xref: /linux/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c (revision 172cdcaefea5c297fdb3d20b7d5aff60ae4fbce6)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2019 MediaTek Inc.
3  *
4  * Author: Roy Luo <royluo@google.com>
5  *         Ryder Lee <ryder.lee@mediatek.com>
6  */
7 
8 #include <linux/firmware.h>
9 #include "mt7615.h"
10 #include "mcu.h"
11 #include "mac.h"
12 #include "eeprom.h"
13 
14 static bool prefer_offload_fw = true;
15 module_param(prefer_offload_fw, bool, 0644);
16 MODULE_PARM_DESC(prefer_offload_fw,
17 		 "Prefer client mode offload firmware (MT7663)");
18 
19 struct mt7615_patch_hdr {
20 	char build_date[16];
21 	char platform[4];
22 	__be32 hw_sw_ver;
23 	__be32 patch_ver;
24 	__be16 checksum;
25 } __packed;
26 
27 struct mt7615_fw_trailer {
28 	__le32 addr;
29 	u8 chip_id;
30 	u8 feature_set;
31 	u8 eco_code;
32 	char fw_ver[10];
33 	char build_date[15];
34 	__le32 len;
35 } __packed;
36 
37 #define FW_V3_COMMON_TAILER_SIZE	36
38 #define FW_V3_REGION_TAILER_SIZE	40
39 #define FW_START_OVERRIDE		BIT(0)
40 #define FW_START_DLYCAL                 BIT(1)
41 #define FW_START_WORKING_PDA_CR4	BIT(2)
42 
43 struct mt7663_fw_trailer {
44 	u8 chip_id;
45 	u8 eco_code;
46 	u8 n_region;
47 	u8 format_ver;
48 	u8 format_flag;
49 	u8 reserv[2];
50 	char fw_ver[10];
51 	char build_date[15];
52 	__le32 crc;
53 } __packed;
54 
55 struct mt7663_fw_buf {
56 	__le32 crc;
57 	__le32 d_img_size;
58 	__le32 block_size;
59 	u8 rsv[4];
60 	__le32 img_dest_addr;
61 	__le32 img_size;
62 	u8 feature_set;
63 };
64 
65 #define MT7615_PATCH_ADDRESS		0x80000
66 #define MT7622_PATCH_ADDRESS		0x9c000
67 #define MT7663_PATCH_ADDRESS		0xdc000
68 
69 #define N9_REGION_NUM			2
70 #define CR4_REGION_NUM			1
71 
72 #define IMG_CRC_LEN			4
73 
74 #define FW_FEATURE_SET_ENCRYPT		BIT(0)
75 #define FW_FEATURE_SET_KEY_IDX		GENMASK(2, 1)
76 
77 #define DL_MODE_ENCRYPT			BIT(0)
78 #define DL_MODE_KEY_IDX			GENMASK(2, 1)
79 #define DL_MODE_RESET_SEC_IV		BIT(3)
80 #define DL_MODE_WORKING_PDA_CR4		BIT(4)
81 #define DL_MODE_VALID_RAM_ENTRY         BIT(5)
82 #define DL_MODE_NEED_RSP		BIT(31)
83 
84 #define FW_START_OVERRIDE		BIT(0)
85 #define FW_START_WORKING_PDA_CR4	BIT(2)
86 
87 void mt7615_mcu_fill_msg(struct mt7615_dev *dev, struct sk_buff *skb,
88 			 int cmd, int *wait_seq)
89 {
90 	int txd_len, mcu_cmd = cmd & MCU_CMD_MASK;
91 	struct mt7615_uni_txd *uni_txd;
92 	struct mt7615_mcu_txd *mcu_txd;
93 	u8 seq, q_idx, pkt_fmt;
94 	__le32 *txd;
95 	u32 val;
96 
97 	/* TODO: make dynamic based on msg type */
98 	dev->mt76.mcu.timeout = 20 * HZ;
99 
100 	seq = ++dev->mt76.mcu.msg_seq & 0xf;
101 	if (!seq)
102 		seq = ++dev->mt76.mcu.msg_seq & 0xf;
103 	if (wait_seq)
104 		*wait_seq = seq;
105 
106 	txd_len = cmd & MCU_UNI_PREFIX ? sizeof(*uni_txd) : sizeof(*mcu_txd);
107 	txd = (__le32 *)skb_push(skb, txd_len);
108 
109 	if (cmd != MCU_CMD_FW_SCATTER) {
110 		q_idx = MT_TX_MCU_PORT_RX_Q0;
111 		pkt_fmt = MT_TX_TYPE_CMD;
112 	} else {
113 		q_idx = MT_TX_MCU_PORT_RX_FWDL;
114 		pkt_fmt = MT_TX_TYPE_FW;
115 	}
116 
117 	val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len) |
118 	      FIELD_PREP(MT_TXD0_P_IDX, MT_TX_PORT_IDX_MCU) |
119 	      FIELD_PREP(MT_TXD0_Q_IDX, q_idx);
120 	txd[0] = cpu_to_le32(val);
121 
122 	val = MT_TXD1_LONG_FORMAT |
123 	      FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD) |
124 	      FIELD_PREP(MT_TXD1_PKT_FMT, pkt_fmt);
125 	txd[1] = cpu_to_le32(val);
126 
127 	if (cmd & MCU_UNI_PREFIX) {
128 		uni_txd = (struct mt7615_uni_txd *)txd;
129 		uni_txd->len = cpu_to_le16(skb->len - sizeof(uni_txd->txd));
130 		uni_txd->option = MCU_CMD_UNI_EXT_ACK;
131 		uni_txd->cid = cpu_to_le16(mcu_cmd);
132 		uni_txd->s2d_index = MCU_S2D_H2N;
133 		uni_txd->pkt_type = MCU_PKT_ID;
134 		uni_txd->seq = seq;
135 
136 		return;
137 	}
138 
139 	mcu_txd = (struct mt7615_mcu_txd *)txd;
140 	mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
141 	mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU, q_idx));
142 	mcu_txd->s2d_index = MCU_S2D_H2N;
143 	mcu_txd->pkt_type = MCU_PKT_ID;
144 	mcu_txd->seq = seq;
145 
146 	switch (cmd & ~MCU_CMD_MASK) {
147 	case MCU_FW_PREFIX:
148 		mcu_txd->set_query = MCU_Q_NA;
149 		mcu_txd->cid = mcu_cmd;
150 		break;
151 	case MCU_CE_PREFIX:
152 		if (cmd & MCU_QUERY_MASK)
153 			mcu_txd->set_query = MCU_Q_QUERY;
154 		else
155 			mcu_txd->set_query = MCU_Q_SET;
156 		mcu_txd->cid = mcu_cmd;
157 		break;
158 	default:
159 		mcu_txd->cid = MCU_CMD_EXT_CID;
160 		if (cmd & MCU_QUERY_PREFIX)
161 			mcu_txd->set_query = MCU_Q_QUERY;
162 		else
163 			mcu_txd->set_query = MCU_Q_SET;
164 		mcu_txd->ext_cid = mcu_cmd;
165 		mcu_txd->ext_cid_ack = 1;
166 		break;
167 	}
168 }
169 EXPORT_SYMBOL_GPL(mt7615_mcu_fill_msg);
170 
171 int mt7615_mcu_parse_response(struct mt76_dev *mdev, int cmd,
172 			      struct sk_buff *skb, int seq)
173 {
174 	struct mt7615_mcu_rxd *rxd;
175 	int ret = 0;
176 
177 	if (!skb) {
178 		dev_err(mdev->dev, "Message %08x (seq %d) timeout\n",
179 			cmd, seq);
180 		return -ETIMEDOUT;
181 	}
182 
183 	rxd = (struct mt7615_mcu_rxd *)skb->data;
184 	if (seq != rxd->seq)
185 		return -EAGAIN;
186 
187 	switch (cmd) {
188 	case MCU_CMD_PATCH_SEM_CONTROL:
189 		skb_pull(skb, sizeof(*rxd) - 4);
190 		ret = *skb->data;
191 		break;
192 	case MCU_EXT_CMD_GET_TEMP:
193 		skb_pull(skb, sizeof(*rxd));
194 		ret = le32_to_cpu(*(__le32 *)skb->data);
195 		break;
196 	case MCU_EXT_CMD_RF_REG_ACCESS | MCU_QUERY_PREFIX:
197 		skb_pull(skb, sizeof(*rxd));
198 		ret = le32_to_cpu(*(__le32 *)&skb->data[8]);
199 		break;
200 	case MCU_UNI_CMD_DEV_INFO_UPDATE:
201 	case MCU_UNI_CMD_BSS_INFO_UPDATE:
202 	case MCU_UNI_CMD_STA_REC_UPDATE:
203 	case MCU_UNI_CMD_HIF_CTRL:
204 	case MCU_UNI_CMD_OFFLOAD:
205 	case MCU_UNI_CMD_SUSPEND: {
206 		struct mt7615_mcu_uni_event *event;
207 
208 		skb_pull(skb, sizeof(*rxd));
209 		event = (struct mt7615_mcu_uni_event *)skb->data;
210 		ret = le32_to_cpu(event->status);
211 		break;
212 	}
213 	case MCU_CMD_REG_READ: {
214 		struct mt7615_mcu_reg_event *event;
215 
216 		skb_pull(skb, sizeof(*rxd));
217 		event = (struct mt7615_mcu_reg_event *)skb->data;
218 		ret = (int)le32_to_cpu(event->val);
219 		break;
220 	}
221 	default:
222 		break;
223 	}
224 
225 	return ret;
226 }
227 EXPORT_SYMBOL_GPL(mt7615_mcu_parse_response);
228 
229 static int
230 mt7615_mcu_send_message(struct mt76_dev *mdev, struct sk_buff *skb,
231 			int cmd, int *seq)
232 {
233 	struct mt7615_dev *dev = container_of(mdev, struct mt7615_dev, mt76);
234 	enum mt76_mcuq_id qid;
235 
236 	mt7615_mcu_fill_msg(dev, skb, cmd, seq);
237 	if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state))
238 		qid = MT_MCUQ_WM;
239 	else
240 		qid = MT_MCUQ_FWDL;
241 
242 	return mt76_tx_queue_skb_raw(dev, dev->mt76.q_mcu[qid], skb, 0);
243 }
244 
245 u32 mt7615_rf_rr(struct mt7615_dev *dev, u32 wf, u32 reg)
246 {
247 	struct {
248 		__le32 wifi_stream;
249 		__le32 address;
250 		__le32 data;
251 	} req = {
252 		.wifi_stream = cpu_to_le32(wf),
253 		.address = cpu_to_le32(reg),
254 	};
255 
256 	return mt76_mcu_send_msg(&dev->mt76,
257 				 MCU_EXT_CMD_RF_REG_ACCESS | MCU_QUERY_PREFIX,
258 				 &req, sizeof(req), true);
259 }
260 
261 int mt7615_rf_wr(struct mt7615_dev *dev, u32 wf, u32 reg, u32 val)
262 {
263 	struct {
264 		__le32 wifi_stream;
265 		__le32 address;
266 		__le32 data;
267 	} req = {
268 		.wifi_stream = cpu_to_le32(wf),
269 		.address = cpu_to_le32(reg),
270 		.data = cpu_to_le32(val),
271 	};
272 
273 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_RF_REG_ACCESS, &req,
274 				 sizeof(req), false);
275 }
276 
277 void mt7622_trigger_hif_int(struct mt7615_dev *dev, bool en)
278 {
279 	if (!is_mt7622(&dev->mt76))
280 		return;
281 
282 	regmap_update_bits(dev->infracfg, MT_INFRACFG_MISC,
283 			   MT_INFRACFG_MISC_AP2CONN_WAKE,
284 			   !en * MT_INFRACFG_MISC_AP2CONN_WAKE);
285 }
286 EXPORT_SYMBOL_GPL(mt7622_trigger_hif_int);
287 
288 static int mt7615_mcu_drv_pmctrl(struct mt7615_dev *dev)
289 {
290 	struct mt76_phy *mphy = &dev->mt76.phy;
291 	struct mt76_connac_pm *pm = &dev->pm;
292 	struct mt76_dev *mdev = &dev->mt76;
293 	u32 addr;
294 	int err;
295 
296 	if (is_mt7663(mdev)) {
297 		/* Clear firmware own via N9 eint */
298 		mt76_wr(dev, MT_PCIE_DOORBELL_PUSH, MT_CFG_LPCR_HOST_DRV_OWN);
299 		mt76_poll(dev, MT_CONN_ON_MISC, MT_CFG_LPCR_HOST_FW_OWN, 0, 3000);
300 
301 		addr = MT_CONN_HIF_ON_LPCTL;
302 	} else {
303 		addr = MT_CFG_LPCR_HOST;
304 	}
305 
306 	mt76_wr(dev, addr, MT_CFG_LPCR_HOST_DRV_OWN);
307 
308 	mt7622_trigger_hif_int(dev, true);
309 
310 	err = !mt76_poll_msec(dev, addr, MT_CFG_LPCR_HOST_FW_OWN, 0, 3000);
311 
312 	mt7622_trigger_hif_int(dev, false);
313 
314 	if (err) {
315 		dev_err(mdev->dev, "driver own failed\n");
316 		return -ETIMEDOUT;
317 	}
318 
319 	clear_bit(MT76_STATE_PM, &mphy->state);
320 
321 	pm->stats.last_wake_event = jiffies;
322 	pm->stats.doze_time += pm->stats.last_wake_event -
323 			       pm->stats.last_doze_event;
324 
325 	return 0;
326 }
327 
328 static int mt7615_mcu_lp_drv_pmctrl(struct mt7615_dev *dev)
329 {
330 	struct mt76_phy *mphy = &dev->mt76.phy;
331 	struct mt76_connac_pm *pm = &dev->pm;
332 	int i, err = 0;
333 
334 	mutex_lock(&pm->mutex);
335 
336 	if (!test_bit(MT76_STATE_PM, &mphy->state))
337 		goto out;
338 
339 	for (i = 0; i < MT7615_DRV_OWN_RETRY_COUNT; i++) {
340 		mt76_wr(dev, MT_PCIE_DOORBELL_PUSH, MT_CFG_LPCR_HOST_DRV_OWN);
341 		if (mt76_poll_msec(dev, MT_CONN_HIF_ON_LPCTL,
342 				   MT_CFG_LPCR_HOST_FW_OWN, 0, 50))
343 			break;
344 	}
345 
346 	if (i == MT7615_DRV_OWN_RETRY_COUNT) {
347 		dev_err(dev->mt76.dev, "driver own failed\n");
348 		err = -EIO;
349 		goto out;
350 	}
351 	clear_bit(MT76_STATE_PM, &mphy->state);
352 
353 	pm->stats.last_wake_event = jiffies;
354 	pm->stats.doze_time += pm->stats.last_wake_event -
355 			       pm->stats.last_doze_event;
356 out:
357 	mutex_unlock(&pm->mutex);
358 
359 	return err;
360 }
361 
362 static int mt7615_mcu_fw_pmctrl(struct mt7615_dev *dev)
363 {
364 	struct mt76_phy *mphy = &dev->mt76.phy;
365 	struct mt76_connac_pm *pm = &dev->pm;
366 	int err = 0;
367 	u32 addr;
368 
369 	mutex_lock(&pm->mutex);
370 
371 	if (mt76_connac_skip_fw_pmctrl(mphy, pm))
372 		goto out;
373 
374 	mt7622_trigger_hif_int(dev, true);
375 
376 	addr = is_mt7663(&dev->mt76) ? MT_CONN_HIF_ON_LPCTL : MT_CFG_LPCR_HOST;
377 	mt76_wr(dev, addr, MT_CFG_LPCR_HOST_FW_OWN);
378 
