xref: /linux/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c (revision 001821b0e79716c4e17c71d8e053a23599a7a508)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2023 MediaTek Inc. */
3 
4 #include <linux/fs.h>
5 #include <linux/firmware.h>
6 #include "mt7925.h"
7 #include "mcu.h"
8 #include "mac.h"
9 
10 #define MT_STA_BFER			BIT(0)
11 #define MT_STA_BFEE			BIT(1)
12 
13 static bool mt7925_disable_clc;
14 module_param_named(disable_clc, mt7925_disable_clc, bool, 0644);
15 MODULE_PARM_DESC(disable_clc, "disable CLC support");
16 
17 int mt7925_mcu_parse_response(struct mt76_dev *mdev, int cmd,
18 			      struct sk_buff *skb, int seq)
19 {
20 	int mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
21 	struct mt7925_mcu_rxd *rxd;
22 	int ret = 0;
23 
24 	if (!skb) {
25 		dev_err(mdev->dev, "Message %08x (seq %d) timeout\n", cmd, seq);
26 		mt792x_reset(mdev);
27 
28 		return -ETIMEDOUT;
29 	}
30 
31 	rxd = (struct mt7925_mcu_rxd *)skb->data;
32 	if (seq != rxd->seq)
33 		return -EAGAIN;
34 
35 	if (cmd == MCU_CMD(PATCH_SEM_CONTROL) ||
36 	    cmd == MCU_CMD(PATCH_FINISH_REQ)) {
37 		skb_pull(skb, sizeof(*rxd) - 4);
38 		ret = *skb->data;
39 	} else if (cmd == MCU_UNI_CMD(DEV_INFO_UPDATE) ||
40 		   cmd == MCU_UNI_CMD(BSS_INFO_UPDATE) ||
41 		   cmd == MCU_UNI_CMD(STA_REC_UPDATE) ||
42 		   cmd == MCU_UNI_CMD(HIF_CTRL) ||
43 		   cmd == MCU_UNI_CMD(OFFLOAD) ||
44 		   cmd == MCU_UNI_CMD(SUSPEND)) {
45 		struct mt7925_mcu_uni_event *event;
46 
47 		skb_pull(skb, sizeof(*rxd));
48 		event = (struct mt7925_mcu_uni_event *)skb->data;
49 		ret = le32_to_cpu(event->status);
50 		/* skip invalid event */
51 		if (mcu_cmd != event->cid)
52 			ret = -EAGAIN;
53 	} else {
54 		skb_pull(skb, sizeof(*rxd));
55 	}
56 
57 	return ret;
58 }
59 EXPORT_SYMBOL_GPL(mt7925_mcu_parse_response);
60 
61 int mt7925_mcu_regval(struct mt792x_dev *dev, u32 regidx, u32 *val, bool set)
62 {
63 #define MT_RF_REG_HDR           GENMASK(31, 24)
64 #define MT_RF_REG_ANT           GENMASK(23, 16)
65 #define RF_REG_PREFIX           0x99
66 	struct {
67 		u8 __rsv[4];
68 		union {
69 			struct uni_cmd_access_reg_basic {
70 				__le16 tag;
71 				__le16 len;
72 				__le32 idx;
73 				__le32 data;
74 			} __packed reg;
75 			struct uni_cmd_access_rf_reg_basic {
76 				__le16 tag;
77 				__le16 len;
78 				__le16 ant;
79 				u8 __rsv[2];
80 				__le32 idx;
81 				__le32 data;
82 			} __packed rf_reg;
83 		};
84 	} __packed * res, req;
85 	struct sk_buff *skb;
86 	int ret;
87 
88 	if (u32_get_bits(regidx, MT_RF_REG_HDR) == RF_REG_PREFIX) {
89 		req.rf_reg.tag = cpu_to_le16(UNI_CMD_ACCESS_RF_REG_BASIC);
90 		req.rf_reg.len = cpu_to_le16(sizeof(req.rf_reg));
91 		req.rf_reg.ant = cpu_to_le16(u32_get_bits(regidx, MT_RF_REG_ANT));
92 		req.rf_reg.idx = cpu_to_le32(regidx);
93 		req.rf_reg.data = set ? cpu_to_le32(*val) : 0;
94 	} else {
95 		req.reg.tag = cpu_to_le16(UNI_CMD_ACCESS_REG_BASIC);
96 		req.reg.len = cpu_to_le16(sizeof(req.reg));
97 		req.reg.idx = cpu_to_le32(regidx);
98 		req.reg.data = set ? cpu_to_le32(*val) : 0;
99 	}
100 
101 	if (set)
102 		return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(REG_ACCESS),
103 					 &req, sizeof(req), true);
104 
105 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
106 					MCU_WM_UNI_CMD_QUERY(REG_ACCESS),
107 					&req, sizeof(req), true, &skb);
108 	if (ret)
109 		return ret;
110 
111 	res = (void *)skb->data;
112 	if (u32_get_bits(regidx, MT_RF_REG_HDR) == RF_REG_PREFIX)
113 		*val = le32_to_cpu(res->rf_reg.data);
114 	else
115 		*val = le32_to_cpu(res->reg.data);
116 
117 	dev_kfree_skb(skb);
118 
119 	return 0;
120 }
121 EXPORT_SYMBOL_GPL(mt7925_mcu_regval);
122 
123 int mt7925_mcu_update_arp_filter(struct mt76_dev *dev,
124 				 struct mt76_vif *vif,
125 				 struct ieee80211_bss_conf *info)
126 {
127 	struct ieee80211_vif *mvif = container_of(info, struct ieee80211_vif,
128 						  bss_conf);
129 	struct sk_buff *skb;
130 	int i, len = min_t(int, mvif->cfg.arp_addr_cnt,
131 			   IEEE80211_BSS_ARP_ADDR_LIST_LEN);
132 	struct {
133 		struct {
134 			u8 bss_idx;
135 			u8 pad[3];
136 		} __packed hdr;
137 		struct mt7925_arpns_tlv arp;
138 	} req = {
139 		.hdr = {
140 			.bss_idx = vif->idx,
141 		},
142 		.arp = {
143 			.tag = cpu_to_le16(UNI_OFFLOAD_OFFLOAD_ARP),
144 			.len = cpu_to_le16(sizeof(req) - 4 + len * 2 * sizeof(__be32)),
145 			.ips_num = len,
146 			.enable = true,
147 		},
148 	};
149 
150 	skb = mt76_mcu_msg_alloc(dev, NULL, sizeof(req) + len * 2 * sizeof(__be32));
151 	if (!skb)
152 		return -ENOMEM;
153 
154 	skb_put_data(skb, &req, sizeof(req));
155 	for (i = 0; i < len; i++) {
156 		skb_put_data(skb, &mvif->cfg.arp_addr_list[i], sizeof(__be32));
157 		skb_put_zero(skb, sizeof(__be32));
158 	}
159 
160 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(OFFLOAD), true);
161 }
162 
163 #ifdef CONFIG_PM
164 static int
165 mt7925_connac_mcu_set_wow_ctrl(struct mt76_phy *phy, struct ieee80211_vif *vif,
166 			       bool suspend, struct cfg80211_wowlan *wowlan)
167 {
168 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
169 	struct mt76_dev *dev = phy->dev;
170 	struct {
171 		struct {
172 			u8 bss_idx;
173 			u8 pad[3];
174 		} __packed hdr;
175 		struct mt76_connac_wow_ctrl_tlv wow_ctrl_tlv;
176 		struct mt76_connac_wow_gpio_param_tlv gpio_tlv;
177 	} req = {
178 		.hdr = {
179 			.bss_idx = mvif->idx,
180 		},
181 		.wow_ctrl_tlv = {
182 			.tag = cpu_to_le16(UNI_SUSPEND_WOW_CTRL),
183 			.len = cpu_to_le16(sizeof(struct mt76_connac_wow_ctrl_tlv)),
184 			.cmd = suspend ? 1 : 2,
185 		},
186 		.gpio_tlv = {
187 			.tag = cpu_to_le16(UNI_SUSPEND_WOW_GPIO_PARAM),
188 			.len = cpu_to_le16(sizeof(struct mt76_connac_wow_gpio_param_tlv)),
189 			.gpio_pin = 0xff, /* follow fw about GPIO pin */
190 		},
191 	};
192 
193 	if (wowlan->magic_pkt)
194 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_MAGIC;
195 	if (wowlan->disconnect)
196 		req.wow_ctrl_tlv.trigger |= (UNI_WOW_DETECT_TYPE_DISCONNECT |
197 					     UNI_WOW_DETECT_TYPE_BCN_LOST);
198 	if (wowlan->nd_config) {
199 		mt7925_mcu_sched_scan_req(phy, vif, wowlan->nd_config);
200 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_SCH_SCAN_HIT;
201 		mt7925_mcu_sched_scan_enable(phy, vif, suspend);
202 	}
203 	if (wowlan->n_patterns)
204 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_BITMAP;
205 
206 	if (mt76_is_mmio(dev))
207 		req.wow_ctrl_tlv.wakeup_hif = WOW_PCIE;
208 	else if (mt76_is_usb(dev))
209 		req.wow_ctrl_tlv.wakeup_hif = WOW_USB;
210 	else if (mt76_is_sdio(dev))
211 		req.wow_ctrl_tlv.wakeup_hif = WOW_GPIO;
212 
213 	return mt76_mcu_send_msg(dev, MCU_UNI_CMD(SUSPEND), &req,
214 				 sizeof(req), true);
215 }
216 
217 static int
218 mt7925_mcu_set_wow_pattern(struct mt76_dev *dev,
219 			   struct ieee80211_vif *vif,
220 			   u8 index, bool enable,
221 			   struct cfg80211_pkt_pattern *pattern)
222 {
223 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
224 	struct mt7925_wow_pattern_tlv *tlv;
225 	struct sk_buff *skb;
226 	struct {
227 		u8 bss_idx;
228 		u8 pad[3];
229 	} __packed hdr = {
230 		.bss_idx = mvif->idx,
231 	};
232 
233 	skb = mt76_mcu_msg_alloc(dev, NULL, sizeof(hdr) + sizeof(*tlv));
234 	if (!skb)
235 		return -ENOMEM;
236 
237 	skb_put_data(skb, &hdr, sizeof(hdr));
238 	tlv = (struct mt7925_wow_pattern_tlv *)skb_put(skb, sizeof(*tlv));
239 	tlv->tag = cpu_to_le16(UNI_SUSPEND_WOW_PATTERN);
240 	tlv->len = cpu_to_le16(sizeof(*tlv));
241 	tlv->bss_idx = 0xF;
242 	tlv->data_len = pattern->pattern_len;
243 	tlv->enable = enable;
244 	tlv->index = index;
245 	tlv->offset = 0;
246 
247 	memcpy(tlv->pattern, pattern->pattern, pattern->pattern_len);
248 	memcpy(tlv->mask, pattern->mask, DIV_ROUND_UP(pattern->pattern_len, 8));
249 
250 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(SUSPEND), true);
251 }
252 
253 void mt7925_mcu_set_suspend_iter(void *priv, u8 *mac,
254 				 struct ieee80211_vif *vif)
255 {
256 	struct mt76_phy *phy = priv;
257 	bool suspend = !test_bit(MT76_STATE_RUNNING, &phy->state);
258 	struct ieee80211_hw *hw = phy->hw;
259 	struct cfg80211_wowlan *wowlan = hw->wiphy->wowlan_config;
260 	int i;
261 
262 	mt76_connac_mcu_set_gtk_rekey(phy->dev, vif, suspend);
263 
264 	mt76_connac_mcu_set_suspend_mode(phy->dev, vif, suspend, 1, true);
265 
266 	for (i = 0; i < wowlan->n_patterns; i++)
267 		mt7925_mcu_set_wow_pattern(phy->dev, vif, i, suspend,
268 					   &wowlan->patterns[i]);
269 	mt7925_connac_mcu_set_wow_ctrl(phy, vif, suspend, wowlan);
270 }
271 
272 #endif /* CONFIG_PM */
273 
274 static void
275 mt7925_mcu_connection_loss_iter(void *priv, u8 *mac,
276 				struct ieee80211_vif *vif)
277 {
278 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
279 	struct mt7925_uni_beacon_loss_event *event = priv;
280 
281 	if (mvif->idx != event->hdr.bss_idx)
282 		return;
283 
284 	if (!(vif->driver_flags & IEEE80211_VIF_BEACON_FILTER) ||
285 	    vif->type != NL80211_IFTYPE_STATION)
286 		return;
287 
288 	ieee80211_connection_loss(vif);
289 }
290 
291 static void
292 mt7925_mcu_connection_loss_event(struct mt792x_dev *dev, struct sk_buff *skb)
293 {
294 	struct mt7925_uni_beacon_loss_event *event;
295 	struct mt76_phy *mphy = &dev->mt76.phy;
296 
297 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd));
298 	event = (struct mt7925_uni_beacon_loss_event *)skb->data;
299 
300 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
301 					IEEE80211_IFACE_ITER_RESUME_ALL,
302 					mt7925_mcu_connection_loss_iter, event);
303 }
304 
305 static void
306 mt7925_mcu_roc_iter(void *priv, u8 *mac, struct ieee80211_vif *vif)
307 {
308 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
309 	struct mt7925_roc_grant_tlv *grant = priv;
310 
311 	if (mvif->idx != grant->bss_idx)
312 		return;
313 
314 	mvif->band_idx = grant->dbdcband;
315 }
316 
317 static void
318 mt7925_mcu_uni_roc_event(struct mt792x_dev *dev, struct sk_buff *skb)
319 {
320 	struct ieee80211_hw *hw = dev->mt76.hw;
321 	struct mt7925_roc_grant_tlv *grant;
322 	struct mt7925_mcu_rxd *rxd;
323 	int duration;
324 
325 	rxd = (struct mt7925_mcu_rxd *)skb->data;
326 	grant = (struct mt7925_roc_grant_tlv *)(rxd->tlv + 4);
327 
328 	/* should never happen */
329 	WARN_ON_ONCE((le16_to_cpu(grant->tag) != UNI_EVENT_ROC_GRANT));
330 
331 	if (grant->reqtype == MT7925_ROC_REQ_ROC)
332 		ieee80211_ready_on_channel(hw);
333 	else if (grant->reqtype == MT7925_ROC_REQ_JOIN)
334 		ieee80211_iterate_active_interfaces_atomic(hw,
335 						IEEE80211_IFACE_ITER_RESUME_ALL,
336 						mt7925_mcu_roc_iter, grant);
337 	dev->phy.roc_grant = true;
338 	wake_up(&dev->phy.roc_wait);
339 	duration = le32_to_cpu(grant->max_interval);
340 	mod_timer(&dev->phy.roc_timer,
341 		  jiffies + msecs_to_jiffies(duration));
342 }
343 
344 static void
345 mt7925_mcu_scan_event(struct mt792x_dev *dev, struct sk_buff *skb)
346 {
347 	struct mt76_phy *mphy = &dev->mt76.phy;
348 	struct mt792x_phy *phy = mphy->priv;
349 
350 	spin_lock_bh(&dev->mt76.lock);
351 	__skb_queue_tail(&phy->scan_event_list, skb);
352 	spin_unlock_bh(&dev->mt76.lock);
353 
354 	ieee80211_queue_delayed_work(mphy->hw, &phy->scan_work,
355 				     MT792x_HW_SCAN_TIMEOUT);
356 }
357 
358 static void
359 mt7925_mcu_tx_done_event(struct mt792x_dev *dev, struct sk_buff *skb)
360 {
361 #define UNI_EVENT_TX_DONE_MSG 0
362 #define UNI_EVENT_TX_DONE_RAW 1
363 	struct mt7925_mcu_txs_event {
364 		u8 ver;
365 		u8 rsv[3];
366 		u8 data[0];
367 	} __packed * txs;
368 	struct tlv *tlv;
369 	u32 tlv_len;
370 
371 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd) + 4);
372 	tlv = (struct tlv *)skb->data;
373 	tlv_len = skb->len;
374 
375 	while (tlv_len > 0 && le16_to_cpu(tlv->len) <= tlv_len) {
376 		switch (le16_to_cpu(tlv->tag)) {
377 		case UNI_EVENT_TX_DONE_RAW:
378 			txs = (struct mt7925_mcu_txs_event *)tlv->data;
379 			mt7925_mac_add_txs(dev, txs->data);
380 			break;
381 		default:
382 			break;
383 		}
384 		tlv_len -= le16_to_cpu(tlv->len);
385 		tlv = (struct tlv *)((char *)(tlv) + le16_to_cpu(tlv->len));
386 	}
387 }
388 
389 static void
390 mt7925_mcu_uni_debug_msg_event(struct mt792x_dev *dev, struct sk_buff *skb)
391 {
392 	struct mt7925_uni_debug_msg {
393 		__le16 tag;
394 		__le16 len;
395 		u8 fmt;
396 		u8 rsv[3];
397 		u8 id;
398 		u8 type:3;
399 		u8 nr_args:5;
400 		union {
401 			struct idxlog {
402 				__le16 rsv;
403 				__le32 ts;
404 				__le32 idx;
405 				u8 data[];
406 			} __packed idx;
407 			struct txtlog {
408 				u8 len;
409 				u8 rsv;
410 				__le32 ts;
411 				u8 data[];
412 			} __packed txt;
413 		};
414 	} __packed * hdr;
415 
416 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd) + 4);
417 	hdr = (struct mt7925_uni_debug_msg *)skb->data;
418 
419 	if (hdr->id == 0x28) {
420 		skb_pull(skb, offsetof(struct mt7925_uni_debug_msg, id));
421 		wiphy_info(mt76_hw(dev)->wiphy, "%.*s", skb->len, skb->data);
422 		return;
423 	} else if (hdr->id != 0xa8) {
424 		return;
425 	}
426 
427 	if (hdr->type == 0) { /* idx log */
428 		int i, ret, len = PAGE_SIZE - 1, nr_val;
429 		struct page *page = dev_alloc_pages(get_order(len));
430 		__le32 *val;
431 		char *buf, *cur;
432 
433 		if (!page)
434 			return;
435 
436 		buf = page_address(page);
437 		cur = buf;
438 
439 		nr_val = (le16_to_cpu(hdr->len) - sizeof(*hdr)) / 4;
440 		val = (__le32 *)hdr->idx.data;
441 		for (i = 0; i < nr_val && len > 0; i++) {
442 			ret = snprintf(cur, len, "0x%x,", le32_to_cpu(val[i]));
443 			if (ret <= 0)
444 				break;
445 
446 			cur += ret;
447 			len -= ret;
448 		}
449 		if (cur > buf)
450 			wiphy_info(mt76_hw(dev)->wiphy, "idx: 0x%X,%d,%s",
451 				   le32_to_cpu(hdr->idx.idx), nr_val, buf);
452 		put_page(page);
453 	} else if (hdr->type == 2) { /* str log */
454 		wiphy_info(mt76_hw(dev)->wiphy, "%.*s", hdr->txt.len, hdr->txt.data);
455 	}
456 }
457 
458 static void
459 mt7925_mcu_uni_rx_unsolicited_event(struct mt792x_dev *dev,
