xref: /linux/drivers/net/wireless/mediatek/mt76/mt7996/main.c (revision 54fd6bd42e7bd351802ff1d193a2e33e4bfb1836)
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (C) 2022 MediaTek Inc.
4  */
5 
6 #include "mt7996.h"
7 #include "mcu.h"
8 #include "mac.h"
9 
10 int mt7996_run(struct mt7996_phy *phy)
11 {
12 	struct mt7996_dev *dev = phy->dev;
13 	int ret;
14 
15 	mt7996_mac_enable_nf(dev, phy->mt76->band_idx);
16 
17 	ret = mt7996_mcu_set_rts_thresh(phy, 0x92b);
18 	if (ret)
19 		return ret;
20 
21 	ret = mt7996_mcu_set_radio_en(phy, true);
22 	if (ret)
23 		return ret;
24 
25 	ret = mt7996_mcu_set_chan_info(phy, UNI_CHANNEL_RX_PATH);
26 	if (ret)
27 		return ret;
28 
29 	ret = mt7996_mcu_set_thermal_throttling(phy, MT7996_THERMAL_THROTTLE_MAX);
30 	if (ret)
31 		return ret;
32 
33 	ret = mt7996_mcu_set_thermal_protect(phy, true);
34 	if (ret)
35 		return ret;
36 
37 	set_bit(MT76_STATE_RUNNING, &phy->mt76->state);
38 
39 	ieee80211_queue_delayed_work(dev->mphy.hw, &phy->mt76->mac_work,
40 				     MT7996_WATCHDOG_TIME);
41 
42 	if (!phy->counter_reset) {
43 		mt7996_mac_reset_counters(phy);
44 		phy->counter_reset = true;
45 	}
46 
47 	return 0;
48 }
49 
50 static int mt7996_start(struct ieee80211_hw *hw)
51 {
52 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
53 	int ret;
54 
55 	flush_work(&dev->init_work);
56 
57 	mutex_lock(&dev->mt76.mutex);
58 	ret = mt7996_mcu_set_hdr_trans(dev, true);
59 	if (!ret && is_mt7992(&dev->mt76)) {
60 		u8 queue = mt76_connac_lmac_mapping(IEEE80211_AC_VI);
61 
62 		ret = mt7996_mcu_cp_support(dev, queue);
63 	}
64 	mutex_unlock(&dev->mt76.mutex);
65 
66 	return ret;
67 }
68 
69 static void mt7996_stop_phy(struct mt7996_phy *phy)
70 {
71 	struct mt7996_dev *dev;
72 
73 	if (!phy || !test_bit(MT76_STATE_RUNNING, &phy->mt76->state))
74 		return;
75 
76 	dev = phy->dev;
77 
78 	cancel_delayed_work_sync(&phy->mt76->mac_work);
79 
80 	mutex_lock(&dev->mt76.mutex);
81 
82 	mt7996_mcu_set_radio_en(phy, false);
83 
84 	clear_bit(MT76_STATE_RUNNING, &phy->mt76->state);
85 
86 	mutex_unlock(&dev->mt76.mutex);
87 }
88 
89 static void mt7996_stop(struct ieee80211_hw *hw, bool suspend)
90 {
91 }
92 
93 static inline int get_free_idx(u32 mask, u8 start, u8 end)
94 {
95 	return ffs(~mask & GENMASK(end, start));
96 }
97 
98 static int get_omac_idx(enum nl80211_iftype type, u64 mask)
99 {
100 	int i;
101 
102 	switch (type) {
103 	case NL80211_IFTYPE_MESH_POINT:
104 	case NL80211_IFTYPE_ADHOC:
105 	case NL80211_IFTYPE_STATION:
106 		/* prefer hw bssid slot 1-3 */
107 		i = get_free_idx(mask, HW_BSSID_1, HW_BSSID_3);
108 		if (i)
109 			return i - 1;
110 
111 		if (type != NL80211_IFTYPE_STATION)
112 			break;
113 
114 		i = get_free_idx(mask, EXT_BSSID_1, EXT_BSSID_MAX);
115 		if (i)
116 			return i - 1;
117 
118 		if (~mask & BIT(HW_BSSID_0))
119 			return HW_BSSID_0;
120 
121 		break;
122 	case NL80211_IFTYPE_MONITOR:
123 	case NL80211_IFTYPE_AP:
124 		/* ap uses hw bssid 0 and ext bssid */
125 		if (~mask & BIT(HW_BSSID_0))
126 			return HW_BSSID_0;
127 
128 		i = get_free_idx(mask, EXT_BSSID_1, EXT_BSSID_MAX);
129 		if (i)
130 			return i - 1;
131 
132 		break;
133 	default:
134 		WARN_ON(1);
135 		break;
136 	}
137 
138 	return -1;
139 }
140 
141 static void
142 mt7996_init_bitrate_mask(struct ieee80211_vif *vif, struct mt7996_vif_link *mlink)
143 {
144 	int i;
145 
146 	for (i = 0; i < ARRAY_SIZE(mlink->bitrate_mask.control); i++) {
147 		mlink->bitrate_mask.control[i].gi = NL80211_TXRATE_DEFAULT_GI;
148 		mlink->bitrate_mask.control[i].he_gi = 0xff;
149 		mlink->bitrate_mask.control[i].he_ltf = 0xff;
150 		mlink->bitrate_mask.control[i].legacy = GENMASK(31, 0);
151 		memset(mlink->bitrate_mask.control[i].ht_mcs, 0xff,
152 		       sizeof(mlink->bitrate_mask.control[i].ht_mcs));
153 		memset(mlink->bitrate_mask.control[i].vht_mcs, 0xff,
154 		       sizeof(mlink->bitrate_mask.control[i].vht_mcs));
155 		memset(mlink->bitrate_mask.control[i].he_mcs, 0xff,
156 		       sizeof(mlink->bitrate_mask.control[i].he_mcs));
157 	}
158 }
159 
160 static int
161 mt7996_set_hw_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
162 		  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
163 		  struct ieee80211_key_conf *key)
164 {
165 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
166 	int idx = key->keyidx;
167 	unsigned int link_id;
168 	unsigned long links;
169 
170 	if (key->link_id >= 0)
171 		links = BIT(key->link_id);
172 	else if (sta && sta->valid_links)
173 		links = sta->valid_links;
174 	else if (vif->valid_links)
175 		links = vif->valid_links;
176 	else
177 		links = BIT(0);
178 
179 	for_each_set_bit(link_id, &links, IEEE80211_MLD_MAX_NUM_LINKS) {
180 		struct mt7996_sta_link *msta_link;
181 		struct mt7996_vif_link *link;
182 		u8 *wcid_keyidx;
183 		int err;
184 
185 		link = mt7996_vif_link(dev, vif, link_id);
186 		if (!link)
187 			continue;
188 
189 		if (sta) {
190 			struct mt7996_sta *msta;
191 
192 			msta = (struct mt7996_sta *)sta->drv_priv;
193 			msta_link = mt76_dereference(msta->link[link_id],
194 						     &dev->mt76);
195 			if (!msta_link)
196 				continue;
197 
198 			if (!msta_link->wcid.sta)
199 				return -EOPNOTSUPP;
200 		} else {
201 			msta_link = &link->msta_link;
202 		}
203 		wcid_keyidx = &msta_link->wcid.hw_key_idx;
204 
205 		switch (key->cipher) {
206 		case WLAN_CIPHER_SUITE_AES_CMAC:
207 		case WLAN_CIPHER_SUITE_BIP_CMAC_256:
208 		case WLAN_CIPHER_SUITE_BIP_GMAC_128:
209 		case WLAN_CIPHER_SUITE_BIP_GMAC_256:
210 			if (key->keyidx == 6 || key->keyidx == 7) {
211 				wcid_keyidx = &msta_link->wcid.hw_key_idx2;
212 				key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIE;
213 			}
214 			break;
215 		default:
216 			break;
217 		}
218 
219 		if (cmd == SET_KEY && !sta && !link->mt76.cipher) {
220 			struct ieee80211_bss_conf *link_conf;
221 
222 			link_conf = link_conf_dereference_protected(vif,
223 								    link_id);
224 			if (!link_conf)
225 				link_conf = &vif->bss_conf;
226 
227 			link->mt76.cipher =
228 				mt76_connac_mcu_get_cipher(key->cipher);
229 			mt7996_mcu_add_bss_info(link->phy, vif, link_conf,
230 						&link->mt76, msta_link, true);
231 		}
232 
233 		if (cmd == SET_KEY) {
234 			*wcid_keyidx = idx;
235 		} else {
236 			if (idx == *wcid_keyidx)
237 				*wcid_keyidx = -1;
238 			continue;
239 		}
240 
241 		mt76_wcid_key_setup(&dev->mt76, &msta_link->wcid, key);
242 
243 		if (key->keyidx == 6 || key->keyidx == 7) {
244 			err = mt7996_mcu_bcn_prot_enable(dev, link,
245 							 msta_link, key);
246 			if (err)
247 				return err;
248 		}
249 
250 		err = mt7996_mcu_add_key(&dev->mt76, vif, key,
251 					 MCU_WMWA_UNI_CMD(STA_REC_UPDATE),
252 					 &msta_link->wcid, cmd);
253 		if (err)
254 			return err;
255 	}
256 
257 	return 0;
258 }
259 
260 static void
261 mt7996_key_iter(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
262 		struct ieee80211_sta *sta, struct ieee80211_key_conf *key,
263 		void *data)
264 {
265 	if (sta)
266 		return;
267 
268 	WARN_ON(mt7996_set_hw_key(hw, SET_KEY, vif, NULL, key));
269 }
270 
271 int mt7996_vif_link_add(struct mt76_phy *mphy, struct ieee80211_vif *vif,
272 			struct ieee80211_bss_conf *link_conf,
273 			struct mt76_vif_link *mlink)
274 {
275 	struct mt7996_vif_link *link = container_of(mlink, struct mt7996_vif_link, mt76);
276 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
277 	struct mt7996_sta_link *msta_link = &link->msta_link;
278 	struct mt7996_phy *phy = mphy->priv;
279 	struct mt7996_dev *dev = phy->dev;
280 	u8 band_idx = phy->mt76->band_idx;
281 	struct mt76_txq *mtxq;
282 	int idx, ret;
283 
284 	mlink->idx = __ffs64(~dev->mt76.vif_mask);
285 	if (mlink->idx >= mt7996_max_interface_num(dev))
286 		return -ENOSPC;
287 
288 	idx = get_omac_idx(vif->type, phy->omac_mask);
289 	if (idx < 0)
290 		return -ENOSPC;
291 
292 	link->phy = phy;
293 	mlink->omac_idx = idx;
294 	mlink->band_idx = band_idx;
