xref: /openbmc/linux/drivers/net/wireless/ath/ath10k/mac.c (revision 18da174d)
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  */
7 
8 #include "mac.h"
9 
10 #include <net/cfg80211.h>
11 #include <net/mac80211.h>
12 #include <linux/etherdevice.h>
13 #include <linux/acpi.h>
14 #include <linux/of.h>
15 #include <linux/bitfield.h>
16 
17 #include "hif.h"
18 #include "core.h"
19 #include "debug.h"
20 #include "wmi.h"
21 #include "htt.h"
22 #include "txrx.h"
23 #include "testmode.h"
24 #include "wmi-tlv.h"
25 #include "wmi-ops.h"
26 #include "wow.h"
27 
28 /*********/
29 /* Rates */
30 /*********/
31 
32 static struct ieee80211_rate ath10k_rates[] = {
33 	{ .bitrate = 10,
34 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
35 	{ .bitrate = 20,
36 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
37 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
38 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
39 	{ .bitrate = 55,
40 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
41 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
42 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
43 	{ .bitrate = 110,
44 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
45 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
46 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
47 
48 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
49 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
50 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
51 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
52 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
53 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
54 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
55 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
56 };
57 
58 static struct ieee80211_rate ath10k_rates_rev2[] = {
59 	{ .bitrate = 10,
60 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
61 	{ .bitrate = 20,
62 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
63 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
64 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
65 	{ .bitrate = 55,
66 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
67 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
68 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
69 	{ .bitrate = 110,
70 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
71 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
72 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
73 
74 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
75 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
76 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
77 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
78 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
79 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
80 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
81 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
82 };
83 
84 static const struct cfg80211_sar_freq_ranges ath10k_sar_freq_ranges[] = {
85 	{.start_freq = 2402, .end_freq = 2494 },
86 	{.start_freq = 5170, .end_freq = 5875 },
87 };
88 
89 static const struct cfg80211_sar_capa ath10k_sar_capa = {
90 	.type = NL80211_SAR_TYPE_POWER,
91 	.num_freq_ranges = (ARRAY_SIZE(ath10k_sar_freq_ranges)),
92 	.freq_ranges = &ath10k_sar_freq_ranges[0],
93 };
94 
95 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
96 
97 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
98 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
99 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
100 #define ath10k_g_rates (ath10k_rates + 0)
101 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
102 
103 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
104 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
105 
106 #define ath10k_wmi_legacy_rates ath10k_rates
107 
108 static bool ath10k_mac_bitrate_is_cck(int bitrate)
109 {
110 	switch (bitrate) {
111 	case 10:
112 	case 20:
113 	case 55:
114 	case 110:
115 		return true;
116 	}
117 
118 	return false;
119 }
120 
121 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
122 {
123 	return DIV_ROUND_UP(bitrate, 5) |
124 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
125 }
126 
127 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
128 			     u8 hw_rate, bool cck)
129 {
130 	const struct ieee80211_rate *rate;
131 	int i;
132 
133 	for (i = 0; i < sband->n_bitrates; i++) {
134 		rate = &sband->bitrates[i];
135 
136 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
137 			continue;
138 
139 		if (rate->hw_value == hw_rate)
140 			return i;
141 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
142 			 rate->hw_value_short == hw_rate)
143 			return i;
144 	}
145 
146 	return 0;
147 }
148 
149 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
150 			     u32 bitrate)
151 {
152 	int i;
153 
154 	for (i = 0; i < sband->n_bitrates; i++)
155 		if (sband->bitrates[i].bitrate == bitrate)
156 			return i;
157 
158 	return 0;
159 }
160 
161 static int ath10k_mac_get_rate_hw_value(int bitrate)
162 {
163 	int i;
164 	u8 hw_value_prefix = 0;
165 
166 	if (ath10k_mac_bitrate_is_cck(bitrate))
167 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
168 
169 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
170 		if (ath10k_rates[i].bitrate == bitrate)
171 			return hw_value_prefix | ath10k_rates[i].hw_value;
172 	}
173 
174 	return -EINVAL;
175 }
176 
177 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
178 {
179 	switch ((mcs_map >> (2 * nss)) & 0x3) {
180 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
181 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
182 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
183 	}
184 	return 0;
185 }
186 
187 static u32
188 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
189 {
190 	int nss;
191 
192 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
193 		if (ht_mcs_mask[nss])
194 			return nss + 1;
195 
196 	return 1;
197 }
198 
199 static u32
200 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
201 {
202 	int nss;
203 
204 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
205 		if (vht_mcs_mask[nss])
206 			return nss + 1;
207 
208 	return 1;
209 }
210 
211 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
212 {
213 	enum wmi_host_platform_type platform_type;
214 	int ret;
215 
216 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
217 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
218 	else
219 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
220 
221 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
222 
223 	if (ret && ret != -EOPNOTSUPP) {
224 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
225 		return ret;
226 	}
227 
228 	return 0;
229 }
230 
231 /**********/
232 /* Crypto */
233 /**********/
234 
235 static int ath10k_send_key(struct ath10k_vif *arvif,
236 			   struct ieee80211_key_conf *key,
237 			   enum set_key_cmd cmd,
238 			   const u8 *macaddr, u32 flags)
239 {
240 	struct ath10k *ar = arvif->ar;
241 	struct wmi_vdev_install_key_arg arg = {
242 		.vdev_id = arvif->vdev_id,
243 		.key_idx = key->keyidx,
244 		.key_len = key->keylen,
245 		.key_data = key->key,
246 		.key_flags = flags,
247 		.macaddr = macaddr,
248 	};
249 
250 	lockdep_assert_held(&arvif->ar->conf_mutex);
251 
252 	switch (key->cipher) {
253 	case WLAN_CIPHER_SUITE_CCMP:
254 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
255 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
256 		break;
257 	case WLAN_CIPHER_SUITE_TKIP:
258 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
259 		arg.key_txmic_len = 8;
260 		arg.key_rxmic_len = 8;
261 		break;
262 	case WLAN_CIPHER_SUITE_WEP40:
263 	case WLAN_CIPHER_SUITE_WEP104:
264 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
265 		break;
266 	case WLAN_CIPHER_SUITE_CCMP_256:
267 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
268 		break;
269 	case WLAN_CIPHER_SUITE_GCMP:
270 	case WLAN_CIPHER_SUITE_GCMP_256:
271 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
272 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
273 		break;
274 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
275 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
276 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
277 	case WLAN_CIPHER_SUITE_AES_CMAC:
278 		WARN_ON(1);
279 		return -EINVAL;
280 	default:
281 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
282 		return -EOPNOTSUPP;
283 	}
284 
285 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
286 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
287 
288 	if (cmd == DISABLE_KEY) {
289 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
290 		arg.key_data = NULL;
291 	}
292 
293 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
294 }
295 
296 static int ath10k_install_key(struct ath10k_vif *arvif,
297 			      struct ieee80211_key_conf *key,
298 			      enum set_key_cmd cmd,
299 			      const u8 *macaddr, u32 flags)
300 {
301 	struct ath10k *ar = arvif->ar;
302 	int ret;
303 	unsigned long time_left;
304 
305 	lockdep_assert_held(&ar->conf_mutex);
306 
307 	reinit_completion(&ar->install_key_done);
308 
309 	if (arvif->nohwcrypt)
310 		return 1;
311 
312 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
313 	if (ret)
314 		return ret;
315 
316 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
317 	if (time_left == 0)
318 		return -ETIMEDOUT;
319 
320 	return 0;
321 }
322 
323 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
324 					const u8 *addr)
325 {
326 	struct ath10k *ar = arvif->ar;
327 	struct ath10k_peer *peer;
328 	int ret;
329 	int i;
330 	u32 flags;
331 
332 	lockdep_assert_held(&ar->conf_mutex);
333 
334 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
335 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
336 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
337 		return -EINVAL;
338 
339 	spin_lock_bh(&ar->data_lock);
340 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
341 	spin_unlock_bh(&ar->data_lock);
342 
343 	if (!peer)
344 		return -ENOENT;
345 
346 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
347 		if (arvif->wep_keys[i] == NULL)
348 			continue;
349 
350 		switch (arvif->vif->type) {
351 		case NL80211_IFTYPE_AP:
352 			flags = WMI_KEY_PAIRWISE;
353 
354 			if (arvif->def_wep_key_idx == i)
355 				flags |= WMI_KEY_TX_USAGE;
356 
357 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
358 						 SET_KEY, addr, flags);
359 			if (ret < 0)
360 				return ret;
361 			break;
362 		case NL80211_IFTYPE_ADHOC:
363 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
364 						 SET_KEY, addr,
365 						 WMI_KEY_PAIRWISE);
366 			if (ret < 0)
367 				return ret;
368 
369 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
370 						 SET_KEY, addr, WMI_KEY_GROUP);
371 			if (ret < 0)
372 				return ret;
373 			break;
374 		default:
375 			WARN_ON(1);
376 			return -EINVAL;
377 		}
378 
379 		spin_lock_bh(&ar->data_lock);
380 		peer->keys[i] = arvif->wep_keys[i];
381 		spin_unlock_bh(&ar->data_lock);
382 	}
383 
384 	/* In some cases (notably with static WEP IBSS with multiple keys)
385 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
386 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
387 	 * didn't seem help. Using def_keyid vdev parameter seems to be
388 	 * effective so use that.
389 	 *
390 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
391 	 */
392 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
393 		return 0;
394 
395 	if (arvif->def_wep_key_idx == -1)
396 		return 0;
397 
398 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
399 					arvif->vdev_id,
400 					arvif->ar->wmi.vdev_param->def_keyid,
401 					arvif->def_wep_key_idx);
402 	if (ret) {
403 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
404 			    arvif->vdev_id, ret);
405 		return ret;
406 	}
407 
408 	return 0;
409 }
410 
411 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
412 				  const u8 *addr)
413 {
414 	struct ath10k *ar = arvif->ar;
415 	struct ath10k_peer *peer;
416 	int first_errno = 0;
417 	int ret;
418 	int i;
419 	u32 flags = 0;
420 
421 	lockdep_assert_held(&ar->conf_mutex);
422 
423 	spin_lock_bh(&ar->data_lock);
424 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
425 	spin_unlock_bh(&ar->data_lock);
426 
427 	if (!peer)
428 		return -ENOENT;
429 
430 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
431 		if (peer->keys[i] == NULL)
432 			continue;
433 
434 		/* key flags are not required to delete the key */
435 		ret = ath10k_install_key(arvif, peer->keys[i],
436 					 DISABLE_KEY, addr, flags);
437 		if (ret < 0 && first_errno == 0)
438 			first_errno = ret;
439 
440 		if (ret < 0)
441 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
442 				    i, ret);
443 
444 		spin_lock_bh(&ar->data_lock);
445 		peer->keys[i] = NULL;
446 		spin_unlock_bh(&ar->data_lock);
447 	}
448 
449 	return first_errno;
450 }
451 
452 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
453 				    u8 keyidx)
454 {
455 	struct ath10k_peer *peer;
456 	int i;
457 
458 	lockdep_assert_held(&ar->data_lock);
459 
460 	/* We don't know which vdev this peer belongs to,
461 	 * since WMI doesn't give us that information.
462 	 *
463 	 * FIXME: multi-bss needs to be handled.
464 	 */
465 	peer = ath10k_peer_find(ar, 0, addr);
466 	if (!peer)
467 		return false;
468 
469 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
470 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
471 			return true;
472 	}
473 
474 	return false;
475 }
476 
477 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
478 				 struct ieee80211_key_conf *key)
479 {
480 	struct ath10k *ar = arvif->ar;
481 	struct ath10k_peer *peer;
482 	u8 addr[ETH_ALEN];
483 	int first_errno = 0;
484 	int ret;
485 	int i;
486 	u32 flags = 0;
487 
488 	lockdep_assert_held(&ar->conf_mutex);
489 
490 	for (;;) {
491 		/* since ath10k_install_key we can't hold data_lock all the
492 		 * time, so we try to remove the keys incrementally
493 		 */
494 		spin_lock_bh(&ar->data_lock);
495 		i = 0;
496 		list_for_each_entry(peer, &ar->peers, list) {
497 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
498 				if (peer->keys[i] == key) {
499 					ether_addr_copy(addr, peer->addr);
500 					peer->keys[i] = NULL;
501 					break;
502 				}
503 			}
504 
505 			if (i < ARRAY_SIZE(peer->keys))
506 				break;
507 		}
508 		spin_unlock_bh(&ar->data_lock);
509 
510 		if (i == ARRAY_SIZE(peer->keys))
511 			break;
512 		/* key flags are not required to delete the key */
513 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
514 		if (ret < 0 && first_errno == 0)
515 			first_errno = ret;
516 
517 		if (ret)
518 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
519 				    addr, ret);
520 	}
521 
522 	return first_errno;
523 }
524 
525 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
526 					 struct ieee80211_key_conf *key)
527 {
528 	struct ath10k *ar = arvif->ar;
529 	struct ath10k_peer *peer;
530 	int ret;
531 
532 	lockdep_assert_held(&ar->conf_mutex);
533 
534 	list_for_each_entry(peer, &ar->peers, list) {
535 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
536 			continue;
537 
538 		if (ether_addr_equal(peer->addr, arvif->bssid))
539 			continue;
540 
541 		if (peer->keys[key->keyidx] == key)
542 			continue;
543 
544 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
545 			   arvif->vdev_id, key->keyidx);
546 
547 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
548 		if (ret) {
549 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
550 				    arvif->vdev_id, peer->addr, ret);
551 			return ret;
552 		}
553 	}
554 
555 	return 0;
556 }
557 
558 /*********************/
559 /* General utilities */
560 /*********************/
561 
562 static inline enum wmi_phy_mode
563 chan_to_phymode(const struct cfg80211_chan_def *chandef)
564 {
565 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
566 
567 	switch (chandef->chan->band) {
568 	case NL80211_BAND_2GHZ:
569 		switch (chandef->width) {
570 		case NL80211_CHAN_WIDTH_20_NOHT:
571 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
572 				phymode = MODE_11B;
573 			else
574 				phymode = MODE_11G;
575 			break;
576 		case NL80211_CHAN_WIDTH_20:
577 			phymode = MODE_11NG_HT20;
578 			break;
579 		case NL80211_CHAN_WIDTH_40:
580 			phymode = MODE_11NG_HT40;
581 			break;
582 		default:
583 			phymode = MODE_UNKNOWN;
584 			break;
585 		}
586 		break;
587 	case NL80211_BAND_5GHZ:
588 		switch (chandef->width) {
589 		case NL80211_CHAN_WIDTH_20_NOHT:
590 			phymode = MODE_11A;
591 			break;
592 		case NL80211_CHAN_WIDTH_20:
593 			phymode = MODE_11NA_HT20;
594 			break;
595 		case NL80211_CHAN_WIDTH_40:
596 			phymode = MODE_11NA_HT40;
597 			break;
598 		case NL80211_CHAN_WIDTH_80:
599 			phymode = MODE_11AC_VHT80;
600 			break;
601 		case NL80211_CHAN_WIDTH_160:
602 			phymode = MODE_11AC_VHT160;
603 			break;
604 		case NL80211_CHAN_WIDTH_80P80:
605 			phymode = MODE_11AC_VHT80_80;
606 			break;
607 		default:
608 			phymode = MODE_UNKNOWN;
609 			break;
610 		}
611 		break;
612 	default:
613 		break;
614 	}
615 
616 	WARN_ON(phymode == MODE_UNKNOWN);
617 	return phymode;
618 }
619 
620 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
621 {
622 /*
623  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
624  *   0 for no restriction
625  *   1 for 1/4 us
626  *   2 for 1/2 us
627  *   3 for 1 us
628  *   4 for 2 us
629  *   5 for 4 us
630  *   6 for 8 us
631  *   7 for 16 us
632  */
633 	switch (mpdudensity) {
634 	case 0:
635 		return 0;
636 	case 1:
637 	case 2:
638 	case 3:
639 	/* Our lower layer calculations limit our precision to
640 	 * 1 microsecond
641 	 */
642 		return 1;
643 	case 4:
644 		return 2;
645 	case 5:
646 		return 4;
647 	case 6:
648 		return 8;
649 	case 7:
650 		return 16;
651 	default:
652 		return 0;
653 	}
654 }
655 
656 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
657 			struct cfg80211_chan_def *def)
658 {
659 	struct ieee80211_chanctx_conf *conf;
660 
661 	rcu_read_lock();
662 	conf = rcu_dereference(vif->bss_conf.chanctx_conf);
663 	if (!conf) {
664 		rcu_read_unlock();
665 		return -ENOENT;
666 	}
667 
668 	*def = conf->def;
669 	rcu_read_unlock();
670 
671 	return 0;
672 }
673 
674 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
675 					 struct ieee80211_chanctx_conf *conf,
676 					 void *data)
677 {
678 	int *num = data;
679 
680 	(*num)++;
681 }
682 
683 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
684 {
685 	int num = 0;
686 
687 	ieee80211_iter_chan_contexts_atomic(ar->hw,
688 					    ath10k_mac_num_chanctxs_iter,
689 					    &num);
690 
691 	return num;
692 }
693 
694 static void
695 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
696 				struct ieee80211_chanctx_conf *conf,
697 				void *data)
698 {
699 	struct cfg80211_chan_def **def = data;
700 
701 	*def = &conf->def;
702 }
703 
704 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
705 					     const u8 *addr)
706 {
707 	unsigned long time_left;
708 	int ret;
709 
710 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
711 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
712 		if (ret) {
713 			ath10k_warn(ar, "failed wait for peer deleted");
714 			return;
715 		}
716 
717 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
718 							5 * HZ);
719 		if (!time_left)
720 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
721 	}
722 }
723 
724 static int ath10k_peer_create(struct ath10k *ar,
725 			      struct ieee80211_vif *vif,
726 			      struct ieee80211_sta *sta,
727 			      u32 vdev_id,
728 			      const u8 *addr,
729 			      enum wmi_peer_type peer_type)
730 {
731 	struct ath10k_vif *arvif;
732 	struct ath10k_peer *peer;
733 	int num_peers = 0;
734 	int ret;
735 
736 	lockdep_assert_held(&ar->conf_mutex);
737 
738 	num_peers = ar->num_peers;
739 
740 	/* Each vdev consumes a peer entry as well */
741 	list_for_each_entry(arvif, &ar->arvifs, list)
742 		num_peers++;
743 
744 	if (num_peers >= ar->max_num_peers)
745 		return -ENOBUFS;
746 
747 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
748 	if (ret) {
749 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
750 			    addr, vdev_id, ret);
751 		return ret;
752 	}
753 
754 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
755 	if (ret) {
756 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
757 			    addr, vdev_id, ret);
758 		return ret;
759 	}
760 
761 	spin_lock_bh(&ar->data_lock);
762 
763 	peer = ath10k_peer_find(ar, vdev_id, addr);
764 	if (!peer) {
765 		spin_unlock_bh(&ar->data_lock);
766 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
767 			    addr, vdev_id);
768 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
769 		return -ENOENT;
770 	}
771 
772 	peer->vif = vif;
773 	peer->sta = sta;
774 
775 	spin_unlock_bh(&ar->data_lock);
776 
777 	ar->num_peers++;
778 
779 	return 0;
780 }
781 
782 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
783 {
784 	struct ath10k *ar = arvif->ar;
785 	u32 param;
786 	int ret;
787 
788 	param = ar->wmi.pdev_param->sta_kickout_th;
789 	ret = ath10k_wmi_pdev_set_param(ar, param,
790 					ATH10K_KICKOUT_THRESHOLD);
791 	if (ret) {
792 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
793 			    arvif->vdev_id, ret);
794 		return ret;
795 	}
796 
797 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
798 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
799 					ATH10K_KEEPALIVE_MIN_IDLE);
800 	if (ret) {
801 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
802 			    arvif->vdev_id, ret);
803 		return ret;
804 	}
805 
806 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
807 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
808 					ATH10K_KEEPALIVE_MAX_IDLE);
809 	if (ret) {
810 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
811 			    arvif->vdev_id, ret);
812 		return ret;
813 	}
814 
815 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
816 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
817 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
818 	if (ret) {
819 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
820 			    arvif->vdev_id, ret);
821 		return ret;
822 	}
823 
824 	return 0;
825 }
826 
827 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
828 {
829 	struct ath10k *ar = arvif->ar;
830 	u32 vdev_param;
831 
832 	vdev_param = ar->wmi.vdev_param->rts_threshold;
833 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
834 }
835 
836 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
837 {
838 	int ret;
839 
840 	lockdep_assert_held(&ar->conf_mutex);
841 
842 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
843 	if (ret)
844 		return ret;
845 
846 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
847 	if (ret)
848 		return ret;
849 
850 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
851 		unsigned long time_left;
852 
853 		time_left = wait_for_completion_timeout
854 			    (&ar->peer_delete_done, 5 * HZ);
855 
856 		if (!time_left) {
857 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
858 			return -ETIMEDOUT;
859 		}
860 	}
861 
862 	ar->num_peers--;
863 
864 	return 0;
865 }
866 
867 static void ath10k_peer_map_cleanup(struct ath10k *ar, struct ath10k_peer *peer)
868 {
869 	int peer_id, i;
870 
871 	lockdep_assert_held(&ar->conf_mutex);
872 
873 	for_each_set_bit(peer_id, peer->peer_ids,
874 			 ATH10K_MAX_NUM_PEER_IDS) {
875 		ar->peer_map[peer_id] = NULL;
876 	}
877 
878 	/* Double check that peer is properly un-referenced from
879 	 * the peer_map
880 	 */
881 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
882 		if (ar->peer_map[i] == peer) {
883 			ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
884 				    peer->addr, peer, i);
885 			ar->peer_map[i] = NULL;
886 		}
887 	}
888 
889 	list_del(&peer->list);
890 	kfree(peer);
891 	ar->num_peers--;
892 }
893 
894 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
895 {
896 	struct ath10k_peer *peer, *tmp;
897 
898 	lockdep_assert_held(&ar->conf_mutex);
899 
900 	spin_lock_bh(&ar->data_lock);
901 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
902 		if (peer->vdev_id != vdev_id)
903 			continue;
904 
905 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
906 			    peer->addr, vdev_id);
907 
908 		ath10k_peer_map_cleanup(ar, peer);
909 	}
910 	spin_unlock_bh(&ar->data_lock);
911 }
912 
913 static void ath10k_peer_cleanup_all(struct ath10k *ar)
914 {
915 	struct ath10k_peer *peer, *tmp;
916 	int i;
917 
918 	lockdep_assert_held(&ar->conf_mutex);
919 
920 	spin_lock_bh(&ar->data_lock);
921 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
922 		list_del(&peer->list);
923 		kfree(peer);
924 	}
925 
926 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
927 		ar->peer_map[i] = NULL;
928 
929 	spin_unlock_bh(&ar->data_lock);
930 
931 	ar->num_peers = 0;
932 	ar->num_stations = 0;
933 }
934 
935 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
936 				       struct ieee80211_sta *sta,
937 				       enum wmi_tdls_peer_state state)
938 {
939 	int ret;
940 	struct wmi_tdls_peer_update_cmd_arg arg = {};
941 	struct wmi_tdls_peer_capab_arg cap = {};
942 	struct wmi_channel_arg chan_arg = {};
943 
944 	lockdep_assert_held(&ar->conf_mutex);
945 
946 	arg.vdev_id = vdev_id;
947 	arg.peer_state = state;
948 	ether_addr_copy(arg.addr, sta->addr);
949 
950 	cap.peer_max_sp = sta->max_sp;
951 	cap.peer_uapsd_queues = sta->uapsd_queues;
952 
953 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
954 	    !sta->tdls_initiator)
955 		cap.is_peer_responder = 1;
956 
957 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
958 	if (ret) {
959 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
960 			    arg.addr, vdev_id, ret);
961 		return ret;
962 	}
963 
964 	return 0;
965 }
966 
967 /************************/
968 /* Interface management */
969 /************************/
970 
971 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
972 {
973 	struct ath10k *ar = arvif->ar;
974 
975 	lockdep_assert_held(&ar->data_lock);
976 
977 	if (!arvif->beacon)
978 		return;
979 
980 	if (!arvif->beacon_buf)
981 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
982 				 arvif->beacon->len, DMA_TO_DEVICE);
983 
984 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
985 		    arvif->beacon_state != ATH10K_BEACON_SENT))
986 		return;
987 
988 	dev_kfree_skb_any(arvif->beacon);
989 
990 	arvif->beacon = NULL;
991 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
992 }
993 
994 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
995 {
996 	struct ath10k *ar = arvif->ar;
997 
998 	lockdep_assert_held(&ar->data_lock);
999 
1000 	ath10k_mac_vif_beacon_free(arvif);
1001 
1002 	if (arvif->beacon_buf) {
1003 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
1004 			kfree(arvif->beacon_buf);
1005 		else
1006 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
1007 					  arvif->beacon_buf,
1008 					  arvif->beacon_paddr);
1009 		arvif->beacon_buf = NULL;
1010 	}
1011 }
1012 
1013 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
1014 {
1015 	unsigned long time_left;
1016 
1017 	lockdep_assert_held(&ar->conf_mutex);
1018 
1019 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1020 		return -ESHUTDOWN;
1021 
1022 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1023 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1024 	if (time_left == 0)
1025 		return -ETIMEDOUT;
1026 
1027 	return ar->last_wmi_vdev_start_status;
1028 }
1029 
1030 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1031 {
1032 	struct cfg80211_chan_def *chandef = NULL;
1033 	struct ieee80211_channel *channel = NULL;
1034 	struct wmi_vdev_start_request_arg arg = {};
1035 	int ret = 0;
1036 
1037 	lockdep_assert_held(&ar->conf_mutex);
1038 
1039 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1040 					    ath10k_mac_get_any_chandef_iter,
1041 					    &chandef);
1042 	if (WARN_ON_ONCE(!chandef))
1043 		return -ENOENT;
1044 
1045 	channel = chandef->chan;
1046 
1047 	arg.vdev_id = vdev_id;
1048 	arg.channel.freq = channel->center_freq;
1049 	arg.channel.band_center_freq1 = chandef->center_freq1;
1050 	arg.channel.band_center_freq2 = chandef->center_freq2;
1051 
1052 	/* TODO setup this dynamically, what in case we
1053 	 * don't have any vifs?
1054 	 */
1055 	arg.channel.mode = chan_to_phymode(chandef);
1056 	arg.channel.chan_radar =
1057 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1058 
1059 	arg.channel.min_power = 0;
1060 	arg.channel.max_power = channel->max_power * 2;
1061 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1062 	arg.channel.max_antenna_gain = channel->max_antenna_gain;
1063 
1064 	reinit_completion(&ar->vdev_setup_done);
1065 	reinit_completion(&ar->vdev_delete_done);
1066 
1067 	ret = ath10k_wmi_vdev_start(ar, &arg);
1068 	if (ret) {
1069 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1070 			    vdev_id, ret);
1071 		return ret;
1072 	}
1073 
1074 	ret = ath10k_vdev_setup_sync(ar);
1075 	if (ret) {
1076 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1077 			    vdev_id, ret);
1078 		return ret;
1079 	}
1080 
1081 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1082 	if (ret) {
1083 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1084 			    vdev_id, ret);
1085 		goto vdev_stop;
1086 	}
1087 
1088 	ar->monitor_vdev_id = vdev_id;
1089 
1090 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1091 		   ar->monitor_vdev_id);
1092 	return 0;
1093 
1094 vdev_stop:
1095 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1096 	if (ret)
1097 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1098 			    ar->monitor_vdev_id, ret);
1099 
1100 	return ret;
1101 }
1102 
1103 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1104 {
1105 	int ret = 0;
1106 
1107 	lockdep_assert_held(&ar->conf_mutex);
1108 
1109 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1110 	if (ret)
1111 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1112 			    ar->monitor_vdev_id, ret);
1113 
1114 	reinit_completion(&ar->vdev_setup_done);
1115 	reinit_completion(&ar->vdev_delete_done);
1116 
1117 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1118 	if (ret)
1119 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1120 			    ar->monitor_vdev_id, ret);
1121 
1122 	ret = ath10k_vdev_setup_sync(ar);
1123 	if (ret)
1124 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1125 			    ar->monitor_vdev_id, ret);
1126 
1127 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1128 		   ar->monitor_vdev_id);
1129 	return ret;
1130 }
1131 
1132 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1133 {
1134 	int bit, ret = 0;
1135 
1136 	lockdep_assert_held(&ar->conf_mutex);
1137 
1138 	if (ar->free_vdev_map == 0) {
1139 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1140 		return -ENOMEM;
1141 	}
1142 
1143 	bit = __ffs64(ar->free_vdev_map);
1144 
1145 	ar->monitor_vdev_id = bit;
1146 
1147 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1148 				     WMI_VDEV_TYPE_MONITOR,
1149 				     0, ar->mac_addr);
1150 	if (ret) {
1151 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1152 			    ar->monitor_vdev_id, ret);
1153 		return ret;
1154 	}
1155 
1156 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1157 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1158 		   ar->monitor_vdev_id);
1159 
1160 	return 0;
1161 }
1162 
1163 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1164 {
1165 	int ret = 0;
1166 
1167 	lockdep_assert_held(&ar->conf_mutex);
1168 
1169 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1170 	if (ret) {
1171 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1172 			    ar->monitor_vdev_id, ret);
1173 		return ret;
1174 	}
1175 
1176 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1177 
1178 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1179 		   ar->monitor_vdev_id);
1180 	return ret;
1181 }
1182 
1183 static int ath10k_monitor_start(struct ath10k *ar)
1184 {
1185 	int ret;
1186 
1187 	lockdep_assert_held(&ar->conf_mutex);
1188 
1189 	ret = ath10k_monitor_vdev_create(ar);
1190 	if (ret) {
1191 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1192 		return ret;
1193 	}
1194 
1195 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1196 	if (ret) {
1197 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1198 		ath10k_monitor_vdev_delete(ar);
1199 		return ret;
1200 	}
1201 
1202 	ar->monitor_started = true;
1203 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1204 
1205 	return 0;
1206 }
1207 
1208 static int ath10k_monitor_stop(struct ath10k *ar)
1209 {
1210 	int ret;
1211 
1212 	lockdep_assert_held(&ar->conf_mutex);
1213 
1214 	ret = ath10k_monitor_vdev_stop(ar);
1215 	if (ret) {
1216 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1217 		return ret;
1218 	}
1219 
1220 	ret = ath10k_monitor_vdev_delete(ar);
1221 	if (ret) {
1222 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1223 		return ret;
1224 	}
1225 
1226 	ar->monitor_started = false;
1227 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1228 
1229 	return 0;
1230 }
1231 
1232 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1233 {
1234 	int num_ctx;
1235 
1236 	/* At least one chanctx is required to derive a channel to start
1237 	 * monitor vdev on.
1238 	 */
1239 	num_ctx = ath10k_mac_num_chanctxs(ar);
1240 	if (num_ctx == 0)
1241 		return false;
1242 
1243 	/* If there's already an existing special monitor interface then don't
1244 	 * bother creating another monitor vdev.
1245 	 */
1246 	if (ar->monitor_arvif)
1247 		return false;
1248 
1249 	return ar->monitor ||
1250 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1251 			  ar->running_fw->fw_file.fw_features) &&
1252 		(ar->filter_flags & FIF_OTHER_BSS)) ||
1253 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1254 }
1255 
1256 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1257 {
1258 	int num_ctx;
1259 
1260 	num_ctx = ath10k_mac_num_chanctxs(ar);
1261 
1262 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1263 	 * shouldn't allow this but make sure to prevent handling the following
1264 	 * case anyway since multi-channel DFS hasn't been tested at all.
1265 	 */
1266 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1267 		return false;
1268 
1269 	return true;
1270 }
1271 
1272 static int ath10k_monitor_recalc(struct ath10k *ar)
1273 {
1274 	bool needed;
1275 	bool allowed;
1276 	int ret;
1277 
1278 	lockdep_assert_held(&ar->conf_mutex);
1279 
1280 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1281 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1282 
1283 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1284 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1285 		   ar->monitor_started, needed, allowed);
1286 
1287 	if (WARN_ON(needed && !allowed)) {
1288 		if (ar->monitor_started) {
1289 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1290 
1291 			ret = ath10k_monitor_stop(ar);
1292 			if (ret)
1293 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1294 					    ret);
1295 				/* not serious */
1296 		}
1297 
1298 		return -EPERM;
1299 	}
1300 
1301 	if (needed == ar->monitor_started)
1302 		return 0;
1303 
1304 	if (needed)
1305 		return ath10k_monitor_start(ar);
1306 	else
1307 		return ath10k_monitor_stop(ar);
1308 }
1309 
1310 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1311 {
1312 	struct ath10k *ar = arvif->ar;
1313 
1314 	lockdep_assert_held(&ar->conf_mutex);
1315 
1316 	if (!arvif->is_started) {
1317 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1318 		return false;
1319 	}
1320 
1321 	return true;
1322 }
1323 
1324 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1325 {
1326 	struct ath10k *ar = arvif->ar;
1327 	u32 vdev_param;
1328 
1329 	lockdep_assert_held(&ar->conf_mutex);
1330 
1331 	vdev_param = ar->wmi.vdev_param->protection_mode;
1332 
1333 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1334 		   arvif->vdev_id, arvif->use_cts_prot);
1335 
1336 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1337 					 arvif->use_cts_prot ? 1 : 0);
1338 }
1339 
1340 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1341 {
1342 	struct ath10k *ar = arvif->ar;
1343 	u32 vdev_param, rts_cts = 0;
1344 
1345 	lockdep_assert_held(&ar->conf_mutex);
1346 
1347 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1348 
1349 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1350 
1351 	if (arvif->num_legacy_stations > 0)
1352 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1353 			      WMI_RTSCTS_PROFILE);
1354 	else
1355 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1356 			      WMI_RTSCTS_PROFILE);
1357 
1358 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1359 		   arvif->vdev_id, rts_cts);
1360 
1361 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1362 					 rts_cts);
1363 }
1364 
1365 static int ath10k_start_cac(struct ath10k *ar)
1366 {
1367 	int ret;
1368 
1369 	lockdep_assert_held(&ar->conf_mutex);
1370 
1371 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1372 
1373 	ret = ath10k_monitor_recalc(ar);
1374 	if (ret) {
1375 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1376 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1377 		return ret;
1378 	}
1379 
1380 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1381 		   ar->monitor_vdev_id);
1382 
1383 	return 0;
1384 }
1385 
1386 static int ath10k_stop_cac(struct ath10k *ar)
1387 {
1388 	lockdep_assert_held(&ar->conf_mutex);
1389 
1390 	/* CAC is not running - do nothing */
1391 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1392 		return 0;
1393 
1394 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1395 	ath10k_monitor_stop(ar);
1396 
1397 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1398 
1399 	return 0;
1400 }
1401 
1402 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1403 				      struct ieee80211_chanctx_conf *conf,
1404 				      void *data)
1405 {
1406 	bool *ret = data;
1407 
1408 	if (!*ret && conf->radar_enabled)
1409 		*ret = true;
1410 }
1411 
1412 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1413 {
1414 	bool has_radar = false;
1415 
1416 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1417 					    ath10k_mac_has_radar_iter,
1418 					    &has_radar);
1419 
1420 	return has_radar;
1421 }
1422 
1423 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1424 {
1425 	int ret;
1426 
1427 	lockdep_assert_held(&ar->conf_mutex);
1428 
1429 	ath10k_stop_cac(ar);
1430 
1431 	if (!ath10k_mac_has_radar_enabled(ar))
1432 		return;
1433 
1434 	if (ar->num_started_vdevs > 0)
1435 		return;
1436 
1437 	ret = ath10k_start_cac(ar);
1438 	if (ret) {
1439 		/*
1440 		 * Not possible to start CAC on current channel so starting
1441 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1442 		 * by indicating that radar was detected.
