xref: /linux/drivers/net/wireless/mediatek/mt76/mt7996/main.c (revision 34f2573661e3e644efaf383178af634a2fd67828)
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (C) 2022 MediaTek Inc.
4  */
5 
6 #include "mt7996.h"
7 #include "mcu.h"
8 #include "mac.h"
9 
10 int mt7996_run(struct mt7996_phy *phy)
11 {
12 	struct mt7996_dev *dev = phy->dev;
13 	int ret;
14 
15 	mt7996_mac_enable_nf(dev, phy->mt76->band_idx);
16 
17 	ret = mt7996_mcu_set_rts_thresh(phy, 0x92b);
18 	if (ret)
19 		return ret;
20 
21 	ret = mt7996_mcu_set_radio_en(phy, true);
22 	if (ret)
23 		return ret;
24 
25 	ret = mt7996_mcu_set_chan_info(phy, UNI_CHANNEL_RX_PATH);
26 	if (ret)
27 		return ret;
28 
29 	ret = mt7996_mcu_set_thermal_throttling(phy, MT7996_THERMAL_THROTTLE_MAX);
30 	if (ret)
31 		return ret;
32 
33 	ret = mt7996_mcu_set_thermal_protect(phy, true);
34 	if (ret)
35 		return ret;
36 
37 	set_bit(MT76_STATE_RUNNING, &phy->mt76->state);
38 
39 	ieee80211_queue_delayed_work(dev->mphy.hw, &phy->mt76->mac_work,
40 				     MT7996_WATCHDOG_TIME);
41 
42 	if (!phy->counter_reset) {
43 		mt7996_mac_reset_counters(phy);
44 		phy->counter_reset = true;
45 	}
46 
47 	return 0;
48 }
49 
50 static int mt7996_start(struct ieee80211_hw *hw)
51 {
52 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
53 	int ret;
54 
55 	flush_work(&dev->init_work);
56 
57 	mutex_lock(&dev->mt76.mutex);
58 	ret = mt7996_mcu_set_hdr_trans(dev, true);
59 	if (!ret && is_mt7992(&dev->mt76)) {
60 		u8 queue = mt76_connac_lmac_mapping(IEEE80211_AC_VI);
61 
62 		ret = mt7996_mcu_cp_support(dev, queue);
63 	}
64 	mutex_unlock(&dev->mt76.mutex);
65 
66 	return ret;
67 }
68 
69 static void mt7996_stop_phy(struct mt7996_phy *phy)
70 {
71 	struct mt7996_dev *dev;
72 
73 	if (!phy || !test_bit(MT76_STATE_RUNNING, &phy->mt76->state))
74 		return;
75 
76 	dev = phy->dev;
77 
78 	cancel_delayed_work_sync(&phy->mt76->mac_work);
79 
80 	mutex_lock(&dev->mt76.mutex);
81 
82 	mt7996_mcu_set_radio_en(phy, false);
83 
84 	clear_bit(MT76_STATE_RUNNING, &phy->mt76->state);
85 
86 	mutex_unlock(&dev->mt76.mutex);
87 }
88 
89 static void mt7996_stop(struct ieee80211_hw *hw, bool suspend)
90 {
91 }
92 
93 static inline int get_free_idx(u32 mask, u8 start, u8 end)
94 {
95 	return ffs(~mask & GENMASK(end, start));
96 }
97 
98 static int get_omac_idx(enum nl80211_iftype type, u64 mask)
99 {
100 	int i;
101 
102 	switch (type) {
103 	case NL80211_IFTYPE_MESH_POINT:
104 	case NL80211_IFTYPE_ADHOC:
105 	case NL80211_IFTYPE_STATION:
106 		/* prefer hw bssid slot 1-3 */
107 		i = get_free_idx(mask, HW_BSSID_1, HW_BSSID_3);
108 		if (i)
109 			return i - 1;
110 
111 		if (type != NL80211_IFTYPE_STATION)
112 			break;
113 
114 		i = get_free_idx(mask, EXT_BSSID_1, EXT_BSSID_MAX);
115 		if (i)
116 			return i - 1;
117 
118 		if (~mask & BIT(HW_BSSID_0))
119 			return HW_BSSID_0;
120 
121 		break;
122 	case NL80211_IFTYPE_MONITOR:
123 	case NL80211_IFTYPE_AP:
124 		/* ap uses hw bssid 0 and ext bssid */
125 		if (~mask & BIT(HW_BSSID_0))
126 			return HW_BSSID_0;
127 
128 		i = get_free_idx(mask, EXT_BSSID_1, EXT_BSSID_MAX);
129 		if (i)
130 			return i - 1;
131 
132 		break;
133 	default:
134 		WARN_ON(1);
135 		break;
136 	}
137 
138 	return -1;
139 }
140 
141 static void
142 mt7996_init_bitrate_mask(struct ieee80211_vif *vif, struct mt7996_vif_link *mlink)
143 {
144 	int i;
145 
146 	for (i = 0; i < ARRAY_SIZE(mlink->bitrate_mask.control); i++) {
147 		mlink->bitrate_mask.control[i].gi = NL80211_TXRATE_DEFAULT_GI;
148 		mlink->bitrate_mask.control[i].he_gi = 0xff;
149 		mlink->bitrate_mask.control[i].he_ltf = 0xff;
150 		mlink->bitrate_mask.control[i].legacy = GENMASK(31, 0);
151 		memset(mlink->bitrate_mask.control[i].ht_mcs, 0xff,
152 		       sizeof(mlink->bitrate_mask.control[i].ht_mcs));
153 		memset(mlink->bitrate_mask.control[i].vht_mcs, 0xff,
154 		       sizeof(mlink->bitrate_mask.control[i].vht_mcs));
155 		memset(mlink->bitrate_mask.control[i].he_mcs, 0xff,
156 		       sizeof(mlink->bitrate_mask.control[i].he_mcs));
157 	}
158 }
159 
160 static int
161 mt7996_set_hw_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
162 		  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
163 		  struct ieee80211_key_conf *key)
164 {
165 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
166 	int idx = key->keyidx;
167 	unsigned int link_id;
168 	unsigned long links;
169 
170 	if (key->link_id >= 0)
171 		links = BIT(key->link_id);
172 	else if (sta && sta->valid_links)
173 		links = sta->valid_links;
174 	else if (vif->valid_links)
175 		links = vif->valid_links;
176 	else
177 		links = BIT(0);
178 
179 	for_each_set_bit(link_id, &links, IEEE80211_MLD_MAX_NUM_LINKS) {
180 		struct mt7996_sta_link *msta_link;
181 		struct mt7996_vif_link *link;
182 		u8 *wcid_keyidx;
183 		int err;
184 
185 		link = mt7996_vif_link(dev, vif, link_id);
186 		if (!link)
187 			continue;
188 
189 		if (sta) {
190 			struct mt7996_sta *msta;
191 
192 			msta = (struct mt7996_sta *)sta->drv_priv;
193 			msta_link = mt76_dereference(msta->link[link_id],
194 						     &dev->mt76);
195 			if (!msta_link)
196 				continue;
197 
198 			if (!msta_link->wcid.sta)
199 				return -EOPNOTSUPP;
200 		} else {
201 			msta_link = &link->msta_link;
202 		}
203 		wcid_keyidx = &msta_link->wcid.hw_key_idx;
204 
205 		switch (key->cipher) {
206 		case WLAN_CIPHER_SUITE_AES_CMAC:
207 		case WLAN_CIPHER_SUITE_BIP_CMAC_256:
208 		case WLAN_CIPHER_SUITE_BIP_GMAC_128:
209 		case WLAN_CIPHER_SUITE_BIP_GMAC_256:
210 			if (key->keyidx == 6 || key->keyidx == 7) {
211 				wcid_keyidx = &msta_link->wcid.hw_key_idx2;
212 				key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIE;
213 			}
214 			break;
215 		default:
216 			break;
217 		}
218 
219 		if (cmd == SET_KEY && !sta && !link->mt76.cipher) {
220 			struct ieee80211_bss_conf *link_conf;
221 
222 			link_conf = link_conf_dereference_protected(vif,
223 								    link_id);
224 			if (!link_conf)
225 				link_conf = &vif->bss_conf;
226 
227 			link->mt76.cipher =
228 				mt76_connac_mcu_get_cipher(key->cipher);
229 			mt7996_mcu_add_bss_info(link->phy, vif, link_conf,
230 						&link->mt76, msta_link, true);
231 		}
232 
233 		if (cmd == SET_KEY) {
234 			*wcid_keyidx = idx;
235 		} else {
236 			if (idx == *wcid_keyidx)
237 				*wcid_keyidx = -1;
238 			continue;
239 		}
240 
241 		mt76_wcid_key_setup(&dev->mt76, &msta_link->wcid, key);
242 
243 		if (key->keyidx == 6 || key->keyidx == 7) {
244 			err = mt7996_mcu_bcn_prot_enable(dev, link,
245 							 msta_link, key);
246 			if (err)
247 				return err;
248 		}
249 
250 		err = mt7996_mcu_add_key(&dev->mt76, vif, key,
251 					 MCU_WMWA_UNI_CMD(STA_REC_UPDATE),
252 					 &msta_link->wcid, cmd);
253 		if (err)
254 			return err;
255 	}
256 
257 	return 0;
258 }
259 
260 static void
261 mt7996_key_iter(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
262 		struct ieee80211_sta *sta, struct ieee80211_key_conf *key,
263 		void *data)
264 {
265 	if (sta)
266 		return;
267 
268 	WARN_ON(mt7996_set_hw_key(hw, SET_KEY, vif, NULL, key));
269 }
270 
271 int mt7996_vif_link_add(struct mt76_phy *mphy, struct ieee80211_vif *vif,
272 			struct ieee80211_bss_conf *link_conf,
273 			struct mt76_vif_link *mlink)
274 {
275 	struct mt7996_vif_link *link = container_of(mlink, struct mt7996_vif_link, mt76);
276 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
277 	struct mt7996_sta_link *msta_link = &link->msta_link;
278 	struct mt7996_phy *phy = mphy->priv;
279 	struct mt7996_dev *dev = phy->dev;
280 	u8 band_idx = phy->mt76->band_idx;
281 	struct mt76_txq *mtxq;
282 	int idx, ret;
283 
284 	mlink->idx = __ffs64(~dev->mt76.vif_mask);
285 	if (mlink->idx >= mt7996_max_interface_num(dev))
286 		return -ENOSPC;
287 
288 	idx = get_omac_idx(vif->type, phy->omac_mask);
289 	if (idx < 0)
290 		return -ENOSPC;
291 
292 	link->phy = phy;
293 	mlink->omac_idx = idx;
294 	mlink->band_idx = band_idx;
