xref: /linux/drivers/net/wireless/realtek/rtw89/core.c (revision 89713ce5518eda6b370c7a17edbcab4f97a39f68)
1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
2 /* Copyright(c) 2019-2020  Realtek Corporation
3  */
4 #include <linux/ip.h>
5 #include <linux/udp.h>
6 
7 #include "cam.h"
8 #include "chan.h"
9 #include "coex.h"
10 #include "core.h"
11 #include "efuse.h"
12 #include "fw.h"
13 #include "mac.h"
14 #include "phy.h"
15 #include "ps.h"
16 #include "reg.h"
17 #include "sar.h"
18 #include "ser.h"
19 #include "txrx.h"
20 #include "util.h"
21 #include "wow.h"
22 
23 static bool rtw89_disable_ps_mode;
24 module_param_named(disable_ps_mode, rtw89_disable_ps_mode, bool, 0644);
25 MODULE_PARM_DESC(disable_ps_mode, "Set Y to disable low power mode");
26 
27 #define RTW89_DEF_CHAN(_freq, _hw_val, _flags, _band)	\
28 	{ .center_freq = _freq, .hw_value = _hw_val, .flags = _flags, .band = _band, }
29 #define RTW89_DEF_CHAN_2G(_freq, _hw_val)	\
30 	RTW89_DEF_CHAN(_freq, _hw_val, 0, NL80211_BAND_2GHZ)
31 #define RTW89_DEF_CHAN_5G(_freq, _hw_val)	\
32 	RTW89_DEF_CHAN(_freq, _hw_val, 0, NL80211_BAND_5GHZ)
33 #define RTW89_DEF_CHAN_5G_NO_HT40MINUS(_freq, _hw_val)	\
34 	RTW89_DEF_CHAN(_freq, _hw_val, IEEE80211_CHAN_NO_HT40MINUS, NL80211_BAND_5GHZ)
35 #define RTW89_DEF_CHAN_6G(_freq, _hw_val)	\
36 	RTW89_DEF_CHAN(_freq, _hw_val, 0, NL80211_BAND_6GHZ)
37 
38 static struct ieee80211_channel rtw89_channels_2ghz[] = {
39 	RTW89_DEF_CHAN_2G(2412, 1),
40 	RTW89_DEF_CHAN_2G(2417, 2),
41 	RTW89_DEF_CHAN_2G(2422, 3),
42 	RTW89_DEF_CHAN_2G(2427, 4),
43 	RTW89_DEF_CHAN_2G(2432, 5),
44 	RTW89_DEF_CHAN_2G(2437, 6),
45 	RTW89_DEF_CHAN_2G(2442, 7),
46 	RTW89_DEF_CHAN_2G(2447, 8),
47 	RTW89_DEF_CHAN_2G(2452, 9),
48 	RTW89_DEF_CHAN_2G(2457, 10),
49 	RTW89_DEF_CHAN_2G(2462, 11),
50 	RTW89_DEF_CHAN_2G(2467, 12),
51 	RTW89_DEF_CHAN_2G(2472, 13),
52 	RTW89_DEF_CHAN_2G(2484, 14),
53 };
54 
55 static struct ieee80211_channel rtw89_channels_5ghz[] = {
56 	RTW89_DEF_CHAN_5G(5180, 36),
57 	RTW89_DEF_CHAN_5G(5200, 40),
58 	RTW89_DEF_CHAN_5G(5220, 44),
59 	RTW89_DEF_CHAN_5G(5240, 48),
60 	RTW89_DEF_CHAN_5G(5260, 52),
61 	RTW89_DEF_CHAN_5G(5280, 56),
62 	RTW89_DEF_CHAN_5G(5300, 60),
63 	RTW89_DEF_CHAN_5G(5320, 64),
64 	RTW89_DEF_CHAN_5G(5500, 100),
65 	RTW89_DEF_CHAN_5G(5520, 104),
66 	RTW89_DEF_CHAN_5G(5540, 108),
67 	RTW89_DEF_CHAN_5G(5560, 112),
68 	RTW89_DEF_CHAN_5G(5580, 116),
69 	RTW89_DEF_CHAN_5G(5600, 120),
70 	RTW89_DEF_CHAN_5G(5620, 124),
71 	RTW89_DEF_CHAN_5G(5640, 128),
72 	RTW89_DEF_CHAN_5G(5660, 132),
73 	RTW89_DEF_CHAN_5G(5680, 136),
74 	RTW89_DEF_CHAN_5G(5700, 140),
75 	RTW89_DEF_CHAN_5G(5720, 144),
76 	RTW89_DEF_CHAN_5G(5745, 149),
77 	RTW89_DEF_CHAN_5G(5765, 153),
78 	RTW89_DEF_CHAN_5G(5785, 157),
79 	RTW89_DEF_CHAN_5G(5805, 161),
80 	RTW89_DEF_CHAN_5G_NO_HT40MINUS(5825, 165),
81 	RTW89_DEF_CHAN_5G(5845, 169),
82 	RTW89_DEF_CHAN_5G(5865, 173),
83 	RTW89_DEF_CHAN_5G(5885, 177),
84 };
85 
86 static_assert(RTW89_5GHZ_UNII4_START_INDEX + RTW89_5GHZ_UNII4_CHANNEL_NUM ==
87 	      ARRAY_SIZE(rtw89_channels_5ghz));
88 
89 static struct ieee80211_channel rtw89_channels_6ghz[] = {
90 	RTW89_DEF_CHAN_6G(5955, 1),
91 	RTW89_DEF_CHAN_6G(5975, 5),
92 	RTW89_DEF_CHAN_6G(5995, 9),
93 	RTW89_DEF_CHAN_6G(6015, 13),
94 	RTW89_DEF_CHAN_6G(6035, 17),
95 	RTW89_DEF_CHAN_6G(6055, 21),
96 	RTW89_DEF_CHAN_6G(6075, 25),
97 	RTW89_DEF_CHAN_6G(6095, 29),
98 	RTW89_DEF_CHAN_6G(6115, 33),
99 	RTW89_DEF_CHAN_6G(6135, 37),
100 	RTW89_DEF_CHAN_6G(6155, 41),
101 	RTW89_DEF_CHAN_6G(6175, 45),
102 	RTW89_DEF_CHAN_6G(6195, 49),
103 	RTW89_DEF_CHAN_6G(6215, 53),
104 	RTW89_DEF_CHAN_6G(6235, 57),
105 	RTW89_DEF_CHAN_6G(6255, 61),
106 	RTW89_DEF_CHAN_6G(6275, 65),
107 	RTW89_DEF_CHAN_6G(6295, 69),
108 	RTW89_DEF_CHAN_6G(6315, 73),
109 	RTW89_DEF_CHAN_6G(6335, 77),
110 	RTW89_DEF_CHAN_6G(6355, 81),
111 	RTW89_DEF_CHAN_6G(6375, 85),
112 	RTW89_DEF_CHAN_6G(6395, 89),
113 	RTW89_DEF_CHAN_6G(6415, 93),
114 	RTW89_DEF_CHAN_6G(6435, 97),
115 	RTW89_DEF_CHAN_6G(6455, 101),
116 	RTW89_DEF_CHAN_6G(6475, 105),
117 	RTW89_DEF_CHAN_6G(6495, 109),
118 	RTW89_DEF_CHAN_6G(6515, 113),
119 	RTW89_DEF_CHAN_6G(6535, 117),
120 	RTW89_DEF_CHAN_6G(6555, 121),
121 	RTW89_DEF_CHAN_6G(6575, 125),
122 	RTW89_DEF_CHAN_6G(6595, 129),
123 	RTW89_DEF_CHAN_6G(6615, 133),
124 	RTW89_DEF_CHAN_6G(6635, 137),
125 	RTW89_DEF_CHAN_6G(6655, 141),
126 	RTW89_DEF_CHAN_6G(6675, 145),
127 	RTW89_DEF_CHAN_6G(6695, 149),
128 	RTW89_DEF_CHAN_6G(6715, 153),
129 	RTW89_DEF_CHAN_6G(6735, 157),
130 	RTW89_DEF_CHAN_6G(6755, 161),
131 	RTW89_DEF_CHAN_6G(6775, 165),
132 	RTW89_DEF_CHAN_6G(6795, 169),
133 	RTW89_DEF_CHAN_6G(6815, 173),
134 	RTW89_DEF_CHAN_6G(6835, 177),
135 	RTW89_DEF_CHAN_6G(6855, 181),
136 	RTW89_DEF_CHAN_6G(6875, 185),
137 	RTW89_DEF_CHAN_6G(6895, 189),
138 	RTW89_DEF_CHAN_6G(6915, 193),
139 	RTW89_DEF_CHAN_6G(6935, 197),
140 	RTW89_DEF_CHAN_6G(6955, 201),
141 	RTW89_DEF_CHAN_6G(6975, 205),
142 	RTW89_DEF_CHAN_6G(6995, 209),
143 	RTW89_DEF_CHAN_6G(7015, 213),
144 	RTW89_DEF_CHAN_6G(7035, 217),
145 	RTW89_DEF_CHAN_6G(7055, 221),
146 	RTW89_DEF_CHAN_6G(7075, 225),
147 	RTW89_DEF_CHAN_6G(7095, 229),
148 	RTW89_DEF_CHAN_6G(7115, 233),
149 };
150 
151 static struct ieee80211_rate rtw89_bitrates[] = {
152 	{ .bitrate = 10,  .hw_value = 0x00, },
153 	{ .bitrate = 20,  .hw_value = 0x01, },
154 	{ .bitrate = 55,  .hw_value = 0x02, },
155 	{ .bitrate = 110, .hw_value = 0x03, },
156 	{ .bitrate = 60,  .hw_value = 0x04, },
157 	{ .bitrate = 90,  .hw_value = 0x05, },
158 	{ .bitrate = 120, .hw_value = 0x06, },
159 	{ .bitrate = 180, .hw_value = 0x07, },
160 	{ .bitrate = 240, .hw_value = 0x08, },
161 	{ .bitrate = 360, .hw_value = 0x09, },
162 	{ .bitrate = 480, .hw_value = 0x0a, },
163 	{ .bitrate = 540, .hw_value = 0x0b, },
164 };
165 
166 static const struct ieee80211_iface_limit rtw89_iface_limits[] = {
167 	{
168 		.max = 1,
169 		.types = BIT(NL80211_IFTYPE_STATION),
170 	},
171 	{
172 		.max = 1,
173 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT) |
174 			 BIT(NL80211_IFTYPE_P2P_GO) |
175 			 BIT(NL80211_IFTYPE_AP),
176 	},
177 };
178 
179 static const struct ieee80211_iface_limit rtw89_iface_limits_mcc[] = {
180 	{
181 		.max = 1,
182 		.types = BIT(NL80211_IFTYPE_STATION),
183 	},
184 	{
185 		.max = 1,
186 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT) |
187 			 BIT(NL80211_IFTYPE_P2P_GO),
188 	},
189 };
190 
191 static const struct ieee80211_iface_combination rtw89_iface_combs[] = {
192 	{
193 		.limits = rtw89_iface_limits,
194 		.n_limits = ARRAY_SIZE(rtw89_iface_limits),
195 		.max_interfaces = 2,
196 		.num_different_channels = 1,
197 	},
198 	{
199 		.limits = rtw89_iface_limits_mcc,
200 		.n_limits = ARRAY_SIZE(rtw89_iface_limits_mcc),
201 		.max_interfaces = 2,
202 		.num_different_channels = 2,
203 	},
204 };
205 
206 bool rtw89_ra_report_to_bitrate(struct rtw89_dev *rtwdev, u8 rpt_rate, u16 *bitrate)
207 {
208 	struct ieee80211_rate rate;
209 
210 	if (unlikely(rpt_rate >= ARRAY_SIZE(rtw89_bitrates))) {
211 		rtw89_debug(rtwdev, RTW89_DBG_UNEXP, "invalid rpt rate %d\n", rpt_rate);
212 		return false;
213 	}
214 
215 	rate = rtw89_bitrates[rpt_rate];
216 	*bitrate = rate.bitrate;
217 
218 	return true;
219 }
220 
221 static const struct ieee80211_supported_band rtw89_sband_2ghz = {
222 	.band		= NL80211_BAND_2GHZ,
223 	.channels	= rtw89_channels_2ghz,
224 	.n_channels	= ARRAY_SIZE(rtw89_channels_2ghz),
225 	.bitrates	= rtw89_bitrates,
226 	.n_bitrates	= ARRAY_SIZE(rtw89_bitrates),
227 	.ht_cap		= {0},
228 	.vht_cap	= {0},
229 };
230 
231 static const struct ieee80211_supported_band rtw89_sband_5ghz = {
232 	.band		= NL80211_BAND_5GHZ,
233 	.channels	= rtw89_channels_5ghz,
234 	.n_channels	= ARRAY_SIZE(rtw89_channels_5ghz),
235 
236 	/* 5G has no CCK rates, 1M/2M/5.5M/11M */
237 	.bitrates	= rtw89_bitrates + 4,
238 	.n_bitrates	= ARRAY_SIZE(rtw89_bitrates) - 4,
239 	.ht_cap		= {0},
240 	.vht_cap	= {0},
241 };
242 
243 static const struct ieee80211_supported_band rtw89_sband_6ghz = {
244 	.band		= NL80211_BAND_6GHZ,
245 	.channels	= rtw89_channels_6ghz,
246 	.n_channels	= ARRAY_SIZE(rtw89_channels_6ghz),
247 
248 	/* 6G has no CCK rates, 1M/2M/5.5M/11M */
249 	.bitrates	= rtw89_bitrates + 4,
250 	.n_bitrates	= ARRAY_SIZE(rtw89_bitrates) - 4,
251 };
252 
253 static void rtw89_traffic_stats_accu(struct rtw89_dev *rtwdev,
254 				     struct rtw89_traffic_stats *stats,
255 				     struct sk_buff *skb, bool tx)
256 {
257 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
258 
259 	if (tx && ieee80211_is_assoc_req(hdr->frame_control))
260 		rtw89_wow_parse_akm(rtwdev, skb);
261 
262 	if (!ieee80211_is_data(hdr->frame_control))
263 		return;
264 
265 	if (is_broadcast_ether_addr(hdr->addr1) ||
266 	    is_multicast_ether_addr(hdr->addr1))
267 		return;
268 
269 	if (tx) {
270 		stats->tx_cnt++;
271 		stats->tx_unicast += skb->len;
272 	} else {
273 		stats->rx_cnt++;
274 		stats->rx_unicast += skb->len;
275 	}
276 }
277 
278 void rtw89_get_default_chandef(struct cfg80211_chan_def *chandef)
279 {
280 	cfg80211_chandef_create(chandef, &rtw89_channels_2ghz[0],
281 				NL80211_CHAN_NO_HT);
282 }
283 
284 void rtw89_get_channel_params(const struct cfg80211_chan_def *chandef,
285 			      struct rtw89_chan *chan)
286 {
287 	struct ieee80211_channel *channel = chandef->chan;
288 	enum nl80211_chan_width width = chandef->width;
289 	u32 primary_freq, center_freq;
290 	u8 center_chan;
291 	u8 bandwidth = RTW89_CHANNEL_WIDTH_20;
292 	u32 offset;
293 	u8 band;
294 
295 	center_chan = channel->hw_value;
296 	primary_freq = channel->center_freq;
297 	center_freq = chandef->center_freq1;
298 
299 	switch (width) {
300 	case NL80211_CHAN_WIDTH_20_NOHT:
301 	case NL80211_CHAN_WIDTH_20:
302 		bandwidth = RTW89_CHANNEL_WIDTH_20;
303 		break;
304 	case NL80211_CHAN_WIDTH_40:
305 		bandwidth = RTW89_CHANNEL_WIDTH_40;
306 		if (primary_freq > center_freq) {
307 			center_chan -= 2;
308 		} else {
309 			center_chan += 2;
310 		}
311 		break;
312 	case NL80211_CHAN_WIDTH_80:
313 	case NL80211_CHAN_WIDTH_160:
314 		bandwidth = nl_to_rtw89_bandwidth(width);
315 		if (primary_freq > center_freq) {
316 			offset = (primary_freq - center_freq - 10) / 20;
317 			center_chan -= 2 + offset * 4;
318 		} else {
319 			offset = (center_freq - primary_freq - 10) / 20;
320 			center_chan += 2 + offset * 4;
321 		}
322 		break;
323 	default:
324 		center_chan = 0;
325 		break;
326 	}
327 
328 	switch (channel->band) {
329 	default:
330 	case NL80211_BAND_2GHZ:
331 		band = RTW89_BAND_2G;
332 		break;
333 	case NL80211_BAND_5GHZ:
334 		band = RTW89_BAND_5G;
335 		break;
336 	case NL80211_BAND_6GHZ:
337 		band = RTW89_BAND_6G;
338 		break;
339 	}
340 
341 	rtw89_chan_create(chan, center_chan, channel->hw_value, band, bandwidth);
342 }
343 
344 void rtw89_core_set_chip_txpwr(struct rtw89_dev *rtwdev)
345 {
346 	struct rtw89_hal *hal = &rtwdev->hal;
347 	const struct rtw89_chip_info *chip = rtwdev->chip;
348 	const struct rtw89_chan *chan;
349 	enum rtw89_chanctx_idx chanctx_idx;
350 	enum rtw89_chanctx_idx roc_idx;
351 	enum rtw89_phy_idx phy_idx;
352 	enum rtw89_entity_mode mode;
353 	bool entity_active;
354 
355 	entity_active = rtw89_get_entity_state(rtwdev);
356 	if (!entity_active)
357 		return;
358 
359 	mode = rtw89_get_entity_mode(rtwdev);
360 	switch (mode) {
361 	case RTW89_ENTITY_MODE_SCC:
362 	case RTW89_ENTITY_MODE_MCC:
363 		chanctx_idx = RTW89_CHANCTX_0;
364 		break;
365 	case RTW89_ENTITY_MODE_MCC_PREPARE:
366 		chanctx_idx = RTW89_CHANCTX_1;
367 		break;
368 	default:
369 		WARN(1, "Invalid ent mode: %d\n", mode);
370 		return;
371 	}
372 
373 	roc_idx = atomic_read(&hal->roc_chanctx_idx);
374 	if (roc_idx != RTW89_CHANCTX_IDLE)
375 		chanctx_idx = roc_idx;
376 
377 	phy_idx = RTW89_PHY_0;
378 	chan = rtw89_chan_get(rtwdev, chanctx_idx);
379 	chip->ops->set_txpwr(rtwdev, chan, phy_idx);
380 }
381 
382 int rtw89_set_channel(struct rtw89_dev *rtwdev)
383 {
384 	struct rtw89_hal *hal = &rtwdev->hal;
385 	const struct rtw89_chip_info *chip = rtwdev->chip;
386 	const struct rtw89_chan_rcd *chan_rcd;
387 	const struct rtw89_chan *chan;
388 	enum rtw89_chanctx_idx chanctx_idx;
389 	enum rtw89_chanctx_idx roc_idx;
390 	enum rtw89_mac_idx mac_idx;
391 	enum rtw89_phy_idx phy_idx;
392 	struct rtw89_channel_help_params bak;
393 	enum rtw89_entity_mode mode;
394 	bool entity_active;
395 
396 	entity_active = rtw89_get_entity_state(rtwdev);
397 
398 	mode = rtw89_entity_recalc(rtwdev);
399 	switch (mode) {
400 	case RTW89_ENTITY_MODE_SCC:
401 	case RTW89_ENTITY_MODE_MCC:
402 		chanctx_idx = RTW89_CHANCTX_0;
403 		break;
404 	case RTW89_ENTITY_MODE_MCC_PREPARE:
405 		chanctx_idx = RTW89_CHANCTX_1;
406 		break;
407 	default:
408 		WARN(1, "Invalid ent mode: %d\n", mode);
409 		return -EINVAL;
410 	}
411 
412 	roc_idx = atomic_read(&hal->roc_chanctx_idx);
413 	if (roc_idx != RTW89_CHANCTX_IDLE)
414 		chanctx_idx = roc_idx;
415 
416 	mac_idx = RTW89_MAC_0;
417 	phy_idx = RTW89_PHY_0;
418 
419 	chan = rtw89_chan_get(rtwdev, chanctx_idx);
420 	chan_rcd = rtw89_chan_rcd_get(rtwdev, chanctx_idx);
421 
422 	rtw89_chip_set_channel_prepare(rtwdev, &bak, chan, mac_idx, phy_idx);
423 
424 	chip->ops->set_channel(rtwdev, chan, mac_idx, phy_idx);
425 
426 	chip->ops->set_txpwr(rtwdev, chan, phy_idx);
427 
428 	rtw89_chip_set_channel_done(rtwdev, &bak, chan, mac_idx, phy_idx);
429 
430 	if (!entity_active || chan_rcd->band_changed) {
431 		rtw89_btc_ntfy_switch_band(rtwdev, phy_idx, chan->band_type);
432 		rtw89_chip_rfk_band_changed(rtwdev, phy_idx, chan);
433 	}
434 
435 	rtw89_set_entity_state(rtwdev, true);
436 	return 0;
437 }
438 
439 void rtw89_get_channel(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif,
440 		       struct rtw89_chan *chan)
441 {
442 	const struct cfg80211_chan_def *chandef;
443 
444 	chandef = rtw89_chandef_get(rtwdev, rtwvif->chanctx_idx);
445 	rtw89_get_channel_params(chandef, chan);
446 }
447 
448 static enum rtw89_core_tx_type
449 rtw89_core_get_tx_type(struct rtw89_dev *rtwdev,
450 		       struct sk_buff *skb)
451 {
452 	struct ieee80211_hdr *hdr = (void *)skb->data;
453 	__le16 fc = hdr->frame_control;
454 
455 	if (ieee80211_is_mgmt(fc) || ieee80211_is_nullfunc(fc))
456 		return RTW89_CORE_TX_TYPE_MGMT;
457 
458 	return RTW89_CORE_TX_TYPE_DATA;
459 }
460 
461 static void
462 rtw89_core_tx_update_ampdu_info(struct rtw89_dev *rtwdev,
463 				struct rtw89_core_tx_request *tx_req,
464 				enum btc_pkt_type pkt_type)
465 {
466 	struct ieee80211_sta *sta = tx_req->sta;
467 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
468 	struct sk_buff *skb = tx_req->skb;
469 	struct rtw89_sta *rtwsta;
470 	u8 ampdu_num;
471 	u8 tid;
472 
473 	if (pkt_type == PACKET_EAPOL) {
474 		desc_info->bk = true;
475 		return;
476 	}
477 
478 	if (!(IEEE80211_SKB_CB(skb)->flags & IEEE80211_TX_CTL_AMPDU))
479 		return;
480 
481 	if (!sta) {
482 		rtw89_warn(rtwdev, "cannot set ampdu info without sta\n");
483 		return;
484 	}
485 
486 	tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
487 	rtwsta = (struct rtw89_sta *)sta->drv_priv;
488 
489 	ampdu_num = (u8)((rtwsta->ampdu_params[tid].agg_num ?
490 			  rtwsta->ampdu_params[tid].agg_num :
491 			  4 << sta->deflink.ht_cap.ampdu_factor) - 1);
492 
493 	desc_info->agg_en = true;
494 	desc_info->ampdu_density = sta->deflink.ht_cap.ampdu_density;
495 	desc_info->ampdu_num = ampdu_num;
496 }
497 
498 static void
499 rtw89_core_tx_update_sec_key(struct rtw89_dev *rtwdev,
500 			     struct rtw89_core_tx_request *tx_req)
501 {
502 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
503 	const struct rtw89_chip_info *chip = rtwdev->chip;
504 	const struct rtw89_sec_cam_entry *sec_cam;
505 	struct ieee80211_tx_info *info;
506 	struct ieee80211_key_conf *key;
507 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
508 	struct sk_buff *skb = tx_req->skb;
509 	u8 sec_type = RTW89_SEC_KEY_TYPE_NONE;
510 	u8 sec_cam_idx;
511 	u64 pn64;
512 
513 	info = IEEE80211_SKB_CB(skb);
514 	key = info->control.hw_key;
515 	sec_cam_idx = key->hw_key_idx;
516 	sec_cam = cam_info->sec_entries[sec_cam_idx];
517 	if (!sec_cam) {
518 		rtw89_warn(rtwdev, "sec cam entry is empty\n");
519 		return;
520 	}
521 
522 	switch (key->cipher) {
523 	case WLAN_CIPHER_SUITE_WEP40:
524 		sec_type = RTW89_SEC_KEY_TYPE_WEP40;
525 		break;
526 	case WLAN_CIPHER_SUITE_WEP104:
527 		sec_type = RTW89_SEC_KEY_TYPE_WEP104;
528 		break;
529 	case WLAN_CIPHER_SUITE_TKIP:
530 		sec_type = RTW89_SEC_KEY_TYPE_TKIP;
531 		break;
532 	case WLAN_CIPHER_SUITE_CCMP:
533 		sec_type = RTW89_SEC_KEY_TYPE_CCMP128;
534 		break;
535 	case WLAN_CIPHER_SUITE_CCMP_256:
536 		sec_type = RTW89_SEC_KEY_TYPE_CCMP256;
537 		break;
538 	case WLAN_CIPHER_SUITE_GCMP:
539 		sec_type = RTW89_SEC_KEY_TYPE_GCMP128;
540 		break;
541 	case WLAN_CIPHER_SUITE_GCMP_256:
542 		sec_type = RTW89_SEC_KEY_TYPE_GCMP256;
543 		break;
544 	default:
545 		rtw89_warn(rtwdev, "key cipher not supported %d\n", key->cipher);
546 		return;
547 	}
548 
549 	desc_info->sec_en = true;
550 	desc_info->sec_keyid = key->keyidx;
551 	desc_info->sec_type = sec_type;
552 	desc_info->sec_cam_idx = sec_cam->sec_cam_idx;
553 
554 	if (!chip->hw_sec_hdr)
555 		return;
556 
557 	pn64 = atomic64_inc_return(&key->tx_pn);
558 	desc_info->sec_seq[0] = pn64;
559 	desc_info->sec_seq[1] = pn64 >> 8;
560 	desc_info->sec_seq[2] = pn64 >> 16;
561 	desc_info->sec_seq[3] = pn64 >> 24;
562 	desc_info->sec_seq[4] = pn64 >> 32;
563 	desc_info->sec_seq[5] = pn64 >> 40;
564 	desc_info->wp_offset = 1; /* in unit of 8 bytes for security header */
565 }
566 
567 static u16 rtw89_core_get_mgmt_rate(struct rtw89_dev *rtwdev,
568 				    struct rtw89_core_tx_request *tx_req,
569 				    const struct rtw89_chan *chan)
570 {
571 	struct sk_buff *skb = tx_req->skb;
572 	struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb);
573 	struct ieee80211_vif *vif = tx_info->control.vif;
574 	u16 lowest_rate;
575 
576 	if (tx_info->flags & IEEE80211_TX_CTL_NO_CCK_RATE ||
577 	    (vif && vif->p2p))
578 		lowest_rate = RTW89_HW_RATE_OFDM6;
579 	else if (chan->band_type == RTW89_BAND_2G)
580 		lowest_rate = RTW89_HW_RATE_CCK1;
581 	else
582 		lowest_rate = RTW89_HW_RATE_OFDM6;
583 
584 	if (!vif || !vif->bss_conf.basic_rates || !tx_req->sta)
585 		return lowest_rate;
586 
587 	return __ffs(vif->bss_conf.basic_rates) + lowest_rate;
588 }
589 
590 static u8 rtw89_core_tx_get_mac_id(struct rtw89_dev *rtwdev,
591 				   struct rtw89_core_tx_request *tx_req)
592 {
593 	struct ieee80211_vif *vif = tx_req->vif;
594 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
595 	struct ieee80211_sta *sta = tx_req->sta;
596 	struct rtw89_sta *rtwsta;
597 
598 	if (!sta)
599 		return rtwvif->mac_id;
600 
601 	rtwsta = (struct rtw89_sta *)sta->drv_priv;
602 	return rtwsta->mac_id;
603 }
604 
605 static void rtw89_core_tx_update_llc_hdr(struct rtw89_dev *rtwdev,
606 					 struct rtw89_tx_desc_info *desc_info,
607 					 struct sk_buff *skb)
608 {
609 	struct ieee80211_hdr *hdr = (void *)skb->data;
610 	__le16 fc = hdr->frame_control;
611 
612 	desc_info->hdr_llc_len = ieee80211_hdrlen(fc);
613 	desc_info->hdr_llc_len >>= 1; /* in unit of 2 bytes */
614 }
615 
616 static void
617 rtw89_core_tx_update_mgmt_info(struct rtw89_dev *rtwdev,
618 			       struct rtw89_core_tx_request *tx_req)
619 {
620 	const struct rtw89_chip_info *chip = rtwdev->chip;
621 	struct ieee80211_vif *vif = tx_req->vif;
622 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
623 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
624 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev,
625 						       rtwvif->chanctx_idx);
626 	struct sk_buff *skb = tx_req->skb;
627 	u8 qsel, ch_dma;
628 
629 	qsel = desc_info->hiq ? RTW89_TX_QSEL_B0_HI : RTW89_TX_QSEL_B0_MGMT;
630 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
631 
632 	desc_info->qsel = qsel;
633 	desc_info->ch_dma = ch_dma;
634 	desc_info->port = desc_info->hiq ? rtwvif->port : 0;
635 	desc_info->mac_id = rtw89_core_tx_get_mac_id(rtwdev, tx_req);
636 	desc_info->hw_ssn_sel = RTW89_MGMT_HW_SSN_SEL;
637 	desc_info->hw_seq_mode = RTW89_MGMT_HW_SEQ_MODE;
638 
639 	/* fixed data rate for mgmt frames */
640 	desc_info->en_wd_info = true;
641 	desc_info->use_rate = true;
642 	desc_info->dis_data_fb = true;
643 	desc_info->data_rate = rtw89_core_get_mgmt_rate(rtwdev, tx_req, chan);
644 
645 	if (chip->hw_mgmt_tx_encrypt && IEEE80211_SKB_CB(skb)->control.hw_key) {
646 		rtw89_core_tx_update_sec_key(rtwdev, tx_req);
647 		rtw89_core_tx_update_llc_hdr(rtwdev, desc_info, skb);
648 	}
649 
650 	rtw89_debug(rtwdev, RTW89_DBG_TXRX,
651 		    "tx mgmt frame with rate 0x%x on channel %d (band %d, bw %d)\n",
652 		    desc_info->data_rate, chan->channel, chan->band_type,
653 		    chan->band_width);
654 }
655 
656 static void
657 rtw89_core_tx_update_h2c_info(struct rtw89_dev *rtwdev,
658 			      struct rtw89_core_tx_request *tx_req)
659 {
660 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
661 
662 	desc_info->is_bmc = false;
663 	desc_info->wd_page = false;
664 	desc_info->ch_dma = RTW89_DMA_H2C;
665 }
666 
667 static void rtw89_core_get_no_ul_ofdma_htc(struct rtw89_dev *rtwdev, __le32 *htc,
668 					   const struct rtw89_chan *chan)
669 {
670 	static const u8 rtw89_bandwidth_to_om[] = {
671 		[RTW89_CHANNEL_WIDTH_20] = HTC_OM_CHANNEL_WIDTH_20,
672 		[RTW89_CHANNEL_WIDTH_40] = HTC_OM_CHANNEL_WIDTH_40,
673 		[RTW89_CHANNEL_WIDTH_80] = HTC_OM_CHANNEL_WIDTH_80,
674 		[RTW89_CHANNEL_WIDTH_160] = HTC_OM_CHANNEL_WIDTH_160_OR_80_80,
675 		[RTW89_CHANNEL_WIDTH_80_80] = HTC_OM_CHANNEL_WIDTH_160_OR_80_80,
676 	};
677 	const struct rtw89_chip_info *chip = rtwdev->chip;
678 	struct rtw89_hal *hal = &rtwdev->hal;
679 	u8 om_bandwidth;
680 
681 	if (!chip->dis_2g_40m_ul_ofdma ||
682 	    chan->band_type != RTW89_BAND_2G ||
683 	    chan->band_width != RTW89_CHANNEL_WIDTH_40)
684 		return;
685 
686 	om_bandwidth = chan->band_width < ARRAY_SIZE(rtw89_bandwidth_to_om) ?
