xref: /linux/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c (revision 576d7fed09c7edbae7600f29a8a3ed6c1ead904f)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2023 MediaTek Inc. */
3 
4 #include <linux/fs.h>
5 #include <linux/firmware.h>
6 #include "mt7925.h"
7 #include "mcu.h"
8 #include "mac.h"
9 
10 #define MT_STA_BFER			BIT(0)
11 #define MT_STA_BFEE			BIT(1)
12 
13 static bool mt7925_disable_clc;
14 module_param_named(disable_clc, mt7925_disable_clc, bool, 0644);
15 MODULE_PARM_DESC(disable_clc, "disable CLC support");
16 
17 int mt7925_mcu_parse_response(struct mt76_dev *mdev, int cmd,
18 			      struct sk_buff *skb, int seq)
19 {
20 	int mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
21 	struct mt7925_mcu_rxd *rxd;
22 	int ret = 0;
23 
24 	if (!skb) {
25 		dev_err(mdev->dev, "Message %08x (seq %d) timeout\n", cmd, seq);
26 		mt792x_reset(mdev);
27 
28 		return -ETIMEDOUT;
29 	}
30 
31 	rxd = (struct mt7925_mcu_rxd *)skb->data;
32 	if (seq != rxd->seq)
33 		return -EAGAIN;
34 
35 	if (cmd == MCU_CMD(PATCH_SEM_CONTROL) ||
36 	    cmd == MCU_CMD(PATCH_FINISH_REQ)) {
37 		skb_pull(skb, sizeof(*rxd) - 4);
38 		ret = *skb->data;
39 	} else if (cmd == MCU_UNI_CMD(DEV_INFO_UPDATE) ||
40 		   cmd == MCU_UNI_CMD(BSS_INFO_UPDATE) ||
41 		   cmd == MCU_UNI_CMD(STA_REC_UPDATE) ||
42 		   cmd == MCU_UNI_CMD(HIF_CTRL) ||
43 		   cmd == MCU_UNI_CMD(OFFLOAD) ||
44 		   cmd == MCU_UNI_CMD(SUSPEND)) {
45 		struct mt7925_mcu_uni_event *event;
46 
47 		skb_pull(skb, sizeof(*rxd));
48 		event = (struct mt7925_mcu_uni_event *)skb->data;
49 		ret = le32_to_cpu(event->status);
50 		/* skip invalid event */
51 		if (mcu_cmd != event->cid)
52 			ret = -EAGAIN;
53 	} else {
54 		skb_pull(skb, sizeof(*rxd));
55 	}
56 
57 	return ret;
58 }
59 EXPORT_SYMBOL_GPL(mt7925_mcu_parse_response);
60 
61 int mt7925_mcu_regval(struct mt792x_dev *dev, u32 regidx, u32 *val, bool set)
62 {
63 #define MT_RF_REG_HDR           GENMASK(31, 24)
64 #define MT_RF_REG_ANT           GENMASK(23, 16)
65 #define RF_REG_PREFIX           0x99
66 	struct {
67 		u8 __rsv[4];
68 		union {
69 			struct uni_cmd_access_reg_basic {
70 				__le16 tag;
71 				__le16 len;
72 				__le32 idx;
73 				__le32 data;
74 			} __packed reg;
75 			struct uni_cmd_access_rf_reg_basic {
76 				__le16 tag;
77 				__le16 len;
78 				__le16 ant;
79 				u8 __rsv[2];
80 				__le32 idx;
81 				__le32 data;
82 			} __packed rf_reg;
83 		};
84 	} __packed * res, req;
85 	struct sk_buff *skb;
86 	int ret;
87 
88 	if (u32_get_bits(regidx, MT_RF_REG_HDR) == RF_REG_PREFIX) {
89 		req.rf_reg.tag = cpu_to_le16(UNI_CMD_ACCESS_RF_REG_BASIC);
90 		req.rf_reg.len = cpu_to_le16(sizeof(req.rf_reg));
91 		req.rf_reg.ant = cpu_to_le16(u32_get_bits(regidx, MT_RF_REG_ANT));
92 		req.rf_reg.idx = cpu_to_le32(regidx);
93 		req.rf_reg.data = set ? cpu_to_le32(*val) : 0;
94 	} else {
95 		req.reg.tag = cpu_to_le16(UNI_CMD_ACCESS_REG_BASIC);
96 		req.reg.len = cpu_to_le16(sizeof(req.reg));
97 		req.reg.idx = cpu_to_le32(regidx);
98 		req.reg.data = set ? cpu_to_le32(*val) : 0;
99 	}
100 
101 	if (set)
102 		return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(REG_ACCESS),
103 					 &req, sizeof(req), true);
104 
105 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
106 					MCU_WM_UNI_CMD_QUERY(REG_ACCESS),
107 					&req, sizeof(req), true, &skb);
108 	if (ret)
109 		return ret;
110 
111 	res = (void *)skb->data;
112 	if (u32_get_bits(regidx, MT_RF_REG_HDR) == RF_REG_PREFIX)
113 		*val = le32_to_cpu(res->rf_reg.data);
114 	else
115 		*val = le32_to_cpu(res->reg.data);
116 
117 	dev_kfree_skb(skb);
118 
119 	return 0;
120 }
121 EXPORT_SYMBOL_GPL(mt7925_mcu_regval);
122 
123 int mt7925_mcu_update_arp_filter(struct mt76_dev *dev,
124 				 struct mt76_vif *vif,
125 				 struct ieee80211_bss_conf *info)
126 {
127 	struct ieee80211_vif *mvif = container_of(info, struct ieee80211_vif,
128 						  bss_conf);
129 	struct sk_buff *skb;
130 	int i, len = min_t(int, mvif->cfg.arp_addr_cnt,
131 			   IEEE80211_BSS_ARP_ADDR_LIST_LEN);
132 	struct {
133 		struct {
134 			u8 bss_idx;
135 			u8 pad[3];
136 		} __packed hdr;
137 		struct mt7925_arpns_tlv arp;
138 	} req = {
139 		.hdr = {
140 			.bss_idx = vif->idx,
141 		},
142 		.arp = {
143 			.tag = cpu_to_le16(UNI_OFFLOAD_OFFLOAD_ARP),
144 			.len = cpu_to_le16(sizeof(req) - 4 + len * 2 * sizeof(__be32)),
145 			.ips_num = len,
146 			.enable = true,
147 		},
148 	};
149 
150 	skb = mt76_mcu_msg_alloc(dev, NULL, sizeof(req) + len * 2 * sizeof(__be32));
151 	if (!skb)
152 		return -ENOMEM;
153 
154 	skb_put_data(skb, &req, sizeof(req));
155 	for (i = 0; i < len; i++) {
156 		skb_put_data(skb, &mvif->cfg.arp_addr_list[i], sizeof(__be32));
157 		skb_put_zero(skb, sizeof(__be32));
158 	}
159 
160 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(OFFLOAD), true);
161 }
162 
163 #ifdef CONFIG_PM
164 static int
165 mt7925_connac_mcu_set_wow_ctrl(struct mt76_phy *phy, struct ieee80211_vif *vif,
166 			       bool suspend, struct cfg80211_wowlan *wowlan)
167 {
168 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
169 	struct mt76_dev *dev = phy->dev;
170 	struct {
171 		struct {
172 			u8 bss_idx;
173 			u8 pad[3];
174 		} __packed hdr;
175 		struct mt76_connac_wow_ctrl_tlv wow_ctrl_tlv;
176 		struct mt76_connac_wow_gpio_param_tlv gpio_tlv;
177 	} req = {
178 		.hdr = {
179 			.bss_idx = mvif->idx,
180 		},
181 		.wow_ctrl_tlv = {
182 			.tag = cpu_to_le16(UNI_SUSPEND_WOW_CTRL),
183 			.len = cpu_to_le16(sizeof(struct mt76_connac_wow_ctrl_tlv)),
184 			.cmd = suspend ? 1 : 2,
185 		},
186 		.gpio_tlv = {
187 			.tag = cpu_to_le16(UNI_SUSPEND_WOW_GPIO_PARAM),
188 			.len = cpu_to_le16(sizeof(struct mt76_connac_wow_gpio_param_tlv)),
189 			.gpio_pin = 0xff, /* follow fw about GPIO pin */
190 		},
191 	};
192 
193 	if (wowlan->magic_pkt)
194 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_MAGIC;
195 	if (wowlan->disconnect)
196 		req.wow_ctrl_tlv.trigger |= (UNI_WOW_DETECT_TYPE_DISCONNECT |
197 					     UNI_WOW_DETECT_TYPE_BCN_LOST);
198 	if (wowlan->nd_config) {
199 		mt7925_mcu_sched_scan_req(phy, vif, wowlan->nd_config);
200 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_SCH_SCAN_HIT;
201 		mt7925_mcu_sched_scan_enable(phy, vif, suspend);
202 	}
203 	if (wowlan->n_patterns)
204 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_BITMAP;
205 
206 	if (mt76_is_mmio(dev))
207 		req.wow_ctrl_tlv.wakeup_hif = WOW_PCIE;
208 	else if (mt76_is_usb(dev))
209 		req.wow_ctrl_tlv.wakeup_hif = WOW_USB;
210 	else if (mt76_is_sdio(dev))
211 		req.wow_ctrl_tlv.wakeup_hif = WOW_GPIO;
212 
213 	return mt76_mcu_send_msg(dev, MCU_UNI_CMD(SUSPEND), &req,
214 				 sizeof(req), true);
215 }
216 
217 static int
218 mt7925_mcu_set_wow_pattern(struct mt76_dev *dev,
219 			   struct ieee80211_vif *vif,
220 			   u8 index, bool enable,
221 			   struct cfg80211_pkt_pattern *pattern)
222 {
223 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
224 	struct mt7925_wow_pattern_tlv *tlv;
225 	struct sk_buff *skb;
226 	struct {
227 		u8 bss_idx;
228 		u8 pad[3];
229 	} __packed hdr = {
230 		.bss_idx = mvif->idx,
231 	};
232 
233 	skb = mt76_mcu_msg_alloc(dev, NULL, sizeof(hdr) + sizeof(*tlv));
234 	if (!skb)
235 		return -ENOMEM;
236 
237 	skb_put_data(skb, &hdr, sizeof(hdr));
238 	tlv = (struct mt7925_wow_pattern_tlv *)skb_put(skb, sizeof(*tlv));
239 	tlv->tag = cpu_to_le16(UNI_SUSPEND_WOW_PATTERN);
240 	tlv->len = cpu_to_le16(sizeof(*tlv));
241 	tlv->bss_idx = 0xF;
242 	tlv->data_len = pattern->pattern_len;
243 	tlv->enable = enable;
244 	tlv->index = index;
245 	tlv->offset = 0;
246 
247 	memcpy(tlv->pattern, pattern->pattern, pattern->pattern_len);
248 	memcpy(tlv->mask, pattern->mask, DIV_ROUND_UP(pattern->pattern_len, 8));
249 
250 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(SUSPEND), true);
251 }
252 
253 void mt7925_mcu_set_suspend_iter(void *priv, u8 *mac,
254 				 struct ieee80211_vif *vif)
255 {
256 	struct mt76_phy *phy = priv;
257 	bool suspend = !test_bit(MT76_STATE_RUNNING, &phy->state);
258 	struct ieee80211_hw *hw = phy->hw;
259 	struct cfg80211_wowlan *wowlan = hw->wiphy->wowlan_config;
260 	int i;
261 
262 	mt76_connac_mcu_set_gtk_rekey(phy->dev, vif, suspend);
263 
264 	mt76_connac_mcu_set_suspend_mode(phy->dev, vif, suspend, 1, true);
265 
266 	for (i = 0; i < wowlan->n_patterns; i++)
267 		mt7925_mcu_set_wow_pattern(phy->dev, vif, i, suspend,
268 					   &wowlan->patterns[i]);
269 	mt7925_connac_mcu_set_wow_ctrl(phy, vif, suspend, wowlan);
270 }
271 
272 #endif /* CONFIG_PM */
273 
274 static void
275 mt7925_mcu_connection_loss_iter(void *priv, u8 *mac,
276 				struct ieee80211_vif *vif)
277 {
278 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
279 	struct mt7925_uni_beacon_loss_event *event = priv;
280 
281 	if (mvif->idx != event->hdr.bss_idx)
282 		return;
283 
284 	if (!(vif->driver_flags & IEEE80211_VIF_BEACON_FILTER) ||
285 	    vif->type != NL80211_IFTYPE_STATION)
286 		return;
287 
288 	ieee80211_connection_loss(vif);
289 }
290 
291 static void
292 mt7925_mcu_connection_loss_event(struct mt792x_dev *dev, struct sk_buff *skb)
293 {
294 	struct mt7925_uni_beacon_loss_event *event;
295 	struct mt76_phy *mphy = &dev->mt76.phy;
296 
297 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd));
298 	event = (struct mt7925_uni_beacon_loss_event *)skb->data;
299 
300 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
301 					IEEE80211_IFACE_ITER_RESUME_ALL,
302 					mt7925_mcu_connection_loss_iter, event);
303 }
304 
305 static void
306 mt7925_mcu_roc_iter(void *priv, u8 *mac, struct ieee80211_vif *vif)
307 {
308 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
309 	struct mt7925_roc_grant_tlv *grant = priv;
310 
311 	if (mvif->idx != grant->bss_idx)
312 		return;
313 
314 	mvif->band_idx = grant->dbdcband;
315 }
316 
317 static void
318 mt7925_mcu_uni_roc_event(struct mt792x_dev *dev, struct sk_buff *skb)
319 {
320 	struct ieee80211_hw *hw = dev->mt76.hw;
321 	struct mt7925_roc_grant_tlv *grant;
322 	struct mt7925_mcu_rxd *rxd;
323 	int duration;
324 
325 	rxd = (struct mt7925_mcu_rxd *)skb->data;
326 	grant = (struct mt7925_roc_grant_tlv *)(rxd->tlv + 4);
327 
328 	/* should never happen */
329 	WARN_ON_ONCE((le16_to_cpu(grant->tag) != UNI_EVENT_ROC_GRANT));
330 
331 	if (grant->reqtype == MT7925_ROC_REQ_ROC)
332 		ieee80211_ready_on_channel(hw);
333 	else if (grant->reqtype == MT7925_ROC_REQ_JOIN)
334 		ieee80211_iterate_active_interfaces_atomic(hw,
335 						IEEE80211_IFACE_ITER_RESUME_ALL,
336 						mt7925_mcu_roc_iter, grant);
337 	dev->phy.roc_grant = true;
338 	wake_up(&dev->phy.roc_wait);
339 	duration = le32_to_cpu(grant->max_interval);
340 	mod_timer(&dev->phy.roc_timer,
341 		  jiffies + msecs_to_jiffies(duration));
342 }
343 
344 static void
345 mt7925_mcu_scan_event(struct mt792x_dev *dev, struct sk_buff *skb)
346 {
347 	struct mt76_phy *mphy = &dev->mt76.phy;
348 	struct mt792x_phy *phy = (struct mt792x_phy *)mphy->priv;
349 
350 	spin_lock_bh(&dev->mt76.lock);
351 	__skb_queue_tail(&phy->scan_event_list, skb);
352 	spin_unlock_bh(&dev->mt76.lock);
353 
354 	ieee80211_queue_delayed_work(mphy->hw, &phy->scan_work,
355 				     MT792x_HW_SCAN_TIMEOUT);
356 }
357 
358 static void
359 mt7925_mcu_tx_done_event(struct mt792x_dev *dev, struct sk_buff *skb)
360 {
361 #define UNI_EVENT_TX_DONE_MSG 0
362 #define UNI_EVENT_TX_DONE_RAW 1
363 	struct mt7925_mcu_txs_event {
364 		u8 ver;
365 		u8 rsv[3];
366 		u8 data[0];
367 	} __packed * txs;
368 	struct tlv *tlv;
369 	u32 tlv_len;
370 
371 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd) + 4);
372 	tlv = (struct tlv *)skb->data;
373 	tlv_len = skb->len;
374 
375 	while (tlv_len > 0 && le16_to_cpu(tlv->len) <= tlv_len) {
376 		switch (le16_to_cpu(tlv->tag)) {
377 		case UNI_EVENT_TX_DONE_RAW:
378 			txs = (struct mt7925_mcu_txs_event *)tlv->data;
379 			mt7925_mac_add_txs(dev, txs->data);
380 			break;
381 		default:
382 			break;
383 		}
384 		tlv_len -= le16_to_cpu(tlv->len);
385 		tlv = (struct tlv *)((char *)(tlv) + le16_to_cpu(tlv->len));
