xref: /linux/drivers/net/wireless/mediatek/mt76/mt7915/mac.c (revision 001821b0e79716c4e17c71d8e053a23599a7a508)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2020 MediaTek Inc. */
3 
4 #include <linux/etherdevice.h>
5 #include <linux/timekeeping.h>
6 #include "coredump.h"
7 #include "mt7915.h"
8 #include "../dma.h"
9 #include "mac.h"
10 #include "mcu.h"
11 
12 #define to_rssi(field, rcpi)	((FIELD_GET(field, rcpi) - 220) / 2)
13 
14 static const struct mt7915_dfs_radar_spec etsi_radar_specs = {
15 	.pulse_th = { 110, -10, -80, 40, 5200, 128, 5200 },
16 	.radar_pattern = {
17 		[5] =  { 1, 0,  6, 32, 28, 0,  990, 5010, 17, 1, 1 },
18 		[6] =  { 1, 0,  9, 32, 28, 0,  615, 5010, 27, 1, 1 },
19 		[7] =  { 1, 0, 15, 32, 28, 0,  240,  445, 27, 1, 1 },
20 		[8] =  { 1, 0, 12, 32, 28, 0,  240,  510, 42, 1, 1 },
21 		[9] =  { 1, 1,  0,  0,  0, 0, 2490, 3343, 14, 0, 0, 12, 32, 28, { }, 126 },
22 		[10] = { 1, 1,  0,  0,  0, 0, 2490, 3343, 14, 0, 0, 15, 32, 24, { }, 126 },
23 		[11] = { 1, 1,  0,  0,  0, 0,  823, 2510, 14, 0, 0, 18, 32, 28, { },  54 },
24 		[12] = { 1, 1,  0,  0,  0, 0,  823, 2510, 14, 0, 0, 27, 32, 24, { },  54 },
25 	},
26 };
27 
28 static const struct mt7915_dfs_radar_spec fcc_radar_specs = {
29 	.pulse_th = { 110, -10, -80, 40, 5200, 128, 5200 },
30 	.radar_pattern = {
31 		[0] = { 1, 0,  8,  32, 28, 0, 508, 3076, 13, 1,  1 },
32 		[1] = { 1, 0, 12,  32, 28, 0, 140,  240, 17, 1,  1 },
33 		[2] = { 1, 0,  8,  32, 28, 0, 190,  510, 22, 1,  1 },
34 		[3] = { 1, 0,  6,  32, 28, 0, 190,  510, 32, 1,  1 },
35 		[4] = { 1, 0,  9, 255, 28, 0, 323,  343, 13, 1, 32 },
36 	},
37 };
38 
39 static const struct mt7915_dfs_radar_spec jp_radar_specs = {
40 	.pulse_th = { 110, -10, -80, 40, 5200, 128, 5200 },
41 	.radar_pattern = {
42 		[0] =  { 1, 0,  8,  32, 28, 0,  508, 3076,  13, 1,  1 },
43 		[1] =  { 1, 0, 12,  32, 28, 0,  140,  240,  17, 1,  1 },
44 		[2] =  { 1, 0,  8,  32, 28, 0,  190,  510,  22, 1,  1 },
45 		[3] =  { 1, 0,  6,  32, 28, 0,  190,  510,  32, 1,  1 },
46 		[4] =  { 1, 0,  9, 255, 28, 0,  323,  343,  13, 1, 32 },
47 		[13] = { 1, 0,  7,  32, 28, 0, 3836, 3856,  14, 1,  1 },
48 		[14] = { 1, 0,  6,  32, 28, 0,  615, 5010, 110, 1,  1 },
49 		[15] = { 1, 1,  0,   0,  0, 0,   15, 5010, 110, 0,  0, 12, 32, 28 },
50 	},
51 };
52 
53 static struct mt76_wcid *mt7915_rx_get_wcid(struct mt7915_dev *dev,
54 					    u16 idx, bool unicast)
55 {
56 	struct mt7915_sta *sta;
57 	struct mt76_wcid *wcid;
58 
59 	if (idx >= ARRAY_SIZE(dev->mt76.wcid))
60 		return NULL;
61 
62 	wcid = rcu_dereference(dev->mt76.wcid[idx]);
63 	if (unicast || !wcid)
64 		return wcid;
65 
66 	if (!wcid->sta)
67 		return NULL;
68 
69 	sta = container_of(wcid, struct mt7915_sta, wcid);
70 	if (!sta->vif)
71 		return NULL;
72 
73 	return &sta->vif->sta.wcid;
74 }
75 
76 bool mt7915_mac_wtbl_update(struct mt7915_dev *dev, int idx, u32 mask)
77 {
78 	mt76_rmw(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_WLAN_IDX,
79 		 FIELD_PREP(MT_WTBL_UPDATE_WLAN_IDX, idx) | mask);
80 
81 	return mt76_poll(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_BUSY,
82 			 0, 5000);
83 }
84 
85 u32 mt7915_mac_wtbl_lmac_addr(struct mt7915_dev *dev, u16 wcid, u8 dw)
86 {
87 	mt76_wr(dev, MT_WTBLON_TOP_WDUCR,
88 		FIELD_PREP(MT_WTBLON_TOP_WDUCR_GROUP, (wcid >> 7)));
89 
90 	return MT_WTBL_LMAC_OFFS(wcid, dw);
91 }
92 
93 static void mt7915_mac_sta_poll(struct mt7915_dev *dev)
94 {
95 	static const u8 ac_to_tid[] = {
96 		[IEEE80211_AC_BE] = 0,
97 		[IEEE80211_AC_BK] = 1,
98 		[IEEE80211_AC_VI] = 4,
99 		[IEEE80211_AC_VO] = 6
100 	};
101 	struct ieee80211_sta *sta;
102 	struct mt7915_sta *msta;
103 	struct rate_info *rate;
104 	u32 tx_time[IEEE80211_NUM_ACS], rx_time[IEEE80211_NUM_ACS];
105 	LIST_HEAD(sta_poll_list);
106 	int i;
107 
108 	spin_lock_bh(&dev->mt76.sta_poll_lock);
109 	list_splice_init(&dev->mt76.sta_poll_list, &sta_poll_list);
110 	spin_unlock_bh(&dev->mt76.sta_poll_lock);
111 
112 	rcu_read_lock();
113 
114 	while (true) {
115 		bool clear = false;
116 		u32 addr, val;
117 		u16 idx;
118 		s8 rssi[4];
119 		u8 bw;
120 
121 		spin_lock_bh(&dev->mt76.sta_poll_lock);
122 		if (list_empty(&sta_poll_list)) {
123 			spin_unlock_bh(&dev->mt76.sta_poll_lock);
124 			break;
125 		}
126 		msta = list_first_entry(&sta_poll_list,
127 					struct mt7915_sta, wcid.poll_list);
128 		list_del_init(&msta->wcid.poll_list);
129 		spin_unlock_bh(&dev->mt76.sta_poll_lock);
130 
131 		idx = msta->wcid.idx;
132 
133 		/* refresh peer's airtime reporting */
134 		addr = mt7915_mac_wtbl_lmac_addr(dev, idx, 20);
135 
136 		for (i = 0; i < IEEE80211_NUM_ACS; i++) {
137 			u32 tx_last = msta->airtime_ac[i];
138 			u32 rx_last = msta->airtime_ac[i + 4];
139 
140 			msta->airtime_ac[i] = mt76_rr(dev, addr);
141 			msta->airtime_ac[i + 4] = mt76_rr(dev, addr + 4);
142 
143 			if (msta->airtime_ac[i] <= tx_last)
144 				tx_time[i] = 0;
145 			else
146 				tx_time[i] = msta->airtime_ac[i] - tx_last;
147 
148 			if (msta->airtime_ac[i + 4] <= rx_last)
149 				rx_time[i] = 0;
150 			else
151 				rx_time[i] = msta->airtime_ac[i + 4] - rx_last;
152 
153 			if ((tx_last | rx_last) & BIT(30))
154 				clear = true;
155 
156 			addr += 8;
157 		}
158 
159 		if (clear) {
160 			mt7915_mac_wtbl_update(dev, idx,
161 					       MT_WTBL_UPDATE_ADM_COUNT_CLEAR);
162 			memset(msta->airtime_ac, 0, sizeof(msta->airtime_ac));
163 		}
164 
165 		if (!msta->wcid.sta)
166 			continue;
167 
168 		sta = container_of((void *)msta, struct ieee80211_sta,
169 				   drv_priv);
170 		for (i = 0; i < IEEE80211_NUM_ACS; i++) {
171 			u8 queue = mt76_connac_lmac_mapping(i);
172 			u32 tx_cur = tx_time[queue];
173 			u32 rx_cur = rx_time[queue];
174 			u8 tid = ac_to_tid[i];
175 
176 			if (!tx_cur && !rx_cur)
177 				continue;
178 
179 			ieee80211_sta_register_airtime(sta, tid, tx_cur,
180 						       rx_cur);
181 		}
182 
183 		/*
184 		 * We don't support reading GI info from txs packets.
185 		 * For accurate tx status reporting and AQL improvement,
186 		 * we need to make sure that flags match so polling GI
187 		 * from per-sta counters directly.
188 		 */
189 		rate = &msta->wcid.rate;
190 		addr = mt7915_mac_wtbl_lmac_addr(dev, idx, 7);
191 		val = mt76_rr(dev, addr);
192 
193 		switch (rate->bw) {
194 		case RATE_INFO_BW_160:
195 			bw = IEEE80211_STA_RX_BW_160;
196 			break;
197 		case RATE_INFO_BW_80:
198 			bw = IEEE80211_STA_RX_BW_80;
199 			break;
200 		case RATE_INFO_BW_40:
201 			bw = IEEE80211_STA_RX_BW_40;
202 			break;
203 		default:
204 			bw = IEEE80211_STA_RX_BW_20;
205 			break;
206 		}
207 
208 		if (rate->flags & RATE_INFO_FLAGS_HE_MCS) {
209 			u8 offs = 24 + 2 * bw;
210 
211 			rate->he_gi = (val & (0x3 << offs)) >> offs;
212 		} else if (rate->flags &
213 			   (RATE_INFO_FLAGS_VHT_MCS | RATE_INFO_FLAGS_MCS)) {
214 			if (val & BIT(12 + bw))
215 				rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
216 			else
217 				rate->flags &= ~RATE_INFO_FLAGS_SHORT_GI;
218 		}
219 
220 		/* get signal strength of resp frames (CTS/BA/ACK) */
221 		addr = mt7915_mac_wtbl_lmac_addr(dev, idx, 30);
222 		val = mt76_rr(dev, addr);
223 
224 		rssi[0] = to_rssi(GENMASK(7, 0), val);
225 		rssi[1] = to_rssi(GENMASK(15, 8), val);
226 		rssi[2] = to_rssi(GENMASK(23, 16), val);
227 		rssi[3] = to_rssi(GENMASK(31, 14), val);
228 
229 		msta->ack_signal =
230 			mt76_rx_signal(msta->vif->phy->mt76->antenna_mask, rssi);
231 
232 		ewma_avg_signal_add(&msta->avg_ack_signal, -msta->ack_signal);
233 	}
234 
235 	rcu_read_unlock();
236 }
237 
238 void mt7915_mac_enable_rtscts(struct mt7915_dev *dev,
239 			      struct ieee80211_vif *vif, bool enable)
240 {
241 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
242 	u32 addr;
243 
244 	addr = mt7915_mac_wtbl_lmac_addr(dev, mvif->sta.wcid.idx, 5);
245 	if (enable)
246 		mt76_set(dev, addr, BIT(5));
247 	else
248 		mt76_clear(dev, addr, BIT(5));
249 }
250 
251 static void
252 mt7915_wed_check_ppe(struct mt7915_dev *dev, struct mt76_queue *q,
253 		     struct mt7915_sta *msta, struct sk_buff *skb,