295 	mlink->wmm_idx = vif->type == NL80211_IFTYPE_AP ? 0 : 3;
296 	mlink->wcid = &msta_link->wcid;
297 	mlink->wcid->offchannel = mlink->offchannel;
298 
299 	ret = mt7996_mcu_add_dev_info(phy, vif, link_conf, mlink, true);
300 	if (ret)
301 		return ret;
302 
303 	dev->mt76.vif_mask |= BIT_ULL(mlink->idx);
304 	phy->omac_mask |= BIT_ULL(mlink->omac_idx);
305 
306 	idx = MT7996_WTBL_RESERVED - mlink->idx;
307 
308 	INIT_LIST_HEAD(&msta_link->rc_list);
309 	msta_link->wcid.idx = idx;
310 	msta_link->wcid.link_id = link_conf->link_id;
311 	msta_link->wcid.tx_info |= MT_WCID_TX_INFO_SET;
312 	mt76_wcid_init(&msta_link->wcid, band_idx);
313 
314 	mt7996_mac_wtbl_update(dev, idx,
315 			       MT_WTBL_UPDATE_ADM_COUNT_CLEAR);
316 
317 	if (vif->txq) {
318 		mtxq = (struct mt76_txq *)vif->txq->drv_priv;
319 		mtxq->wcid = idx;
320 	}
321 
322 	if (vif->type != NL80211_IFTYPE_AP &&
323 	    (!mlink->omac_idx || mlink->omac_idx > 3))
324 		vif->offload_flags = 0;
325 
326 	if (phy->mt76->chandef.chan->band != NL80211_BAND_2GHZ)
327 		mlink->basic_rates_idx = MT7996_BASIC_RATES_TBL + 4;
328 	else
329 		mlink->basic_rates_idx = MT7996_BASIC_RATES_TBL;
330 
331 	mt7996_init_bitrate_mask(vif, link);
332 
333 	mt7996_mcu_add_bss_info(phy, vif, link_conf, mlink, msta_link, true);
334 	/* defer the first STA_REC of BMC entry to BSS_CHANGED_BSSID for STA
335 	 * interface, since firmware only records BSSID when the entry is new
336 	 */
337 	if (vif->type != NL80211_IFTYPE_STATION)
338 		mt7996_mcu_add_sta(dev, link_conf, NULL, link, NULL,
339 				   CONN_STATE_PORT_SECURE, true);
340 	rcu_assign_pointer(dev->mt76.wcid[idx], &msta_link->wcid);
341 
342 	ieee80211_iter_keys(mphy->hw, vif, mt7996_key_iter, NULL);
343 
344 	if (mvif->mt76.deflink_id == IEEE80211_LINK_UNSPECIFIED)
345 		mvif->mt76.deflink_id = link_conf->link_id;
346 
347 	return 0;
348 }
349 
350 void mt7996_vif_link_remove(struct mt76_phy *mphy, struct ieee80211_vif *vif,
351 			    struct ieee80211_bss_conf *link_conf,
352 			    struct mt76_vif_link *mlink)
353 {
354 	struct mt7996_vif_link *link = container_of(mlink, struct mt7996_vif_link, mt76);
355 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
356 	struct mt7996_sta_link *msta_link = &link->msta_link;
357 	struct mt7996_phy *phy = mphy->priv;
358 	struct mt7996_dev *dev = phy->dev;
359 	int idx = msta_link->wcid.idx;
360 
361 	mt7996_mcu_add_sta(dev, link_conf, NULL, link, NULL,
362 			   CONN_STATE_DISCONNECT, false);
363 	mt7996_mcu_add_bss_info(phy, vif, link_conf, mlink, msta_link, false);
364 
365 	mt7996_mcu_add_dev_info(phy, vif, link_conf, mlink, false);
366 
367 	rcu_assign_pointer(dev->mt76.wcid[idx], NULL);
368 
369 	if (mvif->mt76.deflink_id == link_conf->link_id) {
370 		struct ieee80211_bss_conf *iter;
371 		unsigned int link_id;
372 
373 		mvif->mt76.deflink_id = IEEE80211_LINK_UNSPECIFIED;
374 		for_each_vif_active_link(vif, iter, link_id) {
375 			if (link_id != IEEE80211_LINK_UNSPECIFIED) {
376 				mvif->mt76.deflink_id = link_id;
377 				break;
378 			}
379 		}
380 	}
381 
382 	dev->mt76.vif_mask &= ~BIT_ULL(mlink->idx);
383 	phy->omac_mask &= ~BIT_ULL(mlink->omac_idx);
384 
385 	spin_lock_bh(&dev->mt76.sta_poll_lock);
386 	if (!list_empty(&msta_link->wcid.poll_list))
387 		list_del_init(&msta_link->wcid.poll_list);
388 	spin_unlock_bh(&dev->mt76.sta_poll_lock);
389 
390 	mt76_wcid_cleanup(&dev->mt76, &msta_link->wcid);
391 }
392 
393 static void mt7996_phy_set_rxfilter(struct mt7996_phy *phy)
394 {
395 	struct mt7996_dev *dev = phy->dev;
396 	u32 ctl_flags = MT_WF_RFCR1_DROP_ACK |
397 			MT_WF_RFCR1_DROP_BF_POLL |
398 			MT_WF_RFCR1_DROP_BA |
399 			MT_WF_RFCR1_DROP_CFEND |
400 			MT_WF_RFCR1_DROP_CFACK;
401 	u32 filter = phy->rxfilter;
402 
403 	if (filter & MT_WF_RFCR_DROP_OTHER_UC) {
404 		filter |= MT_WF_RFCR_DROP_CTS |
405 			  MT_WF_RFCR_DROP_RTS |
406 			  MT_WF_RFCR_DROP_CTL_RSV |
407 			  MT_WF_RFCR_DROP_FCSFAIL;
408 	}
409 
410 	mt76_wr(dev, MT_WF_RFCR(phy->mt76->band_idx), filter);
411 	if (filter & MT_WF_RFCR_DROP_CTL_RSV)
412 		mt76_set(dev, MT_WF_RFCR1(phy->mt76->band_idx), ctl_flags);
413 	else
414 		mt76_clear(dev, MT_WF_RFCR1(phy->mt76->band_idx), ctl_flags);
415 }
416 
417 static void mt7996_set_monitor(struct mt7996_phy *phy, bool enabled)
418 {
419 	struct mt7996_dev *dev;
420 
421 	if (!phy)
422 		return;
423 
424 	dev = phy->dev;
425 
426 	if (enabled == !(phy->rxfilter & MT_WF_RFCR_DROP_OTHER_UC))
427 		return;
428 
429 	if (!enabled)
430 		phy->rxfilter |= MT_WF_RFCR_DROP_OTHER_UC;
431 	else
432 		phy->rxfilter &= ~MT_WF_RFCR_DROP_OTHER_UC;
433 
434 	mt76_rmw_field(dev, MT_DMA_DCR0(phy->mt76->band_idx),
435 		       MT_DMA_DCR0_RXD_G5_EN, enabled);
436 	mt7996_phy_set_rxfilter(phy);
437 	mt7996_mcu_set_sniffer_mode(phy, enabled);
438 }
439 
440 static int mt7996_add_interface(struct ieee80211_hw *hw,
441 				struct ieee80211_vif *vif)
442 {
443 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
444 	struct wireless_dev *wdev = ieee80211_vif_to_wdev(vif);
445 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
446 	int i, err = 0;
447 
448 	mutex_lock(&dev->mt76.mutex);
449 
450 	for (i = 0; i < MT7996_MAX_RADIOS; i++) {
451 		struct mt7996_phy *phy = dev->radio_phy[i];
452 
453 		if (!phy || !(wdev->radio_mask & BIT(i)) ||
454 		    test_bit(MT76_STATE_RUNNING, &phy->mt76->state))
455 			continue;
456 
457 		err = mt7996_run(phy);
458 		if (err)
459 			goto out;
460 
461 		if (vif->type == NL80211_IFTYPE_MONITOR)
462 			mt7996_set_monitor(phy, true);
463 	}
464 
465 	mt76_vif_init(vif, &mvif->mt76);
466 
467 	vif->offload_flags |= IEEE80211_OFFLOAD_ENCAP_4ADDR;
468 	mvif->mt76.deflink_id = IEEE80211_LINK_UNSPECIFIED;
469 
470 out:
471 	mutex_unlock(&dev->mt76.mutex);
472 
473 	return err;
474 }
475 
476 struct mt7996_radio_data {
477 	u32 active_mask;
478 	u32 monitor_mask;
479 };
480 
481 static void mt7996_remove_iter(void *data, u8 *mac, struct ieee80211_vif *vif)
482 {
483 	struct wireless_dev *wdev = ieee80211_vif_to_wdev(vif);
484 	struct mt7996_radio_data *rdata = data;
485 
486 	rdata->active_mask |= wdev->radio_mask;
487 	if (vif->type == NL80211_IFTYPE_MONITOR)
488 		rdata->monitor_mask |= wdev->radio_mask;
489 }
490 
491 static void mt7996_remove_interface(struct ieee80211_hw *hw,
492 				    struct ieee80211_vif *vif)
493 {
494 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
495 	struct mt7996_radio_data rdata = {};
496 	int i;
497 
498 	ieee80211_iterate_active_interfaces_mtx(hw, 0, mt7996_remove_iter,
499 						&rdata);
500 	mt76_vif_cleanup(&dev->mt76, vif);
501 
502 	for (i = 0; i < MT7996_MAX_RADIOS; i++) {
503 		struct mt7996_phy *phy = dev->radio_phy[i];
504 
505 		if (!phy)
506 			continue;
507 		if (!(rdata.monitor_mask & BIT(i)))
508 			mt7996_set_monitor(phy, false);
509 		if (!(rdata.active_mask & BIT(i)))
510 			mt7996_stop_phy(phy);
511 	}
512 }
513 
514 int mt7996_set_channel(struct mt76_phy *mphy)
515 {
516 	struct mt7996_phy *phy = mphy->priv;
517 	int ret;
518 
519 	ret = mt7996_mcu_set_chan_info(phy, UNI_CHANNEL_SWITCH);
520 	if (ret)
521 		goto out;
522 
523 	ret = mt7996_mcu_set_chan_info(phy, UNI_CHANNEL_RX_PATH);
524 	if (ret)
525 		goto out;
526 
527 	ret = mt7996_mcu_set_txpower_sku(phy);
528 	if (ret)
529 		goto out;
530 
531 	ret = mt7996_dfs_init_radar_detector(phy);
532 	mt7996_mac_cca_stats_reset(phy);
533 
534 	mt7996_mac_reset_counters(phy);
535 	phy->noise = 0;
536 
537 out:
538 	ieee80211_queue_delayed_work(mphy->hw, &mphy->mac_work,
539 				     MT7996_WATCHDOG_TIME);
540 
541 	return ret;
542 }
543 
544 static int mt7996_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
545 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
546 			  struct ieee80211_key_conf *key)
547 {
548 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
549 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
550 	int err;
551 
552 	/* The hardware does not support per-STA RX GTK, fallback
553 	 * to software mode for these.
