xref: /linux/drivers/net/wireless/realtek/rtw89/core.c (revision 1e73427f66353b7fe21c138787ff2b711ca1c0dd)
1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
2 /* Copyright(c) 2019-2020  Realtek Corporation
3  */
4 #include <linux/ip.h>
5 #include <linux/udp.h>
6 
7 #include "cam.h"
8 #include "chan.h"
9 #include "coex.h"
10 #include "core.h"
11 #include "efuse.h"
12 #include "fw.h"
13 #include "mac.h"
14 #include "phy.h"
15 #include "ps.h"
16 #include "reg.h"
17 #include "sar.h"
18 #include "ser.h"
19 #include "txrx.h"
20 #include "util.h"
21 
22 static bool rtw89_disable_ps_mode;
23 module_param_named(disable_ps_mode, rtw89_disable_ps_mode, bool, 0644);
24 MODULE_PARM_DESC(disable_ps_mode, "Set Y to disable low power mode");
25 
26 #define RTW89_DEF_CHAN(_freq, _hw_val, _flags, _band)	\
27 	{ .center_freq = _freq, .hw_value = _hw_val, .flags = _flags, .band = _band, }
28 #define RTW89_DEF_CHAN_2G(_freq, _hw_val)	\
29 	RTW89_DEF_CHAN(_freq, _hw_val, 0, NL80211_BAND_2GHZ)
30 #define RTW89_DEF_CHAN_5G(_freq, _hw_val)	\
31 	RTW89_DEF_CHAN(_freq, _hw_val, 0, NL80211_BAND_5GHZ)
32 #define RTW89_DEF_CHAN_5G_NO_HT40MINUS(_freq, _hw_val)	\
33 	RTW89_DEF_CHAN(_freq, _hw_val, IEEE80211_CHAN_NO_HT40MINUS, NL80211_BAND_5GHZ)
34 #define RTW89_DEF_CHAN_6G(_freq, _hw_val)	\
35 	RTW89_DEF_CHAN(_freq, _hw_val, 0, NL80211_BAND_6GHZ)
36 
37 static struct ieee80211_channel rtw89_channels_2ghz[] = {
38 	RTW89_DEF_CHAN_2G(2412, 1),
39 	RTW89_DEF_CHAN_2G(2417, 2),
40 	RTW89_DEF_CHAN_2G(2422, 3),
41 	RTW89_DEF_CHAN_2G(2427, 4),
42 	RTW89_DEF_CHAN_2G(2432, 5),
43 	RTW89_DEF_CHAN_2G(2437, 6),
44 	RTW89_DEF_CHAN_2G(2442, 7),
45 	RTW89_DEF_CHAN_2G(2447, 8),
46 	RTW89_DEF_CHAN_2G(2452, 9),
47 	RTW89_DEF_CHAN_2G(2457, 10),
48 	RTW89_DEF_CHAN_2G(2462, 11),
49 	RTW89_DEF_CHAN_2G(2467, 12),
50 	RTW89_DEF_CHAN_2G(2472, 13),
51 	RTW89_DEF_CHAN_2G(2484, 14),
52 };
53 
54 static struct ieee80211_channel rtw89_channels_5ghz[] = {
55 	RTW89_DEF_CHAN_5G(5180, 36),
56 	RTW89_DEF_CHAN_5G(5200, 40),
57 	RTW89_DEF_CHAN_5G(5220, 44),
58 	RTW89_DEF_CHAN_5G(5240, 48),
59 	RTW89_DEF_CHAN_5G(5260, 52),
60 	RTW89_DEF_CHAN_5G(5280, 56),
61 	RTW89_DEF_CHAN_5G(5300, 60),
62 	RTW89_DEF_CHAN_5G(5320, 64),
63 	RTW89_DEF_CHAN_5G(5500, 100),
64 	RTW89_DEF_CHAN_5G(5520, 104),
65 	RTW89_DEF_CHAN_5G(5540, 108),
66 	RTW89_DEF_CHAN_5G(5560, 112),
67 	RTW89_DEF_CHAN_5G(5580, 116),
68 	RTW89_DEF_CHAN_5G(5600, 120),
69 	RTW89_DEF_CHAN_5G(5620, 124),
70 	RTW89_DEF_CHAN_5G(5640, 128),
71 	RTW89_DEF_CHAN_5G(5660, 132),
72 	RTW89_DEF_CHAN_5G(5680, 136),
73 	RTW89_DEF_CHAN_5G(5700, 140),
74 	RTW89_DEF_CHAN_5G(5720, 144),
75 	RTW89_DEF_CHAN_5G(5745, 149),
76 	RTW89_DEF_CHAN_5G(5765, 153),
77 	RTW89_DEF_CHAN_5G(5785, 157),
78 	RTW89_DEF_CHAN_5G(5805, 161),
79 	RTW89_DEF_CHAN_5G_NO_HT40MINUS(5825, 165),
80 	RTW89_DEF_CHAN_5G(5845, 169),
81 	RTW89_DEF_CHAN_5G(5865, 173),
82 	RTW89_DEF_CHAN_5G(5885, 177),
83 };
84 
85 static struct ieee80211_channel rtw89_channels_6ghz[] = {
86 	RTW89_DEF_CHAN_6G(5955, 1),
87 	RTW89_DEF_CHAN_6G(5975, 5),
88 	RTW89_DEF_CHAN_6G(5995, 9),
89 	RTW89_DEF_CHAN_6G(6015, 13),
90 	RTW89_DEF_CHAN_6G(6035, 17),
91 	RTW89_DEF_CHAN_6G(6055, 21),
92 	RTW89_DEF_CHAN_6G(6075, 25),
93 	RTW89_DEF_CHAN_6G(6095, 29),
94 	RTW89_DEF_CHAN_6G(6115, 33),
95 	RTW89_DEF_CHAN_6G(6135, 37),
96 	RTW89_DEF_CHAN_6G(6155, 41),
97 	RTW89_DEF_CHAN_6G(6175, 45),
98 	RTW89_DEF_CHAN_6G(6195, 49),
99 	RTW89_DEF_CHAN_6G(6215, 53),
100 	RTW89_DEF_CHAN_6G(6235, 57),
101 	RTW89_DEF_CHAN_6G(6255, 61),
102 	RTW89_DEF_CHAN_6G(6275, 65),
103 	RTW89_DEF_CHAN_6G(6295, 69),
104 	RTW89_DEF_CHAN_6G(6315, 73),
105 	RTW89_DEF_CHAN_6G(6335, 77),
106 	RTW89_DEF_CHAN_6G(6355, 81),
107 	RTW89_DEF_CHAN_6G(6375, 85),
108 	RTW89_DEF_CHAN_6G(6395, 89),
109 	RTW89_DEF_CHAN_6G(6415, 93),
110 	RTW89_DEF_CHAN_6G(6435, 97),
111 	RTW89_DEF_CHAN_6G(6455, 101),
112 	RTW89_DEF_CHAN_6G(6475, 105),
113 	RTW89_DEF_CHAN_6G(6495, 109),
114 	RTW89_DEF_CHAN_6G(6515, 113),
115 	RTW89_DEF_CHAN_6G(6535, 117),
116 	RTW89_DEF_CHAN_6G(6555, 121),
117 	RTW89_DEF_CHAN_6G(6575, 125),
118 	RTW89_DEF_CHAN_6G(6595, 129),
119 	RTW89_DEF_CHAN_6G(6615, 133),
120 	RTW89_DEF_CHAN_6G(6635, 137),
121 	RTW89_DEF_CHAN_6G(6655, 141),
122 	RTW89_DEF_CHAN_6G(6675, 145),
123 	RTW89_DEF_CHAN_6G(6695, 149),
124 	RTW89_DEF_CHAN_6G(6715, 153),
125 	RTW89_DEF_CHAN_6G(6735, 157),
126 	RTW89_DEF_CHAN_6G(6755, 161),
127 	RTW89_DEF_CHAN_6G(6775, 165),
128 	RTW89_DEF_CHAN_6G(6795, 169),
129 	RTW89_DEF_CHAN_6G(6815, 173),
130 	RTW89_DEF_CHAN_6G(6835, 177),
131 	RTW89_DEF_CHAN_6G(6855, 181),
132 	RTW89_DEF_CHAN_6G(6875, 185),
133 	RTW89_DEF_CHAN_6G(6895, 189),
134 	RTW89_DEF_CHAN_6G(6915, 193),
135 	RTW89_DEF_CHAN_6G(6935, 197),
136 	RTW89_DEF_CHAN_6G(6955, 201),
137 	RTW89_DEF_CHAN_6G(6975, 205),
138 	RTW89_DEF_CHAN_6G(6995, 209),
139 	RTW89_DEF_CHAN_6G(7015, 213),
140 	RTW89_DEF_CHAN_6G(7035, 217),
141 	RTW89_DEF_CHAN_6G(7055, 221),
142 	RTW89_DEF_CHAN_6G(7075, 225),
143 	RTW89_DEF_CHAN_6G(7095, 229),
144 	RTW89_DEF_CHAN_6G(7115, 233),
145 };
146 
147 static struct ieee80211_rate rtw89_bitrates[] = {
148 	{ .bitrate = 10,  .hw_value = 0x00, },
149 	{ .bitrate = 20,  .hw_value = 0x01, },
150 	{ .bitrate = 55,  .hw_value = 0x02, },
151 	{ .bitrate = 110, .hw_value = 0x03, },
152 	{ .bitrate = 60,  .hw_value = 0x04, },
153 	{ .bitrate = 90,  .hw_value = 0x05, },
154 	{ .bitrate = 120, .hw_value = 0x06, },
155 	{ .bitrate = 180, .hw_value = 0x07, },
156 	{ .bitrate = 240, .hw_value = 0x08, },
157 	{ .bitrate = 360, .hw_value = 0x09, },
158 	{ .bitrate = 480, .hw_value = 0x0a, },
159 	{ .bitrate = 540, .hw_value = 0x0b, },
160 };
161 
162 static const struct ieee80211_iface_limit rtw89_iface_limits[] = {
163 	{
164 		.max = 1,
165 		.types = BIT(NL80211_IFTYPE_STATION),
166 	},
167 	{
168 		.max = 1,
169 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT) |
170 			 BIT(NL80211_IFTYPE_P2P_GO) |
171 			 BIT(NL80211_IFTYPE_AP),
172 	},
173 };
174 
175 static const struct ieee80211_iface_limit rtw89_iface_limits_mcc[] = {
176 	{
177 		.max = 1,
178 		.types = BIT(NL80211_IFTYPE_STATION),
179 	},
180 	{
181 		.max = 1,
182 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT) |
183 			 BIT(NL80211_IFTYPE_P2P_GO),
184 	},
185 };
186 
187 static const struct ieee80211_iface_combination rtw89_iface_combs[] = {
188 	{
189 		.limits = rtw89_iface_limits,
190 		.n_limits = ARRAY_SIZE(rtw89_iface_limits),
191 		.max_interfaces = 2,
192 		.num_different_channels = 1,
193 	},
194 	{
195 		.limits = rtw89_iface_limits_mcc,
196 		.n_limits = ARRAY_SIZE(rtw89_iface_limits_mcc),
197 		.max_interfaces = 2,
198 		.num_different_channels = 2,
199 	},
200 };
201 
202 bool rtw89_ra_report_to_bitrate(struct rtw89_dev *rtwdev, u8 rpt_rate, u16 *bitrate)
203 {
204 	struct ieee80211_rate rate;
205 
206 	if (unlikely(rpt_rate >= ARRAY_SIZE(rtw89_bitrates))) {
207 		rtw89_debug(rtwdev, RTW89_DBG_UNEXP, "invalid rpt rate %d\n", rpt_rate);
208 		return false;
209 	}
210 
211 	rate = rtw89_bitrates[rpt_rate];
212 	*bitrate = rate.bitrate;
213 
214 	return true;
215 }
216 
217 static const struct ieee80211_supported_band rtw89_sband_2ghz = {
218 	.band		= NL80211_BAND_2GHZ,
219 	.channels	= rtw89_channels_2ghz,
220 	.n_channels	= ARRAY_SIZE(rtw89_channels_2ghz),
221 	.bitrates	= rtw89_bitrates,
222 	.n_bitrates	= ARRAY_SIZE(rtw89_bitrates),
223 	.ht_cap		= {0},
224 	.vht_cap	= {0},
225 };
226 
227 static const struct ieee80211_supported_band rtw89_sband_5ghz = {
228 	.band		= NL80211_BAND_5GHZ,
229 	.channels	= rtw89_channels_5ghz,
230 	.n_channels	= ARRAY_SIZE(rtw89_channels_5ghz),
231 
232 	/* 5G has no CCK rates, 1M/2M/5.5M/11M */
233 	.bitrates	= rtw89_bitrates + 4,
234 	.n_bitrates	= ARRAY_SIZE(rtw89_bitrates) - 4,
235 	.ht_cap		= {0},
236 	.vht_cap	= {0},
237 };
238 
239 static const struct ieee80211_supported_band rtw89_sband_6ghz = {
240 	.band		= NL80211_BAND_6GHZ,
241 	.channels	= rtw89_channels_6ghz,
242 	.n_channels	= ARRAY_SIZE(rtw89_channels_6ghz),
243 
244 	/* 6G has no CCK rates, 1M/2M/5.5M/11M */
245 	.bitrates	= rtw89_bitrates + 4,
246 	.n_bitrates	= ARRAY_SIZE(rtw89_bitrates) - 4,
247 };
248 
249 static void rtw89_traffic_stats_accu(struct rtw89_dev *rtwdev,
250 				     struct rtw89_traffic_stats *stats,
251 				     struct sk_buff *skb, bool tx)
252 {
253 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
254 
255 	if (!ieee80211_is_data(hdr->frame_control))
256 		return;
257 
258 	if (is_broadcast_ether_addr(hdr->addr1) ||
259 	    is_multicast_ether_addr(hdr->addr1))
260 		return;
261 
262 	if (tx) {
263 		stats->tx_cnt++;
264 		stats->tx_unicast += skb->len;
265 	} else {
266 		stats->rx_cnt++;
267 		stats->rx_unicast += skb->len;
268 	}
269 }
270 
271 void rtw89_get_default_chandef(struct cfg80211_chan_def *chandef)
272 {
273 	cfg80211_chandef_create(chandef, &rtw89_channels_2ghz[0],
274 				NL80211_CHAN_NO_HT);
275 }
276 
277 void rtw89_get_channel_params(const struct cfg80211_chan_def *chandef,
278 			      struct rtw89_chan *chan)
279 {
280 	struct ieee80211_channel *channel = chandef->chan;
281 	enum nl80211_chan_width width = chandef->width;
282 	u32 primary_freq, center_freq;
283 	u8 center_chan;
284 	u8 bandwidth = RTW89_CHANNEL_WIDTH_20;
285 	u32 offset;
286 	u8 band;
287 
288 	center_chan = channel->hw_value;
289 	primary_freq = channel->center_freq;
290 	center_freq = chandef->center_freq1;
291 
292 	switch (width) {
293 	case NL80211_CHAN_WIDTH_20_NOHT:
294 	case NL80211_CHAN_WIDTH_20:
295 		bandwidth = RTW89_CHANNEL_WIDTH_20;
296 		break;
297 	case NL80211_CHAN_WIDTH_40:
298 		bandwidth = RTW89_CHANNEL_WIDTH_40;
299 		if (primary_freq > center_freq) {
300 			center_chan -= 2;
301 		} else {
302 			center_chan += 2;
303 		}
304 		break;
305 	case NL80211_CHAN_WIDTH_80:
306 	case NL80211_CHAN_WIDTH_160:
307 		bandwidth = nl_to_rtw89_bandwidth(width);
308 		if (primary_freq > center_freq) {
309 			offset = (primary_freq - center_freq - 10) / 20;
310 			center_chan -= 2 + offset * 4;
311 		} else {
312 			offset = (center_freq - primary_freq - 10) / 20;
313 			center_chan += 2 + offset * 4;
314 		}
315 		break;
316 	default:
317 		center_chan = 0;
318 		break;
319 	}
320 
321 	switch (channel->band) {
322 	default:
323 	case NL80211_BAND_2GHZ:
324 		band = RTW89_BAND_2G;
325 		break;
326 	case NL80211_BAND_5GHZ:
327 		band = RTW89_BAND_5G;
328 		break;
329 	case NL80211_BAND_6GHZ:
330 		band = RTW89_BAND_6G;
331 		break;
332 	}
333 
334 	rtw89_chan_create(chan, center_chan, channel->hw_value, band, bandwidth);
335 }
336 
337 void rtw89_core_set_chip_txpwr(struct rtw89_dev *rtwdev)
338 {
339 	struct rtw89_hal *hal = &rtwdev->hal;
340 	const struct rtw89_chip_info *chip = rtwdev->chip;
341 	const struct rtw89_chan *chan;
342 	enum rtw89_sub_entity_idx sub_entity_idx;
343 	enum rtw89_sub_entity_idx roc_idx;
344 	enum rtw89_phy_idx phy_idx;
345 	enum rtw89_entity_mode mode;
346 	bool entity_active;
347 
348 	entity_active = rtw89_get_entity_state(rtwdev);
349 	if (!entity_active)
350 		return;
351 
352 	mode = rtw89_get_entity_mode(rtwdev);
353 	switch (mode) {
354 	case RTW89_ENTITY_MODE_SCC:
355 	case RTW89_ENTITY_MODE_MCC:
356 		sub_entity_idx = RTW89_SUB_ENTITY_0;
357 		break;
358 	case RTW89_ENTITY_MODE_MCC_PREPARE:
359 		sub_entity_idx = RTW89_SUB_ENTITY_1;
360 		break;
361 	default:
362 		WARN(1, "Invalid ent mode: %d\n", mode);
363 		return;
364 	}
365 
366 	roc_idx = atomic_read(&hal->roc_entity_idx);
367 	if (roc_idx != RTW89_SUB_ENTITY_IDLE)
368 		sub_entity_idx = roc_idx;
369 
370 	phy_idx = RTW89_PHY_0;
371 	chan = rtw89_chan_get(rtwdev, sub_entity_idx);
372 	chip->ops->set_txpwr(rtwdev, chan, phy_idx);
373 }
374 
375 void rtw89_set_channel(struct rtw89_dev *rtwdev)
376 {
377 	struct rtw89_hal *hal = &rtwdev->hal;
378 	const struct rtw89_chip_info *chip = rtwdev->chip;
379 	const struct rtw89_chan_rcd *chan_rcd;
380 	const struct rtw89_chan *chan;
381 	enum rtw89_sub_entity_idx sub_entity_idx;
382 	enum rtw89_sub_entity_idx roc_idx;
383 	enum rtw89_mac_idx mac_idx;
384 	enum rtw89_phy_idx phy_idx;
385 	struct rtw89_channel_help_params bak;
386 	enum rtw89_entity_mode mode;
387 	bool entity_active;
388 
389 	entity_active = rtw89_get_entity_state(rtwdev);
390 
391 	mode = rtw89_entity_recalc(rtwdev);
392 	switch (mode) {
393 	case RTW89_ENTITY_MODE_SCC:
394 	case RTW89_ENTITY_MODE_MCC:
395 		sub_entity_idx = RTW89_SUB_ENTITY_0;
396 		break;
397 	case RTW89_ENTITY_MODE_MCC_PREPARE:
398 		sub_entity_idx = RTW89_SUB_ENTITY_1;
399 		break;
400 	default:
401 		WARN(1, "Invalid ent mode: %d\n", mode);
402 		return;
403 	}
404 
405 	roc_idx = atomic_read(&hal->roc_entity_idx);
406 	if (roc_idx != RTW89_SUB_ENTITY_IDLE)
407 		sub_entity_idx = roc_idx;
408 
409 	mac_idx = RTW89_MAC_0;
410 	phy_idx = RTW89_PHY_0;
411 
412 	chan = rtw89_chan_get(rtwdev, sub_entity_idx);
413 	chan_rcd = rtw89_chan_rcd_get(rtwdev, sub_entity_idx);
414 
415 	rtw89_chip_set_channel_prepare(rtwdev, &bak, chan, mac_idx, phy_idx);
416 
417 	chip->ops->set_channel(rtwdev, chan, mac_idx, phy_idx);
418 
419 	chip->ops->set_txpwr(rtwdev, chan, phy_idx);
420 
421 	rtw89_chip_set_channel_done(rtwdev, &bak, chan, mac_idx, phy_idx);
422 
423 	if (!entity_active || chan_rcd->band_changed) {
424 		rtw89_btc_ntfy_switch_band(rtwdev, phy_idx, chan->band_type);
425 		rtw89_chip_rfk_band_changed(rtwdev, phy_idx);
426 	}
427 
428 	rtw89_set_entity_state(rtwdev, true);
429 }
430 
431 void rtw89_get_channel(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif,
432 		       struct rtw89_chan *chan)
433 {
434 	const struct cfg80211_chan_def *chandef;
435 
436 	chandef = rtw89_chandef_get(rtwdev, rtwvif->sub_entity_idx);
437 	rtw89_get_channel_params(chandef, chan);
438 }
439 
440 static enum rtw89_core_tx_type
441 rtw89_core_get_tx_type(struct rtw89_dev *rtwdev,
442 		       struct sk_buff *skb)
443 {
444 	struct ieee80211_hdr *hdr = (void *)skb->data;
445 	__le16 fc = hdr->frame_control;
446 
447 	if (ieee80211_is_mgmt(fc) || ieee80211_is_nullfunc(fc))
448 		return RTW89_CORE_TX_TYPE_MGMT;
449 
450 	return RTW89_CORE_TX_TYPE_DATA;
451 }
452 
453 static void
454 rtw89_core_tx_update_ampdu_info(struct rtw89_dev *rtwdev,
455 				struct rtw89_core_tx_request *tx_req,
456 				enum btc_pkt_type pkt_type)
457 {
458 	struct ieee80211_sta *sta = tx_req->sta;
459 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
460 	struct sk_buff *skb = tx_req->skb;
461 	struct rtw89_sta *rtwsta;
462 	u8 ampdu_num;
463 	u8 tid;
464 
465 	if (pkt_type == PACKET_EAPOL) {
466 		desc_info->bk = true;
467 		return;
468 	}
469 
470 	if (!(IEEE80211_SKB_CB(skb)->flags & IEEE80211_TX_CTL_AMPDU))
471 		return;
472 
473 	if (!sta) {
474 		rtw89_warn(rtwdev, "cannot set ampdu info without sta\n");
475 		return;
476 	}
477 
478 	tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
479 	rtwsta = (struct rtw89_sta *)sta->drv_priv;
480 
481 	ampdu_num = (u8)((rtwsta->ampdu_params[tid].agg_num ?
482 			  rtwsta->ampdu_params[tid].agg_num :
483 			  4 << sta->deflink.ht_cap.ampdu_factor) - 1);
484 
485 	desc_info->agg_en = true;
486 	desc_info->ampdu_density = sta->deflink.ht_cap.ampdu_density;
487 	desc_info->ampdu_num = ampdu_num;
488 }
489 
490 static void
491 rtw89_core_tx_update_sec_key(struct rtw89_dev *rtwdev,
492 			     struct rtw89_core_tx_request *tx_req)
493 {
494 	const struct rtw89_chip_info *chip = rtwdev->chip;
495 	struct ieee80211_vif *vif = tx_req->vif;
496 	struct ieee80211_sta *sta = tx_req->sta;
497 	struct ieee80211_tx_info *info;
498 	struct ieee80211_key_conf *key;
499 	struct rtw89_vif *rtwvif;
500 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
501 	struct rtw89_addr_cam_entry *addr_cam;
502 	struct rtw89_sec_cam_entry *sec_cam;
503 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
504 	struct sk_buff *skb = tx_req->skb;
505 	u8 sec_type = RTW89_SEC_KEY_TYPE_NONE;
506 	u64 pn64;
507 
508 	if (!vif) {
509 		rtw89_warn(rtwdev, "cannot set sec key without vif\n");
510 		return;
511 	}
512 
513 	rtwvif = (struct rtw89_vif *)vif->drv_priv;
514 	addr_cam = rtw89_get_addr_cam_of(rtwvif, rtwsta);
515 
516 	info = IEEE80211_SKB_CB(skb);
517 	key = info->control.hw_key;
518 	sec_cam = addr_cam->sec_entries[key->hw_key_idx];
519 	if (!sec_cam) {
520 		rtw89_warn(rtwdev, "sec cam entry is empty\n");
521 		return;
522 	}
523 
524 	switch (key->cipher) {
525 	case WLAN_CIPHER_SUITE_WEP40:
526 		sec_type = RTW89_SEC_KEY_TYPE_WEP40;
527 		break;
528 	case WLAN_CIPHER_SUITE_WEP104:
529 		sec_type = RTW89_SEC_KEY_TYPE_WEP104;
530 		break;
531 	case WLAN_CIPHER_SUITE_TKIP:
532 		sec_type = RTW89_SEC_KEY_TYPE_TKIP;
533 		break;
534 	case WLAN_CIPHER_SUITE_CCMP:
535 		sec_type = RTW89_SEC_KEY_TYPE_CCMP128;
536 		break;
537 	case WLAN_CIPHER_SUITE_CCMP_256:
538 		sec_type = RTW89_SEC_KEY_TYPE_CCMP256;
539 		break;
540 	case WLAN_CIPHER_SUITE_GCMP:
541 		sec_type = RTW89_SEC_KEY_TYPE_GCMP128;
542 		break;
543 	case WLAN_CIPHER_SUITE_GCMP_256:
544 		sec_type = RTW89_SEC_KEY_TYPE_GCMP256;
545 		break;
546 	default:
547 		rtw89_warn(rtwdev, "key cipher not supported %d\n", key->cipher);
548 		return;
549 	}
550 
551 	desc_info->sec_en = true;
552 	desc_info->sec_keyid = key->keyidx;
553 	desc_info->sec_type = sec_type;
554 	desc_info->sec_cam_idx = sec_cam->sec_cam_idx;
555 
556 	if (!chip->hw_sec_hdr)
557 		return;
558 
559 	pn64 = atomic64_inc_return(&key->tx_pn);
560 	desc_info->sec_seq[0] = pn64;
561 	desc_info->sec_seq[1] = pn64 >> 8;
562 	desc_info->sec_seq[2] = pn64 >> 16;
563 	desc_info->sec_seq[3] = pn64 >> 24;
564 	desc_info->sec_seq[4] = pn64 >> 32;
565 	desc_info->sec_seq[5] = pn64 >> 40;
566 	desc_info->wp_offset = 1; /* in unit of 8 bytes for security header */
567 }
568 
569 static u16 rtw89_core_get_mgmt_rate(struct rtw89_dev *rtwdev,
570 				    struct rtw89_core_tx_request *tx_req,
571 				    const struct rtw89_chan *chan)
572 {
573 	struct sk_buff *skb = tx_req->skb;
574 	struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb);
575 	struct ieee80211_vif *vif = tx_info->control.vif;
576 	u16 lowest_rate;
577 
578 	if (tx_info->flags & IEEE80211_TX_CTL_NO_CCK_RATE ||
579 	    (vif && vif->p2p))
580 		lowest_rate = RTW89_HW_RATE_OFDM6;
581 	else if (chan->band_type == RTW89_BAND_2G)
582 		lowest_rate = RTW89_HW_RATE_CCK1;
583 	else
584 		lowest_rate = RTW89_HW_RATE_OFDM6;
585 
586 	if (!vif || !vif->bss_conf.basic_rates || !tx_req->sta)
587 		return lowest_rate;
588 
589 	return __ffs(vif->bss_conf.basic_rates) + lowest_rate;
590 }
591 
592 static u8 rtw89_core_tx_get_mac_id(struct rtw89_dev *rtwdev,
593 				   struct rtw89_core_tx_request *tx_req)
594 {
595 	struct ieee80211_vif *vif = tx_req->vif;
596 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
597 	struct ieee80211_sta *sta = tx_req->sta;
598 	struct rtw89_sta *rtwsta;
599 
600 	if (!sta)
601 		return rtwvif->mac_id;
602 
603 	rtwsta = (struct rtw89_sta *)sta->drv_priv;
604 	return rtwsta->mac_id;
605 }
606 
607 static void
608 rtw89_core_tx_update_mgmt_info(struct rtw89_dev *rtwdev,
609 			       struct rtw89_core_tx_request *tx_req)
610 {
611 	struct ieee80211_vif *vif = tx_req->vif;
612 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
613 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
614 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev,
615 						       rtwvif->sub_entity_idx);
616 	u8 qsel, ch_dma;
617 
618 	qsel = desc_info->hiq ? RTW89_TX_QSEL_B0_HI : RTW89_TX_QSEL_B0_MGMT;
619 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
620 
621 	desc_info->qsel = qsel;
622 	desc_info->ch_dma = ch_dma;
623 	desc_info->port = desc_info->hiq ? rtwvif->port : 0;
624 	desc_info->mac_id = rtw89_core_tx_get_mac_id(rtwdev, tx_req);
625 	desc_info->hw_ssn_sel = RTW89_MGMT_HW_SSN_SEL;
626 	desc_info->hw_seq_mode = RTW89_MGMT_HW_SEQ_MODE;
627 
628 	/* fixed data rate for mgmt frames */
629 	desc_info->en_wd_info = true;
630 	desc_info->use_rate = true;
631 	desc_info->dis_data_fb = true;
632 	desc_info->data_rate = rtw89_core_get_mgmt_rate(rtwdev, tx_req, chan);
633 
634 	rtw89_debug(rtwdev, RTW89_DBG_TXRX,
635 		    "tx mgmt frame with rate 0x%x on channel %d (band %d, bw %d)\n",
636 		    desc_info->data_rate, chan->channel, chan->band_type,
637 		    chan->band_width);
638 }
639 
640 static void
641 rtw89_core_tx_update_h2c_info(struct rtw89_dev *rtwdev,
642 			      struct rtw89_core_tx_request *tx_req)
643 {
644 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
645 
646 	desc_info->is_bmc = false;
647 	desc_info->wd_page = false;
648 	desc_info->ch_dma = RTW89_DMA_H2C;
649 }
650 
651 static void rtw89_core_get_no_ul_ofdma_htc(struct rtw89_dev *rtwdev, __le32 *htc,
652 					   const struct rtw89_chan *chan)
653 {
654 	static const u8 rtw89_bandwidth_to_om[] = {
655 		[RTW89_CHANNEL_WIDTH_20] = HTC_OM_CHANNEL_WIDTH_20,
656 		[RTW89_CHANNEL_WIDTH_40] = HTC_OM_CHANNEL_WIDTH_40,
657 		[RTW89_CHANNEL_WIDTH_80] = HTC_OM_CHANNEL_WIDTH_80,
658 		[RTW89_CHANNEL_WIDTH_160] = HTC_OM_CHANNEL_WIDTH_160_OR_80_80,
659 		[RTW89_CHANNEL_WIDTH_80_80] = HTC_OM_CHANNEL_WIDTH_160_OR_80_80,
660 	};
661 	const struct rtw89_chip_info *chip = rtwdev->chip;
662 	struct rtw89_hal *hal = &rtwdev->hal;
663 	u8 om_bandwidth;
664 
665 	if (!chip->dis_2g_40m_ul_ofdma ||
666 	    chan->band_type != RTW89_BAND_2G ||
667 	    chan->band_width != RTW89_CHANNEL_WIDTH_40)
668 		return;
669 
670 	om_bandwidth = chan->band_width < ARRAY_SIZE(rtw89_bandwidth_to_om) ?