254 		     u32 info)
255 {
256 	struct ieee80211_vif *vif;
257 	struct wireless_dev *wdev;
258 
259 	if (!msta || !msta->vif)
260 		return;
261 
262 	if (!mt76_queue_is_wed_rx(q))
263 		return;
264 
265 	if (!(info & MT_DMA_INFO_PPE_VLD))
266 		return;
267 
268 	vif = container_of((void *)msta->vif, struct ieee80211_vif,
269 			   drv_priv);
270 	wdev = ieee80211_vif_to_wdev(vif);
271 	skb->dev = wdev->netdev;
272 
273 	mtk_wed_device_ppe_check(&dev->mt76.mmio.wed, skb,
274 				 FIELD_GET(MT_DMA_PPE_CPU_REASON, info),
275 				 FIELD_GET(MT_DMA_PPE_ENTRY, info));
276 }
277 
278 static int
279 mt7915_mac_fill_rx(struct mt7915_dev *dev, struct sk_buff *skb,
280 		   enum mt76_rxq_id q, u32 *info)
281 {
282 	struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
283 	struct mt76_phy *mphy = &dev->mt76.phy;
284 	struct mt7915_phy *phy = &dev->phy;
285 	struct ieee80211_supported_band *sband;
286 	__le32 *rxd = (__le32 *)skb->data;
287 	__le32 *rxv = NULL;
288 	u32 rxd0 = le32_to_cpu(rxd[0]);
289 	u32 rxd1 = le32_to_cpu(rxd[1]);
290 	u32 rxd2 = le32_to_cpu(rxd[2]);
291 	u32 rxd3 = le32_to_cpu(rxd[3]);
292 	u32 rxd4 = le32_to_cpu(rxd[4]);
293 	u32 csum_mask = MT_RXD0_NORMAL_IP_SUM | MT_RXD0_NORMAL_UDP_TCP_SUM;
294 	bool unicast, insert_ccmp_hdr = false;
295 	u8 remove_pad, amsdu_info;
296 	u8 mode = 0, qos_ctl = 0;
297 	struct mt7915_sta *msta = NULL;
298 	u32 csum_status = *(u32 *)skb->cb;
299 	bool hdr_trans;
300 	u16 hdr_gap;
301 	u16 seq_ctrl = 0;
302 	__le16 fc = 0;
303 	int idx;
304 
305 	memset(status, 0, sizeof(*status));
306 
307 	if ((rxd1 & MT_RXD1_NORMAL_BAND_IDX) && !phy->mt76->band_idx) {
308 		mphy = dev->mt76.phys[MT_BAND1];
309 		if (!mphy)
310 			return -EINVAL;
311 
312 		phy = mphy->priv;
313 		status->phy_idx = 1;
314 	}
315 
316 	if (!test_bit(MT76_STATE_RUNNING, &mphy->state))
317 		return -EINVAL;
318 
319 	if (rxd2 & MT_RXD2_NORMAL_AMSDU_ERR)
320 		return -EINVAL;
321 
322 	hdr_trans = rxd2 & MT_RXD2_NORMAL_HDR_TRANS;
323 	if (hdr_trans && (rxd1 & MT_RXD1_NORMAL_CM))
324 		return -EINVAL;
325 
326 	/* ICV error or CCMP/BIP/WPI MIC error */
327 	if (rxd1 & MT_RXD1_NORMAL_ICV_ERR)
328 		status->flag |= RX_FLAG_ONLY_MONITOR;
329 
330 	unicast = FIELD_GET(MT_RXD3_NORMAL_ADDR_TYPE, rxd3) == MT_RXD3_NORMAL_U2M;
331 	idx = FIELD_GET(MT_RXD1_NORMAL_WLAN_IDX, rxd1);
332 	status->wcid = mt7915_rx_get_wcid(dev, idx, unicast);
333 
334 	if (status->wcid) {
335 		msta = container_of(status->wcid, struct mt7915_sta, wcid);
336 		spin_lock_bh(&dev->mt76.sta_poll_lock);
337 		if (list_empty(&msta->wcid.poll_list))
338 			list_add_tail(&msta->wcid.poll_list,
339 				      &dev->mt76.sta_poll_list);
340 		spin_unlock_bh(&dev->mt76.sta_poll_lock);
341 	}
342 
343 	status->freq = mphy->chandef.chan->center_freq;
344 	status->band = mphy->chandef.chan->band;
345 	if (status->band == NL80211_BAND_5GHZ)
346 		sband = &mphy->sband_5g.sband;
347 	else if (status->band == NL80211_BAND_6GHZ)
348 		sband = &mphy->sband_6g.sband;
349 	else
350 		sband = &mphy->sband_2g.sband;
351 
352 	if (!sband->channels)
353 		return -EINVAL;
354 
355 	if ((rxd0 & csum_mask) == csum_mask &&
356 	    !(csum_status & (BIT(0) | BIT(2) | BIT(3))))
357 		skb->ip_summed = CHECKSUM_UNNECESSARY;
358 
359 	if (rxd1 & MT_RXD1_NORMAL_FCS_ERR)
360 		status->flag |= RX_FLAG_FAILED_FCS_CRC;
361 
362 	if (rxd1 & MT_RXD1_NORMAL_TKIP_MIC_ERR)
363 		status->flag |= RX_FLAG_MMIC_ERROR;
364 
365 	if (FIELD_GET(MT_RXD1_NORMAL_SEC_MODE, rxd1) != 0 &&
366 	    !(rxd1 & (MT_RXD1_NORMAL_CLM | MT_RXD1_NORMAL_CM))) {
367 		status->flag |= RX_FLAG_DECRYPTED;
368 		status->flag |= RX_FLAG_IV_STRIPPED;
369 		status->flag |= RX_FLAG_MMIC_STRIPPED | RX_FLAG_MIC_STRIPPED;
370 	}
371 
372 	remove_pad = FIELD_GET(MT_RXD2_NORMAL_HDR_OFFSET, rxd2);
373 
374 	if (rxd2 & MT_RXD2_NORMAL_MAX_LEN_ERROR)
375 		return -EINVAL;
376 
377 	rxd += 6;
378 	if (rxd1 & MT_RXD1_NORMAL_GROUP_4) {
379 		u32 v0 = le32_to_cpu(rxd[0]);
380 		u32 v2 = le32_to_cpu(rxd[2]);
381 
382 		fc = cpu_to_le16(FIELD_GET(MT_RXD6_FRAME_CONTROL, v0));
383 		qos_ctl = FIELD_GET(MT_RXD8_QOS_CTL, v2);
384 		seq_ctrl = FIELD_GET(MT_RXD8_SEQ_CTRL, v2);
385 
386 		rxd += 4;
387 		if ((u8 *)rxd - skb->data >= skb->len)
388 			return -EINVAL;
389 	}
390 
391 	if (rxd1 & MT_RXD1_NORMAL_GROUP_1) {
392 		u8 *data = (u8 *)rxd;
393 
394 		if (status->flag & RX_FLAG_DECRYPTED) {
395 			switch (FIELD_GET(MT_RXD1_NORMAL_SEC_MODE, rxd1)) {
396 			case MT_CIPHER_AES_CCMP:
397 			case MT_CIPHER_CCMP_CCX:
398 			case MT_CIPHER_CCMP_256:
399 				insert_ccmp_hdr =
400 					FIELD_GET(MT_RXD2_NORMAL_FRAG, rxd2);
401 				fallthrough;
402 			case MT_CIPHER_TKIP:
403 			case MT_CIPHER_TKIP_NO_MIC:
404 			case MT_CIPHER_GCMP:
405 			case MT_CIPHER_GCMP_256:
406 				status->iv[0] = data[5];
407 				status->iv[1] = data[4];
408 				status->iv[2] = data[3];
409 				status->iv[3] = data[2];
410 				status->iv[4] = data[1];
411 				status->iv[5] = data[0];
412 				break;
413 			default:
414 				break;
415 			}
416 		}
417 		rxd += 4;
418 		if ((u8 *)rxd - skb->data >= skb->len)
419 			return -EINVAL;
420 	}
421 
422 	if (rxd1 & MT_RXD1_NORMAL_GROUP_2) {
423 		status->timestamp = le32_to_cpu(rxd[0]);
424 		status->flag |= RX_FLAG_MACTIME_START;
425 
426 		if (!(rxd2 & MT_RXD2_NORMAL_NON_AMPDU)) {
427 			status->flag |= RX_FLAG_AMPDU_DETAILS;
428 
429 			/* all subframes of an A-MPDU have the same timestamp */
430 			if (phy->rx_ampdu_ts != status->timestamp) {
431 				if (!++phy->ampdu_ref)
432 					phy->ampdu_ref++;
433 			}
434 			phy->rx_ampdu_ts = status->timestamp;
435 
436 			status->ampdu_ref = phy->ampdu_ref;
437 		}
438 
439 		rxd += 2;
440 		if ((u8 *)rxd - skb->data >= skb->len)
441 			return -EINVAL;
442 	}
443 
444 	/* RXD Group 3 - P-RXV */
445 	if (rxd1 & MT_RXD1_NORMAL_GROUP_3) {
446 		u32 v0, v1;
447 		int ret;
448 
449 		rxv = rxd;
450 		rxd += 2;
451 		if ((u8 *)rxd - skb->data >= skb->len)
452 			return -EINVAL;
453 
454 		v0 = le32_to_cpu(rxv[0]);
455 		v1 = le32_to_cpu(rxv[1]);
456 
457 		if (v0 & MT_PRXV_HT_AD_CODE)
458 			status->enc_flags |= RX_ENC_FLAG_LDPC;
459 
460 		status->chains = mphy->antenna_mask;
461 		status->chain_signal[0] = to_rssi(MT_PRXV_RCPI0, v1);
462 		status->chain_signal[1] = to_rssi(MT_PRXV_RCPI1, v1);
463 		status->chain_signal[2] = to_rssi(MT_PRXV_RCPI2, v1);
464 		status->chain_signal[3] = to_rssi(MT_PRXV_RCPI3, v1);
465 
466 		/* RXD Group 5 - C-RXV */
467 		if (rxd1 & MT_RXD1_NORMAL_GROUP_5) {
468 			rxd += 18;
469 			if ((u8 *)rxd - skb->data >= skb->len)
470 				return -EINVAL;
471 		}
472 
473 		if (!is_mt7915(&dev->mt76) || (rxd1 & MT_RXD1_NORMAL_GROUP_5)) {
474 			ret = mt76_connac2_mac_fill_rx_rate(&dev->mt76, status,
475 							    sband, rxv, &mode);
476 			if (ret < 0)
477 				return ret;
478 		}
479 	}
480 
481 	amsdu_info = FIELD_GET(MT_RXD4_NORMAL_PAYLOAD_FORMAT, rxd4);
482 	status->amsdu = !!amsdu_info;
483 	if (status->amsdu) {
484 		status->first_amsdu = amsdu_info == MT_RXD4_FIRST_AMSDU_FRAME;
485 		status->last_amsdu = amsdu_info == MT_RXD4_LAST_AMSDU_FRAME;
486 	}
487 
488 	hdr_gap = (u8 *)rxd - skb->data + 2 * remove_pad;
489 	if (hdr_trans && ieee80211_has_morefrags(fc)) {
490 		struct ieee80211_vif *vif;
491 		int err;
492 
493 		if (!msta || !msta->vif)
494 			return -EINVAL;
495 
496 		vif = container_of((void *)msta->vif, struct ieee80211_vif,
497 				   drv_priv);
498 		err = mt76_connac2_reverse_frag0_hdr_trans(vif, skb, hdr_gap);
499 		if (err)
500 			return err;
501 
502 		hdr_trans = false;
503 	} else {
504 		int pad_start = 0;
505 
506 		skb_pull(skb, hdr_gap);
507 		if (!hdr_trans && status->amsdu) {
508 			pad_start = ieee80211_get_hdrlen_from_skb(skb);
509 		} else if (hdr_trans && (rxd2 & MT_RXD2_NORMAL_HDR_TRANS_ERROR)) {
510 			/*
511 			 * When header translation failure is indicated,
512 			 * the hardware will insert an extra 2-byte field
513 			 * containing the data length after the protocol
514 			 * type field. This happens either when the LLC-SNAP
515 			 * pattern did not match, or if a VLAN header was
516 			 * detected.