295 	mlink->wmm_idx = vif->type == NL80211_IFTYPE_AP ? 0 : 3;
296 	mlink->wcid = &msta_link->wcid;
297 	mlink->wcid->offchannel = mlink->offchannel;
298 
299 	ret = mt7996_mcu_add_dev_info(phy, vif, link_conf, mlink, true);
300 	if (ret)
301 		return ret;
302 
303 	dev->mt76.vif_mask |= BIT_ULL(mlink->idx);
304 	phy->omac_mask |= BIT_ULL(mlink->omac_idx);
305 
306 	idx = MT7996_WTBL_RESERVED - mlink->idx;
307 
308 	INIT_LIST_HEAD(&msta_link->rc_list);
309 	msta_link->wcid.idx = idx;
310 	msta_link->wcid.link_id = link_conf->link_id;
311 	msta_link->wcid.tx_info |= MT_WCID_TX_INFO_SET;
312 	mt76_wcid_init(&msta_link->wcid, band_idx);
313 
314 	mt7996_mac_wtbl_update(dev, idx,
315 			       MT_WTBL_UPDATE_ADM_COUNT_CLEAR);
316 
317 	if (vif->txq) {
318 		mtxq = (struct mt76_txq *)vif->txq->drv_priv;
319 		mtxq->wcid = idx;
320 	}
321 
322 	if (vif->type != NL80211_IFTYPE_AP &&
323 	    (!mlink->omac_idx || mlink->omac_idx > 3))
324 		vif->offload_flags = 0;
325 
326 	if (phy->mt76->chandef.chan->band != NL80211_BAND_2GHZ)
327 		mlink->basic_rates_idx = MT7996_BASIC_RATES_TBL + 4;
328 	else
329 		mlink->basic_rates_idx = MT7996_BASIC_RATES_TBL;
330 
331 	mt7996_init_bitrate_mask(vif, link);
332 
333 	mt7996_mcu_add_bss_info(phy, vif, link_conf, mlink, msta_link, true);
334 	/* defer the first STA_REC of BMC entry to BSS_CHANGED_BSSID for STA
335 	 * interface, since firmware only records BSSID when the entry is new
336 	 */
337 	if (vif->type != NL80211_IFTYPE_STATION)
338 		mt7996_mcu_add_sta(dev, link_conf, NULL, link, NULL,
339 				   CONN_STATE_PORT_SECURE, true);
340 	rcu_assign_pointer(dev->mt76.wcid[idx], &msta_link->wcid);
341 
342 	ieee80211_iter_keys(mphy->hw, vif, mt7996_key_iter, NULL);
343 
344 	if (mvif->mt76.deflink_id == IEEE80211_LINK_UNSPECIFIED)
345 		mvif->mt76.deflink_id = link_conf->link_id;
346 
347 	return 0;
348 }
349 
350 void mt7996_vif_link_remove(struct mt76_phy *mphy, struct ieee80211_vif *vif,
351 			    struct ieee80211_bss_conf *link_conf,
352 			    struct mt76_vif_link *mlink)
353 {
354 	struct mt7996_vif_link *link = container_of(mlink, struct mt7996_vif_link, mt76);
355 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
356 	struct mt7996_sta_link *msta_link = &link->msta_link;
357 	struct mt7996_phy *phy = mphy->priv;
358 	struct mt7996_dev *dev = phy->dev;
359 	int idx = msta_link->wcid.idx;
360 
361 	mt7996_mcu_add_sta(dev, link_conf, NULL, link, NULL,
362 			   CONN_STATE_DISCONNECT, false);
363 	mt7996_mcu_add_bss_info(phy, vif, link_conf, mlink, msta_link, false);
364 
365 	mt7996_mcu_add_dev_info(phy, vif, link_conf, mlink, false);
366 
367 	rcu_assign_pointer(dev->mt76.wcid[idx], NULL);
368 
369 	if (mvif->mt76.deflink_id == link_conf->link_id) {
370 		struct ieee80211_bss_conf *iter;
371 		unsigned int link_id;
372 
373 		mvif->mt76.deflink_id = IEEE80211_LINK_UNSPECIFIED;
374 		for_each_vif_active_link(vif, iter, link_id) {
375 			if (link_id != IEEE80211_LINK_UNSPECIFIED) {
376 				mvif->mt76.deflink_id = link_id;
377 				break;
378 			}
379 		}
380 	}
381 
382 	dev->mt76.vif_mask &= ~BIT_ULL(mlink->idx);
383 	phy->omac_mask &= ~BIT_ULL(mlink->omac_idx);
384 
385 	spin_lock_bh(&dev->mt76.sta_poll_lock);
386 	if (!list_empty(&msta_link->wcid.poll_list))
387 		list_del_init(&msta_link->wcid.poll_list);
388 	spin_unlock_bh(&dev->mt76.sta_poll_lock);
389 
390 	mt76_wcid_cleanup(&dev->mt76, &msta_link->wcid);
391 }
392 
393 static void mt7996_phy_set_rxfilter(struct mt7996_phy *phy)
394 {
395 	struct mt7996_dev *dev = phy->dev;
396 	u32 ctl_flags = MT_WF_RFCR1_DROP_ACK |
397 			MT_WF_RFCR1_DROP_BF_POLL |
398 			MT_WF_RFCR1_DROP_BA |
399 			MT_WF_RFCR1_DROP_CFEND |
400 			MT_WF_RFCR1_DROP_CFACK;
401 	u32 filter = phy->rxfilter;
402 
403 	if (filter & MT_WF_RFCR_DROP_OTHER_UC) {
404 		filter |= MT_WF_RFCR_DROP_CTS |
405 			  MT_WF_RFCR_DROP_RTS |
406 			  MT_WF_RFCR_DROP_CTL_RSV |
407 			  MT_WF_RFCR_DROP_FCSFAIL;
408 	}
409 
410 	mt76_wr(dev, MT_WF_RFCR(phy->mt76->band_idx), filter);
411 	if (filter & MT_WF_RFCR_DROP_CTL_RSV)
412 		mt76_set(dev, MT_WF_RFCR1(phy->mt76->band_idx), ctl_flags);
413 	else
414 		mt76_clear(dev, MT_WF_RFCR1(phy->mt76->band_idx), ctl_flags);
415 }
416 
417 static void mt7996_set_monitor(struct mt7996_phy *phy, bool enabled)
418 {
419 	struct mt7996_dev *dev;
420 
421 	if (!phy)
422 		return;
423 
424 	dev = phy->dev;
425 
426 	if (enabled == !(phy->rxfilter & MT_WF_RFCR_DROP_OTHER_UC))
427 		return;
428 
429 	if (!enabled)
430 		phy->rxfilter |= MT_WF_RFCR_DROP_OTHER_UC;
431 	else
432 		phy->rxfilter &= ~MT_WF_RFCR_DROP_OTHER_UC;
433 
434 	mt76_rmw_field(dev, MT_DMA_DCR0(phy->mt76->band_idx),
435 		       MT_DMA_DCR0_RXD_G5_EN, enabled);
436 	mt7996_phy_set_rxfilter(phy);
437 	mt7996_mcu_set_sniffer_mode(phy, enabled);
438 }
439 
440 static int mt7996_add_interface(struct ieee80211_hw *hw,
441 				struct ieee80211_vif *vif)
442 {
443 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
444 	struct wireless_dev *wdev = ieee80211_vif_to_wdev(vif);
445 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
446 	int i, err = 0;
447 
448 	mutex_lock(&dev->mt76.mutex);
449 
450 	for (i = 0; i < MT7996_MAX_RADIOS; i++) {
451 		struct mt7996_phy *phy = dev->radio_phy[i];
452 
453 		if (!phy || !(wdev->radio_mask & BIT(i)) ||
454 		    test_bit(MT76_STATE_RUNNING, &phy->mt76->state))
455 			continue;
456 
457 		err = mt7996_run(phy);
458 		if (err)
459 			goto out;
460 
461 		if (vif->type == NL80211_IFTYPE_MONITOR)
462 			mt7996_set_monitor(phy, true);
463 	}
464 
465 	mt76_vif_init(vif, &mvif->mt76);
466 
467 	vif->offload_flags |= IEEE80211_OFFLOAD_ENCAP_4ADDR;
468 	mvif->mt76.deflink_id = IEEE80211_LINK_UNSPECIFIED;
469 
470 out:
471 	mutex_unlock(&dev->mt76.mutex);
472 
473 	return err;
474 }
475 
476 struct mt7996_radio_data {
477 	u32 active_mask;
478 	u32 monitor_mask;
479 };
480 
481 static void mt7996_remove_iter(void *data, u8 *mac, struct ieee80211_vif *vif)
482 {
483 	struct wireless_dev *wdev = ieee80211_vif_to_wdev(vif);
484 	struct mt7996_radio_data *rdata = data;
485 
486 	rdata->active_mask |= wdev->radio_mask;
487 	if (vif->type == NL80211_IFTYPE_MONITOR)
488 		rdata->monitor_mask |= wdev->radio_mask;
489 }
490 
491 static void mt7996_remove_interface(struct ieee80211_hw *hw,
492 				    struct ieee80211_vif *vif)
493 {
494 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
495 	struct mt7996_radio_data rdata = {};
496 	int i;
497 
498 	ieee80211_iterate_active_interfaces_mtx(hw, 0, mt7996_remove_iter,
499 						&rdata);
500 	mt76_vif_cleanup(&dev->mt76, vif);
501 
502 	for (i = 0; i < MT7996_MAX_RADIOS; i++) {
503 		struct mt7996_phy *phy = dev->radio_phy[i];
504 
505 		if (!phy)
506 			continue;
507 		if (!(rdata.monitor_mask & BIT(i)))
508 			mt7996_set_monitor(phy, false);
509 		if (!(rdata.active_mask & BIT(i)))
510 			mt7996_stop_phy(phy);
511 	}
512 }
513 
514 int mt7996_set_channel(struct mt76_phy *mphy)
515 {
516 	struct mt7996_phy *phy = mphy->priv;
517 	int ret;
518 
519 	ret = mt7996_mcu_set_chan_info(phy, UNI_CHANNEL_SWITCH);
520 	if (ret)
521 		goto out;
522 
523 	ret = mt7996_mcu_set_chan_info(phy, UNI_CHANNEL_RX_PATH);
524 	if (ret)
525 		goto out;
526 
527 	ret = mt7996_mcu_set_txpower_sku(phy);
528 	if (ret)
529 		goto out;
530 
531 	ret = mt7996_dfs_init_radar_detector(phy);
532 	mt7996_mac_cca_stats_reset(phy);
533 
534 	mt7996_mac_reset_counters(phy);
535 	phy->noise = 0;
536 
537 out:
538 	ieee80211_queue_delayed_work(mphy->hw, &mphy->mac_work,
539 				     MT7996_WATCHDOG_TIME);
540 
541 	return ret;
542 }
543 
544 static int mt7996_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
545 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
546 			  struct ieee80211_key_conf *key)
547 {
548 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
549 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
550 	int err;
551 
552 	/* The hardware does not support per-STA RX GTK, fallback
553 	 * to software mode for these.
