xref: /openbmc/linux/drivers/net/wireless/ath/ath10k/mac.c (revision c4c3c32d)
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  */
7 
8 #include "mac.h"
9 
10 #include <net/cfg80211.h>
11 #include <net/mac80211.h>
12 #include <linux/etherdevice.h>
13 #include <linux/acpi.h>
14 #include <linux/of.h>
15 #include <linux/bitfield.h>
16 
17 #include "hif.h"
18 #include "core.h"
19 #include "debug.h"
20 #include "wmi.h"
21 #include "htt.h"
22 #include "txrx.h"
23 #include "testmode.h"
24 #include "wmi-tlv.h"
25 #include "wmi-ops.h"
26 #include "wow.h"
27 
28 /*********/
29 /* Rates */
30 /*********/
31 
32 static struct ieee80211_rate ath10k_rates[] = {
33 	{ .bitrate = 10,
34 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
35 	{ .bitrate = 20,
36 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
37 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
38 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
39 	{ .bitrate = 55,
40 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
41 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
42 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
43 	{ .bitrate = 110,
44 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
45 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
46 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
47 
48 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
49 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
50 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
51 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
52 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
53 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
54 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
55 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
56 };
57 
58 static struct ieee80211_rate ath10k_rates_rev2[] = {
59 	{ .bitrate = 10,
60 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
61 	{ .bitrate = 20,
62 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
63 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
64 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
65 	{ .bitrate = 55,
66 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
67 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
68 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
69 	{ .bitrate = 110,
70 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
71 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
72 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
73 
74 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
75 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
76 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
77 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
78 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
79 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
80 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
81 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
82 };
83 
84 static const struct cfg80211_sar_freq_ranges ath10k_sar_freq_ranges[] = {
85 	{.start_freq = 2402, .end_freq = 2494 },
86 	{.start_freq = 5170, .end_freq = 5875 },
87 };
88 
89 static const struct cfg80211_sar_capa ath10k_sar_capa = {
90 	.type = NL80211_SAR_TYPE_POWER,
91 	.num_freq_ranges = (ARRAY_SIZE(ath10k_sar_freq_ranges)),
92 	.freq_ranges = &ath10k_sar_freq_ranges[0],
93 };
94 
95 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
96 
97 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
98 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
99 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
100 #define ath10k_g_rates (ath10k_rates + 0)
101 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
102 
103 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
104 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
105 
106 #define ath10k_wmi_legacy_rates ath10k_rates
107 
108 static bool ath10k_mac_bitrate_is_cck(int bitrate)
109 {
110 	switch (bitrate) {
111 	case 10:
112 	case 20:
113 	case 55:
114 	case 110:
115 		return true;
116 	}
117 
118 	return false;
119 }
120 
121 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
122 {
123 	return DIV_ROUND_UP(bitrate, 5) |
124 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
125 }
126 
127 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
128 			     u8 hw_rate, bool cck)
129 {
130 	const struct ieee80211_rate *rate;
131 	int i;
132 
133 	for (i = 0; i < sband->n_bitrates; i++) {
134 		rate = &sband->bitrates[i];
135 
136 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
137 			continue;
138 
139 		if (rate->hw_value == hw_rate)
140 			return i;
141 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
142 			 rate->hw_value_short == hw_rate)
143 			return i;
144 	}
145 
146 	return 0;
147 }
148 
149 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
150 			     u32 bitrate)
151 {
152 	int i;
153 
154 	for (i = 0; i < sband->n_bitrates; i++)
155 		if (sband->bitrates[i].bitrate == bitrate)
156 			return i;
157 
158 	return 0;
159 }
160 
161 static int ath10k_mac_get_rate_hw_value(int bitrate)
162 {
163 	int i;
164 	u8 hw_value_prefix = 0;
165 
166 	if (ath10k_mac_bitrate_is_cck(bitrate))
167 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
168 
169 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
170 		if (ath10k_rates[i].bitrate == bitrate)
171 			return hw_value_prefix | ath10k_rates[i].hw_value;
172 	}
173 
174 	return -EINVAL;
175 }
176 
177 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
178 {
179 	switch ((mcs_map >> (2 * nss)) & 0x3) {
180 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
181 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
182 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
183 	}
184 	return 0;
185 }
186 
187 static u32
188 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
189 {
190 	int nss;
191 
192 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
193 		if (ht_mcs_mask[nss])
194 			return nss + 1;
195 
196 	return 1;
197 }
198 
199 static u32
200 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
201 {
202 	int nss;
203 
204 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
205 		if (vht_mcs_mask[nss])
206 			return nss + 1;
207 
208 	return 1;
209 }
210 
211 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
212 {
213 	enum wmi_host_platform_type platform_type;
214 	int ret;
215 
216 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
217 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
218 	else
219 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
220 
221 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
222 
223 	if (ret && ret != -EOPNOTSUPP) {
224 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
225 		return ret;
226 	}
227 
228 	return 0;
229 }
230 
231 /**********/
232 /* Crypto */
233 /**********/
234 
235 static int ath10k_send_key(struct ath10k_vif *arvif,
236 			   struct ieee80211_key_conf *key,
237 			   enum set_key_cmd cmd,
238 			   const u8 *macaddr, u32 flags)
239 {
240 	struct ath10k *ar = arvif->ar;
241 	struct wmi_vdev_install_key_arg arg = {
242 		.vdev_id = arvif->vdev_id,
243 		.key_idx = key->keyidx,
244 		.key_len = key->keylen,
245 		.key_data = key->key,
246 		.key_flags = flags,
247 		.macaddr = macaddr,
248 	};
249 
250 	lockdep_assert_held(&arvif->ar->conf_mutex);
251 
252 	switch (key->cipher) {
253 	case WLAN_CIPHER_SUITE_CCMP:
254 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
255 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
256 		break;
257 	case WLAN_CIPHER_SUITE_TKIP:
258 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
259 		arg.key_txmic_len = 8;
260 		arg.key_rxmic_len = 8;
261 		break;
262 	case WLAN_CIPHER_SUITE_WEP40:
263 	case WLAN_CIPHER_SUITE_WEP104:
264 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
265 		break;
266 	case WLAN_CIPHER_SUITE_CCMP_256:
267 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
268 		break;
269 	case WLAN_CIPHER_SUITE_GCMP:
270 	case WLAN_CIPHER_SUITE_GCMP_256:
271 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
272 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
273 		break;
274 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
275 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
276 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
277 	case WLAN_CIPHER_SUITE_AES_CMAC:
278 		WARN_ON(1);
279 		return -EINVAL;
280 	default:
281 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
282 		return -EOPNOTSUPP;
283 	}
284 
285 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
286 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
287 
288 	if (cmd == DISABLE_KEY) {
289 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
290 		arg.key_data = NULL;
291 	}
292 
293 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
294 }
295 
296 static int ath10k_install_key(struct ath10k_vif *arvif,
297 			      struct ieee80211_key_conf *key,
298 			      enum set_key_cmd cmd,
299 			      const u8 *macaddr, u32 flags)
300 {
301 	struct ath10k *ar = arvif->ar;
302 	int ret;
303 	unsigned long time_left;
304 
305 	lockdep_assert_held(&ar->conf_mutex);
306 
307 	reinit_completion(&ar->install_key_done);
308 
309 	if (arvif->nohwcrypt)
310 		return 1;
311 
312 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
313 	if (ret)
314 		return ret;
315 
316 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
317 	if (time_left == 0)
318 		return -ETIMEDOUT;
319 
320 	return 0;
321 }
322 
323 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
324 					const u8 *addr)
325 {
326 	struct ath10k *ar = arvif->ar;
327 	struct ath10k_peer *peer;
328 	int ret;
329 	int i;
330 	u32 flags;
331 
332 	lockdep_assert_held(&ar->conf_mutex);
333 
334 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
335 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
336 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
337 		return -EINVAL;
338 
339 	spin_lock_bh(&ar->data_lock);
340 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
341 	spin_unlock_bh(&ar->data_lock);
342 
343 	if (!peer)
344 		return -ENOENT;
345 
346 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
347 		if (arvif->wep_keys[i] == NULL)
348 			continue;
349 
350 		switch (arvif->vif->type) {
351 		case NL80211_IFTYPE_AP:
352 			flags = WMI_KEY_PAIRWISE;
353 
354 			if (arvif->def_wep_key_idx == i)
355 				flags |= WMI_KEY_TX_USAGE;
356 
357 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
358 						 SET_KEY, addr, flags);
359 			if (ret < 0)
360 				return ret;
361 			break;
362 		case NL80211_IFTYPE_ADHOC:
363 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
364 						 SET_KEY, addr,
365 						 WMI_KEY_PAIRWISE);
366 			if (ret < 0)
367 				return ret;
368 
369 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
370 						 SET_KEY, addr, WMI_KEY_GROUP);
371 			if (ret < 0)
372 				return ret;
373 			break;
374 		default:
375 			WARN_ON(1);
376 			return -EINVAL;
377 		}
378 
379 		spin_lock_bh(&ar->data_lock);
380 		peer->keys[i] = arvif->wep_keys[i];
381 		spin_unlock_bh(&ar->data_lock);
382 	}
383 
384 	/* In some cases (notably with static WEP IBSS with multiple keys)
385 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
386 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
387 	 * didn't seem help. Using def_keyid vdev parameter seems to be
388 	 * effective so use that.
389 	 *
390 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
391 	 */
392 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
393 		return 0;
394 
395 	if (arvif->def_wep_key_idx == -1)
396 		return 0;
397 
398 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
399 					arvif->vdev_id,
400 					arvif->ar->wmi.vdev_param->def_keyid,
401 					arvif->def_wep_key_idx);
402 	if (ret) {
403 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
404 			    arvif->vdev_id, ret);
405 		return ret;
406 	}
407 
408 	return 0;
409 }
410 
411 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
412 				  const u8 *addr)
413 {
414 	struct ath10k *ar = arvif->ar;
415 	struct ath10k_peer *peer;
416 	int first_errno = 0;
417 	int ret;
418 	int i;
419 	u32 flags = 0;
420 
421 	lockdep_assert_held(&ar->conf_mutex);
422 
423 	spin_lock_bh(&ar->data_lock);
424 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
425 	spin_unlock_bh(&ar->data_lock);
426 
427 	if (!peer)
428 		return -ENOENT;
429 
430 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
431 		if (peer->keys[i] == NULL)
432 			continue;
433 
434 		/* key flags are not required to delete the key */
435 		ret = ath10k_install_key(arvif, peer->keys[i],
436 					 DISABLE_KEY, addr, flags);
437 		if (ret < 0 && first_errno == 0)
438 			first_errno = ret;
439 
440 		if (ret < 0)
441 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
442 				    i, ret);
443 
444 		spin_lock_bh(&ar->data_lock);
445 		peer->keys[i] = NULL;
446 		spin_unlock_bh(&ar->data_lock);
447 	}
448 
449 	return first_errno;
450 }
451 
452 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
453 				    u8 keyidx)
454 {
455 	struct ath10k_peer *peer;
456 	int i;
457 
458 	lockdep_assert_held(&ar->data_lock);
459 
460 	/* We don't know which vdev this peer belongs to,
461 	 * since WMI doesn't give us that information.
462 	 *
463 	 * FIXME: multi-bss needs to be handled.
464 	 */
465 	peer = ath10k_peer_find(ar, 0, addr);
466 	if (!peer)
467 		return false;
468 
469 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
470 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
471 			return true;
472 	}
473 
474 	return false;
475 }
476 
477 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
478 				 struct ieee80211_key_conf *key)
479 {
480 	struct ath10k *ar = arvif->ar;
481 	struct ath10k_peer *peer;
482 	u8 addr[ETH_ALEN];
483 	int first_errno = 0;
484 	int ret;
485 	int i;
486 	u32 flags = 0;
487 
488 	lockdep_assert_held(&ar->conf_mutex);
489 
490 	for (;;) {
491 		/* since ath10k_install_key we can't hold data_lock all the
492 		 * time, so we try to remove the keys incrementally
493 		 */
494 		spin_lock_bh(&ar->data_lock);
495 		i = 0;
496 		list_for_each_entry(peer, &ar->peers, list) {
497 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
498 				if (peer->keys[i] == key) {
499 					ether_addr_copy(addr, peer->addr);
500 					peer->keys[i] = NULL;
501 					break;
502 				}
503 			}
504 
505 			if (i < ARRAY_SIZE(peer->keys))
506 				break;
507 		}
508 		spin_unlock_bh(&ar->data_lock);
509 
510 		if (i == ARRAY_SIZE(peer->keys))
511 			break;
512 		/* key flags are not required to delete the key */
513 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
514 		if (ret < 0 && first_errno == 0)
515 			first_errno = ret;
516 
517 		if (ret)
518 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
519 				    addr, ret);
520 	}
521 
522 	return first_errno;
523 }
524 
525 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
526 					 struct ieee80211_key_conf *key)
527 {
528 	struct ath10k *ar = arvif->ar;
529 	struct ath10k_peer *peer;
530 	int ret;
531 
532 	lockdep_assert_held(&ar->conf_mutex);
533 
534 	list_for_each_entry(peer, &ar->peers, list) {
535 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
536 			continue;
537 
538 		if (ether_addr_equal(peer->addr, arvif->bssid))
539 			continue;
540 
541 		if (peer->keys[key->keyidx] == key)
542 			continue;
543 
544 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
545 			   arvif->vdev_id, key->keyidx);
546 
547 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
548 		if (ret) {
549 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
550 				    arvif->vdev_id, peer->addr, ret);
551 			return ret;
552 		}
553 	}
554 
555 	return 0;
556 }
557 
558 /*********************/
559 /* General utilities */
560 /*********************/
561 
562 static inline enum wmi_phy_mode
563 chan_to_phymode(const struct cfg80211_chan_def *chandef)
564 {
565 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
566 
567 	switch (chandef->chan->band) {
568 	case NL80211_BAND_2GHZ:
569 		switch (chandef->width) {
570 		case NL80211_CHAN_WIDTH_20_NOHT:
571 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
572 				phymode = MODE_11B;
573 			else
574 				phymode = MODE_11G;
575 			break;
576 		case NL80211_CHAN_WIDTH_20:
577 			phymode = MODE_11NG_HT20;
578 			break;
579 		case NL80211_CHAN_WIDTH_40:
580 			phymode = MODE_11NG_HT40;
581 			break;
582 		default:
583 			phymode = MODE_UNKNOWN;
584 			break;
585 		}
586 		break;
587 	case NL80211_BAND_5GHZ:
588 		switch (chandef->width) {
589 		case NL80211_CHAN_WIDTH_20_NOHT:
590 			phymode = MODE_11A;
591 			break;
592 		case NL80211_CHAN_WIDTH_20:
593 			phymode = MODE_11NA_HT20;
594 			break;
595 		case NL80211_CHAN_WIDTH_40:
596 			phymode = MODE_11NA_HT40;
597 			break;
598 		case NL80211_CHAN_WIDTH_80:
599 			phymode = MODE_11AC_VHT80;
600 			break;
601 		case NL80211_CHAN_WIDTH_160:
602 			phymode = MODE_11AC_VHT160;
603 			break;
604 		case NL80211_CHAN_WIDTH_80P80:
605 			phymode = MODE_11AC_VHT80_80;
606 			break;
607 		default:
608 			phymode = MODE_UNKNOWN;
609 			break;
610 		}
611 		break;
612 	default:
613 		break;
614 	}
615 
616 	WARN_ON(phymode == MODE_UNKNOWN);
617 	return phymode;
618 }
619 
620 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
621 {
622 /*
623  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
624  *   0 for no restriction
625  *   1 for 1/4 us
626  *   2 for 1/2 us
627  *   3 for 1 us
628  *   4 for 2 us
629  *   5 for 4 us
630  *   6 for 8 us
631  *   7 for 16 us
632  */
633 	switch (mpdudensity) {
634 	case 0:
635 		return 0;
636 	case 1:
637 	case 2:
638 	case 3:
639 	/* Our lower layer calculations limit our precision to
640 	 * 1 microsecond
641 	 */
642 		return 1;
643 	case 4:
644 		return 2;
645 	case 5:
646 		return 4;
647 	case 6:
648 		return 8;
649 	case 7:
650 		return 16;
651 	default:
652 		return 0;
653 	}
654 }
655 
656 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
657 			struct cfg80211_chan_def *def)
658 {
659 	struct ieee80211_chanctx_conf *conf;
660 
661 	rcu_read_lock();
662 	conf = rcu_dereference(vif->bss_conf.chanctx_conf);
663 	if (!conf) {
664 		rcu_read_unlock();
665 		return -ENOENT;
666 	}
667 
668 	*def = conf->def;
669 	rcu_read_unlock();
670 
671 	return 0;
672 }
673 
674 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
675 					 struct ieee80211_chanctx_conf *conf,
676 					 void *data)
677 {
678 	int *num = data;
679 
680 	(*num)++;
681 }
682 
683 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
684 {
685 	int num = 0;
686 
687 	ieee80211_iter_chan_contexts_atomic(ar->hw,
688 					    ath10k_mac_num_chanctxs_iter,
689 					    &num);
690 
691 	return num;
692 }
693 
694 static void
695 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
696 				struct ieee80211_chanctx_conf *conf,
697 				void *data)
698 {
699 	struct cfg80211_chan_def **def = data;
700 
701 	*def = &conf->def;
702 }
703 
704 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
705 					     const u8 *addr)
706 {
707 	unsigned long time_left;
708 	int ret;
709 
710 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
711 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
712 		if (ret) {
713 			ath10k_warn(ar, "failed wait for peer deleted");
714 			return;
715 		}
716 
717 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
718 							5 * HZ);
719 		if (!time_left)
720 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
721 	}
722 }
723 
724 static int ath10k_peer_create(struct ath10k *ar,
725 			      struct ieee80211_vif *vif,
726 			      struct ieee80211_sta *sta,
727 			      u32 vdev_id,
728 			      const u8 *addr,
729 			      enum wmi_peer_type peer_type)
730 {
731 	struct ath10k_vif *arvif;
732 	struct ath10k_peer *peer;
733 	int num_peers = 0;
734 	int ret;
735 
736 	lockdep_assert_held(&ar->conf_mutex);
737 
738 	num_peers = ar->num_peers;
739 
740 	/* Each vdev consumes a peer entry as well */
741 	list_for_each_entry(arvif, &ar->arvifs, list)
742 		num_peers++;
743 
744 	if (num_peers >= ar->max_num_peers)
745 		return -ENOBUFS;
746 
747 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
748 	if (ret) {
749 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
750 			    addr, vdev_id, ret);
751 		return ret;
752 	}
753 
754 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
755 	if (ret) {
756 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
757 			    addr, vdev_id, ret);
758 		return ret;
759 	}
760 
761 	spin_lock_bh(&ar->data_lock);
762 
763 	peer = ath10k_peer_find(ar, vdev_id, addr);
764 	if (!peer) {
765 		spin_unlock_bh(&ar->data_lock);
766 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
767 			    addr, vdev_id);
768 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
769 		return -ENOENT;
770 	}
771 
772 	peer->vif = vif;
773 	peer->sta = sta;
774 
775 	spin_unlock_bh(&ar->data_lock);
776 
777 	ar->num_peers++;
778 
779 	return 0;
780 }
781 
782 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
783 {
784 	struct ath10k *ar = arvif->ar;
785 	u32 param;
786 	int ret;
787 
788 	param = ar->wmi.pdev_param->sta_kickout_th;
789 	ret = ath10k_wmi_pdev_set_param(ar, param,
790 					ATH10K_KICKOUT_THRESHOLD);
791 	if (ret) {
792 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
793 			    arvif->vdev_id, ret);
794 		return ret;
795 	}
796 
797 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
798 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
799 					ATH10K_KEEPALIVE_MIN_IDLE);
800 	if (ret) {
801 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
802 			    arvif->vdev_id, ret);
803 		return ret;
804 	}
805 
806 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
807 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
808 					ATH10K_KEEPALIVE_MAX_IDLE);
809 	if (ret) {
810 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
811 			    arvif->vdev_id, ret);
812 		return ret;
813 	}
814 
815 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
816 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
817 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
818 	if (ret) {
819 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
820 			    arvif->vdev_id, ret);
821 		return ret;
822 	}
823 
824 	return 0;
825 }
826 
827 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
828 {
829 	struct ath10k *ar = arvif->ar;
830 	u32 vdev_param;
831 
832 	vdev_param = ar->wmi.vdev_param->rts_threshold;
833 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
834 }
835 
836 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
837 {
838 	int ret;
839 
840 	lockdep_assert_held(&ar->conf_mutex);
841 
842 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
843 	if (ret)
844 		return ret;
845 
846 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
847 	if (ret)
848 		return ret;
849 
850 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
851 		unsigned long time_left;
852 
853 		time_left = wait_for_completion_timeout
854 			    (&ar->peer_delete_done, 5 * HZ);
855 
856 		if (!time_left) {
857 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
858 			return -ETIMEDOUT;
859 		}
860 	}
861 
862 	ar->num_peers--;
863 
864 	return 0;
865 }
866 
867 static void ath10k_peer_map_cleanup(struct ath10k *ar, struct ath10k_peer *peer)
868 {
869 	int peer_id, i;
870 
871 	lockdep_assert_held(&ar->conf_mutex);
872 
873 	for_each_set_bit(peer_id, peer->peer_ids,
874 			 ATH10K_MAX_NUM_PEER_IDS) {
875 		ar->peer_map[peer_id] = NULL;
876 	}
877 
878 	/* Double check that peer is properly un-referenced from
879 	 * the peer_map
880 	 */
881 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
882 		if (ar->peer_map[i] == peer) {
883 			ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
884 				    peer->addr, peer, i);
885 			ar->peer_map[i] = NULL;
886 		}
887 	}
888 
889 	list_del(&peer->list);
890 	kfree(peer);
891 	ar->num_peers--;
892 }
893 
894 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
895 {
896 	struct ath10k_peer *peer, *tmp;
897 
898 	lockdep_assert_held(&ar->conf_mutex);
899 
900 	spin_lock_bh(&ar->data_lock);
901 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
902 		if (peer->vdev_id != vdev_id)
903 			continue;
904 
905 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
906 			    peer->addr, vdev_id);
907 
908 		ath10k_peer_map_cleanup(ar, peer);
909 	}
910 	spin_unlock_bh(&ar->data_lock);
911 }
912 
913 static void ath10k_peer_cleanup_all(struct ath10k *ar)
914 {
915 	struct ath10k_peer *peer, *tmp;
916 	int i;
917 
918 	lockdep_assert_held(&ar->conf_mutex);
919 
920 	spin_lock_bh(&ar->data_lock);
921 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
922 		list_del(&peer->list);
923 		kfree(peer);
924 	}
925 
926 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
927 		ar->peer_map[i] = NULL;
928 
929 	spin_unlock_bh(&ar->data_lock);
930 
931 	ar->num_peers = 0;
932 	ar->num_stations = 0;
933 }
934 
935 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
936 				       struct ieee80211_sta *sta,
937 				       enum wmi_tdls_peer_state state)
938 {
939 	int ret;
940 	struct wmi_tdls_peer_update_cmd_arg arg = {};
941 	struct wmi_tdls_peer_capab_arg cap = {};
942 	struct wmi_channel_arg chan_arg = {};
943 
944 	lockdep_assert_held(&ar->conf_mutex);
945 
946 	arg.vdev_id = vdev_id;
947 	arg.peer_state = state;
948 	ether_addr_copy(arg.addr, sta->addr);
949 
950 	cap.peer_max_sp = sta->max_sp;
951 	cap.peer_uapsd_queues = sta->uapsd_queues;
952 
953 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
954 	    !sta->tdls_initiator)
955 		cap.is_peer_responder = 1;
956 
957 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
958 	if (ret) {
959 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
960 			    arg.addr, vdev_id, ret);
961 		return ret;
962 	}
963 
964 	return 0;
965 }
966 
967 /************************/
968 /* Interface management */
969 /************************/
970 
971 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
972 {
973 	struct ath10k *ar = arvif->ar;
974 
975 	lockdep_assert_held(&ar->data_lock);
976 
977 	if (!arvif->beacon)
978 		return;
979 
980 	if (!arvif->beacon_buf)
981 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
982 				 arvif->beacon->len, DMA_TO_DEVICE);
983 
984 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
985 		    arvif->beacon_state != ATH10K_BEACON_SENT))
986 		return;
987 
988 	dev_kfree_skb_any(arvif->beacon);
989 
990 	arvif->beacon = NULL;
991 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
992 }
993 
994 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
995 {
996 	struct ath10k *ar = arvif->ar;
997 
998 	lockdep_assert_held(&ar->data_lock);
999 
1000 	ath10k_mac_vif_beacon_free(arvif);
1001 
1002 	if (arvif->beacon_buf) {
1003 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
1004 			kfree(arvif->beacon_buf);
1005 		else
1006 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
1007 					  arvif->beacon_buf,
1008 					  arvif->beacon_paddr);
1009 		arvif->beacon_buf = NULL;
1010 	}
1011 }
1012 
1013 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
1014 {
1015 	unsigned long time_left;
1016 
1017 	lockdep_assert_held(&ar->conf_mutex);
1018 
1019 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1020 		return -ESHUTDOWN;
1021 
1022 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1023 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1024 	if (time_left == 0)
1025 		return -ETIMEDOUT;
1026 
1027 	return ar->last_wmi_vdev_start_status;
1028 }
1029 
1030 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1031 {
1032 	struct cfg80211_chan_def *chandef = NULL;
1033 	struct ieee80211_channel *channel = NULL;
1034 	struct wmi_vdev_start_request_arg arg = {};
1035 	int ret = 0;
1036 
1037 	lockdep_assert_held(&ar->conf_mutex);
1038 
1039 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1040 					    ath10k_mac_get_any_chandef_iter,
1041 					    &chandef);
1042 	if (WARN_ON_ONCE(!chandef))
1043 		return -ENOENT;
1044 
1045 	channel = chandef->chan;
1046 
1047 	arg.vdev_id = vdev_id;
1048 	arg.channel.freq = channel->center_freq;
1049 	arg.channel.band_center_freq1 = chandef->center_freq1;
1050 	arg.channel.band_center_freq2 = chandef->center_freq2;
1051 
1052 	/* TODO setup this dynamically, what in case we
1053 	 * don't have any vifs?
1054 	 */
1055 	arg.channel.mode = chan_to_phymode(chandef);
1056 	arg.channel.chan_radar =
1057 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1058 
1059 	arg.channel.min_power = 0;
1060 	arg.channel.max_power = channel->max_power * 2;
1061 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1062 	arg.channel.max_antenna_gain = channel->max_antenna_gain;
1063 
1064 	reinit_completion(&ar->vdev_setup_done);
1065 	reinit_completion(&ar->vdev_delete_done);
1066 
1067 	ret = ath10k_wmi_vdev_start(ar, &arg);
1068 	if (ret) {
1069 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1070 			    vdev_id, ret);
1071 		return ret;
1072 	}
1073 
1074 	ret = ath10k_vdev_setup_sync(ar);
1075 	if (ret) {
1076 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1077 			    vdev_id, ret);
1078 		return ret;
1079 	}
1080 
1081 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1082 	if (ret) {
1083 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1084 			    vdev_id, ret);
1085 		goto vdev_stop;
1086 	}
1087 
1088 	ar->monitor_vdev_id = vdev_id;
1089 
1090 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1091 		   ar->monitor_vdev_id);
1092 	return 0;
1093 
1094 vdev_stop:
1095 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1096 	if (ret)
1097 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1098 			    ar->monitor_vdev_id, ret);
1099 
1100 	return ret;
1101 }
1102 
1103 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1104 {
1105 	int ret = 0;
1106 
1107 	lockdep_assert_held(&ar->conf_mutex);
1108 
1109 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1110 	if (ret)
1111 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1112 			    ar->monitor_vdev_id, ret);
1113 
1114 	reinit_completion(&ar->vdev_setup_done);
1115 	reinit_completion(&ar->vdev_delete_done);
1116 
1117 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1118 	if (ret)
1119 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1120 			    ar->monitor_vdev_id, ret);
1121 
1122 	ret = ath10k_vdev_setup_sync(ar);
1123 	if (ret)
1124 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1125 			    ar->monitor_vdev_id, ret);
1126 
1127 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1128 		   ar->monitor_vdev_id);
1129 	return ret;
1130 }
1131 
1132 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1133 {
1134 	int bit, ret = 0;
1135 
1136 	lockdep_assert_held(&ar->conf_mutex);
1137 
1138 	if (ar->free_vdev_map == 0) {
1139 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1140 		return -ENOMEM;
1141 	}
1142 
1143 	bit = __ffs64(ar->free_vdev_map);
1144 
1145 	ar->monitor_vdev_id = bit;
1146 
1147 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1148 				     WMI_VDEV_TYPE_MONITOR,
1149 				     0, ar->mac_addr);
1150 	if (ret) {
1151 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1152 			    ar->monitor_vdev_id, ret);
1153 		return ret;
1154 	}
1155 
1156 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1157 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1158 		   ar->monitor_vdev_id);
1159 
1160 	return 0;
1161 }
1162 
1163 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1164 {
1165 	int ret = 0;
1166 
1167 	lockdep_assert_held(&ar->conf_mutex);
1168 
1169 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1170 	if (ret) {
1171 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1172 			    ar->monitor_vdev_id, ret);
1173 		return ret;
1174 	}
1175 
1176 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1177 
1178 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1179 		   ar->monitor_vdev_id);
1180 	return ret;
1181 }
1182 
1183 static int ath10k_monitor_start(struct ath10k *ar)
1184 {
1185 	int ret;
1186 
1187 	lockdep_assert_held(&ar->conf_mutex);
1188 
1189 	ret = ath10k_monitor_vdev_create(ar);
1190 	if (ret) {
1191 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1192 		return ret;
1193 	}
1194 
1195 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1196 	if (ret) {
1197 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1198 		ath10k_monitor_vdev_delete(ar);
1199 		return ret;
1200 	}
1201 
1202 	ar->monitor_started = true;
1203 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1204 
1205 	return 0;
1206 }
1207 
1208 static int ath10k_monitor_stop(struct ath10k *ar)
1209 {
1210 	int ret;
1211 
1212 	lockdep_assert_held(&ar->conf_mutex);
1213 
1214 	ret = ath10k_monitor_vdev_stop(ar);
1215 	if (ret) {
1216 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1217 		return ret;
1218 	}
1219 
1220 	ret = ath10k_monitor_vdev_delete(ar);
1221 	if (ret) {
1222 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1223 		return ret;
1224 	}
1225 
1226 	ar->monitor_started = false;
1227 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1228 
1229 	return 0;
1230 }
1231 
1232 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1233 {
1234 	int num_ctx;
1235 
1236 	/* At least one chanctx is required to derive a channel to start
1237 	 * monitor vdev on.
1238 	 */
1239 	num_ctx = ath10k_mac_num_chanctxs(ar);
1240 	if (num_ctx == 0)
1241 		return false;
1242 
1243 	/* If there's already an existing special monitor interface then don't
1244 	 * bother creating another monitor vdev.
1245 	 */
1246 	if (ar->monitor_arvif)
1247 		return false;
1248 
1249 	return ar->monitor ||
1250 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1251 			  ar->running_fw->fw_file.fw_features) &&
1252 		(ar->filter_flags & FIF_OTHER_BSS)) ||
1253 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1254 }
1255 
1256 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1257 {
1258 	int num_ctx;
1259 
1260 	num_ctx = ath10k_mac_num_chanctxs(ar);
1261 
1262 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1263 	 * shouldn't allow this but make sure to prevent handling the following
1264 	 * case anyway since multi-channel DFS hasn't been tested at all.
1265 	 */
1266 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1267 		return false;
1268 
1269 	return true;
1270 }
1271 
1272 static int ath10k_monitor_recalc(struct ath10k *ar)
1273 {
1274 	bool needed;
1275 	bool allowed;
1276 	int ret;
1277 
1278 	lockdep_assert_held(&ar->conf_mutex);
1279 
1280 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1281 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1282 
1283 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1284 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1285 		   ar->monitor_started, needed, allowed);
1286 
1287 	if (WARN_ON(needed && !allowed)) {
1288 		if (ar->monitor_started) {
1289 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1290 
1291 			ret = ath10k_monitor_stop(ar);
1292 			if (ret)
1293 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1294 					    ret);
1295 				/* not serious */
1296 		}
1297 
1298 		return -EPERM;
1299 	}
1300 
1301 	if (needed == ar->monitor_started)
1302 		return 0;
1303 
1304 	if (needed)
1305 		return ath10k_monitor_start(ar);
1306 	else
1307 		return ath10k_monitor_stop(ar);
1308 }
1309 
1310 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1311 {
1312 	struct ath10k *ar = arvif->ar;
1313 
1314 	lockdep_assert_held(&ar->conf_mutex);
1315 
1316 	if (!arvif->is_started) {
1317 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1318 		return false;
1319 	}
1320 
1321 	return true;
1322 }
1323 
1324 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1325 {
1326 	struct ath10k *ar = arvif->ar;
1327 	u32 vdev_param;
1328 
1329 	lockdep_assert_held(&ar->conf_mutex);
1330 
1331 	vdev_param = ar->wmi.vdev_param->protection_mode;
1332 
1333 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1334 		   arvif->vdev_id, arvif->use_cts_prot);
1335 
1336 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1337 					 arvif->use_cts_prot ? 1 : 0);
1338 }
1339 
1340 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1341 {
1342 	struct ath10k *ar = arvif->ar;
1343 	u32 vdev_param, rts_cts = 0;
1344 
1345 	lockdep_assert_held(&ar->conf_mutex);
1346 
1347 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1348 
1349 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1350 
1351 	if (arvif->num_legacy_stations > 0)
1352 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1353 			      WMI_RTSCTS_PROFILE);
1354 	else
1355 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1356 			      WMI_RTSCTS_PROFILE);
1357 
1358 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1359 		   arvif->vdev_id, rts_cts);
1360 
1361 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1362 					 rts_cts);
1363 }
1364 
1365 static int ath10k_start_cac(struct ath10k *ar)
1366 {
1367 	int ret;
1368 
1369 	lockdep_assert_held(&ar->conf_mutex);
1370 
1371 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1372 
1373 	ret = ath10k_monitor_recalc(ar);
1374 	if (ret) {
1375 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1376 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1377 		return ret;
1378 	}
1379 
1380 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1381 		   ar->monitor_vdev_id);
1382 
1383 	return 0;
1384 }
1385 
1386 static int ath10k_stop_cac(struct ath10k *ar)
1387 {
1388 	lockdep_assert_held(&ar->conf_mutex);
1389 
1390 	/* CAC is not running - do nothing */
1391 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1392 		return 0;
1393 
1394 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1395 	ath10k_monitor_stop(ar);
1396 
1397 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1398 
1399 	return 0;
1400 }
1401 
1402 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1403 				      struct ieee80211_chanctx_conf *conf,
1404 				      void *data)
1405 {
1406 	bool *ret = data;
1407 
1408 	if (!*ret && conf->radar_enabled)
1409 		*ret = true;
1410 }
1411 
1412 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1413 {
1414 	bool has_radar = false;
1415 
1416 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1417 					    ath10k_mac_has_radar_iter,
1418 					    &has_radar);
1419 
1420 	return has_radar;
1421 }
1422 
1423 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1424 {
1425 	int ret;
1426 
1427 	lockdep_assert_held(&ar->conf_mutex);
1428 
1429 	ath10k_stop_cac(ar);
1430 
1431 	if (!ath10k_mac_has_radar_enabled(ar))
1432 		return;
1433 
1434 	if (ar->num_started_vdevs > 0)
1435 		return;
1436 
1437 	ret = ath10k_start_cac(ar);
1438 	if (ret) {
1439 		/*
1440 		 * Not possible to start CAC on current channel so starting
1441 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1442 		 * by indicating that radar was detected.