517 			 */
518 			pad_start = 12;
519 			if (get_unaligned_be16(skb->data + pad_start) == ETH_P_8021Q)
520 				pad_start += 4;
521 			else
522 				pad_start = 0;
523 		}
524 
525 		if (pad_start) {
526 			memmove(skb->data + 2, skb->data, pad_start);
527 			skb_pull(skb, 2);
528 		}
529 	}
530 
531 	if (!hdr_trans) {
532 		struct ieee80211_hdr *hdr;
533 
534 		if (insert_ccmp_hdr) {
535 			u8 key_id = FIELD_GET(MT_RXD1_NORMAL_KEY_ID, rxd1);
536 
537 			mt76_insert_ccmp_hdr(skb, key_id);
538 		}
539 
540 		hdr = mt76_skb_get_hdr(skb);
541 		fc = hdr->frame_control;
542 		if (ieee80211_is_data_qos(fc)) {
543 			seq_ctrl = le16_to_cpu(hdr->seq_ctrl);
544 			qos_ctl = *ieee80211_get_qos_ctl(hdr);
545 		}
546 	} else {
547 		status->flag |= RX_FLAG_8023;
548 		mt7915_wed_check_ppe(dev, &dev->mt76.q_rx[q], msta, skb,
549 				     *info);
550 	}
551 
552 	if (rxv && mode >= MT_PHY_TYPE_HE_SU && !(status->flag & RX_FLAG_8023))
553 		mt76_connac2_mac_decode_he_radiotap(&dev->mt76, skb, rxv, mode);
554 
555 	if (!status->wcid || !ieee80211_is_data_qos(fc))
556 		return 0;
557 
558 	status->aggr = unicast &&
559 		       !ieee80211_is_qos_nullfunc(fc);
560 	status->qos_ctl = qos_ctl;
561 	status->seqno = IEEE80211_SEQ_TO_SN(seq_ctrl);
562 
563 	return 0;
564 }
565 
566 static void
567 mt7915_mac_fill_rx_vector(struct mt7915_dev *dev, struct sk_buff *skb)
568 {
569 #ifdef CONFIG_NL80211_TESTMODE
570 	struct mt7915_phy *phy = &dev->phy;
571 	__le32 *rxd = (__le32 *)skb->data;
572 	__le32 *rxv_hdr = rxd + 2;
573 	__le32 *rxv = rxd + 4;
574 	u32 rcpi, ib_rssi, wb_rssi, v20, v21;
575 	u8 band_idx;
576 	s32 foe;
577 	u8 snr;
578 	int i;
579 
580 	band_idx = le32_get_bits(rxv_hdr[1], MT_RXV_HDR_BAND_IDX);
581 	if (band_idx && !phy->mt76->band_idx) {
582 		phy = mt7915_ext_phy(dev);
583 		if (!phy)
584 			goto out;
585 	}
586 
587 	rcpi = le32_to_cpu(rxv[6]);
588 	ib_rssi = le32_to_cpu(rxv[7]);
589 	wb_rssi = le32_to_cpu(rxv[8]) >> 5;
590 
591 	for (i = 0; i < 4; i++, rcpi >>= 8, ib_rssi >>= 8, wb_rssi >>= 9) {
592 		if (i == 3)
593 			wb_rssi = le32_to_cpu(rxv[9]);
594 
595 		phy->test.last_rcpi[i] = rcpi & 0xff;
596 		phy->test.last_ib_rssi[i] = ib_rssi & 0xff;
597 		phy->test.last_wb_rssi[i] = wb_rssi & 0xff;
598 	}
599 
600 	v20 = le32_to_cpu(rxv[20]);
601 	v21 = le32_to_cpu(rxv[21]);
602 
603 	foe = FIELD_GET(MT_CRXV_FOE_LO, v20) |
604 	      (FIELD_GET(MT_CRXV_FOE_HI, v21) << MT_CRXV_FOE_SHIFT);
605 
606 	snr = FIELD_GET(MT_CRXV_SNR, v20) - 16;
607 
608 	phy->test.last_freq_offset = foe;
609 	phy->test.last_snr = snr;
610 out:
611 #endif
612 	dev_kfree_skb(skb);
613 }
614 
615 static void
616 mt7915_mac_write_txwi_tm(struct mt7915_phy *phy, __le32 *txwi,
617 			 struct sk_buff *skb)
618 {
619 #ifdef CONFIG_NL80211_TESTMODE
620 	struct mt76_testmode_data *td = &phy->mt76->test;
621 	const struct ieee80211_rate *r;
622 	u8 bw, mode, nss = td->tx_rate_nss;
623 	u8 rate_idx = td->tx_rate_idx;
624 	u16 rateval = 0;
625 	u32 val;
626 	bool cck = false;
627 	int band;
628 
629 	if (skb != phy->mt76->test.tx_skb)
630 		return;
631 
632 	switch (td->tx_rate_mode) {
633 	case MT76_TM_TX_MODE_HT:
634 		nss = 1 + (rate_idx >> 3);
635 		mode = MT_PHY_TYPE_HT;
636 		break;
637 	case MT76_TM_TX_MODE_VHT:
638 		mode = MT_PHY_TYPE_VHT;
639 		break;
640 	case MT76_TM_TX_MODE_HE_SU:
641 		mode = MT_PHY_TYPE_HE_SU;
642 		break;
643 	case MT76_TM_TX_MODE_HE_EXT_SU:
644 		mode = MT_PHY_TYPE_HE_EXT_SU;
645 		break;
646 	case MT76_TM_TX_MODE_HE_TB:
647 		mode = MT_PHY_TYPE_HE_TB;
648 		break;
649 	case MT76_TM_TX_MODE_HE_MU:
650 		mode = MT_PHY_TYPE_HE_MU;
651 		break;
652 	case MT76_TM_TX_MODE_CCK:
653 		cck = true;
654 		fallthrough;
655 	case MT76_TM_TX_MODE_OFDM:
656 		band = phy->mt76->chandef.chan->band;
657 		if (band == NL80211_BAND_2GHZ && !cck)
658 			rate_idx += 4;
659 
660 		r = &phy->mt76->hw->wiphy->bands[band]->bitrates[rate_idx];
661 		val = cck ? r->hw_value_short : r->hw_value;
662 
663 		mode = val >> 8;
664 		rate_idx = val & 0xff;
665 		break;
666 	default:
667 		mode = MT_PHY_TYPE_OFDM;
668 		break;
669 	}
670 
671 	switch (phy->mt76->chandef.width) {
672 	case NL80211_CHAN_WIDTH_40:
673 		bw = 1;
674 		break;
675 	case NL80211_CHAN_WIDTH_80:
676 		bw = 2;
677 		break;
678 	case NL80211_CHAN_WIDTH_80P80:
679 	case NL80211_CHAN_WIDTH_160:
680 		bw = 3;
681 		break;
682 	default:
683 		bw = 0;
684 		break;
685 	}
686 
687 	if (td->tx_rate_stbc && nss == 1) {
688 		nss++;
689 		rateval |= MT_TX_RATE_STBC;
690 	}
691 
692 	rateval |= FIELD_PREP(MT_TX_RATE_IDX, rate_idx) |
693 		   FIELD_PREP(MT_TX_RATE_MODE, mode) |
694 		   FIELD_PREP(MT_TX_RATE_NSS, nss - 1);
695 
696 	txwi[2] |= cpu_to_le32(MT_TXD2_FIX_RATE);
697 
698 	le32p_replace_bits(&txwi[3], 1, MT_TXD3_REM_TX_COUNT);
699 	if (td->tx_rate_mode < MT76_TM_TX_MODE_HT)
700 		txwi[3] |= cpu_to_le32(MT_TXD3_BA_DISABLE);
701 
702 	val = MT_TXD6_FIXED_BW |
703 	      FIELD_PREP(MT_TXD6_BW, bw) |
704 	      FIELD_PREP(MT_TXD6_TX_RATE, rateval) |
705 	      FIELD_PREP(MT_TXD6_SGI, td->tx_rate_sgi);
706 
707 	/* for HE_SU/HE_EXT_SU PPDU
708 	 * - 1x, 2x, 4x LTF + 0.8us GI
709 	 * - 2x LTF + 1.6us GI, 4x LTF + 3.2us GI
710 	 * for HE_MU PPDU
711 	 * - 2x, 4x LTF + 0.8us GI
712 	 * - 2x LTF + 1.6us GI, 4x LTF + 3.2us GI
713 	 * for HE_TB PPDU
714 	 * - 1x, 2x LTF + 1.6us GI
715 	 * - 4x LTF + 3.2us GI
716 	 */
717 	if (mode >= MT_PHY_TYPE_HE_SU)
718 		val |= FIELD_PREP(MT_TXD6_HELTF, td->tx_ltf);
719 
720 	if (td->tx_rate_ldpc || (bw > 0 && mode >= MT_PHY_TYPE_HE_SU))
721 		val |= MT_TXD6_LDPC;
722 
723 	txwi[3] &= ~cpu_to_le32(MT_TXD3_SN_VALID);
724 	txwi[6] |= cpu_to_le32(val);
725 	txwi[7] |= cpu_to_le32(FIELD_PREP(MT_TXD7_SPE_IDX,
726 					  phy->test.spe_idx));
727 #endif
728 }
729 
730 void mt7915_mac_write_txwi(struct mt76_dev *dev, __le32 *txwi,
731 			   struct sk_buff *skb, struct mt76_wcid *wcid, int pid,
732 			   struct ieee80211_key_conf *key,
733 			   enum mt76_txq_id qid, u32 changed)
734 {
735 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
736 	u8 phy_idx = (info->hw_queue & MT_TX_HW_QUEUE_PHY) >> 2;
737 	struct mt76_phy *mphy = &dev->phy;
738 
739 	if (phy_idx && dev->phys[MT_BAND1])
740 		mphy = dev->phys[MT_BAND1];
741 
742 	mt76_connac2_mac_write_txwi(dev, txwi, skb, wcid, key, pid, qid, changed);
743 
744 	if (mt76_testmode_enabled(mphy))
745 		mt7915_mac_write_txwi_tm(mphy->priv, txwi, skb);
746 }
747 
748 int mt7915_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr,
749 			  enum mt76_txq_id qid, struct mt76_wcid *wcid,
750 			  struct ieee80211_sta *sta,
751 			  struct mt76_tx_info *tx_info)
752 {
753 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx_info->skb->data;
754 	struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);
755 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx_info->skb);
756 	struct ieee80211_key_conf *key = info->control.hw_key;
757 	struct ieee80211_vif *vif = info->control.vif;
758 	struct mt76_connac_fw_txp *txp;
759 	struct mt76_txwi_cache *t;
760 	int id, i, nbuf = tx_info->nbuf - 1;
761 	u8 *txwi = (u8 *)txwi_ptr;
762 	int pid;
763 
764 	if (unlikely(tx_info->skb->len <= ETH_HLEN))
765 		return -EINVAL;
766 
767 	if (!wcid)
768 		wcid = &dev->mt76.global_wcid;
769 
770 	if (sta) {
771 		struct mt7915_sta *msta;
772 
773 		msta = (struct mt7915_sta *)sta->drv_priv;
774 
775 		if (time_after(jiffies, msta->jiffies + HZ / 4)) {
776 			info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
777 			msta->jiffies = jiffies;
778 		}
779 	}
780 
781 	t = (struct mt76_txwi_cache *)(txwi + mdev->drv->txwi_size);
782 	t->skb = tx_info->skb;
783 
784 	id = mt76_token_consume(mdev, &t);
785 	if (id < 0)
786 		return id;
787 
788 	pid = mt76_tx_status_skb_add(mdev, wcid, tx_info->skb);
789 	mt7915_mac_write_txwi(mdev, txwi_ptr, tx_info->skb, wcid, pid, key,
790 			      qid, 0);
791 
792 	txp = (struct mt76_connac_fw_txp *)(txwi + MT_TXD_SIZE);
793 	for (i = 0; i < nbuf; i++) {
794 		txp->buf[i] = cpu_to_le32(tx_info->buf[i + 1].addr);
795 		txp->len[i] = cpu_to_le16(tx_info->buf[i + 1].len);
796 	}
797 	txp->nbuf = nbuf;
798 
799 	txp->flags = cpu_to_le16(MT_CT_INFO_APPLY_TXD | MT_CT_INFO_FROM_HOST);
800 
801 	if (!key)
802 		txp->flags |= cpu_to_le16(MT_CT_INFO_NONE_CIPHER_FRAME);
803 
804 	if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) &&
805 	    ieee80211_is_mgmt(hdr->frame_control))
806 		txp->flags |= cpu_to_le16(MT_CT_INFO_MGMT_FRAME);
807 
808 	if (vif) {
809 		struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
810 
811 		txp->bss_idx = mvif->mt76.idx;
812 	}
813 
814 	txp->token = cpu_to_le16(id);
815 	if (test_bit(MT_WCID_FLAG_4ADDR, &wcid->flags))
816 		txp->rept_wds_wcid = cpu_to_le16(wcid->idx);
817 	else
818 		txp->rept_wds_wcid = cpu_to_le16(0x3ff);
819 	tx_info->skb = NULL;
820 
821 	/* pass partial skb header to fw */
822 	tx_info->buf[1].len = MT_CT_PARSE_LEN;
823 	tx_info->buf[1].skip_unmap = true;
824 	tx_info->nbuf = MT_CT_DMA_BUF_NUM;
825 
826 	return 0;
827 }
828 
829 u32 mt7915_wed_init_buf(void *ptr, dma_addr_t phys, int token_id)
830 {
831 	struct mt76_connac_fw_txp *txp = ptr + MT_TXD_SIZE;
832 	__le32 *txwi = ptr;
833 	u32 val;
834 
835 	memset(ptr, 0, MT_TXD_SIZE + sizeof(*txp));
836 
837 	val = FIELD_PREP(MT_TXD0_TX_BYTES, MT_TXD_SIZE) |
838 	      FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CT);
839 	txwi[0] = cpu_to_le32(val);
840 
841 	val = MT_TXD1_LONG_FORMAT |
842 	      FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_3);
843 	txwi[1] = cpu_to_le32(val);
844 
845 	txp->token = cpu_to_le16(token_id);
846 	txp->nbuf = 1;
847 	txp->buf[0] = cpu_to_le32(phys + MT_TXD_SIZE + sizeof(*txp));
848 
849 	return MT_TXD_SIZE + sizeof(*txp);
850 }
851 
852 static void
853 mt7915_mac_tx_free_prepare(struct mt7915_dev *dev)
854 {
855 	struct mt76_dev *mdev = &dev->mt76;
856 	struct mt76_phy *mphy_ext = mdev->phys[MT_BAND1];
857 
858 	/* clean DMA queues and unmap buffers first */
859 	mt76_queue_tx_cleanup(dev, dev->mphy.q_tx[MT_TXQ_PSD], false);
860 	mt76_queue_tx_cleanup(dev, dev->mphy.q_tx[MT_TXQ_BE], false);
861 	if (mphy_ext) {
862 		mt76_queue_tx_cleanup(dev, mphy_ext->q_tx[MT_TXQ_PSD], false);
863 		mt76_queue_tx_cleanup(dev, mphy_ext->q_tx[MT_TXQ_BE], false);
864 	}
865 }
866 
867 static void
868 mt7915_mac_tx_free_done(struct mt7915_dev *dev,
869 			struct list_head *free_list, bool wake)
870 {
871 	struct sk_buff *skb, *tmp;
872 
873 	mt7915_mac_sta_poll(dev);
874 
875 	if (wake)
876 		mt76_set_tx_blocked(&dev->mt76, false);
877 
878 	mt76_worker_schedule(&dev->mt76.tx_worker);
879 
880 	list_for_each_entry_safe(skb, tmp, free_list, list) {
881 		skb_list_del_init(skb);
882 		napi_consume_skb(skb, 1);
883 	}
884 }
885 
886 static void
887 mt7915_mac_tx_free(struct mt7915_dev *dev, void *data, int len)
888 {
889 	struct mt76_connac_tx_free *free = data;
890 	__le32 *tx_info = (__le32 *)(data + sizeof(*free));
891 	struct mt76_dev *mdev = &dev->mt76;
892 	struct mt76_txwi_cache *txwi;
893 	struct ieee80211_sta *sta = NULL;
894 	struct mt76_wcid *wcid = NULL;
895 	LIST_HEAD(free_list);
896 	void *end = data + len;
897 	bool v3, wake = false;
898 	u16 total, count = 0;
899 	u32 txd = le32_to_cpu(free->txd);
900 	__le32 *cur_info;
901 
902 	mt7915_mac_tx_free_prepare(dev);
903 
904 	total = le16_get_bits(free->ctrl, MT_TX_FREE_MSDU_CNT);
905 	v3 = (FIELD_GET(MT_TX_FREE_VER, txd) == 0x4);
906 
907 	for (cur_info = tx_info; count < total; cur_info++) {
908 		u32 msdu, info;
909 		u8 i;
910 
911 		if (WARN_ON_ONCE((void *)cur_info >= end))
912 			return;
913 
914 		/*
915 		 * 1'b1: new wcid pair.
916 		 * 1'b0: msdu_id with the same 'wcid pair' as above.
