xref: /openbmc/linux/drivers/net/wireless/ath/ath10k/mac.c (revision dfccddd5874fcb2f0715c8e02ce633139425d295) 
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2005-2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2017 Qualcomm Atheros, Inc.
5  * Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
6  * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved.
7  */
8 
9 #include "mac.h"
10 
11 #include <net/cfg80211.h>
12 #include <net/mac80211.h>
13 #include <linux/etherdevice.h>
14 #include <linux/acpi.h>
15 #include <linux/of.h>
16 #include <linux/bitfield.h>
17 
18 #include "hif.h"
19 #include "core.h"
20 #include "debug.h"
21 #include "wmi.h"
22 #include "htt.h"
23 #include "txrx.h"
24 #include "testmode.h"
25 #include "wmi-tlv.h"
26 #include "wmi-ops.h"
27 #include "wow.h"
28 
29 /*********/
30 /* Rates */
31 /*********/
32 
33 static struct ieee80211_rate ath10k_rates[] = {
34 	{ .bitrate = 10,
35 	  .hw_value = ATH10K_HW_RATE_CCK_LP_1M },
36 	{ .bitrate = 20,
37 	  .hw_value = ATH10K_HW_RATE_CCK_LP_2M,
38 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_2M,
39 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
40 	{ .bitrate = 55,
41 	  .hw_value = ATH10K_HW_RATE_CCK_LP_5_5M,
42 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_5_5M,
43 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
44 	{ .bitrate = 110,
45 	  .hw_value = ATH10K_HW_RATE_CCK_LP_11M,
46 	  .hw_value_short = ATH10K_HW_RATE_CCK_SP_11M,
47 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
48 
49 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
50 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
51 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
52 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
53 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
54 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
55 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
56 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
57 };
58 
59 static struct ieee80211_rate ath10k_rates_rev2[] = {
60 	{ .bitrate = 10,
61 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_1M },
62 	{ .bitrate = 20,
63 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_2M,
64 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_2M,
65 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
66 	{ .bitrate = 55,
67 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_5_5M,
68 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_5_5M,
69 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
70 	{ .bitrate = 110,
71 	  .hw_value = ATH10K_HW_RATE_REV2_CCK_LP_11M,
72 	  .hw_value_short = ATH10K_HW_RATE_REV2_CCK_SP_11M,
73 	  .flags = IEEE80211_RATE_SHORT_PREAMBLE },
74 
75 	{ .bitrate = 60, .hw_value = ATH10K_HW_RATE_OFDM_6M },
76 	{ .bitrate = 90, .hw_value = ATH10K_HW_RATE_OFDM_9M },
77 	{ .bitrate = 120, .hw_value = ATH10K_HW_RATE_OFDM_12M },
78 	{ .bitrate = 180, .hw_value = ATH10K_HW_RATE_OFDM_18M },
79 	{ .bitrate = 240, .hw_value = ATH10K_HW_RATE_OFDM_24M },
80 	{ .bitrate = 360, .hw_value = ATH10K_HW_RATE_OFDM_36M },
81 	{ .bitrate = 480, .hw_value = ATH10K_HW_RATE_OFDM_48M },
82 	{ .bitrate = 540, .hw_value = ATH10K_HW_RATE_OFDM_54M },
83 };
84 
85 static const struct cfg80211_sar_freq_ranges ath10k_sar_freq_ranges[] = {
86 	{.start_freq = 2402, .end_freq = 2494 },
87 	{.start_freq = 5170, .end_freq = 5875 },
88 };
89 
90 static const struct cfg80211_sar_capa ath10k_sar_capa = {
91 	.type = NL80211_SAR_TYPE_POWER,
92 	.num_freq_ranges = (ARRAY_SIZE(ath10k_sar_freq_ranges)),
93 	.freq_ranges = &ath10k_sar_freq_ranges[0],
94 };
95 
96 #define ATH10K_MAC_FIRST_OFDM_RATE_IDX 4
97 
98 #define ath10k_a_rates (ath10k_rates + ATH10K_MAC_FIRST_OFDM_RATE_IDX)
99 #define ath10k_a_rates_size (ARRAY_SIZE(ath10k_rates) - \
100 			     ATH10K_MAC_FIRST_OFDM_RATE_IDX)
101 #define ath10k_g_rates (ath10k_rates + 0)
102 #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
103 
104 #define ath10k_g_rates_rev2 (ath10k_rates_rev2 + 0)
105 #define ath10k_g_rates_rev2_size (ARRAY_SIZE(ath10k_rates_rev2))
106 
107 #define ath10k_wmi_legacy_rates ath10k_rates
108 
109 static bool ath10k_mac_bitrate_is_cck(int bitrate)
110 {
111 	switch (bitrate) {
112 	case 10:
113 	case 20:
114 	case 55:
115 	case 110:
116 		return true;
117 	}
118 
119 	return false;
120 }
121 
122 static u8 ath10k_mac_bitrate_to_rate(int bitrate)
123 {
124 	return DIV_ROUND_UP(bitrate, 5) |
125 	       (ath10k_mac_bitrate_is_cck(bitrate) ? BIT(7) : 0);
126 }
127 
128 u8 ath10k_mac_hw_rate_to_idx(const struct ieee80211_supported_band *sband,
129 			     u8 hw_rate, bool cck)
130 {
131 	const struct ieee80211_rate *rate;
132 	int i;
133 
134 	for (i = 0; i < sband->n_bitrates; i++) {
135 		rate = &sband->bitrates[i];
136 
137 		if (ath10k_mac_bitrate_is_cck(rate->bitrate) != cck)
138 			continue;
139 
140 		if (rate->hw_value == hw_rate)
141 			return i;
142 		else if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE &&
143 			 rate->hw_value_short == hw_rate)
144 			return i;
145 	}
146 
147 	return 0;
148 }
149 
150 u8 ath10k_mac_bitrate_to_idx(const struct ieee80211_supported_band *sband,
151 			     u32 bitrate)
152 {
153 	int i;
154 
155 	for (i = 0; i < sband->n_bitrates; i++)
156 		if (sband->bitrates[i].bitrate == bitrate)
157 			return i;
158 
159 	return 0;
160 }
161 
162 static int ath10k_mac_get_rate_hw_value(int bitrate)
163 {
164 	int i;
165 	u8 hw_value_prefix = 0;
166 
167 	if (ath10k_mac_bitrate_is_cck(bitrate))
168 		hw_value_prefix = WMI_RATE_PREAMBLE_CCK << 6;
169 
170 	for (i = 0; i < ARRAY_SIZE(ath10k_rates); i++) {
171 		if (ath10k_rates[i].bitrate == bitrate)
172 			return hw_value_prefix | ath10k_rates[i].hw_value;
173 	}
174 
175 	return -EINVAL;
176 }
177 
178 static int ath10k_mac_get_max_vht_mcs_map(u16 mcs_map, int nss)
179 {
180 	switch ((mcs_map >> (2 * nss)) & 0x3) {
181 	case IEEE80211_VHT_MCS_SUPPORT_0_7: return BIT(8) - 1;
182 	case IEEE80211_VHT_MCS_SUPPORT_0_8: return BIT(9) - 1;
183 	case IEEE80211_VHT_MCS_SUPPORT_0_9: return BIT(10) - 1;
184 	}
185 	return 0;
186 }
187 
188 static u32
189 ath10k_mac_max_ht_nss(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
190 {
191 	int nss;
192 
193 	for (nss = IEEE80211_HT_MCS_MASK_LEN - 1; nss >= 0; nss--)
194 		if (ht_mcs_mask[nss])
195 			return nss + 1;
196 
197 	return 1;
198 }
199 
200 static u32
201 ath10k_mac_max_vht_nss(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
202 {
203 	int nss;
204 
205 	for (nss = NL80211_VHT_NSS_MAX - 1; nss >= 0; nss--)
206 		if (vht_mcs_mask[nss])
207 			return nss + 1;
208 
209 	return 1;
210 }
211 
212 int ath10k_mac_ext_resource_config(struct ath10k *ar, u32 val)
213 {
214 	enum wmi_host_platform_type platform_type;
215 	int ret;
216 
217 	if (test_bit(WMI_SERVICE_TX_MODE_DYNAMIC, ar->wmi.svc_map))
218 		platform_type = WMI_HOST_PLATFORM_LOW_PERF;
219 	else
220 		platform_type = WMI_HOST_PLATFORM_HIGH_PERF;
221 
222 	ret = ath10k_wmi_ext_resource_config(ar, platform_type, val);
223 
224 	if (ret && ret != -EOPNOTSUPP) {
225 		ath10k_warn(ar, "failed to configure ext resource: %d\n", ret);
226 		return ret;
227 	}
228 
229 	return 0;
230 }
231 
232 /**********/
233 /* Crypto */
234 /**********/
235 
236 static int ath10k_send_key(struct ath10k_vif *arvif,
237 			   struct ieee80211_key_conf *key,
238 			   enum set_key_cmd cmd,
239 			   const u8 *macaddr, u32 flags)
240 {
241 	struct ath10k *ar = arvif->ar;
242 	struct wmi_vdev_install_key_arg arg = {
243 		.vdev_id = arvif->vdev_id,
244 		.key_idx = key->keyidx,
245 		.key_len = key->keylen,
246 		.key_data = key->key,
247 		.key_flags = flags,
248 		.macaddr = macaddr,
249 	};
250 
251 	lockdep_assert_held(&arvif->ar->conf_mutex);
252 
253 	switch (key->cipher) {
254 	case WLAN_CIPHER_SUITE_CCMP:
255 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
256 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
257 		break;
258 	case WLAN_CIPHER_SUITE_TKIP:
259 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_TKIP];
260 		arg.key_txmic_len = 8;
261 		arg.key_rxmic_len = 8;
262 		break;
263 	case WLAN_CIPHER_SUITE_WEP40:
264 	case WLAN_CIPHER_SUITE_WEP104:
265 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_WEP];
266 		break;
267 	case WLAN_CIPHER_SUITE_CCMP_256:
268 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_CCM];
269 		break;
270 	case WLAN_CIPHER_SUITE_GCMP:
271 	case WLAN_CIPHER_SUITE_GCMP_256:
272 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_AES_GCM];
273 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
274 		break;
275 	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
276 	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
277 	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
278 	case WLAN_CIPHER_SUITE_AES_CMAC:
279 		WARN_ON(1);
280 		return -EINVAL;
281 	default:
282 		ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
283 		return -EOPNOTSUPP;
284 	}
285 
286 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
287 		key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
288 
289 	if (cmd == DISABLE_KEY) {
290 		arg.key_cipher = ar->wmi_key_cipher[WMI_CIPHER_NONE];
291 		arg.key_data = NULL;
292 	}
293 
294 	return ath10k_wmi_vdev_install_key(arvif->ar, &arg);
295 }
296 
297 static int ath10k_install_key(struct ath10k_vif *arvif,
298 			      struct ieee80211_key_conf *key,
299 			      enum set_key_cmd cmd,
300 			      const u8 *macaddr, u32 flags)
301 {
302 	struct ath10k *ar = arvif->ar;
303 	int ret;
304 	unsigned long time_left;
305 
306 	lockdep_assert_held(&ar->conf_mutex);
307 
308 	reinit_completion(&ar->install_key_done);
309 
310 	if (arvif->nohwcrypt)
311 		return 1;
312 
313 	ret = ath10k_send_key(arvif, key, cmd, macaddr, flags);
314 	if (ret)
315 		return ret;
316 
317 	time_left = wait_for_completion_timeout(&ar->install_key_done, 3 * HZ);
318 	if (time_left == 0)
319 		return -ETIMEDOUT;
320 
321 	return 0;
322 }
323 
324 static int ath10k_install_peer_wep_keys(struct ath10k_vif *arvif,
325 					const u8 *addr)
326 {
327 	struct ath10k *ar = arvif->ar;
328 	struct ath10k_peer *peer;
329 	int ret;
330 	int i;
331 	u32 flags;
332 
333 	lockdep_assert_held(&ar->conf_mutex);
334 
335 	if (WARN_ON(arvif->vif->type != NL80211_IFTYPE_AP &&
336 		    arvif->vif->type != NL80211_IFTYPE_ADHOC &&
337 		    arvif->vif->type != NL80211_IFTYPE_MESH_POINT))
338 		return -EINVAL;
339 
340 	spin_lock_bh(&ar->data_lock);
341 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
342 	spin_unlock_bh(&ar->data_lock);
343 
344 	if (!peer)
345 		return -ENOENT;
346 
347 	for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
348 		if (arvif->wep_keys[i] == NULL)
349 			continue;
350 
351 		switch (arvif->vif->type) {
352 		case NL80211_IFTYPE_AP:
353 			flags = WMI_KEY_PAIRWISE;
354 
355 			if (arvif->def_wep_key_idx == i)
356 				flags |= WMI_KEY_TX_USAGE;
357 
358 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
359 						 SET_KEY, addr, flags);
360 			if (ret < 0)
361 				return ret;
362 			break;
363 		case NL80211_IFTYPE_ADHOC:
364 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
365 						 SET_KEY, addr,
366 						 WMI_KEY_PAIRWISE);
367 			if (ret < 0)
368 				return ret;
369 
370 			ret = ath10k_install_key(arvif, arvif->wep_keys[i],
371 						 SET_KEY, addr, WMI_KEY_GROUP);
372 			if (ret < 0)
373 				return ret;
374 			break;
375 		default:
376 			WARN_ON(1);
377 			return -EINVAL;
378 		}
379 
380 		spin_lock_bh(&ar->data_lock);
381 		peer->keys[i] = arvif->wep_keys[i];
382 		spin_unlock_bh(&ar->data_lock);
383 	}
384 
385 	/* In some cases (notably with static WEP IBSS with multiple keys)
386 	 * multicast Tx becomes broken. Both pairwise and groupwise keys are
387 	 * installed already. Using WMI_KEY_TX_USAGE in different combinations
388 	 * didn't seem help. Using def_keyid vdev parameter seems to be
389 	 * effective so use that.
390 	 *
391 	 * FIXME: Revisit. Perhaps this can be done in a less hacky way.
392 	 */
393 	if (arvif->vif->type != NL80211_IFTYPE_ADHOC)
394 		return 0;
395 
396 	if (arvif->def_wep_key_idx == -1)
397 		return 0;
398 
399 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
400 					arvif->vdev_id,
401 					arvif->ar->wmi.vdev_param->def_keyid,
402 					arvif->def_wep_key_idx);
403 	if (ret) {
404 		ath10k_warn(ar, "failed to re-set def wpa key idxon vdev %i: %d\n",
405 			    arvif->vdev_id, ret);
406 		return ret;
407 	}
408 
409 	return 0;
410 }
411 
412 static int ath10k_clear_peer_keys(struct ath10k_vif *arvif,
413 				  const u8 *addr)
414 {
415 	struct ath10k *ar = arvif->ar;
416 	struct ath10k_peer *peer;
417 	int first_errno = 0;
418 	int ret;
419 	int i;
420 	u32 flags = 0;
421 
422 	lockdep_assert_held(&ar->conf_mutex);
423 
424 	spin_lock_bh(&ar->data_lock);
425 	peer = ath10k_peer_find(ar, arvif->vdev_id, addr);
426 	spin_unlock_bh(&ar->data_lock);
427 
428 	if (!peer)
429 		return -ENOENT;
430 
431 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
432 		if (peer->keys[i] == NULL)
433 			continue;
434 
435 		/* key flags are not required to delete the key */
436 		ret = ath10k_install_key(arvif, peer->keys[i],
437 					 DISABLE_KEY, addr, flags);
438 		if (ret < 0 && first_errno == 0)
439 			first_errno = ret;
440 
441 		if (ret < 0)
442 			ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
443 				    i, ret);
444 
445 		spin_lock_bh(&ar->data_lock);
446 		peer->keys[i] = NULL;
447 		spin_unlock_bh(&ar->data_lock);
448 	}
449 
450 	return first_errno;
451 }
452 
453 bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
454 				    u8 keyidx)
455 {
456 	struct ath10k_peer *peer;
457 	int i;
458 
459 	lockdep_assert_held(&ar->data_lock);
460 
461 	/* We don't know which vdev this peer belongs to,
462 	 * since WMI doesn't give us that information.
463 	 *
464 	 * FIXME: multi-bss needs to be handled.
465 	 */
466 	peer = ath10k_peer_find(ar, 0, addr);
467 	if (!peer)
468 		return false;
469 
470 	for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
471 		if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
472 			return true;
473 	}
474 
475 	return false;
476 }
477 
478 static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
479 				 struct ieee80211_key_conf *key)
480 {
481 	struct ath10k *ar = arvif->ar;
482 	struct ath10k_peer *peer;
483 	u8 addr[ETH_ALEN];
484 	int first_errno = 0;
485 	int ret;
486 	int i;
487 	u32 flags = 0;
488 
489 	lockdep_assert_held(&ar->conf_mutex);
490 
491 	for (;;) {
492 		/* since ath10k_install_key we can't hold data_lock all the
493 		 * time, so we try to remove the keys incrementally
494 		 */
495 		spin_lock_bh(&ar->data_lock);
496 		i = 0;
497 		list_for_each_entry(peer, &ar->peers, list) {
498 			for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
499 				if (peer->keys[i] == key) {
500 					ether_addr_copy(addr, peer->addr);
501 					peer->keys[i] = NULL;
502 					break;
503 				}
504 			}
505 
506 			if (i < ARRAY_SIZE(peer->keys))
507 				break;
508 		}
509 		spin_unlock_bh(&ar->data_lock);
510 
511 		if (i == ARRAY_SIZE(peer->keys))
512 			break;
513 		/* key flags are not required to delete the key */
514 		ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, flags);
515 		if (ret < 0 && first_errno == 0)
516 			first_errno = ret;
517 
518 		if (ret)
519 			ath10k_warn(ar, "failed to remove key for %pM: %d\n",
520 				    addr, ret);
521 	}
522 
523 	return first_errno;
524 }
525 
526 static int ath10k_mac_vif_update_wep_key(struct ath10k_vif *arvif,
527 					 struct ieee80211_key_conf *key)
528 {
529 	struct ath10k *ar = arvif->ar;
530 	struct ath10k_peer *peer;
531 	int ret;
532 
533 	lockdep_assert_held(&ar->conf_mutex);
534 
535 	list_for_each_entry(peer, &ar->peers, list) {
536 		if (ether_addr_equal(peer->addr, arvif->vif->addr))
537 			continue;
538 
539 		if (ether_addr_equal(peer->addr, arvif->bssid))
540 			continue;
541 
542 		if (peer->keys[key->keyidx] == key)
543 			continue;
544 
545 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vif vdev %i update key %i needs update\n",
546 			   arvif->vdev_id, key->keyidx);
547 
548 		ret = ath10k_install_peer_wep_keys(arvif, peer->addr);
549 		if (ret) {
550 			ath10k_warn(ar, "failed to update wep keys on vdev %i for peer %pM: %d\n",
551 				    arvif->vdev_id, peer->addr, ret);
552 			return ret;
553 		}
554 	}
555 
556 	return 0;
557 }
558 
559 /*********************/
560 /* General utilities */
561 /*********************/
562 
563 static inline enum wmi_phy_mode
564 chan_to_phymode(const struct cfg80211_chan_def *chandef)
565 {
566 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
567 
568 	switch (chandef->chan->band) {
569 	case NL80211_BAND_2GHZ:
570 		switch (chandef->width) {
571 		case NL80211_CHAN_WIDTH_20_NOHT:
572 			if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
573 				phymode = MODE_11B;
574 			else
575 				phymode = MODE_11G;
576 			break;
577 		case NL80211_CHAN_WIDTH_20:
578 			phymode = MODE_11NG_HT20;
579 			break;
580 		case NL80211_CHAN_WIDTH_40:
581 			phymode = MODE_11NG_HT40;
582 			break;
583 		default:
584 			phymode = MODE_UNKNOWN;
585 			break;
586 		}
587 		break;
588 	case NL80211_BAND_5GHZ:
589 		switch (chandef->width) {
590 		case NL80211_CHAN_WIDTH_20_NOHT:
591 			phymode = MODE_11A;
592 			break;
593 		case NL80211_CHAN_WIDTH_20:
594 			phymode = MODE_11NA_HT20;
595 			break;
596 		case NL80211_CHAN_WIDTH_40:
597 			phymode = MODE_11NA_HT40;
598 			break;
599 		case NL80211_CHAN_WIDTH_80:
600 			phymode = MODE_11AC_VHT80;
601 			break;
602 		case NL80211_CHAN_WIDTH_160:
603 			phymode = MODE_11AC_VHT160;
604 			break;
605 		case NL80211_CHAN_WIDTH_80P80:
606 			phymode = MODE_11AC_VHT80_80;
607 			break;
608 		default:
609 			phymode = MODE_UNKNOWN;
610 			break;
611 		}
612 		break;
613 	default:
614 		break;
615 	}
616 
617 	WARN_ON(phymode == MODE_UNKNOWN);
618 	return phymode;
619 }
620 
621 static u8 ath10k_parse_mpdudensity(u8 mpdudensity)
622 {
623 /*
624  * 802.11n D2.0 defined values for "Minimum MPDU Start Spacing":
625  *   0 for no restriction
626  *   1 for 1/4 us
627  *   2 for 1/2 us
628  *   3 for 1 us
629  *   4 for 2 us
630  *   5 for 4 us
631  *   6 for 8 us
632  *   7 for 16 us
633  */
634 	switch (mpdudensity) {
635 	case 0:
636 		return 0;
637 	case 1:
638 	case 2:
639 	case 3:
640 	/* Our lower layer calculations limit our precision to
641 	 * 1 microsecond
642 	 */
643 		return 1;
644 	case 4:
645 		return 2;
646 	case 5:
647 		return 4;
648 	case 6:
649 		return 8;
650 	case 7:
651 		return 16;
652 	default:
653 		return 0;
654 	}
655 }
656 
657 int ath10k_mac_vif_chan(struct ieee80211_vif *vif,
658 			struct cfg80211_chan_def *def)
659 {
660 	struct ieee80211_chanctx_conf *conf;
661 
662 	rcu_read_lock();
663 	conf = rcu_dereference(vif->bss_conf.chanctx_conf);
664 	if (!conf) {
665 		rcu_read_unlock();
666 		return -ENOENT;
667 	}
668 
669 	*def = conf->def;
670 	rcu_read_unlock();
671 
672 	return 0;
673 }
674 
675 static void ath10k_mac_num_chanctxs_iter(struct ieee80211_hw *hw,
676 					 struct ieee80211_chanctx_conf *conf,
677 					 void *data)
678 {
679 	int *num = data;
680 
681 	(*num)++;
682 }
683 
684 static int ath10k_mac_num_chanctxs(struct ath10k *ar)
685 {
686 	int num = 0;
687 
688 	ieee80211_iter_chan_contexts_atomic(ar->hw,
689 					    ath10k_mac_num_chanctxs_iter,
690 					    &num);
691 
692 	return num;
693 }
694 
695 static void
696 ath10k_mac_get_any_chandef_iter(struct ieee80211_hw *hw,
697 				struct ieee80211_chanctx_conf *conf,
698 				void *data)
699 {
700 	struct cfg80211_chan_def **def = data;
701 
702 	*def = &conf->def;
703 }
704 
705 static void ath10k_wait_for_peer_delete_done(struct ath10k *ar, u32 vdev_id,
706 					     const u8 *addr)
707 {
708 	unsigned long time_left;
709 	int ret;
710 
711 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
712 		ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
713 		if (ret) {
714 			ath10k_warn(ar, "failed wait for peer deleted");
715 			return;
716 		}
717 
718 		time_left = wait_for_completion_timeout(&ar->peer_delete_done,
719 							5 * HZ);
720 		if (!time_left)
721 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
722 	}
723 }
724 
725 static int ath10k_peer_create(struct ath10k *ar,
726 			      struct ieee80211_vif *vif,
727 			      struct ieee80211_sta *sta,
728 			      u32 vdev_id,
729 			      const u8 *addr,
730 			      enum wmi_peer_type peer_type)
731 {
732 	struct ath10k_vif *arvif;
733 	struct ath10k_peer *peer;
734 	int num_peers = 0;
735 	int ret;
736 
737 	lockdep_assert_held(&ar->conf_mutex);
738 
739 	num_peers = ar->num_peers;
740 
741 	/* Each vdev consumes a peer entry as well */
742 	list_for_each_entry(arvif, &ar->arvifs, list)
743 		num_peers++;
744 
745 	if (num_peers >= ar->max_num_peers)
746 		return -ENOBUFS;
747 
748 	ret = ath10k_wmi_peer_create(ar, vdev_id, addr, peer_type);
749 	if (ret) {
750 		ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
751 			    addr, vdev_id, ret);
752 		return ret;
753 	}
754 
755 	ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
756 	if (ret) {
757 		ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
758 			    addr, vdev_id, ret);
759 		return ret;
760 	}
761 
762 	spin_lock_bh(&ar->data_lock);
763 
764 	peer = ath10k_peer_find(ar, vdev_id, addr);
765 	if (!peer) {
766 		spin_unlock_bh(&ar->data_lock);
767 		ath10k_warn(ar, "failed to find peer %pM on vdev %i after creation\n",
768 			    addr, vdev_id);
769 		ath10k_wait_for_peer_delete_done(ar, vdev_id, addr);
770 		return -ENOENT;
771 	}
772 
773 	peer->vif = vif;
774 	peer->sta = sta;
775 
776 	spin_unlock_bh(&ar->data_lock);
777 
778 	ar->num_peers++;
779 
780 	return 0;
781 }
782 
783 static int ath10k_mac_set_kickout(struct ath10k_vif *arvif)
784 {
785 	struct ath10k *ar = arvif->ar;
786 	u32 param;
787 	int ret;
788 
789 	param = ar->wmi.pdev_param->sta_kickout_th;
790 	ret = ath10k_wmi_pdev_set_param(ar, param,
791 					ATH10K_KICKOUT_THRESHOLD);
792 	if (ret) {
793 		ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
794 			    arvif->vdev_id, ret);
795 		return ret;
796 	}
797 
798 	param = ar->wmi.vdev_param->ap_keepalive_min_idle_inactive_time_secs;
799 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
800 					ATH10K_KEEPALIVE_MIN_IDLE);
801 	if (ret) {
802 		ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
803 			    arvif->vdev_id, ret);
804 		return ret;
805 	}
806 
807 	param = ar->wmi.vdev_param->ap_keepalive_max_idle_inactive_time_secs;
808 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
809 					ATH10K_KEEPALIVE_MAX_IDLE);
810 	if (ret) {
811 		ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
812 			    arvif->vdev_id, ret);
813 		return ret;
814 	}
815 
816 	param = ar->wmi.vdev_param->ap_keepalive_max_unresponsive_time_secs;
817 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
818 					ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
819 	if (ret) {
820 		ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
821 			    arvif->vdev_id, ret);
822 		return ret;
823 	}
824 
825 	return 0;
826 }
827 
828 static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
829 {
830 	struct ath10k *ar = arvif->ar;
831 	u32 vdev_param;
832 
833 	vdev_param = ar->wmi.vdev_param->rts_threshold;
834 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
835 }
836 
837 static int ath10k_peer_delete(struct ath10k *ar, u32 vdev_id, const u8 *addr)
838 {
839 	int ret;
840 
841 	lockdep_assert_held(&ar->conf_mutex);
842 
843 	ret = ath10k_wmi_peer_delete(ar, vdev_id, addr);
844 	if (ret)
845 		return ret;
846 
847 	ret = ath10k_wait_for_peer_deleted(ar, vdev_id, addr);
848 	if (ret)
849 		return ret;
850 
851 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
852 		unsigned long time_left;
853 
854 		time_left = wait_for_completion_timeout
855 			    (&ar->peer_delete_done, 5 * HZ);
856 
857 		if (!time_left) {
858 			ath10k_warn(ar, "Timeout in receiving peer delete response\n");
859 			return -ETIMEDOUT;
860 		}
861 	}
862 
863 	ar->num_peers--;
864 
865 	return 0;
866 }
867 
868 static void ath10k_peer_map_cleanup(struct ath10k *ar, struct ath10k_peer *peer)
869 {
870 	int peer_id, i;
871 
872 	lockdep_assert_held(&ar->conf_mutex);
873 
874 	for_each_set_bit(peer_id, peer->peer_ids,
875 			 ATH10K_MAX_NUM_PEER_IDS) {
876 		ar->peer_map[peer_id] = NULL;
877 	}
878 
879 	/* Double check that peer is properly un-referenced from
880 	 * the peer_map
881 	 */
882 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
883 		if (ar->peer_map[i] == peer) {
884 			ath10k_warn(ar, "removing stale peer_map entry for %pM (ptr %pK idx %d)\n",
885 				    peer->addr, peer, i);
886 			ar->peer_map[i] = NULL;
887 		}
888 	}
889 
890 	list_del(&peer->list);
891 	kfree(peer);
892 	ar->num_peers--;
893 }
894 
895 static void ath10k_peer_cleanup(struct ath10k *ar, u32 vdev_id)
896 {
897 	struct ath10k_peer *peer, *tmp;
898 
899 	lockdep_assert_held(&ar->conf_mutex);
900 
901 	spin_lock_bh(&ar->data_lock);
902 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
903 		if (peer->vdev_id != vdev_id)
904 			continue;
905 
906 		ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
907 			    peer->addr, vdev_id);
908 
909 		ath10k_peer_map_cleanup(ar, peer);
910 	}
911 	spin_unlock_bh(&ar->data_lock);
912 }
913 
914 static void ath10k_peer_cleanup_all(struct ath10k *ar)
915 {
916 	struct ath10k_peer *peer, *tmp;
917 	int i;
918 
919 	lockdep_assert_held(&ar->conf_mutex);
920 
921 	spin_lock_bh(&ar->data_lock);
922 	list_for_each_entry_safe(peer, tmp, &ar->peers, list) {
923 		list_del(&peer->list);
924 		kfree(peer);
925 	}
926 
927 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++)
928 		ar->peer_map[i] = NULL;
929 
930 	spin_unlock_bh(&ar->data_lock);
931 
932 	ar->num_peers = 0;
933 	ar->num_stations = 0;
934 }
935 
936 static int ath10k_mac_tdls_peer_update(struct ath10k *ar, u32 vdev_id,
937 				       struct ieee80211_sta *sta,
938 				       enum wmi_tdls_peer_state state)
939 {
940 	int ret;
941 	struct wmi_tdls_peer_update_cmd_arg arg = {};
942 	struct wmi_tdls_peer_capab_arg cap = {};
943 	struct wmi_channel_arg chan_arg = {};
944 
945 	lockdep_assert_held(&ar->conf_mutex);
946 
947 	arg.vdev_id = vdev_id;
948 	arg.peer_state = state;
949 	ether_addr_copy(arg.addr, sta->addr);
950 
951 	cap.peer_max_sp = sta->max_sp;
952 	cap.peer_uapsd_queues = sta->uapsd_queues;
953 
954 	if (state == WMI_TDLS_PEER_STATE_CONNECTED &&
955 	    !sta->tdls_initiator)
956 		cap.is_peer_responder = 1;
957 
958 	ret = ath10k_wmi_tdls_peer_update(ar, &arg, &cap, &chan_arg);
959 	if (ret) {
960 		ath10k_warn(ar, "failed to update tdls peer %pM on vdev %i: %i\n",
961 			    arg.addr, vdev_id, ret);
962 		return ret;
963 	}
964 
965 	return 0;
966 }
967 
968 /************************/
969 /* Interface management */
970 /************************/
971 
972 void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
973 {
974 	struct ath10k *ar = arvif->ar;
975 
976 	lockdep_assert_held(&ar->data_lock);
977 
978 	if (!arvif->beacon)
979 		return;
980 
981 	if (!arvif->beacon_buf)
982 		dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
983 				 arvif->beacon->len, DMA_TO_DEVICE);
984 
985 	if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
986 		    arvif->beacon_state != ATH10K_BEACON_SENT))
987 		return;
988 
989 	dev_kfree_skb_any(arvif->beacon);
990 
991 	arvif->beacon = NULL;
992 	arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
993 }
994 
995 static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
996 {
997 	struct ath10k *ar = arvif->ar;
998 
999 	lockdep_assert_held(&ar->data_lock);
1000 
1001 	ath10k_mac_vif_beacon_free(arvif);
1002 
1003 	if (arvif->beacon_buf) {
1004 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
1005 			kfree(arvif->beacon_buf);
1006 		else
1007 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
1008 					  arvif->beacon_buf,
1009 					  arvif->beacon_paddr);
1010 		arvif->beacon_buf = NULL;
1011 	}
1012 }
1013 
1014 static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
1015 {
1016 	unsigned long time_left;
1017 
1018 	lockdep_assert_held(&ar->conf_mutex);
1019 
1020 	if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
1021 		return -ESHUTDOWN;
1022 
1023 	time_left = wait_for_completion_timeout(&ar->vdev_setup_done,
1024 						ATH10K_VDEV_SETUP_TIMEOUT_HZ);
1025 	if (time_left == 0)
1026 		return -ETIMEDOUT;
1027 
1028 	return ar->last_wmi_vdev_start_status;
1029 }
1030 
1031 static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
1032 {
1033 	struct cfg80211_chan_def *chandef = NULL;
1034 	struct ieee80211_channel *channel = NULL;
1035 	struct wmi_vdev_start_request_arg arg = {};
1036 	int ret = 0;
1037 
1038 	lockdep_assert_held(&ar->conf_mutex);
1039 
1040 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1041 					    ath10k_mac_get_any_chandef_iter,
1042 					    &chandef);
1043 	if (WARN_ON_ONCE(!chandef))
1044 		return -ENOENT;
1045 
1046 	channel = chandef->chan;
1047 
1048 	arg.vdev_id = vdev_id;
1049 	arg.channel.freq = channel->center_freq;
1050 	arg.channel.band_center_freq1 = chandef->center_freq1;
1051 	arg.channel.band_center_freq2 = chandef->center_freq2;
1052 
1053 	/* TODO setup this dynamically, what in case we
1054 	 * don't have any vifs?
1055 	 */
1056 	arg.channel.mode = chan_to_phymode(chandef);
1057 	arg.channel.chan_radar =
1058 			!!(channel->flags & IEEE80211_CHAN_RADAR);
1059 
1060 	arg.channel.min_power = 0;
1061 	arg.channel.max_power = channel->max_power * 2;
1062 	arg.channel.max_reg_power = channel->max_reg_power * 2;
1063 	arg.channel.max_antenna_gain = channel->max_antenna_gain;
1064 
1065 	reinit_completion(&ar->vdev_setup_done);
1066 	reinit_completion(&ar->vdev_delete_done);
1067 
1068 	ret = ath10k_wmi_vdev_start(ar, &arg);
1069 	if (ret) {
1070 		ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
1071 			    vdev_id, ret);
1072 		return ret;
1073 	}
1074 
1075 	ret = ath10k_vdev_setup_sync(ar);
1076 	if (ret) {
1077 		ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
1078 			    vdev_id, ret);
1079 		return ret;
1080 	}
1081 
1082 	ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
1083 	if (ret) {
1084 		ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
1085 			    vdev_id, ret);
1086 		goto vdev_stop;
1087 	}
1088 
1089 	ar->monitor_vdev_id = vdev_id;
1090 
1091 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
1092 		   ar->monitor_vdev_id);
1093 	return 0;
1094 
1095 vdev_stop:
1096 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1097 	if (ret)
1098 		ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
1099 			    ar->monitor_vdev_id, ret);
1100 
1101 	return ret;
1102 }
1103 
1104 static int ath10k_monitor_vdev_stop(struct ath10k *ar)
1105 {
1106 	int ret = 0;
1107 
1108 	lockdep_assert_held(&ar->conf_mutex);
1109 
1110 	ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
1111 	if (ret)
1112 		ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
1113 			    ar->monitor_vdev_id, ret);
1114 
1115 	reinit_completion(&ar->vdev_setup_done);
1116 	reinit_completion(&ar->vdev_delete_done);
1117 
1118 	ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
1119 	if (ret)
1120 		ath10k_warn(ar, "failed to request monitor vdev %i stop: %d\n",
1121 			    ar->monitor_vdev_id, ret);
1122 
1123 	ret = ath10k_vdev_setup_sync(ar);
1124 	if (ret)
1125 		ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
1126 			    ar->monitor_vdev_id, ret);
1127 
1128 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
1129 		   ar->monitor_vdev_id);
1130 	return ret;
1131 }
1132 
1133 static int ath10k_monitor_vdev_create(struct ath10k *ar)
1134 {
1135 	int bit, ret = 0;
1136 
1137 	lockdep_assert_held(&ar->conf_mutex);
1138 
1139 	if (ar->free_vdev_map == 0) {
1140 		ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
1141 		return -ENOMEM;
1142 	}
1143 
1144 	bit = __ffs64(ar->free_vdev_map);
1145 
1146 	ar->monitor_vdev_id = bit;
1147 
1148 	ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
1149 				     WMI_VDEV_TYPE_MONITOR,
1150 				     0, ar->mac_addr);
1151 	if (ret) {
1152 		ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
1153 			    ar->monitor_vdev_id, ret);
1154 		return ret;
1155 	}
1156 
1157 	ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
1158 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
1159 		   ar->monitor_vdev_id);
1160 
1161 	return 0;
1162 }
1163 
1164 static int ath10k_monitor_vdev_delete(struct ath10k *ar)
1165 {
1166 	int ret = 0;
1167 
1168 	lockdep_assert_held(&ar->conf_mutex);
1169 
1170 	ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
1171 	if (ret) {
1172 		ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
1173 			    ar->monitor_vdev_id, ret);
1174 		return ret;
1175 	}
1176 
1177 	ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
1178 
1179 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
1180 		   ar->monitor_vdev_id);
1181 	return ret;
1182 }
1183 
1184 static int ath10k_monitor_start(struct ath10k *ar)
1185 {
1186 	int ret;
1187 
1188 	lockdep_assert_held(&ar->conf_mutex);
1189 
1190 	ret = ath10k_monitor_vdev_create(ar);
1191 	if (ret) {
1192 		ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
1193 		return ret;
1194 	}
1195 
1196 	ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
1197 	if (ret) {
1198 		ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
1199 		ath10k_monitor_vdev_delete(ar);
1200 		return ret;
1201 	}
1202 
1203 	ar->monitor_started = true;
1204 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
1205 
1206 	return 0;
1207 }
1208 
1209 static int ath10k_monitor_stop(struct ath10k *ar)
1210 {
1211 	int ret;
1212 
1213 	lockdep_assert_held(&ar->conf_mutex);
1214 
1215 	ret = ath10k_monitor_vdev_stop(ar);
1216 	if (ret) {
1217 		ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
1218 		return ret;
1219 	}
1220 
1221 	ret = ath10k_monitor_vdev_delete(ar);
1222 	if (ret) {
1223 		ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
1224 		return ret;
1225 	}
1226 
1227 	ar->monitor_started = false;
1228 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
1229 
1230 	return 0;
1231 }
1232 
1233 static bool ath10k_mac_monitor_vdev_is_needed(struct ath10k *ar)
1234 {
1235 	int num_ctx;
1236 
1237 	/* At least one chanctx is required to derive a channel to start
1238 	 * monitor vdev on.