671 		       rtw89_bandwidth_to_om[chan->band_width] : 0;
672 	*htc = le32_encode_bits(RTW89_HTC_VARIANT_HE, RTW89_HTC_MASK_VARIANT) |
673 	       le32_encode_bits(RTW89_HTC_VARIANT_HE_CID_OM, RTW89_HTC_MASK_CTL_ID) |
674 	       le32_encode_bits(hal->rx_nss - 1, RTW89_HTC_MASK_HTC_OM_RX_NSS) |
675 	       le32_encode_bits(om_bandwidth, RTW89_HTC_MASK_HTC_OM_CH_WIDTH) |
676 	       le32_encode_bits(1, RTW89_HTC_MASK_HTC_OM_UL_MU_DIS) |
677 	       le32_encode_bits(hal->tx_nss - 1, RTW89_HTC_MASK_HTC_OM_TX_NSTS) |
678 	       le32_encode_bits(0, RTW89_HTC_MASK_HTC_OM_ER_SU_DIS) |
679 	       le32_encode_bits(0, RTW89_HTC_MASK_HTC_OM_DL_MU_MIMO_RR) |
680 	       le32_encode_bits(0, RTW89_HTC_MASK_HTC_OM_UL_MU_DATA_DIS);
681 }
682 
683 static bool
684 __rtw89_core_tx_check_he_qos_htc(struct rtw89_dev *rtwdev,
685 				 struct rtw89_core_tx_request *tx_req,
686 				 enum btc_pkt_type pkt_type)
687 {
688 	struct ieee80211_sta *sta = tx_req->sta;
689 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
690 	struct sk_buff *skb = tx_req->skb;
691 	struct ieee80211_hdr *hdr = (void *)skb->data;
692 	__le16 fc = hdr->frame_control;
693 
694 	/* AP IOT issue with EAPoL, ARP and DHCP */
695 	if (pkt_type < PACKET_MAX)
696 		return false;
697 
698 	if (!sta || !sta->deflink.he_cap.has_he)
699 		return false;
700 
701 	if (!ieee80211_is_data_qos(fc))
702 		return false;
703 
704 	if (skb_headroom(skb) < IEEE80211_HT_CTL_LEN)
705 		return false;
706 
707 	if (rtwsta && rtwsta->ra_report.might_fallback_legacy)
708 		return false;
709 
710 	return true;
711 }
712 
713 static void
714 __rtw89_core_tx_adjust_he_qos_htc(struct rtw89_dev *rtwdev,
715 				  struct rtw89_core_tx_request *tx_req)
716 {
717 	struct ieee80211_sta *sta = tx_req->sta;
718 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
719 	struct sk_buff *skb = tx_req->skb;
720 	struct ieee80211_hdr *hdr = (void *)skb->data;
721 	__le16 fc = hdr->frame_control;
722 	void *data;
723 	__le32 *htc;
724 	u8 *qc;
725 	int hdr_len;
726 
727 	hdr_len = ieee80211_has_a4(fc) ? 32 : 26;
728 	data = skb_push(skb, IEEE80211_HT_CTL_LEN);
729 	memmove(data, data + IEEE80211_HT_CTL_LEN, hdr_len);
730 
731 	hdr = data;
732 	htc = data + hdr_len;
733 	hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_ORDER);
734 	*htc = rtwsta->htc_template ? rtwsta->htc_template :
735 	       le32_encode_bits(RTW89_HTC_VARIANT_HE, RTW89_HTC_MASK_VARIANT) |
736 	       le32_encode_bits(RTW89_HTC_VARIANT_HE_CID_CAS, RTW89_HTC_MASK_CTL_ID);
737 
738 	qc = data + hdr_len - IEEE80211_QOS_CTL_LEN;
739 	qc[0] |= IEEE80211_QOS_CTL_EOSP;
740 }
741 
742 static void
743 rtw89_core_tx_update_he_qos_htc(struct rtw89_dev *rtwdev,
744 				struct rtw89_core_tx_request *tx_req,
745 				enum btc_pkt_type pkt_type)
746 {
747 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
748 	struct ieee80211_vif *vif = tx_req->vif;
749 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
750 
751 	if (!__rtw89_core_tx_check_he_qos_htc(rtwdev, tx_req, pkt_type))
752 		goto desc_bk;
753 
754 	__rtw89_core_tx_adjust_he_qos_htc(rtwdev, tx_req);
755 
756 	desc_info->pkt_size += IEEE80211_HT_CTL_LEN;
757 	desc_info->a_ctrl_bsr = true;
758 
759 desc_bk:
760 	if (!rtwvif || rtwvif->last_a_ctrl == desc_info->a_ctrl_bsr)
761 		return;
762 
763 	rtwvif->last_a_ctrl = desc_info->a_ctrl_bsr;
764 	desc_info->bk = true;
765 }
766 
767 static u16 rtw89_core_get_data_rate(struct rtw89_dev *rtwdev,
768 				    struct rtw89_core_tx_request *tx_req)
769 {
770 	struct ieee80211_vif *vif = tx_req->vif;
771 	struct ieee80211_sta *sta = tx_req->sta;
772 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
773 	struct rtw89_phy_rate_pattern *rate_pattern = &rtwvif->rate_pattern;
774 	enum rtw89_sub_entity_idx idx = rtwvif->sub_entity_idx;
775 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev, idx);
776 	u16 lowest_rate;
777 
778 	if (rate_pattern->enable)
779 		return rate_pattern->rate;
780 
781 	if (vif->p2p)
782 		lowest_rate = RTW89_HW_RATE_OFDM6;
783 	else if (chan->band_type == RTW89_BAND_2G)
784 		lowest_rate = RTW89_HW_RATE_CCK1;
785 	else
786 		lowest_rate = RTW89_HW_RATE_OFDM6;
787 
788 	if (!sta || !sta->deflink.supp_rates[chan->band_type])
789 		return lowest_rate;
790 
791 	return __ffs(sta->deflink.supp_rates[chan->band_type]) + lowest_rate;
792 }
793 
794 static void
795 rtw89_core_tx_update_data_info(struct rtw89_dev *rtwdev,
796 			       struct rtw89_core_tx_request *tx_req)
797 {
798 	struct ieee80211_vif *vif = tx_req->vif;
799 	struct ieee80211_sta *sta = tx_req->sta;
800 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
801 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
802 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
803 	struct sk_buff *skb = tx_req->skb;
804 	u8 tid, tid_indicate;
805 	u8 qsel, ch_dma;
806 
807 	tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
808 	tid_indicate = rtw89_core_get_tid_indicate(rtwdev, tid);
809 	qsel = desc_info->hiq ? RTW89_TX_QSEL_B0_HI : rtw89_core_get_qsel(rtwdev, tid);
810 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
811 
812 	desc_info->ch_dma = ch_dma;
813 	desc_info->tid_indicate = tid_indicate;
814 	desc_info->qsel = qsel;
815 	desc_info->mac_id = rtw89_core_tx_get_mac_id(rtwdev, tx_req);
816 	desc_info->port = desc_info->hiq ? rtwvif->port : 0;
817 	desc_info->er_cap = rtwsta ? rtwsta->er_cap : false;
818 
819 	/* enable wd_info for AMPDU */
820 	desc_info->en_wd_info = true;
821 
822 	if (IEEE80211_SKB_CB(skb)->control.hw_key)
823 		rtw89_core_tx_update_sec_key(rtwdev, tx_req);
824 
825 	desc_info->data_retry_lowest_rate = rtw89_core_get_data_rate(rtwdev, tx_req);
826 }
827 
828 static enum btc_pkt_type
829 rtw89_core_tx_btc_spec_pkt_notify(struct rtw89_dev *rtwdev,
830 				  struct rtw89_core_tx_request *tx_req)
831 {
832 	struct sk_buff *skb = tx_req->skb;
833 	struct udphdr *udphdr;
834 
835 	if (IEEE80211_SKB_CB(skb)->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO) {
836 		ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.eapol_notify_work);
837 		return PACKET_EAPOL;
838 	}
839 
840 	if (skb->protocol == htons(ETH_P_ARP)) {
841 		ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.arp_notify_work);
842 		return PACKET_ARP;
843 	}
844 
845 	if (skb->protocol == htons(ETH_P_IP) &&
846 	    ip_hdr(skb)->protocol == IPPROTO_UDP) {
847 		udphdr = udp_hdr(skb);
848 		if (((udphdr->source == htons(67) && udphdr->dest == htons(68)) ||
849 		     (udphdr->source == htons(68) && udphdr->dest == htons(67))) &&
850 		    skb->len > 282) {
851 			ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.dhcp_notify_work);
852 			return PACKET_DHCP;
853 		}
854 	}
855 
856 	if (skb->protocol == htons(ETH_P_IP) &&
857 	    ip_hdr(skb)->protocol == IPPROTO_ICMP) {
858 		ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.icmp_notify_work);
859 		return PACKET_ICMP;
860 	}
861 
862 	return PACKET_MAX;
863 }
864 
865 static void rtw89_core_tx_update_llc_hdr(struct rtw89_dev *rtwdev,
866 					 struct rtw89_tx_desc_info *desc_info,
867 					 struct sk_buff *skb)
868 {
869 	struct ieee80211_hdr *hdr = (void *)skb->data;
870 	__le16 fc = hdr->frame_control;
871 
872 	desc_info->hdr_llc_len = ieee80211_hdrlen(fc);
873 	desc_info->hdr_llc_len >>= 1; /* in unit of 2 bytes */
874 }
875 
876 static void
877 rtw89_core_tx_wake(struct rtw89_dev *rtwdev,
878 		   struct rtw89_core_tx_request *tx_req)
879 {
880 	const struct rtw89_chip_info *chip = rtwdev->chip;
881 
882 	if (!RTW89_CHK_FW_FEATURE(TX_WAKE, &rtwdev->fw))
883 		return;
884 
885 	if (!test_bit(RTW89_FLAG_LOW_POWER_MODE, rtwdev->flags))
886 		return;
887 
888 	if (chip->chip_id != RTL8852C &&
889 	    tx_req->tx_type != RTW89_CORE_TX_TYPE_MGMT)
890 		return;
891 
892 	rtw89_mac_notify_wake(rtwdev);
893 }
894 
895 static void
896 rtw89_core_tx_update_desc_info(struct rtw89_dev *rtwdev,
897 			       struct rtw89_core_tx_request *tx_req)
898 {
899 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
900 	struct sk_buff *skb = tx_req->skb;
901 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
902 	struct ieee80211_hdr *hdr = (void *)skb->data;
903 	enum rtw89_core_tx_type tx_type;
904 	enum btc_pkt_type pkt_type;
905 	bool is_bmc;
906 	u16 seq;
907 
908 	seq = (le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ) >> 4;
909 	if (tx_req->tx_type != RTW89_CORE_TX_TYPE_FWCMD) {
910 		tx_type = rtw89_core_get_tx_type(rtwdev, skb);
911 		tx_req->tx_type = tx_type;
912 	}
913 	is_bmc = (is_broadcast_ether_addr(hdr->addr1) ||
914 		  is_multicast_ether_addr(hdr->addr1));
915 
916 	desc_info->seq = seq;
917 	desc_info->pkt_size = skb->len;
918 	desc_info->is_bmc = is_bmc;
919 	desc_info->wd_page = true;
920 	desc_info->hiq = info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM;
921 
922 	switch (tx_req->tx_type) {
923 	case RTW89_CORE_TX_TYPE_MGMT:
924 		rtw89_core_tx_update_mgmt_info(rtwdev, tx_req);
925 		break;
926 	case RTW89_CORE_TX_TYPE_DATA:
927 		rtw89_core_tx_update_data_info(rtwdev, tx_req);
928 		pkt_type = rtw89_core_tx_btc_spec_pkt_notify(rtwdev, tx_req);
929 		rtw89_core_tx_update_he_qos_htc(rtwdev, tx_req, pkt_type);
930 		rtw89_core_tx_update_ampdu_info(rtwdev, tx_req, pkt_type);
931 		rtw89_core_tx_update_llc_hdr(rtwdev, desc_info, skb);
932 		break;
933 	case RTW89_CORE_TX_TYPE_FWCMD:
934 		rtw89_core_tx_update_h2c_info(rtwdev, tx_req);
935 		break;
936 	}
937 }
938 
939 void rtw89_core_tx_kick_off(struct rtw89_dev *rtwdev, u8 qsel)
940 {
941 	u8 ch_dma;
942 
943 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
944 
945 	rtw89_hci_tx_kick_off(rtwdev, ch_dma);
946 }
947 
948 int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *skb,
949 				    int qsel, unsigned int timeout)
950 {
951 	struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb);
952 	struct rtw89_tx_wait_info *wait;
953 	unsigned long time_left;
954 	int ret = 0;
955 
956 	wait = kzalloc(sizeof(*wait), GFP_KERNEL);
957 	if (!wait) {
958 		rtw89_core_tx_kick_off(rtwdev, qsel);
959 		return 0;
960 	}
961 
962 	init_completion(&wait->completion);
963 	rcu_assign_pointer(skb_data->wait, wait);
964 
965 	rtw89_core_tx_kick_off(rtwdev, qsel);
966 	time_left = wait_for_completion_timeout(&wait->completion,
967 						msecs_to_jiffies(timeout));
968 	if (time_left == 0)
969 		ret = -ETIMEDOUT;
970 	else if (!wait->tx_done)
971 		ret = -EAGAIN;
972 
973 	rcu_assign_pointer(skb_data->wait, NULL);
974 	kfree_rcu(wait, rcu_head);
975 
976 	return ret;
977 }
978 
979 int rtw89_h2c_tx(struct rtw89_dev *rtwdev,
980 		 struct sk_buff *skb, bool fwdl)
981 {
982 	struct rtw89_core_tx_request tx_req = {0};
983 	u32 cnt;
984 	int ret;
985 
986 	if (!test_bit(RTW89_FLAG_POWERON, rtwdev->flags)) {
987 		rtw89_debug(rtwdev, RTW89_DBG_FW,
988 			    "ignore h2c due to power is off with firmware state=%d\n",
989 			    test_bit(RTW89_FLAG_FW_RDY, rtwdev->flags));
990 		dev_kfree_skb(skb);
991 		return 0;
992 	}
993 
994 	tx_req.skb = skb;
995 	tx_req.tx_type = RTW89_CORE_TX_TYPE_FWCMD;
996 	if (fwdl)
997 		tx_req.desc_info.fw_dl = true;
998 
999 	rtw89_core_tx_update_desc_info(rtwdev, &tx_req);
1000 
1001 	if (!fwdl)
1002 		rtw89_hex_dump(rtwdev, RTW89_DBG_FW, "H2C: ", skb->data, skb->len);
1003 
1004 	cnt = rtw89_hci_check_and_reclaim_tx_resource(rtwdev, RTW89_TXCH_CH12);
1005 	if (cnt == 0) {
1006 		rtw89_err(rtwdev, "no tx fwcmd resource\n");
1007 		return -ENOSPC;
1008 	}
1009 
1010 	ret = rtw89_hci_tx_write(rtwdev, &tx_req);
1011 	if (ret) {
1012 		rtw89_err(rtwdev, "failed to transmit skb to HCI\n");
1013 		return ret;
1014 	}
1015 	rtw89_hci_tx_kick_off(rtwdev, RTW89_TXCH_CH12);
1016 
1017 	return 0;
1018 }
1019 
1020 int rtw89_core_tx_write(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif,
1021 			struct ieee80211_sta *sta, struct sk_buff *skb, int *qsel)
1022 {
1023 	struct rtw89_core_tx_request tx_req = {0};
1024 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
1025 	int ret;
1026 
1027 	tx_req.skb = skb;
1028 	tx_req.sta = sta;
1029 	tx_req.vif = vif;
1030 
1031 	rtw89_traffic_stats_accu(rtwdev, &rtwdev->stats, skb, true);
1032 	rtw89_traffic_stats_accu(rtwdev, &rtwvif->stats, skb, true);
1033 	rtw89_core_tx_update_desc_info(rtwdev, &tx_req);
1034 	rtw89_core_tx_wake(rtwdev, &tx_req);
1035 
1036 	ret = rtw89_hci_tx_write(rtwdev, &tx_req);
1037 	if (ret) {
1038 		rtw89_err(rtwdev, "failed to transmit skb to HCI\n");
1039 		return ret;
1040 	}
1041 
1042 	if (qsel)
1043 		*qsel = tx_req.desc_info.qsel;
1044 
1045 	return 0;
1046 }
1047 
1048 static __le32 rtw89_build_txwd_body0(struct rtw89_tx_desc_info *desc_info)
1049 {
1050 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY0_WP_OFFSET, desc_info->wp_offset) |
1051 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_INFO_EN, desc_info->en_wd_info) |
1052 		    FIELD_PREP(RTW89_TXWD_BODY0_CHANNEL_DMA, desc_info->ch_dma) |
1053 		    FIELD_PREP(RTW89_TXWD_BODY0_HDR_LLC_LEN, desc_info->hdr_llc_len) |
1054 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_PAGE, desc_info->wd_page) |
1055 		    FIELD_PREP(RTW89_TXWD_BODY0_FW_DL, desc_info->fw_dl) |
1056 		    FIELD_PREP(RTW89_TXWD_BODY0_HW_SSN_SEL, desc_info->hw_ssn_sel) |
1057 		    FIELD_PREP(RTW89_TXWD_BODY0_HW_SSN_MODE, desc_info->hw_seq_mode);
1058 
1059 	return cpu_to_le32(dword);
1060 }
1061 
1062 static __le32 rtw89_build_txwd_body0_v1(struct rtw89_tx_desc_info *desc_info)
1063 {
1064 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY0_WP_OFFSET_V1, desc_info->wp_offset) |
1065 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_INFO_EN, desc_info->en_wd_info) |
1066 		    FIELD_PREP(RTW89_TXWD_BODY0_CHANNEL_DMA, desc_info->ch_dma) |
1067 		    FIELD_PREP(RTW89_TXWD_BODY0_HDR_LLC_LEN, desc_info->hdr_llc_len) |
1068 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_PAGE, desc_info->wd_page) |
1069 		    FIELD_PREP(RTW89_TXWD_BODY0_FW_DL, desc_info->fw_dl);
1070 
1071 	return cpu_to_le32(dword);
1072 }
1073 
1074 static __le32 rtw89_build_txwd_body1_v1(struct rtw89_tx_desc_info *desc_info)
1075 {
1076 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY1_ADDR_INFO_NUM, desc_info->addr_info_nr) |
1077 		    FIELD_PREP(RTW89_TXWD_BODY1_SEC_KEYID, desc_info->sec_keyid) |
1078 		    FIELD_PREP(RTW89_TXWD_BODY1_SEC_TYPE, desc_info->sec_type);
1079 
1080 	return cpu_to_le32(dword);
1081 }
1082 
1083 static __le32 rtw89_build_txwd_body2(struct rtw89_tx_desc_info *desc_info)
1084 {
1085 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY2_TID_INDICATE, desc_info->tid_indicate) |
1086 		    FIELD_PREP(RTW89_TXWD_BODY2_QSEL, desc_info->qsel) |
1087 		    FIELD_PREP(RTW89_TXWD_BODY2_TXPKT_SIZE, desc_info->pkt_size) |
1088 		    FIELD_PREP(RTW89_TXWD_BODY2_MACID, desc_info->mac_id);
1089 
1090 	return cpu_to_le32(dword);
1091 }
1092 
1093 static __le32 rtw89_build_txwd_body3(struct rtw89_tx_desc_info *desc_info)
1094 {
1095 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY3_SW_SEQ, desc_info->seq) |
1096 		    FIELD_PREP(RTW89_TXWD_BODY3_AGG_EN, desc_info->agg_en) |
1097 		    FIELD_PREP(RTW89_TXWD_BODY3_BK, desc_info->bk);
1098 
1099 	return cpu_to_le32(dword);
1100 }
1101 
1102 static __le32 rtw89_build_txwd_body4(struct rtw89_tx_desc_info *desc_info)
1103 {
1104 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY4_SEC_IV_L0, desc_info->sec_seq[0]) |
1105 		    FIELD_PREP(RTW89_TXWD_BODY4_SEC_IV_L1, desc_info->sec_seq[1]);
1106 
1107 	return cpu_to_le32(dword);
1108 }
1109 
1110 static __le32 rtw89_build_txwd_body5(struct rtw89_tx_desc_info *desc_info)
1111 {
1112 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H2, desc_info->sec_seq[2]) |
1113 		    FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H3, desc_info->sec_seq[3]) |
1114 		    FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H4, desc_info->sec_seq[4]) |
1115 		    FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H5, desc_info->sec_seq[5]);
1116 
1117 	return cpu_to_le32(dword);
1118 }
1119 
1120 static __le32 rtw89_build_txwd_body7_v1(struct rtw89_tx_desc_info *desc_info)
1121 {
1122 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY7_USE_RATE_V1, desc_info->use_rate) |
1123 		    FIELD_PREP(RTW89_TXWD_BODY7_DATA_RATE, desc_info->data_rate);
1124 
1125 	return cpu_to_le32(dword);
1126 }
1127 
1128 static __le32 rtw89_build_txwd_info0(struct rtw89_tx_desc_info *desc_info)
1129 {
1130 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO0_USE_RATE, desc_info->use_rate) |
1131 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_RATE, desc_info->data_rate) |
1132 		    FIELD_PREP(RTW89_TXWD_INFO0_DISDATAFB, desc_info->dis_data_fb) |
1133 		    FIELD_PREP(RTW89_TXWD_INFO0_MULTIPORT_ID, desc_info->port);
1134 
1135 	return cpu_to_le32(dword);
1136 }
1137 
1138 static __le32 rtw89_build_txwd_info0_v1(struct rtw89_tx_desc_info *desc_info)
1139 {
1140 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO0_DISDATAFB, desc_info->dis_data_fb) |
1141 		    FIELD_PREP(RTW89_TXWD_INFO0_MULTIPORT_ID, desc_info->port) |
1142 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_ER, desc_info->er_cap) |
1143 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_BW_ER, 0);
1144 
1145 	return cpu_to_le32(dword);
1146 }
1147 
1148 static __le32 rtw89_build_txwd_info1(struct rtw89_tx_desc_info *desc_info)
1149 {
1150 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO1_MAX_AGGNUM, desc_info->ampdu_num) |
1151 		    FIELD_PREP(RTW89_TXWD_INFO1_A_CTRL_BSR, desc_info->a_ctrl_bsr) |
1152 		    FIELD_PREP(RTW89_TXWD_INFO1_DATA_RTY_LOWEST_RATE,
1153 			       desc_info->data_retry_lowest_rate);
1154 
1155 	return cpu_to_le32(dword);
1156 }
1157 
1158 static __le32 rtw89_build_txwd_info2(struct rtw89_tx_desc_info *desc_info)
1159 {
1160 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO2_AMPDU_DENSITY, desc_info->ampdu_density) |
1161 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_TYPE, desc_info->sec_type) |
1162 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_HW_ENC, desc_info->sec_en) |
1163 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_CAM_IDX, desc_info->sec_cam_idx);
1164 
1165 	return cpu_to_le32(dword);
1166 }
1167 
1168 static __le32 rtw89_build_txwd_info2_v1(struct rtw89_tx_desc_info *desc_info)
1169 {
1170 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO2_AMPDU_DENSITY, desc_info->ampdu_density) |
1171 		    FIELD_PREP(RTW89_TXWD_INFO2_FORCE_KEY_EN, desc_info->sec_en) |
1172 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_CAM_IDX, desc_info->sec_cam_idx);
1173 
1174 	return cpu_to_le32(dword);
1175 }
1176 
1177 static __le32 rtw89_build_txwd_info4(struct rtw89_tx_desc_info *desc_info)
1178 {
1179 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO4_RTS_EN, 1) |
1180 		    FIELD_PREP(RTW89_TXWD_INFO4_HW_RTS_EN, 1);
1181 
1182 	return cpu_to_le32(dword);
1183 }
1184 
1185 void rtw89_core_fill_txdesc(struct rtw89_dev *rtwdev,
1186 			    struct rtw89_tx_desc_info *desc_info,
1187 			    void *txdesc)
1188 {
1189 	struct rtw89_txwd_body *txwd_body = (struct rtw89_txwd_body *)txdesc;
1190 	struct rtw89_txwd_info *txwd_info;
1191 
1192 	txwd_body->dword0 = rtw89_build_txwd_body0(desc_info);
1193 	txwd_body->dword2 = rtw89_build_txwd_body2(desc_info);
1194 	txwd_body->dword3 = rtw89_build_txwd_body3(desc_info);
1195 
1196 	if (!desc_info->en_wd_info)
1197 		return;
1198 
1199 	txwd_info = (struct rtw89_txwd_info *)(txwd_body + 1);
1200 	txwd_info->dword0 = rtw89_build_txwd_info0(desc_info);
1201 	txwd_info->dword1 = rtw89_build_txwd_info1(desc_info);
1202 	txwd_info->dword2 = rtw89_build_txwd_info2(desc_info);
1203 	txwd_info->dword4 = rtw89_build_txwd_info4(desc_info);
1204 
1205 }
1206 EXPORT_SYMBOL(rtw89_core_fill_txdesc);
1207 
1208 void rtw89_core_fill_txdesc_v1(struct rtw89_dev *rtwdev,
1209 			       struct rtw89_tx_desc_info *desc_info,
1210 			       void *txdesc)
1211 {
1212 	struct rtw89_txwd_body_v1 *txwd_body = (struct rtw89_txwd_body_v1 *)txdesc;
1213 	struct rtw89_txwd_info *txwd_info;
1214 
1215 	txwd_body->dword0 = rtw89_build_txwd_body0_v1(desc_info);
1216 	txwd_body->dword1 = rtw89_build_txwd_body1_v1(desc_info);
1217 	txwd_body->dword2 = rtw89_build_txwd_body2(desc_info);
1218 	txwd_body->dword3 = rtw89_build_txwd_body3(desc_info);