917 		 */
918 		info = le32_to_cpu(*cur_info);
919 		if (info & MT_TX_FREE_PAIR) {
920 			struct mt7915_sta *msta;
921 			u16 idx;
922 
923 			idx = FIELD_GET(MT_TX_FREE_WLAN_ID, info);
924 			wcid = rcu_dereference(dev->mt76.wcid[idx]);
925 			sta = wcid_to_sta(wcid);
926 			if (!sta)
927 				continue;
928 
929 			msta = container_of(wcid, struct mt7915_sta, wcid);
930 			spin_lock_bh(&mdev->sta_poll_lock);
931 			if (list_empty(&msta->wcid.poll_list))
932 				list_add_tail(&msta->wcid.poll_list,
933 					      &mdev->sta_poll_list);
934 			spin_unlock_bh(&mdev->sta_poll_lock);
935 			continue;
936 		}
937 
938 		if (!mtk_wed_device_active(&mdev->mmio.wed) && wcid) {
939 			u32 tx_retries = 0, tx_failed = 0;
940 
941 			if (v3 && (info & MT_TX_FREE_MPDU_HEADER_V3)) {
942 				tx_retries =
943 					FIELD_GET(MT_TX_FREE_COUNT_V3, info) - 1;
944 				tx_failed = tx_retries +
945 					!!FIELD_GET(MT_TX_FREE_STAT_V3, info);
946 			} else if (!v3 && (info & MT_TX_FREE_MPDU_HEADER)) {
947 				tx_retries =
948 					FIELD_GET(MT_TX_FREE_COUNT, info) - 1;
949 				tx_failed = tx_retries +
950 					!!FIELD_GET(MT_TX_FREE_STAT, info);
951 			}
952 			wcid->stats.tx_retries += tx_retries;
953 			wcid->stats.tx_failed += tx_failed;
954 		}
955 
956 		if (v3 && (info & MT_TX_FREE_MPDU_HEADER_V3))
957 			continue;
958 
959 		for (i = 0; i < 1 + v3; i++) {
960 			if (v3) {
961 				msdu = (info >> (15 * i)) & MT_TX_FREE_MSDU_ID_V3;
962 				if (msdu == MT_TX_FREE_MSDU_ID_V3)
963 					continue;
964 			} else {
965 				msdu = FIELD_GET(MT_TX_FREE_MSDU_ID, info);
966 			}
967 			count++;
968 			txwi = mt76_token_release(mdev, msdu, &wake);
969 			if (!txwi)
970 				continue;
971 
972 			mt76_connac2_txwi_free(mdev, txwi, sta, &free_list);
973 		}
974 	}
975 
976 	mt7915_mac_tx_free_done(dev, &free_list, wake);
977 }
978 
979 static void
980 mt7915_mac_tx_free_v0(struct mt7915_dev *dev, void *data, int len)
981 {
982 	struct mt76_connac_tx_free *free = data;
983 	__le16 *info = (__le16 *)(data + sizeof(*free));
984 	struct mt76_dev *mdev = &dev->mt76;
985 	void *end = data + len;
986 	LIST_HEAD(free_list);
987 	bool wake = false;
988 	u8 i, count;
989 
990 	mt7915_mac_tx_free_prepare(dev);
991 
992 	count = FIELD_GET(MT_TX_FREE_MSDU_CNT_V0, le16_to_cpu(free->ctrl));
993 	if (WARN_ON_ONCE((void *)&info[count] > end))
994 		return;
995 
996 	for (i = 0; i < count; i++) {
997 		struct mt76_txwi_cache *txwi;
998 		u16 msdu = le16_to_cpu(info[i]);
999 
1000 		txwi = mt76_token_release(mdev, msdu, &wake);
1001 		if (!txwi)
1002 			continue;
1003 
1004 		mt76_connac2_txwi_free(mdev, txwi, NULL, &free_list);
1005 	}
1006 
1007 	mt7915_mac_tx_free_done(dev, &free_list, wake);
1008 }
1009 
1010 static void mt7915_mac_add_txs(struct mt7915_dev *dev, void *data)
1011 {
1012 	struct mt7915_sta *msta = NULL;
1013 	struct mt76_wcid *wcid;
1014 	__le32 *txs_data = data;
1015 	u16 wcidx;
1016 	u8 pid;
1017 
1018 	wcidx = le32_get_bits(txs_data[2], MT_TXS2_WCID);
1019 	pid = le32_get_bits(txs_data[3], MT_TXS3_PID);
1020 
1021 	if (pid < MT_PACKET_ID_WED)
1022 		return;
1023 
1024 	if (wcidx >= mt7915_wtbl_size(dev))
1025 		return;
1026 
1027 	rcu_read_lock();
1028 
1029 	wcid = rcu_dereference(dev->mt76.wcid[wcidx]);
1030 	if (!wcid)
1031 		goto out;
1032 
1033 	msta = container_of(wcid, struct mt7915_sta, wcid);
1034 
1035 	if (pid == MT_PACKET_ID_WED)
1036 		mt76_connac2_mac_fill_txs(&dev->mt76, wcid, txs_data);
1037 	else
1038 		mt76_connac2_mac_add_txs_skb(&dev->mt76, wcid, pid, txs_data);
1039 
1040 	if (!wcid->sta)
1041 		goto out;
1042 
1043 	spin_lock_bh(&dev->mt76.sta_poll_lock);
1044 	if (list_empty(&msta->wcid.poll_list))
1045 		list_add_tail(&msta->wcid.poll_list, &dev->mt76.sta_poll_list);
1046 	spin_unlock_bh(&dev->mt76.sta_poll_lock);
1047 
1048 out:
1049 	rcu_read_unlock();
1050 }
1051 
1052 bool mt7915_rx_check(struct mt76_dev *mdev, void *data, int len)
1053 {
1054 	struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);
1055 	__le32 *rxd = (__le32 *)data;
1056 	__le32 *end = (__le32 *)&rxd[len / 4];
1057 	enum rx_pkt_type type;
1058 
1059 	type = le32_get_bits(rxd[0], MT_RXD0_PKT_TYPE);
1060 
1061 	switch (type) {
1062 	case PKT_TYPE_TXRX_NOTIFY:
1063 		mt7915_mac_tx_free(dev, data, len);
1064 		return false;
1065 	case PKT_TYPE_TXRX_NOTIFY_V0:
1066 		mt7915_mac_tx_free_v0(dev, data, len);
1067 		return false;
1068 	case PKT_TYPE_TXS:
1069 		for (rxd += 2; rxd + 8 <= end; rxd += 8)
1070 			mt7915_mac_add_txs(dev, rxd);
1071 		return false;
1072 	case PKT_TYPE_RX_FW_MONITOR:
1073 		mt7915_debugfs_rx_fw_monitor(dev, data, len);
1074 		return false;
1075 	default:
1076 		return true;
1077 	}
1078 }
1079 
1080 void mt7915_queue_rx_skb(struct mt76_dev *mdev, enum mt76_rxq_id q,
1081 			 struct sk_buff *skb, u32 *info)
1082 {
1083 	struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);
1084 	__le32 *rxd = (__le32 *)skb->data;
1085 	__le32 *end = (__le32 *)&skb->data[skb->len];
1086 	enum rx_pkt_type type;
1087 
1088 	type = le32_get_bits(rxd[0], MT_RXD0_PKT_TYPE);
1089 
1090 	switch (type) {
1091 	case PKT_TYPE_TXRX_NOTIFY:
1092 		mt7915_mac_tx_free(dev, skb->data, skb->len);
1093 		napi_consume_skb(skb, 1);
1094 		break;
1095 	case PKT_TYPE_TXRX_NOTIFY_V0:
1096 		mt7915_mac_tx_free_v0(dev, skb->data, skb->len);
1097 		napi_consume_skb(skb, 1);
1098 		break;
1099 	case PKT_TYPE_RX_EVENT:
1100 		mt7915_mcu_rx_event(dev, skb);
1101 		break;
1102 	case PKT_TYPE_TXRXV:
1103 		mt7915_mac_fill_rx_vector(dev, skb);
1104 		break;
1105 	case PKT_TYPE_TXS:
1106 		for (rxd += 2; rxd + 8 <= end; rxd += 8)
1107 			mt7915_mac_add_txs(dev, rxd);
1108 		dev_kfree_skb(skb);
1109 		break;
1110 	case PKT_TYPE_RX_FW_MONITOR:
1111 		mt7915_debugfs_rx_fw_monitor(dev, skb->data, skb->len);
1112 		dev_kfree_skb(skb);
1113 		break;
1114 	case PKT_TYPE_NORMAL:
1115 		if (!mt7915_mac_fill_rx(dev, skb, q, info)) {
1116 			mt76_rx(&dev->mt76, q, skb);
1117 			return;
1118 		}
1119 		fallthrough;
1120 	default:
1121 		dev_kfree_skb(skb);
1122 		break;
1123 	}
1124 }
1125 
1126 void mt7915_mac_cca_stats_reset(struct mt7915_phy *phy)
1127 {
1128 	struct mt7915_dev *dev = phy->dev;
1129 	u32 reg = MT_WF_PHY_RX_CTRL1(phy->mt76->band_idx);
1130 
1131 	mt76_clear(dev, reg, MT_WF_PHY_RX_CTRL1_STSCNT_EN);
1132 	mt76_set(dev, reg, BIT(11) | BIT(9));
1133 }
1134 
1135 void mt7915_mac_reset_counters(struct mt7915_phy *phy)
1136 {
1137 	struct mt7915_dev *dev = phy->dev;
1138 	int i;
1139 
1140 	for (i = 0; i < 4; i++) {
1141 		mt76_rr(dev, MT_TX_AGG_CNT(phy->mt76->band_idx, i));
1142 		mt76_rr(dev, MT_TX_AGG_CNT2(phy->mt76->band_idx, i));
1143 	}
1144 
1145 	phy->mt76->survey_time = ktime_get_boottime();
1146 	memset(phy->mt76->aggr_stats, 0, sizeof(phy->mt76->aggr_stats));
1147 
1148 	/* reset airtime counters */
1149 	mt76_set(dev, MT_WF_RMAC_MIB_AIRTIME0(phy->mt76->band_idx),
1150 		 MT_WF_RMAC_MIB_RXTIME_CLR);
1151 
1152 	mt7915_mcu_get_chan_mib_info(phy, true);
1153 }
1154 
1155 void mt7915_mac_set_timing(struct mt7915_phy *phy)
1156 {
1157 	s16 coverage_class = phy->coverage_class;
1158 	struct mt7915_dev *dev = phy->dev;
1159 	struct mt7915_phy *ext_phy = mt7915_ext_phy(dev);
1160 	u32 val, reg_offset;
1161 	u32 cck = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, 231) |
1162 		  FIELD_PREP(MT_TIMEOUT_VAL_CCA, 48);
1163 	u32 ofdm = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, 60) |
1164 		   FIELD_PREP(MT_TIMEOUT_VAL_CCA, 28);
1165 	u8 band = phy->mt76->band_idx;
1166 	int eifs_ofdm = 360, sifs = 10, offset;
1167 	bool a_band = !(phy->mt76->chandef.chan->band == NL80211_BAND_2GHZ);
1168 
1169 	if (!test_bit(MT76_STATE_RUNNING, &phy->mt76->state))
1170 		return;
1171 
1172 	if (ext_phy)
1173 		coverage_class = max_t(s16, dev->phy.coverage_class,
1174 				       ext_phy->coverage_class);
1175 
1176 	mt76_set(dev, MT_ARB_SCR(band),
1177 		 MT_ARB_SCR_TX_DISABLE | MT_ARB_SCR_RX_DISABLE);
1178 	udelay(1);
1179 
1180 	offset = 3 * coverage_class;
1181 	reg_offset = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, offset) |
1182 		     FIELD_PREP(MT_TIMEOUT_VAL_CCA, offset);
1183 
1184 	if (!is_mt7915(&dev->mt76)) {
1185 		if (!a_band) {
1186 			mt76_wr(dev, MT_TMAC_ICR1(band),
1187 				FIELD_PREP(MT_IFS_EIFS_CCK, 314));
1188 			eifs_ofdm = 78;
1189 		} else {
1190 			eifs_ofdm = 84;
1191 		}
1192 	} else if (a_band) {
1193 		sifs = 16;
1194 	}
1195 
1196 	mt76_wr(dev, MT_TMAC_CDTR(band), cck + reg_offset);
1197 	mt76_wr(dev, MT_TMAC_ODTR(band), ofdm + reg_offset);
1198 	mt76_wr(dev, MT_TMAC_ICR0(band),
1199 		FIELD_PREP(MT_IFS_EIFS_OFDM, eifs_ofdm) |
1200 		FIELD_PREP(MT_IFS_RIFS, 2) |
1201 		FIELD_PREP(MT_IFS_SIFS, sifs) |
1202 		FIELD_PREP(MT_IFS_SLOT, phy->slottime));
1203 
1204 	if (phy->slottime < 20 || a_band)
1205 		val = MT7915_CFEND_RATE_DEFAULT;
1206 	else
1207 		val = MT7915_CFEND_RATE_11B;
1208 
1209 	mt76_rmw_field(dev, MT_AGG_ACR0(band), MT_AGG_ACR_CFEND_RATE, val);
1210 	mt76_clear(dev, MT_ARB_SCR(band),
1211 		   MT_ARB_SCR_TX_DISABLE | MT_ARB_SCR_RX_DISABLE);
1212 }
1213 
1214 void mt7915_mac_enable_nf(struct mt7915_dev *dev, bool band)
1215 {
1216 	u32 reg;
1217 
1218 	reg = is_mt7915(&dev->mt76) ? MT_WF_PHY_RXTD12(band) :
1219 				      MT_WF_PHY_RXTD12_MT7916(band);
1220 	mt76_set(dev, reg,
1221 		 MT_WF_PHY_RXTD12_IRPI_SW_CLR_ONLY |
1222 		 MT_WF_PHY_RXTD12_IRPI_SW_CLR);
1223 
1224 	reg = is_mt7915(&dev->mt76) ? MT_WF_PHY_RX_CTRL1(band) :
1225 				      MT_WF_PHY_RX_CTRL1_MT7916(band);
1226 	mt76_set(dev, reg, FIELD_PREP(MT_WF_PHY_RX_CTRL1_IPI_EN, 0x5));
1227 }
1228 
1229 static u8
1230 mt7915_phy_get_nf(struct mt7915_phy *phy, int idx)
1231 {
1232 	static const u8 nf_power[] = { 92, 89, 86, 83, 80, 75, 70, 65, 60, 55, 52 };
1233 	struct mt7915_dev *dev = phy->dev;
1234 	u32 val, sum = 0, n = 0;
1235 	int nss, i;
1236 
1237 	for (nss = 0; nss < hweight8(phy->mt76->chainmask); nss++) {
1238 		u32 reg = is_mt7915(&dev->mt76) ?
