xref: /linux/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c (revision a4eb44a6435d6d8f9e642407a4a06f65eb90ca04)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2020 MediaTek Inc. */
3 
4 #include <linux/firmware.h>
5 #include <linux/fs.h>
6 #include "mt7915.h"
7 #include "mcu.h"
8 #include "mac.h"
9 #include "eeprom.h"
10 
11 struct mt7915_patch_hdr {
12 	char build_date[16];
13 	char platform[4];
14 	__be32 hw_sw_ver;
15 	__be32 patch_ver;
16 	__be16 checksum;
17 	u16 reserved;
18 	struct {
19 		__be32 patch_ver;
20 		__be32 subsys;
21 		__be32 feature;
22 		__be32 n_region;
23 		__be32 crc;
24 		u32 reserved[11];
25 	} desc;
26 } __packed;
27 
28 struct mt7915_patch_sec {
29 	__be32 type;
30 	__be32 offs;
31 	__be32 size;
32 	union {
33 		__be32 spec[13];
34 		struct {
35 			__be32 addr;
36 			__be32 len;
37 			__be32 sec_key_idx;
38 			__be32 align_len;
39 			u32 reserved[9];
40 		} info;
41 	};
42 } __packed;
43 
44 struct mt7915_fw_trailer {
45 	u8 chip_id;
46 	u8 eco_code;
47 	u8 n_region;
48 	u8 format_ver;
49 	u8 format_flag;
50 	u8 reserved[2];
51 	char fw_ver[10];
52 	char build_date[15];
53 	u32 crc;
54 } __packed;
55 
56 struct mt7915_fw_region {
57 	__le32 decomp_crc;
58 	__le32 decomp_len;
59 	__le32 decomp_blk_sz;
60 	u8 reserved[4];
61 	__le32 addr;
62 	__le32 len;
63 	u8 feature_set;
64 	u8 reserved1[15];
65 } __packed;
66 
67 #define MCU_PATCH_ADDRESS		0x200000
68 
69 #define FW_FEATURE_SET_ENCRYPT		BIT(0)
70 #define FW_FEATURE_SET_KEY_IDX		GENMASK(2, 1)
71 #define FW_FEATURE_OVERRIDE_ADDR	BIT(5)
72 
73 #define DL_MODE_ENCRYPT			BIT(0)
74 #define DL_MODE_KEY_IDX			GENMASK(2, 1)
75 #define DL_MODE_RESET_SEC_IV		BIT(3)
76 #define DL_MODE_WORKING_PDA_CR4		BIT(4)
77 #define DL_MODE_NEED_RSP		BIT(31)
78 
79 #define FW_START_OVERRIDE		BIT(0)
80 #define FW_START_WORKING_PDA_CR4	BIT(2)
81 
82 #define PATCH_SEC_TYPE_MASK		GENMASK(15, 0)
83 #define PATCH_SEC_TYPE_INFO		0x2
84 
85 #define to_wcid_lo(id)			FIELD_GET(GENMASK(7, 0), (u16)id)
86 #define to_wcid_hi(id)			FIELD_GET(GENMASK(9, 8), (u16)id)
87 
88 #define HE_PHY(p, c)			u8_get_bits(c, IEEE80211_HE_PHY_##p)
89 #define HE_MAC(m, c)			u8_get_bits(c, IEEE80211_HE_MAC_##m)
90 
91 static enum mcu_cipher_type
92 mt7915_mcu_get_cipher(int cipher)
93 {
94 	switch (cipher) {
95 	case WLAN_CIPHER_SUITE_WEP40:
96 		return MCU_CIPHER_WEP40;
97 	case WLAN_CIPHER_SUITE_WEP104:
98 		return MCU_CIPHER_WEP104;
99 	case WLAN_CIPHER_SUITE_TKIP:
100 		return MCU_CIPHER_TKIP;
101 	case WLAN_CIPHER_SUITE_AES_CMAC:
102 		return MCU_CIPHER_BIP_CMAC_128;
103 	case WLAN_CIPHER_SUITE_CCMP:
104 		return MCU_CIPHER_AES_CCMP;
105 	case WLAN_CIPHER_SUITE_CCMP_256:
106 		return MCU_CIPHER_CCMP_256;
107 	case WLAN_CIPHER_SUITE_GCMP:
108 		return MCU_CIPHER_GCMP;
109 	case WLAN_CIPHER_SUITE_GCMP_256:
110 		return MCU_CIPHER_GCMP_256;
111 	case WLAN_CIPHER_SUITE_SMS4:
112 		return MCU_CIPHER_WAPI;
113 	default:
114 		return MCU_CIPHER_NONE;
115 	}
116 }
117 
118 static u8 mt7915_mcu_chan_bw(struct cfg80211_chan_def *chandef)
119 {
120 	static const u8 width_to_bw[] = {
121 		[NL80211_CHAN_WIDTH_40] = CMD_CBW_40MHZ,
122 		[NL80211_CHAN_WIDTH_80] = CMD_CBW_80MHZ,
123 		[NL80211_CHAN_WIDTH_80P80] = CMD_CBW_8080MHZ,
124 		[NL80211_CHAN_WIDTH_160] = CMD_CBW_160MHZ,
125 		[NL80211_CHAN_WIDTH_5] = CMD_CBW_5MHZ,
126 		[NL80211_CHAN_WIDTH_10] = CMD_CBW_10MHZ,
127 		[NL80211_CHAN_WIDTH_20] = CMD_CBW_20MHZ,
128 		[NL80211_CHAN_WIDTH_20_NOHT] = CMD_CBW_20MHZ,
129 	};
130 
131 	if (chandef->width >= ARRAY_SIZE(width_to_bw))
132 		return 0;
133 
134 	return width_to_bw[chandef->width];
135 }
136 
137 static const struct ieee80211_sta_he_cap *
138 mt7915_get_he_phy_cap(struct mt7915_phy *phy, struct ieee80211_vif *vif)
139 {
140 	struct ieee80211_supported_band *sband;
141 	enum nl80211_band band;
142 
143 	band = phy->mt76->chandef.chan->band;
144 	sband = phy->mt76->hw->wiphy->bands[band];
145 
146 	return ieee80211_get_he_iftype_cap(sband, vif->type);
147 }
148 
149 static u8
150 mt7915_get_phy_mode(struct ieee80211_vif *vif, struct ieee80211_sta *sta)
151 {
152 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
153 	enum nl80211_band band = mvif->phy->mt76->chandef.chan->band;
154 	struct ieee80211_sta_ht_cap *ht_cap;
155 	struct ieee80211_sta_vht_cap *vht_cap;
156 	const struct ieee80211_sta_he_cap *he_cap;
157 	u8 mode = 0;
158 
159 	if (sta) {
160 		ht_cap = &sta->ht_cap;
161 		vht_cap = &sta->vht_cap;
162 		he_cap = &sta->he_cap;
163 	} else {
164 		struct ieee80211_supported_band *sband;
165 
166 		sband = mvif->phy->mt76->hw->wiphy->bands[band];
167 
168 		ht_cap = &sband->ht_cap;
169 		vht_cap = &sband->vht_cap;
170 		he_cap = ieee80211_get_he_iftype_cap(sband, vif->type);
171 	}
172 
173 	if (band == NL80211_BAND_2GHZ) {
174 		mode |= PHY_MODE_B | PHY_MODE_G;
175 
176 		if (ht_cap->ht_supported)
177 			mode |= PHY_MODE_GN;
178 
179 		if (he_cap && he_cap->has_he)
180 			mode |= PHY_MODE_AX_24G;
181 	} else if (band == NL80211_BAND_5GHZ) {
182 		mode |= PHY_MODE_A;
183 
184 		if (ht_cap->ht_supported)
185 			mode |= PHY_MODE_AN;
186 
187 		if (vht_cap->vht_supported)
188 			mode |= PHY_MODE_AC;
189 
190 		if (he_cap && he_cap->has_he)
191 			mode |= PHY_MODE_AX_5G;
192 	}
193 
194 	return mode;
195 }
196 
197 static u8
198 mt7915_mcu_get_sta_nss(u16 mcs_map)
199 {
200 	u8 nss;
201 
202 	for (nss = 8; nss > 0; nss--) {
203 		u8 nss_mcs = (mcs_map >> (2 * (nss - 1))) & 3;
204 
205 		if (nss_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED)
206 			break;
207 	}
208 
209 	return nss - 1;
210 }
211 
212 static void
213 mt7915_mcu_set_sta_he_mcs(struct ieee80211_sta *sta, __le16 *he_mcs,
214 			  const u16 *mask)
215 {
216 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
217 	struct cfg80211_chan_def *chandef = &msta->vif->phy->mt76->chandef;
218 	int nss, max_nss = sta->rx_nss > 3 ? 4 : sta->rx_nss;
219 	u16 mcs_map;
220 
221 	switch (chandef->width) {
222 	case NL80211_CHAN_WIDTH_80P80:
223 		mcs_map = le16_to_cpu(sta->he_cap.he_mcs_nss_supp.rx_mcs_80p80);
224 		break;
225 	case NL80211_CHAN_WIDTH_160:
226 		mcs_map = le16_to_cpu(sta->he_cap.he_mcs_nss_supp.rx_mcs_160);
227 		break;
228 	default:
229 		mcs_map = le16_to_cpu(sta->he_cap.he_mcs_nss_supp.rx_mcs_80);
230 		break;
231 	}
232 
233 	for (nss = 0; nss < max_nss; nss++) {
234 		int mcs;
235 
236 		switch ((mcs_map >> (2 * nss)) & 0x3) {
237 		case IEEE80211_HE_MCS_SUPPORT_0_11:
238 			mcs = GENMASK(11, 0);
239 			break;
240 		case IEEE80211_HE_MCS_SUPPORT_0_9:
241 			mcs = GENMASK(9, 0);
242 			break;
243 		case IEEE80211_HE_MCS_SUPPORT_0_7:
244 			mcs = GENMASK(7, 0);
245 			break;
246 		default:
247 			mcs = 0;
248 		}
249 
250 		mcs = mcs ? fls(mcs & mask[nss]) - 1 : -1;
251 
252 		switch (mcs) {
253 		case 0 ... 7:
254 			mcs = IEEE80211_HE_MCS_SUPPORT_0_7;
255 			break;
256 		case 8 ... 9:
257 			mcs = IEEE80211_HE_MCS_SUPPORT_0_9;
258 			break;
259 		case 10 ... 11:
260 			mcs = IEEE80211_HE_MCS_SUPPORT_0_11;
261 			break;
262 		default:
263 			mcs = IEEE80211_HE_MCS_NOT_SUPPORTED;
264 			break;
265 		}
266 		mcs_map &= ~(0x3 << (nss * 2));
267 		mcs_map |= mcs << (nss * 2);
268 
269 		/* only support 2ss on 160MHz */
270 		if (nss > 1 && (sta->bandwidth == IEEE80211_STA_RX_BW_160))
271 			break;
272 	}
273 
274 	*he_mcs = cpu_to_le16(mcs_map);
275 }
276 
277 static void
278 mt7915_mcu_set_sta_vht_mcs(struct ieee80211_sta *sta, __le16 *vht_mcs,
279 			   const u16 *mask)
280 {
281 	u16 mcs_map = le16_to_cpu(sta->vht_cap.vht_mcs.rx_mcs_map);
282 	int nss, max_nss = sta->rx_nss > 3 ? 4 : sta->rx_nss;
283 	u16 mcs;
284 
285 	for (nss = 0; nss < max_nss; nss++, mcs_map >>= 2) {
286 		switch (mcs_map & 0x3) {
287 		case IEEE80211_VHT_MCS_SUPPORT_0_9:
288 			mcs = GENMASK(9, 0);
289 			break;
290 		case IEEE80211_VHT_MCS_SUPPORT_0_8:
291 			mcs = GENMASK(8, 0);
292 			break;
293 		case IEEE80211_VHT_MCS_SUPPORT_0_7:
294 			mcs = GENMASK(7, 0);
295 			break;
296 		default:
297 			mcs = 0;
298 		}
299 
300 		vht_mcs[nss] = cpu_to_le16(mcs & mask[nss]);
301 
302 		/* only support 2ss on 160MHz */
303 		if (nss > 1 && (sta->bandwidth == IEEE80211_STA_RX_BW_160))
304 			break;
305 	}
306 }
307 
308 static void
309 mt7915_mcu_set_sta_ht_mcs(struct ieee80211_sta *sta, u8 *ht_mcs,
310 			  const u8 *mask)
311 {
312 	int nss, max_nss = sta->rx_nss > 3 ? 4 : sta->rx_nss;
313 
314 	for (nss = 0; nss < max_nss; nss++)
315 		ht_mcs[nss] = sta->ht_cap.mcs.rx_mask[nss] & mask[nss];
316 }
317 
318 static int
319 mt7915_mcu_parse_response(struct mt76_dev *mdev, int cmd,
320 			  struct sk_buff *skb, int seq)
321 {
322 	struct mt7915_mcu_rxd *rxd;
323 	int ret = 0;
324 
325 	if (!skb) {
326 		dev_err(mdev->dev, "Message %08x (seq %d) timeout\n",
327 			cmd, seq);
328 		return -ETIMEDOUT;
329 	}
330 
331 	rxd = (struct mt7915_mcu_rxd *)skb->data;
332 	if (seq != rxd->seq)
333 		return -EAGAIN;
334 
335 	if (cmd == MCU_CMD(PATCH_SEM_CONTROL)) {
336 		skb_pull(skb, sizeof(*rxd) - 4);
337 		ret = *skb->data;
338 	} else if (cmd == MCU_EXT_CMD(THERMAL_CTRL)) {
339 		skb_pull(skb, sizeof(*rxd) + 4);
340 		ret = le32_to_cpu(*(__le32 *)skb->data);
341 	} else {
342 		skb_pull(skb, sizeof(struct mt7915_mcu_rxd));
343 	}
344 
345 	return ret;
346 }
347 
348 static int
349 mt7915_mcu_send_message(struct mt76_dev *mdev, struct sk_buff *skb,
350 			int cmd, int *wait_seq)
351 {
352 	struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);
353 	struct mt7915_mcu_txd *mcu_txd;
354 	enum mt76_mcuq_id qid;
355 	__le32 *txd;
356 	u32 val;
357 	u8 seq;
358 
359 	/* TODO: make dynamic based on msg type */
360 	mdev->mcu.timeout = 20 * HZ;
361 
362 	seq = ++dev->mt76.mcu.msg_seq & 0xf;
363 	if (!seq)
364 		seq = ++dev->mt76.mcu.msg_seq & 0xf;
365 
366 	if (cmd == MCU_CMD(FW_SCATTER)) {
367 		qid = MT_MCUQ_FWDL;
368 		goto exit;
369 	}
370 
371 	mcu_txd = (struct mt7915_mcu_txd *)skb_push(skb, sizeof(*mcu_txd));
372 	if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state))
373 		qid = MT_MCUQ_WA;
374 	else
375 		qid = MT_MCUQ_WM;
376 
377 	txd = mcu_txd->txd;
378 
379 	val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len) |
380 	      FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CMD) |
381 	      FIELD_PREP(MT_TXD0_Q_IDX, MT_TX_MCU_PORT_RX_Q0);
382 	txd[0] = cpu_to_le32(val);
383 
384 	val = MT_TXD1_LONG_FORMAT |
385 	      FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD);
386 	txd[1] = cpu_to_le32(val);
387 
388 	mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
389 	mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU,
390 					       MT_TX_MCU_PORT_RX_Q0));
391 	mcu_txd->pkt_type = MCU_PKT_ID;
392 	mcu_txd->seq = seq;
393 
394 	mcu_txd->cid = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
395 	mcu_txd->set_query = MCU_Q_NA;
396 	mcu_txd->ext_cid = FIELD_GET(__MCU_CMD_FIELD_EXT_ID, cmd);
397 	if (mcu_txd->ext_cid) {
398 		mcu_txd->ext_cid_ack = 1;
399 
400 		/* do not use Q_SET for efuse */
401 		if (cmd & __MCU_CMD_FIELD_QUERY)
402 			mcu_txd->set_query = MCU_Q_QUERY;
403 		else
404 			mcu_txd->set_query = MCU_Q_SET;
405 	}
406 
407 	if (cmd & __MCU_CMD_FIELD_WA)
408 		mcu_txd->s2d_index = MCU_S2D_H2C;
409 	else
410 		mcu_txd->s2d_index = MCU_S2D_H2N;
411 
412 exit:
413 	if (wait_seq)
414 		*wait_seq = seq;
415 
416 	return mt76_tx_queue_skb_raw(dev, mdev->q_mcu[qid], skb, 0);
417 }
418 
419 int mt7915_mcu_wa_cmd(struct mt7915_dev *dev, int cmd, u32 a1, u32 a2, u32 a3)
420 {
421 	struct {
422 		__le32 args[3];
423 	} req = {
424 		.args = {
425 			cpu_to_le32(a1),
426 			cpu_to_le32(a2),
427 			cpu_to_le32(a3),
428 		},
429 	};
430 
431 	return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), false);
432 }
433 
434 static void
435 mt7915_mcu_csa_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
436 {
437 	if (vif->csa_active)
438 		ieee80211_csa_finish(vif);
439 }
440 
441 static void
442 mt7915_mcu_rx_csa_notify(struct mt7915_dev *dev, struct sk_buff *skb)
443 {
444 	struct mt76_phy *mphy = &dev->mt76.phy;
445 	struct mt7915_mcu_csa_notify *c;
446 
447 	c = (struct mt7915_mcu_csa_notify *)skb->data;
448 
449 	if (c->band_idx && dev->mt76.phy2)
450 		mphy = dev->mt76.phy2;
451 
452 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
453 			IEEE80211_IFACE_ITER_RESUME_ALL,
454 			mt7915_mcu_csa_finish, mphy->hw);
455 }
456 
457 static void
458 mt7915_mcu_rx_thermal_notify(struct mt7915_dev *dev, struct sk_buff *skb)
459 {
460 	struct mt76_phy *mphy = &dev->mt76.phy;
461 	struct mt7915_mcu_thermal_notify *t;
462 	struct mt7915_phy *phy;
463 
464 	t = (struct mt7915_mcu_thermal_notify *)skb->data;
465 	if (t->ctrl.ctrl_id != THERMAL_PROTECT_ENABLE)
466 		return;
467 
468 	if (t->ctrl.band_idx && dev->mt76.phy2)
469 		mphy = dev->mt76.phy2;
470 
471 	phy = (struct mt7915_phy *)mphy->priv;
472 	phy->throttle_state = t->ctrl.duty.duty_cycle;
473 }
474 
475 static void
476 mt7915_mcu_rx_radar_detected(struct mt7915_dev *dev, struct sk_buff *skb)
477 {
478 	struct mt76_phy *mphy = &dev->mt76.phy;
479 	struct mt7915_mcu_rdd_report *r;
480 
481 	r = (struct mt7915_mcu_rdd_report *)skb->data;
482 
483 	if (r->band_idx && dev->mt76.phy2)
484 		mphy = dev->mt76.phy2;
485 
486 	ieee80211_radar_detected(mphy->hw);
487 	dev->hw_pattern++;
488 }
489 
490 static void
491 mt7915_mcu_rx_log_message(struct mt7915_dev *dev, struct sk_buff *skb)
492 {
493 	struct mt7915_mcu_rxd *rxd = (struct mt7915_mcu_rxd *)skb->data;
494 	const char *data = (char *)&rxd[1];
495 	const char *type;
496 
497 	switch (rxd->s2d_index) {
498 	case 0:
499 		type = "WM";
500 		break;
501 	case 2:
502 		type = "WA";
503 		break;
504 	default:
505 		type = "unknown";
506 		break;
507 	}
508 
509 	wiphy_info(mt76_hw(dev)->wiphy, "%s: %.*s", type,
510 		   (int)(skb->len - sizeof(*rxd)), data);
511 }
512 
513 static void
514 mt7915_mcu_cca_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
515 {
516 	if (!vif->color_change_active)
517 		return;
518 
519 	ieee80211_color_change_finish(vif);
520 }
521 
522 static void
523 mt7915_mcu_rx_ext_event(struct mt7915_dev *dev, struct sk_buff *skb)
524 {
525 	struct mt7915_mcu_rxd *rxd = (struct mt7915_mcu_rxd *)skb->data;
526 
527 	switch (rxd->ext_eid) {
528 	case MCU_EXT_EVENT_THERMAL_PROTECT:
529 		mt7915_mcu_rx_thermal_notify(dev, skb);
530 		break;
531 	case MCU_EXT_EVENT_RDD_REPORT:
532 		mt7915_mcu_rx_radar_detected(dev, skb);
533 		break;
534 	case MCU_EXT_EVENT_CSA_NOTIFY:
535 		mt7915_mcu_rx_csa_notify(dev, skb);
536 		break;
537 	case MCU_EXT_EVENT_FW_LOG_2_HOST:
538 		mt7915_mcu_rx_log_message(dev, skb);
539 		break;
540 	case MCU_EXT_EVENT_BCC_NOTIFY:
541 		ieee80211_iterate_active_interfaces_atomic(dev->mt76.hw,
542 				IEEE80211_IFACE_ITER_RESUME_ALL,
543 				mt7915_mcu_cca_finish, dev);
544 		break;
545 	default:
546 		break;
547 	}
548 }
549 
550 static void
551 mt7915_mcu_rx_unsolicited_event(struct mt7915_dev *dev, struct sk_buff *skb)
552 {
553 	struct mt7915_mcu_rxd *rxd = (struct mt7915_mcu_rxd *)skb->data;
554 
555 	switch (rxd->eid) {
556 	case MCU_EVENT_EXT:
557 		mt7915_mcu_rx_ext_event(dev, skb);
558 		break;
559 	default:
560 		break;
561 	}
562 	dev_kfree_skb(skb);
563 }
564 
565 void mt7915_mcu_rx_event(struct mt7915_dev *dev, struct sk_buff *skb)
566 {
567 	struct mt7915_mcu_rxd *rxd = (struct mt7915_mcu_rxd *)skb->data;
568 
569 	if (rxd->ext_eid == MCU_EXT_EVENT_THERMAL_PROTECT ||
570 	    rxd->ext_eid == MCU_EXT_EVENT_FW_LOG_2_HOST ||
571 	    rxd->ext_eid == MCU_EXT_EVENT_ASSERT_DUMP ||
572 	    rxd->ext_eid == MCU_EXT_EVENT_PS_SYNC ||
573 	    rxd->ext_eid == MCU_EXT_EVENT_BCC_NOTIFY ||
574 	    !rxd->seq)
575 		mt7915_mcu_rx_unsolicited_event(dev, skb);
576 	else
577 		mt76_mcu_rx_event(&dev->mt76, skb);
578 }
579 
580 static struct sk_buff *
581 mt7915_mcu_alloc_sta_req(struct mt7915_dev *dev, struct mt7915_vif *mvif,
582 			 struct mt7915_sta *msta, int len)
583 {
584 	struct sta_req_hdr hdr = {
585 		.bss_idx = mvif->mt76.idx,
586 		.wlan_idx_lo = msta ? to_wcid_lo(msta->wcid.idx) : 0,
587 		.wlan_idx_hi = msta ? to_wcid_hi(msta->wcid.idx) : 0,
588 		.muar_idx = msta && msta->wcid.sta ? mvif->mt76.omac_idx : 0xe,
589 		.is_tlv_append = 1,
590 	};
591 	struct sk_buff *skb;
592 
593 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
594 	if (!skb)
595 		return ERR_PTR(-ENOMEM);
596 
597 	skb_put_data(skb, &hdr, sizeof(hdr));
598 
599 	return skb;
600 }
601 
602 static struct wtbl_req_hdr *
603 mt7915_mcu_alloc_wtbl_req(struct mt7915_dev *dev, struct mt7915_sta *msta,
604 			  int cmd, void *sta_wtbl, struct sk_buff **skb)
605 {
606 	struct tlv *sta_hdr = sta_wtbl;
607 	struct wtbl_req_hdr hdr = {
608 		.wlan_idx_lo = to_wcid_lo(msta->wcid.idx),
609 		.wlan_idx_hi = to_wcid_hi(msta->wcid.idx),
610 		.operation = cmd,
611 	};
612 	struct sk_buff *nskb = *skb;
613 
614 	if (!nskb) {