1239 	 */
1240 	num_ctx = ath10k_mac_num_chanctxs(ar);
1241 	if (num_ctx == 0)
1242 		return false;
1243 
1244 	/* If there's already an existing special monitor interface then don't
1245 	 * bother creating another monitor vdev.
1246 	 */
1247 	if (ar->monitor_arvif)
1248 		return false;
1249 
1250 	return ar->monitor ||
1251 	       (!test_bit(ATH10K_FW_FEATURE_ALLOWS_MESH_BCAST,
1252 			  ar->running_fw->fw_file.fw_features) &&
1253 		(ar->filter_flags & FIF_OTHER_BSS)) ||
1254 	       test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1255 }
1256 
1257 static bool ath10k_mac_monitor_vdev_is_allowed(struct ath10k *ar)
1258 {
1259 	int num_ctx;
1260 
1261 	num_ctx = ath10k_mac_num_chanctxs(ar);
1262 
1263 	/* FIXME: Current interface combinations and cfg80211/mac80211 code
1264 	 * shouldn't allow this but make sure to prevent handling the following
1265 	 * case anyway since multi-channel DFS hasn't been tested at all.
1266 	 */
1267 	if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags) && num_ctx > 1)
1268 		return false;
1269 
1270 	return true;
1271 }
1272 
1273 static int ath10k_monitor_recalc(struct ath10k *ar)
1274 {
1275 	bool needed;
1276 	bool allowed;
1277 	int ret;
1278 
1279 	lockdep_assert_held(&ar->conf_mutex);
1280 
1281 	needed = ath10k_mac_monitor_vdev_is_needed(ar);
1282 	allowed = ath10k_mac_monitor_vdev_is_allowed(ar);
1283 
1284 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1285 		   "mac monitor recalc started? %d needed? %d allowed? %d\n",
1286 		   ar->monitor_started, needed, allowed);
1287 
1288 	if (WARN_ON(needed && !allowed)) {
1289 		if (ar->monitor_started) {
1290 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopping disallowed monitor\n");
1291 
1292 			ret = ath10k_monitor_stop(ar);
1293 			if (ret)
1294 				ath10k_warn(ar, "failed to stop disallowed monitor: %d\n",
1295 					    ret);
1296 				/* not serious */
1297 		}
1298 
1299 		return -EPERM;
1300 	}
1301 
1302 	if (needed == ar->monitor_started)
1303 		return 0;
1304 
1305 	if (needed)
1306 		return ath10k_monitor_start(ar);
1307 	else
1308 		return ath10k_monitor_stop(ar);
1309 }
1310 
1311 static bool ath10k_mac_can_set_cts_prot(struct ath10k_vif *arvif)
1312 {
1313 	struct ath10k *ar = arvif->ar;
1314 
1315 	lockdep_assert_held(&ar->conf_mutex);
1316 
1317 	if (!arvif->is_started) {
1318 		ath10k_dbg(ar, ATH10K_DBG_MAC, "defer cts setup, vdev is not ready yet\n");
1319 		return false;
1320 	}
1321 
1322 	return true;
1323 }
1324 
1325 static int ath10k_mac_set_cts_prot(struct ath10k_vif *arvif)
1326 {
1327 	struct ath10k *ar = arvif->ar;
1328 	u32 vdev_param;
1329 
1330 	lockdep_assert_held(&ar->conf_mutex);
1331 
1332 	vdev_param = ar->wmi.vdev_param->protection_mode;
1333 
1334 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_protection %d\n",
1335 		   arvif->vdev_id, arvif->use_cts_prot);
1336 
1337 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1338 					 arvif->use_cts_prot ? 1 : 0);
1339 }
1340 
1341 static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
1342 {
1343 	struct ath10k *ar = arvif->ar;
1344 	u32 vdev_param, rts_cts = 0;
1345 
1346 	lockdep_assert_held(&ar->conf_mutex);
1347 
1348 	vdev_param = ar->wmi.vdev_param->enable_rtscts;
1349 
1350 	rts_cts |= SM(WMI_RTSCTS_ENABLED, WMI_RTSCTS_SET);
1351 
1352 	if (arvif->num_legacy_stations > 0)
1353 		rts_cts |= SM(WMI_RTSCTS_ACROSS_SW_RETRIES,
1354 			      WMI_RTSCTS_PROFILE);
1355 	else
1356 		rts_cts |= SM(WMI_RTSCTS_FOR_SECOND_RATESERIES,
1357 			      WMI_RTSCTS_PROFILE);
1358 
1359 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d recalc rts/cts prot %d\n",
1360 		   arvif->vdev_id, rts_cts);
1361 
1362 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
1363 					 rts_cts);
1364 }
1365 
1366 static int ath10k_start_cac(struct ath10k *ar)
1367 {
1368 	int ret;
1369 
1370 	lockdep_assert_held(&ar->conf_mutex);
1371 
1372 	set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1373 
1374 	ret = ath10k_monitor_recalc(ar);
1375 	if (ret) {
1376 		ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
1377 		clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1378 		return ret;
1379 	}
1380 
1381 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
1382 		   ar->monitor_vdev_id);
1383 
1384 	return 0;
1385 }
1386 
1387 static int ath10k_stop_cac(struct ath10k *ar)
1388 {
1389 	lockdep_assert_held(&ar->conf_mutex);
1390 
1391 	/* CAC is not running - do nothing */
1392 	if (!test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags))
1393 		return 0;
1394 
1395 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
1396 	ath10k_monitor_stop(ar);
1397 
1398 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
1399 
1400 	return 0;
1401 }
1402 
1403 static void ath10k_mac_has_radar_iter(struct ieee80211_hw *hw,
1404 				      struct ieee80211_chanctx_conf *conf,
1405 				      void *data)
1406 {
1407 	bool *ret = data;
1408 
1409 	if (!*ret && conf->radar_enabled)
1410 		*ret = true;
1411 }
1412 
1413 static bool ath10k_mac_has_radar_enabled(struct ath10k *ar)
1414 {
1415 	bool has_radar = false;
1416 
1417 	ieee80211_iter_chan_contexts_atomic(ar->hw,
1418 					    ath10k_mac_has_radar_iter,
1419 					    &has_radar);
1420 
1421 	return has_radar;
1422 }
1423 
1424 static void ath10k_recalc_radar_detection(struct ath10k *ar)
1425 {
1426 	int ret;
1427 
1428 	lockdep_assert_held(&ar->conf_mutex);
1429 
1430 	ath10k_stop_cac(ar);
1431 
1432 	if (!ath10k_mac_has_radar_enabled(ar))
1433 		return;
1434 
1435 	if (ar->num_started_vdevs > 0)
1436 		return;
1437 
1438 	ret = ath10k_start_cac(ar);
1439 	if (ret) {
1440 		/*
1441 		 * Not possible to start CAC on current channel so starting
1442 		 * radiation is not allowed, make this channel DFS_UNAVAILABLE
1443 		 * by indicating that radar was detected.
1444 		 */
1445 		ath10k_warn(ar, "failed to start CAC: %d\n", ret);
1446 		ieee80211_radar_detected(ar->hw);
1447 	}
1448 }
1449 
1450 static int ath10k_vdev_stop(struct ath10k_vif *arvif)
1451 {
1452 	struct ath10k *ar = arvif->ar;
1453 	int ret;
1454 
1455 	lockdep_assert_held(&ar->conf_mutex);
1456 
1457 	reinit_completion(&ar->vdev_setup_done);
1458 	reinit_completion(&ar->vdev_delete_done);
1459 
1460 	ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
1461 	if (ret) {
1462 		ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
1463 			    arvif->vdev_id, ret);
1464 		return ret;
1465 	}
1466 
1467 	ret = ath10k_vdev_setup_sync(ar);
1468 	if (ret) {
1469 		ath10k_warn(ar, "failed to synchronize setup for vdev %i: %d\n",
1470 			    arvif->vdev_id, ret);
1471 		return ret;
1472 	}
1473 
1474 	WARN_ON(ar->num_started_vdevs == 0);
1475 
1476 	if (ar->num_started_vdevs != 0) {
1477 		ar->num_started_vdevs--;
1478 		ath10k_recalc_radar_detection(ar);
1479 	}
1480 
1481 	return ret;
1482 }
1483 
1484 static int ath10k_vdev_start_restart(struct ath10k_vif *arvif,
1485 				     const struct cfg80211_chan_def *chandef,
1486 				     bool restart)
1487 {
1488 	struct ath10k *ar = arvif->ar;
1489 	struct wmi_vdev_start_request_arg arg = {};
1490 	int ret = 0;
1491 
1492 	lockdep_assert_held(&ar->conf_mutex);
1493 
1494 	reinit_completion(&ar->vdev_setup_done);
1495 	reinit_completion(&ar->vdev_delete_done);
1496 
1497 	arg.vdev_id = arvif->vdev_id;
1498 	arg.dtim_period = arvif->dtim_period;
1499 	arg.bcn_intval = arvif->beacon_interval;
1500 
1501 	arg.channel.freq = chandef->chan->center_freq;
1502 	arg.channel.band_center_freq1 = chandef->center_freq1;
1503 	arg.channel.band_center_freq2 = chandef->center_freq2;
1504 	arg.channel.mode = chan_to_phymode(chandef);
1505 
1506 	arg.channel.min_power = 0;
1507 	arg.channel.max_power = chandef->chan->max_power * 2;
1508 	arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
1509 	arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
1510 
1511 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
1512 		arg.ssid = arvif->u.ap.ssid;
1513 		arg.ssid_len = arvif->u.ap.ssid_len;
1514 		arg.hidden_ssid = arvif->u.ap.hidden_ssid;
1515 
1516 		/* For now allow DFS for AP mode */
1517 		arg.channel.chan_radar =
1518 			!!(chandef->chan->flags & IEEE80211_CHAN_RADAR);
1519 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
1520 		arg.ssid = arvif->vif->cfg.ssid;
1521 		arg.ssid_len = arvif->vif->cfg.ssid_len;
1522 	}
1523 
1524 	ath10k_dbg(ar, ATH10K_DBG_MAC,
1525 		   "mac vdev %d start center_freq %d phymode %s\n",
1526 		   arg.vdev_id, arg.channel.freq,
1527 		   ath10k_wmi_phymode_str(arg.channel.mode));
1528 
1529 	if (restart)
1530 		ret = ath10k_wmi_vdev_restart(ar, &arg);
1531 	else
1532 		ret = ath10k_wmi_vdev_start(ar, &arg);
1533 
1534 	if (ret) {
1535 		ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
1536 			    arg.vdev_id, ret);
1537 		return ret;
1538 	}
1539 
1540 	ret = ath10k_vdev_setup_sync(ar);
1541 	if (ret) {
1542 		ath10k_warn(ar,
1543 			    "failed to synchronize setup for vdev %i restart %d: %d\n",
1544 			    arg.vdev_id, restart, ret);
1545 		return ret;
1546 	}
1547 
1548 	ar->num_started_vdevs++;
1549 	ath10k_recalc_radar_detection(ar);
1550 
1551 	return ret;
1552 }
1553 
1554 static int ath10k_vdev_start(struct ath10k_vif *arvif,
1555 			     const struct cfg80211_chan_def *def)
1556 {
1557 	return ath10k_vdev_start_restart(arvif, def, false);
1558 }
1559 
1560 static int ath10k_vdev_restart(struct ath10k_vif *arvif,
1561 			       const struct cfg80211_chan_def *def)
1562 {
1563 	return ath10k_vdev_start_restart(arvif, def, true);
1564 }
1565 
1566 static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
1567 				       struct sk_buff *bcn)
1568 {
1569 	struct ath10k *ar = arvif->ar;
1570 	struct ieee80211_mgmt *mgmt;
1571 	const u8 *p2p_ie;
1572 	int ret;
1573 
1574 	if (arvif->vif->type != NL80211_IFTYPE_AP || !arvif->vif->p2p)
1575 		return 0;
1576 
1577 	mgmt = (void *)bcn->data;
1578 	p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1579 					 mgmt->u.beacon.variable,
1580 					 bcn->len - (mgmt->u.beacon.variable -
1581 						     bcn->data));
1582 	if (!p2p_ie)
1583 		return -ENOENT;
1584 
1585 	ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
1586 	if (ret) {
1587 		ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
1588 			    arvif->vdev_id, ret);
1589 		return ret;
1590 	}
1591 
1592 	return 0;
1593 }
1594 
1595 static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
1596 				       u8 oui_type, size_t ie_offset)
1597 {
1598 	size_t len;
1599 	const u8 *next;
1600 	const u8 *end;
1601 	u8 *ie;
1602 
1603 	if (WARN_ON(skb->len < ie_offset))
1604 		return -EINVAL;
1605 
1606 	ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
1607 					   skb->data + ie_offset,
1608 					   skb->len - ie_offset);
1609 	if (!ie)
1610 		return -ENOENT;
1611 
1612 	len = ie[1] + 2;
1613 	end = skb->data + skb->len;
1614 	next = ie + len;
1615 
1616 	if (WARN_ON(next > end))
1617 		return -EINVAL;
1618 
1619 	memmove(ie, next, end - next);
1620 	skb_trim(skb, skb->len - len);
1621 
1622 	return 0;
1623 }
1624 
1625 static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
1626 {
1627 	struct ath10k *ar = arvif->ar;
1628 	struct ieee80211_hw *hw = ar->hw;
1629 	struct ieee80211_vif *vif = arvif->vif;
1630 	struct ieee80211_mutable_offsets offs = {};
1631 	struct sk_buff *bcn;
1632 	int ret;
1633 
1634 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1635 		return 0;
1636 
1637 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
1638 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
1639 		return 0;
1640 
1641 	bcn = ieee80211_beacon_get_template(hw, vif, &offs, 0);
1642 	if (!bcn) {
1643 		ath10k_warn(ar, "failed to get beacon template from mac80211\n");
1644 		return -EPERM;
1645 	}
1646 
1647 	ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
1648 	if (ret) {
1649 		ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
1650 		kfree_skb(bcn);
1651 		return ret;
1652 	}
1653 
1654 	/* P2P IE is inserted by firmware automatically (as configured above)
1655 	 * so remove it from the base beacon template to avoid duplicate P2P
1656 	 * IEs in beacon frames.
1657 	 */
1658 	ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
1659 				    offsetof(struct ieee80211_mgmt,
1660 					     u.beacon.variable));
1661 
1662 	ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
1663 				  0, NULL, 0);
1664 	kfree_skb(bcn);
1665 
1666 	if (ret) {
1667 		ath10k_warn(ar, "failed to submit beacon template command: %d\n",
1668 			    ret);
1669 		return ret;
1670 	}
1671 
1672 	return 0;
1673 }
1674 
1675 static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
1676 {
1677 	struct ath10k *ar = arvif->ar;
1678 	struct ieee80211_hw *hw = ar->hw;
1679 	struct ieee80211_vif *vif = arvif->vif;
1680 	struct sk_buff *prb;
1681 	int ret;
1682 
1683 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1684 		return 0;
1685 
1686 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
1687 		return 0;
1688 
1689 	 /* For mesh, probe response and beacon share the same template */
1690 	if (ieee80211_vif_is_mesh(vif))
1691 		return 0;
1692 
1693 	prb = ieee80211_proberesp_get(hw, vif);
1694 	if (!prb) {
1695 		ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
1696 		return -EPERM;
1697 	}
1698 
1699 	ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
1700 	kfree_skb(prb);
1701 
1702 	if (ret) {
1703 		ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
1704 			    ret);
1705 		return ret;
1706 	}
1707 
1708 	return 0;
1709 }
1710 
1711 static int ath10k_mac_vif_fix_hidden_ssid(struct ath10k_vif *arvif)
1712 {
1713 	struct ath10k *ar = arvif->ar;
1714 	struct cfg80211_chan_def def;
1715 	int ret;
1716 
1717 	/* When originally vdev is started during assign_vif_chanctx() some
1718 	 * information is missing, notably SSID. Firmware revisions with beacon
1719 	 * offloading require the SSID to be provided during vdev (re)start to
1720 	 * handle hidden SSID properly.
1721 	 *
1722 	 * Vdev restart must be done after vdev has been both started and
1723 	 * upped. Otherwise some firmware revisions (at least 10.2) fail to
1724 	 * deliver vdev restart response event causing timeouts during vdev
1725 	 * syncing in ath10k.
1726 	 *
1727 	 * Note: The vdev down/up and template reinstallation could be skipped
1728 	 * since only wmi-tlv firmware are known to have beacon offload and
1729 	 * wmi-tlv doesn't seem to misbehave like 10.2 wrt vdev restart
1730 	 * response delivery. It's probably more robust to keep it as is.
1731 	 */
1732 	if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
1733 		return 0;
1734 
1735 	if (WARN_ON(!arvif->is_started))
1736 		return -EINVAL;
1737 
1738 	if (WARN_ON(!arvif->is_up))
1739 		return -EINVAL;
1740 
1741 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
1742 		return -EINVAL;
1743 
1744 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1745 	if (ret) {
1746 		ath10k_warn(ar, "failed to bring down ap vdev %i: %d\n",
1747 			    arvif->vdev_id, ret);
1748 		return ret;
1749 	}
1750 
1751 	/* Vdev down reset beacon & presp templates. Reinstall them. Otherwise
1752 	 * firmware will crash upon vdev up.
1753 	 */
1754 
1755 	ret = ath10k_mac_setup_bcn_tmpl(arvif);
1756 	if (ret) {
1757 		ath10k_warn(ar, "failed to update beacon template: %d\n", ret);
1758 		return ret;
1759 	}
1760 
1761 	ret = ath10k_mac_setup_prb_tmpl(arvif);
1762 	if (ret) {
1763 		ath10k_warn(ar, "failed to update presp template: %d\n", ret);
1764 		return ret;
1765 	}
1766 
1767 	ret = ath10k_vdev_restart(arvif, &def);
1768 	if (ret) {
1769 		ath10k_warn(ar, "failed to restart ap vdev %i: %d\n",
1770 			    arvif->vdev_id, ret);
1771 		return ret;
1772 	}
1773 
1774 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1775 				 arvif->bssid);
1776 	if (ret) {
1777 		ath10k_warn(ar, "failed to bring up ap vdev %i: %d\n",
1778 			    arvif->vdev_id, ret);
1779 		return ret;
1780 	}
1781 
1782 	return 0;
1783 }
1784 
1785 static void ath10k_control_beaconing(struct ath10k_vif *arvif,
1786 				     struct ieee80211_bss_conf *info)
1787 {
1788 	struct ath10k *ar = arvif->ar;
1789 	int ret = 0;
1790 
1791 	lockdep_assert_held(&arvif->ar->conf_mutex);
1792 
1793 	if (!info->enable_beacon) {
1794 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
1795 		if (ret)
1796 			ath10k_warn(ar, "failed to down vdev_id %i: %d\n",
1797 				    arvif->vdev_id, ret);
1798 
1799 		arvif->is_up = false;
1800 
1801 		spin_lock_bh(&arvif->ar->data_lock);
1802 		ath10k_mac_vif_beacon_free(arvif);
1803 		spin_unlock_bh(&arvif->ar->data_lock);
1804 
1805 		return;
1806 	}
1807 
1808 	arvif->tx_seq_no = 0x1000;
1809 
1810 	arvif->aid = 0;
1811 	ether_addr_copy(arvif->bssid, info->bssid);
1812 
1813 	ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
1814 				 arvif->bssid);
1815 	if (ret) {
1816 		ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
1817 			    arvif->vdev_id, ret);
1818 		return;
1819 	}
1820 
1821 	arvif->is_up = true;
1822 
1823 	ret = ath10k_mac_vif_fix_hidden_ssid(arvif);
1824 	if (ret) {
1825 		ath10k_warn(ar, "failed to fix hidden ssid for vdev %i, expect trouble: %d\n",
1826 			    arvif->vdev_id, ret);
1827 		return;
1828 	}
1829 
1830 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
1831 }
1832 
1833 static void ath10k_control_ibss(struct ath10k_vif *arvif,
1834 				struct ieee80211_vif *vif)
1835 {
1836 	struct ath10k *ar = arvif->ar;
1837 	u32 vdev_param;
1838 	int ret = 0;
1839 
1840 	lockdep_assert_held(&arvif->ar->conf_mutex);
1841 
1842 	if (!vif->cfg.ibss_joined) {
1843 		if (is_zero_ether_addr(arvif->bssid))
1844 			return;
1845 
1846 		eth_zero_addr(arvif->bssid);
1847 
1848 		return;
1849 	}
1850 
1851 	vdev_param = arvif->ar->wmi.vdev_param->atim_window;
1852 	ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
1853 					ATH10K_DEFAULT_ATIM);
1854 	if (ret)
1855 		ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
1856 			    arvif->vdev_id, ret);
1857 }
1858 
1859 static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
1860 {
1861 	struct ath10k *ar = arvif->ar;
1862 	u32 param;
1863 	u32 value;
1864 	int ret;
1865 
1866 	lockdep_assert_held(&arvif->ar->conf_mutex);
1867 
1868 	if (arvif->u.sta.uapsd)
1869 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
1870 	else
1871 		value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
1872 
1873 	param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
1874 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
1875 	if (ret) {
1876 		ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
1877 			    value, arvif->vdev_id, ret);
1878 		return ret;
1879 	}
1880 
1881 	return 0;
1882 }
1883 
1884 static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
1885 {
1886 	struct ath10k *ar = arvif->ar;
1887 	u32 param;
1888 	u32 value;
1889 	int ret;
1890 
1891 	lockdep_assert_held(&arvif->ar->conf_mutex);
1892 
1893 	if (arvif->u.sta.uapsd)
1894 		value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
1895 	else
1896 		value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
1897 
1898 	param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
1899 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
1900 					  param, value);
1901 	if (ret) {
1902 		ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
1903 			    value, arvif->vdev_id, ret);
1904 		return ret;
1905 	}
1906 
1907 	return 0;
1908 }
1909 
1910 static int ath10k_mac_num_vifs_started(struct ath10k *ar)
1911 {
1912 	struct ath10k_vif *arvif;
1913 	int num = 0;
1914 
1915 	lockdep_assert_held(&ar->conf_mutex);
1916 
1917 	list_for_each_entry(arvif, &ar->arvifs, list)
1918 		if (arvif->is_started)
1919 			num++;
1920 
1921 	return num;
1922 }
1923 
1924 static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
1925 {
1926 	struct ath10k *ar = arvif->ar;
1927 	struct ieee80211_vif *vif = arvif->vif;
1928 	struct ieee80211_conf *conf = &ar->hw->conf;
1929 	enum wmi_sta_powersave_param param;
1930 	enum wmi_sta_ps_mode psmode;
1931 	int ret;
1932 	int ps_timeout;
1933 	bool enable_ps;
1934 
1935 	lockdep_assert_held(&arvif->ar->conf_mutex);
1936 
1937 	if (arvif->vif->type != NL80211_IFTYPE_STATION)
1938 		return 0;
1939 
1940 	enable_ps = arvif->ps;
1941 
1942 	if (enable_ps && ath10k_mac_num_vifs_started(ar) > 1 &&
1943 	    !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
1944 		      ar->running_fw->fw_file.fw_features)) {
1945 		ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
1946 			    arvif->vdev_id);
1947 		enable_ps = false;
1948 	}
1949 
1950 	if (!arvif->is_started) {
1951 		/* mac80211 can update vif powersave state while disconnected.
1952 		 * Firmware doesn't behave nicely and consumes more power than
1953 		 * necessary if PS is disabled on a non-started vdev. Hence
1954 		 * force-enable PS for non-running vdevs.
1955 		 */
1956 		psmode = WMI_STA_PS_MODE_ENABLED;
1957 	} else if (enable_ps) {
1958 		psmode = WMI_STA_PS_MODE_ENABLED;
1959 		param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
1960 
1961 		ps_timeout = conf->dynamic_ps_timeout;
1962 		if (ps_timeout == 0) {
1963 			/* Firmware doesn't like 0 */
1964 			ps_timeout = ieee80211_tu_to_usec(
1965 				vif->bss_conf.beacon_int) / 1000;
1966 		}
1967 
1968 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
1969 						  ps_timeout);
1970 		if (ret) {
1971 			ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
1972 				    arvif->vdev_id, ret);
1973 			return ret;
1974 		}
1975 	} else {
1976 		psmode = WMI_STA_PS_MODE_DISABLED;
1977 	}
1978 
1979 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
1980 		   arvif->vdev_id, psmode ? "enable" : "disable");
1981 
1982 	ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
1983 	if (ret) {
1984 		ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
1985 			    psmode, arvif->vdev_id, ret);
1986 		return ret;
1987 	}
1988 
1989 	return 0;
1990 }
1991 
1992 static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
1993 {
1994 	struct ath10k *ar = arvif->ar;
1995 	struct wmi_sta_keepalive_arg arg = {};
1996 	int ret;
1997 
1998 	lockdep_assert_held(&arvif->ar->conf_mutex);
1999 
2000 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
2001 		return 0;
2002 
2003 	if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
2004 		return 0;
2005 
2006 	/* Some firmware revisions have a bug and ignore the `enabled` field.
2007 	 * Instead use the interval to disable the keepalive.
2008 	 */
2009 	arg.vdev_id = arvif->vdev_id;
2010 	arg.enabled = 1;
2011 	arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
2012 	arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
2013 
2014 	ret = ath10k_wmi_sta_keepalive(ar, &arg);
2015 	if (ret) {
2016 		ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
2017 			    arvif->vdev_id, ret);
2018 		return ret;
2019 	}
2020 
2021 	return 0;
2022 }
2023 
2024 static void ath10k_mac_vif_ap_csa_count_down(struct ath10k_vif *arvif)
2025 {
2026 	struct ath10k *ar = arvif->ar;
2027 	struct ieee80211_vif *vif = arvif->vif;
2028 	int ret;
2029 
2030 	lockdep_assert_held(&arvif->ar->conf_mutex);
2031 
2032 	if (WARN_ON(!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)))
2033 		return;
2034 
2035 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
2036 		return;
2037 
2038 	if (!vif->bss_conf.csa_active)
2039 		return;
2040 
2041 	if (!arvif->is_up)
2042 		return;
2043 
2044 	if (!ieee80211_beacon_cntdwn_is_complete(vif)) {
2045 		ieee80211_beacon_update_cntdwn(vif);
2046 
2047 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
2048 		if (ret)
2049 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
2050 				    ret);
2051 
2052 		ret = ath10k_mac_setup_prb_tmpl(arvif);
2053 		if (ret)
2054 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
2055 				    ret);
2056 	} else {
2057 		ieee80211_csa_finish(vif);
2058 	}
2059 }
2060 
2061 static void ath10k_mac_vif_ap_csa_work(struct work_struct *work)
2062 {
2063 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2064 						ap_csa_work);
2065 	struct ath10k *ar = arvif->ar;
2066 
2067 	mutex_lock(&ar->conf_mutex);
2068 	ath10k_mac_vif_ap_csa_count_down(arvif);
2069 	mutex_unlock(&ar->conf_mutex);
2070 }
2071 
2072 static void ath10k_mac_handle_beacon_iter(void *data, u8 *mac,
2073 					  struct ieee80211_vif *vif)
2074 {
2075 	struct sk_buff *skb = data;
2076 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2077 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2078 
2079 	if (vif->type != NL80211_IFTYPE_STATION)
2080 		return;
2081 
2082 	if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid))
2083 		return;
2084 
2085 	cancel_delayed_work(&arvif->connection_loss_work);
2086 }
2087 
2088 void ath10k_mac_handle_beacon(struct ath10k *ar, struct sk_buff *skb)
2089 {
2090 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2091 						   ATH10K_ITER_NORMAL_FLAGS,
2092 						   ath10k_mac_handle_beacon_iter,
2093 						   skb);
2094 }
2095 
2096 static void ath10k_mac_handle_beacon_miss_iter(void *data, u8 *mac,
2097 					       struct ieee80211_vif *vif)
2098 {
2099 	u32 *vdev_id = data;
2100 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2101 	struct ath10k *ar = arvif->ar;
2102 	struct ieee80211_hw *hw = ar->hw;
2103 
2104 	if (arvif->vdev_id != *vdev_id)
2105 		return;
2106 
2107 	if (!arvif->is_up)
2108 		return;
2109 
2110 	ieee80211_beacon_loss(vif);
2111 
2112 	/* Firmware doesn't report beacon loss events repeatedly. If AP probe
2113 	 * (done by mac80211) succeeds but beacons do not resume then it
2114 	 * doesn't make sense to continue operation. Queue connection loss work
2115 	 * which can be cancelled when beacon is received.
2116 	 */
2117 	ieee80211_queue_delayed_work(hw, &arvif->connection_loss_work,
2118 				     ATH10K_CONNECTION_LOSS_HZ);
2119 }
2120 
2121 void ath10k_mac_handle_beacon_miss(struct ath10k *ar, u32 vdev_id)
2122 {
2123 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
2124 						   ATH10K_ITER_NORMAL_FLAGS,
2125 						   ath10k_mac_handle_beacon_miss_iter,
2126 						   &vdev_id);
2127 }
2128 
2129 static void ath10k_mac_vif_sta_connection_loss_work(struct work_struct *work)
2130 {
2131 	struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
2132 						connection_loss_work.work);
2133 	struct ieee80211_vif *vif = arvif->vif;
2134 
2135 	if (!arvif->is_up)
2136 		return;
2137 
2138 	ieee80211_connection_loss(vif);
2139 }
2140 
2141 /**********************/
2142 /* Station management */
2143 /**********************/
2144 
2145 static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
2146 					     struct ieee80211_vif *vif)
2147 {
2148 	/* Some firmware revisions have unstable STA powersave when listen
2149 	 * interval is set too high (e.g. 5). The symptoms are firmware doesn't
2150 	 * generate NullFunc frames properly even if buffered frames have been
2151 	 * indicated in Beacon TIM. Firmware would seldom wake up to pull
2152 	 * buffered frames. Often pinging the device from AP would simply fail.
2153 	 *
2154 	 * As a workaround set it to 1.
2155 	 */
2156 	if (vif->type == NL80211_IFTYPE_STATION)
2157 		return 1;
2158 
2159 	return ar->hw->conf.listen_interval;
2160 }
2161 
2162 static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
2163 				      struct ieee80211_vif *vif,
2164 				      struct ieee80211_sta *sta,
2165 				      struct wmi_peer_assoc_complete_arg *arg)
2166 {
2167 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2168 	u32 aid;
2169 
2170 	lockdep_assert_held(&ar->conf_mutex);
2171 
2172 	if (vif->type == NL80211_IFTYPE_STATION)
2173 		aid = vif->cfg.aid;
2174 	else
2175 		aid = sta->aid;
2176 
2177 	ether_addr_copy(arg->addr, sta->addr);
2178 	arg->vdev_id = arvif->vdev_id;
2179 	arg->peer_aid = aid;
2180 	arg->peer_flags |= arvif->ar->wmi.peer_flags->auth;
2181 	arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
2182 	arg->peer_num_spatial_streams = 1;
2183 	arg->peer_caps = vif->bss_conf.assoc_capability;
2184 }
2185 
2186 static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
2187 				       struct ieee80211_vif *vif,
2188 				       struct ieee80211_sta *sta,
2189 				       struct wmi_peer_assoc_complete_arg *arg)
2190 {
2191 	struct ieee80211_bss_conf *info = &vif->bss_conf;
2192 	struct cfg80211_chan_def def;
2193 	struct cfg80211_bss *bss;
2194 	const u8 *rsnie = NULL;
2195 	const u8 *wpaie = NULL;
2196 
2197 	lockdep_assert_held(&ar->conf_mutex);
2198 
2199 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2200 		return;
2201 
2202 	bss = cfg80211_get_bss(ar->hw->wiphy, def.chan, info->bssid,
2203 			       vif->cfg.ssid_len ? vif->cfg.ssid : NULL,
2204 			       vif->cfg.ssid_len,
2205 			       IEEE80211_BSS_TYPE_ANY, IEEE80211_PRIVACY_ANY);
2206 	if (bss) {
2207 		const struct cfg80211_bss_ies *ies;
2208 
2209 		rcu_read_lock();
2210 		rsnie = ieee80211_bss_get_ie(bss, WLAN_EID_RSN);
2211 
2212 		ies = rcu_dereference(bss->ies);
2213 
2214 		wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
2215 						WLAN_OUI_TYPE_MICROSOFT_WPA,
2216 						ies->data,
2217 						ies->len);
2218 		rcu_read_unlock();
2219 		cfg80211_put_bss(ar->hw->wiphy, bss);
2220 	}
2221 
2222 	/* FIXME: base on RSN IE/WPA IE is a correct idea? */
2223 	if (rsnie || wpaie) {
2224 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
2225 		arg->peer_flags |= ar->wmi.peer_flags->need_ptk_4_way;
2226 	}
2227 
2228 	if (wpaie) {
2229 		ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
2230 		arg->peer_flags |= ar->wmi.peer_flags->need_gtk_2_way;
2231 	}
2232 
2233 	if (sta->mfp &&
2234 	    test_bit(ATH10K_FW_FEATURE_MFP_SUPPORT,
2235 		     ar->running_fw->fw_file.fw_features)) {
2236 		arg->peer_flags |= ar->wmi.peer_flags->pmf;
2237 	}
2238 }
2239 
2240 static void ath10k_peer_assoc_h_rates(struct ath10k *ar,
2241 				      struct ieee80211_vif *vif,
2242 				      struct ieee80211_sta *sta,
2243 				      struct wmi_peer_assoc_complete_arg *arg)
2244 {
2245 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2246 	struct wmi_rate_set_arg *rateset = &arg->peer_legacy_rates;
2247 	struct cfg80211_chan_def def;
2248 	const struct ieee80211_supported_band *sband;
2249 	const struct ieee80211_rate *rates;
2250 	enum nl80211_band band;
2251 	u32 ratemask;
2252 	u8 rate;
2253 	int i;
2254 
2255 	lockdep_assert_held(&ar->conf_mutex);
2256 
2257 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2258 		return;
2259 
2260 	band = def.chan->band;
2261 	sband = ar->hw->wiphy->bands[band];
2262 	ratemask = sta->deflink.supp_rates[band];
2263 	ratemask &= arvif->bitrate_mask.control[band].legacy;
2264 	rates = sband->bitrates;
2265 
2266 	rateset->num_rates = 0;
2267 
2268 	for (i = 0; i < 32; i++, ratemask >>= 1, rates++) {
2269 		if (!(ratemask & 1))
2270 			continue;
2271 
2272 		rate = ath10k_mac_bitrate_to_rate(rates->bitrate);
2273 		rateset->rates[rateset->num_rates] = rate;
2274 		rateset->num_rates++;
2275 	}
2276 }
2277 
2278 static bool
2279 ath10k_peer_assoc_h_ht_masked(const u8 ht_mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
2280 {
2281 	int nss;
2282 
2283 	for (nss = 0; nss < IEEE80211_HT_MCS_MASK_LEN; nss++)
2284 		if (ht_mcs_mask[nss])
2285 			return false;
2286 
2287 	return true;
2288 }
2289 
2290 static bool
2291 ath10k_peer_assoc_h_vht_masked(const u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
2292 {
2293 	int nss;
2294 
2295 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++)
2296 		if (vht_mcs_mask[nss])
2297 			return false;
2298 
2299 	return true;
2300 }
2301 
2302 static void ath10k_peer_assoc_h_ht(struct ath10k *ar,
2303 				   struct ieee80211_vif *vif,
2304 				   struct ieee80211_sta *sta,
2305 				   struct wmi_peer_assoc_complete_arg *arg)
2306 {
2307 	const struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
2308 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2309 	struct cfg80211_chan_def def;
2310 	enum nl80211_band band;
2311 	const u8 *ht_mcs_mask;
2312 	const u16 *vht_mcs_mask;
2313 	int i, n;
2314 	u8 max_nss;
2315 	u32 stbc;
2316 
2317 	lockdep_assert_held(&ar->conf_mutex);
2318 
2319 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2320 		return;
2321 
2322 	if (!ht_cap->ht_supported)
2323 		return;
2324 
2325 	band = def.chan->band;
2326 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2327 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2328 
2329 	if (ath10k_peer_assoc_h_ht_masked(ht_mcs_mask) &&
2330 	    ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2331 		return;
2332 
2333 	arg->peer_flags |= ar->wmi.peer_flags->ht;
2334 	arg->peer_max_mpdu = (1 << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2335 				    ht_cap->ampdu_factor)) - 1;
2336 
2337 	arg->peer_mpdu_density =
2338 		ath10k_parse_mpdudensity(ht_cap->ampdu_density);
2339 
2340 	arg->peer_ht_caps = ht_cap->cap;
2341 	arg->peer_rate_caps |= WMI_RC_HT_FLAG;
2342 
2343 	if (ht_cap->cap & IEEE80211_HT_CAP_LDPC_CODING)
2344 		arg->peer_flags |= ar->wmi.peer_flags->ldbc;
2345 
2346 	if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40) {
2347 		arg->peer_flags |= ar->wmi.peer_flags->bw40;
2348 		arg->peer_rate_caps |= WMI_RC_CW40_FLAG;
2349 	}
2350 
2351 	if (arvif->bitrate_mask.control[band].gi != NL80211_TXRATE_FORCE_LGI) {
2352 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
2353 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2354 
2355 		if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
2356 			arg->peer_rate_caps |= WMI_RC_SGI_FLAG;
2357 	}
2358 
2359 	if (ht_cap->cap & IEEE80211_HT_CAP_TX_STBC) {
2360 		arg->peer_rate_caps |= WMI_RC_TX_STBC_FLAG;
2361 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2362 	}
2363 
2364 	if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
2365 		stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
2366 		stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
2367 		stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
2368 		arg->peer_rate_caps |= stbc;
2369 		arg->peer_flags |= ar->wmi.peer_flags->stbc;
2370 	}
2371 
2372 	if (ht_cap->mcs.rx_mask[1] && ht_cap->mcs.rx_mask[2])
2373 		arg->peer_rate_caps |= WMI_RC_TS_FLAG;
2374 	else if (ht_cap->mcs.rx_mask[1])
2375 		arg->peer_rate_caps |= WMI_RC_DS_FLAG;
2376 
2377 	for (i = 0, n = 0, max_nss = 0; i < IEEE80211_HT_MCS_MASK_LEN * 8; i++)
2378 		if ((ht_cap->mcs.rx_mask[i / 8] & BIT(i % 8)) &&
2379 		    (ht_mcs_mask[i / 8] & BIT(i % 8))) {
2380 			max_nss = (i / 8) + 1;
2381 			arg->peer_ht_rates.rates[n++] = i;
2382 		}
2383 
2384 	/*
2385 	 * This is a workaround for HT-enabled STAs which break the spec
2386 	 * and have no HT capabilities RX mask (no HT RX MCS map).
