xref: /linux/drivers/net/wireless/ath/ath10k/mac.c (revision e53b20598f394e37951d6355f1c88ae01165b53f)
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  */
7 
8 #include "mac.h"
9 
10 #include <net/cfg80211.h>
11 #include <net/mac80211.h>
12 #include <linux/etherdevice.h>
13 #include <linux/acpi.h>
14 #include <linux/of.h>
15 #include <linux/bitfield.h>
16 
17 #include "hif.h"
18 #include "core.h"
19 #include "debug.h"
20 #include "wmi.h"
21 #include "htt.h"
22 #include "txrx.h"
23 #include "testmode.h"
24 #include "wmi-tlv.h"
25 #include "wmi-ops.h"
26 #include "wow.h"
27 
28 /*********/
29 /* Rates */
30 /*********/
31 
32 static struct ieee80211_rate ath10k_rates[] = {
33 	{ .bitrate = 10,
34 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
35 	{ .bitrate = 20,
36 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
37 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
38 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
39 	{ .bitrate = 55,
40 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
41 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
42 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
43 	{ .bitrate = 110,
44 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
45 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
46 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
47 
48 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
49 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
50 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
51 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
52 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
53 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
54 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
55 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
56 };
57 
58 static struct ieee80211_rate ath10k_rates_rev2[] = {
59 	{ .bitrate = 10,
60 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
61 	{ .bitrate = 20,
62 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
63 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
64 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
65 	{ .bitrate = 55,
66 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
67 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
68 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
69 	{ .bitrate = 110,
70 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
71 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
72 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
73 
74 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
75 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
76 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
77 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
78 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
79 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
80 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
81 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
82 };
83 
84 static const struct cfg80211_sar_freq_ranges ath10k_sar_freq_ranges[] = {
85 	{.start_freq = 2402, .end_freq = 2494 },
86 	{.start_freq = 5170, .end_freq = 5875 },
87 };
88 
89 static const struct cfg80211_sar_capa ath10k_sar_capa = {
90 	.type = NL80211_SAR_TYPE_POWER,
91 	.num_freq_ranges = (ARRAY_SIZE(ath10k_sar_freq_ranges)),
92 	.freq_ranges = &ath10k_sar_freq_ranges[0],
93 };
94 
95 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
96 
97 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
98 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
99 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
100 #define ath10k_g_rates (ath10k_rates + 0)
101 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
102 
103 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
104 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
105 
106 #define ath10k_wmi_legacy_rates ath10k_rates
107 
108 static bool ath10k_mac_bitrate_is_cck(int bitrate)
109 {
110 	switch (bitrate) {
111 	case 10:
112 	case 20:
113 	case 55:
114 	case 110:
115 		return true;
116 	}
117 
118 	return false;
119 }
120 
121 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
122 {
123 	return DIV_ROUND_UP(bitrate, 5) |
124 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
125 }
126 
127 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
128 			     u8 hw_rate, bool cck)
129 {
130 	const struct ieee80211_rate *rate;
131 	int i;
132 
133 	for (i = 0; i < sband->n_bitrates; i++) {
134 		rate = &sband->bitrates[i];
135 
136 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
137 			continue;
138 
139 		if (rate->hw_value == hw_rate)
140 			return i;
141 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
142 			 rate->hw_value_short == hw_rate)
143 			return i;
144 	}
145 
146 	return 0;
147 }
148 
149 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
150 			     u32 bitrate)
151 {
152 	int i;
153 
154 	for (i = 0; i < sband->n_bitrates; i++)
155 		if (sband->bitrates[i].bitrate == bitrate)
156 			return i;
157 
158 	return 0;
159 }
160 
161 static int ath10k_mac_get_rate_hw_value(int bitrate)
162 {
163 	int i;
164 	u8 hw_value_prefix = 0;
165 
166 	if (ath10k_mac_bitrate_is_cck(bitrate))
167 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
168 
169 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
170 		if (ath10k_rates[i].bitrate == bitrate)
171 			return hw_value_prefix | ath10k_rates[i].hw_value;
172 	}
173 
174 	return -EINVAL;
175 }
176 
177 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
178 {
179 	switch ((mcs_map >> (2 * nss)) & 0x3) {
180 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
181 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
182 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
183 	}
184 	return 0;
185 }
186 
187 static u32
188 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
189 {
190 	int nss;
191 
192 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
193 		if (ht_mcs_mask[nss])
194 			return nss + 1;
195 
196 	return 1;
197 }
198 
199 static u32
200 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
201 {
202 	int nss;
203 
204 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
205 		if (vht_mcs_mask[nss])
206 			return nss + 1;
207 
208 	return 1;
209 }
210 
211 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
212 {
213 	enum wmi_host_platform_type platform_type;
214 	int ret;
215 
216 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
217 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
218 	else
219 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
220 
221 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
222 
223 	if (ret && ret != -EOPNOTSUPP) {
224 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
225 		return ret;
226 	}
227 
228 	return 0;
229 }
230 
231 /**********/
232 /* Crypto */
233 /**********/
234 
235 static int ath10k_send_key(struct ath10k_vif *arvif,
236 			   struct ieee80211_key_conf *key,
237 			   enum set_key_cmd cmd,
238 			   const u8 *macaddr, u32 flags)
239 {
240 	struct ath10k *ar = arvif->ar;
241 	struct wmi_vdev_install_key_arg arg = {
242 		.vdev_id = arvif->vdev_id,
243 		.key_idx = key->keyidx,
244 		.key_len = key->keylen,
245 		.key_data = key->key,
246 		.key_flags = flags,
247 		.macaddr = macaddr,
248 	};
249 
250 	lockdep_assert_held(&arvif->ar->conf_mutex);
251 
252 	switch (key->cipher) {
253 	case WLAN_CIPHER_SUITE_CCMP:
254 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
255 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
256 		break;
257 	case WLAN_CIPHER_SUITE_TKIP:
258 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
259 		arg.key_txmic_len = 8;
260 		arg.key_rxmic_len = 8;
261 		break;
262 	case WLAN_CIPHER_SUITE_WEP40:
263 	case WLAN_CIPHER_SUITE_WEP104:
264 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
265 		break;
266 	case WLAN_CIPHER_SUITE_CCMP_256:
267 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
268 		break;
269 	case WLAN_CIPHER_SUITE_GCMP:
270 	case WLAN_CIPHER_SUITE_GCMP_256:
271 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
272 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
273 		break;
274 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
275 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
276 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
277 	case WLAN_CIPHER_SUITE_AES_CMAC:
278 		WARN_ON(1);
279 		return -EINVAL;
280 	default:
281 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
282 		return -EOPNOTSUPP;
283 	}
284 
285 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
286 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
287 
288 	if (cmd == DISABLE_KEY) {
289 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
290 		arg.key_data = NULL;
291 	}
292 
293 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
294 }
295 
296 static int ath10k_install_key(struct ath10k_vif *arvif,
297 			      struct ieee80211_key_conf *key,
298 			      enum set_key_cmd cmd,
299 			      const u8 *macaddr, u32 flags)
300 {
301 	struct ath10k *ar = arvif->ar;
302 	int ret;
303 	unsigned long time_left;
304 
305 	lockdep_assert_held(&ar->conf_mutex);
306 
307 	reinit_completion(&ar->install_key_done);
308 
309 	if (arvif->nohwcrypt)
310 		return 1;
311 
312 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
313 	if (ret)
314 		return ret;
315 
316 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
317 	if (time_left == 0)
318 		return -ETIMEDOUT;
319 
320 	return 0;
321 }
322 
323 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
324 					const u8 *addr)
325 {
326 	struct ath10k *ar = arvif->ar;
327 	struct ath10k_peer *peer;
328 	int ret;
329 	int i;
330 	u32 flags;
331 
332 	lockdep_assert_held(&ar->conf_mutex);
333 
334 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
335 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
336 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
337 		return -EINVAL;
338 
339 	spin_lock_bh(&ar->data_lock);
340 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
341 	spin_unlock_bh(&ar->data_lock);
342 
343 	if (!peer)
344 		return -ENOENT;
345 
346 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
347 		if (arvif->wep_keys[i] == NULL)
348 			continue;
349 
350 		switch (arvif->vif->type) {
351 		case NL80211_IFTYPE_AP:
352 			flags = WMI_KEY_PAIRWISE;
353 
354 			if (arvif->def_wep_key_idx == i)
355 				flags |= WMI_KEY_TX_USAGE;
356 
357 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
358 						 SET_KEY, addr, flags);
359 			if (ret < 0)
360 				return ret;
361 			break;
362 		case NL80211_IFTYPE_ADHOC:
363 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
364 						 SET_KEY, addr,
365 						 WMI_KEY_PAIRWISE);
366 			if (ret < 0)
367 				return ret;
368 
369 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
370 						 SET_KEY, addr, WMI_KEY_GROUP);
371 			if (ret < 0)
372 				return ret;
373 			break;
374 		default:
375 			WARN_ON(1);
376 			return -EINVAL;
377 		}
378 
379 		spin_lock_bh(&ar->data_lock);
380 		peer->keys[i] = arvif->wep_keys[i];
381 		spin_unlock_bh(&ar->data_lock);
382 	}
383 
384 	/* In some cases (notably with static WEP IBSS with multiple keys)
385 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
386 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
387 	 * didn't seem help. Using def_keyid vdev parameter seems to be
388 	 * effective so use that.
389 	 *
390 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
391 	 */
392 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
393 		return 0;
394 
395 	if (arvif->def_wep_key_idx == -1)
396 		return 0;
397 
398 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
399 					arvif->vdev_id,
400 					arvif->ar->wmi.vdev_param->def_keyid,
401 					arvif->def_wep_key_idx);
402 	if (ret) {
403 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
404 			    arvif->vdev_id, ret);
405 		return ret;
406 	}
407 
408 	return 0;
409 }
410 
411 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
412 				  const u8 *addr)
413 {
414 	struct ath10k *ar = arvif->ar;
415 	struct ath10k_peer *peer;
416 	int first_errno = 0;
417 	int ret;
418 	int i;
419 	u32 flags = 0;
420 
421 	lockdep_assert_held(&ar->conf_mutex);
422 
423 	spin_lock_bh(&ar->data_lock);
424 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
425 	spin_unlock_bh(&ar->data_lock);
426 
427 	if (!peer)
428 		return -ENOENT;
429 
430 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
431 		if (peer->keys[i] == NULL)
432 			continue;
433 
434 		/* key flags are not required to delete the key */
435 		ret = ath10k_install_key(arvif, peer->keys[i],
436 					 DISABLE_KEY, addr, flags);
437 		if (ret < 0 && first_errno == 0)
438 			first_errno = ret;
439 
440 		if (ret < 0)
441 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
442 				    i, ret);
443 
444 		spin_lock_bh(&ar->data_lock);
445 		peer->keys[i] = NULL;
446 		spin_unlock_bh(&ar->data_lock);
447 	}
448 
449 	return first_errno;
450 }
451 
452 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
453 				    u8 keyidx)
454 {
455 	struct ath10k_peer *peer;
456 	int i;
457 
458 	lockdep_assert_held(&ar->data_lock);
459 
460 	/* We don't know which vdev this peer belongs to,
461 	 * since WMI doesn't give us that information.
462 	 *
463 	 * FIXME: multi-bss needs to be handled.
464 	 */
465 	peer = ath10k_peer_find(ar, 0, addr);
466 	if (!peer)
467 		return false;
468 
469 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
470 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
471 			return true;
472 	}
473 
474 	return false;
475 }
476 
477 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
478 				 struct ieee80211_key_conf *key)
479 {
480 	struct ath10k *ar = arvif->ar;
481 	struct ath10k_peer *peer;
482 	u8 addr[ETH_ALEN];
483 	int first_errno = 0;
484 	int ret;
485 	int i;
486 	u32 flags = 0;
487 
488 	lockdep_assert_held(&ar->conf_mutex);
489 
490 	for (;;) {
491 		/* since ath10k_install_key we can't hold data_lock all the
492 		 * time, so we try to remove the keys incrementally
493 		 */
494 		spin_lock_bh(&ar->data_lock);
495 		i = 0;
496 		list_for_each_entry(peer, &ar->peers, list) {
497 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
498 				if (peer->keys[i] == key) {
499 					ether_addr_copy(addr, peer->addr);
500 					peer->keys[i] = NULL;
501 					break;
502 				}
503 			}
504 
505 			if (i < ARRAY_SIZE(peer->keys))
506 				break;
507 		}
508 		spin_unlock_bh(&ar->data_lock);
509 
510 		if (i == ARRAY_SIZE(peer->keys))
511 			break;
512 		/* key flags are not required to delete the key */
513 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
514 		if (ret < 0 && first_errno == 0)
515 			first_errno = ret;
516 
517 		if (ret)
518 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
519 				    addr, ret);
520 	}
521 
522 	return first_errno;
523 }
524 
525 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
526 					 struct ieee80211_key_conf *key)
527 {
528 	struct ath10k *ar = arvif->ar;
529 	struct ath10k_peer *peer;
530 	int ret;
531 
532 	lockdep_assert_held(&ar->conf_mutex);
533 
534 	list_for_each_entry(peer, &ar->peers, list) {
535 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
536 			continue;
537 
538 		if (ether_addr_equal(peer->addr, arvif->bssid))
539 			continue;
540 
541 		if (peer->keys[key->keyidx] == key)
542 			continue;
543 
544 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
545 			   arvif->vdev_id, key->keyidx);
546 
547 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
548 		if (ret) {
549 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
550 				    arvif->vdev_id, peer->addr, ret);
551 			return ret;
552 		}
553 	}
554 
555 	return 0;
556 }
557 
558 /*********************/
559 /* General utilities */
560 /*********************/
561 
562 static inline enum wmi_phy_mode
563 chan_to_phymode(const struct cfg80211_chan_def *chandef)
564 {
565 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
566 
567 	switch (chandef->chan->band) {
568 	case NL80211_BAND_2GHZ:
569 		switch (chandef->width) {
570 		case NL80211_CHAN_WIDTH_20_NOHT:
571 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
572 				phymode = MODE_11B;
573 			else
574 				phymode = MODE_11G;
575 			break;
576 		case NL80211_CHAN_WIDTH_20:
577 			phymode = MODE_11NG_HT20;
578 			break;
579 		case NL80211_CHAN_WIDTH_40:
580 			phymode = MODE_11NG_HT40;
581 			break;
582 		default:
583 			phymode = MODE_UNKNOWN;
584 			break;
585 		}
586 		break;
587 	case NL80211_BAND_5GHZ:
588 		switch (chandef->width) {
589 		case NL80211_CHAN_WIDTH_20_NOHT:
590 			phymode = MODE_11A;
591 			break;
592 		case NL80211_CHAN_WIDTH_20:
593 			phymode = MODE_11NA_HT20;
594 			break;
595 		case NL80211_CHAN_WIDTH_40:
596 			phymode = MODE_11NA_HT40;
597 			break;
598 		case NL80211_CHAN_WIDTH_80:
599 			phymode = MODE_11AC_VHT80;
600 			break;
601 		case NL80211_CHAN_WIDTH_160:
602 			phymode = MODE_11AC_VHT160;
603 			break;
604 		case NL80211_CHAN_WIDTH_80P80:
605 			phymode = MODE_11AC_VHT80_80;
606 			break;
607 		default:
608 			phymode = MODE_UNKNOWN;
609 			break;
610 		}
611 		break;
612 	default:
613 		break;
614 	}
615 
616 	WARN_ON(phymode == MODE_UNKNOWN);
617 	return phymode;
618 }
619 
620 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
621 {
622 /*
623  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
624  *   0 for no restriction
625  *   1 for 1/4 us
626  *   2 for 1/2 us
627  *   3 for 1 us
628  *   4 for 2 us
629  *   5 for 4 us
630  *   6 for 8 us
631  *   7 for 16 us
632  */
633 	switch (mpdudensity) {
634 	case 0:
635 		return 0;
636 	case 1:
637 	case 2:
638 	case 3:
639 	/* Our lower layer calculations limit our precision to
640 	 * 1 microsecond
641 	 */
642 		return 1;
643 	case 4:
644 		return 2;
645 	case 5:
646 		return 4;
647 	case 6:
648 		return 8;
649 	case 7:
650 		return 16;
651 	default:
652 		return 0;
653 	}
654 }
655 
656 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
657 			struct cfg80211_chan_def *def)
658 {
659 	struct ieee80211_chanctx_conf *conf;
660 
661 	rcu_read_lock();
662 	conf = rcu_dereference(vif->chanctx_conf);
663 	if (!conf) {
664 		rcu_read_unlock();
665 		return -ENOENT;
666 	}
667 
668 	*def = conf->def;
669 	rcu_read_unlock();
670 
671 	return 0;
672 }
673 
674 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
675 					 struct ieee80211_chanctx_conf *conf,
676 					 void *data)
677 {
678 	int *num = data;
679 
680 	(*num)++;
681 }
682 
683 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
684 {
685 	int num = 0;
686 
687 	ieee80211_iter_chan_contexts_atomic(ar->hw,
688 					    ath10k_mac_num_chanctxs_iter,
689 					    &num);
690 
691 	return num;
692 }
693 
694 static void
695 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
696 				struct ieee80211_chanctx_conf *conf,
697 				void *data)
698 {
699 	struct cfg80211_chan_def **def = data;
700 
701 	*def = &conf->def;
702 }
703 
704 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
705 					     const u8 *addr)
706 {
707 	unsigned long time_left;
708 	int ret;
709 
710 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
711 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
712 		if (ret) {
713 			ath10k_warn(ar, "failed wait for peer deleted");
714 			return;
715 		}
716 
717 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
718 							5 * HZ);
719 		if (!time_left)
720 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
721 	}
722 }
723 
724 static int ath10k_peer_create(struct ath10k *ar,
725 			      struct ieee80211_vif *vif,
726 			      struct ieee80211_sta *sta,
727 			      u32 vdev_id,
728 			      const u8 *addr,
729 			      enum wmi_peer_type peer_type)
730 {
731 	struct ath10k_vif *arvif;
732 	struct ath10k_peer *peer;
733 	int num_peers = 0;
734 	int ret;
735 
736 	lockdep_assert_held(&ar->conf_mutex);
737 
738 	num_peers = ar->num_peers;
739 
740 	/* Each vdev consumes a peer entry as well */
741 	list_for_each_entry(arvif, &ar->arvifs, list)
742 		num_peers++;
743 
744 	if (num_peers >= ar->max_num_peers)
745 		return -ENOBUFS;
746 
747 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
748 	if (ret) {
749 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
750 			    addr, vdev_id, ret);
751 		return ret;
752 	}
753 
754 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
755 	if (ret) {
756 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
757 			    addr, vdev_id, ret);
758 		return ret;
759 	}
760 
761 	spin_lock_bh(&ar->data_lock);
762 
763 	peer = ath10k_peer_find(ar, vdev_id, addr);
764 	if (!peer) {
765 		spin_unlock_bh(&ar->data_lock);
766 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
767 			    addr, vdev_id);
768 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
769 		return -ENOENT;
770 	}
771 
772 	peer->vif = vif;
773 	peer->sta = sta;
774 
775 	spin_unlock_bh(&ar->data_lock);
776 
777 	ar->num_peers++;
778 
779 	return 0;
780 }
781 
782 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
783 {
784 	struct ath10k *ar = arvif->ar;
785 	u32 param;
786 	int ret;
787 
788 	param = ar->wmi.pdev_param->sta_kickout_th;
789 	ret = ath10k_wmi_pdev_set_param(ar, param,
790 					ATH10K_KICKOUT_THRESHOLD);
791 	if (ret) {
792 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
793 			    arvif->vdev_id, ret);
794 		return ret;
795 	}
796 
797 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
798 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
799 					ATH10K_KEEPALIVE_MIN_IDLE);
800 	if (ret) {
801 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
802 			    arvif->vdev_id, ret);
803 		return ret;
804 	}
805 
806 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
807 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
808 					ATH10K_KEEPALIVE_MAX_IDLE);
809 	if (ret) {
810 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
811 			    arvif->vdev_id, ret);
812 		return ret;
813 	}
814 
815 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
816 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
817 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
818 	if (ret) {
819 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
820 			    arvif->vdev_id, ret);
821 		return ret;
822 	}
823 
824 	return 0;
825 }
826 
827 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
828 {
829 	struct ath10k *ar = arvif->ar;
830 	u32 vdev_param;
831 
832 	vdev_param = ar->wmi.vdev_param->rts_threshold;
833 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
834 }
835 
836 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
837 {
838 	int ret;
839 
840 	lockdep_assert_held(&ar->conf_mutex);
841 
842 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
843 	if (ret)
844 		return ret;
845 
846 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
847 	if (ret)
848 		return ret;
849 
850 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
851 		unsigned long time_left;
852 
853 		time_left = wait_for_completion_timeout
854 			    (&ar->peer_delete_done, 5 * HZ);
855 
856 		if (!time_left) {
857 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
858 			return -ETIMEDOUT;
859 		}
860 	}
861 
862 	ar->num_peers--;
863 
864 	return 0;
865 }
866 
867 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
868 {
869 	struct ath10k_peer *peer, *tmp;
870 	int peer_id;
871 	int i;
872 
873 	lockdep_assert_held(&ar->conf_mutex);
874 
875 	spin_lock_bh(&ar->data_lock);
876 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
877 		if (peer->vdev_id != vdev_id)
878 			continue;
879 
880 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
881 			    peer->addr, vdev_id);
882 
883 		for_each_set_bit(peer_id, peer->peer_ids,
884 				 ATH10K_MAX_NUM_PEER_IDS) {
885 			ar->peer_map[peer_id] = NULL;
886 		}
887 
888 		/* Double check that peer is properly un-referenced from
889 		 * the peer_map
890 		 */
891 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
892 			if (ar->peer_map[i] == peer) {
893 				ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
894 					    peer->addr, peer, i);
895 				ar->peer_map[i] = NULL;
896 			}
897 		}
898 
899 		list_del(&peer->list);
900 		kfree(peer);
901 		ar->num_peers--;
902 	}
903 	spin_unlock_bh(&ar->data_lock);
904 }
905 
906 static void ath10k_peer_cleanup_all(struct ath10k *ar)
907 {
908 	struct ath10k_peer *peer, *tmp;
909 	int i;
910 
911 	lockdep_assert_held(&ar->conf_mutex);
912 
913 	spin_lock_bh(&ar->data_lock);
914 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
915 		list_del(&peer->list);
916 		kfree(peer);
917 	}
918 
919 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
920 		ar->peer_map[i] = NULL;
921 
922 	spin_unlock_bh(&ar->data_lock);
923 
924 	ar->num_peers = 0;
925 	ar->num_stations = 0;
926 }
927 
928 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
929 				       struct ieee80211_sta *sta,
930 				       enum wmi_tdls_peer_state state)
931 {
932 	int ret;
933 	struct wmi_tdls_peer_update_cmd_arg arg = {};
934 	struct wmi_tdls_peer_capab_arg cap = {};
935 	struct wmi_channel_arg chan_arg = {};
936 
937 	lockdep_assert_held(&ar->conf_mutex);
938 
939 	arg.vdev_id = vdev_id;
940 	arg.peer_state = state;
941 	ether_addr_copy(arg.addr, sta->addr);
942 
943 	cap.peer_max_sp = sta->max_sp;
944 	cap.peer_uapsd_queues = sta->uapsd_queues;
945 
946 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
947 	    !sta->tdls_initiator)
948 		cap.is_peer_responder = 1;
949 
950 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
951 	if (ret) {
952 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
953 			    arg.addr, vdev_id, ret);
954 		return ret;
955 	}
956 
957 	return 0;
958 }
959 
960 /************************/
961 /* Interface management */
962 /************************/
963 
964 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
965 {
966 	struct ath10k *ar = arvif->ar;
967 
968 	lockdep_assert_held(&ar->data_lock);
969 
970 	if (!arvif->beacon)
971 		return;
972 
973 	if (!arvif->beacon_buf)
974 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
975 				 arvif->beacon->len, DMA_TO_DEVICE);
976 
977 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
978 		    arvif->beacon_state != ATH10K_BEACON_SENT))
979 		return;
980 
981 	dev_kfree_skb_any(arvif->beacon);
982 
983 	arvif->beacon = NULL;
984 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
985 }
986 
987 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
988 {
989 	struct ath10k *ar = arvif->ar;
990 
991 	lockdep_assert_held(&ar->data_lock);
992 
993 	ath10k_mac_vif_beacon_free(arvif);
994 
995 	if (arvif->beacon_buf) {
996 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
997 			kfree(arvif->beacon_buf);
998 		else
999 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
1000 					  arvif->beacon_buf,
1001 					  arvif->beacon_paddr);
1002 		arvif->beacon_buf = NULL;
1003 	}
1004 }
1005 
1006 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
1007 {
1008 	unsigned long time_left;
1009 
1010 	lockdep_assert_held(&ar->conf_mutex);
1011 
1012 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1013 		return -ESHUTDOWN;
1014 
1015 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1016 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1017 	if (time_left == 0)
1018 		return -ETIMEDOUT;
1019 
1020 	return ar->last_wmi_vdev_start_status;
1021 }
1022 
1023 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1024 {
1025 	struct cfg80211_chan_def *chandef = NULL;
1026 	struct ieee80211_channel *channel = NULL;
1027 	struct wmi_vdev_start_request_arg arg = {};
1028 	int ret = 0;
1029 
1030 	lockdep_assert_held(&ar->conf_mutex);
1031 
1032 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1033 					    ath10k_mac_get_any_chandef_iter,
1034 					    &chandef);
1035 	if (WARN_ON_ONCE(!chandef))
1036 		return -ENOENT;
1037 
1038 	channel = chandef->chan;
1039 
1040 	arg.vdev_id = vdev_id;
1041 	arg.channel.freq = channel->center_freq;
1042 	arg.channel.band_center_freq1 = chandef->center_freq1;
1043 	arg.channel.band_center_freq2 = chandef->center_freq2;
1044 
1045 	/* TODO setup this dynamically, what in case we
1046 	 * don't have any vifs?
1047 	 */
1048 	arg.channel.mode = chan_to_phymode(chandef);
1049 	arg.channel.chan_radar =
1050 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1051 
1052 	arg.channel.min_power = 0;
1053 	arg.channel.max_power = channel->max_power * 2;
1054 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1055 	arg.channel.max_antenna_gain = channel->max_antenna_gain;
1056 
1057 	reinit_completion(&ar->vdev_setup_done);
1058 	reinit_completion(&ar->vdev_delete_done);
1059 
1060 	ret = ath10k_wmi_vdev_start(ar, &arg);
1061 	if (ret) {
1062 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1063 			    vdev_id, ret);
1064 		return ret;
1065 	}
1066 
1067 	ret = ath10k_vdev_setup_sync(ar);
1068 	if (ret) {
1069 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1070 			    vdev_id, ret);
1071 		return ret;
1072 	}
1073 
1074 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1075 	if (ret) {
1076 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1077 			    vdev_id, ret);
1078 		goto vdev_stop;
1079 	}
1080 
1081 	ar->monitor_vdev_id = vdev_id;
1082 
1083 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1084 		   ar->monitor_vdev_id);
1085 	return 0;
1086 
1087 vdev_stop:
1088 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1089 	if (ret)
1090 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1091 			    ar->monitor_vdev_id, ret);
1092 
1093 	return ret;
1094 }
1095 
1096 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1097 {
1098 	int ret = 0;
1099 
1100 	lockdep_assert_held(&ar->conf_mutex);
1101 
1102 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1103 	if (ret)
1104 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1105 			    ar->monitor_vdev_id, ret);
1106 
1107 	reinit_completion(&ar->vdev_setup_done);
1108 	reinit_completion(&ar->vdev_delete_done);
1109 
1110 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1111 	if (ret)
1112 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1113 			    ar->monitor_vdev_id, ret);
1114 
1115 	ret = ath10k_vdev_setup_sync(ar);
1116 	if (ret)
1117 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1118 			    ar->monitor_vdev_id, ret);
1119 
1120 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1121 		   ar->monitor_vdev_id);
1122 	return ret;
1123 }
1124 
1125 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1126 {
1127 	int bit, ret = 0;
1128 
1129 	lockdep_assert_held(&ar->conf_mutex);
1130 
1131 	if (ar->free_vdev_map == 0) {
1132 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1133 		return -ENOMEM;
1134 	}
1135 
1136 	bit = __ffs64(ar->free_vdev_map);
1137 
1138 	ar->monitor_vdev_id = bit;
1139 
1140 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1141 				     WMI_VDEV_TYPE_MONITOR,
1142 				     0, ar->mac_addr);
1143 	if (ret) {
1144 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1145 			    ar->monitor_vdev_id, ret);
1146 		return ret;
1147 	}
1148 
1149 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1150 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1151 		   ar->monitor_vdev_id);
1152 
1153 	return 0;
1154 }
1155 
1156 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1157 {
1158 	int ret = 0;
1159 
1160 	lockdep_assert_held(&ar->conf_mutex);
1161 
1162 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1163 	if (ret) {
1164 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1165 			    ar->monitor_vdev_id, ret);
1166 		return ret;
1167 	}
1168 
1169 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1170 
1171 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1172 		   ar->monitor_vdev_id);
1173 	return ret;
1174 }
1175 
1176 static int ath10k_monitor_start(struct ath10k *ar)
1177 {
1178 	int ret;
1179 
1180 	lockdep_assert_held(&ar->conf_mutex);
1181 
1182 	ret = ath10k_monitor_vdev_create(ar);
1183 	if (ret) {
1184 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1185 		return ret;
1186 	}
1187 
1188 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1189 	if (ret) {
1190 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1191 		ath10k_monitor_vdev_delete(ar);
1192 		return ret;
1193 	}
1194 
1195 	ar->monitor_started = true;
1196 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1197 
1198 	return 0;
1199 }
1200 
1201 static int ath10k_monitor_stop(struct ath10k *ar)
1202 {
1203 	int ret;
1204 
1205 	lockdep_assert_held(&ar->conf_mutex);
1206 
1207 	ret = ath10k_monitor_vdev_stop(ar);
1208 	if (ret) {
1209 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1210 		return ret;
1211 	}
1212 
1213 	ret = ath10k_monitor_vdev_delete(ar);
1214 	if (ret) {
1215 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1216 		return ret;
1217 	}
1218 
1219 	ar->monitor_started = false;
1220 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1221 
1222 	return 0;
1223 }
1224 
1225 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1226 {
1227 	int num_ctx;
1228 
1229 	/* At least one chanctx is required to derive a channel to start
1230 	 * monitor vdev on.
1231 	 */
1232 	num_ctx = ath10k_mac_num_chanctxs(ar);
1233 	if (num_ctx == 0)
1234 		return false;
1235 
1236 	/* If there's already an existing special monitor interface then don't
1237 	 * bother creating another monitor vdev.
1238 	 */
1239 	if (ar->monitor_arvif)
1240 		return false;
1241 
1242 	return ar->monitor ||
1243 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1244 			  ar->running_fw->fw_file.fw_features) &&
1245 		(ar->filter_flags & FIF_OTHER_BSS)) ||
1246 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1247 }
1248 
1249 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1250 {
1251 	int num_ctx;
1252 
1253 	num_ctx = ath10k_mac_num_chanctxs(ar);
1254 
1255 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1256 	 * shouldn't allow this but make sure to prevent handling the following
1257 	 * case anyway since multi-channel DFS hasn't been tested at all.
1258 	 */
1259 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1260 		return false;
1261 
1262 	return true;
1263 }
1264 
1265 static int ath10k_monitor_recalc(struct ath10k *ar)
1266 {
1267 	bool needed;
1268 	bool allowed;
1269 	int ret;
1270 
1271 	lockdep_assert_held(&ar->conf_mutex);
1272 
1273 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1274 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1275 
1276 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1277 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1278 		   ar->monitor_started, needed, allowed);
1279 
1280 	if (WARN_ON(needed && !allowed)) {
1281 		if (ar->monitor_started) {
1282 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1283 
1284 			ret = ath10k_monitor_stop(ar);
1285 			if (ret)
1286 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1287 					    ret);
1288 				/* not serious */
1289 		}
1290 
1291 		return -EPERM;
1292 	}
1293 
1294 	if (needed == ar->monitor_started)
1295 		return 0;
1296 
1297 	if (needed)
1298 		return ath10k_monitor_start(ar);
1299 	else
1300 		return ath10k_monitor_stop(ar);
1301 }
1302 
1303 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1304 {
1305 	struct ath10k *ar = arvif->ar;
1306 
1307 	lockdep_assert_held(&ar->conf_mutex);
1308 
1309 	if (!arvif->is_started) {
1310 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1311 		return false;
1312 	}
1313 
1314 	return true;
1315 }
1316 
1317 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1318 {
1319 	struct ath10k *ar = arvif->ar;
1320 	u32 vdev_param;
1321 
1322 	lockdep_assert_held(&ar->conf_mutex);
1323 
1324 	vdev_param = ar->wmi.vdev_param->protection_mode;
1325 
1326 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1327 		   arvif->vdev_id, arvif->use_cts_prot);
1328 
1329 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1330 					 arvif->use_cts_prot ? 1 : 0);
1331 }
1332 
1333 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1334 {
1335 	struct ath10k *ar = arvif->ar;
1336 	u32 vdev_param, rts_cts = 0;
1337 
1338 	lockdep_assert_held(&ar->conf_mutex);
1339 
1340 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1341 
1342 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1343 
1344 	if (arvif->num_legacy_stations > 0)
1345 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1346 			      WMI_RTSCTS_PROFILE);
1347 	else
1348 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1349 			      WMI_RTSCTS_PROFILE);
1350 
1351 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1352 		   arvif->vdev_id, rts_cts);
1353 
1354 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1355 					 rts_cts);
1356 }
1357 
1358 static int ath10k_start_cac(struct ath10k *ar)
1359 {
1360 	int ret;
1361 
1362 	lockdep_assert_held(&ar->conf_mutex);
1363 
1364 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1365 
1366 	ret = ath10k_monitor_recalc(ar);
1367 	if (ret) {
1368 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1369 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1370 		return ret;
1371 	}
1372 
1373 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1374 		   ar->monitor_vdev_id);
1375 
1376 	return 0;
1377 }
1378 
1379 static int ath10k_stop_cac(struct ath10k *ar)
1380 {
1381 	lockdep_assert_held(&ar->conf_mutex);
1382 
1383 	/* CAC is not running - do nothing */
1384 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1385 		return 0;
1386 
1387 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1388 	ath10k_monitor_stop(ar);
1389 
1390 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1391 
1392 	return 0;
1393 }
1394 
1395 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1396 				      struct ieee80211_chanctx_conf *conf,
1397 				      void *data)
1398 {
1399 	bool *ret = data;
1400 
1401 	if (!*ret && conf->radar_enabled)
1402 		*ret = true;
1403 }
1404 
1405 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1406 {
1407 	bool has_radar = false;
1408 
1409 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1410 					    ath10k_mac_has_radar_iter,
1411 					    &has_radar);
1412 
1413 	return has_radar;
1414 }
1415 
1416 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1417 {
1418 	int ret;
1419 
1420 	lockdep_assert_held(&ar->conf_mutex);
1421 
1422 	ath10k_stop_cac(ar);
1423 
1424 	if (!ath10k_mac_has_radar_enabled(ar))
1425 		return;
1426 
1427 	if (ar->num_started_vdevs > 0)
1428 		return;
1429 
1430 	ret = ath10k_start_cac(ar);
1431 	if (ret) {
1432 		/*
1433 		 * Not possible to start CAC on current channel so starting
1434 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1435 		 * by indicating that radar was detected.