460 				    struct sk_buff *skb)
461 {
462 	struct mt7925_mcu_rxd *rxd;
463 
464 	rxd = (struct mt7925_mcu_rxd *)skb->data;
465 
466 	switch (rxd->eid) {
467 	case MCU_UNI_EVENT_FW_LOG_2_HOST:
468 		mt7925_mcu_uni_debug_msg_event(dev, skb);
469 		break;
470 	case MCU_UNI_EVENT_ROC:
471 		mt7925_mcu_uni_roc_event(dev, skb);
472 		break;
473 	case MCU_UNI_EVENT_SCAN_DONE:
474 		mt7925_mcu_scan_event(dev, skb);
475 		return;
476 	case MCU_UNI_EVENT_TX_DONE:
477 		mt7925_mcu_tx_done_event(dev, skb);
478 		break;
479 	case MCU_UNI_EVENT_BSS_BEACON_LOSS:
480 		mt7925_mcu_connection_loss_event(dev, skb);
481 		break;
482 	case MCU_UNI_EVENT_COREDUMP:
483 		dev->fw_assert = true;
484 		mt76_connac_mcu_coredump_event(&dev->mt76, skb, &dev->coredump);
485 		return;
486 	default:
487 		break;
488 	}
489 	dev_kfree_skb(skb);
490 }
491 
492 void mt7925_mcu_rx_event(struct mt792x_dev *dev, struct sk_buff *skb)
493 {
494 	struct mt7925_mcu_rxd *rxd = (struct mt7925_mcu_rxd *)skb->data;
495 
496 	if (skb_linearize(skb))
497 		return;
498 
499 	if (rxd->option & MCU_UNI_CMD_UNSOLICITED_EVENT) {
500 		mt7925_mcu_uni_rx_unsolicited_event(dev, skb);
501 		return;
502 	}
503 
504 	mt76_mcu_rx_event(&dev->mt76, skb);
505 }
506 
507 static int
508 mt7925_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif *mvif,
509 		  struct ieee80211_ampdu_params *params,
510 		  bool enable, bool tx)
511 {
512 	struct mt76_wcid *wcid = (struct mt76_wcid *)params->sta->drv_priv;
513 	struct sta_rec_ba_uni *ba;
514 	struct sk_buff *skb;
515 	struct tlv *tlv;
516 	int len;
517 
518 	len = sizeof(struct sta_req_hdr) + sizeof(*ba);
519 	skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, wcid,
520 					      len);
521 	if (IS_ERR(skb))
522 		return PTR_ERR(skb);
523 
524 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BA, sizeof(*ba));
525 
526 	ba = (struct sta_rec_ba_uni *)tlv;
527 	ba->ba_type = tx ? MT_BA_TYPE_ORIGINATOR : MT_BA_TYPE_RECIPIENT;
528 	ba->winsize = cpu_to_le16(params->buf_size);
529 	ba->ssn = cpu_to_le16(params->ssn);
530 	ba->ba_en = enable << params->tid;
531 	ba->amsdu = params->amsdu;
532 	ba->tid = params->tid;
533 
534 	return mt76_mcu_skb_send_msg(dev, skb,
535 				     MCU_UNI_CMD(STA_REC_UPDATE), true);
536 }
537 
538 /** starec & wtbl **/
539 int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev,
540 			 struct ieee80211_ampdu_params *params,
541 			 bool enable)
542 {
543 	struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv;
544 	struct mt792x_vif *mvif = msta->vif;
545 
546 	if (enable && !params->amsdu)
547 		msta->wcid.amsdu = false;
548 
549 	return mt7925_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
550 				 enable, true);
551 }
552 
553 int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev,
554 			 struct ieee80211_ampdu_params *params,
555 			 bool enable)
556 {
557 	struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv;
558 	struct mt792x_vif *mvif = msta->vif;
559 
560 	return mt7925_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
561 				 enable, false);
562 }
563 
564 static int mt7925_load_clc(struct mt792x_dev *dev, const char *fw_name)
565 {
566 	const struct mt76_connac2_fw_trailer *hdr;
567 	const struct mt76_connac2_fw_region *region;
568 	const struct mt7925_clc *clc;
569 	struct mt76_dev *mdev = &dev->mt76;
570 	struct mt792x_phy *phy = &dev->phy;
571 	const struct firmware *fw;
572 	int ret, i, len, offset = 0;
573 	u8 *clc_base = NULL;
574 
575 	if (mt7925_disable_clc ||
576 	    mt76_is_usb(&dev->mt76))
577 		return 0;
578 
579 	ret = request_firmware(&fw, fw_name, mdev->dev);
580 	if (ret)
581 		return ret;
582 
583 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
584 		dev_err(mdev->dev, "Invalid firmware\n");
585 		ret = -EINVAL;
586 		goto out;
587 	}
588 
589 	hdr = (const void *)(fw->data + fw->size - sizeof(*hdr));
590 	for (i = 0; i < hdr->n_region; i++) {
591 		region = (const void *)((const u8 *)hdr -
592 					(hdr->n_region - i) * sizeof(*region));
593 		len = le32_to_cpu(region->len);
594 
595 		/* check if we have valid buffer size */
596 		if (offset + len > fw->size) {
597 			dev_err(mdev->dev, "Invalid firmware region\n");
598 			ret = -EINVAL;
599 			goto out;
600 		}
601 
602 		if ((region->feature_set & FW_FEATURE_NON_DL) &&
603 		    region->type == FW_TYPE_CLC) {
604 			clc_base = (u8 *)(fw->data + offset);
605 			break;
606 		}
607 		offset += len;
608 	}
609 
610 	if (!clc_base)
611 		goto out;
612 
613 	for (offset = 0; offset < len; offset += le32_to_cpu(clc->len)) {
614 		clc = (const struct mt7925_clc *)(clc_base + offset);
615 
616 		/* do not init buf again if chip reset triggered */
617 		if (phy->clc[clc->idx])
618 			continue;
619 
620 		phy->clc[clc->idx] = devm_kmemdup(mdev->dev, clc,
621 						  le32_to_cpu(clc->len),
622 						  GFP_KERNEL);
623 
624 		if (!phy->clc[clc->idx]) {
625 			ret = -ENOMEM;
626 			goto out;
627 		}
628 	}
629 
630 	ret = mt7925_mcu_set_clc(dev, "00", ENVIRON_INDOOR);
631 out:
632 	release_firmware(fw);
633 
634 	return ret;
635 }
636 
637 int mt7925_mcu_fw_log_2_host(struct mt792x_dev *dev, u8 ctrl)
638 {
639 	struct {
640 		u8 _rsv[4];
641 
642 		__le16 tag;
643 		__le16 len;
644 		u8 ctrl;
645 		u8 interval;
646 		u8 _rsv2[2];
647 	} __packed req = {
648 		.tag = cpu_to_le16(UNI_WSYS_CONFIG_FW_LOG_CTRL),
649 		.len = cpu_to_le16(sizeof(req) - 4),
650 		.ctrl = ctrl,
651 	};
652 	int ret;
653 
654 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(WSYS_CONFIG),
655 					&req, sizeof(req), false, NULL);
656 	return ret;
657 }
658 
659 int mt7925_mcu_get_temperature(struct mt792x_phy *phy)
660 {
661 	struct {
662 		u8 _rsv[4];
663 
664 		__le16 tag;
665 		__le16 len;
666 		u8 _rsv2[4];
667 	} __packed req = {
668 		.tag = cpu_to_le16(0x0),
669 		.len = cpu_to_le16(sizeof(req) - 4),
670 	};
671 	struct mt7925_thermal_evt {
672 		u8 rsv[4];
673 		__le32 temperature;
674 	} __packed * evt;
675 	struct mt792x_dev *dev = phy->dev;
676 	int temperature, ret;
677 	struct sk_buff *skb;
678 
679 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
680 					MCU_WM_UNI_CMD_QUERY(THERMAL),
681 					&req, sizeof(req), true, &skb);
682 	if (ret)
683 		return ret;
684 
685 	skb_pull(skb, 4 + sizeof(struct tlv));
686 	evt = (struct mt7925_thermal_evt *)skb->data;
687 
688 	temperature = le32_to_cpu(evt->temperature);
689 
690 	dev_kfree_skb(skb);
691 
692 	return temperature;
693 }
694 
695 static void
696 mt7925_mcu_parse_phy_cap(struct mt792x_dev *dev, char *data)
697 {
698 	struct mt76_phy *mphy = &dev->mt76.phy;
699 	struct mt76_dev *mdev = mphy->dev;
700 	struct mt7925_mcu_phy_cap {
701 		u8 ht;
702 		u8 vht;
703 		u8 _5g;
704 		u8 max_bw;
705 		u8 nss;
706 		u8 dbdc;
707 		u8 tx_ldpc;
708 		u8 rx_ldpc;
709 		u8 tx_stbc;
710 		u8 rx_stbc;
711 		u8 hw_path;
712 		u8 he;
713 		u8 eht;
714 	} __packed * cap;
715 	enum {
716 		WF0_24G,
717 		WF0_5G
718 	};
719 
720 	cap = (struct mt7925_mcu_phy_cap *)data;
721 
722 	mdev->phy.antenna_mask = BIT(cap->nss) - 1;
723 	mdev->phy.chainmask = mdev->phy.antenna_mask;
724 	mdev->phy.cap.has_2ghz = cap->hw_path & BIT(WF0_24G);
725 	mdev->phy.cap.has_5ghz = cap->hw_path & BIT(WF0_5G);
726 	dev->has_eht = cap->eht;
727 }
728 
729 static int
730 mt7925_mcu_get_nic_capability(struct mt792x_dev *dev)
731 {
732 	struct mt76_phy *mphy = &dev->mt76.phy;
733 	struct {
734 		u8 _rsv[4];
735 
736 		__le16 tag;
737 		__le16 len;
738 	} __packed req = {
739 		.tag = cpu_to_le16(UNI_CHIP_CONFIG_NIC_CAPA),
740 		.len = cpu_to_le16(sizeof(req) - 4),
741 	};
742 	struct mt76_connac_cap_hdr {
743 		__le16 n_element;
744 		u8 rsv[2];
745 	} __packed * hdr;
746 	struct sk_buff *skb;
747 	int ret, i;
748 
749 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(CHIP_CONFIG),
750 					&req, sizeof(req), true, &skb);
751 	if (ret)
752 		return ret;
753 
754 	hdr = (struct mt76_connac_cap_hdr *)skb->data;
755 	if (skb->len < sizeof(*hdr)) {
756 		ret = -EINVAL;
757 		goto out;
758 	}
759 
760 	skb_pull(skb, sizeof(*hdr));
761 
762 	for (i = 0; i < le16_to_cpu(hdr->n_element); i++) {
763 		struct tlv *tlv = (struct tlv *)skb->data;
764 		int len;
765 
766 		if (skb->len < sizeof(*tlv))
767 			break;
768 
769 		len = le16_to_cpu(tlv->len);
770 		if (skb->len < len)
771 			break;
772 
773 		switch (le16_to_cpu(tlv->tag)) {
774 		case MT_NIC_CAP_6G:
775 			mphy->cap.has_6ghz = !!tlv->data[0];
776 			break;
777 		case MT_NIC_CAP_MAC_ADDR:
778 			memcpy(mphy->macaddr, (void *)tlv->data, ETH_ALEN);
779 			break;
780 		case MT_NIC_CAP_PHY:
781 			mt7925_mcu_parse_phy_cap(dev, tlv->data);
782 			break;
783 		default:
784 			break;
785 		}
786 		skb_pull(skb, len);
787 	}
788 out:
789 	dev_kfree_skb(skb);
790 	return ret;
791 }
792 
793 int mt7925_mcu_chip_config(struct mt792x_dev *dev, const char *cmd)
794 {
795 	u16 len = strlen(cmd) + 1;
796 	struct {
797 		u8 _rsv[4];
798 		__le16 tag;
799 		__le16 len;
800 		struct mt76_connac_config config;
801 	} __packed req = {
802 		.tag = cpu_to_le16(UNI_CHIP_CONFIG_CHIP_CFG),
803 		.len = cpu_to_le16(sizeof(req) - 4),
804 		.config = {
805 			.resp_type = 0,
806 			.type = 0,
807 			.data_size = cpu_to_le16(len),
808 		},
809 	};
810 
811 	memcpy(req.config.data, cmd, len);
812 
813 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(CHIP_CONFIG),
814 				 &req, sizeof(req), false);
815 }
816 
817 int mt7925_mcu_set_deep_sleep(struct mt792x_dev *dev, bool enable)
818 {
819 	char cmd[16];
820 
821 	snprintf(cmd, sizeof(cmd), "KeepFullPwr %d", !enable);
822 
823 	return mt7925_mcu_chip_config(dev, cmd);
824 }
825 EXPORT_SYMBOL_GPL(mt7925_mcu_set_deep_sleep);
826 
827 int mt7925_run_firmware(struct mt792x_dev *dev)
828 {
829 	int err;
830 
831 	err = mt792x_load_firmware(dev);
832 	if (err)
833 		return err;
834 
835 	err = mt7925_mcu_get_nic_capability(dev);
836 	if (err)
837 		return err;
838 
839 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
840 	err = mt7925_load_clc(dev, mt792x_ram_name(dev));
841 	if (err)
842 		return err;
843 
844 	return mt7925_mcu_fw_log_2_host(dev, 1);
845 }
846 EXPORT_SYMBOL_GPL(mt7925_run_firmware);
847 
848 static void
849 mt7925_mcu_sta_hdr_trans_tlv(struct sk_buff *skb,
850 			     struct ieee80211_vif *vif,
851 			     struct ieee80211_sta *sta)
852 {
853 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
854 	struct sta_rec_hdr_trans *hdr_trans;
855 	struct mt76_wcid *wcid;
856 	struct tlv *tlv;
857 
858 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HDR_TRANS, sizeof(*hdr_trans));
859 	hdr_trans = (struct sta_rec_hdr_trans *)tlv;
860 	hdr_trans->dis_rx_hdr_tran = true;
861 
862 	if (vif->type == NL80211_IFTYPE_STATION)
863 		hdr_trans->to_ds = true;
864 	else
865 		hdr_trans->from_ds = true;
866 
867 	if (sta)
868 		wcid = (struct mt76_wcid *)sta->drv_priv;
869 	else
870 		wcid = &mvif->sta.wcid;
871 
872 	if (!wcid)
873 		return;
874 
875 	hdr_trans->dis_rx_hdr_tran = !test_bit(MT_WCID_FLAG_HDR_TRANS, &wcid->flags);
876 	if (test_bit(MT_WCID_FLAG_4ADDR, &wcid->flags)) {
877 		hdr_trans->to_ds = true;
878 		hdr_trans->from_ds = true;
879 	}
880 }
881 
882 int mt7925_mcu_wtbl_update_hdr_trans(struct mt792x_dev *dev,
883 				     struct ieee80211_vif *vif,
884 				     struct ieee80211_sta *sta)
885 {
886 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
887 	struct mt792x_sta *msta;
888 	struct sk_buff *skb;
889 
890 	msta = sta ? (struct mt792x_sta *)sta->drv_priv : &mvif->sta;
891 
892 	skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
893 					      &msta->wcid,
894 					      MT7925_STA_UPDATE_MAX_SIZE);
895 	if (IS_ERR(skb))
896 		return PTR_ERR(skb);
897 
898 	/* starec hdr trans */
899 	mt7925_mcu_sta_hdr_trans_tlv(skb, vif, sta);
900 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
901 				     MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
902 }
903 
904 int mt7925_mcu_set_tx(struct mt792x_dev *dev, struct ieee80211_vif *vif)
905 {
906 #define MCU_EDCA_AC_PARAM	0
907 #define WMM_AIFS_SET		BIT(0)
908 #define WMM_CW_MIN_SET		BIT(1)
909 #define WMM_CW_MAX_SET		BIT(2)
910 #define WMM_TXOP_SET		BIT(3)
911 #define WMM_PARAM_SET		(WMM_AIFS_SET | WMM_CW_MIN_SET | \
912 				 WMM_CW_MAX_SET | WMM_TXOP_SET)
913 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
914 	struct {
915 		u8 bss_idx;
916 		u8 __rsv[3];
917 	} __packed hdr = {
918 		.bss_idx = mvif->mt76.idx,
919 	};
920 	struct sk_buff *skb;
921 	int len = sizeof(hdr) + IEEE80211_NUM_ACS * sizeof(struct edca);
922 	int ac;
923 
924 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
925 	if (!skb)
926 		return -ENOMEM;
927 
928 	skb_put_data(skb, &hdr, sizeof(hdr));
929 
930 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
931 		struct ieee80211_tx_queue_params *q = &mvif->queue_params[ac];
932 		struct edca *e;
933 		struct tlv *tlv;
934 
935 		tlv = mt76_connac_mcu_add_tlv(skb, MCU_EDCA_AC_PARAM, sizeof(*e));
936 
937 		e = (struct edca *)tlv;
938 		e->set = WMM_PARAM_SET;
939 		e->queue = ac;
940 		e->aifs = q->aifs;
941 		e->txop = cpu_to_le16(q->txop);
942 
943 		if (q->cw_min)
944 			e->cw_min = fls(q->cw_min);
945 		else
946 			e->cw_min = 5;
947 
948 		if (q->cw_max)
949 			e->cw_max = fls(q->cw_max);
950 		else
951 			e->cw_max = 10;
952 	}
953 
954 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
955 				     MCU_UNI_CMD(EDCA_UPDATE), true);
956 }
957 
958 static int
959 mt7925_mcu_sta_key_tlv(struct mt76_wcid *wcid,
960 		       struct mt76_connac_sta_key_conf *sta_key_conf,
961 		       struct sk_buff *skb,
962 		       struct ieee80211_key_conf *key,
963 		       enum set_key_cmd cmd)
964 {
965 	struct mt792x_sta *msta = container_of(wcid, struct mt792x_sta, wcid);
966 	struct sta_rec_sec_uni *sec;
967 	struct mt792x_vif *mvif = msta->vif;
968 	struct ieee80211_sta *sta;
969 	struct ieee80211_vif *vif;
970 	struct tlv *tlv;
971 
972 	sta = msta == &mvif->sta ?