2387 	 *
2388 	 * As per spec, in section 20.3.5 Modulation and coding scheme (MCS),
2389 	 * MCS 0 through 7 are mandatory in 20MHz with 800 ns GI at all STAs.
2390 	 *
2391 	 * Firmware asserts if such situation occurs.
2392 	 */
2393 	if (n == 0) {
2394 		arg->peer_ht_rates.num_rates = 8;
2395 		for (i = 0; i < arg->peer_ht_rates.num_rates; i++)
2396 			arg->peer_ht_rates.rates[i] = i;
2397 	} else {
2398 		arg->peer_ht_rates.num_rates = n;
2399 		arg->peer_num_spatial_streams = min(sta->deflink.rx_nss,
2400 						    max_nss);
2401 	}
2402 
2403 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
2404 		   arg->addr,
2405 		   arg->peer_ht_rates.num_rates,
2406 		   arg->peer_num_spatial_streams);
2407 }
2408 
2409 static int ath10k_peer_assoc_qos_ap(struct ath10k *ar,
2410 				    struct ath10k_vif *arvif,
2411 				    struct ieee80211_sta *sta)
2412 {
2413 	u32 uapsd = 0;
2414 	u32 max_sp = 0;
2415 	int ret = 0;
2416 
2417 	lockdep_assert_held(&ar->conf_mutex);
2418 
2419 	if (sta->wme && sta->uapsd_queues) {
2420 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
2421 			   sta->uapsd_queues, sta->max_sp);
2422 
2423 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
2424 			uapsd |= WMI_AP_PS_UAPSD_AC3_DELIVERY_EN |
2425 				 WMI_AP_PS_UAPSD_AC3_TRIGGER_EN;
2426 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
2427 			uapsd |= WMI_AP_PS_UAPSD_AC2_DELIVERY_EN |
2428 				 WMI_AP_PS_UAPSD_AC2_TRIGGER_EN;
2429 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
2430 			uapsd |= WMI_AP_PS_UAPSD_AC1_DELIVERY_EN |
2431 				 WMI_AP_PS_UAPSD_AC1_TRIGGER_EN;
2432 		if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
2433 			uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
2434 				 WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
2435 
2436 		if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
2437 			max_sp = sta->max_sp;
2438 
2439 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2440 						 sta->addr,
2441 						 WMI_AP_PS_PEER_PARAM_UAPSD,
2442 						 uapsd);
2443 		if (ret) {
2444 			ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
2445 				    arvif->vdev_id, ret);
2446 			return ret;
2447 		}
2448 
2449 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id,
2450 						 sta->addr,
2451 						 WMI_AP_PS_PEER_PARAM_MAX_SP,
2452 						 max_sp);
2453 		if (ret) {
2454 			ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
2455 				    arvif->vdev_id, ret);
2456 			return ret;
2457 		}
2458 
2459 		/* TODO setup this based on STA listen interval and
2460 		 * beacon interval. Currently we don't know
2461 		 * sta->listen_interval - mac80211 patch required.
2462 		 * Currently use 10 seconds
2463 		 */
2464 		ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
2465 						 WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
2466 						 10);
2467 		if (ret) {
2468 			ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
2469 				    arvif->vdev_id, ret);
2470 			return ret;
2471 		}
2472 	}
2473 
2474 	return 0;
2475 }
2476 
2477 static u16
2478 ath10k_peer_assoc_h_vht_limit(u16 tx_mcs_set,
2479 			      const u16 vht_mcs_limit[NL80211_VHT_NSS_MAX])
2480 {
2481 	int idx_limit;
2482 	int nss;
2483 	u16 mcs_map;
2484 	u16 mcs;
2485 
2486 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
2487 		mcs_map = ath10k_mac_get_max_vht_mcs_map(tx_mcs_set, nss) &
2488 			  vht_mcs_limit[nss];
2489 
2490 		if (mcs_map)
2491 			idx_limit = fls(mcs_map) - 1;
2492 		else
2493 			idx_limit = -1;
2494 
2495 		switch (idx_limit) {
2496 		case 0:
2497 		case 1:
2498 		case 2:
2499 		case 3:
2500 		case 4:
2501 		case 5:
2502 		case 6:
2503 		default:
2504 			/* see ath10k_mac_can_set_bitrate_mask() */
2505 			WARN_ON(1);
2506 			fallthrough;
2507 		case -1:
2508 			mcs = IEEE80211_VHT_MCS_NOT_SUPPORTED;
2509 			break;
2510 		case 7:
2511 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_7;
2512 			break;
2513 		case 8:
2514 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_8;
2515 			break;
2516 		case 9:
2517 			mcs = IEEE80211_VHT_MCS_SUPPORT_0_9;
2518 			break;
2519 		}
2520 
2521 		tx_mcs_set &= ~(0x3 << (nss * 2));
2522 		tx_mcs_set |= mcs << (nss * 2);
2523 	}
2524 
2525 	return tx_mcs_set;
2526 }
2527 
2528 static u32 get_160mhz_nss_from_maxrate(int rate)
2529 {
2530 	u32 nss;
2531 
2532 	switch (rate) {
2533 	case 780:
2534 		nss = 1;
2535 		break;
2536 	case 1560:
2537 		nss = 2;
2538 		break;
2539 	case 2106:
2540 		nss = 3; /* not support MCS9 from spec*/
2541 		break;
2542 	case 3120:
2543 		nss = 4;
2544 		break;
2545 	default:
2546 		 nss = 1;
2547 	}
2548 
2549 	return nss;
2550 }
2551 
2552 static void ath10k_peer_assoc_h_vht(struct ath10k *ar,
2553 				    struct ieee80211_vif *vif,
2554 				    struct ieee80211_sta *sta,
2555 				    struct wmi_peer_assoc_complete_arg *arg)
2556 {
2557 	const struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2558 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2559 	struct ath10k_hw_params *hw = &ar->hw_params;
2560 	struct cfg80211_chan_def def;
2561 	enum nl80211_band band;
2562 	const u16 *vht_mcs_mask;
2563 	u8 ampdu_factor;
2564 	u8 max_nss, vht_mcs;
2565 	int i;
2566 
2567 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2568 		return;
2569 
2570 	if (!vht_cap->vht_supported)
2571 		return;
2572 
2573 	band = def.chan->band;
2574 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2575 
2576 	if (ath10k_peer_assoc_h_vht_masked(vht_mcs_mask))
2577 		return;
2578 
2579 	arg->peer_flags |= ar->wmi.peer_flags->vht;
2580 
2581 	if (def.chan->band == NL80211_BAND_2GHZ)
2582 		arg->peer_flags |= ar->wmi.peer_flags->vht_2g;
2583 
2584 	arg->peer_vht_caps = vht_cap->cap;
2585 
2586 	ampdu_factor = (vht_cap->cap &
2587 			IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
2588 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
2589 
2590 	/* Workaround: Some Netgear/Linksys 11ac APs set Rx A-MPDU factor to
2591 	 * zero in VHT IE. Using it would result in degraded throughput.
2592 	 * arg->peer_max_mpdu at this point contains HT max_mpdu so keep
2593 	 * it if VHT max_mpdu is smaller.
2594 	 */
2595 	arg->peer_max_mpdu = max(arg->peer_max_mpdu,
2596 				 (1U << (IEEE80211_HT_MAX_AMPDU_FACTOR +
2597 					ampdu_factor)) - 1);
2598 
2599 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2600 		arg->peer_flags |= ar->wmi.peer_flags->bw80;
2601 
2602 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
2603 		arg->peer_flags |= ar->wmi.peer_flags->bw160;
2604 
2605 	/* Calculate peer NSS capability from VHT capabilities if STA
2606 	 * supports VHT.
2607 	 */
2608 	for (i = 0, max_nss = 0, vht_mcs = 0; i < NL80211_VHT_NSS_MAX; i++) {
2609 		vht_mcs = __le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map) >>
2610 			  (2 * i) & 3;
2611 
2612 		if ((vht_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED) &&
2613 		    vht_mcs_mask[i])
2614 			max_nss = i + 1;
2615 	}
2616 	arg->peer_num_spatial_streams = min(sta->deflink.rx_nss, max_nss);
2617 	arg->peer_vht_rates.rx_max_rate =
2618 		__le16_to_cpu(vht_cap->vht_mcs.rx_highest);
2619 	arg->peer_vht_rates.rx_mcs_set =
2620 		__le16_to_cpu(vht_cap->vht_mcs.rx_mcs_map);
2621 	arg->peer_vht_rates.tx_max_rate =
2622 		__le16_to_cpu(vht_cap->vht_mcs.tx_highest);
2623 	arg->peer_vht_rates.tx_mcs_set = ath10k_peer_assoc_h_vht_limit(
2624 		__le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map), vht_mcs_mask);
2625 
2626 	/* Configure bandwidth-NSS mapping to FW
2627 	 * for the chip's tx chains setting on 160Mhz bw
2628 	 */
2629 	if (arg->peer_phymode == MODE_11AC_VHT160 ||
2630 	    arg->peer_phymode == MODE_11AC_VHT80_80) {
2631 		u32 rx_nss;
2632 		u32 max_rate;
2633 
2634 		max_rate = arg->peer_vht_rates.rx_max_rate;
2635 		rx_nss = get_160mhz_nss_from_maxrate(max_rate);
2636 
2637 		if (rx_nss == 0)
2638 			rx_nss = arg->peer_num_spatial_streams;
2639 		else
2640 			rx_nss = min(arg->peer_num_spatial_streams, rx_nss);
2641 
2642 		max_rate = hw->vht160_mcs_tx_highest;
2643 		rx_nss = min(rx_nss, get_160mhz_nss_from_maxrate(max_rate));
2644 
2645 		arg->peer_bw_rxnss_override =
2646 			FIELD_PREP(WMI_PEER_NSS_MAP_ENABLE, 1) |
2647 			FIELD_PREP(WMI_PEER_NSS_160MHZ_MASK, (rx_nss - 1));
2648 
2649 		if (arg->peer_phymode == MODE_11AC_VHT80_80) {
2650 			arg->peer_bw_rxnss_override |=
2651 			FIELD_PREP(WMI_PEER_NSS_80_80MHZ_MASK, (rx_nss - 1));
2652 		}
2653 	}
2654 	ath10k_dbg(ar, ATH10K_DBG_MAC,
2655 		   "mac vht peer %pM max_mpdu %d flags 0x%x peer_rx_nss_override 0x%x\n",
2656 		   sta->addr, arg->peer_max_mpdu,
2657 		   arg->peer_flags, arg->peer_bw_rxnss_override);
2658 }
2659 
2660 static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
2661 				    struct ieee80211_vif *vif,
2662 				    struct ieee80211_sta *sta,
2663 				    struct wmi_peer_assoc_complete_arg *arg)
2664 {
2665 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2666 
2667 	switch (arvif->vdev_type) {
2668 	case WMI_VDEV_TYPE_AP:
2669 		if (sta->wme)
2670 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2671 
2672 		if (sta->wme && sta->uapsd_queues) {
2673 			arg->peer_flags |= arvif->ar->wmi.peer_flags->apsd;
2674 			arg->peer_rate_caps |= WMI_RC_UAPSD_FLAG;
2675 		}
2676 		break;
2677 	case WMI_VDEV_TYPE_STA:
2678 		if (sta->wme)
2679 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2680 		break;
2681 	case WMI_VDEV_TYPE_IBSS:
2682 		if (sta->wme)
2683 			arg->peer_flags |= arvif->ar->wmi.peer_flags->qos;
2684 		break;
2685 	default:
2686 		break;
2687 	}
2688 
2689 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
2690 		   sta->addr, !!(arg->peer_flags &
2691 		   arvif->ar->wmi.peer_flags->qos));
2692 }
2693 
2694 static bool ath10k_mac_sta_has_ofdm_only(struct ieee80211_sta *sta)
2695 {
2696 	return sta->deflink.supp_rates[NL80211_BAND_2GHZ] >>
2697 	       ATH10K_MAC_FIRST_OFDM_RATE_IDX;
2698 }
2699 
2700 static enum wmi_phy_mode ath10k_mac_get_phymode_vht(struct ath10k *ar,
2701 						    struct ieee80211_sta *sta)
2702 {
2703 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
2704 
2705 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160) {
2706 		switch (vht_cap->cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) {
2707 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ:
2708 			return MODE_11AC_VHT160;
2709 		case IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ:
2710 			return MODE_11AC_VHT80_80;
2711 		default:
2712 			/* not sure if this is a valid case? */
2713 			return MODE_11AC_VHT160;
2714 		}
2715 	}
2716 
2717 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_80)
2718 		return MODE_11AC_VHT80;
2719 
2720 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2721 		return MODE_11AC_VHT40;
2722 
2723 	if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
2724 		return MODE_11AC_VHT20;
2725 
2726 	return MODE_UNKNOWN;
2727 }
2728 
2729 static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
2730 					struct ieee80211_vif *vif,
2731 					struct ieee80211_sta *sta,
2732 					struct wmi_peer_assoc_complete_arg *arg)
2733 {
2734 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2735 	struct cfg80211_chan_def def;
2736 	enum nl80211_band band;
2737 	const u8 *ht_mcs_mask;
2738 	const u16 *vht_mcs_mask;
2739 	enum wmi_phy_mode phymode = MODE_UNKNOWN;
2740 
2741 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
2742 		return;
2743 
2744 	band = def.chan->band;
2745 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
2746 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
2747 
2748 	switch (band) {
2749 	case NL80211_BAND_2GHZ:
2750 		if (sta->deflink.vht_cap.vht_supported &&
2751 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2752 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2753 				phymode = MODE_11AC_VHT40;
2754 			else
2755 				phymode = MODE_11AC_VHT20;
2756 		} else if (sta->deflink.ht_cap.ht_supported &&
2757 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2758 			if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_40)
2759 				phymode = MODE_11NG_HT40;
2760 			else
2761 				phymode = MODE_11NG_HT20;
2762 		} else if (ath10k_mac_sta_has_ofdm_only(sta)) {
2763 			phymode = MODE_11G;
2764 		} else {
2765 			phymode = MODE_11B;
2766 		}
2767 
2768 		break;
2769 	case NL80211_BAND_5GHZ:
2770 		/*
2771 		 * Check VHT first.
2772 		 */
2773 		if (sta->deflink.vht_cap.vht_supported &&
2774 		    !ath10k_peer_assoc_h_vht_masked(vht_mcs_mask)) {
2775 			phymode = ath10k_mac_get_phymode_vht(ar, sta);
2776 		} else if (sta->deflink.ht_cap.ht_supported &&
2777 			   !ath10k_peer_assoc_h_ht_masked(ht_mcs_mask)) {
2778 			if (sta->deflink.bandwidth >= IEEE80211_STA_RX_BW_40)
2779 				phymode = MODE_11NA_HT40;
2780 			else
2781 				phymode = MODE_11NA_HT20;
2782 		} else {
2783 			phymode = MODE_11A;
2784 		}
2785 
2786 		break;
2787 	default:
2788 		break;
2789 	}
2790 
2791 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
2792 		   sta->addr, ath10k_wmi_phymode_str(phymode));
2793 
2794 	arg->peer_phymode = phymode;
2795 	WARN_ON(phymode == MODE_UNKNOWN);
2796 }
2797 
2798 static int ath10k_peer_assoc_prepare(struct ath10k *ar,
2799 				     struct ieee80211_vif *vif,
2800 				     struct ieee80211_sta *sta,
2801 				     struct wmi_peer_assoc_complete_arg *arg)
2802 {
2803 	lockdep_assert_held(&ar->conf_mutex);
2804 
2805 	memset(arg, 0, sizeof(*arg));
2806 
2807 	ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
2808 	ath10k_peer_assoc_h_crypto(ar, vif, sta, arg);
2809 	ath10k_peer_assoc_h_rates(ar, vif, sta, arg);
2810 	ath10k_peer_assoc_h_ht(ar, vif, sta, arg);
2811 	ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
2812 	ath10k_peer_assoc_h_vht(ar, vif, sta, arg);
2813 	ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
2814 
2815 	return 0;
2816 }
2817 
2818 static const u32 ath10k_smps_map[] = {
2819 	[WLAN_HT_CAP_SM_PS_STATIC] = WMI_PEER_SMPS_STATIC,
2820 	[WLAN_HT_CAP_SM_PS_DYNAMIC] = WMI_PEER_SMPS_DYNAMIC,
2821 	[WLAN_HT_CAP_SM_PS_INVALID] = WMI_PEER_SMPS_PS_NONE,
2822 	[WLAN_HT_CAP_SM_PS_DISABLED] = WMI_PEER_SMPS_PS_NONE,
2823 };
2824 
2825 static int ath10k_setup_peer_smps(struct ath10k *ar, struct ath10k_vif *arvif,
2826 				  const u8 *addr,
2827 				  const struct ieee80211_sta_ht_cap *ht_cap)
2828 {
2829 	int smps;
2830 
2831 	if (!ht_cap->ht_supported)
2832 		return 0;
2833 
2834 	smps = ht_cap->cap & IEEE80211_HT_CAP_SM_PS;
2835 	smps >>= IEEE80211_HT_CAP_SM_PS_SHIFT;
2836 
2837 	if (smps >= ARRAY_SIZE(ath10k_smps_map))
2838 		return -EINVAL;
2839 
2840 	return ath10k_wmi_peer_set_param(ar, arvif->vdev_id, addr,
2841 					 ar->wmi.peer_param->smps_state,
2842 					 ath10k_smps_map[smps]);
2843 }
2844 
2845 static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
2846 				      struct ieee80211_vif *vif,
2847 				      struct ieee80211_sta_vht_cap vht_cap)
2848 {
2849 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
2850 	int ret;
2851 	u32 param;
2852 	u32 value;
2853 
2854 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_AFTER_ASSOC)
2855 		return 0;
2856 
2857 	if (!(ar->vht_cap_info &
2858 	      (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2859 	       IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
2860 	       IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2861 	       IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
2862 		return 0;
2863 
2864 	param = ar->wmi.vdev_param->txbf;
2865 	value = 0;
2866 
2867 	if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
2868 		return 0;
2869 
2870 	/* The following logic is correct. If a remote STA advertises support
2871 	 * for being a beamformer then we should enable us being a beamformee.
2872 	 */
2873 
2874 	if (ar->vht_cap_info &
2875 	    (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
2876 	     IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
2877 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
2878 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2879 
2880 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
2881 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
2882 	}
2883 
2884 	if (ar->vht_cap_info &
2885 	    (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
2886 	     IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
2887 		if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
2888 			value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2889 
2890 		if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
2891 			value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
2892 	}
2893 
2894 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
2895 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
2896 
2897 	if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
2898 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
2899 
2900 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
2901 	if (ret) {
2902 		ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
2903 			    value, ret);
2904 		return ret;
2905 	}
2906 
2907 	return 0;
2908 }
2909 
2910 static bool ath10k_mac_is_connected(struct ath10k *ar)
2911 {
2912 	struct ath10k_vif *arvif;
2913 
2914 	list_for_each_entry(arvif, &ar->arvifs, list) {
2915 		if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
2916 			return true;
2917 	}
2918 
2919 	return false;
2920 }
2921 
2922 static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
2923 {
2924 	int ret;
2925 	u32 param;
2926 	int tx_power_2g, tx_power_5g;
2927 	bool connected;
2928 
2929 	lockdep_assert_held(&ar->conf_mutex);
2930 
2931 	/* ath10k internally uses unit of 0.5 dBm so multiply by 2 */
2932 	tx_power_2g = txpower * 2;
2933 	tx_power_5g = txpower * 2;
2934 
2935 	connected = ath10k_mac_is_connected(ar);
2936 
2937 	if (connected && ar->tx_power_2g_limit)
2938 		if (tx_power_2g > ar->tx_power_2g_limit)
2939 			tx_power_2g = ar->tx_power_2g_limit;
2940 
2941 	if (connected && ar->tx_power_5g_limit)
2942 		if (tx_power_5g > ar->tx_power_5g_limit)
2943 			tx_power_5g = ar->tx_power_5g_limit;
2944 
2945 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower 2g: %d, 5g: %d\n",
2946 		   tx_power_2g, tx_power_5g);
2947 
2948 	param = ar->wmi.pdev_param->txpower_limit2g;
2949 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_2g);
2950 	if (ret) {
2951 		ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
2952 			    tx_power_2g, ret);
2953 		return ret;
2954 	}
2955 
2956 	param = ar->wmi.pdev_param->txpower_limit5g;
2957 	ret = ath10k_wmi_pdev_set_param(ar, param, tx_power_5g);
2958 	if (ret) {
2959 		ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
2960 			    tx_power_5g, ret);
2961 		return ret;
2962 	}
2963 
2964 	return 0;
2965 }
2966 
2967 static int ath10k_mac_txpower_recalc(struct ath10k *ar)
2968 {
2969 	struct ath10k_vif *arvif;
2970 	int ret, txpower = -1;
2971 
2972 	lockdep_assert_held(&ar->conf_mutex);
2973 
2974 	list_for_each_entry(arvif, &ar->arvifs, list) {
2975 		/* txpower not initialized yet? */
2976 		if (arvif->txpower == INT_MIN)
2977 			continue;
2978 
2979 		if (txpower == -1)
2980 			txpower = arvif->txpower;
2981 		else
2982 			txpower = min(txpower, arvif->txpower);
2983 	}
2984 
2985 	if (txpower == -1)
2986 		return 0;
2987 
2988 	ret = ath10k_mac_txpower_setup(ar, txpower);
2989 	if (ret) {
2990 		ath10k_warn(ar, "failed to setup tx power %d: %d\n",
2991 			    txpower, ret);
2992 		return ret;
2993 	}
2994 
2995 	return 0;
2996 }
2997 
2998 static int ath10k_mac_set_sar_power(struct ath10k *ar)
2999 {
3000 	if (!ar->hw_params.dynamic_sar_support)
3001 		return -EOPNOTSUPP;
3002 
3003 	if (!ath10k_mac_is_connected(ar))
3004 		return 0;
3005 
3006 	/* if connected, then arvif->txpower must be valid */
3007 	return ath10k_mac_txpower_recalc(ar);
3008 }
3009 
3010 static int ath10k_mac_set_sar_specs(struct ieee80211_hw *hw,
3011 				    const struct cfg80211_sar_specs *sar)
3012 {
3013 	const struct cfg80211_sar_sub_specs *sub_specs;
3014 	struct ath10k *ar = hw->priv;
3015 	u32 i;
3016 	int ret;
3017 
3018 	mutex_lock(&ar->conf_mutex);
3019 
3020 	if (!ar->hw_params.dynamic_sar_support) {
3021 		ret = -EOPNOTSUPP;
3022 		goto err;
3023 	}
3024 
3025 	if (!sar || sar->type != NL80211_SAR_TYPE_POWER ||
3026 	    sar->num_sub_specs == 0) {
3027 		ret = -EINVAL;
3028 		goto err;
3029 	}
3030 
3031 	sub_specs = sar->sub_specs;
3032 
3033 	/* 0dbm is not a practical value for ath10k, so use 0
3034 	 * as no SAR limitation on it.
3035 	 */
3036 	ar->tx_power_2g_limit = 0;
3037 	ar->tx_power_5g_limit = 0;
3038 
3039 	/* note the power is in 0.25dbm unit, while ath10k uses
3040 	 * 0.5dbm unit.
3041 	 */
3042 	for (i = 0; i < sar->num_sub_specs; i++) {
3043 		if (sub_specs->freq_range_index == 0)
3044 			ar->tx_power_2g_limit = sub_specs->power / 2;
3045 		else if (sub_specs->freq_range_index == 1)
3046 			ar->tx_power_5g_limit = sub_specs->power / 2;
3047 
3048 		sub_specs++;
3049 	}
3050 
3051 	ret = ath10k_mac_set_sar_power(ar);
3052 	if (ret) {
3053 		ath10k_warn(ar, "failed to set sar power: %d", ret);
3054 		goto err;
3055 	}
3056 
3057 err:
3058 	mutex_unlock(&ar->conf_mutex);
3059 	return ret;
3060 }
3061 
3062 /* can be called only in mac80211 callbacks due to `key_count` usage */
3063 static void ath10k_bss_assoc(struct ieee80211_hw *hw,
3064 			     struct ieee80211_vif *vif,
3065 			     struct ieee80211_bss_conf *bss_conf)
3066 {
3067 	struct ath10k *ar = hw->priv;
3068 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3069 	struct ieee80211_sta_ht_cap ht_cap;
3070 	struct ieee80211_sta_vht_cap vht_cap;
3071 	struct wmi_peer_assoc_complete_arg peer_arg;
3072 	struct ieee80211_sta *ap_sta;
3073 	int ret;
3074 
3075 	lockdep_assert_held(&ar->conf_mutex);
3076 
3077 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
3078 		   arvif->vdev_id, arvif->bssid, arvif->aid);
3079 
3080 	rcu_read_lock();
3081 
3082 	ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
3083 	if (!ap_sta) {
3084 		ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
3085 			    bss_conf->bssid, arvif->vdev_id);
3086 		rcu_read_unlock();
3087 		return;
3088 	}
3089 
3090 	/* ap_sta must be accessed only within rcu section which must be left
3091 	 * before calling ath10k_setup_peer_smps() which might sleep.
3092 	 */
3093 	ht_cap = ap_sta->deflink.ht_cap;
3094 	vht_cap = ap_sta->deflink.vht_cap;
3095 
3096 	ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
3097 	if (ret) {
3098 		ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
3099 			    bss_conf->bssid, arvif->vdev_id, ret);
3100 		rcu_read_unlock();
3101 		return;
3102 	}
3103 
3104 	rcu_read_unlock();
3105 
3106 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3107 	if (ret) {
3108 		ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
3109 			    bss_conf->bssid, arvif->vdev_id, ret);
3110 		return;
3111 	}
3112 
3113 	ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
3114 	if (ret) {
3115 		ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
3116 			    arvif->vdev_id, ret);
3117 		return;
3118 	}
3119 
3120 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3121 	if (ret) {
3122 		ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
3123 			    arvif->vdev_id, bss_conf->bssid, ret);
3124 		return;
3125 	}
3126 
3127 	ath10k_dbg(ar, ATH10K_DBG_MAC,
3128 		   "mac vdev %d up (associated) bssid %pM aid %d\n",
3129 		   arvif->vdev_id, bss_conf->bssid, vif->cfg.aid);
3130 
3131 	WARN_ON(arvif->is_up);
3132 
3133 	arvif->aid = vif->cfg.aid;
3134 	ether_addr_copy(arvif->bssid, bss_conf->bssid);
3135 
3136 	ret = ath10k_wmi_pdev_set_param(ar,
3137 					ar->wmi.pdev_param->peer_stats_info_enable, 1);
3138 	if (ret)
3139 		ath10k_warn(ar, "failed to enable peer stats info: %d\n", ret);
3140 
3141 	ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
3142 	if (ret) {
3143 		ath10k_warn(ar, "failed to set vdev %d up: %d\n",
3144 			    arvif->vdev_id, ret);
3145 		return;
3146 	}
3147 
3148 	arvif->is_up = true;
3149 
3150 	ath10k_mac_set_sar_power(ar);
3151 
3152 	/* Workaround: Some firmware revisions (tested with qca6174
3153 	 * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
3154 	 * poked with peer param command.
3155 	 */
3156 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
3157 					ar->wmi.peer_param->dummy_var, 1);
3158 	if (ret) {
3159 		ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
3160 			    arvif->bssid, arvif->vdev_id, ret);
3161 		return;
3162 	}
3163 }
3164 
3165 static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
3166 				struct ieee80211_vif *vif)
3167 {
3168 	struct ath10k *ar = hw->priv;
3169 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3170 	struct ieee80211_sta_vht_cap vht_cap = {};
3171 	int ret;
3172 
3173 	lockdep_assert_held(&ar->conf_mutex);
3174 
3175 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
3176 		   arvif->vdev_id, arvif->bssid);
3177 
3178 	ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
3179 	if (ret)
3180 		ath10k_warn(ar, "failed to down vdev %i: %d\n",
3181 			    arvif->vdev_id, ret);
3182 
3183 	arvif->def_wep_key_idx = -1;
3184 
3185 	ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
3186 	if (ret) {
3187 		ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
3188 			    arvif->vdev_id, ret);
3189 		return;
3190 	}
3191 
3192 	arvif->is_up = false;
3193 
3194 	ath10k_mac_txpower_recalc(ar);
3195 
3196 	cancel_delayed_work_sync(&arvif->connection_loss_work);
3197 }
3198 
3199 static int ath10k_new_peer_tid_config(struct ath10k *ar,
3200 				      struct ieee80211_sta *sta,
3201 				      struct ath10k_vif *arvif)
3202 {
3203 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
3204 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
3205 	bool config_apply;
3206 	int ret, i;
3207 
3208 	for (i = 0; i < ATH10K_TID_MAX; i++) {
3209 		config_apply = false;
3210 		if (arvif->retry_long[i] || arvif->ampdu[i] ||
3211 		    arvif->rate_ctrl[i] || arvif->rtscts[i]) {
3212 			config_apply = true;
3213 			arg.tid = i;
3214 			arg.vdev_id = arvif->vdev_id;
3215 			arg.retry_count = arvif->retry_long[i];
3216 			arg.aggr_control = arvif->ampdu[i];
3217 			arg.rate_ctrl = arvif->rate_ctrl[i];
3218 			arg.rcode_flags = arvif->rate_code[i];
3219 
3220 			if (arvif->rtscts[i])
3221 				arg.ext_tid_cfg_bitmap =
3222 					WMI_EXT_TID_RTS_CTS_CONFIG;
3223 			else
3224 				arg.ext_tid_cfg_bitmap = 0;
3225 
3226 			arg.rtscts_ctrl = arvif->rtscts[i];
3227 		}
3228 
3229 		if (arvif->noack[i]) {
3230 			arg.ack_policy = arvif->noack[i];
3231 			arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
3232 			arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
3233 			config_apply = true;
3234 		}
3235 
3236 		/* Assign default value(-1) to newly connected station.
3237 		 * This is to identify station specific tid configuration not
3238 		 * configured for the station.
3239 		 */
3240 		arsta->retry_long[i] = -1;
3241 		arsta->noack[i] = -1;
3242 		arsta->ampdu[i] = -1;
3243 
3244 		if (!config_apply)
3245 			continue;
3246 
3247 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
3248 
3249 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
3250 		if (ret) {
3251 			ath10k_warn(ar, "failed to set per tid retry/aggr config for sta %pM: %d\n",
3252 				    sta->addr, ret);
3253 			return ret;
3254 		}
3255 
3256 		memset(&arg, 0, sizeof(arg));
3257 	}
3258 
3259 	return 0;
3260 }
3261 
3262 static int ath10k_station_assoc(struct ath10k *ar,
3263 				struct ieee80211_vif *vif,
3264 				struct ieee80211_sta *sta,
3265 				bool reassoc)
3266 {
3267 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3268 	struct wmi_peer_assoc_complete_arg peer_arg;
3269 	int ret = 0;
3270 
3271 	lockdep_assert_held(&ar->conf_mutex);
3272 
3273 	ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
3274 	if (ret) {
3275 		ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
3276 			    sta->addr, arvif->vdev_id, ret);
3277 		return ret;
3278 	}
3279 
3280 	ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
3281 	if (ret) {
3282 		ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
3283 			    sta->addr, arvif->vdev_id, ret);
3284 		return ret;
3285 	}
3286 
3287 	/* Re-assoc is run only to update supported rates for given station. It
3288 	 * doesn't make much sense to reconfigure the peer completely.
3289 	 */
3290 	if (!reassoc) {
3291 		ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
3292 					     &sta->deflink.ht_cap);
3293 		if (ret) {
3294 			ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
3295 				    arvif->vdev_id, ret);
3296 			return ret;
3297 		}
3298 
3299 		ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
3300 		if (ret) {
3301 			ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
3302 				    sta->addr, arvif->vdev_id, ret);
3303 			return ret;
3304 		}
3305 
3306 		if (!sta->wme) {
3307 			arvif->num_legacy_stations++;
3308 			ret  = ath10k_recalc_rtscts_prot(arvif);
3309 			if (ret) {
3310 				ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3311 					    arvif->vdev_id, ret);
3312 				return ret;
3313 			}
3314 		}
3315 
3316 		/* Plumb cached keys only for static WEP */
3317 		if ((arvif->def_wep_key_idx != -1) && (!sta->tdls)) {
3318 			ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
3319 			if (ret) {
3320 				ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
3321 					    arvif->vdev_id, ret);
3322 				return ret;
3323 			}
3324 		}
3325 	}
3326 
3327 	if (!test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map))
3328 		return ret;
3329 
3330 	return ath10k_new_peer_tid_config(ar, sta, arvif);
3331 }
3332 
3333 static int ath10k_station_disassoc(struct ath10k *ar,
3334 				   struct ieee80211_vif *vif,
3335 				   struct ieee80211_sta *sta)
3336 {
3337 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3338 	int ret = 0;
3339 
3340 	lockdep_assert_held(&ar->conf_mutex);
3341 
3342 	if (!sta->wme) {
3343 		arvif->num_legacy_stations--;
3344 		ret = ath10k_recalc_rtscts_prot(arvif);
3345 		if (ret) {
3346 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
3347 				    arvif->vdev_id, ret);
3348 			return ret;
3349 		}
3350 	}
3351 
3352 	ret = ath10k_clear_peer_keys(arvif, sta->addr);
3353 	if (ret) {
3354 		ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
3355 			    arvif->vdev_id, ret);
3356 		return ret;
3357 	}
3358 
3359 	return ret;
3360 }
3361 
3362 /**************/
3363 /* Regulatory */
3364 /**************/
3365 
3366 static int ath10k_update_channel_list(struct ath10k *ar)
3367 {
3368 	struct ieee80211_hw *hw = ar->hw;
3369 	struct ieee80211_supported_band **bands;
3370 	enum nl80211_band band;
3371 	struct ieee80211_channel *channel;
3372 	struct wmi_scan_chan_list_arg arg = {0};
3373 	struct wmi_channel_arg *ch;
3374 	bool passive;
3375 	int len;
3376 	int ret;
3377 	int i;
3378 
3379 	lockdep_assert_held(&ar->conf_mutex);
3380 
3381 	bands = hw->wiphy->bands;
3382 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3383 		if (!bands[band])
3384 			continue;
3385 
3386 		for (i = 0; i < bands[band]->n_channels; i++) {
3387 			if (bands[band]->channels[i].flags &
3388 			    IEEE80211_CHAN_DISABLED)
3389 				continue;
3390 
3391 			arg.n_channels++;
3392 		}
3393 	}
3394 
3395 	len = sizeof(struct wmi_channel_arg) * arg.n_channels;
3396 	arg.channels = kzalloc(len, GFP_KERNEL);
3397 	if (!arg.channels)
3398 		return -ENOMEM;
3399 
3400 	ch = arg.channels;
3401 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
3402 		if (!bands[band])
3403 			continue;
3404 
3405 		for (i = 0; i < bands[band]->n_channels; i++) {
3406 			channel = &bands[band]->channels[i];
3407 
3408 			if (channel->flags & IEEE80211_CHAN_DISABLED)
3409 				continue;
3410 
3411 			ch->allow_ht = true;
3412 
3413 			/* FIXME: when should we really allow VHT? */
3414 			ch->allow_vht = true;
3415 
3416 			ch->allow_ibss =
3417 				!(channel->flags & IEEE80211_CHAN_NO_IR);
3418 
3419 			ch->ht40plus =
3420 				!(channel->flags & IEEE80211_CHAN_NO_HT40PLUS);
3421 
3422 			ch->chan_radar =
3423 				!!(channel->flags & IEEE80211_CHAN_RADAR);
3424 
3425 			passive = channel->flags & IEEE80211_CHAN_NO_IR;
3426 			ch->passive = passive;
3427 
3428 			/* the firmware is ignoring the "radar" flag of the
3429 			 * channel and is scanning actively using Probe Requests
3430 			 * on "Radar detection"/DFS channels which are not
3431 			 * marked as "available"
3432 			 */
3433 			ch->passive |= ch->chan_radar;
3434 
3435 			ch->freq = channel->center_freq;
3436 			ch->band_center_freq1 = channel->center_freq;
3437 			ch->min_power = 0;
3438 			ch->max_power = channel->max_power * 2;
3439 			ch->max_reg_power = channel->max_reg_power * 2;
3440 			ch->max_antenna_gain = channel->max_antenna_gain;
3441 			ch->reg_class_id = 0; /* FIXME */
3442 
3443 			/* FIXME: why use only legacy modes, why not any
3444 			 * HT/VHT modes? Would that even make any
3445 			 * difference?