1219 	if (desc_info->sec_en) {
1220 		txwd_body->dword4 = rtw89_build_txwd_body4(desc_info);
1221 		txwd_body->dword5 = rtw89_build_txwd_body5(desc_info);
1222 	}
1223 	txwd_body->dword7 = rtw89_build_txwd_body7_v1(desc_info);
1224 
1225 	if (!desc_info->en_wd_info)
1226 		return;
1227 
1228 	txwd_info = (struct rtw89_txwd_info *)(txwd_body + 1);
1229 	txwd_info->dword0 = rtw89_build_txwd_info0_v1(desc_info);
1230 	txwd_info->dword1 = rtw89_build_txwd_info1(desc_info);
1231 	txwd_info->dword2 = rtw89_build_txwd_info2_v1(desc_info);
1232 	txwd_info->dword4 = rtw89_build_txwd_info4(desc_info);
1233 }
1234 EXPORT_SYMBOL(rtw89_core_fill_txdesc_v1);
1235 
1236 static __le32 rtw89_build_txwd_body0_v2(struct rtw89_tx_desc_info *desc_info)
1237 {
1238 	u32 dword = FIELD_PREP(BE_TXD_BODY0_WP_OFFSET_V1, desc_info->wp_offset) |
1239 		    FIELD_PREP(BE_TXD_BODY0_WDINFO_EN, desc_info->en_wd_info) |
1240 		    FIELD_PREP(BE_TXD_BODY0_CH_DMA, desc_info->ch_dma) |
1241 		    FIELD_PREP(BE_TXD_BODY0_HDR_LLC_LEN, desc_info->hdr_llc_len) |
1242 		    FIELD_PREP(BE_TXD_BODY0_WD_PAGE, desc_info->wd_page);
1243 
1244 	return cpu_to_le32(dword);
1245 }
1246 
1247 static __le32 rtw89_build_txwd_body1_v2(struct rtw89_tx_desc_info *desc_info)
1248 {
1249 	u32 dword = FIELD_PREP(BE_TXD_BODY1_ADDR_INFO_NUM, desc_info->addr_info_nr) |
1250 		    FIELD_PREP(BE_TXD_BODY1_SEC_KEYID, desc_info->sec_keyid) |
1251 		    FIELD_PREP(BE_TXD_BODY1_SEC_TYPE, desc_info->sec_type);
1252 
1253 	return cpu_to_le32(dword);
1254 }
1255 
1256 static __le32 rtw89_build_txwd_body2_v2(struct rtw89_tx_desc_info *desc_info)
1257 {
1258 	u32 dword = FIELD_PREP(BE_TXD_BODY2_TID_IND, desc_info->tid_indicate) |
1259 		    FIELD_PREP(BE_TXD_BODY2_QSEL, desc_info->qsel) |
1260 		    FIELD_PREP(BE_TXD_BODY2_TXPKTSIZE, desc_info->pkt_size) |
1261 		    FIELD_PREP(BE_TXD_BODY2_AGG_EN, desc_info->agg_en) |
1262 		    FIELD_PREP(BE_TXD_BODY2_BK, desc_info->bk) |
1263 		    FIELD_PREP(BE_TXD_BODY2_MACID, desc_info->mac_id);
1264 
1265 	return cpu_to_le32(dword);
1266 }
1267 
1268 static __le32 rtw89_build_txwd_body3_v2(struct rtw89_tx_desc_info *desc_info)
1269 {
1270 	u32 dword = FIELD_PREP(BE_TXD_BODY3_WIFI_SEQ, desc_info->seq);
1271 
1272 	return cpu_to_le32(dword);
1273 }
1274 
1275 static __le32 rtw89_build_txwd_body4_v2(struct rtw89_tx_desc_info *desc_info)
1276 {
1277 	u32 dword = FIELD_PREP(BE_TXD_BODY4_SEC_IV_L0, desc_info->sec_seq[0]) |
1278 		    FIELD_PREP(BE_TXD_BODY4_SEC_IV_L1, desc_info->sec_seq[1]);
1279 
1280 	return cpu_to_le32(dword);
1281 }
1282 
1283 static __le32 rtw89_build_txwd_body5_v2(struct rtw89_tx_desc_info *desc_info)
1284 {
1285 	u32 dword = FIELD_PREP(BE_TXD_BODY5_SEC_IV_H2, desc_info->sec_seq[2]) |
1286 		    FIELD_PREP(BE_TXD_BODY5_SEC_IV_H3, desc_info->sec_seq[3]) |
1287 		    FIELD_PREP(BE_TXD_BODY5_SEC_IV_H4, desc_info->sec_seq[4]) |
1288 		    FIELD_PREP(BE_TXD_BODY5_SEC_IV_H5, desc_info->sec_seq[5]);
1289 
1290 	return cpu_to_le32(dword);
1291 }
1292 
1293 static __le32 rtw89_build_txwd_body7_v2(struct rtw89_tx_desc_info *desc_info)
1294 {
1295 	u32 dword = FIELD_PREP(BE_TXD_BODY7_USERATE_SEL, desc_info->use_rate) |
1296 		    FIELD_PREP(BE_TXD_BODY7_DATA_ER, desc_info->er_cap) |
1297 		    FIELD_PREP(BE_TXD_BODY7_DATA_BW_ER, 0) |
1298 		    FIELD_PREP(BE_TXD_BODY7_DATARATE, desc_info->data_rate);
1299 
1300 	return cpu_to_le32(dword);
1301 }
1302 
1303 static __le32 rtw89_build_txwd_info0_v2(struct rtw89_tx_desc_info *desc_info)
1304 {
1305 	u32 dword = FIELD_PREP(BE_TXD_INFO0_DISDATAFB, desc_info->dis_data_fb) |
1306 		    FIELD_PREP(BE_TXD_INFO0_MULTIPORT_ID, desc_info->port);
1307 
1308 	return cpu_to_le32(dword);
1309 }
1310 
1311 static __le32 rtw89_build_txwd_info1_v2(struct rtw89_tx_desc_info *desc_info)
1312 {
1313 	u32 dword = FIELD_PREP(BE_TXD_INFO1_MAX_AGG_NUM, desc_info->ampdu_num) |
1314 		    FIELD_PREP(BE_TXD_INFO1_A_CTRL_BSR, desc_info->a_ctrl_bsr) |
1315 		    FIELD_PREP(BE_TXD_INFO1_DATA_RTY_LOWEST_RATE,
1316 			       desc_info->data_retry_lowest_rate);
1317 
1318 	return cpu_to_le32(dword);
1319 }
1320 
1321 static __le32 rtw89_build_txwd_info2_v2(struct rtw89_tx_desc_info *desc_info)
1322 {
1323 	u32 dword = FIELD_PREP(BE_TXD_INFO2_AMPDU_DENSITY, desc_info->ampdu_density) |
1324 		    FIELD_PREP(BE_TXD_INFO2_FORCE_KEY_EN, desc_info->sec_en) |
1325 		    FIELD_PREP(BE_TXD_INFO2_SEC_CAM_IDX, desc_info->sec_cam_idx);
1326 
1327 	return cpu_to_le32(dword);
1328 }
1329 
1330 static __le32 rtw89_build_txwd_info4_v2(struct rtw89_tx_desc_info *desc_info)
1331 {
1332 	u32 dword = FIELD_PREP(BE_TXD_INFO4_RTS_EN, 1) |
1333 		    FIELD_PREP(BE_TXD_INFO4_HW_RTS_EN, 1);
1334 
1335 	return cpu_to_le32(dword);
1336 }
1337 
1338 void rtw89_core_fill_txdesc_v2(struct rtw89_dev *rtwdev,
1339 			       struct rtw89_tx_desc_info *desc_info,
1340 			       void *txdesc)
1341 {
1342 	struct rtw89_txwd_body_v2 *txwd_body = txdesc;
1343 	struct rtw89_txwd_info_v2 *txwd_info;
1344 
1345 	txwd_body->dword0 = rtw89_build_txwd_body0_v2(desc_info);
1346 	txwd_body->dword1 = rtw89_build_txwd_body1_v2(desc_info);
1347 	txwd_body->dword2 = rtw89_build_txwd_body2_v2(desc_info);
1348 	txwd_body->dword3 = rtw89_build_txwd_body3_v2(desc_info);
1349 	if (desc_info->sec_en) {
1350 		txwd_body->dword4 = rtw89_build_txwd_body4_v2(desc_info);
1351 		txwd_body->dword5 = rtw89_build_txwd_body5_v2(desc_info);
1352 	}
1353 	txwd_body->dword7 = rtw89_build_txwd_body7_v2(desc_info);
1354 
1355 	if (!desc_info->en_wd_info)
1356 		return;
1357 
1358 	txwd_info = (struct rtw89_txwd_info_v2 *)(txwd_body + 1);
1359 	txwd_info->dword0 = rtw89_build_txwd_info0_v2(desc_info);
1360 	txwd_info->dword1 = rtw89_build_txwd_info1_v2(desc_info);
1361 	txwd_info->dword2 = rtw89_build_txwd_info2_v2(desc_info);
1362 	txwd_info->dword4 = rtw89_build_txwd_info4_v2(desc_info);
1363 }
1364 EXPORT_SYMBOL(rtw89_core_fill_txdesc_v2);
1365 
1366 static __le32 rtw89_build_txwd_fwcmd0_v1(struct rtw89_tx_desc_info *desc_info)
1367 {
1368 	u32 dword = FIELD_PREP(AX_RXD_RPKT_LEN_MASK, desc_info->pkt_size) |
1369 		    FIELD_PREP(AX_RXD_RPKT_TYPE_MASK, desc_info->fw_dl ?
1370 						      RTW89_CORE_RX_TYPE_FWDL :
1371 						      RTW89_CORE_RX_TYPE_H2C);
1372 
1373 	return cpu_to_le32(dword);
1374 }
1375 
1376 void rtw89_core_fill_txdesc_fwcmd_v1(struct rtw89_dev *rtwdev,
1377 				     struct rtw89_tx_desc_info *desc_info,
1378 				     void *txdesc)
1379 {
1380 	struct rtw89_rxdesc_short *txwd_v1 = (struct rtw89_rxdesc_short *)txdesc;
1381 
1382 	txwd_v1->dword0 = rtw89_build_txwd_fwcmd0_v1(desc_info);
1383 }
1384 EXPORT_SYMBOL(rtw89_core_fill_txdesc_fwcmd_v1);
1385 
1386 static __le32 rtw89_build_txwd_fwcmd0_v2(struct rtw89_tx_desc_info *desc_info)
1387 {
1388 	u32 dword = FIELD_PREP(BE_RXD_RPKT_LEN_MASK, desc_info->pkt_size) |
1389 		    FIELD_PREP(BE_RXD_RPKT_TYPE_MASK, desc_info->fw_dl ?
1390 						      RTW89_CORE_RX_TYPE_FWDL :
1391 						      RTW89_CORE_RX_TYPE_H2C);
1392 
1393 	return cpu_to_le32(dword);
1394 }
1395 
1396 void rtw89_core_fill_txdesc_fwcmd_v2(struct rtw89_dev *rtwdev,
1397 				     struct rtw89_tx_desc_info *desc_info,
1398 				     void *txdesc)
1399 {
1400 	struct rtw89_rxdesc_short_v2 *txwd_v2 = (struct rtw89_rxdesc_short_v2 *)txdesc;
1401 
1402 	txwd_v2->dword0 = rtw89_build_txwd_fwcmd0_v2(desc_info);
1403 }
1404 EXPORT_SYMBOL(rtw89_core_fill_txdesc_fwcmd_v2);
1405 
1406 static int rtw89_core_rx_process_mac_ppdu(struct rtw89_dev *rtwdev,
1407 					  struct sk_buff *skb,
1408 					  struct rtw89_rx_phy_ppdu *phy_ppdu)
1409 {
1410 	const struct rtw89_rxinfo *rxinfo = (const struct rtw89_rxinfo *)skb->data;
1411 	bool rx_cnt_valid = false;
1412 	u8 plcp_size = 0;
1413 	u8 usr_num = 0;
1414 	u8 *phy_sts;
1415 
1416 	rx_cnt_valid = le32_get_bits(rxinfo->w0, RTW89_RXINFO_W0_RX_CNT_VLD);
1417 	plcp_size = le32_get_bits(rxinfo->w1, RTW89_RXINFO_W1_PLCP_LEN) << 3;
1418 	usr_num = le32_get_bits(rxinfo->w0, RTW89_RXINFO_W0_USR_NUM);
1419 	if (usr_num > RTW89_PPDU_MAX_USR) {
1420 		rtw89_warn(rtwdev, "Invalid user number in mac info\n");
1421 		return -EINVAL;
1422 	}
1423 
1424 	phy_sts = skb->data + RTW89_PPDU_MAC_INFO_SIZE;
1425 	phy_sts += usr_num * RTW89_PPDU_MAC_INFO_USR_SIZE;
1426 	/* 8-byte alignment */
1427 	if (usr_num & BIT(0))
1428 		phy_sts += RTW89_PPDU_MAC_INFO_USR_SIZE;
1429 	if (rx_cnt_valid)
1430 		phy_sts += RTW89_PPDU_MAC_RX_CNT_SIZE;
1431 	phy_sts += plcp_size;
1432 
1433 	phy_ppdu->buf = phy_sts;
1434 	phy_ppdu->len = skb->data + skb->len - phy_sts;
1435 
1436 	return 0;
1437 }
1438 
1439 static void rtw89_core_rx_process_phy_ppdu_iter(void *data,
1440 						struct ieee80211_sta *sta)
1441 {
1442 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
1443 	struct rtw89_rx_phy_ppdu *phy_ppdu = (struct rtw89_rx_phy_ppdu *)data;
1444 	struct rtw89_dev *rtwdev = rtwsta->rtwdev;
1445 	struct rtw89_hal *hal = &rtwdev->hal;
1446 	u8 ant_num = hal->ant_diversity ? 2 : rtwdev->chip->rf_path_num;
1447 	u8 ant_pos = U8_MAX;
1448 	u8 evm_pos = 0;
1449 	int i;
1450 
1451 	if (rtwsta->mac_id != phy_ppdu->mac_id || !phy_ppdu->to_self)
1452 		return;
1453 
1454 	if (hal->ant_diversity && hal->antenna_rx) {
1455 		ant_pos = __ffs(hal->antenna_rx);
1456 		evm_pos = ant_pos;
1457 	}
1458 
1459 	ewma_rssi_add(&rtwsta->avg_rssi, phy_ppdu->rssi_avg);
1460 
1461 	if (ant_pos < ant_num) {
1462 		ewma_rssi_add(&rtwsta->rssi[ant_pos], phy_ppdu->rssi[0]);
1463 	} else {
1464 		for (i = 0; i < rtwdev->chip->rf_path_num; i++)
1465 			ewma_rssi_add(&rtwsta->rssi[i], phy_ppdu->rssi[i]);
1466 	}
1467 
1468 	if (phy_ppdu->ofdm.has) {
1469 		ewma_snr_add(&rtwsta->avg_snr, phy_ppdu->ofdm.avg_snr);
1470 		ewma_evm_add(&rtwsta->evm_min[evm_pos], phy_ppdu->ofdm.evm_min);
1471 		ewma_evm_add(&rtwsta->evm_max[evm_pos], phy_ppdu->ofdm.evm_max);
1472 	}
1473 }
1474 
1475 #define VAR_LEN 0xff
1476 #define VAR_LEN_UNIT 8
1477 static u16 rtw89_core_get_phy_status_ie_len(struct rtw89_dev *rtwdev,
1478 					    const struct rtw89_phy_sts_iehdr *iehdr)
1479 {
1480 	static const u8 physts_ie_len_tab[32] = {
1481 		16, 32, 24, 24, 8, 8, 8, 8, VAR_LEN, 8, VAR_LEN, 176, VAR_LEN,
1482 		VAR_LEN, VAR_LEN, VAR_LEN, VAR_LEN, VAR_LEN, 16, 24, VAR_LEN,
1483 		VAR_LEN, VAR_LEN, 0, 24, 24, 24, 24, 32, 32, 32, 32
1484 	};
1485 	u16 ie_len;
1486 	u8 ie;
1487 
1488 	ie = le32_get_bits(iehdr->w0, RTW89_PHY_STS_IEHDR_TYPE);
1489 	if (physts_ie_len_tab[ie] != VAR_LEN)
1490 		ie_len = physts_ie_len_tab[ie];
1491 	else
1492 		ie_len = le32_get_bits(iehdr->w0, RTW89_PHY_STS_IEHDR_LEN) * VAR_LEN_UNIT;
1493 
1494 	return ie_len;
1495 }
1496 
1497 static void rtw89_core_parse_phy_status_ie01(struct rtw89_dev *rtwdev,
1498 					     const struct rtw89_phy_sts_iehdr *iehdr,
1499 					     struct rtw89_rx_phy_ppdu *phy_ppdu)
1500 {
1501 	const struct rtw89_phy_sts_ie0 *ie = (const struct rtw89_phy_sts_ie0 *)iehdr;
1502 	s16 cfo;
1503 	u32 t;
1504 
1505 	phy_ppdu->chan_idx = le32_get_bits(ie->w0, RTW89_PHY_STS_IE01_W0_CH_IDX);
1506 	if (phy_ppdu->rate < RTW89_HW_RATE_OFDM6)
1507 		return;
1508 
1509 	if (!phy_ppdu->to_self)
1510 		return;
1511 
1512 	phy_ppdu->ofdm.avg_snr = le32_get_bits(ie->w2, RTW89_PHY_STS_IE01_W2_AVG_SNR);
1513 	phy_ppdu->ofdm.evm_max = le32_get_bits(ie->w2, RTW89_PHY_STS_IE01_W2_EVM_MAX);
1514 	phy_ppdu->ofdm.evm_min = le32_get_bits(ie->w2, RTW89_PHY_STS_IE01_W2_EVM_MIN);
1515 	phy_ppdu->ofdm.has = true;
1516 
1517 	/* sign conversion for S(12,2) */
1518 	if (rtwdev->chip->cfo_src_fd) {
1519 		t = le32_get_bits(ie->w1, RTW89_PHY_STS_IE01_W1_FD_CFO);
1520 		cfo = sign_extend32(t, 11);
1521 	} else {
1522 		t = le32_get_bits(ie->w1, RTW89_PHY_STS_IE01_W1_PREMB_CFO);
1523 		cfo = sign_extend32(t, 11);
1524 	}
1525 
1526 	rtw89_phy_cfo_parse(rtwdev, cfo, phy_ppdu);
1527 }
1528 
1529 static int rtw89_core_process_phy_status_ie(struct rtw89_dev *rtwdev,
1530 					    const struct rtw89_phy_sts_iehdr *iehdr,
1531 					    struct rtw89_rx_phy_ppdu *phy_ppdu)
1532 {
1533 	u8 ie;
1534 
1535 	ie = le32_get_bits(iehdr->w0, RTW89_PHY_STS_IEHDR_TYPE);
1536 
1537 	switch (ie) {
1538 	case RTW89_PHYSTS_IE01_CMN_OFDM:
1539 		rtw89_core_parse_phy_status_ie01(rtwdev, iehdr, phy_ppdu);
1540 		break;
1541 	default:
1542 		break;
1543 	}
1544 
1545 	return 0;
1546 }
1547 
1548 static void rtw89_core_update_phy_ppdu(struct rtw89_rx_phy_ppdu *phy_ppdu)
1549 {
1550 	const struct rtw89_phy_sts_hdr *hdr = phy_ppdu->buf;
1551 	u8 *rssi = phy_ppdu->rssi;
1552 
1553 	phy_ppdu->ie = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_W0_IE_MAP);
1554 	phy_ppdu->rssi_avg = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_W0_RSSI_AVG);
1555 	rssi[RF_PATH_A] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_A);
1556 	rssi[RF_PATH_B] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_B);
1557 	rssi[RF_PATH_C] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_C);
1558 	rssi[RF_PATH_D] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_D);
1559 }
1560 
1561 static int rtw89_core_rx_process_phy_ppdu(struct rtw89_dev *rtwdev,
1562 					  struct rtw89_rx_phy_ppdu *phy_ppdu)
1563 {
1564 	const struct rtw89_phy_sts_hdr *hdr = phy_ppdu->buf;
1565 	u32 len_from_header;
1566 
1567 	len_from_header = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_W0_LEN) << 3;
1568 
1569 	if (len_from_header != phy_ppdu->len) {
1570 		rtw89_debug(rtwdev, RTW89_DBG_UNEXP, "phy ppdu len mismatch\n");
1571 		return -EINVAL;
1572 	}
1573 	rtw89_core_update_phy_ppdu(phy_ppdu);
1574 
1575 	return 0;
1576 }
1577 
1578 static int rtw89_core_rx_parse_phy_sts(struct rtw89_dev *rtwdev,
1579 				       struct rtw89_rx_phy_ppdu *phy_ppdu)
1580 {
1581 	u16 ie_len;
1582 	void *pos, *end;
1583 
1584 	/* mark invalid reports and bypass them */
1585 	if (phy_ppdu->ie < RTW89_CCK_PKT)
1586 		return -EINVAL;
1587 
1588 	pos = phy_ppdu->buf + PHY_STS_HDR_LEN;
1589 	end = phy_ppdu->buf + phy_ppdu->len;
1590 	while (pos < end) {
1591 		const struct rtw89_phy_sts_iehdr *iehdr = pos;
1592 
1593 		ie_len = rtw89_core_get_phy_status_ie_len(rtwdev, iehdr);
1594 		rtw89_core_process_phy_status_ie(rtwdev, iehdr, phy_ppdu);
1595 		pos += ie_len;
1596 		if (pos > end || ie_len == 0) {
1597 			rtw89_debug(rtwdev, RTW89_DBG_TXRX,
1598 				    "phy status parse failed\n");
1599 			return -EINVAL;
1600 		}
1601 	}
1602 
1603 	rtw89_phy_antdiv_parse(rtwdev, phy_ppdu);
1604 
1605 	return 0;
1606 }
1607 
1608 static void rtw89_core_rx_process_phy_sts(struct rtw89_dev *rtwdev,
1609 					  struct rtw89_rx_phy_ppdu *phy_ppdu)
1610 {
1611 	int ret;
1612 
1613 	ret = rtw89_core_rx_parse_phy_sts(rtwdev, phy_ppdu);
1614 	if (ret)
1615 		rtw89_debug(rtwdev, RTW89_DBG_TXRX, "parse phy sts failed\n");
1616 	else
1617 		phy_ppdu->valid = true;
1618 
1619 	ieee80211_iterate_stations_atomic(rtwdev->hw,
1620 					  rtw89_core_rx_process_phy_ppdu_iter,
1621 					  phy_ppdu);
1622 }
1623 
1624 static u8 rtw89_rxdesc_to_nl_he_eht_gi(struct rtw89_dev *rtwdev,
1625 				       u8 desc_info_gi,
1626 				       bool rx_status, bool eht)
1627 {
1628 	switch (desc_info_gi) {
1629 	case RTW89_GILTF_SGI_4XHE08:
1630 	case RTW89_GILTF_2XHE08:
1631 	case RTW89_GILTF_1XHE08:
1632 		return eht ? NL80211_RATE_INFO_EHT_GI_0_8 :
1633 			     NL80211_RATE_INFO_HE_GI_0_8;
1634 	case RTW89_GILTF_2XHE16:
1635 	case RTW89_GILTF_1XHE16:
1636 		return eht ? NL80211_RATE_INFO_EHT_GI_1_6 :
1637 			     NL80211_RATE_INFO_HE_GI_1_6;
1638 	case RTW89_GILTF_LGI_4XHE32:
1639 		return eht ? NL80211_RATE_INFO_EHT_GI_3_2 :
1640 			     NL80211_RATE_INFO_HE_GI_3_2;
1641 	default:
1642 		rtw89_warn(rtwdev, "invalid gi_ltf=%d", desc_info_gi);
1643 		if (rx_status)
1644 			return eht ? NL80211_RATE_INFO_EHT_GI_3_2 :
1645 				     NL80211_RATE_INFO_HE_GI_3_2;
1646 		return U8_MAX;
1647 	}
1648 }
1649 
1650 static
1651 bool rtw89_check_rx_statu_gi_match(struct ieee80211_rx_status *status, u8 gi_ltf,
1652 				   bool eht)
1653 {
1654 	if (eht)
1655 		return status->eht.gi == gi_ltf;
1656 
1657 	return status->he_gi == gi_ltf;
1658 }
1659 
1660 static bool rtw89_core_rx_ppdu_match(struct rtw89_dev *rtwdev,
1661 				     struct rtw89_rx_desc_info *desc_info,
1662 				     struct ieee80211_rx_status *status)
1663 {
1664 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
1665 	u8 data_rate_mode, bw, rate_idx = MASKBYTE0, gi_ltf;
1666 	bool eht = false;
1667 	u16 data_rate;
1668 	bool ret;
1669 
1670 	data_rate = desc_info->data_rate;
1671 	data_rate_mode = rtw89_get_data_rate_mode(rtwdev, data_rate);
1672 	if (data_rate_mode == DATA_RATE_MODE_NON_HT) {
1673 		rate_idx = rtw89_get_data_not_ht_idx(rtwdev, data_rate);
1674 		/* rate_idx is still hardware value here */
1675 	} else if (data_rate_mode == DATA_RATE_MODE_HT) {
1676 		rate_idx = rtw89_get_data_ht_mcs(rtwdev, data_rate);
1677 	} else if (data_rate_mode == DATA_RATE_MODE_VHT ||
1678 		   data_rate_mode == DATA_RATE_MODE_HE ||
1679 		   data_rate_mode == DATA_RATE_MODE_EHT) {
1680 		rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
1681 	} else {
1682 		rtw89_warn(rtwdev, "invalid RX rate mode %d\n", data_rate_mode);
1683 	}
1684 
1685 	eht = data_rate_mode == DATA_RATE_MODE_EHT;
1686 	bw = rtw89_hw_to_rate_info_bw(desc_info->bw);
1687 	gi_ltf = rtw89_rxdesc_to_nl_he_eht_gi(rtwdev, desc_info->gi_ltf, false, eht);
1688 	ret = rtwdev->ppdu_sts.curr_rx_ppdu_cnt[band] == desc_info->ppdu_cnt &&
1689 	      status->rate_idx == rate_idx &&
1690 	      rtw89_check_rx_statu_gi_match(status, gi_ltf, eht) &&
1691 	      status->bw == bw;
1692 
1693 	return ret;
1694 }
1695 
1696 struct rtw89_vif_rx_stats_iter_data {
1697 	struct rtw89_dev *rtwdev;
1698 	struct rtw89_rx_phy_ppdu *phy_ppdu;
1699 	struct rtw89_rx_desc_info *desc_info;
1700 	struct sk_buff *skb;
1701 	const u8 *bssid;
1702 };
1703 
1704 static void rtw89_stats_trigger_frame(struct rtw89_dev *rtwdev,
1705 				      struct ieee80211_vif *vif,
1706 				      struct sk_buff *skb)
1707 {
1708 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
1709 	struct ieee80211_trigger *tf = (struct ieee80211_trigger *)skb->data;
1710 	u8 *pos, *end, type, tf_bw;
1711 	u16 aid, tf_rua;
1712 
1713 	if (!ether_addr_equal(vif->bss_conf.bssid, tf->ta) ||
1714 	    rtwvif->wifi_role != RTW89_WIFI_ROLE_STATION ||
1715 	    rtwvif->net_type == RTW89_NET_TYPE_NO_LINK)
1716 		return;
1717 
1718 	type = le64_get_bits(tf->common_info, IEEE80211_TRIGGER_TYPE_MASK);
1719 	if (type != IEEE80211_TRIGGER_TYPE_BASIC && type != IEEE80211_TRIGGER_TYPE_MU_BAR)
1720 		return;
1721 
1722 	end = (u8 *)tf + skb->len;
1723 	pos = tf->variable;
1724 
1725 	while (end - pos >= RTW89_TF_BASIC_USER_INFO_SZ) {
1726 		aid = RTW89_GET_TF_USER_INFO_AID12(pos);
1727 		tf_rua = RTW89_GET_TF_USER_INFO_RUA(pos);
1728 		tf_bw = le64_get_bits(tf->common_info, IEEE80211_TRIGGER_ULBW_MASK);
1729 		rtw89_debug(rtwdev, RTW89_DBG_TXRX,
1730 			    "[TF] aid: %d, ul_mcs: %d, rua: %d, bw: %d\n",
1731 			    aid, RTW89_GET_TF_USER_INFO_UL_MCS(pos),
1732 			    tf_rua, tf_bw);
1733 
1734 		if (aid == RTW89_TF_PAD)
1735 			break;
1736 
1737 		if (aid == vif->cfg.aid) {
1738 			enum nl80211_he_ru_alloc rua = rtw89_he_rua_to_ru_alloc(tf_rua >> 1);
1739 
1740 			rtwvif->stats.rx_tf_acc++;
1741 			rtwdev->stats.rx_tf_acc++;
1742 			if (tf_bw == IEEE80211_TRIGGER_ULBW_160_80P80MHZ &&
1743 			    rua <= NL80211_RATE_INFO_HE_RU_ALLOC_106)
1744 				rtwvif->pwr_diff_en = true;
1745 			break;
1746 		}
1747 
1748 		pos += RTW89_TF_BASIC_USER_INFO_SZ;
1749 	}
1750 }
1751 
1752 static void rtw89_cancel_6ghz_probe_work(struct work_struct *work)
1753 {
1754 	struct rtw89_dev *rtwdev = container_of(work, struct rtw89_dev,
1755 						cancel_6ghz_probe_work);
1756 	struct list_head *pkt_list = rtwdev->scan_info.pkt_list;
1757 	struct rtw89_pktofld_info *info;
1758 
1759 	mutex_lock(&rtwdev->mutex);
1760 
1761 	if (!rtwdev->scanning)
1762 		goto out;
1763 
1764 	list_for_each_entry(info, &pkt_list[NL80211_BAND_6GHZ], list) {
1765 		if (!info->cancel || !test_bit(info->id, rtwdev->pkt_offload))
1766 			continue;
1767 
1768 		rtw89_fw_h2c_del_pkt_offload(rtwdev, info->id);
1769 
1770 		/* Don't delete/free info from pkt_list at this moment. Let it
1771 		 * be deleted/freed in rtw89_release_pkt_list() after scanning,
1772 		 * since if during scanning, pkt_list is accessed in bottom half.
