xref: /linux/drivers/net/wireless/mediatek/mt76/mac80211.c (revision 9e7c9b8eb719835638ee74d93dccc2173581324c)
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (C) 2016 Felix Fietkau <nbd@nbd.name>
4  */
5 #include <linux/sched.h>
6 #include <linux/of.h>
7 #include "mt76.h"
8 
9 #define CHAN2G(_idx, _freq) {			\
10 	.band = NL80211_BAND_2GHZ,		\
11 	.center_freq = (_freq),			\
12 	.hw_value = (_idx),			\
13 	.max_power = 30,			\
14 }
15 
16 #define CHAN5G(_idx, _freq) {			\
17 	.band = NL80211_BAND_5GHZ,		\
18 	.center_freq = (_freq),			\
19 	.hw_value = (_idx),			\
20 	.max_power = 30,			\
21 }
22 
23 #define CHAN6G(_idx, _freq) {			\
24 	.band = NL80211_BAND_6GHZ,		\
25 	.center_freq = (_freq),			\
26 	.hw_value = (_idx),			\
27 	.max_power = 30,			\
28 }
29 
30 static const struct ieee80211_channel mt76_channels_2ghz[] = {
31 	CHAN2G(1, 2412),
32 	CHAN2G(2, 2417),
33 	CHAN2G(3, 2422),
34 	CHAN2G(4, 2427),
35 	CHAN2G(5, 2432),
36 	CHAN2G(6, 2437),
37 	CHAN2G(7, 2442),
38 	CHAN2G(8, 2447),
39 	CHAN2G(9, 2452),
40 	CHAN2G(10, 2457),
41 	CHAN2G(11, 2462),
42 	CHAN2G(12, 2467),
43 	CHAN2G(13, 2472),
44 	CHAN2G(14, 2484),
45 };
46 
47 static const struct ieee80211_channel mt76_channels_5ghz[] = {
48 	CHAN5G(36, 5180),
49 	CHAN5G(40, 5200),
50 	CHAN5G(44, 5220),
51 	CHAN5G(48, 5240),
52 
53 	CHAN5G(52, 5260),
54 	CHAN5G(56, 5280),
55 	CHAN5G(60, 5300),
56 	CHAN5G(64, 5320),
57 
58 	CHAN5G(100, 5500),
59 	CHAN5G(104, 5520),
60 	CHAN5G(108, 5540),
61 	CHAN5G(112, 5560),
62 	CHAN5G(116, 5580),
63 	CHAN5G(120, 5600),
64 	CHAN5G(124, 5620),
65 	CHAN5G(128, 5640),
66 	CHAN5G(132, 5660),
67 	CHAN5G(136, 5680),
68 	CHAN5G(140, 5700),
69 	CHAN5G(144, 5720),
70 
71 	CHAN5G(149, 5745),
72 	CHAN5G(153, 5765),
73 	CHAN5G(157, 5785),
74 	CHAN5G(161, 5805),
75 	CHAN5G(165, 5825),
76 	CHAN5G(169, 5845),
77 	CHAN5G(173, 5865),
78 };
79 
80 static const struct ieee80211_channel mt76_channels_6ghz[] = {
81 	/* UNII-5 */
82 	CHAN6G(1, 5955),
83 	CHAN6G(5, 5975),
84 	CHAN6G(9, 5995),
85 	CHAN6G(13, 6015),
86 	CHAN6G(17, 6035),
87 	CHAN6G(21, 6055),
88 	CHAN6G(25, 6075),
89 	CHAN6G(29, 6095),
90 	CHAN6G(33, 6115),
91 	CHAN6G(37, 6135),
92 	CHAN6G(41, 6155),
93 	CHAN6G(45, 6175),
94 	CHAN6G(49, 6195),
95 	CHAN6G(53, 6215),
96 	CHAN6G(57, 6235),
97 	CHAN6G(61, 6255),
98 	CHAN6G(65, 6275),
99 	CHAN6G(69, 6295),
100 	CHAN6G(73, 6315),
101 	CHAN6G(77, 6335),
102 	CHAN6G(81, 6355),
103 	CHAN6G(85, 6375),
104 	CHAN6G(89, 6395),
105 	CHAN6G(93, 6415),
106 	/* UNII-6 */
107 	CHAN6G(97, 6435),
108 	CHAN6G(101, 6455),
109 	CHAN6G(105, 6475),
110 	CHAN6G(109, 6495),
111 	CHAN6G(113, 6515),
112 	CHAN6G(117, 6535),
113 	/* UNII-7 */
114 	CHAN6G(121, 6555),
115 	CHAN6G(125, 6575),
116 	CHAN6G(129, 6595),
117 	CHAN6G(133, 6615),
118 	CHAN6G(137, 6635),
119 	CHAN6G(141, 6655),
120 	CHAN6G(145, 6675),
121 	CHAN6G(149, 6695),
122 	CHAN6G(153, 6715),
123 	CHAN6G(157, 6735),
124 	CHAN6G(161, 6755),
125 	CHAN6G(165, 6775),
126 	CHAN6G(169, 6795),
127 	CHAN6G(173, 6815),
128 	CHAN6G(177, 6835),
129 	CHAN6G(181, 6855),
130 	CHAN6G(185, 6875),
131 	/* UNII-8 */
132 	CHAN6G(189, 6895),
133 	CHAN6G(193, 6915),
134 	CHAN6G(197, 6935),
135 	CHAN6G(201, 6955),
136 	CHAN6G(205, 6975),
137 	CHAN6G(209, 6995),
138 	CHAN6G(213, 7015),
139 	CHAN6G(217, 7035),
140 	CHAN6G(221, 7055),
141 	CHAN6G(225, 7075),
142 	CHAN6G(229, 7095),
143 	CHAN6G(233, 7115),
144 };
145 
146 static const struct ieee80211_tpt_blink mt76_tpt_blink[] = {
147 	{ .throughput =   0 * 1024, .blink_time = 334 },
148 	{ .throughput =   1 * 1024, .blink_time = 260 },
149 	{ .throughput =   5 * 1024, .blink_time = 220 },
150 	{ .throughput =  10 * 1024, .blink_time = 190 },
151 	{ .throughput =  20 * 1024, .blink_time = 170 },
152 	{ .throughput =  50 * 1024, .blink_time = 150 },
153 	{ .throughput =  70 * 1024, .blink_time = 130 },
154 	{ .throughput = 100 * 1024, .blink_time = 110 },
155 	{ .throughput = 200 * 1024, .blink_time =  80 },
156 	{ .throughput = 300 * 1024, .blink_time =  50 },
157 };
158 
159 struct ieee80211_rate mt76_rates[] = {
160 	CCK_RATE(0, 10),
161 	CCK_RATE(1, 20),
162 	CCK_RATE(2, 55),
163 	CCK_RATE(3, 110),
164 	OFDM_RATE(11, 60),
165 	OFDM_RATE(15, 90),
166 	OFDM_RATE(10, 120),
167 	OFDM_RATE(14, 180),
168 	OFDM_RATE(9,  240),
169 	OFDM_RATE(13, 360),
170 	OFDM_RATE(8,  480),
171 	OFDM_RATE(12, 540),
172 };
173 EXPORT_SYMBOL_GPL(mt76_rates);
174 
175 static const struct cfg80211_sar_freq_ranges mt76_sar_freq_ranges[] = {
176 	{ .start_freq = 2402, .end_freq = 2494, },
177 	{ .start_freq = 5150, .end_freq = 5350, },
178 	{ .start_freq = 5350, .end_freq = 5470, },
179 	{ .start_freq = 5470, .end_freq = 5725, },
180 	{ .start_freq = 5725, .end_freq = 5950, },
181 };
182 
183 static const struct cfg80211_sar_capa mt76_sar_capa = {
184 	.type = NL80211_SAR_TYPE_POWER,
185 	.num_freq_ranges = ARRAY_SIZE(mt76_sar_freq_ranges),
186 	.freq_ranges = &mt76_sar_freq_ranges[0],
187 };
188 
189 static int mt76_led_init(struct mt76_dev *dev)
190 {
191 	struct device_node *np = dev->dev->of_node;
192 	struct ieee80211_hw *hw = dev->hw;
193 	int led_pin;
194 
195 	if (!dev->led_cdev.brightness_set && !dev->led_cdev.blink_set)
196 		return 0;
197 
198 	snprintf(dev->led_name, sizeof(dev->led_name),
199 		 "mt76-%s", wiphy_name(hw->wiphy));
200 
201 	dev->led_cdev.name = dev->led_name;
202 	dev->led_cdev.default_trigger =
203 		ieee80211_create_tpt_led_trigger(hw,
204 					IEEE80211_TPT_LEDTRIG_FL_RADIO,
205 					mt76_tpt_blink,
206 					ARRAY_SIZE(mt76_tpt_blink));
207 
208 	np = of_get_child_by_name(np, "led");
209 	if (np) {
210 		if (!of_property_read_u32(np, "led-sources", &led_pin))
211 			dev->led_pin = led_pin;
212 		dev->led_al = of_property_read_bool(np, "led-active-low");
213 	}
214 
215 	return led_classdev_register(dev->dev, &dev->led_cdev);
216 }
217 
218 static void mt76_led_cleanup(struct mt76_dev *dev)
219 {
220 	if (!dev->led_cdev.brightness_set && !dev->led_cdev.blink_set)
221 		return;
222 
223 	led_classdev_unregister(&dev->led_cdev);
224 }
225 
226 static void mt76_init_stream_cap(struct mt76_phy *phy,
227 				 struct ieee80211_supported_band *sband,
228 				 bool vht)
229 {
230 	struct ieee80211_sta_ht_cap *ht_cap = &sband->ht_cap;
231 	int i, nstream = hweight8(phy->antenna_mask);
232 	struct ieee80211_sta_vht_cap *vht_cap;
233 	u16 mcs_map = 0;
234 
235 	if (nstream > 1)
236 		ht_cap->cap |= IEEE80211_HT_CAP_TX_STBC;
237 	else