687 		       rtw89_bandwidth_to_om[chan->band_width] : 0;
688 	*htc = le32_encode_bits(RTW89_HTC_VARIANT_HE, RTW89_HTC_MASK_VARIANT) |
689 	       le32_encode_bits(RTW89_HTC_VARIANT_HE_CID_OM, RTW89_HTC_MASK_CTL_ID) |
690 	       le32_encode_bits(hal->rx_nss - 1, RTW89_HTC_MASK_HTC_OM_RX_NSS) |
691 	       le32_encode_bits(om_bandwidth, RTW89_HTC_MASK_HTC_OM_CH_WIDTH) |
692 	       le32_encode_bits(1, RTW89_HTC_MASK_HTC_OM_UL_MU_DIS) |
693 	       le32_encode_bits(hal->tx_nss - 1, RTW89_HTC_MASK_HTC_OM_TX_NSTS) |
694 	       le32_encode_bits(0, RTW89_HTC_MASK_HTC_OM_ER_SU_DIS) |
695 	       le32_encode_bits(0, RTW89_HTC_MASK_HTC_OM_DL_MU_MIMO_RR) |
696 	       le32_encode_bits(0, RTW89_HTC_MASK_HTC_OM_UL_MU_DATA_DIS);
697 }
698 
699 static bool
700 __rtw89_core_tx_check_he_qos_htc(struct rtw89_dev *rtwdev,
701 				 struct rtw89_core_tx_request *tx_req,
702 				 enum btc_pkt_type pkt_type)
703 {
704 	struct ieee80211_sta *sta = tx_req->sta;
705 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
706 	struct sk_buff *skb = tx_req->skb;
707 	struct ieee80211_hdr *hdr = (void *)skb->data;
708 	__le16 fc = hdr->frame_control;
709 
710 	/* AP IOT issue with EAPoL, ARP and DHCP */
711 	if (pkt_type < PACKET_MAX)
712 		return false;
713 
714 	if (!sta || !sta->deflink.he_cap.has_he)
715 		return false;
716 
717 	if (!ieee80211_is_data_qos(fc))
718 		return false;
719 
720 	if (skb_headroom(skb) < IEEE80211_HT_CTL_LEN)
721 		return false;
722 
723 	if (rtwsta && rtwsta->ra_report.might_fallback_legacy)
724 		return false;
725 
726 	return true;
727 }
728 
729 static void
730 __rtw89_core_tx_adjust_he_qos_htc(struct rtw89_dev *rtwdev,
731 				  struct rtw89_core_tx_request *tx_req)
732 {
733 	struct ieee80211_sta *sta = tx_req->sta;
734 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
735 	struct sk_buff *skb = tx_req->skb;
736 	struct ieee80211_hdr *hdr = (void *)skb->data;
737 	__le16 fc = hdr->frame_control;
738 	void *data;
739 	__le32 *htc;
740 	u8 *qc;
741 	int hdr_len;
742 
743 	hdr_len = ieee80211_has_a4(fc) ? 32 : 26;
744 	data = skb_push(skb, IEEE80211_HT_CTL_LEN);
745 	memmove(data, data + IEEE80211_HT_CTL_LEN, hdr_len);
746 
747 	hdr = data;
748 	htc = data + hdr_len;
749 	hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_ORDER);
750 	*htc = rtwsta->htc_template ? rtwsta->htc_template :
751 	       le32_encode_bits(RTW89_HTC_VARIANT_HE, RTW89_HTC_MASK_VARIANT) |
752 	       le32_encode_bits(RTW89_HTC_VARIANT_HE_CID_CAS, RTW89_HTC_MASK_CTL_ID);
753 
754 	qc = data + hdr_len - IEEE80211_QOS_CTL_LEN;
755 	qc[0] |= IEEE80211_QOS_CTL_EOSP;
756 }
757 
758 static void
759 rtw89_core_tx_update_he_qos_htc(struct rtw89_dev *rtwdev,
760 				struct rtw89_core_tx_request *tx_req,
761 				enum btc_pkt_type pkt_type)
762 {
763 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
764 	struct ieee80211_vif *vif = tx_req->vif;
765 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
766 
767 	if (!__rtw89_core_tx_check_he_qos_htc(rtwdev, tx_req, pkt_type))
768 		goto desc_bk;
769 
770 	__rtw89_core_tx_adjust_he_qos_htc(rtwdev, tx_req);
771 
772 	desc_info->pkt_size += IEEE80211_HT_CTL_LEN;
773 	desc_info->a_ctrl_bsr = true;
774 
775 desc_bk:
776 	if (!rtwvif || rtwvif->last_a_ctrl == desc_info->a_ctrl_bsr)
777 		return;
778 
779 	rtwvif->last_a_ctrl = desc_info->a_ctrl_bsr;
780 	desc_info->bk = true;
781 }
782 
783 static u16 rtw89_core_get_data_rate(struct rtw89_dev *rtwdev,
784 				    struct rtw89_core_tx_request *tx_req)
785 {
786 	struct ieee80211_vif *vif = tx_req->vif;
787 	struct ieee80211_sta *sta = tx_req->sta;
788 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
789 	struct rtw89_phy_rate_pattern *rate_pattern = &rtwvif->rate_pattern;
790 	enum rtw89_chanctx_idx idx = rtwvif->chanctx_idx;
791 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev, idx);
792 	u16 lowest_rate;
793 
794 	if (rate_pattern->enable)
795 		return rate_pattern->rate;
796 
797 	if (vif->p2p)
798 		lowest_rate = RTW89_HW_RATE_OFDM6;
799 	else if (chan->band_type == RTW89_BAND_2G)
800 		lowest_rate = RTW89_HW_RATE_CCK1;
801 	else
802 		lowest_rate = RTW89_HW_RATE_OFDM6;
803 
804 	if (!sta || !sta->deflink.supp_rates[chan->band_type])
805 		return lowest_rate;
806 
807 	return __ffs(sta->deflink.supp_rates[chan->band_type]) + lowest_rate;
808 }
809 
810 static void
811 rtw89_core_tx_update_data_info(struct rtw89_dev *rtwdev,
812 			       struct rtw89_core_tx_request *tx_req)
813 {
814 	struct ieee80211_vif *vif = tx_req->vif;
815 	struct ieee80211_sta *sta = tx_req->sta;
816 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
817 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
818 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
819 	struct sk_buff *skb = tx_req->skb;
820 	u8 tid, tid_indicate;
821 	u8 qsel, ch_dma;
822 
823 	tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
824 	tid_indicate = rtw89_core_get_tid_indicate(rtwdev, tid);
825 	qsel = desc_info->hiq ? RTW89_TX_QSEL_B0_HI : rtw89_core_get_qsel(rtwdev, tid);
826 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
827 
828 	desc_info->ch_dma = ch_dma;
829 	desc_info->tid_indicate = tid_indicate;
830 	desc_info->qsel = qsel;
831 	desc_info->mac_id = rtw89_core_tx_get_mac_id(rtwdev, tx_req);
832 	desc_info->port = desc_info->hiq ? rtwvif->port : 0;
833 	desc_info->er_cap = rtwsta ? rtwsta->er_cap : false;
834 	desc_info->stbc = rtwsta ? rtwsta->ra.stbc_cap : false;
835 	desc_info->ldpc = rtwsta ? rtwsta->ra.ldpc_cap : false;
836 
837 	/* enable wd_info for AMPDU */
838 	desc_info->en_wd_info = true;
839 
840 	if (IEEE80211_SKB_CB(skb)->control.hw_key)
841 		rtw89_core_tx_update_sec_key(rtwdev, tx_req);
842 
843 	desc_info->data_retry_lowest_rate = rtw89_core_get_data_rate(rtwdev, tx_req);
844 }
845 
846 static enum btc_pkt_type
847 rtw89_core_tx_btc_spec_pkt_notify(struct rtw89_dev *rtwdev,
848 				  struct rtw89_core_tx_request *tx_req)
849 {
850 	struct sk_buff *skb = tx_req->skb;
851 	struct udphdr *udphdr;
852 
853 	if (IEEE80211_SKB_CB(skb)->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO) {
854 		ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.eapol_notify_work);
855 		return PACKET_EAPOL;
856 	}
857 
858 	if (skb->protocol == htons(ETH_P_ARP)) {
859 		ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.arp_notify_work);
860 		return PACKET_ARP;
861 	}
862 
863 	if (skb->protocol == htons(ETH_P_IP) &&
864 	    ip_hdr(skb)->protocol == IPPROTO_UDP) {
865 		udphdr = udp_hdr(skb);
866 		if (((udphdr->source == htons(67) && udphdr->dest == htons(68)) ||
867 		     (udphdr->source == htons(68) && udphdr->dest == htons(67))) &&
868 		    skb->len > 282) {
869 			ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.dhcp_notify_work);
870 			return PACKET_DHCP;
871 		}
872 	}
873 
874 	if (skb->protocol == htons(ETH_P_IP) &&
875 	    ip_hdr(skb)->protocol == IPPROTO_ICMP) {
876 		ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.icmp_notify_work);
877 		return PACKET_ICMP;
878 	}
879 
880 	return PACKET_MAX;
881 }
882 
883 static void
884 rtw89_core_tx_wake(struct rtw89_dev *rtwdev,
885 		   struct rtw89_core_tx_request *tx_req)
886 {
887 	const struct rtw89_chip_info *chip = rtwdev->chip;
888 
889 	if (!RTW89_CHK_FW_FEATURE(TX_WAKE, &rtwdev->fw))
890 		return;
891 
892 	if (!test_bit(RTW89_FLAG_LOW_POWER_MODE, rtwdev->flags))
893 		return;
894 
895 	if (chip->chip_id != RTL8852C &&
896 	    tx_req->tx_type != RTW89_CORE_TX_TYPE_MGMT)
897 		return;
898 
899 	rtw89_mac_notify_wake(rtwdev);
900 }
901 
902 static void
903 rtw89_core_tx_update_desc_info(struct rtw89_dev *rtwdev,
904 			       struct rtw89_core_tx_request *tx_req)
905 {
906 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
907 	struct sk_buff *skb = tx_req->skb;
908 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
909 	struct ieee80211_hdr *hdr = (void *)skb->data;
910 	enum rtw89_core_tx_type tx_type;
911 	enum btc_pkt_type pkt_type;
912 	bool is_bmc;
913 	u16 seq;
914 
915 	seq = (le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ) >> 4;
916 	if (tx_req->tx_type != RTW89_CORE_TX_TYPE_FWCMD) {
917 		tx_type = rtw89_core_get_tx_type(rtwdev, skb);
918 		tx_req->tx_type = tx_type;
919 	}
920 	is_bmc = (is_broadcast_ether_addr(hdr->addr1) ||
921 		  is_multicast_ether_addr(hdr->addr1));
922 
923 	desc_info->seq = seq;
924 	desc_info->pkt_size = skb->len;
925 	desc_info->is_bmc = is_bmc;
926 	desc_info->wd_page = true;
927 	desc_info->hiq = info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM;
928 
929 	switch (tx_req->tx_type) {
930 	case RTW89_CORE_TX_TYPE_MGMT:
931 		rtw89_core_tx_update_mgmt_info(rtwdev, tx_req);
932 		break;
933 	case RTW89_CORE_TX_TYPE_DATA:
934 		rtw89_core_tx_update_data_info(rtwdev, tx_req);
935 		pkt_type = rtw89_core_tx_btc_spec_pkt_notify(rtwdev, tx_req);
936 		rtw89_core_tx_update_he_qos_htc(rtwdev, tx_req, pkt_type);
937 		rtw89_core_tx_update_ampdu_info(rtwdev, tx_req, pkt_type);
938 		rtw89_core_tx_update_llc_hdr(rtwdev, desc_info, skb);
939 		break;
940 	case RTW89_CORE_TX_TYPE_FWCMD:
941 		rtw89_core_tx_update_h2c_info(rtwdev, tx_req);
942 		break;
943 	}
944 }
945 
946 void rtw89_core_tx_kick_off(struct rtw89_dev *rtwdev, u8 qsel)
947 {
948 	u8 ch_dma;
949 
950 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
951 
952 	rtw89_hci_tx_kick_off(rtwdev, ch_dma);
953 }
954 
955 int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *skb,
956 				    int qsel, unsigned int timeout)
957 {
958 	struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb);
959 	struct rtw89_tx_wait_info *wait;
960 	unsigned long time_left;
961 	int ret = 0;
962 
963 	wait = kzalloc(sizeof(*wait), GFP_KERNEL);
964 	if (!wait) {
965 		rtw89_core_tx_kick_off(rtwdev, qsel);
966 		return 0;
967 	}
968 
969 	init_completion(&wait->completion);
970 	rcu_assign_pointer(skb_data->wait, wait);
971 
972 	rtw89_core_tx_kick_off(rtwdev, qsel);
973 	time_left = wait_for_completion_timeout(&wait->completion,
974 						msecs_to_jiffies(timeout));
975 	if (time_left == 0)
976 		ret = -ETIMEDOUT;
977 	else if (!wait->tx_done)
978 		ret = -EAGAIN;
979 
980 	rcu_assign_pointer(skb_data->wait, NULL);
981 	kfree_rcu(wait, rcu_head);
982 
983 	return ret;
984 }
985 
986 int rtw89_h2c_tx(struct rtw89_dev *rtwdev,
987 		 struct sk_buff *skb, bool fwdl)
988 {
989 	struct rtw89_core_tx_request tx_req = {0};
990 	u32 cnt;
991 	int ret;
992 
993 	if (!test_bit(RTW89_FLAG_POWERON, rtwdev->flags)) {
994 		rtw89_debug(rtwdev, RTW89_DBG_FW,
995 			    "ignore h2c due to power is off with firmware state=%d\n",
996 			    test_bit(RTW89_FLAG_FW_RDY, rtwdev->flags));
997 		dev_kfree_skb(skb);
998 		return 0;
999 	}
1000 
1001 	tx_req.skb = skb;
1002 	tx_req.tx_type = RTW89_CORE_TX_TYPE_FWCMD;
1003 	if (fwdl)
1004 		tx_req.desc_info.fw_dl = true;
1005 
1006 	rtw89_core_tx_update_desc_info(rtwdev, &tx_req);
1007 
1008 	if (!fwdl)
1009 		rtw89_hex_dump(rtwdev, RTW89_DBG_FW, "H2C: ", skb->data, skb->len);
1010 
1011 	cnt = rtw89_hci_check_and_reclaim_tx_resource(rtwdev, RTW89_TXCH_CH12);
1012 	if (cnt == 0) {
1013 		rtw89_err(rtwdev, "no tx fwcmd resource\n");
1014 		return -ENOSPC;
1015 	}
1016 
1017 	ret = rtw89_hci_tx_write(rtwdev, &tx_req);
1018 	if (ret) {
1019 		rtw89_err(rtwdev, "failed to transmit skb to HCI\n");
1020 		return ret;
1021 	}
1022 	rtw89_hci_tx_kick_off(rtwdev, RTW89_TXCH_CH12);
1023 
1024 	return 0;
1025 }
1026 
1027 int rtw89_core_tx_write(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif,
1028 			struct ieee80211_sta *sta, struct sk_buff *skb, int *qsel)
1029 {
1030 	struct rtw89_core_tx_request tx_req = {0};
1031 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
1032 	int ret;
1033 
1034 	tx_req.skb = skb;
1035 	tx_req.sta = sta;
1036 	tx_req.vif = vif;
1037 
1038 	rtw89_traffic_stats_accu(rtwdev, &rtwdev->stats, skb, true);
1039 	rtw89_traffic_stats_accu(rtwdev, &rtwvif->stats, skb, true);
1040 	rtw89_core_tx_update_desc_info(rtwdev, &tx_req);
1041 	rtw89_core_tx_wake(rtwdev, &tx_req);
1042 
1043 	ret = rtw89_hci_tx_write(rtwdev, &tx_req);
1044 	if (ret) {
1045 		rtw89_err(rtwdev, "failed to transmit skb to HCI\n");
1046 		return ret;
1047 	}
1048 
1049 	if (qsel)
1050 		*qsel = tx_req.desc_info.qsel;
1051 
1052 	return 0;
1053 }
1054 
1055 static __le32 rtw89_build_txwd_body0(struct rtw89_tx_desc_info *desc_info)
1056 {
1057 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY0_WP_OFFSET, desc_info->wp_offset) |
1058 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_INFO_EN, desc_info->en_wd_info) |
1059 		    FIELD_PREP(RTW89_TXWD_BODY0_CHANNEL_DMA, desc_info->ch_dma) |
1060 		    FIELD_PREP(RTW89_TXWD_BODY0_HDR_LLC_LEN, desc_info->hdr_llc_len) |
1061 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_PAGE, desc_info->wd_page) |
1062 		    FIELD_PREP(RTW89_TXWD_BODY0_FW_DL, desc_info->fw_dl) |
1063 		    FIELD_PREP(RTW89_TXWD_BODY0_HW_SSN_SEL, desc_info->hw_ssn_sel) |
1064 		    FIELD_PREP(RTW89_TXWD_BODY0_HW_SSN_MODE, desc_info->hw_seq_mode);
1065 
1066 	return cpu_to_le32(dword);
1067 }
1068 
1069 static __le32 rtw89_build_txwd_body0_v1(struct rtw89_tx_desc_info *desc_info)
1070 {
1071 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY0_WP_OFFSET_V1, desc_info->wp_offset) |
1072 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_INFO_EN, desc_info->en_wd_info) |
1073 		    FIELD_PREP(RTW89_TXWD_BODY0_CHANNEL_DMA, desc_info->ch_dma) |
1074 		    FIELD_PREP(RTW89_TXWD_BODY0_HDR_LLC_LEN, desc_info->hdr_llc_len) |
1075 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_PAGE, desc_info->wd_page) |
1076 		    FIELD_PREP(RTW89_TXWD_BODY0_FW_DL, desc_info->fw_dl);
1077 
1078 	return cpu_to_le32(dword);
1079 }
1080 
1081 static __le32 rtw89_build_txwd_body1_v1(struct rtw89_tx_desc_info *desc_info)
1082 {
1083 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY1_ADDR_INFO_NUM, desc_info->addr_info_nr) |
1084 		    FIELD_PREP(RTW89_TXWD_BODY1_SEC_KEYID, desc_info->sec_keyid) |
1085 		    FIELD_PREP(RTW89_TXWD_BODY1_SEC_TYPE, desc_info->sec_type);
1086 
1087 	return cpu_to_le32(dword);
1088 }
1089 
1090 static __le32 rtw89_build_txwd_body2(struct rtw89_tx_desc_info *desc_info)
1091 {
1092 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY2_TID_INDICATE, desc_info->tid_indicate) |
1093 		    FIELD_PREP(RTW89_TXWD_BODY2_QSEL, desc_info->qsel) |
1094 		    FIELD_PREP(RTW89_TXWD_BODY2_TXPKT_SIZE, desc_info->pkt_size) |
1095 		    FIELD_PREP(RTW89_TXWD_BODY2_MACID, desc_info->mac_id);
1096 
1097 	return cpu_to_le32(dword);
1098 }
1099 
1100 static __le32 rtw89_build_txwd_body3(struct rtw89_tx_desc_info *desc_info)
1101 {
1102 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY3_SW_SEQ, desc_info->seq) |
1103 		    FIELD_PREP(RTW89_TXWD_BODY3_AGG_EN, desc_info->agg_en) |
1104 		    FIELD_PREP(RTW89_TXWD_BODY3_BK, desc_info->bk);
1105 
1106 	return cpu_to_le32(dword);
1107 }
1108 
1109 static __le32 rtw89_build_txwd_body4(struct rtw89_tx_desc_info *desc_info)
1110 {
1111 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY4_SEC_IV_L0, desc_info->sec_seq[0]) |
1112 		    FIELD_PREP(RTW89_TXWD_BODY4_SEC_IV_L1, desc_info->sec_seq[1]);
1113 
1114 	return cpu_to_le32(dword);
1115 }
1116 
1117 static __le32 rtw89_build_txwd_body5(struct rtw89_tx_desc_info *desc_info)
1118 {
1119 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H2, desc_info->sec_seq[2]) |
1120 		    FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H3, desc_info->sec_seq[3]) |
1121 		    FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H4, desc_info->sec_seq[4]) |
1122 		    FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H5, desc_info->sec_seq[5]);
1123 
1124 	return cpu_to_le32(dword);
1125 }
1126 
1127 static __le32 rtw89_build_txwd_body7_v1(struct rtw89_tx_desc_info *desc_info)
1128 {
1129 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY7_USE_RATE_V1, desc_info->use_rate) |
1130 		    FIELD_PREP(RTW89_TXWD_BODY7_DATA_RATE, desc_info->data_rate);
1131 
1132 	return cpu_to_le32(dword);
1133 }
1134 
1135 static __le32 rtw89_build_txwd_info0(struct rtw89_tx_desc_info *desc_info)
1136 {
1137 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO0_USE_RATE, desc_info->use_rate) |
1138 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_RATE, desc_info->data_rate) |
1139 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_STBC, desc_info->stbc) |
1140 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_LDPC, desc_info->ldpc) |
1141 		    FIELD_PREP(RTW89_TXWD_INFO0_DISDATAFB, desc_info->dis_data_fb) |
1142 		    FIELD_PREP(RTW89_TXWD_INFO0_MULTIPORT_ID, desc_info->port);
1143 
1144 	return cpu_to_le32(dword);
1145 }
1146 
1147 static __le32 rtw89_build_txwd_info0_v1(struct rtw89_tx_desc_info *desc_info)
1148 {
1149 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO0_DATA_STBC, desc_info->stbc) |
1150 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_LDPC, desc_info->ldpc) |
1151 		    FIELD_PREP(RTW89_TXWD_INFO0_DISDATAFB, desc_info->dis_data_fb) |
1152 		    FIELD_PREP(RTW89_TXWD_INFO0_MULTIPORT_ID, desc_info->port) |
1153 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_ER, desc_info->er_cap) |
1154 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_BW_ER, 0);
1155 
1156 	return cpu_to_le32(dword);
1157 }
1158 
1159 static __le32 rtw89_build_txwd_info1(struct rtw89_tx_desc_info *desc_info)
1160 {
1161 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO1_MAX_AGGNUM, desc_info->ampdu_num) |
1162 		    FIELD_PREP(RTW89_TXWD_INFO1_A_CTRL_BSR, desc_info->a_ctrl_bsr) |
1163 		    FIELD_PREP(RTW89_TXWD_INFO1_DATA_RTY_LOWEST_RATE,
1164 			       desc_info->data_retry_lowest_rate);
1165 
1166 	return cpu_to_le32(dword);
1167 }
1168 
1169 static __le32 rtw89_build_txwd_info2(struct rtw89_tx_desc_info *desc_info)
1170 {
1171 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO2_AMPDU_DENSITY, desc_info->ampdu_density) |
1172 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_TYPE, desc_info->sec_type) |
1173 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_HW_ENC, desc_info->sec_en) |
1174 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_CAM_IDX, desc_info->sec_cam_idx);
1175 
1176 	return cpu_to_le32(dword);
1177 }
1178 
1179 static __le32 rtw89_build_txwd_info2_v1(struct rtw89_tx_desc_info *desc_info)
1180 {
1181 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO2_AMPDU_DENSITY, desc_info->ampdu_density) |
1182 		    FIELD_PREP(RTW89_TXWD_INFO2_FORCE_KEY_EN, desc_info->sec_en) |
1183 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_CAM_IDX, desc_info->sec_cam_idx);
1184 
1185 	return cpu_to_le32(dword);
1186 }
1187 
1188 static __le32 rtw89_build_txwd_info4(struct rtw89_tx_desc_info *desc_info)
1189 {
1190 	bool rts_en = !desc_info->is_bmc;
1191 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO4_RTS_EN, rts_en) |
1192 		    FIELD_PREP(RTW89_TXWD_INFO4_HW_RTS_EN, 1);
1193 
1194 	return cpu_to_le32(dword);
1195 }
1196 
1197 void rtw89_core_fill_txdesc(struct rtw89_dev *rtwdev,
1198 			    struct rtw89_tx_desc_info *desc_info,
1199 			    void *txdesc)
1200 {
1201 	struct rtw89_txwd_body *txwd_body = (struct rtw89_txwd_body *)txdesc;
1202 	struct rtw89_txwd_info *txwd_info;
1203 
1204 	txwd_body->dword0 = rtw89_build_txwd_body0(desc_info);
1205 	txwd_body->dword2 = rtw89_build_txwd_body2(desc_info);
1206 	txwd_body->dword3 = rtw89_build_txwd_body3(desc_info);
1207 
1208 	if (!desc_info->en_wd_info)
1209 		return;
1210 
1211 	txwd_info = (struct rtw89_txwd_info *)(txwd_body + 1);
1212 	txwd_info->dword0 = rtw89_build_txwd_info0(desc_info);
1213 	txwd_info->dword1 = rtw89_build_txwd_info1(desc_info);
1214 	txwd_info->dword2 = rtw89_build_txwd_info2(desc_info);
1215 	txwd_info->dword4 = rtw89_build_txwd_info4(desc_info);
1216 
1217 }
1218 EXPORT_SYMBOL(rtw89_core_fill_txdesc);
1219 
1220 void rtw89_core_fill_txdesc_v1(struct rtw89_dev *rtwdev,
1221 			       struct rtw89_tx_desc_info *desc_info,
1222 			       void *txdesc)
1223 {
1224 	struct rtw89_txwd_body_v1 *txwd_body = (struct rtw89_txwd_body_v1 *)txdesc;
1225 	struct rtw89_txwd_info *txwd_info;
1226 
1227 	txwd_body->dword0 = rtw89_build_txwd_body0_v1(desc_info);
1228 	txwd_body->dword1 = rtw89_build_txwd_body1_v1(desc_info);
1229 	txwd_body->dword2 = rtw89_build_txwd_body2(desc_info);
1230 	txwd_body->dword3 = rtw89_build_txwd_body3(desc_info);
1231 	if (desc_info->sec_en) {
1232 		txwd_body->dword4 = rtw89_build_txwd_body4(desc_info);
1233 		txwd_body->dword5 = rtw89_build_txwd_body5(desc_info);
1234 	}
1235 	txwd_body->dword7 = rtw89_build_txwd_body7_v1(desc_info);
1236 
1237 	if (!desc_info->en_wd_info)
1238 		return;
1239 
1240 	txwd_info = (struct rtw89_txwd_info *)(txwd_body + 1);
1241 	txwd_info->dword0 = rtw89_build_txwd_info0_v1(desc_info);
1242 	txwd_info->dword1 = rtw89_build_txwd_info1(desc_info);
1243 	txwd_info->dword2 = rtw89_build_txwd_info2_v1(desc_info);
1244 	txwd_info->dword4 = rtw89_build_txwd_info4(desc_info);
1245 }
1246 EXPORT_SYMBOL(rtw89_core_fill_txdesc_v1);
1247 
1248 static __le32 rtw89_build_txwd_body0_v2(struct rtw89_tx_desc_info *desc_info)
1249 {
1250 	u32 dword = FIELD_PREP(BE_TXD_BODY0_WP_OFFSET_V1, desc_info->wp_offset) |
1251 		    FIELD_PREP(BE_TXD_BODY0_WDINFO_EN, desc_info->en_wd_info) |
1252 		    FIELD_PREP(BE_TXD_BODY0_CH_DMA, desc_info->ch_dma) |
1253 		    FIELD_PREP(BE_TXD_BODY0_HDR_LLC_LEN, desc_info->hdr_llc_len) |
1254 		    FIELD_PREP(BE_TXD_BODY0_WD_PAGE, desc_info->wd_page);
1255 
1256 	return cpu_to_le32(dword);
1257 }
1258 
1259 static __le32 rtw89_build_txwd_body1_v2(struct rtw89_tx_desc_info *desc_info)
1260 {
1261 	u32 dword = FIELD_PREP(BE_TXD_BODY1_ADDR_INFO_NUM, desc_info->addr_info_nr) |
1262 		    FIELD_PREP(BE_TXD_BODY1_SEC_KEYID, desc_info->sec_keyid) |
1263 		    FIELD_PREP(BE_TXD_BODY1_SEC_TYPE, desc_info->sec_type);
1264 
1265 	return cpu_to_le32(dword);
1266 }
1267 
1268 static __le32 rtw89_build_txwd_body2_v2(struct rtw89_tx_desc_info *desc_info)
1269 {
1270 	u32 dword = FIELD_PREP(BE_TXD_BODY2_TID_IND, desc_info->tid_indicate) |
1271 		    FIELD_PREP(BE_TXD_BODY2_QSEL, desc_info->qsel) |
1272 		    FIELD_PREP(BE_TXD_BODY2_TXPKTSIZE, desc_info->pkt_size) |
1273 		    FIELD_PREP(BE_TXD_BODY2_AGG_EN, desc_info->agg_en) |
1274 		    FIELD_PREP(BE_TXD_BODY2_BK, desc_info->bk) |
1275 		    FIELD_PREP(BE_TXD_BODY2_MACID, desc_info->mac_id);
1276 
1277 	return cpu_to_le32(dword);
1278 }
1279 
1280 static __le32 rtw89_build_txwd_body3_v2(struct rtw89_tx_desc_info *desc_info)
1281 {
1282 	u32 dword = FIELD_PREP(BE_TXD_BODY3_WIFI_SEQ, desc_info->seq);
1283 
1284 	return cpu_to_le32(dword);
1285 }
1286 
1287 static __le32 rtw89_build_txwd_body4_v2(struct rtw89_tx_desc_info *desc_info)
1288 {
1289 	u32 dword = FIELD_PREP(BE_TXD_BODY4_SEC_IV_L0, desc_info->sec_seq[0]) |
1290 		    FIELD_PREP(BE_TXD_BODY4_SEC_IV_L1, desc_info->sec_seq[1]);
1291 
1292 	return cpu_to_le32(dword);
1293 }
1294 
1295 static __le32 rtw89_build_txwd_body5_v2(struct rtw89_tx_desc_info *desc_info)
1296 {
1297 	u32 dword = FIELD_PREP(BE_TXD_BODY5_SEC_IV_H2, desc_info->sec_seq[2]) |
1298 		    FIELD_PREP(BE_TXD_BODY5_SEC_IV_H3, desc_info->sec_seq[3]) |
1299 		    FIELD_PREP(BE_TXD_BODY5_SEC_IV_H4, desc_info->sec_seq[4]) |
1300 		    FIELD_PREP(BE_TXD_BODY5_SEC_IV_H5, desc_info->sec_seq[5]);
1301 
1302 	return cpu_to_le32(dword);
1303 }
1304 
1305 static __le32 rtw89_build_txwd_body7_v2(struct rtw89_tx_desc_info *desc_info)
1306 {
1307 	u32 dword = FIELD_PREP(BE_TXD_BODY7_USERATE_SEL, desc_info->use_rate) |
1308 		    FIELD_PREP(BE_TXD_BODY7_DATA_ER, desc_info->er_cap) |
1309 		    FIELD_PREP(BE_TXD_BODY7_DATA_BW_ER, 0) |
1310 		    FIELD_PREP(BE_TXD_BODY7_DATARATE, desc_info->data_rate);
1311 
1312 	return cpu_to_le32(dword);
1313 }
1314 
1315 static __le32 rtw89_build_txwd_info0_v2(struct rtw89_tx_desc_info *desc_info)
1316 {
1317 	u32 dword = FIELD_PREP(BE_TXD_INFO0_DATA_STBC, desc_info->stbc) |
1318 		    FIELD_PREP(BE_TXD_INFO0_DATA_LDPC, desc_info->ldpc) |
1319 		    FIELD_PREP(BE_TXD_INFO0_DISDATAFB, desc_info->dis_data_fb) |
1320 		    FIELD_PREP(BE_TXD_INFO0_MULTIPORT_ID, desc_info->port);
1321 
1322 	return cpu_to_le32(dword);
1323 }
1324 
1325 static __le32 rtw89_build_txwd_info1_v2(struct rtw89_tx_desc_info *desc_info)
1326 {
1327 	u32 dword = FIELD_PREP(BE_TXD_INFO1_MAX_AGG_NUM, desc_info->ampdu_num) |
1328 		    FIELD_PREP(BE_TXD_INFO1_A_CTRL_BSR, desc_info->a_ctrl_bsr) |
1329 		    FIELD_PREP(BE_TXD_INFO1_DATA_RTY_LOWEST_RATE,
1330 			       desc_info->data_retry_lowest_rate);
1331 
1332 	return cpu_to_le32(dword);
1333 }
1334 
1335 static __le32 rtw89_build_txwd_info2_v2(struct rtw89_tx_desc_info *desc_info)
1336 {
1337 	u32 dword = FIELD_PREP(BE_TXD_INFO2_AMPDU_DENSITY, desc_info->ampdu_density) |
1338 		    FIELD_PREP(BE_TXD_INFO2_FORCE_KEY_EN, desc_info->sec_en) |
1339 		    FIELD_PREP(BE_TXD_INFO2_SEC_CAM_IDX, desc_info->sec_cam_idx);
1340 
1341 	return cpu_to_le32(dword);
1342 }
1343 
1344 static __le32 rtw89_build_txwd_info4_v2(struct rtw89_tx_desc_info *desc_info)
1345 {
1346 	bool rts_en = !desc_info->is_bmc;
1347 	u32 dword = FIELD_PREP(BE_TXD_INFO4_RTS_EN, rts_en) |
1348 		    FIELD_PREP(BE_TXD_INFO4_HW_RTS_EN, 1);
1349 
1350 	return cpu_to_le32(dword);
1351 }
1352 
1353 void rtw89_core_fill_txdesc_v2(struct rtw89_dev *rtwdev,
1354 			       struct rtw89_tx_desc_info *desc_info,
1355 			       void *txdesc)
1356 {
1357 	struct rtw89_txwd_body_v2 *txwd_body = txdesc;
1358 	struct rtw89_txwd_info_v2 *txwd_info;
1359 
1360 	txwd_body->dword0 = rtw89_build_txwd_body0_v2(desc_info);
1361 	txwd_body->dword1 = rtw89_build_txwd_body1_v2(desc_info);
1362 	txwd_body->dword2 = rtw89_build_txwd_body2_v2(desc_info);
1363 	txwd_body->dword3 = rtw89_build_txwd_body3_v2(desc_info);
1364 	if (desc_info->sec_en) {
1365 		txwd_body->dword4 = rtw89_build_txwd_body4_v2(desc_info);
1366 		txwd_body->dword5 = rtw89_build_txwd_body5_v2(desc_info);
1367 	}
1368 	txwd_body->dword7 = rtw89_build_txwd_body7_v2(desc_info);
1369 
1370 	if (!desc_info->en_wd_info)
1371 		return;
1372 
1373 	txwd_info = (struct rtw89_txwd_info_v2 *)(txwd_body + 1);
1374 	txwd_info->dword0 = rtw89_build_txwd_info0_v2(desc_info);
1375 	txwd_info->dword1 = rtw89_build_txwd_info1_v2(desc_info);
1376 	txwd_info->dword2 = rtw89_build_txwd_info2_v2(desc_info);
1377 	txwd_info->dword4 = rtw89_build_txwd_info4_v2(desc_info);
1378 }
1379 EXPORT_SYMBOL(rtw89_core_fill_txdesc_v2);
1380 
1381 static __le32 rtw89_build_txwd_fwcmd0_v1(struct rtw89_tx_desc_info *desc_info)