3446 			 */
3447 			if (channel->band == NL80211_BAND_2GHZ)
3448 				ch->mode = MODE_11G;
3449 			else
3450 				ch->mode = MODE_11A;
3451 
3452 			if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
3453 				continue;
3454 
3455 			ath10k_dbg(ar, ATH10K_DBG_WMI,
3456 				   "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
3457 				    ch - arg.channels, arg.n_channels,
3458 				   ch->freq, ch->max_power, ch->max_reg_power,
3459 				   ch->max_antenna_gain, ch->mode);
3460 
3461 			ch++;
3462 		}
3463 	}
3464 
3465 	ret = ath10k_wmi_scan_chan_list(ar, &arg);
3466 	kfree(arg.channels);
3467 
3468 	return ret;
3469 }
3470 
3471 static enum wmi_dfs_region
3472 ath10k_mac_get_dfs_region(enum nl80211_dfs_regions dfs_region)
3473 {
3474 	switch (dfs_region) {
3475 	case NL80211_DFS_UNSET:
3476 		return WMI_UNINIT_DFS_DOMAIN;
3477 	case NL80211_DFS_FCC:
3478 		return WMI_FCC_DFS_DOMAIN;
3479 	case NL80211_DFS_ETSI:
3480 		return WMI_ETSI_DFS_DOMAIN;
3481 	case NL80211_DFS_JP:
3482 		return WMI_MKK4_DFS_DOMAIN;
3483 	}
3484 	return WMI_UNINIT_DFS_DOMAIN;
3485 }
3486 
3487 static void ath10k_regd_update(struct ath10k *ar)
3488 {
3489 	struct reg_dmn_pair_mapping *regpair;
3490 	int ret;
3491 	enum wmi_dfs_region wmi_dfs_reg;
3492 	enum nl80211_dfs_regions nl_dfs_reg;
3493 
3494 	lockdep_assert_held(&ar->conf_mutex);
3495 
3496 	ret = ath10k_update_channel_list(ar);
3497 	if (ret)
3498 		ath10k_warn(ar, "failed to update channel list: %d\n", ret);
3499 
3500 	regpair = ar->ath_common.regulatory.regpair;
3501 
3502 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3503 		nl_dfs_reg = ar->dfs_detector->region;
3504 		wmi_dfs_reg = ath10k_mac_get_dfs_region(nl_dfs_reg);
3505 	} else {
3506 		wmi_dfs_reg = WMI_UNINIT_DFS_DOMAIN;
3507 	}
3508 
3509 	/* Target allows setting up per-band regdomain but ath_common provides
3510 	 * a combined one only
3511 	 */
3512 	ret = ath10k_wmi_pdev_set_regdomain(ar,
3513 					    regpair->reg_domain,
3514 					    regpair->reg_domain, /* 2ghz */
3515 					    regpair->reg_domain, /* 5ghz */
3516 					    regpair->reg_2ghz_ctl,
3517 					    regpair->reg_5ghz_ctl,
3518 					    wmi_dfs_reg);
3519 	if (ret)
3520 		ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
3521 }
3522 
3523 static void ath10k_mac_update_channel_list(struct ath10k *ar,
3524 					   struct ieee80211_supported_band *band)
3525 {
3526 	int i;
3527 
3528 	if (ar->low_5ghz_chan && ar->high_5ghz_chan) {
3529 		for (i = 0; i < band->n_channels; i++) {
3530 			if (band->channels[i].center_freq < ar->low_5ghz_chan ||
3531 			    band->channels[i].center_freq > ar->high_5ghz_chan)
3532 				band->channels[i].flags |=
3533 					IEEE80211_CHAN_DISABLED;
3534 		}
3535 	}
3536 }
3537 
3538 static void ath10k_reg_notifier(struct wiphy *wiphy,
3539 				struct regulatory_request *request)
3540 {
3541 	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
3542 	struct ath10k *ar = hw->priv;
3543 	bool result;
3544 
3545 	ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
3546 
3547 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
3548 		ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
3549 			   request->dfs_region);
3550 		result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
3551 							  request->dfs_region);
3552 		if (!result)
3553 			ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
3554 				    request->dfs_region);
3555 	}
3556 
3557 	mutex_lock(&ar->conf_mutex);
3558 	if (ar->state == ATH10K_STATE_ON)
3559 		ath10k_regd_update(ar);
3560 	mutex_unlock(&ar->conf_mutex);
3561 
3562 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
3563 		ath10k_mac_update_channel_list(ar,
3564 					       ar->hw->wiphy->bands[NL80211_BAND_5GHZ]);
3565 }
3566 
3567 static void ath10k_stop_radar_confirmation(struct ath10k *ar)
3568 {
3569 	spin_lock_bh(&ar->data_lock);
3570 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_STOPPED;
3571 	spin_unlock_bh(&ar->data_lock);
3572 
3573 	cancel_work_sync(&ar->radar_confirmation_work);
3574 }
3575 
3576 /***************/
3577 /* TX handlers */
3578 /***************/
3579 
3580 enum ath10k_mac_tx_path {
3581 	ATH10K_MAC_TX_HTT,
3582 	ATH10K_MAC_TX_HTT_MGMT,
3583 	ATH10K_MAC_TX_WMI_MGMT,
3584 	ATH10K_MAC_TX_UNKNOWN,
3585 };
3586 
3587 void ath10k_mac_tx_lock(struct ath10k *ar, int reason)
3588 {
3589 	lockdep_assert_held(&ar->htt.tx_lock);
3590 
3591 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3592 	ar->tx_paused |= BIT(reason);
3593 	ieee80211_stop_queues(ar->hw);
3594 }
3595 
3596 static void ath10k_mac_tx_unlock_iter(void *data, u8 *mac,
3597 				      struct ieee80211_vif *vif)
3598 {
3599 	struct ath10k *ar = data;
3600 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3601 
3602 	if (arvif->tx_paused)
3603 		return;
3604 
3605 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3606 }
3607 
3608 void ath10k_mac_tx_unlock(struct ath10k *ar, int reason)
3609 {
3610 	lockdep_assert_held(&ar->htt.tx_lock);
3611 
3612 	WARN_ON(reason >= ATH10K_TX_PAUSE_MAX);
3613 	ar->tx_paused &= ~BIT(reason);
3614 
3615 	if (ar->tx_paused)
3616 		return;
3617 
3618 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3619 						   ATH10K_ITER_RESUME_FLAGS,
3620 						   ath10k_mac_tx_unlock_iter,
3621 						   ar);
3622 
3623 	ieee80211_wake_queue(ar->hw, ar->hw->offchannel_tx_hw_queue);
3624 }
3625 
3626 void ath10k_mac_vif_tx_lock(struct ath10k_vif *arvif, int reason)
3627 {
3628 	struct ath10k *ar = arvif->ar;
3629 
3630 	lockdep_assert_held(&ar->htt.tx_lock);
3631 
3632 	WARN_ON(reason >= BITS_PER_LONG);
3633 	arvif->tx_paused |= BIT(reason);
3634 	ieee80211_stop_queue(ar->hw, arvif->vdev_id);
3635 }
3636 
3637 void ath10k_mac_vif_tx_unlock(struct ath10k_vif *arvif, int reason)
3638 {
3639 	struct ath10k *ar = arvif->ar;
3640 
3641 	lockdep_assert_held(&ar->htt.tx_lock);
3642 
3643 	WARN_ON(reason >= BITS_PER_LONG);
3644 	arvif->tx_paused &= ~BIT(reason);
3645 
3646 	if (ar->tx_paused)
3647 		return;
3648 
3649 	if (arvif->tx_paused)
3650 		return;
3651 
3652 	ieee80211_wake_queue(ar->hw, arvif->vdev_id);
3653 }
3654 
3655 static void ath10k_mac_vif_handle_tx_pause(struct ath10k_vif *arvif,
3656 					   enum wmi_tlv_tx_pause_id pause_id,
3657 					   enum wmi_tlv_tx_pause_action action)
3658 {
3659 	struct ath10k *ar = arvif->ar;
3660 
3661 	lockdep_assert_held(&ar->htt.tx_lock);
3662 
3663 	switch (action) {
3664 	case WMI_TLV_TX_PAUSE_ACTION_STOP:
3665 		ath10k_mac_vif_tx_lock(arvif, pause_id);
3666 		break;
3667 	case WMI_TLV_TX_PAUSE_ACTION_WAKE:
3668 		ath10k_mac_vif_tx_unlock(arvif, pause_id);
3669 		break;
3670 	default:
3671 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
3672 			   "received unknown tx pause action %d on vdev %i, ignoring\n",
3673 			    action, arvif->vdev_id);
3674 		break;
3675 	}
3676 }
3677 
3678 struct ath10k_mac_tx_pause {
3679 	u32 vdev_id;
3680 	enum wmi_tlv_tx_pause_id pause_id;
3681 	enum wmi_tlv_tx_pause_action action;
3682 };
3683 
3684 static void ath10k_mac_handle_tx_pause_iter(void *data, u8 *mac,
3685 					    struct ieee80211_vif *vif)
3686 {
3687 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3688 	struct ath10k_mac_tx_pause *arg = data;
3689 
3690 	if (arvif->vdev_id != arg->vdev_id)
3691 		return;
3692 
3693 	ath10k_mac_vif_handle_tx_pause(arvif, arg->pause_id, arg->action);
3694 }
3695 
3696 void ath10k_mac_handle_tx_pause_vdev(struct ath10k *ar, u32 vdev_id,
3697 				     enum wmi_tlv_tx_pause_id pause_id,
3698 				     enum wmi_tlv_tx_pause_action action)
3699 {
3700 	struct ath10k_mac_tx_pause arg = {
3701 		.vdev_id = vdev_id,
3702 		.pause_id = pause_id,
3703 		.action = action,
3704 	};
3705 
3706 	spin_lock_bh(&ar->htt.tx_lock);
3707 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
3708 						   ATH10K_ITER_RESUME_FLAGS,
3709 						   ath10k_mac_handle_tx_pause_iter,
3710 						   &arg);
3711 	spin_unlock_bh(&ar->htt.tx_lock);
3712 }
3713 
3714 static enum ath10k_hw_txrx_mode
3715 ath10k_mac_tx_h_get_txmode(struct ath10k *ar,
3716 			   struct ieee80211_vif *vif,
3717 			   struct ieee80211_sta *sta,
3718 			   struct sk_buff *skb)
3719 {
3720 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3721 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
3722 	__le16 fc = hdr->frame_control;
3723 
3724 	if (IEEE80211_SKB_CB(skb)->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)
3725 		return ATH10K_HW_TXRX_ETHERNET;
3726 
3727 	if (!vif || vif->type == NL80211_IFTYPE_MONITOR)
3728 		return ATH10K_HW_TXRX_RAW;
3729 
3730 	if (ieee80211_is_mgmt(fc))
3731 		return ATH10K_HW_TXRX_MGMT;
3732 
3733 	/* Workaround:
3734 	 *
3735 	 * NullFunc frames are mostly used to ping if a client or AP are still
3736 	 * reachable and responsive. This implies tx status reports must be
3737 	 * accurate - otherwise either mac80211 or userspace (e.g. hostapd) can
3738 	 * come to a conclusion that the other end disappeared and tear down
3739 	 * BSS connection or it can never disconnect from BSS/client (which is
3740 	 * the case).
3741 	 *
3742 	 * Firmware with HTT older than 3.0 delivers incorrect tx status for
3743 	 * NullFunc frames to driver. However there's a HTT Mgmt Tx command
3744 	 * which seems to deliver correct tx reports for NullFunc frames. The
3745 	 * downside of using it is it ignores client powersave state so it can
3746 	 * end up disconnecting sleeping clients in AP mode. It should fix STA
3747 	 * mode though because AP don't sleep.
3748 	 */
3749 	if (ar->htt.target_version_major < 3 &&
3750 	    (ieee80211_is_nullfunc(fc) || ieee80211_is_qos_nullfunc(fc)) &&
3751 	    !test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3752 		      ar->running_fw->fw_file.fw_features))
3753 		return ATH10K_HW_TXRX_MGMT;
3754 
3755 	/* Workaround:
3756 	 *
3757 	 * Some wmi-tlv firmwares for qca6174 have broken Tx key selection for
3758 	 * NativeWifi txmode - it selects AP key instead of peer key. It seems
3759 	 * to work with Ethernet txmode so use it.
3760 	 *
3761 	 * FIXME: Check if raw mode works with TDLS.
3762 	 */
3763 	if (ieee80211_is_data_present(fc) && sta && sta->tdls)
3764 		return ATH10K_HW_TXRX_ETHERNET;
3765 
3766 	if (test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) ||
3767 	    skb_cb->flags & ATH10K_SKB_F_RAW_TX)
3768 		return ATH10K_HW_TXRX_RAW;
3769 
3770 	return ATH10K_HW_TXRX_NATIVE_WIFI;
3771 }
3772 
3773 static bool ath10k_tx_h_use_hwcrypto(struct ieee80211_vif *vif,
3774 				     struct sk_buff *skb)
3775 {
3776 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3777 	const struct ieee80211_hdr *hdr = (void *)skb->data;
3778 	const u32 mask = IEEE80211_TX_INTFL_DONT_ENCRYPT |
3779 			 IEEE80211_TX_CTL_INJECTED;
3780 
3781 	if (!ieee80211_has_protected(hdr->frame_control))
3782 		return false;
3783 
3784 	if ((info->flags & mask) == mask)
3785 		return false;
3786 
3787 	if (vif)
3788 		return !((struct ath10k_vif *)vif->drv_priv)->nohwcrypt;
3789 
3790 	return true;
3791 }
3792 
3793 /* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
3794  * Control in the header.
3795  */
3796 static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
3797 {
3798 	struct ieee80211_hdr *hdr = (void *)skb->data;
3799 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3800 	u8 *qos_ctl;
3801 
3802 	if (!ieee80211_is_data_qos(hdr->frame_control))
3803 		return;
3804 
3805 	qos_ctl = ieee80211_get_qos_ctl(hdr);
3806 	memmove(skb->data + IEEE80211_QOS_CTL_LEN,
3807 		skb->data, (void *)qos_ctl - (void *)skb->data);
3808 	skb_pull(skb, IEEE80211_QOS_CTL_LEN);
3809 
3810 	/* Some firmware revisions don't handle sending QoS NullFunc well.
3811 	 * These frames are mainly used for CQM purposes so it doesn't really
3812 	 * matter whether QoS NullFunc or NullFunc are sent.
3813 	 */
3814 	hdr = (void *)skb->data;
3815 	if (ieee80211_is_qos_nullfunc(hdr->frame_control))
3816 		cb->flags &= ~ATH10K_SKB_F_QOS;
3817 
3818 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3819 }
3820 
3821 static void ath10k_tx_h_8023(struct sk_buff *skb)
3822 {
3823 	struct ieee80211_hdr *hdr;
3824 	struct rfc1042_hdr *rfc1042;
3825 	struct ethhdr *eth;
3826 	size_t hdrlen;
3827 	u8 da[ETH_ALEN];
3828 	u8 sa[ETH_ALEN];
3829 	__be16 type;
3830 
3831 	hdr = (void *)skb->data;
3832 	hdrlen = ieee80211_hdrlen(hdr->frame_control);
3833 	rfc1042 = (void *)skb->data + hdrlen;
3834 
3835 	ether_addr_copy(da, ieee80211_get_DA(hdr));
3836 	ether_addr_copy(sa, ieee80211_get_SA(hdr));
3837 	type = rfc1042->snap_type;
3838 
3839 	skb_pull(skb, hdrlen + sizeof(*rfc1042));
3840 	skb_push(skb, sizeof(*eth));
3841 
3842 	eth = (void *)skb->data;
3843 	ether_addr_copy(eth->h_dest, da);
3844 	ether_addr_copy(eth->h_source, sa);
3845 	eth->h_proto = type;
3846 }
3847 
3848 static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
3849 				       struct ieee80211_vif *vif,
3850 				       struct sk_buff *skb)
3851 {
3852 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
3853 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3854 
3855 	/* This is case only for P2P_GO */
3856 	if (vif->type != NL80211_IFTYPE_AP || !vif->p2p)
3857 		return;
3858 
3859 	if (unlikely(ieee80211_is_probe_resp(hdr->frame_control))) {
3860 		spin_lock_bh(&ar->data_lock);
3861 		if (arvif->u.ap.noa_data)
3862 			if (!pskb_expand_head(skb, 0, arvif->u.ap.noa_len,
3863 					      GFP_ATOMIC))
3864 				skb_put_data(skb, arvif->u.ap.noa_data,
3865 					     arvif->u.ap.noa_len);
3866 		spin_unlock_bh(&ar->data_lock);
3867 	}
3868 }
3869 
3870 static void ath10k_mac_tx_h_fill_cb(struct ath10k *ar,
3871 				    struct ieee80211_vif *vif,
3872 				    struct ieee80211_txq *txq,
3873 				    struct ieee80211_sta *sta,
3874 				    struct sk_buff *skb, u16 airtime)
3875 {
3876 	struct ieee80211_hdr *hdr = (void *)skb->data;
3877 	struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
3878 	const struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3879 	bool is_data = ieee80211_is_data(hdr->frame_control) ||
3880 			ieee80211_is_data_qos(hdr->frame_control);
3881 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
3882 	struct ath10k_sta *arsta;
3883 	u8 tid, *qos_ctl;
3884 	bool noack = false;
3885 
3886 	cb->flags = 0;
3887 
3888 	if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3889 		cb->flags |= ATH10K_SKB_F_QOS;	/* Assume data frames are QoS */
3890 		goto finish_cb_fill;
3891 	}
3892 
3893 	if (!ath10k_tx_h_use_hwcrypto(vif, skb))
3894 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3895 
3896 	if (ieee80211_is_mgmt(hdr->frame_control))
3897 		cb->flags |= ATH10K_SKB_F_MGMT;
3898 
3899 	if (ieee80211_is_data_qos(hdr->frame_control)) {
3900 		cb->flags |= ATH10K_SKB_F_QOS;
3901 		qos_ctl = ieee80211_get_qos_ctl(hdr);
3902 		tid = (*qos_ctl) & IEEE80211_QOS_CTL_TID_MASK;
3903 
3904 		if (arvif->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3905 			noack = true;
3906 
3907 		if (sta) {
3908 			arsta = (struct ath10k_sta *)sta->drv_priv;
3909 
3910 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_NOACK)
3911 				noack = true;
3912 
3913 			if (arsta->noack[tid] == WMI_PEER_TID_CONFIG_ACK)
3914 				noack = false;
3915 		}
3916 
3917 		if (noack)
3918 			cb->flags |= ATH10K_SKB_F_NOACK_TID;
3919 	}
3920 
3921 	/* Data frames encrypted in software will be posted to firmware
3922 	 * with tx encap mode set to RAW. Ex: Multicast traffic generated
3923 	 * for a specific VLAN group will always be encrypted in software.
3924 	 */
3925 	if (is_data && ieee80211_has_protected(hdr->frame_control) &&
3926 	    !info->control.hw_key) {
3927 		cb->flags |= ATH10K_SKB_F_NO_HWCRYPT;
3928 		cb->flags |= ATH10K_SKB_F_RAW_TX;
3929 	}
3930 
3931 finish_cb_fill:
3932 	cb->vif = vif;
3933 	cb->txq = txq;
3934 	cb->airtime_est = airtime;
3935 	if (sta) {
3936 		arsta = (struct ath10k_sta *)sta->drv_priv;
3937 		spin_lock_bh(&ar->data_lock);
3938 		cb->ucast_cipher = arsta->ucast_cipher;
3939 		spin_unlock_bh(&ar->data_lock);
3940 	}
3941 }
3942 
3943 bool ath10k_mac_tx_frm_has_freq(struct ath10k *ar)
3944 {
3945 	/* FIXME: Not really sure since when the behaviour changed. At some
3946 	 * point new firmware stopped requiring creation of peer entries for
3947 	 * offchannel tx (and actually creating them causes issues with wmi-htc
3948 	 * tx credit replenishment and reliability). Assuming it's at least 3.4
3949 	 * because that's when the `freq` was introduced to TX_FRM HTT command.
3950 	 */
3951 	return (ar->htt.target_version_major >= 3 &&
3952 		ar->htt.target_version_minor >= 4 &&
3953 		ar->running_fw->fw_file.htt_op_version == ATH10K_FW_HTT_OP_VERSION_TLV);
3954 }
3955 
3956 static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
3957 {
3958 	struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
3959 
3960 	if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
3961 		ath10k_warn(ar, "wmi mgmt tx queue is full\n");
3962 		return -ENOSPC;
3963 	}
3964 
3965 	skb_queue_tail(q, skb);
3966 	ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
3967 
3968 	return 0;
3969 }
3970 
3971 static enum ath10k_mac_tx_path
3972 ath10k_mac_tx_h_get_txpath(struct ath10k *ar,
3973 			   struct sk_buff *skb,
3974 			   enum ath10k_hw_txrx_mode txmode)
3975 {
3976 	switch (txmode) {
3977 	case ATH10K_HW_TXRX_RAW:
3978 	case ATH10K_HW_TXRX_NATIVE_WIFI:
3979 	case ATH10K_HW_TXRX_ETHERNET:
3980 		return ATH10K_MAC_TX_HTT;
3981 	case ATH10K_HW_TXRX_MGMT:
3982 		if (test_bit(ATH10K_FW_FEATURE_HAS_WMI_MGMT_TX,
3983 			     ar->running_fw->fw_file.fw_features) ||
3984 			     test_bit(WMI_SERVICE_MGMT_TX_WMI,
3985 				      ar->wmi.svc_map))
3986 			return ATH10K_MAC_TX_WMI_MGMT;
3987 		else if (ar->htt.target_version_major >= 3)
3988 			return ATH10K_MAC_TX_HTT;
3989 		else
3990 			return ATH10K_MAC_TX_HTT_MGMT;
3991 	}
3992 
3993 	return ATH10K_MAC_TX_UNKNOWN;
3994 }
3995 
3996 static int ath10k_mac_tx_submit(struct ath10k *ar,
3997 				enum ath10k_hw_txrx_mode txmode,
3998 				enum ath10k_mac_tx_path txpath,
3999 				struct sk_buff *skb)
4000 {
4001 	struct ath10k_htt *htt = &ar->htt;
4002 	int ret = -EINVAL;
4003 
4004 	switch (txpath) {
4005 	case ATH10K_MAC_TX_HTT:
4006 		ret = ath10k_htt_tx(htt, txmode, skb);
4007 		break;
4008 	case ATH10K_MAC_TX_HTT_MGMT:
4009 		ret = ath10k_htt_mgmt_tx(htt, skb);
4010 		break;
4011 	case ATH10K_MAC_TX_WMI_MGMT:
4012 		ret = ath10k_mac_tx_wmi_mgmt(ar, skb);
4013 		break;
4014 	case ATH10K_MAC_TX_UNKNOWN:
4015 		WARN_ON_ONCE(1);
4016 		ret = -EINVAL;
4017 		break;
4018 	}
4019 
4020 	if (ret) {
4021 		ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
4022 			    ret);
4023 		ieee80211_free_txskb(ar->hw, skb);
4024 	}
4025 
4026 	return ret;
4027 }
4028 
4029 /* This function consumes the sk_buff regardless of return value as far as
4030  * caller is concerned so no freeing is necessary afterwards.
4031  */
4032 static int ath10k_mac_tx(struct ath10k *ar,
4033 			 struct ieee80211_vif *vif,
4034 			 enum ath10k_hw_txrx_mode txmode,
4035 			 enum ath10k_mac_tx_path txpath,
4036 			 struct sk_buff *skb, bool noque_offchan)
4037 {
4038 	struct ieee80211_hw *hw = ar->hw;
4039 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4040 	const struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
4041 	int ret;
4042 
4043 	/* We should disable CCK RATE due to P2P */
4044 	if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
4045 		ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
4046 
4047 	switch (txmode) {
4048 	case ATH10K_HW_TXRX_MGMT:
4049 	case ATH10K_HW_TXRX_NATIVE_WIFI:
4050 		ath10k_tx_h_nwifi(hw, skb);
4051 		ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
4052 		ath10k_tx_h_seq_no(vif, skb);
4053 		break;
4054 	case ATH10K_HW_TXRX_ETHERNET:
4055 		/* Convert 802.11->802.3 header only if the frame was earlier
4056 		 * encapsulated to 802.11 by mac80211. Otherwise pass it as is.
4057 		 */
4058 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP))
4059 			ath10k_tx_h_8023(skb);
4060 		break;
4061 	case ATH10K_HW_TXRX_RAW:
4062 		if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags) &&
4063 		    !(skb_cb->flags & ATH10K_SKB_F_RAW_TX)) {
4064 			WARN_ON_ONCE(1);
4065 			ieee80211_free_txskb(hw, skb);
4066 			return -ENOTSUPP;
4067 		}
4068 	}
4069 
4070 	if (!noque_offchan && info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
4071 		if (!ath10k_mac_tx_frm_has_freq(ar)) {
4072 			ath10k_dbg(ar, ATH10K_DBG_MAC, "mac queued offchannel skb %pK len %d\n",
4073 				   skb, skb->len);
4074 
4075 			skb_queue_tail(&ar->offchan_tx_queue, skb);
4076 			ieee80211_queue_work(hw, &ar->offchan_tx_work);
4077 			return 0;
4078 		}
4079 	}
4080 
4081 	ret = ath10k_mac_tx_submit(ar, txmode, txpath, skb);
4082 	if (ret) {
4083 		ath10k_warn(ar, "failed to submit frame: %d\n", ret);
4084 		return ret;
4085 	}
4086 
4087 	return 0;
4088 }
4089 
4090 void ath10k_offchan_tx_purge(struct ath10k *ar)
4091 {
4092 	struct sk_buff *skb;
4093 
4094 	for (;;) {
4095 		skb = skb_dequeue(&ar->offchan_tx_queue);
4096 		if (!skb)
4097 			break;
4098 
4099 		ieee80211_free_txskb(ar->hw, skb);
4100 	}
4101 }
4102 
4103 void ath10k_offchan_tx_work(struct work_struct *work)
4104 {
4105 	struct ath10k *ar = container_of(work, struct ath10k, offchan_tx_work);
4106 	struct ath10k_peer *peer;
4107 	struct ath10k_vif *arvif;
4108 	enum ath10k_hw_txrx_mode txmode;
4109 	enum ath10k_mac_tx_path txpath;
4110 	struct ieee80211_hdr *hdr;
4111 	struct ieee80211_vif *vif;
4112 	struct ieee80211_sta *sta;
4113 	struct sk_buff *skb;
4114 	const u8 *peer_addr;
4115 	int vdev_id;
4116 	int ret;
4117 	unsigned long time_left;
4118 	bool tmp_peer_created = false;
4119 
4120 	/* FW requirement: We must create a peer before FW will send out
4121 	 * an offchannel frame. Otherwise the frame will be stuck and
4122 	 * never transmitted. We delete the peer upon tx completion.
4123 	 * It is unlikely that a peer for offchannel tx will already be
4124 	 * present. However it may be in some rare cases so account for that.
4125 	 * Otherwise we might remove a legitimate peer and break stuff.
4126 	 */
4127 
4128 	for (;;) {
4129 		skb = skb_dequeue(&ar->offchan_tx_queue);
4130 		if (!skb)
4131 			break;
4132 
4133 		mutex_lock(&ar->conf_mutex);
4134 
4135 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %pK len %d\n",
4136 			   skb, skb->len);
4137 
4138 		hdr = (struct ieee80211_hdr *)skb->data;
4139 		peer_addr = ieee80211_get_DA(hdr);
4140 
4141 		spin_lock_bh(&ar->data_lock);
4142 		vdev_id = ar->scan.vdev_id;
4143 		peer = ath10k_peer_find(ar, vdev_id, peer_addr);
4144 		spin_unlock_bh(&ar->data_lock);
4145 
4146 		if (peer) {
4147 			ath10k_warn(ar, "peer %pM on vdev %d already present\n",
4148 				    peer_addr, vdev_id);
4149 		} else {
4150 			ret = ath10k_peer_create(ar, NULL, NULL, vdev_id,
4151 						 peer_addr,
4152 						 WMI_PEER_TYPE_DEFAULT);
4153 			if (ret)
4154 				ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
4155 					    peer_addr, vdev_id, ret);
4156 			tmp_peer_created = (ret == 0);
4157 		}
4158 
4159 		spin_lock_bh(&ar->data_lock);
4160 		reinit_completion(&ar->offchan_tx_completed);
4161 		ar->offchan_tx_skb = skb;
4162 		spin_unlock_bh(&ar->data_lock);
4163 
4164 		/* It's safe to access vif and sta - conf_mutex guarantees that
4165 		 * sta_state() and remove_interface() are locked exclusively
4166 		 * out wrt to this offchannel worker.
4167 		 */
4168 		arvif = ath10k_get_arvif(ar, vdev_id);
4169 		if (arvif) {
4170 			vif = arvif->vif;
4171 			sta = ieee80211_find_sta(vif, peer_addr);
4172 		} else {
4173 			vif = NULL;
4174 			sta = NULL;
4175 		}
4176 
4177 		txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4178 		txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4179 
4180 		ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, true);
4181 		if (ret) {
4182 			ath10k_warn(ar, "failed to transmit offchannel frame: %d\n",
4183 				    ret);
4184 			/* not serious */
4185 		}
4186 
4187 		time_left =
4188 		wait_for_completion_timeout(&ar->offchan_tx_completed, 3 * HZ);
4189 		if (time_left == 0)
4190 			ath10k_warn(ar, "timed out waiting for offchannel skb %pK, len: %d\n",
4191 				    skb, skb->len);
4192 
4193 		if (!peer && tmp_peer_created) {
4194 			ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
4195 			if (ret)
4196 				ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
4197 					    peer_addr, vdev_id, ret);
4198 		}
4199 
4200 		mutex_unlock(&ar->conf_mutex);
4201 	}
4202 }
4203 
4204 void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar)
4205 {
4206 	struct sk_buff *skb;
4207 
4208 	for (;;) {
4209 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4210 		if (!skb)
4211 			break;
4212 
4213 		ieee80211_free_txskb(ar->hw, skb);
4214 	}
4215 }
4216 
4217 void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work)
4218 {
4219 	struct ath10k *ar = container_of(work, struct ath10k, wmi_mgmt_tx_work);
4220 	struct sk_buff *skb;
4221 	dma_addr_t paddr;
4222 	int ret;
4223 
4224 	for (;;) {
4225 		skb = skb_dequeue(&ar->wmi_mgmt_tx_queue);
4226 		if (!skb)
4227 			break;
4228 
4229 		if (test_bit(ATH10K_FW_FEATURE_MGMT_TX_BY_REF,
4230 			     ar->running_fw->fw_file.fw_features)) {
4231 			paddr = dma_map_single(ar->dev, skb->data,
4232 					       skb->len, DMA_TO_DEVICE);
4233 			if (dma_mapping_error(ar->dev, paddr)) {
4234 				ieee80211_free_txskb(ar->hw, skb);
4235 				continue;
4236 			}
4237 			ret = ath10k_wmi_mgmt_tx_send(ar, skb, paddr);
4238 			if (ret) {
4239 				ath10k_warn(ar, "failed to transmit management frame by ref via WMI: %d\n",
4240 					    ret);
4241 				/* remove this msdu from idr tracking */
4242 				ath10k_wmi_cleanup_mgmt_tx_send(ar, skb);
4243 
4244 				dma_unmap_single(ar->dev, paddr, skb->len,
4245 						 DMA_TO_DEVICE);
4246 				ieee80211_free_txskb(ar->hw, skb);
4247 			}
4248 		} else {
4249 			ret = ath10k_wmi_mgmt_tx(ar, skb);
4250 			if (ret) {
4251 				ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
4252 					    ret);
4253 				ieee80211_free_txskb(ar->hw, skb);
4254 			}
4255 		}
4256 	}
4257 }
4258 
4259 static void ath10k_mac_txq_init(struct ieee80211_txq *txq)
4260 {
4261 	struct ath10k_txq *artxq;
4262 
4263 	if (!txq)
4264 		return;
4265 
4266 	artxq = (void *)txq->drv_priv;
4267 	INIT_LIST_HEAD(&artxq->list);
4268 }
4269 
4270 static void ath10k_mac_txq_unref(struct ath10k *ar, struct ieee80211_txq *txq)
4271 {
4272 	struct ath10k_skb_cb *cb;
4273 	struct sk_buff *msdu;
4274 	int msdu_id;
4275 
4276 	if (!txq)
4277 		return;
4278 
4279 	spin_lock_bh(&ar->htt.tx_lock);
4280 	idr_for_each_entry(&ar->htt.pending_tx, msdu, msdu_id) {
4281 		cb = ATH10K_SKB_CB(msdu);
4282 		if (cb->txq == txq)
4283 			cb->txq = NULL;
4284 	}
4285 	spin_unlock_bh(&ar->htt.tx_lock);
4286 }
4287 
4288 struct ieee80211_txq *ath10k_mac_txq_lookup(struct ath10k *ar,
4289 					    u16 peer_id,
4290 					    u8 tid)
4291 {
4292 	struct ath10k_peer *peer;
4293 
4294 	lockdep_assert_held(&ar->data_lock);
4295 
4296 	peer = ar->peer_map[peer_id];
4297 	if (!peer)
4298 		return NULL;
4299 
4300 	if (peer->removed)
4301 		return NULL;
4302 
4303 	if (peer->sta)
4304 		return peer->sta->txq[tid];
4305 	else if (peer->vif)
4306 		return peer->vif->txq;
4307 	else
4308 		return NULL;
4309 }
4310 
4311 static bool ath10k_mac_tx_can_push(struct ieee80211_hw *hw,
4312 				   struct ieee80211_txq *txq)
4313 {
4314 	struct ath10k *ar = hw->priv;
4315 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4316 
4317 	/* No need to get locks */
4318 	if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH)
4319 		return true;
4320 
4321 	if (ar->htt.num_pending_tx < ar->htt.tx_q_state.num_push_allowed)
4322 		return true;
4323 
4324 	if (artxq->num_fw_queued < artxq->num_push_allowed)
4325 		return true;
4326 
4327 	return false;
4328 }
4329 
4330 /* Return estimated airtime in microsecond, which is calculated using last
4331  * reported TX rate. This is just a rough estimation because host driver has no
4332  * knowledge of the actual transmit rate, retries or aggregation. If actual
4333  * airtime can be reported by firmware, then delta between estimated and actual
4334  * airtime can be adjusted from deficit.
4335  */
4336 #define IEEE80211_ATF_OVERHEAD		100	/* IFS + some slot time */
4337 #define IEEE80211_ATF_OVERHEAD_IFS	16	/* IFS only */
4338 static u16 ath10k_mac_update_airtime(struct ath10k *ar,
4339 				     struct ieee80211_txq *txq,
4340 				     struct sk_buff *skb)
4341 {
4342 	struct ath10k_sta *arsta;
4343 	u32 pktlen;
4344 	u16 airtime = 0;
4345 
4346 	if (!txq || !txq->sta)
4347 		return airtime;
4348 
4349 	if (test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
4350 		return airtime;
4351 
4352 	spin_lock_bh(&ar->data_lock);
4353 	arsta = (struct ath10k_sta *)txq->sta->drv_priv;
4354 
4355 	pktlen = skb->len + 38; /* Assume MAC header 30, SNAP 8 for most case */
4356 	if (arsta->last_tx_bitrate) {
4357 		/* airtime in us, last_tx_bitrate in 100kbps */
4358 		airtime = (pktlen * 8 * (1000 / 100))
4359 				/ arsta->last_tx_bitrate;
4360 		/* overhead for media access time and IFS */
4361 		airtime += IEEE80211_ATF_OVERHEAD_IFS;
4362 	} else {
4363 		/* This is mostly for throttle excessive BC/MC frames, and the
4364 		 * airtime/rate doesn't need be exact. Airtime of BC/MC frames
4365 		 * in 2G get some discount, which helps prevent very low rate
4366 		 * frames from being blocked for too long.
4367 		 */
4368 		airtime = (pktlen * 8 * (1000 / 100)) / 60; /* 6M */
4369 		airtime += IEEE80211_ATF_OVERHEAD;
4370 	}
4371 	spin_unlock_bh(&ar->data_lock);
4372 
4373 	return airtime;
4374 }
4375 
4376 int ath10k_mac_tx_push_txq(struct ieee80211_hw *hw,
4377 			   struct ieee80211_txq *txq)
4378 {
4379 	struct ath10k *ar = hw->priv;
4380 	struct ath10k_htt *htt = &ar->htt;
4381 	struct ath10k_txq *artxq = (void *)txq->drv_priv;
4382 	struct ieee80211_vif *vif = txq->vif;
4383 	struct ieee80211_sta *sta = txq->sta;
4384 	enum ath10k_hw_txrx_mode txmode;
4385 	enum ath10k_mac_tx_path txpath;
4386 	struct sk_buff *skb;
4387 	struct ieee80211_hdr *hdr;
4388 	size_t skb_len;
4389 	bool is_mgmt, is_presp;
4390 	int ret;
4391 	u16 airtime;
4392 
4393 	spin_lock_bh(&ar->htt.tx_lock);
4394 	ret = ath10k_htt_tx_inc_pending(htt);
4395 	spin_unlock_bh(&ar->htt.tx_lock);
4396 
4397 	if (ret)
4398 		return ret;
4399 
4400 	skb = ieee80211_tx_dequeue_ni(hw, txq);
4401 	if (!skb) {
4402 		spin_lock_bh(&ar->htt.tx_lock);
4403 		ath10k_htt_tx_dec_pending(htt);
4404 		spin_unlock_bh(&ar->htt.tx_lock);
4405 
4406 		return -ENOENT;
4407 	}
4408 
4409 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4410 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4411 
4412 	skb_len = skb->len;
4413 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4414 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4415 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4416 
4417 	if (is_mgmt) {
4418 		hdr = (struct ieee80211_hdr *)skb->data;
4419 		is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4420 
4421 		spin_lock_bh(&ar->htt.tx_lock);
4422 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4423 
4424 		if (ret) {
4425 			ath10k_htt_tx_dec_pending(htt);
4426 			spin_unlock_bh(&ar->htt.tx_lock);
4427 			return ret;
4428 		}
4429 		spin_unlock_bh(&ar->htt.tx_lock);
4430 	}
4431 
4432 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4433 	if (unlikely(ret)) {
4434 		ath10k_warn(ar, "failed to push frame: %d\n", ret);
4435 
4436 		spin_lock_bh(&ar->htt.tx_lock);
4437 		ath10k_htt_tx_dec_pending(htt);
4438 		if (is_mgmt)
4439 			ath10k_htt_tx_mgmt_dec_pending(htt);
4440 		spin_unlock_bh(&ar->htt.tx_lock);
4441 
4442 		return ret;
4443 	}
4444 
4445 	spin_lock_bh(&ar->htt.tx_lock);
4446 	artxq->num_fw_queued++;
4447 	spin_unlock_bh(&ar->htt.tx_lock);
4448 
4449 	return skb_len;
4450 }
4451 
4452 static int ath10k_mac_schedule_txq(struct ieee80211_hw *hw, u32 ac)
4453 {
4454 	struct ieee80211_txq *txq;
4455 	int ret = 0;
4456 
4457 	ieee80211_txq_schedule_start(hw, ac);
4458 	while ((txq = ieee80211_next_txq(hw, ac))) {
4459 		while (ath10k_mac_tx_can_push(hw, txq)) {
4460 			ret = ath10k_mac_tx_push_txq(hw, txq);
4461 			if (ret < 0)
4462 				break;
4463 		}
4464 		ieee80211_return_txq(hw, txq, false);
4465 		ath10k_htt_tx_txq_update(hw, txq);
4466 		if (ret == -EBUSY)
4467 			break;
4468 	}
4469 	ieee80211_txq_schedule_end(hw, ac);
4470 
4471 	return ret;
4472 }
4473 
4474 void ath10k_mac_tx_push_pending(struct ath10k *ar)
4475 {
4476 	struct ieee80211_hw *hw = ar->hw;
4477 	u32 ac;
4478 
4479 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4480 		return;
4481 
4482 	if (ar->htt.num_pending_tx >= (ar->htt.max_num_pending_tx / 2))
4483 		return;
4484 
4485 	rcu_read_lock();
4486 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4487 		if (ath10k_mac_schedule_txq(hw, ac) == -EBUSY)
4488 			break;
4489 	}
4490 	rcu_read_unlock();
4491 }
4492 EXPORT_SYMBOL(ath10k_mac_tx_push_pending);
4493 
4494 /************/
4495 /* Scanning */
4496 /************/
4497 
4498 void __ath10k_scan_finish(struct ath10k *ar)
4499 {
4500 	lockdep_assert_held(&ar->data_lock);
4501 
4502 	switch (ar->scan.state) {
4503 	case ATH10K_SCAN_IDLE:
4504 		break;
4505 	case ATH10K_SCAN_RUNNING:
4506 	case ATH10K_SCAN_ABORTING:
4507 		if (!ar->scan.is_roc) {
4508 			struct cfg80211_scan_info info = {
4509 				.aborted = (ar->scan.state ==
4510 					    ATH10K_SCAN_ABORTING),
4511 			};
4512 
4513 			ieee80211_scan_completed(ar->hw, &info);
4514 		} else if (ar->scan.roc_notify) {
4515 			ieee80211_remain_on_channel_expired(ar->hw);
4516 		}
4517 		fallthrough;
4518 	case ATH10K_SCAN_STARTING:
4519 		ar->scan.state = ATH10K_SCAN_IDLE;
4520 		ar->scan_channel = NULL;
4521 		ar->scan.roc_freq = 0;
4522 		ath10k_offchan_tx_purge(ar);
4523 		cancel_delayed_work(&ar->scan.timeout);
4524 		complete(&ar->scan.completed);
4525 		break;
4526 	}
4527 }
4528 
4529 void ath10k_scan_finish(struct ath10k *ar)
4530 {
4531 	spin_lock_bh(&ar->data_lock);
4532 	__ath10k_scan_finish(ar);
4533 	spin_unlock_bh(&ar->data_lock);
4534 }
4535 
4536 static int ath10k_scan_stop(struct ath10k *ar)
4537 {
4538 	struct wmi_stop_scan_arg arg = {
4539 		.req_id = 1, /* FIXME */
4540 		.req_type = WMI_SCAN_STOP_ONE,
4541 		.u.scan_id = ATH10K_SCAN_ID,
4542 	};
4543 	int ret;
4544 
4545 	lockdep_assert_held(&ar->conf_mutex);
4546 
4547 	ret = ath10k_wmi_stop_scan(ar, &arg);
4548 	if (ret) {
4549 		ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
4550 		goto out;
4551 	}
4552 
4553 	ret = wait_for_completion_timeout(&ar->scan.completed, 3 * HZ);
4554 	if (ret == 0) {
4555 		ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
4556 		ret = -ETIMEDOUT;
4557 	} else if (ret > 0) {
4558 		ret = 0;
4559 	}
4560 
4561 out:
4562 	/* Scan state should be updated upon scan completion but in case
4563 	 * firmware fails to deliver the event (for whatever reason) it is
4564 	 * desired to clean up scan state anyway. Firmware may have just
4565 	 * dropped the scan completion event delivery due to transport pipe
4566 	 * being overflown with data and/or it can recover on its own before
4567 	 * next scan request is submitted.
