xref: /openbmc/linux/drivers/net/wireless/ath/ath10k/mac.c (revision 87fcfa7b7fe6bf819033fe827a27f710e38639b5)
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  */
7 
8 #include "mac.h"
9 
10 #include <net/cfg80211.h>
11 #include <net/mac80211.h>
12 #include <linux/etherdevice.h>
13 #include <linux/acpi.h>
14 #include <linux/of.h>
15 #include <linux/bitfield.h>
16 
17 #include "hif.h"
18 #include "core.h"
19 #include "debug.h"
20 #include "wmi.h"
21 #include "htt.h"
22 #include "txrx.h"
23 #include "testmode.h"
24 #include "wmi-tlv.h"
25 #include "wmi-ops.h"
26 #include "wow.h"
27 
28 /*********/
29 /* Rates */
30 /*********/
31 
32 static struct ieee80211_rate ath10k_rates[] = {
33 	{ .bitrate = 10,
34 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
35 	{ .bitrate = 20,
36 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
37 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
38 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
39 	{ .bitrate = 55,
40 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
41 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
42 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
43 	{ .bitrate = 110,
44 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
45 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
46 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
47 
48 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
49 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
50 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
51 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
52 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
53 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
54 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
55 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
56 };
57 
58 static struct ieee80211_rate ath10k_rates_rev2[] = {
59 	{ .bitrate = 10,
60 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
61 	{ .bitrate = 20,
62 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
63 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
64 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
65 	{ .bitrate = 55,
66 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
67 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
68 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
69 	{ .bitrate = 110,
70 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
71 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
72 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
73 
74 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
75 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
76 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
77 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
78 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
79 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
80 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
81 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
82 };
83 
84 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
85 
86 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
87 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
88 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
89 #define ath10k_g_rates (ath10k_rates + 0)
90 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
91 
92 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
93 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
94 
95 #define ath10k_wmi_legacy_rates ath10k_rates
96 
97 static bool ath10k_mac_bitrate_is_cck(int bitrate)
98 {
99 	switch (bitrate) {
100 	case 10:
101 	case 20:
102 	case 55:
103 	case 110:
104 		return true;
105 	}
106 
107 	return false;
108 }
109 
110 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
111 {
112 	return DIV_ROUND_UP(bitrate, 5) |
113 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
114 }
115 
116 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
117 			     u8 hw_rate, bool cck)
118 {
119 	const struct ieee80211_rate *rate;
120 	int i;
121 
122 	for (i = 0; i < sband->n_bitrates; i++) {
123 		rate = &sband->bitrates[i];
124 
125 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
126 			continue;
127 
128 		if (rate->hw_value == hw_rate)
129 			return i;
130 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
131 			 rate->hw_value_short == hw_rate)
132 			return i;
133 	}
134 
135 	return 0;
136 }
137 
138 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
139 			     u32 bitrate)
140 {
141 	int i;
142 
143 	for (i = 0; i < sband->n_bitrates; i++)
144 		if (sband->bitrates[i].bitrate == bitrate)
145 			return i;
146 
147 	return 0;
148 }
149 
150 static int ath10k_mac_get_rate_hw_value(int bitrate)
151 {
152 	int i;
153 	u8 hw_value_prefix = 0;
154 
155 	if (ath10k_mac_bitrate_is_cck(bitrate))
156 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
157 
158 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
159 		if (ath10k_rates[i].bitrate == bitrate)
160 			return hw_value_prefix | ath10k_rates[i].hw_value;
161 	}
162 
163 	return -EINVAL;
164 }
165 
166 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
167 {
168 	switch ((mcs_map >> (2 * nss)) & 0x3) {
169 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
170 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
171 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
172 	}
173 	return 0;
174 }
175 
176 static u32
177 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
178 {
179 	int nss;
180 
181 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
182 		if (ht_mcs_mask[nss])
183 			return nss + 1;
184 
185 	return 1;
186 }
187 
188 static u32
189 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
190 {
191 	int nss;
192 
193 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
194 		if (vht_mcs_mask[nss])
195 			return nss + 1;
196 
197 	return 1;
198 }
199 
200 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
201 {
202 	enum wmi_host_platform_type platform_type;
203 	int ret;
204 
205 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
206 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
207 	else
208 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
209 
210 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
211 
212 	if (ret && ret != -EOPNOTSUPP) {
213 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
214 		return ret;
215 	}
216 
217 	return 0;
218 }
219 
220 /**********/
221 /* Crypto */
222 /**********/
223 
224 static int ath10k_send_key(struct ath10k_vif *arvif,
225 			   struct ieee80211_key_conf *key,
226 			   enum set_key_cmd cmd,
227 			   const u8 *macaddr, u32 flags)
228 {
229 	struct ath10k *ar = arvif->ar;
230 	struct wmi_vdev_install_key_arg arg = {
231 		.vdev_id = arvif->vdev_id,
232 		.key_idx = key->keyidx,
233 		.key_len = key->keylen,
234 		.key_data = key->key,
235 		.key_flags = flags,
236 		.macaddr = macaddr,
237 	};
238 
239 	lockdep_assert_held(&arvif->ar->conf_mutex);
240 
241 	switch (key->cipher) {
242 	case WLAN_CIPHER_SUITE_CCMP:
243 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
244 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
245 		break;
246 	case WLAN_CIPHER_SUITE_TKIP:
247 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
248 		arg.key_txmic_len = 8;
249 		arg.key_rxmic_len = 8;
250 		break;
251 	case WLAN_CIPHER_SUITE_WEP40:
252 	case WLAN_CIPHER_SUITE_WEP104:
253 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
254 		break;
255 	case WLAN_CIPHER_SUITE_CCMP_256:
256 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
257 		break;
258 	case WLAN_CIPHER_SUITE_GCMP:
259 	case WLAN_CIPHER_SUITE_GCMP_256:
260 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
261 		break;
262 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
263 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
264 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
265 	case WLAN_CIPHER_SUITE_AES_CMAC:
266 		WARN_ON(1);
267 		return -EINVAL;
268 	default:
269 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
270 		return -EOPNOTSUPP;
271 	}
272 
273 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
274 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
275 
276 	if (cmd == DISABLE_KEY) {
277 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
278 		arg.key_data = NULL;
279 	}
280 
281 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
282 }
283 
284 static int ath10k_install_key(struct ath10k_vif *arvif,
285 			      struct ieee80211_key_conf *key,
286 			      enum set_key_cmd cmd,
287 			      const u8 *macaddr, u32 flags)
288 {
289 	struct ath10k *ar = arvif->ar;
290 	int ret;
291 	unsigned long time_left;
292 
293 	lockdep_assert_held(&ar->conf_mutex);
294 
295 	reinit_completion(&ar->install_key_done);
296 
297 	if (arvif->nohwcrypt)
298 		return 1;
299 
300 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
301 	if (ret)
302 		return ret;
303 
304 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
305 	if (time_left == 0)
306 		return -ETIMEDOUT;
307 
308 	return 0;
309 }
310 
311 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
312 					const u8 *addr)
313 {
314 	struct ath10k *ar = arvif->ar;
315 	struct ath10k_peer *peer;
316 	int ret;
317 	int i;
318 	u32 flags;
319 
320 	lockdep_assert_held(&ar->conf_mutex);
321 
322 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
323 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
324 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
325 		return -EINVAL;
326 
327 	spin_lock_bh(&ar->data_lock);
328 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
329 	spin_unlock_bh(&ar->data_lock);
330 
331 	if (!peer)
332 		return -ENOENT;
333 
334 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
335 		if (arvif->wep_keys[i] == NULL)
336 			continue;
337 
338 		switch (arvif->vif->type) {
339 		case NL80211_IFTYPE_AP:
340 			flags = WMI_KEY_PAIRWISE;
341 
342 			if (arvif->def_wep_key_idx == i)
343 				flags |= WMI_KEY_TX_USAGE;
344 
345 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
346 						 SET_KEY, addr, flags);
347 			if (ret < 0)
348 				return ret;
349 			break;
350 		case NL80211_IFTYPE_ADHOC:
351 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
352 						 SET_KEY, addr,
353 						 WMI_KEY_PAIRWISE);
354 			if (ret < 0)
355 				return ret;
356 
357 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
358 						 SET_KEY, addr, WMI_KEY_GROUP);
359 			if (ret < 0)
360 				return ret;
361 			break;
362 		default:
363 			WARN_ON(1);
364 			return -EINVAL;
365 		}
366 
367 		spin_lock_bh(&ar->data_lock);
368 		peer->keys[i] = arvif->wep_keys[i];
369 		spin_unlock_bh(&ar->data_lock);
370 	}
371 
372 	/* In some cases (notably with static WEP IBSS with multiple keys)
373 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
374 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
375 	 * didn't seem help. Using def_keyid vdev parameter seems to be
376 	 * effective so use that.
377 	 *
378 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
379 	 */
380 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
381 		return 0;
382 
383 	if (arvif->def_wep_key_idx == -1)
384 		return 0;
385 
386 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
387 					arvif->vdev_id,
388 					arvif->ar->wmi.vdev_param->def_keyid,
389 					arvif->def_wep_key_idx);
390 	if (ret) {
391 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
392 			    arvif->vdev_id, ret);
393 		return ret;
394 	}
395 
396 	return 0;
397 }
398 
399 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
400 				  const u8 *addr)
401 {
402 	struct ath10k *ar = arvif->ar;
403 	struct ath10k_peer *peer;
404 	int first_errno = 0;
405 	int ret;
406 	int i;
407 	u32 flags = 0;
408 
409 	lockdep_assert_held(&ar->conf_mutex);
410 
411 	spin_lock_bh(&ar->data_lock);
412 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
413 	spin_unlock_bh(&ar->data_lock);
414 
415 	if (!peer)
416 		return -ENOENT;
417 
418 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
419 		if (peer->keys[i] == NULL)
420 			continue;
421 
422 		/* key flags are not required to delete the key */
423 		ret = ath10k_install_key(arvif, peer->keys[i],
424 					 DISABLE_KEY, addr, flags);
425 		if (ret < 0 && first_errno == 0)
426 			first_errno = ret;
427 
428 		if (ret < 0)
429 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
430 				    i, ret);
431 
432 		spin_lock_bh(&ar->data_lock);
433 		peer->keys[i] = NULL;
434 		spin_unlock_bh(&ar->data_lock);
435 	}
436 
437 	return first_errno;
438 }
439 
440 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
441 				    u8 keyidx)
442 {
443 	struct ath10k_peer *peer;
444 	int i;
445 
446 	lockdep_assert_held(&ar->data_lock);
447 
448 	/* We don't know which vdev this peer belongs to,
449 	 * since WMI doesn't give us that information.
450 	 *
451 	 * FIXME: multi-bss needs to be handled.
452 	 */
453 	peer = ath10k_peer_find(ar, 0, addr);
454 	if (!peer)
455 		return false;
456 
457 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
458 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
459 			return true;
460 	}
461 
462 	return false;
463 }
464 
465 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
466 				 struct ieee80211_key_conf *key)
467 {
468 	struct ath10k *ar = arvif->ar;
469 	struct ath10k_peer *peer;
470 	u8 addr[ETH_ALEN];
471 	int first_errno = 0;
472 	int ret;
473 	int i;
474 	u32 flags = 0;
475 
476 	lockdep_assert_held(&ar->conf_mutex);
477 
478 	for (;;) {
479 		/* since ath10k_install_key we can't hold data_lock all the
480 		 * time, so we try to remove the keys incrementally
481 		 */
482 		spin_lock_bh(&ar->data_lock);
483 		i = 0;
484 		list_for_each_entry(peer, &ar->peers, list) {
485 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
486 				if (peer->keys[i] == key) {
487 					ether_addr_copy(addr, peer->addr);
488 					peer->keys[i] = NULL;
489 					break;
490 				}
491 			}
492 
493 			if (i < ARRAY_SIZE(peer->keys))
494 				break;
495 		}
496 		spin_unlock_bh(&ar->data_lock);
497 
498 		if (i == ARRAY_SIZE(peer->keys))
499 			break;
500 		/* key flags are not required to delete the key */
501 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
502 		if (ret < 0 && first_errno == 0)
503 			first_errno = ret;
504 
505 		if (ret)
506 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
507 				    addr, ret);
508 	}
509 
510 	return first_errno;
511 }
512 
513 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
514 					 struct ieee80211_key_conf *key)
515 {
516 	struct ath10k *ar = arvif->ar;
517 	struct ath10k_peer *peer;
518 	int ret;
519 
520 	lockdep_assert_held(&ar->conf_mutex);
521 
522 	list_for_each_entry(peer, &ar->peers, list) {
523 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
524 			continue;
525 
526 		if (ether_addr_equal(peer->addr, arvif->bssid))
527 			continue;
528 
529 		if (peer->keys[key->keyidx] == key)
530 			continue;
531 
532 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
533 			   arvif->vdev_id, key->keyidx);
534 
535 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
536 		if (ret) {
537 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
538 				    arvif->vdev_id, peer->addr, ret);
539 			return ret;
540 		}
541 	}
542 
543 	return 0;
544 }
545 
546 /*********************/
547 /* General utilities */
548 /*********************/
549 
550 static inline enum wmi_phy_mode
551 chan_to_phymode(const struct cfg80211_chan_def *chandef)
552 {
553 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
554 
555 	switch (chandef->chan->band) {
556 	case NL80211_BAND_2GHZ:
557 		switch (chandef->width) {
558 		case NL80211_CHAN_WIDTH_20_NOHT:
559 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
560 				phymode = MODE_11B;
561 			else
562 				phymode = MODE_11G;
563 			break;
564 		case NL80211_CHAN_WIDTH_20:
565 			phymode = MODE_11NG_HT20;
566 			break;
567 		case NL80211_CHAN_WIDTH_40:
568 			phymode = MODE_11NG_HT40;
569 			break;
570 		case NL80211_CHAN_WIDTH_5:
571 		case NL80211_CHAN_WIDTH_10:
572 		case NL80211_CHAN_WIDTH_80:
573 		case NL80211_CHAN_WIDTH_80P80:
574 		case NL80211_CHAN_WIDTH_160:
575 			phymode = MODE_UNKNOWN;
576 			break;
577 		}
578 		break;
579 	case NL80211_BAND_5GHZ:
580 		switch (chandef->width) {
581 		case NL80211_CHAN_WIDTH_20_NOHT:
582 			phymode = MODE_11A;
583 			break;
584 		case NL80211_CHAN_WIDTH_20:
585 			phymode = MODE_11NA_HT20;
586 			break;
587 		case NL80211_CHAN_WIDTH_40:
588 			phymode = MODE_11NA_HT40;
589 			break;
590 		case NL80211_CHAN_WIDTH_80:
591 			phymode = MODE_11AC_VHT80;
592 			break;
593 		case NL80211_CHAN_WIDTH_160:
594 			phymode = MODE_11AC_VHT160;
595 			break;
596 		case NL80211_CHAN_WIDTH_80P80:
597 			phymode = MODE_11AC_VHT80_80;
598 			break;
599 		case NL80211_CHAN_WIDTH_5:
600 		case NL80211_CHAN_WIDTH_10:
601 			phymode = MODE_UNKNOWN;
602 			break;
603 		}
604 		break;
605 	default:
606 		break;
607 	}
608 
609 	WARN_ON(phymode == MODE_UNKNOWN);
610 	return phymode;
611 }
612 
613 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
614 {
615 /*
616  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
617  *   0 for no restriction
618  *   1 for 1/4 us
619  *   2 for 1/2 us
620  *   3 for 1 us
621  *   4 for 2 us
622  *   5 for 4 us
623  *   6 for 8 us
624  *   7 for 16 us
625  */
626 	switch (mpdudensity) {
627 	case 0:
628 		return 0;
629 	case 1:
630 	case 2:
631 	case 3:
632 	/* Our lower layer calculations limit our precision to
633 	 * 1 microsecond
634 	 */
635 		return 1;
636 	case 4:
637 		return 2;
638 	case 5:
639 		return 4;
640 	case 6:
641 		return 8;
642 	case 7:
643 		return 16;
644 	default:
645 		return 0;
646 	}
647 }
648 
649 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
650 			struct cfg80211_chan_def *def)
651 {
652 	struct ieee80211_chanctx_conf *conf;
653 
654 	rcu_read_lock();
655 	conf = rcu_dereference(vif->chanctx_conf);
656 	if (!conf) {
657 		rcu_read_unlock();
658 		return -ENOENT;
659 	}
660 
661 	*def = conf->def;
662 	rcu_read_unlock();
663 
664 	return 0;
665 }
666 
667 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
668 					 struct ieee80211_chanctx_conf *conf,
669 					 void *data)
670 {
671 	int *num = data;
672 
673 	(*num)++;
674 }
675 
676 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
677 {
678 	int num = 0;
679 
680 	ieee80211_iter_chan_contexts_atomic(ar->hw,
681 					    ath10k_mac_num_chanctxs_iter,
682 					    &num);
683 
684 	return num;
685 }
686 
687 static void
688 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
689 				struct ieee80211_chanctx_conf *conf,
690 				void *data)
691 {
692 	struct cfg80211_chan_def **def = data;
693 
694 	*def = &conf->def;
695 }
696 
697 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
698 					     const u8 *addr)
699 {
700 	unsigned long time_left;
701 	int ret;
702 
703 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
704 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
705 		if (ret) {
706 			ath10k_warn(ar, "failed wait for peer deleted");
707 			return;
708 		}
709 
710 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
711 							5 * HZ);
712 		if (!time_left)
713 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
714 	}
715 }
716 
717 static int ath10k_peer_create(struct ath10k *ar,
718 			      struct ieee80211_vif *vif,
719 			      struct ieee80211_sta *sta,
720 			      u32 vdev_id,
721 			      const u8 *addr,
722 			      enum wmi_peer_type peer_type)
723 {
724 	struct ath10k_vif *arvif;
725 	struct ath10k_peer *peer;
726 	int num_peers = 0;
727 	int ret;
728 
729 	lockdep_assert_held(&ar->conf_mutex);
730 
731 	num_peers = ar->num_peers;
732 
733 	/* Each vdev consumes a peer entry as well */
734 	list_for_each_entry(arvif, &ar->arvifs, list)
735 		num_peers++;
736 
737 	if (num_peers >= ar->max_num_peers)
738 		return -ENOBUFS;
739 
740 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
741 	if (ret) {
742 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
743 			    addr, vdev_id, ret);
744 		return ret;
745 	}
746 
747 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
748 	if (ret) {
749 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
750 			    addr, vdev_id, ret);
751 		return ret;
752 	}
753 
754 	spin_lock_bh(&ar->data_lock);
755 
756 	peer = ath10k_peer_find(ar, vdev_id, addr);
757 	if (!peer) {
758 		spin_unlock_bh(&ar->data_lock);
759 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
760 			    addr, vdev_id);
761 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
762 		return -ENOENT;
763 	}
764 
765 	peer->vif = vif;
766 	peer->sta = sta;
767 
768 	spin_unlock_bh(&ar->data_lock);
769 
770 	ar->num_peers++;
771 
772 	return 0;
773 }
774 
775 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
776 {
777 	struct ath10k *ar = arvif->ar;
778 	u32 param;
779 	int ret;
780 
781 	param = ar->wmi.pdev_param->sta_kickout_th;
782 	ret = ath10k_wmi_pdev_set_param(ar, param,
783 					ATH10K_KICKOUT_THRESHOLD);
784 	if (ret) {
785 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
786 			    arvif->vdev_id, ret);
787 		return ret;
788 	}
789 
790 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
791 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
792 					ATH10K_KEEPALIVE_MIN_IDLE);
793 	if (ret) {
794 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
795 			    arvif->vdev_id, ret);
796 		return ret;
797 	}
798 
799 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
800 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
801 					ATH10K_KEEPALIVE_MAX_IDLE);
802 	if (ret) {
803 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
804 			    arvif->vdev_id, ret);
805 		return ret;
806 	}
807 
808 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
809 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
810 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
811 	if (ret) {
812 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
813 			    arvif->vdev_id, ret);
814 		return ret;
815 	}
816 
817 	return 0;
818 }
819 
820 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
821 {
822 	struct ath10k *ar = arvif->ar;
823 	u32 vdev_param;
824 
825 	vdev_param = ar->wmi.vdev_param->rts_threshold;
826 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
827 }
828 
829 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
830 {
831 	int ret;
832 
833 	lockdep_assert_held(&ar->conf_mutex);
834 
835 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
836 	if (ret)
837 		return ret;
838 
839 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
840 	if (ret)
841 		return ret;
842 
843 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
844 		unsigned long time_left;
845 
846 		time_left = wait_for_completion_timeout
847 			    (&ar->peer_delete_done, 5 * HZ);
848 
849 		if (!time_left) {
850 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
851 			return -ETIMEDOUT;
852 		}
853 	}
854 
855 	ar->num_peers--;
856 
857 	return 0;
858 }
859 
860 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
861 {
862 	struct ath10k_peer *peer, *tmp;
863 	int peer_id;
864 	int i;
865 
866 	lockdep_assert_held(&ar->conf_mutex);
867 
868 	spin_lock_bh(&ar->data_lock);
869 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
870 		if (peer->vdev_id != vdev_id)
871 			continue;
872 
873 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
874 			    peer->addr, vdev_id);
875 
876 		for_each_set_bit(peer_id, peer->peer_ids,
877 				 ATH10K_MAX_NUM_PEER_IDS) {
878 			ar->peer_map[peer_id] = NULL;
879 		}
880 
881 		/* Double check that peer is properly un-referenced from
882 		 * the peer_map
883 		 */
884 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
885 			if (ar->peer_map[i] == peer) {
886 				ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
887 					    peer->addr, peer, i);
888 				ar->peer_map[i] = NULL;
889 			}
890 		}
891 
892 		list_del(&peer->list);
893 		kfree(peer);
894 		ar->num_peers--;
895 	}
896 	spin_unlock_bh(&ar->data_lock);
897 }
898 
899 static void ath10k_peer_cleanup_all(struct ath10k *ar)
900 {
901 	struct ath10k_peer *peer, *tmp;
902 	int i;
903 
904 	lockdep_assert_held(&ar->conf_mutex);
905 
906 	spin_lock_bh(&ar->data_lock);
907 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
908 		list_del(&peer->list);
909 		kfree(peer);
910 	}
911 
912 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
913 		ar->peer_map[i] = NULL;
914 
915 	spin_unlock_bh(&ar->data_lock);
916 
917 	ar->num_peers = 0;
918 	ar->num_stations = 0;
919 }
920 
921 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
922 				       struct ieee80211_sta *sta,
923 				       enum wmi_tdls_peer_state state)
924 {
925 	int ret;
926 	struct wmi_tdls_peer_update_cmd_arg arg = {};
927 	struct wmi_tdls_peer_capab_arg cap = {};
928 	struct wmi_channel_arg chan_arg = {};
929 
930 	lockdep_assert_held(&ar->conf_mutex);
931 
932 	arg.vdev_id = vdev_id;
933 	arg.peer_state = state;
934 	ether_addr_copy(arg.addr, sta->addr);
935 
936 	cap.peer_max_sp = sta->max_sp;
937 	cap.peer_uapsd_queues = sta->uapsd_queues;
938 
939 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
940 	    !sta->tdls_initiator)
941 		cap.is_peer_responder = 1;
942 
943 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
944 	if (ret) {
945 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
946 			    arg.addr, vdev_id, ret);
947 		return ret;
948 	}
949 
950 	return 0;
951 }
952 
953 /************************/
954 /* Interface management */
955 /************************/
956 
957 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
958 {
959 	struct ath10k *ar = arvif->ar;
960 
961 	lockdep_assert_held(&ar->data_lock);
962 
963 	if (!arvif->beacon)
964 		return;
965 
966 	if (!arvif->beacon_buf)
967 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
968 				 arvif->beacon->len, DMA_TO_DEVICE);
969 
970 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
971 		    arvif->beacon_state != ATH10K_BEACON_SENT))
972 		return;
973 
974 	dev_kfree_skb_any(arvif->beacon);
975 
976 	arvif->beacon = NULL;
977 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
978 }
979 
980 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
981 {
982 	struct ath10k *ar = arvif->ar;
983 
984 	lockdep_assert_held(&ar->data_lock);
985 
986 	ath10k_mac_vif_beacon_free(arvif);
987 
988 	if (arvif->beacon_buf) {
989 		dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
990 				  arvif->beacon_buf, arvif->beacon_paddr);
991 		arvif->beacon_buf = NULL;
992 	}
993 }
994 
995 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
996 {
997 	unsigned long time_left;
998 
999 	lockdep_assert_held(&ar->conf_mutex);
1000 
1001 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1002 		return -ESHUTDOWN;
1003 
1004 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1005 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1006 	if (time_left == 0)
1007 		return -ETIMEDOUT;
1008 
1009 	return ar->last_wmi_vdev_start_status;
1010 }
1011 
1012 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1013 {
1014 	struct cfg80211_chan_def *chandef = NULL;
1015 	struct ieee80211_channel *channel = NULL;
1016 	struct wmi_vdev_start_request_arg arg = {};
1017 	int ret = 0;
1018 
1019 	lockdep_assert_held(&ar->conf_mutex);
1020 
1021 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1022 					    ath10k_mac_get_any_chandef_iter,
1023 					    &chandef);
1024 	if (WARN_ON_ONCE(!chandef))
1025 		return -ENOENT;
1026 
1027 	channel = chandef->chan;
1028 
1029 	arg.vdev_id = vdev_id;
1030 	arg.channel.freq = channel->center_freq;
1031 	arg.channel.band_center_freq1 = chandef->center_freq1;
1032 	arg.channel.band_center_freq2 = chandef->center_freq2;
1033 
1034 	/* TODO setup this dynamically, what in case we
1035 	 * don't have any vifs?
1036 	 */
1037 	arg.channel.mode = chan_to_phymode(chandef);
1038 	arg.channel.chan_radar =
1039 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1040 
1041 	arg.channel.min_power = 0;
1042 	arg.channel.max_power = channel->max_power * 2;
1043 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1044 	arg.channel.max_antenna_gain = channel->max_antenna_gain * 2;
1045 
1046 	reinit_completion(&ar->vdev_setup_done);
1047 	reinit_completion(&ar->vdev_delete_done);
1048 
1049 	ret = ath10k_wmi_vdev_start(ar, &arg);
1050 	if (ret) {
1051 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1052 			    vdev_id, ret);
1053 		return ret;
1054 	}
1055 
1056 	ret = ath10k_vdev_setup_sync(ar);
1057 	if (ret) {
1058 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1059 			    vdev_id, ret);
1060 		return ret;
1061 	}
1062 
1063 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1064 	if (ret) {
1065 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1066 			    vdev_id, ret);
1067 		goto vdev_stop;
1068 	}
1069 
1070 	ar->monitor_vdev_id = vdev_id;
1071 
1072 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1073 		   ar->monitor_vdev_id);
1074 	return 0;
1075 
1076 vdev_stop:
1077 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1078 	if (ret)
1079 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1080 			    ar->monitor_vdev_id, ret);
1081 
1082 	return ret;
1083 }
1084 
1085 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1086 {
1087 	int ret = 0;
1088 
1089 	lockdep_assert_held(&ar->conf_mutex);
1090 
1091 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1092 	if (ret)
1093 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1094 			    ar->monitor_vdev_id, ret);
1095 
1096 	reinit_completion(&ar->vdev_setup_done);
1097 	reinit_completion(&ar->vdev_delete_done);
1098 
1099 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1100 	if (ret)
1101 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1102 			    ar->monitor_vdev_id, ret);
1103 
1104 	ret = ath10k_vdev_setup_sync(ar);
1105 	if (ret)
1106 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1107 			    ar->monitor_vdev_id, ret);
1108 
1109 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1110 		   ar->monitor_vdev_id);
1111 	return ret;
1112 }
1113 
1114 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1115 {
1116 	int bit, ret = 0;
1117 
1118 	lockdep_assert_held(&ar->conf_mutex);
1119 
1120 	if (ar->free_vdev_map == 0) {
1121 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1122 		return -ENOMEM;
1123 	}
1124 
1125 	bit = __ffs64(ar->free_vdev_map);
1126 
1127 	ar->monitor_vdev_id = bit;
1128 
1129 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1130 				     WMI_VDEV_TYPE_MONITOR,
1131 				     0, ar->mac_addr);
1132 	if (ret) {
1133 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1134 			    ar->monitor_vdev_id, ret);
1135 		return ret;
1136 	}
1137 
1138 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1139 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1140 		   ar->monitor_vdev_id);
1141 
1142 	return 0;
1143 }
1144 
1145 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1146 {
1147 	int ret = 0;
1148 
1149 	lockdep_assert_held(&ar->conf_mutex);
1150 
1151 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1152 	if (ret) {
1153 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1154 			    ar->monitor_vdev_id, ret);
1155 		return ret;
1156 	}
1157 
1158 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1159 
1160 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1161 		   ar->monitor_vdev_id);
1162 	return ret;
1163 }
1164 
1165 static int ath10k_monitor_start(struct ath10k *ar)
1166 {
1167 	int ret;
1168 
1169 	lockdep_assert_held(&ar->conf_mutex);
1170 
1171 	ret = ath10k_monitor_vdev_create(ar);
1172 	if (ret) {
1173 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1174 		return ret;
1175 	}
1176 
1177 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1178 	if (ret) {
1179 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1180 		ath10k_monitor_vdev_delete(ar);
1181 		return ret;
1182 	}
1183 
1184 	ar->monitor_started = true;
1185 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1186 
1187 	return 0;
1188 }
1189 
1190 static int ath10k_monitor_stop(struct ath10k *ar)
1191 {
1192 	int ret;
1193 
1194 	lockdep_assert_held(&ar->conf_mutex);
1195 
1196 	ret = ath10k_monitor_vdev_stop(ar);
1197 	if (ret) {
1198 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1199 		return ret;
1200 	}
1201 
1202 	ret = ath10k_monitor_vdev_delete(ar);
1203 	if (ret) {
1204 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1205 		return ret;
1206 	}
1207 
1208 	ar->monitor_started = false;
1209 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1210 
1211 	return 0;
1212 }
1213 
1214 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1215 {
1216 	int num_ctx;
1217 
1218 	/* At least one chanctx is required to derive a channel to start
1219 	 * monitor vdev on.
1220 	 */
1221 	num_ctx = ath10k_mac_num_chanctxs(ar);
1222 	if (num_ctx == 0)
1223 		return false;
1224 
1225 	/* If there's already an existing special monitor interface then don't
1226 	 * bother creating another monitor vdev.
1227 	 */
1228 	if (ar->monitor_arvif)
1229 		return false;
1230 
1231 	return ar->monitor ||
1232 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1233 			  ar->running_fw->fw_file.fw_features) &&
1234 		(ar->filter_flags & FIF_OTHER_BSS)) ||
1235 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1236 }
1237 
1238 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1239 {
1240 	int num_ctx;
1241 
1242 	num_ctx = ath10k_mac_num_chanctxs(ar);
1243 
1244 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1245 	 * shouldn't allow this but make sure to prevent handling the following
1246 	 * case anyway since multi-channel DFS hasn't been tested at all.
