xref: /openbmc/linux/drivers/net/wireless/ath/ath10k/mac.c (revision a8c5cb99)
1 /*
2  * Copyright (c) 2005-2011 Atheros Communications Inc.
3  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
4  * Copyright (c) 2018, The Linux Foundation. All rights reserved.
5  *
6  * Permission to use, copy, modify, and/or distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 #include "mac.h"
20 
21 #include <net/mac80211.h>
22 #include <linux/etherdevice.h>
23 #include <linux/acpi.h>
24 
25 #include "hif.h"
26 #include "core.h"
27 #include "debug.h"
28 #include "wmi.h"
29 #include "htt.h"
30 #include "txrx.h"
31 #include "testmode.h"
32 #include "wmi.h"
33 #include "wmi-tlv.h"
34 #include "wmi-ops.h"
35 #include "wow.h"
36 
37 /*********/
38 /* Rates */
39 /*********/
40 
41 static struct ieee80211_rate ath10k_rates[] = {
42 	{ .bitrate = 10,
43 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
44 	{ .bitrate = 20,
45 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
46 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
47 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
48 	{ .bitrate = 55,
49 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
50 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
51 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
52 	{ .bitrate = 110,
53 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
54 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
55 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
56 
57 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
58 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
59 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
60 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
61 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
62 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
63 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
64 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
65 };
66 
67 static struct ieee80211_rate ath10k_rates_rev2[] = {
68 	{ .bitrate = 10,
69 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
70 	{ .bitrate = 20,
71 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
72 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
73 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
74 	{ .bitrate = 55,
75 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
76 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
77 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
78 	{ .bitrate = 110,
79 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
80 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
81 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
82 
83 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
84 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
85 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
86 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
87 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
88 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
89 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
90 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
91 };
92 
93 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
94 
95 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
96 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
97 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
98 #define ath10k_g_rates (ath10k_rates + 0)
99 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
100 
101 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
102 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
103 
104 static bool ath10k_mac_bitrate_is_cck(int bitrate)
105 {
106 	switch (bitrate) {
107 	case 10:
108 	case 20:
109 	case 55:
110 	case 110:
111 		return true;
112 	}
113 
114 	return false;
115 }
116 
117 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
118 {
119 	return DIV_ROUND_UP(bitrate, 5) |
120 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
121 }
122 
123 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
124 			     u8 hw_rate, bool cck)
125 {
126 	const struct ieee80211_rate *rate;
127 	int i;
128 
129 	for (i = 0; i < sband->n_bitrates; i++) {
130 		rate = &sband->bitrates[i];
131 
132 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
133 			continue;
134 
135 		if (rate->hw_value == hw_rate)
136 			return i;
137 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
138 			 rate->hw_value_short == hw_rate)
139 			return i;
140 	}
141 
142 	return 0;
143 }
144 
145 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
146 			     u32 bitrate)
147 {
148 	int i;
149 
150 	for (i = 0; i < sband->n_bitrates; i++)
151 		if (sband->bitrates[i].bitrate == bitrate)
152 			return i;
153 
154 	return 0;
155 }
156 
157 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
158 {
159 	switch ((mcs_map >> (2 * nss)) & 0x3) {
160 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
161 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
162 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
163 	}
164 	return 0;
165 }
166 
167 static u32
168 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
169 {
170 	int nss;
171 
172 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
173 		if (ht_mcs_mask[nss])
174 			return nss + 1;
175 
176 	return 1;
177 }
178 
179 static u32
180 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
181 {
182 	int nss;
183 
184 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
185 		if (vht_mcs_mask[nss])
186 			return nss + 1;
187 
188 	return 1;
189 }
190 
191 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
192 {
193 	enum wmi_host_platform_type platform_type;
194 	int ret;
195 
196 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
197 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
198 	else
199 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
200 
201 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
202 
203 	if (ret && ret != -EOPNOTSUPP) {
204 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
205 		return ret;
206 	}
207 
208 	return 0;
209 }
210 
211 /**********/
212 /* Crypto */
213 /**********/
214 
215 static int ath10k_send_key(struct ath10k_vif *arvif,
216 			   struct ieee80211_key_conf *key,
217 			   enum set_key_cmd cmd,
218 			   const u8 *macaddr, u32 flags)
219 {
220 	struct ath10k *ar = arvif->ar;
221 	struct wmi_vdev_install_key_arg arg = {
222 		.vdev_id = arvif->vdev_id,
223 		.key_idx = key->keyidx,
224 		.key_len = key->keylen,
225 		.key_data = key->key,
226 		.key_flags = flags,
227 		.macaddr = macaddr,
228 	};
229 
230 	lockdep_assert_held(&arvif->ar->conf_mutex);
231 
232 	switch (key->cipher) {
233 	case WLAN_CIPHER_SUITE_CCMP:
234 		arg.key_cipher = WMI_CIPHER_AES_CCM;
235 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
236 		break;
237 	case WLAN_CIPHER_SUITE_TKIP:
238 		arg.key_cipher = WMI_CIPHER_TKIP;
239 		arg.key_txmic_len = 8;
240 		arg.key_rxmic_len = 8;
241 		break;
242 	case WLAN_CIPHER_SUITE_WEP40:
243 	case WLAN_CIPHER_SUITE_WEP104:
244 		arg.key_cipher = WMI_CIPHER_WEP;
245 		break;
246 	case WLAN_CIPHER_SUITE_CCMP_256:
247 		arg.key_cipher = WMI_CIPHER_AES_CCM;
248 		break;
249 	case WLAN_CIPHER_SUITE_GCMP:
250 	case WLAN_CIPHER_SUITE_GCMP_256:
251 		arg.key_cipher = WMI_CIPHER_AES_GCM;
252 		break;
253 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
254 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
255 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
256 	case WLAN_CIPHER_SUITE_AES_CMAC:
257 		WARN_ON(1);
258 		return -EINVAL;
259 	default:
260 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
261 		return -EOPNOTSUPP;
262 	}
263 
264 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
265 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
266 
267 	if (cmd == DISABLE_KEY) {
268 		arg.key_cipher = WMI_CIPHER_NONE;
269 		arg.key_data = NULL;
270 	}
271 
272 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
273 }
274 
275 static int ath10k_install_key(struct ath10k_vif *arvif,
276 			      struct ieee80211_key_conf *key,
277 			      enum set_key_cmd cmd,
278 			      const u8 *macaddr, u32 flags)
279 {
280 	struct ath10k *ar = arvif->ar;
281 	int ret;
282 	unsigned long time_left;
283 
284 	lockdep_assert_held(&ar->conf_mutex);
285 
286 	reinit_completion(&ar->install_key_done);
287 
288 	if (arvif->nohwcrypt)
289 		return 1;
290 
291 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
292 	if (ret)
293 		return ret;
294 
295 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
296 	if (time_left == 0)
297 		return -ETIMEDOUT;
298 
299 	return 0;
300 }
301 
302 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
303 					const u8 *addr)
304 {
305 	struct ath10k *ar = arvif->ar;
306 	struct ath10k_peer *peer;
307 	int ret;
308 	int i;
309 	u32 flags;
310 
311 	lockdep_assert_held(&ar->conf_mutex);
312 
313 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
314 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
315 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
316 		return -EINVAL;
317 
318 	spin_lock_bh(&ar->data_lock);
319 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
320 	spin_unlock_bh(&ar->data_lock);
321 
322 	if (!peer)
323 		return -ENOENT;
324 
325 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
326 		if (arvif->wep_keys[i] == NULL)
327 			continue;
328 
329 		switch (arvif->vif->type) {
330 		case NL80211_IFTYPE_AP:
331 			flags = WMI_KEY_PAIRWISE;
332 
333 			if (arvif->def_wep_key_idx == i)
334 				flags |= WMI_KEY_TX_USAGE;
335 
336 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
337 						 SET_KEY, addr, flags);
338 			if (ret < 0)
339 				return ret;
340 			break;
341 		case NL80211_IFTYPE_ADHOC:
342 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
343 						 SET_KEY, addr,
344 						 WMI_KEY_PAIRWISE);
345 			if (ret < 0)
346 				return ret;
347 
348 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
349 						 SET_KEY, addr, WMI_KEY_GROUP);
350 			if (ret < 0)
351 				return ret;
352 			break;
353 		default:
354 			WARN_ON(1);
355 			return -EINVAL;
356 		}
357 
358 		spin_lock_bh(&ar->data_lock);
359 		peer->keys[i] = arvif->wep_keys[i];
360 		spin_unlock_bh(&ar->data_lock);
361 	}
362 
363 	/* In some cases (notably with static WEP IBSS with multiple keys)
364 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
365 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
366 	 * didn't seem help. Using def_keyid vdev parameter seems to be
367 	 * effective so use that.
368 	 *
369 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
370 	 */
371 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
372 		return 0;
373 
374 	if (arvif->def_wep_key_idx == -1)
375 		return 0;
376 
377 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
378 					arvif->vdev_id,
379 					arvif->ar->wmi.vdev_param->def_keyid,
380 					arvif->def_wep_key_idx);
381 	if (ret) {
382 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
383 			    arvif->vdev_id, ret);
384 		return ret;
385 	}
386 
387 	return 0;
388 }
389 
390 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
391 				  const u8 *addr)
392 {
393 	struct ath10k *ar = arvif->ar;
394 	struct ath10k_peer *peer;
395 	int first_errno = 0;
396 	int ret;
397 	int i;
398 	u32 flags = 0;
399 
400 	lockdep_assert_held(&ar->conf_mutex);
401 
402 	spin_lock_bh(&ar->data_lock);
403 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
404 	spin_unlock_bh(&ar->data_lock);
405 
406 	if (!peer)
407 		return -ENOENT;
408 
409 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
410 		if (peer->keys[i] == NULL)
411 			continue;
412 
413 		/* key flags are not required to delete the key */
414 		ret = ath10k_install_key(arvif, peer->keys[i],
415 					 DISABLE_KEY, addr, flags);
416 		if (ret < 0 && first_errno == 0)
417 			first_errno = ret;
418 
419 		if (ret < 0)
420 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
421 				    i, ret);
422 
423 		spin_lock_bh(&ar->data_lock);
424 		peer->keys[i] = NULL;
425 		spin_unlock_bh(&ar->data_lock);
426 	}
427 
428 	return first_errno;
429 }
430 
431 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
432 				    u8 keyidx)
433 {
434 	struct ath10k_peer *peer;
435 	int i;
436 
437 	lockdep_assert_held(&ar->data_lock);
438 
439 	/* We don't know which vdev this peer belongs to,
440 	 * since WMI doesn't give us that information.
441 	 *
442 	 * FIXME: multi-bss needs to be handled.
443 	 */
444 	peer = ath10k_peer_find(ar, 0, addr);
445 	if (!peer)
446 		return false;
447 
448 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
449 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
450 			return true;
451 	}
452 
453 	return false;
454 }
455 
456 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
457 				 struct ieee80211_key_conf *key)
458 {
459 	struct ath10k *ar = arvif->ar;
460 	struct ath10k_peer *peer;
461 	u8 addr[ETH_ALEN];
462 	int first_errno = 0;
463 	int ret;
464 	int i;
465 	u32 flags = 0;
466 
467 	lockdep_assert_held(&ar->conf_mutex);
468 
469 	for (;;) {
470 		/* since ath10k_install_key we can't hold data_lock all the
471 		 * time, so we try to remove the keys incrementally
472 		 */
473 		spin_lock_bh(&ar->data_lock);
474 		i = 0;
475 		list_for_each_entry(peer, &ar->peers, list) {
476 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
477 				if (peer->keys[i] == key) {
478 					ether_addr_copy(addr, peer->addr);
479 					peer->keys[i] = NULL;
480 					break;
481 				}
482 			}
483 
484 			if (i < ARRAY_SIZE(peer->keys))
485 				break;
486 		}
487 		spin_unlock_bh(&ar->data_lock);
488 
489 		if (i == ARRAY_SIZE(peer->keys))
490 			break;
491 		/* key flags are not required to delete the key */
492 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
493 		if (ret < 0 && first_errno == 0)
494 			first_errno = ret;
495 
496 		if (ret)
497 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
498 				    addr, ret);
499 	}
500 
501 	return first_errno;
502 }
503 
504 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
505 					 struct ieee80211_key_conf *key)
506 {
507 	struct ath10k *ar = arvif->ar;
508 	struct ath10k_peer *peer;
509 	int ret;
510 
511 	lockdep_assert_held(&ar->conf_mutex);
512 
513 	list_for_each_entry(peer, &ar->peers, list) {
514 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
515 			continue;
516 
517 		if (ether_addr_equal(peer->addr, arvif->bssid))
518 			continue;
519 
520 		if (peer->keys[key->keyidx] == key)
521 			continue;
522 
523 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
524 			   arvif->vdev_id, key->keyidx);
525 
526 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
527 		if (ret) {
528 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
529 				    arvif->vdev_id, peer->addr, ret);
530 			return ret;
531 		}
532 	}
533 
534 	return 0;
535 }
536 
537 /*********************/
538 /* General utilities */
539 /*********************/
540 
541 static inline enum wmi_phy_mode
542 chan_to_phymode(const struct cfg80211_chan_def *chandef)
543 {
544 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
545 
546 	switch (chandef->chan->band) {
547 	case NL80211_BAND_2GHZ:
548 		switch (chandef->width) {
549 		case NL80211_CHAN_WIDTH_20_NOHT:
550 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
551 				phymode = MODE_11B;
552 			else
553 				phymode = MODE_11G;
554 			break;
555 		case NL80211_CHAN_WIDTH_20:
556 			phymode = MODE_11NG_HT20;
557 			break;
558 		case NL80211_CHAN_WIDTH_40:
559 			phymode = MODE_11NG_HT40;
560 			break;
561 		case NL80211_CHAN_WIDTH_5:
562 		case NL80211_CHAN_WIDTH_10:
563 		case NL80211_CHAN_WIDTH_80:
564 		case NL80211_CHAN_WIDTH_80P80:
565 		case NL80211_CHAN_WIDTH_160:
566 			phymode = MODE_UNKNOWN;
567 			break;
568 		}
569 		break;
570 	case NL80211_BAND_5GHZ:
571 		switch (chandef->width) {
572 		case NL80211_CHAN_WIDTH_20_NOHT:
573 			phymode = MODE_11A;
574 			break;
575 		case NL80211_CHAN_WIDTH_20:
576 			phymode = MODE_11NA_HT20;
577 			break;
578 		case NL80211_CHAN_WIDTH_40:
579 			phymode = MODE_11NA_HT40;
580 			break;
581 		case NL80211_CHAN_WIDTH_80:
582 			phymode = MODE_11AC_VHT80;
583 			break;
584 		case NL80211_CHAN_WIDTH_160:
585 			phymode = MODE_11AC_VHT160;
586 			break;
587 		case NL80211_CHAN_WIDTH_80P80:
588 			phymode = MODE_11AC_VHT80_80;
589 			break;
590 		case NL80211_CHAN_WIDTH_5:
591 		case NL80211_CHAN_WIDTH_10:
592 			phymode = MODE_UNKNOWN;
593 			break;
594 		}
595 		break;
596 	default:
597 		break;
598 	}
599 
600 	WARN_ON(phymode == MODE_UNKNOWN);
601 	return phymode;
602 }
603 
604 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
605 {
606 /*
607  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
608  *   0 for no restriction
609  *   1 for 1/4 us
610  *   2 for 1/2 us
611  *   3 for 1 us
612  *   4 for 2 us
613  *   5 for 4 us
614  *   6 for 8 us
615  *   7 for 16 us
616  */
617 	switch (mpdudensity) {
618 	case 0:
619 		return 0;
620 	case 1:
621 	case 2:
622 	case 3:
623 	/* Our lower layer calculations limit our precision to
624 	 * 1 microsecond
625 	 */
626 		return 1;
627 	case 4:
628 		return 2;
629 	case 5:
630 		return 4;
631 	case 6:
632 		return 8;
633 	case 7:
634 		return 16;
635 	default:
636 		return 0;
637 	}
638 }
639 
640 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
641 			struct cfg80211_chan_def *def)
642 {
643 	struct ieee80211_chanctx_conf *conf;
644 
645 	rcu_read_lock();
646 	conf = rcu_dereference(vif->chanctx_conf);
647 	if (!conf) {
648 		rcu_read_unlock();
649 		return -ENOENT;
650 	}
651 
652 	*def = conf->def;
653 	rcu_read_unlock();
654 
655 	return 0;
656 }
657 
658 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
659 					 struct ieee80211_chanctx_conf *conf,
660 					 void *data)
661 {
662 	int *num = data;
663 
664 	(*num)++;
665 }
666 
667 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
668 {
669 	int num = 0;
670 
671 	ieee80211_iter_chan_contexts_atomic(ar->hw,
672 					    ath10k_mac_num_chanctxs_iter,
673 					    &num);
674 
675 	return num;
676 }
677 
678 static void
679 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
680 				struct ieee80211_chanctx_conf *conf,
681 				void *data)
682 {
683 	struct cfg80211_chan_def **def = data;
684 
685 	*def = &conf->def;
686 }
687 
688 static int ath10k_peer_create(struct ath10k *ar,
689 			      struct ieee80211_vif *vif,
690 			      struct ieee80211_sta *sta,
691 			      u32 vdev_id,
692 			      const u8 *addr,
693 			      enum wmi_peer_type peer_type)
694 {
695 	struct ath10k_vif *arvif;
696 	struct ath10k_peer *peer;
697 	int num_peers = 0;
698 	int ret;
699 
700 	lockdep_assert_held(&ar->conf_mutex);
701 
702 	num_peers = ar->num_peers;
703 
704 	/* Each vdev consumes a peer entry as well */
705 	list_for_each_entry(arvif, &ar->arvifs, list)
706 		num_peers++;
707 
708 	if (num_peers >= ar->max_num_peers)
709 		return -ENOBUFS;
710 
711 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
712 	if (ret) {
713 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
714 			    addr, vdev_id, ret);
715 		return ret;
716 	}
717 
718 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
719 	if (ret) {
720 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
721 			    addr, vdev_id, ret);
722 		return ret;
723 	}
724 
725 	spin_lock_bh(&ar->data_lock);
726 
727 	peer = ath10k_peer_find(ar, vdev_id, addr);
728 	if (!peer) {
729 		spin_unlock_bh(&ar->data_lock);
730 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
731 			    addr, vdev_id);
732 		ath10k_wmi_peer_delete(ar, vdev_id, addr);
733 		return -ENOENT;
734 	}
735 
736 	peer->vif = vif;
737 	peer->sta = sta;
738 
739 	spin_unlock_bh(&ar->data_lock);
740 
741 	ar->num_peers++;
742 
743 	return 0;
744 }
745 
746 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
747 {
748 	struct ath10k *ar = arvif->ar;
749 	u32 param;
750 	int ret;
751 
752 	param = ar->wmi.pdev_param->sta_kickout_th;
753 	ret = ath10k_wmi_pdev_set_param(ar, param,
754 					ATH10K_KICKOUT_THRESHOLD);
755 	if (ret) {
756 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
757 			    arvif->vdev_id, ret);
758 		return ret;
759 	}
760 
761 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
762 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
763 					ATH10K_KEEPALIVE_MIN_IDLE);
764 	if (ret) {
765 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
766 			    arvif->vdev_id, ret);
767 		return ret;
768 	}
769 
770 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
771 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
772 					ATH10K_KEEPALIVE_MAX_IDLE);
773 	if (ret) {
774 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
775 			    arvif->vdev_id, ret);
776 		return ret;
777 	}
778 
779 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
780 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
781 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
782 	if (ret) {
783 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
784 			    arvif->vdev_id, ret);
785 		return ret;
786 	}
787 
788 	return 0;
789 }
790 
791 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
792 {
793 	struct ath10k *ar = arvif->ar;
794 	u32 vdev_param;
795 
796 	vdev_param = ar->wmi.vdev_param->rts_threshold;
797 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
798 }
799 
800 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
801 {
802 	int ret;
803 
804 	lockdep_assert_held(&ar->conf_mutex);
805 
806 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
807 	if (ret)
808 		return ret;
809 
810 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
811 	if (ret)
812 		return ret;
813 
814 	ar->num_peers--;
815 
816 	return 0;
817 }
818 
819 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
820 {
821 	struct ath10k_peer *peer, *tmp;
822 	int peer_id;
823 	int i;
824 
825 	lockdep_assert_held(&ar->conf_mutex);
826 
827 	spin_lock_bh(&ar->data_lock);
828 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
829 		if (peer->vdev_id != vdev_id)
830 			continue;
831 
832 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
833 			    peer->addr, vdev_id);
834 
835 		for_each_set_bit(peer_id, peer->peer_ids,
836 				 ATH10K_MAX_NUM_PEER_IDS) {
837 			ar->peer_map[peer_id] = NULL;
838 		}
839 
840 		/* Double check that peer is properly un-referenced from
841 		 * the peer_map
842 		 */
843 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
844 			if (ar->peer_map[i] == peer) {
845 				ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
846 					    peer->addr, peer, i);
847 				ar->peer_map[i] = NULL;
848 			}
849 		}
850 
851 		list_del(&peer->list);
852 		kfree(peer);
853 		ar->num_peers--;
854 	}
855 	spin_unlock_bh(&ar->data_lock);
856 }
857 
858 static void ath10k_peer_cleanup_all(struct ath10k *ar)
859 {
860 	struct ath10k_peer *peer, *tmp;
861 	int i;
862 
863 	lockdep_assert_held(&ar->conf_mutex);
864 
865 	spin_lock_bh(&ar->data_lock);
866 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
867 		list_del(&peer->list);
868 		kfree(peer);
869 	}
870 
871 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
872 		ar->peer_map[i] = NULL;
873 
874 	spin_unlock_bh(&ar->data_lock);
875 
876 	ar->num_peers = 0;
877 	ar->num_stations = 0;
878 }
879 
880 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
881 				       struct ieee80211_sta *sta,
882 				       enum wmi_tdls_peer_state state)
883 {
884 	int ret;
885 	struct wmi_tdls_peer_update_cmd_arg arg = {};
886 	struct wmi_tdls_peer_capab_arg cap = {};
887 	struct wmi_channel_arg chan_arg = {};
888 
889 	lockdep_assert_held(&ar->conf_mutex);
890 
891 	arg.vdev_id = vdev_id;
892 	arg.peer_state = state;
893 	ether_addr_copy(arg.addr, sta->addr);
894 
895 	cap.peer_max_sp = sta->max_sp;
896 	cap.peer_uapsd_queues = sta->uapsd_queues;
897 
898 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
899 	    !sta->tdls_initiator)
900 		cap.is_peer_responder = 1;
901 
902 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
903 	if (ret) {
904 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
905 			    arg.addr, vdev_id, ret);
906 		return ret;
907 	}
908 
909 	return 0;
910 }
911 
912 /************************/
913 /* Interface management */
914 /************************/
915 
916 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
917 {
918 	struct ath10k *ar = arvif->ar;
919 
920 	lockdep_assert_held(&ar->data_lock);
921 
922 	if (!arvif->beacon)
923 		return;
924 
925 	if (!arvif->beacon_buf)
926 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
927 				 arvif->beacon->len, DMA_TO_DEVICE);
928 
929 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
930 		    arvif->beacon_state != ATH10K_BEACON_SENT))
931 		return;
932 
933 	dev_kfree_skb_any(arvif->beacon);
934 
935 	arvif->beacon = NULL;
936 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
937 }
938 
939 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
940 {
941 	struct ath10k *ar = arvif->ar;
942 
943 	lockdep_assert_held(&ar->data_lock);
944 
945 	ath10k_mac_vif_beacon_free(arvif);
946 
947 	if (arvif->beacon_buf) {
948 		dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
949 				  arvif->beacon_buf, arvif->beacon_paddr);
950 		arvif->beacon_buf = NULL;
951 	}
952 }
953 
954 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
955 {
956 	unsigned long time_left;
957 
958 	lockdep_assert_held(&ar->conf_mutex);
959 
960 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
961 		return -ESHUTDOWN;
962 
963 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
964 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
965 	if (time_left == 0)
966 		return -ETIMEDOUT;
967 
968 	return 0;
969 }
970 
971 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
972 {
973 	struct cfg80211_chan_def *chandef = NULL;
974 	struct ieee80211_channel *channel = NULL;
975 	struct wmi_vdev_start_request_arg arg = {};
976 	int ret = 0;
977 
978 	lockdep_assert_held(&ar->conf_mutex);
979 
980 	ieee80211_iter_chan_contexts_atomic(ar->hw,
981 					    ath10k_mac_get_any_chandef_iter,
982 					    &chandef);
983 	if (WARN_ON_ONCE(!chandef))
984 		return -ENOENT;
985 
986 	channel = chandef->chan;
987 
988 	arg.vdev_id = vdev_id;
989 	arg.channel.freq = channel->center_freq;
990 	arg.channel.band_center_freq1 = chandef->center_freq1;
991 	arg.channel.band_center_freq2 = chandef->center_freq2;
992 
993 	/* TODO setup this dynamically, what in case we
994 	 * don't have any vifs?
995 	 */
996 	arg.channel.mode = chan_to_phymode(chandef);
997 	arg.channel.chan_radar =
998 			!!(channel->flags & IEEE80211_CHAN_RADAR);
999 
1000 	arg.channel.min_power = 0;
1001 	arg.channel.max_power = channel->max_power * 2;
1002 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1003 	arg.channel.max_antenna_gain = channel->max_antenna_gain * 2;
1004 
1005 	reinit_completion(&ar->vdev_setup_done);
1006 
1007 	ret = ath10k_wmi_vdev_start(ar, &arg);
1008 	if (ret) {
1009 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1010 			    vdev_id, ret);
1011 		return ret;
1012 	}
1013 
1014 	ret = ath10k_vdev_setup_sync(ar);
1015 	if (ret) {
1016 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1017 			    vdev_id, ret);
1018 		return ret;
1019 	}
1020 
1021 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1022 	if (ret) {
1023 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1024 			    vdev_id, ret);
1025 		goto vdev_stop;
1026 	}
1027 
1028 	ar->monitor_vdev_id = vdev_id;
1029 
1030 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1031 		   ar->monitor_vdev_id);
1032 	return 0;
1033 
1034 vdev_stop:
1035 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1036 	if (ret)
1037 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1038 			    ar->monitor_vdev_id, ret);
1039 
1040 	return ret;
1041 }
1042 
1043 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1044 {
1045 	int ret = 0;
1046 
1047 	lockdep_assert_held(&ar->conf_mutex);
1048 
1049 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1050 	if (ret)
1051 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1052 			    ar->monitor_vdev_id, ret);
1053 
1054 	reinit_completion(&ar->vdev_setup_done);
1055 
1056 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1057 	if (ret)
1058 		ath10k_warn(ar, "failed to to request monitor vdev %i stop: %d\n",
1059 			    ar->monitor_vdev_id, ret);
1060 
1061 	ret = ath10k_vdev_setup_sync(ar);
1062 	if (ret)
1063 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1064 			    ar->monitor_vdev_id, ret);
1065 
1066 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1067 		   ar->monitor_vdev_id);
1068 	return ret;
1069 }
1070 
1071 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1072 {
1073 	int bit, ret = 0;
1074 
1075 	lockdep_assert_held(&ar->conf_mutex);
1076 
1077 	if (ar->free_vdev_map == 0) {
1078 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1079 		return -ENOMEM;
1080 	}
1081 
1082 	bit = __ffs64(ar->free_vdev_map);
1083 
1084 	ar->monitor_vdev_id = bit;
1085 
1086 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1087 				     WMI_VDEV_TYPE_MONITOR,
1088 				     0, ar->mac_addr);
1089 	if (ret) {
1090 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1091 			    ar->monitor_vdev_id, ret);
1092 		return ret;
1093 	}
1094 
1095 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1096 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1097 		   ar->monitor_vdev_id);
1098 
1099 	return 0;
1100 }
1101 
1102 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1103 {
1104 	int ret = 0;
1105 
1106 	lockdep_assert_held(&ar->conf_mutex);
1107 
1108 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1109 	if (ret) {
1110 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1111 			    ar->monitor_vdev_id, ret);
1112 		return ret;
1113 	}
1114 
1115 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1116 
1117 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1118 		   ar->monitor_vdev_id);
1119 	return ret;
1120 }
1121 
1122 static int ath10k_monitor_start(struct ath10k *ar)
1123 {
1124 	int ret;
1125 
1126 	lockdep_assert_held(&ar->conf_mutex);
1127 
1128 	ret = ath10k_monitor_vdev_create(ar);
1129 	if (ret) {
1130 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1131 		return ret;
1132 	}
1133 
1134 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1135 	if (ret) {
1136 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1137 		ath10k_monitor_vdev_delete(ar);
1138 		return ret;
1139 	}
1140 
1141 	ar->monitor_started = true;
1142 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1143 
1144 	return 0;
1145 }
1146 
1147 static int ath10k_monitor_stop(struct ath10k *ar)
1148 {
1149 	int ret;
1150 
1151 	lockdep_assert_held(&ar->conf_mutex);
1152 
1153 	ret = ath10k_monitor_vdev_stop(ar);
1154 	if (ret) {
1155 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1156 		return ret;
1157 	}
1158 
1159 	ret = ath10k_monitor_vdev_delete(ar);
1160 	if (ret) {
1161 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1162 		return ret;
1163 	}
1164 
1165 	ar->monitor_started = false;
1166 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1167 
1168 	return 0;
1169 }
1170 
1171 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1172 {
1173 	int num_ctx;
1174 
1175 	/* At least one chanctx is required to derive a channel to start
1176 	 * monitor vdev on.
1177 	 */
1178 	num_ctx = ath10k_mac_num_chanctxs(ar);
1179 	if (num_ctx == 0)
1180 		return false;
1181 
1182 	/* If there's already an existing special monitor interface then don't
1183 	 * bother creating another monitor vdev.
1184 	 */
1185 	if (ar->monitor_arvif)
1186 		return false;
1187 
1188 	return ar->monitor ||
1189 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1190 			  ar->running_fw->fw_file.fw_features) &&
1191 		(ar->filter_flags & FIF_OTHER_BSS)) ||
1192 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1193 }
1194 
1195 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1196 {
1197 	int num_ctx;
1198 
1199 	num_ctx = ath10k_mac_num_chanctxs(ar);
1200 
1201 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1202 	 * shouldn't allow this but make sure to prevent handling the following
1203 	 * case anyway since multi-channel DFS hasn't been tested at all.
