xref: /linux/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c (revision 170aafe35cb98e0f3fbacb446ea86389fbce22ea)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2023 MediaTek Inc. */
3 
4 #include <linux/fs.h>
5 #include <linux/firmware.h>
6 #include "mt7925.h"
7 #include "mcu.h"
8 #include "mac.h"
9 
10 #define MT_STA_BFER			BIT(0)
11 #define MT_STA_BFEE			BIT(1)
12 
13 static bool mt7925_disable_clc;
14 module_param_named(disable_clc, mt7925_disable_clc, bool, 0644);
15 MODULE_PARM_DESC(disable_clc, "disable CLC support");
16 
17 int mt7925_mcu_parse_response(struct mt76_dev *mdev, int cmd,
18 			      struct sk_buff *skb, int seq)
19 {
20 	int mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
21 	struct mt7925_mcu_rxd *rxd;
22 	int ret = 0;
23 
24 	if (!skb) {
25 		dev_err(mdev->dev, "Message %08x (seq %d) timeout\n", cmd, seq);
26 		mt792x_reset(mdev);
27 
28 		return -ETIMEDOUT;
29 	}
30 
31 	rxd = (struct mt7925_mcu_rxd *)skb->data;
32 	if (seq != rxd->seq)
33 		return -EAGAIN;
34 
35 	if (cmd == MCU_CMD(PATCH_SEM_CONTROL) ||
36 	    cmd == MCU_CMD(PATCH_FINISH_REQ)) {
37 		skb_pull(skb, sizeof(*rxd) - 4);
38 		ret = *skb->data;
39 	} else if (cmd == MCU_UNI_CMD(DEV_INFO_UPDATE) ||
40 		   cmd == MCU_UNI_CMD(BSS_INFO_UPDATE) ||
41 		   cmd == MCU_UNI_CMD(STA_REC_UPDATE) ||
42 		   cmd == MCU_UNI_CMD(HIF_CTRL) ||
43 		   cmd == MCU_UNI_CMD(OFFLOAD) ||
44 		   cmd == MCU_UNI_CMD(SUSPEND)) {
45 		struct mt7925_mcu_uni_event *event;
46 
47 		skb_pull(skb, sizeof(*rxd));
48 		event = (struct mt7925_mcu_uni_event *)skb->data;
49 		ret = le32_to_cpu(event->status);
50 		/* skip invalid event */
51 		if (mcu_cmd != event->cid)
52 			ret = -EAGAIN;
53 	} else {
54 		skb_pull(skb, sizeof(*rxd));
55 	}
56 
57 	return ret;
58 }
59 EXPORT_SYMBOL_GPL(mt7925_mcu_parse_response);
60 
61 int mt7925_mcu_regval(struct mt792x_dev *dev, u32 regidx, u32 *val, bool set)
62 {
63 #define MT_RF_REG_HDR           GENMASK(31, 24)
64 #define MT_RF_REG_ANT           GENMASK(23, 16)
65 #define RF_REG_PREFIX           0x99
66 	struct {
67 		u8 __rsv[4];
68 		union {
69 			struct uni_cmd_access_reg_basic {
70 				__le16 tag;
71 				__le16 len;
72 				__le32 idx;
73 				__le32 data;
74 			} __packed reg;
75 			struct uni_cmd_access_rf_reg_basic {
76 				__le16 tag;
77 				__le16 len;
78 				__le16 ant;
79 				u8 __rsv[2];
80 				__le32 idx;
81 				__le32 data;
82 			} __packed rf_reg;
83 		};
84 	} __packed * res, req;
85 	struct sk_buff *skb;
86 	int ret;
87 
88 	if (u32_get_bits(regidx, MT_RF_REG_HDR) == RF_REG_PREFIX) {
89 		req.rf_reg.tag = cpu_to_le16(UNI_CMD_ACCESS_RF_REG_BASIC);
90 		req.rf_reg.len = cpu_to_le16(sizeof(req.rf_reg));
91 		req.rf_reg.ant = cpu_to_le16(u32_get_bits(regidx, MT_RF_REG_ANT));
92 		req.rf_reg.idx = cpu_to_le32(regidx);
93 		req.rf_reg.data = set ? cpu_to_le32(*val) : 0;
94 	} else {
95 		req.reg.tag = cpu_to_le16(UNI_CMD_ACCESS_REG_BASIC);
96 		req.reg.len = cpu_to_le16(sizeof(req.reg));
97 		req.reg.idx = cpu_to_le32(regidx);
98 		req.reg.data = set ? cpu_to_le32(*val) : 0;
99 	}
100 
101 	if (set)
102 		return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(REG_ACCESS),
103 					 &req, sizeof(req), true);
104 
105 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
106 					MCU_WM_UNI_CMD_QUERY(REG_ACCESS),
107 					&req, sizeof(req), true, &skb);
108 	if (ret)
109 		return ret;
110 
111 	res = (void *)skb->data;
112 	if (u32_get_bits(regidx, MT_RF_REG_HDR) == RF_REG_PREFIX)
113 		*val = le32_to_cpu(res->rf_reg.data);
114 	else
115 		*val = le32_to_cpu(res->reg.data);
116 
117 	dev_kfree_skb(skb);
118 
119 	return 0;
120 }
121 EXPORT_SYMBOL_GPL(mt7925_mcu_regval);
122 
123 int mt7925_mcu_update_arp_filter(struct mt76_dev *dev,
124 				 struct ieee80211_bss_conf *link_conf)
125 {
126 	struct ieee80211_vif *mvif = container_of((void *)link_conf->vif,
127 						  struct ieee80211_vif,
128 						  drv_priv);
129 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
130 	struct sk_buff *skb;
131 	int i, len = min_t(int, mvif->cfg.arp_addr_cnt,
132 			   IEEE80211_BSS_ARP_ADDR_LIST_LEN);
133 	struct {
134 		struct {
135 			u8 bss_idx;
136 			u8 pad[3];
137 		} __packed hdr;
138 		struct mt7925_arpns_tlv arp;
139 	} req = {
140 		.hdr = {
141 			.bss_idx = mconf->mt76.idx,
142 		},
143 		.arp = {
144 			.tag = cpu_to_le16(UNI_OFFLOAD_OFFLOAD_ARP),
145 			.len = cpu_to_le16(sizeof(req) - 4 + len * 2 * sizeof(__be32)),
146 			.ips_num = len,
147 			.enable = true,
148 		},
149 	};
150 
151 	skb = mt76_mcu_msg_alloc(dev, NULL, sizeof(req) + len * 2 * sizeof(__be32));
152 	if (!skb)
153 		return -ENOMEM;
154 
155 	skb_put_data(skb, &req, sizeof(req));
156 	for (i = 0; i < len; i++) {
157 		skb_put_data(skb, &mvif->cfg.arp_addr_list[i], sizeof(__be32));
158 		skb_put_zero(skb, sizeof(__be32));
159 	}
160 
161 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(OFFLOAD), true);
162 }
163 
164 #ifdef CONFIG_PM
165 static int
166 mt7925_connac_mcu_set_wow_ctrl(struct mt76_phy *phy, struct ieee80211_vif *vif,
167 			       bool suspend, struct cfg80211_wowlan *wowlan)
168 {
169 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
170 	struct mt76_dev *dev = phy->dev;
171 	struct {
172 		struct {
173 			u8 bss_idx;
174 			u8 pad[3];
175 		} __packed hdr;
176 		struct mt76_connac_wow_ctrl_tlv wow_ctrl_tlv;
177 		struct mt76_connac_wow_gpio_param_tlv gpio_tlv;
178 	} req = {
179 		.hdr = {
180 			.bss_idx = mvif->idx,
181 		},
182 		.wow_ctrl_tlv = {
183 			.tag = cpu_to_le16(UNI_SUSPEND_WOW_CTRL),
184 			.len = cpu_to_le16(sizeof(struct mt76_connac_wow_ctrl_tlv)),
185 			.cmd = suspend ? 1 : 2,
186 		},
187 		.gpio_tlv = {
188 			.tag = cpu_to_le16(UNI_SUSPEND_WOW_GPIO_PARAM),
189 			.len = cpu_to_le16(sizeof(struct mt76_connac_wow_gpio_param_tlv)),
190 			.gpio_pin = 0xff, /* follow fw about GPIO pin */
191 		},
192 	};
193 
194 	if (wowlan->magic_pkt)
195 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_MAGIC;
196 	if (wowlan->disconnect)
197 		req.wow_ctrl_tlv.trigger |= (UNI_WOW_DETECT_TYPE_DISCONNECT |
198 					     UNI_WOW_DETECT_TYPE_BCN_LOST);
199 	if (wowlan->nd_config) {
200 		mt7925_mcu_sched_scan_req(phy, vif, wowlan->nd_config);
201 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_SCH_SCAN_HIT;
202 		mt7925_mcu_sched_scan_enable(phy, vif, suspend);
203 	}
204 	if (wowlan->n_patterns)
205 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_BITMAP;
206 
207 	if (mt76_is_mmio(dev))
208 		req.wow_ctrl_tlv.wakeup_hif = WOW_PCIE;
209 	else if (mt76_is_usb(dev))
210 		req.wow_ctrl_tlv.wakeup_hif = WOW_USB;
211 	else if (mt76_is_sdio(dev))
212 		req.wow_ctrl_tlv.wakeup_hif = WOW_GPIO;
213 
214 	return mt76_mcu_send_msg(dev, MCU_UNI_CMD(SUSPEND), &req,
215 				 sizeof(req), true);
216 }
217 
218 static int
219 mt7925_mcu_set_wow_pattern(struct mt76_dev *dev,
220 			   struct ieee80211_vif *vif,
221 			   u8 index, bool enable,
222 			   struct cfg80211_pkt_pattern *pattern)
223 {
224 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
225 	struct mt7925_wow_pattern_tlv *tlv;
226 	struct sk_buff *skb;
227 	struct {
228 		u8 bss_idx;
229 		u8 pad[3];
230 	} __packed hdr = {
231 		.bss_idx = mvif->idx,
232 	};
233 
234 	skb = mt76_mcu_msg_alloc(dev, NULL, sizeof(hdr) + sizeof(*tlv));
235 	if (!skb)
236 		return -ENOMEM;
237 
238 	skb_put_data(skb, &hdr, sizeof(hdr));
239 	tlv = (struct mt7925_wow_pattern_tlv *)skb_put(skb, sizeof(*tlv));
240 	tlv->tag = cpu_to_le16(UNI_SUSPEND_WOW_PATTERN);
241 	tlv->len = cpu_to_le16(sizeof(*tlv));
242 	tlv->bss_idx = 0xF;
243 	tlv->data_len = pattern->pattern_len;
244 	tlv->enable = enable;
245 	tlv->index = index;
246 	tlv->offset = 0;
247 
248 	memcpy(tlv->pattern, pattern->pattern, pattern->pattern_len);
249 	memcpy(tlv->mask, pattern->mask, DIV_ROUND_UP(pattern->pattern_len, 8));
250 
251 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(SUSPEND), true);
252 }
253 
254 void mt7925_mcu_set_suspend_iter(void *priv, u8 *mac,
255 				 struct ieee80211_vif *vif)
256 {
257 	struct mt76_phy *phy = priv;
258 	bool suspend = !test_bit(MT76_STATE_RUNNING, &phy->state);
259 	struct ieee80211_hw *hw = phy->hw;
260 	struct cfg80211_wowlan *wowlan = hw->wiphy->wowlan_config;
261 	int i;
262 
263 	mt76_connac_mcu_set_gtk_rekey(phy->dev, vif, suspend);
264 
265 	mt76_connac_mcu_set_suspend_mode(phy->dev, vif, suspend, 1, true);
266 
267 	for (i = 0; i < wowlan->n_patterns; i++)
268 		mt7925_mcu_set_wow_pattern(phy->dev, vif, i, suspend,
269 					   &wowlan->patterns[i]);
270 	mt7925_connac_mcu_set_wow_ctrl(phy, vif, suspend, wowlan);
271 }
272 
273 #endif /* CONFIG_PM */
274 
275 static void
276 mt7925_mcu_connection_loss_iter(void *priv, u8 *mac,
277 				struct ieee80211_vif *vif)
278 {
279 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
280 	struct mt7925_uni_beacon_loss_event *event = priv;
281 
282 	if (mvif->idx != event->hdr.bss_idx)
283 		return;
284 
285 	if (!(vif->driver_flags & IEEE80211_VIF_BEACON_FILTER) ||
286 	    vif->type != NL80211_IFTYPE_STATION)
287 		return;
288 
289 	ieee80211_connection_loss(vif);
290 }
291 
292 static void
293 mt7925_mcu_connection_loss_event(struct mt792x_dev *dev, struct sk_buff *skb)
294 {
295 	struct mt7925_uni_beacon_loss_event *event;
296 	struct mt76_phy *mphy = &dev->mt76.phy;
297 
298 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd));
299 	event = (struct mt7925_uni_beacon_loss_event *)skb->data;
300 
301 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
302 					IEEE80211_IFACE_ITER_RESUME_ALL,
303 					mt7925_mcu_connection_loss_iter, event);
304 }
305 
306 static void
307 mt7925_mcu_roc_iter(void *priv, u8 *mac, struct ieee80211_vif *vif)
308 {
309 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
310 	struct mt7925_roc_grant_tlv *grant = priv;
311 
312 	if (ieee80211_vif_is_mld(vif) && vif->type == NL80211_IFTYPE_STATION)
313 		return;
314 
315 	if (mvif->idx != grant->bss_idx)
316 		return;
317 
318 	mvif->band_idx = grant->dbdcband;
319 }
320 
321 static void mt7925_mcu_roc_handle_grant(struct mt792x_dev *dev,
322 					struct tlv *tlv)
323 {
324 	struct ieee80211_hw *hw = dev->mt76.hw;
325 	struct mt7925_roc_grant_tlv *grant;
326 	int duration;
327 
328 	grant = (struct mt7925_roc_grant_tlv *)tlv;
329 
330 	/* should never happen */
331 	WARN_ON_ONCE((le16_to_cpu(grant->tag) != UNI_EVENT_ROC_GRANT));
332 
333 	if (grant->reqtype == MT7925_ROC_REQ_ROC)
334 		ieee80211_ready_on_channel(hw);
335 	else if (grant->reqtype == MT7925_ROC_REQ_JOIN)
336 		ieee80211_iterate_active_interfaces_atomic(hw,
337 						IEEE80211_IFACE_ITER_RESUME_ALL,
338 						mt7925_mcu_roc_iter, grant);
339 	dev->phy.roc_grant = true;
340 	wake_up(&dev->phy.roc_wait);
341 	duration = le32_to_cpu(grant->max_interval);
342 	mod_timer(&dev->phy.roc_timer,
343 		  jiffies + msecs_to_jiffies(duration));
344 }
345 
346 static void
347 mt7925_mcu_uni_roc_event(struct mt792x_dev *dev, struct sk_buff *skb)
348 {
349 	struct tlv *tlv;
350 	int i = 0;
351 
352 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd) + 4);
353 
354 	while (i < skb->len) {
355 		tlv = (struct tlv *)(skb->data + i);
356 
357 		switch (le16_to_cpu(tlv->tag)) {
358 		case UNI_EVENT_ROC_GRANT:
359 			mt7925_mcu_roc_handle_grant(dev, tlv);
360 			break;
361 		case UNI_EVENT_ROC_GRANT_SUB_LINK:
362 			break;
363 		}
364 
365 		i += le16_to_cpu(tlv->len);
366 	}
367 }
368 
369 static void
370 mt7925_mcu_scan_event(struct mt792x_dev *dev, struct sk_buff *skb)
371 {
372 	struct mt76_phy *mphy = &dev->mt76.phy;
373 	struct mt792x_phy *phy = mphy->priv;
374 
375 	spin_lock_bh(&dev->mt76.lock);
376 	__skb_queue_tail(&phy->scan_event_list, skb);
377 	spin_unlock_bh(&dev->mt76.lock);
378 
379 	ieee80211_queue_delayed_work(mphy->hw, &phy->scan_work,
380 				     MT792x_HW_SCAN_TIMEOUT);
381 }
382 
383 static void
384 mt7925_mcu_tx_done_event(struct mt792x_dev *dev, struct sk_buff *skb)
385 {
386 #define UNI_EVENT_TX_DONE_MSG 0
387 #define UNI_EVENT_TX_DONE_RAW 1
388 	struct mt7925_mcu_txs_event {
389 		u8 ver;
390 		u8 rsv[3];
391 		u8 data[0];
392 	} __packed * txs;
393 	struct tlv *tlv;
394 	u32 tlv_len;
395 
396 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd) + 4);
397 	tlv = (struct tlv *)skb->data;
398 	tlv_len = skb->len;
399 
400 	while (tlv_len > 0 && le16_to_cpu(tlv->len) <= tlv_len) {
401 		switch (le16_to_cpu(tlv->tag)) {
402 		case UNI_EVENT_TX_DONE_RAW:
403 			txs = (struct mt7925_mcu_txs_event *)tlv->data;
404 			mt7925_mac_add_txs(dev, txs->data);
405 			break;
406 		default:
407 			break;
408 		}
409 		tlv_len -= le16_to_cpu(tlv->len);
410 		tlv = (struct tlv *)((char *)(tlv) + le16_to_cpu(tlv->len));
411 	}
412 }
413 
414 static void
415 mt7925_mcu_uni_debug_msg_event(struct mt792x_dev *dev, struct sk_buff *skb)
416 {
417 	struct mt7925_uni_debug_msg {
418 		__le16 tag;
419 		__le16 len;
420 		u8 fmt;
421 		u8 rsv[3];
422 		u8 id;
423 		u8 type:3;
424 		u8 nr_args:5;
425 		union {
426 			struct idxlog {
427 				__le16 rsv;
428 				__le32 ts;
429 				__le32 idx;
430 				u8 data[];
431 			} __packed idx;
432 			struct txtlog {
433 				u8 len;
434 				u8 rsv;
435 				__le32 ts;
436 				u8 data[];
437 			} __packed txt;
438 		};
439 	} __packed * hdr;
440 
441 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd) + 4);
442 	hdr = (struct mt7925_uni_debug_msg *)skb->data;
443 
444 	if (hdr->id == 0x28) {
445 		skb_pull(skb, offsetof(struct mt7925_uni_debug_msg, id));
446 		wiphy_info(mt76_hw(dev)->wiphy, "%.*s", skb->len, skb->data);
447 		return;
448 	} else if (hdr->id != 0xa8) {
449 		return;
450 	}
451 
452 	if (hdr->type == 0) { /* idx log */
453 		int i, ret, len = PAGE_SIZE - 1, nr_val;
454 		struct page *page = dev_alloc_pages(get_order(len));
455 		__le32 *val;
456 		char *buf, *cur;
457 
458 		if (!page)
459 			return;
460 
461 		buf = page_address(page);
462 		cur = buf;
463 
464 		nr_val = (le16_to_cpu(hdr->len) - sizeof(*hdr)) / 4;
465 		val = (__le32 *)hdr->idx.data;
466 		for (i = 0; i < nr_val && len > 0; i++) {
467 			ret = snprintf(cur, len, "0x%x,", le32_to_cpu(val[i]));
468 			if (ret <= 0)
469 				break;
470 
471 			cur += ret;
472 			len -= ret;
473 		}
474 		if (cur > buf)
475 			wiphy_info(mt76_hw(dev)->wiphy, "idx: 0x%X,%d,%s",
476 				   le32_to_cpu(hdr->idx.idx), nr_val, buf);
477 		put_page(page);
478 	} else if (hdr->type == 2) { /* str log */
479 		wiphy_info(mt76_hw(dev)->wiphy, "%.*s", hdr->txt.len, hdr->txt.data);
480 	}
481 }
482 
483 static void
484 mt7925_mcu_uni_rx_unsolicited_event(struct mt792x_dev *dev,
485 				    struct sk_buff *skb)
486 {
487 	struct mt7925_mcu_rxd *rxd;
488 
489 	rxd = (struct mt7925_mcu_rxd *)skb->data;
490 
491 	switch (rxd->eid) {
492 	case MCU_UNI_EVENT_FW_LOG_2_HOST:
493 		mt7925_mcu_uni_debug_msg_event(dev, skb);
494 		break;
495 	case MCU_UNI_EVENT_ROC:
496 		mt7925_mcu_uni_roc_event(dev, skb);
497 		break;
498 	case MCU_UNI_EVENT_SCAN_DONE:
499 		mt7925_mcu_scan_event(dev, skb);
500 		return;
501 	case MCU_UNI_EVENT_TX_DONE:
502 		mt7925_mcu_tx_done_event(dev, skb);
503 		break;
504 	case MCU_UNI_EVENT_BSS_BEACON_LOSS:
505 		mt7925_mcu_connection_loss_event(dev, skb);
506 		break;
507 	case MCU_UNI_EVENT_COREDUMP:
508 		dev->fw_assert = true;
509 		mt76_connac_mcu_coredump_event(&dev->mt76, skb, &dev->coredump);
510 		return;
511 	default:
512 		break;
513 	}
514 	dev_kfree_skb(skb);
515 }
516 
517 void mt7925_mcu_rx_event(struct mt792x_dev *dev, struct sk_buff *skb)
518 {
519 	struct mt7925_mcu_rxd *rxd = (struct mt7925_mcu_rxd *)skb->data;
520 
521 	if (skb_linearize(skb))
522 		return;
523 
524 	if (rxd->option & MCU_UNI_CMD_UNSOLICITED_EVENT) {
525 		mt7925_mcu_uni_rx_unsolicited_event(dev, skb);
526 		return;
527 	}
528 
529 	mt76_mcu_rx_event(&dev->mt76, skb);
530 }
531 
532 static int
533 mt7925_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif *mvif,
534 		  struct ieee80211_ampdu_params *params,
535 		  bool enable, bool tx)
536 {
537 	struct mt76_wcid *wcid = (struct mt76_wcid *)params->sta->drv_priv;
538 	struct sta_rec_ba_uni *ba;
539 	struct sk_buff *skb;
540 	struct tlv *tlv;
541 	int len;
542 
543 	len = sizeof(struct sta_req_hdr) + sizeof(*ba);
544 	skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, wcid,
545 					      len);
546 	if (IS_ERR(skb))
547 		return PTR_ERR(skb);
548 
549 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BA, sizeof(*ba));
550 
551 	ba = (struct sta_rec_ba_uni *)tlv;
552 	ba->ba_type = tx ? MT_BA_TYPE_ORIGINATOR : MT_BA_TYPE_RECIPIENT;
553 	ba->winsize = cpu_to_le16(params->buf_size);
554 	ba->ssn = cpu_to_le16(params->ssn);
555 	ba->ba_en = enable << params->tid;
556 	ba->amsdu = params->amsdu;
557 	ba->tid = params->tid;
558 
559 	return mt76_mcu_skb_send_msg(dev, skb,
560 				     MCU_UNI_CMD(STA_REC_UPDATE), true);
561 }
562 
563 /** starec & wtbl **/
564 int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev,
565 			 struct ieee80211_ampdu_params *params,
566 			 bool enable)
567 {
568 	struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv;
569 	struct mt792x_vif *mvif = msta->vif;
570 
571 	if (enable && !params->amsdu)
572 		msta->deflink.wcid.amsdu = false;
573 
574 	return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params,
575 				 enable, true);
576 }
577 
578 int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev,
579 			 struct ieee80211_ampdu_params *params,
580 			 bool enable)
581 {
582 	struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv;
583 	struct mt792x_vif *mvif = msta->vif;
584 
585 	return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params,
586 				 enable, false);
587 }
588 
589 static int mt7925_load_clc(struct mt792x_dev *dev, const char *fw_name)
590 {
591 	const struct mt76_connac2_fw_trailer *hdr;
592 	const struct mt76_connac2_fw_region *region;
593 	const struct mt7925_clc *clc;
594 	struct mt76_dev *mdev = &dev->mt76;
595 	struct mt792x_phy *phy = &dev->phy;
596 	const struct firmware *fw;
597 	int ret, i, len, offset = 0;
598 	u8 *clc_base = NULL;
599 
600 	if (mt7925_disable_clc ||
601 	    mt76_is_usb(&dev->mt76))
602 		return 0;
603 
604 	ret = request_firmware(&fw, fw_name, mdev->dev);
605 	if (ret)
606 		return ret;
607 
608 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
609 		dev_err(mdev->dev, "Invalid firmware\n");
610 		ret = -EINVAL;
611 		goto out;
612 	}
613 
614 	hdr = (const void *)(fw->data + fw->size - sizeof(*hdr));
615 	for (i = 0; i < hdr->n_region; i++) {
616 		region = (const void *)((const u8 *)hdr -
617 					(hdr->n_region - i) * sizeof(*region));
618 		len = le32_to_cpu(region->len);
619 
620 		/* check if we have valid buffer size */
621 		if (offset + len > fw->size) {
622 			dev_err(mdev->dev, "Invalid firmware region\n");
623 			ret = -EINVAL;
624 			goto out;
625 		}
626 
627 		if ((region->feature_set & FW_FEATURE_NON_DL) &&
628 		    region->type == FW_TYPE_CLC) {
629 			clc_base = (u8 *)(fw->data + offset);
630 			break;
631 		}
632 		offset += len;
633 	}
634 
635 	if (!clc_base)
636 		goto out;
637 
638 	for (offset = 0; offset < len; offset += le32_to_cpu(clc->len)) {
639 		clc = (const struct mt7925_clc *)(clc_base + offset);
640 
641 		if (clc->idx > ARRAY_SIZE(phy->clc))
642 			break;
643 
644 		/* do not init buf again if chip reset triggered */
645 		if (phy->clc[clc->idx])
646 			continue;
647 
648 		phy->clc[clc->idx] = devm_kmemdup(mdev->dev, clc,
649 						  le32_to_cpu(clc->len),
650 						  GFP_KERNEL);
651 
652 		if (!phy->clc[clc->idx]) {
653 			ret = -ENOMEM;
654 			goto out;
655 		}
656 	}
657 
658 	ret = mt7925_mcu_set_clc(dev, "00", ENVIRON_INDOOR);
659 out:
660 	release_firmware(fw);
661 
662 	return ret;
663 }
664 
665 int mt7925_mcu_fw_log_2_host(struct mt792x_dev *dev, u8 ctrl)
666 {
667 	struct {
668 		u8 _rsv[4];
669 
670 		__le16 tag;
671 		__le16 len;
672 		u8 ctrl;
673 		u8 interval;
674 		u8 _rsv2[2];
675 	} __packed req = {
676 		.tag = cpu_to_le16(UNI_WSYS_CONFIG_FW_LOG_CTRL),
677 		.len = cpu_to_le16(sizeof(req) - 4),
678 		.ctrl = ctrl,
679 	};
680 	int ret;
681 
682 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(WSYS_CONFIG),
683 					&req, sizeof(req), false, NULL);
684 	return ret;
685 }
686 
687 int mt7925_mcu_get_temperature(struct mt792x_phy *phy)
688 {
689 	struct {
690 		u8 _rsv[4];
691 
692 		__le16 tag;
693 		__le16 len;
694 		u8 _rsv2[4];
695 	} __packed req = {
696 		.tag = cpu_to_le16(0x0),
697 		.len = cpu_to_le16(sizeof(req) - 4),
698 	};
699 	struct mt7925_thermal_evt {
700 		u8 rsv[4];
701 		__le32 temperature;
702 	} __packed * evt;
703 	struct mt792x_dev *dev = phy->dev;
704 	int temperature, ret;
705 	struct sk_buff *skb;
706 
707 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
708 					MCU_WM_UNI_CMD_QUERY(THERMAL),
709 					&req, sizeof(req), true, &skb);
710 	if (ret)
711 		return ret;
712 
713 	skb_pull(skb, 4 + sizeof(struct tlv));
714 	evt = (struct mt7925_thermal_evt *)skb->data;
715 
716 	temperature = le32_to_cpu(evt->temperature);
717 
718 	dev_kfree_skb(skb);
719 
720 	return temperature;
721 }
722 
723 static void
724 mt7925_mcu_parse_phy_cap(struct mt792x_dev *dev, char *data)
725 {
726 	struct mt76_phy *mphy = &dev->mt76.phy;
727 	struct mt76_dev *mdev = mphy->dev;
728 	struct mt7925_mcu_phy_cap {
729 		u8 ht;
730 		u8 vht;
731 		u8 _5g;
732 		u8 max_bw;
733 		u8 nss;
734 		u8 dbdc;
735 		u8 tx_ldpc;
736 		u8 rx_ldpc;
737 		u8 tx_stbc;
738 		u8 rx_stbc;
739 		u8 hw_path;
740 		u8 he;
741 		u8 eht;
742 	} __packed * cap;
743 	enum {
744 		WF0_24G,
745 		WF0_5G
746 	};
747 
748 	cap = (struct mt7925_mcu_phy_cap *)data;
749 
750 	mdev->phy.antenna_mask = BIT(cap->nss) - 1;
751 	mdev->phy.chainmask = mdev->phy.antenna_mask;
752 	mdev->phy.cap.has_2ghz = cap->hw_path & BIT(WF0_24G);
753 	mdev->phy.cap.has_5ghz = cap->hw_path & BIT(WF0_5G);
754 	dev->has_eht = cap->eht;
755 }
756 
757 static void
758 mt7925_mcu_parse_eml_cap(struct mt792x_dev *dev, char *data)
759 {
760 	struct mt7925_mcu_eml_cap {
761 		u8 rsv[4];
762 		__le16 eml_cap;
763 		u8 rsv2[6];
764 	} __packed * cap;
765 
766 	cap = (struct mt7925_mcu_eml_cap *)data;
767 
768 	dev->phy.eml_cap = le16_to_cpu(cap->eml_cap);
769 }
770 
771 static int
772 mt7925_mcu_get_nic_capability(struct mt792x_dev *dev)
773 {
774 	struct mt76_phy *mphy = &dev->mt76.phy;
775 	struct {
776 		u8 _rsv[4];
777 
778 		__le16 tag;
779 		__le16 len;
780 	} __packed req = {
781 		.tag = cpu_to_le16(UNI_CHIP_CONFIG_NIC_CAPA),
782 		.len = cpu_to_le16(sizeof(req) - 4),
783 	};
784 	struct mt76_connac_cap_hdr {
785 		__le16 n_element;
786 		u8 rsv[2];
787 	} __packed * hdr;
788 	struct sk_buff *skb;
789 	int ret, i;
790 
791 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(CHIP_CONFIG),
792 					&req, sizeof(req), true, &skb);
793 	if (ret)
794 		return ret;
795 
796 	hdr = (struct mt76_connac_cap_hdr *)skb->data;
797 	if (skb->len < sizeof(*hdr)) {
798 		ret = -EINVAL;
799 		goto out;
800 	}
801 
802 	skb_pull(skb, sizeof(*hdr));
803 
804 	for (i = 0; i < le16_to_cpu(hdr->n_element); i++) {
805 		struct tlv *tlv = (struct tlv *)skb->data;
806 		int len;
807 
808 		if (skb->len < sizeof(*tlv))
809 			break;
810 
811 		len = le16_to_cpu(tlv->len);
812 		if (skb->len < len)
813 			break;
814 
815 		switch (le16_to_cpu(tlv->tag)) {
816 		case MT_NIC_CAP_6G:
817 			mphy->cap.has_6ghz = !!tlv->data[0];
818 			break;
819 		case MT_NIC_CAP_MAC_ADDR:
820 			memcpy(mphy->macaddr, (void *)tlv->data, ETH_ALEN);
821 			break;
822 		case MT_NIC_CAP_PHY:
823 			mt7925_mcu_parse_phy_cap(dev, tlv->data);
824 			break;
825 		case MT_NIC_CAP_CHIP_CAP:
826 			memcpy(&dev->phy.chip_cap, (void *)skb->data, sizeof(u64));
827 			break;
828 		case MT_NIC_CAP_EML_CAP:
829 			mt7925_mcu_parse_eml_cap(dev, tlv->data);
830 			break;
831 		default:
832 			break;
833 		}
834 		skb_pull(skb, len);
835 	}
836 out:
837 	dev_kfree_skb(skb);
838 	return ret;
839 }
840 
841 int mt7925_mcu_chip_config(struct mt792x_dev *dev, const char *cmd)
842 {
843 	u16 len = strlen(cmd) + 1;
844 	struct {
845 		u8 _rsv[4];
846 		__le16 tag;
847 		__le16 len;
848 		struct mt76_connac_config config;
849 	} __packed req = {
850 		.tag = cpu_to_le16(UNI_CHIP_CONFIG_CHIP_CFG),
851 		.len = cpu_to_le16(sizeof(req) - 4),
852 		.config = {
853 			.resp_type = 0,
854 			.type = 0,
855 			.data_size = cpu_to_le16(len),
856 		},
857 	};
858 
859 	memcpy(req.config.data, cmd, len);
860 
861 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(CHIP_CONFIG),
862 				 &req, sizeof(req), false);
863 }
864 
865 int mt7925_mcu_set_deep_sleep(struct mt792x_dev *dev, bool enable)
866 {
867 	char cmd[16];
868 
869 	snprintf(cmd, sizeof(cmd), "KeepFullPwr %d", !enable);
870 
871 	return mt7925_mcu_chip_config(dev, cmd);
872 }
873 EXPORT_SYMBOL_GPL(mt7925_mcu_set_deep_sleep);
874 
875 int mt7925_run_firmware(struct mt792x_dev *dev)
876 {
877 	int err;
878 
879 	err = mt792x_load_firmware(dev);
880 	if (err)
881 		return err;
882 
883 	err = mt7925_mcu_get_nic_capability(dev);
884 	if (err)
885 		return err;
886 
887 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
888 	err = mt7925_load_clc(dev, mt792x_ram_name(dev));
889 	if (err)
890 		return err;
891 
892 	return mt7925_mcu_fw_log_2_host(dev, 1);
893 }
894 EXPORT_SYMBOL_GPL(mt7925_run_firmware);
895 
896 static void
897 mt7925_mcu_sta_hdr_trans_tlv(struct sk_buff *skb,
898 			     struct ieee80211_vif *vif,
899 			     struct ieee80211_link_sta *link_sta)
900 {
901 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
902 	struct sta_rec_hdr_trans *hdr_trans;
903 	struct mt76_wcid *wcid;
904 	struct tlv *tlv;
905 
906 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HDR_TRANS, sizeof(*hdr_trans));
907 	hdr_trans = (struct sta_rec_hdr_trans *)tlv;
908 	hdr_trans->dis_rx_hdr_tran = true;
909 
910 	if (vif->type == NL80211_IFTYPE_STATION)
911 		hdr_trans->to_ds = true;
912 	else
913 		hdr_trans->from_ds = true;
914 
915 	if (link_sta) {
916 		struct mt792x_sta *msta = (struct mt792x_sta *)link_sta->sta->drv_priv;
917 		struct mt792x_link_sta *mlink;
918 
919 		mlink = mt792x_sta_to_link(msta, link_sta->link_id);
920 		wcid = &mlink->wcid;
921 	} else {
922 		wcid = &mvif->sta.deflink.wcid;
923 	}
924 
925 	if (!wcid)
926 		return;
927 
928 	hdr_trans->dis_rx_hdr_tran = !test_bit(MT_WCID_FLAG_HDR_TRANS, &wcid->flags);
929 	if (test_bit(MT_WCID_FLAG_4ADDR, &wcid->flags)) {
930 		hdr_trans->to_ds = true;
931 		hdr_trans->from_ds = true;
932 	}
933 }
934 
935 int mt7925_mcu_wtbl_update_hdr_trans(struct mt792x_dev *dev,
936 				     struct ieee80211_vif *vif,
937 				     struct ieee80211_sta *sta,
938 				     int link_id)
939 {
940 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
941 	struct ieee80211_link_sta *link_sta = sta ? &sta->deflink : NULL;
942 	struct mt792x_link_sta *mlink;
943 	struct mt792x_bss_conf *mconf;
944 	struct mt792x_sta *msta;
945 	struct sk_buff *skb;
946 
947 	msta = sta ? (struct mt792x_sta *)sta->drv_priv : &mvif->sta;
948 
949 	mlink = mt792x_sta_to_link(msta, link_id);
950 	link_sta = mt792x_sta_to_link_sta(vif, sta, link_id);
951 	mconf = mt792x_vif_to_link(mvif, link_id);
952 
953 	skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mconf->mt76,
954 					      &mlink->wcid,
955 					      MT7925_STA_UPDATE_MAX_SIZE);
956 	if (IS_ERR(skb))
957 		return PTR_ERR(skb);
958 
959 	/* starec hdr trans */
960 	mt7925_mcu_sta_hdr_trans_tlv(skb, vif, link_sta);
961 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
962 				     MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
963 }
964 
965 int mt7925_mcu_set_tx(struct mt792x_dev *dev,
966 		      struct ieee80211_bss_conf *bss_conf)
967 {
968 #define MCU_EDCA_AC_PARAM	0
969 #define WMM_AIFS_SET		BIT(0)
970 #define WMM_CW_MIN_SET		BIT(1)
971 #define WMM_CW_MAX_SET		BIT(2)
972 #define WMM_TXOP_SET		BIT(3)
973 #define WMM_PARAM_SET		(WMM_AIFS_SET | WMM_CW_MIN_SET | \
974 				 WMM_CW_MAX_SET | WMM_TXOP_SET)
975 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(bss_conf);
976 	struct {
977 		u8 bss_idx;
978 		u8 __rsv[3];
979 	} __packed hdr = {
980 		.bss_idx = mconf->mt76.idx,
981 	};
982 	struct sk_buff *skb;
983 	int len = sizeof(hdr) + IEEE80211_NUM_ACS * sizeof(struct edca);
984 	int ac;
985 
986 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
987 	if (!skb)
988 		return -ENOMEM;
989 
990 	skb_put_data(skb, &hdr, sizeof(hdr));
991 
992 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
993 		struct ieee80211_tx_queue_params *q = &mconf->queue_params[ac];
994 		struct edca *e;
995 		struct tlv *tlv;
996 
997 		tlv = mt76_connac_mcu_add_tlv(skb, MCU_EDCA_AC_PARAM, sizeof(*e));
998 
999 		e = (struct edca *)tlv;
1000 		e->set = WMM_PARAM_SET;
1001 		e->queue = ac;
1002 		e->aifs = q->aifs;
1003 		e->txop = cpu_to_le16(q->txop);
1004 
1005 		if (q->cw_min)
1006 			e->cw_min = fls(q->cw_min);
1007 		else
1008 			e->cw_min = 5;
1009 
1010 		if (q->cw_max)
1011 			e->cw_max = fls(q->cw_max);
1012 		else
1013 			e->cw_max = 10;
1014 	}
1015 
1016 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1017 				     MCU_UNI_CMD(EDCA_UPDATE), true);
1018 }
1019 
1020 static int
1021 mt7925_mcu_sta_key_tlv(struct mt76_wcid *wcid,
1022 		       struct mt76_connac_sta_key_conf *sta_key_conf,
1023 		       struct sk_buff *skb,
1024 		       struct ieee80211_key_conf *key,
1025 		       enum set_key_cmd cmd,
1026 		       struct mt792x_sta *msta)
1027 {
1028 	struct mt792x_vif *mvif = msta->vif;
1029 	struct mt792x_bss_conf *mconf = mt792x_vif_to_link(mvif, wcid->link_id);
1030 	struct sta_rec_sec_uni *sec;
1031 	struct ieee80211_sta *sta;
1032 	struct ieee80211_vif *vif;
1033 	struct tlv *tlv;
1034 
1035 	sta = msta == &mvif->sta ?