1382 {
1383 	u32 dword = FIELD_PREP(AX_RXD_RPKT_LEN_MASK, desc_info->pkt_size) |
1384 		    FIELD_PREP(AX_RXD_RPKT_TYPE_MASK, desc_info->fw_dl ?
1385 						      RTW89_CORE_RX_TYPE_FWDL :
1386 						      RTW89_CORE_RX_TYPE_H2C);
1387 
1388 	return cpu_to_le32(dword);
1389 }
1390 
1391 void rtw89_core_fill_txdesc_fwcmd_v1(struct rtw89_dev *rtwdev,
1392 				     struct rtw89_tx_desc_info *desc_info,
1393 				     void *txdesc)
1394 {
1395 	struct rtw89_rxdesc_short *txwd_v1 = (struct rtw89_rxdesc_short *)txdesc;
1396 
1397 	txwd_v1->dword0 = rtw89_build_txwd_fwcmd0_v1(desc_info);
1398 }
1399 EXPORT_SYMBOL(rtw89_core_fill_txdesc_fwcmd_v1);
1400 
1401 static __le32 rtw89_build_txwd_fwcmd0_v2(struct rtw89_tx_desc_info *desc_info)
1402 {
1403 	u32 dword = FIELD_PREP(BE_RXD_RPKT_LEN_MASK, desc_info->pkt_size) |
1404 		    FIELD_PREP(BE_RXD_RPKT_TYPE_MASK, desc_info->fw_dl ?
1405 						      RTW89_CORE_RX_TYPE_FWDL :
1406 						      RTW89_CORE_RX_TYPE_H2C);
1407 
1408 	return cpu_to_le32(dword);
1409 }
1410 
1411 void rtw89_core_fill_txdesc_fwcmd_v2(struct rtw89_dev *rtwdev,
1412 				     struct rtw89_tx_desc_info *desc_info,
1413 				     void *txdesc)
1414 {
1415 	struct rtw89_rxdesc_short_v2 *txwd_v2 = (struct rtw89_rxdesc_short_v2 *)txdesc;
1416 
1417 	txwd_v2->dword0 = rtw89_build_txwd_fwcmd0_v2(desc_info);
1418 }
1419 EXPORT_SYMBOL(rtw89_core_fill_txdesc_fwcmd_v2);
1420 
1421 static int rtw89_core_rx_process_mac_ppdu(struct rtw89_dev *rtwdev,
1422 					  struct sk_buff *skb,
1423 					  struct rtw89_rx_phy_ppdu *phy_ppdu)
1424 {
1425 	const struct rtw89_chip_info *chip = rtwdev->chip;
1426 	const struct rtw89_rxinfo *rxinfo = (const struct rtw89_rxinfo *)skb->data;
1427 	const struct rtw89_rxinfo_user *user;
1428 	enum rtw89_chip_gen chip_gen = rtwdev->chip->chip_gen;
1429 	int rx_cnt_size = RTW89_PPDU_MAC_RX_CNT_SIZE;
1430 	bool rx_cnt_valid = false;
1431 	bool invalid = false;
1432 	u8 plcp_size = 0;
1433 	u8 *phy_sts;
1434 	u8 usr_num;
1435 	int i;
1436 
1437 	if (chip_gen == RTW89_CHIP_BE) {
1438 		invalid = le32_get_bits(rxinfo->w0, RTW89_RXINFO_W0_INVALID_V1);
1439 		rx_cnt_size = RTW89_PPDU_MAC_RX_CNT_SIZE_V1;
1440 	}
1441 
1442 	if (invalid)
1443 		return -EINVAL;
1444 
1445 	rx_cnt_valid = le32_get_bits(rxinfo->w0, RTW89_RXINFO_W0_RX_CNT_VLD);
1446 	if (chip_gen == RTW89_CHIP_BE) {
1447 		plcp_size = le32_get_bits(rxinfo->w0, RTW89_RXINFO_W0_PLCP_LEN_V1) << 3;
1448 		usr_num = le32_get_bits(rxinfo->w0, RTW89_RXINFO_W0_USR_NUM_V1);
1449 	} else {
1450 		plcp_size = le32_get_bits(rxinfo->w1, RTW89_RXINFO_W1_PLCP_LEN) << 3;
1451 		usr_num = le32_get_bits(rxinfo->w0, RTW89_RXINFO_W0_USR_NUM);
1452 	}
1453 	if (usr_num > chip->ppdu_max_usr) {
1454 		rtw89_warn(rtwdev, "Invalid user number (%d) in mac info\n",
1455 			   usr_num);
1456 		return -EINVAL;
1457 	}
1458 
1459 	for (i = 0; i < usr_num; i++) {
1460 		user = &rxinfo->user[i];
1461 		if (!le32_get_bits(user->w0, RTW89_RXINFO_USER_MAC_ID_VALID))
1462 			continue;
1463 		/* For WiFi 7 chips, RXWD.mac_id of PPDU status is not set
1464 		 * by hardware, so update mac_id by rxinfo_user[].mac_id.
1465 		 */
1466 		if (chip_gen == RTW89_CHIP_BE)
1467 			phy_ppdu->mac_id =
1468 				le32_get_bits(user->w0, RTW89_RXINFO_USER_MACID);
1469 		phy_ppdu->has_data =
1470 			le32_get_bits(user->w0, RTW89_RXINFO_USER_DATA);
1471 		phy_ppdu->has_bcn =
1472 			le32_get_bits(user->w0, RTW89_RXINFO_USER_BCN);
1473 		break;
1474 	}
1475 
1476 	phy_sts = skb->data + RTW89_PPDU_MAC_INFO_SIZE;
1477 	phy_sts += usr_num * RTW89_PPDU_MAC_INFO_USR_SIZE;
1478 	/* 8-byte alignment */
1479 	if (usr_num & BIT(0))
1480 		phy_sts += RTW89_PPDU_MAC_INFO_USR_SIZE;
1481 	if (rx_cnt_valid)
1482 		phy_sts += rx_cnt_size;
1483 	phy_sts += plcp_size;
1484 
1485 	if (phy_sts > skb->data + skb->len)
1486 		return -EINVAL;
1487 
1488 	phy_ppdu->buf = phy_sts;
1489 	phy_ppdu->len = skb->data + skb->len - phy_sts;
1490 
1491 	return 0;
1492 }
1493 
1494 static u8 rtw89_get_data_rate_nss(struct rtw89_dev *rtwdev, u16 data_rate)
1495 {
1496 	u8 data_rate_mode;
1497 
1498 	data_rate_mode = rtw89_get_data_rate_mode(rtwdev, data_rate);
1499 	switch (data_rate_mode) {
1500 	case DATA_RATE_MODE_NON_HT:
1501 		return 1;
1502 	case DATA_RATE_MODE_HT:
1503 		return rtw89_get_data_ht_nss(rtwdev, data_rate) + 1;
1504 	case DATA_RATE_MODE_VHT:
1505 	case DATA_RATE_MODE_HE:
1506 	case DATA_RATE_MODE_EHT:
1507 		return rtw89_get_data_nss(rtwdev, data_rate) + 1;
1508 	default:
1509 		rtw89_warn(rtwdev, "invalid RX rate mode %d\n", data_rate_mode);
1510 		return 0;
1511 	}
1512 }
1513 
1514 static void rtw89_core_rx_process_phy_ppdu_iter(void *data,
1515 						struct ieee80211_sta *sta)
1516 {
1517 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
1518 	struct rtw89_rx_phy_ppdu *phy_ppdu = (struct rtw89_rx_phy_ppdu *)data;
1519 	struct rtw89_dev *rtwdev = rtwsta->rtwdev;
1520 	struct rtw89_hal *hal = &rtwdev->hal;
1521 	u8 ant_num = hal->ant_diversity ? 2 : rtwdev->chip->rf_path_num;
1522 	u8 ant_pos = U8_MAX;
1523 	u8 evm_pos = 0;
1524 	int i;
1525 
1526 	if (rtwsta->mac_id != phy_ppdu->mac_id || !phy_ppdu->to_self)
1527 		return;
1528 
1529 	if (hal->ant_diversity && hal->antenna_rx) {
1530 		ant_pos = __ffs(hal->antenna_rx);
1531 		evm_pos = ant_pos;
1532 	}
1533 
1534 	ewma_rssi_add(&rtwsta->avg_rssi, phy_ppdu->rssi_avg);
1535 
1536 	if (ant_pos < ant_num) {
1537 		ewma_rssi_add(&rtwsta->rssi[ant_pos], phy_ppdu->rssi[0]);
1538 	} else {
1539 		for (i = 0; i < rtwdev->chip->rf_path_num; i++)
1540 			ewma_rssi_add(&rtwsta->rssi[i], phy_ppdu->rssi[i]);
1541 	}
1542 
1543 	if (phy_ppdu->ofdm.has && (phy_ppdu->has_data || phy_ppdu->has_bcn)) {
1544 		ewma_snr_add(&rtwsta->avg_snr, phy_ppdu->ofdm.avg_snr);
1545 		if (rtw89_get_data_rate_nss(rtwdev, phy_ppdu->rate) == 1) {
1546 			ewma_evm_add(&rtwsta->evm_1ss, phy_ppdu->ofdm.evm_min);
1547 		} else {
1548 			ewma_evm_add(&rtwsta->evm_min[evm_pos], phy_ppdu->ofdm.evm_min);
1549 			ewma_evm_add(&rtwsta->evm_max[evm_pos], phy_ppdu->ofdm.evm_max);
1550 		}
1551 	}
1552 }
1553 
1554 #define VAR_LEN 0xff
1555 #define VAR_LEN_UNIT 8
1556 static u16 rtw89_core_get_phy_status_ie_len(struct rtw89_dev *rtwdev,
1557 					    const struct rtw89_phy_sts_iehdr *iehdr)
1558 {
1559 	static const u8 physts_ie_len_tabs[RTW89_CHIP_GEN_NUM][32] = {
1560 		[RTW89_CHIP_AX] = {
1561 			16, 32, 24, 24, 8, 8, 8, 8, VAR_LEN, 8, VAR_LEN, 176, VAR_LEN,
1562 			VAR_LEN, VAR_LEN, VAR_LEN, VAR_LEN, VAR_LEN, 16, 24, VAR_LEN,
1563 			VAR_LEN, VAR_LEN, 0, 24, 24, 24, 24, 32, 32, 32, 32
1564 		},
1565 		[RTW89_CHIP_BE] = {
1566 			32, 40, 24, 24, 8, 8, 8, 8, VAR_LEN, 8, VAR_LEN, 176, VAR_LEN,
1567 			VAR_LEN, VAR_LEN, VAR_LEN, VAR_LEN, VAR_LEN, 16, 24, VAR_LEN,
1568 			VAR_LEN, VAR_LEN, 0, 24, 24, 24, 24, 32, 32, 32, 32
1569 		},
1570 	};
1571 	const u8 *physts_ie_len_tab;
1572 	u16 ie_len;
1573 	u8 ie;
1574 
1575 	physts_ie_len_tab = physts_ie_len_tabs[rtwdev->chip->chip_gen];
1576 
1577 	ie = le32_get_bits(iehdr->w0, RTW89_PHY_STS_IEHDR_TYPE);
1578 	if (physts_ie_len_tab[ie] != VAR_LEN)
1579 		ie_len = physts_ie_len_tab[ie];
1580 	else
1581 		ie_len = le32_get_bits(iehdr->w0, RTW89_PHY_STS_IEHDR_LEN) * VAR_LEN_UNIT;
1582 
1583 	return ie_len;
1584 }
1585 
1586 static void rtw89_core_parse_phy_status_ie01_v2(struct rtw89_dev *rtwdev,
1587 						const struct rtw89_phy_sts_iehdr *iehdr,
1588 						struct rtw89_rx_phy_ppdu *phy_ppdu)
1589 {
1590 	const struct rtw89_phy_sts_ie01_v2 *ie;
1591 	u8 *rpl_fd = phy_ppdu->rpl_fd;
1592 
1593 	ie = (const struct rtw89_phy_sts_ie01_v2 *)iehdr;
1594 	rpl_fd[RF_PATH_A] = le32_get_bits(ie->w8, RTW89_PHY_STS_IE01_V2_W8_RPL_FD_A);
1595 	rpl_fd[RF_PATH_B] = le32_get_bits(ie->w8, RTW89_PHY_STS_IE01_V2_W8_RPL_FD_B);
1596 	rpl_fd[RF_PATH_C] = le32_get_bits(ie->w9, RTW89_PHY_STS_IE01_V2_W9_RPL_FD_C);
1597 	rpl_fd[RF_PATH_D] = le32_get_bits(ie->w9, RTW89_PHY_STS_IE01_V2_W9_RPL_FD_D);
1598 
1599 	phy_ppdu->bw_idx = le32_get_bits(ie->w5, RTW89_PHY_STS_IE01_V2_W5_BW_IDX);
1600 }
1601 
1602 static void rtw89_core_parse_phy_status_ie01(struct rtw89_dev *rtwdev,
1603 					     const struct rtw89_phy_sts_iehdr *iehdr,
1604 					     struct rtw89_rx_phy_ppdu *phy_ppdu)
1605 {
1606 	const struct rtw89_phy_sts_ie01 *ie = (const struct rtw89_phy_sts_ie01 *)iehdr;
1607 	s16 cfo;
1608 	u32 t;
1609 
1610 	phy_ppdu->chan_idx = le32_get_bits(ie->w0, RTW89_PHY_STS_IE01_W0_CH_IDX);
1611 
1612 	if (rtwdev->hw->conf.flags & IEEE80211_CONF_MONITOR) {
1613 		phy_ppdu->ldpc = le32_get_bits(ie->w2, RTW89_PHY_STS_IE01_W2_LDPC);
1614 		phy_ppdu->stbc = le32_get_bits(ie->w2, RTW89_PHY_STS_IE01_W2_STBC);
1615 	}
1616 
1617 	if (!phy_ppdu->hdr_2_en)
1618 		phy_ppdu->rx_path_en =
1619 			le32_get_bits(ie->w0, RTW89_PHY_STS_IE01_W0_RX_PATH_EN);
1620 
1621 	if (phy_ppdu->rate < RTW89_HW_RATE_OFDM6)
1622 		return;
1623 
1624 	if (!phy_ppdu->to_self)
1625 		return;
1626 
1627 	phy_ppdu->rpl_avg = le32_get_bits(ie->w0, RTW89_PHY_STS_IE01_W0_RSSI_AVG_FD);
1628 	phy_ppdu->ofdm.avg_snr = le32_get_bits(ie->w2, RTW89_PHY_STS_IE01_W2_AVG_SNR);
1629 	phy_ppdu->ofdm.evm_max = le32_get_bits(ie->w2, RTW89_PHY_STS_IE01_W2_EVM_MAX);
1630 	phy_ppdu->ofdm.evm_min = le32_get_bits(ie->w2, RTW89_PHY_STS_IE01_W2_EVM_MIN);
1631 	phy_ppdu->ofdm.has = true;
1632 
1633 	/* sign conversion for S(12,2) */
1634 	if (rtwdev->chip->cfo_src_fd) {
1635 		t = le32_get_bits(ie->w1, RTW89_PHY_STS_IE01_W1_FD_CFO);
1636 		cfo = sign_extend32(t, 11);
1637 	} else {
1638 		t = le32_get_bits(ie->w1, RTW89_PHY_STS_IE01_W1_PREMB_CFO);
1639 		cfo = sign_extend32(t, 11);
1640 	}
1641 
1642 	rtw89_phy_cfo_parse(rtwdev, cfo, phy_ppdu);
1643 
1644 	if (rtwdev->chip->chip_gen == RTW89_CHIP_BE)
1645 		rtw89_core_parse_phy_status_ie01_v2(rtwdev, iehdr, phy_ppdu);
1646 }
1647 
1648 static void rtw89_core_parse_phy_status_ie00(struct rtw89_dev *rtwdev,
1649 					     const struct rtw89_phy_sts_iehdr *iehdr,
1650 					     struct rtw89_rx_phy_ppdu *phy_ppdu)
1651 {
1652 	const struct rtw89_phy_sts_ie00 *ie = (const struct rtw89_phy_sts_ie00 *)iehdr;
1653 	u16 tmp_rpl;
1654 
1655 	tmp_rpl = le32_get_bits(ie->w0, RTW89_PHY_STS_IE00_W0_RPL);
1656 	phy_ppdu->rpl_avg = tmp_rpl >> 1;
1657 }
1658 
1659 static void rtw89_core_parse_phy_status_ie00_v2(struct rtw89_dev *rtwdev,
1660 						const struct rtw89_phy_sts_iehdr *iehdr,
1661 						struct rtw89_rx_phy_ppdu *phy_ppdu)
1662 {
1663 	const struct rtw89_phy_sts_ie00_v2 *ie;
1664 	u8 *rpl_path = phy_ppdu->rpl_path;
1665 	u16 tmp_rpl[RF_PATH_MAX];
1666 	u8 i;
1667 
1668 	ie = (const struct rtw89_phy_sts_ie00_v2 *)iehdr;
1669 	tmp_rpl[RF_PATH_A] = le32_get_bits(ie->w4, RTW89_PHY_STS_IE00_V2_W4_RPL_TD_A);
1670 	tmp_rpl[RF_PATH_B] = le32_get_bits(ie->w4, RTW89_PHY_STS_IE00_V2_W4_RPL_TD_B);
1671 	tmp_rpl[RF_PATH_C] = le32_get_bits(ie->w4, RTW89_PHY_STS_IE00_V2_W4_RPL_TD_C);
1672 	tmp_rpl[RF_PATH_D] = le32_get_bits(ie->w5, RTW89_PHY_STS_IE00_V2_W5_RPL_TD_D);
1673 
1674 	for (i = 0; i < RF_PATH_MAX; i++)
1675 		rpl_path[i] = tmp_rpl[i] >> 1;
1676 }
1677 
1678 static int rtw89_core_process_phy_status_ie(struct rtw89_dev *rtwdev,
1679 					    const struct rtw89_phy_sts_iehdr *iehdr,
1680 					    struct rtw89_rx_phy_ppdu *phy_ppdu)
1681 {
1682 	u8 ie;
1683 
1684 	ie = le32_get_bits(iehdr->w0, RTW89_PHY_STS_IEHDR_TYPE);
1685 
1686 	switch (ie) {
1687 	case RTW89_PHYSTS_IE00_CMN_CCK:
1688 		rtw89_core_parse_phy_status_ie00(rtwdev, iehdr, phy_ppdu);
1689 		if (rtwdev->chip->chip_gen == RTW89_CHIP_BE)
1690 			rtw89_core_parse_phy_status_ie00_v2(rtwdev, iehdr, phy_ppdu);
1691 		break;
1692 	case RTW89_PHYSTS_IE01_CMN_OFDM:
1693 		rtw89_core_parse_phy_status_ie01(rtwdev, iehdr, phy_ppdu);
1694 		break;
1695 	default:
1696 		break;
1697 	}
1698 
1699 	return 0;
1700 }
1701 
1702 static void rtw89_core_update_phy_ppdu_hdr_v2(struct rtw89_rx_phy_ppdu *phy_ppdu)
1703 {
1704 	const struct rtw89_phy_sts_hdr_v2 *hdr = phy_ppdu->buf + PHY_STS_HDR_LEN;
1705 
1706 	phy_ppdu->rx_path_en = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_V2_W0_PATH_EN);
1707 }
1708 
1709 static void rtw89_core_update_phy_ppdu(struct rtw89_rx_phy_ppdu *phy_ppdu)
1710 {
1711 	const struct rtw89_phy_sts_hdr *hdr = phy_ppdu->buf;
1712 	u8 *rssi = phy_ppdu->rssi;
1713 
1714 	phy_ppdu->ie = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_W0_IE_MAP);
1715 	phy_ppdu->rssi_avg = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_W0_RSSI_AVG);
1716 	rssi[RF_PATH_A] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_A);
1717 	rssi[RF_PATH_B] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_B);
1718 	rssi[RF_PATH_C] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_C);
1719 	rssi[RF_PATH_D] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_D);
1720 
1721 	phy_ppdu->hdr_2_en = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_W0_HDR_2_EN);
1722 	if (phy_ppdu->hdr_2_en)
1723 		rtw89_core_update_phy_ppdu_hdr_v2(phy_ppdu);
1724 }
1725 
1726 static int rtw89_core_rx_process_phy_ppdu(struct rtw89_dev *rtwdev,
1727 					  struct rtw89_rx_phy_ppdu *phy_ppdu)
1728 {
1729 	const struct rtw89_phy_sts_hdr *hdr = phy_ppdu->buf;
1730 	u32 len_from_header;
1731 	bool physts_valid;
1732 
1733 	physts_valid = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_W0_VALID);
1734 	if (!physts_valid)
1735 		return -EINVAL;
1736 
1737 	len_from_header = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_W0_LEN) << 3;
1738 
1739 	if (rtwdev->chip->chip_gen == RTW89_CHIP_BE)
1740 		len_from_header += PHY_STS_HDR_LEN;
1741 
1742 	if (len_from_header != phy_ppdu->len) {
1743 		rtw89_debug(rtwdev, RTW89_DBG_UNEXP, "phy ppdu len mismatch\n");
1744 		return -EINVAL;
1745 	}
1746 	rtw89_core_update_phy_ppdu(phy_ppdu);
1747 
1748 	return 0;
1749 }
1750 
1751 static int rtw89_core_rx_parse_phy_sts(struct rtw89_dev *rtwdev,
1752 				       struct rtw89_rx_phy_ppdu *phy_ppdu)
1753 {
1754 	u16 ie_len;
1755 	void *pos, *end;
1756 
1757 	/* mark invalid reports and bypass them */
1758 	if (phy_ppdu->ie < RTW89_CCK_PKT)
1759 		return -EINVAL;
1760 
1761 	pos = phy_ppdu->buf + PHY_STS_HDR_LEN;
1762 	end = phy_ppdu->buf + phy_ppdu->len;
1763 	while (pos < end) {
1764 		const struct rtw89_phy_sts_iehdr *iehdr = pos;
1765 
1766 		ie_len = rtw89_core_get_phy_status_ie_len(rtwdev, iehdr);
1767 		rtw89_core_process_phy_status_ie(rtwdev, iehdr, phy_ppdu);
1768 		pos += ie_len;
1769 		if (pos > end || ie_len == 0) {
1770 			rtw89_debug(rtwdev, RTW89_DBG_TXRX,
1771 				    "phy status parse failed\n");
1772 			return -EINVAL;
1773 		}
1774 	}
1775 
1776 	rtw89_chip_convert_rpl_to_rssi(rtwdev, phy_ppdu);
1777 	rtw89_phy_antdiv_parse(rtwdev, phy_ppdu);
1778 
1779 	return 0;
1780 }
1781 
1782 static void rtw89_core_rx_process_phy_sts(struct rtw89_dev *rtwdev,
1783 					  struct rtw89_rx_phy_ppdu *phy_ppdu)
1784 {
1785 	int ret;
1786 
1787 	ret = rtw89_core_rx_parse_phy_sts(rtwdev, phy_ppdu);
1788 	if (ret)
1789 		rtw89_debug(rtwdev, RTW89_DBG_TXRX, "parse phy sts failed\n");
1790 	else
1791 		phy_ppdu->valid = true;
1792 
1793 	ieee80211_iterate_stations_atomic(rtwdev->hw,
1794 					  rtw89_core_rx_process_phy_ppdu_iter,
1795 					  phy_ppdu);
1796 }
1797 
1798 static u8 rtw89_rxdesc_to_nl_he_eht_gi(struct rtw89_dev *rtwdev,
1799 				       u8 desc_info_gi,
1800 				       bool rx_status, bool eht)
1801 {
1802 	switch (desc_info_gi) {
1803 	case RTW89_GILTF_SGI_4XHE08:
1804 	case RTW89_GILTF_2XHE08:
1805 	case RTW89_GILTF_1XHE08:
1806 		return eht ? NL80211_RATE_INFO_EHT_GI_0_8 :
1807 			     NL80211_RATE_INFO_HE_GI_0_8;
1808 	case RTW89_GILTF_2XHE16:
1809 	case RTW89_GILTF_1XHE16:
1810 		return eht ? NL80211_RATE_INFO_EHT_GI_1_6 :
1811 			     NL80211_RATE_INFO_HE_GI_1_6;
1812 	case RTW89_GILTF_LGI_4XHE32:
1813 		return eht ? NL80211_RATE_INFO_EHT_GI_3_2 :
1814 			     NL80211_RATE_INFO_HE_GI_3_2;
1815 	default:
1816 		rtw89_warn(rtwdev, "invalid gi_ltf=%d", desc_info_gi);
1817 		if (rx_status)
1818 			return eht ? NL80211_RATE_INFO_EHT_GI_3_2 :
1819 				     NL80211_RATE_INFO_HE_GI_3_2;
1820 		return U8_MAX;
1821 	}
1822 }
1823 
1824 static
1825 bool rtw89_check_rx_statu_gi_match(struct ieee80211_rx_status *status, u8 gi_ltf,
1826 				   bool eht)
1827 {
1828 	if (eht)
1829 		return status->eht.gi == gi_ltf;
1830 
1831 	return status->he_gi == gi_ltf;
1832 }
1833 
1834 static bool rtw89_core_rx_ppdu_match(struct rtw89_dev *rtwdev,
1835 				     struct rtw89_rx_desc_info *desc_info,
1836 				     struct ieee80211_rx_status *status)
1837 {
1838 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
1839 	u8 data_rate_mode, bw, rate_idx = MASKBYTE0, gi_ltf;
1840 	bool eht = false;
1841 	u16 data_rate;
1842 	bool ret;
1843 
1844 	data_rate = desc_info->data_rate;
1845 	data_rate_mode = rtw89_get_data_rate_mode(rtwdev, data_rate);
1846 	if (data_rate_mode == DATA_RATE_MODE_NON_HT) {
1847 		rate_idx = rtw89_get_data_not_ht_idx(rtwdev, data_rate);
1848 		/* rate_idx is still hardware value here */
1849 	} else if (data_rate_mode == DATA_RATE_MODE_HT) {
1850 		rate_idx = rtw89_get_data_ht_mcs(rtwdev, data_rate);
1851 	} else if (data_rate_mode == DATA_RATE_MODE_VHT ||
1852 		   data_rate_mode == DATA_RATE_MODE_HE ||
1853 		   data_rate_mode == DATA_RATE_MODE_EHT) {
1854 		rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
1855 	} else {
1856 		rtw89_warn(rtwdev, "invalid RX rate mode %d\n", data_rate_mode);
1857 	}
1858 
1859 	eht = data_rate_mode == DATA_RATE_MODE_EHT;
1860 	bw = rtw89_hw_to_rate_info_bw(desc_info->bw);
1861 	gi_ltf = rtw89_rxdesc_to_nl_he_eht_gi(rtwdev, desc_info->gi_ltf, false, eht);
1862 	ret = rtwdev->ppdu_sts.curr_rx_ppdu_cnt[band] == desc_info->ppdu_cnt &&
1863 	      status->rate_idx == rate_idx &&
1864 	      rtw89_check_rx_statu_gi_match(status, gi_ltf, eht) &&
1865 	      status->bw == bw;
1866 
1867 	return ret;
1868 }
1869 
1870 struct rtw89_vif_rx_stats_iter_data {
1871 	struct rtw89_dev *rtwdev;
1872 	struct rtw89_rx_phy_ppdu *phy_ppdu;
1873 	struct rtw89_rx_desc_info *desc_info;
1874 	struct sk_buff *skb;
1875 	const u8 *bssid;
1876 };
1877 
1878 static void rtw89_stats_trigger_frame(struct rtw89_dev *rtwdev,
1879 				      struct ieee80211_vif *vif,
1880 				      struct sk_buff *skb)
1881 {
1882 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
1883 	struct ieee80211_trigger *tf = (struct ieee80211_trigger *)skb->data;
1884 	u8 *pos, *end, type, tf_bw;
1885 	u16 aid, tf_rua;
1886 
1887 	if (!ether_addr_equal(vif->bss_conf.bssid, tf->ta) ||
1888 	    rtwvif->wifi_role != RTW89_WIFI_ROLE_STATION ||
1889 	    rtwvif->net_type == RTW89_NET_TYPE_NO_LINK)
1890 		return;
1891 
1892 	type = le64_get_bits(tf->common_info, IEEE80211_TRIGGER_TYPE_MASK);
1893 	if (type != IEEE80211_TRIGGER_TYPE_BASIC && type != IEEE80211_TRIGGER_TYPE_MU_BAR)
1894 		return;
1895 
1896 	end = (u8 *)tf + skb->len;
1897 	pos = tf->variable;
1898 
1899 	while (end - pos >= RTW89_TF_BASIC_USER_INFO_SZ) {
1900 		aid = RTW89_GET_TF_USER_INFO_AID12(pos);
1901 		tf_rua = RTW89_GET_TF_USER_INFO_RUA(pos);
1902 		tf_bw = le64_get_bits(tf->common_info, IEEE80211_TRIGGER_ULBW_MASK);
1903 		rtw89_debug(rtwdev, RTW89_DBG_TXRX,
1904 			    "[TF] aid: %d, ul_mcs: %d, rua: %d, bw: %d\n",
1905 			    aid, RTW89_GET_TF_USER_INFO_UL_MCS(pos),
1906 			    tf_rua, tf_bw);
1907 
1908 		if (aid == RTW89_TF_PAD)
1909 			break;
1910 
1911 		if (aid == vif->cfg.aid) {
1912 			enum nl80211_he_ru_alloc rua = rtw89_he_rua_to_ru_alloc(tf_rua >> 1);
1913 
1914 			rtwvif->stats.rx_tf_acc++;
1915 			rtwdev->stats.rx_tf_acc++;
1916 			if (tf_bw == IEEE80211_TRIGGER_ULBW_160_80P80MHZ &&
1917 			    rua <= NL80211_RATE_INFO_HE_RU_ALLOC_106)
1918 				rtwvif->pwr_diff_en = true;
1919 			break;
1920 		}
1921 
1922 		pos += RTW89_TF_BASIC_USER_INFO_SZ;
1923 	}
1924 }
1925 
1926 static void rtw89_cancel_6ghz_probe_work(struct work_struct *work)
1927 {
1928 	struct rtw89_dev *rtwdev = container_of(work, struct rtw89_dev,
1929 						cancel_6ghz_probe_work);
1930 	struct list_head *pkt_list = rtwdev->scan_info.pkt_list;
1931 	struct rtw89_pktofld_info *info;
1932 
1933 	mutex_lock(&rtwdev->mutex);
1934 
1935 	if (!rtwdev->scanning)
1936 		goto out;
1937 
1938 	list_for_each_entry(info, &pkt_list[NL80211_BAND_6GHZ], list) {
1939 		if (!info->cancel || !test_bit(info->id, rtwdev->pkt_offload))
1940 			continue;
1941 
1942 		rtw89_fw_h2c_del_pkt_offload(rtwdev, info->id);
1943 
1944 		/* Don't delete/free info from pkt_list at this moment. Let it
1945 		 * be deleted/freed in rtw89_release_pkt_list() after scanning,
1946 		 * since if during scanning, pkt_list is accessed in bottom half.