386 	}
387 }
388 
389 static void
390 mt7925_mcu_uni_debug_msg_event(struct mt792x_dev *dev, struct sk_buff *skb)
391 {
392 	struct mt7925_uni_debug_msg {
393 		__le16 tag;
394 		__le16 len;
395 		u8 fmt;
396 		u8 rsv[3];
397 		u8 id;
398 		u8 type:3;
399 		u8 nr_args:5;
400 		union {
401 			struct idxlog {
402 				__le16 rsv;
403 				__le32 ts;
404 				__le32 idx;
405 				u8 data[];
406 			} __packed idx;
407 			struct txtlog {
408 				u8 len;
409 				u8 rsv;
410 				__le32 ts;
411 				u8 data[];
412 			} __packed txt;
413 		};
414 	} __packed * hdr;
415 
416 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd) + 4);
417 	hdr = (struct mt7925_uni_debug_msg *)skb->data;
418 
419 	if (hdr->id == 0x28) {
420 		skb_pull(skb, offsetof(struct mt7925_uni_debug_msg, id));
421 		wiphy_info(mt76_hw(dev)->wiphy, "%.*s", skb->len, skb->data);
422 		return;
423 	} else if (hdr->id != 0xa8) {
424 		return;
425 	}
426 
427 	if (hdr->type == 0) { /* idx log */
428 		int i, ret, len = PAGE_SIZE - 1, nr_val;
429 		struct page *page = dev_alloc_pages(get_order(len));
430 		__le32 *val;
431 		char *buf, *cur;
432 
433 		if (!page)
434 			return;
435 
436 		buf = page_address(page);
437 		cur = buf;
438 
439 		nr_val = (le16_to_cpu(hdr->len) - sizeof(*hdr)) / 4;
440 		val = (__le32 *)hdr->idx.data;
441 		for (i = 0; i < nr_val && len > 0; i++) {
442 			ret = snprintf(cur, len, "0x%x,", le32_to_cpu(val[i]));
443 			if (ret <= 0)
444 				break;
445 
446 			cur += ret;
447 			len -= ret;
448 		}
449 		if (cur > buf)
450 			wiphy_info(mt76_hw(dev)->wiphy, "idx: 0x%X,%d,%s",
451 				   le32_to_cpu(hdr->idx.idx), nr_val, buf);
452 		put_page(page);
453 	} else if (hdr->type == 2) { /* str log */
454 		wiphy_info(mt76_hw(dev)->wiphy, "%.*s", hdr->txt.len, hdr->txt.data);
455 	}
456 }
457 
458 static void
459 mt7925_mcu_uni_rx_unsolicited_event(struct mt792x_dev *dev,
460 				    struct sk_buff *skb)
461 {
462 	struct mt7925_mcu_rxd *rxd;
463 
464 	rxd = (struct mt7925_mcu_rxd *)skb->data;
465 
466 	switch (rxd->eid) {
467 	case MCU_UNI_EVENT_FW_LOG_2_HOST:
468 		mt7925_mcu_uni_debug_msg_event(dev, skb);
469 		break;
470 	case MCU_UNI_EVENT_ROC:
471 		mt7925_mcu_uni_roc_event(dev, skb);
472 		break;
473 	case MCU_UNI_EVENT_SCAN_DONE:
474 		mt7925_mcu_scan_event(dev, skb);
475 		return;
476 	case MCU_UNI_EVENT_TX_DONE:
477 		mt7925_mcu_tx_done_event(dev, skb);
478 		break;
479 	case MCU_UNI_EVENT_BSS_BEACON_LOSS:
480 		mt7925_mcu_connection_loss_event(dev, skb);
481 		break;
482 	case MCU_UNI_EVENT_COREDUMP:
483 		dev->fw_assert = true;
484 		mt76_connac_mcu_coredump_event(&dev->mt76, skb, &dev->coredump);
485 		return;
486 	default:
487 		break;
488 	}
489 	dev_kfree_skb(skb);
490 }
491 
492 void mt7925_mcu_rx_event(struct mt792x_dev *dev, struct sk_buff *skb)
493 {
494 	struct mt7925_mcu_rxd *rxd = (struct mt7925_mcu_rxd *)skb->data;
495 
496 	if (skb_linearize(skb))
497 		return;
498 
499 	if (rxd->option & MCU_UNI_CMD_UNSOLICITED_EVENT) {
500 		mt7925_mcu_uni_rx_unsolicited_event(dev, skb);
501 		return;
502 	}
503 
504 	mt76_mcu_rx_event(&dev->mt76, skb);
505 }
506 
507 static int
508 mt7925_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif *mvif,
509 		  struct ieee80211_ampdu_params *params,
510 		  bool enable, bool tx)
511 {
512 	struct mt76_wcid *wcid = (struct mt76_wcid *)params->sta->drv_priv;
513 	struct sta_rec_ba_uni *ba;
514 	struct sk_buff *skb;
515 	struct tlv *tlv;
516 	int len;
517 
518 	len = sizeof(struct sta_req_hdr) + sizeof(*ba);
519 	skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, wcid,
520 					      len);
521 	if (IS_ERR(skb))
522 		return PTR_ERR(skb);
523 
524 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BA, sizeof(*ba));
525 
526 	ba = (struct sta_rec_ba_uni *)tlv;
527 	ba->ba_type = tx ? MT_BA_TYPE_ORIGINATOR : MT_BA_TYPE_RECIPIENT;
528 	ba->winsize = cpu_to_le16(params->buf_size);
529 	ba->ssn = cpu_to_le16(params->ssn);
530 	ba->ba_en = enable << params->tid;
531 	ba->amsdu = params->amsdu;
532 	ba->tid = params->tid;
533 
534 	return mt76_mcu_skb_send_msg(dev, skb,
535 				     MCU_UNI_CMD(STA_REC_UPDATE), true);
536 }
537 
538 /** starec & wtbl **/
539 int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev,
540 			 struct ieee80211_ampdu_params *params,
541 			 bool enable)
542 {
543 	struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv;
544 	struct mt792x_vif *mvif = msta->vif;
545 
546 	if (enable && !params->amsdu)
547 		msta->wcid.amsdu = false;
548 
549 	return mt7925_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
550 				 enable, true);
551 }
552 
553 int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev,
554 			 struct ieee80211_ampdu_params *params,
555 			 bool enable)
556 {
557 	struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv;
558 	struct mt792x_vif *mvif = msta->vif;
559 
560 	return mt7925_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
561 				 enable, false);
562 }
563 
564 static int mt7925_load_clc(struct mt792x_dev *dev, const char *fw_name)
565 {
566 	const struct mt76_connac2_fw_trailer *hdr;
567 	const struct mt76_connac2_fw_region *region;
568 	const struct mt7925_clc *clc;
569 	struct mt76_dev *mdev = &dev->mt76;
570 	struct mt792x_phy *phy = &dev->phy;
571 	const struct firmware *fw;
572 	int ret, i, len, offset = 0;
573 	u8 *clc_base = NULL;
574 
575 	if (mt7925_disable_clc ||
576 	    mt76_is_usb(&dev->mt76))
577 		return 0;
578 
579 	ret = request_firmware(&fw, fw_name, mdev->dev);
580 	if (ret)
581 		return ret;
582 
583 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
584 		dev_err(mdev->dev, "Invalid firmware\n");
585 		ret = -EINVAL;
586 		goto out;
587 	}
588 
589 	hdr = (const void *)(fw->data + fw->size - sizeof(*hdr));
590 	for (i = 0; i < hdr->n_region; i++) {
591 		region = (const void *)((const u8 *)hdr -
592 					(hdr->n_region - i) * sizeof(*region));
593 		len = le32_to_cpu(region->len);
594 
595 		/* check if we have valid buffer size */
596 		if (offset + len > fw->size) {
597 			dev_err(mdev->dev, "Invalid firmware region\n");
598 			ret = -EINVAL;
599 			goto out;
600 		}
601 
602 		if ((region->feature_set & FW_FEATURE_NON_DL) &&
603 		    region->type == FW_TYPE_CLC) {
604 			clc_base = (u8 *)(fw->data + offset);
605 			break;
606 		}
607 		offset += len;
608 	}
609 
610 	if (!clc_base)
611 		goto out;
612 
613 	for (offset = 0; offset < len; offset += le32_to_cpu(clc->len)) {
614 		clc = (const struct mt7925_clc *)(clc_base + offset);
615 
616 		/* do not init buf again if chip reset triggered */
617 		if (phy->clc[clc->idx])
618 			continue;
619 
620 		phy->clc[clc->idx] = devm_kmemdup(mdev->dev, clc,
621 						  le32_to_cpu(clc->len),
622 						  GFP_KERNEL);
623 
624 		if (!phy->clc[clc->idx]) {
625 			ret = -ENOMEM;
626 			goto out;
627 		}
628 	}
629 
630 	ret = mt7925_mcu_set_clc(dev, "00", ENVIRON_INDOOR);
631 out:
632 	release_firmware(fw);
633 
634 	return ret;
635 }
636 
637 int mt7925_mcu_fw_log_2_host(struct mt792x_dev *dev, u8 ctrl)
638 {
639 	struct {
640 		u8 _rsv[4];
641 
642 		__le16 tag;
643 		__le16 len;
644 		u8 ctrl;
645 		u8 interval;
646 		u8 _rsv2[2];
647 	} __packed req = {
648 		.tag = cpu_to_le16(UNI_WSYS_CONFIG_FW_LOG_CTRL),
649 		.len = cpu_to_le16(sizeof(req) - 4),
650 		.ctrl = ctrl,
651 	};
652 	int ret;
653 
654 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(WSYS_CONFIG),
655 					&req, sizeof(req), false, NULL);
656 	return ret;
657 }
658 
659 static void
660 mt7925_mcu_parse_phy_cap(struct mt792x_dev *dev, char *data)
661 {
662 	struct mt76_phy *mphy = &dev->mt76.phy;
663 	struct mt76_dev *mdev = mphy->dev;
664 	struct mt7925_mcu_phy_cap {
665 		u8 ht;
666 		u8 vht;
667 		u8 _5g;
668 		u8 max_bw;
669 		u8 nss;
670 		u8 dbdc;
671 		u8 tx_ldpc;
672 		u8 rx_ldpc;
673 		u8 tx_stbc;
674 		u8 rx_stbc;
675 		u8 hw_path;
676 		u8 he;
677 		u8 eht;
678 	} __packed * cap;
679 	enum {
680 		WF0_24G,
681 		WF0_5G
682 	};
683 
684 	cap = (struct mt7925_mcu_phy_cap *)data;
685 
686 	mdev->phy.antenna_mask = BIT(cap->nss) - 1;
687 	mdev->phy.chainmask = mdev->phy.antenna_mask;
688 	mdev->phy.cap.has_2ghz = cap->hw_path & BIT(WF0_24G);
689 	mdev->phy.cap.has_5ghz = cap->hw_path & BIT(WF0_5G);
690 	dev->has_eht = cap->eht;
691 }
692 
693 static int
694 mt7925_mcu_get_nic_capability(struct mt792x_dev *dev)
695 {
696 	struct mt76_phy *mphy = &dev->mt76.phy;
697 	struct {
698 		u8 _rsv[4];
699 
700 		__le16 tag;
701 		__le16 len;
702 	} __packed req = {
703 		.tag = cpu_to_le16(UNI_CHIP_CONFIG_NIC_CAPA),
704 		.len = cpu_to_le16(sizeof(req) - 4),
705 	};
706 	struct mt76_connac_cap_hdr {
707 		__le16 n_element;
708 		u8 rsv[2];
709 	} __packed * hdr;
710 	struct sk_buff *skb;
711 	int ret, i;
712 
713 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(CHIP_CONFIG),
714 					&req, sizeof(req), true, &skb);
715 	if (ret)
716 		return ret;
717 
718 	hdr = (struct mt76_connac_cap_hdr *)skb->data;
719 	if (skb->len < sizeof(*hdr)) {
720 		ret = -EINVAL;
721 		goto out;
722 	}
723 
724 	skb_pull(skb, sizeof(*hdr));
725 
726 	for (i = 0; i < le16_to_cpu(hdr->n_element); i++) {
727 		struct tlv *tlv = (struct tlv *)skb->data;
728 		int len;
729 
730 		if (skb->len < sizeof(*tlv))
731 			break;
732 
733 		len = le16_to_cpu(tlv->len);
734 		if (skb->len < len)
735 			break;
736 
737 		switch (le16_to_cpu(tlv->tag)) {
738 		case MT_NIC_CAP_6G:
739 			mphy->cap.has_6ghz = !!tlv->data[0];
740 			break;
741 		case MT_NIC_CAP_MAC_ADDR:
742 			memcpy(mphy->macaddr, (void *)tlv->data, ETH_ALEN);
743 			break;
744 		case MT_NIC_CAP_PHY:
745 			mt7925_mcu_parse_phy_cap(dev, tlv->data);
746 			break;
747 		default:
748 			break;
749 		}
750 		skb_pull(skb, len);
751 	}
752 out:
753 	dev_kfree_skb(skb);
754 	return ret;
755 }
756 
757 int mt7925_mcu_chip_config(struct mt792x_dev *dev, const char *cmd)
758 {
759 	u16 len = strlen(cmd) + 1;
760 	struct {
761 		u8 _rsv[4];
762 		__le16 tag;
763 		__le16 len;
764 		struct mt76_connac_config config;
765 	} __packed req = {
766 		.tag = cpu_to_le16(UNI_CHIP_CONFIG_CHIP_CFG),
767 		.len = cpu_to_le16(sizeof(req) - 4),
768 		.config = {
769 			.resp_type = 0,
770 			.type = 0,
771 			.data_size = cpu_to_le16(len),
772 		},
773 	};
774 
775 	memcpy(req.config.data, cmd, len);
776 
777 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(CHIP_CONFIG),
778 				 &req, sizeof(req), false);
779 }
780 
781 int mt7925_mcu_set_deep_sleep(struct mt792x_dev *dev, bool enable)
782 {
783 	char cmd[16];
784 
785 	snprintf(cmd, sizeof(cmd), "KeepFullPwr %d", !enable);
786 
787 	return mt7925_mcu_chip_config(dev, cmd);
788 }
789 EXPORT_SYMBOL_GPL(mt7925_mcu_set_deep_sleep);
790 
791 int mt7925_run_firmware(struct mt792x_dev *dev)
792 {
793 	int err;
794 
795 	err = mt792x_load_firmware(dev);
796 	if (err)
797 		return err;
798 
799 	err = mt7925_mcu_get_nic_capability(dev);
800 	if (err)
801 		return err;
802 
803 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
804 	err = mt7925_load_clc(dev, mt792x_ram_name(dev));
805 	if (err)
806 		return err;
807 
808 	return mt7925_mcu_fw_log_2_host(dev, 1);
809 }
810 EXPORT_SYMBOL_GPL(mt7925_run_firmware);
811 
812 static void
813 mt7925_mcu_sta_hdr_trans_tlv(struct sk_buff *skb,
814 			     struct ieee80211_vif *vif,
815 			     struct ieee80211_sta *sta)
816 {
817 	struct sta_rec_hdr_trans *hdr_trans;
818 	struct mt76_wcid *wcid;
819 	struct tlv *tlv;
820 
821 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HDR_TRANS, sizeof(*hdr_trans));
822 	hdr_trans = (struct sta_rec_hdr_trans *)tlv;
823 	hdr_trans->dis_rx_hdr_tran = true;
824 
825 	if (vif->type == NL80211_IFTYPE_STATION)
826 		hdr_trans->to_ds = true;
827 	else
828 		hdr_trans->from_ds = true;
829 
830 	wcid = (struct mt76_wcid *)sta->drv_priv;
831 	if (!wcid)
832 		return;
833 
834 	hdr_trans->dis_rx_hdr_tran = !test_bit(MT_WCID_FLAG_HDR_TRANS, &wcid->flags);
835 	if (test_bit(MT_WCID_FLAG_4ADDR, &wcid->flags)) {
836 		hdr_trans->to_ds = true;
837 		hdr_trans->from_ds = true;
838 	}
839 }
840 
841 int mt7925_mcu_wtbl_update_hdr_trans(struct mt792x_dev *dev,