1036 		      NULL :
1037 		      container_of((void *)msta, struct ieee80211_sta, drv_priv);
1038 	vif = container_of((void *)mvif, struct ieee80211_vif, drv_priv);
1039 
1040 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_KEY_V3, sizeof(*sec));
1041 	sec = (struct sta_rec_sec_uni *)tlv;
1042 	sec->bss_idx = mconf->mt76.idx;
1043 	sec->is_authenticator = 0;
1044 	sec->mgmt_prot = 1; /* only used in MLO mode */
1045 	sec->wlan_idx = (u8)wcid->idx;
1046 
1047 	if (sta) {
1048 		struct ieee80211_link_sta *link_sta;
1049 
1050 		sec->tx_key = 1;
1051 		sec->key_type = 1;
1052 		link_sta = mt792x_sta_to_link_sta(vif, sta, wcid->link_id);
1053 
1054 		if (link_sta)
1055 			memcpy(sec->peer_addr, link_sta->addr, ETH_ALEN);
1056 	} else {
1057 		struct ieee80211_bss_conf *link_conf;
1058 
1059 		link_conf = mt792x_vif_to_bss_conf(vif, wcid->link_id);
1060 
1061 		if (link_conf)
1062 			memcpy(sec->peer_addr, link_conf->bssid, ETH_ALEN);
1063 	}
1064 
1065 	if (cmd == SET_KEY) {
1066 		u8 cipher;
1067 
1068 		sec->add = 1;
1069 		cipher = mt7925_mcu_get_cipher(key->cipher);
1070 		if (cipher == CONNAC3_CIPHER_NONE)
1071 			return -EOPNOTSUPP;
1072 
1073 		if (cipher == CONNAC3_CIPHER_BIP_CMAC_128) {
1074 			sec->cipher_id = CONNAC3_CIPHER_BIP_CMAC_128;
1075 			sec->key_id = sta_key_conf->keyidx;
1076 			sec->key_len = 32;
1077 			memcpy(sec->key, sta_key_conf->key, 16);
1078 			memcpy(sec->key + 16, key->key, 16);
1079 		} else {
1080 			sec->cipher_id = cipher;
1081 			sec->key_id = key->keyidx;
1082 			sec->key_len = key->keylen;
1083 			memcpy(sec->key, key->key, key->keylen);
1084 
1085 			if (cipher == CONNAC3_CIPHER_TKIP) {
1086 				/* Rx/Tx MIC keys are swapped */
1087 				memcpy(sec->key + 16, key->key + 24, 8);
1088 				memcpy(sec->key + 24, key->key + 16, 8);
1089 			}
1090 
1091 			/* store key_conf for BIP batch update */
1092 			if (cipher == CONNAC3_CIPHER_AES_CCMP) {
1093 				memcpy(sta_key_conf->key, key->key, key->keylen);
1094 				sta_key_conf->keyidx = key->keyidx;
1095 			}
1096 		}
1097 	} else {
1098 		sec->add = 0;
1099 	}
1100 
1101 	return 0;
1102 }
1103 
1104 int mt7925_mcu_add_key(struct mt76_dev *dev, struct ieee80211_vif *vif,
1105 		       struct mt76_connac_sta_key_conf *sta_key_conf,
1106 		       struct ieee80211_key_conf *key, int mcu_cmd,
1107 		       struct mt76_wcid *wcid, enum set_key_cmd cmd,
1108 		       struct mt792x_sta *msta)
1109 {
1110 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1111 	struct mt792x_bss_conf *mconf = mt792x_vif_to_link(mvif, wcid->link_id);
1112 	struct sk_buff *skb;
1113 	int ret;
1114 
1115 	skb = __mt76_connac_mcu_alloc_sta_req(dev, &mconf->mt76, wcid,
1116 					      MT7925_STA_UPDATE_MAX_SIZE);
1117 	if (IS_ERR(skb))
1118 		return PTR_ERR(skb);
1119 
1120 	ret = mt7925_mcu_sta_key_tlv(wcid, sta_key_conf, skb, key, cmd, msta);
1121 	if (ret)
1122 		return ret;
1123 
1124 	return mt76_mcu_skb_send_msg(dev, skb, mcu_cmd, true);
1125 }
1126 
1127 int mt7925_mcu_set_mlo_roc(struct mt792x_bss_conf *mconf, u16 sel_links,
1128 			   int duration, u8 token_id)
1129 {
1130 	struct mt792x_vif *mvif = mconf->vif;
1131 	struct ieee80211_vif *vif = container_of((void *)mvif,
1132 						 struct ieee80211_vif, drv_priv);
1133 	struct ieee80211_bss_conf *link_conf;
1134 	struct ieee80211_channel *chan;
1135 	const u8 ch_band[] = {
1136 		[NL80211_BAND_2GHZ] = 1,
1137 		[NL80211_BAND_5GHZ] = 2,
1138 		[NL80211_BAND_6GHZ] = 3,
1139 	};
1140 	enum mt7925_roc_req type;
1141 	int center_ch, i = 0;
1142 	bool is_AG_band = false;
1143 	struct {
1144 		u8 id;
1145 		u8 bss_idx;
1146 		u16 tag;
1147 		struct mt792x_bss_conf *mconf;
1148 		struct ieee80211_channel *chan;
1149 	} links[2];
1150 
1151 	struct {
1152 		struct {
1153 			u8 rsv[4];
1154 		} __packed hdr;
1155 		struct roc_acquire_tlv roc[2];
1156 	} __packed req;
1157 
1158 	if (!mconf || hweight16(vif->valid_links) < 2 ||
1159 	    hweight16(sel_links) != 2)
1160 		return -EPERM;
1161 
1162 	for (i = 0; i < ARRAY_SIZE(links); i++) {
1163 		links[i].id = i ? __ffs(~BIT(mconf->link_id) & sel_links) :
1164 				 mconf->link_id;
1165 		link_conf = mt792x_vif_to_bss_conf(vif, links[i].id);
1166 		if (WARN_ON_ONCE(!link_conf))
1167 			return -EPERM;
1168 
1169 		links[i].chan = link_conf->chanreq.oper.chan;
1170 		if (WARN_ON_ONCE(!links[i].chan))
1171 			return -EPERM;
1172 
1173 		links[i].mconf = mt792x_vif_to_link(mvif, links[i].id);
1174 		links[i].tag = links[i].id == mconf->link_id ?
1175 			       UNI_ROC_ACQUIRE : UNI_ROC_SUB_LINK;
1176 
1177 		is_AG_band |= links[i].chan->band == NL80211_BAND_2GHZ;
1178 	}
1179 
1180 	if (vif->cfg.eml_cap & IEEE80211_EML_CAP_EMLSR_SUPP)
1181 		type = is_AG_band ? MT7925_ROC_REQ_MLSR_AG :
1182 				    MT7925_ROC_REQ_MLSR_AA;
1183 	else
1184 		type = MT7925_ROC_REQ_JOIN;
1185 
1186 	for (i = 0; i < ARRAY_SIZE(links) && i < hweight16(vif->active_links); i++) {
1187 		if (WARN_ON_ONCE(!links[i].mconf || !links[i].chan))
1188 			continue;
1189 
1190 		chan = links[i].chan;
1191 		center_ch = ieee80211_frequency_to_channel(chan->center_freq);
1192 		req.roc[i].len = cpu_to_le16(sizeof(struct roc_acquire_tlv));
1193 		req.roc[i].tag = cpu_to_le16(links[i].tag);
1194 		req.roc[i].tokenid = token_id;
1195 		req.roc[i].reqtype = type;
1196 		req.roc[i].maxinterval = cpu_to_le32(duration);
1197 		req.roc[i].bss_idx = links[i].mconf->mt76.idx;
1198 		req.roc[i].control_channel = chan->hw_value;
1199 		req.roc[i].bw = CMD_CBW_20MHZ;
1200 		req.roc[i].bw_from_ap = CMD_CBW_20MHZ;
1201 		req.roc[i].center_chan = center_ch;
1202 		req.roc[i].center_chan_from_ap = center_ch;
1203 
1204 		/* STR : 0xfe indicates BAND_ALL with enabling DBDC
1205 		 * EMLSR : 0xff indicates (BAND_AUTO) without DBDC
1206 		 */
1207 		req.roc[i].dbdcband = type == MT7925_ROC_REQ_JOIN ? 0xfe : 0xff;
1208 
1209 		if (chan->hw_value < center_ch)
1210 			req.roc[i].sco = 1; /* SCA */
1211 		else if (chan->hw_value > center_ch)
1212 			req.roc[i].sco = 3; /* SCB */
1213 
1214 		req.roc[i].band = ch_band[chan->band];
1215 	}
1216 
1217 	return mt76_mcu_send_msg(&mvif->phy->dev->mt76, MCU_UNI_CMD(ROC),
1218 				 &req, sizeof(req), false);
1219 }
1220 
1221 int mt7925_mcu_set_roc(struct mt792x_phy *phy, struct mt792x_bss_conf *mconf,
1222 		       struct ieee80211_channel *chan, int duration,
1223 		       enum mt7925_roc_req type, u8 token_id)
1224 {
1225 	int center_ch = ieee80211_frequency_to_channel(chan->center_freq);
1226 	struct mt792x_dev *dev = phy->dev;
1227 	struct {
1228 		struct {
1229 			u8 rsv[4];
1230 		} __packed hdr;
1231 		struct roc_acquire_tlv roc;
1232 	} __packed req = {
1233 		.roc = {
1234 			.tag = cpu_to_le16(UNI_ROC_ACQUIRE),
1235 			.len = cpu_to_le16(sizeof(struct roc_acquire_tlv)),
1236 			.tokenid = token_id,
1237 			.reqtype = type,
1238 			.maxinterval = cpu_to_le32(duration),
1239 			.bss_idx = mconf->mt76.idx,
1240 			.control_channel = chan->hw_value,
1241 			.bw = CMD_CBW_20MHZ,
1242 			.bw_from_ap = CMD_CBW_20MHZ,
1243 			.center_chan = center_ch,
1244 			.center_chan_from_ap = center_ch,
1245 			.dbdcband = 0xff, /* auto */
1246 		},
1247 	};
1248 
1249 	if (chan->hw_value < center_ch)
1250 		req.roc.sco = 1; /* SCA */
1251 	else if (chan->hw_value > center_ch)
1252 		req.roc.sco = 3; /* SCB */
1253 
1254 	switch (chan->band) {
1255 	case NL80211_BAND_6GHZ:
1256 		req.roc.band = 3;
1257 		break;
1258 	case NL80211_BAND_5GHZ:
1259 		req.roc.band = 2;
1260 		break;
1261 	default:
1262 		req.roc.band = 1;
1263 		break;
1264 	}
1265 
1266 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(ROC),
1267 				 &req, sizeof(req), false);
1268 }
1269 
1270 int mt7925_mcu_abort_roc(struct mt792x_phy *phy, struct mt792x_bss_conf *mconf,
1271 			 u8 token_id)
1272 {
1273 	struct mt792x_dev *dev = phy->dev;
1274 	struct {
1275 		struct {
1276 			u8 rsv[4];
1277 		} __packed hdr;
1278 		struct roc_abort_tlv {
1279 			__le16 tag;
1280 			__le16 len;
1281 			u8 bss_idx;
1282 			u8 tokenid;
1283 			u8 dbdcband;
1284 			u8 rsv[5];
1285 		} __packed abort;
1286 	} __packed req = {
1287 		.abort = {
1288 			.tag = cpu_to_le16(UNI_ROC_ABORT),
1289 			.len = cpu_to_le16(sizeof(struct roc_abort_tlv)),
1290 			.tokenid = token_id,
1291 			.bss_idx = mconf->mt76.idx,
1292 			.dbdcband = 0xff, /* auto*/
1293 		},
1294 	};
1295 
1296 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(ROC),
1297 				 &req, sizeof(req), false);
1298 }
1299 
1300 int mt7925_mcu_set_eeprom(struct mt792x_dev *dev)
1301 {
1302 	struct {
1303 		u8 _rsv[4];
1304 
1305 		__le16 tag;
1306 		__le16 len;
1307 		u8 buffer_mode;
1308 		u8 format;
1309 		__le16 buf_len;
1310 	} __packed req = {
1311 		.tag = cpu_to_le16(UNI_EFUSE_BUFFER_MODE),
1312 		.len = cpu_to_le16(sizeof(req) - 4),
1313 		.buffer_mode = EE_MODE_EFUSE,
1314 		.format = EE_FORMAT_WHOLE
1315 	};
1316 
1317 	return mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(EFUSE_CTRL),
1318 					 &req, sizeof(req), false, NULL);
1319 }
1320 EXPORT_SYMBOL_GPL(mt7925_mcu_set_eeprom);
1321 
1322 int mt7925_mcu_uni_bss_ps(struct mt792x_dev *dev,
1323 			  struct ieee80211_bss_conf *link_conf)
1324 {
1325 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
1326 	struct {
1327 		struct {
1328 			u8 bss_idx;
1329 			u8 pad[3];
1330 		} __packed hdr;
1331 		struct ps_tlv {
1332 			__le16 tag;
1333 			__le16 len;
1334 			u8 ps_state; /* 0: device awake
1335 				      * 1: static power save
1336 				      * 2: dynamic power saving
1337 				      * 3: enter TWT power saving
1338 				      * 4: leave TWT power saving
1339 				      */
1340 			u8 pad[3];
1341 		} __packed ps;
1342 	} __packed ps_req = {
1343 		.hdr = {
1344 			.bss_idx = mconf->mt76.idx,
1345 		},
1346 		.ps = {
1347 			.tag = cpu_to_le16(UNI_BSS_INFO_PS),
1348 			.len = cpu_to_le16(sizeof(struct ps_tlv)),
1349 			.ps_state = link_conf->vif->cfg.ps ? 2 : 0,
1350 		},
1351 	};
1352 
1353 	if (link_conf->vif->type != NL80211_IFTYPE_STATION)
1354 		return -EOPNOTSUPP;
1355 
1356 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1357 				 &ps_req, sizeof(ps_req), true);
1358 }
1359 
1360 static int
1361 mt7925_mcu_uni_bss_bcnft(struct mt792x_dev *dev,
1362 			 struct ieee80211_bss_conf *link_conf, bool enable)
1363 {
1364 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
1365 	struct {
1366 		struct {
1367 			u8 bss_idx;
1368 			u8 pad[3];
1369 		} __packed hdr;
1370 		struct bcnft_tlv {
1371 			__le16 tag;
1372 			__le16 len;
1373 			__le16 bcn_interval;
1374 			u8 dtim_period;
1375 			u8 bmc_delivered_ac;
1376 			u8 bmc_triggered_ac;
1377 			u8 pad[3];
1378 		} __packed bcnft;
1379 	} __packed bcnft_req = {
1380 		.hdr = {
1381 			.bss_idx = mconf->mt76.idx,
1382 		},
1383 		.bcnft = {
1384 			.tag = cpu_to_le16(UNI_BSS_INFO_BCNFT),
1385 			.len = cpu_to_le16(sizeof(struct bcnft_tlv)),
1386 			.bcn_interval = cpu_to_le16(link_conf->beacon_int),
1387 			.dtim_period = link_conf->dtim_period,
1388 		},
1389 	};
1390 
1391 	if (link_conf->vif->type != NL80211_IFTYPE_STATION)
1392 		return 0;
1393 
1394 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1395 				 &bcnft_req, sizeof(bcnft_req), true);
1396 }
1397 
1398 int
1399 mt7925_mcu_set_bss_pm(struct mt792x_dev *dev,
1400 		      struct ieee80211_bss_conf *link_conf,
1401 		      bool enable)
1402 {
1403 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
1404 	struct {
1405 		struct {
1406 			u8 bss_idx;
1407 			u8 pad[3];
1408 		} __packed hdr;
1409 		struct bcnft_tlv {
1410 			__le16 tag;
1411 			__le16 len;
1412 			__le16 bcn_interval;
1413 			u8 dtim_period;
1414 			u8 bmc_delivered_ac;
1415 			u8 bmc_triggered_ac;
1416 			u8 pad[3];
1417 		} __packed enable;
1418 	} req = {
1419 		.hdr = {
1420 			.bss_idx = mconf->mt76.idx,
1421 		},
1422 		.enable = {
1423 			.tag = cpu_to_le16(UNI_BSS_INFO_BCNFT),
1424 			.len = cpu_to_le16(sizeof(struct bcnft_tlv)),
1425 			.dtim_period = link_conf->dtim_period,
1426 			.bcn_interval = cpu_to_le16(link_conf->beacon_int),
1427 		},
1428 	};
1429 	struct {
1430 		struct {
1431 			u8 bss_idx;