238 		ht_cap->cap &= ~IEEE80211_HT_CAP_TX_STBC;
239 
240 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
241 		ht_cap->mcs.rx_mask[i] = i < nstream ? 0xff : 0;
242 
243 	if (!vht)
244 		return;
245 
246 	vht_cap = &sband->vht_cap;
247 	if (nstream > 1)
248 		vht_cap->cap |= IEEE80211_VHT_CAP_TXSTBC;
249 	else
250 		vht_cap->cap &= ~IEEE80211_VHT_CAP_TXSTBC;
251 	vht_cap->cap |= IEEE80211_VHT_CAP_TX_ANTENNA_PATTERN |
252 			IEEE80211_VHT_CAP_RX_ANTENNA_PATTERN;
253 
254 	for (i = 0; i < 8; i++) {
255 		if (i < nstream)
256 			mcs_map |= (IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2));
257 		else
258 			mcs_map |=
259 				(IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2));
260 	}
261 	vht_cap->vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
262 	vht_cap->vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
263 }
264 
265 void mt76_set_stream_caps(struct mt76_phy *phy, bool vht)
266 {
267 	if (phy->cap.has_2ghz)
268 		mt76_init_stream_cap(phy, &phy->sband_2g.sband, false);
269 	if (phy->cap.has_5ghz)
270 		mt76_init_stream_cap(phy, &phy->sband_5g.sband, vht);
271 	if (phy->cap.has_6ghz)
272 		mt76_init_stream_cap(phy, &phy->sband_6g.sband, vht);
273 }
274 EXPORT_SYMBOL_GPL(mt76_set_stream_caps);
275 
276 static int
277 mt76_init_sband(struct mt76_phy *phy, struct mt76_sband *msband,
278 		const struct ieee80211_channel *chan, int n_chan,
279 		struct ieee80211_rate *rates, int n_rates,
280 		bool ht, bool vht)
281 {
282 	struct ieee80211_supported_band *sband = &msband->sband;
283 	struct ieee80211_sta_vht_cap *vht_cap;
284 	struct ieee80211_sta_ht_cap *ht_cap;
285 	struct mt76_dev *dev = phy->dev;
286 	void *chanlist;
287 	int size;
288 
289 	size = n_chan * sizeof(*chan);
290 	chanlist = devm_kmemdup(dev->dev, chan, size, GFP_KERNEL);
291 	if (!chanlist)
292 		return -ENOMEM;
293 
294 	msband->chan = devm_kcalloc(dev->dev, n_chan, sizeof(*msband->chan),
295 				    GFP_KERNEL);
296 	if (!msband->chan)
297 		return -ENOMEM;
298 
299 	sband->channels = chanlist;
300 	sband->n_channels = n_chan;
301 	sband->bitrates = rates;
302 	sband->n_bitrates = n_rates;
303 
304 	if (!ht)
305 		return 0;
306 
307 	ht_cap = &sband->ht_cap;
308 	ht_cap->ht_supported = true;
309 	ht_cap->cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40 |
310 		       IEEE80211_HT_CAP_GRN_FLD |
311 		       IEEE80211_HT_CAP_SGI_20 |
312 		       IEEE80211_HT_CAP_SGI_40 |
313 		       (1 << IEEE80211_HT_CAP_RX_STBC_SHIFT);
314 
315 	ht_cap->mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
316 	ht_cap->ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
317 
318 	mt76_init_stream_cap(phy, sband, vht);
319 
320 	if (!vht)
321 		return 0;
322 
323 	vht_cap = &sband->vht_cap;
324 	vht_cap->vht_supported = true;
325 	vht_cap->cap |= IEEE80211_VHT_CAP_RXLDPC |
326 			IEEE80211_VHT_CAP_RXSTBC_1 |
327 			IEEE80211_VHT_CAP_SHORT_GI_80 |
328 			(3 << IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT);
329 
330 	return 0;
331 }
332 
333 static int
334 mt76_init_sband_2g(struct mt76_phy *phy, struct ieee80211_rate *rates,
335 		   int n_rates)
336 {
337 	phy->hw->wiphy->bands[NL80211_BAND_2GHZ] = &phy->sband_2g.sband;
338 
339 	return mt76_init_sband(phy, &phy->sband_2g, mt76_channels_2ghz,
340 			       ARRAY_SIZE(mt76_channels_2ghz), rates,
341 			       n_rates, true, false);
342 }
343 
344 static int
345 mt76_init_sband_5g(struct mt76_phy *phy, struct ieee80211_rate *rates,
346 		   int n_rates, bool vht)
347 {
348 	phy->hw->wiphy->bands[NL80211_BAND_5GHZ] = &phy->sband_5g.sband;
349 
350 	return mt76_init_sband(phy, &phy->sband_5g, mt76_channels_5ghz,
351 			       ARRAY_SIZE(mt76_channels_5ghz), rates,
352 			       n_rates, true, vht);
353 }
354 
355 static int
356 mt76_init_sband_6g(struct mt76_phy *phy, struct ieee80211_rate *rates,
357 		   int n_rates)
358 {
359 	phy->hw->wiphy->bands[NL80211_BAND_6GHZ] = &phy->sband_6g.sband;
360 
361 	return mt76_init_sband(phy, &phy->sband_6g, mt76_channels_6ghz,
362 			       ARRAY_SIZE(mt76_channels_6ghz), rates,
363 			       n_rates, false, false);
364 }
365 
366 static void
367 mt76_check_sband(struct mt76_phy *phy, struct mt76_sband *msband,
368 		 enum nl80211_band band)
369 {
370 	struct ieee80211_supported_band *sband = &msband->sband;
371 	bool found = false;
372 	int i;
373 
374 	if (!sband)
375 		return;
376 
377 	for (i = 0; i < sband->n_channels; i++) {
378 		if (sband->channels[i].flags & IEEE80211_CHAN_DISABLED)
379 			continue;
380 
381 		found = true;
382 		break;
383 	}
384 
385 	if (found) {
386 		phy->chandef.chan = &sband->channels[0];
387 		phy->chan_state = &msband->chan[0];
388 		return;
389 	}
390 
391 	sband->n_channels = 0;
392 	phy->hw->wiphy->bands[band] = NULL;
393 }
394 
395 static int
396 mt76_phy_init(struct mt76_phy *phy, struct ieee80211_hw *hw)
397 {
398 	struct mt76_dev *dev = phy->dev;
399 	struct wiphy *wiphy = hw->wiphy;
400 
401 	SET_IEEE80211_DEV(hw, dev->dev);
402 	SET_IEEE80211_PERM_ADDR(hw, phy->macaddr);
403 
404 	wiphy->features |= NL80211_FEATURE_ACTIVE_MONITOR;
405 	wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH |
406 			WIPHY_FLAG_SUPPORTS_TDLS |
407 			WIPHY_FLAG_AP_UAPSD;
408 
409 	wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
410 	wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
411 	wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_AQL);
412 
413 	wiphy->available_antennas_tx = phy->antenna_mask;
414 	wiphy->available_antennas_rx = phy->antenna_mask;
415 
416 	wiphy->sar_capa = &mt76_sar_capa;
417 	phy->frp = devm_kcalloc(dev->dev, wiphy->sar_capa->num_freq_ranges,
418 				sizeof(struct mt76_freq_range_power),
419 				GFP_KERNEL);
420 	if (!phy->frp)
421 		return -ENOMEM;
422 
423 	hw->txq_data_size = sizeof(struct mt76_txq);
424 	hw->uapsd_max_sp_len = IEEE80211_WMM_IE_STA_QOSINFO_SP_ALL;
425 
426 	if (!hw->max_tx_fragments)
427 		hw->max_tx_fragments = 16;
428 
429 	ieee80211_hw_set(hw, SIGNAL_DBM);
430 	ieee80211_hw_set(hw, AMPDU_AGGREGATION);
431 	ieee80211_hw_set(hw, SUPPORTS_RC_TABLE);
432 	ieee80211_hw_set(hw, SUPPORT_FAST_XMIT);
433 	ieee80211_hw_set(hw, SUPPORTS_CLONED_SKBS);
434 	ieee80211_hw_set(hw, SUPPORTS_AMSDU_IN_AMPDU);
435 	ieee80211_hw_set(hw, SUPPORTS_REORDERING_BUFFER);
436 	ieee80211_hw_set(hw, TX_AMSDU);
437 	ieee80211_hw_set(hw, TX_FRAG_LIST);
438 	ieee80211_hw_set(hw, MFP_CAPABLE);
439 	ieee80211_hw_set(hw, AP_LINK_PS);