1443 		 */
1444 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1445 		ieee80211_radar_detected(ar->hw);
1446 	}
1447 }
1448 
1449 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1450 {
1451 	struct ath10k *ar = arvif->ar;
1452 	int ret;
1453 
1454 	lockdep_assert_held(&ar->conf_mutex);
1455 
1456 	reinit_completion(&ar->vdev_setup_done);
1457 	reinit_completion(&ar->vdev_delete_done);
1458 
1459 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1460 	if (ret) {
1461 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1462 			    arvif->vdev_id, ret);
1463 		return ret;
1464 	}
1465 
1466 	ret = ath10k_vdev_setup_sync(ar);
1467 	if (ret) {
1468 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1469 			    arvif->vdev_id, ret);
1470 		return ret;
1471 	}
1472 
1473 	WARN_ON(ar->num_started_vdevs == 0);
1474 
1475 	if (ar->num_started_vdevs != 0) {
1476 		ar->num_started_vdevs--;
1477 		ath10k_recalc_radar_detection(ar);
1478 	}
1479 
1480 	return ret;
1481 }
1482 
1483 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1484 				     const struct cfg80211_chan_def *chandef,
1485 				     bool restart)
1486 {
1487 	struct ath10k *ar = arvif->ar;
1488 	struct wmi_vdev_start_request_arg arg = {};
1489 	int ret = 0;
1490 
1491 	lockdep_assert_held(&ar->conf_mutex);
1492 
1493 	reinit_completion(&ar->vdev_setup_done);
1494 	reinit_completion(&ar->vdev_delete_done);
1495 
1496 	arg.vdev_id = arvif->vdev_id;
1497 	arg.dtim_period = arvif->dtim_period;
1498 	arg.bcn_intval = arvif->beacon_interval;
1499 
1500 	arg.channel.freq = chandef->chan->center_freq;
1501 	arg.channel.band_center_freq1 = chandef->center_freq1;
1502 	arg.channel.band_center_freq2 = chandef->center_freq2;
1503 	arg.channel.mode = chan_to_phymode(chandef);
1504 
1505 	arg.channel.min_power = 0;
1506 	arg.channel.max_power = chandef->chan->max_power * 2;
1507 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1508 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
1509 
1510 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1511 		arg.ssid = arvif->u.ap.ssid;
1512 		arg.ssid_len = arvif->u.ap.ssid_len;
1513 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1514 
1515 		/* For now allow DFS for AP mode */
1516 		arg.channel.chan_radar =
1517 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1518 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1519 		arg.ssid = arvif->vif->cfg.ssid;
1520 		arg.ssid_len = arvif->vif->cfg.ssid_len;
1521 	}
1522 
1523 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1524 		   "mac vdev %d start center_freq %d phymode %s\n",
1525 		   arg.vdev_id, arg.channel.freq,
1526 		   ath10k_wmi_phymode_str(arg.channel.mode));
1527 
1528 	if (restart)
1529 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1530 	else
1531 		ret = ath10k_wmi_vdev_start(ar, &arg);
1532 
1533 	if (ret) {
1534 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1535 			    arg.vdev_id, ret);
1536 		return ret;
1537 	}
1538 
1539 	ret = ath10k_vdev_setup_sync(ar);
1540 	if (ret) {
1541 		ath10k_warn(ar,
1542 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1543 			    arg.vdev_id, restart, ret);
1544 		return ret;
1545 	}
1546 
1547 	ar->num_started_vdevs++;
1548 	ath10k_recalc_radar_detection(ar);
1549 
1550 	return ret;
1551 }
1552 
1553 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1554 			     const struct cfg80211_chan_def *def)
1555 {
1556 	return ath10k_vdev_start_restart(arvif, def, false);
1557 }
1558 
1559 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1560 			       const struct cfg80211_chan_def *def)
1561 {
1562 	return ath10k_vdev_start_restart(arvif, def, true);
1563 }
1564 
1565 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1566 				       struct sk_buff *bcn)
1567 {
1568 	struct ath10k *ar = arvif->ar;
1569 	struct ieee80211_mgmt *mgmt;
1570 	const u8 *p2p_ie;
1571 	int ret;
1572 
1573 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1574 		return 0;
1575 
1576 	mgmt = (void *)bcn->data;
1577 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1578 					 mgmt->u.beacon.variable,
1579 					 bcn->len - (mgmt->u.beacon.variable -
1580 						     bcn->data));
1581 	if (!p2p_ie)
1582 		return -ENOENT;
1583 
1584 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1585 	if (ret) {
1586 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1587 			    arvif->vdev_id, ret);
1588 		return ret;
1589 	}
1590 
1591 	return 0;
1592 }
1593 
1594 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1595 				       u8 oui_type, size_t ie_offset)
1596 {
1597 	size_t len;
1598 	const u8 *next;
1599 	const u8 *end;
1600 	u8 *ie;
1601 
1602 	if (WARN_ON(skb->len < ie_offset))
1603 		return -EINVAL;
1604 
1605 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1606 					   skb->data + ie_offset,
1607 					   skb->len - ie_offset);
1608 	if (!ie)
1609 		return -ENOENT;
1610 
1611 	len = ie[1] + 2;
1612 	end = skb->data + skb->len;
1613 	next = ie + len;
1614 
1615 	if (WARN_ON(next > end))
1616 		return -EINVAL;
1617 
1618 	memmove(ie, next, end - next);
1619 	skb_trim(skb, skb->len - len);
1620 
1621 	return 0;
1622 }
1623 
1624 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1625 {
1626 	struct ath10k *ar = arvif->ar;
1627 	struct ieee80211_hw *hw = ar->hw;
1628 	struct ieee80211_vif *vif = arvif->vif;
1629 	struct ieee80211_mutable_offsets offs = {};
1630 	struct sk_buff *bcn;
1631 	int ret;
1632 
1633 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1634 		return 0;
1635 
1636 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1637 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1638 		return 0;
1639 
1640 	bcn = ieee80211_beacon_get_template(hw, vif, &offs, 0);
1641 	if (!bcn) {
1642 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1643 		return -EPERM;
1644 	}
1645 
1646 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1647 	if (ret) {
1648 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1649 		kfree_skb(bcn);
1650 		return ret;
1651 	}
1652 
1653 	/* P2P IE is inserted by firmware automatically (as configured above)
1654 	 * so remove it from the base beacon template to avoid duplicate P2P
1655 	 * IEs in beacon frames.
1656 	 */
1657 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1658 				    offsetof(struct ieee80211_mgmt,
1659 					     u.beacon.variable));
1660 
1661 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1662 				  0, NULL, 0);
1663 	kfree_skb(bcn);
1664 
1665 	if (ret) {
1666 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1667 			    ret);
1668 		return ret;
1669 	}
1670 
1671 	return 0;
1672 }
1673 
1674 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1675 {
1676 	struct ath10k *ar = arvif->ar;
1677 	struct ieee80211_hw *hw = ar->hw;
1678 	struct ieee80211_vif *vif = arvif->vif;
1679 	struct sk_buff *prb;
1680 	int ret;
1681 
1682 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1683 		return 0;
1684 
1685 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1686 		return 0;
1687 
1688 	 /* For mesh, probe response and beacon share the same template */
1689 	if (ieee80211_vif_is_mesh(vif))
1690 		return 0;
1691 
1692 	prb = ieee80211_proberesp_get(hw, vif);
1693 	if (!prb) {
1694 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1695 		return -EPERM;
1696 	}
1697 
1698 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1699 	kfree_skb(prb);
1700 
1701 	if (ret) {
1702 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1703 			    ret);
1704 		return ret;
1705 	}
1706 
1707 	return 0;
1708 }
1709 
1710 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1711 {
1712 	struct ath10k *ar = arvif->ar;
1713 	struct cfg80211_chan_def def;
1714 	int ret;
1715 
1716 	/* When originally vdev is started during assign_vif_chanctx() some
1717 	 * information is missing, notably SSID. Firmware revisions with beacon
1718 	 * offloading require the SSID to be provided during vdev (re)start to
1719 	 * handle hidden SSID properly.
1720 	 *
1721 	 * Vdev restart must be done after vdev has been both started and
1722 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1723 	 * deliver vdev restart response event causing timeouts during vdev
1724 	 * syncing in ath10k.
1725 	 *
1726 	 * Note: The vdev down/up and template reinstallation could be skipped
1727 	 * since only wmi-tlv firmware are known to have beacon offload and
1728 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1729 	 * response delivery. It's probably more robust to keep it as is.
1730 	 */
1731 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1732 		return 0;
1733 
1734 	if (WARN_ON(!arvif->is_started))
1735 		return -EINVAL;
1736 
1737 	if (WARN_ON(!arvif->is_up))
1738 		return -EINVAL;
1739 
1740 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1741 		return -EINVAL;
1742 
1743 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1744 	if (ret) {
1745 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1746 			    arvif->vdev_id, ret);
1747 		return ret;
1748 	}
1749 
1750 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1751 	 * firmware will crash upon vdev up.
1752 	 */
1753 
1754 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1755 	if (ret) {
1756 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1757 		return ret;
1758 	}
1759 
1760 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1761 	if (ret) {
1762 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1763 		return ret;
1764 	}
1765 
1766 	ret = ath10k_vdev_restart(arvif, &def);
1767 	if (ret) {
1768 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1769 			    arvif->vdev_id, ret);
1770 		return ret;
1771 	}
1772 
1773 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1774 				 arvif->bssid);
1775 	if (ret) {
1776 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1777 			    arvif->vdev_id, ret);
1778 		return ret;
1779 	}
1780 
1781 	return 0;
1782 }
1783 
1784 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1785 				     struct ieee80211_bss_conf *info)
1786 {
1787 	struct ath10k *ar = arvif->ar;
1788 	int ret = 0;
1789 
1790 	lockdep_assert_held(&arvif->ar->conf_mutex);
1791 
1792 	if (!info->enable_beacon) {
1793 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1794 		if (ret)
1795 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1796 				    arvif->vdev_id, ret);
1797 
1798 		arvif->is_up = false;
1799 
1800 		spin_lock_bh(&arvif->ar->data_lock);
1801 		ath10k_mac_vif_beacon_free(arvif);
1802 		spin_unlock_bh(&arvif->ar->data_lock);
1803 
1804 		return;
1805 	}
1806 
1807 	arvif->tx_seq_no = 0x1000;
1808 
1809 	arvif->aid = 0;
1810 	ether_addr_copy(arvif->bssid, info->bssid);
1811 
1812 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1813 				 arvif->bssid);
1814 	if (ret) {
1815 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1816 			    arvif->vdev_id, ret);
1817 		return;
1818 	}
1819 
1820 	arvif->is_up = true;
1821 
1822 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1823 	if (ret) {
1824 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1825 			    arvif->vdev_id, ret);
1826 		return;
1827 	}
1828 
1829 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1830 }
1831 
1832 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1833 				struct ieee80211_vif *vif)
1834 {
1835 	struct ath10k *ar = arvif->ar;
1836 	u32 vdev_param;
1837 	int ret = 0;
1838 
1839 	lockdep_assert_held(&arvif->ar->conf_mutex);
1840 
1841 	if (!vif->cfg.ibss_joined) {
1842 		if (is_zero_ether_addr(arvif->bssid))
1843 			return;
1844 
1845 		eth_zero_addr(arvif->bssid);
1846 
1847 		return;
1848 	}
1849 
1850 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1851 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1852 					ATH10K_DEFAULT_ATIM);
1853 	if (ret)
1854 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1855 			    arvif->vdev_id, ret);
1856 }
1857 
1858 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1859 {
1860 	struct ath10k *ar = arvif->ar;
1861 	u32 param;
1862 	u32 value;
1863 	int ret;
1864 
1865 	lockdep_assert_held(&arvif->ar->conf_mutex);
1866 
1867 	if (arvif->u.sta.uapsd)
1868 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1869 	else
1870 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1871 
1872 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1873 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1874 	if (ret) {
1875 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1876 			    value, arvif->vdev_id, ret);
1877 		return ret;
1878 	}
1879 
1880 	return 0;
1881 }
1882 
1883 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1884 {
1885 	struct ath10k *ar = arvif->ar;
1886 	u32 param;
1887 	u32 value;
1888 	int ret;
1889 
1890 	lockdep_assert_held(&arvif->ar->conf_mutex);
1891 
1892 	if (arvif->u.sta.uapsd)
1893 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1894 	else
1895 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1896 
1897 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1898 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1899 					  param, value);
1900 	if (ret) {
1901 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1902 			    value, arvif->vdev_id, ret);
1903 		return ret;
1904 	}
1905 
1906 	return 0;
1907 }
1908 
1909 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1910 {
1911 	struct ath10k_vif *arvif;
1912 	int num = 0;
1913 
1914 	lockdep_assert_held(&ar->conf_mutex);
1915 
1916 	list_for_each_entry(arvif, &ar->arvifs, list)
1917 		if (arvif->is_started)
1918 			num++;
1919 
1920 	return num;
1921 }
1922 
1923 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1924 {
1925 	struct ath10k *ar = arvif->ar;
1926 	struct ieee80211_vif *vif = arvif->vif;
1927 	struct ieee80211_conf *conf = &ar->hw->conf;
1928 	enum wmi_sta_powersave_param param;
1929 	enum wmi_sta_ps_mode psmode;
1930 	int ret;
1931 	int ps_timeout;
1932 	bool enable_ps;
1933 
1934 	lockdep_assert_held(&arvif->ar->conf_mutex);
1935 
1936 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1937 		return 0;
1938 
1939 	enable_ps = arvif->ps;
1940 
1941 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1942 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1943 		      ar->running_fw->fw_file.fw_features)) {
1944 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1945 			    arvif->vdev_id);
1946 		enable_ps = false;
1947 	}
1948 
1949 	if (!arvif->is_started) {
1950 		/* mac80211 can update vif powersave state while disconnected.
1951 		 * Firmware doesn't behave nicely and consumes more power than
1952 		 * necessary if PS is disabled on a non-started vdev. Hence
1953 		 * force-enable PS for non-running vdevs.
1954 		 */
1955 		psmode = WMI_STA_PS_MODE_ENABLED;
1956 	} else if (enable_ps) {
1957 		psmode = WMI_STA_PS_MODE_ENABLED;
1958 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1959 
1960 		ps_timeout = conf->dynamic_ps_timeout;
1961 		if (ps_timeout == 0) {
1962 			/* Firmware doesn't like 0 */
1963 			ps_timeout = ieee80211_tu_to_usec(
1964 				vif->bss_conf.beacon_int) / 1000;
1965 		}
1966 
1967 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1968 						  ps_timeout);
1969 		if (ret) {
1970 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1971 				    arvif->vdev_id, ret);
1972 			return ret;
1973 		}
1974 	} else {
1975 		psmode = WMI_STA_PS_MODE_DISABLED;
1976 	}
1977 
1978 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1979 		   arvif->vdev_id, psmode ? "enable" : "disable");
1980 
1981 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1982 	if (ret) {
1983 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
1984 			    psmode, arvif->vdev_id, ret);
1985 		return ret;
1986 	}
1987 
1988 	return 0;
1989 }
1990 
1991 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
1992 {
1993 	struct ath10k *ar = arvif->ar;
1994 	struct wmi_sta_keepalive_arg arg = {};
1995 	int ret;
1996 
1997 	lockdep_assert_held(&arvif->ar->conf_mutex);
1998 
1999 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
2000 		return 0;
2001 
2002 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
2003 		return 0;
2004 
2005 	/* Some firmware revisions have a bug and ignore the `enabled` field.
2006 	 * Instead use the interval to disable the keepalive.
2007 	 */
2008 	arg.vdev_id = arvif->vdev_id;
2009 	arg.enabled = 1;
2010 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
2011 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
2012 
2013 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
2014 	if (ret) {
2015 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
2016 			    arvif->vdev_id, ret);
2017 		return ret;
2018 	}
2019 
2020 	return 0;
2021 }
2022 
2023 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2024 {
2025 	struct ath10k *ar = arvif->ar;
2026 	struct ieee80211_vif *vif = arvif->vif;
2027 	int ret;
2028 
2029 	lockdep_assert_held(&arvif->ar->conf_mutex);
2030 
2031 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2032 		return;
2033 
2034 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2035 		return;
2036 
2037 	if (!vif->bss_conf.csa_active)
2038 		return;
2039 
2040 	if (!arvif->is_up)
2041 		return;
2042 
2043 	if (!ieee80211_beacon_cntdwn_is_complete(vif)) {
2044 		ieee80211_beacon_update_cntdwn(vif);
2045 
2046 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2047 		if (ret)
2048 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2049 				    ret);
2050 
2051 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2052 		if (ret)
2053 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2054 				    ret);
2055 	} else {
2056 		ieee80211_csa_finish(vif);
2057 	}
2058 }
2059 
2060 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2061 {
2062 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2063 						ap_csa_work);
2064 	struct ath10k *ar = arvif->ar;
2065 
2066 	mutex_lock(&ar->conf_mutex);
2067 	ath10k_mac_vif_ap_csa_count_down(arvif);
2068 	mutex_unlock(&ar->conf_mutex);
2069 }
2070 
2071 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2072 					  struct ieee80211_vif *vif)
2073 {
2074 	struct sk_buff *skb = data;
2075 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2076 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2077 
2078 	if (vif->type != NL80211_IFTYPE_STATION)
2079 		return;
2080 
2081 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2082 		return;
2083 
2084 	cancel_delayed_work(&arvif->connection_loss_work);
2085 }
2086 
2087 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2088 {
2089 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2090 						   ATH10K_ITER_NORMAL_FLAGS,
2091 						   ath10k_mac_handle_beacon_iter,
2092 						   skb);
2093 }
2094 
2095 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2096 					       struct ieee80211_vif *vif)
2097 {
2098 	u32 *vdev_id = data;
2099 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2100 	struct ath10k *ar = arvif->ar;
2101 	struct ieee80211_hw *hw = ar->hw;
2102 
2103 	if (arvif->vdev_id != *vdev_id)
2104 		return;
2105 
2106 	if (!arvif->is_up)
2107 		return;
2108 
2109 	ieee80211_beacon_loss(vif);
2110 
2111 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2112 	 * (done by mac80211) succeeds but beacons do not resume then it
2113 	 * doesn't make sense to continue operation. Queue connection loss work
2114 	 * which can be cancelled when beacon is received.
2115 	 */
2116 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2117 				     ATH10K_CONNECTION_LOSS_HZ);
2118 }
2119 
2120 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2121 {
2122 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2123 						   ATH10K_ITER_NORMAL_FLAGS,
2124 						   ath10k_mac_handle_beacon_miss_iter,
2125 						   &vdev_id);
2126 }
2127 
2128 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2129 {
2130 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2131 						connection_loss_work.work);
2132 	struct ieee80211_vif *vif = arvif->vif;
2133 
2134 	if (!arvif->is_up)
2135 		return;
2136 
2137 	ieee80211_connection_loss(vif);
2138 }
2139 
2140 /**********************/
2141 /* Station management */
2142 /**********************/
2143 
2144 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2145 					     struct ieee80211_vif *vif)
2146 {
2147 	/* Some firmware revisions have unstable STA powersave when listen
2148 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2149 	 * generate NullFunc frames properly even if buffered frames have been
2150 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2151 	 * buffered frames. Often pinging the device from AP would simply fail.
2152 	 *
2153 	 * As a workaround set it to 1.
2154 	 */
2155 	if (vif->type == NL80211_IFTYPE_STATION)
2156 		return 1;
2157 
2158 	return ar->hw->conf.listen_interval;
2159 }
2160 
2161 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2162 				      struct ieee80211_vif *vif,
2163 				      struct ieee80211_sta *sta,
2164 				      struct wmi_peer_assoc_complete_arg *arg)
2165 {
2166 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2167 	u32 aid;
2168 
2169 	lockdep_assert_held(&ar->conf_mutex);
2170 
2171 	if (vif->type == NL80211_IFTYPE_STATION)
2172 		aid = vif->cfg.aid;
2173 	else
2174 		aid = sta->aid;
2175 
2176 	ether_addr_copy(arg->addr, sta->addr);
2177 	arg->vdev_id = arvif->vdev_id;
2178 	arg->peer_aid = aid;
2179 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2180 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2181 	arg->peer_num_spatial_streams = 1;
2182 	arg->peer_caps = vif->bss_conf.assoc_capability;
2183 }
2184 
2185 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2186 				       struct ieee80211_vif *vif,
2187 				       struct ieee80211_sta *sta,
2188 				       struct wmi_peer_assoc_complete_arg *arg)
2189 {
2190 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2191 	struct cfg80211_chan_def def;
2192 	struct cfg80211_bss *bss;
2193 	const u8 *rsnie = NULL;
2194 	const u8 *wpaie = NULL;
2195 
2196 	lockdep_assert_held(&ar->conf_mutex);
2197 
2198 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2199 		return;
2200 
2201 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid,
2202 			       vif->cfg.ssid_len ? vif->cfg.ssid : NULL,
2203 			       vif->cfg.ssid_len,
2204 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2205 	if (bss) {
2206 		const struct cfg80211_bss_ies *ies;
2207 
2208 		rcu_read_lock();
2209 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2210 
2211 		ies = rcu_dereference(bss->ies);
2212 
2213 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2214 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2215 						ies->data,
2216 						ies->len);
2217 		rcu_read_unlock();
2218 		cfg80211_put_bss(ar->hw->wiphy, bss);
2219 	}
2220 
2221 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2222 	if (rsnie || wpaie) {
2223 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2224 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2225 	}
2226 
2227 	if (wpaie) {
2228 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2229 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2230 	}
2231 
2232 	if (sta->mfp &&
2233 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2234 		     ar->running_fw->fw_file.fw_features)) {
2235 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2236 	}
2237 }
2238 
2239 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2240 				      struct ieee80211_vif *vif,
2241 				      struct ieee80211_sta *sta,
2242 				      struct wmi_peer_assoc_complete_arg *arg)
2243 {
2244 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2245 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2246 	struct cfg80211_chan_def def;
2247 	const struct ieee80211_supported_band *sband;
2248 	const struct ieee80211_rate *rates;
2249 	enum nl80211_band band;
2250 	u32 ratemask;
2251 	u8 rate;
2252 	int i;
2253 
2254 	lockdep_assert_held(&ar->conf_mutex);
2255 
2256 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2257 		return;
2258 
2259 	band = def.chan->band;
2260 	sband = ar->hw->wiphy->bands[band];
2261 	ratemask = sta->deflink.supp_rates[band];
2262 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2263 	rates = sband->bitrates;
2264 
2265 	rateset->num_rates = 0;
2266 
2267 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2268 		if (!(ratemask & 1))
2269 			continue;
2270 
2271 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2272 		rateset->rates[rateset->num_rates] = rate;
2273 		rateset->num_rates++;
2274 	}
2275 }
2276 
2277 static bool
2278 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2279 {
2280 	int nss;
2281 
2282 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2283 		if (ht_mcs_mask[nss])
2284 			return false;
2285 
2286 	return true;
2287 }
2288 
2289 static bool
2290 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2291 {
2292 	int nss;
2293 
2294 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2295 		if (vht_mcs_mask[nss])
2296 			return false;
2297 
2298 	return true;
2299 }
2300 
2301 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2302 				   struct ieee80211_vif *vif,
2303 				   struct ieee80211_sta *sta,
2304 				   struct wmi_peer_assoc_complete_arg *arg)
2305 {
2306 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
2307 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2308 	struct cfg80211_chan_def def;
2309 	enum nl80211_band band;
2310 	const u8 *ht_mcs_mask;
2311 	const u16 *vht_mcs_mask;
2312 	int i, n;
2313 	u8 max_nss;
2314 	u32 stbc;
2315 
2316 	lockdep_assert_held(&ar->conf_mutex);
2317 
2318 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2319 		return;
2320 
2321 	if (!ht_cap->ht_supported)
2322 		return;
2323 
2324 	band = def.chan->band;
2325 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2326 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2327 
2328 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2329 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2330 		return;
2331 
2332 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2333 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2334 				    ht_cap->ampdu_factor)) - 1;
2335 
2336 	arg->peer_mpdu_density =
2337 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2338 
2339 	arg->peer_ht_caps = ht_cap->cap;
2340 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2341 
2342 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2343 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2344 
2345 	if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40) {
2346 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2347 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2348 	}
2349 
2350 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2351 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2352 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2353 
2354 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2355 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2356 	}
2357 
2358 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2359 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2360 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2361 	}
2362 
2363 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2364 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2365 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2366 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2367 		arg->peer_rate_caps |= stbc;
2368 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2369 	}
2370 
2371 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2372 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2373 	else if (ht_cap->mcs.rx_mask[1])
2374 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2375 
2376 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2377 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2378 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2379 			max_nss = (i / 8) + 1;
2380 			arg->peer_ht_rates.rates[n++] = i;
2381 		}
2382 
2383 	/*
2384 	 * This is a workaround for HT-enabled STAs which break the spec
2385 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2386 	 *
2387 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2388 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2389 	 *
2390 	 * Firmware asserts if such situation occurs.
2391 	 */
2392 	if (n == 0) {
2393 		arg->peer_ht_rates.num_rates = 8;
2394 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2395 			arg->peer_ht_rates.rates[i] = i;
2396 	} else {
2397 		arg->peer_ht_rates.num_rates = n;
2398 		arg->peer_num_spatial_streams = min(sta->deflink.rx_nss,
2399 						    max_nss);
2400 	}
2401 
2402 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2403 		   arg->addr,
2404 		   arg->peer_ht_rates.num_rates,
2405 		   arg->peer_num_spatial_streams);
2406 }
2407 
2408 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2409 				    struct ath10k_vif *arvif,
2410 				    struct ieee80211_sta *sta)
2411 {
2412 	u32 uapsd = 0;
2413 	u32 max_sp = 0;
2414 	int ret = 0;
2415 
2416 	lockdep_assert_held(&ar->conf_mutex);
2417 
2418 	if (sta->wme && sta->uapsd_queues) {
2419 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2420 			   sta->uapsd_queues, sta->max_sp);
2421 
2422 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2423 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2424 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2425 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2426 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2427 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2428 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2429 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2430 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2431 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2432 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2433 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2434 
2435 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2436 			max_sp = sta->max_sp;
2437 
2438 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2439 						 sta->addr,
2440 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2441 						 uapsd);
2442 		if (ret) {
2443 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2444 				    arvif->vdev_id, ret);
2445 			return ret;
2446 		}
2447 
2448 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2449 						 sta->addr,
2450 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2451 						 max_sp);
2452 		if (ret) {
2453 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2454 				    arvif->vdev_id, ret);
2455 			return ret;
2456 		}
2457 
2458 		/* TODO setup this based on STA listen interval and
2459 		 * beacon interval. Currently we don't know
2460 		 * sta->listen_interval - mac80211 patch required.
2461 		 * Currently use 10 seconds
2462 		 */
2463 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2464 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2465 						 10);
2466 		if (ret) {
2467 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2468 				    arvif->vdev_id, ret);
2469 			return ret;
2470 		}
2471 	}
2472 
2473 	return 0;
2474 }
2475 
2476 static u16
2477 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2478 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2479 {
2480 	int idx_limit;
2481 	int nss;
2482 	u16 mcs_map;
2483 	u16 mcs;
2484 
2485 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2486 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2487 			  vht_mcs_limit[nss];
2488 
2489 		if (mcs_map)
2490 			idx_limit = fls(mcs_map) - 1;
2491 		else
2492 			idx_limit = -1;
2493 
2494 		switch (idx_limit) {
2495 		case 0:
2496 		case 1:
2497 		case 2:
2498 		case 3:
2499 		case 4:
2500 		case 5:
2501 		case 6:
2502 		default:
2503 			/* see ath10k_mac_can_set_bitrate_mask() */
2504 			WARN_ON(1);
2505 			fallthrough;
2506 		case -1:
2507 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2508 			break;
2509 		case 7:
2510 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2511 			break;
2512 		case 8:
2513 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2514 			break;
2515 		case 9:
2516 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2517 			break;
2518 		}
2519 
2520 		tx_mcs_set &= ~(0x3 << (nss * 2));
2521 		tx_mcs_set |= mcs << (nss * 2);
2522 	}
2523 
2524 	return tx_mcs_set;
2525 }
2526 
2527 static u32 get_160mhz_nss_from_maxrate(int rate)
2528 {
2529 	u32 nss;
2530 
2531 	switch (rate) {
2532 	case 780:
2533 		nss = 1;
2534 		break;
2535 	case 1560:
2536 		nss = 2;
2537 		break;
2538 	case 2106:
2539 		nss = 3; /* not support MCS9 from spec*/
2540 		break;
2541 	case 3120:
2542 		nss = 4;
2543 		break;
2544 	default:
2545 		 nss = 1;
2546 	}
2547 
2548 	return nss;
2549 }
2550 
2551 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2552 				    struct ieee80211_vif *vif,
2553 				    struct ieee80211_sta *sta,
2554 				    struct wmi_peer_assoc_complete_arg *arg)
2555 {
2556 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2557 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2558 	struct ath10k_hw_params *hw = &ar->hw_params;
2559 	struct cfg80211_chan_def def;
2560 	enum nl80211_band band;
2561 	const u16 *vht_mcs_mask;
2562 	u8 ampdu_factor;
2563 	u8 max_nss, vht_mcs;
2564 	int i;
2565 
2566 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2567 		return;
2568 
2569 	if (!vht_cap->vht_supported)
2570 		return;
2571 
2572 	band = def.chan->band;
2573 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2574 
2575 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2576 		return;
2577 
2578 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2579 
2580 	if (def.chan->band == NL80211_BAND_2GHZ)
2581 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2582 
2583 	arg->peer_vht_caps = vht_cap->cap;
2584 
2585 	ampdu_factor = (vht_cap->cap &
2586 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2587 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2588 
2589 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2590 	 * zero in VHT IE. Using it would result in degraded throughput.
2591 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2592 	 * it if VHT max_mpdu is smaller.
2593 	 */
2594 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2595 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2596 					ampdu_factor)) - 1);
2597 
2598 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2599 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2600 
2601 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
2602 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2603 
2604 	/* Calculate peer NSS capability from VHT capabilities if STA
2605 	 * supports VHT.
2606 	 */
2607 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2608 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2609 			  (2 * i) & 3;
2610 
2611 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2612 		    vht_mcs_mask[i])
2613 			max_nss = i + 1;
2614 	}
2615 	arg->peer_num_spatial_streams = min(sta->deflink.rx_nss, max_nss);
2616 	arg->peer_vht_rates.rx_max_rate =
2617 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2618 	arg->peer_vht_rates.rx_mcs_set =
2619 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2620 	arg->peer_vht_rates.tx_max_rate =
2621 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2622 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2623 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2624 
2625 	/* Configure bandwidth-NSS mapping to FW
2626 	 * for the chip's tx chains setting on 160Mhz bw
2627 	 */
2628 	if (arg->peer_phymode == MODE_11AC_VHT160 ||
2629 	    arg->peer_phymode == MODE_11AC_VHT80_80) {
2630 		u32 rx_nss;
2631 		u32 max_rate;
2632 
2633 		max_rate = arg->peer_vht_rates.rx_max_rate;
2634 		rx_nss = get_160mhz_nss_from_maxrate(max_rate);
2635 
2636 		if (rx_nss == 0)
2637 			rx_nss = arg->peer_num_spatial_streams;
2638 		else
2639 			rx_nss = min(arg->peer_num_spatial_streams, rx_nss);
2640 
2641 		max_rate = hw->vht160_mcs_tx_highest;
2642 		rx_nss = min(rx_nss, get_160mhz_nss_from_maxrate(max_rate));
2643 
2644 		arg->peer_bw_rxnss_override =
2645 			FIELD_PREP(WMI_PEER_NSS_MAP_ENABLE, 1) |
2646 			FIELD_PREP(WMI_PEER_NSS_160MHZ_MASK, (rx_nss - 1));
2647 
2648 		if (arg->peer_phymode == MODE_11AC_VHT80_80) {
2649 			arg->peer_bw_rxnss_override |=
2650 			FIELD_PREP(WMI_PEER_NSS_80_80MHZ_MASK, (rx_nss - 1));
2651 		}
2652 	}
2653 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2654 		   "mac vht peer %pM max_mpdu %d flags 0x%x peer_rx_nss_override 0x%x\n",
2655 		   sta->addr, arg->peer_max_mpdu,
2656 		   arg->peer_flags, arg->peer_bw_rxnss_override);
2657 }
2658 
2659 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2660 				    struct ieee80211_vif *vif,
2661 				    struct ieee80211_sta *sta,
2662 				    struct wmi_peer_assoc_complete_arg *arg)
2663 {
2664 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2665 
2666 	switch (arvif->vdev_type) {
2667 	case WMI_VDEV_TYPE_AP:
2668 		if (sta->wme)
2669 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2670 
2671 		if (sta->wme && sta->uapsd_queues) {
2672 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2673 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2674 		}
2675 		break;
2676 	case WMI_VDEV_TYPE_STA:
2677 		if (sta->wme)
2678 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2679 		break;
2680 	case WMI_VDEV_TYPE_IBSS:
2681 		if (sta->wme)
2682 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2683 		break;
2684 	default:
2685 		break;
2686 	}
2687 
2688 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2689 		   sta->addr, !!(arg->peer_flags &
2690 		   arvif->ar->wmi.peer_flags->qos));
2691 }
2692 
2693 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2694 {
2695 	return sta->deflink.supp_rates[NL80211_BAND_2GHZ] >>
2696 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2697 }
2698 
2699 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2700 						    struct ieee80211_sta *sta)
2701 {
2702 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2703 
2704 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160) {
2705 		switch (vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2706 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2707 			return MODE_11AC_VHT160;
2708 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2709 			return MODE_11AC_VHT80_80;
2710 		default:
2711 			/* not sure if this is a valid case? */
2712 			return MODE_11AC_VHT160;
2713 		}
2714 	}
2715 
2716 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2717 		return MODE_11AC_VHT80;
2718 
2719 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2720 		return MODE_11AC_VHT40;
2721 
2722 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
2723 		return MODE_11AC_VHT20;
2724 
2725 	return MODE_UNKNOWN;
2726 }
2727 
2728 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2729 					struct ieee80211_vif *vif,
2730 					struct ieee80211_sta *sta,
2731 					struct wmi_peer_assoc_complete_arg *arg)
2732 {
2733 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2734 	struct cfg80211_chan_def def;
2735 	enum nl80211_band band;
2736 	const u8 *ht_mcs_mask;
2737 	const u16 *vht_mcs_mask;
2738 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2739 
2740 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2741 		return;
2742 
2743 	band = def.chan->band;
2744 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2745 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2746 
2747 	switch (band) {
2748 	case NL80211_BAND_2GHZ:
2749 		if (sta->deflink.vht_cap.vht_supported &&
2750 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2751 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2752 				phymode = MODE_11AC_VHT40;
2753 			else
2754 				phymode = MODE_11AC_VHT20;
2755 		} else if (sta->deflink.ht_cap.ht_supported &&
2756 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2757 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2758 				phymode = MODE_11NG_HT40;
2759 			else
2760 				phymode = MODE_11NG_HT20;
2761 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2762 			phymode = MODE_11G;
2763 		} else {
2764 			phymode = MODE_11B;
2765 		}
2766 
2767 		break;
2768 	case NL80211_BAND_5GHZ:
2769 		/*
2770 		 * Check VHT first.
2771 		 */
2772 		if (sta->deflink.vht_cap.vht_supported &&
2773 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2774 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2775 		} else if (sta->deflink.ht_cap.ht_supported &&
2776 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2777 			if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40)
2778 				phymode = MODE_11NA_HT40;
2779 			else
2780 				phymode = MODE_11NA_HT20;
2781 		} else {
2782 			phymode = MODE_11A;
2783 		}
2784 
2785 		break;
2786 	default:
2787 		break;
2788 	}
2789 
2790 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2791 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2792 
2793 	arg->peer_phymode = phymode;
2794 	WARN_ON(phymode == MODE_UNKNOWN);
2795 }
2796 
2797 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2798 				     struct ieee80211_vif *vif,
2799 				     struct ieee80211_sta *sta,
2800 				     struct wmi_peer_assoc_complete_arg *arg)
2801 {
2802 	lockdep_assert_held(&ar->conf_mutex);
2803 
2804 	memset(arg, 0, sizeof(*arg));
2805 
2806 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2807 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2808 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2809 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2810 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2811 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2812 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2813 
2814 	return 0;
2815 }
2816 
2817 static const u32 ath10k_smps_map[] = {
2818 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2819 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2820 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2821 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2822 };
2823 
2824 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2825 				  const u8 *addr,
2826 				  const struct ieee80211_sta_ht_cap *ht_cap)
2827 {
2828 	int smps;
2829 
2830 	if (!ht_cap->ht_supported)
2831 		return 0;
2832 
2833 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2834 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2835 
2836 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2837 		return -EINVAL;
2838 
2839 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2840 					 ar->wmi.peer_param->smps_state,
2841 					 ath10k_smps_map[smps]);
2842 }
2843 
2844 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2845 				      struct ieee80211_vif *vif,
2846 				      struct ieee80211_sta_vht_cap vht_cap)
2847 {
2848 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2849 	int ret;
2850 	u32 param;
2851 	u32 value;
2852 
2853 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2854 		return 0;
2855 
2856 	if (!(ar->vht_cap_info &
2857 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2858 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2859 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2860 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2861 		return 0;
2862 
2863 	param = ar->wmi.vdev_param->txbf;
2864 	value = 0;
2865 
2866 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2867 		return 0;
2868 
2869 	/* The following logic is correct. If a remote STA advertises support
2870 	 * for being a beamformer then we should enable us being a beamformee.