1247 	 */
1248 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1249 		return false;
1250 
1251 	return true;
1252 }
1253 
1254 static int ath10k_monitor_recalc(struct ath10k *ar)
1255 {
1256 	bool needed;
1257 	bool allowed;
1258 	int ret;
1259 
1260 	lockdep_assert_held(&ar->conf_mutex);
1261 
1262 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1263 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1264 
1265 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1266 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1267 		   ar->monitor_started, needed, allowed);
1268 
1269 	if (WARN_ON(needed && !allowed)) {
1270 		if (ar->monitor_started) {
1271 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1272 
1273 			ret = ath10k_monitor_stop(ar);
1274 			if (ret)
1275 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1276 					    ret);
1277 				/* not serious */
1278 		}
1279 
1280 		return -EPERM;
1281 	}
1282 
1283 	if (needed == ar->monitor_started)
1284 		return 0;
1285 
1286 	if (needed)
1287 		return ath10k_monitor_start(ar);
1288 	else
1289 		return ath10k_monitor_stop(ar);
1290 }
1291 
1292 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1293 {
1294 	struct ath10k *ar = arvif->ar;
1295 
1296 	lockdep_assert_held(&ar->conf_mutex);
1297 
1298 	if (!arvif->is_started) {
1299 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1300 		return false;
1301 	}
1302 
1303 	return true;
1304 }
1305 
1306 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1307 {
1308 	struct ath10k *ar = arvif->ar;
1309 	u32 vdev_param;
1310 
1311 	lockdep_assert_held(&ar->conf_mutex);
1312 
1313 	vdev_param = ar->wmi.vdev_param->protection_mode;
1314 
1315 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1316 		   arvif->vdev_id, arvif->use_cts_prot);
1317 
1318 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1319 					 arvif->use_cts_prot ? 1 : 0);
1320 }
1321 
1322 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1323 {
1324 	struct ath10k *ar = arvif->ar;
1325 	u32 vdev_param, rts_cts = 0;
1326 
1327 	lockdep_assert_held(&ar->conf_mutex);
1328 
1329 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1330 
1331 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1332 
1333 	if (arvif->num_legacy_stations > 0)
1334 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1335 			      WMI_RTSCTS_PROFILE);
1336 	else
1337 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1338 			      WMI_RTSCTS_PROFILE);
1339 
1340 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1341 		   arvif->vdev_id, rts_cts);
1342 
1343 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1344 					 rts_cts);
1345 }
1346 
1347 static int ath10k_start_cac(struct ath10k *ar)
1348 {
1349 	int ret;
1350 
1351 	lockdep_assert_held(&ar->conf_mutex);
1352 
1353 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1354 
1355 	ret = ath10k_monitor_recalc(ar);
1356 	if (ret) {
1357 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1358 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1359 		return ret;
1360 	}
1361 
1362 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1363 		   ar->monitor_vdev_id);
1364 
1365 	return 0;
1366 }
1367 
1368 static int ath10k_stop_cac(struct ath10k *ar)
1369 {
1370 	lockdep_assert_held(&ar->conf_mutex);
1371 
1372 	/* CAC is not running - do nothing */
1373 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1374 		return 0;
1375 
1376 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1377 	ath10k_monitor_stop(ar);
1378 
1379 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1380 
1381 	return 0;
1382 }
1383 
1384 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1385 				      struct ieee80211_chanctx_conf *conf,
1386 				      void *data)
1387 {
1388 	bool *ret = data;
1389 
1390 	if (!*ret && conf->radar_enabled)
1391 		*ret = true;
1392 }
1393 
1394 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1395 {
1396 	bool has_radar = false;
1397 
1398 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1399 					    ath10k_mac_has_radar_iter,
1400 					    &has_radar);
1401 
1402 	return has_radar;
1403 }
1404 
1405 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1406 {
1407 	int ret;
1408 
1409 	lockdep_assert_held(&ar->conf_mutex);
1410 
1411 	ath10k_stop_cac(ar);
1412 
1413 	if (!ath10k_mac_has_radar_enabled(ar))
1414 		return;
1415 
1416 	if (ar->num_started_vdevs > 0)
1417 		return;
1418 
1419 	ret = ath10k_start_cac(ar);
1420 	if (ret) {
1421 		/*
1422 		 * Not possible to start CAC on current channel so starting
1423 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1424 		 * by indicating that radar was detected.
1425 		 */
1426 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1427 		ieee80211_radar_detected(ar->hw);
1428 	}
1429 }
1430 
1431 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1432 {
1433 	struct ath10k *ar = arvif->ar;
1434 	int ret;
1435 
1436 	lockdep_assert_held(&ar->conf_mutex);
1437 
1438 	reinit_completion(&ar->vdev_setup_done);
1439 	reinit_completion(&ar->vdev_delete_done);
1440 
1441 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1442 	if (ret) {
1443 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1444 			    arvif->vdev_id, ret);
1445 		return ret;
1446 	}
1447 
1448 	ret = ath10k_vdev_setup_sync(ar);
1449 	if (ret) {
1450 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1451 			    arvif->vdev_id, ret);
1452 		return ret;
1453 	}
1454 
1455 	WARN_ON(ar->num_started_vdevs == 0);
1456 
1457 	if (ar->num_started_vdevs != 0) {
1458 		ar->num_started_vdevs--;
1459 		ath10k_recalc_radar_detection(ar);
1460 	}
1461 
1462 	return ret;
1463 }
1464 
1465 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1466 				     const struct cfg80211_chan_def *chandef,
1467 				     bool restart)
1468 {
1469 	struct ath10k *ar = arvif->ar;
1470 	struct wmi_vdev_start_request_arg arg = {};
1471 	int ret = 0;
1472 
1473 	lockdep_assert_held(&ar->conf_mutex);
1474 
1475 	reinit_completion(&ar->vdev_setup_done);
1476 	reinit_completion(&ar->vdev_delete_done);
1477 
1478 	arg.vdev_id = arvif->vdev_id;
1479 	arg.dtim_period = arvif->dtim_period;
1480 	arg.bcn_intval = arvif->beacon_interval;
1481 
1482 	arg.channel.freq = chandef->chan->center_freq;
1483 	arg.channel.band_center_freq1 = chandef->center_freq1;
1484 	arg.channel.band_center_freq2 = chandef->center_freq2;
1485 	arg.channel.mode = chan_to_phymode(chandef);
1486 
1487 	arg.channel.min_power = 0;
1488 	arg.channel.max_power = chandef->chan->max_power * 2;
1489 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1490 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain * 2;
1491 
1492 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1493 		arg.ssid = arvif->u.ap.ssid;
1494 		arg.ssid_len = arvif->u.ap.ssid_len;
1495 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1496 
1497 		/* For now allow DFS for AP mode */
1498 		arg.channel.chan_radar =
1499 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1500 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1501 		arg.ssid = arvif->vif->bss_conf.ssid;
1502 		arg.ssid_len = arvif->vif->bss_conf.ssid_len;
1503 	}
1504 
1505 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1506 		   "mac vdev %d start center_freq %d phymode %s\n",
1507 		   arg.vdev_id, arg.channel.freq,
1508 		   ath10k_wmi_phymode_str(arg.channel.mode));
1509 
1510 	if (restart)
1511 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1512 	else
1513 		ret = ath10k_wmi_vdev_start(ar, &arg);
1514 
1515 	if (ret) {
1516 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1517 			    arg.vdev_id, ret);
1518 		return ret;
1519 	}
1520 
1521 	ret = ath10k_vdev_setup_sync(ar);
1522 	if (ret) {
1523 		ath10k_warn(ar,
1524 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1525 			    arg.vdev_id, restart, ret);
1526 		return ret;
1527 	}
1528 
1529 	ar->num_started_vdevs++;
1530 	ath10k_recalc_radar_detection(ar);
1531 
1532 	return ret;
1533 }
1534 
1535 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1536 			     const struct cfg80211_chan_def *def)
1537 {
1538 	return ath10k_vdev_start_restart(arvif, def, false);
1539 }
1540 
1541 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1542 			       const struct cfg80211_chan_def *def)
1543 {
1544 	return ath10k_vdev_start_restart(arvif, def, true);
1545 }
1546 
1547 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1548 				       struct sk_buff *bcn)
1549 {
1550 	struct ath10k *ar = arvif->ar;
1551 	struct ieee80211_mgmt *mgmt;
1552 	const u8 *p2p_ie;
1553 	int ret;
1554 
1555 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1556 		return 0;
1557 
1558 	mgmt = (void *)bcn->data;
1559 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1560 					 mgmt->u.beacon.variable,
1561 					 bcn->len - (mgmt->u.beacon.variable -
1562 						     bcn->data));
1563 	if (!p2p_ie)
1564 		return -ENOENT;
1565 
1566 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1567 	if (ret) {
1568 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1569 			    arvif->vdev_id, ret);
1570 		return ret;
1571 	}
1572 
1573 	return 0;
1574 }
1575 
1576 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1577 				       u8 oui_type, size_t ie_offset)
1578 {
1579 	size_t len;
1580 	const u8 *next;
1581 	const u8 *end;
1582 	u8 *ie;
1583 
1584 	if (WARN_ON(skb->len < ie_offset))
1585 		return -EINVAL;
1586 
1587 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1588 					   skb->data + ie_offset,
1589 					   skb->len - ie_offset);
1590 	if (!ie)
1591 		return -ENOENT;
1592 
1593 	len = ie[1] + 2;
1594 	end = skb->data + skb->len;
1595 	next = ie + len;
1596 
1597 	if (WARN_ON(next > end))
1598 		return -EINVAL;
1599 
1600 	memmove(ie, next, end - next);
1601 	skb_trim(skb, skb->len - len);
1602 
1603 	return 0;
1604 }
1605 
1606 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1607 {
1608 	struct ath10k *ar = arvif->ar;
1609 	struct ieee80211_hw *hw = ar->hw;
1610 	struct ieee80211_vif *vif = arvif->vif;
1611 	struct ieee80211_mutable_offsets offs = {};
1612 	struct sk_buff *bcn;
1613 	int ret;
1614 
1615 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1616 		return 0;
1617 
1618 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1619 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1620 		return 0;
1621 
1622 	bcn = ieee80211_beacon_get_template(hw, vif, &offs);
1623 	if (!bcn) {
1624 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1625 		return -EPERM;
1626 	}
1627 
1628 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1629 	if (ret) {
1630 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1631 		kfree_skb(bcn);
1632 		return ret;
1633 	}
1634 
1635 	/* P2P IE is inserted by firmware automatically (as configured above)
1636 	 * so remove it from the base beacon template to avoid duplicate P2P
1637 	 * IEs in beacon frames.
1638 	 */
1639 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1640 				    offsetof(struct ieee80211_mgmt,
1641 					     u.beacon.variable));
1642 
1643 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1644 				  0, NULL, 0);
1645 	kfree_skb(bcn);
1646 
1647 	if (ret) {
1648 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1649 			    ret);
1650 		return ret;
1651 	}
1652 
1653 	return 0;
1654 }
1655 
1656 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1657 {
1658 	struct ath10k *ar = arvif->ar;
1659 	struct ieee80211_hw *hw = ar->hw;
1660 	struct ieee80211_vif *vif = arvif->vif;
1661 	struct sk_buff *prb;
1662 	int ret;
1663 
1664 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1665 		return 0;
1666 
1667 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1668 		return 0;
1669 
1670 	 /* For mesh, probe response and beacon share the same template */
1671 	if (ieee80211_vif_is_mesh(vif))
1672 		return 0;
1673 
1674 	prb = ieee80211_proberesp_get(hw, vif);
1675 	if (!prb) {
1676 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1677 		return -EPERM;
1678 	}
1679 
1680 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1681 	kfree_skb(prb);
1682 
1683 	if (ret) {
1684 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1685 			    ret);
1686 		return ret;
1687 	}
1688 
1689 	return 0;
1690 }
1691 
1692 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1693 {
1694 	struct ath10k *ar = arvif->ar;
1695 	struct cfg80211_chan_def def;
1696 	int ret;
1697 
1698 	/* When originally vdev is started during assign_vif_chanctx() some
1699 	 * information is missing, notably SSID. Firmware revisions with beacon
1700 	 * offloading require the SSID to be provided during vdev (re)start to
1701 	 * handle hidden SSID properly.
1702 	 *
1703 	 * Vdev restart must be done after vdev has been both started and
1704 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1705 	 * deliver vdev restart response event causing timeouts during vdev
1706 	 * syncing in ath10k.
1707 	 *
1708 	 * Note: The vdev down/up and template reinstallation could be skipped
1709 	 * since only wmi-tlv firmware are known to have beacon offload and
1710 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1711 	 * response delivery. It's probably more robust to keep it as is.
1712 	 */
1713 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1714 		return 0;
1715 
1716 	if (WARN_ON(!arvif->is_started))
1717 		return -EINVAL;
1718 
1719 	if (WARN_ON(!arvif->is_up))
1720 		return -EINVAL;
1721 
1722 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1723 		return -EINVAL;
1724 
1725 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1726 	if (ret) {
1727 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1728 			    arvif->vdev_id, ret);
1729 		return ret;
1730 	}
1731 
1732 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1733 	 * firmware will crash upon vdev up.
1734 	 */
1735 
1736 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1737 	if (ret) {
1738 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1739 		return ret;
1740 	}
1741 
1742 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1743 	if (ret) {
1744 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1745 		return ret;
1746 	}
1747 
1748 	ret = ath10k_vdev_restart(arvif, &def);
1749 	if (ret) {
1750 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1751 			    arvif->vdev_id, ret);
1752 		return ret;
1753 	}
1754 
1755 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1756 				 arvif->bssid);
1757 	if (ret) {
1758 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1759 			    arvif->vdev_id, ret);
1760 		return ret;
1761 	}
1762 
1763 	return 0;
1764 }
1765 
1766 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1767 				     struct ieee80211_bss_conf *info)
1768 {
1769 	struct ath10k *ar = arvif->ar;
1770 	int ret = 0;
1771 
1772 	lockdep_assert_held(&arvif->ar->conf_mutex);
1773 
1774 	if (!info->enable_beacon) {
1775 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1776 		if (ret)
1777 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1778 				    arvif->vdev_id, ret);
1779 
1780 		arvif->is_up = false;
1781 
1782 		spin_lock_bh(&arvif->ar->data_lock);
1783 		ath10k_mac_vif_beacon_free(arvif);
1784 		spin_unlock_bh(&arvif->ar->data_lock);
1785 
1786 		return;
1787 	}
1788 
1789 	arvif->tx_seq_no = 0x1000;
1790 
1791 	arvif->aid = 0;
1792 	ether_addr_copy(arvif->bssid, info->bssid);
1793 
1794 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1795 				 arvif->bssid);
1796 	if (ret) {
1797 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1798 			    arvif->vdev_id, ret);
1799 		return;
1800 	}
1801 
1802 	arvif->is_up = true;
1803 
1804 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1805 	if (ret) {
1806 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1807 			    arvif->vdev_id, ret);
1808 		return;
1809 	}
1810 
1811 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1812 }
1813 
1814 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1815 				struct ieee80211_bss_conf *info,
1816 				const u8 self_peer[ETH_ALEN])
1817 {
1818 	struct ath10k *ar = arvif->ar;
1819 	u32 vdev_param;
1820 	int ret = 0;
1821 
1822 	lockdep_assert_held(&arvif->ar->conf_mutex);
1823 
1824 	if (!info->ibss_joined) {
1825 		if (is_zero_ether_addr(arvif->bssid))
1826 			return;
1827 
1828 		eth_zero_addr(arvif->bssid);
1829 
1830 		return;
1831 	}
1832 
1833 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1834 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1835 					ATH10K_DEFAULT_ATIM);
1836 	if (ret)
1837 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1838 			    arvif->vdev_id, ret);
1839 }
1840 
1841 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1842 {
1843 	struct ath10k *ar = arvif->ar;
1844 	u32 param;
1845 	u32 value;
1846 	int ret;
1847 
1848 	lockdep_assert_held(&arvif->ar->conf_mutex);
1849 
1850 	if (arvif->u.sta.uapsd)
1851 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1852 	else
1853 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1854 
1855 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1856 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1857 	if (ret) {
1858 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1859 			    value, arvif->vdev_id, ret);
1860 		return ret;
1861 	}
1862 
1863 	return 0;
1864 }
1865 
1866 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1867 {
1868 	struct ath10k *ar = arvif->ar;
1869 	u32 param;
1870 	u32 value;
1871 	int ret;
1872 
1873 	lockdep_assert_held(&arvif->ar->conf_mutex);
1874 
1875 	if (arvif->u.sta.uapsd)
1876 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1877 	else
1878 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1879 
1880 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1881 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1882 					  param, value);
1883 	if (ret) {
1884 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1885 			    value, arvif->vdev_id, ret);
1886 		return ret;
1887 	}
1888 
1889 	return 0;
1890 }
1891 
1892 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1893 {
1894 	struct ath10k_vif *arvif;
1895 	int num = 0;
1896 
1897 	lockdep_assert_held(&ar->conf_mutex);
1898 
1899 	list_for_each_entry(arvif, &ar->arvifs, list)
1900 		if (arvif->is_started)
1901 			num++;
1902 
1903 	return num;
1904 }
1905 
1906 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1907 {
1908 	struct ath10k *ar = arvif->ar;
1909 	struct ieee80211_vif *vif = arvif->vif;
1910 	struct ieee80211_conf *conf = &ar->hw->conf;
1911 	enum wmi_sta_powersave_param param;
1912 	enum wmi_sta_ps_mode psmode;
1913 	int ret;
1914 	int ps_timeout;
1915 	bool enable_ps;
1916 
1917 	lockdep_assert_held(&arvif->ar->conf_mutex);
1918 
1919 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1920 		return 0;
1921 
1922 	enable_ps = arvif->ps;
1923 
1924 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1925 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1926 		      ar->running_fw->fw_file.fw_features)) {
1927 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1928 			    arvif->vdev_id);
1929 		enable_ps = false;
1930 	}
1931 
1932 	if (!arvif->is_started) {
1933 		/* mac80211 can update vif powersave state while disconnected.
1934 		 * Firmware doesn't behave nicely and consumes more power than
1935 		 * necessary if PS is disabled on a non-started vdev. Hence
1936 		 * force-enable PS for non-running vdevs.
1937 		 */
1938 		psmode = WMI_STA_PS_MODE_ENABLED;
1939 	} else if (enable_ps) {
1940 		psmode = WMI_STA_PS_MODE_ENABLED;
1941 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1942 
1943 		ps_timeout = conf->dynamic_ps_timeout;
1944 		if (ps_timeout == 0) {
1945 			/* Firmware doesn't like 0 */
1946 			ps_timeout = ieee80211_tu_to_usec(
1947 				vif->bss_conf.beacon_int) / 1000;
1948 		}
1949 
1950 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1951 						  ps_timeout);
1952 		if (ret) {
1953 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1954 				    arvif->vdev_id, ret);
1955 			return ret;
1956 		}
1957 	} else {
1958 		psmode = WMI_STA_PS_MODE_DISABLED;
1959 	}
1960 
1961 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1962 		   arvif->vdev_id, psmode ? "enable" : "disable");
1963 
1964 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1965 	if (ret) {
1966 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
1967 			    psmode, arvif->vdev_id, ret);
1968 		return ret;
1969 	}
1970 
1971 	return 0;
1972 }
1973 
1974 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
1975 {
1976 	struct ath10k *ar = arvif->ar;
1977 	struct wmi_sta_keepalive_arg arg = {};
1978 	int ret;
1979 
1980 	lockdep_assert_held(&arvif->ar->conf_mutex);
1981 
1982 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
1983 		return 0;
1984 
1985 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
1986 		return 0;
1987 
1988 	/* Some firmware revisions have a bug and ignore the `enabled` field.
1989 	 * Instead use the interval to disable the keepalive.
1990 	 */
1991 	arg.vdev_id = arvif->vdev_id;
1992 	arg.enabled = 1;
1993 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
1994 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
1995 
1996 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
1997 	if (ret) {
1998 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
1999 			    arvif->vdev_id, ret);
2000 		return ret;
2001 	}
2002 
2003 	return 0;
2004 }
2005 
2006 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2007 {
2008 	struct ath10k *ar = arvif->ar;
2009 	struct ieee80211_vif *vif = arvif->vif;
2010 	int ret;
2011 
2012 	lockdep_assert_held(&arvif->ar->conf_mutex);
2013 
2014 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2015 		return;
2016 
2017 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2018 		return;
2019 
2020 	if (!vif->csa_active)
2021 		return;
2022 
2023 	if (!arvif->is_up)
2024 		return;
2025 
2026 	if (!ieee80211_csa_is_complete(vif)) {
2027 		ieee80211_csa_update_counter(vif);
2028 
2029 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2030 		if (ret)
2031 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2032 				    ret);
2033 
2034 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2035 		if (ret)
2036 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2037 				    ret);
2038 	} else {
2039 		ieee80211_csa_finish(vif);
2040 	}
2041 }
2042 
2043 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2044 {
2045 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2046 						ap_csa_work);
2047 	struct ath10k *ar = arvif->ar;
2048 
2049 	mutex_lock(&ar->conf_mutex);
2050 	ath10k_mac_vif_ap_csa_count_down(arvif);
2051 	mutex_unlock(&ar->conf_mutex);
2052 }
2053 
2054 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2055 					  struct ieee80211_vif *vif)
2056 {
2057 	struct sk_buff *skb = data;
2058 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2059 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2060 
2061 	if (vif->type != NL80211_IFTYPE_STATION)
2062 		return;
2063 
2064 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2065 		return;
2066 
2067 	cancel_delayed_work(&arvif->connection_loss_work);
2068 }
2069 
2070 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2071 {
2072 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2073 						   IEEE80211_IFACE_ITER_NORMAL,
2074 						   ath10k_mac_handle_beacon_iter,
2075 						   skb);
2076 }
2077 
2078 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2079 					       struct ieee80211_vif *vif)
2080 {
2081 	u32 *vdev_id = data;
2082 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2083 	struct ath10k *ar = arvif->ar;
2084 	struct ieee80211_hw *hw = ar->hw;
2085 
2086 	if (arvif->vdev_id != *vdev_id)
2087 		return;
2088 
2089 	if (!arvif->is_up)
2090 		return;
2091 
2092 	ieee80211_beacon_loss(vif);
2093 
2094 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2095 	 * (done by mac80211) succeeds but beacons do not resume then it
2096 	 * doesn't make sense to continue operation. Queue connection loss work
2097 	 * which can be cancelled when beacon is received.
2098 	 */
2099 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2100 				     ATH10K_CONNECTION_LOSS_HZ);
2101 }
2102 
2103 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2104 {
2105 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2106 						   IEEE80211_IFACE_ITER_NORMAL,
2107 						   ath10k_mac_handle_beacon_miss_iter,
2108 						   &vdev_id);
2109 }
2110 
2111 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2112 {
2113 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2114 						connection_loss_work.work);
2115 	struct ieee80211_vif *vif = arvif->vif;
2116 
2117 	if (!arvif->is_up)
2118 		return;
2119 
2120 	ieee80211_connection_loss(vif);
2121 }
2122 
2123 /**********************/
2124 /* Station management */
2125 /**********************/
2126 
2127 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2128 					     struct ieee80211_vif *vif)
2129 {
2130 	/* Some firmware revisions have unstable STA powersave when listen
2131 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2132 	 * generate NullFunc frames properly even if buffered frames have been
2133 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2134 	 * buffered frames. Often pinging the device from AP would simply fail.
2135 	 *
2136 	 * As a workaround set it to 1.
2137 	 */
2138 	if (vif->type == NL80211_IFTYPE_STATION)
2139 		return 1;
2140 
2141 	return ar->hw->conf.listen_interval;
2142 }
2143 
2144 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2145 				      struct ieee80211_vif *vif,
2146 				      struct ieee80211_sta *sta,
2147 				      struct wmi_peer_assoc_complete_arg *arg)
2148 {
2149 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2150 	u32 aid;
2151 
2152 	lockdep_assert_held(&ar->conf_mutex);
2153 
2154 	if (vif->type == NL80211_IFTYPE_STATION)
2155 		aid = vif->bss_conf.aid;
2156 	else
2157 		aid = sta->aid;
2158 
2159 	ether_addr_copy(arg->addr, sta->addr);
2160 	arg->vdev_id = arvif->vdev_id;
2161 	arg->peer_aid = aid;
2162 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2163 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2164 	arg->peer_num_spatial_streams = 1;
2165 	arg->peer_caps = vif->bss_conf.assoc_capability;
2166 }
2167 
2168 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2169 				       struct ieee80211_vif *vif,
2170 				       struct ieee80211_sta *sta,
2171 				       struct wmi_peer_assoc_complete_arg *arg)
2172 {
2173 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2174 	struct cfg80211_chan_def def;
2175 	struct cfg80211_bss *bss;
2176 	const u8 *rsnie = NULL;
2177 	const u8 *wpaie = NULL;
2178 
2179 	lockdep_assert_held(&ar->conf_mutex);
2180 
2181 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2182 		return;
2183 
2184 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid, NULL, 0,
2185 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2186 	if (bss) {
2187 		const struct cfg80211_bss_ies *ies;
2188 
2189 		rcu_read_lock();
2190 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2191 
2192 		ies = rcu_dereference(bss->ies);
2193 
2194 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2195 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2196 						ies->data,
2197 						ies->len);
2198 		rcu_read_unlock();
2199 		cfg80211_put_bss(ar->hw->wiphy, bss);
2200 	}
2201 
2202 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2203 	if (rsnie || wpaie) {
2204 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2205 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2206 	}
2207 
2208 	if (wpaie) {
2209 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2210 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2211 	}
2212 
2213 	if (sta->mfp &&
2214 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2215 		     ar->running_fw->fw_file.fw_features)) {
2216 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2217 	}
2218 }
2219 
2220 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2221 				      struct ieee80211_vif *vif,
2222 				      struct ieee80211_sta *sta,
2223 				      struct wmi_peer_assoc_complete_arg *arg)
2224 {
2225 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2226 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2227 	struct cfg80211_chan_def def;
2228 	const struct ieee80211_supported_band *sband;
2229 	const struct ieee80211_rate *rates;
2230 	enum nl80211_band band;
2231 	u32 ratemask;
2232 	u8 rate;
2233 	int i;
2234 
2235 	lockdep_assert_held(&ar->conf_mutex);
2236 
2237 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2238 		return;
2239 
2240 	band = def.chan->band;
2241 	sband = ar->hw->wiphy->bands[band];
2242 	ratemask = sta->supp_rates[band];
2243 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2244 	rates = sband->bitrates;
2245 
2246 	rateset->num_rates = 0;
2247 
2248 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2249 		if (!(ratemask & 1))
2250 			continue;
2251 
2252 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2253 		rateset->rates[rateset->num_rates] = rate;
2254 		rateset->num_rates++;
2255 	}
2256 }
2257 
2258 static bool
2259 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2260 {
2261 	int nss;
2262 
2263 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2264 		if (ht_mcs_mask[nss])
2265 			return false;
2266 
2267 	return true;
2268 }
2269 
2270 static bool
2271 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2272 {
2273 	int nss;
2274 
2275 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2276 		if (vht_mcs_mask[nss])
2277 			return false;
2278 
2279 	return true;
2280 }
2281 
2282 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2283 				   struct ieee80211_vif *vif,
2284 				   struct ieee80211_sta *sta,
2285 				   struct wmi_peer_assoc_complete_arg *arg)
2286 {
2287 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->ht_cap;
2288 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2289 	struct cfg80211_chan_def def;
2290 	enum nl80211_band band;
2291 	const u8 *ht_mcs_mask;
2292 	const u16 *vht_mcs_mask;
2293 	int i, n;
2294 	u8 max_nss;
2295 	u32 stbc;
2296 
2297 	lockdep_assert_held(&ar->conf_mutex);
2298 
2299 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2300 		return;
2301 
2302 	if (!ht_cap->ht_supported)
2303 		return;
2304 
2305 	band = def.chan->band;
2306 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2307 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2308 
2309 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2310 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2311 		return;
2312 
2313 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2314 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2315 				    ht_cap->ampdu_factor)) - 1;
2316 
2317 	arg->peer_mpdu_density =
2318 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2319 
2320 	arg->peer_ht_caps = ht_cap->cap;
2321 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2322 
2323 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2324 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2325 
2326 	if (sta->bandwidth >= IEEE80211_STA_RX_BW_40) {
2327 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2328 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2329 	}
2330 
2331 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2332 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2333 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2334 
2335 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2336 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2337 	}
2338 
2339 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2340 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2341 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2342 	}
2343 
2344 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2345 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2346 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2347 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2348 		arg->peer_rate_caps |= stbc;
2349 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2350 	}
2351 
2352 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2353 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2354 	else if (ht_cap->mcs.rx_mask[1])
2355 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2356 
2357 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2358 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2359 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2360 			max_nss = (i / 8) + 1;
2361 			arg->peer_ht_rates.rates[n++] = i;
2362 		}
2363 
2364 	/*
2365 	 * This is a workaround for HT-enabled STAs which break the spec
2366 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2367 	 *
2368 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2369 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2370 	 *
2371 	 * Firmware asserts if such situation occurs.
2372 	 */
2373 	if (n == 0) {
2374 		arg->peer_ht_rates.num_rates = 8;
2375 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2376 			arg->peer_ht_rates.rates[i] = i;
2377 	} else {
2378 		arg->peer_ht_rates.num_rates = n;
2379 		arg->peer_num_spatial_streams = min(sta->rx_nss, max_nss);
2380 	}
2381 
2382 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2383 		   arg->addr,
2384 		   arg->peer_ht_rates.num_rates,
2385 		   arg->peer_num_spatial_streams);
2386 }
2387 
2388 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2389 				    struct ath10k_vif *arvif,
2390 				    struct ieee80211_sta *sta)
2391 {
2392 	u32 uapsd = 0;
2393 	u32 max_sp = 0;
2394 	int ret = 0;
2395 
2396 	lockdep_assert_held(&ar->conf_mutex);
2397 
2398 	if (sta->wme && sta->uapsd_queues) {
2399 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2400 			   sta->uapsd_queues, sta->max_sp);
2401 
2402 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2403 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2404 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2405 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2406 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2407 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2408 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2409 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2410 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2411 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2412 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2413 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2414 
2415 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2416 			max_sp = sta->max_sp;
2417 
2418 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2419 						 sta->addr,
2420 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2421 						 uapsd);
2422 		if (ret) {
2423 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2424 				    arvif->vdev_id, ret);
2425 			return ret;
2426 		}
2427 
2428 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2429 						 sta->addr,
2430 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2431 						 max_sp);
2432 		if (ret) {
2433 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2434 				    arvif->vdev_id, ret);
2435 			return ret;
2436 		}
2437 
2438 		/* TODO setup this based on STA listen interval and
2439 		 * beacon interval. Currently we don't know
2440 		 * sta->listen_interval - mac80211 patch required.
2441 		 * Currently use 10 seconds
2442 		 */
2443 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2444 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2445 						 10);
2446 		if (ret) {
2447 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2448 				    arvif->vdev_id, ret);
2449 			return ret;
2450 		}
2451 	}
2452 
2453 	return 0;
2454 }
2455 
2456 static u16
2457 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2458 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2459 {
2460 	int idx_limit;
2461 	int nss;
2462 	u16 mcs_map;
2463 	u16 mcs;
2464 
2465 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2466 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2467 			  vht_mcs_limit[nss];
2468 
2469 		if (mcs_map)
2470 			idx_limit = fls(mcs_map) - 1;
2471 		else
2472 			idx_limit = -1;
2473 
2474 		switch (idx_limit) {
2475 		case 0: /* fall through */
2476 		case 1: /* fall through */
2477 		case 2: /* fall through */
2478 		case 3: /* fall through */
2479 		case 4: /* fall through */
2480 		case 5: /* fall through */
2481 		case 6: /* fall through */
2482 		default:
2483 			/* see ath10k_mac_can_set_bitrate_mask() */
2484 			WARN_ON(1);
2485 			/* fall through */
2486 		case -1:
2487 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2488 			break;
2489 		case 7:
2490 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2491 			break;
2492 		case 8:
2493 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2494 			break;
2495 		case 9:
2496 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2497 			break;
2498 		}
2499 
2500 		tx_mcs_set &= ~(0x3 << (nss * 2));
2501 		tx_mcs_set |= mcs << (nss * 2);
2502 	}
2503 
2504 	return tx_mcs_set;
2505 }
2506 
2507 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2508 				    struct ieee80211_vif *vif,
2509 				    struct ieee80211_sta *sta,
2510 				    struct wmi_peer_assoc_complete_arg *arg)
2511 {
2512 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->vht_cap;
2513 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2514 	struct cfg80211_chan_def def;
2515 	enum nl80211_band band;
2516 	const u16 *vht_mcs_mask;
2517 	u8 ampdu_factor;
2518 	u8 max_nss, vht_mcs;
2519 	int i;
2520 
2521 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2522 		return;
2523 
2524 	if (!vht_cap->vht_supported)
2525 		return;
2526 
2527 	band = def.chan->band;
2528 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2529 
2530 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2531 		return;
2532 
2533 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2534 
2535 	if (def.chan->band == NL80211_BAND_2GHZ)
2536 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2537 
2538 	arg->peer_vht_caps = vht_cap->cap;
2539 
2540 	ampdu_factor = (vht_cap->cap &
2541 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2542 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2543 
2544 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2545 	 * zero in VHT IE. Using it would result in degraded throughput.
2546 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2547 	 * it if VHT max_mpdu is smaller.
2548 	 */
2549 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2550 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2551 					ampdu_factor)) - 1);
2552 
2553 	if (sta->bandwidth == IEEE80211_STA_RX_BW_80)
2554 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2555 
2556 	if (sta->bandwidth == IEEE80211_STA_RX_BW_160)
2557 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2558 
2559 	/* Calculate peer NSS capability from VHT capabilities if STA
2560 	 * supports VHT.