1947 		 */
1948 	}
1949 
1950 out:
1951 	mutex_unlock(&rtwdev->mutex);
1952 }
1953 
1954 static void rtw89_core_cancel_6ghz_probe_tx(struct rtw89_dev *rtwdev,
1955 					    struct sk_buff *skb)
1956 {
1957 	struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
1958 	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
1959 	struct list_head *pkt_list = rtwdev->scan_info.pkt_list;
1960 	struct rtw89_pktofld_info *info;
1961 	const u8 *ies = mgmt->u.beacon.variable, *ssid_ie;
1962 	bool queue_work = false;
1963 
1964 	if (rx_status->band != NL80211_BAND_6GHZ)
1965 		return;
1966 
1967 	ssid_ie = cfg80211_find_ie(WLAN_EID_SSID, ies, skb->len);
1968 
1969 	list_for_each_entry(info, &pkt_list[NL80211_BAND_6GHZ], list) {
1970 		if (ether_addr_equal(info->bssid, mgmt->bssid)) {
1971 			info->cancel = true;
1972 			queue_work = true;
1973 			continue;
1974 		}
1975 
1976 		if (!ssid_ie || ssid_ie[1] != info->ssid_len || info->ssid_len == 0)
1977 			continue;
1978 
1979 		if (memcmp(&ssid_ie[2], info->ssid, info->ssid_len) == 0) {
1980 			info->cancel = true;
1981 			queue_work = true;
1982 		}
1983 	}
1984 
1985 	if (queue_work)
1986 		ieee80211_queue_work(rtwdev->hw, &rtwdev->cancel_6ghz_probe_work);
1987 }
1988 
1989 static void rtw89_vif_sync_bcn_tsf(struct rtw89_vif *rtwvif,
1990 				   struct ieee80211_hdr *hdr, size_t len)
1991 {
1992 	struct ieee80211_mgmt *mgmt = (typeof(mgmt))hdr;
1993 
1994 	if (len < offsetof(typeof(*mgmt), u.beacon.variable))
1995 		return;
1996 
1997 	WRITE_ONCE(rtwvif->sync_bcn_tsf, le64_to_cpu(mgmt->u.beacon.timestamp));
1998 }
1999 
2000 static void rtw89_vif_rx_stats_iter(void *data, u8 *mac,
2001 				    struct ieee80211_vif *vif)
2002 {
2003 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
2004 	struct rtw89_vif_rx_stats_iter_data *iter_data = data;
2005 	struct rtw89_dev *rtwdev = iter_data->rtwdev;
2006 	struct rtw89_pkt_stat *pkt_stat = &rtwdev->phystat.cur_pkt_stat;
2007 	struct rtw89_rx_desc_info *desc_info = iter_data->desc_info;
2008 	struct sk_buff *skb = iter_data->skb;
2009 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
2010 	struct rtw89_rx_phy_ppdu *phy_ppdu = iter_data->phy_ppdu;
2011 	const u8 *bssid = iter_data->bssid;
2012 
2013 	if (rtwdev->scanning &&
2014 	    (ieee80211_is_beacon(hdr->frame_control) ||
2015 	     ieee80211_is_probe_resp(hdr->frame_control)))
2016 		rtw89_core_cancel_6ghz_probe_tx(rtwdev, skb);
2017 
2018 	if (!vif->bss_conf.bssid)
2019 		return;
2020 
2021 	if (ieee80211_is_trigger(hdr->frame_control)) {
2022 		rtw89_stats_trigger_frame(rtwdev, vif, skb);
2023 		return;
2024 	}
2025 
2026 	if (!ether_addr_equal(vif->bss_conf.bssid, bssid))
2027 		return;
2028 
2029 	if (ieee80211_is_beacon(hdr->frame_control)) {
2030 		if (vif->type == NL80211_IFTYPE_STATION &&
2031 		    !test_bit(RTW89_FLAG_WOWLAN, rtwdev->flags)) {
2032 			rtw89_vif_sync_bcn_tsf(rtwvif, hdr, skb->len);
2033 			rtw89_fw_h2c_rssi_offload(rtwdev, phy_ppdu);
2034 		}
2035 		pkt_stat->beacon_nr++;
2036 	}
2037 
2038 	if (!ether_addr_equal(vif->addr, hdr->addr1))
2039 		return;
2040 
2041 	if (desc_info->data_rate < RTW89_HW_RATE_NR)
2042 		pkt_stat->rx_rate_cnt[desc_info->data_rate]++;
2043 
2044 	rtw89_traffic_stats_accu(rtwdev, &rtwvif->stats, skb, false);
2045 }
2046 
2047 static void rtw89_core_rx_stats(struct rtw89_dev *rtwdev,
2048 				struct rtw89_rx_phy_ppdu *phy_ppdu,
2049 				struct rtw89_rx_desc_info *desc_info,
2050 				struct sk_buff *skb)
2051 {
2052 	struct rtw89_vif_rx_stats_iter_data iter_data;
2053 
2054 	rtw89_traffic_stats_accu(rtwdev, &rtwdev->stats, skb, false);
2055 
2056 	iter_data.rtwdev = rtwdev;
2057 	iter_data.phy_ppdu = phy_ppdu;
2058 	iter_data.desc_info = desc_info;
2059 	iter_data.skb = skb;
2060 	iter_data.bssid = get_hdr_bssid((struct ieee80211_hdr *)skb->data);
2061 	rtw89_iterate_vifs_bh(rtwdev, rtw89_vif_rx_stats_iter, &iter_data);
2062 }
2063 
2064 static void rtw89_correct_cck_chan(struct rtw89_dev *rtwdev,
2065 				   struct ieee80211_rx_status *status)
2066 {
2067 	const struct rtw89_chan_rcd *rcd =
2068 		rtw89_chan_rcd_get(rtwdev, RTW89_CHANCTX_0);
2069 	u16 chan = rcd->prev_primary_channel;
2070 	u8 band = rtw89_hw_to_nl80211_band(rcd->prev_band_type);
2071 
2072 	if (status->band != NL80211_BAND_2GHZ &&
2073 	    status->encoding == RX_ENC_LEGACY &&
2074 	    status->rate_idx < RTW89_HW_RATE_OFDM6) {
2075 		status->freq = ieee80211_channel_to_frequency(chan, band);
2076 		status->band = band;
2077 	}
2078 }
2079 
2080 static void rtw89_core_hw_to_sband_rate(struct ieee80211_rx_status *rx_status)
2081 {
2082 	if (rx_status->band == NL80211_BAND_2GHZ ||
2083 	    rx_status->encoding != RX_ENC_LEGACY)
2084 		return;
2085 
2086 	/* Some control frames' freq(ACKs in this case) are reported wrong due
2087 	 * to FW notify timing, set to lowest rate to prevent overflow.
2088 	 */
2089 	if (rx_status->rate_idx < RTW89_HW_RATE_OFDM6) {
2090 		rx_status->rate_idx = 0;
2091 		return;
2092 	}
2093 
2094 	/* No 4 CCK rates for non-2G */
2095 	rx_status->rate_idx -= 4;
2096 }
2097 
2098 static
2099 void rtw89_core_update_rx_status_by_ppdu(struct rtw89_dev *rtwdev,
2100 					 struct ieee80211_rx_status *rx_status,
2101 					 struct rtw89_rx_phy_ppdu *phy_ppdu)
2102 {
2103 	if (!(rtwdev->hw->conf.flags & IEEE80211_CONF_MONITOR))
2104 		return;
2105 
2106 	if (!phy_ppdu)
2107 		return;
2108 
2109 	if (phy_ppdu->ldpc)
2110 		rx_status->enc_flags |= RX_ENC_FLAG_LDPC;
2111 	if (phy_ppdu->stbc)
2112 		rx_status->enc_flags |= u8_encode_bits(1, RX_ENC_FLAG_STBC_MASK);
2113 }
2114 
2115 static const u8 rx_status_bw_to_radiotap_eht_usig[] = {
2116 	[RATE_INFO_BW_20] = IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_20MHZ,
2117 	[RATE_INFO_BW_5] = U8_MAX,
2118 	[RATE_INFO_BW_10] = U8_MAX,
2119 	[RATE_INFO_BW_40] = IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_40MHZ,
2120 	[RATE_INFO_BW_80] = IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_80MHZ,
2121 	[RATE_INFO_BW_160] = IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_160MHZ,
2122 	[RATE_INFO_BW_HE_RU] = U8_MAX,
2123 	[RATE_INFO_BW_320] = IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_320MHZ_1,
2124 	[RATE_INFO_BW_EHT_RU] = U8_MAX,
2125 };
2126 
2127 static void rtw89_core_update_radiotap_eht(struct rtw89_dev *rtwdev,
2128 					   struct sk_buff *skb,
2129 					   struct ieee80211_rx_status *rx_status)
2130 {
2131 	struct ieee80211_radiotap_eht_usig *usig;
2132 	struct ieee80211_radiotap_eht *eht;
2133 	struct ieee80211_radiotap_tlv *tlv;
2134 	int eht_len = struct_size(eht, user_info, 1);
2135 	int usig_len = sizeof(*usig);
2136 	int len;
2137 	u8 bw;
2138 
2139 	len = sizeof(*tlv) + ALIGN(eht_len, 4) +
2140 	      sizeof(*tlv) + ALIGN(usig_len, 4);
2141 
2142 	rx_status->flag |= RX_FLAG_RADIOTAP_TLV_AT_END;
2143 	skb_reset_mac_header(skb);
2144 
2145 	/* EHT */
2146 	tlv = skb_push(skb, len);
2147 	memset(tlv, 0, len);
2148 	tlv->type = cpu_to_le16(IEEE80211_RADIOTAP_EHT);
2149 	tlv->len = cpu_to_le16(eht_len);
2150 
2151 	eht = (struct ieee80211_radiotap_eht *)tlv->data;
2152 	eht->known = cpu_to_le32(IEEE80211_RADIOTAP_EHT_KNOWN_GI);
2153 	eht->data[0] =
2154 		le32_encode_bits(rx_status->eht.gi, IEEE80211_RADIOTAP_EHT_DATA0_GI);
2155 
2156 	eht->user_info[0] =
2157 		cpu_to_le32(IEEE80211_RADIOTAP_EHT_USER_INFO_MCS_KNOWN |
2158 			    IEEE80211_RADIOTAP_EHT_USER_INFO_NSS_KNOWN_O |
2159 			    IEEE80211_RADIOTAP_EHT_USER_INFO_CODING_KNOWN);
2160 	eht->user_info[0] |=
2161 		le32_encode_bits(rx_status->rate_idx, IEEE80211_RADIOTAP_EHT_USER_INFO_MCS) |
2162 		le32_encode_bits(rx_status->nss, IEEE80211_RADIOTAP_EHT_USER_INFO_NSS_O);
2163 	if (rx_status->enc_flags & RX_ENC_FLAG_LDPC)
2164 		eht->user_info[0] |=
2165 			cpu_to_le32(IEEE80211_RADIOTAP_EHT_USER_INFO_CODING);
2166 
2167 	/* U-SIG */
2168 	tlv = (void *)tlv + sizeof(*tlv) + ALIGN(eht_len, 4);
2169 	tlv->type = cpu_to_le16(IEEE80211_RADIOTAP_EHT_USIG);
2170 	tlv->len = cpu_to_le16(usig_len);
2171 
2172 	if (rx_status->bw >= ARRAY_SIZE(rx_status_bw_to_radiotap_eht_usig))
2173 		return;
2174 
2175 	bw = rx_status_bw_to_radiotap_eht_usig[rx_status->bw];
2176 	if (bw == U8_MAX)
2177 		return;
2178 
2179 	usig = (struct ieee80211_radiotap_eht_usig *)tlv->data;
2180 	usig->common =
2181 		le32_encode_bits(1, IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_KNOWN) |
2182 		le32_encode_bits(bw, IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW);
2183 }
2184 
2185 static void rtw89_core_update_radiotap(struct rtw89_dev *rtwdev,
2186 				       struct sk_buff *skb,
2187 				       struct ieee80211_rx_status *rx_status)
2188 {
2189 	static const struct ieee80211_radiotap_he known_he = {
2190 		.data1 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_DATA_MCS_KNOWN |
2191 				     IEEE80211_RADIOTAP_HE_DATA1_CODING_KNOWN |
2192 				     IEEE80211_RADIOTAP_HE_DATA1_STBC_KNOWN |
2193 				     IEEE80211_RADIOTAP_HE_DATA1_BW_RU_ALLOC_KNOWN),
2194 		.data2 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA2_GI_KNOWN),
2195 	};
2196 	struct ieee80211_radiotap_he *he;
2197 
2198 	if (!(rtwdev->hw->conf.flags & IEEE80211_CONF_MONITOR))
2199 		return;
2200 
2201 	if (rx_status->encoding == RX_ENC_HE) {
2202 		rx_status->flag |= RX_FLAG_RADIOTAP_HE;
2203 		he = skb_push(skb, sizeof(*he));
2204 		*he = known_he;
2205 	} else if (rx_status->encoding == RX_ENC_EHT) {
2206 		rtw89_core_update_radiotap_eht(rtwdev, skb, rx_status);
2207 	}
2208 }
2209 
2210 static void rtw89_core_rx_to_mac80211(struct rtw89_dev *rtwdev,
2211 				      struct rtw89_rx_phy_ppdu *phy_ppdu,
2212 				      struct rtw89_rx_desc_info *desc_info,
2213 				      struct sk_buff *skb_ppdu,
2214 				      struct ieee80211_rx_status *rx_status)
2215 {
2216 	struct napi_struct *napi = &rtwdev->napi;
2217 
2218 	/* In low power mode, napi isn't scheduled. Receive it to netif. */
2219 	if (unlikely(!napi_is_scheduled(napi)))
2220 		napi = NULL;
2221 
2222 	rtw89_core_hw_to_sband_rate(rx_status);
2223 	rtw89_core_rx_stats(rtwdev, phy_ppdu, desc_info, skb_ppdu);
2224 	rtw89_core_update_rx_status_by_ppdu(rtwdev, rx_status, phy_ppdu);
2225 	rtw89_core_update_radiotap(rtwdev, skb_ppdu, rx_status);
2226 	/* In low power mode, it does RX in thread context. */
2227 	local_bh_disable();
2228 	ieee80211_rx_napi(rtwdev->hw, NULL, skb_ppdu, napi);
2229 	local_bh_enable();
2230 	rtwdev->napi_budget_countdown--;
2231 }
2232 
2233 static void rtw89_core_rx_pending_skb(struct rtw89_dev *rtwdev,
2234 				      struct rtw89_rx_phy_ppdu *phy_ppdu,
2235 				      struct rtw89_rx_desc_info *desc_info,
2236 				      struct sk_buff *skb)
2237 {
2238 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
2239 	int curr = rtwdev->ppdu_sts.curr_rx_ppdu_cnt[band];
2240 	struct sk_buff *skb_ppdu = NULL, *tmp;
2241 	struct ieee80211_rx_status *rx_status;
2242 
2243 	if (curr > RTW89_MAX_PPDU_CNT)
2244 		return;
2245 
2246 	skb_queue_walk_safe(&rtwdev->ppdu_sts.rx_queue[band], skb_ppdu, tmp) {
2247 		skb_unlink(skb_ppdu, &rtwdev->ppdu_sts.rx_queue[band]);
2248 		rx_status = IEEE80211_SKB_RXCB(skb_ppdu);
2249 		if (rtw89_core_rx_ppdu_match(rtwdev, desc_info, rx_status))
2250 			rtw89_chip_query_ppdu(rtwdev, phy_ppdu, rx_status);
2251 		rtw89_correct_cck_chan(rtwdev, rx_status);
2252 		rtw89_core_rx_to_mac80211(rtwdev, phy_ppdu, desc_info, skb_ppdu, rx_status);
2253 	}
2254 }
2255 
2256 static void rtw89_core_rx_process_ppdu_sts(struct rtw89_dev *rtwdev,
2257 					   struct rtw89_rx_desc_info *desc_info,
2258 					   struct sk_buff *skb)
2259 {
2260 	struct rtw89_rx_phy_ppdu phy_ppdu = {.buf = skb->data, .valid = false,
2261 					     .len = skb->len,
2262 					     .to_self = desc_info->addr1_match,
2263 					     .rate = desc_info->data_rate,
2264 					     .mac_id = desc_info->mac_id};
2265 	int ret;
2266 
2267 	if (desc_info->mac_info_valid) {
2268 		ret = rtw89_core_rx_process_mac_ppdu(rtwdev, skb, &phy_ppdu);
2269 		if (ret)
2270 			goto out;
2271 	}
2272 
2273 	ret = rtw89_core_rx_process_phy_ppdu(rtwdev, &phy_ppdu);
2274 	if (ret)
2275 		goto out;
2276 
2277 	rtw89_core_rx_process_phy_sts(rtwdev, &phy_ppdu);
2278 
2279 out:
2280 	rtw89_core_rx_pending_skb(rtwdev, &phy_ppdu, desc_info, skb);
2281 	dev_kfree_skb_any(skb);
2282 }
2283 
2284 static void rtw89_core_rx_process_report(struct rtw89_dev *rtwdev,
2285 					 struct rtw89_rx_desc_info *desc_info,
2286 					 struct sk_buff *skb)
2287 {
2288 	switch (desc_info->pkt_type) {
2289 	case RTW89_CORE_RX_TYPE_C2H:
2290 		rtw89_fw_c2h_irqsafe(rtwdev, skb);
2291 		break;
2292 	case RTW89_CORE_RX_TYPE_PPDU_STAT:
2293 		rtw89_core_rx_process_ppdu_sts(rtwdev, desc_info, skb);
2294 		break;
2295 	default:
2296 		rtw89_debug(rtwdev, RTW89_DBG_TXRX, "unhandled pkt_type=%d\n",
2297 			    desc_info->pkt_type);
2298 		dev_kfree_skb_any(skb);
2299 		break;
2300 	}
2301 }
2302 
2303 void rtw89_core_query_rxdesc(struct rtw89_dev *rtwdev,
2304 			     struct rtw89_rx_desc_info *desc_info,
2305 			     u8 *data, u32 data_offset)
2306 {
2307 	const struct rtw89_chip_info *chip = rtwdev->chip;
2308 	struct rtw89_rxdesc_short *rxd_s;
2309 	struct rtw89_rxdesc_long *rxd_l;
2310 	u8 shift_len, drv_info_len;
2311 
2312 	rxd_s = (struct rtw89_rxdesc_short *)(data + data_offset);
2313 	desc_info->pkt_size = le32_get_bits(rxd_s->dword0, AX_RXD_RPKT_LEN_MASK);
2314 	desc_info->drv_info_size = le32_get_bits(rxd_s->dword0, AX_RXD_DRV_INFO_SIZE_MASK);
2315 	desc_info->long_rxdesc = le32_get_bits(rxd_s->dword0,  AX_RXD_LONG_RXD);
2316 	desc_info->pkt_type = le32_get_bits(rxd_s->dword0,  AX_RXD_RPKT_TYPE_MASK);
2317 	desc_info->mac_info_valid = le32_get_bits(rxd_s->dword0, AX_RXD_MAC_INFO_VLD);
2318 	if (chip->chip_id == RTL8852C)
2319 		desc_info->bw = le32_get_bits(rxd_s->dword1, AX_RXD_BW_v1_MASK);
2320 	else
2321 		desc_info->bw = le32_get_bits(rxd_s->dword1, AX_RXD_BW_MASK);
2322 	desc_info->data_rate = le32_get_bits(rxd_s->dword1, AX_RXD_RX_DATARATE_MASK);
2323 	desc_info->gi_ltf = le32_get_bits(rxd_s->dword1, AX_RXD_RX_GI_LTF_MASK);
2324 	desc_info->user_id = le32_get_bits(rxd_s->dword1, AX_RXD_USER_ID_MASK);
2325 	desc_info->sr_en = le32_get_bits(rxd_s->dword1, AX_RXD_SR_EN);
2326 	desc_info->ppdu_cnt = le32_get_bits(rxd_s->dword1, AX_RXD_PPDU_CNT_MASK);
2327 	desc_info->ppdu_type = le32_get_bits(rxd_s->dword1, AX_RXD_PPDU_TYPE_MASK);
2328 	desc_info->free_run_cnt = le32_get_bits(rxd_s->dword2, AX_RXD_FREERUN_CNT_MASK);
2329 	desc_info->icv_err = le32_get_bits(rxd_s->dword3, AX_RXD_ICV_ERR);
2330 	desc_info->crc32_err = le32_get_bits(rxd_s->dword3, AX_RXD_CRC32_ERR);
2331 	desc_info->hw_dec = le32_get_bits(rxd_s->dword3, AX_RXD_HW_DEC);
2332 	desc_info->sw_dec = le32_get_bits(rxd_s->dword3, AX_RXD_SW_DEC);
2333 	desc_info->addr1_match = le32_get_bits(rxd_s->dword3, AX_RXD_A1_MATCH);
2334 
2335 	shift_len = desc_info->shift << 1; /* 2-byte unit */
2336 	drv_info_len = desc_info->drv_info_size << 3; /* 8-byte unit */
2337 	desc_info->offset = data_offset + shift_len + drv_info_len;
2338 	if (desc_info->long_rxdesc)
2339 		desc_info->rxd_len = sizeof(struct rtw89_rxdesc_long);
2340 	else
2341 		desc_info->rxd_len = sizeof(struct rtw89_rxdesc_short);
2342 	desc_info->ready = true;
2343 
2344 	if (!desc_info->long_rxdesc)
2345 		return;
2346 
2347 	rxd_l = (struct rtw89_rxdesc_long *)(data + data_offset);
2348 	desc_info->frame_type = le32_get_bits(rxd_l->dword4, AX_RXD_TYPE_MASK);
2349 	desc_info->addr_cam_valid = le32_get_bits(rxd_l->dword5, AX_RXD_ADDR_CAM_VLD);
2350 	desc_info->addr_cam_id = le32_get_bits(rxd_l->dword5, AX_RXD_ADDR_CAM_MASK);
2351 	desc_info->sec_cam_id = le32_get_bits(rxd_l->dword5, AX_RXD_SEC_CAM_IDX_MASK);
2352 	desc_info->mac_id = le32_get_bits(rxd_l->dword5, AX_RXD_MAC_ID_MASK);
2353 	desc_info->rx_pl_id = le32_get_bits(rxd_l->dword5, AX_RXD_RX_PL_ID_MASK);
2354 }
2355 EXPORT_SYMBOL(rtw89_core_query_rxdesc);
2356 
2357 void rtw89_core_query_rxdesc_v2(struct rtw89_dev *rtwdev,
2358 				struct rtw89_rx_desc_info *desc_info,
2359 				u8 *data, u32 data_offset)
2360 {
2361 	struct rtw89_rxdesc_short_v2 *rxd_s;
2362 	struct rtw89_rxdesc_long_v2 *rxd_l;
2363 	u16 shift_len, drv_info_len, phy_rtp_len, hdr_cnv_len;
2364 
2365 	rxd_s = (struct rtw89_rxdesc_short_v2 *)(data + data_offset);
2366 
2367 	desc_info->pkt_size = le32_get_bits(rxd_s->dword0, BE_RXD_RPKT_LEN_MASK);
2368 	desc_info->drv_info_size = le32_get_bits(rxd_s->dword0, BE_RXD_DRV_INFO_SZ_MASK);
2369 	desc_info->phy_rpt_size = le32_get_bits(rxd_s->dword0, BE_RXD_PHY_RPT_SZ_MASK);
2370 	desc_info->hdr_cnv_size = le32_get_bits(rxd_s->dword0, BE_RXD_HDR_CNV_SZ_MASK);
2371 	desc_info->shift = le32_get_bits(rxd_s->dword0, BE_RXD_SHIFT_MASK);
2372 	desc_info->long_rxdesc = le32_get_bits(rxd_s->dword0, BE_RXD_LONG_RXD);
2373 	desc_info->pkt_type = le32_get_bits(rxd_s->dword0, BE_RXD_RPKT_TYPE_MASK);
2374 	if (desc_info->pkt_type == RTW89_CORE_RX_TYPE_PPDU_STAT)
2375 		desc_info->mac_info_valid = true;
2376 
2377 	desc_info->frame_type = le32_get_bits(rxd_s->dword2, BE_RXD_TYPE_MASK);
2378 	desc_info->mac_id = le32_get_bits(rxd_s->dword2, BE_RXD_MAC_ID_MASK);
2379 	desc_info->addr_cam_valid = le32_get_bits(rxd_s->dword2, BE_RXD_ADDR_CAM_VLD);
2380 
2381 	desc_info->icv_err = le32_get_bits(rxd_s->dword3, BE_RXD_ICV_ERR);
2382 	desc_info->crc32_err = le32_get_bits(rxd_s->dword3, BE_RXD_CRC32_ERR);
2383 	desc_info->hw_dec = le32_get_bits(rxd_s->dword3, BE_RXD_HW_DEC);
2384 	desc_info->sw_dec = le32_get_bits(rxd_s->dword3, BE_RXD_SW_DEC);
2385 	desc_info->addr1_match = le32_get_bits(rxd_s->dword3, BE_RXD_A1_MATCH);
2386 
2387 	desc_info->bw = le32_get_bits(rxd_s->dword4, BE_RXD_BW_MASK);
2388 	desc_info->data_rate = le32_get_bits(rxd_s->dword4, BE_RXD_RX_DATARATE_MASK);
2389 	desc_info->gi_ltf = le32_get_bits(rxd_s->dword4, BE_RXD_RX_GI_LTF_MASK);
2390 	desc_info->ppdu_cnt = le32_get_bits(rxd_s->dword4, BE_RXD_PPDU_CNT_MASK);
2391 	desc_info->ppdu_type = le32_get_bits(rxd_s->dword4, BE_RXD_PPDU_TYPE_MASK);
2392 
2393 	desc_info->free_run_cnt = le32_to_cpu(rxd_s->dword5);
2394 
2395 	shift_len = desc_info->shift << 1; /* 2-byte unit */
2396 	drv_info_len = desc_info->drv_info_size << 3; /* 8-byte unit */
2397 	phy_rtp_len = desc_info->phy_rpt_size << 3; /* 8-byte unit */
2398 	hdr_cnv_len = desc_info->hdr_cnv_size << 4; /* 16-byte unit */
2399 	desc_info->offset = data_offset + shift_len + drv_info_len +
2400 			    phy_rtp_len + hdr_cnv_len;
2401 
2402 	if (desc_info->long_rxdesc)
2403 		desc_info->rxd_len = sizeof(struct rtw89_rxdesc_long_v2);
2404 	else
2405 		desc_info->rxd_len = sizeof(struct rtw89_rxdesc_short_v2);
2406 	desc_info->ready = true;
2407 
2408 	if (!desc_info->long_rxdesc)
2409 		return;
2410 
2411 	rxd_l = (struct rtw89_rxdesc_long_v2 *)(data + data_offset);
2412 
2413 	desc_info->sr_en = le32_get_bits(rxd_l->dword6, BE_RXD_SR_EN);
2414 	desc_info->user_id = le32_get_bits(rxd_l->dword6, BE_RXD_USER_ID_MASK);
2415 	desc_info->addr_cam_id = le32_get_bits(rxd_l->dword6, BE_RXD_ADDR_CAM_MASK);
2416 	desc_info->sec_cam_id = le32_get_bits(rxd_l->dword6, BE_RXD_SEC_CAM_IDX_MASK);
2417 
2418 	desc_info->rx_pl_id = le32_get_bits(rxd_l->dword7, BE_RXD_RX_PL_ID_MASK);
2419 }
2420 EXPORT_SYMBOL(rtw89_core_query_rxdesc_v2);
2421 
2422 struct rtw89_core_iter_rx_status {
2423 	struct rtw89_dev *rtwdev;
2424 	struct ieee80211_rx_status *rx_status;
2425 	struct rtw89_rx_desc_info *desc_info;
2426 	u8 mac_id;
2427 };
2428 
2429 static
2430 void rtw89_core_stats_sta_rx_status_iter(void *data, struct ieee80211_sta *sta)
2431 {
2432 	struct rtw89_core_iter_rx_status *iter_data =
2433 				(struct rtw89_core_iter_rx_status *)data;
2434 	struct ieee80211_rx_status *rx_status = iter_data->rx_status;
2435 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2436 	struct rtw89_rx_desc_info *desc_info = iter_data->desc_info;
2437 	u8 mac_id = iter_data->mac_id;
2438 
2439 	if (mac_id != rtwsta->mac_id)
2440 		return;
2441 
2442 	rtwsta->rx_status = *rx_status;
2443 	rtwsta->rx_hw_rate = desc_info->data_rate;
2444 }
2445 
2446 static void rtw89_core_stats_sta_rx_status(struct rtw89_dev *rtwdev,
2447 					   struct rtw89_rx_desc_info *desc_info,
2448 					   struct ieee80211_rx_status *rx_status)
2449 {
2450 	struct rtw89_core_iter_rx_status iter_data;
2451 
2452 	if (!desc_info->addr1_match || !desc_info->long_rxdesc)
2453 		return;
2454 
2455 	if (desc_info->frame_type != RTW89_RX_TYPE_DATA)
2456 		return;
2457 
2458 	iter_data.rtwdev = rtwdev;
2459 	iter_data.rx_status = rx_status;
2460 	iter_data.desc_info = desc_info;
2461 	iter_data.mac_id = desc_info->mac_id;
2462 	ieee80211_iterate_stations_atomic(rtwdev->hw,
2463 					  rtw89_core_stats_sta_rx_status_iter,
2464 					  &iter_data);
2465 }
2466 
2467 static void rtw89_core_update_rx_status(struct rtw89_dev *rtwdev,
2468 					struct rtw89_rx_desc_info *desc_info,
2469 					struct ieee80211_rx_status *rx_status)
2470 {
2471 	const struct cfg80211_chan_def *chandef =
2472 		rtw89_chandef_get(rtwdev, RTW89_CHANCTX_0);
2473 	u16 data_rate;
2474 	u8 data_rate_mode;
2475 	bool eht = false;
2476 	u8 gi;
2477 
2478 	/* currently using single PHY */
2479 	rx_status->freq = chandef->chan->center_freq;
2480 	rx_status->band = chandef->chan->band;
2481 
2482 	if (rtwdev->scanning &&
2483 	    RTW89_CHK_FW_FEATURE(SCAN_OFFLOAD, &rtwdev->fw)) {
2484 		const struct rtw89_chan *cur = rtw89_scan_chan_get(rtwdev);
2485 		u8 chan = cur->primary_channel;
2486 		u8 band = cur->band_type;
2487 		enum nl80211_band nl_band;
2488 
2489 		nl_band = rtw89_hw_to_nl80211_band(band);
2490 		rx_status->freq = ieee80211_channel_to_frequency(chan, nl_band);
2491 		rx_status->band = nl_band;
2492 	}
2493 
2494 	if (desc_info->icv_err || desc_info->crc32_err)
2495 		rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
2496 
2497 	if (desc_info->hw_dec &&
2498 	    !(desc_info->sw_dec || desc_info->icv_err))
2499 		rx_status->flag |= RX_FLAG_DECRYPTED;
2500 
2501 	rx_status->bw = rtw89_hw_to_rate_info_bw(desc_info->bw);
2502 
2503 	data_rate = desc_info->data_rate;
2504 	data_rate_mode = rtw89_get_data_rate_mode(rtwdev, data_rate);
2505 	if (data_rate_mode == DATA_RATE_MODE_NON_HT) {
2506 		rx_status->encoding = RX_ENC_LEGACY;
2507 		rx_status->rate_idx = rtw89_get_data_not_ht_idx(rtwdev, data_rate);
2508 		/* convert rate_idx after we get the correct band */
2509 	} else if (data_rate_mode == DATA_RATE_MODE_HT) {