1436 		 */
1437 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1438 		ieee80211_radar_detected(ar->hw);
1439 	}
1440 }
1441 
1442 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1443 {
1444 	struct ath10k *ar = arvif->ar;
1445 	int ret;
1446 
1447 	lockdep_assert_held(&ar->conf_mutex);
1448 
1449 	reinit_completion(&ar->vdev_setup_done);
1450 	reinit_completion(&ar->vdev_delete_done);
1451 
1452 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1453 	if (ret) {
1454 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1455 			    arvif->vdev_id, ret);
1456 		return ret;
1457 	}
1458 
1459 	ret = ath10k_vdev_setup_sync(ar);
1460 	if (ret) {
1461 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1462 			    arvif->vdev_id, ret);
1463 		return ret;
1464 	}
1465 
1466 	WARN_ON(ar->num_started_vdevs == 0);
1467 
1468 	if (ar->num_started_vdevs != 0) {
1469 		ar->num_started_vdevs--;
1470 		ath10k_recalc_radar_detection(ar);
1471 	}
1472 
1473 	return ret;
1474 }
1475 
1476 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1477 				     const struct cfg80211_chan_def *chandef,
1478 				     bool restart)
1479 {
1480 	struct ath10k *ar = arvif->ar;
1481 	struct wmi_vdev_start_request_arg arg = {};
1482 	int ret = 0;
1483 
1484 	lockdep_assert_held(&ar->conf_mutex);
1485 
1486 	reinit_completion(&ar->vdev_setup_done);
1487 	reinit_completion(&ar->vdev_delete_done);
1488 
1489 	arg.vdev_id = arvif->vdev_id;
1490 	arg.dtim_period = arvif->dtim_period;
1491 	arg.bcn_intval = arvif->beacon_interval;
1492 
1493 	arg.channel.freq = chandef->chan->center_freq;
1494 	arg.channel.band_center_freq1 = chandef->center_freq1;
1495 	arg.channel.band_center_freq2 = chandef->center_freq2;
1496 	arg.channel.mode = chan_to_phymode(chandef);
1497 
1498 	arg.channel.min_power = 0;
1499 	arg.channel.max_power = chandef->chan->max_power * 2;
1500 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1501 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
1502 
1503 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1504 		arg.ssid = arvif->u.ap.ssid;
1505 		arg.ssid_len = arvif->u.ap.ssid_len;
1506 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1507 
1508 		/* For now allow DFS for AP mode */
1509 		arg.channel.chan_radar =
1510 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1511 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1512 		arg.ssid = arvif->vif->bss_conf.ssid;
1513 		arg.ssid_len = arvif->vif->bss_conf.ssid_len;
1514 	}
1515 
1516 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1517 		   "mac vdev %d start center_freq %d phymode %s\n",
1518 		   arg.vdev_id, arg.channel.freq,
1519 		   ath10k_wmi_phymode_str(arg.channel.mode));
1520 
1521 	if (restart)
1522 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1523 	else
1524 		ret = ath10k_wmi_vdev_start(ar, &arg);
1525 
1526 	if (ret) {
1527 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1528 			    arg.vdev_id, ret);
1529 		return ret;
1530 	}
1531 
1532 	ret = ath10k_vdev_setup_sync(ar);
1533 	if (ret) {
1534 		ath10k_warn(ar,
1535 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1536 			    arg.vdev_id, restart, ret);
1537 		return ret;
1538 	}
1539 
1540 	ar->num_started_vdevs++;
1541 	ath10k_recalc_radar_detection(ar);
1542 
1543 	return ret;
1544 }
1545 
1546 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1547 			     const struct cfg80211_chan_def *def)
1548 {
1549 	return ath10k_vdev_start_restart(arvif, def, false);
1550 }
1551 
1552 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1553 			       const struct cfg80211_chan_def *def)
1554 {
1555 	return ath10k_vdev_start_restart(arvif, def, true);
1556 }
1557 
1558 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1559 				       struct sk_buff *bcn)
1560 {
1561 	struct ath10k *ar = arvif->ar;
1562 	struct ieee80211_mgmt *mgmt;
1563 	const u8 *p2p_ie;
1564 	int ret;
1565 
1566 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1567 		return 0;
1568 
1569 	mgmt = (void *)bcn->data;
1570 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1571 					 mgmt->u.beacon.variable,
1572 					 bcn->len - (mgmt->u.beacon.variable -
1573 						     bcn->data));
1574 	if (!p2p_ie)
1575 		return -ENOENT;
1576 
1577 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1578 	if (ret) {
1579 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1580 			    arvif->vdev_id, ret);
1581 		return ret;
1582 	}
1583 
1584 	return 0;
1585 }
1586 
1587 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1588 				       u8 oui_type, size_t ie_offset)
1589 {
1590 	size_t len;
1591 	const u8 *next;
1592 	const u8 *end;
1593 	u8 *ie;
1594 
1595 	if (WARN_ON(skb->len < ie_offset))
1596 		return -EINVAL;
1597 
1598 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1599 					   skb->data + ie_offset,
1600 					   skb->len - ie_offset);
1601 	if (!ie)
1602 		return -ENOENT;
1603 
1604 	len = ie[1] + 2;
1605 	end = skb->data + skb->len;
1606 	next = ie + len;
1607 
1608 	if (WARN_ON(next > end))
1609 		return -EINVAL;
1610 
1611 	memmove(ie, next, end - next);
1612 	skb_trim(skb, skb->len - len);
1613 
1614 	return 0;
1615 }
1616 
1617 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1618 {
1619 	struct ath10k *ar = arvif->ar;
1620 	struct ieee80211_hw *hw = ar->hw;
1621 	struct ieee80211_vif *vif = arvif->vif;
1622 	struct ieee80211_mutable_offsets offs = {};
1623 	struct sk_buff *bcn;
1624 	int ret;
1625 
1626 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1627 		return 0;
1628 
1629 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1630 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1631 		return 0;
1632 
1633 	bcn = ieee80211_beacon_get_template(hw, vif, &offs);
1634 	if (!bcn) {
1635 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1636 		return -EPERM;
1637 	}
1638 
1639 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1640 	if (ret) {
1641 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1642 		kfree_skb(bcn);
1643 		return ret;
1644 	}
1645 
1646 	/* P2P IE is inserted by firmware automatically (as configured above)
1647 	 * so remove it from the base beacon template to avoid duplicate P2P
1648 	 * IEs in beacon frames.
1649 	 */
1650 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1651 				    offsetof(struct ieee80211_mgmt,
1652 					     u.beacon.variable));
1653 
1654 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1655 				  0, NULL, 0);
1656 	kfree_skb(bcn);
1657 
1658 	if (ret) {
1659 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1660 			    ret);
1661 		return ret;
1662 	}
1663 
1664 	return 0;
1665 }
1666 
1667 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1668 {
1669 	struct ath10k *ar = arvif->ar;
1670 	struct ieee80211_hw *hw = ar->hw;
1671 	struct ieee80211_vif *vif = arvif->vif;
1672 	struct sk_buff *prb;
1673 	int ret;
1674 
1675 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1676 		return 0;
1677 
1678 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1679 		return 0;
1680 
1681 	 /* For mesh, probe response and beacon share the same template */
1682 	if (ieee80211_vif_is_mesh(vif))
1683 		return 0;
1684 
1685 	prb = ieee80211_proberesp_get(hw, vif);
1686 	if (!prb) {
1687 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1688 		return -EPERM;
1689 	}
1690 
1691 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1692 	kfree_skb(prb);
1693 
1694 	if (ret) {
1695 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1696 			    ret);
1697 		return ret;
1698 	}
1699 
1700 	return 0;
1701 }
1702 
1703 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1704 {
1705 	struct ath10k *ar = arvif->ar;
1706 	struct cfg80211_chan_def def;
1707 	int ret;
1708 
1709 	/* When originally vdev is started during assign_vif_chanctx() some
1710 	 * information is missing, notably SSID. Firmware revisions with beacon
1711 	 * offloading require the SSID to be provided during vdev (re)start to
1712 	 * handle hidden SSID properly.
1713 	 *
1714 	 * Vdev restart must be done after vdev has been both started and
1715 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1716 	 * deliver vdev restart response event causing timeouts during vdev
1717 	 * syncing in ath10k.
1718 	 *
1719 	 * Note: The vdev down/up and template reinstallation could be skipped
1720 	 * since only wmi-tlv firmware are known to have beacon offload and
1721 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1722 	 * response delivery. It's probably more robust to keep it as is.
1723 	 */
1724 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1725 		return 0;
1726 
1727 	if (WARN_ON(!arvif->is_started))
1728 		return -EINVAL;
1729 
1730 	if (WARN_ON(!arvif->is_up))
1731 		return -EINVAL;
1732 
1733 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1734 		return -EINVAL;
1735 
1736 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1737 	if (ret) {
1738 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1739 			    arvif->vdev_id, ret);
1740 		return ret;
1741 	}
1742 
1743 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1744 	 * firmware will crash upon vdev up.
1745 	 */
1746 
1747 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1748 	if (ret) {
1749 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1750 		return ret;
1751 	}
1752 
1753 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1754 	if (ret) {
1755 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1756 		return ret;
1757 	}
1758 
1759 	ret = ath10k_vdev_restart(arvif, &def);
1760 	if (ret) {
1761 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1762 			    arvif->vdev_id, ret);
1763 		return ret;
1764 	}
1765 
1766 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1767 				 arvif->bssid);
1768 	if (ret) {
1769 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1770 			    arvif->vdev_id, ret);
1771 		return ret;
1772 	}
1773 
1774 	return 0;
1775 }
1776 
1777 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1778 				     struct ieee80211_bss_conf *info)
1779 {
1780 	struct ath10k *ar = arvif->ar;
1781 	int ret = 0;
1782 
1783 	lockdep_assert_held(&arvif->ar->conf_mutex);
1784 
1785 	if (!info->enable_beacon) {
1786 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1787 		if (ret)
1788 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1789 				    arvif->vdev_id, ret);
1790 
1791 		arvif->is_up = false;
1792 
1793 		spin_lock_bh(&arvif->ar->data_lock);
1794 		ath10k_mac_vif_beacon_free(arvif);
1795 		spin_unlock_bh(&arvif->ar->data_lock);
1796 
1797 		return;
1798 	}
1799 
1800 	arvif->tx_seq_no = 0x1000;
1801 
1802 	arvif->aid = 0;
1803 	ether_addr_copy(arvif->bssid, info->bssid);
1804 
1805 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1806 				 arvif->bssid);
1807 	if (ret) {
1808 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1809 			    arvif->vdev_id, ret);
1810 		return;
1811 	}
1812 
1813 	arvif->is_up = true;
1814 
1815 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1816 	if (ret) {
1817 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1818 			    arvif->vdev_id, ret);
1819 		return;
1820 	}
1821 
1822 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1823 }
1824 
1825 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1826 				struct ieee80211_bss_conf *info,
1827 				const u8 self_peer[ETH_ALEN])
1828 {
1829 	struct ath10k *ar = arvif->ar;
1830 	u32 vdev_param;
1831 	int ret = 0;
1832 
1833 	lockdep_assert_held(&arvif->ar->conf_mutex);
1834 
1835 	if (!info->ibss_joined) {
1836 		if (is_zero_ether_addr(arvif->bssid))
1837 			return;
1838 
1839 		eth_zero_addr(arvif->bssid);
1840 
1841 		return;
1842 	}
1843 
1844 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1845 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1846 					ATH10K_DEFAULT_ATIM);
1847 	if (ret)
1848 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1849 			    arvif->vdev_id, ret);
1850 }
1851 
1852 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1853 {
1854 	struct ath10k *ar = arvif->ar;
1855 	u32 param;
1856 	u32 value;
1857 	int ret;
1858 
1859 	lockdep_assert_held(&arvif->ar->conf_mutex);
1860 
1861 	if (arvif->u.sta.uapsd)
1862 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1863 	else
1864 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1865 
1866 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1867 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1868 	if (ret) {
1869 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1870 			    value, arvif->vdev_id, ret);
1871 		return ret;
1872 	}
1873 
1874 	return 0;
1875 }
1876 
1877 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1878 {
1879 	struct ath10k *ar = arvif->ar;
1880 	u32 param;
1881 	u32 value;
1882 	int ret;
1883 
1884 	lockdep_assert_held(&arvif->ar->conf_mutex);
1885 
1886 	if (arvif->u.sta.uapsd)
1887 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1888 	else
1889 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1890 
1891 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1892 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1893 					  param, value);
1894 	if (ret) {
1895 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1896 			    value, arvif->vdev_id, ret);
1897 		return ret;
1898 	}
1899 
1900 	return 0;
1901 }
1902 
1903 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1904 {
1905 	struct ath10k_vif *arvif;
1906 	int num = 0;
1907 
1908 	lockdep_assert_held(&ar->conf_mutex);
1909 
1910 	list_for_each_entry(arvif, &ar->arvifs, list)
1911 		if (arvif->is_started)
1912 			num++;
1913 
1914 	return num;
1915 }
1916 
1917 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1918 {
1919 	struct ath10k *ar = arvif->ar;
1920 	struct ieee80211_vif *vif = arvif->vif;
1921 	struct ieee80211_conf *conf = &ar->hw->conf;
1922 	enum wmi_sta_powersave_param param;
1923 	enum wmi_sta_ps_mode psmode;
1924 	int ret;
1925 	int ps_timeout;
1926 	bool enable_ps;
1927 
1928 	lockdep_assert_held(&arvif->ar->conf_mutex);
1929 
1930 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1931 		return 0;
1932 
1933 	enable_ps = arvif->ps;
1934 
1935 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1936 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1937 		      ar->running_fw->fw_file.fw_features)) {
1938 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1939 			    arvif->vdev_id);
1940 		enable_ps = false;
1941 	}
1942 
1943 	if (!arvif->is_started) {
1944 		/* mac80211 can update vif powersave state while disconnected.
1945 		 * Firmware doesn't behave nicely and consumes more power than
1946 		 * necessary if PS is disabled on a non-started vdev. Hence
1947 		 * force-enable PS for non-running vdevs.
1948 		 */
1949 		psmode = WMI_STA_PS_MODE_ENABLED;
1950 	} else if (enable_ps) {
1951 		psmode = WMI_STA_PS_MODE_ENABLED;
1952 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1953 
1954 		ps_timeout = conf->dynamic_ps_timeout;
1955 		if (ps_timeout == 0) {
1956 			/* Firmware doesn't like 0 */
1957 			ps_timeout = ieee80211_tu_to_usec(
1958 				vif->bss_conf.beacon_int) / 1000;
1959 		}
1960 
1961 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1962 						  ps_timeout);
1963 		if (ret) {
1964 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1965 				    arvif->vdev_id, ret);
1966 			return ret;
1967 		}
1968 	} else {
1969 		psmode = WMI_STA_PS_MODE_DISABLED;
1970 	}
1971 
1972 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1973 		   arvif->vdev_id, psmode ? "enable" : "disable");
1974 
1975 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1976 	if (ret) {
1977 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
1978 			    psmode, arvif->vdev_id, ret);
1979 		return ret;
1980 	}
1981 
1982 	return 0;
1983 }
1984 
1985 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
1986 {
1987 	struct ath10k *ar = arvif->ar;
1988 	struct wmi_sta_keepalive_arg arg = {};
1989 	int ret;
1990 
1991 	lockdep_assert_held(&arvif->ar->conf_mutex);
1992 
1993 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
1994 		return 0;
1995 
1996 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
1997 		return 0;
1998 
1999 	/* Some firmware revisions have a bug and ignore the `enabled` field.
2000 	 * Instead use the interval to disable the keepalive.
2001 	 */
2002 	arg.vdev_id = arvif->vdev_id;
2003 	arg.enabled = 1;
2004 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
2005 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
2006 
2007 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
2008 	if (ret) {
2009 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
2010 			    arvif->vdev_id, ret);
2011 		return ret;
2012 	}
2013 
2014 	return 0;
2015 }
2016 
2017 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2018 {
2019 	struct ath10k *ar = arvif->ar;
2020 	struct ieee80211_vif *vif = arvif->vif;
2021 	int ret;
2022 
2023 	lockdep_assert_held(&arvif->ar->conf_mutex);
2024 
2025 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2026 		return;
2027 
2028 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2029 		return;
2030 
2031 	if (!vif->csa_active)
2032 		return;
2033 
2034 	if (!arvif->is_up)
2035 		return;
2036 
2037 	if (!ieee80211_beacon_cntdwn_is_complete(vif)) {
2038 		ieee80211_beacon_update_cntdwn(vif);
2039 
2040 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2041 		if (ret)
2042 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2043 				    ret);
2044 
2045 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2046 		if (ret)
2047 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2048 				    ret);
2049 	} else {
2050 		ieee80211_csa_finish(vif);
2051 	}
2052 }
2053 
2054 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2055 {
2056 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2057 						ap_csa_work);
2058 	struct ath10k *ar = arvif->ar;
2059 
2060 	mutex_lock(&ar->conf_mutex);
2061 	ath10k_mac_vif_ap_csa_count_down(arvif);
2062 	mutex_unlock(&ar->conf_mutex);
2063 }
2064 
2065 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2066 					  struct ieee80211_vif *vif)
2067 {
2068 	struct sk_buff *skb = data;
2069 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2070 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2071 
2072 	if (vif->type != NL80211_IFTYPE_STATION)
2073 		return;
2074 
2075 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2076 		return;
2077 
2078 	cancel_delayed_work(&arvif->connection_loss_work);
2079 }
2080 
2081 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2082 {
2083 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2084 						   ATH10K_ITER_NORMAL_FLAGS,
2085 						   ath10k_mac_handle_beacon_iter,
2086 						   skb);
2087 }
2088 
2089 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2090 					       struct ieee80211_vif *vif)
2091 {
2092 	u32 *vdev_id = data;
2093 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2094 	struct ath10k *ar = arvif->ar;
2095 	struct ieee80211_hw *hw = ar->hw;
2096 
2097 	if (arvif->vdev_id != *vdev_id)
2098 		return;
2099 
2100 	if (!arvif->is_up)
2101 		return;
2102 
2103 	ieee80211_beacon_loss(vif);
2104 
2105 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2106 	 * (done by mac80211) succeeds but beacons do not resume then it
2107 	 * doesn't make sense to continue operation. Queue connection loss work
2108 	 * which can be cancelled when beacon is received.
2109 	 */
2110 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2111 				     ATH10K_CONNECTION_LOSS_HZ);
2112 }
2113 
2114 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2115 {
2116 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2117 						   ATH10K_ITER_NORMAL_FLAGS,
2118 						   ath10k_mac_handle_beacon_miss_iter,
2119 						   &vdev_id);
2120 }
2121 
2122 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2123 {
2124 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2125 						connection_loss_work.work);
2126 	struct ieee80211_vif *vif = arvif->vif;
2127 
2128 	if (!arvif->is_up)
2129 		return;
2130 
2131 	ieee80211_connection_loss(vif);
2132 }
2133 
2134 /**********************/
2135 /* Station management */
2136 /**********************/
2137 
2138 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2139 					     struct ieee80211_vif *vif)
2140 {
2141 	/* Some firmware revisions have unstable STA powersave when listen
2142 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2143 	 * generate NullFunc frames properly even if buffered frames have been
2144 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2145 	 * buffered frames. Often pinging the device from AP would simply fail.
2146 	 *
2147 	 * As a workaround set it to 1.
2148 	 */
2149 	if (vif->type == NL80211_IFTYPE_STATION)
2150 		return 1;
2151 
2152 	return ar->hw->conf.listen_interval;
2153 }
2154 
2155 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2156 				      struct ieee80211_vif *vif,
2157 				      struct ieee80211_sta *sta,
2158 				      struct wmi_peer_assoc_complete_arg *arg)
2159 {
2160 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2161 	u32 aid;
2162 
2163 	lockdep_assert_held(&ar->conf_mutex);
2164 
2165 	if (vif->type == NL80211_IFTYPE_STATION)
2166 		aid = vif->bss_conf.aid;
2167 	else
2168 		aid = sta->aid;
2169 
2170 	ether_addr_copy(arg->addr, sta->addr);
2171 	arg->vdev_id = arvif->vdev_id;
2172 	arg->peer_aid = aid;
2173 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2174 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2175 	arg->peer_num_spatial_streams = 1;
2176 	arg->peer_caps = vif->bss_conf.assoc_capability;
2177 }
2178 
2179 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2180 				       struct ieee80211_vif *vif,
2181 				       struct ieee80211_sta *sta,
2182 				       struct wmi_peer_assoc_complete_arg *arg)
2183 {
2184 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2185 	struct cfg80211_chan_def def;
2186 	struct cfg80211_bss *bss;
2187 	const u8 *rsnie = NULL;
2188 	const u8 *wpaie = NULL;
2189 
2190 	lockdep_assert_held(&ar->conf_mutex);
2191 
2192 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2193 		return;
2194 
2195 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid,
2196 			       info->ssid_len ? info->ssid : NULL, info->ssid_len,
2197 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2198 	if (bss) {
2199 		const struct cfg80211_bss_ies *ies;
2200 
2201 		rcu_read_lock();
2202 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2203 
2204 		ies = rcu_dereference(bss->ies);
2205 
2206 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2207 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2208 						ies->data,
2209 						ies->len);
2210 		rcu_read_unlock();
2211 		cfg80211_put_bss(ar->hw->wiphy, bss);
2212 	}
2213 
2214 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2215 	if (rsnie || wpaie) {
2216 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2217 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2218 	}
2219 
2220 	if (wpaie) {
2221 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2222 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2223 	}
2224 
2225 	if (sta->mfp &&
2226 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2227 		     ar->running_fw->fw_file.fw_features)) {
2228 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2229 	}
2230 }
2231 
2232 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2233 				      struct ieee80211_vif *vif,
2234 				      struct ieee80211_sta *sta,
2235 				      struct wmi_peer_assoc_complete_arg *arg)
2236 {
2237 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2238 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2239 	struct cfg80211_chan_def def;
2240 	const struct ieee80211_supported_band *sband;
2241 	const struct ieee80211_rate *rates;
2242 	enum nl80211_band band;
2243 	u32 ratemask;
2244 	u8 rate;
2245 	int i;
2246 
2247 	lockdep_assert_held(&ar->conf_mutex);
2248 
2249 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2250 		return;
2251 
2252 	band = def.chan->band;
2253 	sband = ar->hw->wiphy->bands[band];
2254 	ratemask = sta->deflink.supp_rates[band];
2255 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2256 	rates = sband->bitrates;
2257 
2258 	rateset->num_rates = 0;
2259 
2260 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2261 		if (!(ratemask & 1))
2262 			continue;
2263 
2264 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2265 		rateset->rates[rateset->num_rates] = rate;
2266 		rateset->num_rates++;
2267 	}
2268 }
2269 
2270 static bool
2271 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2272 {
2273 	int nss;
2274 
2275 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2276 		if (ht_mcs_mask[nss])
2277 			return false;
2278 
2279 	return true;
2280 }
2281 
2282 static bool
2283 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2284 {
2285 	int nss;
2286 
2287 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2288 		if (vht_mcs_mask[nss])
2289 			return false;
2290 
2291 	return true;
2292 }
2293 
2294 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2295 				   struct ieee80211_vif *vif,
2296 				   struct ieee80211_sta *sta,
2297 				   struct wmi_peer_assoc_complete_arg *arg)
2298 {
2299 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
2300 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2301 	struct cfg80211_chan_def def;
2302 	enum nl80211_band band;
2303 	const u8 *ht_mcs_mask;
2304 	const u16 *vht_mcs_mask;
2305 	int i, n;
2306 	u8 max_nss;
2307 	u32 stbc;
2308 
2309 	lockdep_assert_held(&ar->conf_mutex);
2310 
2311 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2312 		return;
2313 
2314 	if (!ht_cap->ht_supported)
2315 		return;
2316 
2317 	band = def.chan->band;
2318 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2319 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2320 
2321 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2322 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2323 		return;
2324 
2325 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2326 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2327 				    ht_cap->ampdu_factor)) - 1;
2328 
2329 	arg->peer_mpdu_density =
2330 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2331 
2332 	arg->peer_ht_caps = ht_cap->cap;
2333 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2334 
2335 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2336 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2337 
2338 	if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40) {
2339 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2340 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2341 	}
2342 
2343 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2344 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2345 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2346 
2347 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2348 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2349 	}
2350 
2351 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2352 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2353 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2354 	}
2355 
2356 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2357 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2358 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2359 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2360 		arg->peer_rate_caps |= stbc;
2361 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2362 	}
2363 
2364 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2365 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2366 	else if (ht_cap->mcs.rx_mask[1])
2367 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2368 
2369 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2370 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2371 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2372 			max_nss = (i / 8) + 1;
2373 			arg->peer_ht_rates.rates[n++] = i;
2374 		}
2375 
2376 	/*
2377 	 * This is a workaround for HT-enabled STAs which break the spec
2378 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2379 	 *
2380 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2381 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2382 	 *
2383 	 * Firmware asserts if such situation occurs.
2384 	 */
2385 	if (n == 0) {
2386 		arg->peer_ht_rates.num_rates = 8;
2387 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2388 			arg->peer_ht_rates.rates[i] = i;
2389 	} else {
2390 		arg->peer_ht_rates.num_rates = n;
2391 		arg->peer_num_spatial_streams = min(sta->deflink.rx_nss,
2392 						    max_nss);
2393 	}
2394 
2395 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2396 		   arg->addr,
2397 		   arg->peer_ht_rates.num_rates,
2398 		   arg->peer_num_spatial_streams);
2399 }
2400 
2401 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2402 				    struct ath10k_vif *arvif,
2403 				    struct ieee80211_sta *sta)
2404 {
2405 	u32 uapsd = 0;
2406 	u32 max_sp = 0;
2407 	int ret = 0;
2408 
2409 	lockdep_assert_held(&ar->conf_mutex);
2410 
2411 	if (sta->wme && sta->uapsd_queues) {
2412 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2413 			   sta->uapsd_queues, sta->max_sp);
2414 
2415 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2416 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2417 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2418 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2419 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2420 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2421 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2422 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2423 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2424 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2425 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2426 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2427 
2428 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2429 			max_sp = sta->max_sp;
2430 
2431 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2432 						 sta->addr,
2433 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2434 						 uapsd);
2435 		if (ret) {
2436 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2437 				    arvif->vdev_id, ret);
2438 			return ret;
2439 		}
2440 
2441 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2442 						 sta->addr,
2443 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2444 						 max_sp);
2445 		if (ret) {
2446 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2447 				    arvif->vdev_id, ret);
2448 			return ret;
2449 		}
2450 
2451 		/* TODO setup this based on STA listen interval and
2452 		 * beacon interval. Currently we don't know
2453 		 * sta->listen_interval - mac80211 patch required.
2454 		 * Currently use 10 seconds
2455 		 */
2456 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2457 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2458 						 10);
2459 		if (ret) {
2460 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2461 				    arvif->vdev_id, ret);
2462 			return ret;
2463 		}
2464 	}
2465 
2466 	return 0;
2467 }
2468 
2469 static u16
2470 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2471 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2472 {
2473 	int idx_limit;
2474 	int nss;
2475 	u16 mcs_map;
2476 	u16 mcs;
2477 
2478 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2479 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2480 			  vht_mcs_limit[nss];
2481 
2482 		if (mcs_map)
2483 			idx_limit = fls(mcs_map) - 1;
2484 		else
2485 			idx_limit = -1;
2486 
2487 		switch (idx_limit) {
2488 		case 0:
2489 		case 1:
2490 		case 2:
2491 		case 3:
2492 		case 4:
2493 		case 5:
2494 		case 6:
2495 		default:
2496 			/* see ath10k_mac_can_set_bitrate_mask() */
2497 			WARN_ON(1);
2498 			fallthrough;
2499 		case -1:
2500 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2501 			break;
2502 		case 7:
2503 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2504 			break;
2505 		case 8:
2506 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2507 			break;
2508 		case 9:
2509 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2510 			break;
2511 		}
2512 
2513 		tx_mcs_set &= ~(0x3 << (nss * 2));
2514 		tx_mcs_set |= mcs << (nss * 2);
2515 	}
2516 
2517 	return tx_mcs_set;
2518 }
2519 
2520 static u32 get_160mhz_nss_from_maxrate(int rate)
2521 {
2522 	u32 nss;
2523 
2524 	switch (rate) {
2525 	case 780:
2526 		nss = 1;
2527 		break;
2528 	case 1560:
2529 		nss = 2;
2530 		break;
2531 	case 2106:
2532 		nss = 3; /* not support MCS9 from spec*/
2533 		break;
2534 	case 3120:
2535 		nss = 4;
2536 		break;
2537 	default:
2538 		 nss = 1;
2539 	}
2540 
2541 	return nss;
2542 }
2543 
2544 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2545 				    struct ieee80211_vif *vif,
2546 				    struct ieee80211_sta *sta,
2547 				    struct wmi_peer_assoc_complete_arg *arg)
2548 {
2549 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2550 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2551 	struct ath10k_hw_params *hw = &ar->hw_params;
2552 	struct cfg80211_chan_def def;
2553 	enum nl80211_band band;
2554 	const u16 *vht_mcs_mask;
2555 	u8 ampdu_factor;
2556 	u8 max_nss, vht_mcs;
2557 	int i;
2558 
2559 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2560 		return;
2561 
2562 	if (!vht_cap->vht_supported)
2563 		return;
2564 
2565 	band = def.chan->band;
2566 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2567 
2568 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2569 		return;
2570 
2571 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2572 
2573 	if (def.chan->band == NL80211_BAND_2GHZ)
2574 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2575 
2576 	arg->peer_vht_caps = vht_cap->cap;
2577 
2578 	ampdu_factor = (vht_cap->cap &
2579 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2580 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2581 
2582 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2583 	 * zero in VHT IE. Using it would result in degraded throughput.
2584 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2585 	 * it if VHT max_mpdu is smaller.
2586 	 */
2587 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2588 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2589 					ampdu_factor)) - 1);
2590 
2591 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2592 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2593 
2594 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
2595 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2596 
2597 	/* Calculate peer NSS capability from VHT capabilities if STA
2598 	 * supports VHT.
2599 	 */
2600 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2601 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2602 			  (2 * i) & 3;
2603 
2604 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2605 		    vht_mcs_mask[i])
2606 			max_nss = i + 1;
2607 	}
2608 	arg->peer_num_spatial_streams = min(sta->deflink.rx_nss, max_nss);
2609 	arg->peer_vht_rates.rx_max_rate =
2610 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2611 	arg->peer_vht_rates.rx_mcs_set =
2612 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2613 	arg->peer_vht_rates.tx_max_rate =
2614 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2615 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2616 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2617 
2618 	/* Configure bandwidth-NSS mapping to FW
2619 	 * for the chip's tx chains setting on 160Mhz bw
2620 	 */
2621 	if (arg->peer_phymode == MODE_11AC_VHT160 ||
2622 	    arg->peer_phymode == MODE_11AC_VHT80_80) {
2623 		u32 rx_nss;
2624 		u32 max_rate;
2625 
2626 		max_rate = arg->peer_vht_rates.rx_max_rate;
2627 		rx_nss = get_160mhz_nss_from_maxrate(max_rate);
2628 
2629 		if (rx_nss == 0)
2630 			rx_nss = arg->peer_num_spatial_streams;
2631 		else
2632 			rx_nss = min(arg->peer_num_spatial_streams, rx_nss);
2633 
2634 		max_rate = hw->vht160_mcs_tx_highest;
2635 		rx_nss = min(rx_nss, get_160mhz_nss_from_maxrate(max_rate));
2636 
2637 		arg->peer_bw_rxnss_override =
2638 			FIELD_PREP(WMI_PEER_NSS_MAP_ENABLE, 1) |
2639 			FIELD_PREP(WMI_PEER_NSS_160MHZ_MASK, (rx_nss - 1));
2640 
2641 		if (arg->peer_phymode == MODE_11AC_VHT80_80) {
2642 			arg->peer_bw_rxnss_override |=
2643 			FIELD_PREP(WMI_PEER_NSS_80_80MHZ_MASK, (rx_nss - 1));
2644 		}
2645 	}
2646 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2647 		   "mac vht peer %pM max_mpdu %d flags 0x%x peer_rx_nss_override 0x%x\n",
2648 		   sta->addr, arg->peer_max_mpdu,
2649 		   arg->peer_flags, arg->peer_bw_rxnss_override);
2650 }
2651 
2652 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2653 				    struct ieee80211_vif *vif,
2654 				    struct ieee80211_sta *sta,
2655 				    struct wmi_peer_assoc_complete_arg *arg)
2656 {
2657 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2658 
2659 	switch (arvif->vdev_type) {
2660 	case WMI_VDEV_TYPE_AP:
2661 		if (sta->wme)
2662 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2663 
2664 		if (sta->wme && sta->uapsd_queues) {
2665 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2666 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2667 		}
2668 		break;
2669 	case WMI_VDEV_TYPE_STA:
2670 		if (sta->wme)
2671 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2672 		break;
2673 	case WMI_VDEV_TYPE_IBSS:
2674 		if (sta->wme)
2675 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2676 		break;
2677 	default:
2678 		break;
2679 	}
2680 
2681 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2682 		   sta->addr, !!(arg->peer_flags &
2683 		   arvif->ar->wmi.peer_flags->qos));
2684 }
2685 
2686 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2687 {
2688 	return sta->deflink.supp_rates[NL80211_BAND_2GHZ] >>
2689 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2690 }
2691 
2692 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2693 						    struct ieee80211_sta *sta)
2694 {
2695 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2696 
2697 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160) {
2698 		switch (vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2699 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2700 			return MODE_11AC_VHT160;
2701 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2702 			return MODE_11AC_VHT80_80;
2703 		default:
2704 			/* not sure if this is a valid case? */
2705 			return MODE_11AC_VHT160;
2706 		}
2707 	}
2708 
2709 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2710 		return MODE_11AC_VHT80;
2711 
2712 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2713 		return MODE_11AC_VHT40;
2714 
2715 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
2716 		return MODE_11AC_VHT20;
2717 
2718 	return MODE_UNKNOWN;
2719 }
2720 
2721 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2722 					struct ieee80211_vif *vif,
2723 					struct ieee80211_sta *sta,
2724 					struct wmi_peer_assoc_complete_arg *arg)
2725 {
2726 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2727 	struct cfg80211_chan_def def;
2728 	enum nl80211_band band;
2729 	const u8 *ht_mcs_mask;
2730 	const u16 *vht_mcs_mask;
2731 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2732 
2733 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2734 		return;
2735 
2736 	band = def.chan->band;
2737 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2738 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2739 
2740 	switch (band) {
2741 	case NL80211_BAND_2GHZ:
2742 		if (sta->deflink.vht_cap.vht_supported &&
2743 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2744 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2745 				phymode = MODE_11AC_VHT40;
2746 			else
2747 				phymode = MODE_11AC_VHT20;
2748 		} else if (sta->deflink.ht_cap.ht_supported &&
2749 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2750 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2751 				phymode = MODE_11NG_HT40;
2752 			else
2753 				phymode = MODE_11NG_HT20;
2754 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2755 			phymode = MODE_11G;
2756 		} else {
2757 			phymode = MODE_11B;
2758 		}
2759 
2760 		break;
2761 	case NL80211_BAND_5GHZ:
2762 		/*
2763 		 * Check VHT first.
2764 		 */
2765 		if (sta->deflink.vht_cap.vht_supported &&
2766 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2767 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2768 		} else if (sta->deflink.ht_cap.ht_supported &&
2769 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2770 			if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40)
2771 				phymode = MODE_11NA_HT40;
2772 			else
2773 				phymode = MODE_11NA_HT20;
2774 		} else {
2775 			phymode = MODE_11A;
2776 		}
2777 
2778 		break;
2779 	default:
2780 		break;
2781 	}
2782 
2783 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2784 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2785 
2786 	arg->peer_phymode = phymode;
2787 	WARN_ON(phymode == MODE_UNKNOWN);
2788 }
2789 
2790 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2791 				     struct ieee80211_vif *vif,
2792 				     struct ieee80211_sta *sta,
2793 				     struct wmi_peer_assoc_complete_arg *arg)
2794 {
2795 	lockdep_assert_held(&ar->conf_mutex);
2796 
2797 	memset(arg, 0, sizeof(*arg));
2798 
2799 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2800 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2801 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2802 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2803 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2804 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2805 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2806 
2807 	return 0;
2808 }
2809 
2810 static const u32 ath10k_smps_map[] = {
2811 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2812 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2813 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2814 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2815 };
2816 
2817 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2818 				  const u8 *addr,
2819 				  const struct ieee80211_sta_ht_cap *ht_cap)
2820 {
2821 	int smps;
2822 
2823 	if (!ht_cap->ht_supported)
2824 		return 0;
2825 
2826 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2827 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2828 
2829 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2830 		return -EINVAL;
2831 
2832 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2833 					 ar->wmi.peer_param->smps_state,
2834 					 ath10k_smps_map[smps]);
2835 }
2836 
2837 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2838 				      struct ieee80211_vif *vif,
2839 				      struct ieee80211_sta_vht_cap vht_cap)
2840 {
2841 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2842 	int ret;
2843 	u32 param;
2844 	u32 value;
2845 
2846 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2847 		return 0;
2848 
2849 	if (!(ar->vht_cap_info &
2850 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2851 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2852 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2853 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2854 		return 0;
2855 
2856 	param = ar->wmi.vdev_param->txbf;
2857 	value = 0;
2858 
2859 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2860 		return 0;
2861 
2862 	/* The following logic is correct. If a remote STA advertises support
2863 	 * for being a beamformer then we should enable us being a beamformee.
