls)
6580 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6581 					  ar->wmi.peer_param->authorize, 1);
6582 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6583 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6584 					  ar->wmi.peer_param->authorize, 1);
6585 
6586 exit:
6587 	mutex_unlock(&ar->conf_mutex);
6588 	return ret;
6589 }
6590 
6591 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6592 					   struct ieee80211_vif *vif,
6593 					   int keyidx)
6594 {
6595 	struct ath10k *ar = hw->priv;
6596 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6597 	int ret;
6598 
6599 	mutex_lock(&arvif->ar->conf_mutex);
6600 
6601 	if (arvif->ar->state != ATH10K_STATE_ON)
6602 		goto unlock;
6603 
6604 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6605 		   arvif->vdev_id, keyidx);
6606 
6607 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6608 					arvif->vdev_id,
6609 					arvif->ar->wmi.vdev_param->def_keyid,
6610 					keyidx);
6611 
6612 	if (ret) {
6613 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6614 			    arvif->vdev_id,
6615 			    ret);
6616 		goto unlock;
6617 	}
6618 
6619 	arvif->def_wep_key_idx = keyidx;
6620 
6621 unlock:
6622 	mutex_unlock(&arvif->ar->conf_mutex);
6623 }
6624 
6625 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6626 {
6627 	struct ath10k *ar;
6628 	struct ath10k_vif *arvif;
6629 	struct ath10k_sta *arsta;
6630 	struct ieee80211_sta *sta;
6631 	struct cfg80211_chan_def def;
6632 	enum nl80211_band band;
6633 	const u8 *ht_mcs_mask;
6634 	const u16 *vht_mcs_mask;
6635 	u32 changed, bw, nss, smps;
6636 	int err;
6637 
6638 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6639 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6640 	arvif = arsta->arvif;
6641 	ar = arvif->ar;
6642 
6643 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6644 		return;
6645 
6646 	band = def.chan->band;
6647 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6648 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6649 
6650 	spin_lock_bh(&ar->data_lock);
6651 
6652 	changed = arsta->changed;
6653 	arsta->changed = 0;
6654 
6655 	bw = arsta->bw;
6656 	nss = arsta->nss;
6657 	smps = arsta->smps;
6658 
6659 	spin_unlock_bh(&ar->data_lock);
6660 
6661 	mutex_lock(&ar->conf_mutex);
6662 
6663 	nss = max_t(u32, 1, nss);
6664 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6665 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6666 
6667 	if (changed & IEEE80211_RC_BW_CHANGED) {
6668 		enum wmi_phy_mode mode;
6669 
6670 		mode = chan_to_phymode(&def);
6671 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM peer bw %d phymode %d\n",
6672 			   sta->addr, bw, mode);
6673 
6674 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6675 						ar->wmi.peer_param->phymode, mode);
6676 		if (err) {
6677 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6678 				    sta->addr, mode, err);
6679 			goto exit;
6680 		}
6681 
6682 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6683 						ar->wmi.peer_param->chan_width, bw);
6684 		if (err)
6685 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6686 				    sta->addr, bw, err);
6687 	}
6688 
6689 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6690 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM nss %d\n",
6691 			   sta->addr, nss);
6692 
6693 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6694 						ar->wmi.peer_param->nss, nss);
6695 		if (err)
6696 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6697 				    sta->addr, nss, err);
6698 	}
6699 
6700 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6701 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM smps %d\n",
6702 			   sta->addr, smps);
6703 
6704 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6705 						ar->wmi.peer_param->smps_state, smps);
6706 		if (err)
6707 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6708 				    sta->addr, smps, err);
6709 	}
6710 
6711 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6712 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM supp rates\n",
6713 			   sta->addr);
6714 
6715 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6716 		if (err)
6717 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6718 				    sta->addr);
6719 	}
6720 
6721 exit:
6722 	mutex_unlock(&ar->conf_mutex);
6723 }
6724 
6725 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6726 				       struct ieee80211_sta *sta)
6727 {
6728 	struct ath10k *ar = arvif->ar;
6729 
6730 	lockdep_assert_held(&ar->conf_mutex);
6731 
6732 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6733 		return 0;
6734 
6735 	if (ar->num_stations >= ar->max_num_stations)
6736 		return -ENOBUFS;
6737 
6738 	ar->num_stations++;
6739 
6740 	return 0;
6741 }
6742 
6743 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6744 					struct ieee80211_sta *sta)
6745 {
6746 	struct ath10k *ar = arvif->ar;
6747 
6748 	lockdep_assert_held(&ar->conf_mutex);
6749 
6750 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6751 		return;
6752 
6753 	ar->num_stations--;
6754 }
6755 
6756 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6757 				struct ieee80211_vif *vif,
6758 				struct ieee80211_sta *sta)
6759 {
6760 	struct ath10k *ar = hw->priv;
6761 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6762 	int ret = 0;
6763 	s16 txpwr;
6764 
6765 	if (sta->txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6766 		txpwr = 0;
6767 	} else {
6768 		txpwr = sta->txpwr.power;
6769 		if (!txpwr)
6770 			return -EINVAL;
6771 	}
6772 
6773 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6774 		return -EINVAL;
6775 
6776 	mutex_lock(&ar->conf_mutex);
6777 
6778 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6779 					ar->wmi.peer_param->use_fixed_power, txpwr);
6780 	if (ret) {
6781 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6782 			    ret);
6783 		goto out;
6784 	}
6785 
6786 out:
6787 	mutex_unlock(&ar->conf_mutex);
6788 	return ret;
6789 }
6790 
6791 struct ath10k_mac_iter_tid_conf_data {
6792 	struct ieee80211_vif *curr_vif;
6793 	struct ath10k *ar;
6794 	bool reset_config;
6795 };
6796 
6797 static bool
6798 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6799 					enum nl80211_band band,
6800 					const struct cfg80211_bitrate_mask *mask,
6801 					int *vht_num_rates)
6802 {
6803 	int num_rates = 0;
6804 	int i, tmp;
6805 
6806 	num_rates += hweight32(mask->control[band].legacy);
6807 
6808 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6809 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6810 
6811 	*vht_num_rates = 0;
6812 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6813 		tmp = hweight16(mask->control[band].vht_mcs[i]);
6814 		num_rates += tmp;
6815 		*vht_num_rates += tmp;
6816 	}
6817 
6818 	return num_rates == 1;
6819 }
6820 
6821 static int
6822 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6823 					enum nl80211_band band,
6824 					const struct cfg80211_bitrate_mask *mask,
6825 					u8 *rate, u8 *nss, bool vht_only)
6826 {
6827 	int rate_idx;
6828 	int i;
6829 	u16 bitrate;
6830 	u8 preamble;
6831 	u8 hw_rate;
6832 
6833 	if (vht_only)
6834 		goto next;
6835 
6836 	if (hweight32(mask->control[band].legacy) == 1) {
6837 		rate_idx = ffs(mask->control[band].legacy) - 1;
6838 
6839 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6840 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6841 
6842 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
6843 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
6844 
6845 		if (ath10k_mac_bitrate_is_cck(bitrate))
6846 			preamble = WMI_RATE_PREAMBLE_CCK;
6847 		else
6848 			preamble = WMI_RATE_PREAMBLE_OFDM;
6849 
6850 		*nss = 1;
6851 		*rate = preamble << 6 |
6852 			(*nss - 1) << 4 |
6853 			hw_rate << 0;
6854 
6855 		return 0;
6856 	}
6857 
6858 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6859 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6860 			*nss = i + 1;
6861 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6862 				(*nss - 1) << 4 |
6863 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6864 
6865 			return 0;
6866 		}
6867 	}
6868 
6869 next:
6870 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6871 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6872 			*nss = i + 1;
6873 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6874 				(*nss - 1) << 4 |
6875 				(ffs(mask->control[band].vht_mcs[i]) - 1);
6876 
6877 			return 0;
6878 		}
6879 	}
6880 
6881 	return -EINVAL;
6882 }
6883 
6884 static int ath10k_mac_validate_rate_mask(struct ath10k *ar,
6885 					 struct ieee80211_sta *sta,
6886 					 u32 rate_ctrl_flag, u8 nss)
6887 {
6888 	if (nss > sta->rx_nss) {
6889 		ath10k_warn(ar, "Invalid nss field, configured %u limit %u\n",
6890 			    nss, sta->rx_nss);
6891 		return -EINVAL;
6892 	}
6893 
6894 	if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_VHT) {
6895 		if (!sta->vht_cap.vht_supported) {
6896 			ath10k_warn(ar, "Invalid VHT rate for sta %pM\n",
6897 				    sta->addr);
6898 			return -EINVAL;
6899 		}
6900 	} else if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_HT) {
6901 		if (!sta->ht_cap.ht_supported || sta->vht_cap.vht_supported) {
6902 			ath10k_warn(ar, "Invalid HT rate for sta %pM\n",
6903 				    sta->addr);
6904 			return -EINVAL;
6905 		}
6906 	} else {
6907 		if (sta->ht_cap.ht_supported || sta->vht_cap.vht_supported)
6908 			return -EINVAL;
6909 	}
6910 
6911 	return 0;
6912 }
6913 
6914 static int
6915 ath10k_mac_tid_bitrate_config(struct ath10k *ar,
6916 			      struct ieee80211_vif *vif,
6917 			      struct ieee80211_sta *sta,
6918 			      u32 *rate_ctrl_flag, u8 *rate_ctrl,
6919 			      enum nl80211_tx_rate_setting txrate_type,
6920 			      const struct cfg80211_bitrate_mask *mask)
6921 {
6922 	struct cfg80211_chan_def def;
6923 	enum nl80211_band band;
6924 	u8 nss, rate;
6925 	int vht_num_rates, ret;
6926 
6927 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
6928 		return -EINVAL;
6929 
6930 	if (txrate_type == NL80211_TX_RATE_AUTOMATIC) {
6931 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
6932 		*rate_ctrl_flag = 0;
6933 		return 0;
6934 	}
6935 
6936 	band = def.chan->band;
6937 
6938 	if (!ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
6939 						     &vht_num_rates)) {
6940 		return -EINVAL;
6941 	}
6942 
6943 	ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
6944 						      &rate, &nss, false);
6945 	if (ret) {
6946 		ath10k_warn(ar, "failed to get single rate: %d\n",
6947 			    ret);
6948 		return ret;
6949 	}
6950 
6951 	*rate_ctrl_flag = rate;
6952 
6953 	if (sta && ath10k_mac_validate_rate_mask(ar, sta, *rate_ctrl_flag, nss))
6954 		return -EINVAL;
6955 
6956 	if (txrate_type == NL80211_TX_RATE_FIXED)
6957 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_FIXED_RATE;
6958 	else if (txrate_type == NL80211_TX_RATE_LIMITED &&
6959 		 (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
6960 			   ar->wmi.svc_map)))
6961 		*rate_ctrl = WMI_PEER_TID_CONFIG_RATE_UPPER_CAP;
6962 	else
6963 		return -EOPNOTSUPP;
6964 
6965 	return 0;
6966 }
6967 
6968 static int ath10k_mac_set_tid_config(struct ath10k *ar, struct ieee80211_sta *sta,
6969 				     struct ieee80211_vif *vif, u32 changed,
6970 				     struct wmi_per_peer_per_tid_cfg_arg *arg)
6971 {
6972 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6973 	struct ath10k_sta *arsta;
6974 	int ret;
6975 
6976 	if (sta) {
6977 		if (!sta->wme)
6978 			return -ENOTSUPP;
6979 
6980 		arsta = (struct ath10k_sta *)sta->drv_priv;
6981 
6982 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
6983 			if ((arsta->retry_long[arg->tid] > 0 ||
6984 			     arsta->rate_code[arg->tid] > 0 ||
6985 			     arsta->ampdu[arg->tid] ==
6986 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
6987 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
6988 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
6989 				arg->ack_policy = 0;
6990 				arg->aggr_control = 0;
6991 				arg->rate_ctrl = 0;
6992 				arg->rcode_flags = 0;
6993 			}
6994 		}
6995 
6996 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
6997 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
6998 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
6999 				arg->aggr_control = 0;
7000 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7001 			}
7002 		}
7003 
7004 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7005 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7006 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7007 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7008 				arg->rate_ctrl = 0;
7009 				arg->rcode_flags = 0;
7010 			}
7011 		}
7012 
7013 		ether_addr_copy(arg->peer_macaddr.addr, sta->addr);
7014 
7015 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, arg);
7016 		if (ret)
7017 			return ret;
7018 
7019 		/* Store the configured parameters in success case */
7020 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7021 			arsta->noack[arg->tid] = arg->ack_policy;
7022 			arg->ack_policy = 0;
7023 			arg->aggr_control = 0;
7024 			arg->rate_ctrl = 0;
7025 			arg->rcode_flags = 0;
7026 		}
7027 
7028 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7029 			arsta->retry_long[arg->tid] = arg->retry_count;
7030 			arg->retry_count = 0;
7031 		}
7032 
7033 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7034 			arsta->ampdu[arg->tid] = arg->aggr_control;
7035 			arg->aggr_control = 0;
7036 		}
7037 
7038 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7039 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7040 			arsta->rate_ctrl[arg->tid] = arg->rate_ctrl;
7041 			arg->rate_ctrl = 0;
7042 			arg->rcode_flags = 0;
7043 		}
7044 
7045 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7046 			arsta->rtscts[arg->tid] = arg->rtscts_ctrl;
7047 			arg->ext_tid_cfg_bitmap = 0;
7048 		}
7049 	} else {
7050 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7051 			if ((arvif->retry_long[arg->tid] ||
7052 			     arvif->rate_code[arg->tid] ||
7053 			     arvif->ampdu[arg->tid] ==
7054 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7055 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7056 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7057 			} else {
7058 				arvif->noack[arg->tid] = arg->ack_policy;
7059 				arvif->ampdu[arg->tid] = arg->aggr_control;
7060 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7061 			}
7062 		}
7063 
7064 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7065 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7066 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7067 			else
7068 				arvif->retry_long[arg->tid] = arg->retry_count;
7069 		}
7070 
7071 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7072 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7073 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