2510 		rx_status->encoding = RX_ENC_HT;
2511 		rx_status->rate_idx = rtw89_get_data_ht_mcs(rtwdev, data_rate);
2512 		if (desc_info->gi_ltf)
2513 			rx_status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
2514 	} else if (data_rate_mode == DATA_RATE_MODE_VHT) {
2515 		rx_status->encoding = RX_ENC_VHT;
2516 		rx_status->rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
2517 		rx_status->nss = rtw89_get_data_nss(rtwdev, data_rate) + 1;
2518 		if (desc_info->gi_ltf)
2519 			rx_status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
2520 	} else if (data_rate_mode == DATA_RATE_MODE_HE) {
2521 		rx_status->encoding = RX_ENC_HE;
2522 		rx_status->rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
2523 		rx_status->nss = rtw89_get_data_nss(rtwdev, data_rate) + 1;
2524 	} else if (data_rate_mode == DATA_RATE_MODE_EHT) {
2525 		rx_status->encoding = RX_ENC_EHT;
2526 		rx_status->rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
2527 		rx_status->nss = rtw89_get_data_nss(rtwdev, data_rate) + 1;
2528 		eht = true;
2529 	} else {
2530 		rtw89_warn(rtwdev, "invalid RX rate mode %d\n", data_rate_mode);
2531 	}
2532 
2533 	/* he_gi is used to match ppdu, so we always fill it. */
2534 	gi = rtw89_rxdesc_to_nl_he_eht_gi(rtwdev, desc_info->gi_ltf, true, eht);
2535 	if (eht)
2536 		rx_status->eht.gi = gi;
2537 	else
2538 		rx_status->he_gi = gi;
2539 	rx_status->flag |= RX_FLAG_MACTIME_START;
2540 	rx_status->mactime = desc_info->free_run_cnt;
2541 
2542 	rtw89_core_stats_sta_rx_status(rtwdev, desc_info, rx_status);
2543 }
2544 
2545 static enum rtw89_ps_mode rtw89_update_ps_mode(struct rtw89_dev *rtwdev)
2546 {
2547 	const struct rtw89_chip_info *chip = rtwdev->chip;
2548 
2549 	if (rtw89_disable_ps_mode || !chip->ps_mode_supported ||
2550 	    RTW89_CHK_FW_FEATURE(NO_DEEP_PS, &rtwdev->fw))
2551 		return RTW89_PS_MODE_NONE;
2552 
2553 	if ((chip->ps_mode_supported & BIT(RTW89_PS_MODE_PWR_GATED)) &&
2554 	    !RTW89_CHK_FW_FEATURE(NO_LPS_PG, &rtwdev->fw))
2555 		return RTW89_PS_MODE_PWR_GATED;
2556 
2557 	if (chip->ps_mode_supported & BIT(RTW89_PS_MODE_CLK_GATED))
2558 		return RTW89_PS_MODE_CLK_GATED;
2559 
2560 	if (chip->ps_mode_supported & BIT(RTW89_PS_MODE_RFOFF))
2561 		return RTW89_PS_MODE_RFOFF;
2562 
2563 	return RTW89_PS_MODE_NONE;
2564 }
2565 
2566 static void rtw89_core_flush_ppdu_rx_queue(struct rtw89_dev *rtwdev,
2567 					   struct rtw89_rx_desc_info *desc_info)
2568 {
2569 	struct rtw89_ppdu_sts_info *ppdu_sts = &rtwdev->ppdu_sts;
2570 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
2571 	struct ieee80211_rx_status *rx_status;
2572 	struct sk_buff *skb_ppdu, *tmp;
2573 
2574 	skb_queue_walk_safe(&ppdu_sts->rx_queue[band], skb_ppdu, tmp) {
2575 		skb_unlink(skb_ppdu, &ppdu_sts->rx_queue[band]);
2576 		rx_status = IEEE80211_SKB_RXCB(skb_ppdu);
2577 		rtw89_core_rx_to_mac80211(rtwdev, NULL, desc_info, skb_ppdu, rx_status);
2578 	}
2579 }
2580 
2581 void rtw89_core_rx(struct rtw89_dev *rtwdev,
2582 		   struct rtw89_rx_desc_info *desc_info,
2583 		   struct sk_buff *skb)
2584 {
2585 	struct ieee80211_rx_status *rx_status;
2586 	struct rtw89_ppdu_sts_info *ppdu_sts = &rtwdev->ppdu_sts;
2587 	u8 ppdu_cnt = desc_info->ppdu_cnt;
2588 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
2589 
2590 	if (desc_info->pkt_type != RTW89_CORE_RX_TYPE_WIFI) {
2591 		rtw89_core_rx_process_report(rtwdev, desc_info, skb);
2592 		return;
2593 	}
2594 
2595 	if (ppdu_sts->curr_rx_ppdu_cnt[band] != ppdu_cnt) {
2596 		rtw89_core_flush_ppdu_rx_queue(rtwdev, desc_info);
2597 		ppdu_sts->curr_rx_ppdu_cnt[band] = ppdu_cnt;
2598 	}
2599 
2600 	rx_status = IEEE80211_SKB_RXCB(skb);
2601 	memset(rx_status, 0, sizeof(*rx_status));
2602 	rtw89_core_update_rx_status(rtwdev, desc_info, rx_status);
2603 	if (desc_info->long_rxdesc &&
2604 	    BIT(desc_info->frame_type) & PPDU_FILTER_BITMAP)
2605 		skb_queue_tail(&ppdu_sts->rx_queue[band], skb);
2606 	else
2607 		rtw89_core_rx_to_mac80211(rtwdev, NULL, desc_info, skb, rx_status);
2608 }
2609 EXPORT_SYMBOL(rtw89_core_rx);
2610 
2611 void rtw89_core_napi_start(struct rtw89_dev *rtwdev)
2612 {
2613 	if (test_and_set_bit(RTW89_FLAG_NAPI_RUNNING, rtwdev->flags))
2614 		return;
2615 
2616 	napi_enable(&rtwdev->napi);
2617 }
2618 EXPORT_SYMBOL(rtw89_core_napi_start);
2619 
2620 void rtw89_core_napi_stop(struct rtw89_dev *rtwdev)
2621 {
2622 	if (!test_and_clear_bit(RTW89_FLAG_NAPI_RUNNING, rtwdev->flags))
2623 		return;
2624 
2625 	napi_synchronize(&rtwdev->napi);
2626 	napi_disable(&rtwdev->napi);
2627 }
2628 EXPORT_SYMBOL(rtw89_core_napi_stop);
2629 
2630 int rtw89_core_napi_init(struct rtw89_dev *rtwdev)
2631 {
2632 	rtwdev->netdev = alloc_netdev_dummy(0);
2633 	if (!rtwdev->netdev)
2634 		return -ENOMEM;
2635 
2636 	netif_napi_add(rtwdev->netdev, &rtwdev->napi,
2637 		       rtwdev->hci.ops->napi_poll);
2638 	return 0;
2639 }
2640 EXPORT_SYMBOL(rtw89_core_napi_init);
2641 
2642 void rtw89_core_napi_deinit(struct rtw89_dev *rtwdev)
2643 {
2644 	rtw89_core_napi_stop(rtwdev);
2645 	netif_napi_del(&rtwdev->napi);
2646 	free_netdev(rtwdev->netdev);
2647 }
2648 EXPORT_SYMBOL(rtw89_core_napi_deinit);
2649 
2650 static void rtw89_core_ba_work(struct work_struct *work)
2651 {
2652 	struct rtw89_dev *rtwdev =
2653 		container_of(work, struct rtw89_dev, ba_work);
2654 	struct rtw89_txq *rtwtxq, *tmp;
2655 	int ret;
2656 
2657 	spin_lock_bh(&rtwdev->ba_lock);
2658 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->ba_list, list) {
2659 		struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2660 		struct ieee80211_sta *sta = txq->sta;
2661 		struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
2662 		u8 tid = txq->tid;
2663 
2664 		if (!sta) {
2665 			rtw89_warn(rtwdev, "cannot start BA without sta\n");
2666 			goto skip_ba_work;
2667 		}
2668 
2669 		if (rtwsta->disassoc) {
2670 			rtw89_debug(rtwdev, RTW89_DBG_TXRX,
2671 				    "cannot start BA with disassoc sta\n");
2672 			goto skip_ba_work;
2673 		}
2674 
2675 		ret = ieee80211_start_tx_ba_session(sta, tid, 0);
2676 		if (ret) {
2677 			rtw89_debug(rtwdev, RTW89_DBG_TXRX,
2678 				    "failed to setup BA session for %pM:%2d: %d\n",
2679 				    sta->addr, tid, ret);
2680 			if (ret == -EINVAL)
2681 				set_bit(RTW89_TXQ_F_BLOCK_BA, &rtwtxq->flags);
2682 		}
2683 skip_ba_work:
2684 		list_del_init(&rtwtxq->list);
2685 	}
2686 	spin_unlock_bh(&rtwdev->ba_lock);
2687 }
2688 
2689 static void rtw89_core_free_sta_pending_ba(struct rtw89_dev *rtwdev,
2690 					   struct ieee80211_sta *sta)
2691 {
2692 	struct rtw89_txq *rtwtxq, *tmp;
2693 
2694 	spin_lock_bh(&rtwdev->ba_lock);
2695 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->ba_list, list) {
2696 		struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2697 
2698 		if (sta == txq->sta)
2699 			list_del_init(&rtwtxq->list);
2700 	}
2701 	spin_unlock_bh(&rtwdev->ba_lock);
2702 }
2703 
2704 static void rtw89_core_free_sta_pending_forbid_ba(struct rtw89_dev *rtwdev,
2705 						  struct ieee80211_sta *sta)
2706 {
2707 	struct rtw89_txq *rtwtxq, *tmp;
2708 
2709 	spin_lock_bh(&rtwdev->ba_lock);
2710 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->forbid_ba_list, list) {
2711 		struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2712 
2713 		if (sta == txq->sta) {
2714 			clear_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
2715 			list_del_init(&rtwtxq->list);
2716 		}
2717 	}
2718 	spin_unlock_bh(&rtwdev->ba_lock);
2719 }
2720 
2721 static void rtw89_core_free_sta_pending_roc_tx(struct rtw89_dev *rtwdev,
2722 					       struct ieee80211_sta *sta)
2723 {
2724 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2725 	struct sk_buff *skb, *tmp;
2726 
2727 	skb_queue_walk_safe(&rtwsta->roc_queue, skb, tmp) {
2728 		skb_unlink(skb, &rtwsta->roc_queue);
2729 		dev_kfree_skb_any(skb);
2730 	}
2731 }
2732 
2733 static void rtw89_core_stop_tx_ba_session(struct rtw89_dev *rtwdev,
2734 					  struct rtw89_txq *rtwtxq)
2735 {
2736 	struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2737 	struct ieee80211_sta *sta = txq->sta;
2738 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
2739 
2740 	if (unlikely(!rtwsta) || unlikely(rtwsta->disassoc))
2741 		return;
2742 
2743 	if (!test_bit(RTW89_TXQ_F_AMPDU, &rtwtxq->flags) ||
2744 	    test_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags))
2745 		return;
2746 
2747 	spin_lock_bh(&rtwdev->ba_lock);
2748 	if (!test_and_set_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags))
2749 		list_add_tail(&rtwtxq->list, &rtwdev->forbid_ba_list);
2750 	spin_unlock_bh(&rtwdev->ba_lock);
2751 
2752 	ieee80211_stop_tx_ba_session(sta, txq->tid);
2753 	cancel_delayed_work(&rtwdev->forbid_ba_work);
2754 	ieee80211_queue_delayed_work(rtwdev->hw, &rtwdev->forbid_ba_work,
2755 				     RTW89_FORBID_BA_TIMER);
2756 }
2757 
2758 static void rtw89_core_txq_check_agg(struct rtw89_dev *rtwdev,
2759 				     struct rtw89_txq *rtwtxq,
2760 				     struct sk_buff *skb)
2761 {
2762 	struct ieee80211_hw *hw = rtwdev->hw;
2763 	struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2764 	struct ieee80211_sta *sta = txq->sta;
2765 	struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
2766 
2767 	if (test_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags))
2768 		return;
2769 
2770 	if (unlikely(skb->protocol == cpu_to_be16(ETH_P_PAE))) {
2771 		rtw89_core_stop_tx_ba_session(rtwdev, rtwtxq);
2772 		return;
2773 	}
2774 
2775 	if (unlikely(!sta))
2776 		return;
2777 
2778 	if (unlikely(test_bit(RTW89_TXQ_F_BLOCK_BA, &rtwtxq->flags)))
2779 		return;
2780 
2781 	if (test_bit(RTW89_TXQ_F_AMPDU, &rtwtxq->flags)) {
2782 		IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_AMPDU;
2783 		return;
2784 	}
2785 
2786 	spin_lock_bh(&rtwdev->ba_lock);
2787 	if (!rtwsta->disassoc && list_empty(&rtwtxq->list)) {
2788 		list_add_tail(&rtwtxq->list, &rtwdev->ba_list);
2789 		ieee80211_queue_work(hw, &rtwdev->ba_work);
2790 	}
2791 	spin_unlock_bh(&rtwdev->ba_lock);
2792 }
2793 
2794 static void rtw89_core_txq_push(struct rtw89_dev *rtwdev,
2795 				struct rtw89_txq *rtwtxq,
2796 				unsigned long frame_cnt,
2797 				unsigned long byte_cnt)
2798 {
2799 	struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2800 	struct ieee80211_vif *vif = txq->vif;
2801 	struct ieee80211_sta *sta = txq->sta;
2802 	struct sk_buff *skb;
2803 	unsigned long i;
2804 	int ret;
2805 
2806 	rcu_read_lock();
2807 	for (i = 0; i < frame_cnt; i++) {
2808 		skb = ieee80211_tx_dequeue_ni(rtwdev->hw, txq);
2809 		if (!skb) {
2810 			rtw89_debug(rtwdev, RTW89_DBG_TXRX, "dequeue a NULL skb\n");
2811 			goto out;
2812 		}
2813 		rtw89_core_txq_check_agg(rtwdev, rtwtxq, skb);
2814 		ret = rtw89_core_tx_write(rtwdev, vif, sta, skb, NULL);
2815 		if (ret) {
2816 			rtw89_err(rtwdev, "failed to push txq: %d\n", ret);
2817 			ieee80211_free_txskb(rtwdev->hw, skb);
2818 			break;
2819 		}
2820 	}
2821 out:
2822 	rcu_read_unlock();
2823 }
2824 
2825 static u32 rtw89_check_and_reclaim_tx_resource(struct rtw89_dev *rtwdev, u8 tid)
2826 {
2827 	u8 qsel, ch_dma;
2828 
2829 	qsel = rtw89_core_get_qsel(rtwdev, tid);
2830 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
2831 
2832 	return rtw89_hci_check_and_reclaim_tx_resource(rtwdev, ch_dma);
2833 }
2834 
2835 static bool rtw89_core_txq_agg_wait(struct rtw89_dev *rtwdev,
2836 				    struct ieee80211_txq *txq,
2837 				    unsigned long *frame_cnt,
2838 				    bool *sched_txq, bool *reinvoke)
2839 {
2840 	struct rtw89_txq *rtwtxq = (struct rtw89_txq *)txq->drv_priv;
2841 	struct ieee80211_sta *sta = txq->sta;
2842 	struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
2843 
2844 	if (!sta || rtwsta->max_agg_wait <= 0)
2845 		return false;
2846 
2847 	if (rtwdev->stats.tx_tfc_lv <= RTW89_TFC_MID)
2848 		return false;
2849 
2850 	if (*frame_cnt > 1) {
2851 		*frame_cnt -= 1;
2852 		*sched_txq = true;
2853 		*reinvoke = true;
2854 		rtwtxq->wait_cnt = 1;
2855 		return false;
2856 	}
2857 
2858 	if (*frame_cnt == 1 && rtwtxq->wait_cnt < rtwsta->max_agg_wait) {
2859 		*reinvoke = true;
2860 		rtwtxq->wait_cnt++;
2861 		return true;
2862 	}
2863 
2864 	rtwtxq->wait_cnt = 0;
2865 	return false;
2866 }
2867 
2868 static void rtw89_core_txq_schedule(struct rtw89_dev *rtwdev, u8 ac, bool *reinvoke)
2869 {
2870 	struct ieee80211_hw *hw = rtwdev->hw;
2871 	struct ieee80211_txq *txq;
2872 	struct rtw89_vif *rtwvif;
2873 	struct rtw89_txq *rtwtxq;
2874 	unsigned long frame_cnt;
2875 	unsigned long byte_cnt;
2876 	u32 tx_resource;
2877 	bool sched_txq;
2878 
2879 	ieee80211_txq_schedule_start(hw, ac);
2880 	while ((txq = ieee80211_next_txq(hw, ac))) {
2881 		rtwtxq = (struct rtw89_txq *)txq->drv_priv;
2882 		rtwvif = (struct rtw89_vif *)txq->vif->drv_priv;
2883 
2884 		if (rtwvif->offchan) {
2885 			ieee80211_return_txq(hw, txq, true);
2886 			continue;
2887 		}
2888 		tx_resource = rtw89_check_and_reclaim_tx_resource(rtwdev, txq->tid);
2889 		sched_txq = false;
2890 
2891 		ieee80211_txq_get_depth(txq, &frame_cnt, &byte_cnt);
2892 		if (rtw89_core_txq_agg_wait(rtwdev, txq, &frame_cnt, &sched_txq, reinvoke)) {
2893 			ieee80211_return_txq(hw, txq, true);
2894 			continue;
2895 		}
2896 		frame_cnt = min_t(unsigned long, frame_cnt, tx_resource);
2897 		rtw89_core_txq_push(rtwdev, rtwtxq, frame_cnt, byte_cnt);
2898 		ieee80211_return_txq(hw, txq, sched_txq);
2899 		if (frame_cnt != 0)
2900 			rtw89_core_tx_kick_off(rtwdev, rtw89_core_get_qsel(rtwdev, txq->tid));
2901 
2902 		/* bound of tx_resource could get stuck due to burst traffic */
2903 		if (frame_cnt == tx_resource)
2904 			*reinvoke = true;
2905 	}
2906 	ieee80211_txq_schedule_end(hw, ac);
2907 }
2908 
2909 static void rtw89_ips_work(struct work_struct *work)
2910 {
2911 	struct rtw89_dev *rtwdev = container_of(work, struct rtw89_dev,
2912 						ips_work);
2913 	mutex_lock(&rtwdev->mutex);
2914 	rtw89_enter_ips_by_hwflags(rtwdev);
2915 	mutex_unlock(&rtwdev->mutex);
2916 }
2917 
2918 static void rtw89_core_txq_work(struct work_struct *w)
2919 {
2920 	struct rtw89_dev *rtwdev = container_of(w, struct rtw89_dev, txq_work);
2921 	bool reinvoke = false;
2922 	u8 ac;
2923 
2924 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
2925 		rtw89_core_txq_schedule(rtwdev, ac, &reinvoke);
2926 
2927 	if (reinvoke) {
2928 		/* reinvoke to process the last frame */
2929 		mod_delayed_work(rtwdev->txq_wq, &rtwdev->txq_reinvoke_work, 1);
2930 	}
2931 }
2932 
2933 static void rtw89_core_txq_reinvoke_work(struct work_struct *w)
2934 {
2935 	struct rtw89_dev *rtwdev = container_of(w, struct rtw89_dev,
2936 						txq_reinvoke_work.work);
2937 
2938 	queue_work(rtwdev->txq_wq, &rtwdev->txq_work);
2939 }
2940 
2941 static void rtw89_forbid_ba_work(struct work_struct *w)
2942 {
2943 	struct rtw89_dev *rtwdev = container_of(w, struct rtw89_dev,
2944 						forbid_ba_work.work);
2945 	struct rtw89_txq *rtwtxq, *tmp;
2946 
2947 	spin_lock_bh(&rtwdev->ba_lock);
2948 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->forbid_ba_list, list) {
2949 		clear_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
2950 		list_del_init(&rtwtxq->list);
2951 	}
2952 	spin_unlock_bh(&rtwdev->ba_lock);
2953 }
2954 
2955 static void rtw89_core_sta_pending_tx_iter(void *data,
2956 					   struct ieee80211_sta *sta)
2957 {
2958 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2959 	struct rtw89_vif *rtwvif_target = data, *rtwvif = rtwsta->rtwvif;
2960 	struct rtw89_dev *rtwdev = rtwvif->rtwdev;
2961 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
2962 	struct sk_buff *skb, *tmp;
2963 	int qsel, ret;
2964 
2965 	if (rtwvif->chanctx_idx != rtwvif_target->chanctx_idx)
2966 		return;
2967 
2968 	if (skb_queue_len(&rtwsta->roc_queue) == 0)
2969 		return;
2970 
2971 	skb_queue_walk_safe(&rtwsta->roc_queue, skb, tmp) {
2972 		skb_unlink(skb, &rtwsta->roc_queue);
2973 
2974 		ret = rtw89_core_tx_write(rtwdev, vif, sta, skb, &qsel);
2975 		if (ret) {
2976 			rtw89_warn(rtwdev, "pending tx failed with %d\n", ret);
2977 			dev_kfree_skb_any(skb);
2978 		} else {
2979 			rtw89_core_tx_kick_off(rtwdev, qsel);
2980 		}
2981 	}
2982 }
2983 
2984 static void rtw89_core_handle_sta_pending_tx(struct rtw89_dev *rtwdev,
2985 					     struct rtw89_vif *rtwvif)
2986 {
2987 	ieee80211_iterate_stations_atomic(rtwdev->hw,
2988 					  rtw89_core_sta_pending_tx_iter,
2989 					  rtwvif);
2990 }
2991 
2992 static int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev,
2993 				    struct rtw89_vif *rtwvif, bool qos, bool ps)
2994 {
2995 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
2996 	struct ieee80211_sta *sta;
2997 	struct ieee80211_hdr *hdr;
2998 	struct sk_buff *skb;
2999 	int ret, qsel;
3000 
3001 	if (vif->type != NL80211_IFTYPE_STATION || !vif->cfg.assoc)
3002 		return 0;
3003 
3004 	rcu_read_lock();
3005 	sta = ieee80211_find_sta(vif, vif->bss_conf.bssid);
3006 	if (!sta) {
3007 		ret = -EINVAL;
3008 		goto out;
3009 	}
3010 
3011 	skb = ieee80211_nullfunc_get(rtwdev->hw, vif, -1, qos);
3012 	if (!skb) {
3013 		ret = -ENOMEM;
3014 		goto out;
3015 	}
3016 
3017 	hdr = (struct ieee80211_hdr *)skb->data;
3018 	if (ps)
3019 		hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
3020 
3021 	ret = rtw89_core_tx_write(rtwdev, vif, sta, skb, &qsel);
3022 	if (ret) {
3023 		rtw89_warn(rtwdev, "nullfunc transmit failed: %d\n", ret);
3024 		dev_kfree_skb_any(skb);
3025 		goto out;
3026 	}
3027 
3028 	rcu_read_unlock();
3029 
3030 	return rtw89_core_tx_kick_off_and_wait(rtwdev, skb, qsel,
3031 					       RTW89_ROC_TX_TIMEOUT);
3032 out:
3033 	rcu_read_unlock();
3034 
3035 	return ret;
3036 }
3037 
3038 void rtw89_roc_start(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
3039 {
3040 	const struct rtw89_mac_gen_def *mac = rtwdev->chip->mac_def;
3041 	struct ieee80211_hw *hw = rtwdev->hw;
3042 	struct rtw89_roc *roc = &rtwvif->roc;
3043 	struct cfg80211_chan_def roc_chan;
3044 	struct rtw89_vif *tmp;
3045 	int ret;
3046 
3047 	lockdep_assert_held(&rtwdev->mutex);
3048 
3049 	rtw89_leave_ips_by_hwflags(rtwdev);
3050 	rtw89_leave_lps(rtwdev);
3051 	rtw89_chanctx_pause(rtwdev, RTW89_CHANCTX_PAUSE_REASON_ROC);
3052 
3053 	ret = rtw89_core_send_nullfunc(rtwdev, rtwvif, true, true);
3054 	if (ret)
3055 		rtw89_debug(rtwdev, RTW89_DBG_TXRX,
3056 			    "roc send null-1 failed: %d\n", ret);
3057 
3058 	rtw89_for_each_rtwvif(rtwdev, tmp)
3059 		if (tmp->chanctx_idx == rtwvif->chanctx_idx)
3060 			tmp->offchan = true;
3061 
3062 	cfg80211_chandef_create(&roc_chan, &roc->chan, NL80211_CHAN_NO_HT);
3063 	rtw89_config_roc_chandef(rtwdev, rtwvif->chanctx_idx, &roc_chan);
3064 	rtw89_set_channel(rtwdev);
3065 	rtw89_write32_clr(rtwdev,
3066 			  rtw89_mac_reg_by_idx(rtwdev, mac->rx_fltr, RTW89_MAC_0),
3067 			  B_AX_A_UC_CAM_MATCH | B_AX_A_BC_CAM_MATCH);
3068 
3069 	ieee80211_ready_on_channel(hw);
3070 	cancel_delayed_work(&rtwvif->roc.roc_work);
3071 	ieee80211_queue_delayed_work(hw, &rtwvif->roc.roc_work,
3072 				     msecs_to_jiffies(rtwvif->roc.duration));
3073 }
3074 
3075 void rtw89_roc_end(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
3076 {
3077 	const struct rtw89_mac_gen_def *mac = rtwdev->chip->mac_def;
3078 	struct ieee80211_hw *hw = rtwdev->hw;
3079 	struct rtw89_roc *roc = &rtwvif->roc;
3080 	struct rtw89_vif *tmp;
3081 	int ret;
3082 
3083 	lockdep_assert_held(&rtwdev->mutex);
3084 
3085 	ieee80211_remain_on_channel_expired(hw);
3086 
3087 	rtw89_leave_ips_by_hwflags(rtwdev);
3088 	rtw89_leave_lps(rtwdev);
3089 
3090 	rtw89_write32_mask(rtwdev,
3091 			   rtw89_mac_reg_by_idx(rtwdev, mac->rx_fltr, RTW89_MAC_0),
3092 			   B_AX_RX_FLTR_CFG_MASK,
3093 			   rtwdev->hal.rx_fltr);
3094 
3095 	roc->state = RTW89_ROC_IDLE;
3096 	rtw89_config_roc_chandef(rtwdev, rtwvif->chanctx_idx, NULL);
3097 	rtw89_chanctx_proceed(rtwdev);
3098 	ret = rtw89_core_send_nullfunc(rtwdev, rtwvif, true, false);
3099 	if (ret)
3100 		rtw89_debug(rtwdev, RTW89_DBG_TXRX,
3101 			    "roc send null-0 failed: %d\n", ret);
3102 
3103 	rtw89_for_each_rtwvif(rtwdev, tmp)
3104 		if (tmp->chanctx_idx == rtwvif->chanctx_idx)
3105 			tmp->offchan = false;
3106 
3107 	rtw89_core_handle_sta_pending_tx(rtwdev, rtwvif);
3108 	queue_work(rtwdev->txq_wq, &rtwdev->txq_work);
3109 
3110 	if (hw->conf.flags & IEEE80211_CONF_IDLE)
3111 		ieee80211_queue_delayed_work(hw, &roc->roc_work,
3112 					     msecs_to_jiffies(RTW89_ROC_IDLE_TIMEOUT));
3113 }
3114 
3115 void rtw89_roc_work(struct work_struct *work)
3116 {
3117 	struct rtw89_vif *rtwvif = container_of(work, struct rtw89_vif,
3118 						roc.roc_work.work);
3119 	struct rtw89_dev *rtwdev = rtwvif->rtwdev;
3120 	struct rtw89_roc *roc = &rtwvif->roc;
3121 
3122 	mutex_lock(&rtwdev->mutex);
3123 
3124 	switch (roc->state) {
3125 	case RTW89_ROC_IDLE:
3126 		rtw89_enter_ips_by_hwflags(rtwdev);
3127 		break;
3128 	case RTW89_ROC_MGMT:
3129 	case RTW89_ROC_NORMAL:
3130 		rtw89_roc_end(rtwdev, rtwvif);
3131 		break;
3132 	default:
3133 		break;
3134 	}
3135 
3136 	mutex_unlock(&rtwdev->mutex);
3137 }
3138 
3139 static enum rtw89_tfc_lv rtw89_get_traffic_level(struct rtw89_dev *rtwdev,
3140 						 u32 throughput, u64 cnt)
3141 {
3142 	if (cnt < 100)
3143 		return RTW89_TFC_IDLE;
3144 	if (throughput > 50)
3145 		return RTW89_TFC_HIGH;
3146 	if (throughput > 10)
3147 		return RTW89_TFC_MID;
3148 	if (throughput > 2)
3149 		return RTW89_TFC_LOW;
3150 	return RTW89_TFC_ULTRA_LOW;
3151 }
3152 
3153 static bool rtw89_traffic_stats_calc(struct rtw89_dev *rtwdev,
3154 				     struct rtw89_traffic_stats *stats)
3155 {
3156 	enum rtw89_tfc_lv tx_tfc_lv = stats->tx_tfc_lv;
3157 	enum rtw89_tfc_lv rx_tfc_lv = stats->rx_tfc_lv;
3158 
3159 	stats->tx_throughput_raw = (u32)(stats->tx_unicast >> RTW89_TP_SHIFT);
3160 	stats->rx_throughput_raw = (u32)(stats->rx_unicast >> RTW89_TP_SHIFT);
3161 
3162 	ewma_tp_add(&stats->tx_ewma_tp, stats->tx_throughput_raw);
3163 	ewma_tp_add(&stats->rx_ewma_tp, stats->rx_throughput_raw);
3164 
3165 	stats->tx_throughput = ewma_tp_read(&stats->tx_ewma_tp);
3166 	stats->rx_throughput = ewma_tp_read(&stats->rx_ewma_tp);
3167 	stats->tx_tfc_lv = rtw89_get_traffic_level(rtwdev, stats->tx_throughput,
3168 						   stats->tx_cnt);
3169 	stats->rx_tfc_lv = rtw89_get_traffic_level(rtwdev, stats->rx_throughput,
3170 						   stats->rx_cnt);
3171 	stats->tx_avg_len = stats->tx_cnt ?