1773 		 */
1774 	}
1775 
1776 out:
1777 	mutex_unlock(&rtwdev->mutex);
1778 }
1779 
1780 static void rtw89_core_cancel_6ghz_probe_tx(struct rtw89_dev *rtwdev,
1781 					    struct sk_buff *skb)
1782 {
1783 	struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
1784 	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
1785 	struct list_head *pkt_list = rtwdev->scan_info.pkt_list;
1786 	struct rtw89_pktofld_info *info;
1787 	const u8 *ies = mgmt->u.beacon.variable, *ssid_ie;
1788 	bool queue_work = false;
1789 
1790 	if (rx_status->band != NL80211_BAND_6GHZ)
1791 		return;
1792 
1793 	ssid_ie = cfg80211_find_ie(WLAN_EID_SSID, ies, skb->len);
1794 
1795 	list_for_each_entry(info, &pkt_list[NL80211_BAND_6GHZ], list) {
1796 		if (ether_addr_equal(info->bssid, mgmt->bssid)) {
1797 			info->cancel = true;
1798 			queue_work = true;
1799 			continue;
1800 		}
1801 
1802 		if (!ssid_ie || ssid_ie[1] != info->ssid_len || info->ssid_len == 0)
1803 			continue;
1804 
1805 		if (memcmp(&ssid_ie[2], info->ssid, info->ssid_len) == 0) {
1806 			info->cancel = true;
1807 			queue_work = true;
1808 		}
1809 	}
1810 
1811 	if (queue_work)
1812 		ieee80211_queue_work(rtwdev->hw, &rtwdev->cancel_6ghz_probe_work);
1813 }
1814 
1815 static void rtw89_vif_rx_stats_iter(void *data, u8 *mac,
1816 				    struct ieee80211_vif *vif)
1817 {
1818 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
1819 	struct rtw89_vif_rx_stats_iter_data *iter_data = data;
1820 	struct rtw89_dev *rtwdev = iter_data->rtwdev;
1821 	struct rtw89_pkt_stat *pkt_stat = &rtwdev->phystat.cur_pkt_stat;
1822 	struct rtw89_rx_desc_info *desc_info = iter_data->desc_info;
1823 	struct sk_buff *skb = iter_data->skb;
1824 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1825 	struct rtw89_rx_phy_ppdu *phy_ppdu = iter_data->phy_ppdu;
1826 	const u8 *bssid = iter_data->bssid;
1827 
1828 	if (rtwdev->scanning &&
1829 	    (ieee80211_is_beacon(hdr->frame_control) ||
1830 	     ieee80211_is_probe_resp(hdr->frame_control)))
1831 		rtw89_core_cancel_6ghz_probe_tx(rtwdev, skb);
1832 
1833 	if (!vif->bss_conf.bssid)
1834 		return;
1835 
1836 	if (ieee80211_is_trigger(hdr->frame_control)) {
1837 		rtw89_stats_trigger_frame(rtwdev, vif, skb);
1838 		return;
1839 	}
1840 
1841 	if (!ether_addr_equal(vif->bss_conf.bssid, bssid))
1842 		return;
1843 
1844 	if (ieee80211_is_beacon(hdr->frame_control)) {
1845 		if (vif->type == NL80211_IFTYPE_STATION)
1846 			rtw89_fw_h2c_rssi_offload(rtwdev, phy_ppdu);
1847 		pkt_stat->beacon_nr++;
1848 	}
1849 
1850 	if (!ether_addr_equal(vif->addr, hdr->addr1))
1851 		return;
1852 
1853 	if (desc_info->data_rate < RTW89_HW_RATE_NR)
1854 		pkt_stat->rx_rate_cnt[desc_info->data_rate]++;
1855 
1856 	rtw89_traffic_stats_accu(rtwdev, &rtwvif->stats, skb, false);
1857 }
1858 
1859 static void rtw89_core_rx_stats(struct rtw89_dev *rtwdev,
1860 				struct rtw89_rx_phy_ppdu *phy_ppdu,
1861 				struct rtw89_rx_desc_info *desc_info,
1862 				struct sk_buff *skb)
1863 {
1864 	struct rtw89_vif_rx_stats_iter_data iter_data;
1865 
1866 	rtw89_traffic_stats_accu(rtwdev, &rtwdev->stats, skb, false);
1867 
1868 	iter_data.rtwdev = rtwdev;
1869 	iter_data.phy_ppdu = phy_ppdu;
1870 	iter_data.desc_info = desc_info;
1871 	iter_data.skb = skb;
1872 	iter_data.bssid = get_hdr_bssid((struct ieee80211_hdr *)skb->data);
1873 	rtw89_iterate_vifs_bh(rtwdev, rtw89_vif_rx_stats_iter, &iter_data);
1874 }
1875 
1876 static void rtw89_correct_cck_chan(struct rtw89_dev *rtwdev,
1877 				   struct ieee80211_rx_status *status)
1878 {
1879 	const struct rtw89_chan_rcd *rcd =
1880 		rtw89_chan_rcd_get(rtwdev, RTW89_SUB_ENTITY_0);
1881 	u16 chan = rcd->prev_primary_channel;
1882 	u8 band = rtw89_hw_to_nl80211_band(rcd->prev_band_type);
1883 
1884 	if (status->band != NL80211_BAND_2GHZ &&
1885 	    status->encoding == RX_ENC_LEGACY &&
1886 	    status->rate_idx < RTW89_HW_RATE_OFDM6) {
1887 		status->freq = ieee80211_channel_to_frequency(chan, band);
1888 		status->band = band;
1889 	}
1890 }
1891 
1892 static void rtw89_core_hw_to_sband_rate(struct ieee80211_rx_status *rx_status)
1893 {
1894 	if (rx_status->band == NL80211_BAND_2GHZ ||
1895 	    rx_status->encoding != RX_ENC_LEGACY)
1896 		return;
1897 
1898 	/* Some control frames' freq(ACKs in this case) are reported wrong due
1899 	 * to FW notify timing, set to lowest rate to prevent overflow.
1900 	 */
1901 	if (rx_status->rate_idx < RTW89_HW_RATE_OFDM6) {
1902 		rx_status->rate_idx = 0;
1903 		return;
1904 	}
1905 
1906 	/* No 4 CCK rates for non-2G */
1907 	rx_status->rate_idx -= 4;
1908 }
1909 
1910 static const u8 rx_status_bw_to_radiotap_eht_usig[] = {
1911 	[RATE_INFO_BW_20] = IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_20MHZ,
1912 	[RATE_INFO_BW_5] = U8_MAX,
1913 	[RATE_INFO_BW_10] = U8_MAX,
1914 	[RATE_INFO_BW_40] = IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_40MHZ,
1915 	[RATE_INFO_BW_80] = IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_80MHZ,
1916 	[RATE_INFO_BW_160] = IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_160MHZ,
1917 	[RATE_INFO_BW_HE_RU] = U8_MAX,
1918 	[RATE_INFO_BW_320] = IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_320MHZ_1,
1919 	[RATE_INFO_BW_EHT_RU] = U8_MAX,
1920 };
1921 
1922 static void rtw89_core_update_radiotap_eht(struct rtw89_dev *rtwdev,
1923 					   struct sk_buff *skb,
1924 					   struct ieee80211_rx_status *rx_status)
1925 {
1926 	struct ieee80211_radiotap_eht_usig *usig;
1927 	struct ieee80211_radiotap_eht *eht;
1928 	struct ieee80211_radiotap_tlv *tlv;
1929 	int eht_len = struct_size(eht, user_info, 1);
1930 	int usig_len = sizeof(*usig);
1931 	int len;
1932 	u8 bw;
1933 
1934 	len = sizeof(*tlv) + ALIGN(eht_len, 4) +
1935 	      sizeof(*tlv) + ALIGN(usig_len, 4);
1936 
1937 	rx_status->flag |= RX_FLAG_RADIOTAP_TLV_AT_END;
1938 	skb_reset_mac_header(skb);
1939 
1940 	/* EHT */
1941 	tlv = skb_push(skb, len);
1942 	memset(tlv, 0, len);
1943 	tlv->type = cpu_to_le16(IEEE80211_RADIOTAP_EHT);
1944 	tlv->len = cpu_to_le16(eht_len);
1945 
1946 	eht = (struct ieee80211_radiotap_eht *)tlv->data;
1947 	eht->known = cpu_to_le32(IEEE80211_RADIOTAP_EHT_KNOWN_GI);
1948 	eht->data[0] =
1949 		le32_encode_bits(rx_status->eht.gi, IEEE80211_RADIOTAP_EHT_DATA0_GI);
1950 
1951 	eht->user_info[0] =
1952 		cpu_to_le32(IEEE80211_RADIOTAP_EHT_USER_INFO_MCS_KNOWN |
1953 			    IEEE80211_RADIOTAP_EHT_USER_INFO_NSS_KNOWN_O);
1954 	eht->user_info[0] |=
1955 		le32_encode_bits(rx_status->rate_idx, IEEE80211_RADIOTAP_EHT_USER_INFO_MCS) |
1956 		le32_encode_bits(rx_status->nss, IEEE80211_RADIOTAP_EHT_USER_INFO_NSS_O);
1957 
1958 	/* U-SIG */
1959 	tlv = (void *)tlv + sizeof(*tlv) + ALIGN(eht_len, 4);
1960 	tlv->type = cpu_to_le16(IEEE80211_RADIOTAP_EHT_USIG);
1961 	tlv->len = cpu_to_le16(usig_len);
1962 
1963 	if (rx_status->bw >= ARRAY_SIZE(rx_status_bw_to_radiotap_eht_usig))
1964 		return;
1965 
1966 	bw = rx_status_bw_to_radiotap_eht_usig[rx_status->bw];
1967 	if (bw == U8_MAX)
1968 		return;
1969 
1970 	usig = (struct ieee80211_radiotap_eht_usig *)tlv->data;
1971 	usig->common =
1972 		le32_encode_bits(1, IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_KNOWN) |
1973 		le32_encode_bits(bw, IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW);
1974 }
1975 
1976 static void rtw89_core_update_radiotap(struct rtw89_dev *rtwdev,
1977 				       struct sk_buff *skb,
1978 				       struct ieee80211_rx_status *rx_status)
1979 {
1980 	static const struct ieee80211_radiotap_he known_he = {
1981 		.data1 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_DATA_MCS_KNOWN |
1982 				     IEEE80211_RADIOTAP_HE_DATA1_BW_RU_ALLOC_KNOWN),
1983 		.data2 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA2_GI_KNOWN),
1984 	};
1985 	struct ieee80211_radiotap_he *he;
1986 
1987 	if (!(rtwdev->hw->conf.flags & IEEE80211_CONF_MONITOR))
1988 		return;
1989 
1990 	if (rx_status->encoding == RX_ENC_HE) {
1991 		rx_status->flag |= RX_FLAG_RADIOTAP_HE;
1992 		he = skb_push(skb, sizeof(*he));
1993 		*he = known_he;
1994 	} else if (rx_status->encoding == RX_ENC_EHT) {
1995 		rtw89_core_update_radiotap_eht(rtwdev, skb, rx_status);
1996 	}
1997 }
1998 
1999 static void rtw89_core_rx_to_mac80211(struct rtw89_dev *rtwdev,
2000 				      struct rtw89_rx_phy_ppdu *phy_ppdu,
2001 				      struct rtw89_rx_desc_info *desc_info,
2002 				      struct sk_buff *skb_ppdu,
2003 				      struct ieee80211_rx_status *rx_status)
2004 {
2005 	struct napi_struct *napi = &rtwdev->napi;
2006 
2007 	/* In low power mode, napi isn't scheduled. Receive it to netif. */
2008 	if (unlikely(!napi_is_scheduled(napi)))
2009 		napi = NULL;
2010 
2011 	rtw89_core_hw_to_sband_rate(rx_status);
2012 	rtw89_core_rx_stats(rtwdev, phy_ppdu, desc_info, skb_ppdu);
2013 	rtw89_core_update_radiotap(rtwdev, skb_ppdu, rx_status);
2014 	/* In low power mode, it does RX in thread context. */
2015 	local_bh_disable();
2016 	ieee80211_rx_napi(rtwdev->hw, NULL, skb_ppdu, napi);
2017 	local_bh_enable();
2018 	rtwdev->napi_budget_countdown--;
2019 }
2020 
2021 static void rtw89_core_rx_pending_skb(struct rtw89_dev *rtwdev,
2022 				      struct rtw89_rx_phy_ppdu *phy_ppdu,
2023 				      struct rtw89_rx_desc_info *desc_info,
2024 				      struct sk_buff *skb)
2025 {
2026 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
2027 	int curr = rtwdev->ppdu_sts.curr_rx_ppdu_cnt[band];
2028 	struct sk_buff *skb_ppdu = NULL, *tmp;
2029 	struct ieee80211_rx_status *rx_status;
2030 
2031 	if (curr > RTW89_MAX_PPDU_CNT)
2032 		return;
2033 
2034 	skb_queue_walk_safe(&rtwdev->ppdu_sts.rx_queue[band], skb_ppdu, tmp) {
2035 		skb_unlink(skb_ppdu, &rtwdev->ppdu_sts.rx_queue[band]);
2036 		rx_status = IEEE80211_SKB_RXCB(skb_ppdu);
2037 		if (rtw89_core_rx_ppdu_match(rtwdev, desc_info, rx_status))
2038 			rtw89_chip_query_ppdu(rtwdev, phy_ppdu, rx_status);
2039 		rtw89_correct_cck_chan(rtwdev, rx_status);
2040 		rtw89_core_rx_to_mac80211(rtwdev, phy_ppdu, desc_info, skb_ppdu, rx_status);
2041 	}
2042 }
2043 
2044 static void rtw89_core_rx_process_ppdu_sts(struct rtw89_dev *rtwdev,
2045 					   struct rtw89_rx_desc_info *desc_info,
2046 					   struct sk_buff *skb)
2047 {
2048 	struct rtw89_rx_phy_ppdu phy_ppdu = {.buf = skb->data, .valid = false,
2049 					     .len = skb->len,
2050 					     .to_self = desc_info->addr1_match,
2051 					     .rate = desc_info->data_rate,
2052 					     .mac_id = desc_info->mac_id};
2053 	int ret;
2054 
2055 	if (desc_info->mac_info_valid)
2056 		rtw89_core_rx_process_mac_ppdu(rtwdev, skb, &phy_ppdu);
2057 	ret = rtw89_core_rx_process_phy_ppdu(rtwdev, &phy_ppdu);
2058 	if (ret)
2059 		rtw89_debug(rtwdev, RTW89_DBG_TXRX, "process ppdu failed\n");
2060 
2061 	rtw89_core_rx_process_phy_sts(rtwdev, &phy_ppdu);
2062 	rtw89_core_rx_pending_skb(rtwdev, &phy_ppdu, desc_info, skb);
2063 	dev_kfree_skb_any(skb);
2064 }
2065 
2066 static void rtw89_core_rx_process_report(struct rtw89_dev *rtwdev,
2067 					 struct rtw89_rx_desc_info *desc_info,
2068 					 struct sk_buff *skb)
2069 {
2070 	switch (desc_info->pkt_type) {
2071 	case RTW89_CORE_RX_TYPE_C2H:
2072 		rtw89_fw_c2h_irqsafe(rtwdev, skb);
2073 		break;
2074 	case RTW89_CORE_RX_TYPE_PPDU_STAT:
2075 		rtw89_core_rx_process_ppdu_sts(rtwdev, desc_info, skb);
2076 		break;
2077 	default:
2078 		rtw89_debug(rtwdev, RTW89_DBG_TXRX, "unhandled pkt_type=%d\n",
2079 			    desc_info->pkt_type);
2080 		dev_kfree_skb_any(skb);
2081 		break;
2082 	}
2083 }
2084 
2085 void rtw89_core_query_rxdesc(struct rtw89_dev *rtwdev,
2086 			     struct rtw89_rx_desc_info *desc_info,
2087 			     u8 *data, u32 data_offset)
2088 {
2089 	const struct rtw89_chip_info *chip = rtwdev->chip;
2090 	struct rtw89_rxdesc_short *rxd_s;
2091 	struct rtw89_rxdesc_long *rxd_l;
2092 	u8 shift_len, drv_info_len;
2093 
2094 	rxd_s = (struct rtw89_rxdesc_short *)(data + data_offset);
2095 	desc_info->pkt_size = le32_get_bits(rxd_s->dword0, AX_RXD_RPKT_LEN_MASK);
2096 	desc_info->drv_info_size = le32_get_bits(rxd_s->dword0, AX_RXD_DRV_INFO_SIZE_MASK);
2097 	desc_info->long_rxdesc = le32_get_bits(rxd_s->dword0,  AX_RXD_LONG_RXD);
2098 	desc_info->pkt_type = le32_get_bits(rxd_s->dword0,  AX_RXD_RPKT_TYPE_MASK);
2099 	desc_info->mac_info_valid = le32_get_bits(rxd_s->dword0, AX_RXD_MAC_INFO_VLD);
2100 	if (chip->chip_id == RTL8852C)
2101 		desc_info->bw = le32_get_bits(rxd_s->dword1, AX_RXD_BW_v1_MASK);
2102 	else
2103 		desc_info->bw = le32_get_bits(rxd_s->dword1, AX_RXD_BW_MASK);
2104 	desc_info->data_rate = le32_get_bits(rxd_s->dword1, AX_RXD_RX_DATARATE_MASK);
2105 	desc_info->gi_ltf = le32_get_bits(rxd_s->dword1, AX_RXD_RX_GI_LTF_MASK);
2106 	desc_info->user_id = le32_get_bits(rxd_s->dword1, AX_RXD_USER_ID_MASK);
2107 	desc_info->sr_en = le32_get_bits(rxd_s->dword1, AX_RXD_SR_EN);
2108 	desc_info->ppdu_cnt = le32_get_bits(rxd_s->dword1, AX_RXD_PPDU_CNT_MASK);
2109 	desc_info->ppdu_type = le32_get_bits(rxd_s->dword1, AX_RXD_PPDU_TYPE_MASK);
2110 	desc_info->free_run_cnt = le32_get_bits(rxd_s->dword2, AX_RXD_FREERUN_CNT_MASK);
2111 	desc_info->icv_err = le32_get_bits(rxd_s->dword3, AX_RXD_ICV_ERR);
2112 	desc_info->crc32_err = le32_get_bits(rxd_s->dword3, AX_RXD_CRC32_ERR);
2113 	desc_info->hw_dec = le32_get_bits(rxd_s->dword3, AX_RXD_HW_DEC);
2114 	desc_info->sw_dec = le32_get_bits(rxd_s->dword3, AX_RXD_SW_DEC);
2115 	desc_info->addr1_match = le32_get_bits(rxd_s->dword3, AX_RXD_A1_MATCH);
2116 
2117 	shift_len = desc_info->shift << 1; /* 2-byte unit */
2118 	drv_info_len = desc_info->drv_info_size << 3; /* 8-byte unit */
2119 	desc_info->offset = data_offset + shift_len + drv_info_len;
2120 	if (desc_info->long_rxdesc)
2121 		desc_info->rxd_len = sizeof(struct rtw89_rxdesc_long);
2122 	else
2123 		desc_info->rxd_len = sizeof(struct rtw89_rxdesc_short);
2124 	desc_info->ready = true;
2125 
2126 	if (!desc_info->long_rxdesc)
2127 		return;
2128 
2129 	rxd_l = (struct rtw89_rxdesc_long *)(data + data_offset);
2130 	desc_info->frame_type = le32_get_bits(rxd_l->dword4, AX_RXD_TYPE_MASK);
2131 	desc_info->addr_cam_valid = le32_get_bits(rxd_l->dword5, AX_RXD_ADDR_CAM_VLD);
2132 	desc_info->addr_cam_id = le32_get_bits(rxd_l->dword5, AX_RXD_ADDR_CAM_MASK);
2133 	desc_info->sec_cam_id = le32_get_bits(rxd_l->dword5, AX_RXD_SEC_CAM_IDX_MASK);
2134 	desc_info->mac_id = le32_get_bits(rxd_l->dword5, AX_RXD_MAC_ID_MASK);
2135 	desc_info->rx_pl_id = le32_get_bits(rxd_l->dword5, AX_RXD_RX_PL_ID_MASK);
2136 }
2137 EXPORT_SYMBOL(rtw89_core_query_rxdesc);
2138 
2139 void rtw89_core_query_rxdesc_v2(struct rtw89_dev *rtwdev,
2140 				struct rtw89_rx_desc_info *desc_info,
2141 				u8 *data, u32 data_offset)
2142 {
2143 	struct rtw89_rxdesc_short_v2 *rxd_s;
2144 	struct rtw89_rxdesc_long_v2 *rxd_l;
2145 	u16 shift_len, drv_info_len, phy_rtp_len, hdr_cnv_len;
2146 
2147 	rxd_s = (struct rtw89_rxdesc_short_v2 *)(data + data_offset);
2148 
2149 	desc_info->pkt_size = le32_get_bits(rxd_s->dword0, BE_RXD_RPKT_LEN_MASK);
2150 	desc_info->drv_info_size = le32_get_bits(rxd_s->dword0, BE_RXD_DRV_INFO_SZ_MASK);
2151 	desc_info->phy_rpt_size = le32_get_bits(rxd_s->dword0, BE_RXD_PHY_RPT_SZ_MASK);
2152 	desc_info->hdr_cnv_size = le32_get_bits(rxd_s->dword0, BE_RXD_HDR_CNV_SZ_MASK);
2153 	desc_info->shift = le32_get_bits(rxd_s->dword0, BE_RXD_SHIFT_MASK);
2154 	desc_info->long_rxdesc = le32_get_bits(rxd_s->dword0, BE_RXD_LONG_RXD);
2155 	desc_info->pkt_type = le32_get_bits(rxd_s->dword0, BE_RXD_RPKT_TYPE_MASK);
2156 	if (desc_info->pkt_type == RTW89_CORE_RX_TYPE_PPDU_STAT)
2157 		desc_info->mac_info_valid = true;
2158 
2159 	desc_info->frame_type = le32_get_bits(rxd_s->dword2, BE_RXD_TYPE_MASK);
2160 	desc_info->mac_id = le32_get_bits(rxd_s->dword2, BE_RXD_MAC_ID_MASK);
2161 	desc_info->addr_cam_valid = le32_get_bits(rxd_s->dword2, BE_RXD_ADDR_CAM_VLD);
2162 
2163 	desc_info->icv_err = le32_get_bits(rxd_s->dword3, BE_RXD_ICV_ERR);
2164 	desc_info->crc32_err = le32_get_bits(rxd_s->dword3, BE_RXD_CRC32_ERR);
2165 	desc_info->hw_dec = le32_get_bits(rxd_s->dword3, BE_RXD_HW_DEC);
2166 	desc_info->sw_dec = le32_get_bits(rxd_s->dword3, BE_RXD_SW_DEC);
2167 	desc_info->addr1_match = le32_get_bits(rxd_s->dword3, BE_RXD_A1_MATCH);
2168 
2169 	desc_info->bw = le32_get_bits(rxd_s->dword4, BE_RXD_BW_MASK);
2170 	desc_info->data_rate = le32_get_bits(rxd_s->dword4, BE_RXD_RX_DATARATE_MASK);
2171 	desc_info->gi_ltf = le32_get_bits(rxd_s->dword4, BE_RXD_RX_GI_LTF_MASK);
2172 	desc_info->ppdu_cnt = le32_get_bits(rxd_s->dword4, BE_RXD_PPDU_CNT_MASK);
2173 	desc_info->ppdu_type = le32_get_bits(rxd_s->dword4, BE_RXD_PPDU_TYPE_MASK);
2174 
2175 	desc_info->free_run_cnt = le32_to_cpu(rxd_s->dword5);
2176 
2177 	shift_len = desc_info->shift << 1; /* 2-byte unit */
2178 	drv_info_len = desc_info->drv_info_size << 3; /* 8-byte unit */
2179 	phy_rtp_len = desc_info->phy_rpt_size << 3; /* 8-byte unit */
2180 	hdr_cnv_len = desc_info->hdr_cnv_size << 4; /* 16-byte unit */
2181 	desc_info->offset = data_offset + shift_len + drv_info_len +
2182 			    phy_rtp_len + hdr_cnv_len;
2183 
2184 	if (desc_info->long_rxdesc)
2185 		desc_info->rxd_len = sizeof(struct rtw89_rxdesc_long_v2);
2186 	else
2187 		desc_info->rxd_len = sizeof(struct rtw89_rxdesc_short_v2);
2188 	desc_info->ready = true;
2189 
2190 	if (!desc_info->long_rxdesc)
2191 		return;
2192 
2193 	rxd_l = (struct rtw89_rxdesc_long_v2 *)(data + data_offset);
2194 
2195 	desc_info->sr_en = le32_get_bits(rxd_l->dword6, BE_RXD_SR_EN);
2196 	desc_info->user_id = le32_get_bits(rxd_l->dword6, BE_RXD_USER_ID_MASK);
2197 	desc_info->addr_cam_id = le32_get_bits(rxd_l->dword6, BE_RXD_ADDR_CAM_MASK);
2198 	desc_info->sec_cam_id = le32_get_bits(rxd_l->dword6, BE_RXD_SEC_CAM_IDX_MASK);
2199 
2200 	desc_info->rx_pl_id = le32_get_bits(rxd_l->dword7, BE_RXD_RX_PL_ID_MASK);
2201 }
2202 EXPORT_SYMBOL(rtw89_core_query_rxdesc_v2);
2203 
2204 struct rtw89_core_iter_rx_status {
2205 	struct rtw89_dev *rtwdev;
2206 	struct ieee80211_rx_status *rx_status;
2207 	struct rtw89_rx_desc_info *desc_info;
2208 	u8 mac_id;
2209 };
2210 
2211 static
2212 void rtw89_core_stats_sta_rx_status_iter(void *data, struct ieee80211_sta *sta)
2213 {
2214 	struct rtw89_core_iter_rx_status *iter_data =
2215 				(struct rtw89_core_iter_rx_status *)data;
2216 	struct ieee80211_rx_status *rx_status = iter_data->rx_status;
2217 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2218 	struct rtw89_rx_desc_info *desc_info = iter_data->desc_info;
2219 	u8 mac_id = iter_data->mac_id;
2220 
2221 	if (mac_id != rtwsta->mac_id)
2222 		return;
2223 
2224 	rtwsta->rx_status = *rx_status;
2225 	rtwsta->rx_hw_rate = desc_info->data_rate;
2226 }
2227 
2228 static void rtw89_core_stats_sta_rx_status(struct rtw89_dev *rtwdev,
2229 					   struct rtw89_rx_desc_info *desc_info,
2230 					   struct ieee80211_rx_status *rx_status)
2231 {
2232 	struct rtw89_core_iter_rx_status iter_data;