554 	 */
555 	if ((vif->type == NL80211_IFTYPE_ADHOC ||
556 	     vif->type == NL80211_IFTYPE_MESH_POINT) &&
557 	    (key->cipher == WLAN_CIPHER_SUITE_TKIP ||
558 	     key->cipher == WLAN_CIPHER_SUITE_CCMP) &&
559 	    !(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
560 		return -EOPNOTSUPP;
561 
562 	/* fall back to sw encryption for unsupported ciphers */
563 	switch (key->cipher) {
564 	case WLAN_CIPHER_SUITE_TKIP:
565 	case WLAN_CIPHER_SUITE_CCMP:
566 	case WLAN_CIPHER_SUITE_CCMP_256:
567 	case WLAN_CIPHER_SUITE_GCMP:
568 	case WLAN_CIPHER_SUITE_GCMP_256:
569 	case WLAN_CIPHER_SUITE_SMS4:
570 		break;
571 	case WLAN_CIPHER_SUITE_AES_CMAC:
572 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
573 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
574 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
575 		if (key->keyidx == 6 || key->keyidx == 7)
576 			break;
577 		fallthrough;
578 	case WLAN_CIPHER_SUITE_WEP40:
579 	case WLAN_CIPHER_SUITE_WEP104:
580 	default:
581 		return -EOPNOTSUPP;
582 	}
583 
584 	if (!mt7996_vif_link_phy(&mvif->deflink))
585 		return 0; /* defer until after link add */
586 
587 	mutex_lock(&dev->mt76.mutex);
588 	err = mt7996_set_hw_key(hw, cmd, vif, sta, key);
589 	mutex_unlock(&dev->mt76.mutex);
590 
591 	return err;
592 }
593 
594 static int mt7996_config(struct ieee80211_hw *hw, int radio_idx, u32 changed)
595 {
596 	return 0;
597 }
598 
599 static int
600 mt7996_conf_tx(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
601 	       unsigned int link_id, u16 queue,
602 	       const struct ieee80211_tx_queue_params *params)
603 {
604 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
605 	struct mt7996_vif_link *mlink = mt7996_vif_link(dev, vif, link_id);
606 	static const u8 mq_to_aci[] = {
607 		[IEEE80211_AC_VO] = 3,
608 		[IEEE80211_AC_VI] = 2,
609 		[IEEE80211_AC_BE] = 0,
610 		[IEEE80211_AC_BK] = 1,
611 	};
612 
613 	/* firmware uses access class index */
614 	mlink->queue_params[mq_to_aci[queue]] = *params;
615 	/* no need to update right away, we'll get BSS_CHANGED_QOS */
616 
617 	return 0;
618 }
619 
620 static void mt7996_configure_filter(struct ieee80211_hw *hw,
621 				    unsigned int changed_flags,
622 				    unsigned int *total_flags,
623 				    u64 multicast)
624 {
625 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
626 	struct mt7996_phy *phy;
627 	u32 filter_mask = 0, filter_set = 0;
628 	u32 flags = 0;
629 
630 #define MT76_FILTER(_flag, _hw) do {				\
631 		flags |= *total_flags & FIF_##_flag;		\
632 		filter_mask |= (_hw);				\
633 		filter_set |= !(flags & FIF_##_flag) * (_hw);	\
634 	} while (0)
635 
636 	mutex_lock(&dev->mt76.mutex);
637 
638 	MT76_FILTER(OTHER_BSS, MT_WF_RFCR_DROP_OTHER_TIM |
639 			       MT_WF_RFCR_DROP_A3_MAC |
640 			       MT_WF_RFCR_DROP_A3_BSSID);
641 
642 	MT76_FILTER(FCSFAIL, MT_WF_RFCR_DROP_FCSFAIL);
643 
644 	MT76_FILTER(CONTROL, MT_WF_RFCR_DROP_CTS |
645 			     MT_WF_RFCR_DROP_RTS |
646 			     MT_WF_RFCR_DROP_CTL_RSV);
647 
648 	*total_flags = flags;
649 
650 	mt7996_for_each_phy(dev, phy) {
651 		phy->rxfilter &= ~(MT_WF_RFCR_DROP_OTHER_BSS |
652 				   MT_WF_RFCR_DROP_OTHER_BEACON |
653 				   MT_WF_RFCR_DROP_FRAME_REPORT |
654 				   MT_WF_RFCR_DROP_PROBEREQ |
655 				   MT_WF_RFCR_DROP_MCAST_FILTERED |
656 				   MT_WF_RFCR_DROP_MCAST |
657 				   MT_WF_RFCR_DROP_BCAST |
658 				   MT_WF_RFCR_DROP_DUPLICATE |
659 				   MT_WF_RFCR_DROP_A2_BSSID |
660 				   MT_WF_RFCR_DROP_UNWANTED_CTL |
661 				   MT_WF_RFCR_DROP_STBC_MULTI |
662 				   filter_mask);
663 		phy->rxfilter |= filter_set;
664 		mt7996_phy_set_rxfilter(phy);
665 	}
666 
667 	mutex_unlock(&dev->mt76.mutex);
668 }
669 
670 static int
671 mt7996_get_txpower(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
672 		   unsigned int link_id, int *dbm)
673 {
674 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
675 	struct mt7996_phy *phy = mt7996_vif_link_phy(&mvif->deflink);
676 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
677 	struct wireless_dev *wdev;
678 	int n_chains, delta, i;
679 
680 	if (!phy) {
681 		wdev = ieee80211_vif_to_wdev(vif);
682 		for (i = 0; i < hw->wiphy->n_radio; i++)
683 			if (wdev->radio_mask & BIT(i))
684 				phy = dev->radio_phy[i];
685 
686 		if (!phy)
687 			return -EINVAL;
688 	}
689 
690 	n_chains = hweight16(phy->mt76->chainmask);
691 	delta = mt76_tx_power_path_delta(n_chains);
692 	*dbm = DIV_ROUND_UP(phy->mt76->txpower_cur + delta, 2);
693 
694 	return 0;
695 }
696 
697 static u8
698 mt7996_get_rates_table(struct mt7996_phy *phy, struct ieee80211_bss_conf *conf,
699 		       bool beacon, bool mcast)
700 {
701 	struct mt7996_dev *dev = phy->dev;
702 	struct mt76_vif_link *mvif = mt76_vif_conf_link(&dev->mt76, conf->vif, conf);
703 	u16 rate;
704 	u8 i, idx;
705 
706 	rate = mt76_connac2_mac_tx_rate_val(phy->mt76, conf, beacon, mcast);
707 
708 	if (beacon) {
709 		/* odd index for driver, even index for firmware */
710 		idx = MT7996_BEACON_RATES_TBL + 2 * phy->mt76->band_idx;
711 		if (phy->beacon_rate != rate)
712 			mt7996_mcu_set_fixed_rate_table(phy, idx, rate, beacon);
713 
714 		return idx;
715 	}
716 
717 	idx = FIELD_GET(MT_TX_RATE_IDX, rate);
718 	for (i = 0; i < ARRAY_SIZE(mt76_rates); i++)
719 		if ((mt76_rates[i].hw_value & GENMASK(7, 0)) == idx)
720 			return MT7996_BASIC_RATES_TBL + 2 * i;
721 
722 	return mvif->basic_rates_idx;
723 }
724 
725 static void
726 mt7996_update_mu_group(struct ieee80211_hw *hw, struct mt7996_vif_link *link,
727 		       struct ieee80211_bss_conf *info)
728 {
729 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
730 	u8 band = link->mt76.band_idx;
731 	u32 *mu;
732 
733 	mu = (u32 *)info->mu_group.membership;
734 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_VLD0(band), mu[0]);
735 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_VLD1(band), mu[1]);
736 
737 	mu = (u32 *)info->mu_group.position;
738 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_POS0(band), mu[0]);
739 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_POS1(band), mu[1]);
740 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_POS2(band), mu[2]);
741 	mt76_wr(dev, MT_WF_PHYRX_BAND_GID_TAB_POS3(band), mu[3]);
742 }
743 
744 static void
745 mt7996_vif_cfg_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
746 		       u64 changed)
747 {
748 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
749 
750 	mutex_lock(&dev->mt76.mutex);
751 
752 	if ((changed & BSS_CHANGED_ASSOC) && vif->cfg.assoc) {
753 		struct ieee80211_bss_conf *link_conf;
754 		unsigned long link_id;
755 
756 		for_each_vif_active_link(vif, link_conf, link_id) {
757 			struct mt7996_vif_link *link;
758 
759 			link = mt7996_vif_link(dev, vif, link_id);
760 			if (!link)
761 				continue;
762 
763 			if (!link->phy)
764 				continue;
765 
766 			mt7996_mcu_add_bss_info(link->phy, vif, link_conf,
767 						&link->mt76, &link->msta_link,
768 						true);
769 			mt7996_mcu_add_sta(dev, link_conf, NULL, link, NULL,
770 					   CONN_STATE_PORT_SECURE,
771 					   !!(changed & BSS_CHANGED_BSSID));
772 		}
773 	}
774 
775 	mutex_unlock(&dev->mt76.mutex);
776 }
777 
778 static void
779 mt7996_link_info_changed(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
780 			 struct ieee80211_bss_conf *info, u64 changed)
781 {
782 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
783 	struct mt7996_vif_link *link;
784 	struct mt7996_phy *phy;
785 	struct mt76_phy *mphy;
786 
787 	mutex_lock(&dev->mt76.mutex);
788 
789 	link = mt7996_vif_conf_link(dev, vif, info);
790 	if (!link)
791 		goto out;
792 
793 	mphy = mt76_vif_link_phy(&link->mt76);
794 	if (!mphy)
795 		goto out;
796 
797 	phy = mphy->priv;
798 
799 	/* station mode uses BSSID to map the wlan entry to a peer,
800 	 * and then peer references bss_info_rfch to set bandwidth cap.