615 		nskb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
616 					  MT76_CONNAC_WTBL_UPDATE_MAX_SIZE);
617 		if (!nskb)
618 			return ERR_PTR(-ENOMEM);
619 
620 		*skb = nskb;
621 	}
622 
623 	if (sta_hdr)
624 		le16_add_cpu(&sta_hdr->len, sizeof(hdr));
625 
626 	return skb_put_data(nskb, &hdr, sizeof(hdr));
627 }
628 
629 static struct tlv *
630 mt7915_mcu_add_nested_tlv(struct sk_buff *skb, int tag, int len,
631 			  void *sta_ntlv, void *sta_wtbl)
632 {
633 	struct sta_ntlv_hdr *ntlv_hdr = sta_ntlv;
634 	struct tlv *sta_hdr = sta_wtbl;
635 	struct tlv *ptlv, tlv = {
636 		.tag = cpu_to_le16(tag),
637 		.len = cpu_to_le16(len),
638 	};
639 	u16 ntlv;
640 
641 	ptlv = skb_put(skb, len);
642 	memcpy(ptlv, &tlv, sizeof(tlv));
643 
644 	ntlv = le16_to_cpu(ntlv_hdr->tlv_num);
645 	ntlv_hdr->tlv_num = cpu_to_le16(ntlv + 1);
646 
647 	if (sta_hdr) {
648 		u16 size = le16_to_cpu(sta_hdr->len);
649 
650 		sta_hdr->len = cpu_to_le16(size + len);
651 	}
652 
653 	return ptlv;
654 }
655 
656 static struct tlv *
657 mt7915_mcu_add_tlv(struct sk_buff *skb, int tag, int len)
658 {
659 	return mt7915_mcu_add_nested_tlv(skb, tag, len, skb->data, NULL);
660 }
661 
662 static struct tlv *
663 mt7915_mcu_add_nested_subtlv(struct sk_buff *skb, int sub_tag, int sub_len,
664 			     __le16 *sub_ntlv, __le16 *len)
665 {
666 	struct tlv *ptlv, tlv = {
667 		.tag = cpu_to_le16(sub_tag),
668 		.len = cpu_to_le16(sub_len),
669 	};
670 
671 	ptlv = skb_put(skb, sub_len);
672 	memcpy(ptlv, &tlv, sizeof(tlv));
673 
674 	le16_add_cpu(sub_ntlv, 1);
675 	le16_add_cpu(len, sub_len);
676 
677 	return ptlv;
678 }
679 
680 /** bss info **/
681 static int
682 mt7915_mcu_bss_basic_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
683 			 struct mt7915_phy *phy, bool enable)
684 {
685 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
686 	struct bss_info_basic *bss;
687 	u16 wlan_idx = mvif->sta.wcid.idx;
688 	u32 type = NETWORK_INFRA;
689 	struct tlv *tlv;
690 
691 	tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_BASIC, sizeof(*bss));
692 
693 	switch (vif->type) {
694 	case NL80211_IFTYPE_MESH_POINT:
695 	case NL80211_IFTYPE_AP:
696 	case NL80211_IFTYPE_MONITOR:
697 		break;
698 	case NL80211_IFTYPE_STATION:
699 		/* TODO: enable BSS_INFO_UAPSD & BSS_INFO_PM */
700 		if (enable) {
701 			struct ieee80211_sta *sta;
702 			struct mt7915_sta *msta;
703 
704 			rcu_read_lock();
705 			sta = ieee80211_find_sta(vif, vif->bss_conf.bssid);
706 			if (!sta) {
707 				rcu_read_unlock();
708 				return -EINVAL;
709 			}
710 
711 			msta = (struct mt7915_sta *)sta->drv_priv;
712 			wlan_idx = msta->wcid.idx;
713 			rcu_read_unlock();
714 		}
715 		break;
716 	case NL80211_IFTYPE_ADHOC:
717 		type = NETWORK_IBSS;
718 		break;
719 	default:
720 		WARN_ON(1);
721 		break;
722 	}
723 
724 	bss = (struct bss_info_basic *)tlv;
725 	bss->network_type = cpu_to_le32(type);
726 	bss->bmc_wcid_lo = to_wcid_lo(wlan_idx);
727 	bss->bmc_wcid_hi = to_wcid_hi(wlan_idx);
728 	bss->wmm_idx = mvif->mt76.wmm_idx;
729 	bss->active = enable;
730 
731 	if (vif->type != NL80211_IFTYPE_MONITOR) {
732 		memcpy(bss->bssid, vif->bss_conf.bssid, ETH_ALEN);
733 		bss->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
734 		bss->dtim_period = vif->bss_conf.dtim_period;
735 		bss->phy_mode = mt7915_get_phy_mode(vif, NULL);
736 	} else {
737 		memcpy(bss->bssid, phy->mt76->macaddr, ETH_ALEN);
738 	}
739 
740 	return 0;
741 }
742 
743 static void
744 mt7915_mcu_bss_omac_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
745 {
746 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
747 	struct bss_info_omac *omac;
748 	struct tlv *tlv;
749 	u32 type = 0;
750 	u8 idx;
751 
752 	tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_OMAC, sizeof(*omac));
753 
754 	switch (vif->type) {
755 	case NL80211_IFTYPE_MONITOR:
756 	case NL80211_IFTYPE_MESH_POINT:
757 	case NL80211_IFTYPE_AP:
758 		type = CONNECTION_INFRA_AP;
759 		break;
760 	case NL80211_IFTYPE_STATION:
761 		type = CONNECTION_INFRA_STA;
762 		break;
763 	case NL80211_IFTYPE_ADHOC:
764 		type = CONNECTION_IBSS_ADHOC;
765 		break;
766 	default:
767 		WARN_ON(1);
768 		break;
769 	}
770 
771 	omac = (struct bss_info_omac *)tlv;
772 	idx = mvif->mt76.omac_idx > EXT_BSSID_START ? HW_BSSID_0
773 						    : mvif->mt76.omac_idx;
774 	omac->conn_type = cpu_to_le32(type);
775 	omac->omac_idx = mvif->mt76.omac_idx;
776 	omac->band_idx = mvif->mt76.band_idx;
777 	omac->hw_bss_idx = idx;
778 }
779 
780 struct mt7915_he_obss_narrow_bw_ru_data {
781 	bool tolerated;
782 };
783 
784 static void mt7915_check_he_obss_narrow_bw_ru_iter(struct wiphy *wiphy,
785 						   struct cfg80211_bss *bss,
786 						   void *_data)
787 {
788 	struct mt7915_he_obss_narrow_bw_ru_data *data = _data;
789 	const struct element *elem;
790 
791 	rcu_read_lock();
792 	elem = ieee80211_bss_get_elem(bss, WLAN_EID_EXT_CAPABILITY);
793 
794 	if (!elem || elem->datalen <= 10 ||
795 	    !(elem->data[10] &
796 	      WLAN_EXT_CAPA10_OBSS_NARROW_BW_RU_TOLERANCE_SUPPORT))
797 		data->tolerated = false;
798 
799 	rcu_read_unlock();
800 }
801 
802 static bool mt7915_check_he_obss_narrow_bw_ru(struct ieee80211_hw *hw,
803 					      struct ieee80211_vif *vif)
804 {
805 	struct mt7915_he_obss_narrow_bw_ru_data iter_data = {
806 		.tolerated = true,
807 	};
808 
809 	if (!(vif->bss_conf.chandef.chan->flags & IEEE80211_CHAN_RADAR))
810 		return false;
811 
812 	cfg80211_bss_iter(hw->wiphy, &vif->bss_conf.chandef,
813 			  mt7915_check_he_obss_narrow_bw_ru_iter,
814 			  &iter_data);
815 
816 	/*
817 	 * If there is at least one AP on radar channel that cannot
818 	 * tolerate 26-tone RU UL OFDMA transmissions using HE TB PPDU.
819 	 */
820 	return !iter_data.tolerated;
821 }
822 
823 static void
824 mt7915_mcu_bss_rfch_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
825 			struct mt7915_phy *phy)
826 {
827 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
828 	struct bss_info_rf_ch *ch;
829 	struct tlv *tlv;
830 	int freq1 = chandef->center_freq1;
831 
832 	tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_RF_CH, sizeof(*ch));
833 
834 	ch = (struct bss_info_rf_ch *)tlv;
835 	ch->pri_ch = chandef->chan->hw_value;
836 	ch->center_ch0 = ieee80211_frequency_to_channel(freq1);
837 	ch->bw = mt7915_mcu_chan_bw(chandef);
838 
839 	if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
840 		int freq2 = chandef->center_freq2;
841 
842 		ch->center_ch1 = ieee80211_frequency_to_channel(freq2);
843 	}
844 
845 	if (vif->bss_conf.he_support && vif->type == NL80211_IFTYPE_STATION) {
846 		struct mt7915_dev *dev = phy->dev;
847 		struct mt76_phy *mphy = &dev->mt76.phy;
848 		bool ext_phy = phy != &dev->phy;
849 
850 		if (ext_phy && dev->mt76.phy2)
851 			mphy = dev->mt76.phy2;
852 
853 		ch->he_ru26_block =
854 			mt7915_check_he_obss_narrow_bw_ru(mphy->hw, vif);
855 		ch->he_all_disable = false;
856 	} else {
857 		ch->he_all_disable = true;
858 	}
859 }
860 
861 static void
862 mt7915_mcu_bss_ra_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
863 		      struct mt7915_phy *phy)
864 {
865 	int max_nss = hweight8(phy->mt76->chainmask);
866 	struct bss_info_ra *ra;
867 	struct tlv *tlv;
868 
869 	tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_RA, sizeof(*ra));
870 
871 	ra = (struct bss_info_ra *)tlv;
872 	ra->op_mode = vif->type == NL80211_IFTYPE_AP;
873 	ra->adhoc_en = vif->type == NL80211_IFTYPE_ADHOC;
874 	ra->short_preamble = true;
875 	ra->tx_streams = max_nss;
876 	ra->rx_streams = max_nss;
877 	ra->algo = 4;
878 	ra->train_up_rule = 2;
879 	ra->train_up_high_thres = 110;
880 	ra->train_up_rule_rssi = -70;
881 	ra->low_traffic_thres = 2;
882 	ra->phy_cap = cpu_to_le32(0xfdf);
883 	ra->interval = cpu_to_le32(500);
884 	ra->fast_interval = cpu_to_le32(100);
885 }
886 
887 static void
888 mt7915_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
889 		      struct mt7915_phy *phy)
890 {
891 #define DEFAULT_HE_PE_DURATION		4
892 #define DEFAULT_HE_DURATION_RTS_THRES	1023
893 	const struct ieee80211_sta_he_cap *cap;
894 	struct bss_info_he *he;
895 	struct tlv *tlv;
896 
897 	cap = mt7915_get_he_phy_cap(phy, vif);
898 
899 	tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_HE_BASIC, sizeof(*he));
900 
901 	he = (struct bss_info_he *)tlv;
902 	he->he_pe_duration = vif->bss_conf.htc_trig_based_pkt_ext;
903 	if (!he->he_pe_duration)
904 		he->he_pe_duration = DEFAULT_HE_PE_DURATION;
905 
906 	he->he_rts_thres = cpu_to_le16(vif->bss_conf.frame_time_rts_th);
907 	if (!he->he_rts_thres)
908 		he->he_rts_thres = cpu_to_le16(DEFAULT_HE_DURATION_RTS_THRES);
909 
910 	he->max_nss_mcs[CMD_HE_MCS_BW80] = cap->he_mcs_nss_supp.tx_mcs_80;
911 	he->max_nss_mcs[CMD_HE_MCS_BW160] = cap->he_mcs_nss_supp.tx_mcs_160;
912 	he->max_nss_mcs[CMD_HE_MCS_BW8080] = cap->he_mcs_nss_supp.tx_mcs_80p80;
913 }
914 
915 static void
916 mt7915_mcu_bss_hw_amsdu_tlv(struct sk_buff *skb)
917 {
918 #define TXD_CMP_MAP1		GENMASK(15, 0)
919 #define TXD_CMP_MAP2		(GENMASK(31, 0) & ~BIT(23))
920 	struct bss_info_hw_amsdu *amsdu;
921 	struct tlv *tlv;
922 
923 	tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_HW_AMSDU, sizeof(*amsdu));
924 
925 	amsdu = (struct bss_info_hw_amsdu *)tlv;
926 	amsdu->cmp_bitmap_0 = cpu_to_le32(TXD_CMP_MAP1);
927 	amsdu->cmp_bitmap_1 = cpu_to_le32(TXD_CMP_MAP2);
928 	amsdu->trig_thres = cpu_to_le16(2);
929 	amsdu->enable = true;
930 }
931 
932 static void
933 mt7915_mcu_bss_ext_tlv(struct sk_buff *skb, struct mt7915_vif *mvif)
934 {
935 /* SIFS 20us + 512 byte beacon tranmitted by 1Mbps (3906us) */
936 #define BCN_TX_ESTIMATE_TIME	(4096 + 20)
937 	struct bss_info_ext_bss *ext;
938 	int ext_bss_idx, tsf_offset;
939 	struct tlv *tlv;
940 
941 	ext_bss_idx = mvif->mt76.omac_idx - EXT_BSSID_START;
942 	if (ext_bss_idx < 0)
943 		return;
944 
945 	tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_EXT_BSS, sizeof(*ext));
946 
947 	ext = (struct bss_info_ext_bss *)tlv;
948 	tsf_offset = ext_bss_idx * BCN_TX_ESTIMATE_TIME;
949 	ext->mbss_tsf_offset = cpu_to_le32(tsf_offset);
950 }
951 
952 static void
953 mt7915_mcu_bss_bmc_tlv(struct sk_buff *skb, struct mt7915_phy *phy)
954 {
955 	struct bss_info_bmc_rate *bmc;
956 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
957 	enum nl80211_band band = chandef->chan->band;
958 	struct tlv *tlv;
959 
960 	tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_BMC_RATE, sizeof(*bmc));
961 
962 	bmc = (struct bss_info_bmc_rate *)tlv;
963 	if (band == NL80211_BAND_2GHZ) {
964 		bmc->short_preamble = true;
965 	} else {
966 		bmc->bc_trans = cpu_to_le16(0x2000);
967 		bmc->mc_trans = cpu_to_le16(0x2080);
968 	}
969 }
970 
971 static int
972 mt7915_mcu_muar_config(struct mt7915_phy *phy, struct ieee80211_vif *vif,
973 		       bool bssid, bool enable)
974 {
975 	struct mt7915_dev *dev = phy->dev;
976 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
977 	u32 idx = mvif->mt76.omac_idx - REPEATER_BSSID_START;
978 	u32 mask = phy->omac_mask >> 32 & ~BIT(idx);
979 	const u8 *addr = vif->addr;
980 	struct {
981 		u8 mode;
982 		u8 force_clear;
983 		u8 clear_bitmap[8];
984 		u8 entry_count;
985 		u8 write;
986 		u8 band;
987 
988 		u8 index;
989 		u8 bssid;
990 		u8 addr[ETH_ALEN];
991 	} __packed req = {
992 		.mode = !!mask || enable,
993 		.entry_count = 1,
994 		.write = 1,
995 		.band = phy != &dev->phy,
996 		.index = idx * 2 + bssid,
997 	};
998 
999 	if (bssid)
1000 		addr = vif->bss_conf.bssid;
1001 
1002 	if (enable)
1003 		ether_addr_copy(req.addr, addr);
1004 
1005 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MUAR_UPDATE), &req,
1006 				 sizeof(req), true);
1007 }
1008 
1009 int mt7915_mcu_add_bss_info(struct mt7915_phy *phy,
1010 			    struct ieee80211_vif *vif, int enable)
1011 {
1012 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1013 	struct sk_buff *skb;
1014 
1015 	if (mvif->mt76.omac_idx >= REPEATER_BSSID_START) {
1016 		mt7915_mcu_muar_config(phy, vif, false, enable);
1017 		mt7915_mcu_muar_config(phy, vif, true, enable);
1018 	}
1019 
1020 	skb = mt7915_mcu_alloc_sta_req(phy->dev, mvif, NULL,
1021 				       MT7915_BSS_UPDATE_MAX_SIZE);
1022 	if (IS_ERR(skb))
1023 		return PTR_ERR(skb);
1024 
1025 	/* bss_omac must be first */
1026 	if (enable)
1027 		mt7915_mcu_bss_omac_tlv(skb, vif);
1028 
1029 	mt7915_mcu_bss_basic_tlv(skb, vif, phy, enable);
1030 
1031 	if (vif->type == NL80211_IFTYPE_MONITOR)
1032 		goto out;
1033 
1034 	if (enable) {
1035 		mt7915_mcu_bss_rfch_tlv(skb, vif, phy);
1036 		mt7915_mcu_bss_bmc_tlv(skb, phy);
1037 		mt7915_mcu_bss_ra_tlv(skb, vif, phy);
1038 		mt7915_mcu_bss_hw_amsdu_tlv(skb);
1039 
1040 		if (vif->bss_conf.he_support)
1041 			mt7915_mcu_bss_he_tlv(skb, vif, phy);
1042 
1043 		if (mvif->mt76.omac_idx >= EXT_BSSID_START &&
1044 		    mvif->mt76.omac_idx < REPEATER_BSSID_START)
1045 			mt7915_mcu_bss_ext_tlv(skb, mvif);
1046 	}
1047 out:
1048 	return mt76_mcu_skb_send_msg(&phy->dev->mt76, skb,
1049 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
1050 }
1051 
1052 /** starec & wtbl **/
1053 static int
1054 mt7915_mcu_sta_key_tlv(struct mt7915_sta *msta, struct sk_buff *skb,
1055 		       struct ieee80211_key_conf *key, enum set_key_cmd cmd)
1056 {
1057 	struct mt7915_sta_key_conf *bip = &msta->bip;
1058 	struct sta_rec_sec *sec;
1059 	struct tlv *tlv;
1060 	u32 len = sizeof(*sec);
1061 
1062 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_KEY_V2, sizeof(*sec));
1063 
1064 	sec = (struct sta_rec_sec *)tlv;
1065 	sec->add = cmd;
1066 
1067 	if (cmd == SET_KEY) {
1068 		struct sec_key *sec_key;
1069 		u8 cipher;
1070 
1071 		cipher = mt7915_mcu_get_cipher(key->cipher);
1072 		if (cipher == MCU_CIPHER_NONE)
1073 			return -EOPNOTSUPP;
1074 
1075 		sec_key = &sec->key[0];
1076 		sec_key->cipher_len = sizeof(*sec_key);
1077 
1078 		if (cipher == MCU_CIPHER_BIP_CMAC_128) {
1079 			sec_key->cipher_id = MCU_CIPHER_AES_CCMP;
1080 			sec_key->key_id = bip->keyidx;
1081 			sec_key->key_len = 16;
1082 			memcpy(sec_key->key, bip->key, 16);
1083 
1084 			sec_key = &sec->key[1];
1085 			sec_key->cipher_id = MCU_CIPHER_BIP_CMAC_128;
1086 			sec_key->cipher_len = sizeof(*sec_key);
1087 			sec_key->key_len = 16;
1088 			memcpy(sec_key->key, key->key, 16);
1089 
1090 			sec->n_cipher = 2;
1091 		} else {
1092 			sec_key->cipher_id = cipher;
1093 			sec_key->key_id = key->keyidx;
1094 			sec_key->key_len = key->keylen;
1095 			memcpy(sec_key->key, key->key, key->keylen);
1096 
1097 			if (cipher == MCU_CIPHER_TKIP) {
1098 				/* Rx/Tx MIC keys are swapped */
1099 				memcpy(sec_key->key + 16, key->key + 24, 8);
1100 				memcpy(sec_key->key + 24, key->key + 16, 8);
1101 			}
1102 
1103 			/* store key_conf for BIP batch update */
1104 			if (cipher == MCU_CIPHER_AES_CCMP) {
1105 				memcpy(bip->key, key->key, key->keylen);
1106 				bip->keyidx = key->keyidx;
1107 			}
1108 
1109 			len -= sizeof(*sec_key);
1110 			sec->n_cipher = 1;
1111 		}
1112 	} else {
1113 		len -= sizeof(sec->key);
1114 		sec->n_cipher = 0;
1115 	}
1116 	sec->len = cpu_to_le16(len);
1117 
1118 	return 0;
1119 }
1120 
1121 int mt7915_mcu_add_key(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1122 		       struct mt7915_sta *msta, struct ieee80211_key_conf *key,
1123 		       enum set_key_cmd cmd)
1124 {
1125 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1126 	struct sk_buff *skb;
1127 	int len = sizeof(struct sta_req_hdr) + sizeof(struct sta_rec_sec);
1128 	int ret;
1129 
1130 	skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta, len);
1131 	if (IS_ERR(skb))
1132 		return PTR_ERR(skb);
1133 
1134 	ret = mt7915_mcu_sta_key_tlv(msta, skb, key, cmd);
1135 	if (ret)
1136 		return ret;
1137 
1138 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1139 				     MCU_EXT_CMD(STA_REC_UPDATE), true);
1140 }
1141 
1142 static void
1143 mt7915_mcu_sta_ba_tlv(struct sk_buff *skb,
1144 		      struct ieee80211_ampdu_params *params,
1145 		      bool enable, bool tx)
1146 {
1147 	struct sta_rec_ba *ba;
1148 	struct tlv *tlv;
1149 
1150 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_BA, sizeof(*ba));
1151 
1152 	ba = (struct sta_rec_ba *)tlv;
1153 	ba->ba_type = tx ? MT_BA_TYPE_ORIGINATOR : MT_BA_TYPE_RECIPIENT;
1154 	ba->winsize = cpu_to_le16(params->buf_size);
1155 	ba->ssn = cpu_to_le16(params->ssn);
1156 	ba->ba_en = enable << params->tid;
1157 	ba->amsdu = params->amsdu;
1158 	ba->tid = params->tid;
1159 }
1160 
1161 static void
1162 mt7915_mcu_wtbl_ba_tlv(struct sk_buff *skb,
1163 		       struct ieee80211_ampdu_params *params,
1164 		       bool enable, bool tx, void *sta_wtbl,
1165 		       void *wtbl_tlv)
1166 {
1167 	struct wtbl_ba *ba;
1168 	struct tlv *tlv;
1169 
1170 	tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_BA, sizeof(*ba),
1171 					wtbl_tlv, sta_wtbl);
1172 
1173 	ba = (struct wtbl_ba *)tlv;
1174 	ba->tid = params->tid;