2561 	 */
2562 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2563 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2564 			  (2 * i) & 3;
2565 
2566 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2567 		    vht_mcs_mask[i])
2568 			max_nss = i + 1;
2569 	}
2570 	arg->peer_num_spatial_streams = min(sta->rx_nss, max_nss);
2571 	arg->peer_vht_rates.rx_max_rate =
2572 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2573 	arg->peer_vht_rates.rx_mcs_set =
2574 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2575 	arg->peer_vht_rates.tx_max_rate =
2576 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2577 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2578 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2579 
2580 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vht peer %pM max_mpdu %d flags 0x%x\n",
2581 		   sta->addr, arg->peer_max_mpdu, arg->peer_flags);
2582 
2583 	if (arg->peer_vht_rates.rx_max_rate &&
2584 	    (sta->vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK)) {
2585 		switch (arg->peer_vht_rates.rx_max_rate) {
2586 		case 1560:
2587 			/* Must be 2x2 at 160Mhz is all it can do. */
2588 			arg->peer_bw_rxnss_override = 2;
2589 			break;
2590 		case 780:
2591 			/* Can only do 1x1 at 160Mhz (Long Guard Interval) */
2592 			arg->peer_bw_rxnss_override = 1;
2593 			break;
2594 		}
2595 	}
2596 }
2597 
2598 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2599 				    struct ieee80211_vif *vif,
2600 				    struct ieee80211_sta *sta,
2601 				    struct wmi_peer_assoc_complete_arg *arg)
2602 {
2603 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2604 
2605 	switch (arvif->vdev_type) {
2606 	case WMI_VDEV_TYPE_AP:
2607 		if (sta->wme)
2608 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2609 
2610 		if (sta->wme && sta->uapsd_queues) {
2611 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2612 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2613 		}
2614 		break;
2615 	case WMI_VDEV_TYPE_STA:
2616 		if (sta->wme)
2617 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2618 		break;
2619 	case WMI_VDEV_TYPE_IBSS:
2620 		if (sta->wme)
2621 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2622 		break;
2623 	default:
2624 		break;
2625 	}
2626 
2627 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2628 		   sta->addr, !!(arg->peer_flags &
2629 		   arvif->ar->wmi.peer_flags->qos));
2630 }
2631 
2632 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2633 {
2634 	return sta->supp_rates[NL80211_BAND_2GHZ] >>
2635 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2636 }
2637 
2638 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2639 						    struct ieee80211_sta *sta)
2640 {
2641 	if (sta->bandwidth == IEEE80211_STA_RX_BW_160) {
2642 		switch (sta->vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2643 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2644 			return MODE_11AC_VHT160;
2645 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2646 			return MODE_11AC_VHT80_80;
2647 		default:
2648 			/* not sure if this is a valid case? */
2649 			return MODE_11AC_VHT160;
2650 		}
2651 	}
2652 
2653 	if (sta->bandwidth == IEEE80211_STA_RX_BW_80)
2654 		return MODE_11AC_VHT80;
2655 
2656 	if (sta->bandwidth == IEEE80211_STA_RX_BW_40)
2657 		return MODE_11AC_VHT40;
2658 
2659 	if (sta->bandwidth == IEEE80211_STA_RX_BW_20)
2660 		return MODE_11AC_VHT20;
2661 
2662 	return MODE_UNKNOWN;
2663 }
2664 
2665 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2666 					struct ieee80211_vif *vif,
2667 					struct ieee80211_sta *sta,
2668 					struct wmi_peer_assoc_complete_arg *arg)
2669 {
2670 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2671 	struct cfg80211_chan_def def;
2672 	enum nl80211_band band;
2673 	const u8 *ht_mcs_mask;
2674 	const u16 *vht_mcs_mask;
2675 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2676 
2677 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2678 		return;
2679 
2680 	band = def.chan->band;
2681 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2682 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2683 
2684 	switch (band) {
2685 	case NL80211_BAND_2GHZ:
2686 		if (sta->vht_cap.vht_supported &&
2687 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2688 			if (sta->bandwidth == IEEE80211_STA_RX_BW_40)
2689 				phymode = MODE_11AC_VHT40;
2690 			else
2691 				phymode = MODE_11AC_VHT20;
2692 		} else if (sta->ht_cap.ht_supported &&
2693 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2694 			if (sta->bandwidth == IEEE80211_STA_RX_BW_40)
2695 				phymode = MODE_11NG_HT40;
2696 			else
2697 				phymode = MODE_11NG_HT20;
2698 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2699 			phymode = MODE_11G;
2700 		} else {
2701 			phymode = MODE_11B;
2702 		}
2703 
2704 		break;
2705 	case NL80211_BAND_5GHZ:
2706 		/*
2707 		 * Check VHT first.
2708 		 */
2709 		if (sta->vht_cap.vht_supported &&
2710 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2711 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2712 		} else if (sta->ht_cap.ht_supported &&
2713 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2714 			if (sta->bandwidth >= IEEE80211_STA_RX_BW_40)
2715 				phymode = MODE_11NA_HT40;
2716 			else
2717 				phymode = MODE_11NA_HT20;
2718 		} else {
2719 			phymode = MODE_11A;
2720 		}
2721 
2722 		break;
2723 	default:
2724 		break;
2725 	}
2726 
2727 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2728 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2729 
2730 	arg->peer_phymode = phymode;
2731 	WARN_ON(phymode == MODE_UNKNOWN);
2732 }
2733 
2734 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2735 				     struct ieee80211_vif *vif,
2736 				     struct ieee80211_sta *sta,
2737 				     struct wmi_peer_assoc_complete_arg *arg)
2738 {
2739 	lockdep_assert_held(&ar->conf_mutex);
2740 
2741 	memset(arg, 0, sizeof(*arg));
2742 
2743 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2744 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2745 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2746 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2747 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2748 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2749 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2750 
2751 	return 0;
2752 }
2753 
2754 static const u32 ath10k_smps_map[] = {
2755 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2756 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2757 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2758 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2759 };
2760 
2761 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2762 				  const u8 *addr,
2763 				  const struct ieee80211_sta_ht_cap *ht_cap)
2764 {
2765 	int smps;
2766 
2767 	if (!ht_cap->ht_supported)
2768 		return 0;
2769 
2770 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2771 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2772 
2773 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2774 		return -EINVAL;
2775 
2776 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2777 					 ar->wmi.peer_param->smps_state,
2778 					 ath10k_smps_map[smps]);
2779 }
2780 
2781 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2782 				      struct ieee80211_vif *vif,
2783 				      struct ieee80211_sta_vht_cap vht_cap)
2784 {
2785 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2786 	int ret;
2787 	u32 param;
2788 	u32 value;
2789 
2790 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2791 		return 0;
2792 
2793 	if (!(ar->vht_cap_info &
2794 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2795 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2796 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2797 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2798 		return 0;
2799 
2800 	param = ar->wmi.vdev_param->txbf;
2801 	value = 0;
2802 
2803 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2804 		return 0;
2805 
2806 	/* The following logic is correct. If a remote STA advertises support
2807 	 * for being a beamformer then we should enable us being a beamformee.
2808 	 */
2809 
2810 	if (ar->vht_cap_info &
2811 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2812 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2813 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2814 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2815 
2816 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2817 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2818 	}
2819 
2820 	if (ar->vht_cap_info &
2821 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2822 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2823 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2824 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2825 
2826 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2827 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2828 	}
2829 
2830 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2831 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2832 
2833 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2834 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2835 
2836 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2837 	if (ret) {
2838 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2839 			    value, ret);
2840 		return ret;
2841 	}
2842 
2843 	return 0;
2844 }
2845 
2846 /* can be called only in mac80211 callbacks due to `key_count` usage */
2847 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
2848 			     struct ieee80211_vif *vif,
2849 			     struct ieee80211_bss_conf *bss_conf)
2850 {
2851 	struct ath10k *ar = hw->priv;
2852 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2853 	struct ieee80211_sta_ht_cap ht_cap;
2854 	struct ieee80211_sta_vht_cap vht_cap;
2855 	struct wmi_peer_assoc_complete_arg peer_arg;
2856 	struct ieee80211_sta *ap_sta;
2857 	int ret;
2858 
2859 	lockdep_assert_held(&ar->conf_mutex);
2860 
2861 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
2862 		   arvif->vdev_id, arvif->bssid, arvif->aid);
2863 
2864 	rcu_read_lock();
2865 
2866 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
2867 	if (!ap_sta) {
2868 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
2869 			    bss_conf->bssid, arvif->vdev_id);
2870 		rcu_read_unlock();
2871 		return;
2872 	}
2873 
2874 	/* ap_sta must be accessed only within rcu section which must be left
2875 	 * before calling ath10k_setup_peer_smps() which might sleep.
2876 	 */
2877 	ht_cap = ap_sta->ht_cap;
2878 	vht_cap = ap_sta->vht_cap;
2879 
2880 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
2881 	if (ret) {
2882 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
2883 			    bss_conf->bssid, arvif->vdev_id, ret);
2884 		rcu_read_unlock();
2885 		return;
2886 	}
2887 
2888 	rcu_read_unlock();
2889 
2890 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
2891 	if (ret) {
2892 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
2893 			    bss_conf->bssid, arvif->vdev_id, ret);
2894 		return;
2895 	}
2896 
2897 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
2898 	if (ret) {
2899 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
2900 			    arvif->vdev_id, ret);
2901 		return;
2902 	}
2903 
2904 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
2905 	if (ret) {
2906 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
2907 			    arvif->vdev_id, bss_conf->bssid, ret);
2908 		return;
2909 	}
2910 
2911 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2912 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
2913 		   arvif->vdev_id, bss_conf->bssid, bss_conf->aid);
2914 
2915 	WARN_ON(arvif->is_up);
2916 
2917 	arvif->aid = bss_conf->aid;
2918 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
2919 
2920 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
2921 	if (ret) {
2922 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
2923 			    arvif->vdev_id, ret);
2924 		return;
2925 	}
2926 
2927 	arvif->is_up = true;
2928 
2929 	/* Workaround: Some firmware revisions (tested with qca6174
2930 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
2931 	 * poked with peer param command.
2932 	 */
2933 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
2934 					ar->wmi.peer_param->dummy_var, 1);
2935 	if (ret) {
2936 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
2937 			    arvif->bssid, arvif->vdev_id, ret);
2938 		return;
2939 	}
2940 }
2941 
2942 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
2943 				struct ieee80211_vif *vif)
2944 {
2945 	struct ath10k *ar = hw->priv;
2946 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2947 	struct ieee80211_sta_vht_cap vht_cap = {};
2948 	int ret;
2949 
2950 	lockdep_assert_held(&ar->conf_mutex);
2951 
2952 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
2953 		   arvif->vdev_id, arvif->bssid);
2954 
2955 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
2956 	if (ret)
2957 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
2958 			    arvif->vdev_id, ret);
2959 
2960 	arvif->def_wep_key_idx = -1;
2961 
2962 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
2963 	if (ret) {
2964 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
2965 			    arvif->vdev_id, ret);
2966 		return;
2967 	}
2968 
2969 	arvif->is_up = false;
2970 
2971 	cancel_delayed_work_sync(&arvif->connection_loss_work);
2972 }
2973 
2974 static int ath10k_station_assoc(struct ath10k *ar,
2975 				struct ieee80211_vif *vif,
2976 				struct ieee80211_sta *sta,
2977 				bool reassoc)
2978 {
2979 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2980 	struct wmi_peer_assoc_complete_arg peer_arg;
2981 	int ret = 0;
2982 
2983 	lockdep_assert_held(&ar->conf_mutex);
2984 
2985 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
2986 	if (ret) {
2987 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
2988 			    sta->addr, arvif->vdev_id, ret);
2989 		return ret;
2990 	}
2991 
2992 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
2993 	if (ret) {
2994 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
2995 			    sta->addr, arvif->vdev_id, ret);
2996 		return ret;
2997 	}
2998 
2999 	/* Re-assoc is run only to update supported rates for given station. It
3000 	 * doesn't make much sense to reconfigure the peer completely.
3001 	 */
3002 	if (!reassoc) {
3003 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3004 					     &sta->ht_cap);
3005 		if (ret) {
3006 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3007 				    arvif->vdev_id, ret);
3008 			return ret;
3009 		}
3010 
3011 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3012 		if (ret) {
3013 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3014 				    sta->addr, arvif->vdev_id, ret);
3015 			return ret;
3016 		}
3017 
3018 		if (!sta->wme) {
3019 			arvif->num_legacy_stations++;
3020 			ret  = ath10k_recalc_rtscts_prot(arvif);
3021 			if (ret) {
3022 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3023 					    arvif->vdev_id, ret);
3024 				return ret;
3025 			}
3026 		}
3027 
3028 		/* Plumb cached keys only for static WEP */
3029 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3030 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3031 			if (ret) {
3032 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3033 					    arvif->vdev_id, ret);
3034 				return ret;
3035 			}
3036 		}
3037 	}
3038 
3039 	return ret;
3040 }
3041 
3042 static int ath10k_station_disassoc(struct ath10k *ar,
3043 				   struct ieee80211_vif *vif,
3044 				   struct ieee80211_sta *sta)
3045 {
3046 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3047 	int ret = 0;
3048 
3049 	lockdep_assert_held(&ar->conf_mutex);
3050 
3051 	if (!sta->wme) {
3052 		arvif->num_legacy_stations--;
3053 		ret = ath10k_recalc_rtscts_prot(arvif);
3054 		if (ret) {
3055 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3056 				    arvif->vdev_id, ret);
3057 			return ret;
3058 		}
3059 	}
3060 
3061 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3062 	if (ret) {
3063 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3064 			    arvif->vdev_id, ret);
3065 		return ret;
3066 	}
3067 
3068 	return ret;
3069 }
3070 
3071 /**************/
3072 /* Regulatory */
3073 /**************/
3074 
3075 static int ath10k_update_channel_list(struct ath10k *ar)
3076 {
3077 	struct ieee80211_hw *hw = ar->hw;
3078 	struct ieee80211_supported_band **bands;
3079 	enum nl80211_band band;
3080 	struct ieee80211_channel *channel;
3081 	struct wmi_scan_chan_list_arg arg = {0};
3082 	struct wmi_channel_arg *ch;
3083 	bool passive;
3084 	int len;
3085 	int ret;
3086 	int i;
3087 
3088 	lockdep_assert_held(&ar->conf_mutex);
3089 
3090 	bands = hw->wiphy->bands;
3091 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3092 		if (!bands[band])
3093 			continue;
3094 
3095 		for (i = 0; i < bands[band]->n_channels; i++) {
3096 			if (bands[band]->channels[i].flags &
3097 			    IEEE80211_CHAN_DISABLED)
3098 				continue;
3099 
3100 			arg.n_channels++;
3101 		}
3102 	}
3103 
3104 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3105 	arg.channels = kzalloc(len, GFP_KERNEL);
3106 	if (!arg.channels)
3107 		return -ENOMEM;
3108 
3109 	ch = arg.channels;
3110 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3111 		if (!bands[band])
3112 			continue;
3113 
3114 		for (i = 0; i < bands[band]->n_channels; i++) {
3115 			channel = &bands[band]->channels[i];
3116 
3117 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3118 				continue;
3119 
3120 			ch->allow_ht = true;
3121 
3122 			/* FIXME: when should we really allow VHT? */
3123 			ch->allow_vht = true;
3124 
3125 			ch->allow_ibss =
3126 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3127 
3128 			ch->ht40plus =
3129 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3130 
3131 			ch->chan_radar =
3132 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3133 
3134 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3135 			ch->passive = passive;
3136 
3137 			/* the firmware is ignoring the "radar" flag of the
3138 			 * channel and is scanning actively using Probe Requests
3139 			 * on "Radar detection"/DFS channels which are not
3140 			 * marked as "available"
3141 			 */
3142 			ch->passive |= ch->chan_radar;
3143 
3144 			ch->freq = channel->center_freq;
3145 			ch->band_center_freq1 = channel->center_freq;
3146 			ch->min_power = 0;
3147 			ch->max_power = channel->max_power * 2;
3148 			ch->max_reg_power = channel->max_reg_power * 2;
3149 			ch->max_antenna_gain = channel->max_antenna_gain * 2;
3150 			ch->reg_class_id = 0; /* FIXME */
3151 
3152 			/* FIXME: why use only legacy modes, why not any
3153 			 * HT/VHT modes? Would that even make any
3154 			 * difference?
3155 			 */
3156 			if (channel->band == NL80211_BAND_2GHZ)
3157 				ch->mode = MODE_11G;
3158 			else
3159 				ch->mode = MODE_11A;
3160 
3161 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3162 				continue;
3163 
3164 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3165 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3166 				    ch - arg.channels, arg.n_channels,
3167 				   ch->freq, ch->max_power, ch->max_reg_power,
3168 				   ch->max_antenna_gain, ch->mode);
3169 
3170 			ch++;
3171 		}
3172 	}
3173 
3174 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3175 	kfree(arg.channels);
3176 
3177 	return ret;
3178 }
3179 
3180 static enum wmi_dfs_region
3181 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3182 {
3183 	switch (dfs_region) {
3184 	case NL80211_DFS_UNSET:
3185 		return WMI_UNINIT_DFS_DOMAIN;
3186 	case NL80211_DFS_FCC:
3187 		return WMI_FCC_DFS_DOMAIN;
3188 	case NL80211_DFS_ETSI:
3189 		return WMI_ETSI_DFS_DOMAIN;
3190 	case NL80211_DFS_JP:
3191 		return WMI_MKK4_DFS_DOMAIN;
3192 	}
3193 	return WMI_UNINIT_DFS_DOMAIN;
3194 }
3195 
3196 static void ath10k_regd_update(struct ath10k *ar)
3197 {
3198 	struct reg_dmn_pair_mapping *regpair;
3199 	int ret;
3200 	enum wmi_dfs_region wmi_dfs_reg;
3201 	enum nl80211_dfs_regions nl_dfs_reg;
3202 
3203 	lockdep_assert_held(&ar->conf_mutex);
3204 
3205 	ret = ath10k_update_channel_list(ar);
3206 	if (ret)
3207 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3208 
3209 	regpair = ar->ath_common.regulatory.regpair;
3210 
3211 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3212 		nl_dfs_reg = ar->dfs_detector->region;
3213 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3214 	} else {
3215 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3216 	}
3217 
3218 	/* Target allows setting up per-band regdomain but ath_common provides
3219 	 * a combined one only
3220 	 */
3221 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3222 					    regpair->reg_domain,
3223 					    regpair->reg_domain, /* 2ghz */
3224 					    regpair->reg_domain, /* 5ghz */
3225 					    regpair->reg_2ghz_ctl,
3226 					    regpair->reg_5ghz_ctl,
3227 					    wmi_dfs_reg);
3228 	if (ret)
3229 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3230 }
3231 
3232 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3233 					   struct ieee80211_supported_band *band)
3234 {
3235 	int i;
3236 
3237 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3238 		for (i = 0; i < band->n_channels; i++) {
3239 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3240 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3241 				band->channels[i].flags |=
3242 					IEEE80211_CHAN_DISABLED;
3243 		}
3244 	}
3245 }
3246 
3247 static void ath10k_reg_notifier(struct wiphy *wiphy,
3248 				struct regulatory_request *request)
3249 {
3250 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3251 	struct ath10k *ar = hw->priv;
3252 	bool result;
3253 
3254 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3255 
3256 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3257 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3258 			   request->dfs_region);
3259 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3260 							  request->dfs_region);
3261 		if (!result)
3262 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3263 				    request->dfs_region);
3264 	}
3265 
3266 	mutex_lock(&ar->conf_mutex);
3267 	if (ar->state == ATH10K_STATE_ON)
3268 		ath10k_regd_update(ar);
3269 	mutex_unlock(&ar->conf_mutex);
3270 
3271 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3272 		ath10k_mac_update_channel_list(ar,
3273 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3274 }
3275 
3276 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3277 {
3278 	spin_lock_bh(&ar->data_lock);
3279 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3280 	spin_unlock_bh(&ar->data_lock);
3281 
3282 	cancel_work_sync(&ar->radar_confirmation_work);
3283 }
3284 
3285 /***************/
3286 /* TX handlers */
3287 /***************/
3288 
3289 enum ath10k_mac_tx_path {
3290 	ATH10K_MAC_TX_HTT,
3291 	ATH10K_MAC_TX_HTT_MGMT,
3292 	ATH10K_MAC_TX_WMI_MGMT,
3293 	ATH10K_MAC_TX_UNKNOWN,
3294 };
3295 
3296 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3297 {
3298 	lockdep_assert_held(&ar->htt.tx_lock);
3299 
3300 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3301 	ar->tx_paused |= BIT(reason);
3302 	ieee80211_stop_queues(ar->hw);
3303 }
3304 
3305 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3306 				      struct ieee80211_vif *vif)
3307 {
3308 	struct ath10k *ar = data;
3309 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3310 
3311 	if (arvif->tx_paused)
3312 		return;
3313 
3314 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3315 }
3316 
3317 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3318 {
3319 	lockdep_assert_held(&ar->htt.tx_lock);
3320 
3321 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3322 	ar->tx_paused &= ~BIT(reason);
3323 
3324 	if (ar->tx_paused)
3325 		return;
3326 
3327 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3328 						   IEEE80211_IFACE_ITER_RESUME_ALL,
3329 						   ath10k_mac_tx_unlock_iter,
3330 						   ar);
3331 
3332 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3333 }
3334 
3335 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3336 {
3337 	struct ath10k *ar = arvif->ar;
3338 
3339 	lockdep_assert_held(&ar->htt.tx_lock);
3340 
3341 	WARN_ON(reason >= BITS_PER_LONG);
3342 	arvif->tx_paused |= BIT(reason);
3343 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3344 }
3345 
3346 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3347 {
3348 	struct ath10k *ar = arvif->ar;
3349 
3350 	lockdep_assert_held(&ar->htt.tx_lock);
3351 
3352 	WARN_ON(reason >= BITS_PER_LONG);
3353 	arvif->tx_paused &= ~BIT(reason);
3354 
3355 	if (ar->tx_paused)
3356 		return;
3357 
3358 	if (arvif->tx_paused)
3359 		return;
3360 
3361 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3362 }
3363 
3364 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3365 					   enum wmi_tlv_tx_pause_id pause_id,
3366 					   enum wmi_tlv_tx_pause_action action)
3367 {
3368 	struct ath10k *ar = arvif->ar;
3369 
3370 	lockdep_assert_held(&ar->htt.tx_lock);
3371 
3372 	switch (action) {
3373 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3374 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3375 		break;
3376 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3377 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3378 		break;
3379 	default:
3380 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3381 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3382 			    action, arvif->vdev_id);
3383 		break;
3384 	}
3385 }
3386 
3387 struct ath10k_mac_tx_pause {
3388 	u32 vdev_id;
3389 	enum wmi_tlv_tx_pause_id pause_id;
3390 	enum wmi_tlv_tx_pause_action action;
3391 };
3392 
3393 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3394 					    struct ieee80211_vif *vif)
3395 {
3396 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3397 	struct ath10k_mac_tx_pause *arg = data;
3398 
3399 	if (arvif->vdev_id != arg->vdev_id)
3400 		return;
3401 
3402 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3403 }
3404 
3405 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3406 				     enum wmi_tlv_tx_pause_id pause_id,
3407 				     enum wmi_tlv_tx_pause_action action)
3408 {
3409 	struct ath10k_mac_tx_pause arg = {
3410 		.vdev_id = vdev_id,
3411 		.pause_id = pause_id,
3412 		.action = action,
3413 	};
3414 
3415 	spin_lock_bh(&ar->htt.tx_lock);
3416 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3417 						   IEEE80211_IFACE_ITER_RESUME_ALL,
3418 						   ath10k_mac_handle_tx_pause_iter,
3419 						   &arg);
3420 	spin_unlock_bh(&ar->htt.tx_lock);
3421 }
3422 
3423 static enum ath10k_hw_txrx_mode
3424 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3425 			   struct ieee80211_vif *vif,
3426 			   struct ieee80211_sta *sta,
3427 			   struct sk_buff *skb)
3428 {
3429 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3430 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3431 	__le16 fc = hdr->frame_control;
3432 
3433 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3434 		return ATH10K_HW_TXRX_RAW;
3435 
3436 	if (ieee80211_is_mgmt(fc))
3437 		return ATH10K_HW_TXRX_MGMT;
3438 
3439 	/* Workaround:
3440 	 *
3441 	 * NullFunc frames are mostly used to ping if a client or AP are still
3442 	 * reachable and responsive. This implies tx status reports must be
3443 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3444 	 * come to a conclusion that the other end disappeared and tear down
3445 	 * BSS connection or it can never disconnect from BSS/client (which is
3446 	 * the case).
3447 	 *
3448 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3449 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3450 	 * which seems to deliver correct tx reports for NullFunc frames. The
3451 	 * downside of using it is it ignores client powersave state so it can
3452 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3453 	 * mode though because AP don't sleep.
3454 	 */
3455 	if (ar->htt.target_version_major < 3 &&
3456 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3457 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3458 		      ar->running_fw->fw_file.fw_features))
3459 		return ATH10K_HW_TXRX_MGMT;
3460 
3461 	/* Workaround:
3462 	 *
3463 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3464 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3465 	 * to work with Ethernet txmode so use it.
3466 	 *
3467 	 * FIXME: Check if raw mode works with TDLS.
3468 	 */
3469 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3470 		return ATH10K_HW_TXRX_ETHERNET;
3471 
3472 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3473 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3474 		return ATH10K_HW_TXRX_RAW;
3475 
3476 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3477 }
3478 
3479 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3480 				     struct sk_buff *skb)
3481 {
3482 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3483 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3484 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3485 			 IEEE80211_TX_CTL_INJECTED;
3486 
3487 	if (!ieee80211_has_protected(hdr->frame_control))
3488 		return false;
3489 
3490 	if ((info->flags & mask) == mask)
3491 		return false;
3492 
3493 	if (vif)
3494 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3495 
3496 	return true;
3497 }
3498 
3499 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3500  * Control in the header.
3501  */
3502 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3503 {
3504 	struct ieee80211_hdr *hdr = (void *)skb->data;
3505 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3506 	u8 *qos_ctl;
3507 
3508 	if (!ieee80211_is_data_qos(hdr->frame_control))
3509 		return;
3510 
3511 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3512 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3513 		skb->data, (void *)qos_ctl - (void *)skb->data);
3514 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3515 
3516 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3517 	 * These frames are mainly used for CQM purposes so it doesn't really
3518 	 * matter whether QoS NullFunc or NullFunc are sent.
3519 	 */
3520 	hdr = (void *)skb->data;
3521 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3522 		cb->flags &= ~ATH10K_SKB_F_QOS;
3523 
3524 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3525 }
3526 
3527 static void ath10k_tx_h_8023(struct sk_buff *skb)
3528 {
3529 	struct ieee80211_hdr *hdr;
3530 	struct rfc1042_hdr *rfc1042;
3531 	struct ethhdr *eth;
3532 	size_t hdrlen;
3533 	u8 da[ETH_ALEN];
3534 	u8 sa[ETH_ALEN];
3535 	__be16 type;
3536 
3537 	hdr = (void *)skb->data;
3538 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3539 	rfc1042 = (void *)skb->data + hdrlen;
3540 
3541 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3542 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3543 	type = rfc1042->snap_type;
3544 
3545 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3546 	skb_push(skb, sizeof(*eth));
3547 
3548 	eth = (void *)skb->data;
3549 	ether_addr_copy(eth->h_dest, da);
3550 	ether_addr_copy(eth->h_source, sa);
3551 	eth->h_proto = type;
3552 }
3553 
3554 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3555 				       struct ieee80211_vif *vif,
3556 				       struct sk_buff *skb)
3557 {
3558 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3559 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3560 
3561 	/* This is case only for P2P_GO */
3562 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3563 		return;
3564 
3565 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3566 		spin_lock_bh(&ar->data_lock);
3567 		if (arvif->u.ap.noa_data)
3568 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3569 					      GFP_ATOMIC))
3570 				skb_put_data(skb, arvif->u.ap.noa_data,
3571 					     arvif->u.ap.noa_len);
3572 		spin_unlock_bh(&ar->data_lock);
3573 	}
3574 }
3575 
3576 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3577 				    struct ieee80211_vif *vif,
3578 				    struct ieee80211_txq *txq,
3579 				    struct sk_buff *skb, u16 airtime)
3580 {
3581 	struct ieee80211_hdr *hdr = (void *)skb->data;
3582 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3583 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3584 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3585 			ieee80211_is_data_qos(hdr->frame_control);
3586 
3587 	cb->flags = 0;
3588 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3589 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3590 
3591 	if (ieee80211_is_mgmt(hdr->frame_control))
3592 		cb->flags |= ATH10K_SKB_F_MGMT;
3593 
3594 	if (ieee80211_is_data_qos(hdr->frame_control))
3595 		cb->flags |= ATH10K_SKB_F_QOS;
3596 
3597 	/* Data frames encrypted in software will be posted to firmware
3598 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3599 	 * for a specific VLAN group will always be encrypted in software.
3600 	 */
3601 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3602 	    !info->control.hw_key) {
3603 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3604 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3605 	}
3606 
3607 	cb->vif = vif;
3608 	cb->txq = txq;
3609 	cb->airtime_est = airtime;
3610 }
3611 
3612 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3613 {
3614 	/* FIXME: Not really sure since when the behaviour changed. At some
3615 	 * point new firmware stopped requiring creation of peer entries for
3616 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3617 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3618 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3619 	 */
3620 	return (ar->htt.target_version_major >= 3 &&
3621 		ar->htt.target_version_minor >= 4 &&
3622 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3623 }
3624 
3625 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3626 {
3627 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3628 	int ret = 0;
3629 
3630 	spin_lock_bh(&ar->data_lock);
3631 
3632 	if (skb_queue_len(q) == ATH10K_MAX_NUM_MGMT_PENDING) {
3633 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3634 		ret = -ENOSPC;
3635 		goto unlock;
3636 	}
3637 
3638 	__skb_queue_tail(q, skb);
3639 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3640 
3641 unlock:
3642 	spin_unlock_bh(&ar->data_lock);
3643 
3644 	return ret;
3645 }
3646 
3647 static enum ath10k_mac_tx_path
3648 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3649 			   struct sk_buff *skb,
3650 			   enum ath10k_hw_txrx_mode txmode)
3651 {
3652 	switch (txmode) {
3653 	case ATH10K_HW_TXRX_RAW:
3654 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3655 	case ATH10K_HW_TXRX_ETHERNET:
3656 		return ATH10K_MAC_TX_HTT;
3657 	case ATH10K_HW_TXRX_MGMT:
3658 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3659 			     ar->running_fw->fw_file.fw_features) ||
3660 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
3661 				      ar->wmi.svc_map))
3662 			return ATH10K_MAC_TX_WMI_MGMT;
3663 		else if (ar->htt.target_version_major >= 3)
3664 			return ATH10K_MAC_TX_HTT;
3665 		else
3666 			return ATH10K_MAC_TX_HTT_MGMT;
3667 	}
3668 
3669 	return ATH10K_MAC_TX_UNKNOWN;
3670 }
3671 
3672 static int ath10k_mac_tx_submit(struct ath10k *ar,
3673 				enum ath10k_hw_txrx_mode txmode,
3674 				enum ath10k_mac_tx_path txpath,
3675 				struct sk_buff *skb)
3676 {
3677 	struct ath10k_htt *htt = &ar->htt;
3678 	int ret = -EINVAL;
3679 
3680 	switch (txpath) {
3681 	case ATH10K_MAC_TX_HTT:
3682 		ret = ath10k_htt_tx(htt, txmode, skb);
3683 		break;
3684 	case ATH10K_MAC_TX_HTT_MGMT:
3685 		ret = ath10k_htt_mgmt_tx(htt, skb);
3686 		break;
3687 	case ATH10K_MAC_TX_WMI_MGMT:
3688 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
3689 		break;
3690 	case ATH10K_MAC_TX_UNKNOWN:
3691 		WARN_ON_ONCE(1);
3692 		ret = -EINVAL;
3693 		break;
3694 	}
3695 
3696 	if (ret) {
3697 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
3698 			    ret);
3699 		ieee80211_free_txskb(ar->hw, skb);
3700 	}
3701 
3702 	return ret;
3703 }
3704 
3705 /* This function consumes the sk_buff regardless of return value as far as
3706  * caller is concerned so no freeing is necessary afterwards.