554 	 */
555 	if ((vif->type == NL80211_IFTYPE_ADHOC ||
556 	     vif->type == NL80211_IFTYPE_MESH_POINT) &&
557 	    (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
558 	     key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
559 	    !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
560 		return -EOPNOTSUPP;
561 
562 	/* fall back to sw encryption for unsupported ciphers */
563 	switch (key->cipher) {
564 	case WLAN_CIPHER_SUITE_TKIP:
565 	case WLAN_CIPHER_SUITE_CCMP:
566 	case WLAN_CIPHER_SUITE_CCMP_256:
567 	case WLAN_CIPHER_SUITE_GCMP:
568 	case WLAN_CIPHER_SUITE_GCMP_256:
569 	case WLAN_CIPHER_SUITE_SMS4:
570 		break;
571 	case WLAN_CIPHER_SUITE_AES_CMAC:
572 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
573 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
574 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
575 		if (key->keyidx == 6 || key->keyidx == 7)
576 			break;
577 		fallthrough;
578 	case WLAN_CIPHER_SUITE_WEP40:
579 	case WLAN_CIPHER_SUITE_WEP104:
580 	default:
581 		return -EOPNOTSUPP;
582 	}
583 
584 	if (!mt7996_vif_link_phy(&mvif->deflink))
585 		return 0; /* defer until after link add */
586 
587 	mutex_lock(&dev->mt76.mutex);
588 	err = mt7996_set_hw_key(hw, cmd, vif, sta, key);
589 	mutex_unlock(&dev->mt76.mutex);
590 
591 	return err;
592 }
593 
594 static int mt7996_config(struct ieee80211_hw *hw, int radio_idx, u32 changed)
595 {
596 	return 0;
597 }
598 
599 static int
600 mt7996_conf_tx(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
601 	       unsigned int link_id, u16 queue,
602 	       const struct ieee80211_tx_queue_params *params)
603 {
604 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
605 	struct mt7996_vif_link *mlink = mt7996_vif_link(dev, vif, link_id);
606 	static const u8 mq_to_aci[] = {
607 		[IEEE80211_AC_VO] = 3,
608 		[IEEE80211_AC_VI] = 2,
609 		[IEEE80211_AC_BE] = 0,
610 		[IEEE80211_AC_BK] = 1,
611 	};
612 
613 	/* firmware uses access class index */
614 	mlink->queue_params[mq_to_aci[queue]] = *params;
615 	/* no need to update right away, we'll get BSS_CHANGED_QOS */
616 
617 	return 0;
618 }
619 
620 static void mt7996_configure_filter(struct ieee80211_hw *hw,
621 				    unsigned int changed_flags,
622 				    unsigned int *total_flags,
623 				    u64 multicast)
624 {
625 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
626 	struct mt7996_phy *phy;
627 	u32 filter_mask = 0, filter_set = 0;
628 	u32 flags = 0;
629 
630 #define MT76_FILTER(_flag, _hw) do {				\
631 		flags |= *total_flags & FIF_##_flag;		\
632 		filter_mask |= (_hw);				\
633 		filter_set |= !(flags & FIF_##_flag) * (_hw);	\
634 	} while (0)
635 
636 	mutex_lock(&dev->mt76.mutex);
637 
638 	MT76_FILTER(OTHER_BSS, MT_WF_RFCR_DROP_OTHER_TIM |
639 			       MT_WF_RFCR_DROP_A3_MAC |
640 			       MT_WF_RFCR_DROP_A3_BSSID);
641 
642 	MT76_FILTER(FCSFAIL, MT_WF_RFCR_DROP_FCSFAIL);
643 
644 	MT76_FILTER(CONTROL, MT_WF_RFCR_DROP_CTS |
645 			     MT_WF_RFCR_DROP_RTS |
646 			     MT_WF_RFCR_DROP_CTL_RSV);
647 
648 	*total_flags = flags;
649 
650 	mt7996_for_each_phy(dev, phy) {
651 		phy->rxfilter &= ~(MT_WF_RFCR_DROP_OTHER_BSS |
652 				   MT_WF_RFCR_DROP_OTHER_BEACON |
653 				   MT_WF_RFCR_DROP_FRAME_REPORT |
654 				   MT_WF_RFCR_DROP_PROBEREQ |
655 				   MT_WF_RFCR_DROP_MCAST_FILTERED |
656 				   MT_WF_RFCR_DROP_MCAST |
657 				   MT_WF_RFCR_DROP_BCAST |
658 				   MT_WF_RFCR_DROP_DUPLICATE |
659 				   MT_WF_RFCR_DROP_A2_BSSID |
660 				   MT_WF_RFCR_DROP_UNWANTED_CTL |
661 				   MT_WF_RFCR_DROP_STBC_MULTI |
662 				   filter_mask);
663 		phy->rxfilter |= filter_set;
664 		mt7996_phy_set_rxfilter(phy);
665 	}
666 
667 	mutex_unlock(&dev->mt76.mutex);
668 }
669 
670 static int
671 mt7996_get_txpower(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
672 		   unsigned int link_id, int *dbm)
673 {
674 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
675 	struct mt7996_phy *phy = mt7996_vif_link_phy(&mvif->deflink);
676 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
677 	struct wireless_dev *wdev;
678 	int n_chains, delta, i;
679 
680 	if (!phy) {
681 		wdev = ieee80211_vif_to_wdev(vif);
682 		for (i = 0; i < hw->wiphy->n_radio; i++)
683 			if (wdev->radio_mask & BIT(i))
684 				phy = dev->radio_phy[i];
685 
686 		if (!phy)
687 			return -EINVAL;
688 	}
689 
690 	n_chains = hweight16(phy->mt76->chainmask);
691 	delta = mt76_tx_power_path_delta(n_chains);
692 	*dbm = DIV_ROUND_UP(phy->mt76->txpower_cur + delta, 2);
693 
694 	return 0;
695 }
696 
697 static u8
698 mt7996_get_rates_table(struct mt7996_phy *phy, struct ieee80211_bss_conf *conf,
699 		       bool beacon, bool mcast)
700 {
701 	struct mt7996_dev *dev = phy->dev;
702 	struct mt76_vif_link *mvif = mt76_vif_conf_link(&dev->mt76, conf->vif, conf);
703 	u16 rate;
704 	u8 i, idx;
705 
706 	rate = mt76_connac2_mac_tx_rate_val(phy->mt76, conf, beacon, mcast);
707 
708 	if (beacon) {
709 		/* odd index for driver, even index for firmware */
710 		idx = MT7996_BEACON_RATES_TBL + 2 * phy->mt76->band_idx;
711 		if (phy->beacon_rate != rate)
712 			mt7996_mcu_set_fixed_rate_table(phy, idx, rate, beacon);
713 
714 		return idx;
715 	}
716 
717 	idx = FIELD_GET(MT_TX_RATE_IDX, rate);
718 	for (i = 0; i < ARRAY_SIZE(mt76_rates); i++)
719 		if ((mt76_rates[i].hw_value & GENMASK(7, 0)) == idx)
720 			return MT7996_BASIC_RATES_TBL + 2 * i;
721 
722 	return mvif->basic_rates_idx;
723 }
724 
725 static void
726 mt7996_update_mu_group(struct ieee80211_hw *hw, struct mt7996_vif_link *link,
727 		       struct ieee80211_bss_conf *info)
728 {
729 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
730 	u8 band = link->mt76.band_idx;
731 	u32 *mu;
732 
733 	mu = (u32 *)info->mu_group.membership;
734 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_VLD0(band), mu[0]);
735 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_VLD1(band), mu[1]);
736 
737 	mu = (u32 *)info->mu_group.position;
738 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_POS0(band), mu[0]);
739 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_POS1(band), mu[1]);
740 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_POS2(band), mu[2]);
741 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_POS3(band), mu[3]);
742 }
743 
744 static void
745 mt7996_vif_cfg_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
746 		       u64 changed)
747 {
748 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
749 
750 	mutex_lock(&dev->mt76.mutex);
751 
752 	if ((changed & BSS_CHANGED_ASSOC) && vif->cfg.assoc) {
753 		struct ieee80211_bss_conf *link_conf;
754 		unsigned long link_id;
755 
756 		for_each_vif_active_link(vif, link_conf, link_id) {
757 			struct mt7996_vif_link *link;
758 
759 			link = mt7996_vif_link(dev, vif, link_id);
760 			if (!link)
761 				continue;
762 
763 			if (!link->phy)
764 				continue;
765 
766 			mt7996_mcu_add_bss_info(link->phy, vif, link_conf,
767 						&link->mt76, &link->msta_link,
768 						true);
769 			mt7996_mcu_add_sta(dev, link_conf, NULL, link, NULL,
770 					   CONN_STATE_PORT_SECURE,
771 					   !!(changed & BSS_CHANGED_BSSID));
772 		}
773 	}
774 
775 	mutex_unlock(&dev->mt76.mutex);
776 }
777 
778 static void
779 mt7996_link_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
780 			 struct ieee80211_bss_conf *info, u64 changed)
781 {
782 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
783 	struct mt7996_vif_link *link;
784 	struct mt7996_phy *phy;
785 	struct mt76_phy *mphy;
786 
787 	mutex_lock(&dev->mt76.mutex);
788 
789 	link = mt7996_vif_conf_link(dev, vif, info);
790 	if (!link)
791 		goto out;
792 
793 	mphy = mt76_vif_link_phy(&link->mt76);
794 	if (!mphy)
795 		goto out;
796 
797 	phy = mphy->priv;
798 
799 	/* station mode uses BSSID to map the wlan entry to a peer,
800 	 * and then peer references bss_info_rfch to set bandwidth cap.