973 		      NULL :
974 		      container_of((void *)msta, struct ieee80211_sta, drv_priv);
975 	vif = container_of((void *)mvif, struct ieee80211_vif, drv_priv);
976 
977 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_KEY_V3, sizeof(*sec));
978 	sec = (struct sta_rec_sec_uni *)tlv;
979 	sec->bss_idx = mvif->mt76.idx;
980 	sec->is_authenticator = 0;
981 	sec->mgmt_prot = 0;
982 	sec->wlan_idx = (u8)wcid->idx;
983 
984 	if (sta) {
985 		sec->tx_key = 1;
986 		sec->key_type = 1;
987 		memcpy(sec->peer_addr, sta->addr, ETH_ALEN);
988 	} else {
989 		memcpy(sec->peer_addr, vif->bss_conf.bssid, ETH_ALEN);
990 	}
991 
992 	if (cmd == SET_KEY) {
993 		u8 cipher;
994 
995 		sec->add = 1;
996 		cipher = mt7925_mcu_get_cipher(key->cipher);
997 		if (cipher == CONNAC3_CIPHER_NONE)
998 			return -EOPNOTSUPP;
999 
1000 		if (cipher == CONNAC3_CIPHER_BIP_CMAC_128) {
1001 			sec->cipher_id = CONNAC3_CIPHER_BIP_CMAC_128;
1002 			sec->key_id = sta_key_conf->keyidx;
1003 			sec->key_len = 32;
1004 			memcpy(sec->key, sta_key_conf->key, 16);
1005 			memcpy(sec->key + 16, key->key, 16);
1006 		} else {
1007 			sec->cipher_id = cipher;
1008 			sec->key_id = key->keyidx;
1009 			sec->key_len = key->keylen;
1010 			memcpy(sec->key, key->key, key->keylen);
1011 
1012 			if (cipher == CONNAC3_CIPHER_TKIP) {
1013 				/* Rx/Tx MIC keys are swapped */
1014 				memcpy(sec->key + 16, key->key + 24, 8);
1015 				memcpy(sec->key + 24, key->key + 16, 8);
1016 			}
1017 
1018 			/* store key_conf for BIP batch update */
1019 			if (cipher == CONNAC3_CIPHER_AES_CCMP) {
1020 				memcpy(sta_key_conf->key, key->key, key->keylen);
1021 				sta_key_conf->keyidx = key->keyidx;
1022 			}
1023 		}
1024 	} else {
1025 		sec->add = 0;
1026 	}
1027 
1028 	return 0;
1029 }
1030 
1031 int mt7925_mcu_add_key(struct mt76_dev *dev, struct ieee80211_vif *vif,
1032 		       struct mt76_connac_sta_key_conf *sta_key_conf,
1033 		       struct ieee80211_key_conf *key, int mcu_cmd,
1034 		       struct mt76_wcid *wcid, enum set_key_cmd cmd)
1035 {
1036 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
1037 	struct sk_buff *skb;
1038 	int ret;
1039 
1040 	skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, wcid,
1041 					      MT7925_STA_UPDATE_MAX_SIZE);
1042 	if (IS_ERR(skb))
1043 		return PTR_ERR(skb);
1044 
1045 	ret = mt7925_mcu_sta_key_tlv(wcid, sta_key_conf, skb, key, cmd);
1046 	if (ret)
1047 		return ret;
1048 
1049 	return mt76_mcu_skb_send_msg(dev, skb, mcu_cmd, true);
1050 }
1051 
1052 int mt7925_mcu_set_roc(struct mt792x_phy *phy, struct mt792x_vif *vif,
1053 		       struct ieee80211_channel *chan, int duration,
1054 		       enum mt7925_roc_req type, u8 token_id)
1055 {
1056 	int center_ch = ieee80211_frequency_to_channel(chan->center_freq);
1057 	struct mt792x_dev *dev = phy->dev;
1058 	struct {
1059 		struct {
1060 			u8 rsv[4];
1061 		} __packed hdr;
1062 		struct roc_acquire_tlv {
1063 			__le16 tag;
1064 			__le16 len;
1065 			u8 bss_idx;
1066 			u8 tokenid;
1067 			u8 control_channel;
1068 			u8 sco;
1069 			u8 band;
1070 			u8 bw;
1071 			u8 center_chan;
1072 			u8 center_chan2;
1073 			u8 bw_from_ap;
1074 			u8 center_chan_from_ap;
1075 			u8 center_chan2_from_ap;
1076 			u8 reqtype;
1077 			__le32 maxinterval;
1078 			u8 dbdcband;
1079 			u8 rsv[3];
1080 		} __packed roc;
1081 	} __packed req = {
1082 		.roc = {
1083 			.tag = cpu_to_le16(UNI_ROC_ACQUIRE),
1084 			.len = cpu_to_le16(sizeof(struct roc_acquire_tlv)),
1085 			.tokenid = token_id,
1086 			.reqtype = type,
1087 			.maxinterval = cpu_to_le32(duration),
1088 			.bss_idx = vif->mt76.idx,
1089 			.control_channel = chan->hw_value,
1090 			.bw = CMD_CBW_20MHZ,
1091 			.bw_from_ap = CMD_CBW_20MHZ,
1092 			.center_chan = center_ch,
1093 			.center_chan_from_ap = center_ch,
1094 			.dbdcband = 0xff, /* auto */
1095 		},
1096 	};
1097 
1098 	if (chan->hw_value < center_ch)
1099 		req.roc.sco = 1; /* SCA */
1100 	else if (chan->hw_value > center_ch)
1101 		req.roc.sco = 3; /* SCB */
1102 
1103 	switch (chan->band) {
1104 	case NL80211_BAND_6GHZ:
1105 		req.roc.band = 3;
1106 		break;
1107 	case NL80211_BAND_5GHZ:
1108 		req.roc.band = 2;
1109 		break;
1110 	default:
1111 		req.roc.band = 1;
1112 		break;
1113 	}
1114 
1115 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(ROC),
1116 				 &req, sizeof(req), false);
1117 }
1118 
1119 int mt7925_mcu_abort_roc(struct mt792x_phy *phy, struct mt792x_vif *vif,
1120 			 u8 token_id)
1121 {
1122 	struct mt792x_dev *dev = phy->dev;
1123 	struct {
1124 		struct {
1125 			u8 rsv[4];
1126 		} __packed hdr;
1127 		struct roc_abort_tlv {
1128 			__le16 tag;
1129 			__le16 len;
1130 			u8 bss_idx;
1131 			u8 tokenid;
1132 			u8 dbdcband;
1133 			u8 rsv[5];
1134 		} __packed abort;
1135 	} __packed req = {
1136 		.abort = {
1137 			.tag = cpu_to_le16(UNI_ROC_ABORT),
1138 			.len = cpu_to_le16(sizeof(struct roc_abort_tlv)),
1139 			.tokenid = token_id,
1140 			.bss_idx = vif->mt76.idx,
1141 			.dbdcband = 0xff, /* auto*/
1142 		},
1143 	};
1144 
1145 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(ROC),
1146 				 &req, sizeof(req), false);
1147 }
1148 
1149 int mt7925_mcu_set_chan_info(struct mt792x_phy *phy, u16 tag)
1150 {
1151 	static const u8 ch_band[] = {
1152 		[NL80211_BAND_2GHZ] = 0,
1153 		[NL80211_BAND_5GHZ] = 1,
1154 		[NL80211_BAND_6GHZ] = 2,
1155 	};
1156 	struct mt792x_dev *dev = phy->dev;
1157 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
1158 	int freq1 = chandef->center_freq1;
1159 	u8 band_idx = chandef->chan->band != NL80211_BAND_2GHZ;
1160 	struct {
1161 		/* fixed field */
1162 		u8 __rsv[4];
1163 
1164 		__le16 tag;
1165 		__le16 len;
1166 		u8 control_ch;
1167 		u8 center_ch;
1168 		u8 bw;
1169 		u8 tx_path_num;
1170 		u8 rx_path;	/* mask or num */
1171 		u8 switch_reason;
1172 		u8 band_idx;
1173 		u8 center_ch2;	/* for 80+80 only */
1174 		__le16 cac_case;
1175 		u8 channel_band;
1176 		u8 rsv0;
1177 		__le32 outband_freq;
1178 		u8 txpower_drop;
1179 		u8 ap_bw;
1180 		u8 ap_center_ch;
1181 		u8 rsv1[53];
1182 	} __packed req = {
1183 		.tag = cpu_to_le16(tag),
1184 		.len = cpu_to_le16(sizeof(req) - 4),
1185 		.control_ch = chandef->chan->hw_value,
1186 		.center_ch = ieee80211_frequency_to_channel(freq1),
1187 		.bw = mt76_connac_chan_bw(chandef),
1188 		.tx_path_num = hweight8(phy->mt76->antenna_mask),
1189 		.rx_path = phy->mt76->antenna_mask,
1190 		.band_idx = band_idx,
1191 		.channel_band = ch_band[chandef->chan->band],
1192 	};
1193 
1194 	if (chandef->chan->band == NL80211_BAND_6GHZ)
1195 		req.channel_band = 2;
1196 	else
1197 		req.channel_band = chandef->chan->band;
1198 
1199 	if (tag == UNI_CHANNEL_RX_PATH ||
1200 	    dev->mt76.hw->conf.flags & IEEE80211_CONF_MONITOR)
1201 		req.switch_reason = CH_SWITCH_NORMAL;
1202 	else if (phy->mt76->hw->conf.flags & IEEE80211_CONF_OFFCHANNEL)
1203 		req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
1204 	else if (!cfg80211_reg_can_beacon(phy->mt76->hw->wiphy, chandef,
1205 					  NL80211_IFTYPE_AP))
1206 		req.switch_reason = CH_SWITCH_DFS;
1207 	else
1208 		req.switch_reason = CH_SWITCH_NORMAL;
1209 
1210 	if (tag == UNI_CHANNEL_SWITCH)
1211 		req.rx_path = hweight8(req.rx_path);
1212 
1213 	if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
1214 		int freq2 = chandef->center_freq2;
1215 
1216 		req.center_ch2 = ieee80211_frequency_to_channel(freq2);
1217 	}
1218 
1219 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(CHANNEL_SWITCH),
1220 				 &req, sizeof(req), true);
1221 }
1222 
1223 int mt7925_mcu_set_eeprom(struct mt792x_dev *dev)
1224 {
1225 	struct {
1226 		u8 _rsv[4];
1227 
1228 		__le16 tag;
1229 		__le16 len;
1230 		u8 buffer_mode;
1231 		u8 format;
1232 		__le16 buf_len;
1233 	} __packed req = {
1234 		.tag = cpu_to_le16(UNI_EFUSE_BUFFER_MODE),
1235 		.len = cpu_to_le16(sizeof(req) - 4),
1236 		.buffer_mode = EE_MODE_EFUSE,
1237 		.format = EE_FORMAT_WHOLE
1238 	};
1239 
1240 	return mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(EFUSE_CTRL),
1241 					 &req, sizeof(req), false, NULL);
1242 }
1243 EXPORT_SYMBOL_GPL(mt7925_mcu_set_eeprom);
1244 
1245 int mt7925_mcu_uni_bss_ps(struct mt792x_dev *dev, struct ieee80211_vif *vif)
1246 {
1247 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1248 	struct {
1249 		struct {
1250 			u8 bss_idx;
1251 			u8 pad[3];
1252 		} __packed hdr;
1253 		struct ps_tlv {
1254 			__le16 tag;
1255 			__le16 len;
1256 			u8 ps_state; /* 0: device awake
1257 				      * 1: static power save
1258 				      * 2: dynamic power saving
1259 				      * 3: enter TWT power saving
1260 				      * 4: leave TWT power saving
1261 				      */
1262 			u8 pad[3];
1263 		} __packed ps;
1264 	} __packed ps_req = {
1265 		.hdr = {
1266 			.bss_idx = mvif->mt76.idx,
1267 		},
1268 		.ps = {
1269 			.tag = cpu_to_le16(UNI_BSS_INFO_PS),
1270 			.len = cpu_to_le16(sizeof(struct ps_tlv)),
1271 			.ps_state = vif->cfg.ps ? 2 : 0,
1272 		},
1273 	};
1274 
1275 	if (vif->type != NL80211_IFTYPE_STATION)
1276 		return -EOPNOTSUPP;
1277 
1278 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1279 				 &ps_req, sizeof(ps_req), true);
1280 }
1281 
1282 static int
1283 mt7925_mcu_uni_bss_bcnft(struct mt792x_dev *dev, struct ieee80211_vif *vif,
1284 			 bool enable)
1285 {
1286 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1287 	struct {
1288 		struct {
1289 			u8 bss_idx;
1290 			u8 pad[3];
1291 		} __packed hdr;
1292 		struct bcnft_tlv {
1293 			__le16 tag;
1294 			__le16 len;
1295 			__le16 bcn_interval;
1296 			u8 dtim_period;
1297 			u8 bmc_delivered_ac;
1298 			u8 bmc_triggered_ac;
1299 			u8 pad[3];
1300 		} __packed bcnft;
1301 	} __packed bcnft_req = {
1302 		.hdr = {
1303 			.bss_idx = mvif->mt76.idx,
1304 		},
1305 		.bcnft = {
1306 			.tag = cpu_to_le16(UNI_BSS_INFO_BCNFT),
1307 			.len = cpu_to_le16(sizeof(struct bcnft_tlv)),
1308 			.bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int),
1309 			.dtim_period = vif->bss_conf.dtim_period,
1310 		},
1311 	};
1312 
1313 	if (vif->type != NL80211_IFTYPE_STATION)
1314 		return 0;
1315 
1316 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1317 				 &bcnft_req, sizeof(bcnft_req), true);
1318 }
1319 
1320 int
1321 mt7925_mcu_set_bss_pm(struct mt792x_dev *dev, struct ieee80211_vif *vif,
1322 		      bool enable)
1323 {
1324 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1325 	struct {
1326 		struct {
1327 			u8 bss_idx;
1328 			u8 pad[3];
1329 		} __packed hdr;
1330 		struct bcnft_tlv {
1331 			__le16 tag;
1332 			__le16 len;
1333 			__le16 bcn_interval;
1334 			u8 dtim_period;
1335 			u8 bmc_delivered_ac;
1336 			u8 bmc_triggered_ac;
1337 			u8 pad[3];
1338 		} __packed enable;
1339 	} req = {
1340 		.hdr = {
1341 			.bss_idx = mvif->mt76.idx,
1342 		},
1343 		.enable = {
1344 			.tag = cpu_to_le16(UNI_BSS_INFO_BCNFT),
1345 			.len = cpu_to_le16(sizeof(struct bcnft_tlv)),
1346 			.dtim_period = vif->bss_conf.dtim_period,
1347 			.bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int),
1348 		},
1349 	};
1350 	struct {
1351 		struct {
1352 			u8 bss_idx;
1353 			u8 pad[3];
1354 		} __packed hdr;
1355 		struct pm_disable {
1356 			__le16 tag;
1357 			__le16 len;
1358 		} __packed disable;
1359 	} req1 = {
1360 		.hdr = {
1361 			.bss_idx = mvif->mt76.idx,
1362 		},
1363 		.disable = {
1364 			.tag = cpu_to_le16(UNI_BSS_INFO_PM_DISABLE),
1365 			.len = cpu_to_le16(sizeof(struct pm_disable))
1366 		},
1367 	};
1368 	int err;
1369 
1370 	err = mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1371 				&req1, sizeof(req1), false);
1372 	if (err < 0 || !enable)
1373 		return err;
1374 
1375 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1376 				 &req, sizeof(req), false);
1377 }
1378 
1379 static void
