1 // SPDX-License-Identifier: ISC
2 /*
3 * Copyright (C) 2022 MediaTek Inc.
4 */
5
6 #include <linux/etherdevice.h>
7 #include <linux/timekeeping.h>
8 #include "coredump.h"
9 #include "mt7996.h"
10 #include "../dma.h"
11 #include "mac.h"
12 #include "mcu.h"
13
14 #define to_rssi(field, rcpi) ((FIELD_GET(field, rcpi) - 220) / 2)
15
16 static const struct mt7996_dfs_radar_spec etsi_radar_specs = {
17 .pulse_th = { 110, -10, -80, 40, 5200, 128, 5200 },
18 .radar_pattern = {
19 [5] = { 1, 0, 6, 32, 28, 0, 990, 5010, 17, 1, 1 },
20 [6] = { 1, 0, 9, 32, 28, 0, 615, 5010, 27, 1, 1 },
21 [7] = { 1, 0, 15, 32, 28, 0, 240, 445, 27, 1, 1 },
22 [8] = { 1, 0, 12, 32, 28, 0, 240, 510, 42, 1, 1 },
23 [9] = { 1, 1, 0, 0, 0, 0, 2490, 3343, 14, 0, 0, 12, 32, 28, { }, 126 },
24 [10] = { 1, 1, 0, 0, 0, 0, 2490, 3343, 14, 0, 0, 15, 32, 24, { }, 126 },
25 [11] = { 1, 1, 0, 0, 0, 0, 823, 2510, 14, 0, 0, 18, 32, 28, { }, 54 },
26 [12] = { 1, 1, 0, 0, 0, 0, 823, 2510, 14, 0, 0, 27, 32, 24, { }, 54 },
27 },
28 };
29
30 static const struct mt7996_dfs_radar_spec fcc_radar_specs = {
31 .pulse_th = { 110, -10, -80, 40, 5200, 128, 5200 },
32 .radar_pattern = {
33 [0] = { 1, 0, 8, 32, 28, 0, 508, 3076, 13, 1, 1 },
34 [1] = { 1, 0, 12, 32, 28, 0, 140, 240, 17, 1, 1 },
35 [2] = { 1, 0, 8, 32, 28, 0, 190, 510, 22, 1, 1 },
36 [3] = { 1, 0, 6, 32, 28, 0, 190, 510, 32, 1, 1 },
37 [4] = { 1, 0, 9, 255, 28, 0, 323, 343, 13, 1, 32 },
38 },
39 };
40
41 static const struct mt7996_dfs_radar_spec jp_radar_specs = {
42 .pulse_th = { 110, -10, -80, 40, 5200, 128, 5200 },
43 .radar_pattern = {
44 [0] = { 1, 0, 8, 32, 28, 0, 508, 3076, 13, 1, 1 },
45 [1] = { 1, 0, 12, 32, 28, 0, 140, 240, 17, 1, 1 },
46 [2] = { 1, 0, 8, 32, 28, 0, 190, 510, 22, 1, 1 },
47 [3] = { 1, 0, 6, 32, 28, 0, 190, 510, 32, 1, 1 },
48 [4] = { 1, 0, 9, 255, 28, 0, 323, 343, 13, 1, 32 },
49 [13] = { 1, 0, 7, 32, 28, 0, 3836, 3856, 14, 1, 1 },
50 [14] = { 1, 0, 6, 32, 28, 0, 615, 5010, 110, 1, 1 },
51 [15] = { 1, 1, 0, 0, 0, 0, 15, 5010, 110, 0, 0, 12, 32, 28 },
52 },
53 };
54
mt7996_rx_get_wcid(struct mt7996_dev * dev,u16 idx,bool unicast)55 static struct mt76_wcid *mt7996_rx_get_wcid(struct mt7996_dev *dev,
56 u16 idx, bool unicast)
57 {
58 struct mt7996_sta *sta;
59 struct mt76_wcid *wcid;
60
61 if (idx >= ARRAY_SIZE(dev->mt76.wcid))
62 return NULL;
63
64 wcid = rcu_dereference(dev->mt76.wcid[idx]);
65 if (unicast || !wcid)
66 return wcid;
67
68 if (!wcid->sta)
69 return NULL;
70
71 sta = container_of(wcid, struct mt7996_sta, wcid);
72 if (!sta->vif)
73 return NULL;
74
75 return &sta->vif->sta.wcid;
76 }
77
mt7996_mac_wtbl_update(struct mt7996_dev * dev,int idx,u32 mask)78 bool mt7996_mac_wtbl_update(struct mt7996_dev *dev, int idx, u32 mask)
79 {
80 mt76_rmw(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_WLAN_IDX,
81 FIELD_PREP(MT_WTBL_UPDATE_WLAN_IDX, idx) | mask);
82
83 return mt76_poll(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_BUSY,
84 0, 5000);
85 }
86
mt7996_mac_wtbl_lmac_addr(struct mt7996_dev * dev,u16 wcid,u8 dw)87 u32 mt7996_mac_wtbl_lmac_addr(struct mt7996_dev *dev, u16 wcid, u8 dw)
88 {
89 mt76_wr(dev, MT_WTBLON_TOP_WDUCR,
90 FIELD_PREP(MT_WTBLON_TOP_WDUCR_GROUP, (wcid >> 7)));
91
92 return MT_WTBL_LMAC_OFFS(wcid, dw);
93 }
94
mt7996_mac_sta_poll(struct mt7996_dev * dev)95 static void mt7996_mac_sta_poll(struct mt7996_dev *dev)
96 {
97 static const u8 ac_to_tid[] = {
98 [IEEE80211_AC_BE] = 0,
99 [IEEE80211_AC_BK] = 1,
100 [IEEE80211_AC_VI] = 4,
101 [IEEE80211_AC_VO] = 6
102 };
103 struct ieee80211_sta *sta;
104 struct mt7996_sta *msta;
105 struct rate_info *rate;
106 u32 tx_time[IEEE80211_NUM_ACS], rx_time[IEEE80211_NUM_ACS];
107 LIST_HEAD(sta_poll_list);
108 int i;
109
110 spin_lock_bh(&dev->mt76.sta_poll_lock);
111 list_splice_init(&dev->mt76.sta_poll_list, &sta_poll_list);
112 spin_unlock_bh(&dev->mt76.sta_poll_lock);
113
114 rcu_read_lock();
115
116 while (true) {
117 bool clear = false;
118 u32 addr, val;
119 u16 idx;
120 s8 rssi[4];
121 u8 bw;
122
123 spin_lock_bh(&dev->mt76.sta_poll_lock);
124 if (list_empty(&sta_poll_list)) {
125 spin_unlock_bh(&dev->mt76.sta_poll_lock);
126 break;
127 }
128 msta = list_first_entry(&sta_poll_list,
129 struct mt7996_sta, wcid.poll_list);
130 list_del_init(&msta->wcid.poll_list);
131 spin_unlock_bh(&dev->mt76.sta_poll_lock);
132
133 idx = msta->wcid.idx;
134
135 /* refresh peer's airtime reporting */
136 addr = mt7996_mac_wtbl_lmac_addr(dev, idx, 20);
137
138 for (i = 0; i < IEEE80211_NUM_ACS; i++) {
139 u32 tx_last = msta->airtime_ac[i];
140 u32 rx_last = msta->airtime_ac[i + 4];
141
142 msta->airtime_ac[i] = mt76_rr(dev, addr);
143 msta->airtime_ac[i + 4] = mt76_rr(dev, addr + 4);
144
145 tx_time[i] = msta->airtime_ac[i] - tx_last;
146 rx_time[i] = msta->airtime_ac[i + 4] - rx_last;
147
148 if ((tx_last | rx_last) & BIT(30))
149 clear = true;
150
151 addr += 8;
152 }
153
154 if (clear) {
155 mt7996_mac_wtbl_update(dev, idx,
156 MT_WTBL_UPDATE_ADM_COUNT_CLEAR);
157 memset(msta->airtime_ac, 0, sizeof(msta->airtime_ac));
158 }
159
160 if (!msta->wcid.sta)
161 continue;
162
163 sta = container_of((void *)msta, struct ieee80211_sta,
164 drv_priv);
165 for (i = 0; i < IEEE80211_NUM_ACS; i++) {
166 u8 q = mt76_connac_lmac_mapping(i);
167 u32 tx_cur = tx_time[q];
168 u32 rx_cur = rx_time[q];
169 u8 tid = ac_to_tid[i];
170
171 if (!tx_cur && !rx_cur)
172 continue;
173
174 ieee80211_sta_register_airtime(sta, tid, tx_cur, rx_cur);
175 }
176
177 /* We don't support reading GI info from txs packets.
178 * For accurate tx status reporting and AQL improvement,
179 * we need to make sure that flags match so polling GI
180 * from per-sta counters directly.
181 */
182 rate = &msta->wcid.rate;
183
184 switch (rate->bw) {
185 case RATE_INFO_BW_320:
186 bw = IEEE80211_STA_RX_BW_320;
187 break;
188 case RATE_INFO_BW_160:
189 bw = IEEE80211_STA_RX_BW_160;
190 break;
191 case RATE_INFO_BW_80:
192 bw = IEEE80211_STA_RX_BW_80;
193 break;
194 case RATE_INFO_BW_40:
195 bw = IEEE80211_STA_RX_BW_40;
196 break;
197 default:
198 bw = IEEE80211_STA_RX_BW_20;
199 break;
200 }
201
202 addr = mt7996_mac_wtbl_lmac_addr(dev, idx, 6);
203 val = mt76_rr(dev, addr);
204 if (rate->flags & RATE_INFO_FLAGS_EHT_MCS) {
205 addr = mt7996_mac_wtbl_lmac_addr(dev, idx, 5);
206 val = mt76_rr(dev, addr);
207 rate->eht_gi = FIELD_GET(GENMASK(25, 24), val);
208 } else if (rate->flags & RATE_INFO_FLAGS_HE_MCS) {
209 u8 offs = 24 + 2 * bw;
210
211 rate->he_gi = (val & (0x3 << offs)) >> offs;
212 } else if (rate->flags &
213 (RATE_INFO_FLAGS_VHT_MCS | RATE_INFO_FLAGS_MCS)) {
214 if (val & BIT(12 + bw))
215 rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
216 else
217 rate->flags &= ~RATE_INFO_FLAGS_SHORT_GI;
218 }
219
220 /* get signal strength of resp frames (CTS/BA/ACK) */
221 addr = mt7996_mac_wtbl_lmac_addr(dev, idx, 34);
222 val = mt76_rr(dev, addr);
223
224 rssi[0] = to_rssi(GENMASK(7, 0), val);
225 rssi[1] = to_rssi(GENMASK(15, 8), val);
226 rssi[2] = to_rssi(GENMASK(23, 16), val);
227 rssi[3] = to_rssi(GENMASK(31, 14), val);
228
229 msta->ack_signal =
230 mt76_rx_signal(msta->vif->phy->mt76->antenna_mask, rssi);
231
232 ewma_avg_signal_add(&msta->avg_ack_signal, -msta->ack_signal);
233 }
234
235 rcu_read_unlock();
236 }
237
mt7996_mac_enable_rtscts(struct mt7996_dev * dev,struct ieee80211_vif * vif,bool enable)238 void mt7996_mac_enable_rtscts(struct mt7996_dev *dev,
239 struct ieee80211_vif *vif, bool enable)
240 {
241 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
242 u32 addr;
243
244 addr = mt7996_mac_wtbl_lmac_addr(dev, mvif->sta.wcid.idx, 5);
245 if (enable)
246 mt76_set(dev, addr, BIT(5));
247 else
248 mt76_clear(dev, addr, BIT(5));
249 }
250
mt7996_mac_set_fixed_rate_table(struct mt7996_dev * dev,u8 tbl_idx,u16 rate_idx)251 void mt7996_mac_set_fixed_rate_table(struct mt7996_dev *dev,
252 u8 tbl_idx, u16 rate_idx)
253 {
254 u32 ctrl = MT_WTBL_ITCR_WR | MT_WTBL_ITCR_EXEC | tbl_idx;
255
256 mt76_wr(dev, MT_WTBL_ITDR0, rate_idx);
257 /* use wtbl spe idx */
258 mt76_wr(dev, MT_WTBL_ITDR1, MT_WTBL_SPE_IDX_SEL);
259 mt76_wr(dev, MT_WTBL_ITCR, ctrl);
260 }
261
262 /* The HW does not translate the mac header to 802.3 for mesh point */
mt7996_reverse_frag0_hdr_trans(struct sk_buff * skb,u16 hdr_gap)263 static int mt7996_reverse_frag0_hdr_trans(struct sk_buff *skb, u16 hdr_gap)
264 {
265 struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
266 struct ethhdr *eth_hdr = (struct ethhdr *)(skb->data + hdr_gap);
267 struct mt7996_sta *msta = (struct mt7996_sta *)status->wcid;
268 __le32 *rxd = (__le32 *)skb->data;
269 struct ieee80211_sta *sta;
270 struct ieee80211_vif *vif;
271 struct ieee80211_hdr hdr;
272 u16 frame_control;
273
274 if (le32_get_bits(rxd[3], MT_RXD3_NORMAL_ADDR_TYPE) !=
275 MT_RXD3_NORMAL_U2M)
276 return -EINVAL;
277
278 if (!(le32_to_cpu(rxd[1]) & MT_RXD1_NORMAL_GROUP_4))
279 return -EINVAL;
280
281 if (!msta || !msta->vif)
282 return -EINVAL;
283
284 sta = container_of((void *)msta, struct ieee80211_sta, drv_priv);
285 vif = container_of((void *)msta->vif, struct ieee80211_vif, drv_priv);
286
287 /* store the info from RXD and ethhdr to avoid being overridden */
288 frame_control = le32_get_bits(rxd[8], MT_RXD8_FRAME_CONTROL);
289 hdr.frame_control = cpu_to_le16(frame_control);
290 hdr.seq_ctrl = cpu_to_le16(le32_get_bits(rxd[10], MT_RXD10_SEQ_CTRL));
291 hdr.duration_id = 0;
292
293 ether_addr_copy(hdr.addr1, vif->addr);
294 ether_addr_copy(hdr.addr2, sta->addr);
295 switch (frame_control & (IEEE80211_FCTL_TODS |
296 IEEE80211_FCTL_FROMDS)) {
297 case 0:
298 ether_addr_copy(hdr.addr3, vif->bss_conf.bssid);
299 break;
300 case IEEE80211_FCTL_FROMDS:
301 ether_addr_copy(hdr.addr3, eth_hdr->h_source);
302 break;
303 case IEEE80211_FCTL_TODS:
304 ether_addr_copy(hdr.addr3, eth_hdr->h_dest);
305 break;
306 case IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS:
307 ether_addr_copy(hdr.addr3, eth_hdr->h_dest);
308 ether_addr_copy(hdr.addr4, eth_hdr->h_source);
309 break;