801 	 */
802 	if ((changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid)) ||
803 	    (changed & BSS_CHANGED_BEACON_ENABLED && info->enable_beacon)) {
804 		mt7996_mcu_add_bss_info(phy, vif, info, &link->mt76,
805 					&link->msta_link, true);
806 		mt7996_mcu_add_sta(dev, info, NULL, link, NULL,
807 				   CONN_STATE_PORT_SECURE,
808 				   !!(changed & BSS_CHANGED_BSSID));
809 	}
810 
811 	if (changed & BSS_CHANGED_ERP_SLOT) {
812 		int slottime = info->use_short_slot ? 9 : 20;
813 
814 		if (slottime != phy->slottime) {
815 			phy->slottime = slottime;
816 			mt7996_mcu_set_timing(phy, vif, info);
817 		}
818 	}
819 
820 	if (changed & BSS_CHANGED_MCAST_RATE)
821 		link->mt76.mcast_rates_idx =
822 			mt7996_get_rates_table(phy, info, false, true);
823 
824 	if (changed & BSS_CHANGED_BASIC_RATES)
825 		link->mt76.basic_rates_idx =
826 			mt7996_get_rates_table(phy, info, false, false);
827 
828 	/* ensure that enable txcmd_mode after bss_info */
829 	if (changed & (BSS_CHANGED_QOS | BSS_CHANGED_BEACON_ENABLED))
830 		mt7996_mcu_set_tx(dev, vif, info);
831 
832 	if (changed & BSS_CHANGED_HE_OBSS_PD)
833 		mt7996_mcu_add_obss_spr(phy, link, &info->he_obss_pd);
834 
835 	if (changed & BSS_CHANGED_HE_BSS_COLOR) {
836 		if ((vif->type == NL80211_IFTYPE_AP &&
837 		    link->mt76.omac_idx <= HW_BSSID_MAX) ||
838 		   vif->type == NL80211_IFTYPE_STATION)
839 			mt7996_mcu_update_bss_color(dev, &link->mt76,
840 						    &info->he_bss_color);
841 	}
842 
843 	if (changed & (BSS_CHANGED_BEACON |
844 		       BSS_CHANGED_BEACON_ENABLED)) {
845 		link->mt76.beacon_rates_idx =
846 			mt7996_get_rates_table(phy, info, true, false);
847 
848 		mt7996_mcu_add_beacon(hw, vif, info);
849 	}
850 
851 	if (changed & (BSS_CHANGED_UNSOL_BCAST_PROBE_RESP |
852 		       BSS_CHANGED_FILS_DISCOVERY))
853 		mt7996_mcu_beacon_inband_discov(dev, info, link, changed);
854 
855 	if (changed & BSS_CHANGED_MU_GROUPS)
856 		mt7996_update_mu_group(hw, link, info);
857 
858 	if (changed & BSS_CHANGED_TXPOWER &&
859 	    info->txpower != phy->txpower) {
860 		phy->txpower = info->txpower;
861 		mt7996_mcu_set_txpower_sku(phy);
862 	}
863 
864 out:
865 	mutex_unlock(&dev->mt76.mutex);
866 }
867 
868 static void
869 mt7996_channel_switch_beacon(struct ieee80211_hw *hw,
870 			     struct ieee80211_vif *vif,
871 			     struct cfg80211_chan_def *chandef)
872 {
873 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
874 
875 	mutex_lock(&dev->mt76.mutex);
876 	mt7996_mcu_add_beacon(hw, vif, &vif->bss_conf);
877 	mutex_unlock(&dev->mt76.mutex);
878 }
879 
880 static int
881 mt7996_mac_sta_init_link(struct mt7996_dev *dev,
882 			 struct ieee80211_bss_conf *link_conf,
883 			 struct ieee80211_link_sta *link_sta,
884 			 struct mt7996_vif_link *link, unsigned int link_id)
885 {
886 	struct ieee80211_sta *sta = link_sta->sta;
887 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
888 	struct mt7996_phy *phy = link->phy;
889 	struct mt7996_sta_link *msta_link;
890 	int idx;
891 
892 	idx = mt76_wcid_alloc(dev->mt76.wcid_mask, MT7996_WTBL_STA);
893 	if (idx < 0)
894 		return -ENOSPC;
895 
896 	if (msta->deflink_id == IEEE80211_LINK_UNSPECIFIED) {
897 		int i;
898 
899 		msta_link = &msta->deflink;
900 		msta->deflink_id = link_id;
901 
902 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++) {
903 			struct mt76_txq *mtxq;
904 
905 			if (!sta->txq[i])
906 				continue;
907 
908 			mtxq = (struct mt76_txq *)sta->txq[i]->drv_priv;
909 			mtxq->wcid = idx;
910 		}
911 	} else {
912 		msta_link = kzalloc(sizeof(*msta_link), GFP_KERNEL);
913 		if (!msta_link)
914 			return -ENOMEM;
915 	}
916 
917 	INIT_LIST_HEAD(&msta_link->rc_list);
918 	INIT_LIST_HEAD(&msta_link->wcid.poll_list);
919 	msta_link->sta = msta;
920 	msta_link->wcid.sta = 1;
921 	msta_link->wcid.idx = idx;
922 	msta_link->wcid.link_id = link_id;
923 
924 	ewma_avg_signal_init(&msta_link->avg_ack_signal);
925 	ewma_signal_init(&msta_link->wcid.rssi);
926 
927 	rcu_assign_pointer(msta->link[link_id], msta_link);
928 
929 	mt7996_mac_wtbl_update(dev, idx, MT_WTBL_UPDATE_ADM_COUNT_CLEAR);
930 	mt7996_mcu_add_sta(dev, link_conf, link_sta, link, msta_link,
931 			   CONN_STATE_DISCONNECT, true);
932 
933 	rcu_assign_pointer(dev->mt76.wcid[idx], &msta_link->wcid);
934 	mt76_wcid_init(&msta_link->wcid, phy->mt76->band_idx);
935 
936 	return 0;
937 }
938 
939 static void
940 mt7996_mac_sta_deinit_link(struct mt7996_dev *dev,
941 			   struct mt7996_sta_link *msta_link)
942 {
943 	int i;
944 
945 	for (i = 0; i < ARRAY_SIZE(msta_link->wcid.aggr); i++)
946 		mt76_rx_aggr_stop(&dev->mt76, &msta_link->wcid, i);
947 
948 	mt7996_mac_wtbl_update(dev, msta_link->wcid.idx,
949 			       MT_WTBL_UPDATE_ADM_COUNT_CLEAR);
950 
951 	spin_lock_bh(&dev->mt76.sta_poll_lock);
952 	if (!list_empty(&msta_link->wcid.poll_list))
953 		list_del_init(&msta_link->wcid.poll_list);
954 	if (!list_empty(&msta_link->rc_list))
955 		list_del_init(&msta_link->rc_list);
956 	spin_unlock_bh(&dev->mt76.sta_poll_lock);
957 
958 	mt76_wcid_cleanup(&dev->mt76, &msta_link->wcid);
959 	mt76_wcid_mask_clear(dev->mt76.wcid_mask, msta_link->wcid.idx);
960 }
961 
962 static void
963 mt7996_mac_sta_remove_links(struct mt7996_dev *dev, struct ieee80211_sta *sta,
964 			    unsigned long links)
965 {
966 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
967 	struct mt76_dev *mdev = &dev->mt76;
968 	unsigned int link_id;
969 
970 	for_each_set_bit(link_id, &links, IEEE80211_MLD_MAX_NUM_LINKS) {
971 		struct mt7996_sta_link *msta_link = NULL;
972 
973 		msta_link = rcu_replace_pointer(msta->link[link_id], msta_link,
974 						lockdep_is_held(&mdev->mutex));
975 		if (!msta_link)
976 			continue;
977 
978 		mt7996_mac_sta_deinit_link(dev, msta_link);
979 		if (msta->deflink_id == link_id) {
980 			msta->deflink_id = IEEE80211_LINK_UNSPECIFIED;
981 			continue;
982 		}
983 
984 		kfree_rcu(msta_link, rcu_head);
985 	}
986 }
987 
988 static int
989 mt7996_mac_sta_add_links(struct mt7996_dev *dev, struct ieee80211_vif *vif,
990 			 struct ieee80211_sta *sta, unsigned long new_links)
991 {
992 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
993 	unsigned int link_id;
994 	int err = 0;
995 
996 	for_each_set_bit(link_id, &new_links, IEEE80211_MLD_MAX_NUM_LINKS) {
997 		struct ieee80211_bss_conf *link_conf;
998 		struct ieee80211_link_sta *link_sta;
999 		struct mt7996_vif_link *link;
1000 
1001 		if (rcu_access_pointer(msta->link[link_id]))
1002 			continue;
1003 
1004 		link_conf = link_conf_dereference_protected(vif, link_id);
1005 		if (!link_conf) {
1006 			err = -EINVAL;
1007 			goto error_unlink;
1008 		}
1009 
1010 		link = mt7996_vif_link(dev, vif, link_id);
1011 		if (!link) {
1012 			err = -EINVAL;
1013 			goto error_unlink;
1014 		}
1015 
1016 		link_sta = link_sta_dereference_protected(sta, link_id);
1017 		if (!link_sta) {
1018 			err = -EINVAL;
1019 			goto error_unlink;
1020 		}
1021 
1022 		err = mt7996_mac_sta_init_link(dev, link_conf, link_sta, link,
1023 					       link_id);
1024 		if (err)
1025 			goto error_unlink;
1026 	}
1027 
1028 	return 0;
1029 
1030 error_unlink:
1031 	mt7996_mac_sta_remove_links(dev, sta, new_links);
1032 
1033 	return err;
1034 }
1035 
1036 static int
1037 mt7996_mac_sta_change_links(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1038 			    struct ieee80211_sta *sta, u16 old_links,
1039 			    u16 new_links)
1040 {
1041 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1042 	unsigned long add = new_links & ~old_links;
1043 	unsigned long rem = old_links & ~new_links;
1044 	int ret;
1045 
1046 	mutex_lock(&dev->mt76.mutex);
1047 
1048 	mt7996_mac_sta_remove_links(dev, sta, rem);
1049 	ret = mt7996_mac_sta_add_links(dev, vif, sta, add);
1050 
1051 	mutex_unlock(&dev->mt76.mutex);
1052 
1053 	return ret;
1054 }
1055 
1056 static int
1057 mt7996_mac_sta_add(struct mt76_phy *mphy, struct ieee80211_vif *vif,
1058 		   struct ieee80211_sta *sta)
1059 {
1060 	struct mt76_dev *mdev = mphy->dev;
1061 	struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
1062 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1063 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1064 	unsigned long links = sta->mlo ? sta->valid_links : BIT(0);
1065 	int err;
1066 
1067 	mutex_lock(&mdev->mutex);
1068 
1069 	msta->deflink_id = IEEE80211_LINK_UNSPECIFIED;
1070 	msta->vif = mvif;
1071 	err = mt7996_mac_sta_add_links(dev, vif, sta, links);
1072 	if (!err)
1073 		mphy->num_sta++;
1074 
1075 	mutex_unlock(&mdev->mutex);
1076 
1077 	return err;
1078 }
1079 
1080 static int
1081 mt7996_mac_sta_event(struct mt7996_dev *dev, struct ieee80211_vif *vif,
1082 		     struct ieee80211_sta *sta, enum mt76_sta_event ev)
1083 {
1084 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1085 	unsigned long links = sta->valid_links;
1086 	struct ieee80211_link_sta *link_sta;
1087 	unsigned int link_id;
1088 
1089 	for_each_sta_active_link(vif, sta, link_sta, link_id) {
1090 		struct ieee80211_bss_conf *link_conf;