1175 
1176 	if (tx) {
1177 		ba->ba_type = MT_BA_TYPE_ORIGINATOR;
1178 		ba->sn = enable ? cpu_to_le16(params->ssn) : 0;
1179 		ba->ba_en = enable;
1180 	} else {
1181 		memcpy(ba->peer_addr, params->sta->addr, ETH_ALEN);
1182 		ba->ba_type = MT_BA_TYPE_RECIPIENT;
1183 		ba->rst_ba_tid = params->tid;
1184 		ba->rst_ba_sel = RST_BA_MAC_TID_MATCH;
1185 		ba->rst_ba_sb = 1;
1186 	}
1187 
1188 	if (enable)
1189 		ba->ba_winsize = cpu_to_le16(params->buf_size);
1190 }
1191 
1192 static int
1193 mt7915_mcu_sta_ba(struct mt7915_dev *dev,
1194 		  struct ieee80211_ampdu_params *params,
1195 		  bool enable, bool tx)
1196 {
1197 	struct mt7915_sta *msta = (struct mt7915_sta *)params->sta->drv_priv;
1198 	struct mt7915_vif *mvif = msta->vif;
1199 	struct wtbl_req_hdr *wtbl_hdr;
1200 	struct tlv *sta_wtbl;
1201 	struct sk_buff *skb;
1202 	int ret;
1203 
1204 	if (enable && tx && !params->amsdu)
1205 		msta->wcid.amsdu = false;
1206 
1207 	skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta,
1208 				       MT76_CONNAC_STA_UPDATE_MAX_SIZE);
1209 	if (IS_ERR(skb))
1210 		return PTR_ERR(skb);
1211 
1212 	sta_wtbl = mt7915_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
1213 
1214 	wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, sta_wtbl,
1215 					     &skb);
1216 	if (IS_ERR(wtbl_hdr))
1217 		return PTR_ERR(wtbl_hdr);
1218 
1219 	mt7915_mcu_wtbl_ba_tlv(skb, params, enable, tx, sta_wtbl, wtbl_hdr);
1220 
1221 	ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
1222 				    MCU_EXT_CMD(STA_REC_UPDATE), true);
1223 	if (ret)
1224 		return ret;
1225 
1226 	skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta,
1227 				       MT76_CONNAC_STA_UPDATE_MAX_SIZE);
1228 	if (IS_ERR(skb))
1229 		return PTR_ERR(skb);
1230 
1231 	mt7915_mcu_sta_ba_tlv(skb, params, enable, tx);
1232 
1233 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1234 				     MCU_EXT_CMD(STA_REC_UPDATE), true);
1235 }
1236 
1237 int mt7915_mcu_add_tx_ba(struct mt7915_dev *dev,
1238 			 struct ieee80211_ampdu_params *params,
1239 			 bool enable)
1240 {
1241 	return mt7915_mcu_sta_ba(dev, params, enable, true);
1242 }
1243 
1244 int mt7915_mcu_add_rx_ba(struct mt7915_dev *dev,
1245 			 struct ieee80211_ampdu_params *params,
1246 			 bool enable)
1247 {
1248 	return mt7915_mcu_sta_ba(dev, params, enable, false);
1249 }
1250 
1251 static void
1252 mt7915_mcu_wtbl_generic_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
1253 			    struct ieee80211_sta *sta, void *sta_wtbl,
1254 			    void *wtbl_tlv)
1255 {
1256 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1257 	struct wtbl_generic *generic;
1258 	struct wtbl_rx *rx;
1259 	struct tlv *tlv;
1260 
1261 	tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_GENERIC, sizeof(*generic),
1262 					wtbl_tlv, sta_wtbl);
1263 
1264 	generic = (struct wtbl_generic *)tlv;
1265 
1266 	if (sta) {
1267 		memcpy(generic->peer_addr, sta->addr, ETH_ALEN);
1268 		generic->partial_aid = cpu_to_le16(sta->aid);
1269 		generic->muar_idx = mvif->mt76.omac_idx;
1270 		generic->qos = sta->wme;
1271 	} else {
1272 		/* use BSSID in station mode */
1273 		if (vif->type == NL80211_IFTYPE_STATION)
1274 			memcpy(generic->peer_addr, vif->bss_conf.bssid,
1275 			       ETH_ALEN);
1276 		else
1277 			eth_broadcast_addr(generic->peer_addr);
1278 
1279 		generic->muar_idx = 0xe;
1280 	}
1281 
1282 	tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_RX, sizeof(*rx),
1283 					wtbl_tlv, sta_wtbl);
1284 
1285 	rx = (struct wtbl_rx *)tlv;
1286 	rx->rca1 = sta ? vif->type != NL80211_IFTYPE_AP : 1;
1287 	rx->rca2 = 1;
1288 	rx->rv = 1;
1289 }
1290 
1291 static void
1292 mt7915_mcu_sta_basic_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
1293 			 struct ieee80211_sta *sta, bool enable)
1294 {
1295 #define EXTRA_INFO_VER          BIT(0)
1296 #define EXTRA_INFO_NEW          BIT(1)
1297 	struct sta_rec_basic *basic;
1298 	struct tlv *tlv;
1299 
1300 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_BASIC, sizeof(*basic));
1301 
1302 	basic = (struct sta_rec_basic *)tlv;
1303 	basic->extra_info = cpu_to_le16(EXTRA_INFO_VER);
1304 
1305 	if (enable) {
1306 		basic->extra_info |= cpu_to_le16(EXTRA_INFO_NEW);
1307 		basic->conn_state = CONN_STATE_PORT_SECURE;
1308 	} else {
1309 		basic->conn_state = CONN_STATE_DISCONNECT;
1310 	}
1311 
1312 	if (!sta) {
1313 		basic->conn_type = cpu_to_le32(CONNECTION_INFRA_BC);
1314 		eth_broadcast_addr(basic->peer_addr);
1315 		return;
1316 	}
1317 
1318 	switch (vif->type) {
1319 	case NL80211_IFTYPE_MESH_POINT:
1320 	case NL80211_IFTYPE_AP:
1321 		basic->conn_type = cpu_to_le32(CONNECTION_INFRA_STA);
1322 		break;
1323 	case NL80211_IFTYPE_STATION:
1324 		basic->conn_type = cpu_to_le32(CONNECTION_INFRA_AP);
1325 		break;
1326 	case NL80211_IFTYPE_ADHOC:
1327 		basic->conn_type = cpu_to_le32(CONNECTION_IBSS_ADHOC);
1328 		break;
1329 	default:
1330 		WARN_ON(1);
1331 		break;
1332 	}
1333 
1334 	memcpy(basic->peer_addr, sta->addr, ETH_ALEN);
1335 	basic->aid = cpu_to_le16(sta->aid);
1336 	basic->qos = sta->wme;
1337 }
1338 
1339 static void
1340 mt7915_mcu_sta_he_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
1341 		      struct ieee80211_vif *vif)
1342 {
1343 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1344 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1345 	struct ieee80211_he_cap_elem *elem = &sta->he_cap.he_cap_elem;
1346 	enum nl80211_band band = msta->vif->phy->mt76->chandef.chan->band;
1347 	const u16 *mcs_mask = msta->vif->bitrate_mask.control[band].he_mcs;
1348 	struct sta_rec_he *he;
1349 	struct tlv *tlv;
1350 	u32 cap = 0;
1351 
1352 	if (!sta->he_cap.has_he)
1353 		return;
1354 
1355 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_HE, sizeof(*he));
1356 
1357 	he = (struct sta_rec_he *)tlv;
1358 
1359 	if (elem->mac_cap_info[0] & IEEE80211_HE_MAC_CAP0_HTC_HE)
1360 		cap |= STA_REC_HE_CAP_HTC;
1361 
1362 	if (elem->mac_cap_info[2] & IEEE80211_HE_MAC_CAP2_BSR)
1363 		cap |= STA_REC_HE_CAP_BSR;
1364 
1365 	if (elem->mac_cap_info[3] & IEEE80211_HE_MAC_CAP3_OMI_CONTROL)
1366 		cap |= STA_REC_HE_CAP_OM;
1367 
1368 	if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU)
1369 		cap |= STA_REC_HE_CAP_AMSDU_IN_AMPDU;
1370 
1371 	if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_BQR)
1372 		cap |= STA_REC_HE_CAP_BQR;
1373 
1374 	if (elem->phy_cap_info[0] &
1375 	    (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_RU_MAPPING_IN_2G |
1376 	     IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_RU_MAPPING_IN_5G))
1377 		cap |= STA_REC_HE_CAP_BW20_RU242_SUPPORT;
1378 
1379 	if (mvif->cap.ldpc && (elem->phy_cap_info[1] &
1380 			       IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD))
1381 		cap |= STA_REC_HE_CAP_LDPC;
1382 
1383 	if (elem->phy_cap_info[1] &
1384 	    IEEE80211_HE_PHY_CAP1_HE_LTF_AND_GI_FOR_HE_PPDUS_0_8US)
1385 		cap |= STA_REC_HE_CAP_SU_PPDU_1LTF_8US_GI;
1386 
1387 	if (elem->phy_cap_info[2] &
1388 	    IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US)
1389 		cap |= STA_REC_HE_CAP_NDP_4LTF_3DOT2MS_GI;
1390 
1391 	if (elem->phy_cap_info[2] &
1392 	    IEEE80211_HE_PHY_CAP2_STBC_TX_UNDER_80MHZ)
1393 		cap |= STA_REC_HE_CAP_LE_EQ_80M_TX_STBC;
1394 
1395 	if (elem->phy_cap_info[2] &
1396 	    IEEE80211_HE_PHY_CAP2_STBC_RX_UNDER_80MHZ)
1397 		cap |= STA_REC_HE_CAP_LE_EQ_80M_RX_STBC;
1398 
1399 	if (elem->phy_cap_info[6] &
1400 	    IEEE80211_HE_PHY_CAP6_TRIG_CQI_FB)
1401 		cap |= STA_REC_HE_CAP_TRIG_CQI_FK;
1402 
1403 	if (elem->phy_cap_info[6] &
1404 	    IEEE80211_HE_PHY_CAP6_PARTIAL_BW_EXT_RANGE)
1405 		cap |= STA_REC_HE_CAP_PARTIAL_BW_EXT_RANGE;
1406 
1407 	if (elem->phy_cap_info[7] &
1408 	    IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI)
1409 		cap |= STA_REC_HE_CAP_SU_MU_PPDU_4LTF_8US_GI;
1410 
1411 	if (elem->phy_cap_info[7] &
1412 	    IEEE80211_HE_PHY_CAP7_STBC_TX_ABOVE_80MHZ)
1413 		cap |= STA_REC_HE_CAP_GT_80M_TX_STBC;
1414 
1415 	if (elem->phy_cap_info[7] &
1416 	    IEEE80211_HE_PHY_CAP7_STBC_RX_ABOVE_80MHZ)
1417 		cap |= STA_REC_HE_CAP_GT_80M_RX_STBC;
1418 
1419 	if (elem->phy_cap_info[8] &
1420 	    IEEE80211_HE_PHY_CAP8_HE_ER_SU_PPDU_4XLTF_AND_08_US_GI)
1421 		cap |= STA_REC_HE_CAP_ER_SU_PPDU_4LTF_8US_GI;
1422 
1423 	if (elem->phy_cap_info[8] &
1424 	    IEEE80211_HE_PHY_CAP8_HE_ER_SU_1XLTF_AND_08_US_GI)
1425 		cap |= STA_REC_HE_CAP_ER_SU_PPDU_1LTF_8US_GI;
1426 
1427 	if (elem->phy_cap_info[9] &
1428 	    IEEE80211_HE_PHY_CAP9_TX_1024_QAM_LESS_THAN_242_TONE_RU)
1429 		cap |= STA_REC_HE_CAP_TX_1024QAM_UNDER_RU242;
1430 
1431 	if (elem->phy_cap_info[9] &
1432 	    IEEE80211_HE_PHY_CAP9_RX_1024_QAM_LESS_THAN_242_TONE_RU)
1433 		cap |= STA_REC_HE_CAP_RX_1024QAM_UNDER_RU242;
1434 
1435 	he->he_cap = cpu_to_le32(cap);
1436 
1437 	switch (sta->bandwidth) {
1438 	case IEEE80211_STA_RX_BW_160:
1439 		if (elem->phy_cap_info[0] &
1440 		    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)
1441 			mt7915_mcu_set_sta_he_mcs(sta,
1442 						  &he->max_nss_mcs[CMD_HE_MCS_BW8080],
1443 						  mcs_mask);
1444 
1445 		mt7915_mcu_set_sta_he_mcs(sta,
1446 					  &he->max_nss_mcs[CMD_HE_MCS_BW160],
1447 					  mcs_mask);
1448 		fallthrough;
1449 	default:
1450 		mt7915_mcu_set_sta_he_mcs(sta,
1451 					  &he->max_nss_mcs[CMD_HE_MCS_BW80],
1452 					  mcs_mask);
1453 		break;
1454 	}
1455 
1456 	he->t_frame_dur =
1457 		HE_MAC(CAP1_TF_MAC_PAD_DUR_MASK, elem->mac_cap_info[1]);
1458 	he->max_ampdu_exp =
1459 		HE_MAC(CAP3_MAX_AMPDU_LEN_EXP_MASK, elem->mac_cap_info[3]);
1460 
1461 	he->bw_set =
1462 		HE_PHY(CAP0_CHANNEL_WIDTH_SET_MASK, elem->phy_cap_info[0]);
1463 	he->device_class =
1464 		HE_PHY(CAP1_DEVICE_CLASS_A, elem->phy_cap_info[1]);
1465 	he->punc_pream_rx =
1466 		HE_PHY(CAP1_PREAMBLE_PUNC_RX_MASK, elem->phy_cap_info[1]);
1467 
1468 	he->dcm_tx_mode =
1469 		HE_PHY(CAP3_DCM_MAX_CONST_TX_MASK, elem->phy_cap_info[3]);
1470 	he->dcm_tx_max_nss =
1471 		HE_PHY(CAP3_DCM_MAX_TX_NSS_2, elem->phy_cap_info[3]);
1472 	he->dcm_rx_mode =
1473 		HE_PHY(CAP3_DCM_MAX_CONST_RX_MASK, elem->phy_cap_info[3]);
1474 	he->dcm_rx_max_nss =
1475 		HE_PHY(CAP3_DCM_MAX_RX_NSS_2, elem->phy_cap_info[3]);
1476 	he->dcm_rx_max_nss =
1477 		HE_PHY(CAP8_DCM_MAX_RU_MASK, elem->phy_cap_info[8]);
1478 
1479 	he->pkt_ext = 2;
1480 }
1481 
1482 static void
1483 mt7915_mcu_sta_uapsd_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
1484 		     struct ieee80211_vif *vif)
1485 {
1486 	struct sta_rec_uapsd *uapsd;
1487 	struct tlv *tlv;
1488 
1489 	if (vif->type != NL80211_IFTYPE_AP || !sta->wme)
1490 		return;
1491 
1492 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_APPS, sizeof(*uapsd));
1493 	uapsd = (struct sta_rec_uapsd *)tlv;
1494 
1495 	if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) {
1496 		uapsd->dac_map |= BIT(3);
1497 		uapsd->tac_map |= BIT(3);
1498 	}
1499 	if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) {
1500 		uapsd->dac_map |= BIT(2);
1501 		uapsd->tac_map |= BIT(2);
1502 	}
1503 	if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) {
1504 		uapsd->dac_map |= BIT(1);
1505 		uapsd->tac_map |= BIT(1);
1506 	}
1507 	if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) {
1508 		uapsd->dac_map |= BIT(0);
1509 		uapsd->tac_map |= BIT(0);
1510 	}
1511 	uapsd->max_sp = sta->max_sp;
1512 }
1513 
1514 static void
1515 mt7915_mcu_sta_muru_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
1516 			struct ieee80211_vif *vif)
1517 {
1518 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1519 	struct ieee80211_he_cap_elem *elem = &sta->he_cap.he_cap_elem;
1520 	struct sta_rec_muru *muru;
1521 	struct tlv *tlv;
1522 
1523 	if (vif->type != NL80211_IFTYPE_STATION &&
1524 	    vif->type != NL80211_IFTYPE_AP)
1525 		return;
1526 
1527 	if (!sta->vht_cap.vht_supported)
1528 		return;
1529 
1530 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_MURU, sizeof(*muru));
1531 
1532 	muru = (struct sta_rec_muru *)tlv;
1533 
1534 	muru->cfg.mimo_dl_en = mvif->cap.he_mu_ebfer ||
1535 			       mvif->cap.vht_mu_ebfer ||
1536 			       mvif->cap.vht_mu_ebfee;
1537 
1538 	muru->mimo_dl.vht_mu_bfee =
1539 		!!(sta->vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1540 
1541 	if (!sta->he_cap.has_he)
1542 		return;
1543 
1544 	muru->mimo_dl.partial_bw_dl_mimo =
1545 		HE_PHY(CAP6_PARTIAL_BANDWIDTH_DL_MUMIMO, elem->phy_cap_info[6]);
1546 
1547 	muru->cfg.mimo_ul_en = true;
1548 	muru->mimo_ul.full_ul_mimo =
1549 		HE_PHY(CAP2_UL_MU_FULL_MU_MIMO, elem->phy_cap_info[2]);
1550 	muru->mimo_ul.partial_ul_mimo =
1551 		HE_PHY(CAP2_UL_MU_PARTIAL_MU_MIMO, elem->phy_cap_info[2]);
1552 
1553 	muru->cfg.ofdma_dl_en = true;
1554 	muru->ofdma_dl.punc_pream_rx =
1555 		HE_PHY(CAP1_PREAMBLE_PUNC_RX_MASK, elem->phy_cap_info[1]);
1556 	muru->ofdma_dl.he_20m_in_40m_2g =
1557 		HE_PHY(CAP8_20MHZ_IN_40MHZ_HE_PPDU_IN_2G, elem->phy_cap_info[8]);
1558 	muru->ofdma_dl.he_20m_in_160m =
1559 		HE_PHY(CAP8_20MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
1560 	muru->ofdma_dl.he_80m_in_160m =
1561 		HE_PHY(CAP8_80MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
1562 
1563 	muru->ofdma_ul.t_frame_dur =
1564 		HE_MAC(CAP1_TF_MAC_PAD_DUR_MASK, elem->mac_cap_info[1]);
1565 	muru->ofdma_ul.mu_cascading =
1566 		HE_MAC(CAP2_MU_CASCADING, elem->mac_cap_info[2]);
1567 	muru->ofdma_ul.uo_ra =
1568 		HE_MAC(CAP3_OFDMA_RA, elem->mac_cap_info[3]);
1569 }
1570 
1571 static void
1572 mt7915_mcu_sta_ht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1573 {
1574 	struct sta_rec_ht *ht;
1575 	struct tlv *tlv;
1576 
1577 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
1578 
1579 	ht = (struct sta_rec_ht *)tlv;
1580 	ht->ht_cap = cpu_to_le16(sta->ht_cap.cap);
1581 }
1582 
1583 static void
1584 mt7915_mcu_sta_vht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1585 {
1586 	struct sta_rec_vht *vht;
1587 	struct tlv *tlv;
1588 
1589 	if (!sta->vht_cap.vht_supported)
1590 		return;
1591 
1592 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
1593 
1594 	vht = (struct sta_rec_vht *)tlv;
1595 	vht->vht_cap = cpu_to_le32(sta->vht_cap.cap);
1596 	vht->vht_rx_mcs_map = sta->vht_cap.vht_mcs.rx_mcs_map;
1597 	vht->vht_tx_mcs_map = sta->vht_cap.vht_mcs.tx_mcs_map;
1598 }
1599 
1600 static void
1601 mt7915_mcu_sta_amsdu_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
1602 			 struct ieee80211_sta *sta)
1603 {
1604 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1605 	struct sta_rec_amsdu *amsdu;
1606 	struct tlv *tlv;
1607 
1608 	if (vif->type != NL80211_IFTYPE_STATION &&
1609 	    vif->type != NL80211_IFTYPE_AP)
1610 		return;
1611 
1612 	if (!sta->max_amsdu_len)
1613 	    return;
1614 
1615 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_HW_AMSDU, sizeof(*amsdu));
1616 	amsdu = (struct sta_rec_amsdu *)tlv;
1617 	amsdu->max_amsdu_num = 8;
1618 	amsdu->amsdu_en = true;
1619 	amsdu->max_mpdu_size = sta->max_amsdu_len >=
1620 			       IEEE80211_MAX_MPDU_LEN_VHT_7991;
1621 	msta->wcid.amsdu = true;
1622 }
1623 
1624 static void
1625 mt7915_mcu_wtbl_smps_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
1626 			 void *sta_wtbl, void *wtbl_tlv)
1627 {
1628 	struct wtbl_smps *smps;
1629 	struct tlv *tlv;
1630 
1631 	tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_SMPS, sizeof(*smps),
1632 					wtbl_tlv, sta_wtbl);
1633 	smps = (struct wtbl_smps *)tlv;
1634 	smps->smps = (sta->smps_mode == IEEE80211_SMPS_DYNAMIC);
1635 }
1636 
1637 static void
1638 mt7915_mcu_wtbl_ht_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
1639 		       struct ieee80211_sta *sta, void *sta_wtbl,
1640 		       void *wtbl_tlv)
1641 {
1642 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1643 	struct wtbl_ht *ht = NULL;
1644 	struct tlv *tlv;
1645 
1646 	/* wtbl ht */
1647 	if (sta->ht_cap.ht_supported) {
1648 		tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_HT, sizeof(*ht),
1649 						wtbl_tlv, sta_wtbl);
1650 		ht = (struct wtbl_ht *)tlv;
1651 		ht->ldpc = mvif->cap.ldpc &&
1652 			   (sta->ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING);
1653 		ht->af = sta->ht_cap.ampdu_factor;
1654 		ht->mm = sta->ht_cap.ampdu_density;
1655 		ht->ht = true;
1656 	}
1657 
1658 	/* wtbl vht */
1659 	if (sta->vht_cap.vht_supported) {
1660 		struct wtbl_vht *vht;
1661 		u8 af;
1662 
1663 		tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_VHT, sizeof(*vht),
1664 						wtbl_tlv, sta_wtbl);
1665 		vht = (struct wtbl_vht *)tlv;
1666 		vht->ldpc = mvif->cap.ldpc &&
1667 			    (sta->vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC);
1668 		vht->vht = true;
1669 
1670 		af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
1671 			       sta->vht_cap.cap);
1672 		if (ht)
1673 			ht->af = max_t(u8, ht->af, af);
1674 	}
1675 
1676 	mt7915_mcu_wtbl_smps_tlv(skb, sta, sta_wtbl, wtbl_tlv);
1677 }
1678 
1679 static void