801 	 */
802 	if ((changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid)) ||
803 	    (changed & BSS_CHANGED_BEACON_ENABLED && info->enable_beacon)) {
804 		mt7996_mcu_add_bss_info(phy, vif, info, &link->mt76,
805 					&link->msta_link, true);
806 		mt7996_mcu_add_sta(dev, info, NULL, link, NULL,
807 				   CONN_STATE_PORT_SECURE,
808 				   !!(changed & BSS_CHANGED_BSSID));
809 	}
810 
811 	if (changed & BSS_CHANGED_ERP_SLOT) {
812 		int slottime = info->use_short_slot ? 9 : 20;
813 
814 		if (slottime != phy->slottime) {
815 			phy->slottime = slottime;
816 			mt7996_mcu_set_timing(phy, vif, info);
817 		}
818 	}
819 
820 	if (changed & BSS_CHANGED_MCAST_RATE)
821 		link->mt76.mcast_rates_idx =
822 			mt7996_get_rates_table(phy, info, false, true);
823 
824 	if (changed & BSS_CHANGED_BASIC_RATES)
825 		link->mt76.basic_rates_idx =
826 			mt7996_get_rates_table(phy, info, false, false);
827 
828 	/* ensure that enable txcmd_mode after bss_info */
829 	if (changed & (BSS_CHANGED_QOS | BSS_CHANGED_BEACON_ENABLED))
830 		mt7996_mcu_set_tx(dev, vif, info);
831 
832 	if (changed & BSS_CHANGED_HE_OBSS_PD)
833 		mt7996_mcu_add_obss_spr(phy, link, &info->he_obss_pd);
834 
835 	if (changed & BSS_CHANGED_HE_BSS_COLOR) {
836 		if ((vif->type == NL80211_IFTYPE_AP &&
837 		    link->mt76.omac_idx <= HW_BSSID_MAX) ||
838 		   vif->type == NL80211_IFTYPE_STATION)
839 			mt7996_mcu_update_bss_color(dev, &link->mt76,
840 						    &info->he_bss_color);
841 	}
842 
843 	if (changed & (BSS_CHANGED_BEACON |
844 		       BSS_CHANGED_BEACON_ENABLED)) {
845 		link->mt76.beacon_rates_idx =
846 			mt7996_get_rates_table(phy, info, true, false);
847 
848 		mt7996_mcu_add_beacon(hw, vif, info);
849 	}
850 
851 	if (changed & (BSS_CHANGED_UNSOL_BCAST_PROBE_RESP |
852 		       BSS_CHANGED_FILS_DISCOVERY))
853 		mt7996_mcu_beacon_inband_discov(dev, info, link, changed);
854 
855 	if (changed & BSS_CHANGED_MU_GROUPS)
856 		mt7996_update_mu_group(hw, link, info);
857 
858 	if (changed & BSS_CHANGED_TXPOWER &&
859 	    info->txpower != phy->txpower) {
860 		phy->txpower = info->txpower;
861 		mt7996_mcu_set_txpower_sku(phy);
862 	}
863 
864 out:
865 	mutex_unlock(&dev->mt76.mutex);
866 }
867 
868 static void
869 mt7996_channel_switch_beacon(struct ieee80211_hw *hw,
870 			     struct ieee80211_vif *vif,
871 			     struct cfg80211_chan_def *chandef)
872 {
873 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
874 
875 	mutex_lock(&dev->mt76.mutex);
876 	mt7996_mcu_add_beacon(hw, vif, &vif->bss_conf);
877 	mutex_unlock(&dev->mt76.mutex);
878 }
879 
880 static int
881 mt7996_mac_sta_init_link(struct mt7996_dev *dev,
882 			 struct ieee80211_bss_conf *link_conf,
883 			 struct ieee80211_link_sta *link_sta,
884 			 struct mt7996_vif_link *link, unsigned int link_id)
885 {
886 	struct ieee80211_sta *sta = link_sta->sta;
887 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
888 	struct mt7996_phy *phy = link->phy;
889 	struct mt7996_sta_link *msta_link;
890 	int idx;
891 
892 	idx = mt76_wcid_alloc(dev->mt76.wcid_mask, MT7996_WTBL_STA);
893 	if (idx < 0)
894 		return -ENOSPC;
895 
896 	if (msta->deflink_id == IEEE80211_LINK_UNSPECIFIED) {
897 		int i;
898 
899 		msta_link = &msta->deflink;
900 		msta->deflink_id = link_id;
901 
902 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++) {
903 			struct mt76_txq *mtxq;
904 
905 			if (!sta->txq[i])
906 				continue;
907 
908 			mtxq = (struct mt76_txq *)sta->txq[i]->drv_priv;
909 			mtxq->wcid = idx;
910 		}
911 	} else {
912 		msta_link = kzalloc(sizeof(*msta_link), GFP_KERNEL);
913 		if (!msta_link)
914 			return -ENOMEM;
915 	}
916 
917 	INIT_LIST_HEAD(&msta_link->rc_list);
918 	INIT_LIST_HEAD(&msta_link->wcid.poll_list);
919 	msta_link->sta = msta;
920 	msta_link->wcid.sta = 1;
921 	msta_link->wcid.idx = idx;
922 	msta_link->wcid.link_id = link_id;
923 
924 	ewma_avg_signal_init(&msta_link->avg_ack_signal);
925 	ewma_signal_init(&msta_link->wcid.rssi);
926 
927 	rcu_assign_pointer(msta->link[link_id], msta_link);
928 
929 	mt7996_mac_wtbl_update(dev, idx, MT_WTBL_UPDATE_ADM_COUNT_CLEAR);
930 	mt7996_mcu_add_sta(dev, link_conf, link_sta, link, msta_link,
931 			   CONN_STATE_DISCONNECT, true);
932 
933 	rcu_assign_pointer(dev->mt76.wcid[idx], &msta_link->wcid);
934 	mt76_wcid_init(&msta_link->wcid, phy->mt76->band_idx);
935 
936 	return 0;
937 }
938 
939 static void
940 mt7996_mac_sta_deinit_link(struct mt7996_dev *dev,
941 			   struct mt7996_sta_link *msta_link)
942 {
943 	int i;
944 
945 	for (i = 0; i < ARRAY_SIZE(msta_link->wcid.aggr); i++)
946 		mt76_rx_aggr_stop(&dev->mt76, &msta_link->wcid, i);
947 
948 	mt7996_mac_wtbl_update(dev, msta_link->wcid.idx,
949 			       MT_WTBL_UPDATE_ADM_COUNT_CLEAR);
950 
951 	spin_lock_bh(&dev->mt76.sta_poll_lock);
952 	if (!list_empty(&msta_link->wcid.poll_list))
953 		list_del_init(&msta_link->wcid.poll_list);
954 	if (!list_empty(&msta_link->rc_list))
955 		list_del_init(&msta_link->rc_list);
956 	spin_unlock_bh(&dev->mt76.sta_poll_lock);
957 
958 	mt76_wcid_cleanup(&dev->mt76, &msta_link->wcid);
959 	mt76_wcid_mask_clear(dev->mt76.wcid_mask, msta_link->wcid.idx);
960 }
961 
962 static void
963 mt7996_mac_sta_remove_links(struct mt7996_dev *dev, struct ieee80211_vif *vif,
964 			    struct ieee80211_sta *sta, unsigned long links)
965 {
966 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
967 	struct mt76_dev *mdev = &dev->mt76;
968 	unsigned int link_id;
969 
970 	for_each_set_bit(link_id, &links, IEEE80211_MLD_MAX_NUM_LINKS) {
971 		struct mt7996_sta_link *msta_link = NULL;
972 		struct mt7996_vif_link *link;
973 		struct mt76_phy *mphy;
974 
975 		msta_link = rcu_replace_pointer(msta->link[link_id], msta_link,
976 						lockdep_is_held(&mdev->mutex));
977 		if (!msta_link)
978 			continue;
979 
980 		mt7996_mac_sta_deinit_link(dev, msta_link);
981 		link = mt7996_vif_link(dev, vif, link_id);
982 		if (!link)
983 			continue;
984 
985 		mphy = mt76_vif_link_phy(&link->mt76);
986 		if (!mphy)
987 			continue;
988 
989 		mphy->num_sta--;
990 		if (msta->deflink_id == link_id) {
991 			msta->deflink_id = IEEE80211_LINK_UNSPECIFIED;
992 			continue;
993 		}
994 
995 		kfree_rcu(msta_link, rcu_head);
996 	}
997 }
998 
999 static int
1000 mt7996_mac_sta_add_links(struct mt7996_dev *dev, struct ieee80211_vif *vif,
1001 			 struct ieee80211_sta *sta, unsigned long new_links)
1002 {
1003 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1004 	unsigned int link_id;
1005 	int err = 0;
1006 
1007 	for_each_set_bit(link_id, &new_links, IEEE80211_MLD_MAX_NUM_LINKS) {
1008 		struct ieee80211_bss_conf *link_conf;
1009 		struct ieee80211_link_sta *link_sta;
1010 		struct mt7996_vif_link *link;
1011 		struct mt76_phy *mphy;
1012 
1013 		if (rcu_access_pointer(msta->link[link_id]))
1014 			continue;
1015 
1016 		link_conf = link_conf_dereference_protected(vif, link_id);
1017 		if (!link_conf) {
1018 			err = -EINVAL;
1019 			goto error_unlink;
1020 		}
1021 
1022 		link = mt7996_vif_link(dev, vif, link_id);
1023 		if (!link) {
1024 			err = -EINVAL;
1025 			goto error_unlink;
1026 		}
1027 
1028 		link_sta = link_sta_dereference_protected(sta, link_id);
1029 		if (!link_sta) {
1030 			err = -EINVAL;
1031 			goto error_unlink;
1032 		}
1033 
1034 		err = mt7996_mac_sta_init_link(dev, link_conf, link_sta, link,
1035 					       link_id);
1036 		if (err)
1037 			goto error_unlink;
1038 
1039 		mphy = mt76_vif_link_phy(&link->mt76);
1040 		if (!mphy) {
1041 			err = -EINVAL;
1042 			goto error_unlink;
1043 		}
1044 		mphy->num_sta++;
1045 	}
1046 
1047 	return 0;
1048 
1049 error_unlink:
1050 	mt7996_mac_sta_remove_links(dev, vif, sta, new_links);
1051 
1052 	return err;
1053 }
1054 
1055 static int
1056 mt7996_mac_sta_change_links(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1057 			    struct ieee80211_sta *sta, u16 old_links,
1058 			    u16 new_links)
1059 {
1060 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1061 	unsigned long add = new_links & ~old_links;
1062 	unsigned long rem = old_links & ~new_links;
1063 	int ret;
1064 
1065 	mutex_lock(&dev->mt76.mutex);
1066 
1067 	mt7996_mac_sta_remove_links(dev, vif, sta, rem);
1068 	ret = mt7996_mac_sta_add_links(dev, vif, sta, add);
1069 
1070 	mutex_unlock(&dev->mt76.mutex);
1071 
1072 	return ret;
1073 }
1074 
1075 static int
1076 mt7996_mac_sta_add(struct mt7996_dev *dev, struct ieee80211_vif *vif,
1077 		   struct ieee80211_sta *sta)
1078 {
1079 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1080 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1081 	unsigned long links = sta->valid_links ? sta->valid_links : BIT(0);
1082 	int err;
1083 
1084 	mutex_lock(&dev->mt76.mutex);
1085 
1086 	msta->deflink_id = IEEE80211_LINK_UNSPECIFIED;
1087 	msta->vif = mvif;
1088 	err = mt7996_mac_sta_add_links(dev, vif, sta, links);
1089 
1090 	mutex_unlock(&dev->mt76.mutex);
1091 
1092 	return err;
1093 }
1094 
1095 static int
1096 mt7996_mac_sta_event(struct mt7996_dev *dev, struct ieee80211_vif *vif,
1097 		     struct ieee80211_sta *sta, enum mt76_sta_event ev)
1098 {