1204 	 */
1205 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1206 		return false;
1207 
1208 	return true;
1209 }
1210 
1211 static int ath10k_monitor_recalc(struct ath10k *ar)
1212 {
1213 	bool needed;
1214 	bool allowed;
1215 	int ret;
1216 
1217 	lockdep_assert_held(&ar->conf_mutex);
1218 
1219 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1220 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1221 
1222 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1223 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1224 		   ar->monitor_started, needed, allowed);
1225 
1226 	if (WARN_ON(needed && !allowed)) {
1227 		if (ar->monitor_started) {
1228 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1229 
1230 			ret = ath10k_monitor_stop(ar);
1231 			if (ret)
1232 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1233 					    ret);
1234 				/* not serious */
1235 		}
1236 
1237 		return -EPERM;
1238 	}
1239 
1240 	if (needed == ar->monitor_started)
1241 		return 0;
1242 
1243 	if (needed)
1244 		return ath10k_monitor_start(ar);
1245 	else
1246 		return ath10k_monitor_stop(ar);
1247 }
1248 
1249 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1250 {
1251 	struct ath10k *ar = arvif->ar;
1252 
1253 	lockdep_assert_held(&ar->conf_mutex);
1254 
1255 	if (!arvif->is_started) {
1256 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1257 		return false;
1258 	}
1259 
1260 	return true;
1261 }
1262 
1263 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1264 {
1265 	struct ath10k *ar = arvif->ar;
1266 	u32 vdev_param;
1267 
1268 	lockdep_assert_held(&ar->conf_mutex);
1269 
1270 	vdev_param = ar->wmi.vdev_param->protection_mode;
1271 
1272 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1273 		   arvif->vdev_id, arvif->use_cts_prot);
1274 
1275 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1276 					 arvif->use_cts_prot ? 1 : 0);
1277 }
1278 
1279 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1280 {
1281 	struct ath10k *ar = arvif->ar;
1282 	u32 vdev_param, rts_cts = 0;
1283 
1284 	lockdep_assert_held(&ar->conf_mutex);
1285 
1286 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1287 
1288 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1289 
1290 	if (arvif->num_legacy_stations > 0)
1291 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1292 			      WMI_RTSCTS_PROFILE);
1293 	else
1294 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1295 			      WMI_RTSCTS_PROFILE);
1296 
1297 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1298 		   arvif->vdev_id, rts_cts);
1299 
1300 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1301 					 rts_cts);
1302 }
1303 
1304 static int ath10k_start_cac(struct ath10k *ar)
1305 {
1306 	int ret;
1307 
1308 	lockdep_assert_held(&ar->conf_mutex);
1309 
1310 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1311 
1312 	ret = ath10k_monitor_recalc(ar);
1313 	if (ret) {
1314 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1315 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1316 		return ret;
1317 	}
1318 
1319 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1320 		   ar->monitor_vdev_id);
1321 
1322 	return 0;
1323 }
1324 
1325 static int ath10k_stop_cac(struct ath10k *ar)
1326 {
1327 	lockdep_assert_held(&ar->conf_mutex);
1328 
1329 	/* CAC is not running - do nothing */
1330 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1331 		return 0;
1332 
1333 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1334 	ath10k_monitor_stop(ar);
1335 
1336 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1337 
1338 	return 0;
1339 }
1340 
1341 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1342 				      struct ieee80211_chanctx_conf *conf,
1343 				      void *data)
1344 {
1345 	bool *ret = data;
1346 
1347 	if (!*ret && conf->radar_enabled)
1348 		*ret = true;
1349 }
1350 
1351 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1352 {
1353 	bool has_radar = false;
1354 
1355 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1356 					    ath10k_mac_has_radar_iter,
1357 					    &has_radar);
1358 
1359 	return has_radar;
1360 }
1361 
1362 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1363 {
1364 	int ret;
1365 
1366 	lockdep_assert_held(&ar->conf_mutex);
1367 
1368 	ath10k_stop_cac(ar);
1369 
1370 	if (!ath10k_mac_has_radar_enabled(ar))
1371 		return;
1372 
1373 	if (ar->num_started_vdevs > 0)
1374 		return;
1375 
1376 	ret = ath10k_start_cac(ar);
1377 	if (ret) {
1378 		/*
1379 		 * Not possible to start CAC on current channel so starting
1380 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1381 		 * by indicating that radar was detected.
1382 		 */
1383 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1384 		ieee80211_radar_detected(ar->hw);
1385 	}
1386 }
1387 
1388 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1389 {
1390 	struct ath10k *ar = arvif->ar;
1391 	int ret;
1392 
1393 	lockdep_assert_held(&ar->conf_mutex);
1394 
1395 	reinit_completion(&ar->vdev_setup_done);
1396 
1397 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1398 	if (ret) {
1399 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1400 			    arvif->vdev_id, ret);
1401 		return ret;
1402 	}
1403 
1404 	ret = ath10k_vdev_setup_sync(ar);
1405 	if (ret) {
1406 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1407 			    arvif->vdev_id, ret);
1408 		return ret;
1409 	}
1410 
1411 	WARN_ON(ar->num_started_vdevs == 0);
1412 
1413 	if (ar->num_started_vdevs != 0) {
1414 		ar->num_started_vdevs--;
1415 		ath10k_recalc_radar_detection(ar);
1416 	}
1417 
1418 	return ret;
1419 }
1420 
1421 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1422 				     const struct cfg80211_chan_def *chandef,
1423 				     bool restart)
1424 {
1425 	struct ath10k *ar = arvif->ar;
1426 	struct wmi_vdev_start_request_arg arg = {};
1427 	int ret = 0;
1428 
1429 	lockdep_assert_held(&ar->conf_mutex);
1430 
1431 	reinit_completion(&ar->vdev_setup_done);
1432 
1433 	arg.vdev_id = arvif->vdev_id;
1434 	arg.dtim_period = arvif->dtim_period;
1435 	arg.bcn_intval = arvif->beacon_interval;
1436 
1437 	arg.channel.freq = chandef->chan->center_freq;
1438 	arg.channel.band_center_freq1 = chandef->center_freq1;
1439 	arg.channel.band_center_freq2 = chandef->center_freq2;
1440 	arg.channel.mode = chan_to_phymode(chandef);
1441 
1442 	arg.channel.min_power = 0;
1443 	arg.channel.max_power = chandef->chan->max_power * 2;
1444 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1445 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain * 2;
1446 
1447 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1448 		arg.ssid = arvif->u.ap.ssid;
1449 		arg.ssid_len = arvif->u.ap.ssid_len;
1450 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1451 
1452 		/* For now allow DFS for AP mode */
1453 		arg.channel.chan_radar =
1454 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1455 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1456 		arg.ssid = arvif->vif->bss_conf.ssid;
1457 		arg.ssid_len = arvif->vif->bss_conf.ssid_len;
1458 	}
1459 
1460 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1461 		   "mac vdev %d start center_freq %d phymode %s\n",
1462 		   arg.vdev_id, arg.channel.freq,
1463 		   ath10k_wmi_phymode_str(arg.channel.mode));
1464 
1465 	if (restart)
1466 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1467 	else
1468 		ret = ath10k_wmi_vdev_start(ar, &arg);
1469 
1470 	if (ret) {
1471 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1472 			    arg.vdev_id, ret);
1473 		return ret;
1474 	}
1475 
1476 	ret = ath10k_vdev_setup_sync(ar);
1477 	if (ret) {
1478 		ath10k_warn(ar,
1479 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1480 			    arg.vdev_id, restart, ret);
1481 		return ret;
1482 	}
1483 
1484 	ar->num_started_vdevs++;
1485 	ath10k_recalc_radar_detection(ar);
1486 
1487 	return ret;
1488 }
1489 
1490 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1491 			     const struct cfg80211_chan_def *def)
1492 {
1493 	return ath10k_vdev_start_restart(arvif, def, false);
1494 }
1495 
1496 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1497 			       const struct cfg80211_chan_def *def)
1498 {
1499 	return ath10k_vdev_start_restart(arvif, def, true);
1500 }
1501 
1502 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1503 				       struct sk_buff *bcn)
1504 {
1505 	struct ath10k *ar = arvif->ar;
1506 	struct ieee80211_mgmt *mgmt;
1507 	const u8 *p2p_ie;
1508 	int ret;
1509 
1510 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1511 		return 0;
1512 
1513 	mgmt = (void *)bcn->data;
1514 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1515 					 mgmt->u.beacon.variable,
1516 					 bcn->len - (mgmt->u.beacon.variable -
1517 						     bcn->data));
1518 	if (!p2p_ie)
1519 		return -ENOENT;
1520 
1521 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1522 	if (ret) {
1523 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1524 			    arvif->vdev_id, ret);
1525 		return ret;
1526 	}
1527 
1528 	return 0;
1529 }
1530 
1531 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1532 				       u8 oui_type, size_t ie_offset)
1533 {
1534 	size_t len;
1535 	const u8 *next;
1536 	const u8 *end;
1537 	u8 *ie;
1538 
1539 	if (WARN_ON(skb->len < ie_offset))
1540 		return -EINVAL;
1541 
1542 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1543 					   skb->data + ie_offset,
1544 					   skb->len - ie_offset);
1545 	if (!ie)
1546 		return -ENOENT;
1547 
1548 	len = ie[1] + 2;
1549 	end = skb->data + skb->len;
1550 	next = ie + len;
1551 
1552 	if (WARN_ON(next > end))
1553 		return -EINVAL;
1554 
1555 	memmove(ie, next, end - next);
1556 	skb_trim(skb, skb->len - len);
1557 
1558 	return 0;
1559 }
1560 
1561 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1562 {
1563 	struct ath10k *ar = arvif->ar;
1564 	struct ieee80211_hw *hw = ar->hw;
1565 	struct ieee80211_vif *vif = arvif->vif;
1566 	struct ieee80211_mutable_offsets offs = {};
1567 	struct sk_buff *bcn;
1568 	int ret;
1569 
1570 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1571 		return 0;
1572 
1573 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1574 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1575 		return 0;
1576 
1577 	bcn = ieee80211_beacon_get_template(hw, vif, &offs);
1578 	if (!bcn) {
1579 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1580 		return -EPERM;
1581 	}
1582 
1583 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1584 	if (ret) {
1585 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1586 		kfree_skb(bcn);
1587 		return ret;
1588 	}
1589 
1590 	/* P2P IE is inserted by firmware automatically (as configured above)
1591 	 * so remove it from the base beacon template to avoid duplicate P2P
1592 	 * IEs in beacon frames.
1593 	 */
1594 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1595 				    offsetof(struct ieee80211_mgmt,
1596 					     u.beacon.variable));
1597 
1598 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1599 				  0, NULL, 0);
1600 	kfree_skb(bcn);
1601 
1602 	if (ret) {
1603 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1604 			    ret);
1605 		return ret;
1606 	}
1607 
1608 	return 0;
1609 }
1610 
1611 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1612 {
1613 	struct ath10k *ar = arvif->ar;
1614 	struct ieee80211_hw *hw = ar->hw;
1615 	struct ieee80211_vif *vif = arvif->vif;
1616 	struct sk_buff *prb;
1617 	int ret;
1618 
1619 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1620 		return 0;
1621 
1622 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1623 		return 0;
1624 
1625 	prb = ieee80211_proberesp_get(hw, vif);
1626 	if (!prb) {
1627 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1628 		return -EPERM;
1629 	}
1630 
1631 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1632 	kfree_skb(prb);
1633 
1634 	if (ret) {
1635 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1636 			    ret);
1637 		return ret;
1638 	}
1639 
1640 	return 0;
1641 }
1642 
1643 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1644 {
1645 	struct ath10k *ar = arvif->ar;
1646 	struct cfg80211_chan_def def;
1647 	int ret;
1648 
1649 	/* When originally vdev is started during assign_vif_chanctx() some
1650 	 * information is missing, notably SSID. Firmware revisions with beacon
1651 	 * offloading require the SSID to be provided during vdev (re)start to
1652 	 * handle hidden SSID properly.
1653 	 *
1654 	 * Vdev restart must be done after vdev has been both started and
1655 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1656 	 * deliver vdev restart response event causing timeouts during vdev
1657 	 * syncing in ath10k.
1658 	 *
1659 	 * Note: The vdev down/up and template reinstallation could be skipped
1660 	 * since only wmi-tlv firmware are known to have beacon offload and
1661 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1662 	 * response delivery. It's probably more robust to keep it as is.
1663 	 */
1664 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1665 		return 0;
1666 
1667 	if (WARN_ON(!arvif->is_started))
1668 		return -EINVAL;
1669 
1670 	if (WARN_ON(!arvif->is_up))
1671 		return -EINVAL;
1672 
1673 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1674 		return -EINVAL;
1675 
1676 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1677 	if (ret) {
1678 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1679 			    arvif->vdev_id, ret);
1680 		return ret;
1681 	}
1682 
1683 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1684 	 * firmware will crash upon vdev up.
1685 	 */
1686 
1687 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1688 	if (ret) {
1689 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1690 		return ret;
1691 	}
1692 
1693 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1694 	if (ret) {
1695 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1696 		return ret;
1697 	}
1698 
1699 	ret = ath10k_vdev_restart(arvif, &def);
1700 	if (ret) {
1701 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1702 			    arvif->vdev_id, ret);
1703 		return ret;
1704 	}
1705 
1706 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1707 				 arvif->bssid);
1708 	if (ret) {
1709 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1710 			    arvif->vdev_id, ret);
1711 		return ret;
1712 	}
1713 
1714 	return 0;
1715 }
1716 
1717 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1718 				     struct ieee80211_bss_conf *info)
1719 {
1720 	struct ath10k *ar = arvif->ar;
1721 	int ret = 0;
1722 
1723 	lockdep_assert_held(&arvif->ar->conf_mutex);
1724 
1725 	if (!info->enable_beacon) {
1726 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1727 		if (ret)
1728 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1729 				    arvif->vdev_id, ret);
1730 
1731 		arvif->is_up = false;
1732 
1733 		spin_lock_bh(&arvif->ar->data_lock);
1734 		ath10k_mac_vif_beacon_free(arvif);
1735 		spin_unlock_bh(&arvif->ar->data_lock);
1736 
1737 		return;
1738 	}
1739 
1740 	arvif->tx_seq_no = 0x1000;
1741 
1742 	arvif->aid = 0;
1743 	ether_addr_copy(arvif->bssid, info->bssid);
1744 
1745 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1746 				 arvif->bssid);
1747 	if (ret) {
1748 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1749 			    arvif->vdev_id, ret);
1750 		return;
1751 	}
1752 
1753 	arvif->is_up = true;
1754 
1755 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1756 	if (ret) {
1757 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1758 			    arvif->vdev_id, ret);
1759 		return;
1760 	}
1761 
1762 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1763 }
1764 
1765 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1766 				struct ieee80211_bss_conf *info,
1767 				const u8 self_peer[ETH_ALEN])
1768 {
1769 	struct ath10k *ar = arvif->ar;
1770 	u32 vdev_param;
1771 	int ret = 0;
1772 
1773 	lockdep_assert_held(&arvif->ar->conf_mutex);
1774 
1775 	if (!info->ibss_joined) {
1776 		if (is_zero_ether_addr(arvif->bssid))
1777 			return;
1778 
1779 		eth_zero_addr(arvif->bssid);
1780 
1781 		return;
1782 	}
1783 
1784 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1785 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1786 					ATH10K_DEFAULT_ATIM);
1787 	if (ret)
1788 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1789 			    arvif->vdev_id, ret);
1790 }
1791 
1792 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1793 {
1794 	struct ath10k *ar = arvif->ar;
1795 	u32 param;
1796 	u32 value;
1797 	int ret;
1798 
1799 	lockdep_assert_held(&arvif->ar->conf_mutex);
1800 
1801 	if (arvif->u.sta.uapsd)
1802 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1803 	else
1804 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1805 
1806 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1807 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1808 	if (ret) {
1809 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1810 			    value, arvif->vdev_id, ret);
1811 		return ret;
1812 	}
1813 
1814 	return 0;
1815 }
1816 
1817 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1818 {
1819 	struct ath10k *ar = arvif->ar;
1820 	u32 param;
1821 	u32 value;
1822 	int ret;
1823 
1824 	lockdep_assert_held(&arvif->ar->conf_mutex);
1825 
1826 	if (arvif->u.sta.uapsd)
1827 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1828 	else
1829 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1830 
1831 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1832 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1833 					  param, value);
1834 	if (ret) {
1835 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1836 			    value, arvif->vdev_id, ret);
1837 		return ret;
1838 	}
1839 
1840 	return 0;
1841 }
1842 
1843 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1844 {
1845 	struct ath10k_vif *arvif;
1846 	int num = 0;
1847 
1848 	lockdep_assert_held(&ar->conf_mutex);
1849 
1850 	list_for_each_entry(arvif, &ar->arvifs, list)
1851 		if (arvif->is_started)
1852 			num++;
1853 
1854 	return num;
1855 }
1856 
1857 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1858 {
1859 	struct ath10k *ar = arvif->ar;
1860 	struct ieee80211_vif *vif = arvif->vif;
1861 	struct ieee80211_conf *conf = &ar->hw->conf;
1862 	enum wmi_sta_powersave_param param;
1863 	enum wmi_sta_ps_mode psmode;
1864 	int ret;
1865 	int ps_timeout;
1866 	bool enable_ps;
1867 
1868 	lockdep_assert_held(&arvif->ar->conf_mutex);
1869 
1870 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1871 		return 0;
1872 
1873 	enable_ps = arvif->ps;
1874 
1875 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1876 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1877 		      ar->running_fw->fw_file.fw_features)) {
1878 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1879 			    arvif->vdev_id);
1880 		enable_ps = false;
1881 	}
1882 
1883 	if (!arvif->is_started) {
1884 		/* mac80211 can update vif powersave state while disconnected.
1885 		 * Firmware doesn't behave nicely and consumes more power than
1886 		 * necessary if PS is disabled on a non-started vdev. Hence
1887 		 * force-enable PS for non-running vdevs.
1888 		 */
1889 		psmode = WMI_STA_PS_MODE_ENABLED;
1890 	} else if (enable_ps) {
1891 		psmode = WMI_STA_PS_MODE_ENABLED;
1892 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1893 
1894 		ps_timeout = conf->dynamic_ps_timeout;
1895 		if (ps_timeout == 0) {
1896 			/* Firmware doesn't like 0 */
1897 			ps_timeout = ieee80211_tu_to_usec(
1898 				vif->bss_conf.beacon_int) / 1000;
1899 		}
1900 
1901 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1902 						  ps_timeout);
1903 		if (ret) {
1904 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1905 				    arvif->vdev_id, ret);
1906 			return ret;
1907 		}
1908 	} else {
1909 		psmode = WMI_STA_PS_MODE_DISABLED;
1910 	}
1911 
1912 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1913 		   arvif->vdev_id, psmode ? "enable" : "disable");
1914 
1915 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1916 	if (ret) {
1917 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
1918 			    psmode, arvif->vdev_id, ret);
1919 		return ret;
1920 	}
1921 
1922 	return 0;
1923 }
1924 
1925 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
1926 {
1927 	struct ath10k *ar = arvif->ar;
1928 	struct wmi_sta_keepalive_arg arg = {};
1929 	int ret;
1930 
1931 	lockdep_assert_held(&arvif->ar->conf_mutex);
1932 
1933 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
1934 		return 0;
1935 
1936 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
1937 		return 0;
1938 
1939 	/* Some firmware revisions have a bug and ignore the `enabled` field.
1940 	 * Instead use the interval to disable the keepalive.
1941 	 */
1942 	arg.vdev_id = arvif->vdev_id;
1943 	arg.enabled = 1;
1944 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
1945 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
1946 
1947 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
1948 	if (ret) {
1949 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
1950 			    arvif->vdev_id, ret);
1951 		return ret;
1952 	}
1953 
1954 	return 0;
1955 }
1956 
1957 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
1958 {
1959 	struct ath10k *ar = arvif->ar;
1960 	struct ieee80211_vif *vif = arvif->vif;
1961 	int ret;
1962 
1963 	lockdep_assert_held(&arvif->ar->conf_mutex);
1964 
1965 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
1966 		return;
1967 
1968 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1969 		return;
1970 
1971 	if (!vif->csa_active)
1972 		return;
1973 
1974 	if (!arvif->is_up)
1975 		return;
1976 
1977 	if (!ieee80211_csa_is_complete(vif)) {
1978 		ieee80211_csa_update_counter(vif);
1979 
1980 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
1981 		if (ret)
1982 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
1983 				    ret);
1984 
1985 		ret = ath10k_mac_setup_prb_tmpl(arvif);
1986 		if (ret)
1987 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
1988 				    ret);
1989 	} else {
1990 		ieee80211_csa_finish(vif);
1991 	}
1992 }
1993 
1994 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
1995 {
1996 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
1997 						ap_csa_work);
1998 	struct ath10k *ar = arvif->ar;
1999 
2000 	mutex_lock(&ar->conf_mutex);
2001 	ath10k_mac_vif_ap_csa_count_down(arvif);
2002 	mutex_unlock(&ar->conf_mutex);
2003 }
2004 
2005 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2006 					  struct ieee80211_vif *vif)
2007 {
2008 	struct sk_buff *skb = data;
2009 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2010 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2011 
2012 	if (vif->type != NL80211_IFTYPE_STATION)
2013 		return;
2014 
2015 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2016 		return;
2017 
2018 	cancel_delayed_work(&arvif->connection_loss_work);
2019 }
2020 
2021 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2022 {
2023 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2024 						   IEEE80211_IFACE_ITER_NORMAL,
2025 						   ath10k_mac_handle_beacon_iter,
2026 						   skb);
2027 }
2028 
2029 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2030 					       struct ieee80211_vif *vif)
2031 {
2032 	u32 *vdev_id = data;
2033 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2034 	struct ath10k *ar = arvif->ar;
2035 	struct ieee80211_hw *hw = ar->hw;
2036 
2037 	if (arvif->vdev_id != *vdev_id)
2038 		return;
2039 
2040 	if (!arvif->is_up)
2041 		return;
2042 
2043 	ieee80211_beacon_loss(vif);
2044 
2045 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2046 	 * (done by mac80211) succeeds but beacons do not resume then it
2047 	 * doesn't make sense to continue operation. Queue connection loss work
2048 	 * which can be cancelled when beacon is received.
2049 	 */
2050 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2051 				     ATH10K_CONNECTION_LOSS_HZ);
2052 }
2053 
2054 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2055 {
2056 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2057 						   IEEE80211_IFACE_ITER_NORMAL,
2058 						   ath10k_mac_handle_beacon_miss_iter,
2059 						   &vdev_id);
2060 }
2061 
2062 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2063 {
2064 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2065 						connection_loss_work.work);
2066 	struct ieee80211_vif *vif = arvif->vif;
2067 
2068 	if (!arvif->is_up)
2069 		return;
2070 
2071 	ieee80211_connection_loss(vif);
2072 }
2073 
2074 /**********************/
2075 /* Station management */
2076 /**********************/
2077 
2078 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2079 					     struct ieee80211_vif *vif)
2080 {
2081 	/* Some firmware revisions have unstable STA powersave when listen
2082 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2083 	 * generate NullFunc frames properly even if buffered frames have been
2084 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2085 	 * buffered frames. Often pinging the device from AP would simply fail.
2086 	 *
2087 	 * As a workaround set it to 1.
2088 	 */
2089 	if (vif->type == NL80211_IFTYPE_STATION)
2090 		return 1;
2091 
2092 	return ar->hw->conf.listen_interval;
2093 }
2094 
2095 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2096 				      struct ieee80211_vif *vif,
2097 				      struct ieee80211_sta *sta,
2098 				      struct wmi_peer_assoc_complete_arg *arg)
2099 {
2100 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2101 	u32 aid;
2102 
2103 	lockdep_assert_held(&ar->conf_mutex);
2104 
2105 	if (vif->type == NL80211_IFTYPE_STATION)
2106 		aid = vif->bss_conf.aid;
2107 	else
2108 		aid = sta->aid;
2109 
2110 	ether_addr_copy(arg->addr, sta->addr);
2111 	arg->vdev_id = arvif->vdev_id;
2112 	arg->peer_aid = aid;
2113 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2114 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2115 	arg->peer_num_spatial_streams = 1;
2116 	arg->peer_caps = vif->bss_conf.assoc_capability;
2117 }
2118 
2119 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2120 				       struct ieee80211_vif *vif,
2121 				       struct ieee80211_sta *sta,
2122 				       struct wmi_peer_assoc_complete_arg *arg)
2123 {
2124 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2125 	struct cfg80211_chan_def def;
2126 	struct cfg80211_bss *bss;
2127 	const u8 *rsnie = NULL;
2128 	const u8 *wpaie = NULL;
2129 
2130 	lockdep_assert_held(&ar->conf_mutex);
2131 
2132 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2133 		return;
2134 
2135 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid, NULL, 0,
2136 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2137 	if (bss) {
2138 		const struct cfg80211_bss_ies *ies;
2139 
2140 		rcu_read_lock();
2141 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2142 
2143 		ies = rcu_dereference(bss->ies);
2144 
2145 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2146 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2147 						ies->data,
2148 						ies->len);
2149 		rcu_read_unlock();
2150 		cfg80211_put_bss(ar->hw->wiphy, bss);
2151 	}
2152 
2153 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2154 	if (rsnie || wpaie) {
2155 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2156 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2157 	}
2158 
2159 	if (wpaie) {
2160 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2161 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2162 	}
2163 
2164 	if (sta->mfp &&
2165 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2166 		     ar->running_fw->fw_file.fw_features)) {
2167 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2168 	}
2169 }
2170 
2171 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2172 				      struct ieee80211_vif *vif,
2173 				      struct ieee80211_sta *sta,
2174 				      struct wmi_peer_assoc_complete_arg *arg)
2175 {
2176 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2177 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2178 	struct cfg80211_chan_def def;
2179 	const struct ieee80211_supported_band *sband;
2180 	const struct ieee80211_rate *rates;
2181 	enum nl80211_band band;
2182 	u32 ratemask;
2183 	u8 rate;
2184 	int i;
2185 
2186 	lockdep_assert_held(&ar->conf_mutex);
2187 
2188 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2189 		return;
2190 
2191 	band = def.chan->band;
2192 	sband = ar->hw->wiphy->bands[band];
2193 	ratemask = sta->supp_rates[band];
2194 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2195 	rates = sband->bitrates;
2196 
2197 	rateset->num_rates = 0;
2198 
2199 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2200 		if (!(ratemask & 1))
2201 			continue;
2202 
2203 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2204 		rateset->rates[rateset->num_rates] = rate;
2205 		rateset->num_rates++;
2206 	}
2207 }
2208 
2209 static bool
2210 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2211 {
2212 	int nss;
2213 
2214 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2215 		if (ht_mcs_mask[nss])
2216 			return false;
2217 
2218 	return true;
2219 }
2220 
2221 static bool
2222 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2223 {
2224 	int nss;
2225 
2226 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2227 		if (vht_mcs_mask[nss])
2228 			return false;
2229 
2230 	return true;
2231 }
2232 
2233 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2234 				   struct ieee80211_vif *vif,
2235 				   struct ieee80211_sta *sta,
2236 				   struct wmi_peer_assoc_complete_arg *arg)
2237 {
2238 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->ht_cap;
2239 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2240 	struct cfg80211_chan_def def;
2241 	enum nl80211_band band;
2242 	const u8 *ht_mcs_mask;
2243 	const u16 *vht_mcs_mask;
2244 	int i, n;
2245 	u8 max_nss;
2246 	u32 stbc;
2247 
2248 	lockdep_assert_held(&ar->conf_mutex);
2249 
2250 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2251 		return;
2252 
2253 	if (!ht_cap->ht_supported)
2254 		return;
2255 
2256 	band = def.chan->band;
2257 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2258 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2259 
2260 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2261 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2262 		return;
2263 
2264 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2265 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2266 				    ht_cap->ampdu_factor)) - 1;
2267 
2268 	arg->peer_mpdu_density =
2269 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2270 
2271 	arg->peer_ht_caps = ht_cap->cap;
2272 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2273 
2274 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2275 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2276 
2277 	if (sta->bandwidth >= IEEE80211_STA_RX_BW_40) {
2278 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2279 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2280 	}
2281 
2282 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2283 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2284 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2285 
2286 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2287 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2288 	}
2289 
2290 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2291 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2292 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2293 	}
2294 
2295 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2296 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2297 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2298 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2299 		arg->peer_rate_caps |= stbc;
2300 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2301 	}
2302 
2303 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2304 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2305 	else if (ht_cap->mcs.rx_mask[1])
2306 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2307 
2308 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2309 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2310 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2311 			max_nss = (i / 8) + 1;
2312 			arg->peer_ht_rates.rates[n++] = i;
2313 		}
2314 
2315 	/*
2316 	 * This is a workaround for HT-enabled STAs which break the spec
2317 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2318 	 *
2319 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2320 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2321 	 *
2322 	 * Firmware asserts if such situation occurs.
2323 	 */
2324 	if (n == 0) {
2325 		arg->peer_ht_rates.num_rates = 8;
2326 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2327 			arg->peer_ht_rates.rates[i] = i;
2328 	} else {
2329 		arg->peer_ht_rates.num_rates = n;
2330 		arg->peer_num_spatial_streams = min(sta->rx_nss, max_nss);
2331 	}
2332 
2333 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2334 		   arg->addr,
2335 		   arg->peer_ht_rates.num_rates,
2336 		   arg->peer_num_spatial_streams);
2337 }
2338 
2339 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2340 				    struct ath10k_vif *arvif,
2341 				    struct ieee80211_sta *sta)
2342 {
2343 	u32 uapsd = 0;
2344 	u32 max_sp = 0;
2345 	int ret = 0;
2346 
2347 	lockdep_assert_held(&ar->conf_mutex);
2348 
2349 	if (sta->wme && sta->uapsd_queues) {
2350 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2351 			   sta->uapsd_queues, sta->max_sp);
2352 
2353 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2354 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2355 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2356 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2357 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2358 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2359 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2360 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2361 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2362 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2363 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2364 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2365 
2366 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2367 			max_sp = sta->max_sp;
2368 
2369 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2370 						 sta->addr,
2371 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2372 						 uapsd);
2373 		if (ret) {
2374 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2375 				    arvif->vdev_id, ret);
2376 			return ret;
2377 		}
2378 
2379 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2380 						 sta->addr,
2381 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2382 						 max_sp);
2383 		if (ret) {
2384 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2385 				    arvif->vdev_id, ret);
2386 			return ret;
2387 		}
2388 
2389 		/* TODO setup this based on STA listen interval and
2390 		 * beacon interval. Currently we don't know
2391 		 * sta->listen_interval - mac80211 patch required.
