xref: /openbmc/linux/drivers/net/wireless/ath/ath10k/mac.c (revision 5fb859f7) 
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  */
7 
8 #include "mac.h"
9 
10 #include <net/cfg80211.h>
11 #include <net/mac80211.h>
12 #include <linux/etherdevice.h>
13 #include <linux/acpi.h>
14 #include <linux/of.h>
15 #include <linux/bitfield.h>
16 
17 #include "hif.h"
18 #include "core.h"
19 #include "debug.h"
20 #include "wmi.h"
21 #include "htt.h"
22 #include "txrx.h"
23 #include "testmode.h"
24 #include "wmi-tlv.h"
25 #include "wmi-ops.h"
26 #include "wow.h"
27 
28 /*********/
29 /* Rates */
30 /*********/
31 
32 static struct ieee80211_rate ath10k_rates[] = {
33 	{ .bitrate = 10,
34 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
35 	{ .bitrate = 20,
36 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
37 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
38 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
39 	{ .bitrate = 55,
40 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
41 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
42 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
43 	{ .bitrate = 110,
44 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
45 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
46 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
47 
48 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
49 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
50 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
51 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
52 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
53 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
54 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
55 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
56 };
57 
58 static struct ieee80211_rate ath10k_rates_rev2[] = {
59 	{ .bitrate = 10,
60 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
61 	{ .bitrate = 20,
62 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
63 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
64 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
65 	{ .bitrate = 55,
66 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
67 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
68 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
69 	{ .bitrate = 110,
70 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
71 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
72 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
73 
74 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
75 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
76 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
77 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
78 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
79 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
80 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
81 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
82 };
83 
84 static const struct cfg80211_sar_freq_ranges ath10k_sar_freq_ranges[] = {
85 	{.start_freq = 2402, .end_freq = 2494 },
86 	{.start_freq = 5170, .end_freq = 5875 },
87 };
88 
89 static const struct cfg80211_sar_capa ath10k_sar_capa = {
90 	.type = NL80211_SAR_TYPE_POWER,
91 	.num_freq_ranges = (ARRAY_SIZE(ath10k_sar_freq_ranges)),
92 	.freq_ranges = &ath10k_sar_freq_ranges[0],
93 };
94 
95 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
96 
97 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
98 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
99 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
100 #define ath10k_g_rates (ath10k_rates + 0)
101 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
102 
103 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
104 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
105 
106 #define ath10k_wmi_legacy_rates ath10k_rates
107 
108 static bool ath10k_mac_bitrate_is_cck(int bitrate)
109 {
110 	switch (bitrate) {
111 	case 10:
112 	case 20:
113 	case 55:
114 	case 110:
115 		return true;
116 	}
117 
118 	return false;
119 }
120 
121 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
122 {
123 	return DIV_ROUND_UP(bitrate, 5) |
124 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
125 }
126 
127 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
128 			     u8 hw_rate, bool cck)
129 {
130 	const struct ieee80211_rate *rate;
131 	int i;
132 
133 	for (i = 0; i < sband->n_bitrates; i++) {
134 		rate = &sband->bitrates[i];
135 
136 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
137 			continue;
138 
139 		if (rate->hw_value == hw_rate)
140 			return i;
141 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
142 			 rate->hw_value_short == hw_rate)
143 			return i;
144 	}
145 
146 	return 0;
147 }
148 
149 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
150 			     u32 bitrate)
151 {
152 	int i;
153 
154 	for (i = 0; i < sband->n_bitrates; i++)
155 		if (sband->bitrates[i].bitrate == bitrate)
156 			return i;
157 
158 	return 0;
159 }
160 
161 static int ath10k_mac_get_rate_hw_value(int bitrate)
162 {
163 	int i;
164 	u8 hw_value_prefix = 0;
165 
166 	if (ath10k_mac_bitrate_is_cck(bitrate))
167 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
168 
169 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
170 		if (ath10k_rates[i].bitrate == bitrate)
171 			return hw_value_prefix | ath10k_rates[i].hw_value;
172 	}
173 
174 	return -EINVAL;
175 }
176 
177 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
178 {
179 	switch ((mcs_map >> (2 * nss)) & 0x3) {
180 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
181 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
182 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
183 	}
184 	return 0;
185 }
186 
187 static u32
188 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
189 {
190 	int nss;
191 
192 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
193 		if (ht_mcs_mask[nss])
194 			return nss + 1;
195 
196 	return 1;
197 }
198 
199 static u32
200 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
201 {
202 	int nss;
203 
204 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
205 		if (vht_mcs_mask[nss])
206 			return nss + 1;
207 
208 	return 1;
209 }
210 
211 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
212 {
213 	enum wmi_host_platform_type platform_type;
214 	int ret;
215 
216 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
217 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
218 	else
219 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
220 
221 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
222 
223 	if (ret && ret != -EOPNOTSUPP) {
224 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
225 		return ret;
226 	}
227 
228 	return 0;
229 }
230 
231 /**********/
232 /* Crypto */
233 /**********/
234 
235 static int ath10k_send_key(struct ath10k_vif *arvif,
236 			   struct ieee80211_key_conf *key,
237 			   enum set_key_cmd cmd,
238 			   const u8 *macaddr, u32 flags)
239 {
240 	struct ath10k *ar = arvif->ar;
241 	struct wmi_vdev_install_key_arg arg = {
242 		.vdev_id = arvif->vdev_id,
243 		.key_idx = key->keyidx,
244 		.key_len = key->keylen,
245 		.key_data = key->key,
246 		.key_flags = flags,
247 		.macaddr = macaddr,
248 	};
249 
250 	lockdep_assert_held(&arvif->ar->conf_mutex);
251 
252 	switch (key->cipher) {
253 	case WLAN_CIPHER_SUITE_CCMP:
254 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
255 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
256 		break;
257 	case WLAN_CIPHER_SUITE_TKIP:
258 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
259 		arg.key_txmic_len = 8;
260 		arg.key_rxmic_len = 8;
261 		break;
262 	case WLAN_CIPHER_SUITE_WEP40:
263 	case WLAN_CIPHER_SUITE_WEP104:
264 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
265 		break;
266 	case WLAN_CIPHER_SUITE_CCMP_256:
267 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
268 		break;
269 	case WLAN_CIPHER_SUITE_GCMP:
270 	case WLAN_CIPHER_SUITE_GCMP_256:
271 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
272 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
273 		break;
274 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
275 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
276 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
277 	case WLAN_CIPHER_SUITE_AES_CMAC:
278 		WARN_ON(1);
279 		return -EINVAL;
280 	default:
281 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
282 		return -EOPNOTSUPP;
283 	}
284 
285 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
286 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
287 
288 	if (cmd == DISABLE_KEY) {
289 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
290 		arg.key_data = NULL;
291 	}
292 
293 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
294 }
295 
296 static int ath10k_install_key(struct ath10k_vif *arvif,
297 			      struct ieee80211_key_conf *key,
298 			      enum set_key_cmd cmd,
299 			      const u8 *macaddr, u32 flags)
300 {
301 	struct ath10k *ar = arvif->ar;
302 	int ret;
303 	unsigned long time_left;
304 
305 	lockdep_assert_held(&ar->conf_mutex);
306 
307 	reinit_completion(&ar->install_key_done);
308 
309 	if (arvif->nohwcrypt)
310 		return 1;
311 
312 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
313 	if (ret)
314 		return ret;
315 
316 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
317 	if (time_left == 0)
318 		return -ETIMEDOUT;
319 
320 	return 0;
321 }
322 
323 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
324 					const u8 *addr)
325 {
326 	struct ath10k *ar = arvif->ar;
327 	struct ath10k_peer *peer;
328 	int ret;
329 	int i;
330 	u32 flags;
331 
332 	lockdep_assert_held(&ar->conf_mutex);
333 
334 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
335 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
336 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
337 		return -EINVAL;
338 
339 	spin_lock_bh(&ar->data_lock);
340 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
341 	spin_unlock_bh(&ar->data_lock);
342 
343 	if (!peer)
344 		return -ENOENT;
345 
346 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
347 		if (arvif->wep_keys[i] == NULL)
348 			continue;
349 
350 		switch (arvif->vif->type) {
351 		case NL80211_IFTYPE_AP:
352 			flags = WMI_KEY_PAIRWISE;
353 
354 			if (arvif->def_wep_key_idx == i)
355 				flags |= WMI_KEY_TX_USAGE;
356 
357 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
358 						 SET_KEY, addr, flags);
359 			if (ret < 0)
360 				return ret;
361 			break;
362 		case NL80211_IFTYPE_ADHOC:
363 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
364 						 SET_KEY, addr,
365 						 WMI_KEY_PAIRWISE);
366 			if (ret < 0)
367 				return ret;
368 
369 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
370 						 SET_KEY, addr, WMI_KEY_GROUP);
371 			if (ret < 0)
372 				return ret;
373 			break;
374 		default:
375 			WARN_ON(1);
376 			return -EINVAL;
377 		}
378 
379 		spin_lock_bh(&ar->data_lock);
380 		peer->keys[i] = arvif->wep_keys[i];
381 		spin_unlock_bh(&ar->data_lock);
382 	}
383 
384 	/* In some cases (notably with static WEP IBSS with multiple keys)
385 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
386 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
387 	 * didn't seem help. Using def_keyid vdev parameter seems to be
388 	 * effective so use that.
389 	 *
390 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
391 	 */
392 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
393 		return 0;
394 
395 	if (arvif->def_wep_key_idx == -1)
396 		return 0;
397 
398 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
399 					arvif->vdev_id,
400 					arvif->ar->wmi.vdev_param->def_keyid,
401 					arvif->def_wep_key_idx);
402 	if (ret) {
403 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
404 			    arvif->vdev_id, ret);
405 		return ret;
406 	}
407 
408 	return 0;
409 }
410 
411 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
412 				  const u8 *addr)
413 {
414 	struct ath10k *ar = arvif->ar;
415 	struct ath10k_peer *peer;
416 	int first_errno = 0;
417 	int ret;
418 	int i;
419 	u32 flags = 0;
420 
421 	lockdep_assert_held(&ar->conf_mutex);
422 
423 	spin_lock_bh(&ar->data_lock);
424 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
425 	spin_unlock_bh(&ar->data_lock);
426 
427 	if (!peer)
428 		return -ENOENT;
429 
430 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
431 		if (peer->keys[i] == NULL)
432 			continue;
433 
434 		/* key flags are not required to delete the key */
435 		ret = ath10k_install_key(arvif, peer->keys[i],
436 					 DISABLE_KEY, addr, flags);
437 		if (ret < 0 && first_errno == 0)
438 			first_errno = ret;
439 
440 		if (ret < 0)
441 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
442 				    i, ret);
443 
444 		spin_lock_bh(&ar->data_lock);
445 		peer->keys[i] = NULL;
446 		spin_unlock_bh(&ar->data_lock);
447 	}
448 
449 	return first_errno;
450 }
451 
452 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
453 				    u8 keyidx)
454 {
455 	struct ath10k_peer *peer;
456 	int i;
457 
458 	lockdep_assert_held(&ar->data_lock);
459 
460 	/* We don't know which vdev this peer belongs to,
461 	 * since WMI doesn't give us that information.
462 	 *
463 	 * FIXME: multi-bss needs to be handled.
464 	 */
465 	peer = ath10k_peer_find(ar, 0, addr);
466 	if (!peer)
467 		return false;
468 
469 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
470 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
471 			return true;
472 	}
473 
474 	return false;
475 }
476 
477 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
478 				 struct ieee80211_key_conf *key)
479 {
480 	struct ath10k *ar = arvif->ar;
481 	struct ath10k_peer *peer;
482 	u8 addr[ETH_ALEN];
483 	int first_errno = 0;
484 	int ret;
485 	int i;
486 	u32 flags = 0;
487 
488 	lockdep_assert_held(&ar->conf_mutex);
489 
490 	for (;;) {
491 		/* since ath10k_install_key we can't hold data_lock all the
492 		 * time, so we try to remove the keys incrementally
493 		 */
494 		spin_lock_bh(&ar->data_lock);
495 		i = 0;
496 		list_for_each_entry(peer, &ar->peers, list) {
497 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
498 				if (peer->keys[i] == key) {
499 					ether_addr_copy(addr, peer->addr);
500 					peer->keys[i] = NULL;
501 					break;
502 				}
503 			}
504 
505 			if (i < ARRAY_SIZE(peer->keys))
506 				break;
507 		}
508 		spin_unlock_bh(&ar->data_lock);
509 
510 		if (i == ARRAY_SIZE(peer->keys))
511 			break;
512 		/* key flags are not required to delete the key */
513 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
514 		if (ret < 0 && first_errno == 0)
515 			first_errno = ret;
516 
517 		if (ret)
518 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
519 				    addr, ret);
520 	}
521 
522 	return first_errno;
523 }
524 
525 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
526 					 struct ieee80211_key_conf *key)
527 {
528 	struct ath10k *ar = arvif->ar;
529 	struct ath10k_peer *peer;
530 	int ret;
531 
532 	lockdep_assert_held(&ar->conf_mutex);
533 
534 	list_for_each_entry(peer, &ar->peers, list) {
535 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
536 			continue;
537 
538 		if (ether_addr_equal(peer->addr, arvif->bssid))
539 			continue;
540 
541 		if (peer->keys[key->keyidx] == key)
542 			continue;
543 
544 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
545 			   arvif->vdev_id, key->keyidx);
546 
547 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
548 		if (ret) {
549 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
550 				    arvif->vdev_id, peer->addr, ret);
551 			return ret;
552 		}
553 	}
554 
555 	return 0;
556 }
557 
558 /*********************/
559 /* General utilities */
560 /*********************/
561 
562 static inline enum wmi_phy_mode
563 chan_to_phymode(const struct cfg80211_chan_def *chandef)
564 {
565 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
566 
567 	switch (chandef->chan->band) {
568 	case NL80211_BAND_2GHZ:
569 		switch (chandef->width) {
570 		case NL80211_CHAN_WIDTH_20_NOHT:
571 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
572 				phymode = MODE_11B;
573 			else
574 				phymode = MODE_11G;
575 			break;
576 		case NL80211_CHAN_WIDTH_20:
577 			phymode = MODE_11NG_HT20;
578 			break;
579 		case NL80211_CHAN_WIDTH_40:
580 			phymode = MODE_11NG_HT40;
581 			break;
582 		default:
583 			phymode = MODE_UNKNOWN;
584 			break;
585 		}
586 		break;
587 	case NL80211_BAND_5GHZ:
588 		switch (chandef->width) {
589 		case NL80211_CHAN_WIDTH_20_NOHT:
590 			phymode = MODE_11A;
591 			break;
592 		case NL80211_CHAN_WIDTH_20:
593 			phymode = MODE_11NA_HT20;
594 			break;
595 		case NL80211_CHAN_WIDTH_40:
596 			phymode = MODE_11NA_HT40;
597 			break;
598 		case NL80211_CHAN_WIDTH_80:
599 			phymode = MODE_11AC_VHT80;
600 			break;
601 		case NL80211_CHAN_WIDTH_160:
602 			phymode = MODE_11AC_VHT160;
603 			break;
604 		case NL80211_CHAN_WIDTH_80P80:
605 			phymode = MODE_11AC_VHT80_80;
606 			break;
607 		default:
608 			phymode = MODE_UNKNOWN;
609 			break;
610 		}
611 		break;
612 	default:
613 		break;
614 	}
615 
616 	WARN_ON(phymode == MODE_UNKNOWN);
617 	return phymode;
618 }
619 
620 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
621 {
622 /*
623  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
624  *   0 for no restriction
625  *   1 for 1/4 us
626  *   2 for 1/2 us
627  *   3 for 1 us
628  *   4 for 2 us
629  *   5 for 4 us
630  *   6 for 8 us
631  *   7 for 16 us
632  */
633 	switch (mpdudensity) {
634 	case 0:
635 		return 0;
636 	case 1:
637 	case 2:
638 	case 3:
639 	/* Our lower layer calculations limit our precision to
640 	 * 1 microsecond
641 	 */
642 		return 1;
643 	case 4:
644 		return 2;
645 	case 5:
646 		return 4;
647 	case 6:
648 		return 8;
649 	case 7:
650 		return 16;
651 	default:
652 		return 0;
653 	}
654 }
655 
656 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
657 			struct cfg80211_chan_def *def)
658 {
659 	struct ieee80211_chanctx_conf *conf;
660 
661 	rcu_read_lock();
662 	conf = rcu_dereference(vif->bss_conf.chanctx_conf);
663 	if (!conf) {
664 		rcu_read_unlock();
665 		return -ENOENT;
666 	}
667 
668 	*def = conf->def;
669 	rcu_read_unlock();
670 
671 	return 0;
672 }
673 
674 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
675 					 struct ieee80211_chanctx_conf *conf,
676 					 void *data)
677 {
678 	int *num = data;
679 
680 	(*num)++;
681 }
682 
683 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
684 {
685 	int num = 0;
686 
687 	ieee80211_iter_chan_contexts_atomic(ar->hw,
688 					    ath10k_mac_num_chanctxs_iter,
689 					    &num);
690 
691 	return num;
692 }
693 
694 static void
695 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
696 				struct ieee80211_chanctx_conf *conf,
697 				void *data)
698 {
699 	struct cfg80211_chan_def **def = data;
700 
701 	*def = &conf->def;
702 }
703 
704 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
705 					     const u8 *addr)
706 {
707 	unsigned long time_left;
708 	int ret;
709 
710 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
711 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
712 		if (ret) {
713 			ath10k_warn(ar, "failed wait for peer deleted");
714 			return;
715 		}
716 
717 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
718 							5 * HZ);
719 		if (!time_left)
720 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
721 	}
722 }
723 
724 static int ath10k_peer_create(struct ath10k *ar,
725 			      struct ieee80211_vif *vif,
726 			      struct ieee80211_sta *sta,
727 			      u32 vdev_id,
728 			      const u8 *addr,
729 			      enum wmi_peer_type peer_type)
730 {
731 	struct ath10k_vif *arvif;
732 	struct ath10k_peer *peer;
733 	int num_peers = 0;
734 	int ret;
735 
736 	lockdep_assert_held(&ar->conf_mutex);
737 
738 	num_peers = ar->num_peers;
739 
740 	/* Each vdev consumes a peer entry as well */
741 	list_for_each_entry(arvif, &ar->arvifs, list)
742 		num_peers++;
743 
744 	if (num_peers >= ar->max_num_peers)
745 		return -ENOBUFS;
746 
747 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
748 	if (ret) {
749 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
750 			    addr, vdev_id, ret);
751 		return ret;
752 	}
753 
754 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
755 	if (ret) {
756 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
757 			    addr, vdev_id, ret);
758 		return ret;
759 	}
760 
761 	spin_lock_bh(&ar->data_lock);
762 
763 	peer = ath10k_peer_find(ar, vdev_id, addr);
764 	if (!peer) {
765 		spin_unlock_bh(&ar->data_lock);
766 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
767 			    addr, vdev_id);
768 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
769 		return -ENOENT;
770 	}
771 
772 	peer->vif = vif;
773 	peer->sta = sta;
774 
775 	spin_unlock_bh(&ar->data_lock);
776 
777 	ar->num_peers++;
778 
779 	return 0;
780 }
781 
782 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
783 {
784 	struct ath10k *ar = arvif->ar;
785 	u32 param;
786 	int ret;
787 
788 	param = ar->wmi.pdev_param->sta_kickout_th;
789 	ret = ath10k_wmi_pdev_set_param(ar, param,
790 					ATH10K_KICKOUT_THRESHOLD);
791 	if (ret) {
792 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
793 			    arvif->vdev_id, ret);
794 		return ret;
795 	}
796 
797 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
798 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
799 					ATH10K_KEEPALIVE_MIN_IDLE);
800 	if (ret) {
801 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
802 			    arvif->vdev_id, ret);
803 		return ret;
804 	}
805 
806 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
807 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
808 					ATH10K_KEEPALIVE_MAX_IDLE);
809 	if (ret) {
810 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
811 			    arvif->vdev_id, ret);
812 		return ret;
813 	}
814 
815 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
816 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
817 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
818 	if (ret) {
819 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
820 			    arvif->vdev_id, ret);
821 		return ret;
822 	}
823 
824 	return 0;
825 }
826 
827 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
828 {
829 	struct ath10k *ar = arvif->ar;
830 	u32 vdev_param;
831 
832 	vdev_param = ar->wmi.vdev_param->rts_threshold;
833 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
834 }
835 
836 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
837 {
838 	int ret;
839 
840 	lockdep_assert_held(&ar->conf_mutex);
841 
842 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
843 	if (ret)
844 		return ret;
845 
846 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
847 	if (ret)
848 		return ret;
849 
850 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
851 		unsigned long time_left;
852 
853 		time_left = wait_for_completion_timeout
854 			    (&ar->peer_delete_done, 5 * HZ);
855 
856 		if (!time_left) {
857 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
858 			return -ETIMEDOUT;
859 		}
860 	}
861 
862 	ar->num_peers--;
863 
864 	return 0;
865 }
866 
867 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
868 {
869 	struct ath10k_peer *peer, *tmp;
870 	int peer_id;
871 	int i;
872 
873 	lockdep_assert_held(&ar->conf_mutex);
874 
875 	spin_lock_bh(&ar->data_lock);
876 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
877 		if (peer->vdev_id != vdev_id)
878 			continue;
879 
880 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
881 			    peer->addr, vdev_id);
882 
883 		for_each_set_bit(peer_id, peer->peer_ids,
884 				 ATH10K_MAX_NUM_PEER_IDS) {
885 			ar->peer_map[peer_id] = NULL;
886 		}
887 
888 		/* Double check that peer is properly un-referenced from
889 		 * the peer_map
890 		 */
891 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
892 			if (ar->peer_map[i] == peer) {
893 				ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
894 					    peer->addr, peer, i);
895 				ar->peer_map[i] = NULL;
896 			}
897 		}
898 
899 		list_del(&peer->list);
900 		kfree(peer);
901 		ar->num_peers--;
902 	}
903 	spin_unlock_bh(&ar->data_lock);
904 }
905 
906 static void ath10k_peer_cleanup_all(struct ath10k *ar)
907 {
908 	struct ath10k_peer *peer, *tmp;
909 	int i;
910 
911 	lockdep_assert_held(&ar->conf_mutex);
912 
913 	spin_lock_bh(&ar->data_lock);
914 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
915 		list_del(&peer->list);
916 		kfree(peer);
917 	}
918 
919 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
920 		ar->peer_map[i] = NULL;
921 
922 	spin_unlock_bh(&ar->data_lock);
923 
924 	ar->num_peers = 0;
925 	ar->num_stations = 0;
926 }
927 
928 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
929 				       struct ieee80211_sta *sta,
930 				       enum wmi_tdls_peer_state state)
931 {
932 	int ret;
933 	struct wmi_tdls_peer_update_cmd_arg arg = {};
934 	struct wmi_tdls_peer_capab_arg cap = {};
935 	struct wmi_channel_arg chan_arg = {};
936 
937 	lockdep_assert_held(&ar->conf_mutex);
938 
939 	arg.vdev_id = vdev_id;
940 	arg.peer_state = state;
941 	ether_addr_copy(arg.addr, sta->addr);
942 
943 	cap.peer_max_sp = sta->max_sp;
944 	cap.peer_uapsd_queues = sta->uapsd_queues;
945 
946 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
947 	    !sta->tdls_initiator)
948 		cap.is_peer_responder = 1;
949 
950 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
951 	if (ret) {
952 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
953 			    arg.addr, vdev_id, ret);
954 		return ret;
955 	}
956 
957 	return 0;
958 }
959 
960 /************************/
961 /* Interface management */
962 /************************/
963 
964 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
965 {
966 	struct ath10k *ar = arvif->ar;
967 
968 	lockdep_assert_held(&ar->data_lock);
969 
970 	if (!arvif->beacon)
971 		return;
972 
973 	if (!arvif->beacon_buf)
974 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
975 				 arvif->beacon->len, DMA_TO_DEVICE);
976 
977 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
978 		    arvif->beacon_state != ATH10K_BEACON_SENT))
979 		return;
980 
981 	dev_kfree_skb_any(arvif->beacon);
982 
983 	arvif->beacon = NULL;
984 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
985 }
986 
987 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
988 {
989 	struct ath10k *ar = arvif->ar;
990 
991 	lockdep_assert_held(&ar->data_lock);
992 
993 	ath10k_mac_vif_beacon_free(arvif);
994 
995 	if (arvif->beacon_buf) {
996 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
997 			kfree(arvif->beacon_buf);
998 		else
999 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
1000 					  arvif->beacon_buf,
1001 					  arvif->beacon_paddr);
1002 		arvif->beacon_buf = NULL;
1003 	}
1004 }
1005 
1006 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
1007 {
1008 	unsigned long time_left;
1009 
1010 	lockdep_assert_held(&ar->conf_mutex);
1011 
1012 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1013 		return -ESHUTDOWN;
1014 
1015 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1016 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1017 	if (time_left == 0)
1018 		return -ETIMEDOUT;
1019 
1020 	return ar->last_wmi_vdev_start_status;
1021 }
1022 
1023 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1024 {
1025 	struct cfg80211_chan_def *chandef = NULL;
1026 	struct ieee80211_channel *channel = NULL;
1027 	struct wmi_vdev_start_request_arg arg = {};
1028 	int ret = 0;
1029 
1030 	lockdep_assert_held(&ar->conf_mutex);
1031 
1032 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1033 					    ath10k_mac_get_any_chandef_iter,
1034 					    &chandef);
1035 	if (WARN_ON_ONCE(!chandef))
1036 		return -ENOENT;
1037 
1038 	channel = chandef->chan;
1039 
1040 	arg.vdev_id = vdev_id;
1041 	arg.channel.freq = channel->center_freq;
1042 	arg.channel.band_center_freq1 = chandef->center_freq1;
1043 	arg.channel.band_center_freq2 = chandef->center_freq2;
1044 
1045 	/* TODO setup this dynamically, what in case we
1046 	 * don't have any vifs?
1047 	 */
1048 	arg.channel.mode = chan_to_phymode(chandef);
1049 	arg.channel.chan_radar =
1050 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1051 
1052 	arg.channel.min_power = 0;
1053 	arg.channel.max_power = channel->max_power * 2;
1054 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1055 	arg.channel.max_antenna_gain = channel->max_antenna_gain;
1056 
1057 	reinit_completion(&ar->vdev_setup_done);
1058 	reinit_completion(&ar->vdev_delete_done);
1059 
1060 	ret = ath10k_wmi_vdev_start(ar, &arg);
1061 	if (ret) {
1062 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1063 			    vdev_id, ret);
1064 		return ret;
1065 	}
1066 
1067 	ret = ath10k_vdev_setup_sync(ar);
1068 	if (ret) {
1069 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1070 			    vdev_id, ret);
1071 		return ret;
1072 	}
1073 
1074 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1075 	if (ret) {
1076 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1077 			    vdev_id, ret);
1078 		goto vdev_stop;
1079 	}
1080 
1081 	ar->monitor_vdev_id = vdev_id;
1082 
1083 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1084 		   ar->monitor_vdev_id);
1085 	return 0;
1086 
1087 vdev_stop:
1088 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1089 	if (ret)
1090 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1091 			    ar->monitor_vdev_id, ret);
1092 
1093 	return ret;
1094 }
1095 
1096 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1097 {
1098 	int ret = 0;
1099 
1100 	lockdep_assert_held(&ar->conf_mutex);
1101 
1102 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1103 	if (ret)
1104 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1105 			    ar->monitor_vdev_id, ret);
1106 
1107 	reinit_completion(&ar->vdev_setup_done);
1108 	reinit_completion(&ar->vdev_delete_done);
1109 
1110 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1111 	if (ret)
1112 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1113 			    ar->monitor_vdev_id, ret);
1114 
1115 	ret = ath10k_vdev_setup_sync(ar);
1116 	if (ret)
1117 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1118 			    ar->monitor_vdev_id, ret);
1119 
1120 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1121 		   ar->monitor_vdev_id);
1122 	return ret;
1123 }
1124 
1125 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1126 {
1127 	int bit, ret = 0;
1128 
1129 	lockdep_assert_held(&ar->conf_mutex);
1130 
1131 	if (ar->free_vdev_map == 0) {
1132 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1133 		return -ENOMEM;
1134 	}
1135 
1136 	bit = __ffs64(ar->free_vdev_map);
1137 
1138 	ar->monitor_vdev_id = bit;
1139 
1140 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1141 				     WMI_VDEV_TYPE_MONITOR,
1142 				     0, ar->mac_addr);
1143 	if (ret) {
1144 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1145 			    ar->monitor_vdev_id, ret);
1146 		return ret;
1147 	}
1148 
1149 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1150 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1151 		   ar->monitor_vdev_id);
1152 
1153 	return 0;
1154 }
1155 
1156 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1157 {
1158 	int ret = 0;
1159 
1160 	lockdep_assert_held(&ar->conf_mutex);
1161 
1162 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1163 	if (ret) {
1164 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1165 			    ar->monitor_vdev_id, ret);
1166 		return ret;
1167 	}
1168 
1169 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1170 
1171 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1172 		   ar->monitor_vdev_id);
1173 	return ret;
1174 }
1175 
1176 static int ath10k_monitor_start(struct ath10k *ar)
1177 {
1178 	int ret;
1179 
1180 	lockdep_assert_held(&ar->conf_mutex);
1181 
1182 	ret = ath10k_monitor_vdev_create(ar);
1183 	if (ret) {
1184 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1185 		return ret;
1186 	}
1187 
1188 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1189 	if (ret) {
1190 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1191 		ath10k_monitor_vdev_delete(ar);
1192 		return ret;
1193 	}
1194 
1195 	ar->monitor_started = true;
1196 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1197 
1198 	return 0;
1199 }
1200 
1201 static int ath10k_monitor_stop(struct ath10k *ar)
1202 {
1203 	int ret;
1204 
1205 	lockdep_assert_held(&ar->conf_mutex);
1206 
1207 	ret = ath10k_monitor_vdev_stop(ar);
1208 	if (ret) {
1209 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1210 		return ret;
1211 	}
1212 
1213 	ret = ath10k_monitor_vdev_delete(ar);
1214 	if (ret) {
1215 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1216 		return ret;
1217 	}
1218 
1219 	ar->monitor_started = false;
1220 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1221 
1222 	return 0;
1223 }
1224 
1225 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1226 {
1227 	int num_ctx;
1228 
1229 	/* At least one chanctx is required to derive a channel to start
1230 	 * monitor vdev on.
1231 	 */
1232 	num_ctx = ath10k_mac_num_chanctxs(ar);
1233 	if (num_ctx == 0)
1234 		return false;
1235 
1236 	/* If there's already an existing special monitor interface then don't
1237 	 * bother creating another monitor vdev.
1238 	 */
1239 	if (ar->monitor_arvif)
1240 		return false;
1241 
1242 	return ar->monitor ||
1243 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1244 			  ar->running_fw->fw_file.fw_features) &&
1245 		(ar->filter_flags & FIF_OTHER_BSS)) ||
1246 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1247 }
1248 
1249 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1250 {
1251 	int num_ctx;
1252 
1253 	num_ctx = ath10k_mac_num_chanctxs(ar);
1254 
1255 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1256 	 * shouldn't allow this but make sure to prevent handling the following
1257 	 * case anyway since multi-channel DFS hasn't been tested at all.
1258 	 */
1259 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1260 		return false;
1261 
1262 	return true;
1263 }
1264 
1265 static int ath10k_monitor_recalc(struct ath10k *ar)
1266 {
1267 	bool needed;
1268 	bool allowed;
1269 	int ret;
1270 
1271 	lockdep_assert_held(&ar->conf_mutex);
1272 
1273 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1274 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1275 
1276 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1277 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1278 		   ar->monitor_started, needed, allowed);
1279 
1280 	if (WARN_ON(needed && !allowed)) {
1281 		if (ar->monitor_started) {
1282 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1283 
1284 			ret = ath10k_monitor_stop(ar);
1285 			if (ret)
1286 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1287 					    ret);
1288 				/* not serious */
1289 		}
1290 
1291 		return -EPERM;
1292 	}
1293 
1294 	if (needed == ar->monitor_started)
1295 		return 0;
1296 
1297 	if (needed)
1298 		return ath10k_monitor_start(ar);
1299 	else
1300 		return ath10k_monitor_stop(ar);
1301 }
1302 
1303 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1304 {
1305 	struct ath10k *ar = arvif->ar;
1306 
1307 	lockdep_assert_held(&ar->conf_mutex);
1308 
1309 	if (!arvif->is_started) {
1310 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1311 		return false;
1312 	}
1313 
1314 	return true;
1315 }
1316 
1317 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1318 {
1319 	struct ath10k *ar = arvif->ar;
1320 	u32 vdev_param;
1321 
1322 	lockdep_assert_held(&ar->conf_mutex);
1323 
1324 	vdev_param = ar->wmi.vdev_param->protection_mode;
1325 
1326 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1327 		   arvif->vdev_id, arvif->use_cts_prot);
1328 
1329 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1330 					 arvif->use_cts_prot ? 1 : 0);
1331 }
1332 
1333 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1334 {
1335 	struct ath10k *ar = arvif->ar;
1336 	u32 vdev_param, rts_cts = 0;
1337 
1338 	lockdep_assert_held(&ar->conf_mutex);
1339 
1340 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1341 
1342 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1343 
1344 	if (arvif->num_legacy_stations > 0)
1345 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1346 			      WMI_RTSCTS_PROFILE);
1347 	else
1348 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1349 			      WMI_RTSCTS_PROFILE);
1350 
1351 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1352 		   arvif->vdev_id, rts_cts);
1353 
1354 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1355 					 rts_cts);
1356 }
1357 
1358 static int ath10k_start_cac(struct ath10k *ar)
1359 {
1360 	int ret;
1361 
1362 	lockdep_assert_held(&ar->conf_mutex);
1363 
1364 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1365 
1366 	ret = ath10k_monitor_recalc(ar);
1367 	if (ret) {
1368 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1369 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1370 		return ret;
1371 	}
1372 
1373 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1374 		   ar->monitor_vdev_id);
1375 
1376 	return 0;
1377 }
1378 
1379 static int ath10k_stop_cac(struct ath10k *ar)
1380 {
1381 	lockdep_assert_held(&ar->conf_mutex);
1382 
1383 	/* CAC is not running - do nothing */
1384 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1385 		return 0;
1386 
1387 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1388 	ath10k_monitor_stop(ar);
1389 
1390 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1391 
1392 	return 0;
1393 }
1394 
1395 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1396 				      struct ieee80211_chanctx_conf *conf,
1397 				      void *data)
1398 {
1399 	bool *ret = data;
1400 
1401 	if (!*ret && conf->radar_enabled)
1402 		*ret = true;
1403 }
1404 
1405 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1406 {
1407 	bool has_radar = false;
1408 
1409 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1410 					    ath10k_mac_has_radar_iter,
1411 					    &has_radar);
1412 
1413 	return has_radar;
1414 }
1415 
1416 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1417 {
1418 	int ret;
1419 
1420 	lockdep_assert_held(&ar->conf_mutex);
1421 
1422 	ath10k_stop_cac(ar);
1423 
1424 	if (!ath10k_mac_has_radar_enabled(ar))
1425 		return;
1426 
1427 	if (ar->num_started_vdevs > 0)
1428 		return;
1429 
1430 	ret = ath10k_start_cac(ar);
1431 	if (ret) {
1432 		/*
1433 		 * Not possible to start CAC on current channel so starting
1434 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1435 		 * by indicating that radar was detected.