1443 		 */
1444 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1445 		ieee80211_radar_detected(ar->hw);
1446 	}
1447 }
1448 
1449 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1450 {
1451 	struct ath10k *ar = arvif->ar;
1452 	int ret;
1453 
1454 	lockdep_assert_held(&ar->conf_mutex);
1455 
1456 	reinit_completion(&ar->vdev_setup_done);
1457 	reinit_completion(&ar->vdev_delete_done);
1458 
1459 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1460 	if (ret) {
1461 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1462 			    arvif->vdev_id, ret);
1463 		return ret;
1464 	}
1465 
1466 	ret = ath10k_vdev_setup_sync(ar);
1467 	if (ret) {
1468 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1469 			    arvif->vdev_id, ret);
1470 		return ret;
1471 	}
1472 
1473 	WARN_ON(ar->num_started_vdevs == 0);
1474 
1475 	if (ar->num_started_vdevs != 0) {
1476 		ar->num_started_vdevs--;
1477 		ath10k_recalc_radar_detection(ar);
1478 	}
1479 
1480 	return ret;
1481 }
1482 
1483 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1484 				     const struct cfg80211_chan_def *chandef,
1485 				     bool restart)
1486 {
1487 	struct ath10k *ar = arvif->ar;
1488 	struct wmi_vdev_start_request_arg arg = {};
1489 	int ret = 0;
1490 
1491 	lockdep_assert_held(&ar->conf_mutex);
1492 
1493 	reinit_completion(&ar->vdev_setup_done);
1494 	reinit_completion(&ar->vdev_delete_done);
1495 
1496 	arg.vdev_id = arvif->vdev_id;
1497 	arg.dtim_period = arvif->dtim_period;
1498 	arg.bcn_intval = arvif->beacon_interval;
1499 
1500 	arg.channel.freq = chandef->chan->center_freq;
1501 	arg.channel.band_center_freq1 = chandef->center_freq1;
1502 	arg.channel.band_center_freq2 = chandef->center_freq2;
1503 	arg.channel.mode = chan_to_phymode(chandef);
1504 
1505 	arg.channel.min_power = 0;
1506 	arg.channel.max_power = chandef->chan->max_power * 2;
1507 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1508 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
1509 
1510 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1511 		arg.ssid = arvif->u.ap.ssid;
1512 		arg.ssid_len = arvif->u.ap.ssid_len;
1513 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1514 
1515 		/* For now allow DFS for AP mode */
1516 		arg.channel.chan_radar =
1517 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1518 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1519 		arg.ssid = arvif->vif->cfg.ssid;
1520 		arg.ssid_len = arvif->vif->cfg.ssid_len;
1521 	}
1522 
1523 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1524 		   "mac vdev %d start center_freq %d phymode %s\n",
1525 		   arg.vdev_id, arg.channel.freq,
1526 		   ath10k_wmi_phymode_str(arg.channel.mode));
1527 
1528 	if (restart)
1529 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1530 	else
1531 		ret = ath10k_wmi_vdev_start(ar, &arg);
1532 
1533 	if (ret) {
1534 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1535 			    arg.vdev_id, ret);
1536 		return ret;
1537 	}
1538 
1539 	ret = ath10k_vdev_setup_sync(ar);
1540 	if (ret) {
1541 		ath10k_warn(ar,
1542 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1543 			    arg.vdev_id, restart, ret);
1544 		return ret;
1545 	}
1546 
1547 	ar->num_started_vdevs++;
1548 	ath10k_recalc_radar_detection(ar);
1549 
1550 	return ret;
1551 }
1552 
1553 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1554 			     const struct cfg80211_chan_def *def)
1555 {
1556 	return ath10k_vdev_start_restart(arvif, def, false);
1557 }
1558 
1559 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1560 			       const struct cfg80211_chan_def *def)
1561 {
1562 	return ath10k_vdev_start_restart(arvif, def, true);
1563 }
1564 
1565 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1566 				       struct sk_buff *bcn)
1567 {
1568 	struct ath10k *ar = arvif->ar;
1569 	struct ieee80211_mgmt *mgmt;
1570 	const u8 *p2p_ie;
1571 	int ret;
1572 
1573 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1574 		return 0;
1575 
1576 	mgmt = (void *)bcn->data;
1577 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1578 					 mgmt->u.beacon.variable,
1579 					 bcn->len - (mgmt->u.beacon.variable -
1580 						     bcn->data));
1581 	if (!p2p_ie)
1582 		return -ENOENT;
1583 
1584 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1585 	if (ret) {
1586 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1587 			    arvif->vdev_id, ret);
1588 		return ret;
1589 	}
1590 
1591 	return 0;
1592 }
1593 
1594 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1595 				       u8 oui_type, size_t ie_offset)
1596 {
1597 	size_t len;
1598 	const u8 *next;
1599 	const u8 *end;
1600 	u8 *ie;
1601 
1602 	if (WARN_ON(skb->len < ie_offset))
1603 		return -EINVAL;
1604 
1605 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1606 					   skb->data + ie_offset,
1607 					   skb->len - ie_offset);
1608 	if (!ie)
1609 		return -ENOENT;
1610 
1611 	len = ie[1] + 2;
1612 	end = skb->data + skb->len;
1613 	next = ie + len;
1614 
1615 	if (WARN_ON(next > end))
1616 		return -EINVAL;
1617 
1618 	memmove(ie, next, end - next);
1619 	skb_trim(skb, skb->len - len);
1620 
1621 	return 0;
1622 }
1623 
1624 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1625 {
1626 	struct ath10k *ar = arvif->ar;
1627 	struct ieee80211_hw *hw = ar->hw;
1628 	struct ieee80211_vif *vif = arvif->vif;
1629 	struct ieee80211_mutable_offsets offs = {};
1630 	struct sk_buff *bcn;
1631 	int ret;
1632 
1633 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1634 		return 0;
1635 
1636 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1637 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1638 		return 0;
1639 
1640 	bcn = ieee80211_beacon_get_template(hw, vif, &offs, 0);
1641 	if (!bcn) {
1642 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1643 		return -EPERM;
1644 	}
1645 
1646 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1647 	if (ret) {
1648 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1649 		kfree_skb(bcn);
1650 		return ret;
1651 	}
1652 
1653 	/* P2P IE is inserted by firmware automatically (as configured above)
1654 	 * so remove it from the base beacon template to avoid duplicate P2P
1655 	 * IEs in beacon frames.
1656 	 */
1657 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1658 				    offsetof(struct ieee80211_mgmt,
1659 					     u.beacon.variable));
1660 
1661 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1662 				  0, NULL, 0);
1663 	kfree_skb(bcn);
1664 
1665 	if (ret) {
1666 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1667 			    ret);
1668 		return ret;
1669 	}
1670 
1671 	return 0;
1672 }
1673 
1674 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1675 {
1676 	struct ath10k *ar = arvif->ar;
1677 	struct ieee80211_hw *hw = ar->hw;
1678 	struct ieee80211_vif *vif = arvif->vif;
1679 	struct sk_buff *prb;
1680 	int ret;
1681 
1682 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1683 		return 0;
1684 
1685 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1686 		return 0;
1687 
1688 	 /* For mesh, probe response and beacon share the same template */
1689 	if (ieee80211_vif_is_mesh(vif))
1690 		return 0;
1691 
1692 	prb = ieee80211_proberesp_get(hw, vif);
1693 	if (!prb) {
1694 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1695 		return -EPERM;
1696 	}
1697 
1698 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1699 	kfree_skb(prb);
1700 
1701 	if (ret) {
1702 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1703 			    ret);
1704 		return ret;
1705 	}
1706 
1707 	return 0;
1708 }
1709 
1710 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1711 {
1712 	struct ath10k *ar = arvif->ar;
1713 	struct cfg80211_chan_def def;
1714 	int ret;
1715 
1716 	/* When originally vdev is started during assign_vif_chanctx() some
1717 	 * information is missing, notably SSID. Firmware revisions with beacon
1718 	 * offloading require the SSID to be provided during vdev (re)start to
1719 	 * handle hidden SSID properly.
1720 	 *
1721 	 * Vdev restart must be done after vdev has been both started and
1722 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1723 	 * deliver vdev restart response event causing timeouts during vdev
1724 	 * syncing in ath10k.
1725 	 *
1726 	 * Note: The vdev down/up and template reinstallation could be skipped
1727 	 * since only wmi-tlv firmware are known to have beacon offload and
1728 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1729 	 * response delivery. It's probably more robust to keep it as is.
1730 	 */
1731 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1732 		return 0;
1733 
1734 	if (WARN_ON(!arvif->is_started))
1735 		return -EINVAL;
1736 
1737 	if (WARN_ON(!arvif->is_up))
1738 		return -EINVAL;
1739 
1740 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1741 		return -EINVAL;
1742 
1743 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1744 	if (ret) {
1745 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1746 			    arvif->vdev_id, ret);
1747 		return ret;
1748 	}
1749 
1750 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1751 	 * firmware will crash upon vdev up.
1752 	 */
1753 
1754 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1755 	if (ret) {
1756 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1757 		return ret;
1758 	}
1759 
1760 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1761 	if (ret) {
1762 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1763 		return ret;
1764 	}
1765 
1766 	ret = ath10k_vdev_restart(arvif, &def);
1767 	if (ret) {
1768 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1769 			    arvif->vdev_id, ret);
1770 		return ret;
1771 	}
1772 
1773 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1774 				 arvif->bssid);
1775 	if (ret) {
1776 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1777 			    arvif->vdev_id, ret);
1778 		return ret;
1779 	}
1780 
1781 	return 0;
1782 }
1783 
1784 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1785 				     struct ieee80211_bss_conf *info)
1786 {
1787 	struct ath10k *ar = arvif->ar;
1788 	int ret = 0;
1789 
1790 	lockdep_assert_held(&arvif->ar->conf_mutex);
1791 
1792 	if (!info->enable_beacon) {
1793 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1794 		if (ret)
1795 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1796 				    arvif->vdev_id, ret);
1797 
1798 		arvif->is_up = false;
1799 
1800 		spin_lock_bh(&arvif->ar->data_lock);
1801 		ath10k_mac_vif_beacon_free(arvif);
1802 		spin_unlock_bh(&arvif->ar->data_lock);
1803 
1804 		return;
1805 	}
1806 
1807 	arvif->tx_seq_no = 0x1000;
1808 
1809 	arvif->aid = 0;
1810 	ether_addr_copy(arvif->bssid, info->bssid);
1811 
1812 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1813 				 arvif->bssid);
1814 	if (ret) {
1815 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1816 			    arvif->vdev_id, ret);
1817 		return;
1818 	}
1819 
1820 	arvif->is_up = true;
1821 
1822 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1823 	if (ret) {
1824 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1825 			    arvif->vdev_id, ret);
1826 		return;
1827 	}
1828 
1829 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1830 }
1831 
1832 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1833 				struct ieee80211_vif *vif)
1834 {
1835 	struct ath10k *ar = arvif->ar;
1836 	u32 vdev_param;
1837 	int ret = 0;
1838 
1839 	lockdep_assert_held(&arvif->ar->conf_mutex);
1840 
1841 	if (!vif->cfg.ibss_joined) {
1842 		if (is_zero_ether_addr(arvif->bssid))
1843 			return;
1844 
1845 		eth_zero_addr(arvif->bssid);
1846 
1847 		return;
1848 	}
1849 
1850 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1851 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1852 					ATH10K_DEFAULT_ATIM);
1853 	if (ret)
1854 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1855 			    arvif->vdev_id, ret);
1856 }
1857 
1858 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1859 {
1860 	struct ath10k *ar = arvif->ar;
1861 	u32 param;
1862 	u32 value;
1863 	int ret;
1864 
1865 	lockdep_assert_held(&arvif->ar->conf_mutex);
1866 
1867 	if (arvif->u.sta.uapsd)
1868 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1869 	else
1870 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1871 
1872 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1873 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1874 	if (ret) {
1875 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1876 			    value, arvif->vdev_id, ret);
1877 		return ret;
1878 	}
1879 
1880 	return 0;
1881 }
1882 
1883 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1884 {
1885 	struct ath10k *ar = arvif->ar;
1886 	u32 param;
1887 	u32 value;
1888 	int ret;
1889 
1890 	lockdep_assert_held(&arvif->ar->conf_mutex);
1891 
1892 	if (arvif->u.sta.uapsd)
1893 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1894 	else
1895 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1896 
1897 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1898 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1899 					  param, value);
1900 	if (ret) {
1901 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1902 			    value, arvif->vdev_id, ret);
1903 		return ret;
1904 	}
1905 
1906 	return 0;
1907 }
1908 
1909 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1910 {
1911 	struct ath10k_vif *arvif;
1912 	int num = 0;
1913 
1914 	lockdep_assert_held(&ar->conf_mutex);
1915 
1916 	list_for_each_entry(arvif, &ar->arvifs, list)
1917 		if (arvif->is_started)
1918 			num++;
1919 
1920 	return num;
1921 }
1922 
1923 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1924 {
1925 	struct ath10k *ar = arvif->ar;
1926 	struct ieee80211_vif *vif = arvif->vif;
1927 	struct ieee80211_conf *conf = &ar->hw->conf;
1928 	enum wmi_sta_powersave_param param;
1929 	enum wmi_sta_ps_mode psmode;
1930 	int ret;
1931 	int ps_timeout;
1932 	bool enable_ps;
1933 
1934 	lockdep_assert_held(&arvif->ar->conf_mutex);
1935 
1936 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1937 		return 0;
1938 
1939 	enable_ps = arvif->ps;
1940 
1941 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1942 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1943 		      ar->running_fw->fw_file.fw_features)) {
1944 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1945 			    arvif->vdev_id);
1946 		enable_ps = false;
1947 	}
1948 
1949 	if (!arvif->is_started) {
1950 		/* mac80211 can update vif powersave state while disconnected.
1951 		 * Firmware doesn't behave nicely and consumes more power than
1952 		 * necessary if PS is disabled on a non-started vdev. Hence
1953 		 * force-enable PS for non-running vdevs.
1954 		 */
1955 		psmode = WMI_STA_PS_MODE_ENABLED;
1956 	} else if (enable_ps) {
1957 		psmode = WMI_STA_PS_MODE_ENABLED;
1958 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1959 
1960 		ps_timeout = conf->dynamic_ps_timeout;
1961 		if (ps_timeout == 0) {
1962 			/* Firmware doesn't like 0 */
1963 			ps_timeout = ieee80211_tu_to_usec(
1964 				vif->bss_conf.beacon_int) / 1000;
1965 		}
1966 
1967 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1968 						  ps_timeout);
1969 		if (ret) {
1970 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1971 				    arvif->vdev_id, ret);
1972 			return ret;
1973 		}
1974 	} else {
1975 		psmode = WMI_STA_PS_MODE_DISABLED;
1976 	}
1977 
1978 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1979 		   arvif->vdev_id, psmode ? "enable" : "disable");
1980 
1981 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1982 	if (ret) {
1983 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
1984 			    psmode, arvif->vdev_id, ret);
1985 		return ret;
1986 	}
1987 
1988 	return 0;
1989 }
1990 
1991 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
1992 {
1993 	struct ath10k *ar = arvif->ar;
1994 	struct wmi_sta_keepalive_arg arg = {};
1995 	int ret;
1996 
1997 	lockdep_assert_held(&arvif->ar->conf_mutex);
1998 
1999 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
2000 		return 0;
2001 
2002 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
2003 		return 0;
2004 
2005 	/* Some firmware revisions have a bug and ignore the `enabled` field.
2006 	 * Instead use the interval to disable the keepalive.
2007 	 */
2008 	arg.vdev_id = arvif->vdev_id;
2009 	arg.enabled = 1;
2010 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
2011 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
2012 
2013 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
2014 	if (ret) {
2015 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
2016 			    arvif->vdev_id, ret);
2017 		return ret;
2018 	}
2019 
2020 	return 0;
2021 }
2022 
2023 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2024 {
2025 	struct ath10k *ar = arvif->ar;
2026 	struct ieee80211_vif *vif = arvif->vif;
2027 	int ret;
2028 
2029 	lockdep_assert_held(&arvif->ar->conf_mutex);
2030 
2031 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2032 		return;
2033 
2034 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2035 		return;
2036 
2037 	if (!vif->bss_conf.csa_active)
2038 		return;
2039 
2040 	if (!arvif->is_up)
2041 		return;
2042 
2043 	if (!ieee80211_beacon_cntdwn_is_complete(vif)) {
2044 		ieee80211_beacon_update_cntdwn(vif);
2045 
2046 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2047 		if (ret)
2048 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2049 				    ret);
2050 
2051 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2052 		if (ret)
2053 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2054 				    ret);
2055 	} else {
2056 		ieee80211_csa_finish(vif);
2057 	}
2058 }
2059 
2060 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2061 {
2062 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2063 						ap_csa_work);
2064 	struct ath10k *ar = arvif->ar;
2065 
2066 	mutex_lock(&ar->conf_mutex);
2067 	ath10k_mac_vif_ap_csa_count_down(arvif);
2068 	mutex_unlock(&ar->conf_mutex);
2069 }
2070 
2071 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2072 					  struct ieee80211_vif *vif)
2073 {
2074 	struct sk_buff *skb = data;
2075 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2076 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2077 
2078 	if (vif->type != NL80211_IFTYPE_STATION)
2079 		return;
2080 
2081 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2082 		return;
2083 
2084 	cancel_delayed_work(&arvif->connection_loss_work);
2085 }
2086 
2087 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2088 {
2089 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2090 						   ATH10K_ITER_NORMAL_FLAGS,
2091 						   ath10k_mac_handle_beacon_iter,
2092 						   skb);
2093 }
2094 
2095 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2096 					       struct ieee80211_vif *vif)
2097 {
2098 	u32 *vdev_id = data;
2099 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2100 	struct ath10k *ar = arvif->ar;
2101 	struct ieee80211_hw *hw = ar->hw;
2102 
2103 	if (arvif->vdev_id != *vdev_id)
2104 		return;
2105 
2106 	if (!arvif->is_up)
2107 		return;
2108 
2109 	ieee80211_beacon_loss(vif);
2110 
2111 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2112 	 * (done by mac80211) succeeds but beacons do not resume then it
2113 	 * doesn't make sense to continue operation. Queue connection loss work
2114 	 * which can be cancelled when beacon is received.
2115 	 */
2116 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2117 				     ATH10K_CONNECTION_LOSS_HZ);
2118 }
2119 
2120 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2121 {
2122 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2123 						   ATH10K_ITER_NORMAL_FLAGS,
2124 						   ath10k_mac_handle_beacon_miss_iter,
2125 						   &vdev_id);
2126 }
2127 
2128 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2129 {
2130 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2131 						connection_loss_work.work);
2132 	struct ieee80211_vif *vif = arvif->vif;
2133 
2134 	if (!arvif->is_up)
2135 		return;
2136 
2137 	ieee80211_connection_loss(vif);
2138 }
2139 
2140 /**********************/
2141 /* Station management */
2142 /**********************/
2143 
2144 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2145 					     struct ieee80211_vif *vif)
2146 {
2147 	/* Some firmware revisions have unstable STA powersave when listen
2148 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2149 	 * generate NullFunc frames properly even if buffered frames have been
2150 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2151 	 * buffered frames. Often pinging the device from AP would simply fail.
2152 	 *
2153 	 * As a workaround set it to 1.
2154 	 */
2155 	if (vif->type == NL80211_IFTYPE_STATION)
2156 		return 1;
2157 
2158 	return ar->hw->conf.listen_interval;
2159 }
2160 
2161 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2162 				      struct ieee80211_vif *vif,
2163 				      struct ieee80211_sta *sta,
2164 				      struct wmi_peer_assoc_complete_arg *arg)
2165 {
2166 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2167 	u32 aid;
2168 
2169 	lockdep_assert_held(&ar->conf_mutex);
2170 
2171 	if (vif->type == NL80211_IFTYPE_STATION)
2172 		aid = vif->cfg.aid;
2173 	else
2174 		aid = sta->aid;
2175 
2176 	ether_addr_copy(arg->addr, sta->addr);
2177 	arg->vdev_id = arvif->vdev_id;
2178 	arg->peer_aid = aid;
2179 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2180 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2181 	arg->peer_num_spatial_streams = 1;
2182 	arg->peer_caps = vif->bss_conf.assoc_capability;
2183 }
2184 
2185 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2186 				       struct ieee80211_vif *vif,
2187 				       struct ieee80211_sta *sta,
2188 				       struct wmi_peer_assoc_complete_arg *arg)
2189 {
2190 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2191 	struct cfg80211_chan_def def;
2192 	struct cfg80211_bss *bss;
2193 	const u8 *rsnie = NULL;
2194 	const u8 *wpaie = NULL;
2195 
2196 	lockdep_assert_held(&ar->conf_mutex);
2197 
2198 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2199 		return;
2200 
2201 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid,
2202 			       vif->cfg.ssid_len ? vif->cfg.ssid : NULL,
2203 			       vif->cfg.ssid_len,
2204 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2205 	if (bss) {
2206 		const struct cfg80211_bss_ies *ies;
2207 
2208 		rcu_read_lock();
2209 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2210 
2211 		ies = rcu_dereference(bss->ies);
2212 
2213 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2214 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2215 						ies->data,
2216 						ies->len);
2217 		rcu_read_unlock();
2218 		cfg80211_put_bss(ar->hw->wiphy, bss);
2219 	}
2220 
2221 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2222 	if (rsnie || wpaie) {
2223 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2224 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2225 	}
2226 
2227 	if (wpaie) {
2228 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2229 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2230 	}
2231 
2232 	if (sta->mfp &&
2233 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2234 		     ar->running_fw->fw_file.fw_features)) {
2235 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2236 	}
2237 }
2238 
2239 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2240 				      struct ieee80211_vif *vif,
2241 				      struct ieee80211_sta *sta,
2242 				      struct wmi_peer_assoc_complete_arg *arg)
2243 {
2244 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2245 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2246 	struct cfg80211_chan_def def;
2247 	const struct ieee80211_supported_band *sband;
2248 	const struct ieee80211_rate *rates;
2249 	enum nl80211_band band;
2250 	u32 ratemask;
2251 	u8 rate;
2252 	int i;
2253 
2254 	lockdep_assert_held(&ar->conf_mutex);
2255 
2256 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2257 		return;
2258 
2259 	band = def.chan->band;
2260 	sband = ar->hw->wiphy->bands[band];
2261 	ratemask = sta->deflink.supp_rates[band];
2262 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2263 	rates = sband->bitrates;
2264 
2265 	rateset->num_rates = 0;
2266 
2267 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2268 		if (!(ratemask & 1))
2269 			continue;
2270 
2271 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2272 		rateset->rates[rateset->num_rates] = rate;
2273 		rateset->num_rates++;
2274 	}
2275 }
2276 
2277 static bool
2278 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2279 {
2280 	int nss;
2281 
2282 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2283 		if (ht_mcs_mask[nss])
2284 			return false;
2285 
2286 	return true;
2287 }
2288 
2289 static bool
2290 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2291 {
2292 	int nss;
2293 
2294 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2295 		if (vht_mcs_mask[nss])
2296 			return false;
2297 
2298 	return true;
2299 }
2300 
2301 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2302 				   struct ieee80211_vif *vif,
2303 				   struct ieee80211_sta *sta,
2304 				   struct wmi_peer_assoc_complete_arg *arg)
2305 {
2306 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
2307 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2308 	struct cfg80211_chan_def def;
2309 	enum nl80211_band band;
2310 	const u8 *ht_mcs_mask;
2311 	const u16 *vht_mcs_mask;
2312 	int i, n;
2313 	u8 max_nss;
2314 	u32 stbc;
2315 
2316 	lockdep_assert_held(&ar->conf_mutex);
2317 
2318 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2319 		return;
2320 
2321 	if (!ht_cap->ht_supported)
2322 		return;
2323 
2324 	band = def.chan->band;
2325 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2326 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2327 
2328 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2329 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2330 		return;
2331 
2332 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2333 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2334 				    ht_cap->ampdu_factor)) - 1;
2335 
2336 	arg->peer_mpdu_density =
2337 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2338 
2339 	arg->peer_ht_caps = ht_cap->cap;
2340 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2341 
2342 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2343 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2344 
2345 	if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40) {
2346 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2347 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2348 	}
2349 
2350 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2351 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2352 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2353 
2354 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2355 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2356 	}
2357 
2358 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2359 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2360 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2361 	}
2362 
2363 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2364 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2365 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2366 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2367 		arg->peer_rate_caps |= stbc;
2368 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2369 	}
2370 
2371 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2372 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2373 	else if (ht_cap->mcs.rx_mask[1])
2374 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2375 
2376 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2377 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2378 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2379 			max_nss = (i / 8) + 1;
2380 			arg->peer_ht_rates.rates[n++] = i;
2381 		}
2382 
2383 	/*
2384 	 * This is a workaround for HT-enabled STAs which break the spec
2385 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2386 	 *
2387 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2388 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2389 	 *
2390 	 * Firmware asserts if such situation occurs.
2391 	 */
2392 	if (n == 0) {
2393 		arg->peer_ht_rates.num_rates = 8;
2394 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2395 			arg->peer_ht_rates.rates[i] = i;
2396 	} else {
2397 		arg->peer_ht_rates.num_rates = n;
2398 		arg->peer_num_spatial_streams = min(sta->deflink.rx_nss,
2399 						    max_nss);
2400 	}
2401 
2402 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2403 		   arg->addr,
2404 		   arg->peer_ht_rates.num_rates,
2405 		   arg->peer_num_spatial_streams);
2406 }
2407 
2408 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2409 				    struct ath10k_vif *arvif,
2410 				    struct ieee80211_sta *sta)
2411 {
2412 	u32 uapsd = 0;
2413 	u32 max_sp = 0;
2414 	int ret = 0;
2415 
2416 	lockdep_assert_held(&ar->conf_mutex);
2417 
2418 	if (sta->wme && sta->uapsd_queues) {
2419 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2420 			   sta->uapsd_queues, sta->max_sp);
2421 
2422 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2423 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2424 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2425 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2426 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2427 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2428 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2429 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2430 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2431 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2432 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2433 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2434 
2435 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2436 			max_sp = sta->max_sp;
2437 
2438 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2439 						 sta->addr,
2440 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2441 						 uapsd);
2442 		if (ret) {
2443 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2444 				    arvif->vdev_id, ret);
2445 			return ret;
2446 		}
2447 
2448 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2449 						 sta->addr,
2450 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2451 						 max_sp);
2452 		if (ret) {
2453 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2454 				    arvif->vdev_id, ret);
2455 			return ret;
2456 		}
2457 
2458 		/* TODO setup this based on STA listen interval and
2459 		 * beacon interval. Currently we don't know
2460 		 * sta->listen_interval - mac80211 patch required.
2461 		 * Currently use 10 seconds
2462 		 */
2463 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2464 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2465 						 10);
2466 		if (ret) {
2467 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2468 				    arvif->vdev_id, ret);
2469 			return ret;
2470 		}
2471 	}
2472 
2473 	return 0;
2474 }
2475 
2476 static u16
2477 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2478 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2479 {
2480 	int idx_limit;
2481 	int nss;
2482 	u16 mcs_map;
2483 	u16 mcs;
2484 
2485 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2486 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2487 			  vht_mcs_limit[nss];
2488 
2489 		if (mcs_map)
2490 			idx_limit = fls(mcs_map) - 1;
2491 		else
2492 			idx_limit = -1;
2493 
2494 		switch (idx_limit) {
2495 		case 0:
2496 		case 1:
2497 		case 2:
2498 		case 3:
2499 		case 4:
2500 		case 5:
2501 		case 6:
2502 		default:
2503 			/* see ath10k_mac_can_set_bitrate_mask() */
2504 			WARN_ON(1);
2505 			fallthrough;
2506 		case -1:
2507 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2508 			break;
2509 		case 7:
2510 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2511 			break;
2512 		case 8:
2513 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2514 			break;
2515 		case 9:
2516 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2517 			break;
2518 		}
2519 
2520 		tx_mcs_set &= ~(0x3 << (nss * 2));
2521 		tx_mcs_set |= mcs << (nss * 2);
2522 	}
2523 
2524 	return tx_mcs_set;
2525 }
2526 
2527 static u32 get_160mhz_nss_from_maxrate(int rate)
2528 {
2529 	u32 nss;
2530 
2531 	switch (rate) {
2532 	case 780:
2533 		nss = 1;
2534 		break;
2535 	case 1560:
2536 		nss = 2;
2537 		break;
2538 	case 2106:
2539 		nss = 3; /* not support MCS9 from spec*/
2540 		break;
2541 	case 3120:
2542 		nss = 4;
2543 		break;
2544 	default:
2545 		 nss = 1;
2546 	}
2547 
2548 	return nss;
2549 }
2550 
2551 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2552 				    struct ieee80211_vif *vif,
2553 				    struct ieee80211_sta *sta,
2554 				    struct wmi_peer_assoc_complete_arg *arg)
2555 {
2556 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2557 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2558 	struct ath10k_hw_params *hw = &ar->hw_params;
2559 	struct cfg80211_chan_def def;
2560 	enum nl80211_band band;
2561 	const u16 *vht_mcs_mask;
2562 	u8 ampdu_factor;
2563 	u8 max_nss, vht_mcs;
2564 	int i;
2565 
2566 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2567 		return;
2568 
2569 	if (!vht_cap->vht_supported)
2570 		return;
2571 
2572 	band = def.chan->band;
2573 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2574 
2575 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2576 		return;
2577 
2578 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2579 
2580 	if (def.chan->band == NL80211_BAND_2GHZ)
2581 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2582 
2583 	arg->peer_vht_caps = vht_cap->cap;
2584 
2585 	ampdu_factor = (vht_cap->cap &
2586 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2587 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2588 
2589 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2590 	 * zero in VHT IE. Using it would result in degraded throughput.
2591 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2592 	 * it if VHT max_mpdu is smaller.
2593 	 */
2594 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2595 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2596 					ampdu_factor)) - 1);
2597 
2598 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2599 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2600 
2601 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
2602 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2603 
2604 	/* Calculate peer NSS capability from VHT capabilities if STA
2605 	 * supports VHT.
2606 	 */
2607 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2608 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2609 			  (2 * i) & 3;
2610 
2611 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2612 		    vht_mcs_mask[i])
2613 			max_nss = i + 1;
2614 	}
2615 	arg->peer_num_spatial_streams = min(sta->deflink.rx_nss, max_nss);
2616 	arg->peer_vht_rates.rx_max_rate =
2617 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2618 	arg->peer_vht_rates.rx_mcs_set =
2619 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2620 	arg->peer_vht_rates.tx_max_rate =
2621 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2622 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2623 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2624 
2625 	/* Configure bandwidth-NSS mapping to FW
2626 	 * for the chip's tx chains setting on 160Mhz bw
2627 	 */
2628 	if (arg->peer_phymode == MODE_11AC_VHT160 ||
2629 	    arg->peer_phymode == MODE_11AC_VHT80_80) {
2630 		u32 rx_nss;
2631 		u32 max_rate;
2632 
2633 		max_rate = arg->peer_vht_rates.rx_max_rate;
2634 		rx_nss = get_160mhz_nss_from_maxrate(max_rate);
2635 
2636 		if (rx_nss == 0)
2637 			rx_nss = arg->peer_num_spatial_streams;
2638 		else
2639 			rx_nss = min(arg->peer_num_spatial_streams, rx_nss);
2640 
2641 		max_rate = hw->vht160_mcs_tx_highest;
2642 		rx_nss = min(rx_nss, get_160mhz_nss_from_maxrate(max_rate));
2643 
2644 		arg->peer_bw_rxnss_override =
2645 			FIELD_PREP(WMI_PEER_NSS_MAP_ENABLE, 1) |
2646 			FIELD_PREP(WMI_PEER_NSS_160MHZ_MASK, (rx_nss - 1));
2647 
2648 		if (arg->peer_phymode == MODE_11AC_VHT80_80) {
2649 			arg->peer_bw_rxnss_override |=
2650 			FIELD_PREP(WMI_PEER_NSS_80_80MHZ_MASK, (rx_nss - 1));
2651 		}
2652 	}
2653 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2654 		   "mac vht peer %pM max_mpdu %d flags 0x%x peer_rx_nss_override 0x%x\n",
2655 		   sta->addr, arg->peer_max_mpdu,
2656 		   arg->peer_flags, arg->peer_bw_rxnss_override);
2657 }
2658 
2659 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2660 				    struct ieee80211_vif *vif,
2661 				    struct ieee80211_sta *sta,
2662 				    struct wmi_peer_assoc_complete_arg *arg)
2663 {
2664 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2665 
2666 	switch (arvif->vdev_type) {
2667 	case WMI_VDEV_TYPE_AP:
2668 		if (sta->wme)
2669 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2670 
2671 		if (sta->wme && sta->uapsd_queues) {
2672 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2673 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2674 		}
2675 		break;
2676 	case WMI_VDEV_TYPE_STA:
2677 		if (sta->wme)
2678 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2679 		break;
2680 	case WMI_VDEV_TYPE_IBSS:
2681 		if (sta->wme)
2682 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2683 		break;
2684 	default:
2685 		break;
2686 	}
2687 
2688 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2689 		   sta->addr, !!(arg->peer_flags &
2690 		   arvif->ar->wmi.peer_flags->qos));
2691 }
2692 
2693 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2694 {
2695 	return sta->deflink.supp_rates[NL80211_BAND_2GHZ] >>
2696 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2697 }
2698 
2699 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2700 						    struct ieee80211_sta *sta)
2701 {
2702 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2703 
2704 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160) {
2705 		switch (vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2706 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2707 			return MODE_11AC_VHT160;
2708 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2709 			return MODE_11AC_VHT80_80;
2710 		default:
2711 			/* not sure if this is a valid case? */
2712 			return MODE_11AC_VHT160;
2713 		}
2714 	}
2715 
2716 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2717 		return MODE_11AC_VHT80;
2718 
2719 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2720 		return MODE_11AC_VHT40;
2721 
2722 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
2723 		return MODE_11AC_VHT20;
2724 
2725 	return MODE_UNKNOWN;
2726 }
2727 
2728 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2729 					struct ieee80211_vif *vif,
2730 					struct ieee80211_sta *sta,
2731 					struct wmi_peer_assoc_complete_arg *arg)
2732 {
2733 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2734 	struct cfg80211_chan_def def;
2735 	enum nl80211_band band;
2736 	const u8 *ht_mcs_mask;
2737 	const u16 *vht_mcs_mask;
2738 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2739 
2740 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2741 		return;
2742 
2743 	band = def.chan->band;
2744 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2745 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2746 
2747 	switch (band) {
2748 	case NL80211_BAND_2GHZ:
2749 		if (sta->deflink.vht_cap.vht_supported &&
2750 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2751 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2752 				phymode = MODE_11AC_VHT40;
2753 			else
2754 				phymode = MODE_11AC_VHT20;
2755 		} else if (sta->deflink.ht_cap.ht_supported &&
2756 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2757 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2758 				phymode = MODE_11NG_HT40;
2759 			else
2760 				phymode = MODE_11NG_HT20;
2761 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2762 			phymode = MODE_11G;
2763 		} else {
2764 			phymode = MODE_11B;
2765 		}
2766 
2767 		break;
2768 	case NL80211_BAND_5GHZ:
2769 		/*
2770 		 * Check VHT first.
2771 		 */
2772 		if (sta->deflink.vht_cap.vht_supported &&
2773 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2774 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2775 		} else if (sta->deflink.ht_cap.ht_supported &&
2776 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2777 			if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40)
2778 				phymode = MODE_11NA_HT40;
2779 			else
2780 				phymode = MODE_11NA_HT20;
2781 		} else {
2782 			phymode = MODE_11A;
2783 		}
2784 
2785 		break;
2786 	default:
2787 		break;
2788 	}
2789 
2790 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2791 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2792 
2793 	arg->peer_phymode = phymode;
2794 	WARN_ON(phymode == MODE_UNKNOWN);
2795 }
2796 
2797 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2798 				     struct ieee80211_vif *vif,
2799 				     struct ieee80211_sta *sta,
2800 				     struct wmi_peer_assoc_complete_arg *arg)
2801 {
2802 	lockdep_assert_held(&ar->conf_mutex);
2803 
2804 	memset(arg, 0, sizeof(*arg));
2805 
2806 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2807 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2808 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2809 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2810 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2811 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2812 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2813 
2814 	return 0;
2815 }
2816 
2817 static const u32 ath10k_smps_map[] = {
2818 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2819 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2820 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2821 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2822 };
2823 
2824 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2825 				  const u8 *addr,
2826 				  const struct ieee80211_sta_ht_cap *ht_cap)
2827 {
2828 	int smps;
2829 
2830 	if (!ht_cap->ht_supported)
2831 		return 0;
2832 
2833 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2834 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2835 
2836 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2837 		return -EINVAL;
2838 
2839 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2840 					 ar->wmi.peer_param->smps_state,
2841 					 ath10k_smps_map[smps]);
2842 }
2843 
2844 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2845 				      struct ieee80211_vif *vif,
2846 				      struct ieee80211_sta_vht_cap vht_cap)
2847 {
2848 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2849 	int ret;
2850 	u32 param;
2851 	u32 value;
2852 
2853 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2854 		return 0;
2855 
2856 	if (!(ar->vht_cap_info &
2857 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2858 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2859 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2860 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2861 		return 0;
2862 
2863 	param = ar->wmi.vdev_param->txbf;
2864 	value = 0;
2865 
2866 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2867 		return 0;
2868 
2869 	/* The following logic is correct. If a remote STA advertises support
2870 	 * for being a beamformer then we should enable us being a beamformee.