1680 mt7915_mcu_wtbl_hdr_trans_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
1681 			      struct ieee80211_sta *sta,
1682 			      void *sta_wtbl, void *wtbl_tlv)
1683 {
1684 	struct mt7915_sta *msta;
1685 	struct wtbl_hdr_trans *htr = NULL;
1686 	struct tlv *tlv;
1687 
1688 	tlv = mt7915_mcu_add_nested_tlv(skb, WTBL_HDR_TRANS, sizeof(*htr),
1689 					wtbl_tlv, sta_wtbl);
1690 	htr = (struct wtbl_hdr_trans *)tlv;
1691 	htr->no_rx_trans = true;
1692 	if (vif->type == NL80211_IFTYPE_STATION)
1693 		htr->to_ds = true;
1694 	else
1695 		htr->from_ds = true;
1696 
1697 	if (!sta)
1698 		return;
1699 
1700 	msta = (struct mt7915_sta *)sta->drv_priv;
1701 	htr->no_rx_trans = !test_bit(MT_WCID_FLAG_HDR_TRANS, &msta->wcid.flags);
1702 	if (test_bit(MT_WCID_FLAG_4ADDR, &msta->wcid.flags)) {
1703 		htr->to_ds = true;
1704 		htr->from_ds = true;
1705 	}
1706 }
1707 
1708 static int
1709 mt7915_mcu_sta_wtbl_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
1710 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1711 {
1712 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1713 	struct mt7915_sta *msta;
1714 	struct wtbl_req_hdr *wtbl_hdr;
1715 	struct tlv *tlv;
1716 
1717 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
1718 
1719 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
1720 	wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_RESET_AND_SET,
1721 					     tlv, &skb);
1722 	if (IS_ERR(wtbl_hdr))
1723 		return PTR_ERR(wtbl_hdr);
1724 
1725 	mt7915_mcu_wtbl_generic_tlv(skb, vif, sta, tlv, wtbl_hdr);
1726 	mt7915_mcu_wtbl_hdr_trans_tlv(skb, vif, sta, tlv, wtbl_hdr);
1727 
1728 	if (sta)
1729 		mt7915_mcu_wtbl_ht_tlv(skb, vif, sta, tlv, wtbl_hdr);
1730 
1731 	return 0;
1732 }
1733 
1734 int mt7915_mcu_sta_update_hdr_trans(struct mt7915_dev *dev,
1735 				    struct ieee80211_vif *vif,
1736 				    struct ieee80211_sta *sta)
1737 {
1738 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1739 	struct wtbl_req_hdr *wtbl_hdr;
1740 	struct sk_buff *skb;
1741 
1742 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
1743 				 MT76_CONNAC_WTBL_UPDATE_MAX_SIZE);
1744 	if (!skb)
1745 		return -ENOMEM;
1746 
1747 	wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, NULL, &skb);
1748 	if (IS_ERR(wtbl_hdr))
1749 		return PTR_ERR(wtbl_hdr);
1750 
1751 	mt7915_mcu_wtbl_hdr_trans_tlv(skb, vif, sta, NULL, wtbl_hdr);
1752 
1753 	return mt76_mcu_skb_send_msg(&dev->mt76, skb, MCU_EXT_CMD(WTBL_UPDATE),
1754 				     true);
1755 }
1756 
1757 static inline bool
1758 mt7915_is_ebf_supported(struct mt7915_phy *phy, struct ieee80211_vif *vif,
1759 			struct ieee80211_sta *sta, bool bfee)
1760 {
1761 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1762 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
1763 
1764 	if (vif->type != NL80211_IFTYPE_STATION &&
1765 	    vif->type != NL80211_IFTYPE_AP)
1766 		return false;
1767 
1768 	if (!bfee && tx_ant < 2)
1769 		return false;
1770 
1771 	if (sta->he_cap.has_he) {
1772 		struct ieee80211_he_cap_elem *pe = &sta->he_cap.he_cap_elem;
1773 
1774 		if (bfee)
1775 			return mvif->cap.he_su_ebfee &&
1776 			       HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]);
1777 		else
1778 			return mvif->cap.he_su_ebfer &&
1779 			       HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]);
1780 	}
1781 
1782 	if (sta->vht_cap.vht_supported) {
1783 		u32 cap = sta->vht_cap.cap;
1784 
1785 		if (bfee)
1786 			return mvif->cap.vht_su_ebfee &&
1787 			       (cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1788 		else
1789 			return mvif->cap.vht_su_ebfer &&
1790 			       (cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1791 	}
1792 
1793 	return false;
1794 }
1795 
1796 static void
1797 mt7915_mcu_sta_sounding_rate(struct sta_rec_bf *bf)
1798 {
1799 	bf->sounding_phy = MT_PHY_TYPE_OFDM;
1800 	bf->ndp_rate = 0;				/* mcs0 */
1801 	bf->ndpa_rate = MT7915_CFEND_RATE_DEFAULT;	/* ofdm 24m */
1802 	bf->rept_poll_rate = MT7915_CFEND_RATE_DEFAULT;	/* ofdm 24m */
1803 }
1804 
1805 static void
1806 mt7915_mcu_sta_bfer_ht(struct ieee80211_sta *sta, struct mt7915_phy *phy,
1807 		       struct sta_rec_bf *bf)
1808 {
1809 	struct ieee80211_mcs_info *mcs = &sta->ht_cap.mcs;
1810 	u8 n = 0;
1811 
1812 	bf->tx_mode = MT_PHY_TYPE_HT;
1813 
1814 	if ((mcs->tx_params & IEEE80211_HT_MCS_TX_RX_DIFF) &&
1815 	    (mcs->tx_params & IEEE80211_HT_MCS_TX_DEFINED))
1816 		n = FIELD_GET(IEEE80211_HT_MCS_TX_MAX_STREAMS_MASK,
1817 			      mcs->tx_params);
1818 	else if (mcs->rx_mask[3])
1819 		n = 3;
1820 	else if (mcs->rx_mask[2])
1821 		n = 2;
1822 	else if (mcs->rx_mask[1])
1823 		n = 1;
1824 
1825 	bf->nrow = hweight8(phy->mt76->chainmask) - 1;
1826 	bf->ncol = min_t(u8, bf->nrow, n);
1827 	bf->ibf_ncol = n;
1828 }
1829 
1830 static void
1831 mt7915_mcu_sta_bfer_vht(struct ieee80211_sta *sta, struct mt7915_phy *phy,
1832 			struct sta_rec_bf *bf, bool explicit)
1833 {
1834 	struct ieee80211_sta_vht_cap *pc = &sta->vht_cap;
1835 	struct ieee80211_sta_vht_cap *vc = &phy->mt76->sband_5g.sband.vht_cap;
1836 	u16 mcs_map = le16_to_cpu(pc->vht_mcs.rx_mcs_map);
1837 	u8 nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1838 	u8 tx_ant = hweight8(phy->mt76->chainmask) - 1;
1839 
1840 	bf->tx_mode = MT_PHY_TYPE_VHT;
1841 
1842 	if (explicit) {
1843 		u8 sts, snd_dim;
1844 
1845 		mt7915_mcu_sta_sounding_rate(bf);
1846 
1847 		sts = FIELD_GET(IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK,
1848 				pc->cap);
1849 		snd_dim = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1850 				    vc->cap);
1851 		bf->nrow = min_t(u8, min_t(u8, snd_dim, sts), tx_ant);
1852 		bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1853 		bf->ibf_ncol = bf->ncol;
1854 
1855 		if (sta->bandwidth == IEEE80211_STA_RX_BW_160)
1856 			bf->nrow = 1;
1857 	} else {
1858 		bf->nrow = tx_ant;
1859 		bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1860 		bf->ibf_ncol = nss_mcs;
1861 
1862 		if (sta->bandwidth == IEEE80211_STA_RX_BW_160)
1863 			bf->ibf_nrow = 1;
1864 	}
1865 }
1866 
1867 static void
1868 mt7915_mcu_sta_bfer_he(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
1869 		       struct mt7915_phy *phy, struct sta_rec_bf *bf)
1870 {
1871 	struct ieee80211_sta_he_cap *pc = &sta->he_cap;
1872 	struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
1873 	const struct ieee80211_sta_he_cap *vc = mt7915_get_he_phy_cap(phy, vif);
1874 	const struct ieee80211_he_cap_elem *ve = &vc->he_cap_elem;
1875 	u16 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80);
1876 	u8 nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1877 	u8 snd_dim, sts;
1878 
1879 	bf->tx_mode = MT_PHY_TYPE_HE_SU;
1880 
1881 	mt7915_mcu_sta_sounding_rate(bf);
1882 
1883 	bf->trigger_su = HE_PHY(CAP6_TRIG_SU_BEAMFORMING_FB,
1884 				pe->phy_cap_info[6]);
1885 	bf->trigger_mu = HE_PHY(CAP6_TRIG_MU_BEAMFORMING_PARTIAL_BW_FB,
1886 				pe->phy_cap_info[6]);
1887 	snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1888 			 ve->phy_cap_info[5]);
1889 	sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_MASK,
1890 		     pe->phy_cap_info[4]);
1891 	bf->nrow = min_t(u8, snd_dim, sts);
1892 	bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1893 	bf->ibf_ncol = bf->ncol;
1894 
1895 	if (sta->bandwidth != IEEE80211_STA_RX_BW_160)
1896 		return;
1897 
1898 	/* go over for 160MHz and 80p80 */
1899 	if (pe->phy_cap_info[0] &
1900 	    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G) {
1901 		mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_160);
1902 		nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1903 
1904 		bf->ncol_bw160 = nss_mcs;
1905 	}
1906 
1907 	if (pe->phy_cap_info[0] &
1908 	    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G) {
1909 		mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80p80);
1910 		nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1911 
1912 		if (bf->ncol_bw160)
1913 			bf->ncol_bw160 = min_t(u8, bf->ncol_bw160, nss_mcs);
1914 		else
1915 			bf->ncol_bw160 = nss_mcs;
1916 	}
1917 
1918 	snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_MASK,
1919 			 ve->phy_cap_info[5]);
1920 	sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_ABOVE_80MHZ_MASK,
1921 		     pe->phy_cap_info[4]);
1922 
1923 	bf->nrow_bw160 = min_t(int, snd_dim, sts);
1924 }
1925 
1926 static void
1927 mt7915_mcu_sta_bfer_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
1928 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1929 {
1930 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1931 	struct mt7915_phy *phy =
1932 		mvif->mt76.band_idx ? mt7915_ext_phy(dev) : &dev->phy;
1933 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
1934 	struct sta_rec_bf *bf;
1935 	struct tlv *tlv;
1936 	const u8 matrix[4][4] = {
1937 		{0, 0, 0, 0},
1938 		{1, 1, 0, 0},	/* 2x1, 2x2, 2x3, 2x4 */
1939 		{2, 4, 4, 0},	/* 3x1, 3x2, 3x3, 3x4 */
1940 		{3, 5, 6, 0}	/* 4x1, 4x2, 4x3, 4x4 */
1941 	};
1942 	bool ebf;
1943 
1944 	ebf = mt7915_is_ebf_supported(phy, vif, sta, false);
1945 	if (!ebf && !dev->ibf)
1946 		return;
1947 
1948 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_BF, sizeof(*bf));
1949 	bf = (struct sta_rec_bf *)tlv;
1950 
1951 	/* he: eBF only, in accordance with spec
1952 	 * vht: support eBF and iBF
1953 	 * ht: iBF only, since mac80211 lacks of eBF support
1954 	 */
1955 	if (sta->he_cap.has_he && ebf)
1956 		mt7915_mcu_sta_bfer_he(sta, vif, phy, bf);
1957 	else if (sta->vht_cap.vht_supported)
1958 		mt7915_mcu_sta_bfer_vht(sta, phy, bf, ebf);
1959 	else if (sta->ht_cap.ht_supported)
1960 		mt7915_mcu_sta_bfer_ht(sta, phy, bf);
1961 	else
1962 		return;
1963 
1964 	bf->bf_cap = ebf ? ebf : dev->ibf << 1;
1965 	bf->bw = sta->bandwidth;
1966 	bf->ibf_dbw = sta->bandwidth;
1967 	bf->ibf_nrow = tx_ant;
1968 
1969 	if (!ebf && sta->bandwidth <= IEEE80211_STA_RX_BW_40 && !bf->ncol)
1970 		bf->ibf_timeout = 0x48;
1971 	else
1972 		bf->ibf_timeout = 0x18;
1973 
1974 	if (ebf && bf->nrow != tx_ant)
1975 		bf->mem_20m = matrix[tx_ant][bf->ncol];
1976 	else
1977 		bf->mem_20m = matrix[bf->nrow][bf->ncol];
1978 
1979 	switch (sta->bandwidth) {
1980 	case IEEE80211_STA_RX_BW_160:
1981 	case IEEE80211_STA_RX_BW_80:
1982 		bf->mem_total = bf->mem_20m * 2;
1983 		break;
1984 	case IEEE80211_STA_RX_BW_40:
1985 		bf->mem_total = bf->mem_20m;
1986 		break;
1987 	case IEEE80211_STA_RX_BW_20:
1988 	default:
1989 		break;
1990 	}
1991 }
1992 
1993 static void
1994 mt7915_mcu_sta_bfee_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
1995 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1996 {
1997 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1998 	struct mt7915_phy *phy =
1999 		mvif->mt76.band_idx ? mt7915_ext_phy(dev) : &dev->phy;
2000 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
2001 	struct sta_rec_bfee *bfee;
2002 	struct tlv *tlv;
2003 	u8 nrow = 0;
2004 
2005 	if (!mt7915_is_ebf_supported(phy, vif, sta, true))
2006 		return;
2007 
2008 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_BFEE, sizeof(*bfee));
2009 	bfee = (struct sta_rec_bfee *)tlv;
2010 
2011 	if (sta->he_cap.has_he) {
2012 		struct ieee80211_he_cap_elem *pe = &sta->he_cap.he_cap_elem;
2013 
2014 		nrow = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
2015 			      pe->phy_cap_info[5]);
2016 	} else if (sta->vht_cap.vht_supported) {
2017 		struct ieee80211_sta_vht_cap *pc = &sta->vht_cap;
2018 
2019 		nrow = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
2020 				 pc->cap);
2021 	}
2022 
2023 	/* reply with identity matrix to avoid 2x2 BF negative gain */
2024 	bfee->fb_identity_matrix = (nrow == 1 && tx_ant == 2);
2025 }
2026 
2027 static enum mcu_mmps_mode
2028 mt7915_mcu_get_mmps_mode(enum ieee80211_smps_mode smps)
2029 {
2030 	switch (smps) {
2031 	case IEEE80211_SMPS_OFF:
2032 		return MCU_MMPS_DISABLE;
2033 	case IEEE80211_SMPS_STATIC:
2034 		return MCU_MMPS_STATIC;
2035 	case IEEE80211_SMPS_DYNAMIC:
2036 		return MCU_MMPS_DYNAMIC;
2037 	default:
2038 		return MCU_MMPS_DISABLE;
2039 	}
2040 }
2041 
2042 int mt7915_mcu_set_fixed_rate_ctrl(struct mt7915_dev *dev,
2043 				   struct ieee80211_vif *vif,
2044 				   struct ieee80211_sta *sta,
2045 				   void *data, u32 field)
2046 {
2047 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2048 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
2049 	struct sta_phy *phy = data;
2050 	struct sta_rec_ra_fixed *ra;
2051 	struct sk_buff *skb;
2052 	struct tlv *tlv;
2053 	int len = sizeof(struct sta_req_hdr) + sizeof(*ra);
2054 
2055 	skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta, len);
2056 	if (IS_ERR(skb))
2057 		return PTR_ERR(skb);
2058 
2059 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_RA_UPDATE, sizeof(*ra));
2060 	ra = (struct sta_rec_ra_fixed *)tlv;
2061 
2062 	switch (field) {
2063 	case RATE_PARAM_AUTO:
2064 		break;
2065 	case RATE_PARAM_FIXED:
2066 	case RATE_PARAM_FIXED_MCS:
2067 	case RATE_PARAM_FIXED_GI:
2068 	case RATE_PARAM_FIXED_HE_LTF:
2069 		if (phy)
2070 			ra->phy = *phy;
2071 		break;
2072 	case RATE_PARAM_MMPS_UPDATE:
2073 		ra->mmps_mode = mt7915_mcu_get_mmps_mode(sta->smps_mode);
2074 		break;
2075 	default:
2076 		break;
2077 	}
2078 	ra->field = cpu_to_le32(field);
2079 
2080 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2081 				     MCU_EXT_CMD(STA_REC_UPDATE), true);
2082 }
2083 
2084 int mt7915_mcu_add_smps(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2085 			struct ieee80211_sta *sta)
2086 {
2087 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2088 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
2089 	struct wtbl_req_hdr *wtbl_hdr;
2090 	struct tlv *sta_wtbl;
2091 	struct sk_buff *skb;
2092 	int ret;
2093 
2094 	skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta,
2095 				       MT76_CONNAC_STA_UPDATE_MAX_SIZE);
2096 	if (IS_ERR(skb))
2097 		return PTR_ERR(skb);
2098 
2099 	sta_wtbl = mt7915_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
2100 
2101 	wtbl_hdr = mt7915_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, sta_wtbl,
2102 					     &skb);
2103 	if (IS_ERR(wtbl_hdr))
2104 		return PTR_ERR(wtbl_hdr);
2105 
2106 	mt7915_mcu_wtbl_smps_tlv(skb, sta, sta_wtbl, wtbl_hdr);
2107 
2108 	ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2109 				    MCU_EXT_CMD(STA_REC_UPDATE), true);
2110 	if (ret)
2111 		return ret;
2112 
2113 	return mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, NULL,
2114 					      RATE_PARAM_MMPS_UPDATE);
2115 }
2116 
2117 static int
2118 mt7915_mcu_add_rate_ctrl_fixed(struct mt7915_dev *dev,
2119 			       struct ieee80211_vif *vif,
2120 			       struct ieee80211_sta *sta)
2121 {
2122 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2123 	struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
2124 	struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
2125 	enum nl80211_band band = chandef->chan->band;
2126 	struct sta_phy phy = {};
2127 	int ret, nrates = 0;
2128 
2129 #define __sta_phy_bitrate_mask_check(_mcs, _gi, _he)				\
2130 	do {									\
2131 		u8 i, gi = mask->control[band]._gi;				\
2132 		gi = (_he) ? gi : gi == NL80211_TXRATE_FORCE_SGI;		\
2133 		for (i = 0; i <= sta->bandwidth; i++) {				\
2134 			phy.sgi |= gi << (i << (_he));				\
2135 			phy.he_ltf |= mask->control[band].he_ltf << (i << (_he));\
2136 		}								\
2137 		for (i = 0; i < ARRAY_SIZE(mask->control[band]._mcs); i++) 	\
2138 			nrates += hweight16(mask->control[band]._mcs[i]);  	\
2139 		phy.mcs = ffs(mask->control[band]._mcs[0]) - 1;			\
2140 	} while (0)
2141 
2142 	if (sta->he_cap.has_he) {
2143 		__sta_phy_bitrate_mask_check(he_mcs, he_gi, 1);
2144 	} else if (sta->vht_cap.vht_supported) {
2145 		__sta_phy_bitrate_mask_check(vht_mcs, gi, 0);
2146 	} else if (sta->ht_cap.ht_supported) {
2147 		__sta_phy_bitrate_mask_check(ht_mcs, gi, 0);
2148 	} else {
2149 		nrates = hweight32(mask->control[band].legacy);
2150 		phy.mcs = ffs(mask->control[band].legacy) - 1;
2151 	}
2152 #undef __sta_phy_bitrate_mask_check
2153 
2154 	/* fall back to auto rate control */
2155 	if (mask->control[band].gi == NL80211_TXRATE_DEFAULT_GI &&
2156 	    mask->control[band].he_gi == GENMASK(7, 0) &&
2157 	    mask->control[band].he_ltf == GENMASK(7, 0) &&
2158 	    nrates != 1)
2159 		return 0;
2160 
2161 	/* fixed single rate */
2162 	if (nrates == 1) {
2163 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
2164 						     RATE_PARAM_FIXED_MCS);
2165 		if (ret)
2166 			return ret;
2167 	}
2168 
2169 	/* fixed GI */
2170 	if (mask->control[band].gi != NL80211_TXRATE_DEFAULT_GI ||
2171 	    mask->control[band].he_gi != GENMASK(7, 0)) {
2172 		struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
2173 		u32 addr;
2174 
2175 		/* firmware updates only TXCMD but doesn't take WTBL into
2176 		 * account, so driver should update here to reflect the
2177 		 * actual txrate hardware sends out.