1436 		 */
1437 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1438 		ieee80211_radar_detected(ar->hw);
1439 	}
1440 }
1441 
1442 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1443 {
1444 	struct ath10k *ar = arvif->ar;
1445 	int ret;
1446 
1447 	lockdep_assert_held(&ar->conf_mutex);
1448 
1449 	reinit_completion(&ar->vdev_setup_done);
1450 	reinit_completion(&ar->vdev_delete_done);
1451 
1452 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1453 	if (ret) {
1454 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1455 			    arvif->vdev_id, ret);
1456 		return ret;
1457 	}
1458 
1459 	ret = ath10k_vdev_setup_sync(ar);
1460 	if (ret) {
1461 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1462 			    arvif->vdev_id, ret);
1463 		return ret;
1464 	}
1465 
1466 	WARN_ON(ar->num_started_vdevs == 0);
1467 
1468 	if (ar->num_started_vdevs != 0) {
1469 		ar->num_started_vdevs--;
1470 		ath10k_recalc_radar_detection(ar);
1471 	}
1472 
1473 	return ret;
1474 }
1475 
1476 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1477 				     const struct cfg80211_chan_def *chandef,
1478 				     bool restart)
1479 {
1480 	struct ath10k *ar = arvif->ar;
1481 	struct wmi_vdev_start_request_arg arg = {};
1482 	int ret = 0;
1483 
1484 	lockdep_assert_held(&ar->conf_mutex);
1485 
1486 	reinit_completion(&ar->vdev_setup_done);
1487 	reinit_completion(&ar->vdev_delete_done);
1488 
1489 	arg.vdev_id = arvif->vdev_id;
1490 	arg.dtim_period = arvif->dtim_period;
1491 	arg.bcn_intval = arvif->beacon_interval;
1492 
1493 	arg.channel.freq = chandef->chan->center_freq;
1494 	arg.channel.band_center_freq1 = chandef->center_freq1;
1495 	arg.channel.band_center_freq2 = chandef->center_freq2;
1496 	arg.channel.mode = chan_to_phymode(chandef);
1497 
1498 	arg.channel.min_power = 0;
1499 	arg.channel.max_power = chandef->chan->max_power * 2;
1500 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1501 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
1502 
1503 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1504 		arg.ssid = arvif->u.ap.ssid;
1505 		arg.ssid_len = arvif->u.ap.ssid_len;
1506 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1507 
1508 		/* For now allow DFS for AP mode */
1509 		arg.channel.chan_radar =
1510 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1511 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1512 		arg.ssid = arvif->vif->cfg.ssid;
1513 		arg.ssid_len = arvif->vif->cfg.ssid_len;
1514 	}
1515 
1516 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1517 		   "mac vdev %d start center_freq %d phymode %s\n",
1518 		   arg.vdev_id, arg.channel.freq,
1519 		   ath10k_wmi_phymode_str(arg.channel.mode));
1520 
1521 	if (restart)
1522 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1523 	else
1524 		ret = ath10k_wmi_vdev_start(ar, &arg);
1525 
1526 	if (ret) {
1527 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1528 			    arg.vdev_id, ret);
1529 		return ret;
1530 	}
1531 
1532 	ret = ath10k_vdev_setup_sync(ar);
1533 	if (ret) {
1534 		ath10k_warn(ar,
1535 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1536 			    arg.vdev_id, restart, ret);
1537 		return ret;
1538 	}
1539 
1540 	ar->num_started_vdevs++;
1541 	ath10k_recalc_radar_detection(ar);
1542 
1543 	return ret;
1544 }
1545 
1546 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1547 			     const struct cfg80211_chan_def *def)
1548 {
1549 	return ath10k_vdev_start_restart(arvif, def, false);
1550 }
1551 
1552 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1553 			       const struct cfg80211_chan_def *def)
1554 {
1555 	return ath10k_vdev_start_restart(arvif, def, true);
1556 }
1557 
1558 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1559 				       struct sk_buff *bcn)
1560 {
1561 	struct ath10k *ar = arvif->ar;
1562 	struct ieee80211_mgmt *mgmt;
1563 	const u8 *p2p_ie;
1564 	int ret;
1565 
1566 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1567 		return 0;
1568 
1569 	mgmt = (void *)bcn->data;
1570 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1571 					 mgmt->u.beacon.variable,
1572 					 bcn->len - (mgmt->u.beacon.variable -
1573 						     bcn->data));
1574 	if (!p2p_ie)
1575 		return -ENOENT;
1576 
1577 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1578 	if (ret) {
1579 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1580 			    arvif->vdev_id, ret);
1581 		return ret;
1582 	}
1583 
1584 	return 0;
1585 }
1586 
1587 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1588 				       u8 oui_type, size_t ie_offset)
1589 {
1590 	size_t len;
1591 	const u8 *next;
1592 	const u8 *end;
1593 	u8 *ie;
1594 
1595 	if (WARN_ON(skb->len < ie_offset))
1596 		return -EINVAL;
1597 
1598 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1599 					   skb->data + ie_offset,
1600 					   skb->len - ie_offset);
1601 	if (!ie)
1602 		return -ENOENT;
1603 
1604 	len = ie[1] + 2;
1605 	end = skb->data + skb->len;
1606 	next = ie + len;
1607 
1608 	if (WARN_ON(next > end))
1609 		return -EINVAL;
1610 
1611 	memmove(ie, next, end - next);
1612 	skb_trim(skb, skb->len - len);
1613 
1614 	return 0;
1615 }
1616 
1617 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1618 {
1619 	struct ath10k *ar = arvif->ar;
1620 	struct ieee80211_hw *hw = ar->hw;
1621 	struct ieee80211_vif *vif = arvif->vif;
1622 	struct ieee80211_mutable_offsets offs = {};
1623 	struct sk_buff *bcn;
1624 	int ret;
1625 
1626 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1627 		return 0;
1628 
1629 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1630 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1631 		return 0;
1632 
1633 	bcn = ieee80211_beacon_get_template(hw, vif, &offs, 0);
1634 	if (!bcn) {
1635 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1636 		return -EPERM;
1637 	}
1638 
1639 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1640 	if (ret) {
1641 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1642 		kfree_skb(bcn);
1643 		return ret;
1644 	}
1645 
1646 	/* P2P IE is inserted by firmware automatically (as configured above)
1647 	 * so remove it from the base beacon template to avoid duplicate P2P
1648 	 * IEs in beacon frames.
1649 	 */
1650 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1651 				    offsetof(struct ieee80211_mgmt,
1652 					     u.beacon.variable));
1653 
1654 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1655 				  0, NULL, 0);
1656 	kfree_skb(bcn);
1657 
1658 	if (ret) {
1659 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1660 			    ret);
1661 		return ret;
1662 	}
1663 
1664 	return 0;
1665 }
1666 
1667 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1668 {
1669 	struct ath10k *ar = arvif->ar;
1670 	struct ieee80211_hw *hw = ar->hw;
1671 	struct ieee80211_vif *vif = arvif->vif;
1672 	struct sk_buff *prb;
1673 	int ret;
1674 
1675 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1676 		return 0;
1677 
1678 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1679 		return 0;
1680 
1681 	 /* For mesh, probe response and beacon share the same template */
1682 	if (ieee80211_vif_is_mesh(vif))
1683 		return 0;
1684 
1685 	prb = ieee80211_proberesp_get(hw, vif);
1686 	if (!prb) {
1687 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1688 		return -EPERM;
1689 	}
1690 
1691 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1692 	kfree_skb(prb);
1693 
1694 	if (ret) {
1695 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1696 			    ret);
1697 		return ret;
1698 	}
1699 
1700 	return 0;
1701 }
1702 
1703 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1704 {
1705 	struct ath10k *ar = arvif->ar;
1706 	struct cfg80211_chan_def def;
1707 	int ret;
1708 
1709 	/* When originally vdev is started during assign_vif_chanctx() some
1710 	 * information is missing, notably SSID. Firmware revisions with beacon
1711 	 * offloading require the SSID to be provided during vdev (re)start to
1712 	 * handle hidden SSID properly.
1713 	 *
1714 	 * Vdev restart must be done after vdev has been both started and
1715 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1716 	 * deliver vdev restart response event causing timeouts during vdev
1717 	 * syncing in ath10k.
1718 	 *
1719 	 * Note: The vdev down/up and template reinstallation could be skipped
1720 	 * since only wmi-tlv firmware are known to have beacon offload and
1721 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1722 	 * response delivery. It's probably more robust to keep it as is.
1723 	 */
1724 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1725 		return 0;
1726 
1727 	if (WARN_ON(!arvif->is_started))
1728 		return -EINVAL;
1729 
1730 	if (WARN_ON(!arvif->is_up))
1731 		return -EINVAL;
1732 
1733 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1734 		return -EINVAL;
1735 
1736 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1737 	if (ret) {
1738 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1739 			    arvif->vdev_id, ret);
1740 		return ret;
1741 	}
1742 
1743 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1744 	 * firmware will crash upon vdev up.
1745 	 */
1746 
1747 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1748 	if (ret) {
1749 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1750 		return ret;
1751 	}
1752 
1753 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1754 	if (ret) {
1755 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1756 		return ret;
1757 	}
1758 
1759 	ret = ath10k_vdev_restart(arvif, &def);
1760 	if (ret) {
1761 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1762 			    arvif->vdev_id, ret);
1763 		return ret;
1764 	}
1765 
1766 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1767 				 arvif->bssid);
1768 	if (ret) {
1769 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1770 			    arvif->vdev_id, ret);
1771 		return ret;
1772 	}
1773 
1774 	return 0;
1775 }
1776 
1777 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1778 				     struct ieee80211_bss_conf *info)
1779 {
1780 	struct ath10k *ar = arvif->ar;
1781 	int ret = 0;
1782 
1783 	lockdep_assert_held(&arvif->ar->conf_mutex);
1784 
1785 	if (!info->enable_beacon) {
1786 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1787 		if (ret)
1788 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1789 				    arvif->vdev_id, ret);
1790 
1791 		arvif->is_up = false;
1792 
1793 		spin_lock_bh(&arvif->ar->data_lock);
1794 		ath10k_mac_vif_beacon_free(arvif);
1795 		spin_unlock_bh(&arvif->ar->data_lock);
1796 
1797 		return;
1798 	}
1799 
1800 	arvif->tx_seq_no = 0x1000;
1801 
1802 	arvif->aid = 0;
1803 	ether_addr_copy(arvif->bssid, info->bssid);
1804 
1805 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1806 				 arvif->bssid);
1807 	if (ret) {
1808 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1809 			    arvif->vdev_id, ret);
1810 		return;
1811 	}
1812 
1813 	arvif->is_up = true;
1814 
1815 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1816 	if (ret) {
1817 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1818 			    arvif->vdev_id, ret);
1819 		return;
1820 	}
1821 
1822 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1823 }
1824 
1825 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1826 				struct ieee80211_vif *vif)
1827 {
1828 	struct ath10k *ar = arvif->ar;
1829 	u32 vdev_param;
1830 	int ret = 0;
1831 
1832 	lockdep_assert_held(&arvif->ar->conf_mutex);
1833 
1834 	if (!vif->cfg.ibss_joined) {
1835 		if (is_zero_ether_addr(arvif->bssid))
1836 			return;
1837 
1838 		eth_zero_addr(arvif->bssid);
1839 
1840 		return;
1841 	}
1842 
1843 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1844 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1845 					ATH10K_DEFAULT_ATIM);
1846 	if (ret)
1847 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1848 			    arvif->vdev_id, ret);
1849 }
1850 
1851 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1852 {
1853 	struct ath10k *ar = arvif->ar;
1854 	u32 param;
1855 	u32 value;
1856 	int ret;
1857 
1858 	lockdep_assert_held(&arvif->ar->conf_mutex);
1859 
1860 	if (arvif->u.sta.uapsd)
1861 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1862 	else
1863 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1864 
1865 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1866 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1867 	if (ret) {
1868 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1869 			    value, arvif->vdev_id, ret);
1870 		return ret;
1871 	}
1872 
1873 	return 0;
1874 }
1875 
1876 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1877 {
1878 	struct ath10k *ar = arvif->ar;
1879 	u32 param;
1880 	u32 value;
1881 	int ret;
1882 
1883 	lockdep_assert_held(&arvif->ar->conf_mutex);
1884 
1885 	if (arvif->u.sta.uapsd)
1886 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1887 	else
1888 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1889 
1890 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1891 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1892 					  param, value);
1893 	if (ret) {
1894 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1895 			    value, arvif->vdev_id, ret);
1896 		return ret;
1897 	}
1898 
1899 	return 0;
1900 }
1901 
1902 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1903 {
1904 	struct ath10k_vif *arvif;
1905 	int num = 0;
1906 
1907 	lockdep_assert_held(&ar->conf_mutex);
1908 
1909 	list_for_each_entry(arvif, &ar->arvifs, list)
1910 		if (arvif->is_started)
1911 			num++;
1912 
1913 	return num;
1914 }
1915 
1916 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1917 {
1918 	struct ath10k *ar = arvif->ar;
1919 	struct ieee80211_vif *vif = arvif->vif;
1920 	struct ieee80211_conf *conf = &ar->hw->conf;
1921 	enum wmi_sta_powersave_param param;
1922 	enum wmi_sta_ps_mode psmode;
1923 	int ret;
1924 	int ps_timeout;
1925 	bool enable_ps;
1926 
1927 	lockdep_assert_held(&arvif->ar->conf_mutex);
1928 
1929 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1930 		return 0;
1931 
1932 	enable_ps = arvif->ps;
1933 
1934 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1935 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1936 		      ar->running_fw->fw_file.fw_features)) {
1937 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1938 			    arvif->vdev_id);
1939 		enable_ps = false;
1940 	}
1941 
1942 	if (!arvif->is_started) {
1943 		/* mac80211 can update vif powersave state while disconnected.
1944 		 * Firmware doesn't behave nicely and consumes more power than
1945 		 * necessary if PS is disabled on a non-started vdev. Hence
1946 		 * force-enable PS for non-running vdevs.
1947 		 */
1948 		psmode = WMI_STA_PS_MODE_ENABLED;
1949 	} else if (enable_ps) {
1950 		psmode = WMI_STA_PS_MODE_ENABLED;
1951 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1952 
1953 		ps_timeout = conf->dynamic_ps_timeout;
1954 		if (ps_timeout == 0) {
1955 			/* Firmware doesn't like 0 */
1956 			ps_timeout = ieee80211_tu_to_usec(
1957 				vif->bss_conf.beacon_int) / 1000;
1958 		}
1959 
1960 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1961 						  ps_timeout);
1962 		if (ret) {
1963 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1964 				    arvif->vdev_id, ret);
1965 			return ret;
1966 		}
1967 	} else {
1968 		psmode = WMI_STA_PS_MODE_DISABLED;
1969 	}
1970 
1971 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1972 		   arvif->vdev_id, psmode ? "enable" : "disable");
1973 
1974 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1975 	if (ret) {
1976 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
1977 			    psmode, arvif->vdev_id, ret);
1978 		return ret;
1979 	}
1980 
1981 	return 0;
1982 }
1983 
1984 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
1985 {
1986 	struct ath10k *ar = arvif->ar;
1987 	struct wmi_sta_keepalive_arg arg = {};
1988 	int ret;
1989 
1990 	lockdep_assert_held(&arvif->ar->conf_mutex);
1991 
1992 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
1993 		return 0;
1994 
1995 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
1996 		return 0;
1997 
1998 	/* Some firmware revisions have a bug and ignore the `enabled` field.
1999 	 * Instead use the interval to disable the keepalive.
2000 	 */
2001 	arg.vdev_id = arvif->vdev_id;
2002 	arg.enabled = 1;
2003 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
2004 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
2005 
2006 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
2007 	if (ret) {
2008 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
2009 			    arvif->vdev_id, ret);
2010 		return ret;
2011 	}
2012 
2013 	return 0;
2014 }
2015 
2016 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2017 {
2018 	struct ath10k *ar = arvif->ar;
2019 	struct ieee80211_vif *vif = arvif->vif;
2020 	int ret;
2021 
2022 	lockdep_assert_held(&arvif->ar->conf_mutex);
2023 
2024 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2025 		return;
2026 
2027 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2028 		return;
2029 
2030 	if (!vif->bss_conf.csa_active)
2031 		return;
2032 
2033 	if (!arvif->is_up)
2034 		return;
2035 
2036 	if (!ieee80211_beacon_cntdwn_is_complete(vif)) {
2037 		ieee80211_beacon_update_cntdwn(vif);
2038 
2039 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2040 		if (ret)
2041 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2042 				    ret);
2043 
2044 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2045 		if (ret)
2046 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2047 				    ret);
2048 	} else {
2049 		ieee80211_csa_finish(vif);
2050 	}
2051 }
2052 
2053 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2054 {
2055 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2056 						ap_csa_work);
2057 	struct ath10k *ar = arvif->ar;
2058 
2059 	mutex_lock(&ar->conf_mutex);
2060 	ath10k_mac_vif_ap_csa_count_down(arvif);
2061 	mutex_unlock(&ar->conf_mutex);
2062 }
2063 
2064 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2065 					  struct ieee80211_vif *vif)
2066 {
2067 	struct sk_buff *skb = data;
2068 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2069 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2070 
2071 	if (vif->type != NL80211_IFTYPE_STATION)
2072 		return;
2073 
2074 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2075 		return;
2076 
2077 	cancel_delayed_work(&arvif->connection_loss_work);
2078 }
2079 
2080 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2081 {
2082 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2083 						   ATH10K_ITER_NORMAL_FLAGS,
2084 						   ath10k_mac_handle_beacon_iter,
2085 						   skb);
2086 }
2087 
2088 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2089 					       struct ieee80211_vif *vif)
2090 {
2091 	u32 *vdev_id = data;
2092 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2093 	struct ath10k *ar = arvif->ar;
2094 	struct ieee80211_hw *hw = ar->hw;
2095 
2096 	if (arvif->vdev_id != *vdev_id)
2097 		return;
2098 
2099 	if (!arvif->is_up)
2100 		return;
2101 
2102 	ieee80211_beacon_loss(vif);
2103 
2104 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2105 	 * (done by mac80211) succeeds but beacons do not resume then it
2106 	 * doesn't make sense to continue operation. Queue connection loss work
2107 	 * which can be cancelled when beacon is received.
2108 	 */
2109 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2110 				     ATH10K_CONNECTION_LOSS_HZ);
2111 }
2112 
2113 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2114 {
2115 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2116 						   ATH10K_ITER_NORMAL_FLAGS,
2117 						   ath10k_mac_handle_beacon_miss_iter,
2118 						   &vdev_id);
2119 }
2120 
2121 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2122 {
2123 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2124 						connection_loss_work.work);
2125 	struct ieee80211_vif *vif = arvif->vif;
2126 
2127 	if (!arvif->is_up)
2128 		return;
2129 
2130 	ieee80211_connection_loss(vif);
2131 }
2132 
2133 /**********************/
2134 /* Station management */
2135 /**********************/
2136 
2137 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2138 					     struct ieee80211_vif *vif)
2139 {
2140 	/* Some firmware revisions have unstable STA powersave when listen
2141 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2142 	 * generate NullFunc frames properly even if buffered frames have been
2143 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2144 	 * buffered frames. Often pinging the device from AP would simply fail.
2145 	 *
2146 	 * As a workaround set it to 1.
2147 	 */
2148 	if (vif->type == NL80211_IFTYPE_STATION)
2149 		return 1;
2150 
2151 	return ar->hw->conf.listen_interval;
2152 }
2153 
2154 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2155 				      struct ieee80211_vif *vif,
2156 				      struct ieee80211_sta *sta,
2157 				      struct wmi_peer_assoc_complete_arg *arg)
2158 {
2159 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2160 	u32 aid;
2161 
2162 	lockdep_assert_held(&ar->conf_mutex);
2163 
2164 	if (vif->type == NL80211_IFTYPE_STATION)
2165 		aid = vif->cfg.aid;
2166 	else
2167 		aid = sta->aid;
2168 
2169 	ether_addr_copy(arg->addr, sta->addr);
2170 	arg->vdev_id = arvif->vdev_id;
2171 	arg->peer_aid = aid;
2172 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2173 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2174 	arg->peer_num_spatial_streams = 1;
2175 	arg->peer_caps = vif->bss_conf.assoc_capability;
2176 }
2177 
2178 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2179 				       struct ieee80211_vif *vif,
2180 				       struct ieee80211_sta *sta,
2181 				       struct wmi_peer_assoc_complete_arg *arg)
2182 {
2183 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2184 	struct cfg80211_chan_def def;
2185 	struct cfg80211_bss *bss;
2186 	const u8 *rsnie = NULL;
2187 	const u8 *wpaie = NULL;
2188 
2189 	lockdep_assert_held(&ar->conf_mutex);
2190 
2191 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2192 		return;
2193 
2194 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid,
2195 			       vif->cfg.ssid_len ? vif->cfg.ssid : NULL,
2196 			       vif->cfg.ssid_len,
2197 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2198 	if (bss) {
2199 		const struct cfg80211_bss_ies *ies;
2200 
2201 		rcu_read_lock();
2202 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2203 
2204 		ies = rcu_dereference(bss->ies);
2205 
2206 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2207 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2208 						ies->data,
2209 						ies->len);
2210 		rcu_read_unlock();
2211 		cfg80211_put_bss(ar->hw->wiphy, bss);
2212 	}
2213 
2214 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2215 	if (rsnie || wpaie) {
2216 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2217 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2218 	}
2219 
2220 	if (wpaie) {
2221 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2222 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2223 	}
2224 
2225 	if (sta->mfp &&
2226 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2227 		     ar->running_fw->fw_file.fw_features)) {
2228 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2229 	}
2230 }
2231 
2232 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2233 				      struct ieee80211_vif *vif,
2234 				      struct ieee80211_sta *sta,
2235 				      struct wmi_peer_assoc_complete_arg *arg)
2236 {
2237 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2238 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2239 	struct cfg80211_chan_def def;
2240 	const struct ieee80211_supported_band *sband;
2241 	const struct ieee80211_rate *rates;
2242 	enum nl80211_band band;
2243 	u32 ratemask;
2244 	u8 rate;
2245 	int i;
2246 
2247 	lockdep_assert_held(&ar->conf_mutex);
2248 
2249 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2250 		return;
2251 
2252 	band = def.chan->band;
2253 	sband = ar->hw->wiphy->bands[band];
2254 	ratemask = sta->deflink.supp_rates[band];
2255 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2256 	rates = sband->bitrates;
2257 
2258 	rateset->num_rates = 0;
2259 
2260 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2261 		if (!(ratemask & 1))
2262 			continue;
2263 
2264 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2265 		rateset->rates[rateset->num_rates] = rate;
2266 		rateset->num_rates++;
2267 	}
2268 }
2269 
2270 static bool
2271 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2272 {
2273 	int nss;
2274 
2275 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2276 		if (ht_mcs_mask[nss])
2277 			return false;
2278 
2279 	return true;
2280 }
2281 
2282 static bool
2283 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2284 {
2285 	int nss;
2286 
2287 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2288 		if (vht_mcs_mask[nss])
2289 			return false;
2290 
2291 	return true;
2292 }
2293 
2294 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2295 				   struct ieee80211_vif *vif,
2296 				   struct ieee80211_sta *sta,
2297 				   struct wmi_peer_assoc_complete_arg *arg)
2298 {
2299 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
2300 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2301 	struct cfg80211_chan_def def;
2302 	enum nl80211_band band;
2303 	const u8 *ht_mcs_mask;
2304 	const u16 *vht_mcs_mask;
2305 	int i, n;
2306 	u8 max_nss;
2307 	u32 stbc;
2308 
2309 	lockdep_assert_held(&ar->conf_mutex);
2310 
2311 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2312 		return;
2313 
2314 	if (!ht_cap->ht_supported)
2315 		return;
2316 
2317 	band = def.chan->band;
2318 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2319 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2320 
2321 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2322 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2323 		return;
2324 
2325 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2326 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2327 				    ht_cap->ampdu_factor)) - 1;
2328 
2329 	arg->peer_mpdu_density =
2330 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2331 
2332 	arg->peer_ht_caps = ht_cap->cap;
2333 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2334 
2335 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2336 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2337 
2338 	if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40) {
2339 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2340 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2341 	}
2342 
2343 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2344 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2345 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2346 
2347 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2348 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2349 	}
2350 
2351 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2352 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2353 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2354 	}
2355 
2356 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2357 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2358 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2359 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2360 		arg->peer_rate_caps |= stbc;
2361 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2362 	}
2363 
2364 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2365 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2366 	else if (ht_cap->mcs.rx_mask[1])
2367 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2368 
2369 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2370 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2371 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2372 			max_nss = (i / 8) + 1;
2373 			arg->peer_ht_rates.rates[n++] = i;
2374 		}
2375 
2376 	/*
2377 	 * This is a workaround for HT-enabled STAs which break the spec
2378 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2379 	 *
2380 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2381 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2382 	 *
2383 	 * Firmware asserts if such situation occurs.
2384 	 */
2385 	if (n == 0) {
2386 		arg->peer_ht_rates.num_rates = 8;
2387 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2388 			arg->peer_ht_rates.rates[i] = i;
2389 	} else {
2390 		arg->peer_ht_rates.num_rates = n;
2391 		arg->peer_num_spatial_streams = min(sta->deflink.rx_nss,
2392 						    max_nss);
2393 	}
2394 
2395 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2396 		   arg->addr,
2397 		   arg->peer_ht_rates.num_rates,
2398 		   arg->peer_num_spatial_streams);
2399 }
2400 
2401 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2402 				    struct ath10k_vif *arvif,
2403 				    struct ieee80211_sta *sta)
2404 {
2405 	u32 uapsd = 0;
2406 	u32 max_sp = 0;
2407 	int ret = 0;
2408 
2409 	lockdep_assert_held(&ar->conf_mutex);
2410 
2411 	if (sta->wme && sta->uapsd_queues) {
2412 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2413 			   sta->uapsd_queues, sta->max_sp);
2414 
2415 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2416 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2417 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2418 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2419 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2420 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2421 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2422 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2423 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2424 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2425 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2426 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2427 
2428 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2429 			max_sp = sta->max_sp;
2430 
2431 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2432 						 sta->addr,
2433 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2434 						 uapsd);
2435 		if (ret) {
2436 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2437 				    arvif->vdev_id, ret);
2438 			return ret;
2439 		}
2440 
2441 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2442 						 sta->addr,
2443 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2444 						 max_sp);
2445 		if (ret) {
2446 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2447 				    arvif->vdev_id, ret);
2448 			return ret;
2449 		}
2450 
2451 		/* TODO setup this based on STA listen interval and
2452 		 * beacon interval. Currently we don't know
2453 		 * sta->listen_interval - mac80211 patch required.
2454 		 * Currently use 10 seconds
2455 		 */
2456 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2457 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2458 						 10);
2459 		if (ret) {
2460 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2461 				    arvif->vdev_id, ret);
2462 			return ret;
2463 		}
2464 	}
2465 
2466 	return 0;
2467 }
2468 
2469 static u16
2470 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2471 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2472 {
2473 	int idx_limit;
2474 	int nss;
2475 	u16 mcs_map;
2476 	u16 mcs;
2477 
2478 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2479 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2480 			  vht_mcs_limit[nss];
2481 
2482 		if (mcs_map)
2483 			idx_limit = fls(mcs_map) - 1;
2484 		else
2485 			idx_limit = -1;
2486 
2487 		switch (idx_limit) {
2488 		case 0:
2489 		case 1:
2490 		case 2:
2491 		case 3:
2492 		case 4:
2493 		case 5:
2494 		case 6:
2495 		default:
2496 			/* see ath10k_mac_can_set_bitrate_mask() */
2497 			WARN_ON(1);
2498 			fallthrough;
2499 		case -1:
2500 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2501 			break;
2502 		case 7:
2503 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2504 			break;
2505 		case 8:
2506 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2507 			break;
2508 		case 9:
2509 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2510 			break;
2511 		}
2512 
2513 		tx_mcs_set &= ~(0x3 << (nss * 2));
2514 		tx_mcs_set |= mcs << (nss * 2);
2515 	}
2516 
2517 	return tx_mcs_set;
2518 }
2519 
2520 static u32 get_160mhz_nss_from_maxrate(int rate)
2521 {
2522 	u32 nss;
2523 
2524 	switch (rate) {
2525 	case 780:
2526 		nss = 1;
2527 		break;
2528 	case 1560:
2529 		nss = 2;
2530 		break;
2531 	case 2106:
2532 		nss = 3; /* not support MCS9 from spec*/
2533 		break;
2534 	case 3120:
2535 		nss = 4;
2536 		break;
2537 	default:
2538 		 nss = 1;
2539 	}
2540 
2541 	return nss;
2542 }
2543 
2544 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2545 				    struct ieee80211_vif *vif,
2546 				    struct ieee80211_sta *sta,
2547 				    struct wmi_peer_assoc_complete_arg *arg)
2548 {
2549 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2550 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2551 	struct ath10k_hw_params *hw = &ar->hw_params;
2552 	struct cfg80211_chan_def def;
2553 	enum nl80211_band band;
2554 	const u16 *vht_mcs_mask;
2555 	u8 ampdu_factor;
2556 	u8 max_nss, vht_mcs;
2557 	int i;
2558 
2559 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2560 		return;
2561 
2562 	if (!vht_cap->vht_supported)
2563 		return;
2564 
2565 	band = def.chan->band;
2566 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2567 
2568 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2569 		return;
2570 
2571 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2572 
2573 	if (def.chan->band == NL80211_BAND_2GHZ)
2574 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2575 
2576 	arg->peer_vht_caps = vht_cap->cap;
2577 
2578 	ampdu_factor = (vht_cap->cap &
2579 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2580 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2581 
2582 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2583 	 * zero in VHT IE. Using it would result in degraded throughput.
2584 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2585 	 * it if VHT max_mpdu is smaller.
2586 	 */
2587 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2588 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2589 					ampdu_factor)) - 1);
2590 
2591 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2592 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2593 
2594 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
2595 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2596 
2597 	/* Calculate peer NSS capability from VHT capabilities if STA
2598 	 * supports VHT.
2599 	 */
2600 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2601 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2602 			  (2 * i) & 3;
2603 
2604 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2605 		    vht_mcs_mask[i])
2606 			max_nss = i + 1;
2607 	}
2608 	arg->peer_num_spatial_streams = min(sta->deflink.rx_nss, max_nss);
2609 	arg->peer_vht_rates.rx_max_rate =
2610 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2611 	arg->peer_vht_rates.rx_mcs_set =
2612 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2613 	arg->peer_vht_rates.tx_max_rate =
2614 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2615 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2616 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2617 
2618 	/* Configure bandwidth-NSS mapping to FW
2619 	 * for the chip's tx chains setting on 160Mhz bw
2620 	 */
2621 	if (arg->peer_phymode == MODE_11AC_VHT160 ||
2622 	    arg->peer_phymode == MODE_11AC_VHT80_80) {
2623 		u32 rx_nss;
2624 		u32 max_rate;
2625 
2626 		max_rate = arg->peer_vht_rates.rx_max_rate;
2627 		rx_nss = get_160mhz_nss_from_maxrate(max_rate);
2628 
2629 		if (rx_nss == 0)
2630 			rx_nss = arg->peer_num_spatial_streams;
2631 		else
2632 			rx_nss = min(arg->peer_num_spatial_streams, rx_nss);
2633 
2634 		max_rate = hw->vht160_mcs_tx_highest;
2635 		rx_nss = min(rx_nss, get_160mhz_nss_from_maxrate(max_rate));
2636 
2637 		arg->peer_bw_rxnss_override =
2638 			FIELD_PREP(WMI_PEER_NSS_MAP_ENABLE, 1) |
2639 			FIELD_PREP(WMI_PEER_NSS_160MHZ_MASK, (rx_nss - 1));
2640 
2641 		if (arg->peer_phymode == MODE_11AC_VHT80_80) {
2642 			arg->peer_bw_rxnss_override |=
2643 			FIELD_PREP(WMI_PEER_NSS_80_80MHZ_MASK, (rx_nss - 1));
2644 		}
2645 	}
2646 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2647 		   "mac vht peer %pM max_mpdu %d flags 0x%x peer_rx_nss_override 0x%x\n",
2648 		   sta->addr, arg->peer_max_mpdu,
2649 		   arg->peer_flags, arg->peer_bw_rxnss_override);
2650 }
2651 
2652 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2653 				    struct ieee80211_vif *vif,
2654 				    struct ieee80211_sta *sta,
2655 				    struct wmi_peer_assoc_complete_arg *arg)
2656 {
2657 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2658 
2659 	switch (arvif->vdev_type) {
2660 	case WMI_VDEV_TYPE_AP:
2661 		if (sta->wme)
2662 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2663 
2664 		if (sta->wme && sta->uapsd_queues) {
2665 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2666 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2667 		}
2668 		break;
2669 	case WMI_VDEV_TYPE_STA:
2670 		if (sta->wme)
2671 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2672 		break;
2673 	case WMI_VDEV_TYPE_IBSS:
2674 		if (sta->wme)
2675 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2676 		break;
2677 	default:
2678 		break;
2679 	}
2680 
2681 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2682 		   sta->addr, !!(arg->peer_flags &
2683 		   arvif->ar->wmi.peer_flags->qos));
2684 }
2685 
2686 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2687 {
2688 	return sta->deflink.supp_rates[NL80211_BAND_2GHZ] >>
2689 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2690 }
2691 
2692 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2693 						    struct ieee80211_sta *sta)
2694 {
2695 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2696 
2697 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160) {
2698 		switch (vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2699 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2700 			return MODE_11AC_VHT160;
2701 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2702 			return MODE_11AC_VHT80_80;
2703 		default:
2704 			/* not sure if this is a valid case? */
2705 			return MODE_11AC_VHT160;
2706 		}
2707 	}
2708 
2709 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2710 		return MODE_11AC_VHT80;
2711 
2712 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2713 		return MODE_11AC_VHT40;
2714 
2715 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
2716 		return MODE_11AC_VHT20;
2717 
2718 	return MODE_UNKNOWN;
2719 }
2720 
2721 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2722 					struct ieee80211_vif *vif,
2723 					struct ieee80211_sta *sta,
2724 					struct wmi_peer_assoc_complete_arg *arg)
2725 {
2726 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2727 	struct cfg80211_chan_def def;
2728 	enum nl80211_band band;
2729 	const u8 *ht_mcs_mask;
2730 	const u16 *vht_mcs_mask;
2731 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2732 
2733 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2734 		return;
2735 
2736 	band = def.chan->band;
2737 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2738 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2739 
2740 	switch (band) {
2741 	case NL80211_BAND_2GHZ:
2742 		if (sta->deflink.vht_cap.vht_supported &&
2743 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2744 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2745 				phymode = MODE_11AC_VHT40;
2746 			else
2747 				phymode = MODE_11AC_VHT20;
2748 		} else if (sta->deflink.ht_cap.ht_supported &&
2749 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2750 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2751 				phymode = MODE_11NG_HT40;
2752 			else
2753 				phymode = MODE_11NG_HT20;
2754 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2755 			phymode = MODE_11G;
2756 		} else {
2757 			phymode = MODE_11B;
2758 		}
2759 
2760 		break;
2761 	case NL80211_BAND_5GHZ:
2762 		/*
2763 		 * Check VHT first.
2764 		 */
2765 		if (sta->deflink.vht_cap.vht_supported &&
2766 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2767 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2768 		} else if (sta->deflink.ht_cap.ht_supported &&
2769 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2770 			if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40)
2771 				phymode = MODE_11NA_HT40;
2772 			else
2773 				phymode = MODE_11NA_HT20;
2774 		} else {
2775 			phymode = MODE_11A;
2776 		}
2777 
2778 		break;
2779 	default:
2780 		break;
2781 	}
2782 
2783 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2784 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2785 
2786 	arg->peer_phymode = phymode;
2787 	WARN_ON(phymode == MODE_UNKNOWN);
2788 }
2789 
2790 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2791 				     struct ieee80211_vif *vif,
2792 				     struct ieee80211_sta *sta,
2793 				     struct wmi_peer_assoc_complete_arg *arg)
2794 {
2795 	lockdep_assert_held(&ar->conf_mutex);
2796 
2797 	memset(arg, 0, sizeof(*arg));
2798 
2799 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2800 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2801 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2802 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2803 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2804 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2805 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2806 
2807 	return 0;
2808 }
2809 
2810 static const u32 ath10k_smps_map[] = {
2811 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2812 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2813 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2814 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2815 };
2816 
2817 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2818 				  const u8 *addr,
2819 				  const struct ieee80211_sta_ht_cap *ht_cap)
2820 {
2821 	int smps;
2822 
2823 	if (!ht_cap->ht_supported)
2824 		return 0;
2825 
2826 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2827 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2828 
2829 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2830 		return -EINVAL;
2831 
2832 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2833 					 ar->wmi.peer_param->smps_state,
2834 					 ath10k_smps_map[smps]);
2835 }
2836 
2837 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2838 				      struct ieee80211_vif *vif,
2839 				      struct ieee80211_sta_vht_cap vht_cap)
2840 {
2841 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2842 	int ret;
2843 	u32 param;
2844 	u32 value;
2845 
2846 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2847 		return 0;
2848 
2849 	if (!(ar->vht_cap_info &
2850 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2851 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2852 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2853 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2854 		return 0;
2855 
2856 	param = ar->wmi.vdev_param->txbf;
2857 	value = 0;
2858 
2859 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2860 		return 0;
2861 
2862 	/* The following logic is correct. If a remote STA advertises support
2863 	 * for being a beamformer then we should enable us being a beamformee.
