xref: /linux/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c (revision e7e86d7697c6ed1dbbde18d7185c35b6967945ed)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2023 MediaTek Inc. */
3 
4 #include <linux/fs.h>
5 #include <linux/firmware.h>
6 #include "mt7925.h"
7 #include "mcu.h"
8 #include "mac.h"
9 
10 #define MT_STA_BFER			BIT(0)
11 #define MT_STA_BFEE			BIT(1)
12 
13 static bool mt7925_disable_clc;
14 module_param_named(disable_clc, mt7925_disable_clc, bool, 0644);
15 MODULE_PARM_DESC(disable_clc, "disable CLC support");
16 
17 int mt7925_mcu_parse_response(struct mt76_dev *mdev, int cmd,
18 			      struct sk_buff *skb, int seq)
19 {
20 	int mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
21 	struct mt7925_mcu_rxd *rxd;
22 	int ret = 0;
23 
24 	if (!skb) {
25 		dev_err(mdev->dev, "Message %08x (seq %d) timeout\n", cmd, seq);
26 		mt792x_reset(mdev);
27 
28 		return -ETIMEDOUT;
29 	}
30 
31 	rxd = (struct mt7925_mcu_rxd *)skb->data;
32 	if (seq != rxd->seq)
33 		return -EAGAIN;
34 
35 	if (cmd == MCU_CMD(PATCH_SEM_CONTROL) ||
36 	    cmd == MCU_CMD(PATCH_FINISH_REQ)) {
37 		skb_pull(skb, sizeof(*rxd) - 4);
38 		ret = *skb->data;
39 	} else if (cmd == MCU_UNI_CMD(DEV_INFO_UPDATE) ||
40 		   cmd == MCU_UNI_CMD(BSS_INFO_UPDATE) ||
41 		   cmd == MCU_UNI_CMD(STA_REC_UPDATE) ||
42 		   cmd == MCU_UNI_CMD(OFFLOAD) ||
43 		   cmd == MCU_UNI_CMD(SUSPEND)) {
44 		struct mt7925_mcu_uni_event *event;
45 
46 		skb_pull(skb, sizeof(*rxd));
47 		event = (struct mt7925_mcu_uni_event *)skb->data;
48 		ret = le32_to_cpu(event->status);
49 		/* skip invalid event */
50 		if (mcu_cmd != event->cid)
51 			ret = -EAGAIN;
52 	} else {
53 		skb_pull(skb, sizeof(*rxd));
54 	}
55 
56 	return ret;
57 }
58 EXPORT_SYMBOL_GPL(mt7925_mcu_parse_response);
59 
60 int mt7925_mcu_regval(struct mt792x_dev *dev, u32 regidx, u32 *val, bool set)
61 {
62 #define MT_RF_REG_HDR           GENMASK(31, 24)
63 #define MT_RF_REG_ANT           GENMASK(23, 16)
64 #define RF_REG_PREFIX           0x99
65 	struct {
66 		u8 __rsv[4];
67 		union {
68 			struct uni_cmd_access_reg_basic {
69 				__le16 tag;
70 				__le16 len;
71 				__le32 idx;
72 				__le32 data;
73 			} __packed reg;
74 			struct uni_cmd_access_rf_reg_basic {
75 				__le16 tag;
76 				__le16 len;
77 				__le16 ant;
78 				u8 __rsv[2];
79 				__le32 idx;
80 				__le32 data;
81 			} __packed rf_reg;
82 		};
83 	} __packed * res, req;
84 	struct sk_buff *skb;
85 	int ret;
86 
87 	if (u32_get_bits(regidx, MT_RF_REG_HDR) == RF_REG_PREFIX) {
88 		req.rf_reg.tag = cpu_to_le16(UNI_CMD_ACCESS_RF_REG_BASIC);
89 		req.rf_reg.len = cpu_to_le16(sizeof(req.rf_reg));
90 		req.rf_reg.ant = cpu_to_le16(u32_get_bits(regidx, MT_RF_REG_ANT));
91 		req.rf_reg.idx = cpu_to_le32(regidx);
92 		req.rf_reg.data = set ? cpu_to_le32(*val) : 0;
93 	} else {
94 		req.reg.tag = cpu_to_le16(UNI_CMD_ACCESS_REG_BASIC);
95 		req.reg.len = cpu_to_le16(sizeof(req.reg));
96 		req.reg.idx = cpu_to_le32(regidx);
97 		req.reg.data = set ? cpu_to_le32(*val) : 0;
98 	}
99 
100 	if (set)
101 		return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(REG_ACCESS),
102 					 &req, sizeof(req), true);
103 
104 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
105 					MCU_WM_UNI_CMD_QUERY(REG_ACCESS),
106 					&req, sizeof(req), true, &skb);
107 	if (ret)
108 		return ret;
109 
110 	res = (void *)skb->data;
111 	if (u32_get_bits(regidx, MT_RF_REG_HDR) == RF_REG_PREFIX)
112 		*val = le32_to_cpu(res->rf_reg.data);
113 	else
114 		*val = le32_to_cpu(res->reg.data);
115 
116 	dev_kfree_skb(skb);
117 
118 	return 0;
119 }
120 EXPORT_SYMBOL_GPL(mt7925_mcu_regval);
121 
122 int mt7925_mcu_update_arp_filter(struct mt76_dev *dev,
123 				 struct ieee80211_bss_conf *link_conf)
124 {
125 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
126 	struct ieee80211_vif *mvif = link_conf->vif;
127 	struct sk_buff *skb;
128 	int i, len = min_t(int, mvif->cfg.arp_addr_cnt,
129 			   IEEE80211_BSS_ARP_ADDR_LIST_LEN);
130 	struct {
131 		struct {
132 			u8 bss_idx;
133 			u8 pad[3];
134 		} __packed hdr;
135 		struct mt7925_arpns_tlv arp;
136 	} req = {
137 		.hdr = {
138 			.bss_idx = mconf->mt76.idx,
139 		},
140 		.arp = {
141 			.tag = cpu_to_le16(UNI_OFFLOAD_OFFLOAD_ARP),
142 			.len = cpu_to_le16(sizeof(req) - 4 + len * 2 * sizeof(__be32)),
143 			.ips_num = len,
144 			.enable = true,
145 		},
146 	};
147 
148 	skb = mt76_mcu_msg_alloc(dev, NULL, sizeof(req) + len * 2 * sizeof(__be32));
149 	if (!skb)
150 		return -ENOMEM;
151 
152 	skb_put_data(skb, &req, sizeof(req));
153 	for (i = 0; i < len; i++) {
154 		skb_put_data(skb, &mvif->cfg.arp_addr_list[i], sizeof(__be32));
155 		skb_put_zero(skb, sizeof(__be32));
156 	}
157 
158 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(OFFLOAD), true);
159 }
160 
161 #ifdef CONFIG_PM
162 static int
163 mt7925_connac_mcu_set_wow_ctrl(struct mt76_phy *phy, struct ieee80211_vif *vif,
164 			       bool suspend, struct cfg80211_wowlan *wowlan)
165 {
166 	struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv;
167 	struct ieee80211_scan_ies ies = {};
168 	struct mt76_dev *dev = phy->dev;
169 	struct {
170 		struct {
171 			u8 bss_idx;
172 			u8 pad[3];
173 		} __packed hdr;
174 		struct mt76_connac_wow_ctrl_tlv wow_ctrl_tlv;
175 		struct mt76_connac_wow_gpio_param_tlv gpio_tlv;
176 	} req = {
177 		.hdr = {
178 			.bss_idx = mvif->idx,
179 		},
180 		.wow_ctrl_tlv = {
181 			.tag = cpu_to_le16(UNI_SUSPEND_WOW_CTRL),
182 			.len = cpu_to_le16(sizeof(struct mt76_connac_wow_ctrl_tlv)),
183 			.cmd = suspend ? 1 : 2,
184 		},
185 		.gpio_tlv = {
186 			.tag = cpu_to_le16(UNI_SUSPEND_WOW_GPIO_PARAM),
187 			.len = cpu_to_le16(sizeof(struct mt76_connac_wow_gpio_param_tlv)),
188 			.gpio_pin = 0xff, /* follow fw about GPIO pin */
189 		},
190 	};
191 
192 	if (wowlan->magic_pkt)
193 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_MAGIC;
194 	if (wowlan->disconnect)
195 		req.wow_ctrl_tlv.trigger |= (UNI_WOW_DETECT_TYPE_DISCONNECT |
196 					     UNI_WOW_DETECT_TYPE_BCN_LOST);
197 	if (wowlan->nd_config) {
198 		mt7925_mcu_sched_scan_req(phy, vif, wowlan->nd_config, &ies);
199 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_SCH_SCAN_HIT;
200 		mt7925_mcu_sched_scan_enable(phy, vif, suspend);
201 	}
202 	if (wowlan->n_patterns)
203 		req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_BITMAP;
204 
205 	if (mt76_is_mmio(dev))
206 		req.wow_ctrl_tlv.wakeup_hif = WOW_PCIE;
207 	else if (mt76_is_usb(dev))
208 		req.wow_ctrl_tlv.wakeup_hif = WOW_USB;
209 	else if (mt76_is_sdio(dev))
210 		req.wow_ctrl_tlv.wakeup_hif = WOW_GPIO;
211 
212 	return mt76_mcu_send_msg(dev, MCU_UNI_CMD(SUSPEND), &req,
213 				 sizeof(req), true);
214 }
215 
216 static int
217 mt7925_mcu_set_wow_pattern(struct mt76_dev *dev,
218 			   struct ieee80211_vif *vif,
219 			   u8 index, bool enable,
220 			   struct cfg80211_pkt_pattern *pattern)
221 {
222 	struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv;
223 	struct mt7925_wow_pattern_tlv *tlv;
224 	struct sk_buff *skb;
225 	struct {
226 		u8 bss_idx;
227 		u8 pad[3];
228 	} __packed hdr = {
229 		.bss_idx = mvif->idx,
230 	};
231 
232 	skb = mt76_mcu_msg_alloc(dev, NULL, sizeof(hdr) + sizeof(*tlv));
233 	if (!skb)
234 		return -ENOMEM;
235 
236 	skb_put_data(skb, &hdr, sizeof(hdr));
237 	tlv = (struct mt7925_wow_pattern_tlv *)skb_put(skb, sizeof(*tlv));
238 	tlv->tag = cpu_to_le16(UNI_SUSPEND_WOW_PATTERN);
239 	tlv->len = cpu_to_le16(sizeof(*tlv));
240 	tlv->bss_idx = 0xF;
241 	tlv->data_len = pattern->pattern_len;
242 	tlv->enable = enable;
243 	tlv->index = index;
244 	tlv->offset = 0;
245 
246 	memcpy(tlv->pattern, pattern->pattern, pattern->pattern_len);
247 	memcpy(tlv->mask, pattern->mask, DIV_ROUND_UP(pattern->pattern_len, 8));
248 
249 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(SUSPEND), true);
250 }
251 
252 void mt7925_mcu_set_suspend_iter(void *priv, u8 *mac,
253 				 struct ieee80211_vif *vif)
254 {
255 	struct mt76_phy *phy = priv;
256 	bool suspend = !test_bit(MT76_STATE_RUNNING, &phy->state);
257 	struct ieee80211_hw *hw = phy->hw;
258 	struct cfg80211_wowlan *wowlan = hw->wiphy->wowlan_config;
259 	int i;
260 
261 	mt76_connac_mcu_set_gtk_rekey(phy->dev, vif, suspend);
262 
263 	mt76_connac_mcu_set_suspend_mode(phy->dev, vif, suspend, 1, true);
264 
265 	for (i = 0; i < wowlan->n_patterns; i++)
266 		mt7925_mcu_set_wow_pattern(phy->dev, vif, i, suspend,
267 					   &wowlan->patterns[i]);
268 	mt7925_connac_mcu_set_wow_ctrl(phy, vif, suspend, wowlan);
269 }
270 
271 #endif /* CONFIG_PM */
272 
273 static void
274 mt7925_mcu_connection_loss_iter(void *priv, u8 *mac,
275 				struct ieee80211_vif *vif)
276 {
277 	struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv;
278 	struct mt7925_uni_beacon_loss_event *event = priv;
279 
280 	if (mvif->idx != event->hdr.bss_idx)
281 		return;
282 
283 	if (!(vif->driver_flags & IEEE80211_VIF_BEACON_FILTER) ||
284 	    vif->type != NL80211_IFTYPE_STATION)
285 		return;
286 
287 	ieee80211_connection_loss(vif);
288 }
289 
290 static void
291 mt7925_mcu_connection_loss_event(struct mt792x_dev *dev, struct sk_buff *skb)
292 {
293 	struct mt7925_uni_beacon_loss_event *event;
294 	struct mt76_phy *mphy = &dev->mt76.phy;
295 
296 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd));
297 	event = (struct mt7925_uni_beacon_loss_event *)skb->data;
298 
299 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
300 					IEEE80211_IFACE_ITER_RESUME_ALL,
301 					mt7925_mcu_connection_loss_iter, event);
302 }
303 
304 static void
305 mt7925_mcu_roc_iter(void *priv, u8 *mac, struct ieee80211_vif *vif)
306 {
307 	struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv;
308 	struct mt7925_roc_grant_tlv *grant = priv;
309 
310 	if (ieee80211_vif_is_mld(vif) && vif->type == NL80211_IFTYPE_STATION)
311 		return;
312 
313 	if (mvif->idx != grant->bss_idx)
314 		return;
315 
316 	mvif->band_idx = grant->dbdcband;
317 }
318 
319 static void mt7925_mcu_roc_handle_grant(struct mt792x_dev *dev,
320 					struct tlv *tlv)
321 {
322 	struct ieee80211_hw *hw = dev->mt76.hw;
323 	struct mt7925_roc_grant_tlv *grant;
324 	int duration;
325 
326 	grant = (struct mt7925_roc_grant_tlv *)tlv;
327 
328 	/* should never happen */
329 	WARN_ON_ONCE((le16_to_cpu(grant->tag) != UNI_EVENT_ROC_GRANT));
330 
331 	if (grant->reqtype == MT7925_ROC_REQ_ROC)
332 		ieee80211_ready_on_channel(hw);
333 	else if (grant->reqtype == MT7925_ROC_REQ_JOIN)
334 		ieee80211_iterate_active_interfaces_atomic(hw,
335 						IEEE80211_IFACE_ITER_RESUME_ALL,
336 						mt7925_mcu_roc_iter, grant);
337 	dev->phy.roc_grant = true;
338 	wake_up(&dev->phy.roc_wait);
339 	duration = le32_to_cpu(grant->max_interval);
340 	mod_timer(&dev->phy.roc_timer,
341 		  jiffies + msecs_to_jiffies(duration));
342 }
343 
344 static void
345 mt7925_mcu_handle_hif_ctrl_basic(struct mt792x_dev *dev, struct tlv *tlv)
346 {
347 	struct mt7925_mcu_hif_ctrl_basic_tlv *basic;
348 
349 	basic = (struct mt7925_mcu_hif_ctrl_basic_tlv *)tlv;
350 
351 	if (basic->hifsuspend) {
352 		dev->hif_idle = true;
353 		if (!(basic->hif_tx_traffic_status == HIF_TRAFFIC_IDLE &&
354 		      basic->hif_rx_traffic_status == HIF_TRAFFIC_IDLE))
355 			dev_info(dev->mt76.dev, "Hif traffic not idle.\n");
356 	} else {
357 		dev->hif_resumed = true;
358 	}
359 	wake_up(&dev->wait);
360 }
361 
362 static void
363 mt7925_mcu_uni_hif_ctrl_event(struct mt792x_dev *dev, struct sk_buff *skb)
364 {
365 	struct tlv *tlv;
366 	u32 tlv_len;
367 
368 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd) + 4);
369 	tlv = (struct tlv *)skb->data;
370 	tlv_len = skb->len;
371 
372 	while (tlv_len > 0 && le16_to_cpu(tlv->len) <= tlv_len) {
373 		switch (le16_to_cpu(tlv->tag)) {
374 		case UNI_EVENT_HIF_CTRL_BASIC:
375 			mt7925_mcu_handle_hif_ctrl_basic(dev, tlv);
376 			break;
377 		default:
378 			break;
379 		}
380 		tlv_len -= le16_to_cpu(tlv->len);
381 		tlv = (struct tlv *)((char *)(tlv) + le16_to_cpu(tlv->len));
382 	}
383 }
384 
385 static void
386 mt7925_mcu_uni_roc_event(struct mt792x_dev *dev, struct sk_buff *skb)
387 {
388 	struct tlv *tlv;
389 	int i = 0;
390 
391 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd) + 4);
392 
393 	while (i < skb->len) {
394 		tlv = (struct tlv *)(skb->data + i);
395 
396 		switch (le16_to_cpu(tlv->tag)) {
397 		case UNI_EVENT_ROC_GRANT:
398 			mt7925_mcu_roc_handle_grant(dev, tlv);
399 			break;
400 		case UNI_EVENT_ROC_GRANT_SUB_LINK:
401 			break;
402 		}
403 
404 		i += le16_to_cpu(tlv->len);
405 	}
406 }
407 
408 static void
409 mt7925_mcu_scan_event(struct mt792x_dev *dev, struct sk_buff *skb)
410 {
411 	struct mt76_phy *mphy = &dev->mt76.phy;
412 	struct mt792x_phy *phy = mphy->priv;
413 
414 	spin_lock_bh(&dev->mt76.lock);
415 	__skb_queue_tail(&phy->scan_event_list, skb);
416 	spin_unlock_bh(&dev->mt76.lock);
417 
418 	ieee80211_queue_delayed_work(mphy->hw, &phy->scan_work,
419 				     MT792x_HW_SCAN_TIMEOUT);
420 }
421 
422 static void
423 mt7925_mcu_tx_done_event(struct mt792x_dev *dev, struct sk_buff *skb)
424 {
425 #define UNI_EVENT_TX_DONE_MSG 0
426 #define UNI_EVENT_TX_DONE_RAW 1
427 	struct mt7925_mcu_txs_event {
428 		u8 ver;
429 		u8 rsv[3];
430 		u8 data[];
431 	} __packed * txs;
432 	struct tlv *tlv;
433 	u32 tlv_len;
434 
435 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd) + 4);
436 	tlv = (struct tlv *)skb->data;
437 	tlv_len = skb->len;
438 
439 	while (tlv_len > 0 && le16_to_cpu(tlv->len) <= tlv_len) {
440 		switch (le16_to_cpu(tlv->tag)) {
441 		case UNI_EVENT_TX_DONE_RAW:
442 			txs = (struct mt7925_mcu_txs_event *)tlv->data;
443 			mt7925_mac_add_txs(dev, txs->data);
444 			break;
445 		default:
446 			break;
447 		}
448 		tlv_len -= le16_to_cpu(tlv->len);
449 		tlv = (struct tlv *)((char *)(tlv) + le16_to_cpu(tlv->len));
450 	}
451 }
452 
453 static void
454 mt7925_mcu_uni_debug_msg_event(struct mt792x_dev *dev, struct sk_buff *skb)
455 {
456 	struct mt7925_uni_debug_msg {
457 		__le16 tag;
458 		__le16 len;
459 		u8 fmt;
460 		u8 rsv[3];
461 		u8 id;
462 		u8 type:3;
463 		u8 nr_args:5;
464 		union {
465 			struct idxlog {
466 				__le16 rsv;
467 				__le32 ts;
468 				__le32 idx;
469 				u8 data[];
470 			} __packed idx;
471 			struct txtlog {
472 				u8 len;
473 				u8 rsv;
474 				__le32 ts;
475 				u8 data[];
476 			} __packed txt;
477 		};
478 	} __packed * hdr;
479 
480 	skb_pull(skb, sizeof(struct mt7925_mcu_rxd) + 4);
481 	hdr = (struct mt7925_uni_debug_msg *)skb->data;
482 
483 	if (hdr->id == 0x28) {
484 		skb_pull(skb, offsetof(struct mt7925_uni_debug_msg, id));
485 		wiphy_info(mt76_hw(dev)->wiphy, "%.*s", skb->len, skb->data);
486 		return;
487 	} else if (hdr->id != 0xa8) {
488 		return;
489 	}
490 
491 	if (hdr->type == 0) { /* idx log */
492 		int i, ret, len = PAGE_SIZE - 1, nr_val;
493 		struct page *page = dev_alloc_pages(get_order(len));
494 		__le32 *val;
495 		char *buf, *cur;
496 
497 		if (!page)
498 			return;
499 
500 		buf = page_address(page);
501 		cur = buf;
502 
503 		nr_val = (le16_to_cpu(hdr->len) - sizeof(*hdr)) / 4;
504 		val = (__le32 *)hdr->idx.data;
505 		for (i = 0; i < nr_val && len > 0; i++) {
506 			ret = snprintf(cur, len, "0x%x,", le32_to_cpu(val[i]));
507 			if (ret <= 0)
508 				break;
509 
510 			cur += ret;
511 			len -= ret;
512 		}
513 		if (cur > buf)
514 			wiphy_info(mt76_hw(dev)->wiphy, "idx: 0x%X,%d,%s",
515 				   le32_to_cpu(hdr->idx.idx), nr_val, buf);
516 		put_page(page);
517 	} else if (hdr->type == 2) { /* str log */
518 		wiphy_info(mt76_hw(dev)->wiphy, "%.*s", hdr->txt.len, hdr->txt.data);
519 	}
520 }
521 
522 static void
523 mt7925_mcu_uni_rx_unsolicited_event(struct mt792x_dev *dev,
524 				    struct sk_buff *skb)
525 {
526 	struct mt7925_mcu_rxd *rxd;
527 
528 	rxd = (struct mt7925_mcu_rxd *)skb->data;
529 
530 	switch (rxd->eid) {
531 	case MCU_UNI_EVENT_HIF_CTRL:
532 		mt7925_mcu_uni_hif_ctrl_event(dev, skb);
533 		break;
534 	case MCU_UNI_EVENT_FW_LOG_2_HOST:
535 		mt7925_mcu_uni_debug_msg_event(dev, skb);
536 		break;
537 	case MCU_UNI_EVENT_ROC:
538 		mt7925_mcu_uni_roc_event(dev, skb);
539 		break;
540 	case MCU_UNI_EVENT_SCAN_DONE:
541 		mt7925_mcu_scan_event(dev, skb);
542 		return;
543 	case MCU_UNI_EVENT_TX_DONE:
544 		mt7925_mcu_tx_done_event(dev, skb);
545 		break;
546 	case MCU_UNI_EVENT_BSS_BEACON_LOSS:
547 		mt7925_mcu_connection_loss_event(dev, skb);
548 		break;
549 	case MCU_UNI_EVENT_COREDUMP:
550 		dev->fw_assert = true;
551 		mt76_connac_mcu_coredump_event(&dev->mt76, skb, &dev->coredump);
552 		return;
553 	default:
554 		break;
555 	}
556 	dev_kfree_skb(skb);
557 }
558 
559 void mt7925_mcu_rx_event(struct mt792x_dev *dev, struct sk_buff *skb)
560 {
561 	struct mt7925_mcu_rxd *rxd = (struct mt7925_mcu_rxd *)skb->data;
562 
563 	if (skb_linearize(skb))
564 		return;
565 
566 	if (rxd->option & MCU_UNI_CMD_UNSOLICITED_EVENT) {
567 		mt7925_mcu_uni_rx_unsolicited_event(dev, skb);
568 		return;
569 	}
570 
571 	mt76_mcu_rx_event(&dev->mt76, skb);
572 }
573 
574 static int
575 mt7925_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif_link *mvif,
576 		  struct ieee80211_ampdu_params *params,
577 		  bool enable, bool tx)
578 {
579 	struct mt76_wcid *wcid = (struct mt76_wcid *)params->sta->drv_priv;
580 	struct sta_rec_ba_uni *ba;
581 	struct sk_buff *skb;
582 	struct tlv *tlv;
583 	int len;
584 
585 	len = sizeof(struct sta_req_hdr) + sizeof(*ba);
586 	skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, wcid,
587 					      len);
588 	if (IS_ERR(skb))
589 		return PTR_ERR(skb);
590 
591 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BA, sizeof(*ba));
592 
593 	ba = (struct sta_rec_ba_uni *)tlv;
594 	ba->ba_type = tx ? MT_BA_TYPE_ORIGINATOR : MT_BA_TYPE_RECIPIENT;
595 	ba->winsize = cpu_to_le16(params->buf_size);
596 	ba->ssn = cpu_to_le16(params->ssn);
597 	ba->ba_en = enable << params->tid;
598 	ba->amsdu = params->amsdu;
599 	ba->tid = params->tid;
600 
601 	return mt76_mcu_skb_send_msg(dev, skb,
602 				     MCU_UNI_CMD(STA_REC_UPDATE), true);
603 }
604 
605 /** starec & wtbl **/
606 int mt7925_mcu_uni_tx_ba(struct mt792x_dev *dev,
607 			 struct ieee80211_ampdu_params *params,
608 			 bool enable)
609 {
610 	struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv;
611 	struct mt792x_vif *mvif = msta->vif;
612 
613 	if (enable && !params->amsdu)
614 		msta->deflink.wcid.amsdu = false;
615 
616 	return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params,
617 				 enable, true);
618 }
619 
620 int mt7925_mcu_uni_rx_ba(struct mt792x_dev *dev,
621 			 struct ieee80211_ampdu_params *params,
622 			 bool enable)
623 {
624 	struct mt792x_sta *msta = (struct mt792x_sta *)params->sta->drv_priv;
625 	struct mt792x_vif *mvif = msta->vif;
626 
627 	return mt7925_mcu_sta_ba(&dev->mt76, &mvif->bss_conf.mt76, params,
628 				 enable, false);
629 }
630 
631 static int mt7925_mcu_read_eeprom(struct mt792x_dev *dev, u32 offset, u8 *val)
632 {
633 	struct {
634 		u8 rsv[4];
635 
636 		__le16 tag;
637 		__le16 len;
638 
639 		__le32 addr;
640 		__le32 valid;
641 		u8 data[MT7925_EEPROM_BLOCK_SIZE];
642 	} __packed req = {
643 		.tag = cpu_to_le16(1),
644 		.len = cpu_to_le16(sizeof(req) - 4),
645 		.addr = cpu_to_le32(round_down(offset,
646 				    MT7925_EEPROM_BLOCK_SIZE)),
647 	};
648 	struct evt {
649 		u8 rsv[4];
650 
651 		__le16 tag;
652 		__le16 len;
653 
654 		__le32 ver;
655 		__le32 addr;
656 		__le32 valid;
657 		__le32 size;
658 		__le32 magic_num;
659 		__le32 type;
660 		__le32 rsv1[4];
661 		u8 data[32];
662 	} __packed *res;
663 	struct sk_buff *skb;
664 	int ret;
665 
666 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_WM_UNI_CMD_QUERY(EFUSE_CTRL),
667 					&req, sizeof(req), true, &skb);
668 	if (ret)
669 		return ret;
670 
671 	res = (struct evt *)skb->data;
672 	*val = res->data[offset % MT7925_EEPROM_BLOCK_SIZE];
673 
674 	dev_kfree_skb(skb);
675 
676 	return 0;
677 }
678 
679 static int mt7925_load_clc(struct mt792x_dev *dev, const char *fw_name)
680 {
681 	const struct mt76_connac2_fw_trailer *hdr;
682 	const struct mt76_connac2_fw_region *region;
683 	const struct mt7925_clc *clc;
684 	struct mt76_dev *mdev = &dev->mt76;
685 	struct mt792x_phy *phy = &dev->phy;
686 	const struct firmware *fw;
687 	u8 *clc_base = NULL, hw_encap = 0;
688 	int ret, i, len, offset = 0;
689 
690 	dev->phy.clc_chan_conf = 0xff;
691 	if (mt7925_disable_clc ||
692 	    mt76_is_usb(&dev->mt76))
693 		return 0;
694 
695 	if (mt76_is_mmio(&dev->mt76)) {
696 		ret = mt7925_mcu_read_eeprom(dev, MT_EE_HW_TYPE, &hw_encap);
697 		if (ret)
698 			return ret;
699 		hw_encap = u8_get_bits(hw_encap, MT_EE_HW_TYPE_ENCAP);
700 	}
701 
702 	ret = request_firmware(&fw, fw_name, mdev->dev);
703 	if (ret)
704 		return ret;
705 
706 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
707 		dev_err(mdev->dev, "Invalid firmware\n");
708 		ret = -EINVAL;
709 		goto out;
710 	}
711 
712 	hdr = (const void *)(fw->data + fw->size - sizeof(*hdr));
713 	for (i = 0; i < hdr->n_region; i++) {
714 		region = (const void *)((const u8 *)hdr -
715 					(hdr->n_region - i) * sizeof(*region));
716 		len = le32_to_cpu(region->len);
717 
718 		/* check if we have valid buffer size */
719 		if (offset + len > fw->size) {
720 			dev_err(mdev->dev, "Invalid firmware region\n");
721 			ret = -EINVAL;
722 			goto out;
723 		}
724 
725 		if ((region->feature_set & FW_FEATURE_NON_DL) &&
726 		    region->type == FW_TYPE_CLC) {
727 			clc_base = (u8 *)(fw->data + offset);
728 			break;
729 		}
730 		offset += len;
731 	}
732 
733 	if (!clc_base)
734 		goto out;
735 
736 	for (offset = 0; offset < len; offset += le32_to_cpu(clc->len)) {
737 		clc = (const struct mt7925_clc *)(clc_base + offset);
738 
739 		if (clc->idx >= ARRAY_SIZE(phy->clc))
740 			break;
741 
742 		/* do not init buf again if chip reset triggered */
743 		if (phy->clc[clc->idx])
744 			continue;
745 
746 		/* header content sanity */
747 		if ((clc->idx == MT792x_CLC_BE_CTRL &&
748 		     u8_get_bits(clc->t2.type, MT_EE_HW_TYPE_ENCAP) != hw_encap) ||
749 		    u8_get_bits(clc->t0.type, MT_EE_HW_TYPE_ENCAP) != hw_encap)
750 			continue;
751 
752 		phy->clc[clc->idx] = devm_kmemdup(mdev->dev, clc,
753 						  le32_to_cpu(clc->len),
754 						  GFP_KERNEL);
755 
756 		if (!phy->clc[clc->idx]) {
757 			ret = -ENOMEM;
758 			goto out;
759 		}
760 	}
761 
762 	ret = mt7925_mcu_set_clc(dev, "00", ENVIRON_INDOOR);
763 out:
764 	release_firmware(fw);
765 
766 	return ret;
767 }
768 
769 int mt7925_mcu_fw_log_2_host(struct mt792x_dev *dev, u8 ctrl)
770 {
771 	struct {
772 		u8 _rsv[4];
773 
774 		__le16 tag;
775 		__le16 len;
776 		u8 ctrl;
777 		u8 interval;
778 		u8 _rsv2[2];
779 	} __packed req = {
780 		.tag = cpu_to_le16(UNI_WSYS_CONFIG_FW_LOG_CTRL),
781 		.len = cpu_to_le16(sizeof(req) - 4),
782 		.ctrl = ctrl,
783 	};
784 	int ret;
785 
786 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(WSYS_CONFIG),
787 					&req, sizeof(req), true, NULL);
788 	return ret;
789 }
790 
791 int mt7925_mcu_get_temperature(struct mt792x_phy *phy)
792 {
793 	struct {
794 		u8 _rsv[4];
795 
796 		__le16 tag;
797 		__le16 len;
798 		u8 _rsv2[4];
799 	} __packed req = {
800 		.tag = cpu_to_le16(0x0),
801 		.len = cpu_to_le16(sizeof(req) - 4),
802 	};
803 	struct mt7925_thermal_evt {
804 		u8 rsv[4];
805 		__le32 temperature;
806 	} __packed * evt;
807 	struct mt792x_dev *dev = phy->dev;
808 	int temperature, ret;
809 	struct sk_buff *skb;
810 
811 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
812 					MCU_WM_UNI_CMD_QUERY(THERMAL),
813 					&req, sizeof(req), true, &skb);
814 	if (ret)
815 		return ret;
816 
817 	skb_pull(skb, 4 + sizeof(struct tlv));
818 	evt = (struct mt7925_thermal_evt *)skb->data;
819 
820 	temperature = le32_to_cpu(evt->temperature);
821 
822 	dev_kfree_skb(skb);
823 
824 	return temperature;
825 }
826 
827 static void
828 mt7925_mcu_parse_phy_cap(struct mt792x_dev *dev, char *data)
829 {
830 	struct mt76_phy *mphy = &dev->mt76.phy;
831 	struct mt76_dev *mdev = mphy->dev;
832 	struct mt7925_mcu_phy_cap {
833 		u8 ht;
834 		u8 vht;
835 		u8 _5g;
836 		u8 max_bw;
837 		u8 nss;
838 		u8 dbdc;
839 		u8 tx_ldpc;
840 		u8 rx_ldpc;
841 		u8 tx_stbc;
842 		u8 rx_stbc;
843 		u8 hw_path;
844 		u8 he;
845 		u8 eht;
846 	} __packed * cap;
847 	enum {
848 		WF0_24G,
849 		WF0_5G
850 	};
851 
852 	cap = (struct mt7925_mcu_phy_cap *)data;
853 
854 	mdev->phy.antenna_mask = BIT(cap->nss) - 1;
855 	mdev->phy.chainmask = mdev->phy.antenna_mask;
856 	mdev->phy.cap.has_2ghz = cap->hw_path & BIT(WF0_24G);
857 	mdev->phy.cap.has_5ghz = cap->hw_path & BIT(WF0_5G);
858 }
859 
860 static void
861 mt7925_mcu_parse_eml_cap(struct mt792x_dev *dev, char *data)
862 {
863 	struct mt7925_mcu_eml_cap {
864 		u8 rsv[4];
865 		__le16 eml_cap;
866 		u8 rsv2[6];
867 	} __packed * cap;
868 
869 	cap = (struct mt7925_mcu_eml_cap *)data;
870 
871 	dev->phy.eml_cap = le16_to_cpu(cap->eml_cap);
872 }
873 
874 static int
875 mt7925_mcu_get_nic_capability(struct mt792x_dev *dev)
876 {
877 	struct mt76_phy *mphy = &dev->mt76.phy;
878 	struct {
879 		u8 _rsv[4];
880 
881 		__le16 tag;
882 		__le16 len;
883 	} __packed req = {
884 		.tag = cpu_to_le16(UNI_CHIP_CONFIG_NIC_CAPA),
885 		.len = cpu_to_le16(sizeof(req) - 4),
886 	};
887 	struct mt76_connac_cap_hdr {
888 		__le16 n_element;
889 		u8 rsv[2];
890 	} __packed * hdr;
891 	struct sk_buff *skb;
892 	int ret, i;
893 
894 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(CHIP_CONFIG),
895 					&req, sizeof(req), true, &skb);
896 	if (ret)
897 		return ret;
898 
899 	hdr = (struct mt76_connac_cap_hdr *)skb->data;
900 	if (skb->len < sizeof(*hdr)) {
901 		ret = -EINVAL;
902 		goto out;
903 	}
904 
905 	skb_pull(skb, sizeof(*hdr));
906 
907 	for (i = 0; i < le16_to_cpu(hdr->n_element); i++) {
908 		struct tlv *tlv = (struct tlv *)skb->data;
909 		int len;
910 
911 		if (skb->len < sizeof(*tlv))
912 			break;
913 
914 		len = le16_to_cpu(tlv->len);
915 		if (skb->len < len)
916 			break;
917 
918 		switch (le16_to_cpu(tlv->tag)) {
919 		case MT_NIC_CAP_6G:
920 			mphy->cap.has_6ghz = !!tlv->data[0];
921 			break;
922 		case MT_NIC_CAP_MAC_ADDR:
923 			memcpy(mphy->macaddr, (void *)tlv->data, ETH_ALEN);
924 			break;
925 		case MT_NIC_CAP_PHY:
926 			mt7925_mcu_parse_phy_cap(dev, tlv->data);
927 			break;
928 		case MT_NIC_CAP_CHIP_CAP:
929 			dev->phy.chip_cap = le64_to_cpu(*(__le64 *)tlv->data);
930 			break;
931 		case MT_NIC_CAP_EML_CAP:
932 			mt7925_mcu_parse_eml_cap(dev, tlv->data);
933 			break;
934 		default:
935 			break;
936 		}
937 		skb_pull(skb, len);
938 	}
939 out:
940 	dev_kfree_skb(skb);
941 	return ret;
942 }
943 
944 int mt7925_mcu_chip_config(struct mt792x_dev *dev, const char *cmd)
945 {
946 	u16 len = strlen(cmd) + 1;
947 	struct {
948 		u8 _rsv[4];
949 		__le16 tag;
950 		__le16 len;
951 		struct mt76_connac_config config;
952 	} __packed req = {
953 		.tag = cpu_to_le16(UNI_CHIP_CONFIG_CHIP_CFG),
954 		.len = cpu_to_le16(sizeof(req) - 4),
955 		.config = {
956 			.resp_type = 0,
957 			.type = 0,
958 			.data_size = cpu_to_le16(len),
959 		},
960 	};
961 
962 	memcpy(req.config.data, cmd, len);
963 
964 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(CHIP_CONFIG),
965 				 &req, sizeof(req), false);
966 }
967 
968 int mt7925_mcu_set_deep_sleep(struct mt792x_dev *dev, bool enable)
969 {
970 	char cmd[16];
971 
972 	snprintf(cmd, sizeof(cmd), "KeepFullPwr %d", !enable);
973 
974 	return mt7925_mcu_chip_config(dev, cmd);
975 }
976 EXPORT_SYMBOL_GPL(mt7925_mcu_set_deep_sleep);
977 
978 int mt7925_mcu_set_thermal_protect(struct mt792x_dev *dev)
979 {
980 	char cmd[64];
981 	int ret = 0;
982 
983 	snprintf(cmd, sizeof(cmd), "ThermalProtGband %d %d %d %d %d %d %d %d %d %d",
984 		 0, 100, 90, 80, 30, 1, 1, 115, 105, 5);
985 	ret = mt7925_mcu_chip_config(dev, cmd);
986 
987 	snprintf(cmd, sizeof(cmd), "ThermalProtAband %d %d %d %d %d %d %d %d %d %d",
988 		 1, 100, 90, 80, 30, 1, 1, 115, 105, 5);
989 	ret |= mt7925_mcu_chip_config(dev, cmd);
990 
991 	return ret;
992 }
993 EXPORT_SYMBOL_GPL(mt7925_mcu_set_thermal_protect);
994 
995 int mt7925_run_firmware(struct mt792x_dev *dev)
996 {
997 	int err;
998 
999 	err = mt792x_load_firmware(dev);
1000 	if (err)
1001 		return err;
1002 
1003 	err = mt7925_mcu_get_nic_capability(dev);
1004 	if (err)
1005 		return err;
1006 
1007 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
1008 	err = mt7925_load_clc(dev, mt792x_ram_name(dev));
1009 	if (err)
1010 		return err;
1011 
1012 	return mt7925_mcu_fw_log_2_host(dev, 1);
1013 }
1014 EXPORT_SYMBOL_GPL(mt7925_run_firmware);
1015 
1016 static void
1017 mt7925_mcu_sta_hdr_trans_tlv(struct sk_buff *skb,
1018 			     struct ieee80211_vif *vif,
1019 			     struct ieee80211_link_sta *link_sta)
1020 {
1021 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1022 	struct sta_rec_hdr_trans *hdr_trans;
1023 	struct mt76_wcid *wcid;
1024 	struct tlv *tlv;
1025 
1026 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HDR_TRANS, sizeof(*hdr_trans));
1027 	hdr_trans = (struct sta_rec_hdr_trans *)tlv;
1028 	hdr_trans->dis_rx_hdr_tran = true;
1029 
1030 	if (vif->type == NL80211_IFTYPE_STATION)
1031 		hdr_trans->to_ds = true;
1032 	else
1033 		hdr_trans->from_ds = true;
1034 
1035 	if (link_sta) {
1036 		struct mt792x_sta *msta = (struct mt792x_sta *)link_sta->sta->drv_priv;
1037 		struct mt792x_link_sta *mlink;
1038 
1039 		mlink = mt792x_sta_to_link(msta, link_sta->link_id);
1040 		wcid = &mlink->wcid;
1041 	} else {
1042 		wcid = &mvif->sta.deflink.wcid;
1043 	}
1044 
1045 	if (!wcid)
1046 		return;
1047 
1048 	hdr_trans->dis_rx_hdr_tran = !test_bit(MT_WCID_FLAG_HDR_TRANS, &wcid->flags);
1049 	if (test_bit(MT_WCID_FLAG_4ADDR, &wcid->flags)) {
1050 		hdr_trans->to_ds = true;
1051 		hdr_trans->from_ds = true;
1052 	}
1053 }
1054 
1055 int mt7925_mcu_wtbl_update_hdr_trans(struct mt792x_dev *dev,
1056 				     struct ieee80211_vif *vif,
1057 				     struct ieee80211_sta *sta,
1058 				     int link_id)
1059 {
1060 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1061 	struct ieee80211_link_sta *link_sta = sta ? &sta->deflink : NULL;
1062 	struct mt792x_link_sta *mlink;
1063 	struct mt792x_bss_conf *mconf;
1064 	struct mt792x_sta *msta;
1065 	struct sk_buff *skb;
1066 
1067 	msta = sta ? (struct mt792x_sta *)sta->drv_priv : &mvif->sta;
1068 
1069 	mlink = mt792x_sta_to_link(msta, link_id);
1070 	link_sta = mt792x_sta_to_link_sta(vif, sta, link_id);
1071 	mconf = mt792x_vif_to_link(mvif, link_id);
1072 
1073 	skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mconf->mt76,
1074 					      &mlink->wcid,
1075 					      MT7925_STA_UPDATE_MAX_SIZE);
1076 	if (IS_ERR(skb))
1077 		return PTR_ERR(skb);
1078 
1079 	/* starec hdr trans */
1080 	mt7925_mcu_sta_hdr_trans_tlv(skb, vif, link_sta);
1081 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1082 				     MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
1083 }
1084 
1085 int mt7925_mcu_set_tx(struct mt792x_dev *dev,
1086 		      struct ieee80211_bss_conf *bss_conf)
1087 {
1088 #define MCU_EDCA_AC_PARAM	0
1089 #define WMM_AIFS_SET		BIT(0)
1090 #define WMM_CW_MIN_SET		BIT(1)
1091 #define WMM_CW_MAX_SET		BIT(2)
1092 #define WMM_TXOP_SET		BIT(3)
1093 #define WMM_PARAM_SET		(WMM_AIFS_SET | WMM_CW_MIN_SET | \
1094 				 WMM_CW_MAX_SET | WMM_TXOP_SET)
1095 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(bss_conf);
1096 	struct {
1097 		u8 bss_idx;
1098 		u8 __rsv[3];
1099 	} __packed hdr = {
1100 		.bss_idx = mconf->mt76.idx,
1101 	};
1102 	struct sk_buff *skb;
1103 	int len = sizeof(hdr) + IEEE80211_NUM_ACS * sizeof(struct edca);
1104 	int ac;
1105 
1106 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
1107 	if (!skb)
1108 		return -ENOMEM;
1109 
1110 	skb_put_data(skb, &hdr, sizeof(hdr));
1111 
1112 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1113 		struct ieee80211_tx_queue_params *q = &mconf->queue_params[ac];
1114 		struct edca *e;
1115 		struct tlv *tlv;
1116 
1117 		tlv = mt76_connac_mcu_add_tlv(skb, MCU_EDCA_AC_PARAM, sizeof(*e));
1118 
1119 		e = (struct edca *)tlv;
1120 		e->set = WMM_PARAM_SET;
1121 		e->queue = ac;
1122 		e->aifs = q->aifs;
1123 		e->txop = cpu_to_le16(q->txop);
1124 
1125 		if (q->cw_min)
1126 			e->cw_min = fls(q->cw_min);
1127 		else
1128 			e->cw_min = 5;
1129 
1130 		if (q->cw_max)
1131 			e->cw_max = fls(q->cw_max);
1132 		else
1133 			e->cw_max = 10;
1134 	}
1135 
1136 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1137 				     MCU_UNI_CMD(EDCA_UPDATE), true);
1138 }
1139 
1140 static int
1141 mt7925_mcu_sta_key_tlv(struct mt76_wcid *wcid,
1142 		       struct mt76_connac_sta_key_conf *sta_key_conf,
1143 		       struct sk_buff *skb,
1144 		       struct ieee80211_key_conf *key,
1145 		       enum set_key_cmd cmd,
1146 		       struct mt792x_sta *msta)
1147 {
1148 	struct mt792x_vif *mvif = msta->vif;
1149 	struct mt792x_bss_conf *mconf = mt792x_vif_to_link(mvif, wcid->link_id);
1150 	struct sta_rec_sec_uni *sec;
1151 	struct ieee80211_sta *sta;
1152 	struct ieee80211_vif *vif;
1153 	struct tlv *tlv;
1154 
1155 	sta = msta == &mvif->sta ?