842 				     struct ieee80211_vif *vif,
843 				     struct ieee80211_sta *sta)
844 {
845 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
846 	struct mt792x_sta *msta;
847 	struct sk_buff *skb;
848 
849 	msta = sta ? (struct mt792x_sta *)sta->drv_priv : &mvif->sta;
850 
851 	skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
852 					      &msta->wcid,
853 					      MT7925_STA_UPDATE_MAX_SIZE);
854 	if (IS_ERR(skb))
855 		return PTR_ERR(skb);
856 
857 	/* starec hdr trans */
858 	mt7925_mcu_sta_hdr_trans_tlv(skb, vif, sta);
859 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
860 				     MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
861 }
862 
863 int mt7925_mcu_set_tx(struct mt792x_dev *dev, struct ieee80211_vif *vif)
864 {
865 #define MCU_EDCA_AC_PARAM	0
866 #define WMM_AIFS_SET		BIT(0)
867 #define WMM_CW_MIN_SET		BIT(1)
868 #define WMM_CW_MAX_SET		BIT(2)
869 #define WMM_TXOP_SET		BIT(3)
870 #define WMM_PARAM_SET		(WMM_AIFS_SET | WMM_CW_MIN_SET | \
871 				 WMM_CW_MAX_SET | WMM_TXOP_SET)
872 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
873 	struct {
874 		u8 bss_idx;
875 		u8 __rsv[3];
876 	} __packed hdr = {
877 		.bss_idx = mvif->mt76.idx,
878 	};
879 	struct sk_buff *skb;
880 	int len = sizeof(hdr) + IEEE80211_NUM_ACS * sizeof(struct edca);
881 	int ac;
882 
883 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
884 	if (!skb)
885 		return -ENOMEM;
886 
887 	skb_put_data(skb, &hdr, sizeof(hdr));
888 
889 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
890 		struct ieee80211_tx_queue_params *q = &mvif->queue_params[ac];
891 		struct edca *e;
892 		struct tlv *tlv;
893 
894 		tlv = mt76_connac_mcu_add_tlv(skb, MCU_EDCA_AC_PARAM, sizeof(*e));
895 
896 		e = (struct edca *)tlv;
897 		e->set = WMM_PARAM_SET;
898 		e->queue = ac + mvif->mt76.wmm_idx * MT76_CONNAC_MAX_WMM_SETS;
899 		e->aifs = q->aifs;
900 		e->txop = cpu_to_le16(q->txop);
901 
902 		if (q->cw_min)
903 			e->cw_min = fls(q->cw_min);
904 		else
905 			e->cw_min = 5;
906 
907 		if (q->cw_max)
908 			e->cw_max = fls(q->cw_max);
909 		else
910 			e->cw_max = 10;
911 	}
912 
913 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
914 				     MCU_UNI_CMD(EDCA_UPDATE), true);
915 }
916 
917 static int
918 mt7925_mcu_sta_key_tlv(struct mt76_wcid *wcid,
919 		       struct mt76_connac_sta_key_conf *sta_key_conf,
920 		       struct sk_buff *skb,
921 		       struct ieee80211_key_conf *key,
922 		       enum set_key_cmd cmd)
923 {
924 	struct sta_rec_sec_uni *sec;
925 	struct tlv *tlv;
926 
927 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_KEY_V2, sizeof(*sec));
928 	sec = (struct sta_rec_sec_uni *)tlv;
929 	sec->add = cmd;
930 
931 	if (cmd == SET_KEY) {
932 		struct sec_key_uni *sec_key;
933 		u8 cipher;
934 
935 		cipher = mt76_connac_mcu_get_cipher(key->cipher);
936 		if (cipher == MCU_CIPHER_NONE)
937 			return -EOPNOTSUPP;
938 
939 		sec_key = &sec->key[0];
940 		sec_key->cipher_len = sizeof(*sec_key);
941 
942 		if (cipher == MCU_CIPHER_BIP_CMAC_128) {
943 			sec_key->wlan_idx = cpu_to_le16(wcid->idx);
944 			sec_key->cipher_id = MCU_CIPHER_AES_CCMP;
945 			sec_key->key_id = sta_key_conf->keyidx;
946 			sec_key->key_len = 16;
947 			memcpy(sec_key->key, sta_key_conf->key, 16);
948 
949 			sec_key = &sec->key[1];
950 			sec_key->wlan_idx = cpu_to_le16(wcid->idx);
951 			sec_key->cipher_id = MCU_CIPHER_BIP_CMAC_128;
952 			sec_key->cipher_len = sizeof(*sec_key);
953 			sec_key->key_len = 16;
954 			memcpy(sec_key->key, key->key, 16);
955 			sec->n_cipher = 2;
956 		} else {
957 			sec_key->wlan_idx = cpu_to_le16(wcid->idx);
958 			sec_key->cipher_id = cipher;
959 			sec_key->key_id = key->keyidx;
960 			sec_key->key_len = key->keylen;
961 			memcpy(sec_key->key, key->key, key->keylen);
962 
963 			if (cipher == MCU_CIPHER_TKIP) {
964 				/* Rx/Tx MIC keys are swapped */
965 				memcpy(sec_key->key + 16, key->key + 24, 8);
966 				memcpy(sec_key->key + 24, key->key + 16, 8);
967 			}
968 
969 			/* store key_conf for BIP batch update */
970 			if (cipher == MCU_CIPHER_AES_CCMP) {
971 				memcpy(sta_key_conf->key, key->key, key->keylen);
972 				sta_key_conf->keyidx = key->keyidx;
973 			}
974 
975 			sec->n_cipher = 1;
976 		}
977 	} else {
978 		sec->n_cipher = 0;
979 	}
980 
981 	return 0;
982 }
983 
984 int mt7925_mcu_add_key(struct mt76_dev *dev, struct ieee80211_vif *vif,
985 		       struct mt76_connac_sta_key_conf *sta_key_conf,
986 		       struct ieee80211_key_conf *key, int mcu_cmd,
987 		       struct mt76_wcid *wcid, enum set_key_cmd cmd)
988 {
989 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
990 	struct sk_buff *skb;
991 	int ret;
992 
993 	skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, wcid,
994 					      MT7925_STA_UPDATE_MAX_SIZE);
995 	if (IS_ERR(skb))
996 		return PTR_ERR(skb);
997 
998 	ret = mt7925_mcu_sta_key_tlv(wcid, sta_key_conf, skb, key, cmd);
999 	if (ret)
1000 		return ret;
1001 
1002 	return mt76_mcu_skb_send_msg(dev, skb, mcu_cmd, true);
1003 }
1004 
1005 int mt7925_mcu_set_roc(struct mt792x_phy *phy, struct mt792x_vif *vif,
1006 		       struct ieee80211_channel *chan, int duration,
1007 		       enum mt7925_roc_req type, u8 token_id)
1008 {
1009 	int center_ch = ieee80211_frequency_to_channel(chan->center_freq);
1010 	struct mt792x_dev *dev = phy->dev;
1011 	struct {
1012 		struct {
1013 			u8 rsv[4];
1014 		} __packed hdr;
1015 		struct roc_acquire_tlv {
1016 			__le16 tag;
1017 			__le16 len;
1018 			u8 bss_idx;
1019 			u8 tokenid;
1020 			u8 control_channel;
1021 			u8 sco;
1022 			u8 band;
1023 			u8 bw;
1024 			u8 center_chan;
1025 			u8 center_chan2;
1026 			u8 bw_from_ap;
1027 			u8 center_chan_from_ap;
1028 			u8 center_chan2_from_ap;
1029 			u8 reqtype;
1030 			__le32 maxinterval;
1031 			u8 dbdcband;
1032 			u8 rsv[3];
1033 		} __packed roc;
1034 	} __packed req = {
1035 		.roc = {
1036 			.tag = cpu_to_le16(UNI_ROC_ACQUIRE),
1037 			.len = cpu_to_le16(sizeof(struct roc_acquire_tlv)),
1038 			.tokenid = token_id,
1039 			.reqtype = type,
1040 			.maxinterval = cpu_to_le32(duration),
1041 			.bss_idx = vif->mt76.idx,
1042 			.control_channel = chan->hw_value,
1043 			.bw = CMD_CBW_20MHZ,
1044 			.bw_from_ap = CMD_CBW_20MHZ,
1045 			.center_chan = center_ch,
1046 			.center_chan_from_ap = center_ch,
1047 			.dbdcband = 0xff, /* auto */
1048 		},
1049 	};
1050 
1051 	if (chan->hw_value < center_ch)
1052 		req.roc.sco = 1; /* SCA */
1053 	else if (chan->hw_value > center_ch)
1054 		req.roc.sco = 3; /* SCB */
1055 
1056 	switch (chan->band) {
1057 	case NL80211_BAND_6GHZ:
1058 		req.roc.band = 3;
1059 		break;
1060 	case NL80211_BAND_5GHZ:
1061 		req.roc.band = 2;
1062 		break;
1063 	default:
1064 		req.roc.band = 1;
1065 		break;
1066 	}
1067 
1068 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(ROC),
1069 				 &req, sizeof(req), false);
1070 }
1071 
1072 int mt7925_mcu_abort_roc(struct mt792x_phy *phy, struct mt792x_vif *vif,
1073 			 u8 token_id)
1074 {
1075 	struct mt792x_dev *dev = phy->dev;
1076 	struct {
1077 		struct {
1078 			u8 rsv[4];
1079 		} __packed hdr;
1080 		struct roc_abort_tlv {
1081 			__le16 tag;
1082 			__le16 len;
1083 			u8 bss_idx;
1084 			u8 tokenid;
1085 			u8 dbdcband;
1086 			u8 rsv[5];
1087 		} __packed abort;
1088 	} __packed req = {
1089 		.abort = {
1090 			.tag = cpu_to_le16(UNI_ROC_ABORT),
1091 			.len = cpu_to_le16(sizeof(struct roc_abort_tlv)),
1092 			.tokenid = token_id,
1093 			.bss_idx = vif->mt76.idx,
1094 			.dbdcband = 0xff, /* auto*/
1095 		},
1096 	};
1097 
1098 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(ROC),
1099 				 &req, sizeof(req), false);
1100 }
1101 
1102 int mt7925_mcu_set_chan_info(struct mt792x_phy *phy, u16 tag)
1103 {
1104 	static const u8 ch_band[] = {
1105 		[NL80211_BAND_2GHZ] = 0,
1106 		[NL80211_BAND_5GHZ] = 1,
1107 		[NL80211_BAND_6GHZ] = 2,
1108 	};
1109 	struct mt792x_dev *dev = phy->dev;
1110 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
1111 	int freq1 = chandef->center_freq1;
1112 	u8 band_idx = chandef->chan->band != NL80211_BAND_2GHZ;
1113 	struct {
1114 		/* fixed field */
1115 		u8 __rsv[4];
1116 
1117 		__le16 tag;
1118 		__le16 len;
1119 		u8 control_ch;
1120 		u8 center_ch;
1121 		u8 bw;
1122 		u8 tx_path_num;
1123 		u8 rx_path;	/* mask or num */
1124 		u8 switch_reason;
1125 		u8 band_idx;
1126 		u8 center_ch2;	/* for 80+80 only */
1127 		__le16 cac_case;
1128 		u8 channel_band;
1129 		u8 rsv0;
1130 		__le32 outband_freq;
1131 		u8 txpower_drop;
1132 		u8 ap_bw;
1133 		u8 ap_center_ch;
1134 		u8 rsv1[53];
1135 	} __packed req = {
1136 		.tag = cpu_to_le16(tag),
1137 		.len = cpu_to_le16(sizeof(req) - 4),
1138 		.control_ch = chandef->chan->hw_value,
1139 		.center_ch = ieee80211_frequency_to_channel(freq1),
1140 		.bw = mt76_connac_chan_bw(chandef),
1141 		.tx_path_num = hweight8(phy->mt76->antenna_mask),
1142 		.rx_path = phy->mt76->antenna_mask,
1143 		.band_idx = band_idx,
1144 		.channel_band = ch_band[chandef->chan->band],
1145 	};
1146 
1147 	if (chandef->chan->band == NL80211_BAND_6GHZ)
1148 		req.channel_band = 2;
1149 	else
1150 		req.channel_band = chandef->chan->band;
1151 
1152 	if (tag == UNI_CHANNEL_RX_PATH ||
1153 	    dev->mt76.hw->conf.flags & IEEE80211_CONF_MONITOR)
1154 		req.switch_reason = CH_SWITCH_NORMAL;
1155 	else if (phy->mt76->hw->conf.flags & IEEE80211_CONF_OFFCHANNEL)
1156 		req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
1157 	else if (!cfg80211_reg_can_beacon(phy->mt76->hw->wiphy, chandef,
1158 					  NL80211_IFTYPE_AP))
1159 		req.switch_reason = CH_SWITCH_DFS;
1160 	else
1161 		req.switch_reason = CH_SWITCH_NORMAL;
1162 
1163 	if (tag == UNI_CHANNEL_SWITCH)
1164 		req.rx_path = hweight8(req.rx_path);
1165 
1166 	if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
1167 		int freq2 = chandef->center_freq2;
1168 
1169 		req.center_ch2 = ieee80211_frequency_to_channel(freq2);
1170 	}
1171 
1172 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(CHANNEL_SWITCH),
1173 				 &req, sizeof(req), true);
1174 }
1175 
1176 int mt7925_mcu_set_eeprom(struct mt792x_dev *dev)
1177 {
1178 	struct {
1179 		u8 _rsv[4];
1180 
1181 		__le16 tag;
1182 		__le16 len;
1183 		u8 buffer_mode;
1184 		u8 format;
1185 		__le16 buf_len;
1186 	} __packed req = {
1187 		.tag = cpu_to_le16(UNI_EFUSE_BUFFER_MODE),
1188 		.len = cpu_to_le16(sizeof(req) - 4),
1189 		.buffer_mode = EE_MODE_EFUSE,
1190 		.format = EE_FORMAT_WHOLE
1191 	};
1192 
1193 	return mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(EFUSE_CTRL),
1194 					 &req, sizeof(req), false, NULL);
1195 }
1196 EXPORT_SYMBOL_GPL(mt7925_mcu_set_eeprom);
1197 
1198 int mt7925_mcu_uni_bss_ps(struct mt792x_dev *dev, struct ieee80211_vif *vif)
1199 {
1200 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1201 	struct {
1202 		struct {
1203 			u8 bss_idx;
1204 			u8 pad[3];
1205 		} __packed hdr;
1206 		struct ps_tlv {
1207 			__le16 tag;
1208 			__le16 len;
1209 			u8 ps_state; /* 0: device awake
1210 				      * 1: static power save
1211 				      * 2: dynamic power saving
1212 				      * 3: enter TWT power saving
1213 				      * 4: leave TWT power saving
1214 				      */
1215 			u8 pad[3];
1216 		} __packed ps;
1217 	} __packed ps_req = {
1218 		.hdr = {
1219 			.bss_idx = mvif->mt76.idx,
1220 		},
1221 		.ps = {
1222 			.tag = cpu_to_le16(UNI_BSS_INFO_PS),
1223 			.len = cpu_to_le16(sizeof(struct ps_tlv)),
1224 			.ps_state = vif->cfg.ps ? 2 : 0,
1225 		},
1226 	};
1227 
1228 	if (vif->type != NL80211_IFTYPE_STATION)
1229 		return -EOPNOTSUPP;
1230 
1231 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1232 				 &ps_req, sizeof(ps_req), true);
1233 }
1234 
1235 static int
1236 mt7925_mcu_uni_bss_bcnft(struct mt792x_dev *dev, struct ieee80211_vif *vif,
1237 			 bool enable)
1238 {
1239 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1240 	struct {
1241 		struct {
1242 			u8 bss_idx;
1243 			u8 pad[3];
1244 		} __packed hdr;
1245 		struct bcnft_tlv {
1246 			__le16 tag;
1247 			__le16 len;
1248 			__le16 bcn_interval;