2392 		 * Currently use 10 seconds
2393 		 */
2394 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2395 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2396 						 10);
2397 		if (ret) {
2398 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2399 				    arvif->vdev_id, ret);
2400 			return ret;
2401 		}
2402 	}
2403 
2404 	return 0;
2405 }
2406 
2407 static u16
2408 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2409 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2410 {
2411 	int idx_limit;
2412 	int nss;
2413 	u16 mcs_map;
2414 	u16 mcs;
2415 
2416 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2417 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2418 			  vht_mcs_limit[nss];
2419 
2420 		if (mcs_map)
2421 			idx_limit = fls(mcs_map) - 1;
2422 		else
2423 			idx_limit = -1;
2424 
2425 		switch (idx_limit) {
2426 		case 0: /* fall through */
2427 		case 1: /* fall through */
2428 		case 2: /* fall through */
2429 		case 3: /* fall through */
2430 		case 4: /* fall through */
2431 		case 5: /* fall through */
2432 		case 6: /* fall through */
2433 		default:
2434 			/* see ath10k_mac_can_set_bitrate_mask() */
2435 			WARN_ON(1);
2436 			/* fall through */
2437 		case -1:
2438 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2439 			break;
2440 		case 7:
2441 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2442 			break;
2443 		case 8:
2444 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2445 			break;
2446 		case 9:
2447 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2448 			break;
2449 		}
2450 
2451 		tx_mcs_set &= ~(0x3 << (nss * 2));
2452 		tx_mcs_set |= mcs << (nss * 2);
2453 	}
2454 
2455 	return tx_mcs_set;
2456 }
2457 
2458 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2459 				    struct ieee80211_vif *vif,
2460 				    struct ieee80211_sta *sta,
2461 				    struct wmi_peer_assoc_complete_arg *arg)
2462 {
2463 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->vht_cap;
2464 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2465 	struct cfg80211_chan_def def;
2466 	enum nl80211_band band;
2467 	const u16 *vht_mcs_mask;
2468 	u8 ampdu_factor;
2469 	u8 max_nss, vht_mcs;
2470 	int i;
2471 
2472 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2473 		return;
2474 
2475 	if (!vht_cap->vht_supported)
2476 		return;
2477 
2478 	band = def.chan->band;
2479 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2480 
2481 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2482 		return;
2483 
2484 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2485 
2486 	if (def.chan->band == NL80211_BAND_2GHZ)
2487 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2488 
2489 	arg->peer_vht_caps = vht_cap->cap;
2490 
2491 	ampdu_factor = (vht_cap->cap &
2492 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2493 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2494 
2495 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2496 	 * zero in VHT IE. Using it would result in degraded throughput.
2497 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2498 	 * it if VHT max_mpdu is smaller.
2499 	 */
2500 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2501 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2502 					ampdu_factor)) - 1);
2503 
2504 	if (sta->bandwidth == IEEE80211_STA_RX_BW_80)
2505 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2506 
2507 	if (sta->bandwidth == IEEE80211_STA_RX_BW_160)
2508 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2509 
2510 	/* Calculate peer NSS capability from VHT capabilities if STA
2511 	 * supports VHT.
2512 	 */
2513 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2514 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2515 			  (2 * i) & 3;
2516 
2517 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2518 		    vht_mcs_mask[i])
2519 			max_nss = i + 1;
2520 	}
2521 	arg->peer_num_spatial_streams = min(sta->rx_nss, max_nss);
2522 	arg->peer_vht_rates.rx_max_rate =
2523 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2524 	arg->peer_vht_rates.rx_mcs_set =
2525 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2526 	arg->peer_vht_rates.tx_max_rate =
2527 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2528 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2529 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2530 
2531 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vht peer %pM max_mpdu %d flags 0x%x\n",
2532 		   sta->addr, arg->peer_max_mpdu, arg->peer_flags);
2533 
2534 	if (arg->peer_vht_rates.rx_max_rate &&
2535 	    (sta->vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK)) {
2536 		switch (arg->peer_vht_rates.rx_max_rate) {
2537 		case 1560:
2538 			/* Must be 2x2 at 160Mhz is all it can do. */
2539 			arg->peer_bw_rxnss_override = 2;
2540 			break;
2541 		case 780:
2542 			/* Can only do 1x1 at 160Mhz (Long Guard Interval) */
2543 			arg->peer_bw_rxnss_override = 1;
2544 			break;
2545 		}
2546 	}
2547 }
2548 
2549 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2550 				    struct ieee80211_vif *vif,
2551 				    struct ieee80211_sta *sta,
2552 				    struct wmi_peer_assoc_complete_arg *arg)
2553 {
2554 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2555 
2556 	switch (arvif->vdev_type) {
2557 	case WMI_VDEV_TYPE_AP:
2558 		if (sta->wme)
2559 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2560 
2561 		if (sta->wme && sta->uapsd_queues) {
2562 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2563 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2564 		}
2565 		break;
2566 	case WMI_VDEV_TYPE_STA:
2567 		if (sta->wme)
2568 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2569 		break;
2570 	case WMI_VDEV_TYPE_IBSS:
2571 		if (sta->wme)
2572 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2573 		break;
2574 	default:
2575 		break;
2576 	}
2577 
2578 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2579 		   sta->addr, !!(arg->peer_flags &
2580 		   arvif->ar->wmi.peer_flags->qos));
2581 }
2582 
2583 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2584 {
2585 	return sta->supp_rates[NL80211_BAND_2GHZ] >>
2586 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2587 }
2588 
2589 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2590 						    struct ieee80211_sta *sta)
2591 {
2592 	if (sta->bandwidth == IEEE80211_STA_RX_BW_160) {
2593 		switch (sta->vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2594 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2595 			return MODE_11AC_VHT160;
2596 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2597 			return MODE_11AC_VHT80_80;
2598 		default:
2599 			/* not sure if this is a valid case? */
2600 			return MODE_11AC_VHT160;
2601 		}
2602 	}
2603 
2604 	if (sta->bandwidth == IEEE80211_STA_RX_BW_80)
2605 		return MODE_11AC_VHT80;
2606 
2607 	if (sta->bandwidth == IEEE80211_STA_RX_BW_40)
2608 		return MODE_11AC_VHT40;
2609 
2610 	if (sta->bandwidth == IEEE80211_STA_RX_BW_20)
2611 		return MODE_11AC_VHT20;
2612 
2613 	return MODE_UNKNOWN;
2614 }
2615 
2616 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2617 					struct ieee80211_vif *vif,
2618 					struct ieee80211_sta *sta,
2619 					struct wmi_peer_assoc_complete_arg *arg)
2620 {
2621 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2622 	struct cfg80211_chan_def def;
2623 	enum nl80211_band band;
2624 	const u8 *ht_mcs_mask;
2625 	const u16 *vht_mcs_mask;
2626 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2627 
2628 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2629 		return;
2630 
2631 	band = def.chan->band;
2632 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2633 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2634 
2635 	switch (band) {
2636 	case NL80211_BAND_2GHZ:
2637 		if (sta->vht_cap.vht_supported &&
2638 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2639 			if (sta->bandwidth == IEEE80211_STA_RX_BW_40)
2640 				phymode = MODE_11AC_VHT40;
2641 			else
2642 				phymode = MODE_11AC_VHT20;
2643 		} else if (sta->ht_cap.ht_supported &&
2644 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2645 			if (sta->bandwidth == IEEE80211_STA_RX_BW_40)
2646 				phymode = MODE_11NG_HT40;
2647 			else
2648 				phymode = MODE_11NG_HT20;
2649 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2650 			phymode = MODE_11G;
2651 		} else {
2652 			phymode = MODE_11B;
2653 		}
2654 
2655 		break;
2656 	case NL80211_BAND_5GHZ:
2657 		/*
2658 		 * Check VHT first.
2659 		 */
2660 		if (sta->vht_cap.vht_supported &&
2661 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2662 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2663 		} else if (sta->ht_cap.ht_supported &&
2664 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2665 			if (sta->bandwidth >= IEEE80211_STA_RX_BW_40)
2666 				phymode = MODE_11NA_HT40;
2667 			else
2668 				phymode = MODE_11NA_HT20;
2669 		} else {
2670 			phymode = MODE_11A;
2671 		}
2672 
2673 		break;
2674 	default:
2675 		break;
2676 	}
2677 
2678 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2679 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2680 
2681 	arg->peer_phymode = phymode;
2682 	WARN_ON(phymode == MODE_UNKNOWN);
2683 }
2684 
2685 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2686 				     struct ieee80211_vif *vif,
2687 				     struct ieee80211_sta *sta,
2688 				     struct wmi_peer_assoc_complete_arg *arg)
2689 {
2690 	lockdep_assert_held(&ar->conf_mutex);
2691 
2692 	memset(arg, 0, sizeof(*arg));
2693 
2694 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2695 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2696 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2697 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2698 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2699 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2700 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2701 
2702 	return 0;
2703 }
2704 
2705 static const u32 ath10k_smps_map[] = {
2706 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2707 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2708 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2709 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2710 };
2711 
2712 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2713 				  const u8 *addr,
2714 				  const struct ieee80211_sta_ht_cap *ht_cap)
2715 {
2716 	int smps;
2717 
2718 	if (!ht_cap->ht_supported)
2719 		return 0;
2720 
2721 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2722 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2723 
2724 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2725 		return -EINVAL;
2726 
2727 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2728 					 WMI_PEER_SMPS_STATE,
2729 					 ath10k_smps_map[smps]);
2730 }
2731 
2732 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2733 				      struct ieee80211_vif *vif,
2734 				      struct ieee80211_sta_vht_cap vht_cap)
2735 {
2736 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2737 	int ret;
2738 	u32 param;
2739 	u32 value;
2740 
2741 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2742 		return 0;
2743 
2744 	if (!(ar->vht_cap_info &
2745 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2746 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2747 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2748 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2749 		return 0;
2750 
2751 	param = ar->wmi.vdev_param->txbf;
2752 	value = 0;
2753 
2754 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2755 		return 0;
2756 
2757 	/* The following logic is correct. If a remote STA advertises support
2758 	 * for being a beamformer then we should enable us being a beamformee.
2759 	 */
2760 
2761 	if (ar->vht_cap_info &
2762 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2763 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2764 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2765 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2766 
2767 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2768 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2769 	}
2770 
2771 	if (ar->vht_cap_info &
2772 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2773 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2774 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2775 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2776 
2777 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2778 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2779 	}
2780 
2781 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2782 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2783 
2784 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2785 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2786 
2787 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2788 	if (ret) {
2789 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2790 			    value, ret);
2791 		return ret;
2792 	}
2793 
2794 	return 0;
2795 }
2796 
2797 /* can be called only in mac80211 callbacks due to `key_count` usage */
2798 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
2799 			     struct ieee80211_vif *vif,
2800 			     struct ieee80211_bss_conf *bss_conf)
2801 {
2802 	struct ath10k *ar = hw->priv;
2803 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2804 	struct ieee80211_sta_ht_cap ht_cap;
2805 	struct ieee80211_sta_vht_cap vht_cap;
2806 	struct wmi_peer_assoc_complete_arg peer_arg;
2807 	struct ieee80211_sta *ap_sta;
2808 	int ret;
2809 
2810 	lockdep_assert_held(&ar->conf_mutex);
2811 
2812 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
2813 		   arvif->vdev_id, arvif->bssid, arvif->aid);
2814 
2815 	rcu_read_lock();
2816 
2817 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
2818 	if (!ap_sta) {
2819 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
2820 			    bss_conf->bssid, arvif->vdev_id);
2821 		rcu_read_unlock();
2822 		return;
2823 	}
2824 
2825 	/* ap_sta must be accessed only within rcu section which must be left
2826 	 * before calling ath10k_setup_peer_smps() which might sleep.
2827 	 */
2828 	ht_cap = ap_sta->ht_cap;
2829 	vht_cap = ap_sta->vht_cap;
2830 
2831 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
2832 	if (ret) {
2833 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
2834 			    bss_conf->bssid, arvif->vdev_id, ret);
2835 		rcu_read_unlock();
2836 		return;
2837 	}
2838 
2839 	rcu_read_unlock();
2840 
2841 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
2842 	if (ret) {
2843 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
2844 			    bss_conf->bssid, arvif->vdev_id, ret);
2845 		return;
2846 	}
2847 
2848 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
2849 	if (ret) {
2850 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
2851 			    arvif->vdev_id, ret);
2852 		return;
2853 	}
2854 
2855 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
2856 	if (ret) {
2857 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
2858 			    arvif->vdev_id, bss_conf->bssid, ret);
2859 		return;
2860 	}
2861 
2862 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2863 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
2864 		   arvif->vdev_id, bss_conf->bssid, bss_conf->aid);
2865 
2866 	WARN_ON(arvif->is_up);
2867 
2868 	arvif->aid = bss_conf->aid;
2869 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
2870 
2871 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
2872 	if (ret) {
2873 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
2874 			    arvif->vdev_id, ret);
2875 		return;
2876 	}
2877 
2878 	arvif->is_up = true;
2879 
2880 	/* Workaround: Some firmware revisions (tested with qca6174
2881 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
2882 	 * poked with peer param command.
2883 	 */
2884 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
2885 					WMI_PEER_DUMMY_VAR, 1);
2886 	if (ret) {
2887 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
2888 			    arvif->bssid, arvif->vdev_id, ret);
2889 		return;
2890 	}
2891 }
2892 
2893 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
2894 				struct ieee80211_vif *vif)
2895 {
2896 	struct ath10k *ar = hw->priv;
2897 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2898 	struct ieee80211_sta_vht_cap vht_cap = {};
2899 	int ret;
2900 
2901 	lockdep_assert_held(&ar->conf_mutex);
2902 
2903 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
2904 		   arvif->vdev_id, arvif->bssid);
2905 
2906 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
2907 	if (ret)
2908 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
2909 			    arvif->vdev_id, ret);
2910 
2911 	arvif->def_wep_key_idx = -1;
2912 
2913 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
2914 	if (ret) {
2915 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
2916 			    arvif->vdev_id, ret);
2917 		return;
2918 	}
2919 
2920 	arvif->is_up = false;
2921 
2922 	cancel_delayed_work_sync(&arvif->connection_loss_work);
2923 }
2924 
2925 static int ath10k_station_assoc(struct ath10k *ar,
2926 				struct ieee80211_vif *vif,
2927 				struct ieee80211_sta *sta,
2928 				bool reassoc)
2929 {
2930 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2931 	struct wmi_peer_assoc_complete_arg peer_arg;
2932 	int ret = 0;
2933 
2934 	lockdep_assert_held(&ar->conf_mutex);
2935 
2936 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
2937 	if (ret) {
2938 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
2939 			    sta->addr, arvif->vdev_id, ret);
2940 		return ret;
2941 	}
2942 
2943 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
2944 	if (ret) {
2945 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
2946 			    sta->addr, arvif->vdev_id, ret);
2947 		return ret;
2948 	}
2949 
2950 	/* Re-assoc is run only to update supported rates for given station. It
2951 	 * doesn't make much sense to reconfigure the peer completely.
2952 	 */
2953 	if (!reassoc) {
2954 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
2955 					     &sta->ht_cap);
2956 		if (ret) {
2957 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
2958 				    arvif->vdev_id, ret);
2959 			return ret;
2960 		}
2961 
2962 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
2963 		if (ret) {
2964 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
2965 				    sta->addr, arvif->vdev_id, ret);
2966 			return ret;
2967 		}
2968 
2969 		if (!sta->wme) {
2970 			arvif->num_legacy_stations++;
2971 			ret  = ath10k_recalc_rtscts_prot(arvif);
2972 			if (ret) {
2973 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
2974 					    arvif->vdev_id, ret);
2975 				return ret;
2976 			}
2977 		}
2978 
2979 		/* Plumb cached keys only for static WEP */
2980 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
2981 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
2982 			if (ret) {
2983 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
2984 					    arvif->vdev_id, ret);
2985 				return ret;
2986 			}
2987 		}
2988 	}
2989 
2990 	return ret;
2991 }
2992 
2993 static int ath10k_station_disassoc(struct ath10k *ar,
2994 				   struct ieee80211_vif *vif,
2995 				   struct ieee80211_sta *sta)
2996 {
2997 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2998 	int ret = 0;
2999 
3000 	lockdep_assert_held(&ar->conf_mutex);
3001 
3002 	if (!sta->wme) {
3003 		arvif->num_legacy_stations--;
3004 		ret = ath10k_recalc_rtscts_prot(arvif);
3005 		if (ret) {
3006 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3007 				    arvif->vdev_id, ret);
3008 			return ret;
3009 		}
3010 	}
3011 
3012 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3013 	if (ret) {
3014 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3015 			    arvif->vdev_id, ret);
3016 		return ret;
3017 	}
3018 
3019 	return ret;
3020 }
3021 
3022 /**************/
3023 /* Regulatory */
3024 /**************/
3025 
3026 static int ath10k_update_channel_list(struct ath10k *ar)
3027 {
3028 	struct ieee80211_hw *hw = ar->hw;
3029 	struct ieee80211_supported_band **bands;
3030 	enum nl80211_band band;
3031 	struct ieee80211_channel *channel;
3032 	struct wmi_scan_chan_list_arg arg = {0};
3033 	struct wmi_channel_arg *ch;
3034 	bool passive;
3035 	int len;
3036 	int ret;
3037 	int i;
3038 
3039 	lockdep_assert_held(&ar->conf_mutex);
3040 
3041 	bands = hw->wiphy->bands;
3042 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3043 		if (!bands[band])
3044 			continue;
3045 
3046 		for (i = 0; i < bands[band]->n_channels; i++) {
3047 			if (bands[band]->channels[i].flags &
3048 			    IEEE80211_CHAN_DISABLED)
3049 				continue;
3050 
3051 			arg.n_channels++;
3052 		}
3053 	}
3054 
3055 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3056 	arg.channels = kzalloc(len, GFP_KERNEL);
3057 	if (!arg.channels)
3058 		return -ENOMEM;
3059 
3060 	ch = arg.channels;
3061 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3062 		if (!bands[band])
3063 			continue;
3064 
3065 		for (i = 0; i < bands[band]->n_channels; i++) {
3066 			channel = &bands[band]->channels[i];
3067 
3068 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3069 				continue;
3070 
3071 			ch->allow_ht = true;
3072 
3073 			/* FIXME: when should we really allow VHT? */
3074 			ch->allow_vht = true;
3075 
3076 			ch->allow_ibss =
3077 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3078 
3079 			ch->ht40plus =
3080 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3081 
3082 			ch->chan_radar =
3083 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3084 
3085 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3086 			ch->passive = passive;
3087 
3088 			ch->freq = channel->center_freq;
3089 			ch->band_center_freq1 = channel->center_freq;
3090 			ch->min_power = 0;
3091 			ch->max_power = channel->max_power * 2;
3092 			ch->max_reg_power = channel->max_reg_power * 2;
3093 			ch->max_antenna_gain = channel->max_antenna_gain * 2;
3094 			ch->reg_class_id = 0; /* FIXME */
3095 
3096 			/* FIXME: why use only legacy modes, why not any
3097 			 * HT/VHT modes? Would that even make any
3098 			 * difference?
3099 			 */
3100 			if (channel->band == NL80211_BAND_2GHZ)
3101 				ch->mode = MODE_11G;
3102 			else
3103 				ch->mode = MODE_11A;
3104 
3105 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3106 				continue;
3107 
3108 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3109 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3110 				    ch - arg.channels, arg.n_channels,
3111 				   ch->freq, ch->max_power, ch->max_reg_power,
3112 				   ch->max_antenna_gain, ch->mode);
3113 
3114 			ch++;
3115 		}
3116 	}
3117 
3118 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3119 	kfree(arg.channels);
3120 
3121 	return ret;
3122 }
3123 
3124 static enum wmi_dfs_region
3125 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3126 {
3127 	switch (dfs_region) {
3128 	case NL80211_DFS_UNSET:
3129 		return WMI_UNINIT_DFS_DOMAIN;
3130 	case NL80211_DFS_FCC:
3131 		return WMI_FCC_DFS_DOMAIN;
3132 	case NL80211_DFS_ETSI:
3133 		return WMI_ETSI_DFS_DOMAIN;
3134 	case NL80211_DFS_JP:
3135 		return WMI_MKK4_DFS_DOMAIN;
3136 	}
3137 	return WMI_UNINIT_DFS_DOMAIN;
3138 }
3139 
3140 static void ath10k_regd_update(struct ath10k *ar)
3141 {
3142 	struct reg_dmn_pair_mapping *regpair;
3143 	int ret;
3144 	enum wmi_dfs_region wmi_dfs_reg;
3145 	enum nl80211_dfs_regions nl_dfs_reg;
3146 
3147 	lockdep_assert_held(&ar->conf_mutex);
3148 
3149 	ret = ath10k_update_channel_list(ar);
3150 	if (ret)
3151 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3152 
3153 	regpair = ar->ath_common.regulatory.regpair;
3154 
3155 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3156 		nl_dfs_reg = ar->dfs_detector->region;
3157 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3158 	} else {
3159 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3160 	}
3161 
3162 	/* Target allows setting up per-band regdomain but ath_common provides
3163 	 * a combined one only
3164 	 */
3165 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3166 					    regpair->reg_domain,
3167 					    regpair->reg_domain, /* 2ghz */
3168 					    regpair->reg_domain, /* 5ghz */
3169 					    regpair->reg_2ghz_ctl,
3170 					    regpair->reg_5ghz_ctl,
3171 					    wmi_dfs_reg);
3172 	if (ret)
3173 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3174 }
3175 
3176 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3177 					   struct ieee80211_supported_band *band)
3178 {
3179 	int i;
3180 
3181 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3182 		for (i = 0; i < band->n_channels; i++) {
3183 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3184 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3185 				band->channels[i].flags |=
3186 					IEEE80211_CHAN_DISABLED;
3187 		}
3188 	}
3189 }
3190 
3191 static void ath10k_reg_notifier(struct wiphy *wiphy,
3192 				struct regulatory_request *request)
3193 {
3194 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3195 	struct ath10k *ar = hw->priv;
3196 	bool result;
3197 
3198 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3199 
3200 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3201 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3202 			   request->dfs_region);
3203 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3204 							  request->dfs_region);
3205 		if (!result)
3206 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3207 				    request->dfs_region);
3208 	}
3209 
3210 	mutex_lock(&ar->conf_mutex);
3211 	if (ar->state == ATH10K_STATE_ON)
3212 		ath10k_regd_update(ar);
3213 	mutex_unlock(&ar->conf_mutex);
3214 
3215 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3216 		ath10k_mac_update_channel_list(ar,
3217 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3218 }
3219 
3220 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3221 {
3222 	spin_lock_bh(&ar->data_lock);
3223 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3224 	spin_unlock_bh(&ar->data_lock);
3225 
3226 	cancel_work_sync(&ar->radar_confirmation_work);
3227 }
3228 
3229 /***************/
3230 /* TX handlers */
3231 /***************/
3232 
3233 enum ath10k_mac_tx_path {
3234 	ATH10K_MAC_TX_HTT,
3235 	ATH10K_MAC_TX_HTT_MGMT,
3236 	ATH10K_MAC_TX_WMI_MGMT,
3237 	ATH10K_MAC_TX_UNKNOWN,
3238 };
3239 
3240 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3241 {
3242 	lockdep_assert_held(&ar->htt.tx_lock);
3243 
3244 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3245 	ar->tx_paused |= BIT(reason);
3246 	ieee80211_stop_queues(ar->hw);
3247 }
3248 
3249 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3250 				      struct ieee80211_vif *vif)
3251 {
3252 	struct ath10k *ar = data;
3253 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3254 
3255 	if (arvif->tx_paused)
3256 		return;
3257 
3258 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3259 }
3260 
3261 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3262 {
3263 	lockdep_assert_held(&ar->htt.tx_lock);
3264 
3265 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3266 	ar->tx_paused &= ~BIT(reason);
3267 
3268 	if (ar->tx_paused)
3269 		return;
3270 
3271 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3272 						   IEEE80211_IFACE_ITER_RESUME_ALL,
3273 						   ath10k_mac_tx_unlock_iter,
3274 						   ar);
3275 
3276 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3277 }
3278 
3279 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3280 {
3281 	struct ath10k *ar = arvif->ar;
3282 
3283 	lockdep_assert_held(&ar->htt.tx_lock);
3284 
3285 	WARN_ON(reason >= BITS_PER_LONG);
3286 	arvif->tx_paused |= BIT(reason);
3287 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3288 }
3289 
3290 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3291 {
3292 	struct ath10k *ar = arvif->ar;
3293 
3294 	lockdep_assert_held(&ar->htt.tx_lock);
3295 
3296 	WARN_ON(reason >= BITS_PER_LONG);
3297 	arvif->tx_paused &= ~BIT(reason);
3298 
3299 	if (ar->tx_paused)
3300 		return;
3301 
3302 	if (arvif->tx_paused)
3303 		return;
3304 
3305 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3306 }
3307 
3308 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3309 					   enum wmi_tlv_tx_pause_id pause_id,
3310 					   enum wmi_tlv_tx_pause_action action)
3311 {
3312 	struct ath10k *ar = arvif->ar;
3313 
3314 	lockdep_assert_held(&ar->htt.tx_lock);
3315 
3316 	switch (action) {
3317 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3318 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3319 		break;
3320 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3321 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3322 		break;
3323 	default:
3324 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3325 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3326 			    action, arvif->vdev_id);
3327 		break;
3328 	}
3329 }
3330 
3331 struct ath10k_mac_tx_pause {
3332 	u32 vdev_id;
3333 	enum wmi_tlv_tx_pause_id pause_id;
3334 	enum wmi_tlv_tx_pause_action action;
3335 };
3336 
3337 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3338 					    struct ieee80211_vif *vif)
3339 {
3340 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3341 	struct ath10k_mac_tx_pause *arg = data;
3342 
3343 	if (arvif->vdev_id != arg->vdev_id)
3344 		return;
3345 
3346 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3347 }
3348 
3349 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3350 				     enum wmi_tlv_tx_pause_id pause_id,
3351 				     enum wmi_tlv_tx_pause_action action)
3352 {
3353 	struct ath10k_mac_tx_pause arg = {
3354 		.vdev_id = vdev_id,
3355 		.pause_id = pause_id,
3356 		.action = action,
3357 	};
3358 
3359 	spin_lock_bh(&ar->htt.tx_lock);
3360 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3361 						   IEEE80211_IFACE_ITER_RESUME_ALL,
3362 						   ath10k_mac_handle_tx_pause_iter,
3363 						   &arg);
3364 	spin_unlock_bh(&ar->htt.tx_lock);
3365 }
3366 
3367 static enum ath10k_hw_txrx_mode
3368 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3369 			   struct ieee80211_vif *vif,
3370 			   struct ieee80211_sta *sta,
3371 			   struct sk_buff *skb)
3372 {
3373 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3374 	__le16 fc = hdr->frame_control;
3375 
3376 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3377 		return ATH10K_HW_TXRX_RAW;
3378 
3379 	if (ieee80211_is_mgmt(fc))
3380 		return ATH10K_HW_TXRX_MGMT;
3381 
3382 	/* Workaround:
3383 	 *
3384 	 * NullFunc frames are mostly used to ping if a client or AP are still
3385 	 * reachable and responsive. This implies tx status reports must be
3386 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3387 	 * come to a conclusion that the other end disappeared and tear down
3388 	 * BSS connection or it can never disconnect from BSS/client (which is
3389 	 * the case).
3390 	 *
3391 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3392 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3393 	 * which seems to deliver correct tx reports for NullFunc frames. The
3394 	 * downside of using it is it ignores client powersave state so it can
3395 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3396 	 * mode though because AP don't sleep.
3397 	 */
3398 	if (ar->htt.target_version_major < 3 &&
3399 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3400 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3401 		      ar->running_fw->fw_file.fw_features))
3402 		return ATH10K_HW_TXRX_MGMT;
3403 
3404 	/* Workaround:
3405 	 *
3406 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3407 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3408 	 * to work with Ethernet txmode so use it.
3409 	 *
3410 	 * FIXME: Check if raw mode works with TDLS.
3411 	 */
3412 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3413 		return ATH10K_HW_TXRX_ETHERNET;
3414 
3415 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
3416 		return ATH10K_HW_TXRX_RAW;
3417 
3418 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3419 }
3420 
3421 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3422 				     struct sk_buff *skb)
3423 {
3424 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3425 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3426 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3427 			 IEEE80211_TX_CTL_INJECTED;
3428 
3429 	if (!ieee80211_has_protected(hdr->frame_control))
3430 		return false;
3431 
3432 	if ((info->flags & mask) == mask)
3433 		return false;
3434 
3435 	if (vif)
3436 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3437 
3438 	return true;
3439 }
3440 
3441 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3442  * Control in the header.
3443  */
3444 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3445 {
3446 	struct ieee80211_hdr *hdr = (void *)skb->data;
3447 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3448 	u8 *qos_ctl;
3449 
3450 	if (!ieee80211_is_data_qos(hdr->frame_control))
3451 		return;
3452 
3453 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3454 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3455 		skb->data, (void *)qos_ctl - (void *)skb->data);
3456 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3457 
3458 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3459 	 * These frames are mainly used for CQM purposes so it doesn't really
3460 	 * matter whether QoS NullFunc or NullFunc are sent.