1156 		      NULL :
1157 		      container_of((void *)msta, struct ieee80211_sta, drv_priv);
1158 	vif = container_of((void *)mvif, struct ieee80211_vif, drv_priv);
1159 
1160 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_KEY_V3, sizeof(*sec));
1161 	sec = (struct sta_rec_sec_uni *)tlv;
1162 	sec->bss_idx = mconf->mt76.idx;
1163 	sec->is_authenticator = 0;
1164 	sec->mgmt_prot = 1; /* only used in MLO mode */
1165 	sec->wlan_idx = (u8)wcid->idx;
1166 
1167 	if (sta) {
1168 		struct ieee80211_link_sta *link_sta;
1169 
1170 		sec->tx_key = 1;
1171 		sec->key_type = 1;
1172 		link_sta = mt792x_sta_to_link_sta(vif, sta, wcid->link_id);
1173 
1174 		if (link_sta)
1175 			memcpy(sec->peer_addr, link_sta->addr, ETH_ALEN);
1176 	} else {
1177 		struct ieee80211_bss_conf *link_conf;
1178 
1179 		link_conf = mt792x_vif_to_bss_conf(vif, wcid->link_id);
1180 
1181 		if (link_conf)
1182 			memcpy(sec->peer_addr, link_conf->bssid, ETH_ALEN);
1183 	}
1184 
1185 	if (cmd == SET_KEY) {
1186 		u8 cipher;
1187 
1188 		sec->add = 1;
1189 		cipher = mt7925_mcu_get_cipher(key->cipher);
1190 		if (cipher == CONNAC3_CIPHER_NONE)
1191 			return -EOPNOTSUPP;
1192 
1193 		if (cipher == CONNAC3_CIPHER_BIP_CMAC_128) {
1194 			sec->cipher_id = CONNAC3_CIPHER_BIP_CMAC_128;
1195 			sec->key_id = sta_key_conf->keyidx;
1196 			sec->key_len = 32;
1197 			memcpy(sec->key, sta_key_conf->key, 16);
1198 			memcpy(sec->key + 16, key->key, 16);
1199 		} else {
1200 			sec->cipher_id = cipher;
1201 			sec->key_id = key->keyidx;
1202 			sec->key_len = key->keylen;
1203 			memcpy(sec->key, key->key, key->keylen);
1204 
1205 			if (cipher == CONNAC3_CIPHER_TKIP) {
1206 				/* Rx/Tx MIC keys are swapped */
1207 				memcpy(sec->key + 16, key->key + 24, 8);
1208 				memcpy(sec->key + 24, key->key + 16, 8);
1209 			}
1210 
1211 			/* store key_conf for BIP batch update */
1212 			if (cipher == CONNAC3_CIPHER_AES_CCMP) {
1213 				memcpy(sta_key_conf->key, key->key, key->keylen);
1214 				sta_key_conf->keyidx = key->keyidx;
1215 			}
1216 		}
1217 	} else {
1218 		sec->add = 0;
1219 	}
1220 
1221 	return 0;
1222 }
1223 
1224 int mt7925_mcu_add_key(struct mt76_dev *dev, struct ieee80211_vif *vif,
1225 		       struct mt76_connac_sta_key_conf *sta_key_conf,
1226 		       struct ieee80211_key_conf *key, int mcu_cmd,
1227 		       struct mt76_wcid *wcid, enum set_key_cmd cmd,
1228 		       struct mt792x_sta *msta)
1229 {
1230 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1231 	struct mt792x_bss_conf *mconf = mt792x_vif_to_link(mvif, wcid->link_id);
1232 	struct sk_buff *skb;
1233 	int ret;
1234 
1235 	skb = __mt76_connac_mcu_alloc_sta_req(dev, &mconf->mt76, wcid,
1236 					      MT7925_STA_UPDATE_MAX_SIZE);
1237 	if (IS_ERR(skb))
1238 		return PTR_ERR(skb);
1239 
1240 	ret = mt7925_mcu_sta_key_tlv(wcid, sta_key_conf, skb, key, cmd, msta);
1241 	if (ret)
1242 		return ret;
1243 
1244 	return mt76_mcu_skb_send_msg(dev, skb, mcu_cmd, true);
1245 }
1246 
1247 int mt7925_mcu_set_mlo_roc(struct mt792x_bss_conf *mconf, u16 sel_links,
1248 			   int duration, u8 token_id)
1249 {
1250 	struct mt792x_vif *mvif = mconf->vif;
1251 	struct ieee80211_vif *vif = container_of((void *)mvif,
1252 						 struct ieee80211_vif, drv_priv);
1253 	struct ieee80211_bss_conf *link_conf;
1254 	struct ieee80211_channel *chan;
1255 	const u8 ch_band[] = {
1256 		[NL80211_BAND_2GHZ] = 1,
1257 		[NL80211_BAND_5GHZ] = 2,
1258 		[NL80211_BAND_6GHZ] = 3,
1259 	};
1260 	enum mt7925_roc_req type;
1261 	int center_ch, i = 0;
1262 	bool is_AG_band = false;
1263 	struct {
1264 		u8 id;
1265 		u8 bss_idx;
1266 		u16 tag;
1267 		struct mt792x_bss_conf *mconf;
1268 		struct ieee80211_channel *chan;
1269 	} links[2];
1270 
1271 	struct {
1272 		struct {
1273 			u8 rsv[4];
1274 		} __packed hdr;
1275 		struct roc_acquire_tlv roc[2];
1276 	} __packed req = {
1277 			.roc[0].tag = cpu_to_le16(UNI_ROC_NUM),
1278 			.roc[0].len = cpu_to_le16(sizeof(struct roc_acquire_tlv)),
1279 			.roc[1].tag = cpu_to_le16(UNI_ROC_NUM),
1280 			.roc[1].len = cpu_to_le16(sizeof(struct roc_acquire_tlv))
1281 	};
1282 
1283 	if (!mconf || hweight16(vif->valid_links) < 2 ||
1284 	    hweight16(sel_links) != 2)
1285 		return -EPERM;
1286 
1287 	for (i = 0; i < ARRAY_SIZE(links); i++) {
1288 		links[i].id = i ? __ffs(~BIT(mconf->link_id) & sel_links) :
1289 				 mconf->link_id;
1290 		link_conf = mt792x_vif_to_bss_conf(vif, links[i].id);
1291 		if (WARN_ON_ONCE(!link_conf))
1292 			return -EPERM;
1293 
1294 		links[i].chan = link_conf->chanreq.oper.chan;
1295 		if (WARN_ON_ONCE(!links[i].chan))
1296 			return -EPERM;
1297 
1298 		links[i].mconf = mt792x_vif_to_link(mvif, links[i].id);
1299 		links[i].tag = links[i].id == mconf->link_id ?
1300 			       UNI_ROC_ACQUIRE : UNI_ROC_SUB_LINK;
1301 
1302 		is_AG_band |= links[i].chan->band == NL80211_BAND_2GHZ;
1303 	}
1304 
1305 	if (vif->cfg.eml_cap & IEEE80211_EML_CAP_EMLSR_SUPP)
1306 		type = is_AG_band ? MT7925_ROC_REQ_MLSR_AG :
1307 				    MT7925_ROC_REQ_MLSR_AA;
1308 	else
1309 		type = MT7925_ROC_REQ_JOIN;
1310 
1311 	for (i = 0; i < ARRAY_SIZE(links) && i < hweight16(vif->active_links); i++) {
1312 		if (WARN_ON_ONCE(!links[i].mconf || !links[i].chan))
1313 			continue;
1314 
1315 		chan = links[i].chan;
1316 		center_ch = ieee80211_frequency_to_channel(chan->center_freq);
1317 		req.roc[i].len = cpu_to_le16(sizeof(struct roc_acquire_tlv));
1318 		req.roc[i].tag = cpu_to_le16(links[i].tag);
1319 		req.roc[i].tokenid = token_id;
1320 		req.roc[i].reqtype = type;
1321 		req.roc[i].maxinterval = cpu_to_le32(duration);
1322 		req.roc[i].bss_idx = links[i].mconf->mt76.idx;
1323 		req.roc[i].control_channel = chan->hw_value;
1324 		req.roc[i].bw = CMD_CBW_20MHZ;
1325 		req.roc[i].bw_from_ap = CMD_CBW_20MHZ;
1326 		req.roc[i].center_chan = center_ch;
1327 		req.roc[i].center_chan_from_ap = center_ch;
1328 		req.roc[i].center_chan2 = 0;
1329 		req.roc[i].center_chan2_from_ap = 0;
1330 
1331 		/* STR : 0xfe indicates BAND_ALL with enabling DBDC
1332 		 * EMLSR : 0xff indicates (BAND_AUTO) without DBDC
1333 		 */
1334 		req.roc[i].dbdcband = type == MT7925_ROC_REQ_JOIN ? 0xfe : 0xff;
1335 
1336 		if (chan->hw_value < center_ch)
1337 			req.roc[i].sco = 1; /* SCA */
1338 		else if (chan->hw_value > center_ch)
1339 			req.roc[i].sco = 3; /* SCB */
1340 
1341 		req.roc[i].band = ch_band[chan->band];
1342 	}
1343 
1344 	return mt76_mcu_send_msg(&mvif->phy->dev->mt76, MCU_UNI_CMD(ROC),
1345 				 &req, sizeof(req), true);
1346 }
1347 
1348 int mt7925_mcu_set_roc(struct mt792x_phy *phy, struct mt792x_bss_conf *mconf,
1349 		       struct ieee80211_channel *chan, int duration,
1350 		       enum mt7925_roc_req type, u8 token_id)
1351 {
1352 	int center_ch = ieee80211_frequency_to_channel(chan->center_freq);
1353 	struct mt792x_dev *dev = phy->dev;
1354 	struct {
1355 		struct {
1356 			u8 rsv[4];
1357 		} __packed hdr;
1358 		struct roc_acquire_tlv roc;
1359 	} __packed req = {
1360 		.roc = {
1361 			.tag = cpu_to_le16(UNI_ROC_ACQUIRE),
1362 			.len = cpu_to_le16(sizeof(struct roc_acquire_tlv)),
1363 			.tokenid = token_id,
1364 			.reqtype = type,
1365 			.maxinterval = cpu_to_le32(duration),
1366 			.bss_idx = mconf->mt76.idx,
1367 			.control_channel = chan->hw_value,
1368 			.bw = CMD_CBW_20MHZ,
1369 			.bw_from_ap = CMD_CBW_20MHZ,
1370 			.center_chan = center_ch,
1371 			.center_chan_from_ap = center_ch,
1372 			.dbdcband = 0xff, /* auto */
1373 		},
1374 	};
1375 
1376 	if (chan->hw_value < center_ch)
1377 		req.roc.sco = 1; /* SCA */
1378 	else if (chan->hw_value > center_ch)
1379 		req.roc.sco = 3; /* SCB */
1380 
1381 	switch (chan->band) {
1382 	case NL80211_BAND_6GHZ:
1383 		req.roc.band = 3;
1384 		break;
1385 	case NL80211_BAND_5GHZ:
1386 		req.roc.band = 2;
1387 		break;
1388 	default:
1389 		req.roc.band = 1;
1390 		break;
1391 	}
1392 
1393 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(ROC),
1394 				 &req, sizeof(req), true);
1395 }
1396 
1397 int mt7925_mcu_abort_roc(struct mt792x_phy *phy, struct mt792x_bss_conf *mconf,
1398 			 u8 token_id)
1399 {
1400 	struct mt792x_dev *dev = phy->dev;
1401 	struct {
1402 		struct {
1403 			u8 rsv[4];
1404 		} __packed hdr;
1405 		struct roc_abort_tlv {
1406 			__le16 tag;
1407 			__le16 len;
1408 			u8 bss_idx;
1409 			u8 tokenid;
1410 			u8 dbdcband;
1411 			u8 rsv[5];
1412 		} __packed abort;
1413 	} __packed req = {
1414 		.abort = {
1415 			.tag = cpu_to_le16(UNI_ROC_ABORT),
1416 			.len = cpu_to_le16(sizeof(struct roc_abort_tlv)),
1417 			.tokenid = token_id,
1418 			.bss_idx = mconf->mt76.idx,
1419 			.dbdcband = 0xff, /* auto*/
1420 		},
1421 	};
1422 
1423 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(ROC),
1424 				 &req, sizeof(req), true);
1425 }
1426 
1427 int mt7925_mcu_set_eeprom(struct mt792x_dev *dev)
1428 {
1429 	struct {
1430 		u8 _rsv[4];
1431 
1432 		__le16 tag;
1433 		__le16 len;
1434 		u8 buffer_mode;
1435 		u8 format;
1436 		__le16 buf_len;
1437 	} __packed req = {
1438 		.tag = cpu_to_le16(UNI_EFUSE_BUFFER_MODE),
1439 		.len = cpu_to_le16(sizeof(req) - 4),
1440 		.buffer_mode = EE_MODE_EFUSE,
1441 		.format = EE_FORMAT_WHOLE
1442 	};
1443 
1444 	return mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(EFUSE_CTRL),
1445 					 &req, sizeof(req), true, NULL);
1446 }
1447 EXPORT_SYMBOL_GPL(mt7925_mcu_set_eeprom);
1448 
1449 int mt7925_mcu_uni_bss_ps(struct mt792x_dev *dev,
1450 			  struct ieee80211_bss_conf *link_conf)
1451 {
1452 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
1453 	struct {
1454 		struct {
1455 			u8 bss_idx;
1456 			u8 pad[3];
1457 		} __packed hdr;
1458 		struct ps_tlv {
1459 			__le16 tag;
1460 			__le16 len;
1461 			u8 ps_state; /* 0: device awake
1462 				      * 1: static power save
1463 				      * 2: dynamic power saving
1464 				      * 3: enter TWT power saving
1465 				      * 4: leave TWT power saving
1466 				      */
1467 			u8 pad[3];
1468 		} __packed ps;
1469 	} __packed ps_req = {
1470 		.hdr = {
1471 			.bss_idx = mconf->mt76.idx,
1472 		},
1473 		.ps = {
1474 			.tag = cpu_to_le16(UNI_BSS_INFO_PS),
1475 			.len = cpu_to_le16(sizeof(struct ps_tlv)),
1476 			.ps_state = link_conf->vif->cfg.ps ? 2 : 0,
1477 		},
1478 	};
1479 
1480 	if (link_conf->vif->type != NL80211_IFTYPE_STATION)
1481 		return -EOPNOTSUPP;
1482 
1483 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1484 				 &ps_req, sizeof(ps_req), true);
1485 }
1486 
1487 int
1488 mt7925_mcu_uni_bss_bcnft(struct mt792x_dev *dev,
1489 			 struct ieee80211_bss_conf *link_conf, bool enable)
1490 {
1491 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
1492 	struct {
1493 		struct {
1494 			u8 bss_idx;
1495 			u8 pad[3];
1496 		} __packed hdr;
1497 		struct bcnft_tlv {
1498 			__le16 tag;
1499 			__le16 len;
1500 			__le16 bcn_interval;
1501 			u8 dtim_period;
1502 			u8 bmc_delivered_ac;
1503 			u8 bmc_triggered_ac;
1504 			u8 pad[3];
1505 		} __packed bcnft;
1506 	} __packed bcnft_req = {
1507 		.hdr = {
1508 			.bss_idx = mconf->mt76.idx,
1509 		},
1510 		.bcnft = {
1511 			.tag = cpu_to_le16(UNI_BSS_INFO_BCNFT),
1512 			.len = cpu_to_le16(sizeof(struct bcnft_tlv)),
1513 			.bcn_interval = cpu_to_le16(link_conf->beacon_int),
1514 			.dtim_period = link_conf->dtim_period,
1515 		},
1516 	};
1517 
1518 	if (link_conf->vif->type != NL80211_IFTYPE_STATION)
1519 		return 0;
1520 
1521 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1522 				 &bcnft_req, sizeof(bcnft_req), true);
1523 }
1524 
1525 int
1526 mt7925_mcu_set_bss_pm(struct mt792x_dev *dev,
1527 		      struct ieee80211_bss_conf *link_conf,
1528 		      bool enable)
1529 {
1530 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
1531 	struct {
1532 		struct {
1533 			u8 bss_idx;
1534 			u8 pad[3];
1535 		} __packed hdr;
1536 		struct bcnft_tlv {
1537 			__le16 tag;
1538 			__le16 len;
1539 			__le16 bcn_interval;
1540 			u8 dtim_period;
1541 			u8 bmc_delivered_ac;
1542 			u8 bmc_triggered_ac;
1543 			u8 pad[3];
1544 		} __packed enable;
1545 	} req = {
1546 		.hdr = {
1547 			.bss_idx = mconf->mt76.idx,
1548 		},
1549 		.enable = {
1550 			.tag = cpu_to_le16(UNI_BSS_INFO_BCNFT),
1551 			.len = cpu_to_le16(sizeof(struct bcnft_tlv)),
1552 			.dtim_period = link_conf->dtim_period,
1553 			.bcn_interval = cpu_to_le16(link_conf->beacon_int),
1554 		},
1555 	};
1556 	struct {
1557 		struct {
1558 			u8 bss_idx;
1559 			u8 pad[3];
1560 		} __packed hdr;
1561 		struct pm_disable {
1562 			__le16 tag;
1563 			__le16 len;
1564 		} __packed disable;
1565 	} req1 = {
1566 		.hdr = {
1567 			.bss_idx = mconf->mt76.idx,
1568 		},
1569 		.disable = {
1570 			.tag = cpu_to_le16(UNI_BSS_INFO_PM_DISABLE),
1571 			.len = cpu_to_le16(sizeof(struct pm_disable))
1572 		},
1573 	};
1574 	int err;
1575 
1576 	err = mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1577 				&req1, sizeof(req1), true);
1578 	if (err < 0 || !enable)
1579 		return err;
1580 
1581 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
1582 				 &req, sizeof(req), true);
1583 }
1584 
1585 static void
1586 mt7925_mcu_sta_he_tlv(struct sk_buff *skb, struct ieee80211_link_sta *link_sta)
1587 {
1588 	if (!link_sta->he_cap.has_he)
1589 		return;
1590 
1591 	mt76_connac_mcu_sta_he_tlv_v2(skb, link_sta->sta);
1592 }
1593 
1594 static void
1595 mt7925_mcu_sta_he_6g_tlv(struct sk_buff *skb,
1596 			 struct ieee80211_link_sta *link_sta)
1597 {
1598 	struct sta_rec_he_6g_capa *he_6g;
1599 	struct tlv *tlv;
1600 
1601 	if (!link_sta->he_6ghz_capa.capa)
1602 		return;
1603 
1604 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HE_6G, sizeof(*he_6g));
1605 
1606 	he_6g = (struct sta_rec_he_6g_capa *)tlv;
1607 	he_6g->capa = link_sta->he_6ghz_capa.capa;
1608 }
1609 
1610 static void
1611 mt7925_mcu_sta_eht_tlv(struct sk_buff *skb, struct ieee80211_link_sta *link_sta)