3707  */
3708 static int ath10k_mac_tx(struct ath10k *ar,
3709 			 struct ieee80211_vif *vif,
3710 			 enum ath10k_hw_txrx_mode txmode,
3711 			 enum ath10k_mac_tx_path txpath,
3712 			 struct sk_buff *skb, bool noque_offchan)
3713 {
3714 	struct ieee80211_hw *hw = ar->hw;
3715 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3716 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3717 	int ret;
3718 
3719 	/* We should disable CCK RATE due to P2P */
3720 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
3721 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
3722 
3723 	switch (txmode) {
3724 	case ATH10K_HW_TXRX_MGMT:
3725 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3726 		ath10k_tx_h_nwifi(hw, skb);
3727 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
3728 		ath10k_tx_h_seq_no(vif, skb);
3729 		break;
3730 	case ATH10K_HW_TXRX_ETHERNET:
3731 		ath10k_tx_h_8023(skb);
3732 		break;
3733 	case ATH10K_HW_TXRX_RAW:
3734 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
3735 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
3736 			WARN_ON_ONCE(1);
3737 			ieee80211_free_txskb(hw, skb);
3738 			return -ENOTSUPP;
3739 		}
3740 	}
3741 
3742 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
3743 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
3744 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %pK len %d\n",
3745 				   skb, skb->len);
3746 
3747 			skb_queue_tail(&ar->offchan_tx_queue, skb);
3748 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
3749 			return 0;
3750 		}
3751 	}
3752 
3753 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
3754 	if (ret) {
3755 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
3756 		return ret;
3757 	}
3758 
3759 	return 0;
3760 }
3761 
3762 void ath10k_offchan_tx_purge(struct ath10k *ar)
3763 {
3764 	struct sk_buff *skb;
3765 
3766 	for (;;) {
3767 		skb = skb_dequeue(&ar->offchan_tx_queue);
3768 		if (!skb)
3769 			break;
3770 
3771 		ieee80211_free_txskb(ar->hw, skb);
3772 	}
3773 }
3774 
3775 void ath10k_offchan_tx_work(struct work_struct *work)
3776 {
3777 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
3778 	struct ath10k_peer *peer;
3779 	struct ath10k_vif *arvif;
3780 	enum ath10k_hw_txrx_mode txmode;
3781 	enum ath10k_mac_tx_path txpath;
3782 	struct ieee80211_hdr *hdr;
3783 	struct ieee80211_vif *vif;
3784 	struct ieee80211_sta *sta;
3785 	struct sk_buff *skb;
3786 	const u8 *peer_addr;
3787 	int vdev_id;
3788 	int ret;
3789 	unsigned long time_left;
3790 	bool tmp_peer_created = false;
3791 
3792 	/* FW requirement: We must create a peer before FW will send out
3793 	 * an offchannel frame. Otherwise the frame will be stuck and
3794 	 * never transmitted. We delete the peer upon tx completion.
3795 	 * It is unlikely that a peer for offchannel tx will already be
3796 	 * present. However it may be in some rare cases so account for that.
3797 	 * Otherwise we might remove a legitimate peer and break stuff.
3798 	 */
3799 
3800 	for (;;) {
3801 		skb = skb_dequeue(&ar->offchan_tx_queue);
3802 		if (!skb)
3803 			break;
3804 
3805 		mutex_lock(&ar->conf_mutex);
3806 
3807 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %pK len %d\n",
3808 			   skb, skb->len);
3809 
3810 		hdr = (struct ieee80211_hdr *)skb->data;
3811 		peer_addr = ieee80211_get_DA(hdr);
3812 
3813 		spin_lock_bh(&ar->data_lock);
3814 		vdev_id = ar->scan.vdev_id;
3815 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
3816 		spin_unlock_bh(&ar->data_lock);
3817 
3818 		if (peer)
3819 			/* FIXME: should this use ath10k_warn()? */
3820 			ath10k_dbg(ar, ATH10K_DBG_MAC, "peer %pM on vdev %d already present\n",
3821 				   peer_addr, vdev_id);
3822 
3823 		if (!peer) {
3824 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
3825 						 peer_addr,
3826 						 WMI_PEER_TYPE_DEFAULT);
3827 			if (ret)
3828 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
3829 					    peer_addr, vdev_id, ret);
3830 			tmp_peer_created = (ret == 0);
3831 		}
3832 
3833 		spin_lock_bh(&ar->data_lock);
3834 		reinit_completion(&ar->offchan_tx_completed);
3835 		ar->offchan_tx_skb = skb;
3836 		spin_unlock_bh(&ar->data_lock);
3837 
3838 		/* It's safe to access vif and sta - conf_mutex guarantees that
3839 		 * sta_state() and remove_interface() are locked exclusively
3840 		 * out wrt to this offchannel worker.
3841 		 */
3842 		arvif = ath10k_get_arvif(ar, vdev_id);
3843 		if (arvif) {
3844 			vif = arvif->vif;
3845 			sta = ieee80211_find_sta(vif, peer_addr);
3846 		} else {
3847 			vif = NULL;
3848 			sta = NULL;
3849 		}
3850 
3851 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
3852 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
3853 
3854 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
3855 		if (ret) {
3856 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
3857 				    ret);
3858 			/* not serious */
3859 		}
3860 
3861 		time_left =
3862 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
3863 		if (time_left == 0)
3864 			ath10k_warn(ar, "timed out waiting for offchannel skb %pK, len: %d\n",
3865 				    skb, skb->len);
3866 
3867 		if (!peer && tmp_peer_created) {
3868 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
3869 			if (ret)
3870 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
3871 					    peer_addr, vdev_id, ret);
3872 		}
3873 
3874 		mutex_unlock(&ar->conf_mutex);
3875 	}
3876 }
3877 
3878 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
3879 {
3880 	struct sk_buff *skb;
3881 
3882 	for (;;) {
3883 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
3884 		if (!skb)
3885 			break;
3886 
3887 		ieee80211_free_txskb(ar->hw, skb);
3888 	}
3889 }
3890 
3891 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
3892 {
3893 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
3894 	struct sk_buff *skb;
3895 	dma_addr_t paddr;
3896 	int ret;
3897 
3898 	for (;;) {
3899 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
3900 		if (!skb)
3901 			break;
3902 
3903 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
3904 			     ar->running_fw->fw_file.fw_features)) {
3905 			paddr = dma_map_single(ar->dev, skb->data,
3906 					       skb->len, DMA_TO_DEVICE);
3907 			if (dma_mapping_error(ar->dev, paddr)) {
3908 				ieee80211_free_txskb(ar->hw, skb);
3909 				continue;
3910 			}
3911 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
3912 			if (ret) {
3913 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
3914 					    ret);
3915 				dma_unmap_single(ar->dev, paddr, skb->len,
3916 						 DMA_TO_DEVICE);
3917 				ieee80211_free_txskb(ar->hw, skb);
3918 			}
3919 		} else {
3920 			ret = ath10k_wmi_mgmt_tx(ar, skb);
3921 			if (ret) {
3922 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
3923 					    ret);
3924 				ieee80211_free_txskb(ar->hw, skb);
3925 			}
3926 		}
3927 	}
3928 }
3929 
3930 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
3931 {
3932 	struct ath10k_txq *artxq;
3933 
3934 	if (!txq)
3935 		return;
3936 
3937 	artxq = (void *)txq->drv_priv;
3938 	INIT_LIST_HEAD(&artxq->list);
3939 }
3940 
3941 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
3942 {
3943 	struct ath10k_skb_cb *cb;
3944 	struct sk_buff *msdu;
3945 	int msdu_id;
3946 
3947 	if (!txq)
3948 		return;
3949 
3950 	spin_lock_bh(&ar->htt.tx_lock);
3951 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
3952 		cb = ATH10K_SKB_CB(msdu);
3953 		if (cb->txq == txq)
3954 			cb->txq = NULL;
3955 	}
3956 	spin_unlock_bh(&ar->htt.tx_lock);
3957 }
3958 
3959 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
3960 					    u16 peer_id,
3961 					    u8 tid)
3962 {
3963 	struct ath10k_peer *peer;
3964 
3965 	lockdep_assert_held(&ar->data_lock);
3966 
3967 	peer = ar->peer_map[peer_id];
3968 	if (!peer)
3969 		return NULL;
3970 
3971 	if (peer->removed)
3972 		return NULL;
3973 
3974 	if (peer->sta)
3975 		return peer->sta->txq[tid];
3976 	else if (peer->vif)
3977 		return peer->vif->txq;
3978 	else
3979 		return NULL;
3980 }
3981 
3982 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
3983 				   struct ieee80211_txq *txq)
3984 {
3985 	struct ath10k *ar = hw->priv;
3986 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
3987 
3988 	/* No need to get locks */
3989 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
3990 		return true;
3991 
3992 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
3993 		return true;
3994 
3995 	if (artxq->num_fw_queued < artxq->num_push_allowed)
3996 		return true;
3997 
3998 	return false;
3999 }
4000 
4001 /* Return estimated airtime in microsecond, which is calculated using last
4002  * reported TX rate. This is just a rough estimation because host driver has no
4003  * knowledge of the actual transmit rate, retries or aggregation. If actual
4004  * airtime can be reported by firmware, then delta between estimated and actual
4005  * airtime can be adjusted from deficit.
4006  */
4007 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4008 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4009 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4010 				     struct ieee80211_txq *txq,
4011 				     struct sk_buff *skb)
4012 {
4013 	struct ath10k_sta *arsta;
4014 	u32 pktlen;
4015 	u16 airtime = 0;
4016 
4017 	if (!txq || !txq->sta)
4018 		return airtime;
4019 
4020 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4021 		return airtime;
4022 
4023 	spin_lock_bh(&ar->data_lock);
4024 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4025 
4026 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4027 	if (arsta->last_tx_bitrate) {
4028 		/* airtime in us, last_tx_bitrate in 100kbps */
4029 		airtime = (pktlen * 8 * (1000 / 100))
4030 				/ arsta->last_tx_bitrate;
4031 		/* overhead for media access time and IFS */
4032 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4033 	} else {
4034 		/* This is mostly for throttle excessive BC/MC frames, and the
4035 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4036 		 * in 2G get some discount, which helps prevent very low rate
4037 		 * frames from being blocked for too long.
4038 		 */
4039 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4040 		airtime += IEEE80211_ATF_OVERHEAD;
4041 	}
4042 	spin_unlock_bh(&ar->data_lock);
4043 
4044 	return airtime;
4045 }
4046 
4047 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4048 			   struct ieee80211_txq *txq)
4049 {
4050 	struct ath10k *ar = hw->priv;
4051 	struct ath10k_htt *htt = &ar->htt;
4052 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4053 	struct ieee80211_vif *vif = txq->vif;
4054 	struct ieee80211_sta *sta = txq->sta;
4055 	enum ath10k_hw_txrx_mode txmode;
4056 	enum ath10k_mac_tx_path txpath;
4057 	struct sk_buff *skb;
4058 	struct ieee80211_hdr *hdr;
4059 	size_t skb_len;
4060 	bool is_mgmt, is_presp;
4061 	int ret;
4062 	u16 airtime;
4063 
4064 	spin_lock_bh(&ar->htt.tx_lock);
4065 	ret = ath10k_htt_tx_inc_pending(htt);
4066 	spin_unlock_bh(&ar->htt.tx_lock);
4067 
4068 	if (ret)
4069 		return ret;
4070 
4071 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4072 	if (!skb) {
4073 		spin_lock_bh(&ar->htt.tx_lock);
4074 		ath10k_htt_tx_dec_pending(htt);
4075 		spin_unlock_bh(&ar->htt.tx_lock);
4076 
4077 		return -ENOENT;
4078 	}
4079 
4080 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4081 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, skb, airtime);
4082 
4083 	skb_len = skb->len;
4084 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4085 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4086 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4087 
4088 	if (is_mgmt) {
4089 		hdr = (struct ieee80211_hdr *)skb->data;
4090 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4091 
4092 		spin_lock_bh(&ar->htt.tx_lock);
4093 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4094 
4095 		if (ret) {
4096 			ath10k_htt_tx_dec_pending(htt);
4097 			spin_unlock_bh(&ar->htt.tx_lock);
4098 			return ret;
4099 		}
4100 		spin_unlock_bh(&ar->htt.tx_lock);
4101 	}
4102 
4103 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4104 	if (unlikely(ret)) {
4105 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4106 
4107 		spin_lock_bh(&ar->htt.tx_lock);
4108 		ath10k_htt_tx_dec_pending(htt);
4109 		if (is_mgmt)
4110 			ath10k_htt_tx_mgmt_dec_pending(htt);
4111 		spin_unlock_bh(&ar->htt.tx_lock);
4112 
4113 		return ret;
4114 	}
4115 
4116 	spin_lock_bh(&ar->htt.tx_lock);
4117 	artxq->num_fw_queued++;
4118 	spin_unlock_bh(&ar->htt.tx_lock);
4119 
4120 	return skb_len;
4121 }
4122 
4123 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4124 {
4125 	struct ieee80211_txq *txq;
4126 	int ret = 0;
4127 
4128 	ieee80211_txq_schedule_start(hw, ac);
4129 	while ((txq = ieee80211_next_txq(hw, ac))) {
4130 		while (ath10k_mac_tx_can_push(hw, txq)) {
4131 			ret = ath10k_mac_tx_push_txq(hw, txq);
4132 			if (ret < 0)
4133 				break;
4134 		}
4135 		ieee80211_return_txq(hw, txq, false);
4136 		ath10k_htt_tx_txq_update(hw, txq);
4137 		if (ret == -EBUSY)
4138 			break;
4139 	}
4140 	ieee80211_txq_schedule_end(hw, ac);
4141 
4142 	return ret;
4143 }
4144 
4145 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4146 {
4147 	struct ieee80211_hw *hw = ar->hw;
4148 	u32 ac;
4149 
4150 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4151 		return;
4152 
4153 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4154 		return;
4155 
4156 	rcu_read_lock();
4157 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4158 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4159 			break;
4160 	}
4161 	rcu_read_unlock();
4162 }
4163 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4164 
4165 /************/
4166 /* Scanning */
4167 /************/
4168 
4169 void __ath10k_scan_finish(struct ath10k *ar)
4170 {
4171 	lockdep_assert_held(&ar->data_lock);
4172 
4173 	switch (ar->scan.state) {
4174 	case ATH10K_SCAN_IDLE:
4175 		break;
4176 	case ATH10K_SCAN_RUNNING:
4177 	case ATH10K_SCAN_ABORTING:
4178 		if (!ar->scan.is_roc) {
4179 			struct cfg80211_scan_info info = {
4180 				.aborted = (ar->scan.state ==
4181 					    ATH10K_SCAN_ABORTING),
4182 			};
4183 
4184 			ieee80211_scan_completed(ar->hw, &info);
4185 		} else if (ar->scan.roc_notify) {
4186 			ieee80211_remain_on_channel_expired(ar->hw);
4187 		}
4188 		/* fall through */
4189 	case ATH10K_SCAN_STARTING:
4190 		ar->scan.state = ATH10K_SCAN_IDLE;
4191 		ar->scan_channel = NULL;
4192 		ar->scan.roc_freq = 0;
4193 		ath10k_offchan_tx_purge(ar);
4194 		cancel_delayed_work(&ar->scan.timeout);
4195 		complete(&ar->scan.completed);
4196 		break;
4197 	}
4198 }
4199 
4200 void ath10k_scan_finish(struct ath10k *ar)
4201 {
4202 	spin_lock_bh(&ar->data_lock);
4203 	__ath10k_scan_finish(ar);
4204 	spin_unlock_bh(&ar->data_lock);
4205 }
4206 
4207 static int ath10k_scan_stop(struct ath10k *ar)
4208 {
4209 	struct wmi_stop_scan_arg arg = {
4210 		.req_id = 1, /* FIXME */
4211 		.req_type = WMI_SCAN_STOP_ONE,
4212 		.u.scan_id = ATH10K_SCAN_ID,
4213 	};
4214 	int ret;
4215 
4216 	lockdep_assert_held(&ar->conf_mutex);
4217 
4218 	ret = ath10k_wmi_stop_scan(ar, &arg);
4219 	if (ret) {
4220 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4221 		goto out;
4222 	}
4223 
4224 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4225 	if (ret == 0) {
4226 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4227 		ret = -ETIMEDOUT;
4228 	} else if (ret > 0) {
4229 		ret = 0;
4230 	}
4231 
4232 out:
4233 	/* Scan state should be updated upon scan completion but in case
4234 	 * firmware fails to deliver the event (for whatever reason) it is
4235 	 * desired to clean up scan state anyway. Firmware may have just
4236 	 * dropped the scan completion event delivery due to transport pipe
4237 	 * being overflown with data and/or it can recover on its own before
4238 	 * next scan request is submitted.
4239 	 */
4240 	spin_lock_bh(&ar->data_lock);
4241 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4242 		__ath10k_scan_finish(ar);
4243 	spin_unlock_bh(&ar->data_lock);
4244 
4245 	return ret;
4246 }
4247 
4248 static void ath10k_scan_abort(struct ath10k *ar)
4249 {
4250 	int ret;
4251 
4252 	lockdep_assert_held(&ar->conf_mutex);
4253 
4254 	spin_lock_bh(&ar->data_lock);
4255 
4256 	switch (ar->scan.state) {
4257 	case ATH10K_SCAN_IDLE:
4258 		/* This can happen if timeout worker kicked in and called
4259 		 * abortion while scan completion was being processed.
4260 		 */
4261 		break;
4262 	case ATH10K_SCAN_STARTING:
4263 	case ATH10K_SCAN_ABORTING:
4264 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4265 			    ath10k_scan_state_str(ar->scan.state),
4266 			    ar->scan.state);
4267 		break;
4268 	case ATH10K_SCAN_RUNNING:
4269 		ar->scan.state = ATH10K_SCAN_ABORTING;
4270 		spin_unlock_bh(&ar->data_lock);
4271 
4272 		ret = ath10k_scan_stop(ar);
4273 		if (ret)
4274 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4275 
4276 		spin_lock_bh(&ar->data_lock);
4277 		break;
4278 	}
4279 
4280 	spin_unlock_bh(&ar->data_lock);
4281 }
4282 
4283 void ath10k_scan_timeout_work(struct work_struct *work)
4284 {
4285 	struct ath10k *ar = container_of(work, struct ath10k,
4286 					 scan.timeout.work);
4287 
4288 	mutex_lock(&ar->conf_mutex);
4289 	ath10k_scan_abort(ar);
4290 	mutex_unlock(&ar->conf_mutex);
4291 }
4292 
4293 static int ath10k_start_scan(struct ath10k *ar,
4294 			     const struct wmi_start_scan_arg *arg)
4295 {
4296 	int ret;
4297 
4298 	lockdep_assert_held(&ar->conf_mutex);
4299 
4300 	ret = ath10k_wmi_start_scan(ar, arg);
4301 	if (ret)
4302 		return ret;
4303 
4304 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4305 	if (ret == 0) {
4306 		ret = ath10k_scan_stop(ar);
4307 		if (ret)
4308 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4309 
4310 		return -ETIMEDOUT;
4311 	}
4312 
4313 	/* If we failed to start the scan, return error code at
4314 	 * this point.  This is probably due to some issue in the
4315 	 * firmware, but no need to wedge the driver due to that...
4316 	 */
4317 	spin_lock_bh(&ar->data_lock);
4318 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4319 		spin_unlock_bh(&ar->data_lock);
4320 		return -EINVAL;
4321 	}
4322 	spin_unlock_bh(&ar->data_lock);
4323 
4324 	return 0;
4325 }
4326 
4327 /**********************/
4328 /* mac80211 callbacks */
4329 /**********************/
4330 
4331 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4332 			     struct ieee80211_tx_control *control,
4333 			     struct sk_buff *skb)
4334 {
4335 	struct ath10k *ar = hw->priv;
4336 	struct ath10k_htt *htt = &ar->htt;
4337 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4338 	struct ieee80211_vif *vif = info->control.vif;
4339 	struct ieee80211_sta *sta = control->sta;
4340 	struct ieee80211_txq *txq = NULL;
4341 	struct ieee80211_hdr *hdr = (void *)skb->data;
4342 	enum ath10k_hw_txrx_mode txmode;
4343 	enum ath10k_mac_tx_path txpath;
4344 	bool is_htt;
4345 	bool is_mgmt;
4346 	bool is_presp;
4347 	int ret;
4348 	u16 airtime;
4349 
4350 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4351 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, skb, airtime);
4352 
4353 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4354 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4355 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4356 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4357 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4358 
4359 	if (is_htt) {
4360 		spin_lock_bh(&ar->htt.tx_lock);
4361 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4362 
4363 		ret = ath10k_htt_tx_inc_pending(htt);
4364 		if (ret) {
4365 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4366 				    ret);
4367 			spin_unlock_bh(&ar->htt.tx_lock);
4368 			ieee80211_free_txskb(ar->hw, skb);
4369 			return;
4370 		}
4371 
4372 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4373 		if (ret) {
4374 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4375 				   ret);
4376 			ath10k_htt_tx_dec_pending(htt);
4377 			spin_unlock_bh(&ar->htt.tx_lock);
4378 			ieee80211_free_txskb(ar->hw, skb);
4379 			return;
4380 		}
4381 		spin_unlock_bh(&ar->htt.tx_lock);
4382 	}
4383 
4384 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4385 	if (ret) {
4386 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4387 		if (is_htt) {
4388 			spin_lock_bh(&ar->htt.tx_lock);
4389 			ath10k_htt_tx_dec_pending(htt);
4390 			if (is_mgmt)
4391 				ath10k_htt_tx_mgmt_dec_pending(htt);
4392 			spin_unlock_bh(&ar->htt.tx_lock);
4393 		}
4394 		return;
4395 	}
4396 }
4397 
4398 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4399 					struct ieee80211_txq *txq)
4400 {
4401 	struct ath10k *ar = hw->priv;
4402 	int ret;
4403 	u8 ac;
4404 
4405 	ath10k_htt_tx_txq_update(hw, txq);
4406 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4407 		return;
4408 
4409 	ac = txq->ac;
4410 	ieee80211_txq_schedule_start(hw, ac);
4411 	txq = ieee80211_next_txq(hw, ac);
4412 	if (!txq)
4413 		goto out;
4414 
4415 	while (ath10k_mac_tx_can_push(hw, txq)) {
4416 		ret = ath10k_mac_tx_push_txq(hw, txq);
4417 		if (ret < 0)
4418 			break;
4419 	}
4420 	ieee80211_return_txq(hw, txq, false);
4421 	ath10k_htt_tx_txq_update(hw, txq);
4422 out:
4423 	ieee80211_txq_schedule_end(hw, ac);
4424 }
4425 
4426 /* Must not be called with conf_mutex held as workers can use that also. */
4427 void ath10k_drain_tx(struct ath10k *ar)
4428 {
4429 	/* make sure rcu-protected mac80211 tx path itself is drained */
4430 	synchronize_net();
4431 
4432 	ath10k_offchan_tx_purge(ar);
4433 	ath10k_mgmt_over_wmi_tx_purge(ar);
4434 
4435 	cancel_work_sync(&ar->offchan_tx_work);
4436 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4437 }
4438 
4439 void ath10k_halt(struct ath10k *ar)
4440 {
4441 	struct ath10k_vif *arvif;
4442 
4443 	lockdep_assert_held(&ar->conf_mutex);
4444 
4445 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4446 	ar->filter_flags = 0;
4447 	ar->monitor = false;
4448 	ar->monitor_arvif = NULL;
4449 
4450 	if (ar->monitor_started)
4451 		ath10k_monitor_stop(ar);
4452 
4453 	ar->monitor_started = false;
4454 	ar->tx_paused = 0;
4455 
4456 	ath10k_scan_finish(ar);
4457 	ath10k_peer_cleanup_all(ar);
4458 	ath10k_stop_radar_confirmation(ar);
4459 	ath10k_core_stop(ar);
4460 	ath10k_hif_power_down(ar);
4461 
4462 	spin_lock_bh(&ar->data_lock);
4463 	list_for_each_entry(arvif, &ar->arvifs, list)
4464 		ath10k_mac_vif_beacon_cleanup(arvif);
4465 	spin_unlock_bh(&ar->data_lock);
4466 }
4467 
4468 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4469 {
4470 	struct ath10k *ar = hw->priv;
4471 
4472 	mutex_lock(&ar->conf_mutex);
4473 
4474 	*tx_ant = ar->cfg_tx_chainmask;
4475 	*rx_ant = ar->cfg_rx_chainmask;
4476 
4477 	mutex_unlock(&ar->conf_mutex);
4478 
4479 	return 0;
4480 }
4481 
4482 static void ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4483 {
4484 	/* It is not clear that allowing gaps in chainmask
4485 	 * is helpful.  Probably it will not do what user
4486 	 * is hoping for, so warn in that case.
4487 	 */
4488 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4489 		return;
4490 
4491 	ath10k_warn(ar, "mac %s antenna chainmask may be invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4492 		    dbg, cm);
4493 }
4494 
4495 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4496 {
4497 	int nsts = ar->vht_cap_info;
4498 
4499 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4500 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4501 
4502 	/* If firmware does not deliver to host number of space-time
4503 	 * streams supported, assume it support up to 4 BF STS and return
4504 	 * the value for VHT CAP: nsts-1)
4505 	 */
4506 	if (nsts == 0)
4507 		return 3;
4508 
4509 	return nsts;
4510 }
4511 
4512 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4513 {
4514 	int sound_dim = ar->vht_cap_info;
4515 
4516 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4517 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4518 
4519 	/* If the sounding dimension is not advertised by the firmware,
4520 	 * let's use a default value of 1
4521 	 */
4522 	if (sound_dim == 0)
4523 		return 1;
4524 
4525 	return sound_dim;
4526 }
4527 
4528 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4529 {
4530 	struct ieee80211_sta_vht_cap vht_cap = {0};
4531 	struct ath10k_hw_params *hw = &ar->hw_params;
4532 	u16 mcs_map;
4533 	u32 val;
4534 	int i;
4535 
4536 	vht_cap.vht_supported = 1;
4537 	vht_cap.cap = ar->vht_cap_info;
4538 
4539 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4540 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4541 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4542 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4543 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4544 
4545 		vht_cap.cap |= val;
4546 	}
4547 
4548 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4549 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4550 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4551 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4552 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4553 
4554 		vht_cap.cap |= val;
4555 	}
4556 
4557 	/* Currently the firmware seems to be buggy, don't enable 80+80
4558 	 * mode until that's resolved.
4559 	 */
4560 	if ((ar->vht_cap_info & IEEE80211_VHT_CAP_SHORT_GI_160) &&
4561 	    (ar->vht_cap_info & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) == 0)
4562 		vht_cap.cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
4563 
4564 	mcs_map = 0;
4565 	for (i = 0; i < 8; i++) {
4566 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4567 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4568 		else
4569 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4570 	}
4571 
4572 	if (ar->cfg_tx_chainmask <= 1)
4573 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4574 
4575 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4576 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4577 
4578 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4579 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4580 	 * user-space a clue if that is the case.
4581 	 */
4582 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4583 	    (hw->vht160_mcs_rx_highest != 0 ||
4584 	     hw->vht160_mcs_tx_highest != 0)) {
4585 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4586 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4587 	}
4588 
4589 	return vht_cap;
4590 }
4591 
4592 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4593 {
4594 	int i;
4595 	struct ieee80211_sta_ht_cap ht_cap = {0};
4596 
4597 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4598 		return ht_cap;
4599 
4600 	ht_cap.ht_supported = 1;
4601 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4602 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4603 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4604 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4605 	ht_cap.cap |=
4606 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4607 
4608 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4609 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4610 
4611 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4612 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4613 
4614 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4615 		u32 smps;
4616 
4617 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4618 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4619 
4620 		ht_cap.cap |= smps;
4621 	}
4622 
4623 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4624 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4625 
4626 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4627 		u32 stbc;
4628 
4629 		stbc   = ar->ht_cap_info;
4630 		stbc  &= WMI_HT_CAP_RX_STBC;
4631 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4632 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4633 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4634 
4635 		ht_cap.cap |= stbc;
4636 	}
4637 
4638 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4639 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4640 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4641 
4642 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4643 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4644 
4645 	/* max AMSDU is implicitly taken from vht_cap_info */
4646 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4647 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4648 
4649 	for (i = 0; i < ar->num_rf_chains; i++) {
4650 		if (ar->cfg_rx_chainmask & BIT(i))
4651 			ht_cap.mcs.rx_mask[i] = 0xFF;
4652 	}
4653 
4654 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
4655 
4656 	return ht_cap;
4657 }
4658 
4659 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
4660 {
4661 	struct ieee80211_supported_band *band;
4662 	struct ieee80211_sta_vht_cap vht_cap;
4663 	struct ieee80211_sta_ht_cap ht_cap;
4664 
4665 	ht_cap = ath10k_get_ht_cap(ar);
4666 	vht_cap = ath10k_create_vht_cap(ar);
4667 
4668 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
4669 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
4670 		band->ht_cap = ht_cap;
4671 	}
4672 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
4673 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
4674 		band->ht_cap = ht_cap;
4675 		band->vht_cap = vht_cap;
4676 	}
4677 }
4678 
4679 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
4680 {
4681 	int ret;
4682 
4683 	lockdep_assert_held(&ar->conf_mutex);
4684 
4685 	ath10k_check_chain_mask(ar, tx_ant, "tx");
4686 	ath10k_check_chain_mask(ar, rx_ant, "rx");
4687 
4688 	ar->cfg_tx_chainmask = tx_ant;
4689 	ar->cfg_rx_chainmask = rx_ant;
4690 
4691 	if ((ar->state != ATH10K_STATE_ON) &&
4692 	    (ar->state != ATH10K_STATE_RESTARTED))
4693 		return 0;
4694 
4695 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
4696 					tx_ant);
4697 	if (ret) {
4698 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
4699 			    ret, tx_ant);
4700 		return ret;
4701 	}
4702 
4703 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
4704 					rx_ant);
4705 	if (ret) {
4706 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
4707 			    ret, rx_ant);
4708 		return ret;
4709 	}
4710 
4711 	/* Reload HT/VHT capability */
4712 	ath10k_mac_setup_ht_vht_cap(ar);
4713 
4714 	return 0;
4715 }
4716 
4717 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
4718 {
4719 	struct ath10k *ar = hw->priv;
4720 	int ret;
4721 
4722 	mutex_lock(&ar->conf_mutex);
4723 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
4724 	mutex_unlock(&ar->conf_mutex);
4725 	return ret;
4726 }
4727 
4728 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
4729 				       struct wmi_bb_timing_cfg_arg *bb_timing)
4730 {
4731 	struct device_node *node;
4732 	const char *fem_name;
4733 	int ret;
4734 
4735 	node = ar->dev->of_node;
4736 	if (!node)
4737 		return -ENOENT;
4738 
4739 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
4740 	if (ret)
4741 		return -ENOENT;
4742 
4743 	/*
4744 	 * If external Front End module used in hardware, then default base band timing
4745 	 * parameter cannot be used since they were fine tuned for reference hardware,
4746 	 * so choosing different value suitable for that external FEM.
4747 	 */
4748 	if (!strcmp("microsemi-lx5586", fem_name)) {
4749 		bb_timing->bb_tx_timing = 0x00;
4750 		bb_timing->bb_xpa_timing = 0x0101;
4751 	} else {
4752 		return -ENOENT;
4753 	}
4754 
4755 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
4756 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
4757 	return 0;
4758 }
4759 
4760 static int ath10k_mac_rfkill_config(struct ath10k *ar)
4761 {
4762 	u32 param;
4763 	int ret;
4764 
4765 	if (ar->hw_values->rfkill_pin == 0) {
4766 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
4767 		return -EOPNOTSUPP;
4768 	}
4769 
4770 	ath10k_dbg(ar, ATH10K_DBG_MAC,
4771 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
4772 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
4773 		   ar->hw_values->rfkill_on_level);
4774 
4775 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
4776 			   ar->hw_values->rfkill_on_level) |
4777 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
4778 			   ar->hw_values->rfkill_pin) |
4779 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
4780 			   ar->hw_values->rfkill_cfg);
4781 
4782 	ret = ath10k_wmi_pdev_set_param(ar,
4783 					ar->wmi.pdev_param->rfkill_config,
4784 					param);
4785 	if (ret) {
4786 		ath10k_warn(ar,
4787 			    "failed to set rfkill config 0x%x: %d\n",
4788 			    param, ret);
4789 		return ret;
4790 	}
4791 	return 0;
4792 }
4793 
4794 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
4795 {
4796 	enum wmi_tlv_rfkill_enable_radio param;
4797 	int ret;
4798 
4799 	if (enable)
4800 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
4801 	else
4802 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
4803 
4804 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
4805 
4806 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
4807 					param);
4808 	if (ret) {
4809 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
4810 			    param, ret);
4811 		return ret;
4812 	}
4813 
4814 	return 0;
4815 }
4816 
4817 static int ath10k_start(struct ieee80211_hw *hw)
4818 {
4819 	struct ath10k *ar = hw->priv;
4820 	u32 param;
4821 	int ret = 0;
4822 	struct wmi_bb_timing_cfg_arg bb_timing = {0};
4823 
4824 	/*
4825 	 * This makes sense only when restarting hw. It is harmless to call
4826 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
4827 	 * commands will be submitted while restarting.