7074 			else
7075 				arvif->ampdu[arg->tid] = arg->aggr_control;
7076 		}
7077 
7078 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7079 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7080 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7081 				changed &= ~(BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7082 					     BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE));
7083 			} else {
7084 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7085 				arvif->rate_code[arg->tid] = arg->rcode_flags;
7086 			}
7087 		}
7088 
7089 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7090 			arvif->rtscts[arg->tid] = arg->rtscts_ctrl;
7091 			arg->ext_tid_cfg_bitmap = 0;
7092 		}
7093 
7094 		if (changed)
7095 			arvif->tid_conf_changed[arg->tid] |= changed;
7096 	}
7097 
7098 	return 0;
7099 }
7100 
7101 static int
7102 ath10k_mac_parse_tid_config(struct ath10k *ar,
7103 			    struct ieee80211_sta *sta,
7104 			    struct ieee80211_vif *vif,
7105 			    struct cfg80211_tid_cfg *tid_conf,
7106 			    struct wmi_per_peer_per_tid_cfg_arg *arg)
7107 {
7108 	u32 changed = tid_conf->mask;
7109 	int ret = 0, i = 0;
7110 
7111 	if (!changed)
7112 		return -EINVAL;
7113 
7114 	while (i < ATH10K_TID_MAX) {
7115 		if (!(tid_conf->tids & BIT(i))) {
7116 			i++;
7117 			continue;
7118 		}
7119 
7120 		arg->tid = i;
7121 
7122 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7123 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE) {
7124 				arg->ack_policy = WMI_PEER_TID_CONFIG_NOACK;
7125 				arg->rate_ctrl =
7126 				WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
7127 				arg->aggr_control =
7128 					WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7129 			} else {
7130 				arg->ack_policy =
7131 					WMI_PEER_TID_CONFIG_ACK;
7132 				arg->rate_ctrl =
7133 					WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7134 				arg->aggr_control =
7135 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7136 			}
7137 		}
7138 
7139 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG))
7140 			arg->retry_count = tid_conf->retry_long;
7141 
7142 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7143 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE)
7144 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7145 			else
7146 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7147 		}
7148 
7149 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7150 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7151 			ret = ath10k_mac_tid_bitrate_config(ar, vif, sta,
7152 							    &arg->rcode_flags,
7153 							    &arg->rate_ctrl,
7154 							    tid_conf->txrate_type,
7155 							&tid_conf->txrate_mask);
7156 			if (ret) {
7157 				ath10k_warn(ar, "failed to configure bitrate mask %d\n",
7158 					    ret);
7159 				arg->rcode_flags = 0;
7160 				arg->rate_ctrl = 0;
7161 			}
7162 		}
7163 
7164 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7165 			if (tid_conf->rtscts)
7166 				arg->rtscts_ctrl = tid_conf->rtscts;
7167 
7168 			arg->ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7169 		}
7170 
7171 		ret = ath10k_mac_set_tid_config(ar, sta, vif, changed, arg);
7172 		if (ret)
7173 			return ret;
7174 		i++;
7175 	}
7176 
7177 	return ret;
7178 }
7179 
7180 static int ath10k_mac_reset_tid_config(struct ath10k *ar,
7181 				       struct ieee80211_sta *sta,
7182 				       struct ath10k_vif *arvif,
7183 				       u8 tids)
7184 {
7185 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7186 	struct wmi_per_peer_per_tid_cfg_arg arg;
7187 	int ret = 0, i = 0;
7188 
7189 	arg.vdev_id = arvif->vdev_id;
7190 	while (i < ATH10K_TID_MAX) {
7191 		if (!(tids & BIT(i))) {
7192 			i++;
7193 			continue;
7194 		}
7195 
7196 		arg.tid = i;
7197 		arg.ack_policy = WMI_PEER_TID_CONFIG_ACK;
7198 		arg.retry_count = ATH10K_MAX_RETRY_COUNT;
7199 		arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7200 		arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7201 		arg.rtscts_ctrl = WMI_TID_CONFIG_RTSCTS_CONTROL_ENABLE;
7202 		arg.ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7203 
7204 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7205 
7206 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7207 		if (ret)
7208 			return ret;
7209 
7210 		if (!arvif->tids_rst) {
7211 			arsta->retry_long[i] = -1;
7212 			arsta->noack[i] = -1;
7213 			arsta->ampdu[i] = -1;
7214 			arsta->rate_code[i] = -1;
7215 			arsta->rate_ctrl[i] = 0;
7216 			arsta->rtscts[i] = -1;
7217 		} else {
7218 			arvif->retry_long[i] = 0;
7219 			arvif->noack[i] = 0;
7220 			arvif->ampdu[i] = 0;
7221 			arvif->rate_code[i] = 0;
7222 			arvif->rate_ctrl[i] = 0;
7223 			arvif->rtscts[i] = 0;
7224 		}
7225 
7226 		i++;
7227 	}
7228 
7229 	return ret;
7230 }
7231 
7232 static void ath10k_sta_tid_cfg_wk(struct work_struct *wk)
7233 {
7234 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
7235 	struct ieee80211_sta *sta;
7236 	struct ath10k_sta *arsta;
7237 	struct ath10k_vif *arvif;
7238 	struct ath10k *ar;
7239 	bool config_apply;
7240 	int ret, i;
7241 	u32 changed;
7242 	u8 nss;
7243 
7244 	arsta = container_of(wk, struct ath10k_sta, tid_config_wk);
7245 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
7246 	arvif = arsta->arvif;
7247 	ar = arvif->ar;
7248 
7249 	mutex_lock(&ar->conf_mutex);
7250 
7251 	if (arvif->tids_rst) {
7252 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif,
7253 						  arvif->tids_rst);
7254 		goto exit;
7255 	}
7256 
7257 	ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7258 
7259 	for (i = 0; i < ATH10K_TID_MAX; i++) {
7260 		config_apply = false;
7261 		changed = arvif->tid_conf_changed[i];
7262 
7263 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7264 			if (arsta->noack[i] != -1) {
7265 				arg.ack_policy  = 0;
7266 			} else {
7267 				config_apply = true;
7268 				arg.ack_policy = arvif->noack[i];
7269 				arg.aggr_control = arvif->ampdu[i];
7270 				arg.rate_ctrl = arvif->rate_ctrl[i];
7271 			}
7272 		}
7273 
7274 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7275 			if (arsta->retry_long[i] != -1 ||
7276 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7277 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7278 				arg.retry_count = 0;
7279 			} else {
7280 				arg.retry_count = arvif->retry_long[i];
7281 				config_apply = true;
7282 			}
7283 		}
7284 
7285 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7286 			if (arsta->ampdu[i] != -1 ||
7287 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7288 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7289 				arg.aggr_control = 0;
7290 			} else {
7291 				arg.aggr_control = arvif->ampdu[i];
7292 				config_apply = true;
7293 			}
7294 		}
7295 
7296 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7297 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7298 			nss = ATH10K_HW_NSS(arvif->rate_code[i]);
7299 			ret = ath10k_mac_validate_rate_mask(ar, sta,
7300 							    arvif->rate_code[i],
7301 							    nss);
7302 			if (ret &&
7303 			    arvif->rate_ctrl[i] > WMI_TID_CONFIG_RATE_CONTROL_AUTO) {
7304 				arg.rate_ctrl = 0;
7305 				arg.rcode_flags = 0;
7306 			}
7307 
7308 			if (arsta->rate_ctrl[i] >
7309 			    WMI_TID_CONFIG_RATE_CONTROL_AUTO ||
7310 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7311 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7312 				arg.rate_ctrl = 0;
7313 				arg.rcode_flags = 0;
7314 			} else {
7315 				arg.rate_ctrl = arvif->rate_ctrl[i];
7316 				arg.rcode_flags = arvif->rate_code[i];
7317 				config_apply = true;
7318 			}
7319 		}
7320 
7321 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7322 			if (arsta->rtscts[i]) {
7323 				arg.rtscts_ctrl = 0;
7324 				arg.ext_tid_cfg_bitmap = 0;
7325 			} else {
7326 				arg.rtscts_ctrl = arvif->rtscts[i] - 1;
7327 				arg.ext_tid_cfg_bitmap =
7328 					WMI_EXT_TID_RTS_CTS_CONFIG;
7329 				config_apply = true;
7330 			}
7331 		}
7332 
7333 		arg.tid = i;
7334 
7335 		if (config_apply) {
7336 			ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7337 			if (ret)
7338 				ath10k_warn(ar, "failed to set per tid config for sta %pM: %d\n",
7339 					    sta->addr, ret);
7340 		}
7341 
7342 		arg.ack_policy  = 0;
7343 		arg.retry_count  = 0;
7344 		arg.aggr_control  = 0;
7345 		arg.rate_ctrl = 0;
7346 		arg.rcode_flags = 0;
7347 	}
7348 
7349 exit:
7350 	mutex_unlock(&ar->conf_mutex);
7351 }
7352 
7353 static void ath10k_mac_vif_stations_tid_conf(void *data,
7354 					     struct ieee80211_sta *sta)
7355 {
7356 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7357 	struct ath10k_mac_iter_tid_conf_data *iter_data = data;
7358 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
7359 
7360 	if (sta_vif != iter_data->curr_vif || !sta->wme)
7361 		return;
7362 
7363 	ieee80211_queue_work(iter_data->ar->hw, &arsta->tid_config_wk);
7364 }
7365 
7366 static int ath10k_sta_state(struct ieee80211_hw *hw,
7367 			    struct ieee80211_vif *vif,
7368 			    struct ieee80211_sta *sta,
7369 			    enum ieee80211_sta_state old_state,
7370 			    enum ieee80211_sta_state new_state)
7371 {
7372 	struct ath10k *ar = hw->priv;
7373 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7374 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7375 	struct ath10k_peer *peer;
7376 	int ret = 0;
7377 	int i;
7378 
7379 	if (old_state == IEEE80211_STA_NOTEXIST &&
7380 	    new_state == IEEE80211_STA_NONE) {
7381 		memset(arsta, 0, sizeof(*arsta));
7382 		arsta->arvif = arvif;
7383 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
7384 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
7385 		INIT_WORK(&arsta->tid_config_wk, ath10k_sta_tid_cfg_wk);
7386 
7387 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7388 			ath10k_mac_txq_init(sta->txq[i]);
7389 	}
7390 
7391 	/* cancel must be done outside the mutex to avoid deadlock */
7392 	if ((old_state == IEEE80211_STA_NONE &&
7393 	     new_state == IEEE80211_STA_NOTEXIST)) {
7394 		cancel_work_sync(&arsta->update_wk);
7395 		cancel_work_sync(&arsta->tid_config_wk);
7396 	}
7397 
7398 	mutex_lock(&ar->conf_mutex);
7399 
7400 	if (old_state == IEEE80211_STA_NOTEXIST &&
7401 	    new_state == IEEE80211_STA_NONE) {
7402 		/*
7403 		 * New station addition.
7404 		 */
7405 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
7406 		u32 num_tdls_stations;
7407 
7408 		ath10k_dbg(ar, ATH10K_DBG_STA,
7409 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
7410 			   arvif->vdev_id, sta->addr,
7411 			   ar->num_stations + 1, ar->max_num_stations,
7412 			   ar->num_peers + 1, ar->max_num_peers);
7413 
7414 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
7415 
7416 		if (sta->tdls) {
7417 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
7418 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
7419 					    arvif->vdev_id,
7420 					    ar->max_num_tdls_vdevs);
7421 				ret = -ELNRNG;
7422 				goto exit;
7423 			}
7424 			peer_type = WMI_PEER_TYPE_TDLS;
7425 		}
7426 
7427 		ret = ath10k_mac_inc_num_stations(arvif, sta);
7428 		if (ret) {
7429 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
7430 				    ar->max_num_stations);
7431 			goto exit;
7432 		}
7433 
7434 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7435 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
7436 						  GFP_KERNEL);
7437 			if (!arsta->tx_stats) {
7438 				ath10k_mac_dec_num_stations(arvif, sta);
7439 				ret = -ENOMEM;
7440 				goto exit;
7441 			}
7442 		}
7443 
7444 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
7445 					 sta->addr, peer_type);
7446 		if (ret) {
7447 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
7448 				    sta->addr, arvif->vdev_id, ret);
7449 			ath10k_mac_dec_num_stations(arvif, sta);
7450 			kfree(arsta->tx_stats);
7451 			goto exit;
7452 		}
7453 
7454 		spin_lock_bh(&ar->data_lock);
7455 
7456 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7457 		if (!peer) {
7458 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
7459 				    vif->addr, arvif->vdev_id);
7460 			spin_unlock_bh(&ar->data_lock);
7461 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7462 			ath10k_mac_dec_num_stations(arvif, sta);
7463 			kfree(arsta->tx_stats);
7464 			ret = -ENOENT;
7465 			goto exit;
7466 		}
7467 
7468 		arsta->peer_id = find_first_bit(peer->peer_ids,
7469 						ATH10K_MAX_NUM_PEER_IDS);
7470 
7471 		spin_unlock_bh(&ar->data_lock);
7472 
7473 		if (!sta->tdls)
7474 			goto exit;
7475 
7476 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7477 						      WMI_TDLS_ENABLE_ACTIVE);
7478 		if (ret) {
7479 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7480 				    arvif->vdev_id, ret);
7481 			ath10k_peer_delete(ar, arvif->vdev_id,
7482 					   sta->addr);
7483 			ath10k_mac_dec_num_stations(arvif, sta);
7484 			kfree(arsta->tx_stats);
7485 			goto exit;
7486 		}
7487 
7488 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7489 						  WMI_TDLS_PEER_STATE_PEERING);
7490 		if (ret) {
7491 			ath10k_warn(ar,
7492 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
7493 				    sta->addr, arvif->vdev_id, ret);
7494 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7495 			ath10k_mac_dec_num_stations(arvif, sta);
7496 			kfree(arsta->tx_stats);
7497 
7498 			if (num_tdls_stations != 0)
7499 				goto exit;
7500 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7501 							WMI_TDLS_DISABLE);
7502 		}
7503 	} else if ((old_state == IEEE80211_STA_NONE &&
7504 		    new_state == IEEE80211_STA_NOTEXIST)) {
7505 		/*
7506 		 * Existing station deletion.
7507 		 */
7508 		ath10k_dbg(ar, ATH10K_DBG_STA,
7509 			   "mac vdev %d peer delete %pM sta %pK (sta gone)\n",
7510 			   arvif->vdev_id, sta->addr, sta);
7511 
7512 		if (sta->tdls) {
7513 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
7514 							  sta,
7515 							  WMI_TDLS_PEER_STATE_TEARDOWN);
7516 			if (ret)
7517 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
7518 					    sta->addr,
7519 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
7520 		}
7521 
7522 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7523 		if (ret)
7524 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
7525 				    sta->addr, arvif->vdev_id, ret);
7526 
7527 		ath10k_mac_dec_num_stations(arvif, sta);
7528 
7529 		spin_lock_bh(&ar->data_lock);
7530 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
7531 			peer = ar->peer_map[i];
7532 			if (!peer)
7533 				continue;
7534 
7535 			if (peer->sta == sta) {
7536 				ath10k_warn(ar, "found sta peer %pM (ptr %pK id %d) entry on vdev %i after it was supposedly removed\n",
7537 					    sta->addr, peer, i, arvif->vdev_id);
7538 				peer->sta = NULL;
7539 
7540 				/* Clean up the peer object as well since we
7541 				 * must have failed to do this above.