440 	ieee80211_hw_set(hw, REPORTS_TX_ACK_STATUS);
441 
442 	return 0;
443 }
444 
445 struct mt76_phy *
446 mt76_alloc_phy(struct mt76_dev *dev, unsigned int size,
447 	       const struct ieee80211_ops *ops)
448 {
449 	struct ieee80211_hw *hw;
450 	unsigned int phy_size;
451 	struct mt76_phy *phy;
452 
453 	phy_size = ALIGN(sizeof(*phy), 8);
454 	hw = ieee80211_alloc_hw(size + phy_size, ops);
455 	if (!hw)
456 		return NULL;
457 
458 	phy = hw->priv;
459 	phy->dev = dev;
460 	phy->hw = hw;
461 	phy->priv = hw->priv + phy_size;
462 
463 	hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
464 	hw->wiphy->interface_modes =
465 		BIT(NL80211_IFTYPE_STATION) |
466 		BIT(NL80211_IFTYPE_AP) |
467 #ifdef CONFIG_MAC80211_MESH
468 		BIT(NL80211_IFTYPE_MESH_POINT) |
469 #endif
470 		BIT(NL80211_IFTYPE_P2P_CLIENT) |
471 		BIT(NL80211_IFTYPE_P2P_GO) |
472 		BIT(NL80211_IFTYPE_ADHOC);
473 
474 	return phy;
475 }
476 EXPORT_SYMBOL_GPL(mt76_alloc_phy);
477 
478 int mt76_register_phy(struct mt76_phy *phy, bool vht,
479 		      struct ieee80211_rate *rates, int n_rates)
480 {
481 	int ret;
482 
483 	ret = mt76_phy_init(phy, phy->hw);
484 	if (ret)
485 		return ret;
486 
487 	if (phy->cap.has_2ghz) {
488 		ret = mt76_init_sband_2g(phy, rates, n_rates);
489 		if (ret)
490 			return ret;
491 	}
492 
493 	if (phy->cap.has_5ghz) {
494 		ret = mt76_init_sband_5g(phy, rates + 4, n_rates - 4, vht);
495 		if (ret)
496 			return ret;
497 	}
498 
499 	if (phy->cap.has_6ghz) {
500 		ret = mt76_init_sband_6g(phy, rates + 4, n_rates - 4);
501 		if (ret)
502 			return ret;
503 	}
504 
505 	wiphy_read_of_freq_limits(phy->hw->wiphy);
506 	mt76_check_sband(phy, &phy->sband_2g, NL80211_BAND_2GHZ);
507 	mt76_check_sband(phy, &phy->sband_5g, NL80211_BAND_5GHZ);
508 	mt76_check_sband(phy, &phy->sband_6g, NL80211_BAND_6GHZ);
509 
510 	ret = ieee80211_register_hw(phy->hw);
511 	if (ret)
512 		return ret;
513 
514 	phy->dev->phy2 = phy;
515 
516 	return 0;
517 }
518 EXPORT_SYMBOL_GPL(mt76_register_phy);
519 
520 void mt76_unregister_phy(struct mt76_phy *phy)
521 {
522 	struct mt76_dev *dev = phy->dev;
523 
524 	mt76_tx_status_check(dev, true);
525 	ieee80211_unregister_hw(phy->hw);
526 	dev->phy2 = NULL;
527 }
528 EXPORT_SYMBOL_GPL(mt76_unregister_phy);
529 
530 struct mt76_dev *
531 mt76_alloc_device(struct device *pdev, unsigned int size,
532 		  const struct ieee80211_ops *ops,
533 		  const struct mt76_driver_ops *drv_ops)
534 {
535 	struct ieee80211_hw *hw;
536 	struct mt76_phy *phy;
537 	struct mt76_dev *dev;
538 	int i;
539 
540 	hw = ieee80211_alloc_hw(size, ops);
541 	if (!hw)
542 		return NULL;
543 
544 	dev = hw->priv;
545 	dev->hw = hw;
546 	dev->dev = pdev;
547 	dev->drv = drv_ops;
548 	dev->dma_dev = pdev;
549 
550 	phy = &dev->phy;
551 	phy->dev = dev;
552 	phy->hw = hw;
553 
554 	spin_lock_init(&dev->rx_lock);
555 	spin_lock_init(&dev->lock);
556 	spin_lock_init(&dev->cc_lock);
557 	spin_lock_init(&dev->status_lock);
558 	mutex_init(&dev->mutex);
559 	init_waitqueue_head(&dev->tx_wait);
560 
561 	skb_queue_head_init(&dev->mcu.res_q);
562 	init_waitqueue_head(&dev->mcu.wait);
563 	mutex_init(&dev->mcu.mutex);
564 	dev->tx_worker.fn = mt76_tx_worker;
565 
566 	hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
567 	hw->wiphy->interface_modes =
568 		BIT(NL80211_IFTYPE_STATION) |
569 		BIT(NL80211_IFTYPE_AP) |
570 #ifdef CONFIG_MAC80211_MESH
571 		BIT(NL80211_IFTYPE_MESH_POINT) |
572 #endif
573 		BIT(NL80211_IFTYPE_P2P_CLIENT) |
574 		BIT(NL80211_IFTYPE_P2P_GO) |
575 		BIT(NL80211_IFTYPE_ADHOC);
576 
577 	spin_lock_init(&dev->token_lock);
578 	idr_init(&dev->token);
579 
580 	INIT_LIST_HEAD(&dev->wcid_list);
581 
582 	INIT_LIST_HEAD(&dev->txwi_cache);
583 	dev->token_size = dev->drv->token_size;
584 
585 	for (i = 0; i < ARRAY_SIZE(dev->q_rx); i++)
586 		skb_queue_head_init(&dev->rx_skb[i]);
587 
588 	dev->wq = alloc_ordered_workqueue("mt76", 0);
589 	if (!dev->wq) {
590 		ieee80211_free_hw(hw);
591 		return NULL;
592 	}
593 
594 	return dev;
595 }
596 EXPORT_SYMBOL_GPL(mt76_alloc_device);
597 
598 int mt76_register_device(struct mt76_dev *dev, bool vht,
599 			 struct ieee80211_rate *rates, int n_rates)
600 {
601 	struct ieee80211_hw *hw = dev->hw;
602 	struct mt76_phy *phy = &dev->phy;
603 	int ret;
604 
605 	dev_set_drvdata(dev->dev, dev);
606 	ret = mt76_phy_init(phy, hw);
607 	if (ret)
608 		return ret;
609 
610 	if (phy->cap.has_2ghz) {
611 		ret = mt76_init_sband_2g(phy, rates, n_rates);
612 		if (ret)
613 			return ret;
614 	}
615 
616 	if (phy->cap.has_5ghz) {
617 		ret = mt76_init_sband_5g(phy, rates + 4, n_rates - 4, vht);
618 		if (ret)
619 			return ret;
620 	}
621 
622 	if (phy->cap.has_6ghz) {
623 		ret = mt76_init_sband_6g(phy, rates + 4, n_rates - 4);
624 		if (ret)
625 			return ret;
626 	}
627 
628 	wiphy_read_of_freq_limits(hw->wiphy);
629 	mt76_check_sband(&dev->phy, &phy->sband_2g, NL80211_BAND_2GHZ);
630 	mt76_check_sband(&dev->phy, &phy->sband_5g, NL80211_BAND_5GHZ);
631 	mt76_check_sband(&dev->phy, &phy->sband_6g, NL80211_BAND_6GHZ);
632 
633 	if (IS_ENABLED(CONFIG_MT76_LEDS)) {
634 		ret = mt76_led_init(dev);
635 		if (ret)
636 			return ret;
637 	}
638 
639 	ret = ieee80211_register_hw(hw);
640 	if (ret)
641 		return ret;
642 
643 	WARN_ON(mt76_worker_setup(hw, &dev->tx_worker, NULL, "tx"));
644 	sched_set_fifo_low(dev->tx_worker.task);
645 
646 	return 0;
647 }
648 EXPORT_SYMBOL_GPL(mt76_register_device);
649 
650 void mt76_unregister_device(struct mt76_dev *dev)
651 {
652 	struct ieee80211_hw *hw = dev->hw;
653 
654 	if (IS_ENABLED(CONFIG_MT76_LEDS))
655 		mt76_led_cleanup(dev);
656 	mt76_tx_status_check(dev, true);
657 	ieee80211_unregister_hw(hw);
658 }
659 EXPORT_SYMBOL_GPL(mt76_unregister_device);
660 
661 void mt76_free_device(struct mt76_dev *dev)
662 {
663 	mt76_worker_teardown(&dev->tx_worker);
664 	if (dev->wq) {
665 		destroy_workqueue(dev->wq);
666 		dev->wq = NULL;
667 	}
668 	ieee80211_free_hw(dev->hw);
669 }
670 EXPORT_SYMBOL_GPL(mt76_free_device);
671 
672 static void mt76_rx_release_amsdu(struct mt76_phy *phy, enum mt76_rxq_id q)
673 {
674 	struct sk_buff *skb = phy->rx_amsdu[q].head;
675 	struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
676 	struct mt76_dev *dev = phy->dev;
677 
678 	phy->rx_amsdu[q].head = NULL;
679 	phy->rx_amsdu[q].tail = NULL;
680 
681 	/*
682 	 * Validate if the amsdu has a proper first subframe.