2871 	 */
2872 
2873 	if (ar->vht_cap_info &
2874 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2875 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2876 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2877 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2878 
2879 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2880 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2881 	}
2882 
2883 	if (ar->vht_cap_info &
2884 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2885 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2886 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2887 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2888 
2889 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2890 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2891 	}
2892 
2893 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2894 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2895 
2896 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2897 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2898 
2899 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2900 	if (ret) {
2901 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2902 			    value, ret);
2903 		return ret;
2904 	}
2905 
2906 	return 0;
2907 }
2908 
2909 static bool ath10k_mac_is_connected(struct ath10k *ar)
2910 {
2911 	struct ath10k_vif *arvif;
2912 
2913 	list_for_each_entry(arvif, &ar->arvifs, list) {
2914 		if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
2915 			return true;
2916 	}
2917 
2918 	return false;
2919 }
2920 
2921 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
2922 {
2923 	int ret;
2924 	u32 param;
2925 	int tx_power_2g, tx_power_5g;
2926 	bool connected;
2927 
2928 	lockdep_assert_held(&ar->conf_mutex);
2929 
2930 	/* ath10k internally uses unit of 0.5 dBm so multiply by 2 */
2931 	tx_power_2g = txpower * 2;
2932 	tx_power_5g = txpower * 2;
2933 
2934 	connected = ath10k_mac_is_connected(ar);
2935 
2936 	if (connected && ar->tx_power_2g_limit)
2937 		if (tx_power_2g > ar->tx_power_2g_limit)
2938 			tx_power_2g = ar->tx_power_2g_limit;
2939 
2940 	if (connected && ar->tx_power_5g_limit)
2941 		if (tx_power_5g > ar->tx_power_5g_limit)
2942 			tx_power_5g = ar->tx_power_5g_limit;
2943 
2944 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower 2g: %d, 5g: %d\n",
2945 		   tx_power_2g, tx_power_5g);
2946 
2947 	param = ar->wmi.pdev_param->txpower_limit2g;
2948 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_2g);
2949 	if (ret) {
2950 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
2951 			    tx_power_2g, ret);
2952 		return ret;
2953 	}
2954 
2955 	param = ar->wmi.pdev_param->txpower_limit5g;
2956 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_5g);
2957 	if (ret) {
2958 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
2959 			    tx_power_5g, ret);
2960 		return ret;
2961 	}
2962 
2963 	return 0;
2964 }
2965 
2966 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
2967 {
2968 	struct ath10k_vif *arvif;
2969 	int ret, txpower = -1;
2970 
2971 	lockdep_assert_held(&ar->conf_mutex);
2972 
2973 	list_for_each_entry(arvif, &ar->arvifs, list) {
2974 		/* txpower not initialized yet? */
2975 		if (arvif->txpower == INT_MIN)
2976 			continue;
2977 
2978 		if (txpower == -1)
2979 			txpower = arvif->txpower;
2980 		else
2981 			txpower = min(txpower, arvif->txpower);
2982 	}
2983 
2984 	if (txpower == -1)
2985 		return 0;
2986 
2987 	ret = ath10k_mac_txpower_setup(ar, txpower);
2988 	if (ret) {
2989 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
2990 			    txpower, ret);
2991 		return ret;
2992 	}
2993 
2994 	return 0;
2995 }
2996 
2997 static int ath10k_mac_set_sar_power(struct ath10k *ar)
2998 {
2999 	if (!ar->hw_params.dynamic_sar_support)
3000 		return -EOPNOTSUPP;
3001 
3002 	if (!ath10k_mac_is_connected(ar))
3003 		return 0;
3004 
3005 	/* if connected, then arvif->txpower must be valid */
3006 	return ath10k_mac_txpower_recalc(ar);
3007 }
3008 
3009 static int ath10k_mac_set_sar_specs(struct ieee80211_hw *hw,
3010 				    const struct cfg80211_sar_specs *sar)
3011 {
3012 	const struct cfg80211_sar_sub_specs *sub_specs;
3013 	struct ath10k *ar = hw->priv;
3014 	u32 i;
3015 	int ret;
3016 
3017 	mutex_lock(&ar->conf_mutex);
3018 
3019 	if (!ar->hw_params.dynamic_sar_support) {
3020 		ret = -EOPNOTSUPP;
3021 		goto err;
3022 	}
3023 
3024 	if (!sar || sar->type != NL80211_SAR_TYPE_POWER ||
3025 	    sar->num_sub_specs == 0) {
3026 		ret = -EINVAL;
3027 		goto err;
3028 	}
3029 
3030 	sub_specs = sar->sub_specs;
3031 
3032 	/* 0dbm is not a practical value for ath10k, so use 0
3033 	 * as no SAR limitation on it.
3034 	 */
3035 	ar->tx_power_2g_limit = 0;
3036 	ar->tx_power_5g_limit = 0;
3037 
3038 	/* note the power is in 0.25dbm unit, while ath10k uses
3039 	 * 0.5dbm unit.
3040 	 */
3041 	for (i = 0; i < sar->num_sub_specs; i++) {
3042 		if (sub_specs->freq_range_index == 0)
3043 			ar->tx_power_2g_limit = sub_specs->power / 2;
3044 		else if (sub_specs->freq_range_index == 1)
3045 			ar->tx_power_5g_limit = sub_specs->power / 2;
3046 
3047 		sub_specs++;
3048 	}
3049 
3050 	ret = ath10k_mac_set_sar_power(ar);
3051 	if (ret) {
3052 		ath10k_warn(ar, "failed to set sar power: %d", ret);
3053 		goto err;
3054 	}
3055 
3056 err:
3057 	mutex_unlock(&ar->conf_mutex);
3058 	return ret;
3059 }
3060 
3061 /* can be called only in mac80211 callbacks due to `key_count` usage */
3062 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
3063 			     struct ieee80211_vif *vif,
3064 			     struct ieee80211_bss_conf *bss_conf)
3065 {
3066 	struct ath10k *ar = hw->priv;
3067 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3068 	struct ieee80211_sta_ht_cap ht_cap;
3069 	struct ieee80211_sta_vht_cap vht_cap;
3070 	struct wmi_peer_assoc_complete_arg peer_arg;
3071 	struct ieee80211_sta *ap_sta;
3072 	int ret;
3073 
3074 	lockdep_assert_held(&ar->conf_mutex);
3075 
3076 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
3077 		   arvif->vdev_id, arvif->bssid, arvif->aid);
3078 
3079 	rcu_read_lock();
3080 
3081 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
3082 	if (!ap_sta) {
3083 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
3084 			    bss_conf->bssid, arvif->vdev_id);
3085 		rcu_read_unlock();
3086 		return;
3087 	}
3088 
3089 	/* ap_sta must be accessed only within rcu section which must be left
3090 	 * before calling ath10k_setup_peer_smps() which might sleep.
3091 	 */
3092 	ht_cap = ap_sta->deflink.ht_cap;
3093 	vht_cap = ap_sta->deflink.vht_cap;
3094 
3095 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
3096 	if (ret) {
3097 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
3098 			    bss_conf->bssid, arvif->vdev_id, ret);
3099 		rcu_read_unlock();
3100 		return;
3101 	}
3102 
3103 	rcu_read_unlock();
3104 
3105 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3106 	if (ret) {
3107 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
3108 			    bss_conf->bssid, arvif->vdev_id, ret);
3109 		return;
3110 	}
3111 
3112 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
3113 	if (ret) {
3114 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
3115 			    arvif->vdev_id, ret);
3116 		return;
3117 	}
3118 
3119 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3120 	if (ret) {
3121 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
3122 			    arvif->vdev_id, bss_conf->bssid, ret);
3123 		return;
3124 	}
3125 
3126 	ath10k_dbg(ar, ATH10K_DBG_MAC,
3127 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
3128 		   arvif->vdev_id, bss_conf->bssid, vif->cfg.aid);
3129 
3130 	WARN_ON(arvif->is_up);
3131 
3132 	arvif->aid = vif->cfg.aid;
3133 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
3134 
3135 	ret = ath10k_wmi_pdev_set_param(ar,
3136 					ar->wmi.pdev_param->peer_stats_info_enable, 1);
3137 	if (ret)
3138 		ath10k_warn(ar, "failed to enable peer stats info: %d\n", ret);
3139 
3140 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
3141 	if (ret) {
3142 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
3143 			    arvif->vdev_id, ret);
3144 		return;
3145 	}
3146 
3147 	arvif->is_up = true;
3148 
3149 	ath10k_mac_set_sar_power(ar);
3150 
3151 	/* Workaround: Some firmware revisions (tested with qca6174
3152 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
3153 	 * poked with peer param command.
3154 	 */
3155 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
3156 					ar->wmi.peer_param->dummy_var, 1);
3157 	if (ret) {
3158 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
3159 			    arvif->bssid, arvif->vdev_id, ret);
3160 		return;
3161 	}
3162 }
3163 
3164 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
3165 				struct ieee80211_vif *vif)
3166 {
3167 	struct ath10k *ar = hw->priv;
3168 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3169 	struct ieee80211_sta_vht_cap vht_cap = {};
3170 	int ret;
3171 
3172 	lockdep_assert_held(&ar->conf_mutex);
3173 
3174 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
3175 		   arvif->vdev_id, arvif->bssid);
3176 
3177 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
3178 	if (ret)
3179 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
3180 			    arvif->vdev_id, ret);
3181 
3182 	arvif->def_wep_key_idx = -1;
3183 
3184 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3185 	if (ret) {
3186 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
3187 			    arvif->vdev_id, ret);
3188 		return;
3189 	}
3190 
3191 	arvif->is_up = false;
3192 
3193 	ath10k_mac_txpower_recalc(ar);
3194 
3195 	cancel_delayed_work_sync(&arvif->connection_loss_work);
3196 }
3197 
3198 static int ath10k_new_peer_tid_config(struct ath10k *ar,
3199 				      struct ieee80211_sta *sta,
3200 				      struct ath10k_vif *arvif)
3201 {
3202 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
3203 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3204 	bool config_apply;
3205 	int ret, i;
3206 
3207 	for (i = 0; i < ATH10K_TID_MAX; i++) {
3208 		config_apply = false;
3209 		if (arvif->retry_long[i] || arvif->ampdu[i] ||
3210 		    arvif->rate_ctrl[i] || arvif->rtscts[i]) {
3211 			config_apply = true;
3212 			arg.tid = i;
3213 			arg.vdev_id = arvif->vdev_id;
3214 			arg.retry_count = arvif->retry_long[i];
3215 			arg.aggr_control = arvif->ampdu[i];
3216 			arg.rate_ctrl = arvif->rate_ctrl[i];
3217 			arg.rcode_flags = arvif->rate_code[i];
3218 
3219 			if (arvif->rtscts[i])
3220 				arg.ext_tid_cfg_bitmap =
3221 					WMI_EXT_TID_RTS_CTS_CONFIG;
3222 			else
3223 				arg.ext_tid_cfg_bitmap = 0;
3224 
3225 			arg.rtscts_ctrl = arvif->rtscts[i];
3226 		}
3227 
3228 		if (arvif->noack[i]) {
3229 			arg.ack_policy = arvif->noack[i];
3230 			arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
3231 			arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
3232 			config_apply = true;
3233 		}
3234 
3235 		/* Assign default value(-1) to newly connected station.
3236 		 * This is to identify station specific tid configuration not
3237 		 * configured for the station.
3238 		 */
3239 		arsta->retry_long[i] = -1;
3240 		arsta->noack[i] = -1;
3241 		arsta->ampdu[i] = -1;
3242 
3243 		if (!config_apply)
3244 			continue;
3245 
3246 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
3247 
3248 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
3249 		if (ret) {
3250 			ath10k_warn(ar, "failed to set per tid retry/aggr config for sta %pM: %d\n",
3251 				    sta->addr, ret);
3252 			return ret;
3253 		}
3254 
3255 		memset(&arg, 0, sizeof(arg));
3256 	}
3257 
3258 	return 0;
3259 }
3260 
3261 static int ath10k_station_assoc(struct ath10k *ar,
3262 				struct ieee80211_vif *vif,
3263 				struct ieee80211_sta *sta,
3264 				bool reassoc)
3265 {
3266 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3267 	struct wmi_peer_assoc_complete_arg peer_arg;
3268 	int ret = 0;
3269 
3270 	lockdep_assert_held(&ar->conf_mutex);
3271 
3272 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
3273 	if (ret) {
3274 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
3275 			    sta->addr, arvif->vdev_id, ret);
3276 		return ret;
3277 	}
3278 
3279 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3280 	if (ret) {
3281 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
3282 			    sta->addr, arvif->vdev_id, ret);
3283 		return ret;
3284 	}
3285 
3286 	/* Re-assoc is run only to update supported rates for given station. It
3287 	 * doesn't make much sense to reconfigure the peer completely.
3288 	 */
3289 	if (!reassoc) {
3290 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3291 					     &sta->deflink.ht_cap);
3292 		if (ret) {
3293 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3294 				    arvif->vdev_id, ret);
3295 			return ret;
3296 		}
3297 
3298 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3299 		if (ret) {
3300 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3301 				    sta->addr, arvif->vdev_id, ret);
3302 			return ret;
3303 		}
3304 
3305 		if (!sta->wme) {
3306 			arvif->num_legacy_stations++;
3307 			ret  = ath10k_recalc_rtscts_prot(arvif);
3308 			if (ret) {
3309 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3310 					    arvif->vdev_id, ret);
3311 				return ret;
3312 			}
3313 		}
3314 
3315 		/* Plumb cached keys only for static WEP */
3316 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3317 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3318 			if (ret) {
3319 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3320 					    arvif->vdev_id, ret);
3321 				return ret;
3322 			}
3323 		}
3324 	}
3325 
3326 	if (!test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map))
3327 		return ret;
3328 
3329 	return ath10k_new_peer_tid_config(ar, sta, arvif);
3330 }
3331 
3332 static int ath10k_station_disassoc(struct ath10k *ar,
3333 				   struct ieee80211_vif *vif,
3334 				   struct ieee80211_sta *sta)
3335 {
3336 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3337 	int ret = 0;
3338 
3339 	lockdep_assert_held(&ar->conf_mutex);
3340 
3341 	if (!sta->wme) {
3342 		arvif->num_legacy_stations--;
3343 		ret = ath10k_recalc_rtscts_prot(arvif);
3344 		if (ret) {
3345 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3346 				    arvif->vdev_id, ret);
3347 			return ret;
3348 		}
3349 	}
3350 
3351 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3352 	if (ret) {
3353 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3354 			    arvif->vdev_id, ret);
3355 		return ret;
3356 	}
3357 
3358 	return ret;
3359 }
3360 
3361 /**************/
3362 /* Regulatory */
3363 /**************/
3364 
3365 static int ath10k_update_channel_list(struct ath10k *ar)
3366 {
3367 	struct ieee80211_hw *hw = ar->hw;
3368 	struct ieee80211_supported_band **bands;
3369 	enum nl80211_band band;
3370 	struct ieee80211_channel *channel;
3371 	struct wmi_scan_chan_list_arg arg = {0};
3372 	struct wmi_channel_arg *ch;
3373 	bool passive;
3374 	int len;
3375 	int ret;
3376 	int i;
3377 
3378 	lockdep_assert_held(&ar->conf_mutex);
3379 
3380 	bands = hw->wiphy->bands;
3381 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3382 		if (!bands[band])
3383 			continue;
3384 
3385 		for (i = 0; i < bands[band]->n_channels; i++) {
3386 			if (bands[band]->channels[i].flags &
3387 			    IEEE80211_CHAN_DISABLED)
3388 				continue;
3389 
3390 			arg.n_channels++;
3391 		}
3392 	}
3393 
3394 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3395 	arg.channels = kzalloc(len, GFP_KERNEL);
3396 	if (!arg.channels)
3397 		return -ENOMEM;
3398 
3399 	ch = arg.channels;
3400 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3401 		if (!bands[band])
3402 			continue;
3403 
3404 		for (i = 0; i < bands[band]->n_channels; i++) {
3405 			channel = &bands[band]->channels[i];
3406 
3407 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3408 				continue;
3409 
3410 			ch->allow_ht = true;
3411 
3412 			/* FIXME: when should we really allow VHT? */
3413 			ch->allow_vht = true;
3414 
3415 			ch->allow_ibss =
3416 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3417 
3418 			ch->ht40plus =
3419 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3420 
3421 			ch->chan_radar =
3422 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3423 
3424 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3425 			ch->passive = passive;
3426 
3427 			/* the firmware is ignoring the "radar" flag of the
3428 			 * channel and is scanning actively using Probe Requests
3429 			 * on "Radar detection"/DFS channels which are not
3430 			 * marked as "available"
3431 			 */
3432 			ch->passive |= ch->chan_radar;
3433 
3434 			ch->freq = channel->center_freq;
3435 			ch->band_center_freq1 = channel->center_freq;
3436 			ch->min_power = 0;
3437 			ch->max_power = channel->max_power * 2;
3438 			ch->max_reg_power = channel->max_reg_power * 2;
3439 			ch->max_antenna_gain = channel->max_antenna_gain;
3440 			ch->reg_class_id = 0; /* FIXME */
3441 
3442 			/* FIXME: why use only legacy modes, why not any
3443 			 * HT/VHT modes? Would that even make any
3444 			 * difference?
3445 			 */
3446 			if (channel->band == NL80211_BAND_2GHZ)
3447 				ch->mode = MODE_11G;
3448 			else
3449 				ch->mode = MODE_11A;
3450 
3451 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3452 				continue;
3453 
3454 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3455 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3456 				    ch - arg.channels, arg.n_channels,
3457 				   ch->freq, ch->max_power, ch->max_reg_power,
3458 				   ch->max_antenna_gain, ch->mode);
3459 
3460 			ch++;
3461 		}
3462 	}
3463 
3464 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3465 	kfree(arg.channels);
3466 
3467 	return ret;
3468 }
3469 
3470 static enum wmi_dfs_region
3471 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3472 {
3473 	switch (dfs_region) {
3474 	case NL80211_DFS_UNSET:
3475 		return WMI_UNINIT_DFS_DOMAIN;
3476 	case NL80211_DFS_FCC:
3477 		return WMI_FCC_DFS_DOMAIN;
3478 	case NL80211_DFS_ETSI:
3479 		return WMI_ETSI_DFS_DOMAIN;
3480 	case NL80211_DFS_JP:
3481 		return WMI_MKK4_DFS_DOMAIN;
3482 	}
3483 	return WMI_UNINIT_DFS_DOMAIN;
3484 }
3485 
3486 static void ath10k_regd_update(struct ath10k *ar)
3487 {
3488 	struct reg_dmn_pair_mapping *regpair;
3489 	int ret;
3490 	enum wmi_dfs_region wmi_dfs_reg;
3491 	enum nl80211_dfs_regions nl_dfs_reg;
3492 
3493 	lockdep_assert_held(&ar->conf_mutex);
3494 
3495 	ret = ath10k_update_channel_list(ar);
3496 	if (ret)
3497 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3498 
3499 	regpair = ar->ath_common.regulatory.regpair;
3500 
3501 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3502 		nl_dfs_reg = ar->dfs_detector->region;
3503 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3504 	} else {
3505 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3506 	}
3507 
3508 	/* Target allows setting up per-band regdomain but ath_common provides
3509 	 * a combined one only
3510 	 */
3511 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3512 					    regpair->reg_domain,
3513 					    regpair->reg_domain, /* 2ghz */
3514 					    regpair->reg_domain, /* 5ghz */
3515 					    regpair->reg_2ghz_ctl,
3516 					    regpair->reg_5ghz_ctl,
3517 					    wmi_dfs_reg);
3518 	if (ret)
3519 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3520 }
3521 
3522 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3523 					   struct ieee80211_supported_band *band)
3524 {
3525 	int i;
3526 
3527 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3528 		for (i = 0; i < band->n_channels; i++) {
3529 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3530 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3531 				band->channels[i].flags |=
3532 					IEEE80211_CHAN_DISABLED;
3533 		}
3534 	}
3535 }
3536 
3537 static void ath10k_reg_notifier(struct wiphy *wiphy,
3538 				struct regulatory_request *request)
3539 {
3540 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3541 	struct ath10k *ar = hw->priv;
3542 	bool result;
3543 
3544 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3545 
3546 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3547 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3548 			   request->dfs_region);
3549 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3550 							  request->dfs_region);
3551 		if (!result)
3552 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3553 				    request->dfs_region);
3554 	}
3555 
3556 	mutex_lock(&ar->conf_mutex);
3557 	if (ar->state == ATH10K_STATE_ON)
3558 		ath10k_regd_update(ar);
3559 	mutex_unlock(&ar->conf_mutex);
3560 
3561 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3562 		ath10k_mac_update_channel_list(ar,
3563 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3564 }
3565 
3566 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3567 {
3568 	spin_lock_bh(&ar->data_lock);
3569 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3570 	spin_unlock_bh(&ar->data_lock);
3571 
3572 	cancel_work_sync(&ar->radar_confirmation_work);
3573 }
3574 
3575 /***************/
3576 /* TX handlers */
3577 /***************/
3578 
3579 enum ath10k_mac_tx_path {
3580 	ATH10K_MAC_TX_HTT,
3581 	ATH10K_MAC_TX_HTT_MGMT,
3582 	ATH10K_MAC_TX_WMI_MGMT,
3583 	ATH10K_MAC_TX_UNKNOWN,
3584 };
3585 
3586 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3587 {
3588 	lockdep_assert_held(&ar->htt.tx_lock);
3589 
3590 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3591 	ar->tx_paused |= BIT(reason);
3592 	ieee80211_stop_queues(ar->hw);
3593 }
3594 
3595 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3596 				      struct ieee80211_vif *vif)
3597 {
3598 	struct ath10k *ar = data;
3599 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3600 
3601 	if (arvif->tx_paused)
3602 		return;
3603 
3604 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3605 }
3606 
3607 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3608 {
3609 	lockdep_assert_held(&ar->htt.tx_lock);
3610 
3611 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3612 	ar->tx_paused &= ~BIT(reason);
3613 
3614 	if (ar->tx_paused)
3615 		return;
3616 
3617 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3618 						   ATH10K_ITER_RESUME_FLAGS,
3619 						   ath10k_mac_tx_unlock_iter,
3620 						   ar);
3621 
3622 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3623 }
3624 
3625 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3626 {
3627 	struct ath10k *ar = arvif->ar;
3628 
3629 	lockdep_assert_held(&ar->htt.tx_lock);
3630 
3631 	WARN_ON(reason >= BITS_PER_LONG);
3632 	arvif->tx_paused |= BIT(reason);
3633 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3634 }
3635 
3636 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3637 {
3638 	struct ath10k *ar = arvif->ar;
3639 
3640 	lockdep_assert_held(&ar->htt.tx_lock);
3641 
3642 	WARN_ON(reason >= BITS_PER_LONG);
3643 	arvif->tx_paused &= ~BIT(reason);
3644 
3645 	if (ar->tx_paused)
3646 		return;
3647 
3648 	if (arvif->tx_paused)
3649 		return;
3650 
3651 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3652 }
3653 
3654 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3655 					   enum wmi_tlv_tx_pause_id pause_id,
3656 					   enum wmi_tlv_tx_pause_action action)
3657 {
3658 	struct ath10k *ar = arvif->ar;
3659 
3660 	lockdep_assert_held(&ar->htt.tx_lock);
3661 
3662 	switch (action) {
3663 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3664 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3665 		break;
3666 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3667 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3668 		break;
3669 	default:
3670 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3671 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3672 			    action, arvif->vdev_id);
3673 		break;
3674 	}
3675 }
3676 
3677 struct ath10k_mac_tx_pause {
3678 	u32 vdev_id;
3679 	enum wmi_tlv_tx_pause_id pause_id;
3680 	enum wmi_tlv_tx_pause_action action;
3681 };
3682 
3683 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3684 					    struct ieee80211_vif *vif)
3685 {
3686 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3687 	struct ath10k_mac_tx_pause *arg = data;
3688 
3689 	if (arvif->vdev_id != arg->vdev_id)
3690 		return;
3691 
3692 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3693 }
3694 
3695 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3696 				     enum wmi_tlv_tx_pause_id pause_id,
3697 				     enum wmi_tlv_tx_pause_action action)
3698 {
3699 	struct ath10k_mac_tx_pause arg = {
3700 		.vdev_id = vdev_id,
3701 		.pause_id = pause_id,
3702 		.action = action,
3703 	};
3704 
3705 	spin_lock_bh(&ar->htt.tx_lock);
3706 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3707 						   ATH10K_ITER_RESUME_FLAGS,
3708 						   ath10k_mac_handle_tx_pause_iter,
3709 						   &arg);
3710 	spin_unlock_bh(&ar->htt.tx_lock);
3711 }
3712 
3713 static enum ath10k_hw_txrx_mode
3714 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3715 			   struct ieee80211_vif *vif,
3716 			   struct ieee80211_sta *sta,
3717 			   struct sk_buff *skb)
3718 {
3719 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3720 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3721 	__le16 fc = hdr->frame_control;
3722 
3723 	if (IEEE80211_SKB_CB(skb)->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)
3724 		return ATH10K_HW_TXRX_ETHERNET;
3725 
3726 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3727 		return ATH10K_HW_TXRX_RAW;
3728 
3729 	if (ieee80211_is_mgmt(fc))
3730 		return ATH10K_HW_TXRX_MGMT;
3731 
3732 	/* Workaround:
3733 	 *
3734 	 * NullFunc frames are mostly used to ping if a client or AP are still
3735 	 * reachable and responsive. This implies tx status reports must be
3736 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3737 	 * come to a conclusion that the other end disappeared and tear down
3738 	 * BSS connection or it can never disconnect from BSS/client (which is
3739 	 * the case).
3740 	 *
3741 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3742 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3743 	 * which seems to deliver correct tx reports for NullFunc frames. The
3744 	 * downside of using it is it ignores client powersave state so it can
3745 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3746 	 * mode though because AP don't sleep.
3747 	 */
3748 	if (ar->htt.target_version_major < 3 &&
3749 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3750 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3751 		      ar->running_fw->fw_file.fw_features))
3752 		return ATH10K_HW_TXRX_MGMT;
3753 
3754 	/* Workaround:
3755 	 *
3756 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3757 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3758 	 * to work with Ethernet txmode so use it.
3759 	 *
3760 	 * FIXME: Check if raw mode works with TDLS.
3761 	 */
3762 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3763 		return ATH10K_HW_TXRX_ETHERNET;
3764 
3765 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3766 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3767 		return ATH10K_HW_TXRX_RAW;
3768 
3769 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3770 }
3771 
3772 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3773 				     struct sk_buff *skb)
3774 {
3775 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3776 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3777 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3778 			 IEEE80211_TX_CTL_INJECTED;
3779 
3780 	if (!ieee80211_has_protected(hdr->frame_control))
3781 		return false;
3782 
3783 	if ((info->flags & mask) == mask)
3784 		return false;
3785 
3786 	if (vif)
3787 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3788 
3789 	return true;
3790 }
3791 
3792 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3793  * Control in the header.
3794  */
3795 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3796 {
3797 	struct ieee80211_hdr *hdr = (void *)skb->data;
3798 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3799 	u8 *qos_ctl;
3800 
3801 	if (!ieee80211_is_data_qos(hdr->frame_control))
3802 		return;
3803 
3804 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3805 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3806 		skb->data, (void *)qos_ctl - (void *)skb->data);
3807 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3808 
3809 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3810 	 * These frames are mainly used for CQM purposes so it doesn't really
3811 	 * matter whether QoS NullFunc or NullFunc are sent.
3812 	 */
3813 	hdr = (void *)skb->data;
3814 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3815 		cb->flags &= ~ATH10K_SKB_F_QOS;
3816 
3817 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3818 }
3819 
3820 static void ath10k_tx_h_8023(struct sk_buff *skb)
3821 {
3822 	struct ieee80211_hdr *hdr;
3823 	struct rfc1042_hdr *rfc1042;
3824 	struct ethhdr *eth;
3825 	size_t hdrlen;
3826 	u8 da[ETH_ALEN];
3827 	u8 sa[ETH_ALEN];
3828 	__be16 type;
3829 
3830 	hdr = (void *)skb->data;
3831 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3832 	rfc1042 = (void *)skb->data + hdrlen;
3833 
3834 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3835 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3836 	type = rfc1042->snap_type;
3837 
3838 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3839 	skb_push(skb, sizeof(*eth));
3840 
3841 	eth = (void *)skb->data;
3842 	ether_addr_copy(eth->h_dest, da);
3843 	ether_addr_copy(eth->h_source, sa);
3844 	eth->h_proto = type;
3845 }
3846 
3847 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3848 				       struct ieee80211_vif *vif,
3849 				       struct sk_buff *skb)
3850 {
3851 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3852 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3853 
3854 	/* This is case only for P2P_GO */
3855 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3856 		return;
3857 
3858 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3859 		spin_lock_bh(&ar->data_lock);
3860 		if (arvif->u.ap.noa_data)
3861 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3862 					      GFP_ATOMIC))
3863 				skb_put_data(skb, arvif->u.ap.noa_data,
3864 					     arvif->u.ap.noa_len);
3865 		spin_unlock_bh(&ar->data_lock);
3866 	}
3867 }
3868 
3869 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3870 				    struct ieee80211_vif *vif,
3871 				    struct ieee80211_txq *txq,
3872 				    struct ieee80211_sta *sta,
3873 				    struct sk_buff *skb, u16 airtime)
3874 {
3875 	struct ieee80211_hdr *hdr = (void *)skb->data;
3876 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3877 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3878 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3879 			ieee80211_is_data_qos(hdr->frame_control);
3880 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3881 	struct ath10k_sta *arsta;
3882 	u8 tid, *qos_ctl;
3883 	bool noack = false;
3884 
3885 	cb->flags = 0;
3886 
3887 	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3888 		cb->flags |= ATH10K_SKB_F_QOS;	/* Assume data frames are QoS */
3889 		goto finish_cb_fill;
3890 	}
3891 
3892 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3893 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3894 
3895 	if (ieee80211_is_mgmt(hdr->frame_control))
3896 		cb->flags |= ATH10K_SKB_F_MGMT;
3897 
3898 	if (ieee80211_is_data_qos(hdr->frame_control)) {
3899 		cb->flags |= ATH10K_SKB_F_QOS;
3900 		qos_ctl = ieee80211_get_qos_ctl(hdr);
3901 		tid = (*qos_ctl) & IEEE80211_QOS_CTL_TID_MASK;
3902 
3903 		if (arvif->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3904 			noack = true;
3905 
3906 		if (sta) {
3907 			arsta = (struct ath10k_sta *)sta->drv_priv;
3908 
3909 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3910 				noack = true;
3911 
3912 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_ACK)
3913 				noack = false;
3914 		}
3915 
3916 		if (noack)
3917 			cb->flags |= ATH10K_SKB_F_NOACK_TID;
3918 	}
3919 
3920 	/* Data frames encrypted in software will be posted to firmware
3921 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3922 	 * for a specific VLAN group will always be encrypted in software.
3923 	 */
3924 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3925 	    !info->control.hw_key) {
3926 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3927 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3928 	}
3929 
3930 finish_cb_fill:
3931 	cb->vif = vif;
3932 	cb->txq = txq;
3933 	cb->airtime_est = airtime;
3934 	if (sta) {
3935 		arsta = (struct ath10k_sta *)sta->drv_priv;
3936 		spin_lock_bh(&ar->data_lock);
3937 		cb->ucast_cipher = arsta->ucast_cipher;
3938 		spin_unlock_bh(&ar->data_lock);
3939 	}
3940 }
3941 
3942 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3943 {
3944 	/* FIXME: Not really sure since when the behaviour changed. At some
3945 	 * point new firmware stopped requiring creation of peer entries for
3946 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3947 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3948 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3949 	 */
3950 	return (ar->htt.target_version_major >= 3 &&
3951 		ar->htt.target_version_minor >= 4 &&
3952 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3953 }
3954 
3955 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3956 {
3957 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3958 
3959 	if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
3960 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3961 		return -ENOSPC;
3962 	}
3963 
3964 	skb_queue_tail(q, skb);
3965 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3966 
3967 	return 0;
3968 }
3969 
3970 static enum ath10k_mac_tx_path
3971 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3972 			   struct sk_buff *skb,
3973 			   enum ath10k_hw_txrx_mode txmode)
3974 {
3975 	switch (txmode) {
3976 	case ATH10K_HW_TXRX_RAW:
3977 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3978 	case ATH10K_HW_TXRX_ETHERNET:
3979 		return ATH10K_MAC_TX_HTT;
3980 	case ATH10K_HW_TXRX_MGMT:
3981 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3982 			     ar->running_fw->fw_file.fw_features) ||
3983 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
3984 				      ar->wmi.svc_map))
3985 			return ATH10K_MAC_TX_WMI_MGMT;
3986 		else if (ar->htt.target_version_major >= 3)
3987 			return ATH10K_MAC_TX_HTT;
3988 		else
3989 			return ATH10K_MAC_TX_HTT_MGMT;
3990 	}
3991 
3992 	return ATH10K_MAC_TX_UNKNOWN;
3993 }
3994 
3995 static int ath10k_mac_tx_submit(struct ath10k *ar,
3996 				enum ath10k_hw_txrx_mode txmode,
3997 				enum ath10k_mac_tx_path txpath,
3998 				struct sk_buff *skb)
3999 {
4000 	struct ath10k_htt *htt = &ar->htt;
4001 	int ret = -EINVAL;
4002 
4003 	switch (txpath) {
4004 	case ATH10K_MAC_TX_HTT:
4005 		ret = ath10k_htt_tx(htt, txmode, skb);
4006 		break;
4007 	case ATH10K_MAC_TX_HTT_MGMT:
4008 		ret = ath10k_htt_mgmt_tx(htt, skb);
4009 		break;
4010 	case ATH10K_MAC_TX_WMI_MGMT:
4011 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
4012 		break;
4013 	case ATH10K_MAC_TX_UNKNOWN:
4014 		WARN_ON_ONCE(1);
4015 		ret = -EINVAL;
4016 		break;
4017 	}
4018 
4019 	if (ret) {
4020 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
4021 			    ret);
4022 		ieee80211_free_txskb(ar->hw, skb);
4023 	}
4024 
4025 	return ret;
4026 }
4027 
4028 /* This function consumes the sk_buff regardless of return value as far as
4029  * caller is concerned so no freeing is necessary afterwards.
4030  */
4031 static int ath10k_mac_tx(struct ath10k *ar,
4032 			 struct ieee80211_vif *vif,
4033 			 enum ath10k_hw_txrx_mode txmode,
4034 			 enum ath10k_mac_tx_path txpath,
4035 			 struct sk_buff *skb, bool noque_offchan)
4036 {
4037 	struct ieee80211_hw *hw = ar->hw;
4038 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4039 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
4040 	int ret;
4041 
4042 	/* We should disable CCK RATE due to P2P */
4043 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
4044 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
4045 
4046 	switch (txmode) {
4047 	case ATH10K_HW_TXRX_MGMT:
4048 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4049 		ath10k_tx_h_nwifi(hw, skb);
4050 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
4051 		ath10k_tx_h_seq_no(vif, skb);
4052 		break;
4053 	case ATH10K_HW_TXRX_ETHERNET:
4054 		/* Convert 802.11->802.3 header only if the frame was earlier
4055 		 * encapsulated to 802.11 by mac80211. Otherwise pass it as is.
4056 		 */
4057 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP))
4058 			ath10k_tx_h_8023(skb);
4059 		break;
4060 	case ATH10K_HW_TXRX_RAW:
4061 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
4062 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
4063 			WARN_ON_ONCE(1);
4064 			ieee80211_free_txskb(hw, skb);
4065 			return -ENOTSUPP;
4066 		}
4067 	}
4068 
4069 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
4070 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
4071 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %pK len %d\n",
4072 				   skb, skb->len);
4073 
4074 			skb_queue_tail(&ar->offchan_tx_queue, skb);
4075 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
4076 			return 0;
4077 		}
4078 	}
4079 
4080 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
4081 	if (ret) {
4082 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
4083 		return ret;
4084 	}
4085 
4086 	return 0;
4087 }
4088 
4089 void ath10k_offchan_tx_purge(struct ath10k *ar)
4090 {
4091 	struct sk_buff *skb;
4092 
4093 	for (;;) {
4094 		skb = skb_dequeue(&ar->offchan_tx_queue);
4095 		if (!skb)
4096 			break;
4097 
4098 		ieee80211_free_txskb(ar->hw, skb);
4099 	}
4100 }
4101 
4102 void ath10k_offchan_tx_work(struct work_struct *work)
4103 {
4104 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
4105 	struct ath10k_peer *peer;
4106 	struct ath10k_vif *arvif;
4107 	enum ath10k_hw_txrx_mode txmode;
4108 	enum ath10k_mac_tx_path txpath;
4109 	struct ieee80211_hdr *hdr;
4110 	struct ieee80211_vif *vif;
4111 	struct ieee80211_sta *sta;
4112 	struct sk_buff *skb;
4113 	const u8 *peer_addr;
4114 	int vdev_id;
4115 	int ret;
4116 	unsigned long time_left;
4117 	bool tmp_peer_created = false;
4118 
4119 	/* FW requirement: We must create a peer before FW will send out
4120 	 * an offchannel frame. Otherwise the frame will be stuck and
4121 	 * never transmitted. We delete the peer upon tx completion.
4122 	 * It is unlikely that a peer for offchannel tx will already be
4123 	 * present. However it may be in some rare cases so account for that.
4124 	 * Otherwise we might remove a legitimate peer and break stuff.
4125 	 */
4126 
4127 	for (;;) {
4128 		skb = skb_dequeue(&ar->offchan_tx_queue);
4129 		if (!skb)
4130 			break;
4131 
4132 		mutex_lock(&ar->conf_mutex);
4133 
4134 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %pK len %d\n",
4135 			   skb, skb->len);
4136 
4137 		hdr = (struct ieee80211_hdr *)skb->data;
4138 		peer_addr = ieee80211_get_DA(hdr);
4139 
4140 		spin_lock_bh(&ar->data_lock);
4141 		vdev_id = ar->scan.vdev_id;
4142 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
4143 		spin_unlock_bh(&ar->data_lock);
4144 
4145 		if (peer) {
4146 			ath10k_warn(ar, "peer %pM on vdev %d already present\n",
4147 				    peer_addr, vdev_id);
4148 		} else {
4149 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
4150 						 peer_addr,
4151 						 WMI_PEER_TYPE_DEFAULT);
4152 			if (ret)
4153 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
4154 					    peer_addr, vdev_id, ret);
4155 			tmp_peer_created = (ret == 0);
4156 		}
4157 
4158 		spin_lock_bh(&ar->data_lock);
4159 		reinit_completion(&ar->offchan_tx_completed);
4160 		ar->offchan_tx_skb = skb;
4161 		spin_unlock_bh(&ar->data_lock);
4162 
4163 		/* It's safe to access vif and sta - conf_mutex guarantees that
4164 		 * sta_state() and remove_interface() are locked exclusively
4165 		 * out wrt to this offchannel worker.