1380 mt7925_mcu_sta_he_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1381 {
1382 	if (!sta->deflink.he_cap.has_he)
1383 		return;
1384 
1385 	mt76_connac_mcu_sta_he_tlv_v2(skb, sta);
1386 }
1387 
1388 static void
1389 mt7925_mcu_sta_he_6g_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1390 {
1391 	struct sta_rec_he_6g_capa *he_6g;
1392 	struct tlv *tlv;
1393 
1394 	if (!sta->deflink.he_6ghz_capa.capa)
1395 		return;
1396 
1397 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HE_6G, sizeof(*he_6g));
1398 
1399 	he_6g = (struct sta_rec_he_6g_capa *)tlv;
1400 	he_6g->capa = sta->deflink.he_6ghz_capa.capa;
1401 }
1402 
1403 static void
1404 mt7925_mcu_sta_eht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1405 {
1406 	struct ieee80211_eht_mcs_nss_supp *mcs_map;
1407 	struct ieee80211_eht_cap_elem_fixed *elem;
1408 	struct sta_rec_eht *eht;
1409 	struct tlv *tlv;
1410 
1411 	if (!sta->deflink.eht_cap.has_eht)
1412 		return;
1413 
1414 	mcs_map = &sta->deflink.eht_cap.eht_mcs_nss_supp;
1415 	elem = &sta->deflink.eht_cap.eht_cap_elem;
1416 
1417 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_EHT, sizeof(*eht));
1418 
1419 	eht = (struct sta_rec_eht *)tlv;
1420 	eht->tid_bitmap = 0xff;
1421 	eht->mac_cap = cpu_to_le16(*(u16 *)elem->mac_cap_info);
1422 	eht->phy_cap = cpu_to_le64(*(u64 *)elem->phy_cap_info);
1423 	eht->phy_cap_ext = cpu_to_le64(elem->phy_cap_info[8]);
1424 
1425 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
1426 		memcpy(eht->mcs_map_bw20, &mcs_map->only_20mhz, sizeof(eht->mcs_map_bw20));
1427 	memcpy(eht->mcs_map_bw80, &mcs_map->bw._80, sizeof(eht->mcs_map_bw80));
1428 	memcpy(eht->mcs_map_bw160, &mcs_map->bw._160, sizeof(eht->mcs_map_bw160));
1429 }
1430 
1431 static void
1432 mt7925_mcu_sta_ht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1433 {
1434 	struct sta_rec_ht *ht;
1435 	struct tlv *tlv;
1436 
1437 	if (!sta->deflink.ht_cap.ht_supported)
1438 		return;
1439 
1440 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
1441 
1442 	ht = (struct sta_rec_ht *)tlv;
1443 	ht->ht_cap = cpu_to_le16(sta->deflink.ht_cap.cap);
1444 }
1445 
1446 static void
1447 mt7925_mcu_sta_vht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1448 {
1449 	struct sta_rec_vht *vht;
1450 	struct tlv *tlv;
1451 
1452 	/* For 6G band, this tlv is necessary to let hw work normally */
1453 	if (!sta->deflink.he_6ghz_capa.capa && !sta->deflink.vht_cap.vht_supported)
1454 		return;
1455 
1456 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
1457 
1458 	vht = (struct sta_rec_vht *)tlv;
1459 	vht->vht_cap = cpu_to_le32(sta->deflink.vht_cap.cap);
1460 	vht->vht_rx_mcs_map = sta->deflink.vht_cap.vht_mcs.rx_mcs_map;
1461 	vht->vht_tx_mcs_map = sta->deflink.vht_cap.vht_mcs.tx_mcs_map;
1462 }
1463 
1464 static void
1465 mt7925_mcu_sta_amsdu_tlv(struct sk_buff *skb,
1466 			 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1467 {
1468 	struct mt792x_sta *msta = (struct mt792x_sta *)sta->drv_priv;
1469 	struct sta_rec_amsdu *amsdu;
1470 	struct tlv *tlv;
1471 
1472 	if (vif->type != NL80211_IFTYPE_STATION &&
1473 	    vif->type != NL80211_IFTYPE_AP)
1474 		return;
1475 
1476 	if (!sta->deflink.agg.max_amsdu_len)
1477 		return;
1478 
1479 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HW_AMSDU, sizeof(*amsdu));
1480 	amsdu = (struct sta_rec_amsdu *)tlv;
1481 	amsdu->max_amsdu_num = 8;
1482 	amsdu->amsdu_en = true;
1483 	msta->wcid.amsdu = true;
1484 
1485 	switch (sta->deflink.agg.max_amsdu_len) {
1486 	case IEEE80211_MAX_MPDU_LEN_VHT_11454:
1487 		amsdu->max_mpdu_size =
1488 			IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454;
1489 		return;
1490 	case IEEE80211_MAX_MPDU_LEN_HT_7935:
1491 	case IEEE80211_MAX_MPDU_LEN_VHT_7991:
1492 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991;
1493 		return;
1494 	default:
1495 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895;
1496 		return;
1497 	}
1498 }
1499 
1500 static void
1501 mt7925_mcu_sta_phy_tlv(struct sk_buff *skb,
1502 		       struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1503 {
1504 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1505 	struct cfg80211_chan_def *chandef = &mvif->mt76.ctx->def;
1506 	struct sta_rec_phy *phy;
1507 	struct tlv *tlv;
1508 	u8 af = 0, mm = 0;
1509 
1510 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_PHY, sizeof(*phy));
1511 	phy = (struct sta_rec_phy *)tlv;
1512 	phy->phy_type = mt76_connac_get_phy_mode_v2(mvif->phy->mt76, vif, chandef->chan->band, sta);
1513 	phy->basic_rate = cpu_to_le16((u16)vif->bss_conf.basic_rates);
1514 	if (sta->deflink.ht_cap.ht_supported) {
1515 		af = sta->deflink.ht_cap.ampdu_factor;
1516 		mm = sta->deflink.ht_cap.ampdu_density;
1517 	}
1518 
1519 	if (sta->deflink.vht_cap.vht_supported) {
1520 		u8 vht_af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
1521 				      sta->deflink.vht_cap.cap);
1522 
1523 		af = max_t(u8, af, vht_af);
1524 	}
1525 
1526 	if (sta->deflink.he_6ghz_capa.capa) {
1527 		af = le16_get_bits(sta->deflink.he_6ghz_capa.capa,
1528 				   IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP);
1529 		mm = le16_get_bits(sta->deflink.he_6ghz_capa.capa,
1530 				   IEEE80211_HE_6GHZ_CAP_MIN_MPDU_START);
1531 	}
1532 
1533 	phy->ampdu = FIELD_PREP(IEEE80211_HT_AMPDU_PARM_FACTOR, af) |
1534 		     FIELD_PREP(IEEE80211_HT_AMPDU_PARM_DENSITY, mm);
1535 	phy->max_ampdu_len = af;
1536 }
1537 
1538 static void
1539 mt7925_mcu_sta_state_v2_tlv(struct mt76_phy *mphy, struct sk_buff *skb,
1540 			    struct ieee80211_sta *sta,
1541 			    struct ieee80211_vif *vif,
1542 			    u8 rcpi, u8 sta_state)
1543 {
1544 	struct sta_rec_state_v2 {
1545 		__le16 tag;
1546 		__le16 len;
1547 		u8 state;
1548 		u8 rsv[3];
1549 		__le32 flags;
1550 		u8 vht_opmode;
1551 		u8 action;
1552 		u8 rsv2[2];
1553 	} __packed * state;
1554 	struct tlv *tlv;
1555 
1556 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_STATE, sizeof(*state));
1557 	state = (struct sta_rec_state_v2 *)tlv;
1558 	state->state = sta_state;
1559 
1560 	if (sta->deflink.vht_cap.vht_supported) {
1561 		state->vht_opmode = sta->deflink.bandwidth;
1562 		state->vht_opmode |= sta->deflink.rx_nss <<
1563 			IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
1564 	}
1565 }
1566 
1567 static void
1568 mt7925_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb,
1569 			     struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1570 {
1571 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1572 	struct cfg80211_chan_def *chandef = &mvif->mt76.ctx->def;
1573 	enum nl80211_band band = chandef->chan->band;
1574 	struct sta_rec_ra_info *ra_info;
1575 	struct tlv *tlv;
1576 	u16 supp_rates;
1577 
1578 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA, sizeof(*ra_info));
1579 	ra_info = (struct sta_rec_ra_info *)tlv;
1580 
1581 	supp_rates = sta->deflink.supp_rates[band];
1582 	if (band == NL80211_BAND_2GHZ)
1583 		supp_rates = FIELD_PREP(RA_LEGACY_OFDM, supp_rates >> 4) |
1584 			     FIELD_PREP(RA_LEGACY_CCK, supp_rates & 0xf);
1585 	else
1586 		supp_rates = FIELD_PREP(RA_LEGACY_OFDM, supp_rates);
1587 
1588 	ra_info->legacy = cpu_to_le16(supp_rates);
1589 
1590 	if (sta->deflink.ht_cap.ht_supported)
1591 		memcpy(ra_info->rx_mcs_bitmask,
1592 		       sta->deflink.ht_cap.mcs.rx_mask,
1593 		       HT_MCS_MASK_NUM);
1594 }
1595 
1596 static void
1597 mt7925_mcu_sta_mld_tlv(struct sk_buff *skb,
1598 		       struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1599 {
1600 	struct mt76_wcid *wcid = (struct mt76_wcid *)sta->drv_priv;
1601 	struct sta_rec_mld *mld;
1602 	struct tlv *tlv;
1603 
1604 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_MLD, sizeof(*mld));
1605 	mld = (struct sta_rec_mld *)tlv;
1606 	memcpy(mld->mac_addr, vif->addr, ETH_ALEN);
1607 	mld->primary_id = cpu_to_le16(wcid->idx);
1608 	mld->wlan_id = cpu_to_le16(wcid->idx);
1609 
1610 	/* TODO: 0 means deflink only, add secondary link(1) later */
1611 	mld->link_num = !!(hweight8(vif->active_links) > 1);
1612 	WARN_ON_ONCE(mld->link_num);
1613 }
1614 
1615 static int
1616 mt7925_mcu_sta_cmd(struct mt76_phy *phy,
1617 		   struct mt76_sta_cmd_info *info)
1618 {
1619 	struct mt76_vif *mvif = (struct mt76_vif *)info->vif->drv_priv;
1620 	struct mt76_dev *dev = phy->dev;
1621 	struct sk_buff *skb;
1622 
1623 	skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, info->wcid,
1624 					      MT7925_STA_UPDATE_MAX_SIZE);
1625 	if (IS_ERR(skb))
1626 		return PTR_ERR(skb);
1627 
1628 	if (info->sta || !info->offload_fw)
1629 		mt76_connac_mcu_sta_basic_tlv(dev, skb, info->vif, info->sta,
1630 					      info->enable, info->newly);
1631 	if (info->sta && info->enable) {
1632 		mt7925_mcu_sta_phy_tlv(skb, info->vif, info->sta);
1633 		mt7925_mcu_sta_ht_tlv(skb, info->sta);
1634 		mt7925_mcu_sta_vht_tlv(skb, info->sta);
1635 		mt76_connac_mcu_sta_uapsd(skb, info->vif, info->sta);
1636 		mt7925_mcu_sta_amsdu_tlv(skb, info->vif, info->sta);
1637 		mt7925_mcu_sta_he_tlv(skb, info->sta);
1638 		mt7925_mcu_sta_he_6g_tlv(skb, info->sta);
1639 		mt7925_mcu_sta_eht_tlv(skb, info->sta);
1640 		mt7925_mcu_sta_rate_ctrl_tlv(skb, info->vif, info->sta);
1641 		mt7925_mcu_sta_state_v2_tlv(phy, skb, info->sta,
1642 					    info->vif, info->rcpi,
1643 					    info->state);
1644 		mt7925_mcu_sta_mld_tlv(skb, info->vif, info->sta);
1645 	}
1646 
1647 	if (info->enable)
1648 		mt7925_mcu_sta_hdr_trans_tlv(skb, info->vif, info->sta);
1649 
1650 	return mt76_mcu_skb_send_msg(dev, skb, info->cmd, true);
1651 }
1652 
1653 int mt7925_mcu_sta_update(struct mt792x_dev *dev, struct ieee80211_sta *sta,
1654 			  struct ieee80211_vif *vif, bool enable,
1655 			  enum mt76_sta_info_state state)
1656 {
1657 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1658 	int rssi = -ewma_rssi_read(&mvif->rssi);
1659 	struct mt76_sta_cmd_info info = {
1660 		.sta = sta,
1661 		.vif = vif,
1662 		.enable = enable,
1663 		.cmd = MCU_UNI_CMD(STA_REC_UPDATE),
1664 		.state = state,
1665 		.offload_fw = true,
1666 		.rcpi = to_rcpi(rssi),
1667 	};
1668 	struct mt792x_sta *msta;
1669 
1670 	msta = sta ? (struct mt792x_sta *)sta->drv_priv : NULL;
1671 	info.wcid = msta ? &msta->wcid : &mvif->sta.wcid;
1672 	info.newly = msta ? state != MT76_STA_INFO_STATE_ASSOC : true;
1673 
1674 	return mt7925_mcu_sta_cmd(&dev->mphy, &info);
1675 }
1676 
1677 int mt7925_mcu_set_beacon_filter(struct mt792x_dev *dev,
1678 				 struct ieee80211_vif *vif,
1679 				 bool enable)
1680 {
1681 #define MT7925_FIF_BIT_CLR		BIT(1)
1682 #define MT7925_FIF_BIT_SET		BIT(0)
1683 	int err = 0;
1684 
1685 	if (enable) {
1686 		err = mt7925_mcu_uni_bss_bcnft(dev, vif, true);
1687 		if (err)
1688 			return err;
1689 
1690 		return mt7925_mcu_set_rxfilter(dev, 0,
1691 					       MT7925_FIF_BIT_SET,
1692 					       MT_WF_RFCR_DROP_OTHER_BEACON);
1693 	}
1694 
1695 	err = mt7925_mcu_set_bss_pm(dev, vif, false);
1696 	if (err)
1697 		return err;
1698 
1699 	return mt7925_mcu_set_rxfilter(dev, 0,
1700 				       MT7925_FIF_BIT_CLR,
1701 				       MT_WF_RFCR_DROP_OTHER_BEACON);
1702 }
1703 
1704 int mt7925_get_txpwr_info(struct mt792x_dev *dev, u8 band_idx, struct mt7925_txpwr *txpwr)
1705 {
1706 #define TX_POWER_SHOW_INFO 0x7
1707 #define TXPOWER_ALL_RATE_POWER_INFO 0x2
1708 	struct mt7925_txpwr_event *event;
1709 	struct mt7925_txpwr_req req = {
1710 		.tag = cpu_to_le16(TX_POWER_SHOW_INFO),
1711 		.len = cpu_to_le16(sizeof(req) - 4),
1712 		.catg = TXPOWER_ALL_RATE_POWER_INFO,
1713 		.band_idx = band_idx,
1714 	};
1715 	struct sk_buff *skb;
1716 	int ret;
1717 
1718 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(TXPOWER),
1719 					&req, sizeof(req), true, &skb);
1720 	if (ret)
1721 		return ret;
1722 
1723 	event = (struct mt7925_txpwr_event *)skb->data;