3461 	 */
3462 	hdr = (void *)skb->data;
3463 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3464 		cb->flags &= ~ATH10K_SKB_F_QOS;
3465 
3466 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3467 }
3468 
3469 static void ath10k_tx_h_8023(struct sk_buff *skb)
3470 {
3471 	struct ieee80211_hdr *hdr;
3472 	struct rfc1042_hdr *rfc1042;
3473 	struct ethhdr *eth;
3474 	size_t hdrlen;
3475 	u8 da[ETH_ALEN];
3476 	u8 sa[ETH_ALEN];
3477 	__be16 type;
3478 
3479 	hdr = (void *)skb->data;
3480 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3481 	rfc1042 = (void *)skb->data + hdrlen;
3482 
3483 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3484 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3485 	type = rfc1042->snap_type;
3486 
3487 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3488 	skb_push(skb, sizeof(*eth));
3489 
3490 	eth = (void *)skb->data;
3491 	ether_addr_copy(eth->h_dest, da);
3492 	ether_addr_copy(eth->h_source, sa);
3493 	eth->h_proto = type;
3494 }
3495 
3496 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3497 				       struct ieee80211_vif *vif,
3498 				       struct sk_buff *skb)
3499 {
3500 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3501 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3502 
3503 	/* This is case only for P2P_GO */
3504 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3505 		return;
3506 
3507 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3508 		spin_lock_bh(&ar->data_lock);
3509 		if (arvif->u.ap.noa_data)
3510 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3511 					      GFP_ATOMIC))
3512 				skb_put_data(skb, arvif->u.ap.noa_data,
3513 					     arvif->u.ap.noa_len);
3514 		spin_unlock_bh(&ar->data_lock);
3515 	}
3516 }
3517 
3518 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3519 				    struct ieee80211_vif *vif,
3520 				    struct ieee80211_txq *txq,
3521 				    struct sk_buff *skb)
3522 {
3523 	struct ieee80211_hdr *hdr = (void *)skb->data;
3524 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3525 
3526 	cb->flags = 0;
3527 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3528 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3529 
3530 	if (ieee80211_is_mgmt(hdr->frame_control))
3531 		cb->flags |= ATH10K_SKB_F_MGMT;
3532 
3533 	if (ieee80211_is_data_qos(hdr->frame_control))
3534 		cb->flags |= ATH10K_SKB_F_QOS;
3535 
3536 	cb->vif = vif;
3537 	cb->txq = txq;
3538 }
3539 
3540 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3541 {
3542 	/* FIXME: Not really sure since when the behaviour changed. At some
3543 	 * point new firmware stopped requiring creation of peer entries for
3544 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3545 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3546 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3547 	 */
3548 	return (ar->htt.target_version_major >= 3 &&
3549 		ar->htt.target_version_minor >= 4 &&
3550 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3551 }
3552 
3553 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3554 {
3555 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3556 	int ret = 0;
3557 
3558 	spin_lock_bh(&ar->data_lock);
3559 
3560 	if (skb_queue_len(q) == ATH10K_MAX_NUM_MGMT_PENDING) {
3561 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3562 		ret = -ENOSPC;
3563 		goto unlock;
3564 	}
3565 
3566 	__skb_queue_tail(q, skb);
3567 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3568 
3569 unlock:
3570 	spin_unlock_bh(&ar->data_lock);
3571 
3572 	return ret;
3573 }
3574 
3575 static enum ath10k_mac_tx_path
3576 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3577 			   struct sk_buff *skb,
3578 			   enum ath10k_hw_txrx_mode txmode)
3579 {
3580 	switch (txmode) {
3581 	case ATH10K_HW_TXRX_RAW:
3582 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3583 	case ATH10K_HW_TXRX_ETHERNET:
3584 		return ATH10K_MAC_TX_HTT;
3585 	case ATH10K_HW_TXRX_MGMT:
3586 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3587 			     ar->running_fw->fw_file.fw_features) ||
3588 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
3589 				      ar->wmi.svc_map))
3590 			return ATH10K_MAC_TX_WMI_MGMT;
3591 		else if (ar->htt.target_version_major >= 3)
3592 			return ATH10K_MAC_TX_HTT;
3593 		else
3594 			return ATH10K_MAC_TX_HTT_MGMT;
3595 	}
3596 
3597 	return ATH10K_MAC_TX_UNKNOWN;
3598 }
3599 
3600 static int ath10k_mac_tx_submit(struct ath10k *ar,
3601 				enum ath10k_hw_txrx_mode txmode,
3602 				enum ath10k_mac_tx_path txpath,
3603 				struct sk_buff *skb)
3604 {
3605 	struct ath10k_htt *htt = &ar->htt;
3606 	int ret = -EINVAL;
3607 
3608 	switch (txpath) {
3609 	case ATH10K_MAC_TX_HTT:
3610 		ret = ath10k_htt_tx(htt, txmode, skb);
3611 		break;
3612 	case ATH10K_MAC_TX_HTT_MGMT:
3613 		ret = ath10k_htt_mgmt_tx(htt, skb);
3614 		break;
3615 	case ATH10K_MAC_TX_WMI_MGMT:
3616 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
3617 		break;
3618 	case ATH10K_MAC_TX_UNKNOWN:
3619 		WARN_ON_ONCE(1);
3620 		ret = -EINVAL;
3621 		break;
3622 	}
3623 
3624 	if (ret) {
3625 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
3626 			    ret);
3627 		ieee80211_free_txskb(ar->hw, skb);
3628 	}
3629 
3630 	return ret;
3631 }
3632 
3633 /* This function consumes the sk_buff regardless of return value as far as
3634  * caller is concerned so no freeing is necessary afterwards.
3635  */
3636 static int ath10k_mac_tx(struct ath10k *ar,
3637 			 struct ieee80211_vif *vif,
3638 			 enum ath10k_hw_txrx_mode txmode,
3639 			 enum ath10k_mac_tx_path txpath,
3640 			 struct sk_buff *skb)
3641 {
3642 	struct ieee80211_hw *hw = ar->hw;
3643 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3644 	int ret;
3645 
3646 	/* We should disable CCK RATE due to P2P */
3647 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
3648 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
3649 
3650 	switch (txmode) {
3651 	case ATH10K_HW_TXRX_MGMT:
3652 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3653 		ath10k_tx_h_nwifi(hw, skb);
3654 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
3655 		ath10k_tx_h_seq_no(vif, skb);
3656 		break;
3657 	case ATH10K_HW_TXRX_ETHERNET:
3658 		ath10k_tx_h_8023(skb);
3659 		break;
3660 	case ATH10K_HW_TXRX_RAW:
3661 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
3662 			WARN_ON_ONCE(1);
3663 			ieee80211_free_txskb(hw, skb);
3664 			return -ENOTSUPP;
3665 		}
3666 	}
3667 
3668 	if (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
3669 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
3670 			ath10k_dbg(ar, ATH10K_DBG_MAC, "queued offchannel skb %pK\n",
3671 				   skb);
3672 
3673 			skb_queue_tail(&ar->offchan_tx_queue, skb);
3674 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
3675 			return 0;
3676 		}
3677 	}
3678 
3679 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
3680 	if (ret) {
3681 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
3682 		return ret;
3683 	}
3684 
3685 	return 0;
3686 }
3687 
3688 void ath10k_offchan_tx_purge(struct ath10k *ar)
3689 {
3690 	struct sk_buff *skb;
3691 
3692 	for (;;) {
3693 		skb = skb_dequeue(&ar->offchan_tx_queue);
3694 		if (!skb)
3695 			break;
3696 
3697 		ieee80211_free_txskb(ar->hw, skb);
3698 	}
3699 }
3700 
3701 void ath10k_offchan_tx_work(struct work_struct *work)
3702 {
3703 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
3704 	struct ath10k_peer *peer;
3705 	struct ath10k_vif *arvif;
3706 	enum ath10k_hw_txrx_mode txmode;
3707 	enum ath10k_mac_tx_path txpath;
3708 	struct ieee80211_hdr *hdr;
3709 	struct ieee80211_vif *vif;
3710 	struct ieee80211_sta *sta;
3711 	struct sk_buff *skb;
3712 	const u8 *peer_addr;
3713 	int vdev_id;
3714 	int ret;
3715 	unsigned long time_left;
3716 	bool tmp_peer_created = false;
3717 
3718 	/* FW requirement: We must create a peer before FW will send out
3719 	 * an offchannel frame. Otherwise the frame will be stuck and
3720 	 * never transmitted. We delete the peer upon tx completion.
3721 	 * It is unlikely that a peer for offchannel tx will already be
3722 	 * present. However it may be in some rare cases so account for that.
3723 	 * Otherwise we might remove a legitimate peer and break stuff.
3724 	 */
3725 
3726 	for (;;) {
3727 		skb = skb_dequeue(&ar->offchan_tx_queue);
3728 		if (!skb)
3729 			break;
3730 
3731 		mutex_lock(&ar->conf_mutex);
3732 
3733 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %pK\n",
3734 			   skb);
3735 
3736 		hdr = (struct ieee80211_hdr *)skb->data;
3737 		peer_addr = ieee80211_get_DA(hdr);
3738 
3739 		spin_lock_bh(&ar->data_lock);
3740 		vdev_id = ar->scan.vdev_id;
3741 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
3742 		spin_unlock_bh(&ar->data_lock);
3743 
3744 		if (peer)
3745 			/* FIXME: should this use ath10k_warn()? */
3746 			ath10k_dbg(ar, ATH10K_DBG_MAC, "peer %pM on vdev %d already present\n",
3747 				   peer_addr, vdev_id);
3748 
3749 		if (!peer) {
3750 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
3751 						 peer_addr,
3752 						 WMI_PEER_TYPE_DEFAULT);
3753 			if (ret)
3754 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
3755 					    peer_addr, vdev_id, ret);
3756 			tmp_peer_created = (ret == 0);
3757 		}
3758 
3759 		spin_lock_bh(&ar->data_lock);
3760 		reinit_completion(&ar->offchan_tx_completed);
3761 		ar->offchan_tx_skb = skb;
3762 		spin_unlock_bh(&ar->data_lock);
3763 
3764 		/* It's safe to access vif and sta - conf_mutex guarantees that
3765 		 * sta_state() and remove_interface() are locked exclusively
3766 		 * out wrt to this offchannel worker.
3767 		 */
3768 		arvif = ath10k_get_arvif(ar, vdev_id);
3769 		if (arvif) {
3770 			vif = arvif->vif;
3771 			sta = ieee80211_find_sta(vif, peer_addr);
3772 		} else {
3773 			vif = NULL;
3774 			sta = NULL;
3775 		}
3776 
3777 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
3778 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
3779 
3780 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb);
3781 		if (ret) {
3782 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
3783 				    ret);
3784 			/* not serious */
3785 		}
3786 
3787 		time_left =
3788 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
3789 		if (time_left == 0)
3790 			ath10k_warn(ar, "timed out waiting for offchannel skb %pK\n",
3791 				    skb);
3792 
3793 		if (!peer && tmp_peer_created) {
3794 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
3795 			if (ret)
3796 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
3797 					    peer_addr, vdev_id, ret);
3798 		}
3799 
3800 		mutex_unlock(&ar->conf_mutex);
3801 	}
3802 }
3803 
3804 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
3805 {
3806 	struct sk_buff *skb;
3807 
3808 	for (;;) {
3809 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
3810 		if (!skb)
3811 			break;
3812 
3813 		ieee80211_free_txskb(ar->hw, skb);
3814 	}
3815 }
3816 
3817 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
3818 {
3819 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
3820 	struct sk_buff *skb;
3821 	dma_addr_t paddr;
3822 	int ret;
3823 
3824 	for (;;) {
3825 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
3826 		if (!skb)
3827 			break;
3828 
3829 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
3830 			     ar->running_fw->fw_file.fw_features)) {
3831 			paddr = dma_map_single(ar->dev, skb->data,
3832 					       skb->len, DMA_TO_DEVICE);
3833 			if (!paddr)
3834 				continue;
3835 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
3836 			if (ret) {
3837 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
3838 					    ret);
3839 				dma_unmap_single(ar->dev, paddr, skb->len,
3840 						 DMA_FROM_DEVICE);
3841 				ieee80211_free_txskb(ar->hw, skb);
3842 			}
3843 		} else {
3844 			ret = ath10k_wmi_mgmt_tx(ar, skb);
3845 			if (ret) {
3846 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
3847 					    ret);
3848 				ieee80211_free_txskb(ar->hw, skb);
3849 			}
3850 		}
3851 	}
3852 }
3853 
3854 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
3855 {
3856 	struct ath10k_txq *artxq;
3857 
3858 	if (!txq)
3859 		return;
3860 
3861 	artxq = (void *)txq->drv_priv;
3862 	INIT_LIST_HEAD(&artxq->list);
3863 }
3864 
3865 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
3866 {
3867 	struct ath10k_txq *artxq;
3868 	struct ath10k_skb_cb *cb;
3869 	struct sk_buff *msdu;
3870 	int msdu_id;
3871 
3872 	if (!txq)
3873 		return;
3874 
3875 	artxq = (void *)txq->drv_priv;
3876 	spin_lock_bh(&ar->txqs_lock);
3877 	if (!list_empty(&artxq->list))
3878 		list_del_init(&artxq->list);
3879 	spin_unlock_bh(&ar->txqs_lock);
3880 
3881 	spin_lock_bh(&ar->htt.tx_lock);
3882 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
3883 		cb = ATH10K_SKB_CB(msdu);
3884 		if (cb->txq == txq)
3885 			cb->txq = NULL;
3886 	}
3887 	spin_unlock_bh(&ar->htt.tx_lock);
3888 }
3889 
3890 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
3891 					    u16 peer_id,
3892 					    u8 tid)
3893 {
3894 	struct ath10k_peer *peer;
3895 
3896 	lockdep_assert_held(&ar->data_lock);
3897 
3898 	peer = ar->peer_map[peer_id];
3899 	if (!peer)
3900 		return NULL;
3901 
3902 	if (peer->removed)
3903 		return NULL;
3904 
3905 	if (peer->sta)
3906 		return peer->sta->txq[tid];
3907 	else if (peer->vif)
3908 		return peer->vif->txq;
3909 	else
3910 		return NULL;
3911 }
3912 
3913 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
3914 				   struct ieee80211_txq *txq)
3915 {
3916 	struct ath10k *ar = hw->priv;
3917 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
3918 
3919 	/* No need to get locks */
3920 
3921 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
3922 		return true;
3923 
3924 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
3925 		return true;
3926 
3927 	if (artxq->num_fw_queued < artxq->num_push_allowed)
3928 		return true;
3929 
3930 	return false;
3931 }
3932 
3933 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
3934 			   struct ieee80211_txq *txq)
3935 {
3936 	struct ath10k *ar = hw->priv;
3937 	struct ath10k_htt *htt = &ar->htt;
3938 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
3939 	struct ieee80211_vif *vif = txq->vif;
3940 	struct ieee80211_sta *sta = txq->sta;
3941 	enum ath10k_hw_txrx_mode txmode;
3942 	enum ath10k_mac_tx_path txpath;
3943 	struct sk_buff *skb;
3944 	struct ieee80211_hdr *hdr;
3945 	size_t skb_len;
3946 	bool is_mgmt, is_presp;
3947 	int ret;
3948 
3949 	spin_lock_bh(&ar->htt.tx_lock);
3950 	ret = ath10k_htt_tx_inc_pending(htt);
3951 	spin_unlock_bh(&ar->htt.tx_lock);
3952 
3953 	if (ret)
3954 		return ret;
3955 
3956 	skb = ieee80211_tx_dequeue(hw, txq);
3957 	if (!skb) {
3958 		spin_lock_bh(&ar->htt.tx_lock);
3959 		ath10k_htt_tx_dec_pending(htt);
3960 		spin_unlock_bh(&ar->htt.tx_lock);
3961 
3962 		return -ENOENT;
3963 	}
3964 
3965 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, skb);
3966 
3967 	skb_len = skb->len;
3968 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
3969 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
3970 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
3971 
3972 	if (is_mgmt) {
3973 		hdr = (struct ieee80211_hdr *)skb->data;
3974 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
3975 
3976 		spin_lock_bh(&ar->htt.tx_lock);
3977 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
3978 
3979 		if (ret) {
3980 			ath10k_htt_tx_dec_pending(htt);
3981 			spin_unlock_bh(&ar->htt.tx_lock);
3982 			return ret;
3983 		}
3984 		spin_unlock_bh(&ar->htt.tx_lock);
3985 	}
3986 
3987 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb);
3988 	if (unlikely(ret)) {
3989 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
3990 
3991 		spin_lock_bh(&ar->htt.tx_lock);
3992 		ath10k_htt_tx_dec_pending(htt);
3993 		if (is_mgmt)
3994 			ath10k_htt_tx_mgmt_dec_pending(htt);
3995 		spin_unlock_bh(&ar->htt.tx_lock);
3996 
3997 		return ret;
3998 	}
3999 
4000 	spin_lock_bh(&ar->htt.tx_lock);
4001 	artxq->num_fw_queued++;
4002 	spin_unlock_bh(&ar->htt.tx_lock);
4003 
4004 	return skb_len;
4005 }
4006 
4007 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4008 {
4009 	struct ieee80211_hw *hw = ar->hw;
4010 	struct ieee80211_txq *txq;
4011 	struct ath10k_txq *artxq;
4012 	struct ath10k_txq *last;
4013 	int ret;
4014 	int max;
4015 
4016 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4017 		return;
4018 
4019 	spin_lock_bh(&ar->txqs_lock);
4020 	rcu_read_lock();
4021 
4022 	last = list_last_entry(&ar->txqs, struct ath10k_txq, list);
4023 	while (!list_empty(&ar->txqs)) {
4024 		artxq = list_first_entry(&ar->txqs, struct ath10k_txq, list);
4025 		txq = container_of((void *)artxq, struct ieee80211_txq,
4026 				   drv_priv);
4027 
4028 		/* Prevent aggressive sta/tid taking over tx queue */
4029 		max = 16;
4030 		ret = 0;
4031 		while (ath10k_mac_tx_can_push(hw, txq) && max--) {
4032 			ret = ath10k_mac_tx_push_txq(hw, txq);
4033 			if (ret < 0)
4034 				break;
4035 		}
4036 
4037 		list_del_init(&artxq->list);
4038 		if (ret != -ENOENT)
4039 			list_add_tail(&artxq->list, &ar->txqs);
4040 
4041 		ath10k_htt_tx_txq_update(hw, txq);
4042 
4043 		if (artxq == last || (ret < 0 && ret != -ENOENT))
4044 			break;
4045 	}
4046 
4047 	rcu_read_unlock();
4048 	spin_unlock_bh(&ar->txqs_lock);
4049 }
4050 
4051 /************/
4052 /* Scanning */
4053 /************/
4054 
4055 void __ath10k_scan_finish(struct ath10k *ar)
4056 {
4057 	lockdep_assert_held(&ar->data_lock);
4058 
4059 	switch (ar->scan.state) {
4060 	case ATH10K_SCAN_IDLE:
4061 		break;
4062 	case ATH10K_SCAN_RUNNING:
4063 	case ATH10K_SCAN_ABORTING:
4064 		if (!ar->scan.is_roc) {
4065 			struct cfg80211_scan_info info = {
4066 				.aborted = (ar->scan.state ==
4067 					    ATH10K_SCAN_ABORTING),
4068 			};
4069 
4070 			ieee80211_scan_completed(ar->hw, &info);
4071 		} else if (ar->scan.roc_notify) {
4072 			ieee80211_remain_on_channel_expired(ar->hw);
4073 		}
4074 		/* fall through */
4075 	case ATH10K_SCAN_STARTING:
4076 		ar->scan.state = ATH10K_SCAN_IDLE;
4077 		ar->scan_channel = NULL;
4078 		ar->scan.roc_freq = 0;
4079 		ath10k_offchan_tx_purge(ar);
4080 		cancel_delayed_work(&ar->scan.timeout);
4081 		complete(&ar->scan.completed);
4082 		break;
4083 	}
4084 }
4085 
4086 void ath10k_scan_finish(struct ath10k *ar)
4087 {
4088 	spin_lock_bh(&ar->data_lock);
4089 	__ath10k_scan_finish(ar);
4090 	spin_unlock_bh(&ar->data_lock);
4091 }
4092 
4093 static int ath10k_scan_stop(struct ath10k *ar)
4094 {
4095 	struct wmi_stop_scan_arg arg = {
4096 		.req_id = 1, /* FIXME */
4097 		.req_type = WMI_SCAN_STOP_ONE,
4098 		.u.scan_id = ATH10K_SCAN_ID,
4099 	};
4100 	int ret;
4101 
4102 	lockdep_assert_held(&ar->conf_mutex);
4103 
4104 	ret = ath10k_wmi_stop_scan(ar, &arg);
4105 	if (ret) {
4106 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4107 		goto out;
4108 	}
4109 
4110 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4111 	if (ret == 0) {
4112 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4113 		ret = -ETIMEDOUT;
4114 	} else if (ret > 0) {
4115 		ret = 0;
4116 	}
4117 
4118 out:
4119 	/* Scan state should be updated upon scan completion but in case
4120 	 * firmware fails to deliver the event (for whatever reason) it is
4121 	 * desired to clean up scan state anyway. Firmware may have just
4122 	 * dropped the scan completion event delivery due to transport pipe
4123 	 * being overflown with data and/or it can recover on its own before
4124 	 * next scan request is submitted.
4125 	 */
4126 	spin_lock_bh(&ar->data_lock);
4127 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4128 		__ath10k_scan_finish(ar);
4129 	spin_unlock_bh(&ar->data_lock);
4130 
4131 	return ret;
4132 }
4133 
4134 static void ath10k_scan_abort(struct ath10k *ar)
4135 {
4136 	int ret;
4137 
4138 	lockdep_assert_held(&ar->conf_mutex);
4139 
4140 	spin_lock_bh(&ar->data_lock);
4141 
4142 	switch (ar->scan.state) {
4143 	case ATH10K_SCAN_IDLE:
4144 		/* This can happen if timeout worker kicked in and called
4145 		 * abortion while scan completion was being processed.
4146 		 */
4147 		break;
4148 	case ATH10K_SCAN_STARTING:
4149 	case ATH10K_SCAN_ABORTING:
4150 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4151 			    ath10k_scan_state_str(ar->scan.state),
4152 			    ar->scan.state);
4153 		break;
4154 	case ATH10K_SCAN_RUNNING:
4155 		ar->scan.state = ATH10K_SCAN_ABORTING;
4156 		spin_unlock_bh(&ar->data_lock);
4157 
4158 		ret = ath10k_scan_stop(ar);
4159 		if (ret)
4160 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4161 
4162 		spin_lock_bh(&ar->data_lock);
4163 		break;
4164 	}
4165 
4166 	spin_unlock_bh(&ar->data_lock);
4167 }
4168 
4169 void ath10k_scan_timeout_work(struct work_struct *work)
4170 {
4171 	struct ath10k *ar = container_of(work, struct ath10k,
4172 					 scan.timeout.work);
4173 
4174 	mutex_lock(&ar->conf_mutex);
4175 	ath10k_scan_abort(ar);
4176 	mutex_unlock(&ar->conf_mutex);
4177 }
4178 
4179 static int ath10k_start_scan(struct ath10k *ar,
4180 			     const struct wmi_start_scan_arg *arg)
4181 {
4182 	int ret;
4183 
4184 	lockdep_assert_held(&ar->conf_mutex);
4185 
4186 	ret = ath10k_wmi_start_scan(ar, arg);
4187 	if (ret)
4188 		return ret;
4189 
4190 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4191 	if (ret == 0) {
4192 		ret = ath10k_scan_stop(ar);
4193 		if (ret)
4194 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4195 
4196 		return -ETIMEDOUT;
4197 	}
4198 
4199 	/* If we failed to start the scan, return error code at
4200 	 * this point.  This is probably due to some issue in the
4201 	 * firmware, but no need to wedge the driver due to that...
4202 	 */
4203 	spin_lock_bh(&ar->data_lock);
4204 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4205 		spin_unlock_bh(&ar->data_lock);
4206 		return -EINVAL;
4207 	}
4208 	spin_unlock_bh(&ar->data_lock);
4209 
4210 	return 0;
4211 }
4212 
4213 /**********************/
4214 /* mac80211 callbacks */
4215 /**********************/
4216 
4217 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4218 			     struct ieee80211_tx_control *control,
4219 			     struct sk_buff *skb)
4220 {
4221 	struct ath10k *ar = hw->priv;
4222 	struct ath10k_htt *htt = &ar->htt;
4223 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4224 	struct ieee80211_vif *vif = info->control.vif;
4225 	struct ieee80211_sta *sta = control->sta;
4226 	struct ieee80211_txq *txq = NULL;
4227 	struct ieee80211_hdr *hdr = (void *)skb->data;
4228 	enum ath10k_hw_txrx_mode txmode;
4229 	enum ath10k_mac_tx_path txpath;
4230 	bool is_htt;
4231 	bool is_mgmt;
4232 	bool is_presp;
4233 	int ret;
4234 
4235 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, skb);
4236 
4237 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4238 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4239 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4240 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4241 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4242 
4243 	if (is_htt) {
4244 		spin_lock_bh(&ar->htt.tx_lock);
4245 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4246 
4247 		ret = ath10k_htt_tx_inc_pending(htt);
4248 		if (ret) {
4249 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4250 				    ret);
4251 			spin_unlock_bh(&ar->htt.tx_lock);
4252 			ieee80211_free_txskb(ar->hw, skb);
4253 			return;
4254 		}
4255 
4256 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4257 		if (ret) {
4258 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4259 				   ret);
4260 			ath10k_htt_tx_dec_pending(htt);
4261 			spin_unlock_bh(&ar->htt.tx_lock);
4262 			ieee80211_free_txskb(ar->hw, skb);
4263 			return;
4264 		}
4265 		spin_unlock_bh(&ar->htt.tx_lock);
4266 	}
4267 
4268 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb);
4269 	if (ret) {
4270 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4271 		if (is_htt) {
4272 			spin_lock_bh(&ar->htt.tx_lock);
4273 			ath10k_htt_tx_dec_pending(htt);
4274 			if (is_mgmt)
4275 				ath10k_htt_tx_mgmt_dec_pending(htt);
4276 			spin_unlock_bh(&ar->htt.tx_lock);
4277 		}
4278 		return;
4279 	}
4280 }
4281 
4282 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4283 					struct ieee80211_txq *txq)
4284 {
4285 	struct ath10k *ar = hw->priv;
4286 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4287 	struct ieee80211_txq *f_txq;
4288 	struct ath10k_txq *f_artxq;
4289 	int ret = 0;
4290 	int max = 16;
4291 
4292 	spin_lock_bh(&ar->txqs_lock);
4293 	if (list_empty(&artxq->list))
4294 		list_add_tail(&artxq->list, &ar->txqs);
4295 
4296 	f_artxq = list_first_entry(&ar->txqs, struct ath10k_txq, list);
4297 	f_txq = container_of((void *)f_artxq, struct ieee80211_txq, drv_priv);
4298 	list_del_init(&f_artxq->list);
4299 
4300 	while (ath10k_mac_tx_can_push(hw, f_txq) && max--) {
4301 		ret = ath10k_mac_tx_push_txq(hw, f_txq);
4302 		if (ret < 0)
4303 			break;
4304 	}
4305 	if (ret != -ENOENT)
4306 		list_add_tail(&f_artxq->list, &ar->txqs);
4307 	spin_unlock_bh(&ar->txqs_lock);
4308 
4309 	ath10k_htt_tx_txq_update(hw, f_txq);
4310 	ath10k_htt_tx_txq_update(hw, txq);
4311 }
4312 
4313 /* Must not be called with conf_mutex held as workers can use that also. */
4314 void ath10k_drain_tx(struct ath10k *ar)
4315 {
4316 	/* make sure rcu-protected mac80211 tx path itself is drained */
4317 	synchronize_net();
4318 
4319 	ath10k_offchan_tx_purge(ar);
4320 	ath10k_mgmt_over_wmi_tx_purge(ar);
4321 
4322 	cancel_work_sync(&ar->offchan_tx_work);
4323 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4324 }
4325 
4326 void ath10k_halt(struct ath10k *ar)
4327 {
4328 	struct ath10k_vif *arvif;
4329 
4330 	lockdep_assert_held(&ar->conf_mutex);
4331 
4332 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4333 	ar->filter_flags = 0;
4334 	ar->monitor = false;
4335 	ar->monitor_arvif = NULL;
4336 
4337 	if (ar->monitor_started)
4338 		ath10k_monitor_stop(ar);
4339 
4340 	ar->monitor_started = false;
4341 	ar->tx_paused = 0;
4342 
4343 	ath10k_scan_finish(ar);
4344 	ath10k_peer_cleanup_all(ar);
4345 	ath10k_stop_radar_confirmation(ar);
4346 	ath10k_core_stop(ar);
4347 	ath10k_hif_power_down(ar);
4348 
4349 	spin_lock_bh(&ar->data_lock);
4350 	list_for_each_entry(arvif, &ar->arvifs, list)
4351 		ath10k_mac_vif_beacon_cleanup(arvif);
4352 	spin_unlock_bh(&ar->data_lock);
4353 }
4354 
4355 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4356 {
4357 	struct ath10k *ar = hw->priv;
4358 
4359 	mutex_lock(&ar->conf_mutex);
4360 
4361 	*tx_ant = ar->cfg_tx_chainmask;
4362 	*rx_ant = ar->cfg_rx_chainmask;
4363 
4364 	mutex_unlock(&ar->conf_mutex);
4365 
4366 	return 0;
4367 }
4368 
4369 static void ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4370 {
4371 	/* It is not clear that allowing gaps in chainmask
4372 	 * is helpful.  Probably it will not do what user
4373 	 * is hoping for, so warn in that case.
4374 	 */
4375 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4376 		return;
4377 
4378 	ath10k_warn(ar, "mac %s antenna chainmask may be invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4379 		    dbg, cm);
4380 }
4381 
4382 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4383 {
4384 	int nsts = ar->vht_cap_info;
4385 
4386 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4387 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4388 
4389 	/* If firmware does not deliver to host number of space-time
4390 	 * streams supported, assume it support up to 4 BF STS and return
4391 	 * the value for VHT CAP: nsts-1)
4392 	 */
4393 	if (nsts == 0)
4394 		return 3;
4395 
4396 	return nsts;
4397 }
4398 
4399 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4400 {
4401 	int sound_dim = ar->vht_cap_info;
4402 
4403 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4404 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4405 
4406 	/* If the sounding dimension is not advertised by the firmware,
4407 	 * let's use a default value of 1
4408 	 */
4409 	if (sound_dim == 0)
4410 		return 1;
4411 
4412 	return sound_dim;
4413 }
4414 
4415 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4416 {
4417 	struct ieee80211_sta_vht_cap vht_cap = {0};
4418 	struct ath10k_hw_params *hw = &ar->hw_params;
4419 	u16 mcs_map;
4420 	u32 val;
4421 	int i;
4422 
4423 	vht_cap.vht_supported = 1;
4424 	vht_cap.cap = ar->vht_cap_info;
4425 
4426 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4427 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4428 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4429 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4430 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4431 
4432 		vht_cap.cap |= val;
4433 	}
4434 
4435 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4436 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4437 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4438 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4439 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4440 
4441 		vht_cap.cap |= val;
4442 	}
4443 
4444 	/* Currently the firmware seems to be buggy, don't enable 80+80
4445 	 * mode until that's resolved.
4446 	 */
4447 	if ((ar->vht_cap_info & IEEE80211_VHT_CAP_SHORT_GI_160) &&
4448 	    (ar->vht_cap_info & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) == 0)
4449 		vht_cap.cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
4450 
4451 	mcs_map = 0;
4452 	for (i = 0; i < 8; i++) {
4453 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4454 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4455 		else
4456 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4457 	}
4458 
4459 	if (ar->cfg_tx_chainmask <= 1)
4460 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4461 
4462 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4463 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4464 
4465 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4466 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4467 	 * user-space a clue if that is the case.