379 	if (is_mt7622(&dev->mt76) &&
380 	    !mt76_poll_msec(dev, addr, MT_CFG_LPCR_HOST_FW_OWN,
381 			    MT_CFG_LPCR_HOST_FW_OWN, 3000)) {
382 		dev_err(dev->mt76.dev, "Timeout for firmware own\n");
383 		clear_bit(MT76_STATE_PM, &mphy->state);
384 		err = -EIO;
385 	}
386 
387 	mt7622_trigger_hif_int(dev, false);
388 
389 	pm->stats.last_doze_event = jiffies;
390 	pm->stats.awake_time += pm->stats.last_doze_event -
391 				pm->stats.last_wake_event;
392 out:
393 	mutex_unlock(&pm->mutex);
394 
395 	return err;
396 }
397 
398 static void
399 mt7615_mcu_csa_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
400 {
401 	if (vif->csa_active)
402 		ieee80211_csa_finish(vif);
403 }
404 
405 static void
406 mt7615_mcu_rx_csa_notify(struct mt7615_dev *dev, struct sk_buff *skb)
407 {
408 	struct mt7615_phy *ext_phy = mt7615_ext_phy(dev);
409 	struct mt76_phy *mphy = &dev->mt76.phy;
410 	struct mt7615_mcu_csa_notify *c;
411 
412 	c = (struct mt7615_mcu_csa_notify *)skb->data;
413 
414 	if (ext_phy && ext_phy->omac_mask & BIT_ULL(c->omac_idx))
415 		mphy = dev->mt76.phy2;
416 
417 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
418 			IEEE80211_IFACE_ITER_RESUME_ALL,
419 			mt7615_mcu_csa_finish, mphy->hw);
420 }
421 
422 static void
423 mt7615_mcu_rx_radar_detected(struct mt7615_dev *dev, struct sk_buff *skb)
424 {
425 	struct mt76_phy *mphy = &dev->mt76.phy;
426 	struct mt7615_mcu_rdd_report *r;
427 
428 	r = (struct mt7615_mcu_rdd_report *)skb->data;
429 
430 	if (r->band_idx && dev->mt76.phy2)
431 		mphy = dev->mt76.phy2;
432 
433 	ieee80211_radar_detected(mphy->hw);
434 	dev->hw_pattern++;
435 }
436 
437 static void
438 mt7615_mcu_rx_log_message(struct mt7615_dev *dev, struct sk_buff *skb)
439 {
440 	struct mt7615_mcu_rxd *rxd = (struct mt7615_mcu_rxd *)skb->data;
441 	const char *data = (char *)&rxd[1];
442 	const char *type;
443 
444 	switch (rxd->s2d_index) {
445 	case 0:
446 		type = "N9";
447 		break;
448 	case 2:
449 		type = "CR4";
450 		break;
451 	default:
452 		type = "unknown";
453 		break;
454 	}
455 
456 	wiphy_info(mt76_hw(dev)->wiphy, "%s: %.*s", type,
457 		   (int)(skb->len - sizeof(*rxd)), data);
458 }
459 
460 static void
461 mt7615_mcu_rx_ext_event(struct mt7615_dev *dev, struct sk_buff *skb)
462 {
463 	struct mt7615_mcu_rxd *rxd = (struct mt7615_mcu_rxd *)skb->data;
464 
465 	switch (rxd->ext_eid) {
466 	case MCU_EXT_EVENT_RDD_REPORT:
467 		mt7615_mcu_rx_radar_detected(dev, skb);
468 		break;
469 	case MCU_EXT_EVENT_CSA_NOTIFY:
470 		mt7615_mcu_rx_csa_notify(dev, skb);
471 		break;
472 	case MCU_EXT_EVENT_FW_LOG_2_HOST:
473 		mt7615_mcu_rx_log_message(dev, skb);
474 		break;
475 	default:
476 		break;
477 	}
478 }
479 
480 static void
481 mt7615_mcu_scan_event(struct mt7615_dev *dev, struct sk_buff *skb)
482 {
483 	u8 *seq_num = skb->data + sizeof(struct mt7615_mcu_rxd);
484 	struct mt7615_phy *phy;
485 	struct mt76_phy *mphy;
486 
487 	if (*seq_num & BIT(7) && dev->mt76.phy2)
488 		mphy = dev->mt76.phy2;
489 	else
490 		mphy = &dev->mt76.phy;
491 
492 	phy = (struct mt7615_phy *)mphy->priv;
493 
494 	spin_lock_bh(&dev->mt76.lock);
495 	__skb_queue_tail(&phy->scan_event_list, skb);
496 	spin_unlock_bh(&dev->mt76.lock);
497 
498 	ieee80211_queue_delayed_work(mphy->hw, &phy->scan_work,
499 				     MT7615_HW_SCAN_TIMEOUT);
500 }
501 
502 static void
503 mt7615_mcu_roc_event(struct mt7615_dev *dev, struct sk_buff *skb)
504 {
505 	struct mt7615_roc_tlv *event;
506 	struct mt7615_phy *phy;
507 	struct mt76_phy *mphy;
508 	int duration;
509 
510 	skb_pull(skb, sizeof(struct mt7615_mcu_rxd));
511 	event = (struct mt7615_roc_tlv *)skb->data;
512 
513 	if (event->dbdc_band && dev->mt76.phy2)
514 		mphy = dev->mt76.phy2;
515 	else
516 		mphy = &dev->mt76.phy;
517 
518 	ieee80211_ready_on_channel(mphy->hw);
519 
520 	phy = (struct mt7615_phy *)mphy->priv;
521 	phy->roc_grant = true;
522 	wake_up(&phy->roc_wait);
523 
524 	duration = le32_to_cpu(event->max_interval);
525 	mod_timer(&phy->roc_timer,
526 		  round_jiffies_up(jiffies + msecs_to_jiffies(duration)));
527 }
528 
529 static void
530 mt7615_mcu_beacon_loss_event(struct mt7615_dev *dev, struct sk_buff *skb)
531 {
532 	struct mt76_connac_beacon_loss_event *event;
533 	struct mt76_phy *mphy;
534 	u8 band_idx = 0; /* DBDC support */
535 
536 	skb_pull(skb, sizeof(struct mt7615_mcu_rxd));
537 	event = (struct mt76_connac_beacon_loss_event *)skb->data;
538 	if (band_idx && dev->mt76.phy2)
539 		mphy = dev->mt76.phy2;
540 	else
541 		mphy = &dev->mt76.phy;
542 
543 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
544 					IEEE80211_IFACE_ITER_RESUME_ALL,
545 					mt76_connac_mcu_beacon_loss_iter,
546 					event);
547 }
548 
549 static void
550 mt7615_mcu_bss_event(struct mt7615_dev *dev, struct sk_buff *skb)
551 {
552 	struct mt76_connac_mcu_bss_event *event;
553 	struct mt76_phy *mphy;
554 	u8 band_idx = 0; /* DBDC support */
555 
556 	skb_pull(skb, sizeof(struct mt7615_mcu_rxd));
557 	event = (struct mt76_connac_mcu_bss_event *)skb->data;
558 
559 	if (band_idx && dev->mt76.phy2)
560 		mphy = dev->mt76.phy2;
561 	else
562 		mphy = &dev->mt76.phy;
563 
564 	if (event->is_absent)
565 		ieee80211_stop_queues(mphy->hw);
566 	else
567 		ieee80211_wake_queues(mphy->hw);
568 }
569 
570 static void
571 mt7615_mcu_rx_unsolicited_event(struct mt7615_dev *dev, struct sk_buff *skb)
572 {
573 	struct mt7615_mcu_rxd *rxd = (struct mt7615_mcu_rxd *)skb->data;
574 
575 	switch (rxd->eid) {
576 	case MCU_EVENT_EXT:
577 		mt7615_mcu_rx_ext_event(dev, skb);
578 		break;
579 	case MCU_EVENT_BSS_BEACON_LOSS:
580 		mt7615_mcu_beacon_loss_event(dev, skb);
581 		break;
582 	case MCU_EVENT_ROC:
583 		mt7615_mcu_roc_event(dev, skb);
584 		break;
585 	case MCU_EVENT_SCHED_SCAN_DONE:
586 	case MCU_EVENT_SCAN_DONE:
587 		mt7615_mcu_scan_event(dev, skb);
588 		return;
589 	case MCU_EVENT_BSS_ABSENCE:
590 		mt7615_mcu_bss_event(dev, skb);
591 		break;
592 	case MCU_EVENT_COREDUMP:
593 		mt76_connac_mcu_coredump_event(&dev->mt76, skb,
594 					       &dev->coredump);
595 		return;
596 	default:
597 		break;
598 	}
599 	dev_kfree_skb(skb);
600 }
601 
602 void mt7615_mcu_rx_event(struct mt7615_dev *dev, struct sk_buff *skb)
603 {
604 	struct mt7615_mcu_rxd *rxd = (struct mt7615_mcu_rxd *)skb->data;
605 
606 	if (rxd->ext_eid == MCU_EXT_EVENT_THERMAL_PROTECT ||
607 	    rxd->ext_eid == MCU_EXT_EVENT_FW_LOG_2_HOST ||
608 	    rxd->ext_eid == MCU_EXT_EVENT_ASSERT_DUMP ||
609 	    rxd->ext_eid == MCU_EXT_EVENT_PS_SYNC ||
610 	    rxd->eid == MCU_EVENT_BSS_BEACON_LOSS ||
611 	    rxd->eid == MCU_EVENT_SCHED_SCAN_DONE ||
612 	    rxd->eid == MCU_EVENT_BSS_ABSENCE ||
613 	    rxd->eid == MCU_EVENT_SCAN_DONE ||
614 	    rxd->eid == MCU_EVENT_COREDUMP ||
615 	    rxd->eid == MCU_EVENT_ROC ||
616 	    !rxd->seq)
617 		mt7615_mcu_rx_unsolicited_event(dev, skb);
618 	else
619 		mt76_mcu_rx_event(&dev->mt76, skb);
620 }
621 
622 static int
623 mt7615_mcu_muar_config(struct mt7615_dev *dev, struct ieee80211_vif *vif,
624 		       bool bssid, bool enable)
625 {
626 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
627 	u32 idx = mvif->mt76.omac_idx - REPEATER_BSSID_START;
628 	u32 mask = dev->omac_mask >> 32 & ~BIT(idx);
629 	const u8 *addr = vif->addr;
630 	struct {
631 		u8 mode;
632 		u8 force_clear;
633 		u8 clear_bitmap[8];
634 		u8 entry_count;
635 		u8 write;
636 
637 		u8 index;
638 		u8 bssid;
639 		u8 addr[ETH_ALEN];
640 	} __packed req = {
641 		.mode = !!mask || enable,
642 		.entry_count = 1,
643 		.write = 1,
644 
645 		.index = idx * 2 + bssid,
646 	};
647 
648 	if (bssid)
649 		addr = vif->bss_conf.bssid;
650 
651 	if (enable)
652 		ether_addr_copy(req.addr, addr);
653 
654 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_MUAR_UPDATE, &req,
655 				 sizeof(req), true);
656 }
657 
658 static int
659 mt7615_mcu_add_dev(struct mt7615_phy *phy, struct ieee80211_vif *vif,
660 		   bool enable)
661 {
662 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
663 	struct mt7615_dev *dev = phy->dev;
664 	struct {
665 		struct req_hdr {
666 			u8 omac_idx;
667 			u8 band_idx;
668 			__le16 tlv_num;
669 			u8 is_tlv_append;
670 			u8 rsv[3];
671 		} __packed hdr;
672 		struct req_tlv {
673 			__le16 tag;
674 			__le16 len;
675 			u8 active;
676 			u8 band_idx;
677 			u8 omac_addr[ETH_ALEN];
678 		} __packed tlv;
679 	} data = {
680 		.hdr = {
681 			.omac_idx = mvif->mt76.omac_idx,
682 			.band_idx = mvif->mt76.band_idx,
683 			.tlv_num = cpu_to_le16(1),
684 			.is_tlv_append = 1,
685 		},
686 		.tlv = {
687 			.tag = cpu_to_le16(DEV_INFO_ACTIVE),
688 			.len = cpu_to_le16(sizeof(struct req_tlv)),
689 			.active = enable,
690 			.band_idx = mvif->mt76.band_idx,
691 		},
692 	};
693 
694 	if (mvif->mt76.omac_idx >= REPEATER_BSSID_START)
695 		return mt7615_mcu_muar_config(dev, vif, false, enable);
696 
697 	memcpy(data.tlv.omac_addr, vif->addr, ETH_ALEN);
698 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_DEV_INFO_UPDATE,
699 				 &data, sizeof(data), true);
700 }
701 
702 static int
703 mt7615_mcu_add_beacon_offload(struct mt7615_dev *dev,
704 			      struct ieee80211_hw *hw,
705 			      struct ieee80211_vif *vif, bool enable)
706 {
707 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
708 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
709 	struct ieee80211_mutable_offsets offs;
710 	struct ieee80211_tx_info *info;
711 	struct req {
712 		u8 omac_idx;
713 		u8 enable;
714 		u8 wlan_idx;
715 		u8 band_idx;
716 		u8 pkt_type;
717 		u8 need_pre_tbtt_int;
718 		__le16 csa_ie_pos;
719 		__le16 pkt_len;
720 		__le16 tim_ie_pos;
721 		u8 pkt[512];
722 		u8 csa_cnt;
723 		/* bss color change */
724 		u8 bcc_cnt;
725 		__le16 bcc_ie_pos;
726 	} __packed req = {
727 		.omac_idx = mvif->mt76.omac_idx,
728 		.enable = enable,
729 		.wlan_idx = wcid->idx,
730 		.band_idx = mvif->mt76.band_idx,
731 	};
732 	struct sk_buff *skb;
733 
734 	if (!enable)
735 		goto out;
736 
737 	skb = ieee80211_beacon_get_template(hw, vif, &offs);
738 	if (!skb)
739 		return -EINVAL;
740 
741 	if (skb->len > 512 - MT_TXD_SIZE) {
742 		dev_err(dev->mt76.dev, "Bcn size limit exceed\n");
743 		dev_kfree_skb(skb);
744 		return -EINVAL;
745 	}
746 
747 	if (mvif->mt76.band_idx) {
748 		info = IEEE80211_SKB_CB(skb);
749 		info->hw_queue |= MT_TX_HW_QUEUE_EXT_PHY;
750 	}
751 
752 	mt7615_mac_write_txwi(dev, (__le32 *)(req.pkt), skb, wcid, NULL,
753 			      0, NULL, true);
754 	memcpy(req.pkt + MT_TXD_SIZE, skb->data, skb->len);