1612 {
1613 	struct ieee80211_eht_mcs_nss_supp *mcs_map;
1614 	struct ieee80211_eht_cap_elem_fixed *elem;
1615 	struct sta_rec_eht *eht;
1616 	struct tlv *tlv;
1617 
1618 	if (!link_sta->eht_cap.has_eht)
1619 		return;
1620 
1621 	mcs_map = &link_sta->eht_cap.eht_mcs_nss_supp;
1622 	elem = &link_sta->eht_cap.eht_cap_elem;
1623 
1624 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_EHT, sizeof(*eht));
1625 
1626 	eht = (struct sta_rec_eht *)tlv;
1627 	eht->tid_bitmap = 0xff;
1628 	eht->mac_cap = cpu_to_le16(*(u16 *)elem->mac_cap_info);
1629 	eht->phy_cap = cpu_to_le64(*(u64 *)elem->phy_cap_info);
1630 	eht->phy_cap_ext = cpu_to_le64(elem->phy_cap_info[8]);
1631 
1632 	if (link_sta->bandwidth == IEEE80211_STA_RX_BW_20)
1633 		memcpy(eht->mcs_map_bw20, &mcs_map->only_20mhz, sizeof(eht->mcs_map_bw20));
1634 	memcpy(eht->mcs_map_bw80, &mcs_map->bw._80, sizeof(eht->mcs_map_bw80));
1635 	memcpy(eht->mcs_map_bw160, &mcs_map->bw._160, sizeof(eht->mcs_map_bw160));
1636 }
1637 
1638 static void
1639 mt7925_mcu_sta_ht_tlv(struct sk_buff *skb, struct ieee80211_link_sta *link_sta)
1640 {
1641 	struct sta_rec_ht *ht;
1642 	struct tlv *tlv;
1643 
1644 	if (!link_sta->ht_cap.ht_supported)
1645 		return;
1646 
1647 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
1648 
1649 	ht = (struct sta_rec_ht *)tlv;
1650 	ht->ht_cap = cpu_to_le16(link_sta->ht_cap.cap);
1651 }
1652 
1653 static void
1654 mt7925_mcu_sta_vht_tlv(struct sk_buff *skb, struct ieee80211_link_sta *link_sta)
1655 {
1656 	struct sta_rec_vht *vht;
1657 	struct tlv *tlv;
1658 
1659 	/* For 6G band, this tlv is necessary to let hw work normally */
1660 	if (!link_sta->he_6ghz_capa.capa && !link_sta->vht_cap.vht_supported)
1661 		return;
1662 
1663 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
1664 
1665 	vht = (struct sta_rec_vht *)tlv;
1666 	vht->vht_cap = cpu_to_le32(link_sta->vht_cap.cap);
1667 	vht->vht_rx_mcs_map = link_sta->vht_cap.vht_mcs.rx_mcs_map;
1668 	vht->vht_tx_mcs_map = link_sta->vht_cap.vht_mcs.tx_mcs_map;
1669 }
1670 
1671 static void
1672 mt7925_mcu_sta_amsdu_tlv(struct sk_buff *skb,
1673 			 struct ieee80211_vif *vif,
1674 			 struct ieee80211_link_sta *link_sta)
1675 {
1676 	struct mt792x_sta *msta = (struct mt792x_sta *)link_sta->sta->drv_priv;
1677 	struct mt792x_link_sta *mlink;
1678 	struct sta_rec_amsdu *amsdu;
1679 	struct tlv *tlv;
1680 
1681 	if (vif->type != NL80211_IFTYPE_STATION &&
1682 	    vif->type != NL80211_IFTYPE_AP)
1683 		return;
1684 
1685 	if (!link_sta->agg.max_amsdu_len)
1686 		return;
1687 
1688 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HW_AMSDU, sizeof(*amsdu));
1689 	amsdu = (struct sta_rec_amsdu *)tlv;
1690 	amsdu->max_amsdu_num = 8;
1691 	amsdu->amsdu_en = true;
1692 
1693 	mlink = mt792x_sta_to_link(msta, link_sta->link_id);
1694 	mlink->wcid.amsdu = true;
1695 
1696 	switch (link_sta->agg.max_amsdu_len) {
1697 	case IEEE80211_MAX_MPDU_LEN_VHT_11454:
1698 		amsdu->max_mpdu_size =
1699 			IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454;
1700 		return;
1701 	case IEEE80211_MAX_MPDU_LEN_HT_7935:
1702 	case IEEE80211_MAX_MPDU_LEN_VHT_7991:
1703 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991;
1704 		return;
1705 	default:
1706 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895;
1707 		return;
1708 	}
1709 }
1710 
1711 static void
1712 mt7925_mcu_sta_phy_tlv(struct sk_buff *skb,
1713 		       struct ieee80211_vif *vif,
1714 		       struct ieee80211_link_sta *link_sta)
1715 {
1716 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1717 	struct ieee80211_bss_conf *link_conf;
1718 	struct cfg80211_chan_def *chandef;
1719 	struct mt792x_bss_conf *mconf;
1720 	struct sta_rec_phy *phy;
1721 	struct tlv *tlv;
1722 	u8 af = 0, mm = 0;
1723 
1724 	link_conf = mt792x_vif_to_bss_conf(vif, link_sta->link_id);
1725 	mconf = mt792x_vif_to_link(mvif, link_sta->link_id);
1726 	chandef = mconf->mt76.ctx ? &mconf->mt76.ctx->def :
1727 				    &link_conf->chanreq.oper;
1728 
1729 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_PHY, sizeof(*phy));
1730 	phy = (struct sta_rec_phy *)tlv;
1731 	phy->phy_type = mt76_connac_get_phy_mode_v2(mvif->phy->mt76, vif,
1732 						    chandef->chan->band,
1733 						    link_sta);
1734 	phy->basic_rate = cpu_to_le16((u16)link_conf->basic_rates);
1735 	if (link_sta->ht_cap.ht_supported) {
1736 		af = link_sta->ht_cap.ampdu_factor;
1737 		mm = link_sta->ht_cap.ampdu_density;
1738 	}
1739 
1740 	if (link_sta->vht_cap.vht_supported) {
1741 		u8 vht_af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
1742 				      link_sta->vht_cap.cap);
1743 
1744 		af = max_t(u8, af, vht_af);
1745 	}
1746 
1747 	if (link_sta->he_6ghz_capa.capa) {
1748 		af = le16_get_bits(link_sta->he_6ghz_capa.capa,
1749 				   IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP);
1750 		mm = le16_get_bits(link_sta->he_6ghz_capa.capa,
1751 				   IEEE80211_HE_6GHZ_CAP_MIN_MPDU_START);
1752 	}
1753 
1754 	phy->ampdu = FIELD_PREP(IEEE80211_HT_AMPDU_PARM_FACTOR, af) |
1755 		     FIELD_PREP(IEEE80211_HT_AMPDU_PARM_DENSITY, mm);
1756 	phy->max_ampdu_len = af;
1757 }
1758 
1759 static void
1760 mt7925_mcu_sta_state_v2_tlv(struct mt76_phy *mphy, struct sk_buff *skb,
1761 			    struct ieee80211_link_sta *link_sta,
1762 			    struct ieee80211_vif *vif,
1763 			    u8 rcpi, u8 sta_state)
1764 {
1765 	struct sta_rec_state_v2 {
1766 		__le16 tag;
1767 		__le16 len;
1768 		u8 state;
1769 		u8 rsv[3];
1770 		__le32 flags;
1771 		u8 vht_opmode;
1772 		u8 action;
1773 		u8 rsv2[2];
1774 	} __packed * state;
1775 	struct tlv *tlv;
1776 
1777 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_STATE, sizeof(*state));
1778 	state = (struct sta_rec_state_v2 *)tlv;
1779 	state->state = sta_state;
1780 
1781 	if (link_sta->vht_cap.vht_supported) {
1782 		state->vht_opmode = link_sta->bandwidth;
1783 		state->vht_opmode |= link_sta->rx_nss <<
1784 			IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
1785 	}
1786 }
1787 
1788 static void
1789 mt7925_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb,
1790 			     struct ieee80211_vif *vif,
1791 			     struct ieee80211_link_sta *link_sta)
1792 {
1793 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1794 	struct ieee80211_bss_conf *link_conf;
1795 	struct cfg80211_chan_def *chandef;
1796 	struct sta_rec_ra_info *ra_info;
1797 	struct mt792x_bss_conf *mconf;
1798 	enum nl80211_band band;
1799 	struct tlv *tlv;
1800 	u16 supp_rates;
1801 
1802 	link_conf = mt792x_vif_to_bss_conf(vif, link_sta->link_id);
1803 	mconf = mt792x_vif_to_link(mvif, link_sta->link_id);
1804 	chandef = mconf->mt76.ctx ? &mconf->mt76.ctx->def :
1805 				    &link_conf->chanreq.oper;
1806 	band = chandef->chan->band;
1807 
1808 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA, sizeof(*ra_info));
1809 	ra_info = (struct sta_rec_ra_info *)tlv;
1810 
1811 	supp_rates = link_sta->supp_rates[band];
1812 	if (band == NL80211_BAND_2GHZ)
1813 		supp_rates = FIELD_PREP(RA_LEGACY_OFDM, supp_rates >> 4) |
1814 			     FIELD_PREP(RA_LEGACY_CCK, supp_rates & 0xf);
1815 	else
1816 		supp_rates = FIELD_PREP(RA_LEGACY_OFDM, supp_rates);
1817 
1818 	ra_info->legacy = cpu_to_le16(supp_rates);
1819 
1820 	if (link_sta->ht_cap.ht_supported)
1821 		memcpy(ra_info->rx_mcs_bitmask,
1822 		       link_sta->ht_cap.mcs.rx_mask,
1823 		       HT_MCS_MASK_NUM);
1824 }
1825 
1826 static void
1827 mt7925_mcu_sta_eht_mld_tlv(struct sk_buff *skb,
1828 			   struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1829 {
1830 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1831 	struct wiphy *wiphy = mvif->phy->mt76->hw->wiphy;
1832 	const struct wiphy_iftype_ext_capab *ext_capa;
1833 	struct sta_rec_eht_mld *eht_mld;
1834 	struct tlv *tlv;
1835 	u16 eml_cap;
1836 
1837 	if (!ieee80211_vif_is_mld(vif))
1838 		return;
1839 
1840 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_EHT_MLD, sizeof(*eht_mld));
1841 	eht_mld = (struct sta_rec_eht_mld *)tlv;
1842 	eht_mld->mld_type = 0xff;
1843 
1844 	ext_capa = cfg80211_get_iftype_ext_capa(wiphy,
1845 						ieee80211_vif_type_p2p(vif));
1846 	if (!ext_capa)
1847 		return;
1848 
1849 	eml_cap = (vif->cfg.eml_cap & (IEEE80211_EML_CAP_EMLSR_SUPP |
1850 				       IEEE80211_EML_CAP_TRANSITION_TIMEOUT)) |
1851 		  (ext_capa->eml_capabilities & (IEEE80211_EML_CAP_EMLSR_PADDING_DELAY |
1852 						IEEE80211_EML_CAP_EMLSR_TRANSITION_DELAY));
1853 
1854 	if (eml_cap & IEEE80211_EML_CAP_EMLSR_SUPP) {
1855 		eht_mld->eml_cap[0] = u16_get_bits(eml_cap, GENMASK(7, 0));
1856 		eht_mld->eml_cap[1] = u16_get_bits(eml_cap, GENMASK(15, 8));
1857 	} else {
1858 		eht_mld->str_cap[0] = BIT(1);
1859 	}
1860 }
1861 
1862 static void
1863 mt7925_mcu_sta_mld_tlv(struct sk_buff *skb,
1864 		       struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1865 {
1866 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1867 	struct mt792x_sta *msta = (struct mt792x_sta *)sta->drv_priv;
1868 	unsigned long valid = mvif->valid_links;
1869 	struct mt792x_bss_conf *mconf;
1870 	struct mt792x_link_sta *mlink;
1871 	struct sta_rec_mld *mld;
1872 	struct tlv *tlv;
1873 	int i, cnt = 0;
1874 
1875 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_MLD, sizeof(*mld));
1876 	mld = (struct sta_rec_mld *)tlv;
1877 	memcpy(mld->mac_addr, sta->addr, ETH_ALEN);
1878 	mld->primary_id = cpu_to_le16(msta->deflink.wcid.idx);
1879 	mld->wlan_id = cpu_to_le16(msta->deflink.wcid.idx);
1880 	mld->link_num = min_t(u8, hweight16(mvif->valid_links), 2);
1881 
1882 	for_each_set_bit(i, &valid, IEEE80211_MLD_MAX_NUM_LINKS) {
1883 		if (cnt == mld->link_num)
1884 			break;
1885 
1886 		mconf = mt792x_vif_to_link(mvif, i);
1887 		mlink = mt792x_sta_to_link(msta, i);
1888 		mld->link[cnt].wlan_id = cpu_to_le16(mlink->wcid.idx);
1889 		mld->link[cnt++].bss_idx = mconf->mt76.idx;
1890 
1891 		if (mlink != &msta->deflink)
1892 			mld->secondary_id = cpu_to_le16(mlink->wcid.idx);
1893 	}
1894 }
1895 
1896 static void
1897 mt7925_mcu_sta_remove_tlv(struct sk_buff *skb)
1898 {
1899 	struct sta_rec_remove *rem;
1900 	struct tlv *tlv;
1901 
1902 	tlv = mt76_connac_mcu_add_tlv(skb, 0x25, sizeof(*rem));
1903 	rem = (struct sta_rec_remove *)tlv;
1904 	rem->action = 0;
1905 }
1906 
1907 static int
1908 mt7925_mcu_sta_cmd(struct mt76_phy *phy,
1909 		   struct mt76_sta_cmd_info *info)
1910 {
1911 	struct mt792x_vif *mvif = (struct mt792x_vif *)info->vif->drv_priv;
1912 	struct mt76_dev *dev = phy->dev;
1913 	struct mt792x_bss_conf *mconf;
1914 	struct sk_buff *skb;
1915 	int conn_state;
1916 
1917 	mconf = mt792x_vif_to_link(mvif, info->wcid->link_id);
1918 
1919 	skb = __mt76_connac_mcu_alloc_sta_req(dev, &mconf->mt76, info->wcid,
1920 					      MT7925_STA_UPDATE_MAX_SIZE);
1921 	if (IS_ERR(skb))
1922 		return PTR_ERR(skb);
1923 
1924 	conn_state = info->enable ? CONN_STATE_PORT_SECURE :
1925 				    CONN_STATE_DISCONNECT;
1926 
1927 	if (info->enable && info->link_sta) {
1928 		mt76_connac_mcu_sta_basic_tlv(dev, skb, info->link_conf,
1929 					      info->link_sta,
1930 					      conn_state, info->newly);
1931 		mt7925_mcu_sta_phy_tlv(skb, info->vif, info->link_sta);
1932 		mt7925_mcu_sta_ht_tlv(skb, info->link_sta);
1933 		mt7925_mcu_sta_vht_tlv(skb, info->link_sta);
1934 		mt76_connac_mcu_sta_uapsd(skb, info->vif, info->link_sta->sta);
1935 		mt7925_mcu_sta_amsdu_tlv(skb, info->vif, info->link_sta);
1936 		mt7925_mcu_sta_he_tlv(skb, info->link_sta);
1937 		mt7925_mcu_sta_he_6g_tlv(skb, info->link_sta);
1938 		mt7925_mcu_sta_eht_tlv(skb, info->link_sta);
1939 		mt7925_mcu_sta_rate_ctrl_tlv(skb, info->vif,
1940 					     info->link_sta);
1941 		mt7925_mcu_sta_state_v2_tlv(phy, skb, info->link_sta,
1942 					    info->vif, info->rcpi,
1943 					    info->state);
1944 
1945 		if (info->state != MT76_STA_INFO_STATE_NONE) {
1946 			mt7925_mcu_sta_mld_tlv(skb, info->vif, info->link_sta->sta);
1947 			mt7925_mcu_sta_eht_mld_tlv(skb, info->vif, info->link_sta->sta);
1948 		}
1949 	}
1950 
1951 	if (!info->enable) {
1952 		mt7925_mcu_sta_remove_tlv(skb);
1953 		mt76_connac_mcu_add_tlv(skb, STA_REC_MLD_OFF,
1954 					sizeof(struct tlv));
1955 	} else {
1956 		mt7925_mcu_sta_hdr_trans_tlv(skb, info->vif, info->link_sta);
1957 	}
1958 
1959 	return mt76_mcu_skb_send_msg(dev, skb, info->cmd, true);
1960 }
1961 
1962 int mt7925_mcu_sta_update(struct mt792x_dev *dev,
1963 			  struct ieee80211_link_sta *link_sta,
1964 			  struct ieee80211_vif *vif, bool enable,
1965 			  enum mt76_sta_info_state state)
1966 {
1967 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
1968 	int rssi = -ewma_rssi_read(&mvif->bss_conf.rssi);
1969 	struct mt76_sta_cmd_info info = {
1970 		.link_sta = link_sta,
1971 		.vif = vif,
1972 		.link_conf = &vif->bss_conf,
1973 		.enable = enable,
1974 		.cmd = MCU_UNI_CMD(STA_REC_UPDATE),
1975 		.state = state,
1976 		.offload_fw = true,
1977 		.rcpi = to_rcpi(rssi),
1978 	};
1979 	struct mt792x_sta *msta;
1980 	struct mt792x_link_sta *mlink;
1981 
1982 	if (link_sta) {
1983 		msta = (struct mt792x_sta *)link_sta->sta->drv_priv;
1984 		mlink = mt792x_sta_to_link(msta, link_sta->link_id);
1985 	}
1986 	info.wcid = link_sta ? &mlink->wcid : &mvif->sta.deflink.wcid;
1987 	info.newly = state != MT76_STA_INFO_STATE_ASSOC;
1988 
1989 	return mt7925_mcu_sta_cmd(&dev->mphy, &info);
1990 }
1991 
1992 int mt7925_mcu_set_beacon_filter(struct mt792x_dev *dev,
1993 				 struct ieee80211_vif *vif,
1994 				 bool enable)
1995 {
1996 #define MT7925_FIF_BIT_CLR		BIT(1)
1997 #define MT7925_FIF_BIT_SET		BIT(0)
1998 	int err = 0;
1999 
2000 	if (enable) {
2001 		err = mt7925_mcu_uni_bss_bcnft(dev, &vif->bss_conf, true);
2002 		if (err < 0)
2003 			return err;
2004 
2005 		return mt7925_mcu_set_rxfilter(dev, 0,
2006 					       MT7925_FIF_BIT_SET,
2007 					       MT_WF_RFCR_DROP_OTHER_BEACON);