1099 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1100 	unsigned long links = sta->valid_links;
1101 	struct ieee80211_link_sta *link_sta;
1102 	unsigned int link_id;
1103 
1104 	for_each_sta_active_link(vif, sta, link_sta, link_id) {
1105 		struct ieee80211_bss_conf *link_conf;
1106 		struct mt7996_sta_link *msta_link;
1107 		struct mt7996_vif_link *link;
1108 		int i, err;
1109 
1110 		link_conf = link_conf_dereference_protected(vif, link_id);
1111 		if (!link_conf)
1112 			continue;
1113 
1114 		link = mt7996_vif_link(dev, vif, link_id);
1115 		if (!link)
1116 			continue;
1117 
1118 		msta_link = mt76_dereference(msta->link[link_id], &dev->mt76);
1119 		if (!msta_link)
1120 			continue;
1121 
1122 		switch (ev) {
1123 		case MT76_STA_EVENT_ASSOC:
1124 			err = mt7996_mcu_add_sta(dev, link_conf, link_sta,
1125 						 link, msta_link,
1126 						 CONN_STATE_CONNECT, true);
1127 			if (err)
1128 				return err;
1129 
1130 			err = mt7996_mcu_add_rate_ctrl(dev, msta_link->sta, vif,
1131 						       link_id, false);
1132 			if (err)
1133 				return err;
1134 
1135 			msta_link->wcid.tx_info |= MT_WCID_TX_INFO_SET;
1136 			break;
1137 		case MT76_STA_EVENT_AUTHORIZE:
1138 			err = mt7996_mcu_add_sta(dev, link_conf, link_sta,
1139 						 link, msta_link,
1140 						 CONN_STATE_PORT_SECURE, false);
1141 			if (err)
1142 				return err;
1143 			break;
1144 		case MT76_STA_EVENT_DISASSOC:
1145 			for (i = 0; i < ARRAY_SIZE(msta_link->twt.flow); i++)
1146 				mt7996_mac_twt_teardown_flow(dev, link,
1147 							     msta_link, i);
1148 
1149 			if (sta->mlo && links == BIT(link_id)) /* last link */
1150 				mt7996_mcu_teardown_mld_sta(dev, link,
1151 							    msta_link);
1152 			else
1153 				mt7996_mcu_add_sta(dev, link_conf, link_sta,
1154 						   link, msta_link,
1155 						   CONN_STATE_DISCONNECT, false);
1156 			msta_link->wcid.sta_disabled = 1;
1157 			msta_link->wcid.sta = 0;
1158 			links = links & ~BIT(link_id);
1159 			break;
1160 		}
1161 	}
1162 
1163 	return 0;
1164 }
1165 
1166 static void
1167 mt7996_mac_sta_remove(struct mt7996_dev *dev, struct ieee80211_vif *vif,
1168 		      struct ieee80211_sta *sta)
1169 {
1170 	unsigned long links = sta->valid_links ? sta->valid_links : BIT(0);
1171 
1172 	mutex_lock(&dev->mt76.mutex);
1173 	mt7996_mac_sta_remove_links(dev, vif, sta, links);
1174 	mutex_unlock(&dev->mt76.mutex);
1175 }
1176 
1177 static int
1178 mt7996_sta_state(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1179 		 struct ieee80211_sta *sta, enum ieee80211_sta_state old_state,
1180 		 enum ieee80211_sta_state new_state)
1181 {
1182 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1183 	enum mt76_sta_event ev;
1184 
1185 	if (old_state == IEEE80211_STA_NOTEXIST &&
1186 	    new_state == IEEE80211_STA_NONE)
1187 		return mt7996_mac_sta_add(dev, vif, sta);
1188 
1189 	if (old_state == IEEE80211_STA_NONE &&
1190 	    new_state == IEEE80211_STA_NOTEXIST)
1191 		mt7996_mac_sta_remove(dev, vif, sta);
1192 
1193 	if (old_state == IEEE80211_STA_AUTH &&
1194 	    new_state == IEEE80211_STA_ASSOC)
1195 		ev = MT76_STA_EVENT_ASSOC;
1196 	else if (old_state == IEEE80211_STA_ASSOC &&
1197 		 new_state == IEEE80211_STA_AUTHORIZED)
1198 		ev = MT76_STA_EVENT_AUTHORIZE;
1199 	else if (old_state == IEEE80211_STA_ASSOC &&
1200 		 new_state == IEEE80211_STA_AUTH)
1201 		ev = MT76_STA_EVENT_DISASSOC;
1202 	else
1203 		return 0;
1204 
1205 	return mt7996_mac_sta_event(dev, vif, sta, ev);
1206 }
1207 
1208 static void mt7996_tx(struct ieee80211_hw *hw,
1209 		      struct ieee80211_tx_control *control,
1210 		      struct sk_buff *skb)
1211 {
1212 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1213 	struct mt76_phy *mphy = hw->priv;
1214 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1215 	struct ieee80211_vif *vif = info->control.vif;
1216 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1217 	u8 link_id = u32_get_bits(info->control.flags,
1218 				  IEEE80211_TX_CTRL_MLO_LINK);
1219 
1220 	rcu_read_lock();
1221 
1222 	if (vif) {
1223 		struct mt7996_vif *mvif = (void *)vif->drv_priv;
1224 		struct mt76_vif_link *mlink = &mvif->deflink.mt76;
1225 
1226 		if (link_id < IEEE80211_LINK_UNSPECIFIED)
1227 			mlink = rcu_dereference(mvif->mt76.link[link_id]);
1228 
1229 		if (!mlink) {
1230 			ieee80211_free_txskb(hw, skb);
1231 			goto unlock;
1232 		}
1233 
1234 		if (mlink->wcid)
1235 			wcid = mlink->wcid;
1236 
1237 		if (mvif->mt76.roc_phy &&
1238 		    (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN)) {
1239 			mphy = mvif->mt76.roc_phy;
1240 			if (mphy->roc_link)
1241 				wcid = mphy->roc_link->wcid;
1242 		} else {
1243 			mphy = mt76_vif_link_phy(mlink);
1244 		}
1245 	}
1246 
1247 	if (!mphy) {
1248 		ieee80211_free_txskb(hw, skb);
1249 		goto unlock;
1250 	}
1251 
1252 	if (control->sta && link_id < IEEE80211_LINK_UNSPECIFIED) {
1253 		struct mt7996_sta *msta = (void *)control->sta->drv_priv;
1254 		struct mt7996_sta_link *msta_link;
1255 
1256 		msta_link = rcu_dereference(msta->link[link_id]);
1257 		if (msta_link)
1258 			wcid = &msta_link->wcid;
1259 	}
1260 	mt76_tx(mphy, control->sta, wcid, skb);
1261 unlock:
1262 	rcu_read_unlock();
1263 }
1264 
1265 static int mt7996_set_rts_threshold(struct ieee80211_hw *hw, int radio_idx,
1266 				    u32 val)
1267 {
1268 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1269 	int i, ret = 0;
1270 
1271 	mutex_lock(&dev->mt76.mutex);
1272 
1273 	for (i = 0; i < hw->wiphy->n_radio; i++) {
1274 		struct mt7996_phy *phy = dev->radio_phy[i];
1275 
1276 		ret = mt7996_mcu_set_rts_thresh(phy, val);
1277 		if (ret)
1278 			break;
1279 	}
1280 
1281 	mutex_unlock(&dev->mt76.mutex);
1282 
1283 	return ret;
1284 }
1285 
1286 static int
1287 mt7996_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1288 		    struct ieee80211_ampdu_params *params)
1289 {
1290 	enum ieee80211_ampdu_mlme_action action = params->action;
1291 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1292 	struct ieee80211_sta *sta = params->sta;
1293 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1294 	struct ieee80211_txq *txq = sta->txq[params->tid];
1295 	struct ieee80211_link_sta *link_sta;
1296 	u16 tid = params->tid;
1297 	u16 ssn = params->ssn;
1298 	struct mt76_txq *mtxq;
1299 	unsigned int link_id;
1300 	int ret = 0;
1301 
1302 	if (!txq)
1303 		return -EINVAL;
1304 
1305 	mtxq = (struct mt76_txq *)txq->drv_priv;
1306 
1307 	mutex_lock(&dev->mt76.mutex);
1308 
1309 	for_each_sta_active_link(vif, sta, link_sta, link_id) {
1310 		struct mt7996_sta_link *msta_link;
1311 		struct mt7996_vif_link *link;
1312 
1313 		msta_link = mt76_dereference(msta->link[link_id], &dev->mt76);
1314 		if (!msta_link)
1315 			continue;
1316 
1317 		link = mt7996_vif_link(dev, vif, link_id);
1318 		if (!link)
1319 			continue;
1320 
1321 		switch (action) {
1322 		case IEEE80211_AMPDU_RX_START:
1323 			mt76_rx_aggr_start(&dev->mt76, &msta_link->wcid, tid,
1324 					   ssn, params->buf_size);
1325 			ret = mt7996_mcu_add_rx_ba(dev, params, link, true);
1326 			break;
1327 		case IEEE80211_AMPDU_RX_STOP:
1328 			mt76_rx_aggr_stop(&dev->mt76, &msta_link->wcid, tid);
1329 			ret = mt7996_mcu_add_rx_ba(dev, params, link, false);
1330 			break;
1331 		case IEEE80211_AMPDU_TX_OPERATIONAL:
1332 			mtxq->aggr = true;
1333 			mtxq->send_bar = false;
1334 			ret = mt7996_mcu_add_tx_ba(dev, params, link,
1335 						   msta_link, true);
1336 			break;
1337 		case IEEE80211_AMPDU_TX_STOP_FLUSH:
1338 		case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
1339 			mtxq->aggr = false;
1340 			clear_bit(tid, &msta_link->wcid.ampdu_state);
1341 			ret = mt7996_mcu_add_tx_ba(dev, params, link,
1342 						   msta_link, false);
1343 			break;
1344 		case IEEE80211_AMPDU_TX_START:
1345 			set_bit(tid, &msta_link->wcid.ampdu_state);
1346 			ret = IEEE80211_AMPDU_TX_START_IMMEDIATE;
1347 			break;
1348 		case IEEE80211_AMPDU_TX_STOP_CONT:
1349 			mtxq->aggr = false;
1350 			clear_bit(tid, &msta_link->wcid.ampdu_state);
1351 			ret = mt7996_mcu_add_tx_ba(dev, params, link,
1352 						   msta_link, false);
1353 			break;
1354 		}
1355 
1356 		if (ret)
1357 			break;
1358 	}
1359 
1360 	if (action == IEEE80211_AMPDU_TX_STOP_CONT)
1361 		ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1362 
1363 	mutex_unlock(&dev->mt76.mutex);
1364 
1365 	return ret;
1366 }
1367 
1368 static int
1369 mt7996_get_stats(struct ieee80211_hw *hw,
1370 		 struct ieee80211_low_level_stats *stats)
1371 {
1372 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1373 	int i;
1374 
1375 	mutex_lock(&dev->mt76.mutex);
1376 
1377 	memset(stats, 0, sizeof(*stats));
1378 	for (i = 0; i < hw->wiphy->n_radio; i++) {
1379 		struct mt7996_phy *phy = dev->radio_phy[i];
1380 		struct mt76_mib_stats *mib = &phy->mib;
1381 
1382 		stats->dot11RTSSuccessCount += mib->rts_cnt;
1383 		stats->dot11RTSFailureCount += mib->rts_retries_cnt;
1384 		stats->dot11FCSErrorCount += mib->fcs_err_cnt;
1385 		stats->dot11ACKFailureCount += mib->ack_fail_cnt;
1386 	}
1387 
1388 	mutex_unlock(&dev->mt76.mutex);
1389 
1390 	return 0;
1391 }
1392 