4468 	 */
4469 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4470 	    (hw->vht160_mcs_rx_highest != 0 ||
4471 	     hw->vht160_mcs_tx_highest != 0)) {
4472 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4473 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4474 	}
4475 
4476 	return vht_cap;
4477 }
4478 
4479 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4480 {
4481 	int i;
4482 	struct ieee80211_sta_ht_cap ht_cap = {0};
4483 
4484 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4485 		return ht_cap;
4486 
4487 	ht_cap.ht_supported = 1;
4488 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4489 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4490 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4491 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4492 	ht_cap.cap |=
4493 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4494 
4495 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4496 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4497 
4498 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4499 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4500 
4501 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4502 		u32 smps;
4503 
4504 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4505 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4506 
4507 		ht_cap.cap |= smps;
4508 	}
4509 
4510 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4511 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4512 
4513 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4514 		u32 stbc;
4515 
4516 		stbc   = ar->ht_cap_info;
4517 		stbc  &= WMI_HT_CAP_RX_STBC;
4518 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4519 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4520 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4521 
4522 		ht_cap.cap |= stbc;
4523 	}
4524 
4525 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC)
4526 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4527 
4528 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4529 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4530 
4531 	/* max AMSDU is implicitly taken from vht_cap_info */
4532 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4533 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4534 
4535 	for (i = 0; i < ar->num_rf_chains; i++) {
4536 		if (ar->cfg_rx_chainmask & BIT(i))
4537 			ht_cap.mcs.rx_mask[i] = 0xFF;
4538 	}
4539 
4540 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
4541 
4542 	return ht_cap;
4543 }
4544 
4545 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
4546 {
4547 	struct ieee80211_supported_band *band;
4548 	struct ieee80211_sta_vht_cap vht_cap;
4549 	struct ieee80211_sta_ht_cap ht_cap;
4550 
4551 	ht_cap = ath10k_get_ht_cap(ar);
4552 	vht_cap = ath10k_create_vht_cap(ar);
4553 
4554 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
4555 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
4556 		band->ht_cap = ht_cap;
4557 	}
4558 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
4559 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
4560 		band->ht_cap = ht_cap;
4561 		band->vht_cap = vht_cap;
4562 	}
4563 }
4564 
4565 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
4566 {
4567 	int ret;
4568 
4569 	lockdep_assert_held(&ar->conf_mutex);
4570 
4571 	ath10k_check_chain_mask(ar, tx_ant, "tx");
4572 	ath10k_check_chain_mask(ar, rx_ant, "rx");
4573 
4574 	ar->cfg_tx_chainmask = tx_ant;
4575 	ar->cfg_rx_chainmask = rx_ant;
4576 
4577 	if ((ar->state != ATH10K_STATE_ON) &&
4578 	    (ar->state != ATH10K_STATE_RESTARTED))
4579 		return 0;
4580 
4581 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
4582 					tx_ant);
4583 	if (ret) {
4584 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
4585 			    ret, tx_ant);
4586 		return ret;
4587 	}
4588 
4589 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
4590 					rx_ant);
4591 	if (ret) {
4592 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
4593 			    ret, rx_ant);
4594 		return ret;
4595 	}
4596 
4597 	/* Reload HT/VHT capability */
4598 	ath10k_mac_setup_ht_vht_cap(ar);
4599 
4600 	return 0;
4601 }
4602 
4603 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
4604 {
4605 	struct ath10k *ar = hw->priv;
4606 	int ret;
4607 
4608 	mutex_lock(&ar->conf_mutex);
4609 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
4610 	mutex_unlock(&ar->conf_mutex);
4611 	return ret;
4612 }
4613 
4614 static int ath10k_start(struct ieee80211_hw *hw)
4615 {
4616 	struct ath10k *ar = hw->priv;
4617 	u32 param;
4618 	int ret = 0;
4619 
4620 	/*
4621 	 * This makes sense only when restarting hw. It is harmless to call
4622 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
4623 	 * commands will be submitted while restarting.
4624 	 */
4625 	ath10k_drain_tx(ar);
4626 
4627 	mutex_lock(&ar->conf_mutex);
4628 
4629 	switch (ar->state) {
4630 	case ATH10K_STATE_OFF:
4631 		ar->state = ATH10K_STATE_ON;
4632 		break;
4633 	case ATH10K_STATE_RESTARTING:
4634 		ar->state = ATH10K_STATE_RESTARTED;
4635 		break;
4636 	case ATH10K_STATE_ON:
4637 	case ATH10K_STATE_RESTARTED:
4638 	case ATH10K_STATE_WEDGED:
4639 		WARN_ON(1);
4640 		ret = -EINVAL;
4641 		goto err;
4642 	case ATH10K_STATE_UTF:
4643 		ret = -EBUSY;
4644 		goto err;
4645 	}
4646 
4647 	ret = ath10k_hif_power_up(ar);
4648 	if (ret) {
4649 		ath10k_err(ar, "Could not init hif: %d\n", ret);
4650 		goto err_off;
4651 	}
4652 
4653 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
4654 				&ar->normal_mode_fw);
4655 	if (ret) {
4656 		ath10k_err(ar, "Could not init core: %d\n", ret);
4657 		goto err_power_down;
4658 	}
4659 
4660 	param = ar->wmi.pdev_param->pmf_qos;
4661 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
4662 	if (ret) {
4663 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
4664 		goto err_core_stop;
4665 	}
4666 
4667 	param = ar->wmi.pdev_param->dynamic_bw;
4668 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
4669 	if (ret) {
4670 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
4671 		goto err_core_stop;
4672 	}
4673 
4674 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
4675 		ret = ath10k_wmi_adaptive_qcs(ar, true);
4676 		if (ret) {
4677 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
4678 				    ret);
4679 			goto err_core_stop;
4680 		}
4681 	}
4682 
4683 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
4684 		param = ar->wmi.pdev_param->burst_enable;
4685 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
4686 		if (ret) {
4687 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
4688 			goto err_core_stop;
4689 		}
4690 	}
4691 
4692 	param = ar->wmi.pdev_param->idle_ps_config;
4693 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
4694 	if (ret && ret != -EOPNOTSUPP) {
4695 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
4696 		goto err_core_stop;
4697 	}
4698 
4699 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
4700 
4701 	/*
4702 	 * By default FW set ARP frames ac to voice (6). In that case ARP
4703 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
4704 	 * which arrives with access category 0 are processed by network stack
4705 	 * and send back with access category 0, but FW changes access category
4706 	 * to 6. Set ARP frames access category to best effort (0) solves
4707 	 * this problem.
4708 	 */
4709 
4710 	param = ar->wmi.pdev_param->arp_ac_override;
4711 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
4712 	if (ret) {
4713 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
4714 			    ret);
4715 		goto err_core_stop;
4716 	}
4717 
4718 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
4719 		     ar->running_fw->fw_file.fw_features)) {
4720 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
4721 							  WMI_CCA_DETECT_LEVEL_AUTO,
4722 							  WMI_CCA_DETECT_MARGIN_AUTO);
4723 		if (ret) {
4724 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
4725 				    ret);
4726 			goto err_core_stop;
4727 		}
4728 	}
4729 
4730 	param = ar->wmi.pdev_param->ani_enable;
4731 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
4732 	if (ret) {
4733 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
4734 			    ret);
4735 		goto err_core_stop;
4736 	}
4737 
4738 	ar->ani_enabled = true;
4739 
4740 	if (ath10k_peer_stats_enabled(ar)) {
4741 		param = ar->wmi.pdev_param->peer_stats_update_period;
4742 		ret = ath10k_wmi_pdev_set_param(ar, param,
4743 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
4744 		if (ret) {
4745 			ath10k_warn(ar,
4746 				    "failed to set peer stats period : %d\n",
4747 				    ret);
4748 			goto err_core_stop;
4749 		}
4750 	}
4751 
4752 	param = ar->wmi.pdev_param->enable_btcoex;
4753 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
4754 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
4755 		     ar->running_fw->fw_file.fw_features)) {
4756 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
4757 		if (ret) {
4758 			ath10k_warn(ar,
4759 				    "failed to set btcoex param: %d\n", ret);
4760 			goto err_core_stop;
4761 		}
4762 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
4763 	}
4764 
4765 	ar->num_started_vdevs = 0;
4766 	ath10k_regd_update(ar);
4767 
4768 	ath10k_spectral_start(ar);
4769 	ath10k_thermal_set_throttling(ar);
4770 
4771 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
4772 
4773 	mutex_unlock(&ar->conf_mutex);
4774 	return 0;
4775 
4776 err_core_stop:
4777 	ath10k_core_stop(ar);
4778 
4779 err_power_down:
4780 	ath10k_hif_power_down(ar);
4781 
4782 err_off:
4783 	ar->state = ATH10K_STATE_OFF;
4784 
4785 err:
4786 	mutex_unlock(&ar->conf_mutex);
4787 	return ret;
4788 }
4789 
4790 static void ath10k_stop(struct ieee80211_hw *hw)
4791 {
4792 	struct ath10k *ar = hw->priv;
4793 
4794 	ath10k_drain_tx(ar);
4795 
4796 	mutex_lock(&ar->conf_mutex);
4797 	if (ar->state != ATH10K_STATE_OFF) {
4798 		ath10k_halt(ar);
4799 		ar->state = ATH10K_STATE_OFF;
4800 	}
4801 	mutex_unlock(&ar->conf_mutex);
4802 
4803 	cancel_work_sync(&ar->set_coverage_class_work);
4804 	cancel_delayed_work_sync(&ar->scan.timeout);
4805 	cancel_work_sync(&ar->restart_work);
4806 }
4807 
4808 static int ath10k_config_ps(struct ath10k *ar)
4809 {
4810 	struct ath10k_vif *arvif;
4811 	int ret = 0;
4812 
4813 	lockdep_assert_held(&ar->conf_mutex);
4814 
4815 	list_for_each_entry(arvif, &ar->arvifs, list) {
4816 		ret = ath10k_mac_vif_setup_ps(arvif);
4817 		if (ret) {
4818 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
4819 			break;
4820 		}
4821 	}
4822 
4823 	return ret;
4824 }
4825 
4826 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
4827 {
4828 	int ret;
4829 	u32 param;
4830 
4831 	lockdep_assert_held(&ar->conf_mutex);
4832 
4833 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower %d\n", txpower);
4834 
4835 	param = ar->wmi.pdev_param->txpower_limit2g;
4836 	ret = ath10k_wmi_pdev_set_param(ar, param, txpower * 2);
4837 	if (ret) {
4838 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
4839 			    txpower, ret);
4840 		return ret;
4841 	}
4842 
4843 	param = ar->wmi.pdev_param->txpower_limit5g;
4844 	ret = ath10k_wmi_pdev_set_param(ar, param, txpower * 2);
4845 	if (ret) {
4846 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
4847 			    txpower, ret);
4848 		return ret;
4849 	}
4850 
4851 	return 0;
4852 }
4853 
4854 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
4855 {
4856 	struct ath10k_vif *arvif;
4857 	int ret, txpower = -1;
4858 
4859 	lockdep_assert_held(&ar->conf_mutex);
4860 
4861 	list_for_each_entry(arvif, &ar->arvifs, list) {
4862 		if (arvif->txpower <= 0)
4863 			continue;
4864 
4865 		if (txpower == -1)
4866 			txpower = arvif->txpower;
4867 		else
4868 			txpower = min(txpower, arvif->txpower);
4869 	}
4870 
4871 	if (txpower == -1)
4872 		return 0;
4873 
4874 	ret = ath10k_mac_txpower_setup(ar, txpower);
4875 	if (ret) {
4876 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
4877 			    txpower, ret);
4878 		return ret;
4879 	}
4880 
4881 	return 0;
4882 }
4883 
4884 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
4885 {
4886 	struct ath10k *ar = hw->priv;
4887 	struct ieee80211_conf *conf = &hw->conf;
4888 	int ret = 0;
4889 
4890 	mutex_lock(&ar->conf_mutex);
4891 
4892 	if (changed & IEEE80211_CONF_CHANGE_PS)
4893 		ath10k_config_ps(ar);
4894 
4895 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
4896 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
4897 		ret = ath10k_monitor_recalc(ar);
4898 		if (ret)
4899 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
4900 	}
4901 
4902 	mutex_unlock(&ar->conf_mutex);
4903 	return ret;
4904 }
4905 
4906 static u32 get_nss_from_chainmask(u16 chain_mask)
4907 {
4908 	if ((chain_mask & 0xf) == 0xf)
4909 		return 4;
4910 	else if ((chain_mask & 0x7) == 0x7)
4911 		return 3;
4912 	else if ((chain_mask & 0x3) == 0x3)
4913 		return 2;
4914 	return 1;
4915 }
4916 
4917 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
4918 {
4919 	u32 value = 0;
4920 	struct ath10k *ar = arvif->ar;
4921 	int nsts;
4922 	int sound_dim;
4923 
4924 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
4925 		return 0;
4926 
4927 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
4928 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4929 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
4930 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
4931 
4932 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4933 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4934 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
4935 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
4936 
4937 	if (!value)
4938 		return 0;
4939 
4940 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
4941 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
4942 
4943 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
4944 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
4945 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
4946 
4947 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
4948 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
4949 
4950 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
4951 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
4952 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
4953 
4954 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
4955 					 ar->wmi.vdev_param->txbf, value);
4956 }
4957 
4958 /*
4959  * TODO:
4960  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
4961  * because we will send mgmt frames without CCK. This requirement
4962  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
4963  * in the TX packet.
4964  */
4965 static int ath10k_add_interface(struct ieee80211_hw *hw,
4966 				struct ieee80211_vif *vif)
4967 {
4968 	struct ath10k *ar = hw->priv;
4969 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
4970 	struct ath10k_peer *peer;
4971 	enum wmi_sta_powersave_param param;
4972 	int ret = 0;
4973 	u32 value;
4974 	int bit;
4975 	int i;
4976 	u32 vdev_param;
4977 
4978 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
4979 
4980 	mutex_lock(&ar->conf_mutex);
4981 
4982 	memset(arvif, 0, sizeof(*arvif));
4983 	ath10k_mac_txq_init(vif->txq);
4984 
4985 	arvif->ar = ar;
4986 	arvif->vif = vif;
4987 
4988 	INIT_LIST_HEAD(&arvif->list);
4989 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
4990 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
4991 			  ath10k_mac_vif_sta_connection_loss_work);
4992 
4993 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
4994 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
4995 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
4996 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
4997 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
4998 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
4999 	}
5000 
5001 	if (ar->num_peers >= ar->max_num_peers) {
5002 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5003 		ret = -ENOBUFS;
5004 		goto err;
5005 	}
5006 
5007 	if (ar->free_vdev_map == 0) {
5008 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5009 		ret = -EBUSY;
5010 		goto err;
5011 	}
5012 	bit = __ffs64(ar->free_vdev_map);
5013 
5014 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5015 		   bit, ar->free_vdev_map);
5016 
5017 	arvif->vdev_id = bit;
5018 	arvif->vdev_subtype =
5019 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5020 
5021 	switch (vif->type) {
5022 	case NL80211_IFTYPE_P2P_DEVICE:
5023 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5024 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5025 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5026 		break;
5027 	case NL80211_IFTYPE_UNSPECIFIED:
5028 	case NL80211_IFTYPE_STATION:
5029 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5030 		if (vif->p2p)
5031 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5032 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5033 		break;
5034 	case NL80211_IFTYPE_ADHOC:
5035 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5036 		break;
5037 	case NL80211_IFTYPE_MESH_POINT:
5038 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5039 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5040 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5041 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5042 			ret = -EINVAL;
5043 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5044 			goto err;
5045 		}
5046 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5047 		break;
5048 	case NL80211_IFTYPE_AP:
5049 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5050 
5051 		if (vif->p2p)
5052 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5053 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5054 		break;
5055 	case NL80211_IFTYPE_MONITOR:
5056 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5057 		break;
5058 	default:
5059 		WARN_ON(1);
5060 		break;
5061 	}
5062 
5063 	/* Using vdev_id as queue number will make it very easy to do per-vif
5064 	 * tx queue locking. This shouldn't wrap due to interface combinations
5065 	 * but do a modulo for correctness sake and prevent using offchannel tx
5066 	 * queues for regular vif tx.
5067 	 */
5068 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5069 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5070 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5071 
5072 	/* Some firmware revisions don't wait for beacon tx completion before
5073 	 * sending another SWBA event. This could lead to hardware using old
5074 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5075 	 * combined with missed TBTT. This is very very rare.
5076 	 *
5077 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5078 	 * because hw could beacon some random data on the air.  On
5079 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5080 	 * device would crash.
5081 	 *
5082 	 * Since there are no beacon tx completions (implicit nor explicit)
5083 	 * propagated to host the only workaround for this is to allocate a
5084 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5085 	 * beacon tx commands. Worst case for this approach is some beacons may
5086 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5087 	 */
5088 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5089 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5090 	    vif->type == NL80211_IFTYPE_AP) {
5091 		arvif->beacon_buf = dma_zalloc_coherent(ar->dev,
5092 							IEEE80211_MAX_FRAME_LEN,
5093 							&arvif->beacon_paddr,
5094 							GFP_ATOMIC);
5095 		if (!arvif->beacon_buf) {
5096 			ret = -ENOMEM;
5097 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5098 				    ret);
5099 			goto err;
5100 		}
5101 	}
5102 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5103 		arvif->nohwcrypt = true;
5104 
5105 	if (arvif->nohwcrypt &&
5106 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5107 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5108 		goto err;
5109 	}
5110 
5111 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5112 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5113 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5114 
5115 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5116 				     arvif->vdev_subtype, vif->addr);
5117 	if (ret) {
5118 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5119 			    arvif->vdev_id, ret);
5120 		goto err;
5121 	}
5122 
5123 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5124 	spin_lock_bh(&ar->data_lock);
5125 	list_add(&arvif->list, &ar->arvifs);
5126 	spin_unlock_bh(&ar->data_lock);
5127 
5128 	/* It makes no sense to have firmware do keepalives. mac80211 already
5129 	 * takes care of this with idle connection polling.
5130 	 */
5131 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5132 	if (ret) {
5133 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5134 			    arvif->vdev_id, ret);
5135 		goto err_vdev_delete;
5136 	}
5137 
5138 	arvif->def_wep_key_idx = -1;
5139 
5140 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5141 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5142 					ATH10K_HW_TXRX_NATIVE_WIFI);
5143 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5144 	if (ret && ret != -EOPNOTSUPP) {
5145 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5146 			    arvif->vdev_id, ret);
5147 		goto err_vdev_delete;
5148 	}
5149 
5150 	/* Configuring number of spatial stream for monitor interface is causing
5151 	 * target assert in qca9888 and qca6174.
5152 	 */
5153 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5154 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5155 
5156 		vdev_param = ar->wmi.vdev_param->nss;
5157 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5158 						nss);
5159 		if (ret) {
5160 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5161 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5162 				    ret);
5163 			goto err_vdev_delete;
5164 		}
5165 	}
5166 
5167 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5168 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5169 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5170 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5171 		if (ret) {
5172 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5173 				    arvif->vdev_id, ret);
5174 			goto err_vdev_delete;
5175 		}
5176 
5177 		spin_lock_bh(&ar->data_lock);
5178 
5179 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5180 		if (!peer) {
5181 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5182 				    vif->addr, arvif->vdev_id);
5183 			spin_unlock_bh(&ar->data_lock);
5184 			ret = -ENOENT;
5185 			goto err_peer_delete;
5186 		}
5187 
5188 		arvif->peer_id = find_first_bit(peer->peer_ids,
5189 						ATH10K_MAX_NUM_PEER_IDS);
5190 
5191 		spin_unlock_bh(&ar->data_lock);
5192 	} else {
5193 		arvif->peer_id = HTT_INVALID_PEERID;
5194 	}
5195 
5196 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5197 		ret = ath10k_mac_set_kickout(arvif);
5198 		if (ret) {
5199 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5200 				    arvif->vdev_id, ret);
5201 			goto err_peer_delete;
5202 		}
5203 	}
5204 
5205 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5206 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5207 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5208 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5209 						  param, value);
5210 		if (ret) {
5211 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5212 				    arvif->vdev_id, ret);
5213 			goto err_peer_delete;
5214 		}
5215 
5216 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5217 		if (ret) {
5218 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5219 				    arvif->vdev_id, ret);
5220 			goto err_peer_delete;
5221 		}
5222 
5223 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5224 		if (ret) {
5225 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5226 				    arvif->vdev_id, ret);
5227 			goto err_peer_delete;
5228 		}
5229 	}
5230 
5231 	ret = ath10k_mac_set_txbf_conf(arvif);
5232 	if (ret) {
5233 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5234 			    arvif->vdev_id, ret);
5235 		goto err_peer_delete;
5236 	}
5237 
5238 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5239 	if (ret) {
5240 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5241 			    arvif->vdev_id, ret);
5242 		goto err_peer_delete;
5243 	}
5244 
5245 	arvif->txpower = vif->bss_conf.txpower;
5246 	ret = ath10k_mac_txpower_recalc(ar);
5247 	if (ret) {
5248 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5249 		goto err_peer_delete;
5250 	}
5251 
5252 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5253 		ar->monitor_arvif = arvif;
5254 		ret = ath10k_monitor_recalc(ar);
5255 		if (ret) {
5256 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5257 			goto err_peer_delete;
5258 		}
5259 	}
5260 
5261 	spin_lock_bh(&ar->htt.tx_lock);
5262 	if (!ar->tx_paused)
5263 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5264 	spin_unlock_bh(&ar->htt.tx_lock);
5265 
5266 	mutex_unlock(&ar->conf_mutex);
5267 	return 0;
5268 
5269 err_peer_delete:
5270 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5271 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS)
5272 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5273 
5274 err_vdev_delete:
5275 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5276 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5277 	spin_lock_bh(&ar->data_lock);
5278 	list_del(&arvif->list);
5279 	spin_unlock_bh(&ar->data_lock);
5280 
5281 err:
5282 	if (arvif->beacon_buf) {
5283 		dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5284 				  arvif->beacon_buf, arvif->beacon_paddr);
5285 		arvif->beacon_buf = NULL;
5286 	}
5287 
5288 	mutex_unlock(&ar->conf_mutex);
5289 
5290 	return ret;
5291 }
5292 
5293 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5294 {
5295 	int i;
5296 
5297 	for (i = 0; i < BITS_PER_LONG; i++)
5298 		ath10k_mac_vif_tx_unlock(arvif, i);
5299 }
5300 
5301 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5302 				    struct ieee80211_vif *vif)
5303 {
5304 	struct ath10k *ar = hw->priv;
5305 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5306 	struct ath10k_peer *peer;
5307 	int ret;
5308 	int i;
5309 
5310 	cancel_work_sync(&arvif->ap_csa_work);
5311 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5312 
5313 	mutex_lock(&ar->conf_mutex);
5314 
5315 	spin_lock_bh(&ar->data_lock);
5316 	ath10k_mac_vif_beacon_cleanup(arvif);
5317 	spin_unlock_bh(&ar->data_lock);
5318 
5319 	ret = ath10k_spectral_vif_stop(arvif);
5320 	if (ret)
5321 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5322 			    arvif->vdev_id, ret);
5323 
5324 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5325 	spin_lock_bh(&ar->data_lock);
5326 	list_del(&arvif->list);
5327 	spin_unlock_bh(&ar->data_lock);
5328 
5329 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5330 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5331 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5332 					     vif->addr);
5333 		if (ret)
5334 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5335 				    arvif->vdev_id, ret);
5336 
5337 		kfree(arvif->u.ap.noa_data);
5338 	}
5339 
5340 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5341 		   arvif->vdev_id);
5342 
5343 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5344 	if (ret)
5345 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5346 			    arvif->vdev_id, ret);
5347 
5348 	/* Some firmware revisions don't notify host about self-peer removal
5349 	 * until after associated vdev is deleted.
5350 	 */
5351 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5352 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5353 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5354 						   vif->addr);
5355 		if (ret)
5356 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5357 				    arvif->vdev_id, ret);
5358 
5359 		spin_lock_bh(&ar->data_lock);
5360 		ar->num_peers--;
5361 		spin_unlock_bh(&ar->data_lock);
5362 	}
5363 
5364 	spin_lock_bh(&ar->data_lock);
5365 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5366 		peer = ar->peer_map[i];
5367 		if (!peer)
5368 			continue;
5369 
5370 		if (peer->vif == vif) {
5371 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5372 				    vif->addr, arvif->vdev_id);
5373 			peer->vif = NULL;
5374 		}
5375 	}
5376 	spin_unlock_bh(&ar->data_lock);
5377 
5378 	ath10k_peer_cleanup(ar, arvif->vdev_id);
5379 	ath10k_mac_txq_unref(ar, vif->txq);
5380 
5381 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5382 		ar->monitor_arvif = NULL;
5383 		ret = ath10k_monitor_recalc(ar);
5384 		if (ret)
5385 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5386 	}
5387 
5388 	ret = ath10k_mac_txpower_recalc(ar);
5389 	if (ret)
5390 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5391 
5392 	spin_lock_bh(&ar->htt.tx_lock);
5393 	ath10k_mac_vif_tx_unlock_all(arvif);
5394 	spin_unlock_bh(&ar->htt.tx_lock);
5395 
5396 	ath10k_mac_txq_unref(ar, vif->txq);
5397 
5398 	mutex_unlock(&ar->conf_mutex);
5399 }
5400 
5401 /*
5402  * FIXME: Has to be verified.
5403  */
5404 #define SUPPORTED_FILTERS			\
5405 	(FIF_ALLMULTI |				\
5406 	FIF_CONTROL |				\
5407 	FIF_PSPOLL |				\
5408 	FIF_OTHER_BSS |				\
5409 	FIF_BCN_PRBRESP_PROMISC |		\
5410 	FIF_PROBE_REQ |				\
5411 	FIF_FCSFAIL)
5412 
5413 static void ath10k_configure_filter(struct ieee80211_hw *hw,
5414 				    unsigned int changed_flags,
5415 				    unsigned int *total_flags,
5416 				    u64 multicast)
5417 {
5418 	struct ath10k *ar = hw->priv;
5419 	int ret;
5420 
5421 	mutex_lock(&ar->conf_mutex);
5422 
5423 	changed_flags &= SUPPORTED_FILTERS;
5424 	*total_flags &= SUPPORTED_FILTERS;
5425 	ar->filter_flags = *total_flags;
5426 
5427 	ret = ath10k_monitor_recalc(ar);
5428 	if (ret)
5429 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5430 
5431 	mutex_unlock(&ar->conf_mutex);
5432 }
5433 
5434 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
5435 				    struct ieee80211_vif *vif,
5436 				    struct ieee80211_bss_conf *info,
5437 				    u32 changed)
5438 {
5439 	struct ath10k *ar = hw->priv;
5440 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5441 	int ret = 0;
5442 	u32 vdev_param, pdev_param, slottime, preamble;
5443 
5444 	mutex_lock(&ar->conf_mutex);
5445 
5446 	if (changed & BSS_CHANGED_IBSS)
5447 		ath10k_control_ibss(arvif, info, vif->addr);
5448 
5449 	if (changed & BSS_CHANGED_BEACON_INT) {
5450 		arvif->beacon_interval = info->beacon_int;
5451 		vdev_param = ar->wmi.vdev_param->beacon_interval;
5452 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5453 						arvif->beacon_interval);
5454 		ath10k_dbg(ar, ATH10K_DBG_MAC,
5455 			   "mac vdev %d beacon_interval %d\n",
5456 			   arvif->vdev_id, arvif->beacon_interval);
5457 
5458 		if (ret)
5459 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
5460 				    arvif->vdev_id, ret);
5461 	}
5462 
5463 	if (changed & BSS_CHANGED_BEACON) {
5464 		ath10k_dbg(ar, ATH10K_DBG_MAC,
5465 			   "vdev %d set beacon tx mode to staggered\n",
5466 			   arvif->vdev_id);
5467 
5468 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
5469 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
5470 						WMI_BEACON_STAGGERED_MODE);
5471 		if (ret)
5472 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
5473 				    arvif->vdev_id, ret);
5474 
5475 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
5476 		if (ret)
5477 			ath10k_warn(ar, "failed to update beacon template: %d\n",
5478 				    ret);
5479 
5480 		if (ieee80211_vif_is_mesh(vif)) {
5481 			/* mesh doesn't use SSID but firmware needs it */
5482 			strncpy(arvif->u.ap.ssid, "mesh",
5483 				sizeof(arvif->u.ap.ssid));
5484 			arvif->u.ap.ssid_len = 4;
5485 		}
5486 	}
5487 
5488 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
5489 		ret = ath10k_mac_setup_prb_tmpl(arvif);
5490 		if (ret)
5491 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
5492 				    arvif->vdev_id, ret);
5493 	}
5494 
5495 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
5496 		arvif->dtim_period = info->dtim_period;
5497 
5498 		ath10k_dbg(ar, ATH10K_DBG_MAC,
5499 			   "mac vdev %d dtim_period %d\n",
5500 			   arvif->vdev_id, arvif->dtim_period);
5501 
5502 		vdev_param = ar->wmi.vdev_param->dtim_period;
5503 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5504 						arvif->dtim_period);
5505 		if (ret)
5506 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
5507 				    arvif->vdev_id, ret);
5508 	}
5509 
5510 	if (changed & BSS_CHANGED_SSID &&
5511 	    vif->type == NL80211_IFTYPE_AP) {
5512 		arvif->u.ap.ssid_len = info->ssid_len;
5513 		if (info->ssid_len)
5514 			memcpy(arvif->u.ap.ssid, info->ssid, info->ssid_len);
5515 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
5516 	}
5517 
5518 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
5519 		ether_addr_copy(arvif->bssid, info->bssid);
5520 
5521 	if (changed & BSS_CHANGED_BEACON_ENABLED)
5522 		ath10k_control_beaconing(arvif, info);
5523 
5524 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
5525 		arvif->use_cts_prot = info->use_cts_prot;
5526 
5527 		ret = ath10k_recalc_rtscts_prot(arvif);
5528 		if (ret)
5529 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
5530 				    arvif->vdev_id, ret);
5531 
5532 		if (ath10k_mac_can_set_cts_prot(arvif)) {
5533 			ret = ath10k_mac_set_cts_prot(arvif);
5534 			if (ret)
5535 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
5536 					    arvif->vdev_id, ret);
5537 		}
5538 	}
5539 
5540 	if (changed & BSS_CHANGED_ERP_SLOT) {
5541 		if (info->use_short_slot)
5542 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
5543 
5544 		else
5545 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
5546 
5547 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
5548 			   arvif->vdev_id, slottime);
5549 
5550 		vdev_param = ar->wmi.vdev_param->slot_time;
5551 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5552 						slottime);
5553 		if (ret)
5554 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
5555 				    arvif->vdev_id, ret);
5556 	}
5557 
5558 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
5559 		if (info->use_short_preamble)
5560 			preamble = WMI_VDEV_PREAMBLE_SHORT;
5561 		else
5562 			preamble = WMI_VDEV_PREAMBLE_LONG;
5563 
5564 		ath10k_dbg(ar, ATH10K_DBG_MAC,
5565 			   "mac vdev %d preamble %dn",
5566 			   arvif->vdev_id, preamble);
5567 
5568 		vdev_param = ar->wmi.vdev_param->preamble;
5569 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5570 						preamble);
5571 		if (ret)
5572 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
5573 				    arvif->vdev_id, ret);
5574 	}
5575 
5576 	if (changed & BSS_CHANGED_ASSOC) {
5577 		if (info->assoc) {
5578 			/* Workaround: Make sure monitor vdev is not running
5579 			 * when associating to prevent some firmware revisions
5580 			 * (e.g. 10.1 and 10.2) from crashing.