2864 	 */
2865 
2866 	if (ar->vht_cap_info &
2867 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2868 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2869 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2870 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2871 
2872 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2873 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2874 	}
2875 
2876 	if (ar->vht_cap_info &
2877 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2878 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2879 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2880 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2881 
2882 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2883 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2884 	}
2885 
2886 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2887 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2888 
2889 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2890 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2891 
2892 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2893 	if (ret) {
2894 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2895 			    value, ret);
2896 		return ret;
2897 	}
2898 
2899 	return 0;
2900 }
2901 
2902 static bool ath10k_mac_is_connected(struct ath10k *ar)
2903 {
2904 	struct ath10k_vif *arvif;
2905 
2906 	list_for_each_entry(arvif, &ar->arvifs, list) {
2907 		if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
2908 			return true;
2909 	}
2910 
2911 	return false;
2912 }
2913 
2914 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
2915 {
2916 	int ret;
2917 	u32 param;
2918 	int tx_power_2g, tx_power_5g;
2919 	bool connected;
2920 
2921 	lockdep_assert_held(&ar->conf_mutex);
2922 
2923 	/* ath10k internally uses unit of 0.5 dBm so multiply by 2 */
2924 	tx_power_2g = txpower * 2;
2925 	tx_power_5g = txpower * 2;
2926 
2927 	connected = ath10k_mac_is_connected(ar);
2928 
2929 	if (connected && ar->tx_power_2g_limit)
2930 		if (tx_power_2g > ar->tx_power_2g_limit)
2931 			tx_power_2g = ar->tx_power_2g_limit;
2932 
2933 	if (connected && ar->tx_power_5g_limit)
2934 		if (tx_power_5g > ar->tx_power_5g_limit)
2935 			tx_power_5g = ar->tx_power_5g_limit;
2936 
2937 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower 2g: %d, 5g: %d\n",
2938 		   tx_power_2g, tx_power_5g);
2939 
2940 	param = ar->wmi.pdev_param->txpower_limit2g;
2941 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_2g);
2942 	if (ret) {
2943 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
2944 			    tx_power_2g, ret);
2945 		return ret;
2946 	}
2947 
2948 	param = ar->wmi.pdev_param->txpower_limit5g;
2949 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_5g);
2950 	if (ret) {
2951 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
2952 			    tx_power_5g, ret);
2953 		return ret;
2954 	}
2955 
2956 	return 0;
2957 }
2958 
2959 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
2960 {
2961 	struct ath10k_vif *arvif;
2962 	int ret, txpower = -1;
2963 
2964 	lockdep_assert_held(&ar->conf_mutex);
2965 
2966 	list_for_each_entry(arvif, &ar->arvifs, list) {
2967 		/* txpower not initialized yet? */
2968 		if (arvif->txpower == INT_MIN)
2969 			continue;
2970 
2971 		if (txpower == -1)
2972 			txpower = arvif->txpower;
2973 		else
2974 			txpower = min(txpower, arvif->txpower);
2975 	}
2976 
2977 	if (txpower == -1)
2978 		return 0;
2979 
2980 	ret = ath10k_mac_txpower_setup(ar, txpower);
2981 	if (ret) {
2982 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
2983 			    txpower, ret);
2984 		return ret;
2985 	}
2986 
2987 	return 0;
2988 }
2989 
2990 static int ath10k_mac_set_sar_power(struct ath10k *ar)
2991 {
2992 	if (!ar->hw_params.dynamic_sar_support)
2993 		return -EOPNOTSUPP;
2994 
2995 	if (!ath10k_mac_is_connected(ar))
2996 		return 0;
2997 
2998 	/* if connected, then arvif->txpower must be valid */
2999 	return ath10k_mac_txpower_recalc(ar);
3000 }
3001 
3002 static int ath10k_mac_set_sar_specs(struct ieee80211_hw *hw,
3003 				    const struct cfg80211_sar_specs *sar)
3004 {
3005 	const struct cfg80211_sar_sub_specs *sub_specs;
3006 	struct ath10k *ar = hw->priv;
3007 	u32 i;
3008 	int ret;
3009 
3010 	mutex_lock(&ar->conf_mutex);
3011 
3012 	if (!ar->hw_params.dynamic_sar_support) {
3013 		ret = -EOPNOTSUPP;
3014 		goto err;
3015 	}
3016 
3017 	if (!sar || sar->type != NL80211_SAR_TYPE_POWER ||
3018 	    sar->num_sub_specs == 0) {
3019 		ret = -EINVAL;
3020 		goto err;
3021 	}
3022 
3023 	sub_specs = sar->sub_specs;
3024 
3025 	/* 0dbm is not a practical value for ath10k, so use 0
3026 	 * as no SAR limitation on it.
3027 	 */
3028 	ar->tx_power_2g_limit = 0;
3029 	ar->tx_power_5g_limit = 0;
3030 
3031 	/* note the power is in 0.25dbm unit, while ath10k uses
3032 	 * 0.5dbm unit.
3033 	 */
3034 	for (i = 0; i < sar->num_sub_specs; i++) {
3035 		if (sub_specs->freq_range_index == 0)
3036 			ar->tx_power_2g_limit = sub_specs->power / 2;
3037 		else if (sub_specs->freq_range_index == 1)
3038 			ar->tx_power_5g_limit = sub_specs->power / 2;
3039 
3040 		sub_specs++;
3041 	}
3042 
3043 	ret = ath10k_mac_set_sar_power(ar);
3044 	if (ret) {
3045 		ath10k_warn(ar, "failed to set sar power: %d", ret);
3046 		goto err;
3047 	}
3048 
3049 err:
3050 	mutex_unlock(&ar->conf_mutex);
3051 	return ret;
3052 }
3053 
3054 /* can be called only in mac80211 callbacks due to `key_count` usage */
3055 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
3056 			     struct ieee80211_vif *vif,
3057 			     struct ieee80211_bss_conf *bss_conf)
3058 {
3059 	struct ath10k *ar = hw->priv;
3060 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3061 	struct ieee80211_sta_ht_cap ht_cap;
3062 	struct ieee80211_sta_vht_cap vht_cap;
3063 	struct wmi_peer_assoc_complete_arg peer_arg;
3064 	struct ieee80211_sta *ap_sta;
3065 	int ret;
3066 
3067 	lockdep_assert_held(&ar->conf_mutex);
3068 
3069 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
3070 		   arvif->vdev_id, arvif->bssid, arvif->aid);
3071 
3072 	rcu_read_lock();
3073 
3074 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
3075 	if (!ap_sta) {
3076 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
3077 			    bss_conf->bssid, arvif->vdev_id);
3078 		rcu_read_unlock();
3079 		return;
3080 	}
3081 
3082 	/* ap_sta must be accessed only within rcu section which must be left
3083 	 * before calling ath10k_setup_peer_smps() which might sleep.
3084 	 */
3085 	ht_cap = ap_sta->deflink.ht_cap;
3086 	vht_cap = ap_sta->deflink.vht_cap;
3087 
3088 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
3089 	if (ret) {
3090 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
3091 			    bss_conf->bssid, arvif->vdev_id, ret);
3092 		rcu_read_unlock();
3093 		return;
3094 	}
3095 
3096 	rcu_read_unlock();
3097 
3098 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3099 	if (ret) {
3100 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
3101 			    bss_conf->bssid, arvif->vdev_id, ret);
3102 		return;
3103 	}
3104 
3105 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
3106 	if (ret) {
3107 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
3108 			    arvif->vdev_id, ret);
3109 		return;
3110 	}
3111 
3112 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3113 	if (ret) {
3114 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
3115 			    arvif->vdev_id, bss_conf->bssid, ret);
3116 		return;
3117 	}
3118 
3119 	ath10k_dbg(ar, ATH10K_DBG_MAC,
3120 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
3121 		   arvif->vdev_id, bss_conf->bssid, bss_conf->aid);
3122 
3123 	WARN_ON(arvif->is_up);
3124 
3125 	arvif->aid = bss_conf->aid;
3126 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
3127 
3128 	ret = ath10k_wmi_pdev_set_param(ar,
3129 					ar->wmi.pdev_param->peer_stats_info_enable, 1);
3130 	if (ret)
3131 		ath10k_warn(ar, "failed to enable peer stats info: %d\n", ret);
3132 
3133 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
3134 	if (ret) {
3135 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
3136 			    arvif->vdev_id, ret);
3137 		return;
3138 	}
3139 
3140 	arvif->is_up = true;
3141 
3142 	ath10k_mac_set_sar_power(ar);
3143 
3144 	/* Workaround: Some firmware revisions (tested with qca6174
3145 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
3146 	 * poked with peer param command.
3147 	 */
3148 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
3149 					ar->wmi.peer_param->dummy_var, 1);
3150 	if (ret) {
3151 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
3152 			    arvif->bssid, arvif->vdev_id, ret);
3153 		return;
3154 	}
3155 }
3156 
3157 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
3158 				struct ieee80211_vif *vif)
3159 {
3160 	struct ath10k *ar = hw->priv;
3161 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3162 	struct ieee80211_sta_vht_cap vht_cap = {};
3163 	int ret;
3164 
3165 	lockdep_assert_held(&ar->conf_mutex);
3166 
3167 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
3168 		   arvif->vdev_id, arvif->bssid);
3169 
3170 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
3171 	if (ret)
3172 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
3173 			    arvif->vdev_id, ret);
3174 
3175 	arvif->def_wep_key_idx = -1;
3176 
3177 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3178 	if (ret) {
3179 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
3180 			    arvif->vdev_id, ret);
3181 		return;
3182 	}
3183 
3184 	arvif->is_up = false;
3185 
3186 	ath10k_mac_txpower_recalc(ar);
3187 
3188 	cancel_delayed_work_sync(&arvif->connection_loss_work);
3189 }
3190 
3191 static int ath10k_new_peer_tid_config(struct ath10k *ar,
3192 				      struct ieee80211_sta *sta,
3193 				      struct ath10k_vif *arvif)
3194 {
3195 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
3196 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3197 	bool config_apply;
3198 	int ret, i;
3199 
3200 	for (i = 0; i < ATH10K_TID_MAX; i++) {
3201 		config_apply = false;
3202 		if (arvif->retry_long[i] || arvif->ampdu[i] ||
3203 		    arvif->rate_ctrl[i] || arvif->rtscts[i]) {
3204 			config_apply = true;
3205 			arg.tid = i;
3206 			arg.vdev_id = arvif->vdev_id;
3207 			arg.retry_count = arvif->retry_long[i];
3208 			arg.aggr_control = arvif->ampdu[i];
3209 			arg.rate_ctrl = arvif->rate_ctrl[i];
3210 			arg.rcode_flags = arvif->rate_code[i];
3211 
3212 			if (arvif->rtscts[i])
3213 				arg.ext_tid_cfg_bitmap =
3214 					WMI_EXT_TID_RTS_CTS_CONFIG;
3215 			else
3216 				arg.ext_tid_cfg_bitmap = 0;
3217 
3218 			arg.rtscts_ctrl = arvif->rtscts[i];
3219 		}
3220 
3221 		if (arvif->noack[i]) {
3222 			arg.ack_policy = arvif->noack[i];
3223 			arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
3224 			arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
3225 			config_apply = true;
3226 		}
3227 
3228 		/* Assign default value(-1) to newly connected station.
3229 		 * This is to identify station specific tid configuration not
3230 		 * configured for the station.
3231 		 */
3232 		arsta->retry_long[i] = -1;
3233 		arsta->noack[i] = -1;
3234 		arsta->ampdu[i] = -1;
3235 
3236 		if (!config_apply)
3237 			continue;
3238 
3239 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
3240 
3241 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
3242 		if (ret) {
3243 			ath10k_warn(ar, "failed to set per tid retry/aggr config for sta %pM: %d\n",
3244 				    sta->addr, ret);
3245 			return ret;
3246 		}
3247 
3248 		memset(&arg, 0, sizeof(arg));
3249 	}
3250 
3251 	return 0;
3252 }
3253 
3254 static int ath10k_station_assoc(struct ath10k *ar,
3255 				struct ieee80211_vif *vif,
3256 				struct ieee80211_sta *sta,
3257 				bool reassoc)
3258 {
3259 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3260 	struct wmi_peer_assoc_complete_arg peer_arg;
3261 	int ret = 0;
3262 
3263 	lockdep_assert_held(&ar->conf_mutex);
3264 
3265 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
3266 	if (ret) {
3267 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
3268 			    sta->addr, arvif->vdev_id, ret);
3269 		return ret;
3270 	}
3271 
3272 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3273 	if (ret) {
3274 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
3275 			    sta->addr, arvif->vdev_id, ret);
3276 		return ret;
3277 	}
3278 
3279 	/* Re-assoc is run only to update supported rates for given station. It
3280 	 * doesn't make much sense to reconfigure the peer completely.
3281 	 */
3282 	if (!reassoc) {
3283 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3284 					     &sta->deflink.ht_cap);
3285 		if (ret) {
3286 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3287 				    arvif->vdev_id, ret);
3288 			return ret;
3289 		}
3290 
3291 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3292 		if (ret) {
3293 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3294 				    sta->addr, arvif->vdev_id, ret);
3295 			return ret;
3296 		}
3297 
3298 		if (!sta->wme) {
3299 			arvif->num_legacy_stations++;
3300 			ret  = ath10k_recalc_rtscts_prot(arvif);
3301 			if (ret) {
3302 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3303 					    arvif->vdev_id, ret);
3304 				return ret;
3305 			}
3306 		}
3307 
3308 		/* Plumb cached keys only for static WEP */
3309 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3310 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3311 			if (ret) {
3312 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3313 					    arvif->vdev_id, ret);
3314 				return ret;
3315 			}
3316 		}
3317 	}
3318 
3319 	if (!test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map))
3320 		return ret;
3321 
3322 	return ath10k_new_peer_tid_config(ar, sta, arvif);
3323 }
3324 
3325 static int ath10k_station_disassoc(struct ath10k *ar,
3326 				   struct ieee80211_vif *vif,
3327 				   struct ieee80211_sta *sta)
3328 {
3329 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3330 	int ret = 0;
3331 
3332 	lockdep_assert_held(&ar->conf_mutex);
3333 
3334 	if (!sta->wme) {
3335 		arvif->num_legacy_stations--;
3336 		ret = ath10k_recalc_rtscts_prot(arvif);
3337 		if (ret) {
3338 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3339 				    arvif->vdev_id, ret);
3340 			return ret;
3341 		}
3342 	}
3343 
3344 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3345 	if (ret) {
3346 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3347 			    arvif->vdev_id, ret);
3348 		return ret;
3349 	}
3350 
3351 	return ret;
3352 }
3353 
3354 /**************/
3355 /* Regulatory */
3356 /**************/
3357 
3358 static int ath10k_update_channel_list(struct ath10k *ar)
3359 {
3360 	struct ieee80211_hw *hw = ar->hw;
3361 	struct ieee80211_supported_band **bands;
3362 	enum nl80211_band band;
3363 	struct ieee80211_channel *channel;
3364 	struct wmi_scan_chan_list_arg arg = {0};
3365 	struct wmi_channel_arg *ch;
3366 	bool passive;
3367 	int len;
3368 	int ret;
3369 	int i;
3370 
3371 	lockdep_assert_held(&ar->conf_mutex);
3372 
3373 	bands = hw->wiphy->bands;
3374 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3375 		if (!bands[band])
3376 			continue;
3377 
3378 		for (i = 0; i < bands[band]->n_channels; i++) {
3379 			if (bands[band]->channels[i].flags &
3380 			    IEEE80211_CHAN_DISABLED)
3381 				continue;
3382 
3383 			arg.n_channels++;
3384 		}
3385 	}
3386 
3387 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3388 	arg.channels = kzalloc(len, GFP_KERNEL);
3389 	if (!arg.channels)
3390 		return -ENOMEM;
3391 
3392 	ch = arg.channels;
3393 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3394 		if (!bands[band])
3395 			continue;
3396 
3397 		for (i = 0; i < bands[band]->n_channels; i++) {
3398 			channel = &bands[band]->channels[i];
3399 
3400 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3401 				continue;
3402 
3403 			ch->allow_ht = true;
3404 
3405 			/* FIXME: when should we really allow VHT? */
3406 			ch->allow_vht = true;
3407 
3408 			ch->allow_ibss =
3409 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3410 
3411 			ch->ht40plus =
3412 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3413 
3414 			ch->chan_radar =
3415 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3416 
3417 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3418 			ch->passive = passive;
3419 
3420 			/* the firmware is ignoring the "radar" flag of the
3421 			 * channel and is scanning actively using Probe Requests
3422 			 * on "Radar detection"/DFS channels which are not
3423 			 * marked as "available"
3424 			 */
3425 			ch->passive |= ch->chan_radar;
3426 
3427 			ch->freq = channel->center_freq;
3428 			ch->band_center_freq1 = channel->center_freq;
3429 			ch->min_power = 0;
3430 			ch->max_power = channel->max_power * 2;
3431 			ch->max_reg_power = channel->max_reg_power * 2;
3432 			ch->max_antenna_gain = channel->max_antenna_gain;
3433 			ch->reg_class_id = 0; /* FIXME */
3434 
3435 			/* FIXME: why use only legacy modes, why not any
3436 			 * HT/VHT modes? Would that even make any
3437 			 * difference?
3438 			 */
3439 			if (channel->band == NL80211_BAND_2GHZ)
3440 				ch->mode = MODE_11G;
3441 			else
3442 				ch->mode = MODE_11A;
3443 
3444 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3445 				continue;
3446 
3447 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3448 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3449 				    ch - arg.channels, arg.n_channels,
3450 				   ch->freq, ch->max_power, ch->max_reg_power,
3451 				   ch->max_antenna_gain, ch->mode);
3452 
3453 			ch++;
3454 		}
3455 	}
3456 
3457 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3458 	kfree(arg.channels);
3459 
3460 	return ret;
3461 }
3462 
3463 static enum wmi_dfs_region
3464 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3465 {
3466 	switch (dfs_region) {
3467 	case NL80211_DFS_UNSET:
3468 		return WMI_UNINIT_DFS_DOMAIN;
3469 	case NL80211_DFS_FCC:
3470 		return WMI_FCC_DFS_DOMAIN;
3471 	case NL80211_DFS_ETSI:
3472 		return WMI_ETSI_DFS_DOMAIN;
3473 	case NL80211_DFS_JP:
3474 		return WMI_MKK4_DFS_DOMAIN;
3475 	}
3476 	return WMI_UNINIT_DFS_DOMAIN;
3477 }
3478 
3479 static void ath10k_regd_update(struct ath10k *ar)
3480 {
3481 	struct reg_dmn_pair_mapping *regpair;
3482 	int ret;
3483 	enum wmi_dfs_region wmi_dfs_reg;
3484 	enum nl80211_dfs_regions nl_dfs_reg;
3485 
3486 	lockdep_assert_held(&ar->conf_mutex);
3487 
3488 	ret = ath10k_update_channel_list(ar);
3489 	if (ret)
3490 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3491 
3492 	regpair = ar->ath_common.regulatory.regpair;
3493 
3494 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3495 		nl_dfs_reg = ar->dfs_detector->region;
3496 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3497 	} else {
3498 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3499 	}
3500 
3501 	/* Target allows setting up per-band regdomain but ath_common provides
3502 	 * a combined one only
3503 	 */
3504 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3505 					    regpair->reg_domain,
3506 					    regpair->reg_domain, /* 2ghz */
3507 					    regpair->reg_domain, /* 5ghz */
3508 					    regpair->reg_2ghz_ctl,
3509 					    regpair->reg_5ghz_ctl,
3510 					    wmi_dfs_reg);
3511 	if (ret)
3512 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3513 }
3514 
3515 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3516 					   struct ieee80211_supported_band *band)
3517 {
3518 	int i;
3519 
3520 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3521 		for (i = 0; i < band->n_channels; i++) {
3522 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3523 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3524 				band->channels[i].flags |=
3525 					IEEE80211_CHAN_DISABLED;
3526 		}
3527 	}
3528 }
3529 
3530 static void ath10k_reg_notifier(struct wiphy *wiphy,
3531 				struct regulatory_request *request)
3532 {
3533 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3534 	struct ath10k *ar = hw->priv;
3535 	bool result;
3536 
3537 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3538 
3539 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3540 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3541 			   request->dfs_region);
3542 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3543 							  request->dfs_region);
3544 		if (!result)
3545 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3546 				    request->dfs_region);
3547 	}
3548 
3549 	mutex_lock(&ar->conf_mutex);
3550 	if (ar->state == ATH10K_STATE_ON)
3551 		ath10k_regd_update(ar);
3552 	mutex_unlock(&ar->conf_mutex);
3553 
3554 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3555 		ath10k_mac_update_channel_list(ar,
3556 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3557 }
3558 
3559 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3560 {
3561 	spin_lock_bh(&ar->data_lock);
3562 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3563 	spin_unlock_bh(&ar->data_lock);
3564 
3565 	cancel_work_sync(&ar->radar_confirmation_work);
3566 }
3567 
3568 /***************/
3569 /* TX handlers */
3570 /***************/
3571 
3572 enum ath10k_mac_tx_path {
3573 	ATH10K_MAC_TX_HTT,
3574 	ATH10K_MAC_TX_HTT_MGMT,
3575 	ATH10K_MAC_TX_WMI_MGMT,
3576 	ATH10K_MAC_TX_UNKNOWN,
3577 };
3578 
3579 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3580 {
3581 	lockdep_assert_held(&ar->htt.tx_lock);
3582 
3583 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3584 	ar->tx_paused |= BIT(reason);
3585 	ieee80211_stop_queues(ar->hw);
3586 }
3587 
3588 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3589 				      struct ieee80211_vif *vif)
3590 {
3591 	struct ath10k *ar = data;
3592 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3593 
3594 	if (arvif->tx_paused)
3595 		return;
3596 
3597 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3598 }
3599 
3600 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3601 {
3602 	lockdep_assert_held(&ar->htt.tx_lock);
3603 
3604 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3605 	ar->tx_paused &= ~BIT(reason);
3606 
3607 	if (ar->tx_paused)
3608 		return;
3609 
3610 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3611 						   ATH10K_ITER_RESUME_FLAGS,
3612 						   ath10k_mac_tx_unlock_iter,
3613 						   ar);
3614 
3615 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3616 }
3617 
3618 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3619 {
3620 	struct ath10k *ar = arvif->ar;
3621 
3622 	lockdep_assert_held(&ar->htt.tx_lock);
3623 
3624 	WARN_ON(reason >= BITS_PER_LONG);
3625 	arvif->tx_paused |= BIT(reason);
3626 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3627 }
3628 
3629 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3630 {
3631 	struct ath10k *ar = arvif->ar;
3632 
3633 	lockdep_assert_held(&ar->htt.tx_lock);
3634 
3635 	WARN_ON(reason >= BITS_PER_LONG);
3636 	arvif->tx_paused &= ~BIT(reason);
3637 
3638 	if (ar->tx_paused)
3639 		return;
3640 
3641 	if (arvif->tx_paused)
3642 		return;
3643 
3644 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3645 }
3646 
3647 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3648 					   enum wmi_tlv_tx_pause_id pause_id,
3649 					   enum wmi_tlv_tx_pause_action action)
3650 {
3651 	struct ath10k *ar = arvif->ar;
3652 
3653 	lockdep_assert_held(&ar->htt.tx_lock);
3654 
3655 	switch (action) {
3656 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3657 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3658 		break;
3659 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3660 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3661 		break;
3662 	default:
3663 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3664 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3665 			    action, arvif->vdev_id);
3666 		break;
3667 	}
3668 }
3669 
3670 struct ath10k_mac_tx_pause {
3671 	u32 vdev_id;
3672 	enum wmi_tlv_tx_pause_id pause_id;
3673 	enum wmi_tlv_tx_pause_action action;
3674 };
3675 
3676 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3677 					    struct ieee80211_vif *vif)
3678 {
3679 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3680 	struct ath10k_mac_tx_pause *arg = data;
3681 
3682 	if (arvif->vdev_id != arg->vdev_id)
3683 		return;
3684 
3685 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3686 }
3687 
3688 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3689 				     enum wmi_tlv_tx_pause_id pause_id,
3690 				     enum wmi_tlv_tx_pause_action action)
3691 {
3692 	struct ath10k_mac_tx_pause arg = {
3693 		.vdev_id = vdev_id,
3694 		.pause_id = pause_id,
3695 		.action = action,
3696 	};
3697 
3698 	spin_lock_bh(&ar->htt.tx_lock);
3699 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3700 						   ATH10K_ITER_RESUME_FLAGS,
3701 						   ath10k_mac_handle_tx_pause_iter,
3702 						   &arg);
3703 	spin_unlock_bh(&ar->htt.tx_lock);
3704 }
3705 
3706 static enum ath10k_hw_txrx_mode
3707 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3708 			   struct ieee80211_vif *vif,
3709 			   struct ieee80211_sta *sta,
3710 			   struct sk_buff *skb)
3711 {
3712 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3713 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3714 	__le16 fc = hdr->frame_control;
3715 
3716 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3717 		return ATH10K_HW_TXRX_RAW;
3718 
3719 	if (ieee80211_is_mgmt(fc))
3720 		return ATH10K_HW_TXRX_MGMT;
3721 
3722 	/* Workaround:
3723 	 *
3724 	 * NullFunc frames are mostly used to ping if a client or AP are still
3725 	 * reachable and responsive. This implies tx status reports must be
3726 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3727 	 * come to a conclusion that the other end disappeared and tear down
3728 	 * BSS connection or it can never disconnect from BSS/client (which is
3729 	 * the case).
3730 	 *
3731 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3732 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3733 	 * which seems to deliver correct tx reports for NullFunc frames. The
3734 	 * downside of using it is it ignores client powersave state so it can
3735 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3736 	 * mode though because AP don't sleep.
3737 	 */
3738 	if (ar->htt.target_version_major < 3 &&
3739 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3740 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3741 		      ar->running_fw->fw_file.fw_features))
3742 		return ATH10K_HW_TXRX_MGMT;
3743 
3744 	/* Workaround:
3745 	 *
3746 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3747 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3748 	 * to work with Ethernet txmode so use it.
3749 	 *
3750 	 * FIXME: Check if raw mode works with TDLS.
3751 	 */
3752 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3753 		return ATH10K_HW_TXRX_ETHERNET;
3754 
3755 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3756 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3757 		return ATH10K_HW_TXRX_RAW;
3758 
3759 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3760 }
3761 
3762 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3763 				     struct sk_buff *skb)
3764 {
3765 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3766 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3767 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3768 			 IEEE80211_TX_CTL_INJECTED;
3769 
3770 	if (!ieee80211_has_protected(hdr->frame_control))
3771 		return false;
3772 
3773 	if ((info->flags & mask) == mask)
3774 		return false;
3775 
3776 	if (vif)
3777 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3778 
3779 	return true;
3780 }
3781 
3782 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3783  * Control in the header.
3784  */
3785 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3786 {
3787 	struct ieee80211_hdr *hdr = (void *)skb->data;
3788 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3789 	u8 *qos_ctl;
3790 
3791 	if (!ieee80211_is_data_qos(hdr->frame_control))
3792 		return;
3793 
3794 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3795 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3796 		skb->data, (void *)qos_ctl - (void *)skb->data);
3797 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3798 
3799 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3800 	 * These frames are mainly used for CQM purposes so it doesn't really
3801 	 * matter whether QoS NullFunc or NullFunc are sent.
3802 	 */
3803 	hdr = (void *)skb->data;
3804 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3805 		cb->flags &= ~ATH10K_SKB_F_QOS;
3806 
3807 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3808 }
3809 
3810 static void ath10k_tx_h_8023(struct sk_buff *skb)
3811 {
3812 	struct ieee80211_hdr *hdr;
3813 	struct rfc1042_hdr *rfc1042;
3814 	struct ethhdr *eth;
3815 	size_t hdrlen;
3816 	u8 da[ETH_ALEN];
3817 	u8 sa[ETH_ALEN];
3818 	__be16 type;
3819 
3820 	hdr = (void *)skb->data;
3821 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3822 	rfc1042 = (void *)skb->data + hdrlen;
3823 
3824 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3825 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3826 	type = rfc1042->snap_type;
3827 
3828 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3829 	skb_push(skb, sizeof(*eth));
3830 
3831 	eth = (void *)skb->data;
3832 	ether_addr_copy(eth->h_dest, da);
3833 	ether_addr_copy(eth->h_source, sa);
3834 	eth->h_proto = type;
3835 }
3836 
3837 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3838 				       struct ieee80211_vif *vif,
3839 				       struct sk_buff *skb)
3840 {
3841 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3842 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3843 
3844 	/* This is case only for P2P_GO */
3845 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3846 		return;
3847 
3848 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3849 		spin_lock_bh(&ar->data_lock);
3850 		if (arvif->u.ap.noa_data)
3851 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3852 					      GFP_ATOMIC))
3853 				skb_put_data(skb, arvif->u.ap.noa_data,
3854 					     arvif->u.ap.noa_len);
3855 		spin_unlock_bh(&ar->data_lock);
3856 	}
3857 }
3858 
3859 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3860 				    struct ieee80211_vif *vif,
3861 				    struct ieee80211_txq *txq,
3862 				    struct ieee80211_sta *sta,
3863 				    struct sk_buff *skb, u16 airtime)
3864 {
3865 	struct ieee80211_hdr *hdr = (void *)skb->data;
3866 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3867 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3868 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3869 			ieee80211_is_data_qos(hdr->frame_control);
3870 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3871 	struct ath10k_sta *arsta;
3872 	u8 tid, *qos_ctl;
3873 	bool noack = false;
3874 
3875 	cb->flags = 0;
3876 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3877 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3878 
3879 	if (ieee80211_is_mgmt(hdr->frame_control))
3880 		cb->flags |= ATH10K_SKB_F_MGMT;
3881 
3882 	if (ieee80211_is_data_qos(hdr->frame_control)) {
3883 		cb->flags |= ATH10K_SKB_F_QOS;
3884 		qos_ctl = ieee80211_get_qos_ctl(hdr);
3885 		tid = (*qos_ctl) & IEEE80211_QOS_CTL_TID_MASK;
3886 
3887 		if (arvif->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3888 			noack = true;
3889 
3890 		if (sta) {
3891 			arsta = (struct ath10k_sta *)sta->drv_priv;
3892 
3893 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3894 				noack = true;
3895 
3896 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_ACK)
3897 				noack = false;
3898 		}
3899 
3900 		if (noack)
3901 			cb->flags |= ATH10K_SKB_F_NOACK_TID;
3902 	}
3903 
3904 	/* Data frames encrypted in software will be posted to firmware
3905 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3906 	 * for a specific VLAN group will always be encrypted in software.
3907 	 */
3908 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3909 	    !info->control.hw_key) {
3910 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3911 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3912 	}
3913 
3914 	cb->vif = vif;
3915 	cb->txq = txq;
3916 	cb->airtime_est = airtime;
3917 	if (sta) {
3918 		arsta = (struct ath10k_sta *)sta->drv_priv;
3919 		spin_lock_bh(&ar->data_lock);
3920 		cb->ucast_cipher = arsta->ucast_cipher;
3921 		spin_unlock_bh(&ar->data_lock);
3922 	}
3923 }
3924 
3925 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3926 {
3927 	/* FIXME: Not really sure since when the behaviour changed. At some
3928 	 * point new firmware stopped requiring creation of peer entries for
3929 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3930 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3931 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3932 	 */
3933 	return (ar->htt.target_version_major >= 3 &&
3934 		ar->htt.target_version_minor >= 4 &&
3935 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3936 }
3937 
3938 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3939 {
3940 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3941 
3942 	if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
3943 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3944 		return -ENOSPC;
3945 	}
3946 
3947 	skb_queue_tail(q, skb);
3948 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3949 
3950 	return 0;
3951 }
3952 
3953 static enum ath10k_mac_tx_path
3954 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3955 			   struct sk_buff *skb,
3956 			   enum ath10k_hw_txrx_mode txmode)
3957 {
3958 	switch (txmode) {
3959 	case ATH10K_HW_TXRX_RAW:
3960 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3961 	case ATH10K_HW_TXRX_ETHERNET:
3962 		return ATH10K_MAC_TX_HTT;
3963 	case ATH10K_HW_TXRX_MGMT:
3964 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3965 			     ar->running_fw->fw_file.fw_features) ||
3966 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
3967 				      ar->wmi.svc_map))
3968 			return ATH10K_MAC_TX_WMI_MGMT;
3969 		else if (ar->htt.target_version_major >= 3)
3970 			return ATH10K_MAC_TX_HTT;
3971 		else
3972 			return ATH10K_MAC_TX_HTT_MGMT;
3973 	}
3974 
3975 	return ATH10K_MAC_TX_UNKNOWN;
3976 }
3977 
3978 static int ath10k_mac_tx_submit(struct ath10k *ar,
3979 				enum ath10k_hw_txrx_mode txmode,
3980 				enum ath10k_mac_tx_path txpath,
3981 				struct sk_buff *skb)
3982 {
3983 	struct ath10k_htt *htt = &ar->htt;
3984 	int ret = -EINVAL;
3985 
3986 	switch (txpath) {
3987 	case ATH10K_MAC_TX_HTT:
3988 		ret = ath10k_htt_tx(htt, txmode, skb);
3989 		break;
3990 	case ATH10K_MAC_TX_HTT_MGMT:
3991 		ret = ath10k_htt_mgmt_tx(htt, skb);
3992 		break;
3993 	case ATH10K_MAC_TX_WMI_MGMT:
3994 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
3995 		break;
3996 	case ATH10K_MAC_TX_UNKNOWN:
3997 		WARN_ON_ONCE(1);
3998 		ret = -EINVAL;
3999 		break;
4000 	}
4001 
4002 	if (ret) {
4003 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
4004 			    ret);
4005 		ieee80211_free_txskb(ar->hw, skb);
4006 	}
4007 
4008 	return ret;
4009 }
4010 
4011 /* This function consumes the sk_buff regardless of return value as far as
4012  * caller is concerned so no freeing is necessary afterwards.
4013  */
4014 static int ath10k_mac_tx(struct ath10k *ar,
4015 			 struct ieee80211_vif *vif,
4016 			 enum ath10k_hw_txrx_mode txmode,
4017 			 enum ath10k_mac_tx_path txpath,
4018 			 struct sk_buff *skb, bool noque_offchan)
4019 {
4020 	struct ieee80211_hw *hw = ar->hw;
4021 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4022 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
4023 	int ret;
4024 
4025 	/* We should disable CCK RATE due to P2P */
4026 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
4027 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
4028 
4029 	switch (txmode) {
4030 	case ATH10K_HW_TXRX_MGMT:
4031 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4032 		ath10k_tx_h_nwifi(hw, skb);
4033 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
4034 		ath10k_tx_h_seq_no(vif, skb);
4035 		break;
4036 	case ATH10K_HW_TXRX_ETHERNET:
4037 		ath10k_tx_h_8023(skb);
4038 		break;
4039 	case ATH10K_HW_TXRX_RAW:
4040 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
4041 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
4042 			WARN_ON_ONCE(1);
4043 			ieee80211_free_txskb(hw, skb);
4044 			return -ENOTSUPP;
4045 		}
4046 	}
4047 
4048 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
4049 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
4050 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %pK len %d\n",
4051 				   skb, skb->len);
4052 
4053 			skb_queue_tail(&ar->offchan_tx_queue, skb);
4054 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
4055 			return 0;
4056 		}
4057 	}
4058 
4059 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
4060 	if (ret) {
4061 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
4062 		return ret;
4063 	}
4064 
4065 	return 0;
4066 }
4067 
4068 void ath10k_offchan_tx_purge(struct ath10k *ar)
4069 {
4070 	struct sk_buff *skb;
4071 
4072 	for (;;) {
4073 		skb = skb_dequeue(&ar->offchan_tx_queue);
4074 		if (!skb)
4075 			break;
4076 
4077 		ieee80211_free_txskb(ar->hw, skb);
4078 	}
4079 }
4080 
4081 void ath10k_offchan_tx_work(struct work_struct *work)
4082 {
4083 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
4084 	struct ath10k_peer *peer;
4085 	struct ath10k_vif *arvif;
4086 	enum ath10k_hw_txrx_mode txmode;
4087 	enum ath10k_mac_tx_path txpath;
4088 	struct ieee80211_hdr *hdr;
4089 	struct ieee80211_vif *vif;
4090 	struct ieee80211_sta *sta;
4091 	struct sk_buff *skb;
4092 	const u8 *peer_addr;
4093 	int vdev_id;
4094 	int ret;
4095 	unsigned long time_left;
4096 	bool tmp_peer_created = false;
4097 
4098 	/* FW requirement: We must create a peer before FW will send out
4099 	 * an offchannel frame. Otherwise the frame will be stuck and
4100 	 * never transmitted. We delete the peer upon tx completion.
4101 	 * It is unlikely that a peer for offchannel tx will already be
4102 	 * present. However it may be in some rare cases so account for that.
4103 	 * Otherwise we might remove a legitimate peer and break stuff.
4104 	 */
4105 
4106 	for (;;) {
4107 		skb = skb_dequeue(&ar->offchan_tx_queue);
4108 		if (!skb)
4109 			break;
4110 
4111 		mutex_lock(&ar->conf_mutex);
4112 
4113 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %pK len %d\n",
4114 			   skb, skb->len);
4115 
4116 		hdr = (struct ieee80211_hdr *)skb->data;
4117 		peer_addr = ieee80211_get_DA(hdr);
4118 
4119 		spin_lock_bh(&ar->data_lock);
4120 		vdev_id = ar->scan.vdev_id;
4121 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
4122 		spin_unlock_bh(&ar->data_lock);
4123 
4124 		if (peer) {
4125 			ath10k_warn(ar, "peer %pM on vdev %d already present\n",
4126 				    peer_addr, vdev_id);
4127 		} else {
4128 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
4129 						 peer_addr,
4130 						 WMI_PEER_TYPE_DEFAULT);
4131 			if (ret)
4132 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
4133 					    peer_addr, vdev_id, ret);
4134 			tmp_peer_created = (ret == 0);
4135 		}
4136 
4137 		spin_lock_bh(&ar->data_lock);
4138 		reinit_completion(&ar->offchan_tx_completed);
4139 		ar->offchan_tx_skb = skb;
4140 		spin_unlock_bh(&ar->data_lock);
4141 
4142 		/* It's safe to access vif and sta - conf_mutex guarantees that
4143 		 * sta_state() and remove_interface() are locked exclusively
4144 		 * out wrt to this offchannel worker.