2864 	 */
2865 
2866 	if (ar->vht_cap_info &
2867 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2868 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2869 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2870 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2871 
2872 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2873 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2874 	}
2875 
2876 	if (ar->vht_cap_info &
2877 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2878 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2879 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2880 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2881 
2882 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2883 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2884 	}
2885 
2886 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2887 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2888 
2889 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2890 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2891 
2892 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2893 	if (ret) {
2894 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2895 			    value, ret);
2896 		return ret;
2897 	}
2898 
2899 	return 0;
2900 }
2901 
2902 static bool ath10k_mac_is_connected(struct ath10k *ar)
2903 {
2904 	struct ath10k_vif *arvif;
2905 
2906 	list_for_each_entry(arvif, &ar->arvifs, list) {
2907 		if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
2908 			return true;
2909 	}
2910 
2911 	return false;
2912 }
2913 
2914 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
2915 {
2916 	int ret;
2917 	u32 param;
2918 	int tx_power_2g, tx_power_5g;
2919 	bool connected;
2920 
2921 	lockdep_assert_held(&ar->conf_mutex);
2922 
2923 	/* ath10k internally uses unit of 0.5 dBm so multiply by 2 */
2924 	tx_power_2g = txpower * 2;
2925 	tx_power_5g = txpower * 2;
2926 
2927 	connected = ath10k_mac_is_connected(ar);
2928 
2929 	if (connected && ar->tx_power_2g_limit)
2930 		if (tx_power_2g > ar->tx_power_2g_limit)
2931 			tx_power_2g = ar->tx_power_2g_limit;
2932 
2933 	if (connected && ar->tx_power_5g_limit)
2934 		if (tx_power_5g > ar->tx_power_5g_limit)
2935 			tx_power_5g = ar->tx_power_5g_limit;
2936 
2937 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower 2g: %d, 5g: %d\n",
2938 		   tx_power_2g, tx_power_5g);
2939 
2940 	param = ar->wmi.pdev_param->txpower_limit2g;
2941 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_2g);
2942 	if (ret) {
2943 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
2944 			    tx_power_2g, ret);
2945 		return ret;
2946 	}
2947 
2948 	param = ar->wmi.pdev_param->txpower_limit5g;
2949 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_5g);
2950 	if (ret) {
2951 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
2952 			    tx_power_5g, ret);
2953 		return ret;
2954 	}
2955 
2956 	return 0;
2957 }
2958 
2959 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
2960 {
2961 	struct ath10k_vif *arvif;
2962 	int ret, txpower = -1;
2963 
2964 	lockdep_assert_held(&ar->conf_mutex);
2965 
2966 	list_for_each_entry(arvif, &ar->arvifs, list) {
2967 		/* txpower not initialized yet? */
2968 		if (arvif->txpower == INT_MIN)
2969 			continue;
2970 
2971 		if (txpower == -1)
2972 			txpower = arvif->txpower;
2973 		else
2974 			txpower = min(txpower, arvif->txpower);
2975 	}
2976 
2977 	if (txpower == -1)
2978 		return 0;
2979 
2980 	ret = ath10k_mac_txpower_setup(ar, txpower);
2981 	if (ret) {
2982 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
2983 			    txpower, ret);
2984 		return ret;
2985 	}
2986 
2987 	return 0;
2988 }
2989 
2990 static int ath10k_mac_set_sar_power(struct ath10k *ar)
2991 {
2992 	if (!ar->hw_params.dynamic_sar_support)
2993 		return -EOPNOTSUPP;
2994 
2995 	if (!ath10k_mac_is_connected(ar))
2996 		return 0;
2997 
2998 	/* if connected, then arvif->txpower must be valid */
2999 	return ath10k_mac_txpower_recalc(ar);
3000 }
3001 
3002 static int ath10k_mac_set_sar_specs(struct ieee80211_hw *hw,
3003 				    const struct cfg80211_sar_specs *sar)
3004 {
3005 	const struct cfg80211_sar_sub_specs *sub_specs;
3006 	struct ath10k *ar = hw->priv;
3007 	u32 i;
3008 	int ret;
3009 
3010 	mutex_lock(&ar->conf_mutex);
3011 
3012 	if (!ar->hw_params.dynamic_sar_support) {
3013 		ret = -EOPNOTSUPP;
3014 		goto err;
3015 	}
3016 
3017 	if (!sar || sar->type != NL80211_SAR_TYPE_POWER ||
3018 	    sar->num_sub_specs == 0) {
3019 		ret = -EINVAL;
3020 		goto err;
3021 	}
3022 
3023 	sub_specs = sar->sub_specs;
3024 
3025 	/* 0dbm is not a practical value for ath10k, so use 0
3026 	 * as no SAR limitation on it.
3027 	 */
3028 	ar->tx_power_2g_limit = 0;
3029 	ar->tx_power_5g_limit = 0;
3030 
3031 	/* note the power is in 0.25dbm unit, while ath10k uses
3032 	 * 0.5dbm unit.
3033 	 */
3034 	for (i = 0; i < sar->num_sub_specs; i++) {
3035 		if (sub_specs->freq_range_index == 0)
3036 			ar->tx_power_2g_limit = sub_specs->power / 2;
3037 		else if (sub_specs->freq_range_index == 1)
3038 			ar->tx_power_5g_limit = sub_specs->power / 2;
3039 
3040 		sub_specs++;
3041 	}
3042 
3043 	ret = ath10k_mac_set_sar_power(ar);
3044 	if (ret) {
3045 		ath10k_warn(ar, "failed to set sar power: %d", ret);
3046 		goto err;
3047 	}
3048 
3049 err:
3050 	mutex_unlock(&ar->conf_mutex);
3051 	return ret;
3052 }
3053 
3054 /* can be called only in mac80211 callbacks due to `key_count` usage */
3055 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
3056 			     struct ieee80211_vif *vif,
3057 			     struct ieee80211_bss_conf *bss_conf)
3058 {
3059 	struct ath10k *ar = hw->priv;
3060 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3061 	struct ieee80211_sta_ht_cap ht_cap;
3062 	struct ieee80211_sta_vht_cap vht_cap;
3063 	struct wmi_peer_assoc_complete_arg peer_arg;
3064 	struct ieee80211_sta *ap_sta;
3065 	int ret;
3066 
3067 	lockdep_assert_held(&ar->conf_mutex);
3068 
3069 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
3070 		   arvif->vdev_id, arvif->bssid, arvif->aid);
3071 
3072 	rcu_read_lock();
3073 
3074 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
3075 	if (!ap_sta) {
3076 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
3077 			    bss_conf->bssid, arvif->vdev_id);
3078 		rcu_read_unlock();
3079 		return;
3080 	}
3081 
3082 	/* ap_sta must be accessed only within rcu section which must be left
3083 	 * before calling ath10k_setup_peer_smps() which might sleep.
3084 	 */
3085 	ht_cap = ap_sta->deflink.ht_cap;
3086 	vht_cap = ap_sta->deflink.vht_cap;
3087 
3088 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
3089 	if (ret) {
3090 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
3091 			    bss_conf->bssid, arvif->vdev_id, ret);
3092 		rcu_read_unlock();
3093 		return;
3094 	}
3095 
3096 	rcu_read_unlock();
3097 
3098 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3099 	if (ret) {
3100 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
3101 			    bss_conf->bssid, arvif->vdev_id, ret);
3102 		return;
3103 	}
3104 
3105 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
3106 	if (ret) {
3107 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
3108 			    arvif->vdev_id, ret);
3109 		return;
3110 	}
3111 
3112 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3113 	if (ret) {
3114 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
3115 			    arvif->vdev_id, bss_conf->bssid, ret);
3116 		return;
3117 	}
3118 
3119 	ath10k_dbg(ar, ATH10K_DBG_MAC,
3120 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
3121 		   arvif->vdev_id, bss_conf->bssid, vif->cfg.aid);
3122 
3123 	WARN_ON(arvif->is_up);
3124 
3125 	arvif->aid = vif->cfg.aid;
3126 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
3127 
3128 	ret = ath10k_wmi_pdev_set_param(ar,
3129 					ar->wmi.pdev_param->peer_stats_info_enable, 1);
3130 	if (ret)
3131 		ath10k_warn(ar, "failed to enable peer stats info: %d\n", ret);
3132 
3133 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
3134 	if (ret) {
3135 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
3136 			    arvif->vdev_id, ret);
3137 		return;
3138 	}
3139 
3140 	arvif->is_up = true;
3141 
3142 	ath10k_mac_set_sar_power(ar);
3143 
3144 	/* Workaround: Some firmware revisions (tested with qca6174
3145 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
3146 	 * poked with peer param command.
3147 	 */
3148 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
3149 					ar->wmi.peer_param->dummy_var, 1);
3150 	if (ret) {
3151 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
3152 			    arvif->bssid, arvif->vdev_id, ret);
3153 		return;
3154 	}
3155 }
3156 
3157 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
3158 				struct ieee80211_vif *vif)
3159 {
3160 	struct ath10k *ar = hw->priv;
3161 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3162 	struct ieee80211_sta_vht_cap vht_cap = {};
3163 	int ret;
3164 
3165 	lockdep_assert_held(&ar->conf_mutex);
3166 
3167 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
3168 		   arvif->vdev_id, arvif->bssid);
3169 
3170 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
3171 	if (ret)
3172 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
3173 			    arvif->vdev_id, ret);
3174 
3175 	arvif->def_wep_key_idx = -1;
3176 
3177 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3178 	if (ret) {
3179 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
3180 			    arvif->vdev_id, ret);
3181 		return;
3182 	}
3183 
3184 	arvif->is_up = false;
3185 
3186 	ath10k_mac_txpower_recalc(ar);
3187 
3188 	cancel_delayed_work_sync(&arvif->connection_loss_work);
3189 }
3190 
3191 static int ath10k_new_peer_tid_config(struct ath10k *ar,
3192 				      struct ieee80211_sta *sta,
3193 				      struct ath10k_vif *arvif)
3194 {
3195 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
3196 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3197 	bool config_apply;
3198 	int ret, i;
3199 
3200 	for (i = 0; i < ATH10K_TID_MAX; i++) {
3201 		config_apply = false;
3202 		if (arvif->retry_long[i] || arvif->ampdu[i] ||
3203 		    arvif->rate_ctrl[i] || arvif->rtscts[i]) {
3204 			config_apply = true;
3205 			arg.tid = i;
3206 			arg.vdev_id = arvif->vdev_id;
3207 			arg.retry_count = arvif->retry_long[i];
3208 			arg.aggr_control = arvif->ampdu[i];
3209 			arg.rate_ctrl = arvif->rate_ctrl[i];
3210 			arg.rcode_flags = arvif->rate_code[i];
3211 
3212 			if (arvif->rtscts[i])
3213 				arg.ext_tid_cfg_bitmap =
3214 					WMI_EXT_TID_RTS_CTS_CONFIG;
3215 			else
3216 				arg.ext_tid_cfg_bitmap = 0;
3217 
3218 			arg.rtscts_ctrl = arvif->rtscts[i];
3219 		}
3220 
3221 		if (arvif->noack[i]) {
3222 			arg.ack_policy = arvif->noack[i];
3223 			arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
3224 			arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
3225 			config_apply = true;
3226 		}
3227 
3228 		/* Assign default value(-1) to newly connected station.
3229 		 * This is to identify station specific tid configuration not
3230 		 * configured for the station.
3231 		 */
3232 		arsta->retry_long[i] = -1;
3233 		arsta->noack[i] = -1;
3234 		arsta->ampdu[i] = -1;
3235 
3236 		if (!config_apply)
3237 			continue;
3238 
3239 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
3240 
3241 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
3242 		if (ret) {
3243 			ath10k_warn(ar, "failed to set per tid retry/aggr config for sta %pM: %d\n",
3244 				    sta->addr, ret);
3245 			return ret;
3246 		}
3247 
3248 		memset(&arg, 0, sizeof(arg));
3249 	}
3250 
3251 	return 0;
3252 }
3253 
3254 static int ath10k_station_assoc(struct ath10k *ar,
3255 				struct ieee80211_vif *vif,
3256 				struct ieee80211_sta *sta,
3257 				bool reassoc)
3258 {
3259 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3260 	struct wmi_peer_assoc_complete_arg peer_arg;
3261 	int ret = 0;
3262 
3263 	lockdep_assert_held(&ar->conf_mutex);
3264 
3265 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
3266 	if (ret) {
3267 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
3268 			    sta->addr, arvif->vdev_id, ret);
3269 		return ret;
3270 	}
3271 
3272 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3273 	if (ret) {
3274 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
3275 			    sta->addr, arvif->vdev_id, ret);
3276 		return ret;
3277 	}
3278 
3279 	/* Re-assoc is run only to update supported rates for given station. It
3280 	 * doesn't make much sense to reconfigure the peer completely.
3281 	 */
3282 	if (!reassoc) {
3283 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3284 					     &sta->deflink.ht_cap);
3285 		if (ret) {
3286 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3287 				    arvif->vdev_id, ret);
3288 			return ret;
3289 		}
3290 
3291 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3292 		if (ret) {
3293 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3294 				    sta->addr, arvif->vdev_id, ret);
3295 			return ret;
3296 		}
3297 
3298 		if (!sta->wme) {
3299 			arvif->num_legacy_stations++;
3300 			ret  = ath10k_recalc_rtscts_prot(arvif);
3301 			if (ret) {
3302 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3303 					    arvif->vdev_id, ret);
3304 				return ret;
3305 			}
3306 		}
3307 
3308 		/* Plumb cached keys only for static WEP */
3309 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3310 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3311 			if (ret) {
3312 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3313 					    arvif->vdev_id, ret);
3314 				return ret;
3315 			}
3316 		}
3317 	}
3318 
3319 	if (!test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map))
3320 		return ret;
3321 
3322 	return ath10k_new_peer_tid_config(ar, sta, arvif);
3323 }
3324 
3325 static int ath10k_station_disassoc(struct ath10k *ar,
3326 				   struct ieee80211_vif *vif,
3327 				   struct ieee80211_sta *sta)
3328 {
3329 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3330 	int ret = 0;
3331 
3332 	lockdep_assert_held(&ar->conf_mutex);
3333 
3334 	if (!sta->wme) {
3335 		arvif->num_legacy_stations--;
3336 		ret = ath10k_recalc_rtscts_prot(arvif);
3337 		if (ret) {
3338 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3339 				    arvif->vdev_id, ret);
3340 			return ret;
3341 		}
3342 	}
3343 
3344 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3345 	if (ret) {
3346 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3347 			    arvif->vdev_id, ret);
3348 		return ret;
3349 	}
3350 
3351 	return ret;
3352 }
3353 
3354 /**************/
3355 /* Regulatory */
3356 /**************/
3357 
3358 static int ath10k_update_channel_list(struct ath10k *ar)
3359 {
3360 	struct ieee80211_hw *hw = ar->hw;
3361 	struct ieee80211_supported_band **bands;
3362 	enum nl80211_band band;
3363 	struct ieee80211_channel *channel;
3364 	struct wmi_scan_chan_list_arg arg = {0};
3365 	struct wmi_channel_arg *ch;
3366 	bool passive;
3367 	int len;
3368 	int ret;
3369 	int i;
3370 
3371 	lockdep_assert_held(&ar->conf_mutex);
3372 
3373 	bands = hw->wiphy->bands;
3374 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3375 		if (!bands[band])
3376 			continue;
3377 
3378 		for (i = 0; i < bands[band]->n_channels; i++) {
3379 			if (bands[band]->channels[i].flags &
3380 			    IEEE80211_CHAN_DISABLED)
3381 				continue;
3382 
3383 			arg.n_channels++;
3384 		}
3385 	}
3386 
3387 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3388 	arg.channels = kzalloc(len, GFP_KERNEL);
3389 	if (!arg.channels)
3390 		return -ENOMEM;
3391 
3392 	ch = arg.channels;
3393 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3394 		if (!bands[band])
3395 			continue;
3396 
3397 		for (i = 0; i < bands[band]->n_channels; i++) {
3398 			channel = &bands[band]->channels[i];
3399 
3400 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3401 				continue;
3402 
3403 			ch->allow_ht = true;
3404 
3405 			/* FIXME: when should we really allow VHT? */
3406 			ch->allow_vht = true;
3407 
3408 			ch->allow_ibss =
3409 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3410 
3411 			ch->ht40plus =
3412 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3413 
3414 			ch->chan_radar =
3415 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3416 
3417 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3418 			ch->passive = passive;
3419 
3420 			/* the firmware is ignoring the "radar" flag of the
3421 			 * channel and is scanning actively using Probe Requests
3422 			 * on "Radar detection"/DFS channels which are not
3423 			 * marked as "available"
3424 			 */
3425 			ch->passive |= ch->chan_radar;
3426 
3427 			ch->freq = channel->center_freq;
3428 			ch->band_center_freq1 = channel->center_freq;
3429 			ch->min_power = 0;
3430 			ch->max_power = channel->max_power * 2;
3431 			ch->max_reg_power = channel->max_reg_power * 2;
3432 			ch->max_antenna_gain = channel->max_antenna_gain;
3433 			ch->reg_class_id = 0; /* FIXME */
3434 
3435 			/* FIXME: why use only legacy modes, why not any
3436 			 * HT/VHT modes? Would that even make any
3437 			 * difference?
3438 			 */
3439 			if (channel->band == NL80211_BAND_2GHZ)
3440 				ch->mode = MODE_11G;
3441 			else
3442 				ch->mode = MODE_11A;
3443 
3444 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3445 				continue;
3446 
3447 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3448 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3449 				    ch - arg.channels, arg.n_channels,
3450 				   ch->freq, ch->max_power, ch->max_reg_power,
3451 				   ch->max_antenna_gain, ch->mode);
3452 
3453 			ch++;
3454 		}
3455 	}
3456 
3457 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3458 	kfree(arg.channels);
3459 
3460 	return ret;
3461 }
3462 
3463 static enum wmi_dfs_region
3464 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3465 {
3466 	switch (dfs_region) {
3467 	case NL80211_DFS_UNSET:
3468 		return WMI_UNINIT_DFS_DOMAIN;
3469 	case NL80211_DFS_FCC:
3470 		return WMI_FCC_DFS_DOMAIN;
3471 	case NL80211_DFS_ETSI:
3472 		return WMI_ETSI_DFS_DOMAIN;
3473 	case NL80211_DFS_JP:
3474 		return WMI_MKK4_DFS_DOMAIN;
3475 	}
3476 	return WMI_UNINIT_DFS_DOMAIN;
3477 }
3478 
3479 static void ath10k_regd_update(struct ath10k *ar)
3480 {
3481 	struct reg_dmn_pair_mapping *regpair;
3482 	int ret;
3483 	enum wmi_dfs_region wmi_dfs_reg;
3484 	enum nl80211_dfs_regions nl_dfs_reg;
3485 
3486 	lockdep_assert_held(&ar->conf_mutex);
3487 
3488 	ret = ath10k_update_channel_list(ar);
3489 	if (ret)
3490 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3491 
3492 	regpair = ar->ath_common.regulatory.regpair;
3493 
3494 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3495 		nl_dfs_reg = ar->dfs_detector->region;
3496 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3497 	} else {
3498 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3499 	}
3500 
3501 	/* Target allows setting up per-band regdomain but ath_common provides
3502 	 * a combined one only
3503 	 */
3504 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3505 					    regpair->reg_domain,
3506 					    regpair->reg_domain, /* 2ghz */
3507 					    regpair->reg_domain, /* 5ghz */
3508 					    regpair->reg_2ghz_ctl,
3509 					    regpair->reg_5ghz_ctl,
3510 					    wmi_dfs_reg);
3511 	if (ret)
3512 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3513 }
3514 
3515 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3516 					   struct ieee80211_supported_band *band)
3517 {
3518 	int i;
3519 
3520 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3521 		for (i = 0; i < band->n_channels; i++) {
3522 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3523 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3524 				band->channels[i].flags |=
3525 					IEEE80211_CHAN_DISABLED;
3526 		}
3527 	}
3528 }
3529 
3530 static void ath10k_reg_notifier(struct wiphy *wiphy,
3531 				struct regulatory_request *request)
3532 {
3533 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3534 	struct ath10k *ar = hw->priv;
3535 	bool result;
3536 
3537 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3538 
3539 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3540 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3541 			   request->dfs_region);
3542 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3543 							  request->dfs_region);
3544 		if (!result)
3545 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3546 				    request->dfs_region);
3547 	}
3548 
3549 	mutex_lock(&ar->conf_mutex);
3550 	if (ar->state == ATH10K_STATE_ON)
3551 		ath10k_regd_update(ar);
3552 	mutex_unlock(&ar->conf_mutex);
3553 
3554 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3555 		ath10k_mac_update_channel_list(ar,
3556 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3557 }
3558 
3559 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3560 {
3561 	spin_lock_bh(&ar->data_lock);
3562 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3563 	spin_unlock_bh(&ar->data_lock);
3564 
3565 	cancel_work_sync(&ar->radar_confirmation_work);
3566 }
3567 
3568 /***************/
3569 /* TX handlers */
3570 /***************/
3571 
3572 enum ath10k_mac_tx_path {
3573 	ATH10K_MAC_TX_HTT,
3574 	ATH10K_MAC_TX_HTT_MGMT,
3575 	ATH10K_MAC_TX_WMI_MGMT,
3576 	ATH10K_MAC_TX_UNKNOWN,
3577 };
3578 
3579 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3580 {
3581 	lockdep_assert_held(&ar->htt.tx_lock);
3582 
3583 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3584 	ar->tx_paused |= BIT(reason);
3585 	ieee80211_stop_queues(ar->hw);
3586 }
3587 
3588 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3589 				      struct ieee80211_vif *vif)
3590 {
3591 	struct ath10k *ar = data;
3592 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3593 
3594 	if (arvif->tx_paused)
3595 		return;
3596 
3597 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3598 }
3599 
3600 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3601 {
3602 	lockdep_assert_held(&ar->htt.tx_lock);
3603 
3604 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3605 	ar->tx_paused &= ~BIT(reason);
3606 
3607 	if (ar->tx_paused)
3608 		return;
3609 
3610 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3611 						   ATH10K_ITER_RESUME_FLAGS,
3612 						   ath10k_mac_tx_unlock_iter,
3613 						   ar);
3614 
3615 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3616 }
3617 
3618 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3619 {
3620 	struct ath10k *ar = arvif->ar;
3621 
3622 	lockdep_assert_held(&ar->htt.tx_lock);
3623 
3624 	WARN_ON(reason >= BITS_PER_LONG);
3625 	arvif->tx_paused |= BIT(reason);
3626 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3627 }
3628 
3629 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3630 {
3631 	struct ath10k *ar = arvif->ar;
3632 
3633 	lockdep_assert_held(&ar->htt.tx_lock);
3634 
3635 	WARN_ON(reason >= BITS_PER_LONG);
3636 	arvif->tx_paused &= ~BIT(reason);
3637 
3638 	if (ar->tx_paused)
3639 		return;
3640 
3641 	if (arvif->tx_paused)
3642 		return;
3643 
3644 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3645 }
3646 
3647 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3648 					   enum wmi_tlv_tx_pause_id pause_id,
3649 					   enum wmi_tlv_tx_pause_action action)
3650 {
3651 	struct ath10k *ar = arvif->ar;
3652 
3653 	lockdep_assert_held(&ar->htt.tx_lock);
3654 
3655 	switch (action) {
3656 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3657 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3658 		break;
3659 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3660 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3661 		break;
3662 	default:
3663 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3664 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3665 			    action, arvif->vdev_id);
3666 		break;
3667 	}
3668 }
3669 
3670 struct ath10k_mac_tx_pause {
3671 	u32 vdev_id;
3672 	enum wmi_tlv_tx_pause_id pause_id;
3673 	enum wmi_tlv_tx_pause_action action;
3674 };
3675 
3676 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3677 					    struct ieee80211_vif *vif)
3678 {
3679 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3680 	struct ath10k_mac_tx_pause *arg = data;
3681 
3682 	if (arvif->vdev_id != arg->vdev_id)
3683 		return;
3684 
3685 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3686 }
3687 
3688 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3689 				     enum wmi_tlv_tx_pause_id pause_id,
3690 				     enum wmi_tlv_tx_pause_action action)
3691 {
3692 	struct ath10k_mac_tx_pause arg = {
3693 		.vdev_id = vdev_id,
3694 		.pause_id = pause_id,
3695 		.action = action,
3696 	};
3697 
3698 	spin_lock_bh(&ar->htt.tx_lock);
3699 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3700 						   ATH10K_ITER_RESUME_FLAGS,
3701 						   ath10k_mac_handle_tx_pause_iter,
3702 						   &arg);
3703 	spin_unlock_bh(&ar->htt.tx_lock);
3704 }
3705 
3706 static enum ath10k_hw_txrx_mode
3707 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3708 			   struct ieee80211_vif *vif,
3709 			   struct ieee80211_sta *sta,
3710 			   struct sk_buff *skb)
3711 {
3712 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3713 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3714 	__le16 fc = hdr->frame_control;
3715 
3716 	if (IEEE80211_SKB_CB(skb)->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)
3717 		return ATH10K_HW_TXRX_ETHERNET;
3718 
3719 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3720 		return ATH10K_HW_TXRX_RAW;
3721 
3722 	if (ieee80211_is_mgmt(fc))
3723 		return ATH10K_HW_TXRX_MGMT;
3724 
3725 	/* Workaround:
3726 	 *
3727 	 * NullFunc frames are mostly used to ping if a client or AP are still
3728 	 * reachable and responsive. This implies tx status reports must be
3729 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3730 	 * come to a conclusion that the other end disappeared and tear down
3731 	 * BSS connection or it can never disconnect from BSS/client (which is
3732 	 * the case).
3733 	 *
3734 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3735 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3736 	 * which seems to deliver correct tx reports for NullFunc frames. The
3737 	 * downside of using it is it ignores client powersave state so it can
3738 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3739 	 * mode though because AP don't sleep.
3740 	 */
3741 	if (ar->htt.target_version_major < 3 &&
3742 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3743 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3744 		      ar->running_fw->fw_file.fw_features))
3745 		return ATH10K_HW_TXRX_MGMT;
3746 
3747 	/* Workaround:
3748 	 *
3749 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3750 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3751 	 * to work with Ethernet txmode so use it.
3752 	 *
3753 	 * FIXME: Check if raw mode works with TDLS.
3754 	 */
3755 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3756 		return ATH10K_HW_TXRX_ETHERNET;
3757 
3758 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3759 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3760 		return ATH10K_HW_TXRX_RAW;
3761 
3762 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3763 }
3764 
3765 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3766 				     struct sk_buff *skb)
3767 {
3768 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3769 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3770 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3771 			 IEEE80211_TX_CTL_INJECTED;
3772 
3773 	if (!ieee80211_has_protected(hdr->frame_control))
3774 		return false;
3775 
3776 	if ((info->flags & mask) == mask)
3777 		return false;
3778 
3779 	if (vif)
3780 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3781 
3782 	return true;
3783 }
3784 
3785 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3786  * Control in the header.
3787  */
3788 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3789 {
3790 	struct ieee80211_hdr *hdr = (void *)skb->data;
3791 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3792 	u8 *qos_ctl;
3793 
3794 	if (!ieee80211_is_data_qos(hdr->frame_control))
3795 		return;
3796 
3797 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3798 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3799 		skb->data, (void *)qos_ctl - (void *)skb->data);
3800 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3801 
3802 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3803 	 * These frames are mainly used for CQM purposes so it doesn't really
3804 	 * matter whether QoS NullFunc or NullFunc are sent.
3805 	 */
3806 	hdr = (void *)skb->data;
3807 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3808 		cb->flags &= ~ATH10K_SKB_F_QOS;
3809 
3810 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3811 }
3812 
3813 static void ath10k_tx_h_8023(struct sk_buff *skb)
3814 {
3815 	struct ieee80211_hdr *hdr;
3816 	struct rfc1042_hdr *rfc1042;
3817 	struct ethhdr *eth;
3818 	size_t hdrlen;
3819 	u8 da[ETH_ALEN];
3820 	u8 sa[ETH_ALEN];
3821 	__be16 type;
3822 
3823 	hdr = (void *)skb->data;
3824 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3825 	rfc1042 = (void *)skb->data + hdrlen;
3826 
3827 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3828 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3829 	type = rfc1042->snap_type;
3830 
3831 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3832 	skb_push(skb, sizeof(*eth));
3833 
3834 	eth = (void *)skb->data;
3835 	ether_addr_copy(eth->h_dest, da);
3836 	ether_addr_copy(eth->h_source, sa);
3837 	eth->h_proto = type;
3838 }
3839 
3840 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3841 				       struct ieee80211_vif *vif,
3842 				       struct sk_buff *skb)
3843 {
3844 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3845 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3846 
3847 	/* This is case only for P2P_GO */
3848 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3849 		return;
3850 
3851 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3852 		spin_lock_bh(&ar->data_lock);
3853 		if (arvif->u.ap.noa_data)
3854 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3855 					      GFP_ATOMIC))
3856 				skb_put_data(skb, arvif->u.ap.noa_data,
3857 					     arvif->u.ap.noa_len);
3858 		spin_unlock_bh(&ar->data_lock);
3859 	}
3860 }
3861 
3862 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3863 				    struct ieee80211_vif *vif,
3864 				    struct ieee80211_txq *txq,
3865 				    struct ieee80211_sta *sta,
3866 				    struct sk_buff *skb, u16 airtime)
3867 {
3868 	struct ieee80211_hdr *hdr = (void *)skb->data;
3869 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3870 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3871 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3872 			ieee80211_is_data_qos(hdr->frame_control);
3873 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3874 	struct ath10k_sta *arsta;
3875 	u8 tid, *qos_ctl;
3876 	bool noack = false;
3877 
3878 	cb->flags = 0;
3879 
3880 	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3881 		cb->flags |= ATH10K_SKB_F_QOS;	/* Assume data frames are QoS */
3882 		goto finish_cb_fill;
3883 	}
3884 
3885 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3886 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3887 
3888 	if (ieee80211_is_mgmt(hdr->frame_control))
3889 		cb->flags |= ATH10K_SKB_F_MGMT;
3890 
3891 	if (ieee80211_is_data_qos(hdr->frame_control)) {
3892 		cb->flags |= ATH10K_SKB_F_QOS;
3893 		qos_ctl = ieee80211_get_qos_ctl(hdr);
3894 		tid = (*qos_ctl) & IEEE80211_QOS_CTL_TID_MASK;
3895 
3896 		if (arvif->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3897 			noack = true;
3898 
3899 		if (sta) {
3900 			arsta = (struct ath10k_sta *)sta->drv_priv;
3901 
3902 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3903 				noack = true;
3904 
3905 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_ACK)
3906 				noack = false;
3907 		}
3908 
3909 		if (noack)
3910 			cb->flags |= ATH10K_SKB_F_NOACK_TID;
3911 	}
3912 
3913 	/* Data frames encrypted in software will be posted to firmware
3914 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3915 	 * for a specific VLAN group will always be encrypted in software.
3916 	 */
3917 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3918 	    !info->control.hw_key) {
3919 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3920 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3921 	}
3922 
3923 finish_cb_fill:
3924 	cb->vif = vif;
3925 	cb->txq = txq;
3926 	cb->airtime_est = airtime;
3927 	if (sta) {
3928 		arsta = (struct ath10k_sta *)sta->drv_priv;
3929 		spin_lock_bh(&ar->data_lock);
3930 		cb->ucast_cipher = arsta->ucast_cipher;
3931 		spin_unlock_bh(&ar->data_lock);
3932 	}
3933 }
3934 
3935 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3936 {
3937 	/* FIXME: Not really sure since when the behaviour changed. At some
3938 	 * point new firmware stopped requiring creation of peer entries for
3939 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3940 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3941 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3942 	 */
3943 	return (ar->htt.target_version_major >= 3 &&
3944 		ar->htt.target_version_minor >= 4 &&
3945 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3946 }
3947 
3948 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3949 {
3950 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3951 
3952 	if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
3953 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3954 		return -ENOSPC;
3955 	}
3956 
3957 	skb_queue_tail(q, skb);
3958 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3959 
3960 	return 0;
3961 }
3962 
3963 static enum ath10k_mac_tx_path
3964 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3965 			   struct sk_buff *skb,
3966 			   enum ath10k_hw_txrx_mode txmode)
3967 {
3968 	switch (txmode) {
3969 	case ATH10K_HW_TXRX_RAW:
3970 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3971 	case ATH10K_HW_TXRX_ETHERNET:
3972 		return ATH10K_MAC_TX_HTT;
3973 	case ATH10K_HW_TXRX_MGMT:
3974 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3975 			     ar->running_fw->fw_file.fw_features) ||
3976 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
3977 				      ar->wmi.svc_map))
3978 			return ATH10K_MAC_TX_WMI_MGMT;
3979 		else if (ar->htt.target_version_major >= 3)
3980 			return ATH10K_MAC_TX_HTT;
3981 		else
3982 			return ATH10K_MAC_TX_HTT_MGMT;
3983 	}
3984 
3985 	return ATH10K_MAC_TX_UNKNOWN;
3986 }
3987 
3988 static int ath10k_mac_tx_submit(struct ath10k *ar,
3989 				enum ath10k_hw_txrx_mode txmode,
3990 				enum ath10k_mac_tx_path txpath,
3991 				struct sk_buff *skb)
3992 {
3993 	struct ath10k_htt *htt = &ar->htt;
3994 	int ret = -EINVAL;
3995 
3996 	switch (txpath) {
3997 	case ATH10K_MAC_TX_HTT:
3998 		ret = ath10k_htt_tx(htt, txmode, skb);
3999 		break;
4000 	case ATH10K_MAC_TX_HTT_MGMT:
4001 		ret = ath10k_htt_mgmt_tx(htt, skb);
4002 		break;
4003 	case ATH10K_MAC_TX_WMI_MGMT:
4004 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
4005 		break;
4006 	case ATH10K_MAC_TX_UNKNOWN:
4007 		WARN_ON_ONCE(1);
4008 		ret = -EINVAL;
4009 		break;
4010 	}
4011 
4012 	if (ret) {
4013 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
4014 			    ret);
4015 		ieee80211_free_txskb(ar->hw, skb);
4016 	}
4017 
4018 	return ret;
4019 }
4020 
4021 /* This function consumes the sk_buff regardless of return value as far as
4022  * caller is concerned so no freeing is necessary afterwards.
4023  */
4024 static int ath10k_mac_tx(struct ath10k *ar,
4025 			 struct ieee80211_vif *vif,
4026 			 enum ath10k_hw_txrx_mode txmode,
4027 			 enum ath10k_mac_tx_path txpath,
4028 			 struct sk_buff *skb, bool noque_offchan)
4029 {
4030 	struct ieee80211_hw *hw = ar->hw;
4031 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4032 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
4033 	int ret;
4034 
4035 	/* We should disable CCK RATE due to P2P */
4036 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
4037 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
4038 
4039 	switch (txmode) {
4040 	case ATH10K_HW_TXRX_MGMT:
4041 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4042 		ath10k_tx_h_nwifi(hw, skb);
4043 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
4044 		ath10k_tx_h_seq_no(vif, skb);
4045 		break;
4046 	case ATH10K_HW_TXRX_ETHERNET:
4047 		/* Convert 802.11->802.3 header only if the frame was erlier
4048 		 * encapsulated to 802.11 by mac80211. Otherwise pass it as is.
4049 		 */
4050 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP))
4051 			ath10k_tx_h_8023(skb);
4052 		break;
4053 	case ATH10K_HW_TXRX_RAW:
4054 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
4055 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
4056 			WARN_ON_ONCE(1);
4057 			ieee80211_free_txskb(hw, skb);
4058 			return -ENOTSUPP;
4059 		}
4060 	}
4061 
4062 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
4063 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
4064 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %pK len %d\n",
4065 				   skb, skb->len);
4066 
4067 			skb_queue_tail(&ar->offchan_tx_queue, skb);
4068 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
4069 			return 0;
4070 		}
4071 	}
4072 
4073 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
4074 	if (ret) {
4075 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
4076 		return ret;
4077 	}
4078 
4079 	return 0;
4080 }
4081 
4082 void ath10k_offchan_tx_purge(struct ath10k *ar)
4083 {
4084 	struct sk_buff *skb;
4085 
4086 	for (;;) {
4087 		skb = skb_dequeue(&ar->offchan_tx_queue);
4088 		if (!skb)
4089 			break;
4090 
4091 		ieee80211_free_txskb(ar->hw, skb);
4092 	}
4093 }
4094 
4095 void ath10k_offchan_tx_work(struct work_struct *work)
4096 {
4097 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
4098 	struct ath10k_peer *peer;
4099 	struct ath10k_vif *arvif;
4100 	enum ath10k_hw_txrx_mode txmode;
4101 	enum ath10k_mac_tx_path txpath;
4102 	struct ieee80211_hdr *hdr;
4103 	struct ieee80211_vif *vif;
4104 	struct ieee80211_sta *sta;
4105 	struct sk_buff *skb;
4106 	const u8 *peer_addr;
4107 	int vdev_id;
4108 	int ret;
4109 	unsigned long time_left;
4110 	bool tmp_peer_created = false;
4111 
4112 	/* FW requirement: We must create a peer before FW will send out
4113 	 * an offchannel frame. Otherwise the frame will be stuck and
4114 	 * never transmitted. We delete the peer upon tx completion.
4115 	 * It is unlikely that a peer for offchannel tx will already be
4116 	 * present. However it may be in some rare cases so account for that.
4117 	 * Otherwise we might remove a legitimate peer and break stuff.
4118 	 */
4119 
4120 	for (;;) {
4121 		skb = skb_dequeue(&ar->offchan_tx_queue);
4122 		if (!skb)
4123 			break;
4124 
4125 		mutex_lock(&ar->conf_mutex);
4126 
4127 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %pK len %d\n",
4128 			   skb, skb->len);
4129 
4130 		hdr = (struct ieee80211_hdr *)skb->data;
4131 		peer_addr = ieee80211_get_DA(hdr);
4132 
4133 		spin_lock_bh(&ar->data_lock);
4134 		vdev_id = ar->scan.vdev_id;
4135 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
4136 		spin_unlock_bh(&ar->data_lock);
4137 
4138 		if (peer) {
4139 			ath10k_warn(ar, "peer %pM on vdev %d already present\n",
4140 				    peer_addr, vdev_id);
4141 		} else {
4142 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
4143 						 peer_addr,
4144 						 WMI_PEER_TYPE_DEFAULT);
4145 			if (ret)
4146 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
4147 					    peer_addr, vdev_id, ret);
4148 			tmp_peer_created = (ret == 0);
4149 		}
4150 
4151 		spin_lock_bh(&ar->data_lock);
4152 		reinit_completion(&ar->offchan_tx_completed);
4153 		ar->offchan_tx_skb = skb;
4154 		spin_unlock_bh(&ar->data_lock);
4155 
4156 		/* It's safe to access vif and sta - conf_mutex guarantees that
4157 		 * sta_state() and remove_interface() are locked exclusively
4158 		 * out wrt to this offchannel worker.