310 default:
311 return -EINVAL;
312 }
313
314 skb_pull(skb, hdr_gap + sizeof(struct ethhdr) - 2);
315 if (eth_hdr->h_proto == cpu_to_be16(ETH_P_AARP) ||
316 eth_hdr->h_proto == cpu_to_be16(ETH_P_IPX))
317 ether_addr_copy(skb_push(skb, ETH_ALEN), bridge_tunnel_header);
318 else if (be16_to_cpu(eth_hdr->h_proto) >= ETH_P_802_3_MIN)
319 ether_addr_copy(skb_push(skb, ETH_ALEN), rfc1042_header);
320 else
321 skb_pull(skb, 2);
322
323 if (ieee80211_has_order(hdr.frame_control))
324 memcpy(skb_push(skb, IEEE80211_HT_CTL_LEN), &rxd[11],
325 IEEE80211_HT_CTL_LEN);
326 if (ieee80211_is_data_qos(hdr.frame_control)) {
327 __le16 qos_ctrl;
328
329 qos_ctrl = cpu_to_le16(le32_get_bits(rxd[10], MT_RXD10_QOS_CTL));
330 memcpy(skb_push(skb, IEEE80211_QOS_CTL_LEN), &qos_ctrl,
331 IEEE80211_QOS_CTL_LEN);
332 }
333
334 if (ieee80211_has_a4(hdr.frame_control))
335 memcpy(skb_push(skb, sizeof(hdr)), &hdr, sizeof(hdr));
336 else
337 memcpy(skb_push(skb, sizeof(hdr) - 6), &hdr, sizeof(hdr) - 6);
338
339 return 0;
340 }
341
342 static int
mt7996_mac_fill_rx_rate(struct mt7996_dev * dev,struct mt76_rx_status * status,struct ieee80211_supported_band * sband,__le32 * rxv,u8 * mode)343 mt7996_mac_fill_rx_rate(struct mt7996_dev *dev,
344 struct mt76_rx_status *status,
345 struct ieee80211_supported_band *sband,
346 __le32 *rxv, u8 *mode)
347 {
348 u32 v0, v2;
349 u8 stbc, gi, bw, dcm, nss;
350 int i, idx;
351 bool cck = false;
352
353 v0 = le32_to_cpu(rxv[0]);
354 v2 = le32_to_cpu(rxv[2]);
355
356 idx = FIELD_GET(MT_PRXV_TX_RATE, v0);
357 i = idx;
358 nss = FIELD_GET(MT_PRXV_NSTS, v0) + 1;
359
360 stbc = FIELD_GET(MT_PRXV_HT_STBC, v2);
361 gi = FIELD_GET(MT_PRXV_HT_SHORT_GI, v2);
362 *mode = FIELD_GET(MT_PRXV_TX_MODE, v2);
363 dcm = FIELD_GET(MT_PRXV_DCM, v2);
364 bw = FIELD_GET(MT_PRXV_FRAME_MODE, v2);
365
366 switch (*mode) {
367 case MT_PHY_TYPE_CCK:
368 cck = true;
369 fallthrough;
370 case MT_PHY_TYPE_OFDM:
371 i = mt76_get_rate(&dev->mt76, sband, i, cck);
372 break;
373 case MT_PHY_TYPE_HT_GF:
374 case MT_PHY_TYPE_HT:
375 status->encoding = RX_ENC_HT;
376 if (gi)
377 status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
378 if (i > 31)
379 return -EINVAL;
380 break;
381 case MT_PHY_TYPE_VHT:
382 status->nss = nss;
383 status->encoding = RX_ENC_VHT;
384 if (gi)
385 status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
386 if (i > 11)
387 return -EINVAL;
388 break;
389 case MT_PHY_TYPE_HE_MU:
390 case MT_PHY_TYPE_HE_SU:
391 case MT_PHY_TYPE_HE_EXT_SU:
392 case MT_PHY_TYPE_HE_TB:
393 status->nss = nss;
394 status->encoding = RX_ENC_HE;
395 i &= GENMASK(3, 0);
396
397 if (gi <= NL80211_RATE_INFO_HE_GI_3_2)
398 status->he_gi = gi;
399
400 status->he_dcm = dcm;
401 break;
402 case MT_PHY_TYPE_EHT_SU:
403 case MT_PHY_TYPE_EHT_TRIG:
404 case MT_PHY_TYPE_EHT_MU:
405 status->nss = nss;
406 status->encoding = RX_ENC_EHT;
407 i &= GENMASK(3, 0);
408
409 if (gi <= NL80211_RATE_INFO_EHT_GI_3_2)
410 status->eht.gi = gi;
411 break;
412 default:
413 return -EINVAL;
414 }
415 status->rate_idx = i;
416
417 switch (bw) {
418 case IEEE80211_STA_RX_BW_20:
419 break;
420 case IEEE80211_STA_RX_BW_40:
421 if (*mode & MT_PHY_TYPE_HE_EXT_SU &&
422 (idx & MT_PRXV_TX_ER_SU_106T)) {
423 status->bw = RATE_INFO_BW_HE_RU;
424 status->he_ru =
425 NL80211_RATE_INFO_HE_RU_ALLOC_106;
426 } else {
427 status->bw = RATE_INFO_BW_40;
428 }
429 break;
430 case IEEE80211_STA_RX_BW_80:
431 status->bw = RATE_INFO_BW_80;
432 break;
433 case IEEE80211_STA_RX_BW_160:
434 status->bw = RATE_INFO_BW_160;
435 break;
436 /* rxv reports bw 320-1 and 320-2 separately */
437 case IEEE80211_STA_RX_BW_320:
438 case IEEE80211_STA_RX_BW_320 + 1:
439 status->bw = RATE_INFO_BW_320;
440 break;
441 default:
442 return -EINVAL;
443 }
444
445 status->enc_flags |= RX_ENC_FLAG_STBC_MASK * stbc;
446 if (*mode < MT_PHY_TYPE_HE_SU && gi)
447 status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
448
449 return 0;
450 }
451
452 static int
mt7996_mac_fill_rx(struct mt7996_dev * dev,struct sk_buff * skb)453 mt7996_mac_fill_rx(struct mt7996_dev *dev, struct sk_buff *skb)
454 {
455 struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb;
456 struct mt76_phy *mphy = &dev->mt76.phy;
457 struct mt7996_phy *phy = &dev->phy;
458 struct ieee80211_supported_band *sband;
459 __le32 *rxd = (__le32 *)skb->data;
460 __le32 *rxv = NULL;
461 u32 rxd0 = le32_to_cpu(rxd[0]);
462 u32 rxd1 = le32_to_cpu(rxd[1]);
463 u32 rxd2 = le32_to_cpu(rxd[2]);
464 u32 rxd3 = le32_to_cpu(rxd[3]);
465 u32 rxd4 = le32_to_cpu(rxd[4]);
466 u32 csum_mask = MT_RXD0_NORMAL_IP_SUM | MT_RXD0_NORMAL_UDP_TCP_SUM;
467 u32 csum_status = *(u32 *)skb->cb;
468 u32 mesh_mask = MT_RXD0_MESH | MT_RXD0_MHCP;
469 bool is_mesh = (rxd0 & mesh_mask) == mesh_mask;
470 bool unicast, insert_ccmp_hdr = false;
471 u8 remove_pad, amsdu_info, band_idx;
472 u8 mode = 0, qos_ctl = 0;
473 bool hdr_trans;
474 u16 hdr_gap;
475 u16 seq_ctrl = 0;
476 __le16 fc = 0;
477 int idx;
478
479 memset(status, 0, sizeof(*status));
480
481 band_idx = FIELD_GET(MT_RXD1_NORMAL_BAND_IDX, rxd1);
482 mphy = dev->mt76.phys[band_idx];
483 phy = mphy->priv;
484 status->phy_idx = mphy->band_idx;
485
486 if (!test_bit(MT76_STATE_RUNNING, &mphy->state))
487 return -EINVAL;
488
489 if (rxd2 & MT_RXD2_NORMAL_AMSDU_ERR)
490 return -EINVAL;
491
492 hdr_trans = rxd2 & MT_RXD2_NORMAL_HDR_TRANS;
493 if (hdr_trans && (rxd1 & MT_RXD1_NORMAL_CM))
494 return -EINVAL;
495
496 /* ICV error or CCMP/BIP/WPI MIC error */
497 if (rxd1 & MT_RXD1_NORMAL_ICV_ERR)
498 status->flag |= RX_FLAG_ONLY_MONITOR;
499
500 unicast = FIELD_GET(MT_RXD3_NORMAL_ADDR_TYPE, rxd3) == MT_RXD3_NORMAL_U2M;
501 idx = FIELD_GET(MT_RXD1_NORMAL_WLAN_IDX, rxd1);
502 status->wcid = mt7996_rx_get_wcid(dev, idx, unicast);
503
504 if (status->wcid) {
505 struct mt7996_sta *msta;
506
507 msta = container_of(status->wcid, struct mt7996_sta, wcid);
508 spin_lock_bh(&dev->mt76.sta_poll_lock);
509 if (list_empty(&msta->wcid.poll_list))
510 list_add_tail(&msta->wcid.poll_list,
511 &dev->mt76.sta_poll_list);
512 spin_unlock_bh(&dev->mt76.sta_poll_lock);
513 }
514
515 status->freq = mphy->chandef.chan->center_freq;
516 status->band = mphy->chandef.chan->band;
517 if (status->band == NL80211_BAND_5GHZ)
518 sband = &mphy->sband_5g.sband;
519 else if (status->band == NL80211_BAND_6GHZ)
520 sband = &mphy->sband_6g.sband;
521 else
522 sband = &mphy->sband_2g.sband;
523
524 if (!sband->channels)
525 return -EINVAL;
526
527 if ((rxd0 & csum_mask) == csum_mask &&
528 !(csum_status & (BIT(0) | BIT(2) | BIT(3))))
529 skb->ip_summed = CHECKSUM_UNNECESSARY;
530
531 if (rxd1 & MT_RXD3_NORMAL_FCS_ERR)
532 status->flag |= RX_FLAG_FAILED_FCS_CRC;
533
534 if (rxd1 & MT_RXD1_NORMAL_TKIP_MIC_ERR)
535 status->flag |= RX_FLAG_MMIC_ERROR;
536
537 if (FIELD_GET(MT_RXD2_NORMAL_SEC_MODE, rxd2) != 0 &&
538 !(rxd1 & (MT_RXD1_NORMAL_CLM | MT_RXD1_NORMAL_CM))) {
539 status->flag |= RX_FLAG_DECRYPTED;
540 status->flag |= RX_FLAG_IV_STRIPPED;
541 status->flag |= RX_FLAG_MMIC_STRIPPED | RX_FLAG_MIC_STRIPPED;
542 }
543
544 remove_pad = FIELD_GET(MT_RXD2_NORMAL_HDR_OFFSET, rxd2);
545
546 if (rxd2 & MT_RXD2_NORMAL_MAX_LEN_ERROR)
547 return -EINVAL;
548
549 rxd += 8;
550 if (rxd1 & MT_RXD1_NORMAL_GROUP_4) {
551 u32 v0 = le32_to_cpu(rxd[0]);
552 u32 v2 = le32_to_cpu(rxd[2]);
553
554 fc = cpu_to_le16(FIELD_GET(MT_RXD8_FRAME_CONTROL, v0));
555 qos_ctl = FIELD_GET(MT_RXD10_QOS_CTL, v2);
556 seq_ctrl = FIELD_GET(MT_RXD10_SEQ_CTRL, v2);
557
558 rxd += 4;
559 if ((u8 *)rxd - skb->data >= skb->len)
560 return -EINVAL;
561 }
562
563 if (rxd1 & MT_RXD1_NORMAL_GROUP_1) {
564 u8 *data = (u8 *)rxd;
565
566 if (status->flag & RX_FLAG_DECRYPTED) {
567 switch (FIELD_GET(MT_RXD2_NORMAL_SEC_MODE, rxd2)) {
568 case MT_CIPHER_AES_CCMP:
569 case MT_CIPHER_CCMP_CCX:
570 case MT_CIPHER_CCMP_256:
571 insert_ccmp_hdr =
572 FIELD_GET(MT_RXD2_NORMAL_FRAG, rxd2);
573 fallthrough;
574 case MT_CIPHER_TKIP:
575 case MT_CIPHER_TKIP_NO_MIC:
576 case MT_CIPHER_GCMP:
577 case MT_CIPHER_GCMP_256:
578 status->iv[0] = data[5];
579 status->iv[1] = data[4];
580 status->iv[2] = data[3];
581 status->iv[3] = data[2];
582 status->iv[4] = data[1];
583 status->iv[5] = data[0];
584 break;
585 default:
586 break;
587 }
588 }
589 rxd += 4;
590 if ((u8 *)rxd - skb->data >= skb->len)
591 return -EINVAL;
592 }
593
594 if (rxd1 & MT_RXD1_NORMAL_GROUP_2) {
595 status->timestamp = le32_to_cpu(rxd[0]);
596 status->flag |= RX_FLAG_MACTIME_START;
597
598 if (!(rxd2 & MT_RXD2_NORMAL_NON_AMPDU)) {
599 status->flag |= RX_FLAG_AMPDU_DETAILS;
600
601 /* all subframes of an A-MPDU have the same timestamp */
602 if (phy->rx_ampdu_ts != status->timestamp) {
603 if (!++phy->ampdu_ref)
604 phy->ampdu_ref++;
605 }
606 phy->rx_ampdu_ts = status->timestamp;
607
608 status->ampdu_ref = phy->ampdu_ref;
609 }
610
611 rxd += 4;
612 if ((u8 *)rxd - skb->data >= skb->len)
613 return -EINVAL;
614 }
615
616 /* RXD Group 3 - P-RXV */
617 if (rxd1 & MT_RXD1_NORMAL_GROUP_3) {
618 u32 v3;
619 int ret;
620
621 rxv = rxd;
622 rxd += 4;
623 if ((u8 *)rxd - skb->data >= skb->len)
624 return -EINVAL;
625
626 v3 = le32_to_cpu(rxv[3]);
627
628 status->chains = mphy->antenna_mask;
629 status->chain_signal[0] = to_rssi(MT_PRXV_RCPI0, v3);
630 status->chain_signal[1] = to_rssi(MT_PRXV_RCPI1, v3);
631 status->chain_signal[2] = to_rssi(MT_PRXV_RCPI2, v3);
632 status->chain_signal[3] = to_rssi(MT_PRXV_RCPI3, v3);
633
634 /* RXD Group 5 - C-RXV */
635 if (rxd1 & MT_RXD1_NORMAL_GROUP_5) {
636 rxd += 24;
637 if ((u8 *)rxd - skb->data >= skb->len)
638 return -EINVAL;
639 }
640
641 ret = mt7996_mac_fill_rx_rate(dev, status, sband, rxv, &mode);
642 if (ret < 0)
643 return ret;
644 }
645
646 amsdu_info = FIELD_GET(MT_RXD4_NORMAL_PAYLOAD_FORMAT, rxd4);
647 status->amsdu = !!amsdu_info;
648 if (status->amsdu) {
649 status->first_amsdu = amsdu_info == MT_RXD4_FIRST_AMSDU_FRAME;
650 status->last_amsdu = amsdu_info == MT_RXD4_LAST_AMSDU_FRAME;
651 }
652
653 /* IEEE 802.11 fragmentation can only be applied to unicast frames.