1239 			MT_WF_IRPI_NSS(0, nss + (idx << dev->dbdc_support)) :
1240 			MT_WF_IRPI_NSS_MT7916(idx, nss);
1241 
1242 		for (i = 0; i < ARRAY_SIZE(nf_power); i++, reg += 4) {
1243 			val = mt76_rr(dev, reg);
1244 			sum += val * nf_power[i];
1245 			n += val;
1246 		}
1247 	}
1248 
1249 	if (!n)
1250 		return 0;
1251 
1252 	return sum / n;
1253 }
1254 
1255 void mt7915_update_channel(struct mt76_phy *mphy)
1256 {
1257 	struct mt7915_phy *phy = mphy->priv;
1258 	struct mt76_channel_state *state = mphy->chan_state;
1259 	int nf;
1260 
1261 	mt7915_mcu_get_chan_mib_info(phy, false);
1262 
1263 	nf = mt7915_phy_get_nf(phy, phy->mt76->band_idx);
1264 	if (!phy->noise)
1265 		phy->noise = nf << 4;
1266 	else if (nf)
1267 		phy->noise += nf - (phy->noise >> 4);
1268 
1269 	state->noise = -(phy->noise >> 4);
1270 }
1271 
1272 static bool
1273 mt7915_wait_reset_state(struct mt7915_dev *dev, u32 state)
1274 {
1275 	bool ret;
1276 
1277 	ret = wait_event_timeout(dev->reset_wait,
1278 				 (READ_ONCE(dev->recovery.state) & state),
1279 				 MT7915_RESET_TIMEOUT);
1280 
1281 	WARN(!ret, "Timeout waiting for MCU reset state %x\n", state);
1282 	return ret;
1283 }
1284 
1285 static void
1286 mt7915_update_vif_beacon(void *priv, u8 *mac, struct ieee80211_vif *vif)
1287 {
1288 	struct ieee80211_hw *hw = priv;
1289 
1290 	switch (vif->type) {
1291 	case NL80211_IFTYPE_MESH_POINT:
1292 	case NL80211_IFTYPE_ADHOC:
1293 	case NL80211_IFTYPE_AP:
1294 		mt7915_mcu_add_beacon(hw, vif, vif->bss_conf.enable_beacon,
1295 				      BSS_CHANGED_BEACON_ENABLED);
1296 		break;
1297 	default:
1298 		break;
1299 	}
1300 }
1301 
1302 static void
1303 mt7915_update_beacons(struct mt7915_dev *dev)
1304 {
1305 	struct mt76_phy *mphy_ext = dev->mt76.phys[MT_BAND1];
1306 
1307 	ieee80211_iterate_active_interfaces(dev->mt76.hw,
1308 		IEEE80211_IFACE_ITER_RESUME_ALL,
1309 		mt7915_update_vif_beacon, dev->mt76.hw);
1310 
1311 	if (!mphy_ext)
1312 		return;
1313 
1314 	ieee80211_iterate_active_interfaces(mphy_ext->hw,
1315 		IEEE80211_IFACE_ITER_RESUME_ALL,
1316 		mt7915_update_vif_beacon, mphy_ext->hw);
1317 }
1318 
1319 static int
1320 mt7915_mac_restart(struct mt7915_dev *dev)
1321 {
1322 	struct mt7915_phy *phy2;
1323 	struct mt76_phy *ext_phy;
1324 	struct mt76_dev *mdev = &dev->mt76;
1325 	int i, ret;
1326 
1327 	ext_phy = dev->mt76.phys[MT_BAND1];
1328 	phy2 = ext_phy ? ext_phy->priv : NULL;
1329 
1330 	if (dev->hif2) {
1331 		mt76_wr(dev, MT_INT1_MASK_CSR, 0x0);
1332 		mt76_wr(dev, MT_INT1_SOURCE_CSR, ~0);
1333 	}
1334 
1335 	if (dev_is_pci(mdev->dev)) {
1336 		mt76_wr(dev, MT_PCIE_MAC_INT_ENABLE, 0x0);
1337 		if (dev->hif2) {
1338 			if (is_mt7915(mdev))
1339 				mt76_wr(dev, MT_PCIE1_MAC_INT_ENABLE, 0x0);
1340 			else
1341 				mt76_wr(dev, MT_PCIE1_MAC_INT_ENABLE_MT7916, 0x0);
1342 		}
1343 	}
1344 
1345 	set_bit(MT76_RESET, &dev->mphy.state);
1346 	set_bit(MT76_MCU_RESET, &dev->mphy.state);
1347 	wake_up(&dev->mt76.mcu.wait);
1348 	if (ext_phy)
1349 		set_bit(MT76_RESET, &ext_phy->state);
1350 
1351 	/* lock/unlock all queues to ensure that no tx is pending */
1352 	mt76_txq_schedule_all(&dev->mphy);
1353 	if (ext_phy)
1354 		mt76_txq_schedule_all(ext_phy);
1355 
1356 	/* disable all tx/rx napi */
1357 	mt76_worker_disable(&dev->mt76.tx_worker);
1358 	mt76_for_each_q_rx(mdev, i) {
1359 		if (mdev->q_rx[i].ndesc)
1360 			napi_disable(&dev->mt76.napi[i]);
1361 	}
1362 	napi_disable(&dev->mt76.tx_napi);
1363 
1364 	/* token reinit */
1365 	mt76_connac2_tx_token_put(&dev->mt76);
1366 	idr_init(&dev->mt76.token);
1367 
1368 	mt7915_dma_reset(dev, true);
1369 
1370 	local_bh_disable();
1371 	mt76_for_each_q_rx(mdev, i) {
1372 		if (mdev->q_rx[i].ndesc) {
1373 			napi_enable(&dev->mt76.napi[i]);
1374 			napi_schedule(&dev->mt76.napi[i]);
1375 		}
1376 	}
1377 	local_bh_enable();
1378 	clear_bit(MT76_MCU_RESET, &dev->mphy.state);
1379 	clear_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
1380 
1381 	mt76_wr(dev, MT_INT_MASK_CSR, dev->mt76.mmio.irqmask);
1382 	mt76_wr(dev, MT_INT_SOURCE_CSR, ~0);
1383 
1384 	if (dev->hif2) {
1385 		mt76_wr(dev, MT_INT1_MASK_CSR, dev->mt76.mmio.irqmask);
1386 		mt76_wr(dev, MT_INT1_SOURCE_CSR, ~0);
1387 	}
1388 	if (dev_is_pci(mdev->dev)) {
1389 		mt76_wr(dev, MT_PCIE_MAC_INT_ENABLE, 0xff);
1390 		if (dev->hif2) {
1391 			if (is_mt7915(mdev))
1392 				mt76_wr(dev, MT_PCIE1_MAC_INT_ENABLE, 0xff);
1393 			else
1394 				mt76_wr(dev, MT_PCIE1_MAC_INT_ENABLE_MT7916, 0xff);
1395 		}
1396 	}
1397 
1398 	/* load firmware */
1399 	ret = mt7915_mcu_init_firmware(dev);
1400 	if (ret)
1401 		goto out;
1402 
1403 	/* set the necessary init items */
1404 	ret = mt7915_mcu_set_eeprom(dev);
1405 	if (ret)
1406 		goto out;
1407 
1408 	mt7915_mac_init(dev);
1409 	mt7915_init_txpower(&dev->phy);
1410 	mt7915_init_txpower(phy2);
1411 	ret = mt7915_txbf_init(dev);
1412 
1413 	if (test_bit(MT76_STATE_RUNNING, &dev->mphy.state)) {
1414 		ret = mt7915_run(dev->mphy.hw);
1415 		if (ret)
1416 			goto out;
1417 	}
1418 
1419 	if (ext_phy && test_bit(MT76_STATE_RUNNING, &ext_phy->state)) {
1420 		ret = mt7915_run(ext_phy->hw);
1421 		if (ret)
1422 			goto out;
1423 	}
1424 
1425 out:
1426 	/* reset done */
1427 	clear_bit(MT76_RESET, &dev->mphy.state);
1428 	if (phy2)
1429 		clear_bit(MT76_RESET, &phy2->mt76->state);
1430 
1431 	local_bh_disable();
1432 	napi_enable(&dev->mt76.tx_napi);
1433 	napi_schedule(&dev->mt76.tx_napi);
1434 	local_bh_enable();
1435 
1436 	mt76_worker_enable(&dev->mt76.tx_worker);
1437 
1438 	return ret;
1439 }
1440 
1441 static void
1442 mt7915_mac_full_reset(struct mt7915_dev *dev)
1443 {
1444 	struct mt76_phy *ext_phy;
1445 	int i;
1446 
1447 	ext_phy = dev->mt76.phys[MT_BAND1];
1448 
1449 	dev->recovery.hw_full_reset = true;
1450 
1451 	wake_up(&dev->mt76.mcu.wait);
1452 	ieee80211_stop_queues(mt76_hw(dev));
1453 	if (ext_phy)
1454 		ieee80211_stop_queues(ext_phy->hw);
1455 
1456 	cancel_delayed_work_sync(&dev->mphy.mac_work);
1457 	if (ext_phy)
1458 		cancel_delayed_work_sync(&ext_phy->mac_work);
1459 
1460 	mutex_lock(&dev->mt76.mutex);
1461 	for (i = 0; i < 10; i++) {
1462 		if (!mt7915_mac_restart(dev))
1463 			break;
1464 	}
1465 	mutex_unlock(&dev->mt76.mutex);
1466 
1467 	if (i == 10)
1468 		dev_err(dev->mt76.dev, "chip full reset failed\n");
1469 
1470 	ieee80211_restart_hw(mt76_hw(dev));
1471 	if (ext_phy)
1472 		ieee80211_restart_hw(ext_phy->hw);
1473 
1474 	ieee80211_wake_queues(mt76_hw(dev));
1475 	if (ext_phy)
1476 		ieee80211_wake_queues(ext_phy->hw);
1477 
1478 	dev->recovery.hw_full_reset = false;
1479 	ieee80211_queue_delayed_work(mt76_hw(dev), &dev->mphy.mac_work,
1480 				     MT7915_WATCHDOG_TIME);
1481 	if (ext_phy)
1482 		ieee80211_queue_delayed_work(ext_phy->hw,
1483 					     &ext_phy->mac_work,
1484 					     MT7915_WATCHDOG_TIME);
1485 }
1486 
1487 /* system error recovery */
1488 void mt7915_mac_reset_work(struct work_struct *work)
1489 {
1490 	struct mt7915_phy *phy2;
1491 	struct mt76_phy *ext_phy;
1492 	struct mt7915_dev *dev;
1493 	int i;
1494 
1495 	dev = container_of(work, struct mt7915_dev, reset_work);
1496 	ext_phy = dev->mt76.phys[MT_BAND1];
1497 	phy2 = ext_phy ? ext_phy->priv : NULL;
1498 
1499 	/* chip full reset */
1500 	if (dev->recovery.restart) {
1501 		/* disable WA/WM WDT */
1502 		mt76_clear(dev, MT_WFDMA0_MCU_HOST_INT_ENA,
1503 			   MT_MCU_CMD_WDT_MASK);
1504 
1505 		if (READ_ONCE(dev->recovery.state) & MT_MCU_CMD_WA_WDT)
1506 			dev->recovery.wa_reset_count++;
1507 		else
1508 			dev->recovery.wm_reset_count++;
1509 
1510 		mt7915_mac_full_reset(dev);
1511 
1512 		/* enable mcu irq */
1513 		mt7915_irq_enable(dev, MT_INT_MCU_CMD);
1514 		mt7915_irq_disable(dev, 0);
1515 
1516 		/* enable WA/WM WDT */
1517 		mt76_set(dev, MT_WFDMA0_MCU_HOST_INT_ENA, MT_MCU_CMD_WDT_MASK);
1518 
1519 		dev->recovery.state = MT_MCU_CMD_NORMAL_STATE;
1520 		dev->recovery.restart = false;
1521 		return;
1522 	}
1523 
1524 	/* chip partial reset */
1525 	if (!(READ_ONCE(dev->recovery.state) & MT_MCU_CMD_STOP_DMA))
1526 		return;
1527 
1528 	ieee80211_stop_queues(mt76_hw(dev));
1529 	if (ext_phy)
1530 		ieee80211_stop_queues(ext_phy->hw);
1531 
1532 	set_bit(MT76_RESET, &dev->mphy.state);
1533 	set_bit(MT76_MCU_RESET, &dev->mphy.state);
1534 	wake_up(&dev->mt76.mcu.wait);
1535 	cancel_delayed_work_sync(&dev->mphy.mac_work);
1536 	if (phy2) {
1537 		set_bit(MT76_RESET, &phy2->mt76->state);
1538 		cancel_delayed_work_sync(&phy2->mt76->mac_work);
1539 	}
1540 	mt76_worker_disable(&dev->mt76.tx_worker);
1541 	mt76_for_each_q_rx(&dev->mt76, i)
1542 		napi_disable(&dev->mt76.napi[i]);
1543 	napi_disable(&dev->mt76.tx_napi);
1544 
1545 	mutex_lock(&dev->mt76.mutex);