683 	 * A single MSDU can be parsed as A-MSDU when the unauthenticated A-MSDU
684 	 * flag of the QoS header gets flipped. In such cases, the first
685 	 * subframe has a LLC/SNAP header in the location of the destination
686 	 * address.
687 	 */
688 	if (skb_shinfo(skb)->frag_list) {
689 		int offset = 0;
690 
691 		if (!(status->flag & RX_FLAG_8023)) {
692 			offset = ieee80211_get_hdrlen_from_skb(skb);
693 
694 			if ((status->flag &
695 			     (RX_FLAG_DECRYPTED | RX_FLAG_IV_STRIPPED)) ==
696 			    RX_FLAG_DECRYPTED)
697 				offset += 8;
698 		}
699 
700 		if (ether_addr_equal(skb->data + offset, rfc1042_header)) {
701 			dev_kfree_skb(skb);
702 			return;
703 		}
704 	}
705 	__skb_queue_tail(&dev->rx_skb[q], skb);
706 }
707 
708 static void mt76_rx_release_burst(struct mt76_phy *phy, enum mt76_rxq_id q,
709 				  struct sk_buff *skb)
710 {
711 	struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
712 
713 	if (phy->rx_amsdu[q].head &&
714 	    (!status->amsdu || status->first_amsdu ||
715 	     status->seqno != phy->rx_amsdu[q].seqno))
716 		mt76_rx_release_amsdu(phy, q);
717 
718 	if (!phy->rx_amsdu[q].head) {
719 		phy->rx_amsdu[q].tail = &skb_shinfo(skb)->frag_list;
720 		phy->rx_amsdu[q].seqno = status->seqno;
721 		phy->rx_amsdu[q].head = skb;
722 	} else {
723 		*phy->rx_amsdu[q].tail = skb;
724 		phy->rx_amsdu[q].tail = &skb->next;
725 	}
726 
727 	if (!status->amsdu || status->last_amsdu)
728 		mt76_rx_release_amsdu(phy, q);
729 }
730 
731 void mt76_rx(struct mt76_dev *dev, enum mt76_rxq_id q, struct sk_buff *skb)
732 {
733 	struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
734 	struct mt76_phy *phy = mt76_dev_phy(dev, status->ext_phy);
735 
736 	if (!test_bit(MT76_STATE_RUNNING, &phy->state)) {
737 		dev_kfree_skb(skb);
738 		return;
739 	}
740 
741 #ifdef CONFIG_NL80211_TESTMODE
742 	if (phy->test.state == MT76_TM_STATE_RX_FRAMES) {
743 		phy->test.rx_stats.packets[q]++;
744 		if (status->flag & RX_FLAG_FAILED_FCS_CRC)
745 			phy->test.rx_stats.fcs_error[q]++;
746 	}
747 #endif
748 
749 	mt76_rx_release_burst(phy, q, skb);
750 }
751 EXPORT_SYMBOL_GPL(mt76_rx);
752 
753 bool mt76_has_tx_pending(struct mt76_phy *phy)
754 {
755 	struct mt76_queue *q;
756 	int i;
757 
758 	for (i = 0; i < __MT_TXQ_MAX; i++) {
759 		q = phy->q_tx[i];
760 		if (q && q->queued)
761 			return true;
762 	}
763 
764 	return false;
765 }
766 EXPORT_SYMBOL_GPL(mt76_has_tx_pending);
767 
768 static struct mt76_channel_state *
769 mt76_channel_state(struct mt76_phy *phy, struct ieee80211_channel *c)
770 {
771 	struct mt76_sband *msband;
772 	int idx;
773 
774 	if (c->band == NL80211_BAND_2GHZ)
775 		msband = &phy->sband_2g;
776 	else if (c->band == NL80211_BAND_6GHZ)
777 		msband = &phy->sband_6g;
778 	else
779 		msband = &phy->sband_5g;
780 
781 	idx = c - &msband->sband.channels[0];
782 	return &msband->chan[idx];
783 }
784 
785 void mt76_update_survey_active_time(struct mt76_phy *phy, ktime_t time)
786 {
787 	struct mt76_channel_state *state = phy->chan_state;
788 
789 	state->cc_active += ktime_to_us(ktime_sub(time,
790 						  phy->survey_time));
791 	phy->survey_time = time;
792 }
793 EXPORT_SYMBOL_GPL(mt76_update_survey_active_time);
794 
795 void mt76_update_survey(struct mt76_phy *phy)
796 {
797 	struct mt76_dev *dev = phy->dev;
798 	ktime_t cur_time;
799 
800 	if (dev->drv->update_survey)
801 		dev->drv->update_survey(phy);
802 
803 	cur_time = ktime_get_boottime();
804 	mt76_update_survey_active_time(phy, cur_time);
805 
806 	if (dev->drv->drv_flags & MT_DRV_SW_RX_AIRTIME) {
807 		struct mt76_channel_state *state = phy->chan_state;
808 
809 		spin_lock_bh(&dev->cc_lock);
810 		state->cc_bss_rx += dev->cur_cc_bss_rx;
811 		dev->cur_cc_bss_rx = 0;
812 		spin_unlock_bh(&dev->cc_lock);
813 	}
814 }
815 EXPORT_SYMBOL_GPL(mt76_update_survey);
816 
817 void mt76_set_channel(struct mt76_phy *phy)
818 {
819 	struct mt76_dev *dev = phy->dev;
820 	struct ieee80211_hw *hw = phy->hw;
821 	struct cfg80211_chan_def *chandef = &hw->conf.chandef;
822 	bool offchannel = hw->conf.flags & IEEE80211_CONF_OFFCHANNEL;
823 	int timeout = HZ / 5;
824 
825 	wait_event_timeout(dev->tx_wait, !mt76_has_tx_pending(phy), timeout);
826 	mt76_update_survey(phy);
827 
828 	if (phy->chandef.chan->center_freq != chandef->chan->center_freq ||
829 	    phy->chandef.width != chandef->width)
830 		phy->dfs_state = MT_DFS_STATE_UNKNOWN;
831 
832 	phy->chandef = *chandef;
833 	phy->chan_state = mt76_channel_state(phy, chandef->chan);
834 
835 	if (!offchannel)
836 		phy->main_chan = chandef->chan;
837 
838 	if (chandef->chan != phy->main_chan)
839 		memset(phy->chan_state, 0, sizeof(*phy->chan_state));
840 }
841 EXPORT_SYMBOL_GPL(mt76_set_channel);
842 
843 int mt76_get_survey(struct ieee80211_hw *hw, int idx,
844 		    struct survey_info *survey)
845 {
846 	struct mt76_phy *phy = hw->priv;
847 	struct mt76_dev *dev = phy->dev;
848 	struct mt76_sband *sband;
849 	struct ieee80211_channel *chan;
850 	struct mt76_channel_state *state;
851 	int ret = 0;
852 
853 	mutex_lock(&dev->mutex);
854 	if (idx == 0 && dev->drv->update_survey)
855 		mt76_update_survey(phy);
856 
857 	if (idx >= phy->sband_2g.sband.n_channels +
858 		   phy->sband_5g.sband.n_channels) {
859 		idx -= (phy->sband_2g.sband.n_channels +
860 			phy->sband_5g.sband.n_channels);
861 		sband = &phy->sband_6g;
862 	} else if (idx >= phy->sband_2g.sband.n_channels) {
863 		idx -= phy->sband_2g.sband.n_channels;