3172 			    DIV_ROUND_DOWN_ULL(stats->tx_unicast, stats->tx_cnt) : 0;
3173 	stats->rx_avg_len = stats->rx_cnt ?
3174 			    DIV_ROUND_DOWN_ULL(stats->rx_unicast, stats->rx_cnt) : 0;
3175 
3176 	stats->tx_unicast = 0;
3177 	stats->rx_unicast = 0;
3178 	stats->tx_cnt = 0;
3179 	stats->rx_cnt = 0;
3180 	stats->rx_tf_periodic = stats->rx_tf_acc;
3181 	stats->rx_tf_acc = 0;
3182 
3183 	if (tx_tfc_lv != stats->tx_tfc_lv || rx_tfc_lv != stats->rx_tfc_lv)
3184 		return true;
3185 
3186 	return false;
3187 }
3188 
3189 static bool rtw89_traffic_stats_track(struct rtw89_dev *rtwdev)
3190 {
3191 	struct rtw89_vif *rtwvif;
3192 	bool tfc_changed;
3193 
3194 	tfc_changed = rtw89_traffic_stats_calc(rtwdev, &rtwdev->stats);
3195 	rtw89_for_each_rtwvif(rtwdev, rtwvif) {
3196 		rtw89_traffic_stats_calc(rtwdev, &rtwvif->stats);
3197 		rtw89_fw_h2c_tp_offload(rtwdev, rtwvif);
3198 	}
3199 
3200 	return tfc_changed;
3201 }
3202 
3203 static void rtw89_vif_enter_lps(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
3204 {
3205 	if ((rtwvif->wifi_role != RTW89_WIFI_ROLE_STATION &&
3206 	     rtwvif->wifi_role != RTW89_WIFI_ROLE_P2P_CLIENT) ||
3207 	    rtwvif->tdls_peer)
3208 		return;
3209 
3210 	if (rtwvif->offchan)
3211 		return;
3212 
3213 	if (rtwvif->stats.tx_tfc_lv == RTW89_TFC_IDLE &&
3214 	    rtwvif->stats.rx_tfc_lv == RTW89_TFC_IDLE)
3215 		rtw89_enter_lps(rtwdev, rtwvif, true);
3216 }
3217 
3218 static void rtw89_enter_lps_track(struct rtw89_dev *rtwdev)
3219 {
3220 	struct rtw89_vif *rtwvif;
3221 
3222 	rtw89_for_each_rtwvif(rtwdev, rtwvif)
3223 		rtw89_vif_enter_lps(rtwdev, rtwvif);
3224 }
3225 
3226 static void rtw89_core_rfk_track(struct rtw89_dev *rtwdev)
3227 {
3228 	enum rtw89_entity_mode mode;
3229 
3230 	mode = rtw89_get_entity_mode(rtwdev);
3231 	if (mode == RTW89_ENTITY_MODE_MCC)
3232 		return;
3233 
3234 	rtw89_chip_rfk_track(rtwdev);
3235 }
3236 
3237 void rtw89_core_update_p2p_ps(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif)
3238 {
3239 	enum rtw89_entity_mode mode = rtw89_get_entity_mode(rtwdev);
3240 
3241 	if (mode == RTW89_ENTITY_MODE_MCC)
3242 		rtw89_queue_chanctx_change(rtwdev, RTW89_CHANCTX_P2P_PS_CHANGE);
3243 	else
3244 		rtw89_process_p2p_ps(rtwdev, vif);
3245 }
3246 
3247 void rtw89_traffic_stats_init(struct rtw89_dev *rtwdev,
3248 			      struct rtw89_traffic_stats *stats)
3249 {
3250 	stats->tx_unicast = 0;
3251 	stats->rx_unicast = 0;
3252 	stats->tx_cnt = 0;
3253 	stats->rx_cnt = 0;
3254 	ewma_tp_init(&stats->tx_ewma_tp);
3255 	ewma_tp_init(&stats->rx_ewma_tp);
3256 }
3257 
3258 static void rtw89_track_work(struct work_struct *work)
3259 {
3260 	struct rtw89_dev *rtwdev = container_of(work, struct rtw89_dev,
3261 						track_work.work);
3262 	bool tfc_changed;
3263 
3264 	if (test_bit(RTW89_FLAG_FORBIDDEN_TRACK_WROK, rtwdev->flags))
3265 		return;
3266 
3267 	mutex_lock(&rtwdev->mutex);
3268 
3269 	if (!test_bit(RTW89_FLAG_RUNNING, rtwdev->flags))
3270 		goto out;
3271 
3272 	ieee80211_queue_delayed_work(rtwdev->hw, &rtwdev->track_work,
3273 				     RTW89_TRACK_WORK_PERIOD);
3274 
3275 	tfc_changed = rtw89_traffic_stats_track(rtwdev);
3276 	if (rtwdev->scanning)
3277 		goto out;
3278 
3279 	rtw89_leave_lps(rtwdev);
3280 
3281 	if (tfc_changed) {
3282 		rtw89_hci_recalc_int_mit(rtwdev);
3283 		rtw89_btc_ntfy_wl_sta(rtwdev);
3284 	}
3285 	rtw89_mac_bf_monitor_track(rtwdev);
3286 	rtw89_phy_stat_track(rtwdev);
3287 	rtw89_phy_env_monitor_track(rtwdev);
3288 	rtw89_phy_dig(rtwdev);
3289 	rtw89_core_rfk_track(rtwdev);
3290 	rtw89_phy_ra_update(rtwdev);
3291 	rtw89_phy_cfo_track(rtwdev);
3292 	rtw89_phy_tx_path_div_track(rtwdev);
3293 	rtw89_phy_antdiv_track(rtwdev);
3294 	rtw89_phy_ul_tb_ctrl_track(rtwdev);
3295 	rtw89_phy_edcca_track(rtwdev);
3296 	rtw89_tas_track(rtwdev);
3297 	rtw89_chanctx_track(rtwdev);
3298 	rtw89_core_rfkill_poll(rtwdev, false);
3299 
3300 	if (rtwdev->lps_enabled && !rtwdev->btc.lps)
3301 		rtw89_enter_lps_track(rtwdev);
3302 
3303 out:
3304 	mutex_unlock(&rtwdev->mutex);
3305 }
3306 
3307 u8 rtw89_core_acquire_bit_map(unsigned long *addr, unsigned long size)
3308 {
3309 	unsigned long bit;
3310 
3311 	bit = find_first_zero_bit(addr, size);
3312 	if (bit < size)
3313 		set_bit(bit, addr);
3314 
3315 	return bit;
3316 }
3317 
3318 void rtw89_core_release_bit_map(unsigned long *addr, u8 bit)
3319 {
3320 	clear_bit(bit, addr);
3321 }
3322 
3323 void rtw89_core_release_all_bits_map(unsigned long *addr, unsigned int nbits)
3324 {
3325 	bitmap_zero(addr, nbits);
3326 }
3327 
3328 int rtw89_core_acquire_sta_ba_entry(struct rtw89_dev *rtwdev,
3329 				    struct rtw89_sta *rtwsta, u8 tid, u8 *cam_idx)
3330 {
3331 	const struct rtw89_chip_info *chip = rtwdev->chip;
3332 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
3333 	struct rtw89_ba_cam_entry *entry = NULL, *tmp;
3334 	u8 idx;
3335 	int i;
3336 
3337 	lockdep_assert_held(&rtwdev->mutex);
3338 
3339 	idx = rtw89_core_acquire_bit_map(cam_info->ba_cam_map, chip->bacam_num);
3340 	if (idx == chip->bacam_num) {
3341 		/* allocate a static BA CAM to tid=0/5, so replace the existing
3342 		 * one if BA CAM is full. Hardware will process the original tid
3343 		 * automatically.
3344 		 */
3345 		if (tid != 0 && tid != 5)
3346 			return -ENOSPC;
3347 
3348 		for_each_set_bit(i, cam_info->ba_cam_map, chip->bacam_num) {
3349 			tmp = &cam_info->ba_cam_entry[i];
3350 			if (tmp->tid == 0 || tmp->tid == 5)
3351 				continue;
3352 
3353 			idx = i;
3354 			entry = tmp;
3355 			list_del(&entry->list);
3356 			break;
3357 		}
3358 
3359 		if (!entry)
3360 			return -ENOSPC;
3361 	} else {
3362 		entry = &cam_info->ba_cam_entry[idx];
3363 	}
3364 
3365 	entry->tid = tid;
3366 	list_add_tail(&entry->list, &rtwsta->ba_cam_list);
3367 
3368 	*cam_idx = idx;
3369 
3370 	return 0;
3371 }
3372 
3373 int rtw89_core_release_sta_ba_entry(struct rtw89_dev *rtwdev,
3374 				    struct rtw89_sta *rtwsta, u8 tid, u8 *cam_idx)
3375 {
3376 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
3377 	struct rtw89_ba_cam_entry *entry = NULL, *tmp;
3378 	u8 idx;
3379 
3380 	lockdep_assert_held(&rtwdev->mutex);
3381 
3382 	list_for_each_entry_safe(entry, tmp, &rtwsta->ba_cam_list, list) {
3383 		if (entry->tid != tid)
3384 			continue;
3385 
3386 		idx = entry - cam_info->ba_cam_entry;
3387 		list_del(&entry->list);
3388 
3389 		rtw89_core_release_bit_map(cam_info->ba_cam_map, idx);
3390 		*cam_idx = idx;
3391 		return 0;
3392 	}
3393 
3394 	return -ENOENT;
3395 }
3396 
3397 #define RTW89_TYPE_MAPPING(_type)	\
3398 	case NL80211_IFTYPE_ ## _type:	\
3399 		rtwvif->wifi_role = RTW89_WIFI_ROLE_ ## _type;	\
3400 		break
3401 void rtw89_vif_type_mapping(struct ieee80211_vif *vif, bool assoc)
3402 {
3403 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3404 
3405 	switch (vif->type) {
3406 	case NL80211_IFTYPE_STATION:
3407 		if (vif->p2p)
3408 			rtwvif->wifi_role = RTW89_WIFI_ROLE_P2P_CLIENT;
3409 		else
3410 			rtwvif->wifi_role = RTW89_WIFI_ROLE_STATION;
3411 		break;
3412 	case NL80211_IFTYPE_AP:
3413 		if (vif->p2p)
3414 			rtwvif->wifi_role = RTW89_WIFI_ROLE_P2P_GO;
3415 		else
3416 			rtwvif->wifi_role = RTW89_WIFI_ROLE_AP;
3417 		break;
3418 	RTW89_TYPE_MAPPING(ADHOC);
3419 	RTW89_TYPE_MAPPING(MONITOR);
3420 	RTW89_TYPE_MAPPING(MESH_POINT);
3421 	default:
3422 		WARN_ON(1);
3423 		break;
3424 	}
3425 
3426 	switch (vif->type) {
3427 	case NL80211_IFTYPE_AP:
3428 	case NL80211_IFTYPE_MESH_POINT:
3429 		rtwvif->net_type = RTW89_NET_TYPE_AP_MODE;
3430 		rtwvif->self_role = RTW89_SELF_ROLE_AP;
3431 		break;
3432 	case NL80211_IFTYPE_ADHOC:
3433 		rtwvif->net_type = RTW89_NET_TYPE_AD_HOC;
3434 		rtwvif->self_role = RTW89_SELF_ROLE_CLIENT;
3435 		break;
3436 	case NL80211_IFTYPE_STATION:
3437 		if (assoc) {
3438 			rtwvif->net_type = RTW89_NET_TYPE_INFRA;
3439 			rtwvif->trigger = vif->bss_conf.he_support;
3440 		} else {
3441 			rtwvif->net_type = RTW89_NET_TYPE_NO_LINK;
3442 			rtwvif->trigger = false;
3443 		}
3444 		rtwvif->self_role = RTW89_SELF_ROLE_CLIENT;
3445 		rtwvif->addr_cam.sec_ent_mode = RTW89_ADDR_CAM_SEC_NORMAL;
3446 		break;
3447 	case NL80211_IFTYPE_MONITOR:
3448 		break;
3449 	default:
3450 		WARN_ON(1);
3451 		break;
3452 	}
3453 }
3454 
3455 int rtw89_core_sta_add(struct rtw89_dev *rtwdev,
3456 		       struct ieee80211_vif *vif,
3457 		       struct ieee80211_sta *sta)
3458 {
3459 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3460 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
3461 	struct rtw89_hal *hal = &rtwdev->hal;
3462 	u8 ant_num = hal->ant_diversity ? 2 : rtwdev->chip->rf_path_num;
3463 	int i;
3464 	int ret;
3465 
3466 	rtwsta->rtwdev = rtwdev;
3467 	rtwsta->rtwvif = rtwvif;
3468 	rtwsta->prev_rssi = 0;
3469 	INIT_LIST_HEAD(&rtwsta->ba_cam_list);
3470 	skb_queue_head_init(&rtwsta->roc_queue);
3471 
3472 	for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
3473 		rtw89_core_txq_init(rtwdev, sta->txq[i]);
3474 
3475 	ewma_rssi_init(&rtwsta->avg_rssi);
3476 	ewma_snr_init(&rtwsta->avg_snr);
3477 	ewma_evm_init(&rtwsta->evm_1ss);
3478 	for (i = 0; i < ant_num; i++) {
3479 		ewma_rssi_init(&rtwsta->rssi[i]);
3480 		ewma_evm_init(&rtwsta->evm_min[i]);
3481 		ewma_evm_init(&rtwsta->evm_max[i]);
3482 	}
3483 
3484 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
3485 		/* for station mode, assign the mac_id from itself */
3486 		rtwsta->mac_id = rtwvif->mac_id;
3487 
3488 		/* must do rtw89_reg_6ghz_recalc() before rfk channel */
3489 		ret = rtw89_reg_6ghz_recalc(rtwdev, rtwvif, true);
3490 		if (ret)
3491 			return ret;
3492 
3493 		rtw89_btc_ntfy_role_info(rtwdev, rtwvif, rtwsta,
3494 					 BTC_ROLE_MSTS_STA_CONN_START);
3495 		rtw89_chip_rfk_channel(rtwdev, rtwvif);
3496 	} else if (vif->type == NL80211_IFTYPE_AP || sta->tdls) {
3497 		rtwsta->mac_id = rtw89_acquire_mac_id(rtwdev);
3498 		if (rtwsta->mac_id == RTW89_MAX_MAC_ID_NUM)
3499 			return -ENOSPC;
3500 
3501 		ret = rtw89_mac_set_macid_pause(rtwdev, rtwsta->mac_id, false);
3502 		if (ret) {
3503 			rtw89_release_mac_id(rtwdev, rtwsta->mac_id);
3504 			rtw89_warn(rtwdev, "failed to send h2c macid pause\n");
3505 			return ret;
3506 		}
3507 
3508 		ret = rtw89_fw_h2c_role_maintain(rtwdev, rtwvif, rtwsta,
3509 						 RTW89_ROLE_CREATE);
3510 		if (ret) {
3511 			rtw89_release_mac_id(rtwdev, rtwsta->mac_id);
3512 			rtw89_warn(rtwdev, "failed to send h2c role info\n");
3513 			return ret;
3514 		}
3515 
3516 		ret = rtw89_chip_h2c_default_cmac_tbl(rtwdev, rtwvif, rtwsta);
3517 		if (ret)
3518 			return ret;
3519 
3520 		ret = rtw89_chip_h2c_default_dmac_tbl(rtwdev, rtwvif, rtwsta);
3521 		if (ret)
3522 			return ret;
3523 
3524 		rtw89_queue_chanctx_change(rtwdev, RTW89_CHANCTX_REMOTE_STA_CHANGE);
3525 	}
3526 
3527 	return 0;
3528 }
3529 
3530 int rtw89_core_sta_disassoc(struct rtw89_dev *rtwdev,
3531 			    struct ieee80211_vif *vif,
3532 			    struct ieee80211_sta *sta)
3533 {
3534 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3535 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
3536 
3537 	if (vif->type == NL80211_IFTYPE_STATION)
3538 		rtw89_fw_h2c_set_bcn_fltr_cfg(rtwdev, vif, false);
3539 
3540 	rtwdev->total_sta_assoc--;
3541 	if (sta->tdls)
3542 		rtwvif->tdls_peer--;
3543 	rtwsta->disassoc = true;
3544 
3545 	return 0;
3546 }
3547 
3548 int rtw89_core_sta_disconnect(struct rtw89_dev *rtwdev,
3549 			      struct ieee80211_vif *vif,
3550 			      struct ieee80211_sta *sta)
3551 {
3552 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3553 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
3554 	int ret;
3555 
3556 	rtw89_mac_bf_monitor_calc(rtwdev, sta, true);
3557 	rtw89_mac_bf_disassoc(rtwdev, vif, sta);
3558 	rtw89_core_free_sta_pending_ba(rtwdev, sta);
3559 	rtw89_core_free_sta_pending_forbid_ba(rtwdev, sta);
3560 	rtw89_core_free_sta_pending_roc_tx(rtwdev, sta);
3561 
3562 	if (vif->type == NL80211_IFTYPE_AP || sta->tdls)
3563 		rtw89_cam_deinit_addr_cam(rtwdev, &rtwsta->addr_cam);
3564 	if (sta->tdls)
3565 		rtw89_cam_deinit_bssid_cam(rtwdev, &rtwsta->bssid_cam);
3566 
3567 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
3568 		rtw89_vif_type_mapping(vif, false);
3569 		rtw89_fw_release_general_pkt_list_vif(rtwdev, rtwvif, true);
3570 	}
3571 
3572 	ret = rtw89_chip_h2c_assoc_cmac_tbl(rtwdev, vif, sta);
3573 	if (ret) {
3574 		rtw89_warn(rtwdev, "failed to send h2c cmac table\n");
3575 		return ret;
3576 	}
3577 
3578 	ret = rtw89_fw_h2c_join_info(rtwdev, rtwvif, rtwsta, true);
3579 	if (ret) {
3580 		rtw89_warn(rtwdev, "failed to send h2c join info\n");
3581 		return ret;
3582 	}
3583 
3584 	/* update cam aid mac_id net_type */
3585 	ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL);
3586 	if (ret) {
3587 		rtw89_warn(rtwdev, "failed to send h2c cam\n");
3588 		return ret;
3589 	}
3590 
3591 	return ret;
3592 }
3593 
3594 int rtw89_core_sta_assoc(struct rtw89_dev *rtwdev,
3595 			 struct ieee80211_vif *vif,
3596 			 struct ieee80211_sta *sta)
3597 {
3598 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3599 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
3600 	struct rtw89_bssid_cam_entry *bssid_cam = rtw89_get_bssid_cam_of(rtwvif, rtwsta);
3601 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev,
3602 						       rtwvif->chanctx_idx);
3603 	int ret;
3604 
3605 	if (vif->type == NL80211_IFTYPE_AP || sta->tdls) {
3606 		if (sta->tdls) {
3607 			ret = rtw89_cam_init_bssid_cam(rtwdev, rtwvif, bssid_cam, sta->addr);
3608 			if (ret) {
3609 				rtw89_warn(rtwdev, "failed to send h2c init bssid cam for TDLS\n");
3610 				return ret;
3611 			}
3612 		}
3613 
3614 		ret = rtw89_cam_init_addr_cam(rtwdev, &rtwsta->addr_cam, bssid_cam);
3615 		if (ret) {
3616 			rtw89_warn(rtwdev, "failed to send h2c init addr cam\n");
3617 			return ret;
3618 		}
3619 	}
3620 
3621 	ret = rtw89_chip_h2c_assoc_cmac_tbl(rtwdev, vif, sta);
3622 	if (ret) {
3623 		rtw89_warn(rtwdev, "failed to send h2c cmac table\n");
3624 		return ret;
3625 	}
3626 
3627 	ret = rtw89_fw_h2c_join_info(rtwdev, rtwvif, rtwsta, false);
3628 	if (ret) {
3629 		rtw89_warn(rtwdev, "failed to send h2c join info\n");
3630 		return ret;
3631 	}
3632 
3633 	/* update cam aid mac_id net_type */
3634 	ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL);
3635 	if (ret) {
3636 		rtw89_warn(rtwdev, "failed to send h2c cam\n");
3637 		return ret;
3638 	}
3639 
3640 	rtwdev->total_sta_assoc++;
3641 	if (sta->tdls)
3642 		rtwvif->tdls_peer++;
3643 	rtw89_phy_ra_assoc(rtwdev, sta);
3644 	rtw89_mac_bf_assoc(rtwdev, vif, sta);
3645 	rtw89_mac_bf_monitor_calc(rtwdev, sta, false);
3646 
3647 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
3648 		struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
3649 
3650 		if (bss_conf->he_support &&
3651 		    !(bss_conf->he_oper.params & IEEE80211_HE_OPERATION_ER_SU_DISABLE))
3652 			rtwsta->er_cap = true;
3653 
3654 		rtw89_btc_ntfy_role_info(rtwdev, rtwvif, rtwsta,
3655 					 BTC_ROLE_MSTS_STA_CONN_END);
3656 		rtw89_core_get_no_ul_ofdma_htc(rtwdev, &rtwsta->htc_template, chan);
3657 		rtw89_phy_ul_tb_assoc(rtwdev, rtwvif);
3658 
3659 		ret = rtw89_fw_h2c_general_pkt(rtwdev, rtwvif, rtwsta->mac_id);
3660 		if (ret) {
3661 			rtw89_warn(rtwdev, "failed to send h2c general packet\n");
3662 			return ret;
3663 		}
3664 
3665 		rtw89_fw_h2c_set_bcn_fltr_cfg(rtwdev, vif, true);
3666 	}
3667 
3668 	return ret;
3669 }
3670 
3671 int rtw89_core_sta_remove(struct rtw89_dev *rtwdev,
3672 			  struct ieee80211_vif *vif,
3673 			  struct ieee80211_sta *sta)
3674 {
3675 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3676 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
3677 	int ret;
3678 
3679 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
3680 		rtw89_reg_6ghz_recalc(rtwdev, rtwvif, false);
3681 		rtw89_btc_ntfy_role_info(rtwdev, rtwvif, rtwsta,
3682 					 BTC_ROLE_MSTS_STA_DIS_CONN);
3683 	} else if (vif->type == NL80211_IFTYPE_AP || sta->tdls) {
3684 		rtw89_release_mac_id(rtwdev, rtwsta->mac_id);
3685 
3686 		ret = rtw89_fw_h2c_role_maintain(rtwdev, rtwvif, rtwsta,
3687 						 RTW89_ROLE_REMOVE);
3688 		if (ret) {
3689 			rtw89_warn(rtwdev, "failed to send h2c role info\n");
3690 			return ret;
3691 		}
3692 
3693 		rtw89_queue_chanctx_change(rtwdev, RTW89_CHANCTX_REMOTE_STA_CHANGE);
3694 	}
3695 
3696 	return 0;
3697 }
3698 
3699 static void _rtw89_core_set_tid_config(struct rtw89_dev *rtwdev,
3700 				       struct ieee80211_sta *sta,
3701 				       struct cfg80211_tid_cfg *tid_conf)
3702 {
3703 	struct ieee80211_txq *txq;
3704 	struct rtw89_txq *rtwtxq;
3705 	u32 mask = tid_conf->mask;
3706 	u8 tids = tid_conf->tids;
3707 	int tids_nbit = BITS_PER_BYTE;
3708 	int i;
3709 
3710 	for (i = 0; i < tids_nbit; i++, tids >>= 1) {
3711 		if (!tids)
3712 			break;
3713 
3714 		if (!(tids & BIT(0)))
3715 			continue;
3716 
3717 		txq = sta->txq[i];
3718 		rtwtxq = (struct rtw89_txq *)txq->drv_priv;
3719 
3720 		if (mask & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
3721 			if (tid_conf->ampdu == NL80211_TID_CONFIG_ENABLE) {
3722 				clear_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
3723 			} else {
3724 				if (test_bit(RTW89_TXQ_F_AMPDU, &rtwtxq->flags))
3725 					ieee80211_stop_tx_ba_session(sta, txq->tid);
3726 				spin_lock_bh(&rtwdev->ba_lock);
3727 				list_del_init(&rtwtxq->list);
3728 				set_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
3729 				spin_unlock_bh(&rtwdev->ba_lock);
3730 			}
3731 		}
3732 
3733 		if (mask & BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL) && tids == 0xff) {
3734 			if (tid_conf->amsdu == NL80211_TID_CONFIG_ENABLE)
3735 				sta->max_amsdu_subframes = 0;
3736 			else
3737 				sta->max_amsdu_subframes = 1;
3738 		}
3739 	}
3740 }
3741 
3742 void rtw89_core_set_tid_config(struct rtw89_dev *rtwdev,
3743 			       struct ieee80211_sta *sta,
3744 			       struct cfg80211_tid_config *tid_config)
3745 {
3746 	int i;
3747 
3748 	for (i = 0; i < tid_config->n_tid_conf; i++)
3749 		_rtw89_core_set_tid_config(rtwdev, sta,
3750 					   &tid_config->tid_conf[i]);
3751 }
3752 
3753 static void rtw89_init_ht_cap(struct rtw89_dev *rtwdev,
3754 			      struct ieee80211_sta_ht_cap *ht_cap)
3755 {
3756 	static const __le16 highest[RF_PATH_MAX] = {
3757 		cpu_to_le16(150), cpu_to_le16(300), cpu_to_le16(450), cpu_to_le16(600),
3758 	};
3759 	struct rtw89_hal *hal = &rtwdev->hal;
3760 	u8 nss = hal->rx_nss;
3761 	int i;
3762 
3763 	ht_cap->ht_supported = true;
3764 	ht_cap->cap = 0;
3765 	ht_cap->cap |= IEEE80211_HT_CAP_SGI_20 |
3766 		       IEEE80211_HT_CAP_MAX_AMSDU |
3767 		       IEEE80211_HT_CAP_TX_STBC |
3768 		       (1 << IEEE80211_HT_CAP_RX_STBC_SHIFT);
3769 	ht_cap->cap |= IEEE80211_HT_CAP_LDPC_CODING;
3770 	ht_cap->cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40 |
3771 		       IEEE80211_HT_CAP_DSSSCCK40 |
3772 		       IEEE80211_HT_CAP_SGI_40;
3773 	ht_cap->ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
3774 	ht_cap->ampdu_density = IEEE80211_HT_MPDU_DENSITY_NONE;
3775 	ht_cap->mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
3776 	for (i = 0; i < nss; i++)
3777 		ht_cap->mcs.rx_mask[i] = 0xFF;
3778 	ht_cap->mcs.rx_mask[4] = 0x01;
3779 	ht_cap->mcs.rx_highest = highest[nss - 1];
3780 }
3781 
3782 static void rtw89_init_vht_cap(struct rtw89_dev *rtwdev,
3783 			       struct ieee80211_sta_vht_cap *vht_cap)
3784 {
3785 	static const __le16 highest_bw80[RF_PATH_MAX] = {
3786 		cpu_to_le16(433), cpu_to_le16(867), cpu_to_le16(1300), cpu_to_le16(1733),
3787 	};
3788 	static const __le16 highest_bw160[RF_PATH_MAX] = {
3789 		cpu_to_le16(867), cpu_to_le16(1733), cpu_to_le16(2600), cpu_to_le16(3467),
3790 	};
3791 	const struct rtw89_chip_info *chip = rtwdev->chip;
3792 	const __le16 *highest = chip->support_bandwidths & BIT(NL80211_CHAN_WIDTH_160) ?