1091 		struct mt7996_sta_link *msta_link;
1092 		struct mt7996_vif_link *link;
1093 		int i, err;
1094 
1095 		link_conf = link_conf_dereference_protected(vif, link_id);
1096 		if (!link_conf)
1097 			continue;
1098 
1099 		link = mt7996_vif_link(dev, vif, link_id);
1100 		if (!link)
1101 			continue;
1102 
1103 		msta_link = mt76_dereference(msta->link[link_id], &dev->mt76);
1104 		if (!msta_link)
1105 			continue;
1106 
1107 		switch (ev) {
1108 		case MT76_STA_EVENT_ASSOC:
1109 			err = mt7996_mcu_add_sta(dev, link_conf, link_sta,
1110 						 link, msta_link,
1111 						 CONN_STATE_CONNECT, true);
1112 			if (err)
1113 				return err;
1114 
1115 			err = mt7996_mcu_add_rate_ctrl(dev, vif, link_conf,
1116 						       link_sta, link,
1117 						       msta_link, false);
1118 			if (err)
1119 				return err;
1120 
1121 			msta_link->wcid.tx_info |= MT_WCID_TX_INFO_SET;
1122 			msta_link->wcid.sta = 1;
1123 			break;
1124 		case MT76_STA_EVENT_AUTHORIZE:
1125 			err = mt7996_mcu_add_sta(dev, link_conf, link_sta,
1126 						 link, msta_link,
1127 						 CONN_STATE_PORT_SECURE, false);
1128 			if (err)
1129 				return err;
1130 			break;
1131 		case MT76_STA_EVENT_DISASSOC:
1132 			for (i = 0; i < ARRAY_SIZE(msta_link->twt.flow); i++)
1133 				mt7996_mac_twt_teardown_flow(dev, link,
1134 							     msta_link, i);
1135 
1136 			if (sta->mlo && links == BIT(link_id)) /* last link */
1137 				mt7996_mcu_teardown_mld_sta(dev, link,
1138 							    msta_link);
1139 			else
1140 				mt7996_mcu_add_sta(dev, link_conf, link_sta,
1141 						   link, msta_link,
1142 						   CONN_STATE_DISCONNECT, false);
1143 			msta_link->wcid.sta_disabled = 1;
1144 			msta_link->wcid.sta = 0;
1145 			links = links & ~BIT(link_id);
1146 			break;
1147 		}
1148 	}
1149 
1150 	return 0;
1151 }
1152 
1153 static void
1154 mt7996_mac_sta_remove(struct mt76_phy *mphy, struct ieee80211_vif *vif,
1155 		      struct ieee80211_sta *sta)
1156 {
1157 	struct mt76_dev *mdev = mphy->dev;
1158 	struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
1159 	unsigned long links = sta->mlo ? sta->valid_links : BIT(0);
1160 
1161 	mutex_lock(&mdev->mutex);
1162 
1163 	mt7996_mac_sta_remove_links(dev, sta, links);
1164 	mphy->num_sta--;
1165 
1166 	mutex_unlock(&mdev->mutex);
1167 }
1168 
1169 static int
1170 mt7996_sta_state(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1171 		 struct ieee80211_sta *sta, enum ieee80211_sta_state old_state,
1172 		 enum ieee80211_sta_state new_state)
1173 {
1174 	struct mt76_phy *mphy = mt76_vif_phy(hw, vif);
1175 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1176 	enum mt76_sta_event ev;
1177 
1178 	if (!mphy)
1179 		return -EINVAL;
1180 
1181 	if (old_state == IEEE80211_STA_NOTEXIST &&
1182 	    new_state == IEEE80211_STA_NONE)
1183 		return mt7996_mac_sta_add(mphy, vif, sta);
1184 
1185 	if (old_state == IEEE80211_STA_NONE &&
1186 	    new_state == IEEE80211_STA_NOTEXIST)
1187 		mt7996_mac_sta_remove(mphy, vif, sta);
1188 
1189 	if (old_state == IEEE80211_STA_AUTH &&
1190 	    new_state == IEEE80211_STA_ASSOC)
1191 		ev = MT76_STA_EVENT_ASSOC;
1192 	else if (old_state == IEEE80211_STA_ASSOC &&
1193 		 new_state == IEEE80211_STA_AUTHORIZED)
1194 		ev = MT76_STA_EVENT_AUTHORIZE;
1195 	else if (old_state == IEEE80211_STA_ASSOC &&
1196 		 new_state == IEEE80211_STA_AUTH)
1197 		ev = MT76_STA_EVENT_DISASSOC;
1198 	else
1199 		return 0;
1200 
1201 	return mt7996_mac_sta_event(dev, vif, sta, ev);
1202 }
1203 
1204 static void mt7996_tx(struct ieee80211_hw *hw,
1205 		      struct ieee80211_tx_control *control,
1206 		      struct sk_buff *skb)
1207 {
1208 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1209 	struct mt76_phy *mphy = hw->priv;
1210 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1211 	struct ieee80211_vif *vif = info->control.vif;
1212 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1213 	u8 link_id = u32_get_bits(info->control.flags,
1214 				  IEEE80211_TX_CTRL_MLO_LINK);
1215 
1216 	rcu_read_lock();
1217 
1218 	if (vif) {
1219 		struct mt7996_vif *mvif = (void *)vif->drv_priv;
1220 		struct mt76_vif_link *mlink;
1221 
1222 		mlink = rcu_dereference(mvif->mt76.link[link_id]);
1223 		if (mlink && mlink->wcid)
1224 			wcid = mlink->wcid;
1225 
1226 		if (mvif->mt76.roc_phy &&
1227 		    (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN)) {
1228 			mphy = mvif->mt76.roc_phy;
1229 			if (mphy->roc_link)
1230 				wcid = mphy->roc_link->wcid;
1231 		} else {
1232 			mphy = mt76_vif_link_phy(&mvif->deflink.mt76);
1233 		}
1234 	}
1235 
1236 	if (!mphy) {
1237 		ieee80211_free_txskb(hw, skb);
1238 		goto unlock;
1239 	}
1240 
1241 	if (control->sta) {
1242 		struct mt7996_sta *msta = (void *)control->sta->drv_priv;
1243 		struct mt7996_sta_link *msta_link;
1244 
1245 		msta_link = rcu_dereference(msta->link[link_id]);
1246 		if (msta_link)
1247 			wcid = &msta_link->wcid;
1248 	}
1249 	mt76_tx(mphy, control->sta, wcid, skb);
1250 unlock:
1251 	rcu_read_unlock();
1252 }
1253 
1254 static int mt7996_set_rts_threshold(struct ieee80211_hw *hw, int radio_idx,
1255 				    u32 val)
1256 {
1257 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1258 	int i, ret = 0;
1259 
1260 	mutex_lock(&dev->mt76.mutex);
1261 
1262 	for (i = 0; i < hw->wiphy->n_radio; i++) {
1263 		struct mt7996_phy *phy = dev->radio_phy[i];
1264 
1265 		ret = mt7996_mcu_set_rts_thresh(phy, val);
1266 		if (ret)
1267 			break;
1268 	}
1269 
1270 	mutex_unlock(&dev->mt76.mutex);
1271 
1272 	return ret;
1273 }
1274 
1275 static int
1276 mt7996_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1277 		    struct ieee80211_ampdu_params *params)
1278 {
1279 	enum ieee80211_ampdu_mlme_action action = params->action;
1280 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1281 	struct ieee80211_sta *sta = params->sta;
1282 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1283 	struct ieee80211_txq *txq = sta->txq[params->tid];
1284 	struct ieee80211_link_sta *link_sta;
1285 	u16 tid = params->tid;
1286 	u16 ssn = params->ssn;
1287 	struct mt76_txq *mtxq;
1288 	unsigned int link_id;
1289 	int ret = 0;
1290 
1291 	if (!txq)
1292 		return -EINVAL;
1293 
1294 	mtxq = (struct mt76_txq *)txq->drv_priv;
1295 
1296 	mutex_lock(&dev->mt76.mutex);
1297 
1298 	for_each_sta_active_link(vif, sta, link_sta, link_id) {
1299 		struct mt7996_sta_link *msta_link;
1300 		struct mt7996_vif_link *link;
1301 
1302 		msta_link = mt76_dereference(msta->link[link_id], &dev->mt76);
1303 		if (!msta_link)
1304 			continue;
1305 
1306 		link = mt7996_vif_link(dev, vif, link_id);
1307 		if (!link)
1308 			continue;
1309 
1310 		switch (action) {
1311 		case IEEE80211_AMPDU_RX_START:
1312 			mt76_rx_aggr_start(&dev->mt76, &msta_link->wcid, tid,
1313 					   ssn, params->buf_size);
1314 			ret = mt7996_mcu_add_rx_ba(dev, params, link, true);
1315 			break;
1316 		case IEEE80211_AMPDU_RX_STOP:
1317 			mt76_rx_aggr_stop(&dev->mt76, &msta_link->wcid, tid);
1318 			ret = mt7996_mcu_add_rx_ba(dev, params, link, false);
1319 			break;
1320 		case IEEE80211_AMPDU_TX_OPERATIONAL:
1321 			mtxq->aggr = true;
1322 			mtxq->send_bar = false;
1323 			ret = mt7996_mcu_add_tx_ba(dev, params, link,
1324 						   msta_link, true);
1325 			break;
1326 		case IEEE80211_AMPDU_TX_STOP_FLUSH:
1327 		case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
1328 			mtxq->aggr = false;
1329 			clear_bit(tid, &msta_link->wcid.ampdu_state);
1330 			ret = mt7996_mcu_add_tx_ba(dev, params, link,
1331 						   msta_link, false);
1332 			break;
1333 		case IEEE80211_AMPDU_TX_START:
1334 			set_bit(tid, &msta_link->wcid.ampdu_state);
1335 			ret = IEEE80211_AMPDU_TX_START_IMMEDIATE;
1336 			break;
1337 		case IEEE80211_AMPDU_TX_STOP_CONT:
1338 			mtxq->aggr = false;
1339 			clear_bit(tid, &msta_link->wcid.ampdu_state);
1340 			ret = mt7996_mcu_add_tx_ba(dev, params, link,
1341 						   msta_link, false);
1342 			break;
1343 		}
1344 
1345 		if (ret)
1346 			break;
1347 	}
1348 
1349 	if (action == IEEE80211_AMPDU_TX_STOP_CONT)
1350 		ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1351 
1352 	mutex_unlock(&dev->mt76.mutex);
1353 
1354 	return ret;
1355 }
1356 
1357 static int
1358 mt7996_get_stats(struct ieee80211_hw *hw,
1359 		 struct ieee80211_low_level_stats *stats)
1360 {
1361 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1362 	int i;
1363 
1364 	mutex_lock(&dev->mt76.mutex);
1365 
1366 	memset(stats, 0, sizeof(*stats));
1367 	for (i = 0; i < hw->wiphy->n_radio; i++) {
1368 		struct mt7996_phy *phy = dev->radio_phy[i];
1369 		struct mt76_mib_stats *mib = &phy->mib;
1370 
1371 		stats->dot11RTSSuccessCount += mib->rts_cnt;
1372 		stats->dot11RTSFailureCount += mib->rts_retries_cnt;
1373 		stats->dot11FCSErrorCount += mib->fcs_err_cnt;
1374 		stats->dot11ACKFailureCount += mib->ack_fail_cnt;
1375 	}
1376 
1377 	mutex_unlock(&dev->mt76.mutex);
1378 
1379 	return 0;
1380 }
1381 
1382 u64 __mt7996_get_tsf(struct ieee80211_hw *hw, struct mt7996_vif_link *link)
1383 {