654 * Hence, drop fragments with multicast/broadcast RA.
655 * This check fixes vulnerabilities, like CVE-2020-26145.
656 */
657 if ((ieee80211_has_morefrags(fc) || seq_ctrl & IEEE80211_SCTL_FRAG) &&
658 FIELD_GET(MT_RXD3_NORMAL_ADDR_TYPE, rxd3) != MT_RXD3_NORMAL_U2M)
659 return -EINVAL;
660
661 hdr_gap = (u8 *)rxd - skb->data + 2 * remove_pad;
662 if (hdr_trans && ieee80211_has_morefrags(fc)) {
663 if (mt7996_reverse_frag0_hdr_trans(skb, hdr_gap))
664 return -EINVAL;
665 hdr_trans = false;
666 } else {
667 int pad_start = 0;
668
669 skb_pull(skb, hdr_gap);
670 if (!hdr_trans && status->amsdu && !(ieee80211_has_a4(fc) && is_mesh)) {
671 pad_start = ieee80211_get_hdrlen_from_skb(skb);
672 } else if (hdr_trans && (rxd2 & MT_RXD2_NORMAL_HDR_TRANS_ERROR)) {
673 /* When header translation failure is indicated,
674 * the hardware will insert an extra 2-byte field
675 * containing the data length after the protocol
676 * type field. This happens either when the LLC-SNAP
677 * pattern did not match, or if a VLAN header was
678 * detected.
679 */
680 pad_start = 12;
681 if (get_unaligned_be16(skb->data + pad_start) == ETH_P_8021Q)
682 pad_start += 4;
683 else
684 pad_start = 0;
685 }
686
687 if (pad_start) {
688 memmove(skb->data + 2, skb->data, pad_start);
689 skb_pull(skb, 2);
690 }
691 }
692
693 if (!hdr_trans) {
694 struct ieee80211_hdr *hdr;
695
696 if (insert_ccmp_hdr) {
697 u8 key_id = FIELD_GET(MT_RXD1_NORMAL_KEY_ID, rxd1);
698
699 mt76_insert_ccmp_hdr(skb, key_id);
700 }
701
702 hdr = mt76_skb_get_hdr(skb);
703 fc = hdr->frame_control;
704 if (ieee80211_is_data_qos(fc)) {
705 u8 *qos = ieee80211_get_qos_ctl(hdr);
706
707 seq_ctrl = le16_to_cpu(hdr->seq_ctrl);
708 qos_ctl = *qos;
709
710 /* Mesh DA/SA/Length will be stripped after hardware
711 * de-amsdu, so here needs to clear amsdu present bit
712 * to mark it as a normal mesh frame.
713 */
714 if (ieee80211_has_a4(fc) && is_mesh && status->amsdu)
715 *qos &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT;
716 }
717 } else {
718 status->flag |= RX_FLAG_8023;
719 }
720
721 if (rxv && mode >= MT_PHY_TYPE_HE_SU && !(status->flag & RX_FLAG_8023))
722 mt76_connac3_mac_decode_he_radiotap(skb, rxv, mode);
723
724 if (!status->wcid || !ieee80211_is_data_qos(fc))
725 return 0;
726
727 status->aggr = unicast &&
728 !ieee80211_is_qos_nullfunc(fc);
729 status->qos_ctl = qos_ctl;
730 status->seqno = IEEE80211_SEQ_TO_SN(seq_ctrl);
731
732 return 0;
733 }
734
735 static void
mt7996_mac_write_txwi_8023(struct mt7996_dev * dev,__le32 * txwi,struct sk_buff * skb,struct mt76_wcid * wcid)736 mt7996_mac_write_txwi_8023(struct mt7996_dev *dev, __le32 *txwi,
737 struct sk_buff *skb, struct mt76_wcid *wcid)
738 {
739 u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
740 u8 fc_type, fc_stype;
741 u16 ethertype;
742 bool wmm = false;
743 u32 val;
744
745 if (wcid->sta) {
746 struct ieee80211_sta *sta;
747
748 sta = container_of((void *)wcid, struct ieee80211_sta, drv_priv);
749 wmm = sta->wme;
750 }
751
752 val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_3) |
753 FIELD_PREP(MT_TXD1_TID, tid);
754
755 ethertype = get_unaligned_be16(&skb->data[12]);
756 if (ethertype >= ETH_P_802_3_MIN)
757 val |= MT_TXD1_ETH_802_3;
758
759 txwi[1] |= cpu_to_le32(val);
760
761 fc_type = IEEE80211_FTYPE_DATA >> 2;
762 fc_stype = wmm ? IEEE80211_STYPE_QOS_DATA >> 4 : 0;
763
764 val = FIELD_PREP(MT_TXD2_FRAME_TYPE, fc_type) |
765 FIELD_PREP(MT_TXD2_SUB_TYPE, fc_stype);
766
767 txwi[2] |= cpu_to_le32(val);
768
769 if (wcid->amsdu)
770 txwi[3] |= cpu_to_le32(MT_TXD3_HW_AMSDU);
771 }
772
773 static void
mt7996_mac_write_txwi_80211(struct mt7996_dev * dev,__le32 * txwi,struct sk_buff * skb,struct ieee80211_key_conf * key)774 mt7996_mac_write_txwi_80211(struct mt7996_dev *dev, __le32 *txwi,
775 struct sk_buff *skb, struct ieee80211_key_conf *key)
776 {
777 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
778 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
779 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
780 bool multicast = is_multicast_ether_addr(hdr->addr1);
781 u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
782 __le16 fc = hdr->frame_control;
783 u8 fc_type, fc_stype;
784 u32 val;
785
786 if (ieee80211_is_action(fc) &&
787 mgmt->u.action.category == WLAN_CATEGORY_BACK &&
788 mgmt->u.action.u.addba_req.action_code == WLAN_ACTION_ADDBA_REQ)
789 tid = MT_TX_ADDBA;
790 else if (ieee80211_is_mgmt(hdr->frame_control))
791 tid = MT_TX_NORMAL;
792
793 val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_11) |
794 FIELD_PREP(MT_TXD1_HDR_INFO,
795 ieee80211_get_hdrlen_from_skb(skb) / 2) |
796 FIELD_PREP(MT_TXD1_TID, tid);
797
798 if (!ieee80211_is_data(fc) || multicast ||
799 info->flags & IEEE80211_TX_CTL_USE_MINRATE)
800 val |= MT_TXD1_FIXED_RATE;
801
802 if (key && multicast && ieee80211_is_robust_mgmt_frame(skb) &&
803 key->cipher == WLAN_CIPHER_SUITE_AES_CMAC) {
804 val |= MT_TXD1_BIP;
805 txwi[3] &= ~cpu_to_le32(MT_TXD3_PROTECT_FRAME);
806 }
807
808 txwi[1] |= cpu_to_le32(val);
809
810 fc_type = (le16_to_cpu(fc) & IEEE80211_FCTL_FTYPE) >> 2;
811 fc_stype = (le16_to_cpu(fc) & IEEE80211_FCTL_STYPE) >> 4;
812
813 val = FIELD_PREP(MT_TXD2_FRAME_TYPE, fc_type) |
814 FIELD_PREP(MT_TXD2_SUB_TYPE, fc_stype);
815
816 txwi[2] |= cpu_to_le32(val);
817
818 txwi[3] |= cpu_to_le32(FIELD_PREP(MT_TXD3_BCM, multicast));
819 if (ieee80211_is_beacon(fc)) {
820 txwi[3] &= ~cpu_to_le32(MT_TXD3_SW_POWER_MGMT);
821 txwi[3] |= cpu_to_le32(MT_TXD3_REM_TX_COUNT);
822 }
823
824 if (info->flags & IEEE80211_TX_CTL_INJECTED) {
825 u16 seqno = le16_to_cpu(hdr->seq_ctrl);
826
827 if (ieee80211_is_back_req(hdr->frame_control)) {
828 struct ieee80211_bar *bar;
829
830 bar = (struct ieee80211_bar *)skb->data;
831 seqno = le16_to_cpu(bar->start_seq_num);
832 }
833
834 val = MT_TXD3_SN_VALID |
835 FIELD_PREP(MT_TXD3_SEQ, IEEE80211_SEQ_TO_SN(seqno));
836 txwi[3] |= cpu_to_le32(val);
837 txwi[3] &= ~cpu_to_le32(MT_TXD3_HW_AMSDU);
838 }
839 }
840
mt7996_mac_write_txwi(struct mt7996_dev * dev,__le32 * txwi,struct sk_buff * skb,struct mt76_wcid * wcid,struct ieee80211_key_conf * key,int pid,enum mt76_txq_id qid,u32 changed)841 void mt7996_mac_write_txwi(struct mt7996_dev *dev, __le32 *txwi,
842 struct sk_buff *skb, struct mt76_wcid *wcid,
843 struct ieee80211_key_conf *key, int pid,
844 enum mt76_txq_id qid, u32 changed)
845 {
846 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
847 struct ieee80211_vif *vif = info->control.vif;
848 u8 band_idx = (info->hw_queue & MT_TX_HW_QUEUE_PHY) >> 2;
849 u8 p_fmt, q_idx, omac_idx = 0, wmm_idx = 0;
850 bool is_8023 = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
851 struct mt76_vif *mvif;
852 u16 tx_count = 15;
853 u32 val;
854 bool inband_disc = !!(changed & (BSS_CHANGED_UNSOL_BCAST_PROBE_RESP |
855 BSS_CHANGED_FILS_DISCOVERY));
856 bool beacon = !!(changed & (BSS_CHANGED_BEACON |
857 BSS_CHANGED_BEACON_ENABLED)) && (!inband_disc);
858
859 mvif = vif ? (struct mt76_vif *)vif->drv_priv : NULL;
860 if (mvif) {
861 omac_idx = mvif->omac_idx;
862 wmm_idx = mvif->wmm_idx;
863 band_idx = mvif->band_idx;
864 }
865
866 if (inband_disc) {
867 p_fmt = MT_TX_TYPE_FW;
868 q_idx = MT_LMAC_ALTX0;
869 } else if (beacon) {
870 p_fmt = MT_TX_TYPE_FW;
871 q_idx = MT_LMAC_BCN0;
872 } else if (qid >= MT_TXQ_PSD) {
873 p_fmt = MT_TX_TYPE_CT;
874 q_idx = MT_LMAC_ALTX0;
875 } else {
876 p_fmt = MT_TX_TYPE_CT;
877 q_idx = wmm_idx * MT7996_MAX_WMM_SETS +
878 mt76_connac_lmac_mapping(skb_get_queue_mapping(skb));
879 }
880
881 val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len + MT_TXD_SIZE) |
882 FIELD_PREP(MT_TXD0_PKT_FMT, p_fmt) |
883 FIELD_PREP(MT_TXD0_Q_IDX, q_idx);
884 txwi[0] = cpu_to_le32(val);
885
886 val = FIELD_PREP(MT_TXD1_WLAN_IDX, wcid->idx) |
887 FIELD_PREP(MT_TXD1_OWN_MAC, omac_idx);
888
889 if (band_idx)
890 val |= FIELD_PREP(MT_TXD1_TGID, band_idx);
891
892 txwi[1] = cpu_to_le32(val);
893 txwi[2] = 0;
894
895 val = MT_TXD3_SW_POWER_MGMT |
896 FIELD_PREP(MT_TXD3_REM_TX_COUNT, tx_count);
897 if (key)
898 val |= MT_TXD3_PROTECT_FRAME;
899 if (info->flags & IEEE80211_TX_CTL_NO_ACK)
900 val |= MT_TXD3_NO_ACK;
901
902 txwi[3] = cpu_to_le32(val);
903 txwi[4] = 0;
904
905 val = FIELD_PREP(MT_TXD5_PID, pid);
906 if (pid >= MT_PACKET_ID_FIRST)
907 val |= MT_TXD5_TX_STATUS_HOST;
908 txwi[5] = cpu_to_le32(val);
909
910 val = MT_TXD6_DIS_MAT | MT_TXD6_DAS |
911 FIELD_PREP(MT_TXD6_MSDU_CNT, 1);
912 txwi[6] = cpu_to_le32(val);
913 txwi[7] = 0;
914
915 if (is_8023)
916 mt7996_mac_write_txwi_8023(dev, txwi, skb, wcid);
917 else
918 mt7996_mac_write_txwi_80211(dev, txwi, skb, key);
919
920 if (txwi[1] & cpu_to_le32(MT_TXD1_FIXED_RATE)) {
921 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
922 bool mcast = ieee80211_is_data(hdr->frame_control) &&
923 is_multicast_ether_addr(hdr->addr1);
924 u8 idx = MT7996_BASIC_RATES_TBL;
925
926 if (mvif) {
927 if (mcast && mvif->mcast_rates_idx)
928 idx = mvif->mcast_rates_idx;
929 else if (beacon && mvif->beacon_rates_idx)
930 idx = mvif->beacon_rates_idx;
931 else
932 idx = mvif->basic_rates_idx;
933 }
934
935 txwi[6] |= cpu_to_le32(FIELD_PREP(MT_TXD6_TX_RATE, idx));
936 txwi[3] |= cpu_to_le32(MT_TXD3_BA_DISABLE);
937 }
938 }
939
mt7996_tx_prepare_skb(struct mt76_dev * mdev,void * txwi_ptr,enum mt76_txq_id qid,struct mt76_wcid * wcid,struct ieee80211_sta * sta,struct mt76_tx_info * tx_info)940 int mt7996_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr,
941 enum mt76_txq_id qid, struct mt76_wcid *wcid,
942 struct ieee80211_sta *sta,
943 struct mt76_tx_info *tx_info)
944 {
945 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx_info->skb->data;
946 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
947 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx_info->skb);
948 struct ieee80211_key_conf *key = info->control.hw_key;