4159 		 */
4160 		arvif = ath10k_get_arvif(ar, vdev_id);
4161 		if (arvif) {
4162 			vif = arvif->vif;
4163 			sta = ieee80211_find_sta(vif, peer_addr);
4164 		} else {
4165 			vif = NULL;
4166 			sta = NULL;
4167 		}
4168 
4169 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4170 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4171 
4172 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
4173 		if (ret) {
4174 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
4175 				    ret);
4176 			/* not serious */
4177 		}
4178 
4179 		time_left =
4180 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
4181 		if (time_left == 0)
4182 			ath10k_warn(ar, "timed out waiting for offchannel skb %pK, len: %d\n",
4183 				    skb, skb->len);
4184 
4185 		if (!peer && tmp_peer_created) {
4186 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
4187 			if (ret)
4188 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
4189 					    peer_addr, vdev_id, ret);
4190 		}
4191 
4192 		mutex_unlock(&ar->conf_mutex);
4193 	}
4194 }
4195 
4196 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
4197 {
4198 	struct sk_buff *skb;
4199 
4200 	for (;;) {
4201 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4202 		if (!skb)
4203 			break;
4204 
4205 		ieee80211_free_txskb(ar->hw, skb);
4206 	}
4207 }
4208 
4209 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
4210 {
4211 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
4212 	struct sk_buff *skb;
4213 	dma_addr_t paddr;
4214 	int ret;
4215 
4216 	for (;;) {
4217 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4218 		if (!skb)
4219 			break;
4220 
4221 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
4222 			     ar->running_fw->fw_file.fw_features)) {
4223 			paddr = dma_map_single(ar->dev, skb->data,
4224 					       skb->len, DMA_TO_DEVICE);
4225 			if (dma_mapping_error(ar->dev, paddr)) {
4226 				ieee80211_free_txskb(ar->hw, skb);
4227 				continue;
4228 			}
4229 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
4230 			if (ret) {
4231 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
4232 					    ret);
4233 				/* remove this msdu from idr tracking */
4234 				ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
4235 
4236 				dma_unmap_single(ar->dev, paddr, skb->len,
4237 						 DMA_TO_DEVICE);
4238 				ieee80211_free_txskb(ar->hw, skb);
4239 			}
4240 		} else {
4241 			ret = ath10k_wmi_mgmt_tx(ar, skb);
4242 			if (ret) {
4243 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
4244 					    ret);
4245 				ieee80211_free_txskb(ar->hw, skb);
4246 			}
4247 		}
4248 	}
4249 }
4250 
4251 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
4252 {
4253 	struct ath10k_txq *artxq;
4254 
4255 	if (!txq)
4256 		return;
4257 
4258 	artxq = (void *)txq->drv_priv;
4259 	INIT_LIST_HEAD(&artxq->list);
4260 }
4261 
4262 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
4263 {
4264 	struct ath10k_skb_cb *cb;
4265 	struct sk_buff *msdu;
4266 	int msdu_id;
4267 
4268 	if (!txq)
4269 		return;
4270 
4271 	spin_lock_bh(&ar->htt.tx_lock);
4272 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
4273 		cb = ATH10K_SKB_CB(msdu);
4274 		if (cb->txq == txq)
4275 			cb->txq = NULL;
4276 	}
4277 	spin_unlock_bh(&ar->htt.tx_lock);
4278 }
4279 
4280 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
4281 					    u16 peer_id,
4282 					    u8 tid)
4283 {
4284 	struct ath10k_peer *peer;
4285 
4286 	lockdep_assert_held(&ar->data_lock);
4287 
4288 	peer = ar->peer_map[peer_id];
4289 	if (!peer)
4290 		return NULL;
4291 
4292 	if (peer->removed)
4293 		return NULL;
4294 
4295 	if (peer->sta)
4296 		return peer->sta->txq[tid];
4297 	else if (peer->vif)
4298 		return peer->vif->txq;
4299 	else
4300 		return NULL;
4301 }
4302 
4303 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
4304 				   struct ieee80211_txq *txq)
4305 {
4306 	struct ath10k *ar = hw->priv;
4307 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4308 
4309 	/* No need to get locks */
4310 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
4311 		return true;
4312 
4313 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
4314 		return true;
4315 
4316 	if (artxq->num_fw_queued < artxq->num_push_allowed)
4317 		return true;
4318 
4319 	return false;
4320 }
4321 
4322 /* Return estimated airtime in microsecond, which is calculated using last
4323  * reported TX rate. This is just a rough estimation because host driver has no
4324  * knowledge of the actual transmit rate, retries or aggregation. If actual
4325  * airtime can be reported by firmware, then delta between estimated and actual
4326  * airtime can be adjusted from deficit.
4327  */
4328 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4329 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4330 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4331 				     struct ieee80211_txq *txq,
4332 				     struct sk_buff *skb)
4333 {
4334 	struct ath10k_sta *arsta;
4335 	u32 pktlen;
4336 	u16 airtime = 0;
4337 
4338 	if (!txq || !txq->sta)
4339 		return airtime;
4340 
4341 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4342 		return airtime;
4343 
4344 	spin_lock_bh(&ar->data_lock);
4345 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4346 
4347 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4348 	if (arsta->last_tx_bitrate) {
4349 		/* airtime in us, last_tx_bitrate in 100kbps */
4350 		airtime = (pktlen * 8 * (1000 / 100))
4351 				/ arsta->last_tx_bitrate;
4352 		/* overhead for media access time and IFS */
4353 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4354 	} else {
4355 		/* This is mostly for throttle excessive BC/MC frames, and the
4356 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4357 		 * in 2G get some discount, which helps prevent very low rate
4358 		 * frames from being blocked for too long.
4359 		 */
4360 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4361 		airtime += IEEE80211_ATF_OVERHEAD;
4362 	}
4363 	spin_unlock_bh(&ar->data_lock);
4364 
4365 	return airtime;
4366 }
4367 
4368 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4369 			   struct ieee80211_txq *txq)
4370 {
4371 	struct ath10k *ar = hw->priv;
4372 	struct ath10k_htt *htt = &ar->htt;
4373 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4374 	struct ieee80211_vif *vif = txq->vif;
4375 	struct ieee80211_sta *sta = txq->sta;
4376 	enum ath10k_hw_txrx_mode txmode;
4377 	enum ath10k_mac_tx_path txpath;
4378 	struct sk_buff *skb;
4379 	struct ieee80211_hdr *hdr;
4380 	size_t skb_len;
4381 	bool is_mgmt, is_presp;
4382 	int ret;
4383 	u16 airtime;
4384 
4385 	spin_lock_bh(&ar->htt.tx_lock);
4386 	ret = ath10k_htt_tx_inc_pending(htt);
4387 	spin_unlock_bh(&ar->htt.tx_lock);
4388 
4389 	if (ret)
4390 		return ret;
4391 
4392 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4393 	if (!skb) {
4394 		spin_lock_bh(&ar->htt.tx_lock);
4395 		ath10k_htt_tx_dec_pending(htt);
4396 		spin_unlock_bh(&ar->htt.tx_lock);
4397 
4398 		return -ENOENT;
4399 	}
4400 
4401 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4402 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4403 
4404 	skb_len = skb->len;
4405 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4406 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4407 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4408 
4409 	if (is_mgmt) {
4410 		hdr = (struct ieee80211_hdr *)skb->data;
4411 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4412 
4413 		spin_lock_bh(&ar->htt.tx_lock);
4414 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4415 
4416 		if (ret) {
4417 			ath10k_htt_tx_dec_pending(htt);
4418 			spin_unlock_bh(&ar->htt.tx_lock);
4419 			return ret;
4420 		}
4421 		spin_unlock_bh(&ar->htt.tx_lock);
4422 	}
4423 
4424 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4425 	if (unlikely(ret)) {
4426 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4427 
4428 		spin_lock_bh(&ar->htt.tx_lock);
4429 		ath10k_htt_tx_dec_pending(htt);
4430 		if (is_mgmt)
4431 			ath10k_htt_tx_mgmt_dec_pending(htt);
4432 		spin_unlock_bh(&ar->htt.tx_lock);
4433 
4434 		return ret;
4435 	}
4436 
4437 	spin_lock_bh(&ar->htt.tx_lock);
4438 	artxq->num_fw_queued++;
4439 	spin_unlock_bh(&ar->htt.tx_lock);
4440 
4441 	return skb_len;
4442 }
4443 
4444 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4445 {
4446 	struct ieee80211_txq *txq;
4447 	int ret = 0;
4448 
4449 	ieee80211_txq_schedule_start(hw, ac);
4450 	while ((txq = ieee80211_next_txq(hw, ac))) {
4451 		while (ath10k_mac_tx_can_push(hw, txq)) {
4452 			ret = ath10k_mac_tx_push_txq(hw, txq);
4453 			if (ret < 0)
4454 				break;
4455 		}
4456 		ieee80211_return_txq(hw, txq, false);
4457 		ath10k_htt_tx_txq_update(hw, txq);
4458 		if (ret == -EBUSY)
4459 			break;
4460 	}
4461 	ieee80211_txq_schedule_end(hw, ac);
4462 
4463 	return ret;
4464 }
4465 
4466 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4467 {
4468 	struct ieee80211_hw *hw = ar->hw;
4469 	u32 ac;
4470 
4471 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4472 		return;
4473 
4474 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4475 		return;
4476 
4477 	rcu_read_lock();
4478 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4479 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4480 			break;
4481 	}
4482 	rcu_read_unlock();
4483 }
4484 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4485 
4486 /************/
4487 /* Scanning */
4488 /************/
4489 
4490 void __ath10k_scan_finish(struct ath10k *ar)
4491 {
4492 	lockdep_assert_held(&ar->data_lock);
4493 
4494 	switch (ar->scan.state) {
4495 	case ATH10K_SCAN_IDLE:
4496 		break;
4497 	case ATH10K_SCAN_RUNNING:
4498 	case ATH10K_SCAN_ABORTING:
4499 		if (!ar->scan.is_roc) {
4500 			struct cfg80211_scan_info info = {
4501 				.aborted = (ar->scan.state ==
4502 					    ATH10K_SCAN_ABORTING),
4503 			};
4504 
4505 			ieee80211_scan_completed(ar->hw, &info);
4506 		} else if (ar->scan.roc_notify) {
4507 			ieee80211_remain_on_channel_expired(ar->hw);
4508 		}
4509 		fallthrough;
4510 	case ATH10K_SCAN_STARTING:
4511 		ar->scan.state = ATH10K_SCAN_IDLE;
4512 		ar->scan_channel = NULL;
4513 		ar->scan.roc_freq = 0;
4514 		ath10k_offchan_tx_purge(ar);
4515 		cancel_delayed_work(&ar->scan.timeout);
4516 		complete(&ar->scan.completed);
4517 		break;
4518 	}
4519 }
4520 
4521 void ath10k_scan_finish(struct ath10k *ar)
4522 {
4523 	spin_lock_bh(&ar->data_lock);
4524 	__ath10k_scan_finish(ar);
4525 	spin_unlock_bh(&ar->data_lock);
4526 }
4527 
4528 static int ath10k_scan_stop(struct ath10k *ar)
4529 {
4530 	struct wmi_stop_scan_arg arg = {
4531 		.req_id = 1, /* FIXME */
4532 		.req_type = WMI_SCAN_STOP_ONE,
4533 		.u.scan_id = ATH10K_SCAN_ID,
4534 	};
4535 	int ret;
4536 
4537 	lockdep_assert_held(&ar->conf_mutex);
4538 
4539 	ret = ath10k_wmi_stop_scan(ar, &arg);
4540 	if (ret) {
4541 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4542 		goto out;
4543 	}
4544 
4545 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4546 	if (ret == 0) {
4547 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4548 		ret = -ETIMEDOUT;
4549 	} else if (ret > 0) {
4550 		ret = 0;
4551 	}
4552 
4553 out:
4554 	/* Scan state should be updated upon scan completion but in case
4555 	 * firmware fails to deliver the event (for whatever reason) it is
4556 	 * desired to clean up scan state anyway. Firmware may have just
4557 	 * dropped the scan completion event delivery due to transport pipe
4558 	 * being overflown with data and/or it can recover on its own before
4559 	 * next scan request is submitted.
4560 	 */
4561 	spin_lock_bh(&ar->data_lock);
4562 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4563 		__ath10k_scan_finish(ar);
4564 	spin_unlock_bh(&ar->data_lock);
4565 
4566 	return ret;
4567 }
4568 
4569 static void ath10k_scan_abort(struct ath10k *ar)
4570 {
4571 	int ret;
4572 
4573 	lockdep_assert_held(&ar->conf_mutex);
4574 
4575 	spin_lock_bh(&ar->data_lock);
4576 
4577 	switch (ar->scan.state) {
4578 	case ATH10K_SCAN_IDLE:
4579 		/* This can happen if timeout worker kicked in and called
4580 		 * abortion while scan completion was being processed.
4581 		 */
4582 		break;
4583 	case ATH10K_SCAN_STARTING:
4584 	case ATH10K_SCAN_ABORTING:
4585 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4586 			    ath10k_scan_state_str(ar->scan.state),
4587 			    ar->scan.state);
4588 		break;
4589 	case ATH10K_SCAN_RUNNING:
4590 		ar->scan.state = ATH10K_SCAN_ABORTING;
4591 		spin_unlock_bh(&ar->data_lock);
4592 
4593 		ret = ath10k_scan_stop(ar);
4594 		if (ret)
4595 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4596 
4597 		spin_lock_bh(&ar->data_lock);
4598 		break;
4599 	}
4600 
4601 	spin_unlock_bh(&ar->data_lock);
4602 }
4603 
4604 void ath10k_scan_timeout_work(struct work_struct *work)
4605 {
4606 	struct ath10k *ar = container_of(work, struct ath10k,
4607 					 scan.timeout.work);
4608 
4609 	mutex_lock(&ar->conf_mutex);
4610 	ath10k_scan_abort(ar);
4611 	mutex_unlock(&ar->conf_mutex);
4612 }
4613 
4614 static int ath10k_start_scan(struct ath10k *ar,
4615 			     const struct wmi_start_scan_arg *arg)
4616 {
4617 	int ret;
4618 
4619 	lockdep_assert_held(&ar->conf_mutex);
4620 
4621 	ret = ath10k_wmi_start_scan(ar, arg);
4622 	if (ret)
4623 		return ret;
4624 
4625 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4626 	if (ret == 0) {
4627 		ret = ath10k_scan_stop(ar);
4628 		if (ret)
4629 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4630 
4631 		return -ETIMEDOUT;
4632 	}
4633 
4634 	/* If we failed to start the scan, return error code at
4635 	 * this point.  This is probably due to some issue in the
4636 	 * firmware, but no need to wedge the driver due to that...
4637 	 */
4638 	spin_lock_bh(&ar->data_lock);
4639 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4640 		spin_unlock_bh(&ar->data_lock);
4641 		return -EINVAL;
4642 	}
4643 	spin_unlock_bh(&ar->data_lock);
4644 
4645 	return 0;
4646 }
4647 
4648 /**********************/
4649 /* mac80211 callbacks */
4650 /**********************/
4651 
4652 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4653 			     struct ieee80211_tx_control *control,
4654 			     struct sk_buff *skb)
4655 {
4656 	struct ath10k *ar = hw->priv;
4657 	struct ath10k_htt *htt = &ar->htt;
4658 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4659 	struct ieee80211_vif *vif = info->control.vif;
4660 	struct ieee80211_sta *sta = control->sta;
4661 	struct ieee80211_txq *txq = NULL;
4662 	enum ath10k_hw_txrx_mode txmode;
4663 	enum ath10k_mac_tx_path txpath;
4664 	bool is_htt;
4665 	bool is_mgmt;
4666 	int ret;
4667 	u16 airtime;
4668 
4669 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4670 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4671 
4672 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4673 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4674 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4675 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4676 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4677 
4678 	if (is_htt) {
4679 		bool is_presp = false;
4680 
4681 		spin_lock_bh(&ar->htt.tx_lock);
4682 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)) {
4683 			struct ieee80211_hdr *hdr = (void *)skb->data;
4684 
4685 			is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4686 		}
4687 
4688 		ret = ath10k_htt_tx_inc_pending(htt);
4689 		if (ret) {
4690 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4691 				    ret);
4692 			spin_unlock_bh(&ar->htt.tx_lock);
4693 			ieee80211_free_txskb(ar->hw, skb);
4694 			return;
4695 		}
4696 
4697 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4698 		if (ret) {
4699 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4700 				   ret);
4701 			ath10k_htt_tx_dec_pending(htt);
4702 			spin_unlock_bh(&ar->htt.tx_lock);
4703 			ieee80211_free_txskb(ar->hw, skb);
4704 			return;
4705 		}
4706 		spin_unlock_bh(&ar->htt.tx_lock);
4707 	}
4708 
4709 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4710 	if (ret) {
4711 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4712 		if (is_htt) {
4713 			spin_lock_bh(&ar->htt.tx_lock);
4714 			ath10k_htt_tx_dec_pending(htt);
4715 			if (is_mgmt)
4716 				ath10k_htt_tx_mgmt_dec_pending(htt);
4717 			spin_unlock_bh(&ar->htt.tx_lock);
4718 		}
4719 		return;
4720 	}
4721 }
4722 
4723 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4724 					struct ieee80211_txq *txq)
4725 {
4726 	struct ath10k *ar = hw->priv;
4727 	int ret;
4728 	u8 ac;
4729 
4730 	ath10k_htt_tx_txq_update(hw, txq);
4731 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4732 		return;
4733 
4734 	ac = txq->ac;
4735 	ieee80211_txq_schedule_start(hw, ac);
4736 	txq = ieee80211_next_txq(hw, ac);
4737 	if (!txq)
4738 		goto out;
4739 
4740 	while (ath10k_mac_tx_can_push(hw, txq)) {
4741 		ret = ath10k_mac_tx_push_txq(hw, txq);
4742 		if (ret < 0)
4743 			break;
4744 	}
4745 	ieee80211_return_txq(hw, txq, false);
4746 	ath10k_htt_tx_txq_update(hw, txq);
4747 out:
4748 	ieee80211_txq_schedule_end(hw, ac);
4749 }
4750 
4751 /* Must not be called with conf_mutex held as workers can use that also. */
4752 void ath10k_drain_tx(struct ath10k *ar)
4753 {
4754 	lockdep_assert_not_held(&ar->conf_mutex);
4755 
4756 	/* make sure rcu-protected mac80211 tx path itself is drained */
4757 	synchronize_net();
4758 
4759 	ath10k_offchan_tx_purge(ar);
4760 	ath10k_mgmt_over_wmi_tx_purge(ar);
4761 
4762 	cancel_work_sync(&ar->offchan_tx_work);
4763 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4764 }
4765 
4766 void ath10k_halt(struct ath10k *ar)
4767 {
4768 	struct ath10k_vif *arvif;
4769 
4770 	lockdep_assert_held(&ar->conf_mutex);
4771 
4772 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4773 	ar->filter_flags = 0;
4774 	ar->monitor = false;
4775 	ar->monitor_arvif = NULL;
4776 
4777 	if (ar->monitor_started)
4778 		ath10k_monitor_stop(ar);
4779 
4780 	ar->monitor_started = false;
4781 	ar->tx_paused = 0;
4782 
4783 	ath10k_scan_finish(ar);
4784 	ath10k_peer_cleanup_all(ar);
4785 	ath10k_stop_radar_confirmation(ar);
4786 	ath10k_core_stop(ar);
4787 	ath10k_hif_power_down(ar);
4788 
4789 	spin_lock_bh(&ar->data_lock);
4790 	list_for_each_entry(arvif, &ar->arvifs, list)
4791 		ath10k_mac_vif_beacon_cleanup(arvif);
4792 	spin_unlock_bh(&ar->data_lock);
4793 }
4794 
4795 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4796 {
4797 	struct ath10k *ar = hw->priv;
4798 
4799 	mutex_lock(&ar->conf_mutex);
4800 
4801 	*tx_ant = ar->cfg_tx_chainmask;
4802 	*rx_ant = ar->cfg_rx_chainmask;
4803 
4804 	mutex_unlock(&ar->conf_mutex);
4805 
4806 	return 0;
4807 }
4808 
4809 static bool ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4810 {
4811 	/* It is not clear that allowing gaps in chainmask
4812 	 * is helpful.  Probably it will not do what user
4813 	 * is hoping for, so warn in that case.
4814 	 */
4815 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4816 		return true;
4817 
4818 	ath10k_warn(ar, "mac %s antenna chainmask is invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4819 		    dbg, cm);
4820 	return false;
4821 }
4822 
4823 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4824 {
4825 	int nsts = ar->vht_cap_info;
4826 
4827 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4828 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4829 
4830 	/* If firmware does not deliver to host number of space-time
4831 	 * streams supported, assume it support up to 4 BF STS and return
4832 	 * the value for VHT CAP: nsts-1)
4833 	 */
4834 	if (nsts == 0)
4835 		return 3;
4836 
4837 	return nsts;
4838 }
4839 
4840 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4841 {
4842 	int sound_dim = ar->vht_cap_info;
4843 
4844 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4845 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4846 
4847 	/* If the sounding dimension is not advertised by the firmware,
4848 	 * let's use a default value of 1
4849 	 */
4850 	if (sound_dim == 0)
4851 		return 1;
4852 
4853 	return sound_dim;
4854 }
4855 
4856 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4857 {
4858 	struct ieee80211_sta_vht_cap vht_cap = {0};
4859 	struct ath10k_hw_params *hw = &ar->hw_params;
4860 	u16 mcs_map;
4861 	u32 val;
4862 	int i;
4863 
4864 	vht_cap.vht_supported = 1;
4865 	vht_cap.cap = ar->vht_cap_info;
4866 
4867 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4868 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4869 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4870 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4871 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4872 
4873 		vht_cap.cap |= val;
4874 	}
4875 
4876 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4877 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4878 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4879 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4880 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4881 
4882 		vht_cap.cap |= val;
4883 	}
4884 
4885 	mcs_map = 0;
4886 	for (i = 0; i < 8; i++) {
4887 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4888 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4889 		else
4890 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4891 	}
4892 
4893 	if (ar->cfg_tx_chainmask <= 1)
4894 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4895 
4896 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4897 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4898 
4899 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4900 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4901 	 * user-space a clue if that is the case.
4902 	 */
4903 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4904 	    (hw->vht160_mcs_rx_highest != 0 ||
4905 	     hw->vht160_mcs_tx_highest != 0)) {
4906 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4907 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4908 	}
4909 
4910 	return vht_cap;
4911 }
4912 
4913 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4914 {
4915 	int i;
4916 	struct ieee80211_sta_ht_cap ht_cap = {0};
4917 
4918 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4919 		return ht_cap;
4920 
4921 	ht_cap.ht_supported = 1;
4922 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4923 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4924 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4925 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4926 	ht_cap.cap |=
4927 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4928 
4929 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4930 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4931 
4932 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4933 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4934 
4935 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4936 		u32 smps;
4937 
4938 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4939 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4940 
4941 		ht_cap.cap |= smps;
4942 	}
4943 
4944 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4945 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4946 
4947 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4948 		u32 stbc;
4949 
4950 		stbc   = ar->ht_cap_info;
4951 		stbc  &= WMI_HT_CAP_RX_STBC;
4952 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4953 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4954 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4955 
4956 		ht_cap.cap |= stbc;
4957 	}
4958 
4959 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4960 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4961 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4962 
4963 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4964 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4965 
4966 	/* max AMSDU is implicitly taken from vht_cap_info */
4967 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4968 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4969 
4970 	for (i = 0; i < ar->num_rf_chains; i++) {
4971 		if (ar->cfg_rx_chainmask & BIT(i))
4972 			ht_cap.mcs.rx_mask[i] = 0xFF;
4973 	}
4974 
4975 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
4976 
4977 	return ht_cap;
4978 }
4979 
4980 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
4981 {
4982 	struct ieee80211_supported_band *band;
4983 	struct ieee80211_sta_vht_cap vht_cap;
4984 	struct ieee80211_sta_ht_cap ht_cap;
4985 
4986 	ht_cap = ath10k_get_ht_cap(ar);
4987 	vht_cap = ath10k_create_vht_cap(ar);
4988 
4989 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
4990 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
4991 		band->ht_cap = ht_cap;
4992 	}
4993 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
4994 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
4995 		band->ht_cap = ht_cap;
4996 		band->vht_cap = vht_cap;
4997 	}
4998 }
4999 
5000 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
5001 {
5002 	int ret;
5003 	bool is_valid_tx_chain_mask, is_valid_rx_chain_mask;
5004 
5005 	lockdep_assert_held(&ar->conf_mutex);
5006 
5007 	is_valid_tx_chain_mask = ath10k_check_chain_mask(ar, tx_ant, "tx");
5008 	is_valid_rx_chain_mask = ath10k_check_chain_mask(ar, rx_ant, "rx");
5009 
5010 	if (!is_valid_tx_chain_mask || !is_valid_rx_chain_mask)
5011 		return -EINVAL;
5012 
5013 	ar->cfg_tx_chainmask = tx_ant;
5014 	ar->cfg_rx_chainmask = rx_ant;
5015 
5016 	if ((ar->state != ATH10K_STATE_ON) &&
5017 	    (ar->state != ATH10K_STATE_RESTARTED))
5018 		return 0;
5019 
5020 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
5021 					tx_ant);
5022 	if (ret) {
5023 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
5024 			    ret, tx_ant);
5025 		return ret;
5026 	}
5027 
5028 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
5029 					rx_ant);
5030 	if (ret) {
5031 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
5032 			    ret, rx_ant);
5033 		return ret;
5034 	}
5035 
5036 	/* Reload HT/VHT capability */
5037 	ath10k_mac_setup_ht_vht_cap(ar);
5038 
5039 	return 0;
5040 }
5041 
5042 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
5043 {
5044 	struct ath10k *ar = hw->priv;
5045 	int ret;
5046 
5047 	mutex_lock(&ar->conf_mutex);
5048 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
5049 	mutex_unlock(&ar->conf_mutex);
5050 	return ret;
5051 }
5052 
5053 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
5054 				       struct wmi_bb_timing_cfg_arg *bb_timing)
5055 {
5056 	struct device_node *node;
5057 	const char *fem_name;
5058 	int ret;
5059 
5060 	node = ar->dev->of_node;
5061 	if (!node)
5062 		return -ENOENT;
5063 
5064 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
5065 	if (ret)
5066 		return -ENOENT;
5067 
5068 	/*
5069 	 * If external Front End module used in hardware, then default base band timing
5070 	 * parameter cannot be used since they were fine tuned for reference hardware,
5071 	 * so choosing different value suitable for that external FEM.
5072 	 */
5073 	if (!strcmp("microsemi-lx5586", fem_name)) {
5074 		bb_timing->bb_tx_timing = 0x00;
5075 		bb_timing->bb_xpa_timing = 0x0101;
5076 	} else {
5077 		return -ENOENT;
5078 	}
5079 
5080 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
5081 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
5082 	return 0;
5083 }
5084 
5085 static int ath10k_mac_rfkill_config(struct ath10k *ar)
5086 {
5087 	u32 param;
5088 	int ret;
5089 
5090 	if (ar->hw_values->rfkill_pin == 0) {
5091 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
5092 		return -EOPNOTSUPP;
5093 	}
5094 
5095 	ath10k_dbg(ar, ATH10K_DBG_MAC,
5096 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
5097 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
5098 		   ar->hw_values->rfkill_on_level);
5099 
5100 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
5101 			   ar->hw_values->rfkill_on_level) |
5102 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
5103 			   ar->hw_values->rfkill_pin) |
5104 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
5105 			   ar->hw_values->rfkill_cfg);
5106 
5107 	ret = ath10k_wmi_pdev_set_param(ar,
5108 					ar->wmi.pdev_param->rfkill_config,
5109 					param);
5110 	if (ret) {
5111 		ath10k_warn(ar,
5112 			    "failed to set rfkill config 0x%x: %d\n",
5113 			    param, ret);
5114 		return ret;
5115 	}
5116 	return 0;
5117 }
5118 
5119 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
5120 {
5121 	enum wmi_tlv_rfkill_enable_radio param;
5122 	int ret;
5123 
5124 	if (enable)
5125 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
5126 	else
5127 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
5128 
5129 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
5130 
5131 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
5132 					param);
5133 	if (ret) {
5134 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
5135 			    param, ret);
5136 		return ret;
5137 	}
5138 
5139 	return 0;
5140 }
5141 
5142 static int ath10k_start(struct ieee80211_hw *hw)
5143 {
5144 	struct ath10k *ar = hw->priv;
5145 	u32 param;
5146 	int ret = 0;
5147 	struct wmi_bb_timing_cfg_arg bb_timing = {0};
5148 
5149 	/*
5150 	 * This makes sense only when restarting hw. It is harmless to call
5151 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
5152 	 * commands will be submitted while restarting.
5153 	 */
5154 	ath10k_drain_tx(ar);
5155 
5156 	mutex_lock(&ar->conf_mutex);
5157 
5158 	switch (ar->state) {
5159 	case ATH10K_STATE_OFF:
5160 		ar->state = ATH10K_STATE_ON;
5161 		break;
5162 	case ATH10K_STATE_RESTARTING:
5163 		ar->state = ATH10K_STATE_RESTARTED;
5164 		break;
5165 	case ATH10K_STATE_ON:
5166 	case ATH10K_STATE_RESTARTED:
5167 	case ATH10K_STATE_WEDGED:
5168 		WARN_ON(1);
5169 		ret = -EINVAL;
5170 		goto err;
5171 	case ATH10K_STATE_UTF:
5172 		ret = -EBUSY;
5173 		goto err;
5174 	}
5175 
5176 	spin_lock_bh(&ar->data_lock);
5177 
5178 	if (ar->hw_rfkill_on) {
5179 		ar->hw_rfkill_on = false;
5180 		spin_unlock_bh(&ar->data_lock);
5181 		goto err;
5182 	}
5183 
5184 	spin_unlock_bh(&ar->data_lock);
5185 
5186 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
5187 	if (ret) {
5188 		ath10k_err(ar, "Could not init hif: %d\n", ret);
5189 		goto err_off;
5190 	}
5191 
5192 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
5193 				&ar->normal_mode_fw);
5194 	if (ret) {
5195 		ath10k_err(ar, "Could not init core: %d\n", ret);
5196 		goto err_power_down;
5197 	}
5198 
5199 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
5200 		ret = ath10k_mac_rfkill_config(ar);
5201 		if (ret && ret != -EOPNOTSUPP) {
5202 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
5203 			goto err_core_stop;
5204 		}
5205 	}
5206 
5207 	param = ar->wmi.pdev_param->pmf_qos;
5208 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5209 	if (ret) {
5210 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
5211 		goto err_core_stop;
5212 	}
5213 
5214 	param = ar->wmi.pdev_param->dynamic_bw;
5215 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5216 	if (ret) {
5217 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
5218 		goto err_core_stop;
5219 	}
5220 
5221 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
5222 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
5223 		if (ret) {
5224 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
5225 			goto err_core_stop;
5226 		}
5227 	}
5228 
5229 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
5230 		ret = ath10k_wmi_adaptive_qcs(ar, true);
5231 		if (ret) {
5232 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
5233 				    ret);
5234 			goto err_core_stop;
5235 		}
5236 	}
5237 
5238 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
5239 		param = ar->wmi.pdev_param->burst_enable;
5240 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5241 		if (ret) {
5242 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
5243 			goto err_core_stop;
5244 		}
5245 	}
5246 
5247 	param = ar->wmi.pdev_param->idle_ps_config;
5248 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5249 	if (ret && ret != -EOPNOTSUPP) {
5250 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
5251 		goto err_core_stop;
5252 	}
5253 
5254 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
5255 
5256 	/*
5257 	 * By default FW set ARP frames ac to voice (6). In that case ARP
5258 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
5259 	 * which arrives with access category 0 are processed by network stack
5260 	 * and send back with access category 0, but FW changes access category
5261 	 * to 6. Set ARP frames access category to best effort (0) solves
5262 	 * this problem.
5263 	 */
5264 
5265 	param = ar->wmi.pdev_param->arp_ac_override;
5266 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5267 	if (ret) {
5268 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
5269 			    ret);
5270 		goto err_core_stop;
5271 	}
5272 
5273 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
5274 		     ar->running_fw->fw_file.fw_features)) {
5275 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
5276 							  WMI_CCA_DETECT_LEVEL_AUTO,
5277 							  WMI_CCA_DETECT_MARGIN_AUTO);
5278 		if (ret) {
5279 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
5280 				    ret);
5281 			goto err_core_stop;
5282 		}
5283 	}
5284 
5285 	param = ar->wmi.pdev_param->ani_enable;
5286 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5287 	if (ret) {
5288 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
5289 			    ret);
5290 		goto err_core_stop;
5291 	}
5292 
5293 	ar->ani_enabled = true;
5294 
5295 	if (ath10k_peer_stats_enabled(ar)) {
5296 		param = ar->wmi.pdev_param->peer_stats_update_period;
5297 		ret = ath10k_wmi_pdev_set_param(ar, param,
5298 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
5299 		if (ret) {
5300 			ath10k_warn(ar,
5301 				    "failed to set peer stats period : %d\n",
5302 				    ret);
5303 			goto err_core_stop;
5304 		}
5305 	}
5306 
5307 	param = ar->wmi.pdev_param->enable_btcoex;
5308 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
5309 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
5310 		     ar->running_fw->fw_file.fw_features) &&
5311 	    ar->coex_support) {
5312 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5313 		if (ret) {
5314 			ath10k_warn(ar,
5315 				    "failed to set btcoex param: %d\n", ret);
5316 			goto err_core_stop;
5317 		}
5318 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
5319 	}
5320 
5321 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
5322 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
5323 		if (!ret) {
5324 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
5325 			if (ret) {
5326 				ath10k_warn(ar,
5327 					    "failed to set bb timings: %d\n",
5328 					    ret);
5329 				goto err_core_stop;
5330 			}
5331 		}
5332 	}
5333 
5334 	ar->num_started_vdevs = 0;
5335 	ath10k_regd_update(ar);
5336 
5337 	ath10k_spectral_start(ar);
5338 	ath10k_thermal_set_throttling(ar);
5339 
5340 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5341 
5342 	mutex_unlock(&ar->conf_mutex);
5343 	return 0;
5344 
5345 err_core_stop:
5346 	ath10k_core_stop(ar);
5347 
5348 err_power_down:
5349 	ath10k_hif_power_down(ar);
5350 
5351 err_off:
5352 	ar->state = ATH10K_STATE_OFF;
5353 
5354 err:
5355 	mutex_unlock(&ar->conf_mutex);
5356 	return ret;
5357 }
5358 
5359 static void ath10k_stop(struct ieee80211_hw *hw)
5360 {
5361 	struct ath10k *ar = hw->priv;
5362 	u32 opt;
5363 
5364 	ath10k_drain_tx(ar);
5365 
5366 	mutex_lock(&ar->conf_mutex);
5367 	if (ar->state != ATH10K_STATE_OFF) {
5368 		if (!ar->hw_rfkill_on) {
5369 			/* If the current driver state is RESTARTING but not yet
5370 			 * fully RESTARTED because of incoming suspend event,
5371 			 * then ath10k_halt() is already called via
5372 			 * ath10k_core_restart() and should not be called here.
5373 			 */
5374 			if (ar->state != ATH10K_STATE_RESTARTING) {
5375 				ath10k_halt(ar);
5376 			} else {
5377 				/* Suspending here, because when in RESTARTING
5378 				 * state, ath10k_core_stop() skips
5379 				 * ath10k_wait_for_suspend().
5380 				 */
5381 				opt = WMI_PDEV_SUSPEND_AND_DISABLE_INTR;
5382 				ath10k_wait_for_suspend(ar, opt);
5383 			}
5384 		}
5385 		ar->state = ATH10K_STATE_OFF;
5386 	}
5387 	mutex_unlock(&ar->conf_mutex);
5388 
5389 	cancel_work_sync(&ar->set_coverage_class_work);
5390 	cancel_delayed_work_sync(&ar->scan.timeout);
5391 	cancel_work_sync(&ar->restart_work);
5392 }
5393 
5394 static int ath10k_config_ps(struct ath10k *ar)
5395 {
5396 	struct ath10k_vif *arvif;
5397 	int ret = 0;
5398 
5399 	lockdep_assert_held(&ar->conf_mutex);
5400 
5401 	list_for_each_entry(arvif, &ar->arvifs, list) {
5402 		ret = ath10k_mac_vif_setup_ps(arvif);
5403 		if (ret) {
5404 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5405 			break;
5406 		}
5407 	}
5408 
5409 	return ret;
5410 }
5411 
5412 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
5413 {
5414 	struct ath10k *ar = hw->priv;
5415 	struct ieee80211_conf *conf = &hw->conf;
5416 	int ret = 0;
5417 
5418 	mutex_lock(&ar->conf_mutex);
5419 
5420 	if (changed & IEEE80211_CONF_CHANGE_PS)
5421 		ath10k_config_ps(ar);
5422 
5423 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5424 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5425 		ret = ath10k_monitor_recalc(ar);
5426 		if (ret)
5427 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5428 	}
5429 
5430 	mutex_unlock(&ar->conf_mutex);
5431 	return ret;
5432 }
5433 
5434 static u32 get_nss_from_chainmask(u16 chain_mask)
5435 {
5436 	if ((chain_mask & 0xf) == 0xf)
5437 		return 4;
5438 	else if ((chain_mask & 0x7) == 0x7)
5439 		return 3;
5440 	else if ((chain_mask & 0x3) == 0x3)
5441 		return 2;
5442 	return 1;
5443 }
5444 
5445 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5446 {
5447 	u32 value = 0;
5448 	struct ath10k *ar = arvif->ar;
5449 	int nsts;
5450 	int sound_dim;
5451 
5452 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5453 		return 0;
5454 
5455 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5456 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5457 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5458 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5459 
5460 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5461 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5462 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5463 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5464 
5465 	if (!value)
5466 		return 0;
5467 
5468 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5469 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5470 
5471 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5472 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5473 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5474 
5475 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5476 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5477 
5478 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5479 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5480 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5481 
5482 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5483 					 ar->wmi.vdev_param->txbf, value);
5484 }
5485 
5486 static void ath10k_update_vif_offload(struct ieee80211_hw *hw,
5487 				      struct ieee80211_vif *vif)
5488 {
5489 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5490 	struct ath10k *ar = hw->priv;
5491 	u32 vdev_param;
5492 	int ret;
5493 
5494 	if (ath10k_frame_mode != ATH10K_HW_TXRX_ETHERNET ||
5495 	    ar->wmi.vdev_param->tx_encap_type == WMI_VDEV_PARAM_UNSUPPORTED ||
5496 	     (vif->type != NL80211_IFTYPE_STATION &&
5497 	      vif->type != NL80211_IFTYPE_AP))
5498 		vif->offload_flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
5499 
5500 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5501 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5502 					ATH10K_HW_TXRX_NATIVE_WIFI);
5503 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5504 	if (ret && ret != -EOPNOTSUPP) {
5505 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5506 			    arvif->vdev_id, ret);
5507 	}
5508 }
5509 
5510 /*
5511  * TODO:
5512  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5513  * because we will send mgmt frames without CCK. This requirement
5514  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5515  * in the TX packet.