1384 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1385 	struct mt7996_phy *phy = link->phy;
1386 	union {
1387 		u64 t64;
1388 		u32 t32[2];
1389 	} tsf;
1390 	u16 n;
1391 
1392 	if (!phy)
1393 		return 0;
1394 
1395 	lockdep_assert_held(&dev->mt76.mutex);
1396 
1397 	n = link->mt76.omac_idx > HW_BSSID_MAX ? HW_BSSID_0
1398 					       : link->mt76.omac_idx;
1399 	/* TSF software read */
1400 	mt76_rmw(dev, MT_LPON_TCR(phy->mt76->band_idx, n), MT_LPON_TCR_SW_MODE,
1401 		 MT_LPON_TCR_SW_READ);
1402 	tsf.t32[0] = mt76_rr(dev, MT_LPON_UTTR0(phy->mt76->band_idx));
1403 	tsf.t32[1] = mt76_rr(dev, MT_LPON_UTTR1(phy->mt76->band_idx));
1404 
1405 	return tsf.t64;
1406 }
1407 
1408 static u64
1409 mt7996_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
1410 {
1411 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1412 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1413 	u64 ret;
1414 
1415 	mutex_lock(&dev->mt76.mutex);
1416 	ret = __mt7996_get_tsf(hw, &mvif->deflink);
1417 	mutex_unlock(&dev->mt76.mutex);
1418 
1419 	return ret;
1420 }
1421 
1422 static void
1423 mt7996_set_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1424 	       u64 timestamp)
1425 {
1426 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1427 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1428 	struct mt7996_vif_link *link;
1429 	struct mt7996_phy *phy;
1430 	union {
1431 		u64 t64;
1432 		u32 t32[2];
1433 	} tsf = { .t64 = timestamp, };
1434 	u16 n;
1435 
1436 	mutex_lock(&dev->mt76.mutex);
1437 
1438 	link = mt7996_vif_link(dev, vif, mvif->mt76.deflink_id);
1439 	if (!link)
1440 		goto unlock;
1441 
1442 	n = link->mt76.omac_idx > HW_BSSID_MAX ? HW_BSSID_0
1443 					       : link->mt76.omac_idx;
1444 	phy = link->phy;
1445 	if (!phy)
1446 		goto unlock;
1447 
1448 	mt76_wr(dev, MT_LPON_UTTR0(phy->mt76->band_idx), tsf.t32[0]);
1449 	mt76_wr(dev, MT_LPON_UTTR1(phy->mt76->band_idx), tsf.t32[1]);
1450 	/* TSF software overwrite */
1451 	mt76_rmw(dev, MT_LPON_TCR(phy->mt76->band_idx, n), MT_LPON_TCR_SW_MODE,
1452 		 MT_LPON_TCR_SW_WRITE);
1453 
1454 unlock:
1455 	mutex_unlock(&dev->mt76.mutex);
1456 }
1457 
1458 static void
1459 mt7996_offset_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1460 		  s64 timestamp)
1461 {
1462 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1463 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1464 	struct mt7996_vif_link *link;
1465 	struct mt7996_phy *phy;
1466 	union {
1467 		u64 t64;
1468 		u32 t32[2];
1469 	} tsf = { .t64 = timestamp, };
1470 	u16 n;
1471 
1472 	mutex_lock(&dev->mt76.mutex);
1473 
1474 	link = mt7996_vif_link(dev, vif, mvif->mt76.deflink_id);
1475 	if (!link)
1476 		goto unlock;
1477 
1478 	phy = link->phy;
1479 	if (!phy)
1480 		goto unlock;
1481 
1482 	n = link->mt76.omac_idx > HW_BSSID_MAX ? HW_BSSID_0
1483 					       : link->mt76.omac_idx;
1484 	mt76_wr(dev, MT_LPON_UTTR0(phy->mt76->band_idx), tsf.t32[0]);
1485 	mt76_wr(dev, MT_LPON_UTTR1(phy->mt76->band_idx), tsf.t32[1]);
1486 	/* TSF software adjust*/
1487 	mt76_rmw(dev, MT_LPON_TCR(phy->mt76->band_idx, n), MT_LPON_TCR_SW_MODE,
1488 		 MT_LPON_TCR_SW_ADJUST);
1489 
1490 unlock:
1491 	mutex_unlock(&dev->mt76.mutex);
1492 }
1493 
1494 static void
1495 mt7996_set_coverage_class(struct ieee80211_hw *hw, int radio_idx,
1496 			  s16 coverage_class)
1497 {
1498 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1499 	struct mt7996_phy *phy;
1500 
1501 	mutex_lock(&dev->mt76.mutex);
1502 	mt7996_for_each_phy(dev, phy) {
1503 		phy->coverage_class = max_t(s16, coverage_class, 0);
1504 		mt7996_mac_set_coverage_class(phy);
1505 	}
1506 	mutex_unlock(&dev->mt76.mutex);
1507 }
1508 
1509 static int
1510 mt7996_set_antenna(struct ieee80211_hw *hw, int radio_idx,
1511 		   u32 tx_ant, u32 rx_ant)
1512 {
1513 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1514 	int i;
1515 
1516 	if (tx_ant != rx_ant)
1517 		return -EINVAL;
1518 
1519 	for (i = 0; i < hw->wiphy->n_radio; i++) {
1520 		struct mt7996_phy *phy = dev->radio_phy[i];
1521 
1522 		if (!(tx_ant & phy->orig_chainmask))
1523 			return -EINVAL;
1524 	}
1525 
1526 	mutex_lock(&dev->mt76.mutex);
1527 
1528 	for (i = 0; i < hw->wiphy->n_radio; i++) {
1529 		struct mt7996_phy *phy = dev->radio_phy[i];
1530 		u8 band_idx = phy->mt76->band_idx;
1531 		u8 shift = dev->chainshift[band_idx];
1532 
1533 		phy->mt76->chainmask = tx_ant & phy->orig_chainmask;
1534 		phy->mt76->antenna_mask = (phy->mt76->chainmask >> shift) &
1535 					  phy->orig_antenna_mask;
1536 
1537 		mt76_set_stream_caps(phy->mt76, true);
1538 		mt7996_set_stream_vht_txbf_caps(phy);
1539 		mt7996_set_stream_he_eht_caps(phy);
1540 		mt7996_mcu_set_txpower_sku(phy);
1541 	}
1542 
1543 	mutex_unlock(&dev->mt76.mutex);
1544 
1545 	return 0;
1546 }
1547 
1548 static void mt7996_sta_statistics(struct ieee80211_hw *hw,
1549 				  struct ieee80211_vif *vif,
1550 				  struct ieee80211_sta *sta,
1551 				  struct station_info *sinfo)
1552 {
1553 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1554 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1555 	struct mt7996_sta_link *msta_link = &msta->deflink;
1556 	struct rate_info *txrate = &msta_link->wcid.rate;
1557 
1558 	if (txrate->legacy || txrate->flags) {
1559 		if (txrate->legacy) {
1560 			sinfo->txrate.legacy = txrate->legacy;
1561 		} else {
1562 			sinfo->txrate.mcs = txrate->mcs;
1563 			sinfo->txrate.nss = txrate->nss;
1564 			sinfo->txrate.bw = txrate->bw;
1565 			sinfo->txrate.he_gi = txrate->he_gi;
1566 			sinfo->txrate.he_dcm = txrate->he_dcm;
1567 			sinfo->txrate.he_ru_alloc = txrate->he_ru_alloc;
1568 			sinfo->txrate.eht_gi = txrate->eht_gi;
1569 		}
1570 		sinfo->txrate.flags = txrate->flags;
1571 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
1572 	}
1573 	sinfo->txrate.flags = txrate->flags;
1574 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
1575 
1576 	sinfo->tx_failed = msta_link->wcid.stats.tx_failed;
1577 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
1578 
1579 	sinfo->tx_retries = msta_link->wcid.stats.tx_retries;
1580 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
1581 
1582 	sinfo->ack_signal = (s8)msta_link->ack_signal;
1583 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_ACK_SIGNAL);
1584 
1585 	sinfo->avg_ack_signal =
1586 		-(s8)ewma_avg_signal_read(&msta_link->avg_ack_signal);
1587 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_ACK_SIGNAL_AVG);
1588 
1589 	if (mtk_wed_device_active(&dev->mt76.mmio.wed)) {
1590 		sinfo->tx_bytes = msta_link->wcid.stats.tx_bytes;
1591 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES64);
1592 
1593 		sinfo->rx_bytes = msta_link->wcid.stats.rx_bytes;
1594 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BYTES64);
1595 
1596 		sinfo->tx_packets = msta_link->wcid.stats.tx_packets;
1597 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
1598 
1599 		sinfo->rx_packets = msta_link->wcid.stats.rx_packets;
1600 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS);
1601 	}
1602 }
1603 
1604 static void mt7996_link_rate_ctrl_update(void *data, struct ieee80211_sta *sta)
1605 {
1606 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1607 	struct mt7996_dev *dev = msta->vif->deflink.phy->dev;
1608 	struct mt7996_sta_link *msta_link;
1609 	u32 *changed = data;
1610 
1611 	rcu_read_lock();
1612 
1613 	msta_link = rcu_dereference(msta->link[msta->deflink_id]);
1614 	if (!msta_link)
1615 		goto out;
1616 
1617 	spin_lock_bh(&dev->mt76.sta_poll_lock);
1618 
1619 	msta_link->changed |= *changed;
1620 	if (list_empty(&msta_link->rc_list))
1621 		list_add_tail(&msta_link->rc_list, &dev->sta_rc_list);
1622 
1623 	spin_unlock_bh(&dev->mt76.sta_poll_lock);
1624 out:
1625 	rcu_read_unlock();
1626 }
1627 
1628 static void mt7996_link_sta_rc_update(struct ieee80211_hw *hw,
1629 				      struct ieee80211_vif *vif,
1630 				      struct ieee80211_link_sta *link_sta,
1631 				      u32 changed)
1632 {
1633 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1634 	struct ieee80211_sta *sta = link_sta->sta;
1635 
1636 	mt7996_link_rate_ctrl_update(&changed, sta);
1637 	ieee80211_queue_work(hw, &dev->rc_work);
1638 }
1639 
1640 static int
1641 mt7996_set_bitrate_mask(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1642 			const struct cfg80211_bitrate_mask *mask)
1643 {
1644 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1645 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1646 	u32 changed = IEEE80211_RC_SUPP_RATES_CHANGED;
1647 
1648 	mvif->deflink.bitrate_mask = *mask;
1649 
1650 	/* if multiple rates across different preambles are given we can
1651 	 * reconfigure this info with all peers using sta_rec command with
1652 	 * the below exception cases.
1653 	 * - single rate : if a rate is passed along with different preambles,
1654 	 * we select the highest one as fixed rate. i.e VHT MCS for VHT peers.
1655 	 * - multiple rates: if it's not in range format i.e 0-{7,8,9} for VHT
1656 	 * then multiple MCS setting (MCS 4,5,6) is not supported.