1393 u64 __mt7996_get_tsf(struct ieee80211_hw *hw, struct mt7996_vif_link *link)
1394 {
1395 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1396 	struct mt7996_phy *phy = link->phy;
1397 	union {
1398 		u64 t64;
1399 		u32 t32[2];
1400 	} tsf;
1401 	u16 n;
1402 
1403 	if (!phy)
1404 		return 0;
1405 
1406 	lockdep_assert_held(&dev->mt76.mutex);
1407 
1408 	n = link->mt76.omac_idx > HW_BSSID_MAX ? HW_BSSID_0
1409 					       : link->mt76.omac_idx;
1410 	/* TSF software read */
1411 	mt76_rmw(dev, MT_LPON_TCR(phy->mt76->band_idx, n), MT_LPON_TCR_SW_MODE,
1412 		 MT_LPON_TCR_SW_READ);
1413 	tsf.t32[0] = mt76_rr(dev, MT_LPON_UTTR0(phy->mt76->band_idx));
1414 	tsf.t32[1] = mt76_rr(dev, MT_LPON_UTTR1(phy->mt76->band_idx));
1415 
1416 	return tsf.t64;
1417 }
1418 
1419 static u64
1420 mt7996_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif)
1421 {
1422 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1423 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1424 	u64 ret;
1425 
1426 	mutex_lock(&dev->mt76.mutex);
1427 	ret = __mt7996_get_tsf(hw, &mvif->deflink);
1428 	mutex_unlock(&dev->mt76.mutex);
1429 
1430 	return ret;
1431 }
1432 
1433 static void
1434 mt7996_set_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1435 	       u64 timestamp)
1436 {
1437 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1438 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1439 	struct mt7996_vif_link *link;
1440 	struct mt7996_phy *phy;
1441 	union {
1442 		u64 t64;
1443 		u32 t32[2];
1444 	} tsf = { .t64 = timestamp, };
1445 	u16 n;
1446 
1447 	mutex_lock(&dev->mt76.mutex);
1448 
1449 	link = mt7996_vif_link(dev, vif, mvif->mt76.deflink_id);
1450 	if (!link)
1451 		goto unlock;
1452 
1453 	n = link->mt76.omac_idx > HW_BSSID_MAX ? HW_BSSID_0
1454 					       : link->mt76.omac_idx;
1455 	phy = link->phy;
1456 	if (!phy)
1457 		goto unlock;
1458 
1459 	mt76_wr(dev, MT_LPON_UTTR0(phy->mt76->band_idx), tsf.t32[0]);
1460 	mt76_wr(dev, MT_LPON_UTTR1(phy->mt76->band_idx), tsf.t32[1]);
1461 	/* TSF software overwrite */
1462 	mt76_rmw(dev, MT_LPON_TCR(phy->mt76->band_idx, n), MT_LPON_TCR_SW_MODE,
1463 		 MT_LPON_TCR_SW_WRITE);
1464 
1465 unlock:
1466 	mutex_unlock(&dev->mt76.mutex);
1467 }
1468 
1469 static void
1470 mt7996_offset_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1471 		  s64 timestamp)
1472 {
1473 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1474 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1475 	struct mt7996_vif_link *link;
1476 	struct mt7996_phy *phy;
1477 	union {
1478 		u64 t64;
1479 		u32 t32[2];
1480 	} tsf = { .t64 = timestamp, };
1481 	u16 n;
1482 
1483 	mutex_lock(&dev->mt76.mutex);
1484 
1485 	link = mt7996_vif_link(dev, vif, mvif->mt76.deflink_id);
1486 	if (!link)
1487 		goto unlock;
1488 
1489 	phy = link->phy;
1490 	if (!phy)
1491 		goto unlock;
1492 
1493 	n = link->mt76.omac_idx > HW_BSSID_MAX ? HW_BSSID_0
1494 					       : link->mt76.omac_idx;
1495 	mt76_wr(dev, MT_LPON_UTTR0(phy->mt76->band_idx), tsf.t32[0]);
1496 	mt76_wr(dev, MT_LPON_UTTR1(phy->mt76->band_idx), tsf.t32[1]);
1497 	/* TSF software adjust*/
1498 	mt76_rmw(dev, MT_LPON_TCR(phy->mt76->band_idx, n), MT_LPON_TCR_SW_MODE,
1499 		 MT_LPON_TCR_SW_ADJUST);
1500 
1501 unlock:
1502 	mutex_unlock(&dev->mt76.mutex);
1503 }
1504 
1505 static void
1506 mt7996_set_coverage_class(struct ieee80211_hw *hw, int radio_idx,
1507 			  s16 coverage_class)
1508 {
1509 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1510 	struct mt7996_phy *phy;
1511 
1512 	mutex_lock(&dev->mt76.mutex);
1513 	mt7996_for_each_phy(dev, phy) {
1514 		phy->coverage_class = max_t(s16, coverage_class, 0);
1515 		mt7996_mac_set_coverage_class(phy);
1516 	}
1517 	mutex_unlock(&dev->mt76.mutex);
1518 }
1519 
1520 static int
1521 mt7996_set_antenna(struct ieee80211_hw *hw, int radio_idx,
1522 		   u32 tx_ant, u32 rx_ant)
1523 {
1524 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1525 	int i;
1526 
1527 	if (tx_ant != rx_ant)
1528 		return -EINVAL;
1529 
1530 	for (i = 0; i < hw->wiphy->n_radio; i++) {
1531 		struct mt7996_phy *phy = dev->radio_phy[i];
1532 
1533 		if (!(tx_ant & phy->orig_chainmask))
1534 			return -EINVAL;
1535 	}
1536 
1537 	mutex_lock(&dev->mt76.mutex);
1538 
1539 	for (i = 0; i < hw->wiphy->n_radio; i++) {
1540 		struct mt7996_phy *phy = dev->radio_phy[i];
1541 		u8 band_idx = phy->mt76->band_idx;
1542 		u8 shift = dev->chainshift[band_idx];
1543 
1544 		phy->mt76->chainmask = tx_ant & phy->orig_chainmask;
1545 		phy->mt76->antenna_mask = (phy->mt76->chainmask >> shift) &
1546 					  phy->orig_antenna_mask;
1547 
1548 		mt76_set_stream_caps(phy->mt76, true);
1549 		mt7996_set_stream_vht_txbf_caps(phy);
1550 		mt7996_set_stream_he_eht_caps(phy);
1551 		mt7996_mcu_set_txpower_sku(phy);
1552 	}
1553 
1554 	mutex_unlock(&dev->mt76.mutex);
1555 
1556 	return 0;
1557 }
1558 
1559 static void mt7996_sta_statistics(struct ieee80211_hw *hw,
1560 				  struct ieee80211_vif *vif,
1561 				  struct ieee80211_sta *sta,
1562 				  struct station_info *sinfo)
1563 {
1564 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1565 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1566 	struct mt7996_sta_link *msta_link = &msta->deflink;
1567 	struct rate_info *txrate = &msta_link->wcid.rate;
1568 
1569 	if (txrate->legacy || txrate->flags) {
1570 		if (txrate->legacy) {
1571 			sinfo->txrate.legacy = txrate->legacy;
1572 		} else {
1573 			sinfo->txrate.mcs = txrate->mcs;
1574 			sinfo->txrate.nss = txrate->nss;
1575 			sinfo->txrate.bw = txrate->bw;
1576 			sinfo->txrate.he_gi = txrate->he_gi;
1577 			sinfo->txrate.he_dcm = txrate->he_dcm;
1578 			sinfo->txrate.he_ru_alloc = txrate->he_ru_alloc;
1579 			sinfo->txrate.eht_gi = txrate->eht_gi;
1580 		}
1581 		sinfo->txrate.flags = txrate->flags;
1582 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
1583 	}
1584 	sinfo->txrate.flags = txrate->flags;
1585 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
1586 
1587 	sinfo->tx_failed = msta_link->wcid.stats.tx_failed;
1588 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
1589 
1590 	sinfo->tx_retries = msta_link->wcid.stats.tx_retries;
1591 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
1592 
1593 	sinfo->ack_signal = (s8)msta_link->ack_signal;
1594 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_ACK_SIGNAL);
1595 
1596 	sinfo->avg_ack_signal =
1597 		-(s8)ewma_avg_signal_read(&msta_link->avg_ack_signal);
1598 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_ACK_SIGNAL_AVG);
1599 
1600 	if (mtk_wed_device_active(&dev->mt76.mmio.wed)) {
1601 		sinfo->tx_bytes = msta_link->wcid.stats.tx_bytes;
1602 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES64);
1603 
1604 		sinfo->rx_bytes = msta_link->wcid.stats.rx_bytes;
1605 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BYTES64);
1606 
1607 		sinfo->tx_packets = msta_link->wcid.stats.tx_packets;
1608 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
1609 
1610 		sinfo->rx_packets = msta_link->wcid.stats.rx_packets;
1611 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS);
1612 	}
1613 }
1614 
1615 static void mt7996_link_rate_ctrl_update(void *data, struct ieee80211_sta *sta)
1616 {
1617 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1618 	struct mt7996_dev *dev = msta->vif->deflink.phy->dev;
1619 	struct mt7996_sta_link *msta_link;
1620 	u32 *changed = data;
1621 
1622 	rcu_read_lock();
1623 
1624 	msta_link = rcu_dereference(msta->link[msta->deflink_id]);
1625 	if (!msta_link)
1626 		goto out;
1627 
1628 	spin_lock_bh(&dev->mt76.sta_poll_lock);
1629 
1630 	msta_link->changed |= *changed;
1631 	if (list_empty(&msta_link->rc_list))
1632 		list_add_tail(&msta_link->rc_list, &dev->sta_rc_list);
1633 
1634 	spin_unlock_bh(&dev->mt76.sta_poll_lock);
1635 out:
1636 	rcu_read_unlock();
1637 }
1638 
1639 static void mt7996_link_sta_rc_update(struct ieee80211_hw *hw,
1640 				      struct ieee80211_vif *vif,
1641 				      struct ieee80211_link_sta *link_sta,
1642 				      u32 changed)
1643 {
1644 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1645 	struct ieee80211_sta *sta = link_sta->sta;
1646 
1647 	mt7996_link_rate_ctrl_update(&changed, sta);
1648 	ieee80211_queue_work(hw, &dev->rc_work);
1649 }
1650 
1651 static int
1652 mt7996_set_bitrate_mask(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1653 			const struct cfg80211_bitrate_mask *mask)
1654 {
1655 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1656 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1657 	u32 changed = IEEE80211_RC_SUPP_RATES_CHANGED;
1658 
1659 	mvif->deflink.bitrate_mask = *mask;
1660 
1661 	/* if multiple rates across different preambles are given we can
1662 	 * reconfigure this info with all peers using sta_rec command with
1663 	 * the below exception cases.
1664 	 * - single rate : if a rate is passed along with different preambles,
1665 	 * we select the highest one as fixed rate. i.e VHT MCS for VHT peers.
1666 	 * - multiple rates: if it's not in range format i.e 0-{7,8,9} for VHT
1667 	 * then multiple MCS setting (MCS 4,5,6) is not supported.