1724 	memcpy(txpwr, &event->txpwr, sizeof(event->txpwr));
1725 
1726 	dev_kfree_skb(skb);
1727 
1728 	return 0;
1729 }
1730 
1731 int mt7925_mcu_set_sniffer(struct mt792x_dev *dev, struct ieee80211_vif *vif,
1732 			   bool enable)
1733 {
1734 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1735 
1736 	struct {
1737 		struct {
1738 			u8 band_idx;
1739 			u8 pad[3];
1740 		} __packed hdr;
1741 		struct sniffer_enable_tlv {
1742 			__le16 tag;
1743 			__le16 len;
1744 			u8 enable;
1745 			u8 pad[3];
1746 		} __packed enable;
1747 	} __packed req = {
1748 		.hdr = {
1749 			.band_idx = mvif->mt76.band_idx,
1750 		},
1751 		.enable = {
1752 			.tag = cpu_to_le16(UNI_SNIFFER_ENABLE),
1753 			.len = cpu_to_le16(sizeof(struct sniffer_enable_tlv)),
1754 			.enable = enable,
1755 		},
1756 	};
1757 
1758 	mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(SNIFFER), &req, sizeof(req), true);
1759 
1760 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(SNIFFER), &req, sizeof(req),
1761 				 true);
1762 }
1763 
1764 int mt7925_mcu_config_sniffer(struct mt792x_vif *vif,
1765 			      struct ieee80211_chanctx_conf *ctx)
1766 {
1767 	struct mt76_phy *mphy = vif->phy->mt76;
1768 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def : &mphy->chandef;
1769 	int freq1 = chandef->center_freq1, freq2 = chandef->center_freq2;
1770 
1771 	static const u8 ch_band[] = {
1772 		[NL80211_BAND_2GHZ] = 1,
1773 		[NL80211_BAND_5GHZ] = 2,
1774 		[NL80211_BAND_6GHZ] = 3,
1775 	};
1776 	static const u8 ch_width[] = {
1777 		[NL80211_CHAN_WIDTH_20_NOHT] = 0,
1778 		[NL80211_CHAN_WIDTH_20] = 0,
1779 		[NL80211_CHAN_WIDTH_40] = 0,
1780 		[NL80211_CHAN_WIDTH_80] = 1,
1781 		[NL80211_CHAN_WIDTH_160] = 2,
1782 		[NL80211_CHAN_WIDTH_80P80] = 3,
1783 		[NL80211_CHAN_WIDTH_5] = 4,
1784 		[NL80211_CHAN_WIDTH_10] = 5,
1785 		[NL80211_CHAN_WIDTH_320] = 6,
1786 	};
1787 
1788 	struct {
1789 		struct {
1790 			u8 band_idx;
1791 			u8 pad[3];
1792 		} __packed hdr;
1793 		struct config_tlv {
1794 			__le16 tag;
1795 			__le16 len;
1796 			u16 aid;
1797 			u8 ch_band;
1798 			u8 bw;
1799 			u8 control_ch;
1800 			u8 sco;
1801 			u8 center_ch;
1802 			u8 center_ch2;
1803 			u8 drop_err;
1804 			u8 pad[3];
1805 		} __packed tlv;
1806 	} __packed req = {
1807 		.hdr = {
1808 			.band_idx = vif->mt76.band_idx,
1809 		},
1810 		.tlv = {
1811 			.tag = cpu_to_le16(UNI_SNIFFER_CONFIG),
1812 			.len = cpu_to_le16(sizeof(req.tlv)),
1813 			.control_ch = chandef->chan->hw_value,
1814 			.center_ch = ieee80211_frequency_to_channel(freq1),
1815 			.drop_err = 1,
1816 		},
1817 	};
1818 
1819 	if (chandef->chan->band < ARRAY_SIZE(ch_band))
1820 		req.tlv.ch_band = ch_band[chandef->chan->band];
1821 	if (chandef->width < ARRAY_SIZE(ch_width))
1822 		req.tlv.bw = ch_width[chandef->width];
1823 
1824 	if (freq2)
1825 		req.tlv.center_ch2 = ieee80211_frequency_to_channel(freq2);
1826 
1827 	if (req.tlv.control_ch < req.tlv.center_ch)
1828 		req.tlv.sco = 1; /* SCA */
1829 	else if (req.tlv.control_ch > req.tlv.center_ch)
1830 		req.tlv.sco = 3; /* SCB */
1831 
1832 	return mt76_mcu_send_msg(mphy->dev, MCU_UNI_CMD(SNIFFER),
1833 				 &req, sizeof(req), true);
1834 }
1835 
1836 int
1837 mt7925_mcu_uni_add_beacon_offload(struct mt792x_dev *dev,
1838 				  struct ieee80211_hw *hw,
1839 				  struct ieee80211_vif *vif,
1840 				  bool enable)
1841 {
1842 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1843 	struct ieee80211_mutable_offsets offs;
1844 	struct {
1845 		struct req_hdr {
1846 			u8 bss_idx;
1847 			u8 pad[3];
1848 		} __packed hdr;
1849 		struct bcn_content_tlv {
1850 			__le16 tag;
1851 			__le16 len;
1852 			__le16 tim_ie_pos;
1853 			__le16 csa_ie_pos;
1854 			__le16 bcc_ie_pos;
1855 			/* 0: disable beacon offload
1856 			 * 1: enable beacon offload
1857 			 * 2: update probe respond offload
1858 			 */
1859 			u8 enable;
1860 			/* 0: legacy format (TXD + payload)
1861 			 * 1: only cap field IE
1862 			 */
1863 			u8 type;
1864 			__le16 pkt_len;
1865 			u8 pkt[512];
1866 		} __packed beacon_tlv;
1867 	} req = {
1868 		.hdr = {
1869 			.bss_idx = mvif->mt76.idx,
1870 		},
1871 		.beacon_tlv = {
1872 			.tag = cpu_to_le16(UNI_BSS_INFO_BCN_CONTENT),
1873 			.len = cpu_to_le16(sizeof(struct bcn_content_tlv)),
1874 			.enable = enable,
1875 			.type = 1,
1876 		},
1877 	};
1878 	struct sk_buff *skb;
1879 	u8 cap_offs;
1880 
1881 	/* support enable/update process only
1882 	 * disable flow would be handled in bss stop handler automatically
1883 	 */
1884 	if (!enable)
1885 		return -EOPNOTSUPP;
1886 
1887 	skb = ieee80211_beacon_get_template(mt76_hw(dev), vif, &offs, 0);
1888 	if (!skb)
1889 		return -EINVAL;
1890 
1891 	cap_offs = offsetof(struct ieee80211_mgmt, u.beacon.capab_info);
1892 	if (!skb_pull(skb, cap_offs)) {
1893 		dev_err(dev->mt76.dev, "beacon format err\n");
1894 		dev_kfree_skb(skb);
1895 		return -EINVAL;
1896 	}
1897 
1898 	if (skb->len > 512) {
1899 		dev_err(dev->mt76.dev, "beacon size limit exceed\n");
1900 		dev_kfree_skb(skb);
1901 		return -EINVAL;
1902 	}
1903 
1904 	memcpy(req.beacon_tlv.pkt, skb->data, skb->len);
1905 	req.beacon_tlv.pkt_len = cpu_to_le16(skb->len);
1906 	offs.tim_offset -= cap_offs;
1907 	req.beacon_tlv.tim_ie_pos = cpu_to_le16(offs.tim_offset);
1908 
1909 	if (offs.cntdwn_counter_offs[0]) {
1910 		u16 csa_offs;
1911 
1912 		csa_offs = offs.cntdwn_counter_offs[0] - cap_offs - 4;
1913 		req.beacon_tlv.csa_ie_pos = cpu_to_le16(csa_offs);
1914 	}
1915 	dev_kfree_skb(skb);
1916 
1917 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1918 				 &req, sizeof(req), true);
1919 }
1920 
1921 int mt7925_mcu_set_chctx(struct mt76_phy *phy, struct mt76_vif *mvif,
1922 			 struct ieee80211_chanctx_conf *ctx)
1923 {
1924 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def : &phy->chandef;
1925 	int freq1 = chandef->center_freq1, freq2 = chandef->center_freq2;
1926 	enum nl80211_band band = chandef->chan->band;
1927 	struct mt76_dev *mdev = phy->dev;
1928 	struct {
1929 		struct {
1930 			u8 bss_idx;
1931 			u8 pad[3];
1932 		} __packed hdr;
1933 		struct rlm_tlv {
1934 			__le16 tag;
1935 			__le16 len;
1936 			u8 control_channel;
1937 			u8 center_chan;
1938 			u8 center_chan2;
1939 			u8 bw;
1940 			u8 tx_streams;
1941 			u8 rx_streams;
1942 			u8 ht_op_info;
1943 			u8 sco;
1944 			u8 band;
1945 			u8 pad[3];
1946 		} __packed rlm;
1947 	} __packed rlm_req = {
1948 		.hdr = {
1949 			.bss_idx = mvif->idx,
1950 		},
1951 		.rlm = {
1952 			.tag = cpu_to_le16(UNI_BSS_INFO_RLM),
1953 			.len = cpu_to_le16(sizeof(struct rlm_tlv)),
1954 			.control_channel = chandef->chan->hw_value,
1955 			.center_chan = ieee80211_frequency_to_channel(freq1),
1956 			.center_chan2 = ieee80211_frequency_to_channel(freq2),
1957 			.tx_streams = hweight8(phy->antenna_mask),
1958 			.ht_op_info = 4, /* set HT 40M allowed */
1959 			.rx_streams = hweight8(phy->antenna_mask),
1960 			.band = band,
1961 		},
1962 	};
1963 
1964 	switch (chandef->width) {
1965 	case NL80211_CHAN_WIDTH_40:
1966 		rlm_req.rlm.bw = CMD_CBW_40MHZ;
1967 		break;
1968 	case NL80211_CHAN_WIDTH_80:
1969 		rlm_req.rlm.bw = CMD_CBW_80MHZ;
1970 		break;
1971 	case NL80211_CHAN_WIDTH_80P80:
1972 		rlm_req.rlm.bw = CMD_CBW_8080MHZ;
1973 		break;
1974 	case NL80211_CHAN_WIDTH_160:
1975 		rlm_req.rlm.bw = CMD_CBW_160MHZ;
1976 		break;
1977 	case NL80211_CHAN_WIDTH_5:
1978 		rlm_req.rlm.bw = CMD_CBW_5MHZ;
1979 		break;
1980 	case NL80211_CHAN_WIDTH_10:
1981 		rlm_req.rlm.bw = CMD_CBW_10MHZ;
1982 		break;
1983 	case NL80211_CHAN_WIDTH_20_NOHT:
1984 	case NL80211_CHAN_WIDTH_20:
1985 	default:
1986 		rlm_req.rlm.bw = CMD_CBW_20MHZ;
1987 		rlm_req.rlm.ht_op_info = 0;
1988 		break;
1989 	}
1990 
1991 	if (rlm_req.rlm.control_channel < rlm_req.rlm.center_chan)
1992 		rlm_req.rlm.sco = 1; /* SCA */
1993 	else if (rlm_req.rlm.control_channel > rlm_req.rlm.center_chan)
1994 		rlm_req.rlm.sco = 3; /* SCB */
1995 
1996 	return mt76_mcu_send_msg(mdev, MCU_UNI_CMD(BSS_INFO_UPDATE), &rlm_req,
1997 				 sizeof(rlm_req), true);
1998 }
1999 
2000 static struct sk_buff *
2001 __mt7925_mcu_alloc_bss_req(struct mt76_dev *dev, struct mt76_vif *mvif, int len)
2002 {
2003 	struct bss_req_hdr hdr = {
2004 		.bss_idx = mvif->idx,
2005 	};
2006 	struct sk_buff *skb;
2007 
2008 	skb = mt76_mcu_msg_alloc(dev, NULL, len);
2009 	if (!skb)
2010 		return ERR_PTR(-ENOMEM);
2011 
2012 	skb_put_data(skb, &hdr, sizeof(hdr));
2013 
2014 	return skb;
2015 }
2016 
2017 static u8
2018 mt7925_get_phy_mode_ext(struct mt76_phy *phy, struct ieee80211_vif *vif,
2019 			enum nl80211_band band, struct ieee80211_sta *sta)
2020 {
2021 	struct ieee80211_he_6ghz_capa *he_6ghz_capa;
2022 	const struct ieee80211_sta_eht_cap *eht_cap;
2023 	__le16 capa = 0;
2024 	u8 mode = 0;
2025 
2026 	if (sta) {
2027 		he_6ghz_capa = &sta->deflink.he_6ghz_capa;
2028 		eht_cap = &sta->deflink.eht_cap;
2029 	} else {
2030 		struct ieee80211_supported_band *sband;
2031 
2032 		sband = phy->hw->wiphy->bands[band];
2033 		capa = ieee80211_get_he_6ghz_capa(sband, vif->type);
2034 		he_6ghz_capa = (struct ieee80211_he_6ghz_capa *)&capa;
2035 
2036 		eht_cap = ieee80211_get_eht_iftype_cap(sband, vif->type);
2037 	}
2038 
2039 	switch (band) {
2040 	case NL80211_BAND_2GHZ:
2041 		if (eht_cap && eht_cap->has_eht)
2042 			mode |= PHY_MODE_BE_24G;
2043 		break;
2044 	case NL80211_BAND_5GHZ:
2045 		if (eht_cap && eht_cap->has_eht)
2046 			mode |= PHY_MODE_BE_5G;
2047 		break;
2048 	case NL80211_BAND_6GHZ:
2049 		if (he_6ghz_capa && he_6ghz_capa->capa)
2050 			mode |= PHY_MODE_AX_6G;
2051 
2052 		if (eht_cap && eht_cap->has_eht)
2053 			mode |= PHY_MODE_BE_6G;
2054 		break;
2055 	default:
2056 		break;
2057 	}
2058 
2059 	return mode;
2060 }
2061 
2062 static void
2063 mt7925_mcu_bss_basic_tlv(struct sk_buff *skb,
2064 			 struct ieee80211_vif *vif,
2065 			 struct ieee80211_sta *sta,
2066 			 struct ieee80211_chanctx_conf *ctx,
2067 			 struct mt76_phy *phy, u16 wlan_idx,
2068 			 bool enable)
2069 {
2070 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
2071 	struct mt792x_sta *msta = sta ? (struct mt792x_sta *)sta->drv_priv :
2072 				  &mvif->sta;
2073 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def : &phy->chandef;
2074 	enum nl80211_band band = chandef->chan->band;
2075 	struct mt76_connac_bss_basic_tlv *basic_req;
2076 	struct tlv *tlv;
2077 	int conn_type;
2078 	u8 idx;
2079 
2080 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_BASIC, sizeof(*basic_req));
2081 	basic_req = (struct mt76_connac_bss_basic_tlv *)tlv;
2082 
2083 	idx = mvif->mt76.omac_idx > EXT_BSSID_START ? HW_BSSID_0 :
2084 						      mvif->mt76.omac_idx;
2085 	basic_req->hw_bss_idx = idx;
2086 
2087 	basic_req->phymode_ext = mt7925_get_phy_mode_ext(phy, vif, band, sta);
2088 
2089 	if (band == NL80211_BAND_2GHZ)
2090 		basic_req->nonht_basic_phy = cpu_to_le16(PHY_TYPE_ERP_INDEX);
2091 	else
2092 		basic_req->nonht_basic_phy = cpu_to_le16(PHY_TYPE_OFDM_INDEX);
2093 
2094 	memcpy(basic_req->bssid, vif->bss_conf.bssid, ETH_ALEN);
2095 	basic_req->phymode = mt76_connac_get_phy_mode(phy, vif, band, sta);
2096 	basic_req->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
2097 	basic_req->dtim_period = vif->bss_conf.dtim_period;
2098 	basic_req->bmc_tx_wlan_idx = cpu_to_le16(wlan_idx);
2099 	basic_req->sta_idx = cpu_to_le16(msta->wcid.idx);
2100 	basic_req->omac_idx = mvif->mt76.omac_idx;
2101 	basic_req->band_idx = mvif->mt76.band_idx;
2102 	basic_req->wmm_idx = mvif->mt76.wmm_idx;
2103 	basic_req->conn_state = !enable;
2104 
2105 	switch (vif->type) {
2106 	case NL80211_IFTYPE_MESH_POINT:
2107 	case NL80211_IFTYPE_AP:
2108 		if (vif->p2p)
2109 			conn_type = CONNECTION_P2P_GO;
2110 		else
2111 			conn_type = CONNECTION_INFRA_AP;