1249 			u8 dtim_period;
1250 			u8 bmc_delivered_ac;
1251 			u8 bmc_triggered_ac;
1252 			u8 pad[3];
1253 		} __packed bcnft;
1254 	} __packed bcnft_req = {
1255 		.hdr = {
1256 			.bss_idx = mvif->mt76.idx,
1257 		},
1258 		.bcnft = {
1259 			.tag = cpu_to_le16(UNI_BSS_INFO_BCNFT),
1260 			.len = cpu_to_le16(sizeof(struct bcnft_tlv)),
1261 			.bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int),
1262 			.dtim_period = vif->bss_conf.dtim_period,
1263 		},
1264 	};
1265 
1266 	if (vif->type != NL80211_IFTYPE_STATION)
1267 		return 0;
1268 
1269 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1270 				 &bcnft_req, sizeof(bcnft_req), true);
1271 }
1272 
1273 int
1274 mt7925_mcu_set_bss_pm(struct mt792x_dev *dev, struct ieee80211_vif *vif,
1275 		      bool enable)
1276 {
1277 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1278 	struct {
1279 		struct {
1280 			u8 bss_idx;
1281 			u8 pad[3];
1282 		} __packed hdr;
1283 		struct bcnft_tlv {
1284 			__le16 tag;
1285 			__le16 len;
1286 			__le16 bcn_interval;
1287 			u8 dtim_period;
1288 			u8 bmc_delivered_ac;
1289 			u8 bmc_triggered_ac;
1290 			u8 pad[3];
1291 		} __packed enable;
1292 	} req = {
1293 		.hdr = {
1294 			.bss_idx = mvif->mt76.idx,
1295 		},
1296 		.enable = {
1297 			.tag = cpu_to_le16(UNI_BSS_INFO_BCNFT),
1298 			.len = cpu_to_le16(sizeof(struct bcnft_tlv)),
1299 			.dtim_period = vif->bss_conf.dtim_period,
1300 			.bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int),
1301 		},
1302 	};
1303 	struct {
1304 		struct {
1305 			u8 bss_idx;
1306 			u8 pad[3];
1307 		} __packed hdr;
1308 		struct pm_disable {
1309 			__le16 tag;
1310 			__le16 len;
1311 		} __packed disable;
1312 	} req1 = {
1313 		.hdr = {
1314 			.bss_idx = mvif->mt76.idx,
1315 		},
1316 		.disable = {
1317 			.tag = cpu_to_le16(UNI_BSS_INFO_PM_DISABLE),
1318 			.len = cpu_to_le16(sizeof(struct pm_disable))
1319 		},
1320 	};
1321 	int err;
1322 
1323 	err = mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1324 				&req1, sizeof(req1), false);
1325 	if (err < 0 || !enable)
1326 		return err;
1327 
1328 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1329 				 &req, sizeof(req), false);
1330 }
1331 
1332 static void
1333 mt7925_mcu_sta_he_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1334 {
1335 	if (!sta->deflink.he_cap.has_he)
1336 		return;
1337 
1338 	mt76_connac_mcu_sta_he_tlv_v2(skb, sta);
1339 }
1340 
1341 static void
1342 mt7925_mcu_sta_he_6g_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1343 {
1344 	struct sta_rec_he_6g_capa *he_6g;
1345 	struct tlv *tlv;
1346 
1347 	if (!sta->deflink.he_6ghz_capa.capa)
1348 		return;
1349 
1350 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HE_6G, sizeof(*he_6g));
1351 
1352 	he_6g = (struct sta_rec_he_6g_capa *)tlv;
1353 	he_6g->capa = sta->deflink.he_6ghz_capa.capa;
1354 }
1355 
1356 static void
1357 mt7925_mcu_sta_eht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1358 {
1359 	struct ieee80211_eht_mcs_nss_supp *mcs_map;
1360 	struct ieee80211_eht_cap_elem_fixed *elem;
1361 	struct sta_rec_eht *eht;
1362 	struct tlv *tlv;
1363 
1364 	if (!sta->deflink.eht_cap.has_eht)
1365 		return;
1366 
1367 	mcs_map = &sta->deflink.eht_cap.eht_mcs_nss_supp;
1368 	elem = &sta->deflink.eht_cap.eht_cap_elem;
1369 
1370 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_EHT, sizeof(*eht));
1371 
1372 	eht = (struct sta_rec_eht *)tlv;
1373 	eht->tid_bitmap = 0xff;
1374 	eht->mac_cap = cpu_to_le16(*(u16 *)elem->mac_cap_info);
1375 	eht->phy_cap = cpu_to_le64(*(u64 *)elem->phy_cap_info);
1376 	eht->phy_cap_ext = cpu_to_le64(elem->phy_cap_info[8]);
1377 
1378 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
1379 		memcpy(eht->mcs_map_bw20, &mcs_map->only_20mhz, sizeof(eht->mcs_map_bw20));
1380 	memcpy(eht->mcs_map_bw80, &mcs_map->bw._80, sizeof(eht->mcs_map_bw80));
1381 	memcpy(eht->mcs_map_bw160, &mcs_map->bw._160, sizeof(eht->mcs_map_bw160));
1382 }
1383 
1384 static void
1385 mt7925_mcu_sta_ht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1386 {
1387 	struct sta_rec_ht *ht;
1388 	struct tlv *tlv;
1389 
1390 	if (!sta->deflink.ht_cap.ht_supported)
1391 		return;
1392 
1393 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
1394 
1395 	ht = (struct sta_rec_ht *)tlv;
1396 	ht->ht_cap = cpu_to_le16(sta->deflink.ht_cap.cap);
1397 }
1398 
1399 static void
1400 mt7925_mcu_sta_vht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1401 {
1402 	struct sta_rec_vht *vht;
1403 	struct tlv *tlv;
1404 
1405 	/* For 6G band, this tlv is necessary to let hw work normally */
1406 	if (!sta->deflink.he_6ghz_capa.capa && !sta->deflink.vht_cap.vht_supported)
1407 		return;
1408 
1409 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
1410 
1411 	vht = (struct sta_rec_vht *)tlv;
1412 	vht->vht_cap = cpu_to_le32(sta->deflink.vht_cap.cap);
1413 	vht->vht_rx_mcs_map = sta->deflink.vht_cap.vht_mcs.rx_mcs_map;
1414 	vht->vht_tx_mcs_map = sta->deflink.vht_cap.vht_mcs.tx_mcs_map;
1415 }
1416 
1417 static void
1418 mt7925_mcu_sta_amsdu_tlv(struct sk_buff *skb,
1419 			 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1420 {
1421 	struct mt792x_sta *msta = (struct mt792x_sta *)sta->drv_priv;
1422 	struct sta_rec_amsdu *amsdu;
1423 	struct tlv *tlv;
1424 
1425 	if (vif->type != NL80211_IFTYPE_STATION &&
1426 	    vif->type != NL80211_IFTYPE_AP)
1427 		return;
1428 
1429 	if (!sta->deflink.agg.max_amsdu_len)
1430 		return;
1431 
1432 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HW_AMSDU, sizeof(*amsdu));
1433 	amsdu = (struct sta_rec_amsdu *)tlv;
1434 	amsdu->max_amsdu_num = 8;
1435 	amsdu->amsdu_en = true;
1436 	msta->wcid.amsdu = true;
1437 
1438 	switch (sta->deflink.agg.max_amsdu_len) {
1439 	case IEEE80211_MAX_MPDU_LEN_VHT_11454:
1440 		amsdu->max_mpdu_size =
1441 			IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454;
1442 		return;
1443 	case IEEE80211_MAX_MPDU_LEN_HT_7935:
1444 	case IEEE80211_MAX_MPDU_LEN_VHT_7991:
1445 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991;
1446 		return;
1447 	default:
1448 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895;
1449 		return;
1450 	}
1451 }
1452 
1453 static void
1454 mt7925_mcu_sta_phy_tlv(struct sk_buff *skb,
1455 		       struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1456 {
1457 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1458 	struct cfg80211_chan_def *chandef = &mvif->mt76.ctx->def;
1459 	struct sta_rec_phy *phy;
1460 	struct tlv *tlv;
1461 	u8 af = 0, mm = 0;
1462 
1463 	if (!sta->deflink.ht_cap.ht_supported && !sta->deflink.he_6ghz_capa.capa)
1464 		return;
1465 
1466 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_PHY, sizeof(*phy));
1467 	phy = (struct sta_rec_phy *)tlv;
1468 	phy->phy_type = mt76_connac_get_phy_mode_v2(mvif->phy->mt76, vif, chandef->chan->band, sta);
1469 	if (sta->deflink.ht_cap.ht_supported) {
1470 		af = sta->deflink.ht_cap.ampdu_factor;
1471 		mm = sta->deflink.ht_cap.ampdu_density;
1472 	}
1473 
1474 	if (sta->deflink.vht_cap.vht_supported) {
1475 		u8 vht_af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
1476 				      sta->deflink.vht_cap.cap);
1477 
1478 		af = max_t(u8, af, vht_af);
1479 	}
1480 
1481 	if (sta->deflink.he_6ghz_capa.capa) {
1482 		af = le16_get_bits(sta->deflink.he_6ghz_capa.capa,
1483 				   IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP);
1484 		mm = le16_get_bits(sta->deflink.he_6ghz_capa.capa,
1485 				   IEEE80211_HE_6GHZ_CAP_MIN_MPDU_START);
1486 	}
1487 
1488 	phy->ampdu = FIELD_PREP(IEEE80211_HT_AMPDU_PARM_FACTOR, af) |
1489 		     FIELD_PREP(IEEE80211_HT_AMPDU_PARM_DENSITY, mm);
1490 	phy->max_ampdu_len = af;
1491 }
1492 
1493 static void
1494 mt7925_mcu_sta_state_v2_tlv(struct mt76_phy *mphy, struct sk_buff *skb,
1495 			    struct ieee80211_sta *sta,
1496 			    struct ieee80211_vif *vif,
1497 			    u8 rcpi, u8 sta_state)
1498 {
1499 	struct sta_rec_state_v2 {
1500 		__le16 tag;
1501 		__le16 len;
1502 		u8 state;
1503 		u8 rsv[3];
1504 		__le32 flags;
1505 		u8 vht_opmode;
1506 		u8 action;
1507 		u8 rsv2[2];
1508 	} __packed * state;
1509 	struct tlv *tlv;
1510 
1511 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_STATE, sizeof(*state));
1512 	state = (struct sta_rec_state_v2 *)tlv;
1513 	state->state = sta_state;
1514 
1515 	if (sta->deflink.vht_cap.vht_supported) {
1516 		state->vht_opmode = sta->deflink.bandwidth;
1517 		state->vht_opmode |= sta->deflink.rx_nss <<
1518 			IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
1519 	}
1520 }
1521 
1522 static void
1523 mt7925_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb,
1524 			     struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1525 {
1526 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1527 	struct cfg80211_chan_def *chandef = &mvif->mt76.ctx->def;
1528 	enum nl80211_band band = chandef->chan->band;
1529 	struct sta_rec_ra_info *ra_info;
1530 	struct tlv *tlv;
1531 	u16 supp_rates;
1532 
1533 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA, sizeof(*ra_info));
1534 	ra_info = (struct sta_rec_ra_info *)tlv;
1535 
1536 	supp_rates = sta->deflink.supp_rates[band];
1537 	if (band == NL80211_BAND_2GHZ)
1538 		supp_rates = FIELD_PREP(RA_LEGACY_OFDM, supp_rates >> 4) |
1539 			     FIELD_PREP(RA_LEGACY_CCK, supp_rates & 0xf);
1540 	else
1541 		supp_rates = FIELD_PREP(RA_LEGACY_OFDM, supp_rates);
1542 
1543 	ra_info->legacy = cpu_to_le16(supp_rates);
1544 
1545 	if (sta->deflink.ht_cap.ht_supported)
1546 		memcpy(ra_info->rx_mcs_bitmask,
1547 		       sta->deflink.ht_cap.mcs.rx_mask,
1548 		       HT_MCS_MASK_NUM);
1549 }
1550 
1551 static void
1552 mt7925_mcu_sta_mld_tlv(struct sk_buff *skb,
1553 		       struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1554 {
1555 	struct mt76_wcid *wcid = (struct mt76_wcid *)sta->drv_priv;
1556 	struct sta_rec_mld *mld;
1557 	struct tlv *tlv;
1558 
1559 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_MLD, sizeof(*mld));
1560 	mld = (struct sta_rec_mld *)tlv;
1561 	memcpy(mld->mac_addr, vif->addr, ETH_ALEN);
1562 	mld->primary_id = cpu_to_le16(wcid->idx);
1563 	mld->wlan_id = cpu_to_le16(wcid->idx);
1564 
1565 	/* TODO: 0 means deflink only, add secondary link(1) later */
1566 	mld->link_num = !!(hweight8(vif->active_links) > 1);
1567 	WARN_ON_ONCE(mld->link_num);
1568 }
1569 
1570 static int
1571 mt7925_mcu_sta_cmd(struct mt76_phy *phy,
1572 		   struct mt76_sta_cmd_info *info)
1573 {
1574 	struct mt76_vif *mvif = (struct mt76_vif *)info->vif->drv_priv;
1575 	struct mt76_dev *dev = phy->dev;
1576 	struct wtbl_req_hdr *wtbl_hdr;
1577 	struct tlv *sta_wtbl;
1578 	struct sk_buff *skb;
1579 
1580 	skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, info->wcid,
1581 					      MT7925_STA_UPDATE_MAX_SIZE);
1582 	if (IS_ERR(skb))
1583 		return PTR_ERR(skb);
1584 
1585 	if (info->sta || !info->offload_fw)
1586 		mt76_connac_mcu_sta_basic_tlv(dev, skb, info->vif, info->sta,
1587 					      info->enable, info->newly);
1588 	if (info->sta && info->enable) {
1589 		mt7925_mcu_sta_phy_tlv(skb, info->vif, info->sta);
1590 		mt7925_mcu_sta_ht_tlv(skb, info->sta);
1591 		mt7925_mcu_sta_vht_tlv(skb, info->sta);
1592 		mt76_connac_mcu_sta_uapsd(skb, info->vif, info->sta);
1593 		mt7925_mcu_sta_amsdu_tlv(skb, info->vif, info->sta);
1594 		mt7925_mcu_sta_he_tlv(skb, info->sta);
1595 		mt7925_mcu_sta_he_6g_tlv(skb, info->sta);
1596 		mt7925_mcu_sta_eht_tlv(skb, info->sta);
1597 		mt7925_mcu_sta_rate_ctrl_tlv(skb, info->vif, info->sta);
1598 		mt7925_mcu_sta_state_v2_tlv(phy, skb, info->sta,
1599 					    info->vif, info->rcpi,
1600 					    info->state);
1601 		mt7925_mcu_sta_hdr_trans_tlv(skb, info->vif, info->sta);
1602 		mt7925_mcu_sta_mld_tlv(skb, info->vif, info->sta);
1603 	}
1604 
1605 	sta_wtbl = mt76_connac_mcu_add_tlv(skb, STA_REC_WTBL,
1606 					   sizeof(struct tlv));
1607 
1608 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(dev, info->wcid,
1609 						  WTBL_RESET_AND_SET,
1610 						  sta_wtbl, &skb);
1611 	if (IS_ERR(wtbl_hdr))
1612 		return PTR_ERR(wtbl_hdr);
1613 