7542 				 */
7543 				list_del(&peer->list);
7544 				ar->peer_map[i] = NULL;
7545 				kfree(peer);
7546 				ar->num_peers--;
7547 			}
7548 		}
7549 		spin_unlock_bh(&ar->data_lock);
7550 
7551 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7552 			kfree(arsta->tx_stats);
7553 			arsta->tx_stats = NULL;
7554 		}
7555 
7556 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7557 			ath10k_mac_txq_unref(ar, sta->txq[i]);
7558 
7559 		if (!sta->tdls)
7560 			goto exit;
7561 
7562 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
7563 			goto exit;
7564 
7565 		/* This was the last tdls peer in current vif */
7566 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7567 						      WMI_TDLS_DISABLE);
7568 		if (ret) {
7569 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7570 				    arvif->vdev_id, ret);
7571 		}
7572 	} else if (old_state == IEEE80211_STA_AUTH &&
7573 		   new_state == IEEE80211_STA_ASSOC &&
7574 		   (vif->type == NL80211_IFTYPE_AP ||
7575 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
7576 		    vif->type == NL80211_IFTYPE_ADHOC)) {
7577 		/*
7578 		 * New association.
7579 		 */
7580 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM associated\n",
7581 			   sta->addr);
7582 
7583 		ret = ath10k_station_assoc(ar, vif, sta, false);
7584 		if (ret)
7585 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
7586 				    sta->addr, arvif->vdev_id, ret);
7587 	} else if (old_state == IEEE80211_STA_ASSOC &&
7588 		   new_state == IEEE80211_STA_AUTHORIZED &&
7589 		   sta->tdls) {
7590 		/*
7591 		 * Tdls station authorized.
7592 		 */
7593 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac tdls sta %pM authorized\n",
7594 			   sta->addr);
7595 
7596 		ret = ath10k_station_assoc(ar, vif, sta, false);
7597 		if (ret) {
7598 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
7599 				    sta->addr, arvif->vdev_id, ret);
7600 			goto exit;
7601 		}
7602 
7603 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7604 						  WMI_TDLS_PEER_STATE_CONNECTED);
7605 		if (ret)
7606 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
7607 				    sta->addr, arvif->vdev_id, ret);
7608 	} else if (old_state == IEEE80211_STA_ASSOC &&
7609 		    new_state == IEEE80211_STA_AUTH &&
7610 		    (vif->type == NL80211_IFTYPE_AP ||
7611 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
7612 		     vif->type == NL80211_IFTYPE_ADHOC)) {
7613 		/*
7614 		 * Disassociation.
7615 		 */
7616 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM disassociated\n",
7617 			   sta->addr);
7618 
7619 		ret = ath10k_station_disassoc(ar, vif, sta);
7620 		if (ret)
7621 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
7622 				    sta->addr, arvif->vdev_id, ret);
7623 	}
7624 exit:
7625 	mutex_unlock(&ar->conf_mutex);
7626 	return ret;
7627 }
7628 
7629 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
7630 				u16 ac, bool enable)
7631 {
7632 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7633 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
7634 	u32 prio = 0, acc = 0;
7635 	u32 value = 0;
7636 	int ret = 0;
7637 
7638 	lockdep_assert_held(&ar->conf_mutex);
7639 
7640 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
7641 		return 0;
7642 
7643 	switch (ac) {
7644 	case IEEE80211_AC_VO:
7645 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
7646 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
7647 		prio = 7;
7648 		acc = 3;
7649 		break;
7650 	case IEEE80211_AC_VI:
7651 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
7652 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
7653 		prio = 5;
7654 		acc = 2;
7655 		break;
7656 	case IEEE80211_AC_BE:
7657 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
7658 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
7659 		prio = 2;
7660 		acc = 1;
7661 		break;
7662 	case IEEE80211_AC_BK:
7663 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
7664 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
7665 		prio = 0;
7666 		acc = 0;
7667 		break;
7668 	}
7669 
7670 	if (enable)
7671 		arvif->u.sta.uapsd |= value;
7672 	else
7673 		arvif->u.sta.uapsd &= ~value;
7674 
7675 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7676 					  WMI_STA_PS_PARAM_UAPSD,
7677 					  arvif->u.sta.uapsd);
7678 	if (ret) {
7679 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
7680 		goto exit;
7681 	}
7682 
7683 	if (arvif->u.sta.uapsd)
7684 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
7685 	else
7686 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
7687 
7688 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7689 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
7690 					  value);
7691 	if (ret)
7692 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
7693 
7694 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
7695 	if (ret) {
7696 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
7697 			    arvif->vdev_id, ret);
7698 		return ret;
7699 	}
7700 
7701 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
7702 	if (ret) {
7703 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
7704 			    arvif->vdev_id, ret);
7705 		return ret;
7706 	}
7707 
7708 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
7709 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
7710 		/* Only userspace can make an educated decision when to send
7711 		 * trigger frame. The following effectively disables u-UAPSD
7712 		 * autotrigger in firmware (which is enabled by default
7713 		 * provided the autotrigger service is available).
7714 		 */
7715 
7716 		arg.wmm_ac = acc;
7717 		arg.user_priority = prio;
7718 		arg.service_interval = 0;
7719 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7720 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7721 
7722 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
7723 						arvif->bssid, &arg, 1);
7724 		if (ret) {
7725 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
7726 				    ret);
7727 			return ret;
7728 		}
7729 	}
7730 
7731 exit:
7732 	return ret;
7733 }
7734 
7735 static int ath10k_conf_tx(struct ieee80211_hw *hw,
7736 			  struct ieee80211_vif *vif, u16 ac,
7737 			  const struct ieee80211_tx_queue_params *params)
7738 {
7739 	struct ath10k *ar = hw->priv;
7740 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7741 	struct wmi_wmm_params_arg *p = NULL;
7742 	int ret;
7743 
7744 	mutex_lock(&ar->conf_mutex);
7745 
7746 	switch (ac) {
7747 	case IEEE80211_AC_VO:
7748 		p = &arvif->wmm_params.ac_vo;
7749 		break;
7750 	case IEEE80211_AC_VI:
7751 		p = &arvif->wmm_params.ac_vi;
7752 		break;
7753 	case IEEE80211_AC_BE:
7754 		p = &arvif->wmm_params.ac_be;
7755 		break;
7756 	case IEEE80211_AC_BK:
7757 		p = &arvif->wmm_params.ac_bk;
7758 		break;
7759 	}
7760 
7761 	if (WARN_ON(!p)) {
7762 		ret = -EINVAL;
7763 		goto exit;
7764 	}
7765 
7766 	p->cwmin = params->cw_min;
7767 	p->cwmax = params->cw_max;
7768 	p->aifs = params->aifs;
7769 
7770 	/*
7771 	 * The channel time duration programmed in the HW is in absolute
7772 	 * microseconds, while mac80211 gives the txop in units of
7773 	 * 32 microseconds.
7774 	 */
7775 	p->txop = params->txop * 32;
7776 
7777 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
7778 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
7779 					       &arvif->wmm_params);
7780 		if (ret) {
7781 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
7782 				    arvif->vdev_id, ret);
7783 			goto exit;
7784 		}
7785 	} else {
7786 		/* This won't work well with multi-interface cases but it's
7787 		 * better than nothing.
7788 		 */
7789 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
7790 		if (ret) {
7791 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
7792 			goto exit;
7793 		}
7794 	}
7795 
7796 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
7797 	if (ret)
7798 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
7799 
7800 exit:
7801 	mutex_unlock(&ar->conf_mutex);
7802 	return ret;
7803 }
7804 
7805 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
7806 				    struct ieee80211_vif *vif,
7807 				    struct ieee80211_channel *chan,
7808 				    int duration,
7809 				    enum ieee80211_roc_type type)
7810 {
7811 	struct ath10k *ar = hw->priv;
7812 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7813 	struct wmi_start_scan_arg arg;
7814 	int ret = 0;
7815 	u32 scan_time_msec;
7816 
7817 	mutex_lock(&ar->conf_mutex);
7818 
7819 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
7820 		ret = -EBUSY;
7821 		goto exit;
7822 	}
7823 
7824 	spin_lock_bh(&ar->data_lock);
7825 	switch (ar->scan.state) {
7826 	case ATH10K_SCAN_IDLE:
7827 		reinit_completion(&ar->scan.started);
7828 		reinit_completion(&ar->scan.completed);
7829 		reinit_completion(&ar->scan.on_channel);
7830 		ar->scan.state = ATH10K_SCAN_STARTING;
7831 		ar->scan.is_roc = true;
7832 		ar->scan.vdev_id = arvif->vdev_id;
7833 		ar->scan.roc_freq = chan->center_freq;
7834 		ar->scan.roc_notify = true;
7835 		ret = 0;
7836 		break;
7837 	case ATH10K_SCAN_STARTING:
7838 	case ATH10K_SCAN_RUNNING:
7839 	case ATH10K_SCAN_ABORTING:
7840 		ret = -EBUSY;
7841 		break;
7842 	}
7843 	spin_unlock_bh(&ar->data_lock);
7844 
7845 	if (ret)
7846 		goto exit;
7847 
7848 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7849 
7850 	memset(&arg, 0, sizeof(arg));
7851 	ath10k_wmi_start_scan_init(ar, &arg);
7852 	arg.vdev_id = arvif->vdev_id;
7853 	arg.scan_id = ATH10K_SCAN_ID;
7854 	arg.n_channels = 1;
7855 	arg.channels[0] = chan->center_freq;
7856 	arg.dwell_time_active = scan_time_msec;
7857 	arg.dwell_time_passive = scan_time_msec;
7858 	arg.max_scan_time = scan_time_msec;
7859 	arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7860 	arg.scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7861 	arg.burst_duration_ms = duration;
7862 
7863 	ret = ath10k_start_scan(ar, &arg);
7864 	if (ret) {
7865 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7866 		spin_lock_bh(&ar->data_lock);
7867 		ar->scan.state = ATH10K_SCAN_IDLE;
7868 		spin_unlock_bh(&ar->data_lock);
7869 		goto exit;
7870 	}
7871 
7872 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
7873 	if (ret == 0) {
7874 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
7875 
7876 		ret = ath10k_scan_stop(ar);
7877 		if (ret)
7878 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
7879 
7880 		ret = -ETIMEDOUT;
7881 		goto exit;
7882 	}
7883 
7884 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
7885 				     msecs_to_jiffies(duration));
7886 
7887 	ret = 0;
7888 exit:
7889 	mutex_unlock(&ar->conf_mutex);
7890 	return ret;
7891 }
7892 
7893 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
7894 					   struct ieee80211_vif *vif)
7895 {
7896 	struct ath10k *ar = hw->priv;
7897 
7898 	mutex_lock(&ar->conf_mutex);
7899 
7900 	spin_lock_bh(&ar->data_lock);
7901 	ar->scan.roc_notify = false;
7902 	spin_unlock_bh(&ar->data_lock);
7903 
7904 	ath10k_scan_abort(ar);
7905 
7906 	mutex_unlock(&ar->conf_mutex);
7907 
7908 	cancel_delayed_work_sync(&ar->scan.timeout);
7909 
7910 	return 0;
7911 }
7912 
7913 /*
7914  * Both RTS and Fragmentation threshold are interface-specific
7915  * in ath10k, but device-specific in mac80211.
7916  */
7917 
7918 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
7919 {
7920 	struct ath10k *ar = hw->priv;
7921 	struct ath10k_vif *arvif;
7922 	int ret = 0;
7923 
7924 	mutex_lock(&ar->conf_mutex);
7925 	list_for_each_entry(arvif, &ar->arvifs, list) {
7926 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
7927 			   arvif->vdev_id, value);
7928 
7929 		ret = ath10k_mac_set_rts(arvif, value);
7930 		if (ret) {
7931 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
7932 				    arvif->vdev_id, ret);
7933 			break;
7934 		}
7935 	}
7936 	mutex_unlock(&ar->conf_mutex);
7937 
7938 	return ret;
7939 }
7940 
7941 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
7942 {
7943 	/* Even though there's a WMI enum for fragmentation threshold no known
7944 	 * firmware actually implements it. Moreover it is not possible to rely
7945 	 * frame fragmentation to mac80211 because firmware clears the "more
7946 	 * fragments" bit in frame control making it impossible for remote
7947 	 * devices to reassemble frames.
7948 	 *
7949 	 * Hence implement a dummy callback just to say fragmentation isn't
7950 	 * supported. This effectively prevents mac80211 from doing frame
7951 	 * fragmentation in software.
7952 	 */
7953 	return -EOPNOTSUPP;
7954 }
7955 
7956 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
7957 {
7958 	bool skip;
7959 	long time_left;
7960 
7961 	/* mac80211 doesn't care if we really xmit queued frames or not
7962 	 * we'll collect those frames either way if we stop/delete vdevs
7963 	 */
7964 
7965 	if (ar->state == ATH10K_STATE_WEDGED)
7966 		return;
7967 
7968 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
7969 			bool empty;
7970 
7971 			spin_lock_bh(&ar->htt.tx_lock);
7972 			empty = (ar->htt.num_pending_tx == 0);
7973 			spin_unlock_bh(&ar->htt.tx_lock);
7974 
7975 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
7976 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
7977 					&ar->dev_flags);
7978 
7979 			(empty || skip);
7980 		}), ATH10K_FLUSH_TIMEOUT_HZ);
7981 
7982 	if (time_left == 0 || skip)
7983 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
7984 			    skip, ar->state, time_left);
7985 }
7986 
7987 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
7988 			 u32 queues, bool drop)
7989 {
7990 	struct ath10k *ar = hw->priv;
7991 	struct ath10k_vif *arvif;
7992 	u32 bitmap;
7993 
7994 	if (drop) {
7995 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
7996 			bitmap = ~(1 << WMI_MGMT_TID);
7997 			list_for_each_entry(arvif, &ar->arvifs, list) {
7998 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
7999 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
8000 							      arvif->bssid, bitmap);
8001 			}
8002 			ath10k_htt_flush_tx(&ar->htt);
8003 		}
8004 		return;
8005 	}
8006 
8007 	mutex_lock(&ar->conf_mutex);
8008 	ath10k_mac_wait_tx_complete(ar);
8009 	mutex_unlock(&ar->conf_mutex);
8010 }
8011 
8012 /* TODO: Implement this function properly
8013  * For now it is needed to reply to Probe Requests in IBSS mode.