864 		sband = &phy->sband_5g;
865 	} else {
866 		sband = &phy->sband_2g;
867 	}
868 
869 	if (idx >= sband->sband.n_channels) {
870 		ret = -ENOENT;
871 		goto out;
872 	}
873 
874 	chan = &sband->sband.channels[idx];
875 	state = mt76_channel_state(phy, chan);
876 
877 	memset(survey, 0, sizeof(*survey));
878 	survey->channel = chan;
879 	survey->filled = SURVEY_INFO_TIME | SURVEY_INFO_TIME_BUSY;
880 	survey->filled |= dev->drv->survey_flags;
881 	if (state->noise)
882 		survey->filled |= SURVEY_INFO_NOISE_DBM;
883 
884 	if (chan == phy->main_chan) {
885 		survey->filled |= SURVEY_INFO_IN_USE;
886 
887 		if (dev->drv->drv_flags & MT_DRV_SW_RX_AIRTIME)
888 			survey->filled |= SURVEY_INFO_TIME_BSS_RX;
889 	}
890 
891 	survey->time_busy = div_u64(state->cc_busy, 1000);
892 	survey->time_rx = div_u64(state->cc_rx, 1000);
893 	survey->time = div_u64(state->cc_active, 1000);
894 	survey->noise = state->noise;
895 
896 	spin_lock_bh(&dev->cc_lock);
897 	survey->time_bss_rx = div_u64(state->cc_bss_rx, 1000);
898 	survey->time_tx = div_u64(state->cc_tx, 1000);
899 	spin_unlock_bh(&dev->cc_lock);
900 
901 out:
902 	mutex_unlock(&dev->mutex);
903 
904 	return ret;
905 }
906 EXPORT_SYMBOL_GPL(mt76_get_survey);
907 
908 void mt76_wcid_key_setup(struct mt76_dev *dev, struct mt76_wcid *wcid,
909 			 struct ieee80211_key_conf *key)
910 {
911 	struct ieee80211_key_seq seq;
912 	int i;
913 
914 	wcid->rx_check_pn = false;
915 
916 	if (!key)
917 		return;
918 
919 	if (key->cipher != WLAN_CIPHER_SUITE_CCMP)
920 		return;
921 
922 	wcid->rx_check_pn = true;
923 
924 	/* data frame */
925 	for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
926 		ieee80211_get_key_rx_seq(key, i, &seq);
927 		memcpy(wcid->rx_key_pn[i], seq.ccmp.pn, sizeof(seq.ccmp.pn));
928 	}
929 
930 	/* robust management frame */
931 	ieee80211_get_key_rx_seq(key, -1, &seq);
932 	memcpy(wcid->rx_key_pn[i], seq.ccmp.pn, sizeof(seq.ccmp.pn));
933 
934 }
935 EXPORT_SYMBOL(mt76_wcid_key_setup);
936 
937 static int
938 mt76_rx_signal(struct mt76_rx_status *status)
939 {
940 	s8 *chain_signal = status->chain_signal;
941 	int signal = -128;
942 	u8 chains;
943 
944 	for (chains = status->chains; chains; chains >>= 1, chain_signal++) {
945 		int cur, diff;
946 
947 		cur = *chain_signal;
948 		if (!(chains & BIT(0)) ||
949 		    cur > 0)
950 			continue;
951 
952 		if (cur > signal)
953 			swap(cur, signal);
954 
955 		diff = signal - cur;
956 		if (diff == 0)
957 			signal += 3;
958 		else if (diff <= 2)
959 			signal += 2;
960 		else if (diff <= 6)
961 			signal += 1;
962 	}
963 
964 	return signal;
965 }
966 
967 static void
968 mt76_rx_convert(struct mt76_dev *dev, struct sk_buff *skb,
969 		struct ieee80211_hw **hw,
970 		struct ieee80211_sta **sta)
971 {
972 	struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
973 	struct ieee80211_hdr *hdr = mt76_skb_get_hdr(skb);
974 	struct mt76_rx_status mstat;
975 
976 	mstat = *((struct mt76_rx_status *)skb->cb);
977 	memset(status, 0, sizeof(*status));
978 
979 	status->flag = mstat.flag;
980 	status->freq = mstat.freq;
981 	status->enc_flags = mstat.enc_flags;
982 	status->encoding = mstat.encoding;
983 	status->bw = mstat.bw;
984 	status->he_ru = mstat.he_ru;
985 	status->he_gi = mstat.he_gi;
986 	status->he_dcm = mstat.he_dcm;
987 	status->rate_idx = mstat.rate_idx;
988 	status->nss = mstat.nss;
989 	status->band = mstat.band;
990 	status->signal = mstat.signal;
991 	status->chains = mstat.chains;
992 	status->ampdu_reference = mstat.ampdu_ref;
993 	status->device_timestamp = mstat.timestamp;
994 	status->mactime = mstat.timestamp;
995 	status->signal = mt76_rx_signal(&mstat);
996 	if (status->signal <= -128)
997 		status->flag |= RX_FLAG_NO_SIGNAL_VAL;
998 
999 	if (ieee80211_is_beacon(hdr->frame_control) ||
1000 	    ieee80211_is_probe_resp(hdr->frame_control))
1001 		status->boottime_ns = ktime_get_boottime_ns();
1002 
1003 	BUILD_BUG_ON(sizeof(mstat) > sizeof(skb->cb));
1004 	BUILD_BUG_ON(sizeof(status->chain_signal) !=
1005 		     sizeof(mstat.chain_signal));
1006 	memcpy(status->chain_signal, mstat.chain_signal,
1007 	       sizeof(mstat.chain_signal));
1008 
1009 	*sta = wcid_to_sta(mstat.wcid);
1010 	*hw = mt76_phy_hw(dev, mstat.ext_phy);
1011 }
1012 
1013 static int
1014 mt76_check_ccmp_pn(struct sk_buff *skb)
1015 {
1016 	struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
1017 	struct mt76_wcid *wcid = status->wcid;
1018 	struct ieee80211_hdr *hdr;
1019 	int security_idx;
1020 	int ret;
1021 
1022 	if (!(status->flag & RX_FLAG_DECRYPTED))
1023 		return 0;
1024 
1025 	if (!wcid || !wcid->rx_check_pn)
1026 		return 0;
1027 
1028 	security_idx = status->qos_ctl & IEEE80211_QOS_CTL_TID_MASK;
1029 	if (status->flag & RX_FLAG_8023)
1030 		goto skip_hdr_check;
1031 
1032 	hdr = mt76_skb_get_hdr(skb);
1033 	if (!(status->flag & RX_FLAG_IV_STRIPPED)) {
1034 		/*
1035 		 * Validate the first fragment both here and in mac80211
1036 		 * All further fragments will be validated by mac80211 only.
1037 		 */
1038 		if (ieee80211_is_frag(hdr) &&
1039 		    !ieee80211_is_first_frag(hdr->frame_control))
1040 			return 0;
1041 	}
1042 
1043 	/* IEEE 802.11-2020, 12.5.3.4.4 "PN and replay detection" c):
1044 	 *
1045 	 * the recipient shall maintain a single replay counter for received
1046 	 * individually addressed robust Management frames that are received
1047 	 * with the To DS subfield equal to 0, [...]