2178 		 */
2179 		addr = mt7915_mac_wtbl_lmac_addr(dev, msta->wcid.idx, 7);
2180 		if (sta->he_cap.has_he)
2181 			mt76_rmw_field(dev, addr, GENMASK(31, 24), phy.sgi);
2182 		else
2183 			mt76_rmw_field(dev, addr, GENMASK(15, 12), phy.sgi);
2184 
2185 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
2186 						     RATE_PARAM_FIXED_GI);
2187 		if (ret)
2188 			return ret;
2189 	}
2190 
2191 	/* fixed HE_LTF */
2192 	if (mask->control[band].he_ltf != GENMASK(7, 0)) {
2193 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
2194 						     RATE_PARAM_FIXED_HE_LTF);
2195 		if (ret)
2196 			return ret;
2197 	}
2198 
2199 	return 0;
2200 }
2201 
2202 static void
2203 mt7915_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb, struct mt7915_dev *dev,
2204 			     struct ieee80211_vif *vif, struct ieee80211_sta *sta)
2205 {
2206 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2207 	struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
2208 	struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
2209 	enum nl80211_band band = chandef->chan->band;
2210 	struct sta_rec_ra *ra;
2211 	struct tlv *tlv;
2212 	u32 supp_rate = sta->supp_rates[band];
2213 	u32 cap = sta->wme ? STA_CAP_WMM : 0;
2214 
2215 	tlv = mt7915_mcu_add_tlv(skb, STA_REC_RA, sizeof(*ra));
2216 	ra = (struct sta_rec_ra *)tlv;
2217 
2218 	ra->valid = true;
2219 	ra->auto_rate = true;
2220 	ra->phy_mode = mt7915_get_phy_mode(vif, sta);
2221 	ra->channel = chandef->chan->hw_value;
2222 	ra->bw = sta->bandwidth;
2223 	ra->phy.bw = sta->bandwidth;
2224 
2225 	if (supp_rate) {
2226 		supp_rate &= mask->control[band].legacy;
2227 		ra->rate_len = hweight32(supp_rate);
2228 
2229 		if (band == NL80211_BAND_2GHZ) {
2230 			ra->supp_mode = MODE_CCK;
2231 			ra->supp_cck_rate = supp_rate & GENMASK(3, 0);
2232 
2233 			if (ra->rate_len > 4) {
2234 				ra->supp_mode |= MODE_OFDM;
2235 				ra->supp_ofdm_rate = supp_rate >> 4;
2236 			}
2237 		} else {
2238 			ra->supp_mode = MODE_OFDM;
2239 			ra->supp_ofdm_rate = supp_rate;
2240 		}
2241 	}
2242 
2243 	if (sta->ht_cap.ht_supported) {
2244 		ra->supp_mode |= MODE_HT;
2245 		ra->af = sta->ht_cap.ampdu_factor;
2246 		ra->ht_gf = !!(sta->ht_cap.cap & IEEE80211_HT_CAP_GRN_FLD);
2247 
2248 		cap |= STA_CAP_HT;
2249 		if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20)
2250 			cap |= STA_CAP_SGI_20;
2251 		if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40)
2252 			cap |= STA_CAP_SGI_40;
2253 		if (sta->ht_cap.cap & IEEE80211_HT_CAP_TX_STBC)
2254 			cap |= STA_CAP_TX_STBC;
2255 		if (sta->ht_cap.cap & IEEE80211_HT_CAP_RX_STBC)
2256 			cap |= STA_CAP_RX_STBC;
2257 		if (mvif->cap.ldpc &&
2258 		    (sta->ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING))
2259 			cap |= STA_CAP_LDPC;
2260 
2261 		mt7915_mcu_set_sta_ht_mcs(sta, ra->ht_mcs,
2262 					  mask->control[band].ht_mcs);
2263 		ra->supp_ht_mcs = *(__le32 *)ra->ht_mcs;
2264 	}
2265 
2266 	if (sta->vht_cap.vht_supported) {
2267 		u8 af;
2268 
2269 		ra->supp_mode |= MODE_VHT;
2270 		af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
2271 			       sta->vht_cap.cap);
2272 		ra->af = max_t(u8, ra->af, af);
2273 
2274 		cap |= STA_CAP_VHT;
2275 		if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80)
2276 			cap |= STA_CAP_VHT_SGI_80;
2277 		if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160)
2278 			cap |= STA_CAP_VHT_SGI_160;
2279 		if (sta->vht_cap.cap & IEEE80211_VHT_CAP_TXSTBC)
2280 			cap |= STA_CAP_VHT_TX_STBC;
2281 		if (sta->vht_cap.cap & IEEE80211_VHT_CAP_RXSTBC_1)
2282 			cap |= STA_CAP_VHT_RX_STBC;
2283 		if (mvif->cap.ldpc &&
2284 		    (sta->vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC))
2285 			cap |= STA_CAP_VHT_LDPC;
2286 
2287 		mt7915_mcu_set_sta_vht_mcs(sta, ra->supp_vht_mcs,
2288 					   mask->control[band].vht_mcs);
2289 	}
2290 
2291 	if (sta->he_cap.has_he) {
2292 		ra->supp_mode |= MODE_HE;
2293 		cap |= STA_CAP_HE;
2294 	}
2295 
2296 	ra->sta_cap = cpu_to_le32(cap);
2297 }
2298 
2299 int mt7915_mcu_add_rate_ctrl(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2300 			     struct ieee80211_sta *sta, bool changed)
2301 {
2302 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2303 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
2304 	struct sk_buff *skb;
2305 	int ret;
2306 
2307 	skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta,
2308 				       MT76_CONNAC_STA_UPDATE_MAX_SIZE);
2309 	if (IS_ERR(skb))
2310 		return PTR_ERR(skb);
2311 
2312 	/* firmware rc algorithm refers to sta_rec_he for HE control.
2313 	 * once dev->rc_work changes the settings driver should also
2314 	 * update sta_rec_he here.
2315 	 */
2316 	if (sta->he_cap.has_he && changed)
2317 		mt7915_mcu_sta_he_tlv(skb, sta, vif);
2318 
2319 	/* sta_rec_ra accommodates BW, NSS and only MCS range format
2320 	 * i.e 0-{7,8,9} for VHT.
2321 	 */
2322 	mt7915_mcu_sta_rate_ctrl_tlv(skb, dev, vif, sta);
2323 
2324 	ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2325 				    MCU_EXT_CMD(STA_REC_UPDATE), true);
2326 	if (ret)
2327 		return ret;
2328 
2329 	/* sta_rec_ra_fixed accommodates single rate, (HE)GI and HE_LTE,
2330 	 * and updates as peer fixed rate parameters, which overrides
2331 	 * sta_rec_ra and firmware rate control algorithm.
2332 	 */
2333 	return mt7915_mcu_add_rate_ctrl_fixed(dev, vif, sta);
2334 }
2335 
2336 static int
2337 mt7915_mcu_add_group(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2338 		     struct ieee80211_sta *sta)
2339 {
2340 #define MT_STA_BSS_GROUP		1
2341 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2342 	struct mt7915_sta *msta;
2343 	struct {
2344 		__le32 action;
2345 		u8 wlan_idx_lo;
2346 		u8 status;
2347 		u8 wlan_idx_hi;
2348 		u8 rsv0[5];
2349 		__le32 val;
2350 		u8 rsv1[8];
2351 	} __packed req = {
2352 		.action = cpu_to_le32(MT_STA_BSS_GROUP),
2353 		.val = cpu_to_le32(mvif->mt76.idx % 16),
2354 	};
2355 
2356 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
2357 	req.wlan_idx_lo = to_wcid_lo(msta->wcid.idx);
2358 	req.wlan_idx_hi = to_wcid_hi(msta->wcid.idx);
2359 
2360 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_DRR_CTRL), &req,
2361 				 sizeof(req), true);
2362 }
2363 
2364 int mt7915_mcu_add_sta(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2365 		       struct ieee80211_sta *sta, bool enable)
2366 {
2367 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2368 	struct mt7915_sta *msta;
2369 	struct sk_buff *skb;
2370 	int ret;
2371 
2372 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
2373 
2374 	skb = mt7915_mcu_alloc_sta_req(dev, mvif, msta,
2375 				       MT76_CONNAC_STA_UPDATE_MAX_SIZE);
2376 	if (IS_ERR(skb))
2377 		return PTR_ERR(skb);
2378 
2379 	/* starec basic */
2380 	mt7915_mcu_sta_basic_tlv(skb, vif, sta, enable);
2381 	if (!enable)
2382 		goto out;
2383 
2384 	/* tag order is in accordance with firmware dependency. */
2385 	if (sta && sta->ht_cap.ht_supported) {
2386 		/* starec bfer */
2387 		mt7915_mcu_sta_bfer_tlv(dev, skb, vif, sta);
2388 		/* starec ht */
2389 		mt7915_mcu_sta_ht_tlv(skb, sta);
2390 		/* starec vht */
2391 		mt7915_mcu_sta_vht_tlv(skb, sta);
2392 		/* starec uapsd */
2393 		mt7915_mcu_sta_uapsd_tlv(skb, sta, vif);
2394 	}
2395 
2396 	ret = mt7915_mcu_sta_wtbl_tlv(dev, skb, vif, sta);
2397 	if (ret)
2398 		return ret;
2399 
2400 	if (sta && sta->ht_cap.ht_supported) {
2401 		/* starec amsdu */
2402 		mt7915_mcu_sta_amsdu_tlv(skb, vif, sta);
2403 		/* starec he */
2404 		mt7915_mcu_sta_he_tlv(skb, sta, vif);
2405 		/* starec muru */
2406 		mt7915_mcu_sta_muru_tlv(skb, sta, vif);
2407 		/* starec bfee */
2408 		mt7915_mcu_sta_bfee_tlv(dev, skb, vif, sta);
2409 	}
2410 
2411 	ret = mt7915_mcu_add_group(dev, vif, sta);
2412 	if (ret)
2413 		return ret;
2414 out:
2415 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2416 				     MCU_EXT_CMD(STA_REC_UPDATE), true);
2417 }
2418 
2419 int mt7915_mcu_add_dev_info(struct mt7915_phy *phy,
2420 			    struct ieee80211_vif *vif, bool enable)
2421 {
2422 	struct mt7915_dev *dev = phy->dev;
2423 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2424 	struct {
2425 		struct req_hdr {
2426 			u8 omac_idx;
2427 			u8 dbdc_idx;
2428 			__le16 tlv_num;
2429 			u8 is_tlv_append;
2430 			u8 rsv[3];
2431 		} __packed hdr;
2432 		struct req_tlv {
2433 			__le16 tag;
2434 			__le16 len;
2435 			u8 active;
2436 			u8 dbdc_idx;
2437 			u8 omac_addr[ETH_ALEN];
2438 		} __packed tlv;
2439 	} data = {
2440 		.hdr = {
2441 			.omac_idx = mvif->mt76.omac_idx,
2442 			.dbdc_idx = mvif->mt76.band_idx,
2443 			.tlv_num = cpu_to_le16(1),
2444 			.is_tlv_append = 1,
2445 		},
2446 		.tlv = {
2447 			.tag = cpu_to_le16(DEV_INFO_ACTIVE),
2448 			.len = cpu_to_le16(sizeof(struct req_tlv)),
2449 			.active = enable,
2450 			.dbdc_idx = mvif->mt76.band_idx,
2451 		},
2452 	};
2453 
2454 	if (mvif->mt76.omac_idx >= REPEATER_BSSID_START)
2455 		return mt7915_mcu_muar_config(phy, vif, false, enable);
2456 
2457 	memcpy(data.tlv.omac_addr, vif->addr, ETH_ALEN);
2458 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(DEV_INFO_UPDATE),
2459 				 &data, sizeof(data), true);
2460 }
2461 
2462 static void
2463 mt7915_mcu_beacon_cntdwn(struct ieee80211_vif *vif, struct sk_buff *rskb,
2464 			 struct sk_buff *skb, struct bss_info_bcn *bcn,
2465 			 struct ieee80211_mutable_offsets *offs)
2466 {
2467 	struct bss_info_bcn_cntdwn *info;
2468 	struct tlv *tlv;
2469 	int sub_tag;
2470 
2471 	if (!offs->cntdwn_counter_offs[0])
2472 		return;
2473 
2474 	sub_tag = vif->csa_active ? BSS_INFO_BCN_CSA : BSS_INFO_BCN_BCC;
2475 	tlv = mt7915_mcu_add_nested_subtlv(rskb, sub_tag, sizeof(*info),
2476 					   &bcn->sub_ntlv, &bcn->len);
2477 	info = (struct bss_info_bcn_cntdwn *)tlv;
2478 	info->cnt = skb->data[offs->cntdwn_counter_offs[0]];
2479 }
2480 
2481 static void
2482 mt7915_mcu_beacon_cont(struct mt7915_dev *dev, struct ieee80211_vif *vif,
2483 		       struct sk_buff *rskb, struct sk_buff *skb,
2484 		       struct bss_info_bcn *bcn,
2485 		       struct ieee80211_mutable_offsets *offs)
2486 {
2487 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
2488 	struct bss_info_bcn_cont *cont;
2489 	struct tlv *tlv;
2490 	u8 *buf;
2491 	int len = sizeof(*cont) + MT_TXD_SIZE + skb->len;
2492 
2493 	tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_CONTENT,
2494 					   len, &bcn->sub_ntlv, &bcn->len);
2495 
2496 	cont = (struct bss_info_bcn_cont *)tlv;
2497 	cont->pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
2498 	cont->tim_ofs = cpu_to_le16(offs->tim_offset);
2499 
2500 	if (offs->cntdwn_counter_offs[0]) {
2501 		u16 offset = offs->cntdwn_counter_offs[0];
2502 
2503 		if (vif->csa_active)
2504 			cont->csa_ofs = cpu_to_le16(offset - 4);
2505 		if (vif->color_change_active)
2506 			cont->bcc_ofs = cpu_to_le16(offset - 3);
2507 	}
2508 
2509 	buf = (u8 *)tlv + sizeof(*cont);
2510 	mt7915_mac_write_txwi(dev, (__le32 *)buf, skb, wcid, 0, NULL,
2511 			      true);
2512 	memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
2513 }
2514 
2515 static void
2516 mt7915_mcu_beacon_check_caps(struct mt7915_phy *phy, struct ieee80211_vif *vif,
2517 			     struct sk_buff *skb)
2518 {
2519 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2520 	struct mt7915_vif_cap *vc = &mvif->cap;
2521 	const struct ieee80211_he_cap_elem *he;
2522 	const struct ieee80211_vht_cap *vht;
2523 	const struct ieee80211_ht_cap *ht;
2524 	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
2525 	const u8 *ie;
2526 	u32 len, bc;
2527 
2528 	/* Check missing configuration options to allow AP mode in mac80211
2529 	 * to remain in sync with hostapd settings, and get a subset of
2530 	 * beacon and hardware capabilities.