1668 	 */
1669 	ieee80211_iterate_stations_atomic(hw, mt7996_link_rate_ctrl_update,
1670 					  &changed);
1671 	ieee80211_queue_work(hw, &dev->rc_work);
1672 
1673 	return 0;
1674 }
1675 
1676 static void mt7996_sta_set_4addr(struct ieee80211_hw *hw,
1677 				 struct ieee80211_vif *vif,
1678 				 struct ieee80211_sta *sta,
1679 				 bool enabled)
1680 {
1681 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1682 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1683 	struct ieee80211_link_sta *link_sta;
1684 	unsigned int link_id;
1685 
1686 	mutex_lock(&dev->mt76.mutex);
1687 
1688 	for_each_sta_active_link(vif, sta, link_sta, link_id) {
1689 		struct mt7996_sta_link *msta_link;
1690 		struct mt7996_vif_link *link;
1691 
1692 		link = mt7996_vif_link(dev, vif, link_id);
1693 		if (!link)
1694 			continue;
1695 
1696 		msta_link = mt76_dereference(msta->link[link_id], &dev->mt76);
1697 		if (!msta_link)
1698 			continue;
1699 
1700 		if (enabled)
1701 			set_bit(MT_WCID_FLAG_4ADDR, &msta_link->wcid.flags);
1702 		else
1703 			clear_bit(MT_WCID_FLAG_4ADDR, &msta_link->wcid.flags);
1704 
1705 		if (!msta_link->wcid.sta)
1706 			continue;
1707 
1708 		mt7996_mcu_wtbl_update_hdr_trans(dev, vif, link, msta_link);
1709 	}
1710 
1711 	mutex_unlock(&dev->mt76.mutex);
1712 }
1713 
1714 static void mt7996_sta_set_decap_offload(struct ieee80211_hw *hw,
1715 					 struct ieee80211_vif *vif,
1716 					 struct ieee80211_sta *sta,
1717 					 bool enabled)
1718 {
1719 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1720 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1721 	struct ieee80211_link_sta *link_sta;
1722 	unsigned int link_id;
1723 
1724 	mutex_lock(&dev->mt76.mutex);
1725 
1726 	for_each_sta_active_link(vif, sta, link_sta, link_id) {
1727 		struct mt7996_sta_link *msta_link;
1728 		struct mt7996_vif_link *link;
1729 
1730 		link = mt7996_vif_link(dev, vif, link_id);
1731 		if (!link)
1732 			continue;
1733 
1734 		msta_link = mt76_dereference(msta->link[link_id], &dev->mt76);
1735 		if (!msta_link)
1736 			continue;
1737 
1738 		if (enabled)
1739 			set_bit(MT_WCID_FLAG_HDR_TRANS,
1740 				&msta_link->wcid.flags);
1741 		else
1742 			clear_bit(MT_WCID_FLAG_HDR_TRANS,
1743 				  &msta_link->wcid.flags);
1744 
1745 		if (!msta_link->wcid.sta)
1746 			continue;
1747 
1748 		mt7996_mcu_wtbl_update_hdr_trans(dev, vif, link, msta_link);
1749 	}
1750 
1751 	mutex_unlock(&dev->mt76.mutex);
1752 }
1753 
1754 static const char mt7996_gstrings_stats[][ETH_GSTRING_LEN] = {
1755 	"tx_ampdu_cnt",
1756 	"tx_stop_q_empty_cnt",
1757 	"tx_mpdu_attempts",
1758 	"tx_mpdu_success",
1759 	"tx_rwp_fail_cnt",
1760 	"tx_rwp_need_cnt",
1761 	"tx_pkt_ebf_cnt",
1762 	"tx_pkt_ibf_cnt",
1763 	"tx_ampdu_len:0-1",
1764 	"tx_ampdu_len:2-10",
1765 	"tx_ampdu_len:11-19",
1766 	"tx_ampdu_len:20-28",
1767 	"tx_ampdu_len:29-37",
1768 	"tx_ampdu_len:38-46",
1769 	"tx_ampdu_len:47-55",
1770 	"tx_ampdu_len:56-79",
1771 	"tx_ampdu_len:80-103",
1772 	"tx_ampdu_len:104-127",
1773 	"tx_ampdu_len:128-151",
1774 	"tx_ampdu_len:152-175",
1775 	"tx_ampdu_len:176-199",
1776 	"tx_ampdu_len:200-223",
1777 	"tx_ampdu_len:224-247",
1778 	"ba_miss_count",
1779 	"tx_beamformer_ppdu_iBF",
1780 	"tx_beamformer_ppdu_eBF",
1781 	"tx_beamformer_rx_feedback_all",
1782 	"tx_beamformer_rx_feedback_he",
1783 	"tx_beamformer_rx_feedback_vht",
1784 	"tx_beamformer_rx_feedback_ht",
1785 	"tx_beamformer_rx_feedback_bw", /* zero based idx: 20, 40, 80, 160 */
1786 	"tx_beamformer_rx_feedback_nc",
1787 	"tx_beamformer_rx_feedback_nr",
1788 	"tx_beamformee_ok_feedback_pkts",
1789 	"tx_beamformee_feedback_trig",
1790 	"tx_mu_beamforming",
1791 	"tx_mu_mpdu",
1792 	"tx_mu_successful_mpdu",
1793 	"tx_su_successful_mpdu",
1794 	"tx_msdu_pack_1",
1795 	"tx_msdu_pack_2",
1796 	"tx_msdu_pack_3",
1797 	"tx_msdu_pack_4",
1798 	"tx_msdu_pack_5",
1799 	"tx_msdu_pack_6",
1800 	"tx_msdu_pack_7",
1801 	"tx_msdu_pack_8",
1802 
1803 	/* rx counters */
1804 	"rx_fifo_full_cnt",
1805 	"rx_mpdu_cnt",
1806 	"channel_idle_cnt",
1807 	"rx_vector_mismatch_cnt",
1808 	"rx_delimiter_fail_cnt",
1809 	"rx_len_mismatch_cnt",
1810 	"rx_ampdu_cnt",
1811 	"rx_ampdu_bytes_cnt",
1812 	"rx_ampdu_valid_subframe_cnt",
1813 	"rx_ampdu_valid_subframe_b_cnt",
1814 	"rx_pfdrop_cnt",
1815 	"rx_vec_queue_overflow_drop_cnt",
1816 	"rx_ba_cnt",
1817 
1818 	/* per vif counters */
1819 	"v_tx_mode_cck",
1820 	"v_tx_mode_ofdm",
1821 	"v_tx_mode_ht",
1822 	"v_tx_mode_ht_gf",
1823 	"v_tx_mode_vht",
1824 	"v_tx_mode_he_su",
1825 	"v_tx_mode_he_ext_su",
1826 	"v_tx_mode_he_tb",
1827 	"v_tx_mode_he_mu",
1828 	"v_tx_mode_eht_su",
1829 	"v_tx_mode_eht_trig",
1830 	"v_tx_mode_eht_mu",
1831 	"v_tx_bw_20",
1832 	"v_tx_bw_40",
1833 	"v_tx_bw_80",
1834 	"v_tx_bw_160",
1835 	"v_tx_bw_320",
1836 	"v_tx_mcs_0",
1837 	"v_tx_mcs_1",
1838 	"v_tx_mcs_2",
1839 	"v_tx_mcs_3",
1840 	"v_tx_mcs_4",
1841 	"v_tx_mcs_5",
1842 	"v_tx_mcs_6",
1843 	"v_tx_mcs_7",
1844 	"v_tx_mcs_8",
1845 	"v_tx_mcs_9",
1846 	"v_tx_mcs_10",
1847 	"v_tx_mcs_11",
1848 	"v_tx_mcs_12",
1849 	"v_tx_mcs_13",
1850 	"v_tx_nss_1",
1851 	"v_tx_nss_2",
1852 	"v_tx_nss_3",
1853 	"v_tx_nss_4",
1854 };
1855 
1856 #define MT7996_SSTATS_LEN ARRAY_SIZE(mt7996_gstrings_stats)
1857 
1858 /* Ethtool related API */
1859 static
1860 void mt7996_get_et_strings(struct ieee80211_hw *hw,
1861 			   struct ieee80211_vif *vif,
1862 			   u32 sset, u8 *data)
1863 {
1864 	if (sset == ETH_SS_STATS)
1865 		memcpy(data, mt7996_gstrings_stats,
1866 		       sizeof(mt7996_gstrings_stats));
1867 }
1868 
1869 static
1870 int mt7996_get_et_sset_count(struct ieee80211_hw *hw,
1871 			     struct ieee80211_vif *vif, int sset)
1872 {
1873 	if (sset == ETH_SS_STATS)
1874 		return MT7996_SSTATS_LEN;
1875 
1876 	return 0;
1877 }
1878 
1879 static void mt7996_ethtool_worker(void *wi_data, struct ieee80211_sta *sta)
1880 {
1881 	struct mt76_ethtool_worker_info *wi = wi_data;
1882 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1883 	struct mt7996_sta_link *msta_link = &msta->deflink;
1884 
1885 	if (msta->vif->deflink.mt76.idx != wi->idx)
1886 		return;
1887 
1888 	mt76_ethtool_worker(wi, &msta_link->wcid.stats, true);
1889 }
1890 
1891 static
1892 void mt7996_get_et_stats(struct ieee80211_hw *hw,
1893 			 struct ieee80211_vif *vif,
1894 			 struct ethtool_stats *stats, u64 *data)
1895 {
1896 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1897 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1898 	struct mt7996_phy *phy = mt7996_vif_link_phy(&mvif->deflink);
1899 	struct mt76_mib_stats *mib = &phy->mib;
1900 	struct mt76_ethtool_worker_info wi = {
1901 		.data = data,
1902 		.idx = mvif->deflink.mt76.idx,
1903 	};
1904 	/* See mt7996_ampdu_stat_read_phy, etc */
1905 	int i, ei = 0;
1906 
1907 	if (!phy)
1908 		return;
1909 
1910 	mutex_lock(&dev->mt76.mutex);
1911 
1912 	mt7996_mac_update_stats(phy);
1913 
1914 	data[ei++] = mib->tx_ampdu_cnt;
1915 	data[ei++] = mib->tx_stop_q_empty_cnt;
1916 	data[ei++] = mib->tx_mpdu_attempts_cnt;
1917 	data[ei++] = mib->tx_mpdu_success_cnt;
1918 	data[ei++] = mib->tx_rwp_fail_cnt;
1919 	data[ei++] = mib->tx_rwp_need_cnt;
1920 	data[ei++] = mib->tx_bf_ebf_ppdu_cnt;
1921 	data[ei++] = mib->tx_bf_ibf_ppdu_cnt;
1922 
1923 	/* Tx ampdu stat */
1924 	for (i = 0; i < 15 /*ARRAY_SIZE(bound)*/; i++)
1925 		data[ei++] = phy->mt76->aggr_stats[i];
1926 	data[ei++] = phy->mib.ba_miss_cnt;
1927 
1928 	/* Tx Beamformer monitor */
1929 	data[ei++] = mib->tx_bf_ibf_ppdu_cnt;
1930 	data[ei++] = mib->tx_bf_ebf_ppdu_cnt;
1931 
1932 	/* Tx Beamformer Rx feedback monitor */
1933 	data[ei++] = mib->tx_bf_rx_fb_all_cnt;
1934 	data[ei++] = mib->tx_bf_rx_fb_he_cnt;
1935 	data[ei++] = mib->tx_bf_rx_fb_vht_cnt;
1936 	data[ei++] = mib->tx_bf_rx_fb_ht_cnt;
1937 
1938 	data[ei++] = mib->tx_bf_rx_fb_bw;
1939 	data[ei++] = mib->tx_bf_rx_fb_nc_cnt;
1940 	data[ei++] = mib->tx_bf_rx_fb_nr_cnt;
1941 
1942 	/* Tx Beamformee Rx NDPA & Tx feedback report */
1943 	data[ei++] = mib->tx_bf_fb_cpl_cnt;