1614 	if (info->enable) {
1615 		mt76_connac_mcu_wtbl_generic_tlv(dev, skb, info->vif,
1616 						 info->sta, sta_wtbl,
1617 						 wtbl_hdr);
1618 		mt76_connac_mcu_wtbl_hdr_trans_tlv(skb, info->vif, info->wcid,
1619 						   sta_wtbl, wtbl_hdr);
1620 		if (info->sta)
1621 			mt76_connac_mcu_wtbl_ht_tlv(dev, skb, info->sta,
1622 						    sta_wtbl, wtbl_hdr,
1623 						    true, true);
1624 	}
1625 
1626 	return mt76_mcu_skb_send_msg(dev, skb, info->cmd, true);
1627 }
1628 
1629 int mt7925_mcu_sta_update(struct mt792x_dev *dev, struct ieee80211_sta *sta,
1630 			  struct ieee80211_vif *vif, bool enable,
1631 			  enum mt76_sta_info_state state)
1632 {
1633 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1634 	int rssi = -ewma_rssi_read(&mvif->rssi);
1635 	struct mt76_sta_cmd_info info = {
1636 		.sta = sta,
1637 		.vif = vif,
1638 		.enable = enable,
1639 		.cmd = MCU_UNI_CMD(STA_REC_UPDATE),
1640 		.state = state,
1641 		.offload_fw = true,
1642 		.rcpi = to_rcpi(rssi),
1643 	};
1644 	struct mt792x_sta *msta;
1645 
1646 	msta = sta ? (struct mt792x_sta *)sta->drv_priv : NULL;
1647 	info.wcid = msta ? &msta->wcid : &mvif->sta.wcid;
1648 	info.newly = msta ? state != MT76_STA_INFO_STATE_ASSOC : true;
1649 
1650 	return mt7925_mcu_sta_cmd(&dev->mphy, &info);
1651 }
1652 
1653 int mt7925_mcu_set_beacon_filter(struct mt792x_dev *dev,
1654 				 struct ieee80211_vif *vif,
1655 				 bool enable)
1656 {
1657 #define MT7925_FIF_BIT_CLR		BIT(1)
1658 #define MT7925_FIF_BIT_SET		BIT(0)
1659 	int err = 0;
1660 
1661 	if (enable) {
1662 		err = mt7925_mcu_uni_bss_bcnft(dev, vif, true);
1663 		if (err)
1664 			return err;
1665 
1666 		return mt7925_mcu_set_rxfilter(dev, 0,
1667 					       MT7925_FIF_BIT_SET,
1668 					       MT_WF_RFCR_DROP_OTHER_BEACON);
1669 	}
1670 
1671 	err = mt7925_mcu_set_bss_pm(dev, vif, false);
1672 	if (err)
1673 		return err;
1674 
1675 	return mt7925_mcu_set_rxfilter(dev, 0,
1676 				       MT7925_FIF_BIT_CLR,
1677 				       MT_WF_RFCR_DROP_OTHER_BEACON);
1678 }
1679 
1680 int mt7925_get_txpwr_info(struct mt792x_dev *dev, u8 band_idx, struct mt7925_txpwr *txpwr)
1681 {
1682 #define TX_POWER_SHOW_INFO 0x7
1683 #define TXPOWER_ALL_RATE_POWER_INFO 0x2
1684 	struct mt7925_txpwr_event *event;
1685 	struct mt7925_txpwr_req req = {
1686 		.tag = cpu_to_le16(TX_POWER_SHOW_INFO),
1687 		.len = cpu_to_le16(sizeof(req) - 4),
1688 		.catg = TXPOWER_ALL_RATE_POWER_INFO,
1689 		.band_idx = band_idx,
1690 	};
1691 	struct sk_buff *skb;
1692 	int ret;
1693 
1694 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(TXPOWER),
1695 					&req, sizeof(req), true, &skb);
1696 	if (ret)
1697 		return ret;
1698 
1699 	event = (struct mt7925_txpwr_event *)skb->data;
1700 	memcpy(txpwr, &event->txpwr, sizeof(event->txpwr));
1701 
1702 	dev_kfree_skb(skb);
1703 
1704 	return 0;
1705 }
1706 
1707 int mt7925_mcu_set_sniffer(struct mt792x_dev *dev, struct ieee80211_vif *vif,
1708 			   bool enable)
1709 {
1710 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1711 
1712 	struct {
1713 		struct {
1714 			u8 band_idx;
1715 			u8 pad[3];
1716 		} __packed hdr;
1717 		struct sniffer_enable_tlv {
1718 			__le16 tag;
1719 			__le16 len;
1720 			u8 enable;
1721 			u8 pad[3];
1722 		} __packed enable;
1723 	} __packed req = {
1724 		.hdr = {
1725 			.band_idx = mvif->mt76.band_idx,
1726 		},
1727 		.enable = {
1728 			.tag = cpu_to_le16(UNI_SNIFFER_ENABLE),
1729 			.len = cpu_to_le16(sizeof(struct sniffer_enable_tlv)),
1730 			.enable = enable,
1731 		},
1732 	};
1733 
1734 	mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(SNIFFER), &req, sizeof(req), true);
1735 
1736 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(SNIFFER), &req, sizeof(req),
1737 				 true);
1738 }
1739 
1740 int mt7925_mcu_config_sniffer(struct mt792x_vif *vif,
1741 			      struct ieee80211_chanctx_conf *ctx)
1742 {
1743 	struct mt76_phy *mphy = vif->phy->mt76;
1744 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def : &mphy->chandef;
1745 	int freq1 = chandef->center_freq1, freq2 = chandef->center_freq2;
1746 
1747 	const u8 ch_band[] = {
1748 		[NL80211_BAND_2GHZ] = 1,
1749 		[NL80211_BAND_5GHZ] = 2,
1750 		[NL80211_BAND_6GHZ] = 3,
1751 	};
1752 	const u8 ch_width[] = {
1753 		[NL80211_CHAN_WIDTH_20_NOHT] = 0,
1754 		[NL80211_CHAN_WIDTH_20] = 0,
1755 		[NL80211_CHAN_WIDTH_40] = 0,
1756 		[NL80211_CHAN_WIDTH_80] = 1,
1757 		[NL80211_CHAN_WIDTH_160] = 2,
1758 		[NL80211_CHAN_WIDTH_80P80] = 3,
1759 		[NL80211_CHAN_WIDTH_5] = 4,
1760 		[NL80211_CHAN_WIDTH_10] = 5,
1761 		[NL80211_CHAN_WIDTH_320] = 6,
1762 	};
1763 
1764 	struct {
1765 		struct {
1766 			u8 band_idx;
1767 			u8 pad[3];
1768 		} __packed hdr;
1769 		struct config_tlv {
1770 			__le16 tag;
1771 			__le16 len;
1772 			u16 aid;
1773 			u8 ch_band;
1774 			u8 bw;
1775 			u8 control_ch;
1776 			u8 sco;
1777 			u8 center_ch;
1778 			u8 center_ch2;
1779 			u8 drop_err;
1780 			u8 pad[3];
1781 		} __packed tlv;
1782 	} __packed req = {
1783 		.hdr = {
1784 			.band_idx = vif->mt76.band_idx,
1785 		},
1786 		.tlv = {
1787 			.tag = cpu_to_le16(UNI_SNIFFER_CONFIG),
1788 			.len = cpu_to_le16(sizeof(req.tlv)),
1789 			.control_ch = chandef->chan->hw_value,
1790 			.center_ch = ieee80211_frequency_to_channel(freq1),
1791 			.drop_err = 1,
1792 		},
1793 	};
1794 
1795 	if (chandef->chan->band < ARRAY_SIZE(ch_band))
1796 		req.tlv.ch_band = ch_band[chandef->chan->band];
1797 	if (chandef->width < ARRAY_SIZE(ch_width))
1798 		req.tlv.bw = ch_width[chandef->width];
1799 
1800 	if (freq2)
1801 		req.tlv.center_ch2 = ieee80211_frequency_to_channel(freq2);
1802 
1803 	if (req.tlv.control_ch < req.tlv.center_ch)
1804 		req.tlv.sco = 1; /* SCA */
1805 	else if (req.tlv.control_ch > req.tlv.center_ch)
1806 		req.tlv.sco = 3; /* SCB */
1807 
1808 	return mt76_mcu_send_msg(mphy->dev, MCU_UNI_CMD(SNIFFER),
1809 				 &req, sizeof(req), true);
1810 }
1811 
1812 int
1813 mt7925_mcu_uni_add_beacon_offload(struct mt792x_dev *dev,
1814 				  struct ieee80211_hw *hw,
1815 				  struct ieee80211_vif *vif,
1816 				  bool enable)
1817 {
1818 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1819 	struct ieee80211_mutable_offsets offs;
1820 	struct {
1821 		struct req_hdr {
1822 			u8 bss_idx;
1823 			u8 pad[3];
1824 		} __packed hdr;
1825 		struct bcn_content_tlv {
1826 			__le16 tag;
1827 			__le16 len;
1828 			__le16 tim_ie_pos;
1829 			__le16 csa_ie_pos;
1830 			__le16 bcc_ie_pos;
1831 			/* 0: disable beacon offload
1832 			 * 1: enable beacon offload
1833 			 * 2: update probe respond offload
1834 			 */
1835 			u8 enable;
1836 			/* 0: legacy format (TXD + payload)
1837 			 * 1: only cap field IE
1838 			 */
1839 			u8 type;
1840 			__le16 pkt_len;
1841 			u8 pkt[512];
1842 		} __packed beacon_tlv;
1843 	} req = {
1844 		.hdr = {
1845 			.bss_idx = mvif->mt76.idx,
1846 		},
1847 		.beacon_tlv = {
1848 			.tag = cpu_to_le16(UNI_BSS_INFO_BCN_CONTENT),
1849 			.len = cpu_to_le16(sizeof(struct bcn_content_tlv)),
1850 			.enable = enable,
1851 			.type = 1,
1852 		},
1853 	};
1854 	struct sk_buff *skb;
1855 	u8 cap_offs;
1856 
1857 	/* support enable/update process only
1858 	 * disable flow would be handled in bss stop handler automatically
1859 	 */
1860 	if (!enable)
1861 		return -EOPNOTSUPP;
1862 
1863 	skb = ieee80211_beacon_get_template(mt76_hw(dev), vif, &offs, 0);
1864 	if (!skb)
1865 		return -EINVAL;
1866 
1867 	cap_offs = offsetof(struct ieee80211_mgmt, u.beacon.capab_info);
1868 	if (!skb_pull(skb, cap_offs)) {
1869 		dev_err(dev->mt76.dev, "beacon format err\n");
1870 		dev_kfree_skb(skb);
1871 		return -EINVAL;
1872 	}
1873 
1874 	if (skb->len > 512) {
1875 		dev_err(dev->mt76.dev, "beacon size limit exceed\n");
1876 		dev_kfree_skb(skb);
1877 		return -EINVAL;
1878 	}
1879 
1880 	memcpy(req.beacon_tlv.pkt, skb->data, skb->len);
1881 	req.beacon_tlv.pkt_len = cpu_to_le16(skb->len);
1882 	offs.tim_offset -= cap_offs;
1883 	req.beacon_tlv.tim_ie_pos = cpu_to_le16(offs.tim_offset);
1884 
1885 	if (offs.cntdwn_counter_offs[0]) {
1886 		u16 csa_offs;
1887 
1888 		csa_offs = offs.cntdwn_counter_offs[0] - cap_offs - 4;
1889 		req.beacon_tlv.csa_ie_pos = cpu_to_le16(csa_offs);
1890 	}
1891 	dev_kfree_skb(skb);
1892 
1893 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1894 				 &req, sizeof(req), true);
1895 }
1896 
1897 int mt7925_mcu_set_chctx(struct mt76_phy *phy, struct mt76_vif *mvif,
1898 			 struct ieee80211_chanctx_conf *ctx)
1899 {
1900 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def : &phy->chandef;
1901 	int freq1 = chandef->center_freq1, freq2 = chandef->center_freq2;
1902 	enum nl80211_band band = chandef->chan->band;
1903 	struct mt76_dev *mdev = phy->dev;
1904 	struct {
1905 		struct {
1906 			u8 bss_idx;
1907 			u8 pad[3];
1908 		} __packed hdr;
1909 		struct rlm_tlv {
1910 			__le16 tag;
1911 			__le16 len;
1912 			u8 control_channel;
1913 			u8 center_chan;
1914 			u8 center_chan2;
1915 			u8 bw;
1916 			u8 tx_streams;
1917 			u8 rx_streams;
1918 			u8 ht_op_info;
1919 			u8 sco;
1920 			u8 band;
1921 			u8 pad[3];
1922 		} __packed rlm;
1923 	} __packed rlm_req = {
1924 		.hdr = {
1925 			.bss_idx = mvif->idx,
1926 		},
1927 		.rlm = {
1928 			.tag = cpu_to_le16(UNI_BSS_INFO_RLM),
1929 			.len = cpu_to_le16(sizeof(struct rlm_tlv)),
1930 			.control_channel = chandef->chan->hw_value,
1931 			.center_chan = ieee80211_frequency_to_channel(freq1),
1932 			.center_chan2 = ieee80211_frequency_to_channel(freq2),
1933 			.tx_streams = hweight8(phy->antenna_mask),
1934 			.ht_op_info = 4, /* set HT 40M allowed */
1935 			.rx_streams = hweight8(phy->antenna_mask),
1936 			.band = band,
1937 		},
1938 	};
1939 
1940 	switch (chandef->width) {
1941 	case NL80211_CHAN_WIDTH_40:
1942 		rlm_req.rlm.bw = CMD_CBW_40MHZ;
1943 		break;
1944 	case NL80211_CHAN_WIDTH_80:
1945 		rlm_req.rlm.bw = CMD_CBW_80MHZ;
1946 		break;
1947 	case NL80211_CHAN_WIDTH_80P80:
1948 		rlm_req.rlm.bw = CMD_CBW_8080MHZ;
1949 		break;
1950 	case NL80211_CHAN_WIDTH_160:
1951 		rlm_req.rlm.bw = CMD_CBW_160MHZ;
1952 		break;
1953 	case NL80211_CHAN_WIDTH_5:
1954 		rlm_req.rlm.bw = CMD_CBW_5MHZ;
1955 		break;
1956 	case NL80211_CHAN_WIDTH_10:
1957 		rlm_req.rlm.bw = CMD_CBW_10MHZ;
1958 		break;
1959 	case NL80211_CHAN_WIDTH_20_NOHT:
1960 	case NL80211_CHAN_WIDTH_20:
1961 	default:
1962 		rlm_req.rlm.bw = CMD_CBW_20MHZ;
1963 		rlm_req.rlm.ht_op_info = 0;
1964 		break;
1965 	}
1966 
1967 	if (rlm_req.rlm.control_channel < rlm_req.rlm.center_chan)
1968 		rlm_req.rlm.sco = 1; /* SCA */
1969 	else if (rlm_req.rlm.control_channel > rlm_req.rlm.center_chan)
1970 		rlm_req.rlm.sco = 3; /* SCB */
1971 
1972 	return mt76_mcu_send_msg(mdev, MCU_UNI_CMD(BSS_INFO_UPDATE), &rlm_req,
1973 				 sizeof(rlm_req), true);
1974 }
1975 
1976 static struct sk_buff *
1977 __mt7925_mcu_alloc_bss_req(struct mt76_dev *dev, struct mt76_vif *mvif, int len)
1978 {
1979 	struct bss_req_hdr hdr = {
1980 		.bss_idx = mvif->idx,
1981 	};
1982 	struct sk_buff *skb;
1983 
1984 	skb = mt76_mcu_msg_alloc(dev, NULL, len);
1985 	if (!skb)
1986 		return ERR_PTR(-ENOMEM);
1987 
1988 	skb_put_data(skb, &hdr, sizeof(hdr));
1989 
1990 	return skb;
1991 }
1992 
1993 static u8
1994 mt7925_get_phy_mode_ext(struct mt76_phy *phy, struct ieee80211_vif *vif,
1995 			enum nl80211_band band, struct ieee80211_sta *sta)
1996 {
1997 	struct ieee80211_he_6ghz_capa *he_6ghz_capa;
1998 	const struct ieee80211_sta_eht_cap *eht_cap;
1999 	__le16 capa = 0;
2000 	u8 mode = 0;
2001 
2002 	if (sta) {
2003 		he_6ghz_capa = &sta->deflink.he_6ghz_capa;
2004 		eht_cap = &sta->deflink.eht_cap;
2005 	} else {
2006 		struct ieee80211_supported_band *sband;
2007 
2008 		sband = phy->hw->wiphy->bands[band];
2009 		capa = ieee80211_get_he_6ghz_capa(sband, vif->type);
2010 		he_6ghz_capa = (struct ieee80211_he_6ghz_capa *)&capa;
2011 
2012 		eht_cap = ieee80211_get_eht_iftype_cap(sband, vif->type);
2013 	}
2014 
2015 	switch (band) {
2016 	case NL80211_BAND_2GHZ:
2017 		if (eht_cap && eht_cap->has_eht)
2018 			mode |= PHY_MODE_BE_24G;
2019 		break;
2020 	case NL80211_BAND_5GHZ:
2021 		if (eht_cap && eht_cap->has_eht)
2022 			mode |= PHY_MODE_BE_5G;
2023 		break;
2024 	case NL80211_BAND_6GHZ:
2025 		if (he_6ghz_capa && he_6ghz_capa->capa)
2026 			mode |= PHY_MODE_AX_6G;
2027 
2028 		if (eht_cap && eht_cap->has_eht)
2029 			mode |= PHY_MODE_BE_6G;
2030 		break;
2031 	default:
2032 		break;
2033 	}
2034 
2035 	return mode;
2036 }
2037 
2038 static void
2039 mt7925_mcu_bss_basic_tlv(struct sk_buff *skb,
2040 			 struct ieee80211_vif *vif,
2041 			 struct ieee80211_sta *sta,
2042 			 struct ieee80211_chanctx_conf *ctx,
2043 			 struct mt76_phy *phy, u16 wlan_idx,
2044 			 bool enable)
2045 {
2046 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
2047 	struct mt792x_sta *msta = sta ? (struct mt792x_sta *)sta->drv_priv :
2048 				  &mvif->sta;
2049 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def : &phy->chandef;
2050 	enum nl80211_band band = chandef->chan->band;
2051 	struct mt76_connac_bss_basic_tlv *basic_req;
2052 	u8 idx, basic_phy;
2053 	struct tlv *tlv;
2054 	int conn_type;
2055 
2056 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_BASIC, sizeof(*basic_req));
2057 	basic_req = (struct mt76_connac_bss_basic_tlv *)tlv;
2058 
2059 	idx = mvif->mt76.omac_idx > EXT_BSSID_START ? HW_BSSID_0 :
2060 						      mvif->mt76.omac_idx;
2061 	basic_req->hw_bss_idx = idx;
2062 
2063 	basic_req->phymode_ext = mt7925_get_phy_mode_ext(phy, vif, band, sta);
2064 
2065 	basic_phy = mt76_connac_get_phy_mode_v2(phy, vif, band, sta);
2066 	basic_req->nonht_basic_phy = cpu_to_le16(basic_phy);
2067 
2068 	memcpy(basic_req->bssid, vif->bss_conf.bssid, ETH_ALEN);
2069 	basic_req->phymode = mt76_connac_get_phy_mode(phy, vif, band, sta);
2070 	basic_req->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
2071 	basic_req->dtim_period = vif->bss_conf.dtim_period;
2072 	basic_req->bmc_tx_wlan_idx = cpu_to_le16(wlan_idx);
2073 	basic_req->sta_idx = cpu_to_le16(msta->wcid.idx);
2074 	basic_req->omac_idx = mvif->mt76.omac_idx;
2075 	basic_req->band_idx = mvif->mt76.band_idx;
2076 	basic_req->wmm_idx = mvif->mt76.wmm_idx;
2077 	basic_req->conn_state = !enable;
2078 
2079 	switch (vif->type) {
2080 	case NL80211_IFTYPE_MESH_POINT:
2081 	case NL80211_IFTYPE_AP:
2082 		if (vif->p2p)
2083 			conn_type = CONNECTION_P2P_GO;
2084 		else
2085 			conn_type = CONNECTION_INFRA_AP;
2086 		basic_req->conn_type = cpu_to_le32(conn_type);
2087 		basic_req->active = enable;
2088 		break;
2089 	case NL80211_IFTYPE_STATION:
2090 		if (vif->p2p)
2091 			conn_type = CONNECTION_P2P_GC;
2092 		else
2093 			conn_type = CONNECTION_INFRA_STA;
2094 		basic_req->conn_type = cpu_to_le32(conn_type);
2095 		basic_req->active = true;
2096 		break;
2097 	case NL80211_IFTYPE_ADHOC:
2098 		basic_req->conn_type = cpu_to_le32(CONNECTION_IBSS_ADHOC);
2099 		basic_req->active = true;
2100 		break;
2101 	default:
2102 		WARN_ON(1);
2103 		break;
2104 	}
2105 }
2106 
2107 static void
2108 mt7925_mcu_bss_sec_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
2109 {
2110 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2111 	struct bss_sec_tlv {
2112 		__le16 tag;
2113 		__le16 len;
2114 		u8 mode;
2115 		u8 status;
2116 		u8 cipher;
2117 		u8 __rsv;
2118 	} __packed * sec;
2119 	struct tlv *tlv;
2120 
2121 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_SEC, sizeof(*sec));
2122 	sec = (struct bss_sec_tlv *)tlv;
2123 
2124 	switch (mvif->cipher) {
2125 	case MCU_CIPHER_GCMP_256:
2126 	case MCU_CIPHER_GCMP:
2127 		sec->mode = MODE_WPA3_SAE;
2128 		sec->status = 8;
2129 		break;
2130 	case MCU_CIPHER_AES_CCMP:
2131 		sec->mode = MODE_WPA2_PSK;
2132 		sec->status = 6;
2133 		break;
2134 	case MCU_CIPHER_TKIP:
2135 		sec->mode = MODE_WPA2_PSK;
2136 		sec->status = 4;
2137 		break;
2138 	case MCU_CIPHER_WEP104:
2139 	case MCU_CIPHER_WEP40:
2140 		sec->mode = MODE_SHARED;
2141 		sec->status = 0;
2142 		break;
2143 	default:
2144 		sec->mode = MODE_OPEN;
2145 		sec->status = 1;
2146 		break;
2147 	}
2148 
2149 	sec->cipher = mvif->cipher;
2150 }
2151 
2152 static void
2153 mt7925_mcu_bss_bmc_tlv(struct sk_buff *skb, struct mt792x_phy *phy,
2154 		       struct ieee80211_chanctx_conf *ctx,
2155 			   struct ieee80211_vif *vif,
2156 			   struct ieee80211_sta *sta)
2157 {
2158 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def : &phy->mt76->chandef;
2159 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2160 	enum nl80211_band band = chandef->chan->band;
2161 	struct bss_rate_tlv *bmc;
2162 	struct tlv *tlv;
2163 	u8 idx = mvif->mcast_rates_idx ?
2164 		 mvif->mcast_rates_idx : mvif->basic_rates_idx;
2165 
2166 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_RATE, sizeof(*bmc));
2167 
2168 	bmc = (struct bss_rate_tlv *)tlv;
2169 
2170 	bmc->short_preamble = (band == NL80211_BAND_2GHZ);
2171 	bmc->bc_fixed_rate = idx;
2172 	bmc->mc_fixed_rate = idx;
2173 }
2174 
2175 static void
2176 mt7925_mcu_bss_mld_tlv(struct sk_buff *skb,
2177 		       struct ieee80211_vif *vif,
2178 		       struct ieee80211_sta *sta)
2179 {
2180 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
2181 	bool is_mld = ieee80211_vif_is_mld(vif);
2182 	struct bss_mld_tlv *mld;
2183 	struct tlv *tlv;
2184 
2185 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_MLD, sizeof(*mld));
2186 	mld = (struct bss_mld_tlv *)tlv;
2187 
2188 	mld->link_id = sta ? (is_mld ? vif->bss_conf.link_id : 0) : 0xff;
2189 	mld->group_mld_id = is_mld ? mvif->mt76.idx : 0xff;
2190 	mld->own_mld_id = mvif->mt76.idx + 32;
2191 	mld->remap_idx = 0xff;
2192 
2193 	if (sta)
2194 		memcpy(mld->mac_addr, sta->addr, ETH_ALEN);
2195 }
2196 
2197 static void
2198 mt7925_mcu_bss_qos_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
2199 {
2200 	struct mt76_connac_bss_qos_tlv *qos;
2201 	struct tlv *tlv;
2202 
2203 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_QBSS, sizeof(*qos));
2204 	qos = (struct mt76_connac_bss_qos_tlv *)tlv;
2205 	qos->qos = vif->bss_conf.qos;
2206 }
2207 
2208 static void
2209 mt7925_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
2210 		      struct mt792x_phy *phy)
2211 {
2212 #define DEFAULT_HE_PE_DURATION		4
2213 #define DEFAULT_HE_DURATION_RTS_THRES	1023
2214 	const struct ieee80211_sta_he_cap *cap;
2215 	struct bss_info_uni_he *he;
2216 	struct tlv *tlv;
2217 
2218 	cap = mt76_connac_get_he_phy_cap(phy->mt76, vif);
2219 
2220 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_HE_BASIC, sizeof(*he));
2221 
2222 	he = (struct bss_info_uni_he *)tlv;
2223 	he->he_pe_duration = vif->bss_conf.htc_trig_based_pkt_ext;
2224 	if (!he->he_pe_duration)
2225 		he->he_pe_duration = DEFAULT_HE_PE_DURATION;
2226 
2227 	he->he_rts_thres = cpu_to_le16(vif->bss_conf.frame_time_rts_th);
2228 	if (!he->he_rts_thres)
2229 		he->he_rts_thres = cpu_to_le16(DEFAULT_HE_DURATION_RTS_THRES);
2230 
2231 	he->max_nss_mcs[CMD_HE_MCS_BW80] = cap->he_mcs_nss_supp.tx_mcs_80;
2232 	he->max_nss_mcs[CMD_HE_MCS_BW160] = cap->he_mcs_nss_supp.tx_mcs_160;
2233 	he->max_nss_mcs[CMD_HE_MCS_BW8080] = cap->he_mcs_nss_supp.tx_mcs_80p80;
2234 }
2235 
2236 static void
2237 mt7925_mcu_bss_color_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
2238 			 bool enable)
2239 {
2240 	struct bss_info_uni_bss_color *color;
2241 	struct tlv *tlv;
2242 
2243 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_BSS_COLOR, sizeof(*color));
2244 	color = (struct bss_info_uni_bss_color *)tlv;
2245 
2246 	color->enable = enable ?
2247 		vif->bss_conf.he_bss_color.enabled : 0;
2248 	color->bss_color = enable ?
2249 		vif->bss_conf.he_bss_color.color : 0;
2250 }
2251 
2252 int mt7925_mcu_add_bss_info(struct mt792x_phy *phy,
2253 			    struct ieee80211_chanctx_conf *ctx,
2254 			    struct ieee80211_vif *vif,
2255 			    struct ieee80211_sta *sta,
2256 			    int enable)
2257 {
2258 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
2259 	struct mt792x_dev *dev = phy->dev;
2260 	struct sk_buff *skb;
2261 	int err;
2262 
2263 	skb = __mt7925_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76,
2264 					 MT7925_BSS_UPDATE_MAX_SIZE);
2265 	if (IS_ERR(skb))
2266 		return PTR_ERR(skb);
2267 
2268 	/* bss_basic must be first */
2269 	mt7925_mcu_bss_basic_tlv(skb, vif, sta, ctx, phy->mt76,
2270 				 mvif->sta.wcid.idx, enable);
2271 	mt7925_mcu_bss_sec_tlv(skb, vif);
2272 
2273 	mt7925_mcu_bss_bmc_tlv(skb, phy, ctx, vif, sta);
2274 	mt7925_mcu_bss_qos_tlv(skb, vif);
2275 	mt7925_mcu_bss_mld_tlv(skb, vif, sta);
2276 
2277 	if (vif->bss_conf.he_support) {
2278 		mt7925_mcu_bss_he_tlv(skb, vif, phy);
2279 		mt7925_mcu_bss_color_tlv(skb, vif, enable);
2280 	}
2281 
2282 	err = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2283 				    MCU_UNI_CMD(BSS_INFO_UPDATE), true);
2284 	if (err < 0)
2285 		return err;
2286 
2287 	return mt7925_mcu_set_chctx(phy->mt76, &mvif->mt76, ctx);
2288 }
2289 
2290 int mt7925_mcu_set_dbdc(struct mt76_phy *phy)
2291 {
2292 	struct mt76_dev *mdev = phy->dev;
2293 
2294 	struct mbmc_conf_tlv *conf;
2295 	struct mbmc_set_req *hdr;
2296 	struct sk_buff *skb;
2297 	struct tlv *tlv;
2298 	int max_len, err;
2299 
2300 	max_len = sizeof(*hdr) + sizeof(*conf);
2301 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2302 	if (!skb)
2303 		return -ENOMEM;
2304 
2305 	hdr = (struct mbmc_set_req *)skb_put(skb, sizeof(*hdr));
2306 
2307 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_MBMC_SETTING, sizeof(*conf));
2308 	conf = (struct mbmc_conf_tlv *)tlv;
2309 
2310 	conf->mbmc_en = 1;
2311 	conf->band = 0; /* unused */
2312 
2313 	err = mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SET_DBDC_PARMS),
2314 				    false);
2315 
2316 	return err;
2317 }
2318 
2319 #define MT76_CONNAC_SCAN_CHANNEL_TIME		60
2320 
2321 int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif,
2322 		       struct ieee80211_scan_request *scan_req)
2323 {
2324 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2325 	struct cfg80211_scan_request *sreq = &scan_req->req;
2326 	int n_ssids = 0, err, i, duration;
2327 	struct ieee80211_channel **scan_list = sreq->channels;
2328 	struct mt76_dev *mdev = phy->dev;
2329 	struct mt76_connac_mcu_scan_channel *chan;
2330 	struct sk_buff *skb;
2331 
2332 	struct scan_hdr_tlv *hdr;
2333 	struct scan_req_tlv *req;
2334 	struct scan_ssid_tlv *ssid;
2335 	struct scan_bssid_tlv *bssid;
2336 	struct scan_chan_info_tlv *chan_info;
2337 	struct scan_ie_tlv *ie;
2338 	struct scan_misc_tlv *misc;
2339 	struct tlv *tlv;
2340 	int max_len;
2341 
2342 	max_len = sizeof(*hdr) + sizeof(*req) + sizeof(*ssid) +
2343 				sizeof(*bssid) + sizeof(*chan_info) +
2344 				sizeof(*misc) + sizeof(*ie);
2345 
2346 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2347 	if (!skb)
2348 		return -ENOMEM;
2349 
2350 	set_bit(MT76_HW_SCANNING, &phy->state);
2351 	mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
2352 
2353 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
2354 	hdr->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
2355 	hdr->bss_idx = mvif->idx;
2356 
2357 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_REQ, sizeof(*req));
2358 	req = (struct scan_req_tlv *)tlv;
2359 	req->scan_type = sreq->n_ssids ? 1 : 0;
2360 	req->probe_req_num = sreq->n_ssids ? 2 : 0;
2361 
2362 	duration = MT76_CONNAC_SCAN_CHANNEL_TIME;
2363 	/* increase channel time for passive scan */
2364 	if (!sreq->n_ssids)
2365 		duration *= 2;
2366 	req->timeout_value = cpu_to_le16(sreq->n_channels * duration);
2367 	req->channel_min_dwell_time = cpu_to_le16(duration);
2368 	req->channel_dwell_time = cpu_to_le16(duration);
2369 
2370 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID, sizeof(*ssid));
2371 	ssid = (struct scan_ssid_tlv *)tlv;
2372 	for (i = 0; i < sreq->n_ssids; i++) {
2373 		if (!sreq->ssids[i].ssid_len)
2374 			continue;
2375 
2376 		ssid->ssids[i].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len);
2377 		memcpy(ssid->ssids[i].ssid, sreq->ssids[i].ssid,
2378 		       sreq->ssids[i].ssid_len);
2379 		n_ssids++;
2380 	}
2381 	ssid->ssid_type = n_ssids ? BIT(2) : BIT(0);
2382 	ssid->ssids_num = n_ssids;
2383 