2531 	 */
2532 	if (WARN_ON_ONCE(skb->len <= (mgmt->u.beacon.variable - skb->data)))
2533 		return;
2534 
2535 	memset(vc, 0, sizeof(*vc));
2536 
2537 	len = skb->len - (mgmt->u.beacon.variable - skb->data);
2538 
2539 	ie = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, mgmt->u.beacon.variable,
2540 			      len);
2541 	if (ie && ie[1] >= sizeof(*ht)) {
2542 		ht = (void *)(ie + 2);
2543 		vc->ldpc |= !!(le16_to_cpu(ht->cap_info) &
2544 			       IEEE80211_HT_CAP_LDPC_CODING);
2545 	}
2546 
2547 	ie = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, mgmt->u.beacon.variable,
2548 			      len);
2549 	if (ie && ie[1] >= sizeof(*vht)) {
2550 		u32 pc = phy->mt76->sband_5g.sband.vht_cap.cap;
2551 
2552 		vht = (void *)(ie + 2);
2553 		bc = le32_to_cpu(vht->vht_cap_info);
2554 
2555 		vc->ldpc |= !!(bc & IEEE80211_VHT_CAP_RXLDPC);
2556 		vc->vht_su_ebfer =
2557 			(bc & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE) &&
2558 			(pc & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
2559 		vc->vht_su_ebfee =
2560 			(bc & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE) &&
2561 			(pc & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
2562 		vc->vht_mu_ebfer =
2563 			(bc & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE) &&
2564 			(pc & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE);
2565 		vc->vht_mu_ebfee =
2566 			(bc & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) &&
2567 			(pc & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
2568 	}
2569 
2570 	ie = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY,
2571 				  mgmt->u.beacon.variable, len);
2572 	if (ie && ie[1] >= sizeof(*he) + 1) {
2573 		const struct ieee80211_sta_he_cap *pc =
2574 			mt7915_get_he_phy_cap(phy, vif);
2575 		const struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
2576 
2577 		he = (void *)(ie + 3);
2578 
2579 		vc->he_su_ebfer =
2580 			HE_PHY(CAP3_SU_BEAMFORMER, he->phy_cap_info[3]) &&
2581 			HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]);
2582 		vc->he_su_ebfee =
2583 			HE_PHY(CAP4_SU_BEAMFORMEE, he->phy_cap_info[4]) &&
2584 			HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]);
2585 		vc->he_mu_ebfer =
2586 			HE_PHY(CAP4_MU_BEAMFORMER, he->phy_cap_info[4]) &&
2587 			HE_PHY(CAP4_MU_BEAMFORMER, pe->phy_cap_info[4]);
2588 	}
2589 }
2590 
2591 int mt7915_mcu_add_beacon(struct ieee80211_hw *hw,
2592 			  struct ieee80211_vif *vif, int en)
2593 {
2594 #define MAX_BEACON_SIZE 512
2595 	struct mt7915_dev *dev = mt7915_hw_dev(hw);
2596 	struct mt7915_phy *phy = mt7915_hw_phy(hw);
2597 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2598 	struct ieee80211_mutable_offsets offs;
2599 	struct ieee80211_tx_info *info;
2600 	struct sk_buff *skb, *rskb;
2601 	struct tlv *tlv;
2602 	struct bss_info_bcn *bcn;
2603 	int len = MT7915_BEACON_UPDATE_SIZE + MAX_BEACON_SIZE;
2604 
2605 	rskb = mt7915_mcu_alloc_sta_req(dev, mvif, NULL, len);
2606 	if (IS_ERR(rskb))
2607 		return PTR_ERR(rskb);
2608 
2609 	tlv = mt7915_mcu_add_tlv(rskb, BSS_INFO_OFFLOAD, sizeof(*bcn));
2610 	bcn = (struct bss_info_bcn *)tlv;
2611 	bcn->enable = en;
2612 
2613 	if (!en)
2614 		goto out;
2615 
2616 	skb = ieee80211_beacon_get_template(hw, vif, &offs);
2617 	if (!skb)
2618 		return -EINVAL;
2619 
2620 	if (skb->len > MAX_BEACON_SIZE - MT_TXD_SIZE) {
2621 		dev_err(dev->mt76.dev, "Bcn size limit exceed\n");
2622 		dev_kfree_skb(skb);
2623 		return -EINVAL;
2624 	}
2625 
2626 	if (mvif->mt76.band_idx) {
2627 		info = IEEE80211_SKB_CB(skb);
2628 		info->hw_queue |= MT_TX_HW_QUEUE_EXT_PHY;
2629 	}
2630 
2631 	mt7915_mcu_beacon_check_caps(phy, vif, skb);
2632 
2633 	/* TODO: subtag - 11v MBSSID */
2634 	mt7915_mcu_beacon_cntdwn(vif, rskb, skb, bcn, &offs);
2635 	mt7915_mcu_beacon_cont(dev, vif, rskb, skb, bcn, &offs);
2636 	dev_kfree_skb(skb);
2637 
2638 out:
2639 	return mt76_mcu_skb_send_msg(&phy->dev->mt76, rskb,
2640 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
2641 }
2642 
2643 static int mt7915_mcu_start_firmware(struct mt7915_dev *dev, u32 addr,
2644 				     u32 option)
2645 {
2646 	struct {
2647 		__le32 option;
2648 		__le32 addr;
2649 	} req = {
2650 		.option = cpu_to_le32(option),
2651 		.addr = cpu_to_le32(addr),
2652 	};
2653 
2654 	return mt76_mcu_send_msg(&dev->mt76, MCU_CMD(FW_START_REQ), &req,
2655 				 sizeof(req), true);
2656 }
2657 
2658 static int mt7915_mcu_restart(struct mt76_dev *dev)
2659 {
2660 	struct {
2661 		u8 power_mode;
2662 		u8 rsv[3];
2663 	} req = {
2664 		.power_mode = 1,
2665 	};
2666 
2667 	return mt76_mcu_send_msg(dev, MCU_CMD(NIC_POWER_CTRL), &req,
2668 				 sizeof(req), false);
2669 }
2670 
2671 static int mt7915_mcu_patch_sem_ctrl(struct mt7915_dev *dev, bool get)
2672 {
2673 	struct {
2674 		__le32 op;
2675 	} req = {
2676 		.op = cpu_to_le32(get ? PATCH_SEM_GET : PATCH_SEM_RELEASE),
2677 	};
2678 
2679 	return mt76_mcu_send_msg(&dev->mt76, MCU_CMD(PATCH_SEM_CONTROL), &req,
2680 				 sizeof(req), true);
2681 }
2682 
2683 static int mt7915_mcu_start_patch(struct mt7915_dev *dev)
2684 {
2685 	struct {
2686 		u8 check_crc;
2687 		u8 reserved[3];
2688 	} req = {
2689 		.check_crc = 0,
2690 	};
2691 
2692 	return mt76_mcu_send_msg(&dev->mt76, MCU_CMD(PATCH_FINISH_REQ), &req,
2693 				 sizeof(req), true);
2694 }
2695 
2696 static int mt7915_driver_own(struct mt7915_dev *dev)
2697 {
2698 	mt76_wr(dev, MT_TOP_LPCR_HOST_BAND0, MT_TOP_LPCR_HOST_DRV_OWN);
2699 	if (!mt76_poll_msec(dev, MT_TOP_LPCR_HOST_BAND0,
2700 			    MT_TOP_LPCR_HOST_FW_OWN, 0, 500)) {
2701 		dev_err(dev->mt76.dev, "Timeout for driver own\n");
2702 		return -EIO;
2703 	}
2704 
2705 	return 0;
2706 }
2707 
2708 static int mt7915_mcu_init_download(struct mt7915_dev *dev, u32 addr,
2709 				    u32 len, u32 mode)
2710 {
2711 	struct {
2712 		__le32 addr;
2713 		__le32 len;
2714 		__le32 mode;
2715 	} req = {
2716 		.addr = cpu_to_le32(addr),
2717 		.len = cpu_to_le32(len),
2718 		.mode = cpu_to_le32(mode),
2719 	};
2720 	int attr;
2721 
2722 	if (req.addr == cpu_to_le32(MCU_PATCH_ADDRESS))
2723 		attr = MCU_CMD(PATCH_START_REQ);
2724 	else
2725 		attr = MCU_CMD(TARGET_ADDRESS_LEN_REQ);
2726 
2727 	return mt76_mcu_send_msg(&dev->mt76, attr, &req, sizeof(req), true);
2728 }
2729 
2730 static int mt7915_load_patch(struct mt7915_dev *dev)
2731 {
2732 	const struct mt7915_patch_hdr *hdr;
2733 	const struct firmware *fw = NULL;
2734 	int i, ret, sem;
2735 
2736 	sem = mt7915_mcu_patch_sem_ctrl(dev, 1);
2737 	switch (sem) {
2738 	case PATCH_IS_DL:
2739 		return 0;
2740 	case PATCH_NOT_DL_SEM_SUCCESS:
2741 		break;
2742 	default:
2743 		dev_err(dev->mt76.dev, "Failed to get patch semaphore\n");
2744 		return -EAGAIN;
2745 	}
2746 
2747 	ret = request_firmware(&fw, MT7915_ROM_PATCH, dev->mt76.dev);
2748 	if (ret)
2749 		goto out;
2750 
2751 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2752 		dev_err(dev->mt76.dev, "Invalid firmware\n");
2753 		ret = -EINVAL;
2754 		goto out;
2755 	}
2756 
2757 	hdr = (const struct mt7915_patch_hdr *)(fw->data);
2758 
2759 	dev_info(dev->mt76.dev, "HW/SW Version: 0x%x, Build Time: %.16s\n",
2760 		 be32_to_cpu(hdr->hw_sw_ver), hdr->build_date);
2761 
2762 	for (i = 0; i < be32_to_cpu(hdr->desc.n_region); i++) {
2763 		struct mt7915_patch_sec *sec;
2764 		const u8 *dl;
2765 		u32 len, addr;
2766 
2767 		sec = (struct mt7915_patch_sec *)(fw->data + sizeof(*hdr) +
2768 						  i * sizeof(*sec));
2769 		if ((be32_to_cpu(sec->type) & PATCH_SEC_TYPE_MASK) !=
2770 		    PATCH_SEC_TYPE_INFO) {
2771 			ret = -EINVAL;
2772 			goto out;
2773 		}
2774 
2775 		addr = be32_to_cpu(sec->info.addr);
2776 		len = be32_to_cpu(sec->info.len);
2777 		dl = fw->data + be32_to_cpu(sec->offs);
2778 
2779 		ret = mt7915_mcu_init_download(dev, addr, len,
2780 					       DL_MODE_NEED_RSP);
2781 		if (ret) {
2782 			dev_err(dev->mt76.dev, "Download request failed\n");
2783 			goto out;
2784 		}
2785 
2786 		ret = __mt76_mcu_send_firmware(&dev->mt76, MCU_CMD(FW_SCATTER),
2787 					       dl, len, 4096);
2788 		if (ret) {
2789 			dev_err(dev->mt76.dev, "Failed to send patch\n");
2790 			goto out;
2791 		}
2792 	}
2793 
2794 	ret = mt7915_mcu_start_patch(dev);
2795 	if (ret)
2796 		dev_err(dev->mt76.dev, "Failed to start patch\n");
2797 
2798 out:
2799 	sem = mt7915_mcu_patch_sem_ctrl(dev, 0);
2800 	switch (sem) {
2801 	case PATCH_REL_SEM_SUCCESS:
2802 		break;
2803 	default:
2804 		ret = -EAGAIN;
2805 		dev_err(dev->mt76.dev, "Failed to release patch semaphore\n");
2806 		break;
2807 	}
2808 	release_firmware(fw);
2809 
2810 	return ret;
2811 }
2812 
2813 static u32 mt7915_mcu_gen_dl_mode(u8 feature_set, bool is_wa)
2814 {
2815 	u32 ret = 0;
2816 
2817 	ret |= (feature_set & FW_FEATURE_SET_ENCRYPT) ?
2818 	       (DL_MODE_ENCRYPT | DL_MODE_RESET_SEC_IV) : 0;
2819 	ret |= FIELD_PREP(DL_MODE_KEY_IDX,
2820 			  FIELD_GET(FW_FEATURE_SET_KEY_IDX, feature_set));
2821 	ret |= DL_MODE_NEED_RSP;
2822 	ret |= is_wa ? DL_MODE_WORKING_PDA_CR4 : 0;
2823 
2824 	return ret;
2825 }
2826 
2827 static int
2828 mt7915_mcu_send_ram_firmware(struct mt7915_dev *dev,
2829 			     const struct mt7915_fw_trailer *hdr,
2830 			     const u8 *data, bool is_wa)
2831 {
2832 	int i, offset = 0;
2833 	u32 override = 0, option = 0;
2834 
2835 	for (i = 0; i < hdr->n_region; i++) {
2836 		const struct mt7915_fw_region *region;
2837 		int err;
2838 		u32 len, addr, mode;
2839 
2840 		region = (const struct mt7915_fw_region *)((const u8 *)hdr -
2841 			 (hdr->n_region - i) * sizeof(*region));
2842 		mode = mt7915_mcu_gen_dl_mode(region->feature_set, is_wa);
2843 		len = le32_to_cpu(region->len);
2844 		addr = le32_to_cpu(region->addr);
2845 
2846 		if (region->feature_set & FW_FEATURE_OVERRIDE_ADDR)
2847 			override = addr;
2848 
2849 		err = mt7915_mcu_init_download(dev, addr, len, mode);
2850 		if (err) {
2851 			dev_err(dev->mt76.dev, "Download request failed\n");
2852 			return err;
2853 		}
2854 
2855 		err = __mt76_mcu_send_firmware(&dev->mt76, MCU_CMD(FW_SCATTER),
2856 					       data + offset, len, 4096);
2857 		if (err) {
2858 			dev_err(dev->mt76.dev, "Failed to send firmware.\n");
2859 			return err;
2860 		}
2861 
2862 		offset += len;
2863 	}
2864 
2865 	if (override)
2866 		option |= FW_START_OVERRIDE;
2867 
2868 	if (is_wa)
2869 		option |= FW_START_WORKING_PDA_CR4;
2870 
2871 	return mt7915_mcu_start_firmware(dev, override, option);
2872 }
2873 
2874 static int mt7915_load_ram(struct mt7915_dev *dev)
2875 {
2876 	const struct mt7915_fw_trailer *hdr;
2877 	const struct firmware *fw;
2878 	int ret;
2879 
2880 	ret = request_firmware(&fw, MT7915_FIRMWARE_WM, dev->mt76.dev);
2881 	if (ret)
2882 		return ret;
2883 
2884 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2885 		dev_err(dev->mt76.dev, "Invalid firmware\n");
2886 		ret = -EINVAL;
2887 		goto out;
2888 	}
2889 
2890 	hdr = (const struct mt7915_fw_trailer *)(fw->data + fw->size -
2891 					sizeof(*hdr));
2892 
2893 	dev_info(dev->mt76.dev, "WM Firmware Version: %.10s, Build Time: %.15s\n",
2894 		 hdr->fw_ver, hdr->build_date);
2895 
2896 	ret = mt7915_mcu_send_ram_firmware(dev, hdr, fw->data, false);
2897 	if (ret) {
2898 		dev_err(dev->mt76.dev, "Failed to start WM firmware\n");
2899 		goto out;
2900 	}
2901 
2902 	release_firmware(fw);
2903 
2904 	ret = request_firmware(&fw, MT7915_FIRMWARE_WA, dev->mt76.dev);
2905 	if (ret)
2906 		return ret;
2907 
2908 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2909 		dev_err(dev->mt76.dev, "Invalid firmware\n");
2910 		ret = -EINVAL;
2911 		goto out;
2912 	}
2913 
2914 	hdr = (const struct mt7915_fw_trailer *)(fw->data + fw->size -
2915 					sizeof(*hdr));
2916 
2917 	dev_info(dev->mt76.dev, "WA Firmware Version: %.10s, Build Time: %.15s\n",
2918 		 hdr->fw_ver, hdr->build_date);
2919 
2920 	ret = mt7915_mcu_send_ram_firmware(dev, hdr, fw->data, true);
2921 	if (ret) {
2922 		dev_err(dev->mt76.dev, "Failed to start WA firmware\n");
2923 		goto out;
2924 	}
2925 
2926 	snprintf(dev->mt76.hw->wiphy->fw_version,
2927 		 sizeof(dev->mt76.hw->wiphy->fw_version),
2928 		 "%.10s-%.15s", hdr->fw_ver, hdr->build_date);
2929 
2930 out:
2931 	release_firmware(fw);
2932 
2933 	return ret;
2934 }
2935 
2936 static int mt7915_load_firmware(struct mt7915_dev *dev)
2937 {
2938 	int ret;
2939 
2940 	ret = mt7915_load_patch(dev);
2941 	if (ret)
2942 		return ret;
2943 
2944 	ret = mt7915_load_ram(dev);
2945 	if (ret)
2946 		return ret;
2947 
2948 	if (!mt76_poll_msec(dev, MT_TOP_MISC, MT_TOP_MISC_FW_STATE,
2949 			    FIELD_PREP(MT_TOP_MISC_FW_STATE,
2950 				       FW_STATE_RDY), 1000)) {
2951 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
2952 		return -EIO;
2953 	}
2954 
2955 	mt76_queue_tx_cleanup(dev, dev->mt76.q_mcu[MT_MCUQ_FWDL], false);
2956 
2957 	dev_dbg(dev->mt76.dev, "Firmware init done\n");
2958 
2959 	return 0;
2960 }
2961 
2962 int mt7915_mcu_fw_log_2_host(struct mt7915_dev *dev, u8 type, u8 ctrl)
2963 {
2964 	struct {
2965 		u8 ctrl_val;
2966 		u8 pad[3];
2967 	} data = {
2968 		.ctrl_val = ctrl
2969 	};
2970 
2971 	if (type == MCU_FW_LOG_WA)
2972 		return mt76_mcu_send_msg(&dev->mt76, MCU_WA_EXT_CMD(FW_LOG_2_HOST),
2973 					 &data, sizeof(data), true);
2974 
2975 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(FW_LOG_2_HOST), &data,
2976 				 sizeof(data), true);
2977 }
2978 
2979 int mt7915_mcu_fw_dbg_ctrl(struct mt7915_dev *dev, u32 module, u8 level)
2980 {
2981 	struct {
2982 		u8 ver;
2983 		u8 pad;
2984 		__le16 len;
2985 		u8 level;
2986 		u8 rsv[3];
2987 		__le32 module_idx;
2988 	} data = {
2989 		.module_idx = cpu_to_le32(module),
2990 		.level = level,
2991 	};
2992 
2993 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(FW_DBG_CTRL), &data,
2994 				 sizeof(data), false);
2995 }
2996 
2997 int mt7915_mcu_muru_debug_set(struct mt7915_dev *dev, bool enabled)
2998 {
2999 	struct {
3000 		__le32 cmd;
3001 		u8 enable;
3002 	} data = {
3003 		.cmd = cpu_to_le32(MURU_SET_TXC_TX_STATS_EN),
3004 		.enable = enabled,
3005 	};
3006 
3007 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL), &data,
3008 				sizeof(data), false);
3009 }
3010 
3011 int mt7915_mcu_muru_debug_get(struct mt7915_phy *phy, void *ms)
3012 {
3013 	struct mt7915_dev *dev = phy->dev;
3014 	struct sk_buff *skb;
3015 	struct mt7915_mcu_muru_stats *mu_stats =
3016 				(struct mt7915_mcu_muru_stats *)ms;
3017 	int ret;
3018 
3019 	struct {
3020 		__le32 cmd;
3021 		u8 band_idx;
3022 	} req = {
3023 		.cmd = cpu_to_le32(MURU_GET_TXC_TX_STATS),
3024 		.band_idx = phy != &dev->phy,
3025 	};
3026 
3027 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL),
3028 					&req, sizeof(req), true, &skb);
3029 	if (ret)
3030 		return ret;
3031 
3032 	memcpy(mu_stats, skb->data, sizeof(struct mt7915_mcu_muru_stats));
3033 	dev_kfree_skb(skb);
3034 
3035 	return 0;
3036 }
3037 
3038 static int mt7915_mcu_set_mwds(struct mt7915_dev *dev, bool enabled)
3039 {
3040 	struct {
3041 		u8 enable;
3042 		u8 _rsv[3];
3043 	} __packed req = {
3044 		.enable = enabled
3045 	};
3046 
3047 	return mt76_mcu_send_msg(&dev->mt76, MCU_WA_EXT_CMD(MWDS_SUPPORT), &req,
3048 				 sizeof(req), false);
3049 }
3050 
3051 int mt7915_mcu_set_muru_ctrl(struct mt7915_dev *dev, u32 cmd, u32 val)
3052 {
3053 	struct {
3054 		__le32 cmd;
3055 		u8 val[4];
3056 	} __packed req = {
3057 		.cmd = cpu_to_le32(cmd),
3058 	};
3059 
3060 	put_unaligned_le32(val, req.val);
3061 
3062 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL), &req,
3063 				 sizeof(req), false);
3064 }
3065 
3066 static int
3067 mt7915_mcu_init_rx_airtime(struct mt7915_dev *dev)
3068 {
3069 #define RX_AIRTIME_FEATURE_CTRL		1
3070 #define RX_AIRTIME_BITWISE_CTRL		2
3071 #define RX_AIRTIME_CLEAR_EN	1
3072 	struct {
3073 		__le16 field;
3074 		__le16 sub_field;
3075 		__le32 set_status;
3076 		__le32 get_status;
3077 		u8 _rsv[12];
3078 
3079 		bool airtime_en;
3080 		bool mibtime_en;
3081 		bool earlyend_en;
3082 		u8 _rsv1[9];
3083 
3084 		bool airtime_clear;
3085 		bool mibtime_clear;
3086 		u8 _rsv2[98];
3087 	} __packed req = {
3088 		.field = cpu_to_le16(RX_AIRTIME_BITWISE_CTRL),
3089 		.sub_field = cpu_to_le16(RX_AIRTIME_CLEAR_EN),
3090 		.airtime_clear = true,
3091 	};
3092 	int ret;
3093 
3094 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_AIRTIME_CTRL), &req,