2871 	 */
2872 
2873 	if (ar->vht_cap_info &
2874 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2875 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2876 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2877 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2878 
2879 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2880 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2881 	}
2882 
2883 	if (ar->vht_cap_info &
2884 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2885 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2886 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2887 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2888 
2889 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2890 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2891 	}
2892 
2893 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2894 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2895 
2896 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2897 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2898 
2899 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2900 	if (ret) {
2901 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2902 			    value, ret);
2903 		return ret;
2904 	}
2905 
2906 	return 0;
2907 }
2908 
2909 static bool ath10k_mac_is_connected(struct ath10k *ar)
2910 {
2911 	struct ath10k_vif *arvif;
2912 
2913 	list_for_each_entry(arvif, &ar->arvifs, list) {
2914 		if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
2915 			return true;
2916 	}
2917 
2918 	return false;
2919 }
2920 
2921 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
2922 {
2923 	int ret;
2924 	u32 param;
2925 	int tx_power_2g, tx_power_5g;
2926 	bool connected;
2927 
2928 	lockdep_assert_held(&ar->conf_mutex);
2929 
2930 	/* ath10k internally uses unit of 0.5 dBm so multiply by 2 */
2931 	tx_power_2g = txpower * 2;
2932 	tx_power_5g = txpower * 2;
2933 
2934 	connected = ath10k_mac_is_connected(ar);
2935 
2936 	if (connected && ar->tx_power_2g_limit)
2937 		if (tx_power_2g > ar->tx_power_2g_limit)
2938 			tx_power_2g = ar->tx_power_2g_limit;
2939 
2940 	if (connected && ar->tx_power_5g_limit)
2941 		if (tx_power_5g > ar->tx_power_5g_limit)
2942 			tx_power_5g = ar->tx_power_5g_limit;
2943 
2944 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower 2g: %d, 5g: %d\n",
2945 		   tx_power_2g, tx_power_5g);
2946 
2947 	param = ar->wmi.pdev_param->txpower_limit2g;
2948 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_2g);
2949 	if (ret) {
2950 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
2951 			    tx_power_2g, ret);
2952 		return ret;
2953 	}
2954 
2955 	param = ar->wmi.pdev_param->txpower_limit5g;
2956 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_5g);
2957 	if (ret) {
2958 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
2959 			    tx_power_5g, ret);
2960 		return ret;
2961 	}
2962 
2963 	return 0;
2964 }
2965 
2966 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
2967 {
2968 	struct ath10k_vif *arvif;
2969 	int ret, txpower = -1;
2970 
2971 	lockdep_assert_held(&ar->conf_mutex);
2972 
2973 	list_for_each_entry(arvif, &ar->arvifs, list) {
2974 		/* txpower not initialized yet? */
2975 		if (arvif->txpower == INT_MIN)
2976 			continue;
2977 
2978 		if (txpower == -1)
2979 			txpower = arvif->txpower;
2980 		else
2981 			txpower = min(txpower, arvif->txpower);
2982 	}
2983 
2984 	if (txpower == -1)
2985 		return 0;
2986 
2987 	ret = ath10k_mac_txpower_setup(ar, txpower);
2988 	if (ret) {
2989 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
2990 			    txpower, ret);
2991 		return ret;
2992 	}
2993 
2994 	return 0;
2995 }
2996 
2997 static int ath10k_mac_set_sar_power(struct ath10k *ar)
2998 {
2999 	if (!ar->hw_params.dynamic_sar_support)
3000 		return -EOPNOTSUPP;
3001 
3002 	if (!ath10k_mac_is_connected(ar))
3003 		return 0;
3004 
3005 	/* if connected, then arvif->txpower must be valid */
3006 	return ath10k_mac_txpower_recalc(ar);
3007 }
3008 
3009 static int ath10k_mac_set_sar_specs(struct ieee80211_hw *hw,
3010 				    const struct cfg80211_sar_specs *sar)
3011 {
3012 	const struct cfg80211_sar_sub_specs *sub_specs;
3013 	struct ath10k *ar = hw->priv;
3014 	u32 i;
3015 	int ret;
3016 
3017 	mutex_lock(&ar->conf_mutex);
3018 
3019 	if (!ar->hw_params.dynamic_sar_support) {
3020 		ret = -EOPNOTSUPP;
3021 		goto err;
3022 	}
3023 
3024 	if (!sar || sar->type != NL80211_SAR_TYPE_POWER ||
3025 	    sar->num_sub_specs == 0) {
3026 		ret = -EINVAL;
3027 		goto err;
3028 	}
3029 
3030 	sub_specs = sar->sub_specs;
3031 
3032 	/* 0dbm is not a practical value for ath10k, so use 0
3033 	 * as no SAR limitation on it.
3034 	 */
3035 	ar->tx_power_2g_limit = 0;
3036 	ar->tx_power_5g_limit = 0;
3037 
3038 	/* note the power is in 0.25dbm unit, while ath10k uses
3039 	 * 0.5dbm unit.
3040 	 */
3041 	for (i = 0; i < sar->num_sub_specs; i++) {
3042 		if (sub_specs->freq_range_index == 0)
3043 			ar->tx_power_2g_limit = sub_specs->power / 2;
3044 		else if (sub_specs->freq_range_index == 1)
3045 			ar->tx_power_5g_limit = sub_specs->power / 2;
3046 
3047 		sub_specs++;
3048 	}
3049 
3050 	ret = ath10k_mac_set_sar_power(ar);
3051 	if (ret) {
3052 		ath10k_warn(ar, "failed to set sar power: %d", ret);
3053 		goto err;
3054 	}
3055 
3056 err:
3057 	mutex_unlock(&ar->conf_mutex);
3058 	return ret;
3059 }
3060 
3061 /* can be called only in mac80211 callbacks due to `key_count` usage */
3062 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
3063 			     struct ieee80211_vif *vif,
3064 			     struct ieee80211_bss_conf *bss_conf)
3065 {
3066 	struct ath10k *ar = hw->priv;
3067 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3068 	struct ieee80211_sta_ht_cap ht_cap;
3069 	struct ieee80211_sta_vht_cap vht_cap;
3070 	struct wmi_peer_assoc_complete_arg peer_arg;
3071 	struct ieee80211_sta *ap_sta;
3072 	int ret;
3073 
3074 	lockdep_assert_held(&ar->conf_mutex);
3075 
3076 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
3077 		   arvif->vdev_id, arvif->bssid, arvif->aid);
3078 
3079 	rcu_read_lock();
3080 
3081 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
3082 	if (!ap_sta) {
3083 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
3084 			    bss_conf->bssid, arvif->vdev_id);
3085 		rcu_read_unlock();
3086 		return;
3087 	}
3088 
3089 	/* ap_sta must be accessed only within rcu section which must be left
3090 	 * before calling ath10k_setup_peer_smps() which might sleep.
3091 	 */
3092 	ht_cap = ap_sta->deflink.ht_cap;
3093 	vht_cap = ap_sta->deflink.vht_cap;
3094 
3095 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
3096 	if (ret) {
3097 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
3098 			    bss_conf->bssid, arvif->vdev_id, ret);
3099 		rcu_read_unlock();
3100 		return;
3101 	}
3102 
3103 	rcu_read_unlock();
3104 
3105 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3106 	if (ret) {
3107 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
3108 			    bss_conf->bssid, arvif->vdev_id, ret);
3109 		return;
3110 	}
3111 
3112 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
3113 	if (ret) {
3114 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
3115 			    arvif->vdev_id, ret);
3116 		return;
3117 	}
3118 
3119 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3120 	if (ret) {
3121 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
3122 			    arvif->vdev_id, bss_conf->bssid, ret);
3123 		return;
3124 	}
3125 
3126 	ath10k_dbg(ar, ATH10K_DBG_MAC,
3127 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
3128 		   arvif->vdev_id, bss_conf->bssid, vif->cfg.aid);
3129 
3130 	WARN_ON(arvif->is_up);
3131 
3132 	arvif->aid = vif->cfg.aid;
3133 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
3134 
3135 	ret = ath10k_wmi_pdev_set_param(ar,
3136 					ar->wmi.pdev_param->peer_stats_info_enable, 1);
3137 	if (ret)
3138 		ath10k_warn(ar, "failed to enable peer stats info: %d\n", ret);
3139 
3140 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
3141 	if (ret) {
3142 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
3143 			    arvif->vdev_id, ret);
3144 		return;
3145 	}
3146 
3147 	arvif->is_up = true;
3148 
3149 	ath10k_mac_set_sar_power(ar);
3150 
3151 	/* Workaround: Some firmware revisions (tested with qca6174
3152 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
3153 	 * poked with peer param command.
3154 	 */
3155 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
3156 					ar->wmi.peer_param->dummy_var, 1);
3157 	if (ret) {
3158 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
3159 			    arvif->bssid, arvif->vdev_id, ret);
3160 		return;
3161 	}
3162 }
3163 
3164 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
3165 				struct ieee80211_vif *vif)
3166 {
3167 	struct ath10k *ar = hw->priv;
3168 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3169 	struct ieee80211_sta_vht_cap vht_cap = {};
3170 	int ret;
3171 
3172 	lockdep_assert_held(&ar->conf_mutex);
3173 
3174 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
3175 		   arvif->vdev_id, arvif->bssid);
3176 
3177 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
3178 	if (ret)
3179 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
3180 			    arvif->vdev_id, ret);
3181 
3182 	arvif->def_wep_key_idx = -1;
3183 
3184 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3185 	if (ret) {
3186 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
3187 			    arvif->vdev_id, ret);
3188 		return;
3189 	}
3190 
3191 	arvif->is_up = false;
3192 
3193 	ath10k_mac_txpower_recalc(ar);
3194 
3195 	cancel_delayed_work_sync(&arvif->connection_loss_work);
3196 }
3197 
3198 static int ath10k_new_peer_tid_config(struct ath10k *ar,
3199 				      struct ieee80211_sta *sta,
3200 				      struct ath10k_vif *arvif)
3201 {
3202 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
3203 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3204 	bool config_apply;
3205 	int ret, i;
3206 
3207 	for (i = 0; i < ATH10K_TID_MAX; i++) {
3208 		config_apply = false;
3209 		if (arvif->retry_long[i] || arvif->ampdu[i] ||
3210 		    arvif->rate_ctrl[i] || arvif->rtscts[i]) {
3211 			config_apply = true;
3212 			arg.tid = i;
3213 			arg.vdev_id = arvif->vdev_id;
3214 			arg.retry_count = arvif->retry_long[i];
3215 			arg.aggr_control = arvif->ampdu[i];
3216 			arg.rate_ctrl = arvif->rate_ctrl[i];
3217 			arg.rcode_flags = arvif->rate_code[i];
3218 
3219 			if (arvif->rtscts[i])
3220 				arg.ext_tid_cfg_bitmap =
3221 					WMI_EXT_TID_RTS_CTS_CONFIG;
3222 			else
3223 				arg.ext_tid_cfg_bitmap = 0;
3224 
3225 			arg.rtscts_ctrl = arvif->rtscts[i];
3226 		}
3227 
3228 		if (arvif->noack[i]) {
3229 			arg.ack_policy = arvif->noack[i];
3230 			arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
3231 			arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
3232 			config_apply = true;
3233 		}
3234 
3235 		/* Assign default value(-1) to newly connected station.
3236 		 * This is to identify station specific tid configuration not
3237 		 * configured for the station.
3238 		 */
3239 		arsta->retry_long[i] = -1;
3240 		arsta->noack[i] = -1;
3241 		arsta->ampdu[i] = -1;
3242 
3243 		if (!config_apply)
3244 			continue;
3245 
3246 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
3247 
3248 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
3249 		if (ret) {
3250 			ath10k_warn(ar, "failed to set per tid retry/aggr config for sta %pM: %d\n",
3251 				    sta->addr, ret);
3252 			return ret;
3253 		}
3254 
3255 		memset(&arg, 0, sizeof(arg));
3256 	}
3257 
3258 	return 0;
3259 }
3260 
3261 static int ath10k_station_assoc(struct ath10k *ar,
3262 				struct ieee80211_vif *vif,
3263 				struct ieee80211_sta *sta,
3264 				bool reassoc)
3265 {
3266 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3267 	struct wmi_peer_assoc_complete_arg peer_arg;
3268 	int ret = 0;
3269 
3270 	lockdep_assert_held(&ar->conf_mutex);
3271 
3272 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
3273 	if (ret) {
3274 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
3275 			    sta->addr, arvif->vdev_id, ret);
3276 		return ret;
3277 	}
3278 
3279 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3280 	if (ret) {
3281 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
3282 			    sta->addr, arvif->vdev_id, ret);
3283 		return ret;
3284 	}
3285 
3286 	/* Re-assoc is run only to update supported rates for given station. It
3287 	 * doesn't make much sense to reconfigure the peer completely.
3288 	 */
3289 	if (!reassoc) {
3290 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3291 					     &sta->deflink.ht_cap);
3292 		if (ret) {
3293 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3294 				    arvif->vdev_id, ret);
3295 			return ret;
3296 		}
3297 
3298 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3299 		if (ret) {
3300 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3301 				    sta->addr, arvif->vdev_id, ret);
3302 			return ret;
3303 		}
3304 
3305 		if (!sta->wme) {
3306 			arvif->num_legacy_stations++;
3307 			ret  = ath10k_recalc_rtscts_prot(arvif);
3308 			if (ret) {
3309 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3310 					    arvif->vdev_id, ret);
3311 				return ret;
3312 			}
3313 		}
3314 
3315 		/* Plumb cached keys only for static WEP */
3316 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3317 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3318 			if (ret) {
3319 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3320 					    arvif->vdev_id, ret);
3321 				return ret;
3322 			}
3323 		}
3324 	}
3325 
3326 	if (!test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map))
3327 		return ret;
3328 
3329 	return ath10k_new_peer_tid_config(ar, sta, arvif);
3330 }
3331 
3332 static int ath10k_station_disassoc(struct ath10k *ar,
3333 				   struct ieee80211_vif *vif,
3334 				   struct ieee80211_sta *sta)
3335 {
3336 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3337 	int ret = 0;
3338 
3339 	lockdep_assert_held(&ar->conf_mutex);
3340 
3341 	if (!sta->wme) {
3342 		arvif->num_legacy_stations--;
3343 		ret = ath10k_recalc_rtscts_prot(arvif);
3344 		if (ret) {
3345 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3346 				    arvif->vdev_id, ret);
3347 			return ret;
3348 		}
3349 	}
3350 
3351 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3352 	if (ret) {
3353 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3354 			    arvif->vdev_id, ret);
3355 		return ret;
3356 	}
3357 
3358 	return ret;
3359 }
3360 
3361 /**************/
3362 /* Regulatory */
3363 /**************/
3364 
3365 static int ath10k_update_channel_list(struct ath10k *ar)
3366 {
3367 	struct ieee80211_hw *hw = ar->hw;
3368 	struct ieee80211_supported_band **bands;
3369 	enum nl80211_band band;
3370 	struct ieee80211_channel *channel;
3371 	struct wmi_scan_chan_list_arg arg = {0};
3372 	struct wmi_channel_arg *ch;
3373 	bool passive;
3374 	int len;
3375 	int ret;
3376 	int i;
3377 
3378 	lockdep_assert_held(&ar->conf_mutex);
3379 
3380 	bands = hw->wiphy->bands;
3381 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3382 		if (!bands[band])
3383 			continue;
3384 
3385 		for (i = 0; i < bands[band]->n_channels; i++) {
3386 			if (bands[band]->channels[i].flags &
3387 			    IEEE80211_CHAN_DISABLED)
3388 				continue;
3389 
3390 			arg.n_channels++;
3391 		}
3392 	}
3393 
3394 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3395 	arg.channels = kzalloc(len, GFP_KERNEL);
3396 	if (!arg.channels)
3397 		return -ENOMEM;
3398 
3399 	ch = arg.channels;
3400 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3401 		if (!bands[band])
3402 			continue;
3403 
3404 		for (i = 0; i < bands[band]->n_channels; i++) {
3405 			channel = &bands[band]->channels[i];
3406 
3407 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3408 				continue;
3409 
3410 			ch->allow_ht = true;
3411 
3412 			/* FIXME: when should we really allow VHT? */
3413 			ch->allow_vht = true;
3414 
3415 			ch->allow_ibss =
3416 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3417 
3418 			ch->ht40plus =
3419 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3420 
3421 			ch->chan_radar =
3422 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3423 
3424 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3425 			ch->passive = passive;
3426 
3427 			/* the firmware is ignoring the "radar" flag of the
3428 			 * channel and is scanning actively using Probe Requests
3429 			 * on "Radar detection"/DFS channels which are not
3430 			 * marked as "available"
3431 			 */
3432 			ch->passive |= ch->chan_radar;
3433 
3434 			ch->freq = channel->center_freq;
3435 			ch->band_center_freq1 = channel->center_freq;
3436 			ch->min_power = 0;
3437 			ch->max_power = channel->max_power * 2;
3438 			ch->max_reg_power = channel->max_reg_power * 2;
3439 			ch->max_antenna_gain = channel->max_antenna_gain;
3440 			ch->reg_class_id = 0; /* FIXME */
3441 
3442 			/* FIXME: why use only legacy modes, why not any
3443 			 * HT/VHT modes? Would that even make any
3444 			 * difference?
3445 			 */
3446 			if (channel->band == NL80211_BAND_2GHZ)
3447 				ch->mode = MODE_11G;
3448 			else
3449 				ch->mode = MODE_11A;
3450 
3451 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3452 				continue;
3453 
3454 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3455 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3456 				    ch - arg.channels, arg.n_channels,
3457 				   ch->freq, ch->max_power, ch->max_reg_power,
3458 				   ch->max_antenna_gain, ch->mode);
3459 
3460 			ch++;
3461 		}
3462 	}
3463 
3464 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3465 	kfree(arg.channels);
3466 
3467 	return ret;
3468 }
3469 
3470 static enum wmi_dfs_region
3471 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3472 {
3473 	switch (dfs_region) {
3474 	case NL80211_DFS_UNSET:
3475 		return WMI_UNINIT_DFS_DOMAIN;
3476 	case NL80211_DFS_FCC:
3477 		return WMI_FCC_DFS_DOMAIN;
3478 	case NL80211_DFS_ETSI:
3479 		return WMI_ETSI_DFS_DOMAIN;
3480 	case NL80211_DFS_JP:
3481 		return WMI_MKK4_DFS_DOMAIN;
3482 	}
3483 	return WMI_UNINIT_DFS_DOMAIN;
3484 }
3485 
3486 static void ath10k_regd_update(struct ath10k *ar)
3487 {
3488 	struct reg_dmn_pair_mapping *regpair;
3489 	int ret;
3490 	enum wmi_dfs_region wmi_dfs_reg;
3491 	enum nl80211_dfs_regions nl_dfs_reg;
3492 
3493 	lockdep_assert_held(&ar->conf_mutex);
3494 
3495 	ret = ath10k_update_channel_list(ar);
3496 	if (ret)
3497 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3498 
3499 	regpair = ar->ath_common.regulatory.regpair;
3500 
3501 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3502 		nl_dfs_reg = ar->dfs_detector->region;
3503 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3504 	} else {
3505 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3506 	}
3507 
3508 	/* Target allows setting up per-band regdomain but ath_common provides
3509 	 * a combined one only
3510 	 */
3511 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3512 					    regpair->reg_domain,
3513 					    regpair->reg_domain, /* 2ghz */
3514 					    regpair->reg_domain, /* 5ghz */
3515 					    regpair->reg_2ghz_ctl,
3516 					    regpair->reg_5ghz_ctl,
3517 					    wmi_dfs_reg);
3518 	if (ret)
3519 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3520 }
3521 
3522 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3523 					   struct ieee80211_supported_band *band)
3524 {
3525 	int i;
3526 
3527 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3528 		for (i = 0; i < band->n_channels; i++) {
3529 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3530 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3531 				band->channels[i].flags |=
3532 					IEEE80211_CHAN_DISABLED;
3533 		}
3534 	}
3535 }
3536 
3537 static void ath10k_reg_notifier(struct wiphy *wiphy,
3538 				struct regulatory_request *request)
3539 {
3540 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3541 	struct ath10k *ar = hw->priv;
3542 	bool result;
3543 
3544 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3545 
3546 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3547 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3548 			   request->dfs_region);
3549 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3550 							  request->dfs_region);
3551 		if (!result)
3552 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3553 				    request->dfs_region);
3554 	}
3555 
3556 	mutex_lock(&ar->conf_mutex);
3557 	if (ar->state == ATH10K_STATE_ON)
3558 		ath10k_regd_update(ar);
3559 	mutex_unlock(&ar->conf_mutex);
3560 
3561 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3562 		ath10k_mac_update_channel_list(ar,
3563 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3564 }
3565 
3566 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3567 {
3568 	spin_lock_bh(&ar->data_lock);
3569 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3570 	spin_unlock_bh(&ar->data_lock);
3571 
3572 	cancel_work_sync(&ar->radar_confirmation_work);
3573 }
3574 
3575 /***************/
3576 /* TX handlers */
3577 /***************/
3578 
3579 enum ath10k_mac_tx_path {
3580 	ATH10K_MAC_TX_HTT,
3581 	ATH10K_MAC_TX_HTT_MGMT,
3582 	ATH10K_MAC_TX_WMI_MGMT,
3583 	ATH10K_MAC_TX_UNKNOWN,
3584 };
3585 
3586 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3587 {
3588 	lockdep_assert_held(&ar->htt.tx_lock);
3589 
3590 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3591 	ar->tx_paused |= BIT(reason);
3592 	ieee80211_stop_queues(ar->hw);
3593 }
3594 
3595 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3596 				      struct ieee80211_vif *vif)
3597 {
3598 	struct ath10k *ar = data;
3599 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3600 
3601 	if (arvif->tx_paused)
3602 		return;
3603 
3604 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3605 }
3606 
3607 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3608 {
3609 	lockdep_assert_held(&ar->htt.tx_lock);
3610 
3611 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3612 	ar->tx_paused &= ~BIT(reason);
3613 
3614 	if (ar->tx_paused)
3615 		return;
3616 
3617 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3618 						   ATH10K_ITER_RESUME_FLAGS,
3619 						   ath10k_mac_tx_unlock_iter,
3620 						   ar);
3621 
3622 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3623 }
3624 
3625 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3626 {
3627 	struct ath10k *ar = arvif->ar;
3628 
3629 	lockdep_assert_held(&ar->htt.tx_lock);
3630 
3631 	WARN_ON(reason >= BITS_PER_LONG);
3632 	arvif->tx_paused |= BIT(reason);
3633 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3634 }
3635 
3636 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3637 {
3638 	struct ath10k *ar = arvif->ar;
3639 
3640 	lockdep_assert_held(&ar->htt.tx_lock);
3641 
3642 	WARN_ON(reason >= BITS_PER_LONG);
3643 	arvif->tx_paused &= ~BIT(reason);
3644 
3645 	if (ar->tx_paused)
3646 		return;
3647 
3648 	if (arvif->tx_paused)
3649 		return;
3650 
3651 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3652 }
3653 
3654 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3655 					   enum wmi_tlv_tx_pause_id pause_id,
3656 					   enum wmi_tlv_tx_pause_action action)
3657 {
3658 	struct ath10k *ar = arvif->ar;
3659 
3660 	lockdep_assert_held(&ar->htt.tx_lock);
3661 
3662 	switch (action) {
3663 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3664 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3665 		break;
3666 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3667 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3668 		break;
3669 	default:
3670 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3671 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3672 			    action, arvif->vdev_id);
3673 		break;
3674 	}
3675 }
3676 
3677 struct ath10k_mac_tx_pause {
3678 	u32 vdev_id;
3679 	enum wmi_tlv_tx_pause_id pause_id;
3680 	enum wmi_tlv_tx_pause_action action;
3681 };
3682 
3683 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3684 					    struct ieee80211_vif *vif)
3685 {
3686 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3687 	struct ath10k_mac_tx_pause *arg = data;
3688 
3689 	if (arvif->vdev_id != arg->vdev_id)
3690 		return;
3691 
3692 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3693 }
3694 
3695 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3696 				     enum wmi_tlv_tx_pause_id pause_id,
3697 				     enum wmi_tlv_tx_pause_action action)
3698 {
3699 	struct ath10k_mac_tx_pause arg = {
3700 		.vdev_id = vdev_id,
3701 		.pause_id = pause_id,
3702 		.action = action,
3703 	};
3704 
3705 	spin_lock_bh(&ar->htt.tx_lock);
3706 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3707 						   ATH10K_ITER_RESUME_FLAGS,
3708 						   ath10k_mac_handle_tx_pause_iter,
3709 						   &arg);
3710 	spin_unlock_bh(&ar->htt.tx_lock);
3711 }
3712 
3713 static enum ath10k_hw_txrx_mode
3714 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3715 			   struct ieee80211_vif *vif,
3716 			   struct ieee80211_sta *sta,
3717 			   struct sk_buff *skb)
3718 {
3719 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3720 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3721 	__le16 fc = hdr->frame_control;
3722 
3723 	if (IEEE80211_SKB_CB(skb)->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)
3724 		return ATH10K_HW_TXRX_ETHERNET;
3725 
3726 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3727 		return ATH10K_HW_TXRX_RAW;
3728 
3729 	if (ieee80211_is_mgmt(fc))
3730 		return ATH10K_HW_TXRX_MGMT;
3731 
3732 	/* Workaround:
3733 	 *
3734 	 * NullFunc frames are mostly used to ping if a client or AP are still
3735 	 * reachable and responsive. This implies tx status reports must be
3736 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3737 	 * come to a conclusion that the other end disappeared and tear down
3738 	 * BSS connection or it can never disconnect from BSS/client (which is
3739 	 * the case).
3740 	 *
3741 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3742 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3743 	 * which seems to deliver correct tx reports for NullFunc frames. The
3744 	 * downside of using it is it ignores client powersave state so it can
3745 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3746 	 * mode though because AP don't sleep.
3747 	 */
3748 	if (ar->htt.target_version_major < 3 &&
3749 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3750 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3751 		      ar->running_fw->fw_file.fw_features))
3752 		return ATH10K_HW_TXRX_MGMT;
3753 
3754 	/* Workaround:
3755 	 *
3756 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3757 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3758 	 * to work with Ethernet txmode so use it.
3759 	 *
3760 	 * FIXME: Check if raw mode works with TDLS.
3761 	 */
3762 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3763 		return ATH10K_HW_TXRX_ETHERNET;
3764 
3765 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3766 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3767 		return ATH10K_HW_TXRX_RAW;
3768 
3769 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3770 }
3771 
3772 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3773 				     struct sk_buff *skb)
3774 {
3775 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3776 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3777 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3778 			 IEEE80211_TX_CTL_INJECTED;
3779 
3780 	if (!ieee80211_has_protected(hdr->frame_control))
3781 		return false;
3782 
3783 	if ((info->flags & mask) == mask)
3784 		return false;
3785 
3786 	if (vif)
3787 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3788 
3789 	return true;
3790 }
3791 
3792 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3793  * Control in the header.
3794  */
3795 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3796 {
3797 	struct ieee80211_hdr *hdr = (void *)skb->data;
3798 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3799 	u8 *qos_ctl;
3800 
3801 	if (!ieee80211_is_data_qos(hdr->frame_control))
3802 		return;
3803 
3804 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3805 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3806 		skb->data, (void *)qos_ctl - (void *)skb->data);
3807 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3808 
3809 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3810 	 * These frames are mainly used for CQM purposes so it doesn't really
3811 	 * matter whether QoS NullFunc or NullFunc are sent.
3812 	 */
3813 	hdr = (void *)skb->data;
3814 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3815 		cb->flags &= ~ATH10K_SKB_F_QOS;
3816 
3817 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3818 }
3819 
3820 static void ath10k_tx_h_8023(struct sk_buff *skb)
3821 {
3822 	struct ieee80211_hdr *hdr;
3823 	struct rfc1042_hdr *rfc1042;
3824 	struct ethhdr *eth;
3825 	size_t hdrlen;
3826 	u8 da[ETH_ALEN];
3827 	u8 sa[ETH_ALEN];
3828 	__be16 type;
3829 
3830 	hdr = (void *)skb->data;
3831 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3832 	rfc1042 = (void *)skb->data + hdrlen;
3833 
3834 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3835 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3836 	type = rfc1042->snap_type;
3837 
3838 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3839 	skb_push(skb, sizeof(*eth));
3840 
3841 	eth = (void *)skb->data;
3842 	ether_addr_copy(eth->h_dest, da);
3843 	ether_addr_copy(eth->h_source, sa);
3844 	eth->h_proto = type;
3845 }
3846 
3847 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3848 				       struct ieee80211_vif *vif,
3849 				       struct sk_buff *skb)
3850 {
3851 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3852 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3853 
3854 	/* This is case only for P2P_GO */
3855 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3856 		return;
3857 
3858 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3859 		spin_lock_bh(&ar->data_lock);
3860 		if (arvif->u.ap.noa_data)
3861 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3862 					      GFP_ATOMIC))
3863 				skb_put_data(skb, arvif->u.ap.noa_data,
3864 					     arvif->u.ap.noa_len);
3865 		spin_unlock_bh(&ar->data_lock);
3866 	}
3867 }
3868 
3869 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3870 				    struct ieee80211_vif *vif,
3871 				    struct ieee80211_txq *txq,
3872 				    struct ieee80211_sta *sta,
3873 				    struct sk_buff *skb, u16 airtime)
3874 {
3875 	struct ieee80211_hdr *hdr = (void *)skb->data;
3876 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3877 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3878 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3879 			ieee80211_is_data_qos(hdr->frame_control);
3880 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3881 	struct ath10k_sta *arsta;
3882 	u8 tid, *qos_ctl;
3883 	bool noack = false;
3884 
3885 	cb->flags = 0;
3886 
3887 	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3888 		cb->flags |= ATH10K_SKB_F_QOS;	/* Assume data frames are QoS */
3889 		goto finish_cb_fill;
3890 	}
3891 
3892 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3893 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3894 
3895 	if (ieee80211_is_mgmt(hdr->frame_control))
3896 		cb->flags |= ATH10K_SKB_F_MGMT;
3897 
3898 	if (ieee80211_is_data_qos(hdr->frame_control)) {
3899 		cb->flags |= ATH10K_SKB_F_QOS;
3900 		qos_ctl = ieee80211_get_qos_ctl(hdr);
3901 		tid = (*qos_ctl) & IEEE80211_QOS_CTL_TID_MASK;
3902 
3903 		if (arvif->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3904 			noack = true;
3905 
3906 		if (sta) {
3907 			arsta = (struct ath10k_sta *)sta->drv_priv;
3908 
3909 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3910 				noack = true;
3911 
3912 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_ACK)
3913 				noack = false;
3914 		}
3915 
3916 		if (noack)
3917 			cb->flags |= ATH10K_SKB_F_NOACK_TID;
3918 	}
3919 
3920 	/* Data frames encrypted in software will be posted to firmware
3921 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3922 	 * for a specific VLAN group will always be encrypted in software.
3923 	 */
3924 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3925 	    !info->control.hw_key) {
3926 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3927 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3928 	}
3929 
3930 finish_cb_fill:
3931 	cb->vif = vif;
3932 	cb->txq = txq;
3933 	cb->airtime_est = airtime;
3934 	if (sta) {
3935 		arsta = (struct ath10k_sta *)sta->drv_priv;
3936 		spin_lock_bh(&ar->data_lock);
3937 		cb->ucast_cipher = arsta->ucast_cipher;
3938 		spin_unlock_bh(&ar->data_lock);
3939 	}
3940 }
3941 
3942 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3943 {
3944 	/* FIXME: Not really sure since when the behaviour changed. At some
3945 	 * point new firmware stopped requiring creation of peer entries for
3946 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3947 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3948 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3949 	 */
3950 	return (ar->htt.target_version_major >= 3 &&
3951 		ar->htt.target_version_minor >= 4 &&
3952 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3953 }
3954 
3955 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3956 {
3957 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3958 
3959 	if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
3960 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3961 		return -ENOSPC;
3962 	}
3963 
3964 	skb_queue_tail(q, skb);
3965 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3966 
3967 	return 0;
3968 }
3969 
3970 static enum ath10k_mac_tx_path
3971 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3972 			   struct sk_buff *skb,
3973 			   enum ath10k_hw_txrx_mode txmode)
3974 {
3975 	switch (txmode) {
3976 	case ATH10K_HW_TXRX_RAW:
3977 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3978 	case ATH10K_HW_TXRX_ETHERNET:
3979 		return ATH10K_MAC_TX_HTT;
3980 	case ATH10K_HW_TXRX_MGMT:
3981 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3982 			     ar->running_fw->fw_file.fw_features) ||
3983 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
3984 				      ar->wmi.svc_map))
3985 			return ATH10K_MAC_TX_WMI_MGMT;
3986 		else if (ar->htt.target_version_major >= 3)
3987 			return ATH10K_MAC_TX_HTT;
3988 		else
3989 			return ATH10K_MAC_TX_HTT_MGMT;
3990 	}
3991 
3992 	return ATH10K_MAC_TX_UNKNOWN;
3993 }
3994 
3995 static int ath10k_mac_tx_submit(struct ath10k *ar,
3996 				enum ath10k_hw_txrx_mode txmode,
3997 				enum ath10k_mac_tx_path txpath,
3998 				struct sk_buff *skb)
3999 {
4000 	struct ath10k_htt *htt = &ar->htt;
4001 	int ret = -EINVAL;
4002 
4003 	switch (txpath) {
4004 	case ATH10K_MAC_TX_HTT:
4005 		ret = ath10k_htt_tx(htt, txmode, skb);
4006 		break;
4007 	case ATH10K_MAC_TX_HTT_MGMT:
4008 		ret = ath10k_htt_mgmt_tx(htt, skb);
4009 		break;
4010 	case ATH10K_MAC_TX_WMI_MGMT:
4011 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
4012 		break;
4013 	case ATH10K_MAC_TX_UNKNOWN:
4014 		WARN_ON_ONCE(1);
4015 		ret = -EINVAL;
4016 		break;
4017 	}
4018 
4019 	if (ret) {
4020 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
4021 			    ret);
4022 		ieee80211_free_txskb(ar->hw, skb);
4023 	}
4024 
4025 	return ret;
4026 }
4027 
4028 /* This function consumes the sk_buff regardless of return value as far as
4029  * caller is concerned so no freeing is necessary afterwards.
4030  */
4031 static int ath10k_mac_tx(struct ath10k *ar,
4032 			 struct ieee80211_vif *vif,
4033 			 enum ath10k_hw_txrx_mode txmode,
4034 			 enum ath10k_mac_tx_path txpath,
4035 			 struct sk_buff *skb, bool noque_offchan)
4036 {
4037 	struct ieee80211_hw *hw = ar->hw;
4038 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4039 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
4040 	int ret;
4041 
4042 	/* We should disable CCK RATE due to P2P */
4043 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
4044 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
4045 
4046 	switch (txmode) {
4047 	case ATH10K_HW_TXRX_MGMT:
4048 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4049 		ath10k_tx_h_nwifi(hw, skb);
4050 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
4051 		ath10k_tx_h_seq_no(vif, skb);
4052 		break;
4053 	case ATH10K_HW_TXRX_ETHERNET:
4054 		/* Convert 802.11->802.3 header only if the frame was earlier
4055 		 * encapsulated to 802.11 by mac80211. Otherwise pass it as is.
4056 		 */
4057 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP))
4058 			ath10k_tx_h_8023(skb);
4059 		break;
4060 	case ATH10K_HW_TXRX_RAW:
4061 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
4062 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
4063 			WARN_ON_ONCE(1);
4064 			ieee80211_free_txskb(hw, skb);
4065 			return -ENOTSUPP;
4066 		}
4067 	}
4068 
4069 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
4070 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
4071 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %pK len %d\n",
4072 				   skb, skb->len);
4073 
4074 			skb_queue_tail(&ar->offchan_tx_queue, skb);
4075 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
4076 			return 0;
4077 		}
4078 	}
4079 
4080 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
4081 	if (ret) {
4082 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
4083 		return ret;
4084 	}
4085 
4086 	return 0;
4087 }
4088 
4089 void ath10k_offchan_tx_purge(struct ath10k *ar)
4090 {
4091 	struct sk_buff *skb;
4092 
4093 	for (;;) {
4094 		skb = skb_dequeue(&ar->offchan_tx_queue);
4095 		if (!skb)
4096 			break;
4097 
4098 		ieee80211_free_txskb(ar->hw, skb);
4099 	}
4100 }
4101 
4102 void ath10k_offchan_tx_work(struct work_struct *work)
4103 {
4104 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
4105 	struct ath10k_peer *peer;
4106 	struct ath10k_vif *arvif;
4107 	enum ath10k_hw_txrx_mode txmode;
4108 	enum ath10k_mac_tx_path txpath;
4109 	struct ieee80211_hdr *hdr;
4110 	struct ieee80211_vif *vif;
4111 	struct ieee80211_sta *sta;
4112 	struct sk_buff *skb;
4113 	const u8 *peer_addr;
4114 	int vdev_id;
4115 	int ret;
4116 	unsigned long time_left;
4117 	bool tmp_peer_created = false;
4118 
4119 	/* FW requirement: We must create a peer before FW will send out
4120 	 * an offchannel frame. Otherwise the frame will be stuck and
4121 	 * never transmitted. We delete the peer upon tx completion.
4122 	 * It is unlikely that a peer for offchannel tx will already be
4123 	 * present. However it may be in some rare cases so account for that.
4124 	 * Otherwise we might remove a legitimate peer and break stuff.
4125 	 */
4126 
4127 	for (;;) {
4128 		skb = skb_dequeue(&ar->offchan_tx_queue);
4129 		if (!skb)
4130 			break;
4131 
4132 		mutex_lock(&ar->conf_mutex);
4133 
4134 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %pK len %d\n",
4135 			   skb, skb->len);
4136 
4137 		hdr = (struct ieee80211_hdr *)skb->data;
4138 		peer_addr = ieee80211_get_DA(hdr);
4139 
4140 		spin_lock_bh(&ar->data_lock);
4141 		vdev_id = ar->scan.vdev_id;
4142 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
4143 		spin_unlock_bh(&ar->data_lock);
4144 
4145 		if (peer) {
4146 			ath10k_warn(ar, "peer %pM on vdev %d already present\n",
4147 				    peer_addr, vdev_id);
4148 		} else {
4149 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
4150 						 peer_addr,
4151 						 WMI_PEER_TYPE_DEFAULT);
4152 			if (ret)
4153 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
4154 					    peer_addr, vdev_id, ret);
4155 			tmp_peer_created = (ret == 0);
4156 		}
4157 
4158 		spin_lock_bh(&ar->data_lock);
4159 		reinit_completion(&ar->offchan_tx_completed);
4160 		ar->offchan_tx_skb = skb;
4161 		spin_unlock_bh(&ar->data_lock);
4162 
4163 		/* It's safe to access vif and sta - conf_mutex guarantees that
4164 		 * sta_state() and remove_interface() are locked exclusively
4165 		 * out wrt to this offchannel worker.