4145 		 */
4146 		arvif = ath10k_get_arvif(ar, vdev_id);
4147 		if (arvif) {
4148 			vif = arvif->vif;
4149 			sta = ieee80211_find_sta(vif, peer_addr);
4150 		} else {
4151 			vif = NULL;
4152 			sta = NULL;
4153 		}
4154 
4155 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4156 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4157 
4158 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
4159 		if (ret) {
4160 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
4161 				    ret);
4162 			/* not serious */
4163 		}
4164 
4165 		time_left =
4166 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
4167 		if (time_left == 0)
4168 			ath10k_warn(ar, "timed out waiting for offchannel skb %pK, len: %d\n",
4169 				    skb, skb->len);
4170 
4171 		if (!peer && tmp_peer_created) {
4172 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
4173 			if (ret)
4174 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
4175 					    peer_addr, vdev_id, ret);
4176 		}
4177 
4178 		mutex_unlock(&ar->conf_mutex);
4179 	}
4180 }
4181 
4182 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
4183 {
4184 	struct sk_buff *skb;
4185 
4186 	for (;;) {
4187 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4188 		if (!skb)
4189 			break;
4190 
4191 		ieee80211_free_txskb(ar->hw, skb);
4192 	}
4193 }
4194 
4195 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
4196 {
4197 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
4198 	struct sk_buff *skb;
4199 	dma_addr_t paddr;
4200 	int ret;
4201 
4202 	for (;;) {
4203 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4204 		if (!skb)
4205 			break;
4206 
4207 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
4208 			     ar->running_fw->fw_file.fw_features)) {
4209 			paddr = dma_map_single(ar->dev, skb->data,
4210 					       skb->len, DMA_TO_DEVICE);
4211 			if (dma_mapping_error(ar->dev, paddr)) {
4212 				ieee80211_free_txskb(ar->hw, skb);
4213 				continue;
4214 			}
4215 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
4216 			if (ret) {
4217 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
4218 					    ret);
4219 				/* remove this msdu from idr tracking */
4220 				ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
4221 
4222 				dma_unmap_single(ar->dev, paddr, skb->len,
4223 						 DMA_TO_DEVICE);
4224 				ieee80211_free_txskb(ar->hw, skb);
4225 			}
4226 		} else {
4227 			ret = ath10k_wmi_mgmt_tx(ar, skb);
4228 			if (ret) {
4229 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
4230 					    ret);
4231 				ieee80211_free_txskb(ar->hw, skb);
4232 			}
4233 		}
4234 	}
4235 }
4236 
4237 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
4238 {
4239 	struct ath10k_txq *artxq;
4240 
4241 	if (!txq)
4242 		return;
4243 
4244 	artxq = (void *)txq->drv_priv;
4245 	INIT_LIST_HEAD(&artxq->list);
4246 }
4247 
4248 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
4249 {
4250 	struct ath10k_skb_cb *cb;
4251 	struct sk_buff *msdu;
4252 	int msdu_id;
4253 
4254 	if (!txq)
4255 		return;
4256 
4257 	spin_lock_bh(&ar->htt.tx_lock);
4258 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
4259 		cb = ATH10K_SKB_CB(msdu);
4260 		if (cb->txq == txq)
4261 			cb->txq = NULL;
4262 	}
4263 	spin_unlock_bh(&ar->htt.tx_lock);
4264 }
4265 
4266 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
4267 					    u16 peer_id,
4268 					    u8 tid)
4269 {
4270 	struct ath10k_peer *peer;
4271 
4272 	lockdep_assert_held(&ar->data_lock);
4273 
4274 	peer = ar->peer_map[peer_id];
4275 	if (!peer)
4276 		return NULL;
4277 
4278 	if (peer->removed)
4279 		return NULL;
4280 
4281 	if (peer->sta)
4282 		return peer->sta->txq[tid];
4283 	else if (peer->vif)
4284 		return peer->vif->txq;
4285 	else
4286 		return NULL;
4287 }
4288 
4289 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
4290 				   struct ieee80211_txq *txq)
4291 {
4292 	struct ath10k *ar = hw->priv;
4293 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4294 
4295 	/* No need to get locks */
4296 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
4297 		return true;
4298 
4299 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
4300 		return true;
4301 
4302 	if (artxq->num_fw_queued < artxq->num_push_allowed)
4303 		return true;
4304 
4305 	return false;
4306 }
4307 
4308 /* Return estimated airtime in microsecond, which is calculated using last
4309  * reported TX rate. This is just a rough estimation because host driver has no
4310  * knowledge of the actual transmit rate, retries or aggregation. If actual
4311  * airtime can be reported by firmware, then delta between estimated and actual
4312  * airtime can be adjusted from deficit.
4313  */
4314 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4315 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4316 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4317 				     struct ieee80211_txq *txq,
4318 				     struct sk_buff *skb)
4319 {
4320 	struct ath10k_sta *arsta;
4321 	u32 pktlen;
4322 	u16 airtime = 0;
4323 
4324 	if (!txq || !txq->sta)
4325 		return airtime;
4326 
4327 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4328 		return airtime;
4329 
4330 	spin_lock_bh(&ar->data_lock);
4331 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4332 
4333 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4334 	if (arsta->last_tx_bitrate) {
4335 		/* airtime in us, last_tx_bitrate in 100kbps */
4336 		airtime = (pktlen * 8 * (1000 / 100))
4337 				/ arsta->last_tx_bitrate;
4338 		/* overhead for media access time and IFS */
4339 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4340 	} else {
4341 		/* This is mostly for throttle excessive BC/MC frames, and the
4342 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4343 		 * in 2G get some discount, which helps prevent very low rate
4344 		 * frames from being blocked for too long.
4345 		 */
4346 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4347 		airtime += IEEE80211_ATF_OVERHEAD;
4348 	}
4349 	spin_unlock_bh(&ar->data_lock);
4350 
4351 	return airtime;
4352 }
4353 
4354 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4355 			   struct ieee80211_txq *txq)
4356 {
4357 	struct ath10k *ar = hw->priv;
4358 	struct ath10k_htt *htt = &ar->htt;
4359 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4360 	struct ieee80211_vif *vif = txq->vif;
4361 	struct ieee80211_sta *sta = txq->sta;
4362 	enum ath10k_hw_txrx_mode txmode;
4363 	enum ath10k_mac_tx_path txpath;
4364 	struct sk_buff *skb;
4365 	struct ieee80211_hdr *hdr;
4366 	size_t skb_len;
4367 	bool is_mgmt, is_presp;
4368 	int ret;
4369 	u16 airtime;
4370 
4371 	spin_lock_bh(&ar->htt.tx_lock);
4372 	ret = ath10k_htt_tx_inc_pending(htt);
4373 	spin_unlock_bh(&ar->htt.tx_lock);
4374 
4375 	if (ret)
4376 		return ret;
4377 
4378 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4379 	if (!skb) {
4380 		spin_lock_bh(&ar->htt.tx_lock);
4381 		ath10k_htt_tx_dec_pending(htt);
4382 		spin_unlock_bh(&ar->htt.tx_lock);
4383 
4384 		return -ENOENT;
4385 	}
4386 
4387 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4388 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4389 
4390 	skb_len = skb->len;
4391 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4392 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4393 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4394 
4395 	if (is_mgmt) {
4396 		hdr = (struct ieee80211_hdr *)skb->data;
4397 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4398 
4399 		spin_lock_bh(&ar->htt.tx_lock);
4400 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4401 
4402 		if (ret) {
4403 			ath10k_htt_tx_dec_pending(htt);
4404 			spin_unlock_bh(&ar->htt.tx_lock);
4405 			return ret;
4406 		}
4407 		spin_unlock_bh(&ar->htt.tx_lock);
4408 	}
4409 
4410 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4411 	if (unlikely(ret)) {
4412 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4413 
4414 		spin_lock_bh(&ar->htt.tx_lock);
4415 		ath10k_htt_tx_dec_pending(htt);
4416 		if (is_mgmt)
4417 			ath10k_htt_tx_mgmt_dec_pending(htt);
4418 		spin_unlock_bh(&ar->htt.tx_lock);
4419 
4420 		return ret;
4421 	}
4422 
4423 	spin_lock_bh(&ar->htt.tx_lock);
4424 	artxq->num_fw_queued++;
4425 	spin_unlock_bh(&ar->htt.tx_lock);
4426 
4427 	return skb_len;
4428 }
4429 
4430 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4431 {
4432 	struct ieee80211_txq *txq;
4433 	int ret = 0;
4434 
4435 	ieee80211_txq_schedule_start(hw, ac);
4436 	while ((txq = ieee80211_next_txq(hw, ac))) {
4437 		while (ath10k_mac_tx_can_push(hw, txq)) {
4438 			ret = ath10k_mac_tx_push_txq(hw, txq);
4439 			if (ret < 0)
4440 				break;
4441 		}
4442 		ieee80211_return_txq(hw, txq, false);
4443 		ath10k_htt_tx_txq_update(hw, txq);
4444 		if (ret == -EBUSY)
4445 			break;
4446 	}
4447 	ieee80211_txq_schedule_end(hw, ac);
4448 
4449 	return ret;
4450 }
4451 
4452 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4453 {
4454 	struct ieee80211_hw *hw = ar->hw;
4455 	u32 ac;
4456 
4457 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4458 		return;
4459 
4460 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4461 		return;
4462 
4463 	rcu_read_lock();
4464 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4465 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4466 			break;
4467 	}
4468 	rcu_read_unlock();
4469 }
4470 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4471 
4472 /************/
4473 /* Scanning */
4474 /************/
4475 
4476 void __ath10k_scan_finish(struct ath10k *ar)
4477 {
4478 	lockdep_assert_held(&ar->data_lock);
4479 
4480 	switch (ar->scan.state) {
4481 	case ATH10K_SCAN_IDLE:
4482 		break;
4483 	case ATH10K_SCAN_RUNNING:
4484 	case ATH10K_SCAN_ABORTING:
4485 		if (!ar->scan.is_roc) {
4486 			struct cfg80211_scan_info info = {
4487 				.aborted = (ar->scan.state ==
4488 					    ATH10K_SCAN_ABORTING),
4489 			};
4490 
4491 			ieee80211_scan_completed(ar->hw, &info);
4492 		} else if (ar->scan.roc_notify) {
4493 			ieee80211_remain_on_channel_expired(ar->hw);
4494 		}
4495 		fallthrough;
4496 	case ATH10K_SCAN_STARTING:
4497 		ar->scan.state = ATH10K_SCAN_IDLE;
4498 		ar->scan_channel = NULL;
4499 		ar->scan.roc_freq = 0;
4500 		ath10k_offchan_tx_purge(ar);
4501 		cancel_delayed_work(&ar->scan.timeout);
4502 		complete(&ar->scan.completed);
4503 		break;
4504 	}
4505 }
4506 
4507 void ath10k_scan_finish(struct ath10k *ar)
4508 {
4509 	spin_lock_bh(&ar->data_lock);
4510 	__ath10k_scan_finish(ar);
4511 	spin_unlock_bh(&ar->data_lock);
4512 }
4513 
4514 static int ath10k_scan_stop(struct ath10k *ar)
4515 {
4516 	struct wmi_stop_scan_arg arg = {
4517 		.req_id = 1, /* FIXME */
4518 		.req_type = WMI_SCAN_STOP_ONE,
4519 		.u.scan_id = ATH10K_SCAN_ID,
4520 	};
4521 	int ret;
4522 
4523 	lockdep_assert_held(&ar->conf_mutex);
4524 
4525 	ret = ath10k_wmi_stop_scan(ar, &arg);
4526 	if (ret) {
4527 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4528 		goto out;
4529 	}
4530 
4531 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4532 	if (ret == 0) {
4533 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4534 		ret = -ETIMEDOUT;
4535 	} else if (ret > 0) {
4536 		ret = 0;
4537 	}
4538 
4539 out:
4540 	/* Scan state should be updated upon scan completion but in case
4541 	 * firmware fails to deliver the event (for whatever reason) it is
4542 	 * desired to clean up scan state anyway. Firmware may have just
4543 	 * dropped the scan completion event delivery due to transport pipe
4544 	 * being overflown with data and/or it can recover on its own before
4545 	 * next scan request is submitted.
4546 	 */
4547 	spin_lock_bh(&ar->data_lock);
4548 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4549 		__ath10k_scan_finish(ar);
4550 	spin_unlock_bh(&ar->data_lock);
4551 
4552 	return ret;
4553 }
4554 
4555 static void ath10k_scan_abort(struct ath10k *ar)
4556 {
4557 	int ret;
4558 
4559 	lockdep_assert_held(&ar->conf_mutex);
4560 
4561 	spin_lock_bh(&ar->data_lock);
4562 
4563 	switch (ar->scan.state) {
4564 	case ATH10K_SCAN_IDLE:
4565 		/* This can happen if timeout worker kicked in and called
4566 		 * abortion while scan completion was being processed.
4567 		 */
4568 		break;
4569 	case ATH10K_SCAN_STARTING:
4570 	case ATH10K_SCAN_ABORTING:
4571 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4572 			    ath10k_scan_state_str(ar->scan.state),
4573 			    ar->scan.state);
4574 		break;
4575 	case ATH10K_SCAN_RUNNING:
4576 		ar->scan.state = ATH10K_SCAN_ABORTING;
4577 		spin_unlock_bh(&ar->data_lock);
4578 
4579 		ret = ath10k_scan_stop(ar);
4580 		if (ret)
4581 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4582 
4583 		spin_lock_bh(&ar->data_lock);
4584 		break;
4585 	}
4586 
4587 	spin_unlock_bh(&ar->data_lock);
4588 }
4589 
4590 void ath10k_scan_timeout_work(struct work_struct *work)
4591 {
4592 	struct ath10k *ar = container_of(work, struct ath10k,
4593 					 scan.timeout.work);
4594 
4595 	mutex_lock(&ar->conf_mutex);
4596 	ath10k_scan_abort(ar);
4597 	mutex_unlock(&ar->conf_mutex);
4598 }
4599 
4600 static int ath10k_start_scan(struct ath10k *ar,
4601 			     const struct wmi_start_scan_arg *arg)
4602 {
4603 	int ret;
4604 
4605 	lockdep_assert_held(&ar->conf_mutex);
4606 
4607 	ret = ath10k_wmi_start_scan(ar, arg);
4608 	if (ret)
4609 		return ret;
4610 
4611 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4612 	if (ret == 0) {
4613 		ret = ath10k_scan_stop(ar);
4614 		if (ret)
4615 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4616 
4617 		return -ETIMEDOUT;
4618 	}
4619 
4620 	/* If we failed to start the scan, return error code at
4621 	 * this point.  This is probably due to some issue in the
4622 	 * firmware, but no need to wedge the driver due to that...
4623 	 */
4624 	spin_lock_bh(&ar->data_lock);
4625 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4626 		spin_unlock_bh(&ar->data_lock);
4627 		return -EINVAL;
4628 	}
4629 	spin_unlock_bh(&ar->data_lock);
4630 
4631 	return 0;
4632 }
4633 
4634 /**********************/
4635 /* mac80211 callbacks */
4636 /**********************/
4637 
4638 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4639 			     struct ieee80211_tx_control *control,
4640 			     struct sk_buff *skb)
4641 {
4642 	struct ath10k *ar = hw->priv;
4643 	struct ath10k_htt *htt = &ar->htt;
4644 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4645 	struct ieee80211_vif *vif = info->control.vif;
4646 	struct ieee80211_sta *sta = control->sta;
4647 	struct ieee80211_txq *txq = NULL;
4648 	struct ieee80211_hdr *hdr = (void *)skb->data;
4649 	enum ath10k_hw_txrx_mode txmode;
4650 	enum ath10k_mac_tx_path txpath;
4651 	bool is_htt;
4652 	bool is_mgmt;
4653 	bool is_presp;
4654 	int ret;
4655 	u16 airtime;
4656 
4657 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4658 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4659 
4660 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4661 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4662 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4663 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4664 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4665 
4666 	if (is_htt) {
4667 		spin_lock_bh(&ar->htt.tx_lock);
4668 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4669 
4670 		ret = ath10k_htt_tx_inc_pending(htt);
4671 		if (ret) {
4672 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4673 				    ret);
4674 			spin_unlock_bh(&ar->htt.tx_lock);
4675 			ieee80211_free_txskb(ar->hw, skb);
4676 			return;
4677 		}
4678 
4679 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4680 		if (ret) {
4681 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4682 				   ret);
4683 			ath10k_htt_tx_dec_pending(htt);
4684 			spin_unlock_bh(&ar->htt.tx_lock);
4685 			ieee80211_free_txskb(ar->hw, skb);
4686 			return;
4687 		}
4688 		spin_unlock_bh(&ar->htt.tx_lock);
4689 	}
4690 
4691 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4692 	if (ret) {
4693 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4694 		if (is_htt) {
4695 			spin_lock_bh(&ar->htt.tx_lock);
4696 			ath10k_htt_tx_dec_pending(htt);
4697 			if (is_mgmt)
4698 				ath10k_htt_tx_mgmt_dec_pending(htt);
4699 			spin_unlock_bh(&ar->htt.tx_lock);
4700 		}
4701 		return;
4702 	}
4703 }
4704 
4705 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4706 					struct ieee80211_txq *txq)
4707 {
4708 	struct ath10k *ar = hw->priv;
4709 	int ret;
4710 	u8 ac;
4711 
4712 	ath10k_htt_tx_txq_update(hw, txq);
4713 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4714 		return;
4715 
4716 	ac = txq->ac;
4717 	ieee80211_txq_schedule_start(hw, ac);
4718 	txq = ieee80211_next_txq(hw, ac);
4719 	if (!txq)
4720 		goto out;
4721 
4722 	while (ath10k_mac_tx_can_push(hw, txq)) {
4723 		ret = ath10k_mac_tx_push_txq(hw, txq);
4724 		if (ret < 0)
4725 			break;
4726 	}
4727 	ieee80211_return_txq(hw, txq, false);
4728 	ath10k_htt_tx_txq_update(hw, txq);
4729 out:
4730 	ieee80211_txq_schedule_end(hw, ac);
4731 }
4732 
4733 /* Must not be called with conf_mutex held as workers can use that also. */
4734 void ath10k_drain_tx(struct ath10k *ar)
4735 {
4736 	lockdep_assert_not_held(&ar->conf_mutex);
4737 
4738 	/* make sure rcu-protected mac80211 tx path itself is drained */
4739 	synchronize_net();
4740 
4741 	ath10k_offchan_tx_purge(ar);
4742 	ath10k_mgmt_over_wmi_tx_purge(ar);
4743 
4744 	cancel_work_sync(&ar->offchan_tx_work);
4745 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4746 }
4747 
4748 void ath10k_halt(struct ath10k *ar)
4749 {
4750 	struct ath10k_vif *arvif;
4751 
4752 	lockdep_assert_held(&ar->conf_mutex);
4753 
4754 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4755 	ar->filter_flags = 0;
4756 	ar->monitor = false;
4757 	ar->monitor_arvif = NULL;
4758 
4759 	if (ar->monitor_started)
4760 		ath10k_monitor_stop(ar);
4761 
4762 	ar->monitor_started = false;
4763 	ar->tx_paused = 0;
4764 
4765 	ath10k_scan_finish(ar);
4766 	ath10k_peer_cleanup_all(ar);
4767 	ath10k_stop_radar_confirmation(ar);
4768 	ath10k_core_stop(ar);
4769 	ath10k_hif_power_down(ar);
4770 
4771 	spin_lock_bh(&ar->data_lock);
4772 	list_for_each_entry(arvif, &ar->arvifs, list)
4773 		ath10k_mac_vif_beacon_cleanup(arvif);
4774 	spin_unlock_bh(&ar->data_lock);
4775 }
4776 
4777 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4778 {
4779 	struct ath10k *ar = hw->priv;
4780 
4781 	mutex_lock(&ar->conf_mutex);
4782 
4783 	*tx_ant = ar->cfg_tx_chainmask;
4784 	*rx_ant = ar->cfg_rx_chainmask;
4785 
4786 	mutex_unlock(&ar->conf_mutex);
4787 
4788 	return 0;
4789 }
4790 
4791 static bool ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4792 {
4793 	/* It is not clear that allowing gaps in chainmask
4794 	 * is helpful.  Probably it will not do what user
4795 	 * is hoping for, so warn in that case.
4796 	 */
4797 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4798 		return true;
4799 
4800 	ath10k_warn(ar, "mac %s antenna chainmask is invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4801 		    dbg, cm);
4802 	return false;
4803 }
4804 
4805 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4806 {
4807 	int nsts = ar->vht_cap_info;
4808 
4809 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4810 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4811 
4812 	/* If firmware does not deliver to host number of space-time
4813 	 * streams supported, assume it support up to 4 BF STS and return
4814 	 * the value for VHT CAP: nsts-1)
4815 	 */
4816 	if (nsts == 0)
4817 		return 3;
4818 
4819 	return nsts;
4820 }
4821 
4822 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4823 {
4824 	int sound_dim = ar->vht_cap_info;
4825 
4826 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4827 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4828 
4829 	/* If the sounding dimension is not advertised by the firmware,
4830 	 * let's use a default value of 1
4831 	 */
4832 	if (sound_dim == 0)
4833 		return 1;
4834 
4835 	return sound_dim;
4836 }
4837 
4838 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4839 {
4840 	struct ieee80211_sta_vht_cap vht_cap = {0};
4841 	struct ath10k_hw_params *hw = &ar->hw_params;
4842 	u16 mcs_map;
4843 	u32 val;
4844 	int i;
4845 
4846 	vht_cap.vht_supported = 1;
4847 	vht_cap.cap = ar->vht_cap_info;
4848 
4849 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4850 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4851 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4852 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4853 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4854 
4855 		vht_cap.cap |= val;
4856 	}
4857 
4858 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4859 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4860 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4861 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4862 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4863 
4864 		vht_cap.cap |= val;
4865 	}
4866 
4867 	mcs_map = 0;
4868 	for (i = 0; i < 8; i++) {
4869 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4870 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4871 		else
4872 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4873 	}
4874 
4875 	if (ar->cfg_tx_chainmask <= 1)
4876 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4877 
4878 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4879 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4880 
4881 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4882 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4883 	 * user-space a clue if that is the case.
4884 	 */
4885 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4886 	    (hw->vht160_mcs_rx_highest != 0 ||
4887 	     hw->vht160_mcs_tx_highest != 0)) {
4888 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4889 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4890 	}
4891 
4892 	return vht_cap;
4893 }
4894 
4895 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4896 {
4897 	int i;
4898 	struct ieee80211_sta_ht_cap ht_cap = {0};
4899 
4900 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4901 		return ht_cap;
4902 
4903 	ht_cap.ht_supported = 1;
4904 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4905 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4906 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4907 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4908 	ht_cap.cap |=
4909 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4910 
4911 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4912 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4913 
4914 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4915 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4916 
4917 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4918 		u32 smps;
4919 
4920 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4921 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4922 
4923 		ht_cap.cap |= smps;
4924 	}
4925 
4926 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4927 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4928 
4929 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4930 		u32 stbc;
4931 
4932 		stbc   = ar->ht_cap_info;
4933 		stbc  &= WMI_HT_CAP_RX_STBC;
4934 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4935 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4936 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4937 
4938 		ht_cap.cap |= stbc;
4939 	}
4940 
4941 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4942 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4943 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4944 
4945 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4946 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4947 
4948 	/* max AMSDU is implicitly taken from vht_cap_info */
4949 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4950 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4951 
4952 	for (i = 0; i < ar->num_rf_chains; i++) {
4953 		if (ar->cfg_rx_chainmask & BIT(i))
4954 			ht_cap.mcs.rx_mask[i] = 0xFF;
4955 	}
4956 
4957 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
4958 
4959 	return ht_cap;
4960 }
4961 
4962 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
4963 {
4964 	struct ieee80211_supported_band *band;
4965 	struct ieee80211_sta_vht_cap vht_cap;
4966 	struct ieee80211_sta_ht_cap ht_cap;
4967 
4968 	ht_cap = ath10k_get_ht_cap(ar);
4969 	vht_cap = ath10k_create_vht_cap(ar);
4970 
4971 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
4972 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
4973 		band->ht_cap = ht_cap;
4974 	}
4975 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
4976 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
4977 		band->ht_cap = ht_cap;
4978 		band->vht_cap = vht_cap;
4979 	}
4980 }
4981 
4982 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
4983 {
4984 	int ret;
4985 	bool is_valid_tx_chain_mask, is_valid_rx_chain_mask;
4986 
4987 	lockdep_assert_held(&ar->conf_mutex);
4988 
4989 	is_valid_tx_chain_mask = ath10k_check_chain_mask(ar, tx_ant, "tx");
4990 	is_valid_rx_chain_mask = ath10k_check_chain_mask(ar, rx_ant, "rx");
4991 
4992 	if (!is_valid_tx_chain_mask || !is_valid_rx_chain_mask)
4993 		return -EINVAL;
4994 
4995 	ar->cfg_tx_chainmask = tx_ant;
4996 	ar->cfg_rx_chainmask = rx_ant;
4997 
4998 	if ((ar->state != ATH10K_STATE_ON) &&
4999 	    (ar->state != ATH10K_STATE_RESTARTED))
5000 		return 0;
5001 
5002 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
5003 					tx_ant);
5004 	if (ret) {
5005 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
5006 			    ret, tx_ant);
5007 		return ret;
5008 	}
5009 
5010 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
5011 					rx_ant);
5012 	if (ret) {
5013 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
5014 			    ret, rx_ant);
5015 		return ret;
5016 	}
5017 
5018 	/* Reload HT/VHT capability */
5019 	ath10k_mac_setup_ht_vht_cap(ar);
5020 
5021 	return 0;
5022 }
5023 
5024 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
5025 {
5026 	struct ath10k *ar = hw->priv;
5027 	int ret;
5028 
5029 	mutex_lock(&ar->conf_mutex);
5030 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
5031 	mutex_unlock(&ar->conf_mutex);
5032 	return ret;
5033 }
5034 
5035 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
5036 				       struct wmi_bb_timing_cfg_arg *bb_timing)
5037 {
5038 	struct device_node *node;
5039 	const char *fem_name;
5040 	int ret;
5041 
5042 	node = ar->dev->of_node;
5043 	if (!node)
5044 		return -ENOENT;
5045 
5046 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
5047 	if (ret)
5048 		return -ENOENT;
5049 
5050 	/*
5051 	 * If external Front End module used in hardware, then default base band timing
5052 	 * parameter cannot be used since they were fine tuned for reference hardware,
5053 	 * so choosing different value suitable for that external FEM.
5054 	 */
5055 	if (!strcmp("microsemi-lx5586", fem_name)) {
5056 		bb_timing->bb_tx_timing = 0x00;
5057 		bb_timing->bb_xpa_timing = 0x0101;
5058 	} else {
5059 		return -ENOENT;
5060 	}
5061 
5062 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
5063 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
5064 	return 0;
5065 }
5066 
5067 static int ath10k_mac_rfkill_config(struct ath10k *ar)
5068 {
5069 	u32 param;
5070 	int ret;
5071 
5072 	if (ar->hw_values->rfkill_pin == 0) {
5073 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
5074 		return -EOPNOTSUPP;
5075 	}
5076 
5077 	ath10k_dbg(ar, ATH10K_DBG_MAC,
5078 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
5079 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
5080 		   ar->hw_values->rfkill_on_level);
5081 
5082 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
5083 			   ar->hw_values->rfkill_on_level) |
5084 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
5085 			   ar->hw_values->rfkill_pin) |
5086 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
5087 			   ar->hw_values->rfkill_cfg);
5088 
5089 	ret = ath10k_wmi_pdev_set_param(ar,
5090 					ar->wmi.pdev_param->rfkill_config,
5091 					param);
5092 	if (ret) {
5093 		ath10k_warn(ar,
5094 			    "failed to set rfkill config 0x%x: %d\n",
5095 			    param, ret);
5096 		return ret;
5097 	}
5098 	return 0;
5099 }
5100 
5101 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
5102 {
5103 	enum wmi_tlv_rfkill_enable_radio param;
5104 	int ret;
5105 
5106 	if (enable)
5107 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
5108 	else
5109 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
5110 
5111 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
5112 
5113 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
5114 					param);
5115 	if (ret) {
5116 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
5117 			    param, ret);
5118 		return ret;
5119 	}
5120 
5121 	return 0;
5122 }
5123 
5124 static int ath10k_start(struct ieee80211_hw *hw)
5125 {
5126 	struct ath10k *ar = hw->priv;
5127 	u32 param;
5128 	int ret = 0;
5129 	struct wmi_bb_timing_cfg_arg bb_timing = {0};
5130 
5131 	/*
5132 	 * This makes sense only when restarting hw. It is harmless to call
5133 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
5134 	 * commands will be submitted while restarting.
5135 	 */
5136 	ath10k_drain_tx(ar);
5137 
5138 	mutex_lock(&ar->conf_mutex);
5139 
5140 	switch (ar->state) {
5141 	case ATH10K_STATE_OFF:
5142 		ar->state = ATH10K_STATE_ON;
5143 		break;
5144 	case ATH10K_STATE_RESTARTING:
5145 		ar->state = ATH10K_STATE_RESTARTED;
5146 		break;
5147 	case ATH10K_STATE_ON:
5148 	case ATH10K_STATE_RESTARTED:
5149 	case ATH10K_STATE_WEDGED:
5150 		WARN_ON(1);
5151 		ret = -EINVAL;
5152 		goto err;
5153 	case ATH10K_STATE_UTF:
5154 		ret = -EBUSY;
5155 		goto err;
5156 	}
5157 
5158 	spin_lock_bh(&ar->data_lock);
5159 
5160 	if (ar->hw_rfkill_on) {
5161 		ar->hw_rfkill_on = false;
5162 		spin_unlock_bh(&ar->data_lock);
5163 		goto err;
5164 	}
5165 
5166 	spin_unlock_bh(&ar->data_lock);
5167 
5168 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
5169 	if (ret) {
5170 		ath10k_err(ar, "Could not init hif: %d\n", ret);
5171 		goto err_off;
5172 	}
5173 
5174 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
5175 				&ar->normal_mode_fw);
5176 	if (ret) {
5177 		ath10k_err(ar, "Could not init core: %d\n", ret);
5178 		goto err_power_down;
5179 	}
5180 
5181 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
5182 		ret = ath10k_mac_rfkill_config(ar);
5183 		if (ret && ret != -EOPNOTSUPP) {
5184 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
5185 			goto err_core_stop;
5186 		}
5187 	}
5188 
5189 	param = ar->wmi.pdev_param->pmf_qos;
5190 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5191 	if (ret) {
5192 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
5193 		goto err_core_stop;
5194 	}
5195 
5196 	param = ar->wmi.pdev_param->dynamic_bw;
5197 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5198 	if (ret) {
5199 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
5200 		goto err_core_stop;
5201 	}
5202 
5203 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
5204 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
5205 		if (ret) {
5206 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
5207 			goto err_core_stop;
5208 		}
5209 	}
5210 
5211 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
5212 		ret = ath10k_wmi_adaptive_qcs(ar, true);
5213 		if (ret) {
5214 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
5215 				    ret);
5216 			goto err_core_stop;
5217 		}
5218 	}
5219 
5220 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
5221 		param = ar->wmi.pdev_param->burst_enable;
5222 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5223 		if (ret) {
5224 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
5225 			goto err_core_stop;
5226 		}
5227 	}
5228 
5229 	param = ar->wmi.pdev_param->idle_ps_config;
5230 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5231 	if (ret && ret != -EOPNOTSUPP) {
5232 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
5233 		goto err_core_stop;
5234 	}
5235 
5236 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
5237 
5238 	/*
5239 	 * By default FW set ARP frames ac to voice (6). In that case ARP
5240 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
5241 	 * which arrives with access category 0 are processed by network stack
5242 	 * and send back with access category 0, but FW changes access category
5243 	 * to 6. Set ARP frames access category to best effort (0) solves
5244 	 * this problem.
5245 	 */
5246 
5247 	param = ar->wmi.pdev_param->arp_ac_override;
5248 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5249 	if (ret) {
5250 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
5251 			    ret);
5252 		goto err_core_stop;
5253 	}
5254 
5255 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
5256 		     ar->running_fw->fw_file.fw_features)) {
5257 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
5258 							  WMI_CCA_DETECT_LEVEL_AUTO,
5259 							  WMI_CCA_DETECT_MARGIN_AUTO);
5260 		if (ret) {
5261 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
5262 				    ret);
5263 			goto err_core_stop;
5264 		}
5265 	}
5266 
5267 	param = ar->wmi.pdev_param->ani_enable;
5268 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5269 	if (ret) {
5270 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
5271 			    ret);
5272 		goto err_core_stop;
5273 	}
5274 
5275 	ar->ani_enabled = true;
5276 
5277 	if (ath10k_peer_stats_enabled(ar)) {
5278 		param = ar->wmi.pdev_param->peer_stats_update_period;
5279 		ret = ath10k_wmi_pdev_set_param(ar, param,
5280 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
5281 		if (ret) {
5282 			ath10k_warn(ar,
5283 				    "failed to set peer stats period : %d\n",
5284 				    ret);
5285 			goto err_core_stop;
5286 		}
5287 	}
5288 
5289 	param = ar->wmi.pdev_param->enable_btcoex;
5290 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
5291 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
5292 		     ar->running_fw->fw_file.fw_features) &&
5293 	    ar->coex_support) {
5294 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5295 		if (ret) {
5296 			ath10k_warn(ar,
5297 				    "failed to set btcoex param: %d\n", ret);
5298 			goto err_core_stop;
5299 		}
5300 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
5301 	}
5302 
5303 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
5304 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
5305 		if (!ret) {
5306 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
5307 			if (ret) {
5308 				ath10k_warn(ar,
5309 					    "failed to set bb timings: %d\n",
5310 					    ret);
5311 				goto err_core_stop;
5312 			}
5313 		}
5314 	}
5315 
5316 	ar->num_started_vdevs = 0;
5317 	ath10k_regd_update(ar);
5318 
5319 	ath10k_spectral_start(ar);
5320 	ath10k_thermal_set_throttling(ar);
5321 
5322 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5323 
5324 	mutex_unlock(&ar->conf_mutex);
5325 	return 0;
5326 
5327 err_core_stop:
5328 	ath10k_core_stop(ar);
5329 
5330 err_power_down:
5331 	ath10k_hif_power_down(ar);
5332 
5333 err_off:
5334 	ar->state = ATH10K_STATE_OFF;
5335 
5336 err:
5337 	mutex_unlock(&ar->conf_mutex);
5338 	return ret;
5339 }
5340 
5341 static void ath10k_stop(struct ieee80211_hw *hw)
5342 {
5343 	struct ath10k *ar = hw->priv;
5344 	u32 opt;
5345 
5346 	ath10k_drain_tx(ar);
5347 
5348 	mutex_lock(&ar->conf_mutex);
5349 	if (ar->state != ATH10K_STATE_OFF) {
5350 		if (!ar->hw_rfkill_on) {
5351 			/* If the current driver state is RESTARTING but not yet
5352 			 * fully RESTARTED because of incoming suspend event,
5353 			 * then ath10k_halt() is already called via
5354 			 * ath10k_core_restart() and should not be called here.
5355 			 */
5356 			if (ar->state != ATH10K_STATE_RESTARTING) {
5357 				ath10k_halt(ar);
5358 			} else {
5359 				/* Suspending here, because when in RESTARTING
5360 				 * state, ath10k_core_stop() skips
5361 				 * ath10k_wait_for_suspend().
5362 				 */
5363 				opt = WMI_PDEV_SUSPEND_AND_DISABLE_INTR;
5364 				ath10k_wait_for_suspend(ar, opt);
5365 			}
5366 		}
5367 		ar->state = ATH10K_STATE_OFF;
5368 	}
5369 	mutex_unlock(&ar->conf_mutex);
5370 
5371 	cancel_work_sync(&ar->set_coverage_class_work);
5372 	cancel_delayed_work_sync(&ar->scan.timeout);
5373 	cancel_work_sync(&ar->restart_work);
5374 }
5375 
5376 static int ath10k_config_ps(struct ath10k *ar)
5377 {
5378 	struct ath10k_vif *arvif;
5379 	int ret = 0;
5380 
5381 	lockdep_assert_held(&ar->conf_mutex);
5382 
5383 	list_for_each_entry(arvif, &ar->arvifs, list) {
5384 		ret = ath10k_mac_vif_setup_ps(arvif);
5385 		if (ret) {
5386 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5387 			break;
5388 		}
5389 	}
5390 
5391 	return ret;
5392 }
5393 
5394 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
5395 {
5396 	struct ath10k *ar = hw->priv;
5397 	struct ieee80211_conf *conf = &hw->conf;
5398 	int ret = 0;
5399 
5400 	mutex_lock(&ar->conf_mutex);
5401 
5402 	if (changed & IEEE80211_CONF_CHANGE_PS)
5403 		ath10k_config_ps(ar);
5404 
5405 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5406 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5407 		ret = ath10k_monitor_recalc(ar);
5408 		if (ret)
5409 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5410 	}
5411 
5412 	mutex_unlock(&ar->conf_mutex);
5413 	return ret;
5414 }
5415 
5416 static u32 get_nss_from_chainmask(u16 chain_mask)
5417 {
5418 	if ((chain_mask & 0xf) == 0xf)
5419 		return 4;
5420 	else if ((chain_mask & 0x7) == 0x7)
5421 		return 3;
5422 	else if ((chain_mask & 0x3) == 0x3)
5423 		return 2;
5424 	return 1;
5425 }
5426 
5427 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5428 {
5429 	u32 value = 0;
5430 	struct ath10k *ar = arvif->ar;
5431 	int nsts;
5432 	int sound_dim;
5433 
5434 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5435 		return 0;
5436 
5437 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5438 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5439 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5440 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5441 
5442 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5443 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5444 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5445 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5446 
5447 	if (!value)
5448 		return 0;
5449 
5450 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5451 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5452 
5453 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5454 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5455 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5456 
5457 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5458 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5459 
5460 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5461 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5462 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5463 
5464 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5465 					 ar->wmi.vdev_param->txbf, value);
5466 }
5467 
5468 /*
5469  * TODO:
5470  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5471  * because we will send mgmt frames without CCK. This requirement
5472  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5473  * in the TX packet.