8014  * Propably we need this information from FW.
8015  */
8016 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
8017 {
8018 	return 1;
8019 }
8020 
8021 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
8022 				     enum ieee80211_reconfig_type reconfig_type)
8023 {
8024 	struct ath10k *ar = hw->priv;
8025 
8026 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
8027 		return;
8028 
8029 	mutex_lock(&ar->conf_mutex);
8030 
8031 	/* If device failed to restart it will be in a different state, e.g.
8032 	 * ATH10K_STATE_WEDGED
8033 	 */
8034 	if (ar->state == ATH10K_STATE_RESTARTED) {
8035 		ath10k_info(ar, "device successfully recovered\n");
8036 		ar->state = ATH10K_STATE_ON;
8037 		ieee80211_wake_queues(ar->hw);
8038 		clear_bit(ATH10K_FLAG_RESTARTING, &ar->dev_flags);
8039 	}
8040 
8041 	mutex_unlock(&ar->conf_mutex);
8042 }
8043 
8044 static void
8045 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
8046 				  struct ieee80211_channel *channel)
8047 {
8048 	int ret;
8049 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
8050 
8051 	lockdep_assert_held(&ar->conf_mutex);
8052 
8053 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
8054 	    (ar->rx_channel != channel))
8055 		return;
8056 
8057 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
8058 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
8059 		return;
8060 	}
8061 
8062 	reinit_completion(&ar->bss_survey_done);
8063 
8064 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
8065 	if (ret) {
8066 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
8067 		return;
8068 	}
8069 
8070 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
8071 	if (!ret) {
8072 		ath10k_warn(ar, "bss channel survey timed out\n");
8073 		return;
8074 	}
8075 }
8076 
8077 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
8078 			     struct survey_info *survey)
8079 {
8080 	struct ath10k *ar = hw->priv;
8081 	struct ieee80211_supported_band *sband;
8082 	struct survey_info *ar_survey = &ar->survey[idx];
8083 	int ret = 0;
8084 
8085 	mutex_lock(&ar->conf_mutex);
8086 
8087 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
8088 	if (sband && idx >= sband->n_channels) {
8089 		idx -= sband->n_channels;
8090 		sband = NULL;
8091 	}
8092 
8093 	if (!sband)
8094 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
8095 
8096 	if (!sband || idx >= sband->n_channels) {
8097 		ret = -ENOENT;
8098 		goto exit;
8099 	}
8100 
8101 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
8102 
8103 	spin_lock_bh(&ar->data_lock);
8104 	memcpy(survey, ar_survey, sizeof(*survey));
8105 	spin_unlock_bh(&ar->data_lock);
8106 
8107 	survey->channel = &sband->channels[idx];
8108 
8109 	if (ar->rx_channel == survey->channel)
8110 		survey->filled |= SURVEY_INFO_IN_USE;
8111 
8112 exit:
8113 	mutex_unlock(&ar->conf_mutex);
8114 	return ret;
8115 }
8116 
8117 static bool
8118 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
8119 				       enum nl80211_band band,
8120 				       const struct cfg80211_bitrate_mask *mask,
8121 				       int *nss)
8122 {
8123 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
8124 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8125 	u8 ht_nss_mask = 0;
8126 	u8 vht_nss_mask = 0;
8127 	int i;
8128 
8129 	if (mask->control[band].legacy)
8130 		return false;
8131 
8132 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
8133 		if (mask->control[band].ht_mcs[i] == 0)
8134 			continue;
8135 		else if (mask->control[band].ht_mcs[i] ==
8136 			 sband->ht_cap.mcs.rx_mask[i])
8137 			ht_nss_mask |= BIT(i);
8138 		else
8139 			return false;
8140 	}
8141 
8142 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
8143 		if (mask->control[band].vht_mcs[i] == 0)
8144 			continue;
8145 		else if (mask->control[band].vht_mcs[i] ==
8146 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
8147 			vht_nss_mask |= BIT(i);
8148 		else
8149 			return false;
8150 	}
8151 
8152 	if (ht_nss_mask != vht_nss_mask)
8153 		return false;
8154 
8155 	if (ht_nss_mask == 0)
8156 		return false;
8157 
8158 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
8159 		return false;
8160 
8161 	*nss = fls(ht_nss_mask);
8162 
8163 	return true;
8164 }
8165 
8166 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
8167 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
8168 {
8169 	struct ath10k *ar = arvif->ar;
8170 	u32 vdev_param;
8171 	int ret;
8172 
8173 	lockdep_assert_held(&ar->conf_mutex);
8174 
8175 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02x nss %u sgi %u\n",
8176 		   arvif->vdev_id, rate, nss, sgi);
8177 
8178 	vdev_param = ar->wmi.vdev_param->fixed_rate;
8179 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
8180 	if (ret) {
8181 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
8182 			    rate, ret);
8183 		return ret;
8184 	}
8185 
8186 	vdev_param = ar->wmi.vdev_param->nss;
8187 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
8188 	if (ret) {
8189 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
8190 		return ret;
8191 	}
8192 
8193 	vdev_param = ar->wmi.vdev_param->sgi;
8194 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
8195 	if (ret) {
8196 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
8197 		return ret;
8198 	}
8199 
8200 	vdev_param = ar->wmi.vdev_param->ldpc;
8201 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
8202 	if (ret) {
8203 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
8204 		return ret;
8205 	}
8206 
8207 	return 0;
8208 }
8209 
8210 static bool
8211 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
8212 				enum nl80211_band band,
8213 				const struct cfg80211_bitrate_mask *mask,
8214 				bool allow_pfr)
8215 {
8216 	int i;
8217 	u16 vht_mcs;
8218 
8219 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
8220 	 * to express all VHT MCS rate masks. Effectively only the following
8221 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
8222 	 */
8223 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8224 		vht_mcs = mask->control[band].vht_mcs[i];
8225 
8226 		switch (vht_mcs) {
8227 		case 0:
8228 		case BIT(8) - 1:
8229 		case BIT(9) - 1:
8230 		case BIT(10) - 1:
8231 			break;
8232 		default:
8233 			if (!allow_pfr)
8234 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
8235 			return false;
8236 		}
8237 	}
8238 
8239 	return true;
8240 }
8241 
8242 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
8243 						  struct ath10k_vif *arvif,
8244 						  struct ieee80211_sta *sta)
8245 {
8246 	int err;
8247 	u8 rate = arvif->vht_pfr;
8248 
8249 	/* skip non vht and multiple rate peers */
8250 	if (!sta->vht_cap.vht_supported || arvif->vht_num_rates != 1)
8251 		return false;
8252 
8253 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8254 					WMI_PEER_PARAM_FIXED_RATE, rate);
8255 	if (err)
8256 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
8257 			    sta->addr, err);
8258 
8259 	return true;
8260 }
8261 
8262 static void ath10k_mac_set_bitrate_mask_iter(void *data,
8263 					     struct ieee80211_sta *sta)
8264 {
8265 	struct ath10k_vif *arvif = data;
8266 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8267 	struct ath10k *ar = arvif->ar;
8268 
8269 	if (arsta->arvif != arvif)
8270 		return;
8271 
8272 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
8273 		return;
8274 
8275 	spin_lock_bh(&ar->data_lock);
8276 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
8277 	spin_unlock_bh(&ar->data_lock);
8278 
8279 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
8280 }
8281 
8282 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
8283 					     struct ieee80211_sta *sta)
8284 {
8285 	struct ath10k_vif *arvif = data;
8286 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8287 	struct ath10k *ar = arvif->ar;
8288 	int err;
8289 
8290 	/* clear vht peers only */
8291 	if (arsta->arvif != arvif || !sta->vht_cap.vht_supported)
8292 		return;
8293 
8294 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8295 					WMI_PEER_PARAM_FIXED_RATE,
8296 					WMI_FIXED_RATE_NONE);
8297 	if (err)
8298 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
8299 			    sta->addr, err);
8300 }
8301 
8302 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
8303 					  struct ieee80211_vif *vif,
8304 					  const struct cfg80211_bitrate_mask *mask)
8305 {
8306 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8307 	struct cfg80211_chan_def def;
8308 	struct ath10k *ar = arvif->ar;
8309 	enum nl80211_band band;
8310 	const u8 *ht_mcs_mask;
8311 	const u16 *vht_mcs_mask;
8312 	u8 rate;
8313 	u8 nss;
8314 	u8 sgi;
8315 	u8 ldpc;
8316 	int single_nss;
8317 	int ret;
8318 	int vht_num_rates, allow_pfr;
8319 	u8 vht_pfr;
8320 	bool update_bitrate_mask = true;
8321 
8322 	if (ath10k_mac_vif_chan(vif, &def))
8323 		return -EPERM;
8324 
8325 	band = def.chan->band;
8326 	ht_mcs_mask = mask->control[band].ht_mcs;
8327 	vht_mcs_mask = mask->control[band].vht_mcs;
8328 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
8329 
8330 	sgi = mask->control[band].gi;
8331 	if (sgi == NL80211_TXRATE_FORCE_LGI)
8332 		return -EINVAL;
8333 
8334 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
8335 			     ar->normal_mode_fw.fw_file.fw_features);
8336 	if (allow_pfr) {
8337 		mutex_lock(&ar->conf_mutex);
8338 		ieee80211_iterate_stations_atomic(ar->hw,
8339 						  ath10k_mac_clr_bitrate_mask_iter,
8340 						  arvif);
8341 		mutex_unlock(&ar->conf_mutex);
8342 	}
8343 
8344 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
8345 						    &vht_num_rates)) {
8346 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8347 							      &rate, &nss,
8348 							      false);
8349 		if (ret) {
8350 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
8351 				    arvif->vdev_id, ret);
8352 			return ret;
8353 		}
8354 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
8355 							  &single_nss)) {
8356 		rate = WMI_FIXED_RATE_NONE;
8357 		nss = single_nss;
8358 	} else {
8359 		rate = WMI_FIXED_RATE_NONE;
8360 		nss = min(ar->num_rf_chains,
8361 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
8362 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
8363 
8364 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
8365 						     allow_pfr)) {
8366 			u8 vht_nss;
8367 
8368 			if (!allow_pfr || vht_num_rates != 1)
8369 				return -EINVAL;
8370 
8371 			/* Reach here, firmware supports peer fixed rate and has
8372 			 * single vht rate, and don't update vif birate_mask, as
8373 			 * the rate only for specific peer.
8374 			 */
8375 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8376 								&vht_pfr,
8377 								&vht_nss,
8378 								true);
8379 			update_bitrate_mask = false;
8380 		} else {
8381 			vht_pfr = 0;
8382 		}
8383 
8384 		mutex_lock(&ar->conf_mutex);
8385 
8386 		if (update_bitrate_mask)
8387 			arvif->bitrate_mask = *mask;
8388 		arvif->vht_num_rates = vht_num_rates;
8389 		arvif->vht_pfr = vht_pfr;
8390 		ieee80211_iterate_stations_atomic(ar->hw,
8391 						  ath10k_mac_set_bitrate_mask_iter,
8392 						  arvif);
8393 
8394 		mutex_unlock(&ar->conf_mutex);
8395 	}
8396 
8397 	mutex_lock(&ar->conf_mutex);
8398 
8399 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
8400 	if (ret) {
8401 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
8402 			    arvif->vdev_id, ret);
8403 		goto exit;
8404 	}
8405 
8406 exit:
8407 	mutex_unlock(&ar->conf_mutex);
8408 
8409 	return ret;
8410 }
8411 
8412 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
8413 				 struct ieee80211_vif *vif,
8414 				 struct ieee80211_sta *sta,
8415 				 u32 changed)
8416 {
8417 	struct ath10k *ar = hw->priv;
8418 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8419 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8420 	struct ath10k_peer *peer;
8421 	u32 bw, smps;
8422 
8423 	spin_lock_bh(&ar->data_lock);
8424 
8425 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
8426 	if (!peer) {
8427 		spin_unlock_bh(&ar->data_lock);
8428 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
8429 			    sta->addr, arvif->vdev_id);
8430 		return;
8431 	}
8432 
8433 	ath10k_dbg(ar, ATH10K_DBG_STA,
8434 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
8435 		   sta->addr, changed, sta->bandwidth, sta->rx_nss,
8436 		   sta->smps_mode);
8437 
8438 	if (changed & IEEE80211_RC_BW_CHANGED) {
8439 		bw = WMI_PEER_CHWIDTH_20MHZ;
8440 
8441 		switch (sta->bandwidth) {
8442 		case IEEE80211_STA_RX_BW_20:
8443 			bw = WMI_PEER_CHWIDTH_20MHZ;
8444 			break;
8445 		case IEEE80211_STA_RX_BW_40:
8446 			bw = WMI_PEER_CHWIDTH_40MHZ;
8447 			break;
8448 		case IEEE80211_STA_RX_BW_80:
8449 			bw = WMI_PEER_CHWIDTH_80MHZ;
8450 			break;
8451 		case IEEE80211_STA_RX_BW_160:
8452 			bw = WMI_PEER_CHWIDTH_160MHZ;
8453 			break;
8454 		default:
8455 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
8456 				    sta->bandwidth, sta->addr);
8457 			bw = WMI_PEER_CHWIDTH_20MHZ;
8458 			break;
8459 		}
8460 
8461 		arsta->bw = bw;
8462 	}
8463 
8464 	if (changed & IEEE80211_RC_NSS_CHANGED)
8465 		arsta->nss = sta->rx_nss;
8466 
8467 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
8468 		smps = WMI_PEER_SMPS_PS_NONE;
8469 
8470 		switch (sta->smps_mode) {
8471 		case IEEE80211_SMPS_AUTOMATIC:
8472 		case IEEE80211_SMPS_OFF:
8473 			smps = WMI_PEER_SMPS_PS_NONE;
8474 			break;
8475 		case IEEE80211_SMPS_STATIC:
8476 			smps = WMI_PEER_SMPS_STATIC;
8477 			break;
8478 		case IEEE80211_SMPS_DYNAMIC:
8479 			smps = WMI_PEER_SMPS_DYNAMIC;
8480 			break;
8481 		case IEEE80211_SMPS_NUM_MODES:
8482 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
8483 				    sta->smps_mode, sta->addr);
8484 			smps = WMI_PEER_SMPS_PS_NONE;
8485 			break;
8486 		}
8487 
8488 		arsta->smps = smps;
8489 	}
8490 
8491 	arsta->changed |= changed;
8492 
8493 	spin_unlock_bh(&ar->data_lock);
8494 
8495 	ieee80211_queue_work(hw, &arsta->update_wk);
8496 }
8497 
8498 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
8499 			      struct ieee80211_vif *vif, s64 tsf_offset)
8500 {
8501 	struct ath10k *ar = hw->priv;
8502 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8503 	u32 offset, vdev_param;
8504 	int ret;
8505 
8506 	if (tsf_offset < 0) {
8507 		vdev_param = ar->wmi.vdev_param->dec_tsf;
8508 		offset = -tsf_offset;
8509 	} else {
8510 		vdev_param = ar->wmi.vdev_param->inc_tsf;
8511 		offset = tsf_offset;
8512 	}
8513 
8514 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
8515 					vdev_param, offset);
8516 
8517 	if (ret && ret != -EOPNOTSUPP)
8518 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
8519 			    offset, vdev_param, ret);
8520 }
8521 
8522 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
8523 			       struct ieee80211_vif *vif,
8524 			       struct ieee80211_ampdu_params *params)
8525 {
8526 	struct ath10k *ar = hw->priv;
8527 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8528 	struct ieee80211_sta *sta = params->sta;
8529 	enum ieee80211_ampdu_mlme_action action = params->action;
8530 	u16 tid = params->tid;
8531 
8532 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %u action %d\n",
8533 		   arvif->vdev_id, sta->addr, tid, action);
8534 
8535 	switch (action) {
8536 	case IEEE80211_AMPDU_RX_START:
8537 	case IEEE80211_AMPDU_RX_STOP:
8538 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
8539 		 * creation/removal. Do we need to verify this?