4568 	 */
4569 	spin_lock_bh(&ar->data_lock);
4570 	if (ar->scan.state != ATH10K_SCAN_IDLE)
4571 		__ath10k_scan_finish(ar);
4572 	spin_unlock_bh(&ar->data_lock);
4573 
4574 	return ret;
4575 }
4576 
4577 static void ath10k_scan_abort(struct ath10k *ar)
4578 {
4579 	int ret;
4580 
4581 	lockdep_assert_held(&ar->conf_mutex);
4582 
4583 	spin_lock_bh(&ar->data_lock);
4584 
4585 	switch (ar->scan.state) {
4586 	case ATH10K_SCAN_IDLE:
4587 		/* This can happen if timeout worker kicked in and called
4588 		 * abortion while scan completion was being processed.
4589 		 */
4590 		break;
4591 	case ATH10K_SCAN_STARTING:
4592 	case ATH10K_SCAN_ABORTING:
4593 		ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
4594 			    ath10k_scan_state_str(ar->scan.state),
4595 			    ar->scan.state);
4596 		break;
4597 	case ATH10K_SCAN_RUNNING:
4598 		ar->scan.state = ATH10K_SCAN_ABORTING;
4599 		spin_unlock_bh(&ar->data_lock);
4600 
4601 		ret = ath10k_scan_stop(ar);
4602 		if (ret)
4603 			ath10k_warn(ar, "failed to abort scan: %d\n", ret);
4604 
4605 		spin_lock_bh(&ar->data_lock);
4606 		break;
4607 	}
4608 
4609 	spin_unlock_bh(&ar->data_lock);
4610 }
4611 
4612 void ath10k_scan_timeout_work(struct work_struct *work)
4613 {
4614 	struct ath10k *ar = container_of(work, struct ath10k,
4615 					 scan.timeout.work);
4616 
4617 	mutex_lock(&ar->conf_mutex);
4618 	ath10k_scan_abort(ar);
4619 	mutex_unlock(&ar->conf_mutex);
4620 }
4621 
4622 static int ath10k_start_scan(struct ath10k *ar,
4623 			     const struct wmi_start_scan_arg *arg)
4624 {
4625 	int ret;
4626 
4627 	lockdep_assert_held(&ar->conf_mutex);
4628 
4629 	ret = ath10k_wmi_start_scan(ar, arg);
4630 	if (ret)
4631 		return ret;
4632 
4633 	ret = wait_for_completion_timeout(&ar->scan.started, 1 * HZ);
4634 	if (ret == 0) {
4635 		ret = ath10k_scan_stop(ar);
4636 		if (ret)
4637 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
4638 
4639 		return -ETIMEDOUT;
4640 	}
4641 
4642 	/* If we failed to start the scan, return error code at
4643 	 * this point.  This is probably due to some issue in the
4644 	 * firmware, but no need to wedge the driver due to that...
4645 	 */
4646 	spin_lock_bh(&ar->data_lock);
4647 	if (ar->scan.state == ATH10K_SCAN_IDLE) {
4648 		spin_unlock_bh(&ar->data_lock);
4649 		return -EINVAL;
4650 	}
4651 	spin_unlock_bh(&ar->data_lock);
4652 
4653 	return 0;
4654 }
4655 
4656 /**********************/
4657 /* mac80211 callbacks */
4658 /**********************/
4659 
4660 static void ath10k_mac_op_tx(struct ieee80211_hw *hw,
4661 			     struct ieee80211_tx_control *control,
4662 			     struct sk_buff *skb)
4663 {
4664 	struct ath10k *ar = hw->priv;
4665 	struct ath10k_htt *htt = &ar->htt;
4666 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4667 	struct ieee80211_vif *vif = info->control.vif;
4668 	struct ieee80211_sta *sta = control->sta;
4669 	struct ieee80211_txq *txq = NULL;
4670 	enum ath10k_hw_txrx_mode txmode;
4671 	enum ath10k_mac_tx_path txpath;
4672 	bool is_htt;
4673 	bool is_mgmt;
4674 	int ret;
4675 	u16 airtime;
4676 
4677 	airtime = ath10k_mac_update_airtime(ar, txq, skb);
4678 	ath10k_mac_tx_h_fill_cb(ar, vif, txq, sta, skb, airtime);
4679 
4680 	txmode = ath10k_mac_tx_h_get_txmode(ar, vif, sta, skb);
4681 	txpath = ath10k_mac_tx_h_get_txpath(ar, skb, txmode);
4682 	is_htt = (txpath == ATH10K_MAC_TX_HTT ||
4683 		  txpath == ATH10K_MAC_TX_HTT_MGMT);
4684 	is_mgmt = (txpath == ATH10K_MAC_TX_HTT_MGMT);
4685 
4686 	if (is_htt) {
4687 		bool is_presp = false;
4688 
4689 		spin_lock_bh(&ar->htt.tx_lock);
4690 		if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)) {
4691 			struct ieee80211_hdr *hdr = (void *)skb->data;
4692 
4693 			is_presp = ieee80211_is_probe_resp(hdr->frame_control);
4694 		}
4695 
4696 		ret = ath10k_htt_tx_inc_pending(htt);
4697 		if (ret) {
4698 			ath10k_warn(ar, "failed to increase tx pending count: %d, dropping\n",
4699 				    ret);
4700 			spin_unlock_bh(&ar->htt.tx_lock);
4701 			ieee80211_free_txskb(ar->hw, skb);
4702 			return;
4703 		}
4704 
4705 		ret = ath10k_htt_tx_mgmt_inc_pending(htt, is_mgmt, is_presp);
4706 		if (ret) {
4707 			ath10k_dbg(ar, ATH10K_DBG_MAC, "failed to increase tx mgmt pending count: %d, dropping\n",
4708 				   ret);
4709 			ath10k_htt_tx_dec_pending(htt);
4710 			spin_unlock_bh(&ar->htt.tx_lock);
4711 			ieee80211_free_txskb(ar->hw, skb);
4712 			return;
4713 		}
4714 		spin_unlock_bh(&ar->htt.tx_lock);
4715 	}
4716 
4717 	ret = ath10k_mac_tx(ar, vif, txmode, txpath, skb, false);
4718 	if (ret) {
4719 		ath10k_warn(ar, "failed to transmit frame: %d\n", ret);
4720 		if (is_htt) {
4721 			spin_lock_bh(&ar->htt.tx_lock);
4722 			ath10k_htt_tx_dec_pending(htt);
4723 			if (is_mgmt)
4724 				ath10k_htt_tx_mgmt_dec_pending(htt);
4725 			spin_unlock_bh(&ar->htt.tx_lock);
4726 		}
4727 		return;
4728 	}
4729 }
4730 
4731 static void ath10k_mac_op_wake_tx_queue(struct ieee80211_hw *hw,
4732 					struct ieee80211_txq *txq)
4733 {
4734 	struct ath10k *ar = hw->priv;
4735 	int ret;
4736 	u8 ac = txq->ac;
4737 
4738 	ath10k_htt_tx_txq_update(hw, txq);
4739 	if (ar->htt.tx_q_state.mode != HTT_TX_MODE_SWITCH_PUSH)
4740 		return;
4741 
4742 	spin_lock_bh(&ar->queue_lock[ac]);
4743 
4744 	ieee80211_txq_schedule_start(hw, ac);
4745 	txq = ieee80211_next_txq(hw, ac);
4746 	if (!txq)
4747 		goto out;
4748 
4749 	while (ath10k_mac_tx_can_push(hw, txq)) {
4750 		ret = ath10k_mac_tx_push_txq(hw, txq);
4751 		if (ret < 0)
4752 			break;
4753 	}
4754 	ieee80211_return_txq(hw, txq, false);
4755 	ath10k_htt_tx_txq_update(hw, txq);
4756 out:
4757 	ieee80211_txq_schedule_end(hw, ac);
4758 	spin_unlock_bh(&ar->queue_lock[ac]);
4759 }
4760 
4761 /* Must not be called with conf_mutex held as workers can use that also. */
4762 void ath10k_drain_tx(struct ath10k *ar)
4763 {
4764 	lockdep_assert_not_held(&ar->conf_mutex);
4765 
4766 	/* make sure rcu-protected mac80211 tx path itself is drained */
4767 	synchronize_net();
4768 
4769 	ath10k_offchan_tx_purge(ar);
4770 	ath10k_mgmt_over_wmi_tx_purge(ar);
4771 
4772 	cancel_work_sync(&ar->offchan_tx_work);
4773 	cancel_work_sync(&ar->wmi_mgmt_tx_work);
4774 }
4775 
4776 void ath10k_halt(struct ath10k *ar)
4777 {
4778 	struct ath10k_vif *arvif;
4779 
4780 	lockdep_assert_held(&ar->conf_mutex);
4781 
4782 	clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
4783 	ar->filter_flags = 0;
4784 	ar->monitor = false;
4785 	ar->monitor_arvif = NULL;
4786 
4787 	if (ar->monitor_started)
4788 		ath10k_monitor_stop(ar);
4789 
4790 	ar->monitor_started = false;
4791 	ar->tx_paused = 0;
4792 
4793 	ath10k_scan_finish(ar);
4794 	ath10k_peer_cleanup_all(ar);
4795 	ath10k_stop_radar_confirmation(ar);
4796 	ath10k_core_stop(ar);
4797 	ath10k_hif_power_down(ar);
4798 
4799 	spin_lock_bh(&ar->data_lock);
4800 	list_for_each_entry(arvif, &ar->arvifs, list)
4801 		ath10k_mac_vif_beacon_cleanup(arvif);
4802 	spin_unlock_bh(&ar->data_lock);
4803 }
4804 
4805 static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
4806 {
4807 	struct ath10k *ar = hw->priv;
4808 
4809 	mutex_lock(&ar->conf_mutex);
4810 
4811 	*tx_ant = ar->cfg_tx_chainmask;
4812 	*rx_ant = ar->cfg_rx_chainmask;
4813 
4814 	mutex_unlock(&ar->conf_mutex);
4815 
4816 	return 0;
4817 }
4818 
4819 static bool ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
4820 {
4821 	/* It is not clear that allowing gaps in chainmask
4822 	 * is helpful.  Probably it will not do what user
4823 	 * is hoping for, so warn in that case.
4824 	 */
4825 	if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
4826 		return true;
4827 
4828 	ath10k_warn(ar, "mac %s antenna chainmask is invalid: 0x%x.  Suggested values: 15, 7, 3, 1 or 0.\n",
4829 		    dbg, cm);
4830 	return false;
4831 }
4832 
4833 static int ath10k_mac_get_vht_cap_bf_sts(struct ath10k *ar)
4834 {
4835 	int nsts = ar->vht_cap_info;
4836 
4837 	nsts &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4838 	nsts >>= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4839 
4840 	/* If firmware does not deliver to host number of space-time
4841 	 * streams supported, assume it support up to 4 BF STS and return
4842 	 * the value for VHT CAP: nsts-1)
4843 	 */
4844 	if (nsts == 0)
4845 		return 3;
4846 
4847 	return nsts;
4848 }
4849 
4850 static int ath10k_mac_get_vht_cap_bf_sound_dim(struct ath10k *ar)
4851 {
4852 	int sound_dim = ar->vht_cap_info;
4853 
4854 	sound_dim &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4855 	sound_dim >>= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4856 
4857 	/* If the sounding dimension is not advertised by the firmware,
4858 	 * let's use a default value of 1
4859 	 */
4860 	if (sound_dim == 0)
4861 		return 1;
4862 
4863 	return sound_dim;
4864 }
4865 
4866 static struct ieee80211_sta_vht_cap ath10k_create_vht_cap(struct ath10k *ar)
4867 {
4868 	struct ieee80211_sta_vht_cap vht_cap = {0};
4869 	struct ath10k_hw_params *hw = &ar->hw_params;
4870 	u16 mcs_map;
4871 	u32 val;
4872 	int i;
4873 
4874 	vht_cap.vht_supported = 1;
4875 	vht_cap.cap = ar->vht_cap_info;
4876 
4877 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
4878 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
4879 		val = ath10k_mac_get_vht_cap_bf_sts(ar);
4880 		val <<= IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
4881 		val &= IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
4882 
4883 		vht_cap.cap |= val;
4884 	}
4885 
4886 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
4887 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
4888 		val = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
4889 		val <<= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT;
4890 		val &= IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK;
4891 
4892 		vht_cap.cap |= val;
4893 	}
4894 
4895 	mcs_map = 0;
4896 	for (i = 0; i < 8; i++) {
4897 		if ((i < ar->num_rf_chains) && (ar->cfg_tx_chainmask & BIT(i)))
4898 			mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
4899 		else
4900 			mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
4901 	}
4902 
4903 	if (ar->cfg_tx_chainmask <= 1)
4904 		vht_cap.cap &= ~IEEE80211_VHT_CAP_TXSTBC;
4905 
4906 	vht_cap.vht_mcs.rx_mcs_map = cpu_to_le16(mcs_map);
4907 	vht_cap.vht_mcs.tx_mcs_map = cpu_to_le16(mcs_map);
4908 
4909 	/* If we are supporting 160Mhz or 80+80, then the NIC may be able to do
4910 	 * a restricted NSS for 160 or 80+80 vs what it can do for 80Mhz.  Give
4911 	 * user-space a clue if that is the case.
4912 	 */
4913 	if ((vht_cap.cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK) &&
4914 	    (hw->vht160_mcs_rx_highest != 0 ||
4915 	     hw->vht160_mcs_tx_highest != 0)) {
4916 		vht_cap.vht_mcs.rx_highest = cpu_to_le16(hw->vht160_mcs_rx_highest);
4917 		vht_cap.vht_mcs.tx_highest = cpu_to_le16(hw->vht160_mcs_tx_highest);
4918 	}
4919 
4920 	return vht_cap;
4921 }
4922 
4923 static struct ieee80211_sta_ht_cap ath10k_get_ht_cap(struct ath10k *ar)
4924 {
4925 	int i;
4926 	struct ieee80211_sta_ht_cap ht_cap = {0};
4927 
4928 	if (!(ar->ht_cap_info & WMI_HT_CAP_ENABLED))
4929 		return ht_cap;
4930 
4931 	ht_cap.ht_supported = 1;
4932 	ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
4933 	ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_8;
4934 	ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
4935 	ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
4936 	ht_cap.cap |=
4937 		WLAN_HT_CAP_SM_PS_DISABLED << IEEE80211_HT_CAP_SM_PS_SHIFT;
4938 
4939 	if (ar->ht_cap_info & WMI_HT_CAP_HT20_SGI)
4940 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
4941 
4942 	if (ar->ht_cap_info & WMI_HT_CAP_HT40_SGI)
4943 		ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
4944 
4945 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS) {
4946 		u32 smps;
4947 
4948 		smps   = WLAN_HT_CAP_SM_PS_DYNAMIC;
4949 		smps <<= IEEE80211_HT_CAP_SM_PS_SHIFT;
4950 
4951 		ht_cap.cap |= smps;
4952 	}
4953 
4954 	if (ar->ht_cap_info & WMI_HT_CAP_TX_STBC && (ar->cfg_tx_chainmask > 1))
4955 		ht_cap.cap |= IEEE80211_HT_CAP_TX_STBC;
4956 
4957 	if (ar->ht_cap_info & WMI_HT_CAP_RX_STBC) {
4958 		u32 stbc;
4959 
4960 		stbc   = ar->ht_cap_info;
4961 		stbc  &= WMI_HT_CAP_RX_STBC;
4962 		stbc >>= WMI_HT_CAP_RX_STBC_MASK_SHIFT;
4963 		stbc <<= IEEE80211_HT_CAP_RX_STBC_SHIFT;
4964 		stbc  &= IEEE80211_HT_CAP_RX_STBC;
4965 
4966 		ht_cap.cap |= stbc;
4967 	}
4968 
4969 	if (ar->ht_cap_info & WMI_HT_CAP_LDPC || (ar->ht_cap_info &
4970 	    WMI_HT_CAP_RX_LDPC && (ar->ht_cap_info & WMI_HT_CAP_TX_LDPC)))
4971 		ht_cap.cap |= IEEE80211_HT_CAP_LDPC_CODING;
4972 
4973 	if (ar->ht_cap_info & WMI_HT_CAP_L_SIG_TXOP_PROT)
4974 		ht_cap.cap |= IEEE80211_HT_CAP_LSIG_TXOP_PROT;
4975 
4976 	/* max AMSDU is implicitly taken from vht_cap_info */
4977 	if (ar->vht_cap_info & WMI_VHT_CAP_MAX_MPDU_LEN_MASK)
4978 		ht_cap.cap |= IEEE80211_HT_CAP_MAX_AMSDU;
4979 
4980 	for (i = 0; i < ar->num_rf_chains; i++) {
4981 		if (ar->cfg_rx_chainmask & BIT(i))
4982 			ht_cap.mcs.rx_mask[i] = 0xFF;
4983 	}
4984 
4985 	ht_cap.mcs.tx_params |= IEEE80211_HT_MCS_TX_DEFINED;
4986 
4987 	return ht_cap;
4988 }
4989 
4990 static void ath10k_mac_setup_ht_vht_cap(struct ath10k *ar)
4991 {
4992 	struct ieee80211_supported_band *band;
4993 	struct ieee80211_sta_vht_cap vht_cap;
4994 	struct ieee80211_sta_ht_cap ht_cap;
4995 
4996 	ht_cap = ath10k_get_ht_cap(ar);
4997 	vht_cap = ath10k_create_vht_cap(ar);
4998 
4999 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
5000 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
5001 		band->ht_cap = ht_cap;
5002 	}
5003 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
5004 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
5005 		band->ht_cap = ht_cap;
5006 		band->vht_cap = vht_cap;
5007 	}
5008 }
5009 
5010 static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
5011 {
5012 	int ret;
5013 	bool is_valid_tx_chain_mask, is_valid_rx_chain_mask;
5014 
5015 	lockdep_assert_held(&ar->conf_mutex);
5016 
5017 	is_valid_tx_chain_mask = ath10k_check_chain_mask(ar, tx_ant, "tx");
5018 	is_valid_rx_chain_mask = ath10k_check_chain_mask(ar, rx_ant, "rx");
5019 
5020 	if (!is_valid_tx_chain_mask || !is_valid_rx_chain_mask)
5021 		return -EINVAL;
5022 
5023 	ar->cfg_tx_chainmask = tx_ant;
5024 	ar->cfg_rx_chainmask = rx_ant;
5025 
5026 	if ((ar->state != ATH10K_STATE_ON) &&
5027 	    (ar->state != ATH10K_STATE_RESTARTED))
5028 		return 0;
5029 
5030 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
5031 					tx_ant);
5032 	if (ret) {
5033 		ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
5034 			    ret, tx_ant);
5035 		return ret;
5036 	}
5037 
5038 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
5039 					rx_ant);
5040 	if (ret) {
5041 		ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
5042 			    ret, rx_ant);
5043 		return ret;
5044 	}
5045 
5046 	/* Reload HT/VHT capability */
5047 	ath10k_mac_setup_ht_vht_cap(ar);
5048 
5049 	return 0;
5050 }
5051 
5052 static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
5053 {
5054 	struct ath10k *ar = hw->priv;
5055 	int ret;
5056 
5057 	mutex_lock(&ar->conf_mutex);
5058 	ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
5059 	mutex_unlock(&ar->conf_mutex);
5060 	return ret;
5061 }
5062 
5063 static int __ath10k_fetch_bb_timing_dt(struct ath10k *ar,
5064 				       struct wmi_bb_timing_cfg_arg *bb_timing)
5065 {
5066 	struct device_node *node;
5067 	const char *fem_name;
5068 	int ret;
5069 
5070 	node = ar->dev->of_node;
5071 	if (!node)
5072 		return -ENOENT;
5073 
5074 	ret = of_property_read_string_index(node, "ext-fem-name", 0, &fem_name);
5075 	if (ret)
5076 		return -ENOENT;
5077 
5078 	/*
5079 	 * If external Front End module used in hardware, then default base band timing
5080 	 * parameter cannot be used since they were fine tuned for reference hardware,
5081 	 * so choosing different value suitable for that external FEM.
5082 	 */
5083 	if (!strcmp("microsemi-lx5586", fem_name)) {
5084 		bb_timing->bb_tx_timing = 0x00;
5085 		bb_timing->bb_xpa_timing = 0x0101;
5086 	} else {
5087 		return -ENOENT;
5088 	}
5089 
5090 	ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot bb_tx_timing 0x%x bb_xpa_timing 0x%x\n",
5091 		   bb_timing->bb_tx_timing, bb_timing->bb_xpa_timing);
5092 	return 0;
5093 }
5094 
5095 static int ath10k_mac_rfkill_config(struct ath10k *ar)
5096 {
5097 	u32 param;
5098 	int ret;
5099 
5100 	if (ar->hw_values->rfkill_pin == 0) {
5101 		ath10k_warn(ar, "ath10k does not support hardware rfkill with this device\n");
5102 		return -EOPNOTSUPP;
5103 	}
5104 
5105 	ath10k_dbg(ar, ATH10K_DBG_MAC,
5106 		   "mac rfkill_pin %d rfkill_cfg %d rfkill_on_level %d",
5107 		   ar->hw_values->rfkill_pin, ar->hw_values->rfkill_cfg,
5108 		   ar->hw_values->rfkill_on_level);
5109 
5110 	param = FIELD_PREP(WMI_TLV_RFKILL_CFG_RADIO_LEVEL,
5111 			   ar->hw_values->rfkill_on_level) |
5112 		FIELD_PREP(WMI_TLV_RFKILL_CFG_GPIO_PIN_NUM,
5113 			   ar->hw_values->rfkill_pin) |
5114 		FIELD_PREP(WMI_TLV_RFKILL_CFG_PIN_AS_GPIO,
5115 			   ar->hw_values->rfkill_cfg);
5116 
5117 	ret = ath10k_wmi_pdev_set_param(ar,
5118 					ar->wmi.pdev_param->rfkill_config,
5119 					param);
5120 	if (ret) {
5121 		ath10k_warn(ar,
5122 			    "failed to set rfkill config 0x%x: %d\n",
5123 			    param, ret);
5124 		return ret;
5125 	}
5126 	return 0;
5127 }
5128 
5129 int ath10k_mac_rfkill_enable_radio(struct ath10k *ar, bool enable)
5130 {
5131 	enum wmi_tlv_rfkill_enable_radio param;
5132 	int ret;
5133 
5134 	if (enable)
5135 		param = WMI_TLV_RFKILL_ENABLE_RADIO_ON;
5136 	else
5137 		param = WMI_TLV_RFKILL_ENABLE_RADIO_OFF;
5138 
5139 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac rfkill enable %d", param);
5140 
5141 	ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rfkill_enable,
5142 					param);
5143 	if (ret) {
5144 		ath10k_warn(ar, "failed to set rfkill enable param %d: %d\n",
5145 			    param, ret);
5146 		return ret;
5147 	}
5148 
5149 	return 0;
5150 }
5151 
5152 static int ath10k_start(struct ieee80211_hw *hw)
5153 {
5154 	struct ath10k *ar = hw->priv;
5155 	u32 param;
5156 	int ret = 0;
5157 	struct wmi_bb_timing_cfg_arg bb_timing = {0};
5158 
5159 	/*
5160 	 * This makes sense only when restarting hw. It is harmless to call
5161 	 * unconditionally. This is necessary to make sure no HTT/WMI tx
5162 	 * commands will be submitted while restarting.
5163 	 */
5164 	ath10k_drain_tx(ar);
5165 
5166 	mutex_lock(&ar->conf_mutex);
5167 
5168 	switch (ar->state) {
5169 	case ATH10K_STATE_OFF:
5170 		ar->state = ATH10K_STATE_ON;
5171 		break;
5172 	case ATH10K_STATE_RESTARTING:
5173 		ar->state = ATH10K_STATE_RESTARTED;
5174 		break;
5175 	case ATH10K_STATE_ON:
5176 	case ATH10K_STATE_RESTARTED:
5177 	case ATH10K_STATE_WEDGED:
5178 		WARN_ON(1);
5179 		ret = -EINVAL;
5180 		goto err;
5181 	case ATH10K_STATE_UTF:
5182 		ret = -EBUSY;
5183 		goto err;
5184 	}
5185 
5186 	spin_lock_bh(&ar->data_lock);
5187 
5188 	if (ar->hw_rfkill_on) {
5189 		ar->hw_rfkill_on = false;
5190 		spin_unlock_bh(&ar->data_lock);
5191 		goto err;
5192 	}
5193 
5194 	spin_unlock_bh(&ar->data_lock);
5195 
5196 	ret = ath10k_hif_power_up(ar, ATH10K_FIRMWARE_MODE_NORMAL);
5197 	if (ret) {
5198 		ath10k_err(ar, "Could not init hif: %d\n", ret);
5199 		goto err_off;
5200 	}
5201 
5202 	ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL,
5203 				&ar->normal_mode_fw);
5204 	if (ret) {
5205 		ath10k_err(ar, "Could not init core: %d\n", ret);
5206 		goto err_power_down;
5207 	}
5208 
5209 	if (ar->sys_cap_info & WMI_TLV_SYS_CAP_INFO_RFKILL) {
5210 		ret = ath10k_mac_rfkill_config(ar);
5211 		if (ret && ret != -EOPNOTSUPP) {
5212 			ath10k_warn(ar, "failed to configure rfkill: %d", ret);
5213 			goto err_core_stop;
5214 		}
5215 	}
5216 
5217 	param = ar->wmi.pdev_param->pmf_qos;
5218 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5219 	if (ret) {
5220 		ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
5221 		goto err_core_stop;
5222 	}
5223 
5224 	param = ar->wmi.pdev_param->dynamic_bw;
5225 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5226 	if (ret) {
5227 		ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
5228 		goto err_core_stop;
5229 	}
5230 
5231 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
5232 		ret = ath10k_wmi_scan_prob_req_oui(ar, ar->mac_addr);
5233 		if (ret) {
5234 			ath10k_err(ar, "failed to set prob req oui: %i\n", ret);
5235 			goto err_core_stop;
5236 		}
5237 	}
5238 
5239 	if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
5240 		ret = ath10k_wmi_adaptive_qcs(ar, true);
5241 		if (ret) {
5242 			ath10k_warn(ar, "failed to enable adaptive qcs: %d\n",
5243 				    ret);
5244 			goto err_core_stop;
5245 		}
5246 	}
5247 
5248 	if (test_bit(WMI_SERVICE_BURST, ar->wmi.svc_map)) {
5249 		param = ar->wmi.pdev_param->burst_enable;
5250 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5251 		if (ret) {
5252 			ath10k_warn(ar, "failed to disable burst: %d\n", ret);
5253 			goto err_core_stop;
5254 		}
5255 	}
5256 
5257 	param = ar->wmi.pdev_param->idle_ps_config;
5258 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5259 	if (ret && ret != -EOPNOTSUPP) {
5260 		ath10k_warn(ar, "failed to enable idle_ps_config: %d\n", ret);
5261 		goto err_core_stop;
5262 	}
5263 
5264 	__ath10k_set_antenna(ar, ar->cfg_tx_chainmask, ar->cfg_rx_chainmask);
5265 
5266 	/*
5267 	 * By default FW set ARP frames ac to voice (6). In that case ARP
5268 	 * exchange is not working properly for UAPSD enabled AP. ARP requests
5269 	 * which arrives with access category 0 are processed by network stack
5270 	 * and send back with access category 0, but FW changes access category
5271 	 * to 6. Set ARP frames access category to best effort (0) solves
5272 	 * this problem.
5273 	 */
5274 
5275 	param = ar->wmi.pdev_param->arp_ac_override;
5276 	ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5277 	if (ret) {
5278 		ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
5279 			    ret);
5280 		goto err_core_stop;
5281 	}
5282 
5283 	if (test_bit(ATH10K_FW_FEATURE_SUPPORTS_ADAPTIVE_CCA,
5284 		     ar->running_fw->fw_file.fw_features)) {
5285 		ret = ath10k_wmi_pdev_enable_adaptive_cca(ar, 1,
5286 							  WMI_CCA_DETECT_LEVEL_AUTO,
5287 							  WMI_CCA_DETECT_MARGIN_AUTO);
5288 		if (ret) {
5289 			ath10k_warn(ar, "failed to enable adaptive cca: %d\n",
5290 				    ret);
5291 			goto err_core_stop;
5292 		}
5293 	}
5294 
5295 	param = ar->wmi.pdev_param->ani_enable;
5296 	ret = ath10k_wmi_pdev_set_param(ar, param, 1);
5297 	if (ret) {
5298 		ath10k_warn(ar, "failed to enable ani by default: %d\n",
5299 			    ret);
5300 		goto err_core_stop;
5301 	}
5302 
5303 	ar->ani_enabled = true;
5304 
5305 	if (ath10k_peer_stats_enabled(ar)) {
5306 		param = ar->wmi.pdev_param->peer_stats_update_period;
5307 		ret = ath10k_wmi_pdev_set_param(ar, param,
5308 						PEER_DEFAULT_STATS_UPDATE_PERIOD);
5309 		if (ret) {
5310 			ath10k_warn(ar,
5311 				    "failed to set peer stats period : %d\n",
5312 				    ret);
5313 			goto err_core_stop;
5314 		}
5315 	}
5316 
5317 	param = ar->wmi.pdev_param->enable_btcoex;
5318 	if (test_bit(WMI_SERVICE_COEX_GPIO, ar->wmi.svc_map) &&
5319 	    test_bit(ATH10K_FW_FEATURE_BTCOEX_PARAM,
5320 		     ar->running_fw->fw_file.fw_features) &&
5321 	    ar->coex_support) {
5322 		ret = ath10k_wmi_pdev_set_param(ar, param, 0);
5323 		if (ret) {
5324 			ath10k_warn(ar,
5325 				    "failed to set btcoex param: %d\n", ret);
5326 			goto err_core_stop;
5327 		}
5328 		clear_bit(ATH10K_FLAG_BTCOEX, &ar->dev_flags);
5329 	}
5330 
5331 	if (test_bit(WMI_SERVICE_BB_TIMING_CONFIG_SUPPORT, ar->wmi.svc_map)) {
5332 		ret = __ath10k_fetch_bb_timing_dt(ar, &bb_timing);
5333 		if (!ret) {
5334 			ret = ath10k_wmi_pdev_bb_timing(ar, &bb_timing);
5335 			if (ret) {
5336 				ath10k_warn(ar,
5337 					    "failed to set bb timings: %d\n",
5338 					    ret);
5339 				goto err_core_stop;
5340 			}
5341 		}
5342 	}
5343 
5344 	ar->num_started_vdevs = 0;
5345 	ath10k_regd_update(ar);
5346 
5347 	ath10k_spectral_start(ar);
5348 	ath10k_thermal_set_throttling(ar);
5349 
5350 	ar->radar_conf_state = ATH10K_RADAR_CONFIRMATION_IDLE;
5351 
5352 	mutex_unlock(&ar->conf_mutex);
5353 	return 0;
5354 
5355 err_core_stop:
5356 	ath10k_core_stop(ar);
5357 
5358 err_power_down:
5359 	ath10k_hif_power_down(ar);
5360 
5361 err_off:
5362 	ar->state = ATH10K_STATE_OFF;
5363 
5364 err:
5365 	mutex_unlock(&ar->conf_mutex);
5366 	return ret;
5367 }
5368 
5369 static void ath10k_stop(struct ieee80211_hw *hw)
5370 {
5371 	struct ath10k *ar = hw->priv;
5372 	u32 opt;
5373 
5374 	ath10k_drain_tx(ar);
5375 
5376 	mutex_lock(&ar->conf_mutex);
5377 	if (ar->state != ATH10K_STATE_OFF) {
5378 		if (!ar->hw_rfkill_on) {
5379 			/* If the current driver state is RESTARTING but not yet
5380 			 * fully RESTARTED because of incoming suspend event,
5381 			 * then ath10k_halt() is already called via
5382 			 * ath10k_core_restart() and should not be called here.
5383 			 */
5384 			if (ar->state != ATH10K_STATE_RESTARTING) {
5385 				ath10k_halt(ar);
5386 			} else {
5387 				/* Suspending here, because when in RESTARTING
5388 				 * state, ath10k_core_stop() skips
5389 				 * ath10k_wait_for_suspend().
5390 				 */
5391 				opt = WMI_PDEV_SUSPEND_AND_DISABLE_INTR;
5392 				ath10k_wait_for_suspend(ar, opt);
5393 			}
5394 		}
5395 		ar->state = ATH10K_STATE_OFF;
5396 	}
5397 	mutex_unlock(&ar->conf_mutex);
5398 
5399 	cancel_work_sync(&ar->set_coverage_class_work);
5400 	cancel_delayed_work_sync(&ar->scan.timeout);
5401 	cancel_work_sync(&ar->restart_work);
5402 }
5403 
5404 static int ath10k_config_ps(struct ath10k *ar)
5405 {
5406 	struct ath10k_vif *arvif;
5407 	int ret = 0;
5408 
5409 	lockdep_assert_held(&ar->conf_mutex);
5410 
5411 	list_for_each_entry(arvif, &ar->arvifs, list) {
5412 		ret = ath10k_mac_vif_setup_ps(arvif);
5413 		if (ret) {
5414 			ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
5415 			break;
5416 		}
5417 	}
5418 
5419 	return ret;
5420 }
5421 
5422 static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
5423 {
5424 	struct ath10k *ar = hw->priv;
5425 	struct ieee80211_conf *conf = &hw->conf;
5426 	int ret = 0;
5427 
5428 	mutex_lock(&ar->conf_mutex);
5429 
5430 	if (changed & IEEE80211_CONF_CHANGE_PS)
5431 		ath10k_config_ps(ar);
5432 
5433 	if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
5434 		ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
5435 		ret = ath10k_monitor_recalc(ar);
5436 		if (ret)
5437 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5438 	}
5439 
5440 	mutex_unlock(&ar->conf_mutex);
5441 	return ret;
5442 }
5443 
5444 static u32 get_nss_from_chainmask(u16 chain_mask)
5445 {
5446 	if ((chain_mask & 0xf) == 0xf)
5447 		return 4;
5448 	else if ((chain_mask & 0x7) == 0x7)
5449 		return 3;
5450 	else if ((chain_mask & 0x3) == 0x3)
5451 		return 2;
5452 	return 1;
5453 }
5454 
5455 static int ath10k_mac_set_txbf_conf(struct ath10k_vif *arvif)
5456 {
5457 	u32 value = 0;
5458 	struct ath10k *ar = arvif->ar;
5459 	int nsts;
5460 	int sound_dim;
5461 
5462 	if (ath10k_wmi_get_txbf_conf_scheme(ar) != WMI_TXBF_CONF_BEFORE_ASSOC)
5463 		return 0;
5464 
5465 	nsts = ath10k_mac_get_vht_cap_bf_sts(ar);
5466 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
5467 				IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE))
5468 		value |= SM(nsts, WMI_TXBF_STS_CAP_OFFSET);
5469 
5470 	sound_dim = ath10k_mac_get_vht_cap_bf_sound_dim(ar);
5471 	if (ar->vht_cap_info & (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
5472 				IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE))
5473 		value |= SM(sound_dim, WMI_BF_SOUND_DIM_OFFSET);
5474 
5475 	if (!value)
5476 		return 0;
5477 
5478 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
5479 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
5480 
5481 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
5482 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFER |
5483 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFER);
5484 
5485 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
5486 		value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
5487 
5488 	if (ar->vht_cap_info & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
5489 		value |= (WMI_VDEV_PARAM_TXBF_MU_TX_BFEE |
5490 			  WMI_VDEV_PARAM_TXBF_SU_TX_BFEE);
5491 
5492 	return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
5493 					 ar->wmi.vdev_param->txbf, value);
5494 }
5495 
5496 static void ath10k_update_vif_offload(struct ieee80211_hw *hw,
5497 				      struct ieee80211_vif *vif)
5498 {
5499 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5500 	struct ath10k *ar = hw->priv;
5501 	u32 vdev_param;
5502 	int ret;
5503 
5504 	if (ath10k_frame_mode != ATH10K_HW_TXRX_ETHERNET ||
5505 	    ar->wmi.vdev_param->tx_encap_type == WMI_VDEV_PARAM_UNSUPPORTED ||
5506 	     (vif->type != NL80211_IFTYPE_STATION &&
5507 	      vif->type != NL80211_IFTYPE_AP))
5508 		vif->offload_flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
5509 
5510 	vdev_param = ar->wmi.vdev_param->tx_encap_type;
5511 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5512 					ATH10K_HW_TXRX_NATIVE_WIFI);
5513 	/* 10.X firmware does not support this VDEV parameter. Do not warn */
5514 	if (ret && ret != -EOPNOTSUPP) {
5515 		ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
5516 			    arvif->vdev_id, ret);
5517 	}
5518 }
5519 
5520 /*
5521  * TODO:
5522  * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
5523  * because we will send mgmt frames without CCK. This requirement
5524  * for P2P_FIND/GO_NEG should be handled by checking CCK flag
5525  * in the TX packet.