1048 	 */
1049 	if (ieee80211_is_mgmt(hdr->frame_control) &&
1050 	    !ieee80211_has_tods(hdr->frame_control))
1051 		security_idx = IEEE80211_NUM_TIDS;
1052 
1053 skip_hdr_check:
1054 	BUILD_BUG_ON(sizeof(status->iv) != sizeof(wcid->rx_key_pn[0]));
1055 	ret = memcmp(status->iv, wcid->rx_key_pn[security_idx],
1056 		     sizeof(status->iv));
1057 	if (ret <= 0)
1058 		return -EINVAL; /* replay */
1059 
1060 	memcpy(wcid->rx_key_pn[security_idx], status->iv, sizeof(status->iv));
1061 
1062 	if (status->flag & RX_FLAG_IV_STRIPPED)
1063 		status->flag |= RX_FLAG_PN_VALIDATED;
1064 
1065 	return 0;
1066 }
1067 
1068 static void
1069 mt76_airtime_report(struct mt76_dev *dev, struct mt76_rx_status *status,
1070 		    int len)
1071 {
1072 	struct mt76_wcid *wcid = status->wcid;
1073 	struct ieee80211_rx_status info = {
1074 		.enc_flags = status->enc_flags,
1075 		.rate_idx = status->rate_idx,
1076 		.encoding = status->encoding,
1077 		.band = status->band,
1078 		.nss = status->nss,
1079 		.bw = status->bw,
1080 	};
1081 	struct ieee80211_sta *sta;
1082 	u32 airtime;
1083 	u8 tidno = status->qos_ctl & IEEE80211_QOS_CTL_TID_MASK;
1084 
1085 	airtime = ieee80211_calc_rx_airtime(dev->hw, &info, len);
1086 	spin_lock(&dev->cc_lock);
1087 	dev->cur_cc_bss_rx += airtime;
1088 	spin_unlock(&dev->cc_lock);
1089 
1090 	if (!wcid || !wcid->sta)
1091 		return;
1092 
1093 	sta = container_of((void *)wcid, struct ieee80211_sta, drv_priv);
1094 	ieee80211_sta_register_airtime(sta, tidno, 0, airtime);
1095 }
1096 
1097 static void
1098 mt76_airtime_flush_ampdu(struct mt76_dev *dev)
1099 {
1100 	struct mt76_wcid *wcid;
1101 	int wcid_idx;
1102 
1103 	if (!dev->rx_ampdu_len)
1104 		return;
1105 
1106 	wcid_idx = dev->rx_ampdu_status.wcid_idx;
1107 	if (wcid_idx < ARRAY_SIZE(dev->wcid))
1108 		wcid = rcu_dereference(dev->wcid[wcid_idx]);
1109 	else
1110 		wcid = NULL;
1111 	dev->rx_ampdu_status.wcid = wcid;
1112 
1113 	mt76_airtime_report(dev, &dev->rx_ampdu_status, dev->rx_ampdu_len);
1114 
1115 	dev->rx_ampdu_len = 0;
1116 	dev->rx_ampdu_ref = 0;
1117 }
1118 
1119 static void
1120 mt76_airtime_check(struct mt76_dev *dev, struct sk_buff *skb)
1121 {
1122 	struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
1123 	struct mt76_wcid *wcid = status->wcid;
1124 
1125 	if (!(dev->drv->drv_flags & MT_DRV_SW_RX_AIRTIME))
1126 		return;
1127 
1128 	if (!wcid || !wcid->sta) {
1129 		struct ieee80211_hdr *hdr = mt76_skb_get_hdr(skb);
1130 
1131 		if (status->flag & RX_FLAG_8023)
1132 			return;
1133 
1134 		if (!ether_addr_equal(hdr->addr1, dev->phy.macaddr))
1135 			return;
1136 
1137 		wcid = NULL;
1138 	}
1139 
1140 	if (!(status->flag & RX_FLAG_AMPDU_DETAILS) ||
1141 	    status->ampdu_ref != dev->rx_ampdu_ref)
1142 		mt76_airtime_flush_ampdu(dev);
1143 
1144 	if (status->flag & RX_FLAG_AMPDU_DETAILS) {
1145 		if (!dev->rx_ampdu_len ||
1146 		    status->ampdu_ref != dev->rx_ampdu_ref) {
1147 			dev->rx_ampdu_status = *status;
1148 			dev->rx_ampdu_status.wcid_idx = wcid ? wcid->idx : 0xff;
1149 			dev->rx_ampdu_ref = status->ampdu_ref;
1150 		}
1151 
1152 		dev->rx_ampdu_len += skb->len;
1153 		return;
1154 	}
1155 
1156 	mt76_airtime_report(dev, status, skb->len);
1157 }
1158 
1159 static void
1160 mt76_check_sta(struct mt76_dev *dev, struct sk_buff *skb)
1161 {
1162 	struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
1163 	struct ieee80211_hdr *hdr = mt76_skb_get_hdr(skb);
1164 	struct ieee80211_sta *sta;
1165 	struct ieee80211_hw *hw;
1166 	struct mt76_wcid *wcid = status->wcid;
1167 	u8 tidno = status->qos_ctl & IEEE80211_QOS_CTL_TID_MASK;
1168 	bool ps;
1169 
1170 	hw = mt76_phy_hw(dev, status->ext_phy);
1171 	if (ieee80211_is_pspoll(hdr->frame_control) && !wcid &&
1172 	    !(status->flag & RX_FLAG_8023)) {
1173 		sta = ieee80211_find_sta_by_ifaddr(hw, hdr->addr2, NULL);
1174 		if (sta)
1175 			wcid = status->wcid = (struct mt76_wcid *)sta->drv_priv;
1176 	}
1177 
1178 	mt76_airtime_check(dev, skb);
1179 
1180 	if (!wcid || !wcid->sta)
1181 		return;
1182 
1183 	sta = container_of((void *)wcid, struct ieee80211_sta, drv_priv);
1184 
1185 	if (status->signal <= 0)
1186 		ewma_signal_add(&wcid->rssi, -status->signal);
1187 
1188 	wcid->inactive_count = 0;
1189 
1190 	if (status->flag & RX_FLAG_8023)
1191 		return;
1192 
1193 	if (!test_bit(MT_WCID_FLAG_CHECK_PS, &wcid->flags))
1194 		return;
1195 
1196 	if (ieee80211_is_pspoll(hdr->frame_control)) {
1197 		ieee80211_sta_pspoll(sta);
1198 		return;
1199 	}
1200 
1201 	if (ieee80211_has_morefrags(hdr->frame_control) ||
1202 	    !(ieee80211_is_mgmt(hdr->frame_control) ||
1203 	      ieee80211_is_data(hdr->frame_control)))
1204 		return;
1205 
1206 	ps = ieee80211_has_pm(hdr->frame_control);
1207 
1208 	if (ps && (ieee80211_is_data_qos(hdr->frame_control) ||
1209 		   ieee80211_is_qos_nullfunc(hdr->frame_control)))
1210 		ieee80211_sta_uapsd_trigger(sta, tidno);
1211 
1212 	if (!!test_bit(MT_WCID_FLAG_PS, &wcid->flags) == ps)
1213 		return;
1214 
1215 	if (ps)
1216 		set_bit(MT_WCID_FLAG_PS, &wcid->flags);
1217 
1218 	dev->drv->sta_ps(dev, sta, ps);
1219 
1220 	if (!ps)
1221 		clear_bit(MT_WCID_FLAG_PS, &wcid->flags);
1222 
1223 	ieee80211_sta_ps_transition(sta, ps);
1224 }
1225 
1226 void mt76_rx_complete(struct mt76_dev *dev, struct sk_buff_head *frames,
1227 		      struct napi_struct *napi)
1228 {
1229 	struct ieee80211_sta *sta;
1230 	struct ieee80211_hw *hw;
1231 	struct sk_buff *skb, *tmp;
1232 	LIST_HEAD(list);
1233 
1234 	spin_lock(&dev->rx_lock);
1235 	while ((skb = __skb_dequeue(frames)) != NULL) {
1236 		struct sk_buff *nskb = skb_shinfo(skb)->frag_list;
1237 
1238 		if (mt76_check_ccmp_pn(skb)) {
1239 			dev_kfree_skb(skb);
1240 			continue;
1241 		}
1242 
1243 		skb_shinfo(skb)->frag_list = NULL;
1244 		mt76_rx_convert(dev, skb, &hw, &sta);
1245 		ieee80211_rx_list(hw, sta, skb, &list);
1246 
1247 		/* subsequent amsdu frames */
1248 		while (nskb) {
1249 			skb = nskb;
1250 			nskb = nskb->next;
1251 			skb->next = NULL;
1252 
1253 			mt76_rx_convert(dev, skb, &hw, &sta);