4166 		 */
4167 		arvif = ath10k_get_arvif(ar, vdev_id);
4168 		if (arvif) {
4169 			vif = arvif->vif;
4170 			sta = ieee80211_find_sta(vif, peer_addr);
4171 		} else {
4172 			vif = NULL;
4173 			sta = NULL;
4174 		}
4175 
4176 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4177 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4178 
4179 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
4180 		if (ret) {
4181 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
4182 				    ret);
4183 			/* not serious */
4184 		}
4185 
4186 		time_left =
4187 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
4188 		if (time_left == 0)
4189 			ath10k_warn(ar, "timed out waiting for offchannel skb %pK, len: %d\n",
4190 				    skb, skb->len);
4191 
4192 		if (!peer && tmp_peer_created) {
4193 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
4194 			if (ret)
4195 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
4196 					    peer_addr, vdev_id, ret);
4197 		}
4198 
4199 		mutex_unlock(&ar->conf_mutex);
4200 	}
4201 }
4202 
4203 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
4204 {
4205 	struct sk_buff *skb;
4206 
4207 	for (;;) {
4208 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4209 		if (!skb)
4210 			break;
4211 
4212 		ieee80211_free_txskb(ar->hw, skb);
4213 	}
4214 }
4215 
4216 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
4217 {
4218 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
4219 	struct sk_buff *skb;
4220 	dma_addr_t paddr;
4221 	int ret;
4222 
4223 	for (;;) {
4224 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4225 		if (!skb)
4226 			break;
4227 
4228 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
4229 			     ar->running_fw->fw_file.fw_features)) {
4230 			paddr = dma_map_single(ar->dev, skb->data,
4231 					       skb->len, DMA_TO_DEVICE);
4232 			if (dma_mapping_error(ar->dev, paddr)) {
4233 				ieee80211_free_txskb(ar->hw, skb);
4234 				continue;
4235 			}
4236 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
4237 			if (ret) {
4238 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
4239 					    ret);
4240 				/* remove this msdu from idr tracking */
4241 				ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
4242 
4243 				dma_unmap_single(ar->dev, paddr, skb->len,
4244 						 DMA_TO_DEVICE);
4245 				ieee80211_free_txskb(ar->hw, skb);
4246 			}
4247 		} else {
4248 			ret = ath10k_wmi_mgmt_tx(ar, skb);
4249 			if (ret) {
4250 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
4251 					    ret);
4252 				ieee80211_free_txskb(ar->hw, skb);
4253 			}
4254 		}
4255 	}
4256 }
4257 
4258 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
4259 {
4260 	struct ath10k_txq *artxq;
4261 
4262 	if (!txq)
4263 		return;
4264 
4265 	artxq = (void *)txq->drv_priv;
4266 	INIT_LIST_HEAD(&artxq->list);
4267 }
4268 
4269 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
4270 {
4271 	struct ath10k_skb_cb *cb;
4272 	struct sk_buff *msdu;
4273 	int msdu_id;
4274 
4275 	if (!txq)
4276 		return;
4277 
4278 	spin_lock_bh(&ar->htt.tx_lock);
4279 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
4280 		cb = ATH10K_SKB_CB(msdu);
4281 		if (cb->txq == txq)
4282 			cb->txq = NULL;
4283 	}
4284 	spin_unlock_bh(&ar->htt.tx_lock);
4285 }
4286 
4287 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
4288 					    u16 peer_id,
4289 					    u8 tid)
4290 {
4291 	struct ath10k_peer *peer;
4292 
4293 	lockdep_assert_held(&ar->data_lock);
4294 
4295 	peer = ar->peer_map[peer_id];
4296 	if (!peer)
4297 		return NULL;
4298 
4299 	if (peer->removed)
4300 		return NULL;
4301 
4302 	if (peer->sta)
4303 		return peer->sta->txq[tid];
4304 	else if (peer->vif)
4305 		return peer->vif->txq;
4306 	else
4307 		return NULL;
4308 }
4309 
4310 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
4311 				   struct ieee80211_txq *txq)
4312 {
4313 	struct ath10k *ar = hw->priv;
4314 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4315 
4316 	/* No need to get locks */
4317 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
4318 		return true;
4319 
4320 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
4321 		return true;
4322 
4323 	if (artxq->num_fw_queued < artxq->num_push_allowed)
4324 		return true;
4325 
4326 	return false;
4327 }
4328 
4329 /* Return estimated airtime in microsecond, which is calculated using last
4330  * reported TX rate. This is just a rough estimation because host driver has no
4331  * knowledge of the actual transmit rate, retries or aggregation. If actual
4332  * airtime can be reported by firmware, then delta between estimated and actual
4333  * airtime can be adjusted from deficit.
4334  */
4335 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4336 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4337 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4338 				     struct ieee80211_txq *txq,
4339 				     struct sk_buff *skb)
4340 {
4341 	struct ath10k_sta *arsta;
4342 	u32 pktlen;
4343 	u16 airtime = 0;
4344 
4345 	if (!txq || !txq->sta)
4346 		return airtime;
4347 
4348 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4349 		return airtime;
4350 
4351 	spin_lock_bh(&ar->data_lock);
4352 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4353 
4354 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4355 	if (arsta->last_tx_bitrate) {
4356 		/* airtime in us, last_tx_bitrate in 100kbps */
4357 		airtime = (pktlen * 8 * (1000 / 100))
4358 				/ arsta->last_tx_bitrate;
4359 		/* overhead for media access time and IFS */
4360 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4361 	} else {
4362 		/* This is mostly for throttle excessive BC/MC frames, and the
4363 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4364 		 * in 2G get some discount, which helps prevent very low rate
4365 		 * frames from being blocked for too long.
4366 		 */
4367 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4368 		airtime += IEEE80211_ATF_OVERHEAD;
4369 	}
4370 	spin_unlock_bh(&ar->data_lock);
4371 
4372 	return airtime;
4373 }
4374 
4375 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4376 			   struct ieee80211_txq *txq)
4377 {
4378 	struct ath10k *ar = hw->priv;
4379 	struct ath10k_htt *htt = &ar->htt;
4380 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4381 	struct ieee80211_vif *vif = txq->vif;
4382 	struct ieee80211_sta *sta = txq->sta;
4383 	enum ath10k_hw_txrx_mode txmode;
4384 	enum ath10k_mac_tx_path txpath;
4385 	struct sk_buff *skb;
4386 	struct ieee80211_hdr *hdr;
4387 	size_t skb_len;
4388 	bool is_mgmt, is_presp;
4389 	int ret;
4390 	u16 airtime;
4391 
4392 	spin_lock_bh(&ar->htt.tx_lock);
4393 	ret = ath10k_htt_tx_inc_pending(htt);
4394 	spin_unlock_bh(&ar->htt.tx_lock);
4395 
4396 	if (ret)
4397 		return ret;
4398 
4399 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4400 	if (!skb) {
4401 		spin_lock_bh(&ar->htt.tx_lock);
4402 		ath10k_htt_tx_dec_pending(htt);
4403 		spin_unlock_bh(&ar->htt.tx_lock);
4404 
4405 		return -ENOENT;
4406 	}
4407 
4408 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4409 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4410 
4411 	skb_len = skb->len;
4412 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4413 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4414 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4415 
4416 	if (is_mgmt) {
4417 		hdr = (struct ieee80211_hdr *)skb->data;
4418 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4419 
4420 		spin_lock_bh(&ar->htt.tx_lock);
4421 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4422 
4423 		if (ret) {
4424 			ath10k_htt_tx_dec_pending(htt);
4425 			spin_unlock_bh(&ar->htt.tx_lock);
4426 			return ret;
4427 		}
4428 		spin_unlock_bh(&ar->htt.tx_lock);
4429 	}
4430 
4431 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4432 	if (unlikely(ret)) {
4433 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4434 
4435 		spin_lock_bh(&ar->htt.tx_lock);
4436 		ath10k_htt_tx_dec_pending(htt);
4437 		if (is_mgmt)
4438 			ath10k_htt_tx_mgmt_dec_pending(htt);
4439 		spin_unlock_bh(&ar->htt.tx_lock);
4440 
4441 		return ret;
4442 	}
4443 
4444 	spin_lock_bh(&ar->htt.tx_lock);
4445 	artxq->num_fw_queued++;
4446 	spin_unlock_bh(&ar->htt.tx_lock);
4447 
4448 	return skb_len;
4449 }
4450 
4451 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4452 {
4453 	struct ieee80211_txq *txq;
4454 	int ret = 0;
4455 
4456 	ieee80211_txq_schedule_start(hw, ac);
4457 	while ((txq = ieee80211_next_txq(hw, ac))) {
4458 		while (ath10k_mac_tx_can_push(hw, txq)) {
4459 			ret = ath10k_mac_tx_push_txq(hw, txq);
4460 			if (ret < 0)
4461 				break;
4462 		}
4463 		ieee80211_return_txq(hw, txq, false);
4464 		ath10k_htt_tx_txq_update(hw, txq);
4465 		if (ret == -EBUSY)
4466 			break;
4467 	}
4468 	ieee80211_txq_schedule_end(hw, ac);
4469 
4470 	return ret;
4471 }
4472 
4473 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4474 {
4475 	struct ieee80211_hw *hw = ar->hw;
4476 	u32 ac;
4477 
4478 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4479 		return;
4480 
4481 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4482 		return;
4483 
4484 	rcu_read_lock();
4485 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4486 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4487 			break;
4488 	}
4489 	rcu_read_unlock();
4490 }
4491 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4492 
4493 /************/
4494 /* Scanning */
4495 /************/
4496 
4497 void __ath10k_scan_finish(struct ath10k *ar)
4498 {
4499 	lockdep_assert_held(&ar->data_lock);
4500 
4501 	switch (ar->scan.state) {
4502 	case ATH10K_SCAN_IDLE:
4503 		break;
4504 	case ATH10K_SCAN_RUNNING:
4505 	case ATH10K_SCAN_ABORTING:
4506 		if (!ar->scan.is_roc) {
4507 			struct cfg80211_scan_info info = {
4508 				.aborted = (ar->scan.state ==
4509 					    ATH10K_SCAN_ABORTING),
4510 			};
4511 
4512 			ieee80211_scan_completed(ar->hw, &info);
4513 		} else if (ar->scan.roc_notify) {
4514 			ieee80211_remain_on_channel_expired(ar->hw);
4515 		}
4516 		fallthrough;
4517 	case ATH10K_SCAN_STARTING:
4518 		ar->scan.state = ATH10K_SCAN_IDLE;
4519 		ar->scan_channel = NULL;
4520 		ar->scan.roc_freq = 0;
4521 		ath10k_offchan_tx_purge(ar);
4522 		cancel_delayed_work(&ar->scan.timeout);
4523 		complete(&ar->scan.completed);
4524 		break;
4525 	}
4526 }
4527 
4528 void ath10k_scan_finish(struct ath10k *ar)
4529 {
4530 	spin_lock_bh(&ar->data_lock);
4531 	__ath10k_scan_finish(ar);
4532 	spin_unlock_bh(&ar->data_lock);
4533 }
4534 
4535 static int ath10k_scan_stop(struct ath10k *ar)
4536 {
4537 	struct wmi_stop_scan_arg arg = {
4538 		.req_id = 1, /* FIXME */
4539 		.req_type = WMI_SCAN_STOP_ONE,
4540 		.u.scan_id = ATH10K_SCAN_ID,
4541 	};
4542 	int ret;
4543 
4544 	lockdep_assert_held(&ar->conf_mutex);
4545 
4546 	ret = ath10k_wmi_stop_scan(ar, &arg);
4547 	if (ret) {
4548 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4549 		goto out;
4550 	}
4551 
4552 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4553 	if (ret == 0) {
4554 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4555 		ret = -ETIMEDOUT;
4556 	} else if (ret > 0) {
4557 		ret = 0;
4558 	}
4559 
4560 out:
4561 	/* Scan state should be updated upon scan completion but in case
4562 	 * firmware fails to deliver the event (for whatever reason) it is
4563 	 * desired to clean up scan state anyway. Firmware may have just
4564 	 * dropped the scan completion event delivery due to transport pipe
4565 	 * being overflown with data and/or it can recover on its own before
4566 	 * next scan request is submitted.
4567 	 */
4568 	spin_lock_bh(&ar->data_lock);
4569 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4570 		__ath10k_scan_finish(ar);
4571 	spin_unlock_bh(&ar->data_lock);
4572 
4573 	return ret;
4574 }
4575 
4576 static void ath10k_scan_abort(struct ath10k *ar)
4577 {
4578 	int ret;
4579 
4580 	lockdep_assert_held(&ar->conf_mutex);
4581 
4582 	spin_lock_bh(&ar->data_lock);
4583 
4584 	switch (ar->scan.state) {
4585 	case ATH10K_SCAN_IDLE:
4586 		/* This can happen if timeout worker kicked in and called
4587 		 * abortion while scan completion was being processed.
4588 		 */
4589 		break;
4590 	case ATH10K_SCAN_STARTING:
4591 	case ATH10K_SCAN_ABORTING:
4592 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4593 			    ath10k_scan_state_str(ar->scan.state),
4594 			    ar->scan.state);
4595 		break;
4596 	case ATH10K_SCAN_RUNNING:
4597 		ar->scan.state = ATH10K_SCAN_ABORTING;
4598 		spin_unlock_bh(&ar->data_lock);
4599 
4600 		ret = ath10k_scan_stop(ar);
4601 		if (ret)
4602 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4603 
4604 		spin_lock_bh(&ar->data_lock);
4605 		break;
4606 	}
4607 
4608 	spin_unlock_bh(&ar->data_lock);
4609 }
4610 
4611 void ath10k_scan_timeout_work(struct work_struct *work)
4612 {
4613 	struct ath10k *ar = container_of(work, struct ath10k,
4614 					 scan.timeout.work);
4615 
4616 	mutex_lock(&ar->conf_mutex);
4617 	ath10k_scan_abort(ar);
4618 	mutex_unlock(&ar->conf_mutex);
4619 }
4620 
4621 static int ath10k_start_scan(struct ath10k *ar,
4622 			     const struct wmi_start_scan_arg *arg)
4623 {
4624 	int ret;
4625 
4626 	lockdep_assert_held(&ar->conf_mutex);
4627 
4628 	ret = ath10k_wmi_start_scan(ar, arg);
4629 	if (ret)
4630 		return ret;
4631 
4632 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4633 	if (ret == 0) {
4634 		ret = ath10k_scan_stop(ar);
4635 		if (ret)
4636 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4637 
4638 		return -ETIMEDOUT;
4639 	}
4640 
4641 	/* If we failed to start the scan, return error code at
4642 	 * this point.  This is probably due to some issue in the
4643 	 * firmware, but no need to wedge the driver due to that...
4644 	 */
4645 	spin_lock_bh(&ar->data_lock);
4646 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4647 		spin_unlock_bh(&ar->data_lock);
4648 		return -EINVAL;
4649 	}
4650 	spin_unlock_bh(&ar->data_lock);
4651 
4652 	return 0;
4653 }
4654 
4655 /**********************/
4656 /* mac80211 callbacks */
4657 /**********************/
4658 
4659 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4660 			     struct ieee80211_tx_control *control,
4661 			     struct sk_buff *skb)
4662 {
4663 	struct ath10k *ar = hw->priv;
4664 	struct ath10k_htt *htt = &ar->htt;
4665 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4666 	struct ieee80211_vif *vif = info->control.vif;
4667 	struct ieee80211_sta *sta = control->sta;
4668 	struct ieee80211_txq *txq = NULL;
4669 	enum ath10k_hw_txrx_mode txmode;
4670 	enum ath10k_mac_tx_path txpath;
4671 	bool is_htt;
4672 	bool is_mgmt;
4673 	int ret;
4674 	u16 airtime;
4675 
4676 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4677 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4678 
4679 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4680 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4681 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4682 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4683 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4684 
4685 	if (is_htt) {
4686 		bool is_presp = false;
4687 
4688 		spin_lock_bh(&ar->htt.tx_lock);
4689 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)) {
4690 			struct ieee80211_hdr *hdr = (void *)skb->data;
4691 
4692 			is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4693 		}
4694 
4695 		ret = ath10k_htt_tx_inc_pending(htt);
4696 		if (ret) {
4697 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4698 				    ret);
4699 			spin_unlock_bh(&ar->htt.tx_lock);
4700 			ieee80211_free_txskb(ar->hw, skb);
4701 			return;
4702 		}
4703 
4704 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4705 		if (ret) {
4706 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4707 				   ret);
4708 			ath10k_htt_tx_dec_pending(htt);
4709 			spin_unlock_bh(&ar->htt.tx_lock);
4710 			ieee80211_free_txskb(ar->hw, skb);
4711 			return;
4712 		}
4713 		spin_unlock_bh(&ar->htt.tx_lock);
4714 	}
4715 
4716 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4717 	if (ret) {
4718 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4719 		if (is_htt) {
4720 			spin_lock_bh(&ar->htt.tx_lock);
4721 			ath10k_htt_tx_dec_pending(htt);
4722 			if (is_mgmt)
4723 				ath10k_htt_tx_mgmt_dec_pending(htt);
4724 			spin_unlock_bh(&ar->htt.tx_lock);
4725 		}
4726 		return;
4727 	}
4728 }
4729 
4730 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4731 					struct ieee80211_txq *txq)
4732 {
4733 	struct ath10k *ar = hw->priv;
4734 	int ret;
4735 	u8 ac = txq->ac;
4736 
4737 	ath10k_htt_tx_txq_update(hw, txq);
4738 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4739 		return;
4740 
4741 	spin_lock_bh(&ar->queue_lock[ac]);
4742 
4743 	ieee80211_txq_schedule_start(hw, ac);
4744 	txq = ieee80211_next_txq(hw, ac);
4745 	if (!txq)
4746 		goto out;
4747 
4748 	while (ath10k_mac_tx_can_push(hw, txq)) {
4749 		ret = ath10k_mac_tx_push_txq(hw, txq);
4750 		if (ret < 0)
4751 			break;
4752 	}
4753 	ieee80211_return_txq(hw, txq, false);
4754 	ath10k_htt_tx_txq_update(hw, txq);
4755 out:
4756 	ieee80211_txq_schedule_end(hw, ac);
4757 	spin_unlock_bh(&ar->queue_lock[ac]);
4758 }
4759 
4760 /* Must not be called with conf_mutex held as workers can use that also. */
4761 void ath10k_drain_tx(struct ath10k *ar)
4762 {
4763 	lockdep_assert_not_held(&ar->conf_mutex);
4764 
4765 	/* make sure rcu-protected mac80211 tx path itself is drained */
4766 	synchronize_net();
4767 
4768 	ath10k_offchan_tx_purge(ar);
4769 	ath10k_mgmt_over_wmi_tx_purge(ar);
4770 
4771 	cancel_work_sync(&ar->offchan_tx_work);
4772 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4773 }
4774 
4775 void ath10k_halt(struct ath10k *ar)
4776 {
4777 	struct ath10k_vif *arvif;
4778 
4779 	lockdep_assert_held(&ar->conf_mutex);
4780 
4781 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4782 	ar->filter_flags = 0;
4783 	ar->monitor = false;
4784 	ar->monitor_arvif = NULL;
4785 
4786 	if (ar->monitor_started)
4787 		ath10k_monitor_stop(ar);
4788 
4789 	ar->monitor_started = false;
4790 	ar->tx_paused = 0;
4791 
4792 	ath10k_scan_finish(ar);
4793 	ath10k_peer_cleanup_all(ar);
4794 	ath10k_stop_radar_confirmation(ar);
4795 	ath10k_core_stop(ar);
4796 	ath10k_hif_power_down(ar);
4797 
4798 	spin_lock_bh(&ar->data_lock);
4799 	list_for_each_entry(arvif, &ar->arvifs, list)
4800 		ath10k_mac_vif_beacon_cleanup(arvif);
4801 	spin_unlock_bh(&ar->data_lock);
4802 }
4803 
4804 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4805 {
4806 	struct ath10k *ar = hw->priv;
4807 
4808 	mutex_lock(&ar->conf_mutex);
4809 
4810 	*tx_ant = ar->cfg_tx_chainmask;
4811 	*rx_ant = ar->cfg_rx_chainmask;
4812 
4813 	mutex_unlock(&ar->conf_mutex);
4814 
4815 	return 0;
4816 }
4817 
4818 static bool ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4819 {
4820 	/* It is not clear that allowing gaps in chainmask
4821 	 * is helpful.  Probably it will not do what user
4822 	 * is hoping for, so warn in that case.
4823 	 */
4824 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4825 		return true;
4826 
4827 	ath10k_warn(ar, "mac %s antenna chainmask is invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4828 		    dbg, cm);
4829 	return false;
4830 }
4831 
4832 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4833 {
4834 	int nsts = ar->vht_cap_info;
4835 
4836 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4837 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4838 
4839 	/* If firmware does not deliver to host number of space-time
4840 	 * streams supported, assume it support up to 4 BF STS and return
4841 	 * the value for VHT CAP: nsts-1)
4842 	 */
4843 	if (nsts == 0)
4844 		return 3;
4845 
4846 	return nsts;
4847 }
4848 
4849 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4850 {
4851 	int sound_dim = ar->vht_cap_info;
4852 
4853 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4854 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4855 
4856 	/* If the sounding dimension is not advertised by the firmware,
4857 	 * let's use a default value of 1
4858 	 */
4859 	if (sound_dim == 0)
4860 		return 1;
4861 
4862 	return sound_dim;
4863 }
4864 
4865 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4866 {
4867 	struct ieee80211_sta_vht_cap vht_cap = {0};
4868 	struct ath10k_hw_params *hw = &ar->hw_params;
4869 	u16 mcs_map;
4870 	u32 val;
4871 	int i;
4872 
4873 	vht_cap.vht_supported = 1;
4874 	vht_cap.cap = ar->vht_cap_info;
4875 
4876 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4877 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4878 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4879 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4880 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4881 
4882 		vht_cap.cap |= val;
4883 	}
4884 
4885 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4886 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4887 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4888 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4889 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4890 
4891 		vht_cap.cap |= val;
4892 	}
4893 
4894 	mcs_map = 0;
4895 	for (i = 0; i < 8; i++) {
4896 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4897 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4898 		else
4899 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4900 	}
4901 
4902 	if (ar->cfg_tx_chainmask <= 1)
4903 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4904 
4905 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4906 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4907 
4908 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4909 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4910 	 * user-space a clue if that is the case.
4911 	 */
4912 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4913 	    (hw->vht160_mcs_rx_highest != 0 ||
4914 	     hw->vht160_mcs_tx_highest != 0)) {
4915 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4916 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4917 	}
4918 
4919 	return vht_cap;
4920 }
4921 
4922 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4923 {
4924 	int i;
4925 	struct ieee80211_sta_ht_cap ht_cap = {0};
4926 
4927 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4928 		return ht_cap;
4929 
4930 	ht_cap.ht_supported = 1;
4931 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4932 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4933 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4934 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4935 	ht_cap.cap |=
4936 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4937 
4938 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4939 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4940 
4941 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4942 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4943 
4944 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4945 		u32 smps;
4946 
4947 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4948 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4949 
4950 		ht_cap.cap |= smps;
4951 	}
4952 
4953 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4954 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4955 
4956 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4957 		u32 stbc;
4958 
4959 		stbc   = ar->ht_cap_info;
4960 		stbc  &= WMI_HT_CAP_RX_STBC;
4961 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4962 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4963 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4964 
4965 		ht_cap.cap |= stbc;
4966 	}
4967 
4968 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4969 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4970 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4971 
4972 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4973 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4974 
4975 	/* max AMSDU is implicitly taken from vht_cap_info */
4976 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4977 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4978 
4979 	for (i = 0; i < ar->num_rf_chains; i++) {
4980 		if (ar->cfg_rx_chainmask & BIT(i))
4981 			ht_cap.mcs.rx_mask[i] = 0xFF;
4982 	}
4983 
4984 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
4985 
4986 	return ht_cap;
4987 }
4988 
4989 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
4990 {
4991 	struct ieee80211_supported_band *band;
4992 	struct ieee80211_sta_vht_cap vht_cap;
4993 	struct ieee80211_sta_ht_cap ht_cap;
4994 
4995 	ht_cap = ath10k_get_ht_cap(ar);
4996 	vht_cap = ath10k_create_vht_cap(ar);
4997 
4998 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
4999 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
5000 		band->ht_cap = ht_cap;
5001 	}
5002 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
5003 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
5004 		band->ht_cap = ht_cap;
5005 		band->vht_cap = vht_cap;
5006 	}
5007 }
5008 
5009 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
5010 {
5011 	int ret;
5012 	bool is_valid_tx_chain_mask, is_valid_rx_chain_mask;
5013 
5014 	lockdep_assert_held(&ar->conf_mutex);
5015 
5016 	is_valid_tx_chain_mask = ath10k_check_chain_mask(ar, tx_ant, "tx");
5017 	is_valid_rx_chain_mask = ath10k_check_chain_mask(ar, rx_ant, "rx");
5018 
5019 	if (!is_valid_tx_chain_mask || !is_valid_rx_chain_mask)
5020 		return -EINVAL;
5021 
5022 	ar->cfg_tx_chainmask = tx_ant;
5023 	ar->cfg_rx_chainmask = rx_ant;
5024 
5025 	if ((ar->state != ATH10K_STATE_ON) &&
5026 	    (ar->state != ATH10K_STATE_RESTARTED))
5027 		return 0;
5028 
5029 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
5030 					tx_ant);
5031 	if (ret) {
5032 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
5033 			    ret, tx_ant);
5034 		return ret;
5035 	}
5036 
5037 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
5038 					rx_ant);
5039 	if (ret) {
5040 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
5041 			    ret, rx_ant);
5042 		return ret;
5043 	}
5044 
5045 	/* Reload HT/VHT capability */
5046 	ath10k_mac_setup_ht_vht_cap(ar);
5047 
5048 	return 0;
5049 }
5050 
5051 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
5052 {
5053 	struct ath10k *ar = hw->priv;
5054 	int ret;
5055 
5056 	mutex_lock(&ar->conf_mutex);
5057 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
5058 	mutex_unlock(&ar->conf_mutex);
5059 	return ret;
5060 }
5061 
5062 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
5063 				       struct wmi_bb_timing_cfg_arg *bb_timing)
5064 {
5065 	struct device_node *node;
5066 	const char *fem_name;
5067 	int ret;
5068 
5069 	node = ar->dev->of_node;
5070 	if (!node)
5071 		return -ENOENT;
5072 
5073 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
5074 	if (ret)
5075 		return -ENOENT;
5076 
5077 	/*
5078 	 * If external Front End module used in hardware, then default base band timing
5079 	 * parameter cannot be used since they were fine tuned for reference hardware,
5080 	 * so choosing different value suitable for that external FEM.
5081 	 */
5082 	if (!strcmp("microsemi-lx5586", fem_name)) {
5083 		bb_timing->bb_tx_timing = 0x00;
5084 		bb_timing->bb_xpa_timing = 0x0101;
5085 	} else {
5086 		return -ENOENT;
5087 	}
5088 
5089 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
5090 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
5091 	return 0;
5092 }
5093 
5094 static int ath10k_mac_rfkill_config(struct ath10k *ar)
5095 {
5096 	u32 param;
5097 	int ret;
5098 
5099 	if (ar->hw_values->rfkill_pin == 0) {
5100 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
5101 		return -EOPNOTSUPP;
5102 	}
5103 
5104 	ath10k_dbg(ar, ATH10K_DBG_MAC,
5105 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
5106 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
5107 		   ar->hw_values->rfkill_on_level);
5108 
5109 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
5110 			   ar->hw_values->rfkill_on_level) |
5111 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
5112 			   ar->hw_values->rfkill_pin) |
5113 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
5114 			   ar->hw_values->rfkill_cfg);
5115 
5116 	ret = ath10k_wmi_pdev_set_param(ar,
5117 					ar->wmi.pdev_param->rfkill_config,
5118 					param);
5119 	if (ret) {
5120 		ath10k_warn(ar,
5121 			    "failed to set rfkill config 0x%x: %d\n",
5122 			    param, ret);
5123 		return ret;
5124 	}
5125 	return 0;
5126 }
5127 
5128 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
5129 {
5130 	enum wmi_tlv_rfkill_enable_radio param;
5131 	int ret;
5132 
5133 	if (enable)
5134 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
5135 	else
5136 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
5137 
5138 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
5139 
5140 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
5141 					param);
5142 	if (ret) {
5143 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
5144 			    param, ret);
5145 		return ret;
5146 	}
5147 
5148 	return 0;
5149 }
5150 
5151 static int ath10k_start(struct ieee80211_hw *hw)
5152 {
5153 	struct ath10k *ar = hw->priv;
5154 	u32 param;
5155 	int ret = 0;
5156 	struct wmi_bb_timing_cfg_arg bb_timing = {0};
5157 
5158 	/*
5159 	 * This makes sense only when restarting hw. It is harmless to call
5160 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
5161 	 * commands will be submitted while restarting.
5162 	 */
5163 	ath10k_drain_tx(ar);
5164 
5165 	mutex_lock(&ar->conf_mutex);
5166 
5167 	switch (ar->state) {
5168 	case ATH10K_STATE_OFF:
5169 		ar->state = ATH10K_STATE_ON;
5170 		break;
5171 	case ATH10K_STATE_RESTARTING:
5172 		ar->state = ATH10K_STATE_RESTARTED;
5173 		break;
5174 	case ATH10K_STATE_ON:
5175 	case ATH10K_STATE_RESTARTED:
5176 	case ATH10K_STATE_WEDGED:
5177 		WARN_ON(1);
5178 		ret = -EINVAL;
5179 		goto err;
5180 	case ATH10K_STATE_UTF:
5181 		ret = -EBUSY;
5182 		goto err;
5183 	}
5184 
5185 	spin_lock_bh(&ar->data_lock);
5186 
5187 	if (ar->hw_rfkill_on) {
5188 		ar->hw_rfkill_on = false;
5189 		spin_unlock_bh(&ar->data_lock);
5190 		goto err;
5191 	}
5192 
5193 	spin_unlock_bh(&ar->data_lock);
5194 
5195 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
5196 	if (ret) {
5197 		ath10k_err(ar, "Could not init hif: %d\n", ret);
5198 		goto err_off;
5199 	}
5200 
5201 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
5202 				&ar->normal_mode_fw);
5203 	if (ret) {
5204 		ath10k_err(ar, "Could not init core: %d\n", ret);
5205 		goto err_power_down;
5206 	}
5207 
5208 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
5209 		ret = ath10k_mac_rfkill_config(ar);
5210 		if (ret && ret != -EOPNOTSUPP) {
5211 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
5212 			goto err_core_stop;
5213 		}
5214 	}
5215 
5216 	param = ar->wmi.pdev_param->pmf_qos;
5217 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5218 	if (ret) {
5219 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
5220 		goto err_core_stop;
5221 	}
5222 
5223 	param = ar->wmi.pdev_param->dynamic_bw;
5224 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5225 	if (ret) {
5226 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
5227 		goto err_core_stop;
5228 	}
5229 
5230 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
5231 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
5232 		if (ret) {
5233 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
5234 			goto err_core_stop;
5235 		}
5236 	}
5237 
5238 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
5239 		ret = ath10k_wmi_adaptive_qcs(ar, true);
5240 		if (ret) {
5241 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
5242 				    ret);
5243 			goto err_core_stop;
5244 		}
5245 	}
5246 
5247 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
5248 		param = ar->wmi.pdev_param->burst_enable;
5249 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5250 		if (ret) {
5251 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
5252 			goto err_core_stop;
5253 		}
5254 	}
5255 
5256 	param = ar->wmi.pdev_param->idle_ps_config;
5257 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5258 	if (ret && ret != -EOPNOTSUPP) {
5259 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
5260 		goto err_core_stop;
5261 	}
5262 
5263 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
5264 
5265 	/*
5266 	 * By default FW set ARP frames ac to voice (6). In that case ARP
5267 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
5268 	 * which arrives with access category 0 are processed by network stack
5269 	 * and send back with access category 0, but FW changes access category
5270 	 * to 6. Set ARP frames access category to best effort (0) solves
5271 	 * this problem.
5272 	 */
5273 
5274 	param = ar->wmi.pdev_param->arp_ac_override;
5275 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5276 	if (ret) {
5277 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
5278 			    ret);
5279 		goto err_core_stop;
5280 	}
5281 
5282 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
5283 		     ar->running_fw->fw_file.fw_features)) {
5284 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
5285 							  WMI_CCA_DETECT_LEVEL_AUTO,
5286 							  WMI_CCA_DETECT_MARGIN_AUTO);
5287 		if (ret) {
5288 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
5289 				    ret);
5290 			goto err_core_stop;
5291 		}
5292 	}
5293 
5294 	param = ar->wmi.pdev_param->ani_enable;
5295 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5296 	if (ret) {
5297 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
5298 			    ret);
5299 		goto err_core_stop;
5300 	}
5301 
5302 	ar->ani_enabled = true;
5303 
5304 	if (ath10k_peer_stats_enabled(ar)) {
5305 		param = ar->wmi.pdev_param->peer_stats_update_period;
5306 		ret = ath10k_wmi_pdev_set_param(ar, param,
5307 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
5308 		if (ret) {
5309 			ath10k_warn(ar,
5310 				    "failed to set peer stats period : %d\n",
5311 				    ret);
5312 			goto err_core_stop;
5313 		}
5314 	}
5315 
5316 	param = ar->wmi.pdev_param->enable_btcoex;
5317 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
5318 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
5319 		     ar->running_fw->fw_file.fw_features) &&
5320 	    ar->coex_support) {
5321 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5322 		if (ret) {
5323 			ath10k_warn(ar,
5324 				    "failed to set btcoex param: %d\n", ret);
5325 			goto err_core_stop;
5326 		}
5327 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
5328 	}
5329 
5330 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
5331 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
5332 		if (!ret) {
5333 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
5334 			if (ret) {
5335 				ath10k_warn(ar,
5336 					    "failed to set bb timings: %d\n",
5337 					    ret);
5338 				goto err_core_stop;
5339 			}
5340 		}
5341 	}
5342 
5343 	ar->num_started_vdevs = 0;
5344 	ath10k_regd_update(ar);
5345 
5346 	ath10k_spectral_start(ar);
5347 	ath10k_thermal_set_throttling(ar);
5348 
5349 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5350 
5351 	mutex_unlock(&ar->conf_mutex);
5352 	return 0;
5353 
5354 err_core_stop:
5355 	ath10k_core_stop(ar);
5356 
5357 err_power_down:
5358 	ath10k_hif_power_down(ar);
5359 
5360 err_off:
5361 	ar->state = ATH10K_STATE_OFF;
5362 
5363 err:
5364 	mutex_unlock(&ar->conf_mutex);
5365 	return ret;
5366 }
5367 
5368 static void ath10k_stop(struct ieee80211_hw *hw)
5369 {
5370 	struct ath10k *ar = hw->priv;
5371 	u32 opt;
5372 
5373 	ath10k_drain_tx(ar);
5374 
5375 	mutex_lock(&ar->conf_mutex);
5376 	if (ar->state != ATH10K_STATE_OFF) {
5377 		if (!ar->hw_rfkill_on) {
5378 			/* If the current driver state is RESTARTING but not yet
5379 			 * fully RESTARTED because of incoming suspend event,
5380 			 * then ath10k_halt() is already called via
5381 			 * ath10k_core_restart() and should not be called here.
5382 			 */
5383 			if (ar->state != ATH10K_STATE_RESTARTING) {
5384 				ath10k_halt(ar);
5385 			} else {
5386 				/* Suspending here, because when in RESTARTING
5387 				 * state, ath10k_core_stop() skips
5388 				 * ath10k_wait_for_suspend().
5389 				 */
5390 				opt = WMI_PDEV_SUSPEND_AND_DISABLE_INTR;
5391 				ath10k_wait_for_suspend(ar, opt);
5392 			}
5393 		}
5394 		ar->state = ATH10K_STATE_OFF;
5395 	}
5396 	mutex_unlock(&ar->conf_mutex);
5397 
5398 	cancel_work_sync(&ar->set_coverage_class_work);
5399 	cancel_delayed_work_sync(&ar->scan.timeout);
5400 	cancel_work_sync(&ar->restart_work);
5401 }
5402 
5403 static int ath10k_config_ps(struct ath10k *ar)
5404 {
5405 	struct ath10k_vif *arvif;
5406 	int ret = 0;
5407 
5408 	lockdep_assert_held(&ar->conf_mutex);
5409 
5410 	list_for_each_entry(arvif, &ar->arvifs, list) {
5411 		ret = ath10k_mac_vif_setup_ps(arvif);
5412 		if (ret) {
5413 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5414 			break;
5415 		}
5416 	}
5417 
5418 	return ret;
5419 }
5420 
5421 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
5422 {
5423 	struct ath10k *ar = hw->priv;
5424 	struct ieee80211_conf *conf = &hw->conf;
5425 	int ret = 0;
5426 
5427 	mutex_lock(&ar->conf_mutex);
5428 
5429 	if (changed & IEEE80211_CONF_CHANGE_PS)
5430 		ath10k_config_ps(ar);
5431 
5432 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5433 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5434 		ret = ath10k_monitor_recalc(ar);
5435 		if (ret)
5436 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5437 	}
5438 
5439 	mutex_unlock(&ar->conf_mutex);
5440 	return ret;
5441 }
5442 
5443 static u32 get_nss_from_chainmask(u16 chain_mask)
5444 {
5445 	if ((chain_mask & 0xf) == 0xf)
5446 		return 4;
5447 	else if ((chain_mask & 0x7) == 0x7)
5448 		return 3;
5449 	else if ((chain_mask & 0x3) == 0x3)
5450 		return 2;
5451 	return 1;
5452 }
5453 
5454 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5455 {
5456 	u32 value = 0;
5457 	struct ath10k *ar = arvif->ar;
5458 	int nsts;
5459 	int sound_dim;
5460 
5461 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5462 		return 0;
5463 
5464 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5465 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5466 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5467 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5468 
5469 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5470 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5471 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5472 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5473 
5474 	if (!value)
5475 		return 0;
5476 
5477 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5478 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5479 
5480 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5481 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5482 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5483 
5484 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5485 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5486 
5487 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5488 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5489 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5490 
5491 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5492 					 ar->wmi.vdev_param->txbf, value);
5493 }
5494 
5495 static void ath10k_update_vif_offload(struct ieee80211_hw *hw,
5496 				      struct ieee80211_vif *vif)
5497 {
5498 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5499 	struct ath10k *ar = hw->priv;
5500 	u32 vdev_param;
5501 	int ret;
5502 
5503 	if (ath10k_frame_mode != ATH10K_HW_TXRX_ETHERNET ||
5504 	    ar->wmi.vdev_param->tx_encap_type == WMI_VDEV_PARAM_UNSUPPORTED ||
5505 	     (vif->type != NL80211_IFTYPE_STATION &&
5506 	      vif->type != NL80211_IFTYPE_AP))
5507 		vif->offload_flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
5508 
5509 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5510 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5511 					ATH10K_HW_TXRX_NATIVE_WIFI);
5512 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5513 	if (ret && ret != -EOPNOTSUPP) {
5514 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5515 			    arvif->vdev_id, ret);
5516 	}
5517 }
5518 
5519 /*
5520  * TODO:
5521  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5522  * because we will send mgmt frames without CCK. This requirement
5523  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5524  * in the TX packet.