8540 		 */
8541 		return 0;
8542 	case IEEE80211_AMPDU_TX_START:
8543 	case IEEE80211_AMPDU_TX_STOP_CONT:
8544 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
8545 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
8546 	case IEEE80211_AMPDU_TX_OPERATIONAL:
8547 		/* Firmware offloads Tx aggregation entirely so deny mac80211
8548 		 * Tx aggregation requests.
8549 		 */
8550 		return -EOPNOTSUPP;
8551 	}
8552 
8553 	return -EINVAL;
8554 }
8555 
8556 static void
8557 ath10k_mac_update_rx_channel(struct ath10k *ar,
8558 			     struct ieee80211_chanctx_conf *ctx,
8559 			     struct ieee80211_vif_chanctx_switch *vifs,
8560 			     int n_vifs)
8561 {
8562 	struct cfg80211_chan_def *def = NULL;
8563 
8564 	/* Both locks are required because ar->rx_channel is modified. This
8565 	 * allows readers to hold either lock.
8566 	 */
8567 	lockdep_assert_held(&ar->conf_mutex);
8568 	lockdep_assert_held(&ar->data_lock);
8569 
8570 	WARN_ON(ctx && vifs);
8571 	WARN_ON(vifs && !n_vifs);
8572 
8573 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
8574 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
8575 	 * ppdu on Rx may reduce performance on low-end systems. It should be
8576 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
8577 	 * cpu data cache lines though regarding sizes) but to keep the initial
8578 	 * implementation simple and less intrusive fallback to the slow lookup
8579 	 * only for multi-channel cases. Single-channel cases will remain to
8580 	 * use the old channel derival and thus performance should not be
8581 	 * affected much.
8582 	 */
8583 	rcu_read_lock();
8584 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
8585 		ieee80211_iter_chan_contexts_atomic(ar->hw,
8586 						    ath10k_mac_get_any_chandef_iter,
8587 						    &def);
8588 
8589 		if (vifs)
8590 			def = &vifs[0].new_ctx->def;
8591 
8592 		ar->rx_channel = def->chan;
8593 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
8594 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
8595 		/* During driver restart due to firmware assert, since mac80211
8596 		 * already has valid channel context for given radio, channel
8597 		 * context iteration return num_chanctx > 0. So fix rx_channel
8598 		 * when restart is in progress.
8599 		 */
8600 		ar->rx_channel = ctx->def.chan;
8601 	} else {
8602 		ar->rx_channel = NULL;
8603 	}
8604 	rcu_read_unlock();
8605 }
8606 
8607 static void
8608 ath10k_mac_update_vif_chan(struct ath10k *ar,
8609 			   struct ieee80211_vif_chanctx_switch *vifs,
8610 			   int n_vifs)
8611 {
8612 	struct ath10k_vif *arvif;
8613 	int ret;
8614 	int i;
8615 
8616 	lockdep_assert_held(&ar->conf_mutex);
8617 
8618 	/* First stop monitor interface. Some FW versions crash if there's a
8619 	 * lone monitor interface.
8620 	 */
8621 	if (ar->monitor_started)
8622 		ath10k_monitor_stop(ar);
8623 
8624 	for (i = 0; i < n_vifs; i++) {
8625 		arvif = (void *)vifs[i].vif->drv_priv;
8626 
8627 		ath10k_dbg(ar, ATH10K_DBG_MAC,
8628 			   "mac chanctx switch vdev_id %i freq %u->%u width %d->%d\n",
8629 			   arvif->vdev_id,
8630 			   vifs[i].old_ctx->def.chan->center_freq,
8631 			   vifs[i].new_ctx->def.chan->center_freq,
8632 			   vifs[i].old_ctx->def.width,
8633 			   vifs[i].new_ctx->def.width);
8634 
8635 		if (WARN_ON(!arvif->is_started))
8636 			continue;
8637 
8638 		if (WARN_ON(!arvif->is_up))
8639 			continue;
8640 
8641 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8642 		if (ret) {
8643 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
8644 				    arvif->vdev_id, ret);
8645 			continue;
8646 		}
8647 	}
8648 
8649 	/* All relevant vdevs are downed and associated channel resources
8650 	 * should be available for the channel switch now.
8651 	 */
8652 
8653 	spin_lock_bh(&ar->data_lock);
8654 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
8655 	spin_unlock_bh(&ar->data_lock);
8656 
8657 	for (i = 0; i < n_vifs; i++) {
8658 		arvif = (void *)vifs[i].vif->drv_priv;
8659 
8660 		if (WARN_ON(!arvif->is_started))
8661 			continue;
8662 
8663 		if (WARN_ON(!arvif->is_up))
8664 			continue;
8665 
8666 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
8667 		if (ret)
8668 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
8669 				    ret);
8670 
8671 		ret = ath10k_mac_setup_prb_tmpl(arvif);
8672 		if (ret)
8673 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
8674 				    ret);
8675 
8676 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
8677 		if (ret) {
8678 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
8679 				    arvif->vdev_id, ret);
8680 			continue;
8681 		}
8682 
8683 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
8684 					 arvif->bssid);
8685 		if (ret) {
8686 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
8687 				    arvif->vdev_id, ret);
8688 			continue;
8689 		}
8690 	}
8691 
8692 	ath10k_monitor_recalc(ar);
8693 }
8694 
8695 static int
8696 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
8697 			  struct ieee80211_chanctx_conf *ctx)
8698 {
8699 	struct ath10k *ar = hw->priv;
8700 
8701 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8702 		   "mac chanctx add freq %u width %d ptr %pK\n",
8703 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8704 
8705 	mutex_lock(&ar->conf_mutex);
8706 
8707 	spin_lock_bh(&ar->data_lock);
8708 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
8709 	spin_unlock_bh(&ar->data_lock);
8710 
8711 	ath10k_recalc_radar_detection(ar);
8712 	ath10k_monitor_recalc(ar);
8713 
8714 	mutex_unlock(&ar->conf_mutex);
8715 
8716 	return 0;
8717 }
8718 
8719 static void
8720 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
8721 			     struct ieee80211_chanctx_conf *ctx)
8722 {
8723 	struct ath10k *ar = hw->priv;
8724 
8725 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8726 		   "mac chanctx remove freq %u width %d ptr %pK\n",
8727 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8728 
8729 	mutex_lock(&ar->conf_mutex);
8730 
8731 	spin_lock_bh(&ar->data_lock);
8732 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
8733 	spin_unlock_bh(&ar->data_lock);
8734 
8735 	ath10k_recalc_radar_detection(ar);
8736 	ath10k_monitor_recalc(ar);
8737 
8738 	mutex_unlock(&ar->conf_mutex);
8739 }
8740 
8741 struct ath10k_mac_change_chanctx_arg {
8742 	struct ieee80211_chanctx_conf *ctx;
8743 	struct ieee80211_vif_chanctx_switch *vifs;
8744 	int n_vifs;
8745 	int next_vif;
8746 };
8747 
8748 static void
8749 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8750 				   struct ieee80211_vif *vif)
8751 {
8752 	struct ath10k_mac_change_chanctx_arg *arg = data;
8753 
8754 	if (rcu_access_pointer(vif->chanctx_conf) != arg->ctx)
8755 		return;
8756 
8757 	arg->n_vifs++;
8758 }
8759 
8760 static void
8761 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8762 				    struct ieee80211_vif *vif)
8763 {
8764 	struct ath10k_mac_change_chanctx_arg *arg = data;
8765 	struct ieee80211_chanctx_conf *ctx;
8766 
8767 	ctx = rcu_access_pointer(vif->chanctx_conf);
8768 	if (ctx != arg->ctx)
8769 		return;
8770 
8771 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8772 		return;
8773 
8774 	arg->vifs[arg->next_vif].vif = vif;
8775 	arg->vifs[arg->next_vif].old_ctx = ctx;
8776 	arg->vifs[arg->next_vif].new_ctx = ctx;
8777 	arg->next_vif++;
8778 }
8779 
8780 static void
8781 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8782 			     struct ieee80211_chanctx_conf *ctx,
8783 			     u32 changed)
8784 {
8785 	struct ath10k *ar = hw->priv;
8786 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8787 
8788 	mutex_lock(&ar->conf_mutex);
8789 
8790 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8791 		   "mac chanctx change freq %u width %d ptr %pK changed %x\n",
8792 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8793 
8794 	/* This shouldn't really happen because channel switching should use
8795 	 * switch_vif_chanctx().
8796 	 */
8797 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8798 		goto unlock;
8799 
8800 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8801 		ieee80211_iterate_active_interfaces_atomic(
8802 					hw,
8803 					ATH10K_ITER_NORMAL_FLAGS,
8804 					ath10k_mac_change_chanctx_cnt_iter,
8805 					&arg);
8806 		if (arg.n_vifs == 0)
8807 			goto radar;
8808 
8809 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8810 				   GFP_KERNEL);
8811 		if (!arg.vifs)
8812 			goto radar;
8813 
8814 		ieee80211_iterate_active_interfaces_atomic(
8815 					hw,
8816 					ATH10K_ITER_NORMAL_FLAGS,
8817 					ath10k_mac_change_chanctx_fill_iter,
8818 					&arg);
8819 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8820 		kfree(arg.vifs);
8821 	}
8822 
8823 radar:
8824 	ath10k_recalc_radar_detection(ar);
8825 
8826 	/* FIXME: How to configure Rx chains properly? */
8827 
8828 	/* No other actions are actually necessary. Firmware maintains channel
8829 	 * definitions per vdev internally and there's no host-side channel
8830 	 * context abstraction to configure, e.g. channel width.