5516  */
5517 static int ath10k_add_interface(struct ieee80211_hw *hw,
5518 				struct ieee80211_vif *vif)
5519 {
5520 	struct ath10k *ar = hw->priv;
5521 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5522 	struct ath10k_peer *peer;
5523 	enum wmi_sta_powersave_param param;
5524 	int ret = 0;
5525 	u32 value;
5526 	int bit;
5527 	int i;
5528 	u32 vdev_param;
5529 
5530 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5531 
5532 	mutex_lock(&ar->conf_mutex);
5533 
5534 	memset(arvif, 0, sizeof(*arvif));
5535 	ath10k_mac_txq_init(vif->txq);
5536 
5537 	arvif->ar = ar;
5538 	arvif->vif = vif;
5539 
5540 	INIT_LIST_HEAD(&arvif->list);
5541 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5542 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5543 			  ath10k_mac_vif_sta_connection_loss_work);
5544 
5545 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5546 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5547 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5548 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5549 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5550 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5551 	}
5552 
5553 	if (ar->num_peers >= ar->max_num_peers) {
5554 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5555 		ret = -ENOBUFS;
5556 		goto err;
5557 	}
5558 
5559 	if (ar->free_vdev_map == 0) {
5560 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5561 		ret = -EBUSY;
5562 		goto err;
5563 	}
5564 	bit = __ffs64(ar->free_vdev_map);
5565 
5566 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5567 		   bit, ar->free_vdev_map);
5568 
5569 	arvif->vdev_id = bit;
5570 	arvif->vdev_subtype =
5571 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5572 
5573 	switch (vif->type) {
5574 	case NL80211_IFTYPE_P2P_DEVICE:
5575 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5576 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5577 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5578 		break;
5579 	case NL80211_IFTYPE_UNSPECIFIED:
5580 	case NL80211_IFTYPE_STATION:
5581 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5582 		if (vif->p2p)
5583 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5584 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5585 		break;
5586 	case NL80211_IFTYPE_ADHOC:
5587 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5588 		break;
5589 	case NL80211_IFTYPE_MESH_POINT:
5590 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5591 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5592 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5593 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5594 			ret = -EINVAL;
5595 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5596 			goto err;
5597 		}
5598 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5599 		break;
5600 	case NL80211_IFTYPE_AP:
5601 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5602 
5603 		if (vif->p2p)
5604 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5605 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5606 		break;
5607 	case NL80211_IFTYPE_MONITOR:
5608 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5609 		break;
5610 	default:
5611 		WARN_ON(1);
5612 		break;
5613 	}
5614 
5615 	/* Using vdev_id as queue number will make it very easy to do per-vif
5616 	 * tx queue locking. This shouldn't wrap due to interface combinations
5617 	 * but do a modulo for correctness sake and prevent using offchannel tx
5618 	 * queues for regular vif tx.
5619 	 */
5620 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5621 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5622 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5623 
5624 	/* Some firmware revisions don't wait for beacon tx completion before
5625 	 * sending another SWBA event. This could lead to hardware using old
5626 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5627 	 * combined with missed TBTT. This is very rare.
5628 	 *
5629 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5630 	 * because hw could beacon some random data on the air.  On
5631 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5632 	 * device would crash.
5633 	 *
5634 	 * Since there are no beacon tx completions (implicit nor explicit)
5635 	 * propagated to host the only workaround for this is to allocate a
5636 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5637 	 * beacon tx commands. Worst case for this approach is some beacons may
5638 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5639 	 */
5640 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5641 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5642 	    vif->type == NL80211_IFTYPE_AP) {
5643 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
5644 			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
5645 						    GFP_KERNEL);
5646 
5647 			/* Using a kernel pointer in place of a dma_addr_t
5648 			 * token can lead to undefined behavior if that
5649 			 * makes it into cache management functions. Use a
5650 			 * known-invalid address token instead, which
5651 			 * avoids the warning and makes it easier to catch
5652 			 * bugs if it does end up getting used.
5653 			 */
5654 			arvif->beacon_paddr = DMA_MAPPING_ERROR;
5655 		} else {
5656 			arvif->beacon_buf =
5657 				dma_alloc_coherent(ar->dev,
5658 						   IEEE80211_MAX_FRAME_LEN,
5659 						   &arvif->beacon_paddr,
5660 						   GFP_ATOMIC);
5661 		}
5662 		if (!arvif->beacon_buf) {
5663 			ret = -ENOMEM;
5664 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5665 				    ret);
5666 			goto err;
5667 		}
5668 	}
5669 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5670 		arvif->nohwcrypt = true;
5671 
5672 	if (arvif->nohwcrypt &&
5673 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5674 		ret = -EINVAL;
5675 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5676 		goto err;
5677 	}
5678 
5679 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5680 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5681 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5682 
5683 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5684 				     arvif->vdev_subtype, vif->addr);
5685 	if (ret) {
5686 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5687 			    arvif->vdev_id, ret);
5688 		goto err;
5689 	}
5690 
5691 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5692 		     ar->wmi.svc_map)) {
5693 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5694 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5695 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5696 		if (ret && ret != -EOPNOTSUPP) {
5697 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5698 				    arvif->vdev_id, ret);
5699 		}
5700 	}
5701 
5702 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5703 	spin_lock_bh(&ar->data_lock);
5704 	list_add(&arvif->list, &ar->arvifs);
5705 	spin_unlock_bh(&ar->data_lock);
5706 
5707 	/* It makes no sense to have firmware do keepalives. mac80211 already
5708 	 * takes care of this with idle connection polling.
5709 	 */
5710 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5711 	if (ret) {
5712 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5713 			    arvif->vdev_id, ret);
5714 		goto err_vdev_delete;
5715 	}
5716 
5717 	arvif->def_wep_key_idx = -1;
5718 
5719 	ath10k_update_vif_offload(hw, vif);
5720 
5721 	/* Configuring number of spatial stream for monitor interface is causing
5722 	 * target assert in qca9888 and qca6174.
5723 	 */
5724 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5725 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5726 
5727 		vdev_param = ar->wmi.vdev_param->nss;
5728 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5729 						nss);
5730 		if (ret) {
5731 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5732 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5733 				    ret);
5734 			goto err_vdev_delete;
5735 		}
5736 	}
5737 
5738 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5739 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5740 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5741 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5742 		if (ret) {
5743 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5744 				    arvif->vdev_id, ret);
5745 			goto err_vdev_delete;
5746 		}
5747 
5748 		spin_lock_bh(&ar->data_lock);
5749 
5750 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5751 		if (!peer) {
5752 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5753 				    vif->addr, arvif->vdev_id);
5754 			spin_unlock_bh(&ar->data_lock);
5755 			ret = -ENOENT;
5756 			goto err_peer_delete;
5757 		}
5758 
5759 		arvif->peer_id = find_first_bit(peer->peer_ids,
5760 						ATH10K_MAX_NUM_PEER_IDS);
5761 
5762 		spin_unlock_bh(&ar->data_lock);
5763 	} else {
5764 		arvif->peer_id = HTT_INVALID_PEERID;
5765 	}
5766 
5767 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5768 		ret = ath10k_mac_set_kickout(arvif);
5769 		if (ret) {
5770 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5771 				    arvif->vdev_id, ret);
5772 			goto err_peer_delete;
5773 		}
5774 	}
5775 
5776 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5777 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5778 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5779 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5780 						  param, value);
5781 		if (ret) {
5782 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5783 				    arvif->vdev_id, ret);
5784 			goto err_peer_delete;
5785 		}
5786 
5787 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5788 		if (ret) {
5789 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5790 				    arvif->vdev_id, ret);
5791 			goto err_peer_delete;
5792 		}
5793 
5794 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5795 		if (ret) {
5796 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5797 				    arvif->vdev_id, ret);
5798 			goto err_peer_delete;
5799 		}
5800 	}
5801 
5802 	ret = ath10k_mac_set_txbf_conf(arvif);
5803 	if (ret) {
5804 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5805 			    arvif->vdev_id, ret);
5806 		goto err_peer_delete;
5807 	}
5808 
5809 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5810 	if (ret) {
5811 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5812 			    arvif->vdev_id, ret);
5813 		goto err_peer_delete;
5814 	}
5815 
5816 	arvif->txpower = vif->bss_conf.txpower;
5817 	ret = ath10k_mac_txpower_recalc(ar);
5818 	if (ret) {
5819 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5820 		goto err_peer_delete;
5821 	}
5822 
5823 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5824 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5825 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5826 						arvif->ftm_responder);
5827 
5828 		/* It is harmless to not set FTM role. Do not warn */
5829 		if (ret && ret != -EOPNOTSUPP)
5830 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5831 				    arvif->vdev_id, ret);
5832 	}
5833 
5834 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5835 		ar->monitor_arvif = arvif;
5836 		ret = ath10k_monitor_recalc(ar);
5837 		if (ret) {
5838 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5839 			goto err_peer_delete;
5840 		}
5841 	}
5842 
5843 	spin_lock_bh(&ar->htt.tx_lock);
5844 	if (!ar->tx_paused)
5845 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5846 	spin_unlock_bh(&ar->htt.tx_lock);
5847 
5848 	mutex_unlock(&ar->conf_mutex);
5849 	return 0;
5850 
5851 err_peer_delete:
5852 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5853 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5854 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5855 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5856 						 vif->addr);
5857 	}
5858 
5859 err_vdev_delete:
5860 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5861 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5862 	spin_lock_bh(&ar->data_lock);
5863 	list_del(&arvif->list);
5864 	spin_unlock_bh(&ar->data_lock);
5865 
5866 err:
5867 	if (arvif->beacon_buf) {
5868 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
5869 			kfree(arvif->beacon_buf);
5870 		else
5871 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5872 					  arvif->beacon_buf,
5873 					  arvif->beacon_paddr);
5874 		arvif->beacon_buf = NULL;
5875 	}
5876 
5877 	mutex_unlock(&ar->conf_mutex);
5878 
5879 	return ret;
5880 }
5881 
5882 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5883 {
5884 	int i;
5885 
5886 	for (i = 0; i < BITS_PER_LONG; i++)
5887 		ath10k_mac_vif_tx_unlock(arvif, i);
5888 }
5889 
5890 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5891 				    struct ieee80211_vif *vif)
5892 {
5893 	struct ath10k *ar = hw->priv;
5894 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5895 	struct ath10k_peer *peer;
5896 	unsigned long time_left;
5897 	int ret;
5898 	int i;
5899 
5900 	cancel_work_sync(&arvif->ap_csa_work);
5901 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5902 
5903 	mutex_lock(&ar->conf_mutex);
5904 
5905 	ret = ath10k_spectral_vif_stop(arvif);
5906 	if (ret)
5907 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5908 			    arvif->vdev_id, ret);
5909 
5910 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5911 	spin_lock_bh(&ar->data_lock);
5912 	list_del(&arvif->list);
5913 	spin_unlock_bh(&ar->data_lock);
5914 
5915 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5916 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5917 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5918 					     vif->addr);
5919 		if (ret)
5920 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5921 				    arvif->vdev_id, ret);
5922 
5923 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5924 						 vif->addr);
5925 		kfree(arvif->u.ap.noa_data);
5926 	}
5927 
5928 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5929 		   arvif->vdev_id);
5930 
5931 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5932 	if (ret)
5933 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5934 			    arvif->vdev_id, ret);
5935 
5936 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
5937 		time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
5938 							ATH10K_VDEV_DELETE_TIMEOUT_HZ);
5939 		if (time_left == 0) {
5940 			ath10k_warn(ar, "Timeout in receiving vdev delete response\n");
5941 			goto out;
5942 		}
5943 	}
5944 
5945 	/* Some firmware revisions don't notify host about self-peer removal
5946 	 * until after associated vdev is deleted.
5947 	 */
5948 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5949 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5950 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5951 						   vif->addr);
5952 		if (ret)
5953 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5954 				    arvif->vdev_id, ret);
5955 
5956 		spin_lock_bh(&ar->data_lock);
5957 		ar->num_peers--;
5958 		spin_unlock_bh(&ar->data_lock);
5959 	}
5960 
5961 	spin_lock_bh(&ar->data_lock);
5962 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5963 		peer = ar->peer_map[i];
5964 		if (!peer)
5965 			continue;
5966 
5967 		if (peer->vif == vif) {
5968 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5969 				    vif->addr, arvif->vdev_id);
5970 			peer->vif = NULL;
5971 		}
5972 	}
5973 
5974 	/* Clean this up late, less opportunity for firmware to access
5975 	 * DMA memory we have deleted.
5976 	 */
5977 	ath10k_mac_vif_beacon_cleanup(arvif);
5978 	spin_unlock_bh(&ar->data_lock);
5979 
5980 	ath10k_peer_cleanup(ar, arvif->vdev_id);
5981 	ath10k_mac_txq_unref(ar, vif->txq);
5982 
5983 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5984 		ar->monitor_arvif = NULL;
5985 		ret = ath10k_monitor_recalc(ar);
5986 		if (ret)
5987 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5988 	}
5989 
5990 	ret = ath10k_mac_txpower_recalc(ar);
5991 	if (ret)
5992 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5993 
5994 	spin_lock_bh(&ar->htt.tx_lock);
5995 	ath10k_mac_vif_tx_unlock_all(arvif);
5996 	spin_unlock_bh(&ar->htt.tx_lock);
5997 
5998 	ath10k_mac_txq_unref(ar, vif->txq);
5999 
6000 out:
6001 	mutex_unlock(&ar->conf_mutex);
6002 }
6003 
6004 /*
6005  * FIXME: Has to be verified.
6006  */
6007 #define SUPPORTED_FILTERS			\
6008 	(FIF_ALLMULTI |				\
6009 	FIF_CONTROL |				\
6010 	FIF_PSPOLL |				\
6011 	FIF_OTHER_BSS |				\
6012 	FIF_BCN_PRBRESP_PROMISC |		\
6013 	FIF_PROBE_REQ |				\
6014 	FIF_FCSFAIL)
6015 
6016 static void ath10k_configure_filter(struct ieee80211_hw *hw,
6017 				    unsigned int changed_flags,
6018 				    unsigned int *total_flags,
6019 				    u64 multicast)
6020 {
6021 	struct ath10k *ar = hw->priv;
6022 	int ret;
6023 
6024 	mutex_lock(&ar->conf_mutex);
6025 
6026 	changed_flags &= SUPPORTED_FILTERS;
6027 	*total_flags &= SUPPORTED_FILTERS;
6028 	ar->filter_flags = *total_flags;
6029 
6030 	ret = ath10k_monitor_recalc(ar);
6031 	if (ret)
6032 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
6033 
6034 	mutex_unlock(&ar->conf_mutex);
6035 }
6036 
6037 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
6038 					 struct ieee80211_vif *vif,
6039 					 struct cfg80211_chan_def *def)
6040 {
6041 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6042 	const struct ieee80211_supported_band *sband;
6043 	u8 basic_rate_idx;
6044 	int hw_rate_code;
6045 	u32 vdev_param;
6046 	u16 bitrate;
6047 	int ret;
6048 
6049 	lockdep_assert_held(&ar->conf_mutex);
6050 
6051 	sband = ar->hw->wiphy->bands[def->chan->band];
6052 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
6053 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
6054 
6055 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
6056 	if (hw_rate_code < 0) {
6057 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
6058 		return;
6059 	}
6060 
6061 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
6062 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6063 					hw_rate_code);
6064 	if (ret)
6065 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
6066 }
6067 
6068 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
6069 				    struct ieee80211_vif *vif,
6070 				    struct ieee80211_bss_conf *info,
6071 				    u64 changed)
6072 {
6073 	struct ath10k *ar = hw->priv;
6074 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6075 	struct cfg80211_chan_def def;
6076 	u32 vdev_param, pdev_param, slottime, preamble;
6077 	u16 bitrate, hw_value;
6078 	u8 rate, rateidx;
6079 	int ret = 0, mcast_rate;
6080 	enum nl80211_band band;
6081 
6082 	mutex_lock(&ar->conf_mutex);
6083 
6084 	if (changed & BSS_CHANGED_IBSS)
6085 		ath10k_control_ibss(arvif, vif);
6086 
6087 	if (changed & BSS_CHANGED_BEACON_INT) {
6088 		arvif->beacon_interval = info->beacon_int;
6089 		vdev_param = ar->wmi.vdev_param->beacon_interval;
6090 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6091 						arvif->beacon_interval);
6092 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6093 			   "mac vdev %d beacon_interval %d\n",
6094 			   arvif->vdev_id, arvif->beacon_interval);
6095 
6096 		if (ret)
6097 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
6098 				    arvif->vdev_id, ret);
6099 	}
6100 
6101 	if (changed & BSS_CHANGED_BEACON) {
6102 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6103 			   "vdev %d set beacon tx mode to staggered\n",
6104 			   arvif->vdev_id);
6105 
6106 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
6107 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
6108 						WMI_BEACON_STAGGERED_MODE);
6109 		if (ret)
6110 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
6111 				    arvif->vdev_id, ret);
6112 
6113 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
6114 		if (ret)
6115 			ath10k_warn(ar, "failed to update beacon template: %d\n",
6116 				    ret);
6117 
6118 		if (ieee80211_vif_is_mesh(vif)) {
6119 			/* mesh doesn't use SSID but firmware needs it */
6120 			strncpy(arvif->u.ap.ssid, "mesh",
6121 				sizeof(arvif->u.ap.ssid));
6122 			arvif->u.ap.ssid_len = 4;
6123 		}
6124 	}
6125 
6126 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
6127 		ret = ath10k_mac_setup_prb_tmpl(arvif);
6128 		if (ret)
6129 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
6130 				    arvif->vdev_id, ret);
6131 	}
6132 
6133 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
6134 		arvif->dtim_period = info->dtim_period;
6135 
6136 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6137 			   "mac vdev %d dtim_period %d\n",
6138 			   arvif->vdev_id, arvif->dtim_period);
6139 
6140 		vdev_param = ar->wmi.vdev_param->dtim_period;
6141 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6142 						arvif->dtim_period);
6143 		if (ret)
6144 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
6145 				    arvif->vdev_id, ret);
6146 	}
6147 
6148 	if (changed & BSS_CHANGED_SSID &&
6149 	    vif->type == NL80211_IFTYPE_AP) {
6150 		arvif->u.ap.ssid_len = vif->cfg.ssid_len;
6151 		if (vif->cfg.ssid_len)
6152 			memcpy(arvif->u.ap.ssid, vif->cfg.ssid,
6153 			       vif->cfg.ssid_len);
6154 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
6155 	}
6156 
6157 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
6158 		ether_addr_copy(arvif->bssid, info->bssid);
6159 
6160 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
6161 	    arvif->ftm_responder != info->ftm_responder &&
6162 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
6163 		arvif->ftm_responder = info->ftm_responder;
6164 
6165 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
6166 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6167 						arvif->ftm_responder);
6168 
6169 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6170 			   "mac vdev %d ftm_responder %d:ret %d\n",
6171 			   arvif->vdev_id, arvif->ftm_responder, ret);
6172 	}
6173 
6174 	if (changed & BSS_CHANGED_BEACON_ENABLED)
6175 		ath10k_control_beaconing(arvif, info);
6176 
6177 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
6178 		arvif->use_cts_prot = info->use_cts_prot;
6179 
6180 		ret = ath10k_recalc_rtscts_prot(arvif);
6181 		if (ret)
6182 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
6183 				    arvif->vdev_id, ret);
6184 
6185 		if (ath10k_mac_can_set_cts_prot(arvif)) {
6186 			ret = ath10k_mac_set_cts_prot(arvif);
6187 			if (ret)
6188 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
6189 					    arvif->vdev_id, ret);
6190 		}
6191 	}
6192 
6193 	if (changed & BSS_CHANGED_ERP_SLOT) {
6194 		if (info->use_short_slot)
6195 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
6196 
6197 		else
6198 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
6199 
6200 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
6201 			   arvif->vdev_id, slottime);
6202 
6203 		vdev_param = ar->wmi.vdev_param->slot_time;
6204 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6205 						slottime);
6206 		if (ret)
6207 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
6208 				    arvif->vdev_id, ret);
6209 	}
6210 
6211 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
6212 		if (info->use_short_preamble)
6213 			preamble = WMI_VDEV_PREAMBLE_SHORT;
6214 		else
6215 			preamble = WMI_VDEV_PREAMBLE_LONG;
6216 
6217 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6218 			   "mac vdev %d preamble %dn",
6219 			   arvif->vdev_id, preamble);
6220 
6221 		vdev_param = ar->wmi.vdev_param->preamble;
6222 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6223 						preamble);
6224 		if (ret)
6225 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
6226 				    arvif->vdev_id, ret);
6227 	}
6228 
6229 	if (changed & BSS_CHANGED_ASSOC) {
6230 		if (vif->cfg.assoc) {
6231 			/* Workaround: Make sure monitor vdev is not running
6232 			 * when associating to prevent some firmware revisions
6233 			 * (e.g. 10.1 and 10.2) from crashing.
6234 			 */
6235 			if (ar->monitor_started)
6236 				ath10k_monitor_stop(ar);
6237 			ath10k_bss_assoc(hw, vif, info);
6238 			ath10k_monitor_recalc(ar);
6239 		} else {
6240 			ath10k_bss_disassoc(hw, vif);
6241 		}
6242 	}
6243 
6244 	if (changed & BSS_CHANGED_TXPOWER) {
6245 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
6246 			   arvif->vdev_id, info->txpower);
6247 
6248 		arvif->txpower = info->txpower;
6249 		ret = ath10k_mac_txpower_recalc(ar);
6250 		if (ret)
6251 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6252 	}
6253 
6254 	if (changed & BSS_CHANGED_PS) {
6255 		arvif->ps = vif->bss_conf.ps;
6256 
6257 		ret = ath10k_config_ps(ar);
6258 		if (ret)
6259 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
6260 				    arvif->vdev_id, ret);
6261 	}
6262 
6263 	if (changed & BSS_CHANGED_MCAST_RATE &&
6264 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
6265 		band = def.chan->band;
6266 		mcast_rate = vif->bss_conf.mcast_rate[band];
6267 		if (mcast_rate > 0)
6268 			rateidx = mcast_rate - 1;
6269 		else
6270 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
6271 
6272 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6273 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6274 
6275 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
6276 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
6277 		if (ath10k_mac_bitrate_is_cck(bitrate))
6278 			preamble = WMI_RATE_PREAMBLE_CCK;
6279 		else
6280 			preamble = WMI_RATE_PREAMBLE_OFDM;
6281 
6282 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
6283 
6284 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6285 			   "mac vdev %d mcast_rate %x\n",
6286 			   arvif->vdev_id, rate);
6287 
6288 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
6289 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6290 						vdev_param, rate);
6291 		if (ret)
6292 			ath10k_warn(ar,
6293 				    "failed to set mcast rate on vdev %i: %d\n",
6294 				    arvif->vdev_id,  ret);
6295 
6296 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
6297 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6298 						vdev_param, rate);
6299 		if (ret)
6300 			ath10k_warn(ar,
6301 				    "failed to set bcast rate on vdev %i: %d\n",
6302 				    arvif->vdev_id,  ret);
6303 	}
6304 
6305 	if (changed & BSS_CHANGED_BASIC_RATES &&
6306 	    !ath10k_mac_vif_chan(arvif->vif, &def))
6307 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
6308 
6309 	mutex_unlock(&ar->conf_mutex);
6310 }
6311 
6312 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
6313 {
6314 	struct ath10k *ar = hw->priv;
6315 
6316 	/* This function should never be called if setting the coverage class
6317 	 * is not supported on this hardware.
6318 	 */
6319 	if (!ar->hw_params.hw_ops->set_coverage_class) {
6320 		WARN_ON_ONCE(1);
6321 		return;
6322 	}
6323 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
6324 }
6325 
6326 struct ath10k_mac_tdls_iter_data {
6327 	u32 num_tdls_stations;
6328 	struct ieee80211_vif *curr_vif;
6329 };
6330 
6331 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6332 						    struct ieee80211_sta *sta)
6333 {
6334 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6335 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6336 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6337 
6338 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6339 		iter_data->num_tdls_stations++;
6340 }
6341 
6342 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6343 					      struct ieee80211_vif *vif)
6344 {
6345 	struct ath10k_mac_tdls_iter_data data = {};
6346 
6347 	data.curr_vif = vif;
6348 
6349 	ieee80211_iterate_stations_atomic(hw,
6350 					  ath10k_mac_tdls_vif_stations_count_iter,
6351 					  &data);
6352 	return data.num_tdls_stations;
6353 }
6354 
6355 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6356 			  struct ieee80211_vif *vif,
6357 			  struct ieee80211_scan_request *hw_req)
6358 {
6359 	struct ath10k *ar = hw->priv;
6360 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6361 	struct cfg80211_scan_request *req = &hw_req->req;
6362 	struct wmi_start_scan_arg arg;
6363 	int ret = 0;
6364 	int i;
6365 	u32 scan_timeout;
6366 
6367 	mutex_lock(&ar->conf_mutex);
6368 
6369 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6370 		ret = -EBUSY;
6371 		goto exit;
6372 	}
6373 
6374 	spin_lock_bh(&ar->data_lock);
6375 	switch (ar->scan.state) {
6376 	case ATH10K_SCAN_IDLE:
6377 		reinit_completion(&ar->scan.started);
6378 		reinit_completion(&ar->scan.completed);
6379 		ar->scan.state = ATH10K_SCAN_STARTING;
6380 		ar->scan.is_roc = false;
6381 		ar->scan.vdev_id = arvif->vdev_id;
6382 		ret = 0;
6383 		break;
6384 	case ATH10K_SCAN_STARTING:
6385 	case ATH10K_SCAN_RUNNING:
6386 	case ATH10K_SCAN_ABORTING:
6387 		ret = -EBUSY;
6388 		break;
6389 	}
6390 	spin_unlock_bh(&ar->data_lock);
6391 
6392 	if (ret)
6393 		goto exit;
6394 
6395 	memset(&arg, 0, sizeof(arg));
6396 	ath10k_wmi_start_scan_init(ar, &arg);
6397 	arg.vdev_id = arvif->vdev_id;
6398 	arg.scan_id = ATH10K_SCAN_ID;
6399 
6400 	if (req->ie_len) {
6401 		arg.ie_len = req->ie_len;
6402 		memcpy(arg.ie, req->ie, arg.ie_len);
6403 	}
6404 
6405 	if (req->n_ssids) {
6406 		arg.n_ssids = req->n_ssids;
6407 		for (i = 0; i < arg.n_ssids; i++) {
6408 			arg.ssids[i].len  = req->ssids[i].ssid_len;
6409 			arg.ssids[i].ssid = req->ssids[i].ssid;
6410 		}
6411 	} else {
6412 		arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6413 	}
6414 
6415 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6416 		arg.scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6417 		ether_addr_copy(arg.mac_addr.addr, req->mac_addr);
6418 		ether_addr_copy(arg.mac_mask.addr, req->mac_addr_mask);
6419 	}
6420 
6421 	if (req->n_channels) {
6422 		arg.n_channels = req->n_channels;
6423 		for (i = 0; i < arg.n_channels; i++)
6424 			arg.channels[i] = req->channels[i]->center_freq;
6425 	}
6426 
6427 	/* if duration is set, default dwell times will be overwritten */
6428 	if (req->duration) {
6429 		arg.dwell_time_active = req->duration;
6430 		arg.dwell_time_passive = req->duration;
6431 		arg.burst_duration_ms = req->duration;
6432 
6433 		scan_timeout = min_t(u32, arg.max_rest_time *
6434 				(arg.n_channels - 1) + (req->duration +
6435 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6436 				arg.n_channels, arg.max_scan_time);
6437 	} else {
6438 		scan_timeout = arg.max_scan_time;
6439 	}
6440 
6441 	/* Add a 200ms margin to account for event/command processing */
6442 	scan_timeout += 200;
6443 
6444 	ret = ath10k_start_scan(ar, &arg);
6445 	if (ret) {
6446 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6447 		spin_lock_bh(&ar->data_lock);
6448 		ar->scan.state = ATH10K_SCAN_IDLE;
6449 		spin_unlock_bh(&ar->data_lock);
6450 	}
6451 
6452 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6453 				     msecs_to_jiffies(scan_timeout));
6454 
6455 exit:
6456 	mutex_unlock(&ar->conf_mutex);
6457 	return ret;
6458 }
6459 
6460 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6461 				  struct ieee80211_vif *vif)
6462 {
6463 	struct ath10k *ar = hw->priv;
6464 
6465 	mutex_lock(&ar->conf_mutex);
6466 	ath10k_scan_abort(ar);
6467 	mutex_unlock(&ar->conf_mutex);
6468 
6469 	cancel_delayed_work_sync(&ar->scan.timeout);
6470 }
6471 
6472 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6473 					struct ath10k_vif *arvif,
6474 					enum set_key_cmd cmd,
6475 					struct ieee80211_key_conf *key)
6476 {
6477 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6478 	int ret;
6479 
6480 	/* 10.1 firmware branch requires default key index to be set to group
6481 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6482 	 * frames with multi-vif APs. This is not required for main firmware
6483 	 * branch (e.g. 636).
6484 	 *
6485 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6486 	 *
6487 	 * FIXME: It remains unknown if this is required for multi-vif STA
6488 	 * interfaces on 10.1.
6489 	 */
6490 
6491 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6492 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6493 		return;
6494 
6495 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6496 		return;
6497 
6498 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6499 		return;
6500 
6501 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6502 		return;
6503 
6504 	if (cmd != SET_KEY)
6505 		return;
6506 
6507 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6508 					key->keyidx);
6509 	if (ret)
6510 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6511 			    arvif->vdev_id, ret);
6512 }
6513 
6514 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6515 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6516 			  struct ieee80211_key_conf *key)
6517 {
6518 	struct ath10k *ar = hw->priv;
6519 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6520 	struct ath10k_sta *arsta;
6521 	struct ath10k_peer *peer;
6522 	const u8 *peer_addr;
6523 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6524 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6525 	int ret = 0;
6526 	int ret2;
6527 	u32 flags = 0;
6528 	u32 flags2;
6529 
6530 	/* this one needs to be done in software */
6531 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6532 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6533 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6534 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6535 		return 1;
6536 
6537 	if (arvif->nohwcrypt)
6538 		return 1;
6539 
6540 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6541 		return -ENOSPC;
6542 
6543 	mutex_lock(&ar->conf_mutex);
6544 
6545 	if (sta) {
6546 		arsta = (struct ath10k_sta *)sta->drv_priv;
6547 		peer_addr = sta->addr;
6548 		spin_lock_bh(&ar->data_lock);
6549 		arsta->ucast_cipher = key->cipher;
6550 		spin_unlock_bh(&ar->data_lock);
6551 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
6552 		peer_addr = vif->bss_conf.bssid;
6553 	} else {
6554 		peer_addr = vif->addr;
6555 	}
6556 
6557 	key->hw_key_idx = key->keyidx;
6558 
6559 	if (is_wep) {
6560 		if (cmd == SET_KEY)
6561 			arvif->wep_keys[key->keyidx] = key;
6562 		else
6563 			arvif->wep_keys[key->keyidx] = NULL;
6564 	}
6565 
6566 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6567 	 * we already hold conf_mutex. we just make sure its there now.
6568 	 */
6569 	spin_lock_bh(&ar->data_lock);
6570 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6571 	spin_unlock_bh(&ar->data_lock);
6572 
6573 	if (!peer) {
6574 		if (cmd == SET_KEY) {
6575 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6576 				    peer_addr);
6577 			ret = -EOPNOTSUPP;
6578 			goto exit;
6579 		} else {
6580 			/* if the peer doesn't exist there is no key to disable anymore */
6581 			goto exit;
6582 		}
6583 	}
6584 
6585 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6586 		flags |= WMI_KEY_PAIRWISE;
6587 	else
6588 		flags |= WMI_KEY_GROUP;
6589 
6590 	if (is_wep) {
6591 		if (cmd == DISABLE_KEY)
6592 			ath10k_clear_vdev_key(arvif, key);
6593 
6594 		/* When WEP keys are uploaded it's possible that there are
6595 		 * stations associated already (e.g. when merging) without any
6596 		 * keys. Static WEP needs an explicit per-peer key upload.
6597 		 */
6598 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6599 		    cmd == SET_KEY)
6600 			ath10k_mac_vif_update_wep_key(arvif, key);
6601 
6602 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6603 		 * call changes default tx key.
6604 		 *
6605 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6606 		 * after first set_key().
6607 		 */
6608 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6609 			flags |= WMI_KEY_TX_USAGE;
6610 	}
6611 
6612 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6613 	if (ret) {
6614 		WARN_ON(ret > 0);
6615 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6616 			    arvif->vdev_id, peer_addr, ret);
6617 		goto exit;
6618 	}
6619 
6620 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6621 	 * them to be installed twice as both pairwise and groupwise.