2112 		basic_req->conn_type = cpu_to_le32(conn_type);
2113 		basic_req->active = enable;
2114 		break;
2115 	case NL80211_IFTYPE_STATION:
2116 		if (vif->p2p)
2117 			conn_type = CONNECTION_P2P_GC;
2118 		else
2119 			conn_type = CONNECTION_INFRA_STA;
2120 		basic_req->conn_type = cpu_to_le32(conn_type);
2121 		basic_req->active = true;
2122 		break;
2123 	case NL80211_IFTYPE_ADHOC:
2124 		basic_req->conn_type = cpu_to_le32(CONNECTION_IBSS_ADHOC);
2125 		basic_req->active = true;
2126 		break;
2127 	default:
2128 		WARN_ON(1);
2129 		break;
2130 	}
2131 }
2132 
2133 static void
2134 mt7925_mcu_bss_sec_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
2135 {
2136 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2137 	struct bss_sec_tlv {
2138 		__le16 tag;
2139 		__le16 len;
2140 		u8 mode;
2141 		u8 status;
2142 		u8 cipher;
2143 		u8 __rsv;
2144 	} __packed * sec;
2145 	struct tlv *tlv;
2146 
2147 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_SEC, sizeof(*sec));
2148 	sec = (struct bss_sec_tlv *)tlv;
2149 
2150 	switch (mvif->cipher) {
2151 	case CONNAC3_CIPHER_GCMP_256:
2152 	case CONNAC3_CIPHER_GCMP:
2153 		sec->mode = MODE_WPA3_SAE;
2154 		sec->status = 8;
2155 		break;
2156 	case CONNAC3_CIPHER_AES_CCMP:
2157 		sec->mode = MODE_WPA2_PSK;
2158 		sec->status = 6;
2159 		break;
2160 	case CONNAC3_CIPHER_TKIP:
2161 		sec->mode = MODE_WPA2_PSK;
2162 		sec->status = 4;
2163 		break;
2164 	case CONNAC3_CIPHER_WEP104:
2165 	case CONNAC3_CIPHER_WEP40:
2166 		sec->mode = MODE_SHARED;
2167 		sec->status = 0;
2168 		break;
2169 	default:
2170 		sec->mode = MODE_OPEN;
2171 		sec->status = 1;
2172 		break;
2173 	}
2174 
2175 	sec->cipher = mvif->cipher;
2176 }
2177 
2178 static void
2179 mt7925_mcu_bss_bmc_tlv(struct sk_buff *skb, struct mt792x_phy *phy,
2180 		       struct ieee80211_chanctx_conf *ctx,
2181 			   struct ieee80211_vif *vif,
2182 			   struct ieee80211_sta *sta)
2183 {
2184 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def : &phy->mt76->chandef;
2185 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2186 	enum nl80211_band band = chandef->chan->band;
2187 	struct bss_rate_tlv *bmc;
2188 	struct tlv *tlv;
2189 	u8 idx = mvif->mcast_rates_idx ?
2190 		 mvif->mcast_rates_idx : mvif->basic_rates_idx;
2191 
2192 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_RATE, sizeof(*bmc));
2193 
2194 	bmc = (struct bss_rate_tlv *)tlv;
2195 
2196 	if (band == NL80211_BAND_2GHZ)
2197 		bmc->basic_rate = cpu_to_le16(HR_DSSS_ERP_BASIC_RATE);
2198 	else
2199 		bmc->basic_rate = cpu_to_le16(OFDM_BASIC_RATE);
2200 
2201 	bmc->short_preamble = (band == NL80211_BAND_2GHZ);
2202 	bmc->bc_fixed_rate = idx;
2203 	bmc->mc_fixed_rate = idx;
2204 }
2205 
2206 static void
2207 mt7925_mcu_bss_mld_tlv(struct sk_buff *skb,
2208 		       struct ieee80211_vif *vif,
2209 		       struct ieee80211_sta *sta)
2210 {
2211 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
2212 	bool is_mld = ieee80211_vif_is_mld(vif);
2213 	struct bss_mld_tlv *mld;
2214 	struct tlv *tlv;
2215 
2216 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_MLD, sizeof(*mld));
2217 	mld = (struct bss_mld_tlv *)tlv;
2218 
2219 	mld->link_id = sta ? (is_mld ? vif->bss_conf.link_id : 0) : 0xff;
2220 	mld->group_mld_id = is_mld ? mvif->mt76.idx : 0xff;
2221 	mld->own_mld_id = mvif->mt76.idx + 32;
2222 	mld->remap_idx = 0xff;
2223 
2224 	if (sta)
2225 		memcpy(mld->mac_addr, sta->addr, ETH_ALEN);
2226 }
2227 
2228 static void
2229 mt7925_mcu_bss_qos_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
2230 {
2231 	struct mt76_connac_bss_qos_tlv *qos;
2232 	struct tlv *tlv;
2233 
2234 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_QBSS, sizeof(*qos));
2235 	qos = (struct mt76_connac_bss_qos_tlv *)tlv;
2236 	qos->qos = vif->bss_conf.qos;
2237 }
2238 
2239 static void
2240 mt7925_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
2241 		      struct mt792x_phy *phy)
2242 {
2243 #define DEFAULT_HE_PE_DURATION		4
2244 #define DEFAULT_HE_DURATION_RTS_THRES	1023
2245 	const struct ieee80211_sta_he_cap *cap;
2246 	struct bss_info_uni_he *he;
2247 	struct tlv *tlv;
2248 
2249 	cap = mt76_connac_get_he_phy_cap(phy->mt76, vif);
2250 
2251 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_HE_BASIC, sizeof(*he));
2252 
2253 	he = (struct bss_info_uni_he *)tlv;
2254 	he->he_pe_duration = vif->bss_conf.htc_trig_based_pkt_ext;
2255 	if (!he->he_pe_duration)
2256 		he->he_pe_duration = DEFAULT_HE_PE_DURATION;
2257 
2258 	he->he_rts_thres = cpu_to_le16(vif->bss_conf.frame_time_rts_th);
2259 	if (!he->he_rts_thres)
2260 		he->he_rts_thres = cpu_to_le16(DEFAULT_HE_DURATION_RTS_THRES);
2261 
2262 	he->max_nss_mcs[CMD_HE_MCS_BW80] = cap->he_mcs_nss_supp.tx_mcs_80;
2263 	he->max_nss_mcs[CMD_HE_MCS_BW160] = cap->he_mcs_nss_supp.tx_mcs_160;
2264 	he->max_nss_mcs[CMD_HE_MCS_BW8080] = cap->he_mcs_nss_supp.tx_mcs_80p80;
2265 }
2266 
2267 static void
2268 mt7925_mcu_bss_color_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
2269 			 bool enable)
2270 {
2271 	struct bss_info_uni_bss_color *color;
2272 	struct tlv *tlv;
2273 
2274 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_BSS_COLOR, sizeof(*color));
2275 	color = (struct bss_info_uni_bss_color *)tlv;
2276 
2277 	color->enable = enable ?
2278 		vif->bss_conf.he_bss_color.enabled : 0;
2279 	color->bss_color = enable ?
2280 		vif->bss_conf.he_bss_color.color : 0;
2281 }
2282 
2283 static void
2284 mt7925_mcu_bss_ifs_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
2285 {
2286 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
2287 	struct mt792x_phy *phy = mvif->phy;
2288 	struct bss_ifs_time_tlv *ifs_time;
2289 	struct tlv *tlv;
2290 
2291 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_IFS_TIME, sizeof(*ifs_time));
2292 	ifs_time = (struct bss_ifs_time_tlv *)tlv;
2293 	ifs_time->slot_valid = true;
2294 	ifs_time->slot_time = cpu_to_le16(phy->slottime);
2295 }
2296 
2297 int mt7925_mcu_set_timing(struct mt792x_phy *phy,
2298 			  struct ieee80211_vif *vif)
2299 {
2300 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
2301 	struct mt792x_dev *dev = phy->dev;
2302 	struct sk_buff *skb;
2303 
2304 	skb = __mt7925_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76,
2305 					 MT7925_BSS_UPDATE_MAX_SIZE);
2306 	if (IS_ERR(skb))
2307 		return PTR_ERR(skb);
2308 
2309 	mt7925_mcu_bss_ifs_tlv(skb, vif);
2310 
2311 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2312 				     MCU_UNI_CMD(BSS_INFO_UPDATE), true);
2313 }
2314 
2315 int mt7925_mcu_add_bss_info(struct mt792x_phy *phy,
2316 			    struct ieee80211_chanctx_conf *ctx,
2317 			    struct ieee80211_vif *vif,
2318 			    struct ieee80211_sta *sta,
2319 			    int enable)
2320 {
2321 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
2322 	struct mt792x_dev *dev = phy->dev;
2323 	struct sk_buff *skb;
2324 	int err;
2325 
2326 	skb = __mt7925_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76,
2327 					 MT7925_BSS_UPDATE_MAX_SIZE);
2328 	if (IS_ERR(skb))
2329 		return PTR_ERR(skb);
2330 
2331 	/* bss_basic must be first */
2332 	mt7925_mcu_bss_basic_tlv(skb, vif, sta, ctx, phy->mt76,
2333 				 mvif->sta.wcid.idx, enable);
2334 	mt7925_mcu_bss_sec_tlv(skb, vif);
2335 
2336 	mt7925_mcu_bss_bmc_tlv(skb, phy, ctx, vif, sta);
2337 	mt7925_mcu_bss_qos_tlv(skb, vif);
2338 	mt7925_mcu_bss_mld_tlv(skb, vif, sta);
2339 	mt7925_mcu_bss_ifs_tlv(skb, vif);
2340 
2341 	if (vif->bss_conf.he_support) {
2342 		mt7925_mcu_bss_he_tlv(skb, vif, phy);
2343 		mt7925_mcu_bss_color_tlv(skb, vif, enable);
2344 	}
2345 
2346 	err = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2347 				    MCU_UNI_CMD(BSS_INFO_UPDATE), true);
2348 	if (err < 0)
2349 		return err;
2350 
2351 	return mt7925_mcu_set_chctx(phy->mt76, &mvif->mt76, ctx);
2352 }
2353 
2354 int mt7925_mcu_set_dbdc(struct mt76_phy *phy)
2355 {
2356 	struct mt76_dev *mdev = phy->dev;
2357 
2358 	struct mbmc_conf_tlv *conf;
2359 	struct mbmc_set_req *hdr;
2360 	struct sk_buff *skb;
2361 	struct tlv *tlv;
2362 	int max_len, err;
2363 
2364 	max_len = sizeof(*hdr) + sizeof(*conf);
2365 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2366 	if (!skb)
2367 		return -ENOMEM;
2368 
2369 	hdr = (struct mbmc_set_req *)skb_put(skb, sizeof(*hdr));
2370 
2371 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_MBMC_SETTING, sizeof(*conf));
2372 	conf = (struct mbmc_conf_tlv *)tlv;
2373 
2374 	conf->mbmc_en = 1;
2375 	conf->band = 0; /* unused */
2376 
2377 	err = mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SET_DBDC_PARMS),
2378 				    false);
2379 
2380 	return err;
2381 }
2382 
2383 #define MT76_CONNAC_SCAN_CHANNEL_TIME		60
2384 
2385 int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif,
2386 		       struct ieee80211_scan_request *scan_req)
2387 {
2388 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2389 	struct cfg80211_scan_request *sreq = &scan_req->req;
2390 	int n_ssids = 0, err, i, duration;
2391 	struct ieee80211_channel **scan_list = sreq->channels;
2392 	struct mt76_dev *mdev = phy->dev;
2393 	struct mt76_connac_mcu_scan_channel *chan;
2394 	struct sk_buff *skb;
2395 
2396 	struct scan_hdr_tlv *hdr;
2397 	struct scan_req_tlv *req;
2398 	struct scan_ssid_tlv *ssid;
2399 	struct scan_bssid_tlv *bssid;
2400 	struct scan_chan_info_tlv *chan_info;
2401 	struct scan_ie_tlv *ie;
2402 	struct scan_misc_tlv *misc;
2403 	struct tlv *tlv;
2404 	int max_len;
2405 
2406 	max_len = sizeof(*hdr) + sizeof(*req) + sizeof(*ssid) +
2407 				sizeof(*bssid) + sizeof(*chan_info) +
2408 				sizeof(*misc) + sizeof(*ie);
2409 
2410 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2411 	if (!skb)
2412 		return -ENOMEM;
2413 
2414 	set_bit(MT76_HW_SCANNING, &phy->state);
2415 	mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
2416 
2417 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
2418 	hdr->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
2419 	hdr->bss_idx = mvif->idx;
2420 
2421 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_REQ, sizeof(*req));
2422 	req = (struct scan_req_tlv *)tlv;
2423 	req->scan_type = sreq->n_ssids ? 1 : 0;
2424 	req->probe_req_num = sreq->n_ssids ? 2 : 0;
2425 
2426 	duration = MT76_CONNAC_SCAN_CHANNEL_TIME;
2427 	/* increase channel time for passive scan */
2428 	if (!sreq->n_ssids)
2429 		duration *= 2;
2430 	req->timeout_value = cpu_to_le16(sreq->n_channels * duration);
2431 	req->channel_min_dwell_time = cpu_to_le16(duration);
2432 	req->channel_dwell_time = cpu_to_le16(duration);
2433 
2434 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID, sizeof(*ssid));
2435 	ssid = (struct scan_ssid_tlv *)tlv;
2436 	for (i = 0; i < sreq->n_ssids; i++) {
2437 		if (!sreq->ssids[i].ssid_len)
2438 			continue;
2439 
2440 		ssid->ssids[i].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len);
2441 		memcpy(ssid->ssids[i].ssid, sreq->ssids[i].ssid,
2442 		       sreq->ssids[i].ssid_len);
2443 		n_ssids++;
2444 	}
2445 	ssid->ssid_type = n_ssids ? BIT(2) : BIT(0);
2446 	ssid->ssids_num = n_ssids;
2447 
2448 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_BSSID, sizeof(*bssid));
2449 	bssid = (struct scan_bssid_tlv *)tlv;
2450 
2451 	memcpy(bssid->bssid, sreq->bssid, ETH_ALEN);
2452 
2453 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_CHANNEL, sizeof(*chan_info));
2454 	chan_info = (struct scan_chan_info_tlv *)tlv;
2455 	chan_info->channels_num = min_t(u8, sreq->n_channels,
2456 					ARRAY_SIZE(chan_info->channels));
2457 	for (i = 0; i < chan_info->channels_num; i++) {
2458 		chan = &chan_info->channels[i];
2459 
2460 		switch (scan_list[i]->band) {
2461 		case NL80211_BAND_2GHZ:
2462 			chan->band = 1;
2463 			break;
2464 		case NL80211_BAND_6GHZ:
2465 			chan->band = 3;
2466 			break;
2467 		default:
2468 			chan->band = 2;
2469 			break;
2470 		}
2471 		chan->channel_num = scan_list[i]->hw_value;
2472 	}
2473 	chan_info->channel_type = sreq->n_channels ? 4 : 0;
2474 
2475 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie));
2476 	ie = (struct scan_ie_tlv *)tlv;
2477 	if (sreq->ie_len > 0) {
2478 		memcpy(ie->ies, sreq->ie, sreq->ie_len);
2479 		ie->ies_len = cpu_to_le16(sreq->ie_len);
2480 	}
2481 
2482 	req->scan_func |= SCAN_FUNC_SPLIT_SCAN;
2483 
2484 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_MISC, sizeof(*misc));
2485 	misc = (struct scan_misc_tlv *)tlv;
2486 	if (sreq->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
2487 		get_random_mask_addr(misc->random_mac, sreq->mac_addr,
2488 				     sreq->mac_addr_mask);
2489 		req->scan_func |= SCAN_FUNC_RANDOM_MAC;
2490 	}
2491 
2492 	err = mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
2493 				    false);
2494 	if (err < 0)
2495 		clear_bit(MT76_HW_SCANNING, &phy->state);
2496 
2497 	return err;
2498 }
2499 EXPORT_SYMBOL_GPL(mt7925_mcu_hw_scan);
2500 
2501 int mt7925_mcu_sched_scan_req(struct mt76_phy *phy,
2502 			      struct ieee80211_vif *vif,
2503 			      struct cfg80211_sched_scan_request *sreq)
2504 {
2505 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2506 	struct ieee80211_channel **scan_list = sreq->channels;
2507 	struct mt76_connac_mcu_scan_channel *chan;
2508 	struct mt76_dev *mdev = phy->dev;
2509 	struct cfg80211_match_set *cfg_match;
2510 	struct cfg80211_ssid *cfg_ssid;
2511 
2512 	struct scan_hdr_tlv *hdr;
2513 	struct scan_sched_req *req;
2514 	struct scan_ssid_tlv *ssid;
2515 	struct scan_chan_info_tlv *chan_info;
2516 	struct scan_ie_tlv *ie;
2517 	struct scan_sched_ssid_match_sets *match;
2518 	struct sk_buff *skb;
2519 	struct tlv *tlv;
2520 	int i, max_len;
2521 
2522 	max_len = sizeof(*hdr) + sizeof(*req) + sizeof(*ssid) +
2523 		  sizeof(*chan_info) + sizeof(*ie) +
2524 		  sizeof(*match);
2525 
2526 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2527 	if (!skb)
2528 		return -ENOMEM;
2529 
2530 	mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
2531 
2532 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
2533 	hdr->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
2534 	hdr->bss_idx = mvif->idx;
2535 
2536 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SCHED_REQ, sizeof(*req));
2537 	req = (struct scan_sched_req *)tlv;
2538 	req->version = 1;
2539 
2540 	if (sreq->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
2541 		req->scan_func |= SCAN_FUNC_RANDOM_MAC;
2542 
2543 	req->intervals_num = sreq->n_scan_plans;
2544 	for (i = 0; i < req->intervals_num; i++)
2545 		req->intervals[i] = cpu_to_le16(sreq->scan_plans[i].interval);
2546 
2547 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID, sizeof(*ssid));
2548 	ssid = (struct scan_ssid_tlv *)tlv;
2549 
2550 	ssid->ssids_num = sreq->n_ssids;
2551 	ssid->ssid_type = BIT(2);
2552 	for (i = 0; i < ssid->ssids_num; i++) {
2553 		cfg_ssid = &sreq->ssids[i];
2554 		memcpy(ssid->ssids[i].ssid, cfg_ssid->ssid, cfg_ssid->ssid_len);
2555 		ssid->ssids[i].ssid_len = cpu_to_le32(cfg_ssid->ssid_len);
2556 	}
2557 
2558 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID_MATCH_SETS, sizeof(*match));
2559 	match = (struct scan_sched_ssid_match_sets *)tlv;
2560 	match->match_num = sreq->n_match_sets;
2561 	for (i = 0; i < match->match_num; i++) {
2562 		cfg_match = &sreq->match_sets[i];
2563 		memcpy(match->match[i].ssid, cfg_match->ssid.ssid,
2564 		       cfg_match->ssid.ssid_len);
2565 		match->match[i].rssi_th = cpu_to_le32(cfg_match->rssi_thold);
2566 		match->match[i].ssid_len = cfg_match->ssid.ssid_len;
2567 	}
2568 
2569 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_CHANNEL, sizeof(*chan_info));
2570 	chan_info = (struct scan_chan_info_tlv *)tlv;
2571 	chan_info->channels_num = min_t(u8, sreq->n_channels,
2572 					ARRAY_SIZE(chan_info->channels));
2573 	for (i = 0; i < chan_info->channels_num; i++) {
2574 		chan = &chan_info->channels[i];
2575 
2576 		switch (scan_list[i]->band) {
2577 		case NL80211_BAND_2GHZ:
2578 			chan->band = 1;
2579 			break;
2580 		case NL80211_BAND_6GHZ:
2581 			chan->band = 3;
2582 			break;
2583 		default:
2584 			chan->band = 2;
2585 			break;
2586 		}
2587 		chan->channel_num = scan_list[i]->hw_value;
2588 	}
2589 	chan_info->channel_type = sreq->n_channels ? 4 : 0;
2590 
2591 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie));
2592 	ie = (struct scan_ie_tlv *)tlv;
2593 	if (sreq->ie_len > 0) {
2594 		memcpy(ie->ies, sreq->ie, sreq->ie_len);
2595 		ie->ies_len = cpu_to_le16(sreq->ie_len);
2596 	}
2597 
2598 	return mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
2599 				     false);
2600 }
2601 EXPORT_SYMBOL_GPL(mt7925_mcu_sched_scan_req);
2602 
2603 int
2604 mt7925_mcu_sched_scan_enable(struct mt76_phy *phy,
2605 			     struct ieee80211_vif *vif,
2606 			     bool enable)
2607 {
2608 	struct mt76_dev *mdev = phy->dev;
2609 	struct scan_sched_enable *req;
2610 	struct scan_hdr_tlv *hdr;
2611 	struct sk_buff *skb;
2612 	struct tlv *tlv;
2613 	int max_len;
2614 
2615 	max_len = sizeof(*hdr) + sizeof(*req);
2616 
2617 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2618 	if (!skb)
2619 		return -ENOMEM;
2620 
2621 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
2622 	hdr->seq_num = 0;
2623 	hdr->bss_idx = 0;
2624 
2625 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SCHED_ENABLE, sizeof(*req));
2626 	req = (struct scan_sched_enable *)tlv;
2627 	req->active = !enable;
2628 
2629 	if (enable)
2630 		set_bit(MT76_HW_SCHED_SCANNING, &phy->state);
2631 	else
2632 		clear_bit(MT76_HW_SCHED_SCANNING, &phy->state);
2633 
2634 	return mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
2635 				     false);
2636 }
2637 
2638 int mt7925_mcu_cancel_hw_scan(struct mt76_phy *phy,
2639 			      struct ieee80211_vif *vif)
2640 {
2641 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2642 	struct {
2643 		struct scan_hdr {
2644 			u8 seq_num;
2645 			u8 bss_idx;
2646 			u8 pad[2];
2647 		} __packed hdr;
2648 		struct scan_cancel_tlv {
2649 			__le16 tag;
2650 			__le16 len;
2651 			u8 is_ext_channel;
2652 			u8 rsv[3];
2653 		} __packed cancel;
2654 	} req = {
2655 		.hdr = {
2656 			.seq_num = mvif->scan_seq_num,
2657 			.bss_idx = mvif->idx,
2658 		},
2659 		.cancel = {
2660 			.tag = cpu_to_le16(UNI_SCAN_CANCEL),
2661 			.len = cpu_to_le16(sizeof(struct scan_cancel_tlv)),
2662 		},
2663 	};
2664 
2665 	if (test_and_clear_bit(MT76_HW_SCANNING, &phy->state)) {
2666 		struct cfg80211_scan_info info = {
2667 			.aborted = true,
2668 		};
2669 
2670 		ieee80211_scan_completed(phy->hw, &info);
2671 	}
2672 
2673 	return mt76_mcu_send_msg(phy->dev, MCU_UNI_CMD(SCAN_REQ),
2674 				 &req, sizeof(req), false);
2675 }
2676 EXPORT_SYMBOL_GPL(mt7925_mcu_cancel_hw_scan);
2677 
2678 int mt7925_mcu_set_channel_domain(struct mt76_phy *phy)
2679 {
2680 	int len, i, n_max_channels, n_2ch = 0, n_5ch = 0, n_6ch = 0;
2681 	struct {
2682 		struct {
2683 			u8 alpha2[4]; /* regulatory_request.alpha2 */
2684 			u8 bw_2g; /* BW_20_40M		0
2685 				   * BW_20M		1
2686 				   * BW_20_40_80M	2
2687 				   * BW_20_40_80_160M	3
2688 				   * BW_20_40_80_8080M	4
2689 				   */
2690 			u8 bw_5g;
2691 			u8 bw_6g;
2692 			u8 pad;
2693 		} __packed hdr;
2694 		struct n_chan {
2695 			__le16 tag;
2696 			__le16 len;
2697 			u8 n_2ch;
2698 			u8 n_5ch;
2699 			u8 n_6ch;
2700 			u8 pad;
2701 		} __packed n_ch;
2702 	} req = {
2703 		.hdr = {
2704 			.bw_2g = 0,
2705 			.bw_5g = 3, /* BW_20_40_80_160M */
2706 			.bw_6g = 3,
2707 		},
2708 		.n_ch = {
2709 			.tag = cpu_to_le16(2),
2710 		},
2711 	};
2712 	struct mt76_connac_mcu_chan {
2713 		__le16 hw_value;
2714 		__le16 pad;
2715 		__le32 flags;
2716 	} __packed channel;
2717 	struct mt76_dev *dev = phy->dev;
2718 	struct ieee80211_channel *chan;
2719 	struct sk_buff *skb;
2720 
2721 	n_max_channels = phy->sband_2g.sband.n_channels +
2722 			 phy->sband_5g.sband.n_channels +
2723 			 phy->sband_6g.sband.n_channels;
2724 	len = sizeof(req) + n_max_channels * sizeof(channel);
2725 
2726 	skb = mt76_mcu_msg_alloc(dev, NULL, len);
2727 	if (!skb)
2728 		return -ENOMEM;
2729 
2730 	skb_reserve(skb, sizeof(req));
2731 
2732 	for (i = 0; i < phy->sband_2g.sband.n_channels; i++) {
2733 		chan = &phy->sband_2g.sband.channels[i];
2734 		if (chan->flags & IEEE80211_CHAN_DISABLED)
2735 			continue;
2736 
2737 		channel.hw_value = cpu_to_le16(chan->hw_value);
2738 		channel.flags = cpu_to_le32(chan->flags);
2739 		channel.pad = 0;
2740 
2741 		skb_put_data(skb, &channel, sizeof(channel));
2742 		n_2ch++;
2743 	}
2744 	for (i = 0; i < phy->sband_5g.sband.n_channels; i++) {
2745 		chan = &phy->sband_5g.sband.channels[i];
2746 		if (chan->flags & IEEE80211_CHAN_DISABLED)
2747 			continue;
2748 
2749 		channel.hw_value = cpu_to_le16(chan->hw_value);
2750 		channel.flags = cpu_to_le32(chan->flags);
2751 		channel.pad = 0;
2752 
2753 		skb_put_data(skb, &channel, sizeof(channel));
2754 		n_5ch++;
2755 	}
2756 	for (i = 0; i < phy->sband_6g.sband.n_channels; i++) {
2757 		chan = &phy->sband_6g.sband.channels[i];
2758 		if (chan->flags & IEEE80211_CHAN_DISABLED)
2759 			continue;
2760 
2761 		channel.hw_value = cpu_to_le16(chan->hw_value);
2762 		channel.flags = cpu_to_le32(chan->flags);
2763 		channel.pad = 0;
2764 
2765 		skb_put_data(skb, &channel, sizeof(channel));
2766 		n_6ch++;
2767 	}
2768 
2769 	BUILD_BUG_ON(sizeof(dev->alpha2) > sizeof(req.hdr.alpha2));
2770 	memcpy(req.hdr.alpha2, dev->alpha2, sizeof(dev->alpha2));
2771 	req.n_ch.n_2ch = n_2ch;
2772 	req.n_ch.n_5ch = n_5ch;
2773 	req.n_ch.n_6ch = n_6ch;
2774 	len = sizeof(struct n_chan) + (n_2ch + n_5ch + n_6ch) * sizeof(channel);
2775 	req.n_ch.len = cpu_to_le16(len);
2776 	memcpy(__skb_push(skb, sizeof(req)), &req, sizeof(req));
2777 
2778 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(SET_DOMAIN_INFO),
2779 				     false);
2780 }
2781 EXPORT_SYMBOL_GPL(mt7925_mcu_set_channel_domain);
2782 
2783 static int
2784 __mt7925_mcu_set_clc(struct mt792x_dev *dev, u8 *alpha2,
2785 		     enum environment_cap env_cap,
2786 		     struct mt7925_clc *clc, u8 idx)
2787 {
2788 	struct mt7925_clc_segment *seg;
2789 	struct sk_buff *skb;
2790 	struct {
2791 		u8 rsv[4];
2792 		__le16 tag;
2793 		__le16 len;
2794 
2795 		u8 ver;
2796 		u8 pad0;
2797 		__le16 size;
2798 		u8 idx;
2799 		u8 env;
2800 		u8 acpi_conf;
2801 		u8 pad1;
2802 		u8 alpha2[2];
2803 		u8 type[2];
2804 		u8 rsvd[64];
2805 	} __packed req = {
2806 		.tag = cpu_to_le16(0x3),
2807 		.len = cpu_to_le16(sizeof(req) - 4),
2808 
2809 		.idx = idx,
2810 		.env = env_cap,
2811 		.acpi_conf = mt792x_acpi_get_flags(&dev->phy),
2812 	};
2813 	int ret, valid_cnt = 0;
2814 	u8 i, *pos;
2815 
2816 	if (!clc)
2817 		return 0;
2818 
2819 	pos = clc->data + sizeof(*seg) * clc->nr_seg;
2820 	for (i = 0; i < clc->nr_country; i++) {
2821 		struct mt7925_clc_rule *rule = (struct mt7925_clc_rule *)pos;
2822 
2823 		pos += sizeof(*rule);
2824 		if (rule->alpha2[0] != alpha2[0] ||
2825 		    rule->alpha2[1] != alpha2[1])
2826 			continue;
2827 
2828 		seg = (struct mt7925_clc_segment *)clc->data
2829 			  + rule->seg_idx - 1;
2830 
2831 		memcpy(req.alpha2, rule->alpha2, 2);
2832 		memcpy(req.type, rule->type, 2);
2833 
2834 		req.size = cpu_to_le16(seg->len);
2835 		skb = __mt76_mcu_msg_alloc(&dev->mt76, &req,
2836 					   le16_to_cpu(req.size) + sizeof(req),
2837 					   sizeof(req), GFP_KERNEL);
2838 		if (!skb)
2839 			return -ENOMEM;
2840 		skb_put_data(skb, clc->data + seg->offset, seg->len);
2841 
2842 		ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2843 					    MCU_UNI_CMD(SET_POWER_LIMIT),
2844 					    true);
2845 		if (ret < 0)
2846 			return ret;