5581 			 */
5582 			if (ar->monitor_started)
5583 				ath10k_monitor_stop(ar);
5584 			ath10k_bss_assoc(hw, vif, info);
5585 			ath10k_monitor_recalc(ar);
5586 		} else {
5587 			ath10k_bss_disassoc(hw, vif);
5588 		}
5589 	}
5590 
5591 	if (changed & BSS_CHANGED_TXPOWER) {
5592 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
5593 			   arvif->vdev_id, info->txpower);
5594 
5595 		arvif->txpower = info->txpower;
5596 		ret = ath10k_mac_txpower_recalc(ar);
5597 		if (ret)
5598 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5599 	}
5600 
5601 	if (changed & BSS_CHANGED_PS) {
5602 		arvif->ps = vif->bss_conf.ps;
5603 
5604 		ret = ath10k_config_ps(ar);
5605 		if (ret)
5606 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
5607 				    arvif->vdev_id, ret);
5608 	}
5609 
5610 	mutex_unlock(&ar->conf_mutex);
5611 }
5612 
5613 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
5614 {
5615 	struct ath10k *ar = hw->priv;
5616 
5617 	/* This function should never be called if setting the coverage class
5618 	 * is not supported on this hardware.
5619 	 */
5620 	if (!ar->hw_params.hw_ops->set_coverage_class) {
5621 		WARN_ON_ONCE(1);
5622 		return;
5623 	}
5624 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
5625 }
5626 
5627 struct ath10k_mac_tdls_iter_data {
5628 	u32 num_tdls_stations;
5629 	struct ieee80211_vif *curr_vif;
5630 };
5631 
5632 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
5633 						    struct ieee80211_sta *sta)
5634 {
5635 	struct ath10k_mac_tdls_iter_data *iter_data = data;
5636 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
5637 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
5638 
5639 	if (sta->tdls && sta_vif == iter_data->curr_vif)
5640 		iter_data->num_tdls_stations++;
5641 }
5642 
5643 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
5644 					      struct ieee80211_vif *vif)
5645 {
5646 	struct ath10k_mac_tdls_iter_data data = {};
5647 
5648 	data.curr_vif = vif;
5649 
5650 	ieee80211_iterate_stations_atomic(hw,
5651 					  ath10k_mac_tdls_vif_stations_count_iter,
5652 					  &data);
5653 	return data.num_tdls_stations;
5654 }
5655 
5656 static void ath10k_mac_tdls_vifs_count_iter(void *data, u8 *mac,
5657 					    struct ieee80211_vif *vif)
5658 {
5659 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5660 	int *num_tdls_vifs = data;
5661 
5662 	if (vif->type != NL80211_IFTYPE_STATION)
5663 		return;
5664 
5665 	if (ath10k_mac_tdls_vif_stations_count(arvif->ar->hw, vif) > 0)
5666 		(*num_tdls_vifs)++;
5667 }
5668 
5669 static int ath10k_mac_tdls_vifs_count(struct ieee80211_hw *hw)
5670 {
5671 	int num_tdls_vifs = 0;
5672 
5673 	ieee80211_iterate_active_interfaces_atomic(hw,
5674 						   IEEE80211_IFACE_ITER_NORMAL,
5675 						   ath10k_mac_tdls_vifs_count_iter,
5676 						   &num_tdls_vifs);
5677 	return num_tdls_vifs;
5678 }
5679 
5680 static int ath10k_hw_scan(struct ieee80211_hw *hw,
5681 			  struct ieee80211_vif *vif,
5682 			  struct ieee80211_scan_request *hw_req)
5683 {
5684 	struct ath10k *ar = hw->priv;
5685 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5686 	struct cfg80211_scan_request *req = &hw_req->req;
5687 	struct wmi_start_scan_arg arg;
5688 	int ret = 0;
5689 	int i;
5690 	u32 scan_timeout;
5691 
5692 	mutex_lock(&ar->conf_mutex);
5693 
5694 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
5695 		ret = -EBUSY;
5696 		goto exit;
5697 	}
5698 
5699 	spin_lock_bh(&ar->data_lock);
5700 	switch (ar->scan.state) {
5701 	case ATH10K_SCAN_IDLE:
5702 		reinit_completion(&ar->scan.started);
5703 		reinit_completion(&ar->scan.completed);
5704 		ar->scan.state = ATH10K_SCAN_STARTING;
5705 		ar->scan.is_roc = false;
5706 		ar->scan.vdev_id = arvif->vdev_id;
5707 		ret = 0;
5708 		break;
5709 	case ATH10K_SCAN_STARTING:
5710 	case ATH10K_SCAN_RUNNING:
5711 	case ATH10K_SCAN_ABORTING:
5712 		ret = -EBUSY;
5713 		break;
5714 	}
5715 	spin_unlock_bh(&ar->data_lock);
5716 
5717 	if (ret)
5718 		goto exit;
5719 
5720 	memset(&arg, 0, sizeof(arg));
5721 	ath10k_wmi_start_scan_init(ar, &arg);
5722 	arg.vdev_id = arvif->vdev_id;
5723 	arg.scan_id = ATH10K_SCAN_ID;
5724 
5725 	if (req->ie_len) {
5726 		arg.ie_len = req->ie_len;
5727 		memcpy(arg.ie, req->ie, arg.ie_len);
5728 	}
5729 
5730 	if (req->n_ssids) {
5731 		arg.n_ssids = req->n_ssids;
5732 		for (i = 0; i < arg.n_ssids; i++) {
5733 			arg.ssids[i].len  = req->ssids[i].ssid_len;
5734 			arg.ssids[i].ssid = req->ssids[i].ssid;
5735 		}
5736 	} else {
5737 		arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
5738 	}
5739 
5740 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
5741 		arg.scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
5742 		ether_addr_copy(arg.mac_addr.addr, req->mac_addr);
5743 		ether_addr_copy(arg.mac_mask.addr, req->mac_addr_mask);
5744 	}
5745 
5746 	if (req->n_channels) {
5747 		arg.n_channels = req->n_channels;
5748 		for (i = 0; i < arg.n_channels; i++)
5749 			arg.channels[i] = req->channels[i]->center_freq;
5750 	}
5751 
5752 	/* if duration is set, default dwell times will be overwritten */
5753 	if (req->duration) {
5754 		arg.dwell_time_active = req->duration;
5755 		arg.dwell_time_passive = req->duration;
5756 		arg.burst_duration_ms = req->duration;
5757 
5758 		scan_timeout = min_t(u32, arg.max_rest_time *
5759 				(arg.n_channels - 1) + (req->duration +
5760 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
5761 				arg.n_channels, arg.max_scan_time + 200);
5762 
5763 	} else {
5764 		/* Add a 200ms margin to account for event/command processing */
5765 		scan_timeout = arg.max_scan_time + 200;
5766 	}
5767 
5768 	ret = ath10k_start_scan(ar, &arg);
5769 	if (ret) {
5770 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
5771 		spin_lock_bh(&ar->data_lock);
5772 		ar->scan.state = ATH10K_SCAN_IDLE;
5773 		spin_unlock_bh(&ar->data_lock);
5774 	}
5775 
5776 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
5777 				     msecs_to_jiffies(scan_timeout));
5778 
5779 exit:
5780 	mutex_unlock(&ar->conf_mutex);
5781 	return ret;
5782 }
5783 
5784 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
5785 				  struct ieee80211_vif *vif)
5786 {
5787 	struct ath10k *ar = hw->priv;
5788 
5789 	mutex_lock(&ar->conf_mutex);
5790 	ath10k_scan_abort(ar);
5791 	mutex_unlock(&ar->conf_mutex);
5792 
5793 	cancel_delayed_work_sync(&ar->scan.timeout);
5794 }
5795 
5796 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
5797 					struct ath10k_vif *arvif,
5798 					enum set_key_cmd cmd,
5799 					struct ieee80211_key_conf *key)
5800 {
5801 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
5802 	int ret;
5803 
5804 	/* 10.1 firmware branch requires default key index to be set to group
5805 	 * key index after installing it. Otherwise FW/HW Txes corrupted
5806 	 * frames with multi-vif APs. This is not required for main firmware
5807 	 * branch (e.g. 636).
5808 	 *
5809 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
5810 	 *
5811 	 * FIXME: It remains unknown if this is required for multi-vif STA
5812 	 * interfaces on 10.1.
5813 	 */
5814 
5815 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
5816 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
5817 		return;
5818 
5819 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
5820 		return;
5821 
5822 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
5823 		return;
5824 
5825 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
5826 		return;
5827 
5828 	if (cmd != SET_KEY)
5829 		return;
5830 
5831 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5832 					key->keyidx);
5833 	if (ret)
5834 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
5835 			    arvif->vdev_id, ret);
5836 }
5837 
5838 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
5839 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
5840 			  struct ieee80211_key_conf *key)
5841 {
5842 	struct ath10k *ar = hw->priv;
5843 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5844 	struct ath10k_peer *peer;
5845 	const u8 *peer_addr;
5846 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
5847 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
5848 	int ret = 0;
5849 	int ret2;
5850 	u32 flags = 0;
5851 	u32 flags2;
5852 
5853 	/* this one needs to be done in software */
5854 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
5855 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
5856 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
5857 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
5858 		return 1;
5859 
5860 	if (arvif->nohwcrypt)
5861 		return 1;
5862 
5863 	if (key->keyidx > WMI_MAX_KEY_INDEX)
5864 		return -ENOSPC;
5865 
5866 	mutex_lock(&ar->conf_mutex);
5867 
5868 	if (sta)
5869 		peer_addr = sta->addr;
5870 	else if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
5871 		peer_addr = vif->bss_conf.bssid;
5872 	else
5873 		peer_addr = vif->addr;
5874 
5875 	key->hw_key_idx = key->keyidx;
5876 
5877 	if (is_wep) {
5878 		if (cmd == SET_KEY)
5879 			arvif->wep_keys[key->keyidx] = key;
5880 		else
5881 			arvif->wep_keys[key->keyidx] = NULL;
5882 	}
5883 
5884 	/* the peer should not disappear in mid-way (unless FW goes awry) since
5885 	 * we already hold conf_mutex. we just make sure its there now.
5886 	 */
5887 	spin_lock_bh(&ar->data_lock);
5888 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
5889 	spin_unlock_bh(&ar->data_lock);
5890 
5891 	if (!peer) {
5892 		if (cmd == SET_KEY) {
5893 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
5894 				    peer_addr);
5895 			ret = -EOPNOTSUPP;
5896 			goto exit;
5897 		} else {
5898 			/* if the peer doesn't exist there is no key to disable anymore */
5899 			goto exit;
5900 		}
5901 	}
5902 
5903 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
5904 		flags |= WMI_KEY_PAIRWISE;
5905 	else
5906 		flags |= WMI_KEY_GROUP;
5907 
5908 	if (is_wep) {
5909 		if (cmd == DISABLE_KEY)
5910 			ath10k_clear_vdev_key(arvif, key);
5911 
5912 		/* When WEP keys are uploaded it's possible that there are
5913 		 * stations associated already (e.g. when merging) without any
5914 		 * keys. Static WEP needs an explicit per-peer key upload.
5915 		 */
5916 		if (vif->type == NL80211_IFTYPE_ADHOC &&
5917 		    cmd == SET_KEY)
5918 			ath10k_mac_vif_update_wep_key(arvif, key);
5919 
5920 		/* 802.1x never sets the def_wep_key_idx so each set_key()
5921 		 * call changes default tx key.
5922 		 *
5923 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
5924 		 * after first set_key().
5925 		 */
5926 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
5927 			flags |= WMI_KEY_TX_USAGE;
5928 	}
5929 
5930 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
5931 	if (ret) {
5932 		WARN_ON(ret > 0);
5933 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
5934 			    arvif->vdev_id, peer_addr, ret);
5935 		goto exit;
5936 	}
5937 
5938 	/* mac80211 sets static WEP keys as groupwise while firmware requires
5939 	 * them to be installed twice as both pairwise and groupwise.
5940 	 */
5941 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
5942 		flags2 = flags;
5943 		flags2 &= ~WMI_KEY_GROUP;
5944 		flags2 |= WMI_KEY_PAIRWISE;
5945 
5946 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
5947 		if (ret) {
5948 			WARN_ON(ret > 0);
5949 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
5950 				    arvif->vdev_id, peer_addr, ret);
5951 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
5952 						  peer_addr, flags);
5953 			if (ret2) {
5954 				WARN_ON(ret2 > 0);
5955 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
5956 					    arvif->vdev_id, peer_addr, ret2);
5957 			}
5958 			goto exit;
5959 		}
5960 	}
5961 
5962 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
5963 
5964 	spin_lock_bh(&ar->data_lock);
5965 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
5966 	if (peer && cmd == SET_KEY)
5967 		peer->keys[key->keyidx] = key;
5968 	else if (peer && cmd == DISABLE_KEY)
5969 		peer->keys[key->keyidx] = NULL;
5970 	else if (peer == NULL)
5971 		/* impossible unless FW goes crazy */
5972 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
5973 	spin_unlock_bh(&ar->data_lock);
5974 
5975 	if (sta && sta->tdls)
5976 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
5977 					  WMI_PEER_AUTHORIZE, 1);
5978 
5979 exit:
5980 	mutex_unlock(&ar->conf_mutex);
5981 	return ret;
5982 }
5983 
5984 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
5985 					   struct ieee80211_vif *vif,
5986 					   int keyidx)
5987 {
5988 	struct ath10k *ar = hw->priv;
5989 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5990 	int ret;
5991 
5992 	mutex_lock(&arvif->ar->conf_mutex);
5993 
5994 	if (arvif->ar->state != ATH10K_STATE_ON)
5995 		goto unlock;
5996 
5997 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
5998 		   arvif->vdev_id, keyidx);
5999 
6000 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6001 					arvif->vdev_id,
6002 					arvif->ar->wmi.vdev_param->def_keyid,
6003 					keyidx);
6004 
6005 	if (ret) {
6006 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6007 			    arvif->vdev_id,
6008 			    ret);
6009 		goto unlock;
6010 	}
6011 
6012 	arvif->def_wep_key_idx = keyidx;
6013 
6014 unlock:
6015 	mutex_unlock(&arvif->ar->conf_mutex);
6016 }
6017 
6018 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6019 {
6020 	struct ath10k *ar;
6021 	struct ath10k_vif *arvif;
6022 	struct ath10k_sta *arsta;
6023 	struct ieee80211_sta *sta;
6024 	struct cfg80211_chan_def def;
6025 	enum nl80211_band band;
6026 	const u8 *ht_mcs_mask;
6027 	const u16 *vht_mcs_mask;
6028 	u32 changed, bw, nss, smps;
6029 	int err;
6030 
6031 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6032 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6033 	arvif = arsta->arvif;
6034 	ar = arvif->ar;
6035 
6036 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6037 		return;
6038 
6039 	band = def.chan->band;
6040 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6041 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6042 
6043 	spin_lock_bh(&ar->data_lock);
6044 
6045 	changed = arsta->changed;
6046 	arsta->changed = 0;
6047 
6048 	bw = arsta->bw;
6049 	nss = arsta->nss;
6050 	smps = arsta->smps;
6051 
6052 	spin_unlock_bh(&ar->data_lock);
6053 
6054 	mutex_lock(&ar->conf_mutex);
6055 
6056 	nss = max_t(u32, 1, nss);
6057 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6058 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6059 
6060 	if (changed & IEEE80211_RC_BW_CHANGED) {
6061 		enum wmi_phy_mode mode;
6062 
6063 		mode = chan_to_phymode(&def);
6064 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM peer bw %d phymode %d\n",
6065 				sta->addr, bw, mode);
6066 
6067 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6068 				WMI_PEER_PHYMODE, mode);
6069 		if (err) {
6070 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6071 					sta->addr, mode, err);
6072 			goto exit;
6073 		}
6074 
6075 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6076 						WMI_PEER_CHAN_WIDTH, bw);
6077 		if (err)
6078 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6079 				    sta->addr, bw, err);
6080 	}
6081 
6082 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6083 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM nss %d\n",
6084 			   sta->addr, nss);
6085 
6086 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6087 						WMI_PEER_NSS, nss);
6088 		if (err)
6089 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6090 				    sta->addr, nss, err);
6091 	}
6092 
6093 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6094 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM smps %d\n",
6095 			   sta->addr, smps);
6096 
6097 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6098 						WMI_PEER_SMPS_STATE, smps);
6099 		if (err)
6100 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6101 				    sta->addr, smps, err);
6102 	}
6103 
6104 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6105 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM supp rates\n",
6106 			   sta->addr);
6107 
6108 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6109 		if (err)
6110 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6111 				    sta->addr);
6112 	}
6113 
6114 exit:
6115 	mutex_unlock(&ar->conf_mutex);
6116 }
6117 
6118 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6119 				       struct ieee80211_sta *sta)
6120 {
6121 	struct ath10k *ar = arvif->ar;
6122 
6123 	lockdep_assert_held(&ar->conf_mutex);
6124 
6125 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6126 		return 0;
6127 
6128 	if (ar->num_stations >= ar->max_num_stations)
6129 		return -ENOBUFS;
6130 
6131 	ar->num_stations++;
6132 
6133 	return 0;
6134 }
6135 
6136 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6137 					struct ieee80211_sta *sta)
6138 {
6139 	struct ath10k *ar = arvif->ar;
6140 
6141 	lockdep_assert_held(&ar->conf_mutex);
6142 
6143 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6144 		return;
6145 
6146 	ar->num_stations--;
6147 }
6148 
6149 static int ath10k_sta_state(struct ieee80211_hw *hw,
6150 			    struct ieee80211_vif *vif,
6151 			    struct ieee80211_sta *sta,
6152 			    enum ieee80211_sta_state old_state,
6153 			    enum ieee80211_sta_state new_state)
6154 {
6155 	struct ath10k *ar = hw->priv;
6156 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6157 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6158 	struct ath10k_peer *peer;
6159 	int ret = 0;
6160 	int i;
6161 
6162 	if (old_state == IEEE80211_STA_NOTEXIST &&
6163 	    new_state == IEEE80211_STA_NONE) {
6164 		memset(arsta, 0, sizeof(*arsta));
6165 		arsta->arvif = arvif;
6166 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
6167 
6168 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
6169 			ath10k_mac_txq_init(sta->txq[i]);
6170 	}
6171 
6172 	/* cancel must be done outside the mutex to avoid deadlock */
6173 	if ((old_state == IEEE80211_STA_NONE &&
6174 	     new_state == IEEE80211_STA_NOTEXIST))
6175 		cancel_work_sync(&arsta->update_wk);
6176 
6177 	mutex_lock(&ar->conf_mutex);
6178 
6179 	if (old_state == IEEE80211_STA_NOTEXIST &&
6180 	    new_state == IEEE80211_STA_NONE) {
6181 		/*
6182 		 * New station addition.
6183 		 */
6184 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
6185 		u32 num_tdls_stations;
6186 		u32 num_tdls_vifs;
6187 
6188 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6189 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
6190 			   arvif->vdev_id, sta->addr,
6191 			   ar->num_stations + 1, ar->max_num_stations,
6192 			   ar->num_peers + 1, ar->max_num_peers);
6193 
6194 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
6195 		num_tdls_vifs = ath10k_mac_tdls_vifs_count(hw);
6196 
6197 		if (sta->tdls) {
6198 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
6199 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
6200 					    arvif->vdev_id,
6201 					    ar->max_num_tdls_vdevs);
6202 				ret = -ELNRNG;
6203 				goto exit;
6204 			}
6205 			peer_type = WMI_PEER_TYPE_TDLS;
6206 		}
6207 
6208 		ret = ath10k_mac_inc_num_stations(arvif, sta);
6209 		if (ret) {
6210 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
6211 				    ar->max_num_stations);
6212 			goto exit;
6213 		}
6214 
6215 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
6216 					 sta->addr, peer_type);
6217 		if (ret) {
6218 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
6219 				    sta->addr, arvif->vdev_id, ret);
6220 			ath10k_mac_dec_num_stations(arvif, sta);
6221 			goto exit;
6222 		}
6223 
6224 		spin_lock_bh(&ar->data_lock);
6225 
6226 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
6227 		if (!peer) {
6228 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
6229 				    vif->addr, arvif->vdev_id);
6230 			spin_unlock_bh(&ar->data_lock);
6231 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
6232 			ath10k_mac_dec_num_stations(arvif, sta);
6233 			ret = -ENOENT;
6234 			goto exit;
6235 		}
6236 
6237 		arsta->peer_id = find_first_bit(peer->peer_ids,
6238 						ATH10K_MAX_NUM_PEER_IDS);
6239 
6240 		spin_unlock_bh(&ar->data_lock);
6241 
6242 		if (!sta->tdls)
6243 			goto exit;
6244 
6245 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
6246 						      WMI_TDLS_ENABLE_ACTIVE);
6247 		if (ret) {
6248 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
6249 				    arvif->vdev_id, ret);
6250 			ath10k_peer_delete(ar, arvif->vdev_id,
6251 					   sta->addr);
6252 			ath10k_mac_dec_num_stations(arvif, sta);
6253 			goto exit;
6254 		}
6255 
6256 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
6257 						  WMI_TDLS_PEER_STATE_PEERING);
6258 		if (ret) {
6259 			ath10k_warn(ar,
6260 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
6261 				    sta->addr, arvif->vdev_id, ret);
6262 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
6263 			ath10k_mac_dec_num_stations(arvif, sta);
6264 
6265 			if (num_tdls_stations != 0)
6266 				goto exit;
6267 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
6268 							WMI_TDLS_DISABLE);
6269 		}
6270 	} else if ((old_state == IEEE80211_STA_NONE &&
6271 		    new_state == IEEE80211_STA_NOTEXIST)) {
6272 		/*
6273 		 * Existing station deletion.
6274 		 */
6275 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6276 			   "mac vdev %d peer delete %pM sta %pK (sta gone)\n",
6277 			   arvif->vdev_id, sta->addr, sta);
6278 
6279 		if (sta->tdls) {
6280 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
6281 							  sta,
6282 							  WMI_TDLS_PEER_STATE_TEARDOWN);
6283 			if (ret)
6284 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
6285 					    sta->addr,
6286 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
6287 		}
6288 
6289 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
6290 		if (ret)
6291 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
6292 				    sta->addr, arvif->vdev_id, ret);
6293 
6294 		ath10k_mac_dec_num_stations(arvif, sta);
6295 
6296 		spin_lock_bh(&ar->data_lock);
6297 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
6298 			peer = ar->peer_map[i];
6299 			if (!peer)
6300 				continue;
6301 
6302 			if (peer->sta == sta) {
6303 				ath10k_warn(ar, "found sta peer %pM (ptr %pK id %d) entry on vdev %i after it was supposedly removed\n",
6304 					    sta->addr, peer, i, arvif->vdev_id);
6305 				peer->sta = NULL;
6306 
6307 				/* Clean up the peer object as well since we
6308 				 * must have failed to do this above.
6309 				 */
6310 				list_del(&peer->list);
6311 				ar->peer_map[i] = NULL;
6312 				kfree(peer);
6313 				ar->num_peers--;
6314 			}
6315 		}
6316 		spin_unlock_bh(&ar->data_lock);
6317 
6318 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
6319 			ath10k_mac_txq_unref(ar, sta->txq[i]);
6320 
6321 		if (!sta->tdls)
6322 			goto exit;
6323 
6324 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
6325 			goto exit;
6326 
6327 		/* This was the last tdls peer in current vif */
6328 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
6329 						      WMI_TDLS_DISABLE);
6330 		if (ret) {
6331 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
6332 				    arvif->vdev_id, ret);
6333 		}
6334 	} else if (old_state == IEEE80211_STA_AUTH &&
6335 		   new_state == IEEE80211_STA_ASSOC &&
6336 		   (vif->type == NL80211_IFTYPE_AP ||
6337 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
6338 		    vif->type == NL80211_IFTYPE_ADHOC)) {
6339 		/*
6340 		 * New association.
6341 		 */
6342 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac sta %pM associated\n",
6343 			   sta->addr);
6344 
6345 		ret = ath10k_station_assoc(ar, vif, sta, false);
6346 		if (ret)
6347 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
6348 				    sta->addr, arvif->vdev_id, ret);
6349 	} else if (old_state == IEEE80211_STA_ASSOC &&
6350 		   new_state == IEEE80211_STA_AUTHORIZED &&
6351 		   sta->tdls) {
6352 		/*
6353 		 * Tdls station authorized.
6354 		 */
6355 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac tdls sta %pM authorized\n",
6356 			   sta->addr);
6357 
6358 		ret = ath10k_station_assoc(ar, vif, sta, false);
6359 		if (ret) {
6360 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
6361 				    sta->addr, arvif->vdev_id, ret);
6362 			goto exit;
6363 		}
6364 
6365 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
6366 						  WMI_TDLS_PEER_STATE_CONNECTED);
6367 		if (ret)
6368 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
6369 				    sta->addr, arvif->vdev_id, ret);
6370 	} else if (old_state == IEEE80211_STA_ASSOC &&
6371 		    new_state == IEEE80211_STA_AUTH &&
6372 		    (vif->type == NL80211_IFTYPE_AP ||
6373 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
6374 		     vif->type == NL80211_IFTYPE_ADHOC)) {
6375 		/*
6376 		 * Disassociation.
6377 		 */
6378 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac sta %pM disassociated\n",
6379 			   sta->addr);
6380 
6381 		ret = ath10k_station_disassoc(ar, vif, sta);
6382 		if (ret)
6383 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
6384 				    sta->addr, arvif->vdev_id, ret);
6385 	}
6386 exit:
6387 	mutex_unlock(&ar->conf_mutex);
6388 	return ret;
6389 }
6390 
6391 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
6392 				u16 ac, bool enable)
6393 {
6394 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6395 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
6396 	u32 prio = 0, acc = 0;
6397 	u32 value = 0;
6398 	int ret = 0;
6399 
6400 	lockdep_assert_held(&ar->conf_mutex);
6401 
6402 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
6403 		return 0;
6404 
6405 	switch (ac) {
6406 	case IEEE80211_AC_VO:
6407 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
6408 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
6409 		prio = 7;
6410 		acc = 3;
6411 		break;
6412 	case IEEE80211_AC_VI:
6413 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
6414 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
6415 		prio = 5;
6416 		acc = 2;
6417 		break;
6418 	case IEEE80211_AC_BE:
6419 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
6420 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
6421 		prio = 2;
6422 		acc = 1;
6423 		break;
6424 	case IEEE80211_AC_BK:
6425 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
6426 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
6427 		prio = 0;
6428 		acc = 0;
6429 		break;
6430 	}
6431 
6432 	if (enable)
6433 		arvif->u.sta.uapsd |= value;
6434 	else
6435 		arvif->u.sta.uapsd &= ~value;
6436 
6437 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
6438 					  WMI_STA_PS_PARAM_UAPSD,
6439 					  arvif->u.sta.uapsd);
6440 	if (ret) {
6441 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
6442 		goto exit;
6443 	}
6444 
6445 	if (arvif->u.sta.uapsd)
6446 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
6447 	else
6448 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
6449 
6450 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
6451 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
6452 					  value);
6453 	if (ret)
6454 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
6455 
6456 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
6457 	if (ret) {
6458 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
6459 			    arvif->vdev_id, ret);
6460 		return ret;
6461 	}
6462 
6463 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
6464 	if (ret) {
6465 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
6466 			    arvif->vdev_id, ret);
6467 		return ret;
6468 	}
6469 
6470 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
6471 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
6472 		/* Only userspace can make an educated decision when to send
6473 		 * trigger frame. The following effectively disables u-UAPSD
6474 		 * autotrigger in firmware (which is enabled by default
6475 		 * provided the autotrigger service is available).
6476 		 */
6477 
6478 		arg.wmm_ac = acc;
6479 		arg.user_priority = prio;
6480 		arg.service_interval = 0;
6481 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
6482 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
6483 
6484 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
6485 						arvif->bssid, &arg, 1);
6486 		if (ret) {
6487 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
6488 				    ret);
6489 			return ret;
6490 		}
6491 	}
6492 
6493 exit:
6494 	return ret;
6495 }
6496 
6497 static int ath10k_conf_tx(struct ieee80211_hw *hw,
6498 			  struct ieee80211_vif *vif, u16 ac,
6499 			  const struct ieee80211_tx_queue_params *params)
6500 {
6501 	struct ath10k *ar = hw->priv;
6502 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6503 	struct wmi_wmm_params_arg *p = NULL;
6504 	int ret;
6505 
6506 	mutex_lock(&ar->conf_mutex);
6507 
6508 	switch (ac) {
6509 	case IEEE80211_AC_VO:
6510 		p = &arvif->wmm_params.ac_vo;
6511 		break;
6512 	case IEEE80211_AC_VI:
6513 		p = &arvif->wmm_params.ac_vi;
6514 		break;
6515 	case IEEE80211_AC_BE:
6516 		p = &arvif->wmm_params.ac_be;
6517 		break;
6518 	case IEEE80211_AC_BK:
6519 		p = &arvif->wmm_params.ac_bk;
6520 		break;
6521 	}
6522 
6523 	if (WARN_ON(!p)) {
6524 		ret = -EINVAL;
6525 		goto exit;
6526 	}
6527 
6528 	p->cwmin = params->cw_min;
6529 	p->cwmax = params->cw_max;
6530 	p->aifs = params->aifs;
6531 
6532 	/*
6533 	 * The channel time duration programmed in the HW is in absolute
6534 	 * microseconds, while mac80211 gives the txop in units of
6535 	 * 32 microseconds.
6536 	 */
6537 	p->txop = params->txop * 32;
6538 
6539 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
6540 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
6541 					       &arvif->wmm_params);
6542 		if (ret) {
6543 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
6544 				    arvif->vdev_id, ret);
6545 			goto exit;
6546 		}
6547 	} else {
6548 		/* This won't work well with multi-interface cases but it's
6549 		 * better than nothing.