6622 	 */
6623 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6624 		flags2 = flags;
6625 		flags2 &= ~WMI_KEY_GROUP;
6626 		flags2 |= WMI_KEY_PAIRWISE;
6627 
6628 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6629 		if (ret) {
6630 			WARN_ON(ret > 0);
6631 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6632 				    arvif->vdev_id, peer_addr, ret);
6633 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6634 						  peer_addr, flags);
6635 			if (ret2) {
6636 				WARN_ON(ret2 > 0);
6637 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6638 					    arvif->vdev_id, peer_addr, ret2);
6639 			}
6640 			goto exit;
6641 		}
6642 	}
6643 
6644 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6645 
6646 	spin_lock_bh(&ar->data_lock);
6647 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6648 	if (peer && cmd == SET_KEY)
6649 		peer->keys[key->keyidx] = key;
6650 	else if (peer && cmd == DISABLE_KEY)
6651 		peer->keys[key->keyidx] = NULL;
6652 	else if (peer == NULL)
6653 		/* impossible unless FW goes crazy */
6654 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6655 	spin_unlock_bh(&ar->data_lock);
6656 
6657 	if (sta && sta->tdls)
6658 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6659 					  ar->wmi.peer_param->authorize, 1);
6660 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6661 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6662 					  ar->wmi.peer_param->authorize, 1);
6663 
6664 exit:
6665 	mutex_unlock(&ar->conf_mutex);
6666 	return ret;
6667 }
6668 
6669 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6670 					   struct ieee80211_vif *vif,
6671 					   int keyidx)
6672 {
6673 	struct ath10k *ar = hw->priv;
6674 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6675 	int ret;
6676 
6677 	mutex_lock(&arvif->ar->conf_mutex);
6678 
6679 	if (arvif->ar->state != ATH10K_STATE_ON)
6680 		goto unlock;
6681 
6682 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6683 		   arvif->vdev_id, keyidx);
6684 
6685 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6686 					arvif->vdev_id,
6687 					arvif->ar->wmi.vdev_param->def_keyid,
6688 					keyidx);
6689 
6690 	if (ret) {
6691 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6692 			    arvif->vdev_id,
6693 			    ret);
6694 		goto unlock;
6695 	}
6696 
6697 	arvif->def_wep_key_idx = keyidx;
6698 
6699 unlock:
6700 	mutex_unlock(&arvif->ar->conf_mutex);
6701 }
6702 
6703 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6704 {
6705 	struct ath10k *ar;
6706 	struct ath10k_vif *arvif;
6707 	struct ath10k_sta *arsta;
6708 	struct ieee80211_sta *sta;
6709 	struct cfg80211_chan_def def;
6710 	enum nl80211_band band;
6711 	const u8 *ht_mcs_mask;
6712 	const u16 *vht_mcs_mask;
6713 	u32 changed, bw, nss, smps;
6714 	int err;
6715 
6716 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6717 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6718 	arvif = arsta->arvif;
6719 	ar = arvif->ar;
6720 
6721 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6722 		return;
6723 
6724 	band = def.chan->band;
6725 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6726 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6727 
6728 	spin_lock_bh(&ar->data_lock);
6729 
6730 	changed = arsta->changed;
6731 	arsta->changed = 0;
6732 
6733 	bw = arsta->bw;
6734 	nss = arsta->nss;
6735 	smps = arsta->smps;
6736 
6737 	spin_unlock_bh(&ar->data_lock);
6738 
6739 	mutex_lock(&ar->conf_mutex);
6740 
6741 	nss = max_t(u32, 1, nss);
6742 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6743 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6744 
6745 	if (changed & IEEE80211_RC_BW_CHANGED) {
6746 		enum wmi_phy_mode mode;
6747 
6748 		mode = chan_to_phymode(&def);
6749 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM peer bw %d phymode %d\n",
6750 			   sta->addr, bw, mode);
6751 
6752 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6753 						ar->wmi.peer_param->phymode, mode);
6754 		if (err) {
6755 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6756 				    sta->addr, mode, err);
6757 			goto exit;
6758 		}
6759 
6760 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6761 						ar->wmi.peer_param->chan_width, bw);
6762 		if (err)
6763 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6764 				    sta->addr, bw, err);
6765 	}
6766 
6767 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6768 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM nss %d\n",
6769 			   sta->addr, nss);
6770 
6771 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6772 						ar->wmi.peer_param->nss, nss);
6773 		if (err)
6774 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6775 				    sta->addr, nss, err);
6776 	}
6777 
6778 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6779 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM smps %d\n",
6780 			   sta->addr, smps);
6781 
6782 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6783 						ar->wmi.peer_param->smps_state, smps);
6784 		if (err)
6785 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6786 				    sta->addr, smps, err);
6787 	}
6788 
6789 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6790 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM supp rates\n",
6791 			   sta->addr);
6792 
6793 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6794 		if (err)
6795 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6796 				    sta->addr);
6797 	}
6798 
6799 exit:
6800 	mutex_unlock(&ar->conf_mutex);
6801 }
6802 
6803 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6804 				       struct ieee80211_sta *sta)
6805 {
6806 	struct ath10k *ar = arvif->ar;
6807 
6808 	lockdep_assert_held(&ar->conf_mutex);
6809 
6810 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6811 		return 0;
6812 
6813 	if (ar->num_stations >= ar->max_num_stations)
6814 		return -ENOBUFS;
6815 
6816 	ar->num_stations++;
6817 
6818 	return 0;
6819 }
6820 
6821 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6822 					struct ieee80211_sta *sta)
6823 {
6824 	struct ath10k *ar = arvif->ar;
6825 
6826 	lockdep_assert_held(&ar->conf_mutex);
6827 
6828 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6829 		return;
6830 
6831 	ar->num_stations--;
6832 }
6833 
6834 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6835 				struct ieee80211_vif *vif,
6836 				struct ieee80211_sta *sta)
6837 {
6838 	struct ath10k *ar = hw->priv;
6839 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6840 	int ret = 0;
6841 	s16 txpwr;
6842 
6843 	if (sta->deflink.txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6844 		txpwr = 0;
6845 	} else {
6846 		txpwr = sta->deflink.txpwr.power;
6847 		if (!txpwr)
6848 			return -EINVAL;
6849 	}
6850 
6851 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6852 		return -EINVAL;
6853 
6854 	mutex_lock(&ar->conf_mutex);
6855 
6856 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6857 					ar->wmi.peer_param->use_fixed_power, txpwr);
6858 	if (ret) {
6859 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6860 			    ret);
6861 		goto out;
6862 	}
6863 
6864 out:
6865 	mutex_unlock(&ar->conf_mutex);
6866 	return ret;
6867 }
6868 
6869 struct ath10k_mac_iter_tid_conf_data {
6870 	struct ieee80211_vif *curr_vif;
6871 	struct ath10k *ar;
6872 	bool reset_config;
6873 };
6874 
6875 static bool
6876 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6877 					enum nl80211_band band,
6878 					const struct cfg80211_bitrate_mask *mask,
6879 					int *vht_num_rates)
6880 {
6881 	int num_rates = 0;
6882 	int i, tmp;
6883 
6884 	num_rates += hweight32(mask->control[band].legacy);
6885 
6886 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6887 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6888 
6889 	*vht_num_rates = 0;
6890 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6891 		tmp = hweight16(mask->control[band].vht_mcs[i]);
6892 		num_rates += tmp;
6893 		*vht_num_rates += tmp;
6894 	}
6895 
6896 	return num_rates == 1;
6897 }
6898 
6899 static int
6900 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6901 					enum nl80211_band band,
6902 					const struct cfg80211_bitrate_mask *mask,
6903 					u8 *rate, u8 *nss, bool vht_only)
6904 {
6905 	int rate_idx;
6906 	int i;
6907 	u16 bitrate;
6908 	u8 preamble;
6909 	u8 hw_rate;
6910 
6911 	if (vht_only)
6912 		goto next;
6913 
6914 	if (hweight32(mask->control[band].legacy) == 1) {
6915 		rate_idx = ffs(mask->control[band].legacy) - 1;
6916 
6917 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6918 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6919 
6920 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
6921 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
6922 
6923 		if (ath10k_mac_bitrate_is_cck(bitrate))
6924 			preamble = WMI_RATE_PREAMBLE_CCK;
6925 		else
6926 			preamble = WMI_RATE_PREAMBLE_OFDM;
6927 
6928 		*nss = 1;
6929 		*rate = preamble << 6 |
6930 			(*nss - 1) << 4 |
6931 			hw_rate << 0;
6932 
6933 		return 0;
6934 	}
6935 
6936 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6937 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6938 			*nss = i + 1;
6939 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6940 				(*nss - 1) << 4 |
6941 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6942 
6943 			return 0;
6944 		}
6945 	}
6946 
6947 next:
6948 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6949 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6950 			*nss = i + 1;
6951 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6952 				(*nss - 1) << 4 |
6953 				(ffs(mask->control[band].vht_mcs[i]) - 1);
6954 
6955 			return 0;
6956 		}
6957 	}
6958 
6959 	return -EINVAL;
6960 }
6961 
6962 static int ath10k_mac_validate_rate_mask(struct ath10k *ar,
6963 					 struct ieee80211_sta *sta,
6964 					 u32 rate_ctrl_flag, u8 nss)
6965 {
6966 	struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
6967 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
6968 
6969 	if (nss > sta->deflink.rx_nss) {
6970 		ath10k_warn(ar, "Invalid nss field, configured %u limit %u\n",
6971 			    nss, sta->deflink.rx_nss);
6972 		return -EINVAL;
6973 	}
6974 
6975 	if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_VHT) {
6976 		if (!vht_cap->vht_supported) {
6977 			ath10k_warn(ar, "Invalid VHT rate for sta %pM\n",
6978 				    sta->addr);
6979 			return -EINVAL;
6980 		}
6981 	} else if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_HT) {
6982 		if (!ht_cap->ht_supported || vht_cap->vht_supported) {
6983 			ath10k_warn(ar, "Invalid HT rate for sta %pM\n",
6984 				    sta->addr);
6985 			return -EINVAL;
6986 		}
6987 	} else {
6988 		if (ht_cap->ht_supported || vht_cap->vht_supported)
6989 			return -EINVAL;
6990 	}
6991 
6992 	return 0;
6993 }
6994 
6995 static int
6996 ath10k_mac_tid_bitrate_config(struct ath10k *ar,
6997 			      struct ieee80211_vif *vif,
6998 			      struct ieee80211_sta *sta,
6999 			      u32 *rate_ctrl_flag, u8 *rate_ctrl,
7000 			      enum nl80211_tx_rate_setting txrate_type,
7001 			      const struct cfg80211_bitrate_mask *mask)
7002 {
7003 	struct cfg80211_chan_def def;
7004 	enum nl80211_band band;
7005 	u8 nss, rate;
7006 	int vht_num_rates, ret;
7007 
7008 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
7009 		return -EINVAL;
7010 
7011 	if (txrate_type == NL80211_TX_RATE_AUTOMATIC) {
7012 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7013 		*rate_ctrl_flag = 0;
7014 		return 0;
7015 	}
7016 
7017 	band = def.chan->band;
7018 
7019 	if (!ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
7020 						     &vht_num_rates)) {
7021 		return -EINVAL;
7022 	}
7023 
7024 	ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
7025 						      &rate, &nss, false);
7026 	if (ret) {
7027 		ath10k_warn(ar, "failed to get single rate: %d\n",
7028 			    ret);
7029 		return ret;
7030 	}
7031 
7032 	*rate_ctrl_flag = rate;
7033 
7034 	if (sta && ath10k_mac_validate_rate_mask(ar, sta, *rate_ctrl_flag, nss))
7035 		return -EINVAL;
7036 
7037 	if (txrate_type == NL80211_TX_RATE_FIXED)
7038 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_FIXED_RATE;
7039 	else if (txrate_type == NL80211_TX_RATE_LIMITED &&
7040 		 (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
7041 			   ar->wmi.svc_map)))
7042 		*rate_ctrl = WMI_PEER_TID_CONFIG_RATE_UPPER_CAP;
7043 	else
7044 		return -EOPNOTSUPP;
7045 
7046 	return 0;
7047 }
7048 
7049 static int ath10k_mac_set_tid_config(struct ath10k *ar, struct ieee80211_sta *sta,
7050 				     struct ieee80211_vif *vif, u32 changed,
7051 				     struct wmi_per_peer_per_tid_cfg_arg *arg)
7052 {
7053 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7054 	struct ath10k_sta *arsta;
7055 	int ret;
7056 
7057 	if (sta) {
7058 		if (!sta->wme)
7059 			return -ENOTSUPP;
7060 
7061 		arsta = (struct ath10k_sta *)sta->drv_priv;
7062 
7063 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7064 			if ((arsta->retry_long[arg->tid] > 0 ||
7065 			     arsta->rate_code[arg->tid] > 0 ||
7066 			     arsta->ampdu[arg->tid] ==
7067 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7068 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7069 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7070 				arg->ack_policy = 0;
7071 				arg->aggr_control = 0;
7072 				arg->rate_ctrl = 0;
7073 				arg->rcode_flags = 0;
7074 			}
7075 		}
7076 
7077 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7078 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7079 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7080 				arg->aggr_control = 0;
7081 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7082 			}
7083 		}
7084 
7085 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7086 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7087 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7088 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7089 				arg->rate_ctrl = 0;
7090 				arg->rcode_flags = 0;
7091 			}
7092 		}
7093 
7094 		ether_addr_copy(arg->peer_macaddr.addr, sta->addr);
7095 
7096 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, arg);
7097 		if (ret)
7098 			return ret;
7099 
7100 		/* Store the configured parameters in success case */
7101 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7102 			arsta->noack[arg->tid] = arg->ack_policy;
7103 			arg->ack_policy = 0;
7104 			arg->aggr_control = 0;
7105 			arg->rate_ctrl = 0;
7106 			arg->rcode_flags = 0;
7107 		}
7108 
7109 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7110 			arsta->retry_long[arg->tid] = arg->retry_count;
7111 			arg->retry_count = 0;
7112 		}
7113 
7114 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7115 			arsta->ampdu[arg->tid] = arg->aggr_control;
7116 			arg->aggr_control = 0;
7117 		}
7118 
7119 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7120 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7121 			arsta->rate_ctrl[arg->tid] = arg->rate_ctrl;
7122 			arg->rate_ctrl = 0;
7123 			arg->rcode_flags = 0;
7124 		}
7125 
7126 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7127 			arsta->rtscts[arg->tid] = arg->rtscts_ctrl;
7128 			arg->ext_tid_cfg_bitmap = 0;
7129 		}
7130 	} else {
7131 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7132 			if ((arvif->retry_long[arg->tid] ||
7133 			     arvif->rate_code[arg->tid] ||
7134 			     arvif->ampdu[arg->tid] ==
7135 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7136 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7137 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7138 			} else {
7139 				arvif->noack[arg->tid] = arg->ack_policy;
7140 				arvif->ampdu[arg->tid] = arg->aggr_control;
7141 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7142 			}
7143 		}
7144 
7145 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7146 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7147 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7148 			else
7149 				arvif->retry_long[arg->tid] = arg->retry_count;
7150 		}
7151 
7152 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7153 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7154 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
7155 			else
7156 				arvif->ampdu[arg->tid] = arg->aggr_control;
7157 		}
7158 
7159 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7160 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7161 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7162 				changed &= ~(BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7163 					     BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE));
7164 			} else {
7165 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7166 				arvif->rate_code[arg->tid] = arg->rcode_flags;
7167 			}
7168 		}
7169 
7170 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7171 			arvif->rtscts[arg->tid] = arg->rtscts_ctrl;
7172 			arg->ext_tid_cfg_bitmap = 0;
7173 		}
7174 
7175 		if (changed)
7176 			arvif->tid_conf_changed[arg->tid] |= changed;
7177 	}
7178 
7179 	return 0;
7180 }
7181 
7182 static int
7183 ath10k_mac_parse_tid_config(struct ath10k *ar,
7184 			    struct ieee80211_sta *sta,
7185 			    struct ieee80211_vif *vif,
7186 			    struct cfg80211_tid_cfg *tid_conf,
7187 			    struct wmi_per_peer_per_tid_cfg_arg *arg)
7188 {
7189 	u32 changed = tid_conf->mask;
7190 	int ret = 0, i = 0;
7191 
7192 	if (!changed)
7193 		return -EINVAL;
7194 
7195 	while (i < ATH10K_TID_MAX) {
7196 		if (!(tid_conf->tids & BIT(i))) {
7197 			i++;
7198 			continue;
7199 		}
7200 
7201 		arg->tid = i;
7202 
7203 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7204 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE) {
7205 				arg->ack_policy = WMI_PEER_TID_CONFIG_NOACK;
7206 				arg->rate_ctrl =
7207 				WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
7208 				arg->aggr_control =
7209 					WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7210 			} else {
7211 				arg->ack_policy =
7212 					WMI_PEER_TID_CONFIG_ACK;
7213 				arg->rate_ctrl =
7214 					WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7215 				arg->aggr_control =
7216 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7217 			}
7218 		}
7219 
7220 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG))
7221 			arg->retry_count = tid_conf->retry_long;
7222 
7223 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7224 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE)
7225 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7226 			else
7227 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7228 		}
7229 
7230 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7231 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7232 			ret = ath10k_mac_tid_bitrate_config(ar, vif, sta,
7233 							    &arg->rcode_flags,
7234 							    &arg->rate_ctrl,
7235 							    tid_conf->txrate_type,
7236 							&tid_conf->txrate_mask);
7237 			if (ret) {
7238 				ath10k_warn(ar, "failed to configure bitrate mask %d\n",
7239 					    ret);
7240 				arg->rcode_flags = 0;
7241 				arg->rate_ctrl = 0;
7242 			}
7243 		}
7244 
7245 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7246 			if (tid_conf->rtscts)
7247 				arg->rtscts_ctrl = tid_conf->rtscts;
7248 
7249 			arg->ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7250 		}
7251 
7252 		ret = ath10k_mac_set_tid_config(ar, sta, vif, changed, arg);
7253 		if (ret)
7254 			return ret;
7255 		i++;
7256 	}
7257 
7258 	return ret;
7259 }
7260 
7261 static int ath10k_mac_reset_tid_config(struct ath10k *ar,
7262 				       struct ieee80211_sta *sta,
7263 				       struct ath10k_vif *arvif,
7264 				       u8 tids)
7265 {
7266 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7267 	struct wmi_per_peer_per_tid_cfg_arg arg;
7268 	int ret = 0, i = 0;
7269 
7270 	arg.vdev_id = arvif->vdev_id;
7271 	while (i < ATH10K_TID_MAX) {
7272 		if (!(tids & BIT(i))) {
7273 			i++;
7274 			continue;
7275 		}
7276 
7277 		arg.tid = i;
7278 		arg.ack_policy = WMI_PEER_TID_CONFIG_ACK;
7279 		arg.retry_count = ATH10K_MAX_RETRY_COUNT;
7280 		arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7281 		arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7282 		arg.rtscts_ctrl = WMI_TID_CONFIG_RTSCTS_CONTROL_ENABLE;
7283 		arg.ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7284 
7285 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7286 
7287 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7288 		if (ret)
7289 			return ret;
7290 
7291 		if (!arvif->tids_rst) {
7292 			arsta->retry_long[i] = -1;
7293 			arsta->noack[i] = -1;
7294 			arsta->ampdu[i] = -1;
7295 			arsta->rate_code[i] = -1;
7296 			arsta->rate_ctrl[i] = 0;
7297 			arsta->rtscts[i] = -1;
7298 		} else {
7299 			arvif->retry_long[i] = 0;
7300 			arvif->noack[i] = 0;
7301 			arvif->ampdu[i] = 0;
7302 			arvif->rate_code[i] = 0;
7303 			arvif->rate_ctrl[i] = 0;
7304 			arvif->rtscts[i] = 0;
7305 		}
7306 
7307 		i++;
7308 	}
7309 
7310 	return ret;
7311 }
7312 
7313 static void ath10k_sta_tid_cfg_wk(struct work_struct *wk)
7314 {
7315 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
7316 	struct ieee80211_sta *sta;
7317 	struct ath10k_sta *arsta;
7318 	struct ath10k_vif *arvif;
7319 	struct ath10k *ar;
7320 	bool config_apply;
7321 	int ret, i;
7322 	u32 changed;
7323 	u8 nss;
7324 
7325 	arsta = container_of(wk, struct ath10k_sta, tid_config_wk);
7326 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
7327 	arvif = arsta->arvif;
7328 	ar = arvif->ar;
7329 
7330 	mutex_lock(&ar->conf_mutex);
7331 
7332 	if (arvif->tids_rst) {
7333 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif,
7334 						  arvif->tids_rst);
7335 		goto exit;
7336 	}
7337 
7338 	ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7339 
7340 	for (i = 0; i < ATH10K_TID_MAX; i++) {
7341 		config_apply = false;
7342 		changed = arvif->tid_conf_changed[i];
7343 
7344 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7345 			if (arsta->noack[i] != -1) {
7346 				arg.ack_policy  = 0;
7347 			} else {
7348 				config_apply = true;
7349 				arg.ack_policy = arvif->noack[i];
7350 				arg.aggr_control = arvif->ampdu[i];
7351 				arg.rate_ctrl = arvif->rate_ctrl[i];
7352 			}
7353 		}
7354 
7355 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7356 			if (arsta->retry_long[i] != -1 ||
7357 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7358 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7359 				arg.retry_count = 0;
7360 			} else {
7361 				arg.retry_count = arvif->retry_long[i];
7362 				config_apply = true;
7363 			}
7364 		}
7365 
7366 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7367 			if (arsta->ampdu[i] != -1 ||
7368 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7369 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7370 				arg.aggr_control = 0;
7371 			} else {
7372 				arg.aggr_control = arvif->ampdu[i];
7373 				config_apply = true;
7374 			}
7375 		}
7376 
7377 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7378 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7379 			nss = ATH10K_HW_NSS(arvif->rate_code[i]);
7380 			ret = ath10k_mac_validate_rate_mask(ar, sta,
7381 							    arvif->rate_code[i],
7382 							    nss);
7383 			if (ret &&
7384 			    arvif->rate_ctrl[i] > WMI_TID_CONFIG_RATE_CONTROL_AUTO) {
7385 				arg.rate_ctrl = 0;
7386 				arg.rcode_flags = 0;
7387 			}
7388 
7389 			if (arsta->rate_ctrl[i] >
7390 			    WMI_TID_CONFIG_RATE_CONTROL_AUTO ||
7391 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7392 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7393 				arg.rate_ctrl = 0;
7394 				arg.rcode_flags = 0;
7395 			} else {
7396 				arg.rate_ctrl = arvif->rate_ctrl[i];
7397 				arg.rcode_flags = arvif->rate_code[i];
7398 				config_apply = true;
7399 			}
7400 		}
7401 
7402 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7403 			if (arsta->rtscts[i]) {
7404 				arg.rtscts_ctrl = 0;
7405 				arg.ext_tid_cfg_bitmap = 0;
7406 			} else {
7407 				arg.rtscts_ctrl = arvif->rtscts[i] - 1;
7408 				arg.ext_tid_cfg_bitmap =
7409 					WMI_EXT_TID_RTS_CTS_CONFIG;
7410 				config_apply = true;
7411 			}
7412 		}
7413 
7414 		arg.tid = i;
7415 
7416 		if (config_apply) {
7417 			ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7418 			if (ret)
7419 				ath10k_warn(ar, "failed to set per tid config for sta %pM: %d\n",
7420 					    sta->addr, ret);
7421 		}
7422 
7423 		arg.ack_policy  = 0;
7424 		arg.retry_count  = 0;
7425 		arg.aggr_control  = 0;
7426 		arg.rate_ctrl = 0;
7427 		arg.rcode_flags = 0;
7428 	}
7429 
7430 exit:
7431 	mutex_unlock(&ar->conf_mutex);
7432 }
7433 
7434 static void ath10k_mac_vif_stations_tid_conf(void *data,
7435 					     struct ieee80211_sta *sta)
7436 {
7437 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7438 	struct ath10k_mac_iter_tid_conf_data *iter_data = data;
7439 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
7440 
7441 	if (sta_vif != iter_data->curr_vif || !sta->wme)
7442 		return;
7443 
7444 	ieee80211_queue_work(iter_data->ar->hw, &arsta->tid_config_wk);
7445 }
7446 
7447 static int ath10k_sta_state(struct ieee80211_hw *hw,
7448 			    struct ieee80211_vif *vif,
7449 			    struct ieee80211_sta *sta,
7450 			    enum ieee80211_sta_state old_state,
7451 			    enum ieee80211_sta_state new_state)
7452 {
7453 	struct ath10k *ar = hw->priv;
7454 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7455 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7456 	struct ath10k_peer *peer;
7457 	int ret = 0;
7458 	int i;
7459 
7460 	if (old_state == IEEE80211_STA_NOTEXIST &&
7461 	    new_state == IEEE80211_STA_NONE) {
7462 		memset(arsta, 0, sizeof(*arsta));
7463 		arsta->arvif = arvif;
7464 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
7465 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
7466 		INIT_WORK(&arsta->tid_config_wk, ath10k_sta_tid_cfg_wk);
7467 
7468 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7469 			ath10k_mac_txq_init(sta->txq[i]);
7470 	}
7471 
7472 	/* cancel must be done outside the mutex to avoid deadlock */
7473 	if ((old_state == IEEE80211_STA_NONE &&
7474 	     new_state == IEEE80211_STA_NOTEXIST)) {
7475 		cancel_work_sync(&arsta->update_wk);
7476 		cancel_work_sync(&arsta->tid_config_wk);
7477 	}
7478 
7479 	mutex_lock(&ar->conf_mutex);
7480 
7481 	if (old_state == IEEE80211_STA_NOTEXIST &&
7482 	    new_state == IEEE80211_STA_NONE) {
7483 		/*
7484 		 * New station addition.
7485 		 */
7486 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
7487 		u32 num_tdls_stations;
7488 
7489 		ath10k_dbg(ar, ATH10K_DBG_STA,
7490 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
7491 			   arvif->vdev_id, sta->addr,
7492 			   ar->num_stations + 1, ar->max_num_stations,
7493 			   ar->num_peers + 1, ar->max_num_peers);
7494 
7495 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
7496 
7497 		if (sta->tdls) {
7498 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
7499 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
7500 					    arvif->vdev_id,
7501 					    ar->max_num_tdls_vdevs);
7502 				ret = -ELNRNG;
7503 				goto exit;
7504 			}
7505 			peer_type = WMI_PEER_TYPE_TDLS;
7506 		}
7507 
7508 		ret = ath10k_mac_inc_num_stations(arvif, sta);
7509 		if (ret) {
7510 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
7511 				    ar->max_num_stations);
7512 			goto exit;
7513 		}
7514 
7515 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7516 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
7517 						  GFP_KERNEL);
7518 			if (!arsta->tx_stats) {
7519 				ath10k_mac_dec_num_stations(arvif, sta);
7520 				ret = -ENOMEM;
7521 				goto exit;
7522 			}
7523 		}
7524 
7525 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
7526 					 sta->addr, peer_type);
7527 		if (ret) {
7528 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
7529 				    sta->addr, arvif->vdev_id, ret);
7530 			ath10k_mac_dec_num_stations(arvif, sta);
7531 			kfree(arsta->tx_stats);
7532 			goto exit;
7533 		}
7534 
7535 		spin_lock_bh(&ar->data_lock);
7536 
7537 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7538 		if (!peer) {
7539 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
7540 				    vif->addr, arvif->vdev_id);
7541 			spin_unlock_bh(&ar->data_lock);
7542 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7543 			ath10k_mac_dec_num_stations(arvif, sta);
7544 			kfree(arsta->tx_stats);
7545 			ret = -ENOENT;
7546 			goto exit;
7547 		}
7548 
7549 		arsta->peer_id = find_first_bit(peer->peer_ids,
7550 						ATH10K_MAX_NUM_PEER_IDS);
7551 
7552 		spin_unlock_bh(&ar->data_lock);
7553 
7554 		if (!sta->tdls)
7555 			goto exit;
7556 
7557 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7558 						      WMI_TDLS_ENABLE_ACTIVE);
7559 		if (ret) {
7560 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7561 				    arvif->vdev_id, ret);
7562 			ath10k_peer_delete(ar, arvif->vdev_id,
7563 					   sta->addr);
7564 			ath10k_mac_dec_num_stations(arvif, sta);
7565 			kfree(arsta->tx_stats);
7566 			goto exit;
7567 		}
7568 
7569 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7570 						  WMI_TDLS_PEER_STATE_PEERING);
7571 		if (ret) {
7572 			ath10k_warn(ar,
7573 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
7574 				    sta->addr, arvif->vdev_id, ret);
7575 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7576 			ath10k_mac_dec_num_stations(arvif, sta);
7577 			kfree(arsta->tx_stats);
7578 
7579 			if (num_tdls_stations != 0)
7580 				goto exit;
7581 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7582 							WMI_TDLS_DISABLE);
7583 		}
7584 	} else if ((old_state == IEEE80211_STA_NONE &&
7585 		    new_state == IEEE80211_STA_NOTEXIST)) {
7586 		/*
7587 		 * Existing station deletion.
7588 		 */
7589 		ath10k_dbg(ar, ATH10K_DBG_STA,
7590 			   "mac vdev %d peer delete %pM sta %pK (sta gone)\n",
7591 			   arvif->vdev_id, sta->addr, sta);
7592 
7593 		if (sta->tdls) {
7594 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
7595 							  sta,
7596 							  WMI_TDLS_PEER_STATE_TEARDOWN);
7597 			if (ret)
7598 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
7599 					    sta->addr,
7600 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
7601 		}
7602 
7603 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7604 		if (ret)
7605 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
7606 				    sta->addr, arvif->vdev_id, ret);
7607 
7608 		ath10k_mac_dec_num_stations(arvif, sta);
7609 
7610 		spin_lock_bh(&ar->data_lock);
7611 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
7612 			peer = ar->peer_map[i];
7613 			if (!peer)
7614 				continue;
7615 
7616 			if (peer->sta == sta) {
7617 				ath10k_warn(ar, "found sta peer %pM (ptr %pK id %d) entry on vdev %i after it was supposedly removed\n",
7618 					    sta->addr, peer, i, arvif->vdev_id);
7619 				peer->sta = NULL;
7620 
7621 				/* Clean up the peer object as well since we
7622 				 * must have failed to do this above.
7623 				 */
7624 				list_del(&peer->list);
7625 				ar->peer_map[i] = NULL;
7626 				kfree(peer);
7627 				ar->num_peers--;
7628 			}
7629 		}
7630 		spin_unlock_bh(&ar->data_lock);
7631 
7632 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7633 			kfree(arsta->tx_stats);
7634 			arsta->tx_stats = NULL;
7635 		}
7636 
7637 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7638 			ath10k_mac_txq_unref(ar, sta->txq[i]);
7639 
7640 		if (!sta->tdls)
7641 			goto exit;
7642 
7643 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
7644 			goto exit;
7645 
7646 		/* This was the last tdls peer in current vif */
7647 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7648 						      WMI_TDLS_DISABLE);
7649 		if (ret) {
7650 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7651 				    arvif->vdev_id, ret);
7652 		}
7653 	} else if (old_state == IEEE80211_STA_AUTH &&
7654 		   new_state == IEEE80211_STA_ASSOC &&
7655 		   (vif->type == NL80211_IFTYPE_AP ||
7656 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
7657 		    vif->type == NL80211_IFTYPE_ADHOC)) {
7658 		/*
7659 		 * New association.
7660 		 */
7661 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM associated\n",
7662 			   sta->addr);
7663 
7664 		ret = ath10k_station_assoc(ar, vif, sta, false);
7665 		if (ret)
7666 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
7667 				    sta->addr, arvif->vdev_id, ret);
7668 	} else if (old_state == IEEE80211_STA_ASSOC &&
7669 		   new_state == IEEE80211_STA_AUTHORIZED &&
7670 		   sta->tdls) {
7671 		/*
7672 		 * Tdls station authorized.
7673 		 */
7674 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac tdls sta %pM authorized\n",
7675 			   sta->addr);
7676 
7677 		ret = ath10k_station_assoc(ar, vif, sta, false);
7678 		if (ret) {
7679 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
7680 				    sta->addr, arvif->vdev_id, ret);
7681 			goto exit;
7682 		}
7683 
7684 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7685 						  WMI_TDLS_PEER_STATE_CONNECTED);
7686 		if (ret)
7687 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
7688 				    sta->addr, arvif->vdev_id, ret);
7689 	} else if (old_state == IEEE80211_STA_ASSOC &&
7690 		    new_state == IEEE80211_STA_AUTH &&
7691 		    (vif->type == NL80211_IFTYPE_AP ||
7692 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
7693 		     vif->type == NL80211_IFTYPE_ADHOC)) {
7694 		/*
7695 		 * Disassociation.
7696 		 */
7697 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM disassociated\n",
7698 			   sta->addr);
7699 
7700 		ret = ath10k_station_disassoc(ar, vif, sta);
7701 		if (ret)
7702 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
7703 				    sta->addr, arvif->vdev_id, ret);
7704 	}
7705 exit:
7706 	mutex_unlock(&ar->conf_mutex);
7707 	return ret;
7708 }
7709 
7710 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
7711 				u16 ac, bool enable)
7712 {
7713 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7714 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
7715 	u32 prio = 0, acc = 0;
7716 	u32 value = 0;
7717 	int ret = 0;
7718 
7719 	lockdep_assert_held(&ar->conf_mutex);
7720 
7721 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
7722 		return 0;
7723 
7724 	switch (ac) {
7725 	case IEEE80211_AC_VO:
7726 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
7727 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
7728 		prio = 7;
7729 		acc = 3;
7730 		break;
7731 	case IEEE80211_AC_VI:
7732 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
7733 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
7734 		prio = 5;
7735 		acc = 2;
7736 		break;
7737 	case IEEE80211_AC_BE:
7738 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
7739 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
7740 		prio = 2;
7741 		acc = 1;
7742 		break;
7743 	case IEEE80211_AC_BK:
7744 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
7745 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
7746 		prio = 0;
7747 		acc = 0;
7748 		break;
7749 	}
7750 
7751 	if (enable)
7752 		arvif->u.sta.uapsd |= value;
7753 	else
7754 		arvif->u.sta.uapsd &= ~value;
7755 
7756 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7757 					  WMI_STA_PS_PARAM_UAPSD,
7758 					  arvif->u.sta.uapsd);
7759 	if (ret) {
7760 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
7761 		goto exit;
7762 	}
7763 
7764 	if (arvif->u.sta.uapsd)
7765 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
7766 	else
7767 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
7768 
7769 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7770 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
7771 					  value);
7772 	if (ret)
7773 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
7774 
7775 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
7776 	if (ret) {
7777 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
7778 			    arvif->vdev_id, ret);
7779 		return ret;
7780 	}
7781 
7782 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
7783 	if (ret) {
7784 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
7785 			    arvif->vdev_id, ret);
7786 		return ret;
7787 	}
7788 
7789 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
7790 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
7791 		/* Only userspace can make an educated decision when to send
7792 		 * trigger frame. The following effectively disables u-UAPSD
7793 		 * autotrigger in firmware (which is enabled by default
7794 		 * provided the autotrigger service is available).
7795 		 */
7796 
7797 		arg.wmm_ac = acc;
7798 		arg.user_priority = prio;
7799 		arg.service_interval = 0;
7800 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7801 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7802 
7803 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
7804 						arvif->bssid, &arg, 1);
7805 		if (ret) {
7806 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
7807 				    ret);
7808 			return ret;
7809 		}
7810 	}
7811 
7812 exit:
7813 	return ret;
7814 }
7815 
7816 static int ath10k_conf_tx(struct ieee80211_hw *hw,
7817 			  struct ieee80211_vif *vif, u16 ac,
7818 			  const struct ieee80211_tx_queue_params *params)
7819 {
7820 	struct ath10k *ar = hw->priv;
7821 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7822 	struct wmi_wmm_params_arg *p = NULL;
7823 	int ret;
7824 
7825 	mutex_lock(&ar->conf_mutex);
7826 
7827 	switch (ac) {
7828 	case IEEE80211_AC_VO:
7829 		p = &arvif->wmm_params.ac_vo;
7830 		break;
7831 	case IEEE80211_AC_VI:
7832 		p = &arvif->wmm_params.ac_vi;
7833 		break;
7834 	case IEEE80211_AC_BE:
7835 		p = &arvif->wmm_params.ac_be;
7836 		break;
7837 	case IEEE80211_AC_BK:
7838 		p = &arvif->wmm_params.ac_bk;
7839 		break;
7840 	}
7841 
7842 	if (WARN_ON(!p)) {
7843 		ret = -EINVAL;
7844 		goto exit;
7845 	}
7846 
7847 	p->cwmin = params->cw_min;
7848 	p->cwmax = params->cw_max;
7849 	p->aifs = params->aifs;
7850 
7851 	/*
7852 	 * The channel time duration programmed in the HW is in absolute
7853 	 * microseconds, while mac80211 gives the txop in units of
7854 	 * 32 microseconds.
7855 	 */
7856 	p->txop = params->txop * 32;
7857 
7858 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
7859 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
7860 					       &arvif->wmm_params);
7861 		if (ret) {
7862 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
7863 				    arvif->vdev_id, ret);
7864 			goto exit;
7865 		}
7866 	} else {
7867 		/* This won't work well with multi-interface cases but it's
7868 		 * better than nothing.
7869 		 */
7870 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
7871 		if (ret) {
7872 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
7873 			goto exit;
7874 		}
7875 	}
7876 
7877 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
7878 	if (ret)
7879 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
7880 
7881 exit:
7882 	mutex_unlock(&ar->conf_mutex);
7883 	return ret;
7884 }
7885 
7886 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
7887 				    struct ieee80211_vif *vif,
7888 				    struct ieee80211_channel *chan,
7889 				    int duration,
7890 				    enum ieee80211_roc_type type)
7891 {
7892 	struct ath10k *ar = hw->priv;
7893 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7894 	struct wmi_start_scan_arg arg;
7895 	int ret = 0;
7896 	u32 scan_time_msec;
7897 
7898 	mutex_lock(&ar->conf_mutex);
7899 
7900 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
7901 		ret = -EBUSY;
7902 		goto exit;
7903 	}
7904 
7905 	spin_lock_bh(&ar->data_lock);
7906 	switch (ar->scan.state) {
7907 	case ATH10K_SCAN_IDLE:
7908 		reinit_completion(&ar->scan.started);
7909 		reinit_completion(&ar->scan.completed);
7910 		reinit_completion(&ar->scan.on_channel);
7911 		ar->scan.state = ATH10K_SCAN_STARTING;
7912 		ar->scan.is_roc = true;
7913 		ar->scan.vdev_id = arvif->vdev_id;
7914 		ar->scan.roc_freq = chan->center_freq;
7915 		ar->scan.roc_notify = true;
7916 		ret = 0;
7917 		break;
7918 	case ATH10K_SCAN_STARTING:
7919 	case ATH10K_SCAN_RUNNING:
7920 	case ATH10K_SCAN_ABORTING:
7921 		ret = -EBUSY;
7922 		break;
7923 	}
7924 	spin_unlock_bh(&ar->data_lock);
7925 
7926 	if (ret)
7927 		goto exit;
7928 
7929 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7930 
7931 	memset(&arg, 0, sizeof(arg));
7932 	ath10k_wmi_start_scan_init(ar, &arg);
7933 	arg.vdev_id = arvif->vdev_id;
7934 	arg.scan_id = ATH10K_SCAN_ID;
7935 	arg.n_channels = 1;
7936 	arg.channels[0] = chan->center_freq;
7937 	arg.dwell_time_active = scan_time_msec;
7938 	arg.dwell_time_passive = scan_time_msec;
7939 	arg.max_scan_time = scan_time_msec;
7940 	arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7941 	arg.scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7942 	arg.burst_duration_ms = duration;
7943 
7944 	ret = ath10k_start_scan(ar, &arg);
7945 	if (ret) {
7946 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7947 		spin_lock_bh(&ar->data_lock);
7948 		ar->scan.state = ATH10K_SCAN_IDLE;
7949 		spin_unlock_bh(&ar->data_lock);
7950 		goto exit;
7951 	}
7952 
7953 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
7954 	if (ret == 0) {
7955 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
7956 
7957 		ret = ath10k_scan_stop(ar);
7958 		if (ret)
7959 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
7960 
7961 		ret = -ETIMEDOUT;
7962 		goto exit;
7963 	}
7964 
7965 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
7966 				     msecs_to_jiffies(duration));
7967 
7968 	ret = 0;
7969 exit:
7970 	mutex_unlock(&ar->conf_mutex);
7971 	return ret;
7972 }
7973 
7974 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
7975 					   struct ieee80211_vif *vif)
7976 {
7977 	struct ath10k *ar = hw->priv;
7978 
7979 	mutex_lock(&ar->conf_mutex);
7980 
7981 	spin_lock_bh(&ar->data_lock);
7982 	ar->scan.roc_notify = false;
7983 	spin_unlock_bh(&ar->data_lock);
7984 
7985 	ath10k_scan_abort(ar);
7986 
7987 	mutex_unlock(&ar->conf_mutex);
7988 
7989 	cancel_delayed_work_sync(&ar->scan.timeout);
7990 
7991 	return 0;
7992 }
7993 
7994 /*
7995  * Both RTS and Fragmentation threshold are interface-specific
7996  * in ath10k, but device-specific in mac80211.