1657 	 */
1658 	ieee80211_iterate_stations_atomic(hw, mt7996_link_rate_ctrl_update,
1659 					  &changed);
1660 	ieee80211_queue_work(hw, &dev->rc_work);
1661 
1662 	return 0;
1663 }
1664 
1665 static void mt7996_sta_set_4addr(struct ieee80211_hw *hw,
1666 				 struct ieee80211_vif *vif,
1667 				 struct ieee80211_sta *sta,
1668 				 bool enabled)
1669 {
1670 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1671 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1672 	struct ieee80211_link_sta *link_sta;
1673 	unsigned int link_id;
1674 
1675 	mutex_lock(&dev->mt76.mutex);
1676 
1677 	for_each_sta_active_link(vif, sta, link_sta, link_id) {
1678 		struct mt7996_sta_link *msta_link;
1679 		struct mt7996_vif_link *link;
1680 
1681 		link = mt7996_vif_link(dev, vif, link_id);
1682 		if (!link)
1683 			continue;
1684 
1685 		msta_link = mt76_dereference(msta->link[link_id], &dev->mt76);
1686 		if (!msta_link)
1687 			continue;
1688 
1689 		if (enabled)
1690 			set_bit(MT_WCID_FLAG_4ADDR, &msta_link->wcid.flags);
1691 		else
1692 			clear_bit(MT_WCID_FLAG_4ADDR, &msta_link->wcid.flags);
1693 
1694 		if (!msta_link->wcid.sta)
1695 			continue;
1696 
1697 		mt7996_mcu_wtbl_update_hdr_trans(dev, vif, link, msta_link);
1698 	}
1699 
1700 	mutex_unlock(&dev->mt76.mutex);
1701 }
1702 
1703 static void mt7996_sta_set_decap_offload(struct ieee80211_hw *hw,
1704 					 struct ieee80211_vif *vif,
1705 					 struct ieee80211_sta *sta,
1706 					 bool enabled)
1707 {
1708 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1709 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1710 	struct ieee80211_link_sta *link_sta;
1711 	unsigned int link_id;
1712 
1713 	mutex_lock(&dev->mt76.mutex);
1714 
1715 	for_each_sta_active_link(vif, sta, link_sta, link_id) {
1716 		struct mt7996_sta_link *msta_link;
1717 		struct mt7996_vif_link *link;
1718 
1719 		link = mt7996_vif_link(dev, vif, link_id);
1720 		if (!link)
1721 			continue;
1722 
1723 		msta_link = mt76_dereference(msta->link[link_id], &dev->mt76);
1724 		if (!msta_link)
1725 			continue;
1726 
1727 		if (enabled)
1728 			set_bit(MT_WCID_FLAG_HDR_TRANS,
1729 				&msta_link->wcid.flags);
1730 		else
1731 			clear_bit(MT_WCID_FLAG_HDR_TRANS,
1732 				  &msta_link->wcid.flags);
1733 
1734 		if (!msta_link->wcid.sta)
1735 			continue;
1736 
1737 		mt7996_mcu_wtbl_update_hdr_trans(dev, vif, link, msta_link);
1738 	}
1739 
1740 	mutex_unlock(&dev->mt76.mutex);
1741 }
1742 
1743 static const char mt7996_gstrings_stats[][ETH_GSTRING_LEN] = {
1744 	"tx_ampdu_cnt",
1745 	"tx_stop_q_empty_cnt",
1746 	"tx_mpdu_attempts",
1747 	"tx_mpdu_success",
1748 	"tx_rwp_fail_cnt",
1749 	"tx_rwp_need_cnt",
1750 	"tx_pkt_ebf_cnt",
1751 	"tx_pkt_ibf_cnt",
1752 	"tx_ampdu_len:0-1",
1753 	"tx_ampdu_len:2-10",
1754 	"tx_ampdu_len:11-19",
1755 	"tx_ampdu_len:20-28",
1756 	"tx_ampdu_len:29-37",
1757 	"tx_ampdu_len:38-46",
1758 	"tx_ampdu_len:47-55",
1759 	"tx_ampdu_len:56-79",
1760 	"tx_ampdu_len:80-103",
1761 	"tx_ampdu_len:104-127",
1762 	"tx_ampdu_len:128-151",
1763 	"tx_ampdu_len:152-175",
1764 	"tx_ampdu_len:176-199",
1765 	"tx_ampdu_len:200-223",
1766 	"tx_ampdu_len:224-247",
1767 	"ba_miss_count",
1768 	"tx_beamformer_ppdu_iBF",
1769 	"tx_beamformer_ppdu_eBF",
1770 	"tx_beamformer_rx_feedback_all",
1771 	"tx_beamformer_rx_feedback_he",
1772 	"tx_beamformer_rx_feedback_vht",
1773 	"tx_beamformer_rx_feedback_ht",
1774 	"tx_beamformer_rx_feedback_bw", /* zero based idx: 20, 40, 80, 160 */
1775 	"tx_beamformer_rx_feedback_nc",
1776 	"tx_beamformer_rx_feedback_nr",
1777 	"tx_beamformee_ok_feedback_pkts",
1778 	"tx_beamformee_feedback_trig",
1779 	"tx_mu_beamforming",
1780 	"tx_mu_mpdu",
1781 	"tx_mu_successful_mpdu",
1782 	"tx_su_successful_mpdu",
1783 	"tx_msdu_pack_1",
1784 	"tx_msdu_pack_2",
1785 	"tx_msdu_pack_3",
1786 	"tx_msdu_pack_4",
1787 	"tx_msdu_pack_5",
1788 	"tx_msdu_pack_6",
1789 	"tx_msdu_pack_7",
1790 	"tx_msdu_pack_8",
1791 
1792 	/* rx counters */
1793 	"rx_fifo_full_cnt",
1794 	"rx_mpdu_cnt",
1795 	"channel_idle_cnt",
1796 	"rx_vector_mismatch_cnt",
1797 	"rx_delimiter_fail_cnt",
1798 	"rx_len_mismatch_cnt",
1799 	"rx_ampdu_cnt",
1800 	"rx_ampdu_bytes_cnt",
1801 	"rx_ampdu_valid_subframe_cnt",
1802 	"rx_ampdu_valid_subframe_b_cnt",
1803 	"rx_pfdrop_cnt",
1804 	"rx_vec_queue_overflow_drop_cnt",
1805 	"rx_ba_cnt",
1806 
1807 	/* per vif counters */
1808 	"v_tx_mode_cck",
1809 	"v_tx_mode_ofdm",
1810 	"v_tx_mode_ht",
1811 	"v_tx_mode_ht_gf",
1812 	"v_tx_mode_vht",
1813 	"v_tx_mode_he_su",
1814 	"v_tx_mode_he_ext_su",
1815 	"v_tx_mode_he_tb",
1816 	"v_tx_mode_he_mu",
1817 	"v_tx_mode_eht_su",
1818 	"v_tx_mode_eht_trig",
1819 	"v_tx_mode_eht_mu",
1820 	"v_tx_bw_20",
1821 	"v_tx_bw_40",
1822 	"v_tx_bw_80",
1823 	"v_tx_bw_160",
1824 	"v_tx_bw_320",
1825 	"v_tx_mcs_0",
1826 	"v_tx_mcs_1",
1827 	"v_tx_mcs_2",
1828 	"v_tx_mcs_3",
1829 	"v_tx_mcs_4",
1830 	"v_tx_mcs_5",
1831 	"v_tx_mcs_6",
1832 	"v_tx_mcs_7",
1833 	"v_tx_mcs_8",
1834 	"v_tx_mcs_9",
1835 	"v_tx_mcs_10",
1836 	"v_tx_mcs_11",
1837 	"v_tx_mcs_12",
1838 	"v_tx_mcs_13",
1839 	"v_tx_nss_1",
1840 	"v_tx_nss_2",
1841 	"v_tx_nss_3",
1842 	"v_tx_nss_4",
1843 };
1844 
1845 #define MT7996_SSTATS_LEN ARRAY_SIZE(mt7996_gstrings_stats)
1846 
1847 /* Ethtool related API */
1848 static
1849 void mt7996_get_et_strings(struct ieee80211_hw *hw,
1850 			   struct ieee80211_vif *vif,
1851 			   u32 sset, u8 *data)
1852 {
1853 	if (sset == ETH_SS_STATS)
1854 		memcpy(data, mt7996_gstrings_stats,
1855 		       sizeof(mt7996_gstrings_stats));
1856 }
1857 
1858 static
1859 int mt7996_get_et_sset_count(struct ieee80211_hw *hw,
1860 			     struct ieee80211_vif *vif, int sset)
1861 {
1862 	if (sset == ETH_SS_STATS)
1863 		return MT7996_SSTATS_LEN;
1864 
1865 	return 0;
1866 }
1867 
1868 static void mt7996_ethtool_worker(void *wi_data, struct ieee80211_sta *sta)
1869 {
1870 	struct mt76_ethtool_worker_info *wi = wi_data;
1871 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1872 	struct mt7996_sta_link *msta_link = &msta->deflink;
1873 
1874 	if (msta->vif->deflink.mt76.idx != wi->idx)
1875 		return;
1876 
1877 	mt76_ethtool_worker(wi, &msta_link->wcid.stats, true);
1878 }
1879 
1880 static
1881 void mt7996_get_et_stats(struct ieee80211_hw *hw,
1882 			 struct ieee80211_vif *vif,
1883 			 struct ethtool_stats *stats, u64 *data)
1884 {
1885 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1886 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1887 	struct mt7996_phy *phy = mt7996_vif_link_phy(&mvif->deflink);
1888 	struct mt76_mib_stats *mib = &phy->mib;
1889 	struct mt76_ethtool_worker_info wi = {
1890 		.data = data,
1891 		.idx = mvif->deflink.mt76.idx,
1892 	};
1893 	/* See mt7996_ampdu_stat_read_phy, etc */
1894 	int i, ei = 0;
1895 
1896 	if (!phy)
1897 		return;
1898 
1899 	mutex_lock(&dev->mt76.mutex);
1900 
1901 	mt7996_mac_update_stats(phy);
1902 
1903 	data[ei++] = mib->tx_ampdu_cnt;
1904 	data[ei++] = mib->tx_stop_q_empty_cnt;
1905 	data[ei++] = mib->tx_mpdu_attempts_cnt;
1906 	data[ei++] = mib->tx_mpdu_success_cnt;
1907 	data[ei++] = mib->tx_rwp_fail_cnt;
1908 	data[ei++] = mib->tx_rwp_need_cnt;
1909 	data[ei++] = mib->tx_bf_ebf_ppdu_cnt;
1910 	data[ei++] = mib->tx_bf_ibf_ppdu_cnt;
1911 
1912 	/* Tx ampdu stat */
1913 	for (i = 0; i < 15 /*ARRAY_SIZE(bound)*/; i++)
1914 		data[ei++] = phy->mt76->aggr_stats[i];
1915 	data[ei++] = phy->mib.ba_miss_cnt;
1916 
1917 	/* Tx Beamformer monitor */
1918 	data[ei++] = mib->tx_bf_ibf_ppdu_cnt;
1919 	data[ei++] = mib->tx_bf_ebf_ppdu_cnt;
1920 
1921 	/* Tx Beamformer Rx feedback monitor */
1922 	data[ei++] = mib->tx_bf_rx_fb_all_cnt;
1923 	data[ei++] = mib->tx_bf_rx_fb_he_cnt;
1924 	data[ei++] = mib->tx_bf_rx_fb_vht_cnt;
1925 	data[ei++] = mib->tx_bf_rx_fb_ht_cnt;
1926 
1927 	data[ei++] = mib->tx_bf_rx_fb_bw;
1928 	data[ei++] = mib->tx_bf_rx_fb_nc_cnt;
1929 	data[ei++] = mib->tx_bf_rx_fb_nr_cnt;
1930 
1931 	/* Tx Beamformee Rx NDPA & Tx feedback report */
1932 	data[ei++] = mib->tx_bf_fb_cpl_cnt;