949 struct ieee80211_vif *vif = info->control.vif;
950 struct mt76_connac_txp_common *txp;
951 struct mt76_txwi_cache *t;
952 int id, i, pid, nbuf = tx_info->nbuf - 1;
953 bool is_8023 = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
954 u8 *txwi = (u8 *)txwi_ptr;
955
956 if (unlikely(tx_info->skb->len <= ETH_HLEN))
957 return -EINVAL;
958
959 if (!wcid)
960 wcid = &dev->mt76.global_wcid;
961
962 if (sta) {
963 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
964
965 if (time_after(jiffies, msta->jiffies + HZ / 4)) {
966 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
967 msta->jiffies = jiffies;
968 }
969 }
970
971 t = (struct mt76_txwi_cache *)(txwi + mdev->drv->txwi_size);
972 t->skb = tx_info->skb;
973
974 id = mt76_token_consume(mdev, &t);
975 if (id < 0)
976 return id;
977
978 pid = mt76_tx_status_skb_add(mdev, wcid, tx_info->skb);
979 mt7996_mac_write_txwi(dev, txwi_ptr, tx_info->skb, wcid, key,
980 pid, qid, 0);
981
982 txp = (struct mt76_connac_txp_common *)(txwi + MT_TXD_SIZE);
983 for (i = 0; i < nbuf; i++) {
984 txp->fw.buf[i] = cpu_to_le32(tx_info->buf[i + 1].addr);
985 txp->fw.len[i] = cpu_to_le16(tx_info->buf[i + 1].len);
986 }
987 txp->fw.nbuf = nbuf;
988
989 txp->fw.flags =
990 cpu_to_le16(MT_CT_INFO_FROM_HOST | MT_CT_INFO_APPLY_TXD);
991
992 if (!key)
993 txp->fw.flags |= cpu_to_le16(MT_CT_INFO_NONE_CIPHER_FRAME);
994
995 if (!is_8023 && ieee80211_is_mgmt(hdr->frame_control))
996 txp->fw.flags |= cpu_to_le16(MT_CT_INFO_MGMT_FRAME);
997
998 if (vif) {
999 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1000
1001 txp->fw.bss_idx = mvif->mt76.idx;
1002 }
1003
1004 txp->fw.token = cpu_to_le16(id);
1005 txp->fw.rept_wds_wcid = cpu_to_le16(sta ? wcid->idx : 0xfff);
1006
1007 tx_info->skb = NULL;
1008
1009 /* pass partial skb header to fw */
1010 tx_info->buf[1].len = MT_CT_PARSE_LEN;
1011 tx_info->buf[1].skip_unmap = true;
1012 tx_info->nbuf = MT_CT_DMA_BUF_NUM;
1013
1014 return 0;
1015 }
1016
1017 static void
mt7996_tx_check_aggr(struct ieee80211_sta * sta,__le32 * txwi)1018 mt7996_tx_check_aggr(struct ieee80211_sta *sta, __le32 *txwi)
1019 {
1020 struct mt7996_sta *msta;
1021 u16 fc, tid;
1022 u32 val;
1023
1024 if (!sta || !(sta->deflink.ht_cap.ht_supported || sta->deflink.he_cap.has_he))
1025 return;
1026
1027 tid = le32_get_bits(txwi[1], MT_TXD1_TID);
1028 if (tid >= 6) /* skip VO queue */
1029 return;
1030
1031 val = le32_to_cpu(txwi[2]);
1032 fc = FIELD_GET(MT_TXD2_FRAME_TYPE, val) << 2 |
1033 FIELD_GET(MT_TXD2_SUB_TYPE, val) << 4;
1034 if (unlikely(fc != (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_QOS_DATA)))
1035 return;
1036
1037 msta = (struct mt7996_sta *)sta->drv_priv;
1038 if (!test_and_set_bit(tid, &msta->wcid.ampdu_state))
1039 ieee80211_start_tx_ba_session(sta, tid, 0);
1040 }
1041
1042 static void
mt7996_txwi_free(struct mt7996_dev * dev,struct mt76_txwi_cache * t,struct ieee80211_sta * sta,struct list_head * free_list)1043 mt7996_txwi_free(struct mt7996_dev *dev, struct mt76_txwi_cache *t,
1044 struct ieee80211_sta *sta, struct list_head *free_list)
1045 {
1046 struct mt76_dev *mdev = &dev->mt76;
1047 struct mt76_wcid *wcid;
1048 __le32 *txwi;
1049 u16 wcid_idx;
1050
1051 mt76_connac_txp_skb_unmap(mdev, t);
1052 if (!t->skb)
1053 goto out;
1054
1055 txwi = (__le32 *)mt76_get_txwi_ptr(mdev, t);
1056 if (sta) {
1057 wcid = (struct mt76_wcid *)sta->drv_priv;
1058 wcid_idx = wcid->idx;
1059
1060 if (likely(t->skb->protocol != cpu_to_be16(ETH_P_PAE)))
1061 mt7996_tx_check_aggr(sta, txwi);
1062 } else {
1063 wcid_idx = le32_get_bits(txwi[9], MT_TXD9_WLAN_IDX);
1064 }
1065
1066 __mt76_tx_complete_skb(mdev, wcid_idx, t->skb, free_list);
1067
1068 out:
1069 t->skb = NULL;
1070 mt76_put_txwi(mdev, t);
1071 }
1072
1073 static void
mt7996_mac_tx_free(struct mt7996_dev * dev,void * data,int len)1074 mt7996_mac_tx_free(struct mt7996_dev *dev, void *data, int len)
1075 {
1076 __le32 *tx_free = (__le32 *)data, *cur_info;
1077 struct mt76_dev *mdev = &dev->mt76;
1078 struct mt76_phy *phy2 = mdev->phys[MT_BAND1];
1079 struct mt76_phy *phy3 = mdev->phys[MT_BAND2];
1080 struct mt76_txwi_cache *txwi;
1081 struct ieee80211_sta *sta = NULL;
1082 LIST_HEAD(free_list);
1083 struct sk_buff *skb, *tmp;
1084 void *end = data + len;
1085 bool wake = false;
1086 u16 total, count = 0;
1087
1088 /* clean DMA queues and unmap buffers first */
1089 mt76_queue_tx_cleanup(dev, dev->mphy.q_tx[MT_TXQ_PSD], false);
1090 mt76_queue_tx_cleanup(dev, dev->mphy.q_tx[MT_TXQ_BE], false);
1091 if (phy2) {
1092 mt76_queue_tx_cleanup(dev, phy2->q_tx[MT_TXQ_PSD], false);
1093 mt76_queue_tx_cleanup(dev, phy2->q_tx[MT_TXQ_BE], false);
1094 }
1095 if (phy3) {
1096 mt76_queue_tx_cleanup(dev, phy3->q_tx[MT_TXQ_PSD], false);
1097 mt76_queue_tx_cleanup(dev, phy3->q_tx[MT_TXQ_BE], false);
1098 }
1099
1100 if (WARN_ON_ONCE(le32_get_bits(tx_free[1], MT_TXFREE1_VER) < 4))
1101 return;
1102
1103 total = le32_get_bits(tx_free[0], MT_TXFREE0_MSDU_CNT);
1104 for (cur_info = &tx_free[2]; count < total; cur_info++) {
1105 u32 msdu, info;
1106 u8 i;
1107
1108 if (WARN_ON_ONCE((void *)cur_info >= end))
1109 return;
1110 /* 1'b1: new wcid pair.
1111 * 1'b0: msdu_id with the same 'wcid pair' as above.
1112 */
1113 info = le32_to_cpu(*cur_info);
1114 if (info & MT_TXFREE_INFO_PAIR) {
1115 struct mt7996_sta *msta;
1116 struct mt76_wcid *wcid;
1117 u16 idx;
1118
1119 idx = FIELD_GET(MT_TXFREE_INFO_WLAN_ID, info);
1120 wcid = rcu_dereference(dev->mt76.wcid[idx]);
1121 sta = wcid_to_sta(wcid);
1122 if (!sta)
1123 continue;
1124
1125 msta = container_of(wcid, struct mt7996_sta, wcid);
1126 spin_lock_bh(&mdev->sta_poll_lock);
1127 if (list_empty(&msta->wcid.poll_list))
1128 list_add_tail(&msta->wcid.poll_list,
1129 &mdev->sta_poll_list);
1130 spin_unlock_bh(&mdev->sta_poll_lock);
1131 continue;
1132 }
1133
1134 if (info & MT_TXFREE_INFO_HEADER)
1135 continue;
1136
1137 for (i = 0; i < 2; i++) {
1138 msdu = (info >> (15 * i)) & MT_TXFREE_INFO_MSDU_ID;
1139 if (msdu == MT_TXFREE_INFO_MSDU_ID)
1140 continue;
1141
1142 count++;
1143 txwi = mt76_token_release(mdev, msdu, &wake);
1144 if (!txwi)
1145 continue;
1146
1147 mt7996_txwi_free(dev, txwi, sta, &free_list);
1148 }
1149 }
1150
1151 mt7996_mac_sta_poll(dev);
1152
1153 if (wake)
1154 mt76_set_tx_blocked(&dev->mt76, false);
1155
1156 mt76_worker_schedule(&dev->mt76.tx_worker);
1157
1158 list_for_each_entry_safe(skb, tmp, &free_list, list) {
1159 skb_list_del_init(skb);
1160 napi_consume_skb(skb, 1);
1161 }
1162 }
1163
1164 static bool
mt7996_mac_add_txs_skb(struct mt7996_dev * dev,struct mt76_wcid * wcid,int pid,__le32 * txs_data)1165 mt7996_mac_add_txs_skb(struct mt7996_dev *dev, struct mt76_wcid *wcid,
1166 int pid, __le32 *txs_data)
1167 {
1168 struct mt76_sta_stats *stats = &wcid->stats;
1169 struct ieee80211_supported_band *sband;
1170 struct mt76_dev *mdev = &dev->mt76;
1171 struct mt76_phy *mphy;
1172 struct ieee80211_tx_info *info;
1173 struct sk_buff_head list;
1174 struct rate_info rate = {};
1175 struct sk_buff *skb;
1176 bool cck = false;
1177 u32 txrate, txs, mode, stbc;
1178
1179 mt76_tx_status_lock(mdev, &list);
1180 skb = mt76_tx_status_skb_get(mdev, wcid, pid, &list);
1181 if (!skb)
1182 goto out_no_skb;
1183
1184 txs = le32_to_cpu(txs_data[0]);
1185
1186 info = IEEE80211_SKB_CB(skb);
1187 if (!(txs & MT_TXS0_ACK_ERROR_MASK))
1188 info->flags |= IEEE80211_TX_STAT_ACK;
1189
1190 info->status.ampdu_len = 1;
1191 info->status.ampdu_ack_len = !!(info->flags &
1192 IEEE80211_TX_STAT_ACK);
1193
1194 info->status.rates[0].idx = -1;
1195
1196 txrate = FIELD_GET(MT_TXS0_TX_RATE, txs);
1197
1198 rate.mcs = FIELD_GET(MT_TX_RATE_IDX, txrate);
1199 rate.nss = FIELD_GET(MT_TX_RATE_NSS, txrate) + 1;
1200 stbc = le32_get_bits(txs_data[3], MT_TXS3_RATE_STBC);
1201
1202 if (stbc && rate.nss > 1)
1203 rate.nss >>= 1;
1204
1205 if (rate.nss - 1 < ARRAY_SIZE(stats->tx_nss))
1206 stats->tx_nss[rate.nss - 1]++;
1207 if (rate.mcs < ARRAY_SIZE(stats->tx_mcs))
1208 stats->tx_mcs[rate.mcs]++;
1209
1210 mode = FIELD_GET(MT_TX_RATE_MODE, txrate);
1211 switch (mode) {
1212 case MT_PHY_TYPE_CCK:
1213 cck = true;
1214 fallthrough;
1215 case MT_PHY_TYPE_OFDM:
1216 mphy = mt76_dev_phy(mdev, wcid->phy_idx);
1217
1218 if (mphy->chandef.chan->band == NL80211_BAND_5GHZ)
1219 sband = &mphy->sband_5g.sband;
1220 else if (mphy->chandef.chan->band == NL80211_BAND_6GHZ)
1221 sband = &mphy->sband_6g.sband;
1222 else
1223 sband = &mphy->sband_2g.sband;
1224
1225 rate.mcs = mt76_get_rate(mphy->dev, sband, rate.mcs, cck);
1226 rate.legacy = sband->bitrates[rate.mcs].bitrate;
1227 break;
1228 case MT_PHY_TYPE_HT:
1229 case MT_PHY_TYPE_HT_GF:
1230 if (rate.mcs > 31)
1231 goto out;
1232
1233 rate.flags = RATE_INFO_FLAGS_MCS;
1234 if (wcid->rate.flags & RATE_INFO_FLAGS_SHORT_GI)
1235 rate.flags |= RATE_INFO_FLAGS_SHORT_GI;
1236 break;
1237 case MT_PHY_TYPE_VHT:
1238 if (rate.mcs > 9)
1239 goto out;
1240
1241 rate.flags = RATE_INFO_FLAGS_VHT_MCS;
1242 break;
1243 case MT_PHY_TYPE_HE_SU:
1244 case MT_PHY_TYPE_HE_EXT_SU:
1245 case MT_PHY_TYPE_HE_TB:
1246 case MT_PHY_TYPE_HE_MU:
1247 if (rate.mcs > 11)
1248 goto out;
1249
1250 rate.he_gi = wcid->rate.he_gi;
1251 rate.he_dcm = FIELD_GET(MT_TX_RATE_DCM, txrate);
1252 rate.flags = RATE_INFO_FLAGS_HE_MCS;
1253 break;
1254 case MT_PHY_TYPE_EHT_SU:
1255 case MT_PHY_TYPE_EHT_TRIG:
1256 case MT_PHY_TYPE_EHT_MU:
1257 if (rate.mcs > 13)
1258 goto out;
1259
1260 rate.eht_gi = wcid->rate.eht_gi;
1261 rate.flags = RATE_INFO_FLAGS_EHT_MCS;
1262 break;
1263 default:
1264 goto out;
1265 }
1266
1267 stats->tx_mode[mode]++;
1268
1269 switch (FIELD_GET(MT_TXS0_BW, txs)) {
1270 case IEEE80211_STA_RX_BW_320:
1271 rate.bw = RATE_INFO_BW_320;
1272 stats->tx_bw[4]++;
1273 break;
1274 case IEEE80211_STA_RX_BW_160:
1275 rate.bw = RATE_INFO_BW_160;