4166 		 */
4167 		arvif = ath10k_get_arvif(ar, vdev_id);
4168 		if (arvif) {
4169 			vif = arvif->vif;
4170 			sta = ieee80211_find_sta(vif, peer_addr);
4171 		} else {
4172 			vif = NULL;
4173 			sta = NULL;
4174 		}
4175 
4176 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4177 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4178 
4179 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
4180 		if (ret) {
4181 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
4182 				    ret);
4183 			/* not serious */
4184 		}
4185 
4186 		time_left =
4187 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
4188 		if (time_left == 0)
4189 			ath10k_warn(ar, "timed out waiting for offchannel skb %pK, len: %d\n",
4190 				    skb, skb->len);
4191 
4192 		if (!peer && tmp_peer_created) {
4193 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
4194 			if (ret)
4195 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
4196 					    peer_addr, vdev_id, ret);
4197 		}
4198 
4199 		mutex_unlock(&ar->conf_mutex);
4200 	}
4201 }
4202 
4203 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
4204 {
4205 	struct sk_buff *skb;
4206 
4207 	for (;;) {
4208 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4209 		if (!skb)
4210 			break;
4211 
4212 		ieee80211_free_txskb(ar->hw, skb);
4213 	}
4214 }
4215 
4216 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
4217 {
4218 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
4219 	struct sk_buff *skb;
4220 	dma_addr_t paddr;
4221 	int ret;
4222 
4223 	for (;;) {
4224 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4225 		if (!skb)
4226 			break;
4227 
4228 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
4229 			     ar->running_fw->fw_file.fw_features)) {
4230 			paddr = dma_map_single(ar->dev, skb->data,
4231 					       skb->len, DMA_TO_DEVICE);
4232 			if (dma_mapping_error(ar->dev, paddr)) {
4233 				ieee80211_free_txskb(ar->hw, skb);
4234 				continue;
4235 			}
4236 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
4237 			if (ret) {
4238 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
4239 					    ret);
4240 				/* remove this msdu from idr tracking */
4241 				ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
4242 
4243 				dma_unmap_single(ar->dev, paddr, skb->len,
4244 						 DMA_TO_DEVICE);
4245 				ieee80211_free_txskb(ar->hw, skb);
4246 			}
4247 		} else {
4248 			ret = ath10k_wmi_mgmt_tx(ar, skb);
4249 			if (ret) {
4250 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
4251 					    ret);
4252 				ieee80211_free_txskb(ar->hw, skb);
4253 			}
4254 		}
4255 	}
4256 }
4257 
4258 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
4259 {
4260 	struct ath10k_txq *artxq;
4261 
4262 	if (!txq)
4263 		return;
4264 
4265 	artxq = (void *)txq->drv_priv;
4266 	INIT_LIST_HEAD(&artxq->list);
4267 }
4268 
4269 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
4270 {
4271 	struct ath10k_skb_cb *cb;
4272 	struct sk_buff *msdu;
4273 	int msdu_id;
4274 
4275 	if (!txq)
4276 		return;
4277 
4278 	spin_lock_bh(&ar->htt.tx_lock);
4279 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
4280 		cb = ATH10K_SKB_CB(msdu);
4281 		if (cb->txq == txq)
4282 			cb->txq = NULL;
4283 	}
4284 	spin_unlock_bh(&ar->htt.tx_lock);
4285 }
4286 
4287 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
4288 					    u16 peer_id,
4289 					    u8 tid)
4290 {
4291 	struct ath10k_peer *peer;
4292 
4293 	lockdep_assert_held(&ar->data_lock);
4294 
4295 	peer = ar->peer_map[peer_id];
4296 	if (!peer)
4297 		return NULL;
4298 
4299 	if (peer->removed)
4300 		return NULL;
4301 
4302 	if (peer->sta)
4303 		return peer->sta->txq[tid];
4304 	else if (peer->vif)
4305 		return peer->vif->txq;
4306 	else
4307 		return NULL;
4308 }
4309 
4310 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
4311 				   struct ieee80211_txq *txq)
4312 {
4313 	struct ath10k *ar = hw->priv;
4314 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4315 
4316 	/* No need to get locks */
4317 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
4318 		return true;
4319 
4320 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
4321 		return true;
4322 
4323 	if (artxq->num_fw_queued < artxq->num_push_allowed)
4324 		return true;
4325 
4326 	return false;
4327 }
4328 
4329 /* Return estimated airtime in microsecond, which is calculated using last
4330  * reported TX rate. This is just a rough estimation because host driver has no
4331  * knowledge of the actual transmit rate, retries or aggregation. If actual
4332  * airtime can be reported by firmware, then delta between estimated and actual
4333  * airtime can be adjusted from deficit.
4334  */
4335 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4336 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4337 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4338 				     struct ieee80211_txq *txq,
4339 				     struct sk_buff *skb)
4340 {
4341 	struct ath10k_sta *arsta;
4342 	u32 pktlen;
4343 	u16 airtime = 0;
4344 
4345 	if (!txq || !txq->sta)
4346 		return airtime;
4347 
4348 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4349 		return airtime;
4350 
4351 	spin_lock_bh(&ar->data_lock);
4352 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4353 
4354 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4355 	if (arsta->last_tx_bitrate) {
4356 		/* airtime in us, last_tx_bitrate in 100kbps */
4357 		airtime = (pktlen * 8 * (1000 / 100))
4358 				/ arsta->last_tx_bitrate;
4359 		/* overhead for media access time and IFS */
4360 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4361 	} else {
4362 		/* This is mostly for throttle excessive BC/MC frames, and the
4363 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4364 		 * in 2G get some discount, which helps prevent very low rate
4365 		 * frames from being blocked for too long.
4366 		 */
4367 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4368 		airtime += IEEE80211_ATF_OVERHEAD;
4369 	}
4370 	spin_unlock_bh(&ar->data_lock);
4371 
4372 	return airtime;
4373 }
4374 
4375 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4376 			   struct ieee80211_txq *txq)
4377 {
4378 	struct ath10k *ar = hw->priv;
4379 	struct ath10k_htt *htt = &ar->htt;
4380 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4381 	struct ieee80211_vif *vif = txq->vif;
4382 	struct ieee80211_sta *sta = txq->sta;
4383 	enum ath10k_hw_txrx_mode txmode;
4384 	enum ath10k_mac_tx_path txpath;
4385 	struct sk_buff *skb;
4386 	struct ieee80211_hdr *hdr;
4387 	size_t skb_len;
4388 	bool is_mgmt, is_presp;
4389 	int ret;
4390 	u16 airtime;
4391 
4392 	spin_lock_bh(&ar->htt.tx_lock);
4393 	ret = ath10k_htt_tx_inc_pending(htt);
4394 	spin_unlock_bh(&ar->htt.tx_lock);
4395 
4396 	if (ret)
4397 		return ret;
4398 
4399 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4400 	if (!skb) {
4401 		spin_lock_bh(&ar->htt.tx_lock);
4402 		ath10k_htt_tx_dec_pending(htt);
4403 		spin_unlock_bh(&ar->htt.tx_lock);
4404 
4405 		return -ENOENT;
4406 	}
4407 
4408 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4409 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4410 
4411 	skb_len = skb->len;
4412 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4413 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4414 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4415 
4416 	if (is_mgmt) {
4417 		hdr = (struct ieee80211_hdr *)skb->data;
4418 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4419 
4420 		spin_lock_bh(&ar->htt.tx_lock);
4421 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4422 
4423 		if (ret) {
4424 			ath10k_htt_tx_dec_pending(htt);
4425 			spin_unlock_bh(&ar->htt.tx_lock);
4426 			return ret;
4427 		}
4428 		spin_unlock_bh(&ar->htt.tx_lock);
4429 	}
4430 
4431 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4432 	if (unlikely(ret)) {
4433 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4434 
4435 		spin_lock_bh(&ar->htt.tx_lock);
4436 		ath10k_htt_tx_dec_pending(htt);
4437 		if (is_mgmt)
4438 			ath10k_htt_tx_mgmt_dec_pending(htt);
4439 		spin_unlock_bh(&ar->htt.tx_lock);
4440 
4441 		return ret;
4442 	}
4443 
4444 	spin_lock_bh(&ar->htt.tx_lock);
4445 	artxq->num_fw_queued++;
4446 	spin_unlock_bh(&ar->htt.tx_lock);
4447 
4448 	return skb_len;
4449 }
4450 
4451 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4452 {
4453 	struct ieee80211_txq *txq;
4454 	int ret = 0;
4455 
4456 	ieee80211_txq_schedule_start(hw, ac);
4457 	while ((txq = ieee80211_next_txq(hw, ac))) {
4458 		while (ath10k_mac_tx_can_push(hw, txq)) {
4459 			ret = ath10k_mac_tx_push_txq(hw, txq);
4460 			if (ret < 0)
4461 				break;
4462 		}
4463 		ieee80211_return_txq(hw, txq, false);
4464 		ath10k_htt_tx_txq_update(hw, txq);
4465 		if (ret == -EBUSY)
4466 			break;
4467 	}
4468 	ieee80211_txq_schedule_end(hw, ac);
4469 
4470 	return ret;
4471 }
4472 
4473 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4474 {
4475 	struct ieee80211_hw *hw = ar->hw;
4476 	u32 ac;
4477 
4478 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4479 		return;
4480 
4481 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4482 		return;
4483 
4484 	rcu_read_lock();
4485 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4486 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4487 			break;
4488 	}
4489 	rcu_read_unlock();
4490 }
4491 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4492 
4493 /************/
4494 /* Scanning */
4495 /************/
4496 
4497 void __ath10k_scan_finish(struct ath10k *ar)
4498 {
4499 	lockdep_assert_held(&ar->data_lock);
4500 
4501 	switch (ar->scan.state) {
4502 	case ATH10K_SCAN_IDLE:
4503 		break;
4504 	case ATH10K_SCAN_RUNNING:
4505 	case ATH10K_SCAN_ABORTING:
4506 		if (!ar->scan.is_roc) {
4507 			struct cfg80211_scan_info info = {
4508 				.aborted = (ar->scan.state ==
4509 					    ATH10K_SCAN_ABORTING),
4510 			};
4511 
4512 			ieee80211_scan_completed(ar->hw, &info);
4513 		} else if (ar->scan.roc_notify) {
4514 			ieee80211_remain_on_channel_expired(ar->hw);
4515 		}
4516 		fallthrough;
4517 	case ATH10K_SCAN_STARTING:
4518 		ar->scan.state = ATH10K_SCAN_IDLE;
4519 		ar->scan_channel = NULL;
4520 		ar->scan.roc_freq = 0;
4521 		ath10k_offchan_tx_purge(ar);
4522 		cancel_delayed_work(&ar->scan.timeout);
4523 		complete(&ar->scan.completed);
4524 		break;
4525 	}
4526 }
4527 
4528 void ath10k_scan_finish(struct ath10k *ar)
4529 {
4530 	spin_lock_bh(&ar->data_lock);
4531 	__ath10k_scan_finish(ar);
4532 	spin_unlock_bh(&ar->data_lock);
4533 }
4534 
4535 static int ath10k_scan_stop(struct ath10k *ar)
4536 {
4537 	struct wmi_stop_scan_arg arg = {
4538 		.req_id = 1, /* FIXME */
4539 		.req_type = WMI_SCAN_STOP_ONE,
4540 		.u.scan_id = ATH10K_SCAN_ID,
4541 	};
4542 	int ret;
4543 
4544 	lockdep_assert_held(&ar->conf_mutex);
4545 
4546 	ret = ath10k_wmi_stop_scan(ar, &arg);
4547 	if (ret) {
4548 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4549 		goto out;
4550 	}
4551 
4552 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4553 	if (ret == 0) {
4554 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4555 		ret = -ETIMEDOUT;
4556 	} else if (ret > 0) {
4557 		ret = 0;
4558 	}
4559 
4560 out:
4561 	/* Scan state should be updated upon scan completion but in case
4562 	 * firmware fails to deliver the event (for whatever reason) it is
4563 	 * desired to clean up scan state anyway. Firmware may have just
4564 	 * dropped the scan completion event delivery due to transport pipe
4565 	 * being overflown with data and/or it can recover on its own before
4566 	 * next scan request is submitted.
4567 	 */
4568 	spin_lock_bh(&ar->data_lock);
4569 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4570 		__ath10k_scan_finish(ar);
4571 	spin_unlock_bh(&ar->data_lock);
4572 
4573 	return ret;
4574 }
4575 
4576 static void ath10k_scan_abort(struct ath10k *ar)
4577 {
4578 	int ret;
4579 
4580 	lockdep_assert_held(&ar->conf_mutex);
4581 
4582 	spin_lock_bh(&ar->data_lock);
4583 
4584 	switch (ar->scan.state) {
4585 	case ATH10K_SCAN_IDLE:
4586 		/* This can happen if timeout worker kicked in and called
4587 		 * abortion while scan completion was being processed.
4588 		 */
4589 		break;
4590 	case ATH10K_SCAN_STARTING:
4591 	case ATH10K_SCAN_ABORTING:
4592 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4593 			    ath10k_scan_state_str(ar->scan.state),
4594 			    ar->scan.state);
4595 		break;
4596 	case ATH10K_SCAN_RUNNING:
4597 		ar->scan.state = ATH10K_SCAN_ABORTING;
4598 		spin_unlock_bh(&ar->data_lock);
4599 
4600 		ret = ath10k_scan_stop(ar);
4601 		if (ret)
4602 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4603 
4604 		spin_lock_bh(&ar->data_lock);
4605 		break;
4606 	}
4607 
4608 	spin_unlock_bh(&ar->data_lock);
4609 }
4610 
4611 void ath10k_scan_timeout_work(struct work_struct *work)
4612 {
4613 	struct ath10k *ar = container_of(work, struct ath10k,
4614 					 scan.timeout.work);
4615 
4616 	mutex_lock(&ar->conf_mutex);
4617 	ath10k_scan_abort(ar);
4618 	mutex_unlock(&ar->conf_mutex);
4619 }
4620 
4621 static int ath10k_start_scan(struct ath10k *ar,
4622 			     const struct wmi_start_scan_arg *arg)
4623 {
4624 	int ret;
4625 
4626 	lockdep_assert_held(&ar->conf_mutex);
4627 
4628 	ret = ath10k_wmi_start_scan(ar, arg);
4629 	if (ret)
4630 		return ret;
4631 
4632 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4633 	if (ret == 0) {
4634 		ret = ath10k_scan_stop(ar);
4635 		if (ret)
4636 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4637 
4638 		return -ETIMEDOUT;
4639 	}
4640 
4641 	/* If we failed to start the scan, return error code at
4642 	 * this point.  This is probably due to some issue in the
4643 	 * firmware, but no need to wedge the driver due to that...
4644 	 */
4645 	spin_lock_bh(&ar->data_lock);
4646 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4647 		spin_unlock_bh(&ar->data_lock);
4648 		return -EINVAL;
4649 	}
4650 	spin_unlock_bh(&ar->data_lock);
4651 
4652 	return 0;
4653 }
4654 
4655 /**********************/
4656 /* mac80211 callbacks */
4657 /**********************/
4658 
4659 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4660 			     struct ieee80211_tx_control *control,
4661 			     struct sk_buff *skb)
4662 {
4663 	struct ath10k *ar = hw->priv;
4664 	struct ath10k_htt *htt = &ar->htt;
4665 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4666 	struct ieee80211_vif *vif = info->control.vif;
4667 	struct ieee80211_sta *sta = control->sta;
4668 	struct ieee80211_txq *txq = NULL;
4669 	enum ath10k_hw_txrx_mode txmode;
4670 	enum ath10k_mac_tx_path txpath;
4671 	bool is_htt;
4672 	bool is_mgmt;
4673 	int ret;
4674 	u16 airtime;
4675 
4676 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4677 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4678 
4679 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4680 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4681 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4682 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4683 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4684 
4685 	if (is_htt) {
4686 		bool is_presp = false;
4687 
4688 		spin_lock_bh(&ar->htt.tx_lock);
4689 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)) {
4690 			struct ieee80211_hdr *hdr = (void *)skb->data;
4691 
4692 			is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4693 		}
4694 
4695 		ret = ath10k_htt_tx_inc_pending(htt);
4696 		if (ret) {
4697 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4698 				    ret);
4699 			spin_unlock_bh(&ar->htt.tx_lock);
4700 			ieee80211_free_txskb(ar->hw, skb);
4701 			return;
4702 		}
4703 
4704 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4705 		if (ret) {
4706 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4707 				   ret);
4708 			ath10k_htt_tx_dec_pending(htt);
4709 			spin_unlock_bh(&ar->htt.tx_lock);
4710 			ieee80211_free_txskb(ar->hw, skb);
4711 			return;
4712 		}
4713 		spin_unlock_bh(&ar->htt.tx_lock);
4714 	}
4715 
4716 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4717 	if (ret) {
4718 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4719 		if (is_htt) {
4720 			spin_lock_bh(&ar->htt.tx_lock);
4721 			ath10k_htt_tx_dec_pending(htt);
4722 			if (is_mgmt)
4723 				ath10k_htt_tx_mgmt_dec_pending(htt);
4724 			spin_unlock_bh(&ar->htt.tx_lock);
4725 		}
4726 		return;
4727 	}
4728 }
4729 
4730 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4731 					struct ieee80211_txq *txq)
4732 {
4733 	struct ath10k *ar = hw->priv;
4734 	int ret;
4735 	u8 ac = txq->ac;
4736 
4737 	ath10k_htt_tx_txq_update(hw, txq);
4738 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4739 		return;
4740 
4741 	spin_lock_bh(&ar->queue_lock[ac]);
4742 
4743 	ieee80211_txq_schedule_start(hw, ac);
4744 	txq = ieee80211_next_txq(hw, ac);
4745 	if (!txq)
4746 		goto out;
4747 
4748 	while (ath10k_mac_tx_can_push(hw, txq)) {
4749 		ret = ath10k_mac_tx_push_txq(hw, txq);
4750 		if (ret < 0)
4751 			break;
4752 	}
4753 	ieee80211_return_txq(hw, txq, false);
4754 	ath10k_htt_tx_txq_update(hw, txq);
4755 out:
4756 	ieee80211_txq_schedule_end(hw, ac);
4757 	spin_unlock_bh(&ar->queue_lock[ac]);
4758 }
4759 
4760 /* Must not be called with conf_mutex held as workers can use that also. */
4761 void ath10k_drain_tx(struct ath10k *ar)
4762 {
4763 	lockdep_assert_not_held(&ar->conf_mutex);
4764 
4765 	/* make sure rcu-protected mac80211 tx path itself is drained */
4766 	synchronize_net();
4767 
4768 	ath10k_offchan_tx_purge(ar);
4769 	ath10k_mgmt_over_wmi_tx_purge(ar);
4770 
4771 	cancel_work_sync(&ar->offchan_tx_work);
4772 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4773 }
4774 
4775 void ath10k_halt(struct ath10k *ar)
4776 {
4777 	struct ath10k_vif *arvif;
4778 
4779 	lockdep_assert_held(&ar->conf_mutex);
4780 
4781 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4782 	ar->filter_flags = 0;
4783 	ar->monitor = false;
4784 	ar->monitor_arvif = NULL;
4785 
4786 	if (ar->monitor_started)
4787 		ath10k_monitor_stop(ar);
4788 
4789 	ar->monitor_started = false;
4790 	ar->tx_paused = 0;
4791 
4792 	ath10k_scan_finish(ar);
4793 	ath10k_peer_cleanup_all(ar);
4794 	ath10k_stop_radar_confirmation(ar);
4795 	ath10k_core_stop(ar);
4796 	ath10k_hif_power_down(ar);
4797 
4798 	spin_lock_bh(&ar->data_lock);
4799 	list_for_each_entry(arvif, &ar->arvifs, list)
4800 		ath10k_mac_vif_beacon_cleanup(arvif);
4801 	spin_unlock_bh(&ar->data_lock);
4802 }
4803 
4804 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4805 {
4806 	struct ath10k *ar = hw->priv;
4807 
4808 	mutex_lock(&ar->conf_mutex);
4809 
4810 	*tx_ant = ar->cfg_tx_chainmask;
4811 	*rx_ant = ar->cfg_rx_chainmask;
4812 
4813 	mutex_unlock(&ar->conf_mutex);
4814 
4815 	return 0;
4816 }
4817 
4818 static bool ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4819 {
4820 	/* It is not clear that allowing gaps in chainmask
4821 	 * is helpful.  Probably it will not do what user
4822 	 * is hoping for, so warn in that case.
4823 	 */
4824 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4825 		return true;
4826 
4827 	ath10k_warn(ar, "mac %s antenna chainmask is invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4828 		    dbg, cm);
4829 	return false;
4830 }
4831 
4832 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4833 {
4834 	int nsts = ar->vht_cap_info;
4835 
4836 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4837 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4838 
4839 	/* If firmware does not deliver to host number of space-time
4840 	 * streams supported, assume it support up to 4 BF STS and return
4841 	 * the value for VHT CAP: nsts-1)
4842 	 */
4843 	if (nsts == 0)
4844 		return 3;
4845 
4846 	return nsts;
4847 }
4848 
4849 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4850 {
4851 	int sound_dim = ar->vht_cap_info;
4852 
4853 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4854 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4855 
4856 	/* If the sounding dimension is not advertised by the firmware,
4857 	 * let's use a default value of 1
4858 	 */
4859 	if (sound_dim == 0)
4860 		return 1;
4861 
4862 	return sound_dim;
4863 }
4864 
4865 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4866 {
4867 	struct ieee80211_sta_vht_cap vht_cap = {0};
4868 	struct ath10k_hw_params *hw = &ar->hw_params;
4869 	u16 mcs_map;
4870 	u32 val;
4871 	int i;
4872 
4873 	vht_cap.vht_supported = 1;
4874 	vht_cap.cap = ar->vht_cap_info;
4875 
4876 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4877 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4878 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4879 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4880 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4881 
4882 		vht_cap.cap |= val;
4883 	}
4884 
4885 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4886 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4887 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4888 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4889 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4890 
4891 		vht_cap.cap |= val;
4892 	}
4893 
4894 	mcs_map = 0;
4895 	for (i = 0; i < 8; i++) {
4896 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4897 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4898 		else
4899 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4900 	}
4901 
4902 	if (ar->cfg_tx_chainmask <= 1)
4903 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4904 
4905 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4906 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4907 
4908 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4909 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4910 	 * user-space a clue if that is the case.
4911 	 */
4912 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4913 	    (hw->vht160_mcs_rx_highest != 0 ||
4914 	     hw->vht160_mcs_tx_highest != 0)) {
4915 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4916 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4917 	}
4918 
4919 	return vht_cap;
4920 }
4921 
4922 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4923 {
4924 	int i;
4925 	struct ieee80211_sta_ht_cap ht_cap = {0};
4926 
4927 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4928 		return ht_cap;
4929 
4930 	ht_cap.ht_supported = 1;
4931 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4932 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4933 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4934 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4935 	ht_cap.cap |=
4936 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4937 
4938 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4939 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4940 
4941 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4942 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4943 
4944 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4945 		u32 smps;
4946 
4947 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4948 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4949 
4950 		ht_cap.cap |= smps;
4951 	}
4952 
4953 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4954 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4955 
4956 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4957 		u32 stbc;
4958 
4959 		stbc   = ar->ht_cap_info;
4960 		stbc  &= WMI_HT_CAP_RX_STBC;
4961 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4962 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4963 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4964 
4965 		ht_cap.cap |= stbc;
4966 	}
4967 
4968 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4969 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4970 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4971 
4972 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4973 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4974 
4975 	/* max AMSDU is implicitly taken from vht_cap_info */
4976 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4977 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4978 
4979 	for (i = 0; i < ar->num_rf_chains; i++) {
4980 		if (ar->cfg_rx_chainmask & BIT(i))
4981 			ht_cap.mcs.rx_mask[i] = 0xFF;
4982 	}
4983 
4984 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
4985 
4986 	return ht_cap;
4987 }
4988 
4989 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
4990 {
4991 	struct ieee80211_supported_band *band;
4992 	struct ieee80211_sta_vht_cap vht_cap;
4993 	struct ieee80211_sta_ht_cap ht_cap;
4994 
4995 	ht_cap = ath10k_get_ht_cap(ar);
4996 	vht_cap = ath10k_create_vht_cap(ar);
4997 
4998 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
4999 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
5000 		band->ht_cap = ht_cap;
5001 	}
5002 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
5003 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
5004 		band->ht_cap = ht_cap;
5005 		band->vht_cap = vht_cap;
5006 	}
5007 }
5008 
5009 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
5010 {
5011 	int ret;
5012 	bool is_valid_tx_chain_mask, is_valid_rx_chain_mask;
5013 
5014 	lockdep_assert_held(&ar->conf_mutex);
5015 
5016 	is_valid_tx_chain_mask = ath10k_check_chain_mask(ar, tx_ant, "tx");
5017 	is_valid_rx_chain_mask = ath10k_check_chain_mask(ar, rx_ant, "rx");
5018 
5019 	if (!is_valid_tx_chain_mask || !is_valid_rx_chain_mask)
5020 		return -EINVAL;
5021 
5022 	ar->cfg_tx_chainmask = tx_ant;
5023 	ar->cfg_rx_chainmask = rx_ant;
5024 
5025 	if ((ar->state != ATH10K_STATE_ON) &&
5026 	    (ar->state != ATH10K_STATE_RESTARTED))
5027 		return 0;
5028 
5029 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
5030 					tx_ant);
5031 	if (ret) {
5032 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
5033 			    ret, tx_ant);
5034 		return ret;
5035 	}
5036 
5037 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
5038 					rx_ant);
5039 	if (ret) {
5040 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
5041 			    ret, rx_ant);
5042 		return ret;
5043 	}
5044 
5045 	/* Reload HT/VHT capability */
5046 	ath10k_mac_setup_ht_vht_cap(ar);
5047 
5048 	return 0;
5049 }
5050 
5051 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
5052 {
5053 	struct ath10k *ar = hw->priv;
5054 	int ret;
5055 
5056 	mutex_lock(&ar->conf_mutex);
5057 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
5058 	mutex_unlock(&ar->conf_mutex);
5059 	return ret;
5060 }
5061 
5062 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
5063 				       struct wmi_bb_timing_cfg_arg *bb_timing)
5064 {
5065 	struct device_node *node;
5066 	const char *fem_name;
5067 	int ret;
5068 
5069 	node = ar->dev->of_node;
5070 	if (!node)
5071 		return -ENOENT;
5072 
5073 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
5074 	if (ret)
5075 		return -ENOENT;
5076 
5077 	/*
5078 	 * If external Front End module used in hardware, then default base band timing
5079 	 * parameter cannot be used since they were fine tuned for reference hardware,
5080 	 * so choosing different value suitable for that external FEM.
5081 	 */
5082 	if (!strcmp("microsemi-lx5586", fem_name)) {
5083 		bb_timing->bb_tx_timing = 0x00;
5084 		bb_timing->bb_xpa_timing = 0x0101;
5085 	} else {
5086 		return -ENOENT;
5087 	}
5088 
5089 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
5090 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
5091 	return 0;
5092 }
5093 
5094 static int ath10k_mac_rfkill_config(struct ath10k *ar)
5095 {
5096 	u32 param;
5097 	int ret;
5098 
5099 	if (ar->hw_values->rfkill_pin == 0) {
5100 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
5101 		return -EOPNOTSUPP;
5102 	}
5103 
5104 	ath10k_dbg(ar, ATH10K_DBG_MAC,
5105 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
5106 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
5107 		   ar->hw_values->rfkill_on_level);
5108 
5109 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
5110 			   ar->hw_values->rfkill_on_level) |
5111 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
5112 			   ar->hw_values->rfkill_pin) |
5113 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
5114 			   ar->hw_values->rfkill_cfg);
5115 
5116 	ret = ath10k_wmi_pdev_set_param(ar,
5117 					ar->wmi.pdev_param->rfkill_config,
5118 					param);
5119 	if (ret) {
5120 		ath10k_warn(ar,
5121 			    "failed to set rfkill config 0x%x: %d\n",
5122 			    param, ret);
5123 		return ret;
5124 	}
5125 	return 0;
5126 }
5127 
5128 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
5129 {
5130 	enum wmi_tlv_rfkill_enable_radio param;
5131 	int ret;
5132 
5133 	if (enable)
5134 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
5135 	else
5136 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
5137 
5138 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
5139 
5140 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
5141 					param);
5142 	if (ret) {
5143 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
5144 			    param, ret);
5145 		return ret;
5146 	}
5147 
5148 	return 0;
5149 }
5150 
5151 static int ath10k_start(struct ieee80211_hw *hw)
5152 {
5153 	struct ath10k *ar = hw->priv;
5154 	u32 param;
5155 	int ret = 0;
5156 	struct wmi_bb_timing_cfg_arg bb_timing = {0};
5157 
5158 	/*
5159 	 * This makes sense only when restarting hw. It is harmless to call
5160 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
5161 	 * commands will be submitted while restarting.
5162 	 */
5163 	ath10k_drain_tx(ar);
5164 
5165 	mutex_lock(&ar->conf_mutex);
5166 
5167 	switch (ar->state) {
5168 	case ATH10K_STATE_OFF:
5169 		ar->state = ATH10K_STATE_ON;
5170 		break;
5171 	case ATH10K_STATE_RESTARTING:
5172 		ar->state = ATH10K_STATE_RESTARTED;
5173 		break;
5174 	case ATH10K_STATE_ON:
5175 	case ATH10K_STATE_RESTARTED:
5176 	case ATH10K_STATE_WEDGED:
5177 		WARN_ON(1);
5178 		ret = -EINVAL;
5179 		goto err;
5180 	case ATH10K_STATE_UTF:
5181 		ret = -EBUSY;
5182 		goto err;
5183 	}
5184 
5185 	spin_lock_bh(&ar->data_lock);
5186 
5187 	if (ar->hw_rfkill_on) {
5188 		ar->hw_rfkill_on = false;
5189 		spin_unlock_bh(&ar->data_lock);
5190 		goto err;
5191 	}
5192 
5193 	spin_unlock_bh(&ar->data_lock);
5194 
5195 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
5196 	if (ret) {
5197 		ath10k_err(ar, "Could not init hif: %d\n", ret);
5198 		goto err_off;
5199 	}
5200 
5201 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
5202 				&ar->normal_mode_fw);
5203 	if (ret) {
5204 		ath10k_err(ar, "Could not init core: %d\n", ret);
5205 		goto err_power_down;
5206 	}
5207 
5208 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
5209 		ret = ath10k_mac_rfkill_config(ar);
5210 		if (ret && ret != -EOPNOTSUPP) {
5211 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
5212 			goto err_core_stop;
5213 		}
5214 	}
5215 
5216 	param = ar->wmi.pdev_param->pmf_qos;
5217 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5218 	if (ret) {
5219 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
5220 		goto err_core_stop;
5221 	}
5222 
5223 	param = ar->wmi.pdev_param->dynamic_bw;
5224 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5225 	if (ret) {
5226 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
5227 		goto err_core_stop;
5228 	}
5229 
5230 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
5231 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
5232 		if (ret) {
5233 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
5234 			goto err_core_stop;
5235 		}
5236 	}
5237 
5238 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
5239 		ret = ath10k_wmi_adaptive_qcs(ar, true);
5240 		if (ret) {
5241 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
5242 				    ret);
5243 			goto err_core_stop;
5244 		}
5245 	}
5246 
5247 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
5248 		param = ar->wmi.pdev_param->burst_enable;
5249 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5250 		if (ret) {
5251 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
5252 			goto err_core_stop;
5253 		}
5254 	}
5255 
5256 	param = ar->wmi.pdev_param->idle_ps_config;
5257 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5258 	if (ret && ret != -EOPNOTSUPP) {
5259 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
5260 		goto err_core_stop;
5261 	}
5262 
5263 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
5264 
5265 	/*
5266 	 * By default FW set ARP frames ac to voice (6). In that case ARP
5267 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
5268 	 * which arrives with access category 0 are processed by network stack
5269 	 * and send back with access category 0, but FW changes access category
5270 	 * to 6. Set ARP frames access category to best effort (0) solves
5271 	 * this problem.
5272 	 */
5273 
5274 	param = ar->wmi.pdev_param->arp_ac_override;
5275 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5276 	if (ret) {
5277 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
5278 			    ret);
5279 		goto err_core_stop;
5280 	}
5281 
5282 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
5283 		     ar->running_fw->fw_file.fw_features)) {
5284 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
5285 							  WMI_CCA_DETECT_LEVEL_AUTO,
5286 							  WMI_CCA_DETECT_MARGIN_AUTO);
5287 		if (ret) {
5288 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
5289 				    ret);
5290 			goto err_core_stop;
5291 		}
5292 	}
5293 
5294 	param = ar->wmi.pdev_param->ani_enable;
5295 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5296 	if (ret) {
5297 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
5298 			    ret);
5299 		goto err_core_stop;
5300 	}
5301 
5302 	ar->ani_enabled = true;
5303 
5304 	if (ath10k_peer_stats_enabled(ar)) {
5305 		param = ar->wmi.pdev_param->peer_stats_update_period;
5306 		ret = ath10k_wmi_pdev_set_param(ar, param,
5307 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
5308 		if (ret) {
5309 			ath10k_warn(ar,
5310 				    "failed to set peer stats period : %d\n",
5311 				    ret);
5312 			goto err_core_stop;
5313 		}
5314 	}
5315 
5316 	param = ar->wmi.pdev_param->enable_btcoex;
5317 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
5318 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
5319 		     ar->running_fw->fw_file.fw_features) &&
5320 	    ar->coex_support) {
5321 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5322 		if (ret) {
5323 			ath10k_warn(ar,
5324 				    "failed to set btcoex param: %d\n", ret);
5325 			goto err_core_stop;
5326 		}
5327 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
5328 	}
5329 
5330 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
5331 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
5332 		if (!ret) {
5333 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
5334 			if (ret) {
5335 				ath10k_warn(ar,
5336 					    "failed to set bb timings: %d\n",
5337 					    ret);
5338 				goto err_core_stop;
5339 			}
5340 		}
5341 	}
5342 
5343 	ar->num_started_vdevs = 0;
5344 	ath10k_regd_update(ar);
5345 
5346 	ath10k_spectral_start(ar);
5347 	ath10k_thermal_set_throttling(ar);
5348 
5349 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5350 
5351 	mutex_unlock(&ar->conf_mutex);
5352 	return 0;
5353 
5354 err_core_stop:
5355 	ath10k_core_stop(ar);
5356 
5357 err_power_down:
5358 	ath10k_hif_power_down(ar);
5359 
5360 err_off:
5361 	ar->state = ATH10K_STATE_OFF;
5362 
5363 err:
5364 	mutex_unlock(&ar->conf_mutex);
5365 	return ret;
5366 }
5367 
5368 static void ath10k_stop(struct ieee80211_hw *hw)
5369 {
5370 	struct ath10k *ar = hw->priv;
5371 	u32 opt;
5372 
5373 	ath10k_drain_tx(ar);
5374 
5375 	mutex_lock(&ar->conf_mutex);
5376 	if (ar->state != ATH10K_STATE_OFF) {
5377 		if (!ar->hw_rfkill_on) {
5378 			/* If the current driver state is RESTARTING but not yet
5379 			 * fully RESTARTED because of incoming suspend event,
5380 			 * then ath10k_halt() is already called via
5381 			 * ath10k_core_restart() and should not be called here.
5382 			 */
5383 			if (ar->state != ATH10K_STATE_RESTARTING) {
5384 				ath10k_halt(ar);
5385 			} else {
5386 				/* Suspending here, because when in RESTARTING
5387 				 * state, ath10k_core_stop() skips
5388 				 * ath10k_wait_for_suspend().
5389 				 */
5390 				opt = WMI_PDEV_SUSPEND_AND_DISABLE_INTR;
5391 				ath10k_wait_for_suspend(ar, opt);
5392 			}
5393 		}
5394 		ar->state = ATH10K_STATE_OFF;
5395 	}
5396 	mutex_unlock(&ar->conf_mutex);
5397 
5398 	cancel_work_sync(&ar->set_coverage_class_work);
5399 	cancel_delayed_work_sync(&ar->scan.timeout);
5400 	cancel_work_sync(&ar->restart_work);
5401 }
5402 
5403 static int ath10k_config_ps(struct ath10k *ar)
5404 {
5405 	struct ath10k_vif *arvif;
5406 	int ret = 0;
5407 
5408 	lockdep_assert_held(&ar->conf_mutex);
5409 
5410 	list_for_each_entry(arvif, &ar->arvifs, list) {
5411 		ret = ath10k_mac_vif_setup_ps(arvif);
5412 		if (ret) {
5413 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5414 			break;
5415 		}
5416 	}
5417 
5418 	return ret;
5419 }
5420 
5421 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
5422 {
5423 	struct ath10k *ar = hw->priv;
5424 	struct ieee80211_conf *conf = &hw->conf;
5425 	int ret = 0;
5426 
5427 	mutex_lock(&ar->conf_mutex);
5428 
5429 	if (changed & IEEE80211_CONF_CHANGE_PS)
5430 		ath10k_config_ps(ar);
5431 
5432 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5433 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5434 		ret = ath10k_monitor_recalc(ar);
5435 		if (ret)
5436 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5437 	}
5438 
5439 	mutex_unlock(&ar->conf_mutex);
5440 	return ret;
5441 }
5442 
5443 static u32 get_nss_from_chainmask(u16 chain_mask)
5444 {
5445 	if ((chain_mask & 0xf) == 0xf)
5446 		return 4;
5447 	else if ((chain_mask & 0x7) == 0x7)
5448 		return 3;
5449 	else if ((chain_mask & 0x3) == 0x3)
5450 		return 2;
5451 	return 1;
5452 }
5453 
5454 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5455 {
5456 	u32 value = 0;
5457 	struct ath10k *ar = arvif->ar;
5458 	int nsts;
5459 	int sound_dim;
5460 
5461 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5462 		return 0;
5463 
5464 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5465 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5466 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5467 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5468 
5469 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5470 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5471 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5472 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5473 
5474 	if (!value)
5475 		return 0;
5476 
5477 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5478 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5479 
5480 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5481 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5482 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5483 
5484 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5485 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5486 
5487 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5488 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5489 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5490 
5491 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5492 					 ar->wmi.vdev_param->txbf, value);
5493 }
5494 
5495 static void ath10k_update_vif_offload(struct ieee80211_hw *hw,
5496 				      struct ieee80211_vif *vif)
5497 {
5498 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5499 	struct ath10k *ar = hw->priv;
5500 	u32 vdev_param;
5501 	int ret;
5502 
5503 	if (ath10k_frame_mode != ATH10K_HW_TXRX_ETHERNET ||
5504 	    ar->wmi.vdev_param->tx_encap_type == WMI_VDEV_PARAM_UNSUPPORTED ||
5505 	     (vif->type != NL80211_IFTYPE_STATION &&
5506 	      vif->type != NL80211_IFTYPE_AP))
5507 		vif->offload_flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
5508 
5509 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5510 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5511 					ATH10K_HW_TXRX_NATIVE_WIFI);
5512 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5513 	if (ret && ret != -EOPNOTSUPP) {
5514 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5515 			    arvif->vdev_id, ret);
5516 	}
5517 }
5518 
5519 /*
5520  * TODO:
5521  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5522  * because we will send mgmt frames without CCK. This requirement
5523  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5524  * in the TX packet.