1432 			u8 pad[3];
1433 		} __packed hdr;
1434 		struct pm_disable {
1435 			__le16 tag;
1436 			__le16 len;
1437 		} __packed disable;
1438 	} req1 = {
1439 		.hdr = {
1440 			.bss_idx = mconf->mt76.idx,
1441 		},
1442 		.disable = {
1443 			.tag = cpu_to_le16(UNI_BSS_INFO_PM_DISABLE),
1444 			.len = cpu_to_le16(sizeof(struct pm_disable))
1445 		},
1446 	};
1447 	int err;
1448 
1449 	err = mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1450 				&req1, sizeof(req1), false);
1451 	if (err < 0 || !enable)
1452 		return err;
1453 
1454 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1455 				 &req, sizeof(req), false);
1456 }
1457 
1458 static void
1459 mt7925_mcu_sta_he_tlv(struct sk_buff *skb, struct ieee80211_link_sta *link_sta)
1460 {
1461 	if (!link_sta->he_cap.has_he)
1462 		return;
1463 
1464 	mt76_connac_mcu_sta_he_tlv_v2(skb, link_sta->sta);
1465 }
1466 
1467 static void
1468 mt7925_mcu_sta_he_6g_tlv(struct sk_buff *skb,
1469 			 struct ieee80211_link_sta *link_sta)
1470 {
1471 	struct sta_rec_he_6g_capa *he_6g;
1472 	struct tlv *tlv;
1473 
1474 	if (!link_sta->he_6ghz_capa.capa)
1475 		return;
1476 
1477 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HE_6G, sizeof(*he_6g));
1478 
1479 	he_6g = (struct sta_rec_he_6g_capa *)tlv;
1480 	he_6g->capa = link_sta->he_6ghz_capa.capa;
1481 }
1482 
1483 static void
1484 mt7925_mcu_sta_eht_tlv(struct sk_buff *skb, struct ieee80211_link_sta *link_sta)
1485 {
1486 	struct ieee80211_eht_mcs_nss_supp *mcs_map;
1487 	struct ieee80211_eht_cap_elem_fixed *elem;
1488 	struct sta_rec_eht *eht;
1489 	struct tlv *tlv;
1490 
1491 	if (!link_sta->eht_cap.has_eht)
1492 		return;
1493 
1494 	mcs_map = &link_sta->eht_cap.eht_mcs_nss_supp;
1495 	elem = &link_sta->eht_cap.eht_cap_elem;
1496 
1497 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_EHT, sizeof(*eht));
1498 
1499 	eht = (struct sta_rec_eht *)tlv;
1500 	eht->tid_bitmap = 0xff;
1501 	eht->mac_cap = cpu_to_le16(*(u16 *)elem->mac_cap_info);
1502 	eht->phy_cap = cpu_to_le64(*(u64 *)elem->phy_cap_info);
1503 	eht->phy_cap_ext = cpu_to_le64(elem->phy_cap_info[8]);
1504 
1505 	if (link_sta->bandwidth == IEEE80211_STA_RX_BW_20)
1506 		memcpy(eht->mcs_map_bw20, &mcs_map->only_20mhz, sizeof(eht->mcs_map_bw20));
1507 	memcpy(eht->mcs_map_bw80, &mcs_map->bw._80, sizeof(eht->mcs_map_bw80));
1508 	memcpy(eht->mcs_map_bw160, &mcs_map->bw._160, sizeof(eht->mcs_map_bw160));
1509 }
1510 
1511 static void
1512 mt7925_mcu_sta_ht_tlv(struct sk_buff *skb, struct ieee80211_link_sta *link_sta)
1513 {
1514 	struct sta_rec_ht *ht;
1515 	struct tlv *tlv;
1516 
1517 	if (!link_sta->ht_cap.ht_supported)
1518 		return;
1519 
1520 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
1521 
1522 	ht = (struct sta_rec_ht *)tlv;
1523 	ht->ht_cap = cpu_to_le16(link_sta->ht_cap.cap);
1524 }
1525 
1526 static void
1527 mt7925_mcu_sta_vht_tlv(struct sk_buff *skb, struct ieee80211_link_sta *link_sta)
1528 {
1529 	struct sta_rec_vht *vht;
1530 	struct tlv *tlv;
1531 
1532 	/* For 6G band, this tlv is necessary to let hw work normally */
1533 	if (!link_sta->he_6ghz_capa.capa && !link_sta->vht_cap.vht_supported)
1534 		return;
1535 
1536 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
1537 
1538 	vht = (struct sta_rec_vht *)tlv;
1539 	vht->vht_cap = cpu_to_le32(link_sta->vht_cap.cap);
1540 	vht->vht_rx_mcs_map = link_sta->vht_cap.vht_mcs.rx_mcs_map;
1541 	vht->vht_tx_mcs_map = link_sta->vht_cap.vht_mcs.tx_mcs_map;
1542 }
1543 
1544 static void
1545 mt7925_mcu_sta_amsdu_tlv(struct sk_buff *skb,
1546 			 struct ieee80211_vif *vif,
1547 			 struct ieee80211_link_sta *link_sta)
1548 {
1549 	struct mt792x_sta *msta = (struct mt792x_sta *)link_sta->sta->drv_priv;
1550 	struct mt792x_link_sta *mlink;
1551 	struct sta_rec_amsdu *amsdu;
1552 	struct tlv *tlv;
1553 
1554 	if (vif->type != NL80211_IFTYPE_STATION &&
1555 	    vif->type != NL80211_IFTYPE_AP)
1556 		return;
1557 
1558 	if (!link_sta->agg.max_amsdu_len)
1559 		return;
1560 
1561 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HW_AMSDU, sizeof(*amsdu));
1562 	amsdu = (struct sta_rec_amsdu *)tlv;
1563 	amsdu->max_amsdu_num = 8;
1564 	amsdu->amsdu_en = true;
1565 
1566 	mlink = mt792x_sta_to_link(msta, link_sta->link_id);
1567 	mlink->wcid.amsdu = true;
1568 
1569 	switch (link_sta->agg.max_amsdu_len) {
1570 	case IEEE80211_MAX_MPDU_LEN_VHT_11454:
1571 		amsdu->max_mpdu_size =
1572 			IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454;
1573 		return;
1574 	case IEEE80211_MAX_MPDU_LEN_HT_7935:
1575 	case IEEE80211_MAX_MPDU_LEN_VHT_7991:
1576 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991;
1577 		return;
1578 	default:
1579 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895;
1580 		return;
1581 	}
1582 }
1583 
1584 static void
1585 mt7925_mcu_sta_phy_tlv(struct sk_buff *skb,
1586 		       struct ieee80211_vif *vif,
1587 		       struct ieee80211_link_sta *link_sta)
1588 {
1589 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1590 	struct ieee80211_bss_conf *link_conf;
1591 	struct cfg80211_chan_def *chandef;
1592 	struct mt792x_bss_conf *mconf;
1593 	struct sta_rec_phy *phy;
1594 	struct tlv *tlv;
1595 	u8 af = 0, mm = 0;
1596 
1597 	link_conf = mt792x_vif_to_bss_conf(vif, link_sta->link_id);
1598 	mconf = mt792x_vif_to_link(mvif, link_sta->link_id);
1599 	chandef = mconf->mt76.ctx ? &mconf->mt76.ctx->def :
1600 				    &link_conf->chanreq.oper;
1601 
1602 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_PHY, sizeof(*phy));
1603 	phy = (struct sta_rec_phy *)tlv;
1604 	phy->phy_type = mt76_connac_get_phy_mode_v2(mvif->phy->mt76, vif,
1605 						    chandef->chan->band,
1606 						    link_sta);
1607 	phy->basic_rate = cpu_to_le16((u16)link_conf->basic_rates);
1608 	if (link_sta->ht_cap.ht_supported) {
1609 		af = link_sta->ht_cap.ampdu_factor;
1610 		mm = link_sta->ht_cap.ampdu_density;
1611 	}
1612 
1613 	if (link_sta->vht_cap.vht_supported) {
1614 		u8 vht_af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
1615 				      link_sta->vht_cap.cap);
1616 
1617 		af = max_t(u8, af, vht_af);
1618 	}
1619 
1620 	if (link_sta->he_6ghz_capa.capa) {
1621 		af = le16_get_bits(link_sta->he_6ghz_capa.capa,
1622 				   IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP);
1623 		mm = le16_get_bits(link_sta->he_6ghz_capa.capa,
1624 				   IEEE80211_HE_6GHZ_CAP_MIN_MPDU_START);
1625 	}
1626 
1627 	phy->ampdu = FIELD_PREP(IEEE80211_HT_AMPDU_PARM_FACTOR, af) |
1628 		     FIELD_PREP(IEEE80211_HT_AMPDU_PARM_DENSITY, mm);
1629 	phy->max_ampdu_len = af;
1630 }
1631 
1632 static void
1633 mt7925_mcu_sta_state_v2_tlv(struct mt76_phy *mphy, struct sk_buff *skb,
1634 			    struct ieee80211_link_sta *link_sta,
1635 			    struct ieee80211_vif *vif,
1636 			    u8 rcpi, u8 sta_state)
1637 {
1638 	struct sta_rec_state_v2 {
1639 		__le16 tag;
1640 		__le16 len;
1641 		u8 state;
1642 		u8 rsv[3];
1643 		__le32 flags;
1644 		u8 vht_opmode;
1645 		u8 action;
1646 		u8 rsv2[2];
1647 	} __packed * state;
1648 	struct tlv *tlv;
1649 
1650 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_STATE, sizeof(*state));
1651 	state = (struct sta_rec_state_v2 *)tlv;
1652 	state->state = sta_state;
1653 
1654 	if (link_sta->vht_cap.vht_supported) {
1655 		state->vht_opmode = link_sta->bandwidth;
1656 		state->vht_opmode |= link_sta->rx_nss <<
1657 			IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
1658 	}
1659 }
1660 
1661 static void
1662 mt7925_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb,
1663 			     struct ieee80211_vif *vif,
1664 			     struct ieee80211_link_sta *link_sta)
1665 {
1666 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1667 	struct ieee80211_bss_conf *link_conf;
1668 	struct cfg80211_chan_def *chandef;
1669 	struct sta_rec_ra_info *ra_info;
1670 	struct mt792x_bss_conf *mconf;
1671 	enum nl80211_band band;
1672 	struct tlv *tlv;
1673 	u16 supp_rates;
1674 
1675 	link_conf = mt792x_vif_to_bss_conf(vif, link_sta->link_id);
1676 	mconf = mt792x_vif_to_link(mvif, link_sta->link_id);
1677 	chandef = mconf->mt76.ctx ? &mconf->mt76.ctx->def :
1678 				    &link_conf->chanreq.oper;
1679 	band = chandef->chan->band;
1680 
1681 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA, sizeof(*ra_info));
1682 	ra_info = (struct sta_rec_ra_info *)tlv;
1683 
1684 	supp_rates = link_sta->supp_rates[band];
1685 	if (band == NL80211_BAND_2GHZ)
1686 		supp_rates = FIELD_PREP(RA_LEGACY_OFDM, supp_rates >> 4) |
1687 			     FIELD_PREP(RA_LEGACY_CCK, supp_rates & 0xf);
1688 	else
1689 		supp_rates = FIELD_PREP(RA_LEGACY_OFDM, supp_rates);
1690 
1691 	ra_info->legacy = cpu_to_le16(supp_rates);
1692 
1693 	if (link_sta->ht_cap.ht_supported)
1694 		memcpy(ra_info->rx_mcs_bitmask,
1695 		       link_sta->ht_cap.mcs.rx_mask,
1696 		       HT_MCS_MASK_NUM);
1697 }
1698 
1699 static void
1700 mt7925_mcu_sta_eht_mld_tlv(struct sk_buff *skb,
1701 			   struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1702 {
1703 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1704 	struct wiphy *wiphy = mvif->phy->mt76->hw->wiphy;
1705 	const struct wiphy_iftype_ext_capab *ext_capa;
1706 	struct sta_rec_eht_mld *eht_mld;
1707 	struct tlv *tlv;
1708 	u16 eml_cap;
1709 
1710 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_EHT_MLD, sizeof(*eht_mld));
1711 	eht_mld = (struct sta_rec_eht_mld *)tlv;
1712 	eht_mld->mld_type = 0xff;
1713 
1714 	if (!ieee80211_vif_is_mld(vif))
1715 		return;
1716 
1717 	ext_capa = cfg80211_get_iftype_ext_capa(wiphy,
1718 						ieee80211_vif_type_p2p(vif));
1719 	if (!ext_capa)
1720 		return;
1721 
1722 	eml_cap = (vif->cfg.eml_cap & (IEEE80211_EML_CAP_EMLSR_SUPP |
1723 				       IEEE80211_EML_CAP_TRANSITION_TIMEOUT)) |
1724 		  (ext_capa->eml_capabilities & (IEEE80211_EML_CAP_EMLSR_PADDING_DELAY |
1725 						IEEE80211_EML_CAP_EMLSR_TRANSITION_DELAY));
1726 
1727 	if (eml_cap & IEEE80211_EML_CAP_EMLSR_SUPP) {
1728 		eht_mld->eml_cap[0] = u16_get_bits(eml_cap, GENMASK(7, 0));
1729 		eht_mld->eml_cap[1] = u16_get_bits(eml_cap, GENMASK(15, 8));
1730 	} else {
1731 		eht_mld->str_cap[0] = BIT(1);
1732 	}
1733 }
1734 
1735 static void
1736 mt7925_mcu_sta_mld_tlv(struct sk_buff *skb,
1737 		       struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1738 {
1739 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1740 	struct mt792x_sta *msta = (struct mt792x_sta *)sta->drv_priv;
1741 	unsigned long valid = mvif->valid_links;
1742 	struct mt792x_bss_conf *mconf;
1743 	struct mt792x_link_sta *mlink;
1744 	struct sta_rec_mld *mld;
1745 	struct tlv *tlv;
1746 	int i, cnt = 0;
1747 
1748 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_MLD, sizeof(*mld));
1749 	mld = (struct sta_rec_mld *)tlv;
1750 	memcpy(mld->mac_addr, sta->addr, ETH_ALEN);
1751 	mld->primary_id = cpu_to_le16(msta->deflink.wcid.idx);
1752 	mld->wlan_id = cpu_to_le16(msta->deflink.wcid.idx);
1753 	mld->link_num = min_t(u8, hweight16(mvif->valid_links), 2);
1754 
1755 	for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) {
1756 		if (cnt == mld->link_num)
1757 			break;
1758 
1759 		mconf = mt792x_vif_to_link(mvif, i);
1760 		mlink = mt792x_sta_to_link(msta, i);
1761 		mld->link[cnt].wlan_id = cpu_to_le16(mlink->wcid.idx);
1762 		mld->link[cnt++].bss_idx = mconf->mt76.idx;
1763 
1764 		if (mlink != &msta->deflink)
1765 			mld->secondary_id = cpu_to_le16(mlink->wcid.idx);
1766 	}
1767 }
1768 
1769 static int
1770 mt7925_mcu_sta_cmd(struct mt76_phy *phy,
1771 		   struct mt76_sta_cmd_info *info)
1772 {
1773 	struct mt76_vif *mvif = (struct mt76_vif *)info->vif->drv_priv;
1774 	struct mt76_dev *dev = phy->dev;
1775 	struct sk_buff *skb;
1776 	int conn_state;
1777 
1778 	skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, info->wcid,
1779 					      MT7925_STA_UPDATE_MAX_SIZE);
1780 	if (IS_ERR(skb))
1781 		return PTR_ERR(skb);
1782 
1783 	conn_state = info->enable ? CONN_STATE_PORT_SECURE :
1784 				    CONN_STATE_DISCONNECT;
1785 	if (info->link_sta)
1786 		mt76_connac_mcu_sta_basic_tlv(dev, skb, info->vif,
1787 					      info->link_sta,
1788 					      conn_state, info->newly);