6550 		 */
6551 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
6552 		if (ret) {
6553 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
6554 			goto exit;
6555 		}
6556 	}
6557 
6558 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
6559 	if (ret)
6560 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
6561 
6562 exit:
6563 	mutex_unlock(&ar->conf_mutex);
6564 	return ret;
6565 }
6566 
6567 #define ATH10K_ROC_TIMEOUT_HZ (2 * HZ)
6568 
6569 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
6570 				    struct ieee80211_vif *vif,
6571 				    struct ieee80211_channel *chan,
6572 				    int duration,
6573 				    enum ieee80211_roc_type type)
6574 {
6575 	struct ath10k *ar = hw->priv;
6576 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6577 	struct wmi_start_scan_arg arg;
6578 	int ret = 0;
6579 	u32 scan_time_msec;
6580 
6581 	mutex_lock(&ar->conf_mutex);
6582 
6583 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6584 		ret = -EBUSY;
6585 		goto exit;
6586 	}
6587 
6588 	spin_lock_bh(&ar->data_lock);
6589 	switch (ar->scan.state) {
6590 	case ATH10K_SCAN_IDLE:
6591 		reinit_completion(&ar->scan.started);
6592 		reinit_completion(&ar->scan.completed);
6593 		reinit_completion(&ar->scan.on_channel);
6594 		ar->scan.state = ATH10K_SCAN_STARTING;
6595 		ar->scan.is_roc = true;
6596 		ar->scan.vdev_id = arvif->vdev_id;
6597 		ar->scan.roc_freq = chan->center_freq;
6598 		ar->scan.roc_notify = true;
6599 		ret = 0;
6600 		break;
6601 	case ATH10K_SCAN_STARTING:
6602 	case ATH10K_SCAN_RUNNING:
6603 	case ATH10K_SCAN_ABORTING:
6604 		ret = -EBUSY;
6605 		break;
6606 	}
6607 	spin_unlock_bh(&ar->data_lock);
6608 
6609 	if (ret)
6610 		goto exit;
6611 
6612 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
6613 
6614 	memset(&arg, 0, sizeof(arg));
6615 	ath10k_wmi_start_scan_init(ar, &arg);
6616 	arg.vdev_id = arvif->vdev_id;
6617 	arg.scan_id = ATH10K_SCAN_ID;
6618 	arg.n_channels = 1;
6619 	arg.channels[0] = chan->center_freq;
6620 	arg.dwell_time_active = scan_time_msec;
6621 	arg.dwell_time_passive = scan_time_msec;
6622 	arg.max_scan_time = scan_time_msec;
6623 	arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6624 	arg.scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
6625 	arg.burst_duration_ms = duration;
6626 
6627 	ret = ath10k_start_scan(ar, &arg);
6628 	if (ret) {
6629 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
6630 		spin_lock_bh(&ar->data_lock);
6631 		ar->scan.state = ATH10K_SCAN_IDLE;
6632 		spin_unlock_bh(&ar->data_lock);
6633 		goto exit;
6634 	}
6635 
6636 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
6637 	if (ret == 0) {
6638 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
6639 
6640 		ret = ath10k_scan_stop(ar);
6641 		if (ret)
6642 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
6643 
6644 		ret = -ETIMEDOUT;
6645 		goto exit;
6646 	}
6647 
6648 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6649 				     msecs_to_jiffies(duration));
6650 
6651 	ret = 0;
6652 exit:
6653 	mutex_unlock(&ar->conf_mutex);
6654 	return ret;
6655 }
6656 
6657 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw)
6658 {
6659 	struct ath10k *ar = hw->priv;
6660 
6661 	mutex_lock(&ar->conf_mutex);
6662 
6663 	spin_lock_bh(&ar->data_lock);
6664 	ar->scan.roc_notify = false;
6665 	spin_unlock_bh(&ar->data_lock);
6666 
6667 	ath10k_scan_abort(ar);
6668 
6669 	mutex_unlock(&ar->conf_mutex);
6670 
6671 	cancel_delayed_work_sync(&ar->scan.timeout);
6672 
6673 	return 0;
6674 }
6675 
6676 /*
6677  * Both RTS and Fragmentation threshold are interface-specific
6678  * in ath10k, but device-specific in mac80211.
6679  */
6680 
6681 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
6682 {
6683 	struct ath10k *ar = hw->priv;
6684 	struct ath10k_vif *arvif;
6685 	int ret = 0;
6686 
6687 	mutex_lock(&ar->conf_mutex);
6688 	list_for_each_entry(arvif, &ar->arvifs, list) {
6689 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
6690 			   arvif->vdev_id, value);
6691 
6692 		ret = ath10k_mac_set_rts(arvif, value);
6693 		if (ret) {
6694 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
6695 				    arvif->vdev_id, ret);
6696 			break;
6697 		}
6698 	}
6699 	mutex_unlock(&ar->conf_mutex);
6700 
6701 	return ret;
6702 }
6703 
6704 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
6705 {
6706 	/* Even though there's a WMI enum for fragmentation threshold no known
6707 	 * firmware actually implements it. Moreover it is not possible to rely
6708 	 * frame fragmentation to mac80211 because firmware clears the "more
6709 	 * fragments" bit in frame control making it impossible for remote
6710 	 * devices to reassemble frames.
6711 	 *
6712 	 * Hence implement a dummy callback just to say fragmentation isn't
6713 	 * supported. This effectively prevents mac80211 from doing frame
6714 	 * fragmentation in software.
6715 	 */
6716 	return -EOPNOTSUPP;
6717 }
6718 
6719 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
6720 			 u32 queues, bool drop)
6721 {
6722 	struct ath10k *ar = hw->priv;
6723 	bool skip;
6724 	long time_left;
6725 
6726 	/* mac80211 doesn't care if we really xmit queued frames or not
6727 	 * we'll collect those frames either way if we stop/delete vdevs
6728 	 */
6729 	if (drop)
6730 		return;
6731 
6732 	mutex_lock(&ar->conf_mutex);
6733 
6734 	if (ar->state == ATH10K_STATE_WEDGED)
6735 		goto skip;
6736 
6737 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
6738 			bool empty;
6739 
6740 			spin_lock_bh(&ar->htt.tx_lock);
6741 			empty = (ar->htt.num_pending_tx == 0);
6742 			spin_unlock_bh(&ar->htt.tx_lock);
6743 
6744 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
6745 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
6746 					&ar->dev_flags);
6747 
6748 			(empty || skip);
6749 		}), ATH10K_FLUSH_TIMEOUT_HZ);
6750 
6751 	if (time_left == 0 || skip)
6752 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
6753 			    skip, ar->state, time_left);
6754 
6755 skip:
6756 	mutex_unlock(&ar->conf_mutex);
6757 }
6758 
6759 /* TODO: Implement this function properly
6760  * For now it is needed to reply to Probe Requests in IBSS mode.
6761  * Propably we need this information from FW.
6762  */
6763 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
6764 {
6765 	return 1;
6766 }
6767 
6768 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
6769 				     enum ieee80211_reconfig_type reconfig_type)
6770 {
6771 	struct ath10k *ar = hw->priv;
6772 
6773 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
6774 		return;
6775 
6776 	mutex_lock(&ar->conf_mutex);
6777 
6778 	/* If device failed to restart it will be in a different state, e.g.
6779 	 * ATH10K_STATE_WEDGED
6780 	 */
6781 	if (ar->state == ATH10K_STATE_RESTARTED) {
6782 		ath10k_info(ar, "device successfully recovered\n");
6783 		ar->state = ATH10K_STATE_ON;
6784 		ieee80211_wake_queues(ar->hw);
6785 	}
6786 
6787 	mutex_unlock(&ar->conf_mutex);
6788 }
6789 
6790 static void
6791 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
6792 				  struct ieee80211_channel *channel)
6793 {
6794 	int ret;
6795 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ_CLEAR;
6796 
6797 	lockdep_assert_held(&ar->conf_mutex);
6798 
6799 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
6800 	    (ar->rx_channel != channel))
6801 		return;
6802 
6803 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
6804 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
6805 		return;
6806 	}
6807 
6808 	reinit_completion(&ar->bss_survey_done);
6809 
6810 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
6811 	if (ret) {
6812 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
6813 		return;
6814 	}
6815 
6816 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
6817 	if (!ret) {
6818 		ath10k_warn(ar, "bss channel survey timed out\n");
6819 		return;
6820 	}
6821 }
6822 
6823 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
6824 			     struct survey_info *survey)
6825 {
6826 	struct ath10k *ar = hw->priv;
6827 	struct ieee80211_supported_band *sband;
6828 	struct survey_info *ar_survey = &ar->survey[idx];
6829 	int ret = 0;
6830 
6831 	mutex_lock(&ar->conf_mutex);
6832 
6833 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
6834 	if (sband && idx >= sband->n_channels) {
6835 		idx -= sband->n_channels;
6836 		sband = NULL;
6837 	}
6838 
6839 	if (!sband)
6840 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
6841 
6842 	if (!sband || idx >= sband->n_channels) {
6843 		ret = -ENOENT;
6844 		goto exit;
6845 	}
6846 
6847 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
6848 
6849 	spin_lock_bh(&ar->data_lock);
6850 	memcpy(survey, ar_survey, sizeof(*survey));
6851 	spin_unlock_bh(&ar->data_lock);
6852 
6853 	survey->channel = &sband->channels[idx];
6854 
6855 	if (ar->rx_channel == survey->channel)
6856 		survey->filled |= SURVEY_INFO_IN_USE;
6857 
6858 exit:
6859 	mutex_unlock(&ar->conf_mutex);
6860 	return ret;
6861 }
6862 
6863 static bool
6864 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6865 					enum nl80211_band band,
6866 					const struct cfg80211_bitrate_mask *mask)
6867 {
6868 	int num_rates = 0;
6869 	int i;
6870 
6871 	num_rates += hweight32(mask->control[band].legacy);
6872 
6873 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6874 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6875 
6876 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++)
6877 		num_rates += hweight16(mask->control[band].vht_mcs[i]);
6878 
6879 	return num_rates == 1;
6880 }
6881 
6882 static bool
6883 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
6884 				       enum nl80211_band band,
6885 				       const struct cfg80211_bitrate_mask *mask,
6886 				       int *nss)
6887 {
6888 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
6889 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
6890 	u8 ht_nss_mask = 0;
6891 	u8 vht_nss_mask = 0;
6892 	int i;
6893 
6894 	if (mask->control[band].legacy)
6895 		return false;
6896 
6897 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6898 		if (mask->control[band].ht_mcs[i] == 0)
6899 			continue;
6900 		else if (mask->control[band].ht_mcs[i] ==
6901 			 sband->ht_cap.mcs.rx_mask[i])
6902 			ht_nss_mask |= BIT(i);
6903 		else
6904 			return false;
6905 	}
6906 
6907 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6908 		if (mask->control[band].vht_mcs[i] == 0)
6909 			continue;
6910 		else if (mask->control[band].vht_mcs[i] ==
6911 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
6912 			vht_nss_mask |= BIT(i);
6913 		else
6914 			return false;
6915 	}
6916 
6917 	if (ht_nss_mask != vht_nss_mask)
6918 		return false;
6919 
6920 	if (ht_nss_mask == 0)
6921 		return false;
6922 
6923 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
6924 		return false;
6925 
6926 	*nss = fls(ht_nss_mask);
6927 
6928 	return true;
6929 }
6930 
6931 static int
6932 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6933 					enum nl80211_band band,
6934 					const struct cfg80211_bitrate_mask *mask,
6935 					u8 *rate, u8 *nss)
6936 {
6937 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
6938 	int rate_idx;
6939 	int i;
6940 	u16 bitrate;
6941 	u8 preamble;
6942 	u8 hw_rate;
6943 
6944 	if (hweight32(mask->control[band].legacy) == 1) {
6945 		rate_idx = ffs(mask->control[band].legacy) - 1;
6946 
6947 		hw_rate = sband->bitrates[rate_idx].hw_value;
6948 		bitrate = sband->bitrates[rate_idx].bitrate;
6949 
6950 		if (ath10k_mac_bitrate_is_cck(bitrate))
6951 			preamble = WMI_RATE_PREAMBLE_CCK;
6952 		else
6953 			preamble = WMI_RATE_PREAMBLE_OFDM;
6954 
6955 		*nss = 1;
6956 		*rate = preamble << 6 |
6957 			(*nss - 1) << 4 |
6958 			hw_rate << 0;
6959 
6960 		return 0;
6961 	}
6962 
6963 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6964 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6965 			*nss = i + 1;
6966 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6967 				(*nss - 1) << 4 |
6968 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6969 
6970 			return 0;
6971 		}
6972 	}
6973 
6974 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6975 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6976 			*nss = i + 1;
6977 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6978 				(*nss - 1) << 4 |
6979 				(ffs(mask->control[band].vht_mcs[i]) - 1);
6980 
6981 			return 0;
6982 		}
6983 	}
6984 
6985 	return -EINVAL;
6986 }
6987 
6988 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
6989 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
6990 {
6991 	struct ath10k *ar = arvif->ar;
6992 	u32 vdev_param;
6993 	int ret;
6994 
6995 	lockdep_assert_held(&ar->conf_mutex);
6996 
6997 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02hhx nss %hhu sgi %hhu\n",
6998 		   arvif->vdev_id, rate, nss, sgi);
6999 
7000 	vdev_param = ar->wmi.vdev_param->fixed_rate;
7001 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
7002 	if (ret) {
7003 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
7004 			    rate, ret);
7005 		return ret;
7006 	}
7007 
7008 	vdev_param = ar->wmi.vdev_param->nss;
7009 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
7010 	if (ret) {
7011 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
7012 		return ret;
7013 	}
7014 
7015 	vdev_param = ar->wmi.vdev_param->sgi;
7016 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
7017 	if (ret) {
7018 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
7019 		return ret;
7020 	}
7021 
7022 	vdev_param = ar->wmi.vdev_param->ldpc;
7023 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
7024 	if (ret) {
7025 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
7026 		return ret;
7027 	}
7028 
7029 	return 0;
7030 }
7031 
7032 static bool
7033 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
7034 				enum nl80211_band band,
7035 				const struct cfg80211_bitrate_mask *mask)
7036 {
7037 	int i;
7038 	u16 vht_mcs;
7039 
7040 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
7041 	 * to express all VHT MCS rate masks. Effectively only the following
7042 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
7043 	 */
7044 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
7045 		vht_mcs = mask->control[band].vht_mcs[i];
7046 
7047 		switch (vht_mcs) {
7048 		case 0:
7049 		case BIT(8) - 1:
7050 		case BIT(9) - 1:
7051 		case BIT(10) - 1:
7052 			break;
7053 		default:
7054 			ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
7055 			return false;
7056 		}
7057 	}
7058 
7059 	return true;
7060 }
7061 
7062 static void ath10k_mac_set_bitrate_mask_iter(void *data,
7063 					     struct ieee80211_sta *sta)
7064 {
7065 	struct ath10k_vif *arvif = data;
7066 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7067 	struct ath10k *ar = arvif->ar;
7068 
7069 	if (arsta->arvif != arvif)
7070 		return;
7071 
7072 	spin_lock_bh(&ar->data_lock);
7073 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
7074 	spin_unlock_bh(&ar->data_lock);
7075 
7076 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
7077 }
7078 
7079 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
7080 					  struct ieee80211_vif *vif,
7081 					  const struct cfg80211_bitrate_mask *mask)
7082 {
7083 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7084 	struct cfg80211_chan_def def;
7085 	struct ath10k *ar = arvif->ar;
7086 	enum nl80211_band band;
7087 	const u8 *ht_mcs_mask;
7088 	const u16 *vht_mcs_mask;
7089 	u8 rate;
7090 	u8 nss;
7091 	u8 sgi;
7092 	u8 ldpc;
7093 	int single_nss;
7094 	int ret;
7095 
7096 	if (ath10k_mac_vif_chan(vif, &def))
7097 		return -EPERM;
7098 
7099 	band = def.chan->band;
7100 	ht_mcs_mask = mask->control[band].ht_mcs;
7101 	vht_mcs_mask = mask->control[band].vht_mcs;
7102 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
7103 
7104 	sgi = mask->control[band].gi;
7105 	if (sgi == NL80211_TXRATE_FORCE_LGI)
7106 		return -EINVAL;
7107 
7108 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask)) {
7109 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
7110 							      &rate, &nss);
7111 		if (ret) {
7112 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
7113 				    arvif->vdev_id, ret);
7114 			return ret;
7115 		}
7116 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
7117 							  &single_nss)) {
7118 		rate = WMI_FIXED_RATE_NONE;
7119 		nss = single_nss;
7120 	} else {
7121 		rate = WMI_FIXED_RATE_NONE;
7122 		nss = min(ar->num_rf_chains,
7123 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
7124 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
7125 
7126 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask))
7127 			return -EINVAL;
7128 
7129 		mutex_lock(&ar->conf_mutex);
7130 
7131 		arvif->bitrate_mask = *mask;
7132 		ieee80211_iterate_stations_atomic(ar->hw,
7133 						  ath10k_mac_set_bitrate_mask_iter,
7134 						  arvif);
7135 
7136 		mutex_unlock(&ar->conf_mutex);
7137 	}
7138 
7139 	mutex_lock(&ar->conf_mutex);
7140 
7141 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
7142 	if (ret) {
7143 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
7144 			    arvif->vdev_id, ret);
7145 		goto exit;
7146 	}
7147 
7148 exit:
7149 	mutex_unlock(&ar->conf_mutex);
7150 
7151 	return ret;
7152 }
7153 
7154 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
7155 				 struct ieee80211_vif *vif,
7156 				 struct ieee80211_sta *sta,
7157 				 u32 changed)
7158 {
7159 	struct ath10k *ar = hw->priv;
7160 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7161 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7162 	struct ath10k_peer *peer;
7163 	u32 bw, smps;
7164 
7165 	spin_lock_bh(&ar->data_lock);
7166 
7167 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7168 	if (!peer) {
7169 		spin_unlock_bh(&ar->data_lock);
7170 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
7171 			    sta->addr, arvif->vdev_id);
7172 		return;
7173 	}
7174 
7175 	ath10k_dbg(ar, ATH10K_DBG_MAC,
7176 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
7177 		   sta->addr, changed, sta->bandwidth, sta->rx_nss,
7178 		   sta->smps_mode);
7179 
7180 	if (changed & IEEE80211_RC_BW_CHANGED) {
7181 		bw = WMI_PEER_CHWIDTH_20MHZ;
7182 
7183 		switch (sta->bandwidth) {
7184 		case IEEE80211_STA_RX_BW_20:
7185 			bw = WMI_PEER_CHWIDTH_20MHZ;
7186 			break;
7187 		case IEEE80211_STA_RX_BW_40:
7188 			bw = WMI_PEER_CHWIDTH_40MHZ;
7189 			break;
7190 		case IEEE80211_STA_RX_BW_80:
7191 			bw = WMI_PEER_CHWIDTH_80MHZ;
7192 			break;
7193 		case IEEE80211_STA_RX_BW_160:
7194 			bw = WMI_PEER_CHWIDTH_160MHZ;
7195 			break;
7196 		default:
7197 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
7198 				    sta->bandwidth, sta->addr);
7199 			bw = WMI_PEER_CHWIDTH_20MHZ;
7200 			break;
7201 		}
7202 
7203 		arsta->bw = bw;
7204 	}
7205 
7206 	if (changed & IEEE80211_RC_NSS_CHANGED)
7207 		arsta->nss = sta->rx_nss;
7208 
7209 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
7210 		smps = WMI_PEER_SMPS_PS_NONE;
7211 
7212 		switch (sta->smps_mode) {
7213 		case IEEE80211_SMPS_AUTOMATIC:
7214 		case IEEE80211_SMPS_OFF:
7215 			smps = WMI_PEER_SMPS_PS_NONE;
7216 			break;
7217 		case IEEE80211_SMPS_STATIC:
7218 			smps = WMI_PEER_SMPS_STATIC;
7219 			break;
7220 		case IEEE80211_SMPS_DYNAMIC:
7221 			smps = WMI_PEER_SMPS_DYNAMIC;
7222 			break;
7223 		case IEEE80211_SMPS_NUM_MODES:
7224 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
7225 				    sta->smps_mode, sta->addr);
7226 			smps = WMI_PEER_SMPS_PS_NONE;
7227 			break;
7228 		}
7229 
7230 		arsta->smps = smps;
7231 	}
7232 
7233 	arsta->changed |= changed;
7234 
7235 	spin_unlock_bh(&ar->data_lock);
7236 
7237 	ieee80211_queue_work(hw, &arsta->update_wk);
7238 }
7239 
7240 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
7241 			      struct ieee80211_vif *vif, s64 tsf_offset)
7242 {
7243 	struct ath10k *ar = hw->priv;
7244 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7245 	u32 offset, vdev_param;
7246 	int ret;
7247 
7248 	if (tsf_offset < 0) {
7249 		vdev_param = ar->wmi.vdev_param->dec_tsf;
7250 		offset = -tsf_offset;
7251 	} else {
7252 		vdev_param = ar->wmi.vdev_param->inc_tsf;
7253 		offset = tsf_offset;
7254 	}
7255 
7256 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
7257 					vdev_param, offset);
7258 
7259 	if (ret && ret != -EOPNOTSUPP)
7260 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
7261 			    offset, vdev_param, ret);
7262 }
7263 
7264 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
7265 			       struct ieee80211_vif *vif,
7266 			       struct ieee80211_ampdu_params *params)
7267 {
7268 	struct ath10k *ar = hw->priv;
7269 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7270 	struct ieee80211_sta *sta = params->sta;
7271 	enum ieee80211_ampdu_mlme_action action = params->action;
7272 	u16 tid = params->tid;
7273 
7274 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %hu action %d\n",
7275 		   arvif->vdev_id, sta->addr, tid, action);
7276 
7277 	switch (action) {
7278 	case IEEE80211_AMPDU_RX_START:
7279 	case IEEE80211_AMPDU_RX_STOP:
7280 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
7281 		 * creation/removal. Do we need to verify this?
7282 		 */
7283 		return 0;
7284 	case IEEE80211_AMPDU_TX_START:
7285 	case IEEE80211_AMPDU_TX_STOP_CONT:
7286 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
7287 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
7288 	case IEEE80211_AMPDU_TX_OPERATIONAL:
7289 		/* Firmware offloads Tx aggregation entirely so deny mac80211
7290 		 * Tx aggregation requests.
7291 		 */
7292 		return -EOPNOTSUPP;
7293 	}
7294 
7295 	return -EINVAL;
7296 }
7297 
7298 static void
7299 ath10k_mac_update_rx_channel(struct ath10k *ar,
7300 			     struct ieee80211_chanctx_conf *ctx,
7301 			     struct ieee80211_vif_chanctx_switch *vifs,
7302 			     int n_vifs)
7303 {
7304 	struct cfg80211_chan_def *def = NULL;
7305 
7306 	/* Both locks are required because ar->rx_channel is modified. This
7307 	 * allows readers to hold either lock.
7308 	 */
7309 	lockdep_assert_held(&ar->conf_mutex);
7310 	lockdep_assert_held(&ar->data_lock);
7311 
7312 	WARN_ON(ctx && vifs);
7313 	WARN_ON(vifs && !n_vifs);
7314 
7315 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
7316 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
7317 	 * ppdu on Rx may reduce performance on low-end systems. It should be
7318 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
7319 	 * cpu data cache lines though regarding sizes) but to keep the initial
7320 	 * implementation simple and less intrusive fallback to the slow lookup
7321 	 * only for multi-channel cases. Single-channel cases will remain to
7322 	 * use the old channel derival and thus performance should not be
7323 	 * affected much.
7324 	 */
7325 	rcu_read_lock();
7326 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
7327 		ieee80211_iter_chan_contexts_atomic(ar->hw,
7328 						    ath10k_mac_get_any_chandef_iter,
7329 						    &def);
7330 
7331 		if (vifs)
7332 			def = &vifs[0].new_ctx->def;
7333 
7334 		ar->rx_channel = def->chan;
7335 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
7336 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
7337 		/* During driver restart due to firmware assert, since mac80211
7338 		 * already has valid channel context for given radio, channel
7339 		 * context iteration return num_chanctx > 0. So fix rx_channel
7340 		 * when restart is in progress.
7341 		 */
7342 		ar->rx_channel = ctx->def.chan;
7343 	} else {
7344 		ar->rx_channel = NULL;
7345 	}
7346 	rcu_read_unlock();
7347 }
7348 
7349 static void
7350 ath10k_mac_update_vif_chan(struct ath10k *ar,
7351 			   struct ieee80211_vif_chanctx_switch *vifs,
7352 			   int n_vifs)
7353 {
7354 	struct ath10k_vif *arvif;
7355 	int ret;
7356 	int i;
7357 
7358 	lockdep_assert_held(&ar->conf_mutex);
7359 
7360 	/* First stop monitor interface. Some FW versions crash if there's a
7361 	 * lone monitor interface.
7362 	 */
7363 	if (ar->monitor_started)
7364 		ath10k_monitor_stop(ar);
7365 
7366 	for (i = 0; i < n_vifs; i++) {
7367 		arvif = (void *)vifs[i].vif->drv_priv;
7368 
7369 		ath10k_dbg(ar, ATH10K_DBG_MAC,
7370 			   "mac chanctx switch vdev_id %i freq %hu->%hu width %d->%d\n",
7371 			   arvif->vdev_id,
7372 			   vifs[i].old_ctx->def.chan->center_freq,
7373 			   vifs[i].new_ctx->def.chan->center_freq,
7374 			   vifs[i].old_ctx->def.width,
7375 			   vifs[i].new_ctx->def.width);
7376 
7377 		if (WARN_ON(!arvif->is_started))
7378 			continue;
7379 
7380 		if (WARN_ON(!arvif->is_up))
7381 			continue;
7382 
7383 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
7384 		if (ret) {
7385 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
7386 				    arvif->vdev_id, ret);
7387 			continue;
7388 		}
7389 	}
7390 
7391 	/* All relevant vdevs are downed and associated channel resources
7392 	 * should be available for the channel switch now.
7393 	 */
7394 
7395 	spin_lock_bh(&ar->data_lock);
7396 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
7397 	spin_unlock_bh(&ar->data_lock);
7398 
7399 	for (i = 0; i < n_vifs; i++) {
7400 		arvif = (void *)vifs[i].vif->drv_priv;
7401 
7402 		if (WARN_ON(!arvif->is_started))
7403 			continue;
7404 
7405 		if (WARN_ON(!arvif->is_up))
7406 			continue;
7407 
7408 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
7409 		if (ret)
7410 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
7411 				    ret);
7412 
7413 		ret = ath10k_mac_setup_prb_tmpl(arvif);
7414 		if (ret)
7415 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
7416 				    ret);
7417 
7418 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
7419 		if (ret) {
7420 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
7421 				    arvif->vdev_id, ret);
7422 			continue;
7423 		}
7424 
7425 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
7426 					 arvif->bssid);
7427 		if (ret) {
7428 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
7429 				    arvif->vdev_id, ret);
7430 			continue;
7431 		}
7432 	}
7433 
7434 	ath10k_monitor_recalc(ar);
7435 }
7436 
7437 static int
7438 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
7439 			  struct ieee80211_chanctx_conf *ctx)
7440 {
7441 	struct ath10k *ar = hw->priv;
7442 
7443 	ath10k_dbg(ar, ATH10K_DBG_MAC,
7444 		   "mac chanctx add freq %hu width %d ptr %pK\n",
7445 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
7446 
7447 	mutex_lock(&ar->conf_mutex);
7448 
7449 	spin_lock_bh(&ar->data_lock);
7450 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
7451 	spin_unlock_bh(&ar->data_lock);
7452 
7453 	ath10k_recalc_radar_detection(ar);
7454 	ath10k_monitor_recalc(ar);
7455 
7456 	mutex_unlock(&ar->conf_mutex);
7457 
7458 	return 0;
7459 }
7460 
7461 static void
7462 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
7463 			     struct ieee80211_chanctx_conf *ctx)
7464 {
7465 	struct ath10k *ar = hw->priv;
7466 
7467 	ath10k_dbg(ar, ATH10K_DBG_MAC,
7468 		   "mac chanctx remove freq %hu width %d ptr %pK\n",
7469 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
7470 
7471 	mutex_lock(&ar->conf_mutex);
7472 
7473 	spin_lock_bh(&ar->data_lock);
7474 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
7475 	spin_unlock_bh(&ar->data_lock);
7476 
7477 	ath10k_recalc_radar_detection(ar);
7478 	ath10k_monitor_recalc(ar);
7479 
7480 	mutex_unlock(&ar->conf_mutex);
7481 }
7482 
7483 struct ath10k_mac_change_chanctx_arg {
7484 	struct ieee80211_chanctx_conf *ctx;
7485 	struct ieee80211_vif_chanctx_switch *vifs;
7486 	int n_vifs;
7487 	int next_vif;
7488 };
7489 
7490 static void
7491 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
7492 				   struct ieee80211_vif *vif)
7493 {
7494 	struct ath10k_mac_change_chanctx_arg *arg = data;
7495 
7496 	if (rcu_access_pointer(vif->chanctx_conf) != arg->ctx)
7497 		return;
7498 
7499 	arg->n_vifs++;
7500 }
7501 
7502 static void
7503 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
7504 				    struct ieee80211_vif *vif)
7505 {
7506 	struct ath10k_mac_change_chanctx_arg *arg = data;
7507 	struct ieee80211_chanctx_conf *ctx;
7508 
7509 	ctx = rcu_access_pointer(vif->chanctx_conf);
7510 	if (ctx != arg->ctx)
7511 		return;
7512 
7513 	if (WARN_ON(arg->next_vif == arg->n_vifs))
7514 		return;
7515 
7516 	arg->vifs[arg->next_vif].vif = vif;
7517 	arg->vifs[arg->next_vif].old_ctx = ctx;
7518 	arg->vifs[arg->next_vif].new_ctx = ctx;
7519 	arg->next_vif++;
7520 }
7521 
7522 static void
7523 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
7524 			     struct ieee80211_chanctx_conf *ctx,
7525 			     u32 changed)
7526 {
7527 	struct ath10k *ar = hw->priv;
7528 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
7529 
7530 	mutex_lock(&ar->conf_mutex);
7531 
7532 	ath10k_dbg(ar, ATH10K_DBG_MAC,
7533 		   "mac chanctx change freq %hu width %d ptr %pK changed %x\n",
7534 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
7535 
7536 	/* This shouldn't really happen because channel switching should use
7537 	 * switch_vif_chanctx().
7538 	 */
7539 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
7540 		goto unlock;
7541 
7542 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
7543 		ieee80211_iterate_active_interfaces_atomic(
7544 					hw,
7545 					IEEE80211_IFACE_ITER_NORMAL,
7546 					ath10k_mac_change_chanctx_cnt_iter,
7547 					&arg);
7548 		if (arg.n_vifs == 0)
7549 			goto radar;
7550 
7551 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
7552 				   GFP_KERNEL);
7553 		if (!arg.vifs)
7554 			goto radar;
7555 
7556 		ieee80211_iterate_active_interfaces_atomic(
7557 					hw,
7558 					IEEE80211_IFACE_ITER_NORMAL,
7559 					ath10k_mac_change_chanctx_fill_iter,
7560 					&arg);
7561 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
7562 		kfree(arg.vifs);
7563 	}
7564 
7565 radar:
7566 	ath10k_recalc_radar_detection(ar);
7567 
7568 	/* FIXME: How to configure Rx chains properly? */
7569 
7570 	/* No other actions are actually necessary. Firmware maintains channel
7571 	 * definitions per vdev internally and there's no host-side channel
7572 	 * context abstraction to configure, e.g. channel width.