1276 stats->tx_bw[3]++;
1277 break;
1278 case IEEE80211_STA_RX_BW_80:
1279 rate.bw = RATE_INFO_BW_80;
1280 stats->tx_bw[2]++;
1281 break;
1282 case IEEE80211_STA_RX_BW_40:
1283 rate.bw = RATE_INFO_BW_40;
1284 stats->tx_bw[1]++;
1285 break;
1286 default:
1287 rate.bw = RATE_INFO_BW_20;
1288 stats->tx_bw[0]++;
1289 break;
1290 }
1291 wcid->rate = rate;
1292
1293 out:
1294 mt76_tx_status_skb_done(mdev, skb, &list);
1295
1296 out_no_skb:
1297 mt76_tx_status_unlock(mdev, &list);
1298
1299 return !!skb;
1300 }
1301
mt7996_mac_add_txs(struct mt7996_dev * dev,void * data)1302 static void mt7996_mac_add_txs(struct mt7996_dev *dev, void *data)
1303 {
1304 struct mt7996_sta *msta = NULL;
1305 struct mt76_wcid *wcid;
1306 __le32 *txs_data = data;
1307 u16 wcidx;
1308 u8 pid;
1309
1310 if (le32_get_bits(txs_data[0], MT_TXS0_TXS_FORMAT) > 1)
1311 return;
1312
1313 wcidx = le32_get_bits(txs_data[2], MT_TXS2_WCID);
1314 pid = le32_get_bits(txs_data[3], MT_TXS3_PID);
1315
1316 if (pid < MT_PACKET_ID_FIRST)
1317 return;
1318
1319 if (wcidx >= mt7996_wtbl_size(dev))
1320 return;
1321
1322 rcu_read_lock();
1323
1324 wcid = rcu_dereference(dev->mt76.wcid[wcidx]);
1325 if (!wcid)
1326 goto out;
1327
1328 msta = container_of(wcid, struct mt7996_sta, wcid);
1329
1330 mt7996_mac_add_txs_skb(dev, wcid, pid, txs_data);
1331
1332 if (!wcid->sta)
1333 goto out;
1334
1335 spin_lock_bh(&dev->mt76.sta_poll_lock);
1336 if (list_empty(&msta->wcid.poll_list))
1337 list_add_tail(&msta->wcid.poll_list, &dev->mt76.sta_poll_list);
1338 spin_unlock_bh(&dev->mt76.sta_poll_lock);
1339
1340 out:
1341 rcu_read_unlock();
1342 }
1343
mt7996_rx_check(struct mt76_dev * mdev,void * data,int len)1344 bool mt7996_rx_check(struct mt76_dev *mdev, void *data, int len)
1345 {
1346 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
1347 __le32 *rxd = (__le32 *)data;
1348 __le32 *end = (__le32 *)&rxd[len / 4];
1349 enum rx_pkt_type type;
1350
1351 type = le32_get_bits(rxd[0], MT_RXD0_PKT_TYPE);
1352 if (type != PKT_TYPE_NORMAL) {
1353 u32 sw_type = le32_get_bits(rxd[0], MT_RXD0_SW_PKT_TYPE_MASK);
1354
1355 if (unlikely((sw_type & MT_RXD0_SW_PKT_TYPE_MAP) ==
1356 MT_RXD0_SW_PKT_TYPE_FRAME))
1357 return true;
1358 }
1359
1360 switch (type) {
1361 case PKT_TYPE_TXRX_NOTIFY:
1362 mt7996_mac_tx_free(dev, data, len);
1363 return false;
1364 case PKT_TYPE_TXS:
1365 for (rxd += MT_TXS_HDR_SIZE; rxd + MT_TXS_SIZE <= end; rxd += MT_TXS_SIZE)
1366 mt7996_mac_add_txs(dev, rxd);
1367 return false;
1368 case PKT_TYPE_RX_FW_MONITOR:
1369 mt7996_debugfs_rx_fw_monitor(dev, data, len);
1370 return false;
1371 default:
1372 return true;
1373 }
1374 }
1375
mt7996_queue_rx_skb(struct mt76_dev * mdev,enum mt76_rxq_id q,struct sk_buff * skb,u32 * info)1376 void mt7996_queue_rx_skb(struct mt76_dev *mdev, enum mt76_rxq_id q,
1377 struct sk_buff *skb, u32 *info)
1378 {
1379 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
1380 __le32 *rxd = (__le32 *)skb->data;
1381 __le32 *end = (__le32 *)&skb->data[skb->len];
1382 enum rx_pkt_type type;
1383
1384 type = le32_get_bits(rxd[0], MT_RXD0_PKT_TYPE);
1385 if (type != PKT_TYPE_NORMAL) {
1386 u32 sw_type = le32_get_bits(rxd[0], MT_RXD0_SW_PKT_TYPE_MASK);
1387
1388 if (unlikely((sw_type & MT_RXD0_SW_PKT_TYPE_MAP) ==
1389 MT_RXD0_SW_PKT_TYPE_FRAME))
1390 type = PKT_TYPE_NORMAL;
1391 }
1392
1393 switch (type) {
1394 case PKT_TYPE_TXRX_NOTIFY:
1395 mt7996_mac_tx_free(dev, skb->data, skb->len);
1396 napi_consume_skb(skb, 1);
1397 break;
1398 case PKT_TYPE_RX_EVENT:
1399 mt7996_mcu_rx_event(dev, skb);
1400 break;
1401 case PKT_TYPE_TXS:
1402 for (rxd += MT_TXS_HDR_SIZE; rxd + MT_TXS_SIZE <= end; rxd += MT_TXS_SIZE)
1403 mt7996_mac_add_txs(dev, rxd);
1404 dev_kfree_skb(skb);
1405 break;
1406 case PKT_TYPE_RX_FW_MONITOR:
1407 mt7996_debugfs_rx_fw_monitor(dev, skb->data, skb->len);
1408 dev_kfree_skb(skb);
1409 break;
1410 case PKT_TYPE_NORMAL:
1411 if (!mt7996_mac_fill_rx(dev, skb)) {
1412 mt76_rx(&dev->mt76, q, skb);
1413 return;
1414 }
1415 fallthrough;
1416 default:
1417 dev_kfree_skb(skb);
1418 break;
1419 }
1420 }
1421
mt7996_mac_cca_stats_reset(struct mt7996_phy * phy)1422 void mt7996_mac_cca_stats_reset(struct mt7996_phy *phy)
1423 {
1424 struct mt7996_dev *dev = phy->dev;
1425 u32 reg = MT_WF_PHYRX_BAND_RX_CTRL1(phy->mt76->band_idx);
1426
1427 mt76_clear(dev, reg, MT_WF_PHYRX_BAND_RX_CTRL1_STSCNT_EN);
1428 mt76_set(dev, reg, BIT(11) | BIT(9));
1429 }
1430
mt7996_mac_reset_counters(struct mt7996_phy * phy)1431 void mt7996_mac_reset_counters(struct mt7996_phy *phy)
1432 {
1433 struct mt7996_dev *dev = phy->dev;
1434 u8 band_idx = phy->mt76->band_idx;
1435 int i;
1436
1437 for (i = 0; i < 16; i++)
1438 mt76_rr(dev, MT_TX_AGG_CNT(band_idx, i));
1439
1440 phy->mt76->survey_time = ktime_get_boottime();
1441
1442 memset(phy->mt76->aggr_stats, 0, sizeof(phy->mt76->aggr_stats));
1443
1444 /* reset airtime counters */
1445 mt76_set(dev, MT_WF_RMAC_MIB_AIRTIME0(band_idx),
1446 MT_WF_RMAC_MIB_RXTIME_CLR);
1447
1448 mt7996_mcu_get_chan_mib_info(phy, true);
1449 }
1450
mt7996_mac_set_coverage_class(struct mt7996_phy * phy)1451 void mt7996_mac_set_coverage_class(struct mt7996_phy *phy)
1452 {
1453 s16 coverage_class = phy->coverage_class;
1454 struct mt7996_dev *dev = phy->dev;
1455 struct mt7996_phy *phy2 = mt7996_phy2(dev);
1456 struct mt7996_phy *phy3 = mt7996_phy3(dev);
1457 u32 reg_offset;
1458 u32 cck = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, 231) |
1459 FIELD_PREP(MT_TIMEOUT_VAL_CCA, 48);
1460 u32 ofdm = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, 60) |
1461 FIELD_PREP(MT_TIMEOUT_VAL_CCA, 28);
1462 u8 band_idx = phy->mt76->band_idx;
1463 int offset;
1464
1465 if (!test_bit(MT76_STATE_RUNNING, &phy->mt76->state))
1466 return;
1467
1468 if (phy2)
1469 coverage_class = max_t(s16, dev->phy.coverage_class,
1470 phy2->coverage_class);
1471
1472 if (phy3)
1473 coverage_class = max_t(s16, coverage_class,
1474 phy3->coverage_class);
1475
1476 offset = 3 * coverage_class;
1477 reg_offset = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, offset) |
1478 FIELD_PREP(MT_TIMEOUT_VAL_CCA, offset);
1479
1480 mt76_wr(dev, MT_TMAC_CDTR(band_idx), cck + reg_offset);
1481 mt76_wr(dev, MT_TMAC_ODTR(band_idx), ofdm + reg_offset);
1482 }
1483
mt7996_mac_enable_nf(struct mt7996_dev * dev,u8 band)1484 void mt7996_mac_enable_nf(struct mt7996_dev *dev, u8 band)
1485 {
1486 mt76_set(dev, MT_WF_PHYRX_CSD_BAND_RXTD12(band),
1487 MT_WF_PHYRX_CSD_BAND_RXTD12_IRPI_SW_CLR_ONLY |
1488 MT_WF_PHYRX_CSD_BAND_RXTD12_IRPI_SW_CLR);
1489
1490 mt76_set(dev, MT_WF_PHYRX_BAND_RX_CTRL1(band),
1491 FIELD_PREP(MT_WF_PHYRX_BAND_RX_CTRL1_IPI_EN, 0x5));
1492 }
1493
1494 static u8
mt7996_phy_get_nf(struct mt7996_phy * phy,u8 band_idx)1495 mt7996_phy_get_nf(struct mt7996_phy *phy, u8 band_idx)
1496 {
1497 static const u8 nf_power[] = { 92, 89, 86, 83, 80, 75, 70, 65, 60, 55, 52 };
1498 struct mt7996_dev *dev = phy->dev;
1499 u32 val, sum = 0, n = 0;
1500 int ant, i;
1501
1502 for (ant = 0; ant < hweight8(phy->mt76->antenna_mask); ant++) {
1503 u32 reg = MT_WF_PHYRX_CSD_IRPI(band_idx, ant);
1504
1505 for (i = 0; i < ARRAY_SIZE(nf_power); i++, reg += 4) {
1506 val = mt76_rr(dev, reg);
1507 sum += val * nf_power[i];
1508 n += val;
1509 }
1510 }
1511
1512 return n ? sum / n : 0;
1513 }
1514
mt7996_update_channel(struct mt76_phy * mphy)1515 void mt7996_update_channel(struct mt76_phy *mphy)
1516 {
1517 struct mt7996_phy *phy = (struct mt7996_phy *)mphy->priv;
1518 struct mt76_channel_state *state = mphy->chan_state;
1519 int nf;
1520
1521 mt7996_mcu_get_chan_mib_info(phy, false);
1522
1523 nf = mt7996_phy_get_nf(phy, mphy->band_idx);
1524 if (!phy->noise)
1525 phy->noise = nf << 4;
1526 else if (nf)
1527 phy->noise += nf - (phy->noise >> 4);
1528
1529 state->noise = -(phy->noise >> 4);
1530 }
1531
1532 static bool
mt7996_wait_reset_state(struct mt7996_dev * dev,u32 state)1533 mt7996_wait_reset_state(struct mt7996_dev *dev, u32 state)
1534 {
1535 bool ret;
1536
1537 ret = wait_event_timeout(dev->reset_wait,
1538 (READ_ONCE(dev->recovery.state) & state),
1539 MT7996_RESET_TIMEOUT);
1540
1541 WARN(!ret, "Timeout waiting for MCU reset state %x\n", state);
1542 return ret;
1543 }
1544
1545 static void
mt7996_update_vif_beacon(void * priv,u8 * mac,struct ieee80211_vif * vif)1546 mt7996_update_vif_beacon(void *priv, u8 *mac, struct ieee80211_vif *vif)
1547 {
1548 struct ieee80211_hw *hw = priv;
1549
1550 switch (vif->type) {
1551 case NL80211_IFTYPE_MESH_POINT:
1552 case NL80211_IFTYPE_ADHOC:
1553 case NL80211_IFTYPE_AP:
1554 mt7996_mcu_add_beacon(hw, vif, vif->bss_conf.enable_beacon);
1555 break;
1556 default:
1557 break;
1558 }
1559 }
1560
1561 static void
mt7996_update_beacons(struct mt7996_dev * dev)1562 mt7996_update_beacons(struct mt7996_dev *dev)
1563 {
1564 struct mt76_phy *phy2, *phy3;
1565
1566 ieee80211_iterate_active_interfaces(dev->mt76.hw,
1567 IEEE80211_IFACE_ITER_RESUME_ALL,
1568 mt7996_update_vif_beacon, dev->mt76.hw);
1569
1570 phy2 = dev->mt76.phys[MT_BAND1];
1571 if (!phy2)
1572 return;
1573
1574 ieee80211_iterate_active_interfaces(phy2->hw,
1575 IEEE80211_IFACE_ITER_RESUME_ALL,
1576 mt7996_update_vif_beacon, phy2->hw);
1577
1578 phy3 = dev->mt76.phys[MT_BAND2];
1579 if (!phy3)
1580 return;
1581
1582 ieee80211_iterate_active_interfaces(phy3->hw,
1583 IEEE80211_IFACE_ITER_RESUME_ALL,
1584 mt7996_update_vif_beacon, phy3->hw);
1585 }
1586
mt7996_tx_token_put(struct mt7996_dev * dev)1587 void mt7996_tx_token_put(struct mt7996_dev *dev)
1588 {
1589 struct mt76_txwi_cache *txwi;
1590 int id;
1591
1592 spin_lock_bh(&dev->mt76.token_lock);
1593 idr_for_each_entry(&dev->mt76.token, txwi, id) {
1594 mt7996_txwi_free(dev, txwi, NULL, NULL);
1595 dev->mt76.token_count--;
1596 }
1597 spin_unlock_bh(&dev->mt76.token_lock);
1598 idr_destroy(&dev->mt76.token);