2008 	}
2009 
2010 	err = mt7925_mcu_set_bss_pm(dev, &vif->bss_conf, false);
2011 	if (err < 0)
2012 		return err;
2013 
2014 	return mt7925_mcu_set_rxfilter(dev, 0,
2015 				       MT7925_FIF_BIT_CLR,
2016 				       MT_WF_RFCR_DROP_OTHER_BEACON);
2017 }
2018 
2019 int mt7925_get_txpwr_info(struct mt792x_dev *dev, u8 band_idx, struct mt7925_txpwr *txpwr)
2020 {
2021 #define TX_POWER_SHOW_INFO 0x7
2022 #define TXPOWER_ALL_RATE_POWER_INFO 0x2
2023 	struct mt7925_txpwr_event *event;
2024 	struct mt7925_txpwr_req req = {
2025 		.tag = cpu_to_le16(TX_POWER_SHOW_INFO),
2026 		.len = cpu_to_le16(sizeof(req) - 4),
2027 		.catg = TXPOWER_ALL_RATE_POWER_INFO,
2028 		.band_idx = band_idx,
2029 	};
2030 	struct sk_buff *skb;
2031 	int ret;
2032 
2033 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_UNI_CMD(TXPOWER),
2034 					&req, sizeof(req), true, &skb);
2035 	if (ret)
2036 		return ret;
2037 
2038 	event = (struct mt7925_txpwr_event *)skb->data;
2039 	memcpy(txpwr, &event->txpwr, sizeof(event->txpwr));
2040 
2041 	dev_kfree_skb(skb);
2042 
2043 	return 0;
2044 }
2045 
2046 int mt7925_mcu_set_sniffer(struct mt792x_dev *dev, struct ieee80211_vif *vif,
2047 			   bool enable)
2048 {
2049 	struct {
2050 		struct {
2051 			u8 band_idx;
2052 			u8 pad[3];
2053 		} __packed hdr;
2054 		struct sniffer_enable_tlv {
2055 			__le16 tag;
2056 			__le16 len;
2057 			u8 enable;
2058 			u8 pad[3];
2059 		} __packed enable;
2060 	} __packed req = {
2061 		.hdr = {
2062 			.band_idx = 0,
2063 		},
2064 		.enable = {
2065 			.tag = cpu_to_le16(UNI_SNIFFER_ENABLE),
2066 			.len = cpu_to_le16(sizeof(struct sniffer_enable_tlv)),
2067 			.enable = enable,
2068 		},
2069 	};
2070 
2071 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(SNIFFER), &req, sizeof(req),
2072 				 true);
2073 }
2074 
2075 int mt7925_mcu_config_sniffer(struct mt792x_vif *vif,
2076 			      struct ieee80211_chanctx_conf *ctx)
2077 {
2078 	struct mt76_phy *mphy = vif->phy->mt76;
2079 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def : &mphy->chandef;
2080 	int freq1 = chandef->center_freq1, freq2 = chandef->center_freq2;
2081 
2082 	static const u8 ch_band[] = {
2083 		[NL80211_BAND_2GHZ] = 1,
2084 		[NL80211_BAND_5GHZ] = 2,
2085 		[NL80211_BAND_6GHZ] = 3,
2086 	};
2087 	static const u8 ch_width[] = {
2088 		[NL80211_CHAN_WIDTH_20_NOHT] = 0,
2089 		[NL80211_CHAN_WIDTH_20] = 0,
2090 		[NL80211_CHAN_WIDTH_40] = 0,
2091 		[NL80211_CHAN_WIDTH_80] = 1,
2092 		[NL80211_CHAN_WIDTH_160] = 2,
2093 		[NL80211_CHAN_WIDTH_80P80] = 3,
2094 		[NL80211_CHAN_WIDTH_5] = 4,
2095 		[NL80211_CHAN_WIDTH_10] = 5,
2096 		[NL80211_CHAN_WIDTH_320] = 6,
2097 	};
2098 
2099 	struct {
2100 		struct {
2101 			u8 band_idx;
2102 			u8 pad[3];
2103 		} __packed hdr;
2104 		struct config_tlv {
2105 			__le16 tag;
2106 			__le16 len;
2107 			u16 aid;
2108 			u8 ch_band;
2109 			u8 bw;
2110 			u8 control_ch;
2111 			u8 sco;
2112 			u8 center_ch;
2113 			u8 center_ch2;
2114 			u8 drop_err;
2115 			u8 pad[3];
2116 		} __packed tlv;
2117 	} __packed req = {
2118 		.hdr = {
2119 			.band_idx = 0,
2120 		},
2121 		.tlv = {
2122 			.tag = cpu_to_le16(UNI_SNIFFER_CONFIG),
2123 			.len = cpu_to_le16(sizeof(req.tlv)),
2124 			.control_ch = chandef->chan->hw_value,
2125 			.center_ch = ieee80211_frequency_to_channel(freq1),
2126 			.drop_err = 1,
2127 		},
2128 	};
2129 
2130 	if (chandef->chan->band < ARRAY_SIZE(ch_band))
2131 		req.tlv.ch_band = ch_band[chandef->chan->band];
2132 	if (chandef->width < ARRAY_SIZE(ch_width))
2133 		req.tlv.bw = ch_width[chandef->width];
2134 
2135 	if (freq2)
2136 		req.tlv.center_ch2 = ieee80211_frequency_to_channel(freq2);
2137 
2138 	if (req.tlv.control_ch < req.tlv.center_ch)
2139 		req.tlv.sco = 1; /* SCA */
2140 	else if (req.tlv.control_ch > req.tlv.center_ch)
2141 		req.tlv.sco = 3; /* SCB */
2142 
2143 	return mt76_mcu_send_msg(mphy->dev, MCU_UNI_CMD(SNIFFER),
2144 				 &req, sizeof(req), true);
2145 }
2146 
2147 int
2148 mt7925_mcu_uni_add_beacon_offload(struct mt792x_dev *dev,
2149 				  struct ieee80211_hw *hw,
2150 				  struct ieee80211_vif *vif,
2151 				  bool enable)
2152 {
2153 	struct mt792x_vif *mvif = (struct mt792x_vif *)vif->drv_priv;
2154 	struct ieee80211_mutable_offsets offs;
2155 	struct {
2156 		struct req_hdr {
2157 			u8 bss_idx;
2158 			u8 pad[3];
2159 		} __packed hdr;
2160 		struct bcn_content_tlv {
2161 			__le16 tag;
2162 			__le16 len;
2163 			__le16 tim_ie_pos;
2164 			__le16 csa_ie_pos;
2165 			__le16 bcc_ie_pos;
2166 			/* 0: disable beacon offload
2167 			 * 1: enable beacon offload
2168 			 * 2: update probe respond offload
2169 			 */
2170 			u8 enable;
2171 			/* 0: legacy format (TXD + payload)
2172 			 * 1: only cap field IE
2173 			 */
2174 			u8 type;
2175 			__le16 pkt_len;
2176 			u8 pkt[512];
2177 		} __packed beacon_tlv;
2178 	} req = {
2179 		.hdr = {
2180 			.bss_idx = mvif->bss_conf.mt76.idx,
2181 		},
2182 		.beacon_tlv = {
2183 			.tag = cpu_to_le16(UNI_BSS_INFO_BCN_CONTENT),
2184 			.len = cpu_to_le16(sizeof(struct bcn_content_tlv)),
2185 			.enable = enable,
2186 			.type = 1,
2187 		},
2188 	};
2189 	struct sk_buff *skb;
2190 	u8 cap_offs;
2191 
2192 	/* support enable/update process only
2193 	 * disable flow would be handled in bss stop handler automatically
2194 	 */
2195 	if (!enable)
2196 		return -EOPNOTSUPP;
2197 
2198 	skb = ieee80211_beacon_get_template(mt76_hw(dev), vif, &offs, 0);
2199 	if (!skb)
2200 		return -EINVAL;
2201 
2202 	cap_offs = offsetof(struct ieee80211_mgmt, u.beacon.capab_info);
2203 	if (!skb_pull(skb, cap_offs)) {
2204 		dev_err(dev->mt76.dev, "beacon format err\n");
2205 		dev_kfree_skb(skb);
2206 		return -EINVAL;
2207 	}
2208 
2209 	if (skb->len > 512) {
2210 		dev_err(dev->mt76.dev, "beacon size limit exceed\n");
2211 		dev_kfree_skb(skb);
2212 		return -EINVAL;
2213 	}
2214 
2215 	memcpy(req.beacon_tlv.pkt, skb->data, skb->len);
2216 	req.beacon_tlv.pkt_len = cpu_to_le16(skb->len);
2217 	offs.tim_offset -= cap_offs;
2218 	req.beacon_tlv.tim_ie_pos = cpu_to_le16(offs.tim_offset);
2219 
2220 	if (offs.cntdwn_counter_offs[0]) {
2221 		u16 csa_offs;
2222 
2223 		csa_offs = offs.cntdwn_counter_offs[0] - cap_offs - 4;
2224 		req.beacon_tlv.csa_ie_pos = cpu_to_le16(csa_offs);
2225 	}
2226 	dev_kfree_skb(skb);
2227 
2228 	return mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD(BSS_INFO_UPDATE),
2229 				 &req, sizeof(req), true);
2230 }
2231 
2232 static
2233 void mt7925_mcu_bss_rlm_tlv(struct sk_buff *skb, struct mt76_phy *phy,
2234 			    struct ieee80211_bss_conf *link_conf,
2235 			    struct ieee80211_chanctx_conf *ctx)
2236 {
2237 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def :
2238 						  &link_conf->chanreq.oper;
2239 	int freq1 = chandef->center_freq1, freq2 = chandef->center_freq2;
2240 	enum nl80211_band band = chandef->chan->band;
2241 	struct bss_rlm_tlv *req;
2242 	struct tlv *tlv;
2243 
2244 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_RLM, sizeof(*req));
2245 	req = (struct bss_rlm_tlv *)tlv;
2246 	req->control_channel = chandef->chan->hw_value;
2247 	req->center_chan = ieee80211_frequency_to_channel(freq1);
2248 	req->center_chan2 = 0;
2249 	req->tx_streams = hweight8(phy->antenna_mask);
2250 	req->ht_op_info = 4; /* set HT 40M allowed */
2251 	req->rx_streams = hweight8(phy->antenna_mask);
2252 	req->center_chan2 = 0;
2253 	req->sco = 0;
2254 	req->band = 1;
2255 
2256 	switch (band) {
2257 	case NL80211_BAND_2GHZ:
2258 		req->band = 1;
2259 		break;
2260 	case NL80211_BAND_5GHZ:
2261 		req->band = 2;
2262 		break;
2263 	case NL80211_BAND_6GHZ:
2264 		req->band = 3;
2265 		break;
2266 	default:
2267 		break;
2268 	}
2269 
2270 	switch (chandef->width) {
2271 	case NL80211_CHAN_WIDTH_40:
2272 		req->bw = CMD_CBW_40MHZ;
2273 		break;
2274 	case NL80211_CHAN_WIDTH_80:
2275 		req->bw = CMD_CBW_80MHZ;
2276 		break;
2277 	case NL80211_CHAN_WIDTH_80P80:
2278 		req->bw = CMD_CBW_8080MHZ;
2279 		req->center_chan2 = ieee80211_frequency_to_channel(freq2);
2280 		break;
2281 	case NL80211_CHAN_WIDTH_160:
2282 		req->bw = CMD_CBW_160MHZ;
2283 		break;
2284 	case NL80211_CHAN_WIDTH_5:
2285 		req->bw = CMD_CBW_5MHZ;
2286 		break;
2287 	case NL80211_CHAN_WIDTH_10:
2288 		req->bw = CMD_CBW_10MHZ;
2289 		break;
2290 	case NL80211_CHAN_WIDTH_20_NOHT:
2291 	case NL80211_CHAN_WIDTH_20:
2292 	default:
2293 		req->bw = CMD_CBW_20MHZ;
2294 		req->ht_op_info = 0;
2295 		break;
2296 	}
2297 
2298 	if (req->control_channel < req->center_chan)
2299 		req->sco = 1; /* SCA */
2300 	else if (req->control_channel > req->center_chan)
2301 		req->sco = 3; /* SCB */
2302 }
2303 
2304 static struct sk_buff *
2305 __mt7925_mcu_alloc_bss_req(struct mt76_dev *dev, struct mt76_vif_link *mvif, int len)
2306 {
2307 	struct bss_req_hdr hdr = {
2308 		.bss_idx = mvif->idx,
2309 	};
2310 	struct sk_buff *skb;
2311 
2312 	skb = mt76_mcu_msg_alloc(dev, NULL, len);
2313 	if (!skb)
2314 		return ERR_PTR(-ENOMEM);
2315 
2316 	skb_put_data(skb, &hdr, sizeof(hdr));
2317 
2318 	return skb;
2319 }
2320 
2321 static
2322 void mt7925_mcu_bss_eht_tlv(struct sk_buff *skb, struct mt76_phy *phy,
2323 			    struct ieee80211_bss_conf *link_conf,
2324 			    struct ieee80211_chanctx_conf *ctx)
2325 {
2326 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def :
2327 						  &link_conf->chanreq.oper;
2328 
2329 	struct bss_eht_tlv *req;
2330 	struct tlv *tlv;
2331 
2332 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_EHT, sizeof(*req));
2333 	req = (struct bss_eht_tlv *)tlv;
2334 	req->is_eth_dscb_present = chandef->punctured ? 1 : 0;
2335 	req->eht_dis_sub_chan_bitmap = cpu_to_le16(chandef->punctured);
2336 }
2337 
2338 int mt7925_mcu_set_eht_pp(struct mt76_phy *phy, struct mt76_vif_link *mvif,
2339 			  struct ieee80211_bss_conf *link_conf,
2340 			  struct ieee80211_chanctx_conf *ctx)
2341 {
2342 	struct sk_buff *skb;
2343 
2344 	skb = __mt7925_mcu_alloc_bss_req(phy->dev, mvif,
2345 					 MT7925_BSS_UPDATE_MAX_SIZE);
2346 	if (IS_ERR(skb))
2347 		return PTR_ERR(skb);
2348 
2349 	mt7925_mcu_bss_eht_tlv(skb, phy, link_conf, ctx);
2350 
2351 	return mt76_mcu_skb_send_msg(phy->dev, skb,
2352 				     MCU_UNI_CMD(BSS_INFO_UPDATE), true);
2353 }
2354 
2355 int mt7925_mcu_set_chctx(struct mt76_phy *phy, struct mt76_vif_link *mvif,
2356 			 struct ieee80211_bss_conf *link_conf,
2357 			 struct ieee80211_chanctx_conf *ctx)
2358 {
2359 	struct sk_buff *skb;
2360 
2361 	skb = __mt7925_mcu_alloc_bss_req(phy->dev, mvif,
2362 					 MT7925_BSS_UPDATE_MAX_SIZE);
2363 	if (IS_ERR(skb))
2364 		return PTR_ERR(skb);
2365 
2366 	mt7925_mcu_bss_rlm_tlv(skb, phy, link_conf, ctx);
2367 
2368 	return mt76_mcu_skb_send_msg(phy->dev, skb,
2369 				     MCU_UNI_CMD(BSS_INFO_UPDATE), true);
2370 }
2371 
2372 static u8
2373 mt7925_get_phy_mode_ext(struct mt76_phy *phy, struct ieee80211_vif *vif,
2374 			enum nl80211_band band,
2375 			struct ieee80211_link_sta *link_sta)
2376 {
2377 	struct ieee80211_he_6ghz_capa *he_6ghz_capa;
2378 	const struct ieee80211_sta_eht_cap *eht_cap;
2379 	__le16 capa = 0;
2380 	u8 mode = 0;
2381 
2382 	if (link_sta) {
2383 		he_6ghz_capa = &link_sta->he_6ghz_capa;
2384 		eht_cap = &link_sta->eht_cap;
2385 	} else {
2386 		struct ieee80211_supported_band *sband;
2387 
2388 		sband = phy->hw->wiphy->bands[band];
2389 		capa = ieee80211_get_he_6ghz_capa(sband, vif->type);
2390 		he_6ghz_capa = (struct ieee80211_he_6ghz_capa *)&capa;
2391 
2392 		eht_cap = ieee80211_get_eht_iftype_cap(sband, vif->type);
2393 	}
2394 
2395 	switch (band) {
2396 	case NL80211_BAND_2GHZ:
2397 		if (eht_cap && eht_cap->has_eht)
2398 			mode |= PHY_MODE_BE_24G;
2399 		break;
2400 	case NL80211_BAND_5GHZ:
2401 		if (eht_cap && eht_cap->has_eht)
2402 			mode |= PHY_MODE_BE_5G;
2403 		break;
2404 	case NL80211_BAND_6GHZ:
2405 		if (he_6ghz_capa && he_6ghz_capa->capa)
2406 			mode |= PHY_MODE_AX_6G;
2407 
2408 		if (eht_cap && eht_cap->has_eht)
2409 			mode |= PHY_MODE_BE_6G;
2410 		break;
2411 	default:
2412 		break;
2413 	}
2414 
2415 	return mode;
2416 }
2417 
2418 static void
2419 mt7925_mcu_bss_basic_tlv(struct sk_buff *skb,
2420 			 struct ieee80211_bss_conf *link_conf,
2421 			 struct ieee80211_link_sta *link_sta,
2422 			 struct ieee80211_chanctx_conf *ctx,
2423 			 struct mt76_phy *phy, u16 wlan_idx,
2424 			 bool enable)
2425 {
2426 	struct ieee80211_vif *vif = link_conf->vif;
2427 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2428 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def :
2429 						  &link_conf->chanreq.oper;
2430 	enum nl80211_band band = chandef->chan->band;
2431 	struct mt76_connac_bss_basic_tlv *basic_req;
2432 	struct mt792x_link_sta *mlink;
2433 	struct tlv *tlv;
2434 	int conn_type;
2435 	u8 idx;
2436 
2437 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_BASIC, sizeof(*basic_req));
2438 	basic_req = (struct mt76_connac_bss_basic_tlv *)tlv;
2439 
2440 	idx = mconf->mt76.omac_idx > EXT_BSSID_START ? HW_BSSID_0 :
2441 						      mconf->mt76.omac_idx;
2442 	basic_req->hw_bss_idx = idx;
2443 
2444 	basic_req->phymode_ext = mt7925_get_phy_mode_ext(phy, vif, band,
2445 							 link_sta);
2446 
2447 	if (band == NL80211_BAND_2GHZ)
2448 		basic_req->nonht_basic_phy = cpu_to_le16(PHY_TYPE_ERP_INDEX);
2449 	else
2450 		basic_req->nonht_basic_phy = cpu_to_le16(PHY_TYPE_OFDM_INDEX);
2451 
2452 	memcpy(basic_req->bssid, link_conf->bssid, ETH_ALEN);
2453 	basic_req->phymode = mt76_connac_get_phy_mode(phy, vif, band, link_sta);
2454 	basic_req->bcn_interval = cpu_to_le16(link_conf->beacon_int);
2455 	basic_req->dtim_period = link_conf->dtim_period;
2456 	basic_req->bmc_tx_wlan_idx = cpu_to_le16(wlan_idx);
2457 	basic_req->link_idx = mconf->mt76.idx;
2458 
2459 	if (link_sta) {
2460 		struct mt792x_sta *msta;
2461 
2462 		msta = (struct mt792x_sta *)link_sta->sta->drv_priv;