5474  */
5475 static int ath10k_add_interface(struct ieee80211_hw *hw,
5476 				struct ieee80211_vif *vif)
5477 {
5478 	struct ath10k *ar = hw->priv;
5479 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5480 	struct ath10k_peer *peer;
5481 	enum wmi_sta_powersave_param param;
5482 	int ret = 0;
5483 	u32 value;
5484 	int bit;
5485 	int i;
5486 	u32 vdev_param;
5487 
5488 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5489 
5490 	mutex_lock(&ar->conf_mutex);
5491 
5492 	memset(arvif, 0, sizeof(*arvif));
5493 	ath10k_mac_txq_init(vif->txq);
5494 
5495 	arvif->ar = ar;
5496 	arvif->vif = vif;
5497 
5498 	INIT_LIST_HEAD(&arvif->list);
5499 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5500 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5501 			  ath10k_mac_vif_sta_connection_loss_work);
5502 
5503 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5504 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5505 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5506 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5507 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5508 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5509 	}
5510 
5511 	if (ar->num_peers >= ar->max_num_peers) {
5512 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5513 		ret = -ENOBUFS;
5514 		goto err;
5515 	}
5516 
5517 	if (ar->free_vdev_map == 0) {
5518 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5519 		ret = -EBUSY;
5520 		goto err;
5521 	}
5522 	bit = __ffs64(ar->free_vdev_map);
5523 
5524 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5525 		   bit, ar->free_vdev_map);
5526 
5527 	arvif->vdev_id = bit;
5528 	arvif->vdev_subtype =
5529 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5530 
5531 	switch (vif->type) {
5532 	case NL80211_IFTYPE_P2P_DEVICE:
5533 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5534 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5535 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5536 		break;
5537 	case NL80211_IFTYPE_UNSPECIFIED:
5538 	case NL80211_IFTYPE_STATION:
5539 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5540 		if (vif->p2p)
5541 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5542 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5543 		break;
5544 	case NL80211_IFTYPE_ADHOC:
5545 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5546 		break;
5547 	case NL80211_IFTYPE_MESH_POINT:
5548 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5549 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5550 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5551 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5552 			ret = -EINVAL;
5553 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5554 			goto err;
5555 		}
5556 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5557 		break;
5558 	case NL80211_IFTYPE_AP:
5559 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5560 
5561 		if (vif->p2p)
5562 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5563 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5564 		break;
5565 	case NL80211_IFTYPE_MONITOR:
5566 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5567 		break;
5568 	default:
5569 		WARN_ON(1);
5570 		break;
5571 	}
5572 
5573 	/* Using vdev_id as queue number will make it very easy to do per-vif
5574 	 * tx queue locking. This shouldn't wrap due to interface combinations
5575 	 * but do a modulo for correctness sake and prevent using offchannel tx
5576 	 * queues for regular vif tx.
5577 	 */
5578 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5579 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5580 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5581 
5582 	/* Some firmware revisions don't wait for beacon tx completion before
5583 	 * sending another SWBA event. This could lead to hardware using old
5584 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5585 	 * combined with missed TBTT. This is very rare.
5586 	 *
5587 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5588 	 * because hw could beacon some random data on the air.  On
5589 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5590 	 * device would crash.
5591 	 *
5592 	 * Since there are no beacon tx completions (implicit nor explicit)
5593 	 * propagated to host the only workaround for this is to allocate a
5594 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5595 	 * beacon tx commands. Worst case for this approach is some beacons may
5596 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5597 	 */
5598 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5599 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5600 	    vif->type == NL80211_IFTYPE_AP) {
5601 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
5602 			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
5603 						    GFP_KERNEL);
5604 
5605 			/* Using a kernel pointer in place of a dma_addr_t
5606 			 * token can lead to undefined behavior if that
5607 			 * makes it into cache management functions. Use a
5608 			 * known-invalid address token instead, which
5609 			 * avoids the warning and makes it easier to catch
5610 			 * bugs if it does end up getting used.
5611 			 */
5612 			arvif->beacon_paddr = DMA_MAPPING_ERROR;
5613 		} else {
5614 			arvif->beacon_buf =
5615 				dma_alloc_coherent(ar->dev,
5616 						   IEEE80211_MAX_FRAME_LEN,
5617 						   &arvif->beacon_paddr,
5618 						   GFP_ATOMIC);
5619 		}
5620 		if (!arvif->beacon_buf) {
5621 			ret = -ENOMEM;
5622 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5623 				    ret);
5624 			goto err;
5625 		}
5626 	}
5627 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5628 		arvif->nohwcrypt = true;
5629 
5630 	if (arvif->nohwcrypt &&
5631 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5632 		ret = -EINVAL;
5633 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5634 		goto err;
5635 	}
5636 
5637 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5638 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5639 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5640 
5641 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5642 				     arvif->vdev_subtype, vif->addr);
5643 	if (ret) {
5644 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5645 			    arvif->vdev_id, ret);
5646 		goto err;
5647 	}
5648 
5649 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5650 		     ar->wmi.svc_map)) {
5651 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5652 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5653 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5654 		if (ret && ret != -EOPNOTSUPP) {
5655 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5656 				    arvif->vdev_id, ret);
5657 		}
5658 	}
5659 
5660 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5661 	spin_lock_bh(&ar->data_lock);
5662 	list_add(&arvif->list, &ar->arvifs);
5663 	spin_unlock_bh(&ar->data_lock);
5664 
5665 	/* It makes no sense to have firmware do keepalives. mac80211 already
5666 	 * takes care of this with idle connection polling.
5667 	 */
5668 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5669 	if (ret) {
5670 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5671 			    arvif->vdev_id, ret);
5672 		goto err_vdev_delete;
5673 	}
5674 
5675 	arvif->def_wep_key_idx = -1;
5676 
5677 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5678 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5679 					ATH10K_HW_TXRX_NATIVE_WIFI);
5680 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5681 	if (ret && ret != -EOPNOTSUPP) {
5682 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5683 			    arvif->vdev_id, ret);
5684 		goto err_vdev_delete;
5685 	}
5686 
5687 	/* Configuring number of spatial stream for monitor interface is causing
5688 	 * target assert in qca9888 and qca6174.
5689 	 */
5690 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5691 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5692 
5693 		vdev_param = ar->wmi.vdev_param->nss;
5694 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5695 						nss);
5696 		if (ret) {
5697 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5698 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5699 				    ret);
5700 			goto err_vdev_delete;
5701 		}
5702 	}
5703 
5704 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5705 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5706 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5707 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5708 		if (ret) {
5709 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5710 				    arvif->vdev_id, ret);
5711 			goto err_vdev_delete;
5712 		}
5713 
5714 		spin_lock_bh(&ar->data_lock);
5715 
5716 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5717 		if (!peer) {
5718 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5719 				    vif->addr, arvif->vdev_id);
5720 			spin_unlock_bh(&ar->data_lock);
5721 			ret = -ENOENT;
5722 			goto err_peer_delete;
5723 		}
5724 
5725 		arvif->peer_id = find_first_bit(peer->peer_ids,
5726 						ATH10K_MAX_NUM_PEER_IDS);
5727 
5728 		spin_unlock_bh(&ar->data_lock);
5729 	} else {
5730 		arvif->peer_id = HTT_INVALID_PEERID;
5731 	}
5732 
5733 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5734 		ret = ath10k_mac_set_kickout(arvif);
5735 		if (ret) {
5736 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5737 				    arvif->vdev_id, ret);
5738 			goto err_peer_delete;
5739 		}
5740 	}
5741 
5742 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5743 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5744 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5745 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5746 						  param, value);
5747 		if (ret) {
5748 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5749 				    arvif->vdev_id, ret);
5750 			goto err_peer_delete;
5751 		}
5752 
5753 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5754 		if (ret) {
5755 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5756 				    arvif->vdev_id, ret);
5757 			goto err_peer_delete;
5758 		}
5759 
5760 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5761 		if (ret) {
5762 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5763 				    arvif->vdev_id, ret);
5764 			goto err_peer_delete;
5765 		}
5766 	}
5767 
5768 	ret = ath10k_mac_set_txbf_conf(arvif);
5769 	if (ret) {
5770 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5771 			    arvif->vdev_id, ret);
5772 		goto err_peer_delete;
5773 	}
5774 
5775 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5776 	if (ret) {
5777 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5778 			    arvif->vdev_id, ret);
5779 		goto err_peer_delete;
5780 	}
5781 
5782 	arvif->txpower = vif->bss_conf.txpower;
5783 	ret = ath10k_mac_txpower_recalc(ar);
5784 	if (ret) {
5785 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5786 		goto err_peer_delete;
5787 	}
5788 
5789 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5790 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5791 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5792 						arvif->ftm_responder);
5793 
5794 		/* It is harmless to not set FTM role. Do not warn */
5795 		if (ret && ret != -EOPNOTSUPP)
5796 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5797 				    arvif->vdev_id, ret);
5798 	}
5799 
5800 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5801 		ar->monitor_arvif = arvif;
5802 		ret = ath10k_monitor_recalc(ar);
5803 		if (ret) {
5804 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5805 			goto err_peer_delete;
5806 		}
5807 	}
5808 
5809 	spin_lock_bh(&ar->htt.tx_lock);
5810 	if (!ar->tx_paused)
5811 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5812 	spin_unlock_bh(&ar->htt.tx_lock);
5813 
5814 	mutex_unlock(&ar->conf_mutex);
5815 	return 0;
5816 
5817 err_peer_delete:
5818 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5819 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5820 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5821 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5822 						 vif->addr);
5823 	}
5824 
5825 err_vdev_delete:
5826 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5827 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5828 	spin_lock_bh(&ar->data_lock);
5829 	list_del(&arvif->list);
5830 	spin_unlock_bh(&ar->data_lock);
5831 
5832 err:
5833 	if (arvif->beacon_buf) {
5834 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
5835 			kfree(arvif->beacon_buf);
5836 		else
5837 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5838 					  arvif->beacon_buf,
5839 					  arvif->beacon_paddr);
5840 		arvif->beacon_buf = NULL;
5841 	}
5842 
5843 	mutex_unlock(&ar->conf_mutex);
5844 
5845 	return ret;
5846 }
5847 
5848 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5849 {
5850 	int i;
5851 
5852 	for (i = 0; i < BITS_PER_LONG; i++)
5853 		ath10k_mac_vif_tx_unlock(arvif, i);
5854 }
5855 
5856 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5857 				    struct ieee80211_vif *vif)
5858 {
5859 	struct ath10k *ar = hw->priv;
5860 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5861 	struct ath10k_peer *peer;
5862 	unsigned long time_left;
5863 	int ret;
5864 	int i;
5865 
5866 	cancel_work_sync(&arvif->ap_csa_work);
5867 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5868 
5869 	mutex_lock(&ar->conf_mutex);
5870 
5871 	ret = ath10k_spectral_vif_stop(arvif);
5872 	if (ret)
5873 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5874 			    arvif->vdev_id, ret);
5875 
5876 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5877 	spin_lock_bh(&ar->data_lock);
5878 	list_del(&arvif->list);
5879 	spin_unlock_bh(&ar->data_lock);
5880 
5881 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5882 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5883 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5884 					     vif->addr);
5885 		if (ret)
5886 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5887 				    arvif->vdev_id, ret);
5888 
5889 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5890 						 vif->addr);
5891 		kfree(arvif->u.ap.noa_data);
5892 	}
5893 
5894 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5895 		   arvif->vdev_id);
5896 
5897 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5898 	if (ret)
5899 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5900 			    arvif->vdev_id, ret);
5901 
5902 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
5903 		time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
5904 							ATH10K_VDEV_DELETE_TIMEOUT_HZ);
5905 		if (time_left == 0) {
5906 			ath10k_warn(ar, "Timeout in receiving vdev delete response\n");
5907 			goto out;
5908 		}
5909 	}
5910 
5911 	/* Some firmware revisions don't notify host about self-peer removal
5912 	 * until after associated vdev is deleted.
5913 	 */
5914 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5915 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5916 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5917 						   vif->addr);
5918 		if (ret)
5919 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5920 				    arvif->vdev_id, ret);
5921 
5922 		spin_lock_bh(&ar->data_lock);
5923 		ar->num_peers--;
5924 		spin_unlock_bh(&ar->data_lock);
5925 	}
5926 
5927 	spin_lock_bh(&ar->data_lock);
5928 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5929 		peer = ar->peer_map[i];
5930 		if (!peer)
5931 			continue;
5932 
5933 		if (peer->vif == vif) {
5934 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5935 				    vif->addr, arvif->vdev_id);
5936 			peer->vif = NULL;
5937 		}
5938 	}
5939 
5940 	/* Clean this up late, less opportunity for firmware to access
5941 	 * DMA memory we have deleted.
5942 	 */
5943 	ath10k_mac_vif_beacon_cleanup(arvif);
5944 	spin_unlock_bh(&ar->data_lock);
5945 
5946 	ath10k_peer_cleanup(ar, arvif->vdev_id);
5947 	ath10k_mac_txq_unref(ar, vif->txq);
5948 
5949 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5950 		ar->monitor_arvif = NULL;
5951 		ret = ath10k_monitor_recalc(ar);
5952 		if (ret)
5953 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5954 	}
5955 
5956 	ret = ath10k_mac_txpower_recalc(ar);
5957 	if (ret)
5958 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5959 
5960 	spin_lock_bh(&ar->htt.tx_lock);
5961 	ath10k_mac_vif_tx_unlock_all(arvif);
5962 	spin_unlock_bh(&ar->htt.tx_lock);
5963 
5964 	ath10k_mac_txq_unref(ar, vif->txq);
5965 
5966 out:
5967 	mutex_unlock(&ar->conf_mutex);
5968 }
5969 
5970 /*
5971  * FIXME: Has to be verified.
5972  */
5973 #define SUPPORTED_FILTERS			\
5974 	(FIF_ALLMULTI |				\
5975 	FIF_CONTROL |				\
5976 	FIF_PSPOLL |				\
5977 	FIF_OTHER_BSS |				\
5978 	FIF_BCN_PRBRESP_PROMISC |		\
5979 	FIF_PROBE_REQ |				\
5980 	FIF_FCSFAIL)
5981 
5982 static void ath10k_configure_filter(struct ieee80211_hw *hw,
5983 				    unsigned int changed_flags,
5984 				    unsigned int *total_flags,
5985 				    u64 multicast)
5986 {
5987 	struct ath10k *ar = hw->priv;
5988 	int ret;
5989 
5990 	mutex_lock(&ar->conf_mutex);
5991 
5992 	changed_flags &= SUPPORTED_FILTERS;
5993 	*total_flags &= SUPPORTED_FILTERS;
5994 	ar->filter_flags = *total_flags;
5995 
5996 	ret = ath10k_monitor_recalc(ar);
5997 	if (ret)
5998 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5999 
6000 	mutex_unlock(&ar->conf_mutex);
6001 }
6002 
6003 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
6004 					 struct ieee80211_vif *vif,
6005 					 struct cfg80211_chan_def *def)
6006 {
6007 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6008 	const struct ieee80211_supported_band *sband;
6009 	u8 basic_rate_idx;
6010 	int hw_rate_code;
6011 	u32 vdev_param;
6012 	u16 bitrate;
6013 	int ret;
6014 
6015 	lockdep_assert_held(&ar->conf_mutex);
6016 
6017 	sband = ar->hw->wiphy->bands[def->chan->band];
6018 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
6019 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
6020 
6021 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
6022 	if (hw_rate_code < 0) {
6023 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
6024 		return;
6025 	}
6026 
6027 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
6028 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6029 					hw_rate_code);
6030 	if (ret)
6031 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
6032 }
6033 
6034 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
6035 				    struct ieee80211_vif *vif,
6036 				    struct ieee80211_bss_conf *info,
6037 				    u32 changed)
6038 {
6039 	struct ath10k *ar = hw->priv;
6040 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6041 	struct cfg80211_chan_def def;
6042 	u32 vdev_param, pdev_param, slottime, preamble;
6043 	u16 bitrate, hw_value;
6044 	u8 rate, rateidx;
6045 	int ret = 0, mcast_rate;
6046 	enum nl80211_band band;
6047 
6048 	mutex_lock(&ar->conf_mutex);
6049 
6050 	if (changed & BSS_CHANGED_IBSS)
6051 		ath10k_control_ibss(arvif, info, vif->addr);
6052 
6053 	if (changed & BSS_CHANGED_BEACON_INT) {
6054 		arvif->beacon_interval = info->beacon_int;
6055 		vdev_param = ar->wmi.vdev_param->beacon_interval;
6056 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6057 						arvif->beacon_interval);
6058 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6059 			   "mac vdev %d beacon_interval %d\n",
6060 			   arvif->vdev_id, arvif->beacon_interval);
6061 
6062 		if (ret)
6063 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
6064 				    arvif->vdev_id, ret);
6065 	}
6066 
6067 	if (changed & BSS_CHANGED_BEACON) {
6068 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6069 			   "vdev %d set beacon tx mode to staggered\n",
6070 			   arvif->vdev_id);
6071 
6072 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
6073 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
6074 						WMI_BEACON_STAGGERED_MODE);
6075 		if (ret)
6076 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
6077 				    arvif->vdev_id, ret);
6078 
6079 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
6080 		if (ret)
6081 			ath10k_warn(ar, "failed to update beacon template: %d\n",
6082 				    ret);
6083 
6084 		if (ieee80211_vif_is_mesh(vif)) {
6085 			/* mesh doesn't use SSID but firmware needs it */
6086 			strncpy(arvif->u.ap.ssid, "mesh",
6087 				sizeof(arvif->u.ap.ssid));
6088 			arvif->u.ap.ssid_len = 4;
6089 		}
6090 	}
6091 
6092 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
6093 		ret = ath10k_mac_setup_prb_tmpl(arvif);
6094 		if (ret)
6095 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
6096 				    arvif->vdev_id, ret);
6097 	}
6098 
6099 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
6100 		arvif->dtim_period = info->dtim_period;
6101 
6102 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6103 			   "mac vdev %d dtim_period %d\n",
6104 			   arvif->vdev_id, arvif->dtim_period);
6105 
6106 		vdev_param = ar->wmi.vdev_param->dtim_period;
6107 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6108 						arvif->dtim_period);
6109 		if (ret)
6110 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
6111 				    arvif->vdev_id, ret);
6112 	}
6113 
6114 	if (changed & BSS_CHANGED_SSID &&
6115 	    vif->type == NL80211_IFTYPE_AP) {
6116 		arvif->u.ap.ssid_len = info->ssid_len;
6117 		if (info->ssid_len)
6118 			memcpy(arvif->u.ap.ssid, info->ssid, info->ssid_len);
6119 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
6120 	}
6121 
6122 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
6123 		ether_addr_copy(arvif->bssid, info->bssid);
6124 
6125 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
6126 	    arvif->ftm_responder != info->ftm_responder &&
6127 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
6128 		arvif->ftm_responder = info->ftm_responder;
6129 
6130 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
6131 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6132 						arvif->ftm_responder);
6133 
6134 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6135 			   "mac vdev %d ftm_responder %d:ret %d\n",
6136 			   arvif->vdev_id, arvif->ftm_responder, ret);
6137 	}
6138 
6139 	if (changed & BSS_CHANGED_BEACON_ENABLED)
6140 		ath10k_control_beaconing(arvif, info);
6141 
6142 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
6143 		arvif->use_cts_prot = info->use_cts_prot;
6144 
6145 		ret = ath10k_recalc_rtscts_prot(arvif);
6146 		if (ret)
6147 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
6148 				    arvif->vdev_id, ret);
6149 
6150 		if (ath10k_mac_can_set_cts_prot(arvif)) {
6151 			ret = ath10k_mac_set_cts_prot(arvif);
6152 			if (ret)
6153 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
6154 					    arvif->vdev_id, ret);
6155 		}
6156 	}
6157 
6158 	if (changed & BSS_CHANGED_ERP_SLOT) {
6159 		if (info->use_short_slot)
6160 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
6161 
6162 		else
6163 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
6164 
6165 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
6166 			   arvif->vdev_id, slottime);
6167 
6168 		vdev_param = ar->wmi.vdev_param->slot_time;
6169 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6170 						slottime);
6171 		if (ret)
6172 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
6173 				    arvif->vdev_id, ret);
6174 	}
6175 
6176 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
6177 		if (info->use_short_preamble)
6178 			preamble = WMI_VDEV_PREAMBLE_SHORT;
6179 		else
6180 			preamble = WMI_VDEV_PREAMBLE_LONG;
6181 
6182 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6183 			   "mac vdev %d preamble %dn",
6184 			   arvif->vdev_id, preamble);
6185 
6186 		vdev_param = ar->wmi.vdev_param->preamble;
6187 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6188 						preamble);
6189 		if (ret)
6190 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
6191 				    arvif->vdev_id, ret);
6192 	}
6193 
6194 	if (changed & BSS_CHANGED_ASSOC) {
6195 		if (info->assoc) {
6196 			/* Workaround: Make sure monitor vdev is not running
6197 			 * when associating to prevent some firmware revisions
6198 			 * (e.g. 10.1 and 10.2) from crashing.
6199 			 */
6200 			if (ar->monitor_started)
6201 				ath10k_monitor_stop(ar);
6202 			ath10k_bss_assoc(hw, vif, info);
6203 			ath10k_monitor_recalc(ar);
6204 		} else {
6205 			ath10k_bss_disassoc(hw, vif);
6206 		}
6207 	}
6208 
6209 	if (changed & BSS_CHANGED_TXPOWER) {
6210 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
6211 			   arvif->vdev_id, info->txpower);
6212 
6213 		arvif->txpower = info->txpower;
6214 		ret = ath10k_mac_txpower_recalc(ar);
6215 		if (ret)
6216 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6217 	}
6218 
6219 	if (changed & BSS_CHANGED_PS) {
6220 		arvif->ps = vif->bss_conf.ps;
6221 
6222 		ret = ath10k_config_ps(ar);
6223 		if (ret)
6224 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
6225 				    arvif->vdev_id, ret);
6226 	}
6227 
6228 	if (changed & BSS_CHANGED_MCAST_RATE &&
6229 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
6230 		band = def.chan->band;
6231 		mcast_rate = vif->bss_conf.mcast_rate[band];
6232 		if (mcast_rate > 0)
6233 			rateidx = mcast_rate - 1;
6234 		else
6235 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
6236 
6237 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6238 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6239 
6240 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
6241 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
6242 		if (ath10k_mac_bitrate_is_cck(bitrate))
6243 			preamble = WMI_RATE_PREAMBLE_CCK;
6244 		else
6245 			preamble = WMI_RATE_PREAMBLE_OFDM;
6246 
6247 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
6248 
6249 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6250 			   "mac vdev %d mcast_rate %x\n",
6251 			   arvif->vdev_id, rate);
6252 
6253 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
6254 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6255 						vdev_param, rate);
6256 		if (ret)
6257 			ath10k_warn(ar,
6258 				    "failed to set mcast rate on vdev %i: %d\n",
6259 				    arvif->vdev_id,  ret);
6260 
6261 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
6262 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6263 						vdev_param, rate);
6264 		if (ret)
6265 			ath10k_warn(ar,
6266 				    "failed to set bcast rate on vdev %i: %d\n",
6267 				    arvif->vdev_id,  ret);
6268 	}
6269 
6270 	if (changed & BSS_CHANGED_BASIC_RATES &&
6271 	    !ath10k_mac_vif_chan(arvif->vif, &def))
6272 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
6273 
6274 	mutex_unlock(&ar->conf_mutex);
6275 }
6276 
6277 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
6278 {
6279 	struct ath10k *ar = hw->priv;
6280 
6281 	/* This function should never be called if setting the coverage class
6282 	 * is not supported on this hardware.
6283 	 */
6284 	if (!ar->hw_params.hw_ops->set_coverage_class) {
6285 		WARN_ON_ONCE(1);
6286 		return;
6287 	}
6288 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
6289 }
6290 
6291 struct ath10k_mac_tdls_iter_data {
6292 	u32 num_tdls_stations;
6293 	struct ieee80211_vif *curr_vif;
6294 };
6295 
6296 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6297 						    struct ieee80211_sta *sta)
6298 {
6299 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6300 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6301 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6302 
6303 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6304 		iter_data->num_tdls_stations++;
6305 }
6306 
6307 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6308 					      struct ieee80211_vif *vif)
6309 {
6310 	struct ath10k_mac_tdls_iter_data data = {};
6311 
6312 	data.curr_vif = vif;
6313 
6314 	ieee80211_iterate_stations_atomic(hw,
6315 					  ath10k_mac_tdls_vif_stations_count_iter,
6316 					  &data);
6317 	return data.num_tdls_stations;
6318 }
6319 
6320 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6321 			  struct ieee80211_vif *vif,
6322 			  struct ieee80211_scan_request *hw_req)
6323 {
6324 	struct ath10k *ar = hw->priv;
6325 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6326 	struct cfg80211_scan_request *req = &hw_req->req;
6327 	struct wmi_start_scan_arg arg;
6328 	int ret = 0;
6329 	int i;
6330 	u32 scan_timeout;
6331 
6332 	mutex_lock(&ar->conf_mutex);
6333 
6334 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6335 		ret = -EBUSY;
6336 		goto exit;
6337 	}
6338 
6339 	spin_lock_bh(&ar->data_lock);
6340 	switch (ar->scan.state) {
6341 	case ATH10K_SCAN_IDLE:
6342 		reinit_completion(&ar->scan.started);
6343 		reinit_completion(&ar->scan.completed);
6344 		ar->scan.state = ATH10K_SCAN_STARTING;
6345 		ar->scan.is_roc = false;
6346 		ar->scan.vdev_id = arvif->vdev_id;
6347 		ret = 0;
6348 		break;
6349 	case ATH10K_SCAN_STARTING:
6350 	case ATH10K_SCAN_RUNNING:
6351 	case ATH10K_SCAN_ABORTING:
6352 		ret = -EBUSY;
6353 		break;
6354 	}
6355 	spin_unlock_bh(&ar->data_lock);
6356 
6357 	if (ret)
6358 		goto exit;
6359 
6360 	memset(&arg, 0, sizeof(arg));
6361 	ath10k_wmi_start_scan_init(ar, &arg);
6362 	arg.vdev_id = arvif->vdev_id;
6363 	arg.scan_id = ATH10K_SCAN_ID;
6364 
6365 	if (req->ie_len) {
6366 		arg.ie_len = req->ie_len;
6367 		memcpy(arg.ie, req->ie, arg.ie_len);
6368 	}
6369 
6370 	if (req->n_ssids) {
6371 		arg.n_ssids = req->n_ssids;
6372 		for (i = 0; i < arg.n_ssids; i++) {
6373 			arg.ssids[i].len  = req->ssids[i].ssid_len;
6374 			arg.ssids[i].ssid = req->ssids[i].ssid;
6375 		}
6376 	} else {
6377 		arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6378 	}
6379 
6380 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6381 		arg.scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6382 		ether_addr_copy(arg.mac_addr.addr, req->mac_addr);
6383 		ether_addr_copy(arg.mac_mask.addr, req->mac_addr_mask);
6384 	}
6385 
6386 	if (req->n_channels) {
6387 		arg.n_channels = req->n_channels;
6388 		for (i = 0; i < arg.n_channels; i++)
6389 			arg.channels[i] = req->channels[i]->center_freq;
6390 	}
6391 
6392 	/* if duration is set, default dwell times will be overwritten */
6393 	if (req->duration) {
6394 		arg.dwell_time_active = req->duration;
6395 		arg.dwell_time_passive = req->duration;
6396 		arg.burst_duration_ms = req->duration;
6397 
6398 		scan_timeout = min_t(u32, arg.max_rest_time *
6399 				(arg.n_channels - 1) + (req->duration +
6400 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6401 				arg.n_channels, arg.max_scan_time);
6402 	} else {
6403 		scan_timeout = arg.max_scan_time;
6404 	}
6405 
6406 	/* Add a 200ms margin to account for event/command processing */
6407 	scan_timeout += 200;
6408 
6409 	ret = ath10k_start_scan(ar, &arg);
6410 	if (ret) {
6411 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6412 		spin_lock_bh(&ar->data_lock);
6413 		ar->scan.state = ATH10K_SCAN_IDLE;
6414 		spin_unlock_bh(&ar->data_lock);
6415 	}
6416 
6417 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6418 				     msecs_to_jiffies(scan_timeout));
6419 
6420 exit:
6421 	mutex_unlock(&ar->conf_mutex);
6422 	return ret;
6423 }
6424 
6425 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6426 				  struct ieee80211_vif *vif)
6427 {
6428 	struct ath10k *ar = hw->priv;
6429 
6430 	mutex_lock(&ar->conf_mutex);
6431 	ath10k_scan_abort(ar);
6432 	mutex_unlock(&ar->conf_mutex);
6433 
6434 	cancel_delayed_work_sync(&ar->scan.timeout);
6435 }
6436 
6437 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6438 					struct ath10k_vif *arvif,
6439 					enum set_key_cmd cmd,
6440 					struct ieee80211_key_conf *key)
6441 {
6442 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6443 	int ret;
6444 
6445 	/* 10.1 firmware branch requires default key index to be set to group
6446 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6447 	 * frames with multi-vif APs. This is not required for main firmware
6448 	 * branch (e.g. 636).
6449 	 *
6450 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6451 	 *
6452 	 * FIXME: It remains unknown if this is required for multi-vif STA
6453 	 * interfaces on 10.1.
6454 	 */
6455 
6456 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6457 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6458 		return;
6459 
6460 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6461 		return;
6462 
6463 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6464 		return;
6465 
6466 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6467 		return;
6468 
6469 	if (cmd != SET_KEY)
6470 		return;
6471 
6472 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6473 					key->keyidx);
6474 	if (ret)
6475 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6476 			    arvif->vdev_id, ret);
6477 }
6478 
6479 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6480 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6481 			  struct ieee80211_key_conf *key)
6482 {
6483 	struct ath10k *ar = hw->priv;
6484 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6485 	struct ath10k_sta *arsta;
6486 	struct ath10k_peer *peer;
6487 	const u8 *peer_addr;
6488 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6489 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6490 	int ret = 0;
6491 	int ret2;
6492 	u32 flags = 0;
6493 	u32 flags2;
6494 
6495 	/* this one needs to be done in software */
6496 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6497 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6498 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6499 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6500 		return 1;
6501 
6502 	if (arvif->nohwcrypt)
6503 		return 1;
6504 
6505 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6506 		return -ENOSPC;
6507 
6508 	mutex_lock(&ar->conf_mutex);
6509 
6510 	if (sta) {
6511 		arsta = (struct ath10k_sta *)sta->drv_priv;
6512 		peer_addr = sta->addr;
6513 		spin_lock_bh(&ar->data_lock);
6514 		arsta->ucast_cipher = key->cipher;
6515 		spin_unlock_bh(&ar->data_lock);
6516 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
6517 		peer_addr = vif->bss_conf.bssid;
6518 	} else {
6519 		peer_addr = vif->addr;
6520 	}
6521 
6522 	key->hw_key_idx = key->keyidx;
6523 
6524 	if (is_wep) {
6525 		if (cmd == SET_KEY)
6526 			arvif->wep_keys[key->keyidx] = key;
6527 		else
6528 			arvif->wep_keys[key->keyidx] = NULL;
6529 	}
6530 
6531 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6532 	 * we already hold conf_mutex. we just make sure its there now.
6533 	 */
6534 	spin_lock_bh(&ar->data_lock);
6535 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6536 	spin_unlock_bh(&ar->data_lock);
6537 
6538 	if (!peer) {
6539 		if (cmd == SET_KEY) {
6540 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6541 				    peer_addr);
6542 			ret = -EOPNOTSUPP;
6543 			goto exit;
6544 		} else {
6545 			/* if the peer doesn't exist there is no key to disable anymore */
6546 			goto exit;
6547 		}
6548 	}
6549 
6550 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6551 		flags |= WMI_KEY_PAIRWISE;
6552 	else
6553 		flags |= WMI_KEY_GROUP;
6554 
6555 	if (is_wep) {
6556 		if (cmd == DISABLE_KEY)
6557 			ath10k_clear_vdev_key(arvif, key);
6558 
6559 		/* When WEP keys are uploaded it's possible that there are
6560 		 * stations associated already (e.g. when merging) without any
6561 		 * keys. Static WEP needs an explicit per-peer key upload.
6562 		 */
6563 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6564 		    cmd == SET_KEY)
6565 			ath10k_mac_vif_update_wep_key(arvif, key);
6566 
6567 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6568 		 * call changes default tx key.
6569 		 *
6570 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6571 		 * after first set_key().
6572 		 */
6573 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6574 			flags |= WMI_KEY_TX_USAGE;
6575 	}
6576 
6577 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6578 	if (ret) {
6579 		WARN_ON(ret > 0);
6580 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6581 			    arvif->vdev_id, peer_addr, ret);
6582 		goto exit;
6583 	}
6584 
6585 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6586 	 * them to be installed twice as both pairwise and groupwise.