4828 	 */
4829 	ath10k_drain_tx(ar);
4830 
4831 	mutex_lock(&ar->conf_mutex);
4832 
4833 	switch (ar->state) {
4834 	case ATH10K_STATE_OFF:
4835 		ar->state = ATH10K_STATE_ON;
4836 		break;
4837 	case ATH10K_STATE_RESTARTING:
4838 		ar->state = ATH10K_STATE_RESTARTED;
4839 		break;
4840 	case ATH10K_STATE_ON:
4841 	case ATH10K_STATE_RESTARTED:
4842 	case ATH10K_STATE_WEDGED:
4843 		WARN_ON(1);
4844 		ret = -EINVAL;
4845 		goto err;
4846 	case ATH10K_STATE_UTF:
4847 		ret = -EBUSY;
4848 		goto err;
4849 	}
4850 
4851 	spin_lock_bh(&ar->data_lock);
4852 
4853 	if (ar->hw_rfkill_on) {
4854 		ar->hw_rfkill_on = false;
4855 		spin_unlock_bh(&ar->data_lock);
4856 		goto err;
4857 	}
4858 
4859 	spin_unlock_bh(&ar->data_lock);
4860 
4861 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
4862 	if (ret) {
4863 		ath10k_err(ar, "Could not init hif: %d\n", ret);
4864 		goto err_off;
4865 	}
4866 
4867 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
4868 				&ar->normal_mode_fw);
4869 	if (ret) {
4870 		ath10k_err(ar, "Could not init core: %d\n", ret);
4871 		goto err_power_down;
4872 	}
4873 
4874 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
4875 		ret = ath10k_mac_rfkill_config(ar);
4876 		if (ret && ret != -EOPNOTSUPP) {
4877 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
4878 			goto err_core_stop;
4879 		}
4880 	}
4881 
4882 	param = ar->wmi.pdev_param->pmf_qos;
4883 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
4884 	if (ret) {
4885 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
4886 		goto err_core_stop;
4887 	}
4888 
4889 	param = ar->wmi.pdev_param->dynamic_bw;
4890 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
4891 	if (ret) {
4892 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
4893 		goto err_core_stop;
4894 	}
4895 
4896 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
4897 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
4898 		if (ret) {
4899 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
4900 			goto err_core_stop;
4901 		}
4902 	}
4903 
4904 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
4905 		ret = ath10k_wmi_adaptive_qcs(ar, true);
4906 		if (ret) {
4907 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
4908 				    ret);
4909 			goto err_core_stop;
4910 		}
4911 	}
4912 
4913 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
4914 		param = ar->wmi.pdev_param->burst_enable;
4915 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
4916 		if (ret) {
4917 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
4918 			goto err_core_stop;
4919 		}
4920 	}
4921 
4922 	param = ar->wmi.pdev_param->idle_ps_config;
4923 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
4924 	if (ret && ret != -EOPNOTSUPP) {
4925 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
4926 		goto err_core_stop;
4927 	}
4928 
4929 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
4930 
4931 	/*
4932 	 * By default FW set ARP frames ac to voice (6). In that case ARP
4933 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
4934 	 * which arrives with access category 0 are processed by network stack
4935 	 * and send back with access category 0, but FW changes access category
4936 	 * to 6. Set ARP frames access category to best effort (0) solves
4937 	 * this problem.
4938 	 */
4939 
4940 	param = ar->wmi.pdev_param->arp_ac_override;
4941 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
4942 	if (ret) {
4943 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
4944 			    ret);
4945 		goto err_core_stop;
4946 	}
4947 
4948 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
4949 		     ar->running_fw->fw_file.fw_features)) {
4950 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
4951 							  WMI_CCA_DETECT_LEVEL_AUTO,
4952 							  WMI_CCA_DETECT_MARGIN_AUTO);
4953 		if (ret) {
4954 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
4955 				    ret);
4956 			goto err_core_stop;
4957 		}
4958 	}
4959 
4960 	param = ar->wmi.pdev_param->ani_enable;
4961 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
4962 	if (ret) {
4963 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
4964 			    ret);
4965 		goto err_core_stop;
4966 	}
4967 
4968 	ar->ani_enabled = true;
4969 
4970 	if (ath10k_peer_stats_enabled(ar)) {
4971 		param = ar->wmi.pdev_param->peer_stats_update_period;
4972 		ret = ath10k_wmi_pdev_set_param(ar, param,
4973 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
4974 		if (ret) {
4975 			ath10k_warn(ar,
4976 				    "failed to set peer stats period : %d\n",
4977 				    ret);
4978 			goto err_core_stop;
4979 		}
4980 	}
4981 
4982 	param = ar->wmi.pdev_param->enable_btcoex;
4983 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
4984 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
4985 		     ar->running_fw->fw_file.fw_features)) {
4986 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
4987 		if (ret) {
4988 			ath10k_warn(ar,
4989 				    "failed to set btcoex param: %d\n", ret);
4990 			goto err_core_stop;
4991 		}
4992 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
4993 	}
4994 
4995 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
4996 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
4997 		if (!ret) {
4998 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
4999 			if (ret) {
5000 				ath10k_warn(ar,
5001 					    "failed to set bb timings: %d\n",
5002 					    ret);
5003 				goto err_core_stop;
5004 			}
5005 		}
5006 	}
5007 
5008 	ar->num_started_vdevs = 0;
5009 	ath10k_regd_update(ar);
5010 
5011 	ath10k_spectral_start(ar);
5012 	ath10k_thermal_set_throttling(ar);
5013 
5014 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5015 
5016 	mutex_unlock(&ar->conf_mutex);
5017 	return 0;
5018 
5019 err_core_stop:
5020 	ath10k_core_stop(ar);
5021 
5022 err_power_down:
5023 	ath10k_hif_power_down(ar);
5024 
5025 err_off:
5026 	ar->state = ATH10K_STATE_OFF;
5027 
5028 err:
5029 	mutex_unlock(&ar->conf_mutex);
5030 	return ret;
5031 }
5032 
5033 static void ath10k_stop(struct ieee80211_hw *hw)
5034 {
5035 	struct ath10k *ar = hw->priv;
5036 
5037 	ath10k_drain_tx(ar);
5038 
5039 	mutex_lock(&ar->conf_mutex);
5040 	if (ar->state != ATH10K_STATE_OFF) {
5041 		if (!ar->hw_rfkill_on)
5042 			ath10k_halt(ar);
5043 		ar->state = ATH10K_STATE_OFF;
5044 	}
5045 	mutex_unlock(&ar->conf_mutex);
5046 
5047 	cancel_work_sync(&ar->set_coverage_class_work);
5048 	cancel_delayed_work_sync(&ar->scan.timeout);
5049 	cancel_work_sync(&ar->restart_work);
5050 }
5051 
5052 static int ath10k_config_ps(struct ath10k *ar)
5053 {
5054 	struct ath10k_vif *arvif;
5055 	int ret = 0;
5056 
5057 	lockdep_assert_held(&ar->conf_mutex);
5058 
5059 	list_for_each_entry(arvif, &ar->arvifs, list) {
5060 		ret = ath10k_mac_vif_setup_ps(arvif);
5061 		if (ret) {
5062 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5063 			break;
5064 		}
5065 	}
5066 
5067 	return ret;
5068 }
5069 
5070 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
5071 {
5072 	int ret;
5073 	u32 param;
5074 
5075 	lockdep_assert_held(&ar->conf_mutex);
5076 
5077 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower %d\n", txpower);
5078 
5079 	param = ar->wmi.pdev_param->txpower_limit2g;
5080 	ret = ath10k_wmi_pdev_set_param(ar, param, txpower * 2);
5081 	if (ret) {
5082 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
5083 			    txpower, ret);
5084 		return ret;
5085 	}
5086 
5087 	param = ar->wmi.pdev_param->txpower_limit5g;
5088 	ret = ath10k_wmi_pdev_set_param(ar, param, txpower * 2);
5089 	if (ret) {
5090 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
5091 			    txpower, ret);
5092 		return ret;
5093 	}
5094 
5095 	return 0;
5096 }
5097 
5098 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
5099 {
5100 	struct ath10k_vif *arvif;
5101 	int ret, txpower = -1;
5102 
5103 	lockdep_assert_held(&ar->conf_mutex);
5104 
5105 	list_for_each_entry(arvif, &ar->arvifs, list) {
5106 		if (arvif->txpower <= 0)
5107 			continue;
5108 
5109 		if (txpower == -1)
5110 			txpower = arvif->txpower;
5111 		else
5112 			txpower = min(txpower, arvif->txpower);
5113 	}
5114 
5115 	if (txpower == -1)
5116 		return 0;
5117 
5118 	ret = ath10k_mac_txpower_setup(ar, txpower);
5119 	if (ret) {
5120 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
5121 			    txpower, ret);
5122 		return ret;
5123 	}
5124 
5125 	return 0;
5126 }
5127 
5128 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
5129 {
5130 	struct ath10k *ar = hw->priv;
5131 	struct ieee80211_conf *conf = &hw->conf;
5132 	int ret = 0;
5133 
5134 	mutex_lock(&ar->conf_mutex);
5135 
5136 	if (changed & IEEE80211_CONF_CHANGE_PS)
5137 		ath10k_config_ps(ar);
5138 
5139 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5140 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5141 		ret = ath10k_monitor_recalc(ar);
5142 		if (ret)
5143 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5144 	}
5145 
5146 	mutex_unlock(&ar->conf_mutex);
5147 	return ret;
5148 }
5149 
5150 static u32 get_nss_from_chainmask(u16 chain_mask)
5151 {
5152 	if ((chain_mask & 0xf) == 0xf)
5153 		return 4;
5154 	else if ((chain_mask & 0x7) == 0x7)
5155 		return 3;
5156 	else if ((chain_mask & 0x3) == 0x3)
5157 		return 2;
5158 	return 1;
5159 }
5160 
5161 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5162 {
5163 	u32 value = 0;
5164 	struct ath10k *ar = arvif->ar;
5165 	int nsts;
5166 	int sound_dim;
5167 
5168 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5169 		return 0;
5170 
5171 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5172 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5173 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5174 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5175 
5176 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5177 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5178 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5179 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5180 
5181 	if (!value)
5182 		return 0;
5183 
5184 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5185 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5186 
5187 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5188 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5189 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5190 
5191 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5192 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5193 
5194 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5195 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5196 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5197 
5198 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5199 					 ar->wmi.vdev_param->txbf, value);
5200 }
5201 
5202 /*
5203  * TODO:
5204  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5205  * because we will send mgmt frames without CCK. This requirement
5206  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5207  * in the TX packet.
5208  */
5209 static int ath10k_add_interface(struct ieee80211_hw *hw,
5210 				struct ieee80211_vif *vif)
5211 {
5212 	struct ath10k *ar = hw->priv;
5213 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5214 	struct ath10k_peer *peer;
5215 	enum wmi_sta_powersave_param param;
5216 	int ret = 0;
5217 	u32 value;
5218 	int bit;
5219 	int i;
5220 	u32 vdev_param;
5221 
5222 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5223 
5224 	mutex_lock(&ar->conf_mutex);
5225 
5226 	memset(arvif, 0, sizeof(*arvif));
5227 	ath10k_mac_txq_init(vif->txq);
5228 
5229 	arvif->ar = ar;
5230 	arvif->vif = vif;
5231 
5232 	INIT_LIST_HEAD(&arvif->list);
5233 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5234 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5235 			  ath10k_mac_vif_sta_connection_loss_work);
5236 
5237 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5238 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5239 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5240 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5241 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5242 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5243 	}
5244 
5245 	if (ar->num_peers >= ar->max_num_peers) {
5246 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5247 		ret = -ENOBUFS;
5248 		goto err;
5249 	}
5250 
5251 	if (ar->free_vdev_map == 0) {
5252 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5253 		ret = -EBUSY;
5254 		goto err;
5255 	}
5256 	bit = __ffs64(ar->free_vdev_map);
5257 
5258 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5259 		   bit, ar->free_vdev_map);
5260 
5261 	arvif->vdev_id = bit;
5262 	arvif->vdev_subtype =
5263 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5264 
5265 	switch (vif->type) {
5266 	case NL80211_IFTYPE_P2P_DEVICE:
5267 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5268 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5269 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5270 		break;
5271 	case NL80211_IFTYPE_UNSPECIFIED:
5272 	case NL80211_IFTYPE_STATION:
5273 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5274 		if (vif->p2p)
5275 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5276 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5277 		break;
5278 	case NL80211_IFTYPE_ADHOC:
5279 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5280 		break;
5281 	case NL80211_IFTYPE_MESH_POINT:
5282 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5283 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5284 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5285 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5286 			ret = -EINVAL;
5287 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5288 			goto err;
5289 		}
5290 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5291 		break;
5292 	case NL80211_IFTYPE_AP:
5293 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5294 
5295 		if (vif->p2p)
5296 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5297 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5298 		break;
5299 	case NL80211_IFTYPE_MONITOR:
5300 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5301 		break;
5302 	default:
5303 		WARN_ON(1);
5304 		break;
5305 	}
5306 
5307 	/* Using vdev_id as queue number will make it very easy to do per-vif
5308 	 * tx queue locking. This shouldn't wrap due to interface combinations
5309 	 * but do a modulo for correctness sake and prevent using offchannel tx
5310 	 * queues for regular vif tx.
5311 	 */
5312 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5313 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5314 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5315 
5316 	/* Some firmware revisions don't wait for beacon tx completion before
5317 	 * sending another SWBA event. This could lead to hardware using old
5318 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5319 	 * combined with missed TBTT. This is very very rare.
5320 	 *
5321 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5322 	 * because hw could beacon some random data on the air.  On
5323 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5324 	 * device would crash.
5325 	 *
5326 	 * Since there are no beacon tx completions (implicit nor explicit)
5327 	 * propagated to host the only workaround for this is to allocate a
5328 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5329 	 * beacon tx commands. Worst case for this approach is some beacons may
5330 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5331 	 */
5332 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5333 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5334 	    vif->type == NL80211_IFTYPE_AP) {
5335 		arvif->beacon_buf = dma_alloc_coherent(ar->dev,
5336 						       IEEE80211_MAX_FRAME_LEN,
5337 						       &arvif->beacon_paddr,
5338 						       GFP_ATOMIC);
5339 		if (!arvif->beacon_buf) {
5340 			ret = -ENOMEM;
5341 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5342 				    ret);
5343 			goto err;
5344 		}
5345 	}
5346 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5347 		arvif->nohwcrypt = true;
5348 
5349 	if (arvif->nohwcrypt &&
5350 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5351 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5352 		goto err;
5353 	}
5354 
5355 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5356 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5357 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5358 
5359 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5360 				     arvif->vdev_subtype, vif->addr);
5361 	if (ret) {
5362 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5363 			    arvif->vdev_id, ret);
5364 		goto err;
5365 	}
5366 
5367 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5368 		     ar->wmi.svc_map)) {
5369 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5370 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5371 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5372 		if (ret && ret != -EOPNOTSUPP) {
5373 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5374 				    arvif->vdev_id, ret);
5375 		}
5376 	}
5377 
5378 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5379 	spin_lock_bh(&ar->data_lock);
5380 	list_add(&arvif->list, &ar->arvifs);
5381 	spin_unlock_bh(&ar->data_lock);
5382 
5383 	/* It makes no sense to have firmware do keepalives. mac80211 already
5384 	 * takes care of this with idle connection polling.
5385 	 */
5386 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5387 	if (ret) {
5388 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5389 			    arvif->vdev_id, ret);
5390 		goto err_vdev_delete;
5391 	}
5392 
5393 	arvif->def_wep_key_idx = -1;
5394 
5395 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5396 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5397 					ATH10K_HW_TXRX_NATIVE_WIFI);
5398 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5399 	if (ret && ret != -EOPNOTSUPP) {
5400 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5401 			    arvif->vdev_id, ret);
5402 		goto err_vdev_delete;
5403 	}
5404 
5405 	/* Configuring number of spatial stream for monitor interface is causing
5406 	 * target assert in qca9888 and qca6174.
5407 	 */
5408 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5409 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5410 
5411 		vdev_param = ar->wmi.vdev_param->nss;
5412 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5413 						nss);
5414 		if (ret) {
5415 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5416 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5417 				    ret);
5418 			goto err_vdev_delete;
5419 		}
5420 	}
5421 
5422 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5423 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5424 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5425 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5426 		if (ret) {
5427 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5428 				    arvif->vdev_id, ret);
5429 			goto err_vdev_delete;
5430 		}
5431 
5432 		spin_lock_bh(&ar->data_lock);
5433 
5434 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5435 		if (!peer) {
5436 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5437 				    vif->addr, arvif->vdev_id);
5438 			spin_unlock_bh(&ar->data_lock);
5439 			ret = -ENOENT;
5440 			goto err_peer_delete;
5441 		}
5442 
5443 		arvif->peer_id = find_first_bit(peer->peer_ids,
5444 						ATH10K_MAX_NUM_PEER_IDS);
5445 
5446 		spin_unlock_bh(&ar->data_lock);
5447 	} else {
5448 		arvif->peer_id = HTT_INVALID_PEERID;
5449 	}
5450 
5451 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5452 		ret = ath10k_mac_set_kickout(arvif);
5453 		if (ret) {
5454 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5455 				    arvif->vdev_id, ret);
5456 			goto err_peer_delete;
5457 		}
5458 	}
5459 
5460 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5461 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5462 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5463 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5464 						  param, value);
5465 		if (ret) {
5466 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5467 				    arvif->vdev_id, ret);
5468 			goto err_peer_delete;
5469 		}
5470 
5471 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5472 		if (ret) {
5473 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5474 				    arvif->vdev_id, ret);
5475 			goto err_peer_delete;
5476 		}
5477 
5478 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5479 		if (ret) {
5480 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5481 				    arvif->vdev_id, ret);
5482 			goto err_peer_delete;
5483 		}
5484 	}
5485 
5486 	ret = ath10k_mac_set_txbf_conf(arvif);
5487 	if (ret) {
5488 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5489 			    arvif->vdev_id, ret);
5490 		goto err_peer_delete;
5491 	}
5492 
5493 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5494 	if (ret) {
5495 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5496 			    arvif->vdev_id, ret);
5497 		goto err_peer_delete;
5498 	}
5499 
5500 	arvif->txpower = vif->bss_conf.txpower;
5501 	ret = ath10k_mac_txpower_recalc(ar);
5502 	if (ret) {
5503 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5504 		goto err_peer_delete;
5505 	}
5506 
5507 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5508 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5509 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5510 						arvif->ftm_responder);
5511 
5512 		/* It is harmless to not set FTM role. Do not warn */
5513 		if (ret && ret != -EOPNOTSUPP)
5514 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5515 				    arvif->vdev_id, ret);
5516 	}
5517 
5518 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5519 		ar->monitor_arvif = arvif;
5520 		ret = ath10k_monitor_recalc(ar);
5521 		if (ret) {
5522 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5523 			goto err_peer_delete;
5524 		}
5525 	}
5526 
5527 	spin_lock_bh(&ar->htt.tx_lock);
5528 	if (!ar->tx_paused)
5529 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5530 	spin_unlock_bh(&ar->htt.tx_lock);
5531 
5532 	mutex_unlock(&ar->conf_mutex);
5533 	return 0;
5534 
5535 err_peer_delete:
5536 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5537 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5538 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5539 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5540 						 vif->addr);
5541 	}
5542 
5543 err_vdev_delete:
5544 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5545 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5546 	spin_lock_bh(&ar->data_lock);
5547 	list_del(&arvif->list);
5548 	spin_unlock_bh(&ar->data_lock);
5549 
5550 err:
5551 	if (arvif->beacon_buf) {
5552 		dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5553 				  arvif->beacon_buf, arvif->beacon_paddr);
5554 		arvif->beacon_buf = NULL;
5555 	}
5556 
5557 	mutex_unlock(&ar->conf_mutex);
5558 
5559 	return ret;
5560 }
5561 
5562 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5563 {
5564 	int i;
5565 
5566 	for (i = 0; i < BITS_PER_LONG; i++)
5567 		ath10k_mac_vif_tx_unlock(arvif, i);
5568 }
5569 
5570 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5571 				    struct ieee80211_vif *vif)
5572 {
5573 	struct ath10k *ar = hw->priv;
5574 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5575 	struct ath10k_peer *peer;
5576 	unsigned long time_left;
5577 	int ret;
5578 	int i;
5579 
5580 	cancel_work_sync(&arvif->ap_csa_work);
5581 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5582 
5583 	mutex_lock(&ar->conf_mutex);
5584 
5585 	ret = ath10k_spectral_vif_stop(arvif);
5586 	if (ret)
5587 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5588 			    arvif->vdev_id, ret);
5589 
5590 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5591 	spin_lock_bh(&ar->data_lock);
5592 	list_del(&arvif->list);
5593 	spin_unlock_bh(&ar->data_lock);
5594 
5595 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5596 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5597 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5598 					     vif->addr);
5599 		if (ret)
5600 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5601 				    arvif->vdev_id, ret);
5602 
5603 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5604 						 vif->addr);
5605 		kfree(arvif->u.ap.noa_data);
5606 	}
5607 
5608 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5609 		   arvif->vdev_id);
5610 
5611 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5612 	if (ret)
5613 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5614 			    arvif->vdev_id, ret);
5615 
5616 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
5617 		time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
5618 							ATH10K_VDEV_DELETE_TIMEOUT_HZ);
5619 		if (time_left == 0) {
5620 			ath10k_warn(ar, "Timeout in receiving vdev delete response\n");
5621 			goto out;
5622 		}
5623 	}
5624 
5625 	/* Some firmware revisions don't notify host about self-peer removal
5626 	 * until after associated vdev is deleted.
5627 	 */
5628 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5629 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5630 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5631 						   vif->addr);
5632 		if (ret)
5633 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5634 				    arvif->vdev_id, ret);
5635 
5636 		spin_lock_bh(&ar->data_lock);
5637 		ar->num_peers--;
5638 		spin_unlock_bh(&ar->data_lock);
5639 	}
5640 
5641 	spin_lock_bh(&ar->data_lock);
5642 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5643 		peer = ar->peer_map[i];
5644 		if (!peer)
5645 			continue;
5646 
5647 		if (peer->vif == vif) {
5648 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5649 				    vif->addr, arvif->vdev_id);
5650 			peer->vif = NULL;
5651 		}
5652 	}
5653 
5654 	/* Clean this up late, less opportunity for firmware to access
5655 	 * DMA memory we have deleted.
5656 	 */
5657 	ath10k_mac_vif_beacon_cleanup(arvif);
5658 	spin_unlock_bh(&ar->data_lock);
5659 
5660 	ath10k_peer_cleanup(ar, arvif->vdev_id);
5661 	ath10k_mac_txq_unref(ar, vif->txq);
5662 
5663 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5664 		ar->monitor_arvif = NULL;
5665 		ret = ath10k_monitor_recalc(ar);
5666 		if (ret)
5667 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5668 	}
5669 
5670 	ret = ath10k_mac_txpower_recalc(ar);
5671 	if (ret)
5672 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5673 
5674 	spin_lock_bh(&ar->htt.tx_lock);
5675 	ath10k_mac_vif_tx_unlock_all(arvif);
5676 	spin_unlock_bh(&ar->htt.tx_lock);
5677 
5678 	ath10k_mac_txq_unref(ar, vif->txq);
5679 
5680 out:
5681 	mutex_unlock(&ar->conf_mutex);
5682 }
5683 
5684 /*
5685  * FIXME: Has to be verified.
5686  */
5687 #define SUPPORTED_FILTERS			\
5688 	(FIF_ALLMULTI |				\
5689 	FIF_CONTROL |				\
5690 	FIF_PSPOLL |				\
5691 	FIF_OTHER_BSS |				\
5692 	FIF_BCN_PRBRESP_PROMISC |		\
5693 	FIF_PROBE_REQ |				\
5694 	FIF_FCSFAIL)
5695 
5696 static void ath10k_configure_filter(struct ieee80211_hw *hw,
5697 				    unsigned int changed_flags,
5698 				    unsigned int *total_flags,
5699 				    u64 multicast)
5700 {
5701 	struct ath10k *ar = hw->priv;
5702 	int ret;
5703 
5704 	mutex_lock(&ar->conf_mutex);
5705 
5706 	changed_flags &= SUPPORTED_FILTERS;
5707 	*total_flags &= SUPPORTED_FILTERS;
5708 	ar->filter_flags = *total_flags;
5709 
5710 	ret = ath10k_monitor_recalc(ar);
5711 	if (ret)
5712 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5713 
5714 	mutex_unlock(&ar->conf_mutex);
5715 }
5716 
5717 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
5718 					 struct ieee80211_vif *vif,
5719 					 struct cfg80211_chan_def *def)
5720 {
5721 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5722 	const struct ieee80211_supported_band *sband;
5723 	u8 basic_rate_idx;
5724 	int hw_rate_code;
5725 	u32 vdev_param;
5726 	u16 bitrate;
5727 	int ret;
5728 
5729 	lockdep_assert_held(&ar->conf_mutex);
5730 
5731 	sband = ar->hw->wiphy->bands[def->chan->band];
5732 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
5733 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
5734 
5735 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
5736 	if (hw_rate_code < 0) {
5737 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
5738 		return;
5739 	}
5740 
5741 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
5742 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5743 					hw_rate_code);
5744 	if (ret)
5745 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
5746 }
5747 
5748 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
5749 				    struct ieee80211_vif *vif,
5750 				    struct ieee80211_bss_conf *info,
5751 				    u32 changed)
5752 {
5753 	struct ath10k *ar = hw->priv;
5754 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5755 	struct cfg80211_chan_def def;
5756 	u32 vdev_param, pdev_param, slottime, preamble;
5757 	u16 bitrate, hw_value;
5758 	u8 rate, rateidx;
5759 	int ret = 0, mcast_rate;
5760 	enum nl80211_band band;
5761 
5762 	mutex_lock(&ar->conf_mutex);
5763 
5764 	if (changed & BSS_CHANGED_IBSS)
5765 		ath10k_control_ibss(arvif, info, vif->addr);
5766 
5767 	if (changed & BSS_CHANGED_BEACON_INT) {
5768 		arvif->beacon_interval = info->beacon_int;
5769 		vdev_param = ar->wmi.vdev_param->beacon_interval;
5770 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5771 						arvif->beacon_interval);
5772 		ath10k_dbg(ar, ATH10K_DBG_MAC,
5773 			   "mac vdev %d beacon_interval %d\n",
5774 			   arvif->vdev_id, arvif->beacon_interval);
5775 
5776 		if (ret)
5777 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
5778 				    arvif->vdev_id, ret);
5779 	}
5780 
5781 	if (changed & BSS_CHANGED_BEACON) {
5782 		ath10k_dbg(ar, ATH10K_DBG_MAC,
5783 			   "vdev %d set beacon tx mode to staggered\n",
5784 			   arvif->vdev_id);
5785 
5786 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
5787 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
5788 						WMI_BEACON_STAGGERED_MODE);
5789 		if (ret)
5790 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
5791 				    arvif->vdev_id, ret);
5792 
5793 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
5794 		if (ret)
5795 			ath10k_warn(ar, "failed to update beacon template: %d\n",
5796 				    ret);
5797 
5798 		if (ieee80211_vif_is_mesh(vif)) {
5799 			/* mesh doesn't use SSID but firmware needs it */
5800 			strncpy(arvif->u.ap.ssid, "mesh",
5801 				sizeof(arvif->u.ap.ssid));
5802 			arvif->u.ap.ssid_len = 4;
5803 		}
5804 	}
5805 
5806 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
5807 		ret = ath10k_mac_setup_prb_tmpl(arvif);
5808 		if (ret)
5809 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
5810 				    arvif->vdev_id, ret);
5811 	}
5812 
5813 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
5814 		arvif->dtim_period = info->dtim_period;
5815 
5816 		ath10k_dbg(ar, ATH10K_DBG_MAC,
5817 			   "mac vdev %d dtim_period %d\n",
5818 			   arvif->vdev_id, arvif->dtim_period);
5819 
5820 		vdev_param = ar->wmi.vdev_param->dtim_period;
5821 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5822 						arvif->dtim_period);
5823 		if (ret)
5824 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
5825 				    arvif->vdev_id, ret);
5826 	}
5827 
5828 	if (changed & BSS_CHANGED_SSID &&
5829 	    vif->type == NL80211_IFTYPE_AP) {
5830 		arvif->u.ap.ssid_len = info->ssid_len;
5831 		if (info->ssid_len)
5832 			memcpy(arvif->u.ap.ssid, info->ssid, info->ssid_len);
5833 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
5834 	}
5835 
5836 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
5837 		ether_addr_copy(arvif->bssid, info->bssid);
5838 
5839 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
5840 	    arvif->ftm_responder != info->ftm_responder &&
5841 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5842 		arvif->ftm_responder = info->ftm_responder;
5843 
5844 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5845 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5846 						arvif->ftm_responder);
5847 
5848 		ath10k_dbg(ar, ATH10K_DBG_MAC,
5849 			   "mac vdev %d ftm_responder %d:ret %d\n",
5850 			   arvif->vdev_id, arvif->ftm_responder, ret);
5851 	}
5852 
5853 	if (changed & BSS_CHANGED_BEACON_ENABLED)
5854 		ath10k_control_beaconing(arvif, info);
5855 
5856 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
5857 		arvif->use_cts_prot = info->use_cts_prot;
5858 
5859 		ret = ath10k_recalc_rtscts_prot(arvif);
5860 		if (ret)
5861 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
5862 				    arvif->vdev_id, ret);
5863 
5864 		if (ath10k_mac_can_set_cts_prot(arvif)) {
5865 			ret = ath10k_mac_set_cts_prot(arvif);
5866 			if (ret)
5867 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
5868 					    arvif->vdev_id, ret);
5869 		}
5870 	}
5871 
5872 	if (changed & BSS_CHANGED_ERP_SLOT) {
5873 		if (info->use_short_slot)
5874 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
5875 
5876 		else
5877 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
5878 
5879 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
5880 			   arvif->vdev_id, slottime);
5881 
5882 		vdev_param = ar->wmi.vdev_param->slot_time;
5883 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5884 						slottime);
5885 		if (ret)
5886 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
5887 				    arvif->vdev_id, ret);
5888 	}
5889 
5890 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
5891 		if (info->use_short_preamble)
5892 			preamble = WMI_VDEV_PREAMBLE_SHORT;
5893 		else
5894 			preamble = WMI_VDEV_PREAMBLE_LONG;
5895 
5896 		ath10k_dbg(ar, ATH10K_DBG_MAC,
5897 			   "mac vdev %d preamble %dn",
5898 			   arvif->vdev_id, preamble);
5899 
5900 		vdev_param = ar->wmi.vdev_param->preamble;
5901 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5902 						preamble);
5903 		if (ret)
5904 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
5905 				    arvif->vdev_id, ret);
5906 	}
5907 
5908 	if (changed & BSS_CHANGED_ASSOC) {
5909 		if (info->assoc) {
5910 			/* Workaround: Make sure monitor vdev is not running
5911 			 * when associating to prevent some firmware revisions
5912 			 * (e.g. 10.1 and 10.2) from crashing.