2463 		mlink = mt792x_sta_to_link(msta, link_sta->link_id);
2464 
2465 	} else {
2466 		mlink = &mconf->vif->sta.deflink;
2467 	}
2468 
2469 	basic_req->sta_idx = cpu_to_le16(mlink->wcid.idx);
2470 	basic_req->omac_idx = mconf->mt76.omac_idx;
2471 	basic_req->band_idx = mconf->mt76.band_idx;
2472 	basic_req->wmm_idx = mconf->mt76.wmm_idx;
2473 	basic_req->conn_state = !enable;
2474 
2475 	switch (vif->type) {
2476 	case NL80211_IFTYPE_MESH_POINT:
2477 	case NL80211_IFTYPE_AP:
2478 		if (vif->p2p)
2479 			conn_type = CONNECTION_P2P_GO;
2480 		else
2481 			conn_type = CONNECTION_INFRA_AP;
2482 		basic_req->conn_type = cpu_to_le32(conn_type);
2483 		basic_req->active = enable;
2484 		break;
2485 	case NL80211_IFTYPE_STATION:
2486 		if (vif->p2p)
2487 			conn_type = CONNECTION_P2P_GC;
2488 		else
2489 			conn_type = CONNECTION_INFRA_STA;
2490 		basic_req->conn_type = cpu_to_le32(conn_type);
2491 		basic_req->active = true;
2492 		break;
2493 	case NL80211_IFTYPE_ADHOC:
2494 		basic_req->conn_type = cpu_to_le32(CONNECTION_IBSS_ADHOC);
2495 		basic_req->active = true;
2496 		break;
2497 	default:
2498 		WARN_ON(1);
2499 		break;
2500 	}
2501 }
2502 
2503 static void
2504 mt7925_mcu_bss_sec_tlv(struct sk_buff *skb,
2505 		       struct ieee80211_bss_conf *link_conf)
2506 {
2507 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2508 	struct mt76_vif_link *mvif = &mconf->mt76;
2509 	struct bss_sec_tlv {
2510 		__le16 tag;
2511 		__le16 len;
2512 		u8 mode;
2513 		u8 status;
2514 		u8 cipher;
2515 		u8 __rsv;
2516 	} __packed * sec;
2517 	struct tlv *tlv;
2518 
2519 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_SEC, sizeof(*sec));
2520 	sec = (struct bss_sec_tlv *)tlv;
2521 
2522 	switch (mvif->cipher) {
2523 	case CONNAC3_CIPHER_GCMP_256:
2524 	case CONNAC3_CIPHER_GCMP:
2525 		sec->mode = MODE_WPA3_SAE;
2526 		sec->status = 8;
2527 		break;
2528 	case CONNAC3_CIPHER_AES_CCMP:
2529 		sec->mode = MODE_WPA2_PSK;
2530 		sec->status = 6;
2531 		break;
2532 	case CONNAC3_CIPHER_TKIP:
2533 		sec->mode = MODE_WPA2_PSK;
2534 		sec->status = 4;
2535 		break;
2536 	case CONNAC3_CIPHER_WEP104:
2537 	case CONNAC3_CIPHER_WEP40:
2538 		sec->mode = MODE_SHARED;
2539 		sec->status = 0;
2540 		break;
2541 	default:
2542 		sec->mode = MODE_OPEN;
2543 		sec->status = 1;
2544 		break;
2545 	}
2546 
2547 	sec->cipher = mvif->cipher;
2548 }
2549 
2550 static void
2551 mt7925_mcu_bss_bmc_tlv(struct sk_buff *skb, struct mt792x_phy *phy,
2552 		       struct ieee80211_chanctx_conf *ctx,
2553 		       struct ieee80211_bss_conf *link_conf)
2554 {
2555 	struct cfg80211_chan_def *chandef = ctx ? &ctx->def :
2556 						  &link_conf->chanreq.oper;
2557 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2558 	enum nl80211_band band = chandef->chan->band;
2559 	struct mt76_vif_link *mvif = &mconf->mt76;
2560 	struct bss_rate_tlv *bmc;
2561 	struct tlv *tlv;
2562 	u8 idx = mvif->mcast_rates_idx ?
2563 		 mvif->mcast_rates_idx : mvif->basic_rates_idx;
2564 
2565 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_RATE, sizeof(*bmc));
2566 
2567 	bmc = (struct bss_rate_tlv *)tlv;
2568 
2569 	if (band == NL80211_BAND_2GHZ)
2570 		bmc->basic_rate = cpu_to_le16(HR_DSSS_ERP_BASIC_RATE);
2571 	else
2572 		bmc->basic_rate = cpu_to_le16(OFDM_BASIC_RATE);
2573 
2574 	bmc->short_preamble = (band == NL80211_BAND_2GHZ);
2575 	bmc->bc_fixed_rate = idx;
2576 	bmc->mc_fixed_rate = idx;
2577 }
2578 
2579 static void
2580 mt7925_mcu_bss_mld_tlv(struct sk_buff *skb,
2581 		       struct ieee80211_bss_conf *link_conf)
2582 {
2583 	struct ieee80211_vif *vif = link_conf->vif;
2584 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2585 	struct mt792x_vif *mvif = (struct mt792x_vif *)link_conf->vif->drv_priv;
2586 	struct mt792x_phy *phy = mvif->phy;
2587 	struct bss_mld_tlv *mld;
2588 	struct tlv *tlv;
2589 	bool is_mld;
2590 
2591 	is_mld = ieee80211_vif_is_mld(link_conf->vif) ||
2592 		 (hweight16(mvif->valid_links) > 1);
2593 
2594 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_MLD, sizeof(*mld));
2595 	mld = (struct bss_mld_tlv *)tlv;
2596 
2597 	mld->link_id = is_mld ? link_conf->link_id : 0xff;
2598 	/* apply the index of the primary link */
2599 	mld->group_mld_id = is_mld ? mvif->bss_conf.mt76.idx : 0xff;
2600 	mld->own_mld_id = mconf->mt76.idx + 32;
2601 	mld->remap_idx = 0xff;
2602 
2603 	if (phy->chip_cap & MT792x_CHIP_CAP_MLO_EML_EN) {
2604 		mld->eml_enable = !!(link_conf->vif->cfg.eml_cap &
2605 				     IEEE80211_EML_CAP_EMLSR_SUPP);
2606 	} else {
2607 		mld->eml_enable = 0;
2608 	}
2609 
2610 	memcpy(mld->mac_addr, vif->addr, ETH_ALEN);
2611 }
2612 
2613 static void
2614 mt7925_mcu_bss_qos_tlv(struct sk_buff *skb, struct ieee80211_bss_conf *link_conf)
2615 {
2616 	struct mt76_connac_bss_qos_tlv *qos;
2617 	struct tlv *tlv;
2618 
2619 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_QBSS, sizeof(*qos));
2620 	qos = (struct mt76_connac_bss_qos_tlv *)tlv;
2621 	qos->qos = link_conf->qos;
2622 }
2623 
2624 static void
2625 mt7925_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_bss_conf *link_conf,
2626 		      struct mt792x_phy *phy)
2627 {
2628 #define DEFAULT_HE_PE_DURATION		4
2629 #define DEFAULT_HE_DURATION_RTS_THRES	1023
2630 	const struct ieee80211_sta_he_cap *cap;
2631 	struct bss_info_uni_he *he;
2632 	struct tlv *tlv;
2633 
2634 	cap = mt76_connac_get_he_phy_cap(phy->mt76, link_conf->vif);
2635 
2636 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_HE_BASIC, sizeof(*he));
2637 
2638 	he = (struct bss_info_uni_he *)tlv;
2639 	he->he_pe_duration = link_conf->htc_trig_based_pkt_ext;
2640 	if (!he->he_pe_duration)
2641 		he->he_pe_duration = DEFAULT_HE_PE_DURATION;
2642 
2643 	he->he_rts_thres = cpu_to_le16(link_conf->frame_time_rts_th);
2644 	if (!he->he_rts_thres)
2645 		he->he_rts_thres = cpu_to_le16(DEFAULT_HE_DURATION_RTS_THRES);
2646 
2647 	he->max_nss_mcs[CMD_HE_MCS_BW80] = cap->he_mcs_nss_supp.tx_mcs_80;
2648 	he->max_nss_mcs[CMD_HE_MCS_BW160] = cap->he_mcs_nss_supp.tx_mcs_160;
2649 	he->max_nss_mcs[CMD_HE_MCS_BW8080] = cap->he_mcs_nss_supp.tx_mcs_80p80;
2650 }
2651 
2652 static void
2653 mt7925_mcu_bss_color_tlv(struct sk_buff *skb, struct ieee80211_bss_conf *link_conf,
2654 			 bool enable)
2655 {
2656 	struct bss_info_uni_bss_color *color;
2657 	struct tlv *tlv;
2658 
2659 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_BSS_COLOR, sizeof(*color));
2660 	color = (struct bss_info_uni_bss_color *)tlv;
2661 
2662 	color->enable = enable ?
2663 		link_conf->he_bss_color.enabled : 0;
2664 	color->bss_color = enable ?
2665 		link_conf->he_bss_color.color : 0;
2666 }
2667 
2668 static void
2669 mt7925_mcu_bss_ifs_tlv(struct sk_buff *skb,
2670 		       struct ieee80211_bss_conf *link_conf)
2671 {
2672 	struct mt792x_vif *mvif = (struct mt792x_vif *)link_conf->vif->drv_priv;
2673 	struct mt792x_phy *phy = mvif->phy;
2674 	struct bss_ifs_time_tlv *ifs_time;
2675 	struct tlv *tlv;
2676 
2677 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_IFS_TIME, sizeof(*ifs_time));
2678 	ifs_time = (struct bss_ifs_time_tlv *)tlv;
2679 	ifs_time->slot_valid = true;
2680 	ifs_time->slot_time = cpu_to_le16(phy->slottime);
2681 }
2682 
2683 int mt7925_mcu_set_timing(struct mt792x_phy *phy,
2684 			  struct ieee80211_bss_conf *link_conf)
2685 {
2686 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2687 	struct mt792x_dev *dev = phy->dev;
2688 	struct sk_buff *skb;
2689 
2690 	skb = __mt7925_mcu_alloc_bss_req(&dev->mt76, &mconf->mt76,
2691 					 MT7925_BSS_UPDATE_MAX_SIZE);
2692 	if (IS_ERR(skb))
2693 		return PTR_ERR(skb);
2694 
2695 	mt7925_mcu_bss_ifs_tlv(skb, link_conf);
2696 
2697 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2698 				     MCU_UNI_CMD(BSS_INFO_UPDATE), true);
2699 }
2700 
2701 void mt7925_mcu_del_dev(struct mt76_dev *mdev,
2702 			struct ieee80211_vif *vif)
2703 {
2704 	struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv;
2705 	struct {
2706 		struct {
2707 			u8 omac_idx;
2708 			u8 band_idx;
2709 			__le16 pad;
2710 		} __packed hdr;
2711 		struct req_tlv {
2712 			__le16 tag;
2713 			__le16 len;
2714 			u8 active;
2715 			u8 link_idx; /* hw link idx */
2716 			u8 omac_addr[ETH_ALEN];
2717 		} __packed tlv;
2718 	} dev_req = {
2719 		.tlv = {
2720 			.tag = cpu_to_le16(DEV_INFO_ACTIVE),
2721 			.len = cpu_to_le16(sizeof(struct req_tlv)),
2722 			.active = true,
2723 		},
2724 	};
2725 	struct {
2726 		struct {
2727 			u8 bss_idx;
2728 			u8 pad[3];
2729 		} __packed hdr;
2730 		struct mt76_connac_bss_basic_tlv basic;
2731 	} basic_req = {
2732 		.basic = {
2733 			.tag = cpu_to_le16(UNI_BSS_INFO_BASIC),
2734 			.len = cpu_to_le16(sizeof(struct mt76_connac_bss_basic_tlv)),
2735 			.active = true,
2736 			.conn_state = 1,
2737 		},
2738 	};
2739 
2740 	dev_req.hdr.omac_idx = mvif->omac_idx;
2741 	dev_req.hdr.band_idx = mvif->band_idx;
2742 
2743 	basic_req.hdr.bss_idx = mvif->idx;
2744 	basic_req.basic.omac_idx = mvif->omac_idx;
2745 	basic_req.basic.band_idx = mvif->band_idx;
2746 	basic_req.basic.link_idx = mvif->link_idx;
2747 
2748 	mt76_mcu_send_msg(mdev, MCU_UNI_CMD(BSS_INFO_UPDATE),
2749 			  &basic_req, sizeof(basic_req), true);
2750 
2751 	/* recovery omac address for the legacy interface */
2752 	memcpy(dev_req.tlv.omac_addr, vif->addr, ETH_ALEN);
2753 	mt76_mcu_send_msg(mdev, MCU_UNI_CMD(DEV_INFO_UPDATE),
2754 			  &dev_req, sizeof(dev_req), true);
2755 }
2756 
2757 int mt7925_mcu_add_bss_info(struct mt792x_phy *phy,
2758 			    struct ieee80211_chanctx_conf *ctx,
2759 			    struct ieee80211_bss_conf *link_conf,
2760 			    struct ieee80211_link_sta *link_sta,
2761 			    int enable)
2762 {
2763 	struct mt792x_vif *mvif = (struct mt792x_vif *)link_conf->vif->drv_priv;
2764 	struct mt792x_bss_conf *mconf = mt792x_link_conf_to_mconf(link_conf);
2765 	struct mt792x_dev *dev = phy->dev;
2766 	struct mt792x_link_sta *mlink_bc;
2767 	struct sk_buff *skb;
2768 
2769 	skb = __mt7925_mcu_alloc_bss_req(&dev->mt76, &mconf->mt76,
2770 					 MT7925_BSS_UPDATE_MAX_SIZE);
2771 	if (IS_ERR(skb))
2772 		return PTR_ERR(skb);
2773 
2774 	mlink_bc = mt792x_sta_to_link(&mvif->sta, mconf->link_id);
2775 
2776 	/* bss_basic must be first */
2777 	mt7925_mcu_bss_basic_tlv(skb, link_conf, link_sta, ctx, phy->mt76,
2778 				 mlink_bc->wcid.idx, enable);
2779 	mt7925_mcu_bss_sec_tlv(skb, link_conf);
2780 	mt7925_mcu_bss_bmc_tlv(skb, phy, ctx, link_conf);
2781 	mt7925_mcu_bss_qos_tlv(skb, link_conf);
2782 	mt7925_mcu_bss_mld_tlv(skb, link_conf);
2783 	mt7925_mcu_bss_ifs_tlv(skb, link_conf);
2784 
2785 	if (link_conf->he_support) {
2786 		mt7925_mcu_bss_he_tlv(skb, link_conf, phy);
2787 		mt7925_mcu_bss_color_tlv(skb, link_conf, enable);
2788 	}
2789 
2790 	if (enable)
2791 		mt7925_mcu_bss_rlm_tlv(skb, phy->mt76, link_conf, ctx);
2792 
2793 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2794 				     MCU_UNI_CMD(BSS_INFO_UPDATE), true);
2795 }
2796 
2797 int mt7925_mcu_set_dbdc(struct mt76_phy *phy, bool enable)
2798 {
2799 	struct mt76_dev *mdev = phy->dev;
2800 
2801 	struct mbmc_conf_tlv *conf;
2802 	struct mbmc_set_req *hdr;
2803 	struct sk_buff *skb;
2804 	struct tlv *tlv;
2805 	int max_len, err;
2806 
2807 	max_len = sizeof(*hdr) + sizeof(*conf);
2808 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2809 	if (!skb)
2810 		return -ENOMEM;
2811 
2812 	hdr = (struct mbmc_set_req *)skb_put(skb, sizeof(*hdr));
2813 
2814 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_MBMC_SETTING, sizeof(*conf));
2815 	conf = (struct mbmc_conf_tlv *)tlv;
2816 
2817 	conf->mbmc_en = enable;
2818 	conf->band = 0; /* unused */
2819 
2820 	err = mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SET_DBDC_PARMS),
2821 				    true);
2822 
2823 	return err;
2824 }
2825 
2826 static void
2827 mt7925_mcu_build_scan_ie_tlv(struct mt76_dev *mdev,
2828 			     struct sk_buff *skb,
2829 			     struct ieee80211_scan_ies *scan_ies)
2830 {
2831 	u32 max_len = sizeof(struct scan_ie_tlv) + MT76_CONNAC_SCAN_IE_LEN;
2832 	struct scan_ie_tlv *ie;
2833 	enum nl80211_band i;
2834 	struct tlv *tlv;
2835 	const u8 *ies;
2836 	u16 ies_len;
2837 
2838 	for (i = 0; i <= NL80211_BAND_6GHZ; i++) {
2839 		if (i == NL80211_BAND_60GHZ)
2840 			continue;
2841 
2842 		ies = scan_ies->ies[i];
2843 		ies_len = scan_ies->len[i];
2844 
2845 		if (!ies || !ies_len)
2846 			continue;
2847 
2848 		if (ies_len > max_len)
2849 			return;
2850 
2851 		tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE,
2852 					      sizeof(*ie) + ies_len);
2853 		ie = (struct scan_ie_tlv *)tlv;
2854 
2855 		memcpy(ie->ies, ies, ies_len);
2856 		ie->ies_len = cpu_to_le16(ies_len);
2857 
2858 		switch (i) {
2859 		case NL80211_BAND_2GHZ:
2860 			ie->band = 1;
2861 			break;
2862 		case NL80211_BAND_6GHZ:
2863 			ie->band = 3;
2864 			break;
2865 		default:
2866 			ie->band = 2;
2867 			break;
2868 		}
2869 
2870 		max_len -= (sizeof(*ie) + ies_len);
2871 	}
2872 }
2873 
2874 int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif,
2875 		       struct ieee80211_scan_request *scan_req)
2876 {
2877 	struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv;
2878 	struct cfg80211_scan_request *sreq = &scan_req->req;
2879 	int n_ssids = 0, err, i;
2880 	struct ieee80211_channel **scan_list = sreq->channels;
2881 	struct mt76_dev *mdev = phy->dev;
2882 	struct mt76_connac_mcu_scan_channel *chan;
2883 	struct sk_buff *skb;
2884 	struct scan_hdr_tlv *hdr;
2885 	struct scan_req_tlv *req;
2886 	struct scan_ssid_tlv *ssid;
2887 	struct scan_bssid_tlv *bssid;
2888 	struct scan_chan_info_tlv *chan_info;
2889 	struct scan_ie_tlv *ie;
2890 	struct scan_misc_tlv *misc;
2891 	struct tlv *tlv;
2892 	int max_len;
2893 
2894 	if (test_bit(MT76_HW_SCANNING, &phy->state))
2895 		return -EBUSY;
2896 
2897 	max_len = sizeof(*hdr) + sizeof(*req) + sizeof(*ssid) +