1599 }
1600
1601 static int
mt7996_mac_restart(struct mt7996_dev * dev)1602 mt7996_mac_restart(struct mt7996_dev *dev)
1603 {
1604 struct mt7996_phy *phy2, *phy3;
1605 struct mt76_dev *mdev = &dev->mt76;
1606 int i, ret;
1607
1608 phy2 = mt7996_phy2(dev);
1609 phy3 = mt7996_phy3(dev);
1610
1611 if (dev->hif2) {
1612 mt76_wr(dev, MT_INT1_MASK_CSR, 0x0);
1613 mt76_wr(dev, MT_INT1_SOURCE_CSR, ~0);
1614 }
1615
1616 if (dev_is_pci(mdev->dev)) {
1617 mt76_wr(dev, MT_PCIE_MAC_INT_ENABLE, 0x0);
1618 if (dev->hif2)
1619 mt76_wr(dev, MT_PCIE1_MAC_INT_ENABLE, 0x0);
1620 }
1621
1622 set_bit(MT76_RESET, &dev->mphy.state);
1623 set_bit(MT76_MCU_RESET, &dev->mphy.state);
1624 wake_up(&dev->mt76.mcu.wait);
1625 if (phy2) {
1626 set_bit(MT76_RESET, &phy2->mt76->state);
1627 set_bit(MT76_MCU_RESET, &phy2->mt76->state);
1628 }
1629 if (phy3) {
1630 set_bit(MT76_RESET, &phy3->mt76->state);
1631 set_bit(MT76_MCU_RESET, &phy3->mt76->state);
1632 }
1633
1634 /* lock/unlock all queues to ensure that no tx is pending */
1635 mt76_txq_schedule_all(&dev->mphy);
1636 if (phy2)
1637 mt76_txq_schedule_all(phy2->mt76);
1638 if (phy3)
1639 mt76_txq_schedule_all(phy3->mt76);
1640
1641 /* disable all tx/rx napi */
1642 mt76_worker_disable(&dev->mt76.tx_worker);
1643 mt76_for_each_q_rx(mdev, i) {
1644 if (mdev->q_rx[i].ndesc)
1645 napi_disable(&dev->mt76.napi[i]);
1646 }
1647 napi_disable(&dev->mt76.tx_napi);
1648
1649 /* token reinit */
1650 mt7996_tx_token_put(dev);
1651 idr_init(&dev->mt76.token);
1652
1653 mt7996_dma_reset(dev, true);
1654
1655 local_bh_disable();
1656 mt76_for_each_q_rx(mdev, i) {
1657 if (mdev->q_rx[i].ndesc) {
1658 napi_enable(&dev->mt76.napi[i]);
1659 napi_schedule(&dev->mt76.napi[i]);
1660 }
1661 }
1662 local_bh_enable();
1663 clear_bit(MT76_MCU_RESET, &dev->mphy.state);
1664 clear_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
1665
1666 mt76_wr(dev, MT_INT_MASK_CSR, dev->mt76.mmio.irqmask);
1667 mt76_wr(dev, MT_INT_SOURCE_CSR, ~0);
1668 if (dev->hif2) {
1669 mt76_wr(dev, MT_INT1_MASK_CSR, dev->mt76.mmio.irqmask);
1670 mt76_wr(dev, MT_INT1_SOURCE_CSR, ~0);
1671 }
1672 if (dev_is_pci(mdev->dev)) {
1673 mt76_wr(dev, MT_PCIE_MAC_INT_ENABLE, 0xff);
1674 if (dev->hif2)
1675 mt76_wr(dev, MT_PCIE1_MAC_INT_ENABLE, 0xff);
1676 }
1677
1678 /* load firmware */
1679 ret = mt7996_mcu_init_firmware(dev);
1680 if (ret)
1681 goto out;
1682
1683 /* set the necessary init items */
1684 ret = mt7996_mcu_set_eeprom(dev);
1685 if (ret)
1686 goto out;
1687
1688 mt7996_mac_init(dev);
1689 mt7996_init_txpower(dev, &dev->mphy.sband_2g.sband);
1690 mt7996_init_txpower(dev, &dev->mphy.sband_5g.sband);
1691 mt7996_init_txpower(dev, &dev->mphy.sband_6g.sband);
1692 ret = mt7996_txbf_init(dev);
1693
1694 if (test_bit(MT76_STATE_RUNNING, &dev->mphy.state)) {
1695 ret = mt7996_run(dev->mphy.hw);
1696 if (ret)
1697 goto out;
1698 }
1699
1700 if (phy2 && test_bit(MT76_STATE_RUNNING, &phy2->mt76->state)) {
1701 ret = mt7996_run(phy2->mt76->hw);
1702 if (ret)
1703 goto out;
1704 }
1705
1706 if (phy3 && test_bit(MT76_STATE_RUNNING, &phy3->mt76->state)) {
1707 ret = mt7996_run(phy3->mt76->hw);
1708 if (ret)
1709 goto out;
1710 }
1711
1712 out:
1713 /* reset done */
1714 clear_bit(MT76_RESET, &dev->mphy.state);
1715 if (phy2)
1716 clear_bit(MT76_RESET, &phy2->mt76->state);
1717 if (phy3)
1718 clear_bit(MT76_RESET, &phy3->mt76->state);
1719
1720 local_bh_disable();
1721 napi_enable(&dev->mt76.tx_napi);
1722 napi_schedule(&dev->mt76.tx_napi);
1723 local_bh_enable();
1724
1725 mt76_worker_enable(&dev->mt76.tx_worker);
1726 return ret;
1727 }
1728
1729 static void
mt7996_mac_full_reset(struct mt7996_dev * dev)1730 mt7996_mac_full_reset(struct mt7996_dev *dev)
1731 {
1732 struct mt7996_phy *phy2, *phy3;
1733 int i;
1734
1735 phy2 = mt7996_phy2(dev);
1736 phy3 = mt7996_phy3(dev);
1737 dev->recovery.hw_full_reset = true;
1738
1739 wake_up(&dev->mt76.mcu.wait);
1740 ieee80211_stop_queues(mt76_hw(dev));
1741 if (phy2)
1742 ieee80211_stop_queues(phy2->mt76->hw);
1743 if (phy3)
1744 ieee80211_stop_queues(phy3->mt76->hw);
1745
1746 cancel_delayed_work_sync(&dev->mphy.mac_work);
1747 if (phy2)
1748 cancel_delayed_work_sync(&phy2->mt76->mac_work);
1749 if (phy3)
1750 cancel_delayed_work_sync(&phy3->mt76->mac_work);
1751
1752 mutex_lock(&dev->mt76.mutex);
1753 for (i = 0; i < 10; i++) {
1754 if (!mt7996_mac_restart(dev))
1755 break;
1756 }
1757 mutex_unlock(&dev->mt76.mutex);
1758
1759 if (i == 10)
1760 dev_err(dev->mt76.dev, "chip full reset failed\n");
1761
1762 ieee80211_restart_hw(mt76_hw(dev));
1763 if (phy2)
1764 ieee80211_restart_hw(phy2->mt76->hw);
1765 if (phy3)
1766 ieee80211_restart_hw(phy3->mt76->hw);
1767
1768 ieee80211_wake_queues(mt76_hw(dev));
1769 if (phy2)
1770 ieee80211_wake_queues(phy2->mt76->hw);
1771 if (phy3)
1772 ieee80211_wake_queues(phy3->mt76->hw);
1773
1774 dev->recovery.hw_full_reset = false;
1775 ieee80211_queue_delayed_work(mt76_hw(dev),
1776 &dev->mphy.mac_work,
1777 MT7996_WATCHDOG_TIME);
1778 if (phy2)
1779 ieee80211_queue_delayed_work(phy2->mt76->hw,
1780 &phy2->mt76->mac_work,
1781 MT7996_WATCHDOG_TIME);
1782 if (phy3)
1783 ieee80211_queue_delayed_work(phy3->mt76->hw,
1784 &phy3->mt76->mac_work,
1785 MT7996_WATCHDOG_TIME);
1786 }
1787
mt7996_mac_reset_work(struct work_struct * work)1788 void mt7996_mac_reset_work(struct work_struct *work)
1789 {
1790 struct mt7996_phy *phy2, *phy3;
1791 struct mt7996_dev *dev;
1792 int i;
1793
1794 dev = container_of(work, struct mt7996_dev, reset_work);
1795 phy2 = mt7996_phy2(dev);
1796 phy3 = mt7996_phy3(dev);
1797
1798 /* chip full reset */
1799 if (dev->recovery.restart) {
1800 /* disable WA/WM WDT */
1801 mt76_clear(dev, MT_WFDMA0_MCU_HOST_INT_ENA,
1802 MT_MCU_CMD_WDT_MASK);
1803
1804 if (READ_ONCE(dev->recovery.state) & MT_MCU_CMD_WA_WDT)
1805 dev->recovery.wa_reset_count++;
1806 else
1807 dev->recovery.wm_reset_count++;
1808
1809 mt7996_mac_full_reset(dev);
1810
1811 /* enable mcu irq */
1812 mt7996_irq_enable(dev, MT_INT_MCU_CMD);
1813 mt7996_irq_disable(dev, 0);
1814
1815 /* enable WA/WM WDT */
1816 mt76_set(dev, MT_WFDMA0_MCU_HOST_INT_ENA, MT_MCU_CMD_WDT_MASK);
1817
1818 dev->recovery.state = MT_MCU_CMD_NORMAL_STATE;
1819 dev->recovery.restart = false;
1820 return;
1821 }
1822
1823 if (!(READ_ONCE(dev->recovery.state) & MT_MCU_CMD_STOP_DMA))
1824 return;
1825
1826 dev_info(dev->mt76.dev,"\n%s L1 SER recovery start.",
1827 wiphy_name(dev->mt76.hw->wiphy));
1828 ieee80211_stop_queues(mt76_hw(dev));
1829 if (phy2)
1830 ieee80211_stop_queues(phy2->mt76->hw);
1831 if (phy3)
1832 ieee80211_stop_queues(phy3->mt76->hw);
1833
1834 set_bit(MT76_RESET, &dev->mphy.state);
1835 set_bit(MT76_MCU_RESET, &dev->mphy.state);
1836 wake_up(&dev->mt76.mcu.wait);
1837 cancel_delayed_work_sync(&dev->mphy.mac_work);
1838 if (phy2) {
1839 set_bit(MT76_RESET, &phy2->mt76->state);
1840 cancel_delayed_work_sync(&phy2->mt76->mac_work);
1841 }
1842 if (phy3) {
1843 set_bit(MT76_RESET, &phy3->mt76->state);
1844 cancel_delayed_work_sync(&phy3->mt76->mac_work);
1845 }
1846 mt76_worker_disable(&dev->mt76.tx_worker);
1847 mt76_for_each_q_rx(&dev->mt76, i)
1848 napi_disable(&dev->mt76.napi[i]);
1849 napi_disable(&dev->mt76.tx_napi);
1850
1851 mutex_lock(&dev->mt76.mutex);
1852
1853 mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_DMA_STOPPED);
1854
1855 if (mt7996_wait_reset_state(dev, MT_MCU_CMD_RESET_DONE)) {
1856 mt7996_dma_reset(dev, false);
1857
1858 mt7996_tx_token_put(dev);
1859 idr_init(&dev->mt76.token);
1860
1861 mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_DMA_INIT);
1862 mt7996_wait_reset_state(dev, MT_MCU_CMD_RECOVERY_DONE);
1863 }
1864
1865 mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_RESET_DONE);
1866 mt7996_wait_reset_state(dev, MT_MCU_CMD_NORMAL_STATE);
1867
1868 /* enable DMA Tx/Tx and interrupt */
1869 mt7996_dma_start(dev, false);
1870
1871 clear_bit(MT76_MCU_RESET, &dev->mphy.state);
1872 clear_bit(MT76_RESET, &dev->mphy.state);
1873 if (phy2)
1874 clear_bit(MT76_RESET, &phy2->mt76->state);
1875 if (phy3)
1876 clear_bit(MT76_RESET, &phy3->mt76->state);
1877
1878 local_bh_disable();
1879 mt76_for_each_q_rx(&dev->mt76, i) {
1880 napi_enable(&dev->mt76.napi[i]);
1881 napi_schedule(&dev->mt76.napi[i]);
1882 }
1883 local_bh_enable();
1884
1885 tasklet_schedule(&dev->mt76.irq_tasklet);
1886
1887 mt76_worker_enable(&dev->mt76.tx_worker);
1888
1889 local_bh_disable();
1890 napi_enable(&dev->mt76.tx_napi);
1891 napi_schedule(&dev->mt76.tx_napi);
1892 local_bh_enable();
1893
1894 ieee80211_wake_queues(mt76_hw(dev));
1895 if (phy2)
1896 ieee80211_wake_queues(phy2->mt76->hw);
1897 if (phy3)
1898 ieee80211_wake_queues(phy3->mt76->hw);
1899
1900 mutex_unlock(&dev->mt76.mutex);
1901
1902 mt7996_update_beacons(dev);
1903
1904 ieee80211_queue_delayed_work(mt76_hw(dev), &dev->mphy.mac_work,
1905 MT7996_WATCHDOG_TIME);
1906 if (phy2)
1907 ieee80211_queue_delayed_work(phy2->mt76->hw,
1908 &phy2->mt76->mac_work,
1909 MT7996_WATCHDOG_TIME);
1910 if (phy3)
1911 ieee80211_queue_delayed_work(phy3->mt76->hw,
1912 &phy3->mt76->mac_work,
1913 MT7996_WATCHDOG_TIME);
1914 dev_info(dev->mt76.dev,"\n%s L1 SER recovery completed.",
1915 wiphy_name(dev->mt76.hw->wiphy));
1916 }
1917
1918 /* firmware coredump */
mt7996_mac_dump_work(struct work_struct * work)1919 void mt7996_mac_dump_work(struct work_struct *work)
1920 {
1921 const struct mt7996_mem_region *mem_region;
1922 struct mt7996_crash_data *crash_data;
1923 struct mt7996_dev *dev;
1924 struct mt7996_mem_hdr *hdr;
1925 size_t buf_len;
1926 int i;
1927 u32 num;
1928 u8 *buf;
1929
1930 dev = container_of(work, struct mt7996_dev, dump_work);
1931
1932 mutex_lock(&dev->dump_mutex);
1933
1934 crash_data = mt7996_coredump_new(dev);
1935 if (!crash_data) {
1936 mutex_unlock(&dev->dump_mutex);
1937 goto skip_coredump;
1938 }
1939