6587 	 */
6588 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6589 		flags2 = flags;
6590 		flags2 &= ~WMI_KEY_GROUP;
6591 		flags2 |= WMI_KEY_PAIRWISE;
6592 
6593 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6594 		if (ret) {
6595 			WARN_ON(ret > 0);
6596 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6597 				    arvif->vdev_id, peer_addr, ret);
6598 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6599 						  peer_addr, flags);
6600 			if (ret2) {
6601 				WARN_ON(ret2 > 0);
6602 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6603 					    arvif->vdev_id, peer_addr, ret2);
6604 			}
6605 			goto exit;
6606 		}
6607 	}
6608 
6609 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6610 
6611 	spin_lock_bh(&ar->data_lock);
6612 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6613 	if (peer && cmd == SET_KEY)
6614 		peer->keys[key->keyidx] = key;
6615 	else if (peer && cmd == DISABLE_KEY)
6616 		peer->keys[key->keyidx] = NULL;
6617 	else if (peer == NULL)
6618 		/* impossible unless FW goes crazy */
6619 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6620 	spin_unlock_bh(&ar->data_lock);
6621 
6622 	if (sta && sta->tdls)
6623 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6624 					  ar->wmi.peer_param->authorize, 1);
6625 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6626 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6627 					  ar->wmi.peer_param->authorize, 1);
6628 
6629 exit:
6630 	mutex_unlock(&ar->conf_mutex);
6631 	return ret;
6632 }
6633 
6634 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6635 					   struct ieee80211_vif *vif,
6636 					   int keyidx)
6637 {
6638 	struct ath10k *ar = hw->priv;
6639 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6640 	int ret;
6641 
6642 	mutex_lock(&arvif->ar->conf_mutex);
6643 
6644 	if (arvif->ar->state != ATH10K_STATE_ON)
6645 		goto unlock;
6646 
6647 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6648 		   arvif->vdev_id, keyidx);
6649 
6650 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6651 					arvif->vdev_id,
6652 					arvif->ar->wmi.vdev_param->def_keyid,
6653 					keyidx);
6654 
6655 	if (ret) {
6656 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6657 			    arvif->vdev_id,
6658 			    ret);
6659 		goto unlock;
6660 	}
6661 
6662 	arvif->def_wep_key_idx = keyidx;
6663 
6664 unlock:
6665 	mutex_unlock(&arvif->ar->conf_mutex);
6666 }
6667 
6668 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6669 {
6670 	struct ath10k *ar;
6671 	struct ath10k_vif *arvif;
6672 	struct ath10k_sta *arsta;
6673 	struct ieee80211_sta *sta;
6674 	struct cfg80211_chan_def def;
6675 	enum nl80211_band band;
6676 	const u8 *ht_mcs_mask;
6677 	const u16 *vht_mcs_mask;
6678 	u32 changed, bw, nss, smps;
6679 	int err;
6680 
6681 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6682 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6683 	arvif = arsta->arvif;
6684 	ar = arvif->ar;
6685 
6686 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6687 		return;
6688 
6689 	band = def.chan->band;
6690 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6691 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6692 
6693 	spin_lock_bh(&ar->data_lock);
6694 
6695 	changed = arsta->changed;
6696 	arsta->changed = 0;
6697 
6698 	bw = arsta->bw;
6699 	nss = arsta->nss;
6700 	smps = arsta->smps;
6701 
6702 	spin_unlock_bh(&ar->data_lock);
6703 
6704 	mutex_lock(&ar->conf_mutex);
6705 
6706 	nss = max_t(u32, 1, nss);
6707 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6708 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6709 
6710 	if (changed & IEEE80211_RC_BW_CHANGED) {
6711 		enum wmi_phy_mode mode;
6712 
6713 		mode = chan_to_phymode(&def);
6714 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM peer bw %d phymode %d\n",
6715 			   sta->addr, bw, mode);
6716 
6717 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6718 						ar->wmi.peer_param->phymode, mode);
6719 		if (err) {
6720 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6721 				    sta->addr, mode, err);
6722 			goto exit;
6723 		}
6724 
6725 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6726 						ar->wmi.peer_param->chan_width, bw);
6727 		if (err)
6728 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6729 				    sta->addr, bw, err);
6730 	}
6731 
6732 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6733 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM nss %d\n",
6734 			   sta->addr, nss);
6735 
6736 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6737 						ar->wmi.peer_param->nss, nss);
6738 		if (err)
6739 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6740 				    sta->addr, nss, err);
6741 	}
6742 
6743 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6744 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM smps %d\n",
6745 			   sta->addr, smps);
6746 
6747 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6748 						ar->wmi.peer_param->smps_state, smps);
6749 		if (err)
6750 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6751 				    sta->addr, smps, err);
6752 	}
6753 
6754 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6755 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM supp rates\n",
6756 			   sta->addr);
6757 
6758 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6759 		if (err)
6760 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6761 				    sta->addr);
6762 	}
6763 
6764 exit:
6765 	mutex_unlock(&ar->conf_mutex);
6766 }
6767 
6768 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6769 				       struct ieee80211_sta *sta)
6770 {
6771 	struct ath10k *ar = arvif->ar;
6772 
6773 	lockdep_assert_held(&ar->conf_mutex);
6774 
6775 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6776 		return 0;
6777 
6778 	if (ar->num_stations >= ar->max_num_stations)
6779 		return -ENOBUFS;
6780 
6781 	ar->num_stations++;
6782 
6783 	return 0;
6784 }
6785 
6786 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6787 					struct ieee80211_sta *sta)
6788 {
6789 	struct ath10k *ar = arvif->ar;
6790 
6791 	lockdep_assert_held(&ar->conf_mutex);
6792 
6793 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6794 		return;
6795 
6796 	ar->num_stations--;
6797 }
6798 
6799 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6800 				struct ieee80211_vif *vif,
6801 				struct ieee80211_sta *sta)
6802 {
6803 	struct ath10k *ar = hw->priv;
6804 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6805 	int ret = 0;
6806 	s16 txpwr;
6807 
6808 	if (sta->deflink.txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6809 		txpwr = 0;
6810 	} else {
6811 		txpwr = sta->deflink.txpwr.power;
6812 		if (!txpwr)
6813 			return -EINVAL;
6814 	}
6815 
6816 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6817 		return -EINVAL;
6818 
6819 	mutex_lock(&ar->conf_mutex);
6820 
6821 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6822 					ar->wmi.peer_param->use_fixed_power, txpwr);
6823 	if (ret) {
6824 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6825 			    ret);
6826 		goto out;
6827 	}
6828 
6829 out:
6830 	mutex_unlock(&ar->conf_mutex);
6831 	return ret;
6832 }
6833 
6834 struct ath10k_mac_iter_tid_conf_data {
6835 	struct ieee80211_vif *curr_vif;
6836 	struct ath10k *ar;
6837 	bool reset_config;
6838 };
6839 
6840 static bool
6841 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6842 					enum nl80211_band band,
6843 					const struct cfg80211_bitrate_mask *mask,
6844 					int *vht_num_rates)
6845 {
6846 	int num_rates = 0;
6847 	int i, tmp;
6848 
6849 	num_rates += hweight32(mask->control[band].legacy);
6850 
6851 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6852 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6853 
6854 	*vht_num_rates = 0;
6855 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6856 		tmp = hweight16(mask->control[band].vht_mcs[i]);
6857 		num_rates += tmp;
6858 		*vht_num_rates += tmp;
6859 	}
6860 
6861 	return num_rates == 1;
6862 }
6863 
6864 static int
6865 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6866 					enum nl80211_band band,
6867 					const struct cfg80211_bitrate_mask *mask,
6868 					u8 *rate, u8 *nss, bool vht_only)
6869 {
6870 	int rate_idx;
6871 	int i;
6872 	u16 bitrate;
6873 	u8 preamble;
6874 	u8 hw_rate;
6875 
6876 	if (vht_only)
6877 		goto next;
6878 
6879 	if (hweight32(mask->control[band].legacy) == 1) {
6880 		rate_idx = ffs(mask->control[band].legacy) - 1;
6881 
6882 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6883 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6884 
6885 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
6886 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
6887 
6888 		if (ath10k_mac_bitrate_is_cck(bitrate))
6889 			preamble = WMI_RATE_PREAMBLE_CCK;
6890 		else
6891 			preamble = WMI_RATE_PREAMBLE_OFDM;
6892 
6893 		*nss = 1;
6894 		*rate = preamble << 6 |
6895 			(*nss - 1) << 4 |
6896 			hw_rate << 0;
6897 
6898 		return 0;
6899 	}
6900 
6901 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6902 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6903 			*nss = i + 1;
6904 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6905 				(*nss - 1) << 4 |
6906 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6907 
6908 			return 0;
6909 		}
6910 	}
6911 
6912 next:
6913 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6914 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6915 			*nss = i + 1;
6916 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6917 				(*nss - 1) << 4 |
6918 				(ffs(mask->control[band].vht_mcs[i]) - 1);
6919 
6920 			return 0;
6921 		}
6922 	}
6923 
6924 	return -EINVAL;
6925 }
6926 
6927 static int ath10k_mac_validate_rate_mask(struct ath10k *ar,
6928 					 struct ieee80211_sta *sta,
6929 					 u32 rate_ctrl_flag, u8 nss)
6930 {
6931 	struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
6932 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
6933 
6934 	if (nss > sta->deflink.rx_nss) {
6935 		ath10k_warn(ar, "Invalid nss field, configured %u limit %u\n",
6936 			    nss, sta->deflink.rx_nss);
6937 		return -EINVAL;
6938 	}
6939 
6940 	if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_VHT) {
6941 		if (!vht_cap->vht_supported) {
6942 			ath10k_warn(ar, "Invalid VHT rate for sta %pM\n",
6943 				    sta->addr);
6944 			return -EINVAL;
6945 		}
6946 	} else if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_HT) {
6947 		if (!ht_cap->ht_supported || vht_cap->vht_supported) {
6948 			ath10k_warn(ar, "Invalid HT rate for sta %pM\n",
6949 				    sta->addr);
6950 			return -EINVAL;
6951 		}
6952 	} else {
6953 		if (ht_cap->ht_supported || vht_cap->vht_supported)
6954 			return -EINVAL;
6955 	}
6956 
6957 	return 0;
6958 }
6959 
6960 static int
6961 ath10k_mac_tid_bitrate_config(struct ath10k *ar,
6962 			      struct ieee80211_vif *vif,
6963 			      struct ieee80211_sta *sta,
6964 			      u32 *rate_ctrl_flag, u8 *rate_ctrl,
6965 			      enum nl80211_tx_rate_setting txrate_type,
6966 			      const struct cfg80211_bitrate_mask *mask)
6967 {
6968 	struct cfg80211_chan_def def;
6969 	enum nl80211_band band;
6970 	u8 nss, rate;
6971 	int vht_num_rates, ret;
6972 
6973 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
6974 		return -EINVAL;
6975 
6976 	if (txrate_type == NL80211_TX_RATE_AUTOMATIC) {
6977 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
6978 		*rate_ctrl_flag = 0;
6979 		return 0;
6980 	}
6981 
6982 	band = def.chan->band;
6983 
6984 	if (!ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
6985 						     &vht_num_rates)) {
6986 		return -EINVAL;
6987 	}
6988 
6989 	ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
6990 						      &rate, &nss, false);
6991 	if (ret) {
6992 		ath10k_warn(ar, "failed to get single rate: %d\n",
6993 			    ret);
6994 		return ret;
6995 	}
6996 
6997 	*rate_ctrl_flag = rate;
6998 
6999 	if (sta && ath10k_mac_validate_rate_mask(ar, sta, *rate_ctrl_flag, nss))
7000 		return -EINVAL;
7001 
7002 	if (txrate_type == NL80211_TX_RATE_FIXED)
7003 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_FIXED_RATE;
7004 	else if (txrate_type == NL80211_TX_RATE_LIMITED &&
7005 		 (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
7006 			   ar->wmi.svc_map)))
7007 		*rate_ctrl = WMI_PEER_TID_CONFIG_RATE_UPPER_CAP;
7008 	else
7009 		return -EOPNOTSUPP;
7010 
7011 	return 0;
7012 }
7013 
7014 static int ath10k_mac_set_tid_config(struct ath10k *ar, struct ieee80211_sta *sta,
7015 				     struct ieee80211_vif *vif, u32 changed,
7016 				     struct wmi_per_peer_per_tid_cfg_arg *arg)
7017 {
7018 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7019 	struct ath10k_sta *arsta;
7020 	int ret;
7021 
7022 	if (sta) {
7023 		if (!sta->wme)
7024 			return -ENOTSUPP;
7025 
7026 		arsta = (struct ath10k_sta *)sta->drv_priv;
7027 
7028 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7029 			if ((arsta->retry_long[arg->tid] > 0 ||
7030 			     arsta->rate_code[arg->tid] > 0 ||
7031 			     arsta->ampdu[arg->tid] ==
7032 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7033 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7034 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7035 				arg->ack_policy = 0;
7036 				arg->aggr_control = 0;
7037 				arg->rate_ctrl = 0;
7038 				arg->rcode_flags = 0;
7039 			}
7040 		}
7041 
7042 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7043 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7044 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7045 				arg->aggr_control = 0;
7046 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7047 			}
7048 		}
7049 
7050 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7051 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7052 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7053 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7054 				arg->rate_ctrl = 0;
7055 				arg->rcode_flags = 0;
7056 			}
7057 		}
7058 
7059 		ether_addr_copy(arg->peer_macaddr.addr, sta->addr);
7060 
7061 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, arg);
7062 		if (ret)
7063 			return ret;
7064 
7065 		/* Store the configured parameters in success case */
7066 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7067 			arsta->noack[arg->tid] = arg->ack_policy;
7068 			arg->ack_policy = 0;
7069 			arg->aggr_control = 0;
7070 			arg->rate_ctrl = 0;
7071 			arg->rcode_flags = 0;
7072 		}
7073 
7074 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7075 			arsta->retry_long[arg->tid] = arg->retry_count;
7076 			arg->retry_count = 0;
7077 		}
7078 
7079 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7080 			arsta->ampdu[arg->tid] = arg->aggr_control;
7081 			arg->aggr_control = 0;
7082 		}
7083 
7084 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7085 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7086 			arsta->rate_ctrl[arg->tid] = arg->rate_ctrl;
7087 			arg->rate_ctrl = 0;
7088 			arg->rcode_flags = 0;
7089 		}
7090 
7091 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7092 			arsta->rtscts[arg->tid] = arg->rtscts_ctrl;
7093 			arg->ext_tid_cfg_bitmap = 0;
7094 		}
7095 	} else {
7096 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7097 			if ((arvif->retry_long[arg->tid] ||
7098 			     arvif->rate_code[arg->tid] ||
7099 			     arvif->ampdu[arg->tid] ==
7100 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7101 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7102 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7103 			} else {
7104 				arvif->noack[arg->tid] = arg->ack_policy;
7105 				arvif->ampdu[arg->tid] = arg->aggr_control;
7106 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7107 			}
7108 		}
7109 
7110 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7111 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7112 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7113 			else
7114 				arvif->retry_long[arg->tid] = arg->retry_count;
7115 		}
7116 
7117 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7118 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7119 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
7120 			else
7121 				arvif->ampdu[arg->tid] = arg->aggr_control;
7122 		}
7123 
7124 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7125 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7126 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7127 				changed &= ~(BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7128 					     BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE));
7129 			} else {
7130 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7131 				arvif->rate_code[arg->tid] = arg->rcode_flags;
7132 			}
7133 		}
7134 
7135 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7136 			arvif->rtscts[arg->tid] = arg->rtscts_ctrl;
7137 			arg->ext_tid_cfg_bitmap = 0;
7138 		}
7139 
7140 		if (changed)
7141 			arvif->tid_conf_changed[arg->tid] |= changed;
7142 	}
7143 
7144 	return 0;
7145 }
7146 
7147 static int
7148 ath10k_mac_parse_tid_config(struct ath10k *ar,
7149 			    struct ieee80211_sta *sta,
7150 			    struct ieee80211_vif *vif,
7151 			    struct cfg80211_tid_cfg *tid_conf,
7152 			    struct wmi_per_peer_per_tid_cfg_arg *arg)
7153 {
7154 	u32 changed = tid_conf->mask;
7155 	int ret = 0, i = 0;
7156 
7157 	if (!changed)
7158 		return -EINVAL;
7159 
7160 	while (i < ATH10K_TID_MAX) {
7161 		if (!(tid_conf->tids & BIT(i))) {
7162 			i++;
7163 			continue;
7164 		}
7165 
7166 		arg->tid = i;
7167 
7168 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7169 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE) {
7170 				arg->ack_policy = WMI_PEER_TID_CONFIG_NOACK;
7171 				arg->rate_ctrl =
7172 				WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
7173 				arg->aggr_control =
7174 					WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7175 			} else {
7176 				arg->ack_policy =
7177 					WMI_PEER_TID_CONFIG_ACK;
7178 				arg->rate_ctrl =
7179 					WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7180 				arg->aggr_control =
7181 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7182 			}
7183 		}
7184 
7185 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG))
7186 			arg->retry_count = tid_conf->retry_long;
7187 
7188 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7189 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE)
7190 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7191 			else
7192 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7193 		}
7194 
7195 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7196 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7197 			ret = ath10k_mac_tid_bitrate_config(ar, vif, sta,
7198 							    &arg->rcode_flags,
7199 							    &arg->rate_ctrl,
7200 							    tid_conf->txrate_type,
7201 							&tid_conf->txrate_mask);
7202 			if (ret) {
7203 				ath10k_warn(ar, "failed to configure bitrate mask %d\n",
7204 					    ret);
7205 				arg->rcode_flags = 0;
7206 				arg->rate_ctrl = 0;
7207 			}
7208 		}
7209 
7210 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7211 			if (tid_conf->rtscts)
7212 				arg->rtscts_ctrl = tid_conf->rtscts;
7213 
7214 			arg->ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7215 		}
7216 
7217 		ret = ath10k_mac_set_tid_config(ar, sta, vif, changed, arg);
7218 		if (ret)
7219 			return ret;
7220 		i++;
7221 	}
7222 
7223 	return ret;
7224 }
7225 
7226 static int ath10k_mac_reset_tid_config(struct ath10k *ar,
7227 				       struct ieee80211_sta *sta,
7228 				       struct ath10k_vif *arvif,
7229 				       u8 tids)
7230 {
7231 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7232 	struct wmi_per_peer_per_tid_cfg_arg arg;
7233 	int ret = 0, i = 0;
7234 
7235 	arg.vdev_id = arvif->vdev_id;
7236 	while (i < ATH10K_TID_MAX) {
7237 		if (!(tids & BIT(i))) {
7238 			i++;
7239 			continue;
7240 		}
7241 
7242 		arg.tid = i;
7243 		arg.ack_policy = WMI_PEER_TID_CONFIG_ACK;
7244 		arg.retry_count = ATH10K_MAX_RETRY_COUNT;
7245 		arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7246 		arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7247 		arg.rtscts_ctrl = WMI_TID_CONFIG_RTSCTS_CONTROL_ENABLE;
7248 		arg.ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7249 
7250 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7251 
7252 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7253 		if (ret)
7254 			return ret;
7255 
7256 		if (!arvif->tids_rst) {
7257 			arsta->retry_long[i] = -1;
7258 			arsta->noack[i] = -1;
7259 			arsta->ampdu[i] = -1;
7260 			arsta->rate_code[i] = -1;
7261 			arsta->rate_ctrl[i] = 0;
7262 			arsta->rtscts[i] = -1;
7263 		} else {
7264 			arvif->retry_long[i] = 0;
7265 			arvif->noack[i] = 0;
7266 			arvif->ampdu[i] = 0;
7267 			arvif->rate_code[i] = 0;
7268 			arvif->rate_ctrl[i] = 0;
7269 			arvif->rtscts[i] = 0;
7270 		}
7271 
7272 		i++;
7273 	}
7274 
7275 	return ret;
7276 }
7277 
7278 static void ath10k_sta_tid_cfg_wk(struct work_struct *wk)
7279 {
7280 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
7281 	struct ieee80211_sta *sta;
7282 	struct ath10k_sta *arsta;
7283 	struct ath10k_vif *arvif;
7284 	struct ath10k *ar;
7285 	bool config_apply;
7286 	int ret, i;
7287 	u32 changed;
7288 	u8 nss;
7289 
7290 	arsta = container_of(wk, struct ath10k_sta, tid_config_wk);
7291 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
7292 	arvif = arsta->arvif;
7293 	ar = arvif->ar;
7294 
7295 	mutex_lock(&ar->conf_mutex);
7296 
7297 	if (arvif->tids_rst) {
7298 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif,
7299 						  arvif->tids_rst);
7300 		goto exit;
7301 	}
7302 
7303 	ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7304 
7305 	for (i = 0; i < ATH10K_TID_MAX; i++) {
7306 		config_apply = false;
7307 		changed = arvif->tid_conf_changed[i];
7308 
7309 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7310 			if (arsta->noack[i] != -1) {
7311 				arg.ack_policy  = 0;
7312 			} else {
7313 				config_apply = true;
7314 				arg.ack_policy = arvif->noack[i];
7315 				arg.aggr_control = arvif->ampdu[i];
7316 				arg.rate_ctrl = arvif->rate_ctrl[i];
7317 			}
7318 		}
7319 
7320 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7321 			if (arsta->retry_long[i] != -1 ||
7322 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7323 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7324 				arg.retry_count = 0;
7325 			} else {
7326 				arg.retry_count = arvif->retry_long[i];
7327 				config_apply = true;
7328 			}
7329 		}
7330 
7331 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7332 			if (arsta->ampdu[i] != -1 ||
7333 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7334 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7335 				arg.aggr_control = 0;
7336 			} else {
7337 				arg.aggr_control = arvif->ampdu[i];
7338 				config_apply = true;
7339 			}
7340 		}
7341 
7342 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7343 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7344 			nss = ATH10K_HW_NSS(arvif->rate_code[i]);
7345 			ret = ath10k_mac_validate_rate_mask(ar, sta,
7346 							    arvif->rate_code[i],
7347 							    nss);
7348 			if (ret &&
7349 			    arvif->rate_ctrl[i] > WMI_TID_CONFIG_RATE_CONTROL_AUTO) {
7350 				arg.rate_ctrl = 0;
7351 				arg.rcode_flags = 0;
7352 			}
7353 
7354 			if (arsta->rate_ctrl[i] >
7355 			    WMI_TID_CONFIG_RATE_CONTROL_AUTO ||
7356 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7357 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7358 				arg.rate_ctrl = 0;
7359 				arg.rcode_flags = 0;
7360 			} else {
7361 				arg.rate_ctrl = arvif->rate_ctrl[i];
7362 				arg.rcode_flags = arvif->rate_code[i];
7363 				config_apply = true;
7364 			}
7365 		}
7366 
7367 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7368 			if (arsta->rtscts[i]) {
7369 				arg.rtscts_ctrl = 0;
7370 				arg.ext_tid_cfg_bitmap = 0;
7371 			} else {
7372 				arg.rtscts_ctrl = arvif->rtscts[i] - 1;
7373 				arg.ext_tid_cfg_bitmap =
7374 					WMI_EXT_TID_RTS_CTS_CONFIG;
7375 				config_apply = true;
7376 			}
7377 		}
7378 
7379 		arg.tid = i;
7380 
7381 		if (config_apply) {
7382 			ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7383 			if (ret)
7384 				ath10k_warn(ar, "failed to set per tid config for sta %pM: %d\n",
7385 					    sta->addr, ret);
7386 		}
7387 
7388 		arg.ack_policy  = 0;
7389 		arg.retry_count  = 0;
7390 		arg.aggr_control  = 0;
7391 		arg.rate_ctrl = 0;
7392 		arg.rcode_flags = 0;
7393 	}
7394 
7395 exit:
7396 	mutex_unlock(&ar->conf_mutex);
7397 }
7398 
7399 static void ath10k_mac_vif_stations_tid_conf(void *data,
7400 					     struct ieee80211_sta *sta)
7401 {
7402 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7403 	struct ath10k_mac_iter_tid_conf_data *iter_data = data;
7404 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
7405 
7406 	if (sta_vif != iter_data->curr_vif || !sta->wme)
7407 		return;
7408 
7409 	ieee80211_queue_work(iter_data->ar->hw, &arsta->tid_config_wk);
7410 }
7411 
7412 static int ath10k_sta_state(struct ieee80211_hw *hw,
7413 			    struct ieee80211_vif *vif,
7414 			    struct ieee80211_sta *sta,
7415 			    enum ieee80211_sta_state old_state,
7416 			    enum ieee80211_sta_state new_state)
7417 {
7418 	struct ath10k *ar = hw->priv;
7419 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7420 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7421 	struct ath10k_peer *peer;
7422 	int ret = 0;
7423 	int i;
7424 
7425 	if (old_state == IEEE80211_STA_NOTEXIST &&
7426 	    new_state == IEEE80211_STA_NONE) {
7427 		memset(arsta, 0, sizeof(*arsta));
7428 		arsta->arvif = arvif;
7429 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
7430 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
7431 		INIT_WORK(&arsta->tid_config_wk, ath10k_sta_tid_cfg_wk);
7432 
7433 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7434 			ath10k_mac_txq_init(sta->txq[i]);
7435 	}
7436 
7437 	/* cancel must be done outside the mutex to avoid deadlock */
7438 	if ((old_state == IEEE80211_STA_NONE &&
7439 	     new_state == IEEE80211_STA_NOTEXIST)) {
7440 		cancel_work_sync(&arsta->update_wk);
7441 		cancel_work_sync(&arsta->tid_config_wk);
7442 	}
7443 
7444 	mutex_lock(&ar->conf_mutex);
7445 
7446 	if (old_state == IEEE80211_STA_NOTEXIST &&
7447 	    new_state == IEEE80211_STA_NONE) {
7448 		/*
7449 		 * New station addition.
7450 		 */
7451 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
7452 		u32 num_tdls_stations;
7453 
7454 		ath10k_dbg(ar, ATH10K_DBG_STA,
7455 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
7456 			   arvif->vdev_id, sta->addr,
7457 			   ar->num_stations + 1, ar->max_num_stations,
7458 			   ar->num_peers + 1, ar->max_num_peers);
7459 
7460 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
7461 
7462 		if (sta->tdls) {
7463 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
7464 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
7465 					    arvif->vdev_id,
7466 					    ar->max_num_tdls_vdevs);
7467 				ret = -ELNRNG;
7468 				goto exit;
7469 			}
7470 			peer_type = WMI_PEER_TYPE_TDLS;
7471 		}
7472 
7473 		ret = ath10k_mac_inc_num_stations(arvif, sta);
7474 		if (ret) {
7475 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
7476 				    ar->max_num_stations);
7477 			goto exit;
7478 		}
7479 
7480 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7481 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
7482 						  GFP_KERNEL);
7483 			if (!arsta->tx_stats) {
7484 				ath10k_mac_dec_num_stations(arvif, sta);
7485 				ret = -ENOMEM;
7486 				goto exit;
7487 			}
7488 		}
7489 
7490 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
7491 					 sta->addr, peer_type);
7492 		if (ret) {
7493 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
7494 				    sta->addr, arvif->vdev_id, ret);
7495 			ath10k_mac_dec_num_stations(arvif, sta);
7496 			kfree(arsta->tx_stats);
7497 			goto exit;
7498 		}
7499 
7500 		spin_lock_bh(&ar->data_lock);
7501 
7502 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7503 		if (!peer) {
7504 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
7505 				    vif->addr, arvif->vdev_id);
7506 			spin_unlock_bh(&ar->data_lock);
7507 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7508 			ath10k_mac_dec_num_stations(arvif, sta);
7509 			kfree(arsta->tx_stats);
7510 			ret = -ENOENT;
7511 			goto exit;
7512 		}
7513 
7514 		arsta->peer_id = find_first_bit(peer->peer_ids,
7515 						ATH10K_MAX_NUM_PEER_IDS);
7516 
7517 		spin_unlock_bh(&ar->data_lock);
7518 
7519 		if (!sta->tdls)
7520 			goto exit;
7521 
7522 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7523 						      WMI_TDLS_ENABLE_ACTIVE);
7524 		if (ret) {
7525 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7526 				    arvif->vdev_id, ret);
7527 			ath10k_peer_delete(ar, arvif->vdev_id,
7528 					   sta->addr);
7529 			ath10k_mac_dec_num_stations(arvif, sta);
7530 			kfree(arsta->tx_stats);
7531 			goto exit;
7532 		}
7533 
7534 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7535 						  WMI_TDLS_PEER_STATE_PEERING);
7536 		if (ret) {
7537 			ath10k_warn(ar,
7538 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
7539 				    sta->addr, arvif->vdev_id, ret);
7540 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7541 			ath10k_mac_dec_num_stations(arvif, sta);
7542 			kfree(arsta->tx_stats);
7543 
7544 			if (num_tdls_stations != 0)
7545 				goto exit;
7546 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7547 							WMI_TDLS_DISABLE);
7548 		}
7549 	} else if ((old_state == IEEE80211_STA_NONE &&
7550 		    new_state == IEEE80211_STA_NOTEXIST)) {
7551 		/*
7552 		 * Existing station deletion.
7553 		 */
7554 		ath10k_dbg(ar, ATH10K_DBG_STA,
7555 			   "mac vdev %d peer delete %pM sta %pK (sta gone)\n",
7556 			   arvif->vdev_id, sta->addr, sta);
7557 
7558 		if (sta->tdls) {
7559 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
7560 							  sta,
7561 							  WMI_TDLS_PEER_STATE_TEARDOWN);
7562 			if (ret)
7563 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
7564 					    sta->addr,
7565 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
7566 		}
7567 
7568 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7569 		if (ret)
7570 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
7571 				    sta->addr, arvif->vdev_id, ret);
7572 
7573 		ath10k_mac_dec_num_stations(arvif, sta);
7574 
7575 		spin_lock_bh(&ar->data_lock);
7576 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
7577 			peer = ar->peer_map[i];
7578 			if (!peer)
7579 				continue;
7580 
7581 			if (peer->sta == sta) {
7582 				ath10k_warn(ar, "found sta peer %pM (ptr %pK id %d) entry on vdev %i after it was supposedly removed\n",
7583 					    sta->addr, peer, i, arvif->vdev_id);
7584 				peer->sta = NULL;
7585 
7586 				/* Clean up the peer object as well since we
7587 				 * must have failed to do this above.
7588 				 */
7589 				list_del(&peer->list);
7590 				ar->peer_map[i] = NULL;
7591 				kfree(peer);
7592 				ar->num_peers--;
7593 			}
7594 		}
7595 		spin_unlock_bh(&ar->data_lock);
7596 
7597 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7598 			kfree(arsta->tx_stats);
7599 			arsta->tx_stats = NULL;
7600 		}
7601 
7602 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7603 			ath10k_mac_txq_unref(ar, sta->txq[i]);
7604 
7605 		if (!sta->tdls)
7606 			goto exit;
7607 
7608 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
7609 			goto exit;
7610 
7611 		/* This was the last tdls peer in current vif */
7612 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7613 						      WMI_TDLS_DISABLE);
7614 		if (ret) {
7615 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7616 				    arvif->vdev_id, ret);
7617 		}
7618 	} else if (old_state == IEEE80211_STA_AUTH &&
7619 		   new_state == IEEE80211_STA_ASSOC &&
7620 		   (vif->type == NL80211_IFTYPE_AP ||
7621 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
7622 		    vif->type == NL80211_IFTYPE_ADHOC)) {
7623 		/*
7624 		 * New association.
7625 		 */
7626 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM associated\n",
7627 			   sta->addr);
7628 
7629 		ret = ath10k_station_assoc(ar, vif, sta, false);
7630 		if (ret)
7631 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
7632 				    sta->addr, arvif->vdev_id, ret);
7633 	} else if (old_state == IEEE80211_STA_ASSOC &&
7634 		   new_state == IEEE80211_STA_AUTHORIZED &&
7635 		   sta->tdls) {
7636 		/*
7637 		 * Tdls station authorized.
7638 		 */
7639 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac tdls sta %pM authorized\n",
7640 			   sta->addr);
7641 
7642 		ret = ath10k_station_assoc(ar, vif, sta, false);
7643 		if (ret) {
7644 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
7645 				    sta->addr, arvif->vdev_id, ret);
7646 			goto exit;
7647 		}
7648 
7649 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7650 						  WMI_TDLS_PEER_STATE_CONNECTED);
7651 		if (ret)
7652 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
7653 				    sta->addr, arvif->vdev_id, ret);
7654 	} else if (old_state == IEEE80211_STA_ASSOC &&
7655 		    new_state == IEEE80211_STA_AUTH &&
7656 		    (vif->type == NL80211_IFTYPE_AP ||
7657 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
7658 		     vif->type == NL80211_IFTYPE_ADHOC)) {
7659 		/*
7660 		 * Disassociation.
7661 		 */
7662 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM disassociated\n",
7663 			   sta->addr);
7664 
7665 		ret = ath10k_station_disassoc(ar, vif, sta);
7666 		if (ret)
7667 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
7668 				    sta->addr, arvif->vdev_id, ret);
7669 	}
7670 exit:
7671 	mutex_unlock(&ar->conf_mutex);
7672 	return ret;
7673 }
7674 
7675 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
7676 				u16 ac, bool enable)
7677 {
7678 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7679 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
7680 	u32 prio = 0, acc = 0;
7681 	u32 value = 0;
7682 	int ret = 0;
7683 
7684 	lockdep_assert_held(&ar->conf_mutex);
7685 
7686 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
7687 		return 0;
7688 
7689 	switch (ac) {
7690 	case IEEE80211_AC_VO:
7691 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
7692 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
7693 		prio = 7;
7694 		acc = 3;
7695 		break;
7696 	case IEEE80211_AC_VI:
7697 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
7698 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
7699 		prio = 5;
7700 		acc = 2;
7701 		break;
7702 	case IEEE80211_AC_BE:
7703 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
7704 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
7705 		prio = 2;
7706 		acc = 1;
7707 		break;
7708 	case IEEE80211_AC_BK:
7709 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
7710 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
7711 		prio = 0;
7712 		acc = 0;
7713 		break;
7714 	}
7715 
7716 	if (enable)
7717 		arvif->u.sta.uapsd |= value;
7718 	else
7719 		arvif->u.sta.uapsd &= ~value;
7720 
7721 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7722 					  WMI_STA_PS_PARAM_UAPSD,
7723 					  arvif->u.sta.uapsd);
7724 	if (ret) {
7725 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
7726 		goto exit;
7727 	}
7728 
7729 	if (arvif->u.sta.uapsd)
7730 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
7731 	else
7732 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
7733 
7734 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7735 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
7736 					  value);
7737 	if (ret)
7738 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
7739 
7740 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
7741 	if (ret) {
7742 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
7743 			    arvif->vdev_id, ret);
7744 		return ret;
7745 	}
7746 
7747 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
7748 	if (ret) {
7749 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
7750 			    arvif->vdev_id, ret);
7751 		return ret;
7752 	}
7753 
7754 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
7755 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
7756 		/* Only userspace can make an educated decision when to send
7757 		 * trigger frame. The following effectively disables u-UAPSD
7758 		 * autotrigger in firmware (which is enabled by default
7759 		 * provided the autotrigger service is available).
7760 		 */
7761 
7762 		arg.wmm_ac = acc;
7763 		arg.user_priority = prio;
7764 		arg.service_interval = 0;
7765 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7766 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7767 
7768 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
7769 						arvif->bssid, &arg, 1);
7770 		if (ret) {
7771 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
7772 				    ret);
7773 			return ret;
7774 		}
7775 	}
7776 
7777 exit:
7778 	return ret;
7779 }
7780 
7781 static int ath10k_conf_tx(struct ieee80211_hw *hw,
7782 			  struct ieee80211_vif *vif, u16 ac,
7783 			  const struct ieee80211_tx_queue_params *params)
7784 {
7785 	struct ath10k *ar = hw->priv;
7786 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7787 	struct wmi_wmm_params_arg *p = NULL;
7788 	int ret;
7789 
7790 	mutex_lock(&ar->conf_mutex);
7791 
7792 	switch (ac) {
7793 	case IEEE80211_AC_VO:
7794 		p = &arvif->wmm_params.ac_vo;
7795 		break;
7796 	case IEEE80211_AC_VI:
7797 		p = &arvif->wmm_params.ac_vi;
7798 		break;
7799 	case IEEE80211_AC_BE:
7800 		p = &arvif->wmm_params.ac_be;
7801 		break;
7802 	case IEEE80211_AC_BK:
7803 		p = &arvif->wmm_params.ac_bk;
7804 		break;
7805 	}
7806 
7807 	if (WARN_ON(!p)) {
7808 		ret = -EINVAL;
7809 		goto exit;
7810 	}
7811 
7812 	p->cwmin = params->cw_min;
7813 	p->cwmax = params->cw_max;
7814 	p->aifs = params->aifs;
7815 
7816 	/*
7817 	 * The channel time duration programmed in the HW is in absolute
7818 	 * microseconds, while mac80211 gives the txop in units of
7819 	 * 32 microseconds.
7820 	 */
7821 	p->txop = params->txop * 32;
7822 
7823 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
7824 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
7825 					       &arvif->wmm_params);
7826 		if (ret) {
7827 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
7828 				    arvif->vdev_id, ret);
7829 			goto exit;
7830 		}
7831 	} else {
7832 		/* This won't work well with multi-interface cases but it's
7833 		 * better than nothing.
7834 		 */
7835 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
7836 		if (ret) {
7837 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
7838 			goto exit;
7839 		}
7840 	}
7841 
7842 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
7843 	if (ret)
7844 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
7845 
7846 exit:
7847 	mutex_unlock(&ar->conf_mutex);
7848 	return ret;
7849 }
7850 
7851 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
7852 				    struct ieee80211_vif *vif,
7853 				    struct ieee80211_channel *chan,
7854 				    int duration,
7855 				    enum ieee80211_roc_type type)
7856 {
7857 	struct ath10k *ar = hw->priv;
7858 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7859 	struct wmi_start_scan_arg arg;
7860 	int ret = 0;
7861 	u32 scan_time_msec;
7862 
7863 	mutex_lock(&ar->conf_mutex);
7864 
7865 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
7866 		ret = -EBUSY;
7867 		goto exit;
7868 	}
7869 
7870 	spin_lock_bh(&ar->data_lock);
7871 	switch (ar->scan.state) {
7872 	case ATH10K_SCAN_IDLE:
7873 		reinit_completion(&ar->scan.started);
7874 		reinit_completion(&ar->scan.completed);
7875 		reinit_completion(&ar->scan.on_channel);
7876 		ar->scan.state = ATH10K_SCAN_STARTING;
7877 		ar->scan.is_roc = true;
7878 		ar->scan.vdev_id = arvif->vdev_id;
7879 		ar->scan.roc_freq = chan->center_freq;
7880 		ar->scan.roc_notify = true;
7881 		ret = 0;
7882 		break;
7883 	case ATH10K_SCAN_STARTING:
7884 	case ATH10K_SCAN_RUNNING:
7885 	case ATH10K_SCAN_ABORTING:
7886 		ret = -EBUSY;
7887 		break;
7888 	}
7889 	spin_unlock_bh(&ar->data_lock);
7890 
7891 	if (ret)
7892 		goto exit;
7893 
7894 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7895 
7896 	memset(&arg, 0, sizeof(arg));
7897 	ath10k_wmi_start_scan_init(ar, &arg);
7898 	arg.vdev_id = arvif->vdev_id;
7899 	arg.scan_id = ATH10K_SCAN_ID;
7900 	arg.n_channels = 1;
7901 	arg.channels[0] = chan->center_freq;
7902 	arg.dwell_time_active = scan_time_msec;
7903 	arg.dwell_time_passive = scan_time_msec;
7904 	arg.max_scan_time = scan_time_msec;
7905 	arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7906 	arg.scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7907 	arg.burst_duration_ms = duration;
7908 
7909 	ret = ath10k_start_scan(ar, &arg);
7910 	if (ret) {
7911 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7912 		spin_lock_bh(&ar->data_lock);
7913 		ar->scan.state = ATH10K_SCAN_IDLE;
7914 		spin_unlock_bh(&ar->data_lock);
7915 		goto exit;
7916 	}
7917 
7918 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
7919 	if (ret == 0) {
7920 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
7921 
7922 		ret = ath10k_scan_stop(ar);
7923 		if (ret)
7924 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
7925 
7926 		ret = -ETIMEDOUT;
7927 		goto exit;
7928 	}
7929 
7930 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
7931 				     msecs_to_jiffies(duration));
7932 
7933 	ret = 0;
7934 exit:
7935 	mutex_unlock(&ar->conf_mutex);
7936 	return ret;
7937 }
7938 
7939 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
7940 					   struct ieee80211_vif *vif)
7941 {
7942 	struct ath10k *ar = hw->priv;
7943 
7944 	mutex_lock(&ar->conf_mutex);
7945 
7946 	spin_lock_bh(&ar->data_lock);
7947 	ar->scan.roc_notify = false;
7948 	spin_unlock_bh(&ar->data_lock);
7949 
7950 	ath10k_scan_abort(ar);
7951 
7952 	mutex_unlock(&ar->conf_mutex);
7953 
7954 	cancel_delayed_work_sync(&ar->scan.timeout);
7955 
7956 	return 0;
7957 }
7958 
7959 /*
7960  * Both RTS and Fragmentation threshold are interface-specific
7961  * in ath10k, but device-specific in mac80211.