3095 				sizeof(req), true);
3096 	if (ret)
3097 		return ret;
3098 
3099 	req.field = cpu_to_le16(RX_AIRTIME_FEATURE_CTRL);
3100 	req.sub_field = cpu_to_le16(RX_AIRTIME_CLEAR_EN);
3101 	req.airtime_en = true;
3102 
3103 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_AIRTIME_CTRL), &req,
3104 				 sizeof(req), true);
3105 }
3106 
3107 int mt7915_mcu_init(struct mt7915_dev *dev)
3108 {
3109 	static const struct mt76_mcu_ops mt7915_mcu_ops = {
3110 		.headroom = sizeof(struct mt7915_mcu_txd),
3111 		.mcu_skb_send_msg = mt7915_mcu_send_message,
3112 		.mcu_parse_response = mt7915_mcu_parse_response,
3113 		.mcu_restart = mt7915_mcu_restart,
3114 	};
3115 	int ret;
3116 
3117 	dev->mt76.mcu_ops = &mt7915_mcu_ops;
3118 
3119 	ret = mt7915_driver_own(dev);
3120 	if (ret)
3121 		return ret;
3122 
3123 	ret = mt7915_load_firmware(dev);
3124 	if (ret)
3125 		return ret;
3126 
3127 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
3128 	ret = mt7915_mcu_fw_log_2_host(dev, MCU_FW_LOG_WM, 0);
3129 	if (ret)
3130 		return ret;
3131 
3132 	ret = mt7915_mcu_fw_log_2_host(dev, MCU_FW_LOG_WA, 0);
3133 	if (ret)
3134 		return ret;
3135 
3136 	ret = mt7915_mcu_set_mwds(dev, 1);
3137 	if (ret)
3138 		return ret;
3139 
3140 	ret = mt7915_mcu_set_muru_ctrl(dev, MURU_SET_PLATFORM_TYPE,
3141 				       MURU_PLATFORM_TYPE_PERF_LEVEL_2);
3142 	if (ret)
3143 		return ret;
3144 
3145 	ret = mt7915_mcu_init_rx_airtime(dev);
3146 	if (ret)
3147 		return ret;
3148 
3149 	return mt7915_mcu_wa_cmd(dev, MCU_WA_PARAM_CMD(SET),
3150 				 MCU_WA_PARAM_RED, 0, 0);
3151 }
3152 
3153 void mt7915_mcu_exit(struct mt7915_dev *dev)
3154 {
3155 	__mt76_mcu_restart(&dev->mt76);
3156 	if (!mt76_poll_msec(dev, MT_TOP_MISC, MT_TOP_MISC_FW_STATE,
3157 			    FIELD_PREP(MT_TOP_MISC_FW_STATE,
3158 				       FW_STATE_FW_DOWNLOAD), 1000)) {
3159 		dev_err(dev->mt76.dev, "Failed to exit mcu\n");
3160 		return;
3161 	}
3162 
3163 	mt76_wr(dev, MT_TOP_LPCR_HOST_BAND0, MT_TOP_LPCR_HOST_FW_OWN);
3164 	skb_queue_purge(&dev->mt76.mcu.res_q);
3165 }
3166 
3167 static int
3168 mt7915_mcu_set_rx_hdr_trans_blacklist(struct mt7915_dev *dev, int band)
3169 {
3170 	struct {
3171 		u8 operation;
3172 		u8 count;
3173 		u8 _rsv[2];
3174 		u8 index;
3175 		u8 enable;
3176 		__le16 etype;
3177 	} req = {
3178 		.operation = 1,
3179 		.count = 1,
3180 		.enable = 1,
3181 		.etype = cpu_to_le16(ETH_P_PAE),
3182 	};
3183 
3184 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_HDR_TRANS),
3185 				 &req, sizeof(req), false);
3186 }
3187 
3188 int mt7915_mcu_set_mac(struct mt7915_dev *dev, int band,
3189 		       bool enable, bool hdr_trans)
3190 {
3191 	struct {
3192 		u8 operation;
3193 		u8 enable;
3194 		u8 check_bssid;
3195 		u8 insert_vlan;
3196 		u8 remove_vlan;
3197 		u8 tid;
3198 		u8 mode;
3199 		u8 rsv;
3200 	} __packed req_trans = {
3201 		.enable = hdr_trans,
3202 	};
3203 	struct {
3204 		u8 enable;
3205 		u8 band;
3206 		u8 rsv[2];
3207 	} __packed req_mac = {
3208 		.enable = enable,
3209 		.band = band,
3210 	};
3211 	int ret;
3212 
3213 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_HDR_TRANS),
3214 				&req_trans, sizeof(req_trans), false);
3215 	if (ret)
3216 		return ret;
3217 
3218 	if (hdr_trans)
3219 		mt7915_mcu_set_rx_hdr_trans_blacklist(dev, band);
3220 
3221 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MAC_INIT_CTRL),
3222 				 &req_mac, sizeof(req_mac), true);
3223 }
3224 
3225 int mt7915_mcu_set_scs(struct mt7915_dev *dev, u8 band, bool enable)
3226 {
3227 	struct {
3228 		__le32 cmd;
3229 		u8 band;
3230 		u8 enable;
3231 	} __packed req = {
3232 		.cmd = cpu_to_le32(SCS_ENABLE),
3233 		.band = band,
3234 		.enable = enable + 1,
3235 	};
3236 
3237 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SCS_CTRL), &req,
3238 				 sizeof(req), false);
3239 }
3240 
3241 int mt7915_mcu_set_rts_thresh(struct mt7915_phy *phy, u32 val)
3242 {
3243 	struct mt7915_dev *dev = phy->dev;
3244 	struct {
3245 		u8 prot_idx;
3246 		u8 band;
3247 		u8 rsv[2];
3248 		__le32 len_thresh;
3249 		__le32 pkt_thresh;
3250 	} __packed req = {
3251 		.prot_idx = 1,
3252 		.band = phy != &dev->phy,
3253 		.len_thresh = cpu_to_le32(val),
3254 		.pkt_thresh = cpu_to_le32(0x2),
3255 	};
3256 
3257 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(PROTECT_CTRL), &req,
3258 				 sizeof(req), true);
3259 }
3260 
3261 int mt7915_mcu_update_edca(struct mt7915_dev *dev, void *param)
3262 {
3263 	struct mt7915_mcu_tx *req = (struct mt7915_mcu_tx *)param;
3264 	u8 num = req->total;
3265 	size_t len = sizeof(*req) -
3266 		     (IEEE80211_NUM_ACS - num) * sizeof(struct edca);
3267 
3268 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(EDCA_UPDATE), req,
3269 				 len, true);
3270 }
3271 
3272 int mt7915_mcu_set_tx(struct mt7915_dev *dev, struct ieee80211_vif *vif)
3273 {
3274 #define TX_CMD_MODE		1
3275 	struct mt7915_mcu_tx req = {
3276 		.valid = true,
3277 		.mode = TX_CMD_MODE,
3278 		.total = IEEE80211_NUM_ACS,
3279 	};
3280 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
3281 	int ac;
3282 
3283 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3284 		struct ieee80211_tx_queue_params *q = &mvif->queue_params[ac];
3285 		struct edca *e = &req.edca[ac];
3286 
3287 		e->set = WMM_PARAM_SET;
3288 		e->queue = ac + mvif->mt76.wmm_idx * MT7915_MAX_WMM_SETS;
3289 		e->aifs = q->aifs;
3290 		e->txop = cpu_to_le16(q->txop);
3291 
3292 		if (q->cw_min)
3293 			e->cw_min = fls(q->cw_min);
3294 		else
3295 			e->cw_min = 5;
3296 
3297 		if (q->cw_max)
3298 			e->cw_max = cpu_to_le16(fls(q->cw_max));
3299 		else
3300 			e->cw_max = cpu_to_le16(10);
3301 	}
3302 
3303 	return mt7915_mcu_update_edca(dev, &req);
3304 }
3305 
3306 int mt7915_mcu_set_pm(struct mt7915_dev *dev, int band, int enter)
3307 {
3308 #define ENTER_PM_STATE		1
3309 #define EXIT_PM_STATE		2
3310 	struct {
3311 		u8 pm_number;
3312 		u8 pm_state;
3313 		u8 bssid[ETH_ALEN];
3314 		u8 dtim_period;
3315 		u8 wlan_idx_lo;
3316 		__le16 bcn_interval;
3317 		__le32 aid;
3318 		__le32 rx_filter;
3319 		u8 band_idx;
3320 		u8 wlan_idx_hi;
3321 		u8 rsv[2];
3322 		__le32 feature;
3323 		u8 omac_idx;
3324 		u8 wmm_idx;
3325 		u8 bcn_loss_cnt;
3326 		u8 bcn_sp_duration;
3327 	} __packed req = {
3328 		.pm_number = 5,
3329 		.pm_state = (enter) ? ENTER_PM_STATE : EXIT_PM_STATE,
3330 		.band_idx = band,
3331 	};
3332 
3333 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(PM_STATE_CTRL), &req,
3334 				 sizeof(req), true);
3335 }
3336 
3337 int mt7915_mcu_rdd_cmd(struct mt7915_dev *dev,
3338 		       enum mt7915_rdd_cmd cmd, u8 index,
3339 		       u8 rx_sel, u8 val)
3340 {
3341 	struct {
3342 		u8 ctrl;
3343 		u8 rdd_idx;
3344 		u8 rdd_rx_sel;
3345 		u8 val;
3346 		u8 rsv[4];
3347 	} __packed req = {
3348 		.ctrl = cmd,
3349 		.rdd_idx = index,
3350 		.rdd_rx_sel = rx_sel,
3351 		.val = val,
3352 	};
3353 
3354 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_CTRL), &req,
3355 				 sizeof(req), true);
3356 }
3357 
3358 int mt7915_mcu_set_fcc5_lpn(struct mt7915_dev *dev, int val)
3359 {
3360 	struct {
3361 		__le32 tag;
3362 		__le16 min_lpn;
3363 		u8 rsv[2];
3364 	} __packed req = {
3365 		.tag = cpu_to_le32(0x1),
3366 		.min_lpn = cpu_to_le16(val),
3367 	};
3368 
3369 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
3370 				 sizeof(req), true);
3371 }
3372 
3373 int mt7915_mcu_set_pulse_th(struct mt7915_dev *dev,
3374 			    const struct mt7915_dfs_pulse *pulse)
3375 {
3376 	struct {
3377 		__le32 tag;
3378 
3379 		__le32 max_width;		/* us */
3380 		__le32 max_pwr;			/* dbm */
3381 		__le32 min_pwr;			/* dbm */
3382 		__le32 min_stgr_pri;		/* us */
3383 		__le32 max_stgr_pri;		/* us */
3384 		__le32 min_cr_pri;		/* us */
3385 		__le32 max_cr_pri;		/* us */
3386 	} __packed req = {
3387 		.tag = cpu_to_le32(0x3),
3388 
3389 #define __req_field(field) .field = cpu_to_le32(pulse->field)
3390 		__req_field(max_width),
3391 		__req_field(max_pwr),
3392 		__req_field(min_pwr),
3393 		__req_field(min_stgr_pri),
3394 		__req_field(max_stgr_pri),
3395 		__req_field(min_cr_pri),
3396 		__req_field(max_cr_pri),
3397 #undef __req_field
3398 	};
3399 
3400 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
3401 				 sizeof(req), true);
3402 }
3403 
3404 int mt7915_mcu_set_radar_th(struct mt7915_dev *dev, int index,
3405 			    const struct mt7915_dfs_pattern *pattern)
3406 {
3407 	struct {
3408 		__le32 tag;
3409 		__le16 radar_type;
3410 
3411 		u8 enb;
3412 		u8 stgr;
3413 		u8 min_crpn;
3414 		u8 max_crpn;
3415 		u8 min_crpr;
3416 		u8 min_pw;
3417 		__le32 min_pri;
3418 		__le32 max_pri;
3419 		u8 max_pw;
3420 		u8 min_crbn;
3421 		u8 max_crbn;
3422 		u8 min_stgpn;
3423 		u8 max_stgpn;
3424 		u8 min_stgpr;
3425 		u8 rsv[2];
3426 		__le32 min_stgpr_diff;
3427 	} __packed req = {
3428 		.tag = cpu_to_le32(0x2),
3429 		.radar_type = cpu_to_le16(index),
3430 
3431 #define __req_field_u8(field) .field = pattern->field
3432 #define __req_field_u32(field) .field = cpu_to_le32(pattern->field)
3433 		__req_field_u8(enb),
3434 		__req_field_u8(stgr),
3435 		__req_field_u8(min_crpn),
3436 		__req_field_u8(max_crpn),
3437 		__req_field_u8(min_crpr),
3438 		__req_field_u8(min_pw),
3439 		__req_field_u32(min_pri),
3440 		__req_field_u32(max_pri),
3441 		__req_field_u8(max_pw),
3442 		__req_field_u8(min_crbn),
3443 		__req_field_u8(max_crbn),
3444 		__req_field_u8(min_stgpn),
3445 		__req_field_u8(max_stgpn),
3446 		__req_field_u8(min_stgpr),
3447 		__req_field_u32(min_stgpr_diff),
3448 #undef __req_field_u8
3449 #undef __req_field_u32
3450 	};
3451 
3452 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
3453 				 sizeof(req), true);
3454 }
3455 
3456 int mt7915_mcu_set_chan_info(struct mt7915_phy *phy, int cmd)
3457 {
3458 	struct mt7915_dev *dev = phy->dev;
3459 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
3460 	int freq1 = chandef->center_freq1;
3461 	bool ext_phy = phy != &dev->phy;
3462 	struct {
3463 		u8 control_ch;
3464 		u8 center_ch;
3465 		u8 bw;
3466 		u8 tx_streams_num;
3467 		u8 rx_streams;	/* mask or num */
3468 		u8 switch_reason;
3469 		u8 band_idx;
3470 		u8 center_ch2;	/* for 80+80 only */
3471 		__le16 cac_case;
3472 		u8 channel_band;
3473 		u8 rsv0;
3474 		__le32 outband_freq;
3475 		u8 txpower_drop;
3476 		u8 ap_bw;
3477 		u8 ap_center_ch;
3478 		u8 rsv1[57];
3479 	} __packed req = {
3480 		.control_ch = chandef->chan->hw_value,
3481 		.center_ch = ieee80211_frequency_to_channel(freq1),
3482 		.bw = mt7915_mcu_chan_bw(chandef),
3483 		.tx_streams_num = hweight8(phy->mt76->antenna_mask),
3484 		.rx_streams = phy->mt76->antenna_mask,
3485 		.band_idx = ext_phy,
3486 		.channel_band = chandef->chan->band,
3487 	};
3488 
3489 #ifdef CONFIG_NL80211_TESTMODE
3490 	if (phy->mt76->test.tx_antenna_mask &&
3491 	    (phy->mt76->test.state == MT76_TM_STATE_TX_FRAMES ||
3492 	     phy->mt76->test.state == MT76_TM_STATE_RX_FRAMES ||
3493 	     phy->mt76->test.state == MT76_TM_STATE_TX_CONT)) {
3494 		req.tx_streams_num = fls(phy->mt76->test.tx_antenna_mask);
3495 		req.rx_streams = phy->mt76->test.tx_antenna_mask;
3496 
3497 		if (ext_phy) {
3498 			req.tx_streams_num = 2;
3499 			req.rx_streams >>= 2;
3500 		}
3501 	}
3502 #endif
3503 
3504 	if (phy->mt76->hw->conf.flags & IEEE80211_CONF_OFFCHANNEL)
3505 		req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
3506 	else if ((chandef->chan->flags & IEEE80211_CHAN_RADAR) &&
3507 		 chandef->chan->dfs_state != NL80211_DFS_AVAILABLE)
3508 		req.switch_reason = CH_SWITCH_DFS;
3509 	else
3510 		req.switch_reason = CH_SWITCH_NORMAL;
3511 
3512 	if (cmd == MCU_EXT_CMD(CHANNEL_SWITCH))
3513 		req.rx_streams = hweight8(req.rx_streams);
3514 
3515 	if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
3516 		int freq2 = chandef->center_freq2;
3517 
3518 		req.center_ch2 = ieee80211_frequency_to_channel(freq2);
3519 	}
3520 
3521 	return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), true);
3522 }
3523 
3524 static int mt7915_mcu_set_eeprom_flash(struct mt7915_dev *dev)
3525 {
3526 #define MAX_PAGE_IDX_MASK	GENMASK(7, 5)
3527 #define PAGE_IDX_MASK		GENMASK(4, 2)
3528 #define PER_PAGE_SIZE		0x400
3529 	struct mt7915_mcu_eeprom req = { .buffer_mode = EE_MODE_BUFFER };
3530 	u8 total = DIV_ROUND_UP(MT7915_EEPROM_SIZE, PER_PAGE_SIZE);
3531 	u8 *eep = (u8 *)dev->mt76.eeprom.data;
3532 	int eep_len;
3533 	int i;
3534 
3535 	for (i = 0; i < total; i++, eep += eep_len) {
3536 		struct sk_buff *skb;
3537 		int ret;
3538 
3539 		if (i == total - 1 && !!(MT7915_EEPROM_SIZE % PER_PAGE_SIZE))
3540 			eep_len = MT7915_EEPROM_SIZE % PER_PAGE_SIZE;
3541 		else
3542 			eep_len = PER_PAGE_SIZE;
3543 
3544 		skb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
3545 					 sizeof(req) + eep_len);
3546 		if (!skb)
3547 			return -ENOMEM;
3548 
3549 		req.format = FIELD_PREP(MAX_PAGE_IDX_MASK, total - 1) |
3550 			     FIELD_PREP(PAGE_IDX_MASK, i) | EE_FORMAT_WHOLE;
3551 		req.len = cpu_to_le16(eep_len);
3552 
3553 		skb_put_data(skb, &req, sizeof(req));
3554 		skb_put_data(skb, eep, eep_len);
3555 
3556 		ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
3557 					    MCU_EXT_CMD(EFUSE_BUFFER_MODE), true);
3558 		if (ret)
3559 			return ret;
3560 	}
3561 
3562 	return 0;
3563 }
3564 
3565 int mt7915_mcu_set_eeprom(struct mt7915_dev *dev)
3566 {
3567 	struct mt7915_mcu_eeprom req = {
3568 		.buffer_mode = EE_MODE_EFUSE,
3569 		.format = EE_FORMAT_WHOLE,
3570 	};
3571 
3572 	if (dev->flash_mode)
3573 		return mt7915_mcu_set_eeprom_flash(dev);
3574 
3575 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(EFUSE_BUFFER_MODE),
3576 				 &req, sizeof(req), true);
3577 }
3578 
3579 int mt7915_mcu_get_eeprom(struct mt7915_dev *dev, u32 offset)
3580 {
3581 	struct mt7915_mcu_eeprom_info req = {
3582 		.addr = cpu_to_le32(round_down(offset,
3583 				    MT7915_EEPROM_BLOCK_SIZE)),
3584 	};
3585 	struct mt7915_mcu_eeprom_info *res;
3586 	struct sk_buff *skb;
3587 	int ret;
3588 	u8 *buf;
3589 
3590 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(EFUSE_ACCESS), &req,
3591 				sizeof(req), true, &skb);
3592 	if (ret)
3593 		return ret;
3594 
3595 	res = (struct mt7915_mcu_eeprom_info *)skb->data;
3596 	buf = dev->mt76.eeprom.data + le32_to_cpu(res->addr);
3597 	memcpy(buf, res->data, MT7915_EEPROM_BLOCK_SIZE);
3598 	dev_kfree_skb(skb);
3599 
3600 	return 0;
3601 }
3602 
3603 int mt7915_mcu_get_eeprom_free_block(struct mt7915_dev *dev, u8 *block_num)
3604 {
3605 	struct {
3606 		u8 _rsv;
3607 		u8 version;
3608 		u8 die_idx;
3609 		u8 _rsv2;
3610 	} __packed req = {
3611 		.version = 1,
3612 	};
3613 	struct sk_buff *skb;
3614 	int ret;
3615 
3616 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(EFUSE_FREE_BLOCK), &req,
3617 					sizeof(req), true, &skb);
3618 	if (ret)
3619 		return ret;
3620 
3621 	*block_num = *(u8 *)skb->data;
3622 	dev_kfree_skb(skb);
3623 
3624 	return 0;
3625 }
3626 
3627 static int mt7915_mcu_set_pre_cal(struct mt7915_dev *dev, u8 idx,
3628 				  u8 *data, u32 len, int cmd)
3629 {
3630 	struct {
3631 		u8 dir;
3632 		u8 valid;
3633 		__le16 bitmap;
3634 		s8 precal;
3635 		u8 action;
3636 		u8 band;
3637 		u8 idx;
3638 		u8 rsv[4];
3639 		__le32 len;
3640 	} req = {};
3641 	struct sk_buff *skb;
3642 
3643 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, sizeof(req) + len);
3644 	if (!skb)
3645 		return -ENOMEM;
3646 
3647 	req.idx = idx;
3648 	req.len = cpu_to_le32(len);
3649 	skb_put_data(skb, &req, sizeof(req));
3650 	skb_put_data(skb, data, len);
3651 
3652 	return mt76_mcu_skb_send_msg(&dev->mt76, skb, cmd, false);
3653 }
3654 
3655 int mt7915_mcu_apply_group_cal(struct mt7915_dev *dev)
3656 {
3657 	u8 idx = 0, *cal = dev->cal, *eep = dev->mt76.eeprom.data;
3658 	u32 total = MT_EE_CAL_GROUP_SIZE;
3659 
3660 	if (!(eep[MT_EE_DO_PRE_CAL] & MT_EE_WIFI_CAL_GROUP))
3661 		return 0;
3662 
3663 	/*
3664 	 * Items: Rx DCOC, RSSI DCOC, Tx TSSI DCOC, Tx LPFG
3665 	 * Tx FDIQ, Tx DCIQ, Rx FDIQ, Rx FIIQ, ADCDCOC
3666 	 */
3667 	while (total > 0) {
3668 		int ret, len;
3669 
3670 		len = min_t(u32, total, MT_EE_CAL_UNIT);
3671 
3672 		ret = mt7915_mcu_set_pre_cal(dev, idx, cal, len,
3673 					     MCU_EXT_CMD(GROUP_PRE_CAL_INFO));
3674 		if (ret)
3675 			return ret;
3676 
3677 		total -= len;
3678 		cal += len;
3679 		idx++;