2233 
2234 	if (!desc_info->addr1_match || !desc_info->long_rxdesc)
2235 		return;
2236 
2237 	if (desc_info->frame_type != RTW89_RX_TYPE_DATA)
2238 		return;
2239 
2240 	iter_data.rtwdev = rtwdev;
2241 	iter_data.rx_status = rx_status;
2242 	iter_data.desc_info = desc_info;
2243 	iter_data.mac_id = desc_info->mac_id;
2244 	ieee80211_iterate_stations_atomic(rtwdev->hw,
2245 					  rtw89_core_stats_sta_rx_status_iter,
2246 					  &iter_data);
2247 }
2248 
2249 static void rtw89_core_update_rx_status(struct rtw89_dev *rtwdev,
2250 					struct rtw89_rx_desc_info *desc_info,
2251 					struct ieee80211_rx_status *rx_status)
2252 {
2253 	const struct cfg80211_chan_def *chandef =
2254 		rtw89_chandef_get(rtwdev, RTW89_SUB_ENTITY_0);
2255 	u16 data_rate;
2256 	u8 data_rate_mode;
2257 	bool eht = false;
2258 	u8 gi;
2259 
2260 	/* currently using single PHY */
2261 	rx_status->freq = chandef->chan->center_freq;
2262 	rx_status->band = chandef->chan->band;
2263 
2264 	if (rtwdev->scanning &&
2265 	    RTW89_CHK_FW_FEATURE(SCAN_OFFLOAD, &rtwdev->fw)) {
2266 		const struct rtw89_chan *cur = rtw89_scan_chan_get(rtwdev);
2267 		u8 chan = cur->primary_channel;
2268 		u8 band = cur->band_type;
2269 		enum nl80211_band nl_band;
2270 
2271 		nl_band = rtw89_hw_to_nl80211_band(band);
2272 		rx_status->freq = ieee80211_channel_to_frequency(chan, nl_band);
2273 		rx_status->band = nl_band;
2274 	}
2275 
2276 	if (desc_info->icv_err || desc_info->crc32_err)
2277 		rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
2278 
2279 	if (desc_info->hw_dec &&
2280 	    !(desc_info->sw_dec || desc_info->icv_err))
2281 		rx_status->flag |= RX_FLAG_DECRYPTED;
2282 
2283 	rx_status->bw = rtw89_hw_to_rate_info_bw(desc_info->bw);
2284 
2285 	data_rate = desc_info->data_rate;
2286 	data_rate_mode = rtw89_get_data_rate_mode(rtwdev, data_rate);
2287 	if (data_rate_mode == DATA_RATE_MODE_NON_HT) {
2288 		rx_status->encoding = RX_ENC_LEGACY;
2289 		rx_status->rate_idx = rtw89_get_data_not_ht_idx(rtwdev, data_rate);
2290 		/* convert rate_idx after we get the correct band */
2291 	} else if (data_rate_mode == DATA_RATE_MODE_HT) {
2292 		rx_status->encoding = RX_ENC_HT;
2293 		rx_status->rate_idx = rtw89_get_data_ht_mcs(rtwdev, data_rate);
2294 		if (desc_info->gi_ltf)
2295 			rx_status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
2296 	} else if (data_rate_mode == DATA_RATE_MODE_VHT) {
2297 		rx_status->encoding = RX_ENC_VHT;
2298 		rx_status->rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
2299 		rx_status->nss = rtw89_get_data_nss(rtwdev, data_rate) + 1;
2300 		if (desc_info->gi_ltf)
2301 			rx_status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
2302 	} else if (data_rate_mode == DATA_RATE_MODE_HE) {
2303 		rx_status->encoding = RX_ENC_HE;
2304 		rx_status->rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
2305 		rx_status->nss = rtw89_get_data_nss(rtwdev, data_rate) + 1;
2306 	} else if (data_rate_mode == DATA_RATE_MODE_EHT) {
2307 		rx_status->encoding = RX_ENC_EHT;
2308 		rx_status->rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
2309 		rx_status->nss = rtw89_get_data_nss(rtwdev, data_rate) + 1;
2310 		eht = true;
2311 	} else {
2312 		rtw89_warn(rtwdev, "invalid RX rate mode %d\n", data_rate_mode);
2313 	}
2314 
2315 	/* he_gi is used to match ppdu, so we always fill it. */
2316 	gi = rtw89_rxdesc_to_nl_he_eht_gi(rtwdev, desc_info->gi_ltf, true, eht);
2317 	if (eht)
2318 		rx_status->eht.gi = gi;
2319 	else
2320 		rx_status->he_gi = gi;
2321 	rx_status->flag |= RX_FLAG_MACTIME_START;
2322 	rx_status->mactime = desc_info->free_run_cnt;
2323 
2324 	rtw89_core_stats_sta_rx_status(rtwdev, desc_info, rx_status);
2325 }
2326 
2327 static enum rtw89_ps_mode rtw89_update_ps_mode(struct rtw89_dev *rtwdev)
2328 {
2329 	const struct rtw89_chip_info *chip = rtwdev->chip;
2330 
2331 	if (rtw89_disable_ps_mode || !chip->ps_mode_supported ||
2332 	    RTW89_CHK_FW_FEATURE(NO_DEEP_PS, &rtwdev->fw))
2333 		return RTW89_PS_MODE_NONE;
2334 
2335 	if ((chip->ps_mode_supported & BIT(RTW89_PS_MODE_PWR_GATED)) &&
2336 	    !RTW89_CHK_FW_FEATURE(NO_LPS_PG, &rtwdev->fw))
2337 		return RTW89_PS_MODE_PWR_GATED;
2338 
2339 	if (chip->ps_mode_supported & BIT(RTW89_PS_MODE_CLK_GATED))
2340 		return RTW89_PS_MODE_CLK_GATED;
2341 
2342 	if (chip->ps_mode_supported & BIT(RTW89_PS_MODE_RFOFF))
2343 		return RTW89_PS_MODE_RFOFF;
2344 
2345 	return RTW89_PS_MODE_NONE;
2346 }
2347 
2348 static void rtw89_core_flush_ppdu_rx_queue(struct rtw89_dev *rtwdev,
2349 					   struct rtw89_rx_desc_info *desc_info)
2350 {
2351 	struct rtw89_ppdu_sts_info *ppdu_sts = &rtwdev->ppdu_sts;
2352 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
2353 	struct ieee80211_rx_status *rx_status;
2354 	struct sk_buff *skb_ppdu, *tmp;
2355 
2356 	skb_queue_walk_safe(&ppdu_sts->rx_queue[band], skb_ppdu, tmp) {
2357 		skb_unlink(skb_ppdu, &ppdu_sts->rx_queue[band]);
2358 		rx_status = IEEE80211_SKB_RXCB(skb_ppdu);
2359 		rtw89_core_rx_to_mac80211(rtwdev, NULL, desc_info, skb_ppdu, rx_status);
2360 	}
2361 }
2362 
2363 void rtw89_core_rx(struct rtw89_dev *rtwdev,
2364 		   struct rtw89_rx_desc_info *desc_info,
2365 		   struct sk_buff *skb)
2366 {
2367 	struct ieee80211_rx_status *rx_status;
2368 	struct rtw89_ppdu_sts_info *ppdu_sts = &rtwdev->ppdu_sts;
2369 	u8 ppdu_cnt = desc_info->ppdu_cnt;
2370 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
2371 
2372 	if (desc_info->pkt_type != RTW89_CORE_RX_TYPE_WIFI) {
2373 		rtw89_core_rx_process_report(rtwdev, desc_info, skb);
2374 		return;
2375 	}
2376 
2377 	if (ppdu_sts->curr_rx_ppdu_cnt[band] != ppdu_cnt) {
2378 		rtw89_core_flush_ppdu_rx_queue(rtwdev, desc_info);
2379 		ppdu_sts->curr_rx_ppdu_cnt[band] = ppdu_cnt;
2380 	}
2381 
2382 	rx_status = IEEE80211_SKB_RXCB(skb);
2383 	memset(rx_status, 0, sizeof(*rx_status));
2384 	rtw89_core_update_rx_status(rtwdev, desc_info, rx_status);
2385 	if (desc_info->long_rxdesc &&
2386 	    BIT(desc_info->frame_type) & PPDU_FILTER_BITMAP)
2387 		skb_queue_tail(&ppdu_sts->rx_queue[band], skb);
2388 	else
2389 		rtw89_core_rx_to_mac80211(rtwdev, NULL, desc_info, skb, rx_status);
2390 }
2391 EXPORT_SYMBOL(rtw89_core_rx);
2392 
2393 void rtw89_core_napi_start(struct rtw89_dev *rtwdev)
2394 {
2395 	if (test_and_set_bit(RTW89_FLAG_NAPI_RUNNING, rtwdev->flags))
2396 		return;
2397 
2398 	napi_enable(&rtwdev->napi);
2399 }
2400 EXPORT_SYMBOL(rtw89_core_napi_start);
2401 
2402 void rtw89_core_napi_stop(struct rtw89_dev *rtwdev)
2403 {
2404 	if (!test_and_clear_bit(RTW89_FLAG_NAPI_RUNNING, rtwdev->flags))
2405 		return;
2406 
2407 	napi_synchronize(&rtwdev->napi);
2408 	napi_disable(&rtwdev->napi);
2409 }
2410 EXPORT_SYMBOL(rtw89_core_napi_stop);
2411 
2412 void rtw89_core_napi_init(struct rtw89_dev *rtwdev)
2413 {
2414 	init_dummy_netdev(&rtwdev->netdev);
2415 	netif_napi_add(&rtwdev->netdev, &rtwdev->napi,
2416 		       rtwdev->hci.ops->napi_poll);
2417 }
2418 EXPORT_SYMBOL(rtw89_core_napi_init);
2419 
2420 void rtw89_core_napi_deinit(struct rtw89_dev *rtwdev)
2421 {
2422 	rtw89_core_napi_stop(rtwdev);
2423 	netif_napi_del(&rtwdev->napi);
2424 }
2425 EXPORT_SYMBOL(rtw89_core_napi_deinit);
2426 
2427 static void rtw89_core_ba_work(struct work_struct *work)
2428 {
2429 	struct rtw89_dev *rtwdev =
2430 		container_of(work, struct rtw89_dev, ba_work);
2431 	struct rtw89_txq *rtwtxq, *tmp;
2432 	int ret;
2433 
2434 	spin_lock_bh(&rtwdev->ba_lock);
2435 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->ba_list, list) {
2436 		struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2437 		struct ieee80211_sta *sta = txq->sta;
2438 		struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
2439 		u8 tid = txq->tid;
2440 
2441 		if (!sta) {
2442 			rtw89_warn(rtwdev, "cannot start BA without sta\n");
2443 			goto skip_ba_work;
2444 		}
2445 
2446 		if (rtwsta->disassoc) {
2447 			rtw89_debug(rtwdev, RTW89_DBG_TXRX,
2448 				    "cannot start BA with disassoc sta\n");
2449 			goto skip_ba_work;
2450 		}
2451 
2452 		ret = ieee80211_start_tx_ba_session(sta, tid, 0);
2453 		if (ret) {
2454 			rtw89_debug(rtwdev, RTW89_DBG_TXRX,
2455 				    "failed to setup BA session for %pM:%2d: %d\n",
2456 				    sta->addr, tid, ret);
2457 			if (ret == -EINVAL)
2458 				set_bit(RTW89_TXQ_F_BLOCK_BA, &rtwtxq->flags);
2459 		}
2460 skip_ba_work:
2461 		list_del_init(&rtwtxq->list);
2462 	}
2463 	spin_unlock_bh(&rtwdev->ba_lock);
2464 }
2465 
2466 static void rtw89_core_free_sta_pending_ba(struct rtw89_dev *rtwdev,
2467 					   struct ieee80211_sta *sta)
2468 {
2469 	struct rtw89_txq *rtwtxq, *tmp;
2470 
2471 	spin_lock_bh(&rtwdev->ba_lock);
2472 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->ba_list, list) {
2473 		struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2474 
2475 		if (sta == txq->sta)
2476 			list_del_init(&rtwtxq->list);
2477 	}
2478 	spin_unlock_bh(&rtwdev->ba_lock);
2479 }
2480 
2481 static void rtw89_core_free_sta_pending_forbid_ba(struct rtw89_dev *rtwdev,
2482 						  struct ieee80211_sta *sta)
2483 {
2484 	struct rtw89_txq *rtwtxq, *tmp;
2485 
2486 	spin_lock_bh(&rtwdev->ba_lock);
2487 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->forbid_ba_list, list) {
2488 		struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2489 
2490 		if (sta == txq->sta) {
2491 			clear_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
2492 			list_del_init(&rtwtxq->list);
2493 		}
2494 	}
2495 	spin_unlock_bh(&rtwdev->ba_lock);
2496 }
2497 
2498 static void rtw89_core_free_sta_pending_roc_tx(struct rtw89_dev *rtwdev,
2499 					       struct ieee80211_sta *sta)
2500 {
2501 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2502 	struct sk_buff *skb, *tmp;
2503 
2504 	skb_queue_walk_safe(&rtwsta->roc_queue, skb, tmp) {
2505 		skb_unlink(skb, &rtwsta->roc_queue);
2506 		dev_kfree_skb_any(skb);
2507 	}
2508 }
2509 
2510 static void rtw89_core_stop_tx_ba_session(struct rtw89_dev *rtwdev,
2511 					  struct rtw89_txq *rtwtxq)
2512 {
2513 	struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2514 	struct ieee80211_sta *sta = txq->sta;
2515 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
2516 
2517 	if (unlikely(!rtwsta) || unlikely(rtwsta->disassoc))
2518 		return;
2519 
2520 	if (!test_bit(RTW89_TXQ_F_AMPDU, &rtwtxq->flags) ||
2521 	    test_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags))
2522 		return;
2523 
2524 	spin_lock_bh(&rtwdev->ba_lock);
2525 	if (!test_and_set_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags))
2526 		list_add_tail(&rtwtxq->list, &rtwdev->forbid_ba_list);
2527 	spin_unlock_bh(&rtwdev->ba_lock);
2528 
2529 	ieee80211_stop_tx_ba_session(sta, txq->tid);
2530 	cancel_delayed_work(&rtwdev->forbid_ba_work);
2531 	ieee80211_queue_delayed_work(rtwdev->hw, &rtwdev->forbid_ba_work,
2532 				     RTW89_FORBID_BA_TIMER);
2533 }
2534 
2535 static void rtw89_core_txq_check_agg(struct rtw89_dev *rtwdev,
2536 				     struct rtw89_txq *rtwtxq,
2537 				     struct sk_buff *skb)
2538 {
2539 	struct ieee80211_hw *hw = rtwdev->hw;
2540 	struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2541 	struct ieee80211_sta *sta = txq->sta;
2542 	struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
2543 
2544 	if (test_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags))
2545 		return;
2546 
2547 	if (unlikely(skb->protocol == cpu_to_be16(ETH_P_PAE))) {
2548 		rtw89_core_stop_tx_ba_session(rtwdev, rtwtxq);
2549 		return;
2550 	}
2551 
2552 	if (unlikely(!sta))
2553 		return;
2554 
2555 	if (unlikely(test_bit(RTW89_TXQ_F_BLOCK_BA, &rtwtxq->flags)))
2556 		return;
2557 
2558 	if (test_bit(RTW89_TXQ_F_AMPDU, &rtwtxq->flags)) {
2559 		IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_AMPDU;
2560 		return;
2561 	}
2562 
2563 	spin_lock_bh(&rtwdev->ba_lock);
2564 	if (!rtwsta->disassoc && list_empty(&rtwtxq->list)) {
2565 		list_add_tail(&rtwtxq->list, &rtwdev->ba_list);
2566 		ieee80211_queue_work(hw, &rtwdev->ba_work);
2567 	}
2568 	spin_unlock_bh(&rtwdev->ba_lock);
2569 }
2570 
2571 static void rtw89_core_txq_push(struct rtw89_dev *rtwdev,
2572 				struct rtw89_txq *rtwtxq,
2573 				unsigned long frame_cnt,
2574 				unsigned long byte_cnt)
2575 {
2576 	struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2577 	struct ieee80211_vif *vif = txq->vif;
2578 	struct ieee80211_sta *sta = txq->sta;
2579 	struct sk_buff *skb;
2580 	unsigned long i;
2581 	int ret;
2582 
2583 	rcu_read_lock();
2584 	for (i = 0; i < frame_cnt; i++) {
2585 		skb = ieee80211_tx_dequeue_ni(rtwdev->hw, txq);
2586 		if (!skb) {
2587 			rtw89_debug(rtwdev, RTW89_DBG_TXRX, "dequeue a NULL skb\n");
2588 			goto out;
2589 		}
2590 		rtw89_core_txq_check_agg(rtwdev, rtwtxq, skb);
2591 		ret = rtw89_core_tx_write(rtwdev, vif, sta, skb, NULL);
2592 		if (ret) {
2593 			rtw89_err(rtwdev, "failed to push txq: %d\n", ret);
2594 			ieee80211_free_txskb(rtwdev->hw, skb);
2595 			break;
2596 		}
2597 	}
2598 out:
2599 	rcu_read_unlock();
2600 }
2601 
2602 static u32 rtw89_check_and_reclaim_tx_resource(struct rtw89_dev *rtwdev, u8 tid)
2603 {
2604 	u8 qsel, ch_dma;
2605 
2606 	qsel = rtw89_core_get_qsel(rtwdev, tid);
2607 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
2608 
2609 	return rtw89_hci_check_and_reclaim_tx_resource(rtwdev, ch_dma);
2610 }
2611 
2612 static bool rtw89_core_txq_agg_wait(struct rtw89_dev *rtwdev,
2613 				    struct ieee80211_txq *txq,
2614 				    unsigned long *frame_cnt,
2615 				    bool *sched_txq, bool *reinvoke)
2616 {
2617 	struct rtw89_txq *rtwtxq = (struct rtw89_txq *)txq->drv_priv;
2618 	struct ieee80211_sta *sta = txq->sta;
2619 	struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
2620 
2621 	if (!sta || rtwsta->max_agg_wait <= 0)
2622 		return false;
2623 
2624 	if (rtwdev->stats.tx_tfc_lv <= RTW89_TFC_MID)
2625 		return false;
2626 
2627 	if (*frame_cnt > 1) {
2628 		*frame_cnt -= 1;
2629 		*sched_txq = true;
2630 		*reinvoke = true;
2631 		rtwtxq->wait_cnt = 1;
2632 		return false;
2633 	}
2634 
2635 	if (*frame_cnt == 1 && rtwtxq->wait_cnt < rtwsta->max_agg_wait) {
2636 		*reinvoke = true;
2637 		rtwtxq->wait_cnt++;
2638 		return true;
2639 	}
2640 
2641 	rtwtxq->wait_cnt = 0;
2642 	return false;
2643 }
2644 
2645 static void rtw89_core_txq_schedule(struct rtw89_dev *rtwdev, u8 ac, bool *reinvoke)
2646 {
2647 	struct ieee80211_hw *hw = rtwdev->hw;
2648 	struct ieee80211_txq *txq;
2649 	struct rtw89_vif *rtwvif;
2650 	struct rtw89_txq *rtwtxq;
2651 	unsigned long frame_cnt;
2652 	unsigned long byte_cnt;
2653 	u32 tx_resource;
2654 	bool sched_txq;
2655 
2656 	ieee80211_txq_schedule_start(hw, ac);
2657 	while ((txq = ieee80211_next_txq(hw, ac))) {
2658 		rtwtxq = (struct rtw89_txq *)txq->drv_priv;
2659 		rtwvif = (struct rtw89_vif *)txq->vif->drv_priv;
2660 
2661 		if (rtwvif->offchan) {
2662 			ieee80211_return_txq(hw, txq, true);
2663 			continue;
2664 		}
2665 		tx_resource = rtw89_check_and_reclaim_tx_resource(rtwdev, txq->tid);
2666 		sched_txq = false;
2667 
2668 		ieee80211_txq_get_depth(txq, &frame_cnt, &byte_cnt);
2669 		if (rtw89_core_txq_agg_wait(rtwdev, txq, &frame_cnt, &sched_txq, reinvoke)) {
2670 			ieee80211_return_txq(hw, txq, true);
2671 			continue;
2672 		}
2673 		frame_cnt = min_t(unsigned long, frame_cnt, tx_resource);
2674 		rtw89_core_txq_push(rtwdev, rtwtxq, frame_cnt, byte_cnt);
2675 		ieee80211_return_txq(hw, txq, sched_txq);
2676 		if (frame_cnt != 0)
2677 			rtw89_core_tx_kick_off(rtwdev, rtw89_core_get_qsel(rtwdev, txq->tid));
2678 
2679 		/* bound of tx_resource could get stuck due to burst traffic */
2680 		if (frame_cnt == tx_resource)
2681 			*reinvoke = true;
2682 	}
2683 	ieee80211_txq_schedule_end(hw, ac);
2684 }
2685 
2686 static void rtw89_ips_work(struct work_struct *work)
2687 {
2688 	struct rtw89_dev *rtwdev = container_of(work, struct rtw89_dev,
2689 						ips_work);
2690 	mutex_lock(&rtwdev->mutex);
2691 	rtw89_enter_ips_by_hwflags(rtwdev);
2692 	mutex_unlock(&rtwdev->mutex);
2693 }
2694 
2695 static void rtw89_core_txq_work(struct work_struct *w)
2696 {
2697 	struct rtw89_dev *rtwdev = container_of(w, struct rtw89_dev, txq_work);
2698 	bool reinvoke = false;
2699 	u8 ac;
2700 
2701 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
2702 		rtw89_core_txq_schedule(rtwdev, ac, &reinvoke);
2703 
2704 	if (reinvoke) {
2705 		/* reinvoke to process the last frame */
2706 		mod_delayed_work(rtwdev->txq_wq, &rtwdev->txq_reinvoke_work, 1);
2707 	}
2708 }
2709 
2710 static void rtw89_core_txq_reinvoke_work(struct work_struct *w)
2711 {
2712 	struct rtw89_dev *rtwdev = container_of(w, struct rtw89_dev,
2713 						txq_reinvoke_work.work);
2714 
2715 	queue_work(rtwdev->txq_wq, &rtwdev->txq_work);
2716 }
2717 
2718 static void rtw89_forbid_ba_work(struct work_struct *w)
2719 {
2720 	struct rtw89_dev *rtwdev = container_of(w, struct rtw89_dev,
2721 						forbid_ba_work.work);
2722 	struct rtw89_txq *rtwtxq, *tmp;
2723 
2724 	spin_lock_bh(&rtwdev->ba_lock);
2725 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->forbid_ba_list, list) {
2726 		clear_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
2727 		list_del_init(&rtwtxq->list);
2728 	}
2729 	spin_unlock_bh(&rtwdev->ba_lock);
2730 }
2731 
2732 static void rtw89_core_sta_pending_tx_iter(void *data,
2733 					   struct ieee80211_sta *sta)
2734 {
2735 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2736 	struct rtw89_vif *rtwvif_target = data, *rtwvif = rtwsta->rtwvif;
2737 	struct rtw89_dev *rtwdev = rtwvif->rtwdev;
2738 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
2739 	struct sk_buff *skb, *tmp;
2740 	int qsel, ret;
2741 
2742 	if (rtwvif->sub_entity_idx != rtwvif_target->sub_entity_idx)
2743 		return;
2744 
2745 	if (skb_queue_len(&rtwsta->roc_queue) == 0)
2746 		return;
2747 
2748 	skb_queue_walk_safe(&rtwsta->roc_queue, skb, tmp) {
2749 		skb_unlink(skb, &rtwsta->roc_queue);
2750 
2751 		ret = rtw89_core_tx_write(rtwdev, vif, sta, skb, &qsel);
2752 		if (ret) {
2753 			rtw89_warn(rtwdev, "pending tx failed with %d\n", ret);
2754 			dev_kfree_skb_any(skb);
2755 		} else {
2756 			rtw89_core_tx_kick_off(rtwdev, qsel);
2757 		}
2758 	}
2759 }
2760 
2761 static void rtw89_core_handle_sta_pending_tx(struct rtw89_dev *rtwdev,
2762 					     struct rtw89_vif *rtwvif)
2763 {
2764 	ieee80211_iterate_stations_atomic(rtwdev->hw,
2765 					  rtw89_core_sta_pending_tx_iter,
2766 					  rtwvif);
2767 }
2768 
2769 static int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev,
2770 				    struct rtw89_vif *rtwvif, bool qos, bool ps)
2771 {
2772 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
2773 	struct ieee80211_sta *sta;
2774 	struct ieee80211_hdr *hdr;
2775 	struct sk_buff *skb;
2776 	int ret, qsel;
2777 
2778 	if (vif->type != NL80211_IFTYPE_STATION || !vif->cfg.assoc)
2779 		return 0;
2780 
2781 	rcu_read_lock();