5525  */
5526 static int ath10k_add_interface(struct ieee80211_hw *hw,
5527 				struct ieee80211_vif *vif)
5528 {
5529 	struct ath10k *ar = hw->priv;
5530 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5531 	struct ath10k_peer *peer;
5532 	enum wmi_sta_powersave_param param;
5533 	int ret = 0;
5534 	u32 value;
5535 	int bit;
5536 	int i;
5537 	u32 vdev_param;
5538 
5539 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5540 
5541 	mutex_lock(&ar->conf_mutex);
5542 
5543 	memset(arvif, 0, sizeof(*arvif));
5544 	ath10k_mac_txq_init(vif->txq);
5545 
5546 	arvif->ar = ar;
5547 	arvif->vif = vif;
5548 
5549 	INIT_LIST_HEAD(&arvif->list);
5550 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5551 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5552 			  ath10k_mac_vif_sta_connection_loss_work);
5553 
5554 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5555 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5556 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5557 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5558 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5559 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5560 	}
5561 
5562 	if (ar->num_peers >= ar->max_num_peers) {
5563 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5564 		ret = -ENOBUFS;
5565 		goto err;
5566 	}
5567 
5568 	if (ar->free_vdev_map == 0) {
5569 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5570 		ret = -EBUSY;
5571 		goto err;
5572 	}
5573 	bit = __ffs64(ar->free_vdev_map);
5574 
5575 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5576 		   bit, ar->free_vdev_map);
5577 
5578 	arvif->vdev_id = bit;
5579 	arvif->vdev_subtype =
5580 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5581 
5582 	switch (vif->type) {
5583 	case NL80211_IFTYPE_P2P_DEVICE:
5584 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5585 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5586 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5587 		break;
5588 	case NL80211_IFTYPE_UNSPECIFIED:
5589 	case NL80211_IFTYPE_STATION:
5590 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5591 		if (vif->p2p)
5592 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5593 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5594 		break;
5595 	case NL80211_IFTYPE_ADHOC:
5596 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5597 		break;
5598 	case NL80211_IFTYPE_MESH_POINT:
5599 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5600 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5601 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5602 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5603 			ret = -EINVAL;
5604 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5605 			goto err;
5606 		}
5607 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5608 		break;
5609 	case NL80211_IFTYPE_AP:
5610 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5611 
5612 		if (vif->p2p)
5613 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5614 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5615 		break;
5616 	case NL80211_IFTYPE_MONITOR:
5617 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5618 		break;
5619 	default:
5620 		WARN_ON(1);
5621 		break;
5622 	}
5623 
5624 	/* Using vdev_id as queue number will make it very easy to do per-vif
5625 	 * tx queue locking. This shouldn't wrap due to interface combinations
5626 	 * but do a modulo for correctness sake and prevent using offchannel tx
5627 	 * queues for regular vif tx.
5628 	 */
5629 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5630 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5631 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5632 
5633 	/* Some firmware revisions don't wait for beacon tx completion before
5634 	 * sending another SWBA event. This could lead to hardware using old
5635 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5636 	 * combined with missed TBTT. This is very rare.
5637 	 *
5638 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5639 	 * because hw could beacon some random data on the air.  On
5640 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5641 	 * device would crash.
5642 	 *
5643 	 * Since there are no beacon tx completions (implicit nor explicit)
5644 	 * propagated to host the only workaround for this is to allocate a
5645 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5646 	 * beacon tx commands. Worst case for this approach is some beacons may
5647 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5648 	 */
5649 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5650 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5651 	    vif->type == NL80211_IFTYPE_AP) {
5652 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
5653 			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
5654 						    GFP_KERNEL);
5655 
5656 			/* Using a kernel pointer in place of a dma_addr_t
5657 			 * token can lead to undefined behavior if that
5658 			 * makes it into cache management functions. Use a
5659 			 * known-invalid address token instead, which
5660 			 * avoids the warning and makes it easier to catch
5661 			 * bugs if it does end up getting used.
5662 			 */
5663 			arvif->beacon_paddr = DMA_MAPPING_ERROR;
5664 		} else {
5665 			arvif->beacon_buf =
5666 				dma_alloc_coherent(ar->dev,
5667 						   IEEE80211_MAX_FRAME_LEN,
5668 						   &arvif->beacon_paddr,
5669 						   GFP_ATOMIC);
5670 		}
5671 		if (!arvif->beacon_buf) {
5672 			ret = -ENOMEM;
5673 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5674 				    ret);
5675 			goto err;
5676 		}
5677 	}
5678 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5679 		arvif->nohwcrypt = true;
5680 
5681 	if (arvif->nohwcrypt &&
5682 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5683 		ret = -EINVAL;
5684 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5685 		goto err;
5686 	}
5687 
5688 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5689 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5690 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5691 
5692 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5693 				     arvif->vdev_subtype, vif->addr);
5694 	if (ret) {
5695 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5696 			    arvif->vdev_id, ret);
5697 		goto err;
5698 	}
5699 
5700 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5701 		     ar->wmi.svc_map)) {
5702 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5703 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5704 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5705 		if (ret && ret != -EOPNOTSUPP) {
5706 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5707 				    arvif->vdev_id, ret);
5708 		}
5709 	}
5710 
5711 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5712 	spin_lock_bh(&ar->data_lock);
5713 	list_add(&arvif->list, &ar->arvifs);
5714 	spin_unlock_bh(&ar->data_lock);
5715 
5716 	/* It makes no sense to have firmware do keepalives. mac80211 already
5717 	 * takes care of this with idle connection polling.
5718 	 */
5719 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5720 	if (ret) {
5721 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5722 			    arvif->vdev_id, ret);
5723 		goto err_vdev_delete;
5724 	}
5725 
5726 	arvif->def_wep_key_idx = -1;
5727 
5728 	ath10k_update_vif_offload(hw, vif);
5729 
5730 	/* Configuring number of spatial stream for monitor interface is causing
5731 	 * target assert in qca9888 and qca6174.
5732 	 */
5733 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5734 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5735 
5736 		vdev_param = ar->wmi.vdev_param->nss;
5737 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5738 						nss);
5739 		if (ret) {
5740 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5741 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5742 				    ret);
5743 			goto err_vdev_delete;
5744 		}
5745 	}
5746 
5747 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5748 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5749 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5750 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5751 		if (ret) {
5752 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5753 				    arvif->vdev_id, ret);
5754 			goto err_vdev_delete;
5755 		}
5756 
5757 		spin_lock_bh(&ar->data_lock);
5758 
5759 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5760 		if (!peer) {
5761 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5762 				    vif->addr, arvif->vdev_id);
5763 			spin_unlock_bh(&ar->data_lock);
5764 			ret = -ENOENT;
5765 			goto err_peer_delete;
5766 		}
5767 
5768 		arvif->peer_id = find_first_bit(peer->peer_ids,
5769 						ATH10K_MAX_NUM_PEER_IDS);
5770 
5771 		spin_unlock_bh(&ar->data_lock);
5772 	} else {
5773 		arvif->peer_id = HTT_INVALID_PEERID;
5774 	}
5775 
5776 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5777 		ret = ath10k_mac_set_kickout(arvif);
5778 		if (ret) {
5779 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5780 				    arvif->vdev_id, ret);
5781 			goto err_peer_delete;
5782 		}
5783 	}
5784 
5785 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5786 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5787 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5788 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5789 						  param, value);
5790 		if (ret) {
5791 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5792 				    arvif->vdev_id, ret);
5793 			goto err_peer_delete;
5794 		}
5795 
5796 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5797 		if (ret) {
5798 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5799 				    arvif->vdev_id, ret);
5800 			goto err_peer_delete;
5801 		}
5802 
5803 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5804 		if (ret) {
5805 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5806 				    arvif->vdev_id, ret);
5807 			goto err_peer_delete;
5808 		}
5809 	}
5810 
5811 	ret = ath10k_mac_set_txbf_conf(arvif);
5812 	if (ret) {
5813 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5814 			    arvif->vdev_id, ret);
5815 		goto err_peer_delete;
5816 	}
5817 
5818 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5819 	if (ret) {
5820 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5821 			    arvif->vdev_id, ret);
5822 		goto err_peer_delete;
5823 	}
5824 
5825 	arvif->txpower = vif->bss_conf.txpower;
5826 	ret = ath10k_mac_txpower_recalc(ar);
5827 	if (ret) {
5828 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5829 		goto err_peer_delete;
5830 	}
5831 
5832 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5833 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5834 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5835 						arvif->ftm_responder);
5836 
5837 		/* It is harmless to not set FTM role. Do not warn */
5838 		if (ret && ret != -EOPNOTSUPP)
5839 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5840 				    arvif->vdev_id, ret);
5841 	}
5842 
5843 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5844 		ar->monitor_arvif = arvif;
5845 		ret = ath10k_monitor_recalc(ar);
5846 		if (ret) {
5847 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5848 			goto err_peer_delete;
5849 		}
5850 	}
5851 
5852 	spin_lock_bh(&ar->htt.tx_lock);
5853 	if (!ar->tx_paused)
5854 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5855 	spin_unlock_bh(&ar->htt.tx_lock);
5856 
5857 	mutex_unlock(&ar->conf_mutex);
5858 	return 0;
5859 
5860 err_peer_delete:
5861 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5862 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5863 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5864 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5865 						 vif->addr);
5866 	}
5867 
5868 err_vdev_delete:
5869 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5870 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5871 	spin_lock_bh(&ar->data_lock);
5872 	list_del(&arvif->list);
5873 	spin_unlock_bh(&ar->data_lock);
5874 
5875 err:
5876 	if (arvif->beacon_buf) {
5877 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
5878 			kfree(arvif->beacon_buf);
5879 		else
5880 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5881 					  arvif->beacon_buf,
5882 					  arvif->beacon_paddr);
5883 		arvif->beacon_buf = NULL;
5884 	}
5885 
5886 	mutex_unlock(&ar->conf_mutex);
5887 
5888 	return ret;
5889 }
5890 
5891 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5892 {
5893 	int i;
5894 
5895 	for (i = 0; i < BITS_PER_LONG; i++)
5896 		ath10k_mac_vif_tx_unlock(arvif, i);
5897 }
5898 
5899 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5900 				    struct ieee80211_vif *vif)
5901 {
5902 	struct ath10k *ar = hw->priv;
5903 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5904 	struct ath10k_peer *peer;
5905 	unsigned long time_left;
5906 	int ret;
5907 	int i;
5908 
5909 	cancel_work_sync(&arvif->ap_csa_work);
5910 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5911 
5912 	mutex_lock(&ar->conf_mutex);
5913 
5914 	ret = ath10k_spectral_vif_stop(arvif);
5915 	if (ret)
5916 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5917 			    arvif->vdev_id, ret);
5918 
5919 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5920 	spin_lock_bh(&ar->data_lock);
5921 	list_del(&arvif->list);
5922 	spin_unlock_bh(&ar->data_lock);
5923 
5924 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5925 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5926 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5927 					     vif->addr);
5928 		if (ret)
5929 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5930 				    arvif->vdev_id, ret);
5931 
5932 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5933 						 vif->addr);
5934 		kfree(arvif->u.ap.noa_data);
5935 	}
5936 
5937 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5938 		   arvif->vdev_id);
5939 
5940 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5941 	if (ret)
5942 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5943 			    arvif->vdev_id, ret);
5944 
5945 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
5946 		time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
5947 							ATH10K_VDEV_DELETE_TIMEOUT_HZ);
5948 		if (time_left == 0) {
5949 			ath10k_warn(ar, "Timeout in receiving vdev delete response\n");
5950 			goto out;
5951 		}
5952 	}
5953 
5954 	/* Some firmware revisions don't notify host about self-peer removal
5955 	 * until after associated vdev is deleted.
5956 	 */
5957 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5958 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5959 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5960 						   vif->addr);
5961 		if (ret)
5962 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5963 				    arvif->vdev_id, ret);
5964 
5965 		spin_lock_bh(&ar->data_lock);
5966 		ar->num_peers--;
5967 		spin_unlock_bh(&ar->data_lock);
5968 	}
5969 
5970 	spin_lock_bh(&ar->data_lock);
5971 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5972 		peer = ar->peer_map[i];
5973 		if (!peer)
5974 			continue;
5975 
5976 		if (peer->vif == vif) {
5977 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5978 				    vif->addr, arvif->vdev_id);
5979 			peer->vif = NULL;
5980 		}
5981 	}
5982 
5983 	/* Clean this up late, less opportunity for firmware to access
5984 	 * DMA memory we have deleted.
5985 	 */
5986 	ath10k_mac_vif_beacon_cleanup(arvif);
5987 	spin_unlock_bh(&ar->data_lock);
5988 
5989 	ath10k_peer_cleanup(ar, arvif->vdev_id);
5990 	ath10k_mac_txq_unref(ar, vif->txq);
5991 
5992 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5993 		ar->monitor_arvif = NULL;
5994 		ret = ath10k_monitor_recalc(ar);
5995 		if (ret)
5996 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5997 	}
5998 
5999 	ret = ath10k_mac_txpower_recalc(ar);
6000 	if (ret)
6001 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6002 
6003 	spin_lock_bh(&ar->htt.tx_lock);
6004 	ath10k_mac_vif_tx_unlock_all(arvif);
6005 	spin_unlock_bh(&ar->htt.tx_lock);
6006 
6007 	ath10k_mac_txq_unref(ar, vif->txq);
6008 
6009 out:
6010 	mutex_unlock(&ar->conf_mutex);
6011 }
6012 
6013 /*
6014  * FIXME: Has to be verified.
6015  */
6016 #define SUPPORTED_FILTERS			\
6017 	(FIF_ALLMULTI |				\
6018 	FIF_CONTROL |				\
6019 	FIF_PSPOLL |				\
6020 	FIF_OTHER_BSS |				\
6021 	FIF_BCN_PRBRESP_PROMISC |		\
6022 	FIF_PROBE_REQ |				\
6023 	FIF_FCSFAIL)
6024 
6025 static void ath10k_configure_filter(struct ieee80211_hw *hw,
6026 				    unsigned int changed_flags,
6027 				    unsigned int *total_flags,
6028 				    u64 multicast)
6029 {
6030 	struct ath10k *ar = hw->priv;
6031 	int ret;
6032 
6033 	mutex_lock(&ar->conf_mutex);
6034 
6035 	*total_flags &= SUPPORTED_FILTERS;
6036 	ar->filter_flags = *total_flags;
6037 
6038 	ret = ath10k_monitor_recalc(ar);
6039 	if (ret)
6040 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
6041 
6042 	mutex_unlock(&ar->conf_mutex);
6043 }
6044 
6045 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
6046 					 struct ieee80211_vif *vif,
6047 					 struct cfg80211_chan_def *def)
6048 {
6049 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6050 	const struct ieee80211_supported_band *sband;
6051 	u8 basic_rate_idx;
6052 	int hw_rate_code;
6053 	u32 vdev_param;
6054 	u16 bitrate;
6055 	int ret;
6056 
6057 	lockdep_assert_held(&ar->conf_mutex);
6058 
6059 	sband = ar->hw->wiphy->bands[def->chan->band];
6060 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
6061 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
6062 
6063 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
6064 	if (hw_rate_code < 0) {
6065 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
6066 		return;
6067 	}
6068 
6069 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
6070 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6071 					hw_rate_code);
6072 	if (ret)
6073 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
6074 }
6075 
6076 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
6077 				    struct ieee80211_vif *vif,
6078 				    struct ieee80211_bss_conf *info,
6079 				    u64 changed)
6080 {
6081 	struct ath10k *ar = hw->priv;
6082 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6083 	struct cfg80211_chan_def def;
6084 	u32 vdev_param, pdev_param, slottime, preamble;
6085 	u16 bitrate, hw_value;
6086 	u8 rate, rateidx;
6087 	int ret = 0, mcast_rate;
6088 	enum nl80211_band band;
6089 
6090 	mutex_lock(&ar->conf_mutex);
6091 
6092 	if (changed & BSS_CHANGED_IBSS)
6093 		ath10k_control_ibss(arvif, vif);
6094 
6095 	if (changed & BSS_CHANGED_BEACON_INT) {
6096 		arvif->beacon_interval = info->beacon_int;
6097 		vdev_param = ar->wmi.vdev_param->beacon_interval;
6098 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6099 						arvif->beacon_interval);
6100 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6101 			   "mac vdev %d beacon_interval %d\n",
6102 			   arvif->vdev_id, arvif->beacon_interval);
6103 
6104 		if (ret)
6105 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
6106 				    arvif->vdev_id, ret);
6107 	}
6108 
6109 	if (changed & BSS_CHANGED_BEACON) {
6110 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6111 			   "vdev %d set beacon tx mode to staggered\n",
6112 			   arvif->vdev_id);
6113 
6114 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
6115 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
6116 						WMI_BEACON_STAGGERED_MODE);
6117 		if (ret)
6118 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
6119 				    arvif->vdev_id, ret);
6120 
6121 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
6122 		if (ret)
6123 			ath10k_warn(ar, "failed to update beacon template: %d\n",
6124 				    ret);
6125 
6126 		if (ieee80211_vif_is_mesh(vif)) {
6127 			/* mesh doesn't use SSID but firmware needs it */
6128 			strncpy(arvif->u.ap.ssid, "mesh",
6129 				sizeof(arvif->u.ap.ssid));
6130 			arvif->u.ap.ssid_len = 4;
6131 		}
6132 	}
6133 
6134 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
6135 		ret = ath10k_mac_setup_prb_tmpl(arvif);
6136 		if (ret)
6137 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
6138 				    arvif->vdev_id, ret);
6139 	}
6140 
6141 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
6142 		arvif->dtim_period = info->dtim_period;
6143 
6144 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6145 			   "mac vdev %d dtim_period %d\n",
6146 			   arvif->vdev_id, arvif->dtim_period);
6147 
6148 		vdev_param = ar->wmi.vdev_param->dtim_period;
6149 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6150 						arvif->dtim_period);
6151 		if (ret)
6152 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
6153 				    arvif->vdev_id, ret);
6154 	}
6155 
6156 	if (changed & BSS_CHANGED_SSID &&
6157 	    vif->type == NL80211_IFTYPE_AP) {
6158 		arvif->u.ap.ssid_len = vif->cfg.ssid_len;
6159 		if (vif->cfg.ssid_len)
6160 			memcpy(arvif->u.ap.ssid, vif->cfg.ssid,
6161 			       vif->cfg.ssid_len);
6162 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
6163 	}
6164 
6165 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
6166 		ether_addr_copy(arvif->bssid, info->bssid);
6167 
6168 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
6169 	    arvif->ftm_responder != info->ftm_responder &&
6170 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
6171 		arvif->ftm_responder = info->ftm_responder;
6172 
6173 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
6174 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6175 						arvif->ftm_responder);
6176 
6177 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6178 			   "mac vdev %d ftm_responder %d:ret %d\n",
6179 			   arvif->vdev_id, arvif->ftm_responder, ret);
6180 	}
6181 
6182 	if (changed & BSS_CHANGED_BEACON_ENABLED)
6183 		ath10k_control_beaconing(arvif, info);
6184 
6185 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
6186 		arvif->use_cts_prot = info->use_cts_prot;
6187 
6188 		ret = ath10k_recalc_rtscts_prot(arvif);
6189 		if (ret)
6190 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
6191 				    arvif->vdev_id, ret);
6192 
6193 		if (ath10k_mac_can_set_cts_prot(arvif)) {
6194 			ret = ath10k_mac_set_cts_prot(arvif);
6195 			if (ret)
6196 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
6197 					    arvif->vdev_id, ret);
6198 		}
6199 	}
6200 
6201 	if (changed & BSS_CHANGED_ERP_SLOT) {
6202 		if (info->use_short_slot)
6203 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
6204 
6205 		else
6206 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
6207 
6208 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
6209 			   arvif->vdev_id, slottime);
6210 
6211 		vdev_param = ar->wmi.vdev_param->slot_time;
6212 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6213 						slottime);
6214 		if (ret)
6215 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
6216 				    arvif->vdev_id, ret);
6217 	}
6218 
6219 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
6220 		if (info->use_short_preamble)
6221 			preamble = WMI_VDEV_PREAMBLE_SHORT;
6222 		else
6223 			preamble = WMI_VDEV_PREAMBLE_LONG;
6224 
6225 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6226 			   "mac vdev %d preamble %dn",
6227 			   arvif->vdev_id, preamble);
6228 
6229 		vdev_param = ar->wmi.vdev_param->preamble;
6230 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6231 						preamble);
6232 		if (ret)
6233 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
6234 				    arvif->vdev_id, ret);
6235 	}
6236 
6237 	if (changed & BSS_CHANGED_ASSOC) {
6238 		if (vif->cfg.assoc) {
6239 			/* Workaround: Make sure monitor vdev is not running
6240 			 * when associating to prevent some firmware revisions
6241 			 * (e.g. 10.1 and 10.2) from crashing.
6242 			 */
6243 			if (ar->monitor_started)
6244 				ath10k_monitor_stop(ar);
6245 			ath10k_bss_assoc(hw, vif, info);
6246 			ath10k_monitor_recalc(ar);
6247 		} else {
6248 			ath10k_bss_disassoc(hw, vif);
6249 		}
6250 	}
6251 
6252 	if (changed & BSS_CHANGED_TXPOWER) {
6253 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
6254 			   arvif->vdev_id, info->txpower);
6255 
6256 		arvif->txpower = info->txpower;
6257 		ret = ath10k_mac_txpower_recalc(ar);
6258 		if (ret)
6259 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6260 	}
6261 
6262 	if (changed & BSS_CHANGED_PS) {
6263 		arvif->ps = vif->cfg.ps;
6264 
6265 		ret = ath10k_config_ps(ar);
6266 		if (ret)
6267 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
6268 				    arvif->vdev_id, ret);
6269 	}
6270 
6271 	if (changed & BSS_CHANGED_MCAST_RATE &&
6272 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
6273 		band = def.chan->band;
6274 		mcast_rate = vif->bss_conf.mcast_rate[band];
6275 		if (mcast_rate > 0)
6276 			rateidx = mcast_rate - 1;
6277 		else
6278 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
6279 
6280 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6281 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6282 
6283 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
6284 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
6285 		if (ath10k_mac_bitrate_is_cck(bitrate))
6286 			preamble = WMI_RATE_PREAMBLE_CCK;
6287 		else
6288 			preamble = WMI_RATE_PREAMBLE_OFDM;
6289 
6290 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
6291 
6292 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6293 			   "mac vdev %d mcast_rate %x\n",
6294 			   arvif->vdev_id, rate);
6295 
6296 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
6297 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6298 						vdev_param, rate);
6299 		if (ret)
6300 			ath10k_warn(ar,
6301 				    "failed to set mcast rate on vdev %i: %d\n",
6302 				    arvif->vdev_id,  ret);
6303 
6304 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
6305 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6306 						vdev_param, rate);
6307 		if (ret)
6308 			ath10k_warn(ar,
6309 				    "failed to set bcast rate on vdev %i: %d\n",
6310 				    arvif->vdev_id,  ret);
6311 	}
6312 
6313 	if (changed & BSS_CHANGED_BASIC_RATES &&
6314 	    !ath10k_mac_vif_chan(arvif->vif, &def))
6315 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
6316 
6317 	mutex_unlock(&ar->conf_mutex);
6318 }
6319 
6320 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
6321 {
6322 	struct ath10k *ar = hw->priv;
6323 
6324 	/* This function should never be called if setting the coverage class
6325 	 * is not supported on this hardware.
6326 	 */
6327 	if (!ar->hw_params.hw_ops->set_coverage_class) {
6328 		WARN_ON_ONCE(1);
6329 		return;
6330 	}
6331 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
6332 }
6333 
6334 struct ath10k_mac_tdls_iter_data {
6335 	u32 num_tdls_stations;
6336 	struct ieee80211_vif *curr_vif;
6337 };
6338 
6339 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6340 						    struct ieee80211_sta *sta)
6341 {
6342 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6343 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6344 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6345 
6346 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6347 		iter_data->num_tdls_stations++;
6348 }
6349 
6350 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6351 					      struct ieee80211_vif *vif)
6352 {
6353 	struct ath10k_mac_tdls_iter_data data = {};
6354 
6355 	data.curr_vif = vif;
6356 
6357 	ieee80211_iterate_stations_atomic(hw,
6358 					  ath10k_mac_tdls_vif_stations_count_iter,
6359 					  &data);
6360 	return data.num_tdls_stations;
6361 }
6362 
6363 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6364 			  struct ieee80211_vif *vif,
6365 			  struct ieee80211_scan_request *hw_req)
6366 {
6367 	struct ath10k *ar = hw->priv;
6368 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6369 	struct cfg80211_scan_request *req = &hw_req->req;
6370 	struct wmi_start_scan_arg arg;
6371 	int ret = 0;
6372 	int i;
6373 	u32 scan_timeout;
6374 
6375 	mutex_lock(&ar->conf_mutex);
6376 
6377 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6378 		ret = -EBUSY;
6379 		goto exit;
6380 	}
6381 
6382 	spin_lock_bh(&ar->data_lock);
6383 	switch (ar->scan.state) {
6384 	case ATH10K_SCAN_IDLE:
6385 		reinit_completion(&ar->scan.started);
6386 		reinit_completion(&ar->scan.completed);
6387 		ar->scan.state = ATH10K_SCAN_STARTING;
6388 		ar->scan.is_roc = false;
6389 		ar->scan.vdev_id = arvif->vdev_id;
6390 		ret = 0;
6391 		break;
6392 	case ATH10K_SCAN_STARTING:
6393 	case ATH10K_SCAN_RUNNING:
6394 	case ATH10K_SCAN_ABORTING:
6395 		ret = -EBUSY;
6396 		break;
6397 	}
6398 	spin_unlock_bh(&ar->data_lock);
6399 
6400 	if (ret)
6401 		goto exit;
6402 
6403 	memset(&arg, 0, sizeof(arg));
6404 	ath10k_wmi_start_scan_init(ar, &arg);
6405 	arg.vdev_id = arvif->vdev_id;
6406 	arg.scan_id = ATH10K_SCAN_ID;
6407 
6408 	if (req->ie_len) {
6409 		arg.ie_len = req->ie_len;
6410 		memcpy(arg.ie, req->ie, arg.ie_len);
6411 	}
6412 
6413 	if (req->n_ssids) {
6414 		arg.n_ssids = req->n_ssids;
6415 		for (i = 0; i < arg.n_ssids; i++) {
6416 			arg.ssids[i].len  = req->ssids[i].ssid_len;
6417 			arg.ssids[i].ssid = req->ssids[i].ssid;
6418 		}
6419 	} else {
6420 		arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6421 	}
6422 
6423 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6424 		arg.scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6425 		ether_addr_copy(arg.mac_addr.addr, req->mac_addr);
6426 		ether_addr_copy(arg.mac_mask.addr, req->mac_addr_mask);
6427 	}
6428 
6429 	if (req->n_channels) {
6430 		arg.n_channels = req->n_channels;
6431 		for (i = 0; i < arg.n_channels; i++)
6432 			arg.channels[i] = req->channels[i]->center_freq;
6433 	}
6434 
6435 	/* if duration is set, default dwell times will be overwritten */
6436 	if (req->duration) {
6437 		arg.dwell_time_active = req->duration;
6438 		arg.dwell_time_passive = req->duration;
6439 		arg.burst_duration_ms = req->duration;
6440 
6441 		scan_timeout = min_t(u32, arg.max_rest_time *
6442 				(arg.n_channels - 1) + (req->duration +
6443 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6444 				arg.n_channels, arg.max_scan_time);
6445 	} else {
6446 		scan_timeout = arg.max_scan_time;
6447 	}
6448 
6449 	/* Add a 200ms margin to account for event/command processing */
6450 	scan_timeout += 200;
6451 
6452 	ret = ath10k_start_scan(ar, &arg);
6453 	if (ret) {
6454 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6455 		spin_lock_bh(&ar->data_lock);
6456 		ar->scan.state = ATH10K_SCAN_IDLE;
6457 		spin_unlock_bh(&ar->data_lock);
6458 	}
6459 
6460 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6461 				     msecs_to_jiffies(scan_timeout));
6462 
6463 exit:
6464 	mutex_unlock(&ar->conf_mutex);
6465 	return ret;
6466 }
6467 
6468 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6469 				  struct ieee80211_vif *vif)
6470 {
6471 	struct ath10k *ar = hw->priv;
6472 
6473 	mutex_lock(&ar->conf_mutex);
6474 	ath10k_scan_abort(ar);
6475 	mutex_unlock(&ar->conf_mutex);
6476 
6477 	cancel_delayed_work_sync(&ar->scan.timeout);
6478 }
6479 
6480 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6481 					struct ath10k_vif *arvif,
6482 					enum set_key_cmd cmd,
6483 					struct ieee80211_key_conf *key)
6484 {
6485 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6486 	int ret;
6487 
6488 	/* 10.1 firmware branch requires default key index to be set to group
6489 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6490 	 * frames with multi-vif APs. This is not required for main firmware
6491 	 * branch (e.g. 636).
6492 	 *
6493 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6494 	 *
6495 	 * FIXME: It remains unknown if this is required for multi-vif STA
6496 	 * interfaces on 10.1.
6497 	 */
6498 
6499 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6500 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6501 		return;
6502 
6503 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6504 		return;
6505 
6506 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6507 		return;
6508 
6509 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6510 		return;
6511 
6512 	if (cmd != SET_KEY)
6513 		return;
6514 
6515 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6516 					key->keyidx);
6517 	if (ret)
6518 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6519 			    arvif->vdev_id, ret);
6520 }
6521 
6522 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6523 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6524 			  struct ieee80211_key_conf *key)
6525 {
6526 	struct ath10k *ar = hw->priv;
6527 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6528 	struct ath10k_sta *arsta;
6529 	struct ath10k_peer *peer;
6530 	const u8 *peer_addr;
6531 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6532 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6533 	int ret = 0;
6534 	int ret2;
6535 	u32 flags = 0;
6536 	u32 flags2;
6537 
6538 	/* this one needs to be done in software */
6539 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6540 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6541 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6542 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6543 		return 1;
6544 
6545 	if (arvif->nohwcrypt)
6546 		return 1;
6547 
6548 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6549 		return -ENOSPC;
6550 
6551 	mutex_lock(&ar->conf_mutex);
6552 
6553 	if (sta) {
6554 		arsta = (struct ath10k_sta *)sta->drv_priv;
6555 		peer_addr = sta->addr;
6556 		spin_lock_bh(&ar->data_lock);
6557 		arsta->ucast_cipher = key->cipher;
6558 		spin_unlock_bh(&ar->data_lock);
6559 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
6560 		peer_addr = vif->bss_conf.bssid;
6561 	} else {
6562 		peer_addr = vif->addr;
6563 	}
6564 
6565 	key->hw_key_idx = key->keyidx;
6566 
6567 	if (is_wep) {
6568 		if (cmd == SET_KEY)
6569 			arvif->wep_keys[key->keyidx] = key;
6570 		else
6571 			arvif->wep_keys[key->keyidx] = NULL;
6572 	}
6573 
6574 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6575 	 * we already hold conf_mutex. we just make sure its there now.
6576 	 */
6577 	spin_lock_bh(&ar->data_lock);
6578 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6579 	spin_unlock_bh(&ar->data_lock);
6580 
6581 	if (!peer) {
6582 		if (cmd == SET_KEY) {
6583 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6584 				    peer_addr);
6585 			ret = -EOPNOTSUPP;
6586 			goto exit;
6587 		} else {
6588 			/* if the peer doesn't exist there is no key to disable anymore */
6589 			goto exit;
6590 		}
6591 	}
6592 
6593 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6594 		flags |= WMI_KEY_PAIRWISE;
6595 	else
6596 		flags |= WMI_KEY_GROUP;
6597 
6598 	if (is_wep) {
6599 		if (cmd == DISABLE_KEY)
6600 			ath10k_clear_vdev_key(arvif, key);
6601 
6602 		/* When WEP keys are uploaded it's possible that there are
6603 		 * stations associated already (e.g. when merging) without any
6604 		 * keys. Static WEP needs an explicit per-peer key upload.
6605 		 */
6606 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6607 		    cmd == SET_KEY)
6608 			ath10k_mac_vif_update_wep_key(arvif, key);
6609 
6610 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6611 		 * call changes default tx key.
6612 		 *
6613 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6614 		 * after first set_key().
6615 		 */
6616 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6617 			flags |= WMI_KEY_TX_USAGE;
6618 	}
6619 
6620 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6621 	if (ret) {
6622 		WARN_ON(ret > 0);
6623 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6624 			    arvif->vdev_id, peer_addr, ret);
6625 		goto exit;
6626 	}
6627 
6628 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6629 	 * them to be installed twice as both pairwise and groupwise.