7962  */
7963 
7964 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
7965 {
7966 	struct ath10k *ar = hw->priv;
7967 	struct ath10k_vif *arvif;
7968 	int ret = 0;
7969 
7970 	mutex_lock(&ar->conf_mutex);
7971 	list_for_each_entry(arvif, &ar->arvifs, list) {
7972 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
7973 			   arvif->vdev_id, value);
7974 
7975 		ret = ath10k_mac_set_rts(arvif, value);
7976 		if (ret) {
7977 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
7978 				    arvif->vdev_id, ret);
7979 			break;
7980 		}
7981 	}
7982 	mutex_unlock(&ar->conf_mutex);
7983 
7984 	return ret;
7985 }
7986 
7987 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
7988 {
7989 	/* Even though there's a WMI enum for fragmentation threshold no known
7990 	 * firmware actually implements it. Moreover it is not possible to rely
7991 	 * frame fragmentation to mac80211 because firmware clears the "more
7992 	 * fragments" bit in frame control making it impossible for remote
7993 	 * devices to reassemble frames.
7994 	 *
7995 	 * Hence implement a dummy callback just to say fragmentation isn't
7996 	 * supported. This effectively prevents mac80211 from doing frame
7997 	 * fragmentation in software.
7998 	 */
7999 	return -EOPNOTSUPP;
8000 }
8001 
8002 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
8003 {
8004 	bool skip;
8005 	long time_left;
8006 
8007 	/* mac80211 doesn't care if we really xmit queued frames or not
8008 	 * we'll collect those frames either way if we stop/delete vdevs
8009 	 */
8010 
8011 	if (ar->state == ATH10K_STATE_WEDGED)
8012 		return;
8013 
8014 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
8015 			bool empty;
8016 
8017 			spin_lock_bh(&ar->htt.tx_lock);
8018 			empty = (ar->htt.num_pending_tx == 0);
8019 			spin_unlock_bh(&ar->htt.tx_lock);
8020 
8021 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
8022 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
8023 					&ar->dev_flags);
8024 
8025 			(empty || skip);
8026 		}), ATH10K_FLUSH_TIMEOUT_HZ);
8027 
8028 	if (time_left == 0 || skip)
8029 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
8030 			    skip, ar->state, time_left);
8031 }
8032 
8033 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
8034 			 u32 queues, bool drop)
8035 {
8036 	struct ath10k *ar = hw->priv;
8037 	struct ath10k_vif *arvif;
8038 	u32 bitmap;
8039 
8040 	if (drop) {
8041 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
8042 			bitmap = ~(1 << WMI_MGMT_TID);
8043 			list_for_each_entry(arvif, &ar->arvifs, list) {
8044 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
8045 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
8046 							      arvif->bssid, bitmap);
8047 			}
8048 			ath10k_htt_flush_tx(&ar->htt);
8049 		}
8050 		return;
8051 	}
8052 
8053 	mutex_lock(&ar->conf_mutex);
8054 	ath10k_mac_wait_tx_complete(ar);
8055 	mutex_unlock(&ar->conf_mutex);
8056 }
8057 
8058 /* TODO: Implement this function properly
8059  * For now it is needed to reply to Probe Requests in IBSS mode.
8060  * Propably we need this information from FW.
8061  */
8062 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
8063 {
8064 	return 1;
8065 }
8066 
8067 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
8068 				     enum ieee80211_reconfig_type reconfig_type)
8069 {
8070 	struct ath10k *ar = hw->priv;
8071 
8072 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
8073 		return;
8074 
8075 	mutex_lock(&ar->conf_mutex);
8076 
8077 	/* If device failed to restart it will be in a different state, e.g.
8078 	 * ATH10K_STATE_WEDGED
8079 	 */
8080 	if (ar->state == ATH10K_STATE_RESTARTED) {
8081 		ath10k_info(ar, "device successfully recovered\n");
8082 		ar->state = ATH10K_STATE_ON;
8083 		ieee80211_wake_queues(ar->hw);
8084 		clear_bit(ATH10K_FLAG_RESTARTING, &ar->dev_flags);
8085 	}
8086 
8087 	mutex_unlock(&ar->conf_mutex);
8088 }
8089 
8090 static void
8091 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
8092 				  struct ieee80211_channel *channel)
8093 {
8094 	int ret;
8095 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
8096 
8097 	lockdep_assert_held(&ar->conf_mutex);
8098 
8099 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
8100 	    (ar->rx_channel != channel))
8101 		return;
8102 
8103 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
8104 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
8105 		return;
8106 	}
8107 
8108 	reinit_completion(&ar->bss_survey_done);
8109 
8110 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
8111 	if (ret) {
8112 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
8113 		return;
8114 	}
8115 
8116 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
8117 	if (!ret) {
8118 		ath10k_warn(ar, "bss channel survey timed out\n");
8119 		return;
8120 	}
8121 }
8122 
8123 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
8124 			     struct survey_info *survey)
8125 {
8126 	struct ath10k *ar = hw->priv;
8127 	struct ieee80211_supported_band *sband;
8128 	struct survey_info *ar_survey = &ar->survey[idx];
8129 	int ret = 0;
8130 
8131 	mutex_lock(&ar->conf_mutex);
8132 
8133 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
8134 	if (sband && idx >= sband->n_channels) {
8135 		idx -= sband->n_channels;
8136 		sband = NULL;
8137 	}
8138 
8139 	if (!sband)
8140 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
8141 
8142 	if (!sband || idx >= sband->n_channels) {
8143 		ret = -ENOENT;
8144 		goto exit;
8145 	}
8146 
8147 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
8148 
8149 	spin_lock_bh(&ar->data_lock);
8150 	memcpy(survey, ar_survey, sizeof(*survey));
8151 	spin_unlock_bh(&ar->data_lock);
8152 
8153 	survey->channel = &sband->channels[idx];
8154 
8155 	if (ar->rx_channel == survey->channel)
8156 		survey->filled |= SURVEY_INFO_IN_USE;
8157 
8158 exit:
8159 	mutex_unlock(&ar->conf_mutex);
8160 	return ret;
8161 }
8162 
8163 static bool
8164 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
8165 				       enum nl80211_band band,
8166 				       const struct cfg80211_bitrate_mask *mask,
8167 				       int *nss)
8168 {
8169 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
8170 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8171 	u8 ht_nss_mask = 0;
8172 	u8 vht_nss_mask = 0;
8173 	int i;
8174 
8175 	if (mask->control[band].legacy)
8176 		return false;
8177 
8178 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
8179 		if (mask->control[band].ht_mcs[i] == 0)
8180 			continue;
8181 		else if (mask->control[band].ht_mcs[i] ==
8182 			 sband->ht_cap.mcs.rx_mask[i])
8183 			ht_nss_mask |= BIT(i);
8184 		else
8185 			return false;
8186 	}
8187 
8188 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
8189 		if (mask->control[band].vht_mcs[i] == 0)
8190 			continue;
8191 		else if (mask->control[band].vht_mcs[i] ==
8192 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
8193 			vht_nss_mask |= BIT(i);
8194 		else
8195 			return false;
8196 	}
8197 
8198 	if (ht_nss_mask != vht_nss_mask)
8199 		return false;
8200 
8201 	if (ht_nss_mask == 0)
8202 		return false;
8203 
8204 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
8205 		return false;
8206 
8207 	*nss = fls(ht_nss_mask);
8208 
8209 	return true;
8210 }
8211 
8212 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
8213 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
8214 {
8215 	struct ath10k *ar = arvif->ar;
8216 	u32 vdev_param;
8217 	int ret;
8218 
8219 	lockdep_assert_held(&ar->conf_mutex);
8220 
8221 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02x nss %u sgi %u\n",
8222 		   arvif->vdev_id, rate, nss, sgi);
8223 
8224 	vdev_param = ar->wmi.vdev_param->fixed_rate;
8225 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
8226 	if (ret) {
8227 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
8228 			    rate, ret);
8229 		return ret;
8230 	}
8231 
8232 	vdev_param = ar->wmi.vdev_param->nss;
8233 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
8234 	if (ret) {
8235 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
8236 		return ret;
8237 	}
8238 
8239 	vdev_param = ar->wmi.vdev_param->sgi;
8240 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
8241 	if (ret) {
8242 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
8243 		return ret;
8244 	}
8245 
8246 	vdev_param = ar->wmi.vdev_param->ldpc;
8247 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
8248 	if (ret) {
8249 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
8250 		return ret;
8251 	}
8252 
8253 	return 0;
8254 }
8255 
8256 static bool
8257 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
8258 				enum nl80211_band band,
8259 				const struct cfg80211_bitrate_mask *mask,
8260 				bool allow_pfr)
8261 {
8262 	int i;
8263 	u16 vht_mcs;
8264 
8265 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
8266 	 * to express all VHT MCS rate masks. Effectively only the following
8267 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
8268 	 */
8269 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8270 		vht_mcs = mask->control[band].vht_mcs[i];
8271 
8272 		switch (vht_mcs) {
8273 		case 0:
8274 		case BIT(8) - 1:
8275 		case BIT(9) - 1:
8276 		case BIT(10) - 1:
8277 			break;
8278 		default:
8279 			if (!allow_pfr)
8280 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
8281 			return false;
8282 		}
8283 	}
8284 
8285 	return true;
8286 }
8287 
8288 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
8289 						  struct ath10k_vif *arvif,
8290 						  struct ieee80211_sta *sta)
8291 {
8292 	int err;
8293 	u8 rate = arvif->vht_pfr;
8294 
8295 	/* skip non vht and multiple rate peers */
8296 	if (!sta->deflink.vht_cap.vht_supported || arvif->vht_num_rates != 1)
8297 		return false;
8298 
8299 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8300 					WMI_PEER_PARAM_FIXED_RATE, rate);
8301 	if (err)
8302 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
8303 			    sta->addr, err);
8304 
8305 	return true;
8306 }
8307 
8308 static void ath10k_mac_set_bitrate_mask_iter(void *data,
8309 					     struct ieee80211_sta *sta)
8310 {
8311 	struct ath10k_vif *arvif = data;
8312 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8313 	struct ath10k *ar = arvif->ar;
8314 
8315 	if (arsta->arvif != arvif)
8316 		return;
8317 
8318 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
8319 		return;
8320 
8321 	spin_lock_bh(&ar->data_lock);
8322 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
8323 	spin_unlock_bh(&ar->data_lock);
8324 
8325 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
8326 }
8327 
8328 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
8329 					     struct ieee80211_sta *sta)
8330 {
8331 	struct ath10k_vif *arvif = data;
8332 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8333 	struct ath10k *ar = arvif->ar;
8334 	int err;
8335 
8336 	/* clear vht peers only */
8337 	if (arsta->arvif != arvif || !sta->deflink.vht_cap.vht_supported)
8338 		return;
8339 
8340 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8341 					WMI_PEER_PARAM_FIXED_RATE,
8342 					WMI_FIXED_RATE_NONE);
8343 	if (err)
8344 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
8345 			    sta->addr, err);
8346 }
8347 
8348 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
8349 					  struct ieee80211_vif *vif,
8350 					  const struct cfg80211_bitrate_mask *mask)
8351 {
8352 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8353 	struct cfg80211_chan_def def;
8354 	struct ath10k *ar = arvif->ar;
8355 	enum nl80211_band band;
8356 	const u8 *ht_mcs_mask;
8357 	const u16 *vht_mcs_mask;
8358 	u8 rate;
8359 	u8 nss;
8360 	u8 sgi;
8361 	u8 ldpc;
8362 	int single_nss;
8363 	int ret;
8364 	int vht_num_rates, allow_pfr;
8365 	u8 vht_pfr;
8366 	bool update_bitrate_mask = true;
8367 
8368 	if (ath10k_mac_vif_chan(vif, &def))
8369 		return -EPERM;
8370 
8371 	band = def.chan->band;
8372 	ht_mcs_mask = mask->control[band].ht_mcs;
8373 	vht_mcs_mask = mask->control[band].vht_mcs;
8374 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
8375 
8376 	sgi = mask->control[band].gi;
8377 	if (sgi == NL80211_TXRATE_FORCE_LGI)
8378 		return -EINVAL;
8379 
8380 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
8381 			     ar->normal_mode_fw.fw_file.fw_features);
8382 	if (allow_pfr) {
8383 		mutex_lock(&ar->conf_mutex);
8384 		ieee80211_iterate_stations_atomic(ar->hw,
8385 						  ath10k_mac_clr_bitrate_mask_iter,
8386 						  arvif);
8387 		mutex_unlock(&ar->conf_mutex);
8388 	}
8389 
8390 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
8391 						    &vht_num_rates)) {
8392 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8393 							      &rate, &nss,
8394 							      false);
8395 		if (ret) {
8396 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
8397 				    arvif->vdev_id, ret);
8398 			return ret;
8399 		}
8400 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
8401 							  &single_nss)) {
8402 		rate = WMI_FIXED_RATE_NONE;
8403 		nss = single_nss;
8404 	} else {
8405 		rate = WMI_FIXED_RATE_NONE;
8406 		nss = min(ar->num_rf_chains,
8407 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
8408 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
8409 
8410 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
8411 						     allow_pfr)) {
8412 			u8 vht_nss;
8413 
8414 			if (!allow_pfr || vht_num_rates != 1)
8415 				return -EINVAL;
8416 
8417 			/* Reach here, firmware supports peer fixed rate and has
8418 			 * single vht rate, and don't update vif birate_mask, as
8419 			 * the rate only for specific peer.
8420 			 */
8421 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8422 								&vht_pfr,
8423 								&vht_nss,
8424 								true);
8425 			update_bitrate_mask = false;
8426 		} else {
8427 			vht_pfr = 0;
8428 		}
8429 
8430 		mutex_lock(&ar->conf_mutex);
8431 
8432 		if (update_bitrate_mask)
8433 			arvif->bitrate_mask = *mask;
8434 		arvif->vht_num_rates = vht_num_rates;
8435 		arvif->vht_pfr = vht_pfr;
8436 		ieee80211_iterate_stations_atomic(ar->hw,
8437 						  ath10k_mac_set_bitrate_mask_iter,
8438 						  arvif);
8439 
8440 		mutex_unlock(&ar->conf_mutex);
8441 	}
8442 
8443 	mutex_lock(&ar->conf_mutex);
8444 
8445 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
8446 	if (ret) {
8447 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
8448 			    arvif->vdev_id, ret);
8449 		goto exit;
8450 	}
8451 
8452 exit:
8453 	mutex_unlock(&ar->conf_mutex);
8454 
8455 	return ret;
8456 }
8457 
8458 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
8459 				 struct ieee80211_vif *vif,
8460 				 struct ieee80211_sta *sta,
8461 				 u32 changed)
8462 {
8463 	struct ath10k *ar = hw->priv;
8464 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8465 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8466 	struct ath10k_peer *peer;
8467 	u32 bw, smps;
8468 
8469 	spin_lock_bh(&ar->data_lock);
8470 
8471 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
8472 	if (!peer) {
8473 		spin_unlock_bh(&ar->data_lock);
8474 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
8475 			    sta->addr, arvif->vdev_id);
8476 		return;
8477 	}
8478 
8479 	ath10k_dbg(ar, ATH10K_DBG_STA,
8480 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
8481 		   sta->addr, changed, sta->deflink.bandwidth,
8482 		   sta->deflink.rx_nss,
8483 		   sta->smps_mode);
8484 
8485 	if (changed & IEEE80211_RC_BW_CHANGED) {
8486 		bw = WMI_PEER_CHWIDTH_20MHZ;
8487 
8488 		switch (sta->deflink.bandwidth) {
8489 		case IEEE80211_STA_RX_BW_20:
8490 			bw = WMI_PEER_CHWIDTH_20MHZ;
8491 			break;
8492 		case IEEE80211_STA_RX_BW_40:
8493 			bw = WMI_PEER_CHWIDTH_40MHZ;
8494 			break;
8495 		case IEEE80211_STA_RX_BW_80:
8496 			bw = WMI_PEER_CHWIDTH_80MHZ;
8497 			break;
8498 		case IEEE80211_STA_RX_BW_160:
8499 			bw = WMI_PEER_CHWIDTH_160MHZ;
8500 			break;
8501 		default:
8502 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
8503 				    sta->deflink.bandwidth, sta->addr);
8504 			bw = WMI_PEER_CHWIDTH_20MHZ;
8505 			break;
8506 		}
8507 
8508 		arsta->bw = bw;
8509 	}
8510 
8511 	if (changed & IEEE80211_RC_NSS_CHANGED)
8512 		arsta->nss = sta->deflink.rx_nss;
8513 
8514 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
8515 		smps = WMI_PEER_SMPS_PS_NONE;
8516 
8517 		switch (sta->smps_mode) {
8518 		case IEEE80211_SMPS_AUTOMATIC:
8519 		case IEEE80211_SMPS_OFF:
8520 			smps = WMI_PEER_SMPS_PS_NONE;
8521 			break;
8522 		case IEEE80211_SMPS_STATIC:
8523 			smps = WMI_PEER_SMPS_STATIC;
8524 			break;
8525 		case IEEE80211_SMPS_DYNAMIC:
8526 			smps = WMI_PEER_SMPS_DYNAMIC;
8527 			break;
8528 		case IEEE80211_SMPS_NUM_MODES:
8529 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
8530 				    sta->smps_mode, sta->addr);
8531 			smps = WMI_PEER_SMPS_PS_NONE;
8532 			break;
8533 		}
8534 
8535 		arsta->smps = smps;
8536 	}
8537 
8538 	arsta->changed |= changed;
8539 
8540 	spin_unlock_bh(&ar->data_lock);
8541 
8542 	ieee80211_queue_work(hw, &arsta->update_wk);
8543 }
8544 
8545 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
8546 			      struct ieee80211_vif *vif, s64 tsf_offset)
8547 {
8548 	struct ath10k *ar = hw->priv;
8549 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8550 	u32 offset, vdev_param;
8551 	int ret;
8552 
8553 	if (tsf_offset < 0) {
8554 		vdev_param = ar->wmi.vdev_param->dec_tsf;
8555 		offset = -tsf_offset;
8556 	} else {
8557 		vdev_param = ar->wmi.vdev_param->inc_tsf;
8558 		offset = tsf_offset;
8559 	}
8560 
8561 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
8562 					vdev_param, offset);
8563 
8564 	if (ret && ret != -EOPNOTSUPP)
8565 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
8566 			    offset, vdev_param, ret);
8567 }
8568 
8569 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
8570 			       struct ieee80211_vif *vif,
8571 			       struct ieee80211_ampdu_params *params)
8572 {
8573 	struct ath10k *ar = hw->priv;
8574 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8575 	struct ieee80211_sta *sta = params->sta;
8576 	enum ieee80211_ampdu_mlme_action action = params->action;
8577 	u16 tid = params->tid;
8578 
8579 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %u action %d\n",
8580 		   arvif->vdev_id, sta->addr, tid, action);
8581 
8582 	switch (action) {
8583 	case IEEE80211_AMPDU_RX_START:
8584 	case IEEE80211_AMPDU_RX_STOP:
8585 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
8586 		 * creation/removal. Do we need to verify this?
8587 		 */
8588 		return 0;
8589 	case IEEE80211_AMPDU_TX_START:
8590 	case IEEE80211_AMPDU_TX_STOP_CONT:
8591 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
8592 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
8593 	case IEEE80211_AMPDU_TX_OPERATIONAL:
8594 		/* Firmware offloads Tx aggregation entirely so deny mac80211
8595 		 * Tx aggregation requests.
8596 		 */
8597 		return -EOPNOTSUPP;
8598 	}
8599 
8600 	return -EINVAL;
8601 }
8602 
8603 static void
8604 ath10k_mac_update_rx_channel(struct ath10k *ar,
8605 			     struct ieee80211_chanctx_conf *ctx,
8606 			     struct ieee80211_vif_chanctx_switch *vifs,
8607 			     int n_vifs)
8608 {
8609 	struct cfg80211_chan_def *def = NULL;
8610 
8611 	/* Both locks are required because ar->rx_channel is modified. This
8612 	 * allows readers to hold either lock.
8613 	 */
8614 	lockdep_assert_held(&ar->conf_mutex);
8615 	lockdep_assert_held(&ar->data_lock);
8616 
8617 	WARN_ON(ctx && vifs);
8618 	WARN_ON(vifs && !n_vifs);
8619 
8620 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
8621 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
8622 	 * ppdu on Rx may reduce performance on low-end systems. It should be
8623 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
8624 	 * cpu data cache lines though regarding sizes) but to keep the initial
8625 	 * implementation simple and less intrusive fallback to the slow lookup
8626 	 * only for multi-channel cases. Single-channel cases will remain to
8627 	 * use the old channel derival and thus performance should not be
8628 	 * affected much.
8629 	 */
8630 	rcu_read_lock();
8631 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
8632 		ieee80211_iter_chan_contexts_atomic(ar->hw,
8633 						    ath10k_mac_get_any_chandef_iter,
8634 						    &def);
8635 
8636 		if (vifs)
8637 			def = &vifs[0].new_ctx->def;
8638 
8639 		ar->rx_channel = def->chan;
8640 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
8641 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
8642 		/* During driver restart due to firmware assert, since mac80211
8643 		 * already has valid channel context for given radio, channel
8644 		 * context iteration return num_chanctx > 0. So fix rx_channel
8645 		 * when restart is in progress.
8646 		 */
8647 		ar->rx_channel = ctx->def.chan;
8648 	} else {
8649 		ar->rx_channel = NULL;
8650 	}
8651 	rcu_read_unlock();
8652 }
8653 
8654 static void
8655 ath10k_mac_update_vif_chan(struct ath10k *ar,
8656 			   struct ieee80211_vif_chanctx_switch *vifs,
8657 			   int n_vifs)
8658 {
8659 	struct ath10k_vif *arvif;
8660 	int ret;
8661 	int i;
8662 
8663 	lockdep_assert_held(&ar->conf_mutex);
8664 
8665 	/* First stop monitor interface. Some FW versions crash if there's a
8666 	 * lone monitor interface.
8667 	 */
8668 	if (ar->monitor_started)
8669 		ath10k_monitor_stop(ar);
8670 
8671 	for (i = 0; i < n_vifs; i++) {
8672 		arvif = (void *)vifs[i].vif->drv_priv;
8673 
8674 		ath10k_dbg(ar, ATH10K_DBG_MAC,
8675 			   "mac chanctx switch vdev_id %i freq %u->%u width %d->%d\n",
8676 			   arvif->vdev_id,
8677 			   vifs[i].old_ctx->def.chan->center_freq,
8678 			   vifs[i].new_ctx->def.chan->center_freq,
8679 			   vifs[i].old_ctx->def.width,
8680 			   vifs[i].new_ctx->def.width);
8681 
8682 		if (WARN_ON(!arvif->is_started))
8683 			continue;
8684 
8685 		if (WARN_ON(!arvif->is_up))
8686 			continue;
8687 
8688 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8689 		if (ret) {
8690 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
8691 				    arvif->vdev_id, ret);
8692 			continue;
8693 		}
8694 	}
8695 
8696 	/* All relevant vdevs are downed and associated channel resources
8697 	 * should be available for the channel switch now.
8698 	 */
8699 
8700 	spin_lock_bh(&ar->data_lock);
8701 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
8702 	spin_unlock_bh(&ar->data_lock);
8703 
8704 	for (i = 0; i < n_vifs; i++) {
8705 		arvif = (void *)vifs[i].vif->drv_priv;
8706 
8707 		if (WARN_ON(!arvif->is_started))
8708 			continue;
8709 
8710 		if (WARN_ON(!arvif->is_up))
8711 			continue;
8712 
8713 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
8714 		if (ret)
8715 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
8716 				    ret);
8717 
8718 		ret = ath10k_mac_setup_prb_tmpl(arvif);
8719 		if (ret)
8720 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
8721 				    ret);
8722 
8723 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
8724 		if (ret) {
8725 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
8726 				    arvif->vdev_id, ret);
8727 			continue;
8728 		}
8729 
8730 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
8731 					 arvif->bssid);
8732 		if (ret) {
8733 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
8734 				    arvif->vdev_id, ret);
8735 			continue;
8736 		}
8737 	}
8738 
8739 	ath10k_monitor_recalc(ar);
8740 }
8741 
8742 static int
8743 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
8744 			  struct ieee80211_chanctx_conf *ctx)
8745 {
8746 	struct ath10k *ar = hw->priv;
8747 
8748 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8749 		   "mac chanctx add freq %u width %d ptr %pK\n",
8750 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8751 
8752 	mutex_lock(&ar->conf_mutex);
8753 
8754 	spin_lock_bh(&ar->data_lock);
8755 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
8756 	spin_unlock_bh(&ar->data_lock);
8757 
8758 	ath10k_recalc_radar_detection(ar);
8759 	ath10k_monitor_recalc(ar);
8760 
8761 	mutex_unlock(&ar->conf_mutex);
8762 
8763 	return 0;
8764 }
8765 
8766 static void
8767 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
8768 			     struct ieee80211_chanctx_conf *ctx)
8769 {
8770 	struct ath10k *ar = hw->priv;
8771 
8772 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8773 		   "mac chanctx remove freq %u width %d ptr %pK\n",
8774 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8775 
8776 	mutex_lock(&ar->conf_mutex);
8777 
8778 	spin_lock_bh(&ar->data_lock);
8779 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
8780 	spin_unlock_bh(&ar->data_lock);
8781 
8782 	ath10k_recalc_radar_detection(ar);
8783 	ath10k_monitor_recalc(ar);
8784 
8785 	mutex_unlock(&ar->conf_mutex);
8786 }
8787 
8788 struct ath10k_mac_change_chanctx_arg {
8789 	struct ieee80211_chanctx_conf *ctx;
8790 	struct ieee80211_vif_chanctx_switch *vifs;
8791 	int n_vifs;
8792 	int next_vif;
8793 };
8794 
8795 static void
8796 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8797 				   struct ieee80211_vif *vif)
8798 {
8799 	struct ath10k_mac_change_chanctx_arg *arg = data;
8800 
8801 	if (rcu_access_pointer(vif->chanctx_conf) != arg->ctx)
8802 		return;
8803 
8804 	arg->n_vifs++;
8805 }
8806 
8807 static void
8808 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8809 				    struct ieee80211_vif *vif)
8810 {
8811 	struct ath10k_mac_change_chanctx_arg *arg = data;
8812 	struct ieee80211_chanctx_conf *ctx;
8813 
8814 	ctx = rcu_access_pointer(vif->chanctx_conf);
8815 	if (ctx != arg->ctx)
8816 		return;
8817 
8818 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8819 		return;
8820 
8821 	arg->vifs[arg->next_vif].vif = vif;
8822 	arg->vifs[arg->next_vif].old_ctx = ctx;
8823 	arg->vifs[arg->next_vif].new_ctx = ctx;
8824 	arg->next_vif++;
8825 }
8826 
8827 static void
8828 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8829 			     struct ieee80211_chanctx_conf *ctx,
8830 			     u32 changed)
8831 {
8832 	struct ath10k *ar = hw->priv;
8833 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8834 
8835 	mutex_lock(&ar->conf_mutex);
8836 
8837 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8838 		   "mac chanctx change freq %u width %d ptr %pK changed %x\n",
8839 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8840 
8841 	/* This shouldn't really happen because channel switching should use
8842 	 * switch_vif_chanctx().
8843 	 */
8844 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8845 		goto unlock;
8846 
8847 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8848 		ieee80211_iterate_active_interfaces_atomic(
8849 					hw,
8850 					ATH10K_ITER_NORMAL_FLAGS,
8851 					ath10k_mac_change_chanctx_cnt_iter,
8852 					&arg);
8853 		if (arg.n_vifs == 0)
8854 			goto radar;
8855 
8856 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8857 				   GFP_KERNEL);
8858 		if (!arg.vifs)
8859 			goto radar;
8860 
8861 		ieee80211_iterate_active_interfaces_atomic(
8862 					hw,
8863 					ATH10K_ITER_NORMAL_FLAGS,
8864 					ath10k_mac_change_chanctx_fill_iter,
8865 					&arg);
8866 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8867 		kfree(arg.vifs);
8868 	}
8869 
8870 radar:
8871 	ath10k_recalc_radar_detection(ar);
8872 
8873 	/* FIXME: How to configure Rx chains properly? */
8874 
8875 	/* No other actions are actually necessary. Firmware maintains channel
8876 	 * definitions per vdev internally and there's no host-side channel
8877 	 * context abstraction to configure, e.g. channel width.