5526  */
5527 static int ath10k_add_interface(struct ieee80211_hw *hw,
5528 				struct ieee80211_vif *vif)
5529 {
5530 	struct ath10k *ar = hw->priv;
5531 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5532 	struct ath10k_peer *peer;
5533 	enum wmi_sta_powersave_param param;
5534 	int ret = 0;
5535 	u32 value;
5536 	int bit;
5537 	int i;
5538 	u32 vdev_param;
5539 
5540 	vif->driver_flags |= IEEE80211_VIF_SUPPORTS_UAPSD;
5541 
5542 	mutex_lock(&ar->conf_mutex);
5543 
5544 	memset(arvif, 0, sizeof(*arvif));
5545 	ath10k_mac_txq_init(vif->txq);
5546 
5547 	arvif->ar = ar;
5548 	arvif->vif = vif;
5549 
5550 	INIT_LIST_HEAD(&arvif->list);
5551 	INIT_WORK(&arvif->ap_csa_work, ath10k_mac_vif_ap_csa_work);
5552 	INIT_DELAYED_WORK(&arvif->connection_loss_work,
5553 			  ath10k_mac_vif_sta_connection_loss_work);
5554 
5555 	for (i = 0; i < ARRAY_SIZE(arvif->bitrate_mask.control); i++) {
5556 		arvif->bitrate_mask.control[i].legacy = 0xffffffff;
5557 		memset(arvif->bitrate_mask.control[i].ht_mcs, 0xff,
5558 		       sizeof(arvif->bitrate_mask.control[i].ht_mcs));
5559 		memset(arvif->bitrate_mask.control[i].vht_mcs, 0xff,
5560 		       sizeof(arvif->bitrate_mask.control[i].vht_mcs));
5561 	}
5562 
5563 	if (ar->num_peers >= ar->max_num_peers) {
5564 		ath10k_warn(ar, "refusing vdev creation due to insufficient peer entry resources in firmware\n");
5565 		ret = -ENOBUFS;
5566 		goto err;
5567 	}
5568 
5569 	if (ar->free_vdev_map == 0) {
5570 		ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
5571 		ret = -EBUSY;
5572 		goto err;
5573 	}
5574 	bit = __ffs64(ar->free_vdev_map);
5575 
5576 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
5577 		   bit, ar->free_vdev_map);
5578 
5579 	arvif->vdev_id = bit;
5580 	arvif->vdev_subtype =
5581 		ath10k_wmi_get_vdev_subtype(ar, WMI_VDEV_SUBTYPE_NONE);
5582 
5583 	switch (vif->type) {
5584 	case NL80211_IFTYPE_P2P_DEVICE:
5585 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5586 		arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5587 					(ar, WMI_VDEV_SUBTYPE_P2P_DEVICE);
5588 		break;
5589 	case NL80211_IFTYPE_UNSPECIFIED:
5590 	case NL80211_IFTYPE_STATION:
5591 		arvif->vdev_type = WMI_VDEV_TYPE_STA;
5592 		if (vif->p2p)
5593 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5594 					(ar, WMI_VDEV_SUBTYPE_P2P_CLIENT);
5595 		break;
5596 	case NL80211_IFTYPE_ADHOC:
5597 		arvif->vdev_type = WMI_VDEV_TYPE_IBSS;
5598 		break;
5599 	case NL80211_IFTYPE_MESH_POINT:
5600 		if (test_bit(WMI_SERVICE_MESH_11S, ar->wmi.svc_map)) {
5601 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5602 						(ar, WMI_VDEV_SUBTYPE_MESH_11S);
5603 		} else if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5604 			ret = -EINVAL;
5605 			ath10k_warn(ar, "must load driver with rawmode=1 to add mesh interfaces\n");
5606 			goto err;
5607 		}
5608 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5609 		break;
5610 	case NL80211_IFTYPE_AP:
5611 		arvif->vdev_type = WMI_VDEV_TYPE_AP;
5612 
5613 		if (vif->p2p)
5614 			arvif->vdev_subtype = ath10k_wmi_get_vdev_subtype
5615 						(ar, WMI_VDEV_SUBTYPE_P2P_GO);
5616 		break;
5617 	case NL80211_IFTYPE_MONITOR:
5618 		arvif->vdev_type = WMI_VDEV_TYPE_MONITOR;
5619 		break;
5620 	default:
5621 		WARN_ON(1);
5622 		break;
5623 	}
5624 
5625 	/* Using vdev_id as queue number will make it very easy to do per-vif
5626 	 * tx queue locking. This shouldn't wrap due to interface combinations
5627 	 * but do a modulo for correctness sake and prevent using offchannel tx
5628 	 * queues for regular vif tx.
5629 	 */
5630 	vif->cab_queue = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5631 	for (i = 0; i < ARRAY_SIZE(vif->hw_queue); i++)
5632 		vif->hw_queue[i] = arvif->vdev_id % (IEEE80211_MAX_QUEUES - 1);
5633 
5634 	/* Some firmware revisions don't wait for beacon tx completion before
5635 	 * sending another SWBA event. This could lead to hardware using old
5636 	 * (freed) beacon data in some cases, e.g. tx credit starvation
5637 	 * combined with missed TBTT. This is very rare.
5638 	 *
5639 	 * On non-IOMMU-enabled hosts this could be a possible security issue
5640 	 * because hw could beacon some random data on the air.  On
5641 	 * IOMMU-enabled hosts DMAR faults would occur in most cases and target
5642 	 * device would crash.
5643 	 *
5644 	 * Since there are no beacon tx completions (implicit nor explicit)
5645 	 * propagated to host the only workaround for this is to allocate a
5646 	 * DMA-coherent buffer for a lifetime of a vif and use it for all
5647 	 * beacon tx commands. Worst case for this approach is some beacons may
5648 	 * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
5649 	 */
5650 	if (vif->type == NL80211_IFTYPE_ADHOC ||
5651 	    vif->type == NL80211_IFTYPE_MESH_POINT ||
5652 	    vif->type == NL80211_IFTYPE_AP) {
5653 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {
5654 			arvif->beacon_buf = kmalloc(IEEE80211_MAX_FRAME_LEN,
5655 						    GFP_KERNEL);
5656 
5657 			/* Using a kernel pointer in place of a dma_addr_t
5658 			 * token can lead to undefined behavior if that
5659 			 * makes it into cache management functions. Use a
5660 			 * known-invalid address token instead, which
5661 			 * avoids the warning and makes it easier to catch
5662 			 * bugs if it does end up getting used.
5663 			 */
5664 			arvif->beacon_paddr = DMA_MAPPING_ERROR;
5665 		} else {
5666 			arvif->beacon_buf =
5667 				dma_alloc_coherent(ar->dev,
5668 						   IEEE80211_MAX_FRAME_LEN,
5669 						   &arvif->beacon_paddr,
5670 						   GFP_ATOMIC);
5671 		}
5672 		if (!arvif->beacon_buf) {
5673 			ret = -ENOMEM;
5674 			ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
5675 				    ret);
5676 			goto err;
5677 		}
5678 	}
5679 	if (test_bit(ATH10K_FLAG_HW_CRYPTO_DISABLED, &ar->dev_flags))
5680 		arvif->nohwcrypt = true;
5681 
5682 	if (arvif->nohwcrypt &&
5683 	    !test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags)) {
5684 		ret = -EINVAL;
5685 		ath10k_warn(ar, "cryptmode module param needed for sw crypto\n");
5686 		goto err;
5687 	}
5688 
5689 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
5690 		   arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
5691 		   arvif->beacon_buf ? "single-buf" : "per-skb");
5692 
5693 	ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
5694 				     arvif->vdev_subtype, vif->addr);
5695 	if (ret) {
5696 		ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
5697 			    arvif->vdev_id, ret);
5698 		goto err;
5699 	}
5700 
5701 	if (test_bit(WMI_SERVICE_VDEV_DISABLE_4_ADDR_SRC_LRN_SUPPORT,
5702 		     ar->wmi.svc_map)) {
5703 		vdev_param = ar->wmi.vdev_param->disable_4addr_src_lrn;
5704 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5705 						WMI_VDEV_DISABLE_4_ADDR_SRC_LRN);
5706 		if (ret && ret != -EOPNOTSUPP) {
5707 			ath10k_warn(ar, "failed to disable 4addr src lrn vdev %i: %d\n",
5708 				    arvif->vdev_id, ret);
5709 		}
5710 	}
5711 
5712 	ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
5713 	spin_lock_bh(&ar->data_lock);
5714 	list_add(&arvif->list, &ar->arvifs);
5715 	spin_unlock_bh(&ar->data_lock);
5716 
5717 	/* It makes no sense to have firmware do keepalives. mac80211 already
5718 	 * takes care of this with idle connection polling.
5719 	 */
5720 	ret = ath10k_mac_vif_disable_keepalive(arvif);
5721 	if (ret) {
5722 		ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
5723 			    arvif->vdev_id, ret);
5724 		goto err_vdev_delete;
5725 	}
5726 
5727 	arvif->def_wep_key_idx = -1;
5728 
5729 	ath10k_update_vif_offload(hw, vif);
5730 
5731 	/* Configuring number of spatial stream for monitor interface is causing
5732 	 * target assert in qca9888 and qca6174.
5733 	 */
5734 	if (ar->cfg_tx_chainmask && (vif->type != NL80211_IFTYPE_MONITOR)) {
5735 		u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
5736 
5737 		vdev_param = ar->wmi.vdev_param->nss;
5738 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5739 						nss);
5740 		if (ret) {
5741 			ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
5742 				    arvif->vdev_id, ar->cfg_tx_chainmask, nss,
5743 				    ret);
5744 			goto err_vdev_delete;
5745 		}
5746 	}
5747 
5748 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5749 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5750 		ret = ath10k_peer_create(ar, vif, NULL, arvif->vdev_id,
5751 					 vif->addr, WMI_PEER_TYPE_DEFAULT);
5752 		if (ret) {
5753 			ath10k_warn(ar, "failed to create vdev %i peer for AP/IBSS: %d\n",
5754 				    arvif->vdev_id, ret);
5755 			goto err_vdev_delete;
5756 		}
5757 
5758 		spin_lock_bh(&ar->data_lock);
5759 
5760 		peer = ath10k_peer_find(ar, arvif->vdev_id, vif->addr);
5761 		if (!peer) {
5762 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
5763 				    vif->addr, arvif->vdev_id);
5764 			spin_unlock_bh(&ar->data_lock);
5765 			ret = -ENOENT;
5766 			goto err_peer_delete;
5767 		}
5768 
5769 		arvif->peer_id = find_first_bit(peer->peer_ids,
5770 						ATH10K_MAX_NUM_PEER_IDS);
5771 
5772 		spin_unlock_bh(&ar->data_lock);
5773 	} else {
5774 		arvif->peer_id = HTT_INVALID_PEERID;
5775 	}
5776 
5777 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
5778 		ret = ath10k_mac_set_kickout(arvif);
5779 		if (ret) {
5780 			ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
5781 				    arvif->vdev_id, ret);
5782 			goto err_peer_delete;
5783 		}
5784 	}
5785 
5786 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
5787 		param = WMI_STA_PS_PARAM_RX_WAKE_POLICY;
5788 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
5789 		ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
5790 						  param, value);
5791 		if (ret) {
5792 			ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
5793 				    arvif->vdev_id, ret);
5794 			goto err_peer_delete;
5795 		}
5796 
5797 		ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
5798 		if (ret) {
5799 			ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
5800 				    arvif->vdev_id, ret);
5801 			goto err_peer_delete;
5802 		}
5803 
5804 		ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
5805 		if (ret) {
5806 			ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
5807 				    arvif->vdev_id, ret);
5808 			goto err_peer_delete;
5809 		}
5810 	}
5811 
5812 	ret = ath10k_mac_set_txbf_conf(arvif);
5813 	if (ret) {
5814 		ath10k_warn(ar, "failed to set txbf for vdev %d: %d\n",
5815 			    arvif->vdev_id, ret);
5816 		goto err_peer_delete;
5817 	}
5818 
5819 	ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
5820 	if (ret) {
5821 		ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
5822 			    arvif->vdev_id, ret);
5823 		goto err_peer_delete;
5824 	}
5825 
5826 	arvif->txpower = vif->bss_conf.txpower;
5827 	ret = ath10k_mac_txpower_recalc(ar);
5828 	if (ret) {
5829 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
5830 		goto err_peer_delete;
5831 	}
5832 
5833 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
5834 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
5835 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
5836 						arvif->ftm_responder);
5837 
5838 		/* It is harmless to not set FTM role. Do not warn */
5839 		if (ret && ret != -EOPNOTSUPP)
5840 			ath10k_warn(ar, "failed to set vdev %i FTM Responder: %d\n",
5841 				    arvif->vdev_id, ret);
5842 	}
5843 
5844 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5845 		ar->monitor_arvif = arvif;
5846 		ret = ath10k_monitor_recalc(ar);
5847 		if (ret) {
5848 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5849 			goto err_peer_delete;
5850 		}
5851 	}
5852 
5853 	spin_lock_bh(&ar->htt.tx_lock);
5854 	if (!ar->tx_paused)
5855 		ieee80211_wake_queue(ar->hw, arvif->vdev_id);
5856 	spin_unlock_bh(&ar->htt.tx_lock);
5857 
5858 	mutex_unlock(&ar->conf_mutex);
5859 	return 0;
5860 
5861 err_peer_delete:
5862 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5863 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5864 		ath10k_wmi_peer_delete(ar, arvif->vdev_id, vif->addr);
5865 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5866 						 vif->addr);
5867 	}
5868 
5869 err_vdev_delete:
5870 	ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5871 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5872 	spin_lock_bh(&ar->data_lock);
5873 	list_del(&arvif->list);
5874 	spin_unlock_bh(&ar->data_lock);
5875 
5876 err:
5877 	if (arvif->beacon_buf) {
5878 		if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)
5879 			kfree(arvif->beacon_buf);
5880 		else
5881 			dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
5882 					  arvif->beacon_buf,
5883 					  arvif->beacon_paddr);
5884 		arvif->beacon_buf = NULL;
5885 	}
5886 
5887 	mutex_unlock(&ar->conf_mutex);
5888 
5889 	return ret;
5890 }
5891 
5892 static void ath10k_mac_vif_tx_unlock_all(struct ath10k_vif *arvif)
5893 {
5894 	int i;
5895 
5896 	for (i = 0; i < BITS_PER_LONG; i++)
5897 		ath10k_mac_vif_tx_unlock(arvif, i);
5898 }
5899 
5900 static void ath10k_remove_interface(struct ieee80211_hw *hw,
5901 				    struct ieee80211_vif *vif)
5902 {
5903 	struct ath10k *ar = hw->priv;
5904 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
5905 	struct ath10k_peer *peer;
5906 	unsigned long time_left;
5907 	int ret;
5908 	int i;
5909 
5910 	cancel_work_sync(&arvif->ap_csa_work);
5911 	cancel_delayed_work_sync(&arvif->connection_loss_work);
5912 
5913 	mutex_lock(&ar->conf_mutex);
5914 
5915 	ret = ath10k_spectral_vif_stop(arvif);
5916 	if (ret)
5917 		ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
5918 			    arvif->vdev_id, ret);
5919 
5920 	ar->free_vdev_map |= 1LL << arvif->vdev_id;
5921 	spin_lock_bh(&ar->data_lock);
5922 	list_del(&arvif->list);
5923 	spin_unlock_bh(&ar->data_lock);
5924 
5925 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5926 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5927 		ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
5928 					     vif->addr);
5929 		if (ret)
5930 			ath10k_warn(ar, "failed to submit AP/IBSS self-peer removal on vdev %i: %d\n",
5931 				    arvif->vdev_id, ret);
5932 
5933 		ath10k_wait_for_peer_delete_done(ar, arvif->vdev_id,
5934 						 vif->addr);
5935 		kfree(arvif->u.ap.noa_data);
5936 	}
5937 
5938 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
5939 		   arvif->vdev_id);
5940 
5941 	ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
5942 	if (ret)
5943 		ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
5944 			    arvif->vdev_id, ret);
5945 
5946 	if (test_bit(WMI_SERVICE_SYNC_DELETE_CMDS, ar->wmi.svc_map)) {
5947 		time_left = wait_for_completion_timeout(&ar->vdev_delete_done,
5948 							ATH10K_VDEV_DELETE_TIMEOUT_HZ);
5949 		if (time_left == 0) {
5950 			ath10k_warn(ar, "Timeout in receiving vdev delete response\n");
5951 			goto out;
5952 		}
5953 	}
5954 
5955 	/* Some firmware revisions don't notify host about self-peer removal
5956 	 * until after associated vdev is deleted.
5957 	 */
5958 	if (arvif->vdev_type == WMI_VDEV_TYPE_AP ||
5959 	    arvif->vdev_type == WMI_VDEV_TYPE_IBSS) {
5960 		ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
5961 						   vif->addr);
5962 		if (ret)
5963 			ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
5964 				    arvif->vdev_id, ret);
5965 
5966 		spin_lock_bh(&ar->data_lock);
5967 		ar->num_peers--;
5968 		spin_unlock_bh(&ar->data_lock);
5969 	}
5970 
5971 	spin_lock_bh(&ar->data_lock);
5972 	for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
5973 		peer = ar->peer_map[i];
5974 		if (!peer)
5975 			continue;
5976 
5977 		if (peer->vif == vif) {
5978 			ath10k_warn(ar, "found vif peer %pM entry on vdev %i after it was supposedly removed\n",
5979 				    vif->addr, arvif->vdev_id);
5980 			peer->vif = NULL;
5981 		}
5982 	}
5983 
5984 	/* Clean this up late, less opportunity for firmware to access
5985 	 * DMA memory we have deleted.
5986 	 */
5987 	ath10k_mac_vif_beacon_cleanup(arvif);
5988 	spin_unlock_bh(&ar->data_lock);
5989 
5990 	ath10k_peer_cleanup(ar, arvif->vdev_id);
5991 	ath10k_mac_txq_unref(ar, vif->txq);
5992 
5993 	if (vif->type == NL80211_IFTYPE_MONITOR) {
5994 		ar->monitor_arvif = NULL;
5995 		ret = ath10k_monitor_recalc(ar);
5996 		if (ret)
5997 			ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
5998 	}
5999 
6000 	ret = ath10k_mac_txpower_recalc(ar);
6001 	if (ret)
6002 		ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6003 
6004 	spin_lock_bh(&ar->htt.tx_lock);
6005 	ath10k_mac_vif_tx_unlock_all(arvif);
6006 	spin_unlock_bh(&ar->htt.tx_lock);
6007 
6008 	ath10k_mac_txq_unref(ar, vif->txq);
6009 
6010 out:
6011 	mutex_unlock(&ar->conf_mutex);
6012 }
6013 
6014 /*
6015  * FIXME: Has to be verified.
6016  */
6017 #define SUPPORTED_FILTERS			\
6018 	(FIF_ALLMULTI |				\
6019 	FIF_CONTROL |				\
6020 	FIF_PSPOLL |				\
6021 	FIF_OTHER_BSS |				\
6022 	FIF_BCN_PRBRESP_PROMISC |		\
6023 	FIF_PROBE_REQ |				\
6024 	FIF_FCSFAIL)
6025 
6026 static void ath10k_configure_filter(struct ieee80211_hw *hw,
6027 				    unsigned int changed_flags,
6028 				    unsigned int *total_flags,
6029 				    u64 multicast)
6030 {
6031 	struct ath10k *ar = hw->priv;
6032 	int ret;
6033 
6034 	mutex_lock(&ar->conf_mutex);
6035 
6036 	*total_flags &= SUPPORTED_FILTERS;
6037 	ar->filter_flags = *total_flags;
6038 
6039 	ret = ath10k_monitor_recalc(ar);
6040 	if (ret)
6041 		ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
6042 
6043 	mutex_unlock(&ar->conf_mutex);
6044 }
6045 
6046 static void ath10k_recalculate_mgmt_rate(struct ath10k *ar,
6047 					 struct ieee80211_vif *vif,
6048 					 struct cfg80211_chan_def *def)
6049 {
6050 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6051 	const struct ieee80211_supported_band *sband;
6052 	u8 basic_rate_idx;
6053 	int hw_rate_code;
6054 	u32 vdev_param;
6055 	u16 bitrate;
6056 	int ret;
6057 
6058 	lockdep_assert_held(&ar->conf_mutex);
6059 
6060 	sband = ar->hw->wiphy->bands[def->chan->band];
6061 	basic_rate_idx = ffs(vif->bss_conf.basic_rates) - 1;
6062 	bitrate = sband->bitrates[basic_rate_idx].bitrate;
6063 
6064 	hw_rate_code = ath10k_mac_get_rate_hw_value(bitrate);
6065 	if (hw_rate_code < 0) {
6066 		ath10k_warn(ar, "bitrate not supported %d\n", bitrate);
6067 		return;
6068 	}
6069 
6070 	vdev_param = ar->wmi.vdev_param->mgmt_rate;
6071 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6072 					hw_rate_code);
6073 	if (ret)
6074 		ath10k_warn(ar, "failed to set mgmt tx rate %d\n", ret);
6075 }
6076 
6077 static void ath10k_bss_info_changed(struct ieee80211_hw *hw,
6078 				    struct ieee80211_vif *vif,
6079 				    struct ieee80211_bss_conf *info,
6080 				    u64 changed)
6081 {
6082 	struct ath10k *ar = hw->priv;
6083 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6084 	struct cfg80211_chan_def def;
6085 	u32 vdev_param, pdev_param, slottime, preamble;
6086 	u16 bitrate, hw_value;
6087 	u8 rate, rateidx;
6088 	int ret = 0, mcast_rate;
6089 	enum nl80211_band band;
6090 
6091 	mutex_lock(&ar->conf_mutex);
6092 
6093 	if (changed & BSS_CHANGED_IBSS)
6094 		ath10k_control_ibss(arvif, vif);
6095 
6096 	if (changed & BSS_CHANGED_BEACON_INT) {
6097 		arvif->beacon_interval = info->beacon_int;
6098 		vdev_param = ar->wmi.vdev_param->beacon_interval;
6099 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6100 						arvif->beacon_interval);
6101 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6102 			   "mac vdev %d beacon_interval %d\n",
6103 			   arvif->vdev_id, arvif->beacon_interval);
6104 
6105 		if (ret)
6106 			ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
6107 				    arvif->vdev_id, ret);
6108 	}
6109 
6110 	if (changed & BSS_CHANGED_BEACON) {
6111 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6112 			   "vdev %d set beacon tx mode to staggered\n",
6113 			   arvif->vdev_id);
6114 
6115 		pdev_param = ar->wmi.pdev_param->beacon_tx_mode;
6116 		ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
6117 						WMI_BEACON_STAGGERED_MODE);
6118 		if (ret)
6119 			ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
6120 				    arvif->vdev_id, ret);
6121 
6122 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
6123 		if (ret)
6124 			ath10k_warn(ar, "failed to update beacon template: %d\n",
6125 				    ret);
6126 
6127 		if (ieee80211_vif_is_mesh(vif)) {
6128 			/* mesh doesn't use SSID but firmware needs it */
6129 			strncpy(arvif->u.ap.ssid, "mesh",
6130 				sizeof(arvif->u.ap.ssid));
6131 			arvif->u.ap.ssid_len = 4;
6132 		}
6133 	}
6134 
6135 	if (changed & BSS_CHANGED_AP_PROBE_RESP) {
6136 		ret = ath10k_mac_setup_prb_tmpl(arvif);
6137 		if (ret)
6138 			ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
6139 				    arvif->vdev_id, ret);
6140 	}
6141 
6142 	if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
6143 		arvif->dtim_period = info->dtim_period;
6144 
6145 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6146 			   "mac vdev %d dtim_period %d\n",
6147 			   arvif->vdev_id, arvif->dtim_period);
6148 
6149 		vdev_param = ar->wmi.vdev_param->dtim_period;
6150 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6151 						arvif->dtim_period);
6152 		if (ret)
6153 			ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
6154 				    arvif->vdev_id, ret);
6155 	}
6156 
6157 	if (changed & BSS_CHANGED_SSID &&
6158 	    vif->type == NL80211_IFTYPE_AP) {
6159 		arvif->u.ap.ssid_len = vif->cfg.ssid_len;
6160 		if (vif->cfg.ssid_len)
6161 			memcpy(arvif->u.ap.ssid, vif->cfg.ssid,
6162 			       vif->cfg.ssid_len);
6163 		arvif->u.ap.hidden_ssid = info->hidden_ssid;
6164 	}
6165 
6166 	if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
6167 		ether_addr_copy(arvif->bssid, info->bssid);
6168 
6169 	if (changed & BSS_CHANGED_FTM_RESPONDER &&
6170 	    arvif->ftm_responder != info->ftm_responder &&
6171 	    test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map)) {
6172 		arvif->ftm_responder = info->ftm_responder;
6173 
6174 		vdev_param = ar->wmi.vdev_param->rtt_responder_role;
6175 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6176 						arvif->ftm_responder);
6177 
6178 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6179 			   "mac vdev %d ftm_responder %d:ret %d\n",
6180 			   arvif->vdev_id, arvif->ftm_responder, ret);
6181 	}
6182 
6183 	if (changed & BSS_CHANGED_BEACON_ENABLED)
6184 		ath10k_control_beaconing(arvif, info);
6185 
6186 	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
6187 		arvif->use_cts_prot = info->use_cts_prot;
6188 
6189 		ret = ath10k_recalc_rtscts_prot(arvif);
6190 		if (ret)
6191 			ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
6192 				    arvif->vdev_id, ret);
6193 
6194 		if (ath10k_mac_can_set_cts_prot(arvif)) {
6195 			ret = ath10k_mac_set_cts_prot(arvif);
6196 			if (ret)
6197 				ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
6198 					    arvif->vdev_id, ret);
6199 		}
6200 	}
6201 
6202 	if (changed & BSS_CHANGED_ERP_SLOT) {
6203 		if (info->use_short_slot)
6204 			slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
6205 
6206 		else
6207 			slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
6208 
6209 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
6210 			   arvif->vdev_id, slottime);
6211 
6212 		vdev_param = ar->wmi.vdev_param->slot_time;
6213 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6214 						slottime);
6215 		if (ret)
6216 			ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
6217 				    arvif->vdev_id, ret);
6218 	}
6219 
6220 	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
6221 		if (info->use_short_preamble)
6222 			preamble = WMI_VDEV_PREAMBLE_SHORT;
6223 		else
6224 			preamble = WMI_VDEV_PREAMBLE_LONG;
6225 
6226 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6227 			   "mac vdev %d preamble %dn",
6228 			   arvif->vdev_id, preamble);
6229 
6230 		vdev_param = ar->wmi.vdev_param->preamble;
6231 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6232 						preamble);
6233 		if (ret)
6234 			ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
6235 				    arvif->vdev_id, ret);
6236 	}
6237 
6238 	if (changed & BSS_CHANGED_ASSOC) {
6239 		if (vif->cfg.assoc) {
6240 			/* Workaround: Make sure monitor vdev is not running
6241 			 * when associating to prevent some firmware revisions
6242 			 * (e.g. 10.1 and 10.2) from crashing.
6243 			 */
6244 			if (ar->monitor_started)
6245 				ath10k_monitor_stop(ar);
6246 			ath10k_bss_assoc(hw, vif, info);
6247 			ath10k_monitor_recalc(ar);
6248 		} else {
6249 			ath10k_bss_disassoc(hw, vif);
6250 		}
6251 	}
6252 
6253 	if (changed & BSS_CHANGED_TXPOWER) {
6254 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
6255 			   arvif->vdev_id, info->txpower);
6256 
6257 		arvif->txpower = info->txpower;
6258 		ret = ath10k_mac_txpower_recalc(ar);
6259 		if (ret)
6260 			ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
6261 	}
6262 
6263 	if (changed & BSS_CHANGED_PS) {
6264 		arvif->ps = vif->cfg.ps;
6265 
6266 		ret = ath10k_config_ps(ar);
6267 		if (ret)
6268 			ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
6269 				    arvif->vdev_id, ret);
6270 	}
6271 
6272 	if (changed & BSS_CHANGED_MCAST_RATE &&
6273 	    !ath10k_mac_vif_chan(arvif->vif, &def)) {
6274 		band = def.chan->band;
6275 		mcast_rate = vif->bss_conf.mcast_rate[band];
6276 		if (mcast_rate > 0)
6277 			rateidx = mcast_rate - 1;
6278 		else
6279 			rateidx = ffs(vif->bss_conf.basic_rates) - 1;
6280 
6281 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6282 			rateidx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6283 
6284 		bitrate = ath10k_wmi_legacy_rates[rateidx].bitrate;
6285 		hw_value = ath10k_wmi_legacy_rates[rateidx].hw_value;
6286 		if (ath10k_mac_bitrate_is_cck(bitrate))
6287 			preamble = WMI_RATE_PREAMBLE_CCK;
6288 		else
6289 			preamble = WMI_RATE_PREAMBLE_OFDM;
6290 
6291 		rate = ATH10K_HW_RATECODE(hw_value, 0, preamble);
6292 
6293 		ath10k_dbg(ar, ATH10K_DBG_MAC,
6294 			   "mac vdev %d mcast_rate %x\n",
6295 			   arvif->vdev_id, rate);
6296 
6297 		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
6298 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6299 						vdev_param, rate);
6300 		if (ret)
6301 			ath10k_warn(ar,
6302 				    "failed to set mcast rate on vdev %i: %d\n",
6303 				    arvif->vdev_id,  ret);
6304 
6305 		vdev_param = ar->wmi.vdev_param->bcast_data_rate;
6306 		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
6307 						vdev_param, rate);
6308 		if (ret)
6309 			ath10k_warn(ar,
6310 				    "failed to set bcast rate on vdev %i: %d\n",
6311 				    arvif->vdev_id,  ret);
6312 	}
6313 
6314 	if (changed & BSS_CHANGED_BASIC_RATES &&
6315 	    !ath10k_mac_vif_chan(arvif->vif, &def))
6316 		ath10k_recalculate_mgmt_rate(ar, vif, &def);
6317 
6318 	mutex_unlock(&ar->conf_mutex);
6319 }
6320 
6321 static void ath10k_mac_op_set_coverage_class(struct ieee80211_hw *hw, s16 value)
6322 {
6323 	struct ath10k *ar = hw->priv;
6324 
6325 	/* This function should never be called if setting the coverage class
6326 	 * is not supported on this hardware.
6327 	 */
6328 	if (!ar->hw_params.hw_ops->set_coverage_class) {
6329 		WARN_ON_ONCE(1);
6330 		return;
6331 	}
6332 	ar->hw_params.hw_ops->set_coverage_class(ar, value);
6333 }
6334 
6335 struct ath10k_mac_tdls_iter_data {
6336 	u32 num_tdls_stations;
6337 	struct ieee80211_vif *curr_vif;
6338 };
6339 
6340 static void ath10k_mac_tdls_vif_stations_count_iter(void *data,
6341 						    struct ieee80211_sta *sta)
6342 {
6343 	struct ath10k_mac_tdls_iter_data *iter_data = data;
6344 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
6345 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
6346 
6347 	if (sta->tdls && sta_vif == iter_data->curr_vif)
6348 		iter_data->num_tdls_stations++;
6349 }
6350 
6351 static int ath10k_mac_tdls_vif_stations_count(struct ieee80211_hw *hw,
6352 					      struct ieee80211_vif *vif)
6353 {
6354 	struct ath10k_mac_tdls_iter_data data = {};
6355 
6356 	data.curr_vif = vif;
6357 
6358 	ieee80211_iterate_stations_atomic(hw,
6359 					  ath10k_mac_tdls_vif_stations_count_iter,
6360 					  &data);
6361 	return data.num_tdls_stations;
6362 }
6363 
6364 static int ath10k_hw_scan(struct ieee80211_hw *hw,
6365 			  struct ieee80211_vif *vif,
6366 			  struct ieee80211_scan_request *hw_req)
6367 {
6368 	struct ath10k *ar = hw->priv;
6369 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6370 	struct cfg80211_scan_request *req = &hw_req->req;
6371 	struct wmi_start_scan_arg arg;
6372 	int ret = 0;
6373 	int i;
6374 	u32 scan_timeout;
6375 
6376 	mutex_lock(&ar->conf_mutex);
6377 
6378 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
6379 		ret = -EBUSY;
6380 		goto exit;
6381 	}
6382 
6383 	spin_lock_bh(&ar->data_lock);
6384 	switch (ar->scan.state) {
6385 	case ATH10K_SCAN_IDLE:
6386 		reinit_completion(&ar->scan.started);
6387 		reinit_completion(&ar->scan.completed);
6388 		ar->scan.state = ATH10K_SCAN_STARTING;
6389 		ar->scan.is_roc = false;
6390 		ar->scan.vdev_id = arvif->vdev_id;
6391 		ret = 0;
6392 		break;
6393 	case ATH10K_SCAN_STARTING:
6394 	case ATH10K_SCAN_RUNNING:
6395 	case ATH10K_SCAN_ABORTING:
6396 		ret = -EBUSY;
6397 		break;
6398 	}
6399 	spin_unlock_bh(&ar->data_lock);
6400 
6401 	if (ret)
6402 		goto exit;
6403 
6404 	memset(&arg, 0, sizeof(arg));
6405 	ath10k_wmi_start_scan_init(ar, &arg);
6406 	arg.vdev_id = arvif->vdev_id;
6407 	arg.scan_id = ATH10K_SCAN_ID;
6408 
6409 	if (req->ie_len) {
6410 		arg.ie_len = req->ie_len;
6411 		memcpy(arg.ie, req->ie, arg.ie_len);
6412 	}
6413 
6414 	if (req->n_ssids) {
6415 		arg.n_ssids = req->n_ssids;
6416 		for (i = 0; i < arg.n_ssids; i++) {
6417 			arg.ssids[i].len  = req->ssids[i].ssid_len;
6418 			arg.ssids[i].ssid = req->ssids[i].ssid;
6419 		}
6420 	} else {
6421 		arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
6422 	}
6423 
6424 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6425 		arg.scan_ctrl_flags |=  WMI_SCAN_ADD_SPOOFED_MAC_IN_PROBE_REQ;
6426 		ether_addr_copy(arg.mac_addr.addr, req->mac_addr);
6427 		ether_addr_copy(arg.mac_mask.addr, req->mac_addr_mask);
6428 	}
6429 
6430 	if (req->n_channels) {
6431 		arg.n_channels = req->n_channels;
6432 		for (i = 0; i < arg.n_channels; i++)
6433 			arg.channels[i] = req->channels[i]->center_freq;
6434 	}
6435 
6436 	/* if duration is set, default dwell times will be overwritten */
6437 	if (req->duration) {
6438 		arg.dwell_time_active = req->duration;
6439 		arg.dwell_time_passive = req->duration;
6440 		arg.burst_duration_ms = req->duration;
6441 
6442 		scan_timeout = min_t(u32, arg.max_rest_time *
6443 				(arg.n_channels - 1) + (req->duration +
6444 				ATH10K_SCAN_CHANNEL_SWITCH_WMI_EVT_OVERHEAD) *
6445 				arg.n_channels, arg.max_scan_time);
6446 	} else {
6447 		scan_timeout = arg.max_scan_time;
6448 	}
6449 
6450 	/* Add a 200ms margin to account for event/command processing */
6451 	scan_timeout += 200;
6452 
6453 	ret = ath10k_start_scan(ar, &arg);
6454 	if (ret) {
6455 		ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
6456 		spin_lock_bh(&ar->data_lock);
6457 		ar->scan.state = ATH10K_SCAN_IDLE;
6458 		spin_unlock_bh(&ar->data_lock);
6459 	}
6460 
6461 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
6462 				     msecs_to_jiffies(scan_timeout));
6463 
6464 exit:
6465 	mutex_unlock(&ar->conf_mutex);
6466 	return ret;
6467 }
6468 
6469 static void ath10k_cancel_hw_scan(struct ieee80211_hw *hw,
6470 				  struct ieee80211_vif *vif)
6471 {
6472 	struct ath10k *ar = hw->priv;
6473 
6474 	mutex_lock(&ar->conf_mutex);
6475 	ath10k_scan_abort(ar);
6476 	mutex_unlock(&ar->conf_mutex);
6477 
6478 	cancel_delayed_work_sync(&ar->scan.timeout);
6479 }
6480 
6481 static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
6482 					struct ath10k_vif *arvif,
6483 					enum set_key_cmd cmd,
6484 					struct ieee80211_key_conf *key)
6485 {
6486 	u32 vdev_param = arvif->ar->wmi.vdev_param->def_keyid;
6487 	int ret;
6488 
6489 	/* 10.1 firmware branch requires default key index to be set to group
6490 	 * key index after installing it. Otherwise FW/HW Txes corrupted
6491 	 * frames with multi-vif APs. This is not required for main firmware
6492 	 * branch (e.g. 636).