6630 	 */
6631 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6632 		flags2 = flags;
6633 		flags2 &= ~WMI_KEY_GROUP;
6634 		flags2 |= WMI_KEY_PAIRWISE;
6635 
6636 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6637 		if (ret) {
6638 			WARN_ON(ret > 0);
6639 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6640 				    arvif->vdev_id, peer_addr, ret);
6641 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6642 						  peer_addr, flags);
6643 			if (ret2) {
6644 				WARN_ON(ret2 > 0);
6645 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6646 					    arvif->vdev_id, peer_addr, ret2);
6647 			}
6648 			goto exit;
6649 		}
6650 	}
6651 
6652 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6653 
6654 	spin_lock_bh(&ar->data_lock);
6655 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6656 	if (peer && cmd == SET_KEY)
6657 		peer->keys[key->keyidx] = key;
6658 	else if (peer && cmd == DISABLE_KEY)
6659 		peer->keys[key->keyidx] = NULL;
6660 	else if (peer == NULL)
6661 		/* impossible unless FW goes crazy */
6662 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6663 	spin_unlock_bh(&ar->data_lock);
6664 
6665 	if (sta && sta->tdls)
6666 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6667 					  ar->wmi.peer_param->authorize, 1);
6668 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6669 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6670 					  ar->wmi.peer_param->authorize, 1);
6671 
6672 exit:
6673 	mutex_unlock(&ar->conf_mutex);
6674 	return ret;
6675 }
6676 
6677 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6678 					   struct ieee80211_vif *vif,
6679 					   int keyidx)
6680 {
6681 	struct ath10k *ar = hw->priv;
6682 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6683 	int ret;
6684 
6685 	mutex_lock(&arvif->ar->conf_mutex);
6686 
6687 	if (arvif->ar->state != ATH10K_STATE_ON)
6688 		goto unlock;
6689 
6690 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6691 		   arvif->vdev_id, keyidx);
6692 
6693 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6694 					arvif->vdev_id,
6695 					arvif->ar->wmi.vdev_param->def_keyid,
6696 					keyidx);
6697 
6698 	if (ret) {
6699 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6700 			    arvif->vdev_id,
6701 			    ret);
6702 		goto unlock;
6703 	}
6704 
6705 	arvif->def_wep_key_idx = keyidx;
6706 
6707 unlock:
6708 	mutex_unlock(&arvif->ar->conf_mutex);
6709 }
6710 
6711 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6712 {
6713 	struct ath10k *ar;
6714 	struct ath10k_vif *arvif;
6715 	struct ath10k_sta *arsta;
6716 	struct ieee80211_sta *sta;
6717 	struct cfg80211_chan_def def;
6718 	enum nl80211_band band;
6719 	const u8 *ht_mcs_mask;
6720 	const u16 *vht_mcs_mask;
6721 	u32 changed, bw, nss, smps;
6722 	int err;
6723 
6724 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6725 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6726 	arvif = arsta->arvif;
6727 	ar = arvif->ar;
6728 
6729 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6730 		return;
6731 
6732 	band = def.chan->band;
6733 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6734 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6735 
6736 	spin_lock_bh(&ar->data_lock);
6737 
6738 	changed = arsta->changed;
6739 	arsta->changed = 0;
6740 
6741 	bw = arsta->bw;
6742 	nss = arsta->nss;
6743 	smps = arsta->smps;
6744 
6745 	spin_unlock_bh(&ar->data_lock);
6746 
6747 	mutex_lock(&ar->conf_mutex);
6748 
6749 	nss = max_t(u32, 1, nss);
6750 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6751 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6752 
6753 	if (changed & IEEE80211_RC_BW_CHANGED) {
6754 		enum wmi_phy_mode mode;
6755 
6756 		mode = chan_to_phymode(&def);
6757 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM peer bw %d phymode %d\n",
6758 			   sta->addr, bw, mode);
6759 
6760 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6761 						ar->wmi.peer_param->phymode, mode);
6762 		if (err) {
6763 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6764 				    sta->addr, mode, err);
6765 			goto exit;
6766 		}
6767 
6768 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6769 						ar->wmi.peer_param->chan_width, bw);
6770 		if (err)
6771 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6772 				    sta->addr, bw, err);
6773 	}
6774 
6775 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6776 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM nss %d\n",
6777 			   sta->addr, nss);
6778 
6779 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6780 						ar->wmi.peer_param->nss, nss);
6781 		if (err)
6782 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6783 				    sta->addr, nss, err);
6784 	}
6785 
6786 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6787 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM smps %d\n",
6788 			   sta->addr, smps);
6789 
6790 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6791 						ar->wmi.peer_param->smps_state, smps);
6792 		if (err)
6793 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6794 				    sta->addr, smps, err);
6795 	}
6796 
6797 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6798 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM supp rates\n",
6799 			   sta->addr);
6800 
6801 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6802 		if (err)
6803 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6804 				    sta->addr);
6805 	}
6806 
6807 exit:
6808 	mutex_unlock(&ar->conf_mutex);
6809 }
6810 
6811 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6812 				       struct ieee80211_sta *sta)
6813 {
6814 	struct ath10k *ar = arvif->ar;
6815 
6816 	lockdep_assert_held(&ar->conf_mutex);
6817 
6818 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6819 		return 0;
6820 
6821 	if (ar->num_stations >= ar->max_num_stations)
6822 		return -ENOBUFS;
6823 
6824 	ar->num_stations++;
6825 
6826 	return 0;
6827 }
6828 
6829 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6830 					struct ieee80211_sta *sta)
6831 {
6832 	struct ath10k *ar = arvif->ar;
6833 
6834 	lockdep_assert_held(&ar->conf_mutex);
6835 
6836 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6837 		return;
6838 
6839 	ar->num_stations--;
6840 }
6841 
6842 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6843 				struct ieee80211_vif *vif,
6844 				struct ieee80211_sta *sta)
6845 {
6846 	struct ath10k *ar = hw->priv;
6847 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6848 	int ret = 0;
6849 	s16 txpwr;
6850 
6851 	if (sta->deflink.txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6852 		txpwr = 0;
6853 	} else {
6854 		txpwr = sta->deflink.txpwr.power;
6855 		if (!txpwr)
6856 			return -EINVAL;
6857 	}
6858 
6859 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6860 		return -EINVAL;
6861 
6862 	mutex_lock(&ar->conf_mutex);
6863 
6864 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6865 					ar->wmi.peer_param->use_fixed_power, txpwr);
6866 	if (ret) {
6867 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6868 			    ret);
6869 		goto out;
6870 	}
6871 
6872 out:
6873 	mutex_unlock(&ar->conf_mutex);
6874 	return ret;
6875 }
6876 
6877 struct ath10k_mac_iter_tid_conf_data {
6878 	struct ieee80211_vif *curr_vif;
6879 	struct ath10k *ar;
6880 	bool reset_config;
6881 };
6882 
6883 static bool
6884 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6885 					enum nl80211_band band,
6886 					const struct cfg80211_bitrate_mask *mask,
6887 					int *vht_num_rates)
6888 {
6889 	int num_rates = 0;
6890 	int i, tmp;
6891 
6892 	num_rates += hweight32(mask->control[band].legacy);
6893 
6894 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6895 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6896 
6897 	*vht_num_rates = 0;
6898 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6899 		tmp = hweight16(mask->control[band].vht_mcs[i]);
6900 		num_rates += tmp;
6901 		*vht_num_rates += tmp;
6902 	}
6903 
6904 	return num_rates == 1;
6905 }
6906 
6907 static int
6908 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6909 					enum nl80211_band band,
6910 					const struct cfg80211_bitrate_mask *mask,
6911 					u8 *rate, u8 *nss, bool vht_only)
6912 {
6913 	int rate_idx;
6914 	int i;
6915 	u16 bitrate;
6916 	u8 preamble;
6917 	u8 hw_rate;
6918 
6919 	if (vht_only)
6920 		goto next;
6921 
6922 	if (hweight32(mask->control[band].legacy) == 1) {
6923 		rate_idx = ffs(mask->control[band].legacy) - 1;
6924 
6925 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6926 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6927 
6928 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
6929 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
6930 
6931 		if (ath10k_mac_bitrate_is_cck(bitrate))
6932 			preamble = WMI_RATE_PREAMBLE_CCK;
6933 		else
6934 			preamble = WMI_RATE_PREAMBLE_OFDM;
6935 
6936 		*nss = 1;
6937 		*rate = preamble << 6 |
6938 			(*nss - 1) << 4 |
6939 			hw_rate << 0;
6940 
6941 		return 0;
6942 	}
6943 
6944 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6945 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6946 			*nss = i + 1;
6947 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6948 				(*nss - 1) << 4 |
6949 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6950 
6951 			return 0;
6952 		}
6953 	}
6954 
6955 next:
6956 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6957 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6958 			*nss = i + 1;
6959 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6960 				(*nss - 1) << 4 |
6961 				(ffs(mask->control[band].vht_mcs[i]) - 1);
6962 
6963 			return 0;
6964 		}
6965 	}
6966 
6967 	return -EINVAL;
6968 }
6969 
6970 static int ath10k_mac_validate_rate_mask(struct ath10k *ar,
6971 					 struct ieee80211_sta *sta,
6972 					 u32 rate_ctrl_flag, u8 nss)
6973 {
6974 	struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
6975 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
6976 
6977 	if (nss > sta->deflink.rx_nss) {
6978 		ath10k_warn(ar, "Invalid nss field, configured %u limit %u\n",
6979 			    nss, sta->deflink.rx_nss);
6980 		return -EINVAL;
6981 	}
6982 
6983 	if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_VHT) {
6984 		if (!vht_cap->vht_supported) {
6985 			ath10k_warn(ar, "Invalid VHT rate for sta %pM\n",
6986 				    sta->addr);
6987 			return -EINVAL;
6988 		}
6989 	} else if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_HT) {
6990 		if (!ht_cap->ht_supported || vht_cap->vht_supported) {
6991 			ath10k_warn(ar, "Invalid HT rate for sta %pM\n",
6992 				    sta->addr);
6993 			return -EINVAL;
6994 		}
6995 	} else {
6996 		if (ht_cap->ht_supported || vht_cap->vht_supported)
6997 			return -EINVAL;
6998 	}
6999 
7000 	return 0;
7001 }
7002 
7003 static int
7004 ath10k_mac_tid_bitrate_config(struct ath10k *ar,
7005 			      struct ieee80211_vif *vif,
7006 			      struct ieee80211_sta *sta,
7007 			      u32 *rate_ctrl_flag, u8 *rate_ctrl,
7008 			      enum nl80211_tx_rate_setting txrate_type,
7009 			      const struct cfg80211_bitrate_mask *mask)
7010 {
7011 	struct cfg80211_chan_def def;
7012 	enum nl80211_band band;
7013 	u8 nss, rate;
7014 	int vht_num_rates, ret;
7015 
7016 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
7017 		return -EINVAL;
7018 
7019 	if (txrate_type == NL80211_TX_RATE_AUTOMATIC) {
7020 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7021 		*rate_ctrl_flag = 0;
7022 		return 0;
7023 	}
7024 
7025 	band = def.chan->band;
7026 
7027 	if (!ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
7028 						     &vht_num_rates)) {
7029 		return -EINVAL;
7030 	}
7031 
7032 	ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
7033 						      &rate, &nss, false);
7034 	if (ret) {
7035 		ath10k_warn(ar, "failed to get single rate: %d\n",
7036 			    ret);
7037 		return ret;
7038 	}
7039 
7040 	*rate_ctrl_flag = rate;
7041 
7042 	if (sta && ath10k_mac_validate_rate_mask(ar, sta, *rate_ctrl_flag, nss))
7043 		return -EINVAL;
7044 
7045 	if (txrate_type == NL80211_TX_RATE_FIXED)
7046 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_FIXED_RATE;
7047 	else if (txrate_type == NL80211_TX_RATE_LIMITED &&
7048 		 (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
7049 			   ar->wmi.svc_map)))
7050 		*rate_ctrl = WMI_PEER_TID_CONFIG_RATE_UPPER_CAP;
7051 	else
7052 		return -EOPNOTSUPP;
7053 
7054 	return 0;
7055 }
7056 
7057 static int ath10k_mac_set_tid_config(struct ath10k *ar, struct ieee80211_sta *sta,
7058 				     struct ieee80211_vif *vif, u32 changed,
7059 				     struct wmi_per_peer_per_tid_cfg_arg *arg)
7060 {
7061 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7062 	struct ath10k_sta *arsta;
7063 	int ret;
7064 
7065 	if (sta) {
7066 		if (!sta->wme)
7067 			return -ENOTSUPP;
7068 
7069 		arsta = (struct ath10k_sta *)sta->drv_priv;
7070 
7071 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7072 			if ((arsta->retry_long[arg->tid] > 0 ||
7073 			     arsta->rate_code[arg->tid] > 0 ||
7074 			     arsta->ampdu[arg->tid] ==
7075 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7076 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7077 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7078 				arg->ack_policy = 0;
7079 				arg->aggr_control = 0;
7080 				arg->rate_ctrl = 0;
7081 				arg->rcode_flags = 0;
7082 			}
7083 		}
7084 
7085 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7086 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7087 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7088 				arg->aggr_control = 0;
7089 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7090 			}
7091 		}
7092 
7093 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7094 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7095 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7096 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7097 				arg->rate_ctrl = 0;
7098 				arg->rcode_flags = 0;
7099 			}
7100 		}
7101 
7102 		ether_addr_copy(arg->peer_macaddr.addr, sta->addr);
7103 
7104 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, arg);
7105 		if (ret)
7106 			return ret;
7107 
7108 		/* Store the configured parameters in success case */
7109 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7110 			arsta->noack[arg->tid] = arg->ack_policy;
7111 			arg->ack_policy = 0;
7112 			arg->aggr_control = 0;
7113 			arg->rate_ctrl = 0;
7114 			arg->rcode_flags = 0;
7115 		}
7116 
7117 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7118 			arsta->retry_long[arg->tid] = arg->retry_count;
7119 			arg->retry_count = 0;
7120 		}
7121 
7122 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7123 			arsta->ampdu[arg->tid] = arg->aggr_control;
7124 			arg->aggr_control = 0;
7125 		}
7126 
7127 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7128 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7129 			arsta->rate_ctrl[arg->tid] = arg->rate_ctrl;
7130 			arg->rate_ctrl = 0;
7131 			arg->rcode_flags = 0;
7132 		}
7133 
7134 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7135 			arsta->rtscts[arg->tid] = arg->rtscts_ctrl;
7136 			arg->ext_tid_cfg_bitmap = 0;
7137 		}
7138 	} else {
7139 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7140 			if ((arvif->retry_long[arg->tid] ||
7141 			     arvif->rate_code[arg->tid] ||
7142 			     arvif->ampdu[arg->tid] ==
7143 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7144 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7145 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7146 			} else {
7147 				arvif->noack[arg->tid] = arg->ack_policy;
7148 				arvif->ampdu[arg->tid] = arg->aggr_control;
7149 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7150 			}
7151 		}
7152 
7153 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7154 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7155 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7156 			else
7157 				arvif->retry_long[arg->tid] = arg->retry_count;
7158 		}
7159 
7160 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7161 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7162 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
7163 			else
7164 				arvif->ampdu[arg->tid] = arg->aggr_control;
7165 		}
7166 
7167 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7168 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7169 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7170 				changed &= ~(BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7171 					     BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE));
7172 			} else {
7173 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7174 				arvif->rate_code[arg->tid] = arg->rcode_flags;
7175 			}
7176 		}
7177 
7178 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7179 			arvif->rtscts[arg->tid] = arg->rtscts_ctrl;
7180 			arg->ext_tid_cfg_bitmap = 0;
7181 		}
7182 
7183 		if (changed)
7184 			arvif->tid_conf_changed[arg->tid] |= changed;
7185 	}
7186 
7187 	return 0;
7188 }
7189 
7190 static int
7191 ath10k_mac_parse_tid_config(struct ath10k *ar,
7192 			    struct ieee80211_sta *sta,
7193 			    struct ieee80211_vif *vif,
7194 			    struct cfg80211_tid_cfg *tid_conf,
7195 			    struct wmi_per_peer_per_tid_cfg_arg *arg)
7196 {
7197 	u32 changed = tid_conf->mask;
7198 	int ret = 0, i = 0;
7199 
7200 	if (!changed)
7201 		return -EINVAL;
7202 
7203 	while (i < ATH10K_TID_MAX) {
7204 		if (!(tid_conf->tids & BIT(i))) {
7205 			i++;
7206 			continue;
7207 		}
7208 
7209 		arg->tid = i;
7210 
7211 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7212 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE) {
7213 				arg->ack_policy = WMI_PEER_TID_CONFIG_NOACK;
7214 				arg->rate_ctrl =
7215 				WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
7216 				arg->aggr_control =
7217 					WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7218 			} else {
7219 				arg->ack_policy =
7220 					WMI_PEER_TID_CONFIG_ACK;
7221 				arg->rate_ctrl =
7222 					WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7223 				arg->aggr_control =
7224 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7225 			}
7226 		}
7227 
7228 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG))
7229 			arg->retry_count = tid_conf->retry_long;
7230 
7231 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7232 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE)
7233 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7234 			else
7235 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7236 		}
7237 
7238 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7239 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7240 			ret = ath10k_mac_tid_bitrate_config(ar, vif, sta,
7241 							    &arg->rcode_flags,
7242 							    &arg->rate_ctrl,
7243 							    tid_conf->txrate_type,
7244 							&tid_conf->txrate_mask);
7245 			if (ret) {
7246 				ath10k_warn(ar, "failed to configure bitrate mask %d\n",
7247 					    ret);
7248 				arg->rcode_flags = 0;
7249 				arg->rate_ctrl = 0;
7250 			}
7251 		}
7252 
7253 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7254 			if (tid_conf->rtscts)
7255 				arg->rtscts_ctrl = tid_conf->rtscts;
7256 
7257 			arg->ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7258 		}
7259 
7260 		ret = ath10k_mac_set_tid_config(ar, sta, vif, changed, arg);
7261 		if (ret)
7262 			return ret;
7263 		i++;
7264 	}
7265 
7266 	return ret;
7267 }
7268 
7269 static int ath10k_mac_reset_tid_config(struct ath10k *ar,
7270 				       struct ieee80211_sta *sta,
7271 				       struct ath10k_vif *arvif,
7272 				       u8 tids)
7273 {
7274 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7275 	struct wmi_per_peer_per_tid_cfg_arg arg;
7276 	int ret = 0, i = 0;
7277 
7278 	arg.vdev_id = arvif->vdev_id;
7279 	while (i < ATH10K_TID_MAX) {
7280 		if (!(tids & BIT(i))) {
7281 			i++;
7282 			continue;
7283 		}
7284 
7285 		arg.tid = i;
7286 		arg.ack_policy = WMI_PEER_TID_CONFIG_ACK;
7287 		arg.retry_count = ATH10K_MAX_RETRY_COUNT;
7288 		arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7289 		arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7290 		arg.rtscts_ctrl = WMI_TID_CONFIG_RTSCTS_CONTROL_ENABLE;
7291 		arg.ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7292 
7293 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7294 
7295 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7296 		if (ret)
7297 			return ret;
7298 
7299 		if (!arvif->tids_rst) {
7300 			arsta->retry_long[i] = -1;
7301 			arsta->noack[i] = -1;
7302 			arsta->ampdu[i] = -1;
7303 			arsta->rate_code[i] = -1;
7304 			arsta->rate_ctrl[i] = 0;
7305 			arsta->rtscts[i] = -1;
7306 		} else {
7307 			arvif->retry_long[i] = 0;
7308 			arvif->noack[i] = 0;
7309 			arvif->ampdu[i] = 0;
7310 			arvif->rate_code[i] = 0;
7311 			arvif->rate_ctrl[i] = 0;
7312 			arvif->rtscts[i] = 0;
7313 		}
7314 
7315 		i++;
7316 	}
7317 
7318 	return ret;
7319 }
7320 
7321 static void ath10k_sta_tid_cfg_wk(struct work_struct *wk)
7322 {
7323 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
7324 	struct ieee80211_sta *sta;
7325 	struct ath10k_sta *arsta;
7326 	struct ath10k_vif *arvif;
7327 	struct ath10k *ar;
7328 	bool config_apply;
7329 	int ret, i;
7330 	u32 changed;
7331 	u8 nss;
7332 
7333 	arsta = container_of(wk, struct ath10k_sta, tid_config_wk);
7334 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
7335 	arvif = arsta->arvif;
7336 	ar = arvif->ar;
7337 
7338 	mutex_lock(&ar->conf_mutex);
7339 
7340 	if (arvif->tids_rst) {
7341 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif,
7342 						  arvif->tids_rst);
7343 		goto exit;
7344 	}
7345 
7346 	ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7347 
7348 	for (i = 0; i < ATH10K_TID_MAX; i++) {
7349 		config_apply = false;
7350 		changed = arvif->tid_conf_changed[i];
7351 
7352 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7353 			if (arsta->noack[i] != -1) {
7354 				arg.ack_policy  = 0;
7355 			} else {
7356 				config_apply = true;
7357 				arg.ack_policy = arvif->noack[i];
7358 				arg.aggr_control = arvif->ampdu[i];
7359 				arg.rate_ctrl = arvif->rate_ctrl[i];
7360 			}
7361 		}
7362 
7363 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7364 			if (arsta->retry_long[i] != -1 ||
7365 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7366 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7367 				arg.retry_count = 0;
7368 			} else {
7369 				arg.retry_count = arvif->retry_long[i];
7370 				config_apply = true;
7371 			}
7372 		}
7373 
7374 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7375 			if (arsta->ampdu[i] != -1 ||
7376 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7377 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7378 				arg.aggr_control = 0;
7379 			} else {
7380 				arg.aggr_control = arvif->ampdu[i];
7381 				config_apply = true;
7382 			}
7383 		}
7384 
7385 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7386 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7387 			nss = ATH10K_HW_NSS(arvif->rate_code[i]);
7388 			ret = ath10k_mac_validate_rate_mask(ar, sta,
7389 							    arvif->rate_code[i],
7390 							    nss);
7391 			if (ret &&
7392 			    arvif->rate_ctrl[i] > WMI_TID_CONFIG_RATE_CONTROL_AUTO) {
7393 				arg.rate_ctrl = 0;
7394 				arg.rcode_flags = 0;
7395 			}
7396 
7397 			if (arsta->rate_ctrl[i] >
7398 			    WMI_TID_CONFIG_RATE_CONTROL_AUTO ||
7399 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7400 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7401 				arg.rate_ctrl = 0;
7402 				arg.rcode_flags = 0;
7403 			} else {
7404 				arg.rate_ctrl = arvif->rate_ctrl[i];
7405 				arg.rcode_flags = arvif->rate_code[i];
7406 				config_apply = true;
7407 			}
7408 		}
7409 
7410 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7411 			if (arsta->rtscts[i]) {
7412 				arg.rtscts_ctrl = 0;
7413 				arg.ext_tid_cfg_bitmap = 0;
7414 			} else {
7415 				arg.rtscts_ctrl = arvif->rtscts[i] - 1;
7416 				arg.ext_tid_cfg_bitmap =
7417 					WMI_EXT_TID_RTS_CTS_CONFIG;
7418 				config_apply = true;
7419 			}
7420 		}
7421 
7422 		arg.tid = i;
7423 
7424 		if (config_apply) {
7425 			ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7426 			if (ret)
7427 				ath10k_warn(ar, "failed to set per tid config for sta %pM: %d\n",
7428 					    sta->addr, ret);
7429 		}
7430 
7431 		arg.ack_policy  = 0;
7432 		arg.retry_count  = 0;
7433 		arg.aggr_control  = 0;
7434 		arg.rate_ctrl = 0;
7435 		arg.rcode_flags = 0;
7436 	}
7437 
7438 exit:
7439 	mutex_unlock(&ar->conf_mutex);
7440 }
7441 
7442 static void ath10k_mac_vif_stations_tid_conf(void *data,
7443 					     struct ieee80211_sta *sta)
7444 {
7445 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7446 	struct ath10k_mac_iter_tid_conf_data *iter_data = data;
7447 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
7448 
7449 	if (sta_vif != iter_data->curr_vif || !sta->wme)
7450 		return;
7451 
7452 	ieee80211_queue_work(iter_data->ar->hw, &arsta->tid_config_wk);
7453 }
7454 
7455 static int ath10k_sta_state(struct ieee80211_hw *hw,
7456 			    struct ieee80211_vif *vif,
7457 			    struct ieee80211_sta *sta,
7458 			    enum ieee80211_sta_state old_state,
7459 			    enum ieee80211_sta_state new_state)
7460 {
7461 	struct ath10k *ar = hw->priv;
7462 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7463 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7464 	struct ath10k_peer *peer;
7465 	int ret = 0;
7466 	int i;
7467 
7468 	if (old_state == IEEE80211_STA_NOTEXIST &&
7469 	    new_state == IEEE80211_STA_NONE) {
7470 		memset(arsta, 0, sizeof(*arsta));
7471 		arsta->arvif = arvif;
7472 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
7473 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
7474 		INIT_WORK(&arsta->tid_config_wk, ath10k_sta_tid_cfg_wk);
7475 
7476 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7477 			ath10k_mac_txq_init(sta->txq[i]);
7478 	}
7479 
7480 	/* cancel must be done outside the mutex to avoid deadlock */
7481 	if ((old_state == IEEE80211_STA_NONE &&
7482 	     new_state == IEEE80211_STA_NOTEXIST)) {
7483 		cancel_work_sync(&arsta->update_wk);
7484 		cancel_work_sync(&arsta->tid_config_wk);
7485 	}
7486 
7487 	mutex_lock(&ar->conf_mutex);
7488 
7489 	if (old_state == IEEE80211_STA_NOTEXIST &&
7490 	    new_state == IEEE80211_STA_NONE) {
7491 		/*
7492 		 * New station addition.
7493 		 */
7494 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
7495 		u32 num_tdls_stations;
7496 
7497 		ath10k_dbg(ar, ATH10K_DBG_STA,
7498 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
7499 			   arvif->vdev_id, sta->addr,
7500 			   ar->num_stations + 1, ar->max_num_stations,
7501 			   ar->num_peers + 1, ar->max_num_peers);
7502 
7503 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
7504 
7505 		if (sta->tdls) {
7506 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
7507 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
7508 					    arvif->vdev_id,
7509 					    ar->max_num_tdls_vdevs);
7510 				ret = -ELNRNG;
7511 				goto exit;
7512 			}
7513 			peer_type = WMI_PEER_TYPE_TDLS;
7514 		}
7515 
7516 		ret = ath10k_mac_inc_num_stations(arvif, sta);
7517 		if (ret) {
7518 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
7519 				    ar->max_num_stations);
7520 			goto exit;
7521 		}
7522 
7523 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7524 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
7525 						  GFP_KERNEL);
7526 			if (!arsta->tx_stats) {
7527 				ath10k_mac_dec_num_stations(arvif, sta);
7528 				ret = -ENOMEM;
7529 				goto exit;
7530 			}
7531 		}
7532 
7533 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
7534 					 sta->addr, peer_type);
7535 		if (ret) {
7536 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
7537 				    sta->addr, arvif->vdev_id, ret);
7538 			ath10k_mac_dec_num_stations(arvif, sta);
7539 			kfree(arsta->tx_stats);
7540 			goto exit;
7541 		}
7542 
7543 		spin_lock_bh(&ar->data_lock);
7544 
7545 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7546 		if (!peer) {
7547 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
7548 				    vif->addr, arvif->vdev_id);
7549 			spin_unlock_bh(&ar->data_lock);
7550 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7551 			ath10k_mac_dec_num_stations(arvif, sta);
7552 			kfree(arsta->tx_stats);
7553 			ret = -ENOENT;
7554 			goto exit;
7555 		}
7556 
7557 		arsta->peer_id = find_first_bit(peer->peer_ids,
7558 						ATH10K_MAX_NUM_PEER_IDS);
7559 
7560 		spin_unlock_bh(&ar->data_lock);
7561 
7562 		if (!sta->tdls)
7563 			goto exit;
7564 
7565 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7566 						      WMI_TDLS_ENABLE_ACTIVE);
7567 		if (ret) {
7568 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7569 				    arvif->vdev_id, ret);
7570 			ath10k_peer_delete(ar, arvif->vdev_id,
7571 					   sta->addr);
7572 			ath10k_mac_dec_num_stations(arvif, sta);
7573 			kfree(arsta->tx_stats);
7574 			goto exit;
7575 		}
7576 
7577 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7578 						  WMI_TDLS_PEER_STATE_PEERING);
7579 		if (ret) {
7580 			ath10k_warn(ar,
7581 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
7582 				    sta->addr, arvif->vdev_id, ret);
7583 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7584 			ath10k_mac_dec_num_stations(arvif, sta);
7585 			kfree(arsta->tx_stats);
7586 
7587 			if (num_tdls_stations != 0)
7588 				goto exit;
7589 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7590 							WMI_TDLS_DISABLE);
7591 		}
7592 	} else if ((old_state == IEEE80211_STA_NONE &&
7593 		    new_state == IEEE80211_STA_NOTEXIST)) {
7594 		/*
7595 		 * Existing station deletion.
7596 		 */
7597 		ath10k_dbg(ar, ATH10K_DBG_STA,
7598 			   "mac vdev %d peer delete %pM sta %pK (sta gone)\n",
7599 			   arvif->vdev_id, sta->addr, sta);
7600 
7601 		if (sta->tdls) {
7602 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
7603 							  sta,
7604 							  WMI_TDLS_PEER_STATE_TEARDOWN);
7605 			if (ret)
7606 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
7607 					    sta->addr,
7608 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
7609 		}
7610 
7611 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7612 		if (ret)
7613 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
7614 				    sta->addr, arvif->vdev_id, ret);
7615 
7616 		ath10k_mac_dec_num_stations(arvif, sta);
7617 
7618 		spin_lock_bh(&ar->data_lock);
7619 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
7620 			peer = ar->peer_map[i];
7621 			if (!peer)
7622 				continue;
7623 
7624 			if (peer->sta == sta) {
7625 				ath10k_warn(ar, "found sta peer %pM (ptr %pK id %d) entry on vdev %i after it was supposedly removed\n",
7626 					    sta->addr, peer, i, arvif->vdev_id);
7627 				peer->sta = NULL;
7628 
7629 				/* Clean up the peer object as well since we
7630 				 * must have failed to do this above.
7631 				 */
7632 				ath10k_peer_map_cleanup(ar, peer);
7633 			}
7634 		}
7635 		spin_unlock_bh(&ar->data_lock);
7636 
7637 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7638 			kfree(arsta->tx_stats);
7639 			arsta->tx_stats = NULL;
7640 		}
7641 
7642 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7643 			ath10k_mac_txq_unref(ar, sta->txq[i]);
7644 
7645 		if (!sta->tdls)
7646 			goto exit;
7647 
7648 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
7649 			goto exit;
7650 
7651 		/* This was the last tdls peer in current vif */
7652 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7653 						      WMI_TDLS_DISABLE);
7654 		if (ret) {
7655 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7656 				    arvif->vdev_id, ret);
7657 		}
7658 	} else if (old_state == IEEE80211_STA_AUTH &&
7659 		   new_state == IEEE80211_STA_ASSOC &&
7660 		   (vif->type == NL80211_IFTYPE_AP ||
7661 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
7662 		    vif->type == NL80211_IFTYPE_ADHOC)) {
7663 		/*
7664 		 * New association.
7665 		 */
7666 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM associated\n",
7667 			   sta->addr);
7668 
7669 		ret = ath10k_station_assoc(ar, vif, sta, false);
7670 		if (ret)
7671 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
7672 				    sta->addr, arvif->vdev_id, ret);
7673 	} else if (old_state == IEEE80211_STA_ASSOC &&
7674 		   new_state == IEEE80211_STA_AUTHORIZED &&
7675 		   sta->tdls) {
7676 		/*
7677 		 * Tdls station authorized.
7678 		 */
7679 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac tdls sta %pM authorized\n",
7680 			   sta->addr);
7681 
7682 		ret = ath10k_station_assoc(ar, vif, sta, false);
7683 		if (ret) {
7684 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
7685 				    sta->addr, arvif->vdev_id, ret);
7686 			goto exit;
7687 		}
7688 
7689 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7690 						  WMI_TDLS_PEER_STATE_CONNECTED);
7691 		if (ret)
7692 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
7693 				    sta->addr, arvif->vdev_id, ret);
7694 	} else if (old_state == IEEE80211_STA_ASSOC &&
7695 		    new_state == IEEE80211_STA_AUTH &&
7696 		    (vif->type == NL80211_IFTYPE_AP ||
7697 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
7698 		     vif->type == NL80211_IFTYPE_ADHOC)) {
7699 		/*
7700 		 * Disassociation.
7701 		 */
7702 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM disassociated\n",
7703 			   sta->addr);
7704 
7705 		ret = ath10k_station_disassoc(ar, vif, sta);
7706 		if (ret)
7707 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
7708 				    sta->addr, arvif->vdev_id, ret);
7709 	}
7710 exit:
7711 	mutex_unlock(&ar->conf_mutex);
7712 	return ret;
7713 }
7714 
7715 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
7716 				u16 ac, bool enable)
7717 {
7718 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7719 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
7720 	u32 prio = 0, acc = 0;
7721 	u32 value = 0;
7722 	int ret = 0;
7723 
7724 	lockdep_assert_held(&ar->conf_mutex);
7725 
7726 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
7727 		return 0;
7728 
7729 	switch (ac) {
7730 	case IEEE80211_AC_VO:
7731 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
7732 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
7733 		prio = 7;
7734 		acc = 3;
7735 		break;
7736 	case IEEE80211_AC_VI:
7737 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
7738 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
7739 		prio = 5;
7740 		acc = 2;
7741 		break;
7742 	case IEEE80211_AC_BE:
7743 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
7744 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
7745 		prio = 2;
7746 		acc = 1;
7747 		break;
7748 	case IEEE80211_AC_BK:
7749 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
7750 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
7751 		prio = 0;
7752 		acc = 0;
7753 		break;
7754 	}
7755 
7756 	if (enable)
7757 		arvif->u.sta.uapsd |= value;
7758 	else
7759 		arvif->u.sta.uapsd &= ~value;
7760 
7761 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7762 					  WMI_STA_PS_PARAM_UAPSD,
7763 					  arvif->u.sta.uapsd);
7764 	if (ret) {
7765 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
7766 		goto exit;
7767 	}
7768 
7769 	if (arvif->u.sta.uapsd)
7770 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
7771 	else
7772 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
7773 
7774 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7775 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
7776 					  value);
7777 	if (ret)
7778 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
7779 
7780 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
7781 	if (ret) {
7782 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
7783 			    arvif->vdev_id, ret);
7784 		return ret;
7785 	}
7786 
7787 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
7788 	if (ret) {
7789 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
7790 			    arvif->vdev_id, ret);
7791 		return ret;
7792 	}
7793 
7794 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
7795 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
7796 		/* Only userspace can make an educated decision when to send
7797 		 * trigger frame. The following effectively disables u-UAPSD
7798 		 * autotrigger in firmware (which is enabled by default
7799 		 * provided the autotrigger service is available).
7800 		 */
7801 
7802 		arg.wmm_ac = acc;
7803 		arg.user_priority = prio;
7804 		arg.service_interval = 0;
7805 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7806 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7807 
7808 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
7809 						arvif->bssid, &arg, 1);
7810 		if (ret) {
7811 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
7812 				    ret);
7813 			return ret;
7814 		}
7815 	}
7816 
7817 exit:
7818 	return ret;
7819 }
7820 
7821 static int ath10k_conf_tx(struct ieee80211_hw *hw,
7822 			  struct ieee80211_vif *vif,
7823 			  unsigned int link_id, u16 ac,
7824 			  const struct ieee80211_tx_queue_params *params)
7825 {
7826 	struct ath10k *ar = hw->priv;
7827 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7828 	struct wmi_wmm_params_arg *p = NULL;
7829 	int ret;
7830 
7831 	mutex_lock(&ar->conf_mutex);
7832 
7833 	switch (ac) {
7834 	case IEEE80211_AC_VO:
7835 		p = &arvif->wmm_params.ac_vo;
7836 		break;
7837 	case IEEE80211_AC_VI:
7838 		p = &arvif->wmm_params.ac_vi;
7839 		break;
7840 	case IEEE80211_AC_BE:
7841 		p = &arvif->wmm_params.ac_be;
7842 		break;
7843 	case IEEE80211_AC_BK:
7844 		p = &arvif->wmm_params.ac_bk;
7845 		break;
7846 	}
7847 
7848 	if (WARN_ON(!p)) {
7849 		ret = -EINVAL;
7850 		goto exit;
7851 	}
7852 
7853 	p->cwmin = params->cw_min;
7854 	p->cwmax = params->cw_max;
7855 	p->aifs = params->aifs;
7856 
7857 	/*
7858 	 * The channel time duration programmed in the HW is in absolute
7859 	 * microseconds, while mac80211 gives the txop in units of
7860 	 * 32 microseconds.
7861 	 */
7862 	p->txop = params->txop * 32;
7863 
7864 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
7865 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
7866 					       &arvif->wmm_params);
7867 		if (ret) {
7868 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
7869 				    arvif->vdev_id, ret);
7870 			goto exit;
7871 		}
7872 	} else {
7873 		/* This won't work well with multi-interface cases but it's
7874 		 * better than nothing.
7875 		 */
7876 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
7877 		if (ret) {
7878 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
7879 			goto exit;
7880 		}
7881 	}
7882 
7883 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
7884 	if (ret)
7885 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
7886 
7887 exit:
7888 	mutex_unlock(&ar->conf_mutex);
7889 	return ret;
7890 }
7891 
7892 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
7893 				    struct ieee80211_vif *vif,
7894 				    struct ieee80211_channel *chan,
7895 				    int duration,
7896 				    enum ieee80211_roc_type type)
7897 {
7898 	struct ath10k *ar = hw->priv;
7899 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7900 	struct wmi_start_scan_arg arg;
7901 	int ret = 0;
7902 	u32 scan_time_msec;
7903 
7904 	mutex_lock(&ar->conf_mutex);
7905 
7906 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
7907 		ret = -EBUSY;
7908 		goto exit;
7909 	}
7910 
7911 	spin_lock_bh(&ar->data_lock);
7912 	switch (ar->scan.state) {
7913 	case ATH10K_SCAN_IDLE:
7914 		reinit_completion(&ar->scan.started);
7915 		reinit_completion(&ar->scan.completed);
7916 		reinit_completion(&ar->scan.on_channel);
7917 		ar->scan.state = ATH10K_SCAN_STARTING;
7918 		ar->scan.is_roc = true;
7919 		ar->scan.vdev_id = arvif->vdev_id;
7920 		ar->scan.roc_freq = chan->center_freq;
7921 		ar->scan.roc_notify = true;
7922 		ret = 0;
7923 		break;
7924 	case ATH10K_SCAN_STARTING:
7925 	case ATH10K_SCAN_RUNNING:
7926 	case ATH10K_SCAN_ABORTING:
7927 		ret = -EBUSY;
7928 		break;
7929 	}
7930 	spin_unlock_bh(&ar->data_lock);
7931 
7932 	if (ret)
7933 		goto exit;
7934 
7935 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7936 
7937 	memset(&arg, 0, sizeof(arg));
7938 	ath10k_wmi_start_scan_init(ar, &arg);
7939 	arg.vdev_id = arvif->vdev_id;
7940 	arg.scan_id = ATH10K_SCAN_ID;
7941 	arg.n_channels = 1;
7942 	arg.channels[0] = chan->center_freq;
7943 	arg.dwell_time_active = scan_time_msec;
7944 	arg.dwell_time_passive = scan_time_msec;
7945 	arg.max_scan_time = scan_time_msec;
7946 	arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7947 	arg.scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7948 	arg.burst_duration_ms = duration;
7949 
7950 	ret = ath10k_start_scan(ar, &arg);
7951 	if (ret) {
7952 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7953 		spin_lock_bh(&ar->data_lock);
7954 		ar->scan.state = ATH10K_SCAN_IDLE;
7955 		spin_unlock_bh(&ar->data_lock);
7956 		goto exit;
7957 	}
7958 
7959 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
7960 	if (ret == 0) {
7961 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
7962 
7963 		ret = ath10k_scan_stop(ar);
7964 		if (ret)
7965 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
7966 
7967 		ret = -ETIMEDOUT;
7968 		goto exit;
7969 	}
7970 
7971 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
7972 				     msecs_to_jiffies(duration));
7973 
7974 	ret = 0;
7975 exit:
7976 	mutex_unlock(&ar->conf_mutex);
7977 	return ret;
7978 }
7979 
7980 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
7981 					   struct ieee80211_vif *vif)
7982 {
7983 	struct ath10k *ar = hw->priv;
7984 
7985 	mutex_lock(&ar->conf_mutex);
7986 
7987 	spin_lock_bh(&ar->data_lock);
7988 	ar->scan.roc_notify = false;
7989 	spin_unlock_bh(&ar->data_lock);
7990 
7991 	ath10k_scan_abort(ar);
7992 
7993 	mutex_unlock(&ar->conf_mutex);
7994 
7995 	cancel_delayed_work_sync(&ar->scan.timeout);
7996 
7997 	return 0;
7998 }
7999 
8000 /*
8001  * Both RTS and Fragmentation threshold are interface-specific
8002  * in ath10k, but device-specific in mac80211.