2782 	sta = ieee80211_find_sta(vif, vif->bss_conf.bssid);
2783 	if (!sta) {
2784 		ret = -EINVAL;
2785 		goto out;
2786 	}
2787 
2788 	skb = ieee80211_nullfunc_get(rtwdev->hw, vif, -1, qos);
2789 	if (!skb) {
2790 		ret = -ENOMEM;
2791 		goto out;
2792 	}
2793 
2794 	hdr = (struct ieee80211_hdr *)skb->data;
2795 	if (ps)
2796 		hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
2797 
2798 	ret = rtw89_core_tx_write(rtwdev, vif, sta, skb, &qsel);
2799 	if (ret) {
2800 		rtw89_warn(rtwdev, "nullfunc transmit failed: %d\n", ret);
2801 		dev_kfree_skb_any(skb);
2802 		goto out;
2803 	}
2804 
2805 	rcu_read_unlock();
2806 
2807 	return rtw89_core_tx_kick_off_and_wait(rtwdev, skb, qsel,
2808 					       RTW89_ROC_TX_TIMEOUT);
2809 out:
2810 	rcu_read_unlock();
2811 
2812 	return ret;
2813 }
2814 
2815 void rtw89_roc_start(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
2816 {
2817 	const struct rtw89_mac_gen_def *mac = rtwdev->chip->mac_def;
2818 	struct ieee80211_hw *hw = rtwdev->hw;
2819 	struct rtw89_roc *roc = &rtwvif->roc;
2820 	struct cfg80211_chan_def roc_chan;
2821 	struct rtw89_vif *tmp;
2822 	int ret;
2823 
2824 	lockdep_assert_held(&rtwdev->mutex);
2825 
2826 	ieee80211_queue_delayed_work(hw, &rtwvif->roc.roc_work,
2827 				     msecs_to_jiffies(rtwvif->roc.duration));
2828 
2829 	rtw89_leave_ips_by_hwflags(rtwdev);
2830 	rtw89_leave_lps(rtwdev);
2831 	rtw89_chanctx_pause(rtwdev, RTW89_CHANCTX_PAUSE_REASON_ROC);
2832 
2833 	ret = rtw89_core_send_nullfunc(rtwdev, rtwvif, true, true);
2834 	if (ret)
2835 		rtw89_debug(rtwdev, RTW89_DBG_TXRX,
2836 			    "roc send null-1 failed: %d\n", ret);
2837 
2838 	rtw89_for_each_rtwvif(rtwdev, tmp)
2839 		if (tmp->sub_entity_idx == rtwvif->sub_entity_idx)
2840 			tmp->offchan = true;
2841 
2842 	cfg80211_chandef_create(&roc_chan, &roc->chan, NL80211_CHAN_NO_HT);
2843 	rtw89_config_roc_chandef(rtwdev, rtwvif->sub_entity_idx, &roc_chan);
2844 	rtw89_set_channel(rtwdev);
2845 	rtw89_write32_clr(rtwdev,
2846 			  rtw89_mac_reg_by_idx(rtwdev, mac->rx_fltr, RTW89_MAC_0),
2847 			  B_AX_A_UC_CAM_MATCH | B_AX_A_BC_CAM_MATCH);
2848 
2849 	ieee80211_ready_on_channel(hw);
2850 }
2851 
2852 void rtw89_roc_end(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
2853 {
2854 	const struct rtw89_mac_gen_def *mac = rtwdev->chip->mac_def;
2855 	struct ieee80211_hw *hw = rtwdev->hw;
2856 	struct rtw89_roc *roc = &rtwvif->roc;
2857 	struct rtw89_vif *tmp;
2858 	int ret;
2859 
2860 	lockdep_assert_held(&rtwdev->mutex);
2861 
2862 	ieee80211_remain_on_channel_expired(hw);
2863 
2864 	rtw89_leave_ips_by_hwflags(rtwdev);
2865 	rtw89_leave_lps(rtwdev);
2866 
2867 	rtw89_write32_mask(rtwdev,
2868 			   rtw89_mac_reg_by_idx(rtwdev, mac->rx_fltr, RTW89_MAC_0),
2869 			   B_AX_RX_FLTR_CFG_MASK,
2870 			   rtwdev->hal.rx_fltr);
2871 
2872 	roc->state = RTW89_ROC_IDLE;
2873 	rtw89_config_roc_chandef(rtwdev, rtwvif->sub_entity_idx, NULL);
2874 	rtw89_chanctx_proceed(rtwdev);
2875 	ret = rtw89_core_send_nullfunc(rtwdev, rtwvif, true, false);
2876 	if (ret)
2877 		rtw89_debug(rtwdev, RTW89_DBG_TXRX,
2878 			    "roc send null-0 failed: %d\n", ret);
2879 
2880 	rtw89_for_each_rtwvif(rtwdev, tmp)
2881 		if (tmp->sub_entity_idx == rtwvif->sub_entity_idx)
2882 			tmp->offchan = false;
2883 
2884 	rtw89_core_handle_sta_pending_tx(rtwdev, rtwvif);
2885 	queue_work(rtwdev->txq_wq, &rtwdev->txq_work);
2886 
2887 	if (hw->conf.flags & IEEE80211_CONF_IDLE)
2888 		ieee80211_queue_delayed_work(hw, &roc->roc_work,
2889 					     RTW89_ROC_IDLE_TIMEOUT);
2890 }
2891 
2892 void rtw89_roc_work(struct work_struct *work)
2893 {
2894 	struct rtw89_vif *rtwvif = container_of(work, struct rtw89_vif,
2895 						roc.roc_work.work);
2896 	struct rtw89_dev *rtwdev = rtwvif->rtwdev;
2897 	struct rtw89_roc *roc = &rtwvif->roc;
2898 
2899 	mutex_lock(&rtwdev->mutex);
2900 
2901 	switch (roc->state) {
2902 	case RTW89_ROC_IDLE:
2903 		rtw89_enter_ips_by_hwflags(rtwdev);
2904 		break;
2905 	case RTW89_ROC_MGMT:
2906 	case RTW89_ROC_NORMAL:
2907 		rtw89_roc_end(rtwdev, rtwvif);
2908 		break;
2909 	default:
2910 		break;
2911 	}
2912 
2913 	mutex_unlock(&rtwdev->mutex);
2914 }
2915 
2916 static enum rtw89_tfc_lv rtw89_get_traffic_level(struct rtw89_dev *rtwdev,
2917 						 u32 throughput, u64 cnt)
2918 {
2919 	if (cnt < 100)
2920 		return RTW89_TFC_IDLE;
2921 	if (throughput > 50)
2922 		return RTW89_TFC_HIGH;
2923 	if (throughput > 10)
2924 		return RTW89_TFC_MID;
2925 	if (throughput > 2)
2926 		return RTW89_TFC_LOW;
2927 	return RTW89_TFC_ULTRA_LOW;
2928 }
2929 
2930 static bool rtw89_traffic_stats_calc(struct rtw89_dev *rtwdev,
2931 				     struct rtw89_traffic_stats *stats)
2932 {
2933 	enum rtw89_tfc_lv tx_tfc_lv = stats->tx_tfc_lv;
2934 	enum rtw89_tfc_lv rx_tfc_lv = stats->rx_tfc_lv;
2935 
2936 	stats->tx_throughput_raw = (u32)(stats->tx_unicast >> RTW89_TP_SHIFT);
2937 	stats->rx_throughput_raw = (u32)(stats->rx_unicast >> RTW89_TP_SHIFT);
2938 
2939 	ewma_tp_add(&stats->tx_ewma_tp, stats->tx_throughput_raw);
2940 	ewma_tp_add(&stats->rx_ewma_tp, stats->rx_throughput_raw);
2941 
2942 	stats->tx_throughput = ewma_tp_read(&stats->tx_ewma_tp);
2943 	stats->rx_throughput = ewma_tp_read(&stats->rx_ewma_tp);
2944 	stats->tx_tfc_lv = rtw89_get_traffic_level(rtwdev, stats->tx_throughput,
2945 						   stats->tx_cnt);
2946 	stats->rx_tfc_lv = rtw89_get_traffic_level(rtwdev, stats->rx_throughput,
2947 						   stats->rx_cnt);
2948 	stats->tx_avg_len = stats->tx_cnt ?
2949 			    DIV_ROUND_DOWN_ULL(stats->tx_unicast, stats->tx_cnt) : 0;
2950 	stats->rx_avg_len = stats->rx_cnt ?
2951 			    DIV_ROUND_DOWN_ULL(stats->rx_unicast, stats->rx_cnt) : 0;
2952 
2953 	stats->tx_unicast = 0;
2954 	stats->rx_unicast = 0;
2955 	stats->tx_cnt = 0;
2956 	stats->rx_cnt = 0;
2957 	stats->rx_tf_periodic = stats->rx_tf_acc;
2958 	stats->rx_tf_acc = 0;
2959 
2960 	if (tx_tfc_lv != stats->tx_tfc_lv || rx_tfc_lv != stats->rx_tfc_lv)
2961 		return true;
2962 
2963 	return false;
2964 }
2965 
2966 static bool rtw89_traffic_stats_track(struct rtw89_dev *rtwdev)
2967 {
2968 	struct rtw89_vif *rtwvif;
2969 	bool tfc_changed;
2970 
2971 	tfc_changed = rtw89_traffic_stats_calc(rtwdev, &rtwdev->stats);
2972 	rtw89_for_each_rtwvif(rtwdev, rtwvif) {
2973 		rtw89_traffic_stats_calc(rtwdev, &rtwvif->stats);
2974 		rtw89_fw_h2c_tp_offload(rtwdev, rtwvif);
2975 	}
2976 
2977 	return tfc_changed;
2978 }
2979 
2980 static void rtw89_vif_enter_lps(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
2981 {
2982 	if ((rtwvif->wifi_role != RTW89_WIFI_ROLE_STATION &&
2983 	     rtwvif->wifi_role != RTW89_WIFI_ROLE_P2P_CLIENT) ||
2984 	    rtwvif->tdls_peer)
2985 		return;
2986 
2987 	if (rtwvif->offchan)
2988 		return;
2989 
2990 	if (rtwvif->stats.tx_tfc_lv == RTW89_TFC_IDLE &&
2991 	    rtwvif->stats.rx_tfc_lv == RTW89_TFC_IDLE)
2992 		rtw89_enter_lps(rtwdev, rtwvif, true);
2993 }
2994 
2995 static void rtw89_enter_lps_track(struct rtw89_dev *rtwdev)
2996 {
2997 	struct rtw89_vif *rtwvif;
2998 
2999 	rtw89_for_each_rtwvif(rtwdev, rtwvif)
3000 		rtw89_vif_enter_lps(rtwdev, rtwvif);
3001 }
3002 
3003 static void rtw89_core_rfk_track(struct rtw89_dev *rtwdev)
3004 {
3005 	enum rtw89_entity_mode mode;
3006 
3007 	mode = rtw89_get_entity_mode(rtwdev);
3008 	if (mode == RTW89_ENTITY_MODE_MCC)
3009 		return;
3010 
3011 	rtw89_chip_rfk_track(rtwdev);
3012 }
3013 
3014 void rtw89_core_update_p2p_ps(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif)
3015 {
3016 	enum rtw89_entity_mode mode = rtw89_get_entity_mode(rtwdev);
3017 
3018 	if (mode == RTW89_ENTITY_MODE_MCC)
3019 		rtw89_queue_chanctx_change(rtwdev, RTW89_CHANCTX_P2P_PS_CHANGE);
3020 	else
3021 		rtw89_process_p2p_ps(rtwdev, vif);
3022 }
3023 
3024 void rtw89_traffic_stats_init(struct rtw89_dev *rtwdev,
3025 			      struct rtw89_traffic_stats *stats)
3026 {
3027 	stats->tx_unicast = 0;
3028 	stats->rx_unicast = 0;
3029 	stats->tx_cnt = 0;
3030 	stats->rx_cnt = 0;
3031 	ewma_tp_init(&stats->tx_ewma_tp);
3032 	ewma_tp_init(&stats->rx_ewma_tp);
3033 }
3034 
3035 static void rtw89_track_work(struct work_struct *work)
3036 {
3037 	struct rtw89_dev *rtwdev = container_of(work, struct rtw89_dev,
3038 						track_work.work);
3039 	bool tfc_changed;
3040 
3041 	if (test_bit(RTW89_FLAG_FORBIDDEN_TRACK_WROK, rtwdev->flags))
3042 		return;
3043 
3044 	mutex_lock(&rtwdev->mutex);
3045 
3046 	if (!test_bit(RTW89_FLAG_RUNNING, rtwdev->flags))
3047 		goto out;
3048 
3049 	ieee80211_queue_delayed_work(rtwdev->hw, &rtwdev->track_work,
3050 				     RTW89_TRACK_WORK_PERIOD);
3051 
3052 	tfc_changed = rtw89_traffic_stats_track(rtwdev);
3053 	if (rtwdev->scanning)
3054 		goto out;
3055 
3056 	rtw89_leave_lps(rtwdev);
3057 
3058 	if (tfc_changed) {
3059 		rtw89_hci_recalc_int_mit(rtwdev);
3060 		rtw89_btc_ntfy_wl_sta(rtwdev);
3061 	}
3062 	rtw89_mac_bf_monitor_track(rtwdev);
3063 	rtw89_phy_stat_track(rtwdev);
3064 	rtw89_phy_env_monitor_track(rtwdev);
3065 	rtw89_phy_dig(rtwdev);
3066 	rtw89_core_rfk_track(rtwdev);
3067 	rtw89_phy_ra_update(rtwdev);
3068 	rtw89_phy_cfo_track(rtwdev);
3069 	rtw89_phy_tx_path_div_track(rtwdev);
3070 	rtw89_phy_antdiv_track(rtwdev);
3071 	rtw89_phy_ul_tb_ctrl_track(rtwdev);
3072 	rtw89_tas_track(rtwdev);
3073 	rtw89_chanctx_track(rtwdev);
3074 
3075 	if (rtwdev->lps_enabled && !rtwdev->btc.lps)
3076 		rtw89_enter_lps_track(rtwdev);
3077 
3078 out:
3079 	mutex_unlock(&rtwdev->mutex);
3080 }
3081 
3082 u8 rtw89_core_acquire_bit_map(unsigned long *addr, unsigned long size)
3083 {
3084 	unsigned long bit;
3085 
3086 	bit = find_first_zero_bit(addr, size);
3087 	if (bit < size)
3088 		set_bit(bit, addr);
3089 
3090 	return bit;
3091 }
3092 
3093 void rtw89_core_release_bit_map(unsigned long *addr, u8 bit)
3094 {
3095 	clear_bit(bit, addr);
3096 }
3097 
3098 void rtw89_core_release_all_bits_map(unsigned long *addr, unsigned int nbits)
3099 {
3100 	bitmap_zero(addr, nbits);
3101 }
3102 
3103 int rtw89_core_acquire_sta_ba_entry(struct rtw89_dev *rtwdev,
3104 				    struct rtw89_sta *rtwsta, u8 tid, u8 *cam_idx)
3105 {
3106 	const struct rtw89_chip_info *chip = rtwdev->chip;
3107 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
3108 	struct rtw89_ba_cam_entry *entry = NULL, *tmp;
3109 	u8 idx;
3110 	int i;
3111 
3112 	lockdep_assert_held(&rtwdev->mutex);
3113 
3114 	idx = rtw89_core_acquire_bit_map(cam_info->ba_cam_map, chip->bacam_num);
3115 	if (idx == chip->bacam_num) {
3116 		/* allocate a static BA CAM to tid=0/5, so replace the existing
3117 		 * one if BA CAM is full. Hardware will process the original tid
3118 		 * automatically.
3119 		 */
3120 		if (tid != 0 && tid != 5)
3121 			return -ENOSPC;
3122 
3123 		for_each_set_bit(i, cam_info->ba_cam_map, chip->bacam_num) {
3124 			tmp = &cam_info->ba_cam_entry[i];
3125 			if (tmp->tid == 0 || tmp->tid == 5)
3126 				continue;
3127 
3128 			idx = i;
3129 			entry = tmp;
3130 			list_del(&entry->list);
3131 			break;
3132 		}
3133 
3134 		if (!entry)
3135 			return -ENOSPC;
3136 	} else {
3137 		entry = &cam_info->ba_cam_entry[idx];
3138 	}
3139 
3140 	entry->tid = tid;
3141 	list_add_tail(&entry->list, &rtwsta->ba_cam_list);
3142 
3143 	*cam_idx = idx;
3144 
3145 	return 0;
3146 }
3147 
3148 int rtw89_core_release_sta_ba_entry(struct rtw89_dev *rtwdev,
3149 				    struct rtw89_sta *rtwsta, u8 tid, u8 *cam_idx)
3150 {
3151 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
3152 	struct rtw89_ba_cam_entry *entry = NULL, *tmp;
3153 	u8 idx;
3154 
3155 	lockdep_assert_held(&rtwdev->mutex);
3156 
3157 	list_for_each_entry_safe(entry, tmp, &rtwsta->ba_cam_list, list) {
3158 		if (entry->tid != tid)
3159 			continue;
3160 
3161 		idx = entry - cam_info->ba_cam_entry;
3162 		list_del(&entry->list);
3163 
3164 		rtw89_core_release_bit_map(cam_info->ba_cam_map, idx);
3165 		*cam_idx = idx;
3166 		return 0;
3167 	}
3168 
3169 	return -ENOENT;
3170 }
3171 
3172 #define RTW89_TYPE_MAPPING(_type)	\
3173 	case NL80211_IFTYPE_ ## _type:	\
3174 		rtwvif->wifi_role = RTW89_WIFI_ROLE_ ## _type;	\
3175 		break
3176 void rtw89_vif_type_mapping(struct ieee80211_vif *vif, bool assoc)
3177 {
3178 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3179 
3180 	switch (vif->type) {
3181 	case NL80211_IFTYPE_STATION:
3182 		if (vif->p2p)
3183 			rtwvif->wifi_role = RTW89_WIFI_ROLE_P2P_CLIENT;
3184 		else
3185 			rtwvif->wifi_role = RTW89_WIFI_ROLE_STATION;
3186 		break;
3187 	case NL80211_IFTYPE_AP:
3188 		if (vif->p2p)
3189 			rtwvif->wifi_role = RTW89_WIFI_ROLE_P2P_GO;
3190 		else
3191 			rtwvif->wifi_role = RTW89_WIFI_ROLE_AP;
3192 		break;
3193 	RTW89_TYPE_MAPPING(ADHOC);
3194 	RTW89_TYPE_MAPPING(MONITOR);
3195 	RTW89_TYPE_MAPPING(MESH_POINT);
3196 	default:
3197 		WARN_ON(1);
3198 		break;
3199 	}
3200 
3201 	switch (vif->type) {
3202 	case NL80211_IFTYPE_AP:
3203 	case NL80211_IFTYPE_MESH_POINT:
3204 		rtwvif->net_type = RTW89_NET_TYPE_AP_MODE;
3205 		rtwvif->self_role = RTW89_SELF_ROLE_AP;
3206 		break;
3207 	case NL80211_IFTYPE_ADHOC:
3208 		rtwvif->net_type = RTW89_NET_TYPE_AD_HOC;
3209 		rtwvif->self_role = RTW89_SELF_ROLE_CLIENT;
3210 		break;
3211 	case NL80211_IFTYPE_STATION:
3212 		if (assoc) {
3213 			rtwvif->net_type = RTW89_NET_TYPE_INFRA;
3214 			rtwvif->trigger = vif->bss_conf.he_support;
3215 		} else {
3216 			rtwvif->net_type = RTW89_NET_TYPE_NO_LINK;
3217 			rtwvif->trigger = false;
3218 		}
3219 		rtwvif->self_role = RTW89_SELF_ROLE_CLIENT;
3220 		rtwvif->addr_cam.sec_ent_mode = RTW89_ADDR_CAM_SEC_NORMAL;
3221 		break;
3222 	case NL80211_IFTYPE_MONITOR:
3223 		break;
3224 	default:
3225 		WARN_ON(1);
3226 		break;
3227 	}
3228 }
3229 
3230 int rtw89_core_sta_add(struct rtw89_dev *rtwdev,
3231 		       struct ieee80211_vif *vif,
3232 		       struct ieee80211_sta *sta)
3233 {
3234 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3235 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
3236 	struct rtw89_hal *hal = &rtwdev->hal;
3237 	u8 ant_num = hal->ant_diversity ? 2 : rtwdev->chip->rf_path_num;
3238 	int i;
3239 	int ret;
3240 
3241 	rtwsta->rtwdev = rtwdev;
3242 	rtwsta->rtwvif = rtwvif;
3243 	rtwsta->prev_rssi = 0;
3244 	INIT_LIST_HEAD(&rtwsta->ba_cam_list);
3245 	skb_queue_head_init(&rtwsta->roc_queue);
3246 
3247 	for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
3248 		rtw89_core_txq_init(rtwdev, sta->txq[i]);
3249 
3250 	ewma_rssi_init(&rtwsta->avg_rssi);
3251 	ewma_snr_init(&rtwsta->avg_snr);
3252 	for (i = 0; i < ant_num; i++) {
3253 		ewma_rssi_init(&rtwsta->rssi[i]);
3254 		ewma_evm_init(&rtwsta->evm_min[i]);
3255 		ewma_evm_init(&rtwsta->evm_max[i]);
3256 	}
3257 
3258 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
3259 		/* for station mode, assign the mac_id from itself */
3260 		rtwsta->mac_id = rtwvif->mac_id;
3261 		/* must do rtw89_reg_6ghz_power_recalc() before rfk channel */
3262 		rtw89_reg_6ghz_power_recalc(rtwdev, rtwvif, true);
3263 		rtw89_btc_ntfy_role_info(rtwdev, rtwvif, rtwsta,
3264 					 BTC_ROLE_MSTS_STA_CONN_START);
3265 		rtw89_chip_rfk_channel(rtwdev);
3266 	} else if (vif->type == NL80211_IFTYPE_AP || sta->tdls) {
3267 		rtwsta->mac_id = rtw89_core_acquire_bit_map(rtwdev->mac_id_map,
3268 							    RTW89_MAX_MAC_ID_NUM);
3269 		if (rtwsta->mac_id == RTW89_MAX_MAC_ID_NUM)
3270 			return -ENOSPC;
3271 
3272 		ret = rtw89_mac_set_macid_pause(rtwdev, rtwsta->mac_id, false);
3273 		if (ret) {
3274 			rtw89_core_release_bit_map(rtwdev->mac_id_map, rtwsta->mac_id);
3275 			rtw89_warn(rtwdev, "failed to send h2c macid pause\n");
3276 			return ret;
3277 		}
3278 
3279 		ret = rtw89_fw_h2c_role_maintain(rtwdev, rtwvif, rtwsta,
3280 						 RTW89_ROLE_CREATE);
3281 		if (ret) {
3282 			rtw89_core_release_bit_map(rtwdev->mac_id_map, rtwsta->mac_id);
3283 			rtw89_warn(rtwdev, "failed to send h2c role info\n");
3284 			return ret;
3285 		}
3286 
3287 		rtw89_queue_chanctx_change(rtwdev, RTW89_CHANCTX_REMOTE_STA_CHANGE);
3288 	}
3289 
3290 	return 0;
3291 }
3292 
3293 int rtw89_core_sta_disassoc(struct rtw89_dev *rtwdev,
3294 			    struct ieee80211_vif *vif,
3295 			    struct ieee80211_sta *sta)
3296 {
3297 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3298 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
3299 
3300 	if (vif->type == NL80211_IFTYPE_STATION)
3301 		rtw89_fw_h2c_set_bcn_fltr_cfg(rtwdev, vif, false);
3302 
3303 	rtwdev->total_sta_assoc--;
3304 	if (sta->tdls)
3305 		rtwvif->tdls_peer--;
3306 	rtwsta->disassoc = true;
3307 
3308 	return 0;
3309 }
3310 
3311 int rtw89_core_sta_disconnect(struct rtw89_dev *rtwdev,
3312 			      struct ieee80211_vif *vif,
3313 			      struct ieee80211_sta *sta)
3314 {
3315 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3316 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
3317 	int ret;
3318 
3319 	rtw89_mac_bf_monitor_calc(rtwdev, sta, true);
3320 	rtw89_mac_bf_disassoc(rtwdev, vif, sta);
3321 	rtw89_core_free_sta_pending_ba(rtwdev, sta);
3322 	rtw89_core_free_sta_pending_forbid_ba(rtwdev, sta);
3323 	rtw89_core_free_sta_pending_roc_tx(rtwdev, sta);
3324 
3325 	if (vif->type == NL80211_IFTYPE_AP || sta->tdls)
3326 		rtw89_cam_deinit_addr_cam(rtwdev, &rtwsta->addr_cam);
3327 	if (sta->tdls)
3328 		rtw89_cam_deinit_bssid_cam(rtwdev, &rtwsta->bssid_cam);
3329 
3330 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
3331 		rtw89_vif_type_mapping(vif, false);
3332 		rtw89_fw_release_general_pkt_list_vif(rtwdev, rtwvif, true);
3333 	}
3334 
3335 	ret = rtw89_fw_h2c_assoc_cmac_tbl(rtwdev, vif, sta);
3336 	if (ret) {
3337 		rtw89_warn(rtwdev, "failed to send h2c cmac table\n");
3338 		return ret;
3339 	}
3340 
3341 	ret = rtw89_fw_h2c_join_info(rtwdev, rtwvif, rtwsta, true);
3342 	if (ret) {
3343 		rtw89_warn(rtwdev, "failed to send h2c join info\n");
3344 		return ret;
3345 	}
3346 
3347 	/* update cam aid mac_id net_type */
3348 	ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL);
3349 	if (ret) {
3350 		rtw89_warn(rtwdev, "failed to send h2c cam\n");
3351 		return ret;
3352 	}
3353 
3354 	return ret;
3355 }
3356 
3357 int rtw89_core_sta_assoc(struct rtw89_dev *rtwdev,
3358 			 struct ieee80211_vif *vif,
3359 			 struct ieee80211_sta *sta)
3360 {
3361 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3362 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
3363 	struct rtw89_bssid_cam_entry *bssid_cam = rtw89_get_bssid_cam_of(rtwvif, rtwsta);
3364 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev,
3365 						       rtwvif->sub_entity_idx);
3366 	int ret;
3367 
3368 	if (vif->type == NL80211_IFTYPE_AP || sta->tdls) {
3369 		if (sta->tdls) {
3370 			ret = rtw89_cam_init_bssid_cam(rtwdev, rtwvif, bssid_cam, sta->addr);
3371 			if (ret) {
3372 				rtw89_warn(rtwdev, "failed to send h2c init bssid cam for TDLS\n");
3373 				return ret;
3374 			}
3375 		}
3376 
3377 		ret = rtw89_cam_init_addr_cam(rtwdev, &rtwsta->addr_cam, bssid_cam);