5525  */
5526 static int ath10k_add_interface(struct ieee80211_hw *hw,
5527 				struct ieee80211_vif *vif)
5528 {
5529 	struct ath10k *ar = hw->priv;
5530 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5531 	struct ath10k_peer *peer;
5532 	enum wmi_sta_powersave_param param;
5533 	int ret = 0;
5534 	u32 value;
5535 	int bit;
5536 	int i;
5537 	u32 vdev_param;
5538 
5539 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5540 
5541 	mutex_lock(&ar->conf_mutex);
5542 
5543 	memset(arvif, 0, sizeof(*arvif));
5544 	ath10k_mac_txq_init(vif->txq);
5545 
5546 	arvif->ar = ar;
5547 	arvif->vif = vif;
5548 
5549 	INIT_LIST_HEAD(&arvif->list);
5550 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5551 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5552 			  ath10k_mac_vif_sta_connection_loss_work);
5553 
5554 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5555 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5556 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5557 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5558 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5559 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5560 	}
5561 
5562 	if (ar->num_peers >= ar->max_num_peers) {
5563 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5564 		ret = -ENOBUFS;
5565 		goto err;
5566 	}
5567 
5568 	if (ar->free_vdev_map == 0) {
5569 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5570 		ret = -EBUSY;
5571 		goto err;
5572 	}
5573 	bit = __ffs64(ar->free_vdev_map);
5574 
5575 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5576 		   bit, ar->free_vdev_map);
5577 
5578 	arvif->vdev_id = bit;
5579 	arvif->vdev_subtype =
5580 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5581 
5582 	switch (vif->type) {
5583 	case NL80211_IFTYPE_P2P_DEVICE:
5584 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5585 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5586 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5587 		break;
5588 	case NL80211_IFTYPE_UNSPECIFIED:
5589 	case NL80211_IFTYPE_STATION:
5590 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5591 		if (vif->p2p)
5592 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5593 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5594 		break;
5595 	case NL80211_IFTYPE_ADHOC:
5596 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5597 		break;
5598 	case NL80211_IFTYPE_MESH_POINT:
5599 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5600 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5601 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5602 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5603 			ret = -EINVAL;
5604 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5605 			goto err;
5606 		}
5607 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5608 		break;
5609 	case NL80211_IFTYPE_AP:
5610 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5611 
5612 		if (vif->p2p)
5613 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5614 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5615 		break;
5616 	case NL80211_IFTYPE_MONITOR:
5617 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5618 		break;
5619 	default:
5620 		WARN_ON(1);
5621 		break;
5622 	}
5623 
5624 	/* Using vdev_id as queue number will make it very easy to do per-vif
5625 	 * tx queue locking. This shouldn't wrap due to interface combinations
5626 	 * but do a modulo for correctness sake and prevent using offchannel tx
5627 	 * queues for regular vif tx.
5628 	 */
5629 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5630 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5631 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5632 
5633 	/* Some firmware revisions don't wait for beacon tx completion before
5634 	 * sending another SWBA event. This could lead to hardware using old
5635 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5636 	 * combined with missed TBTT. This is very rare.
5637 	 *
5638 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5639 	 * because hw could beacon some random data on the air.  On
5640 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5641 	 * device would crash.
5642 	 *
5643 	 * Since there are no beacon tx completions (implicit nor explicit)
5644 	 * propagated to host the only workaround for this is to allocate a
5645 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5646 	 * beacon tx commands. Worst case for this approach is some beacons may
5647 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5648 	 */
5649 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5650 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5651 	    vif->type == NL80211_IFTYPE_AP) {
5652 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
5653 			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
5654 						    GFP_KERNEL);
5655 
5656 			/* Using a kernel pointer in place of a dma_addr_t
5657 			 * token can lead to undefined behavior if that
5658 			 * makes it into cache management functions. Use a
5659 			 * known-invalid address token instead, which
5660 			 * avoids the warning and makes it easier to catch
5661 			 * bugs if it does end up getting used.
5662 			 */
5663 			arvif->beacon_paddr = DMA_MAPPING_ERROR;
5664 		} else {
5665 			arvif->beacon_buf =
5666 				dma_alloc_coherent(ar->dev,
5667 						   IEEE80211_MAX_FRAME_LEN,
5668 						   &arvif->beacon_paddr,
5669 						   GFP_ATOMIC);
5670 		}
5671 		if (!arvif->beacon_buf) {
5672 			ret = -ENOMEM;
5673 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5674 				    ret);
5675 			goto err;
5676 		}
5677 	}
5678 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5679 		arvif->nohwcrypt = true;
5680 
5681 	if (arvif->nohwcrypt &&
5682 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5683 		ret = -EINVAL;
5684 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5685 		goto err;
5686 	}
5687 
5688 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5689 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5690 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5691 
5692 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5693 				     arvif->vdev_subtype, vif->addr);
5694 	if (ret) {
5695 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5696 			    arvif->vdev_id, ret);
5697 		goto err;
5698 	}
5699 
5700 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5701 		     ar->wmi.svc_map)) {
5702 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5703 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5704 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5705 		if (ret && ret != -EOPNOTSUPP) {
5706 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5707 				    arvif->vdev_id, ret);
5708 		}
5709 	}
5710 
5711 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5712 	spin_lock_bh(&ar->data_lock);
5713 	list_add(&arvif->list, &ar->arvifs);
5714 	spin_unlock_bh(&ar->data_lock);
5715 
5716 	/* It makes no sense to have firmware do keepalives. mac80211 already
5717 	 * takes care of this with idle connection polling.
5718 	 */
5719 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5720 	if (ret) {
5721 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5722 			    arvif->vdev_id, ret);
5723 		goto err_vdev_delete;
5724 	}
5725 
5726 	arvif->def_wep_key_idx = -1;
5727 
5728 	ath10k_update_vif_offload(hw, vif);
5729 
5730 	/* Configuring number of spatial stream for monitor interface is causing
5731 	 * target assert in qca9888 and qca6174.
5732 	 */
5733 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5734 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5735 
5736 		vdev_param = ar->wmi.vdev_param->nss;
5737 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5738 						nss);
5739 		if (ret) {
5740 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5741 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5742 				    ret);
5743 			goto err_vdev_delete;
5744 		}
5745 	}
5746 
5747 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5748 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5749 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5750 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5751 		if (ret) {
5752 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5753 				    arvif->vdev_id, ret);
5754 			goto err_vdev_delete;
5755 		}
5756 
5757 		spin_lock_bh(&ar->data_lock);
5758 
5759 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5760 		if (!peer) {
5761 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5762 				    vif->addr, arvif->vdev_id);
5763 			spin_unlock_bh(&ar->data_lock);
5764 			ret = -ENOENT;
5765 			goto err_peer_delete;
5766 		}
5767 
5768 		arvif->peer_id = find_first_bit(peer->peer_ids,
5769 						ATH10K_MAX_NUM_PEER_IDS);
5770 
5771 		spin_unlock_bh(&ar->data_lock);
5772 	} else {
5773 		arvif->peer_id = HTT_INVALID_PEERID;
5774 	}
5775 
5776 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5777 		ret = ath10k_mac_set_kickout(arvif);
5778 		if (ret) {
5779 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5780 				    arvif->vdev_id, ret);
5781 			goto err_peer_delete;
5782 		}
5783 	}
5784 
5785 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5786 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5787 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5788 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5789 						  param, value);
5790 		if (ret) {
5791 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5792 				    arvif->vdev_id, ret);
5793 			goto err_peer_delete;
5794 		}
5795 
5796 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5797 		if (ret) {
5798 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5799 				    arvif->vdev_id, ret);
5800 			goto err_peer_delete;
5801 		}
5802 
5803 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5804 		if (ret) {
5805 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5806 				    arvif->vdev_id, ret);
5807 			goto err_peer_delete;
5808 		}
5809 	}
5810 
5811 	ret = ath10k_mac_set_txbf_conf(arvif);
5812 	if (ret) {
5813 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5814 			    arvif->vdev_id, ret);
5815 		goto err_peer_delete;
5816 	}
5817 
5818 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5819 	if (ret) {
5820 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5821 			    arvif->vdev_id, ret);
5822 		goto err_peer_delete;
5823 	}
5824 
5825 	arvif->txpower = vif->bss_conf.txpower;
5826 	ret = ath10k_mac_txpower_recalc(ar);
5827 	if (ret) {
5828 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5829 		goto err_peer_delete;
5830 	}
5831 
5832 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5833 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5834 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5835 						arvif->ftm_responder);
5836 
5837 		/* It is harmless to not set FTM role. Do not warn */
5838 		if (ret && ret != -EOPNOTSUPP)
5839 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5840 				    arvif->vdev_id, ret);
5841 	}
5842 
5843 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5844 		ar->monitor_arvif = arvif;
5845 		ret = ath10k_monitor_recalc(ar);
5846 		if (ret) {
5847 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5848 			goto err_peer_delete;
5849 		}
5850 	}
5851 
5852 	spin_lock_bh(&ar->htt.tx_lock);
5853 	if (!ar->tx_paused)
5854 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5855 	spin_unlock_bh(&ar->htt.tx_lock);
5856 
5857 	mutex_unlock(&ar->conf_mutex);
5858 	return 0;
5859 
5860 err_peer_delete:
5861 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5862 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5863 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5864 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5865 						 vif->addr);
5866 	}
5867 
5868 err_vdev_delete:
5869 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5870 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5871 	spin_lock_bh(&ar->data_lock);
5872 	list_del(&arvif->list);
5873 	spin_unlock_bh(&ar->data_lock);
5874 
5875 err:
5876 	if (arvif->beacon_buf) {
5877 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
5878 			kfree(arvif->beacon_buf);
5879 		else
5880 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5881 					  arvif->beacon_buf,
5882 					  arvif->beacon_paddr);
5883 		arvif->beacon_buf = NULL;
5884 	}
5885 
5886 	mutex_unlock(&ar->conf_mutex);
5887 
5888 	return ret;
5889 }
5890 
5891 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5892 {
5893 	int i;
5894 
5895 	for (i = 0; i < BITS_PER_LONG; i++)
5896 		ath10k_mac_vif_tx_unlock(arvif, i);
5897 }
5898 
5899 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5900 				    struct ieee80211_vif *vif)
5901 {
5902 	struct ath10k *ar = hw->priv;
5903 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5904 	struct ath10k_peer *peer;
5905 	unsigned long time_left;
5906 	int ret;
5907 	int i;
5908 
5909 	cancel_work_sync(&arvif->ap_csa_work);
5910 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5911 
5912 	mutex_lock(&ar->conf_mutex);
5913 
5914 	ret = ath10k_spectral_vif_stop(arvif);
5915 	if (ret)
5916 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5917 			    arvif->vdev_id, ret);
5918 
5919 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5920 	spin_lock_bh(&ar->data_lock);
5921 	list_del(&arvif->list);
5922 	spin_unlock_bh(&ar->data_lock);
5923 
5924 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5925 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5926 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5927 					     vif->addr);
5928 		if (ret)
5929 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5930 				    arvif->vdev_id, ret);
5931 
5932 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5933 						 vif->addr);
5934 		kfree(arvif->u.ap.noa_data);
5935 	}
5936 
5937 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5938 		   arvif->vdev_id);
5939 
5940 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5941 	if (ret)
5942 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5943 			    arvif->vdev_id, ret);
5944 
5945 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
5946 		time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
5947 							ATH10K_VDEV_DELETE_TIMEOUT_HZ);
5948 		if (time_left == 0) {
5949 			ath10k_warn(ar, "Timeout in receiving vdev delete response\n");
5950 			goto out;
5951 		}
5952 	}
5953 
5954 	/* Some firmware revisions don't notify host about self-peer removal
5955 	 * until after associated vdev is deleted.
5956 	 */
5957 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5958 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5959 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5960 						   vif->addr);
5961 		if (ret)
5962 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5963 				    arvif->vdev_id, ret);
5964 
5965 		spin_lock_bh(&ar->data_lock);
5966 		ar->num_peers--;
5967 		spin_unlock_bh(&ar->data_lock);
5968 	}
5969 
5970 	spin_lock_bh(&ar->data_lock);
5971 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5972 		peer = ar->peer_map[i];
5973 		if (!peer)
5974 			continue;
5975 
5976 		if (peer->vif == vif) {
5977 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5978 				    vif->addr, arvif->vdev_id);
5979 			peer->vif = NULL;
5980 		}
5981 	}
5982 
5983 	/* Clean this up late, less opportunity for firmware to access
5984 	 * DMA memory we have deleted.
5985 	 */
5986 	ath10k_mac_vif_beacon_cleanup(arvif);
5987 	spin_unlock_bh(&ar->data_lock);
5988 
5989 	ath10k_peer_cleanup(ar, arvif->vdev_id);
5990 	ath10k_mac_txq_unref(ar, vif->txq);
5991 
5992 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5993 		ar->monitor_arvif = NULL;
5994 		ret = ath10k_monitor_recalc(ar);
5995 		if (ret)
5996 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5997 	}
5998 
5999 	ret = ath10k_mac_txpower_recalc(ar);
6000 	if (ret)
6001 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6002 
6003 	spin_lock_bh(&ar->htt.tx_lock);
6004 	ath10k_mac_vif_tx_unlock_all(arvif);
6005 	spin_unlock_bh(&ar->htt.tx_lock);
6006 
6007 	ath10k_mac_txq_unref(ar, vif->txq);
6008 
6009 out:
6010 	mutex_unlock(&ar->conf_mutex);
6011 }
6012 
6013 /*
6014  * FIXME: Has to be verified.
6015  */
6016 #define SUPPORTED_FILTERS			\
6017 	(FIF_ALLMULTI |				\
6018 	FIF_CONTROL |				\
6019 	FIF_PSPOLL |				\
6020 	FIF_OTHER_BSS |				\
6021 	FIF_BCN_PRBRESP_PROMISC |		\
6022 	FIF_PROBE_REQ |				\
6023 	FIF_FCSFAIL)
6024 
6025 static void ath10k_configure_filter(struct ieee80211_hw *hw,
6026 				    unsigned int changed_flags,
6027 				    unsigned int *total_flags,
6028 				    u64 multicast)
6029 {
6030 	struct ath10k *ar = hw->priv;
6031 	int ret;
6032 
6033 	mutex_lock(&ar->conf_mutex);
6034 
6035 	*total_flags &= SUPPORTED_FILTERS;
6036 	ar->filter_flags = *total_flags;
6037 
6038 	ret = ath10k_monitor_recalc(ar);
6039 	if (ret)
6040 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
6041 
6042 	mutex_unlock(&ar->conf_mutex);
6043 }
6044 
6045 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
6046 					 struct ieee80211_vif *vif,
6047 					 struct cfg80211_chan_def *def)
6048 {
6049 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6050 	const struct ieee80211_supported_band *sband;
6051 	u8 basic_rate_idx;
6052 	int hw_rate_code;
6053 	u32 vdev_param;
6054 	u16 bitrate;
6055 	int ret;
6056 
6057 	lockdep_assert_held(&ar->conf_mutex);
6058 
6059 	sband = ar->hw->wiphy->bands[def->chan->band];
6060 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
6061 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
6062 
6063 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
6064 	if (hw_rate_code < 0) {
6065 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
6066 		return;
6067 	}
6068 
6069 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
6070 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6071 					hw_rate_code);
6072 	if (ret)
6073 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
6074 }
6075 
6076 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
6077 				    struct ieee80211_vif *vif,
6078 				    struct ieee80211_bss_conf *info,
6079 				    u64 changed)
6080 {
6081 	struct ath10k *ar = hw->priv;
6082 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6083 	struct cfg80211_chan_def def;
6084 	u32 vdev_param, pdev_param, slottime, preamble;
6085 	u16 bitrate, hw_value;
6086 	u8 rate, rateidx;
6087 	int ret = 0, mcast_rate;
6088 	enum nl80211_band band;
6089 
6090 	mutex_lock(&ar->conf_mutex);
6091 
6092 	if (changed & BSS_CHANGED_IBSS)
6093 		ath10k_control_ibss(arvif, vif);
6094 
6095 	if (changed & BSS_CHANGED_BEACON_INT) {
6096 		arvif->beacon_interval = info->beacon_int;
6097 		vdev_param = ar->wmi.vdev_param->beacon_interval;
6098 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6099 						arvif->beacon_interval);
6100 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6101 			   "mac vdev %d beacon_interval %d\n",
6102 			   arvif->vdev_id, arvif->beacon_interval);
6103 
6104 		if (ret)
6105 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
6106 				    arvif->vdev_id, ret);
6107 	}
6108 
6109 	if (changed & BSS_CHANGED_BEACON) {
6110 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6111 			   "vdev %d set beacon tx mode to staggered\n",
6112 			   arvif->vdev_id);
6113 
6114 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
6115 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
6116 						WMI_BEACON_STAGGERED_MODE);
6117 		if (ret)
6118 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
6119 				    arvif->vdev_id, ret);
6120 
6121 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
6122 		if (ret)
6123 			ath10k_warn(ar, "failed to update beacon template: %d\n",
6124 				    ret);
6125 
6126 		if (ieee80211_vif_is_mesh(vif)) {
6127 			/* mesh doesn't use SSID but firmware needs it */
6128 			strncpy(arvif->u.ap.ssid, "mesh",
6129 				sizeof(arvif->u.ap.ssid));
6130 			arvif->u.ap.ssid_len = 4;
6131 		}
6132 	}
6133 
6134 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
6135 		ret = ath10k_mac_setup_prb_tmpl(arvif);
6136 		if (ret)
6137 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
6138 				    arvif->vdev_id, ret);
6139 	}
6140 
6141 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
6142 		arvif->dtim_period = info->dtim_period;
6143 
6144 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6145 			   "mac vdev %d dtim_period %d\n",
6146 			   arvif->vdev_id, arvif->dtim_period);
6147 
6148 		vdev_param = ar->wmi.vdev_param->dtim_period;
6149 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6150 						arvif->dtim_period);
6151 		if (ret)
6152 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
6153 				    arvif->vdev_id, ret);
6154 	}
6155 
6156 	if (changed & BSS_CHANGED_SSID &&
6157 	    vif->type == NL80211_IFTYPE_AP) {
6158 		arvif->u.ap.ssid_len = vif->cfg.ssid_len;
6159 		if (vif->cfg.ssid_len)
6160 			memcpy(arvif->u.ap.ssid, vif->cfg.ssid,
6161 			       vif->cfg.ssid_len);
6162 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
6163 	}
6164 
6165 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
6166 		ether_addr_copy(arvif->bssid, info->bssid);
6167 
6168 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
6169 	    arvif->ftm_responder != info->ftm_responder &&
6170 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
6171 		arvif->ftm_responder = info->ftm_responder;
6172 
6173 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
6174 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6175 						arvif->ftm_responder);
6176 
6177 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6178 			   "mac vdev %d ftm_responder %d:ret %d\n",
6179 			   arvif->vdev_id, arvif->ftm_responder, ret);
6180 	}
6181 
6182 	if (changed & BSS_CHANGED_BEACON_ENABLED)
6183 		ath10k_control_beaconing(arvif, info);
6184 
6185 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
6186 		arvif->use_cts_prot = info->use_cts_prot;
6187 
6188 		ret = ath10k_recalc_rtscts_prot(arvif);
6189 		if (ret)
6190 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
6191 				    arvif->vdev_id, ret);
6192 
6193 		if (ath10k_mac_can_set_cts_prot(arvif)) {
6194 			ret = ath10k_mac_set_cts_prot(arvif);
6195 			if (ret)
6196 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
6197 					    arvif->vdev_id, ret);
6198 		}
6199 	}
6200 
6201 	if (changed & BSS_CHANGED_ERP_SLOT) {
6202 		if (info->use_short_slot)
6203 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
6204 
6205 		else
6206 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
6207 
6208 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
6209 			   arvif->vdev_id, slottime);
6210 
6211 		vdev_param = ar->wmi.vdev_param->slot_time;
6212 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6213 						slottime);
6214 		if (ret)
6215 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
6216 				    arvif->vdev_id, ret);
6217 	}
6218 
6219 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
6220 		if (info->use_short_preamble)
6221 			preamble = WMI_VDEV_PREAMBLE_SHORT;
6222 		else
6223 			preamble = WMI_VDEV_PREAMBLE_LONG;
6224 
6225 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6226 			   "mac vdev %d preamble %dn",
6227 			   arvif->vdev_id, preamble);
6228 
6229 		vdev_param = ar->wmi.vdev_param->preamble;
6230 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6231 						preamble);
6232 		if (ret)
6233 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
6234 				    arvif->vdev_id, ret);
6235 	}
6236 
6237 	if (changed & BSS_CHANGED_ASSOC) {
6238 		if (vif->cfg.assoc) {
6239 			/* Workaround: Make sure monitor vdev is not running
6240 			 * when associating to prevent some firmware revisions
6241 			 * (e.g. 10.1 and 10.2) from crashing.
6242 			 */
6243 			if (ar->monitor_started)
6244 				ath10k_monitor_stop(ar);
6245 			ath10k_bss_assoc(hw, vif, info);
6246 			ath10k_monitor_recalc(ar);
6247 		} else {
6248 			ath10k_bss_disassoc(hw, vif);
6249 		}
6250 	}
6251 
6252 	if (changed & BSS_CHANGED_TXPOWER) {
6253 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
6254 			   arvif->vdev_id, info->txpower);
6255 
6256 		arvif->txpower = info->txpower;
6257 		ret = ath10k_mac_txpower_recalc(ar);
6258 		if (ret)
6259 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6260 	}
6261 
6262 	if (changed & BSS_CHANGED_PS) {
6263 		arvif->ps = vif->cfg.ps;
6264 
6265 		ret = ath10k_config_ps(ar);
6266 		if (ret)
6267 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
6268 				    arvif->vdev_id, ret);
6269 	}
6270 
6271 	if (changed & BSS_CHANGED_MCAST_RATE &&
6272 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
6273 		band = def.chan->band;
6274 		mcast_rate = vif->bss_conf.mcast_rate[band];
6275 		if (mcast_rate > 0)
6276 			rateidx = mcast_rate - 1;
6277 		else
6278 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
6279 
6280 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6281 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6282 
6283 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
6284 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
6285 		if (ath10k_mac_bitrate_is_cck(bitrate))
6286 			preamble = WMI_RATE_PREAMBLE_CCK;
6287 		else
6288 			preamble = WMI_RATE_PREAMBLE_OFDM;
6289 
6290 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
6291 
6292 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6293 			   "mac vdev %d mcast_rate %x\n",
6294 			   arvif->vdev_id, rate);
6295 
6296 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
6297 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6298 						vdev_param, rate);
6299 		if (ret)
6300 			ath10k_warn(ar,
6301 				    "failed to set mcast rate on vdev %i: %d\n",
6302 				    arvif->vdev_id,  ret);
6303 
6304 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
6305 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6306 						vdev_param, rate);
6307 		if (ret)
6308 			ath10k_warn(ar,
6309 				    "failed to set bcast rate on vdev %i: %d\n",
6310 				    arvif->vdev_id,  ret);
6311 	}
6312 
6313 	if (changed & BSS_CHANGED_BASIC_RATES &&
6314 	    !ath10k_mac_vif_chan(arvif->vif, &def))
6315 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
6316 
6317 	mutex_unlock(&ar->conf_mutex);
6318 }
6319 
6320 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
6321 {
6322 	struct ath10k *ar = hw->priv;
6323 
6324 	/* This function should never be called if setting the coverage class
6325 	 * is not supported on this hardware.
6326 	 */
6327 	if (!ar->hw_params.hw_ops->set_coverage_class) {
6328 		WARN_ON_ONCE(1);
6329 		return;
6330 	}
6331 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
6332 }
6333 
6334 struct ath10k_mac_tdls_iter_data {
6335 	u32 num_tdls_stations;
6336 	struct ieee80211_vif *curr_vif;
6337 };
6338 
6339 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6340 						    struct ieee80211_sta *sta)
6341 {
6342 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6343 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6344 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6345 
6346 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6347 		iter_data->num_tdls_stations++;
6348 }
6349 
6350 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6351 					      struct ieee80211_vif *vif)
6352 {
6353 	struct ath10k_mac_tdls_iter_data data = {};
6354 
6355 	data.curr_vif = vif;
6356 
6357 	ieee80211_iterate_stations_atomic(hw,
6358 					  ath10k_mac_tdls_vif_stations_count_iter,
6359 					  &data);
6360 	return data.num_tdls_stations;
6361 }
6362 
6363 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6364 			  struct ieee80211_vif *vif,
6365 			  struct ieee80211_scan_request *hw_req)
6366 {
6367 	struct ath10k *ar = hw->priv;
6368 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6369 	struct cfg80211_scan_request *req = &hw_req->req;
6370 	struct wmi_start_scan_arg arg;
6371 	int ret = 0;
6372 	int i;
6373 	u32 scan_timeout;
6374 
6375 	mutex_lock(&ar->conf_mutex);
6376 
6377 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6378 		ret = -EBUSY;
6379 		goto exit;
6380 	}
6381 
6382 	spin_lock_bh(&ar->data_lock);
6383 	switch (ar->scan.state) {
6384 	case ATH10K_SCAN_IDLE:
6385 		reinit_completion(&ar->scan.started);
6386 		reinit_completion(&ar->scan.completed);
6387 		ar->scan.state = ATH10K_SCAN_STARTING;
6388 		ar->scan.is_roc = false;
6389 		ar->scan.vdev_id = arvif->vdev_id;
6390 		ret = 0;
6391 		break;
6392 	case ATH10K_SCAN_STARTING:
6393 	case ATH10K_SCAN_RUNNING:
6394 	case ATH10K_SCAN_ABORTING:
6395 		ret = -EBUSY;
6396 		break;
6397 	}
6398 	spin_unlock_bh(&ar->data_lock);
6399 
6400 	if (ret)
6401 		goto exit;
6402 
6403 	memset(&arg, 0, sizeof(arg));
6404 	ath10k_wmi_start_scan_init(ar, &arg);
6405 	arg.vdev_id = arvif->vdev_id;
6406 	arg.scan_id = ATH10K_SCAN_ID;
6407 
6408 	if (req->ie_len) {
6409 		arg.ie_len = req->ie_len;
6410 		memcpy(arg.ie, req->ie, arg.ie_len);
6411 	}
6412 
6413 	if (req->n_ssids) {
6414 		arg.n_ssids = req->n_ssids;
6415 		for (i = 0; i < arg.n_ssids; i++) {
6416 			arg.ssids[i].len  = req->ssids[i].ssid_len;
6417 			arg.ssids[i].ssid = req->ssids[i].ssid;
6418 		}
6419 	} else {
6420 		arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6421 	}
6422 
6423 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6424 		arg.scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6425 		ether_addr_copy(arg.mac_addr.addr, req->mac_addr);
6426 		ether_addr_copy(arg.mac_mask.addr, req->mac_addr_mask);
6427 	}
6428 
6429 	if (req->n_channels) {
6430 		arg.n_channels = req->n_channels;
6431 		for (i = 0; i < arg.n_channels; i++)
6432 			arg.channels[i] = req->channels[i]->center_freq;
6433 	}
6434 
6435 	/* if duration is set, default dwell times will be overwritten */
6436 	if (req->duration) {
6437 		arg.dwell_time_active = req->duration;
6438 		arg.dwell_time_passive = req->duration;
6439 		arg.burst_duration_ms = req->duration;
6440 
6441 		scan_timeout = min_t(u32, arg.max_rest_time *
6442 				(arg.n_channels - 1) + (req->duration +
6443 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6444 				arg.n_channels, arg.max_scan_time);
6445 	} else {
6446 		scan_timeout = arg.max_scan_time;
6447 	}
6448 
6449 	/* Add a 200ms margin to account for event/command processing */
6450 	scan_timeout += 200;
6451 
6452 	ret = ath10k_start_scan(ar, &arg);
6453 	if (ret) {
6454 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6455 		spin_lock_bh(&ar->data_lock);
6456 		ar->scan.state = ATH10K_SCAN_IDLE;
6457 		spin_unlock_bh(&ar->data_lock);
6458 	}
6459 
6460 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6461 				     msecs_to_jiffies(scan_timeout));
6462 
6463 exit:
6464 	mutex_unlock(&ar->conf_mutex);
6465 	return ret;
6466 }
6467 
6468 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6469 				  struct ieee80211_vif *vif)
6470 {
6471 	struct ath10k *ar = hw->priv;
6472 
6473 	mutex_lock(&ar->conf_mutex);
6474 	ath10k_scan_abort(ar);
6475 	mutex_unlock(&ar->conf_mutex);
6476 
6477 	cancel_delayed_work_sync(&ar->scan.timeout);
6478 }
6479 
6480 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6481 					struct ath10k_vif *arvif,
6482 					enum set_key_cmd cmd,
6483 					struct ieee80211_key_conf *key)
6484 {
6485 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6486 	int ret;
6487 
6488 	/* 10.1 firmware branch requires default key index to be set to group
6489 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6490 	 * frames with multi-vif APs. This is not required for main firmware
6491 	 * branch (e.g. 636).
6492 	 *
6493 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6494 	 *
6495 	 * FIXME: It remains unknown if this is required for multi-vif STA
6496 	 * interfaces on 10.1.
6497 	 */
6498 
6499 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6500 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6501 		return;
6502 
6503 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6504 		return;
6505 
6506 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6507 		return;
6508 
6509 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6510 		return;
6511 
6512 	if (cmd != SET_KEY)
6513 		return;
6514 
6515 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6516 					key->keyidx);
6517 	if (ret)
6518 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6519 			    arvif->vdev_id, ret);
6520 }
6521 
6522 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6523 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6524 			  struct ieee80211_key_conf *key)
6525 {
6526 	struct ath10k *ar = hw->priv;
6527 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6528 	struct ath10k_sta *arsta;
6529 	struct ath10k_peer *peer;
6530 	const u8 *peer_addr;
6531 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6532 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6533 	int ret = 0;
6534 	int ret2;
6535 	u32 flags = 0;
6536 	u32 flags2;
6537 
6538 	/* this one needs to be done in software */
6539 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6540 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6541 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6542 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6543 		return 1;
6544 
6545 	if (arvif->nohwcrypt)
6546 		return 1;
6547 
6548 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6549 		return -ENOSPC;
6550 
6551 	mutex_lock(&ar->conf_mutex);
6552 
6553 	if (sta) {
6554 		arsta = (struct ath10k_sta *)sta->drv_priv;
6555 		peer_addr = sta->addr;
6556 		spin_lock_bh(&ar->data_lock);
6557 		arsta->ucast_cipher = key->cipher;
6558 		spin_unlock_bh(&ar->data_lock);
6559 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
6560 		peer_addr = vif->bss_conf.bssid;
6561 	} else {
6562 		peer_addr = vif->addr;
6563 	}
6564 
6565 	key->hw_key_idx = key->keyidx;
6566 
6567 	if (is_wep) {
6568 		if (cmd == SET_KEY)
6569 			arvif->wep_keys[key->keyidx] = key;
6570 		else
6571 			arvif->wep_keys[key->keyidx] = NULL;
6572 	}
6573 
6574 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6575 	 * we already hold conf_mutex. we just make sure its there now.
6576 	 */
6577 	spin_lock_bh(&ar->data_lock);
6578 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6579 	spin_unlock_bh(&ar->data_lock);
6580 
6581 	if (!peer) {
6582 		if (cmd == SET_KEY) {
6583 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6584 				    peer_addr);
6585 			ret = -EOPNOTSUPP;
6586 			goto exit;
6587 		} else {
6588 			/* if the peer doesn't exist there is no key to disable anymore */
6589 			goto exit;
6590 		}
6591 	}
6592 
6593 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6594 		flags |= WMI_KEY_PAIRWISE;
6595 	else
6596 		flags |= WMI_KEY_GROUP;
6597 
6598 	if (is_wep) {
6599 		if (cmd == DISABLE_KEY)
6600 			ath10k_clear_vdev_key(arvif, key);
6601 
6602 		/* When WEP keys are uploaded it's possible that there are
6603 		 * stations associated already (e.g. when merging) without any
6604 		 * keys. Static WEP needs an explicit per-peer key upload.
6605 		 */
6606 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6607 		    cmd == SET_KEY)
6608 			ath10k_mac_vif_update_wep_key(arvif, key);
6609 
6610 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6611 		 * call changes default tx key.
6612 		 *
6613 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6614 		 * after first set_key().
6615 		 */
6616 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6617 			flags |= WMI_KEY_TX_USAGE;
6618 	}
6619 
6620 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6621 	if (ret) {
6622 		WARN_ON(ret > 0);
6623 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6624 			    arvif->vdev_id, peer_addr, ret);
6625 		goto exit;
6626 	}
6627 
6628 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6629 	 * them to be installed twice as both pairwise and groupwise.