2384 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_BSSID, sizeof(*bssid));
2385 	bssid = (struct scan_bssid_tlv *)tlv;
2386 
2387 	memcpy(bssid->bssid, sreq->bssid, ETH_ALEN);
2388 
2389 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_CHANNEL, sizeof(*chan_info));
2390 	chan_info = (struct scan_chan_info_tlv *)tlv;
2391 	chan_info->channels_num = min_t(u8, sreq->n_channels,
2392 					ARRAY_SIZE(chan_info->channels));
2393 	for (i = 0; i < chan_info->channels_num; i++) {
2394 		chan = &chan_info->channels[i];
2395 
2396 		switch (scan_list[i]->band) {
2397 		case NL80211_BAND_2GHZ:
2398 			chan->band = 1;
2399 			break;
2400 		case NL80211_BAND_6GHZ:
2401 			chan->band = 3;
2402 			break;
2403 		default:
2404 			chan->band = 2;
2405 			break;
2406 		}
2407 		chan->channel_num = scan_list[i]->hw_value;
2408 	}
2409 	chan_info->channel_type = sreq->n_channels ? 4 : 0;
2410 
2411 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie));
2412 	ie = (struct scan_ie_tlv *)tlv;
2413 	if (sreq->ie_len > 0) {
2414 		memcpy(ie->ies, sreq->ie, sreq->ie_len);
2415 		ie->ies_len = cpu_to_le16(sreq->ie_len);
2416 	}
2417 
2418 	req->scan_func |= SCAN_FUNC_SPLIT_SCAN;
2419 
2420 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_MISC, sizeof(*misc));
2421 	misc = (struct scan_misc_tlv *)tlv;
2422 	if (sreq->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
2423 		get_random_mask_addr(misc->random_mac, sreq->mac_addr,
2424 				     sreq->mac_addr_mask);
2425 		req->scan_func |= SCAN_FUNC_RANDOM_MAC;
2426 	}
2427 
2428 	err = mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
2429 				    false);
2430 	if (err < 0)
2431 		clear_bit(MT76_HW_SCANNING, &phy->state);
2432 
2433 	return err;
2434 }
2435 EXPORT_SYMBOL_GPL(mt7925_mcu_hw_scan);
2436 
2437 int mt7925_mcu_sched_scan_req(struct mt76_phy *phy,
2438 			      struct ieee80211_vif *vif,
2439 			      struct cfg80211_sched_scan_request *sreq)
2440 {
2441 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2442 	struct ieee80211_channel **scan_list = sreq->channels;
2443 	struct mt76_connac_mcu_scan_channel *chan;
2444 	struct mt76_dev *mdev = phy->dev;
2445 	struct cfg80211_match_set *cfg_match;
2446 	struct cfg80211_ssid *cfg_ssid;
2447 
2448 	struct scan_hdr_tlv *hdr;
2449 	struct scan_sched_req *req;
2450 	struct scan_ssid_tlv *ssid;
2451 	struct scan_chan_info_tlv *chan_info;
2452 	struct scan_ie_tlv *ie;
2453 	struct scan_sched_ssid_match_sets *match;
2454 	struct sk_buff *skb;
2455 	struct tlv *tlv;
2456 	int i, max_len;
2457 
2458 	max_len = sizeof(*hdr) + sizeof(*req) + sizeof(*ssid) +
2459 		  sizeof(*chan_info) + sizeof(*ie) +
2460 		  sizeof(*match);
2461 
2462 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2463 	if (!skb)
2464 		return -ENOMEM;
2465 
2466 	mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
2467 
2468 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
2469 	hdr->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
2470 	hdr->bss_idx = mvif->idx;
2471 
2472 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SCHED_REQ, sizeof(*req));
2473 	req = (struct scan_sched_req *)tlv;
2474 	req->version = 1;
2475 
2476 	if (sreq->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
2477 		req->scan_func |= SCAN_FUNC_RANDOM_MAC;
2478 
2479 	req->intervals_num = sreq->n_scan_plans;
2480 	for (i = 0; i < req->intervals_num; i++)
2481 		req->intervals[i] = cpu_to_le16(sreq->scan_plans[i].interval);
2482 
2483 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID, sizeof(*ssid));
2484 	ssid = (struct scan_ssid_tlv *)tlv;
2485 
2486 	ssid->ssids_num = sreq->n_ssids;
2487 	ssid->ssid_type = BIT(2);
2488 	for (i = 0; i < ssid->ssids_num; i++) {
2489 		cfg_ssid = &sreq->ssids[i];
2490 		memcpy(ssid->ssids[i].ssid, cfg_ssid->ssid, cfg_ssid->ssid_len);
2491 		ssid->ssids[i].ssid_len = cpu_to_le32(cfg_ssid->ssid_len);
2492 	}
2493 
2494 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID_MATCH_SETS, sizeof(*match));
2495 	match = (struct scan_sched_ssid_match_sets *)tlv;
2496 	match->match_num = sreq->n_match_sets;
2497 	for (i = 0; i < match->match_num; i++) {
2498 		cfg_match = &sreq->match_sets[i];
2499 		memcpy(match->match[i].ssid, cfg_match->ssid.ssid,
2500 		       cfg_match->ssid.ssid_len);
2501 		match->match[i].rssi_th = cpu_to_le32(cfg_match->rssi_thold);
2502 		match->match[i].ssid_len = cfg_match->ssid.ssid_len;
2503 	}
2504 
2505 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_CHANNEL, sizeof(*chan_info));
2506 	chan_info = (struct scan_chan_info_tlv *)tlv;
2507 	chan_info->channels_num = min_t(u8, sreq->n_channels,
2508 					ARRAY_SIZE(chan_info->channels));
2509 	for (i = 0; i < chan_info->channels_num; i++) {
2510 		chan = &chan_info->channels[i];
2511 
2512 		switch (scan_list[i]->band) {
2513 		case NL80211_BAND_2GHZ:
2514 			chan->band = 1;
2515 			break;
2516 		case NL80211_BAND_6GHZ:
2517 			chan->band = 3;
2518 			break;
2519 		default:
2520 			chan->band = 2;
2521 			break;
2522 		}
2523 		chan->channel_num = scan_list[i]->hw_value;
2524 	}
2525 	chan_info->channel_type = sreq->n_channels ? 4 : 0;
2526 
2527 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie));
2528 	ie = (struct scan_ie_tlv *)tlv;
2529 	if (sreq->ie_len > 0) {
2530 		memcpy(ie->ies, sreq->ie, sreq->ie_len);
2531 		ie->ies_len = cpu_to_le16(sreq->ie_len);
2532 	}
2533 
2534 	return mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
2535 				     false);
2536 }
2537 EXPORT_SYMBOL_GPL(mt7925_mcu_sched_scan_req);
2538 
2539 int
2540 mt7925_mcu_sched_scan_enable(struct mt76_phy *phy,
2541 			     struct ieee80211_vif *vif,
2542 			     bool enable)
2543 {
2544 	struct mt76_dev *mdev = phy->dev;
2545 	struct scan_sched_enable *req;
2546 	struct scan_hdr_tlv *hdr;
2547 	struct sk_buff *skb;
2548 	struct tlv *tlv;
2549 	int max_len;
2550 
2551 	max_len = sizeof(*hdr) + sizeof(*req);
2552 
2553 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2554 	if (!skb)
2555 		return -ENOMEM;
2556 
2557 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
2558 	hdr->seq_num = 0;
2559 	hdr->bss_idx = 0;
2560 
2561 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SCHED_ENABLE, sizeof(*req));
2562 	req = (struct scan_sched_enable *)tlv;
2563 	req->active = !enable;
2564 
2565 	if (enable)
2566 		set_bit(MT76_HW_SCHED_SCANNING, &phy->state);
2567 	else
2568 		clear_bit(MT76_HW_SCHED_SCANNING, &phy->state);
2569 
2570 	return mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
2571 				     false);
2572 }
2573 
2574 int mt7925_mcu_cancel_hw_scan(struct mt76_phy *phy,
2575 			      struct ieee80211_vif *vif)
2576 {
2577 	struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2578 	struct {
2579 		struct scan_hdr {
2580 			u8 seq_num;
2581 			u8 bss_idx;
2582 			u8 pad[2];
2583 		} __packed hdr;
2584 		struct scan_cancel_tlv {
2585 			__le16 tag;
2586 			__le16 len;
2587 			u8 is_ext_channel;
2588 			u8 rsv[3];
2589 		} __packed cancel;
2590 	} req = {
2591 		.hdr = {
2592 			.seq_num = mvif->scan_seq_num,
2593 			.bss_idx = mvif->idx,
2594 		},
2595 		.cancel = {
2596 			.tag = cpu_to_le16(UNI_SCAN_CANCEL),
2597 			.len = cpu_to_le16(sizeof(struct scan_cancel_tlv)),
2598 		},
2599 	};
2600 
2601 	if (test_and_clear_bit(MT76_HW_SCANNING, &phy->state)) {
2602 		struct cfg80211_scan_info info = {
2603 			.aborted = true,
2604 		};
2605 
2606 		ieee80211_scan_completed(phy->hw, &info);
2607 	}
2608 
2609 	return mt76_mcu_send_msg(phy->dev, MCU_UNI_CMD(SCAN_REQ),
2610 				 &req, sizeof(req), false);
2611 }
2612 EXPORT_SYMBOL_GPL(mt7925_mcu_cancel_hw_scan);
2613 
2614 int mt7925_mcu_set_channel_domain(struct mt76_phy *phy)
2615 {
2616 	int len, i, n_max_channels, n_2ch = 0, n_5ch = 0, n_6ch = 0;
2617 	struct {
2618 		struct {
2619 			u8 alpha2[4]; /* regulatory_request.alpha2 */
2620 			u8 bw_2g; /* BW_20_40M		0
2621 				   * BW_20M		1
2622 				   * BW_20_40_80M	2
2623 				   * BW_20_40_80_160M	3
2624 				   * BW_20_40_80_8080M	4
2625 				   */
2626 			u8 bw_5g;
2627 			u8 bw_6g;
2628 			u8 pad;
2629 		} __packed hdr;
2630 		struct n_chan {
2631 			__le16 tag;
2632 			__le16 len;
2633 			u8 n_2ch;
2634 			u8 n_5ch;
2635 			u8 n_6ch;
2636 			u8 pad;
2637 		} __packed n_ch;
2638 	} req = {
2639 		.hdr = {
2640 			.bw_2g = 0,
2641 			.bw_5g = 3, /* BW_20_40_80_160M */
2642 			.bw_6g = 3,
2643 		},
2644 		.n_ch = {
2645 			.tag = cpu_to_le16(2),
2646 		},
2647 	};
2648 	struct mt76_connac_mcu_chan {
2649 		__le16 hw_value;
2650 		__le16 pad;
2651 		__le32 flags;
2652 	} __packed channel;
2653 	struct mt76_dev *dev = phy->dev;
2654 	struct ieee80211_channel *chan;
2655 	struct sk_buff *skb;
2656 
2657 	n_max_channels = phy->sband_2g.sband.n_channels +
2658 			 phy->sband_5g.sband.n_channels +
2659 			 phy->sband_6g.sband.n_channels;
2660 	len = sizeof(req) + n_max_channels * sizeof(channel);
2661 
2662 	skb = mt76_mcu_msg_alloc(dev, NULL, len);
2663 	if (!skb)
2664 		return -ENOMEM;
2665 
2666 	skb_reserve(skb, sizeof(req));
2667 
2668 	for (i = 0; i < phy->sband_2g.sband.n_channels; i++) {
2669 		chan = &phy->sband_2g.sband.channels[i];
2670 		if (chan->flags & IEEE80211_CHAN_DISABLED)
2671 			continue;
2672 
2673 		channel.hw_value = cpu_to_le16(chan->hw_value);
2674 		channel.flags = cpu_to_le32(chan->flags);
2675 		channel.pad = 0;
2676 
2677 		skb_put_data(skb, &channel, sizeof(channel));
2678 		n_2ch++;
2679 	}
2680 	for (i = 0; i < phy->sband_5g.sband.n_channels; i++) {
2681 		chan = &phy->sband_5g.sband.channels[i];
2682 		if (chan->flags & IEEE80211_CHAN_DISABLED)
2683 			continue;
2684 
2685 		channel.hw_value = cpu_to_le16(chan->hw_value);
2686 		channel.flags = cpu_to_le32(chan->flags);
2687 		channel.pad = 0;
2688 
2689 		skb_put_data(skb, &channel, sizeof(channel));
2690 		n_5ch++;
2691 	}
2692 	for (i = 0; i < phy->sband_6g.sband.n_channels; i++) {
2693 		chan = &phy->sband_6g.sband.channels[i];
2694 		if (chan->flags & IEEE80211_CHAN_DISABLED)
2695 			continue;
2696 
2697 		channel.hw_value = cpu_to_le16(chan->hw_value);
2698 		channel.flags = cpu_to_le32(chan->flags);
2699 		channel.pad = 0;
2700 
2701 		skb_put_data(skb, &channel, sizeof(channel));
2702 		n_6ch++;
2703 	}
2704 
2705 	BUILD_BUG_ON(sizeof(dev->alpha2) > sizeof(req.hdr.alpha2));
2706 	memcpy(req.hdr.alpha2, dev->alpha2, sizeof(dev->alpha2));
2707 	req.n_ch.n_2ch = n_2ch;
2708 	req.n_ch.n_5ch = n_5ch;
2709 	req.n_ch.n_6ch = n_6ch;
2710 	len = sizeof(struct n_chan) + (n_2ch + n_5ch + n_6ch) * sizeof(channel);
2711 	req.n_ch.len = cpu_to_le16(len);
2712 	memcpy(__skb_push(skb, sizeof(req)), &req, sizeof(req));
2713 
2714 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(SET_DOMAIN_INFO),
2715 				     false);
2716 }
2717 EXPORT_SYMBOL_GPL(mt7925_mcu_set_channel_domain);
2718 
2719 static int
2720 __mt7925_mcu_set_clc(struct mt792x_dev *dev, u8 *alpha2,
2721 		     enum environment_cap env_cap,
2722 		     struct mt7925_clc *clc, u8 idx)
2723 {
2724 	struct mt7925_clc_segment *seg;
2725 	struct sk_buff *skb;
2726 	struct {
2727 		u8 rsv[4];
2728 		__le16 tag;
2729 		__le16 len;
2730 
2731 		u8 ver;
2732 		u8 pad0;
2733 		__le16 size;
2734 		u8 idx;
2735 		u8 env;
2736 		u8 acpi_conf;
2737 		u8 pad1;
2738 		u8 alpha2[2];
2739 		u8 type[2];
2740 		u8 rsvd[64];
2741 	} __packed req = {
2742 		.tag = cpu_to_le16(0x3),
2743 		.len = cpu_to_le16(sizeof(req) - 4),
2744 
2745 		.idx = idx,
2746 		.env = env_cap,
2747 		.acpi_conf = mt792x_acpi_get_flags(&dev->phy),
2748 	};
2749 	int ret, valid_cnt = 0;
2750 	u8 i, *pos;
2751 
2752 	if (!clc)
2753 		return 0;
2754 
2755 	pos = clc->data + sizeof(*seg) * clc->nr_seg;
2756 	for (i = 0; i < clc->nr_country; i++) {
2757 		struct mt7925_clc_rule *rule = (struct mt7925_clc_rule *)pos;
2758 
2759 		pos += sizeof(*rule);
2760 		if (rule->alpha2[0] != alpha2[0] ||
2761 		    rule->alpha2[1] != alpha2[1])
2762 			continue;
2763 
2764 		seg = (struct mt7925_clc_segment *)clc->data
2765 			  + rule->seg_idx - 1;
2766 
2767 		memcpy(req.alpha2, rule->alpha2, 2);
2768 		memcpy(req.type, rule->type, 2);
2769 
2770 		req.size = cpu_to_le16(seg->len);