1546 
1547 	if (mtk_wed_device_active(&dev->mt76.mmio.wed))
1548 		mtk_wed_device_stop(&dev->mt76.mmio.wed);
1549 
1550 	mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_DMA_STOPPED);
1551 
1552 	if (mt7915_wait_reset_state(dev, MT_MCU_CMD_RESET_DONE)) {
1553 		mt7915_dma_reset(dev, false);
1554 
1555 		mt76_connac2_tx_token_put(&dev->mt76);
1556 		idr_init(&dev->mt76.token);
1557 
1558 		mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_DMA_INIT);
1559 		mt7915_wait_reset_state(dev, MT_MCU_CMD_RECOVERY_DONE);
1560 	}
1561 
1562 	mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_RESET_DONE);
1563 	mt7915_wait_reset_state(dev, MT_MCU_CMD_NORMAL_STATE);
1564 
1565 	/* enable DMA Tx/Rx and interrupt */
1566 	mt7915_dma_start(dev, false, false);
1567 
1568 	clear_bit(MT76_MCU_RESET, &dev->mphy.state);
1569 	clear_bit(MT76_RESET, &dev->mphy.state);
1570 	if (phy2)
1571 		clear_bit(MT76_RESET, &phy2->mt76->state);
1572 
1573 	local_bh_disable();
1574 	mt76_for_each_q_rx(&dev->mt76, i) {
1575 		napi_enable(&dev->mt76.napi[i]);
1576 		napi_schedule(&dev->mt76.napi[i]);
1577 	}
1578 	local_bh_enable();
1579 
1580 	tasklet_schedule(&dev->mt76.irq_tasklet);
1581 
1582 	mt76_worker_enable(&dev->mt76.tx_worker);
1583 
1584 	local_bh_disable();
1585 	napi_enable(&dev->mt76.tx_napi);
1586 	napi_schedule(&dev->mt76.tx_napi);
1587 	local_bh_enable();
1588 
1589 	ieee80211_wake_queues(mt76_hw(dev));
1590 	if (ext_phy)
1591 		ieee80211_wake_queues(ext_phy->hw);
1592 
1593 	mutex_unlock(&dev->mt76.mutex);
1594 
1595 	mt7915_update_beacons(dev);
1596 
1597 	ieee80211_queue_delayed_work(mt76_hw(dev), &dev->mphy.mac_work,
1598 				     MT7915_WATCHDOG_TIME);
1599 	if (phy2)
1600 		ieee80211_queue_delayed_work(ext_phy->hw,
1601 					     &phy2->mt76->mac_work,
1602 					     MT7915_WATCHDOG_TIME);
1603 }
1604 
1605 /* firmware coredump */
1606 void mt7915_mac_dump_work(struct work_struct *work)
1607 {
1608 	const struct mt7915_mem_region *mem_region;
1609 	struct mt7915_crash_data *crash_data;
1610 	struct mt7915_dev *dev;
1611 	struct mt7915_mem_hdr *hdr;
1612 	size_t buf_len;
1613 	int i;
1614 	u32 num;
1615 	u8 *buf;
1616 
1617 	dev = container_of(work, struct mt7915_dev, dump_work);
1618 
1619 	mutex_lock(&dev->dump_mutex);
1620 
1621 	crash_data = mt7915_coredump_new(dev);
1622 	if (!crash_data) {
1623 		mutex_unlock(&dev->dump_mutex);
1624 		goto skip_coredump;
1625 	}
1626 
1627 	mem_region = mt7915_coredump_get_mem_layout(dev, &num);
1628 	if (!mem_region || !crash_data->memdump_buf_len) {
1629 		mutex_unlock(&dev->dump_mutex);
1630 		goto skip_memdump;
1631 	}
1632 
1633 	buf = crash_data->memdump_buf;
1634 	buf_len = crash_data->memdump_buf_len;
1635 
1636 	/* dumping memory content... */
1637 	memset(buf, 0, buf_len);
1638 	for (i = 0; i < num; i++) {
1639 		if (mem_region->len > buf_len) {
1640 			dev_warn(dev->mt76.dev, "%s len %lu is too large\n",
1641 				 mem_region->name,
1642 				 (unsigned long)mem_region->len);
1643 			break;
1644 		}
1645 
1646 		/* reserve space for the header */
1647 		hdr = (void *)buf;
1648 		buf += sizeof(*hdr);
1649 		buf_len -= sizeof(*hdr);
1650 
1651 		mt7915_memcpy_fromio(dev, buf, mem_region->start,
1652 				     mem_region->len);
1653 
1654 		hdr->start = mem_region->start;
1655 		hdr->len = mem_region->len;
1656 
1657 		if (!mem_region->len)
1658 			/* note: the header remains, just with zero length */
1659 			break;
1660 
1661 		buf += mem_region->len;
1662 		buf_len -= mem_region->len;
1663 
1664 		mem_region++;
1665 	}
1666 
1667 	mutex_unlock(&dev->dump_mutex);
1668 
1669 skip_memdump:
1670 	mt7915_coredump_submit(dev);
1671 skip_coredump:
1672 	queue_work(dev->mt76.wq, &dev->reset_work);
1673 }
1674 
1675 void mt7915_reset(struct mt7915_dev *dev)
1676 {
1677 	if (!dev->recovery.hw_init_done)
1678 		return;
1679 
1680 	if (dev->recovery.hw_full_reset)
1681 		return;
1682 
1683 	/* wm/wa exception: do full recovery */
1684 	if (READ_ONCE(dev->recovery.state) & MT_MCU_CMD_WDT_MASK) {
1685 		dev->recovery.restart = true;
1686 		dev_info(dev->mt76.dev,
1687 			 "%s indicated firmware crash, attempting recovery\n",
1688 			 wiphy_name(dev->mt76.hw->wiphy));
1689 
1690 		mt7915_irq_disable(dev, MT_INT_MCU_CMD);
1691 		queue_work(dev->mt76.wq, &dev->dump_work);
1692 		return;
1693 	}
1694 
1695 	queue_work(dev->mt76.wq, &dev->reset_work);
1696 	wake_up(&dev->reset_wait);
1697 }
1698 
1699 void mt7915_mac_update_stats(struct mt7915_phy *phy)
1700 {
1701 	struct mt76_mib_stats *mib = &phy->mib;
1702 	struct mt7915_dev *dev = phy->dev;
1703 	int i, aggr0 = 0, aggr1, cnt;
1704 	u8 band = phy->mt76->band_idx;
1705 	u32 val;
1706 
1707 	cnt = mt76_rr(dev, MT_MIB_SDR3(band));
1708 	mib->fcs_err_cnt += is_mt7915(&dev->mt76) ?
1709 		FIELD_GET(MT_MIB_SDR3_FCS_ERR_MASK, cnt) :
1710 		FIELD_GET(MT_MIB_SDR3_FCS_ERR_MASK_MT7916, cnt);
1711 
1712 	cnt = mt76_rr(dev, MT_MIB_SDR4(band));
1713 	mib->rx_fifo_full_cnt += FIELD_GET(MT_MIB_SDR4_RX_FIFO_FULL_MASK, cnt);
1714 
1715 	cnt = mt76_rr(dev, MT_MIB_SDR5(band));
1716 	mib->rx_mpdu_cnt += cnt;
1717 
1718 	cnt = mt76_rr(dev, MT_MIB_SDR6(band));
1719 	mib->channel_idle_cnt += FIELD_GET(MT_MIB_SDR6_CHANNEL_IDL_CNT_MASK, cnt);
1720 
1721 	cnt = mt76_rr(dev, MT_MIB_SDR7(band));
1722 	mib->rx_vector_mismatch_cnt +=
1723 		FIELD_GET(MT_MIB_SDR7_RX_VECTOR_MISMATCH_CNT_MASK, cnt);
1724 
1725 	cnt = mt76_rr(dev, MT_MIB_SDR8(band));
1726 	mib->rx_delimiter_fail_cnt +=
1727 		FIELD_GET(MT_MIB_SDR8_RX_DELIMITER_FAIL_CNT_MASK, cnt);
1728 
1729 	cnt = mt76_rr(dev, MT_MIB_SDR10(band));
1730 	mib->rx_mrdy_cnt += is_mt7915(&dev->mt76) ?
1731 		FIELD_GET(MT_MIB_SDR10_MRDY_COUNT_MASK, cnt) :
1732 		FIELD_GET(MT_MIB_SDR10_MRDY_COUNT_MASK_MT7916, cnt);
1733 
1734 	cnt = mt76_rr(dev, MT_MIB_SDR11(band));
1735 	mib->rx_len_mismatch_cnt +=
1736 		FIELD_GET(MT_MIB_SDR11_RX_LEN_MISMATCH_CNT_MASK, cnt);
1737 
1738 	cnt = mt76_rr(dev, MT_MIB_SDR12(band));
1739 	mib->tx_ampdu_cnt += cnt;
1740 
1741 	cnt = mt76_rr(dev, MT_MIB_SDR13(band));
1742 	mib->tx_stop_q_empty_cnt +=
1743 		FIELD_GET(MT_MIB_SDR13_TX_STOP_Q_EMPTY_CNT_MASK, cnt);
1744 
1745 	cnt = mt76_rr(dev, MT_MIB_SDR14(band));
1746 	mib->tx_mpdu_attempts_cnt += is_mt7915(&dev->mt76) ?
1747 		FIELD_GET(MT_MIB_SDR14_TX_MPDU_ATTEMPTS_CNT_MASK, cnt) :
1748 		FIELD_GET(MT_MIB_SDR14_TX_MPDU_ATTEMPTS_CNT_MASK_MT7916, cnt);
1749 
1750 	cnt = mt76_rr(dev, MT_MIB_SDR15(band));
1751 	mib->tx_mpdu_success_cnt += is_mt7915(&dev->mt76) ?
1752 		FIELD_GET(MT_MIB_SDR15_TX_MPDU_SUCCESS_CNT_MASK, cnt) :
1753 		FIELD_GET(MT_MIB_SDR15_TX_MPDU_SUCCESS_CNT_MASK_MT7916, cnt);
1754 
1755 	cnt = mt76_rr(dev, MT_MIB_SDR16(band));
1756 	mib->primary_cca_busy_time +=
1757 		FIELD_GET(MT_MIB_SDR16_PRIMARY_CCA_BUSY_TIME_MASK, cnt);
1758 
1759 	cnt = mt76_rr(dev, MT_MIB_SDR17(band));
1760 	mib->secondary_cca_busy_time +=
1761 		FIELD_GET(MT_MIB_SDR17_SECONDARY_CCA_BUSY_TIME_MASK, cnt);
1762 
1763 	cnt = mt76_rr(dev, MT_MIB_SDR18(band));
1764 	mib->primary_energy_detect_time +=
1765 		FIELD_GET(MT_MIB_SDR18_PRIMARY_ENERGY_DETECT_TIME_MASK, cnt);
1766 
1767 	cnt = mt76_rr(dev, MT_MIB_SDR19(band));
1768 	mib->cck_mdrdy_time += FIELD_GET(MT_MIB_SDR19_CCK_MDRDY_TIME_MASK, cnt);
1769 
1770 	cnt = mt76_rr(dev, MT_MIB_SDR20(band));
1771 	mib->ofdm_mdrdy_time +=
1772 		FIELD_GET(MT_MIB_SDR20_OFDM_VHT_MDRDY_TIME_MASK, cnt);
1773 
1774 	cnt = mt76_rr(dev, MT_MIB_SDR21(band));
1775 	mib->green_mdrdy_time +=
1776 		FIELD_GET(MT_MIB_SDR21_GREEN_MDRDY_TIME_MASK, cnt);
1777 
1778 	cnt = mt76_rr(dev, MT_MIB_SDR22(band));
1779 	mib->rx_ampdu_cnt += cnt;
1780 
1781 	cnt = mt76_rr(dev, MT_MIB_SDR23(band));
1782 	mib->rx_ampdu_bytes_cnt += cnt;
1783 
1784 	cnt = mt76_rr(dev, MT_MIB_SDR24(band));
1785 	mib->rx_ampdu_valid_subframe_cnt += is_mt7915(&dev->mt76) ?
1786 		FIELD_GET(MT_MIB_SDR24_RX_AMPDU_SF_CNT_MASK, cnt) :
1787 		FIELD_GET(MT_MIB_SDR24_RX_AMPDU_SF_CNT_MASK_MT7916, cnt);
1788 
1789 	cnt = mt76_rr(dev, MT_MIB_SDR25(band));
1790 	mib->rx_ampdu_valid_subframe_bytes_cnt += cnt;
1791 
1792 	cnt = mt76_rr(dev, MT_MIB_SDR27(band));
1793 	mib->tx_rwp_fail_cnt +=
1794 		FIELD_GET(MT_MIB_SDR27_TX_RWP_FAIL_CNT_MASK, cnt);
1795 
1796 	cnt = mt76_rr(dev, MT_MIB_SDR28(band));
1797 	mib->tx_rwp_need_cnt +=
1798 		FIELD_GET(MT_MIB_SDR28_TX_RWP_NEED_CNT_MASK, cnt);
1799 
1800 	cnt = mt76_rr(dev, MT_MIB_SDR29(band));
1801 	mib->rx_pfdrop_cnt += is_mt7915(&dev->mt76) ?
1802 		FIELD_GET(MT_MIB_SDR29_RX_PFDROP_CNT_MASK, cnt) :
1803 		FIELD_GET(MT_MIB_SDR29_RX_PFDROP_CNT_MASK_MT7916, cnt);
1804 
1805 	cnt = mt76_rr(dev, MT_MIB_SDRVEC(band));
1806 	mib->rx_vec_queue_overflow_drop_cnt += is_mt7915(&dev->mt76) ?