7997  */
7998 
7999 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
8000 {
8001 	struct ath10k *ar = hw->priv;
8002 	struct ath10k_vif *arvif;
8003 	int ret = 0;
8004 
8005 	mutex_lock(&ar->conf_mutex);
8006 	list_for_each_entry(arvif, &ar->arvifs, list) {
8007 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
8008 			   arvif->vdev_id, value);
8009 
8010 		ret = ath10k_mac_set_rts(arvif, value);
8011 		if (ret) {
8012 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
8013 				    arvif->vdev_id, ret);
8014 			break;
8015 		}
8016 	}
8017 	mutex_unlock(&ar->conf_mutex);
8018 
8019 	return ret;
8020 }
8021 
8022 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
8023 {
8024 	/* Even though there's a WMI enum for fragmentation threshold no known
8025 	 * firmware actually implements it. Moreover it is not possible to rely
8026 	 * frame fragmentation to mac80211 because firmware clears the "more
8027 	 * fragments" bit in frame control making it impossible for remote
8028 	 * devices to reassemble frames.
8029 	 *
8030 	 * Hence implement a dummy callback just to say fragmentation isn't
8031 	 * supported. This effectively prevents mac80211 from doing frame
8032 	 * fragmentation in software.
8033 	 */
8034 	return -EOPNOTSUPP;
8035 }
8036 
8037 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
8038 {
8039 	bool skip;
8040 	long time_left;
8041 
8042 	/* mac80211 doesn't care if we really xmit queued frames or not
8043 	 * we'll collect those frames either way if we stop/delete vdevs
8044 	 */
8045 
8046 	if (ar->state == ATH10K_STATE_WEDGED)
8047 		return;
8048 
8049 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
8050 			bool empty;
8051 
8052 			spin_lock_bh(&ar->htt.tx_lock);
8053 			empty = (ar->htt.num_pending_tx == 0);
8054 			spin_unlock_bh(&ar->htt.tx_lock);
8055 
8056 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
8057 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
8058 					&ar->dev_flags);
8059 
8060 			(empty || skip);
8061 		}), ATH10K_FLUSH_TIMEOUT_HZ);
8062 
8063 	if (time_left == 0 || skip)
8064 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
8065 			    skip, ar->state, time_left);
8066 }
8067 
8068 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
8069 			 u32 queues, bool drop)
8070 {
8071 	struct ath10k *ar = hw->priv;
8072 	struct ath10k_vif *arvif;
8073 	u32 bitmap;
8074 
8075 	if (drop) {
8076 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
8077 			bitmap = ~(1 << WMI_MGMT_TID);
8078 			list_for_each_entry(arvif, &ar->arvifs, list) {
8079 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
8080 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
8081 							      arvif->bssid, bitmap);
8082 			}
8083 			ath10k_htt_flush_tx(&ar->htt);
8084 		}
8085 		return;
8086 	}
8087 
8088 	mutex_lock(&ar->conf_mutex);
8089 	ath10k_mac_wait_tx_complete(ar);
8090 	mutex_unlock(&ar->conf_mutex);
8091 }
8092 
8093 /* TODO: Implement this function properly
8094  * For now it is needed to reply to Probe Requests in IBSS mode.
8095  * Propably we need this information from FW.
8096  */
8097 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
8098 {
8099 	return 1;
8100 }
8101 
8102 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
8103 				     enum ieee80211_reconfig_type reconfig_type)
8104 {
8105 	struct ath10k *ar = hw->priv;
8106 
8107 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
8108 		return;
8109 
8110 	mutex_lock(&ar->conf_mutex);
8111 
8112 	/* If device failed to restart it will be in a different state, e.g.
8113 	 * ATH10K_STATE_WEDGED
8114 	 */
8115 	if (ar->state == ATH10K_STATE_RESTARTED) {
8116 		ath10k_info(ar, "device successfully recovered\n");
8117 		ar->state = ATH10K_STATE_ON;
8118 		ieee80211_wake_queues(ar->hw);
8119 		clear_bit(ATH10K_FLAG_RESTARTING, &ar->dev_flags);
8120 	}
8121 
8122 	mutex_unlock(&ar->conf_mutex);
8123 }
8124 
8125 static void
8126 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
8127 				  struct ieee80211_channel *channel)
8128 {
8129 	int ret;
8130 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
8131 
8132 	lockdep_assert_held(&ar->conf_mutex);
8133 
8134 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
8135 	    (ar->rx_channel != channel))
8136 		return;
8137 
8138 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
8139 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
8140 		return;
8141 	}
8142 
8143 	reinit_completion(&ar->bss_survey_done);
8144 
8145 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
8146 	if (ret) {
8147 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
8148 		return;
8149 	}
8150 
8151 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
8152 	if (!ret) {
8153 		ath10k_warn(ar, "bss channel survey timed out\n");
8154 		return;
8155 	}
8156 }
8157 
8158 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
8159 			     struct survey_info *survey)
8160 {
8161 	struct ath10k *ar = hw->priv;
8162 	struct ieee80211_supported_band *sband;
8163 	struct survey_info *ar_survey = &ar->survey[idx];
8164 	int ret = 0;
8165 
8166 	mutex_lock(&ar->conf_mutex);
8167 
8168 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
8169 	if (sband && idx >= sband->n_channels) {
8170 		idx -= sband->n_channels;
8171 		sband = NULL;
8172 	}
8173 
8174 	if (!sband)
8175 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
8176 
8177 	if (!sband || idx >= sband->n_channels) {
8178 		ret = -ENOENT;
8179 		goto exit;
8180 	}
8181 
8182 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
8183 
8184 	spin_lock_bh(&ar->data_lock);
8185 	memcpy(survey, ar_survey, sizeof(*survey));
8186 	spin_unlock_bh(&ar->data_lock);
8187 
8188 	survey->channel = &sband->channels[idx];
8189 
8190 	if (ar->rx_channel == survey->channel)
8191 		survey->filled |= SURVEY_INFO_IN_USE;
8192 
8193 exit:
8194 	mutex_unlock(&ar->conf_mutex);
8195 	return ret;
8196 }
8197 
8198 static bool
8199 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
8200 				       enum nl80211_band band,
8201 				       const struct cfg80211_bitrate_mask *mask,
8202 				       int *nss)
8203 {
8204 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
8205 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8206 	u8 ht_nss_mask = 0;
8207 	u8 vht_nss_mask = 0;
8208 	int i;
8209 
8210 	if (mask->control[band].legacy)
8211 		return false;
8212 
8213 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
8214 		if (mask->control[band].ht_mcs[i] == 0)
8215 			continue;
8216 		else if (mask->control[band].ht_mcs[i] ==
8217 			 sband->ht_cap.mcs.rx_mask[i])
8218 			ht_nss_mask |= BIT(i);
8219 		else
8220 			return false;
8221 	}
8222 
8223 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
8224 		if (mask->control[band].vht_mcs[i] == 0)
8225 			continue;
8226 		else if (mask->control[band].vht_mcs[i] ==
8227 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
8228 			vht_nss_mask |= BIT(i);
8229 		else
8230 			return false;
8231 	}
8232 
8233 	if (ht_nss_mask != vht_nss_mask)
8234 		return false;
8235 
8236 	if (ht_nss_mask == 0)
8237 		return false;
8238 
8239 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
8240 		return false;
8241 
8242 	*nss = fls(ht_nss_mask);
8243 
8244 	return true;
8245 }
8246 
8247 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
8248 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
8249 {
8250 	struct ath10k *ar = arvif->ar;
8251 	u32 vdev_param;
8252 	int ret;
8253 
8254 	lockdep_assert_held(&ar->conf_mutex);
8255 
8256 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02x nss %u sgi %u\n",
8257 		   arvif->vdev_id, rate, nss, sgi);
8258 
8259 	vdev_param = ar->wmi.vdev_param->fixed_rate;
8260 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
8261 	if (ret) {
8262 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
8263 			    rate, ret);
8264 		return ret;
8265 	}
8266 
8267 	vdev_param = ar->wmi.vdev_param->nss;
8268 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
8269 	if (ret) {
8270 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
8271 		return ret;
8272 	}
8273 
8274 	vdev_param = ar->wmi.vdev_param->sgi;
8275 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
8276 	if (ret) {
8277 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
8278 		return ret;
8279 	}
8280 
8281 	vdev_param = ar->wmi.vdev_param->ldpc;
8282 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
8283 	if (ret) {
8284 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
8285 		return ret;
8286 	}
8287 
8288 	return 0;
8289 }
8290 
8291 static bool
8292 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
8293 				enum nl80211_band band,
8294 				const struct cfg80211_bitrate_mask *mask,
8295 				bool allow_pfr)
8296 {
8297 	int i;
8298 	u16 vht_mcs;
8299 
8300 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
8301 	 * to express all VHT MCS rate masks. Effectively only the following
8302 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
8303 	 */
8304 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8305 		vht_mcs = mask->control[band].vht_mcs[i];
8306 
8307 		switch (vht_mcs) {
8308 		case 0:
8309 		case BIT(8) - 1:
8310 		case BIT(9) - 1:
8311 		case BIT(10) - 1:
8312 			break;
8313 		default:
8314 			if (!allow_pfr)
8315 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
8316 			return false;
8317 		}
8318 	}
8319 
8320 	return true;
8321 }
8322 
8323 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
8324 						  struct ath10k_vif *arvif,
8325 						  struct ieee80211_sta *sta)
8326 {
8327 	int err;
8328 	u8 rate = arvif->vht_pfr;
8329 
8330 	/* skip non vht and multiple rate peers */
8331 	if (!sta->deflink.vht_cap.vht_supported || arvif->vht_num_rates != 1)
8332 		return false;
8333 
8334 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8335 					WMI_PEER_PARAM_FIXED_RATE, rate);
8336 	if (err)
8337 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
8338 			    sta->addr, err);
8339 
8340 	return true;
8341 }
8342 
8343 static void ath10k_mac_set_bitrate_mask_iter(void *data,
8344 					     struct ieee80211_sta *sta)
8345 {
8346 	struct ath10k_vif *arvif = data;
8347 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8348 	struct ath10k *ar = arvif->ar;
8349 
8350 	if (arsta->arvif != arvif)
8351 		return;
8352 
8353 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
8354 		return;
8355 
8356 	spin_lock_bh(&ar->data_lock);
8357 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
8358 	spin_unlock_bh(&ar->data_lock);
8359 
8360 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
8361 }
8362 
8363 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
8364 					     struct ieee80211_sta *sta)
8365 {
8366 	struct ath10k_vif *arvif = data;
8367 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8368 	struct ath10k *ar = arvif->ar;
8369 	int err;
8370 
8371 	/* clear vht peers only */
8372 	if (arsta->arvif != arvif || !sta->deflink.vht_cap.vht_supported)
8373 		return;
8374 
8375 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8376 					WMI_PEER_PARAM_FIXED_RATE,
8377 					WMI_FIXED_RATE_NONE);
8378 	if (err)
8379 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
8380 			    sta->addr, err);
8381 }
8382 
8383 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
8384 					  struct ieee80211_vif *vif,
8385 					  const struct cfg80211_bitrate_mask *mask)
8386 {
8387 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8388 	struct cfg80211_chan_def def;
8389 	struct ath10k *ar = arvif->ar;
8390 	enum nl80211_band band;
8391 	const u8 *ht_mcs_mask;
8392 	const u16 *vht_mcs_mask;
8393 	u8 rate;
8394 	u8 nss;
8395 	u8 sgi;
8396 	u8 ldpc;
8397 	int single_nss;
8398 	int ret;
8399 	int vht_num_rates, allow_pfr;
8400 	u8 vht_pfr;
8401 	bool update_bitrate_mask = true;
8402 
8403 	if (ath10k_mac_vif_chan(vif, &def))
8404 		return -EPERM;
8405 
8406 	band = def.chan->band;
8407 	ht_mcs_mask = mask->control[band].ht_mcs;
8408 	vht_mcs_mask = mask->control[band].vht_mcs;
8409 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
8410 
8411 	sgi = mask->control[band].gi;
8412 	if (sgi == NL80211_TXRATE_FORCE_LGI)
8413 		return -EINVAL;
8414 
8415 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
8416 			     ar->normal_mode_fw.fw_file.fw_features);
8417 	if (allow_pfr) {
8418 		mutex_lock(&ar->conf_mutex);
8419 		ieee80211_iterate_stations_atomic(ar->hw,
8420 						  ath10k_mac_clr_bitrate_mask_iter,
8421 						  arvif);
8422 		mutex_unlock(&ar->conf_mutex);
8423 	}
8424 
8425 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
8426 						    &vht_num_rates)) {
8427 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8428 							      &rate, &nss,
8429 							      false);
8430 		if (ret) {
8431 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
8432 				    arvif->vdev_id, ret);
8433 			return ret;
8434 		}
8435 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
8436 							  &single_nss)) {
8437 		rate = WMI_FIXED_RATE_NONE;
8438 		nss = single_nss;
8439 	} else {
8440 		rate = WMI_FIXED_RATE_NONE;
8441 		nss = min(ar->num_rf_chains,
8442 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
8443 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
8444 
8445 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
8446 						     allow_pfr)) {
8447 			u8 vht_nss;
8448 
8449 			if (!allow_pfr || vht_num_rates != 1)
8450 				return -EINVAL;
8451 
8452 			/* Reach here, firmware supports peer fixed rate and has
8453 			 * single vht rate, and don't update vif birate_mask, as
8454 			 * the rate only for specific peer.
8455 			 */
8456 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8457 								&vht_pfr,
8458 								&vht_nss,
8459 								true);
8460 			update_bitrate_mask = false;
8461 		} else {
8462 			vht_pfr = 0;
8463 		}
8464 
8465 		mutex_lock(&ar->conf_mutex);
8466 
8467 		if (update_bitrate_mask)
8468 			arvif->bitrate_mask = *mask;
8469 		arvif->vht_num_rates = vht_num_rates;
8470 		arvif->vht_pfr = vht_pfr;
8471 		ieee80211_iterate_stations_atomic(ar->hw,
8472 						  ath10k_mac_set_bitrate_mask_iter,
8473 						  arvif);
8474 
8475 		mutex_unlock(&ar->conf_mutex);
8476 	}
8477 
8478 	mutex_lock(&ar->conf_mutex);
8479 
8480 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
8481 	if (ret) {
8482 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
8483 			    arvif->vdev_id, ret);
8484 		goto exit;
8485 	}
8486 
8487 exit:
8488 	mutex_unlock(&ar->conf_mutex);
8489 
8490 	return ret;
8491 }
8492 
8493 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
8494 				 struct ieee80211_vif *vif,
8495 				 struct ieee80211_sta *sta,
8496 				 u32 changed)
8497 {
8498 	struct ath10k *ar = hw->priv;
8499 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8500 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8501 	struct ath10k_peer *peer;
8502 	u32 bw, smps;
8503 
8504 	spin_lock_bh(&ar->data_lock);
8505 
8506 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
8507 	if (!peer) {
8508 		spin_unlock_bh(&ar->data_lock);
8509 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
8510 			    sta->addr, arvif->vdev_id);
8511 		return;
8512 	}
8513 
8514 	ath10k_dbg(ar, ATH10K_DBG_STA,
8515 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
8516 		   sta->addr, changed, sta->deflink.bandwidth,
8517 		   sta->deflink.rx_nss,
8518 		   sta->smps_mode);
8519 
8520 	if (changed & IEEE80211_RC_BW_CHANGED) {
8521 		bw = WMI_PEER_CHWIDTH_20MHZ;
8522 
8523 		switch (sta->deflink.bandwidth) {
8524 		case IEEE80211_STA_RX_BW_20:
8525 			bw = WMI_PEER_CHWIDTH_20MHZ;
8526 			break;
8527 		case IEEE80211_STA_RX_BW_40:
8528 			bw = WMI_PEER_CHWIDTH_40MHZ;
8529 			break;
8530 		case IEEE80211_STA_RX_BW_80:
8531 			bw = WMI_PEER_CHWIDTH_80MHZ;
8532 			break;
8533 		case IEEE80211_STA_RX_BW_160:
8534 			bw = WMI_PEER_CHWIDTH_160MHZ;
8535 			break;
8536 		default:
8537 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
8538 				    sta->deflink.bandwidth, sta->addr);
8539 			bw = WMI_PEER_CHWIDTH_20MHZ;
8540 			break;
8541 		}
8542 
8543 		arsta->bw = bw;
8544 	}
8545 
8546 	if (changed & IEEE80211_RC_NSS_CHANGED)
8547 		arsta->nss = sta->deflink.rx_nss;
8548 
8549 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
8550 		smps = WMI_PEER_SMPS_PS_NONE;
8551 
8552 		switch (sta->smps_mode) {
8553 		case IEEE80211_SMPS_AUTOMATIC:
8554 		case IEEE80211_SMPS_OFF:
8555 			smps = WMI_PEER_SMPS_PS_NONE;
8556 			break;
8557 		case IEEE80211_SMPS_STATIC:
8558 			smps = WMI_PEER_SMPS_STATIC;
8559 			break;
8560 		case IEEE80211_SMPS_DYNAMIC:
8561 			smps = WMI_PEER_SMPS_DYNAMIC;
8562 			break;
8563 		case IEEE80211_SMPS_NUM_MODES:
8564 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
8565 				    sta->smps_mode, sta->addr);
8566 			smps = WMI_PEER_SMPS_PS_NONE;
8567 			break;
8568 		}
8569 
8570 		arsta->smps = smps;
8571 	}
8572 
8573 	arsta->changed |= changed;
8574 
8575 	spin_unlock_bh(&ar->data_lock);
8576 
8577 	ieee80211_queue_work(hw, &arsta->update_wk);
8578 }
8579 
8580 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
8581 			      struct ieee80211_vif *vif, s64 tsf_offset)
8582 {
8583 	struct ath10k *ar = hw->priv;
8584 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8585 	u32 offset, vdev_param;
8586 	int ret;
8587 
8588 	if (tsf_offset < 0) {
8589 		vdev_param = ar->wmi.vdev_param->dec_tsf;
8590 		offset = -tsf_offset;
8591 	} else {
8592 		vdev_param = ar->wmi.vdev_param->inc_tsf;
8593 		offset = tsf_offset;
8594 	}
8595 
8596 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
8597 					vdev_param, offset);
8598 
8599 	if (ret && ret != -EOPNOTSUPP)
8600 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
8601 			    offset, vdev_param, ret);
8602 }
8603 
8604 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
8605 			       struct ieee80211_vif *vif,
8606 			       struct ieee80211_ampdu_params *params)
8607 {
8608 	struct ath10k *ar = hw->priv;
8609 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8610 	struct ieee80211_sta *sta = params->sta;
8611 	enum ieee80211_ampdu_mlme_action action = params->action;
8612 	u16 tid = params->tid;
8613 
8614 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %u action %d\n",
8615 		   arvif->vdev_id, sta->addr, tid, action);
8616 
8617 	switch (action) {
8618 	case IEEE80211_AMPDU_RX_START:
8619 	case IEEE80211_AMPDU_RX_STOP:
8620 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
8621 		 * creation/removal. Do we need to verify this?
8622 		 */
8623 		return 0;
8624 	case IEEE80211_AMPDU_TX_START:
8625 	case IEEE80211_AMPDU_TX_STOP_CONT:
8626 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
8627 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
8628 	case IEEE80211_AMPDU_TX_OPERATIONAL:
8629 		/* Firmware offloads Tx aggregation entirely so deny mac80211
8630 		 * Tx aggregation requests.
8631 		 */
8632 		return -EOPNOTSUPP;
8633 	}
8634 
8635 	return -EINVAL;
8636 }
8637 
8638 static void
8639 ath10k_mac_update_rx_channel(struct ath10k *ar,
8640 			     struct ieee80211_chanctx_conf *ctx,
8641 			     struct ieee80211_vif_chanctx_switch *vifs,
8642 			     int n_vifs)
8643 {
8644 	struct cfg80211_chan_def *def = NULL;
8645 
8646 	/* Both locks are required because ar->rx_channel is modified. This
8647 	 * allows readers to hold either lock.
8648 	 */
8649 	lockdep_assert_held(&ar->conf_mutex);
8650 	lockdep_assert_held(&ar->data_lock);
8651 
8652 	WARN_ON(ctx && vifs);
8653 	WARN_ON(vifs && !n_vifs);
8654 
8655 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
8656 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
8657 	 * ppdu on Rx may reduce performance on low-end systems. It should be
8658 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
8659 	 * cpu data cache lines though regarding sizes) but to keep the initial
8660 	 * implementation simple and less intrusive fallback to the slow lookup
8661 	 * only for multi-channel cases. Single-channel cases will remain to
8662 	 * use the old channel derival and thus performance should not be
8663 	 * affected much.
8664 	 */
8665 	rcu_read_lock();
8666 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
8667 		ieee80211_iter_chan_contexts_atomic(ar->hw,
8668 						    ath10k_mac_get_any_chandef_iter,
8669 						    &def);
8670 
8671 		if (vifs)
8672 			def = &vifs[0].new_ctx->def;
8673 
8674 		ar->rx_channel = def->chan;
8675 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
8676 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
8677 		/* During driver restart due to firmware assert, since mac80211
8678 		 * already has valid channel context for given radio, channel
8679 		 * context iteration return num_chanctx > 0. So fix rx_channel
8680 		 * when restart is in progress.
8681 		 */
8682 		ar->rx_channel = ctx->def.chan;
8683 	} else {
8684 		ar->rx_channel = NULL;
8685 	}
8686 	rcu_read_unlock();
8687 }
8688 
8689 static void
8690 ath10k_mac_update_vif_chan(struct ath10k *ar,
8691 			   struct ieee80211_vif_chanctx_switch *vifs,
8692 			   int n_vifs)
8693 {
8694 	struct ath10k_vif *arvif;
8695 	int ret;
8696 	int i;
8697 
8698 	lockdep_assert_held(&ar->conf_mutex);
8699 
8700 	/* First stop monitor interface. Some FW versions crash if there's a
8701 	 * lone monitor interface.
8702 	 */
8703 	if (ar->monitor_started)
8704 		ath10k_monitor_stop(ar);
8705 
8706 	for (i = 0; i < n_vifs; i++) {
8707 		arvif = (void *)vifs[i].vif->drv_priv;
8708 
8709 		ath10k_dbg(ar, ATH10K_DBG_MAC,
8710 			   "mac chanctx switch vdev_id %i freq %u->%u width %d->%d\n",
8711 			   arvif->vdev_id,
8712 			   vifs[i].old_ctx->def.chan->center_freq,
8713 			   vifs[i].new_ctx->def.chan->center_freq,
8714 			   vifs[i].old_ctx->def.width,
8715 			   vifs[i].new_ctx->def.width);
8716 
8717 		if (WARN_ON(!arvif->is_started))
8718 			continue;
8719 
8720 		if (WARN_ON(!arvif->is_up))
8721 			continue;
8722 
8723 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8724 		if (ret) {
8725 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
8726 				    arvif->vdev_id, ret);
8727 			continue;
8728 		}
8729 	}
8730 
8731 	/* All relevant vdevs are downed and associated channel resources
8732 	 * should be available for the channel switch now.
8733 	 */
8734 
8735 	spin_lock_bh(&ar->data_lock);
8736 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
8737 	spin_unlock_bh(&ar->data_lock);
8738 
8739 	for (i = 0; i < n_vifs; i++) {
8740 		arvif = (void *)vifs[i].vif->drv_priv;
8741 
8742 		if (WARN_ON(!arvif->is_started))
8743 			continue;
8744 
8745 		if (WARN_ON(!arvif->is_up))
8746 			continue;
8747 
8748 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
8749 		if (ret)
8750 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
8751 				    ret);
8752 
8753 		ret = ath10k_mac_setup_prb_tmpl(arvif);
8754 		if (ret)
8755 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
8756 				    ret);
8757 
8758 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
8759 		if (ret) {
8760 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
8761 				    arvif->vdev_id, ret);
8762 			continue;
8763 		}
8764 
8765 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
8766 					 arvif->bssid);
8767 		if (ret) {
8768 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
8769 				    arvif->vdev_id, ret);
8770 			continue;
8771 		}
8772 	}
8773 
8774 	ath10k_monitor_recalc(ar);
8775 }
8776 
8777 static int
8778 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
8779 			  struct ieee80211_chanctx_conf *ctx)
8780 {
8781 	struct ath10k *ar = hw->priv;
8782 
8783 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8784 		   "mac chanctx add freq %u width %d ptr %pK\n",
8785 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8786 
8787 	mutex_lock(&ar->conf_mutex);
8788 
8789 	spin_lock_bh(&ar->data_lock);
8790 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
8791 	spin_unlock_bh(&ar->data_lock);
8792 
8793 	ath10k_recalc_radar_detection(ar);
8794 	ath10k_monitor_recalc(ar);
8795 
8796 	mutex_unlock(&ar->conf_mutex);
8797 
8798 	return 0;
8799 }
8800 
8801 static void
8802 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
8803 			     struct ieee80211_chanctx_conf *ctx)
8804 {
8805 	struct ath10k *ar = hw->priv;
8806 
8807 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8808 		   "mac chanctx remove freq %u width %d ptr %pK\n",
8809 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8810 
8811 	mutex_lock(&ar->conf_mutex);
8812 
8813 	spin_lock_bh(&ar->data_lock);
8814 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
8815 	spin_unlock_bh(&ar->data_lock);
8816 
8817 	ath10k_recalc_radar_detection(ar);
8818 	ath10k_monitor_recalc(ar);
8819 
8820 	mutex_unlock(&ar->conf_mutex);
8821 }
8822 
8823 struct ath10k_mac_change_chanctx_arg {
8824 	struct ieee80211_chanctx_conf *ctx;
8825 	struct ieee80211_vif_chanctx_switch *vifs;
8826 	int n_vifs;
8827 	int next_vif;
8828 };
8829 
8830 static void
8831 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8832 				   struct ieee80211_vif *vif)
8833 {
8834 	struct ath10k_mac_change_chanctx_arg *arg = data;
8835 
8836 	if (rcu_access_pointer(vif->bss_conf.chanctx_conf) != arg->ctx)
8837 		return;
8838 
8839 	arg->n_vifs++;
8840 }
8841 
8842 static void
8843 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8844 				    struct ieee80211_vif *vif)
8845 {
8846 	struct ath10k_mac_change_chanctx_arg *arg = data;
8847 	struct ieee80211_chanctx_conf *ctx;
8848 
8849 	ctx = rcu_access_pointer(vif->bss_conf.chanctx_conf);
8850 	if (ctx != arg->ctx)
8851 		return;
8852 
8853 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8854 		return;
8855 
8856 	arg->vifs[arg->next_vif].vif = vif;
8857 	arg->vifs[arg->next_vif].old_ctx = ctx;
8858 	arg->vifs[arg->next_vif].new_ctx = ctx;
8859 	arg->next_vif++;
8860 }
8861 
8862 static void
8863 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8864 			     struct ieee80211_chanctx_conf *ctx,
8865 			     u32 changed)
8866 {
8867 	struct ath10k *ar = hw->priv;
8868 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8869 
8870 	mutex_lock(&ar->conf_mutex);
8871 
8872 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8873 		   "mac chanctx change freq %u width %d ptr %pK changed %x\n",
8874 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8875 
8876 	/* This shouldn't really happen because channel switching should use
8877 	 * switch_vif_chanctx().
8878 	 */
8879 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8880 		goto unlock;
8881 
8882 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8883 		ieee80211_iterate_active_interfaces_atomic(
8884 					hw,
8885 					ATH10K_ITER_NORMAL_FLAGS,
8886 					ath10k_mac_change_chanctx_cnt_iter,
8887 					&arg);
8888 		if (arg.n_vifs == 0)
8889 			goto radar;
8890 
8891 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8892 				   GFP_KERNEL);
8893 		if (!arg.vifs)
8894 			goto radar;
8895 
8896 		ieee80211_iterate_active_interfaces_atomic(
8897 					hw,
8898 					ATH10K_ITER_NORMAL_FLAGS,
8899 					ath10k_mac_change_chanctx_fill_iter,
8900 					&arg);
8901 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8902 		kfree(arg.vifs);
8903 	}
8904 
8905 radar:
8906 	ath10k_recalc_radar_detection(ar);
8907 
8908 	/* FIXME: How to configure Rx chains properly? */
8909 
8910 	/* No other actions are actually necessary. Firmware maintains channel
8911 	 * definitions per vdev internally and there's no host-side channel
8912 	 * context abstraction to configure, e.g. channel width.