755 	req.pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
756 	req.tim_ie_pos = cpu_to_le16(MT_TXD_SIZE + offs.tim_offset);
757 	if (offs.cntdwn_counter_offs[0]) {
758 		u16 csa_offs;
759 
760 		csa_offs = MT_TXD_SIZE + offs.cntdwn_counter_offs[0] - 4;
761 		req.csa_ie_pos = cpu_to_le16(csa_offs);
762 		req.csa_cnt = skb->data[offs.cntdwn_counter_offs[0]];
763 	}
764 	dev_kfree_skb(skb);
765 
766 out:
767 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_BCN_OFFLOAD, &req,
768 				 sizeof(req), true);
769 }
770 
771 static int
772 mt7615_mcu_ctrl_pm_state(struct mt7615_dev *dev, int band, int state)
773 {
774 #define ENTER_PM_STATE	1
775 #define EXIT_PM_STATE	2
776 	struct {
777 		u8 pm_number;
778 		u8 pm_state;
779 		u8 bssid[ETH_ALEN];
780 		u8 dtim_period;
781 		u8 wlan_idx;
782 		__le16 bcn_interval;
783 		__le32 aid;
784 		__le32 rx_filter;
785 		u8 band_idx;
786 		u8 rsv[3];
787 		__le32 feature;
788 		u8 omac_idx;
789 		u8 wmm_idx;
790 		u8 bcn_loss_cnt;
791 		u8 bcn_sp_duration;
792 	} __packed req = {
793 		.pm_number = 5,
794 		.pm_state = state ? ENTER_PM_STATE : EXIT_PM_STATE,
795 		.band_idx = band,
796 	};
797 
798 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_PM_STATE_CTRL, &req,
799 				 sizeof(req), true);
800 }
801 
802 static int
803 mt7615_mcu_bss_basic_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
804 			 struct ieee80211_sta *sta, bool enable)
805 {
806 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
807 	u32 type = vif->p2p ? NETWORK_P2P : NETWORK_INFRA;
808 	struct bss_info_basic *bss;
809 	u8 wlan_idx = mvif->sta.wcid.idx;
810 	struct tlv *tlv;
811 
812 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_BASIC, sizeof(*bss));
813 
814 	switch (vif->type) {
815 	case NL80211_IFTYPE_MESH_POINT:
816 	case NL80211_IFTYPE_AP:
817 		break;
818 	case NL80211_IFTYPE_STATION:
819 		/* TODO: enable BSS_INFO_UAPSD & BSS_INFO_PM */
820 		if (enable && sta) {
821 			struct mt7615_sta *msta;
822 
823 			msta = (struct mt7615_sta *)sta->drv_priv;
824 			wlan_idx = msta->wcid.idx;
825 		}
826 		break;
827 	case NL80211_IFTYPE_ADHOC:
828 		type = NETWORK_IBSS;
829 		break;
830 	default:
831 		WARN_ON(1);
832 		break;
833 	}
834 
835 	bss = (struct bss_info_basic *)tlv;
836 	memcpy(bss->bssid, vif->bss_conf.bssid, ETH_ALEN);
837 	bss->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
838 	bss->network_type = cpu_to_le32(type);
839 	bss->dtim_period = vif->bss_conf.dtim_period;
840 	bss->bmc_tx_wlan_idx = wlan_idx;
841 	bss->wmm_idx = mvif->mt76.wmm_idx;
842 	bss->active = enable;
843 
844 	return 0;
845 }
846 
847 static void
848 mt7615_mcu_bss_omac_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
849 {
850 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
851 	u8 omac_idx = mvif->mt76.omac_idx;
852 	struct bss_info_omac *omac;
853 	struct tlv *tlv;
854 	u32 type = 0;
855 
856 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_OMAC, sizeof(*omac));
857 
858 	switch (vif->type) {
859 	case NL80211_IFTYPE_MESH_POINT:
860 	case NL80211_IFTYPE_AP:
861 		if (vif->p2p)
862 			type = CONNECTION_P2P_GO;
863 		else
864 			type = CONNECTION_INFRA_AP;
865 		break;
866 	case NL80211_IFTYPE_STATION:
867 		if (vif->p2p)
868 			type = CONNECTION_P2P_GC;
869 		else
870 			type = CONNECTION_INFRA_STA;
871 		break;
872 	case NL80211_IFTYPE_ADHOC:
873 		type = CONNECTION_IBSS_ADHOC;
874 		break;
875 	default:
876 		WARN_ON(1);
877 		break;
878 	}
879 
880 	omac = (struct bss_info_omac *)tlv;
881 	omac->conn_type = cpu_to_le32(type);
882 	omac->omac_idx = mvif->mt76.omac_idx;
883 	omac->band_idx = mvif->mt76.band_idx;
884 	omac->hw_bss_idx = omac_idx > EXT_BSSID_START ? HW_BSSID_0 : omac_idx;
885 }
886 
887 /* SIFS 20us + 512 byte beacon tranmitted by 1Mbps (3906us) */
888 #define BCN_TX_ESTIMATE_TIME (4096 + 20)
889 static void
890 mt7615_mcu_bss_ext_tlv(struct sk_buff *skb, struct mt7615_vif *mvif)
891 {
892 	struct bss_info_ext_bss *ext;
893 	int ext_bss_idx, tsf_offset;
894 	struct tlv *tlv;
895 
896 	ext_bss_idx = mvif->mt76.omac_idx - EXT_BSSID_START;
897 	if (ext_bss_idx < 0)
898 		return;
899 
900 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_EXT_BSS, sizeof(*ext));
901 
902 	ext = (struct bss_info_ext_bss *)tlv;
903 	tsf_offset = ext_bss_idx * BCN_TX_ESTIMATE_TIME;
904 	ext->mbss_tsf_offset = cpu_to_le32(tsf_offset);
905 }
906 
907 static int
908 mt7615_mcu_add_bss(struct mt7615_phy *phy, struct ieee80211_vif *vif,
909 		   struct ieee80211_sta *sta, bool enable)
910 {
911 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
912 	struct mt7615_dev *dev = phy->dev;
913 	struct sk_buff *skb;
914 
915 	if (mvif->mt76.omac_idx >= REPEATER_BSSID_START)
916 		mt7615_mcu_muar_config(dev, vif, true, enable);
917 
918 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76, NULL);
919 	if (IS_ERR(skb))
920 		return PTR_ERR(skb);
921 
922 	if (enable)
923 		mt7615_mcu_bss_omac_tlv(skb, vif);
924 
925 	mt7615_mcu_bss_basic_tlv(skb, vif, sta, enable);
926 
927 	if (enable && mvif->mt76.omac_idx >= EXT_BSSID_START &&
928 	    mvif->mt76.omac_idx < REPEATER_BSSID_START)
929 		mt7615_mcu_bss_ext_tlv(skb, mvif);
930 
931 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
932 				     MCU_EXT_CMD_BSS_INFO_UPDATE, true);
933 }
934 
935 static int
936 mt7615_mcu_wtbl_tx_ba(struct mt7615_dev *dev,
937 		      struct ieee80211_ampdu_params *params,
938 		      bool enable)
939 {
940 	struct mt7615_sta *msta = (struct mt7615_sta *)params->sta->drv_priv;
941 	struct mt7615_vif *mvif = msta->vif;
942 	struct wtbl_req_hdr *wtbl_hdr;
943 	struct sk_buff *skb = NULL;
944 	int err;
945 
946 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
947 						  WTBL_SET, NULL, &skb);
948 	if (IS_ERR(wtbl_hdr))
949 		return PTR_ERR(wtbl_hdr);
950 
951 	mt76_connac_mcu_wtbl_ba_tlv(&dev->mt76, skb, params, enable, true,
952 				    NULL, wtbl_hdr);
953 
954 	err = mt76_mcu_skb_send_msg(&dev->mt76, skb, MCU_EXT_CMD_WTBL_UPDATE,
955 				    true);
956 	if (err < 0)
957 		return err;
958 
959 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
960 					    &msta->wcid);
961 	if (IS_ERR(skb))
962 		return PTR_ERR(skb);
963 
964 	mt76_connac_mcu_sta_ba_tlv(skb, params, enable, true);
965 
966 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
967 				     MCU_EXT_CMD_STA_REC_UPDATE, true);
968 }
969 
970 static int
971 mt7615_mcu_wtbl_rx_ba(struct mt7615_dev *dev,
972 		      struct ieee80211_ampdu_params *params,
973 		      bool enable)
974 {
975 	struct mt7615_sta *msta = (struct mt7615_sta *)params->sta->drv_priv;
976 	struct mt7615_vif *mvif = msta->vif;
977 	struct wtbl_req_hdr *wtbl_hdr;
978 	struct sk_buff *skb;
979 	int err;
980 
981 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
982 					    &msta->wcid);
983 	if (IS_ERR(skb))
984 		return PTR_ERR(skb);
985 
986 	mt76_connac_mcu_sta_ba_tlv(skb, params, enable, false);
987 
988 	err = mt76_mcu_skb_send_msg(&dev->mt76, skb,
989 				    MCU_EXT_CMD_STA_REC_UPDATE, true);
990 	if (err < 0 || !enable)
991 		return err;
992 
993 	skb = NULL;
994 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
995 						  WTBL_SET, NULL, &skb);
996 	if (IS_ERR(wtbl_hdr))
997 		return PTR_ERR(wtbl_hdr);
998 
999 	mt76_connac_mcu_wtbl_ba_tlv(&dev->mt76, skb, params, enable, false,
1000 				    NULL, wtbl_hdr);
1001 
1002 	return mt76_mcu_skb_send_msg(&dev->mt76, skb, MCU_EXT_CMD_WTBL_UPDATE,
1003 				     true);
1004 }
1005 
1006 static int
1007 mt7615_mcu_wtbl_sta_add(struct mt7615_phy *phy, struct ieee80211_vif *vif,
1008 			struct ieee80211_sta *sta, bool enable)
1009 {
1010 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1011 	struct sk_buff *skb, *sskb, *wskb = NULL;
1012 	struct mt7615_dev *dev = phy->dev;
1013 	struct wtbl_req_hdr *wtbl_hdr;
1014 	struct mt7615_sta *msta;
1015 	int cmd, err;
1016 
1017 	msta = sta ? (struct mt7615_sta *)sta->drv_priv : &mvif->sta;
1018 
1019 	sskb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1020 					     &msta->wcid);
1021 	if (IS_ERR(sskb))
1022 		return PTR_ERR(sskb);
1023 
1024 	mt76_connac_mcu_sta_basic_tlv(sskb, vif, sta, enable);
1025 	if (enable && sta)
1026 		mt76_connac_mcu_sta_tlv(phy->mt76, sskb, sta, vif, 0);
1027 
1028 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
1029 						  WTBL_RESET_AND_SET, NULL,
1030 						  &wskb);
1031 	if (IS_ERR(wtbl_hdr))
1032 		return PTR_ERR(wtbl_hdr);
1033 
1034 	if (enable) {
1035 		mt76_connac_mcu_wtbl_generic_tlv(&dev->mt76, wskb, vif, sta,
1036 						 NULL, wtbl_hdr);
1037 		if (sta)
1038 			mt76_connac_mcu_wtbl_ht_tlv(&dev->mt76, wskb, sta,
1039 						    NULL, wtbl_hdr);
1040 		mt76_connac_mcu_wtbl_hdr_trans_tlv(wskb, &msta->wcid, NULL,
1041 						   wtbl_hdr);
1042 	}
1043 
1044 	cmd = enable ? MCU_EXT_CMD_WTBL_UPDATE : MCU_EXT_CMD_STA_REC_UPDATE;
1045 	skb = enable ? wskb : sskb;
1046 
1047 	err = mt76_mcu_skb_send_msg(&dev->mt76, skb, cmd, true);
1048 	if (err < 0) {
1049 		skb = enable ? sskb : wskb;
1050 		dev_kfree_skb(skb);
1051 
1052 		return err;
1053 	}
1054 
1055 	cmd = enable ? MCU_EXT_CMD_STA_REC_UPDATE : MCU_EXT_CMD_WTBL_UPDATE;
1056 	skb = enable ? sskb : wskb;
1057 
1058 	return mt76_mcu_skb_send_msg(&dev->mt76, skb, cmd, true);
1059 }
1060 
1061 static const struct mt7615_mcu_ops wtbl_update_ops = {
1062 	.add_beacon_offload = mt7615_mcu_add_beacon_offload,
1063 	.set_pm_state = mt7615_mcu_ctrl_pm_state,
1064 	.add_dev_info = mt7615_mcu_add_dev,
1065 	.add_bss_info = mt7615_mcu_add_bss,
1066 	.add_tx_ba = mt7615_mcu_wtbl_tx_ba,
1067 	.add_rx_ba = mt7615_mcu_wtbl_rx_ba,
1068 	.sta_add = mt7615_mcu_wtbl_sta_add,
1069 	.set_drv_ctrl = mt7615_mcu_drv_pmctrl,
1070 	.set_fw_ctrl = mt7615_mcu_fw_pmctrl,
1071 };
1072 
1073 static int
1074 mt7615_mcu_sta_ba(struct mt7615_dev *dev,
1075 		  struct ieee80211_ampdu_params *params,
1076 		  bool enable, bool tx)
1077 {
1078 	struct mt7615_sta *msta = (struct mt7615_sta *)params->sta->drv_priv;
1079 	struct mt7615_vif *mvif = msta->vif;
1080 	struct wtbl_req_hdr *wtbl_hdr;
1081 	struct tlv *sta_wtbl;
1082 	struct sk_buff *skb;
1083 
1084 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1085 					    &msta->wcid);
1086 	if (IS_ERR(skb))
1087 		return PTR_ERR(skb);
1088 
1089 	mt76_connac_mcu_sta_ba_tlv(skb, params, enable, tx);
1090 
1091 	sta_wtbl = mt76_connac_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
1092 
1093 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
1094 						  WTBL_SET, sta_wtbl, &skb);