5913 			 */
5914 			if (ar->monitor_started)
5915 				ath10k_monitor_stop(ar);
5916 			ath10k_bss_assoc(hw, vif, info);
5917 			ath10k_monitor_recalc(ar);
5918 		} else {
5919 			ath10k_bss_disassoc(hw, vif);
5920 		}
5921 	}
5922 
5923 	if (changed & BSS_CHANGED_TXPOWER) {
5924 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
5925 			   arvif->vdev_id, info->txpower);
5926 
5927 		arvif->txpower = info->txpower;
5928 		ret = ath10k_mac_txpower_recalc(ar);
5929 		if (ret)
5930 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5931 	}
5932 
5933 	if (changed & BSS_CHANGED_PS) {
5934 		arvif->ps = vif->bss_conf.ps;
5935 
5936 		ret = ath10k_config_ps(ar);
5937 		if (ret)
5938 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
5939 				    arvif->vdev_id, ret);
5940 	}
5941 
5942 	if (changed & BSS_CHANGED_MCAST_RATE &&
5943 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
5944 		band = def.chan->band;
5945 		mcast_rate = vif->bss_conf.mcast_rate[band];
5946 		if (mcast_rate > 0)
5947 			rateidx = mcast_rate - 1;
5948 		else
5949 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
5950 
5951 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
5952 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
5953 
5954 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
5955 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
5956 		if (ath10k_mac_bitrate_is_cck(bitrate))
5957 			preamble = WMI_RATE_PREAMBLE_CCK;
5958 		else
5959 			preamble = WMI_RATE_PREAMBLE_OFDM;
5960 
5961 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
5962 
5963 		ath10k_dbg(ar, ATH10K_DBG_MAC,
5964 			   "mac vdev %d mcast_rate %x\n",
5965 			   arvif->vdev_id, rate);
5966 
5967 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
5968 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5969 						vdev_param, rate);
5970 		if (ret)
5971 			ath10k_warn(ar,
5972 				    "failed to set mcast rate on vdev %i: %d\n",
5973 				    arvif->vdev_id,  ret);
5974 
5975 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
5976 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5977 						vdev_param, rate);
5978 		if (ret)
5979 			ath10k_warn(ar,
5980 				    "failed to set bcast rate on vdev %i: %d\n",
5981 				    arvif->vdev_id,  ret);
5982 	}
5983 
5984 	if (changed & BSS_CHANGED_BASIC_RATES &&
5985 	    !ath10k_mac_vif_chan(arvif->vif, &def))
5986 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
5987 
5988 	mutex_unlock(&ar->conf_mutex);
5989 }
5990 
5991 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
5992 {
5993 	struct ath10k *ar = hw->priv;
5994 
5995 	/* This function should never be called if setting the coverage class
5996 	 * is not supported on this hardware.
5997 	 */
5998 	if (!ar->hw_params.hw_ops->set_coverage_class) {
5999 		WARN_ON_ONCE(1);
6000 		return;
6001 	}
6002 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
6003 }
6004 
6005 struct ath10k_mac_tdls_iter_data {
6006 	u32 num_tdls_stations;
6007 	struct ieee80211_vif *curr_vif;
6008 };
6009 
6010 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6011 						    struct ieee80211_sta *sta)
6012 {
6013 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6014 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6015 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6016 
6017 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6018 		iter_data->num_tdls_stations++;
6019 }
6020 
6021 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6022 					      struct ieee80211_vif *vif)
6023 {
6024 	struct ath10k_mac_tdls_iter_data data = {};
6025 
6026 	data.curr_vif = vif;
6027 
6028 	ieee80211_iterate_stations_atomic(hw,
6029 					  ath10k_mac_tdls_vif_stations_count_iter,
6030 					  &data);
6031 	return data.num_tdls_stations;
6032 }
6033 
6034 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6035 			  struct ieee80211_vif *vif,
6036 			  struct ieee80211_scan_request *hw_req)
6037 {
6038 	struct ath10k *ar = hw->priv;
6039 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6040 	struct cfg80211_scan_request *req = &hw_req->req;
6041 	struct wmi_start_scan_arg arg;
6042 	int ret = 0;
6043 	int i;
6044 	u32 scan_timeout;
6045 
6046 	mutex_lock(&ar->conf_mutex);
6047 
6048 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6049 		ret = -EBUSY;
6050 		goto exit;
6051 	}
6052 
6053 	spin_lock_bh(&ar->data_lock);
6054 	switch (ar->scan.state) {
6055 	case ATH10K_SCAN_IDLE:
6056 		reinit_completion(&ar->scan.started);
6057 		reinit_completion(&ar->scan.completed);
6058 		ar->scan.state = ATH10K_SCAN_STARTING;
6059 		ar->scan.is_roc = false;
6060 		ar->scan.vdev_id = arvif->vdev_id;
6061 		ret = 0;
6062 		break;
6063 	case ATH10K_SCAN_STARTING:
6064 	case ATH10K_SCAN_RUNNING:
6065 	case ATH10K_SCAN_ABORTING:
6066 		ret = -EBUSY;
6067 		break;
6068 	}
6069 	spin_unlock_bh(&ar->data_lock);
6070 
6071 	if (ret)
6072 		goto exit;
6073 
6074 	memset(&arg, 0, sizeof(arg));
6075 	ath10k_wmi_start_scan_init(ar, &arg);
6076 	arg.vdev_id = arvif->vdev_id;
6077 	arg.scan_id = ATH10K_SCAN_ID;
6078 
6079 	if (req->ie_len) {
6080 		arg.ie_len = req->ie_len;
6081 		memcpy(arg.ie, req->ie, arg.ie_len);
6082 	}
6083 
6084 	if (req->n_ssids) {
6085 		arg.n_ssids = req->n_ssids;
6086 		for (i = 0; i < arg.n_ssids; i++) {
6087 			arg.ssids[i].len  = req->ssids[i].ssid_len;
6088 			arg.ssids[i].ssid = req->ssids[i].ssid;
6089 		}
6090 	} else {
6091 		arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6092 	}
6093 
6094 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6095 		arg.scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6096 		ether_addr_copy(arg.mac_addr.addr, req->mac_addr);
6097 		ether_addr_copy(arg.mac_mask.addr, req->mac_addr_mask);
6098 	}
6099 
6100 	if (req->n_channels) {
6101 		arg.n_channels = req->n_channels;
6102 		for (i = 0; i < arg.n_channels; i++)
6103 			arg.channels[i] = req->channels[i]->center_freq;
6104 	}
6105 
6106 	/* if duration is set, default dwell times will be overwritten */
6107 	if (req->duration) {
6108 		arg.dwell_time_active = req->duration;
6109 		arg.dwell_time_passive = req->duration;
6110 		arg.burst_duration_ms = req->duration;
6111 
6112 		scan_timeout = min_t(u32, arg.max_rest_time *
6113 				(arg.n_channels - 1) + (req->duration +
6114 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6115 				arg.n_channels, arg.max_scan_time + 200);
6116 
6117 	} else {
6118 		/* Add a 200ms margin to account for event/command processing */
6119 		scan_timeout = arg.max_scan_time + 200;
6120 	}
6121 
6122 	ret = ath10k_start_scan(ar, &arg);
6123 	if (ret) {
6124 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6125 		spin_lock_bh(&ar->data_lock);
6126 		ar->scan.state = ATH10K_SCAN_IDLE;
6127 		spin_unlock_bh(&ar->data_lock);
6128 	}
6129 
6130 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6131 				     msecs_to_jiffies(scan_timeout));
6132 
6133 exit:
6134 	mutex_unlock(&ar->conf_mutex);
6135 	return ret;
6136 }
6137 
6138 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6139 				  struct ieee80211_vif *vif)
6140 {
6141 	struct ath10k *ar = hw->priv;
6142 
6143 	mutex_lock(&ar->conf_mutex);
6144 	ath10k_scan_abort(ar);
6145 	mutex_unlock(&ar->conf_mutex);
6146 
6147 	cancel_delayed_work_sync(&ar->scan.timeout);
6148 }
6149 
6150 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6151 					struct ath10k_vif *arvif,
6152 					enum set_key_cmd cmd,
6153 					struct ieee80211_key_conf *key)
6154 {
6155 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6156 	int ret;
6157 
6158 	/* 10.1 firmware branch requires default key index to be set to group
6159 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6160 	 * frames with multi-vif APs. This is not required for main firmware
6161 	 * branch (e.g. 636).
6162 	 *
6163 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6164 	 *
6165 	 * FIXME: It remains unknown if this is required for multi-vif STA
6166 	 * interfaces on 10.1.
6167 	 */
6168 
6169 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6170 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6171 		return;
6172 
6173 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6174 		return;
6175 
6176 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6177 		return;
6178 
6179 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6180 		return;
6181 
6182 	if (cmd != SET_KEY)
6183 		return;
6184 
6185 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6186 					key->keyidx);
6187 	if (ret)
6188 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6189 			    arvif->vdev_id, ret);
6190 }
6191 
6192 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6193 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6194 			  struct ieee80211_key_conf *key)
6195 {
6196 	struct ath10k *ar = hw->priv;
6197 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6198 	struct ath10k_peer *peer;
6199 	const u8 *peer_addr;
6200 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6201 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6202 	int ret = 0;
6203 	int ret2;
6204 	u32 flags = 0;
6205 	u32 flags2;
6206 
6207 	/* this one needs to be done in software */
6208 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6209 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6210 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6211 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6212 		return 1;
6213 
6214 	if (arvif->nohwcrypt)
6215 		return 1;
6216 
6217 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6218 		return -ENOSPC;
6219 
6220 	mutex_lock(&ar->conf_mutex);
6221 
6222 	if (sta)
6223 		peer_addr = sta->addr;
6224 	else if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
6225 		peer_addr = vif->bss_conf.bssid;
6226 	else
6227 		peer_addr = vif->addr;
6228 
6229 	key->hw_key_idx = key->keyidx;
6230 
6231 	if (is_wep) {
6232 		if (cmd == SET_KEY)
6233 			arvif->wep_keys[key->keyidx] = key;
6234 		else
6235 			arvif->wep_keys[key->keyidx] = NULL;
6236 	}
6237 
6238 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6239 	 * we already hold conf_mutex. we just make sure its there now.
6240 	 */
6241 	spin_lock_bh(&ar->data_lock);
6242 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6243 	spin_unlock_bh(&ar->data_lock);
6244 
6245 	if (!peer) {
6246 		if (cmd == SET_KEY) {
6247 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6248 				    peer_addr);
6249 			ret = -EOPNOTSUPP;
6250 			goto exit;
6251 		} else {
6252 			/* if the peer doesn't exist there is no key to disable anymore */
6253 			goto exit;
6254 		}
6255 	}
6256 
6257 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6258 		flags |= WMI_KEY_PAIRWISE;
6259 	else
6260 		flags |= WMI_KEY_GROUP;
6261 
6262 	if (is_wep) {
6263 		if (cmd == DISABLE_KEY)
6264 			ath10k_clear_vdev_key(arvif, key);
6265 
6266 		/* When WEP keys are uploaded it's possible that there are
6267 		 * stations associated already (e.g. when merging) without any
6268 		 * keys. Static WEP needs an explicit per-peer key upload.
6269 		 */
6270 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6271 		    cmd == SET_KEY)
6272 			ath10k_mac_vif_update_wep_key(arvif, key);
6273 
6274 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6275 		 * call changes default tx key.
6276 		 *
6277 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6278 		 * after first set_key().
6279 		 */
6280 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6281 			flags |= WMI_KEY_TX_USAGE;
6282 	}
6283 
6284 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6285 	if (ret) {
6286 		WARN_ON(ret > 0);
6287 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6288 			    arvif->vdev_id, peer_addr, ret);
6289 		goto exit;
6290 	}
6291 
6292 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6293 	 * them to be installed twice as both pairwise and groupwise.
6294 	 */
6295 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6296 		flags2 = flags;
6297 		flags2 &= ~WMI_KEY_GROUP;
6298 		flags2 |= WMI_KEY_PAIRWISE;
6299 
6300 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6301 		if (ret) {
6302 			WARN_ON(ret > 0);
6303 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6304 				    arvif->vdev_id, peer_addr, ret);
6305 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6306 						  peer_addr, flags);
6307 			if (ret2) {
6308 				WARN_ON(ret2 > 0);
6309 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6310 					    arvif->vdev_id, peer_addr, ret2);
6311 			}
6312 			goto exit;
6313 		}
6314 	}
6315 
6316 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6317 
6318 	spin_lock_bh(&ar->data_lock);
6319 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6320 	if (peer && cmd == SET_KEY)
6321 		peer->keys[key->keyidx] = key;
6322 	else if (peer && cmd == DISABLE_KEY)
6323 		peer->keys[key->keyidx] = NULL;
6324 	else if (peer == NULL)
6325 		/* impossible unless FW goes crazy */
6326 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6327 	spin_unlock_bh(&ar->data_lock);
6328 
6329 	if (sta && sta->tdls)
6330 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6331 					  ar->wmi.peer_param->authorize, 1);
6332 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6333 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6334 					  ar->wmi.peer_param->authorize, 1);
6335 
6336 exit:
6337 	mutex_unlock(&ar->conf_mutex);
6338 	return ret;
6339 }
6340 
6341 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6342 					   struct ieee80211_vif *vif,
6343 					   int keyidx)
6344 {
6345 	struct ath10k *ar = hw->priv;
6346 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6347 	int ret;
6348 
6349 	mutex_lock(&arvif->ar->conf_mutex);
6350 
6351 	if (arvif->ar->state != ATH10K_STATE_ON)
6352 		goto unlock;
6353 
6354 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6355 		   arvif->vdev_id, keyidx);
6356 
6357 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6358 					arvif->vdev_id,
6359 					arvif->ar->wmi.vdev_param->def_keyid,
6360 					keyidx);
6361 
6362 	if (ret) {
6363 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6364 			    arvif->vdev_id,
6365 			    ret);
6366 		goto unlock;
6367 	}
6368 
6369 	arvif->def_wep_key_idx = keyidx;
6370 
6371 unlock:
6372 	mutex_unlock(&arvif->ar->conf_mutex);
6373 }
6374 
6375 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6376 {
6377 	struct ath10k *ar;
6378 	struct ath10k_vif *arvif;
6379 	struct ath10k_sta *arsta;
6380 	struct ieee80211_sta *sta;
6381 	struct cfg80211_chan_def def;
6382 	enum nl80211_band band;
6383 	const u8 *ht_mcs_mask;
6384 	const u16 *vht_mcs_mask;
6385 	u32 changed, bw, nss, smps;
6386 	int err;
6387 
6388 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6389 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6390 	arvif = arsta->arvif;
6391 	ar = arvif->ar;
6392 
6393 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6394 		return;
6395 
6396 	band = def.chan->band;
6397 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6398 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6399 
6400 	spin_lock_bh(&ar->data_lock);
6401 
6402 	changed = arsta->changed;
6403 	arsta->changed = 0;
6404 
6405 	bw = arsta->bw;
6406 	nss = arsta->nss;
6407 	smps = arsta->smps;
6408 
6409 	spin_unlock_bh(&ar->data_lock);
6410 
6411 	mutex_lock(&ar->conf_mutex);
6412 
6413 	nss = max_t(u32, 1, nss);
6414 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6415 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6416 
6417 	if (changed & IEEE80211_RC_BW_CHANGED) {
6418 		enum wmi_phy_mode mode;
6419 
6420 		mode = chan_to_phymode(&def);
6421 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM peer bw %d phymode %d\n",
6422 			   sta->addr, bw, mode);
6423 
6424 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6425 						ar->wmi.peer_param->phymode, mode);
6426 		if (err) {
6427 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6428 				    sta->addr, mode, err);
6429 			goto exit;
6430 		}
6431 
6432 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6433 						ar->wmi.peer_param->chan_width, bw);
6434 		if (err)
6435 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6436 				    sta->addr, bw, err);
6437 	}
6438 
6439 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6440 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM nss %d\n",
6441 			   sta->addr, nss);
6442 
6443 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6444 						ar->wmi.peer_param->nss, nss);
6445 		if (err)
6446 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6447 				    sta->addr, nss, err);
6448 	}
6449 
6450 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6451 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM smps %d\n",
6452 			   sta->addr, smps);
6453 
6454 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6455 						ar->wmi.peer_param->smps_state, smps);
6456 		if (err)
6457 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6458 				    sta->addr, smps, err);
6459 	}
6460 
6461 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6462 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM supp rates\n",
6463 			   sta->addr);
6464 
6465 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6466 		if (err)
6467 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6468 				    sta->addr);
6469 	}
6470 
6471 exit:
6472 	mutex_unlock(&ar->conf_mutex);
6473 }
6474 
6475 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6476 				       struct ieee80211_sta *sta)
6477 {
6478 	struct ath10k *ar = arvif->ar;
6479 
6480 	lockdep_assert_held(&ar->conf_mutex);
6481 
6482 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6483 		return 0;
6484 
6485 	if (ar->num_stations >= ar->max_num_stations)
6486 		return -ENOBUFS;
6487 
6488 	ar->num_stations++;
6489 
6490 	return 0;
6491 }
6492 
6493 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6494 					struct ieee80211_sta *sta)
6495 {
6496 	struct ath10k *ar = arvif->ar;
6497 
6498 	lockdep_assert_held(&ar->conf_mutex);
6499 
6500 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6501 		return;
6502 
6503 	ar->num_stations--;
6504 }
6505 
6506 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6507 				struct ieee80211_vif *vif,
6508 				struct ieee80211_sta *sta)
6509 {
6510 	struct ath10k *ar = hw->priv;
6511 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6512 	int ret = 0;
6513 	s16 txpwr;
6514 
6515 	if (sta->txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6516 		txpwr = 0;
6517 	} else {
6518 		txpwr = sta->txpwr.power;
6519 		if (!txpwr)
6520 			return -EINVAL;
6521 	}
6522 
6523 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6524 		return -EINVAL;
6525 
6526 	mutex_lock(&ar->conf_mutex);
6527 
6528 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6529 					ar->wmi.peer_param->use_fixed_power, txpwr);
6530 	if (ret) {
6531 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6532 			    ret);
6533 		goto out;
6534 	}
6535 
6536 out:
6537 	mutex_unlock(&ar->conf_mutex);
6538 	return ret;
6539 }
6540 
6541 static int ath10k_sta_state(struct ieee80211_hw *hw,
6542 			    struct ieee80211_vif *vif,
6543 			    struct ieee80211_sta *sta,
6544 			    enum ieee80211_sta_state old_state,
6545 			    enum ieee80211_sta_state new_state)
6546 {
6547 	struct ath10k *ar = hw->priv;
6548 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6549 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6550 	struct ath10k_peer *peer;
6551 	int ret = 0;
6552 	int i;
6553 
6554 	if (old_state == IEEE80211_STA_NOTEXIST &&
6555 	    new_state == IEEE80211_STA_NONE) {
6556 		memset(arsta, 0, sizeof(*arsta));
6557 		arsta->arvif = arvif;
6558 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
6559 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
6560 
6561 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
6562 			ath10k_mac_txq_init(sta->txq[i]);
6563 	}
6564 
6565 	/* cancel must be done outside the mutex to avoid deadlock */
6566 	if ((old_state == IEEE80211_STA_NONE &&
6567 	     new_state == IEEE80211_STA_NOTEXIST))
6568 		cancel_work_sync(&arsta->update_wk);
6569 
6570 	mutex_lock(&ar->conf_mutex);
6571 
6572 	if (old_state == IEEE80211_STA_NOTEXIST &&
6573 	    new_state == IEEE80211_STA_NONE) {
6574 		/*
6575 		 * New station addition.
6576 		 */
6577 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
6578 		u32 num_tdls_stations;
6579 
6580 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6581 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
6582 			   arvif->vdev_id, sta->addr,
6583 			   ar->num_stations + 1, ar->max_num_stations,
6584 			   ar->num_peers + 1, ar->max_num_peers);
6585 
6586 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
6587 
6588 		if (sta->tdls) {
6589 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
6590 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
6591 					    arvif->vdev_id,
6592 					    ar->max_num_tdls_vdevs);
6593 				ret = -ELNRNG;
6594 				goto exit;
6595 			}
6596 			peer_type = WMI_PEER_TYPE_TDLS;
6597 		}
6598 
6599 		ret = ath10k_mac_inc_num_stations(arvif, sta);
6600 		if (ret) {
6601 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
6602 				    ar->max_num_stations);
6603 			goto exit;
6604 		}
6605 
6606 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
6607 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
6608 						  GFP_KERNEL);
6609 			if (!arsta->tx_stats) {
6610 				ath10k_mac_dec_num_stations(arvif, sta);
6611 				ret = -ENOMEM;
6612 				goto exit;
6613 			}
6614 		}
6615 
6616 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
6617 					 sta->addr, peer_type);
6618 		if (ret) {
6619 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
6620 				    sta->addr, arvif->vdev_id, ret);
6621 			ath10k_mac_dec_num_stations(arvif, sta);
6622 			kfree(arsta->tx_stats);
6623 			goto exit;
6624 		}
6625 
6626 		spin_lock_bh(&ar->data_lock);
6627 
6628 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
6629 		if (!peer) {
6630 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
6631 				    vif->addr, arvif->vdev_id);
6632 			spin_unlock_bh(&ar->data_lock);
6633 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
6634 			ath10k_mac_dec_num_stations(arvif, sta);
6635 			kfree(arsta->tx_stats);
6636 			ret = -ENOENT;
6637 			goto exit;
6638 		}
6639 
6640 		arsta->peer_id = find_first_bit(peer->peer_ids,
6641 						ATH10K_MAX_NUM_PEER_IDS);
6642 
6643 		spin_unlock_bh(&ar->data_lock);
6644 
6645 		if (!sta->tdls)
6646 			goto exit;
6647 
6648 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
6649 						      WMI_TDLS_ENABLE_ACTIVE);
6650 		if (ret) {
6651 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
6652 				    arvif->vdev_id, ret);
6653 			ath10k_peer_delete(ar, arvif->vdev_id,
6654 					   sta->addr);
6655 			ath10k_mac_dec_num_stations(arvif, sta);
6656 			kfree(arsta->tx_stats);
6657 			goto exit;
6658 		}
6659 
6660 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
6661 						  WMI_TDLS_PEER_STATE_PEERING);
6662 		if (ret) {
6663 			ath10k_warn(ar,
6664 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
6665 				    sta->addr, arvif->vdev_id, ret);
6666 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
6667 			ath10k_mac_dec_num_stations(arvif, sta);
6668 			kfree(arsta->tx_stats);
6669 
6670 			if (num_tdls_stations != 0)
6671 				goto exit;
6672 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
6673 							WMI_TDLS_DISABLE);
6674 		}
6675 	} else if ((old_state == IEEE80211_STA_NONE &&
6676 		    new_state == IEEE80211_STA_NOTEXIST)) {
6677 		/*
6678 		 * Existing station deletion.
6679 		 */
6680 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6681 			   "mac vdev %d peer delete %pM sta %pK (sta gone)\n",
6682 			   arvif->vdev_id, sta->addr, sta);
6683 
6684 		if (sta->tdls) {
6685 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
6686 							  sta,
6687 							  WMI_TDLS_PEER_STATE_TEARDOWN);
6688 			if (ret)
6689 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
6690 					    sta->addr,
6691 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
6692 		}
6693 
6694 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
6695 		if (ret)
6696 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
6697 				    sta->addr, arvif->vdev_id, ret);
6698 
6699 		ath10k_mac_dec_num_stations(arvif, sta);
6700 
6701 		spin_lock_bh(&ar->data_lock);
6702 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
6703 			peer = ar->peer_map[i];
6704 			if (!peer)
6705 				continue;
6706 
6707 			if (peer->sta == sta) {
6708 				ath10k_warn(ar, "found sta peer %pM (ptr %pK id %d) entry on vdev %i after it was supposedly removed\n",
6709 					    sta->addr, peer, i, arvif->vdev_id);
6710 				peer->sta = NULL;
6711 
6712 				/* Clean up the peer object as well since we
6713 				 * must have failed to do this above.
6714 				 */
6715 				list_del(&peer->list);
6716 				ar->peer_map[i] = NULL;
6717 				kfree(peer);
6718 				ar->num_peers--;
6719 			}
6720 		}
6721 		spin_unlock_bh(&ar->data_lock);
6722 
6723 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
6724 			kfree(arsta->tx_stats);
6725 			arsta->tx_stats = NULL;
6726 		}
6727 
6728 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
6729 			ath10k_mac_txq_unref(ar, sta->txq[i]);
6730 
6731 		if (!sta->tdls)
6732 			goto exit;
6733 
6734 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
6735 			goto exit;
6736 
6737 		/* This was the last tdls peer in current vif */
6738 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
6739 						      WMI_TDLS_DISABLE);
6740 		if (ret) {
6741 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
6742 				    arvif->vdev_id, ret);
6743 		}
6744 	} else if (old_state == IEEE80211_STA_AUTH &&
6745 		   new_state == IEEE80211_STA_ASSOC &&
6746 		   (vif->type == NL80211_IFTYPE_AP ||
6747 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
6748 		    vif->type == NL80211_IFTYPE_ADHOC)) {
6749 		/*
6750 		 * New association.
6751 		 */
6752 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac sta %pM associated\n",
6753 			   sta->addr);
6754 
6755 		ret = ath10k_station_assoc(ar, vif, sta, false);
6756 		if (ret)
6757 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
6758 				    sta->addr, arvif->vdev_id, ret);
6759 	} else if (old_state == IEEE80211_STA_ASSOC &&
6760 		   new_state == IEEE80211_STA_AUTHORIZED &&
6761 		   sta->tdls) {
6762 		/*
6763 		 * Tdls station authorized.
6764 		 */
6765 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac tdls sta %pM authorized\n",
6766 			   sta->addr);
6767 
6768 		ret = ath10k_station_assoc(ar, vif, sta, false);
6769 		if (ret) {
6770 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
6771 				    sta->addr, arvif->vdev_id, ret);
6772 			goto exit;
6773 		}
6774 
6775 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
6776 						  WMI_TDLS_PEER_STATE_CONNECTED);
6777 		if (ret)
6778 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
6779 				    sta->addr, arvif->vdev_id, ret);
6780 	} else if (old_state == IEEE80211_STA_ASSOC &&
6781 		    new_state == IEEE80211_STA_AUTH &&
6782 		    (vif->type == NL80211_IFTYPE_AP ||
6783 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
6784 		     vif->type == NL80211_IFTYPE_ADHOC)) {
6785 		/*
6786 		 * Disassociation.
6787 		 */
6788 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac sta %pM disassociated\n",
6789 			   sta->addr);
6790 
6791 		ret = ath10k_station_disassoc(ar, vif, sta);
6792 		if (ret)
6793 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
6794 				    sta->addr, arvif->vdev_id, ret);
6795 	}
6796 exit:
6797 	mutex_unlock(&ar->conf_mutex);
6798 	return ret;
6799 }
6800 
6801 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
6802 				u16 ac, bool enable)
6803 {
6804 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6805 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
6806 	u32 prio = 0, acc = 0;
6807 	u32 value = 0;
6808 	int ret = 0;
6809 
6810 	lockdep_assert_held(&ar->conf_mutex);
6811 
6812 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
6813 		return 0;
6814 
6815 	switch (ac) {
6816 	case IEEE80211_AC_VO:
6817 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
6818 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
6819 		prio = 7;
6820 		acc = 3;
6821 		break;
6822 	case IEEE80211_AC_VI:
6823 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
6824 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
6825 		prio = 5;
6826 		acc = 2;
6827 		break;
6828 	case IEEE80211_AC_BE:
6829 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
6830 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
6831 		prio = 2;
6832 		acc = 1;
6833 		break;
6834 	case IEEE80211_AC_BK:
6835 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
6836 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
6837 		prio = 0;
6838 		acc = 0;
6839 		break;
6840 	}
6841 
6842 	if (enable)
6843 		arvif->u.sta.uapsd |= value;
6844 	else
6845 		arvif->u.sta.uapsd &= ~value;
6846 
6847 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
6848 					  WMI_STA_PS_PARAM_UAPSD,
6849 					  arvif->u.sta.uapsd);
6850 	if (ret) {
6851 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
6852 		goto exit;
6853 	}
6854 
6855 	if (arvif->u.sta.uapsd)
6856 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
6857 	else
6858 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
6859 
6860 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
6861 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
6862 					  value);
6863 	if (ret)
6864 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
6865 
6866 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
6867 	if (ret) {
6868 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
6869 			    arvif->vdev_id, ret);
6870 		return ret;
6871 	}
6872 
6873 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
6874 	if (ret) {
6875 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
6876 			    arvif->vdev_id, ret);
6877 		return ret;
6878 	}
6879 
6880 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
6881 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
6882 		/* Only userspace can make an educated decision when to send
6883 		 * trigger frame. The following effectively disables u-UAPSD
6884 		 * autotrigger in firmware (which is enabled by default
6885 		 * provided the autotrigger service is available).
6886 		 */
6887 
6888 		arg.wmm_ac = acc;
6889 		arg.user_priority = prio;
6890 		arg.service_interval = 0;
6891 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
6892 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
6893 
6894 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
6895 						arvif->bssid, &arg, 1);
6896 		if (ret) {
6897 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
6898 				    ret);
6899 			return ret;
6900 		}
6901 	}
6902 
6903 exit:
6904 	return ret;
6905 }
6906 
6907 static int ath10k_conf_tx(struct ieee80211_hw *hw,
6908 			  struct ieee80211_vif *vif, u16 ac,
6909 			  const struct ieee80211_tx_queue_params *params)
6910 {
6911 	struct ath10k *ar = hw->priv;
6912 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6913 	struct wmi_wmm_params_arg *p = NULL;
6914 	int ret;
6915 
6916 	mutex_lock(&ar->conf_mutex);
6917 
6918 	switch (ac) {
6919 	case IEEE80211_AC_VO:
6920 		p = &arvif->wmm_params.ac_vo;
6921 		break;
6922 	case IEEE80211_AC_VI:
6923 		p = &arvif->wmm_params.ac_vi;
6924 		break;
6925 	case IEEE80211_AC_BE:
6926 		p = &arvif->wmm_params.ac_be;
6927 		break;
6928 	case IEEE80211_AC_BK:
6929 		p = &arvif->wmm_params.ac_bk;
6930 		break;
6931 	}
6932 
6933 	if (WARN_ON(!p)) {
6934 		ret = -EINVAL;
6935 		goto exit;
6936 	}
6937 
6938 	p->cwmin = params->cw_min;
6939 	p->cwmax = params->cw_max;
6940 	p->aifs = params->aifs;
6941 
6942 	/*
6943 	 * The channel time duration programmed in the HW is in absolute
6944 	 * microseconds, while mac80211 gives the txop in units of
6945 	 * 32 microseconds.
6946 	 */
6947 	p->txop = params->txop * 32;
6948 
6949 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
6950 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
6951 					       &arvif->wmm_params);
6952 		if (ret) {
6953 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
6954 				    arvif->vdev_id, ret);
6955 			goto exit;
6956 		}
6957 	} else {
6958 		/* This won't work well with multi-interface cases but it's
6959 		 * better than nothing.