1933 	data[ei++] = mib->tx_bf_fb_trig_cnt;
1934 
1935 	/* Tx SU & MU counters */
1936 	data[ei++] = mib->tx_mu_bf_cnt;
1937 	data[ei++] = mib->tx_mu_mpdu_cnt;
1938 	data[ei++] = mib->tx_mu_acked_mpdu_cnt;
1939 	data[ei++] = mib->tx_su_acked_mpdu_cnt;
1940 
1941 	/* Tx amsdu info (pack-count histogram) */
1942 	for (i = 0; i < ARRAY_SIZE(mib->tx_amsdu); i++)
1943 		data[ei++] = mib->tx_amsdu[i];
1944 
1945 	/* rx counters */
1946 	data[ei++] = mib->rx_fifo_full_cnt;
1947 	data[ei++] = mib->rx_mpdu_cnt;
1948 	data[ei++] = mib->channel_idle_cnt;
1949 	data[ei++] = mib->rx_vector_mismatch_cnt;
1950 	data[ei++] = mib->rx_delimiter_fail_cnt;
1951 	data[ei++] = mib->rx_len_mismatch_cnt;
1952 	data[ei++] = mib->rx_ampdu_cnt;
1953 	data[ei++] = mib->rx_ampdu_bytes_cnt;
1954 	data[ei++] = mib->rx_ampdu_valid_subframe_cnt;
1955 	data[ei++] = mib->rx_ampdu_valid_subframe_bytes_cnt;
1956 	data[ei++] = mib->rx_pfdrop_cnt;
1957 	data[ei++] = mib->rx_vec_queue_overflow_drop_cnt;
1958 	data[ei++] = mib->rx_ba_cnt;
1959 
1960 	/* Add values for all stations owned by this vif */
1961 	wi.initial_stat_idx = ei;
1962 	ieee80211_iterate_stations_atomic(hw, mt7996_ethtool_worker, &wi);
1963 
1964 	mutex_unlock(&dev->mt76.mutex);
1965 
1966 	if (wi.sta_count == 0)
1967 		return;
1968 
1969 	ei += wi.worker_stat_count;
1970 	if (ei != MT7996_SSTATS_LEN)
1971 		dev_err(dev->mt76.dev, "ei: %d  MT7996_SSTATS_LEN: %d",
1972 			ei, (int)MT7996_SSTATS_LEN);
1973 }
1974 
1975 static void
1976 mt7996_twt_teardown_request(struct ieee80211_hw *hw,
1977 			    struct ieee80211_sta *sta,
1978 			    u8 flowid)
1979 {
1980 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1981 	struct mt7996_sta_link *msta_link = &msta->deflink;
1982 	struct mt7996_vif_link *link = &msta->vif->deflink;
1983 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1984 
1985 	mutex_lock(&dev->mt76.mutex);
1986 	mt7996_mac_twt_teardown_flow(dev, link, msta_link, flowid);
1987 	mutex_unlock(&dev->mt76.mutex);
1988 }
1989 
1990 static int
1991 mt7996_set_radar_background(struct ieee80211_hw *hw,
1992 			    struct cfg80211_chan_def *chandef)
1993 {
1994 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1995 	struct mt7996_phy *phy;
1996 	int ret = -EINVAL;
1997 	bool running;
1998 
1999 	if (chandef)
2000 		phy = mt7996_band_phy(dev, chandef->chan->band);
2001 	else
2002 		phy = dev->rdd2_phy;
2003 	if (!phy)
2004 	    return -EINVAL;
2005 
2006 	mutex_lock(&dev->mt76.mutex);
2007 
2008 	if (dev->mt76.region == NL80211_DFS_UNSET)
2009 		goto out;
2010 
2011 	if (dev->rdd2_phy && dev->rdd2_phy != phy) {
2012 		/* rdd2 is already locked */
2013 		ret = -EBUSY;
2014 		goto out;
2015 	}
2016 
2017 	/* rdd2 already configured on a radar channel */
2018 	running = dev->rdd2_phy &&
2019 		  cfg80211_chandef_valid(&dev->rdd2_chandef) &&
2020 		  !!(dev->rdd2_chandef.chan->flags & IEEE80211_CHAN_RADAR);
2021 
2022 	if (!chandef || running ||
2023 	    !(chandef->chan->flags & IEEE80211_CHAN_RADAR)) {
2024 		ret = mt7996_mcu_rdd_background_enable(phy, NULL);
2025 		if (ret)
2026 			goto out;
2027 
2028 		if (!running)
2029 			goto update_phy;
2030 	}
2031 
2032 	ret = mt7996_mcu_rdd_background_enable(phy, chandef);
2033 	if (ret)
2034 		goto out;
2035 
2036 update_phy:
2037 	dev->rdd2_phy = chandef ? phy : NULL;
2038 	if (chandef)
2039 		dev->rdd2_chandef = *chandef;
2040 out:
2041 	mutex_unlock(&dev->mt76.mutex);
2042 
2043 	return ret;
2044 }
2045 
2046 #ifdef CONFIG_NET_MEDIATEK_SOC_WED
2047 static int
2048 mt7996_net_fill_forward_path(struct ieee80211_hw *hw,
2049 			     struct ieee80211_vif *vif,
2050 			     struct ieee80211_sta *sta,
2051 			     struct net_device_path_ctx *ctx,
2052 			     struct net_device_path *path)
2053 {
2054 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
2055 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
2056 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
2057 	struct mtk_wed_device *wed = &dev->mt76.mmio.wed;
2058 	struct mt7996_sta_link *msta_link;
2059 	struct mt7996_vif_link *link;
2060 	struct mt76_vif_link *mlink;
2061 	struct mt7996_phy *phy;
2062 
2063 	mlink = rcu_dereference(mvif->mt76.link[msta->deflink_id]);
2064 	if (!mlink)
2065 		return -EIO;
2066 
2067 	msta_link = rcu_dereference(msta->link[msta->deflink_id]);
2068 	if (!msta_link)
2069 		return -EIO;
2070 
2071 	if (!msta_link->wcid.sta || msta_link->wcid.idx > MT7996_WTBL_STA)
2072 		return -EIO;
2073 
2074 	link = (struct mt7996_vif_link *)mlink;
2075 	phy = mt7996_vif_link_phy(link);
2076 	if (!phy)
2077 		return -ENODEV;
2078 
2079 	if (phy != &dev->phy && phy->mt76->band_idx == MT_BAND2)
2080 		wed = &dev->mt76.mmio.wed_hif2;
2081 
2082 	if (!mtk_wed_device_active(wed))
2083 		return -ENODEV;
2084 
2085 	path->type = DEV_PATH_MTK_WDMA;
2086 	path->dev = ctx->dev;
2087 	path->mtk_wdma.wdma_idx = wed->wdma_idx;
2088 	path->mtk_wdma.bss = mlink->idx;
2089 	path->mtk_wdma.queue = 0;
2090 	path->mtk_wdma.wcid = msta_link->wcid.idx;
2091 
2092 	path->mtk_wdma.amsdu = mtk_wed_is_amsdu_supported(wed);
2093 	ctx->dev = NULL;
2094 
2095 	return 0;
2096 }
2097 
2098 #endif
2099 
2100 static int
2101 mt7996_change_vif_links(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
2102 			u16 old_links, u16 new_links,
2103 			struct ieee80211_bss_conf *old[IEEE80211_MLD_MAX_NUM_LINKS])
2104 {
2105 	return 0;
2106 }
2107 
2108 const struct ieee80211_ops mt7996_ops = {
2109 	.add_chanctx = mt76_add_chanctx,
2110 	.remove_chanctx = mt76_remove_chanctx,
2111 	.change_chanctx = mt76_change_chanctx,
2112 	.assign_vif_chanctx = mt76_assign_vif_chanctx,
2113 	.unassign_vif_chanctx = mt76_unassign_vif_chanctx,
2114 	.switch_vif_chanctx = mt76_switch_vif_chanctx,
2115 	.tx = mt7996_tx,
2116 	.start = mt7996_start,
2117 	.stop = mt7996_stop,
2118 	.add_interface = mt7996_add_interface,
2119 	.remove_interface = mt7996_remove_interface,
2120 	.config = mt7996_config,
2121 	.conf_tx = mt7996_conf_tx,
2122 	.configure_filter = mt7996_configure_filter,
2123 	.vif_cfg_changed = mt7996_vif_cfg_changed,
2124 	.link_info_changed = mt7996_link_info_changed,
2125 	.sta_state = mt7996_sta_state,
2126 	.sta_pre_rcu_remove = mt76_sta_pre_rcu_remove,
2127 	.link_sta_rc_update = mt7996_link_sta_rc_update,
2128 	.set_key = mt7996_set_key,
2129 	.ampdu_action = mt7996_ampdu_action,
2130 	.set_rts_threshold = mt7996_set_rts_threshold,
2131 	.wake_tx_queue = mt76_wake_tx_queue,
2132 	.hw_scan = mt76_hw_scan,
2133 	.cancel_hw_scan = mt76_cancel_hw_scan,
2134 	.remain_on_channel = mt76_remain_on_channel,
2135 	.cancel_remain_on_channel = mt76_cancel_remain_on_channel,
2136 	.release_buffered_frames = mt76_release_buffered_frames,
2137 	.get_txpower = mt7996_get_txpower,
2138 	.channel_switch_beacon = mt7996_channel_switch_beacon,
2139 	.get_stats = mt7996_get_stats,
2140 	.get_et_sset_count = mt7996_get_et_sset_count,
2141 	.get_et_stats = mt7996_get_et_stats,
2142 	.get_et_strings = mt7996_get_et_strings,
2143 	.get_tsf = mt7996_get_tsf,
2144 	.set_tsf = mt7996_set_tsf,
2145 	.offset_tsf = mt7996_offset_tsf,
2146 	.get_survey = mt76_get_survey,
2147 	.get_antenna = mt76_get_antenna,
2148 	.set_antenna = mt7996_set_antenna,
2149 	.set_bitrate_mask = mt7996_set_bitrate_mask,
2150 	.set_coverage_class = mt7996_set_coverage_class,
2151 	.sta_statistics = mt7996_sta_statistics,
2152 	.sta_set_4addr = mt7996_sta_set_4addr,
2153 	.sta_set_decap_offload = mt7996_sta_set_decap_offload,
2154 	.add_twt_setup = mt7996_mac_add_twt_setup,
2155 	.twt_teardown_request = mt7996_twt_teardown_request,
2156 #ifdef CONFIG_MAC80211_DEBUGFS
2157 	.sta_add_debugfs = mt7996_sta_add_debugfs,
2158 #endif
2159 	.set_radar_background = mt7996_set_radar_background,
2160 #ifdef CONFIG_NET_MEDIATEK_SOC_WED
2161 	.net_fill_forward_path = mt7996_net_fill_forward_path,
2162 	.net_setup_tc = mt76_wed_net_setup_tc,
2163 #endif
2164 	.change_vif_links = mt7996_change_vif_links,
2165 	.change_sta_links = mt7996_mac_sta_change_links,
2166 };
2167