1095 	if (IS_ERR(wtbl_hdr))
1096 		return PTR_ERR(wtbl_hdr);
1097 
1098 	mt76_connac_mcu_wtbl_ba_tlv(&dev->mt76, skb, params, enable, tx,
1099 				    sta_wtbl, wtbl_hdr);
1100 
1101 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1102 				     MCU_EXT_CMD_STA_REC_UPDATE, true);
1103 }
1104 
1105 static int
1106 mt7615_mcu_sta_tx_ba(struct mt7615_dev *dev,
1107 		     struct ieee80211_ampdu_params *params,
1108 		     bool enable)
1109 {
1110 	return mt7615_mcu_sta_ba(dev, params, enable, true);
1111 }
1112 
1113 static int
1114 mt7615_mcu_sta_rx_ba(struct mt7615_dev *dev,
1115 		     struct ieee80211_ampdu_params *params,
1116 		     bool enable)
1117 {
1118 	return mt7615_mcu_sta_ba(dev, params, enable, false);
1119 }
1120 
1121 static int
1122 __mt7615_mcu_add_sta(struct mt76_phy *phy, struct ieee80211_vif *vif,
1123 		     struct ieee80211_sta *sta, bool enable, int cmd)
1124 {
1125 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1126 	struct mt76_sta_cmd_info info = {
1127 		.sta = sta,
1128 		.vif = vif,
1129 		.enable = enable,
1130 		.cmd = cmd,
1131 	};
1132 
1133 	info.wcid = sta ? (struct mt76_wcid *)sta->drv_priv : &mvif->sta.wcid;
1134 	return mt76_connac_mcu_add_sta_cmd(phy, &info);
1135 }
1136 
1137 static int
1138 mt7615_mcu_add_sta(struct mt7615_phy *phy, struct ieee80211_vif *vif,
1139 		   struct ieee80211_sta *sta, bool enable)
1140 {
1141 	return __mt7615_mcu_add_sta(phy->mt76, vif, sta, enable,
1142 				    MCU_EXT_CMD_STA_REC_UPDATE);
1143 }
1144 
1145 static const struct mt7615_mcu_ops sta_update_ops = {
1146 	.add_beacon_offload = mt7615_mcu_add_beacon_offload,
1147 	.set_pm_state = mt7615_mcu_ctrl_pm_state,
1148 	.add_dev_info = mt7615_mcu_add_dev,
1149 	.add_bss_info = mt7615_mcu_add_bss,
1150 	.add_tx_ba = mt7615_mcu_sta_tx_ba,
1151 	.add_rx_ba = mt7615_mcu_sta_rx_ba,
1152 	.sta_add = mt7615_mcu_add_sta,
1153 	.set_drv_ctrl = mt7615_mcu_drv_pmctrl,
1154 	.set_fw_ctrl = mt7615_mcu_fw_pmctrl,
1155 };
1156 
1157 int mt7615_mcu_sta_update_hdr_trans(struct mt7615_dev *dev,
1158 				    struct ieee80211_vif *vif,
1159 				    struct ieee80211_sta *sta)
1160 {
1161 	struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1162 	struct wtbl_req_hdr *wtbl_hdr;
1163 	struct sk_buff *skb = NULL;
1164 
1165 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
1166 						  WTBL_SET, NULL, &skb);
1167 	if (IS_ERR(wtbl_hdr))
1168 		return PTR_ERR(wtbl_hdr);
1169 
1170 	mt76_connac_mcu_wtbl_hdr_trans_tlv(skb, &msta->wcid, NULL, wtbl_hdr);
1171 
1172 	return mt76_mcu_skb_send_msg(&dev->mt76, skb, MCU_EXT_CMD_WTBL_UPDATE,
1173 				     true);
1174 }
1175 
1176 static int
1177 mt7615_mcu_uni_ctrl_pm_state(struct mt7615_dev *dev, int band, int state)
1178 {
1179 	return 0;
1180 }
1181 
1182 static int
1183 mt7615_mcu_uni_add_beacon_offload(struct mt7615_dev *dev,
1184 				  struct ieee80211_hw *hw,
1185 				  struct ieee80211_vif *vif,
1186 				  bool enable)
1187 {
1188 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1189 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1190 	struct ieee80211_mutable_offsets offs;
1191 	struct {
1192 		struct req_hdr {
1193 			u8 bss_idx;
1194 			u8 pad[3];
1195 		} __packed hdr;
1196 		struct bcn_content_tlv {
1197 			__le16 tag;
1198 			__le16 len;
1199 			__le16 tim_ie_pos;
1200 			__le16 csa_ie_pos;
1201 			__le16 bcc_ie_pos;
1202 			/* 0: disable beacon offload
1203 			 * 1: enable beacon offload
1204 			 * 2: update probe respond offload
1205 			 */
1206 			u8 enable;
1207 			/* 0: legacy format (TXD + payload)
1208 			 * 1: only cap field IE
1209 			 */
1210 			u8 type;
1211 			__le16 pkt_len;
1212 			u8 pkt[512];
1213 		} __packed beacon_tlv;
1214 	} req = {
1215 		.hdr = {
1216 			.bss_idx = mvif->mt76.idx,
1217 		},
1218 		.beacon_tlv = {
1219 			.tag = cpu_to_le16(UNI_BSS_INFO_BCN_CONTENT),
1220 			.len = cpu_to_le16(sizeof(struct bcn_content_tlv)),
1221 			.enable = enable,
1222 		},
1223 	};
1224 	struct sk_buff *skb;
1225 
1226 	if (!enable)
1227 		goto out;
1228 
1229 	skb = ieee80211_beacon_get_template(mt76_hw(dev), vif, &offs);
1230 	if (!skb)
1231 		return -EINVAL;
1232 
1233 	if (skb->len > 512 - MT_TXD_SIZE) {
1234 		dev_err(dev->mt76.dev, "beacon size limit exceed\n");
1235 		dev_kfree_skb(skb);
1236 		return -EINVAL;
1237 	}
1238 
1239 	mt7615_mac_write_txwi(dev, (__le32 *)(req.beacon_tlv.pkt), skb,
1240 			      wcid, NULL, 0, NULL, true);
1241 	memcpy(req.beacon_tlv.pkt + MT_TXD_SIZE, skb->data, skb->len);
1242 	req.beacon_tlv.pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
1243 	req.beacon_tlv.tim_ie_pos = cpu_to_le16(MT_TXD_SIZE + offs.tim_offset);
1244 
1245 	if (offs.cntdwn_counter_offs[0]) {
1246 		u16 csa_offs;
1247 
1248 		csa_offs = MT_TXD_SIZE + offs.cntdwn_counter_offs[0] - 4;
1249 		req.beacon_tlv.csa_ie_pos = cpu_to_le16(csa_offs);
1250 	}
1251 	dev_kfree_skb(skb);
1252 
1253 out:
1254 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD_BSS_INFO_UPDATE,
1255 				 &req, sizeof(req), true);
1256 }
1257 
1258 static int
1259 mt7615_mcu_uni_add_dev(struct mt7615_phy *phy, struct ieee80211_vif *vif,
1260 		       bool enable)
1261 {
1262 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1263 
1264 	return mt76_connac_mcu_uni_add_dev(phy->mt76, vif, &mvif->sta.wcid,
1265 					   enable);
1266 }
1267 
1268 static int
1269 mt7615_mcu_uni_add_bss(struct mt7615_phy *phy, struct ieee80211_vif *vif,
1270 		       struct ieee80211_sta *sta, bool enable)
1271 {
1272 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1273 
1274 	return mt76_connac_mcu_uni_add_bss(phy->mt76, vif, &mvif->sta.wcid,
1275 					   enable);
1276 }
1277 
1278 static inline int
1279 mt7615_mcu_uni_add_sta(struct mt7615_phy *phy, struct ieee80211_vif *vif,
1280 		       struct ieee80211_sta *sta, bool enable)
1281 {
1282 	return __mt7615_mcu_add_sta(phy->mt76, vif, sta, enable,
1283 				    MCU_UNI_CMD_STA_REC_UPDATE);
1284 }
1285 
1286 static int
1287 mt7615_mcu_uni_tx_ba(struct mt7615_dev *dev,
1288 		     struct ieee80211_ampdu_params *params,
1289 		     bool enable)
1290 {
1291 	struct mt7615_sta *sta = (struct mt7615_sta *)params->sta->drv_priv;
1292 
1293 	return mt76_connac_mcu_sta_ba(&dev->mt76, &sta->vif->mt76, params,
1294 				      enable, true);
1295 }
1296 
1297 static int
1298 mt7615_mcu_uni_rx_ba(struct mt7615_dev *dev,
1299 		     struct ieee80211_ampdu_params *params,
1300 		     bool enable)
1301 {
1302 	struct mt7615_sta *msta = (struct mt7615_sta *)params->sta->drv_priv;
1303 	struct mt7615_vif *mvif = msta->vif;
1304 	struct wtbl_req_hdr *wtbl_hdr;
1305 	struct tlv *sta_wtbl;
1306 	struct sk_buff *skb;
1307 	int err;
1308 
1309 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1310 					    &msta->wcid);
1311 	if (IS_ERR(skb))
1312 		return PTR_ERR(skb);
1313 
1314 	mt76_connac_mcu_sta_ba_tlv(skb, params, enable, false);
1315 
1316 	err = mt76_mcu_skb_send_msg(&dev->mt76, skb,
1317 				    MCU_UNI_CMD_STA_REC_UPDATE, true);
1318 	if (err < 0 || !enable)
1319 		return err;
1320 
1321 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1322 					    &msta->wcid);
1323 	if (IS_ERR(skb))
1324 		return PTR_ERR(skb);
1325 
1326 	sta_wtbl = mt76_connac_mcu_add_tlv(skb, STA_REC_WTBL,
1327 					   sizeof(struct tlv));
1328 
1329 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
1330 						  WTBL_SET, sta_wtbl, &skb);
1331 	if (IS_ERR(wtbl_hdr))
1332 		return PTR_ERR(wtbl_hdr);
1333 
1334 	mt76_connac_mcu_wtbl_ba_tlv(&dev->mt76, skb, params, enable, false,
1335 				    sta_wtbl, wtbl_hdr);
1336 
1337 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1338 				     MCU_UNI_CMD_STA_REC_UPDATE, true);
1339 }
1340 
1341 static const struct mt7615_mcu_ops uni_update_ops = {
1342 	.add_beacon_offload = mt7615_mcu_uni_add_beacon_offload,
1343 	.set_pm_state = mt7615_mcu_uni_ctrl_pm_state,
1344 	.add_dev_info = mt7615_mcu_uni_add_dev,
1345 	.add_bss_info = mt7615_mcu_uni_add_bss,
1346 	.add_tx_ba = mt7615_mcu_uni_tx_ba,
1347 	.add_rx_ba = mt7615_mcu_uni_rx_ba,
1348 	.sta_add = mt7615_mcu_uni_add_sta,
1349 	.set_drv_ctrl = mt7615_mcu_lp_drv_pmctrl,
1350 	.set_fw_ctrl = mt7615_mcu_fw_pmctrl,
1351 };
1352 
1353 int mt7615_mcu_restart(struct mt76_dev *dev)
1354 {
1355 	return mt76_mcu_send_msg(dev, MCU_CMD_RESTART_DL_REQ, NULL, 0, true);
1356 }
1357 EXPORT_SYMBOL_GPL(mt7615_mcu_restart);
1358 
1359 static int mt7615_load_patch(struct mt7615_dev *dev, u32 addr, const char *name)
1360 {
1361 	const struct mt7615_patch_hdr *hdr;
1362 	const struct firmware *fw = NULL;
1363 	int len, ret, sem;
1364 
1365 	ret = firmware_request_nowarn(&fw, name, dev->mt76.dev);
1366 	if (ret)
1367 		return ret;
1368 
1369 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
1370 		dev_err(dev->mt76.dev, "Invalid firmware\n");
1371 		ret = -EINVAL;
1372 		goto release_fw;
1373 	}
1374 
1375 	sem = mt76_connac_mcu_patch_sem_ctrl(&dev->mt76, true);
1376 	switch (sem) {
1377 	case PATCH_IS_DL:
1378 		goto release_fw;
1379 	case PATCH_NOT_DL_SEM_SUCCESS:
1380 		break;
1381 	default:
1382 		dev_err(dev->mt76.dev, "Failed to get patch semaphore\n");
1383 		ret = -EAGAIN;
1384 		goto release_fw;
1385 	}
1386 
1387 	hdr = (const struct mt7615_patch_hdr *)(fw->data);
1388 
1389 	dev_info(dev->mt76.dev, "HW/SW Version: 0x%x, Build Time: %.16s\n",
1390 		 be32_to_cpu(hdr->hw_sw_ver), hdr->build_date);
1391 
1392 	len = fw->size - sizeof(*hdr);
1393 
1394 	ret = mt76_connac_mcu_init_download(&dev->mt76, addr, len,
1395 					    DL_MODE_NEED_RSP);
1396 	if (ret) {
1397 		dev_err(dev->mt76.dev, "Download request failed\n");
1398 		goto out;
1399 	}
1400 
1401 	ret = mt76_mcu_send_firmware(&dev->mt76, MCU_CMD_FW_SCATTER,
1402 				     fw->data + sizeof(*hdr), len);
1403 	if (ret) {
1404 		dev_err(dev->mt76.dev, "Failed to send firmware to device\n");
1405 		goto out;
1406 	}
1407 
1408 	ret = mt76_connac_mcu_start_patch(&dev->mt76);
1409 	if (ret)
1410 		dev_err(dev->mt76.dev, "Failed to start patch\n");
1411 
1412 out:
1413 	sem = mt76_connac_mcu_patch_sem_ctrl(&dev->mt76, false);
1414 	switch (sem) {
1415 	case PATCH_REL_SEM_SUCCESS:
1416 		break;
1417 	default:
1418 		ret = -EAGAIN;
1419 		dev_err(dev->mt76.dev, "Failed to release patch semaphore\n");
1420 		break;
1421 	}
1422 
1423 release_fw:
1424 	release_firmware(fw);
1425 
1426 	return ret;
1427 }
1428 
1429 static u32 mt7615_mcu_gen_dl_mode(u8 feature_set, bool is_cr4)
1430 {
1431 	u32 ret = 0;
1432 
1433 	ret |= (feature_set & FW_FEATURE_SET_ENCRYPT) ?