6960 		 */
6961 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
6962 		if (ret) {
6963 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
6964 			goto exit;
6965 		}
6966 	}
6967 
6968 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
6969 	if (ret)
6970 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
6971 
6972 exit:
6973 	mutex_unlock(&ar->conf_mutex);
6974 	return ret;
6975 }
6976 
6977 #define ATH10K_ROC_TIMEOUT_HZ (2 * HZ)
6978 
6979 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
6980 				    struct ieee80211_vif *vif,
6981 				    struct ieee80211_channel *chan,
6982 				    int duration,
6983 				    enum ieee80211_roc_type type)
6984 {
6985 	struct ath10k *ar = hw->priv;
6986 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6987 	struct wmi_start_scan_arg arg;
6988 	int ret = 0;
6989 	u32 scan_time_msec;
6990 
6991 	mutex_lock(&ar->conf_mutex);
6992 
6993 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6994 		ret = -EBUSY;
6995 		goto exit;
6996 	}
6997 
6998 	spin_lock_bh(&ar->data_lock);
6999 	switch (ar->scan.state) {
7000 	case ATH10K_SCAN_IDLE:
7001 		reinit_completion(&ar->scan.started);
7002 		reinit_completion(&ar->scan.completed);
7003 		reinit_completion(&ar->scan.on_channel);
7004 		ar->scan.state = ATH10K_SCAN_STARTING;
7005 		ar->scan.is_roc = true;
7006 		ar->scan.vdev_id = arvif->vdev_id;
7007 		ar->scan.roc_freq = chan->center_freq;
7008 		ar->scan.roc_notify = true;
7009 		ret = 0;
7010 		break;
7011 	case ATH10K_SCAN_STARTING:
7012 	case ATH10K_SCAN_RUNNING:
7013 	case ATH10K_SCAN_ABORTING:
7014 		ret = -EBUSY;
7015 		break;
7016 	}
7017 	spin_unlock_bh(&ar->data_lock);
7018 
7019 	if (ret)
7020 		goto exit;
7021 
7022 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7023 
7024 	memset(&arg, 0, sizeof(arg));
7025 	ath10k_wmi_start_scan_init(ar, &arg);
7026 	arg.vdev_id = arvif->vdev_id;
7027 	arg.scan_id = ATH10K_SCAN_ID;
7028 	arg.n_channels = 1;
7029 	arg.channels[0] = chan->center_freq;
7030 	arg.dwell_time_active = scan_time_msec;
7031 	arg.dwell_time_passive = scan_time_msec;
7032 	arg.max_scan_time = scan_time_msec;
7033 	arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7034 	arg.scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7035 	arg.burst_duration_ms = duration;
7036 
7037 	ret = ath10k_start_scan(ar, &arg);
7038 	if (ret) {
7039 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7040 		spin_lock_bh(&ar->data_lock);
7041 		ar->scan.state = ATH10K_SCAN_IDLE;
7042 		spin_unlock_bh(&ar->data_lock);
7043 		goto exit;
7044 	}
7045 
7046 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
7047 	if (ret == 0) {
7048 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
7049 
7050 		ret = ath10k_scan_stop(ar);
7051 		if (ret)
7052 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
7053 
7054 		ret = -ETIMEDOUT;
7055 		goto exit;
7056 	}
7057 
7058 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
7059 				     msecs_to_jiffies(duration));
7060 
7061 	ret = 0;
7062 exit:
7063 	mutex_unlock(&ar->conf_mutex);
7064 	return ret;
7065 }
7066 
7067 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
7068 					   struct ieee80211_vif *vif)
7069 {
7070 	struct ath10k *ar = hw->priv;
7071 
7072 	mutex_lock(&ar->conf_mutex);
7073 
7074 	spin_lock_bh(&ar->data_lock);
7075 	ar->scan.roc_notify = false;
7076 	spin_unlock_bh(&ar->data_lock);
7077 
7078 	ath10k_scan_abort(ar);
7079 
7080 	mutex_unlock(&ar->conf_mutex);
7081 
7082 	cancel_delayed_work_sync(&ar->scan.timeout);
7083 
7084 	return 0;
7085 }
7086 
7087 /*
7088  * Both RTS and Fragmentation threshold are interface-specific
7089  * in ath10k, but device-specific in mac80211.
7090  */
7091 
7092 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
7093 {
7094 	struct ath10k *ar = hw->priv;
7095 	struct ath10k_vif *arvif;
7096 	int ret = 0;
7097 
7098 	mutex_lock(&ar->conf_mutex);
7099 	list_for_each_entry(arvif, &ar->arvifs, list) {
7100 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
7101 			   arvif->vdev_id, value);
7102 
7103 		ret = ath10k_mac_set_rts(arvif, value);
7104 		if (ret) {
7105 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
7106 				    arvif->vdev_id, ret);
7107 			break;
7108 		}
7109 	}
7110 	mutex_unlock(&ar->conf_mutex);
7111 
7112 	return ret;
7113 }
7114 
7115 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
7116 {
7117 	/* Even though there's a WMI enum for fragmentation threshold no known
7118 	 * firmware actually implements it. Moreover it is not possible to rely
7119 	 * frame fragmentation to mac80211 because firmware clears the "more
7120 	 * fragments" bit in frame control making it impossible for remote
7121 	 * devices to reassemble frames.
7122 	 *
7123 	 * Hence implement a dummy callback just to say fragmentation isn't
7124 	 * supported. This effectively prevents mac80211 from doing frame
7125 	 * fragmentation in software.
7126 	 */
7127 	return -EOPNOTSUPP;
7128 }
7129 
7130 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
7131 {
7132 	bool skip;
7133 	long time_left;
7134 
7135 	/* mac80211 doesn't care if we really xmit queued frames or not
7136 	 * we'll collect those frames either way if we stop/delete vdevs
7137 	 */
7138 
7139 	if (ar->state == ATH10K_STATE_WEDGED)
7140 		return;
7141 
7142 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
7143 			bool empty;
7144 
7145 			spin_lock_bh(&ar->htt.tx_lock);
7146 			empty = (ar->htt.num_pending_tx == 0);
7147 			spin_unlock_bh(&ar->htt.tx_lock);
7148 
7149 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
7150 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
7151 					&ar->dev_flags);
7152 
7153 			(empty || skip);
7154 		}), ATH10K_FLUSH_TIMEOUT_HZ);
7155 
7156 	if (time_left == 0 || skip)
7157 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
7158 			    skip, ar->state, time_left);
7159 }
7160 
7161 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
7162 			 u32 queues, bool drop)
7163 {
7164 	struct ath10k *ar = hw->priv;
7165 	struct ath10k_vif *arvif;
7166 	u32 bitmap;
7167 
7168 	if (drop) {
7169 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
7170 			bitmap = ~(1 << WMI_MGMT_TID);
7171 			list_for_each_entry(arvif, &ar->arvifs, list) {
7172 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
7173 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
7174 							      arvif->bssid, bitmap);
7175 			}
7176 		}
7177 		return;
7178 	}
7179 
7180 	mutex_lock(&ar->conf_mutex);
7181 	ath10k_mac_wait_tx_complete(ar);
7182 	mutex_unlock(&ar->conf_mutex);
7183 }
7184 
7185 /* TODO: Implement this function properly
7186  * For now it is needed to reply to Probe Requests in IBSS mode.
7187  * Propably we need this information from FW.
7188  */
7189 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
7190 {
7191 	return 1;
7192 }
7193 
7194 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
7195 				     enum ieee80211_reconfig_type reconfig_type)
7196 {
7197 	struct ath10k *ar = hw->priv;
7198 
7199 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
7200 		return;
7201 
7202 	mutex_lock(&ar->conf_mutex);
7203 
7204 	/* If device failed to restart it will be in a different state, e.g.
7205 	 * ATH10K_STATE_WEDGED
7206 	 */
7207 	if (ar->state == ATH10K_STATE_RESTARTED) {
7208 		ath10k_info(ar, "device successfully recovered\n");
7209 		ar->state = ATH10K_STATE_ON;
7210 		ieee80211_wake_queues(ar->hw);
7211 	}
7212 
7213 	mutex_unlock(&ar->conf_mutex);
7214 }
7215 
7216 static void
7217 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
7218 				  struct ieee80211_channel *channel)
7219 {
7220 	int ret;
7221 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ_CLEAR;
7222 
7223 	lockdep_assert_held(&ar->conf_mutex);
7224 
7225 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
7226 	    (ar->rx_channel != channel))
7227 		return;
7228 
7229 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
7230 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
7231 		return;
7232 	}
7233 
7234 	reinit_completion(&ar->bss_survey_done);
7235 
7236 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
7237 	if (ret) {
7238 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
7239 		return;
7240 	}
7241 
7242 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
7243 	if (!ret) {
7244 		ath10k_warn(ar, "bss channel survey timed out\n");
7245 		return;
7246 	}
7247 }
7248 
7249 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
7250 			     struct survey_info *survey)
7251 {
7252 	struct ath10k *ar = hw->priv;
7253 	struct ieee80211_supported_band *sband;
7254 	struct survey_info *ar_survey = &ar->survey[idx];
7255 	int ret = 0;
7256 
7257 	mutex_lock(&ar->conf_mutex);
7258 
7259 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
7260 	if (sband && idx >= sband->n_channels) {
7261 		idx -= sband->n_channels;
7262 		sband = NULL;
7263 	}
7264 
7265 	if (!sband)
7266 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
7267 
7268 	if (!sband || idx >= sband->n_channels) {
7269 		ret = -ENOENT;
7270 		goto exit;
7271 	}
7272 
7273 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
7274 
7275 	spin_lock_bh(&ar->data_lock);
7276 	memcpy(survey, ar_survey, sizeof(*survey));
7277 	spin_unlock_bh(&ar->data_lock);
7278 
7279 	survey->channel = &sband->channels[idx];
7280 
7281 	if (ar->rx_channel == survey->channel)
7282 		survey->filled |= SURVEY_INFO_IN_USE;
7283 
7284 exit:
7285 	mutex_unlock(&ar->conf_mutex);
7286 	return ret;
7287 }
7288 
7289 static bool
7290 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
7291 					enum nl80211_band band,
7292 					const struct cfg80211_bitrate_mask *mask,
7293 					int *vht_num_rates)
7294 {
7295 	int num_rates = 0;
7296 	int i, tmp;
7297 
7298 	num_rates += hweight32(mask->control[band].legacy);
7299 
7300 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
7301 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
7302 
7303 	*vht_num_rates = 0;
7304 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
7305 		tmp = hweight16(mask->control[band].vht_mcs[i]);
7306 		num_rates += tmp;
7307 		*vht_num_rates += tmp;
7308 	}
7309 
7310 	return num_rates == 1;
7311 }
7312 
7313 static bool
7314 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
7315 				       enum nl80211_band band,
7316 				       const struct cfg80211_bitrate_mask *mask,
7317 				       int *nss)
7318 {
7319 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
7320 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7321 	u8 ht_nss_mask = 0;
7322 	u8 vht_nss_mask = 0;
7323 	int i;
7324 
7325 	if (mask->control[band].legacy)
7326 		return false;
7327 
7328 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
7329 		if (mask->control[band].ht_mcs[i] == 0)
7330 			continue;
7331 		else if (mask->control[band].ht_mcs[i] ==
7332 			 sband->ht_cap.mcs.rx_mask[i])
7333 			ht_nss_mask |= BIT(i);
7334 		else
7335 			return false;
7336 	}
7337 
7338 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
7339 		if (mask->control[band].vht_mcs[i] == 0)
7340 			continue;
7341 		else if (mask->control[band].vht_mcs[i] ==
7342 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
7343 			vht_nss_mask |= BIT(i);
7344 		else
7345 			return false;
7346 	}
7347 
7348 	if (ht_nss_mask != vht_nss_mask)
7349 		return false;
7350 
7351 	if (ht_nss_mask == 0)
7352 		return false;
7353 
7354 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
7355 		return false;
7356 
7357 	*nss = fls(ht_nss_mask);
7358 
7359 	return true;
7360 }
7361 
7362 static int
7363 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
7364 					enum nl80211_band band,
7365 					const struct cfg80211_bitrate_mask *mask,
7366 					u8 *rate, u8 *nss, bool vht_only)
7367 {
7368 	int rate_idx;
7369 	int i;
7370 	u16 bitrate;
7371 	u8 preamble;
7372 	u8 hw_rate;
7373 
7374 	if (vht_only)
7375 		goto next;
7376 
7377 	if (hweight32(mask->control[band].legacy) == 1) {
7378 		rate_idx = ffs(mask->control[band].legacy) - 1;
7379 
7380 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
7381 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
7382 
7383 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
7384 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
7385 
7386 		if (ath10k_mac_bitrate_is_cck(bitrate))
7387 			preamble = WMI_RATE_PREAMBLE_CCK;
7388 		else
7389 			preamble = WMI_RATE_PREAMBLE_OFDM;
7390 
7391 		*nss = 1;
7392 		*rate = preamble << 6 |
7393 			(*nss - 1) << 4 |
7394 			hw_rate << 0;
7395 
7396 		return 0;
7397 	}
7398 
7399 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
7400 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
7401 			*nss = i + 1;
7402 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
7403 				(*nss - 1) << 4 |
7404 				(ffs(mask->control[band].ht_mcs[i]) - 1);
7405 
7406 			return 0;
7407 		}
7408 	}
7409 
7410 next:
7411 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
7412 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
7413 			*nss = i + 1;
7414 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
7415 				(*nss - 1) << 4 |
7416 				(ffs(mask->control[band].vht_mcs[i]) - 1);
7417 
7418 			return 0;
7419 		}
7420 	}
7421 
7422 	return -EINVAL;
7423 }
7424 
7425 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
7426 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
7427 {
7428 	struct ath10k *ar = arvif->ar;
7429 	u32 vdev_param;
7430 	int ret;
7431 
7432 	lockdep_assert_held(&ar->conf_mutex);
7433 
7434 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02hhx nss %hhu sgi %hhu\n",
7435 		   arvif->vdev_id, rate, nss, sgi);
7436 
7437 	vdev_param = ar->wmi.vdev_param->fixed_rate;
7438 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
7439 	if (ret) {
7440 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
7441 			    rate, ret);
7442 		return ret;
7443 	}
7444 
7445 	vdev_param = ar->wmi.vdev_param->nss;
7446 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
7447 	if (ret) {
7448 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
7449 		return ret;
7450 	}
7451 
7452 	vdev_param = ar->wmi.vdev_param->sgi;
7453 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
7454 	if (ret) {
7455 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
7456 		return ret;
7457 	}
7458 
7459 	vdev_param = ar->wmi.vdev_param->ldpc;
7460 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
7461 	if (ret) {
7462 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
7463 		return ret;
7464 	}
7465 
7466 	return 0;
7467 }
7468 
7469 static bool
7470 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
7471 				enum nl80211_band band,
7472 				const struct cfg80211_bitrate_mask *mask,
7473 				bool allow_pfr)
7474 {
7475 	int i;
7476 	u16 vht_mcs;
7477 
7478 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
7479 	 * to express all VHT MCS rate masks. Effectively only the following
7480 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
7481 	 */
7482 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
7483 		vht_mcs = mask->control[band].vht_mcs[i];
7484 
7485 		switch (vht_mcs) {
7486 		case 0:
7487 		case BIT(8) - 1:
7488 		case BIT(9) - 1:
7489 		case BIT(10) - 1:
7490 			break;
7491 		default:
7492 			if (!allow_pfr)
7493 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
7494 			return false;
7495 		}
7496 	}
7497 
7498 	return true;
7499 }
7500 
7501 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
7502 						  struct ath10k_vif *arvif,
7503 						  struct ieee80211_sta *sta)
7504 {
7505 	int err;
7506 	u8 rate = arvif->vht_pfr;
7507 
7508 	/* skip non vht and multiple rate peers */
7509 	if (!sta->vht_cap.vht_supported || arvif->vht_num_rates != 1)
7510 		return false;
7511 
7512 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
7513 					WMI_PEER_PARAM_FIXED_RATE, rate);
7514 	if (err)
7515 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
7516 			    sta->addr, err);
7517 
7518 	return true;
7519 }
7520 
7521 static void ath10k_mac_set_bitrate_mask_iter(void *data,
7522 					     struct ieee80211_sta *sta)
7523 {
7524 	struct ath10k_vif *arvif = data;
7525 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7526 	struct ath10k *ar = arvif->ar;
7527 
7528 	if (arsta->arvif != arvif)
7529 		return;
7530 
7531 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
7532 		return;
7533 
7534 	spin_lock_bh(&ar->data_lock);
7535 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
7536 	spin_unlock_bh(&ar->data_lock);
7537 
7538 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
7539 }
7540 
7541 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
7542 					     struct ieee80211_sta *sta)
7543 {
7544 	struct ath10k_vif *arvif = data;
7545 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7546 	struct ath10k *ar = arvif->ar;
7547 	int err;
7548 
7549 	/* clear vht peers only */
7550 	if (arsta->arvif != arvif || !sta->vht_cap.vht_supported)
7551 		return;
7552 
7553 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
7554 					WMI_PEER_PARAM_FIXED_RATE,
7555 					WMI_FIXED_RATE_NONE);
7556 	if (err)
7557 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
7558 			    sta->addr, err);
7559 }
7560 
7561 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
7562 					  struct ieee80211_vif *vif,
7563 					  const struct cfg80211_bitrate_mask *mask)
7564 {
7565 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7566 	struct cfg80211_chan_def def;
7567 	struct ath10k *ar = arvif->ar;
7568 	enum nl80211_band band;
7569 	const u8 *ht_mcs_mask;
7570 	const u16 *vht_mcs_mask;
7571 	u8 rate;
7572 	u8 nss;
7573 	u8 sgi;
7574 	u8 ldpc;
7575 	int single_nss;
7576 	int ret;
7577 	int vht_num_rates, allow_pfr;
7578 	u8 vht_pfr;
7579 	bool update_bitrate_mask = true;
7580 
7581 	if (ath10k_mac_vif_chan(vif, &def))
7582 		return -EPERM;
7583 
7584 	band = def.chan->band;
7585 	ht_mcs_mask = mask->control[band].ht_mcs;
7586 	vht_mcs_mask = mask->control[band].vht_mcs;
7587 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
7588 
7589 	sgi = mask->control[band].gi;
7590 	if (sgi == NL80211_TXRATE_FORCE_LGI)
7591 		return -EINVAL;
7592 
7593 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
7594 			     ar->normal_mode_fw.fw_file.fw_features);
7595 	if (allow_pfr) {
7596 		mutex_lock(&ar->conf_mutex);
7597 		ieee80211_iterate_stations_atomic(ar->hw,
7598 						  ath10k_mac_clr_bitrate_mask_iter,
7599 						  arvif);
7600 		mutex_unlock(&ar->conf_mutex);
7601 	}
7602 
7603 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
7604 						    &vht_num_rates)) {
7605 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
7606 							      &rate, &nss,
7607 							      false);
7608 		if (ret) {
7609 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
7610 				    arvif->vdev_id, ret);
7611 			return ret;
7612 		}
7613 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
7614 							  &single_nss)) {
7615 		rate = WMI_FIXED_RATE_NONE;
7616 		nss = single_nss;
7617 	} else {
7618 		rate = WMI_FIXED_RATE_NONE;
7619 		nss = min(ar->num_rf_chains,
7620 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
7621 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
7622 
7623 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
7624 						     allow_pfr)) {
7625 			u8 vht_nss;
7626 
7627 			if (!allow_pfr || vht_num_rates != 1)
7628 				return -EINVAL;
7629 
7630 			/* Reach here, firmware supports peer fixed rate and has
7631 			 * single vht rate, and don't update vif birate_mask, as
7632 			 * the rate only for specific peer.
7633 			 */
7634 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
7635 								&vht_pfr,
7636 								&vht_nss,
7637 								true);
7638 			update_bitrate_mask = false;
7639 		} else {
7640 			vht_pfr = 0;
7641 		}
7642 
7643 		mutex_lock(&ar->conf_mutex);
7644 
7645 		if (update_bitrate_mask)
7646 			arvif->bitrate_mask = *mask;
7647 		arvif->vht_num_rates = vht_num_rates;
7648 		arvif->vht_pfr = vht_pfr;
7649 		ieee80211_iterate_stations_atomic(ar->hw,
7650 						  ath10k_mac_set_bitrate_mask_iter,
7651 						  arvif);
7652 
7653 		mutex_unlock(&ar->conf_mutex);
7654 	}
7655 
7656 	mutex_lock(&ar->conf_mutex);
7657 
7658 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
7659 	if (ret) {
7660 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
7661 			    arvif->vdev_id, ret);
7662 		goto exit;
7663 	}
7664 
7665 exit:
7666 	mutex_unlock(&ar->conf_mutex);
7667 
7668 	return ret;
7669 }
7670 
7671 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
7672 				 struct ieee80211_vif *vif,
7673 				 struct ieee80211_sta *sta,
7674 				 u32 changed)
7675 {
7676 	struct ath10k *ar = hw->priv;
7677 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7678 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7679 	struct ath10k_peer *peer;
7680 	u32 bw, smps;
7681 
7682 	spin_lock_bh(&ar->data_lock);
7683 
7684 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7685 	if (!peer) {
7686 		spin_unlock_bh(&ar->data_lock);
7687 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
7688 			    sta->addr, arvif->vdev_id);
7689 		return;
7690 	}
7691 
7692 	ath10k_dbg(ar, ATH10K_DBG_MAC,
7693 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
7694 		   sta->addr, changed, sta->bandwidth, sta->rx_nss,
7695 		   sta->smps_mode);
7696 
7697 	if (changed & IEEE80211_RC_BW_CHANGED) {
7698 		bw = WMI_PEER_CHWIDTH_20MHZ;
7699 
7700 		switch (sta->bandwidth) {
7701 		case IEEE80211_STA_RX_BW_20:
7702 			bw = WMI_PEER_CHWIDTH_20MHZ;
7703 			break;
7704 		case IEEE80211_STA_RX_BW_40:
7705 			bw = WMI_PEER_CHWIDTH_40MHZ;
7706 			break;
7707 		case IEEE80211_STA_RX_BW_80:
7708 			bw = WMI_PEER_CHWIDTH_80MHZ;
7709 			break;
7710 		case IEEE80211_STA_RX_BW_160:
7711 			bw = WMI_PEER_CHWIDTH_160MHZ;
7712 			break;
7713 		default:
7714 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
7715 				    sta->bandwidth, sta->addr);
7716 			bw = WMI_PEER_CHWIDTH_20MHZ;
7717 			break;
7718 		}
7719 
7720 		arsta->bw = bw;
7721 	}
7722 
7723 	if (changed & IEEE80211_RC_NSS_CHANGED)
7724 		arsta->nss = sta->rx_nss;
7725 
7726 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
7727 		smps = WMI_PEER_SMPS_PS_NONE;
7728 
7729 		switch (sta->smps_mode) {
7730 		case IEEE80211_SMPS_AUTOMATIC:
7731 		case IEEE80211_SMPS_OFF:
7732 			smps = WMI_PEER_SMPS_PS_NONE;
7733 			break;
7734 		case IEEE80211_SMPS_STATIC:
7735 			smps = WMI_PEER_SMPS_STATIC;
7736 			break;
7737 		case IEEE80211_SMPS_DYNAMIC:
7738 			smps = WMI_PEER_SMPS_DYNAMIC;
7739 			break;
7740 		case IEEE80211_SMPS_NUM_MODES:
7741 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
7742 				    sta->smps_mode, sta->addr);
7743 			smps = WMI_PEER_SMPS_PS_NONE;
7744 			break;
7745 		}
7746 
7747 		arsta->smps = smps;
7748 	}
7749 
7750 	arsta->changed |= changed;
7751 
7752 	spin_unlock_bh(&ar->data_lock);
7753 
7754 	ieee80211_queue_work(hw, &arsta->update_wk);
7755 }
7756 
7757 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
7758 			      struct ieee80211_vif *vif, s64 tsf_offset)
7759 {
7760 	struct ath10k *ar = hw->priv;
7761 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7762 	u32 offset, vdev_param;
7763 	int ret;
7764 
7765 	if (tsf_offset < 0) {
7766 		vdev_param = ar->wmi.vdev_param->dec_tsf;
7767 		offset = -tsf_offset;
7768 	} else {
7769 		vdev_param = ar->wmi.vdev_param->inc_tsf;
7770 		offset = tsf_offset;
7771 	}
7772 
7773 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
7774 					vdev_param, offset);
7775 
7776 	if (ret && ret != -EOPNOTSUPP)
7777 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
7778 			    offset, vdev_param, ret);
7779 }
7780 
7781 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
7782 			       struct ieee80211_vif *vif,
7783 			       struct ieee80211_ampdu_params *params)
7784 {
7785 	struct ath10k *ar = hw->priv;
7786 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7787 	struct ieee80211_sta *sta = params->sta;
7788 	enum ieee80211_ampdu_mlme_action action = params->action;
7789 	u16 tid = params->tid;
7790 
7791 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %hu action %d\n",
7792 		   arvif->vdev_id, sta->addr, tid, action);
7793 
7794 	switch (action) {
7795 	case IEEE80211_AMPDU_RX_START:
7796 	case IEEE80211_AMPDU_RX_STOP:
7797 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
7798 		 * creation/removal. Do we need to verify this?
7799 		 */
7800 		return 0;
7801 	case IEEE80211_AMPDU_TX_START:
7802 	case IEEE80211_AMPDU_TX_STOP_CONT:
7803 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
7804 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
7805 	case IEEE80211_AMPDU_TX_OPERATIONAL:
7806 		/* Firmware offloads Tx aggregation entirely so deny mac80211
7807 		 * Tx aggregation requests.
7808 		 */
7809 		return -EOPNOTSUPP;
7810 	}
7811 
7812 	return -EINVAL;
7813 }
7814 
7815 static void
7816 ath10k_mac_update_rx_channel(struct ath10k *ar,
7817 			     struct ieee80211_chanctx_conf *ctx,
7818 			     struct ieee80211_vif_chanctx_switch *vifs,
7819 			     int n_vifs)
7820 {
7821 	struct cfg80211_chan_def *def = NULL;
7822 
7823 	/* Both locks are required because ar->rx_channel is modified. This
7824 	 * allows readers to hold either lock.
7825 	 */
7826 	lockdep_assert_held(&ar->conf_mutex);
7827 	lockdep_assert_held(&ar->data_lock);
7828 
7829 	WARN_ON(ctx && vifs);
7830 	WARN_ON(vifs && !n_vifs);
7831 
7832 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
7833 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
7834 	 * ppdu on Rx may reduce performance on low-end systems. It should be
7835 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
7836 	 * cpu data cache lines though regarding sizes) but to keep the initial
7837 	 * implementation simple and less intrusive fallback to the slow lookup
7838 	 * only for multi-channel cases. Single-channel cases will remain to
7839 	 * use the old channel derival and thus performance should not be
7840 	 * affected much.
7841 	 */
7842 	rcu_read_lock();
7843 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
7844 		ieee80211_iter_chan_contexts_atomic(ar->hw,
7845 						    ath10k_mac_get_any_chandef_iter,
7846 						    &def);
7847 
7848 		if (vifs)
7849 			def = &vifs[0].new_ctx->def;
7850 
7851 		ar->rx_channel = def->chan;
7852 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
7853 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
7854 		/* During driver restart due to firmware assert, since mac80211
7855 		 * already has valid channel context for given radio, channel
7856 		 * context iteration return num_chanctx > 0. So fix rx_channel
7857 		 * when restart is in progress.
7858 		 */
7859 		ar->rx_channel = ctx->def.chan;
7860 	} else {
7861 		ar->rx_channel = NULL;
7862 	}
7863 	rcu_read_unlock();
7864 }
7865 
7866 static void
7867 ath10k_mac_update_vif_chan(struct ath10k *ar,
7868 			   struct ieee80211_vif_chanctx_switch *vifs,
7869 			   int n_vifs)
7870 {
7871 	struct ath10k_vif *arvif;
7872 	int ret;
7873 	int i;
7874 
7875 	lockdep_assert_held(&ar->conf_mutex);
7876 
7877 	/* First stop monitor interface. Some FW versions crash if there's a
7878 	 * lone monitor interface.
7879 	 */
7880 	if (ar->monitor_started)
7881 		ath10k_monitor_stop(ar);
7882 
7883 	for (i = 0; i < n_vifs; i++) {
7884 		arvif = (void *)vifs[i].vif->drv_priv;
7885 
7886 		ath10k_dbg(ar, ATH10K_DBG_MAC,
7887 			   "mac chanctx switch vdev_id %i freq %hu->%hu width %d->%d\n",
7888 			   arvif->vdev_id,
7889 			   vifs[i].old_ctx->def.chan->center_freq,
7890 			   vifs[i].new_ctx->def.chan->center_freq,
7891 			   vifs[i].old_ctx->def.width,
7892 			   vifs[i].new_ctx->def.width);
7893 
7894 		if (WARN_ON(!arvif->is_started))
7895 			continue;
7896 
7897 		if (WARN_ON(!arvif->is_up))
7898 			continue;
7899 
7900 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
7901 		if (ret) {
7902 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
7903 				    arvif->vdev_id, ret);
7904 			continue;
7905 		}
7906 	}
7907 
7908 	/* All relevant vdevs are downed and associated channel resources
7909 	 * should be available for the channel switch now.
7910 	 */
7911 
7912 	spin_lock_bh(&ar->data_lock);
7913 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
7914 	spin_unlock_bh(&ar->data_lock);
7915 
7916 	for (i = 0; i < n_vifs; i++) {
7917 		arvif = (void *)vifs[i].vif->drv_priv;
7918 
7919 		if (WARN_ON(!arvif->is_started))
7920 			continue;
7921 
7922 		if (WARN_ON(!arvif->is_up))
7923 			continue;
7924 
7925 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
7926 		if (ret)
7927 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
7928 				    ret);
7929 
7930 		ret = ath10k_mac_setup_prb_tmpl(arvif);
7931 		if (ret)
7932 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
7933 				    ret);
7934 
7935 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
7936 		if (ret) {
7937 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
7938 				    arvif->vdev_id, ret);
7939 			continue;
7940 		}
7941 
7942 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
7943 					 arvif->bssid);
7944 		if (ret) {
7945 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
7946 				    arvif->vdev_id, ret);
7947 			continue;
7948 		}
7949 	}
7950 
7951 	ath10k_monitor_recalc(ar);
7952 }
7953 
7954 static int
7955 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
7956 			  struct ieee80211_chanctx_conf *ctx)
7957 {
7958 	struct ath10k *ar = hw->priv;
7959 
7960 	ath10k_dbg(ar, ATH10K_DBG_MAC,
7961 		   "mac chanctx add freq %hu width %d ptr %pK\n",
7962 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
7963 
7964 	mutex_lock(&ar->conf_mutex);
7965 
7966 	spin_lock_bh(&ar->data_lock);
7967 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
7968 	spin_unlock_bh(&ar->data_lock);
7969 
7970 	ath10k_recalc_radar_detection(ar);
7971 	ath10k_monitor_recalc(ar);
7972 
7973 	mutex_unlock(&ar->conf_mutex);
7974 
7975 	return 0;
7976 }
7977 
7978 static void
7979 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
7980 			     struct ieee80211_chanctx_conf *ctx)
7981 {
7982 	struct ath10k *ar = hw->priv;
7983 
7984 	ath10k_dbg(ar, ATH10K_DBG_MAC,
7985 		   "mac chanctx remove freq %hu width %d ptr %pK\n",
7986 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
7987 
7988 	mutex_lock(&ar->conf_mutex);
7989 
7990 	spin_lock_bh(&ar->data_lock);
7991 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
7992 	spin_unlock_bh(&ar->data_lock);
7993 
7994 	ath10k_recalc_radar_detection(ar);
7995 	ath10k_monitor_recalc(ar);
7996 
7997 	mutex_unlock(&ar->conf_mutex);
7998 }
7999 
8000 struct ath10k_mac_change_chanctx_arg {
8001 	struct ieee80211_chanctx_conf *ctx;
8002 	struct ieee80211_vif_chanctx_switch *vifs;
8003 	int n_vifs;
8004 	int next_vif;
8005 };
8006 
8007 static void
8008 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8009 				   struct ieee80211_vif *vif)
8010 {
8011 	struct ath10k_mac_change_chanctx_arg *arg = data;
8012 
8013 	if (rcu_access_pointer(vif->chanctx_conf) != arg->ctx)
8014 		return;
8015 
8016 	arg->n_vifs++;
8017 }
8018 
8019 static void
8020 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8021 				    struct ieee80211_vif *vif)
8022 {
8023 	struct ath10k_mac_change_chanctx_arg *arg = data;
8024 	struct ieee80211_chanctx_conf *ctx;
8025 
8026 	ctx = rcu_access_pointer(vif->chanctx_conf);
8027 	if (ctx != arg->ctx)
8028 		return;
8029 
8030 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8031 		return;
8032 
8033 	arg->vifs[arg->next_vif].vif = vif;
8034 	arg->vifs[arg->next_vif].old_ctx = ctx;
8035 	arg->vifs[arg->next_vif].new_ctx = ctx;
8036 	arg->next_vif++;
8037 }
8038 
8039 static void
8040 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8041 			     struct ieee80211_chanctx_conf *ctx,
8042 			     u32 changed)
8043 {
8044 	struct ath10k *ar = hw->priv;
8045 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8046 
8047 	mutex_lock(&ar->conf_mutex);
8048 
8049 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8050 		   "mac chanctx change freq %hu width %d ptr %pK changed %x\n",
8051 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8052 
8053 	/* This shouldn't really happen because channel switching should use
8054 	 * switch_vif_chanctx().