6493 	 *
6494 	 * This is also needed for 636 fw for IBSS-RSN to work more reliably.
6495 	 *
6496 	 * FIXME: It remains unknown if this is required for multi-vif STA
6497 	 * interfaces on 10.1.
6498 	 */
6499 
6500 	if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
6501 	    arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
6502 		return;
6503 
6504 	if (key->cipher == WLAN_CIPHER_SUITE_WEP40)
6505 		return;
6506 
6507 	if (key->cipher == WLAN_CIPHER_SUITE_WEP104)
6508 		return;
6509 
6510 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6511 		return;
6512 
6513 	if (cmd != SET_KEY)
6514 		return;
6515 
6516 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
6517 					key->keyidx);
6518 	if (ret)
6519 		ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
6520 			    arvif->vdev_id, ret);
6521 }
6522 
6523 static int ath10k_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd,
6524 			  struct ieee80211_vif *vif, struct ieee80211_sta *sta,
6525 			  struct ieee80211_key_conf *key)
6526 {
6527 	struct ath10k *ar = hw->priv;
6528 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6529 	struct ath10k_sta *arsta;
6530 	struct ath10k_peer *peer;
6531 	const u8 *peer_addr;
6532 	bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
6533 		      key->cipher == WLAN_CIPHER_SUITE_WEP104;
6534 	int ret = 0;
6535 	int ret2;
6536 	u32 flags = 0;
6537 	u32 flags2;
6538 
6539 	/* this one needs to be done in software */
6540 	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC ||
6541 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 ||
6542 	    key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256 ||
6543 	    key->cipher == WLAN_CIPHER_SUITE_BIP_CMAC_256)
6544 		return 1;
6545 
6546 	if (arvif->nohwcrypt)
6547 		return 1;
6548 
6549 	if (key->keyidx > WMI_MAX_KEY_INDEX)
6550 		return -ENOSPC;
6551 
6552 	mutex_lock(&ar->conf_mutex);
6553 
6554 	if (sta) {
6555 		arsta = (struct ath10k_sta *)sta->drv_priv;
6556 		peer_addr = sta->addr;
6557 		spin_lock_bh(&ar->data_lock);
6558 		arsta->ucast_cipher = key->cipher;
6559 		spin_unlock_bh(&ar->data_lock);
6560 	} else if (arvif->vdev_type == WMI_VDEV_TYPE_STA) {
6561 		peer_addr = vif->bss_conf.bssid;
6562 	} else {
6563 		peer_addr = vif->addr;
6564 	}
6565 
6566 	key->hw_key_idx = key->keyidx;
6567 
6568 	if (is_wep) {
6569 		if (cmd == SET_KEY)
6570 			arvif->wep_keys[key->keyidx] = key;
6571 		else
6572 			arvif->wep_keys[key->keyidx] = NULL;
6573 	}
6574 
6575 	/* the peer should not disappear in mid-way (unless FW goes awry) since
6576 	 * we already hold conf_mutex. we just make sure its there now.
6577 	 */
6578 	spin_lock_bh(&ar->data_lock);
6579 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6580 	spin_unlock_bh(&ar->data_lock);
6581 
6582 	if (!peer) {
6583 		if (cmd == SET_KEY) {
6584 			ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
6585 				    peer_addr);
6586 			ret = -EOPNOTSUPP;
6587 			goto exit;
6588 		} else {
6589 			/* if the peer doesn't exist there is no key to disable anymore */
6590 			goto exit;
6591 		}
6592 	}
6593 
6594 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE)
6595 		flags |= WMI_KEY_PAIRWISE;
6596 	else
6597 		flags |= WMI_KEY_GROUP;
6598 
6599 	if (is_wep) {
6600 		if (cmd == DISABLE_KEY)
6601 			ath10k_clear_vdev_key(arvif, key);
6602 
6603 		/* When WEP keys are uploaded it's possible that there are
6604 		 * stations associated already (e.g. when merging) without any
6605 		 * keys. Static WEP needs an explicit per-peer key upload.
6606 		 */
6607 		if (vif->type == NL80211_IFTYPE_ADHOC &&
6608 		    cmd == SET_KEY)
6609 			ath10k_mac_vif_update_wep_key(arvif, key);
6610 
6611 		/* 802.1x never sets the def_wep_key_idx so each set_key()
6612 		 * call changes default tx key.
6613 		 *
6614 		 * Static WEP sets def_wep_key_idx via .set_default_unicast_key
6615 		 * after first set_key().
6616 		 */
6617 		if (cmd == SET_KEY && arvif->def_wep_key_idx == -1)
6618 			flags |= WMI_KEY_TX_USAGE;
6619 	}
6620 
6621 	ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags);
6622 	if (ret) {
6623 		WARN_ON(ret > 0);
6624 		ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
6625 			    arvif->vdev_id, peer_addr, ret);
6626 		goto exit;
6627 	}
6628 
6629 	/* mac80211 sets static WEP keys as groupwise while firmware requires
6630 	 * them to be installed twice as both pairwise and groupwise.
6631 	 */
6632 	if (is_wep && !sta && vif->type == NL80211_IFTYPE_STATION) {
6633 		flags2 = flags;
6634 		flags2 &= ~WMI_KEY_GROUP;
6635 		flags2 |= WMI_KEY_PAIRWISE;
6636 
6637 		ret = ath10k_install_key(arvif, key, cmd, peer_addr, flags2);
6638 		if (ret) {
6639 			WARN_ON(ret > 0);
6640 			ath10k_warn(ar, "failed to install (ucast) key for vdev %i peer %pM: %d\n",
6641 				    arvif->vdev_id, peer_addr, ret);
6642 			ret2 = ath10k_install_key(arvif, key, DISABLE_KEY,
6643 						  peer_addr, flags);
6644 			if (ret2) {
6645 				WARN_ON(ret2 > 0);
6646 				ath10k_warn(ar, "failed to disable (mcast) key for vdev %i peer %pM: %d\n",
6647 					    arvif->vdev_id, peer_addr, ret2);
6648 			}
6649 			goto exit;
6650 		}
6651 	}
6652 
6653 	ath10k_set_key_h_def_keyidx(ar, arvif, cmd, key);
6654 
6655 	spin_lock_bh(&ar->data_lock);
6656 	peer = ath10k_peer_find(ar, arvif->vdev_id, peer_addr);
6657 	if (peer && cmd == SET_KEY)
6658 		peer->keys[key->keyidx] = key;
6659 	else if (peer && cmd == DISABLE_KEY)
6660 		peer->keys[key->keyidx] = NULL;
6661 	else if (peer == NULL)
6662 		/* impossible unless FW goes crazy */
6663 		ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
6664 	spin_unlock_bh(&ar->data_lock);
6665 
6666 	if (sta && sta->tdls)
6667 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6668 					  ar->wmi.peer_param->authorize, 1);
6669 	else if (sta && cmd == SET_KEY && (key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
6670 		ath10k_wmi_peer_set_param(ar, arvif->vdev_id, peer_addr,
6671 					  ar->wmi.peer_param->authorize, 1);
6672 
6673 exit:
6674 	mutex_unlock(&ar->conf_mutex);
6675 	return ret;
6676 }
6677 
6678 static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
6679 					   struct ieee80211_vif *vif,
6680 					   int keyidx)
6681 {
6682 	struct ath10k *ar = hw->priv;
6683 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6684 	int ret;
6685 
6686 	mutex_lock(&arvif->ar->conf_mutex);
6687 
6688 	if (arvif->ar->state != ATH10K_STATE_ON)
6689 		goto unlock;
6690 
6691 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
6692 		   arvif->vdev_id, keyidx);
6693 
6694 	ret = ath10k_wmi_vdev_set_param(arvif->ar,
6695 					arvif->vdev_id,
6696 					arvif->ar->wmi.vdev_param->def_keyid,
6697 					keyidx);
6698 
6699 	if (ret) {
6700 		ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
6701 			    arvif->vdev_id,
6702 			    ret);
6703 		goto unlock;
6704 	}
6705 
6706 	arvif->def_wep_key_idx = keyidx;
6707 
6708 unlock:
6709 	mutex_unlock(&arvif->ar->conf_mutex);
6710 }
6711 
6712 static void ath10k_sta_rc_update_wk(struct work_struct *wk)
6713 {
6714 	struct ath10k *ar;
6715 	struct ath10k_vif *arvif;
6716 	struct ath10k_sta *arsta;
6717 	struct ieee80211_sta *sta;
6718 	struct cfg80211_chan_def def;
6719 	enum nl80211_band band;
6720 	const u8 *ht_mcs_mask;
6721 	const u16 *vht_mcs_mask;
6722 	u32 changed, bw, nss, smps;
6723 	int err;
6724 
6725 	arsta = container_of(wk, struct ath10k_sta, update_wk);
6726 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
6727 	arvif = arsta->arvif;
6728 	ar = arvif->ar;
6729 
6730 	if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
6731 		return;
6732 
6733 	band = def.chan->band;
6734 	ht_mcs_mask = arvif->bitrate_mask.control[band].ht_mcs;
6735 	vht_mcs_mask = arvif->bitrate_mask.control[band].vht_mcs;
6736 
6737 	spin_lock_bh(&ar->data_lock);
6738 
6739 	changed = arsta->changed;
6740 	arsta->changed = 0;
6741 
6742 	bw = arsta->bw;
6743 	nss = arsta->nss;
6744 	smps = arsta->smps;
6745 
6746 	spin_unlock_bh(&ar->data_lock);
6747 
6748 	mutex_lock(&ar->conf_mutex);
6749 
6750 	nss = max_t(u32, 1, nss);
6751 	nss = min(nss, max(ath10k_mac_max_ht_nss(ht_mcs_mask),
6752 			   ath10k_mac_max_vht_nss(vht_mcs_mask)));
6753 
6754 	if (changed & IEEE80211_RC_BW_CHANGED) {
6755 		enum wmi_phy_mode mode;
6756 
6757 		mode = chan_to_phymode(&def);
6758 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM peer bw %d phymode %d\n",
6759 			   sta->addr, bw, mode);
6760 
6761 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6762 						ar->wmi.peer_param->phymode, mode);
6763 		if (err) {
6764 			ath10k_warn(ar, "failed to update STA %pM peer phymode %d: %d\n",
6765 				    sta->addr, mode, err);
6766 			goto exit;
6767 		}
6768 
6769 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6770 						ar->wmi.peer_param->chan_width, bw);
6771 		if (err)
6772 			ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
6773 				    sta->addr, bw, err);
6774 	}
6775 
6776 	if (changed & IEEE80211_RC_NSS_CHANGED) {
6777 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM nss %d\n",
6778 			   sta->addr, nss);
6779 
6780 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6781 						ar->wmi.peer_param->nss, nss);
6782 		if (err)
6783 			ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
6784 				    sta->addr, nss, err);
6785 	}
6786 
6787 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
6788 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM smps %d\n",
6789 			   sta->addr, smps);
6790 
6791 		err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6792 						ar->wmi.peer_param->smps_state, smps);
6793 		if (err)
6794 			ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
6795 				    sta->addr, smps, err);
6796 	}
6797 
6798 	if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
6799 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac update sta %pM supp rates\n",
6800 			   sta->addr);
6801 
6802 		err = ath10k_station_assoc(ar, arvif->vif, sta, true);
6803 		if (err)
6804 			ath10k_warn(ar, "failed to reassociate station: %pM\n",
6805 				    sta->addr);
6806 	}
6807 
6808 exit:
6809 	mutex_unlock(&ar->conf_mutex);
6810 }
6811 
6812 static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif,
6813 				       struct ieee80211_sta *sta)
6814 {
6815 	struct ath10k *ar = arvif->ar;
6816 
6817 	lockdep_assert_held(&ar->conf_mutex);
6818 
6819 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6820 		return 0;
6821 
6822 	if (ar->num_stations >= ar->max_num_stations)
6823 		return -ENOBUFS;
6824 
6825 	ar->num_stations++;
6826 
6827 	return 0;
6828 }
6829 
6830 static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif,
6831 					struct ieee80211_sta *sta)
6832 {
6833 	struct ath10k *ar = arvif->ar;
6834 
6835 	lockdep_assert_held(&ar->conf_mutex);
6836 
6837 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA && !sta->tdls)
6838 		return;
6839 
6840 	ar->num_stations--;
6841 }
6842 
6843 static int ath10k_sta_set_txpwr(struct ieee80211_hw *hw,
6844 				struct ieee80211_vif *vif,
6845 				struct ieee80211_sta *sta)
6846 {
6847 	struct ath10k *ar = hw->priv;
6848 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
6849 	int ret = 0;
6850 	s16 txpwr;
6851 
6852 	if (sta->deflink.txpwr.type == NL80211_TX_POWER_AUTOMATIC) {
6853 		txpwr = 0;
6854 	} else {
6855 		txpwr = sta->deflink.txpwr.power;
6856 		if (!txpwr)
6857 			return -EINVAL;
6858 	}
6859 
6860 	if (txpwr > ATH10K_TX_POWER_MAX_VAL || txpwr < ATH10K_TX_POWER_MIN_VAL)
6861 		return -EINVAL;
6862 
6863 	mutex_lock(&ar->conf_mutex);
6864 
6865 	ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
6866 					ar->wmi.peer_param->use_fixed_power, txpwr);
6867 	if (ret) {
6868 		ath10k_warn(ar, "failed to set tx power for station ret: %d\n",
6869 			    ret);
6870 		goto out;
6871 	}
6872 
6873 out:
6874 	mutex_unlock(&ar->conf_mutex);
6875 	return ret;
6876 }
6877 
6878 struct ath10k_mac_iter_tid_conf_data {
6879 	struct ieee80211_vif *curr_vif;
6880 	struct ath10k *ar;
6881 	bool reset_config;
6882 };
6883 
6884 static bool
6885 ath10k_mac_bitrate_mask_has_single_rate(struct ath10k *ar,
6886 					enum nl80211_band band,
6887 					const struct cfg80211_bitrate_mask *mask,
6888 					int *vht_num_rates)
6889 {
6890 	int num_rates = 0;
6891 	int i, tmp;
6892 
6893 	num_rates += hweight32(mask->control[band].legacy);
6894 
6895 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++)
6896 		num_rates += hweight8(mask->control[band].ht_mcs[i]);
6897 
6898 	*vht_num_rates = 0;
6899 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6900 		tmp = hweight16(mask->control[band].vht_mcs[i]);
6901 		num_rates += tmp;
6902 		*vht_num_rates += tmp;
6903 	}
6904 
6905 	return num_rates == 1;
6906 }
6907 
6908 static int
6909 ath10k_mac_bitrate_mask_get_single_rate(struct ath10k *ar,
6910 					enum nl80211_band band,
6911 					const struct cfg80211_bitrate_mask *mask,
6912 					u8 *rate, u8 *nss, bool vht_only)
6913 {
6914 	int rate_idx;
6915 	int i;
6916 	u16 bitrate;
6917 	u8 preamble;
6918 	u8 hw_rate;
6919 
6920 	if (vht_only)
6921 		goto next;
6922 
6923 	if (hweight32(mask->control[band].legacy) == 1) {
6924 		rate_idx = ffs(mask->control[band].legacy) - 1;
6925 
6926 		if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY)
6927 			rate_idx += ATH10K_MAC_FIRST_OFDM_RATE_IDX;
6928 
6929 		hw_rate = ath10k_wmi_legacy_rates[rate_idx].hw_value;
6930 		bitrate = ath10k_wmi_legacy_rates[rate_idx].bitrate;
6931 
6932 		if (ath10k_mac_bitrate_is_cck(bitrate))
6933 			preamble = WMI_RATE_PREAMBLE_CCK;
6934 		else
6935 			preamble = WMI_RATE_PREAMBLE_OFDM;
6936 
6937 		*nss = 1;
6938 		*rate = preamble << 6 |
6939 			(*nss - 1) << 4 |
6940 			hw_rate << 0;
6941 
6942 		return 0;
6943 	}
6944 
6945 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
6946 		if (hweight8(mask->control[band].ht_mcs[i]) == 1) {
6947 			*nss = i + 1;
6948 			*rate = WMI_RATE_PREAMBLE_HT << 6 |
6949 				(*nss - 1) << 4 |
6950 				(ffs(mask->control[band].ht_mcs[i]) - 1);
6951 
6952 			return 0;
6953 		}
6954 	}
6955 
6956 next:
6957 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
6958 		if (hweight16(mask->control[band].vht_mcs[i]) == 1) {
6959 			*nss = i + 1;
6960 			*rate = WMI_RATE_PREAMBLE_VHT << 6 |
6961 				(*nss - 1) << 4 |
6962 				(ffs(mask->control[band].vht_mcs[i]) - 1);
6963 
6964 			return 0;
6965 		}
6966 	}
6967 
6968 	return -EINVAL;
6969 }
6970 
6971 static int ath10k_mac_validate_rate_mask(struct ath10k *ar,
6972 					 struct ieee80211_sta *sta,
6973 					 u32 rate_ctrl_flag, u8 nss)
6974 {
6975 	struct ieee80211_sta_ht_cap *ht_cap = &sta->deflink.ht_cap;
6976 	struct ieee80211_sta_vht_cap *vht_cap = &sta->deflink.vht_cap;
6977 
6978 	if (nss > sta->deflink.rx_nss) {
6979 		ath10k_warn(ar, "Invalid nss field, configured %u limit %u\n",
6980 			    nss, sta->deflink.rx_nss);
6981 		return -EINVAL;
6982 	}
6983 
6984 	if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_VHT) {
6985 		if (!vht_cap->vht_supported) {
6986 			ath10k_warn(ar, "Invalid VHT rate for sta %pM\n",
6987 				    sta->addr);
6988 			return -EINVAL;
6989 		}
6990 	} else if (ATH10K_HW_PREAMBLE(rate_ctrl_flag) == WMI_RATE_PREAMBLE_HT) {
6991 		if (!ht_cap->ht_supported || vht_cap->vht_supported) {
6992 			ath10k_warn(ar, "Invalid HT rate for sta %pM\n",
6993 				    sta->addr);
6994 			return -EINVAL;
6995 		}
6996 	} else {
6997 		if (ht_cap->ht_supported || vht_cap->vht_supported)
6998 			return -EINVAL;
6999 	}
7000 
7001 	return 0;
7002 }
7003 
7004 static int
7005 ath10k_mac_tid_bitrate_config(struct ath10k *ar,
7006 			      struct ieee80211_vif *vif,
7007 			      struct ieee80211_sta *sta,
7008 			      u32 *rate_ctrl_flag, u8 *rate_ctrl,
7009 			      enum nl80211_tx_rate_setting txrate_type,
7010 			      const struct cfg80211_bitrate_mask *mask)
7011 {
7012 	struct cfg80211_chan_def def;
7013 	enum nl80211_band band;
7014 	u8 nss, rate;
7015 	int vht_num_rates, ret;
7016 
7017 	if (WARN_ON(ath10k_mac_vif_chan(vif, &def)))
7018 		return -EINVAL;
7019 
7020 	if (txrate_type == NL80211_TX_RATE_AUTOMATIC) {
7021 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7022 		*rate_ctrl_flag = 0;
7023 		return 0;
7024 	}
7025 
7026 	band = def.chan->band;
7027 
7028 	if (!ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
7029 						     &vht_num_rates)) {
7030 		return -EINVAL;
7031 	}
7032 
7033 	ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
7034 						      &rate, &nss, false);
7035 	if (ret) {
7036 		ath10k_warn(ar, "failed to get single rate: %d\n",
7037 			    ret);
7038 		return ret;
7039 	}
7040 
7041 	*rate_ctrl_flag = rate;
7042 
7043 	if (sta && ath10k_mac_validate_rate_mask(ar, sta, *rate_ctrl_flag, nss))
7044 		return -EINVAL;
7045 
7046 	if (txrate_type == NL80211_TX_RATE_FIXED)
7047 		*rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_FIXED_RATE;
7048 	else if (txrate_type == NL80211_TX_RATE_LIMITED &&
7049 		 (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
7050 			   ar->wmi.svc_map)))
7051 		*rate_ctrl = WMI_PEER_TID_CONFIG_RATE_UPPER_CAP;
7052 	else
7053 		return -EOPNOTSUPP;
7054 
7055 	return 0;
7056 }
7057 
7058 static int ath10k_mac_set_tid_config(struct ath10k *ar, struct ieee80211_sta *sta,
7059 				     struct ieee80211_vif *vif, u32 changed,
7060 				     struct wmi_per_peer_per_tid_cfg_arg *arg)
7061 {
7062 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7063 	struct ath10k_sta *arsta;
7064 	int ret;
7065 
7066 	if (sta) {
7067 		if (!sta->wme)
7068 			return -ENOTSUPP;
7069 
7070 		arsta = (struct ath10k_sta *)sta->drv_priv;
7071 
7072 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7073 			if ((arsta->retry_long[arg->tid] > 0 ||
7074 			     arsta->rate_code[arg->tid] > 0 ||
7075 			     arsta->ampdu[arg->tid] ==
7076 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7077 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7078 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7079 				arg->ack_policy = 0;
7080 				arg->aggr_control = 0;
7081 				arg->rate_ctrl = 0;
7082 				arg->rcode_flags = 0;
7083 			}
7084 		}
7085 
7086 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7087 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7088 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7089 				arg->aggr_control = 0;
7090 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7091 			}
7092 		}
7093 
7094 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7095 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7096 			if (arsta->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK ||
7097 			    arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7098 				arg->rate_ctrl = 0;
7099 				arg->rcode_flags = 0;
7100 			}
7101 		}
7102 
7103 		ether_addr_copy(arg->peer_macaddr.addr, sta->addr);
7104 
7105 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, arg);
7106 		if (ret)
7107 			return ret;
7108 
7109 		/* Store the configured parameters in success case */
7110 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7111 			arsta->noack[arg->tid] = arg->ack_policy;
7112 			arg->ack_policy = 0;
7113 			arg->aggr_control = 0;
7114 			arg->rate_ctrl = 0;
7115 			arg->rcode_flags = 0;
7116 		}
7117 
7118 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7119 			arsta->retry_long[arg->tid] = arg->retry_count;
7120 			arg->retry_count = 0;
7121 		}
7122 
7123 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7124 			arsta->ampdu[arg->tid] = arg->aggr_control;
7125 			arg->aggr_control = 0;
7126 		}
7127 
7128 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7129 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7130 			arsta->rate_ctrl[arg->tid] = arg->rate_ctrl;
7131 			arg->rate_ctrl = 0;
7132 			arg->rcode_flags = 0;
7133 		}
7134 
7135 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7136 			arsta->rtscts[arg->tid] = arg->rtscts_ctrl;
7137 			arg->ext_tid_cfg_bitmap = 0;
7138 		}
7139 	} else {
7140 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7141 			if ((arvif->retry_long[arg->tid] ||
7142 			     arvif->rate_code[arg->tid] ||
7143 			     arvif->ampdu[arg->tid] ==
7144 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE) &&
7145 			     arg->ack_policy == WMI_PEER_TID_CONFIG_NOACK) {
7146 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_NOACK);
7147 			} else {
7148 				arvif->noack[arg->tid] = arg->ack_policy;
7149 				arvif->ampdu[arg->tid] = arg->aggr_control;
7150 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7151 			}
7152 		}
7153 
7154 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7155 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7156 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
7157 			else
7158 				arvif->retry_long[arg->tid] = arg->retry_count;
7159 		}
7160 
7161 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7162 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK)
7163 				changed &= ~BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
7164 			else
7165 				arvif->ampdu[arg->tid] = arg->aggr_control;
7166 		}
7167 
7168 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7169 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7170 			if (arvif->noack[arg->tid] == WMI_PEER_TID_CONFIG_NOACK) {
7171 				changed &= ~(BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7172 					     BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE));
7173 			} else {
7174 				arvif->rate_ctrl[arg->tid] = arg->rate_ctrl;
7175 				arvif->rate_code[arg->tid] = arg->rcode_flags;
7176 			}
7177 		}
7178 
7179 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7180 			arvif->rtscts[arg->tid] = arg->rtscts_ctrl;
7181 			arg->ext_tid_cfg_bitmap = 0;
7182 		}
7183 
7184 		if (changed)
7185 			arvif->tid_conf_changed[arg->tid] |= changed;
7186 	}
7187 
7188 	return 0;
7189 }
7190 
7191 static int
7192 ath10k_mac_parse_tid_config(struct ath10k *ar,
7193 			    struct ieee80211_sta *sta,
7194 			    struct ieee80211_vif *vif,
7195 			    struct cfg80211_tid_cfg *tid_conf,
7196 			    struct wmi_per_peer_per_tid_cfg_arg *arg)
7197 {
7198 	u32 changed = tid_conf->mask;
7199 	int ret = 0, i = 0;
7200 
7201 	if (!changed)
7202 		return -EINVAL;
7203 
7204 	while (i < ATH10K_TID_MAX) {
7205 		if (!(tid_conf->tids & BIT(i))) {
7206 			i++;
7207 			continue;
7208 		}
7209 
7210 		arg->tid = i;
7211 
7212 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7213 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE) {
7214 				arg->ack_policy = WMI_PEER_TID_CONFIG_NOACK;
7215 				arg->rate_ctrl =
7216 				WMI_TID_CONFIG_RATE_CONTROL_DEFAULT_LOWEST_RATE;
7217 				arg->aggr_control =
7218 					WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7219 			} else {
7220 				arg->ack_policy =
7221 					WMI_PEER_TID_CONFIG_ACK;
7222 				arg->rate_ctrl =
7223 					WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7224 				arg->aggr_control =
7225 					WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7226 			}
7227 		}
7228 
7229 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG))
7230 			arg->retry_count = tid_conf->retry_long;
7231 
7232 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7233 			if (tid_conf->noack == NL80211_TID_CONFIG_ENABLE)
7234 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7235 			else
7236 				arg->aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_DISABLE;
7237 		}
7238 
7239 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7240 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7241 			ret = ath10k_mac_tid_bitrate_config(ar, vif, sta,
7242 							    &arg->rcode_flags,
7243 							    &arg->rate_ctrl,
7244 							    tid_conf->txrate_type,
7245 							&tid_conf->txrate_mask);
7246 			if (ret) {
7247 				ath10k_warn(ar, "failed to configure bitrate mask %d\n",
7248 					    ret);
7249 				arg->rcode_flags = 0;
7250 				arg->rate_ctrl = 0;
7251 			}
7252 		}
7253 
7254 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7255 			if (tid_conf->rtscts)
7256 				arg->rtscts_ctrl = tid_conf->rtscts;
7257 
7258 			arg->ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7259 		}
7260 
7261 		ret = ath10k_mac_set_tid_config(ar, sta, vif, changed, arg);
7262 		if (ret)
7263 			return ret;
7264 		i++;
7265 	}
7266 
7267 	return ret;
7268 }
7269 
7270 static int ath10k_mac_reset_tid_config(struct ath10k *ar,
7271 				       struct ieee80211_sta *sta,
7272 				       struct ath10k_vif *arvif,
7273 				       u8 tids)
7274 {
7275 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7276 	struct wmi_per_peer_per_tid_cfg_arg arg;
7277 	int ret = 0, i = 0;
7278 
7279 	arg.vdev_id = arvif->vdev_id;
7280 	while (i < ATH10K_TID_MAX) {
7281 		if (!(tids & BIT(i))) {
7282 			i++;
7283 			continue;
7284 		}
7285 
7286 		arg.tid = i;
7287 		arg.ack_policy = WMI_PEER_TID_CONFIG_ACK;
7288 		arg.retry_count = ATH10K_MAX_RETRY_COUNT;
7289 		arg.rate_ctrl = WMI_TID_CONFIG_RATE_CONTROL_AUTO;
7290 		arg.aggr_control = WMI_TID_CONFIG_AGGR_CONTROL_ENABLE;
7291 		arg.rtscts_ctrl = WMI_TID_CONFIG_RTSCTS_CONTROL_ENABLE;
7292 		arg.ext_tid_cfg_bitmap = WMI_EXT_TID_RTS_CTS_CONFIG;
7293 
7294 		ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7295 
7296 		ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7297 		if (ret)
7298 			return ret;
7299 
7300 		if (!arvif->tids_rst) {
7301 			arsta->retry_long[i] = -1;
7302 			arsta->noack[i] = -1;
7303 			arsta->ampdu[i] = -1;
7304 			arsta->rate_code[i] = -1;
7305 			arsta->rate_ctrl[i] = 0;
7306 			arsta->rtscts[i] = -1;
7307 		} else {
7308 			arvif->retry_long[i] = 0;
7309 			arvif->noack[i] = 0;
7310 			arvif->ampdu[i] = 0;
7311 			arvif->rate_code[i] = 0;
7312 			arvif->rate_ctrl[i] = 0;
7313 			arvif->rtscts[i] = 0;
7314 		}
7315 
7316 		i++;
7317 	}
7318 
7319 	return ret;
7320 }
7321 
7322 static void ath10k_sta_tid_cfg_wk(struct work_struct *wk)
7323 {
7324 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
7325 	struct ieee80211_sta *sta;
7326 	struct ath10k_sta *arsta;
7327 	struct ath10k_vif *arvif;
7328 	struct ath10k *ar;
7329 	bool config_apply;
7330 	int ret, i;
7331 	u32 changed;
7332 	u8 nss;
7333 
7334 	arsta = container_of(wk, struct ath10k_sta, tid_config_wk);
7335 	sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
7336 	arvif = arsta->arvif;
7337 	ar = arvif->ar;
7338 
7339 	mutex_lock(&ar->conf_mutex);
7340 
7341 	if (arvif->tids_rst) {
7342 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif,
7343 						  arvif->tids_rst);
7344 		goto exit;
7345 	}
7346 
7347 	ether_addr_copy(arg.peer_macaddr.addr, sta->addr);
7348 
7349 	for (i = 0; i < ATH10K_TID_MAX; i++) {
7350 		config_apply = false;
7351 		changed = arvif->tid_conf_changed[i];
7352 
7353 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_NOACK)) {
7354 			if (arsta->noack[i] != -1) {
7355 				arg.ack_policy  = 0;
7356 			} else {
7357 				config_apply = true;
7358 				arg.ack_policy = arvif->noack[i];
7359 				arg.aggr_control = arvif->ampdu[i];
7360 				arg.rate_ctrl = arvif->rate_ctrl[i];
7361 			}
7362 		}
7363 
7364 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG)) {
7365 			if (arsta->retry_long[i] != -1 ||
7366 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7367 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7368 				arg.retry_count = 0;
7369 			} else {
7370 				arg.retry_count = arvif->retry_long[i];
7371 				config_apply = true;
7372 			}
7373 		}
7374 
7375 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
7376 			if (arsta->ampdu[i] != -1 ||
7377 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7378 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7379 				arg.aggr_control = 0;
7380 			} else {
7381 				arg.aggr_control = arvif->ampdu[i];
7382 				config_apply = true;
7383 			}
7384 		}
7385 
7386 		if (changed & (BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
7387 		    BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE))) {
7388 			nss = ATH10K_HW_NSS(arvif->rate_code[i]);
7389 			ret = ath10k_mac_validate_rate_mask(ar, sta,
7390 							    arvif->rate_code[i],
7391 							    nss);
7392 			if (ret &&
7393 			    arvif->rate_ctrl[i] > WMI_TID_CONFIG_RATE_CONTROL_AUTO) {
7394 				arg.rate_ctrl = 0;
7395 				arg.rcode_flags = 0;
7396 			}
7397 
7398 			if (arsta->rate_ctrl[i] >
7399 			    WMI_TID_CONFIG_RATE_CONTROL_AUTO ||
7400 			    arsta->noack[i] == WMI_PEER_TID_CONFIG_NOACK ||
7401 			    arvif->noack[i] == WMI_PEER_TID_CONFIG_NOACK) {
7402 				arg.rate_ctrl = 0;
7403 				arg.rcode_flags = 0;
7404 			} else {
7405 				arg.rate_ctrl = arvif->rate_ctrl[i];
7406 				arg.rcode_flags = arvif->rate_code[i];
7407 				config_apply = true;
7408 			}
7409 		}
7410 
7411 		if (changed & BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL)) {
7412 			if (arsta->rtscts[i]) {
7413 				arg.rtscts_ctrl = 0;
7414 				arg.ext_tid_cfg_bitmap = 0;
7415 			} else {
7416 				arg.rtscts_ctrl = arvif->rtscts[i] - 1;
7417 				arg.ext_tid_cfg_bitmap =
7418 					WMI_EXT_TID_RTS_CTS_CONFIG;
7419 				config_apply = true;
7420 			}
7421 		}
7422 
7423 		arg.tid = i;
7424 
7425 		if (config_apply) {
7426 			ret = ath10k_wmi_set_per_peer_per_tid_cfg(ar, &arg);
7427 			if (ret)
7428 				ath10k_warn(ar, "failed to set per tid config for sta %pM: %d\n",
7429 					    sta->addr, ret);
7430 		}
7431 
7432 		arg.ack_policy  = 0;
7433 		arg.retry_count  = 0;
7434 		arg.aggr_control  = 0;
7435 		arg.rate_ctrl = 0;
7436 		arg.rcode_flags = 0;
7437 	}
7438 
7439 exit:
7440 	mutex_unlock(&ar->conf_mutex);
7441 }
7442 
7443 static void ath10k_mac_vif_stations_tid_conf(void *data,
7444 					     struct ieee80211_sta *sta)
7445 {
7446 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7447 	struct ath10k_mac_iter_tid_conf_data *iter_data = data;
7448 	struct ieee80211_vif *sta_vif = arsta->arvif->vif;
7449 
7450 	if (sta_vif != iter_data->curr_vif || !sta->wme)
7451 		return;
7452 
7453 	ieee80211_queue_work(iter_data->ar->hw, &arsta->tid_config_wk);
7454 }
7455 
7456 static int ath10k_sta_state(struct ieee80211_hw *hw,
7457 			    struct ieee80211_vif *vif,
7458 			    struct ieee80211_sta *sta,
7459 			    enum ieee80211_sta_state old_state,
7460 			    enum ieee80211_sta_state new_state)
7461 {
7462 	struct ath10k *ar = hw->priv;
7463 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7464 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
7465 	struct ath10k_peer *peer;
7466 	int ret = 0;
7467 	int i;
7468 
7469 	if (old_state == IEEE80211_STA_NOTEXIST &&
7470 	    new_state == IEEE80211_STA_NONE) {
7471 		memset(arsta, 0, sizeof(*arsta));
7472 		arsta->arvif = arvif;
7473 		arsta->peer_ps_state = WMI_PEER_PS_STATE_DISABLED;
7474 		INIT_WORK(&arsta->update_wk, ath10k_sta_rc_update_wk);
7475 		INIT_WORK(&arsta->tid_config_wk, ath10k_sta_tid_cfg_wk);
7476 
7477 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7478 			ath10k_mac_txq_init(sta->txq[i]);
7479 	}
7480 
7481 	/* cancel must be done outside the mutex to avoid deadlock */
7482 	if ((old_state == IEEE80211_STA_NONE &&
7483 	     new_state == IEEE80211_STA_NOTEXIST)) {
7484 		cancel_work_sync(&arsta->update_wk);
7485 		cancel_work_sync(&arsta->tid_config_wk);
7486 	}
7487 
7488 	mutex_lock(&ar->conf_mutex);
7489 
7490 	if (old_state == IEEE80211_STA_NOTEXIST &&
7491 	    new_state == IEEE80211_STA_NONE) {
7492 		/*
7493 		 * New station addition.
7494 		 */
7495 		enum wmi_peer_type peer_type = WMI_PEER_TYPE_DEFAULT;
7496 		u32 num_tdls_stations;
7497 
7498 		ath10k_dbg(ar, ATH10K_DBG_STA,
7499 			   "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
7500 			   arvif->vdev_id, sta->addr,
7501 			   ar->num_stations + 1, ar->max_num_stations,
7502 			   ar->num_peers + 1, ar->max_num_peers);
7503 
7504 		num_tdls_stations = ath10k_mac_tdls_vif_stations_count(hw, vif);
7505 
7506 		if (sta->tdls) {
7507 			if (num_tdls_stations >= ar->max_num_tdls_vdevs) {
7508 				ath10k_warn(ar, "vdev %i exceeded maximum number of tdls vdevs %i\n",
7509 					    arvif->vdev_id,
7510 					    ar->max_num_tdls_vdevs);
7511 				ret = -ELNRNG;
7512 				goto exit;
7513 			}
7514 			peer_type = WMI_PEER_TYPE_TDLS;
7515 		}
7516 
7517 		ret = ath10k_mac_inc_num_stations(arvif, sta);
7518 		if (ret) {
7519 			ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
7520 				    ar->max_num_stations);
7521 			goto exit;
7522 		}
7523 
7524 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7525 			arsta->tx_stats = kzalloc(sizeof(*arsta->tx_stats),
7526 						  GFP_KERNEL);
7527 			if (!arsta->tx_stats) {
7528 				ath10k_mac_dec_num_stations(arvif, sta);
7529 				ret = -ENOMEM;
7530 				goto exit;
7531 			}
7532 		}
7533 
7534 		ret = ath10k_peer_create(ar, vif, sta, arvif->vdev_id,
7535 					 sta->addr, peer_type);
7536 		if (ret) {
7537 			ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
7538 				    sta->addr, arvif->vdev_id, ret);
7539 			ath10k_mac_dec_num_stations(arvif, sta);
7540 			kfree(arsta->tx_stats);
7541 			goto exit;
7542 		}
7543 
7544 		spin_lock_bh(&ar->data_lock);
7545 
7546 		peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
7547 		if (!peer) {
7548 			ath10k_warn(ar, "failed to lookup peer %pM on vdev %i\n",
7549 				    vif->addr, arvif->vdev_id);
7550 			spin_unlock_bh(&ar->data_lock);
7551 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7552 			ath10k_mac_dec_num_stations(arvif, sta);
7553 			kfree(arsta->tx_stats);
7554 			ret = -ENOENT;
7555 			goto exit;
7556 		}
7557 
7558 		arsta->peer_id = find_first_bit(peer->peer_ids,
7559 						ATH10K_MAX_NUM_PEER_IDS);
7560 
7561 		spin_unlock_bh(&ar->data_lock);
7562 
7563 		if (!sta->tdls)
7564 			goto exit;
7565 
7566 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7567 						      WMI_TDLS_ENABLE_ACTIVE);
7568 		if (ret) {
7569 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7570 				    arvif->vdev_id, ret);
7571 			ath10k_peer_delete(ar, arvif->vdev_id,
7572 					   sta->addr);
7573 			ath10k_mac_dec_num_stations(arvif, sta);
7574 			kfree(arsta->tx_stats);
7575 			goto exit;
7576 		}
7577 
7578 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7579 						  WMI_TDLS_PEER_STATE_PEERING);
7580 		if (ret) {
7581 			ath10k_warn(ar,
7582 				    "failed to update tdls peer %pM for vdev %d when adding a new sta: %i\n",
7583 				    sta->addr, arvif->vdev_id, ret);
7584 			ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7585 			ath10k_mac_dec_num_stations(arvif, sta);
7586 			kfree(arsta->tx_stats);
7587 
7588 			if (num_tdls_stations != 0)
7589 				goto exit;
7590 			ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7591 							WMI_TDLS_DISABLE);
7592 		}
7593 	} else if ((old_state == IEEE80211_STA_NONE &&
7594 		    new_state == IEEE80211_STA_NOTEXIST)) {
7595 		/*
7596 		 * Existing station deletion.