6630 	 */
6631 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6632 		flags2 = flags;
6633 		flags2 &= ~WMI_KEY_GROUP;
6634 		flags2 |= WMI_KEY_PAIRWISE;
6635 
6636 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6637 		if (ret) {
6638 			WARN_ON(ret > 0);
6639 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6640 				    arvif->vdev_id, peer_addr, ret);
6641 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6642 						  peer_addr, flags);
6643 			if (ret2) {
6644 				WARN_ON(ret2 > 0);
6645 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6646 					    arvif->vdev_id, peer_addr, ret2);
6647 			}
6648 			goto exit;
6649 		}
6650 	}
6651 
6652 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6653 
6654 	spin_lock_bh(&ar->data_lock);
6655 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6656 	if (peer && cmd == SET_KEY)
6657 		peer->keys[key->keyidx] = key;
6658 	else if (peer && cmd == DISABLE_KEY)
6659 		peer->keys[key->keyidx] = NULL;
6660 	else if (peer == NULL)
6661 		/* impossible unless FW goes crazy */
6662 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6663 	spin_unlock_bh(&ar->data_lock);
6664 
6665 	if (sta && sta->tdls)
6666 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6667 					  ar->wmi.peer_param->authorize, 1);
6668 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6669 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6670 					  ar->wmi.peer_param->authorize, 1);
6671 
6672 exit:
6673 	mutex_unlock(&ar->conf_mutex);
6674 	return ret;
6675 }
6676 
6677 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6678 					   struct ieee80211_vif *vif,
6679 					   int keyidx)
6680 {
6681 	struct ath10k *ar = hw->priv;
6682 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6683 	int ret;
6684 
6685 	mutex_lock(&arvif->ar->conf_mutex);
6686 
6687 	if (arvif->ar->state != ATH10K_STATE_ON)
6688 		goto unlock;
6689 
6690 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6691 		   arvif->vdev_id, keyidx);
6692 
6693 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6694 					arvif->vdev_id,
6695 					arvif->ar->wmi.vdev_param->def_keyid,
6696 					keyidx);
6697 
6698 	if (ret) {
6699 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6700 			    arvif->vdev_id,
6701 			    ret);
6702 		goto unlock;
6703 	}
6704 
6705 	arvif->def_wep_key_idx = keyidx;
6706 
6707 unlock:
6708 	mutex_unlock(&arvif->ar->conf_mutex);
6709 }
6710 
6711 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6712 {
6713 	struct ath10k *ar;
6714 	struct ath10k_vif *arvif;
6715 	struct ath10k_sta *arsta;
6716 	struct ieee80211_sta *sta;
6717 	struct cfg80211_chan_def def;
6718 	enum nl80211_band band;
6719 	const u8 *ht_mcs_mask;
6720 	const u16 *vht_mcs_mask;
6721 	u32 changed, bw, nss, smps;
6722 	int err;
6723 
6724 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6725 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6726 	arvif = arsta->arvif;
6727 	ar = arvif->ar;
6728 
6729 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6730 		return;
6731 
6732 	band = def.chan->band;
6733 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6734 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6735 
6736 	spin_lock_bh(&ar->data_lock);
6737 
6738 	changed = arsta->changed;
6739 	arsta->changed = 0;
6740 
6741 	bw = arsta->bw;
6742 	nss = arsta->nss;
6743 	smps = arsta->smps;
6744 
6745 	spin_unlock_bh(&ar->data_lock);
6746 
6747 	mutex_lock(&ar->conf_mutex);
6748 
6749 	nss = max_t(u32, 1, nss);
6750 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6751 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6752 
6753 	if (changed & IEEE80211_RC_BW_CHANGED) {
6754 		enum wmi_phy_mode mode;
6755 
6756 		mode = chan_to_phymode(&def);
6757 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM peer bw %d phymode %d\n",
6758 			   sta->addr, bw, mode);
6759 
6760 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6761 						ar->wmi.peer_param->phymode, mode);
6762 		if (err) {
6763 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6764 				    sta->addr, mode, err);
6765 			goto exit;
6766 		}
6767 
6768 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6769 						ar->wmi.peer_param->chan_width, bw);
6770 		if (err)
6771 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6772 				    sta->addr, bw, err);
6773 	}
6774 
6775 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6776 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM nss %d\n",
6777 			   sta->addr, nss);
6778 
6779 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6780 						ar->wmi.peer_param->nss, nss);
6781 		if (err)
6782 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6783 				    sta->addr, nss, err);
6784 	}
6785 
6786 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6787 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM smps %d\n",
6788 			   sta->addr, smps);
6789 
6790 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6791 						ar->wmi.peer_param->smps_state, smps);
6792 		if (err)
6793 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6794 				    sta->addr, smps, err);
6795 	}
6796 
6797 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6798 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM supp rates\n",
6799 			   sta->addr);
6800 
6801 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6802 		if (err)
6803 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6804 				    sta->addr);
6805 	}
6806 
6807 exit:
6808 	mutex_unlock(&ar->conf_mutex);
6809 }
6810 
6811 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6812 				       struct ieee80211_sta *sta)
6813 {
6814 	struct ath10k *ar = arvif->ar;
6815 
6816 	lockdep_assert_held(&ar->conf_mutex);
6817 
6818 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6819 		return 0;
6820 
6821 	if (ar->num_stations >= ar->max_num_stations)
6822 		return -ENOBUFS;
6823 
6824 	ar->num_stations++;
6825 
6826 	return 0;
6827 }
6828 
6829 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6830 					struct ieee80211_sta *sta)
6831 {
6832 	struct ath10k *ar = arvif->ar;
6833 
6834 	lockdep_assert_held(&ar->conf_mutex);
6835 
6836 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6837 		return;
6838 
6839 	ar->num_stations--;
6840 }
6841 
6842 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6843 				struct ieee80211_vif *vif,
6844 				struct ieee80211_sta *sta)
6845 {
6846 	struct ath10k *ar = hw->priv;
6847 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6848 	int ret = 0;
6849 	s16 txpwr;
6850 
6851 	if (sta->deflink.txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6852 		txpwr = 0;
6853 	} else {
6854 		txpwr = sta->deflink.txpwr.power;
6855 		if (!txpwr)
6856 			return -EINVAL;
6857 	}
6858 
6859 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6860 		return -EINVAL;
6861 
6862 	mutex_lock(&ar->conf_mutex);
6863 
6864 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6865 					ar->wmi.peer_param->use_fixed_power, txpwr);
6866 	if (ret) {
6867 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6868 			    ret);
6869 		goto out;
6870 	}
6871 
6872 out:
6873 	mutex_unlock(&ar->conf_mutex);
6874 	return ret;
6875 }
6876 
6877 struct ath10k_mac_iter_tid_conf_data {
6878 	struct ieee80211_vif *curr_vif;
6879 	struct ath10k *ar;
6880 	bool reset_config;
6881 };
6882 
6883 static bool
6884 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6885 					enum nl80211_band band,
6886 					const struct cfg80211_bitrate_mask *mask,
6887 					int *vht_num_rates)
6888 {
6889 	int num_rates = 0;
6890 	int i, tmp;
6891 
6892 	num_rates += hweight32(mask->control[band].legacy);
6893 
6894 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6895 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6896 
6897 	*vht_num_rates = 0;
6898 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6899 		tmp = hweight16(mask->control[band].vht_mcs[i]);
6900 		num_rates += tmp;
6901 		*vht_num_rates += tmp;
6902 	}
6903 
6904 	return num_rates == 1;
6905 }
6906 
6907 static int
6908 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6909 					enum nl80211_band band,
6910 					const struct cfg80211_bitrate_mask *mask,
6911 					u8 *rate, u8 *nss, bool vht_only)
6912 {
6913 	int rate_idx;
6914 	int i;
6915 	u16 bitrate;
6916 	u8 preamble;
6917 	u8 hw_rate;
6918 
6919 	if (vht_only)
6920 		goto next;
6921 
6922 	if (hweight32(mask->control[band].legacy) == 1) {
6923 		rate_idx = ffs(mask->control[band].legacy) - 1;
6924 
6925 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6926 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6927 
6928 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
6929 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
6930 
6931 		if (ath10k_mac_bitrate_is_cck(bitrate))
6932 			preamble = WMI_RATE_PREAMBLE_CCK;
6933 		else
6934 			preamble = WMI_RATE_PREAMBLE_OFDM;
6935 
6936 		*nss = 1;
6937 		*rate = preamble << 6 |
6938 			(*nss - 1) << 4 |
6939 			hw_rate << 0;
6940 
6941 		return 0;
6942 	}
6943 
6944 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6945 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6946 			*nss = i + 1;
6947 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6948 				(*nss - 1) << 4 |
6949 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6950 
6951 			return 0;
6952 		}
6953 	}
6954 
6955 next:
6956 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6957 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6958 			*nss = i + 1;
6959 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6960 				(*nss - 1) << 4 |
6961 				(ffs(mask->control[band].vht_mcs[i]) - 1);
6962 
6963 			return 0;
6964 		}
6965 	}
6966 
6967 	return -EINVAL;
6968 }
6969 
6970 static int ath10k_mac_validate_rate_mask(struct ath10k *ar,
6971 					 struct ieee80211_sta *sta,
6972 					 u32 rate_ctrl_flag, u8 nss)
6973 {
6974 	struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
6975 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
6976 
6977 	if (nss > sta->deflink.rx_nss) {
6978 		ath10k_warn(ar, "Invalid nss field, configured %u limit %u\n",
6979 			    nss, sta->deflink.rx_nss);
6980 		return -EINVAL;
6981 	}
6982 
6983 	if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_VHT) {
6984 		if (!vht_cap->vht_supported) {
6985 			ath10k_warn(ar, "Invalid VHT rate for sta %pM\n",
6986 				    sta->addr);
6987 			return -EINVAL;
6988 		}
6989 	} else if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_HT) {
6990 		if (!ht_cap->ht_supported || vht_cap->vht_supported) {
6991 			ath10k_warn(ar, "Invalid HT rate for sta %pM\n",
6992 				    sta->addr);
6993 			return -EINVAL;
6994 		}
6995 	} else {
6996 		if (ht_cap->ht_supported || vht_cap->vht_supported)
6997 			return -EINVAL;
6998 	}
6999 
7000 	return 0;
7001 }
7002 
7003 static int
7004 ath10k_mac_tid_bitrate_config(struct ath10k *ar,
7005 			      struct ieee80211_vif *vif,
7006 			      struct ieee80211_sta *sta,
7007 			      u32 *rate_ctrl_flag, u8 *rate_ctrl,
7008 			      enum nl80211_tx_rate_setting txrate_type,
7009 			      const struct cfg80211_bitrate_mask *mask)
7010 {
7011 	struct cfg80211_chan_def def;
7012 	enum nl80211_band band;
7013 	u8 nss, rate;
7014 	int vht_num_rates, ret;
7015 
7016 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
7017 		return -EINVAL;
7018 
7019 	if (txrate_type == NL80211_TX_RATE_AUTOMATIC) {
7020 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7021 		*rate_ctrl_flag = 0;
7022 		return 0;
7023 	}
7024 
7025 	band = def.chan->band;
7026 
7027 	if (!ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
7028 						     &vht_num_rates)) {
7029 		return -EINVAL;
7030 	}
7031 
7032 	ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
7033 						      &rate, &nss, false);
7034 	if (ret) {
7035 		ath10k_warn(ar, "failed to get single rate: %d\n",
7036 			    ret);
7037 		return ret;
7038 	}
7039 
7040 	*rate_ctrl_flag = rate;
7041 
7042 	if (sta && ath10k_mac_validate_rate_mask(ar, sta, *rate_ctrl_flag, nss))
7043 		return -EINVAL;
7044 
7045 	if (txrate_type == NL80211_TX_RATE_FIXED)
7046 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_FIXED_RATE;
7047 	else if (txrate_type == NL80211_TX_RATE_LIMITED &&
7048 		 (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
7049 			   ar->wmi.svc_map)))
7050 		*rate_ctrl = WMI_PEER_TID_CONFIG_RATE_UPPER_CAP;
7051 	else
7052 		return -EOPNOTSUPP;
7053 
7054 	return 0;
7055 }
7056 
7057 static int ath10k_mac_set_tid_config(struct ath10k *ar, struct ieee80211_sta *sta,
7058 				     struct ieee80211_vif *vif, u32 changed,
7059 				     struct wmi_per_peer_per_tid_cfg_arg *arg)
7060 {
7061 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7062 	struct ath10k_sta *arsta;
7063 	int ret;
7064 
7065 	if (sta) {
7066 		if (!sta->wme)
7067 			return -ENOTSUPP;
7068 
7069 		arsta = (struct ath10k_sta *)sta->drv_priv;
7070 
7071 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7072 			if ((arsta->retry_long[arg->tid] > 0 ||
7073 			     arsta->rate_code[arg->tid] > 0 ||
7074 			     arsta->ampdu[arg->tid] ==
7075 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7076 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7077 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7078 				arg->ack_policy = 0;
7079 				arg->aggr_control = 0;
7080 				arg->rate_ctrl = 0;
7081 				arg->rcode_flags = 0;
7082 			}
7083 		}
7084 
7085 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7086 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7087 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7088 				arg->aggr_control = 0;
7089 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7090 			}
7091 		}
7092 
7093 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7094 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7095 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7096 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7097 				arg->rate_ctrl = 0;
7098 				arg->rcode_flags = 0;
7099 			}
7100 		}
7101 
7102 		ether_addr_copy(arg->peer_macaddr.addr, sta->addr);
7103 
7104 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, arg);
7105 		if (ret)
7106 			return ret;
7107 
7108 		/* Store the configured parameters in success case */
7109 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7110 			arsta->noack[arg->tid] = arg->ack_policy;
7111 			arg->ack_policy = 0;
7112 			arg->aggr_control = 0;
7113 			arg->rate_ctrl = 0;
7114 			arg->rcode_flags = 0;
7115 		}
7116 
7117 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7118 			arsta->retry_long[arg->tid] = arg->retry_count;
7119 			arg->retry_count = 0;
7120 		}
7121 
7122 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7123 			arsta->ampdu[arg->tid] = arg->aggr_control;
7124 			arg->aggr_control = 0;
7125 		}
7126 
7127 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7128 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7129 			arsta->rate_ctrl[arg->tid] = arg->rate_ctrl;
7130 			arg->rate_ctrl = 0;
7131 			arg->rcode_flags = 0;
7132 		}
7133 
7134 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7135 			arsta->rtscts[arg->tid] = arg->rtscts_ctrl;
7136 			arg->ext_tid_cfg_bitmap = 0;
7137 		}
7138 	} else {
7139 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7140 			if ((arvif->retry_long[arg->tid] ||
7141 			     arvif->rate_code[arg->tid] ||
7142 			     arvif->ampdu[arg->tid] ==
7143 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7144 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7145 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7146 			} else {
7147 				arvif->noack[arg->tid] = arg->ack_policy;
7148 				arvif->ampdu[arg->tid] = arg->aggr_control;
7149 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7150 			}
7151 		}
7152 
7153 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7154 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7155 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7156 			else
7157 				arvif->retry_long[arg->tid] = arg->retry_count;
7158 		}
7159 
7160 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7161 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7162 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
7163 			else
7164 				arvif->ampdu[arg->tid] = arg->aggr_control;
7165 		}
7166 
7167 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7168 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7169 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7170 				changed &= ~(BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7171 					     BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE));
7172 			} else {
7173 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7174 				arvif->rate_code[arg->tid] = arg->rcode_flags;
7175 			}
7176 		}
7177 
7178 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7179 			arvif->rtscts[arg->tid] = arg->rtscts_ctrl;
7180 			arg->ext_tid_cfg_bitmap = 0;
7181 		}
7182 
7183 		if (changed)
7184 			arvif->tid_conf_changed[arg->tid] |= changed;
7185 	}
7186 
7187 	return 0;
7188 }
7189 
7190 static int
7191 ath10k_mac_parse_tid_config(struct ath10k *ar,
7192 			    struct ieee80211_sta *sta,
7193 			    struct ieee80211_vif *vif,
7194 			    struct cfg80211_tid_cfg *tid_conf,
7195 			    struct wmi_per_peer_per_tid_cfg_arg *arg)
7196 {
7197 	u32 changed = tid_conf->mask;
7198 	int ret = 0, i = 0;
7199 
7200 	if (!changed)
7201 		return -EINVAL;
7202 
7203 	while (i < ATH10K_TID_MAX) {
7204 		if (!(tid_conf->tids & BIT(i))) {
7205 			i++;
7206 			continue;
7207 		}
7208 
7209 		arg->tid = i;
7210 
7211 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7212 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE) {
7213 				arg->ack_policy = WMI_PEER_TID_CONFIG_NOACK;
7214 				arg->rate_ctrl =
7215 				WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
7216 				arg->aggr_control =
7217 					WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7218 			} else {
7219 				arg->ack_policy =
7220 					WMI_PEER_TID_CONFIG_ACK;
7221 				arg->rate_ctrl =
7222 					WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7223 				arg->aggr_control =
7224 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7225 			}
7226 		}
7227 
7228 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG))
7229 			arg->retry_count = tid_conf->retry_long;
7230 
7231 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7232 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE)
7233 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7234 			else
7235 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7236 		}
7237 
7238 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7239 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7240 			ret = ath10k_mac_tid_bitrate_config(ar, vif, sta,
7241 							    &arg->rcode_flags,
7242 							    &arg->rate_ctrl,
7243 							    tid_conf->txrate_type,
7244 							&tid_conf->txrate_mask);
7245 			if (ret) {
7246 				ath10k_warn(ar, "failed to configure bitrate mask %d\n",
7247 					    ret);
7248 				arg->rcode_flags = 0;
7249 				arg->rate_ctrl = 0;
7250 			}
7251 		}
7252 
7253 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7254 			if (tid_conf->rtscts)
7255 				arg->rtscts_ctrl = tid_conf->rtscts;
7256 
7257 			arg->ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7258 		}
7259 
7260 		ret = ath10k_mac_set_tid_config(ar, sta, vif, changed, arg);
7261 		if (ret)
7262 			return ret;
7263 		i++;
7264 	}
7265 
7266 	return ret;
7267 }
7268 
7269 static int ath10k_mac_reset_tid_config(struct ath10k *ar,
7270 				       struct ieee80211_sta *sta,
7271 				       struct ath10k_vif *arvif,
7272 				       u8 tids)
7273 {
7274 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7275 	struct wmi_per_peer_per_tid_cfg_arg arg;
7276 	int ret = 0, i = 0;
7277 
7278 	arg.vdev_id = arvif->vdev_id;
7279 	while (i < ATH10K_TID_MAX) {
7280 		if (!(tids & BIT(i))) {
7281 			i++;
7282 			continue;
7283 		}
7284 
7285 		arg.tid = i;
7286 		arg.ack_policy = WMI_PEER_TID_CONFIG_ACK;
7287 		arg.retry_count = ATH10K_MAX_RETRY_COUNT;
7288 		arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7289 		arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7290 		arg.rtscts_ctrl = WMI_TID_CONFIG_RTSCTS_CONTROL_ENABLE;
7291 		arg.ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7292 
7293 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7294 
7295 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7296 		if (ret)
7297 			return ret;
7298 
7299 		if (!arvif->tids_rst) {
7300 			arsta->retry_long[i] = -1;
7301 			arsta->noack[i] = -1;
7302 			arsta->ampdu[i] = -1;
7303 			arsta->rate_code[i] = -1;
7304 			arsta->rate_ctrl[i] = 0;
7305 			arsta->rtscts[i] = -1;
7306 		} else {
7307 			arvif->retry_long[i] = 0;
7308 			arvif->noack[i] = 0;
7309 			arvif->ampdu[i] = 0;
7310 			arvif->rate_code[i] = 0;
7311 			arvif->rate_ctrl[i] = 0;
7312 			arvif->rtscts[i] = 0;
7313 		}
7314 
7315 		i++;
7316 	}
7317 
7318 	return ret;
7319 }
7320 
7321 static void ath10k_sta_tid_cfg_wk(struct work_struct *wk)
7322 {
7323 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
7324 	struct ieee80211_sta *sta;
7325 	struct ath10k_sta *arsta;
7326 	struct ath10k_vif *arvif;
7327 	struct ath10k *ar;
7328 	bool config_apply;
7329 	int ret, i;
7330 	u32 changed;
7331 	u8 nss;
7332 
7333 	arsta = container_of(wk, struct ath10k_sta, tid_config_wk);
7334 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
7335 	arvif = arsta->arvif;
7336 	ar = arvif->ar;
7337 
7338 	mutex_lock(&ar->conf_mutex);
7339 
7340 	if (arvif->tids_rst) {
7341 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif,
7342 						  arvif->tids_rst);
7343 		goto exit;
7344 	}
7345 
7346 	ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7347 
7348 	for (i = 0; i < ATH10K_TID_MAX; i++) {
7349 		config_apply = false;
7350 		changed = arvif->tid_conf_changed[i];
7351 
7352 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7353 			if (arsta->noack[i] != -1) {
7354 				arg.ack_policy  = 0;
7355 			} else {
7356 				config_apply = true;
7357 				arg.ack_policy = arvif->noack[i];
7358 				arg.aggr_control = arvif->ampdu[i];
7359 				arg.rate_ctrl = arvif->rate_ctrl[i];
7360 			}
7361 		}
7362 
7363 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7364 			if (arsta->retry_long[i] != -1 ||
7365 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7366 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7367 				arg.retry_count = 0;
7368 			} else {
7369 				arg.retry_count = arvif->retry_long[i];
7370 				config_apply = true;
7371 			}
7372 		}
7373 
7374 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7375 			if (arsta->ampdu[i] != -1 ||
7376 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7377 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7378 				arg.aggr_control = 0;
7379 			} else {
7380 				arg.aggr_control = arvif->ampdu[i];
7381 				config_apply = true;
7382 			}
7383 		}
7384 
7385 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7386 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7387 			nss = ATH10K_HW_NSS(arvif->rate_code[i]);
7388 			ret = ath10k_mac_validate_rate_mask(ar, sta,
7389 							    arvif->rate_code[i],
7390 							    nss);
7391 			if (ret &&
7392 			    arvif->rate_ctrl[i] > WMI_TID_CONFIG_RATE_CONTROL_AUTO) {
7393 				arg.rate_ctrl = 0;
7394 				arg.rcode_flags = 0;
7395 			}
7396 
7397 			if (arsta->rate_ctrl[i] >
7398 			    WMI_TID_CONFIG_RATE_CONTROL_AUTO ||
7399 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7400 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7401 				arg.rate_ctrl = 0;
7402 				arg.rcode_flags = 0;
7403 			} else {
7404 				arg.rate_ctrl = arvif->rate_ctrl[i];
7405 				arg.rcode_flags = arvif->rate_code[i];
7406 				config_apply = true;
7407 			}
7408 		}
7409 
7410 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7411 			if (arsta->rtscts[i]) {
7412 				arg.rtscts_ctrl = 0;
7413 				arg.ext_tid_cfg_bitmap = 0;
7414 			} else {
7415 				arg.rtscts_ctrl = arvif->rtscts[i] - 1;
7416 				arg.ext_tid_cfg_bitmap =
7417 					WMI_EXT_TID_RTS_CTS_CONFIG;
7418 				config_apply = true;
7419 			}
7420 		}
7421 
7422 		arg.tid = i;
7423 
7424 		if (config_apply) {
7425 			ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7426 			if (ret)
7427 				ath10k_warn(ar, "failed to set per tid config for sta %pM: %d\n",
7428 					    sta->addr, ret);
7429 		}
7430 
7431 		arg.ack_policy  = 0;
7432 		arg.retry_count  = 0;
7433 		arg.aggr_control  = 0;
7434 		arg.rate_ctrl = 0;
7435 		arg.rcode_flags = 0;
7436 	}
7437 
7438 exit:
7439 	mutex_unlock(&ar->conf_mutex);
7440 }
7441 
7442 static void ath10k_mac_vif_stations_tid_conf(void *data,
7443 					     struct ieee80211_sta *sta)
7444 {
7445 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7446 	struct ath10k_mac_iter_tid_conf_data *iter_data = data;
7447 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
7448 
7449 	if (sta_vif != iter_data->curr_vif || !sta->wme)
7450 		return;
7451 
7452 	ieee80211_queue_work(iter_data->ar->hw, &arsta->tid_config_wk);
7453 }
7454 
7455 static int ath10k_sta_state(struct ieee80211_hw *hw,
7456 			    struct ieee80211_vif *vif,
7457 			    struct ieee80211_sta *sta,
7458 			    enum ieee80211_sta_state old_state,
7459 			    enum ieee80211_sta_state new_state)
7460 {
7461 	struct ath10k *ar = hw->priv;
7462 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7463 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7464 	struct ath10k_peer *peer;
7465 	int ret = 0;
7466 	int i;
7467 
7468 	if (old_state == IEEE80211_STA_NOTEXIST &&
7469 	    new_state == IEEE80211_STA_NONE) {
7470 		memset(arsta, 0, sizeof(*arsta));
7471 		arsta->arvif = arvif;
7472 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
7473 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
7474 		INIT_WORK(&arsta->tid_config_wk, ath10k_sta_tid_cfg_wk);
7475 
7476 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7477 			ath10k_mac_txq_init(sta->txq[i]);
7478 	}
7479 
7480 	/* cancel must be done outside the mutex to avoid deadlock */
7481 	if ((old_state == IEEE80211_STA_NONE &&
7482 	     new_state == IEEE80211_STA_NOTEXIST)) {
7483 		cancel_work_sync(&arsta->update_wk);
7484 		cancel_work_sync(&arsta->tid_config_wk);
7485 	}
7486 
7487 	mutex_lock(&ar->conf_mutex);
7488 
7489 	if (old_state == IEEE80211_STA_NOTEXIST &&
7490 	    new_state == IEEE80211_STA_NONE) {
7491 		/*
7492 		 * New station addition.
7493 		 */
7494 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
7495 		u32 num_tdls_stations;
7496 
7497 		ath10k_dbg(ar, ATH10K_DBG_STA,
7498 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
7499 			   arvif->vdev_id, sta->addr,
7500 			   ar->num_stations + 1, ar->max_num_stations,
7501 			   ar->num_peers + 1, ar->max_num_peers);
7502 
7503 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
7504 
7505 		if (sta->tdls) {
7506 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
7507 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
7508 					    arvif->vdev_id,
7509 					    ar->max_num_tdls_vdevs);
7510 				ret = -ELNRNG;
7511 				goto exit;
7512 			}
7513 			peer_type = WMI_PEER_TYPE_TDLS;
7514 		}
7515 
7516 		ret = ath10k_mac_inc_num_stations(arvif, sta);
7517 		if (ret) {
7518 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
7519 				    ar->max_num_stations);
7520 			goto exit;
7521 		}
7522 
7523 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7524 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
7525 						  GFP_KERNEL);
7526 			if (!arsta->tx_stats) {
7527 				ath10k_mac_dec_num_stations(arvif, sta);
7528 				ret = -ENOMEM;
7529 				goto exit;
7530 			}
7531 		}
7532 
7533 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
7534 					 sta->addr, peer_type);
7535 		if (ret) {
7536 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
7537 				    sta->addr, arvif->vdev_id, ret);
7538 			ath10k_mac_dec_num_stations(arvif, sta);
7539 			kfree(arsta->tx_stats);
7540 			goto exit;
7541 		}
7542 
7543 		spin_lock_bh(&ar->data_lock);
7544 
7545 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7546 		if (!peer) {
7547 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
7548 				    vif->addr, arvif->vdev_id);
7549 			spin_unlock_bh(&ar->data_lock);
7550 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7551 			ath10k_mac_dec_num_stations(arvif, sta);
7552 			kfree(arsta->tx_stats);
7553 			ret = -ENOENT;
7554 			goto exit;
7555 		}
7556 
7557 		arsta->peer_id = find_first_bit(peer->peer_ids,
7558 						ATH10K_MAX_NUM_PEER_IDS);
7559 
7560 		spin_unlock_bh(&ar->data_lock);
7561 
7562 		if (!sta->tdls)
7563 			goto exit;
7564 
7565 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7566 						      WMI_TDLS_ENABLE_ACTIVE);
7567 		if (ret) {
7568 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7569 				    arvif->vdev_id, ret);
7570 			ath10k_peer_delete(ar, arvif->vdev_id,
7571 					   sta->addr);
7572 			ath10k_mac_dec_num_stations(arvif, sta);
7573 			kfree(arsta->tx_stats);
7574 			goto exit;
7575 		}
7576 
7577 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7578 						  WMI_TDLS_PEER_STATE_PEERING);
7579 		if (ret) {
7580 			ath10k_warn(ar,
7581 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
7582 				    sta->addr, arvif->vdev_id, ret);
7583 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7584 			ath10k_mac_dec_num_stations(arvif, sta);
7585 			kfree(arsta->tx_stats);
7586 
7587 			if (num_tdls_stations != 0)
7588 				goto exit;
7589 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7590 							WMI_TDLS_DISABLE);
7591 		}
7592 	} else if ((old_state == IEEE80211_STA_NONE &&
7593 		    new_state == IEEE80211_STA_NOTEXIST)) {
7594 		/*
7595 		 * Existing station deletion.
7596 		 */
7597 		ath10k_dbg(ar, ATH10K_DBG_STA,
7598 			   "mac vdev %d peer delete %pM sta %pK (sta gone)\n",
7599 			   arvif->vdev_id, sta->addr, sta);
7600 
7601 		if (sta->tdls) {
7602 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
7603 							  sta,
7604 							  WMI_TDLS_PEER_STATE_TEARDOWN);
7605 			if (ret)
7606 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
7607 					    sta->addr,
7608 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
7609 		}
7610 
7611 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7612 		if (ret)
7613 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
7614 				    sta->addr, arvif->vdev_id, ret);
7615 
7616 		ath10k_mac_dec_num_stations(arvif, sta);
7617 
7618 		spin_lock_bh(&ar->data_lock);
7619 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
7620 			peer = ar->peer_map[i];
7621 			if (!peer)
7622 				continue;
7623 
7624 			if (peer->sta == sta) {
7625 				ath10k_warn(ar, "found sta peer %pM (ptr %pK id %d) entry on vdev %i after it was supposedly removed\n",
7626 					    sta->addr, peer, i, arvif->vdev_id);
7627 				peer->sta = NULL;
7628 
7629 				/* Clean up the peer object as well since we
7630 				 * must have failed to do this above.
7631 				 */
7632 				ath10k_peer_map_cleanup(ar, peer);
7633 			}
7634 		}
7635 		spin_unlock_bh(&ar->data_lock);
7636 
7637 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7638 			kfree(arsta->tx_stats);
7639 			arsta->tx_stats = NULL;
7640 		}
7641 
7642 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7643 			ath10k_mac_txq_unref(ar, sta->txq[i]);
7644 
7645 		if (!sta->tdls)
7646 			goto exit;
7647 
7648 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
7649 			goto exit;
7650 
7651 		/* This was the last tdls peer in current vif */
7652 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7653 						      WMI_TDLS_DISABLE);
7654 		if (ret) {
7655 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7656 				    arvif->vdev_id, ret);
7657 		}
7658 	} else if (old_state == IEEE80211_STA_AUTH &&
7659 		   new_state == IEEE80211_STA_ASSOC &&
7660 		   (vif->type == NL80211_IFTYPE_AP ||
7661 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
7662 		    vif->type == NL80211_IFTYPE_ADHOC)) {
7663 		/*
7664 		 * New association.
7665 		 */
7666 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM associated\n",
7667 			   sta->addr);
7668 
7669 		ret = ath10k_station_assoc(ar, vif, sta, false);
7670 		if (ret)
7671 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
7672 				    sta->addr, arvif->vdev_id, ret);
7673 	} else if (old_state == IEEE80211_STA_ASSOC &&
7674 		   new_state == IEEE80211_STA_AUTHORIZED &&
7675 		   sta->tdls) {
7676 		/*
7677 		 * Tdls station authorized.
7678 		 */
7679 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac tdls sta %pM authorized\n",
7680 			   sta->addr);
7681 
7682 		ret = ath10k_station_assoc(ar, vif, sta, false);
7683 		if (ret) {
7684 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
7685 				    sta->addr, arvif->vdev_id, ret);
7686 			goto exit;
7687 		}
7688 
7689 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7690 						  WMI_TDLS_PEER_STATE_CONNECTED);
7691 		if (ret)
7692 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
7693 				    sta->addr, arvif->vdev_id, ret);
7694 	} else if (old_state == IEEE80211_STA_ASSOC &&
7695 		    new_state == IEEE80211_STA_AUTH &&
7696 		    (vif->type == NL80211_IFTYPE_AP ||
7697 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
7698 		     vif->type == NL80211_IFTYPE_ADHOC)) {
7699 		/*
7700 		 * Disassociation.
7701 		 */
7702 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM disassociated\n",
7703 			   sta->addr);
7704 
7705 		ret = ath10k_station_disassoc(ar, vif, sta);
7706 		if (ret)
7707 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
7708 				    sta->addr, arvif->vdev_id, ret);
7709 	}
7710 exit:
7711 	mutex_unlock(&ar->conf_mutex);
7712 	return ret;
7713 }
7714 
7715 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
7716 				u16 ac, bool enable)
7717 {
7718 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7719 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
7720 	u32 prio = 0, acc = 0;
7721 	u32 value = 0;
7722 	int ret = 0;
7723 
7724 	lockdep_assert_held(&ar->conf_mutex);
7725 
7726 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
7727 		return 0;
7728 
7729 	switch (ac) {
7730 	case IEEE80211_AC_VO:
7731 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
7732 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
7733 		prio = 7;
7734 		acc = 3;
7735 		break;
7736 	case IEEE80211_AC_VI:
7737 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
7738 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
7739 		prio = 5;
7740 		acc = 2;
7741 		break;
7742 	case IEEE80211_AC_BE:
7743 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
7744 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
7745 		prio = 2;
7746 		acc = 1;
7747 		break;
7748 	case IEEE80211_AC_BK:
7749 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
7750 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
7751 		prio = 0;
7752 		acc = 0;
7753 		break;
7754 	}
7755 
7756 	if (enable)
7757 		arvif->u.sta.uapsd |= value;
7758 	else
7759 		arvif->u.sta.uapsd &= ~value;
7760 
7761 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7762 					  WMI_STA_PS_PARAM_UAPSD,
7763 					  arvif->u.sta.uapsd);
7764 	if (ret) {
7765 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
7766 		goto exit;
7767 	}
7768 
7769 	if (arvif->u.sta.uapsd)
7770 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
7771 	else
7772 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
7773 
7774 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7775 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
7776 					  value);
7777 	if (ret)
7778 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
7779 
7780 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
7781 	if (ret) {
7782 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
7783 			    arvif->vdev_id, ret);
7784 		return ret;
7785 	}
7786 
7787 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
7788 	if (ret) {
7789 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
7790 			    arvif->vdev_id, ret);
7791 		return ret;
7792 	}
7793 
7794 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
7795 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
7796 		/* Only userspace can make an educated decision when to send
7797 		 * trigger frame. The following effectively disables u-UAPSD
7798 		 * autotrigger in firmware (which is enabled by default
7799 		 * provided the autotrigger service is available).
7800 		 */
7801 
7802 		arg.wmm_ac = acc;
7803 		arg.user_priority = prio;
7804 		arg.service_interval = 0;
7805 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7806 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7807 
7808 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
7809 						arvif->bssid, &arg, 1);
7810 		if (ret) {
7811 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
7812 				    ret);
7813 			return ret;
7814 		}
7815 	}
7816 
7817 exit:
7818 	return ret;
7819 }
7820 
7821 static int ath10k_conf_tx(struct ieee80211_hw *hw,
7822 			  struct ieee80211_vif *vif,
7823 			  unsigned int link_id, u16 ac,
7824 			  const struct ieee80211_tx_queue_params *params)
7825 {
7826 	struct ath10k *ar = hw->priv;
7827 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7828 	struct wmi_wmm_params_arg *p = NULL;
7829 	int ret;
7830 
7831 	mutex_lock(&ar->conf_mutex);
7832 
7833 	switch (ac) {
7834 	case IEEE80211_AC_VO:
7835 		p = &arvif->wmm_params.ac_vo;
7836 		break;
7837 	case IEEE80211_AC_VI:
7838 		p = &arvif->wmm_params.ac_vi;
7839 		break;
7840 	case IEEE80211_AC_BE:
7841 		p = &arvif->wmm_params.ac_be;
7842 		break;
7843 	case IEEE80211_AC_BK:
7844 		p = &arvif->wmm_params.ac_bk;
7845 		break;
7846 	}
7847 
7848 	if (WARN_ON(!p)) {
7849 		ret = -EINVAL;
7850 		goto exit;
7851 	}
7852 
7853 	p->cwmin = params->cw_min;
7854 	p->cwmax = params->cw_max;
7855 	p->aifs = params->aifs;
7856 
7857 	/*
7858 	 * The channel time duration programmed in the HW is in absolute
7859 	 * microseconds, while mac80211 gives the txop in units of
7860 	 * 32 microseconds.
7861 	 */
7862 	p->txop = params->txop * 32;
7863 
7864 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
7865 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
7866 					       &arvif->wmm_params);
7867 		if (ret) {
7868 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
7869 				    arvif->vdev_id, ret);
7870 			goto exit;
7871 		}
7872 	} else {
7873 		/* This won't work well with multi-interface cases but it's
7874 		 * better than nothing.
7875 		 */
7876 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
7877 		if (ret) {
7878 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
7879 			goto exit;
7880 		}
7881 	}
7882 
7883 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
7884 	if (ret)
7885 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
7886 
7887 exit:
7888 	mutex_unlock(&ar->conf_mutex);
7889 	return ret;
7890 }
7891 
7892 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
7893 				    struct ieee80211_vif *vif,
7894 				    struct ieee80211_channel *chan,
7895 				    int duration,
7896 				    enum ieee80211_roc_type type)
7897 {
7898 	struct ath10k *ar = hw->priv;
7899 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7900 	struct wmi_start_scan_arg arg;
7901 	int ret = 0;
7902 	u32 scan_time_msec;
7903 
7904 	mutex_lock(&ar->conf_mutex);
7905 
7906 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
7907 		ret = -EBUSY;
7908 		goto exit;
7909 	}
7910 
7911 	spin_lock_bh(&ar->data_lock);
7912 	switch (ar->scan.state) {
7913 	case ATH10K_SCAN_IDLE:
7914 		reinit_completion(&ar->scan.started);
7915 		reinit_completion(&ar->scan.completed);
7916 		reinit_completion(&ar->scan.on_channel);
7917 		ar->scan.state = ATH10K_SCAN_STARTING;
7918 		ar->scan.is_roc = true;
7919 		ar->scan.vdev_id = arvif->vdev_id;
7920 		ar->scan.roc_freq = chan->center_freq;
7921 		ar->scan.roc_notify = true;
7922 		ret = 0;
7923 		break;
7924 	case ATH10K_SCAN_STARTING:
7925 	case ATH10K_SCAN_RUNNING:
7926 	case ATH10K_SCAN_ABORTING:
7927 		ret = -EBUSY;
7928 		break;
7929 	}
7930 	spin_unlock_bh(&ar->data_lock);
7931 
7932 	if (ret)
7933 		goto exit;
7934 
7935 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7936 
7937 	memset(&arg, 0, sizeof(arg));
7938 	ath10k_wmi_start_scan_init(ar, &arg);
7939 	arg.vdev_id = arvif->vdev_id;
7940 	arg.scan_id = ATH10K_SCAN_ID;
7941 	arg.n_channels = 1;
7942 	arg.channels[0] = chan->center_freq;
7943 	arg.dwell_time_active = scan_time_msec;
7944 	arg.dwell_time_passive = scan_time_msec;
7945 	arg.max_scan_time = scan_time_msec;
7946 	arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7947 	arg.scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7948 	arg.burst_duration_ms = duration;
7949 
7950 	ret = ath10k_start_scan(ar, &arg);
7951 	if (ret) {
7952 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7953 		spin_lock_bh(&ar->data_lock);
7954 		ar->scan.state = ATH10K_SCAN_IDLE;
7955 		spin_unlock_bh(&ar->data_lock);
7956 		goto exit;
7957 	}
7958 
7959 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
7960 	if (ret == 0) {
7961 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
7962 
7963 		ret = ath10k_scan_stop(ar);
7964 		if (ret)
7965 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
7966 
7967 		ret = -ETIMEDOUT;
7968 		goto exit;
7969 	}
7970 
7971 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
7972 				     msecs_to_jiffies(duration));
7973 
7974 	ret = 0;
7975 exit:
7976 	mutex_unlock(&ar->conf_mutex);
7977 	return ret;
7978 }
7979 
7980 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
7981 					   struct ieee80211_vif *vif)
7982 {
7983 	struct ath10k *ar = hw->priv;
7984 
7985 	mutex_lock(&ar->conf_mutex);
7986 
7987 	spin_lock_bh(&ar->data_lock);
7988 	ar->scan.roc_notify = false;
7989 	spin_unlock_bh(&ar->data_lock);
7990 
7991 	ath10k_scan_abort(ar);
7992 
7993 	mutex_unlock(&ar->conf_mutex);
7994 
7995 	cancel_delayed_work_sync(&ar->scan.timeout);
7996 
7997 	return 0;
7998 }
7999 
8000 /*
8001  * Both RTS and Fragmentation threshold are interface-specific
8002  * in ath10k, but device-specific in mac80211.
8003  */
8004 
8005 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
8006 {
8007 	struct ath10k *ar = hw->priv;
8008 	struct ath10k_vif *arvif;
8009 	int ret = 0;
8010 
8011 	mutex_lock(&ar->conf_mutex);
8012 	list_for_each_entry(arvif, &ar->arvifs, list) {
8013 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
8014 			   arvif->vdev_id, value);
8015 
8016 		ret = ath10k_mac_set_rts(arvif, value);
8017 		if (ret) {
8018 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
8019 				    arvif->vdev_id, ret);
8020 			break;
8021 		}
8022 	}
8023 	mutex_unlock(&ar->conf_mutex);
8024 
8025 	return ret;
8026 }
8027 
8028 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
8029 {
8030 	/* Even though there's a WMI enum for fragmentation threshold no known
8031 	 * firmware actually implements it. Moreover it is not possible to rely
8032 	 * frame fragmentation to mac80211 because firmware clears the "more
8033 	 * fragments" bit in frame control making it impossible for remote
8034 	 * devices to reassemble frames.