1789 	if (info->link_sta && info->enable) {
1790 		mt7925_mcu_sta_phy_tlv(skb, info->vif, info->link_sta);
1791 		mt7925_mcu_sta_ht_tlv(skb, info->link_sta);
1792 		mt7925_mcu_sta_vht_tlv(skb, info->link_sta);
1793 		mt76_connac_mcu_sta_uapsd(skb, info->vif, info->link_sta->sta);
1794 		mt7925_mcu_sta_amsdu_tlv(skb, info->vif, info->link_sta);
1795 		mt7925_mcu_sta_he_tlv(skb, info->link_sta);
1796 		mt7925_mcu_sta_he_6g_tlv(skb, info->link_sta);
1797 		mt7925_mcu_sta_eht_tlv(skb, info->link_sta);
1798 		mt7925_mcu_sta_rate_ctrl_tlv(skb, info->vif,
1799 					     info->link_sta);
1800 		mt7925_mcu_sta_state_v2_tlv(phy, skb, info->link_sta,
1801 					    info->vif, info->rcpi,
1802 					    info->state);
1803 		mt7925_mcu_sta_mld_tlv(skb, info->vif, info->link_sta->sta);
1804 	}
1805 
1806 	if (info->enable)
1807 		mt7925_mcu_sta_hdr_trans_tlv(skb, info->vif, info->link_sta);
1808 
1809 	return mt76_mcu_skb_send_msg(dev, skb, info->cmd, true);
1810 }
1811 
1812 static void
1813 mt7925_mcu_sta_remove_tlv(struct sk_buff *skb)
1814 {
1815 	struct sta_rec_remove *rem;
1816 	struct tlv *tlv;
1817 
1818 	tlv = mt76_connac_mcu_add_tlv(skb, 0x25, sizeof(*rem));
1819 	rem = (struct sta_rec_remove *)tlv;
1820 	rem->action = 0;
1821 }
1822 
1823 static int
1824 mt7925_mcu_mlo_sta_cmd(struct mt76_phy *phy,
1825 		       struct mt76_sta_cmd_info *info)
1826 {
1827 	struct mt792x_vif *mvif = (struct mt792x_vif *)info->vif->drv_priv;
1828 	struct mt76_dev *dev = phy->dev;
1829 	struct mt792x_bss_conf *mconf;
1830 	struct sk_buff *skb;
1831 
1832 	mconf = mt792x_vif_to_link(mvif, info->wcid->link_id);
1833 
1834 	skb = __mt76_connac_mcu_alloc_sta_req(dev, &mconf->mt76, info->wcid,
1835 					      MT7925_STA_UPDATE_MAX_SIZE);
1836 	if (IS_ERR(skb))
1837 		return PTR_ERR(skb);
1838 
1839 	if (info->enable)
1840 		mt76_connac_mcu_sta_basic_tlv(dev, skb, info->vif,
1841 					      info->link_sta,
1842 					      info->enable, info->newly);
1843 
1844 	if (info->enable && info->link_sta) {
1845 		mt7925_mcu_sta_phy_tlv(skb, info->vif, info->link_sta);
1846 		mt7925_mcu_sta_ht_tlv(skb, info->link_sta);
1847 		mt7925_mcu_sta_vht_tlv(skb, info->link_sta);
1848 		mt76_connac_mcu_sta_uapsd(skb, info->vif, info->link_sta->sta);
1849 		mt7925_mcu_sta_amsdu_tlv(skb, info->vif, info->link_sta);
1850 		mt7925_mcu_sta_he_tlv(skb, info->link_sta);
1851 		mt7925_mcu_sta_he_6g_tlv(skb, info->link_sta);
1852 		mt7925_mcu_sta_eht_tlv(skb, info->link_sta);
1853 		mt7925_mcu_sta_rate_ctrl_tlv(skb, info->vif,
1854 					     info->link_sta);
1855 		mt7925_mcu_sta_state_v2_tlv(phy, skb, info->link_sta,
1856 					    info->vif, info->rcpi,
1857 					    info->state);
1858 
1859 		if (info->state != MT76_STA_INFO_STATE_NONE) {
1860 			mt7925_mcu_sta_mld_tlv(skb, info->vif, info->link_sta->sta);
1861 			mt7925_mcu_sta_eht_mld_tlv(skb, info->vif, info->link_sta->sta);
1862 		}
1863 
1864 		mt7925_mcu_sta_hdr_trans_tlv(skb, info->vif, info->link_sta);
1865 	}
1866 
1867 	if (!info->enable) {
1868 		mt7925_mcu_sta_remove_tlv(skb);
1869 		mt76_connac_mcu_add_tlv(skb, STA_REC_MLD_OFF,
1870 					sizeof(struct tlv));
1871 	}
1872 
1873 	return mt76_mcu_skb_send_msg(dev, skb, info->cmd, true);
1874 }
1875 
1876 int mt7925_mcu_sta_update(struct mt792x_dev *dev,
1877 			  struct ieee80211_link_sta *link_sta,
1878 			  struct ieee80211_vif *vif, bool enable,
1879 			  enum mt76_sta_info_state state)
1880 {
1881 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1882 	int rssi = -ewma_rssi_read(&mvif->bss_conf.rssi);
1883 	struct mt76_sta_cmd_info info = {
1884 		.link_sta = link_sta,
1885 		.vif = vif,
1886 		.enable = enable,
1887 		.cmd = MCU_UNI_CMD(STA_REC_UPDATE),
1888 		.state = state,
1889 		.offload_fw = true,
1890 		.rcpi = to_rcpi(rssi),
1891 	};
1892 	struct mt792x_sta *msta;
1893 	struct mt792x_link_sta *mlink;
1894 	int err;
1895 
1896 	if (link_sta) {
1897 		msta = (struct mt792x_sta *)link_sta->sta->drv_priv;
1898 		mlink = mt792x_sta_to_link(msta, link_sta->link_id);
1899 	}
1900 	info.wcid = link_sta ? &mlink->wcid : &mvif->sta.deflink.wcid;
1901 	info.newly = link_sta ? state != MT76_STA_INFO_STATE_ASSOC : true;
1902 
1903 	if (ieee80211_vif_is_mld(vif))
1904 		err = mt7925_mcu_mlo_sta_cmd(&dev->mphy, &info);
1905 	else
1906 		err = mt7925_mcu_sta_cmd(&dev->mphy, &info);
1907 
1908 	return err;
1909 }
1910 
1911 int mt7925_mcu_set_beacon_filter(struct mt792x_dev *dev,
1912 				 struct ieee80211_vif *vif,
1913 				 bool enable)
1914 {
1915 #define MT7925_FIF_BIT_CLR		BIT(1)
1916 #define MT7925_FIF_BIT_SET		BIT(0)
1917 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1918 	unsigned long valid = ieee80211_vif_is_mld(vif) ?
1919 				      mvif->valid_links : BIT(0);
1920 	struct ieee80211_bss_conf *bss_conf;
1921 	int err = 0;
1922 	int i;
1923 
1924 	if (enable) {
1925 		for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) {
1926 			bss_conf = mt792x_vif_to_bss_conf(vif, i);
1927 			err = mt7925_mcu_uni_bss_bcnft(dev, bss_conf, true);
1928 			if (err < 0)
1929 				return err;
1930 		}
1931 
1932 		return mt7925_mcu_set_rxfilter(dev, 0,
1933 					       MT7925_FIF_BIT_SET,
1934 					       MT_WF_RFCR_DROP_OTHER_BEACON);
1935 	}
1936 
1937 	for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) {
1938 		bss_conf = mt792x_vif_to_bss_conf(vif, i);
1939 		err = mt7925_mcu_set_bss_pm(dev, bss_conf, false);
1940 		if (err)
1941 			return err;
1942 	}
1943 
1944 	return mt7925_mcu_set_rxfilter(dev, 0,
1945 				       MT7925_FIF_BIT_CLR,
1946 				       MT_WF_RFCR_DROP_OTHER_BEACON);
1947 }
1948 
1949 int mt7925_get_txpwr_info(struct mt792x_dev *dev, u8 band_idx, struct mt7925_txpwr *txpwr)
1950 {
1951 #define TX_POWER_SHOW_INFO 0x7
1952 #define TXPOWER_ALL_RATE_POWER_INFO 0x2
1953 	struct mt7925_txpwr_event *event;
1954 	struct mt7925_txpwr_req req = {
1955 		.tag = cpu_to_le16(TX_POWER_SHOW_INFO),
1956 		.len = cpu_to_le16(sizeof(req) - 4),
1957 		.catg = TXPOWER_ALL_RATE_POWER_INFO,
1958 		.band_idx = band_idx,
1959 	};
1960 	struct sk_buff *skb;
1961 	int ret;
1962 
1963 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(TXPOWER),
1964 					&req, sizeof(req), true, &skb);
1965 	if (ret)
1966 		return ret;
1967 
1968 	event = (struct mt7925_txpwr_event *)skb->data;
1969 	memcpy(txpwr, &event->txpwr, sizeof(event->txpwr));
1970 
1971 	dev_kfree_skb(skb);
1972 
1973 	return 0;
1974 }
1975 
1976 int mt7925_mcu_set_sniffer(struct mt792x_dev *dev, struct ieee80211_vif *vif,
1977 			   bool enable)
1978 {
1979 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1980 
1981 	struct {
1982 		struct {
1983 			u8 band_idx;
1984 			u8 pad[3];
1985 		} __packed hdr;
1986 		struct sniffer_enable_tlv {
1987 			__le16 tag;
1988 			__le16 len;
1989 			u8 enable;
1990 			u8 pad[3];
1991 		} __packed enable;
1992 	} __packed req = {
1993 		.hdr = {
1994 			.band_idx = mvif->bss_conf.mt76.band_idx,
1995 		},
1996 		.enable = {
1997 			.tag = cpu_to_le16(UNI_SNIFFER_ENABLE),
1998 			.len = cpu_to_le16(sizeof(struct sniffer_enable_tlv)),
1999 			.enable = enable,
2000 		},
2001 	};
2002 
2003 	mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(SNIFFER), &req, sizeof(req), true);
2004 
2005 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(SNIFFER), &req, sizeof(req),
2006 				 true);
2007 }
2008 
2009 int mt7925_mcu_config_sniffer(struct mt792x_vif *vif,
2010 			      struct ieee80211_chanctx_conf *ctx)
2011 {
2012 	struct mt76_phy *mphy = vif->phy->mt76;
2013 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def : &mphy->chandef;
2014 	int freq1 = chandef->center_freq1, freq2 = chandef->center_freq2;
2015 
2016 	static const u8 ch_band[] = {
2017 		[NL80211_BAND_2GHZ] = 1,
2018 		[NL80211_BAND_5GHZ] = 2,
2019 		[NL80211_BAND_6GHZ] = 3,
2020 	};
2021 	static const u8 ch_width[] = {
2022 		[NL80211_CHAN_WIDTH_20_NOHT] = 0,
2023 		[NL80211_CHAN_WIDTH_20] = 0,
2024 		[NL80211_CHAN_WIDTH_40] = 0,
2025 		[NL80211_CHAN_WIDTH_80] = 1,
2026 		[NL80211_CHAN_WIDTH_160] = 2,
2027 		[NL80211_CHAN_WIDTH_80P80] = 3,
2028 		[NL80211_CHAN_WIDTH_5] = 4,
2029 		[NL80211_CHAN_WIDTH_10] = 5,
2030 		[NL80211_CHAN_WIDTH_320] = 6,
2031 	};
2032 
2033 	struct {
2034 		struct {
2035 			u8 band_idx;
2036 			u8 pad[3];
2037 		} __packed hdr;
2038 		struct config_tlv {
2039 			__le16 tag;
2040 			__le16 len;
2041 			u16 aid;
2042 			u8 ch_band;
2043 			u8 bw;
2044 			u8 control_ch;
2045 			u8 sco;
2046 			u8 center_ch;
2047 			u8 center_ch2;
2048 			u8 drop_err;
2049 			u8 pad[3];
2050 		} __packed tlv;
2051 	} __packed req = {
2052 		.hdr = {
2053 			.band_idx = vif->bss_conf.mt76.band_idx,
2054 		},
2055 		.tlv = {
2056 			.tag = cpu_to_le16(UNI_SNIFFER_CONFIG),
2057 			.len = cpu_to_le16(sizeof(req.tlv)),
2058 			.control_ch = chandef->chan->hw_value,
2059 			.center_ch = ieee80211_frequency_to_channel(freq1),
2060 			.drop_err = 1,
2061 		},
2062 	};
2063 
2064 	if (chandef->chan->band < ARRAY_SIZE(ch_band))
2065 		req.tlv.ch_band = ch_band[chandef->chan->band];
2066 	if (chandef->width < ARRAY_SIZE(ch_width))
2067 		req.tlv.bw = ch_width[chandef->width];
2068 
2069 	if (freq2)
2070 		req.tlv.center_ch2 = ieee80211_frequency_to_channel(freq2);
2071 
2072 	if (req.tlv.control_ch < req.tlv.center_ch)
2073 		req.tlv.sco = 1; /* SCA */
2074 	else if (req.tlv.control_ch > req.tlv.center_ch)
2075 		req.tlv.sco = 3; /* SCB */
2076 
2077 	return mt76_mcu_send_msg(mphy->dev, MCU_UNI_CMD(SNIFFER),
2078 				 &req, sizeof(req), true);
2079 }
2080 
2081 int
2082 mt7925_mcu_uni_add_beacon_offload(struct mt792x_dev *dev,
2083 				  struct ieee80211_hw *hw,
2084 				  struct ieee80211_vif *vif,
2085 				  bool enable)
2086 {
2087 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
2088 	struct ieee80211_mutable_offsets offs;
2089 	struct {
2090 		struct req_hdr {
2091 			u8 bss_idx;
2092 			u8 pad[3];
2093 		} __packed hdr;
2094 		struct bcn_content_tlv {
2095 			__le16 tag;
2096 			__le16 len;
2097 			__le16 tim_ie_pos;
2098 			__le16 csa_ie_pos;
2099 			__le16 bcc_ie_pos;
2100 			/* 0: disable beacon offload
2101 			 * 1: enable beacon offload
2102 			 * 2: update probe respond offload
2103 			 */
2104 			u8 enable;
2105 			/* 0: legacy format (TXD + payload)
2106 			 * 1: only cap field IE
2107 			 */
2108 			u8 type;
2109 			__le16 pkt_len;
2110 			u8 pkt[512];
2111 		} __packed beacon_tlv;
2112 	} req = {
2113 		.hdr = {
2114 			.bss_idx = mvif->bss_conf.mt76.idx,
2115 		},
2116 		.beacon_tlv = {
2117 			.tag = cpu_to_le16(UNI_BSS_INFO_BCN_CONTENT),
2118 			.len = cpu_to_le16(sizeof(struct bcn_content_tlv)),
2119 			.enable = enable,
2120 			.type = 1,
2121 		},
2122 	};
2123 	struct sk_buff *skb;
2124 	u8 cap_offs;
2125 
2126 	/* support enable/update process only
2127 	 * disable flow would be handled in bss stop handler automatically
2128 	 */
2129 	if (!enable)
2130 		return -EOPNOTSUPP;
2131 
2132 	skb = ieee80211_beacon_get_template(mt76_hw(dev), vif, &offs, 0);
2133 	if (!skb)
2134 		return -EINVAL;
2135 
2136 	cap_offs = offsetof(struct ieee80211_mgmt, u.beacon.capab_info);
2137 	if (!skb_pull(skb, cap_offs)) {
2138 		dev_err(dev->mt76.dev, "beacon format err\n");
2139 		dev_kfree_skb(skb);
2140 		return -EINVAL;
2141 	}
2142 
2143 	if (skb->len > 512) {
2144 		dev_err(dev->mt76.dev, "beacon size limit exceed\n");
2145 		dev_kfree_skb(skb);
2146 		return -EINVAL;
2147 	}
2148 
2149 	memcpy(req.beacon_tlv.pkt, skb->data, skb->len);
2150 	req.beacon_tlv.pkt_len = cpu_to_le16(skb->len);
2151 	offs.tim_offset -= cap_offs;
2152 	req.beacon_tlv.tim_ie_pos = cpu_to_le16(offs.tim_offset);
2153 
2154 	if (offs.cntdwn_counter_offs[0]) {
2155 		u16 csa_offs;
2156 
2157 		csa_offs = offs.cntdwn_counter_offs[0] - cap_offs - 4;
2158 		req.beacon_tlv.csa_ie_pos = cpu_to_le16(csa_offs);
2159 	}
2160 	dev_kfree_skb(skb);
2161 
2162 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
2163 				 &req, sizeof(req), true);
2164 }
2165 
2166 static
2167 void mt7925_mcu_bss_rlm_tlv(struct sk_buff *skb, struct mt76_phy *phy,
2168 			    struct ieee80211_bss_conf *link_conf,