2898 		  sizeof(*bssid) * MT7925_RNR_SCAN_MAX_BSSIDS +
2899 		  sizeof(*chan_info) + sizeof(*misc) + sizeof(*ie) +
2900 		  MT76_CONNAC_SCAN_IE_LEN;
2901 
2902 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
2903 	if (!skb)
2904 		return -ENOMEM;
2905 
2906 	set_bit(MT76_HW_SCANNING, &phy->state);
2907 	mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
2908 
2909 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
2910 	hdr->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
2911 	hdr->bss_idx = mvif->idx;
2912 
2913 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_REQ, sizeof(*req));
2914 	req = (struct scan_req_tlv *)tlv;
2915 	req->scan_type = sreq->n_ssids ? 1 : 0;
2916 	req->probe_req_num = sreq->n_ssids ? 2 : 0;
2917 
2918 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID, sizeof(*ssid));
2919 	ssid = (struct scan_ssid_tlv *)tlv;
2920 	for (i = 0; i < sreq->n_ssids; i++) {
2921 		if (!sreq->ssids[i].ssid_len)
2922 			continue;
2923 		if (i >= MT7925_RNR_SCAN_MAX_BSSIDS)
2924 			break;
2925 
2926 		ssid->ssids[n_ssids].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len);
2927 		memcpy(ssid->ssids[n_ssids].ssid, sreq->ssids[i].ssid,
2928 		       sreq->ssids[i].ssid_len);
2929 		n_ssids++;
2930 	}
2931 	ssid->ssid_type = n_ssids ? BIT(2) : BIT(0);
2932 	ssid->ssids_num = n_ssids;
2933 
2934 	if (sreq->n_6ghz_params) {
2935 		u8 j;
2936 
2937 		mt76_connac_mcu_build_rnr_scan_param(mdev, sreq);
2938 
2939 		for (j = 0; j < mdev->rnr.bssid_num; j++) {
2940 			if (j >= MT7925_RNR_SCAN_MAX_BSSIDS)
2941 				break;
2942 
2943 			tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_BSSID,
2944 						      sizeof(*bssid));
2945 			bssid = (struct scan_bssid_tlv *)tlv;
2946 
2947 			ether_addr_copy(bssid->bssid, mdev->rnr.bssid[j]);
2948 			bssid->match_ch = mdev->rnr.channel[j];
2949 			bssid->match_ssid_ind = MT7925_RNR_SCAN_MAX_BSSIDS;
2950 			bssid->match_short_ssid_ind = MT7925_RNR_SCAN_MAX_BSSIDS;
2951 		}
2952 		req->scan_func |= SCAN_FUNC_RNR_SCAN;
2953 	} else {
2954 		tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_BSSID, sizeof(*bssid));
2955 		bssid = (struct scan_bssid_tlv *)tlv;
2956 
2957 		ether_addr_copy(bssid->bssid, sreq->bssid);
2958 	}
2959 
2960 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_CHANNEL, sizeof(*chan_info));
2961 	chan_info = (struct scan_chan_info_tlv *)tlv;
2962 	chan_info->channels_num = min_t(u8, sreq->n_channels,
2963 					ARRAY_SIZE(chan_info->channels));
2964 	for (i = 0; i < chan_info->channels_num; i++) {
2965 		chan = &chan_info->channels[i];
2966 
2967 		switch (scan_list[i]->band) {
2968 		case NL80211_BAND_2GHZ:
2969 			chan->band = 1;
2970 			break;
2971 		case NL80211_BAND_6GHZ:
2972 			chan->band = 3;
2973 			break;
2974 		default:
2975 			chan->band = 2;
2976 			break;
2977 		}
2978 		chan->channel_num = scan_list[i]->hw_value;
2979 	}
2980 	chan_info->channel_type = sreq->n_channels ? 4 : 0;
2981 
2982 	req->scan_func |= SCAN_FUNC_SPLIT_SCAN;
2983 
2984 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_MISC, sizeof(*misc));
2985 	misc = (struct scan_misc_tlv *)tlv;
2986 	if (sreq->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
2987 		get_random_mask_addr(misc->random_mac, sreq->mac_addr,
2988 				     sreq->mac_addr_mask);
2989 		req->scan_func |= SCAN_FUNC_RANDOM_MAC;
2990 	}
2991 
2992 	/* Append scan probe IEs as the last tlv */
2993 	mt7925_mcu_build_scan_ie_tlv(mdev, skb, &scan_req->ies);
2994 
2995 	err = mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
2996 				    true);
2997 	if (err < 0)
2998 		clear_bit(MT76_HW_SCANNING, &phy->state);
2999 
3000 	return err;
3001 }
3002 EXPORT_SYMBOL_GPL(mt7925_mcu_hw_scan);
3003 
3004 int mt7925_mcu_sched_scan_req(struct mt76_phy *phy,
3005 			      struct ieee80211_vif *vif,
3006 			      struct cfg80211_sched_scan_request *sreq,
3007 			      struct ieee80211_scan_ies *ies)
3008 {
3009 	struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv;
3010 	struct ieee80211_channel **scan_list = sreq->channels;
3011 	struct mt76_connac_mcu_scan_channel *chan;
3012 	struct mt76_dev *mdev = phy->dev;
3013 	struct cfg80211_match_set *cfg_match;
3014 	struct cfg80211_ssid *cfg_ssid;
3015 
3016 	struct scan_hdr_tlv *hdr;
3017 	struct scan_sched_req *req;
3018 	struct scan_ssid_tlv *ssid;
3019 	struct scan_chan_info_tlv *chan_info;
3020 	struct scan_ie_tlv *ie;
3021 	struct scan_sched_ssid_match_sets *match;
3022 	struct sk_buff *skb;
3023 	struct tlv *tlv;
3024 	int i, max_len;
3025 
3026 	max_len = sizeof(*hdr) + sizeof(*req) + sizeof(*ssid) +
3027 		  sizeof(*chan_info) + sizeof(*ie) +
3028 		  sizeof(*match);
3029 
3030 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
3031 	if (!skb)
3032 		return -ENOMEM;
3033 
3034 	mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
3035 
3036 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
3037 	hdr->seq_num = mvif->scan_seq_num | mvif->band_idx << 7;
3038 	hdr->bss_idx = mvif->idx;
3039 
3040 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SCHED_REQ, sizeof(*req));
3041 	req = (struct scan_sched_req *)tlv;
3042 	req->version = 1;
3043 
3044 	if (sreq->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
3045 		req->scan_func |= SCAN_FUNC_RANDOM_MAC;
3046 
3047 	req->intervals_num = sreq->n_scan_plans;
3048 	for (i = 0; i < req->intervals_num; i++)
3049 		req->intervals[i] = cpu_to_le16(sreq->scan_plans[i].interval);
3050 
3051 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID, sizeof(*ssid));
3052 	ssid = (struct scan_ssid_tlv *)tlv;
3053 
3054 	ssid->ssids_num = sreq->n_ssids;
3055 	ssid->ssid_type = BIT(2);
3056 	for (i = 0; i < ssid->ssids_num; i++) {
3057 		cfg_ssid = &sreq->ssids[i];
3058 		memcpy(ssid->ssids[i].ssid, cfg_ssid->ssid, cfg_ssid->ssid_len);
3059 		ssid->ssids[i].ssid_len = cpu_to_le32(cfg_ssid->ssid_len);
3060 	}
3061 
3062 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SSID_MATCH_SETS, sizeof(*match));
3063 	match = (struct scan_sched_ssid_match_sets *)tlv;
3064 	match->match_num = sreq->n_match_sets;
3065 	for (i = 0; i < match->match_num; i++) {
3066 		cfg_match = &sreq->match_sets[i];
3067 		memcpy(match->match[i].ssid, cfg_match->ssid.ssid,
3068 		       cfg_match->ssid.ssid_len);
3069 		match->match[i].rssi_th = cpu_to_le32(cfg_match->rssi_thold);
3070 		match->match[i].ssid_len = cfg_match->ssid.ssid_len;
3071 	}
3072 
3073 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_CHANNEL, sizeof(*chan_info));
3074 	chan_info = (struct scan_chan_info_tlv *)tlv;
3075 	chan_info->channels_num = min_t(u8, sreq->n_channels,
3076 					ARRAY_SIZE(chan_info->channels));
3077 	for (i = 0; i < chan_info->channels_num; i++) {
3078 		chan = &chan_info->channels[i];
3079 
3080 		switch (scan_list[i]->band) {
3081 		case NL80211_BAND_2GHZ:
3082 			chan->band = 1;
3083 			break;
3084 		case NL80211_BAND_6GHZ:
3085 			chan->band = 3;
3086 			break;
3087 		default:
3088 			chan->band = 2;
3089 			break;
3090 		}
3091 		chan->channel_num = scan_list[i]->hw_value;
3092 	}
3093 	chan_info->channel_type = sreq->n_channels ? 4 : 0;
3094 
3095 	/* Append scan probe IEs as the last tlv */
3096 	mt7925_mcu_build_scan_ie_tlv(mdev, skb, ies);
3097 
3098 	return mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
3099 				     true);
3100 }
3101 EXPORT_SYMBOL_GPL(mt7925_mcu_sched_scan_req);
3102 
3103 int
3104 mt7925_mcu_sched_scan_enable(struct mt76_phy *phy,
3105 			     struct ieee80211_vif *vif,
3106 			     bool enable)
3107 {
3108 	struct mt76_dev *mdev = phy->dev;
3109 	struct scan_sched_enable *req;
3110 	struct scan_hdr_tlv *hdr;
3111 	struct sk_buff *skb;
3112 	struct tlv *tlv;
3113 	int max_len;
3114 
3115 	max_len = sizeof(*hdr) + sizeof(*req);
3116 
3117 	skb = mt76_mcu_msg_alloc(mdev, NULL, max_len);
3118 	if (!skb)
3119 		return -ENOMEM;
3120 
3121 	hdr = (struct scan_hdr_tlv *)skb_put(skb, sizeof(*hdr));
3122 	hdr->seq_num = 0;
3123 	hdr->bss_idx = 0;
3124 
3125 	tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_SCHED_ENABLE, sizeof(*req));
3126 	req = (struct scan_sched_enable *)tlv;
3127 	req->active = !enable;
3128 
3129 	if (enable)
3130 		set_bit(MT76_HW_SCHED_SCANNING, &phy->state);
3131 	else
3132 		clear_bit(MT76_HW_SCHED_SCANNING, &phy->state);
3133 
3134 	return mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ),
3135 				     true);
3136 }
3137 
3138 int mt7925_mcu_cancel_hw_scan(struct mt76_phy *phy,
3139 			      struct ieee80211_vif *vif)
3140 {
3141 	struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv;
3142 	struct {
3143 		struct scan_hdr {
3144 			u8 seq_num;
3145 			u8 bss_idx;
3146 			u8 pad[2];
3147 		} __packed hdr;
3148 		struct scan_cancel_tlv {
3149 			__le16 tag;
3150 			__le16 len;
3151 			u8 is_ext_channel;
3152 			u8 rsv[3];
3153 		} __packed cancel;
3154 	} req = {
3155 		.hdr = {
3156 			.seq_num = mvif->scan_seq_num,
3157 			.bss_idx = mvif->idx,
3158 		},
3159 		.cancel = {
3160 			.tag = cpu_to_le16(UNI_SCAN_CANCEL),
3161 			.len = cpu_to_le16(sizeof(struct scan_cancel_tlv)),
3162 		},
3163 	};
3164 
3165 	if (test_and_clear_bit(MT76_HW_SCANNING, &phy->state)) {
3166 		struct cfg80211_scan_info info = {
3167 			.aborted = true,
3168 		};
3169 
3170 		ieee80211_scan_completed(phy->hw, &info);
3171 	}
3172 
3173 	return mt76_mcu_send_msg(phy->dev, MCU_UNI_CMD(SCAN_REQ),
3174 				 &req, sizeof(req), true);
3175 }
3176 EXPORT_SYMBOL_GPL(mt7925_mcu_cancel_hw_scan);
3177 
3178 int mt7925_mcu_set_channel_domain(struct mt76_phy *phy)
3179 {
3180 	int len, i, n_max_channels, n_2ch = 0, n_5ch = 0, n_6ch = 0;
3181 	struct {
3182 		struct {
3183 			u8 alpha2[4]; /* regulatory_request.alpha2 */
3184 			u8 bw_2g; /* BW_20_40M		0
3185 				   * BW_20M		1
3186 				   * BW_20_40_80M	2
3187 				   * BW_20_40_80_160M	3
3188 				   * BW_20_40_80_8080M	4
3189 				   */
3190 			u8 bw_5g;
3191 			u8 bw_6g;
3192 			u8 pad;
3193 		} __packed hdr;
3194 		struct n_chan {
3195 			__le16 tag;
3196 			__le16 len;
3197 			u8 n_2ch;
3198 			u8 n_5ch;
3199 			u8 n_6ch;
3200 			u8 pad;
3201 		} __packed n_ch;
3202 	} req = {
3203 		.hdr = {
3204 			.bw_2g = 0,
3205 			.bw_5g = 3, /* BW_20_40_80_160M */
3206 			.bw_6g = 3,
3207 		},
3208 		.n_ch = {
3209 			.tag = cpu_to_le16(2),
3210 		},
3211 	};
3212 	struct mt76_connac_mcu_chan {
3213 		__le16 hw_value;
3214 		__le16 pad;
3215 		__le32 flags;
3216 	} __packed channel;
3217 	struct mt76_dev *dev = phy->dev;
3218 	struct ieee80211_channel *chan;
3219 	struct sk_buff *skb;
3220 
3221 	n_max_channels = phy->sband_2g.sband.n_channels +
3222 			 phy->sband_5g.sband.n_channels +
3223 			 phy->sband_6g.sband.n_channels;
3224 	len = sizeof(req) + n_max_channels * sizeof(channel);
3225 
3226 	skb = mt76_mcu_msg_alloc(dev, NULL, len);
3227 	if (!skb)
3228 		return -ENOMEM;
3229 
3230 	skb_reserve(skb, sizeof(req));
3231 
3232 	for (i = 0; i < phy->sband_2g.sband.n_channels; i++) {
3233 		chan = &phy->sband_2g.sband.channels[i];
3234 		if (chan->flags & IEEE80211_CHAN_DISABLED)
3235 			continue;
3236 
3237 		channel.hw_value = cpu_to_le16(chan->hw_value);
3238 		channel.flags = cpu_to_le32(chan->flags);
3239 		channel.pad = 0;
3240 
3241 		skb_put_data(skb, &channel, sizeof(channel));
3242 		n_2ch++;
3243 	}
3244 	for (i = 0; i < phy->sband_5g.sband.n_channels; i++) {
3245 		chan = &phy->sband_5g.sband.channels[i];
3246 		if (chan->flags & IEEE80211_CHAN_DISABLED)
3247 			continue;
3248 
3249 		channel.hw_value = cpu_to_le16(chan->hw_value);
3250 		channel.flags = cpu_to_le32(chan->flags);
3251 		channel.pad = 0;
3252 
3253 		skb_put_data(skb, &channel, sizeof(channel));
3254 		n_5ch++;
3255 	}
3256 	for (i = 0; i < phy->sband_6g.sband.n_channels; i++) {
3257 		chan = &phy->sband_6g.sband.channels[i];
3258 		if (chan->flags & IEEE80211_CHAN_DISABLED)
3259 			continue;
3260 
3261 		channel.hw_value = cpu_to_le16(chan->hw_value);
3262 		channel.flags = cpu_to_le32(chan->flags);
3263 		channel.pad = 0;
3264 
3265 		skb_put_data(skb, &channel, sizeof(channel));
3266 		n_6ch++;
3267 	}
3268 
3269 	BUILD_BUG_ON(sizeof(dev->alpha2) > sizeof(req.hdr.alpha2));
3270 	memcpy(req.hdr.alpha2, dev->alpha2, sizeof(dev->alpha2));
3271 	req.n_ch.n_2ch = n_2ch;
3272 	req.n_ch.n_5ch = n_5ch;
3273 	req.n_ch.n_6ch = n_6ch;
3274 	len = sizeof(struct n_chan) + (n_2ch + n_5ch + n_6ch) * sizeof(channel);
3275 	req.n_ch.len = cpu_to_le16(len);
3276 	memcpy(__skb_push(skb, sizeof(req)), &req, sizeof(req));
3277 
3278 	return mt76_mcu_skb_send_msg(dev, skb, MCU_UNI_CMD(SET_DOMAIN_INFO),
3279 				     true);
3280 }
3281 EXPORT_SYMBOL_GPL(mt7925_mcu_set_channel_domain);
3282 
3283 static int
3284 __mt7925_mcu_set_clc(struct mt792x_dev *dev, u8 *alpha2,
3285 		     enum environment_cap env_cap,
3286 		     struct mt7925_clc *clc, u8 idx)
3287 {
3288 	struct mt7925_clc_segment *seg;
3289 	struct sk_buff *skb;
3290 	struct {
3291 		u8 rsv[4];
3292 		__le16 tag;
3293 		__le16 len;
3294 
3295 		u8 ver;
3296 		u8 pad0;
3297 		__le16 size;
3298 		u8 idx;
3299 		u8 env;
3300 		u8 acpi_conf;
3301 		u8 pad1;
3302 		u8 alpha2[2];
3303 		u8 type[2];
3304 		u8 rsvd[64];
3305 	} __packed req = {
3306 		.tag = cpu_to_le16(0x3),
3307 		.len = cpu_to_le16(sizeof(req) - 4),
3308 
3309 		.idx = idx,
3310 		.env = env_cap,
3311 	};
3312 	int ret, valid_cnt = 0;
3313 	u8 *pos, *last_pos;
3314 
3315 	if (!clc)
3316 		return 0;
3317 
3318 	req.ver = clc->ver;
3319 	pos = clc->data + sizeof(*seg) * clc->t0.nr_seg;
3320 	last_pos = clc->data + le32_to_cpu(*(__le32 *)(clc->data + 4));
3321 	while (pos < last_pos) {
3322 		struct mt7925_clc_rule *rule = (struct mt7925_clc_rule *)pos;
3323 
3324 		pos += sizeof(*rule);
3325 		if (rule->alpha2[0] != alpha2[0] ||
3326 		    rule->alpha2[1] != alpha2[1])
3327 			continue;
3328 
3329 		seg = (struct mt7925_clc_segment *)clc->data