1807 		FIELD_GET(MT_MIB_SDR30_RX_VEC_QUEUE_OVERFLOW_DROP_CNT_MASK, cnt) :
1808 		FIELD_GET(MT_MIB_SDR30_RX_VEC_QUEUE_OVERFLOW_DROP_CNT_MASK_MT7916, cnt);
1809 
1810 	cnt = mt76_rr(dev, MT_MIB_SDR31(band));
1811 	mib->rx_ba_cnt += cnt;
1812 
1813 	cnt = mt76_rr(dev, MT_MIB_SDRMUBF(band));
1814 	mib->tx_bf_cnt += FIELD_GET(MT_MIB_MU_BF_TX_CNT, cnt);
1815 
1816 	cnt = mt76_rr(dev, MT_MIB_DR8(band));
1817 	mib->tx_mu_mpdu_cnt += cnt;
1818 
1819 	cnt = mt76_rr(dev, MT_MIB_DR9(band));
1820 	mib->tx_mu_acked_mpdu_cnt += cnt;
1821 
1822 	cnt = mt76_rr(dev, MT_MIB_DR11(band));
1823 	mib->tx_su_acked_mpdu_cnt += cnt;
1824 
1825 	cnt = mt76_rr(dev, MT_ETBF_PAR_RPT0(band));
1826 	mib->tx_bf_rx_fb_bw = FIELD_GET(MT_ETBF_PAR_RPT0_FB_BW, cnt);
1827 	mib->tx_bf_rx_fb_nc_cnt += FIELD_GET(MT_ETBF_PAR_RPT0_FB_NC, cnt);
1828 	mib->tx_bf_rx_fb_nr_cnt += FIELD_GET(MT_ETBF_PAR_RPT0_FB_NR, cnt);
1829 
1830 	for (i = 0; i < ARRAY_SIZE(mib->tx_amsdu); i++) {
1831 		cnt = mt76_rr(dev, MT_PLE_AMSDU_PACK_MSDU_CNT(i));
1832 		mib->tx_amsdu[i] += cnt;
1833 		mib->tx_amsdu_cnt += cnt;
1834 	}
1835 
1836 	if (is_mt7915(&dev->mt76)) {
1837 		for (i = 0, aggr1 = aggr0 + 8; i < 4; i++) {
1838 			val = mt76_rr(dev, MT_MIB_MB_SDR1(band, (i << 4)));
1839 			mib->ba_miss_cnt +=
1840 				FIELD_GET(MT_MIB_BA_MISS_COUNT_MASK, val);
1841 			mib->ack_fail_cnt +=
1842 				FIELD_GET(MT_MIB_ACK_FAIL_COUNT_MASK, val);
1843 
1844 			val = mt76_rr(dev, MT_MIB_MB_SDR0(band, (i << 4)));
1845 			mib->rts_cnt += FIELD_GET(MT_MIB_RTS_COUNT_MASK, val);
1846 			mib->rts_retries_cnt +=
1847 				FIELD_GET(MT_MIB_RTS_RETRIES_COUNT_MASK, val);
1848 
1849 			val = mt76_rr(dev, MT_TX_AGG_CNT(band, i));
1850 			phy->mt76->aggr_stats[aggr0++] += val & 0xffff;
1851 			phy->mt76->aggr_stats[aggr0++] += val >> 16;
1852 
1853 			val = mt76_rr(dev, MT_TX_AGG_CNT2(band, i));
1854 			phy->mt76->aggr_stats[aggr1++] += val & 0xffff;
1855 			phy->mt76->aggr_stats[aggr1++] += val >> 16;
1856 		}
1857 
1858 		cnt = mt76_rr(dev, MT_MIB_SDR32(band));
1859 		mib->tx_pkt_ebf_cnt += FIELD_GET(MT_MIB_SDR32_TX_PKT_EBF_CNT, cnt);
1860 
1861 		cnt = mt76_rr(dev, MT_MIB_SDR33(band));
1862 		mib->tx_pkt_ibf_cnt += FIELD_GET(MT_MIB_SDR33_TX_PKT_IBF_CNT, cnt);
1863 
1864 		cnt = mt76_rr(dev, MT_ETBF_TX_APP_CNT(band));
1865 		mib->tx_bf_ibf_ppdu_cnt += FIELD_GET(MT_ETBF_TX_IBF_CNT, cnt);
1866 		mib->tx_bf_ebf_ppdu_cnt += FIELD_GET(MT_ETBF_TX_EBF_CNT, cnt);
1867 
1868 		cnt = mt76_rr(dev, MT_ETBF_TX_NDP_BFRP(band));
1869 		mib->tx_bf_fb_cpl_cnt += FIELD_GET(MT_ETBF_TX_FB_CPL, cnt);
1870 		mib->tx_bf_fb_trig_cnt += FIELD_GET(MT_ETBF_TX_FB_TRI, cnt);
1871 
1872 		cnt = mt76_rr(dev, MT_ETBF_RX_FB_CNT(band));
1873 		mib->tx_bf_rx_fb_all_cnt += FIELD_GET(MT_ETBF_RX_FB_ALL, cnt);
1874 		mib->tx_bf_rx_fb_he_cnt += FIELD_GET(MT_ETBF_RX_FB_HE, cnt);
1875 		mib->tx_bf_rx_fb_vht_cnt += FIELD_GET(MT_ETBF_RX_FB_VHT, cnt);
1876 		mib->tx_bf_rx_fb_ht_cnt += FIELD_GET(MT_ETBF_RX_FB_HT, cnt);
1877 	} else {
1878 		for (i = 0; i < 2; i++) {
1879 			/* rts count */
1880 			val = mt76_rr(dev, MT_MIB_MB_SDR0(band, (i << 2)));
1881 			mib->rts_cnt += FIELD_GET(GENMASK(15, 0), val);
1882 			mib->rts_cnt += FIELD_GET(GENMASK(31, 16), val);
1883 
1884 			/* rts retry count */
1885 			val = mt76_rr(dev, MT_MIB_MB_SDR1(band, (i << 2)));
1886 			mib->rts_retries_cnt += FIELD_GET(GENMASK(15, 0), val);
1887 			mib->rts_retries_cnt += FIELD_GET(GENMASK(31, 16), val);
1888 
1889 			/* ba miss count */
1890 			val = mt76_rr(dev, MT_MIB_MB_SDR2(band, (i << 2)));
1891 			mib->ba_miss_cnt += FIELD_GET(GENMASK(15, 0), val);
1892 			mib->ba_miss_cnt += FIELD_GET(GENMASK(31, 16), val);
1893 
1894 			/* ack fail count */
1895 			val = mt76_rr(dev, MT_MIB_MB_BFTF(band, (i << 2)));
1896 			mib->ack_fail_cnt += FIELD_GET(GENMASK(15, 0), val);
1897 			mib->ack_fail_cnt += FIELD_GET(GENMASK(31, 16), val);
1898 		}
1899 
1900 		for (i = 0; i < 8; i++) {
1901 			val = mt76_rr(dev, MT_TX_AGG_CNT(band, i));
1902 			phy->mt76->aggr_stats[aggr0++] += FIELD_GET(GENMASK(15, 0), val);
1903 			phy->mt76->aggr_stats[aggr0++] += FIELD_GET(GENMASK(31, 16), val);
1904 		}
1905 
1906 		cnt = mt76_rr(dev, MT_MIB_SDR32(band));
1907 		mib->tx_pkt_ibf_cnt += FIELD_GET(MT_MIB_SDR32_TX_PKT_IBF_CNT, cnt);
1908 		mib->tx_bf_ibf_ppdu_cnt += FIELD_GET(MT_MIB_SDR32_TX_PKT_IBF_CNT, cnt);
1909 		mib->tx_pkt_ebf_cnt += FIELD_GET(MT_MIB_SDR32_TX_PKT_EBF_CNT, cnt);
1910 		mib->tx_bf_ebf_ppdu_cnt += FIELD_GET(MT_MIB_SDR32_TX_PKT_EBF_CNT, cnt);
1911 
1912 		cnt = mt76_rr(dev, MT_MIB_BFCR7(band));
1913 		mib->tx_bf_fb_cpl_cnt += FIELD_GET(MT_MIB_BFCR7_BFEE_TX_FB_CPL, cnt);
1914 
1915 		cnt = mt76_rr(dev, MT_MIB_BFCR2(band));
1916 		mib->tx_bf_fb_trig_cnt += FIELD_GET(MT_MIB_BFCR2_BFEE_TX_FB_TRIG, cnt);
1917 
1918 		cnt = mt76_rr(dev, MT_MIB_BFCR0(band));
1919 		mib->tx_bf_rx_fb_vht_cnt += FIELD_GET(MT_MIB_BFCR0_RX_FB_VHT, cnt);
1920 		mib->tx_bf_rx_fb_all_cnt += FIELD_GET(MT_MIB_BFCR0_RX_FB_VHT, cnt);
1921 		mib->tx_bf_rx_fb_ht_cnt += FIELD_GET(MT_MIB_BFCR0_RX_FB_HT, cnt);
1922 		mib->tx_bf_rx_fb_all_cnt += FIELD_GET(MT_MIB_BFCR0_RX_FB_HT, cnt);
1923 
1924 		cnt = mt76_rr(dev, MT_MIB_BFCR1(band));
1925 		mib->tx_bf_rx_fb_he_cnt += FIELD_GET(MT_MIB_BFCR1_RX_FB_HE, cnt);
1926 		mib->tx_bf_rx_fb_all_cnt += FIELD_GET(MT_MIB_BFCR1_RX_FB_HE, cnt);
1927 	}
1928 }
1929 
1930 static void mt7915_mac_severe_check(struct mt7915_phy *phy)
1931 {
1932 	struct mt7915_dev *dev = phy->dev;
1933 	u32 trb;
1934 
1935 	if (!phy->omac_mask)
1936 		return;
1937 
1938 	/* In rare cases, TRB pointers might be out of sync leads to RMAC
1939 	 * stopping Rx, so check status periodically to see if TRB hardware
1940 	 * requires minimal recovery.
1941 	 */
1942 	trb = mt76_rr(dev, MT_TRB_RXPSR0(phy->mt76->band_idx));
1943 
1944 	if ((FIELD_GET(MT_TRB_RXPSR0_RX_RMAC_PTR, trb) !=
1945 	     FIELD_GET(MT_TRB_RXPSR0_RX_WTBL_PTR, trb)) &&
1946 	    (FIELD_GET(MT_TRB_RXPSR0_RX_RMAC_PTR, phy->trb_ts) !=
1947 	     FIELD_GET(MT_TRB_RXPSR0_RX_WTBL_PTR, phy->trb_ts)) &&
1948 	    trb == phy->trb_ts)
1949 		mt7915_mcu_set_ser(dev, SER_RECOVER, SER_SET_RECOVER_L3_RX_ABORT,
1950 				   phy->mt76->band_idx);
1951 
1952 	phy->trb_ts = trb;
1953 }
1954 
1955 void mt7915_mac_sta_rc_work(struct work_struct *work)
1956 {
1957 	struct mt7915_dev *dev = container_of(work, struct mt7915_dev, rc_work);
1958 	struct ieee80211_sta *sta;
1959 	struct ieee80211_vif *vif;
1960 	struct mt7915_sta *msta;
1961 	u32 changed;
1962 	LIST_HEAD(list);
1963 
1964 	spin_lock_bh(&dev->mt76.sta_poll_lock);
1965 	list_splice_init(&dev->sta_rc_list, &list);
1966 
1967 	while (!list_empty(&list)) {
1968 		msta = list_first_entry(&list, struct mt7915_sta, rc_list);
1969 		list_del_init(&msta->rc_list);
1970 		changed = msta->changed;
1971 		msta->changed = 0;
1972 		spin_unlock_bh(&dev->mt76.sta_poll_lock);
1973 
1974 		sta = container_of((void *)msta, struct ieee80211_sta, drv_priv);
1975 		vif = container_of((void *)msta->vif, struct ieee80211_vif, drv_priv);
1976 
1977 		if (changed & (IEEE80211_RC_SUPP_RATES_CHANGED |
1978 			       IEEE80211_RC_NSS_CHANGED |
1979 			       IEEE80211_RC_BW_CHANGED))
1980 			mt7915_mcu_add_rate_ctrl(dev, vif, sta, true);
1981 
1982 		if (changed & IEEE80211_RC_SMPS_CHANGED)
1983 			mt7915_mcu_add_smps(dev, vif, sta);
1984 
1985 		spin_lock_bh(&dev->mt76.sta_poll_lock);
1986 	}
1987 
1988 	spin_unlock_bh(&dev->mt76.sta_poll_lock);
1989 }
1990 
1991 void mt7915_mac_work(struct work_struct *work)
1992 {
1993 	struct mt7915_phy *phy;
1994 	struct mt76_phy *mphy;
1995 
1996 	mphy = (struct mt76_phy *)container_of(work, struct mt76_phy,
1997 					       mac_work.work);
1998 	phy = mphy->priv;
1999 
2000 	mutex_lock(&mphy->dev->mutex);
2001 
2002 	mt76_update_survey(mphy);
2003 	if (++mphy->mac_work_count == 5) {
2004 		mphy->mac_work_count = 0;
2005 
2006 		mt7915_mac_update_stats(phy);
2007 		mt7915_mac_severe_check(phy);
2008 
2009 		if (phy->dev->muru_debug)
2010 			mt7915_mcu_muru_debug_get(phy);
2011 	}
2012 
2013 	mutex_unlock(&mphy->dev->mutex);
2014 
2015 	mt76_tx_status_check(mphy->dev, false);
2016 
2017 	ieee80211_queue_delayed_work(mphy->hw, &mphy->mac_work,
2018 				     MT7915_WATCHDOG_TIME);
2019 }
2020 
2021 static void mt7915_dfs_stop_radar_detector(struct mt7915_phy *phy)
2022 {
2023 	struct mt7915_dev *dev = phy->dev;
2024 
2025 	if (phy->rdd_state & BIT(0))
2026 		mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_STOP, 0,
2027 					MT_RX_SEL0, 0);
2028 	if (phy->rdd_state & BIT(1))
2029 		mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_STOP, 1,
2030 					MT_RX_SEL0, 0);
2031 }
2032 
2033 static int mt7915_dfs_start_rdd(struct mt7915_dev *dev, int chain)
2034 {
2035 	int err, region;
2036 
2037 	switch (dev->mt76.region) {
2038 	case NL80211_DFS_ETSI:
2039 		region = 0;
2040 		break;
2041 	case NL80211_DFS_JP:
2042 		region = 2;
2043 		break;
2044 	case NL80211_DFS_FCC:
2045 	default:
2046 		region = 1;
2047 		break;
2048 	}
2049 
2050 	err = mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_START, chain,
2051 				      MT_RX_SEL0, region);
2052 	if (err < 0)
2053 		return err;
2054 
2055 	if (is_mt7915(&dev->mt76)) {
2056 		err = mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_SET_WF_ANT, chain,
2057 					      0, dev->dbdc_support ? 2 : 0);
2058 		if (err < 0)
2059 			return err;
2060 	}
2061 
2062 	return mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_DET_MODE, chain,
2063 				       MT_RX_SEL0, 1);
2064 }
2065 
2066 static int mt7915_dfs_start_radar_detector(struct mt7915_phy *phy)
2067 {
2068 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2069 	struct mt7915_dev *dev = phy->dev;
2070 	int err;
2071 
2072 	/* start CAC */
2073 	err = mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_CAC_START,
2074 				      phy->mt76->band_idx, MT_RX_SEL0, 0);
2075 	if (err < 0)
2076 		return err;
2077 
2078 	err = mt7915_dfs_start_rdd(dev, phy->mt76->band_idx);
2079 	if (err < 0)
2080 		return err;
2081 
2082 	phy->rdd_state |= BIT(phy->mt76->band_idx);
2083 
2084 	if (!is_mt7915(&dev->mt76))
2085 		return 0;
2086 
2087 	if (chandef->width == NL80211_CHAN_WIDTH_160 ||