1940 mem_region = mt7996_coredump_get_mem_layout(dev, &num);
1941 if (!mem_region || !crash_data->memdump_buf_len) {
1942 mutex_unlock(&dev->dump_mutex);
1943 goto skip_memdump;
1944 }
1945
1946 buf = crash_data->memdump_buf;
1947 buf_len = crash_data->memdump_buf_len;
1948
1949 /* dumping memory content... */
1950 memset(buf, 0, buf_len);
1951 for (i = 0; i < num; i++) {
1952 if (mem_region->len > buf_len) {
1953 dev_warn(dev->mt76.dev, "%s len %zu is too large\n",
1954 mem_region->name, mem_region->len);
1955 break;
1956 }
1957
1958 /* reserve space for the header */
1959 hdr = (void *)buf;
1960 buf += sizeof(*hdr);
1961 buf_len -= sizeof(*hdr);
1962
1963 mt7996_memcpy_fromio(dev, buf, mem_region->start,
1964 mem_region->len);
1965
1966 hdr->start = mem_region->start;
1967 hdr->len = mem_region->len;
1968
1969 if (!mem_region->len)
1970 /* note: the header remains, just with zero length */
1971 break;
1972
1973 buf += mem_region->len;
1974 buf_len -= mem_region->len;
1975
1976 mem_region++;
1977 }
1978
1979 mutex_unlock(&dev->dump_mutex);
1980
1981 skip_memdump:
1982 mt7996_coredump_submit(dev);
1983 skip_coredump:
1984 queue_work(dev->mt76.wq, &dev->reset_work);
1985 }
1986
mt7996_reset(struct mt7996_dev * dev)1987 void mt7996_reset(struct mt7996_dev *dev)
1988 {
1989 if (!dev->recovery.hw_init_done)
1990 return;
1991
1992 if (dev->recovery.hw_full_reset)
1993 return;
1994
1995 /* wm/wa exception: do full recovery */
1996 if (READ_ONCE(dev->recovery.state) & MT_MCU_CMD_WDT_MASK) {
1997 dev->recovery.restart = true;
1998 dev_info(dev->mt76.dev,
1999 "%s indicated firmware crash, attempting recovery\n",
2000 wiphy_name(dev->mt76.hw->wiphy));
2001
2002 mt7996_irq_disable(dev, MT_INT_MCU_CMD);
2003 queue_work(dev->mt76.wq, &dev->dump_work);
2004 return;
2005 }
2006
2007 queue_work(dev->mt76.wq, &dev->reset_work);
2008 wake_up(&dev->reset_wait);
2009 }
2010
mt7996_mac_update_stats(struct mt7996_phy * phy)2011 void mt7996_mac_update_stats(struct mt7996_phy *phy)
2012 {
2013 struct mt76_mib_stats *mib = &phy->mib;
2014 struct mt7996_dev *dev = phy->dev;
2015 u8 band_idx = phy->mt76->band_idx;
2016 u32 cnt;
2017 int i;
2018
2019 cnt = mt76_rr(dev, MT_MIB_RSCR1(band_idx));
2020 mib->fcs_err_cnt += cnt;
2021
2022 cnt = mt76_rr(dev, MT_MIB_RSCR33(band_idx));
2023 mib->rx_fifo_full_cnt += cnt;
2024
2025 cnt = mt76_rr(dev, MT_MIB_RSCR31(band_idx));
2026 mib->rx_mpdu_cnt += cnt;
2027
2028 cnt = mt76_rr(dev, MT_MIB_SDR6(band_idx));
2029 mib->channel_idle_cnt += FIELD_GET(MT_MIB_SDR6_CHANNEL_IDL_CNT_MASK, cnt);
2030
2031 cnt = mt76_rr(dev, MT_MIB_RVSR0(band_idx));
2032 mib->rx_vector_mismatch_cnt += cnt;
2033
2034 cnt = mt76_rr(dev, MT_MIB_RSCR35(band_idx));
2035 mib->rx_delimiter_fail_cnt += cnt;
2036
2037 cnt = mt76_rr(dev, MT_MIB_RSCR36(band_idx));
2038 mib->rx_len_mismatch_cnt += cnt;
2039
2040 cnt = mt76_rr(dev, MT_MIB_TSCR0(band_idx));
2041 mib->tx_ampdu_cnt += cnt;
2042
2043 cnt = mt76_rr(dev, MT_MIB_TSCR2(band_idx));
2044 mib->tx_stop_q_empty_cnt += cnt;
2045
2046 cnt = mt76_rr(dev, MT_MIB_TSCR3(band_idx));
2047 mib->tx_mpdu_attempts_cnt += cnt;
2048
2049 cnt = mt76_rr(dev, MT_MIB_TSCR4(band_idx));
2050 mib->tx_mpdu_success_cnt += cnt;
2051
2052 cnt = mt76_rr(dev, MT_MIB_RSCR27(band_idx));
2053 mib->rx_ampdu_cnt += cnt;
2054
2055 cnt = mt76_rr(dev, MT_MIB_RSCR28(band_idx));
2056 mib->rx_ampdu_bytes_cnt += cnt;
2057
2058 cnt = mt76_rr(dev, MT_MIB_RSCR29(band_idx));
2059 mib->rx_ampdu_valid_subframe_cnt += cnt;
2060
2061 cnt = mt76_rr(dev, MT_MIB_RSCR30(band_idx));
2062 mib->rx_ampdu_valid_subframe_bytes_cnt += cnt;
2063
2064 cnt = mt76_rr(dev, MT_MIB_SDR27(band_idx));
2065 mib->tx_rwp_fail_cnt += FIELD_GET(MT_MIB_SDR27_TX_RWP_FAIL_CNT, cnt);
2066
2067 cnt = mt76_rr(dev, MT_MIB_SDR28(band_idx));
2068 mib->tx_rwp_need_cnt += FIELD_GET(MT_MIB_SDR28_TX_RWP_NEED_CNT, cnt);
2069
2070 cnt = mt76_rr(dev, MT_UMIB_RPDCR(band_idx));
2071 mib->rx_pfdrop_cnt += cnt;
2072
2073 cnt = mt76_rr(dev, MT_MIB_RVSR1(band_idx));
2074 mib->rx_vec_queue_overflow_drop_cnt += cnt;
2075
2076 cnt = mt76_rr(dev, MT_MIB_TSCR1(band_idx));
2077 mib->rx_ba_cnt += cnt;
2078
2079 cnt = mt76_rr(dev, MT_MIB_BSCR0(band_idx));
2080 mib->tx_bf_ebf_ppdu_cnt += cnt;
2081
2082 cnt = mt76_rr(dev, MT_MIB_BSCR1(band_idx));
2083 mib->tx_bf_ibf_ppdu_cnt += cnt;
2084
2085 cnt = mt76_rr(dev, MT_MIB_BSCR2(band_idx));
2086 mib->tx_mu_bf_cnt += cnt;
2087
2088 cnt = mt76_rr(dev, MT_MIB_TSCR5(band_idx));
2089 mib->tx_mu_mpdu_cnt += cnt;
2090
2091 cnt = mt76_rr(dev, MT_MIB_TSCR6(band_idx));
2092 mib->tx_mu_acked_mpdu_cnt += cnt;
2093
2094 cnt = mt76_rr(dev, MT_MIB_TSCR7(band_idx));
2095 mib->tx_su_acked_mpdu_cnt += cnt;
2096
2097 cnt = mt76_rr(dev, MT_MIB_BSCR3(band_idx));
2098 mib->tx_bf_rx_fb_ht_cnt += cnt;
2099 mib->tx_bf_rx_fb_all_cnt += cnt;
2100
2101 cnt = mt76_rr(dev, MT_MIB_BSCR4(band_idx));
2102 mib->tx_bf_rx_fb_vht_cnt += cnt;
2103 mib->tx_bf_rx_fb_all_cnt += cnt;
2104
2105 cnt = mt76_rr(dev, MT_MIB_BSCR5(band_idx));
2106 mib->tx_bf_rx_fb_he_cnt += cnt;
2107 mib->tx_bf_rx_fb_all_cnt += cnt;
2108
2109 cnt = mt76_rr(dev, MT_MIB_BSCR6(band_idx));
2110 mib->tx_bf_rx_fb_eht_cnt += cnt;
2111 mib->tx_bf_rx_fb_all_cnt += cnt;
2112
2113 cnt = mt76_rr(dev, MT_ETBF_RX_FB_CONT(band_idx));
2114 mib->tx_bf_rx_fb_bw = FIELD_GET(MT_ETBF_RX_FB_BW, cnt);
2115 mib->tx_bf_rx_fb_nc_cnt += FIELD_GET(MT_ETBF_RX_FB_NC, cnt);
2116 mib->tx_bf_rx_fb_nr_cnt += FIELD_GET(MT_ETBF_RX_FB_NR, cnt);
2117
2118 cnt = mt76_rr(dev, MT_MIB_BSCR7(band_idx));
2119 mib->tx_bf_fb_trig_cnt += cnt;
2120
2121 cnt = mt76_rr(dev, MT_MIB_BSCR17(band_idx));
2122 mib->tx_bf_fb_cpl_cnt += cnt;
2123
2124 for (i = 0; i < ARRAY_SIZE(mib->tx_amsdu); i++) {
2125 cnt = mt76_rr(dev, MT_PLE_AMSDU_PACK_MSDU_CNT(i));
2126 mib->tx_amsdu[i] += cnt;
2127 mib->tx_amsdu_cnt += cnt;
2128 }
2129
2130 /* rts count */
2131 cnt = mt76_rr(dev, MT_MIB_BTSCR5(band_idx));
2132 mib->rts_cnt += cnt;
2133
2134 /* rts retry count */
2135 cnt = mt76_rr(dev, MT_MIB_BTSCR6(band_idx));
2136 mib->rts_retries_cnt += cnt;
2137
2138 /* ba miss count */
2139 cnt = mt76_rr(dev, MT_MIB_BTSCR0(band_idx));
2140 mib->ba_miss_cnt += cnt;
2141
2142 /* ack fail count */
2143 cnt = mt76_rr(dev, MT_MIB_BFTFCR(band_idx));
2144 mib->ack_fail_cnt += cnt;
2145
2146 for (i = 0; i < 16; i++) {
2147 cnt = mt76_rr(dev, MT_TX_AGG_CNT(band_idx, i));
2148 phy->mt76->aggr_stats[i] += cnt;
2149 }
2150 }
2151
mt7996_mac_sta_rc_work(struct work_struct * work)2152 void mt7996_mac_sta_rc_work(struct work_struct *work)
2153 {
2154 struct mt7996_dev *dev = container_of(work, struct mt7996_dev, rc_work);
2155 struct ieee80211_sta *sta;
2156 struct ieee80211_vif *vif;
2157 struct mt7996_sta *msta;
2158 u32 changed;
2159 LIST_HEAD(list);
2160
2161 spin_lock_bh(&dev->mt76.sta_poll_lock);
2162 list_splice_init(&dev->sta_rc_list, &list);
2163
2164 while (!list_empty(&list)) {
2165 msta = list_first_entry(&list, struct mt7996_sta, rc_list);
2166 list_del_init(&msta->rc_list);
2167 changed = msta->changed;
2168 msta->changed = 0;
2169 spin_unlock_bh(&dev->mt76.sta_poll_lock);
2170
2171 sta = container_of((void *)msta, struct ieee80211_sta, drv_priv);
2172 vif = container_of((void *)msta->vif, struct ieee80211_vif, drv_priv);
2173
2174 if (changed & (IEEE80211_RC_SUPP_RATES_CHANGED |
2175 IEEE80211_RC_NSS_CHANGED |
2176 IEEE80211_RC_BW_CHANGED))
2177 mt7996_mcu_add_rate_ctrl(dev, vif, sta, true);
2178
2179 /* TODO: smps change */
2180
2181 spin_lock_bh(&dev->mt76.sta_poll_lock);
2182 }
2183
2184 spin_unlock_bh(&dev->mt76.sta_poll_lock);
2185 }
2186
mt7996_mac_work(struct work_struct * work)2187 void mt7996_mac_work(struct work_struct *work)
2188 {
2189 struct mt7996_phy *phy;
2190 struct mt76_phy *mphy;
2191
2192 mphy = (struct mt76_phy *)container_of(work, struct mt76_phy,
2193 mac_work.work);
2194 phy = mphy->priv;
2195
2196 mutex_lock(&mphy->dev->mutex);
2197
2198 mt76_update_survey(mphy);
2199 if (++mphy->mac_work_count == 5) {
2200 mphy->mac_work_count = 0;
2201
2202 mt7996_mac_update_stats(phy);
2203 }
2204
2205 mutex_unlock(&mphy->dev->mutex);
2206
2207 mt76_tx_status_check(mphy->dev, false);
2208
2209 ieee80211_queue_delayed_work(mphy->hw, &mphy->mac_work,
2210 MT7996_WATCHDOG_TIME);
2211 }
2212
mt7996_dfs_stop_radar_detector(struct mt7996_phy * phy)2213 static void mt7996_dfs_stop_radar_detector(struct mt7996_phy *phy)
2214 {
2215 struct mt7996_dev *dev = phy->dev;
2216
2217 if (phy->rdd_state & BIT(0))
2218 mt7996_mcu_rdd_cmd(dev, RDD_STOP, 0,
2219 MT_RX_SEL0, 0);
2220 if (phy->rdd_state & BIT(1))
2221 mt7996_mcu_rdd_cmd(dev, RDD_STOP, 1,
2222 MT_RX_SEL0, 0);
2223 }
2224
mt7996_dfs_start_rdd(struct mt7996_dev * dev,int chain)2225 static int mt7996_dfs_start_rdd(struct mt7996_dev *dev, int chain)
2226 {
2227 int err, region;
2228
2229 switch (dev->mt76.region) {
2230 case NL80211_DFS_ETSI:
2231 region = 0;
2232 break;
2233 case NL80211_DFS_JP:
2234 region = 2;
2235 break;
2236 case NL80211_DFS_FCC:
2237 default:
2238 region = 1;
2239 break;
2240 }
2241
2242 err = mt7996_mcu_rdd_cmd(dev, RDD_START, chain,
2243 MT_RX_SEL0, region);
2244 if (err < 0)
2245 return err;
2246
2247 return mt7996_mcu_rdd_cmd(dev, RDD_DET_MODE, chain,
2248 MT_RX_SEL0, 1);
2249 }
2250
mt7996_dfs_start_radar_detector(struct mt7996_phy * phy)2251 static int mt7996_dfs_start_radar_detector(struct mt7996_phy *phy)
2252 {
2253 struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2254 struct mt7996_dev *dev = phy->dev;
2255 u8 band_idx = phy->mt76->band_idx;
2256 int err;
2257
2258 /* start CAC */
2259 err = mt7996_mcu_rdd_cmd(dev, RDD_CAC_START, band_idx,
2260 MT_RX_SEL0, 0);
2261 if (err < 0)
2262 return err;
2263
2264 err = mt7996_dfs_start_rdd(dev, band_idx);
2265 if (err < 0)
2266 return err;
2267
2268 phy->rdd_state |= BIT(band_idx);
2269
2270 if (chandef->width == NL80211_CHAN_WIDTH_160 ||