1434 	       (DL_MODE_ENCRYPT | DL_MODE_RESET_SEC_IV) : 0;
1435 	ret |= FIELD_PREP(DL_MODE_KEY_IDX,
1436 			  FIELD_GET(FW_FEATURE_SET_KEY_IDX, feature_set));
1437 	ret |= DL_MODE_NEED_RSP;
1438 	ret |= is_cr4 ? DL_MODE_WORKING_PDA_CR4 : 0;
1439 
1440 	return ret;
1441 }
1442 
1443 static int
1444 mt7615_mcu_send_ram_firmware(struct mt7615_dev *dev,
1445 			     const struct mt7615_fw_trailer *hdr,
1446 			     const u8 *data, bool is_cr4)
1447 {
1448 	int n_region = is_cr4 ? CR4_REGION_NUM : N9_REGION_NUM;
1449 	int err, i, offset = 0;
1450 	u32 len, addr, mode;
1451 
1452 	for (i = 0; i < n_region; i++) {
1453 		mode = mt7615_mcu_gen_dl_mode(hdr[i].feature_set, is_cr4);
1454 		len = le32_to_cpu(hdr[i].len) + IMG_CRC_LEN;
1455 		addr = le32_to_cpu(hdr[i].addr);
1456 
1457 		err = mt76_connac_mcu_init_download(&dev->mt76, addr, len,
1458 						    mode);
1459 		if (err) {
1460 			dev_err(dev->mt76.dev, "Download request failed\n");
1461 			return err;
1462 		}
1463 
1464 		err = mt76_mcu_send_firmware(&dev->mt76, MCU_CMD_FW_SCATTER,
1465 					     data + offset, len);
1466 		if (err) {
1467 			dev_err(dev->mt76.dev, "Failed to send firmware to device\n");
1468 			return err;
1469 		}
1470 
1471 		offset += len;
1472 	}
1473 
1474 	return 0;
1475 }
1476 
1477 static int mt7615_load_n9(struct mt7615_dev *dev, const char *name)
1478 {
1479 	const struct mt7615_fw_trailer *hdr;
1480 	const struct firmware *fw;
1481 	int ret;
1482 
1483 	ret = request_firmware(&fw, name, dev->mt76.dev);
1484 	if (ret)
1485 		return ret;
1486 
1487 	if (!fw || !fw->data || fw->size < N9_REGION_NUM * sizeof(*hdr)) {
1488 		dev_err(dev->mt76.dev, "Invalid firmware\n");
1489 		ret = -EINVAL;
1490 		goto out;
1491 	}
1492 
1493 	hdr = (const struct mt7615_fw_trailer *)(fw->data + fw->size -
1494 					N9_REGION_NUM * sizeof(*hdr));
1495 
1496 	dev_info(dev->mt76.dev, "N9 Firmware Version: %.10s, Build Time: %.15s\n",
1497 		 hdr->fw_ver, hdr->build_date);
1498 
1499 	ret = mt7615_mcu_send_ram_firmware(dev, hdr, fw->data, false);
1500 	if (ret)
1501 		goto out;
1502 
1503 	ret = mt76_connac_mcu_start_firmware(&dev->mt76,
1504 					     le32_to_cpu(hdr->addr),
1505 					     FW_START_OVERRIDE);
1506 	if (ret) {
1507 		dev_err(dev->mt76.dev, "Failed to start N9 firmware\n");
1508 		goto out;
1509 	}
1510 
1511 	snprintf(dev->mt76.hw->wiphy->fw_version,
1512 		 sizeof(dev->mt76.hw->wiphy->fw_version),
1513 		 "%.10s-%.15s", hdr->fw_ver, hdr->build_date);
1514 
1515 	if (!is_mt7615(&dev->mt76)) {
1516 		dev->fw_ver = MT7615_FIRMWARE_V2;
1517 		dev->mcu_ops = &sta_update_ops;
1518 	} else {
1519 		dev->fw_ver = MT7615_FIRMWARE_V1;
1520 		dev->mcu_ops = &wtbl_update_ops;
1521 	}
1522 
1523 out:
1524 	release_firmware(fw);
1525 	return ret;
1526 }
1527 
1528 static int mt7615_load_cr4(struct mt7615_dev *dev, const char *name)
1529 {
1530 	const struct mt7615_fw_trailer *hdr;
1531 	const struct firmware *fw;
1532 	int ret;
1533 
1534 	ret = request_firmware(&fw, name, dev->mt76.dev);
1535 	if (ret)
1536 		return ret;
1537 
1538 	if (!fw || !fw->data || fw->size < CR4_REGION_NUM * sizeof(*hdr)) {
1539 		dev_err(dev->mt76.dev, "Invalid firmware\n");
1540 		ret = -EINVAL;
1541 		goto out;
1542 	}
1543 
1544 	hdr = (const struct mt7615_fw_trailer *)(fw->data + fw->size -
1545 					CR4_REGION_NUM * sizeof(*hdr));
1546 
1547 	dev_info(dev->mt76.dev, "CR4 Firmware Version: %.10s, Build Time: %.15s\n",
1548 		 hdr->fw_ver, hdr->build_date);
1549 
1550 	ret = mt7615_mcu_send_ram_firmware(dev, hdr, fw->data, true);
1551 	if (ret)
1552 		goto out;
1553 
1554 	ret = mt76_connac_mcu_start_firmware(&dev->mt76, 0,
1555 					     FW_START_WORKING_PDA_CR4);
1556 	if (ret) {
1557 		dev_err(dev->mt76.dev, "Failed to start CR4 firmware\n");
1558 		goto out;
1559 	}
1560 
1561 out:
1562 	release_firmware(fw);
1563 
1564 	return ret;
1565 }
1566 
1567 static int mt7615_load_ram(struct mt7615_dev *dev)
1568 {
1569 	int ret;
1570 
1571 	ret = mt7615_load_n9(dev, MT7615_FIRMWARE_N9);
1572 	if (ret)
1573 		return ret;
1574 
1575 	return mt7615_load_cr4(dev, MT7615_FIRMWARE_CR4);
1576 }
1577 
1578 static int mt7615_load_firmware(struct mt7615_dev *dev)
1579 {
1580 	int ret;
1581 	u32 val;
1582 
1583 	val = mt76_get_field(dev, MT_TOP_MISC2, MT_TOP_MISC2_FW_STATE);
1584 
1585 	if (val != FW_STATE_FW_DOWNLOAD) {
1586 		dev_err(dev->mt76.dev, "Firmware is not ready for download\n");
1587 		return -EIO;
1588 	}
1589 
1590 	ret = mt7615_load_patch(dev, MT7615_PATCH_ADDRESS, MT7615_ROM_PATCH);
1591 	if (ret)
1592 		return ret;
1593 
1594 	ret = mt7615_load_ram(dev);
1595 	if (ret)
1596 		return ret;
1597 
1598 	if (!mt76_poll_msec(dev, MT_TOP_MISC2, MT_TOP_MISC2_FW_STATE,
1599 			    FIELD_PREP(MT_TOP_MISC2_FW_STATE,
1600 				       FW_STATE_CR4_RDY), 500)) {
1601 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
1602 		return -EIO;
1603 	}
1604 
1605 	return 0;
1606 }
1607 
1608 static int mt7622_load_firmware(struct mt7615_dev *dev)
1609 {
1610 	int ret;
1611 	u32 val;
1612 
1613 	mt76_set(dev, MT_WPDMA_GLO_CFG, MT_WPDMA_GLO_CFG_BYPASS_TX_SCH);
1614 
1615 	val = mt76_get_field(dev, MT_TOP_OFF_RSV, MT_TOP_OFF_RSV_FW_STATE);
1616 	if (val != FW_STATE_FW_DOWNLOAD) {
1617 		dev_err(dev->mt76.dev, "Firmware is not ready for download\n");
1618 		return -EIO;
1619 	}
1620 
1621 	ret = mt7615_load_patch(dev, MT7622_PATCH_ADDRESS, MT7622_ROM_PATCH);
1622 	if (ret)
1623 		return ret;
1624 
1625 	ret = mt7615_load_n9(dev, MT7622_FIRMWARE_N9);
1626 	if (ret)
1627 		return ret;
1628 
1629 	if (!mt76_poll_msec(dev, MT_TOP_OFF_RSV, MT_TOP_OFF_RSV_FW_STATE,
1630 			    FIELD_PREP(MT_TOP_OFF_RSV_FW_STATE,
1631 				       FW_STATE_NORMAL_TRX), 1500)) {
1632 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
1633 		return -EIO;
1634 	}
1635 
1636 	mt76_clear(dev, MT_WPDMA_GLO_CFG, MT_WPDMA_GLO_CFG_BYPASS_TX_SCH);
1637 
1638 	return 0;
1639 }
1640 
1641 int mt7615_mcu_fw_log_2_host(struct mt7615_dev *dev, u8 ctrl)
1642 {
1643 	struct {
1644 		u8 ctrl_val;
1645 		u8 pad[3];
1646 	} data = {
1647 		.ctrl_val = ctrl
1648 	};
1649 
1650 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_FW_LOG_2_HOST, &data,
1651 				 sizeof(data), true);
1652 }
1653 
1654 static int mt7663_load_n9(struct mt7615_dev *dev, const char *name)
1655 {
1656 	u32 offset = 0, override_addr = 0, flag = FW_START_DLYCAL;
1657 	const struct mt7663_fw_trailer *hdr;
1658 	const struct mt7663_fw_buf *buf;
1659 	const struct firmware *fw;
1660 	const u8 *base_addr;
1661 	int i, ret;
1662 
1663 	ret = request_firmware(&fw, name, dev->mt76.dev);
1664 	if (ret)
1665 		return ret;
1666 
1667 	if (!fw || !fw->data || fw->size < FW_V3_COMMON_TAILER_SIZE) {
1668 		dev_err(dev->mt76.dev, "Invalid firmware\n");
1669 		ret = -EINVAL;
1670 		goto out;
1671 	}
1672 
1673 	hdr = (const struct mt7663_fw_trailer *)(fw->data + fw->size -
1674 						 FW_V3_COMMON_TAILER_SIZE);
1675 
1676 	dev_info(dev->mt76.dev, "N9 Firmware Version: %.10s, Build Time: %.15s\n",
1677 		 hdr->fw_ver, hdr->build_date);
1678 	dev_info(dev->mt76.dev, "Region number: 0x%x\n", hdr->n_region);
1679 
1680 	base_addr = fw->data + fw->size - FW_V3_COMMON_TAILER_SIZE;
1681 	for (i = 0; i < hdr->n_region; i++) {
1682 		u32 shift = (hdr->n_region - i) * FW_V3_REGION_TAILER_SIZE;
1683 		u32 len, addr, mode;
1684 
1685 		dev_info(dev->mt76.dev, "Parsing tailer Region: %d\n", i);
1686 
1687 		buf = (const struct mt7663_fw_buf *)(base_addr - shift);
1688 		mode = mt7615_mcu_gen_dl_mode(buf->feature_set, false);
1689 		addr = le32_to_cpu(buf->img_dest_addr);
1690 		len = le32_to_cpu(buf->img_size);
1691 
1692 		ret = mt76_connac_mcu_init_download(&dev->mt76, addr, len,
1693 						    mode);
1694 		if (ret) {
1695 			dev_err(dev->mt76.dev, "Download request failed\n");
1696 			goto out;
1697 		}
1698 
1699 		ret = mt76_mcu_send_firmware(&dev->mt76, MCU_CMD_FW_SCATTER,
1700 					     fw->data + offset, len);
1701 		if (ret) {
1702 			dev_err(dev->mt76.dev, "Failed to send firmware\n");
1703 			goto out;
1704 		}
1705 
1706 		offset += le32_to_cpu(buf->img_size);
1707 		if (buf->feature_set & DL_MODE_VALID_RAM_ENTRY) {
1708 			override_addr = le32_to_cpu(buf->img_dest_addr);
1709 			dev_info(dev->mt76.dev, "Region %d, override_addr = 0x%08x\n",
1710 				 i, override_addr);
1711 		}
1712 	}
1713 
1714 	if (override_addr)
1715 		flag |= FW_START_OVERRIDE;
1716 
1717 	dev_info(dev->mt76.dev, "override_addr = 0x%08x, option = %d\n",
1718 		 override_addr, flag);
1719 
1720 	ret = mt76_connac_mcu_start_firmware(&dev->mt76, override_addr, flag);
1721 	if (ret) {
1722 		dev_err(dev->mt76.dev, "Failed to start N9 firmware\n");
1723 		goto out;
1724 	}
1725 
1726 	snprintf(dev->mt76.hw->wiphy->fw_version,
1727 		 sizeof(dev->mt76.hw->wiphy->fw_version),
1728 		 "%.10s-%.15s", hdr->fw_ver, hdr->build_date);
1729 
1730 out:
1731 	release_firmware(fw);
1732 
1733 	return ret;
1734 }
1735 
1736 static int
1737 mt7663_load_rom_patch(struct mt7615_dev *dev, const char **n9_firmware)
1738 {
1739 	const char *selected_rom, *secondary_rom = MT7663_ROM_PATCH;
1740 	const char *primary_rom = MT7663_OFFLOAD_ROM_PATCH;
1741 	int ret;
1742 
1743 	if (!prefer_offload_fw) {
1744 		secondary_rom = MT7663_OFFLOAD_ROM_PATCH;
1745 		primary_rom = MT7663_ROM_PATCH;
1746 	}
1747 	selected_rom = primary_rom;
1748 
1749 	ret = mt7615_load_patch(dev, MT7663_PATCH_ADDRESS, primary_rom);
1750 	if (ret) {
1751 		dev_info(dev->mt76.dev, "%s not found, switching to %s",
1752 			 primary_rom, secondary_rom);