2771 		skb = __mt76_mcu_msg_alloc(&dev->mt76, &req,
2772 					   le16_to_cpu(req.size) + sizeof(req),
2773 					   sizeof(req), GFP_KERNEL);
2774 		if (!skb)
2775 			return -ENOMEM;
2776 		skb_put_data(skb, clc->data + seg->offset, seg->len);
2777 
2778 		ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2779 					    MCU_UNI_CMD(SET_POWER_LIMIT),
2780 					    true);
2781 		if (ret < 0)
2782 			return ret;
2783 		valid_cnt++;
2784 	}
2785 
2786 	if (!valid_cnt)
2787 		return -ENOENT;
2788 
2789 	return 0;
2790 }
2791 
2792 int mt7925_mcu_set_clc(struct mt792x_dev *dev, u8 *alpha2,
2793 		       enum environment_cap env_cap)
2794 {
2795 	struct mt792x_phy *phy = (struct mt792x_phy *)&dev->phy;
2796 	int i, ret;
2797 
2798 	/* submit all clc config */
2799 	for (i = 0; i < ARRAY_SIZE(phy->clc); i++) {
2800 		ret = __mt7925_mcu_set_clc(dev, alpha2, env_cap,
2801 					   phy->clc[i], i);
2802 
2803 		/* If no country found, set "00" as default */
2804 		if (ret == -ENOENT)
2805 			ret = __mt7925_mcu_set_clc(dev, "00",
2806 						   ENVIRON_INDOOR,
2807 						   phy->clc[i], i);
2808 		if (ret < 0)
2809 			return ret;
2810 	}
2811 	return 0;
2812 }
2813 
2814 int mt7925_mcu_fill_message(struct mt76_dev *mdev, struct sk_buff *skb,
2815 			    int cmd, int *wait_seq)
2816 {
2817 	int txd_len, mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
2818 	struct mt76_connac2_mcu_uni_txd *uni_txd;
2819 	struct mt76_connac2_mcu_txd *mcu_txd;
2820 	__le32 *txd;
2821 	u32 val;
2822 	u8 seq;
2823 
2824 	/* TODO: make dynamic based on msg type */
2825 	mdev->mcu.timeout = 20 * HZ;
2826 
2827 	seq = ++mdev->mcu.msg_seq & 0xf;
2828 	if (!seq)
2829 		seq = ++mdev->mcu.msg_seq & 0xf;
2830 
2831 	if (cmd == MCU_CMD(FW_SCATTER))
2832 		goto exit;
2833 
2834 	txd_len = cmd & __MCU_CMD_FIELD_UNI ? sizeof(*uni_txd) : sizeof(*mcu_txd);
2835 	txd = (__le32 *)skb_push(skb, txd_len);
2836 
2837 	val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len) |
2838 	      FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CMD) |
2839 	      FIELD_PREP(MT_TXD0_Q_IDX, MT_TX_MCU_PORT_RX_Q0);
2840 	txd[0] = cpu_to_le32(val);
2841 
2842 	val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD);
2843 	txd[1] = cpu_to_le32(val);
2844 
2845 	if (cmd & __MCU_CMD_FIELD_UNI) {
2846 		uni_txd = (struct mt76_connac2_mcu_uni_txd *)txd;
2847 		uni_txd->len = cpu_to_le16(skb->len - sizeof(uni_txd->txd));
2848 		uni_txd->option = MCU_CMD_UNI_EXT_ACK;
2849 		uni_txd->cid = cpu_to_le16(mcu_cmd);
2850 		uni_txd->s2d_index = MCU_S2D_H2N;
2851 		uni_txd->pkt_type = MCU_PKT_ID;
2852 		uni_txd->seq = seq;
2853 
2854 		goto exit;
2855 	}
2856 
2857 	mcu_txd = (struct mt76_connac2_mcu_txd *)txd;
2858 	mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
2859 	mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU,
2860 					       MT_TX_MCU_PORT_RX_Q0));
2861 	mcu_txd->pkt_type = MCU_PKT_ID;
2862 	mcu_txd->seq = seq;
2863 	mcu_txd->cid = mcu_cmd;
2864 	mcu_txd->ext_cid = FIELD_GET(__MCU_CMD_FIELD_EXT_ID, cmd);
2865 
2866 	if (mcu_txd->ext_cid || (cmd & __MCU_CMD_FIELD_CE)) {
2867 		if (cmd & __MCU_CMD_FIELD_QUERY)
2868 			mcu_txd->set_query = MCU_Q_QUERY;
2869 		else
2870 			mcu_txd->set_query = MCU_Q_SET;
2871 		mcu_txd->ext_cid_ack = !!mcu_txd->ext_cid;
2872 	} else {
2873 		mcu_txd->set_query = MCU_Q_NA;
2874 	}
2875 
2876 	if (cmd & __MCU_CMD_FIELD_WA)
2877 		mcu_txd->s2d_index = MCU_S2D_H2C;
2878 	else
2879 		mcu_txd->s2d_index = MCU_S2D_H2N;
2880 
2881 exit:
2882 	if (wait_seq)
2883 		*wait_seq = seq;
2884 
2885 	return 0;
2886 }
2887 EXPORT_SYMBOL_GPL(mt7925_mcu_fill_message);
2888 
2889 int mt7925_mcu_set_rts_thresh(struct mt792x_phy *phy, u32 val)
2890 {
2891 	struct {
2892 		u8 band_idx;
2893 		u8 _rsv[3];
2894 
2895 		__le16 tag;
2896 		__le16 len;
2897 		__le32 len_thresh;
2898 		__le32 pkt_thresh;
2899 	} __packed req = {
2900 		.band_idx = phy->mt76->band_idx,
2901 		.tag = cpu_to_le16(UNI_BAND_CONFIG_RTS_THRESHOLD),
2902 		.len = cpu_to_le16(sizeof(req) - 4),
2903 		.len_thresh = cpu_to_le32(val),
2904 		.pkt_thresh = cpu_to_le32(0x2),
2905 	};
2906 
2907 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
2908 				 &req, sizeof(req), true);
2909 }
2910 
2911 int mt7925_mcu_set_radio_en(struct mt792x_phy *phy, bool enable)
2912 {
2913 	struct {
2914 		u8 band_idx;
2915 		u8 _rsv[3];
2916 
2917 		__le16 tag;
2918 		__le16 len;
2919 		u8 enable;
2920 		u8 _rsv2[3];
2921 	} __packed req = {
2922 		.band_idx = phy->mt76->band_idx,
2923 		.tag = cpu_to_le16(UNI_BAND_CONFIG_RADIO_ENABLE),
2924 		.len = cpu_to_le16(sizeof(req) - 4),
2925 		.enable = enable,
2926 	};
2927 
2928 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
2929 				 &req, sizeof(req), true);
2930 }
2931 
2932 static void
2933 mt7925_mcu_build_sku(struct mt76_dev *dev, s8 *sku,
2934 		     struct mt76_power_limits *limits,
2935 		     enum nl80211_band band)
2936 {
2937 	int i, offset = sizeof(limits->cck);
2938 
2939 	memset(sku, 127, MT_CONNAC3_SKU_POWER_LIMIT);
2940 
2941 	if (band == NL80211_BAND_2GHZ) {
2942 		/* cck */
2943 		memcpy(sku, limits->cck, sizeof(limits->cck));
2944 	}
2945 
2946 	/* ofdm */
2947 	memcpy(&sku[offset], limits->ofdm, sizeof(limits->ofdm));
2948 	offset += (sizeof(limits->ofdm) * 5);
2949 
2950 	/* ht */
2951 	for (i = 0; i < 2; i++) {
2952 		memcpy(&sku[offset], limits->mcs[i], 8);
2953 		offset += 8;
2954 	}
2955 	sku[offset++] = limits->mcs[0][0];
2956 
2957 	/* vht */
2958 	for (i = 0; i < ARRAY_SIZE(limits->mcs); i++) {
2959 		memcpy(&sku[offset], limits->mcs[i],
2960 		       ARRAY_SIZE(limits->mcs[i]));
2961 		offset += 12;
2962 	}
2963 
2964 	/* he */
2965 	for (i = 0; i < ARRAY_SIZE(limits->ru); i++) {
2966 		memcpy(&sku[offset], limits->ru[i], ARRAY_SIZE(limits->ru[i]));
2967 		offset += ARRAY_SIZE(limits->ru[i]);
2968 	}
2969 
2970 	/* eht */
2971 	for (i = 0; i < ARRAY_SIZE(limits->eht); i++) {
2972 		memcpy(&sku[offset], limits->eht[i], ARRAY_SIZE(limits->eht[i]));
2973 		offset += ARRAY_SIZE(limits->eht[i]);
2974 	}
2975 }
2976 
2977 static int
2978 mt7925_mcu_rate_txpower_band(struct mt76_phy *phy,
2979 			     enum nl80211_band band)
2980 {
2981 	int tx_power, n_chan, last_ch, err = 0, idx = 0;
2982 	int i, sku_len, batch_size, batch_len = 3;
2983 	struct mt76_dev *dev = phy->dev;
2984 	static const u8 chan_list_2ghz[] = {
2985 		1, 2,  3,  4,  5,  6,  7,
2986 		8, 9, 10, 11, 12, 13, 14
2987 	};
2988 	static const u8 chan_list_5ghz[] = {
2989 		 36,  38,  40,  42,  44,  46,  48,
2990 		 50,  52,  54,  56,  58,  60,  62,
2991 		 64, 100, 102, 104, 106, 108, 110,
2992 		112, 114, 116, 118, 120, 122, 124,
2993 		126, 128, 132, 134, 136, 138, 140,
2994 		142, 144, 149, 151, 153, 155, 157,
2995 		159, 161, 165, 167
2996 	};
2997 	static const u8 chan_list_6ghz[] = {
2998 		  1,   3,   5,   7,   9,  11,  13,
2999 		 15,  17,  19,  21,  23,  25,  27,
3000 		 29,  33,  35,  37,  39,  41,  43,
3001 		 45,  47,  49,  51,  53,  55,  57,
3002 		 59,  61,  65,  67,  69,  71,  73,
3003 		 75,  77,  79,  81,  83,  85,  87,
3004 		 89,  91,  93,  97,  99, 101, 103,
3005 		105, 107, 109, 111, 113, 115, 117,
3006 		119, 121, 123, 125, 129, 131, 133,
3007 		135, 137, 139, 141, 143, 145, 147,
3008 		149, 151, 153, 155, 157, 161, 163,
3009 		165, 167, 169, 171, 173, 175, 177,
3010 		179, 181, 183, 185, 187, 189, 193,
3011 		195, 197, 199, 201, 203, 205, 207,
3012 		209, 211, 213, 215, 217, 219, 221,
3013 		225, 227, 229, 233
3014 	};
3015 	struct mt76_power_limits *limits;
3016 	struct mt7925_sku_tlv *sku_tlbv;
3017 	const u8 *ch_list;
3018 
3019 	sku_len = sizeof(*sku_tlbv);
3020 	tx_power = 2 * phy->hw->conf.power_level;
3021 	if (!tx_power)
3022 		tx_power = 127;
3023 
3024 	if (band == NL80211_BAND_2GHZ) {
3025 		n_chan = ARRAY_SIZE(chan_list_2ghz);
3026 		ch_list = chan_list_2ghz;
3027 		last_ch = chan_list_2ghz[ARRAY_SIZE(chan_list_2ghz) - 1];
3028 	} else if (band == NL80211_BAND_6GHZ) {
3029 		n_chan = ARRAY_SIZE(chan_list_6ghz);
3030 		ch_list = chan_list_6ghz;
3031 		last_ch = chan_list_6ghz[ARRAY_SIZE(chan_list_6ghz) - 1];
3032 	} else {
3033 		n_chan = ARRAY_SIZE(chan_list_5ghz);
3034 		ch_list = chan_list_5ghz;
3035 		last_ch = chan_list_5ghz[ARRAY_SIZE(chan_list_5ghz) - 1];
3036 	}
3037 	batch_size = DIV_ROUND_UP(n_chan, batch_len);
3038 
3039 	limits = devm_kmalloc(dev->dev, sizeof(*limits), GFP_KERNEL);
3040 	if (!limits)
3041 		return -ENOMEM;
3042 
3043 	sku_tlbv = devm_kmalloc(dev->dev, sku_len, GFP_KERNEL);
3044 	if (!sku_tlbv) {
3045 		devm_kfree(dev->dev, limits);
3046 		return -ENOMEM;
3047 	}
3048 
3049 	for (i = 0; i < batch_size; i++) {
3050 		struct mt7925_tx_power_limit_tlv *tx_power_tlv;
3051 		int j, msg_len, num_ch;
3052 		struct sk_buff *skb;
3053 
3054 		num_ch = i == batch_size - 1 ? n_chan % batch_len : batch_len;
3055 		msg_len = sizeof(*tx_power_tlv) + num_ch * sku_len;
3056 		skb = mt76_mcu_msg_alloc(dev, NULL, msg_len);
3057 		if (!skb) {
3058 			err = -ENOMEM;
3059 			goto out;
3060 		}
3061 
3062 		tx_power_tlv = (struct mt7925_tx_power_limit_tlv *)
3063 			       skb_put(skb, sizeof(*tx_power_tlv));
3064 
3065 		BUILD_BUG_ON(sizeof(dev->alpha2) > sizeof(tx_power_tlv->alpha2));
3066 		memcpy(tx_power_tlv->alpha2, dev->alpha2, sizeof(dev->alpha2));
3067 		tx_power_tlv->n_chan = num_ch;
3068 		tx_power_tlv->tag = cpu_to_le16(0x1);
3069 		tx_power_tlv->len = cpu_to_le16(sizeof(*tx_power_tlv));
3070 
3071 		switch (band) {
3072 		case NL80211_BAND_2GHZ:
3073 			tx_power_tlv->band = 1;
3074 			break;
3075 		case NL80211_BAND_6GHZ:
3076 			tx_power_tlv->band = 3;
3077 			break;
3078 		default:
3079 			tx_power_tlv->band = 2;
3080 			break;
3081 		}
3082 
3083 		for (j = 0; j < num_ch; j++, idx++) {
3084 			struct ieee80211_channel chan = {
3085 				.hw_value = ch_list[idx],
3086 				.band = band,
3087 			};
3088 			s8 reg_power, sar_power;
3089 
3090 			reg_power = mt76_connac_get_ch_power(phy, &chan,
3091 							     tx_power);
3092 			sar_power = mt76_get_sar_power(phy, &chan, reg_power);
3093 
3094 			mt76_get_rate_power_limits(phy, &chan, limits,
3095 						   sar_power);
3096 
3097 			tx_power_tlv->last_msg = ch_list[idx] == last_ch;
3098 			sku_tlbv->channel = ch_list[idx];
3099 
3100 			mt7925_mcu_build_sku(dev, sku_tlbv->pwr_limit,
3101 					     limits, band);
3102 			skb_put_data(skb, sku_tlbv, sku_len);
3103 		}
3104 		err = mt76_mcu_skb_send_msg(dev, skb,
3105 					    MCU_UNI_CMD(SET_POWER_LIMIT),
3106 					    true);
3107 		if (err < 0)
3108 			goto out;
3109 	}
3110 
3111 out:
3112 	devm_kfree(dev->dev, sku_tlbv);
3113 	devm_kfree(dev->dev, limits);
3114 	return err;
3115 }
3116 
3117 int mt7925_mcu_set_rate_txpower(struct mt76_phy *phy)
3118 {
3119 	int err;
3120 
3121 	if (phy->cap.has_2ghz) {
3122 		err = mt7925_mcu_rate_txpower_band(phy,
3123 						   NL80211_BAND_2GHZ);
3124 		if (err < 0)
3125 			return err;
3126 	}
3127 
3128 	if (phy->cap.has_5ghz) {
3129 		err = mt7925_mcu_rate_txpower_band(phy,
3130 						   NL80211_BAND_5GHZ);
3131 		if (err < 0)
3132 			return err;
3133 	}
3134 
3135 	if (phy->cap.has_6ghz) {
3136 		err = mt7925_mcu_rate_txpower_band(phy,
3137 						   NL80211_BAND_6GHZ);
3138 		if (err < 0)
3139 			return err;
3140 	}
3141 
3142 	return 0;
3143 }
3144 
3145 int mt7925_mcu_set_rxfilter(struct mt792x_dev *dev, u32 fif,
3146 			    u8 bit_op, u32 bit_map)
3147 {
3148 	struct mt792x_phy *phy = &dev->phy;
3149 	struct {
3150 		u8 band_idx;
3151 		u8 rsv1[3];
3152 
3153 		__le16 tag;
3154 		__le16 len;
3155 		u8 mode;
3156 		u8 rsv2[3];
3157 		__le32 fif;
3158 		__le32 bit_map; /* bit_* for bitmap update */
3159 		u8 bit_op;
3160 		u8 pad[51];
3161 	} __packed req = {
3162 		.band_idx = phy->mt76->band_idx,
3163 		.tag = cpu_to_le16(UNI_BAND_CONFIG_SET_MAC80211_RX_FILTER),
3164 		.len = cpu_to_le16(sizeof(req) - 4),
3165 
3166 		.mode = fif ? 0 : 1,
3167 		.fif = cpu_to_le32(fif),
3168 		.bit_map = cpu_to_le32(bit_map),
3169 		.bit_op = bit_op,
3170 	};
3171 
3172 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
3173 				 &req, sizeof(req), true);
3174 }
3175