2169 			    struct ieee80211_chanctx_conf *ctx)
2170 {
2171 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def :
2172 						  &link_conf->chanreq.oper;
2173 	int freq1 = chandef->center_freq1, freq2 = chandef->center_freq2;
2174 	enum nl80211_band band = chandef->chan->band;
2175 	struct bss_rlm_tlv *req;
2176 	struct tlv *tlv;
2177 
2178 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_RLM, sizeof(*req));
2179 	req = (struct bss_rlm_tlv *)tlv;
2180 	req->control_channel = chandef->chan->hw_value;
2181 	req->center_chan = ieee80211_frequency_to_channel(freq1);
2182 	req->center_chan2 = ieee80211_frequency_to_channel(freq2);
2183 	req->tx_streams = hweight8(phy->antenna_mask);
2184 	req->ht_op_info = 4; /* set HT 40M allowed */
2185 	req->rx_streams = hweight8(phy->antenna_mask);
2186 	req->band = band;
2187 
2188 	switch (chandef->width) {
2189 	case NL80211_CHAN_WIDTH_40:
2190 		req->bw = CMD_CBW_40MHZ;
2191 		break;
2192 	case NL80211_CHAN_WIDTH_80:
2193 		req->bw = CMD_CBW_80MHZ;
2194 		break;
2195 	case NL80211_CHAN_WIDTH_80P80:
2196 		req->bw = CMD_CBW_8080MHZ;
2197 		break;
2198 	case NL80211_CHAN_WIDTH_160:
2199 		req->bw = CMD_CBW_160MHZ;
2200 		break;
2201 	case NL80211_CHAN_WIDTH_5:
2202 		req->bw = CMD_CBW_5MHZ;
2203 		break;
2204 	case NL80211_CHAN_WIDTH_10:
2205 		req->bw = CMD_CBW_10MHZ;
2206 		break;
2207 	case NL80211_CHAN_WIDTH_20_NOHT:
2208 	case NL80211_CHAN_WIDTH_20:
2209 	default:
2210 		req->bw = CMD_CBW_20MHZ;
2211 		req->ht_op_info = 0;
2212 		break;
2213 	}
2214 
2215 	if (req->control_channel < req->center_chan)
2216 		req->sco = 1; /* SCA */
2217 	else if (req->control_channel > req->center_chan)
2218 		req->sco = 3; /* SCB */
2219 }
2220 
2221 static struct sk_buff *
2222 __mt7925_mcu_alloc_bss_req(struct mt76_dev *dev, struct mt76_vif *mvif, int len)
2223 {
2224 	struct bss_req_hdr hdr = {
2225 		.bss_idx = mvif->idx,
2226 	};
2227 	struct sk_buff *skb;
2228 
2229 	skb = mt76_mcu_msg_alloc(dev, NULL, len);
2230 	if (!skb)
2231 		return ERR_PTR(-ENOMEM);
2232 
2233 	skb_put_data(skb, &hdr, sizeof(hdr));
2234 
2235 	return skb;
2236 }
2237 
2238 int mt7925_mcu_set_chctx(struct mt76_phy *phy, struct mt76_vif *mvif,
2239 			 struct ieee80211_bss_conf *link_conf,
2240 			 struct ieee80211_chanctx_conf *ctx)
2241 {
2242 	struct sk_buff *skb;
2243 
2244 	skb = __mt7925_mcu_alloc_bss_req(phy->dev, mvif,
2245 					 MT7925_BSS_UPDATE_MAX_SIZE);
2246 	if (IS_ERR(skb))
2247 		return PTR_ERR(skb);
2248 
2249 	mt7925_mcu_bss_rlm_tlv(skb, phy, link_conf, ctx);
2250 
2251 	return mt76_mcu_skb_send_msg(phy->dev, skb,
2252 				     MCU_UNI_CMD(BSS_INFO_UPDATE), true);
2253 }
2254 
2255 static u8
2256 mt7925_get_phy_mode_ext(struct mt76_phy *phy, struct ieee80211_vif *vif,
2257 			enum nl80211_band band,
2258 			struct ieee80211_link_sta *link_sta)
2259 {
2260 	struct ieee80211_he_6ghz_capa *he_6ghz_capa;
2261 	const struct ieee80211_sta_eht_cap *eht_cap;
2262 	__le16 capa = 0;
2263 	u8 mode = 0;
2264 
2265 	if (link_sta) {
2266 		he_6ghz_capa = &link_sta->he_6ghz_capa;
2267 		eht_cap = &link_sta->eht_cap;
2268 	} else {
2269 		struct ieee80211_supported_band *sband;
2270 
2271 		sband = phy->hw->wiphy->bands[band];
2272 		capa = ieee80211_get_he_6ghz_capa(sband, vif->type);
2273 		he_6ghz_capa = (struct ieee80211_he_6ghz_capa *)&capa;
2274 
2275 		eht_cap = ieee80211_get_eht_iftype_cap(sband, vif->type);
2276 	}
2277 
2278 	switch (band) {
2279 	case NL80211_BAND_2GHZ:
2280 		if (eht_cap && eht_cap->has_eht)
2281 			mode |= PHY_MODE_BE_24G;
2282 		break;
2283 	case NL80211_BAND_5GHZ:
2284 		if (eht_cap && eht_cap->has_eht)
2285 			mode |= PHY_MODE_BE_5G;
2286 		break;
2287 	case NL80211_BAND_6GHZ:
2288 		if (he_6ghz_capa && he_6ghz_capa->capa)
2289 			mode |= PHY_MODE_AX_6G;
2290 
2291 		if (eht_cap && eht_cap->has_eht)
2292 			mode |= PHY_MODE_BE_6G;
2293 		break;
2294 	default:
2295 		break;
2296 	}
2297 
2298 	return mode;
2299 }
2300 
2301 static void
2302 mt7925_mcu_bss_basic_tlv(struct sk_buff *skb,
2303 			 struct ieee80211_bss_conf *link_conf,
2304 			 struct ieee80211_link_sta *link_sta,
2305 			 struct ieee80211_chanctx_conf *ctx,
2306 			 struct mt76_phy *phy, u16 wlan_idx,
2307 			 bool enable)
2308 {
2309 	struct ieee80211_vif *vif = link_conf->vif;
2310 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2311 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def :
2312 						  &link_conf->chanreq.oper;
2313 	enum nl80211_band band = chandef->chan->band;
2314 	struct mt76_connac_bss_basic_tlv *basic_req;
2315 	struct mt792x_link_sta *mlink;
2316 	struct tlv *tlv;
2317 	int conn_type;
2318 	u8 idx;
2319 
2320 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_BASIC, sizeof(*basic_req));
2321 	basic_req = (struct mt76_connac_bss_basic_tlv *)tlv;
2322 
2323 	idx = mconf->mt76.omac_idx > EXT_BSSID_START ? HW_BSSID_0 :
2324 						      mconf->mt76.omac_idx;
2325 	basic_req->hw_bss_idx = idx;
2326 
2327 	basic_req->phymode_ext = mt7925_get_phy_mode_ext(phy, vif, band,
2328 							 link_sta);
2329 
2330 	if (band == NL80211_BAND_2GHZ)
2331 		basic_req->nonht_basic_phy = cpu_to_le16(PHY_TYPE_ERP_INDEX);
2332 	else
2333 		basic_req->nonht_basic_phy = cpu_to_le16(PHY_TYPE_OFDM_INDEX);
2334 
2335 	memcpy(basic_req->bssid, link_conf->bssid, ETH_ALEN);
2336 	basic_req->phymode = mt76_connac_get_phy_mode(phy, vif, band, link_sta);
2337 	basic_req->bcn_interval = cpu_to_le16(link_conf->beacon_int);
2338 	basic_req->dtim_period = link_conf->dtim_period;
2339 	basic_req->bmc_tx_wlan_idx = cpu_to_le16(wlan_idx);
2340 	basic_req->link_idx = mconf->mt76.idx;
2341 
2342 	if (link_sta) {
2343 		struct mt792x_sta *msta;
2344 
2345 		msta = (struct mt792x_sta *)link_sta->sta->drv_priv;
2346 		mlink = mt792x_sta_to_link(msta, link_sta->link_id);
2347 
2348 	} else {
2349 		mlink = &mconf->vif->sta.deflink;
2350 	}
2351 
2352 	basic_req->sta_idx = cpu_to_le16(mlink->wcid.idx);
2353 	basic_req->omac_idx = mconf->mt76.omac_idx;
2354 	basic_req->band_idx = mconf->mt76.band_idx;
2355 	basic_req->wmm_idx = mconf->mt76.wmm_idx;
2356 	basic_req->conn_state = !enable;
2357 
2358 	switch (vif->type) {
2359 	case NL80211_IFTYPE_MESH_POINT:
2360 	case NL80211_IFTYPE_AP:
2361 		if (vif->p2p)
2362 			conn_type = CONNECTION_P2P_GO;
2363 		else
2364 			conn_type = CONNECTION_INFRA_AP;
2365 		basic_req->conn_type = cpu_to_le32(conn_type);
2366 		basic_req->active = enable;
2367 		break;
2368 	case NL80211_IFTYPE_STATION:
2369 		if (vif->p2p)
2370 			conn_type = CONNECTION_P2P_GC;
2371 		else
2372 			conn_type = CONNECTION_INFRA_STA;
2373 		basic_req->conn_type = cpu_to_le32(conn_type);
2374 		basic_req->active = true;
2375 		break;
2376 	case NL80211_IFTYPE_ADHOC:
2377 		basic_req->conn_type = cpu_to_le32(CONNECTION_IBSS_ADHOC);
2378 		basic_req->active = true;
2379 		break;
2380 	default:
2381 		WARN_ON(1);
2382 		break;
2383 	}
2384 }
2385 
2386 static void
2387 mt7925_mcu_bss_sec_tlv(struct sk_buff *skb,
2388 		       struct ieee80211_bss_conf *link_conf)
2389 {
2390 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2391 	struct mt76_vif *mvif = &mconf->mt76;
2392 	struct bss_sec_tlv {
2393 		__le16 tag;
2394 		__le16 len;
2395 		u8 mode;
2396 		u8 status;
2397 		u8 cipher;
2398 		u8 __rsv;
2399 	} __packed * sec;
2400 	struct tlv *tlv;
2401 
2402 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_SEC, sizeof(*sec));
2403 	sec = (struct bss_sec_tlv *)tlv;
2404 
2405 	switch (mvif->cipher) {
2406 	case CONNAC3_CIPHER_GCMP_256:
2407 	case CONNAC3_CIPHER_GCMP:
2408 		sec->mode = MODE_WPA3_SAE;
2409 		sec->status = 8;
2410 		break;
2411 	case CONNAC3_CIPHER_AES_CCMP:
2412 		sec->mode = MODE_WPA2_PSK;
2413 		sec->status = 6;
2414 		break;
2415 	case CONNAC3_CIPHER_TKIP:
2416 		sec->mode = MODE_WPA2_PSK;
2417 		sec->status = 4;
2418 		break;
2419 	case CONNAC3_CIPHER_WEP104:
2420 	case CONNAC3_CIPHER_WEP40:
2421 		sec->mode = MODE_SHARED;
2422 		sec->status = 0;
2423 		break;
2424 	default:
2425 		sec->mode = MODE_OPEN;
2426 		sec->status = 1;
2427 		break;
2428 	}
2429 
2430 	sec->cipher = mvif->cipher;
2431 }
2432 
2433 static void
2434 mt7925_mcu_bss_bmc_tlv(struct sk_buff *skb, struct mt792x_phy *phy,
2435 		       struct ieee80211_chanctx_conf *ctx,
2436 		       struct ieee80211_bss_conf *link_conf)
2437 {
2438 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def :
2439 						  &link_conf->chanreq.oper;
2440 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2441 	enum nl80211_band band = chandef->chan->band;
2442 	struct mt76_vif *mvif = &mconf->mt76;
2443 	struct bss_rate_tlv *bmc;
2444 	struct tlv *tlv;
2445 	u8 idx = mvif->mcast_rates_idx ?
2446 		 mvif->mcast_rates_idx : mvif->basic_rates_idx;
2447 
2448 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_RATE, sizeof(*bmc));
2449 
2450 	bmc = (struct bss_rate_tlv *)tlv;
2451 
2452 	if (band == NL80211_BAND_2GHZ)
2453 		bmc->basic_rate = cpu_to_le16(HR_DSSS_ERP_BASIC_RATE);
2454 	else
2455 		bmc->basic_rate = cpu_to_le16(OFDM_BASIC_RATE);
2456 
2457 	bmc->short_preamble = (band == NL80211_BAND_2GHZ);
2458 	bmc->bc_fixed_rate = idx;
2459 	bmc->mc_fixed_rate = idx;
2460 }
2461 
2462 static void
2463 mt7925_mcu_bss_mld_tlv(struct sk_buff *skb,
2464 		       struct ieee80211_bss_conf *link_conf)
2465 {
2466 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2467 	struct mt792x_vif *mvif = (struct mt792x_vif *)link_conf->vif->drv_priv;
2468 	struct bss_mld_tlv *mld;
2469 	struct tlv *tlv;
2470 	bool is_mld;
2471 
2472 	is_mld = ieee80211_vif_is_mld(link_conf->vif) ||
2473 		 (hweight16(mvif->valid_links) > 1);
2474 
2475 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_MLD, sizeof(*mld));
2476 	mld = (struct bss_mld_tlv *)tlv;
2477 
2478 	mld->link_id = is_mld ? link_conf->link_id : 0xff;
2479 	/* apply the index of the primary link */
2480 	mld->group_mld_id = is_mld ? mvif->bss_conf.mt76.idx : 0xff;
2481 	mld->own_mld_id = mconf->mt76.idx + 32;
2482 	mld->remap_idx = 0xff;
2483 	mld->eml_enable = !!(link_conf->vif->cfg.eml_cap &
2484 			     IEEE80211_EML_CAP_EMLSR_SUPP);
2485 
2486 	memcpy(mld->mac_addr, link_conf->addr, ETH_ALEN);
2487 }
2488 
2489 static void
2490 mt7925_mcu_bss_qos_tlv(struct sk_buff *skb, struct ieee80211_bss_conf *link_conf)
2491 {
2492 	struct mt76_connac_bss_qos_tlv *qos;
2493 	struct tlv *tlv;
2494 
2495 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_QBSS, sizeof(*qos));
2496 	qos = (struct mt76_connac_bss_qos_tlv *)tlv;
2497 	qos->qos = link_conf->qos;
2498 }
2499 
2500 static void
2501 mt7925_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_bss_conf *link_conf,
2502 		      struct mt792x_phy *phy)
2503 {
2504 #define DEFAULT_HE_PE_DURATION		4
2505 #define DEFAULT_HE_DURATION_RTS_THRES	1023
2506 	const struct ieee80211_sta_he_cap *cap;
2507 	struct bss_info_uni_he *he;
2508 	struct tlv *tlv;
2509 
2510 	cap = mt76_connac_get_he_phy_cap(phy->mt76, link_conf->vif);
2511 
2512 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_HE_BASIC, sizeof(*he));
2513 
2514 	he = (struct bss_info_uni_he *)tlv;
2515 	he->he_pe_duration = link_conf->htc_trig_based_pkt_ext;
2516 	if (!he->he_pe_duration)
2517 		he->he_pe_duration = DEFAULT_HE_PE_DURATION;
2518 
2519 	he->he_rts_thres = cpu_to_le16(link_conf->frame_time_rts_th);
2520 	if (!he->he_rts_thres)
2521 		he->he_rts_thres = cpu_to_le16(DEFAULT_HE_DURATION_RTS_THRES);
2522 
2523 	he->max_nss_mcs[CMD_HE_MCS_BW80] = cap->he_mcs_nss_supp.tx_mcs_80;
2524 	he->max_nss_mcs[CMD_HE_MCS_BW160] = cap->he_mcs_nss_supp.tx_mcs_160;
2525 	he->max_nss_mcs[CMD_HE_MCS_BW8080] = cap->he_mcs_nss_supp.tx_mcs_80p80;
2526 }
2527 
2528 static void
2529 mt7925_mcu_bss_color_tlv(struct sk_buff *skb, struct ieee80211_bss_conf *link_conf,
2530 			 bool enable)
2531 {
2532 	struct bss_info_uni_bss_color *color;
2533 	struct tlv *tlv;
2534 
2535 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_BSS_COLOR, sizeof(*color));
2536 	color = (struct bss_info_uni_bss_color *)tlv;
2537 
2538 	color->enable = enable ?
2539 		link_conf->he_bss_color.enabled : 0;
2540 	color->bss_color = enable ?