8055 	 */
8056 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8057 		goto unlock;
8058 
8059 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8060 		ieee80211_iterate_active_interfaces_atomic(
8061 					hw,
8062 					IEEE80211_IFACE_ITER_NORMAL,
8063 					ath10k_mac_change_chanctx_cnt_iter,
8064 					&arg);
8065 		if (arg.n_vifs == 0)
8066 			goto radar;
8067 
8068 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8069 				   GFP_KERNEL);
8070 		if (!arg.vifs)
8071 			goto radar;
8072 
8073 		ieee80211_iterate_active_interfaces_atomic(
8074 					hw,
8075 					IEEE80211_IFACE_ITER_NORMAL,
8076 					ath10k_mac_change_chanctx_fill_iter,
8077 					&arg);
8078 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8079 		kfree(arg.vifs);
8080 	}
8081 
8082 radar:
8083 	ath10k_recalc_radar_detection(ar);
8084 
8085 	/* FIXME: How to configure Rx chains properly? */
8086 
8087 	/* No other actions are actually necessary. Firmware maintains channel
8088 	 * definitions per vdev internally and there's no host-side channel
8089 	 * context abstraction to configure, e.g. channel width.
8090 	 */
8091 
8092 unlock:
8093 	mutex_unlock(&ar->conf_mutex);
8094 }
8095 
8096 static int
8097 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8098 				 struct ieee80211_vif *vif,
8099 				 struct ieee80211_chanctx_conf *ctx)
8100 {
8101 	struct ath10k *ar = hw->priv;
8102 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8103 	int ret;
8104 
8105 	mutex_lock(&ar->conf_mutex);
8106 
8107 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8108 		   "mac chanctx assign ptr %pK vdev_id %i\n",
8109 		   ctx, arvif->vdev_id);
8110 
8111 	if (WARN_ON(arvif->is_started)) {
8112 		mutex_unlock(&ar->conf_mutex);
8113 		return -EBUSY;
8114 	}
8115 
8116 	ret = ath10k_vdev_start(arvif, &ctx->def);
8117 	if (ret) {
8118 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
8119 			    arvif->vdev_id, vif->addr,
8120 			    ctx->def.chan->center_freq, ret);
8121 		goto err;
8122 	}
8123 
8124 	arvif->is_started = true;
8125 
8126 	ret = ath10k_mac_vif_setup_ps(arvif);
8127 	if (ret) {
8128 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
8129 			    arvif->vdev_id, ret);
8130 		goto err_stop;
8131 	}
8132 
8133 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8134 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
8135 		if (ret) {
8136 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
8137 				    arvif->vdev_id, ret);
8138 			goto err_stop;
8139 		}
8140 
8141 		arvif->is_up = true;
8142 	}
8143 
8144 	if (ath10k_mac_can_set_cts_prot(arvif)) {
8145 		ret = ath10k_mac_set_cts_prot(arvif);
8146 		if (ret)
8147 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
8148 				    arvif->vdev_id, ret);
8149 	}
8150 
8151 	if (ath10k_peer_stats_enabled(ar) &&
8152 	    ar->hw_params.tx_stats_over_pktlog) {
8153 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
8154 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
8155 						    ar->pktlog_filter);
8156 		if (ret) {
8157 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
8158 			goto err_stop;
8159 		}
8160 	}
8161 
8162 	mutex_unlock(&ar->conf_mutex);
8163 	return 0;
8164 
8165 err_stop:
8166 	ath10k_vdev_stop(arvif);
8167 	arvif->is_started = false;
8168 	ath10k_mac_vif_setup_ps(arvif);
8169 
8170 err:
8171 	mutex_unlock(&ar->conf_mutex);
8172 	return ret;
8173 }
8174 
8175 static void
8176 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
8177 				   struct ieee80211_vif *vif,
8178 				   struct ieee80211_chanctx_conf *ctx)
8179 {
8180 	struct ath10k *ar = hw->priv;
8181 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8182 	int ret;
8183 
8184 	mutex_lock(&ar->conf_mutex);
8185 
8186 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8187 		   "mac chanctx unassign ptr %pK vdev_id %i\n",
8188 		   ctx, arvif->vdev_id);
8189 
8190 	WARN_ON(!arvif->is_started);
8191 
8192 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8193 		WARN_ON(!arvif->is_up);
8194 
8195 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8196 		if (ret)
8197 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
8198 				    arvif->vdev_id, ret);
8199 
8200 		arvif->is_up = false;
8201 	}
8202 
8203 	ret = ath10k_vdev_stop(arvif);
8204 	if (ret)
8205 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
8206 			    arvif->vdev_id, ret);
8207 
8208 	arvif->is_started = false;
8209 
8210 	mutex_unlock(&ar->conf_mutex);
8211 }
8212 
8213 static int
8214 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
8215 				 struct ieee80211_vif_chanctx_switch *vifs,
8216 				 int n_vifs,
8217 				 enum ieee80211_chanctx_switch_mode mode)
8218 {
8219 	struct ath10k *ar = hw->priv;
8220 
8221 	mutex_lock(&ar->conf_mutex);
8222 
8223 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8224 		   "mac chanctx switch n_vifs %d mode %d\n",
8225 		   n_vifs, mode);
8226 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
8227 
8228 	mutex_unlock(&ar->conf_mutex);
8229 	return 0;
8230 }
8231 
8232 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
8233 					     struct ieee80211_vif *vif,
8234 					     struct ieee80211_sta *sta)
8235 {
8236 	struct ath10k *ar;
8237 	struct ath10k_peer *peer;
8238 
8239 	ar = hw->priv;
8240 
8241 	list_for_each_entry(peer, &ar->peers, list)
8242 		if (peer->sta == sta)
8243 			peer->removed = true;
8244 }
8245 
8246 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
8247 				  struct ieee80211_vif *vif,
8248 				  struct ieee80211_sta *sta,
8249 				  struct station_info *sinfo)
8250 {
8251 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8252 	struct ath10k *ar = arsta->arvif->ar;
8253 
8254 	if (!ath10k_peer_stats_enabled(ar))
8255 		return;
8256 
8257 	sinfo->rx_duration = arsta->rx_duration;
8258 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
8259 
8260 	if (!arsta->txrate.legacy && !arsta->txrate.nss)
8261 		return;
8262 
8263 	if (arsta->txrate.legacy) {
8264 		sinfo->txrate.legacy = arsta->txrate.legacy;
8265 	} else {
8266 		sinfo->txrate.mcs = arsta->txrate.mcs;
8267 		sinfo->txrate.nss = arsta->txrate.nss;
8268 		sinfo->txrate.bw = arsta->txrate.bw;
8269 	}
8270 	sinfo->txrate.flags = arsta->txrate.flags;
8271 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
8272 }
8273 
8274 static const struct ieee80211_ops ath10k_ops = {
8275 	.tx				= ath10k_mac_op_tx,
8276 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
8277 	.start				= ath10k_start,
8278 	.stop				= ath10k_stop,
8279 	.config				= ath10k_config,
8280 	.add_interface			= ath10k_add_interface,
8281 	.remove_interface		= ath10k_remove_interface,
8282 	.configure_filter		= ath10k_configure_filter,
8283 	.bss_info_changed		= ath10k_bss_info_changed,
8284 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
8285 	.hw_scan			= ath10k_hw_scan,
8286 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
8287 	.set_key			= ath10k_set_key,
8288 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
8289 	.sta_state			= ath10k_sta_state,
8290 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
8291 	.conf_tx			= ath10k_conf_tx,
8292 	.remain_on_channel		= ath10k_remain_on_channel,
8293 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
8294 	.set_rts_threshold		= ath10k_set_rts_threshold,
8295 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
8296 	.flush				= ath10k_flush,
8297 	.tx_last_beacon			= ath10k_tx_last_beacon,
8298 	.set_antenna			= ath10k_set_antenna,
8299 	.get_antenna			= ath10k_get_antenna,
8300 	.reconfig_complete		= ath10k_reconfig_complete,
8301 	.get_survey			= ath10k_get_survey,
8302 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
8303 	.sta_rc_update			= ath10k_sta_rc_update,
8304 	.offset_tsf			= ath10k_offset_tsf,
8305 	.ampdu_action			= ath10k_ampdu_action,
8306 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
8307 	.get_et_stats			= ath10k_debug_get_et_stats,
8308 	.get_et_strings			= ath10k_debug_get_et_strings,
8309 	.add_chanctx			= ath10k_mac_op_add_chanctx,
8310 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
8311 	.change_chanctx			= ath10k_mac_op_change_chanctx,
8312 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
8313 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
8314 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
8315 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
8316 	.sta_statistics			= ath10k_sta_statistics,
8317 
8318 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
8319 
8320 #ifdef CONFIG_PM
8321 	.suspend			= ath10k_wow_op_suspend,
8322 	.resume				= ath10k_wow_op_resume,
8323 	.set_wakeup			= ath10k_wow_op_set_wakeup,
8324 #endif
8325 #ifdef CONFIG_MAC80211_DEBUGFS
8326 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
8327 #endif
8328 };
8329 
8330 #define CHAN2G(_channel, _freq, _flags) { \
8331 	.band			= NL80211_BAND_2GHZ, \
8332 	.hw_value		= (_channel), \
8333 	.center_freq		= (_freq), \
8334 	.flags			= (_flags), \
8335 	.max_antenna_gain	= 0, \
8336 	.max_power		= 30, \
8337 }
8338 
8339 #define CHAN5G(_channel, _freq, _flags) { \
8340 	.band			= NL80211_BAND_5GHZ, \
8341 	.hw_value		= (_channel), \
8342 	.center_freq		= (_freq), \
8343 	.flags			= (_flags), \
8344 	.max_antenna_gain	= 0, \
8345 	.max_power		= 30, \
8346 }
8347 
8348 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
8349 	CHAN2G(1, 2412, 0),
8350 	CHAN2G(2, 2417, 0),
8351 	CHAN2G(3, 2422, 0),
8352 	CHAN2G(4, 2427, 0),
8353 	CHAN2G(5, 2432, 0),
8354 	CHAN2G(6, 2437, 0),
8355 	CHAN2G(7, 2442, 0),
8356 	CHAN2G(8, 2447, 0),
8357 	CHAN2G(9, 2452, 0),
8358 	CHAN2G(10, 2457, 0),
8359 	CHAN2G(11, 2462, 0),
8360 	CHAN2G(12, 2467, 0),
8361 	CHAN2G(13, 2472, 0),
8362 	CHAN2G(14, 2484, 0),
8363 };
8364 
8365 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
8366 	CHAN5G(36, 5180, 0),
8367 	CHAN5G(40, 5200, 0),
8368 	CHAN5G(44, 5220, 0),
8369 	CHAN5G(48, 5240, 0),
8370 	CHAN5G(52, 5260, 0),
8371 	CHAN5G(56, 5280, 0),
8372 	CHAN5G(60, 5300, 0),
8373 	CHAN5G(64, 5320, 0),
8374 	CHAN5G(100, 5500, 0),
8375 	CHAN5G(104, 5520, 0),
8376 	CHAN5G(108, 5540, 0),
8377 	CHAN5G(112, 5560, 0),
8378 	CHAN5G(116, 5580, 0),
8379 	CHAN5G(120, 5600, 0),
8380 	CHAN5G(124, 5620, 0),
8381 	CHAN5G(128, 5640, 0),
8382 	CHAN5G(132, 5660, 0),
8383 	CHAN5G(136, 5680, 0),
8384 	CHAN5G(140, 5700, 0),
8385 	CHAN5G(144, 5720, 0),
8386 	CHAN5G(149, 5745, 0),
8387 	CHAN5G(153, 5765, 0),
8388 	CHAN5G(157, 5785, 0),
8389 	CHAN5G(161, 5805, 0),
8390 	CHAN5G(165, 5825, 0),
8391 	CHAN5G(169, 5845, 0),
8392 	CHAN5G(173, 5865, 0),
8393 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
8394 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
8395 };
8396 
8397 struct ath10k *ath10k_mac_create(size_t priv_size)
8398 {
8399 	struct ieee80211_hw *hw;
8400 	struct ieee80211_ops *ops;
8401 	struct ath10k *ar;
8402 
8403 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
8404 	if (!ops)
8405 		return NULL;
8406 
8407 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
8408 	if (!hw) {
8409 		kfree(ops);
8410 		return NULL;
8411 	}
8412 
8413 	ar = hw->priv;
8414 	ar->hw = hw;
8415 	ar->ops = ops;
8416 
8417 	return ar;
8418 }
8419 
8420 void ath10k_mac_destroy(struct ath10k *ar)
8421 {
8422 	struct ieee80211_ops *ops = ar->ops;
8423 
8424 	ieee80211_free_hw(ar->hw);
8425 	kfree(ops);
8426 }
8427 
8428 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
8429 	{
8430 		.max	= 8,
8431 		.types	= BIT(NL80211_IFTYPE_STATION)
8432 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
8433 	},
8434 	{
8435 		.max	= 3,
8436 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
8437 	},
8438 	{
8439 		.max	= 1,
8440 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
8441 	},
8442 	{
8443 		.max	= 7,
8444 		.types	= BIT(NL80211_IFTYPE_AP)
8445 #ifdef CONFIG_MAC80211_MESH
8446 			| BIT(NL80211_IFTYPE_MESH_POINT)
8447 #endif
8448 	},
8449 };
8450 
8451 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
8452 	{
8453 		.max	= 8,
8454 		.types	= BIT(NL80211_IFTYPE_AP)
8455 #ifdef CONFIG_MAC80211_MESH
8456 			| BIT(NL80211_IFTYPE_MESH_POINT)
8457 #endif
8458 	},
8459 	{
8460 		.max	= 1,
8461 		.types	= BIT(NL80211_IFTYPE_STATION)
8462 	},
8463 };
8464 
8465 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
8466 	{
8467 		.limits = ath10k_if_limits,
8468 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
8469 		.max_interfaces = 8,
8470 		.num_different_channels = 1,
8471 		.beacon_int_infra_match = true,
8472 	},
8473 };
8474 
8475 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
8476 	{
8477 		.limits = ath10k_10x_if_limits,
8478 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
8479 		.max_interfaces = 8,
8480 		.num_different_channels = 1,
8481 		.beacon_int_infra_match = true,
8482 		.beacon_int_min_gcd = 1,
8483 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
8484 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
8485 					BIT(NL80211_CHAN_WIDTH_20) |
8486 					BIT(NL80211_CHAN_WIDTH_40) |
8487 					BIT(NL80211_CHAN_WIDTH_80),
8488 #endif
8489 	},
8490 };
8491 
8492 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
8493 	{
8494 		.max = 2,
8495 		.types = BIT(NL80211_IFTYPE_STATION),
8496 	},
8497 	{
8498 		.max = 2,
8499 		.types = BIT(NL80211_IFTYPE_AP) |
8500 #ifdef CONFIG_MAC80211_MESH
8501 			 BIT(NL80211_IFTYPE_MESH_POINT) |
8502 #endif
8503 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
8504 			 BIT(NL80211_IFTYPE_P2P_GO),
8505 	},
8506 	{
8507 		.max = 1,
8508 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
8509 	},
8510 };
8511 
8512 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
8513 	{
8514 		.max = 2,
8515 		.types = BIT(NL80211_IFTYPE_STATION),
8516 	},
8517 	{
8518 		.max = 2,
8519 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
8520 	},
8521 	{
8522 		.max = 1,
8523 		.types = BIT(NL80211_IFTYPE_AP) |
8524 #ifdef CONFIG_MAC80211_MESH
8525 			 BIT(NL80211_IFTYPE_MESH_POINT) |
8526 #endif
8527 			 BIT(NL80211_IFTYPE_P2P_GO),
8528 	},
8529 	{
8530 		.max = 1,
8531 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
8532 	},
8533 };
8534 
8535 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
8536 	{
8537 		.max = 1,
8538 		.types = BIT(NL80211_IFTYPE_STATION),
8539 	},
8540 	{
8541 		.max = 1,
8542 		.types = BIT(NL80211_IFTYPE_ADHOC),
8543 	},
8544 };
8545 
8546 /* FIXME: This is not thouroughly tested. These combinations may over- or
8547  * underestimate hw/fw capabilities.
8548  */
8549 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
8550 	{
8551 		.limits = ath10k_tlv_if_limit,
8552 		.num_different_channels = 1,
8553 		.max_interfaces = 4,
8554 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
8555 	},
8556 	{
8557 		.limits = ath10k_tlv_if_limit_ibss,
8558 		.num_different_channels = 1,
8559 		.max_interfaces = 2,
8560 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
8561 	},
8562 };
8563 
8564 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
8565 	{
8566 		.limits = ath10k_tlv_if_limit,
8567 		.num_different_channels = 1,
8568 		.max_interfaces = 4,
8569 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
8570 	},
8571 	{
8572 		.limits = ath10k_tlv_qcs_if_limit,
8573 		.num_different_channels = 2,
8574 		.max_interfaces = 4,
8575 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
8576 	},
8577 	{
8578 		.limits = ath10k_tlv_if_limit_ibss,
8579 		.num_different_channels = 1,
8580 		.max_interfaces = 2,
8581 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
8582 	},
8583 };
8584 
8585 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
8586 	{
8587 		.max = 1,
8588 		.types = BIT(NL80211_IFTYPE_STATION),
8589 	},
8590 	{
8591 		.max	= 16,
8592 		.types	= BIT(NL80211_IFTYPE_AP)
8593 #ifdef CONFIG_MAC80211_MESH
8594 			| BIT(NL80211_IFTYPE_MESH_POINT)
8595 #endif
8596 	},
8597 };
8598 
8599 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
8600 	{
8601 		.limits = ath10k_10_4_if_limits,
8602 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
8603 		.max_interfaces = 16,
8604 		.num_different_channels = 1,
8605 		.beacon_int_infra_match = true,
8606 		.beacon_int_min_gcd = 1,
8607 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
8608 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
8609 					BIT(NL80211_CHAN_WIDTH_20) |
8610 					BIT(NL80211_CHAN_WIDTH_40) |
8611 					BIT(NL80211_CHAN_WIDTH_80),
8612 #endif
8613 	},
8614 };
8615 
8616 static const struct
8617 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
8618 	{
8619 		.limits = ath10k_10_4_if_limits,
8620 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
8621 		.max_interfaces = 16,
8622 		.num_different_channels = 1,
8623 		.beacon_int_infra_match = true,
8624 		.beacon_int_min_gcd = 100,
8625 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
8626 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
8627 					BIT(NL80211_CHAN_WIDTH_20) |
8628 					BIT(NL80211_CHAN_WIDTH_40) |
8629 					BIT(NL80211_CHAN_WIDTH_80),
8630 #endif
8631 	},
8632 };
8633 
8634 static void ath10k_get_arvif_iter(void *data, u8 *mac,
8635 				  struct ieee80211_vif *vif)
8636 {
8637 	struct ath10k_vif_iter *arvif_iter = data;
8638 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8639 
8640 	if (arvif->vdev_id == arvif_iter->vdev_id)
8641 		arvif_iter->arvif = arvif;
8642 }
8643 
8644 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
8645 {
8646 	struct ath10k_vif_iter arvif_iter;
8647 	u32 flags;
8648 
8649 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
8650 	arvif_iter.vdev_id = vdev_id;
8651 
8652 	flags = IEEE80211_IFACE_ITER_RESUME_ALL;
8653 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
8654 						   flags,
8655 						   ath10k_get_arvif_iter,
8656 						   &arvif_iter);
8657 	if (!arvif_iter.arvif) {
8658 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
8659 		return NULL;
8660 	}
8661 
8662 	return arvif_iter.arvif;
8663 }
8664 
8665 #define WRD_METHOD "WRDD"
8666 #define WRDD_WIFI  (0x07)
8667 
8668 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
8669 {
8670 	union acpi_object *mcc_pkg;
8671 	union acpi_object *domain_type;
8672 	union acpi_object *mcc_value;
8673 	u32 i;
8674 
8675 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
8676 	    wrdd->package.count < 2 ||
8677 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
8678 	    wrdd->package.elements[0].integer.value != 0) {
8679 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
8680 		return 0;
8681 	}
8682 
8683 	for (i = 1; i < wrdd->package.count; ++i) {
8684 		mcc_pkg = &wrdd->package.elements[i];
8685 
8686 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
8687 			continue;
8688 		if (mcc_pkg->package.count < 2)
8689 			continue;
8690 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
8691 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
8692 			continue;
8693 
8694 		domain_type = &mcc_pkg->package.elements[0];
8695 		if (domain_type->integer.value != WRDD_WIFI)
8696 			continue;
8697 
8698 		mcc_value = &mcc_pkg->package.elements[1];
8699 		return mcc_value->integer.value;
8700 	}
8701 	return 0;
8702 }
8703 
8704 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
8705 {
8706 	acpi_handle root_handle;
8707 	acpi_handle handle;
8708 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
8709 	acpi_status status;
8710 	u32 alpha2_code;
8711 	char alpha2[3];
8712 
8713 	root_handle = ACPI_HANDLE(ar->dev);
8714 	if (!root_handle)
8715 		return -EOPNOTSUPP;
8716 
8717 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
8718 	if (ACPI_FAILURE(status)) {
8719 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
8720 			   "failed to get wrd method %d\n", status);
8721 		return -EIO;
8722 	}
8723 
8724 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
8725 	if (ACPI_FAILURE(status)) {
8726 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
8727 			   "failed to call wrdc %d\n", status);
8728 		return -EIO;
8729 	}
8730 
8731 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
8732 	kfree(wrdd.pointer);
8733 	if (!alpha2_code)
8734 		return -EIO;
8735 
8736 	alpha2[0] = (alpha2_code >> 8) & 0xff;
8737 	alpha2[1] = (alpha2_code >> 0) & 0xff;
8738 	alpha2[2] = '\0';
8739 
8740 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
8741 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
8742 
8743 	*rd = ath_regd_find_country_by_name(alpha2);
8744 	if (*rd == 0xffff)
8745 		return -EIO;
8746 
8747 	*rd |= COUNTRY_ERD_FLAG;
8748 	return 0;
8749 }
8750 
8751 static int ath10k_mac_init_rd(struct ath10k *ar)
8752 {
8753 	int ret;
8754 	u16 rd;
8755 
8756 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
8757 	if (ret) {
8758 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
8759 			   "fallback to eeprom programmed regulatory settings\n");
8760 		rd = ar->hw_eeprom_rd;
8761 	}
8762 
8763 	ar->ath_common.regulatory.current_rd = rd;
8764 	return 0;
8765 }
8766 
8767 int ath10k_mac_register(struct ath10k *ar)
8768 {
8769 	static const u32 cipher_suites[] = {
8770 		WLAN_CIPHER_SUITE_WEP40,
8771 		WLAN_CIPHER_SUITE_WEP104,
8772 		WLAN_CIPHER_SUITE_TKIP,
8773 		WLAN_CIPHER_SUITE_CCMP,
8774 
8775 		/* Do not add hardware supported ciphers before this line.
8776 		 * Allow software encryption for all chips. Don't forget to
8777 		 * update n_cipher_suites below.
8778 		 */
8779 		WLAN_CIPHER_SUITE_AES_CMAC,
8780 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
8781 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
8782 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
8783 
8784 		/* Only QCA99x0 and QCA4019 varients support GCMP-128, GCMP-256
8785 		 * and CCMP-256 in hardware.
8786 		 */
8787 		WLAN_CIPHER_SUITE_GCMP,
8788 		WLAN_CIPHER_SUITE_GCMP_256,
8789 		WLAN_CIPHER_SUITE_CCMP_256,
8790 	};
8791 	struct ieee80211_supported_band *band;
8792 	void *channels;
8793 	int ret;
8794 
8795 	if (!is_valid_ether_addr(ar->mac_addr)) {
8796 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
8797 		eth_random_addr(ar->mac_addr);
8798 	}
8799 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
8800 
8801 	SET_IEEE80211_DEV(ar->hw, ar->dev);
8802 
8803 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
8804 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
8805 		     ATH10K_NUM_CHANS);
8806 
8807 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
8808 		channels = kmemdup(ath10k_2ghz_channels,
8809 				   sizeof(ath10k_2ghz_channels),
8810 				   GFP_KERNEL);
8811 		if (!channels) {
8812 			ret = -ENOMEM;
8813 			goto err_free;
8814 		}
8815 
8816 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
8817 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
8818 		band->channels = channels;
8819 
8820 		if (ar->hw_params.cck_rate_map_rev2) {
8821 			band->n_bitrates = ath10k_g_rates_rev2_size;
8822 			band->bitrates = ath10k_g_rates_rev2;
8823 		} else {
8824 			band->n_bitrates = ath10k_g_rates_size;
8825 			band->bitrates = ath10k_g_rates;
8826 		}
8827 
8828 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
8829 	}
8830 
8831 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
8832 		channels = kmemdup(ath10k_5ghz_channels,
8833 				   sizeof(ath10k_5ghz_channels),
8834 				   GFP_KERNEL);
8835 		if (!channels) {
8836 			ret = -ENOMEM;
8837 			goto err_free;
8838 		}
8839 
8840 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
8841 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
8842 		band->channels = channels;
8843 		band->n_bitrates = ath10k_a_rates_size;
8844 		band->bitrates = ath10k_a_rates;
8845 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
8846 	}
8847 
8848 	wiphy_read_of_freq_limits(ar->hw->wiphy);
8849 	ath10k_mac_setup_ht_vht_cap(ar);
8850 
8851 	ar->hw->wiphy->interface_modes =
8852 		BIT(NL80211_IFTYPE_STATION) |
8853 		BIT(NL80211_IFTYPE_AP) |
8854 		BIT(NL80211_IFTYPE_MESH_POINT);
8855 
8856 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
8857 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
8858 
8859 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
8860 		ar->hw->wiphy->interface_modes |=
8861 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
8862 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
8863 			BIT(NL80211_IFTYPE_P2P_GO);
8864 
8865 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
8866 
8867 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
8868 		      ar->running_fw->fw_file.fw_features)) {
8869 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
8870 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
8871 	}
8872 
8873 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
8874 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
8875 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
8876 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
8877 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
8878 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
8879 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
8880 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
8881 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
8882 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
8883 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
8884 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
8885 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
8886 
8887 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
8888 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
8889 
8890 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
8891 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
8892 
8893 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
8894 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
8895 
8896 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
8897 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
8898 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
8899 	}
8900 
8901 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
8902 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
8903 
8904 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
8905 		ar->hw->wiphy->max_sched_scan_reqs = 1;
8906 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
8907 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
8908 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
8909 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
8910 		ar->hw->wiphy->max_sched_scan_plan_interval =
8911 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
8912 		ar->hw->wiphy->max_sched_scan_plan_iterations =
8913 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
8914 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
8915 	}
8916 
8917 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
8918 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
8919 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
8920 
8921 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
8922 
8923 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
8924 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
8925 
8926 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
8927 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
8928 		 * correct Probe Responses. This is more of a hack advert..
8929 		 */
8930 		ar->hw->wiphy->probe_resp_offload |=
8931 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
8932 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
8933 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
8934 	}
8935 
8936 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
8937 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
8938 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
8939 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
8940 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
8941 	}
8942 
8943 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
8944 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
8945 
8946 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
8947 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
8948 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
8949 
8950 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
8951 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
8952 				   NL80211_FEATURE_AP_SCAN;
8953 
8954 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
8955 
8956 	ret = ath10k_wow_init(ar);
8957 	if (ret) {
8958 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
8959 		goto err_free;
8960 	}
8961 
8962 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
8963 	wiphy_ext_feature_set(ar->hw->wiphy,
8964 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
8965 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
8966 
8967 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
8968 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
8969 		wiphy_ext_feature_set(ar->hw->wiphy,
8970 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
8971 
8972 	if (ath10k_peer_stats_enabled(ar) ||
8973 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
8974 		wiphy_ext_feature_set(ar->hw->wiphy,
8975 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
8976 
8977 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
8978 		wiphy_ext_feature_set(ar->hw->wiphy,
8979 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
8980 
8981 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
8982 		wiphy_ext_feature_set(ar->hw->wiphy,
8983 				      NL80211_EXT_FEATURE_STA_TX_PWR);
8984 	/*
8985 	 * on LL hardware queues are managed entirely by the FW
8986 	 * so we only advertise to mac we can do the queues thing
8987 	 */
8988 	ar->hw->queues = IEEE80211_MAX_QUEUES;
8989 
8990 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
8991 	 * something that vdev_ids can't reach so that we don't stop the queue
8992 	 * accidentally.
8993 	 */
8994 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
8995 
8996 	switch (ar->running_fw->fw_file.wmi_op_version) {
8997 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
8998 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
8999 		ar->hw->wiphy->n_iface_combinations =
9000 			ARRAY_SIZE(ath10k_if_comb);
9001 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
9002 		break;
9003 	case ATH10K_FW_WMI_OP_VERSION_TLV:
9004 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
9005 			ar->hw->wiphy->iface_combinations =
9006 				ath10k_tlv_qcs_if_comb;
9007 			ar->hw->wiphy->n_iface_combinations =
9008 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
9009 		} else {
9010 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
9011 			ar->hw->wiphy->n_iface_combinations =
9012 				ARRAY_SIZE(ath10k_tlv_if_comb);
9013 		}
9014 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
9015 		break;
9016 	case ATH10K_FW_WMI_OP_VERSION_10_1:
9017 	case ATH10K_FW_WMI_OP_VERSION_10_2:
9018 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
9019 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
9020 		ar->hw->wiphy->n_iface_combinations =
9021 			ARRAY_SIZE(ath10k_10x_if_comb);
9022 		break;
9023 	case ATH10K_FW_WMI_OP_VERSION_10_4:
9024 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
9025 		ar->hw->wiphy->n_iface_combinations =
9026 			ARRAY_SIZE(ath10k_10_4_if_comb);
9027 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
9028 			     ar->wmi.svc_map)) {
9029 			ar->hw->wiphy->iface_combinations =
9030 				ath10k_10_4_bcn_int_if_comb;
9031 			ar->hw->wiphy->n_iface_combinations =
9032 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
9033 		}
9034 		break;
9035 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
9036 	case ATH10K_FW_WMI_OP_VERSION_MAX:
9037 		WARN_ON(1);
9038 		ret = -EINVAL;
9039 		goto err_free;
9040 	}
9041 
9042 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
9043 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
9044 
9045 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
9046 		/* Init ath dfs pattern detector */
9047 		ar->ath_common.debug_mask = ATH_DBG_DFS;
9048 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
9049 							     NL80211_DFS_UNSET);
9050 
9051 		if (!ar->dfs_detector)
9052 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
9053 	}
9054 
9055 	ret = ath10k_mac_init_rd(ar);
9056 	if (ret) {
9057 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
9058 		goto err_dfs_detector_exit;
9059 	}
9060 
9061 	/* Disable set_coverage_class for chipsets that do not support it. */
9062 	if (!ar->hw_params.hw_ops->set_coverage_class)
9063 		ar->ops->set_coverage_class = NULL;
9064 
9065 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
9066 			    ath10k_reg_notifier);
9067 	if (ret) {
9068 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
9069 		goto err_dfs_detector_exit;
9070 	}
9071 
9072 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
9073 		ar->hw->wiphy->features |=
9074 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
9075 	}
9076 
9077 	ar->hw->wiphy->cipher_suites = cipher_suites;
9078 
9079 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
9080 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
9081 	 * from chip specific hw_param table.
9082 	 */
9083 	if (!ar->hw_params.n_cipher_suites ||
9084 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
9085 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
9086 			   ar->hw_params.n_cipher_suites);
9087 		ar->hw_params.n_cipher_suites = 8;
9088 	}
9089 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
9090 
9091 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
9092 
9093 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
9094 
9095 	ret = ieee80211_register_hw(ar->hw);
9096 	if (ret) {
9097 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
9098 		goto err_dfs_detector_exit;
9099 	}
9100 
9101 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
9102 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
9103 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
9104 	}
9105 
9106 	if (!ath_is_world_regd(&ar->ath_common.regulatory)) {
9107 		ret = regulatory_hint(ar->hw->wiphy,
9108 				      ar->ath_common.regulatory.alpha2);
9109 		if (ret)
9110 			goto err_unregister;
9111 	}
9112 
9113 	return 0;
9114 
9115 err_unregister:
9116 	ieee80211_unregister_hw(ar->hw);
9117 
9118 err_dfs_detector_exit:
9119 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
9120 		ar->dfs_detector->exit(ar->dfs_detector);
9121 
9122 err_free:
9123 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
9124 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
9125 
9126 	SET_IEEE80211_DEV(ar->hw, NULL);
9127 	return ret;
9128 }
9129 
9130 void ath10k_mac_unregister(struct ath10k *ar)
9131 {
9132 	ieee80211_unregister_hw(ar->hw);
9133 
9134 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
9135 		ar->dfs_detector->exit(ar->dfs_detector);
9136 
9137 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
9138 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
9139 
9140 	SET_IEEE80211_DEV(ar->hw, NULL);
9141 }
9142