1254 			ieee80211_rx_list(hw, sta, skb, &list);
1255 		}
1256 	}
1257 	spin_unlock(&dev->rx_lock);
1258 
1259 	if (!napi) {
1260 		netif_receive_skb_list(&list);
1261 		return;
1262 	}
1263 
1264 	list_for_each_entry_safe(skb, tmp, &list, list) {
1265 		skb_list_del_init(skb);
1266 		napi_gro_receive(napi, skb);
1267 	}
1268 }
1269 
1270 void mt76_rx_poll_complete(struct mt76_dev *dev, enum mt76_rxq_id q,
1271 			   struct napi_struct *napi)
1272 {
1273 	struct sk_buff_head frames;
1274 	struct sk_buff *skb;
1275 
1276 	__skb_queue_head_init(&frames);
1277 
1278 	while ((skb = __skb_dequeue(&dev->rx_skb[q])) != NULL) {
1279 		mt76_check_sta(dev, skb);
1280 		mt76_rx_aggr_reorder(skb, &frames);
1281 	}
1282 
1283 	mt76_rx_complete(dev, &frames, napi);
1284 }
1285 EXPORT_SYMBOL_GPL(mt76_rx_poll_complete);
1286 
1287 static int
1288 mt76_sta_add(struct mt76_dev *dev, struct ieee80211_vif *vif,
1289 	     struct ieee80211_sta *sta, bool ext_phy)
1290 {
1291 	struct mt76_wcid *wcid = (struct mt76_wcid *)sta->drv_priv;
1292 	int ret;
1293 	int i;
1294 
1295 	mutex_lock(&dev->mutex);
1296 
1297 	ret = dev->drv->sta_add(dev, vif, sta);
1298 	if (ret)
1299 		goto out;
1300 
1301 	for (i = 0; i < ARRAY_SIZE(sta->txq); i++) {
1302 		struct mt76_txq *mtxq;
1303 
1304 		if (!sta->txq[i])
1305 			continue;
1306 
1307 		mtxq = (struct mt76_txq *)sta->txq[i]->drv_priv;
1308 		mtxq->wcid = wcid->idx;
1309 	}
1310 
1311 	ewma_signal_init(&wcid->rssi);
1312 	if (ext_phy)
1313 		mt76_wcid_mask_set(dev->wcid_phy_mask, wcid->idx);
1314 	wcid->ext_phy = ext_phy;
1315 	rcu_assign_pointer(dev->wcid[wcid->idx], wcid);
1316 
1317 	mt76_packet_id_init(wcid);
1318 out:
1319 	mutex_unlock(&dev->mutex);
1320 
1321 	return ret;
1322 }
1323 
1324 void __mt76_sta_remove(struct mt76_dev *dev, struct ieee80211_vif *vif,
1325 		       struct ieee80211_sta *sta)
1326 {
1327 	struct mt76_wcid *wcid = (struct mt76_wcid *)sta->drv_priv;
1328 	int i, idx = wcid->idx;
1329 
1330 	for (i = 0; i < ARRAY_SIZE(wcid->aggr); i++)
1331 		mt76_rx_aggr_stop(dev, wcid, i);
1332 
1333 	if (dev->drv->sta_remove)
1334 		dev->drv->sta_remove(dev, vif, sta);
1335 
1336 	mt76_packet_id_flush(dev, wcid);
1337 
1338 	mt76_wcid_mask_clear(dev->wcid_mask, idx);
1339 	mt76_wcid_mask_clear(dev->wcid_phy_mask, idx);
1340 }
1341 EXPORT_SYMBOL_GPL(__mt76_sta_remove);
1342 
1343 static void
1344 mt76_sta_remove(struct mt76_dev *dev, struct ieee80211_vif *vif,
1345 		struct ieee80211_sta *sta)
1346 {
1347 	mutex_lock(&dev->mutex);
1348 	__mt76_sta_remove(dev, vif, sta);
1349 	mutex_unlock(&dev->mutex);
1350 }
1351 
1352 int mt76_sta_state(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1353 		   struct ieee80211_sta *sta,
1354 		   enum ieee80211_sta_state old_state,
1355 		   enum ieee80211_sta_state new_state)
1356 {
1357 	struct mt76_phy *phy = hw->priv;
1358 	struct mt76_dev *dev = phy->dev;
1359 	bool ext_phy = phy != &dev->phy;
1360 
1361 	if (old_state == IEEE80211_STA_NOTEXIST &&
1362 	    new_state == IEEE80211_STA_NONE)
1363 		return mt76_sta_add(dev, vif, sta, ext_phy);
1364 
1365 	if (old_state == IEEE80211_STA_AUTH &&
1366 	    new_state == IEEE80211_STA_ASSOC &&
1367 	    dev->drv->sta_assoc)
1368 		dev->drv->sta_assoc(dev, vif, sta);
1369 
1370 	if (old_state == IEEE80211_STA_NONE &&
1371 	    new_state == IEEE80211_STA_NOTEXIST)
1372 		mt76_sta_remove(dev, vif, sta);
1373 
1374 	return 0;
1375 }
1376 EXPORT_SYMBOL_GPL(mt76_sta_state);
1377 
1378 void mt76_sta_pre_rcu_remove(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1379 			     struct ieee80211_sta *sta)
1380 {
1381 	struct mt76_phy *phy = hw->priv;
1382 	struct mt76_dev *dev = phy->dev;
1383 	struct mt76_wcid *wcid = (struct mt76_wcid *)sta->drv_priv;
1384 
1385 	mutex_lock(&dev->mutex);
1386 	spin_lock_bh(&dev->status_lock);
1387 	rcu_assign_pointer(dev->wcid[wcid->idx], NULL);
1388 	spin_unlock_bh(&dev->status_lock);
1389 	mutex_unlock(&dev->mutex);
1390 }
1391 EXPORT_SYMBOL_GPL(mt76_sta_pre_rcu_remove);
1392 
1393 int mt76_get_txpower(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1394 		     int *dbm)
1395 {
1396 	struct mt76_phy *phy = hw->priv;
1397 	int n_chains = hweight8(phy->antenna_mask);
1398 	int delta = mt76_tx_power_nss_delta(n_chains);
1399 
1400 	*dbm = DIV_ROUND_UP(phy->txpower_cur + delta, 2);
1401 
1402 	return 0;
1403 }
1404 EXPORT_SYMBOL_GPL(mt76_get_txpower);
1405 
1406 int mt76_init_sar_power(struct ieee80211_hw *hw,
1407 			const struct cfg80211_sar_specs *sar)
1408 {
1409 	struct mt76_phy *phy = hw->priv;
1410 	const struct cfg80211_sar_capa *capa = hw->wiphy->sar_capa;
1411 	int i;
1412 
1413 	if (sar->type != NL80211_SAR_TYPE_POWER || !sar->num_sub_specs)
1414 		return -EINVAL;
1415 
1416 	for (i = 0; i < sar->num_sub_specs; i++) {
1417 		u32 index = sar->sub_specs[i].freq_range_index;
1418 		/* SAR specifies power limitaton in 0.25dbm */
1419 		s32 power = sar->sub_specs[i].power >> 1;
1420 
1421 		if (power > 127 || power < -127)
1422 			power = 127;
1423 
1424 		phy->frp[index].range = &capa->freq_ranges[index];
1425 		phy->frp[index].power = power;
1426 	}
1427 
1428 	return 0;
1429 }
1430 EXPORT_SYMBOL_GPL(mt76_init_sar_power);
1431 
1432 int mt76_get_sar_power(struct mt76_phy *phy,
1433 		       struct ieee80211_channel *chan,
1434 		       int power)
1435 {
1436 	const struct cfg80211_sar_capa *capa = phy->hw->wiphy->sar_capa;
1437 	int freq, i;
1438 
1439 	if (!capa || !phy->frp)
1440 		return power;
1441 
1442 	if (power > 127 || power < -127)
1443 		power = 127;
1444 
1445 	freq = ieee80211_channel_to_frequency(chan->hw_value, chan->band);
1446 	for (i = 0 ; i < capa->num_freq_ranges; i++) {
1447 		if (phy->frp[i].range &&
1448 		    freq >= phy->frp[i].range->start_freq &&
1449 		    freq < phy->frp[i].range->end_freq) {
1450 			power = min_t(int, phy->frp[i].power, power);
1451 			break;
1452 		}
1453 	}
1454 
1455 	return power;
1456 }
1457 EXPORT_SYMBOL_GPL(mt76_get_sar_power);
1458 
1459 static void
1460 __mt76_csa_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