2847 		valid_cnt++;
2848 	}
2849 
2850 	if (!valid_cnt)
2851 		return -ENOENT;
2852 
2853 	return 0;
2854 }
2855 
2856 int mt7925_mcu_set_clc(struct mt792x_dev *dev, u8 *alpha2,
2857 		       enum environment_cap env_cap)
2858 {
2859 	struct mt792x_phy *phy = (struct mt792x_phy *)&dev->phy;
2860 	int i, ret;
2861 
2862 	/* submit all clc config */
2863 	for (i = 0; i < ARRAY_SIZE(phy->clc); i++) {
2864 		ret = __mt7925_mcu_set_clc(dev, alpha2, env_cap,
2865 					   phy->clc[i], i);
2866 
2867 		/* If no country found, set "00" as default */
2868 		if (ret == -ENOENT)
2869 			ret = __mt7925_mcu_set_clc(dev, "00",
2870 						   ENVIRON_INDOOR,
2871 						   phy->clc[i], i);
2872 		if (ret < 0)
2873 			return ret;
2874 	}
2875 	return 0;
2876 }
2877 
2878 int mt7925_mcu_fill_message(struct mt76_dev *mdev, struct sk_buff *skb,
2879 			    int cmd, int *wait_seq)
2880 {
2881 	int txd_len, mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
2882 	struct mt76_connac2_mcu_uni_txd *uni_txd;
2883 	struct mt76_connac2_mcu_txd *mcu_txd;
2884 	__le32 *txd;
2885 	u32 val;
2886 	u8 seq;
2887 
2888 	/* TODO: make dynamic based on msg type */
2889 	mdev->mcu.timeout = 20 * HZ;
2890 
2891 	seq = ++mdev->mcu.msg_seq & 0xf;
2892 	if (!seq)
2893 		seq = ++mdev->mcu.msg_seq & 0xf;
2894 
2895 	if (cmd == MCU_CMD(FW_SCATTER))
2896 		goto exit;
2897 
2898 	txd_len = cmd & __MCU_CMD_FIELD_UNI ? sizeof(*uni_txd) : sizeof(*mcu_txd);
2899 	txd = (__le32 *)skb_push(skb, txd_len);
2900 
2901 	val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len) |
2902 	      FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CMD) |
2903 	      FIELD_PREP(MT_TXD0_Q_IDX, MT_TX_MCU_PORT_RX_Q0);
2904 	txd[0] = cpu_to_le32(val);
2905 
2906 	val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD);
2907 	txd[1] = cpu_to_le32(val);
2908 
2909 	if (cmd & __MCU_CMD_FIELD_UNI) {
2910 		uni_txd = (struct mt76_connac2_mcu_uni_txd *)txd;
2911 		uni_txd->len = cpu_to_le16(skb->len - sizeof(uni_txd->txd));
2912 		uni_txd->cid = cpu_to_le16(mcu_cmd);
2913 		uni_txd->s2d_index = MCU_S2D_H2N;
2914 		uni_txd->pkt_type = MCU_PKT_ID;
2915 		uni_txd->seq = seq;
2916 
2917 		if (cmd & __MCU_CMD_FIELD_QUERY)
2918 			uni_txd->option = MCU_CMD_UNI_QUERY_ACK;
2919 		else
2920 			uni_txd->option = MCU_CMD_UNI_EXT_ACK;
2921 
2922 		goto exit;
2923 	}
2924 
2925 	mcu_txd = (struct mt76_connac2_mcu_txd *)txd;
2926 	mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
2927 	mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU,
2928 					       MT_TX_MCU_PORT_RX_Q0));
2929 	mcu_txd->pkt_type = MCU_PKT_ID;
2930 	mcu_txd->seq = seq;
2931 	mcu_txd->cid = mcu_cmd;
2932 	mcu_txd->ext_cid = FIELD_GET(__MCU_CMD_FIELD_EXT_ID, cmd);
2933 
2934 	if (mcu_txd->ext_cid || (cmd & __MCU_CMD_FIELD_CE)) {
2935 		if (cmd & __MCU_CMD_FIELD_QUERY)
2936 			mcu_txd->set_query = MCU_Q_QUERY;
2937 		else
2938 			mcu_txd->set_query = MCU_Q_SET;
2939 		mcu_txd->ext_cid_ack = !!mcu_txd->ext_cid;
2940 	} else {
2941 		mcu_txd->set_query = MCU_Q_NA;
2942 	}
2943 
2944 	if (cmd & __MCU_CMD_FIELD_WA)
2945 		mcu_txd->s2d_index = MCU_S2D_H2C;
2946 	else
2947 		mcu_txd->s2d_index = MCU_S2D_H2N;
2948 
2949 exit:
2950 	if (wait_seq)
2951 		*wait_seq = seq;
2952 
2953 	return 0;
2954 }
2955 EXPORT_SYMBOL_GPL(mt7925_mcu_fill_message);
2956 
2957 int mt7925_mcu_set_rts_thresh(struct mt792x_phy *phy, u32 val)
2958 {
2959 	struct {
2960 		u8 band_idx;
2961 		u8 _rsv[3];
2962 
2963 		__le16 tag;
2964 		__le16 len;
2965 		__le32 len_thresh;
2966 		__le32 pkt_thresh;
2967 	} __packed req = {
2968 		.band_idx = phy->mt76->band_idx,
2969 		.tag = cpu_to_le16(UNI_BAND_CONFIG_RTS_THRESHOLD),
2970 		.len = cpu_to_le16(sizeof(req) - 4),
2971 		.len_thresh = cpu_to_le32(val),
2972 		.pkt_thresh = cpu_to_le32(0x2),
2973 	};
2974 
2975 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
2976 				 &req, sizeof(req), true);
2977 }
2978 
2979 int mt7925_mcu_set_radio_en(struct mt792x_phy *phy, bool enable)
2980 {
2981 	struct {
2982 		u8 band_idx;
2983 		u8 _rsv[3];
2984 
2985 		__le16 tag;
2986 		__le16 len;
2987 		u8 enable;
2988 		u8 _rsv2[3];
2989 	} __packed req = {
2990 		.band_idx = phy->mt76->band_idx,
2991 		.tag = cpu_to_le16(UNI_BAND_CONFIG_RADIO_ENABLE),
2992 		.len = cpu_to_le16(sizeof(req) - 4),
2993 		.enable = enable,
2994 	};
2995 
2996 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
2997 				 &req, sizeof(req), true);
2998 }
2999 
3000 static void
3001 mt7925_mcu_build_sku(struct mt76_dev *dev, s8 *sku,
3002 		     struct mt76_power_limits *limits,
3003 		     enum nl80211_band band)
3004 {
3005 	int i, offset = sizeof(limits->cck);
3006 
3007 	memset(sku, 127, MT_CONNAC3_SKU_POWER_LIMIT);
3008 
3009 	if (band == NL80211_BAND_2GHZ) {
3010 		/* cck */
3011 		memcpy(sku, limits->cck, sizeof(limits->cck));
3012 	}
3013 
3014 	/* ofdm */
3015 	memcpy(&sku[offset], limits->ofdm, sizeof(limits->ofdm));
3016 	offset += (sizeof(limits->ofdm) * 5);
3017 
3018 	/* ht */
3019 	for (i = 0; i < 2; i++) {
3020 		memcpy(&sku[offset], limits->mcs[i], 8);
3021 		offset += 8;
3022 	}
3023 	sku[offset++] = limits->mcs[0][0];
3024 
3025 	/* vht */
3026 	for (i = 0; i < ARRAY_SIZE(limits->mcs); i++) {
3027 		memcpy(&sku[offset], limits->mcs[i],
3028 		       ARRAY_SIZE(limits->mcs[i]));
3029 		offset += 12;
3030 	}
3031 
3032 	/* he */
3033 	for (i = 0; i < ARRAY_SIZE(limits->ru); i++) {
3034 		memcpy(&sku[offset], limits->ru[i], ARRAY_SIZE(limits->ru[i]));
3035 		offset += ARRAY_SIZE(limits->ru[i]);
3036 	}
3037 
3038 	/* eht */
3039 	for (i = 0; i < ARRAY_SIZE(limits->eht); i++) {
3040 		memcpy(&sku[offset], limits->eht[i], ARRAY_SIZE(limits->eht[i]));
3041 		offset += ARRAY_SIZE(limits->eht[i]);
3042 	}
3043 }
3044 
3045 static int
3046 mt7925_mcu_rate_txpower_band(struct mt76_phy *phy,
3047 			     enum nl80211_band band)
3048 {
3049 	int tx_power, n_chan, last_ch, err = 0, idx = 0;
3050 	int i, sku_len, batch_size, batch_len = 3;
3051 	struct mt76_dev *dev = phy->dev;
3052 	static const u8 chan_list_2ghz[] = {
3053 		1, 2,  3,  4,  5,  6,  7,
3054 		8, 9, 10, 11, 12, 13, 14
3055 	};
3056 	static const u8 chan_list_5ghz[] = {
3057 		 36,  38,  40,  42,  44,  46,  48,
3058 		 50,  52,  54,  56,  58,  60,  62,
3059 		 64, 100, 102, 104, 106, 108, 110,
3060 		112, 114, 116, 118, 120, 122, 124,
3061 		126, 128, 132, 134, 136, 138, 140,
3062 		142, 144, 149, 151, 153, 155, 157,
3063 		159, 161, 165, 167
3064 	};
3065 	static const u8 chan_list_6ghz[] = {
3066 		  1,   3,   5,   7,   9,  11,  13,
3067 		 15,  17,  19,  21,  23,  25,  27,
3068 		 29,  33,  35,  37,  39,  41,  43,
3069 		 45,  47,  49,  51,  53,  55,  57,
3070 		 59,  61,  65,  67,  69,  71,  73,
3071 		 75,  77,  79,  81,  83,  85,  87,
3072 		 89,  91,  93,  97,  99, 101, 103,
3073 		105, 107, 109, 111, 113, 115, 117,
3074 		119, 121, 123, 125, 129, 131, 133,
3075 		135, 137, 139, 141, 143, 145, 147,
3076 		149, 151, 153, 155, 157, 161, 163,
3077 		165, 167, 169, 171, 173, 175, 177,
3078 		179, 181, 183, 185, 187, 189, 193,
3079 		195, 197, 199, 201, 203, 205, 207,
3080 		209, 211, 213, 215, 217, 219, 221,
3081 		225, 227, 229, 233
3082 	};
3083 	struct mt76_power_limits *limits;
3084 	struct mt7925_sku_tlv *sku_tlbv;
3085 	const u8 *ch_list;
3086 
3087 	sku_len = sizeof(*sku_tlbv);
3088 	tx_power = 2 * phy->hw->conf.power_level;
3089 	if (!tx_power)
3090 		tx_power = 127;
3091 
3092 	if (band == NL80211_BAND_2GHZ) {
3093 		n_chan = ARRAY_SIZE(chan_list_2ghz);
3094 		ch_list = chan_list_2ghz;
3095 		last_ch = chan_list_2ghz[ARRAY_SIZE(chan_list_2ghz) - 1];
3096 	} else if (band == NL80211_BAND_6GHZ) {
3097 		n_chan = ARRAY_SIZE(chan_list_6ghz);
3098 		ch_list = chan_list_6ghz;
3099 		last_ch = chan_list_6ghz[ARRAY_SIZE(chan_list_6ghz) - 1];
3100 	} else {
3101 		n_chan = ARRAY_SIZE(chan_list_5ghz);
3102 		ch_list = chan_list_5ghz;
3103 		last_ch = chan_list_5ghz[ARRAY_SIZE(chan_list_5ghz) - 1];
3104 	}
3105 	batch_size = DIV_ROUND_UP(n_chan, batch_len);
3106 
3107 	limits = devm_kmalloc(dev->dev, sizeof(*limits), GFP_KERNEL);
3108 	if (!limits)
3109 		return -ENOMEM;
3110 
3111 	sku_tlbv = devm_kmalloc(dev->dev, sku_len, GFP_KERNEL);
3112 	if (!sku_tlbv) {
3113 		devm_kfree(dev->dev, limits);
3114 		return -ENOMEM;
3115 	}
3116 
3117 	for (i = 0; i < batch_size; i++) {
3118 		struct mt7925_tx_power_limit_tlv *tx_power_tlv;
3119 		int j, msg_len, num_ch;
3120 		struct sk_buff *skb;
3121 
3122 		num_ch = i == batch_size - 1 ? n_chan % batch_len : batch_len;
3123 		msg_len = sizeof(*tx_power_tlv) + num_ch * sku_len;
3124 		skb = mt76_mcu_msg_alloc(dev, NULL, msg_len);
3125 		if (!skb) {
3126 			err = -ENOMEM;
3127 			goto out;
3128 		}
3129 
3130 		tx_power_tlv = (struct mt7925_tx_power_limit_tlv *)
3131 			       skb_put(skb, sizeof(*tx_power_tlv));
3132 
3133 		BUILD_BUG_ON(sizeof(dev->alpha2) > sizeof(tx_power_tlv->alpha2));
3134 		memcpy(tx_power_tlv->alpha2, dev->alpha2, sizeof(dev->alpha2));
3135 		tx_power_tlv->n_chan = num_ch;
3136 		tx_power_tlv->tag = cpu_to_le16(0x1);
3137 		tx_power_tlv->len = cpu_to_le16(sizeof(*tx_power_tlv));
3138 
3139 		switch (band) {
3140 		case NL80211_BAND_2GHZ:
3141 			tx_power_tlv->band = 1;
3142 			break;
3143 		case NL80211_BAND_6GHZ:
3144 			tx_power_tlv->band = 3;
3145 			break;
3146 		default:
3147 			tx_power_tlv->band = 2;
3148 			break;
3149 		}
3150 
3151 		for (j = 0; j < num_ch; j++, idx++) {
3152 			struct ieee80211_channel chan = {
3153 				.hw_value = ch_list[idx],
3154 				.band = band,
3155 			};
3156 			s8 reg_power, sar_power;
3157 
3158 			reg_power = mt76_connac_get_ch_power(phy, &chan,
3159 							     tx_power);
3160 			sar_power = mt76_get_sar_power(phy, &chan, reg_power);
3161 
3162 			mt76_get_rate_power_limits(phy, &chan, limits,
3163 						   sar_power);
3164 
3165 			tx_power_tlv->last_msg = ch_list[idx] == last_ch;
3166 			sku_tlbv->channel = ch_list[idx];
3167 
3168 			mt7925_mcu_build_sku(dev, sku_tlbv->pwr_limit,
3169 					     limits, band);
3170 			skb_put_data(skb, sku_tlbv, sku_len);
3171 		}
3172 		err = mt76_mcu_skb_send_msg(dev, skb,
3173 					    MCU_UNI_CMD(SET_POWER_LIMIT),
3174 					    true);
3175 		if (err < 0)
3176 			goto out;
3177 	}
3178 
3179 out:
3180 	devm_kfree(dev->dev, sku_tlbv);
3181 	devm_kfree(dev->dev, limits);
3182 	return err;
3183 }
3184 
3185 int mt7925_mcu_set_rate_txpower(struct mt76_phy *phy)
3186 {
3187 	int err;
3188 
3189 	if (phy->cap.has_2ghz) {
3190 		err = mt7925_mcu_rate_txpower_band(phy,
3191 						   NL80211_BAND_2GHZ);
3192 		if (err < 0)
3193 			return err;
3194 	}
3195 
3196 	if (phy->cap.has_5ghz) {
3197 		err = mt7925_mcu_rate_txpower_band(phy,
3198 						   NL80211_BAND_5GHZ);
3199 		if (err < 0)
3200 			return err;
3201 	}
3202 
3203 	if (phy->cap.has_6ghz) {
3204 		err = mt7925_mcu_rate_txpower_band(phy,
3205 						   NL80211_BAND_6GHZ);
3206 		if (err < 0)
3207 			return err;
3208 	}
3209 
3210 	return 0;
3211 }
3212 
3213 int mt7925_mcu_set_rxfilter(struct mt792x_dev *dev, u32 fif,
3214 			    u8 bit_op, u32 bit_map)
3215 {
3216 	struct mt792x_phy *phy = &dev->phy;
3217 	struct {
3218 		u8 band_idx;
3219 		u8 rsv1[3];
3220 
3221 		__le16 tag;
3222 		__le16 len;
3223 		u8 mode;
3224 		u8 rsv2[3];
3225 		__le32 fif;
3226 		__le32 bit_map; /* bit_* for bitmap update */
3227 		u8 bit_op;
3228 		u8 pad[51];
3229 	} __packed req = {
3230 		.band_idx = phy->mt76->band_idx,
3231 		.tag = cpu_to_le16(UNI_BAND_CONFIG_SET_MAC80211_RX_FILTER),
3232 		.len = cpu_to_le16(sizeof(req) - 4),
3233 
3234 		.mode = fif ? 0 : 1,
3235 		.fif = cpu_to_le32(fif),
3236 		.bit_map = cpu_to_le32(bit_map),
3237 		.bit_op = bit_op,
3238 	};
3239 
3240 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
3241 				 &req, sizeof(req), true);
3242 }
3243