1944 	data[ei++] = mib->tx_bf_fb_trig_cnt;
1945 
1946 	/* Tx SU & MU counters */
1947 	data[ei++] = mib->tx_mu_bf_cnt;
1948 	data[ei++] = mib->tx_mu_mpdu_cnt;
1949 	data[ei++] = mib->tx_mu_acked_mpdu_cnt;
1950 	data[ei++] = mib->tx_su_acked_mpdu_cnt;
1951 
1952 	/* Tx amsdu info (pack-count histogram) */
1953 	for (i = 0; i < ARRAY_SIZE(mib->tx_amsdu); i++)
1954 		data[ei++] = mib->tx_amsdu[i];
1955 
1956 	/* rx counters */
1957 	data[ei++] = mib->rx_fifo_full_cnt;
1958 	data[ei++] = mib->rx_mpdu_cnt;
1959 	data[ei++] = mib->channel_idle_cnt;
1960 	data[ei++] = mib->rx_vector_mismatch_cnt;
1961 	data[ei++] = mib->rx_delimiter_fail_cnt;
1962 	data[ei++] = mib->rx_len_mismatch_cnt;
1963 	data[ei++] = mib->rx_ampdu_cnt;
1964 	data[ei++] = mib->rx_ampdu_bytes_cnt;
1965 	data[ei++] = mib->rx_ampdu_valid_subframe_cnt;
1966 	data[ei++] = mib->rx_ampdu_valid_subframe_bytes_cnt;
1967 	data[ei++] = mib->rx_pfdrop_cnt;
1968 	data[ei++] = mib->rx_vec_queue_overflow_drop_cnt;
1969 	data[ei++] = mib->rx_ba_cnt;
1970 
1971 	/* Add values for all stations owned by this vif */
1972 	wi.initial_stat_idx = ei;
1973 	ieee80211_iterate_stations_atomic(hw, mt7996_ethtool_worker, &wi);
1974 
1975 	mutex_unlock(&dev->mt76.mutex);
1976 
1977 	if (wi.sta_count == 0)
1978 		return;
1979 
1980 	ei += wi.worker_stat_count;
1981 	if (ei != MT7996_SSTATS_LEN)
1982 		dev_err(dev->mt76.dev, "ei: %d  MT7996_SSTATS_LEN: %d",
1983 			ei, (int)MT7996_SSTATS_LEN);
1984 }
1985 
1986 static void
1987 mt7996_twt_teardown_request(struct ieee80211_hw *hw,
1988 			    struct ieee80211_sta *sta,
1989 			    u8 flowid)
1990 {
1991 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1992 	struct mt7996_sta_link *msta_link = &msta->deflink;
1993 	struct mt7996_vif_link *link = &msta->vif->deflink;
1994 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
1995 
1996 	mutex_lock(&dev->mt76.mutex);
1997 	mt7996_mac_twt_teardown_flow(dev, link, msta_link, flowid);
1998 	mutex_unlock(&dev->mt76.mutex);
1999 }
2000 
2001 static int
2002 mt7996_set_radar_background(struct ieee80211_hw *hw,
2003 			    struct cfg80211_chan_def *chandef)
2004 {
2005 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
2006 	struct mt7996_phy *phy;
2007 	int ret = -EINVAL;
2008 	bool running;
2009 
2010 	if (chandef)
2011 		phy = mt7996_band_phy(dev, chandef->chan->band);
2012 	else
2013 		phy = dev->rdd2_phy;
2014 	if (!phy)
2015 	    return -EINVAL;
2016 
2017 	mutex_lock(&dev->mt76.mutex);
2018 
2019 	if (dev->mt76.region == NL80211_DFS_UNSET)
2020 		goto out;
2021 
2022 	if (dev->rdd2_phy && dev->rdd2_phy != phy) {
2023 		/* rdd2 is already locked */
2024 		ret = -EBUSY;
2025 		goto out;
2026 	}
2027 
2028 	/* rdd2 already configured on a radar channel */
2029 	running = dev->rdd2_phy &&
2030 		  cfg80211_chandef_valid(&dev->rdd2_chandef) &&
2031 		  !!(dev->rdd2_chandef.chan->flags & IEEE80211_CHAN_RADAR);
2032 
2033 	if (!chandef || running ||
2034 	    !(chandef->chan->flags & IEEE80211_CHAN_RADAR)) {
2035 		ret = mt7996_mcu_rdd_background_enable(phy, NULL);
2036 		if (ret)
2037 			goto out;
2038 
2039 		if (!running)
2040 			goto update_phy;
2041 	}
2042 
2043 	ret = mt7996_mcu_rdd_background_enable(phy, chandef);
2044 	if (ret)
2045 		goto out;
2046 
2047 update_phy:
2048 	dev->rdd2_phy = chandef ? phy : NULL;
2049 	if (chandef)
2050 		dev->rdd2_chandef = *chandef;
2051 out:
2052 	mutex_unlock(&dev->mt76.mutex);
2053 
2054 	return ret;
2055 }
2056 
2057 #ifdef CONFIG_NET_MEDIATEK_SOC_WED
2058 static int
2059 mt7996_net_fill_forward_path(struct ieee80211_hw *hw,
2060 			     struct ieee80211_vif *vif,
2061 			     struct ieee80211_sta *sta,
2062 			     struct net_device_path_ctx *ctx,
2063 			     struct net_device_path *path)
2064 {
2065 	struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
2066 	struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
2067 	struct mt7996_dev *dev = mt7996_hw_dev(hw);
2068 	struct mtk_wed_device *wed = &dev->mt76.mmio.wed;
2069 	struct mt7996_sta_link *msta_link;
2070 	struct mt7996_vif_link *link;
2071 	struct mt76_vif_link *mlink;
2072 	struct mt7996_phy *phy;
2073 
2074 	mlink = rcu_dereference(mvif->mt76.link[msta->deflink_id]);
2075 	if (!mlink)
2076 		return -EIO;
2077 
2078 	msta_link = rcu_dereference(msta->link[msta->deflink_id]);
2079 	if (!msta_link)
2080 		return -EIO;
2081 
2082 	if (!msta_link->wcid.sta || msta_link->wcid.idx > MT7996_WTBL_STA)
2083 		return -EIO;
2084 
2085 	link = (struct mt7996_vif_link *)mlink;
2086 	phy = mt7996_vif_link_phy(link);
2087 	if (!phy)
2088 		return -ENODEV;
2089 
2090 	if (phy != &dev->phy && phy->mt76->band_idx == MT_BAND2)
2091 		wed = &dev->mt76.mmio.wed_hif2;
2092 
2093 	if (!mtk_wed_device_active(wed))
2094 		return -ENODEV;
2095 
2096 	path->type = DEV_PATH_MTK_WDMA;
2097 	path->dev = ctx->dev;
2098 	path->mtk_wdma.wdma_idx = wed->wdma_idx;
2099 	path->mtk_wdma.bss = mlink->idx;
2100 	path->mtk_wdma.queue = 0;
2101 	path->mtk_wdma.wcid = msta_link->wcid.idx;
2102 
2103 	path->mtk_wdma.amsdu = mtk_wed_is_amsdu_supported(wed);
2104 	ctx->dev = NULL;
2105 
2106 	return 0;
2107 }
2108 
2109 #endif
2110 
2111 static int
2112 mt7996_change_vif_links(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
2113 			u16 old_links, u16 new_links,
2114 			struct ieee80211_bss_conf *old[IEEE80211_MLD_MAX_NUM_LINKS])
2115 {
2116 	return 0;
2117 }
2118 
2119 const struct ieee80211_ops mt7996_ops = {
2120 	.add_chanctx = mt76_add_chanctx,
2121 	.remove_chanctx = mt76_remove_chanctx,
2122 	.change_chanctx = mt76_change_chanctx,
2123 	.assign_vif_chanctx = mt76_assign_vif_chanctx,
2124 	.unassign_vif_chanctx = mt76_unassign_vif_chanctx,
2125 	.switch_vif_chanctx = mt76_switch_vif_chanctx,
2126 	.tx = mt7996_tx,
2127 	.start = mt7996_start,
2128 	.stop = mt7996_stop,
2129 	.add_interface = mt7996_add_interface,
2130 	.remove_interface = mt7996_remove_interface,
2131 	.config = mt7996_config,
2132 	.conf_tx = mt7996_conf_tx,
2133 	.configure_filter = mt7996_configure_filter,
2134 	.vif_cfg_changed = mt7996_vif_cfg_changed,
2135 	.link_info_changed = mt7996_link_info_changed,
2136 	.sta_state = mt7996_sta_state,
2137 	.sta_pre_rcu_remove = mt76_sta_pre_rcu_remove,
2138 	.link_sta_rc_update = mt7996_link_sta_rc_update,
2139 	.set_key = mt7996_set_key,
2140 	.ampdu_action = mt7996_ampdu_action,
2141 	.set_rts_threshold = mt7996_set_rts_threshold,
2142 	.wake_tx_queue = mt76_wake_tx_queue,
2143 	.hw_scan = mt76_hw_scan,
2144 	.cancel_hw_scan = mt76_cancel_hw_scan,
2145 	.remain_on_channel = mt76_remain_on_channel,
2146 	.cancel_remain_on_channel = mt76_cancel_remain_on_channel,
2147 	.release_buffered_frames = mt76_release_buffered_frames,
2148 	.get_txpower = mt7996_get_txpower,
2149 	.channel_switch_beacon = mt7996_channel_switch_beacon,
2150 	.get_stats = mt7996_get_stats,
2151 	.get_et_sset_count = mt7996_get_et_sset_count,
2152 	.get_et_stats = mt7996_get_et_stats,
2153 	.get_et_strings = mt7996_get_et_strings,
2154 	.get_tsf = mt7996_get_tsf,
2155 	.set_tsf = mt7996_set_tsf,
2156 	.offset_tsf = mt7996_offset_tsf,
2157 	.get_survey = mt76_get_survey,
2158 	.get_antenna = mt76_get_antenna,
2159 	.set_antenna = mt7996_set_antenna,
2160 	.set_bitrate_mask = mt7996_set_bitrate_mask,
2161 	.set_coverage_class = mt7996_set_coverage_class,
2162 	.sta_statistics = mt7996_sta_statistics,
2163 	.sta_set_4addr = mt7996_sta_set_4addr,
2164 	.sta_set_decap_offload = mt7996_sta_set_decap_offload,
2165 	.add_twt_setup = mt7996_mac_add_twt_setup,
2166 	.twt_teardown_request = mt7996_twt_teardown_request,
2167 #ifdef CONFIG_MAC80211_DEBUGFS
2168 	.sta_add_debugfs = mt7996_sta_add_debugfs,
2169 #endif
2170 	.set_radar_background = mt7996_set_radar_background,
2171 #ifdef CONFIG_NET_MEDIATEK_SOC_WED
2172 	.net_fill_forward_path = mt7996_net_fill_forward_path,
2173 	.net_setup_tc = mt76_wed_net_setup_tc,
2174 #endif
2175 	.change_vif_links = mt7996_change_vif_links,
2176 	.change_sta_links = mt7996_mac_sta_change_links,
2177 };
2178