8878 	 */
8879 
8880 unlock:
8881 	mutex_unlock(&ar->conf_mutex);
8882 }
8883 
8884 static int
8885 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8886 				 struct ieee80211_vif *vif,
8887 				 struct ieee80211_chanctx_conf *ctx)
8888 {
8889 	struct ath10k *ar = hw->priv;
8890 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8891 	int ret;
8892 
8893 	mutex_lock(&ar->conf_mutex);
8894 
8895 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8896 		   "mac chanctx assign ptr %pK vdev_id %i\n",
8897 		   ctx, arvif->vdev_id);
8898 
8899 	if (WARN_ON(arvif->is_started)) {
8900 		mutex_unlock(&ar->conf_mutex);
8901 		return -EBUSY;
8902 	}
8903 
8904 	ret = ath10k_vdev_start(arvif, &ctx->def);
8905 	if (ret) {
8906 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
8907 			    arvif->vdev_id, vif->addr,
8908 			    ctx->def.chan->center_freq, ret);
8909 		goto err;
8910 	}
8911 
8912 	arvif->is_started = true;
8913 
8914 	ret = ath10k_mac_vif_setup_ps(arvif);
8915 	if (ret) {
8916 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
8917 			    arvif->vdev_id, ret);
8918 		goto err_stop;
8919 	}
8920 
8921 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8922 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
8923 		if (ret) {
8924 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
8925 				    arvif->vdev_id, ret);
8926 			goto err_stop;
8927 		}
8928 
8929 		arvif->is_up = true;
8930 	}
8931 
8932 	if (ath10k_mac_can_set_cts_prot(arvif)) {
8933 		ret = ath10k_mac_set_cts_prot(arvif);
8934 		if (ret)
8935 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
8936 				    arvif->vdev_id, ret);
8937 	}
8938 
8939 	if (ath10k_peer_stats_enabled(ar) &&
8940 	    ar->hw_params.tx_stats_over_pktlog) {
8941 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
8942 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
8943 						    ar->pktlog_filter);
8944 		if (ret) {
8945 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
8946 			goto err_stop;
8947 		}
8948 	}
8949 
8950 	mutex_unlock(&ar->conf_mutex);
8951 	return 0;
8952 
8953 err_stop:
8954 	ath10k_vdev_stop(arvif);
8955 	arvif->is_started = false;
8956 	ath10k_mac_vif_setup_ps(arvif);
8957 
8958 err:
8959 	mutex_unlock(&ar->conf_mutex);
8960 	return ret;
8961 }
8962 
8963 static void
8964 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
8965 				   struct ieee80211_vif *vif,
8966 				   struct ieee80211_chanctx_conf *ctx)
8967 {
8968 	struct ath10k *ar = hw->priv;
8969 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8970 	int ret;
8971 
8972 	mutex_lock(&ar->conf_mutex);
8973 
8974 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8975 		   "mac chanctx unassign ptr %pK vdev_id %i\n",
8976 		   ctx, arvif->vdev_id);
8977 
8978 	WARN_ON(!arvif->is_started);
8979 
8980 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8981 		WARN_ON(!arvif->is_up);
8982 
8983 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8984 		if (ret)
8985 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
8986 				    arvif->vdev_id, ret);
8987 
8988 		arvif->is_up = false;
8989 	}
8990 
8991 	ret = ath10k_vdev_stop(arvif);
8992 	if (ret)
8993 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
8994 			    arvif->vdev_id, ret);
8995 
8996 	arvif->is_started = false;
8997 
8998 	mutex_unlock(&ar->conf_mutex);
8999 }
9000 
9001 static int
9002 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
9003 				 struct ieee80211_vif_chanctx_switch *vifs,
9004 				 int n_vifs,
9005 				 enum ieee80211_chanctx_switch_mode mode)
9006 {
9007 	struct ath10k *ar = hw->priv;
9008 
9009 	mutex_lock(&ar->conf_mutex);
9010 
9011 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9012 		   "mac chanctx switch n_vifs %d mode %d\n",
9013 		   n_vifs, mode);
9014 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
9015 
9016 	mutex_unlock(&ar->conf_mutex);
9017 	return 0;
9018 }
9019 
9020 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
9021 					     struct ieee80211_vif *vif,
9022 					     struct ieee80211_sta *sta)
9023 {
9024 	struct ath10k *ar;
9025 	struct ath10k_peer *peer;
9026 
9027 	ar = hw->priv;
9028 
9029 	list_for_each_entry(peer, &ar->peers, list)
9030 		if (peer->sta == sta)
9031 			peer->removed = true;
9032 }
9033 
9034 /* HT MCS parameters with Nss = 1 */
9035 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss1[] = {
9036 	/* MCS  L20   L40   S20  S40 */
9037 	{0,  { 65,  135,  72,  150} },
9038 	{1,  { 130, 270,  144, 300} },
9039 	{2,  { 195, 405,  217, 450} },
9040 	{3,  { 260, 540,  289, 600} },
9041 	{4,  { 390, 810,  433, 900} },
9042 	{5,  { 520, 1080, 578, 1200} },
9043 	{6,  { 585, 1215, 650, 1350} },
9044 	{7,  { 650, 1350, 722, 1500} }
9045 };
9046 
9047 /* HT MCS parameters with Nss = 2 */
9048 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss2[] = {
9049 	/* MCS  L20    L40   S20   S40 */
9050 	{0,  {130,  270,  144,  300} },
9051 	{1,  {260,  540,  289,  600} },
9052 	{2,  {390,  810,  433,  900} },
9053 	{3,  {520,  1080, 578,  1200} },
9054 	{4,  {780,  1620, 867,  1800} },
9055 	{5,  {1040, 2160, 1156, 2400} },
9056 	{6,  {1170, 2430, 1300, 2700} },
9057 	{7,  {1300, 2700, 1444, 3000} }
9058 };
9059 
9060 /* MCS parameters with Nss = 1 */
9061 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[] = {
9062 	/* MCS  L80    S80     L40   S40    L20   S20 */
9063 	{0,  {293,  325},  {135,  150},  {65,   72} },
9064 	{1,  {585,  650},  {270,  300},  {130,  144} },
9065 	{2,  {878,  975},  {405,  450},  {195,  217} },
9066 	{3,  {1170, 1300}, {540,  600},  {260,  289} },
9067 	{4,  {1755, 1950}, {810,  900},  {390,  433} },
9068 	{5,  {2340, 2600}, {1080, 1200}, {520,  578} },
9069 	{6,  {2633, 2925}, {1215, 1350}, {585,  650} },
9070 	{7,  {2925, 3250}, {1350, 1500}, {650,  722} },
9071 	{8,  {3510, 3900}, {1620, 1800}, {780,  867} },
9072 	{9,  {3900, 4333}, {1800, 2000}, {780,  867} }
9073 };
9074 
9075 /*MCS parameters with Nss = 2 */
9076 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[] = {
9077 	/* MCS  L80    S80     L40   S40    L20   S20 */
9078 	{0,  {585,  650},  {270,  300},  {130,  144} },
9079 	{1,  {1170, 1300}, {540,  600},  {260,  289} },
9080 	{2,  {1755, 1950}, {810,  900},  {390,  433} },
9081 	{3,  {2340, 2600}, {1080, 1200}, {520,  578} },
9082 	{4,  {3510, 3900}, {1620, 1800}, {780,  867} },
9083 	{5,  {4680, 5200}, {2160, 2400}, {1040, 1156} },
9084 	{6,  {5265, 5850}, {2430, 2700}, {1170, 1300} },
9085 	{7,  {5850, 6500}, {2700, 3000}, {1300, 1444} },
9086 	{8,  {7020, 7800}, {3240, 3600}, {1560, 1733} },
9087 	{9,  {7800, 8667}, {3600, 4000}, {1560, 1733} }
9088 };
9089 
9090 static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9091 					 u8 *flags, u8 *bw)
9092 {
9093 	struct ath10k_index_ht_data_rate_type *mcs_rate;
9094 	u8 index;
9095 	size_t len_nss1 = ARRAY_SIZE(supported_ht_mcs_rate_nss1);
9096 	size_t len_nss2 = ARRAY_SIZE(supported_ht_mcs_rate_nss2);
9097 
9098 	if (mcs >= (len_nss1 + len_nss2)) {
9099 		ath10k_warn(ar, "not supported mcs %d in current rate table", mcs);
9100 		return;
9101 	}
9102 
9103 	mcs_rate = (struct ath10k_index_ht_data_rate_type *)
9104 		   ((nss == 1) ? &supported_ht_mcs_rate_nss1 :
9105 		   &supported_ht_mcs_rate_nss2);
9106 
9107 	if (mcs >= len_nss1)
9108 		index = mcs - len_nss1;
9109 	else
9110 		index = mcs;
9111 
9112 	if (rate == mcs_rate[index].supported_rate[0]) {
9113 		*bw = RATE_INFO_BW_20;
9114 	} else if (rate == mcs_rate[index].supported_rate[1]) {
9115 		*bw |= RATE_INFO_BW_40;
9116 	} else if (rate == mcs_rate[index].supported_rate[2]) {
9117 		*bw |= RATE_INFO_BW_20;
9118 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9119 	} else if (rate == mcs_rate[index].supported_rate[3]) {
9120 		*bw |= RATE_INFO_BW_40;
9121 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9122 	} else {
9123 		ath10k_warn(ar, "invalid ht params rate %d 100kbps nss %d mcs %d",
9124 			    rate, nss, mcs);
9125 	}
9126 }
9127 
9128 static void ath10k_mac_get_rate_flags_vht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9129 					  u8 *flags, u8 *bw)
9130 {
9131 	struct ath10k_index_vht_data_rate_type *mcs_rate;
9132 
9133 	mcs_rate = (struct ath10k_index_vht_data_rate_type *)
9134 		   ((nss == 1) ? &supported_vht_mcs_rate_nss1 :
9135 		   &supported_vht_mcs_rate_nss2);
9136 
9137 	if (rate == mcs_rate[mcs].supported_VHT80_rate[0]) {
9138 		*bw = RATE_INFO_BW_80;
9139 	} else if (rate == mcs_rate[mcs].supported_VHT80_rate[1]) {
9140 		*bw = RATE_INFO_BW_80;
9141 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9142 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[0]) {
9143 		*bw = RATE_INFO_BW_40;
9144 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[1]) {
9145 		*bw = RATE_INFO_BW_40;
9146 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9147 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[0]) {
9148 		*bw = RATE_INFO_BW_20;
9149 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[1]) {
9150 		*bw = RATE_INFO_BW_20;
9151 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9152 	} else {
9153 		ath10k_warn(ar, "invalid vht params rate %d 100kbps nss %d mcs %d",
9154 			    rate, nss, mcs);
9155 	}
9156 }
9157 
9158 static void ath10k_mac_get_rate_flags(struct ath10k *ar, u32 rate,
9159 				      enum ath10k_phy_mode mode, u8 nss, u8 mcs,
9160 				      u8 *flags, u8 *bw)
9161 {
9162 	if (mode == ATH10K_PHY_MODE_HT) {
9163 		*flags = RATE_INFO_FLAGS_MCS;
9164 		ath10k_mac_get_rate_flags_ht(ar, rate, nss, mcs, flags, bw);
9165 	} else if (mode == ATH10K_PHY_MODE_VHT) {
9166 		*flags = RATE_INFO_FLAGS_VHT_MCS;
9167 		ath10k_mac_get_rate_flags_vht(ar, rate, nss, mcs, flags, bw);
9168 	}
9169 }
9170 
9171 static void ath10k_mac_parse_bitrate(struct ath10k *ar, u32 rate_code,
9172 				     u32 bitrate_kbps, struct rate_info *rate)
9173 {
9174 	enum ath10k_phy_mode mode = ATH10K_PHY_MODE_LEGACY;
9175 	enum wmi_rate_preamble preamble = WMI_TLV_GET_HW_RC_PREAM_V1(rate_code);
9176 	u8 nss = WMI_TLV_GET_HW_RC_NSS_V1(rate_code) + 1;
9177 	u8 mcs = WMI_TLV_GET_HW_RC_RATE_V1(rate_code);
9178 	u8 flags = 0, bw = 0;
9179 
9180 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac parse rate code 0x%x bitrate %d kbps\n",
9181 		   rate_code, bitrate_kbps);
9182 
9183 	if (preamble == WMI_RATE_PREAMBLE_HT)
9184 		mode = ATH10K_PHY_MODE_HT;
9185 	else if (preamble == WMI_RATE_PREAMBLE_VHT)
9186 		mode = ATH10K_PHY_MODE_VHT;
9187 
9188 	ath10k_mac_get_rate_flags(ar, bitrate_kbps / 100, mode, nss, mcs, &flags, &bw);
9189 
9190 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9191 		   "mac parse bitrate preamble %d mode %d nss %d mcs %d flags %x bw %d\n",
9192 		   preamble, mode, nss, mcs, flags, bw);
9193 
9194 	rate->flags = flags;
9195 	rate->bw = bw;
9196 	rate->legacy = bitrate_kbps / 100;
9197 	rate->nss = nss;
9198 	rate->mcs = mcs;
9199 }
9200 
9201 static void ath10k_mac_sta_get_peer_stats_info(struct ath10k *ar,
9202 					       struct ieee80211_sta *sta,
9203 					       struct station_info *sinfo)
9204 {
9205 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9206 	struct ath10k_peer *peer;
9207 	unsigned long time_left;
9208 	int ret;
9209 
9210 	if (!(ar->hw_params.supports_peer_stats_info &&
9211 	      arsta->arvif->vdev_type == WMI_VDEV_TYPE_STA))
9212 		return;
9213 
9214 	spin_lock_bh(&ar->data_lock);
9215 	peer = ath10k_peer_find(ar, arsta->arvif->vdev_id, sta->addr);
9216 	spin_unlock_bh(&ar->data_lock);
9217 	if (!peer)
9218 		return;
9219 
9220 	reinit_completion(&ar->peer_stats_info_complete);
9221 
9222 	ret = ath10k_wmi_request_peer_stats_info(ar,
9223 						 arsta->arvif->vdev_id,
9224 						 WMI_REQUEST_ONE_PEER_STATS_INFO,
9225 						 arsta->arvif->bssid,
9226 						 0);
9227 	if (ret && ret != -EOPNOTSUPP) {
9228 		ath10k_warn(ar, "could not request peer stats info: %d\n", ret);
9229 		return;
9230 	}
9231 
9232 	time_left = wait_for_completion_timeout(&ar->peer_stats_info_complete, 3 * HZ);
9233 	if (time_left == 0) {
9234 		ath10k_warn(ar, "timed out waiting peer stats info\n");
9235 		return;
9236 	}
9237 
9238 	if (arsta->rx_rate_code != 0 && arsta->rx_bitrate_kbps != 0) {
9239 		ath10k_mac_parse_bitrate(ar, arsta->rx_rate_code,
9240 					 arsta->rx_bitrate_kbps,
9241 					 &sinfo->rxrate);
9242 
9243 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
9244 		arsta->rx_rate_code = 0;
9245 		arsta->rx_bitrate_kbps = 0;
9246 	}
9247 
9248 	if (arsta->tx_rate_code != 0 && arsta->tx_bitrate_kbps != 0) {
9249 		ath10k_mac_parse_bitrate(ar, arsta->tx_rate_code,
9250 					 arsta->tx_bitrate_kbps,
9251 					 &sinfo->txrate);
9252 
9253 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9254 		arsta->tx_rate_code = 0;
9255 		arsta->tx_bitrate_kbps = 0;
9256 	}
9257 }
9258 
9259 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
9260 				  struct ieee80211_vif *vif,
9261 				  struct ieee80211_sta *sta,
9262 				  struct station_info *sinfo)
9263 {
9264 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9265 	struct ath10k *ar = arsta->arvif->ar;
9266 
9267 	if (!ath10k_peer_stats_enabled(ar))
9268 		return;
9269 
9270 	mutex_lock(&ar->conf_mutex);
9271 	ath10k_debug_fw_stats_request(ar);
9272 	mutex_unlock(&ar->conf_mutex);
9273 
9274 	sinfo->rx_duration = arsta->rx_duration;
9275 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
9276 
9277 	if (arsta->txrate.legacy || arsta->txrate.nss) {
9278 		if (arsta->txrate.legacy) {
9279 			sinfo->txrate.legacy = arsta->txrate.legacy;
9280 		} else {
9281 			sinfo->txrate.mcs = arsta->txrate.mcs;
9282 			sinfo->txrate.nss = arsta->txrate.nss;
9283 			sinfo->txrate.bw = arsta->txrate.bw;
9284 		}
9285 		sinfo->txrate.flags = arsta->txrate.flags;
9286 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9287 	}
9288 
9289 	if (ar->htt.disable_tx_comp) {
9290 		sinfo->tx_failed = arsta->tx_failed;
9291 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
9292 	}
9293 
9294 	sinfo->tx_retries = arsta->tx_retries;
9295 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
9296 
9297 	ath10k_mac_sta_get_peer_stats_info(ar, sta, sinfo);
9298 }
9299 
9300 static int ath10k_mac_op_set_tid_config(struct ieee80211_hw *hw,
9301 					struct ieee80211_vif *vif,
9302 					struct ieee80211_sta *sta,
9303 					struct cfg80211_tid_config *tid_config)
9304 {
9305 	struct ath10k *ar = hw->priv;
9306 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9307 	struct ath10k_mac_iter_tid_conf_data data = {};
9308 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
9309 	int ret, i;
9310 
9311 	mutex_lock(&ar->conf_mutex);
9312 	arg.vdev_id = arvif->vdev_id;
9313 
9314 	arvif->tids_rst = 0;
9315 	memset(arvif->tid_conf_changed, 0, sizeof(arvif->tid_conf_changed));
9316 
9317 	for (i = 0; i < tid_config->n_tid_conf; i++) {
9318 		ret = ath10k_mac_parse_tid_config(ar, sta, vif,
9319 						  &tid_config->tid_conf[i],
9320 						  &arg);
9321 		if (ret)
9322 			goto exit;
9323 	}
9324 
9325 	ret = 0;
9326 
9327 	if (sta)
9328 		goto exit;
9329 
9330 	arvif->tids_rst = 0;
9331 	data.curr_vif = vif;
9332 	data.ar = ar;
9333 
9334 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9335 					  &data);
9336 
9337 exit:
9338 	mutex_unlock(&ar->conf_mutex);
9339 	return ret;
9340 }
9341 
9342 static int ath10k_mac_op_reset_tid_config(struct ieee80211_hw *hw,
9343 					  struct ieee80211_vif *vif,
9344 					  struct ieee80211_sta *sta,
9345 					  u8 tids)
9346 {
9347 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9348 	struct ath10k_mac_iter_tid_conf_data data = {};
9349 	struct ath10k *ar = hw->priv;
9350 	int ret = 0;
9351 
9352 	mutex_lock(&ar->conf_mutex);
9353 
9354 	if (sta) {
9355 		arvif->tids_rst = 0;
9356 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif, tids);
9357 		goto exit;
9358 	}
9359 
9360 	arvif->tids_rst = tids;
9361 	data.curr_vif = vif;
9362 	data.ar = ar;
9363 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9364 					  &data);
9365 
9366 exit:
9367 	mutex_unlock(&ar->conf_mutex);
9368 	return ret;
9369 }
9370 
9371 static const struct ieee80211_ops ath10k_ops = {
9372 	.tx				= ath10k_mac_op_tx,
9373 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
9374 	.start				= ath10k_start,
9375 	.stop				= ath10k_stop,
9376 	.config				= ath10k_config,
9377 	.add_interface			= ath10k_add_interface,
9378 	.remove_interface		= ath10k_remove_interface,
9379 	.configure_filter		= ath10k_configure_filter,
9380 	.bss_info_changed		= ath10k_bss_info_changed,
9381 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
9382 	.hw_scan			= ath10k_hw_scan,
9383 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
9384 	.set_key			= ath10k_set_key,
9385 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
9386 	.sta_state			= ath10k_sta_state,
9387 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
9388 	.conf_tx			= ath10k_conf_tx,
9389 	.remain_on_channel		= ath10k_remain_on_channel,
9390 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
9391 	.set_rts_threshold		= ath10k_set_rts_threshold,
9392 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
9393 	.flush				= ath10k_flush,
9394 	.tx_last_beacon			= ath10k_tx_last_beacon,
9395 	.set_antenna			= ath10k_set_antenna,
9396 	.get_antenna			= ath10k_get_antenna,
9397 	.reconfig_complete		= ath10k_reconfig_complete,
9398 	.get_survey			= ath10k_get_survey,
9399 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
9400 	.sta_rc_update			= ath10k_sta_rc_update,
9401 	.offset_tsf			= ath10k_offset_tsf,
9402 	.ampdu_action			= ath10k_ampdu_action,
9403 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
9404 	.get_et_stats			= ath10k_debug_get_et_stats,
9405 	.get_et_strings			= ath10k_debug_get_et_strings,
9406 	.add_chanctx			= ath10k_mac_op_add_chanctx,
9407 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
9408 	.change_chanctx			= ath10k_mac_op_change_chanctx,
9409 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
9410 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
9411 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
9412 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
9413 	.sta_statistics			= ath10k_sta_statistics,
9414 	.set_tid_config			= ath10k_mac_op_set_tid_config,
9415 	.reset_tid_config		= ath10k_mac_op_reset_tid_config,
9416 
9417 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
9418 
9419 #ifdef CONFIG_PM
9420 	.suspend			= ath10k_wow_op_suspend,
9421 	.resume				= ath10k_wow_op_resume,
9422 	.set_wakeup			= ath10k_wow_op_set_wakeup,
9423 #endif
9424 #ifdef CONFIG_MAC80211_DEBUGFS
9425 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
9426 #endif
9427 	.set_sar_specs			= ath10k_mac_set_sar_specs,
9428 };
9429 
9430 #define CHAN2G(_channel, _freq, _flags) { \
9431 	.band			= NL80211_BAND_2GHZ, \
9432 	.hw_value		= (_channel), \
9433 	.center_freq		= (_freq), \
9434 	.flags			= (_flags), \
9435 	.max_antenna_gain	= 0, \
9436 	.max_power		= 30, \
9437 }
9438 
9439 #define CHAN5G(_channel, _freq, _flags) { \
9440 	.band			= NL80211_BAND_5GHZ, \
9441 	.hw_value		= (_channel), \
9442 	.center_freq		= (_freq), \
9443 	.flags			= (_flags), \
9444 	.max_antenna_gain	= 0, \
9445 	.max_power		= 30, \
9446 }
9447 
9448 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
9449 	CHAN2G(1, 2412, 0),
9450 	CHAN2G(2, 2417, 0),
9451 	CHAN2G(3, 2422, 0),
9452 	CHAN2G(4, 2427, 0),
9453 	CHAN2G(5, 2432, 0),
9454 	CHAN2G(6, 2437, 0),
9455 	CHAN2G(7, 2442, 0),
9456 	CHAN2G(8, 2447, 0),
9457 	CHAN2G(9, 2452, 0),
9458 	CHAN2G(10, 2457, 0),
9459 	CHAN2G(11, 2462, 0),
9460 	CHAN2G(12, 2467, 0),
9461 	CHAN2G(13, 2472, 0),
9462 	CHAN2G(14, 2484, 0),
9463 };
9464 
9465 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
9466 	CHAN5G(36, 5180, 0),
9467 	CHAN5G(40, 5200, 0),
9468 	CHAN5G(44, 5220, 0),
9469 	CHAN5G(48, 5240, 0),
9470 	CHAN5G(52, 5260, 0),
9471 	CHAN5G(56, 5280, 0),
9472 	CHAN5G(60, 5300, 0),
9473 	CHAN5G(64, 5320, 0),
9474 	CHAN5G(100, 5500, 0),
9475 	CHAN5G(104, 5520, 0),
9476 	CHAN5G(108, 5540, 0),
9477 	CHAN5G(112, 5560, 0),
9478 	CHAN5G(116, 5580, 0),
9479 	CHAN5G(120, 5600, 0),
9480 	CHAN5G(124, 5620, 0),
9481 	CHAN5G(128, 5640, 0),
9482 	CHAN5G(132, 5660, 0),
9483 	CHAN5G(136, 5680, 0),
9484 	CHAN5G(140, 5700, 0),
9485 	CHAN5G(144, 5720, 0),
9486 	CHAN5G(149, 5745, 0),
9487 	CHAN5G(153, 5765, 0),
9488 	CHAN5G(157, 5785, 0),
9489 	CHAN5G(161, 5805, 0),
9490 	CHAN5G(165, 5825, 0),
9491 	CHAN5G(169, 5845, 0),
9492 	CHAN5G(173, 5865, 0),
9493 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
9494 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
9495 };
9496 
9497 struct ath10k *ath10k_mac_create(size_t priv_size)
9498 {
9499 	struct ieee80211_hw *hw;
9500 	struct ieee80211_ops *ops;
9501 	struct ath10k *ar;
9502 
9503 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
9504 	if (!ops)
9505 		return NULL;
9506 
9507 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
9508 	if (!hw) {
9509 		kfree(ops);
9510 		return NULL;
9511 	}
9512 
9513 	ar = hw->priv;
9514 	ar->hw = hw;
9515 	ar->ops = ops;
9516 
9517 	return ar;
9518 }
9519 
9520 void ath10k_mac_destroy(struct ath10k *ar)
9521 {
9522 	struct ieee80211_ops *ops = ar->ops;
9523 
9524 	ieee80211_free_hw(ar->hw);
9525 	kfree(ops);
9526 }
9527 
9528 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
9529 	{
9530 		.max	= 8,
9531 		.types	= BIT(NL80211_IFTYPE_STATION)
9532 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
9533 	},
9534 	{
9535 		.max	= 3,
9536 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
9537 	},
9538 	{
9539 		.max	= 1,
9540 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
9541 	},
9542 	{
9543 		.max	= 7,
9544 		.types	= BIT(NL80211_IFTYPE_AP)
9545 #ifdef CONFIG_MAC80211_MESH
9546 			| BIT(NL80211_IFTYPE_MESH_POINT)
9547 #endif
9548 	},
9549 };
9550 
9551 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
9552 	{
9553 		.max	= 8,
9554 		.types	= BIT(NL80211_IFTYPE_AP)
9555 #ifdef CONFIG_MAC80211_MESH
9556 			| BIT(NL80211_IFTYPE_MESH_POINT)
9557 #endif
9558 	},
9559 	{
9560 		.max	= 1,
9561 		.types	= BIT(NL80211_IFTYPE_STATION)
9562 	},
9563 };
9564 
9565 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
9566 	{
9567 		.limits = ath10k_if_limits,
9568 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
9569 		.max_interfaces = 8,
9570 		.num_different_channels = 1,
9571 		.beacon_int_infra_match = true,
9572 	},
9573 };
9574 
9575 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
9576 	{
9577 		.limits = ath10k_10x_if_limits,
9578 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
9579 		.max_interfaces = 8,
9580 		.num_different_channels = 1,
9581 		.beacon_int_infra_match = true,
9582 		.beacon_int_min_gcd = 1,
9583 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9584 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9585 					BIT(NL80211_CHAN_WIDTH_20) |
9586 					BIT(NL80211_CHAN_WIDTH_40) |
9587 					BIT(NL80211_CHAN_WIDTH_80),
9588 #endif
9589 	},
9590 };
9591 
9592 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
9593 	{
9594 		.max = 2,
9595 		.types = BIT(NL80211_IFTYPE_STATION),
9596 	},
9597 	{
9598 		.max = 2,
9599 		.types = BIT(NL80211_IFTYPE_AP) |
9600 #ifdef CONFIG_MAC80211_MESH
9601 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9602 #endif
9603 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
9604 			 BIT(NL80211_IFTYPE_P2P_GO),
9605 	},
9606 	{
9607 		.max = 1,
9608 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9609 	},
9610 };
9611 
9612 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
9613 	{
9614 		.max = 2,
9615 		.types = BIT(NL80211_IFTYPE_STATION),
9616 	},
9617 	{
9618 		.max = 2,
9619 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
9620 	},
9621 	{
9622 		.max = 1,
9623 		.types = BIT(NL80211_IFTYPE_AP) |
9624 #ifdef CONFIG_MAC80211_MESH
9625 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9626 #endif
9627 			 BIT(NL80211_IFTYPE_P2P_GO),
9628 	},
9629 	{
9630 		.max = 1,
9631 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9632 	},
9633 };
9634 
9635 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
9636 	{
9637 		.max = 1,
9638 		.types = BIT(NL80211_IFTYPE_STATION),
9639 	},
9640 	{
9641 		.max = 1,
9642 		.types = BIT(NL80211_IFTYPE_ADHOC),
9643 	},
9644 };
9645 
9646 /* FIXME: This is not thouroughly tested. These combinations may over- or
9647  * underestimate hw/fw capabilities.
9648  */
9649 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
9650 	{
9651 		.limits = ath10k_tlv_if_limit,
9652 		.num_different_channels = 1,
9653 		.max_interfaces = 4,
9654 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9655 	},
9656 	{
9657 		.limits = ath10k_tlv_if_limit_ibss,
9658 		.num_different_channels = 1,
9659 		.max_interfaces = 2,
9660 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9661 	},
9662 };
9663 
9664 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
9665 	{
9666 		.limits = ath10k_tlv_if_limit,
9667 		.num_different_channels = 1,
9668 		.max_interfaces = 4,
9669 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9670 	},
9671 	{
9672 		.limits = ath10k_tlv_qcs_if_limit,
9673 		.num_different_channels = 2,
9674 		.max_interfaces = 4,
9675 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
9676 	},
9677 	{
9678 		.limits = ath10k_tlv_if_limit_ibss,
9679 		.num_different_channels = 1,
9680 		.max_interfaces = 2,
9681 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9682 	},
9683 };
9684 
9685 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
9686 	{
9687 		.max = 1,
9688 		.types = BIT(NL80211_IFTYPE_STATION),
9689 	},
9690 	{
9691 		.max	= 16,
9692 		.types	= BIT(NL80211_IFTYPE_AP)
9693 #ifdef CONFIG_MAC80211_MESH
9694 			| BIT(NL80211_IFTYPE_MESH_POINT)
9695 #endif
9696 	},
9697 };
9698 
9699 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
9700 	{
9701 		.limits = ath10k_10_4_if_limits,
9702 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9703 		.max_interfaces = 16,
9704 		.num_different_channels = 1,
9705 		.beacon_int_infra_match = true,
9706 		.beacon_int_min_gcd = 1,
9707 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9708 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9709 					BIT(NL80211_CHAN_WIDTH_20) |
9710 					BIT(NL80211_CHAN_WIDTH_40) |
9711 					BIT(NL80211_CHAN_WIDTH_80) |
9712 					BIT(NL80211_CHAN_WIDTH_80P80) |
9713 					BIT(NL80211_CHAN_WIDTH_160),
9714 #endif
9715 	},
9716 };
9717 
9718 static const struct
9719 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
9720 	{
9721 		.limits = ath10k_10_4_if_limits,
9722 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9723 		.max_interfaces = 16,
9724 		.num_different_channels = 1,
9725 		.beacon_int_infra_match = true,
9726 		.beacon_int_min_gcd = 100,
9727 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9728 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9729 					BIT(NL80211_CHAN_WIDTH_20) |
9730 					BIT(NL80211_CHAN_WIDTH_40) |
9731 					BIT(NL80211_CHAN_WIDTH_80) |
9732 					BIT(NL80211_CHAN_WIDTH_80P80) |
9733 					BIT(NL80211_CHAN_WIDTH_160),
9734 #endif
9735 	},
9736 };
9737 
9738 static void ath10k_get_arvif_iter(void *data, u8 *mac,
9739 				  struct ieee80211_vif *vif)
9740 {
9741 	struct ath10k_vif_iter *arvif_iter = data;
9742 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9743 
9744 	if (arvif->vdev_id == arvif_iter->vdev_id)
9745 		arvif_iter->arvif = arvif;
9746 }
9747 
9748 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
9749 {
9750 	struct ath10k_vif_iter arvif_iter;
9751 
9752 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
9753 	arvif_iter.vdev_id = vdev_id;
9754 
9755 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
9756 						   ATH10K_ITER_RESUME_FLAGS,
9757 						   ath10k_get_arvif_iter,
9758 						   &arvif_iter);
9759 	if (!arvif_iter.arvif) {
9760 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
9761 		return NULL;
9762 	}
9763 
9764 	return arvif_iter.arvif;
9765 }
9766 
9767 #define WRD_METHOD "WRDD"
9768 #define WRDD_WIFI  (0x07)
9769 
9770 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
9771 {
9772 	union acpi_object *mcc_pkg;
9773 	union acpi_object *domain_type;
9774 	union acpi_object *mcc_value;
9775 	u32 i;
9776 
9777 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
9778 	    wrdd->package.count < 2 ||
9779 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
9780 	    wrdd->package.elements[0].integer.value != 0) {
9781 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
9782 		return 0;
9783 	}
9784 
9785 	for (i = 1; i < wrdd->package.count; ++i) {
9786 		mcc_pkg = &wrdd->package.elements[i];
9787 
9788 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
9789 			continue;
9790 		if (mcc_pkg->package.count < 2)
9791 			continue;
9792 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
9793 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
9794 			continue;
9795 
9796 		domain_type = &mcc_pkg->package.elements[0];
9797 		if (domain_type->integer.value != WRDD_WIFI)
9798 			continue;
9799 
9800 		mcc_value = &mcc_pkg->package.elements[1];
9801 		return mcc_value->integer.value;
9802 	}
9803 	return 0;
9804 }
9805 
9806 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
9807 {
9808 	acpi_handle root_handle;
9809 	acpi_handle handle;
9810 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
9811 	acpi_status status;
9812 	u32 alpha2_code;
9813 	char alpha2[3];
9814 
9815 	root_handle = ACPI_HANDLE(ar->dev);
9816 	if (!root_handle)
9817 		return -EOPNOTSUPP;
9818 
9819 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
9820 	if (ACPI_FAILURE(status)) {
9821 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9822 			   "failed to get wrd method %d\n", status);
9823 		return -EIO;
9824 	}
9825 
9826 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
9827 	if (ACPI_FAILURE(status)) {
9828 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9829 			   "failed to call wrdc %d\n", status);
9830 		return -EIO;
9831 	}
9832 
9833 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
9834 	kfree(wrdd.pointer);
9835 	if (!alpha2_code)
9836 		return -EIO;
9837 
9838 	alpha2[0] = (alpha2_code >> 8) & 0xff;
9839 	alpha2[1] = (alpha2_code >> 0) & 0xff;
9840 	alpha2[2] = '\0';
9841 
9842 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
9843 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
9844 
9845 	*rd = ath_regd_find_country_by_name(alpha2);
9846 	if (*rd == 0xffff)
9847 		return -EIO;
9848 
9849 	*rd |= COUNTRY_ERD_FLAG;
9850 	return 0;
9851 }
9852 
9853 static int ath10k_mac_init_rd(struct ath10k *ar)
9854 {
9855 	int ret;
9856 	u16 rd;
9857 
9858 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
9859 	if (ret) {
9860 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9861 			   "fallback to eeprom programmed regulatory settings\n");
9862 		rd = ar->hw_eeprom_rd;
9863 	}
9864 
9865 	ar->ath_common.regulatory.current_rd = rd;
9866 	return 0;
9867 }
9868 
9869 int ath10k_mac_register(struct ath10k *ar)
9870 {
9871 	static const u32 cipher_suites[] = {
9872 		WLAN_CIPHER_SUITE_WEP40,
9873 		WLAN_CIPHER_SUITE_WEP104,
9874 		WLAN_CIPHER_SUITE_TKIP,
9875 		WLAN_CIPHER_SUITE_CCMP,
9876 
9877 		/* Do not add hardware supported ciphers before this line.
9878 		 * Allow software encryption for all chips. Don't forget to
9879 		 * update n_cipher_suites below.
9880 		 */
9881 		WLAN_CIPHER_SUITE_AES_CMAC,
9882 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
9883 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
9884 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
9885 
9886 		/* Only QCA99x0 and QCA4019 varients support GCMP-128, GCMP-256
9887 		 * and CCMP-256 in hardware.
9888 		 */
9889 		WLAN_CIPHER_SUITE_GCMP,
9890 		WLAN_CIPHER_SUITE_GCMP_256,
9891 		WLAN_CIPHER_SUITE_CCMP_256,
9892 	};
9893 	struct ieee80211_supported_band *band;
9894 	void *channels;
9895 	int ret;
9896 
9897 	if (!is_valid_ether_addr(ar->mac_addr)) {
9898 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
9899 		eth_random_addr(ar->mac_addr);
9900 	}
9901 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
9902 
9903 	SET_IEEE80211_DEV(ar->hw, ar->dev);
9904 
9905 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
9906 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
9907 		     ATH10K_NUM_CHANS);
9908 
9909 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
9910 		channels = kmemdup(ath10k_2ghz_channels,
9911 				   sizeof(ath10k_2ghz_channels),
9912 				   GFP_KERNEL);
9913 		if (!channels) {
9914 			ret = -ENOMEM;
9915 			goto err_free;
9916 		}
9917 
9918 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
9919 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
9920 		band->channels = channels;
9921 
9922 		if (ar->hw_params.cck_rate_map_rev2) {
9923 			band->n_bitrates = ath10k_g_rates_rev2_size;
9924 			band->bitrates = ath10k_g_rates_rev2;
9925 		} else {
9926 			band->n_bitrates = ath10k_g_rates_size;
9927 			band->bitrates = ath10k_g_rates;
9928 		}
9929 
9930 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
9931 	}
9932 
9933 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
9934 		channels = kmemdup(ath10k_5ghz_channels,
9935 				   sizeof(ath10k_5ghz_channels),
9936 				   GFP_KERNEL);
9937 		if (!channels) {
9938 			ret = -ENOMEM;
9939 			goto err_free;
9940 		}
9941 
9942 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
9943 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
9944 		band->channels = channels;
9945 		band->n_bitrates = ath10k_a_rates_size;
9946 		band->bitrates = ath10k_a_rates;
9947 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
9948 	}
9949 
9950 	wiphy_read_of_freq_limits(ar->hw->wiphy);
9951 	ath10k_mac_setup_ht_vht_cap(ar);
9952 
9953 	ar->hw->wiphy->interface_modes =
9954 		BIT(NL80211_IFTYPE_STATION) |
9955 		BIT(NL80211_IFTYPE_AP) |
9956 		BIT(NL80211_IFTYPE_MESH_POINT);
9957 
9958 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
9959 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
9960 
9961 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
9962 		ar->hw->wiphy->interface_modes |=
9963 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
9964 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
9965 			BIT(NL80211_IFTYPE_P2P_GO);
9966 
9967 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
9968 
9969 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
9970 		      ar->running_fw->fw_file.fw_features)) {
9971 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
9972 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
9973 	}
9974 
9975 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
9976 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
9977 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
9978 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
9979 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
9980 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
9981 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
9982 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
9983 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
9984 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
9985 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
9986 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
9987 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
9988 
9989 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
9990 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
9991 
9992 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
9993 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
9994 
9995 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
9996 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
9997 
9998 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
9999 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
10000 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
10001 	}
10002 
10003 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
10004 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
10005 
10006 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
10007 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
10008 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
10009 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
10010 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
10011 		ar->hw->wiphy->max_sched_scan_plan_interval =
10012 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
10013 		ar->hw->wiphy->max_sched_scan_plan_iterations =
10014 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
10015 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
10016 	}
10017 
10018 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
10019 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
10020 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
10021 
10022 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
10023 
10024 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
10025 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
10026 
10027 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
10028 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
10029 		 * correct Probe Responses. This is more of a hack advert..
10030 		 */
10031 		ar->hw->wiphy->probe_resp_offload |=
10032 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
10033 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
10034 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
10035 	}
10036 
10037 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
10038 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
10039 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
10040 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
10041 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
10042 	}
10043 
10044 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
10045 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
10046 
10047 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
10048 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
10049 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
10050 
10051 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
10052 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
10053 				   NL80211_FEATURE_AP_SCAN;
10054 
10055 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
10056 
10057 	ret = ath10k_wow_init(ar);
10058 	if (ret) {
10059 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
10060 		goto err_free;
10061 	}
10062 
10063 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
10064 	wiphy_ext_feature_set(ar->hw->wiphy,
10065 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
10066 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
10067 
10068 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
10069 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
10070 		wiphy_ext_feature_set(ar->hw->wiphy,
10071 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
10072 
10073 	if (ath10k_peer_stats_enabled(ar) ||
10074 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
10075 		wiphy_ext_feature_set(ar->hw->wiphy,
10076 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
10077 
10078 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
10079 		wiphy_ext_feature_set(ar->hw->wiphy,
10080 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
10081 
10082 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
10083 		wiphy_ext_feature_set(ar->hw->wiphy,
10084 				      NL80211_EXT_FEATURE_STA_TX_PWR);
10085 
10086 	if (test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map)) {
10087 		ar->hw->wiphy->tid_config_support.vif |=
10088 				BIT(NL80211_TID_CONFIG_ATTR_NOACK) |
10089 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT) |
10090 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG) |
10091 				BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL) |
10092 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
10093 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
10094 
10095 		if (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
10096 			     ar->wmi.svc_map)) {
10097 			ar->hw->wiphy->tid_config_support.vif |=
10098 				BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
10099 		}
10100 
10101 		ar->hw->wiphy->tid_config_support.peer =
10102 				ar->hw->wiphy->tid_config_support.vif;
10103 		ar->hw->wiphy->max_data_retry_count = ATH10K_MAX_RETRY_COUNT;
10104 	} else {
10105 		ar->ops->set_tid_config = NULL;
10106 	}
10107 	/*
10108 	 * on LL hardware queues are managed entirely by the FW
10109 	 * so we only advertise to mac we can do the queues thing
10110 	 */
10111 	ar->hw->queues = IEEE80211_MAX_QUEUES;
10112 
10113 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
10114 	 * something that vdev_ids can't reach so that we don't stop the queue
10115 	 * accidentally.
10116 	 */
10117 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
10118 
10119 	switch (ar->running_fw->fw_file.wmi_op_version) {
10120 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
10121 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
10122 		ar->hw->wiphy->n_iface_combinations =
10123 			ARRAY_SIZE(ath10k_if_comb);
10124 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10125 		break;
10126 	case ATH10K_FW_WMI_OP_VERSION_TLV:
10127 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
10128 			ar->hw->wiphy->iface_combinations =
10129 				ath10k_tlv_qcs_if_comb;
10130 			ar->hw->wiphy->n_iface_combinations =
10131 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
10132 		} else {
10133 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
10134 			ar->hw->wiphy->n_iface_combinations =
10135 				ARRAY_SIZE(ath10k_tlv_if_comb);
10136 		}
10137 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10138 		break;
10139 	case ATH10K_FW_WMI_OP_VERSION_10_1:
10140 	case ATH10K_FW_WMI_OP_VERSION_10_2:
10141 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
10142 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
10143 		ar->hw->wiphy->n_iface_combinations =
10144 			ARRAY_SIZE(ath10k_10x_if_comb);
10145 		break;
10146 	case ATH10K_FW_WMI_OP_VERSION_10_4:
10147 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
10148 		ar->hw->wiphy->n_iface_combinations =
10149 			ARRAY_SIZE(ath10k_10_4_if_comb);
10150 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
10151 			     ar->wmi.svc_map)) {
10152 			ar->hw->wiphy->iface_combinations =
10153 				ath10k_10_4_bcn_int_if_comb;
10154 			ar->hw->wiphy->n_iface_combinations =
10155 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
10156 		}
10157 		break;
10158 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
10159 	case ATH10K_FW_WMI_OP_VERSION_MAX:
10160 		WARN_ON(1);
10161 		ret = -EINVAL;
10162 		goto err_free;
10163 	}
10164 
10165 	if (ar->hw_params.dynamic_sar_support)
10166 		ar->hw->wiphy->sar_capa = &ath10k_sar_capa;
10167 
10168 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10169 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
10170 
10171 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
10172 		/* Init ath dfs pattern detector */
10173 		ar->ath_common.debug_mask = ATH_DBG_DFS;
10174 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
10175 							     NL80211_DFS_UNSET);
10176 
10177 		if (!ar->dfs_detector)
10178 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
10179 	}
10180 
10181 	ret = ath10k_mac_init_rd(ar);
10182 	if (ret) {
10183 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
10184 		goto err_dfs_detector_exit;
10185 	}
10186 
10187 	/* Disable set_coverage_class for chipsets that do not support it. */
10188 	if (!ar->hw_params.hw_ops->set_coverage_class)
10189 		ar->ops->set_coverage_class = NULL;
10190 
10191 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
10192 			    ath10k_reg_notifier);
10193 	if (ret) {
10194 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
10195 		goto err_dfs_detector_exit;
10196 	}
10197 
10198 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
10199 		ar->hw->wiphy->features |=
10200 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
10201 	}
10202 
10203 	ar->hw->wiphy->cipher_suites = cipher_suites;
10204 
10205 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
10206 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
10207 	 * from chip specific hw_param table.
10208 	 */
10209 	if (!ar->hw_params.n_cipher_suites ||
10210 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
10211 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
10212 			   ar->hw_params.n_cipher_suites);
10213 		ar->hw_params.n_cipher_suites = 8;
10214 	}
10215 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
10216 
10217 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
10218 
10219 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
10220 
10221 	ret = ieee80211_register_hw(ar->hw);
10222 	if (ret) {
10223 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
10224 		goto err_dfs_detector_exit;
10225 	}
10226 
10227 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
10228 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
10229 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
10230 	}
10231 
10232 	if (!ath_is_world_regd(&ar->ath_common.regulatory)) {
10233 		ret = regulatory_hint(ar->hw->wiphy,
10234 				      ar->ath_common.regulatory.alpha2);
10235 		if (ret)
10236 			goto err_unregister;
10237 	}
10238 
10239 	return 0;
10240 
10241 err_unregister:
10242 	ieee80211_unregister_hw(ar->hw);
10243 
10244 err_dfs_detector_exit:
10245 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10246 		ar->dfs_detector->exit(ar->dfs_detector);
10247 
10248 err_free:
10249 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10250 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10251 
10252 	SET_IEEE80211_DEV(ar->hw, NULL);
10253 	return ret;
10254 }
10255 
10256 void ath10k_mac_unregister(struct ath10k *ar)
10257 {
10258 	ieee80211_unregister_hw(ar->hw);
10259 
10260 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10261 		ar->dfs_detector->exit(ar->dfs_detector);
10262 
10263 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10264 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10265 
10266 	SET_IEEE80211_DEV(ar->hw, NULL);
10267 }
10268