8831 	 */
8832 
8833 unlock:
8834 	mutex_unlock(&ar->conf_mutex);
8835 }
8836 
8837 static int
8838 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8839 				 struct ieee80211_vif *vif,
8840 				 struct ieee80211_chanctx_conf *ctx)
8841 {
8842 	struct ath10k *ar = hw->priv;
8843 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8844 	int ret;
8845 
8846 	mutex_lock(&ar->conf_mutex);
8847 
8848 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8849 		   "mac chanctx assign ptr %pK vdev_id %i\n",
8850 		   ctx, arvif->vdev_id);
8851 
8852 	if (WARN_ON(arvif->is_started)) {
8853 		mutex_unlock(&ar->conf_mutex);
8854 		return -EBUSY;
8855 	}
8856 
8857 	ret = ath10k_vdev_start(arvif, &ctx->def);
8858 	if (ret) {
8859 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
8860 			    arvif->vdev_id, vif->addr,
8861 			    ctx->def.chan->center_freq, ret);
8862 		goto err;
8863 	}
8864 
8865 	arvif->is_started = true;
8866 
8867 	ret = ath10k_mac_vif_setup_ps(arvif);
8868 	if (ret) {
8869 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
8870 			    arvif->vdev_id, ret);
8871 		goto err_stop;
8872 	}
8873 
8874 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8875 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
8876 		if (ret) {
8877 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
8878 				    arvif->vdev_id, ret);
8879 			goto err_stop;
8880 		}
8881 
8882 		arvif->is_up = true;
8883 	}
8884 
8885 	if (ath10k_mac_can_set_cts_prot(arvif)) {
8886 		ret = ath10k_mac_set_cts_prot(arvif);
8887 		if (ret)
8888 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
8889 				    arvif->vdev_id, ret);
8890 	}
8891 
8892 	if (ath10k_peer_stats_enabled(ar) &&
8893 	    ar->hw_params.tx_stats_over_pktlog) {
8894 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
8895 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
8896 						    ar->pktlog_filter);
8897 		if (ret) {
8898 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
8899 			goto err_stop;
8900 		}
8901 	}
8902 
8903 	mutex_unlock(&ar->conf_mutex);
8904 	return 0;
8905 
8906 err_stop:
8907 	ath10k_vdev_stop(arvif);
8908 	arvif->is_started = false;
8909 	ath10k_mac_vif_setup_ps(arvif);
8910 
8911 err:
8912 	mutex_unlock(&ar->conf_mutex);
8913 	return ret;
8914 }
8915 
8916 static void
8917 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
8918 				   struct ieee80211_vif *vif,
8919 				   struct ieee80211_chanctx_conf *ctx)
8920 {
8921 	struct ath10k *ar = hw->priv;
8922 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8923 	int ret;
8924 
8925 	mutex_lock(&ar->conf_mutex);
8926 
8927 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8928 		   "mac chanctx unassign ptr %pK vdev_id %i\n",
8929 		   ctx, arvif->vdev_id);
8930 
8931 	WARN_ON(!arvif->is_started);
8932 
8933 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8934 		WARN_ON(!arvif->is_up);
8935 
8936 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8937 		if (ret)
8938 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
8939 				    arvif->vdev_id, ret);
8940 
8941 		arvif->is_up = false;
8942 	}
8943 
8944 	ret = ath10k_vdev_stop(arvif);
8945 	if (ret)
8946 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
8947 			    arvif->vdev_id, ret);
8948 
8949 	arvif->is_started = false;
8950 
8951 	mutex_unlock(&ar->conf_mutex);
8952 }
8953 
8954 static int
8955 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
8956 				 struct ieee80211_vif_chanctx_switch *vifs,
8957 				 int n_vifs,
8958 				 enum ieee80211_chanctx_switch_mode mode)
8959 {
8960 	struct ath10k *ar = hw->priv;
8961 
8962 	mutex_lock(&ar->conf_mutex);
8963 
8964 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8965 		   "mac chanctx switch n_vifs %d mode %d\n",
8966 		   n_vifs, mode);
8967 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
8968 
8969 	mutex_unlock(&ar->conf_mutex);
8970 	return 0;
8971 }
8972 
8973 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
8974 					     struct ieee80211_vif *vif,
8975 					     struct ieee80211_sta *sta)
8976 {
8977 	struct ath10k *ar;
8978 	struct ath10k_peer *peer;
8979 
8980 	ar = hw->priv;
8981 
8982 	list_for_each_entry(peer, &ar->peers, list)
8983 		if (peer->sta == sta)
8984 			peer->removed = true;
8985 }
8986 
8987 /* HT MCS parameters with Nss = 1 */
8988 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss1[] = {
8989 	/* MCS  L20   L40   S20  S40 */
8990 	{0,  { 65,  135,  72,  150} },
8991 	{1,  { 130, 270,  144, 300} },
8992 	{2,  { 195, 405,  217, 450} },
8993 	{3,  { 260, 540,  289, 600} },
8994 	{4,  { 390, 810,  433, 900} },
8995 	{5,  { 520, 1080, 578, 1200} },
8996 	{6,  { 585, 1215, 650, 1350} },
8997 	{7,  { 650, 1350, 722, 1500} }
8998 };
8999 
9000 /* HT MCS parameters with Nss = 2 */
9001 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss2[] = {
9002 	/* MCS  L20    L40   S20   S40 */
9003 	{0,  {130,  270,  144,  300} },
9004 	{1,  {260,  540,  289,  600} },
9005 	{2,  {390,  810,  433,  900} },
9006 	{3,  {520,  1080, 578,  1200} },
9007 	{4,  {780,  1620, 867,  1800} },
9008 	{5,  {1040, 2160, 1156, 2400} },
9009 	{6,  {1170, 2430, 1300, 2700} },
9010 	{7,  {1300, 2700, 1444, 3000} }
9011 };
9012 
9013 /* MCS parameters with Nss = 1 */
9014 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[] = {
9015 	/* MCS  L80    S80     L40   S40    L20   S20 */
9016 	{0,  {293,  325},  {135,  150},  {65,   72} },
9017 	{1,  {585,  650},  {270,  300},  {130,  144} },
9018 	{2,  {878,  975},  {405,  450},  {195,  217} },
9019 	{3,  {1170, 1300}, {540,  600},  {260,  289} },
9020 	{4,  {1755, 1950}, {810,  900},  {390,  433} },
9021 	{5,  {2340, 2600}, {1080, 1200}, {520,  578} },
9022 	{6,  {2633, 2925}, {1215, 1350}, {585,  650} },
9023 	{7,  {2925, 3250}, {1350, 1500}, {650,  722} },
9024 	{8,  {3510, 3900}, {1620, 1800}, {780,  867} },
9025 	{9,  {3900, 4333}, {1800, 2000}, {780,  867} }
9026 };
9027 
9028 /*MCS parameters with Nss = 2 */
9029 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[] = {
9030 	/* MCS  L80    S80     L40   S40    L20   S20 */
9031 	{0,  {585,  650},  {270,  300},  {130,  144} },
9032 	{1,  {1170, 1300}, {540,  600},  {260,  289} },
9033 	{2,  {1755, 1950}, {810,  900},  {390,  433} },
9034 	{3,  {2340, 2600}, {1080, 1200}, {520,  578} },
9035 	{4,  {3510, 3900}, {1620, 1800}, {780,  867} },
9036 	{5,  {4680, 5200}, {2160, 2400}, {1040, 1156} },
9037 	{6,  {5265, 5850}, {2430, 2700}, {1170, 1300} },
9038 	{7,  {5850, 6500}, {2700, 3000}, {1300, 1444} },
9039 	{8,  {7020, 7800}, {3240, 3600}, {1560, 1733} },
9040 	{9,  {7800, 8667}, {3600, 4000}, {1560, 1733} }
9041 };
9042 
9043 static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9044 					 u8 *flags, u8 *bw)
9045 {
9046 	struct ath10k_index_ht_data_rate_type *mcs_rate;
9047 	u8 index;
9048 	size_t len_nss1 = ARRAY_SIZE(supported_ht_mcs_rate_nss1);
9049 	size_t len_nss2 = ARRAY_SIZE(supported_ht_mcs_rate_nss2);
9050 
9051 	if (mcs >= (len_nss1 + len_nss2)) {
9052 		ath10k_warn(ar, "not supported mcs %d in current rate table", mcs);
9053 		return;
9054 	}
9055 
9056 	mcs_rate = (struct ath10k_index_ht_data_rate_type *)
9057 		   ((nss == 1) ? &supported_ht_mcs_rate_nss1 :
9058 		   &supported_ht_mcs_rate_nss2);
9059 
9060 	if (mcs >= len_nss1)
9061 		index = mcs - len_nss1;
9062 	else
9063 		index = mcs;
9064 
9065 	if (rate == mcs_rate[index].supported_rate[0]) {
9066 		*bw = RATE_INFO_BW_20;
9067 	} else if (rate == mcs_rate[index].supported_rate[1]) {
9068 		*bw |= RATE_INFO_BW_40;
9069 	} else if (rate == mcs_rate[index].supported_rate[2]) {
9070 		*bw |= RATE_INFO_BW_20;
9071 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9072 	} else if (rate == mcs_rate[index].supported_rate[3]) {
9073 		*bw |= RATE_INFO_BW_40;
9074 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9075 	} else {
9076 		ath10k_warn(ar, "invalid ht params rate %d 100kbps nss %d mcs %d",
9077 			    rate, nss, mcs);
9078 	}
9079 }
9080 
9081 static void ath10k_mac_get_rate_flags_vht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9082 					  u8 *flags, u8 *bw)
9083 {
9084 	struct ath10k_index_vht_data_rate_type *mcs_rate;
9085 
9086 	mcs_rate = (struct ath10k_index_vht_data_rate_type *)
9087 		   ((nss == 1) ? &supported_vht_mcs_rate_nss1 :
9088 		   &supported_vht_mcs_rate_nss2);
9089 
9090 	if (rate == mcs_rate[mcs].supported_VHT80_rate[0]) {
9091 		*bw = RATE_INFO_BW_80;
9092 	} else if (rate == mcs_rate[mcs].supported_VHT80_rate[1]) {
9093 		*bw = RATE_INFO_BW_80;
9094 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9095 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[0]) {
9096 		*bw = RATE_INFO_BW_40;
9097 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[1]) {
9098 		*bw = RATE_INFO_BW_40;
9099 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9100 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[0]) {
9101 		*bw = RATE_INFO_BW_20;
9102 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[1]) {
9103 		*bw = RATE_INFO_BW_20;
9104 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9105 	} else {
9106 		ath10k_warn(ar, "invalid vht params rate %d 100kbps nss %d mcs %d",
9107 			    rate, nss, mcs);
9108 	}
9109 }
9110 
9111 static void ath10k_mac_get_rate_flags(struct ath10k *ar, u32 rate,
9112 				      enum ath10k_phy_mode mode, u8 nss, u8 mcs,
9113 				      u8 *flags, u8 *bw)
9114 {
9115 	if (mode == ATH10K_PHY_MODE_HT) {
9116 		*flags = RATE_INFO_FLAGS_MCS;
9117 		ath10k_mac_get_rate_flags_ht(ar, rate, nss, mcs, flags, bw);
9118 	} else if (mode == ATH10K_PHY_MODE_VHT) {
9119 		*flags = RATE_INFO_FLAGS_VHT_MCS;
9120 		ath10k_mac_get_rate_flags_vht(ar, rate, nss, mcs, flags, bw);
9121 	}
9122 }
9123 
9124 static void ath10k_mac_parse_bitrate(struct ath10k *ar, u32 rate_code,
9125 				     u32 bitrate_kbps, struct rate_info *rate)
9126 {
9127 	enum ath10k_phy_mode mode = ATH10K_PHY_MODE_LEGACY;
9128 	enum wmi_rate_preamble preamble = WMI_TLV_GET_HW_RC_PREAM_V1(rate_code);
9129 	u8 nss = WMI_TLV_GET_HW_RC_NSS_V1(rate_code) + 1;
9130 	u8 mcs = WMI_TLV_GET_HW_RC_RATE_V1(rate_code);
9131 	u8 flags = 0, bw = 0;
9132 
9133 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac parse rate code 0x%x bitrate %d kbps\n",
9134 		   rate_code, bitrate_kbps);
9135 
9136 	if (preamble == WMI_RATE_PREAMBLE_HT)
9137 		mode = ATH10K_PHY_MODE_HT;
9138 	else if (preamble == WMI_RATE_PREAMBLE_VHT)
9139 		mode = ATH10K_PHY_MODE_VHT;
9140 
9141 	ath10k_mac_get_rate_flags(ar, bitrate_kbps / 100, mode, nss, mcs, &flags, &bw);
9142 
9143 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9144 		   "mac parse bitrate preamble %d mode %d nss %d mcs %d flags %x bw %d\n",
9145 		   preamble, mode, nss, mcs, flags, bw);
9146 
9147 	rate->flags = flags;
9148 	rate->bw = bw;
9149 	rate->legacy = bitrate_kbps / 100;
9150 	rate->nss = nss;
9151 	rate->mcs = mcs;
9152 }
9153 
9154 static void ath10k_mac_sta_get_peer_stats_info(struct ath10k *ar,
9155 					       struct ieee80211_sta *sta,
9156 					       struct station_info *sinfo)
9157 {
9158 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9159 	struct ath10k_peer *peer;
9160 	unsigned long time_left;
9161 	int ret;
9162 
9163 	if (!(ar->hw_params.supports_peer_stats_info &&
9164 	      arsta->arvif->vdev_type == WMI_VDEV_TYPE_STA))
9165 		return;
9166 
9167 	spin_lock_bh(&ar->data_lock);
9168 	peer = ath10k_peer_find(ar, arsta->arvif->vdev_id, sta->addr);
9169 	spin_unlock_bh(&ar->data_lock);
9170 	if (!peer)
9171 		return;
9172 
9173 	reinit_completion(&ar->peer_stats_info_complete);
9174 
9175 	ret = ath10k_wmi_request_peer_stats_info(ar,
9176 						 arsta->arvif->vdev_id,
9177 						 WMI_REQUEST_ONE_PEER_STATS_INFO,
9178 						 arsta->arvif->bssid,
9179 						 0);
9180 	if (ret && ret != -EOPNOTSUPP) {
9181 		ath10k_warn(ar, "could not request peer stats info: %d\n", ret);
9182 		return;
9183 	}
9184 
9185 	time_left = wait_for_completion_timeout(&ar->peer_stats_info_complete, 3 * HZ);
9186 	if (time_left == 0) {
9187 		ath10k_warn(ar, "timed out waiting peer stats info\n");
9188 		return;
9189 	}
9190 
9191 	if (arsta->rx_rate_code != 0 && arsta->rx_bitrate_kbps != 0) {