3793 				highest_bw160 : highest_bw80;
3794 	struct rtw89_hal *hal = &rtwdev->hal;
3795 	u16 tx_mcs_map = 0, rx_mcs_map = 0;
3796 	u8 sts_cap = 3;
3797 	int i;
3798 
3799 	for (i = 0; i < 8; i++) {
3800 		if (i < hal->tx_nss)
3801 			tx_mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
3802 		else
3803 			tx_mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
3804 		if (i < hal->rx_nss)
3805 			rx_mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
3806 		else
3807 			rx_mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
3808 	}
3809 
3810 	vht_cap->vht_supported = true;
3811 	vht_cap->cap = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454 |
3812 		       IEEE80211_VHT_CAP_SHORT_GI_80 |
3813 		       IEEE80211_VHT_CAP_RXSTBC_1 |
3814 		       IEEE80211_VHT_CAP_HTC_VHT |
3815 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK |
3816 		       0;
3817 	vht_cap->cap |= IEEE80211_VHT_CAP_TXSTBC;
3818 	vht_cap->cap |= IEEE80211_VHT_CAP_RXLDPC;
3819 	vht_cap->cap |= IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
3820 			IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
3821 	vht_cap->cap |= sts_cap << IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
3822 	if (chip->support_bandwidths & BIT(NL80211_CHAN_WIDTH_160))
3823 		vht_cap->cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
3824 				IEEE80211_VHT_CAP_SHORT_GI_160;
3825 	vht_cap->vht_mcs.rx_mcs_map = cpu_to_le16(rx_mcs_map);
3826 	vht_cap->vht_mcs.tx_mcs_map = cpu_to_le16(tx_mcs_map);
3827 	vht_cap->vht_mcs.rx_highest = highest[hal->rx_nss - 1];
3828 	vht_cap->vht_mcs.tx_highest = highest[hal->tx_nss - 1];
3829 
3830 	if (ieee80211_hw_check(rtwdev->hw, SUPPORTS_VHT_EXT_NSS_BW))
3831 		vht_cap->vht_mcs.tx_highest |=
3832 			cpu_to_le16(IEEE80211_VHT_EXT_NSS_BW_CAPABLE);
3833 }
3834 
3835 static void rtw89_init_he_cap(struct rtw89_dev *rtwdev,
3836 			      enum nl80211_band band,
3837 			      enum nl80211_iftype iftype,
3838 			      struct ieee80211_sband_iftype_data *iftype_data)
3839 {
3840 	const struct rtw89_chip_info *chip = rtwdev->chip;
3841 	struct rtw89_hal *hal = &rtwdev->hal;
3842 	bool no_ng16 = (chip->chip_id == RTL8852A && hal->cv == CHIP_CBV) ||
3843 		       (chip->chip_id == RTL8852B && hal->cv == CHIP_CAV);
3844 	struct ieee80211_sta_he_cap *he_cap;
3845 	int nss = hal->rx_nss;
3846 	u8 *mac_cap_info;
3847 	u8 *phy_cap_info;
3848 	u16 mcs_map = 0;
3849 	int i;
3850 
3851 	for (i = 0; i < 8; i++) {
3852 		if (i < nss)
3853 			mcs_map |= IEEE80211_HE_MCS_SUPPORT_0_11 << (i * 2);
3854 		else
3855 			mcs_map |= IEEE80211_HE_MCS_NOT_SUPPORTED << (i * 2);
3856 	}
3857 
3858 	he_cap = &iftype_data->he_cap;
3859 	mac_cap_info = he_cap->he_cap_elem.mac_cap_info;
3860 	phy_cap_info = he_cap->he_cap_elem.phy_cap_info;
3861 
3862 	he_cap->has_he = true;
3863 	mac_cap_info[0] = IEEE80211_HE_MAC_CAP0_HTC_HE;
3864 	if (iftype == NL80211_IFTYPE_STATION)
3865 		mac_cap_info[1] = IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_16US;
3866 	mac_cap_info[2] = IEEE80211_HE_MAC_CAP2_ALL_ACK |
3867 			  IEEE80211_HE_MAC_CAP2_BSR;
3868 	mac_cap_info[3] = IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_2;
3869 	if (iftype == NL80211_IFTYPE_AP)
3870 		mac_cap_info[3] |= IEEE80211_HE_MAC_CAP3_OMI_CONTROL;
3871 	mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_OPS |
3872 			  IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU;
3873 	if (iftype == NL80211_IFTYPE_STATION)
3874 		mac_cap_info[5] = IEEE80211_HE_MAC_CAP5_HT_VHT_TRIG_FRAME_RX;
3875 	if (band == NL80211_BAND_2GHZ) {
3876 		phy_cap_info[0] =
3877 			IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G;
3878 	} else {
3879 		phy_cap_info[0] =
3880 			IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G;
3881 		if (chip->support_bandwidths & BIT(NL80211_CHAN_WIDTH_160))
3882 			phy_cap_info[0] |= IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
3883 	}
3884 	phy_cap_info[1] = IEEE80211_HE_PHY_CAP1_DEVICE_CLASS_A |
3885 			  IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD |
3886 			  IEEE80211_HE_PHY_CAP1_HE_LTF_AND_GI_FOR_HE_PPDUS_0_8US;
3887 	phy_cap_info[2] = IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US |
3888 			  IEEE80211_HE_PHY_CAP2_STBC_TX_UNDER_80MHZ |
3889 			  IEEE80211_HE_PHY_CAP2_STBC_RX_UNDER_80MHZ |
3890 			  IEEE80211_HE_PHY_CAP2_DOPPLER_TX;
3891 	phy_cap_info[3] = IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_RX_16_QAM;
3892 	if (iftype == NL80211_IFTYPE_STATION)
3893 		phy_cap_info[3] |= IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_TX_16_QAM |
3894 				   IEEE80211_HE_PHY_CAP3_DCM_MAX_TX_NSS_2;
3895 	if (iftype == NL80211_IFTYPE_AP)
3896 		phy_cap_info[3] |= IEEE80211_HE_PHY_CAP3_RX_PARTIAL_BW_SU_IN_20MHZ_MU;
3897 	phy_cap_info[4] = IEEE80211_HE_PHY_CAP4_SU_BEAMFORMEE |
3898 			  IEEE80211_HE_PHY_CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_4;
3899 	if (chip->support_bandwidths & BIT(NL80211_CHAN_WIDTH_160))
3900 		phy_cap_info[4] |= IEEE80211_HE_PHY_CAP4_BEAMFORMEE_MAX_STS_ABOVE_80MHZ_4;
3901 	phy_cap_info[5] = no_ng16 ? 0 :
3902 			  IEEE80211_HE_PHY_CAP5_NG16_SU_FEEDBACK |
3903 			  IEEE80211_HE_PHY_CAP5_NG16_MU_FEEDBACK;
3904 	phy_cap_info[6] = IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_42_SU |
3905 			  IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_75_MU |
3906 			  IEEE80211_HE_PHY_CAP6_TRIG_SU_BEAMFORMING_FB |
3907 			  IEEE80211_HE_PHY_CAP6_PARTIAL_BW_EXT_RANGE;
3908 	phy_cap_info[7] = IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_SUPP |
3909 			  IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI |
3910 			  IEEE80211_HE_PHY_CAP7_MAX_NC_1;
3911 	phy_cap_info[8] = IEEE80211_HE_PHY_CAP8_HE_ER_SU_PPDU_4XLTF_AND_08_US_GI |
3912 			  IEEE80211_HE_PHY_CAP8_HE_ER_SU_1XLTF_AND_08_US_GI |
3913 			  IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_996;
3914 	if (chip->support_bandwidths & BIT(NL80211_CHAN_WIDTH_160))
3915 		phy_cap_info[8] |= IEEE80211_HE_PHY_CAP8_20MHZ_IN_160MHZ_HE_PPDU |
3916 				   IEEE80211_HE_PHY_CAP8_80MHZ_IN_160MHZ_HE_PPDU;
3917 	phy_cap_info[9] = IEEE80211_HE_PHY_CAP9_LONGER_THAN_16_SIGB_OFDM_SYM |
3918 			  IEEE80211_HE_PHY_CAP9_RX_1024_QAM_LESS_THAN_242_TONE_RU |
3919 			  IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_COMP_SIGB |
3920 			  IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_NON_COMP_SIGB |
3921 			  u8_encode_bits(IEEE80211_HE_PHY_CAP9_NOMINAL_PKT_PADDING_16US,
3922 					 IEEE80211_HE_PHY_CAP9_NOMINAL_PKT_PADDING_MASK);
3923 	if (iftype == NL80211_IFTYPE_STATION)
3924 		phy_cap_info[9] |= IEEE80211_HE_PHY_CAP9_TX_1024_QAM_LESS_THAN_242_TONE_RU;
3925 	he_cap->he_mcs_nss_supp.rx_mcs_80 = cpu_to_le16(mcs_map);
3926 	he_cap->he_mcs_nss_supp.tx_mcs_80 = cpu_to_le16(mcs_map);
3927 	if (chip->support_bandwidths & BIT(NL80211_CHAN_WIDTH_160)) {
3928 		he_cap->he_mcs_nss_supp.rx_mcs_160 = cpu_to_le16(mcs_map);
3929 		he_cap->he_mcs_nss_supp.tx_mcs_160 = cpu_to_le16(mcs_map);
3930 	}
3931 
3932 	if (band == NL80211_BAND_6GHZ) {
3933 		__le16 capa;
3934 
3935 		capa = le16_encode_bits(IEEE80211_HT_MPDU_DENSITY_NONE,
3936 					IEEE80211_HE_6GHZ_CAP_MIN_MPDU_START) |
3937 		       le16_encode_bits(IEEE80211_VHT_MAX_AMPDU_1024K,
3938 					IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP) |
3939 		       le16_encode_bits(IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454,
3940 					IEEE80211_HE_6GHZ_CAP_MAX_MPDU_LEN);
3941 		iftype_data->he_6ghz_capa.capa = capa;
3942 	}
3943 }
3944 
3945 static void rtw89_init_eht_cap(struct rtw89_dev *rtwdev,
3946 			       enum nl80211_band band,
3947 			       enum nl80211_iftype iftype,
3948 			       struct ieee80211_sband_iftype_data *iftype_data)
3949 {
3950 	const struct rtw89_chip_info *chip = rtwdev->chip;
3951 	struct ieee80211_eht_cap_elem_fixed *eht_cap_elem;
3952 	struct ieee80211_eht_mcs_nss_supp *eht_nss;
3953 	struct ieee80211_sta_eht_cap *eht_cap;
3954 	struct rtw89_hal *hal = &rtwdev->hal;
3955 	bool support_320mhz = false;
3956 	int sts = 8;
3957 	u8 val;
3958 
3959 	if (chip->chip_gen == RTW89_CHIP_AX)
3960 		return;
3961 
3962 	if (band == NL80211_BAND_6GHZ &&
3963 	    chip->support_bandwidths & BIT(NL80211_CHAN_WIDTH_320))
3964 		support_320mhz = true;
3965 
3966 	eht_cap = &iftype_data->eht_cap;
3967 	eht_cap_elem = &eht_cap->eht_cap_elem;
3968 	eht_nss = &eht_cap->eht_mcs_nss_supp;
3969 
3970 	eht_cap->has_eht = true;
3971 
3972 	eht_cap_elem->mac_cap_info[0] =
3973 		u8_encode_bits(IEEE80211_EHT_MAC_CAP0_MAX_MPDU_LEN_7991,
3974 			       IEEE80211_EHT_MAC_CAP0_MAX_MPDU_LEN_MASK);
3975 	eht_cap_elem->mac_cap_info[1] = 0;
3976 
3977 	eht_cap_elem->phy_cap_info[0] =
3978 		IEEE80211_EHT_PHY_CAP0_NDP_4_EHT_LFT_32_GI |
3979 		IEEE80211_EHT_PHY_CAP0_SU_BEAMFORMEE;
3980 	if (support_320mhz)
3981 		eht_cap_elem->phy_cap_info[0] |=
3982 			IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ;
3983 
3984 	eht_cap_elem->phy_cap_info[0] |=
3985 		u8_encode_bits(u8_get_bits(sts - 1, BIT(0)),
3986 			       IEEE80211_EHT_PHY_CAP0_BEAMFORMEE_SS_80MHZ_MASK);
3987 	eht_cap_elem->phy_cap_info[1] =
3988 		u8_encode_bits(u8_get_bits(sts - 1, GENMASK(2, 1)),
3989 			       IEEE80211_EHT_PHY_CAP1_BEAMFORMEE_SS_80MHZ_MASK) |
3990 		u8_encode_bits(sts - 1,
3991 			       IEEE80211_EHT_PHY_CAP1_BEAMFORMEE_SS_160MHZ_MASK);
3992 	if (support_320mhz)
3993 		eht_cap_elem->phy_cap_info[1] |=
3994 			u8_encode_bits(sts - 1,
3995 				       IEEE80211_EHT_PHY_CAP1_BEAMFORMEE_SS_320MHZ_MASK);
3996 
3997 	eht_cap_elem->phy_cap_info[2] = 0;
3998 
3999 	eht_cap_elem->phy_cap_info[3] =
4000 		IEEE80211_EHT_PHY_CAP3_CODEBOOK_4_2_SU_FDBK |
4001 		IEEE80211_EHT_PHY_CAP3_CODEBOOK_7_5_MU_FDBK |
4002 		IEEE80211_EHT_PHY_CAP3_TRIG_SU_BF_FDBK |
4003 		IEEE80211_EHT_PHY_CAP3_TRIG_MU_BF_PART_BW_FDBK;
4004 
4005 	eht_cap_elem->phy_cap_info[4] =
4006 		IEEE80211_EHT_PHY_CAP4_POWER_BOOST_FACT_SUPP |
4007 		u8_encode_bits(1, IEEE80211_EHT_PHY_CAP4_MAX_NC_MASK);
4008 
4009 	eht_cap_elem->phy_cap_info[5] =
4010 		u8_encode_bits(IEEE80211_EHT_PHY_CAP5_COMMON_NOMINAL_PKT_PAD_20US,
4011 			       IEEE80211_EHT_PHY_CAP5_COMMON_NOMINAL_PKT_PAD_MASK);
4012 
4013 	eht_cap_elem->phy_cap_info[6] = 0;
4014 	eht_cap_elem->phy_cap_info[7] = 0;
4015 	eht_cap_elem->phy_cap_info[8] = 0;
4016 
4017 	val = u8_encode_bits(hal->rx_nss, IEEE80211_EHT_MCS_NSS_RX) |
4018 	      u8_encode_bits(hal->tx_nss, IEEE80211_EHT_MCS_NSS_TX);
4019 	eht_nss->bw._80.rx_tx_mcs9_max_nss = val;
4020 	eht_nss->bw._80.rx_tx_mcs11_max_nss = val;
4021 	eht_nss->bw._80.rx_tx_mcs13_max_nss = val;
4022 	eht_nss->bw._160.rx_tx_mcs9_max_nss = val;
4023 	eht_nss->bw._160.rx_tx_mcs11_max_nss = val;
4024 	eht_nss->bw._160.rx_tx_mcs13_max_nss = val;
4025 	if (support_320mhz) {
4026 		eht_nss->bw._320.rx_tx_mcs9_max_nss = val;
4027 		eht_nss->bw._320.rx_tx_mcs11_max_nss = val;
4028 		eht_nss->bw._320.rx_tx_mcs13_max_nss = val;
4029 	}
4030 }
4031 
4032 #define RTW89_SBAND_IFTYPES_NR 2
4033 
4034 static void rtw89_init_he_eht_cap(struct rtw89_dev *rtwdev,
4035 				  enum nl80211_band band,
4036 				  struct ieee80211_supported_band *sband)
4037 {
4038 	struct ieee80211_sband_iftype_data *iftype_data;
4039 	enum nl80211_iftype iftype;
4040 	int idx = 0;
4041 
4042 	iftype_data = kcalloc(RTW89_SBAND_IFTYPES_NR, sizeof(*iftype_data), GFP_KERNEL);
4043 	if (!iftype_data)
4044 		return;
4045 
4046 	for (iftype = 0; iftype < NUM_NL80211_IFTYPES; iftype++) {
4047 		switch (iftype) {
4048 		case NL80211_IFTYPE_STATION:
4049 		case NL80211_IFTYPE_AP:
4050 			break;
4051 		default:
4052 			continue;
4053 		}
4054 
4055 		if (idx >= RTW89_SBAND_IFTYPES_NR) {
4056 			rtw89_warn(rtwdev, "run out of iftype_data\n");
4057 			break;
4058 		}
4059 
4060 		iftype_data[idx].types_mask = BIT(iftype);
4061 
4062 		rtw89_init_he_cap(rtwdev, band, iftype, &iftype_data[idx]);
4063 		rtw89_init_eht_cap(rtwdev, band, iftype, &iftype_data[idx]);
4064 
4065 		idx++;
4066 	}
4067 
4068 	_ieee80211_set_sband_iftype_data(sband, iftype_data, idx);
4069 }
4070 
4071 static int rtw89_core_set_supported_band(struct rtw89_dev *rtwdev)
4072 {
4073 	struct ieee80211_hw *hw = rtwdev->hw;
4074 	struct ieee80211_supported_band *sband_2ghz = NULL, *sband_5ghz = NULL;
4075 	struct ieee80211_supported_band *sband_6ghz = NULL;
4076 	u32 size = sizeof(struct ieee80211_supported_band);
4077 	u8 support_bands = rtwdev->chip->support_bands;
4078 
4079 	if (support_bands & BIT(NL80211_BAND_2GHZ)) {
4080 		sband_2ghz = kmemdup(&rtw89_sband_2ghz, size, GFP_KERNEL);
4081 		if (!sband_2ghz)
4082 			goto err;
4083 		rtw89_init_ht_cap(rtwdev, &sband_2ghz->ht_cap);
4084 		rtw89_init_he_eht_cap(rtwdev, NL80211_BAND_2GHZ, sband_2ghz);
4085 		hw->wiphy->bands[NL80211_BAND_2GHZ] = sband_2ghz;
4086 	}
4087 
4088 	if (support_bands & BIT(NL80211_BAND_5GHZ)) {
4089 		sband_5ghz = kmemdup(&rtw89_sband_5ghz, size, GFP_KERNEL);
4090 		if (!sband_5ghz)
4091 			goto err;
4092 		rtw89_init_ht_cap(rtwdev, &sband_5ghz->ht_cap);
4093 		rtw89_init_vht_cap(rtwdev, &sband_5ghz->vht_cap);
4094 		rtw89_init_he_eht_cap(rtwdev, NL80211_BAND_5GHZ, sband_5ghz);
4095 		hw->wiphy->bands[NL80211_BAND_5GHZ] = sband_5ghz;
4096 	}
4097 
4098 	if (support_bands & BIT(NL80211_BAND_6GHZ)) {
4099 		sband_6ghz = kmemdup(&rtw89_sband_6ghz, size, GFP_KERNEL);
4100 		if (!sband_6ghz)
4101 			goto err;
4102 		rtw89_init_he_eht_cap(rtwdev, NL80211_BAND_6GHZ, sband_6ghz);
4103 		hw->wiphy->bands[NL80211_BAND_6GHZ] = sband_6ghz;
4104 	}
4105 
4106 	return 0;
4107 
4108 err:
4109 	hw->wiphy->bands[NL80211_BAND_2GHZ] = NULL;
4110 	hw->wiphy->bands[NL80211_BAND_5GHZ] = NULL;
4111 	hw->wiphy->bands[NL80211_BAND_6GHZ] = NULL;
4112 	if (sband_2ghz)
4113 		kfree((__force void *)sband_2ghz->iftype_data);
4114 	if (sband_5ghz)
4115 		kfree((__force void *)sband_5ghz->iftype_data);
4116 	if (sband_6ghz)
4117 		kfree((__force void *)sband_6ghz->iftype_data);
4118 	kfree(sband_2ghz);
4119 	kfree(sband_5ghz);
4120 	kfree(sband_6ghz);
4121 	return -ENOMEM;
4122 }
4123 
4124 static void rtw89_core_clr_supported_band(struct rtw89_dev *rtwdev)
4125 {
4126 	struct ieee80211_hw *hw = rtwdev->hw;
4127 
4128 	if (hw->wiphy->bands[NL80211_BAND_2GHZ])
4129 		kfree((__force void *)hw->wiphy->bands[NL80211_BAND_2GHZ]->iftype_data);
4130 	if (hw->wiphy->bands[NL80211_BAND_5GHZ])
4131 		kfree((__force void *)hw->wiphy->bands[NL80211_BAND_5GHZ]->iftype_data);
4132 	if (hw->wiphy->bands[NL80211_BAND_6GHZ])
4133 		kfree((__force void *)hw->wiphy->bands[NL80211_BAND_6GHZ]->iftype_data);
4134 	kfree(hw->wiphy->bands[NL80211_BAND_2GHZ]);
4135 	kfree(hw->wiphy->bands[NL80211_BAND_5GHZ]);
4136 	kfree(hw->wiphy->bands[NL80211_BAND_6GHZ]);
4137 	hw->wiphy->bands[NL80211_BAND_2GHZ] = NULL;
4138 	hw->wiphy->bands[NL80211_BAND_5GHZ] = NULL;
4139 	hw->wiphy->bands[NL80211_BAND_6GHZ] = NULL;
4140 }
4141 
4142 static void rtw89_core_ppdu_sts_init(struct rtw89_dev *rtwdev)
4143 {
4144 	int i;
4145 
4146 	for (i = 0; i < RTW89_PHY_MAX; i++)
4147 		skb_queue_head_init(&rtwdev->ppdu_sts.rx_queue[i]);
4148 	for (i = 0; i < RTW89_PHY_MAX; i++)
4149 		rtwdev->ppdu_sts.curr_rx_ppdu_cnt[i] = U8_MAX;
4150 }
4151 
4152 void rtw89_core_update_beacon_work(struct work_struct *work)
4153 {
4154 	struct rtw89_dev *rtwdev;
4155 	struct rtw89_vif *rtwvif = container_of(work, struct rtw89_vif,
4156 						update_beacon_work);
4157 
4158 	if (rtwvif->net_type != RTW89_NET_TYPE_AP_MODE)
4159 		return;
4160 
4161 	rtwdev = rtwvif->rtwdev;
4162 	mutex_lock(&rtwdev->mutex);
4163 	rtw89_chip_h2c_update_beacon(rtwdev, rtwvif);
4164 	mutex_unlock(&rtwdev->mutex);
4165 }
4166 
4167 int rtw89_wait_for_cond(struct rtw89_wait_info *wait, unsigned int cond)
4168 {
4169 	struct completion *cmpl = &wait->completion;
4170 	unsigned long time_left;
4171 	unsigned int cur;
4172 
4173 	cur = atomic_cmpxchg(&wait->cond, RTW89_WAIT_COND_IDLE, cond);
4174 	if (cur != RTW89_WAIT_COND_IDLE)
4175 		return -EBUSY;
4176 
4177 	time_left = wait_for_completion_timeout(cmpl, RTW89_WAIT_FOR_COND_TIMEOUT);
4178 	if (time_left == 0) {
4179 		atomic_set(&wait->cond, RTW89_WAIT_COND_IDLE);
4180 		return -ETIMEDOUT;
4181 	}
4182 
4183 	if (wait->data.err)
4184 		return -EFAULT;
4185 
4186 	return 0;
4187 }
4188 
4189 void rtw89_complete_cond(struct rtw89_wait_info *wait, unsigned int cond,
4190 			 const struct rtw89_completion_data *data)
4191 {
4192 	unsigned int cur;
4193 
4194 	cur = atomic_cmpxchg(&wait->cond, cond, RTW89_WAIT_COND_IDLE);
4195 	if (cur != cond)
4196 		return;
4197 
4198 	wait->data = *data;
4199 	complete(&wait->completion);
4200 }
4201 
4202 void rtw89_core_ntfy_btc_event(struct rtw89_dev *rtwdev, enum rtw89_btc_hmsg event)
4203 {
4204 	u16 bt_req_len;
4205 
4206 	switch (event) {
4207 	case RTW89_BTC_HMSG_SET_BT_REQ_SLOT:
4208 		bt_req_len = rtw89_coex_query_bt_req_len(rtwdev, RTW89_PHY_0);
4209 		rtw89_debug(rtwdev, RTW89_DBG_BTC,
4210 			    "coex updates BT req len to %d TU\n", bt_req_len);
4211 		rtw89_queue_chanctx_change(rtwdev, RTW89_CHANCTX_BT_SLOT_CHANGE);
4212 		break;
4213 	default:
4214 		if (event < NUM_OF_RTW89_BTC_HMSG)
4215 			rtw89_debug(rtwdev, RTW89_DBG_BTC,
4216 				    "unhandled BTC HMSG event: %d\n", event);
4217 		else
4218 			rtw89_warn(rtwdev,
4219 				   "unrecognized BTC HMSG event: %d\n", event);
4220 		break;
4221 	}
4222 }
4223 
4224 void rtw89_check_quirks(struct rtw89_dev *rtwdev, const struct dmi_system_id *quirks)
4225 {
4226 	const struct dmi_system_id *match;
4227 	enum rtw89_quirks quirk;
4228 
4229 	if (!quirks)
4230 		return;
4231 
4232 	for (match = dmi_first_match(quirks); match; match = dmi_first_match(match + 1)) {
4233 		quirk = (uintptr_t)match->driver_data;
4234 		if (quirk >= NUM_OF_RTW89_QUIRKS)
4235 			continue;
4236 
4237 		set_bit(quirk, rtwdev->quirks);
4238 	}
4239 }
4240 EXPORT_SYMBOL(rtw89_check_quirks);
4241 
4242 int rtw89_core_start(struct rtw89_dev *rtwdev)
4243 {
4244 	int ret;
4245 
4246 	ret = rtw89_mac_init(rtwdev);
4247 	if (ret) {
4248 		rtw89_err(rtwdev, "mac init fail, ret:%d\n", ret);
4249 		return ret;
4250 	}
4251 
4252 	rtw89_btc_ntfy_poweron(rtwdev);
4253 
4254 	/* efuse process */
4255 
4256 	/* pre-config BB/RF, BB reset/RFC reset */
4257 	ret = rtw89_chip_reset_bb_rf(rtwdev);
4258 	if (ret)
4259 		return ret;
4260 
4261 	rtw89_phy_init_bb_reg(rtwdev);
4262 	rtw89_chip_bb_postinit(rtwdev);
4263 	rtw89_phy_init_rf_reg(rtwdev, false);
4264 
4265 	rtw89_btc_ntfy_init(rtwdev, BTC_MODE_NORMAL);
4266 
4267 	rtw89_phy_dm_init(rtwdev);
4268 
4269 	rtw89_mac_cfg_ppdu_status(rtwdev, RTW89_MAC_0, true);
4270 	rtw89_mac_update_rts_threshold(rtwdev, RTW89_MAC_0);
4271 
4272 	rtw89_tas_reset(rtwdev);
4273 
4274 	ret = rtw89_hci_start(rtwdev);
4275 	if (ret) {
4276 		rtw89_err(rtwdev, "failed to start hci\n");
4277 		return ret;
4278 	}
4279 
4280 	ieee80211_queue_delayed_work(rtwdev->hw, &rtwdev->track_work,
4281 				     RTW89_TRACK_WORK_PERIOD);
4282 
4283 	set_bit(RTW89_FLAG_RUNNING, rtwdev->flags);
4284 
4285 	rtw89_chip_rfk_init_late(rtwdev);
4286 	rtw89_btc_ntfy_radio_state(rtwdev, BTC_RFCTRL_WL_ON);
4287 	rtw89_fw_h2c_fw_log(rtwdev, rtwdev->fw.log.enable);
4288 	rtw89_fw_h2c_init_ba_cam(rtwdev);
4289 
4290 	return 0;
4291 }
4292 
4293 void rtw89_core_stop(struct rtw89_dev *rtwdev)
4294 {
4295 	struct rtw89_btc *btc = &rtwdev->btc;
4296 
4297 	/* Prvent to stop twice; enter_ips and ops_stop */
4298 	if (!test_bit(RTW89_FLAG_RUNNING, rtwdev->flags))
4299 		return;
4300 
4301 	rtw89_btc_ntfy_radio_state(rtwdev, BTC_RFCTRL_WL_OFF);
4302 
4303 	clear_bit(RTW89_FLAG_RUNNING, rtwdev->flags);
4304 
4305 	mutex_unlock(&rtwdev->mutex);
4306 
4307 	cancel_work_sync(&rtwdev->c2h_work);
4308 	cancel_work_sync(&rtwdev->cancel_6ghz_probe_work);
4309 	cancel_work_sync(&btc->eapol_notify_work);
4310 	cancel_work_sync(&btc->arp_notify_work);
4311 	cancel_work_sync(&btc->dhcp_notify_work);
4312 	cancel_work_sync(&btc->icmp_notify_work);
4313 	cancel_delayed_work_sync(&rtwdev->txq_reinvoke_work);
4314 	cancel_delayed_work_sync(&rtwdev->track_work);
4315 	cancel_delayed_work_sync(&rtwdev->chanctx_work);
4316 	cancel_delayed_work_sync(&rtwdev->coex_act1_work);
4317 	cancel_delayed_work_sync(&rtwdev->coex_bt_devinfo_work);
4318 	cancel_delayed_work_sync(&rtwdev->coex_rfk_chk_work);
4319 	cancel_delayed_work_sync(&rtwdev->cfo_track_work);
4320 	cancel_delayed_work_sync(&rtwdev->forbid_ba_work);
4321 	cancel_delayed_work_sync(&rtwdev->antdiv_work);
4322 
4323 	mutex_lock(&rtwdev->mutex);
4324 
4325 	rtw89_btc_ntfy_poweroff(rtwdev);