3330 			  + rule->seg_idx - 1;
3331 
3332 		memcpy(req.alpha2, rule->alpha2, 2);
3333 		memcpy(req.type, rule->type, 2);
3334 
3335 		req.size = cpu_to_le16(seg->len);
3336 		dev->phy.clc_chan_conf = clc->ver == 1 ? 0xff : rule->flag;
3337 		skb = __mt76_mcu_msg_alloc(&dev->mt76, &req,
3338 					   le16_to_cpu(req.size) + sizeof(req),
3339 					   sizeof(req), GFP_KERNEL);
3340 		if (!skb)
3341 			return -ENOMEM;
3342 		skb_put_data(skb, clc->data + seg->offset, seg->len);
3343 
3344 		ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
3345 					    MCU_UNI_CMD(SET_POWER_LIMIT),
3346 					    true);
3347 		if (ret < 0)
3348 			return ret;
3349 		valid_cnt++;
3350 	}
3351 
3352 	if (!valid_cnt) {
3353 		dev->phy.clc_chan_conf = 0xff;
3354 		return -ENOENT;
3355 	}
3356 
3357 	return 0;
3358 }
3359 
3360 int mt7925_mcu_set_clc(struct mt792x_dev *dev, u8 *alpha2,
3361 		       enum environment_cap env_cap)
3362 {
3363 	struct mt792x_phy *phy = (struct mt792x_phy *)&dev->phy;
3364 	int i, ret;
3365 
3366 	/* submit all clc config */
3367 	for (i = 0; i < ARRAY_SIZE(phy->clc); i++) {
3368 		if (i == MT792x_CLC_BE_CTRL)
3369 			continue;
3370 
3371 		ret = __mt7925_mcu_set_clc(dev, alpha2, env_cap,
3372 					   phy->clc[i], i);
3373 
3374 		/* If no country found, set "00" as default */
3375 		if (ret == -ENOENT)
3376 			ret = __mt7925_mcu_set_clc(dev, "00",
3377 						   ENVIRON_INDOOR,
3378 						   phy->clc[i], i);
3379 		if (ret < 0)
3380 			return ret;
3381 	}
3382 	return 0;
3383 }
3384 
3385 int mt7925_mcu_fill_message(struct mt76_dev *mdev, struct sk_buff *skb,
3386 			    int cmd, int *wait_seq)
3387 {
3388 	int txd_len, mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
3389 	struct mt76_connac2_mcu_uni_txd *uni_txd;
3390 	struct mt76_connac2_mcu_txd *mcu_txd;
3391 	__le32 *txd;
3392 	u32 val;
3393 	u8 seq;
3394 
3395 	/* TODO: make dynamic based on msg type */
3396 	mdev->mcu.timeout = 20 * HZ;
3397 
3398 	seq = ++mdev->mcu.msg_seq & 0xf;
3399 	if (!seq)
3400 		seq = ++mdev->mcu.msg_seq & 0xf;
3401 
3402 	if (cmd == MCU_CMD(FW_SCATTER))
3403 		goto exit;
3404 
3405 	txd_len = cmd & __MCU_CMD_FIELD_UNI ? sizeof(*uni_txd) : sizeof(*mcu_txd);
3406 	txd = (__le32 *)skb_push(skb, txd_len);
3407 
3408 	val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len) |
3409 	      FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CMD) |
3410 	      FIELD_PREP(MT_TXD0_Q_IDX, MT_TX_MCU_PORT_RX_Q0);
3411 	txd[0] = cpu_to_le32(val);
3412 
3413 	val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD);
3414 	txd[1] = cpu_to_le32(val);
3415 
3416 	if (cmd & __MCU_CMD_FIELD_UNI) {
3417 		uni_txd = (struct mt76_connac2_mcu_uni_txd *)txd;
3418 		uni_txd->len = cpu_to_le16(skb->len - sizeof(uni_txd->txd));
3419 		uni_txd->cid = cpu_to_le16(mcu_cmd);
3420 		uni_txd->s2d_index = MCU_S2D_H2N;
3421 		uni_txd->pkt_type = MCU_PKT_ID;
3422 		uni_txd->seq = seq;
3423 
3424 		if (cmd & __MCU_CMD_FIELD_QUERY)
3425 			uni_txd->option = MCU_CMD_UNI_QUERY_ACK;
3426 		else
3427 			uni_txd->option = MCU_CMD_UNI_EXT_ACK;
3428 
3429 		if (cmd == MCU_UNI_CMD(HIF_CTRL) ||
3430 		    cmd == MCU_UNI_CMD(CHIP_CONFIG))
3431 			uni_txd->option &= ~MCU_CMD_ACK;
3432 
3433 		if (mcu_cmd == MCU_UNI_CMD_TESTMODE_CTRL ||
3434 		    mcu_cmd == MCU_UNI_CMD_TESTMODE_RX_STAT) {
3435 			if (cmd & __MCU_CMD_FIELD_QUERY)
3436 				uni_txd->option = 0x2;
3437 			else
3438 				uni_txd->option = 0x6;
3439 		}
3440 
3441 		goto exit;
3442 	}
3443 
3444 	mcu_txd = (struct mt76_connac2_mcu_txd *)txd;
3445 	mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
3446 	mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU,
3447 					       MT_TX_MCU_PORT_RX_Q0));
3448 	mcu_txd->pkt_type = MCU_PKT_ID;
3449 	mcu_txd->seq = seq;
3450 	mcu_txd->cid = mcu_cmd;
3451 	mcu_txd->ext_cid = FIELD_GET(__MCU_CMD_FIELD_EXT_ID, cmd);
3452 
3453 	if (mcu_txd->ext_cid || (cmd & __MCU_CMD_FIELD_CE)) {
3454 		if (cmd & __MCU_CMD_FIELD_QUERY)
3455 			mcu_txd->set_query = MCU_Q_QUERY;
3456 		else
3457 			mcu_txd->set_query = MCU_Q_SET;
3458 		mcu_txd->ext_cid_ack = !!mcu_txd->ext_cid;
3459 	} else {
3460 		mcu_txd->set_query = MCU_Q_NA;
3461 	}
3462 
3463 	if (cmd & __MCU_CMD_FIELD_WA)
3464 		mcu_txd->s2d_index = MCU_S2D_H2C;
3465 	else
3466 		mcu_txd->s2d_index = MCU_S2D_H2N;
3467 
3468 exit:
3469 	if (wait_seq)
3470 		*wait_seq = seq;
3471 
3472 	return 0;
3473 }
3474 EXPORT_SYMBOL_GPL(mt7925_mcu_fill_message);
3475 
3476 int mt7925_mcu_set_rts_thresh(struct mt792x_phy *phy, u32 val)
3477 {
3478 	struct {
3479 		u8 band_idx;
3480 		u8 _rsv[3];
3481 
3482 		__le16 tag;
3483 		__le16 len;
3484 		__le32 len_thresh;
3485 		__le32 pkt_thresh;
3486 	} __packed req = {
3487 		.band_idx = phy->mt76->band_idx,
3488 		.tag = cpu_to_le16(UNI_BAND_CONFIG_RTS_THRESHOLD),
3489 		.len = cpu_to_le16(sizeof(req) - 4),
3490 		.len_thresh = cpu_to_le32(val),
3491 		.pkt_thresh = cpu_to_le32(0x2),
3492 	};
3493 
3494 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
3495 				 &req, sizeof(req), true);
3496 }
3497 
3498 int mt7925_mcu_set_radio_en(struct mt792x_phy *phy, bool enable)
3499 {
3500 	struct {
3501 		u8 band_idx;
3502 		u8 _rsv[3];
3503 
3504 		__le16 tag;
3505 		__le16 len;
3506 		u8 enable;
3507 		u8 _rsv2[3];
3508 	} __packed req = {
3509 		.band_idx = phy->mt76->band_idx,
3510 		.tag = cpu_to_le16(UNI_BAND_CONFIG_RADIO_ENABLE),
3511 		.len = cpu_to_le16(sizeof(req) - 4),
3512 		.enable = enable,
3513 	};
3514 
3515 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
3516 				 &req, sizeof(req), true);
3517 }
3518 
3519 static void
3520 mt7925_mcu_build_sku(struct mt76_dev *dev, s8 *sku,
3521 		     struct mt76_power_limits *limits,
3522 		     enum nl80211_band band)
3523 {
3524 	int i, offset = sizeof(limits->cck);
3525 
3526 	memset(sku, 127, MT_CONNAC3_SKU_POWER_LIMIT);
3527 
3528 	if (band == NL80211_BAND_2GHZ) {
3529 		/* cck */
3530 		memcpy(sku, limits->cck, sizeof(limits->cck));
3531 	}
3532 
3533 	/* ofdm */
3534 	memcpy(&sku[offset], limits->ofdm, sizeof(limits->ofdm));
3535 	offset += (sizeof(limits->ofdm) * 5);
3536 
3537 	/* ht */
3538 	for (i = 0; i < 2; i++) {
3539 		memcpy(&sku[offset], limits->mcs[i], 8);
3540 		offset += 8;
3541 	}
3542 	sku[offset++] = limits->mcs[0][0];
3543 
3544 	/* vht */
3545 	for (i = 0; i < ARRAY_SIZE(limits->mcs); i++) {
3546 		memcpy(&sku[offset], limits->mcs[i],
3547 		       ARRAY_SIZE(limits->mcs[i]));
3548 		offset += 12;
3549 	}
3550 
3551 	/* he */
3552 	for (i = 0; i < ARRAY_SIZE(limits->ru); i++) {
3553 		memcpy(&sku[offset], limits->ru[i], ARRAY_SIZE(limits->ru[i]));
3554 		offset += ARRAY_SIZE(limits->ru[i]);
3555 	}
3556 
3557 	/* eht */
3558 	for (i = 0; i < ARRAY_SIZE(limits->eht); i++) {
3559 		memcpy(&sku[offset], limits->eht[i], ARRAY_SIZE(limits->eht[i]));
3560 		offset += ARRAY_SIZE(limits->eht[i]);
3561 	}
3562 }
3563 
3564 static int
3565 mt7925_mcu_rate_txpower_band(struct mt76_phy *phy,
3566 			     enum nl80211_band band)
3567 {
3568 	int tx_power, n_chan, last_ch, err = 0, idx = 0;
3569 	int i, sku_len, batch_size, batch_len = 3;
3570 	struct mt76_dev *dev = phy->dev;
3571 	static const u8 chan_list_2ghz[] = {
3572 		1, 2,  3,  4,  5,  6,  7,
3573 		8, 9, 10, 11, 12, 13, 14
3574 	};
3575 	static const u8 chan_list_5ghz[] = {
3576 		 36,  38,  40,  42,  44,  46,  48,
3577 		 50,  52,  54,  56,  58,  60,  62,
3578 		 64, 100, 102, 104, 106, 108, 110,
3579 		112, 114, 116, 118, 120, 122, 124,
3580 		126, 128, 132, 134, 136, 138, 140,
3581 		142, 144, 149, 151, 153, 155, 157,
3582 		159, 161, 165, 167
3583 	};
3584 	static const u8 chan_list_6ghz[] = {
3585 		  1,   3,   5,   7,   9,  11,  13,
3586 		 15,  17,  19,  21,  23,  25,  27,
3587 		 29,  33,  35,  37,  39,  41,  43,
3588 		 45,  47,  49,  51,  53,  55,  57,
3589 		 59,  61,  65,  67,  69,  71,  73,
3590 		 75,  77,  79,  81,  83,  85,  87,
3591 		 89,  91,  93,  97,  99, 101, 103,
3592 		105, 107, 109, 111, 113, 115, 117,
3593 		119, 121, 123, 125, 129, 131, 133,
3594 		135, 137, 139, 141, 143, 145, 147,
3595 		149, 151, 153, 155, 157, 161, 163,
3596 		165, 167, 169, 171, 173, 175, 177,
3597 		179, 181, 183, 185, 187, 189, 193,
3598 		195, 197, 199, 201, 203, 205, 207,
3599 		209, 211, 213, 215, 217, 219, 221,
3600 		225, 227, 229, 233
3601 	};
3602 	struct mt76_power_limits *limits;
3603 	struct mt7925_sku_tlv *sku_tlbv;
3604 	const u8 *ch_list;
3605 
3606 	sku_len = sizeof(*sku_tlbv);
3607 	tx_power = 2 * phy->hw->conf.power_level;
3608 	if (!tx_power)
3609 		tx_power = 127;
3610 
3611 	if (band == NL80211_BAND_2GHZ) {
3612 		n_chan = ARRAY_SIZE(chan_list_2ghz);
3613 		ch_list = chan_list_2ghz;
3614 		last_ch = chan_list_2ghz[ARRAY_SIZE(chan_list_2ghz) - 1];
3615 	} else if (band == NL80211_BAND_6GHZ) {
3616 		n_chan = ARRAY_SIZE(chan_list_6ghz);
3617 		ch_list = chan_list_6ghz;
3618 		last_ch = chan_list_6ghz[ARRAY_SIZE(chan_list_6ghz) - 1];
3619 	} else {
3620 		n_chan = ARRAY_SIZE(chan_list_5ghz);
3621 		ch_list = chan_list_5ghz;
3622 		last_ch = chan_list_5ghz[ARRAY_SIZE(chan_list_5ghz) - 1];
3623 	}
3624 	batch_size = DIV_ROUND_UP(n_chan, batch_len);
3625 
3626 	limits = devm_kmalloc(dev->dev, sizeof(*limits), GFP_KERNEL);
3627 	if (!limits)
3628 		return -ENOMEM;
3629 
3630 	sku_tlbv = devm_kmalloc(dev->dev, sku_len, GFP_KERNEL);
3631 	if (!sku_tlbv) {
3632 		devm_kfree(dev->dev, limits);
3633 		return -ENOMEM;
3634 	}
3635 
3636 	for (i = 0; i < batch_size; i++) {
3637 		struct mt7925_tx_power_limit_tlv *tx_power_tlv;
3638 		int j, msg_len, num_ch;
3639 		struct sk_buff *skb;
3640 
3641 		num_ch = i == batch_size - 1 ? n_chan % batch_len : batch_len;
3642 		msg_len = sizeof(*tx_power_tlv) + num_ch * sku_len;
3643 		skb = mt76_mcu_msg_alloc(dev, NULL, msg_len);
3644 		if (!skb) {
3645 			err = -ENOMEM;
3646 			goto out;
3647 		}
3648 
3649 		tx_power_tlv = (struct mt7925_tx_power_limit_tlv *)
3650 			       skb_put(skb, sizeof(*tx_power_tlv));
3651 
3652 		BUILD_BUG_ON(sizeof(dev->alpha2) > sizeof(tx_power_tlv->alpha2));
3653 		memcpy(tx_power_tlv->alpha2, dev->alpha2, sizeof(dev->alpha2));
3654 		tx_power_tlv->n_chan = num_ch;
3655 		tx_power_tlv->tag = cpu_to_le16(0x1);
3656 		tx_power_tlv->len = cpu_to_le16(sizeof(*tx_power_tlv));
3657 
3658 		switch (band) {
3659 		case NL80211_BAND_2GHZ:
3660 			tx_power_tlv->band = 1;
3661 			break;
3662 		case NL80211_BAND_6GHZ:
3663 			tx_power_tlv->band = 3;
3664 			break;
3665 		default:
3666 			tx_power_tlv->band = 2;
3667 			break;
3668 		}
3669 
3670 		for (j = 0; j < num_ch; j++, idx++) {
3671 			struct ieee80211_channel chan = {
3672 				.hw_value = ch_list[idx],
3673 				.band = band,
3674 			};
3675 			s8 reg_power, sar_power;
3676 
3677 			reg_power = mt76_connac_get_ch_power(phy, &chan,
3678 							     tx_power);
3679 			sar_power = mt76_get_sar_power(phy, &chan, reg_power);
3680 
3681 			mt76_get_rate_power_limits(phy, &chan, limits,
3682 						   sar_power);
3683 
3684 			tx_power_tlv->last_msg = ch_list[idx] == last_ch;
3685 			sku_tlbv->channel = ch_list[idx];
3686 
3687 			mt7925_mcu_build_sku(dev, sku_tlbv->pwr_limit,
3688 					     limits, band);
3689 			skb_put_data(skb, sku_tlbv, sku_len);
3690 		}
3691 		err = mt76_mcu_skb_send_msg(dev, skb,
3692 					    MCU_UNI_CMD(SET_POWER_LIMIT),
3693 					    true);
3694 		if (err < 0)
3695 			goto out;
3696 	}
3697 
3698 out:
3699 	devm_kfree(dev->dev, sku_tlbv);
3700 	devm_kfree(dev->dev, limits);
3701 	return err;
3702 }
3703 
3704 int mt7925_mcu_set_rate_txpower(struct mt76_phy *phy)
3705 {
3706 	int err;
3707 
3708 	if (phy->cap.has_2ghz) {
3709 		err = mt7925_mcu_rate_txpower_band(phy,
3710 						   NL80211_BAND_2GHZ);
3711 		if (err < 0)
3712 			return err;
3713 	}
3714 
3715 	if (phy->cap.has_5ghz) {
3716 		err = mt7925_mcu_rate_txpower_band(phy,
3717 						   NL80211_BAND_5GHZ);
3718 		if (err < 0)
3719 			return err;
3720 	}
3721 
3722 	if (phy->cap.has_6ghz) {
3723 		err = mt7925_mcu_rate_txpower_band(phy,
3724 						   NL80211_BAND_6GHZ);
3725 		if (err < 0)
3726 			return err;
3727 	}
3728 
3729 	return 0;
3730 }
3731 
3732 int mt7925_mcu_wf_rf_pin_ctrl(struct mt792x_phy *phy)
3733 {
3734 #define UNI_CMD_RADIO_STATUS_GET	0
3735 	struct mt792x_dev *dev = phy->dev;
3736 	struct sk_buff *skb;
3737 	int ret;
3738 	struct {
3739 		__le16 tag;
3740 		__le16 len;
3741 		u8 rsv[4];
3742 	} __packed req = {
3743 		.tag = UNI_CMD_RADIO_STATUS_GET,
3744 		.len = cpu_to_le16(sizeof(req)),
3745 	};
3746 	struct mt7925_radio_status_event {
3747 		__le16 tag;
3748 		__le16 len;
3749 
3750 		u8 data;
3751 		u8 rsv[3];
3752 	} __packed *status;
3753 
3754 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
3755 					MCU_UNI_CMD(RADIO_STATUS),
3756 					&req, sizeof(req), true, &skb);
3757 	if (ret)
3758 		return ret;
3759 
3760 	skb_pull(skb, sizeof(struct tlv));
3761 	status = (struct mt7925_radio_status_event *)skb->data;
3762 	ret = status->data;
3763 
3764 	dev_kfree_skb(skb);
3765 
3766 	return ret;
3767 }
3768 
3769 int mt7925_mcu_set_rxfilter(struct mt792x_dev *dev, u32 fif,
3770 			    u8 bit_op, u32 bit_map)
3771 {
3772 	struct mt792x_phy *phy = &dev->phy;
3773 	struct {
3774 		u8 band_idx;
3775 		u8 rsv1[3];
3776 
3777 		__le16 tag;
3778 		__le16 len;
3779 		u8 mode;
3780 		u8 rsv2[3];
3781 		__le32 fif;
3782 		__le32 bit_map; /* bit_* for bitmap update */
3783 		u8 bit_op;
3784 		u8 pad[51];
3785 	} __packed req = {
3786 		.band_idx = phy->mt76->band_idx,
3787 		.tag = cpu_to_le16(UNI_BAND_CONFIG_SET_MAC80211_RX_FILTER),
3788 		.len = cpu_to_le16(sizeof(req) - 4),
3789 
3790 		.mode = fif ? 0 : 1,
3791 		.fif = cpu_to_le32(fif),
3792 		.bit_map = cpu_to_le32(bit_map),
3793 		.bit_op = bit_op,
3794 	};
3795 
3796 	return mt76_mcu_send_msg(&phy->dev->mt76, MCU_UNI_CMD(BAND_CONFIG),
3797 				 &req, sizeof(req), true);
3798 }
3799