1753 		ret = mt7615_load_patch(dev, MT7663_PATCH_ADDRESS,
1754 					secondary_rom);
1755 		if (ret) {
1756 			dev_err(dev->mt76.dev, "failed to load %s",
1757 				secondary_rom);
1758 			return ret;
1759 		}
1760 		selected_rom = secondary_rom;
1761 	}
1762 
1763 	if (!strcmp(selected_rom, MT7663_OFFLOAD_ROM_PATCH)) {
1764 		*n9_firmware = MT7663_OFFLOAD_FIRMWARE_N9;
1765 		dev->fw_ver = MT7615_FIRMWARE_V3;
1766 		dev->mcu_ops = &uni_update_ops;
1767 	} else {
1768 		*n9_firmware = MT7663_FIRMWARE_N9;
1769 		dev->fw_ver = MT7615_FIRMWARE_V2;
1770 		dev->mcu_ops = &sta_update_ops;
1771 	}
1772 
1773 	return 0;
1774 }
1775 
1776 int __mt7663_load_firmware(struct mt7615_dev *dev)
1777 {
1778 	const char *n9_firmware;
1779 	int ret;
1780 
1781 	ret = mt76_get_field(dev, MT_CONN_ON_MISC, MT_TOP_MISC2_FW_N9_RDY);
1782 	if (ret) {
1783 		dev_dbg(dev->mt76.dev, "Firmware is already download\n");
1784 		return -EIO;
1785 	}
1786 
1787 	ret = mt7663_load_rom_patch(dev, &n9_firmware);
1788 	if (ret)
1789 		return ret;
1790 
1791 	ret = mt7663_load_n9(dev, n9_firmware);
1792 	if (ret)
1793 		return ret;
1794 
1795 	if (!mt76_poll_msec(dev, MT_CONN_ON_MISC, MT_TOP_MISC2_FW_N9_RDY,
1796 			    MT_TOP_MISC2_FW_N9_RDY, 1500)) {
1797 		ret = mt76_get_field(dev, MT_CONN_ON_MISC,
1798 				     MT7663_TOP_MISC2_FW_STATE);
1799 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
1800 		return -EIO;
1801 	}
1802 
1803 #ifdef CONFIG_PM
1804 	if (mt7615_firmware_offload(dev))
1805 		dev->mt76.hw->wiphy->wowlan = &mt76_connac_wowlan_support;
1806 #endif /* CONFIG_PM */
1807 
1808 	dev_dbg(dev->mt76.dev, "Firmware init done\n");
1809 
1810 	return 0;
1811 }
1812 EXPORT_SYMBOL_GPL(__mt7663_load_firmware);
1813 
1814 static int mt7663_load_firmware(struct mt7615_dev *dev)
1815 {
1816 	int ret;
1817 
1818 	mt76_set(dev, MT_WPDMA_GLO_CFG, MT_WPDMA_GLO_CFG_BYPASS_TX_SCH);
1819 
1820 	ret = __mt7663_load_firmware(dev);
1821 	if (ret)
1822 		return ret;
1823 
1824 	mt76_clear(dev, MT_WPDMA_GLO_CFG, MT_WPDMA_GLO_CFG_BYPASS_TX_SCH);
1825 
1826 	return 0;
1827 }
1828 
1829 int mt7615_mcu_init(struct mt7615_dev *dev)
1830 {
1831 	static const struct mt76_mcu_ops mt7615_mcu_ops = {
1832 		.headroom = sizeof(struct mt7615_mcu_txd),
1833 		.mcu_skb_send_msg = mt7615_mcu_send_message,
1834 		.mcu_parse_response = mt7615_mcu_parse_response,
1835 		.mcu_restart = mt7615_mcu_restart,
1836 	};
1837 	int ret;
1838 
1839 	dev->mt76.mcu_ops = &mt7615_mcu_ops,
1840 
1841 	ret = mt7615_mcu_drv_pmctrl(dev);
1842 	if (ret)
1843 		return ret;
1844 
1845 	switch (mt76_chip(&dev->mt76)) {
1846 	case 0x7622:
1847 		ret = mt7622_load_firmware(dev);
1848 		break;
1849 	case 0x7663:
1850 		ret = mt7663_load_firmware(dev);
1851 		break;
1852 	default:
1853 		ret = mt7615_load_firmware(dev);
1854 		break;
1855 	}
1856 	if (ret)
1857 		return ret;
1858 
1859 	mt76_queue_tx_cleanup(dev, dev->mt76.q_mcu[MT_MCUQ_FWDL], false);
1860 	dev_dbg(dev->mt76.dev, "Firmware init done\n");
1861 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
1862 	mt7615_mcu_fw_log_2_host(dev, 0);
1863 
1864 	return 0;
1865 }
1866 EXPORT_SYMBOL_GPL(mt7615_mcu_init);
1867 
1868 void mt7615_mcu_exit(struct mt7615_dev *dev)
1869 {
1870 	__mt76_mcu_restart(&dev->mt76);
1871 	mt7615_mcu_set_fw_ctrl(dev);
1872 	skb_queue_purge(&dev->mt76.mcu.res_q);
1873 }
1874 EXPORT_SYMBOL_GPL(mt7615_mcu_exit);
1875 
1876 int mt7615_mcu_set_eeprom(struct mt7615_dev *dev)
1877 {
1878 	struct {
1879 		u8 buffer_mode;
1880 		u8 content_format;
1881 		__le16 len;
1882 	} __packed req_hdr = {
1883 		.buffer_mode = 1,
1884 	};
1885 	u8 *eep = (u8 *)dev->mt76.eeprom.data;
1886 	struct sk_buff *skb;
1887 	int eep_len, offset;
1888 
1889 	switch (mt76_chip(&dev->mt76)) {
1890 	case 0x7622:
1891 		eep_len = MT7622_EE_MAX - MT_EE_NIC_CONF_0;
1892 		offset = MT_EE_NIC_CONF_0;
1893 		break;
1894 	case 0x7663:
1895 		eep_len = MT7663_EE_MAX - MT_EE_CHIP_ID;
1896 		req_hdr.content_format = 1;
1897 		offset = MT_EE_CHIP_ID;
1898 		break;
1899 	default:
1900 		eep_len = MT7615_EE_MAX - MT_EE_NIC_CONF_0;
1901 		offset = MT_EE_NIC_CONF_0;
1902 		break;
1903 	}
1904 
1905 	req_hdr.len = cpu_to_le16(eep_len);
1906 
1907 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, sizeof(req_hdr) + eep_len);
1908 	if (!skb)
1909 		return -ENOMEM;
1910 
1911 	skb_put_data(skb, &req_hdr, sizeof(req_hdr));
1912 	skb_put_data(skb, eep + offset, eep_len);
1913 
1914 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1915 				     MCU_EXT_CMD_EFUSE_BUFFER_MODE, true);
1916 }
1917 
1918 int mt7615_mcu_set_wmm(struct mt7615_dev *dev, u8 queue,
1919 		       const struct ieee80211_tx_queue_params *params)
1920 {
1921 #define WMM_AIFS_SET	BIT(0)
1922 #define WMM_CW_MIN_SET	BIT(1)
1923 #define WMM_CW_MAX_SET	BIT(2)
1924 #define WMM_TXOP_SET	BIT(3)
1925 #define WMM_PARAM_SET	(WMM_AIFS_SET | WMM_CW_MIN_SET | \
1926 			 WMM_CW_MAX_SET | WMM_TXOP_SET)
1927 	struct req_data {
1928 		u8 number;
1929 		u8 rsv[3];
1930 		u8 queue;
1931 		u8 valid;
1932 		u8 aifs;
1933 		u8 cw_min;
1934 		__le16 cw_max;
1935 		__le16 txop;
1936 	} __packed req = {
1937 		.number = 1,
1938 		.queue = queue,
1939 		.valid = WMM_PARAM_SET,
1940 		.aifs = params->aifs,
1941 		.cw_min = 5,
1942 		.cw_max = cpu_to_le16(10),
1943 		.txop = cpu_to_le16(params->txop),
1944 	};
1945 
1946 	if (params->cw_min)
1947 		req.cw_min = fls(params->cw_min);
1948 	if (params->cw_max)
1949 		req.cw_max = cpu_to_le16(fls(params->cw_max));
1950 
1951 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_EDCA_UPDATE, &req,
1952 				 sizeof(req), true);
1953 }
1954 
1955 int mt7615_mcu_set_dbdc(struct mt7615_dev *dev)
1956 {
1957 	struct mt7615_phy *ext_phy = mt7615_ext_phy(dev);
1958 	struct dbdc_entry {
1959 		u8 type;
1960 		u8 index;
1961 		u8 band;
1962 		u8 _rsv;
1963 	};
1964 	struct {
1965 		u8 enable;
1966 		u8 num;
1967 		u8 _rsv[2];
1968 		struct dbdc_entry entry[64];
1969 	} req = {
1970 		.enable = !!ext_phy,
1971 	};
1972 	int i;
1973 
1974 	if (!ext_phy)
1975 		goto out;
1976 
1977 #define ADD_DBDC_ENTRY(_type, _idx, _band)		\
1978 	do { \
1979 		req.entry[req.num].type = _type;		\
1980 		req.entry[req.num].index = _idx;		\
1981 		req.entry[req.num++].band = _band;		\
1982 	} while (0)
1983 
1984 	for (i = 0; i < 4; i++) {
1985 		bool band = !!(ext_phy->omac_mask & BIT_ULL(i));
1986 
1987 		ADD_DBDC_ENTRY(DBDC_TYPE_BSS, i, band);
1988 	}
1989 
1990 	for (i = 0; i < 14; i++) {
1991 		bool band = !!(ext_phy->omac_mask & BIT_ULL(0x11 + i));
1992 
1993 		ADD_DBDC_ENTRY(DBDC_TYPE_MBSS, i, band);
1994 	}
1995 
1996 	ADD_DBDC_ENTRY(DBDC_TYPE_MU, 0, 1);
1997 
1998 	for (i = 0; i < 3; i++)
1999 		ADD_DBDC_ENTRY(DBDC_TYPE_BF, i, 1);
2000 
2001 	ADD_DBDC_ENTRY(DBDC_TYPE_WMM, 0, 0);
2002 	ADD_DBDC_ENTRY(DBDC_TYPE_WMM, 1, 0);
2003 	ADD_DBDC_ENTRY(DBDC_TYPE_WMM, 2, 1);
2004 	ADD_DBDC_ENTRY(DBDC_TYPE_WMM, 3, 1);
2005 
2006 	ADD_DBDC_ENTRY(DBDC_TYPE_MGMT, 0, 0);
2007 	ADD_DBDC_ENTRY(DBDC_TYPE_MGMT, 1, 1);
2008 
2009 out:
2010 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_DBDC_CTRL, &req,
2011 				 sizeof(req), true);
2012 }
2013 
2014 int mt7615_mcu_del_wtbl_all(struct mt7615_dev *dev)
2015 {
2016 	struct wtbl_req_hdr req = {
2017 		.operation = WTBL_RESET_ALL,
2018 	};
2019 
2020 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_WTBL_UPDATE, &req,
2021 				 sizeof(req), true);
2022 }
2023 
2024 int mt7615_mcu_rdd_cmd(struct mt7615_dev *dev,
2025 		       enum mt7615_rdd_cmd cmd, u8 index,
2026 		       u8 rx_sel, u8 val)
2027 {
2028 	struct {
2029 		u8 ctrl;
2030 		u8 rdd_idx;
2031 		u8 rdd_rx_sel;
2032 		u8 val;
2033 		u8 rsv[4];
2034 	} req = {
2035 		.ctrl = cmd,
2036 		.rdd_idx = index,
2037 		.rdd_rx_sel = rx_sel,
2038 		.val = val,
2039 	};
2040 
2041 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_SET_RDD_CTRL, &req,
2042 				 sizeof(req), true);
2043 }
2044 
2045 int mt7615_mcu_set_fcc5_lpn(struct mt7615_dev *dev, int val)
2046 {
2047 	struct {
2048 		__le16 tag;
2049 		__le16 min_lpn;
2050 	} req = {
2051 		.tag = cpu_to_le16(0x1),
2052 		.min_lpn = cpu_to_le16(val),
2053 	};
2054 
2055 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_SET_RDD_TH, &req,
2056 				 sizeof(req), true);
2057 }
2058 
2059 int mt7615_mcu_set_pulse_th(struct mt7615_dev *dev,
2060 			    const struct mt7615_dfs_pulse *pulse)
2061 {
2062 	struct {
2063 		__le16 tag;
2064 		__le32 max_width;	/* us */
2065 		__le32 max_pwr;		/* dbm */
2066 		__le32 min_pwr;		/* dbm */
2067 		__le32 min_stgr_pri;	/* us */
2068 		__le32 max_stgr_pri;	/* us */
2069 		__le32 min_cr_pri;	/* us */
2070 		__le32 max_cr_pri;	/* us */
2071 	} req = {
2072 		.tag = cpu_to_le16(0x3),
2073 #define __req_field(field) .field = cpu_to_le32(pulse->field)
2074 		__req_field(max_width),
2075 		__req_field(max_pwr),
2076 		__req_field(min_pwr),
2077 		__req_field(min_stgr_pri),
2078 		__req_field(max_stgr_pri),
2079 		__req_field(min_cr_pri),
2080 		__req_field(max_cr_pri),
2081 #undef  __req_field
2082 	};
2083 
2084 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_SET_RDD_TH, &req,
2085 				 sizeof(req), true);
2086 }
2087 
2088 int mt7615_mcu_set_radar_th(struct mt7615_dev *dev, int index,
2089 			    const struct mt7615_dfs_pattern *pattern)
2090 {
2091 	struct {
2092 		__le16 tag;
2093 		__le16 radar_type;
2094 		u8 enb;
2095 		u8 stgr;
2096 		u8 min_crpn;
2097 		u8 max_crpn;
2098 		u8 min_crpr;
2099 		u8 min_pw;
2100 		u8 max_pw;
2101 		__le32 min_pri;
2102 		__le32 max_pri;
2103 		u8 min_crbn;
2104 		u8 max_crbn;
2105 		u8 min_stgpn;
2106 		u8 max_stgpn;