8035 	 *
8036 	 * Hence implement a dummy callback just to say fragmentation isn't
8037 	 * supported. This effectively prevents mac80211 from doing frame
8038 	 * fragmentation in software.
8039 	 */
8040 	return -EOPNOTSUPP;
8041 }
8042 
8043 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
8044 {
8045 	bool skip;
8046 	long time_left;
8047 
8048 	/* mac80211 doesn't care if we really xmit queued frames or not
8049 	 * we'll collect those frames either way if we stop/delete vdevs
8050 	 */
8051 
8052 	if (ar->state == ATH10K_STATE_WEDGED)
8053 		return;
8054 
8055 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
8056 			bool empty;
8057 
8058 			spin_lock_bh(&ar->htt.tx_lock);
8059 			empty = (ar->htt.num_pending_tx == 0);
8060 			spin_unlock_bh(&ar->htt.tx_lock);
8061 
8062 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
8063 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
8064 					&ar->dev_flags);
8065 
8066 			(empty || skip);
8067 		}), ATH10K_FLUSH_TIMEOUT_HZ);
8068 
8069 	if (time_left == 0 || skip)
8070 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
8071 			    skip, ar->state, time_left);
8072 }
8073 
8074 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
8075 			 u32 queues, bool drop)
8076 {
8077 	struct ath10k *ar = hw->priv;
8078 	struct ath10k_vif *arvif;
8079 	u32 bitmap;
8080 
8081 	if (drop) {
8082 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
8083 			bitmap = ~(1 << WMI_MGMT_TID);
8084 			list_for_each_entry(arvif, &ar->arvifs, list) {
8085 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
8086 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
8087 							      arvif->bssid, bitmap);
8088 			}
8089 			ath10k_htt_flush_tx(&ar->htt);
8090 		}
8091 		return;
8092 	}
8093 
8094 	mutex_lock(&ar->conf_mutex);
8095 	ath10k_mac_wait_tx_complete(ar);
8096 	mutex_unlock(&ar->conf_mutex);
8097 }
8098 
8099 /* TODO: Implement this function properly
8100  * For now it is needed to reply to Probe Requests in IBSS mode.
8101  * Probably we need this information from FW.
8102  */
8103 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
8104 {
8105 	return 1;
8106 }
8107 
8108 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
8109 				     enum ieee80211_reconfig_type reconfig_type)
8110 {
8111 	struct ath10k *ar = hw->priv;
8112 	struct ath10k_vif *arvif;
8113 
8114 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
8115 		return;
8116 
8117 	mutex_lock(&ar->conf_mutex);
8118 
8119 	/* If device failed to restart it will be in a different state, e.g.
8120 	 * ATH10K_STATE_WEDGED
8121 	 */
8122 	if (ar->state == ATH10K_STATE_RESTARTED) {
8123 		ath10k_info(ar, "device successfully recovered\n");
8124 		ar->state = ATH10K_STATE_ON;
8125 		ieee80211_wake_queues(ar->hw);
8126 		clear_bit(ATH10K_FLAG_RESTARTING, &ar->dev_flags);
8127 		if (ar->hw_params.hw_restart_disconnect) {
8128 			list_for_each_entry(arvif, &ar->arvifs, list) {
8129 				if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
8130 					ieee80211_hw_restart_disconnect(arvif->vif);
8131 				}
8132 		}
8133 	}
8134 
8135 	mutex_unlock(&ar->conf_mutex);
8136 }
8137 
8138 static void
8139 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
8140 				  struct ieee80211_channel *channel)
8141 {
8142 	int ret;
8143 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
8144 
8145 	lockdep_assert_held(&ar->conf_mutex);
8146 
8147 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
8148 	    (ar->rx_channel != channel))
8149 		return;
8150 
8151 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
8152 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
8153 		return;
8154 	}
8155 
8156 	reinit_completion(&ar->bss_survey_done);
8157 
8158 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
8159 	if (ret) {
8160 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
8161 		return;
8162 	}
8163 
8164 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
8165 	if (!ret) {
8166 		ath10k_warn(ar, "bss channel survey timed out\n");
8167 		return;
8168 	}
8169 }
8170 
8171 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
8172 			     struct survey_info *survey)
8173 {
8174 	struct ath10k *ar = hw->priv;
8175 	struct ieee80211_supported_band *sband;
8176 	struct survey_info *ar_survey = &ar->survey[idx];
8177 	int ret = 0;
8178 
8179 	mutex_lock(&ar->conf_mutex);
8180 
8181 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
8182 	if (sband && idx >= sband->n_channels) {
8183 		idx -= sband->n_channels;
8184 		sband = NULL;
8185 	}
8186 
8187 	if (!sband)
8188 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
8189 
8190 	if (!sband || idx >= sband->n_channels) {
8191 		ret = -ENOENT;
8192 		goto exit;
8193 	}
8194 
8195 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
8196 
8197 	spin_lock_bh(&ar->data_lock);
8198 	memcpy(survey, ar_survey, sizeof(*survey));
8199 	spin_unlock_bh(&ar->data_lock);
8200 
8201 	survey->channel = &sband->channels[idx];
8202 
8203 	if (ar->rx_channel == survey->channel)
8204 		survey->filled |= SURVEY_INFO_IN_USE;
8205 
8206 exit:
8207 	mutex_unlock(&ar->conf_mutex);
8208 	return ret;
8209 }
8210 
8211 static bool
8212 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
8213 				       enum nl80211_band band,
8214 				       const struct cfg80211_bitrate_mask *mask,
8215 				       int *nss)
8216 {
8217 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
8218 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8219 	u8 ht_nss_mask = 0;
8220 	u8 vht_nss_mask = 0;
8221 	int i;
8222 
8223 	if (mask->control[band].legacy)
8224 		return false;
8225 
8226 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
8227 		if (mask->control[band].ht_mcs[i] == 0)
8228 			continue;
8229 		else if (mask->control[band].ht_mcs[i] ==
8230 			 sband->ht_cap.mcs.rx_mask[i])
8231 			ht_nss_mask |= BIT(i);
8232 		else
8233 			return false;
8234 	}
8235 
8236 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
8237 		if (mask->control[band].vht_mcs[i] == 0)
8238 			continue;
8239 		else if (mask->control[band].vht_mcs[i] ==
8240 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
8241 			vht_nss_mask |= BIT(i);
8242 		else
8243 			return false;
8244 	}
8245 
8246 	if (ht_nss_mask != vht_nss_mask)
8247 		return false;
8248 
8249 	if (ht_nss_mask == 0)
8250 		return false;
8251 
8252 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
8253 		return false;
8254 
8255 	*nss = fls(ht_nss_mask);
8256 
8257 	return true;
8258 }
8259 
8260 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
8261 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
8262 {
8263 	struct ath10k *ar = arvif->ar;
8264 	u32 vdev_param;
8265 	int ret;
8266 
8267 	lockdep_assert_held(&ar->conf_mutex);
8268 
8269 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02x nss %u sgi %u\n",
8270 		   arvif->vdev_id, rate, nss, sgi);
8271 
8272 	vdev_param = ar->wmi.vdev_param->fixed_rate;
8273 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
8274 	if (ret) {
8275 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
8276 			    rate, ret);
8277 		return ret;
8278 	}
8279 
8280 	vdev_param = ar->wmi.vdev_param->nss;
8281 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
8282 	if (ret) {
8283 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
8284 		return ret;
8285 	}
8286 
8287 	vdev_param = ar->wmi.vdev_param->sgi;
8288 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
8289 	if (ret) {
8290 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
8291 		return ret;
8292 	}
8293 
8294 	vdev_param = ar->wmi.vdev_param->ldpc;
8295 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
8296 	if (ret) {
8297 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
8298 		return ret;
8299 	}
8300 
8301 	return 0;
8302 }
8303 
8304 static bool
8305 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
8306 				enum nl80211_band band,
8307 				const struct cfg80211_bitrate_mask *mask,
8308 				bool allow_pfr)
8309 {
8310 	int i;
8311 	u16 vht_mcs;
8312 
8313 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
8314 	 * to express all VHT MCS rate masks. Effectively only the following
8315 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
8316 	 */
8317 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8318 		vht_mcs = mask->control[band].vht_mcs[i];
8319 
8320 		switch (vht_mcs) {
8321 		case 0:
8322 		case BIT(8) - 1:
8323 		case BIT(9) - 1:
8324 		case BIT(10) - 1:
8325 			break;
8326 		default:
8327 			if (!allow_pfr)
8328 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
8329 			return false;
8330 		}
8331 	}
8332 
8333 	return true;
8334 }
8335 
8336 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
8337 						  struct ath10k_vif *arvif,
8338 						  struct ieee80211_sta *sta)
8339 {
8340 	int err;
8341 	u8 rate = arvif->vht_pfr;
8342 
8343 	/* skip non vht and multiple rate peers */
8344 	if (!sta->deflink.vht_cap.vht_supported || arvif->vht_num_rates != 1)
8345 		return false;
8346 
8347 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8348 					WMI_PEER_PARAM_FIXED_RATE, rate);
8349 	if (err)
8350 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
8351 			    sta->addr, err);
8352 
8353 	return true;
8354 }
8355 
8356 static void ath10k_mac_set_bitrate_mask_iter(void *data,
8357 					     struct ieee80211_sta *sta)
8358 {
8359 	struct ath10k_vif *arvif = data;
8360 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8361 	struct ath10k *ar = arvif->ar;
8362 
8363 	if (arsta->arvif != arvif)
8364 		return;
8365 
8366 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
8367 		return;
8368 
8369 	spin_lock_bh(&ar->data_lock);
8370 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
8371 	spin_unlock_bh(&ar->data_lock);
8372 
8373 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
8374 }
8375 
8376 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
8377 					     struct ieee80211_sta *sta)
8378 {
8379 	struct ath10k_vif *arvif = data;
8380 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8381 	struct ath10k *ar = arvif->ar;
8382 	int err;
8383 
8384 	/* clear vht peers only */
8385 	if (arsta->arvif != arvif || !sta->deflink.vht_cap.vht_supported)
8386 		return;
8387 
8388 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8389 					WMI_PEER_PARAM_FIXED_RATE,
8390 					WMI_FIXED_RATE_NONE);
8391 	if (err)
8392 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
8393 			    sta->addr, err);
8394 }
8395 
8396 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
8397 					  struct ieee80211_vif *vif,
8398 					  const struct cfg80211_bitrate_mask *mask)
8399 {
8400 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8401 	struct cfg80211_chan_def def;
8402 	struct ath10k *ar = arvif->ar;
8403 	enum nl80211_band band;
8404 	const u8 *ht_mcs_mask;
8405 	const u16 *vht_mcs_mask;
8406 	u8 rate;
8407 	u8 nss;
8408 	u8 sgi;
8409 	u8 ldpc;
8410 	int single_nss;
8411 	int ret;
8412 	int vht_num_rates, allow_pfr;
8413 	u8 vht_pfr;
8414 	bool update_bitrate_mask = true;
8415 
8416 	if (ath10k_mac_vif_chan(vif, &def))
8417 		return -EPERM;
8418 
8419 	band = def.chan->band;
8420 	ht_mcs_mask = mask->control[band].ht_mcs;
8421 	vht_mcs_mask = mask->control[band].vht_mcs;
8422 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
8423 
8424 	sgi = mask->control[band].gi;
8425 	if (sgi == NL80211_TXRATE_FORCE_LGI)
8426 		return -EINVAL;
8427 
8428 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
8429 			     ar->normal_mode_fw.fw_file.fw_features);
8430 	if (allow_pfr) {
8431 		mutex_lock(&ar->conf_mutex);
8432 		ieee80211_iterate_stations_atomic(ar->hw,
8433 						  ath10k_mac_clr_bitrate_mask_iter,
8434 						  arvif);
8435 		mutex_unlock(&ar->conf_mutex);
8436 	}
8437 
8438 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
8439 						    &vht_num_rates)) {
8440 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8441 							      &rate, &nss,
8442 							      false);
8443 		if (ret) {
8444 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
8445 				    arvif->vdev_id, ret);
8446 			return ret;
8447 		}
8448 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
8449 							  &single_nss)) {
8450 		rate = WMI_FIXED_RATE_NONE;
8451 		nss = single_nss;
8452 	} else {
8453 		rate = WMI_FIXED_RATE_NONE;
8454 		nss = min(ar->num_rf_chains,
8455 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
8456 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
8457 
8458 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
8459 						     allow_pfr)) {
8460 			u8 vht_nss;
8461 
8462 			if (!allow_pfr || vht_num_rates != 1)
8463 				return -EINVAL;
8464 
8465 			/* Reach here, firmware supports peer fixed rate and has
8466 			 * single vht rate, and don't update vif birate_mask, as
8467 			 * the rate only for specific peer.
8468 			 */
8469 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8470 								&vht_pfr,
8471 								&vht_nss,
8472 								true);
8473 			update_bitrate_mask = false;
8474 		} else {
8475 			vht_pfr = 0;
8476 		}
8477 
8478 		mutex_lock(&ar->conf_mutex);
8479 
8480 		if (update_bitrate_mask)
8481 			arvif->bitrate_mask = *mask;
8482 		arvif->vht_num_rates = vht_num_rates;
8483 		arvif->vht_pfr = vht_pfr;
8484 		ieee80211_iterate_stations_atomic(ar->hw,
8485 						  ath10k_mac_set_bitrate_mask_iter,
8486 						  arvif);
8487 
8488 		mutex_unlock(&ar->conf_mutex);
8489 	}
8490 
8491 	mutex_lock(&ar->conf_mutex);
8492 
8493 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
8494 	if (ret) {
8495 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
8496 			    arvif->vdev_id, ret);
8497 		goto exit;
8498 	}
8499 
8500 exit:
8501 	mutex_unlock(&ar->conf_mutex);
8502 
8503 	return ret;
8504 }
8505 
8506 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
8507 				 struct ieee80211_vif *vif,
8508 				 struct ieee80211_sta *sta,
8509 				 u32 changed)
8510 {
8511 	struct ath10k *ar = hw->priv;
8512 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8513 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8514 	struct ath10k_peer *peer;
8515 	u32 bw, smps;
8516 
8517 	spin_lock_bh(&ar->data_lock);
8518 
8519 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
8520 	if (!peer) {
8521 		spin_unlock_bh(&ar->data_lock);
8522 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
8523 			    sta->addr, arvif->vdev_id);
8524 		return;
8525 	}
8526 
8527 	ath10k_dbg(ar, ATH10K_DBG_STA,
8528 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
8529 		   sta->addr, changed, sta->deflink.bandwidth,
8530 		   sta->deflink.rx_nss,
8531 		   sta->deflink.smps_mode);
8532 
8533 	if (changed & IEEE80211_RC_BW_CHANGED) {
8534 		bw = WMI_PEER_CHWIDTH_20MHZ;
8535 
8536 		switch (sta->deflink.bandwidth) {
8537 		case IEEE80211_STA_RX_BW_20:
8538 			bw = WMI_PEER_CHWIDTH_20MHZ;
8539 			break;
8540 		case IEEE80211_STA_RX_BW_40:
8541 			bw = WMI_PEER_CHWIDTH_40MHZ;
8542 			break;
8543 		case IEEE80211_STA_RX_BW_80:
8544 			bw = WMI_PEER_CHWIDTH_80MHZ;
8545 			break;
8546 		case IEEE80211_STA_RX_BW_160:
8547 			bw = WMI_PEER_CHWIDTH_160MHZ;
8548 			break;
8549 		default:
8550 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
8551 				    sta->deflink.bandwidth, sta->addr);
8552 			bw = WMI_PEER_CHWIDTH_20MHZ;
8553 			break;
8554 		}
8555 
8556 		arsta->bw = bw;
8557 	}
8558 
8559 	if (changed & IEEE80211_RC_NSS_CHANGED)
8560 		arsta->nss = sta->deflink.rx_nss;
8561 
8562 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
8563 		smps = WMI_PEER_SMPS_PS_NONE;
8564 
8565 		switch (sta->deflink.smps_mode) {
8566 		case IEEE80211_SMPS_AUTOMATIC:
8567 		case IEEE80211_SMPS_OFF:
8568 			smps = WMI_PEER_SMPS_PS_NONE;
8569 			break;
8570 		case IEEE80211_SMPS_STATIC:
8571 			smps = WMI_PEER_SMPS_STATIC;
8572 			break;
8573 		case IEEE80211_SMPS_DYNAMIC:
8574 			smps = WMI_PEER_SMPS_DYNAMIC;
8575 			break;
8576 		case IEEE80211_SMPS_NUM_MODES:
8577 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
8578 				    sta->deflink.smps_mode, sta->addr);
8579 			smps = WMI_PEER_SMPS_PS_NONE;
8580 			break;
8581 		}
8582 
8583 		arsta->smps = smps;
8584 	}
8585 
8586 	arsta->changed |= changed;
8587 
8588 	spin_unlock_bh(&ar->data_lock);
8589 
8590 	ieee80211_queue_work(hw, &arsta->update_wk);
8591 }
8592 
8593 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
8594 			      struct ieee80211_vif *vif, s64 tsf_offset)
8595 {
8596 	struct ath10k *ar = hw->priv;
8597 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8598 	u32 offset, vdev_param;
8599 	int ret;
8600 
8601 	if (tsf_offset < 0) {
8602 		vdev_param = ar->wmi.vdev_param->dec_tsf;
8603 		offset = -tsf_offset;
8604 	} else {
8605 		vdev_param = ar->wmi.vdev_param->inc_tsf;
8606 		offset = tsf_offset;
8607 	}
8608 
8609 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
8610 					vdev_param, offset);
8611 
8612 	if (ret && ret != -EOPNOTSUPP)
8613 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
8614 			    offset, vdev_param, ret);
8615 }
8616 
8617 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
8618 			       struct ieee80211_vif *vif,
8619 			       struct ieee80211_ampdu_params *params)
8620 {
8621 	struct ath10k *ar = hw->priv;
8622 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8623 	struct ieee80211_sta *sta = params->sta;
8624 	enum ieee80211_ampdu_mlme_action action = params->action;
8625 	u16 tid = params->tid;
8626 
8627 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %u action %d\n",
8628 		   arvif->vdev_id, sta->addr, tid, action);
8629 
8630 	switch (action) {
8631 	case IEEE80211_AMPDU_RX_START:
8632 	case IEEE80211_AMPDU_RX_STOP:
8633 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
8634 		 * creation/removal. Do we need to verify this?
8635 		 */
8636 		return 0;
8637 	case IEEE80211_AMPDU_TX_START:
8638 	case IEEE80211_AMPDU_TX_STOP_CONT:
8639 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
8640 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
8641 	case IEEE80211_AMPDU_TX_OPERATIONAL:
8642 		/* Firmware offloads Tx aggregation entirely so deny mac80211
8643 		 * Tx aggregation requests.
8644 		 */
8645 		return -EOPNOTSUPP;
8646 	}
8647 
8648 	return -EINVAL;
8649 }
8650 
8651 static void
8652 ath10k_mac_update_rx_channel(struct ath10k *ar,
8653 			     struct ieee80211_chanctx_conf *ctx,
8654 			     struct ieee80211_vif_chanctx_switch *vifs,
8655 			     int n_vifs)
8656 {
8657 	struct cfg80211_chan_def *def = NULL;
8658 
8659 	/* Both locks are required because ar->rx_channel is modified. This
8660 	 * allows readers to hold either lock.
8661 	 */
8662 	lockdep_assert_held(&ar->conf_mutex);
8663 	lockdep_assert_held(&ar->data_lock);
8664 
8665 	WARN_ON(ctx && vifs);
8666 	WARN_ON(vifs && !n_vifs);
8667 
8668 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
8669 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
8670 	 * ppdu on Rx may reduce performance on low-end systems. It should be
8671 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
8672 	 * cpu data cache lines though regarding sizes) but to keep the initial
8673 	 * implementation simple and less intrusive fallback to the slow lookup
8674 	 * only for multi-channel cases. Single-channel cases will remain to
8675 	 * use the old channel derival and thus performance should not be
8676 	 * affected much.
8677 	 */
8678 	rcu_read_lock();
8679 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
8680 		ieee80211_iter_chan_contexts_atomic(ar->hw,
8681 						    ath10k_mac_get_any_chandef_iter,
8682 						    &def);
8683 
8684 		if (vifs)
8685 			def = &vifs[0].new_ctx->def;
8686 
8687 		ar->rx_channel = def->chan;
8688 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
8689 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
8690 		/* During driver restart due to firmware assert, since mac80211
8691 		 * already has valid channel context for given radio, channel
8692 		 * context iteration return num_chanctx > 0. So fix rx_channel
8693 		 * when restart is in progress.
8694 		 */
8695 		ar->rx_channel = ctx->def.chan;
8696 	} else {
8697 		ar->rx_channel = NULL;
8698 	}
8699 	rcu_read_unlock();
8700 }
8701 
8702 static void
8703 ath10k_mac_update_vif_chan(struct ath10k *ar,
8704 			   struct ieee80211_vif_chanctx_switch *vifs,
8705 			   int n_vifs)
8706 {
8707 	struct ath10k_vif *arvif;
8708 	int ret;
8709 	int i;
8710 
8711 	lockdep_assert_held(&ar->conf_mutex);
8712 
8713 	/* First stop monitor interface. Some FW versions crash if there's a
8714 	 * lone monitor interface.
8715 	 */
8716 	if (ar->monitor_started)
8717 		ath10k_monitor_stop(ar);
8718 
8719 	for (i = 0; i < n_vifs; i++) {
8720 		arvif = (void *)vifs[i].vif->drv_priv;
8721 
8722 		ath10k_dbg(ar, ATH10K_DBG_MAC,
8723 			   "mac chanctx switch vdev_id %i freq %u->%u width %d->%d\n",
8724 			   arvif->vdev_id,
8725 			   vifs[i].old_ctx->def.chan->center_freq,
8726 			   vifs[i].new_ctx->def.chan->center_freq,
8727 			   vifs[i].old_ctx->def.width,
8728 			   vifs[i].new_ctx->def.width);
8729 
8730 		if (WARN_ON(!arvif->is_started))
8731 			continue;
8732 
8733 		if (WARN_ON(!arvif->is_up))
8734 			continue;
8735 
8736 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8737 		if (ret) {
8738 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
8739 				    arvif->vdev_id, ret);
8740 			continue;
8741 		}
8742 	}
8743 
8744 	/* All relevant vdevs are downed and associated channel resources
8745 	 * should be available for the channel switch now.
8746 	 */
8747 
8748 	spin_lock_bh(&ar->data_lock);
8749 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
8750 	spin_unlock_bh(&ar->data_lock);
8751 
8752 	for (i = 0; i < n_vifs; i++) {
8753 		arvif = (void *)vifs[i].vif->drv_priv;
8754 
8755 		if (WARN_ON(!arvif->is_started))
8756 			continue;
8757 
8758 		if (WARN_ON(!arvif->is_up))
8759 			continue;
8760 
8761 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
8762 		if (ret)
8763 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
8764 				    ret);
8765 
8766 		ret = ath10k_mac_setup_prb_tmpl(arvif);
8767 		if (ret)
8768 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
8769 				    ret);
8770 
8771 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
8772 		if (ret) {
8773 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
8774 				    arvif->vdev_id, ret);
8775 			continue;
8776 		}
8777 
8778 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
8779 					 arvif->bssid);
8780 		if (ret) {
8781 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
8782 				    arvif->vdev_id, ret);
8783 			continue;
8784 		}
8785 	}
8786 
8787 	ath10k_monitor_recalc(ar);
8788 }
8789 
8790 static int
8791 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
8792 			  struct ieee80211_chanctx_conf *ctx)
8793 {
8794 	struct ath10k *ar = hw->priv;
8795 
8796 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8797 		   "mac chanctx add freq %u width %d ptr %pK\n",
8798 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8799 
8800 	mutex_lock(&ar->conf_mutex);
8801 
8802 	spin_lock_bh(&ar->data_lock);
8803 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
8804 	spin_unlock_bh(&ar->data_lock);
8805 
8806 	ath10k_recalc_radar_detection(ar);
8807 	ath10k_monitor_recalc(ar);
8808 
8809 	mutex_unlock(&ar->conf_mutex);
8810 
8811 	return 0;
8812 }
8813 
8814 static void
8815 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
8816 			     struct ieee80211_chanctx_conf *ctx)
8817 {
8818 	struct ath10k *ar = hw->priv;
8819 
8820 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8821 		   "mac chanctx remove freq %u width %d ptr %pK\n",
8822 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8823 
8824 	mutex_lock(&ar->conf_mutex);
8825 
8826 	spin_lock_bh(&ar->data_lock);
8827 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
8828 	spin_unlock_bh(&ar->data_lock);
8829 
8830 	ath10k_recalc_radar_detection(ar);
8831 	ath10k_monitor_recalc(ar);
8832 
8833 	mutex_unlock(&ar->conf_mutex);
8834 }
8835 
8836 struct ath10k_mac_change_chanctx_arg {
8837 	struct ieee80211_chanctx_conf *ctx;
8838 	struct ieee80211_vif_chanctx_switch *vifs;
8839 	int n_vifs;
8840 	int next_vif;
8841 };
8842 
8843 static void
8844 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8845 				   struct ieee80211_vif *vif)
8846 {
8847 	struct ath10k_mac_change_chanctx_arg *arg = data;
8848 
8849 	if (rcu_access_pointer(vif->bss_conf.chanctx_conf) != arg->ctx)
8850 		return;
8851 
8852 	arg->n_vifs++;
8853 }
8854 
8855 static void
8856 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8857 				    struct ieee80211_vif *vif)
8858 {
8859 	struct ath10k_mac_change_chanctx_arg *arg = data;
8860 	struct ieee80211_chanctx_conf *ctx;
8861 
8862 	ctx = rcu_access_pointer(vif->bss_conf.chanctx_conf);
8863 	if (ctx != arg->ctx)
8864 		return;
8865 
8866 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8867 		return;
8868 
8869 	arg->vifs[arg->next_vif].vif = vif;
8870 	arg->vifs[arg->next_vif].old_ctx = ctx;
8871 	arg->vifs[arg->next_vif].new_ctx = ctx;
8872 	arg->next_vif++;
8873 }
8874 
8875 static void
8876 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8877 			     struct ieee80211_chanctx_conf *ctx,
8878 			     u32 changed)
8879 {
8880 	struct ath10k *ar = hw->priv;
8881 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8882 
8883 	mutex_lock(&ar->conf_mutex);
8884 
8885 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8886 		   "mac chanctx change freq %u width %d ptr %pK changed %x\n",
8887 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8888 
8889 	/* This shouldn't really happen because channel switching should use
8890 	 * switch_vif_chanctx().
8891 	 */
8892 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8893 		goto unlock;
8894 
8895 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8896 		ieee80211_iterate_active_interfaces_atomic(
8897 					hw,
8898 					ATH10K_ITER_NORMAL_FLAGS,
8899 					ath10k_mac_change_chanctx_cnt_iter,
8900 					&arg);
8901 		if (arg.n_vifs == 0)
8902 			goto radar;
8903 
8904 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8905 				   GFP_KERNEL);
8906 		if (!arg.vifs)
8907 			goto radar;
8908 
8909 		ieee80211_iterate_active_interfaces_atomic(
8910 					hw,
8911 					ATH10K_ITER_NORMAL_FLAGS,
8912 					ath10k_mac_change_chanctx_fill_iter,
8913 					&arg);
8914 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8915 		kfree(arg.vifs);
8916 	}
8917 
8918 radar:
8919 	ath10k_recalc_radar_detection(ar);
8920 
8921 	/* FIXME: How to configure Rx chains properly? */
8922 
8923 	/* No other actions are actually necessary. Firmware maintains channel
8924 	 * definitions per vdev internally and there's no host-side channel
8925 	 * context abstraction to configure, e.g. channel width.