8003  */
8004 
8005 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
8006 {
8007 	struct ath10k *ar = hw->priv;
8008 	struct ath10k_vif *arvif;
8009 	int ret = 0;
8010 
8011 	mutex_lock(&ar->conf_mutex);
8012 	list_for_each_entry(arvif, &ar->arvifs, list) {
8013 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
8014 			   arvif->vdev_id, value);
8015 
8016 		ret = ath10k_mac_set_rts(arvif, value);
8017 		if (ret) {
8018 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
8019 				    arvif->vdev_id, ret);
8020 			break;
8021 		}
8022 	}
8023 	mutex_unlock(&ar->conf_mutex);
8024 
8025 	return ret;
8026 }
8027 
8028 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
8029 {
8030 	/* Even though there's a WMI enum for fragmentation threshold no known
8031 	 * firmware actually implements it. Moreover it is not possible to rely
8032 	 * frame fragmentation to mac80211 because firmware clears the "more
8033 	 * fragments" bit in frame control making it impossible for remote
8034 	 * devices to reassemble frames.
8035 	 *
8036 	 * Hence implement a dummy callback just to say fragmentation isn't
8037 	 * supported. This effectively prevents mac80211 from doing frame
8038 	 * fragmentation in software.
8039 	 */
8040 	return -EOPNOTSUPP;
8041 }
8042 
8043 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
8044 {
8045 	bool skip;
8046 	long time_left;
8047 
8048 	/* mac80211 doesn't care if we really xmit queued frames or not
8049 	 * we'll collect those frames either way if we stop/delete vdevs
8050 	 */
8051 
8052 	if (ar->state == ATH10K_STATE_WEDGED)
8053 		return;
8054 
8055 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
8056 			bool empty;
8057 
8058 			spin_lock_bh(&ar->htt.tx_lock);
8059 			empty = (ar->htt.num_pending_tx == 0);
8060 			spin_unlock_bh(&ar->htt.tx_lock);
8061 
8062 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
8063 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
8064 					&ar->dev_flags);
8065 
8066 			(empty || skip);
8067 		}), ATH10K_FLUSH_TIMEOUT_HZ);
8068 
8069 	if (time_left == 0 || skip)
8070 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
8071 			    skip, ar->state, time_left);
8072 }
8073 
8074 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
8075 			 u32 queues, bool drop)
8076 {
8077 	struct ath10k *ar = hw->priv;
8078 	struct ath10k_vif *arvif;
8079 	u32 bitmap;
8080 
8081 	if (drop) {
8082 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
8083 			bitmap = ~(1 << WMI_MGMT_TID);
8084 			list_for_each_entry(arvif, &ar->arvifs, list) {
8085 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
8086 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
8087 							      arvif->bssid, bitmap);
8088 			}
8089 			ath10k_htt_flush_tx(&ar->htt);
8090 		}
8091 		return;
8092 	}
8093 
8094 	mutex_lock(&ar->conf_mutex);
8095 	ath10k_mac_wait_tx_complete(ar);
8096 	mutex_unlock(&ar->conf_mutex);
8097 }
8098 
8099 /* TODO: Implement this function properly
8100  * For now it is needed to reply to Probe Requests in IBSS mode.
8101  * Probably we need this information from FW.
8102  */
8103 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
8104 {
8105 	return 1;
8106 }
8107 
8108 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
8109 				     enum ieee80211_reconfig_type reconfig_type)
8110 {
8111 	struct ath10k *ar = hw->priv;
8112 
8113 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
8114 		return;
8115 
8116 	mutex_lock(&ar->conf_mutex);
8117 
8118 	/* If device failed to restart it will be in a different state, e.g.
8119 	 * ATH10K_STATE_WEDGED
8120 	 */
8121 	if (ar->state == ATH10K_STATE_RESTARTED) {
8122 		ath10k_info(ar, "device successfully recovered\n");
8123 		ar->state = ATH10K_STATE_ON;
8124 		ieee80211_wake_queues(ar->hw);
8125 		clear_bit(ATH10K_FLAG_RESTARTING, &ar->dev_flags);
8126 	}
8127 
8128 	mutex_unlock(&ar->conf_mutex);
8129 }
8130 
8131 static void
8132 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
8133 				  struct ieee80211_channel *channel)
8134 {
8135 	int ret;
8136 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
8137 
8138 	lockdep_assert_held(&ar->conf_mutex);
8139 
8140 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
8141 	    (ar->rx_channel != channel))
8142 		return;
8143 
8144 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
8145 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
8146 		return;
8147 	}
8148 
8149 	reinit_completion(&ar->bss_survey_done);
8150 
8151 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
8152 	if (ret) {
8153 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
8154 		return;
8155 	}
8156 
8157 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
8158 	if (!ret) {
8159 		ath10k_warn(ar, "bss channel survey timed out\n");
8160 		return;
8161 	}
8162 }
8163 
8164 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
8165 			     struct survey_info *survey)
8166 {
8167 	struct ath10k *ar = hw->priv;
8168 	struct ieee80211_supported_band *sband;
8169 	struct survey_info *ar_survey = &ar->survey[idx];
8170 	int ret = 0;
8171 
8172 	mutex_lock(&ar->conf_mutex);
8173 
8174 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
8175 	if (sband && idx >= sband->n_channels) {
8176 		idx -= sband->n_channels;
8177 		sband = NULL;
8178 	}
8179 
8180 	if (!sband)
8181 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
8182 
8183 	if (!sband || idx >= sband->n_channels) {
8184 		ret = -ENOENT;
8185 		goto exit;
8186 	}
8187 
8188 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
8189 
8190 	spin_lock_bh(&ar->data_lock);
8191 	memcpy(survey, ar_survey, sizeof(*survey));
8192 	spin_unlock_bh(&ar->data_lock);
8193 
8194 	survey->channel = &sband->channels[idx];
8195 
8196 	if (ar->rx_channel == survey->channel)
8197 		survey->filled |= SURVEY_INFO_IN_USE;
8198 
8199 exit:
8200 	mutex_unlock(&ar->conf_mutex);
8201 	return ret;
8202 }
8203 
8204 static bool
8205 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
8206 				       enum nl80211_band band,
8207 				       const struct cfg80211_bitrate_mask *mask,
8208 				       int *nss)
8209 {
8210 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
8211 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8212 	u8 ht_nss_mask = 0;
8213 	u8 vht_nss_mask = 0;
8214 	int i;
8215 
8216 	if (mask->control[band].legacy)
8217 		return false;
8218 
8219 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
8220 		if (mask->control[band].ht_mcs[i] == 0)
8221 			continue;
8222 		else if (mask->control[band].ht_mcs[i] ==
8223 			 sband->ht_cap.mcs.rx_mask[i])
8224 			ht_nss_mask |= BIT(i);
8225 		else
8226 			return false;
8227 	}
8228 
8229 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
8230 		if (mask->control[band].vht_mcs[i] == 0)
8231 			continue;
8232 		else if (mask->control[band].vht_mcs[i] ==
8233 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
8234 			vht_nss_mask |= BIT(i);
8235 		else
8236 			return false;
8237 	}
8238 
8239 	if (ht_nss_mask != vht_nss_mask)
8240 		return false;
8241 
8242 	if (ht_nss_mask == 0)
8243 		return false;
8244 
8245 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
8246 		return false;
8247 
8248 	*nss = fls(ht_nss_mask);
8249 
8250 	return true;
8251 }
8252 
8253 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
8254 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
8255 {
8256 	struct ath10k *ar = arvif->ar;
8257 	u32 vdev_param;
8258 	int ret;
8259 
8260 	lockdep_assert_held(&ar->conf_mutex);
8261 
8262 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02x nss %u sgi %u\n",
8263 		   arvif->vdev_id, rate, nss, sgi);
8264 
8265 	vdev_param = ar->wmi.vdev_param->fixed_rate;
8266 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
8267 	if (ret) {
8268 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
8269 			    rate, ret);
8270 		return ret;
8271 	}
8272 
8273 	vdev_param = ar->wmi.vdev_param->nss;
8274 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
8275 	if (ret) {
8276 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
8277 		return ret;
8278 	}
8279 
8280 	vdev_param = ar->wmi.vdev_param->sgi;
8281 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
8282 	if (ret) {
8283 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
8284 		return ret;
8285 	}
8286 
8287 	vdev_param = ar->wmi.vdev_param->ldpc;
8288 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
8289 	if (ret) {
8290 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
8291 		return ret;
8292 	}
8293 
8294 	return 0;
8295 }
8296 
8297 static bool
8298 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
8299 				enum nl80211_band band,
8300 				const struct cfg80211_bitrate_mask *mask,
8301 				bool allow_pfr)
8302 {
8303 	int i;
8304 	u16 vht_mcs;
8305 
8306 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
8307 	 * to express all VHT MCS rate masks. Effectively only the following
8308 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
8309 	 */
8310 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8311 		vht_mcs = mask->control[band].vht_mcs[i];
8312 
8313 		switch (vht_mcs) {
8314 		case 0:
8315 		case BIT(8) - 1:
8316 		case BIT(9) - 1:
8317 		case BIT(10) - 1:
8318 			break;
8319 		default:
8320 			if (!allow_pfr)
8321 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
8322 			return false;
8323 		}
8324 	}
8325 
8326 	return true;
8327 }
8328 
8329 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
8330 						  struct ath10k_vif *arvif,
8331 						  struct ieee80211_sta *sta)
8332 {
8333 	int err;
8334 	u8 rate = arvif->vht_pfr;
8335 
8336 	/* skip non vht and multiple rate peers */
8337 	if (!sta->deflink.vht_cap.vht_supported || arvif->vht_num_rates != 1)
8338 		return false;
8339 
8340 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8341 					WMI_PEER_PARAM_FIXED_RATE, rate);
8342 	if (err)
8343 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
8344 			    sta->addr, err);
8345 
8346 	return true;
8347 }
8348 
8349 static void ath10k_mac_set_bitrate_mask_iter(void *data,
8350 					     struct ieee80211_sta *sta)
8351 {
8352 	struct ath10k_vif *arvif = data;
8353 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8354 	struct ath10k *ar = arvif->ar;
8355 
8356 	if (arsta->arvif != arvif)
8357 		return;
8358 
8359 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
8360 		return;
8361 
8362 	spin_lock_bh(&ar->data_lock);
8363 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
8364 	spin_unlock_bh(&ar->data_lock);
8365 
8366 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
8367 }
8368 
8369 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
8370 					     struct ieee80211_sta *sta)
8371 {
8372 	struct ath10k_vif *arvif = data;
8373 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8374 	struct ath10k *ar = arvif->ar;
8375 	int err;
8376 
8377 	/* clear vht peers only */
8378 	if (arsta->arvif != arvif || !sta->deflink.vht_cap.vht_supported)
8379 		return;
8380 
8381 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8382 					WMI_PEER_PARAM_FIXED_RATE,
8383 					WMI_FIXED_RATE_NONE);
8384 	if (err)
8385 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
8386 			    sta->addr, err);
8387 }
8388 
8389 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
8390 					  struct ieee80211_vif *vif,
8391 					  const struct cfg80211_bitrate_mask *mask)
8392 {
8393 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8394 	struct cfg80211_chan_def def;
8395 	struct ath10k *ar = arvif->ar;
8396 	enum nl80211_band band;
8397 	const u8 *ht_mcs_mask;
8398 	const u16 *vht_mcs_mask;
8399 	u8 rate;
8400 	u8 nss;
8401 	u8 sgi;
8402 	u8 ldpc;
8403 	int single_nss;
8404 	int ret;
8405 	int vht_num_rates, allow_pfr;
8406 	u8 vht_pfr;
8407 	bool update_bitrate_mask = true;
8408 
8409 	if (ath10k_mac_vif_chan(vif, &def))
8410 		return -EPERM;
8411 
8412 	band = def.chan->band;
8413 	ht_mcs_mask = mask->control[band].ht_mcs;
8414 	vht_mcs_mask = mask->control[band].vht_mcs;
8415 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
8416 
8417 	sgi = mask->control[band].gi;
8418 	if (sgi == NL80211_TXRATE_FORCE_LGI)
8419 		return -EINVAL;
8420 
8421 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
8422 			     ar->normal_mode_fw.fw_file.fw_features);
8423 	if (allow_pfr) {
8424 		mutex_lock(&ar->conf_mutex);
8425 		ieee80211_iterate_stations_atomic(ar->hw,
8426 						  ath10k_mac_clr_bitrate_mask_iter,
8427 						  arvif);
8428 		mutex_unlock(&ar->conf_mutex);
8429 	}
8430 
8431 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
8432 						    &vht_num_rates)) {
8433 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8434 							      &rate, &nss,
8435 							      false);
8436 		if (ret) {
8437 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
8438 				    arvif->vdev_id, ret);
8439 			return ret;
8440 		}
8441 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
8442 							  &single_nss)) {
8443 		rate = WMI_FIXED_RATE_NONE;
8444 		nss = single_nss;
8445 	} else {
8446 		rate = WMI_FIXED_RATE_NONE;
8447 		nss = min(ar->num_rf_chains,
8448 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
8449 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
8450 
8451 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
8452 						     allow_pfr)) {
8453 			u8 vht_nss;
8454 
8455 			if (!allow_pfr || vht_num_rates != 1)
8456 				return -EINVAL;
8457 
8458 			/* Reach here, firmware supports peer fixed rate and has
8459 			 * single vht rate, and don't update vif birate_mask, as
8460 			 * the rate only for specific peer.
8461 			 */
8462 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8463 								&vht_pfr,
8464 								&vht_nss,
8465 								true);
8466 			update_bitrate_mask = false;
8467 		} else {
8468 			vht_pfr = 0;
8469 		}
8470 
8471 		mutex_lock(&ar->conf_mutex);
8472 
8473 		if (update_bitrate_mask)
8474 			arvif->bitrate_mask = *mask;
8475 		arvif->vht_num_rates = vht_num_rates;
8476 		arvif->vht_pfr = vht_pfr;
8477 		ieee80211_iterate_stations_atomic(ar->hw,
8478 						  ath10k_mac_set_bitrate_mask_iter,
8479 						  arvif);
8480 
8481 		mutex_unlock(&ar->conf_mutex);
8482 	}
8483 
8484 	mutex_lock(&ar->conf_mutex);
8485 
8486 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
8487 	if (ret) {
8488 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
8489 			    arvif->vdev_id, ret);
8490 		goto exit;
8491 	}
8492 
8493 exit:
8494 	mutex_unlock(&ar->conf_mutex);
8495 
8496 	return ret;
8497 }
8498 
8499 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
8500 				 struct ieee80211_vif *vif,
8501 				 struct ieee80211_sta *sta,
8502 				 u32 changed)
8503 {
8504 	struct ath10k *ar = hw->priv;
8505 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8506 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8507 	struct ath10k_peer *peer;
8508 	u32 bw, smps;
8509 
8510 	spin_lock_bh(&ar->data_lock);
8511 
8512 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
8513 	if (!peer) {
8514 		spin_unlock_bh(&ar->data_lock);
8515 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
8516 			    sta->addr, arvif->vdev_id);
8517 		return;
8518 	}
8519 
8520 	ath10k_dbg(ar, ATH10K_DBG_STA,
8521 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
8522 		   sta->addr, changed, sta->deflink.bandwidth,
8523 		   sta->deflink.rx_nss,
8524 		   sta->deflink.smps_mode);
8525 
8526 	if (changed & IEEE80211_RC_BW_CHANGED) {
8527 		bw = WMI_PEER_CHWIDTH_20MHZ;
8528 
8529 		switch (sta->deflink.bandwidth) {
8530 		case IEEE80211_STA_RX_BW_20:
8531 			bw = WMI_PEER_CHWIDTH_20MHZ;
8532 			break;
8533 		case IEEE80211_STA_RX_BW_40:
8534 			bw = WMI_PEER_CHWIDTH_40MHZ;
8535 			break;
8536 		case IEEE80211_STA_RX_BW_80:
8537 			bw = WMI_PEER_CHWIDTH_80MHZ;
8538 			break;
8539 		case IEEE80211_STA_RX_BW_160:
8540 			bw = WMI_PEER_CHWIDTH_160MHZ;
8541 			break;
8542 		default:
8543 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
8544 				    sta->deflink.bandwidth, sta->addr);
8545 			bw = WMI_PEER_CHWIDTH_20MHZ;
8546 			break;
8547 		}
8548 
8549 		arsta->bw = bw;
8550 	}
8551 
8552 	if (changed & IEEE80211_RC_NSS_CHANGED)
8553 		arsta->nss = sta->deflink.rx_nss;
8554 
8555 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
8556 		smps = WMI_PEER_SMPS_PS_NONE;
8557 
8558 		switch (sta->deflink.smps_mode) {
8559 		case IEEE80211_SMPS_AUTOMATIC:
8560 		case IEEE80211_SMPS_OFF:
8561 			smps = WMI_PEER_SMPS_PS_NONE;
8562 			break;
8563 		case IEEE80211_SMPS_STATIC:
8564 			smps = WMI_PEER_SMPS_STATIC;
8565 			break;
8566 		case IEEE80211_SMPS_DYNAMIC:
8567 			smps = WMI_PEER_SMPS_DYNAMIC;
8568 			break;
8569 		case IEEE80211_SMPS_NUM_MODES:
8570 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
8571 				    sta->deflink.smps_mode, sta->addr);
8572 			smps = WMI_PEER_SMPS_PS_NONE;
8573 			break;
8574 		}
8575 
8576 		arsta->smps = smps;
8577 	}
8578 
8579 	arsta->changed |= changed;
8580 
8581 	spin_unlock_bh(&ar->data_lock);
8582 
8583 	ieee80211_queue_work(hw, &arsta->update_wk);
8584 }
8585 
8586 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
8587 			      struct ieee80211_vif *vif, s64 tsf_offset)
8588 {
8589 	struct ath10k *ar = hw->priv;
8590 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8591 	u32 offset, vdev_param;
8592 	int ret;
8593 
8594 	if (tsf_offset < 0) {
8595 		vdev_param = ar->wmi.vdev_param->dec_tsf;
8596 		offset = -tsf_offset;
8597 	} else {
8598 		vdev_param = ar->wmi.vdev_param->inc_tsf;
8599 		offset = tsf_offset;
8600 	}
8601 
8602 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
8603 					vdev_param, offset);
8604 
8605 	if (ret && ret != -EOPNOTSUPP)
8606 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
8607 			    offset, vdev_param, ret);
8608 }
8609 
8610 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
8611 			       struct ieee80211_vif *vif,
8612 			       struct ieee80211_ampdu_params *params)
8613 {
8614 	struct ath10k *ar = hw->priv;
8615 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8616 	struct ieee80211_sta *sta = params->sta;
8617 	enum ieee80211_ampdu_mlme_action action = params->action;
8618 	u16 tid = params->tid;
8619 
8620 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %u action %d\n",
8621 		   arvif->vdev_id, sta->addr, tid, action);
8622 
8623 	switch (action) {
8624 	case IEEE80211_AMPDU_RX_START:
8625 	case IEEE80211_AMPDU_RX_STOP:
8626 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
8627 		 * creation/removal. Do we need to verify this?
8628 		 */
8629 		return 0;
8630 	case IEEE80211_AMPDU_TX_START:
8631 	case IEEE80211_AMPDU_TX_STOP_CONT:
8632 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
8633 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
8634 	case IEEE80211_AMPDU_TX_OPERATIONAL:
8635 		/* Firmware offloads Tx aggregation entirely so deny mac80211
8636 		 * Tx aggregation requests.
8637 		 */
8638 		return -EOPNOTSUPP;
8639 	}
8640 
8641 	return -EINVAL;
8642 }
8643 
8644 static void
8645 ath10k_mac_update_rx_channel(struct ath10k *ar,
8646 			     struct ieee80211_chanctx_conf *ctx,
8647 			     struct ieee80211_vif_chanctx_switch *vifs,
8648 			     int n_vifs)
8649 {
8650 	struct cfg80211_chan_def *def = NULL;
8651 
8652 	/* Both locks are required because ar->rx_channel is modified. This
8653 	 * allows readers to hold either lock.
8654 	 */
8655 	lockdep_assert_held(&ar->conf_mutex);
8656 	lockdep_assert_held(&ar->data_lock);
8657 
8658 	WARN_ON(ctx && vifs);
8659 	WARN_ON(vifs && !n_vifs);
8660 
8661 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
8662 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
8663 	 * ppdu on Rx may reduce performance on low-end systems. It should be
8664 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
8665 	 * cpu data cache lines though regarding sizes) but to keep the initial
8666 	 * implementation simple and less intrusive fallback to the slow lookup
8667 	 * only for multi-channel cases. Single-channel cases will remain to
8668 	 * use the old channel derival and thus performance should not be
8669 	 * affected much.
8670 	 */
8671 	rcu_read_lock();
8672 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
8673 		ieee80211_iter_chan_contexts_atomic(ar->hw,
8674 						    ath10k_mac_get_any_chandef_iter,
8675 						    &def);
8676 
8677 		if (vifs)
8678 			def = &vifs[0].new_ctx->def;
8679 
8680 		ar->rx_channel = def->chan;
8681 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
8682 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
8683 		/* During driver restart due to firmware assert, since mac80211
8684 		 * already has valid channel context for given radio, channel
8685 		 * context iteration return num_chanctx > 0. So fix rx_channel
8686 		 * when restart is in progress.
8687 		 */
8688 		ar->rx_channel = ctx->def.chan;
8689 	} else {
8690 		ar->rx_channel = NULL;
8691 	}
8692 	rcu_read_unlock();
8693 }
8694 
8695 static void
8696 ath10k_mac_update_vif_chan(struct ath10k *ar,
8697 			   struct ieee80211_vif_chanctx_switch *vifs,
8698 			   int n_vifs)
8699 {
8700 	struct ath10k_vif *arvif;
8701 	int ret;
8702 	int i;
8703 
8704 	lockdep_assert_held(&ar->conf_mutex);
8705 
8706 	/* First stop monitor interface. Some FW versions crash if there's a
8707 	 * lone monitor interface.
8708 	 */
8709 	if (ar->monitor_started)
8710 		ath10k_monitor_stop(ar);
8711 
8712 	for (i = 0; i < n_vifs; i++) {
8713 		arvif = (void *)vifs[i].vif->drv_priv;
8714 
8715 		ath10k_dbg(ar, ATH10K_DBG_MAC,
8716 			   "mac chanctx switch vdev_id %i freq %u->%u width %d->%d\n",
8717 			   arvif->vdev_id,
8718 			   vifs[i].old_ctx->def.chan->center_freq,
8719 			   vifs[i].new_ctx->def.chan->center_freq,
8720 			   vifs[i].old_ctx->def.width,
8721 			   vifs[i].new_ctx->def.width);
8722 
8723 		if (WARN_ON(!arvif->is_started))
8724 			continue;
8725 
8726 		if (WARN_ON(!arvif->is_up))
8727 			continue;
8728 
8729 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8730 		if (ret) {
8731 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
8732 				    arvif->vdev_id, ret);
8733 			continue;
8734 		}
8735 	}
8736 
8737 	/* All relevant vdevs are downed and associated channel resources
8738 	 * should be available for the channel switch now.
8739 	 */
8740 
8741 	spin_lock_bh(&ar->data_lock);
8742 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
8743 	spin_unlock_bh(&ar->data_lock);
8744 
8745 	for (i = 0; i < n_vifs; i++) {
8746 		arvif = (void *)vifs[i].vif->drv_priv;
8747 
8748 		if (WARN_ON(!arvif->is_started))
8749 			continue;
8750 
8751 		if (WARN_ON(!arvif->is_up))
8752 			continue;
8753 
8754 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
8755 		if (ret)
8756 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
8757 				    ret);
8758 
8759 		ret = ath10k_mac_setup_prb_tmpl(arvif);
8760 		if (ret)
8761 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
8762 				    ret);
8763 
8764 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
8765 		if (ret) {
8766 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
8767 				    arvif->vdev_id, ret);
8768 			continue;
8769 		}
8770 
8771 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
8772 					 arvif->bssid);
8773 		if (ret) {
8774 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
8775 				    arvif->vdev_id, ret);
8776 			continue;
8777 		}
8778 	}
8779 
8780 	ath10k_monitor_recalc(ar);
8781 }
8782 
8783 static int
8784 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
8785 			  struct ieee80211_chanctx_conf *ctx)
8786 {
8787 	struct ath10k *ar = hw->priv;
8788 
8789 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8790 		   "mac chanctx add freq %u width %d ptr %pK\n",
8791 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8792 
8793 	mutex_lock(&ar->conf_mutex);
8794 
8795 	spin_lock_bh(&ar->data_lock);
8796 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
8797 	spin_unlock_bh(&ar->data_lock);
8798 
8799 	ath10k_recalc_radar_detection(ar);
8800 	ath10k_monitor_recalc(ar);
8801 
8802 	mutex_unlock(&ar->conf_mutex);
8803 
8804 	return 0;
8805 }
8806 
8807 static void
8808 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
8809 			     struct ieee80211_chanctx_conf *ctx)
8810 {
8811 	struct ath10k *ar = hw->priv;
8812 
8813 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8814 		   "mac chanctx remove freq %u width %d ptr %pK\n",
8815 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8816 
8817 	mutex_lock(&ar->conf_mutex);
8818 
8819 	spin_lock_bh(&ar->data_lock);
8820 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
8821 	spin_unlock_bh(&ar->data_lock);
8822 
8823 	ath10k_recalc_radar_detection(ar);
8824 	ath10k_monitor_recalc(ar);
8825 
8826 	mutex_unlock(&ar->conf_mutex);
8827 }
8828 
8829 struct ath10k_mac_change_chanctx_arg {
8830 	struct ieee80211_chanctx_conf *ctx;
8831 	struct ieee80211_vif_chanctx_switch *vifs;
8832 	int n_vifs;
8833 	int next_vif;
8834 };
8835 
8836 static void
8837 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8838 				   struct ieee80211_vif *vif)
8839 {
8840 	struct ath10k_mac_change_chanctx_arg *arg = data;
8841 
8842 	if (rcu_access_pointer(vif->bss_conf.chanctx_conf) != arg->ctx)
8843 		return;
8844 
8845 	arg->n_vifs++;
8846 }
8847 
8848 static void
8849 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8850 				    struct ieee80211_vif *vif)
8851 {
8852 	struct ath10k_mac_change_chanctx_arg *arg = data;
8853 	struct ieee80211_chanctx_conf *ctx;
8854 
8855 	ctx = rcu_access_pointer(vif->bss_conf.chanctx_conf);
8856 	if (ctx != arg->ctx)
8857 		return;
8858 
8859 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8860 		return;
8861 
8862 	arg->vifs[arg->next_vif].vif = vif;
8863 	arg->vifs[arg->next_vif].old_ctx = ctx;
8864 	arg->vifs[arg->next_vif].new_ctx = ctx;
8865 	arg->next_vif++;
8866 }
8867 
8868 static void
8869 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8870 			     struct ieee80211_chanctx_conf *ctx,
8871 			     u32 changed)
8872 {
8873 	struct ath10k *ar = hw->priv;
8874 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8875 
8876 	mutex_lock(&ar->conf_mutex);
8877 
8878 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8879 		   "mac chanctx change freq %u width %d ptr %pK changed %x\n",
8880 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8881 
8882 	/* This shouldn't really happen because channel switching should use
8883 	 * switch_vif_chanctx().
8884 	 */
8885 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8886 		goto unlock;
8887 
8888 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8889 		ieee80211_iterate_active_interfaces_atomic(
8890 					hw,
8891 					ATH10K_ITER_NORMAL_FLAGS,
8892 					ath10k_mac_change_chanctx_cnt_iter,
8893 					&arg);
8894 		if (arg.n_vifs == 0)
8895 			goto radar;
8896 
8897 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8898 				   GFP_KERNEL);
8899 		if (!arg.vifs)
8900 			goto radar;
8901 
8902 		ieee80211_iterate_active_interfaces_atomic(
8903 					hw,
8904 					ATH10K_ITER_NORMAL_FLAGS,
8905 					ath10k_mac_change_chanctx_fill_iter,
8906 					&arg);
8907 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8908 		kfree(arg.vifs);
8909 	}
8910 
8911 radar:
8912 	ath10k_recalc_radar_detection(ar);
8913 
8914 	/* FIXME: How to configure Rx chains properly? */
8915 
8916 	/* No other actions are actually necessary. Firmware maintains channel
8917 	 * definitions per vdev internally and there's no host-side channel
8918 	 * context abstraction to configure, e.g. channel width.