2541 		link_conf->he_bss_color.color : 0;
2542 }
2543 
2544 static void
2545 mt7925_mcu_bss_ifs_tlv(struct sk_buff *skb,
2546 		       struct ieee80211_bss_conf *link_conf)
2547 {
2548 	struct mt792x_vif *mvif = (struct mt792x_vif *)link_conf->vif->drv_priv;
2549 	struct mt792x_phy *phy = mvif->phy;
2550 	struct bss_ifs_time_tlv *ifs_time;
2551 	struct tlv *tlv;
2552 
2553 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_IFS_TIME, sizeof(*ifs_time));
2554 	ifs_time = (struct bss_ifs_time_tlv *)tlv;
2555 	ifs_time->slot_valid = true;
2556 	ifs_time->slot_time = cpu_to_le16(phy->slottime);
2557 }
2558 
2559 int mt7925_mcu_set_timing(struct mt792x_phy *phy,
2560 			  struct ieee80211_bss_conf *link_conf)
2561 {
2562 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2563 	struct mt792x_dev *dev = phy->dev;
2564 	struct sk_buff *skb;
2565 
2566 	skb = __mt7925_mcu_alloc_bss_req(&dev->mt76, &mconf->mt76,
2567 					 MT7925_BSS_UPDATE_MAX_SIZE);
2568 	if (IS_ERR(skb))
2569 		return PTR_ERR(skb);
2570 
2571 	mt7925_mcu_bss_ifs_tlv(skb, link_conf);
2572 
2573 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2574 				     MCU_UNI_CMD(BSS_INFO_UPDATE), true);
2575 }
2576 
2577 int mt7925_mcu_add_bss_info(struct mt792x_phy *phy,
2578 			    struct ieee80211_chanctx_conf *ctx,
2579 			    struct ieee80211_bss_conf *link_conf,
2580 			    struct ieee80211_link_sta *link_sta,
2581 			    int enable)
2582 {
2583 	struct mt792x_vif *mvif = (struct mt792x_vif *)link_conf->vif->drv_priv;
2584 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2585 	struct mt792x_dev *dev = phy->dev;
2586 	struct mt792x_link_sta *mlink_bc;
2587 	struct sk_buff *skb;
2588 
2589 	skb = __mt7925_mcu_alloc_bss_req(&dev->mt76, &mconf->mt76,
2590 					 MT7925_BSS_UPDATE_MAX_SIZE);
2591 	if (IS_ERR(skb))
2592 		return PTR_ERR(skb);
2593 
2594 	mlink_bc = mt792x_sta_to_link(&mvif->sta, mconf->link_id);
2595 
2596 	/* bss_basic must be first */
2597 	mt7925_mcu_bss_basic_tlv(skb, link_conf, link_sta, ctx, phy->mt76,
2598 				 mlink_bc->wcid.idx, enable);
2599 	mt7925_mcu_bss_sec_tlv(skb, link_conf);
2600 	mt7925_mcu_bss_bmc_tlv(skb, phy, ctx, link_conf);
2601 	mt7925_mcu_bss_qos_tlv(skb, link_conf);
2602 	mt7925_mcu_bss_mld_tlv(skb, link_conf);
2603 	mt7925_mcu_bss_ifs_tlv(skb, link_conf);
2604 
2605 	if (link_conf->he_support) {
2606 		mt7925_mcu_bss_he_tlv(skb, link_conf, phy);
2607 		mt7925_mcu_bss_color_tlv(skb, link_conf, enable);
2608 	}
2609 
2610 	if (enable)
2611 		mt7925_mcu_bss_rlm_tlv(skb, phy->mt76, link_conf, ctx);
2612 
2613 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2614 				     MCU_UNI_CMD(BSS_INFO_UPDATE), true);
2615 }
2616 
2617 int mt7925_mcu_set_dbdc(struct mt76_phy *phy)
2618 {
2619 	struct mt76_dev *mdev = phy->dev;
2620 
2621 	struct mbmc_conf_tlv *conf;
2622 	struct mbmc_set_req *hdr;
2623 	struct sk_buff *skb;
2624 	struct tlv *tlv;
2625 	int max_len, err;
2626 
2627 	max_len = sizeof(*hdr) + sizeof(*conf);
2628 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2629 	if (!skb)
2630 		return -ENOMEM;
2631 
2632 	hdr = (struct mbmc_set_req *)skb_put(skb, sizeof(*hdr));
2633 
2634 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_MBMC_SETTING, sizeof(*conf));
2635 	conf = (struct mbmc_conf_tlv *)tlv;
2636 
2637 	conf->mbmc_en = 1;
2638 	conf->band = 0; /* unused */
2639 
2640 	err = mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SET_DBDC_PARMS),
2641 				    false);
2642 
2643 	return err;
2644 }
2645 
2646 #define MT76_CONNAC_SCAN_CHANNEL_TIME		60
2647 
2648 int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif,
2649 		       struct ieee80211_scan_request *scan_req)
2650 {
2651 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2652 	struct cfg80211_scan_request *sreq = &scan_req->req;
2653 	int n_ssids = 0, err, i, duration;
2654 	struct ieee80211_channel **scan_list = sreq->channels;
2655 	struct mt76_dev *mdev = phy->dev;
2656 	struct mt76_connac_mcu_scan_channel *chan;
2657 	struct sk_buff *skb;
2658 
2659 	struct scan_hdr_tlv *hdr;
2660 	struct scan_req_tlv *req;
2661 	struct scan_ssid_tlv *ssid;
2662 	struct scan_bssid_tlv *bssid;
2663 	struct scan_chan_info_tlv *chan_info;
2664 	struct scan_ie_tlv *ie;
2665 	struct scan_misc_tlv *misc;
2666 	struct tlv *tlv;
2667 	int max_len;
2668 
2669 	max_len = sizeof(*hdr) + sizeof(*req) + sizeof(*ssid) +
2670 				sizeof(*bssid) + sizeof(*chan_info) +
2671 				sizeof(*misc) + sizeof(*ie);
2672 
2673 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2674 	if (!skb)
2675 		return -ENOMEM;
2676 
2677 	set_bit(MT76_HW_SCANNING, &phy->state);
2678 	mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
2679 
2680 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
2681 	hdr->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
2682 	hdr->bss_idx = mvif->idx;
2683 
2684 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_REQ, sizeof(*req));
2685 	req = (struct scan_req_tlv *)tlv;
2686 	req->scan_type = sreq->n_ssids ? 1 : 0;
2687 	req->probe_req_num = sreq->n_ssids ? 2 : 0;
2688 
2689 	duration = MT76_CONNAC_SCAN_CHANNEL_TIME;
2690 	/* increase channel time for passive scan */
2691 	if (!sreq->n_ssids)
2692 		duration *= 2;
2693 	req->timeout_value = cpu_to_le16(sreq->n_channels * duration);
2694 	req->channel_min_dwell_time = cpu_to_le16(duration);
2695 	req->channel_dwell_time = cpu_to_le16(duration);
2696 
2697 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID, sizeof(*ssid));
2698 	ssid = (struct scan_ssid_tlv *)tlv;
2699 	for (i = 0; i < sreq->n_ssids; i++) {
2700 		if (!sreq->ssids[i].ssid_len)
2701 			continue;
2702 
2703 		ssid->ssids[i].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len);
2704 		memcpy(ssid->ssids[i].ssid, sreq->ssids[i].ssid,
2705 		       sreq->ssids[i].ssid_len);
2706 		n_ssids++;
2707 	}
2708 	ssid->ssid_type = n_ssids ? BIT(2) : BIT(0);
2709 	ssid->ssids_num = n_ssids;
2710 
2711 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_BSSID, sizeof(*bssid));
2712 	bssid = (struct scan_bssid_tlv *)tlv;
2713 
2714 	memcpy(bssid->bssid, sreq->bssid, ETH_ALEN);
2715 
2716 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_CHANNEL, sizeof(*chan_info));
2717 	chan_info = (struct scan_chan_info_tlv *)tlv;
2718 	chan_info->channels_num = min_t(u8, sreq->n_channels,
2719 					ARRAY_SIZE(chan_info->channels));
2720 	for (i = 0; i < chan_info->channels_num; i++) {
2721 		chan = &chan_info->channels[i];
2722 
2723 		switch (scan_list[i]->band) {
2724 		case NL80211_BAND_2GHZ:
2725 			chan->band = 1;
2726 			break;
2727 		case NL80211_BAND_6GHZ:
2728 			chan->band = 3;
2729 			break;
2730 		default:
2731 			chan->band = 2;
2732 			break;
2733 		}
2734 		chan->channel_num = scan_list[i]->hw_value;
2735 	}
2736 	chan_info->channel_type = sreq->n_channels ? 4 : 0;
2737 
2738 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie));
2739 	ie = (struct scan_ie_tlv *)tlv;
2740 	if (sreq->ie_len > 0) {
2741 		memcpy(ie->ies, sreq->ie, sreq->ie_len);
2742 		ie->ies_len = cpu_to_le16(sreq->ie_len);
2743 	}
2744 
2745 	req->scan_func |= SCAN_FUNC_SPLIT_SCAN;
2746 
2747 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_MISC, sizeof(*misc));
2748 	misc = (struct scan_misc_tlv *)tlv;
2749 	if (sreq->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
2750 		get_random_mask_addr(misc->random_mac, sreq->mac_addr,
2751 				     sreq->mac_addr_mask);
2752 		req->scan_func |= SCAN_FUNC_RANDOM_MAC;
2753 	}
2754 
2755 	err = mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
2756 				    false);
2757 	if (err < 0)
2758 		clear_bit(MT76_HW_SCANNING, &phy->state);
2759 
2760 	return err;
2761 }
2762 EXPORT_SYMBOL_GPL(mt7925_mcu_hw_scan);
2763 
2764 int mt7925_mcu_sched_scan_req(struct mt76_phy *phy,
2765 			      struct ieee80211_vif *vif,
2766 			      struct cfg80211_sched_scan_request *sreq)
2767 {
2768 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2769 	struct ieee80211_channel **scan_list = sreq->channels;
2770 	struct mt76_connac_mcu_scan_channel *chan;
2771 	struct mt76_dev *mdev = phy->dev;
2772 	struct cfg80211_match_set *cfg_match;
2773 	struct cfg80211_ssid *cfg_ssid;
2774 
2775 	struct scan_hdr_tlv *hdr;
2776 	struct scan_sched_req *req;
2777 	struct scan_ssid_tlv *ssid;
2778 	struct scan_chan_info_tlv *chan_info;
2779 	struct scan_ie_tlv *ie;
2780 	struct scan_sched_ssid_match_sets *match;
2781 	struct sk_buff *skb;
2782 	struct tlv *tlv;
2783 	int i, max_len;
2784 
2785 	max_len = sizeof(*hdr) + sizeof(*req) + sizeof(*ssid) +
2786 		  sizeof(*chan_info) + sizeof(*ie) +
2787 		  sizeof(*match);
2788 
2789 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2790 	if (!skb)
2791 		return -ENOMEM;
2792 
2793 	mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
2794 
2795 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
2796 	hdr->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
2797 	hdr->bss_idx = mvif->idx;
2798 
2799 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SCHED_REQ, sizeof(*req));
2800 	req = (struct scan_sched_req *)tlv;
2801 	req->version = 1;
2802 
2803 	if (sreq->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
2804 		req->scan_func |= SCAN_FUNC_RANDOM_MAC;
2805 
2806 	req->intervals_num = sreq->n_scan_plans;
2807 	for (i = 0; i < req->intervals_num; i++)
2808 		req->intervals[i] = cpu_to_le16(sreq->scan_plans[i].interval);
2809 
2810 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID, sizeof(*ssid));
2811 	ssid = (struct scan_ssid_tlv *)tlv;
2812 
2813 	ssid->ssids_num = sreq->n_ssids;
2814 	ssid->ssid_type = BIT(2);
2815 	for (i = 0; i < ssid->ssids_num; i++) {
2816 		cfg_ssid = &sreq->ssids[i];
2817 		memcpy(ssid->ssids[i].ssid, cfg_ssid->ssid, cfg_ssid->ssid_len);
2818 		ssid->ssids[i].ssid_len = cpu_to_le32(cfg_ssid->ssid_len);
2819 	}
2820 
2821 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID_MATCH_SETS, sizeof(*match));
2822 	match = (struct scan_sched_ssid_match_sets *)tlv;
2823 	match->match_num = sreq->n_match_sets;
2824 	for (i = 0; i < match->match_num; i++) {
2825 		cfg_match = &sreq->match_sets[i];
2826 		memcpy(match->match[i].ssid, cfg_match->ssid.ssid,
2827 		       cfg_match->ssid.ssid_len);
2828 		match->match[i].rssi_th = cpu_to_le32(cfg_match->rssi_thold);
2829 		match->match[i].ssid_len = cfg_match->ssid.ssid_len;
2830 	}
2831 
2832 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_CHANNEL, sizeof(*chan_info));
2833 	chan_info = (struct scan_chan_info_tlv *)tlv;
2834 	chan_info->channels_num = min_t(u8, sreq->n_channels,
2835 					ARRAY_SIZE(chan_info->channels));
2836 	for (i = 0; i < chan_info->channels_num; i++) {
2837 		chan = &chan_info->channels[i];
2838 
2839 		switch (scan_list[i]->band) {
2840 		case NL80211_BAND_2GHZ:
2841 			chan->band = 1;
2842 			break;
2843 		case NL80211_BAND_6GHZ:
2844 			chan->band = 3;
2845 			break;
2846 		default:
2847 			chan->band = 2;
2848 			break;
2849 		}
2850 		chan->channel_num = scan_list[i]->hw_value;
2851 	}
2852 	chan_info->channel_type = sreq->n_channels ? 4 : 0;
2853 
2854 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie));
2855 	ie = (struct scan_ie_tlv *)tlv;
2856 	if (sreq->ie_len > 0) {
2857 		memcpy(ie->ies, sreq->ie, sreq->ie_len);
2858 		ie->ies_len = cpu_to_le16(sreq->ie_len);
2859 	}
2860 
2861 	return mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
2862 				     false);
2863 }
2864 EXPORT_SYMBOL_GPL(mt7925_mcu_sched_scan_req);
2865 
2866 int
2867 mt7925_mcu_sched_scan_enable(struct mt76_phy *phy,
2868 			     struct ieee80211_vif *vif,
2869 			     bool enable)
2870 {
2871 	struct mt76_dev *mdev = phy->dev;
2872 	struct scan_sched_enable *req;
2873 	struct scan_hdr_tlv *hdr;
2874 	struct sk_buff *skb;
2875 	struct tlv *tlv;
2876 	int max_len;
2877 
2878 	max_len = sizeof(*hdr) + sizeof(*req);
2879 
2880 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2881 	if (!skb)
2882 		return -ENOMEM;
2883 
2884 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
2885 	hdr->seq_num = 0;
2886 	hdr->bss_idx = 0;
2887 
2888 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SCHED_ENABLE, sizeof(*req));
2889 	req = (struct scan_sched_enable *)tlv;
2890 	req->active = !enable;
2891 
2892 	if (enable)
2893 		set_bit(MT76_HW_SCHED_SCANNING, &phy->state);
2894 	else
2895 		clear_bit(MT76_HW_SCHED_SCANNING, &phy->state);
2896 
2897 	return mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
2898 				     false);
2899 }
2900 
2901 int mt7925_mcu_cancel_hw_scan(struct mt76_phy *phy,
2902 			      struct ieee80211_vif *vif)
2903 {
2904 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2905 	struct {
2906 		struct scan_hdr {
2907 			u8 seq_num;
2908 			u8 bss_idx;
2909 			u8 pad[2];
2910 		} __packed hdr;
2911 		struct scan_cancel_tlv {
2912 			__le16 tag;
2913 			__le16 len;
2914 			u8 is_ext_channel;
2915 			u8 rsv[3];
2916 		} __packed cancel;
2917 	} req = {
2918 		.hdr = {
2919 			.seq_num = mvif->scan_seq_num,
2920 			.bss_idx = mvif->idx,
2921 		},
2922 		.cancel = {
2923 			.tag = cpu_to_le16(UNI_SCAN_CANCEL),
2924 			.len = cpu_to_le16(sizeof(struct scan_cancel_tlv)),
2925 		},
2926 	};
2927 
2928 	if (test_and_clear_bit(MT76_HW_SCANNING, &phy->state)) {
2929 		struct cfg80211_scan_info info = {
2930 			.aborted = true,
2931 		};
2932 
2933 		ieee80211_scan_completed(phy->hw, &info);
2934 	}
2935 
2936 	return mt76_mcu_send_msg(phy->dev, MCU_UNI_CMD(SCAN_REQ),
2937 				 &req, sizeof(req), false);
2938 }
2939 EXPORT_SYMBOL_GPL(mt7925_mcu_cancel_hw_scan);
2940 
2941 int mt7925_mcu_set_channel_domain(struct mt76_phy *phy)
2942 {
2943 	int len, i, n_max_channels, n_2ch = 0, n_5ch = 0, n_6ch = 0;
2944 	struct {
2945 		struct {
2946 			u8 alpha2[4]; /* regulatory_request.alpha2 */
2947 			u8 bw_2g; /* BW_20_40M		0
2948 				   * BW_20M		1
2949 				   * BW_20_40_80M	2
2950 				   * BW_20_40_80_160M	3
2951 				   * BW_20_40_80_8080M	4
2952 				   */
2953 			u8 bw_5g;
2954 			u8 bw_6g;
2955 			u8 pad;
2956 		} __packed hdr;
2957 		struct n_chan {
2958 			__le16 tag;
2959 			__le16 len;
2960 			u8 n_2ch;
2961 			u8 n_5ch;
2962 			u8 n_6ch;
2963 			u8 pad;
2964 		} __packed n_ch;
2965 	} req = {
2966 		.hdr = {
2967 			.bw_2g = 0,
2968 			.bw_5g = 3, /* BW_20_40_80_160M */
2969 			.bw_6g = 3,
2970 		},
2971 		.n_ch = {
2972 			.tag = cpu_to_le16(2),
2973 		},
2974 	};
2975 	struct mt76_connac_mcu_chan {
2976 		__le16 hw_value;
2977 		__le16 pad;
2978 		__le32 flags;
2979 	} __packed channel;
2980 	struct mt76_dev *dev = phy->dev;
2981 	struct ieee80211_channel *chan;
2982 	struct sk_buff *skb;
2983 
2984 	n_max_channels = phy->sband_2g.sband.n_channels +
2985 			 phy->sband_5g.sband.n_channels +
2986 			 phy->sband_6g.sband.n_channels;
2987 	len = sizeof(req) + n_max_channels * sizeof(channel);
2988 
2989 	skb = mt76_mcu_msg_alloc(dev, NULL, len);
2990 	if (!skb)
2991 		return -ENOMEM;
2992 
2993 	skb_reserve(skb, sizeof(req));
2994 
2995 	for (i = 0; i < phy->sband_2g.sband.n_channels; i++) {
2996 		chan = &phy->sband_2g.sband.channels[i];
2997 		if (chan->flags & IEEE80211_CHAN_DISABLED)
2998 			continue;
2999 