8926 	 */
8927 
8928 unlock:
8929 	mutex_unlock(&ar->conf_mutex);
8930 }
8931 
8932 static int
8933 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8934 				 struct ieee80211_vif *vif,
8935 				 struct ieee80211_bss_conf *link_conf,
8936 				 struct ieee80211_chanctx_conf *ctx)
8937 {
8938 	struct ath10k *ar = hw->priv;
8939 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8940 	int ret;
8941 
8942 	mutex_lock(&ar->conf_mutex);
8943 
8944 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8945 		   "mac chanctx assign ptr %pK vdev_id %i\n",
8946 		   ctx, arvif->vdev_id);
8947 
8948 	if (WARN_ON(arvif->is_started)) {
8949 		mutex_unlock(&ar->conf_mutex);
8950 		return -EBUSY;
8951 	}
8952 
8953 	ret = ath10k_vdev_start(arvif, &ctx->def);
8954 	if (ret) {
8955 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
8956 			    arvif->vdev_id, vif->addr,
8957 			    ctx->def.chan->center_freq, ret);
8958 		goto err;
8959 	}
8960 
8961 	arvif->is_started = true;
8962 
8963 	ret = ath10k_mac_vif_setup_ps(arvif);
8964 	if (ret) {
8965 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
8966 			    arvif->vdev_id, ret);
8967 		goto err_stop;
8968 	}
8969 
8970 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8971 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
8972 		if (ret) {
8973 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
8974 				    arvif->vdev_id, ret);
8975 			goto err_stop;
8976 		}
8977 
8978 		arvif->is_up = true;
8979 	}
8980 
8981 	if (ath10k_mac_can_set_cts_prot(arvif)) {
8982 		ret = ath10k_mac_set_cts_prot(arvif);
8983 		if (ret)
8984 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
8985 				    arvif->vdev_id, ret);
8986 	}
8987 
8988 	if (ath10k_peer_stats_enabled(ar) &&
8989 	    ar->hw_params.tx_stats_over_pktlog) {
8990 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
8991 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
8992 						    ar->pktlog_filter);
8993 		if (ret) {
8994 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
8995 			goto err_stop;
8996 		}
8997 	}
8998 
8999 	mutex_unlock(&ar->conf_mutex);
9000 	return 0;
9001 
9002 err_stop:
9003 	ath10k_vdev_stop(arvif);
9004 	arvif->is_started = false;
9005 	ath10k_mac_vif_setup_ps(arvif);
9006 
9007 err:
9008 	mutex_unlock(&ar->conf_mutex);
9009 	return ret;
9010 }
9011 
9012 static void
9013 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
9014 				   struct ieee80211_vif *vif,
9015 				   struct ieee80211_bss_conf *link_conf,
9016 				   struct ieee80211_chanctx_conf *ctx)
9017 {
9018 	struct ath10k *ar = hw->priv;
9019 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9020 	int ret;
9021 
9022 	mutex_lock(&ar->conf_mutex);
9023 
9024 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9025 		   "mac chanctx unassign ptr %pK vdev_id %i\n",
9026 		   ctx, arvif->vdev_id);
9027 
9028 	WARN_ON(!arvif->is_started);
9029 
9030 	if (vif->type == NL80211_IFTYPE_MONITOR) {
9031 		WARN_ON(!arvif->is_up);
9032 
9033 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
9034 		if (ret)
9035 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
9036 				    arvif->vdev_id, ret);
9037 
9038 		arvif->is_up = false;
9039 	}
9040 
9041 	ret = ath10k_vdev_stop(arvif);
9042 	if (ret)
9043 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
9044 			    arvif->vdev_id, ret);
9045 
9046 	arvif->is_started = false;
9047 
9048 	mutex_unlock(&ar->conf_mutex);
9049 }
9050 
9051 static int
9052 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
9053 				 struct ieee80211_vif_chanctx_switch *vifs,
9054 				 int n_vifs,
9055 				 enum ieee80211_chanctx_switch_mode mode)
9056 {
9057 	struct ath10k *ar = hw->priv;
9058 
9059 	mutex_lock(&ar->conf_mutex);
9060 
9061 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9062 		   "mac chanctx switch n_vifs %d mode %d\n",
9063 		   n_vifs, mode);
9064 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
9065 
9066 	mutex_unlock(&ar->conf_mutex);
9067 	return 0;
9068 }
9069 
9070 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
9071 					     struct ieee80211_vif *vif,
9072 					     struct ieee80211_sta *sta)
9073 {
9074 	struct ath10k *ar;
9075 	struct ath10k_peer *peer;
9076 
9077 	ar = hw->priv;
9078 
9079 	list_for_each_entry(peer, &ar->peers, list)
9080 		if (peer->sta == sta)
9081 			peer->removed = true;
9082 }
9083 
9084 /* HT MCS parameters with Nss = 1 */
9085 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss1[] = {
9086 	/* MCS  L20   L40   S20  S40 */
9087 	{0,  { 65,  135,  72,  150} },
9088 	{1,  { 130, 270,  144, 300} },
9089 	{2,  { 195, 405,  217, 450} },
9090 	{3,  { 260, 540,  289, 600} },
9091 	{4,  { 390, 810,  433, 900} },
9092 	{5,  { 520, 1080, 578, 1200} },
9093 	{6,  { 585, 1215, 650, 1350} },
9094 	{7,  { 650, 1350, 722, 1500} }
9095 };
9096 
9097 /* HT MCS parameters with Nss = 2 */
9098 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss2[] = {
9099 	/* MCS  L20    L40   S20   S40 */
9100 	{0,  {130,  270,  144,  300} },
9101 	{1,  {260,  540,  289,  600} },
9102 	{2,  {390,  810,  433,  900} },
9103 	{3,  {520,  1080, 578,  1200} },
9104 	{4,  {780,  1620, 867,  1800} },
9105 	{5,  {1040, 2160, 1156, 2400} },
9106 	{6,  {1170, 2430, 1300, 2700} },
9107 	{7,  {1300, 2700, 1444, 3000} }
9108 };
9109 
9110 /* MCS parameters with Nss = 1 */
9111 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[] = {
9112 	/* MCS  L80    S80     L40   S40    L20   S20 */
9113 	{0,  {293,  325},  {135,  150},  {65,   72} },
9114 	{1,  {585,  650},  {270,  300},  {130,  144} },
9115 	{2,  {878,  975},  {405,  450},  {195,  217} },
9116 	{3,  {1170, 1300}, {540,  600},  {260,  289} },
9117 	{4,  {1755, 1950}, {810,  900},  {390,  433} },
9118 	{5,  {2340, 2600}, {1080, 1200}, {520,  578} },
9119 	{6,  {2633, 2925}, {1215, 1350}, {585,  650} },
9120 	{7,  {2925, 3250}, {1350, 1500}, {650,  722} },
9121 	{8,  {3510, 3900}, {1620, 1800}, {780,  867} },
9122 	{9,  {3900, 4333}, {1800, 2000}, {780,  867} }
9123 };
9124 
9125 /*MCS parameters with Nss = 2 */
9126 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[] = {
9127 	/* MCS  L80    S80     L40   S40    L20   S20 */
9128 	{0,  {585,  650},  {270,  300},  {130,  144} },
9129 	{1,  {1170, 1300}, {540,  600},  {260,  289} },
9130 	{2,  {1755, 1950}, {810,  900},  {390,  433} },
9131 	{3,  {2340, 2600}, {1080, 1200}, {520,  578} },
9132 	{4,  {3510, 3900}, {1620, 1800}, {780,  867} },
9133 	{5,  {4680, 5200}, {2160, 2400}, {1040, 1156} },
9134 	{6,  {5265, 5850}, {2430, 2700}, {1170, 1300} },
9135 	{7,  {5850, 6500}, {2700, 3000}, {1300, 1444} },
9136 	{8,  {7020, 7800}, {3240, 3600}, {1560, 1733} },
9137 	{9,  {7800, 8667}, {3600, 4000}, {1560, 1733} }
9138 };
9139 
9140 static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9141 					 u8 *flags, u8 *bw)
9142 {
9143 	struct ath10k_index_ht_data_rate_type *mcs_rate;
9144 	u8 index;
9145 	size_t len_nss1 = ARRAY_SIZE(supported_ht_mcs_rate_nss1);
9146 	size_t len_nss2 = ARRAY_SIZE(supported_ht_mcs_rate_nss2);
9147 
9148 	if (mcs >= (len_nss1 + len_nss2)) {
9149 		ath10k_warn(ar, "not supported mcs %d in current rate table", mcs);
9150 		return;
9151 	}
9152 
9153 	mcs_rate = (struct ath10k_index_ht_data_rate_type *)
9154 		   ((nss == 1) ? &supported_ht_mcs_rate_nss1 :
9155 		   &supported_ht_mcs_rate_nss2);
9156 
9157 	if (mcs >= len_nss1)
9158 		index = mcs - len_nss1;
9159 	else
9160 		index = mcs;
9161 
9162 	if (rate == mcs_rate[index].supported_rate[0]) {
9163 		*bw = RATE_INFO_BW_20;
9164 	} else if (rate == mcs_rate[index].supported_rate[1]) {
9165 		*bw |= RATE_INFO_BW_40;
9166 	} else if (rate == mcs_rate[index].supported_rate[2]) {
9167 		*bw |= RATE_INFO_BW_20;
9168 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9169 	} else if (rate == mcs_rate[index].supported_rate[3]) {
9170 		*bw |= RATE_INFO_BW_40;
9171 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9172 	} else {
9173 		ath10k_warn(ar, "invalid ht params rate %d 100kbps nss %d mcs %d",
9174 			    rate, nss, mcs);
9175 	}
9176 }
9177 
9178 static void ath10k_mac_get_rate_flags_vht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9179 					  u8 *flags, u8 *bw)
9180 {
9181 	struct ath10k_index_vht_data_rate_type *mcs_rate;
9182 
9183 	mcs_rate = (struct ath10k_index_vht_data_rate_type *)
9184 		   ((nss == 1) ? &supported_vht_mcs_rate_nss1 :
9185 		   &supported_vht_mcs_rate_nss2);
9186 
9187 	if (rate == mcs_rate[mcs].supported_VHT80_rate[0]) {
9188 		*bw = RATE_INFO_BW_80;
9189 	} else if (rate == mcs_rate[mcs].supported_VHT80_rate[1]) {
9190 		*bw = RATE_INFO_BW_80;
9191 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9192 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[0]) {
9193 		*bw = RATE_INFO_BW_40;
9194 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[1]) {
9195 		*bw = RATE_INFO_BW_40;
9196 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9197 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[0]) {
9198 		*bw = RATE_INFO_BW_20;
9199 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[1]) {
9200 		*bw = RATE_INFO_BW_20;
9201 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9202 	} else {
9203 		ath10k_warn(ar, "invalid vht params rate %d 100kbps nss %d mcs %d",
9204 			    rate, nss, mcs);
9205 	}
9206 }
9207 
9208 static void ath10k_mac_get_rate_flags(struct ath10k *ar, u32 rate,
9209 				      enum ath10k_phy_mode mode, u8 nss, u8 mcs,
9210 				      u8 *flags, u8 *bw)
9211 {
9212 	if (mode == ATH10K_PHY_MODE_HT) {
9213 		*flags = RATE_INFO_FLAGS_MCS;
9214 		ath10k_mac_get_rate_flags_ht(ar, rate, nss, mcs, flags, bw);
9215 	} else if (mode == ATH10K_PHY_MODE_VHT) {
9216 		*flags = RATE_INFO_FLAGS_VHT_MCS;
9217 		ath10k_mac_get_rate_flags_vht(ar, rate, nss, mcs, flags, bw);
9218 	}
9219 }
9220 
9221 static void ath10k_mac_parse_bitrate(struct ath10k *ar, u32 rate_code,
9222 				     u32 bitrate_kbps, struct rate_info *rate)
9223 {
9224 	enum ath10k_phy_mode mode = ATH10K_PHY_MODE_LEGACY;
9225 	enum wmi_rate_preamble preamble = WMI_TLV_GET_HW_RC_PREAM_V1(rate_code);
9226 	u8 nss = WMI_TLV_GET_HW_RC_NSS_V1(rate_code) + 1;
9227 	u8 mcs = WMI_TLV_GET_HW_RC_RATE_V1(rate_code);
9228 	u8 flags = 0, bw = 0;
9229 
9230 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac parse rate code 0x%x bitrate %d kbps\n",
9231 		   rate_code, bitrate_kbps);
9232 
9233 	if (preamble == WMI_RATE_PREAMBLE_HT)
9234 		mode = ATH10K_PHY_MODE_HT;
9235 	else if (preamble == WMI_RATE_PREAMBLE_VHT)
9236 		mode = ATH10K_PHY_MODE_VHT;
9237 
9238 	ath10k_mac_get_rate_flags(ar, bitrate_kbps / 100, mode, nss, mcs, &flags, &bw);
9239 
9240 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9241 		   "mac parse bitrate preamble %d mode %d nss %d mcs %d flags %x bw %d\n",
9242 		   preamble, mode, nss, mcs, flags, bw);
9243 
9244 	rate->flags = flags;
9245 	rate->bw = bw;
9246 	rate->legacy = bitrate_kbps / 100;
9247 	rate->nss = nss;
9248 	rate->mcs = mcs;
9249 }
9250 
9251 static void ath10k_mac_sta_get_peer_stats_info(struct ath10k *ar,
9252 					       struct ieee80211_sta *sta,
9253 					       struct station_info *sinfo)
9254 {
9255 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9256 	struct ath10k_peer *peer;
9257 	unsigned long time_left;
9258 	int ret;
9259 
9260 	if (!(ar->hw_params.supports_peer_stats_info &&
9261 	      arsta->arvif->vdev_type == WMI_VDEV_TYPE_STA))
9262 		return;
9263 
9264 	spin_lock_bh(&ar->data_lock);
9265 	peer = ath10k_peer_find(ar, arsta->arvif->vdev_id, sta->addr);
9266 	spin_unlock_bh(&ar->data_lock);
9267 	if (!peer)
9268 		return;
9269 
9270 	reinit_completion(&ar->peer_stats_info_complete);
9271 
9272 	ret = ath10k_wmi_request_peer_stats_info(ar,
9273 						 arsta->arvif->vdev_id,
9274 						 WMI_REQUEST_ONE_PEER_STATS_INFO,
9275 						 arsta->arvif->bssid,
9276 						 0);
9277 	if (ret && ret != -EOPNOTSUPP) {
9278 		ath10k_warn(ar, "could not request peer stats info: %d\n", ret);
9279 		return;
9280 	}
9281 
9282 	time_left = wait_for_completion_timeout(&ar->peer_stats_info_complete, 3 * HZ);
9283 	if (time_left == 0) {
9284 		ath10k_warn(ar, "timed out waiting peer stats info\n");
9285 		return;
9286 	}
9287 
9288 	if (arsta->rx_rate_code != 0 && arsta->rx_bitrate_kbps != 0) {
9289 		ath10k_mac_parse_bitrate(ar, arsta->rx_rate_code,
9290 					 arsta->rx_bitrate_kbps,
9291 					 &sinfo->rxrate);
9292 
9293 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
9294 		arsta->rx_rate_code = 0;
9295 		arsta->rx_bitrate_kbps = 0;
9296 	}
9297 
9298 	if (arsta->tx_rate_code != 0 && arsta->tx_bitrate_kbps != 0) {
9299 		ath10k_mac_parse_bitrate(ar, arsta->tx_rate_code,
9300 					 arsta->tx_bitrate_kbps,
9301 					 &sinfo->txrate);
9302 
9303 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9304 		arsta->tx_rate_code = 0;
9305 		arsta->tx_bitrate_kbps = 0;
9306 	}
9307 }
9308 
9309 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
9310 				  struct ieee80211_vif *vif,
9311 				  struct ieee80211_sta *sta,
9312 				  struct station_info *sinfo)
9313 {
9314 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9315 	struct ath10k *ar = arsta->arvif->ar;
9316 
9317 	if (!ath10k_peer_stats_enabled(ar))
9318 		return;
9319 
9320 	mutex_lock(&ar->conf_mutex);
9321 	ath10k_debug_fw_stats_request(ar);
9322 	mutex_unlock(&ar->conf_mutex);
9323 
9324 	sinfo->rx_duration = arsta->rx_duration;
9325 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
9326 
9327 	if (arsta->txrate.legacy || arsta->txrate.nss) {
9328 		if (arsta->txrate.legacy) {
9329 			sinfo->txrate.legacy = arsta->txrate.legacy;
9330 		} else {
9331 			sinfo->txrate.mcs = arsta->txrate.mcs;
9332 			sinfo->txrate.nss = arsta->txrate.nss;
9333 			sinfo->txrate.bw = arsta->txrate.bw;
9334 		}
9335 		sinfo->txrate.flags = arsta->txrate.flags;
9336 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9337 	}
9338 
9339 	if (ar->htt.disable_tx_comp) {
9340 		sinfo->tx_failed = arsta->tx_failed;
9341 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
9342 	}
9343 
9344 	sinfo->tx_retries = arsta->tx_retries;
9345 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
9346 
9347 	ath10k_mac_sta_get_peer_stats_info(ar, sta, sinfo);
9348 }
9349 
9350 static int ath10k_mac_op_set_tid_config(struct ieee80211_hw *hw,
9351 					struct ieee80211_vif *vif,
9352 					struct ieee80211_sta *sta,
9353 					struct cfg80211_tid_config *tid_config)
9354 {
9355 	struct ath10k *ar = hw->priv;
9356 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9357 	struct ath10k_mac_iter_tid_conf_data data = {};
9358 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
9359 	int ret, i;
9360 
9361 	mutex_lock(&ar->conf_mutex);
9362 	arg.vdev_id = arvif->vdev_id;
9363 
9364 	arvif->tids_rst = 0;
9365 	memset(arvif->tid_conf_changed, 0, sizeof(arvif->tid_conf_changed));
9366 
9367 	for (i = 0; i < tid_config->n_tid_conf; i++) {
9368 		ret = ath10k_mac_parse_tid_config(ar, sta, vif,
9369 						  &tid_config->tid_conf[i],
9370 						  &arg);
9371 		if (ret)
9372 			goto exit;
9373 	}
9374 
9375 	ret = 0;
9376 
9377 	if (sta)
9378 		goto exit;
9379 
9380 	arvif->tids_rst = 0;
9381 	data.curr_vif = vif;
9382 	data.ar = ar;
9383 
9384 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9385 					  &data);
9386 
9387 exit:
9388 	mutex_unlock(&ar->conf_mutex);
9389 	return ret;
9390 }
9391 
9392 static int ath10k_mac_op_reset_tid_config(struct ieee80211_hw *hw,
9393 					  struct ieee80211_vif *vif,
9394 					  struct ieee80211_sta *sta,
9395 					  u8 tids)
9396 {
9397 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9398 	struct ath10k_mac_iter_tid_conf_data data = {};
9399 	struct ath10k *ar = hw->priv;
9400 	int ret = 0;
9401 
9402 	mutex_lock(&ar->conf_mutex);
9403 
9404 	if (sta) {
9405 		arvif->tids_rst = 0;
9406 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif, tids);
9407 		goto exit;
9408 	}
9409 
9410 	arvif->tids_rst = tids;
9411 	data.curr_vif = vif;
9412 	data.ar = ar;
9413 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9414 					  &data);
9415 
9416 exit:
9417 	mutex_unlock(&ar->conf_mutex);
9418 	return ret;
9419 }
9420 
9421 static const struct ieee80211_ops ath10k_ops = {
9422 	.tx				= ath10k_mac_op_tx,
9423 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
9424 	.start				= ath10k_start,
9425 	.stop				= ath10k_stop,
9426 	.config				= ath10k_config,
9427 	.add_interface			= ath10k_add_interface,
9428 	.update_vif_offload		= ath10k_update_vif_offload,
9429 	.remove_interface		= ath10k_remove_interface,
9430 	.configure_filter		= ath10k_configure_filter,
9431 	.bss_info_changed		= ath10k_bss_info_changed,
9432 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
9433 	.hw_scan			= ath10k_hw_scan,
9434 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
9435 	.set_key			= ath10k_set_key,
9436 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
9437 	.sta_state			= ath10k_sta_state,
9438 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
9439 	.conf_tx			= ath10k_conf_tx,
9440 	.remain_on_channel		= ath10k_remain_on_channel,
9441 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
9442 	.set_rts_threshold		= ath10k_set_rts_threshold,
9443 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
9444 	.flush				= ath10k_flush,
9445 	.tx_last_beacon			= ath10k_tx_last_beacon,
9446 	.set_antenna			= ath10k_set_antenna,
9447 	.get_antenna			= ath10k_get_antenna,
9448 	.reconfig_complete		= ath10k_reconfig_complete,
9449 	.get_survey			= ath10k_get_survey,
9450 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
9451 	.sta_rc_update			= ath10k_sta_rc_update,
9452 	.offset_tsf			= ath10k_offset_tsf,
9453 	.ampdu_action			= ath10k_ampdu_action,
9454 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
9455 	.get_et_stats			= ath10k_debug_get_et_stats,
9456 	.get_et_strings			= ath10k_debug_get_et_strings,
9457 	.add_chanctx			= ath10k_mac_op_add_chanctx,
9458 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
9459 	.change_chanctx			= ath10k_mac_op_change_chanctx,
9460 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
9461 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
9462 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
9463 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
9464 	.sta_statistics			= ath10k_sta_statistics,
9465 	.set_tid_config			= ath10k_mac_op_set_tid_config,
9466 	.reset_tid_config		= ath10k_mac_op_reset_tid_config,
9467 
9468 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
9469 
9470 #ifdef CONFIG_PM
9471 	.suspend			= ath10k_wow_op_suspend,
9472 	.resume				= ath10k_wow_op_resume,
9473 	.set_wakeup			= ath10k_wow_op_set_wakeup,
9474 #endif
9475 #ifdef CONFIG_MAC80211_DEBUGFS
9476 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
9477 #endif
9478 	.set_sar_specs			= ath10k_mac_set_sar_specs,
9479 };
9480 
9481 #define CHAN2G(_channel, _freq, _flags) { \
9482 	.band			= NL80211_BAND_2GHZ, \
9483 	.hw_value		= (_channel), \
9484 	.center_freq		= (_freq), \
9485 	.flags			= (_flags), \
9486 	.max_antenna_gain	= 0, \
9487 	.max_power		= 30, \
9488 }
9489 
9490 #define CHAN5G(_channel, _freq, _flags) { \
9491 	.band			= NL80211_BAND_5GHZ, \
9492 	.hw_value		= (_channel), \
9493 	.center_freq		= (_freq), \
9494 	.flags			= (_flags), \
9495 	.max_antenna_gain	= 0, \
9496 	.max_power		= 30, \
9497 }
9498 
9499 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
9500 	CHAN2G(1, 2412, 0),
9501 	CHAN2G(2, 2417, 0),
9502 	CHAN2G(3, 2422, 0),
9503 	CHAN2G(4, 2427, 0),
9504 	CHAN2G(5, 2432, 0),
9505 	CHAN2G(6, 2437, 0),
9506 	CHAN2G(7, 2442, 0),
9507 	CHAN2G(8, 2447, 0),
9508 	CHAN2G(9, 2452, 0),
9509 	CHAN2G(10, 2457, 0),
9510 	CHAN2G(11, 2462, 0),
9511 	CHAN2G(12, 2467, 0),
9512 	CHAN2G(13, 2472, 0),
9513 	CHAN2G(14, 2484, 0),
9514 };
9515 
9516 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
9517 	CHAN5G(36, 5180, 0),
9518 	CHAN5G(40, 5200, 0),
9519 	CHAN5G(44, 5220, 0),
9520 	CHAN5G(48, 5240, 0),
9521 	CHAN5G(52, 5260, 0),
9522 	CHAN5G(56, 5280, 0),
9523 	CHAN5G(60, 5300, 0),
9524 	CHAN5G(64, 5320, 0),
9525 	CHAN5G(100, 5500, 0),
9526 	CHAN5G(104, 5520, 0),
9527 	CHAN5G(108, 5540, 0),
9528 	CHAN5G(112, 5560, 0),
9529 	CHAN5G(116, 5580, 0),
9530 	CHAN5G(120, 5600, 0),
9531 	CHAN5G(124, 5620, 0),
9532 	CHAN5G(128, 5640, 0),
9533 	CHAN5G(132, 5660, 0),
9534 	CHAN5G(136, 5680, 0),
9535 	CHAN5G(140, 5700, 0),
9536 	CHAN5G(144, 5720, 0),
9537 	CHAN5G(149, 5745, 0),
9538 	CHAN5G(153, 5765, 0),
9539 	CHAN5G(157, 5785, 0),
9540 	CHAN5G(161, 5805, 0),
9541 	CHAN5G(165, 5825, 0),
9542 	CHAN5G(169, 5845, 0),
9543 	CHAN5G(173, 5865, 0),
9544 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
9545 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
9546 };
9547 
9548 struct ath10k *ath10k_mac_create(size_t priv_size)
9549 {
9550 	struct ieee80211_hw *hw;
9551 	struct ieee80211_ops *ops;
9552 	struct ath10k *ar;
9553 
9554 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
9555 	if (!ops)
9556 		return NULL;
9557 
9558 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
9559 	if (!hw) {
9560 		kfree(ops);
9561 		return NULL;
9562 	}
9563 
9564 	ar = hw->priv;
9565 	ar->hw = hw;
9566 	ar->ops = ops;
9567 
9568 	return ar;
9569 }
9570 
9571 void ath10k_mac_destroy(struct ath10k *ar)
9572 {
9573 	struct ieee80211_ops *ops = ar->ops;
9574 
9575 	ieee80211_free_hw(ar->hw);
9576 	kfree(ops);
9577 }
9578 
9579 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
9580 	{
9581 		.max	= 8,
9582 		.types	= BIT(NL80211_IFTYPE_STATION)
9583 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
9584 	},
9585 	{
9586 		.max	= 3,
9587 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
9588 	},
9589 	{
9590 		.max	= 1,
9591 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
9592 	},
9593 	{
9594 		.max	= 7,
9595 		.types	= BIT(NL80211_IFTYPE_AP)
9596 #ifdef CONFIG_MAC80211_MESH
9597 			| BIT(NL80211_IFTYPE_MESH_POINT)
9598 #endif
9599 	},
9600 };
9601 
9602 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
9603 	{
9604 		.max	= 8,
9605 		.types	= BIT(NL80211_IFTYPE_AP)
9606 #ifdef CONFIG_MAC80211_MESH
9607 			| BIT(NL80211_IFTYPE_MESH_POINT)
9608 #endif
9609 	},
9610 	{
9611 		.max	= 1,
9612 		.types	= BIT(NL80211_IFTYPE_STATION)
9613 	},
9614 };
9615 
9616 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
9617 	{
9618 		.limits = ath10k_if_limits,
9619 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
9620 		.max_interfaces = 8,
9621 		.num_different_channels = 1,
9622 		.beacon_int_infra_match = true,
9623 	},
9624 };
9625 
9626 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
9627 	{
9628 		.limits = ath10k_10x_if_limits,
9629 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
9630 		.max_interfaces = 8,
9631 		.num_different_channels = 1,
9632 		.beacon_int_infra_match = true,
9633 		.beacon_int_min_gcd = 1,
9634 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9635 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9636 					BIT(NL80211_CHAN_WIDTH_20) |
9637 					BIT(NL80211_CHAN_WIDTH_40) |
9638 					BIT(NL80211_CHAN_WIDTH_80),
9639 #endif
9640 	},
9641 };
9642 
9643 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
9644 	{
9645 		.max = 2,
9646 		.types = BIT(NL80211_IFTYPE_STATION),
9647 	},
9648 	{
9649 		.max = 2,
9650 		.types = BIT(NL80211_IFTYPE_AP) |
9651 #ifdef CONFIG_MAC80211_MESH
9652 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9653 #endif
9654 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
9655 			 BIT(NL80211_IFTYPE_P2P_GO),
9656 	},
9657 	{
9658 		.max = 1,
9659 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9660 	},
9661 };
9662 
9663 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
9664 	{
9665 		.max = 2,
9666 		.types = BIT(NL80211_IFTYPE_STATION),
9667 	},
9668 	{
9669 		.max = 2,
9670 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
9671 	},
9672 	{
9673 		.max = 1,
9674 		.types = BIT(NL80211_IFTYPE_AP) |
9675 #ifdef CONFIG_MAC80211_MESH
9676 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9677 #endif
9678 			 BIT(NL80211_IFTYPE_P2P_GO),
9679 	},
9680 	{
9681 		.max = 1,
9682 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9683 	},
9684 };
9685 
9686 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
9687 	{
9688 		.max = 1,
9689 		.types = BIT(NL80211_IFTYPE_STATION),
9690 	},
9691 	{
9692 		.max = 1,
9693 		.types = BIT(NL80211_IFTYPE_ADHOC),
9694 	},
9695 };
9696 
9697 /* FIXME: This is not thoroughly tested. These combinations may over- or
9698  * underestimate hw/fw capabilities.
9699  */
9700 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
9701 	{
9702 		.limits = ath10k_tlv_if_limit,
9703 		.num_different_channels = 1,
9704 		.max_interfaces = 4,
9705 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9706 	},
9707 	{
9708 		.limits = ath10k_tlv_if_limit_ibss,
9709 		.num_different_channels = 1,
9710 		.max_interfaces = 2,
9711 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9712 	},
9713 };
9714 
9715 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
9716 	{
9717 		.limits = ath10k_tlv_if_limit,
9718 		.num_different_channels = 1,
9719 		.max_interfaces = 4,
9720 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9721 	},
9722 	{
9723 		.limits = ath10k_tlv_qcs_if_limit,
9724 		.num_different_channels = 2,
9725 		.max_interfaces = 4,
9726 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
9727 	},
9728 	{
9729 		.limits = ath10k_tlv_if_limit_ibss,
9730 		.num_different_channels = 1,
9731 		.max_interfaces = 2,
9732 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9733 	},
9734 };
9735 
9736 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
9737 	{
9738 		.max = 1,
9739 		.types = BIT(NL80211_IFTYPE_STATION),
9740 	},
9741 	{
9742 		.max	= 16,
9743 		.types	= BIT(NL80211_IFTYPE_AP)
9744 #ifdef CONFIG_MAC80211_MESH
9745 			| BIT(NL80211_IFTYPE_MESH_POINT)
9746 #endif
9747 	},
9748 };
9749 
9750 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
9751 	{
9752 		.limits = ath10k_10_4_if_limits,
9753 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9754 		.max_interfaces = 16,
9755 		.num_different_channels = 1,
9756 		.beacon_int_infra_match = true,
9757 		.beacon_int_min_gcd = 1,
9758 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9759 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9760 					BIT(NL80211_CHAN_WIDTH_20) |
9761 					BIT(NL80211_CHAN_WIDTH_40) |
9762 					BIT(NL80211_CHAN_WIDTH_80) |
9763 					BIT(NL80211_CHAN_WIDTH_80P80) |
9764 					BIT(NL80211_CHAN_WIDTH_160),
9765 #endif
9766 	},
9767 };
9768 
9769 static const struct
9770 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
9771 	{
9772 		.limits = ath10k_10_4_if_limits,
9773 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9774 		.max_interfaces = 16,
9775 		.num_different_channels = 1,
9776 		.beacon_int_infra_match = true,
9777 		.beacon_int_min_gcd = 100,
9778 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9779 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9780 					BIT(NL80211_CHAN_WIDTH_20) |
9781 					BIT(NL80211_CHAN_WIDTH_40) |
9782 					BIT(NL80211_CHAN_WIDTH_80) |
9783 					BIT(NL80211_CHAN_WIDTH_80P80) |
9784 					BIT(NL80211_CHAN_WIDTH_160),
9785 #endif
9786 	},
9787 };
9788 
9789 static void ath10k_get_arvif_iter(void *data, u8 *mac,
9790 				  struct ieee80211_vif *vif)
9791 {
9792 	struct ath10k_vif_iter *arvif_iter = data;
9793 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9794 
9795 	if (arvif->vdev_id == arvif_iter->vdev_id)
9796 		arvif_iter->arvif = arvif;
9797 }
9798 
9799 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
9800 {
9801 	struct ath10k_vif_iter arvif_iter;
9802 
9803 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
9804 	arvif_iter.vdev_id = vdev_id;
9805 
9806 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
9807 						   ATH10K_ITER_RESUME_FLAGS,
9808 						   ath10k_get_arvif_iter,
9809 						   &arvif_iter);
9810 	if (!arvif_iter.arvif) {
9811 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
9812 		return NULL;
9813 	}
9814 
9815 	return arvif_iter.arvif;
9816 }
9817 
9818 #define WRD_METHOD "WRDD"
9819 #define WRDD_WIFI  (0x07)
9820 
9821 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
9822 {
9823 	union acpi_object *mcc_pkg;
9824 	union acpi_object *domain_type;
9825 	union acpi_object *mcc_value;
9826 	u32 i;
9827 
9828 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
9829 	    wrdd->package.count < 2 ||
9830 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
9831 	    wrdd->package.elements[0].integer.value != 0) {
9832 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
9833 		return 0;
9834 	}
9835 
9836 	for (i = 1; i < wrdd->package.count; ++i) {
9837 		mcc_pkg = &wrdd->package.elements[i];
9838 
9839 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
9840 			continue;
9841 		if (mcc_pkg->package.count < 2)
9842 			continue;
9843 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
9844 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
9845 			continue;
9846 
9847 		domain_type = &mcc_pkg->package.elements[0];
9848 		if (domain_type->integer.value != WRDD_WIFI)
9849 			continue;
9850 
9851 		mcc_value = &mcc_pkg->package.elements[1];
9852 		return mcc_value->integer.value;
9853 	}
9854 	return 0;
9855 }
9856 
9857 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
9858 {
9859 	acpi_handle root_handle;
9860 	acpi_handle handle;
9861 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
9862 	acpi_status status;
9863 	u32 alpha2_code;
9864 	char alpha2[3];
9865 
9866 	root_handle = ACPI_HANDLE(ar->dev);
9867 	if (!root_handle)
9868 		return -EOPNOTSUPP;
9869 
9870 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
9871 	if (ACPI_FAILURE(status)) {
9872 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9873 			   "failed to get wrd method %d\n", status);
9874 		return -EIO;
9875 	}
9876 
9877 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
9878 	if (ACPI_FAILURE(status)) {
9879 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9880 			   "failed to call wrdc %d\n", status);
9881 		return -EIO;
9882 	}
9883 
9884 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
9885 	kfree(wrdd.pointer);
9886 	if (!alpha2_code)
9887 		return -EIO;
9888 
9889 	alpha2[0] = (alpha2_code >> 8) & 0xff;
9890 	alpha2[1] = (alpha2_code >> 0) & 0xff;
9891 	alpha2[2] = '\0';
9892 
9893 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
9894 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
9895 
9896 	*rd = ath_regd_find_country_by_name(alpha2);
9897 	if (*rd == 0xffff)
9898 		return -EIO;
9899 
9900 	*rd |= COUNTRY_ERD_FLAG;
9901 	return 0;
9902 }
9903 
9904 static int ath10k_mac_init_rd(struct ath10k *ar)
9905 {
9906 	int ret;
9907 	u16 rd;
9908 
9909 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
9910 	if (ret) {
9911 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9912 			   "fallback to eeprom programmed regulatory settings\n");
9913 		rd = ar->hw_eeprom_rd;
9914 	}
9915 
9916 	ar->ath_common.regulatory.current_rd = rd;
9917 	return 0;
9918 }
9919 
9920 int ath10k_mac_register(struct ath10k *ar)
9921 {
9922 	static const u32 cipher_suites[] = {
9923 		WLAN_CIPHER_SUITE_WEP40,
9924 		WLAN_CIPHER_SUITE_WEP104,
9925 		WLAN_CIPHER_SUITE_TKIP,
9926 		WLAN_CIPHER_SUITE_CCMP,
9927 
9928 		/* Do not add hardware supported ciphers before this line.
9929 		 * Allow software encryption for all chips. Don't forget to
9930 		 * update n_cipher_suites below.
9931 		 */
9932 		WLAN_CIPHER_SUITE_AES_CMAC,
9933 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
9934 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
9935 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
9936 
9937 		/* Only QCA99x0 and QCA4019 variants support GCMP-128, GCMP-256
9938 		 * and CCMP-256 in hardware.
9939 		 */
9940 		WLAN_CIPHER_SUITE_GCMP,
9941 		WLAN_CIPHER_SUITE_GCMP_256,
9942 		WLAN_CIPHER_SUITE_CCMP_256,
9943 	};
9944 	struct ieee80211_supported_band *band;
9945 	void *channels;
9946 	int ret;
9947 
9948 	if (!is_valid_ether_addr(ar->mac_addr)) {
9949 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
9950 		eth_random_addr(ar->mac_addr);
9951 	}
9952 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
9953 
9954 	SET_IEEE80211_DEV(ar->hw, ar->dev);
9955 
9956 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
9957 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
9958 		     ATH10K_NUM_CHANS);
9959 
9960 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
9961 		channels = kmemdup(ath10k_2ghz_channels,
9962 				   sizeof(ath10k_2ghz_channels),
9963 				   GFP_KERNEL);
9964 		if (!channels) {
9965 			ret = -ENOMEM;
9966 			goto err_free;
9967 		}
9968 
9969 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
9970 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
9971 		band->channels = channels;
9972 
9973 		if (ar->hw_params.cck_rate_map_rev2) {
9974 			band->n_bitrates = ath10k_g_rates_rev2_size;
9975 			band->bitrates = ath10k_g_rates_rev2;
9976 		} else {
9977 			band->n_bitrates = ath10k_g_rates_size;
9978 			band->bitrates = ath10k_g_rates;
9979 		}
9980 
9981 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
9982 	}
9983 
9984 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
9985 		channels = kmemdup(ath10k_5ghz_channels,
9986 				   sizeof(ath10k_5ghz_channels),
9987 				   GFP_KERNEL);
9988 		if (!channels) {
9989 			ret = -ENOMEM;
9990 			goto err_free;
9991 		}
9992 
9993 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
9994 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
9995 		band->channels = channels;
9996 		band->n_bitrates = ath10k_a_rates_size;
9997 		band->bitrates = ath10k_a_rates;
9998 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
9999 	}
10000 
10001 	wiphy_read_of_freq_limits(ar->hw->wiphy);
10002 	ath10k_mac_setup_ht_vht_cap(ar);
10003 
10004 	ar->hw->wiphy->interface_modes =
10005 		BIT(NL80211_IFTYPE_STATION) |
10006 		BIT(NL80211_IFTYPE_AP) |
10007 		BIT(NL80211_IFTYPE_MESH_POINT);
10008 
10009 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
10010 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
10011 
10012 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
10013 		ar->hw->wiphy->interface_modes |=
10014 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
10015 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
10016 			BIT(NL80211_IFTYPE_P2P_GO);
10017 
10018 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
10019 
10020 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
10021 		      ar->running_fw->fw_file.fw_features)) {
10022 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
10023 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
10024 	}
10025 
10026 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
10027 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
10028 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
10029 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
10030 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
10031 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
10032 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
10033 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
10034 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
10035 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
10036 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
10037 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
10038 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
10039 
10040 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10041 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
10042 
10043 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
10044 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
10045 
10046 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
10047 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
10048 
10049 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
10050 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
10051 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
10052 	}
10053 
10054 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
10055 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
10056 
10057 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
10058 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
10059 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
10060 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
10061 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
10062 		ar->hw->wiphy->max_sched_scan_plan_interval =
10063 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
10064 		ar->hw->wiphy->max_sched_scan_plan_iterations =
10065 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
10066 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
10067 	}
10068 
10069 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
10070 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
10071 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
10072 
10073 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
10074 
10075 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
10076 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
10077 
10078 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
10079 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
10080 		 * correct Probe Responses. This is more of a hack advert..
10081 		 */
10082 		ar->hw->wiphy->probe_resp_offload |=
10083 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
10084 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
10085 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
10086 	}
10087 
10088 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
10089 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
10090 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
10091 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
10092 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
10093 	}
10094 
10095 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
10096 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
10097 
10098 	if (ath10k_frame_mode == ATH10K_HW_TXRX_ETHERNET) {
10099 		if (ar->wmi.vdev_param->tx_encap_type !=
10100 		    WMI_VDEV_PARAM_UNSUPPORTED)
10101 			ieee80211_hw_set(ar->hw, SUPPORTS_TX_ENCAP_OFFLOAD);
10102 	}
10103 
10104 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
10105 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
10106 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
10107 
10108 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
10109 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
10110 				   NL80211_FEATURE_AP_SCAN;
10111 
10112 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
10113 
10114 	ret = ath10k_wow_init(ar);
10115 	if (ret) {
10116 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
10117 		goto err_free;
10118 	}
10119 
10120 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
10121 	wiphy_ext_feature_set(ar->hw->wiphy,
10122 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
10123 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
10124 
10125 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
10126 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
10127 		wiphy_ext_feature_set(ar->hw->wiphy,
10128 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
10129 
10130 	if (ath10k_peer_stats_enabled(ar) ||
10131 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
10132 		wiphy_ext_feature_set(ar->hw->wiphy,
10133 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
10134 
10135 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
10136 		wiphy_ext_feature_set(ar->hw->wiphy,
10137 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
10138 
10139 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
10140 		wiphy_ext_feature_set(ar->hw->wiphy,
10141 				      NL80211_EXT_FEATURE_STA_TX_PWR);
10142 
10143 	if (test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map)) {
10144 		ar->hw->wiphy->tid_config_support.vif |=
10145 				BIT(NL80211_TID_CONFIG_ATTR_NOACK) |
10146 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT) |
10147 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG) |
10148 				BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL) |
10149 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
10150 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
10151 
10152 		if (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
10153 			     ar->wmi.svc_map)) {
10154 			ar->hw->wiphy->tid_config_support.vif |=
10155 				BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
10156 		}
10157 
10158 		ar->hw->wiphy->tid_config_support.peer =
10159 				ar->hw->wiphy->tid_config_support.vif;
10160 		ar->hw->wiphy->max_data_retry_count = ATH10K_MAX_RETRY_COUNT;
10161 	} else {
10162 		ar->ops->set_tid_config = NULL;
10163 	}
10164 	/*
10165 	 * on LL hardware queues are managed entirely by the FW
10166 	 * so we only advertise to mac we can do the queues thing
10167 	 */
10168 	ar->hw->queues = IEEE80211_MAX_QUEUES;
10169 
10170 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
10171 	 * something that vdev_ids can't reach so that we don't stop the queue
10172 	 * accidentally.
10173 	 */
10174 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
10175 
10176 	switch (ar->running_fw->fw_file.wmi_op_version) {
10177 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
10178 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
10179 		ar->hw->wiphy->n_iface_combinations =
10180 			ARRAY_SIZE(ath10k_if_comb);
10181 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10182 		break;
10183 	case ATH10K_FW_WMI_OP_VERSION_TLV:
10184 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
10185 			ar->hw->wiphy->iface_combinations =
10186 				ath10k_tlv_qcs_if_comb;
10187 			ar->hw->wiphy->n_iface_combinations =
10188 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
10189 		} else {
10190 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
10191 			ar->hw->wiphy->n_iface_combinations =
10192 				ARRAY_SIZE(ath10k_tlv_if_comb);
10193 		}
10194 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10195 		break;
10196 	case ATH10K_FW_WMI_OP_VERSION_10_1:
10197 	case ATH10K_FW_WMI_OP_VERSION_10_2:
10198 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
10199 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
10200 		ar->hw->wiphy->n_iface_combinations =
10201 			ARRAY_SIZE(ath10k_10x_if_comb);
10202 		break;
10203 	case ATH10K_FW_WMI_OP_VERSION_10_4:
10204 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
10205 		ar->hw->wiphy->n_iface_combinations =
10206 			ARRAY_SIZE(ath10k_10_4_if_comb);
10207 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
10208 			     ar->wmi.svc_map)) {
10209 			ar->hw->wiphy->iface_combinations =
10210 				ath10k_10_4_bcn_int_if_comb;
10211 			ar->hw->wiphy->n_iface_combinations =
10212 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
10213 		}
10214 		break;
10215 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
10216 	case ATH10K_FW_WMI_OP_VERSION_MAX:
10217 		WARN_ON(1);
10218 		ret = -EINVAL;
10219 		goto err_free;
10220 	}
10221 
10222 	if (ar->hw_params.dynamic_sar_support)
10223 		ar->hw->wiphy->sar_capa = &ath10k_sar_capa;
10224 
10225 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10226 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
10227 
10228 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
10229 		/* Init ath dfs pattern detector */
10230 		ar->ath_common.debug_mask = ATH_DBG_DFS;
10231 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
10232 							     NL80211_DFS_UNSET);
10233 
10234 		if (!ar->dfs_detector)
10235 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
10236 	}
10237 
10238 	ret = ath10k_mac_init_rd(ar);
10239 	if (ret) {
10240 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
10241 		goto err_dfs_detector_exit;
10242 	}
10243 
10244 	/* Disable set_coverage_class for chipsets that do not support it. */
10245 	if (!ar->hw_params.hw_ops->set_coverage_class)
10246 		ar->ops->set_coverage_class = NULL;
10247 
10248 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
10249 			    ath10k_reg_notifier);
10250 	if (ret) {
10251 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
10252 		goto err_dfs_detector_exit;
10253 	}
10254 
10255 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
10256 		ar->hw->wiphy->features |=
10257 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
10258 	}
10259 
10260 	ar->hw->wiphy->cipher_suites = cipher_suites;
10261 
10262 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
10263 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
10264 	 * from chip specific hw_param table.
10265 	 */
10266 	if (!ar->hw_params.n_cipher_suites ||
10267 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
10268 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
10269 			   ar->hw_params.n_cipher_suites);
10270 		ar->hw_params.n_cipher_suites = 8;
10271 	}
10272 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
10273 
10274 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
10275 
10276 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
10277 
10278 	ret = ieee80211_register_hw(ar->hw);
10279 	if (ret) {
10280 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
10281 		goto err_dfs_detector_exit;
10282 	}
10283 
10284 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
10285 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
10286 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
10287 	}
10288 
10289 	if (!ath_is_world_regd(&ar->ath_common.reg_world_copy) &&
10290 	    !ath_is_world_regd(&ar->ath_common.regulatory)) {
10291 		ret = regulatory_hint(ar->hw->wiphy,
10292 				      ar->ath_common.regulatory.alpha2);
10293 		if (ret)
10294 			goto err_unregister;
10295 	}
10296 
10297 	return 0;
10298 
10299 err_unregister:
10300 	ieee80211_unregister_hw(ar->hw);
10301 
10302 err_dfs_detector_exit:
10303 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10304 		ar->dfs_detector->exit(ar->dfs_detector);
10305 
10306 err_free:
10307 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10308 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10309 
10310 	SET_IEEE80211_DEV(ar->hw, NULL);
10311 	return ret;
10312 }
10313 
10314 void ath10k_mac_unregister(struct ath10k *ar)
10315 {
10316 	ieee80211_unregister_hw(ar->hw);
10317 
10318 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10319 		ar->dfs_detector->exit(ar->dfs_detector);
10320 
10321 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10322 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10323 
10324 	SET_IEEE80211_DEV(ar->hw, NULL);
10325 }
10326