8919 	 */
8920 
8921 unlock:
8922 	mutex_unlock(&ar->conf_mutex);
8923 }
8924 
8925 static int
8926 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8927 				 struct ieee80211_vif *vif,
8928 				 struct ieee80211_bss_conf *link_conf,
8929 				 struct ieee80211_chanctx_conf *ctx)
8930 {
8931 	struct ath10k *ar = hw->priv;
8932 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8933 	int ret;
8934 
8935 	mutex_lock(&ar->conf_mutex);
8936 
8937 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8938 		   "mac chanctx assign ptr %pK vdev_id %i\n",
8939 		   ctx, arvif->vdev_id);
8940 
8941 	if (WARN_ON(arvif->is_started)) {
8942 		mutex_unlock(&ar->conf_mutex);
8943 		return -EBUSY;
8944 	}
8945 
8946 	ret = ath10k_vdev_start(arvif, &ctx->def);
8947 	if (ret) {
8948 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
8949 			    arvif->vdev_id, vif->addr,
8950 			    ctx->def.chan->center_freq, ret);
8951 		goto err;
8952 	}
8953 
8954 	arvif->is_started = true;
8955 
8956 	ret = ath10k_mac_vif_setup_ps(arvif);
8957 	if (ret) {
8958 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
8959 			    arvif->vdev_id, ret);
8960 		goto err_stop;
8961 	}
8962 
8963 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8964 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
8965 		if (ret) {
8966 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
8967 				    arvif->vdev_id, ret);
8968 			goto err_stop;
8969 		}
8970 
8971 		arvif->is_up = true;
8972 	}
8973 
8974 	if (ath10k_mac_can_set_cts_prot(arvif)) {
8975 		ret = ath10k_mac_set_cts_prot(arvif);
8976 		if (ret)
8977 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
8978 				    arvif->vdev_id, ret);
8979 	}
8980 
8981 	if (ath10k_peer_stats_enabled(ar) &&
8982 	    ar->hw_params.tx_stats_over_pktlog) {
8983 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
8984 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
8985 						    ar->pktlog_filter);
8986 		if (ret) {
8987 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
8988 			goto err_stop;
8989 		}
8990 	}
8991 
8992 	mutex_unlock(&ar->conf_mutex);
8993 	return 0;
8994 
8995 err_stop:
8996 	ath10k_vdev_stop(arvif);
8997 	arvif->is_started = false;
8998 	ath10k_mac_vif_setup_ps(arvif);
8999 
9000 err:
9001 	mutex_unlock(&ar->conf_mutex);
9002 	return ret;
9003 }
9004 
9005 static void
9006 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
9007 				   struct ieee80211_vif *vif,
9008 				   struct ieee80211_bss_conf *link_conf,
9009 				   struct ieee80211_chanctx_conf *ctx)
9010 {
9011 	struct ath10k *ar = hw->priv;
9012 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9013 	int ret;
9014 
9015 	mutex_lock(&ar->conf_mutex);
9016 
9017 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9018 		   "mac chanctx unassign ptr %pK vdev_id %i\n",
9019 		   ctx, arvif->vdev_id);
9020 
9021 	WARN_ON(!arvif->is_started);
9022 
9023 	if (vif->type == NL80211_IFTYPE_MONITOR) {
9024 		WARN_ON(!arvif->is_up);
9025 
9026 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
9027 		if (ret)
9028 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
9029 				    arvif->vdev_id, ret);
9030 
9031 		arvif->is_up = false;
9032 	}
9033 
9034 	ret = ath10k_vdev_stop(arvif);
9035 	if (ret)
9036 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
9037 			    arvif->vdev_id, ret);
9038 
9039 	arvif->is_started = false;
9040 
9041 	mutex_unlock(&ar->conf_mutex);
9042 }
9043 
9044 static int
9045 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
9046 				 struct ieee80211_vif_chanctx_switch *vifs,
9047 				 int n_vifs,
9048 				 enum ieee80211_chanctx_switch_mode mode)
9049 {
9050 	struct ath10k *ar = hw->priv;
9051 
9052 	mutex_lock(&ar->conf_mutex);
9053 
9054 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9055 		   "mac chanctx switch n_vifs %d mode %d\n",
9056 		   n_vifs, mode);
9057 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
9058 
9059 	mutex_unlock(&ar->conf_mutex);
9060 	return 0;
9061 }
9062 
9063 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
9064 					     struct ieee80211_vif *vif,
9065 					     struct ieee80211_sta *sta)
9066 {
9067 	struct ath10k *ar;
9068 	struct ath10k_peer *peer;
9069 
9070 	ar = hw->priv;
9071 
9072 	list_for_each_entry(peer, &ar->peers, list)
9073 		if (peer->sta == sta)
9074 			peer->removed = true;
9075 }
9076 
9077 /* HT MCS parameters with Nss = 1 */
9078 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss1[] = {
9079 	/* MCS  L20   L40   S20  S40 */
9080 	{0,  { 65,  135,  72,  150} },
9081 	{1,  { 130, 270,  144, 300} },
9082 	{2,  { 195, 405,  217, 450} },
9083 	{3,  { 260, 540,  289, 600} },
9084 	{4,  { 390, 810,  433, 900} },
9085 	{5,  { 520, 1080, 578, 1200} },
9086 	{6,  { 585, 1215, 650, 1350} },
9087 	{7,  { 650, 1350, 722, 1500} }
9088 };
9089 
9090 /* HT MCS parameters with Nss = 2 */
9091 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss2[] = {
9092 	/* MCS  L20    L40   S20   S40 */
9093 	{0,  {130,  270,  144,  300} },
9094 	{1,  {260,  540,  289,  600} },
9095 	{2,  {390,  810,  433,  900} },
9096 	{3,  {520,  1080, 578,  1200} },
9097 	{4,  {780,  1620, 867,  1800} },
9098 	{5,  {1040, 2160, 1156, 2400} },
9099 	{6,  {1170, 2430, 1300, 2700} },
9100 	{7,  {1300, 2700, 1444, 3000} }
9101 };
9102 
9103 /* MCS parameters with Nss = 1 */
9104 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[] = {
9105 	/* MCS  L80    S80     L40   S40    L20   S20 */
9106 	{0,  {293,  325},  {135,  150},  {65,   72} },
9107 	{1,  {585,  650},  {270,  300},  {130,  144} },
9108 	{2,  {878,  975},  {405,  450},  {195,  217} },
9109 	{3,  {1170, 1300}, {540,  600},  {260,  289} },
9110 	{4,  {1755, 1950}, {810,  900},  {390,  433} },
9111 	{5,  {2340, 2600}, {1080, 1200}, {520,  578} },
9112 	{6,  {2633, 2925}, {1215, 1350}, {585,  650} },
9113 	{7,  {2925, 3250}, {1350, 1500}, {650,  722} },
9114 	{8,  {3510, 3900}, {1620, 1800}, {780,  867} },
9115 	{9,  {3900, 4333}, {1800, 2000}, {780,  867} }
9116 };
9117 
9118 /*MCS parameters with Nss = 2 */
9119 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[] = {
9120 	/* MCS  L80    S80     L40   S40    L20   S20 */
9121 	{0,  {585,  650},  {270,  300},  {130,  144} },
9122 	{1,  {1170, 1300}, {540,  600},  {260,  289} },
9123 	{2,  {1755, 1950}, {810,  900},  {390,  433} },
9124 	{3,  {2340, 2600}, {1080, 1200}, {520,  578} },
9125 	{4,  {3510, 3900}, {1620, 1800}, {780,  867} },
9126 	{5,  {4680, 5200}, {2160, 2400}, {1040, 1156} },
9127 	{6,  {5265, 5850}, {2430, 2700}, {1170, 1300} },
9128 	{7,  {5850, 6500}, {2700, 3000}, {1300, 1444} },
9129 	{8,  {7020, 7800}, {3240, 3600}, {1560, 1733} },
9130 	{9,  {7800, 8667}, {3600, 4000}, {1560, 1733} }
9131 };
9132 
9133 static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9134 					 u8 *flags, u8 *bw)
9135 {
9136 	struct ath10k_index_ht_data_rate_type *mcs_rate;
9137 	u8 index;
9138 	size_t len_nss1 = ARRAY_SIZE(supported_ht_mcs_rate_nss1);
9139 	size_t len_nss2 = ARRAY_SIZE(supported_ht_mcs_rate_nss2);
9140 
9141 	if (mcs >= (len_nss1 + len_nss2)) {
9142 		ath10k_warn(ar, "not supported mcs %d in current rate table", mcs);
9143 		return;
9144 	}
9145 
9146 	mcs_rate = (struct ath10k_index_ht_data_rate_type *)
9147 		   ((nss == 1) ? &supported_ht_mcs_rate_nss1 :
9148 		   &supported_ht_mcs_rate_nss2);
9149 
9150 	if (mcs >= len_nss1)
9151 		index = mcs - len_nss1;
9152 	else
9153 		index = mcs;
9154 
9155 	if (rate == mcs_rate[index].supported_rate[0]) {
9156 		*bw = RATE_INFO_BW_20;
9157 	} else if (rate == mcs_rate[index].supported_rate[1]) {
9158 		*bw |= RATE_INFO_BW_40;
9159 	} else if (rate == mcs_rate[index].supported_rate[2]) {
9160 		*bw |= RATE_INFO_BW_20;
9161 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9162 	} else if (rate == mcs_rate[index].supported_rate[3]) {
9163 		*bw |= RATE_INFO_BW_40;
9164 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9165 	} else {
9166 		ath10k_warn(ar, "invalid ht params rate %d 100kbps nss %d mcs %d",
9167 			    rate, nss, mcs);
9168 	}
9169 }
9170 
9171 static void ath10k_mac_get_rate_flags_vht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9172 					  u8 *flags, u8 *bw)
9173 {
9174 	struct ath10k_index_vht_data_rate_type *mcs_rate;
9175 
9176 	mcs_rate = (struct ath10k_index_vht_data_rate_type *)
9177 		   ((nss == 1) ? &supported_vht_mcs_rate_nss1 :
9178 		   &supported_vht_mcs_rate_nss2);
9179 
9180 	if (rate == mcs_rate[mcs].supported_VHT80_rate[0]) {
9181 		*bw = RATE_INFO_BW_80;
9182 	} else if (rate == mcs_rate[mcs].supported_VHT80_rate[1]) {
9183 		*bw = RATE_INFO_BW_80;
9184 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9185 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[0]) {
9186 		*bw = RATE_INFO_BW_40;
9187 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[1]) {
9188 		*bw = RATE_INFO_BW_40;
9189 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9190 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[0]) {
9191 		*bw = RATE_INFO_BW_20;
9192 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[1]) {
9193 		*bw = RATE_INFO_BW_20;
9194 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9195 	} else {
9196 		ath10k_warn(ar, "invalid vht params rate %d 100kbps nss %d mcs %d",
9197 			    rate, nss, mcs);
9198 	}
9199 }
9200 
9201 static void ath10k_mac_get_rate_flags(struct ath10k *ar, u32 rate,
9202 				      enum ath10k_phy_mode mode, u8 nss, u8 mcs,
9203 				      u8 *flags, u8 *bw)
9204 {
9205 	if (mode == ATH10K_PHY_MODE_HT) {
9206 		*flags = RATE_INFO_FLAGS_MCS;
9207 		ath10k_mac_get_rate_flags_ht(ar, rate, nss, mcs, flags, bw);
9208 	} else if (mode == ATH10K_PHY_MODE_VHT) {
9209 		*flags = RATE_INFO_FLAGS_VHT_MCS;
9210 		ath10k_mac_get_rate_flags_vht(ar, rate, nss, mcs, flags, bw);
9211 	}
9212 }
9213 
9214 static void ath10k_mac_parse_bitrate(struct ath10k *ar, u32 rate_code,
9215 				     u32 bitrate_kbps, struct rate_info *rate)
9216 {
9217 	enum ath10k_phy_mode mode = ATH10K_PHY_MODE_LEGACY;
9218 	enum wmi_rate_preamble preamble = WMI_TLV_GET_HW_RC_PREAM_V1(rate_code);
9219 	u8 nss = WMI_TLV_GET_HW_RC_NSS_V1(rate_code) + 1;
9220 	u8 mcs = WMI_TLV_GET_HW_RC_RATE_V1(rate_code);
9221 	u8 flags = 0, bw = 0;
9222 
9223 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac parse rate code 0x%x bitrate %d kbps\n",
9224 		   rate_code, bitrate_kbps);
9225 
9226 	if (preamble == WMI_RATE_PREAMBLE_HT)
9227 		mode = ATH10K_PHY_MODE_HT;
9228 	else if (preamble == WMI_RATE_PREAMBLE_VHT)
9229 		mode = ATH10K_PHY_MODE_VHT;
9230 
9231 	ath10k_mac_get_rate_flags(ar, bitrate_kbps / 100, mode, nss, mcs, &flags, &bw);
9232 
9233 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9234 		   "mac parse bitrate preamble %d mode %d nss %d mcs %d flags %x bw %d\n",
9235 		   preamble, mode, nss, mcs, flags, bw);
9236 
9237 	rate->flags = flags;
9238 	rate->bw = bw;
9239 	rate->legacy = bitrate_kbps / 100;
9240 	rate->nss = nss;
9241 	rate->mcs = mcs;
9242 }
9243 
9244 static void ath10k_mac_sta_get_peer_stats_info(struct ath10k *ar,
9245 					       struct ieee80211_sta *sta,
9246 					       struct station_info *sinfo)
9247 {
9248 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9249 	struct ath10k_peer *peer;
9250 	unsigned long time_left;
9251 	int ret;
9252 
9253 	if (!(ar->hw_params.supports_peer_stats_info &&
9254 	      arsta->arvif->vdev_type == WMI_VDEV_TYPE_STA))
9255 		return;
9256 
9257 	spin_lock_bh(&ar->data_lock);
9258 	peer = ath10k_peer_find(ar, arsta->arvif->vdev_id, sta->addr);
9259 	spin_unlock_bh(&ar->data_lock);
9260 	if (!peer)
9261 		return;
9262 
9263 	reinit_completion(&ar->peer_stats_info_complete);
9264 
9265 	ret = ath10k_wmi_request_peer_stats_info(ar,
9266 						 arsta->arvif->vdev_id,
9267 						 WMI_REQUEST_ONE_PEER_STATS_INFO,
9268 						 arsta->arvif->bssid,
9269 						 0);
9270 	if (ret && ret != -EOPNOTSUPP) {
9271 		ath10k_warn(ar, "could not request peer stats info: %d\n", ret);
9272 		return;
9273 	}
9274 
9275 	time_left = wait_for_completion_timeout(&ar->peer_stats_info_complete, 3 * HZ);
9276 	if (time_left == 0) {
9277 		ath10k_warn(ar, "timed out waiting peer stats info\n");
9278 		return;
9279 	}
9280 
9281 	if (arsta->rx_rate_code != 0 && arsta->rx_bitrate_kbps != 0) {
9282 		ath10k_mac_parse_bitrate(ar, arsta->rx_rate_code,
9283 					 arsta->rx_bitrate_kbps,
9284 					 &sinfo->rxrate);
9285 
9286 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
9287 		arsta->rx_rate_code = 0;
9288 		arsta->rx_bitrate_kbps = 0;
9289 	}
9290 
9291 	if (arsta->tx_rate_code != 0 && arsta->tx_bitrate_kbps != 0) {
9292 		ath10k_mac_parse_bitrate(ar, arsta->tx_rate_code,
9293 					 arsta->tx_bitrate_kbps,
9294 					 &sinfo->txrate);
9295 
9296 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9297 		arsta->tx_rate_code = 0;
9298 		arsta->tx_bitrate_kbps = 0;
9299 	}
9300 }
9301 
9302 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
9303 				  struct ieee80211_vif *vif,
9304 				  struct ieee80211_sta *sta,
9305 				  struct station_info *sinfo)
9306 {
9307 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9308 	struct ath10k *ar = arsta->arvif->ar;
9309 
9310 	if (!ath10k_peer_stats_enabled(ar))
9311 		return;
9312 
9313 	mutex_lock(&ar->conf_mutex);
9314 	ath10k_debug_fw_stats_request(ar);
9315 	mutex_unlock(&ar->conf_mutex);
9316 
9317 	sinfo->rx_duration = arsta->rx_duration;
9318 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
9319 
9320 	if (arsta->txrate.legacy || arsta->txrate.nss) {
9321 		if (arsta->txrate.legacy) {
9322 			sinfo->txrate.legacy = arsta->txrate.legacy;
9323 		} else {
9324 			sinfo->txrate.mcs = arsta->txrate.mcs;
9325 			sinfo->txrate.nss = arsta->txrate.nss;
9326 			sinfo->txrate.bw = arsta->txrate.bw;
9327 		}
9328 		sinfo->txrate.flags = arsta->txrate.flags;
9329 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9330 	}
9331 
9332 	if (ar->htt.disable_tx_comp) {
9333 		sinfo->tx_failed = arsta->tx_failed;
9334 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
9335 	}
9336 
9337 	sinfo->tx_retries = arsta->tx_retries;
9338 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
9339 
9340 	ath10k_mac_sta_get_peer_stats_info(ar, sta, sinfo);
9341 }
9342 
9343 static int ath10k_mac_op_set_tid_config(struct ieee80211_hw *hw,
9344 					struct ieee80211_vif *vif,
9345 					struct ieee80211_sta *sta,
9346 					struct cfg80211_tid_config *tid_config)
9347 {
9348 	struct ath10k *ar = hw->priv;
9349 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9350 	struct ath10k_mac_iter_tid_conf_data data = {};
9351 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
9352 	int ret, i;
9353 
9354 	mutex_lock(&ar->conf_mutex);
9355 	arg.vdev_id = arvif->vdev_id;
9356 
9357 	arvif->tids_rst = 0;
9358 	memset(arvif->tid_conf_changed, 0, sizeof(arvif->tid_conf_changed));
9359 
9360 	for (i = 0; i < tid_config->n_tid_conf; i++) {
9361 		ret = ath10k_mac_parse_tid_config(ar, sta, vif,
9362 						  &tid_config->tid_conf[i],
9363 						  &arg);
9364 		if (ret)
9365 			goto exit;
9366 	}
9367 
9368 	ret = 0;
9369 
9370 	if (sta)
9371 		goto exit;
9372 
9373 	arvif->tids_rst = 0;
9374 	data.curr_vif = vif;
9375 	data.ar = ar;
9376 
9377 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9378 					  &data);
9379 
9380 exit:
9381 	mutex_unlock(&ar->conf_mutex);
9382 	return ret;
9383 }
9384 
9385 static int ath10k_mac_op_reset_tid_config(struct ieee80211_hw *hw,
9386 					  struct ieee80211_vif *vif,
9387 					  struct ieee80211_sta *sta,
9388 					  u8 tids)
9389 {
9390 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9391 	struct ath10k_mac_iter_tid_conf_data data = {};
9392 	struct ath10k *ar = hw->priv;
9393 	int ret = 0;
9394 
9395 	mutex_lock(&ar->conf_mutex);
9396 
9397 	if (sta) {
9398 		arvif->tids_rst = 0;
9399 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif, tids);
9400 		goto exit;
9401 	}
9402 
9403 	arvif->tids_rst = tids;
9404 	data.curr_vif = vif;
9405 	data.ar = ar;
9406 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9407 					  &data);
9408 
9409 exit:
9410 	mutex_unlock(&ar->conf_mutex);
9411 	return ret;
9412 }
9413 
9414 static const struct ieee80211_ops ath10k_ops = {
9415 	.tx				= ath10k_mac_op_tx,
9416 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
9417 	.start				= ath10k_start,
9418 	.stop				= ath10k_stop,
9419 	.config				= ath10k_config,
9420 	.add_interface			= ath10k_add_interface,
9421 	.update_vif_offload		= ath10k_update_vif_offload,
9422 	.remove_interface		= ath10k_remove_interface,
9423 	.configure_filter		= ath10k_configure_filter,
9424 	.bss_info_changed		= ath10k_bss_info_changed,
9425 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
9426 	.hw_scan			= ath10k_hw_scan,
9427 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
9428 	.set_key			= ath10k_set_key,
9429 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
9430 	.sta_state			= ath10k_sta_state,
9431 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
9432 	.conf_tx			= ath10k_conf_tx,
9433 	.remain_on_channel		= ath10k_remain_on_channel,
9434 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
9435 	.set_rts_threshold		= ath10k_set_rts_threshold,
9436 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
9437 	.flush				= ath10k_flush,
9438 	.tx_last_beacon			= ath10k_tx_last_beacon,
9439 	.set_antenna			= ath10k_set_antenna,
9440 	.get_antenna			= ath10k_get_antenna,
9441 	.reconfig_complete		= ath10k_reconfig_complete,
9442 	.get_survey			= ath10k_get_survey,
9443 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
9444 	.sta_rc_update			= ath10k_sta_rc_update,
9445 	.offset_tsf			= ath10k_offset_tsf,
9446 	.ampdu_action			= ath10k_ampdu_action,
9447 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
9448 	.get_et_stats			= ath10k_debug_get_et_stats,
9449 	.get_et_strings			= ath10k_debug_get_et_strings,
9450 	.add_chanctx			= ath10k_mac_op_add_chanctx,
9451 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
9452 	.change_chanctx			= ath10k_mac_op_change_chanctx,
9453 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
9454 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
9455 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
9456 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
9457 	.sta_statistics			= ath10k_sta_statistics,
9458 	.set_tid_config			= ath10k_mac_op_set_tid_config,
9459 	.reset_tid_config		= ath10k_mac_op_reset_tid_config,
9460 
9461 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
9462 
9463 #ifdef CONFIG_PM
9464 	.suspend			= ath10k_wow_op_suspend,
9465 	.resume				= ath10k_wow_op_resume,
9466 	.set_wakeup			= ath10k_wow_op_set_wakeup,
9467 #endif
9468 #ifdef CONFIG_MAC80211_DEBUGFS
9469 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
9470 #endif
9471 	.set_sar_specs			= ath10k_mac_set_sar_specs,
9472 };
9473 
9474 #define CHAN2G(_channel, _freq, _flags) { \
9475 	.band			= NL80211_BAND_2GHZ, \
9476 	.hw_value		= (_channel), \
9477 	.center_freq		= (_freq), \
9478 	.flags			= (_flags), \
9479 	.max_antenna_gain	= 0, \
9480 	.max_power		= 30, \
9481 }
9482 
9483 #define CHAN5G(_channel, _freq, _flags) { \
9484 	.band			= NL80211_BAND_5GHZ, \
9485 	.hw_value		= (_channel), \
9486 	.center_freq		= (_freq), \
9487 	.flags			= (_flags), \
9488 	.max_antenna_gain	= 0, \
9489 	.max_power		= 30, \
9490 }
9491 
9492 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
9493 	CHAN2G(1, 2412, 0),
9494 	CHAN2G(2, 2417, 0),
9495 	CHAN2G(3, 2422, 0),
9496 	CHAN2G(4, 2427, 0),
9497 	CHAN2G(5, 2432, 0),
9498 	CHAN2G(6, 2437, 0),
9499 	CHAN2G(7, 2442, 0),
9500 	CHAN2G(8, 2447, 0),
9501 	CHAN2G(9, 2452, 0),
9502 	CHAN2G(10, 2457, 0),
9503 	CHAN2G(11, 2462, 0),
9504 	CHAN2G(12, 2467, 0),
9505 	CHAN2G(13, 2472, 0),
9506 	CHAN2G(14, 2484, 0),
9507 };
9508 
9509 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
9510 	CHAN5G(36, 5180, 0),
9511 	CHAN5G(40, 5200, 0),
9512 	CHAN5G(44, 5220, 0),
9513 	CHAN5G(48, 5240, 0),
9514 	CHAN5G(52, 5260, 0),
9515 	CHAN5G(56, 5280, 0),
9516 	CHAN5G(60, 5300, 0),
9517 	CHAN5G(64, 5320, 0),
9518 	CHAN5G(100, 5500, 0),
9519 	CHAN5G(104, 5520, 0),
9520 	CHAN5G(108, 5540, 0),
9521 	CHAN5G(112, 5560, 0),
9522 	CHAN5G(116, 5580, 0),
9523 	CHAN5G(120, 5600, 0),
9524 	CHAN5G(124, 5620, 0),
9525 	CHAN5G(128, 5640, 0),
9526 	CHAN5G(132, 5660, 0),
9527 	CHAN5G(136, 5680, 0),
9528 	CHAN5G(140, 5700, 0),
9529 	CHAN5G(144, 5720, 0),
9530 	CHAN5G(149, 5745, 0),
9531 	CHAN5G(153, 5765, 0),
9532 	CHAN5G(157, 5785, 0),
9533 	CHAN5G(161, 5805, 0),
9534 	CHAN5G(165, 5825, 0),
9535 	CHAN5G(169, 5845, 0),
9536 	CHAN5G(173, 5865, 0),
9537 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
9538 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
9539 };
9540 
9541 struct ath10k *ath10k_mac_create(size_t priv_size)
9542 {
9543 	struct ieee80211_hw *hw;
9544 	struct ieee80211_ops *ops;
9545 	struct ath10k *ar;
9546 
9547 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
9548 	if (!ops)
9549 		return NULL;
9550 
9551 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
9552 	if (!hw) {
9553 		kfree(ops);
9554 		return NULL;
9555 	}
9556 
9557 	ar = hw->priv;
9558 	ar->hw = hw;
9559 	ar->ops = ops;
9560 
9561 	return ar;
9562 }
9563 
9564 void ath10k_mac_destroy(struct ath10k *ar)
9565 {
9566 	struct ieee80211_ops *ops = ar->ops;
9567 
9568 	ieee80211_free_hw(ar->hw);
9569 	kfree(ops);
9570 }
9571 
9572 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
9573 	{
9574 		.max	= 8,
9575 		.types	= BIT(NL80211_IFTYPE_STATION)
9576 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
9577 	},
9578 	{
9579 		.max	= 3,
9580 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
9581 	},
9582 	{
9583 		.max	= 1,
9584 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
9585 	},
9586 	{
9587 		.max	= 7,
9588 		.types	= BIT(NL80211_IFTYPE_AP)
9589 #ifdef CONFIG_MAC80211_MESH
9590 			| BIT(NL80211_IFTYPE_MESH_POINT)
9591 #endif
9592 	},
9593 };
9594 
9595 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
9596 	{
9597 		.max	= 8,
9598 		.types	= BIT(NL80211_IFTYPE_AP)
9599 #ifdef CONFIG_MAC80211_MESH
9600 			| BIT(NL80211_IFTYPE_MESH_POINT)
9601 #endif
9602 	},
9603 	{
9604 		.max	= 1,
9605 		.types	= BIT(NL80211_IFTYPE_STATION)
9606 	},
9607 };
9608 
9609 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
9610 	{
9611 		.limits = ath10k_if_limits,
9612 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
9613 		.max_interfaces = 8,
9614 		.num_different_channels = 1,
9615 		.beacon_int_infra_match = true,
9616 	},
9617 };
9618 
9619 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
9620 	{
9621 		.limits = ath10k_10x_if_limits,
9622 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
9623 		.max_interfaces = 8,
9624 		.num_different_channels = 1,
9625 		.beacon_int_infra_match = true,
9626 		.beacon_int_min_gcd = 1,
9627 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9628 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9629 					BIT(NL80211_CHAN_WIDTH_20) |
9630 					BIT(NL80211_CHAN_WIDTH_40) |
9631 					BIT(NL80211_CHAN_WIDTH_80),
9632 #endif
9633 	},
9634 };
9635 
9636 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
9637 	{
9638 		.max = 2,
9639 		.types = BIT(NL80211_IFTYPE_STATION),
9640 	},
9641 	{
9642 		.max = 2,
9643 		.types = BIT(NL80211_IFTYPE_AP) |
9644 #ifdef CONFIG_MAC80211_MESH
9645 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9646 #endif
9647 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
9648 			 BIT(NL80211_IFTYPE_P2P_GO),
9649 	},
9650 	{
9651 		.max = 1,
9652 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9653 	},
9654 };
9655 
9656 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
9657 	{
9658 		.max = 2,
9659 		.types = BIT(NL80211_IFTYPE_STATION),
9660 	},
9661 	{
9662 		.max = 2,
9663 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
9664 	},
9665 	{
9666 		.max = 1,
9667 		.types = BIT(NL80211_IFTYPE_AP) |
9668 #ifdef CONFIG_MAC80211_MESH
9669 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9670 #endif
9671 			 BIT(NL80211_IFTYPE_P2P_GO),
9672 	},
9673 	{
9674 		.max = 1,
9675 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9676 	},
9677 };
9678 
9679 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
9680 	{
9681 		.max = 1,
9682 		.types = BIT(NL80211_IFTYPE_STATION),
9683 	},
9684 	{
9685 		.max = 1,
9686 		.types = BIT(NL80211_IFTYPE_ADHOC),
9687 	},
9688 };
9689 
9690 /* FIXME: This is not thoroughly tested. These combinations may over- or
9691  * underestimate hw/fw capabilities.
9692  */
9693 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
9694 	{
9695 		.limits = ath10k_tlv_if_limit,
9696 		.num_different_channels = 1,
9697 		.max_interfaces = 4,
9698 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9699 	},
9700 	{
9701 		.limits = ath10k_tlv_if_limit_ibss,
9702 		.num_different_channels = 1,
9703 		.max_interfaces = 2,
9704 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9705 	},
9706 };
9707 
9708 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
9709 	{
9710 		.limits = ath10k_tlv_if_limit,
9711 		.num_different_channels = 1,
9712 		.max_interfaces = 4,
9713 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9714 	},
9715 	{
9716 		.limits = ath10k_tlv_qcs_if_limit,
9717 		.num_different_channels = 2,
9718 		.max_interfaces = 4,
9719 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
9720 	},
9721 	{
9722 		.limits = ath10k_tlv_if_limit_ibss,
9723 		.num_different_channels = 1,
9724 		.max_interfaces = 2,
9725 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9726 	},
9727 };
9728 
9729 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
9730 	{
9731 		.max = 1,
9732 		.types = BIT(NL80211_IFTYPE_STATION),
9733 	},
9734 	{
9735 		.max	= 16,
9736 		.types	= BIT(NL80211_IFTYPE_AP)
9737 #ifdef CONFIG_MAC80211_MESH
9738 			| BIT(NL80211_IFTYPE_MESH_POINT)
9739 #endif
9740 	},
9741 };
9742 
9743 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
9744 	{
9745 		.limits = ath10k_10_4_if_limits,
9746 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9747 		.max_interfaces = 16,
9748 		.num_different_channels = 1,
9749 		.beacon_int_infra_match = true,
9750 		.beacon_int_min_gcd = 1,
9751 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9752 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9753 					BIT(NL80211_CHAN_WIDTH_20) |
9754 					BIT(NL80211_CHAN_WIDTH_40) |
9755 					BIT(NL80211_CHAN_WIDTH_80) |
9756 					BIT(NL80211_CHAN_WIDTH_80P80) |
9757 					BIT(NL80211_CHAN_WIDTH_160),
9758 #endif
9759 	},
9760 };
9761 
9762 static const struct
9763 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
9764 	{
9765 		.limits = ath10k_10_4_if_limits,
9766 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9767 		.max_interfaces = 16,
9768 		.num_different_channels = 1,
9769 		.beacon_int_infra_match = true,
9770 		.beacon_int_min_gcd = 100,
9771 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9772 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9773 					BIT(NL80211_CHAN_WIDTH_20) |
9774 					BIT(NL80211_CHAN_WIDTH_40) |
9775 					BIT(NL80211_CHAN_WIDTH_80) |
9776 					BIT(NL80211_CHAN_WIDTH_80P80) |
9777 					BIT(NL80211_CHAN_WIDTH_160),
9778 #endif
9779 	},
9780 };
9781 
9782 static void ath10k_get_arvif_iter(void *data, u8 *mac,
9783 				  struct ieee80211_vif *vif)
9784 {
9785 	struct ath10k_vif_iter *arvif_iter = data;
9786 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9787 
9788 	if (arvif->vdev_id == arvif_iter->vdev_id)
9789 		arvif_iter->arvif = arvif;
9790 }
9791 
9792 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
9793 {
9794 	struct ath10k_vif_iter arvif_iter;
9795 
9796 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
9797 	arvif_iter.vdev_id = vdev_id;
9798 
9799 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
9800 						   ATH10K_ITER_RESUME_FLAGS,
9801 						   ath10k_get_arvif_iter,
9802 						   &arvif_iter);
9803 	if (!arvif_iter.arvif) {
9804 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
9805 		return NULL;
9806 	}
9807 
9808 	return arvif_iter.arvif;
9809 }
9810 
9811 #define WRD_METHOD "WRDD"
9812 #define WRDD_WIFI  (0x07)
9813 
9814 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
9815 {
9816 	union acpi_object *mcc_pkg;
9817 	union acpi_object *domain_type;
9818 	union acpi_object *mcc_value;
9819 	u32 i;
9820 
9821 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
9822 	    wrdd->package.count < 2 ||
9823 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
9824 	    wrdd->package.elements[0].integer.value != 0) {
9825 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
9826 		return 0;
9827 	}
9828 
9829 	for (i = 1; i < wrdd->package.count; ++i) {
9830 		mcc_pkg = &wrdd->package.elements[i];
9831 
9832 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
9833 			continue;
9834 		if (mcc_pkg->package.count < 2)
9835 			continue;
9836 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
9837 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
9838 			continue;
9839 
9840 		domain_type = &mcc_pkg->package.elements[0];
9841 		if (domain_type->integer.value != WRDD_WIFI)
9842 			continue;
9843 
9844 		mcc_value = &mcc_pkg->package.elements[1];
9845 		return mcc_value->integer.value;
9846 	}
9847 	return 0;
9848 }
9849 
9850 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
9851 {
9852 	acpi_handle root_handle;
9853 	acpi_handle handle;
9854 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
9855 	acpi_status status;
9856 	u32 alpha2_code;
9857 	char alpha2[3];
9858 
9859 	root_handle = ACPI_HANDLE(ar->dev);
9860 	if (!root_handle)
9861 		return -EOPNOTSUPP;
9862 
9863 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
9864 	if (ACPI_FAILURE(status)) {
9865 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9866 			   "failed to get wrd method %d\n", status);
9867 		return -EIO;
9868 	}
9869 
9870 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
9871 	if (ACPI_FAILURE(status)) {
9872 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9873 			   "failed to call wrdc %d\n", status);
9874 		return -EIO;
9875 	}
9876 
9877 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
9878 	kfree(wrdd.pointer);
9879 	if (!alpha2_code)
9880 		return -EIO;
9881 
9882 	alpha2[0] = (alpha2_code >> 8) & 0xff;
9883 	alpha2[1] = (alpha2_code >> 0) & 0xff;
9884 	alpha2[2] = '\0';
9885 
9886 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
9887 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
9888 
9889 	*rd = ath_regd_find_country_by_name(alpha2);
9890 	if (*rd == 0xffff)
9891 		return -EIO;
9892 
9893 	*rd |= COUNTRY_ERD_FLAG;
9894 	return 0;
9895 }
9896 
9897 static int ath10k_mac_init_rd(struct ath10k *ar)
9898 {
9899 	int ret;
9900 	u16 rd;
9901 
9902 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
9903 	if (ret) {
9904 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9905 			   "fallback to eeprom programmed regulatory settings\n");
9906 		rd = ar->hw_eeprom_rd;
9907 	}
9908 
9909 	ar->ath_common.regulatory.current_rd = rd;
9910 	return 0;
9911 }
9912 
9913 int ath10k_mac_register(struct ath10k *ar)
9914 {
9915 	static const u32 cipher_suites[] = {
9916 		WLAN_CIPHER_SUITE_WEP40,
9917 		WLAN_CIPHER_SUITE_WEP104,
9918 		WLAN_CIPHER_SUITE_TKIP,
9919 		WLAN_CIPHER_SUITE_CCMP,
9920 
9921 		/* Do not add hardware supported ciphers before this line.
9922 		 * Allow software encryption for all chips. Don't forget to
9923 		 * update n_cipher_suites below.
9924 		 */
9925 		WLAN_CIPHER_SUITE_AES_CMAC,
9926 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
9927 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
9928 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
9929 
9930 		/* Only QCA99x0 and QCA4019 variants support GCMP-128, GCMP-256
9931 		 * and CCMP-256 in hardware.
9932 		 */
9933 		WLAN_CIPHER_SUITE_GCMP,
9934 		WLAN_CIPHER_SUITE_GCMP_256,
9935 		WLAN_CIPHER_SUITE_CCMP_256,
9936 	};
9937 	struct ieee80211_supported_band *band;
9938 	void *channels;
9939 	int ret;
9940 
9941 	if (!is_valid_ether_addr(ar->mac_addr)) {
9942 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
9943 		eth_random_addr(ar->mac_addr);
9944 	}
9945 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
9946 
9947 	SET_IEEE80211_DEV(ar->hw, ar->dev);
9948 
9949 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
9950 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
9951 		     ATH10K_NUM_CHANS);
9952 
9953 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
9954 		channels = kmemdup(ath10k_2ghz_channels,
9955 				   sizeof(ath10k_2ghz_channels),
9956 				   GFP_KERNEL);
9957 		if (!channels) {
9958 			ret = -ENOMEM;
9959 			goto err_free;
9960 		}
9961 
9962 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
9963 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
9964 		band->channels = channels;
9965 
9966 		if (ar->hw_params.cck_rate_map_rev2) {
9967 			band->n_bitrates = ath10k_g_rates_rev2_size;
9968 			band->bitrates = ath10k_g_rates_rev2;
9969 		} else {
9970 			band->n_bitrates = ath10k_g_rates_size;
9971 			band->bitrates = ath10k_g_rates;
9972 		}
9973 
9974 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
9975 	}
9976 
9977 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
9978 		channels = kmemdup(ath10k_5ghz_channels,
9979 				   sizeof(ath10k_5ghz_channels),
9980 				   GFP_KERNEL);
9981 		if (!channels) {
9982 			ret = -ENOMEM;
9983 			goto err_free;
9984 		}
9985 
9986 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
9987 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
9988 		band->channels = channels;
9989 		band->n_bitrates = ath10k_a_rates_size;
9990 		band->bitrates = ath10k_a_rates;
9991 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
9992 	}
9993 
9994 	wiphy_read_of_freq_limits(ar->hw->wiphy);
9995 	ath10k_mac_setup_ht_vht_cap(ar);
9996 
9997 	ar->hw->wiphy->interface_modes =
9998 		BIT(NL80211_IFTYPE_STATION) |
9999 		BIT(NL80211_IFTYPE_AP) |
10000 		BIT(NL80211_IFTYPE_MESH_POINT);
10001 
10002 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
10003 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
10004 
10005 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
10006 		ar->hw->wiphy->interface_modes |=
10007 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
10008 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
10009 			BIT(NL80211_IFTYPE_P2P_GO);
10010 
10011 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
10012 
10013 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
10014 		      ar->running_fw->fw_file.fw_features)) {
10015 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
10016 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
10017 	}
10018 
10019 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
10020 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
10021 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
10022 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
10023 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
10024 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
10025 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
10026 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
10027 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
10028 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
10029 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
10030 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
10031 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
10032 
10033 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10034 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
10035 
10036 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
10037 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
10038 
10039 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
10040 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
10041 
10042 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
10043 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
10044 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
10045 	}
10046 
10047 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
10048 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
10049 
10050 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
10051 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
10052 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
10053 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
10054 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
10055 		ar->hw->wiphy->max_sched_scan_plan_interval =
10056 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
10057 		ar->hw->wiphy->max_sched_scan_plan_iterations =
10058 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
10059 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
10060 	}
10061 
10062 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
10063 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
10064 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
10065 
10066 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
10067 
10068 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
10069 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
10070 
10071 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
10072 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
10073 		 * correct Probe Responses. This is more of a hack advert..
10074 		 */
10075 		ar->hw->wiphy->probe_resp_offload |=
10076 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
10077 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
10078 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
10079 	}
10080 
10081 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
10082 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
10083 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
10084 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
10085 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
10086 	}
10087 
10088 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
10089 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
10090 
10091 	if (ath10k_frame_mode == ATH10K_HW_TXRX_ETHERNET) {
10092 		if (ar->wmi.vdev_param->tx_encap_type !=
10093 		    WMI_VDEV_PARAM_UNSUPPORTED)
10094 			ieee80211_hw_set(ar->hw, SUPPORTS_TX_ENCAP_OFFLOAD);
10095 	}
10096 
10097 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
10098 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
10099 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
10100 
10101 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
10102 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
10103 				   NL80211_FEATURE_AP_SCAN;
10104 
10105 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
10106 
10107 	ret = ath10k_wow_init(ar);
10108 	if (ret) {
10109 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
10110 		goto err_free;
10111 	}
10112 
10113 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
10114 	wiphy_ext_feature_set(ar->hw->wiphy,
10115 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
10116 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
10117 
10118 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
10119 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
10120 		wiphy_ext_feature_set(ar->hw->wiphy,
10121 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
10122 
10123 	if (ath10k_peer_stats_enabled(ar) ||
10124 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
10125 		wiphy_ext_feature_set(ar->hw->wiphy,
10126 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
10127 
10128 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
10129 		wiphy_ext_feature_set(ar->hw->wiphy,
10130 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
10131 
10132 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
10133 		wiphy_ext_feature_set(ar->hw->wiphy,
10134 				      NL80211_EXT_FEATURE_STA_TX_PWR);
10135 
10136 	if (test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map)) {
10137 		ar->hw->wiphy->tid_config_support.vif |=
10138 				BIT(NL80211_TID_CONFIG_ATTR_NOACK) |
10139 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT) |
10140 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG) |
10141 				BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL) |
10142 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
10143 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
10144 
10145 		if (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
10146 			     ar->wmi.svc_map)) {
10147 			ar->hw->wiphy->tid_config_support.vif |=
10148 				BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
10149 		}
10150 
10151 		ar->hw->wiphy->tid_config_support.peer =
10152 				ar->hw->wiphy->tid_config_support.vif;
10153 		ar->hw->wiphy->max_data_retry_count = ATH10K_MAX_RETRY_COUNT;
10154 	} else {
10155 		ar->ops->set_tid_config = NULL;
10156 	}
10157 	/*
10158 	 * on LL hardware queues are managed entirely by the FW
10159 	 * so we only advertise to mac we can do the queues thing
10160 	 */
10161 	ar->hw->queues = IEEE80211_MAX_QUEUES;
10162 
10163 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
10164 	 * something that vdev_ids can't reach so that we don't stop the queue
10165 	 * accidentally.
10166 	 */
10167 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
10168 
10169 	switch (ar->running_fw->fw_file.wmi_op_version) {
10170 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
10171 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
10172 		ar->hw->wiphy->n_iface_combinations =
10173 			ARRAY_SIZE(ath10k_if_comb);
10174 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10175 		break;
10176 	case ATH10K_FW_WMI_OP_VERSION_TLV:
10177 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
10178 			ar->hw->wiphy->iface_combinations =
10179 				ath10k_tlv_qcs_if_comb;
10180 			ar->hw->wiphy->n_iface_combinations =
10181 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
10182 		} else {
10183 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
10184 			ar->hw->wiphy->n_iface_combinations =
10185 				ARRAY_SIZE(ath10k_tlv_if_comb);
10186 		}
10187 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10188 		break;
10189 	case ATH10K_FW_WMI_OP_VERSION_10_1:
10190 	case ATH10K_FW_WMI_OP_VERSION_10_2:
10191 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
10192 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
10193 		ar->hw->wiphy->n_iface_combinations =
10194 			ARRAY_SIZE(ath10k_10x_if_comb);
10195 		break;
10196 	case ATH10K_FW_WMI_OP_VERSION_10_4:
10197 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
10198 		ar->hw->wiphy->n_iface_combinations =
10199 			ARRAY_SIZE(ath10k_10_4_if_comb);
10200 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
10201 			     ar->wmi.svc_map)) {
10202 			ar->hw->wiphy->iface_combinations =
10203 				ath10k_10_4_bcn_int_if_comb;
10204 			ar->hw->wiphy->n_iface_combinations =
10205 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
10206 		}
10207 		break;
10208 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
10209 	case ATH10K_FW_WMI_OP_VERSION_MAX:
10210 		WARN_ON(1);
10211 		ret = -EINVAL;
10212 		goto err_free;
10213 	}
10214 
10215 	if (ar->hw_params.dynamic_sar_support)
10216 		ar->hw->wiphy->sar_capa = &ath10k_sar_capa;
10217 
10218 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10219 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
10220 
10221 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
10222 		/* Init ath dfs pattern detector */
10223 		ar->ath_common.debug_mask = ATH_DBG_DFS;
10224 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
10225 							     NL80211_DFS_UNSET);
10226 
10227 		if (!ar->dfs_detector)
10228 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
10229 	}
10230 
10231 	ret = ath10k_mac_init_rd(ar);
10232 	if (ret) {
10233 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
10234 		goto err_dfs_detector_exit;
10235 	}
10236 
10237 	/* Disable set_coverage_class for chipsets that do not support it. */
10238 	if (!ar->hw_params.hw_ops->set_coverage_class)
10239 		ar->ops->set_coverage_class = NULL;
10240 
10241 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
10242 			    ath10k_reg_notifier);
10243 	if (ret) {
10244 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
10245 		goto err_dfs_detector_exit;
10246 	}
10247 
10248 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
10249 		ar->hw->wiphy->features |=
10250 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
10251 	}
10252 
10253 	ar->hw->wiphy->cipher_suites = cipher_suites;
10254 
10255 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
10256 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
10257 	 * from chip specific hw_param table.
10258 	 */
10259 	if (!ar->hw_params.n_cipher_suites ||
10260 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
10261 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
10262 			   ar->hw_params.n_cipher_suites);
10263 		ar->hw_params.n_cipher_suites = 8;
10264 	}
10265 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
10266 
10267 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
10268 
10269 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
10270 
10271 	ret = ieee80211_register_hw(ar->hw);
10272 	if (ret) {
10273 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
10274 		goto err_dfs_detector_exit;
10275 	}
10276 
10277 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
10278 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
10279 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
10280 	}
10281 
10282 	if (!ath_is_world_regd(&ar->ath_common.reg_world_copy) &&
10283 	    !ath_is_world_regd(&ar->ath_common.regulatory)) {
10284 		ret = regulatory_hint(ar->hw->wiphy,
10285 				      ar->ath_common.regulatory.alpha2);
10286 		if (ret)
10287 			goto err_unregister;
10288 	}
10289 
10290 	return 0;
10291 
10292 err_unregister:
10293 	ieee80211_unregister_hw(ar->hw);
10294 
10295 err_dfs_detector_exit:
10296 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10297 		ar->dfs_detector->exit(ar->dfs_detector);
10298 
10299 err_free:
10300 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10301 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10302 
10303 	SET_IEEE80211_DEV(ar->hw, NULL);
10304 	return ret;
10305 }
10306 
10307 void ath10k_mac_unregister(struct ath10k *ar)
10308 {
10309 	ieee80211_unregister_hw(ar->hw);
10310 
10311 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10312 		ar->dfs_detector->exit(ar->dfs_detector);
10313 
10314 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10315 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10316 
10317 	SET_IEEE80211_DEV(ar->hw, NULL);
10318 }
10319