3000 		channel.hw_value = cpu_to_le16(chan->hw_value);
3001 		channel.flags = cpu_to_le32(chan->flags);
3002 		channel.pad = 0;
3003 
3004 		skb_put_data(skb, &channel, sizeof(channel));
3005 		n_2ch++;
3006 	}
3007 	for (i = 0; i < phy->sband_5g.sband.n_channels; i++) {
3008 		chan = &phy->sband_5g.sband.channels[i];
3009 		if (chan->flags & IEEE80211_CHAN_DISABLED)
3010 			continue;
3011 
3012 		channel.hw_value = cpu_to_le16(chan->hw_value);
3013 		channel.flags = cpu_to_le32(chan->flags);
3014 		channel.pad = 0;
3015 
3016 		skb_put_data(skb, &channel, sizeof(channel));
3017 		n_5ch++;
3018 	}
3019 	for (i = 0; i < phy->sband_6g.sband.n_channels; i++) {
3020 		chan = &phy->sband_6g.sband.channels[i];
3021 		if (chan->flags & IEEE80211_CHAN_DISABLED)
3022 			continue;
3023 
3024 		channel.hw_value = cpu_to_le16(chan->hw_value);
3025 		channel.flags = cpu_to_le32(chan->flags);
3026 		channel.pad = 0;
3027 
3028 		skb_put_data(skb, &channel, sizeof(channel));
3029 		n_6ch++;
3030 	}
3031 
3032 	BUILD_BUG_ON(sizeof(dev->alpha2) > sizeof(req.hdr.alpha2));
3033 	memcpy(req.hdr.alpha2, dev->alpha2, sizeof(dev->alpha2));
3034 	req.n_ch.n_2ch = n_2ch;
3035 	req.n_ch.n_5ch = n_5ch;
3036 	req.n_ch.n_6ch = n_6ch;
3037 	len = sizeof(struct n_chan) + (n_2ch + n_5ch + n_6ch) * sizeof(channel);
3038 	req.n_ch.len = cpu_to_le16(len);
3039 	memcpy(__skb_push(skb, sizeof(req)), &req, sizeof(req));
3040 
3041 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(SET_DOMAIN_INFO),
3042 				     false);
3043 }
3044 EXPORT_SYMBOL_GPL(mt7925_mcu_set_channel_domain);
3045 
3046 static int
3047 __mt7925_mcu_set_clc(struct mt792x_dev *dev, u8 *alpha2,
3048 		     enum environment_cap env_cap,
3049 		     struct mt7925_clc *clc, u8 idx)
3050 {
3051 	struct mt7925_clc_segment *seg;
3052 	struct sk_buff *skb;
3053 	struct {
3054 		u8 rsv[4];
3055 		__le16 tag;
3056 		__le16 len;
3057 
3058 		u8 ver;
3059 		u8 pad0;
3060 		__le16 size;
3061 		u8 idx;
3062 		u8 env;
3063 		u8 acpi_conf;
3064 		u8 pad1;
3065 		u8 alpha2[2];
3066 		u8 type[2];
3067 		u8 rsvd[64];
3068 	} __packed req = {
3069 		.tag = cpu_to_le16(0x3),
3070 		.len = cpu_to_le16(sizeof(req) - 4),
3071 
3072 		.idx = idx,
3073 		.env = env_cap,
3074 		.acpi_conf = mt792x_acpi_get_flags(&dev->phy),
3075 	};
3076 	int ret, valid_cnt = 0;
3077 	u8 i, *pos;
3078 
3079 	if (!clc)
3080 		return 0;
3081 
3082 	pos = clc->data + sizeof(*seg) * clc->nr_seg;
3083 	for (i = 0; i < clc->nr_country; i++) {
3084 		struct mt7925_clc_rule *rule = (struct mt7925_clc_rule *)pos;
3085 
3086 		pos += sizeof(*rule);
3087 		if (rule->alpha2[0] != alpha2[0] ||
3088 		    rule->alpha2[1] != alpha2[1])
3089 			continue;
3090 
3091 		seg = (struct mt7925_clc_segment *)clc->data
3092 			  + rule->seg_idx - 1;
3093 
3094 		memcpy(req.alpha2, rule->alpha2, 2);
3095 		memcpy(req.type, rule->type, 2);
3096 
3097 		req.size = cpu_to_le16(seg->len);
3098 		skb = __mt76_mcu_msg_alloc(&dev->mt76, &req,
3099 					   le16_to_cpu(req.size) + sizeof(req),
3100 					   sizeof(req), GFP_KERNEL);
3101 		if (!skb)
3102 			return -ENOMEM;
3103 		skb_put_data(skb, clc->data + seg->offset, seg->len);
3104 
3105 		ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
3106 					    MCU_UNI_CMD(SET_POWER_LIMIT),
3107 					    true);
3108 		if (ret < 0)
3109 			return ret;
3110 		valid_cnt++;
3111 	}
3112 
3113 	if (!valid_cnt)
3114 		return -ENOENT;
3115 
3116 	return 0;
3117 }
3118 
3119 int mt7925_mcu_set_clc(struct mt792x_dev *dev, u8 *alpha2,
3120 		       enum environment_cap env_cap)
3121 {
3122 	struct mt792x_phy *phy = (struct mt792x_phy *)&dev->phy;
3123 	int i, ret;
3124 
3125 	/* submit all clc config */
3126 	for (i = 0; i < ARRAY_SIZE(phy->clc); i++) {
3127 		ret = __mt7925_mcu_set_clc(dev, alpha2, env_cap,
3128 					   phy->clc[i], i);
3129 
3130 		/* If no country found, set "00" as default */
3131 		if (ret == -ENOENT)
3132 			ret = __mt7925_mcu_set_clc(dev, "00",
3133 						   ENVIRON_INDOOR,
3134 						   phy->clc[i], i);
3135 		if (ret < 0)
3136 			return ret;
3137 	}
3138 	return 0;
3139 }
3140 
3141 int mt7925_mcu_fill_message(struct mt76_dev *mdev, struct sk_buff *skb,
3142 			    int cmd, int *wait_seq)
3143 {
3144 	int txd_len, mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
3145 	struct mt76_connac2_mcu_uni_txd *uni_txd;
3146 	struct mt76_connac2_mcu_txd *mcu_txd;
3147 	__le32 *txd;
3148 	u32 val;
3149 	u8 seq;
3150 
3151 	/* TODO: make dynamic based on msg type */
3152 	mdev->mcu.timeout = 20 * HZ;
3153 
3154 	seq = ++mdev->mcu.msg_seq & 0xf;
3155 	if (!seq)
3156 		seq = ++mdev->mcu.msg_seq & 0xf;
3157 
3158 	if (cmd == MCU_CMD(FW_SCATTER))
3159 		goto exit;
3160 
3161 	txd_len = cmd & __MCU_CMD_FIELD_UNI ? sizeof(*uni_txd) : sizeof(*mcu_txd);
3162 	txd = (__le32 *)skb_push(skb, txd_len);
3163 
3164 	val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len) |
3165 	      FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CMD) |
3166 	      FIELD_PREP(MT_TXD0_Q_IDX, MT_TX_MCU_PORT_RX_Q0);
3167 	txd[0] = cpu_to_le32(val);
3168 
3169 	val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD);
3170 	txd[1] = cpu_to_le32(val);
3171 
3172 	if (cmd & __MCU_CMD_FIELD_UNI) {
3173 		uni_txd = (struct mt76_connac2_mcu_uni_txd *)txd;
3174 		uni_txd->len = cpu_to_le16(skb->len - sizeof(uni_txd->txd));
3175 		uni_txd->cid = cpu_to_le16(mcu_cmd);
3176 		uni_txd->s2d_index = MCU_S2D_H2N;
3177 		uni_txd->pkt_type = MCU_PKT_ID;
3178 		uni_txd->seq = seq;
3179 
3180 		if (cmd & __MCU_CMD_FIELD_QUERY)
3181 			uni_txd->option = MCU_CMD_UNI_QUERY_ACK;
3182 		else
3183 			uni_txd->option = MCU_CMD_UNI_EXT_ACK;
3184 
3185 		goto exit;
3186 	}
3187 
3188 	mcu_txd = (struct mt76_connac2_mcu_txd *)txd;
3189 	mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
3190 	mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU,
3191 					       MT_TX_MCU_PORT_RX_Q0));
3192 	mcu_txd->pkt_type = MCU_PKT_ID;
3193 	mcu_txd->seq = seq;
3194 	mcu_txd->cid = mcu_cmd;
3195 	mcu_txd->ext_cid = FIELD_GET(__MCU_CMD_FIELD_EXT_ID, cmd);
3196 
3197 	if (mcu_txd->ext_cid || (cmd & __MCU_CMD_FIELD_CE)) {
3198 		if (cmd & __MCU_CMD_FIELD_QUERY)
3199 			mcu_txd->set_query = MCU_Q_QUERY;
3200 		else
3201 			mcu_txd->set_query = MCU_Q_SET;
3202 		mcu_txd->ext_cid_ack = !!mcu_txd->ext_cid;
3203 	} else {
3204 		mcu_txd->set_query = MCU_Q_NA;
3205 	}
3206 
3207 	if (cmd & __MCU_CMD_FIELD_WA)
3208 		mcu_txd->s2d_index = MCU_S2D_H2C;
3209 	else
3210 		mcu_txd->s2d_index = MCU_S2D_H2N;
3211 
3212 exit:
3213 	if (wait_seq)
3214 		*wait_seq = seq;
3215 
3216 	return 0;
3217 }
3218 EXPORT_SYMBOL_GPL(mt7925_mcu_fill_message);
3219 
3220 int mt7925_mcu_set_rts_thresh(struct mt792x_phy *phy, u32 val)
3221 {
3222 	struct {
3223 		u8 band_idx;
3224 		u8 _rsv[3];
3225 
3226 		__le16 tag;
3227 		__le16 len;
3228 		__le32 len_thresh;
3229 		__le32 pkt_thresh;
3230 	} __packed req = {
3231 		.band_idx = phy->mt76->band_idx,
3232 		.tag = cpu_to_le16(UNI_BAND_CONFIG_RTS_THRESHOLD),
3233 		.len = cpu_to_le16(sizeof(req) - 4),
3234 		.len_thresh = cpu_to_le32(val),
3235 		.pkt_thresh = cpu_to_le32(0x2),
3236 	};
3237 
3238 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
3239 				 &req, sizeof(req), true);
3240 }
3241 
3242 int mt7925_mcu_set_radio_en(struct mt792x_phy *phy, bool enable)
3243 {
3244 	struct {
3245 		u8 band_idx;
3246 		u8 _rsv[3];
3247 
3248 		__le16 tag;
3249 		__le16 len;
3250 		u8 enable;
3251 		u8 _rsv2[3];
3252 	} __packed req = {
3253 		.band_idx = phy->mt76->band_idx,
3254 		.tag = cpu_to_le16(UNI_BAND_CONFIG_RADIO_ENABLE),
3255 		.len = cpu_to_le16(sizeof(req) - 4),
3256 		.enable = enable,
3257 	};
3258 
3259 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
3260 				 &req, sizeof(req), true);
3261 }
3262 
3263 static void
3264 mt7925_mcu_build_sku(struct mt76_dev *dev, s8 *sku,
3265 		     struct mt76_power_limits *limits,
3266 		     enum nl80211_band band)
3267 {
3268 	int i, offset = sizeof(limits->cck);
3269 
3270 	memset(sku, 127, MT_CONNAC3_SKU_POWER_LIMIT);
3271 
3272 	if (band == NL80211_BAND_2GHZ) {
3273 		/* cck */
3274 		memcpy(sku, limits->cck, sizeof(limits->cck));
3275 	}
3276 
3277 	/* ofdm */
3278 	memcpy(&sku[offset], limits->ofdm, sizeof(limits->ofdm));
3279 	offset += (sizeof(limits->ofdm) * 5);
3280 
3281 	/* ht */
3282 	for (i = 0; i < 2; i++) {
3283 		memcpy(&sku[offset], limits->mcs[i], 8);
3284 		offset += 8;
3285 	}
3286 	sku[offset++] = limits->mcs[0][0];
3287 
3288 	/* vht */
3289 	for (i = 0; i < ARRAY_SIZE(limits->mcs); i++) {
3290 		memcpy(&sku[offset], limits->mcs[i],
3291 		       ARRAY_SIZE(limits->mcs[i]));
3292 		offset += 12;
3293 	}
3294 
3295 	/* he */
3296 	for (i = 0; i < ARRAY_SIZE(limits->ru); i++) {
3297 		memcpy(&sku[offset], limits->ru[i], ARRAY_SIZE(limits->ru[i]));
3298 		offset += ARRAY_SIZE(limits->ru[i]);
3299 	}
3300 
3301 	/* eht */
3302 	for (i = 0; i < ARRAY_SIZE(limits->eht); i++) {
3303 		memcpy(&sku[offset], limits->eht[i], ARRAY_SIZE(limits->eht[i]));
3304 		offset += ARRAY_SIZE(limits->eht[i]);
3305 	}
3306 }
3307 
3308 static int
3309 mt7925_mcu_rate_txpower_band(struct mt76_phy *phy,
3310 			     enum nl80211_band band)
3311 {
3312 	int tx_power, n_chan, last_ch, err = 0, idx = 0;
3313 	int i, sku_len, batch_size, batch_len = 3;
3314 	struct mt76_dev *dev = phy->dev;
3315 	static const u8 chan_list_2ghz[] = {
3316 		1, 2,  3,  4,  5,  6,  7,
3317 		8, 9, 10, 11, 12, 13, 14
3318 	};
3319 	static const u8 chan_list_5ghz[] = {
3320 		 36,  38,  40,  42,  44,  46,  48,
3321 		 50,  52,  54,  56,  58,  60,  62,
3322 		 64, 100, 102, 104, 106, 108, 110,
3323 		112, 114, 116, 118, 120, 122, 124,
3324 		126, 128, 132, 134, 136, 138, 140,
3325 		142, 144, 149, 151, 153, 155, 157,
3326 		159, 161, 165, 167
3327 	};
3328 	static const u8 chan_list_6ghz[] = {
3329 		  1,   3,   5,   7,   9,  11,  13,
3330 		 15,  17,  19,  21,  23,  25,  27,
3331 		 29,  33,  35,  37,  39,  41,  43,
3332 		 45,  47,  49,  51,  53,  55,  57,
3333 		 59,  61,  65,  67,  69,  71,  73,
3334 		 75,  77,  79,  81,  83,  85,  87,
3335 		 89,  91,  93,  97,  99, 101, 103,
3336 		105, 107, 109, 111, 113, 115, 117,
3337 		119, 121, 123, 125, 129, 131, 133,
3338 		135, 137, 139, 141, 143, 145, 147,
3339 		149, 151, 153, 155, 157, 161, 163,
3340 		165, 167, 169, 171, 173, 175, 177,
3341 		179, 181, 183, 185, 187, 189, 193,
3342 		195, 197, 199, 201, 203, 205, 207,
3343 		209, 211, 213, 215, 217, 219, 221,
3344 		225, 227, 229, 233
3345 	};
3346 	struct mt76_power_limits *limits;
3347 	struct mt7925_sku_tlv *sku_tlbv;
3348 	const u8 *ch_list;
3349 
3350 	sku_len = sizeof(*sku_tlbv);
3351 	tx_power = 2 * phy->hw->conf.power_level;
3352 	if (!tx_power)
3353 		tx_power = 127;
3354 
3355 	if (band == NL80211_BAND_2GHZ) {
3356 		n_chan = ARRAY_SIZE(chan_list_2ghz);
3357 		ch_list = chan_list_2ghz;
3358 		last_ch = chan_list_2ghz[ARRAY_SIZE(chan_list_2ghz) - 1];
3359 	} else if (band == NL80211_BAND_6GHZ) {
3360 		n_chan = ARRAY_SIZE(chan_list_6ghz);
3361 		ch_list = chan_list_6ghz;
3362 		last_ch = chan_list_6ghz[ARRAY_SIZE(chan_list_6ghz) - 1];
3363 	} else {
3364 		n_chan = ARRAY_SIZE(chan_list_5ghz);
3365 		ch_list = chan_list_5ghz;
3366 		last_ch = chan_list_5ghz[ARRAY_SIZE(chan_list_5ghz) - 1];
3367 	}
3368 	batch_size = DIV_ROUND_UP(n_chan, batch_len);
3369 
3370 	limits = devm_kmalloc(dev->dev, sizeof(*limits), GFP_KERNEL);
3371 	if (!limits)
3372 		return -ENOMEM;
3373 
3374 	sku_tlbv = devm_kmalloc(dev->dev, sku_len, GFP_KERNEL);
3375 	if (!sku_tlbv) {
3376 		devm_kfree(dev->dev, limits);
3377 		return -ENOMEM;
3378 	}
3379 
3380 	for (i = 0; i < batch_size; i++) {
3381 		struct mt7925_tx_power_limit_tlv *tx_power_tlv;
3382 		int j, msg_len, num_ch;
3383 		struct sk_buff *skb;
3384 
3385 		num_ch = i == batch_size - 1 ? n_chan % batch_len : batch_len;
3386 		msg_len = sizeof(*tx_power_tlv) + num_ch * sku_len;
3387 		skb = mt76_mcu_msg_alloc(dev, NULL, msg_len);
3388 		if (!skb) {
3389 			err = -ENOMEM;
3390 			goto out;
3391 		}
3392 
3393 		tx_power_tlv = (struct mt7925_tx_power_limit_tlv *)
3394 			       skb_put(skb, sizeof(*tx_power_tlv));
3395 
3396 		BUILD_BUG_ON(sizeof(dev->alpha2) > sizeof(tx_power_tlv->alpha2));
3397 		memcpy(tx_power_tlv->alpha2, dev->alpha2, sizeof(dev->alpha2));
3398 		tx_power_tlv->n_chan = num_ch;
3399 		tx_power_tlv->tag = cpu_to_le16(0x1);
3400 		tx_power_tlv->len = cpu_to_le16(sizeof(*tx_power_tlv));
3401 
3402 		switch (band) {
3403 		case NL80211_BAND_2GHZ:
3404 			tx_power_tlv->band = 1;
3405 			break;
3406 		case NL80211_BAND_6GHZ:
3407 			tx_power_tlv->band = 3;
3408 			break;
3409 		default:
3410 			tx_power_tlv->band = 2;
3411 			break;
3412 		}
3413 
3414 		for (j = 0; j < num_ch; j++, idx++) {
3415 			struct ieee80211_channel chan = {
3416 				.hw_value = ch_list[idx],
3417 				.band = band,
3418 			};
3419 			s8 reg_power, sar_power;
3420 
3421 			reg_power = mt76_connac_get_ch_power(phy, &chan,
3422 							     tx_power);
3423 			sar_power = mt76_get_sar_power(phy, &chan, reg_power);
3424 
3425 			mt76_get_rate_power_limits(phy, &chan, limits,
3426 						   sar_power);
3427 
3428 			tx_power_tlv->last_msg = ch_list[idx] == last_ch;
3429 			sku_tlbv->channel = ch_list[idx];
3430 
3431 			mt7925_mcu_build_sku(dev, sku_tlbv->pwr_limit,
3432 					     limits, band);
3433 			skb_put_data(skb, sku_tlbv, sku_len);
3434 		}
3435 		err = mt76_mcu_skb_send_msg(dev, skb,
3436 					    MCU_UNI_CMD(SET_POWER_LIMIT),
3437 					    true);
3438 		if (err < 0)
3439 			goto out;
3440 	}
3441 
3442 out:
3443 	devm_kfree(dev->dev, sku_tlbv);
3444 	devm_kfree(dev->dev, limits);
3445 	return err;
3446 }
3447 
3448 int mt7925_mcu_set_rate_txpower(struct mt76_phy *phy)
3449 {
3450 	int err;
3451 
3452 	if (phy->cap.has_2ghz) {
3453 		err = mt7925_mcu_rate_txpower_band(phy,
3454 						   NL80211_BAND_2GHZ);
3455 		if (err < 0)
3456 			return err;
3457 	}
3458 
3459 	if (phy->cap.has_5ghz) {
3460 		err = mt7925_mcu_rate_txpower_band(phy,
3461 						   NL80211_BAND_5GHZ);
3462 		if (err < 0)
3463 			return err;
3464 	}
3465 
3466 	if (phy->cap.has_6ghz) {
3467 		err = mt7925_mcu_rate_txpower_band(phy,
3468 						   NL80211_BAND_6GHZ);
3469 		if (err < 0)
3470 			return err;
3471 	}
3472 
3473 	return 0;
3474 }
3475 
3476 int mt7925_mcu_set_rxfilter(struct mt792x_dev *dev, u32 fif,
3477 			    u8 bit_op, u32 bit_map)
3478 {
3479 	struct mt792x_phy *phy = &dev->phy;
3480 	struct {
3481 		u8 band_idx;
3482 		u8 rsv1[3];
3483 
3484 		__le16 tag;
3485 		__le16 len;
3486 		u8 mode;
3487 		u8 rsv2[3];
3488 		__le32 fif;
3489 		__le32 bit_map; /* bit_* for bitmap update */
3490 		u8 bit_op;
3491 		u8 pad[51];
3492 	} __packed req = {
3493 		.band_idx = phy->mt76->band_idx,
3494 		.tag = cpu_to_le16(UNI_BAND_CONFIG_SET_MAC80211_RX_FILTER),
3495 		.len = cpu_to_le16(sizeof(req) - 4),
3496 
3497 		.mode = fif ? 0 : 1,
3498 		.fif = cpu_to_le32(fif),
3499 		.bit_map = cpu_to_le32(bit_map),
3500 		.bit_op = bit_op,
3501 	};
3502 
3503 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
3504 				 &req, sizeof(req), true);
3505 }
3506