2107 		u8 min_stgpr;
2108 	} req = {
2109 		.tag = cpu_to_le16(0x2),
2110 		.radar_type = cpu_to_le16(index),
2111 #define __req_field_u8(field) .field = pattern->field
2112 #define __req_field_u32(field) .field = cpu_to_le32(pattern->field)
2113 		__req_field_u8(enb),
2114 		__req_field_u8(stgr),
2115 		__req_field_u8(min_crpn),
2116 		__req_field_u8(max_crpn),
2117 		__req_field_u8(min_crpr),
2118 		__req_field_u8(min_pw),
2119 		__req_field_u8(max_pw),
2120 		__req_field_u32(min_pri),
2121 		__req_field_u32(max_pri),
2122 		__req_field_u8(min_crbn),
2123 		__req_field_u8(max_crbn),
2124 		__req_field_u8(min_stgpn),
2125 		__req_field_u8(max_stgpn),
2126 		__req_field_u8(min_stgpr),
2127 #undef __req_field_u8
2128 #undef __req_field_u32
2129 	};
2130 
2131 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_SET_RDD_TH, &req,
2132 				 sizeof(req), true);
2133 }
2134 
2135 int mt7615_mcu_rdd_send_pattern(struct mt7615_dev *dev)
2136 {
2137 	struct {
2138 		u8 pulse_num;
2139 		u8 rsv[3];
2140 		struct {
2141 			__le32 start_time;
2142 			__le16 width;
2143 			__le16 power;
2144 		} pattern[32];
2145 	} req = {
2146 		.pulse_num = dev->radar_pattern.n_pulses,
2147 	};
2148 	u32 start_time = ktime_to_ms(ktime_get_boottime());
2149 	int i;
2150 
2151 	if (dev->radar_pattern.n_pulses > ARRAY_SIZE(req.pattern))
2152 		return -EINVAL;
2153 
2154 	/* TODO: add some noise here */
2155 	for (i = 0; i < dev->radar_pattern.n_pulses; i++) {
2156 		u32 ts = start_time + i * dev->radar_pattern.period;
2157 
2158 		req.pattern[i].width = cpu_to_le16(dev->radar_pattern.width);
2159 		req.pattern[i].power = cpu_to_le16(dev->radar_pattern.power);
2160 		req.pattern[i].start_time = cpu_to_le32(ts);
2161 	}
2162 
2163 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_SET_RDD_PATTERN,
2164 				 &req, sizeof(req), false);
2165 }
2166 
2167 static void mt7615_mcu_set_txpower_sku(struct mt7615_phy *phy, u8 *sku)
2168 {
2169 	struct mt76_phy *mphy = phy->mt76;
2170 	struct ieee80211_hw *hw = mphy->hw;
2171 	struct mt76_power_limits limits;
2172 	s8 *limits_array = (s8 *)&limits;
2173 	int n_chains = hweight8(mphy->antenna_mask);
2174 	int tx_power;
2175 	int i;
2176 	static const u8 sku_mapping[] = {
2177 #define SKU_FIELD(_type, _field) \
2178 		[MT_SKU_##_type] = offsetof(struct mt76_power_limits, _field)
2179 		SKU_FIELD(CCK_1_2, cck[0]),
2180 		SKU_FIELD(CCK_55_11, cck[2]),
2181 		SKU_FIELD(OFDM_6_9, ofdm[0]),
2182 		SKU_FIELD(OFDM_12_18, ofdm[2]),
2183 		SKU_FIELD(OFDM_24_36, ofdm[4]),
2184 		SKU_FIELD(OFDM_48, ofdm[6]),
2185 		SKU_FIELD(OFDM_54, ofdm[7]),
2186 		SKU_FIELD(HT20_0_8, mcs[0][0]),
2187 		SKU_FIELD(HT20_32, ofdm[0]),
2188 		SKU_FIELD(HT20_1_2_9_10, mcs[0][1]),
2189 		SKU_FIELD(HT20_3_4_11_12, mcs[0][3]),
2190 		SKU_FIELD(HT20_5_13, mcs[0][5]),
2191 		SKU_FIELD(HT20_6_14, mcs[0][6]),
2192 		SKU_FIELD(HT20_7_15, mcs[0][7]),
2193 		SKU_FIELD(HT40_0_8, mcs[1][0]),
2194 		SKU_FIELD(HT40_32, ofdm[0]),
2195 		SKU_FIELD(HT40_1_2_9_10, mcs[1][1]),
2196 		SKU_FIELD(HT40_3_4_11_12, mcs[1][3]),
2197 		SKU_FIELD(HT40_5_13, mcs[1][5]),
2198 		SKU_FIELD(HT40_6_14, mcs[1][6]),
2199 		SKU_FIELD(HT40_7_15, mcs[1][7]),
2200 		SKU_FIELD(VHT20_0, mcs[0][0]),
2201 		SKU_FIELD(VHT20_1_2, mcs[0][1]),
2202 		SKU_FIELD(VHT20_3_4, mcs[0][3]),
2203 		SKU_FIELD(VHT20_5_6, mcs[0][5]),
2204 		SKU_FIELD(VHT20_7, mcs[0][7]),
2205 		SKU_FIELD(VHT20_8, mcs[0][8]),
2206 		SKU_FIELD(VHT20_9, mcs[0][9]),
2207 		SKU_FIELD(VHT40_0, mcs[1][0]),
2208 		SKU_FIELD(VHT40_1_2, mcs[1][1]),
2209 		SKU_FIELD(VHT40_3_4, mcs[1][3]),
2210 		SKU_FIELD(VHT40_5_6, mcs[1][5]),
2211 		SKU_FIELD(VHT40_7, mcs[1][7]),
2212 		SKU_FIELD(VHT40_8, mcs[1][8]),
2213 		SKU_FIELD(VHT40_9, mcs[1][9]),
2214 		SKU_FIELD(VHT80_0, mcs[2][0]),
2215 		SKU_FIELD(VHT80_1_2, mcs[2][1]),
2216 		SKU_FIELD(VHT80_3_4, mcs[2][3]),
2217 		SKU_FIELD(VHT80_5_6, mcs[2][5]),
2218 		SKU_FIELD(VHT80_7, mcs[2][7]),
2219 		SKU_FIELD(VHT80_8, mcs[2][8]),
2220 		SKU_FIELD(VHT80_9, mcs[2][9]),
2221 		SKU_FIELD(VHT160_0, mcs[3][0]),
2222 		SKU_FIELD(VHT160_1_2, mcs[3][1]),
2223 		SKU_FIELD(VHT160_3_4, mcs[3][3]),
2224 		SKU_FIELD(VHT160_5_6, mcs[3][5]),
2225 		SKU_FIELD(VHT160_7, mcs[3][7]),
2226 		SKU_FIELD(VHT160_8, mcs[3][8]),
2227 		SKU_FIELD(VHT160_9, mcs[3][9]),
2228 #undef SKU_FIELD
2229 	};
2230 
2231 	tx_power = hw->conf.power_level * 2 -
2232 		   mt76_tx_power_nss_delta(n_chains);
2233 
2234 	tx_power = mt76_get_rate_power_limits(mphy, mphy->chandef.chan,
2235 					      &limits, tx_power);
2236 	mphy->txpower_cur = tx_power;
2237 
2238 	if (is_mt7663(mphy->dev)) {
2239 		memset(sku, tx_power, MT_SKU_4SS_DELTA + 1);
2240 		return;
2241 	}
2242 
2243 	for (i = 0; i < MT_SKU_1SS_DELTA; i++)
2244 		sku[i] = limits_array[sku_mapping[i]];
2245 
2246 	for (i = 0; i < 4; i++) {
2247 		int delta = 0;
2248 
2249 		if (i < n_chains - 1)
2250 			delta = mt76_tx_power_nss_delta(n_chains) -
2251 				mt76_tx_power_nss_delta(i + 1);
2252 		sku[MT_SKU_1SS_DELTA + i] = delta;
2253 	}
2254 }
2255 
2256 static u8 mt7615_mcu_chan_bw(struct cfg80211_chan_def *chandef)
2257 {
2258 	static const u8 width_to_bw[] = {
2259 		[NL80211_CHAN_WIDTH_40] = CMD_CBW_40MHZ,
2260 		[NL80211_CHAN_WIDTH_80] = CMD_CBW_80MHZ,
2261 		[NL80211_CHAN_WIDTH_80P80] = CMD_CBW_8080MHZ,
2262 		[NL80211_CHAN_WIDTH_160] = CMD_CBW_160MHZ,
2263 		[NL80211_CHAN_WIDTH_5] = CMD_CBW_5MHZ,
2264 		[NL80211_CHAN_WIDTH_10] = CMD_CBW_10MHZ,
2265 		[NL80211_CHAN_WIDTH_20] = CMD_CBW_20MHZ,
2266 		[NL80211_CHAN_WIDTH_20_NOHT] = CMD_CBW_20MHZ,
2267 	};
2268 
2269 	if (chandef->width >= ARRAY_SIZE(width_to_bw))
2270 		return 0;
2271 
2272 	return width_to_bw[chandef->width];
2273 }
2274 
2275 int mt7615_mcu_set_chan_info(struct mt7615_phy *phy, int cmd)
2276 {
2277 	struct mt7615_dev *dev = phy->dev;
2278 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2279 	int freq1 = chandef->center_freq1, freq2 = chandef->center_freq2;
2280 	struct {
2281 		u8 control_chan;
2282 		u8 center_chan;
2283 		u8 bw;
2284 		u8 tx_streams;
2285 		u8 rx_streams_mask;
2286 		u8 switch_reason;
2287 		u8 band_idx;
2288 		/* for 80+80 only */
2289 		u8 center_chan2;
2290 		__le16 cac_case;
2291 		u8 channel_band;
2292 		u8 rsv0;
2293 		__le32 outband_freq;
2294 		u8 txpower_drop;
2295 		u8 rsv1[3];
2296 		u8 txpower_sku[53];
2297 		u8 rsv2[3];
2298 	} req = {
2299 		.control_chan = chandef->chan->hw_value,
2300 		.center_chan = ieee80211_frequency_to_channel(freq1),
2301 		.tx_streams = hweight8(phy->mt76->antenna_mask),
2302 		.rx_streams_mask = phy->mt76->chainmask,
2303 		.center_chan2 = ieee80211_frequency_to_channel(freq2),
2304 	};
2305 
2306 	if (phy->mt76->hw->conf.flags & IEEE80211_CONF_OFFCHANNEL)
2307 		req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
2308 	else if ((chandef->chan->flags & IEEE80211_CHAN_RADAR) &&
2309 		 chandef->chan->dfs_state != NL80211_DFS_AVAILABLE)
2310 		req.switch_reason = CH_SWITCH_DFS;
2311 	else
2312 		req.switch_reason = CH_SWITCH_NORMAL;
2313 
2314 	req.band_idx = phy != &dev->phy;
2315 	req.bw = mt7615_mcu_chan_bw(chandef);
2316 
2317 	if (mt76_testmode_enabled(phy->mt76))
2318 		memset(req.txpower_sku, 0x3f, 49);
2319 	else
2320 		mt7615_mcu_set_txpower_sku(phy, req.txpower_sku);
2321 
2322 	return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), true);
2323 }
2324 
2325 int mt7615_mcu_get_temperature(struct mt7615_dev *dev, int index)
2326 {
2327 	struct {
2328 		u8 action;
2329 		u8 rsv[3];
2330 	} req = {
2331 		.action = index,
2332 	};
2333 
2334 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_GET_TEMP, &req,
2335 				 sizeof(req), true);
2336 }
2337 
2338 int mt7615_mcu_set_test_param(struct mt7615_dev *dev, u8 param, bool test_mode,
2339 			      u32 val)
2340 {
2341 	struct {
2342 		u8 test_mode_en;
2343 		u8 param_idx;
2344 		u8 _rsv[2];
2345 
2346 		__le32 value;
2347 
2348 		u8 pad[8];
2349 	} req = {
2350 		.test_mode_en = test_mode,
2351 		.param_idx = param,
2352 		.value = cpu_to_le32(val),
2353 	};
2354 
2355 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_ATE_CTRL, &req,
2356 				 sizeof(req), false);
2357 }
2358 
2359 int mt7615_mcu_set_sku_en(struct mt7615_phy *phy, bool enable)
2360 {
2361 	struct mt7615_dev *dev = phy->dev;
2362 	struct {
2363 		u8 format_id;
2364 		u8 sku_enable;
2365 		u8 band_idx;
2366 		u8 rsv;
2367 	} req = {
2368 		.format_id = 0,
2369 		.band_idx = phy != &dev->phy,
2370 		.sku_enable = enable,
2371 	};
2372 
2373 	return mt76_mcu_send_msg(&dev->mt76,
2374 				 MCU_EXT_CMD_TX_POWER_FEATURE_CTRL, &req,
2375 				 sizeof(req), true);
2376 }
2377 
2378 static int mt7615_find_freq_idx(const u16 *freqs, int n_freqs, u16 cur)
2379 {
2380 	int i;
2381 
2382 	for (i = 0; i < n_freqs; i++)
2383 		if (cur == freqs[i])
2384 			return i;
2385 
2386 	return -1;
2387 }
2388 
2389 static int mt7615_dcoc_freq_idx(u16 freq, u8 bw)
2390 {
2391 	static const u16 freq_list[] = {
2392 		4980, 5805, 5905, 5190,
2393 		5230, 5270, 5310, 5350,
2394 		5390, 5430, 5470, 5510,
2395 		5550, 5590, 5630, 5670,
2396 		5710, 5755, 5795, 5835,
2397 		5875, 5210, 5290, 5370,
2398 		5450, 5530, 5610, 5690,
2399 		5775, 5855
2400 	};
2401 	static const u16 freq_bw40[] = {
2402 		5190, 5230, 5270, 5310,
2403 		5350, 5390, 5430, 5470,
2404 		5510, 5550, 5590, 5630,
2405 		5670, 5710, 5755, 5795,
2406 		5835, 5875
2407 	};
2408 	int offset_2g = ARRAY_SIZE(freq_list);
2409 	int idx;
2410 
2411 	if (freq < 4000) {
2412 		if (freq < 2427)
2413 			return offset_2g;
2414 		if (freq < 2442)
2415 			return offset_2g + 1;
2416 		if (freq < 2457)