8913 	 */
8914 
8915 unlock:
8916 	mutex_unlock(&ar->conf_mutex);
8917 }
8918 
8919 static int
8920 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8921 				 struct ieee80211_vif *vif,
8922 				 unsigned int link_id,
8923 				 struct ieee80211_chanctx_conf *ctx)
8924 {
8925 	struct ath10k *ar = hw->priv;
8926 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8927 	int ret;
8928 
8929 	mutex_lock(&ar->conf_mutex);
8930 
8931 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8932 		   "mac chanctx assign ptr %pK vdev_id %i\n",
8933 		   ctx, arvif->vdev_id);
8934 
8935 	if (WARN_ON(arvif->is_started)) {
8936 		mutex_unlock(&ar->conf_mutex);
8937 		return -EBUSY;
8938 	}
8939 
8940 	ret = ath10k_vdev_start(arvif, &ctx->def);
8941 	if (ret) {
8942 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
8943 			    arvif->vdev_id, vif->addr,
8944 			    ctx->def.chan->center_freq, ret);
8945 		goto err;
8946 	}
8947 
8948 	arvif->is_started = true;
8949 
8950 	ret = ath10k_mac_vif_setup_ps(arvif);
8951 	if (ret) {
8952 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
8953 			    arvif->vdev_id, ret);
8954 		goto err_stop;
8955 	}
8956 
8957 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8958 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
8959 		if (ret) {
8960 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
8961 				    arvif->vdev_id, ret);
8962 			goto err_stop;
8963 		}
8964 
8965 		arvif->is_up = true;
8966 	}
8967 
8968 	if (ath10k_mac_can_set_cts_prot(arvif)) {
8969 		ret = ath10k_mac_set_cts_prot(arvif);
8970 		if (ret)
8971 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
8972 				    arvif->vdev_id, ret);
8973 	}
8974 
8975 	if (ath10k_peer_stats_enabled(ar) &&
8976 	    ar->hw_params.tx_stats_over_pktlog) {
8977 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
8978 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
8979 						    ar->pktlog_filter);
8980 		if (ret) {
8981 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
8982 			goto err_stop;
8983 		}
8984 	}
8985 
8986 	mutex_unlock(&ar->conf_mutex);
8987 	return 0;
8988 
8989 err_stop:
8990 	ath10k_vdev_stop(arvif);
8991 	arvif->is_started = false;
8992 	ath10k_mac_vif_setup_ps(arvif);
8993 
8994 err:
8995 	mutex_unlock(&ar->conf_mutex);
8996 	return ret;
8997 }
8998 
8999 static void
9000 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
9001 				   struct ieee80211_vif *vif,
9002 				   unsigned int link_id,
9003 				   struct ieee80211_chanctx_conf *ctx)
9004 {
9005 	struct ath10k *ar = hw->priv;
9006 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9007 	int ret;
9008 
9009 	mutex_lock(&ar->conf_mutex);
9010 
9011 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9012 		   "mac chanctx unassign ptr %pK vdev_id %i\n",
9013 		   ctx, arvif->vdev_id);
9014 
9015 	WARN_ON(!arvif->is_started);
9016 
9017 	if (vif->type == NL80211_IFTYPE_MONITOR) {
9018 		WARN_ON(!arvif->is_up);
9019 
9020 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
9021 		if (ret)
9022 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
9023 				    arvif->vdev_id, ret);
9024 
9025 		arvif->is_up = false;
9026 	}
9027 
9028 	ret = ath10k_vdev_stop(arvif);
9029 	if (ret)
9030 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
9031 			    arvif->vdev_id, ret);
9032 
9033 	arvif->is_started = false;
9034 
9035 	mutex_unlock(&ar->conf_mutex);
9036 }
9037 
9038 static int
9039 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
9040 				 struct ieee80211_vif_chanctx_switch *vifs,
9041 				 int n_vifs,
9042 				 enum ieee80211_chanctx_switch_mode mode)
9043 {
9044 	struct ath10k *ar = hw->priv;
9045 
9046 	mutex_lock(&ar->conf_mutex);
9047 
9048 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9049 		   "mac chanctx switch n_vifs %d mode %d\n",
9050 		   n_vifs, mode);
9051 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
9052 
9053 	mutex_unlock(&ar->conf_mutex);
9054 	return 0;
9055 }
9056 
9057 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
9058 					     struct ieee80211_vif *vif,
9059 					     struct ieee80211_sta *sta)
9060 {
9061 	struct ath10k *ar;
9062 	struct ath10k_peer *peer;
9063 
9064 	ar = hw->priv;
9065 
9066 	list_for_each_entry(peer, &ar->peers, list)
9067 		if (peer->sta == sta)
9068 			peer->removed = true;
9069 }
9070 
9071 /* HT MCS parameters with Nss = 1 */
9072 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss1[] = {
9073 	/* MCS  L20   L40   S20  S40 */
9074 	{0,  { 65,  135,  72,  150} },
9075 	{1,  { 130, 270,  144, 300} },
9076 	{2,  { 195, 405,  217, 450} },
9077 	{3,  { 260, 540,  289, 600} },
9078 	{4,  { 390, 810,  433, 900} },
9079 	{5,  { 520, 1080, 578, 1200} },
9080 	{6,  { 585, 1215, 650, 1350} },
9081 	{7,  { 650, 1350, 722, 1500} }
9082 };
9083 
9084 /* HT MCS parameters with Nss = 2 */
9085 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss2[] = {
9086 	/* MCS  L20    L40   S20   S40 */
9087 	{0,  {130,  270,  144,  300} },
9088 	{1,  {260,  540,  289,  600} },
9089 	{2,  {390,  810,  433,  900} },
9090 	{3,  {520,  1080, 578,  1200} },
9091 	{4,  {780,  1620, 867,  1800} },
9092 	{5,  {1040, 2160, 1156, 2400} },
9093 	{6,  {1170, 2430, 1300, 2700} },
9094 	{7,  {1300, 2700, 1444, 3000} }
9095 };
9096 
9097 /* MCS parameters with Nss = 1 */
9098 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[] = {
9099 	/* MCS  L80    S80     L40   S40    L20   S20 */
9100 	{0,  {293,  325},  {135,  150},  {65,   72} },
9101 	{1,  {585,  650},  {270,  300},  {130,  144} },
9102 	{2,  {878,  975},  {405,  450},  {195,  217} },
9103 	{3,  {1170, 1300}, {540,  600},  {260,  289} },
9104 	{4,  {1755, 1950}, {810,  900},  {390,  433} },
9105 	{5,  {2340, 2600}, {1080, 1200}, {520,  578} },
9106 	{6,  {2633, 2925}, {1215, 1350}, {585,  650} },
9107 	{7,  {2925, 3250}, {1350, 1500}, {650,  722} },
9108 	{8,  {3510, 3900}, {1620, 1800}, {780,  867} },
9109 	{9,  {3900, 4333}, {1800, 2000}, {780,  867} }
9110 };
9111 
9112 /*MCS parameters with Nss = 2 */
9113 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[] = {
9114 	/* MCS  L80    S80     L40   S40    L20   S20 */
9115 	{0,  {585,  650},  {270,  300},  {130,  144} },
9116 	{1,  {1170, 1300}, {540,  600},  {260,  289} },
9117 	{2,  {1755, 1950}, {810,  900},  {390,  433} },
9118 	{3,  {2340, 2600}, {1080, 1200}, {520,  578} },
9119 	{4,  {3510, 3900}, {1620, 1800}, {780,  867} },
9120 	{5,  {4680, 5200}, {2160, 2400}, {1040, 1156} },
9121 	{6,  {5265, 5850}, {2430, 2700}, {1170, 1300} },
9122 	{7,  {5850, 6500}, {2700, 3000}, {1300, 1444} },
9123 	{8,  {7020, 7800}, {3240, 3600}, {1560, 1733} },
9124 	{9,  {7800, 8667}, {3600, 4000}, {1560, 1733} }
9125 };
9126 
9127 static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9128 					 u8 *flags, u8 *bw)
9129 {
9130 	struct ath10k_index_ht_data_rate_type *mcs_rate;
9131 	u8 index;
9132 	size_t len_nss1 = ARRAY_SIZE(supported_ht_mcs_rate_nss1);
9133 	size_t len_nss2 = ARRAY_SIZE(supported_ht_mcs_rate_nss2);
9134 
9135 	if (mcs >= (len_nss1 + len_nss2)) {
9136 		ath10k_warn(ar, "not supported mcs %d in current rate table", mcs);
9137 		return;
9138 	}
9139 
9140 	mcs_rate = (struct ath10k_index_ht_data_rate_type *)
9141 		   ((nss == 1) ? &supported_ht_mcs_rate_nss1 :
9142 		   &supported_ht_mcs_rate_nss2);
9143 
9144 	if (mcs >= len_nss1)
9145 		index = mcs - len_nss1;
9146 	else
9147 		index = mcs;
9148 
9149 	if (rate == mcs_rate[index].supported_rate[0]) {
9150 		*bw = RATE_INFO_BW_20;
9151 	} else if (rate == mcs_rate[index].supported_rate[1]) {
9152 		*bw |= RATE_INFO_BW_40;
9153 	} else if (rate == mcs_rate[index].supported_rate[2]) {
9154 		*bw |= RATE_INFO_BW_20;
9155 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9156 	} else if (rate == mcs_rate[index].supported_rate[3]) {
9157 		*bw |= RATE_INFO_BW_40;
9158 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9159 	} else {
9160 		ath10k_warn(ar, "invalid ht params rate %d 100kbps nss %d mcs %d",
9161 			    rate, nss, mcs);
9162 	}
9163 }
9164 
9165 static void ath10k_mac_get_rate_flags_vht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9166 					  u8 *flags, u8 *bw)
9167 {
9168 	struct ath10k_index_vht_data_rate_type *mcs_rate;
9169 
9170 	mcs_rate = (struct ath10k_index_vht_data_rate_type *)
9171 		   ((nss == 1) ? &supported_vht_mcs_rate_nss1 :
9172 		   &supported_vht_mcs_rate_nss2);
9173 
9174 	if (rate == mcs_rate[mcs].supported_VHT80_rate[0]) {
9175 		*bw = RATE_INFO_BW_80;
9176 	} else if (rate == mcs_rate[mcs].supported_VHT80_rate[1]) {
9177 		*bw = RATE_INFO_BW_80;
9178 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9179 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[0]) {
9180 		*bw = RATE_INFO_BW_40;
9181 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[1]) {
9182 		*bw = RATE_INFO_BW_40;
9183 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9184 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[0]) {
9185 		*bw = RATE_INFO_BW_20;
9186 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[1]) {
9187 		*bw = RATE_INFO_BW_20;
9188 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9189 	} else {
9190 		ath10k_warn(ar, "invalid vht params rate %d 100kbps nss %d mcs %d",
9191 			    rate, nss, mcs);
9192 	}
9193 }
9194 
9195 static void ath10k_mac_get_rate_flags(struct ath10k *ar, u32 rate,
9196 				      enum ath10k_phy_mode mode, u8 nss, u8 mcs,
9197 				      u8 *flags, u8 *bw)
9198 {
9199 	if (mode == ATH10K_PHY_MODE_HT) {
9200 		*flags = RATE_INFO_FLAGS_MCS;
9201 		ath10k_mac_get_rate_flags_ht(ar, rate, nss, mcs, flags, bw);
9202 	} else if (mode == ATH10K_PHY_MODE_VHT) {
9203 		*flags = RATE_INFO_FLAGS_VHT_MCS;
9204 		ath10k_mac_get_rate_flags_vht(ar, rate, nss, mcs, flags, bw);
9205 	}
9206 }
9207 
9208 static void ath10k_mac_parse_bitrate(struct ath10k *ar, u32 rate_code,
9209 				     u32 bitrate_kbps, struct rate_info *rate)
9210 {
9211 	enum ath10k_phy_mode mode = ATH10K_PHY_MODE_LEGACY;
9212 	enum wmi_rate_preamble preamble = WMI_TLV_GET_HW_RC_PREAM_V1(rate_code);
9213 	u8 nss = WMI_TLV_GET_HW_RC_NSS_V1(rate_code) + 1;
9214 	u8 mcs = WMI_TLV_GET_HW_RC_RATE_V1(rate_code);
9215 	u8 flags = 0, bw = 0;
9216 
9217 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac parse rate code 0x%x bitrate %d kbps\n",
9218 		   rate_code, bitrate_kbps);
9219 
9220 	if (preamble == WMI_RATE_PREAMBLE_HT)
9221 		mode = ATH10K_PHY_MODE_HT;
9222 	else if (preamble == WMI_RATE_PREAMBLE_VHT)
9223 		mode = ATH10K_PHY_MODE_VHT;
9224 
9225 	ath10k_mac_get_rate_flags(ar, bitrate_kbps / 100, mode, nss, mcs, &flags, &bw);
9226 
9227 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9228 		   "mac parse bitrate preamble %d mode %d nss %d mcs %d flags %x bw %d\n",
9229 		   preamble, mode, nss, mcs, flags, bw);
9230 
9231 	rate->flags = flags;
9232 	rate->bw = bw;
9233 	rate->legacy = bitrate_kbps / 100;
9234 	rate->nss = nss;
9235 	rate->mcs = mcs;
9236 }
9237 
9238 static void ath10k_mac_sta_get_peer_stats_info(struct ath10k *ar,
9239 					       struct ieee80211_sta *sta,
9240 					       struct station_info *sinfo)
9241 {
9242 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9243 	struct ath10k_peer *peer;
9244 	unsigned long time_left;
9245 	int ret;
9246 
9247 	if (!(ar->hw_params.supports_peer_stats_info &&
9248 	      arsta->arvif->vdev_type == WMI_VDEV_TYPE_STA))
9249 		return;
9250 
9251 	spin_lock_bh(&ar->data_lock);
9252 	peer = ath10k_peer_find(ar, arsta->arvif->vdev_id, sta->addr);
9253 	spin_unlock_bh(&ar->data_lock);
9254 	if (!peer)
9255 		return;
9256 
9257 	reinit_completion(&ar->peer_stats_info_complete);
9258 
9259 	ret = ath10k_wmi_request_peer_stats_info(ar,
9260 						 arsta->arvif->vdev_id,
9261 						 WMI_REQUEST_ONE_PEER_STATS_INFO,
9262 						 arsta->arvif->bssid,
9263 						 0);
9264 	if (ret && ret != -EOPNOTSUPP) {
9265 		ath10k_warn(ar, "could not request peer stats info: %d\n", ret);
9266 		return;
9267 	}
9268 
9269 	time_left = wait_for_completion_timeout(&ar->peer_stats_info_complete, 3 * HZ);
9270 	if (time_left == 0) {
9271 		ath10k_warn(ar, "timed out waiting peer stats info\n");
9272 		return;
9273 	}
9274 
9275 	if (arsta->rx_rate_code != 0 && arsta->rx_bitrate_kbps != 0) {
9276 		ath10k_mac_parse_bitrate(ar, arsta->rx_rate_code,
9277 					 arsta->rx_bitrate_kbps,
9278 					 &sinfo->rxrate);
9279 
9280 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
9281 		arsta->rx_rate_code = 0;
9282 		arsta->rx_bitrate_kbps = 0;
9283 	}
9284 
9285 	if (arsta->tx_rate_code != 0 && arsta->tx_bitrate_kbps != 0) {
9286 		ath10k_mac_parse_bitrate(ar, arsta->tx_rate_code,
9287 					 arsta->tx_bitrate_kbps,
9288 					 &sinfo->txrate);
9289 
9290 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9291 		arsta->tx_rate_code = 0;
9292 		arsta->tx_bitrate_kbps = 0;
9293 	}
9294 }
9295 
9296 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
9297 				  struct ieee80211_vif *vif,
9298 				  struct ieee80211_sta *sta,
9299 				  struct station_info *sinfo)
9300 {
9301 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9302 	struct ath10k *ar = arsta->arvif->ar;
9303 
9304 	if (!ath10k_peer_stats_enabled(ar))
9305 		return;
9306 
9307 	mutex_lock(&ar->conf_mutex);
9308 	ath10k_debug_fw_stats_request(ar);
9309 	mutex_unlock(&ar->conf_mutex);
9310 
9311 	sinfo->rx_duration = arsta->rx_duration;
9312 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
9313 
9314 	if (arsta->txrate.legacy || arsta->txrate.nss) {
9315 		if (arsta->txrate.legacy) {
9316 			sinfo->txrate.legacy = arsta->txrate.legacy;
9317 		} else {
9318 			sinfo->txrate.mcs = arsta->txrate.mcs;
9319 			sinfo->txrate.nss = arsta->txrate.nss;
9320 			sinfo->txrate.bw = arsta->txrate.bw;
9321 		}
9322 		sinfo->txrate.flags = arsta->txrate.flags;
9323 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9324 	}
9325 
9326 	if (ar->htt.disable_tx_comp) {
9327 		sinfo->tx_failed = arsta->tx_failed;
9328 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
9329 	}
9330 
9331 	sinfo->tx_retries = arsta->tx_retries;
9332 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
9333 
9334 	ath10k_mac_sta_get_peer_stats_info(ar, sta, sinfo);
9335 }
9336 
9337 static int ath10k_mac_op_set_tid_config(struct ieee80211_hw *hw,
9338 					struct ieee80211_vif *vif,
9339 					struct ieee80211_sta *sta,
9340 					struct cfg80211_tid_config *tid_config)
9341 {
9342 	struct ath10k *ar = hw->priv;
9343 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9344 	struct ath10k_mac_iter_tid_conf_data data = {};
9345 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
9346 	int ret, i;
9347 
9348 	mutex_lock(&ar->conf_mutex);
9349 	arg.vdev_id = arvif->vdev_id;
9350 
9351 	arvif->tids_rst = 0;
9352 	memset(arvif->tid_conf_changed, 0, sizeof(arvif->tid_conf_changed));
9353 
9354 	for (i = 0; i < tid_config->n_tid_conf; i++) {
9355 		ret = ath10k_mac_parse_tid_config(ar, sta, vif,
9356 						  &tid_config->tid_conf[i],
9357 						  &arg);
9358 		if (ret)
9359 			goto exit;
9360 	}
9361 
9362 	ret = 0;
9363 
9364 	if (sta)
9365 		goto exit;
9366 
9367 	arvif->tids_rst = 0;
9368 	data.curr_vif = vif;
9369 	data.ar = ar;
9370 
9371 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9372 					  &data);
9373 
9374 exit:
9375 	mutex_unlock(&ar->conf_mutex);
9376 	return ret;
9377 }
9378 
9379 static int ath10k_mac_op_reset_tid_config(struct ieee80211_hw *hw,
9380 					  struct ieee80211_vif *vif,
9381 					  struct ieee80211_sta *sta,
9382 					  u8 tids)
9383 {
9384 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9385 	struct ath10k_mac_iter_tid_conf_data data = {};
9386 	struct ath10k *ar = hw->priv;
9387 	int ret = 0;
9388 
9389 	mutex_lock(&ar->conf_mutex);
9390 
9391 	if (sta) {
9392 		arvif->tids_rst = 0;
9393 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif, tids);
9394 		goto exit;
9395 	}
9396 
9397 	arvif->tids_rst = tids;
9398 	data.curr_vif = vif;
9399 	data.ar = ar;
9400 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9401 					  &data);
9402 
9403 exit:
9404 	mutex_unlock(&ar->conf_mutex);
9405 	return ret;
9406 }
9407 
9408 static const struct ieee80211_ops ath10k_ops = {
9409 	.tx				= ath10k_mac_op_tx,
9410 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
9411 	.start				= ath10k_start,
9412 	.stop				= ath10k_stop,
9413 	.config				= ath10k_config,
9414 	.add_interface			= ath10k_add_interface,
9415 	.update_vif_offload		= ath10k_update_vif_offload,
9416 	.remove_interface		= ath10k_remove_interface,
9417 	.configure_filter		= ath10k_configure_filter,
9418 	.bss_info_changed		= ath10k_bss_info_changed,
9419 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
9420 	.hw_scan			= ath10k_hw_scan,
9421 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
9422 	.set_key			= ath10k_set_key,
9423 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
9424 	.sta_state			= ath10k_sta_state,
9425 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
9426 	.conf_tx			= ath10k_conf_tx,
9427 	.remain_on_channel		= ath10k_remain_on_channel,
9428 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
9429 	.set_rts_threshold		= ath10k_set_rts_threshold,
9430 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
9431 	.flush				= ath10k_flush,
9432 	.tx_last_beacon			= ath10k_tx_last_beacon,
9433 	.set_antenna			= ath10k_set_antenna,
9434 	.get_antenna			= ath10k_get_antenna,
9435 	.reconfig_complete		= ath10k_reconfig_complete,
9436 	.get_survey			= ath10k_get_survey,
9437 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
9438 	.sta_rc_update			= ath10k_sta_rc_update,
9439 	.offset_tsf			= ath10k_offset_tsf,
9440 	.ampdu_action			= ath10k_ampdu_action,
9441 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
9442 	.get_et_stats			= ath10k_debug_get_et_stats,
9443 	.get_et_strings			= ath10k_debug_get_et_strings,
9444 	.add_chanctx			= ath10k_mac_op_add_chanctx,
9445 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
9446 	.change_chanctx			= ath10k_mac_op_change_chanctx,
9447 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
9448 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
9449 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
9450 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
9451 	.sta_statistics			= ath10k_sta_statistics,
9452 	.set_tid_config			= ath10k_mac_op_set_tid_config,
9453 	.reset_tid_config		= ath10k_mac_op_reset_tid_config,
9454 
9455 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
9456 
9457 #ifdef CONFIG_PM
9458 	.suspend			= ath10k_wow_op_suspend,
9459 	.resume				= ath10k_wow_op_resume,
9460 	.set_wakeup			= ath10k_wow_op_set_wakeup,
9461 #endif
9462 #ifdef CONFIG_MAC80211_DEBUGFS
9463 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
9464 #endif
9465 	.set_sar_specs			= ath10k_mac_set_sar_specs,
9466 };
9467 
9468 #define CHAN2G(_channel, _freq, _flags) { \
9469 	.band			= NL80211_BAND_2GHZ, \
9470 	.hw_value		= (_channel), \
9471 	.center_freq		= (_freq), \
9472 	.flags			= (_flags), \
9473 	.max_antenna_gain	= 0, \
9474 	.max_power		= 30, \
9475 }
9476 
9477 #define CHAN5G(_channel, _freq, _flags) { \
9478 	.band			= NL80211_BAND_5GHZ, \
9479 	.hw_value		= (_channel), \
9480 	.center_freq		= (_freq), \
9481 	.flags			= (_flags), \
9482 	.max_antenna_gain	= 0, \
9483 	.max_power		= 30, \
9484 }
9485 
9486 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
9487 	CHAN2G(1, 2412, 0),
9488 	CHAN2G(2, 2417, 0),
9489 	CHAN2G(3, 2422, 0),
9490 	CHAN2G(4, 2427, 0),
9491 	CHAN2G(5, 2432, 0),
9492 	CHAN2G(6, 2437, 0),
9493 	CHAN2G(7, 2442, 0),
9494 	CHAN2G(8, 2447, 0),
9495 	CHAN2G(9, 2452, 0),
9496 	CHAN2G(10, 2457, 0),
9497 	CHAN2G(11, 2462, 0),
9498 	CHAN2G(12, 2467, 0),
9499 	CHAN2G(13, 2472, 0),
9500 	CHAN2G(14, 2484, 0),
9501 };
9502 
9503 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
9504 	CHAN5G(36, 5180, 0),
9505 	CHAN5G(40, 5200, 0),
9506 	CHAN5G(44, 5220, 0),
9507 	CHAN5G(48, 5240, 0),
9508 	CHAN5G(52, 5260, 0),
9509 	CHAN5G(56, 5280, 0),
9510 	CHAN5G(60, 5300, 0),
9511 	CHAN5G(64, 5320, 0),
9512 	CHAN5G(100, 5500, 0),
9513 	CHAN5G(104, 5520, 0),
9514 	CHAN5G(108, 5540, 0),
9515 	CHAN5G(112, 5560, 0),
9516 	CHAN5G(116, 5580, 0),
9517 	CHAN5G(120, 5600, 0),
9518 	CHAN5G(124, 5620, 0),
9519 	CHAN5G(128, 5640, 0),
9520 	CHAN5G(132, 5660, 0),
9521 	CHAN5G(136, 5680, 0),
9522 	CHAN5G(140, 5700, 0),
9523 	CHAN5G(144, 5720, 0),
9524 	CHAN5G(149, 5745, 0),
9525 	CHAN5G(153, 5765, 0),
9526 	CHAN5G(157, 5785, 0),
9527 	CHAN5G(161, 5805, 0),
9528 	CHAN5G(165, 5825, 0),
9529 	CHAN5G(169, 5845, 0),
9530 	CHAN5G(173, 5865, 0),
9531 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
9532 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
9533 };
9534 
9535 struct ath10k *ath10k_mac_create(size_t priv_size)
9536 {
9537 	struct ieee80211_hw *hw;
9538 	struct ieee80211_ops *ops;
9539 	struct ath10k *ar;
9540 
9541 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
9542 	if (!ops)
9543 		return NULL;
9544 
9545 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
9546 	if (!hw) {
9547 		kfree(ops);
9548 		return NULL;
9549 	}
9550 
9551 	ar = hw->priv;
9552 	ar->hw = hw;
9553 	ar->ops = ops;
9554 
9555 	return ar;
9556 }
9557 
9558 void ath10k_mac_destroy(struct ath10k *ar)
9559 {
9560 	struct ieee80211_ops *ops = ar->ops;
9561 
9562 	ieee80211_free_hw(ar->hw);
9563 	kfree(ops);
9564 }
9565 
9566 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
9567 	{
9568 		.max	= 8,
9569 		.types	= BIT(NL80211_IFTYPE_STATION)
9570 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
9571 	},
9572 	{
9573 		.max	= 3,
9574 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
9575 	},
9576 	{
9577 		.max	= 1,
9578 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
9579 	},
9580 	{
9581 		.max	= 7,
9582 		.types	= BIT(NL80211_IFTYPE_AP)
9583 #ifdef CONFIG_MAC80211_MESH
9584 			| BIT(NL80211_IFTYPE_MESH_POINT)
9585 #endif
9586 	},
9587 };
9588 
9589 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
9590 	{
9591 		.max	= 8,
9592 		.types	= BIT(NL80211_IFTYPE_AP)
9593 #ifdef CONFIG_MAC80211_MESH
9594 			| BIT(NL80211_IFTYPE_MESH_POINT)
9595 #endif
9596 	},
9597 	{
9598 		.max	= 1,
9599 		.types	= BIT(NL80211_IFTYPE_STATION)
9600 	},
9601 };
9602 
9603 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
9604 	{
9605 		.limits = ath10k_if_limits,
9606 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
9607 		.max_interfaces = 8,
9608 		.num_different_channels = 1,
9609 		.beacon_int_infra_match = true,
9610 	},
9611 };
9612 
9613 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
9614 	{
9615 		.limits = ath10k_10x_if_limits,
9616 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
9617 		.max_interfaces = 8,
9618 		.num_different_channels = 1,
9619 		.beacon_int_infra_match = true,
9620 		.beacon_int_min_gcd = 1,
9621 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9622 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9623 					BIT(NL80211_CHAN_WIDTH_20) |
9624 					BIT(NL80211_CHAN_WIDTH_40) |
9625 					BIT(NL80211_CHAN_WIDTH_80),
9626 #endif
9627 	},
9628 };
9629 
9630 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
9631 	{
9632 		.max = 2,
9633 		.types = BIT(NL80211_IFTYPE_STATION),
9634 	},
9635 	{
9636 		.max = 2,
9637 		.types = BIT(NL80211_IFTYPE_AP) |
9638 #ifdef CONFIG_MAC80211_MESH
9639 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9640 #endif
9641 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
9642 			 BIT(NL80211_IFTYPE_P2P_GO),
9643 	},
9644 	{
9645 		.max = 1,
9646 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9647 	},
9648 };
9649 
9650 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
9651 	{
9652 		.max = 2,
9653 		.types = BIT(NL80211_IFTYPE_STATION),
9654 	},
9655 	{
9656 		.max = 2,
9657 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
9658 	},
9659 	{
9660 		.max = 1,
9661 		.types = BIT(NL80211_IFTYPE_AP) |
9662 #ifdef CONFIG_MAC80211_MESH
9663 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9664 #endif
9665 			 BIT(NL80211_IFTYPE_P2P_GO),
9666 	},
9667 	{
9668 		.max = 1,
9669 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9670 	},
9671 };
9672 
9673 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
9674 	{
9675 		.max = 1,
9676 		.types = BIT(NL80211_IFTYPE_STATION),
9677 	},
9678 	{
9679 		.max = 1,
9680 		.types = BIT(NL80211_IFTYPE_ADHOC),
9681 	},
9682 };
9683 
9684 /* FIXME: This is not thouroughly tested. These combinations may over- or
9685  * underestimate hw/fw capabilities.
9686  */
9687 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
9688 	{
9689 		.limits = ath10k_tlv_if_limit,
9690 		.num_different_channels = 1,
9691 		.max_interfaces = 4,
9692 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9693 	},
9694 	{
9695 		.limits = ath10k_tlv_if_limit_ibss,
9696 		.num_different_channels = 1,
9697 		.max_interfaces = 2,
9698 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9699 	},
9700 };
9701 
9702 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
9703 	{
9704 		.limits = ath10k_tlv_if_limit,
9705 		.num_different_channels = 1,
9706 		.max_interfaces = 4,
9707 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9708 	},
9709 	{
9710 		.limits = ath10k_tlv_qcs_if_limit,
9711 		.num_different_channels = 2,
9712 		.max_interfaces = 4,
9713 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
9714 	},
9715 	{
9716 		.limits = ath10k_tlv_if_limit_ibss,
9717 		.num_different_channels = 1,
9718 		.max_interfaces = 2,
9719 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9720 	},
9721 };
9722 
9723 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
9724 	{
9725 		.max = 1,
9726 		.types = BIT(NL80211_IFTYPE_STATION),
9727 	},
9728 	{
9729 		.max	= 16,
9730 		.types	= BIT(NL80211_IFTYPE_AP)
9731 #ifdef CONFIG_MAC80211_MESH
9732 			| BIT(NL80211_IFTYPE_MESH_POINT)
9733 #endif
9734 	},
9735 };
9736 
9737 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
9738 	{
9739 		.limits = ath10k_10_4_if_limits,
9740 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9741 		.max_interfaces = 16,
9742 		.num_different_channels = 1,
9743 		.beacon_int_infra_match = true,
9744 		.beacon_int_min_gcd = 1,
9745 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9746 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9747 					BIT(NL80211_CHAN_WIDTH_20) |
9748 					BIT(NL80211_CHAN_WIDTH_40) |
9749 					BIT(NL80211_CHAN_WIDTH_80) |
9750 					BIT(NL80211_CHAN_WIDTH_80P80) |
9751 					BIT(NL80211_CHAN_WIDTH_160),
9752 #endif
9753 	},
9754 };
9755 
9756 static const struct
9757 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
9758 	{
9759 		.limits = ath10k_10_4_if_limits,
9760 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9761 		.max_interfaces = 16,
9762 		.num_different_channels = 1,
9763 		.beacon_int_infra_match = true,
9764 		.beacon_int_min_gcd = 100,
9765 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9766 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9767 					BIT(NL80211_CHAN_WIDTH_20) |
9768 					BIT(NL80211_CHAN_WIDTH_40) |
9769 					BIT(NL80211_CHAN_WIDTH_80) |
9770 					BIT(NL80211_CHAN_WIDTH_80P80) |
9771 					BIT(NL80211_CHAN_WIDTH_160),
9772 #endif
9773 	},
9774 };
9775 
9776 static void ath10k_get_arvif_iter(void *data, u8 *mac,
9777 				  struct ieee80211_vif *vif)
9778 {
9779 	struct ath10k_vif_iter *arvif_iter = data;
9780 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9781 
9782 	if (arvif->vdev_id == arvif_iter->vdev_id)
9783 		arvif_iter->arvif = arvif;
9784 }
9785 
9786 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
9787 {
9788 	struct ath10k_vif_iter arvif_iter;
9789 
9790 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
9791 	arvif_iter.vdev_id = vdev_id;
9792 
9793 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
9794 						   ATH10K_ITER_RESUME_FLAGS,
9795 						   ath10k_get_arvif_iter,
9796 						   &arvif_iter);
9797 	if (!arvif_iter.arvif) {
9798 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
9799 		return NULL;
9800 	}
9801 
9802 	return arvif_iter.arvif;
9803 }
9804 
9805 #define WRD_METHOD "WRDD"
9806 #define WRDD_WIFI  (0x07)
9807 
9808 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
9809 {
9810 	union acpi_object *mcc_pkg;
9811 	union acpi_object *domain_type;
9812 	union acpi_object *mcc_value;
9813 	u32 i;
9814 
9815 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
9816 	    wrdd->package.count < 2 ||
9817 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
9818 	    wrdd->package.elements[0].integer.value != 0) {
9819 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
9820 		return 0;
9821 	}
9822 
9823 	for (i = 1; i < wrdd->package.count; ++i) {
9824 		mcc_pkg = &wrdd->package.elements[i];
9825 
9826 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
9827 			continue;
9828 		if (mcc_pkg->package.count < 2)
9829 			continue;
9830 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
9831 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
9832 			continue;
9833 
9834 		domain_type = &mcc_pkg->package.elements[0];
9835 		if (domain_type->integer.value != WRDD_WIFI)
9836 			continue;
9837 
9838 		mcc_value = &mcc_pkg->package.elements[1];
9839 		return mcc_value->integer.value;
9840 	}
9841 	return 0;
9842 }
9843 
9844 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
9845 {
9846 	acpi_handle root_handle;
9847 	acpi_handle handle;
9848 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
9849 	acpi_status status;
9850 	u32 alpha2_code;
9851 	char alpha2[3];
9852 
9853 	root_handle = ACPI_HANDLE(ar->dev);
9854 	if (!root_handle)
9855 		return -EOPNOTSUPP;
9856 
9857 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
9858 	if (ACPI_FAILURE(status)) {
9859 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9860 			   "failed to get wrd method %d\n", status);
9861 		return -EIO;
9862 	}
9863 
9864 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
9865 	if (ACPI_FAILURE(status)) {
9866 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9867 			   "failed to call wrdc %d\n", status);
9868 		return -EIO;
9869 	}
9870 
9871 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
9872 	kfree(wrdd.pointer);
9873 	if (!alpha2_code)
9874 		return -EIO;
9875 
9876 	alpha2[0] = (alpha2_code >> 8) & 0xff;
9877 	alpha2[1] = (alpha2_code >> 0) & 0xff;
9878 	alpha2[2] = '\0';
9879 
9880 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
9881 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
9882 
9883 	*rd = ath_regd_find_country_by_name(alpha2);
9884 	if (*rd == 0xffff)
9885 		return -EIO;
9886 
9887 	*rd |= COUNTRY_ERD_FLAG;
9888 	return 0;
9889 }
9890 
9891 static int ath10k_mac_init_rd(struct ath10k *ar)
9892 {
9893 	int ret;
9894 	u16 rd;
9895 
9896 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
9897 	if (ret) {
9898 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9899 			   "fallback to eeprom programmed regulatory settings\n");
9900 		rd = ar->hw_eeprom_rd;
9901 	}
9902 
9903 	ar->ath_common.regulatory.current_rd = rd;
9904 	return 0;
9905 }
9906 
9907 int ath10k_mac_register(struct ath10k *ar)
9908 {
9909 	static const u32 cipher_suites[] = {
9910 		WLAN_CIPHER_SUITE_WEP40,
9911 		WLAN_CIPHER_SUITE_WEP104,
9912 		WLAN_CIPHER_SUITE_TKIP,
9913 		WLAN_CIPHER_SUITE_CCMP,
9914 
9915 		/* Do not add hardware supported ciphers before this line.
9916 		 * Allow software encryption for all chips. Don't forget to
9917 		 * update n_cipher_suites below.
9918 		 */
9919 		WLAN_CIPHER_SUITE_AES_CMAC,
9920 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
9921 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
9922 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
9923 
9924 		/* Only QCA99x0 and QCA4019 varients support GCMP-128, GCMP-256
9925 		 * and CCMP-256 in hardware.
9926 		 */
9927 		WLAN_CIPHER_SUITE_GCMP,
9928 		WLAN_CIPHER_SUITE_GCMP_256,
9929 		WLAN_CIPHER_SUITE_CCMP_256,
9930 	};
9931 	struct ieee80211_supported_band *band;
9932 	void *channels;
9933 	int ret;
9934 
9935 	if (!is_valid_ether_addr(ar->mac_addr)) {
9936 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
9937 		eth_random_addr(ar->mac_addr);
9938 	}
9939 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
9940 
9941 	SET_IEEE80211_DEV(ar->hw, ar->dev);
9942 
9943 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
9944 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
9945 		     ATH10K_NUM_CHANS);
9946 
9947 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
9948 		channels = kmemdup(ath10k_2ghz_channels,
9949 				   sizeof(ath10k_2ghz_channels),
9950 				   GFP_KERNEL);
9951 		if (!channels) {
9952 			ret = -ENOMEM;
9953 			goto err_free;
9954 		}
9955 
9956 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
9957 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
9958 		band->channels = channels;
9959 
9960 		if (ar->hw_params.cck_rate_map_rev2) {
9961 			band->n_bitrates = ath10k_g_rates_rev2_size;
9962 			band->bitrates = ath10k_g_rates_rev2;
9963 		} else {
9964 			band->n_bitrates = ath10k_g_rates_size;
9965 			band->bitrates = ath10k_g_rates;
9966 		}
9967 
9968 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
9969 	}
9970 
9971 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
9972 		channels = kmemdup(ath10k_5ghz_channels,
9973 				   sizeof(ath10k_5ghz_channels),
9974 				   GFP_KERNEL);
9975 		if (!channels) {
9976 			ret = -ENOMEM;
9977 			goto err_free;
9978 		}
9979 
9980 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
9981 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
9982 		band->channels = channels;
9983 		band->n_bitrates = ath10k_a_rates_size;
9984 		band->bitrates = ath10k_a_rates;
9985 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
9986 	}
9987 
9988 	wiphy_read_of_freq_limits(ar->hw->wiphy);
9989 	ath10k_mac_setup_ht_vht_cap(ar);
9990 
9991 	ar->hw->wiphy->interface_modes =
9992 		BIT(NL80211_IFTYPE_STATION) |
9993 		BIT(NL80211_IFTYPE_AP) |
9994 		BIT(NL80211_IFTYPE_MESH_POINT);
9995 
9996 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
9997 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
9998 
9999 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
10000 		ar->hw->wiphy->interface_modes |=
10001 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
10002 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
10003 			BIT(NL80211_IFTYPE_P2P_GO);
10004 
10005 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
10006 
10007 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
10008 		      ar->running_fw->fw_file.fw_features)) {
10009 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
10010 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
10011 	}
10012 
10013 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
10014 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
10015 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
10016 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
10017 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
10018 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
10019 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
10020 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
10021 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
10022 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
10023 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
10024 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
10025 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
10026 
10027 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10028 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
10029 
10030 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
10031 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
10032 
10033 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
10034 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
10035 
10036 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
10037 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
10038 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
10039 	}
10040 
10041 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
10042 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
10043 
10044 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
10045 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
10046 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
10047 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
10048 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
10049 		ar->hw->wiphy->max_sched_scan_plan_interval =
10050 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
10051 		ar->hw->wiphy->max_sched_scan_plan_iterations =
10052 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
10053 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
10054 	}
10055 
10056 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
10057 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
10058 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
10059 
10060 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
10061 
10062 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
10063 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
10064 
10065 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
10066 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
10067 		 * correct Probe Responses. This is more of a hack advert..
10068 		 */
10069 		ar->hw->wiphy->probe_resp_offload |=
10070 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
10071 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
10072 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
10073 	}
10074 
10075 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
10076 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
10077 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
10078 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
10079 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
10080 	}
10081 
10082 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
10083 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
10084 
10085 	if (ath10k_frame_mode == ATH10K_HW_TXRX_ETHERNET) {
10086 		if (ar->wmi.vdev_param->tx_encap_type !=
10087 		    WMI_VDEV_PARAM_UNSUPPORTED)
10088 			ieee80211_hw_set(ar->hw, SUPPORTS_TX_ENCAP_OFFLOAD);
10089 	}
10090 
10091 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
10092 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
10093 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
10094 
10095 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
10096 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
10097 				   NL80211_FEATURE_AP_SCAN;
10098 
10099 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
10100 
10101 	ret = ath10k_wow_init(ar);
10102 	if (ret) {
10103 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
10104 		goto err_free;
10105 	}
10106 
10107 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
10108 	wiphy_ext_feature_set(ar->hw->wiphy,
10109 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
10110 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
10111 
10112 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
10113 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
10114 		wiphy_ext_feature_set(ar->hw->wiphy,
10115 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
10116 
10117 	if (ath10k_peer_stats_enabled(ar) ||
10118 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
10119 		wiphy_ext_feature_set(ar->hw->wiphy,
10120 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
10121 
10122 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
10123 		wiphy_ext_feature_set(ar->hw->wiphy,
10124 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
10125 
10126 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
10127 		wiphy_ext_feature_set(ar->hw->wiphy,
10128 				      NL80211_EXT_FEATURE_STA_TX_PWR);
10129 
10130 	if (test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map)) {
10131 		ar->hw->wiphy->tid_config_support.vif |=
10132 				BIT(NL80211_TID_CONFIG_ATTR_NOACK) |
10133 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT) |
10134 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG) |
10135 				BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL) |
10136 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
10137 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
10138 
10139 		if (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
10140 			     ar->wmi.svc_map)) {
10141 			ar->hw->wiphy->tid_config_support.vif |=
10142 				BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
10143 		}
10144 
10145 		ar->hw->wiphy->tid_config_support.peer =
10146 				ar->hw->wiphy->tid_config_support.vif;
10147 		ar->hw->wiphy->max_data_retry_count = ATH10K_MAX_RETRY_COUNT;
10148 	} else {
10149 		ar->ops->set_tid_config = NULL;
10150 	}
10151 	/*
10152 	 * on LL hardware queues are managed entirely by the FW
10153 	 * so we only advertise to mac we can do the queues thing
10154 	 */
10155 	ar->hw->queues = IEEE80211_MAX_QUEUES;
10156 
10157 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
10158 	 * something that vdev_ids can't reach so that we don't stop the queue
10159 	 * accidentally.
10160 	 */
10161 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
10162 
10163 	switch (ar->running_fw->fw_file.wmi_op_version) {
10164 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
10165 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
10166 		ar->hw->wiphy->n_iface_combinations =
10167 			ARRAY_SIZE(ath10k_if_comb);
10168 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10169 		break;
10170 	case ATH10K_FW_WMI_OP_VERSION_TLV:
10171 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
10172 			ar->hw->wiphy->iface_combinations =
10173 				ath10k_tlv_qcs_if_comb;
10174 			ar->hw->wiphy->n_iface_combinations =
10175 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
10176 		} else {
10177 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
10178 			ar->hw->wiphy->n_iface_combinations =
10179 				ARRAY_SIZE(ath10k_tlv_if_comb);
10180 		}
10181 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10182 		break;
10183 	case ATH10K_FW_WMI_OP_VERSION_10_1:
10184 	case ATH10K_FW_WMI_OP_VERSION_10_2:
10185 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
10186 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
10187 		ar->hw->wiphy->n_iface_combinations =
10188 			ARRAY_SIZE(ath10k_10x_if_comb);
10189 		break;
10190 	case ATH10K_FW_WMI_OP_VERSION_10_4:
10191 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
10192 		ar->hw->wiphy->n_iface_combinations =
10193 			ARRAY_SIZE(ath10k_10_4_if_comb);
10194 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
10195 			     ar->wmi.svc_map)) {
10196 			ar->hw->wiphy->iface_combinations =
10197 				ath10k_10_4_bcn_int_if_comb;
10198 			ar->hw->wiphy->n_iface_combinations =
10199 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
10200 		}
10201 		break;
10202 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
10203 	case ATH10K_FW_WMI_OP_VERSION_MAX:
10204 		WARN_ON(1);
10205 		ret = -EINVAL;
10206 		goto err_free;
10207 	}
10208 
10209 	if (ar->hw_params.dynamic_sar_support)
10210 		ar->hw->wiphy->sar_capa = &ath10k_sar_capa;
10211 
10212 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10213 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
10214 
10215 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
10216 		/* Init ath dfs pattern detector */
10217 		ar->ath_common.debug_mask = ATH_DBG_DFS;
10218 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
10219 							     NL80211_DFS_UNSET);
10220 
10221 		if (!ar->dfs_detector)
10222 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
10223 	}
10224 
10225 	ret = ath10k_mac_init_rd(ar);
10226 	if (ret) {
10227 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
10228 		goto err_dfs_detector_exit;
10229 	}
10230 
10231 	/* Disable set_coverage_class for chipsets that do not support it. */
10232 	if (!ar->hw_params.hw_ops->set_coverage_class)
10233 		ar->ops->set_coverage_class = NULL;
10234 
10235 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
10236 			    ath10k_reg_notifier);
10237 	if (ret) {
10238 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
10239 		goto err_dfs_detector_exit;
10240 	}
10241 
10242 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
10243 		ar->hw->wiphy->features |=
10244 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
10245 	}
10246 
10247 	ar->hw->wiphy->cipher_suites = cipher_suites;
10248 
10249 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
10250 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
10251 	 * from chip specific hw_param table.
10252 	 */
10253 	if (!ar->hw_params.n_cipher_suites ||
10254 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
10255 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
10256 			   ar->hw_params.n_cipher_suites);
10257 		ar->hw_params.n_cipher_suites = 8;
10258 	}
10259 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
10260 
10261 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
10262 
10263 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
10264 
10265 	ret = ieee80211_register_hw(ar->hw);
10266 	if (ret) {
10267 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
10268 		goto err_dfs_detector_exit;
10269 	}
10270 
10271 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
10272 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
10273 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
10274 	}
10275 
10276 	if (!ath_is_world_regd(&ar->ath_common.reg_world_copy) &&
10277 	    !ath_is_world_regd(&ar->ath_common.regulatory)) {
10278 		ret = regulatory_hint(ar->hw->wiphy,
10279 				      ar->ath_common.regulatory.alpha2);
10280 		if (ret)
10281 			goto err_unregister;
10282 	}
10283 
10284 	return 0;
10285 
10286 err_unregister:
10287 	ieee80211_unregister_hw(ar->hw);
10288 
10289 err_dfs_detector_exit:
10290 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10291 		ar->dfs_detector->exit(ar->dfs_detector);
10292 
10293 err_free:
10294 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10295 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10296 
10297 	SET_IEEE80211_DEV(ar->hw, NULL);
10298 	return ret;
10299 }
10300 
10301 void ath10k_mac_unregister(struct ath10k *ar)
10302 {
10303 	ieee80211_unregister_hw(ar->hw);
10304 
10305 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10306 		ar->dfs_detector->exit(ar->dfs_detector);
10307 
10308 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10309 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10310 
10311 	SET_IEEE80211_DEV(ar->hw, NULL);
10312 }
10313