3680 	}
3681 
3682 	return 0;
3683 }
3684 
3685 static int mt7915_find_freq_idx(const u16 *freqs, int n_freqs, u16 cur)
3686 {
3687 	int i;
3688 
3689 	for (i = 0; i < n_freqs; i++)
3690 		if (cur == freqs[i])
3691 			return i;
3692 
3693 	return -1;
3694 }
3695 
3696 static int mt7915_dpd_freq_idx(u16 freq, u8 bw)
3697 {
3698 	static const u16 freq_list[] = {
3699 		5180, 5200, 5220, 5240,
3700 		5260, 5280, 5300, 5320,
3701 		5500, 5520, 5540, 5560,
3702 		5580, 5600, 5620, 5640,
3703 		5660, 5680, 5700, 5745,
3704 		5765, 5785, 5805, 5825
3705 	};
3706 	int offset_2g = ARRAY_SIZE(freq_list);
3707 	int idx;
3708 
3709 	if (freq < 4000) {
3710 		if (freq < 2432)
3711 			return offset_2g;
3712 		if (freq < 2457)
3713 			return offset_2g + 1;
3714 
3715 		return offset_2g + 2;
3716 	}
3717 
3718 	if (bw == NL80211_CHAN_WIDTH_80P80 || bw == NL80211_CHAN_WIDTH_160)
3719 		return -1;
3720 
3721 	if (bw != NL80211_CHAN_WIDTH_20) {
3722 		idx = mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
3723 					   freq + 10);
3724 		if (idx >= 0)
3725 			return idx;
3726 
3727 		idx = mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
3728 					   freq - 10);
3729 		if (idx >= 0)
3730 			return idx;
3731 	}
3732 
3733 	return mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list), freq);
3734 }
3735 
3736 int mt7915_mcu_apply_tx_dpd(struct mt7915_phy *phy)
3737 {
3738 	struct mt7915_dev *dev = phy->dev;
3739 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
3740 	u16 total = 2, center_freq = chandef->center_freq1;
3741 	u8 *cal = dev->cal, *eep = dev->mt76.eeprom.data;
3742 	int idx;
3743 
3744 	if (!(eep[MT_EE_DO_PRE_CAL] & MT_EE_WIFI_CAL_DPD))
3745 		return 0;
3746 
3747 	idx = mt7915_dpd_freq_idx(center_freq, chandef->width);
3748 	if (idx < 0)
3749 		return -EINVAL;
3750 
3751 	/* Items: Tx DPD, Tx Flatness */
3752 	idx = idx * 2;
3753 	cal += MT_EE_CAL_GROUP_SIZE;
3754 
3755 	while (total--) {
3756 		int ret;
3757 
3758 		cal += (idx * MT_EE_CAL_UNIT);
3759 		ret = mt7915_mcu_set_pre_cal(dev, idx, cal, MT_EE_CAL_UNIT,
3760 					     MCU_EXT_CMD(DPD_PRE_CAL_INFO));
3761 		if (ret)
3762 			return ret;
3763 
3764 		idx++;
3765 	}
3766 
3767 	return 0;
3768 }
3769 
3770 int mt7915_mcu_get_chan_mib_info(struct mt7915_phy *phy, bool chan_switch)
3771 {
3772 	/* strict order */
3773 	static const enum mt7915_chan_mib_offs offs[] = {
3774 		MIB_BUSY_TIME, MIB_TX_TIME, MIB_RX_TIME, MIB_OBSS_AIRTIME
3775 	};
3776 	struct mt76_channel_state *state = phy->mt76->chan_state;
3777 	struct mt76_channel_state *state_ts = &phy->state_ts;
3778 	struct mt7915_dev *dev = phy->dev;
3779 	struct mt7915_mcu_mib *res, req[4];
3780 	struct sk_buff *skb;
3781 	int i, ret;
3782 
3783 	for (i = 0; i < 4; i++) {
3784 		req[i].band = cpu_to_le32(phy != &dev->phy);
3785 		req[i].offs = cpu_to_le32(offs[i]);
3786 	}
3787 
3788 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(GET_MIB_INFO),
3789 					req, sizeof(req), true, &skb);
3790 	if (ret)
3791 		return ret;
3792 
3793 	res = (struct mt7915_mcu_mib *)(skb->data + 20);
3794 
3795 	if (chan_switch)
3796 		goto out;
3797 
3798 #define __res_u64(s) le64_to_cpu(res[s].data)
3799 	state->cc_busy += __res_u64(0) - state_ts->cc_busy;
3800 	state->cc_tx += __res_u64(1) - state_ts->cc_tx;
3801 	state->cc_bss_rx += __res_u64(2) - state_ts->cc_bss_rx;
3802 	state->cc_rx += __res_u64(2) + __res_u64(3) - state_ts->cc_rx;
3803 
3804 out:
3805 	state_ts->cc_busy = __res_u64(0);
3806 	state_ts->cc_tx = __res_u64(1);
3807 	state_ts->cc_bss_rx = __res_u64(2);
3808 	state_ts->cc_rx = __res_u64(2) + __res_u64(3);
3809 #undef __res_u64
3810 
3811 	dev_kfree_skb(skb);
3812 
3813 	return 0;
3814 }
3815 
3816 int mt7915_mcu_get_temperature(struct mt7915_phy *phy)
3817 {
3818 	struct mt7915_dev *dev = phy->dev;
3819 	struct {
3820 		u8 ctrl_id;
3821 		u8 action;
3822 		u8 dbdc_idx;
3823 		u8 rsv[5];
3824 	} req = {
3825 		.ctrl_id = THERMAL_SENSOR_TEMP_QUERY,
3826 		.dbdc_idx = phy != &dev->phy,
3827 	};
3828 
3829 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_CTRL), &req,
3830 				 sizeof(req), true);
3831 }
3832 
3833 int mt7915_mcu_set_thermal_throttling(struct mt7915_phy *phy, u8 state)
3834 {
3835 	struct mt7915_dev *dev = phy->dev;
3836 	struct {
3837 		struct mt7915_mcu_thermal_ctrl ctrl;
3838 
3839 		__le32 trigger_temp;
3840 		__le32 restore_temp;
3841 		__le16 sustain_time;
3842 		u8 rsv[2];
3843 	} __packed req = {
3844 		.ctrl = {
3845 			.band_idx = phy != &dev->phy,
3846 		},
3847 	};
3848 	int level;
3849 
3850 	if (!state) {
3851 		req.ctrl.ctrl_id = THERMAL_PROTECT_DISABLE;
3852 		goto out;
3853 	}
3854 
3855 	/* set duty cycle and level */
3856 	for (level = 0; level < 4; level++) {
3857 		int ret;
3858 
3859 		req.ctrl.ctrl_id = THERMAL_PROTECT_DUTY_CONFIG;
3860 		req.ctrl.duty.duty_level = level;
3861 		req.ctrl.duty.duty_cycle = state;
3862 		state /= 2;
3863 
3864 		ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_PROT),
3865 					&req, sizeof(req.ctrl), false);
3866 		if (ret)
3867 			return ret;
3868 	}
3869 
3870 	/* set high-temperature trigger threshold */
3871 	req.ctrl.ctrl_id = THERMAL_PROTECT_ENABLE;
3872 	/* add a safety margin ~10 */
3873 	req.restore_temp = cpu_to_le32(phy->throttle_temp[0] - 10);
3874 	req.trigger_temp = cpu_to_le32(phy->throttle_temp[1]);
3875 	req.sustain_time = cpu_to_le16(10);
3876 
3877 out:
3878 	req.ctrl.type.protect_type = 1;
3879 	req.ctrl.type.trigger_type = 1;
3880 
3881 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_PROT),
3882 				 &req, sizeof(req), false);
3883 }
3884 
3885 int mt7915_mcu_set_txpower_sku(struct mt7915_phy *phy)
3886 {
3887 	struct mt7915_dev *dev = phy->dev;
3888 	struct mt76_phy *mphy = phy->mt76;
3889 	struct ieee80211_hw *hw = mphy->hw;
3890 	struct mt7915_sku_val {
3891 		u8 format_id;
3892 		u8 limit_type;
3893 		u8 dbdc_idx;
3894 		s8 val[MT7915_SKU_RATE_NUM];
3895 	} __packed req = {
3896 		.format_id = 4,
3897 		.dbdc_idx = phy != &dev->phy,
3898 	};
3899 	struct mt76_power_limits limits_array;
3900 	s8 *la = (s8 *)&limits_array;
3901 	int i, idx, n_chains = hweight8(mphy->antenna_mask);
3902 	int tx_power = hw->conf.power_level * 2;
3903 
3904 	tx_power = mt76_get_sar_power(mphy, mphy->chandef.chan,
3905 				      tx_power);
3906 	tx_power -= mt76_tx_power_nss_delta(n_chains);
3907 	tx_power = mt76_get_rate_power_limits(mphy, mphy->chandef.chan,
3908 					      &limits_array, tx_power);
3909 	mphy->txpower_cur = tx_power;
3910 
3911 	for (i = 0, idx = 0; i < ARRAY_SIZE(mt7915_sku_group_len); i++) {
3912 		u8 mcs_num, len = mt7915_sku_group_len[i];
3913 		int j;
3914 
3915 		if (i >= SKU_HT_BW20 && i <= SKU_VHT_BW160) {
3916 			mcs_num = 10;
3917 
3918 			if (i == SKU_HT_BW20 || i == SKU_VHT_BW20)
3919 				la = (s8 *)&limits_array + 12;
3920 		} else {
3921 			mcs_num = len;
3922 		}
3923 
3924 		for (j = 0; j < min_t(u8, mcs_num, len); j++)
3925 			req.val[idx + j] = la[j];
3926 
3927 		la += mcs_num;
3928 		idx += len;
3929 	}
3930 
3931 	return mt76_mcu_send_msg(&dev->mt76,
3932 				 MCU_EXT_CMD(TX_POWER_FEATURE_CTRL), &req,
3933 				 sizeof(req), true);
3934 }
3935 
3936 int mt7915_mcu_get_txpower_sku(struct mt7915_phy *phy, s8 *txpower, int len)
3937 {
3938 #define RATE_POWER_INFO	2
3939 	struct mt7915_dev *dev = phy->dev;
3940 	struct {
3941 		u8 format_id;
3942 		u8 category;
3943 		u8 band;
3944 		u8 _rsv;
3945 	} __packed req = {
3946 		.format_id = 7,
3947 		.category = RATE_POWER_INFO,
3948 		.band = phy != &dev->phy,
3949 	};
3950 	s8 res[MT7915_SKU_RATE_NUM][2];
3951 	struct sk_buff *skb;
3952 	int ret, i;
3953 
3954 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
3955 					MCU_EXT_CMD(TX_POWER_FEATURE_CTRL),
3956 					&req, sizeof(req), true, &skb);
3957 	if (ret)
3958 		return ret;
3959 
3960 	memcpy(res, skb->data + 4, sizeof(res));
3961 	for (i = 0; i < len; i++)
3962 		txpower[i] = res[i][req.band];
3963 
3964 	dev_kfree_skb(skb);
3965 
3966 	return 0;
3967 }
3968 
3969 int mt7915_mcu_set_test_param(struct mt7915_dev *dev, u8 param, bool test_mode,
3970 			      u8 en)
3971 {
3972 	struct {
3973 		u8 test_mode_en;
3974 		u8 param_idx;
3975 		u8 _rsv[2];
3976 
3977 		u8 enable;
3978 		u8 _rsv2[3];
3979 
3980 		u8 pad[8];
3981 	} __packed req = {
3982 		.test_mode_en = test_mode,
3983 		.param_idx = param,
3984 		.enable = en,
3985 	};
3986 
3987 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(ATE_CTRL), &req,
3988 				 sizeof(req), false);
3989 }
3990 
3991 int mt7915_mcu_set_sku_en(struct mt7915_phy *phy, bool enable)
3992 {
3993 	struct mt7915_dev *dev = phy->dev;
3994 	struct mt7915_sku {
3995 		u8 format_id;
3996 		u8 sku_enable;
3997 		u8 dbdc_idx;
3998 		u8 rsv;
3999 	} __packed req = {
4000 		.format_id = 0,
4001 		.dbdc_idx = phy != &dev->phy,
4002 		.sku_enable = enable,
4003 	};
4004 
4005 	return mt76_mcu_send_msg(&dev->mt76,
4006 				 MCU_EXT_CMD(TX_POWER_FEATURE_CTRL), &req,
4007 				 sizeof(req), true);
4008 }
4009 
4010 int mt7915_mcu_set_ser(struct mt7915_dev *dev, u8 action, u8 set, u8 band)
4011 {
4012 	struct {
4013 		u8 action;
4014 		u8 set;
4015 		u8 band;
4016 		u8 rsv;
4017 	} req = {
4018 		.action = action,
4019 		.set = set,
4020 		.band = band,
4021 	};
4022 
4023 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SER_TRIGGER),
4024 				 &req, sizeof(req), false);
4025 }
4026 
4027 int mt7915_mcu_set_txbf(struct mt7915_dev *dev, u8 action)
4028 {
4029 	struct {
4030 		u8 action;
4031 		union {
4032 			struct {
4033 				u8 snd_mode;
4034 				u8 sta_num;
4035 				u8 rsv;
4036 				u8 wlan_idx[4];
4037 				__le32 snd_period;	/* ms */
4038 			} __packed snd;
4039 			struct {
4040 				bool ebf;
4041 				bool ibf;
4042 				u8 rsv;
4043 			} __packed type;
4044 			struct {
4045 				u8 bf_num;
4046 				u8 bf_bitmap;
4047 				u8 bf_sel[8];
4048 				u8 rsv[5];
4049 			} __packed mod;
4050 		};
4051 	} __packed req = {
4052 		.action = action,
4053 	};
4054 
4055 #define MT_BF_PROCESSING	4
4056 	switch (action) {
4057 	case MT_BF_SOUNDING_ON:
4058 		req.snd.snd_mode = MT_BF_PROCESSING;
4059 		break;
4060 	case MT_BF_TYPE_UPDATE:
4061 		req.type.ebf = true;
4062 		req.type.ibf = dev->ibf;
4063 		break;
4064 	case MT_BF_MODULE_UPDATE:
4065 		req.mod.bf_num = 2;
4066 		req.mod.bf_bitmap = GENMASK(1, 0);
4067 		break;
4068 	default:
4069 		return -EINVAL;
4070 	}
4071 
4072 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(TXBF_ACTION), &req,
4073 				 sizeof(req), true);
4074 }
4075 
4076 int mt7915_mcu_add_obss_spr(struct mt7915_dev *dev, struct ieee80211_vif *vif,
4077 			    bool enable)
4078 {
4079 #define MT_SPR_ENABLE		1
4080 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
4081 	struct {
4082 		u8 action;
4083 		u8 arg_num;
4084 		u8 band_idx;
4085 		u8 status;
4086 		u8 drop_tx_idx;
4087 		u8 sta_idx;	/* 256 sta */
4088 		u8 rsv[2];
4089 		__le32 val;
4090 	} __packed req = {
4091 		.action = MT_SPR_ENABLE,
4092 		.arg_num = 1,
4093 		.band_idx = mvif->mt76.band_idx,
4094 		.val = cpu_to_le32(enable),
4095 	};
4096 
4097 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SPR), &req,
4098 				 sizeof(req), true);
4099 }
4100 
4101 int mt7915_mcu_get_rx_rate(struct mt7915_phy *phy, struct ieee80211_vif *vif,
4102 			   struct ieee80211_sta *sta, struct rate_info *rate)
4103 {
4104 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
4105 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
4106 	struct mt7915_dev *dev = phy->dev;
4107 	struct mt76_phy *mphy = phy->mt76;
4108 	struct {
4109 		u8 category;
4110 		u8 band;
4111 		__le16 wcid;
4112 	} __packed req = {
4113 		.category = MCU_PHY_STATE_CONTENTION_RX_RATE,
4114 		.band = mvif->mt76.band_idx,
4115 		.wcid = cpu_to_le16(msta->wcid.idx),
4116 	};
4117 	struct ieee80211_supported_band *sband;
4118 	struct mt7915_mcu_phy_rx_info *res;
4119 	struct sk_buff *skb;
4120 	int ret;
4121 	bool cck = false;
4122 
4123 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(PHY_STAT_INFO),
4124 					&req, sizeof(req), true, &skb);
4125 	if (ret)
4126 		return ret;
4127 
4128 	res = (struct mt7915_mcu_phy_rx_info *)skb->data;
4129 
4130 	rate->mcs = res->rate;
4131 	rate->nss = res->nsts + 1;
4132 
4133 	switch (res->mode) {
4134 	case MT_PHY_TYPE_CCK:
4135 		cck = true;
4136 		fallthrough;
4137 	case MT_PHY_TYPE_OFDM:
4138 		if (mphy->chandef.chan->band == NL80211_BAND_5GHZ)
4139 			sband = &mphy->sband_5g.sband;
4140 		else
4141 			sband = &mphy->sband_2g.sband;
4142 
4143 		rate->mcs = mt76_get_rate(&dev->mt76, sband, rate->mcs, cck);
4144 		rate->legacy = sband->bitrates[rate->mcs].bitrate;
4145 		break;
4146 	case MT_PHY_TYPE_HT:
4147 	case MT_PHY_TYPE_HT_GF:
4148 		if (rate->mcs > 31) {
4149 			ret = -EINVAL;
4150 			goto out;
4151 		}
4152 
4153 		rate->flags = RATE_INFO_FLAGS_MCS;
4154 		if (res->gi)
4155 			rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
4156 		break;
4157 	case MT_PHY_TYPE_VHT:
4158 		if (rate->mcs > 9) {
4159 			ret = -EINVAL;
4160 			goto out;
4161 		}
4162 
4163 		rate->flags = RATE_INFO_FLAGS_VHT_MCS;
4164 		if (res->gi)
4165 			rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
4166 		break;
4167 	case MT_PHY_TYPE_HE_SU:
4168 	case MT_PHY_TYPE_HE_EXT_SU:
4169 	case MT_PHY_TYPE_HE_TB:
4170 	case MT_PHY_TYPE_HE_MU:
4171 		if (res->gi > NL80211_RATE_INFO_HE_GI_3_2 || rate->mcs > 11) {
4172 			ret = -EINVAL;
4173 			goto out;
4174 		}
4175 		rate->he_gi = res->gi;
4176 		rate->flags = RATE_INFO_FLAGS_HE_MCS;
4177 		break;
4178 	default:
4179 		ret = -EINVAL;
4180 		goto out;
4181 	}
4182 
4183 	switch (res->bw) {
4184 	case IEEE80211_STA_RX_BW_160:
4185 		rate->bw = RATE_INFO_BW_160;
4186 		break;
4187 	case IEEE80211_STA_RX_BW_80:
4188 		rate->bw = RATE_INFO_BW_80;
4189 		break;
4190 	case IEEE80211_STA_RX_BW_40:
4191 		rate->bw = RATE_INFO_BW_40;
4192 		break;
4193 	default:
4194 		rate->bw = RATE_INFO_BW_20;
4195 		break;
4196 	}
4197 
4198 out:
4199 	dev_kfree_skb(skb);
4200 
4201 	return ret;
4202 }
4203 
4204 int mt7915_mcu_update_bss_color(struct mt7915_dev *dev, struct ieee80211_vif *vif,
4205 				struct cfg80211_he_bss_color *he_bss_color)
4206 {
4207 	int len = sizeof(struct sta_req_hdr) + sizeof(struct bss_info_color);
4208 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
4209 	struct bss_info_color *bss_color;
4210 	struct sk_buff *skb;
4211 	struct tlv *tlv;
4212 
4213 	skb = mt7915_mcu_alloc_sta_req(dev, mvif, NULL, len);
4214 	if (IS_ERR(skb))
4215 		return PTR_ERR(skb);
4216 
4217 	tlv = mt7915_mcu_add_tlv(skb, BSS_INFO_BSS_COLOR, sizeof(*bss_color));
4218 	bss_color = (struct bss_info_color *)tlv;
4219 	bss_color->disable = !he_bss_color->enabled;
4220 	bss_color->color = he_bss_color->color;
4221 
4222 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
4223 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
4224 }
4225 
4226 #define TWT_AGRT_TRIGGER	BIT(0)
4227 #define TWT_AGRT_ANNOUNCE	BIT(1)
4228 #define TWT_AGRT_PROTECT	BIT(2)
4229 
4230 int mt7915_mcu_twt_agrt_update(struct mt7915_dev *dev,
4231 			       struct mt7915_vif *mvif,
4232 			       struct mt7915_twt_flow *flow,
4233 			       int cmd)
4234 {
4235 	struct {
4236 		u8 tbl_idx;
4237 		u8 cmd;
4238 		u8 own_mac_idx;
4239 		u8 flowid; /* 0xff for group id */
4240 		__le16 peer_id; /* specify the peer_id (msb=0)
4241 				 * or group_id (msb=1)
4242 				 */
4243 		u8 duration; /* 256 us */
4244 		u8 bss_idx;
4245 		__le64 start_tsf;
4246 		__le16 mantissa;
4247 		u8 exponent;
4248 		u8 is_ap;
4249 		u8 agrt_params;
4250 		u8 rsv[23];
4251 	} __packed req = {
4252 		.tbl_idx = flow->table_id,
4253 		.cmd = cmd,
4254 		.own_mac_idx = mvif->mt76.omac_idx,
4255 		.flowid = flow->id,
4256 		.peer_id = cpu_to_le16(flow->wcid),
4257 		.duration = flow->duration,
4258 		.bss_idx = mvif->mt76.idx,
4259 		.start_tsf = cpu_to_le64(flow->tsf),
4260 		.mantissa = flow->mantissa,
4261 		.exponent = flow->exp,
4262 		.is_ap = true,
4263 	};
4264 
4265 	if (flow->protection)
4266 		req.agrt_params |= TWT_AGRT_PROTECT;
4267 	if (!flow->flowtype)
4268 		req.agrt_params |= TWT_AGRT_ANNOUNCE;
4269 	if (flow->trigger)
4270 		req.agrt_params |= TWT_AGRT_TRIGGER;
4271 
4272 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(TWT_AGRT_UPDATE),
4273 				 &req, sizeof(req), true);
4274 }
4275