1461 {
1462 	if (vif->bss_conf.csa_active && ieee80211_beacon_cntdwn_is_complete(vif))
1463 		ieee80211_csa_finish(vif);
1464 }
1465 
1466 void mt76_csa_finish(struct mt76_dev *dev)
1467 {
1468 	if (!dev->csa_complete)
1469 		return;
1470 
1471 	ieee80211_iterate_active_interfaces_atomic(dev->hw,
1472 		IEEE80211_IFACE_ITER_RESUME_ALL,
1473 		__mt76_csa_finish, dev);
1474 
1475 	dev->csa_complete = 0;
1476 }
1477 EXPORT_SYMBOL_GPL(mt76_csa_finish);
1478 
1479 static void
1480 __mt76_csa_check(void *priv, u8 *mac, struct ieee80211_vif *vif)
1481 {
1482 	struct mt76_dev *dev = priv;
1483 
1484 	if (!vif->bss_conf.csa_active)
1485 		return;
1486 
1487 	dev->csa_complete |= ieee80211_beacon_cntdwn_is_complete(vif);
1488 }
1489 
1490 void mt76_csa_check(struct mt76_dev *dev)
1491 {
1492 	ieee80211_iterate_active_interfaces_atomic(dev->hw,
1493 		IEEE80211_IFACE_ITER_RESUME_ALL,
1494 		__mt76_csa_check, dev);
1495 }
1496 EXPORT_SYMBOL_GPL(mt76_csa_check);
1497 
1498 int
1499 mt76_set_tim(struct ieee80211_hw *hw, struct ieee80211_sta *sta, bool set)
1500 {
1501 	return 0;
1502 }
1503 EXPORT_SYMBOL_GPL(mt76_set_tim);
1504 
1505 void mt76_insert_ccmp_hdr(struct sk_buff *skb, u8 key_id)
1506 {
1507 	struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
1508 	int hdr_len = ieee80211_get_hdrlen_from_skb(skb);
1509 	u8 *hdr, *pn = status->iv;
1510 
1511 	__skb_push(skb, 8);
1512 	memmove(skb->data, skb->data + 8, hdr_len);
1513 	hdr = skb->data + hdr_len;
1514 
1515 	hdr[0] = pn[5];
1516 	hdr[1] = pn[4];
1517 	hdr[2] = 0;
1518 	hdr[3] = 0x20 | (key_id << 6);
1519 	hdr[4] = pn[3];
1520 	hdr[5] = pn[2];
1521 	hdr[6] = pn[1];
1522 	hdr[7] = pn[0];
1523 
1524 	status->flag &= ~RX_FLAG_IV_STRIPPED;
1525 }
1526 EXPORT_SYMBOL_GPL(mt76_insert_ccmp_hdr);
1527 
1528 int mt76_get_rate(struct mt76_dev *dev,
1529 		  struct ieee80211_supported_band *sband,
1530 		  int idx, bool cck)
1531 {
1532 	int i, offset = 0, len = sband->n_bitrates;
1533 
1534 	if (cck) {
1535 		if (sband != &dev->phy.sband_2g.sband)
1536 			return 0;
1537 
1538 		idx &= ~BIT(2); /* short preamble */
1539 	} else if (sband == &dev->phy.sband_2g.sband) {
1540 		offset = 4;
1541 	}
1542 
1543 	for (i = offset; i < len; i++) {
1544 		if ((sband->bitrates[i].hw_value & GENMASK(7, 0)) == idx)
1545 			return i;
1546 	}
1547 
1548 	return 0;
1549 }
1550 EXPORT_SYMBOL_GPL(mt76_get_rate);
1551 
1552 void mt76_sw_scan(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1553 		  const u8 *mac)
1554 {
1555 	struct mt76_phy *phy = hw->priv;
1556 
1557 	set_bit(MT76_SCANNING, &phy->state);
1558 }
1559 EXPORT_SYMBOL_GPL(mt76_sw_scan);
1560 
1561 void mt76_sw_scan_complete(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
1562 {
1563 	struct mt76_phy *phy = hw->priv;
1564 
1565 	clear_bit(MT76_SCANNING, &phy->state);
1566 }
1567 EXPORT_SYMBOL_GPL(mt76_sw_scan_complete);
1568 
1569 int mt76_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
1570 {
1571 	struct mt76_phy *phy = hw->priv;
1572 	struct mt76_dev *dev = phy->dev;
1573 
1574 	mutex_lock(&dev->mutex);
1575 	*tx_ant = phy->antenna_mask;
1576 	*rx_ant = phy->antenna_mask;
1577 	mutex_unlock(&dev->mutex);
1578 
1579 	return 0;
1580 }
1581 EXPORT_SYMBOL_GPL(mt76_get_antenna);
1582 
1583 struct mt76_queue *
1584 mt76_init_queue(struct mt76_dev *dev, int qid, int idx, int n_desc,
1585 		int ring_base, u32 flags)
1586 {
1587 	struct mt76_queue *hwq;
1588 	int err;
1589 
1590 	hwq = devm_kzalloc(dev->dev, sizeof(*hwq), GFP_KERNEL);
1591 	if (!hwq)
1592 		return ERR_PTR(-ENOMEM);
1593 
1594 	hwq->flags = flags;
1595 
1596 	err = dev->queue_ops->alloc(dev, hwq, idx, n_desc, 0, ring_base);
1597 	if (err < 0)
1598 		return ERR_PTR(err);
1599 
1600 	return hwq;
1601 }
1602 EXPORT_SYMBOL_GPL(mt76_init_queue);
1603 
1604 u16 mt76_calculate_default_rate(struct mt76_phy *phy, int rateidx)
1605 {
1606 	int offset = 0;
1607 
1608 	if (phy->chandef.chan->band != NL80211_BAND_2GHZ)
1609 		offset = 4;
1610 
1611 	/* pick the lowest rate for hidden nodes */
1612 	if (rateidx < 0)
1613 		rateidx = 0;
1614 
1615 	rateidx += offset;
1616 	if (rateidx >= ARRAY_SIZE(mt76_rates))
1617 		rateidx = offset;
1618 
1619 	return mt76_rates[rateidx].hw_value;
1620 }
1621 EXPORT_SYMBOL_GPL(mt76_calculate_default_rate);
1622 
1623 void mt76_ethtool_worker(struct mt76_ethtool_worker_info *wi,
1624 			 struct mt76_sta_stats *stats)
1625 {
1626 	int i, ei = wi->initial_stat_idx;
1627 	u64 *data = wi->data;
1628 
1629 	wi->sta_count++;
1630 
1631 	data[ei++] += stats->tx_mode[MT_PHY_TYPE_CCK];
1632 	data[ei++] += stats->tx_mode[MT_PHY_TYPE_OFDM];
1633 	data[ei++] += stats->tx_mode[MT_PHY_TYPE_HT];
1634 	data[ei++] += stats->tx_mode[MT_PHY_TYPE_HT_GF];
1635 	data[ei++] += stats->tx_mode[MT_PHY_TYPE_VHT];
1636 	data[ei++] += stats->tx_mode[MT_PHY_TYPE_HE_SU];
1637 	data[ei++] += stats->tx_mode[MT_PHY_TYPE_HE_EXT_SU];
1638 	data[ei++] += stats->tx_mode[MT_PHY_TYPE_HE_TB];
1639 	data[ei++] += stats->tx_mode[MT_PHY_TYPE_HE_MU];
1640 
1641 	for (i = 0; i < ARRAY_SIZE(stats->tx_bw); i++)
1642 		data[ei++] += stats->tx_bw[i];
1643 
1644 	for (i = 0; i < 12; i++)
1645 		data[ei++] += stats->tx_mcs[i];
1646 
1647 	wi->worker_stat_count = ei - wi->initial_stat_idx;
1648 }
1649 EXPORT_SYMBOL_GPL(mt76_ethtool_worker);
1650 
1651 enum mt76_dfs_state mt76_phy_dfs_state(struct mt76_phy *phy)
1652 {
1653 	struct ieee80211_hw *hw = phy->hw;
1654 	struct mt76_dev *dev = phy->dev;
1655 
1656 	if (dev->region == NL80211_DFS_UNSET ||
1657 	    test_bit(MT76_SCANNING, &phy->state))
1658 		return MT_DFS_STATE_DISABLED;
1659 
1660 	if (!hw->conf.radar_enabled) {
1661 		if ((hw->conf.flags & IEEE80211_CONF_MONITOR) &&
1662 		    (phy->chandef.chan->flags & IEEE80211_CHAN_RADAR))
1663 			return MT_DFS_STATE_ACTIVE;
1664 
1665 		return MT_DFS_STATE_DISABLED;
1666 	}
1667 
1668 	if (!cfg80211_reg_can_beacon(hw->wiphy, &phy->chandef, NL80211_IFTYPE_AP))
1669 		return MT_DFS_STATE_CAC;
1670 
1671 	return MT_DFS_STATE_ACTIVE;
1672 }
1673 EXPORT_SYMBOL_GPL(mt76_phy_dfs_state);
1674