9192 		ath10k_mac_parse_bitrate(ar, arsta->rx_rate_code,
9193 					 arsta->rx_bitrate_kbps,
9194 					 &sinfo->rxrate);
9195 
9196 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
9197 		arsta->rx_rate_code = 0;
9198 		arsta->rx_bitrate_kbps = 0;
9199 	}
9200 
9201 	if (arsta->tx_rate_code != 0 && arsta->tx_bitrate_kbps != 0) {
9202 		ath10k_mac_parse_bitrate(ar, arsta->tx_rate_code,
9203 					 arsta->tx_bitrate_kbps,
9204 					 &sinfo->txrate);
9205 
9206 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9207 		arsta->tx_rate_code = 0;
9208 		arsta->tx_bitrate_kbps = 0;
9209 	}
9210 }
9211 
9212 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
9213 				  struct ieee80211_vif *vif,
9214 				  struct ieee80211_sta *sta,
9215 				  struct station_info *sinfo)
9216 {
9217 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9218 	struct ath10k *ar = arsta->arvif->ar;
9219 
9220 	if (!ath10k_peer_stats_enabled(ar))
9221 		return;
9222 
9223 	mutex_lock(&ar->conf_mutex);
9224 	ath10k_debug_fw_stats_request(ar);
9225 	mutex_unlock(&ar->conf_mutex);
9226 
9227 	sinfo->rx_duration = arsta->rx_duration;
9228 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
9229 
9230 	if (arsta->txrate.legacy || arsta->txrate.nss) {
9231 		if (arsta->txrate.legacy) {
9232 			sinfo->txrate.legacy = arsta->txrate.legacy;
9233 		} else {
9234 			sinfo->txrate.mcs = arsta->txrate.mcs;
9235 			sinfo->txrate.nss = arsta->txrate.nss;
9236 			sinfo->txrate.bw = arsta->txrate.bw;
9237 		}
9238 		sinfo->txrate.flags = arsta->txrate.flags;
9239 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9240 	}
9241 
9242 	if (ar->htt.disable_tx_comp) {
9243 		sinfo->tx_failed = arsta->tx_failed;
9244 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
9245 	}
9246 
9247 	sinfo->tx_retries = arsta->tx_retries;
9248 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
9249 
9250 	ath10k_mac_sta_get_peer_stats_info(ar, sta, sinfo);
9251 }
9252 
9253 static int ath10k_mac_op_set_tid_config(struct ieee80211_hw *hw,
9254 					struct ieee80211_vif *vif,
9255 					struct ieee80211_sta *sta,
9256 					struct cfg80211_tid_config *tid_config)
9257 {
9258 	struct ath10k *ar = hw->priv;
9259 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9260 	struct ath10k_mac_iter_tid_conf_data data = {};
9261 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
9262 	int ret, i;
9263 
9264 	mutex_lock(&ar->conf_mutex);
9265 	arg.vdev_id = arvif->vdev_id;
9266 
9267 	arvif->tids_rst = 0;
9268 	memset(arvif->tid_conf_changed, 0, sizeof(arvif->tid_conf_changed));
9269 
9270 	for (i = 0; i < tid_config->n_tid_conf; i++) {
9271 		ret = ath10k_mac_parse_tid_config(ar, sta, vif,
9272 						  &tid_config->tid_conf[i],
9273 						  &arg);
9274 		if (ret)
9275 			goto exit;
9276 	}
9277 
9278 	ret = 0;
9279 
9280 	if (sta)
9281 		goto exit;
9282 
9283 	arvif->tids_rst = 0;
9284 	data.curr_vif = vif;
9285 	data.ar = ar;
9286 
9287 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9288 					  &data);
9289 
9290 exit:
9291 	mutex_unlock(&ar->conf_mutex);
9292 	return ret;
9293 }
9294 
9295 static int ath10k_mac_op_reset_tid_config(struct ieee80211_hw *hw,
9296 					  struct ieee80211_vif *vif,
9297 					  struct ieee80211_sta *sta,
9298 					  u8 tids)
9299 {
9300 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9301 	struct ath10k_mac_iter_tid_conf_data data = {};
9302 	struct ath10k *ar = hw->priv;
9303 	int ret = 0;
9304 
9305 	mutex_lock(&ar->conf_mutex);
9306 
9307 	if (sta) {
9308 		arvif->tids_rst = 0;
9309 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif, tids);
9310 		goto exit;
9311 	}
9312 
9313 	arvif->tids_rst = tids;
9314 	data.curr_vif = vif;
9315 	data.ar = ar;
9316 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9317 					  &data);
9318 
9319 exit:
9320 	mutex_unlock(&ar->conf_mutex);
9321 	return ret;
9322 }
9323 
9324 static const struct ieee80211_ops ath10k_ops = {
9325 	.tx				= ath10k_mac_op_tx,
9326 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
9327 	.start				= ath10k_start,
9328 	.stop				= ath10k_stop,
9329 	.config				= ath10k_config,
9330 	.add_interface			= ath10k_add_interface,
9331 	.remove_interface		= ath10k_remove_interface,
9332 	.configure_filter		= ath10k_configure_filter,
9333 	.bss_info_changed		= ath10k_bss_info_changed,
9334 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
9335 	.hw_scan			= ath10k_hw_scan,
9336 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
9337 	.set_key			= ath10k_set_key,
9338 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
9339 	.sta_state			= ath10k_sta_state,
9340 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
9341 	.conf_tx			= ath10k_conf_tx,
9342 	.remain_on_channel		= ath10k_remain_on_channel,
9343 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
9344 	.set_rts_threshold		= ath10k_set_rts_threshold,
9345 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
9346 	.flush				= ath10k_flush,
9347 	.tx_last_beacon			= ath10k_tx_last_beacon,
9348 	.set_antenna			= ath10k_set_antenna,
9349 	.get_antenna			= ath10k_get_antenna,
9350 	.reconfig_complete		= ath10k_reconfig_complete,
9351 	.get_survey			= ath10k_get_survey,
9352 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
9353 	.sta_rc_update			= ath10k_sta_rc_update,
9354 	.offset_tsf			= ath10k_offset_tsf,
9355 	.ampdu_action			= ath10k_ampdu_action,
9356 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
9357 	.get_et_stats			= ath10k_debug_get_et_stats,
9358 	.get_et_strings			= ath10k_debug_get_et_strings,
9359 	.add_chanctx			= ath10k_mac_op_add_chanctx,
9360 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
9361 	.change_chanctx			= ath10k_mac_op_change_chanctx,
9362 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
9363 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
9364 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
9365 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
9366 	.sta_statistics			= ath10k_sta_statistics,
9367 	.set_tid_config			= ath10k_mac_op_set_tid_config,
9368 	.reset_tid_config		= ath10k_mac_op_reset_tid_config,
9369 
9370 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
9371 
9372 #ifdef CONFIG_PM
9373 	.suspend			= ath10k_wow_op_suspend,
9374 	.resume				= ath10k_wow_op_resume,
9375 	.set_wakeup			= ath10k_wow_op_set_wakeup,
9376 #endif
9377 #ifdef CONFIG_MAC80211_DEBUGFS
9378 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
9379 #endif
9380 	.set_sar_specs			= ath10k_mac_set_sar_specs,
9381 };
9382 
9383 #define CHAN2G(_channel, _freq, _flags) { \
9384 	.band			= NL80211_BAND_2GHZ, \
9385 	.hw_value		= (_channel), \
9386 	.center_freq		= (_freq), \
9387 	.flags			= (_flags), \
9388 	.max_antenna_gain	= 0, \
9389 	.max_power		= 30, \
9390 }
9391 
9392 #define CHAN5G(_channel, _freq, _flags) { \
9393 	.band			= NL80211_BAND_5GHZ, \
9394 	.hw_value		= (_channel), \
9395 	.center_freq		= (_freq), \
9396 	.flags			= (_flags), \
9397 	.max_antenna_gain	= 0, \
9398 	.max_power		= 30, \
9399 }
9400 
9401 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
9402 	CHAN2G(1, 2412, 0),
9403 	CHAN2G(2, 2417, 0),
9404 	CHAN2G(3, 2422, 0),
9405 	CHAN2G(4, 2427, 0),
9406 	CHAN2G(5, 2432, 0),
9407 	CHAN2G(6, 2437, 0),
9408 	CHAN2G(7, 2442, 0),
9409 	CHAN2G(8, 2447, 0),
9410 	CHAN2G(9, 2452, 0),
9411 	CHAN2G(10, 2457, 0),
9412 	CHAN2G(11, 2462, 0),
9413 	CHAN2G(12, 2467, 0),
9414 	CHAN2G(13, 2472, 0),
9415 	CHAN2G(14, 2484, 0),
9416 };
9417 
9418 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
9419 	CHAN5G(36, 5180, 0),
9420 	CHAN5G(40, 5200, 0),
9421 	CHAN5G(44, 5220, 0),
9422 	CHAN5G(48, 5240, 0),
9423 	CHAN5G(52, 5260, 0),
9424 	CHAN5G(56, 5280, 0),
9425 	CHAN5G(60, 5300, 0),
9426 	CHAN5G(64, 5320, 0),
9427 	CHAN5G(100, 5500, 0),
9428 	CHAN5G(104, 5520, 0),
9429 	CHAN5G(108, 5540, 0),
9430 	CHAN5G(112, 5560, 0),
9431 	CHAN5G(116, 5580, 0),
9432 	CHAN5G(120, 5600, 0),
9433 	CHAN5G(124, 5620, 0),
9434 	CHAN5G(128, 5640, 0),
9435 	CHAN5G(132, 5660, 0),
9436 	CHAN5G(136, 5680, 0),
9437 	CHAN5G(140, 5700, 0),
9438 	CHAN5G(144, 5720, 0),
9439 	CHAN5G(149, 5745, 0),
9440 	CHAN5G(153, 5765, 0),
9441 	CHAN5G(157, 5785, 0),
9442 	CHAN5G(161, 5805, 0),
9443 	CHAN5G(165, 5825, 0),
9444 	CHAN5G(169, 5845, 0),
9445 	CHAN5G(173, 5865, 0),
9446 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
9447 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
9448 };
9449 
9450 struct ath10k *ath10k_mac_create(size_t priv_size)
9451 {
9452 	struct ieee80211_hw *hw;
9453 	struct ieee80211_ops *ops;
9454 	struct ath10k *ar;
9455 
9456 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
9457 	if (!ops)
9458 		return NULL;
9459 
9460 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
9461 	if (!hw) {
9462 		kfree(ops);
9463 		return NULL;
9464 	}
9465 
9466 	ar = hw->priv;
9467 	ar->hw = hw;
9468 	ar->ops = ops;
9469 
9470 	return ar;
9471 }
9472 
9473 void ath10k_mac_destroy(struct ath10k *ar)
9474 {
9475 	struct ieee80211_ops *ops = ar->ops;
9476 
9477 	ieee80211_free_hw(ar->hw);
9478 	kfree(ops);
9479 }
9480 
9481 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
9482 	{
9483 		.max	= 8,
9484 		.types	= BIT(NL80211_IFTYPE_STATION)
9485 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
9486 	},
9487 	{
9488 		.max	= 3,
9489 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
9490 	},
9491 	{
9492 		.max	= 1,
9493 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
9494 	},
9495 	{
9496 		.max	= 7,
9497 		.types	= BIT(NL80211_IFTYPE_AP)
9498 #ifdef CONFIG_MAC80211_MESH
9499 			| BIT(NL80211_IFTYPE_MESH_POINT)
9500 #endif
9501 	},
9502 };
9503 
9504 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
9505 	{
9506 		.max	= 8,
9507 		.types	= BIT(NL80211_IFTYPE_AP)
9508 #ifdef CONFIG_MAC80211_MESH
9509 			| BIT(NL80211_IFTYPE_MESH_POINT)
9510 #endif
9511 	},
9512 	{
9513 		.max	= 1,
9514 		.types	= BIT(NL80211_IFTYPE_STATION)
9515 	},
9516 };
9517 
9518 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
9519 	{
9520 		.limits = ath10k_if_limits,
9521 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
9522 		.max_interfaces = 8,
9523 		.num_different_channels = 1,
9524 		.beacon_int_infra_match = true,
9525 	},
9526 };
9527 
9528 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
9529 	{
9530 		.limits = ath10k_10x_if_limits,
9531 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
9532 		.max_interfaces = 8,
9533 		.num_different_channels = 1,
9534 		.beacon_int_infra_match = true,
9535 		.beacon_int_min_gcd = 1,
9536 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9537 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9538 					BIT(NL80211_CHAN_WIDTH_20) |
9539 					BIT(NL80211_CHAN_WIDTH_40) |
9540 					BIT(NL80211_CHAN_WIDTH_80),
9541 #endif
9542 	},
9543 };
9544 
9545 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
9546 	{
9547 		.max = 2,
9548 		.types = BIT(NL80211_IFTYPE_STATION),
9549 	},
9550 	{
9551 		.max = 2,
9552 		.types = BIT(NL80211_IFTYPE_AP) |
9553 #ifdef CONFIG_MAC80211_MESH
9554 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9555 #endif
9556 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
9557 			 BIT(NL80211_IFTYPE_P2P_GO),
9558 	},
9559 	{
9560 		.max = 1,
9561 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9562 	},
9563 };
9564 
9565 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
9566 	{
9567 		.max = 2,
9568 		.types = BIT(NL80211_IFTYPE_STATION),
9569 	},
9570 	{
9571 		.max = 2,
9572 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
9573 	},
9574 	{
9575 		.max = 1,
9576 		.types = BIT(NL80211_IFTYPE_AP) |
9577 #ifdef CONFIG_MAC80211_MESH
9578 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9579 #endif
9580 			 BIT(NL80211_IFTYPE_P2P_GO),
9581 	},
9582 	{
9583 		.max = 1,
9584 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9585 	},
9586 };
9587 
9588 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
9589 	{
9590 		.max = 1,
9591 		.types = BIT(NL80211_IFTYPE_STATION),
9592 	},
9593 	{
9594 		.max = 1,
9595 		.types = BIT(NL80211_IFTYPE_ADHOC),
9596 	},
9597 };
9598 
9599 /* FIXME: This is not thouroughly tested. These combinations may over- or
9600  * underestimate hw/fw capabilities.