2088 	    chandef->width == NL80211_CHAN_WIDTH_80P80) {
2089 		err = mt7915_dfs_start_rdd(dev, 1);
2090 		if (err < 0)
2091 			return err;
2092 
2093 		phy->rdd_state |= BIT(1);
2094 	}
2095 
2096 	return 0;
2097 }
2098 
2099 static int
2100 mt7915_dfs_init_radar_specs(struct mt7915_phy *phy)
2101 {
2102 	const struct mt7915_dfs_radar_spec *radar_specs;
2103 	struct mt7915_dev *dev = phy->dev;
2104 	int err, i;
2105 
2106 	switch (dev->mt76.region) {
2107 	case NL80211_DFS_FCC:
2108 		radar_specs = &fcc_radar_specs;
2109 		err = mt7915_mcu_set_fcc5_lpn(dev, 8);
2110 		if (err < 0)
2111 			return err;
2112 		break;
2113 	case NL80211_DFS_ETSI:
2114 		radar_specs = &etsi_radar_specs;
2115 		break;
2116 	case NL80211_DFS_JP:
2117 		radar_specs = &jp_radar_specs;
2118 		break;
2119 	default:
2120 		return -EINVAL;
2121 	}
2122 
2123 	for (i = 0; i < ARRAY_SIZE(radar_specs->radar_pattern); i++) {
2124 		err = mt7915_mcu_set_radar_th(dev, i,
2125 					      &radar_specs->radar_pattern[i]);
2126 		if (err < 0)
2127 			return err;
2128 	}
2129 
2130 	return mt7915_mcu_set_pulse_th(dev, &radar_specs->pulse_th);
2131 }
2132 
2133 int mt7915_dfs_init_radar_detector(struct mt7915_phy *phy)
2134 {
2135 	struct mt7915_dev *dev = phy->dev;
2136 	enum mt76_dfs_state dfs_state, prev_state;
2137 	int err;
2138 
2139 	prev_state = phy->mt76->dfs_state;
2140 	dfs_state = mt76_phy_dfs_state(phy->mt76);
2141 
2142 	if (prev_state == dfs_state)
2143 		return 0;
2144 
2145 	if (prev_state == MT_DFS_STATE_UNKNOWN)
2146 		mt7915_dfs_stop_radar_detector(phy);
2147 
2148 	if (dfs_state == MT_DFS_STATE_DISABLED)
2149 		goto stop;
2150 
2151 	if (prev_state <= MT_DFS_STATE_DISABLED) {
2152 		err = mt7915_dfs_init_radar_specs(phy);
2153 		if (err < 0)
2154 			return err;
2155 
2156 		err = mt7915_dfs_start_radar_detector(phy);
2157 		if (err < 0)
2158 			return err;
2159 
2160 		phy->mt76->dfs_state = MT_DFS_STATE_CAC;
2161 	}
2162 
2163 	if (dfs_state == MT_DFS_STATE_CAC)
2164 		return 0;
2165 
2166 	err = mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_CAC_END,
2167 				      phy->mt76->band_idx, MT_RX_SEL0, 0);
2168 	if (err < 0) {
2169 		phy->mt76->dfs_state = MT_DFS_STATE_UNKNOWN;
2170 		return err;
2171 	}
2172 
2173 	phy->mt76->dfs_state = MT_DFS_STATE_ACTIVE;
2174 	return 0;
2175 
2176 stop:
2177 	err = mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_NORMAL_START,
2178 				      phy->mt76->band_idx, MT_RX_SEL0, 0);
2179 	if (err < 0)
2180 		return err;
2181 
2182 	if (is_mt7915(&dev->mt76)) {
2183 		err = mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_SET_WF_ANT,
2184 					      phy->mt76->band_idx, 0,
2185 					      dev->dbdc_support ? 2 : 0);
2186 		if (err < 0)
2187 			return err;
2188 	}
2189 
2190 	mt7915_dfs_stop_radar_detector(phy);
2191 	phy->mt76->dfs_state = MT_DFS_STATE_DISABLED;
2192 
2193 	return 0;
2194 }
2195 
2196 static int
2197 mt7915_mac_twt_duration_align(int duration)
2198 {
2199 	return duration << 8;
2200 }
2201 
2202 static u64
2203 mt7915_mac_twt_sched_list_add(struct mt7915_dev *dev,
2204 			      struct mt7915_twt_flow *flow)
2205 {
2206 	struct mt7915_twt_flow *iter, *iter_next;
2207 	u32 duration = flow->duration << 8;
2208 	u64 start_tsf;
2209 
2210 	iter = list_first_entry_or_null(&dev->twt_list,
2211 					struct mt7915_twt_flow, list);
2212 	if (!iter || !iter->sched || iter->start_tsf > duration) {
2213 		/* add flow as first entry in the list */
2214 		list_add(&flow->list, &dev->twt_list);
2215 		return 0;
2216 	}
2217 
2218 	list_for_each_entry_safe(iter, iter_next, &dev->twt_list, list) {
2219 		start_tsf = iter->start_tsf +
2220 			    mt7915_mac_twt_duration_align(iter->duration);
2221 		if (list_is_last(&iter->list, &dev->twt_list))
2222 			break;
2223 
2224 		if (!iter_next->sched ||
2225 		    iter_next->start_tsf > start_tsf + duration) {
2226 			list_add(&flow->list, &iter->list);
2227 			goto out;
2228 		}
2229 	}
2230 
2231 	/* add flow as last entry in the list */
2232 	list_add_tail(&flow->list, &dev->twt_list);
2233 out:
2234 	return start_tsf;
2235 }
2236 
2237 static int mt7915_mac_check_twt_req(struct ieee80211_twt_setup *twt)
2238 {
2239 	struct ieee80211_twt_params *twt_agrt;
2240 	u64 interval, duration;
2241 	u16 mantissa;
2242 	u8 exp;
2243 
2244 	/* only individual agreement supported */
2245 	if (twt->control & IEEE80211_TWT_CONTROL_NEG_TYPE_BROADCAST)
2246 		return -EOPNOTSUPP;
2247 
2248 	/* only 256us unit supported */
2249 	if (twt->control & IEEE80211_TWT_CONTROL_WAKE_DUR_UNIT)
2250 		return -EOPNOTSUPP;
2251 
2252 	twt_agrt = (struct ieee80211_twt_params *)twt->params;
2253 
2254 	/* explicit agreement not supported */
2255 	if (!(twt_agrt->req_type & cpu_to_le16(IEEE80211_TWT_REQTYPE_IMPLICIT)))
2256 		return -EOPNOTSUPP;
2257 
2258 	exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP,
2259 			le16_to_cpu(twt_agrt->req_type));
2260 	mantissa = le16_to_cpu(twt_agrt->mantissa);
2261 	duration = twt_agrt->min_twt_dur << 8;
2262 
2263 	interval = (u64)mantissa << exp;
2264 	if (interval < duration)
2265 		return -EOPNOTSUPP;
2266 
2267 	return 0;
2268 }
2269 
2270 static bool
2271 mt7915_mac_twt_param_equal(struct mt7915_sta *msta,
2272 			   struct ieee80211_twt_params *twt_agrt)
2273 {
2274 	u16 type = le16_to_cpu(twt_agrt->req_type);
2275 	u8 exp;
2276 	int i;
2277 
2278 	exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP, type);
2279 	for (i = 0; i < MT7915_MAX_STA_TWT_AGRT; i++) {
2280 		struct mt7915_twt_flow *f;
2281 
2282 		if (!(msta->twt.flowid_mask & BIT(i)))
2283 			continue;
2284 
2285 		f = &msta->twt.flow[i];
2286 		if (f->duration == twt_agrt->min_twt_dur &&
2287 		    f->mantissa == twt_agrt->mantissa &&
2288 		    f->exp == exp &&
2289 		    f->protection == !!(type & IEEE80211_TWT_REQTYPE_PROTECTION) &&
2290 		    f->flowtype == !!(type & IEEE80211_TWT_REQTYPE_FLOWTYPE) &&
2291 		    f->trigger == !!(type & IEEE80211_TWT_REQTYPE_TRIGGER))
2292 			return true;
2293 	}
2294 
2295 	return false;
2296 }
2297 
2298 void mt7915_mac_add_twt_setup(struct ieee80211_hw *hw,
2299 			      struct ieee80211_sta *sta,
2300 			      struct ieee80211_twt_setup *twt)
2301 {
2302 	enum ieee80211_twt_setup_cmd setup_cmd = TWT_SETUP_CMD_REJECT;
2303 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
2304 	struct ieee80211_twt_params *twt_agrt = (void *)twt->params;
2305 	u16 req_type = le16_to_cpu(twt_agrt->req_type);
2306 	enum ieee80211_twt_setup_cmd sta_setup_cmd;
2307 	struct mt7915_dev *dev = mt7915_hw_dev(hw);
2308 	struct mt7915_twt_flow *flow;
2309 	int flowid, table_id;
2310 	u8 exp;
2311 
2312 	if (mt7915_mac_check_twt_req(twt))
2313 		goto out;
2314 
2315 	mutex_lock(&dev->mt76.mutex);
2316 
2317 	if (dev->twt.n_agrt == MT7915_MAX_TWT_AGRT)
2318 		goto unlock;
2319 
2320 	if (hweight8(msta->twt.flowid_mask) == ARRAY_SIZE(msta->twt.flow))
2321 		goto unlock;
2322 
2323 	if (twt_agrt->min_twt_dur < MT7915_MIN_TWT_DUR) {
2324 		setup_cmd = TWT_SETUP_CMD_DICTATE;
2325 		twt_agrt->min_twt_dur = MT7915_MIN_TWT_DUR;
2326 		goto unlock;
2327 	}
2328 
2329 	flowid = ffs(~msta->twt.flowid_mask) - 1;
2330 	twt_agrt->req_type &= ~cpu_to_le16(IEEE80211_TWT_REQTYPE_FLOWID);
2331 	twt_agrt->req_type |= le16_encode_bits(flowid,
2332 					       IEEE80211_TWT_REQTYPE_FLOWID);
2333 
2334 	table_id = ffs(~dev->twt.table_mask) - 1;
2335 	exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP, req_type);
2336 	sta_setup_cmd = FIELD_GET(IEEE80211_TWT_REQTYPE_SETUP_CMD, req_type);
2337 
2338 	if (mt7915_mac_twt_param_equal(msta, twt_agrt))
2339 		goto unlock;
2340 
2341 	flow = &msta->twt.flow[flowid];
2342 	memset(flow, 0, sizeof(*flow));
2343 	INIT_LIST_HEAD(&flow->list);
2344 	flow->wcid = msta->wcid.idx;
2345 	flow->table_id = table_id;
2346 	flow->id = flowid;
2347 	flow->duration = twt_agrt->min_twt_dur;
2348 	flow->mantissa = twt_agrt->mantissa;
2349 	flow->exp = exp;
2350 	flow->protection = !!(req_type & IEEE80211_TWT_REQTYPE_PROTECTION);
2351 	flow->flowtype = !!(req_type & IEEE80211_TWT_REQTYPE_FLOWTYPE);
2352 	flow->trigger = !!(req_type & IEEE80211_TWT_REQTYPE_TRIGGER);
2353 
2354 	if (sta_setup_cmd == TWT_SETUP_CMD_REQUEST ||
2355 	    sta_setup_cmd == TWT_SETUP_CMD_SUGGEST) {
2356 		u64 interval = (u64)le16_to_cpu(twt_agrt->mantissa) << exp;
2357 		u64 flow_tsf, curr_tsf;
2358 		u32 rem;
2359 
2360 		flow->sched = true;
2361 		flow->start_tsf = mt7915_mac_twt_sched_list_add(dev, flow);
2362 		curr_tsf = __mt7915_get_tsf(hw, msta->vif);
2363 		div_u64_rem(curr_tsf - flow->start_tsf, interval, &rem);
2364 		flow_tsf = curr_tsf + interval - rem;
2365 		twt_agrt->twt = cpu_to_le64(flow_tsf);
2366 	} else {
2367 		list_add_tail(&flow->list, &dev->twt_list);
2368 	}
2369 	flow->tsf = le64_to_cpu(twt_agrt->twt);
2370 
2371 	if (mt7915_mcu_twt_agrt_update(dev, msta->vif, flow, MCU_TWT_AGRT_ADD))
2372 		goto unlock;
2373 
2374 	setup_cmd = TWT_SETUP_CMD_ACCEPT;
2375 	dev->twt.table_mask |= BIT(table_id);
2376 	msta->twt.flowid_mask |= BIT(flowid);
2377 	dev->twt.n_agrt++;
2378 
2379 unlock:
2380 	mutex_unlock(&dev->mt76.mutex);
2381 out:
2382 	twt_agrt->req_type &= ~cpu_to_le16(IEEE80211_TWT_REQTYPE_SETUP_CMD);
2383 	twt_agrt->req_type |=
2384 		le16_encode_bits(setup_cmd, IEEE80211_TWT_REQTYPE_SETUP_CMD);
2385 	twt->control = (twt->control & IEEE80211_TWT_CONTROL_WAKE_DUR_UNIT) |
2386 		       (twt->control & IEEE80211_TWT_CONTROL_RX_DISABLED);
2387 }
2388 
2389 void mt7915_mac_twt_teardown_flow(struct mt7915_dev *dev,
2390 				  struct mt7915_sta *msta,
2391 				  u8 flowid)
2392 {
2393 	struct mt7915_twt_flow *flow;
2394 
2395 	lockdep_assert_held(&dev->mt76.mutex);
2396 
2397 	if (flowid >= ARRAY_SIZE(msta->twt.flow))
2398 		return;
2399 
2400 	if (!(msta->twt.flowid_mask & BIT(flowid)))
2401 		return;
2402 
2403 	flow = &msta->twt.flow[flowid];
2404 	if (mt7915_mcu_twt_agrt_update(dev, msta->vif, flow,
2405 				       MCU_TWT_AGRT_DELETE))
2406 		return;
2407 
2408 	list_del_init(&flow->list);
2409 	msta->twt.flowid_mask &= ~BIT(flowid);
2410 	dev->twt.table_mask &= ~BIT(flow->table_id);
2411 	dev->twt.n_agrt--;
2412 }
2413