4326 	rtw89_hci_flush_queues(rtwdev, BIT(rtwdev->hw->queues) - 1, true);
4327 	rtw89_mac_flush_txq(rtwdev, BIT(rtwdev->hw->queues) - 1, true);
4328 	rtw89_hci_stop(rtwdev);
4329 	rtw89_hci_deinit(rtwdev);
4330 	rtw89_mac_pwr_off(rtwdev);
4331 	rtw89_hci_reset(rtwdev);
4332 }
4333 
4334 u8 rtw89_acquire_mac_id(struct rtw89_dev *rtwdev)
4335 {
4336 	const struct rtw89_chip_info *chip = rtwdev->chip;
4337 	u8 mac_id_num;
4338 	u8 mac_id;
4339 
4340 	if (rtwdev->support_mlo)
4341 		mac_id_num = chip->support_macid_num / chip->support_link_num;
4342 	else
4343 		mac_id_num = chip->support_macid_num;
4344 
4345 	mac_id = find_first_zero_bit(rtwdev->mac_id_map, mac_id_num);
4346 	if (mac_id == mac_id_num)
4347 		return RTW89_MAX_MAC_ID_NUM;
4348 
4349 	set_bit(mac_id, rtwdev->mac_id_map);
4350 	return mac_id;
4351 }
4352 
4353 void rtw89_release_mac_id(struct rtw89_dev *rtwdev, u8 mac_id)
4354 {
4355 	clear_bit(mac_id, rtwdev->mac_id_map);
4356 }
4357 
4358 int rtw89_core_init(struct rtw89_dev *rtwdev)
4359 {
4360 	struct rtw89_btc *btc = &rtwdev->btc;
4361 	u8 band;
4362 
4363 	INIT_LIST_HEAD(&rtwdev->ba_list);
4364 	INIT_LIST_HEAD(&rtwdev->forbid_ba_list);
4365 	INIT_LIST_HEAD(&rtwdev->rtwvifs_list);
4366 	INIT_LIST_HEAD(&rtwdev->early_h2c_list);
4367 	for (band = NL80211_BAND_2GHZ; band < NUM_NL80211_BANDS; band++) {
4368 		if (!(rtwdev->chip->support_bands & BIT(band)))
4369 			continue;
4370 		INIT_LIST_HEAD(&rtwdev->scan_info.pkt_list[band]);
4371 	}
4372 	INIT_WORK(&rtwdev->ba_work, rtw89_core_ba_work);
4373 	INIT_WORK(&rtwdev->txq_work, rtw89_core_txq_work);
4374 	INIT_DELAYED_WORK(&rtwdev->txq_reinvoke_work, rtw89_core_txq_reinvoke_work);
4375 	INIT_DELAYED_WORK(&rtwdev->track_work, rtw89_track_work);
4376 	INIT_DELAYED_WORK(&rtwdev->chanctx_work, rtw89_chanctx_work);
4377 	INIT_DELAYED_WORK(&rtwdev->coex_act1_work, rtw89_coex_act1_work);
4378 	INIT_DELAYED_WORK(&rtwdev->coex_bt_devinfo_work, rtw89_coex_bt_devinfo_work);
4379 	INIT_DELAYED_WORK(&rtwdev->coex_rfk_chk_work, rtw89_coex_rfk_chk_work);
4380 	INIT_DELAYED_WORK(&rtwdev->cfo_track_work, rtw89_phy_cfo_track_work);
4381 	INIT_DELAYED_WORK(&rtwdev->forbid_ba_work, rtw89_forbid_ba_work);
4382 	INIT_DELAYED_WORK(&rtwdev->antdiv_work, rtw89_phy_antdiv_work);
4383 	rtwdev->txq_wq = alloc_workqueue("rtw89_tx_wq", WQ_UNBOUND | WQ_HIGHPRI, 0);
4384 	if (!rtwdev->txq_wq)
4385 		return -ENOMEM;
4386 	spin_lock_init(&rtwdev->ba_lock);
4387 	spin_lock_init(&rtwdev->rpwm_lock);
4388 	mutex_init(&rtwdev->mutex);
4389 	mutex_init(&rtwdev->rf_mutex);
4390 	rtwdev->total_sta_assoc = 0;
4391 
4392 	rtw89_init_wait(&rtwdev->mcc.wait);
4393 	rtw89_init_wait(&rtwdev->mac.fw_ofld_wait);
4394 	rtw89_init_wait(&rtwdev->wow.wait);
4395 	rtw89_init_wait(&rtwdev->mac.ps_wait);
4396 
4397 	INIT_WORK(&rtwdev->c2h_work, rtw89_fw_c2h_work);
4398 	INIT_WORK(&rtwdev->ips_work, rtw89_ips_work);
4399 	INIT_WORK(&rtwdev->load_firmware_work, rtw89_load_firmware_work);
4400 	INIT_WORK(&rtwdev->cancel_6ghz_probe_work, rtw89_cancel_6ghz_probe_work);
4401 
4402 	skb_queue_head_init(&rtwdev->c2h_queue);
4403 	rtw89_core_ppdu_sts_init(rtwdev);
4404 	rtw89_traffic_stats_init(rtwdev, &rtwdev->stats);
4405 
4406 	rtwdev->hal.rx_fltr = DEFAULT_AX_RX_FLTR;
4407 	rtwdev->dbcc_en = false;
4408 	rtwdev->mlo_dbcc_mode = MLO_DBCC_NOT_SUPPORT;
4409 	rtwdev->mac.qta_mode = RTW89_QTA_SCC;
4410 
4411 	if (rtwdev->chip->chip_gen == RTW89_CHIP_BE) {
4412 		rtwdev->dbcc_en = true;
4413 		rtwdev->mac.qta_mode = RTW89_QTA_DBCC;
4414 		rtwdev->mlo_dbcc_mode = MLO_2_PLUS_0_1RF;
4415 	}
4416 
4417 	INIT_WORK(&btc->eapol_notify_work, rtw89_btc_ntfy_eapol_packet_work);
4418 	INIT_WORK(&btc->arp_notify_work, rtw89_btc_ntfy_arp_packet_work);
4419 	INIT_WORK(&btc->dhcp_notify_work, rtw89_btc_ntfy_dhcp_packet_work);
4420 	INIT_WORK(&btc->icmp_notify_work, rtw89_btc_ntfy_icmp_packet_work);
4421 
4422 	init_completion(&rtwdev->fw.req.completion);
4423 	init_completion(&rtwdev->rfk_wait.completion);
4424 
4425 	schedule_work(&rtwdev->load_firmware_work);
4426 
4427 	rtw89_ser_init(rtwdev);
4428 	rtw89_entity_init(rtwdev);
4429 	rtw89_tas_init(rtwdev);
4430 
4431 	return 0;
4432 }
4433 EXPORT_SYMBOL(rtw89_core_init);
4434 
4435 void rtw89_core_deinit(struct rtw89_dev *rtwdev)
4436 {
4437 	rtw89_ser_deinit(rtwdev);
4438 	rtw89_unload_firmware(rtwdev);
4439 	rtw89_fw_free_all_early_h2c(rtwdev);
4440 
4441 	destroy_workqueue(rtwdev->txq_wq);
4442 	mutex_destroy(&rtwdev->rf_mutex);
4443 	mutex_destroy(&rtwdev->mutex);
4444 }
4445 EXPORT_SYMBOL(rtw89_core_deinit);
4446 
4447 void rtw89_core_scan_start(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif,
4448 			   const u8 *mac_addr, bool hw_scan)
4449 {
4450 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev,
4451 						       rtwvif->chanctx_idx);
4452 
4453 	rtwdev->scanning = true;
4454 	rtw89_leave_lps(rtwdev);
4455 	if (hw_scan)
4456 		rtw89_leave_ips_by_hwflags(rtwdev);
4457 
4458 	ether_addr_copy(rtwvif->mac_addr, mac_addr);
4459 	rtw89_btc_ntfy_scan_start(rtwdev, RTW89_PHY_0, chan->band_type);
4460 	rtw89_chip_rfk_scan(rtwdev, rtwvif, true);
4461 	rtw89_hci_recalc_int_mit(rtwdev);
4462 	rtw89_phy_config_edcca(rtwdev, true);
4463 
4464 	rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, mac_addr);
4465 }
4466 
4467 void rtw89_core_scan_complete(struct rtw89_dev *rtwdev,
4468 			      struct ieee80211_vif *vif, bool hw_scan)
4469 {
4470 	struct rtw89_vif *rtwvif = vif ? (struct rtw89_vif *)vif->drv_priv : NULL;
4471 
4472 	if (!rtwvif)
4473 		return;
4474 
4475 	ether_addr_copy(rtwvif->mac_addr, vif->addr);
4476 	rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, NULL);
4477 
4478 	rtw89_chip_rfk_scan(rtwdev, rtwvif, false);
4479 	rtw89_btc_ntfy_scan_finish(rtwdev, RTW89_PHY_0);
4480 	rtw89_phy_config_edcca(rtwdev, false);
4481 
4482 	rtwdev->scanning = false;
4483 	rtwdev->dig.bypass_dig = true;
4484 	if (hw_scan && (rtwdev->hw->conf.flags & IEEE80211_CONF_IDLE))
4485 		ieee80211_queue_work(rtwdev->hw, &rtwdev->ips_work);
4486 }
4487 
4488 static void rtw89_read_chip_ver(struct rtw89_dev *rtwdev)
4489 {
4490 	const struct rtw89_chip_info *chip = rtwdev->chip;
4491 	int ret;
4492 	u8 val;
4493 	u8 cv;
4494 
4495 	cv = rtw89_read32_mask(rtwdev, R_AX_SYS_CFG1, B_AX_CHIP_VER_MASK);
4496 	if (chip->chip_id == RTL8852A && cv <= CHIP_CBV) {
4497 		if (rtw89_read32(rtwdev, R_AX_GPIO0_7_FUNC_SEL) == RTW89_R32_DEAD)
4498 			cv = CHIP_CAV;
4499 		else
4500 			cv = CHIP_CBV;
4501 	}
4502 
4503 	rtwdev->hal.cv = cv;
4504 
4505 	if (rtw89_is_rtl885xb(rtwdev)) {
4506 		ret = rtw89_mac_read_xtal_si(rtwdev, XTAL_SI_CV, &val);
4507 		if (ret)
4508 			return;
4509 
4510 		rtwdev->hal.acv = u8_get_bits(val, XTAL_SI_ACV_MASK);
4511 	}
4512 }
4513 
4514 static void rtw89_core_setup_phycap(struct rtw89_dev *rtwdev)
4515 {
4516 	rtwdev->hal.support_cckpd =
4517 		!(rtwdev->chip->chip_id == RTL8852A && rtwdev->hal.cv <= CHIP_CBV) &&
4518 		!(rtwdev->chip->chip_id == RTL8852B && rtwdev->hal.cv <= CHIP_CAV);
4519 	rtwdev->hal.support_igi =
4520 		rtwdev->chip->chip_id == RTL8852A && rtwdev->hal.cv <= CHIP_CBV;
4521 }
4522 
4523 static void rtw89_core_setup_rfe_parms(struct rtw89_dev *rtwdev)
4524 {
4525 	const struct rtw89_chip_info *chip = rtwdev->chip;
4526 	const struct rtw89_rfe_parms_conf *conf = chip->rfe_parms_conf;
4527 	struct rtw89_efuse *efuse = &rtwdev->efuse;
4528 	const struct rtw89_rfe_parms *sel;
4529 	u8 rfe_type = efuse->rfe_type;
4530 
4531 	if (!conf) {
4532 		sel = chip->dflt_parms;
4533 		goto out;
4534 	}
4535 
4536 	while (conf->rfe_parms) {
4537 		if (rfe_type == conf->rfe_type) {
4538 			sel = conf->rfe_parms;
4539 			goto out;
4540 		}
4541 		conf++;
4542 	}
4543 
4544 	sel = chip->dflt_parms;
4545 
4546 out:
4547 	rtwdev->rfe_parms = rtw89_load_rfe_data_from_fw(rtwdev, sel);
4548 	rtw89_load_txpwr_table(rtwdev, rtwdev->rfe_parms->byr_tbl);
4549 }
4550 
4551 static int rtw89_chip_efuse_info_setup(struct rtw89_dev *rtwdev)
4552 {
4553 	const struct rtw89_mac_gen_def *mac = rtwdev->chip->mac_def;
4554 	int ret;
4555 
4556 	ret = rtw89_mac_partial_init(rtwdev, false);
4557 	if (ret)
4558 		return ret;
4559 
4560 	ret = mac->parse_efuse_map(rtwdev);
4561 	if (ret)
4562 		return ret;
4563 
4564 	ret = mac->parse_phycap_map(rtwdev);
4565 	if (ret)
4566 		return ret;
4567 
4568 	ret = rtw89_mac_setup_phycap(rtwdev);
4569 	if (ret)
4570 		return ret;
4571 
4572 	rtw89_core_setup_phycap(rtwdev);
4573 
4574 	rtw89_hci_mac_pre_deinit(rtwdev);
4575 
4576 	rtw89_mac_pwr_off(rtwdev);
4577 
4578 	return 0;
4579 }
4580 
4581 static int rtw89_chip_board_info_setup(struct rtw89_dev *rtwdev)
4582 {
4583 	rtw89_chip_fem_setup(rtwdev);
4584 
4585 	return 0;
4586 }
4587 
4588 static bool rtw89_chip_has_rfkill(struct rtw89_dev *rtwdev)
4589 {
4590 	return !!rtwdev->chip->rfkill_init;
4591 }
4592 
4593 static void rtw89_core_rfkill_init(struct rtw89_dev *rtwdev)
4594 {
4595 	const struct rtw89_rfkill_regs *regs = rtwdev->chip->rfkill_init;
4596 
4597 	rtw89_write16_mask(rtwdev, regs->pinmux.addr,
4598 			   regs->pinmux.mask, regs->pinmux.data);
4599 	rtw89_write16_mask(rtwdev, regs->mode.addr,
4600 			   regs->mode.mask, regs->mode.data);
4601 }
4602 
4603 static bool rtw89_core_rfkill_get(struct rtw89_dev *rtwdev)
4604 {
4605 	const struct rtw89_reg_def *reg = &rtwdev->chip->rfkill_get;
4606 
4607 	return !rtw89_read8_mask(rtwdev, reg->addr, reg->mask);
4608 }
4609 
4610 static void rtw89_rfkill_polling_init(struct rtw89_dev *rtwdev)
4611 {
4612 	if (!rtw89_chip_has_rfkill(rtwdev))
4613 		return;
4614 
4615 	rtw89_core_rfkill_init(rtwdev);
4616 	rtw89_core_rfkill_poll(rtwdev, true);
4617 	wiphy_rfkill_start_polling(rtwdev->hw->wiphy);
4618 }
4619 
4620 static void rtw89_rfkill_polling_deinit(struct rtw89_dev *rtwdev)
4621 {
4622 	if (!rtw89_chip_has_rfkill(rtwdev))
4623 		return;
4624 
4625 	wiphy_rfkill_stop_polling(rtwdev->hw->wiphy);
4626 }
4627 
4628 void rtw89_core_rfkill_poll(struct rtw89_dev *rtwdev, bool force)
4629 {
4630 	bool prev, blocked;
4631 
4632 	if (!rtw89_chip_has_rfkill(rtwdev))
4633 		return;
4634 
4635 	prev = test_bit(RTW89_FLAG_HW_RFKILL_STATE, rtwdev->flags);
4636 	blocked = rtw89_core_rfkill_get(rtwdev);
4637 
4638 	if (!force && prev == blocked)
4639 		return;
4640 
4641 	rtw89_info(rtwdev, "rfkill hardware state changed to %s\n",
4642 		   blocked ? "disable" : "enable");
4643 
4644 	if (blocked)
4645 		set_bit(RTW89_FLAG_HW_RFKILL_STATE, rtwdev->flags);
4646 	else
4647 		clear_bit(RTW89_FLAG_HW_RFKILL_STATE, rtwdev->flags);
4648 
4649 	wiphy_rfkill_set_hw_state(rtwdev->hw->wiphy, blocked);
4650 }
4651 
4652 int rtw89_chip_info_setup(struct rtw89_dev *rtwdev)
4653 {
4654 	int ret;
4655 
4656 	rtw89_read_chip_ver(rtwdev);
4657 
4658 	ret = rtw89_wait_firmware_completion(rtwdev);
4659 	if (ret) {
4660 		rtw89_err(rtwdev, "failed to wait firmware completion\n");
4661 		return ret;
4662 	}
4663 
4664 	ret = rtw89_fw_recognize(rtwdev);
4665 	if (ret) {
4666 		rtw89_err(rtwdev, "failed to recognize firmware\n");
4667 		return ret;
4668 	}
4669 
4670 	ret = rtw89_chip_efuse_info_setup(rtwdev);
4671 	if (ret)
4672 		return ret;
4673 
4674 	ret = rtw89_fw_recognize_elements(rtwdev);
4675 	if (ret) {
4676 		rtw89_err(rtwdev, "failed to recognize firmware elements\n");
4677 		return ret;
4678 	}
4679 
4680 	ret = rtw89_chip_board_info_setup(rtwdev);
4681 	if (ret)
4682 		return ret;
4683 
4684 	rtw89_core_setup_rfe_parms(rtwdev);
4685 	rtwdev->ps_mode = rtw89_update_ps_mode(rtwdev);
4686 
4687 	return 0;
4688 }
4689 EXPORT_SYMBOL(rtw89_chip_info_setup);
4690 
4691 static int rtw89_core_register_hw(struct rtw89_dev *rtwdev)
4692 {
4693 	const struct rtw89_chip_info *chip = rtwdev->chip;
4694 	struct ieee80211_hw *hw = rtwdev->hw;
4695 	struct rtw89_efuse *efuse = &rtwdev->efuse;
4696 	struct rtw89_hal *hal = &rtwdev->hal;
4697 	int ret;
4698 	int tx_headroom = IEEE80211_HT_CTL_LEN;
4699 
4700 	hw->vif_data_size = sizeof(struct rtw89_vif);
4701 	hw->sta_data_size = sizeof(struct rtw89_sta);
4702 	hw->txq_data_size = sizeof(struct rtw89_txq);
4703 	hw->chanctx_data_size = sizeof(struct rtw89_chanctx_cfg);
4704 
4705 	SET_IEEE80211_PERM_ADDR(hw, efuse->addr);
4706 
4707 	hw->extra_tx_headroom = tx_headroom;
4708 	hw->queues = IEEE80211_NUM_ACS;
4709 	hw->max_rx_aggregation_subframes = RTW89_MAX_RX_AGG_NUM;
4710 	hw->max_tx_aggregation_subframes = RTW89_MAX_TX_AGG_NUM;
4711 	hw->uapsd_max_sp_len = IEEE80211_WMM_IE_STA_QOSINFO_SP_ALL;
4712 
4713 	hw->radiotap_mcs_details |= IEEE80211_RADIOTAP_MCS_HAVE_FEC |
4714 				    IEEE80211_RADIOTAP_MCS_HAVE_STBC;
4715 	hw->radiotap_vht_details |= IEEE80211_RADIOTAP_VHT_KNOWN_STBC;
4716 
4717 	ieee80211_hw_set(hw, SIGNAL_DBM);
4718 	ieee80211_hw_set(hw, HAS_RATE_CONTROL);
4719 	ieee80211_hw_set(hw, MFP_CAPABLE);
4720 	ieee80211_hw_set(hw, REPORTS_TX_ACK_STATUS);
4721 	ieee80211_hw_set(hw, AMPDU_AGGREGATION);
4722 	ieee80211_hw_set(hw, RX_INCLUDES_FCS);
4723 	ieee80211_hw_set(hw, TX_AMSDU);
4724 	ieee80211_hw_set(hw, SUPPORT_FAST_XMIT);
4725 	ieee80211_hw_set(hw, SUPPORTS_AMSDU_IN_AMPDU);
4726 	ieee80211_hw_set(hw, SUPPORTS_PS);
4727 	ieee80211_hw_set(hw, SUPPORTS_DYNAMIC_PS);
4728 	ieee80211_hw_set(hw, SINGLE_SCAN_ON_ALL_BANDS);
4729 	ieee80211_hw_set(hw, SUPPORTS_MULTI_BSSID);
4730 	ieee80211_hw_set(hw, WANT_MONITOR_VIF);
4731 
4732 	if (chip->support_bandwidths & BIT(NL80211_CHAN_WIDTH_160))
4733 		ieee80211_hw_set(hw, SUPPORTS_VHT_EXT_NSS_BW);
4734 
4735 	if (RTW89_CHK_FW_FEATURE(BEACON_FILTER, &rtwdev->fw))
4736 		ieee80211_hw_set(hw, CONNECTION_MONITOR);
4737 
4738 	hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
4739 				     BIT(NL80211_IFTYPE_AP) |
4740 				     BIT(NL80211_IFTYPE_P2P_CLIENT) |
4741 				     BIT(NL80211_IFTYPE_P2P_GO);
4742 
4743 	if (hal->ant_diversity) {
4744 		hw->wiphy->available_antennas_tx = 0x3;
4745 		hw->wiphy->available_antennas_rx = 0x3;
4746 	} else {
4747 		hw->wiphy->available_antennas_tx = BIT(rtwdev->chip->rf_path_num) - 1;
4748 		hw->wiphy->available_antennas_rx = BIT(rtwdev->chip->rf_path_num) - 1;
4749 	}
4750 
4751 	hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS |
4752 			    WIPHY_FLAG_TDLS_EXTERNAL_SETUP |
4753 			    WIPHY_FLAG_AP_UAPSD |
4754 			    WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK;
4755 
4756 	if (!chip->support_rnr)
4757 		hw->wiphy->flags |= WIPHY_FLAG_SPLIT_SCAN_6GHZ;
4758 
4759 	if (chip->chip_gen == RTW89_CHIP_BE)
4760 		hw->wiphy->flags |= WIPHY_FLAG_DISABLE_WEXT;
4761 
4762 	if (rtwdev->support_mlo)
4763 		hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_MLO;
4764 
4765 	hw->wiphy->features |= NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
4766 
4767 	hw->wiphy->max_scan_ssids = RTW89_SCANOFLD_MAX_SSID;
4768 	hw->wiphy->max_scan_ie_len = RTW89_SCANOFLD_MAX_IE_LEN;
4769 
4770 #ifdef CONFIG_PM
4771 	hw->wiphy->wowlan = rtwdev->chip->wowlan_stub;
4772 	hw->wiphy->max_sched_scan_ssids = RTW89_SCANOFLD_MAX_SSID;
4773 #endif
4774 
4775 	hw->wiphy->tid_config_support.vif |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
4776 	hw->wiphy->tid_config_support.peer |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
4777 	hw->wiphy->tid_config_support.vif |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
4778 	hw->wiphy->tid_config_support.peer |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
4779 	hw->wiphy->max_remain_on_channel_duration = 1000;
4780 
4781 	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CAN_REPLACE_PTK0);
4782 	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_SCAN_RANDOM_SN);
4783 	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_SET_SCAN_DWELL);
4784 
4785 	ret = rtw89_core_set_supported_band(rtwdev);
4786 	if (ret) {
4787 		rtw89_err(rtwdev, "failed to set supported band\n");
4788 		return ret;
4789 	}
4790 
4791 	ret = rtw89_regd_setup(rtwdev);
4792 	if (ret) {
4793 		rtw89_err(rtwdev, "failed to set up regd\n");
4794 		goto err_free_supported_band;
4795 	}
4796 
4797 	hw->wiphy->sar_capa = &rtw89_sar_capa;
4798 
4799 	ret = ieee80211_register_hw(hw);
4800 	if (ret) {
4801 		rtw89_err(rtwdev, "failed to register hw\n");
4802 		goto err_free_supported_band;
4803 	}
4804 
4805 	ret = rtw89_regd_init(rtwdev, rtw89_regd_notifier);
4806 	if (ret) {
4807 		rtw89_err(rtwdev, "failed to init regd\n");
4808 		goto err_unregister_hw;
4809 	}
4810 
4811 	rtw89_rfkill_polling_init(rtwdev);
4812 
4813 	return 0;
4814 
4815 err_unregister_hw:
4816 	ieee80211_unregister_hw(hw);
4817 err_free_supported_band:
4818 	rtw89_core_clr_supported_band(rtwdev);
4819 
4820 	return ret;
4821 }
4822 
4823 static void rtw89_core_unregister_hw(struct rtw89_dev *rtwdev)
4824 {
4825 	struct ieee80211_hw *hw = rtwdev->hw;
4826 
4827 	rtw89_rfkill_polling_deinit(rtwdev);
4828 	ieee80211_unregister_hw(hw);
4829 	rtw89_core_clr_supported_band(rtwdev);
4830 }
4831 
4832 int rtw89_core_register(struct rtw89_dev *rtwdev)
4833 {
4834 	int ret;
4835 
4836 	ret = rtw89_core_register_hw(rtwdev);
4837 	if (ret) {
4838 		rtw89_err(rtwdev, "failed to register core hw\n");
4839 		return ret;
4840 	}
4841 
4842 	rtw89_debugfs_init(rtwdev);
4843 
4844 	return 0;
4845 }
4846 EXPORT_SYMBOL(rtw89_core_register);
4847 
4848 void rtw89_core_unregister(struct rtw89_dev *rtwdev)
4849 {
4850 	rtw89_core_unregister_hw(rtwdev);
4851 
4852 	rtw89_debugfs_deinit(rtwdev);
4853 }
4854 EXPORT_SYMBOL(rtw89_core_unregister);
4855 
4856 struct rtw89_dev *rtw89_alloc_ieee80211_hw(struct device *device,
4857 					   u32 bus_data_size,
4858 					   const struct rtw89_chip_info *chip)
4859 {
4860 	struct rtw89_fw_info early_fw = {};
4861 	const struct firmware *firmware;
4862 	struct ieee80211_hw *hw;
4863 	struct rtw89_dev *rtwdev;
4864 	struct ieee80211_ops *ops;
4865 	u32 driver_data_size;
4866 	int fw_format = -1;
4867 	bool support_mlo;
4868 	bool no_chanctx;
4869 
4870 	firmware = rtw89_early_fw_feature_recognize(device, chip, &early_fw, &fw_format);
4871 
4872 	ops = kmemdup(&rtw89_ops, sizeof(rtw89_ops), GFP_KERNEL);
4873 	if (!ops)
4874 		goto err;
4875 
4876 	no_chanctx = chip->support_chanctx_num == 0 ||
4877 		     !RTW89_CHK_FW_FEATURE(SCAN_OFFLOAD, &early_fw) ||
4878 		     !RTW89_CHK_FW_FEATURE(BEACON_FILTER, &early_fw);
4879 
4880 	if (no_chanctx) {
4881 		ops->add_chanctx = ieee80211_emulate_add_chanctx;
4882 		ops->remove_chanctx = ieee80211_emulate_remove_chanctx;
4883 		ops->change_chanctx = ieee80211_emulate_change_chanctx;
4884 		ops->switch_vif_chanctx = ieee80211_emulate_switch_vif_chanctx;
4885 		ops->assign_vif_chanctx = NULL;
4886 		ops->unassign_vif_chanctx = NULL;
4887 		ops->remain_on_channel = NULL;
4888 		ops->cancel_remain_on_channel = NULL;
4889 	}
4890 
4891 	driver_data_size = sizeof(struct rtw89_dev) + bus_data_size;
4892 	hw = ieee80211_alloc_hw(driver_data_size, ops);
4893 	if (!hw)
4894 		goto err;
4895 
4896 	/* TODO: When driver MLO arch. is done, determine whether to support MLO
4897 	 * according to the following conditions.
4898 	 * 1. run with chanctx_ops
4899 	 * 2. chip->support_link_num != 0
4900 	 * 3. FW feature supports AP_LINK_PS
4901 	 */
4902 	support_mlo = false;
4903 
4904 	hw->wiphy->iface_combinations = rtw89_iface_combs;
4905 
4906 	if (no_chanctx || chip->support_chanctx_num == 1)
4907 		hw->wiphy->n_iface_combinations = 1;
4908 	else
4909 		hw->wiphy->n_iface_combinations = ARRAY_SIZE(rtw89_iface_combs);
4910 
4911 	rtwdev = hw->priv;
4912 	rtwdev->hw = hw;
4913 	rtwdev->dev = device;
4914 	rtwdev->ops = ops;
4915 	rtwdev->chip = chip;
4916 	rtwdev->fw.req.firmware = firmware;
4917 	rtwdev->fw.fw_format = fw_format;
4918 	rtwdev->support_mlo = support_mlo;
4919 
4920 	rtw89_debug(rtwdev, RTW89_DBG_CHAN, "probe driver %s chanctx\n",
4921 		    no_chanctx ? "without" : "with");
4922 	rtw89_debug(rtwdev, RTW89_DBG_CHAN, "probe driver %s MLO cap\n",
4923 		    support_mlo ? "with" : "without");
4924 
4925 	return rtwdev;
4926 
4927 err:
4928 	kfree(ops);
4929 	release_firmware(firmware);
4930 	return NULL;
4931 }
4932 EXPORT_SYMBOL(rtw89_alloc_ieee80211_hw);
4933 
4934 void rtw89_free_ieee80211_hw(struct rtw89_dev *rtwdev)
4935 {
4936 	kfree(rtwdev->ops);
4937 	kfree(rtwdev->rfe_data);
4938 	release_firmware(rtwdev->fw.req.firmware);
4939 	ieee80211_free_hw(rtwdev->hw);
4940 }
4941 EXPORT_SYMBOL(rtw89_free_ieee80211_hw);
4942 
4943 MODULE_AUTHOR("Realtek Corporation");
4944 MODULE_DESCRIPTION("Realtek 802.11ax wireless core module");
4945 MODULE_LICENSE("Dual BSD/GPL");
4946