9601  */
9602 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
9603 	{
9604 		.limits = ath10k_tlv_if_limit,
9605 		.num_different_channels = 1,
9606 		.max_interfaces = 4,
9607 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9608 	},
9609 	{
9610 		.limits = ath10k_tlv_if_limit_ibss,
9611 		.num_different_channels = 1,
9612 		.max_interfaces = 2,
9613 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9614 	},
9615 };
9616 
9617 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
9618 	{
9619 		.limits = ath10k_tlv_if_limit,
9620 		.num_different_channels = 1,
9621 		.max_interfaces = 4,
9622 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9623 	},
9624 	{
9625 		.limits = ath10k_tlv_qcs_if_limit,
9626 		.num_different_channels = 2,
9627 		.max_interfaces = 4,
9628 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
9629 	},
9630 	{
9631 		.limits = ath10k_tlv_if_limit_ibss,
9632 		.num_different_channels = 1,
9633 		.max_interfaces = 2,
9634 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9635 	},
9636 };
9637 
9638 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
9639 	{
9640 		.max = 1,
9641 		.types = BIT(NL80211_IFTYPE_STATION),
9642 	},
9643 	{
9644 		.max	= 16,
9645 		.types	= BIT(NL80211_IFTYPE_AP)
9646 #ifdef CONFIG_MAC80211_MESH
9647 			| BIT(NL80211_IFTYPE_MESH_POINT)
9648 #endif
9649 	},
9650 };
9651 
9652 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
9653 	{
9654 		.limits = ath10k_10_4_if_limits,
9655 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9656 		.max_interfaces = 16,
9657 		.num_different_channels = 1,
9658 		.beacon_int_infra_match = true,
9659 		.beacon_int_min_gcd = 1,
9660 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9661 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9662 					BIT(NL80211_CHAN_WIDTH_20) |
9663 					BIT(NL80211_CHAN_WIDTH_40) |
9664 					BIT(NL80211_CHAN_WIDTH_80) |
9665 					BIT(NL80211_CHAN_WIDTH_80P80) |
9666 					BIT(NL80211_CHAN_WIDTH_160),
9667 #endif
9668 	},
9669 };
9670 
9671 static const struct
9672 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
9673 	{
9674 		.limits = ath10k_10_4_if_limits,
9675 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9676 		.max_interfaces = 16,
9677 		.num_different_channels = 1,
9678 		.beacon_int_infra_match = true,
9679 		.beacon_int_min_gcd = 100,
9680 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9681 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9682 					BIT(NL80211_CHAN_WIDTH_20) |
9683 					BIT(NL80211_CHAN_WIDTH_40) |
9684 					BIT(NL80211_CHAN_WIDTH_80) |
9685 					BIT(NL80211_CHAN_WIDTH_80P80) |
9686 					BIT(NL80211_CHAN_WIDTH_160),
9687 #endif
9688 	},
9689 };
9690 
9691 static void ath10k_get_arvif_iter(void *data, u8 *mac,
9692 				  struct ieee80211_vif *vif)
9693 {
9694 	struct ath10k_vif_iter *arvif_iter = data;
9695 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9696 
9697 	if (arvif->vdev_id == arvif_iter->vdev_id)
9698 		arvif_iter->arvif = arvif;
9699 }
9700 
9701 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
9702 {
9703 	struct ath10k_vif_iter arvif_iter;
9704 
9705 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
9706 	arvif_iter.vdev_id = vdev_id;
9707 
9708 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
9709 						   ATH10K_ITER_RESUME_FLAGS,
9710 						   ath10k_get_arvif_iter,
9711 						   &arvif_iter);
9712 	if (!arvif_iter.arvif) {
9713 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
9714 		return NULL;
9715 	}
9716 
9717 	return arvif_iter.arvif;
9718 }
9719 
9720 #define WRD_METHOD "WRDD"
9721 #define WRDD_WIFI  (0x07)
9722 
9723 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
9724 {
9725 	union acpi_object *mcc_pkg;
9726 	union acpi_object *domain_type;
9727 	union acpi_object *mcc_value;
9728 	u32 i;
9729 
9730 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
9731 	    wrdd->package.count < 2 ||
9732 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
9733 	    wrdd->package.elements[0].integer.value != 0) {
9734 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
9735 		return 0;
9736 	}
9737 
9738 	for (i = 1; i < wrdd->package.count; ++i) {
9739 		mcc_pkg = &wrdd->package.elements[i];
9740 
9741 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
9742 			continue;
9743 		if (mcc_pkg->package.count < 2)
9744 			continue;
9745 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
9746 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
9747 			continue;
9748 
9749 		domain_type = &mcc_pkg->package.elements[0];
9750 		if (domain_type->integer.value != WRDD_WIFI)
9751 			continue;
9752 
9753 		mcc_value = &mcc_pkg->package.elements[1];
9754 		return mcc_value->integer.value;
9755 	}
9756 	return 0;
9757 }
9758 
9759 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
9760 {
9761 	acpi_handle root_handle;
9762 	acpi_handle handle;
9763 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
9764 	acpi_status status;
9765 	u32 alpha2_code;
9766 	char alpha2[3];
9767 
9768 	root_handle = ACPI_HANDLE(ar->dev);
9769 	if (!root_handle)
9770 		return -EOPNOTSUPP;
9771 
9772 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
9773 	if (ACPI_FAILURE(status)) {
9774 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9775 			   "failed to get wrd method %d\n", status);
9776 		return -EIO;
9777 	}
9778 
9779 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
9780 	if (ACPI_FAILURE(status)) {
9781 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9782 			   "failed to call wrdc %d\n", status);
9783 		return -EIO;
9784 	}
9785 
9786 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
9787 	kfree(wrdd.pointer);
9788 	if (!alpha2_code)
9789 		return -EIO;
9790 
9791 	alpha2[0] = (alpha2_code >> 8) & 0xff;
9792 	alpha2[1] = (alpha2_code >> 0) & 0xff;
9793 	alpha2[2] = '\0';
9794 
9795 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
9796 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
9797 
9798 	*rd = ath_regd_find_country_by_name(alpha2);
9799 	if (*rd == 0xffff)
9800 		return -EIO;
9801 
9802 	*rd |= COUNTRY_ERD_FLAG;
9803 	return 0;
9804 }
9805 
9806 static int ath10k_mac_init_rd(struct ath10k *ar)
9807 {
9808 	int ret;
9809 	u16 rd;
9810 
9811 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
9812 	if (ret) {
9813 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9814 			   "fallback to eeprom programmed regulatory settings\n");
9815 		rd = ar->hw_eeprom_rd;
9816 	}
9817 
9818 	ar->ath_common.regulatory.current_rd = rd;
9819 	return 0;
9820 }
9821 
9822 int ath10k_mac_register(struct ath10k *ar)
9823 {
9824 	static const u32 cipher_suites[] = {
9825 		WLAN_CIPHER_SUITE_WEP40,
9826 		WLAN_CIPHER_SUITE_WEP104,
9827 		WLAN_CIPHER_SUITE_TKIP,
9828 		WLAN_CIPHER_SUITE_CCMP,
9829 
9830 		/* Do not add hardware supported ciphers before this line.
9831 		 * Allow software encryption for all chips. Don't forget to
9832 		 * update n_cipher_suites below.
9833 		 */
9834 		WLAN_CIPHER_SUITE_AES_CMAC,
9835 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
9836 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
9837 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
9838 
9839 		/* Only QCA99x0 and QCA4019 varients support GCMP-128, GCMP-256
9840 		 * and CCMP-256 in hardware.
9841 		 */
9842 		WLAN_CIPHER_SUITE_GCMP,
9843 		WLAN_CIPHER_SUITE_GCMP_256,
9844 		WLAN_CIPHER_SUITE_CCMP_256,
9845 	};
9846 	struct ieee80211_supported_band *band;
9847 	void *channels;
9848 	int ret;
9849 
9850 	if (!is_valid_ether_addr(ar->mac_addr)) {
9851 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
9852 		eth_random_addr(ar->mac_addr);
9853 	}
9854 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
9855 
9856 	SET_IEEE80211_DEV(ar->hw, ar->dev);
9857 
9858 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
9859 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
9860 		     ATH10K_NUM_CHANS);
9861 
9862 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
9863 		channels = kmemdup(ath10k_2ghz_channels,
9864 				   sizeof(ath10k_2ghz_channels),
9865 				   GFP_KERNEL);
9866 		if (!channels) {
9867 			ret = -ENOMEM;
9868 			goto err_free;
9869 		}
9870 
9871 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
9872 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
9873 		band->channels = channels;
9874 
9875 		if (ar->hw_params.cck_rate_map_rev2) {
9876 			band->n_bitrates = ath10k_g_rates_rev2_size;
9877 			band->bitrates = ath10k_g_rates_rev2;
9878 		} else {
9879 			band->n_bitrates = ath10k_g_rates_size;
9880 			band->bitrates = ath10k_g_rates;
9881 		}
9882 
9883 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
9884 	}
9885 
9886 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
9887 		channels = kmemdup(ath10k_5ghz_channels,
9888 				   sizeof(ath10k_5ghz_channels),
9889 				   GFP_KERNEL);
9890 		if (!channels) {
9891 			ret = -ENOMEM;
9892 			goto err_free;
9893 		}
9894 
9895 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
9896 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
9897 		band->channels = channels;
9898 		band->n_bitrates = ath10k_a_rates_size;
9899 		band->bitrates = ath10k_a_rates;
9900 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
9901 	}
9902 
9903 	wiphy_read_of_freq_limits(ar->hw->wiphy);
9904 	ath10k_mac_setup_ht_vht_cap(ar);
9905 
9906 	ar->hw->wiphy->interface_modes =
9907 		BIT(NL80211_IFTYPE_STATION) |
9908 		BIT(NL80211_IFTYPE_AP) |
9909 		BIT(NL80211_IFTYPE_MESH_POINT);
9910 
9911 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
9912 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
9913 
9914 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
9915 		ar->hw->wiphy->interface_modes |=
9916 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
9917 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
9918 			BIT(NL80211_IFTYPE_P2P_GO);
9919 
9920 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
9921 
9922 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
9923 		      ar->running_fw->fw_file.fw_features)) {
9924 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
9925 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
9926 	}
9927 
9928 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
9929 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
9930 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
9931 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
9932 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
9933 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
9934 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
9935 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
9936 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
9937 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
9938 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
9939 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
9940 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
9941 
9942 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
9943 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
9944 
9945 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
9946 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
9947 
9948 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
9949 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
9950 
9951 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
9952 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
9953 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
9954 	}
9955 
9956 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
9957 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
9958 
9959 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
9960 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
9961 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
9962 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
9963 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
9964 		ar->hw->wiphy->max_sched_scan_plan_interval =
9965 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
9966 		ar->hw->wiphy->max_sched_scan_plan_iterations =
9967 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
9968 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
9969 	}
9970 
9971 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
9972 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
9973 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
9974 
9975 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
9976 
9977 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
9978 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
9979 
9980 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
9981 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
9982 		 * correct Probe Responses. This is more of a hack advert..
9983 		 */
9984 		ar->hw->wiphy->probe_resp_offload |=
9985 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
9986 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
9987 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
9988 	}
9989 
9990 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
9991 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
9992 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
9993 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
9994 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
9995 	}
9996 
9997 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
9998 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
9999 
10000 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
10001 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
10002 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
10003 
10004 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
10005 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
10006 				   NL80211_FEATURE_AP_SCAN;
10007 
10008 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
10009 
10010 	ret = ath10k_wow_init(ar);
10011 	if (ret) {
10012 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
10013 		goto err_free;
10014 	}
10015 
10016 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
10017 	wiphy_ext_feature_set(ar->hw->wiphy,
10018 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
10019 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
10020 
10021 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
10022 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
10023 		wiphy_ext_feature_set(ar->hw->wiphy,
10024 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
10025 
10026 	if (ath10k_peer_stats_enabled(ar) ||
10027 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
10028 		wiphy_ext_feature_set(ar->hw->wiphy,
10029 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
10030 
10031 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
10032 		wiphy_ext_feature_set(ar->hw->wiphy,
10033 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
10034 
10035 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
10036 		wiphy_ext_feature_set(ar->hw->wiphy,
10037 				      NL80211_EXT_FEATURE_STA_TX_PWR);
10038 
10039 	if (test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map)) {
10040 		ar->hw->wiphy->tid_config_support.vif |=
10041 				BIT(NL80211_TID_CONFIG_ATTR_NOACK) |
10042 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT) |
10043 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG) |
10044 				BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL) |
10045 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
10046 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
10047 
10048 		if (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
10049 			     ar->wmi.svc_map)) {
10050 			ar->hw->wiphy->tid_config_support.vif |=
10051 				BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
10052 		}
10053 
10054 		ar->hw->wiphy->tid_config_support.peer =
10055 				ar->hw->wiphy->tid_config_support.vif;
10056 		ar->hw->wiphy->max_data_retry_count = ATH10K_MAX_RETRY_COUNT;
10057 	} else {
10058 		ar->ops->set_tid_config = NULL;
10059 	}
10060 	/*
10061 	 * on LL hardware queues are managed entirely by the FW
10062 	 * so we only advertise to mac we can do the queues thing
10063 	 */
10064 	ar->hw->queues = IEEE80211_MAX_QUEUES;
10065 
10066 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
10067 	 * something that vdev_ids can't reach so that we don't stop the queue
10068 	 * accidentally.
10069 	 */
10070 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
10071 
10072 	switch (ar->running_fw->fw_file.wmi_op_version) {
10073 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
10074 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
10075 		ar->hw->wiphy->n_iface_combinations =
10076 			ARRAY_SIZE(ath10k_if_comb);
10077 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10078 		break;
10079 	case ATH10K_FW_WMI_OP_VERSION_TLV:
10080 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
10081 			ar->hw->wiphy->iface_combinations =
10082 				ath10k_tlv_qcs_if_comb;
10083 			ar->hw->wiphy->n_iface_combinations =
10084 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
10085 		} else {
10086 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
10087 			ar->hw->wiphy->n_iface_combinations =
10088 				ARRAY_SIZE(ath10k_tlv_if_comb);
10089 		}
10090 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10091 		break;
10092 	case ATH10K_FW_WMI_OP_VERSION_10_1:
10093 	case ATH10K_FW_WMI_OP_VERSION_10_2:
10094 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
10095 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
10096 		ar->hw->wiphy->n_iface_combinations =
10097 			ARRAY_SIZE(ath10k_10x_if_comb);
10098 		break;
10099 	case ATH10K_FW_WMI_OP_VERSION_10_4:
10100 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
10101 		ar->hw->wiphy->n_iface_combinations =
10102 			ARRAY_SIZE(ath10k_10_4_if_comb);
10103 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
10104 			     ar->wmi.svc_map)) {
10105 			ar->hw->wiphy->iface_combinations =
10106 				ath10k_10_4_bcn_int_if_comb;
10107 			ar->hw->wiphy->n_iface_combinations =
10108 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
10109 		}
10110 		break;
10111 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
10112 	case ATH10K_FW_WMI_OP_VERSION_MAX:
10113 		WARN_ON(1);
10114 		ret = -EINVAL;
10115 		goto err_free;
10116 	}
10117 
10118 	if (ar->hw_params.dynamic_sar_support)
10119 		ar->hw->wiphy->sar_capa = &ath10k_sar_capa;
10120 
10121 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10122 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
10123 
10124 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
10125 		/* Init ath dfs pattern detector */
10126 		ar->ath_common.debug_mask = ATH_DBG_DFS;
10127 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
10128 							     NL80211_DFS_UNSET);
10129 
10130 		if (!ar->dfs_detector)
10131 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
10132 	}
10133 
10134 	ret = ath10k_mac_init_rd(ar);
10135 	if (ret) {
10136 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
10137 		goto err_dfs_detector_exit;
10138 	}
10139 
10140 	/* Disable set_coverage_class for chipsets that do not support it. */
10141 	if (!ar->hw_params.hw_ops->set_coverage_class)
10142 		ar->ops->set_coverage_class = NULL;
10143 
10144 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
10145 			    ath10k_reg_notifier);
10146 	if (ret) {
10147 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
10148 		goto err_dfs_detector_exit;
10149 	}
10150 
10151 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
10152 		ar->hw->wiphy->features |=
10153 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
10154 	}
10155 
10156 	ar->hw->wiphy->cipher_suites = cipher_suites;
10157 
10158 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
10159 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
10160 	 * from chip specific hw_param table.
10161 	 */
10162 	if (!ar->hw_params.n_cipher_suites ||
10163 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
10164 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
10165 			   ar->hw_params.n_cipher_suites);
10166 		ar->hw_params.n_cipher_suites = 8;
10167 	}
10168 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
10169 
10170 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
10171 
10172 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
10173 
10174 	ret = ieee80211_register_hw(ar->hw);
10175 	if (ret) {
10176 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
10177 		goto err_dfs_detector_exit;
10178 	}
10179 
10180 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
10181 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
10182 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
10183 	}
10184 
10185 	if (!ath_is_world_regd(&ar->ath_common.regulatory)) {
10186 		ret = regulatory_hint(ar->hw->wiphy,
10187 				      ar->ath_common.regulatory.alpha2);
10188 		if (ret)
10189 			goto err_unregister;
10190 	}
10191 
10192 	return 0;
10193 
10194 err_unregister:
10195 	ieee80211_unregister_hw(ar->hw);
10196 
10197 err_dfs_detector_exit:
10198 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10199 		ar->dfs_detector->exit(ar->dfs_detector);
10200 
10201 err_free:
10202 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10203 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10204 
10205 	SET_IEEE80211_DEV(ar->hw, NULL);
10206 	return ret;
10207 }
10208 
10209 void ath10k_mac_unregister(struct ath10k *ar)
10210 {
10211 	ieee80211_unregister_hw(ar->hw);
10212 
10213 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10214 		ar->dfs_detector->exit(ar->dfs_detector);
10215 
10216 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10217 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10218 
10219 	SET_IEEE80211_DEV(ar->hw, NULL);
10220 }
10221