3378 		if (ret) {
3379 			rtw89_warn(rtwdev, "failed to send h2c init addr cam\n");
3380 			return ret;
3381 		}
3382 	}
3383 
3384 	ret = rtw89_fw_h2c_assoc_cmac_tbl(rtwdev, vif, sta);
3385 	if (ret) {
3386 		rtw89_warn(rtwdev, "failed to send h2c cmac table\n");
3387 		return ret;
3388 	}
3389 
3390 	ret = rtw89_fw_h2c_join_info(rtwdev, rtwvif, rtwsta, false);
3391 	if (ret) {
3392 		rtw89_warn(rtwdev, "failed to send h2c join info\n");
3393 		return ret;
3394 	}
3395 
3396 	/* update cam aid mac_id net_type */
3397 	ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL);
3398 	if (ret) {
3399 		rtw89_warn(rtwdev, "failed to send h2c cam\n");
3400 		return ret;
3401 	}
3402 
3403 	rtwdev->total_sta_assoc++;
3404 	if (sta->tdls)
3405 		rtwvif->tdls_peer++;
3406 	rtw89_phy_ra_assoc(rtwdev, sta);
3407 	rtw89_mac_bf_assoc(rtwdev, vif, sta);
3408 	rtw89_mac_bf_monitor_calc(rtwdev, sta, false);
3409 
3410 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
3411 		struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
3412 
3413 		if (bss_conf->he_support &&
3414 		    !(bss_conf->he_oper.params & IEEE80211_HE_OPERATION_ER_SU_DISABLE))
3415 			rtwsta->er_cap = true;
3416 
3417 		rtw89_btc_ntfy_role_info(rtwdev, rtwvif, rtwsta,
3418 					 BTC_ROLE_MSTS_STA_CONN_END);
3419 		rtw89_core_get_no_ul_ofdma_htc(rtwdev, &rtwsta->htc_template, chan);
3420 		rtw89_phy_ul_tb_assoc(rtwdev, rtwvif);
3421 
3422 		ret = rtw89_fw_h2c_general_pkt(rtwdev, rtwvif, rtwsta->mac_id);
3423 		if (ret) {
3424 			rtw89_warn(rtwdev, "failed to send h2c general packet\n");
3425 			return ret;
3426 		}
3427 	}
3428 
3429 	return ret;
3430 }
3431 
3432 int rtw89_core_sta_remove(struct rtw89_dev *rtwdev,
3433 			  struct ieee80211_vif *vif,
3434 			  struct ieee80211_sta *sta)
3435 {
3436 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3437 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
3438 	int ret;
3439 
3440 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
3441 		rtw89_reg_6ghz_power_recalc(rtwdev, rtwvif, false);
3442 		rtw89_btc_ntfy_role_info(rtwdev, rtwvif, rtwsta,
3443 					 BTC_ROLE_MSTS_STA_DIS_CONN);
3444 	} else if (vif->type == NL80211_IFTYPE_AP || sta->tdls) {
3445 		rtw89_core_release_bit_map(rtwdev->mac_id_map, rtwsta->mac_id);
3446 
3447 		ret = rtw89_fw_h2c_role_maintain(rtwdev, rtwvif, rtwsta,
3448 						 RTW89_ROLE_REMOVE);
3449 		if (ret) {
3450 			rtw89_warn(rtwdev, "failed to send h2c role info\n");
3451 			return ret;
3452 		}
3453 
3454 		rtw89_queue_chanctx_change(rtwdev, RTW89_CHANCTX_REMOTE_STA_CHANGE);
3455 	}
3456 
3457 	return 0;
3458 }
3459 
3460 static void _rtw89_core_set_tid_config(struct rtw89_dev *rtwdev,
3461 				       struct ieee80211_sta *sta,
3462 				       struct cfg80211_tid_cfg *tid_conf)
3463 {
3464 	struct ieee80211_txq *txq;
3465 	struct rtw89_txq *rtwtxq;
3466 	u32 mask = tid_conf->mask;
3467 	u8 tids = tid_conf->tids;
3468 	int tids_nbit = BITS_PER_BYTE;
3469 	int i;
3470 
3471 	for (i = 0; i < tids_nbit; i++, tids >>= 1) {
3472 		if (!tids)
3473 			break;
3474 
3475 		if (!(tids & BIT(0)))
3476 			continue;
3477 
3478 		txq = sta->txq[i];
3479 		rtwtxq = (struct rtw89_txq *)txq->drv_priv;
3480 
3481 		if (mask & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
3482 			if (tid_conf->ampdu == NL80211_TID_CONFIG_ENABLE) {
3483 				clear_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
3484 			} else {
3485 				if (test_bit(RTW89_TXQ_F_AMPDU, &rtwtxq->flags))
3486 					ieee80211_stop_tx_ba_session(sta, txq->tid);
3487 				spin_lock_bh(&rtwdev->ba_lock);
3488 				list_del_init(&rtwtxq->list);
3489 				set_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
3490 				spin_unlock_bh(&rtwdev->ba_lock);
3491 			}
3492 		}
3493 
3494 		if (mask & BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL) && tids == 0xff) {
3495 			if (tid_conf->amsdu == NL80211_TID_CONFIG_ENABLE)
3496 				sta->max_amsdu_subframes = 0;
3497 			else
3498 				sta->max_amsdu_subframes = 1;
3499 		}
3500 	}
3501 }
3502 
3503 void rtw89_core_set_tid_config(struct rtw89_dev *rtwdev,
3504 			       struct ieee80211_sta *sta,
3505 			       struct cfg80211_tid_config *tid_config)
3506 {
3507 	int i;
3508 
3509 	for (i = 0; i < tid_config->n_tid_conf; i++)
3510 		_rtw89_core_set_tid_config(rtwdev, sta,
3511 					   &tid_config->tid_conf[i]);
3512 }
3513 
3514 static void rtw89_init_ht_cap(struct rtw89_dev *rtwdev,
3515 			      struct ieee80211_sta_ht_cap *ht_cap)
3516 {
3517 	static const __le16 highest[RF_PATH_MAX] = {
3518 		cpu_to_le16(150), cpu_to_le16(300), cpu_to_le16(450), cpu_to_le16(600),
3519 	};
3520 	struct rtw89_hal *hal = &rtwdev->hal;
3521 	u8 nss = hal->rx_nss;
3522 	int i;
3523 
3524 	ht_cap->ht_supported = true;
3525 	ht_cap->cap = 0;
3526 	ht_cap->cap |= IEEE80211_HT_CAP_SGI_20 |
3527 		       IEEE80211_HT_CAP_MAX_AMSDU |
3528 		       IEEE80211_HT_CAP_TX_STBC |
3529 		       (1 << IEEE80211_HT_CAP_RX_STBC_SHIFT);
3530 	ht_cap->cap |= IEEE80211_HT_CAP_LDPC_CODING;
3531 	ht_cap->cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40 |
3532 		       IEEE80211_HT_CAP_DSSSCCK40 |
3533 		       IEEE80211_HT_CAP_SGI_40;
3534 	ht_cap->ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
3535 	ht_cap->ampdu_density = IEEE80211_HT_MPDU_DENSITY_NONE;
3536 	ht_cap->mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
3537 	for (i = 0; i < nss; i++)
3538 		ht_cap->mcs.rx_mask[i] = 0xFF;
3539 	ht_cap->mcs.rx_mask[4] = 0x01;
3540 	ht_cap->mcs.rx_highest = highest[nss - 1];
3541 }
3542 
3543 static void rtw89_init_vht_cap(struct rtw89_dev *rtwdev,
3544 			       struct ieee80211_sta_vht_cap *vht_cap)
3545 {
3546 	static const __le16 highest_bw80[RF_PATH_MAX] = {
3547 		cpu_to_le16(433), cpu_to_le16(867), cpu_to_le16(1300), cpu_to_le16(1733),
3548 	};
3549 	static const __le16 highest_bw160[RF_PATH_MAX] = {
3550 		cpu_to_le16(867), cpu_to_le16(1733), cpu_to_le16(2600), cpu_to_le16(3467),
3551 	};
3552 	const struct rtw89_chip_info *chip = rtwdev->chip;
3553 	const __le16 *highest = chip->support_bw160 ? highest_bw160 : highest_bw80;
3554 	struct rtw89_hal *hal = &rtwdev->hal;
3555 	u16 tx_mcs_map = 0, rx_mcs_map = 0;
3556 	u8 sts_cap = 3;
3557 	int i;
3558 
3559 	for (i = 0; i < 8; i++) {
3560 		if (i < hal->tx_nss)
3561 			tx_mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
3562 		else
3563 			tx_mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
3564 		if (i < hal->rx_nss)
3565 			rx_mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
3566 		else
3567 			rx_mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
3568 	}
3569 
3570 	vht_cap->vht_supported = true;
3571 	vht_cap->cap = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454 |
3572 		       IEEE80211_VHT_CAP_SHORT_GI_80 |
3573 		       IEEE80211_VHT_CAP_RXSTBC_1 |
3574 		       IEEE80211_VHT_CAP_HTC_VHT |
3575 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK |
3576 		       0;
3577 	vht_cap->cap |= IEEE80211_VHT_CAP_TXSTBC;
3578 	vht_cap->cap |= IEEE80211_VHT_CAP_RXLDPC;
3579 	vht_cap->cap |= IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
3580 			IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
3581 	vht_cap->cap |= sts_cap << IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
3582 	if (chip->support_bw160)
3583 		vht_cap->cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
3584 				IEEE80211_VHT_CAP_SHORT_GI_160;
3585 	vht_cap->vht_mcs.rx_mcs_map = cpu_to_le16(rx_mcs_map);
3586 	vht_cap->vht_mcs.tx_mcs_map = cpu_to_le16(tx_mcs_map);
3587 	vht_cap->vht_mcs.rx_highest = highest[hal->rx_nss - 1];
3588 	vht_cap->vht_mcs.tx_highest = highest[hal->tx_nss - 1];
3589 }
3590 
3591 #define RTW89_SBAND_IFTYPES_NR 2
3592 
3593 static void rtw89_init_he_cap(struct rtw89_dev *rtwdev,
3594 			      enum nl80211_band band,
3595 			      struct ieee80211_supported_band *sband)
3596 {
3597 	const struct rtw89_chip_info *chip = rtwdev->chip;
3598 	struct rtw89_hal *hal = &rtwdev->hal;
3599 	struct ieee80211_sband_iftype_data *iftype_data;
3600 	bool no_ng16 = (chip->chip_id == RTL8852A && hal->cv == CHIP_CBV) ||
3601 		       (chip->chip_id == RTL8852B && hal->cv == CHIP_CAV);
3602 	u16 mcs_map = 0;
3603 	int i;
3604 	int nss = hal->rx_nss;
3605 	int idx = 0;
3606 
3607 	iftype_data = kcalloc(RTW89_SBAND_IFTYPES_NR, sizeof(*iftype_data), GFP_KERNEL);
3608 	if (!iftype_data)
3609 		return;
3610 
3611 	for (i = 0; i < 8; i++) {
3612 		if (i < nss)
3613 			mcs_map |= IEEE80211_HE_MCS_SUPPORT_0_11 << (i * 2);
3614 		else
3615 			mcs_map |= IEEE80211_HE_MCS_NOT_SUPPORTED << (i * 2);
3616 	}
3617 
3618 	for (i = 0; i < NUM_NL80211_IFTYPES; i++) {
3619 		struct ieee80211_sta_he_cap *he_cap;
3620 		u8 *mac_cap_info;
3621 		u8 *phy_cap_info;
3622 
3623 		switch (i) {
3624 		case NL80211_IFTYPE_STATION:
3625 		case NL80211_IFTYPE_AP:
3626 			break;
3627 		default:
3628 			continue;
3629 		}
3630 
3631 		if (idx >= RTW89_SBAND_IFTYPES_NR) {
3632 			rtw89_warn(rtwdev, "run out of iftype_data\n");
3633 			break;
3634 		}
3635 
3636 		iftype_data[idx].types_mask = BIT(i);
3637 		he_cap = &iftype_data[idx].he_cap;
3638 		mac_cap_info = he_cap->he_cap_elem.mac_cap_info;
3639 		phy_cap_info = he_cap->he_cap_elem.phy_cap_info;
3640 
3641 		he_cap->has_he = true;
3642 		mac_cap_info[0] = IEEE80211_HE_MAC_CAP0_HTC_HE;
3643 		if (i == NL80211_IFTYPE_STATION)
3644 			mac_cap_info[1] = IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_16US;
3645 		mac_cap_info[2] = IEEE80211_HE_MAC_CAP2_ALL_ACK |
3646 				  IEEE80211_HE_MAC_CAP2_BSR;
3647 		mac_cap_info[3] = IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_2;
3648 		if (i == NL80211_IFTYPE_AP)
3649 			mac_cap_info[3] |= IEEE80211_HE_MAC_CAP3_OMI_CONTROL;
3650 		mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_OPS |
3651 				  IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU;
3652 		if (i == NL80211_IFTYPE_STATION)
3653 			mac_cap_info[5] = IEEE80211_HE_MAC_CAP5_HT_VHT_TRIG_FRAME_RX;
3654 		if (band == NL80211_BAND_2GHZ) {
3655 			phy_cap_info[0] =
3656 				IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G;
3657 		} else {
3658 			phy_cap_info[0] =
3659 				IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G;
3660 			if (chip->support_bw160)
3661 				phy_cap_info[0] |= IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
3662 		}
3663 		phy_cap_info[1] = IEEE80211_HE_PHY_CAP1_DEVICE_CLASS_A |
3664 				  IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD |
3665 				  IEEE80211_HE_PHY_CAP1_HE_LTF_AND_GI_FOR_HE_PPDUS_0_8US;
3666 		phy_cap_info[2] = IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US |
3667 				  IEEE80211_HE_PHY_CAP2_STBC_TX_UNDER_80MHZ |
3668 				  IEEE80211_HE_PHY_CAP2_STBC_RX_UNDER_80MHZ |
3669 				  IEEE80211_HE_PHY_CAP2_DOPPLER_TX;
3670 		phy_cap_info[3] = IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_RX_16_QAM;
3671 		if (i == NL80211_IFTYPE_STATION)
3672 			phy_cap_info[3] |= IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_TX_16_QAM |
3673 					   IEEE80211_HE_PHY_CAP3_DCM_MAX_TX_NSS_2;
3674 		if (i == NL80211_IFTYPE_AP)
3675 			phy_cap_info[3] |= IEEE80211_HE_PHY_CAP3_RX_PARTIAL_BW_SU_IN_20MHZ_MU;
3676 		phy_cap_info[4] = IEEE80211_HE_PHY_CAP4_SU_BEAMFORMEE |
3677 				  IEEE80211_HE_PHY_CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_4;
3678 		if (chip->support_bw160)
3679 			phy_cap_info[4] |= IEEE80211_HE_PHY_CAP4_BEAMFORMEE_MAX_STS_ABOVE_80MHZ_4;
3680 		phy_cap_info[5] = no_ng16 ? 0 :
3681 				  IEEE80211_HE_PHY_CAP5_NG16_SU_FEEDBACK |
3682 				  IEEE80211_HE_PHY_CAP5_NG16_MU_FEEDBACK;
3683 		phy_cap_info[6] = IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_42_SU |
3684 				  IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_75_MU |
3685 				  IEEE80211_HE_PHY_CAP6_TRIG_SU_BEAMFORMING_FB |
3686 				  IEEE80211_HE_PHY_CAP6_PARTIAL_BW_EXT_RANGE;
3687 		phy_cap_info[7] = IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_SUPP |
3688 				  IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI |
3689 				  IEEE80211_HE_PHY_CAP7_MAX_NC_1;
3690 		phy_cap_info[8] = IEEE80211_HE_PHY_CAP8_HE_ER_SU_PPDU_4XLTF_AND_08_US_GI |
3691 				  IEEE80211_HE_PHY_CAP8_HE_ER_SU_1XLTF_AND_08_US_GI |
3692 				  IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_996;
3693 		if (chip->support_bw160)
3694 			phy_cap_info[8] |= IEEE80211_HE_PHY_CAP8_20MHZ_IN_160MHZ_HE_PPDU |
3695 					   IEEE80211_HE_PHY_CAP8_80MHZ_IN_160MHZ_HE_PPDU;
3696 		phy_cap_info[9] = IEEE80211_HE_PHY_CAP9_LONGER_THAN_16_SIGB_OFDM_SYM |
3697 				  IEEE80211_HE_PHY_CAP9_RX_1024_QAM_LESS_THAN_242_TONE_RU |
3698 				  IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_COMP_SIGB |
3699 				  IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_NON_COMP_SIGB |
3700 				  u8_encode_bits(IEEE80211_HE_PHY_CAP9_NOMINAL_PKT_PADDING_16US,
3701 						 IEEE80211_HE_PHY_CAP9_NOMINAL_PKT_PADDING_MASK);
3702 		if (i == NL80211_IFTYPE_STATION)
3703 			phy_cap_info[9] |= IEEE80211_HE_PHY_CAP9_TX_1024_QAM_LESS_THAN_242_TONE_RU;
3704 		he_cap->he_mcs_nss_supp.rx_mcs_80 = cpu_to_le16(mcs_map);
3705 		he_cap->he_mcs_nss_supp.tx_mcs_80 = cpu_to_le16(mcs_map);
3706 		if (chip->support_bw160) {
3707 			he_cap->he_mcs_nss_supp.rx_mcs_160 = cpu_to_le16(mcs_map);
3708 			he_cap->he_mcs_nss_supp.tx_mcs_160 = cpu_to_le16(mcs_map);
3709 		}
3710 
3711 		if (band == NL80211_BAND_6GHZ) {
3712 			__le16 capa;
3713 
3714 			capa = le16_encode_bits(IEEE80211_HT_MPDU_DENSITY_NONE,
3715 						IEEE80211_HE_6GHZ_CAP_MIN_MPDU_START) |
3716 			       le16_encode_bits(IEEE80211_VHT_MAX_AMPDU_1024K,
3717 						IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP) |
3718 			       le16_encode_bits(IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454,
3719 						IEEE80211_HE_6GHZ_CAP_MAX_MPDU_LEN);
3720 			iftype_data[idx].he_6ghz_capa.capa = capa;
3721 		}
3722 
3723 		idx++;
3724 	}
3725 
3726 	_ieee80211_set_sband_iftype_data(sband, iftype_data, idx);
3727 }
3728 
3729 static int rtw89_core_set_supported_band(struct rtw89_dev *rtwdev)
3730 {
3731 	struct ieee80211_hw *hw = rtwdev->hw;
3732 	struct ieee80211_supported_band *sband_2ghz = NULL, *sband_5ghz = NULL;
3733 	struct ieee80211_supported_band *sband_6ghz = NULL;
3734 	u32 size = sizeof(struct ieee80211_supported_band);
3735 	u8 support_bands = rtwdev->chip->support_bands;
3736 
3737 	if (support_bands & BIT(NL80211_BAND_2GHZ)) {
3738 		sband_2ghz = kmemdup(&rtw89_sband_2ghz, size, GFP_KERNEL);
3739 		if (!sband_2ghz)
3740 			goto err;
3741 		rtw89_init_ht_cap(rtwdev, &sband_2ghz->ht_cap);
3742 		rtw89_init_he_cap(rtwdev, NL80211_BAND_2GHZ, sband_2ghz);
3743 		hw->wiphy->bands[NL80211_BAND_2GHZ] = sband_2ghz;
3744 	}
3745 
3746 	if (support_bands & BIT(NL80211_BAND_5GHZ)) {
3747 		sband_5ghz = kmemdup(&rtw89_sband_5ghz, size, GFP_KERNEL);
3748 		if (!sband_5ghz)
3749 			goto err;
3750 		rtw89_init_ht_cap(rtwdev, &sband_5ghz->ht_cap);
3751 		rtw89_init_vht_cap(rtwdev, &sband_5ghz->vht_cap);
3752 		rtw89_init_he_cap(rtwdev, NL80211_BAND_5GHZ, sband_5ghz);
3753 		hw->wiphy->bands[NL80211_BAND_5GHZ] = sband_5ghz;
3754 	}
3755 
3756 	if (support_bands & BIT(NL80211_BAND_6GHZ)) {
3757 		sband_6ghz = kmemdup(&rtw89_sband_6ghz, size, GFP_KERNEL);
3758 		if (!sband_6ghz)
3759 			goto err;
3760 		rtw89_init_he_cap(rtwdev, NL80211_BAND_6GHZ, sband_6ghz);
3761 		hw->wiphy->bands[NL80211_BAND_6GHZ] = sband_6ghz;
3762 	}
3763 
3764 	return 0;
3765 
3766 err:
3767 	hw->wiphy->bands[NL80211_BAND_2GHZ] = NULL;
3768 	hw->wiphy->bands[NL80211_BAND_5GHZ] = NULL;
3769 	hw->wiphy->bands[NL80211_BAND_6GHZ] = NULL;
3770 	if (sband_2ghz)
3771 		kfree((__force void *)sband_2ghz->iftype_data);
3772 	if (sband_5ghz)
3773 		kfree((__force void *)sband_5ghz->iftype_data);
3774 	if (sband_6ghz)
3775 		kfree((__force void *)sband_6ghz->iftype_data);
3776 	kfree(sband_2ghz);
3777 	kfree(sband_5ghz);
3778 	kfree(sband_6ghz);
3779 	return -ENOMEM;
3780 }
3781 
3782 static void rtw89_core_clr_supported_band(struct rtw89_dev *rtwdev)
3783 {
3784 	struct ieee80211_hw *hw = rtwdev->hw;
3785 
3786 	if (hw->wiphy->bands[NL80211_BAND_2GHZ])
3787 		kfree((__force void *)hw->wiphy->bands[NL80211_BAND_2GHZ]->iftype_data);
3788 	if (hw->wiphy->bands[NL80211_BAND_5GHZ])
3789 		kfree((__force void *)hw->wiphy->bands[NL80211_BAND_5GHZ]->iftype_data);
3790 	if (hw->wiphy->bands[NL80211_BAND_6GHZ])
3791 		kfree((__force void *)hw->wiphy->bands[NL80211_BAND_6GHZ]->iftype_data);
3792 	kfree(hw->wiphy->bands[NL80211_BAND_2GHZ]);
3793 	kfree(hw->wiphy->bands[NL80211_BAND_5GHZ]);
3794 	kfree(hw->wiphy->bands[NL80211_BAND_6GHZ]);
3795 	hw->wiphy->bands[NL80211_BAND_2GHZ] = NULL;
3796 	hw->wiphy->bands[NL80211_BAND_5GHZ] = NULL;
3797 	hw->wiphy->bands[NL80211_BAND_6GHZ] = NULL;
3798 }
3799 
3800 static void rtw89_core_ppdu_sts_init(struct rtw89_dev *rtwdev)
3801 {
3802 	int i;
3803 
3804 	for (i = 0; i < RTW89_PHY_MAX; i++)
3805 		skb_queue_head_init(&rtwdev->ppdu_sts.rx_queue[i]);
3806 	for (i = 0; i < RTW89_PHY_MAX; i++)
3807 		rtwdev->ppdu_sts.curr_rx_ppdu_cnt[i] = U8_MAX;
3808 }
3809 
3810 void rtw89_core_update_beacon_work(struct work_struct *work)
3811 {
3812 	struct rtw89_dev *rtwdev;
3813 	struct rtw89_vif *rtwvif = container_of(work, struct rtw89_vif,
3814 						update_beacon_work);
3815 
3816 	if (rtwvif->net_type != RTW89_NET_TYPE_AP_MODE)
3817 		return;
3818 
3819 	rtwdev = rtwvif->rtwdev;
3820 	mutex_lock(&rtwdev->mutex);
3821 	rtw89_fw_h2c_update_beacon(rtwdev, rtwvif);
3822 	mutex_unlock(&rtwdev->mutex);
3823 }
3824 
3825 int rtw89_wait_for_cond(struct rtw89_wait_info *wait, unsigned int cond)
3826 {
3827 	struct completion *cmpl = &wait->completion;
3828 	unsigned long timeout;
3829 	unsigned int cur;
3830 
3831 	cur = atomic_cmpxchg(&wait->cond, RTW89_WAIT_COND_IDLE, cond);
3832 	if (cur != RTW89_WAIT_COND_IDLE)
3833 		return -EBUSY;
3834 
3835 	timeout = wait_for_completion_timeout(cmpl, RTW89_WAIT_FOR_COND_TIMEOUT);
3836 	if (timeout == 0) {
3837 		atomic_set(&wait->cond, RTW89_WAIT_COND_IDLE);
3838 		return -ETIMEDOUT;
3839 	}
3840 
3841 	if (wait->data.err)
3842 		return -EFAULT;
3843 
3844 	return 0;
3845 }
3846 
3847 void rtw89_complete_cond(struct rtw89_wait_info *wait, unsigned int cond,
3848 			 const struct rtw89_completion_data *data)
3849 {
3850 	unsigned int cur;
3851 
3852 	cur = atomic_cmpxchg(&wait->cond, cond, RTW89_WAIT_COND_IDLE);
3853 	if (cur != cond)
3854 		return;
3855 
3856 	wait->data = *data;
3857 	complete(&wait->completion);
3858 }
3859 
3860 void rtw89_core_ntfy_btc_event(struct rtw89_dev *rtwdev, enum rtw89_btc_hmsg event)
3861 {
3862 	u16 bt_req_len;
3863 
3864 	switch (event) {
3865 	case RTW89_BTC_HMSG_SET_BT_REQ_SLOT:
3866 		bt_req_len = rtw89_coex_query_bt_req_len(rtwdev, RTW89_PHY_0);
3867 		rtw89_debug(rtwdev, RTW89_DBG_BTC,
3868 			    "coex updates BT req len to %d TU\n", bt_req_len);