7573 	 */
7574 
7575 unlock:
7576 	mutex_unlock(&ar->conf_mutex);
7577 }
7578 
7579 static int
7580 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
7581 				 struct ieee80211_vif *vif,
7582 				 struct ieee80211_chanctx_conf *ctx)
7583 {
7584 	struct ath10k *ar = hw->priv;
7585 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7586 	int ret;
7587 
7588 	mutex_lock(&ar->conf_mutex);
7589 
7590 	ath10k_dbg(ar, ATH10K_DBG_MAC,
7591 		   "mac chanctx assign ptr %pK vdev_id %i\n",
7592 		   ctx, arvif->vdev_id);
7593 
7594 	if (WARN_ON(arvif->is_started)) {
7595 		mutex_unlock(&ar->conf_mutex);
7596 		return -EBUSY;
7597 	}
7598 
7599 	ret = ath10k_vdev_start(arvif, &ctx->def);
7600 	if (ret) {
7601 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
7602 			    arvif->vdev_id, vif->addr,
7603 			    ctx->def.chan->center_freq, ret);
7604 		goto err;
7605 	}
7606 
7607 	arvif->is_started = true;
7608 
7609 	ret = ath10k_mac_vif_setup_ps(arvif);
7610 	if (ret) {
7611 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
7612 			    arvif->vdev_id, ret);
7613 		goto err_stop;
7614 	}
7615 
7616 	if (vif->type == NL80211_IFTYPE_MONITOR) {
7617 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
7618 		if (ret) {
7619 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
7620 				    arvif->vdev_id, ret);
7621 			goto err_stop;
7622 		}
7623 
7624 		arvif->is_up = true;
7625 	}
7626 
7627 	if (ath10k_mac_can_set_cts_prot(arvif)) {
7628 		ret = ath10k_mac_set_cts_prot(arvif);
7629 		if (ret)
7630 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
7631 				    arvif->vdev_id, ret);
7632 	}
7633 
7634 	if (ath10k_peer_stats_enabled(ar)) {
7635 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
7636 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
7637 						    ar->pktlog_filter);
7638 		if (ret) {
7639 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
7640 			goto err_stop;
7641 		}
7642 	}
7643 
7644 	mutex_unlock(&ar->conf_mutex);
7645 	return 0;
7646 
7647 err_stop:
7648 	ath10k_vdev_stop(arvif);
7649 	arvif->is_started = false;
7650 	ath10k_mac_vif_setup_ps(arvif);
7651 
7652 err:
7653 	mutex_unlock(&ar->conf_mutex);
7654 	return ret;
7655 }
7656 
7657 static void
7658 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
7659 				   struct ieee80211_vif *vif,
7660 				   struct ieee80211_chanctx_conf *ctx)
7661 {
7662 	struct ath10k *ar = hw->priv;
7663 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7664 	int ret;
7665 
7666 	mutex_lock(&ar->conf_mutex);
7667 
7668 	ath10k_dbg(ar, ATH10K_DBG_MAC,
7669 		   "mac chanctx unassign ptr %pK vdev_id %i\n",
7670 		   ctx, arvif->vdev_id);
7671 
7672 	WARN_ON(!arvif->is_started);
7673 
7674 	if (vif->type == NL80211_IFTYPE_MONITOR) {
7675 		WARN_ON(!arvif->is_up);
7676 
7677 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
7678 		if (ret)
7679 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
7680 				    arvif->vdev_id, ret);
7681 
7682 		arvif->is_up = false;
7683 	}
7684 
7685 	ret = ath10k_vdev_stop(arvif);
7686 	if (ret)
7687 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
7688 			    arvif->vdev_id, ret);
7689 
7690 	arvif->is_started = false;
7691 
7692 	mutex_unlock(&ar->conf_mutex);
7693 }
7694 
7695 static int
7696 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
7697 				 struct ieee80211_vif_chanctx_switch *vifs,
7698 				 int n_vifs,
7699 				 enum ieee80211_chanctx_switch_mode mode)
7700 {
7701 	struct ath10k *ar = hw->priv;
7702 
7703 	mutex_lock(&ar->conf_mutex);
7704 
7705 	ath10k_dbg(ar, ATH10K_DBG_MAC,
7706 		   "mac chanctx switch n_vifs %d mode %d\n",
7707 		   n_vifs, mode);
7708 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
7709 
7710 	mutex_unlock(&ar->conf_mutex);
7711 	return 0;
7712 }
7713 
7714 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
7715 					     struct ieee80211_vif *vif,
7716 					     struct ieee80211_sta *sta)
7717 {
7718 	struct ath10k *ar;
7719 	struct ath10k_peer *peer;
7720 
7721 	ar = hw->priv;
7722 
7723 	list_for_each_entry(peer, &ar->peers, list)
7724 		if (peer->sta == sta)
7725 			peer->removed = true;
7726 }
7727 
7728 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
7729 				  struct ieee80211_vif *vif,
7730 				  struct ieee80211_sta *sta,
7731 				  struct station_info *sinfo)
7732 {
7733 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7734 	struct ath10k *ar = arsta->arvif->ar;
7735 
7736 	if (!ath10k_peer_stats_enabled(ar))
7737 		return;
7738 
7739 	sinfo->rx_duration = arsta->rx_duration;
7740 	sinfo->filled |= 1ULL << NL80211_STA_INFO_RX_DURATION;
7741 
7742 	if (!arsta->txrate.legacy && !arsta->txrate.nss)
7743 		return;
7744 
7745 	if (arsta->txrate.legacy) {
7746 		sinfo->txrate.legacy = arsta->txrate.legacy;
7747 	} else {
7748 		sinfo->txrate.mcs = arsta->txrate.mcs;
7749 		sinfo->txrate.nss = arsta->txrate.nss;
7750 		sinfo->txrate.bw = arsta->txrate.bw;
7751 	}
7752 	sinfo->txrate.flags = arsta->txrate.flags;
7753 	sinfo->filled |= 1ULL << NL80211_STA_INFO_TX_BITRATE;
7754 }
7755 
7756 static const struct ieee80211_ops ath10k_ops = {
7757 	.tx				= ath10k_mac_op_tx,
7758 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
7759 	.start				= ath10k_start,
7760 	.stop				= ath10k_stop,
7761 	.config				= ath10k_config,
7762 	.add_interface			= ath10k_add_interface,
7763 	.remove_interface		= ath10k_remove_interface,
7764 	.configure_filter		= ath10k_configure_filter,
7765 	.bss_info_changed		= ath10k_bss_info_changed,
7766 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
7767 	.hw_scan			= ath10k_hw_scan,
7768 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
7769 	.set_key			= ath10k_set_key,
7770 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
7771 	.sta_state			= ath10k_sta_state,
7772 	.conf_tx			= ath10k_conf_tx,
7773 	.remain_on_channel		= ath10k_remain_on_channel,
7774 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
7775 	.set_rts_threshold		= ath10k_set_rts_threshold,
7776 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
7777 	.flush				= ath10k_flush,
7778 	.tx_last_beacon			= ath10k_tx_last_beacon,
7779 	.set_antenna			= ath10k_set_antenna,
7780 	.get_antenna			= ath10k_get_antenna,
7781 	.reconfig_complete		= ath10k_reconfig_complete,
7782 	.get_survey			= ath10k_get_survey,
7783 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
7784 	.sta_rc_update			= ath10k_sta_rc_update,
7785 	.offset_tsf			= ath10k_offset_tsf,
7786 	.ampdu_action			= ath10k_ampdu_action,
7787 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
7788 	.get_et_stats			= ath10k_debug_get_et_stats,
7789 	.get_et_strings			= ath10k_debug_get_et_strings,
7790 	.add_chanctx			= ath10k_mac_op_add_chanctx,
7791 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
7792 	.change_chanctx			= ath10k_mac_op_change_chanctx,
7793 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
7794 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
7795 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
7796 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
7797 	.sta_statistics			= ath10k_sta_statistics,
7798 
7799 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
7800 
7801 #ifdef CONFIG_PM
7802 	.suspend			= ath10k_wow_op_suspend,
7803 	.resume				= ath10k_wow_op_resume,
7804 	.set_wakeup			= ath10k_wow_op_set_wakeup,
7805 #endif
7806 #ifdef CONFIG_MAC80211_DEBUGFS
7807 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
7808 #endif
7809 };
7810 
7811 #define CHAN2G(_channel, _freq, _flags) { \
7812 	.band			= NL80211_BAND_2GHZ, \
7813 	.hw_value		= (_channel), \
7814 	.center_freq		= (_freq), \
7815 	.flags			= (_flags), \
7816 	.max_antenna_gain	= 0, \
7817 	.max_power		= 30, \
7818 }
7819 
7820 #define CHAN5G(_channel, _freq, _flags) { \
7821 	.band			= NL80211_BAND_5GHZ, \
7822 	.hw_value		= (_channel), \
7823 	.center_freq		= (_freq), \
7824 	.flags			= (_flags), \
7825 	.max_antenna_gain	= 0, \
7826 	.max_power		= 30, \
7827 }
7828 
7829 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
7830 	CHAN2G(1, 2412, 0),
7831 	CHAN2G(2, 2417, 0),
7832 	CHAN2G(3, 2422, 0),
7833 	CHAN2G(4, 2427, 0),
7834 	CHAN2G(5, 2432, 0),
7835 	CHAN2G(6, 2437, 0),
7836 	CHAN2G(7, 2442, 0),
7837 	CHAN2G(8, 2447, 0),
7838 	CHAN2G(9, 2452, 0),
7839 	CHAN2G(10, 2457, 0),
7840 	CHAN2G(11, 2462, 0),
7841 	CHAN2G(12, 2467, 0),
7842 	CHAN2G(13, 2472, 0),
7843 	CHAN2G(14, 2484, 0),
7844 };
7845 
7846 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
7847 	CHAN5G(36, 5180, 0),
7848 	CHAN5G(40, 5200, 0),
7849 	CHAN5G(44, 5220, 0),
7850 	CHAN5G(48, 5240, 0),
7851 	CHAN5G(52, 5260, 0),
7852 	CHAN5G(56, 5280, 0),
7853 	CHAN5G(60, 5300, 0),
7854 	CHAN5G(64, 5320, 0),
7855 	CHAN5G(100, 5500, 0),
7856 	CHAN5G(104, 5520, 0),
7857 	CHAN5G(108, 5540, 0),
7858 	CHAN5G(112, 5560, 0),
7859 	CHAN5G(116, 5580, 0),
7860 	CHAN5G(120, 5600, 0),
7861 	CHAN5G(124, 5620, 0),
7862 	CHAN5G(128, 5640, 0),
7863 	CHAN5G(132, 5660, 0),
7864 	CHAN5G(136, 5680, 0),
7865 	CHAN5G(140, 5700, 0),
7866 	CHAN5G(144, 5720, 0),
7867 	CHAN5G(149, 5745, 0),
7868 	CHAN5G(153, 5765, 0),
7869 	CHAN5G(157, 5785, 0),
7870 	CHAN5G(161, 5805, 0),
7871 	CHAN5G(165, 5825, 0),
7872 	CHAN5G(169, 5845, 0),
7873 };
7874 
7875 struct ath10k *ath10k_mac_create(size_t priv_size)
7876 {
7877 	struct ieee80211_hw *hw;
7878 	struct ieee80211_ops *ops;
7879 	struct ath10k *ar;
7880 
7881 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
7882 	if (!ops)
7883 		return NULL;
7884 
7885 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
7886 	if (!hw) {
7887 		kfree(ops);
7888 		return NULL;
7889 	}
7890 
7891 	ar = hw->priv;
7892 	ar->hw = hw;
7893 	ar->ops = ops;
7894 
7895 	return ar;
7896 }
7897 
7898 void ath10k_mac_destroy(struct ath10k *ar)
7899 {
7900 	struct ieee80211_ops *ops = ar->ops;
7901 
7902 	ieee80211_free_hw(ar->hw);
7903 	kfree(ops);
7904 }
7905 
7906 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
7907 	{
7908 		.max	= 8,
7909 		.types	= BIT(NL80211_IFTYPE_STATION)
7910 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
7911 	},
7912 	{
7913 		.max	= 3,
7914 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
7915 	},
7916 	{
7917 		.max	= 1,
7918 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
7919 	},
7920 	{
7921 		.max	= 7,
7922 		.types	= BIT(NL80211_IFTYPE_AP)
7923 #ifdef CONFIG_MAC80211_MESH
7924 			| BIT(NL80211_IFTYPE_MESH_POINT)
7925 #endif
7926 	},
7927 };
7928 
7929 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
7930 	{
7931 		.max	= 8,
7932 		.types	= BIT(NL80211_IFTYPE_AP)
7933 #ifdef CONFIG_MAC80211_MESH
7934 			| BIT(NL80211_IFTYPE_MESH_POINT)
7935 #endif
7936 	},
7937 	{
7938 		.max	= 1,
7939 		.types	= BIT(NL80211_IFTYPE_STATION)
7940 	},
7941 };
7942 
7943 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
7944 	{
7945 		.limits = ath10k_if_limits,
7946 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
7947 		.max_interfaces = 8,
7948 		.num_different_channels = 1,
7949 		.beacon_int_infra_match = true,
7950 	},
7951 };
7952 
7953 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
7954 	{
7955 		.limits = ath10k_10x_if_limits,
7956 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
7957 		.max_interfaces = 8,
7958 		.num_different_channels = 1,
7959 		.beacon_int_infra_match = true,
7960 		.beacon_int_min_gcd = 1,
7961 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
7962 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
7963 					BIT(NL80211_CHAN_WIDTH_20) |
7964 					BIT(NL80211_CHAN_WIDTH_40) |
7965 					BIT(NL80211_CHAN_WIDTH_80),
7966 #endif
7967 	},
7968 };
7969 
7970 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
7971 	{
7972 		.max = 2,
7973 		.types = BIT(NL80211_IFTYPE_STATION),
7974 	},
7975 	{
7976 		.max = 2,
7977 		.types = BIT(NL80211_IFTYPE_AP) |
7978 #ifdef CONFIG_MAC80211_MESH
7979 			 BIT(NL80211_IFTYPE_MESH_POINT) |
7980 #endif
7981 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
7982 			 BIT(NL80211_IFTYPE_P2P_GO),
7983 	},
7984 	{
7985 		.max = 1,
7986 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
7987 	},
7988 };
7989 
7990 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
7991 	{
7992 		.max = 2,
7993 		.types = BIT(NL80211_IFTYPE_STATION),
7994 	},
7995 	{
7996 		.max = 2,
7997 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
7998 	},
7999 	{
8000 		.max = 1,
8001 		.types = BIT(NL80211_IFTYPE_AP) |
8002 #ifdef CONFIG_MAC80211_MESH
8003 			 BIT(NL80211_IFTYPE_MESH_POINT) |
8004 #endif
8005 			 BIT(NL80211_IFTYPE_P2P_GO),
8006 	},
8007 	{
8008 		.max = 1,
8009 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
8010 	},
8011 };
8012 
8013 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
8014 	{
8015 		.max = 1,
8016 		.types = BIT(NL80211_IFTYPE_STATION),
8017 	},
8018 	{
8019 		.max = 1,
8020 		.types = BIT(NL80211_IFTYPE_ADHOC),
8021 	},
8022 };
8023 
8024 /* FIXME: This is not thouroughly tested. These combinations may over- or
8025  * underestimate hw/fw capabilities.
8026  */
8027 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
8028 	{
8029 		.limits = ath10k_tlv_if_limit,
8030 		.num_different_channels = 1,
8031 		.max_interfaces = 4,
8032 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
8033 	},
8034 	{
8035 		.limits = ath10k_tlv_if_limit_ibss,
8036 		.num_different_channels = 1,
8037 		.max_interfaces = 2,
8038 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
8039 	},
8040 };
8041 
8042 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
8043 	{
8044 		.limits = ath10k_tlv_if_limit,
8045 		.num_different_channels = 1,
8046 		.max_interfaces = 4,
8047 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
8048 	},
8049 	{
8050 		.limits = ath10k_tlv_qcs_if_limit,
8051 		.num_different_channels = 2,
8052 		.max_interfaces = 4,
8053 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
8054 	},
8055 	{
8056 		.limits = ath10k_tlv_if_limit_ibss,
8057 		.num_different_channels = 1,
8058 		.max_interfaces = 2,
8059 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
8060 	},
8061 };
8062 
8063 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
8064 	{
8065 		.max = 1,
8066 		.types = BIT(NL80211_IFTYPE_STATION),
8067 	},
8068 	{
8069 		.max	= 16,
8070 		.types	= BIT(NL80211_IFTYPE_AP)
8071 #ifdef CONFIG_MAC80211_MESH
8072 			| BIT(NL80211_IFTYPE_MESH_POINT)
8073 #endif
8074 	},
8075 };
8076 
8077 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
8078 	{
8079 		.limits = ath10k_10_4_if_limits,
8080 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
8081 		.max_interfaces = 16,
8082 		.num_different_channels = 1,
8083 		.beacon_int_infra_match = true,
8084 		.beacon_int_min_gcd = 1,
8085 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
8086 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
8087 					BIT(NL80211_CHAN_WIDTH_20) |
8088 					BIT(NL80211_CHAN_WIDTH_40) |
8089 					BIT(NL80211_CHAN_WIDTH_80),
8090 #endif
8091 	},
8092 };
8093 
8094 static void ath10k_get_arvif_iter(void *data, u8 *mac,
8095 				  struct ieee80211_vif *vif)
8096 {
8097 	struct ath10k_vif_iter *arvif_iter = data;
8098 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8099 
8100 	if (arvif->vdev_id == arvif_iter->vdev_id)
8101 		arvif_iter->arvif = arvif;
8102 }
8103 
8104 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
8105 {
8106 	struct ath10k_vif_iter arvif_iter;
8107 	u32 flags;
8108 
8109 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
8110 	arvif_iter.vdev_id = vdev_id;
8111 
8112 	flags = IEEE80211_IFACE_ITER_RESUME_ALL;
8113 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
8114 						   flags,
8115 						   ath10k_get_arvif_iter,
8116 						   &arvif_iter);
8117 	if (!arvif_iter.arvif) {
8118 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
8119 		return NULL;
8120 	}
8121 
8122 	return arvif_iter.arvif;
8123 }
8124 
8125 #define WRD_METHOD "WRDD"
8126 #define WRDD_WIFI  (0x07)
8127 
8128 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
8129 {
8130 	union acpi_object *mcc_pkg;
8131 	union acpi_object *domain_type;
8132 	union acpi_object *mcc_value;
8133 	u32 i;
8134 
8135 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
8136 	    wrdd->package.count < 2 ||
8137 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
8138 	    wrdd->package.elements[0].integer.value != 0) {
8139 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
8140 		return 0;
8141 	}
8142 
8143 	for (i = 1; i < wrdd->package.count; ++i) {
8144 		mcc_pkg = &wrdd->package.elements[i];
8145 
8146 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
8147 			continue;
8148 		if (mcc_pkg->package.count < 2)
8149 			continue;
8150 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
8151 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
8152 			continue;
8153 
8154 		domain_type = &mcc_pkg->package.elements[0];
8155 		if (domain_type->integer.value != WRDD_WIFI)
8156 			continue;
8157 
8158 		mcc_value = &mcc_pkg->package.elements[1];
8159 		return mcc_value->integer.value;
8160 	}
8161 	return 0;
8162 }
8163 
8164 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
8165 {
8166 	struct pci_dev __maybe_unused *pdev = to_pci_dev(ar->dev);
8167 	acpi_handle root_handle;
8168 	acpi_handle handle;
8169 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
8170 	acpi_status status;
8171 	u32 alpha2_code;
8172 	char alpha2[3];
8173 
8174 	root_handle = ACPI_HANDLE(&pdev->dev);
8175 	if (!root_handle)
8176 		return -EOPNOTSUPP;
8177 
8178 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
8179 	if (ACPI_FAILURE(status)) {
8180 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
8181 			   "failed to get wrd method %d\n", status);
8182 		return -EIO;
8183 	}
8184 
8185 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
8186 	if (ACPI_FAILURE(status)) {
8187 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
8188 			   "failed to call wrdc %d\n", status);
8189 		return -EIO;
8190 	}
8191 
8192 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
8193 	kfree(wrdd.pointer);
8194 	if (!alpha2_code)
8195 		return -EIO;
8196 
8197 	alpha2[0] = (alpha2_code >> 8) & 0xff;
8198 	alpha2[1] = (alpha2_code >> 0) & 0xff;
8199 	alpha2[2] = '\0';
8200 
8201 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
8202 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
8203 
8204 	*rd = ath_regd_find_country_by_name(alpha2);
8205 	if (*rd == 0xffff)
8206 		return -EIO;
8207 
8208 	*rd |= COUNTRY_ERD_FLAG;
8209 	return 0;
8210 }
8211 
8212 static int ath10k_mac_init_rd(struct ath10k *ar)
8213 {
8214 	int ret;
8215 	u16 rd;
8216 
8217 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
8218 	if (ret) {
8219 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
8220 			   "fallback to eeprom programmed regulatory settings\n");
8221 		rd = ar->hw_eeprom_rd;
8222 	}
8223 
8224 	ar->ath_common.regulatory.current_rd = rd;
8225 	return 0;
8226 }
8227 
8228 int ath10k_mac_register(struct ath10k *ar)
8229 {
8230 	static const u32 cipher_suites[] = {
8231 		WLAN_CIPHER_SUITE_WEP40,
8232 		WLAN_CIPHER_SUITE_WEP104,
8233 		WLAN_CIPHER_SUITE_TKIP,
8234 		WLAN_CIPHER_SUITE_CCMP,
8235 
8236 		/* Do not add hardware supported ciphers before this line.
8237 		 * Allow software encryption for all chips. Don't forget to
8238 		 * update n_cipher_suites below.
8239 		 */
8240 		WLAN_CIPHER_SUITE_AES_CMAC,
8241 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
8242 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
8243 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
8244 
8245 		/* Only QCA99x0 and QCA4019 varients support GCMP-128, GCMP-256
8246 		 * and CCMP-256 in hardware.
8247 		 */
8248 		WLAN_CIPHER_SUITE_GCMP,
8249 		WLAN_CIPHER_SUITE_GCMP_256,
8250 		WLAN_CIPHER_SUITE_CCMP_256,
8251 	};
8252 	struct ieee80211_supported_band *band;
8253 	void *channels;
8254 	int ret;
8255 
8256 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
8257 
8258 	SET_IEEE80211_DEV(ar->hw, ar->dev);
8259 
8260 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
8261 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
8262 		     ATH10K_NUM_CHANS);
8263 
8264 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
8265 		channels = kmemdup(ath10k_2ghz_channels,
8266 				   sizeof(ath10k_2ghz_channels),
8267 				   GFP_KERNEL);
8268 		if (!channels) {
8269 			ret = -ENOMEM;
8270 			goto err_free;
8271 		}
8272 
8273 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
8274 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
8275 		band->channels = channels;
8276 
8277 		if (ar->hw_params.cck_rate_map_rev2) {
8278 			band->n_bitrates = ath10k_g_rates_rev2_size;
8279 			band->bitrates = ath10k_g_rates_rev2;
8280 		} else {
8281 			band->n_bitrates = ath10k_g_rates_size;
8282 			band->bitrates = ath10k_g_rates;
8283 		}
8284 
8285 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
8286 	}
8287 
8288 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
8289 		channels = kmemdup(ath10k_5ghz_channels,
8290 				   sizeof(ath10k_5ghz_channels),
8291 				   GFP_KERNEL);
8292 		if (!channels) {
8293 			ret = -ENOMEM;
8294 			goto err_free;
8295 		}
8296 
8297 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
8298 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
8299 		band->channels = channels;
8300 		band->n_bitrates = ath10k_a_rates_size;
8301 		band->bitrates = ath10k_a_rates;
8302 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
8303 	}
8304 
8305 	ath10k_mac_setup_ht_vht_cap(ar);
8306 
8307 	ar->hw->wiphy->interface_modes =
8308 		BIT(NL80211_IFTYPE_STATION) |
8309 		BIT(NL80211_IFTYPE_AP) |
8310 		BIT(NL80211_IFTYPE_MESH_POINT);
8311 
8312 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
8313 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
8314 
8315 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
8316 		ar->hw->wiphy->interface_modes |=
8317 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
8318 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
8319 			BIT(NL80211_IFTYPE_P2P_GO);
8320 
8321 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
8322 
8323 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
8324 		      ar->running_fw->fw_file.fw_features)) {
8325 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
8326 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
8327 	}
8328 
8329 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
8330 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
8331 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
8332 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
8333 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
8334 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
8335 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
8336 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
8337 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
8338 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
8339 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
8340 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
8341 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
8342 
8343 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
8344 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
8345 
8346 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
8347 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
8348 
8349 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
8350 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
8351 
8352 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
8353 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
8354 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
8355 	}
8356 
8357 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
8358 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
8359 
8360 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
8361 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
8362 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
8363 
8364 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
8365 
8366 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
8367 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
8368 
8369 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
8370 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
8371 		 * correct Probe Responses. This is more of a hack advert..
8372 		 */
8373 		ar->hw->wiphy->probe_resp_offload |=
8374 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
8375 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
8376 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
8377 	}
8378 
8379 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
8380 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
8381 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
8382 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
8383 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
8384 	}
8385 
8386 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
8387 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
8388 
8389 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
8390 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
8391 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
8392 
8393 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
8394 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
8395 				   NL80211_FEATURE_AP_SCAN;
8396 
8397 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
8398 
8399 	ret = ath10k_wow_init(ar);
8400 	if (ret) {
8401 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
8402 		goto err_free;
8403 	}
8404 
8405 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
8406 	wiphy_ext_feature_set(ar->hw->wiphy,
8407 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
8408 
8409 	/*
8410 	 * on LL hardware queues are managed entirely by the FW
8411 	 * so we only advertise to mac we can do the queues thing
8412 	 */
8413 	ar->hw->queues = IEEE80211_MAX_QUEUES;
8414 
8415 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
8416 	 * something that vdev_ids can't reach so that we don't stop the queue
8417 	 * accidentally.
8418 	 */
8419 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
8420 
8421 	switch (ar->running_fw->fw_file.wmi_op_version) {
8422 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
8423 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
8424 		ar->hw->wiphy->n_iface_combinations =
8425 			ARRAY_SIZE(ath10k_if_comb);
8426 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
8427 		break;
8428 	case ATH10K_FW_WMI_OP_VERSION_TLV:
8429 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
8430 			ar->hw->wiphy->iface_combinations =
8431 				ath10k_tlv_qcs_if_comb;
8432 			ar->hw->wiphy->n_iface_combinations =
8433 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
8434 		} else {
8435 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
8436 			ar->hw->wiphy->n_iface_combinations =
8437 				ARRAY_SIZE(ath10k_tlv_if_comb);
8438 		}
8439 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
8440 		break;
8441 	case ATH10K_FW_WMI_OP_VERSION_10_1:
8442 	case ATH10K_FW_WMI_OP_VERSION_10_2:
8443 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
8444 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
8445 		ar->hw->wiphy->n_iface_combinations =
8446 			ARRAY_SIZE(ath10k_10x_if_comb);
8447 		break;
8448 	case ATH10K_FW_WMI_OP_VERSION_10_4:
8449 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
8450 		ar->hw->wiphy->n_iface_combinations =
8451 			ARRAY_SIZE(ath10k_10_4_if_comb);
8452 		break;
8453 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
8454 	case ATH10K_FW_WMI_OP_VERSION_MAX:
8455 		WARN_ON(1);
8456 		ret = -EINVAL;
8457 		goto err_free;
8458 	}
8459 
8460 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
8461 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
8462 
8463 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
8464 		/* Init ath dfs pattern detector */
8465 		ar->ath_common.debug_mask = ATH_DBG_DFS;
8466 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
8467 							     NL80211_DFS_UNSET);
8468 
8469 		if (!ar->dfs_detector)
8470 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
8471 	}
8472 
8473 	ret = ath10k_mac_init_rd(ar);
8474 	if (ret) {
8475 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
8476 		goto err_dfs_detector_exit;
8477 	}
8478 
8479 	/* Disable set_coverage_class for chipsets that do not support it. */
8480 	if (!ar->hw_params.hw_ops->set_coverage_class)
8481 		ar->ops->set_coverage_class = NULL;
8482 
8483 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
8484 			    ath10k_reg_notifier);
8485 	if (ret) {
8486 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
8487 		goto err_dfs_detector_exit;
8488 	}
8489 
8490 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
8491 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
8492 		if (ret) {
8493 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
8494 			goto err_dfs_detector_exit;
8495 		}
8496 
8497 		ar->hw->wiphy->features |=
8498 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
8499 	}
8500 
8501 	ar->hw->wiphy->cipher_suites = cipher_suites;
8502 
8503 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
8504 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
8505 	 * from chip specific hw_param table.
8506 	 */
8507 	if (!ar->hw_params.n_cipher_suites ||
8508 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
8509 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
8510 			   ar->hw_params.n_cipher_suites);
8511 		ar->hw_params.n_cipher_suites = 8;
8512 	}
8513 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
8514 
8515 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
8516 
8517 	ret = ieee80211_register_hw(ar->hw);
8518 	if (ret) {
8519 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
8520 		goto err_dfs_detector_exit;
8521 	}
8522 
8523 	if (!ath_is_world_regd(&ar->ath_common.regulatory)) {
8524 		ret = regulatory_hint(ar->hw->wiphy,
8525 				      ar->ath_common.regulatory.alpha2);
8526 		if (ret)
8527 			goto err_unregister;
8528 	}
8529 
8530 	return 0;
8531 
8532 err_unregister:
8533 	ieee80211_unregister_hw(ar->hw);
8534 
8535 err_dfs_detector_exit:
8536 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
8537 		ar->dfs_detector->exit(ar->dfs_detector);
8538 
8539 err_free:
8540 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
8541 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
8542 
8543 	SET_IEEE80211_DEV(ar->hw, NULL);
8544 	return ret;
8545 }
8546 
8547 void ath10k_mac_unregister(struct ath10k *ar)
8548 {
8549 	ieee80211_unregister_hw(ar->hw);
8550 
8551 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
8552 		ar->dfs_detector->exit(ar->dfs_detector);
8553 
8554 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
8555 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
8556 
8557 	SET_IEEE80211_DEV(ar->hw, NULL);
8558 }
8559