2271 chandef->width == NL80211_CHAN_WIDTH_80P80) {
2272 err = mt7996_dfs_start_rdd(dev, 1);
2273 if (err < 0)
2274 return err;
2275
2276 phy->rdd_state |= BIT(1);
2277 }
2278
2279 return 0;
2280 }
2281
2282 static int
mt7996_dfs_init_radar_specs(struct mt7996_phy * phy)2283 mt7996_dfs_init_radar_specs(struct mt7996_phy *phy)
2284 {
2285 const struct mt7996_dfs_radar_spec *radar_specs;
2286 struct mt7996_dev *dev = phy->dev;
2287 int err, i;
2288
2289 switch (dev->mt76.region) {
2290 case NL80211_DFS_FCC:
2291 radar_specs = &fcc_radar_specs;
2292 err = mt7996_mcu_set_fcc5_lpn(dev, 8);
2293 if (err < 0)
2294 return err;
2295 break;
2296 case NL80211_DFS_ETSI:
2297 radar_specs = &etsi_radar_specs;
2298 break;
2299 case NL80211_DFS_JP:
2300 radar_specs = &jp_radar_specs;
2301 break;
2302 default:
2303 return -EINVAL;
2304 }
2305
2306 for (i = 0; i < ARRAY_SIZE(radar_specs->radar_pattern); i++) {
2307 err = mt7996_mcu_set_radar_th(dev, i,
2308 &radar_specs->radar_pattern[i]);
2309 if (err < 0)
2310 return err;
2311 }
2312
2313 return mt7996_mcu_set_pulse_th(dev, &radar_specs->pulse_th);
2314 }
2315
mt7996_dfs_init_radar_detector(struct mt7996_phy * phy)2316 int mt7996_dfs_init_radar_detector(struct mt7996_phy *phy)
2317 {
2318 struct mt7996_dev *dev = phy->dev;
2319 enum mt76_dfs_state dfs_state, prev_state;
2320 int err;
2321
2322 prev_state = phy->mt76->dfs_state;
2323 dfs_state = mt76_phy_dfs_state(phy->mt76);
2324
2325 if (prev_state == dfs_state)
2326 return 0;
2327
2328 if (prev_state == MT_DFS_STATE_UNKNOWN)
2329 mt7996_dfs_stop_radar_detector(phy);
2330
2331 if (dfs_state == MT_DFS_STATE_DISABLED)
2332 goto stop;
2333
2334 if (prev_state <= MT_DFS_STATE_DISABLED) {
2335 err = mt7996_dfs_init_radar_specs(phy);
2336 if (err < 0)
2337 return err;
2338
2339 err = mt7996_dfs_start_radar_detector(phy);
2340 if (err < 0)
2341 return err;
2342
2343 phy->mt76->dfs_state = MT_DFS_STATE_CAC;
2344 }
2345
2346 if (dfs_state == MT_DFS_STATE_CAC)
2347 return 0;
2348
2349 err = mt7996_mcu_rdd_cmd(dev, RDD_CAC_END,
2350 phy->mt76->band_idx, MT_RX_SEL0, 0);
2351 if (err < 0) {
2352 phy->mt76->dfs_state = MT_DFS_STATE_UNKNOWN;
2353 return err;
2354 }
2355
2356 phy->mt76->dfs_state = MT_DFS_STATE_ACTIVE;
2357 return 0;
2358
2359 stop:
2360 err = mt7996_mcu_rdd_cmd(dev, RDD_NORMAL_START,
2361 phy->mt76->band_idx, MT_RX_SEL0, 0);
2362 if (err < 0)
2363 return err;
2364
2365 mt7996_dfs_stop_radar_detector(phy);
2366 phy->mt76->dfs_state = MT_DFS_STATE_DISABLED;
2367
2368 return 0;
2369 }
2370
2371 static int
mt7996_mac_twt_duration_align(int duration)2372 mt7996_mac_twt_duration_align(int duration)
2373 {
2374 return duration << 8;
2375 }
2376
2377 static u64
mt7996_mac_twt_sched_list_add(struct mt7996_dev * dev,struct mt7996_twt_flow * flow)2378 mt7996_mac_twt_sched_list_add(struct mt7996_dev *dev,
2379 struct mt7996_twt_flow *flow)
2380 {
2381 struct mt7996_twt_flow *iter, *iter_next;
2382 u32 duration = flow->duration << 8;
2383 u64 start_tsf;
2384
2385 iter = list_first_entry_or_null(&dev->twt_list,
2386 struct mt7996_twt_flow, list);
2387 if (!iter || !iter->sched || iter->start_tsf > duration) {
2388 /* add flow as first entry in the list */
2389 list_add(&flow->list, &dev->twt_list);
2390 return 0;
2391 }
2392
2393 list_for_each_entry_safe(iter, iter_next, &dev->twt_list, list) {
2394 start_tsf = iter->start_tsf +
2395 mt7996_mac_twt_duration_align(iter->duration);
2396 if (list_is_last(&iter->list, &dev->twt_list))
2397 break;
2398
2399 if (!iter_next->sched ||
2400 iter_next->start_tsf > start_tsf + duration) {
2401 list_add(&flow->list, &iter->list);
2402 goto out;
2403 }
2404 }
2405
2406 /* add flow as last entry in the list */
2407 list_add_tail(&flow->list, &dev->twt_list);
2408 out:
2409 return start_tsf;
2410 }
2411
mt7996_mac_check_twt_req(struct ieee80211_twt_setup * twt)2412 static int mt7996_mac_check_twt_req(struct ieee80211_twt_setup *twt)
2413 {
2414 struct ieee80211_twt_params *twt_agrt;
2415 u64 interval, duration;
2416 u16 mantissa;
2417 u8 exp;
2418
2419 /* only individual agreement supported */
2420 if (twt->control & IEEE80211_TWT_CONTROL_NEG_TYPE_BROADCAST)
2421 return -EOPNOTSUPP;
2422
2423 /* only 256us unit supported */
2424 if (twt->control & IEEE80211_TWT_CONTROL_WAKE_DUR_UNIT)
2425 return -EOPNOTSUPP;
2426
2427 twt_agrt = (struct ieee80211_twt_params *)twt->params;
2428
2429 /* explicit agreement not supported */
2430 if (!(twt_agrt->req_type & cpu_to_le16(IEEE80211_TWT_REQTYPE_IMPLICIT)))
2431 return -EOPNOTSUPP;
2432
2433 exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP,
2434 le16_to_cpu(twt_agrt->req_type));
2435 mantissa = le16_to_cpu(twt_agrt->mantissa);
2436 duration = twt_agrt->min_twt_dur << 8;
2437
2438 interval = (u64)mantissa << exp;
2439 if (interval < duration)
2440 return -EOPNOTSUPP;
2441
2442 return 0;
2443 }
2444
2445 static bool
mt7996_mac_twt_param_equal(struct mt7996_sta * msta,struct ieee80211_twt_params * twt_agrt)2446 mt7996_mac_twt_param_equal(struct mt7996_sta *msta,
2447 struct ieee80211_twt_params *twt_agrt)
2448 {
2449 u16 type = le16_to_cpu(twt_agrt->req_type);
2450 u8 exp;
2451 int i;
2452
2453 exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP, type);
2454 for (i = 0; i < MT7996_MAX_STA_TWT_AGRT; i++) {
2455 struct mt7996_twt_flow *f;
2456
2457 if (!(msta->twt.flowid_mask & BIT(i)))
2458 continue;
2459
2460 f = &msta->twt.flow[i];
2461 if (f->duration == twt_agrt->min_twt_dur &&
2462 f->mantissa == twt_agrt->mantissa &&
2463 f->exp == exp &&
2464 f->protection == !!(type & IEEE80211_TWT_REQTYPE_PROTECTION) &&
2465 f->flowtype == !!(type & IEEE80211_TWT_REQTYPE_FLOWTYPE) &&
2466 f->trigger == !!(type & IEEE80211_TWT_REQTYPE_TRIGGER))
2467 return true;
2468 }
2469
2470 return false;
2471 }
2472
mt7996_mac_add_twt_setup(struct ieee80211_hw * hw,struct ieee80211_sta * sta,struct ieee80211_twt_setup * twt)2473 void mt7996_mac_add_twt_setup(struct ieee80211_hw *hw,
2474 struct ieee80211_sta *sta,
2475 struct ieee80211_twt_setup *twt)
2476 {
2477 enum ieee80211_twt_setup_cmd setup_cmd = TWT_SETUP_CMD_REJECT;
2478 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
2479 struct ieee80211_twt_params *twt_agrt = (void *)twt->params;
2480 u16 req_type = le16_to_cpu(twt_agrt->req_type);
2481 enum ieee80211_twt_setup_cmd sta_setup_cmd;
2482 struct mt7996_dev *dev = mt7996_hw_dev(hw);
2483 struct mt7996_twt_flow *flow;
2484 u8 flowid, table_id, exp;
2485
2486 if (mt7996_mac_check_twt_req(twt))
2487 goto out;
2488
2489 mutex_lock(&dev->mt76.mutex);
2490
2491 if (dev->twt.n_agrt == MT7996_MAX_TWT_AGRT)
2492 goto unlock;
2493
2494 if (hweight8(msta->twt.flowid_mask) == ARRAY_SIZE(msta->twt.flow))
2495 goto unlock;
2496
2497 if (twt_agrt->min_twt_dur < MT7996_MIN_TWT_DUR) {
2498 setup_cmd = TWT_SETUP_CMD_DICTATE;
2499 twt_agrt->min_twt_dur = MT7996_MIN_TWT_DUR;
2500 goto unlock;
2501 }
2502
2503 if (mt7996_mac_twt_param_equal(msta, twt_agrt))
2504 goto unlock;
2505
2506 flowid = ffs(~msta->twt.flowid_mask) - 1;
2507 twt_agrt->req_type &= ~cpu_to_le16(IEEE80211_TWT_REQTYPE_FLOWID);
2508 twt_agrt->req_type |= le16_encode_bits(flowid,
2509 IEEE80211_TWT_REQTYPE_FLOWID);
2510
2511 table_id = ffs(~dev->twt.table_mask) - 1;
2512 exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP, req_type);
2513 sta_setup_cmd = FIELD_GET(IEEE80211_TWT_REQTYPE_SETUP_CMD, req_type);
2514
2515 flow = &msta->twt.flow[flowid];
2516 memset(flow, 0, sizeof(*flow));
2517 INIT_LIST_HEAD(&flow->list);
2518 flow->wcid = msta->wcid.idx;
2519 flow->table_id = table_id;
2520 flow->id = flowid;
2521 flow->duration = twt_agrt->min_twt_dur;
2522 flow->mantissa = twt_agrt->mantissa;
2523 flow->exp = exp;
2524 flow->protection = !!(req_type & IEEE80211_TWT_REQTYPE_PROTECTION);
2525 flow->flowtype = !!(req_type & IEEE80211_TWT_REQTYPE_FLOWTYPE);
2526 flow->trigger = !!(req_type & IEEE80211_TWT_REQTYPE_TRIGGER);
2527
2528 if (sta_setup_cmd == TWT_SETUP_CMD_REQUEST ||
2529 sta_setup_cmd == TWT_SETUP_CMD_SUGGEST) {
2530 u64 interval = (u64)le16_to_cpu(twt_agrt->mantissa) << exp;
2531 u64 flow_tsf, curr_tsf;
2532 u32 rem;
2533
2534 flow->sched = true;
2535 flow->start_tsf = mt7996_mac_twt_sched_list_add(dev, flow);
2536 curr_tsf = __mt7996_get_tsf(hw, msta->vif);
2537 div_u64_rem(curr_tsf - flow->start_tsf, interval, &rem);
2538 flow_tsf = curr_tsf + interval - rem;
2539 twt_agrt->twt = cpu_to_le64(flow_tsf);
2540 } else {
2541 list_add_tail(&flow->list, &dev->twt_list);
2542 }
2543 flow->tsf = le64_to_cpu(twt_agrt->twt);
2544
2545 if (mt7996_mcu_twt_agrt_update(dev, msta->vif, flow, MCU_TWT_AGRT_ADD))
2546 goto unlock;
2547
2548 setup_cmd = TWT_SETUP_CMD_ACCEPT;
2549 dev->twt.table_mask |= BIT(table_id);
2550 msta->twt.flowid_mask |= BIT(flowid);
2551 dev->twt.n_agrt++;
2552
2553 unlock:
2554 mutex_unlock(&dev->mt76.mutex);
2555 out:
2556 twt_agrt->req_type &= ~cpu_to_le16(IEEE80211_TWT_REQTYPE_SETUP_CMD);
2557 twt_agrt->req_type |=
2558 le16_encode_bits(setup_cmd, IEEE80211_TWT_REQTYPE_SETUP_CMD);
2559 twt->control = twt->control & IEEE80211_TWT_CONTROL_RX_DISABLED;
2560 }
2561
mt7996_mac_twt_teardown_flow(struct mt7996_dev * dev,struct mt7996_sta * msta,u8 flowid)2562 void mt7996_mac_twt_teardown_flow(struct mt7996_dev *dev,
2563 struct mt7996_sta *msta,
2564 u8 flowid)
2565 {
2566 struct mt7996_twt_flow *flow;
2567
2568 lockdep_assert_held(&dev->mt76.mutex);
2569
2570 if (flowid >= ARRAY_SIZE(msta->twt.flow))
2571 return;
2572
2573 if (!(msta->twt.flowid_mask & BIT(flowid)))
2574 return;
2575
2576 flow = &msta->twt.flow[flowid];
2577 if (mt7996_mcu_twt_agrt_update(dev, msta->vif, flow,
2578 MCU_TWT_AGRT_DELETE))
2579 return;
2580
2581 list_del_init(&flow->list);
2582 msta->twt.flowid_mask &= ~BIT(flowid);
2583 dev->twt.table_mask &= ~BIT(flow->table_id);
2584 dev->twt.n_agrt--;
2585 }
2586