2417 			return offset_2g + 2;
2418 
2419 		return offset_2g + 3;
2420 	}
2421 
2422 	switch (bw) {
2423 	case NL80211_CHAN_WIDTH_80:
2424 	case NL80211_CHAN_WIDTH_80P80:
2425 	case NL80211_CHAN_WIDTH_160:
2426 		break;
2427 	default:
2428 		idx = mt7615_find_freq_idx(freq_bw40, ARRAY_SIZE(freq_bw40),
2429 					   freq + 10);
2430 		if (idx >= 0) {
2431 			freq = freq_bw40[idx];
2432 			break;
2433 		}
2434 
2435 		idx = mt7615_find_freq_idx(freq_bw40, ARRAY_SIZE(freq_bw40),
2436 					   freq - 10);
2437 		if (idx >= 0) {
2438 			freq = freq_bw40[idx];
2439 			break;
2440 		}
2441 		fallthrough;
2442 	case NL80211_CHAN_WIDTH_40:
2443 		idx = mt7615_find_freq_idx(freq_bw40, ARRAY_SIZE(freq_bw40),
2444 					   freq);
2445 		if (idx >= 0)
2446 			break;
2447 
2448 		return -1;
2449 
2450 	}
2451 
2452 	return mt7615_find_freq_idx(freq_list, ARRAY_SIZE(freq_list), freq);
2453 }
2454 
2455 int mt7615_mcu_apply_rx_dcoc(struct mt7615_phy *phy)
2456 {
2457 	struct mt7615_dev *dev = phy->dev;
2458 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2459 	int freq2 = chandef->center_freq2;
2460 	int ret;
2461 	struct {
2462 		u8 direction;
2463 		u8 runtime_calibration;
2464 		u8 _rsv[2];
2465 
2466 		__le16 center_freq;
2467 		u8 bw;
2468 		u8 band;
2469 		u8 is_freq2;
2470 		u8 success;
2471 		u8 dbdc_en;
2472 
2473 		u8 _rsv2;
2474 
2475 		struct {
2476 			__le32 sx0_i_lna[4];
2477 			__le32 sx0_q_lna[4];
2478 
2479 			__le32 sx2_i_lna[4];
2480 			__le32 sx2_q_lna[4];
2481 		} dcoc_data[4];
2482 	} req = {
2483 		.direction = 1,
2484 
2485 		.bw = mt7615_mcu_chan_bw(chandef),
2486 		.band = chandef->center_freq1 > 4000,
2487 		.dbdc_en = !!dev->mt76.phy2,
2488 	};
2489 	u16 center_freq = chandef->center_freq1;
2490 	int freq_idx;
2491 	u8 *eep = dev->mt76.eeprom.data;
2492 
2493 	if (!(eep[MT_EE_CALDATA_FLASH] & MT_EE_CALDATA_FLASH_RX_CAL))
2494 		return 0;
2495 
2496 	if (chandef->width == NL80211_CHAN_WIDTH_160) {
2497 		freq2 = center_freq + 40;
2498 		center_freq -= 40;
2499 	}
2500 
2501 again:
2502 	req.runtime_calibration = 1;
2503 	freq_idx = mt7615_dcoc_freq_idx(center_freq, chandef->width);
2504 	if (freq_idx < 0)
2505 		goto out;
2506 
2507 	memcpy(req.dcoc_data, eep + MT7615_EEPROM_DCOC_OFFSET +
2508 			      freq_idx * MT7615_EEPROM_DCOC_SIZE,
2509 	       sizeof(req.dcoc_data));
2510 	req.runtime_calibration = 0;
2511 
2512 out:
2513 	req.center_freq = cpu_to_le16(center_freq);
2514 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_RXDCOC_CAL, &req,
2515 				sizeof(req), true);
2516 
2517 	if ((chandef->width == NL80211_CHAN_WIDTH_80P80 ||
2518 	     chandef->width == NL80211_CHAN_WIDTH_160) && !req.is_freq2) {
2519 		req.is_freq2 = true;
2520 		center_freq = freq2;
2521 		goto again;
2522 	}
2523 
2524 	return ret;
2525 }
2526 
2527 static int mt7615_dpd_freq_idx(u16 freq, u8 bw)
2528 {
2529 	static const u16 freq_list[] = {
2530 		4920, 4940, 4960, 4980,
2531 		5040, 5060, 5080, 5180,
2532 		5200, 5220, 5240, 5260,
2533 		5280, 5300, 5320, 5340,
2534 		5360, 5380, 5400, 5420,
2535 		5440, 5460, 5480, 5500,
2536 		5520, 5540, 5560, 5580,
2537 		5600, 5620, 5640, 5660,
2538 		5680, 5700, 5720, 5745,
2539 		5765, 5785, 5805, 5825,
2540 		5845, 5865, 5885, 5905
2541 	};
2542 	int offset_2g = ARRAY_SIZE(freq_list);
2543 	int idx;
2544 
2545 	if (freq < 4000) {
2546 		if (freq < 2432)
2547 			return offset_2g;
2548 		if (freq < 2457)
2549 			return offset_2g + 1;
2550 
2551 		return offset_2g + 2;
2552 	}
2553 
2554 	if (bw != NL80211_CHAN_WIDTH_20) {
2555 		idx = mt7615_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
2556 					   freq + 10);
2557 		if (idx >= 0)
2558 			return idx;
2559 
2560 		idx = mt7615_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
2561 					   freq - 10);
2562 		if (idx >= 0)
2563 			return idx;
2564 	}
2565 
2566 	return mt7615_find_freq_idx(freq_list, ARRAY_SIZE(freq_list), freq);
2567 }
2568 
2569 
2570 int mt7615_mcu_apply_tx_dpd(struct mt7615_phy *phy)
2571 {
2572 	struct mt7615_dev *dev = phy->dev;
2573 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2574 	int freq2 = chandef->center_freq2;
2575 	int ret;
2576 	struct {
2577 		u8 direction;
2578 		u8 runtime_calibration;
2579 		u8 _rsv[2];
2580 
2581 		__le16 center_freq;
2582 		u8 bw;
2583 		u8 band;
2584 		u8 is_freq2;
2585 		u8 success;
2586 		u8 dbdc_en;
2587 
2588 		u8 _rsv2;
2589 
2590 		struct {
2591 			struct {
2592 				u32 dpd_g0;
2593 				u8 data[32];
2594 			} wf0, wf1;
2595 
2596 			struct {
2597 				u32 dpd_g0_prim;
2598 				u32 dpd_g0_sec;
2599 				u8 data_prim[32];
2600 				u8 data_sec[32];
2601 			} wf2, wf3;
2602 		} dpd_data;
2603 	} req = {
2604 		.direction = 1,
2605 
2606 		.bw = mt7615_mcu_chan_bw(chandef),
2607 		.band = chandef->center_freq1 > 4000,
2608 		.dbdc_en = !!dev->mt76.phy2,
2609 	};
2610 	u16 center_freq = chandef->center_freq1;
2611 	int freq_idx;
2612 	u8 *eep = dev->mt76.eeprom.data;
2613 
2614 	if (!(eep[MT_EE_CALDATA_FLASH] & MT_EE_CALDATA_FLASH_TX_DPD))
2615 		return 0;
2616 
2617 	if (chandef->width == NL80211_CHAN_WIDTH_160) {
2618 		freq2 = center_freq + 40;
2619 		center_freq -= 40;
2620 	}
2621 
2622 again:
2623 	req.runtime_calibration = 1;
2624 	freq_idx = mt7615_dpd_freq_idx(center_freq, chandef->width);
2625 	if (freq_idx < 0)
2626 		goto out;
2627 
2628 	memcpy(&req.dpd_data, eep + MT7615_EEPROM_TXDPD_OFFSET +
2629 			      freq_idx * MT7615_EEPROM_TXDPD_SIZE,
2630 	       sizeof(req.dpd_data));
2631 	req.runtime_calibration = 0;
2632 
2633 out:
2634 	req.center_freq = cpu_to_le16(center_freq);
2635 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_TXDPD_CAL, &req,
2636 				sizeof(req), true);
2637 
2638 	if ((chandef->width == NL80211_CHAN_WIDTH_80P80 ||
2639 	     chandef->width == NL80211_CHAN_WIDTH_160) && !req.is_freq2) {
2640 		req.is_freq2 = true;
2641 		center_freq = freq2;
2642 		goto again;
2643 	}
2644 
2645 	return ret;
2646 }
2647 
2648 int mt7615_mcu_set_rx_hdr_trans_blacklist(struct mt7615_dev *dev)
2649 {
2650 	struct {
2651 		u8 operation;
2652 		u8 count;
2653 		u8 _rsv[2];
2654 		u8 index;
2655 		u8 enable;
2656 		__le16 etype;
2657 	} req = {
2658 		.operation = 1,
2659 		.count = 1,
2660 		.enable = 1,
2661 		.etype = cpu_to_le16(ETH_P_PAE),
2662 	};
2663 
2664 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_RX_HDR_TRANS,
2665 				 &req, sizeof(req), false);
2666 }
2667 
2668 int mt7615_mcu_set_bss_pm(struct mt7615_dev *dev, struct ieee80211_vif *vif,
2669 			  bool enable)
2670 {
2671 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
2672 	struct {
2673 		u8 bss_idx;
2674 		u8 dtim_period;
2675 		__le16 aid;
2676 		__le16 bcn_interval;
2677 		__le16 atim_window;
2678 		u8 uapsd;
2679 		u8 bmc_delivered_ac;
2680 		u8 bmc_triggered_ac;
2681 		u8 pad;
2682 	} req = {
2683 		.bss_idx = mvif->mt76.idx,
2684 		.aid = cpu_to_le16(vif->bss_conf.aid),
2685 		.dtim_period = vif->bss_conf.dtim_period,
2686 		.bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int),
2687 	};
2688 	struct {
2689 		u8 bss_idx;
2690 		u8 pad[3];
2691 	} req_hdr = {
2692 		.bss_idx = mvif->mt76.idx,
2693 	};
2694 	int err;
2695 
2696 	if (vif->type != NL80211_IFTYPE_STATION)
2697 		return 0;
2698 
2699 	err = mt76_mcu_send_msg(&dev->mt76, MCU_CMD_SET_BSS_ABORT, &req_hdr,
2700 				sizeof(req_hdr), false);
2701 	if (err < 0 || !enable)
2702 		return err;
2703 
2704 	return mt76_mcu_send_msg(&dev->mt76, MCU_CMD_SET_BSS_CONNECTED, &req,
2705 				 sizeof(req), false);
2706 }
2707 
2708 int mt7615_mcu_set_roc(struct mt7615_phy *phy, struct ieee80211_vif *vif,
2709 		       struct ieee80211_channel *chan, int duration)
2710 {
2711 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
2712 	struct mt7615_dev *dev = phy->dev;
2713 	struct mt7615_roc_tlv req = {
2714 		.bss_idx = mvif->mt76.idx,
2715 		.active = !chan,
2716 		.max_interval = cpu_to_le32(duration),
2717 		.primary_chan = chan ? chan->hw_value : 0,
2718 		.band = chan ? chan->band : 0,
2719 		.req_type = 2,
2720 	};
2721 
2722 	phy->roc_grant = false;
2723 
2724 	return mt76_mcu_send_msg(&dev->mt76, MCU_CMD_SET_ROC, &req,
2725 				 sizeof(req), false);
2726 }
2727 
2728 int mt7615_mcu_set_p2p_oppps(struct ieee80211_hw *hw,
2729 			     struct ieee80211_vif *vif)
2730 {
2731 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
2732 	int ct_window = vif->bss_conf.p2p_noa_attr.oppps_ctwindow;
2733 	struct mt7615_dev *dev = mt7615_hw_dev(hw);
2734 	struct {
2735 		__le32 ct_win;
2736 		u8 bss_idx;
2737 		u8 rsv[3];
2738 	} __packed req = {
2739 		.ct_win = cpu_to_le32(ct_window),
2740 		.bss_idx = mvif->mt76.idx,
2741 	};
2742 
2743 	if (!mt7615_firmware_offload(dev))
2744 		return -ENOTSUPP;
2745 
2746 	return mt76_mcu_send_msg(&dev->mt76, MCU_CMD_SET_P2P_OPPPS, &req,
2747 				 sizeof(req), false);
2748 }
2749 
2750 u32 mt7615_mcu_reg_rr(struct mt76_dev *dev, u32 offset)
2751 {
2752 	struct {
2753 		__le32 addr;
2754 		__le32 val;
2755 	} __packed req = {
2756 		.addr = cpu_to_le32(offset),
2757 	};
2758 
2759 	return mt76_mcu_send_msg(dev, MCU_CMD_REG_READ, &req, sizeof(req),
2760 				 true);
2761 }
2762 EXPORT_SYMBOL_GPL(mt7615_mcu_reg_rr);
2763 
2764 void mt7615_mcu_reg_wr(struct mt76_dev *dev, u32 offset, u32 val)
2765 {
2766 	struct {
2767 		__le32 addr;
2768 		__le32 val;
2769 	} __packed req = {
2770 		.addr = cpu_to_le32(offset),
2771 		.val = cpu_to_le32(val),
2772 	};
2773 
2774 	mt76_mcu_send_msg(dev, MCU_CMD_REG_WRITE, &req, sizeof(req), false);
2775 }
2776 EXPORT_SYMBOL_GPL(mt7615_mcu_reg_wr);
2777