3869 		rtw89_queue_chanctx_change(rtwdev, RTW89_CHANCTX_BT_SLOT_CHANGE);
3870 		break;
3871 	default:
3872 		if (event < NUM_OF_RTW89_BTC_HMSG)
3873 			rtw89_debug(rtwdev, RTW89_DBG_BTC,
3874 				    "unhandled BTC HMSG event: %d\n", event);
3875 		else
3876 			rtw89_warn(rtwdev,
3877 				   "unrecognized BTC HMSG event: %d\n", event);
3878 		break;
3879 	}
3880 }
3881 
3882 int rtw89_core_start(struct rtw89_dev *rtwdev)
3883 {
3884 	int ret;
3885 
3886 	rtwdev->mac.qta_mode = RTW89_QTA_SCC;
3887 	ret = rtw89_mac_init(rtwdev);
3888 	if (ret) {
3889 		rtw89_err(rtwdev, "mac init fail, ret:%d\n", ret);
3890 		return ret;
3891 	}
3892 
3893 	rtw89_btc_ntfy_poweron(rtwdev);
3894 
3895 	/* efuse process */
3896 
3897 	/* pre-config BB/RF, BB reset/RFC reset */
3898 	ret = rtw89_chip_disable_bb_rf(rtwdev);
3899 	if (ret)
3900 		return ret;
3901 	ret = rtw89_chip_enable_bb_rf(rtwdev);
3902 	if (ret)
3903 		return ret;
3904 
3905 	rtw89_phy_init_bb_reg(rtwdev);
3906 	rtw89_phy_init_rf_reg(rtwdev, false);
3907 
3908 	rtw89_btc_ntfy_init(rtwdev, BTC_MODE_NORMAL);
3909 
3910 	rtw89_phy_dm_init(rtwdev);
3911 
3912 	rtw89_mac_cfg_ppdu_status(rtwdev, RTW89_MAC_0, true);
3913 	rtw89_mac_update_rts_threshold(rtwdev, RTW89_MAC_0);
3914 
3915 	rtw89_tas_reset(rtwdev);
3916 
3917 	ret = rtw89_hci_start(rtwdev);
3918 	if (ret) {
3919 		rtw89_err(rtwdev, "failed to start hci\n");
3920 		return ret;
3921 	}
3922 
3923 	ieee80211_queue_delayed_work(rtwdev->hw, &rtwdev->track_work,
3924 				     RTW89_TRACK_WORK_PERIOD);
3925 
3926 	set_bit(RTW89_FLAG_RUNNING, rtwdev->flags);
3927 
3928 	rtw89_btc_ntfy_radio_state(rtwdev, BTC_RFCTRL_WL_ON);
3929 	rtw89_fw_h2c_fw_log(rtwdev, rtwdev->fw.log.enable);
3930 	rtw89_fw_h2c_init_ba_cam(rtwdev);
3931 
3932 	return 0;
3933 }
3934 
3935 void rtw89_core_stop(struct rtw89_dev *rtwdev)
3936 {
3937 	struct rtw89_btc *btc = &rtwdev->btc;
3938 
3939 	/* Prvent to stop twice; enter_ips and ops_stop */
3940 	if (!test_bit(RTW89_FLAG_RUNNING, rtwdev->flags))
3941 		return;
3942 
3943 	rtw89_btc_ntfy_radio_state(rtwdev, BTC_RFCTRL_WL_OFF);
3944 
3945 	clear_bit(RTW89_FLAG_RUNNING, rtwdev->flags);
3946 
3947 	mutex_unlock(&rtwdev->mutex);
3948 
3949 	cancel_work_sync(&rtwdev->c2h_work);
3950 	cancel_work_sync(&rtwdev->cancel_6ghz_probe_work);
3951 	cancel_work_sync(&btc->eapol_notify_work);
3952 	cancel_work_sync(&btc->arp_notify_work);
3953 	cancel_work_sync(&btc->dhcp_notify_work);
3954 	cancel_work_sync(&btc->icmp_notify_work);
3955 	cancel_delayed_work_sync(&rtwdev->txq_reinvoke_work);
3956 	cancel_delayed_work_sync(&rtwdev->track_work);
3957 	cancel_delayed_work_sync(&rtwdev->chanctx_work);
3958 	cancel_delayed_work_sync(&rtwdev->coex_act1_work);
3959 	cancel_delayed_work_sync(&rtwdev->coex_bt_devinfo_work);
3960 	cancel_delayed_work_sync(&rtwdev->coex_rfk_chk_work);
3961 	cancel_delayed_work_sync(&rtwdev->cfo_track_work);
3962 	cancel_delayed_work_sync(&rtwdev->forbid_ba_work);
3963 	cancel_delayed_work_sync(&rtwdev->antdiv_work);
3964 
3965 	mutex_lock(&rtwdev->mutex);
3966 
3967 	rtw89_btc_ntfy_poweroff(rtwdev);
3968 	rtw89_hci_flush_queues(rtwdev, BIT(rtwdev->hw->queues) - 1, true);
3969 	rtw89_mac_flush_txq(rtwdev, BIT(rtwdev->hw->queues) - 1, true);
3970 	rtw89_hci_stop(rtwdev);
3971 	rtw89_hci_deinit(rtwdev);
3972 	rtw89_mac_pwr_off(rtwdev);
3973 	rtw89_hci_reset(rtwdev);
3974 }
3975 
3976 int rtw89_core_init(struct rtw89_dev *rtwdev)
3977 {
3978 	struct rtw89_btc *btc = &rtwdev->btc;
3979 	u8 band;
3980 
3981 	INIT_LIST_HEAD(&rtwdev->ba_list);
3982 	INIT_LIST_HEAD(&rtwdev->forbid_ba_list);
3983 	INIT_LIST_HEAD(&rtwdev->rtwvifs_list);
3984 	INIT_LIST_HEAD(&rtwdev->early_h2c_list);
3985 	for (band = NL80211_BAND_2GHZ; band < NUM_NL80211_BANDS; band++) {
3986 		if (!(rtwdev->chip->support_bands & BIT(band)))
3987 			continue;
3988 		INIT_LIST_HEAD(&rtwdev->scan_info.pkt_list[band]);
3989 	}
3990 	INIT_WORK(&rtwdev->ba_work, rtw89_core_ba_work);
3991 	INIT_WORK(&rtwdev->txq_work, rtw89_core_txq_work);
3992 	INIT_DELAYED_WORK(&rtwdev->txq_reinvoke_work, rtw89_core_txq_reinvoke_work);
3993 	INIT_DELAYED_WORK(&rtwdev->track_work, rtw89_track_work);
3994 	INIT_DELAYED_WORK(&rtwdev->chanctx_work, rtw89_chanctx_work);
3995 	INIT_DELAYED_WORK(&rtwdev->coex_act1_work, rtw89_coex_act1_work);
3996 	INIT_DELAYED_WORK(&rtwdev->coex_bt_devinfo_work, rtw89_coex_bt_devinfo_work);
3997 	INIT_DELAYED_WORK(&rtwdev->coex_rfk_chk_work, rtw89_coex_rfk_chk_work);
3998 	INIT_DELAYED_WORK(&rtwdev->cfo_track_work, rtw89_phy_cfo_track_work);
3999 	INIT_DELAYED_WORK(&rtwdev->forbid_ba_work, rtw89_forbid_ba_work);
4000 	INIT_DELAYED_WORK(&rtwdev->antdiv_work, rtw89_phy_antdiv_work);
4001 	rtwdev->txq_wq = alloc_workqueue("rtw89_tx_wq", WQ_UNBOUND | WQ_HIGHPRI, 0);
4002 	if (!rtwdev->txq_wq)
4003 		return -ENOMEM;
4004 	spin_lock_init(&rtwdev->ba_lock);
4005 	spin_lock_init(&rtwdev->rpwm_lock);
4006 	mutex_init(&rtwdev->mutex);
4007 	mutex_init(&rtwdev->rf_mutex);
4008 	rtwdev->total_sta_assoc = 0;
4009 
4010 	rtw89_init_wait(&rtwdev->mcc.wait);
4011 	rtw89_init_wait(&rtwdev->mac.fw_ofld_wait);
4012 
4013 	INIT_WORK(&rtwdev->c2h_work, rtw89_fw_c2h_work);
4014 	INIT_WORK(&rtwdev->ips_work, rtw89_ips_work);
4015 	INIT_WORK(&rtwdev->load_firmware_work, rtw89_load_firmware_work);
4016 	INIT_WORK(&rtwdev->cancel_6ghz_probe_work, rtw89_cancel_6ghz_probe_work);
4017 
4018 	skb_queue_head_init(&rtwdev->c2h_queue);
4019 	rtw89_core_ppdu_sts_init(rtwdev);
4020 	rtw89_traffic_stats_init(rtwdev, &rtwdev->stats);
4021 
4022 	rtwdev->hal.rx_fltr = DEFAULT_AX_RX_FLTR;
4023 
4024 	INIT_WORK(&btc->eapol_notify_work, rtw89_btc_ntfy_eapol_packet_work);
4025 	INIT_WORK(&btc->arp_notify_work, rtw89_btc_ntfy_arp_packet_work);
4026 	INIT_WORK(&btc->dhcp_notify_work, rtw89_btc_ntfy_dhcp_packet_work);
4027 	INIT_WORK(&btc->icmp_notify_work, rtw89_btc_ntfy_icmp_packet_work);
4028 
4029 	init_completion(&rtwdev->fw.req.completion);
4030 
4031 	schedule_work(&rtwdev->load_firmware_work);
4032 
4033 	rtw89_ser_init(rtwdev);
4034 	rtw89_entity_init(rtwdev);
4035 	rtw89_tas_init(rtwdev);
4036 
4037 	return 0;
4038 }
4039 EXPORT_SYMBOL(rtw89_core_init);
4040 
4041 void rtw89_core_deinit(struct rtw89_dev *rtwdev)
4042 {
4043 	rtw89_ser_deinit(rtwdev);
4044 	rtw89_unload_firmware(rtwdev);
4045 	rtw89_fw_free_all_early_h2c(rtwdev);
4046 
4047 	destroy_workqueue(rtwdev->txq_wq);
4048 	mutex_destroy(&rtwdev->rf_mutex);
4049 	mutex_destroy(&rtwdev->mutex);
4050 }
4051 EXPORT_SYMBOL(rtw89_core_deinit);
4052 
4053 void rtw89_core_scan_start(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif,
4054 			   const u8 *mac_addr, bool hw_scan)
4055 {
4056 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev,
4057 						       rtwvif->sub_entity_idx);
4058 
4059 	rtwdev->scanning = true;
4060 	rtw89_leave_lps(rtwdev);
4061 	if (hw_scan)
4062 		rtw89_leave_ips_by_hwflags(rtwdev);
4063 
4064 	ether_addr_copy(rtwvif->mac_addr, mac_addr);
4065 	rtw89_btc_ntfy_scan_start(rtwdev, RTW89_PHY_0, chan->band_type);
4066 	rtw89_chip_rfk_scan(rtwdev, true);
4067 	rtw89_hci_recalc_int_mit(rtwdev);
4068 	rtw89_phy_config_edcca(rtwdev, true);
4069 
4070 	rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, mac_addr);
4071 }
4072 
4073 void rtw89_core_scan_complete(struct rtw89_dev *rtwdev,
4074 			      struct ieee80211_vif *vif, bool hw_scan)
4075 {
4076 	struct rtw89_vif *rtwvif = vif ? (struct rtw89_vif *)vif->drv_priv : NULL;
4077 
4078 	if (!rtwvif)
4079 		return;
4080 
4081 	ether_addr_copy(rtwvif->mac_addr, vif->addr);
4082 	rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, NULL);
4083 
4084 	rtw89_chip_rfk_scan(rtwdev, false);
4085 	rtw89_btc_ntfy_scan_finish(rtwdev, RTW89_PHY_0);
4086 	rtw89_phy_config_edcca(rtwdev, false);
4087 
4088 	rtwdev->scanning = false;
4089 	rtwdev->dig.bypass_dig = true;
4090 	if (hw_scan && (rtwdev->hw->conf.flags & IEEE80211_CONF_IDLE))
4091 		ieee80211_queue_work(rtwdev->hw, &rtwdev->ips_work);
4092 }
4093 
4094 static void rtw89_read_chip_ver(struct rtw89_dev *rtwdev)
4095 {
4096 	const struct rtw89_chip_info *chip = rtwdev->chip;
4097 	int ret;
4098 	u8 val;
4099 	u8 cv;
4100 
4101 	cv = rtw89_read32_mask(rtwdev, R_AX_SYS_CFG1, B_AX_CHIP_VER_MASK);
4102 	if (chip->chip_id == RTL8852A && cv <= CHIP_CBV) {
4103 		if (rtw89_read32(rtwdev, R_AX_GPIO0_7_FUNC_SEL) == RTW89_R32_DEAD)
4104 			cv = CHIP_CAV;
4105 		else
4106 			cv = CHIP_CBV;
4107 	}
4108 
4109 	rtwdev->hal.cv = cv;
4110 
4111 	if (chip->chip_id == RTL8852B || chip->chip_id == RTL8851B) {
4112 		ret = rtw89_mac_read_xtal_si(rtwdev, XTAL_SI_CV, &val);
4113 		if (ret)
4114 			return;
4115 
4116 		rtwdev->hal.acv = u8_get_bits(val, XTAL_SI_ACV_MASK);
4117 	}
4118 }
4119 
4120 static void rtw89_core_setup_phycap(struct rtw89_dev *rtwdev)
4121 {
4122 	rtwdev->hal.support_cckpd =
4123 		!(rtwdev->chip->chip_id == RTL8852A && rtwdev->hal.cv <= CHIP_CBV) &&
4124 		!(rtwdev->chip->chip_id == RTL8852B && rtwdev->hal.cv <= CHIP_CAV);
4125 	rtwdev->hal.support_igi =
4126 		rtwdev->chip->chip_id == RTL8852A && rtwdev->hal.cv <= CHIP_CBV;
4127 }
4128 
4129 static void rtw89_core_setup_rfe_parms(struct rtw89_dev *rtwdev)
4130 {
4131 	const struct rtw89_chip_info *chip = rtwdev->chip;
4132 	const struct rtw89_rfe_parms_conf *conf = chip->rfe_parms_conf;
4133 	struct rtw89_efuse *efuse = &rtwdev->efuse;
4134 	const struct rtw89_rfe_parms *sel;
4135 	u8 rfe_type = efuse->rfe_type;
4136 
4137 	if (!conf) {
4138 		sel = chip->dflt_parms;
4139 		goto out;
4140 	}
4141 
4142 	while (conf->rfe_parms) {
4143 		if (rfe_type == conf->rfe_type) {
4144 			sel = conf->rfe_parms;
4145 			goto out;
4146 		}
4147 		conf++;
4148 	}
4149 
4150 	sel = chip->dflt_parms;
4151 
4152 out:
4153 	rtwdev->rfe_parms = rtw89_load_rfe_data_from_fw(rtwdev, sel);
4154 	rtw89_load_txpwr_table(rtwdev, rtwdev->rfe_parms->byr_tbl);
4155 }
4156 
4157 static int rtw89_chip_efuse_info_setup(struct rtw89_dev *rtwdev)
4158 {
4159 	int ret;
4160 
4161 	ret = rtw89_mac_partial_init(rtwdev, false);
4162 	if (ret)
4163 		return ret;
4164 
4165 	ret = rtw89_parse_efuse_map(rtwdev);
4166 	if (ret)
4167 		return ret;
4168 
4169 	ret = rtw89_parse_phycap_map(rtwdev);
4170 	if (ret)
4171 		return ret;
4172 
4173 	ret = rtw89_mac_setup_phycap(rtwdev);
4174 	if (ret)
4175 		return ret;
4176 
4177 	rtw89_core_setup_phycap(rtwdev);
4178 
4179 	rtw89_mac_pwr_off(rtwdev);
4180 
4181 	return 0;
4182 }
4183 
4184 static int rtw89_chip_board_info_setup(struct rtw89_dev *rtwdev)
4185 {
4186 	rtw89_chip_fem_setup(rtwdev);
4187 
4188 	return 0;
4189 }
4190 
4191 int rtw89_chip_info_setup(struct rtw89_dev *rtwdev)
4192 {
4193 	int ret;
4194 
4195 	rtw89_read_chip_ver(rtwdev);
4196 
4197 	ret = rtw89_wait_firmware_completion(rtwdev);
4198 	if (ret) {
4199 		rtw89_err(rtwdev, "failed to wait firmware completion\n");
4200 		return ret;
4201 	}
4202 
4203 	ret = rtw89_fw_recognize(rtwdev);
4204 	if (ret) {
4205 		rtw89_err(rtwdev, "failed to recognize firmware\n");
4206 		return ret;
4207 	}
4208 
4209 	ret = rtw89_chip_efuse_info_setup(rtwdev);
4210 	if (ret)
4211 		return ret;
4212 
4213 	ret = rtw89_fw_recognize_elements(rtwdev);
4214 	if (ret) {
4215 		rtw89_err(rtwdev, "failed to recognize firmware elements\n");
4216 		return ret;
4217 	}
4218 
4219 	ret = rtw89_chip_board_info_setup(rtwdev);
4220 	if (ret)
4221 		return ret;
4222 
4223 	rtw89_core_setup_rfe_parms(rtwdev);
4224 	rtwdev->ps_mode = rtw89_update_ps_mode(rtwdev);
4225 
4226 	return 0;
4227 }
4228 EXPORT_SYMBOL(rtw89_chip_info_setup);
4229 
4230 static int rtw89_core_register_hw(struct rtw89_dev *rtwdev)
4231 {
4232 	struct ieee80211_hw *hw = rtwdev->hw;
4233 	struct rtw89_efuse *efuse = &rtwdev->efuse;
4234 	struct rtw89_hal *hal = &rtwdev->hal;
4235 	int ret;
4236 	int tx_headroom = IEEE80211_HT_CTL_LEN;
4237 
4238 	hw->vif_data_size = sizeof(struct rtw89_vif);
4239 	hw->sta_data_size = sizeof(struct rtw89_sta);
4240 	hw->txq_data_size = sizeof(struct rtw89_txq);
4241 	hw->chanctx_data_size = sizeof(struct rtw89_chanctx_cfg);
4242 
4243 	SET_IEEE80211_PERM_ADDR(hw, efuse->addr);
4244 
4245 	hw->extra_tx_headroom = tx_headroom;
4246 	hw->queues = IEEE80211_NUM_ACS;
4247 	hw->max_rx_aggregation_subframes = RTW89_MAX_RX_AGG_NUM;
4248 	hw->max_tx_aggregation_subframes = RTW89_MAX_TX_AGG_NUM;
4249 	hw->uapsd_max_sp_len = IEEE80211_WMM_IE_STA_QOSINFO_SP_ALL;
4250 
4251 	ieee80211_hw_set(hw, SIGNAL_DBM);
4252 	ieee80211_hw_set(hw, HAS_RATE_CONTROL);
4253 	ieee80211_hw_set(hw, MFP_CAPABLE);
4254 	ieee80211_hw_set(hw, REPORTS_TX_ACK_STATUS);
4255 	ieee80211_hw_set(hw, AMPDU_AGGREGATION);
4256 	ieee80211_hw_set(hw, RX_INCLUDES_FCS);
4257 	ieee80211_hw_set(hw, TX_AMSDU);
4258 	ieee80211_hw_set(hw, SUPPORT_FAST_XMIT);
4259 	ieee80211_hw_set(hw, SUPPORTS_AMSDU_IN_AMPDU);
4260 	ieee80211_hw_set(hw, SUPPORTS_PS);
4261 	ieee80211_hw_set(hw, SUPPORTS_DYNAMIC_PS);
4262 	ieee80211_hw_set(hw, SINGLE_SCAN_ON_ALL_BANDS);
4263 	ieee80211_hw_set(hw, SUPPORTS_MULTI_BSSID);
4264 	ieee80211_hw_set(hw, WANT_MONITOR_VIF);
4265 
4266 	/* ref: description of rtw89_mcc_get_tbtt_ofst() in chan.c */
4267 	ieee80211_hw_set(hw, TIMING_BEACON_ONLY);
4268 
4269 	if (RTW89_CHK_FW_FEATURE(BEACON_FILTER, &rtwdev->fw))
4270 		ieee80211_hw_set(hw, CONNECTION_MONITOR);
4271 
4272 	hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
4273 				     BIT(NL80211_IFTYPE_AP) |
4274 				     BIT(NL80211_IFTYPE_P2P_CLIENT) |
4275 				     BIT(NL80211_IFTYPE_P2P_GO);
4276 
4277 	if (hal->ant_diversity) {
4278 		hw->wiphy->available_antennas_tx = 0x3;
4279 		hw->wiphy->available_antennas_rx = 0x3;
4280 	} else {
4281 		hw->wiphy->available_antennas_tx = BIT(rtwdev->chip->rf_path_num) - 1;
4282 		hw->wiphy->available_antennas_rx = BIT(rtwdev->chip->rf_path_num) - 1;
4283 	}
4284 
4285 	hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS |
4286 			    WIPHY_FLAG_TDLS_EXTERNAL_SETUP |
4287 			    WIPHY_FLAG_AP_UAPSD | WIPHY_FLAG_SPLIT_SCAN_6GHZ;
4288 	hw->wiphy->features |= NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
4289 
4290 	hw->wiphy->max_scan_ssids = RTW89_SCANOFLD_MAX_SSID;
4291 	hw->wiphy->max_scan_ie_len = RTW89_SCANOFLD_MAX_IE_LEN;
4292 
4293 #ifdef CONFIG_PM
4294 	hw->wiphy->wowlan = rtwdev->chip->wowlan_stub;
4295 #endif
4296 
4297 	hw->wiphy->tid_config_support.vif |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
4298 	hw->wiphy->tid_config_support.peer |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
4299 	hw->wiphy->tid_config_support.vif |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
4300 	hw->wiphy->tid_config_support.peer |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
4301 	hw->wiphy->max_remain_on_channel_duration = 1000;
4302 
4303 	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CAN_REPLACE_PTK0);
4304 
4305 	ret = rtw89_core_set_supported_band(rtwdev);
4306 	if (ret) {
4307 		rtw89_err(rtwdev, "failed to set supported band\n");
4308 		return ret;
4309 	}
4310 
4311 	ret = rtw89_regd_setup(rtwdev);
4312 	if (ret) {
4313 		rtw89_err(rtwdev, "failed to set up regd\n");
4314 		goto err_free_supported_band;
4315 	}
4316 
4317 	hw->wiphy->sar_capa = &rtw89_sar_capa;
4318 
4319 	ret = ieee80211_register_hw(hw);
4320 	if (ret) {
4321 		rtw89_err(rtwdev, "failed to register hw\n");
4322 		goto err_free_supported_band;
4323 	}
4324 
4325 	ret = rtw89_regd_init(rtwdev, rtw89_regd_notifier);
4326 	if (ret) {
4327 		rtw89_err(rtwdev, "failed to init regd\n");
4328 		goto err_unregister_hw;
4329 	}
4330 
4331 	return 0;
4332 
4333 err_unregister_hw:
4334 	ieee80211_unregister_hw(hw);
4335 err_free_supported_band:
4336 	rtw89_core_clr_supported_band(rtwdev);
4337 
4338 	return ret;
4339 }
4340 
4341 static void rtw89_core_unregister_hw(struct rtw89_dev *rtwdev)
4342 {
4343 	struct ieee80211_hw *hw = rtwdev->hw;
4344 
4345 	ieee80211_unregister_hw(hw);
4346 	rtw89_core_clr_supported_band(rtwdev);
4347 }
4348 
4349 int rtw89_core_register(struct rtw89_dev *rtwdev)
4350 {
4351 	int ret;
4352 
4353 	ret = rtw89_core_register_hw(rtwdev);
4354 	if (ret) {
4355 		rtw89_err(rtwdev, "failed to register core hw\n");
4356 		return ret;
4357 	}
4358 
4359 	rtw89_debugfs_init(rtwdev);
4360 
4361 	return 0;
4362 }
4363 EXPORT_SYMBOL(rtw89_core_register);
4364 
4365 void rtw89_core_unregister(struct rtw89_dev *rtwdev)
4366 {
4367 	rtw89_core_unregister_hw(rtwdev);
4368 }
4369 EXPORT_SYMBOL(rtw89_core_unregister);
4370 
4371 struct rtw89_dev *rtw89_alloc_ieee80211_hw(struct device *device,
4372 					   u32 bus_data_size,
4373 					   const struct rtw89_chip_info *chip)
4374 {
4375 	struct rtw89_fw_info early_fw = {};
4376 	const struct firmware *firmware;
4377 	struct ieee80211_hw *hw;
4378 	struct rtw89_dev *rtwdev;
4379 	struct ieee80211_ops *ops;
4380 	u32 driver_data_size;
4381 	int fw_format = -1;
4382 	bool no_chanctx;
4383 
4384 	firmware = rtw89_early_fw_feature_recognize(device, chip, &early_fw, &fw_format);
4385 
4386 	ops = kmemdup(&rtw89_ops, sizeof(rtw89_ops), GFP_KERNEL);
4387 	if (!ops)
4388 		goto err;
4389 
4390 	no_chanctx = chip->support_chanctx_num == 0 ||
4391 		     !RTW89_CHK_FW_FEATURE(SCAN_OFFLOAD, &early_fw) ||
4392 		     !RTW89_CHK_FW_FEATURE(BEACON_FILTER, &early_fw);
4393 
4394 	if (no_chanctx) {
4395 		ops->add_chanctx = NULL;
4396 		ops->remove_chanctx = NULL;
4397 		ops->change_chanctx = NULL;
4398 		ops->assign_vif_chanctx = NULL;
4399 		ops->unassign_vif_chanctx = NULL;
4400 		ops->remain_on_channel = NULL;
4401 		ops->cancel_remain_on_channel = NULL;
4402 	}
4403 
4404 	driver_data_size = sizeof(struct rtw89_dev) + bus_data_size;
4405 	hw = ieee80211_alloc_hw(driver_data_size, ops);
4406 	if (!hw)
4407 		goto err;
4408 
4409 	hw->wiphy->iface_combinations = rtw89_iface_combs;
4410 
4411 	if (no_chanctx || chip->support_chanctx_num == 1)
4412 		hw->wiphy->n_iface_combinations = 1;
4413 	else
4414 		hw->wiphy->n_iface_combinations = ARRAY_SIZE(rtw89_iface_combs);
4415 
4416 	rtwdev = hw->priv;
4417 	rtwdev->hw = hw;
4418 	rtwdev->dev = device;
4419 	rtwdev->ops = ops;
4420 	rtwdev->chip = chip;
4421 	rtwdev->fw.req.firmware = firmware;
4422 	rtwdev->fw.fw_format = fw_format;
4423 
4424 	rtw89_debug(rtwdev, RTW89_DBG_FW, "probe driver %s chanctx\n",
4425 		    no_chanctx ? "without" : "with");
4426 
4427 	return rtwdev;
4428 
4429 err:
4430 	kfree(ops);
4431 	release_firmware(firmware);
4432 	return NULL;
4433 }
4434 EXPORT_SYMBOL(rtw89_alloc_ieee80211_hw);
4435 
4436 void rtw89_free_ieee80211_hw(struct rtw89_dev *rtwdev)
4437 {
4438 	kfree(rtwdev->ops);
4439 	kfree(rtwdev->rfe_data);
4440 	release_firmware(rtwdev->fw.req.firmware);
4441 	ieee80211_free_hw(rtwdev->hw);
4442 }
4443 EXPORT_SYMBOL(rtw89_free_ieee80211_hw);
4444 
4445 MODULE_AUTHOR("Realtek Corporation");
4446 MODULE_DESCRIPTION("Realtek 802.11ax wireless core module");
4447 MODULE_LICENSE("Dual BSD/GPL");
4448