7597 		 */
7598 		ath10k_dbg(ar, ATH10K_DBG_STA,
7599 			   "mac vdev %d peer delete %pM sta %pK (sta gone)\n",
7600 			   arvif->vdev_id, sta->addr, sta);
7601 
7602 		if (sta->tdls) {
7603 			ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id,
7604 							  sta,
7605 							  WMI_TDLS_PEER_STATE_TEARDOWN);
7606 			if (ret)
7607 				ath10k_warn(ar, "failed to update tdls peer state for %pM state %d: %i\n",
7608 					    sta->addr,
7609 					    WMI_TDLS_PEER_STATE_TEARDOWN, ret);
7610 		}
7611 
7612 		ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
7613 		if (ret)
7614 			ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
7615 				    sta->addr, arvif->vdev_id, ret);
7616 
7617 		ath10k_mac_dec_num_stations(arvif, sta);
7618 
7619 		spin_lock_bh(&ar->data_lock);
7620 		for (i = 0; i < ARRAY_SIZE(ar->peer_map); i++) {
7621 			peer = ar->peer_map[i];
7622 			if (!peer)
7623 				continue;
7624 
7625 			if (peer->sta == sta) {
7626 				ath10k_warn(ar, "found sta peer %pM (ptr %pK id %d) entry on vdev %i after it was supposedly removed\n",
7627 					    sta->addr, peer, i, arvif->vdev_id);
7628 				peer->sta = NULL;
7629 
7630 				/* Clean up the peer object as well since we
7631 				 * must have failed to do this above.
7632 				 */
7633 				ath10k_peer_map_cleanup(ar, peer);
7634 			}
7635 		}
7636 		spin_unlock_bh(&ar->data_lock);
7637 
7638 		if (ath10k_debug_is_extd_tx_stats_enabled(ar)) {
7639 			kfree(arsta->tx_stats);
7640 			arsta->tx_stats = NULL;
7641 		}
7642 
7643 		for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
7644 			ath10k_mac_txq_unref(ar, sta->txq[i]);
7645 
7646 		if (!sta->tdls)
7647 			goto exit;
7648 
7649 		if (ath10k_mac_tdls_vif_stations_count(hw, vif))
7650 			goto exit;
7651 
7652 		/* This was the last tdls peer in current vif */
7653 		ret = ath10k_wmi_update_fw_tdls_state(ar, arvif->vdev_id,
7654 						      WMI_TDLS_DISABLE);
7655 		if (ret) {
7656 			ath10k_warn(ar, "failed to update fw tdls state on vdev %i: %i\n",
7657 				    arvif->vdev_id, ret);
7658 		}
7659 	} else if (old_state == IEEE80211_STA_AUTH &&
7660 		   new_state == IEEE80211_STA_ASSOC &&
7661 		   (vif->type == NL80211_IFTYPE_AP ||
7662 		    vif->type == NL80211_IFTYPE_MESH_POINT ||
7663 		    vif->type == NL80211_IFTYPE_ADHOC)) {
7664 		/*
7665 		 * New association.
7666 		 */
7667 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM associated\n",
7668 			   sta->addr);
7669 
7670 		ret = ath10k_station_assoc(ar, vif, sta, false);
7671 		if (ret)
7672 			ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
7673 				    sta->addr, arvif->vdev_id, ret);
7674 	} else if (old_state == IEEE80211_STA_ASSOC &&
7675 		   new_state == IEEE80211_STA_AUTHORIZED &&
7676 		   sta->tdls) {
7677 		/*
7678 		 * Tdls station authorized.
7679 		 */
7680 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac tdls sta %pM authorized\n",
7681 			   sta->addr);
7682 
7683 		ret = ath10k_station_assoc(ar, vif, sta, false);
7684 		if (ret) {
7685 			ath10k_warn(ar, "failed to associate tdls station %pM for vdev %i: %i\n",
7686 				    sta->addr, arvif->vdev_id, ret);
7687 			goto exit;
7688 		}
7689 
7690 		ret = ath10k_mac_tdls_peer_update(ar, arvif->vdev_id, sta,
7691 						  WMI_TDLS_PEER_STATE_CONNECTED);
7692 		if (ret)
7693 			ath10k_warn(ar, "failed to update tdls peer %pM for vdev %i: %i\n",
7694 				    sta->addr, arvif->vdev_id, ret);
7695 	} else if (old_state == IEEE80211_STA_ASSOC &&
7696 		    new_state == IEEE80211_STA_AUTH &&
7697 		    (vif->type == NL80211_IFTYPE_AP ||
7698 		     vif->type == NL80211_IFTYPE_MESH_POINT ||
7699 		     vif->type == NL80211_IFTYPE_ADHOC)) {
7700 		/*
7701 		 * Disassociation.
7702 		 */
7703 		ath10k_dbg(ar, ATH10K_DBG_STA, "mac sta %pM disassociated\n",
7704 			   sta->addr);
7705 
7706 		ret = ath10k_station_disassoc(ar, vif, sta);
7707 		if (ret)
7708 			ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
7709 				    sta->addr, arvif->vdev_id, ret);
7710 	}
7711 exit:
7712 	mutex_unlock(&ar->conf_mutex);
7713 	return ret;
7714 }
7715 
7716 static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
7717 				u16 ac, bool enable)
7718 {
7719 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7720 	struct wmi_sta_uapsd_auto_trig_arg arg = {};
7721 	u32 prio = 0, acc = 0;
7722 	u32 value = 0;
7723 	int ret = 0;
7724 
7725 	lockdep_assert_held(&ar->conf_mutex);
7726 
7727 	if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
7728 		return 0;
7729 
7730 	switch (ac) {
7731 	case IEEE80211_AC_VO:
7732 		value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
7733 			WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
7734 		prio = 7;
7735 		acc = 3;
7736 		break;
7737 	case IEEE80211_AC_VI:
7738 		value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
7739 			WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
7740 		prio = 5;
7741 		acc = 2;
7742 		break;
7743 	case IEEE80211_AC_BE:
7744 		value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
7745 			WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
7746 		prio = 2;
7747 		acc = 1;
7748 		break;
7749 	case IEEE80211_AC_BK:
7750 		value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
7751 			WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
7752 		prio = 0;
7753 		acc = 0;
7754 		break;
7755 	}
7756 
7757 	if (enable)
7758 		arvif->u.sta.uapsd |= value;
7759 	else
7760 		arvif->u.sta.uapsd &= ~value;
7761 
7762 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7763 					  WMI_STA_PS_PARAM_UAPSD,
7764 					  arvif->u.sta.uapsd);
7765 	if (ret) {
7766 		ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
7767 		goto exit;
7768 	}
7769 
7770 	if (arvif->u.sta.uapsd)
7771 		value = WMI_STA_PS_RX_WAKE_POLICY_POLL_UAPSD;
7772 	else
7773 		value = WMI_STA_PS_RX_WAKE_POLICY_WAKE;
7774 
7775 	ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
7776 					  WMI_STA_PS_PARAM_RX_WAKE_POLICY,
7777 					  value);
7778 	if (ret)
7779 		ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
7780 
7781 	ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
7782 	if (ret) {
7783 		ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
7784 			    arvif->vdev_id, ret);
7785 		return ret;
7786 	}
7787 
7788 	ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
7789 	if (ret) {
7790 		ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
7791 			    arvif->vdev_id, ret);
7792 		return ret;
7793 	}
7794 
7795 	if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
7796 	    test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
7797 		/* Only userspace can make an educated decision when to send
7798 		 * trigger frame. The following effectively disables u-UAPSD
7799 		 * autotrigger in firmware (which is enabled by default
7800 		 * provided the autotrigger service is available).
7801 		 */
7802 
7803 		arg.wmm_ac = acc;
7804 		arg.user_priority = prio;
7805 		arg.service_interval = 0;
7806 		arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7807 		arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
7808 
7809 		ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
7810 						arvif->bssid, &arg, 1);
7811 		if (ret) {
7812 			ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
7813 				    ret);
7814 			return ret;
7815 		}
7816 	}
7817 
7818 exit:
7819 	return ret;
7820 }
7821 
7822 static int ath10k_conf_tx(struct ieee80211_hw *hw,
7823 			  struct ieee80211_vif *vif,
7824 			  unsigned int link_id, u16 ac,
7825 			  const struct ieee80211_tx_queue_params *params)
7826 {
7827 	struct ath10k *ar = hw->priv;
7828 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7829 	struct wmi_wmm_params_arg *p = NULL;
7830 	int ret;
7831 
7832 	mutex_lock(&ar->conf_mutex);
7833 
7834 	switch (ac) {
7835 	case IEEE80211_AC_VO:
7836 		p = &arvif->wmm_params.ac_vo;
7837 		break;
7838 	case IEEE80211_AC_VI:
7839 		p = &arvif->wmm_params.ac_vi;
7840 		break;
7841 	case IEEE80211_AC_BE:
7842 		p = &arvif->wmm_params.ac_be;
7843 		break;
7844 	case IEEE80211_AC_BK:
7845 		p = &arvif->wmm_params.ac_bk;
7846 		break;
7847 	}
7848 
7849 	if (WARN_ON(!p)) {
7850 		ret = -EINVAL;
7851 		goto exit;
7852 	}
7853 
7854 	p->cwmin = params->cw_min;
7855 	p->cwmax = params->cw_max;
7856 	p->aifs = params->aifs;
7857 
7858 	/*
7859 	 * The channel time duration programmed in the HW is in absolute
7860 	 * microseconds, while mac80211 gives the txop in units of
7861 	 * 32 microseconds.
7862 	 */
7863 	p->txop = params->txop * 32;
7864 
7865 	if (ar->wmi.ops->gen_vdev_wmm_conf) {
7866 		ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
7867 					       &arvif->wmm_params);
7868 		if (ret) {
7869 			ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
7870 				    arvif->vdev_id, ret);
7871 			goto exit;
7872 		}
7873 	} else {
7874 		/* This won't work well with multi-interface cases but it's
7875 		 * better than nothing.
7876 		 */
7877 		ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
7878 		if (ret) {
7879 			ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
7880 			goto exit;
7881 		}
7882 	}
7883 
7884 	ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
7885 	if (ret)
7886 		ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
7887 
7888 exit:
7889 	mutex_unlock(&ar->conf_mutex);
7890 	return ret;
7891 }
7892 
7893 static int ath10k_remain_on_channel(struct ieee80211_hw *hw,
7894 				    struct ieee80211_vif *vif,
7895 				    struct ieee80211_channel *chan,
7896 				    int duration,
7897 				    enum ieee80211_roc_type type)
7898 {
7899 	struct ath10k *ar = hw->priv;
7900 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
7901 	struct wmi_start_scan_arg arg;
7902 	int ret = 0;
7903 	u32 scan_time_msec;
7904 
7905 	mutex_lock(&ar->conf_mutex);
7906 
7907 	if (ath10k_mac_tdls_vif_stations_count(hw, vif) > 0) {
7908 		ret = -EBUSY;
7909 		goto exit;
7910 	}
7911 
7912 	spin_lock_bh(&ar->data_lock);
7913 	switch (ar->scan.state) {
7914 	case ATH10K_SCAN_IDLE:
7915 		reinit_completion(&ar->scan.started);
7916 		reinit_completion(&ar->scan.completed);
7917 		reinit_completion(&ar->scan.on_channel);
7918 		ar->scan.state = ATH10K_SCAN_STARTING;
7919 		ar->scan.is_roc = true;
7920 		ar->scan.vdev_id = arvif->vdev_id;
7921 		ar->scan.roc_freq = chan->center_freq;
7922 		ar->scan.roc_notify = true;
7923 		ret = 0;
7924 		break;
7925 	case ATH10K_SCAN_STARTING:
7926 	case ATH10K_SCAN_RUNNING:
7927 	case ATH10K_SCAN_ABORTING:
7928 		ret = -EBUSY;
7929 		break;
7930 	}
7931 	spin_unlock_bh(&ar->data_lock);
7932 
7933 	if (ret)
7934 		goto exit;
7935 
7936 	scan_time_msec = ar->hw->wiphy->max_remain_on_channel_duration * 2;
7937 
7938 	memset(&arg, 0, sizeof(arg));
7939 	ath10k_wmi_start_scan_init(ar, &arg);
7940 	arg.vdev_id = arvif->vdev_id;
7941 	arg.scan_id = ATH10K_SCAN_ID;
7942 	arg.n_channels = 1;
7943 	arg.channels[0] = chan->center_freq;
7944 	arg.dwell_time_active = scan_time_msec;
7945 	arg.dwell_time_passive = scan_time_msec;
7946 	arg.max_scan_time = scan_time_msec;
7947 	arg.scan_ctrl_flags |= WMI_SCAN_FLAG_PASSIVE;
7948 	arg.scan_ctrl_flags |= WMI_SCAN_FILTER_PROBE_REQ;
7949 	arg.burst_duration_ms = duration;
7950 
7951 	ret = ath10k_start_scan(ar, &arg);
7952 	if (ret) {
7953 		ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
7954 		spin_lock_bh(&ar->data_lock);
7955 		ar->scan.state = ATH10K_SCAN_IDLE;
7956 		spin_unlock_bh(&ar->data_lock);
7957 		goto exit;
7958 	}
7959 
7960 	ret = wait_for_completion_timeout(&ar->scan.on_channel, 3 * HZ);
7961 	if (ret == 0) {
7962 		ath10k_warn(ar, "failed to switch to channel for roc scan\n");
7963 
7964 		ret = ath10k_scan_stop(ar);
7965 		if (ret)
7966 			ath10k_warn(ar, "failed to stop scan: %d\n", ret);
7967 
7968 		ret = -ETIMEDOUT;
7969 		goto exit;
7970 	}
7971 
7972 	ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
7973 				     msecs_to_jiffies(duration));
7974 
7975 	ret = 0;
7976 exit:
7977 	mutex_unlock(&ar->conf_mutex);
7978 	return ret;
7979 }
7980 
7981 static int ath10k_cancel_remain_on_channel(struct ieee80211_hw *hw,
7982 					   struct ieee80211_vif *vif)
7983 {
7984 	struct ath10k *ar = hw->priv;
7985 
7986 	mutex_lock(&ar->conf_mutex);
7987 
7988 	spin_lock_bh(&ar->data_lock);
7989 	ar->scan.roc_notify = false;
7990 	spin_unlock_bh(&ar->data_lock);
7991 
7992 	ath10k_scan_abort(ar);
7993 
7994 	mutex_unlock(&ar->conf_mutex);
7995 
7996 	cancel_delayed_work_sync(&ar->scan.timeout);
7997 
7998 	return 0;
7999 }
8000 
8001 /*
8002  * Both RTS and Fragmentation threshold are interface-specific
8003  * in ath10k, but device-specific in mac80211.
8004  */
8005 
8006 static int ath10k_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
8007 {
8008 	struct ath10k *ar = hw->priv;
8009 	struct ath10k_vif *arvif;
8010 	int ret = 0;
8011 
8012 	mutex_lock(&ar->conf_mutex);
8013 	list_for_each_entry(arvif, &ar->arvifs, list) {
8014 		ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
8015 			   arvif->vdev_id, value);
8016 
8017 		ret = ath10k_mac_set_rts(arvif, value);
8018 		if (ret) {
8019 			ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
8020 				    arvif->vdev_id, ret);
8021 			break;
8022 		}
8023 	}
8024 	mutex_unlock(&ar->conf_mutex);
8025 
8026 	return ret;
8027 }
8028 
8029 static int ath10k_mac_op_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
8030 {
8031 	/* Even though there's a WMI enum for fragmentation threshold no known
8032 	 * firmware actually implements it. Moreover it is not possible to rely
8033 	 * frame fragmentation to mac80211 because firmware clears the "more
8034 	 * fragments" bit in frame control making it impossible for remote
8035 	 * devices to reassemble frames.
8036 	 *
8037 	 * Hence implement a dummy callback just to say fragmentation isn't
8038 	 * supported. This effectively prevents mac80211 from doing frame
8039 	 * fragmentation in software.
8040 	 */
8041 	return -EOPNOTSUPP;
8042 }
8043 
8044 void ath10k_mac_wait_tx_complete(struct ath10k *ar)
8045 {
8046 	bool skip;
8047 	long time_left;
8048 
8049 	/* mac80211 doesn't care if we really xmit queued frames or not
8050 	 * we'll collect those frames either way if we stop/delete vdevs
8051 	 */
8052 
8053 	if (ar->state == ATH10K_STATE_WEDGED)
8054 		return;
8055 
8056 	time_left = wait_event_timeout(ar->htt.empty_tx_wq, ({
8057 			bool empty;
8058 
8059 			spin_lock_bh(&ar->htt.tx_lock);
8060 			empty = (ar->htt.num_pending_tx == 0);
8061 			spin_unlock_bh(&ar->htt.tx_lock);
8062 
8063 			skip = (ar->state == ATH10K_STATE_WEDGED) ||
8064 			       test_bit(ATH10K_FLAG_CRASH_FLUSH,
8065 					&ar->dev_flags);
8066 
8067 			(empty || skip);
8068 		}), ATH10K_FLUSH_TIMEOUT_HZ);
8069 
8070 	if (time_left == 0 || skip)
8071 		ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %ld\n",
8072 			    skip, ar->state, time_left);
8073 }
8074 
8075 static void ath10k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
8076 			 u32 queues, bool drop)
8077 {
8078 	struct ath10k *ar = hw->priv;
8079 	struct ath10k_vif *arvif;
8080 	u32 bitmap;
8081 
8082 	if (drop) {
8083 		if (vif && vif->type == NL80211_IFTYPE_STATION) {
8084 			bitmap = ~(1 << WMI_MGMT_TID);
8085 			list_for_each_entry(arvif, &ar->arvifs, list) {
8086 				if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
8087 					ath10k_wmi_peer_flush(ar, arvif->vdev_id,
8088 							      arvif->bssid, bitmap);
8089 			}
8090 			ath10k_htt_flush_tx(&ar->htt);
8091 		}
8092 		return;
8093 	}
8094 
8095 	mutex_lock(&ar->conf_mutex);
8096 	ath10k_mac_wait_tx_complete(ar);
8097 	mutex_unlock(&ar->conf_mutex);
8098 }
8099 
8100 /* TODO: Implement this function properly
8101  * For now it is needed to reply to Probe Requests in IBSS mode.
8102  * Probably we need this information from FW.
8103  */
8104 static int ath10k_tx_last_beacon(struct ieee80211_hw *hw)
8105 {
8106 	return 1;
8107 }
8108 
8109 static void ath10k_reconfig_complete(struct ieee80211_hw *hw,
8110 				     enum ieee80211_reconfig_type reconfig_type)
8111 {
8112 	struct ath10k *ar = hw->priv;
8113 	struct ath10k_vif *arvif;
8114 
8115 	if (reconfig_type != IEEE80211_RECONFIG_TYPE_RESTART)
8116 		return;
8117 
8118 	mutex_lock(&ar->conf_mutex);
8119 
8120 	/* If device failed to restart it will be in a different state, e.g.
8121 	 * ATH10K_STATE_WEDGED
8122 	 */
8123 	if (ar->state == ATH10K_STATE_RESTARTED) {
8124 		ath10k_info(ar, "device successfully recovered\n");
8125 		ar->state = ATH10K_STATE_ON;
8126 		ieee80211_wake_queues(ar->hw);
8127 		clear_bit(ATH10K_FLAG_RESTARTING, &ar->dev_flags);
8128 		if (ar->hw_params.hw_restart_disconnect) {
8129 			list_for_each_entry(arvif, &ar->arvifs, list) {
8130 				if (arvif->is_up && arvif->vdev_type == WMI_VDEV_TYPE_STA)
8131 					ieee80211_hw_restart_disconnect(arvif->vif);
8132 				}
8133 		}
8134 	}
8135 
8136 	mutex_unlock(&ar->conf_mutex);
8137 }
8138 
8139 static void
8140 ath10k_mac_update_bss_chan_survey(struct ath10k *ar,
8141 				  struct ieee80211_channel *channel)
8142 {
8143 	int ret;
8144 	enum wmi_bss_survey_req_type type = WMI_BSS_SURVEY_REQ_TYPE_READ;
8145 
8146 	lockdep_assert_held(&ar->conf_mutex);
8147 
8148 	if (!test_bit(WMI_SERVICE_BSS_CHANNEL_INFO_64, ar->wmi.svc_map) ||
8149 	    (ar->rx_channel != channel))
8150 		return;
8151 
8152 	if (ar->scan.state != ATH10K_SCAN_IDLE) {
8153 		ath10k_dbg(ar, ATH10K_DBG_MAC, "ignoring bss chan info request while scanning..\n");
8154 		return;
8155 	}
8156 
8157 	reinit_completion(&ar->bss_survey_done);
8158 
8159 	ret = ath10k_wmi_pdev_bss_chan_info_request(ar, type);
8160 	if (ret) {
8161 		ath10k_warn(ar, "failed to send pdev bss chan info request\n");
8162 		return;
8163 	}
8164 
8165 	ret = wait_for_completion_timeout(&ar->bss_survey_done, 3 * HZ);
8166 	if (!ret) {
8167 		ath10k_warn(ar, "bss channel survey timed out\n");
8168 		return;
8169 	}
8170 }
8171 
8172 static int ath10k_get_survey(struct ieee80211_hw *hw, int idx,
8173 			     struct survey_info *survey)
8174 {
8175 	struct ath10k *ar = hw->priv;
8176 	struct ieee80211_supported_band *sband;
8177 	struct survey_info *ar_survey = &ar->survey[idx];
8178 	int ret = 0;
8179 
8180 	mutex_lock(&ar->conf_mutex);
8181 
8182 	sband = hw->wiphy->bands[NL80211_BAND_2GHZ];
8183 	if (sband && idx >= sband->n_channels) {
8184 		idx -= sband->n_channels;
8185 		sband = NULL;
8186 	}
8187 
8188 	if (!sband)
8189 		sband = hw->wiphy->bands[NL80211_BAND_5GHZ];
8190 
8191 	if (!sband || idx >= sband->n_channels) {
8192 		ret = -ENOENT;
8193 		goto exit;
8194 	}
8195 
8196 	ath10k_mac_update_bss_chan_survey(ar, &sband->channels[idx]);
8197 
8198 	spin_lock_bh(&ar->data_lock);
8199 	memcpy(survey, ar_survey, sizeof(*survey));
8200 	spin_unlock_bh(&ar->data_lock);
8201 
8202 	survey->channel = &sband->channels[idx];
8203 
8204 	if (ar->rx_channel == survey->channel)
8205 		survey->filled |= SURVEY_INFO_IN_USE;
8206 
8207 exit:
8208 	mutex_unlock(&ar->conf_mutex);
8209 	return ret;
8210 }
8211 
8212 static bool
8213 ath10k_mac_bitrate_mask_get_single_nss(struct ath10k *ar,
8214 				       enum nl80211_band band,
8215 				       const struct cfg80211_bitrate_mask *mask,
8216 				       int *nss)
8217 {
8218 	struct ieee80211_supported_band *sband = &ar->mac.sbands[band];
8219 	u16 vht_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8220 	u8 ht_nss_mask = 0;
8221 	u8 vht_nss_mask = 0;
8222 	int i;
8223 
8224 	if (mask->control[band].legacy)
8225 		return false;
8226 
8227 	for (i = 0; i < ARRAY_SIZE(mask->control[band].ht_mcs); i++) {
8228 		if (mask->control[band].ht_mcs[i] == 0)
8229 			continue;
8230 		else if (mask->control[band].ht_mcs[i] ==
8231 			 sband->ht_cap.mcs.rx_mask[i])
8232 			ht_nss_mask |= BIT(i);
8233 		else
8234 			return false;
8235 	}
8236 
8237 	for (i = 0; i < ARRAY_SIZE(mask->control[band].vht_mcs); i++) {
8238 		if (mask->control[band].vht_mcs[i] == 0)
8239 			continue;
8240 		else if (mask->control[band].vht_mcs[i] ==
8241 			 ath10k_mac_get_max_vht_mcs_map(vht_mcs_map, i))
8242 			vht_nss_mask |= BIT(i);
8243 		else
8244 			return false;
8245 	}
8246 
8247 	if (ht_nss_mask != vht_nss_mask)
8248 		return false;
8249 
8250 	if (ht_nss_mask == 0)
8251 		return false;
8252 
8253 	if (BIT(fls(ht_nss_mask)) - 1 != ht_nss_mask)
8254 		return false;
8255 
8256 	*nss = fls(ht_nss_mask);
8257 
8258 	return true;
8259 }
8260 
8261 static int ath10k_mac_set_fixed_rate_params(struct ath10k_vif *arvif,
8262 					    u8 rate, u8 nss, u8 sgi, u8 ldpc)
8263 {
8264 	struct ath10k *ar = arvif->ar;
8265 	u32 vdev_param;
8266 	int ret;
8267 
8268 	lockdep_assert_held(&ar->conf_mutex);
8269 
8270 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac set fixed rate params vdev %i rate 0x%02x nss %u sgi %u\n",
8271 		   arvif->vdev_id, rate, nss, sgi);
8272 
8273 	vdev_param = ar->wmi.vdev_param->fixed_rate;
8274 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, rate);
8275 	if (ret) {
8276 		ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
8277 			    rate, ret);
8278 		return ret;
8279 	}
8280 
8281 	vdev_param = ar->wmi.vdev_param->nss;
8282 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, nss);
8283 	if (ret) {
8284 		ath10k_warn(ar, "failed to set nss param %d: %d\n", nss, ret);
8285 		return ret;
8286 	}
8287 
8288 	vdev_param = ar->wmi.vdev_param->sgi;
8289 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, sgi);
8290 	if (ret) {
8291 		ath10k_warn(ar, "failed to set sgi param %d: %d\n", sgi, ret);
8292 		return ret;
8293 	}
8294 
8295 	vdev_param = ar->wmi.vdev_param->ldpc;
8296 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, ldpc);
8297 	if (ret) {
8298 		ath10k_warn(ar, "failed to set ldpc param %d: %d\n", ldpc, ret);
8299 		return ret;
8300 	}
8301 
8302 	return 0;
8303 }
8304 
8305 static bool
8306 ath10k_mac_can_set_bitrate_mask(struct ath10k *ar,
8307 				enum nl80211_band band,
8308 				const struct cfg80211_bitrate_mask *mask,
8309 				bool allow_pfr)
8310 {
8311 	int i;
8312 	u16 vht_mcs;
8313 
8314 	/* Due to firmware limitation in WMI_PEER_ASSOC_CMDID it is impossible
8315 	 * to express all VHT MCS rate masks. Effectively only the following
8316 	 * ranges can be used: none, 0-7, 0-8 and 0-9.
8317 	 */
8318 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8319 		vht_mcs = mask->control[band].vht_mcs[i];
8320 
8321 		switch (vht_mcs) {
8322 		case 0:
8323 		case BIT(8) - 1:
8324 		case BIT(9) - 1:
8325 		case BIT(10) - 1:
8326 			break;
8327 		default:
8328 			if (!allow_pfr)
8329 				ath10k_warn(ar, "refusing bitrate mask with missing 0-7 VHT MCS rates\n");
8330 			return false;
8331 		}
8332 	}
8333 
8334 	return true;
8335 }
8336 
8337 static bool ath10k_mac_set_vht_bitrate_mask_fixup(struct ath10k *ar,
8338 						  struct ath10k_vif *arvif,
8339 						  struct ieee80211_sta *sta)
8340 {
8341 	int err;
8342 	u8 rate = arvif->vht_pfr;
8343 
8344 	/* skip non vht and multiple rate peers */
8345 	if (!sta->deflink.vht_cap.vht_supported || arvif->vht_num_rates != 1)
8346 		return false;
8347 
8348 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8349 					WMI_PEER_PARAM_FIXED_RATE, rate);
8350 	if (err)
8351 		ath10k_warn(ar, "failed to enable STA %pM peer fixed rate: %d\n",
8352 			    sta->addr, err);
8353 
8354 	return true;
8355 }
8356 
8357 static void ath10k_mac_set_bitrate_mask_iter(void *data,
8358 					     struct ieee80211_sta *sta)
8359 {
8360 	struct ath10k_vif *arvif = data;
8361 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8362 	struct ath10k *ar = arvif->ar;
8363 
8364 	if (arsta->arvif != arvif)
8365 		return;
8366 
8367 	if (ath10k_mac_set_vht_bitrate_mask_fixup(ar, arvif, sta))
8368 		return;
8369 
8370 	spin_lock_bh(&ar->data_lock);
8371 	arsta->changed |= IEEE80211_RC_SUPP_RATES_CHANGED;
8372 	spin_unlock_bh(&ar->data_lock);
8373 
8374 	ieee80211_queue_work(ar->hw, &arsta->update_wk);
8375 }
8376 
8377 static void ath10k_mac_clr_bitrate_mask_iter(void *data,
8378 					     struct ieee80211_sta *sta)
8379 {
8380 	struct ath10k_vif *arvif = data;
8381 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8382 	struct ath10k *ar = arvif->ar;
8383 	int err;
8384 
8385 	/* clear vht peers only */
8386 	if (arsta->arvif != arvif || !sta->deflink.vht_cap.vht_supported)
8387 		return;
8388 
8389 	err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
8390 					WMI_PEER_PARAM_FIXED_RATE,
8391 					WMI_FIXED_RATE_NONE);
8392 	if (err)
8393 		ath10k_warn(ar, "failed to clear STA %pM peer fixed rate: %d\n",
8394 			    sta->addr, err);
8395 }
8396 
8397 static int ath10k_mac_op_set_bitrate_mask(struct ieee80211_hw *hw,
8398 					  struct ieee80211_vif *vif,
8399 					  const struct cfg80211_bitrate_mask *mask)
8400 {
8401 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8402 	struct cfg80211_chan_def def;
8403 	struct ath10k *ar = arvif->ar;
8404 	enum nl80211_band band;
8405 	const u8 *ht_mcs_mask;
8406 	const u16 *vht_mcs_mask;
8407 	u8 rate;
8408 	u8 nss;
8409 	u8 sgi;
8410 	u8 ldpc;
8411 	int single_nss;
8412 	int ret;
8413 	int vht_num_rates, allow_pfr;
8414 	u8 vht_pfr;
8415 	bool update_bitrate_mask = true;
8416 
8417 	if (ath10k_mac_vif_chan(vif, &def))
8418 		return -EPERM;
8419 
8420 	band = def.chan->band;
8421 	ht_mcs_mask = mask->control[band].ht_mcs;
8422 	vht_mcs_mask = mask->control[band].vht_mcs;
8423 	ldpc = !!(ar->ht_cap_info & WMI_HT_CAP_LDPC);
8424 
8425 	sgi = mask->control[band].gi;
8426 	if (sgi == NL80211_TXRATE_FORCE_LGI)
8427 		return -EINVAL;
8428 
8429 	allow_pfr = test_bit(ATH10K_FW_FEATURE_PEER_FIXED_RATE,
8430 			     ar->normal_mode_fw.fw_file.fw_features);
8431 	if (allow_pfr) {
8432 		mutex_lock(&ar->conf_mutex);
8433 		ieee80211_iterate_stations_atomic(ar->hw,
8434 						  ath10k_mac_clr_bitrate_mask_iter,
8435 						  arvif);
8436 		mutex_unlock(&ar->conf_mutex);
8437 	}
8438 
8439 	if (ath10k_mac_bitrate_mask_has_single_rate(ar, band, mask,
8440 						    &vht_num_rates)) {
8441 		ret = ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8442 							      &rate, &nss,
8443 							      false);
8444 		if (ret) {
8445 			ath10k_warn(ar, "failed to get single rate for vdev %i: %d\n",
8446 				    arvif->vdev_id, ret);
8447 			return ret;
8448 		}
8449 	} else if (ath10k_mac_bitrate_mask_get_single_nss(ar, band, mask,
8450 							  &single_nss)) {
8451 		rate = WMI_FIXED_RATE_NONE;
8452 		nss = single_nss;
8453 	} else {
8454 		rate = WMI_FIXED_RATE_NONE;
8455 		nss = min(ar->num_rf_chains,
8456 			  max(ath10k_mac_max_ht_nss(ht_mcs_mask),
8457 			      ath10k_mac_max_vht_nss(vht_mcs_mask)));
8458 
8459 		if (!ath10k_mac_can_set_bitrate_mask(ar, band, mask,
8460 						     allow_pfr)) {
8461 			u8 vht_nss;
8462 
8463 			if (!allow_pfr || vht_num_rates != 1)
8464 				return -EINVAL;
8465 
8466 			/* Reach here, firmware supports peer fixed rate and has
8467 			 * single vht rate, and don't update vif birate_mask, as
8468 			 * the rate only for specific peer.
8469 			 */
8470 			ath10k_mac_bitrate_mask_get_single_rate(ar, band, mask,
8471 								&vht_pfr,
8472 								&vht_nss,
8473 								true);
8474 			update_bitrate_mask = false;
8475 		} else {
8476 			vht_pfr = 0;
8477 		}
8478 
8479 		mutex_lock(&ar->conf_mutex);
8480 
8481 		if (update_bitrate_mask)
8482 			arvif->bitrate_mask = *mask;
8483 		arvif->vht_num_rates = vht_num_rates;
8484 		arvif->vht_pfr = vht_pfr;
8485 		ieee80211_iterate_stations_atomic(ar->hw,
8486 						  ath10k_mac_set_bitrate_mask_iter,
8487 						  arvif);
8488 
8489 		mutex_unlock(&ar->conf_mutex);
8490 	}
8491 
8492 	mutex_lock(&ar->conf_mutex);
8493 
8494 	ret = ath10k_mac_set_fixed_rate_params(arvif, rate, nss, sgi, ldpc);
8495 	if (ret) {
8496 		ath10k_warn(ar, "failed to set fixed rate params on vdev %i: %d\n",
8497 			    arvif->vdev_id, ret);
8498 		goto exit;
8499 	}
8500 
8501 exit:
8502 	mutex_unlock(&ar->conf_mutex);
8503 
8504 	return ret;
8505 }
8506 
8507 static void ath10k_sta_rc_update(struct ieee80211_hw *hw,
8508 				 struct ieee80211_vif *vif,
8509 				 struct ieee80211_sta *sta,
8510 				 u32 changed)
8511 {
8512 	struct ath10k *ar = hw->priv;
8513 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
8514 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8515 	struct ath10k_peer *peer;
8516 	u32 bw, smps;
8517 
8518 	spin_lock_bh(&ar->data_lock);
8519 
8520 	peer = ath10k_peer_find(ar, arvif->vdev_id, sta->addr);
8521 	if (!peer) {
8522 		spin_unlock_bh(&ar->data_lock);
8523 		ath10k_warn(ar, "mac sta rc update failed to find peer %pM on vdev %i\n",
8524 			    sta->addr, arvif->vdev_id);
8525 		return;
8526 	}
8527 
8528 	ath10k_dbg(ar, ATH10K_DBG_STA,
8529 		   "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
8530 		   sta->addr, changed, sta->deflink.bandwidth,
8531 		   sta->deflink.rx_nss,
8532 		   sta->deflink.smps_mode);
8533 
8534 	if (changed & IEEE80211_RC_BW_CHANGED) {
8535 		bw = WMI_PEER_CHWIDTH_20MHZ;
8536 
8537 		switch (sta->deflink.bandwidth) {
8538 		case IEEE80211_STA_RX_BW_20:
8539 			bw = WMI_PEER_CHWIDTH_20MHZ;
8540 			break;
8541 		case IEEE80211_STA_RX_BW_40:
8542 			bw = WMI_PEER_CHWIDTH_40MHZ;
8543 			break;
8544 		case IEEE80211_STA_RX_BW_80:
8545 			bw = WMI_PEER_CHWIDTH_80MHZ;
8546 			break;
8547 		case IEEE80211_STA_RX_BW_160:
8548 			bw = WMI_PEER_CHWIDTH_160MHZ;
8549 			break;
8550 		default:
8551 			ath10k_warn(ar, "Invalid bandwidth %d in rc update for %pM\n",
8552 				    sta->deflink.bandwidth, sta->addr);
8553 			bw = WMI_PEER_CHWIDTH_20MHZ;
8554 			break;
8555 		}
8556 
8557 		arsta->bw = bw;
8558 	}
8559 
8560 	if (changed & IEEE80211_RC_NSS_CHANGED)
8561 		arsta->nss = sta->deflink.rx_nss;
8562 
8563 	if (changed & IEEE80211_RC_SMPS_CHANGED) {
8564 		smps = WMI_PEER_SMPS_PS_NONE;
8565 
8566 		switch (sta->deflink.smps_mode) {
8567 		case IEEE80211_SMPS_AUTOMATIC:
8568 		case IEEE80211_SMPS_OFF:
8569 			smps = WMI_PEER_SMPS_PS_NONE;
8570 			break;
8571 		case IEEE80211_SMPS_STATIC:
8572 			smps = WMI_PEER_SMPS_STATIC;
8573 			break;
8574 		case IEEE80211_SMPS_DYNAMIC:
8575 			smps = WMI_PEER_SMPS_DYNAMIC;
8576 			break;
8577 		case IEEE80211_SMPS_NUM_MODES:
8578 			ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
8579 				    sta->deflink.smps_mode, sta->addr);
8580 			smps = WMI_PEER_SMPS_PS_NONE;
8581 			break;
8582 		}
8583 
8584 		arsta->smps = smps;
8585 	}
8586 
8587 	arsta->changed |= changed;
8588 
8589 	spin_unlock_bh(&ar->data_lock);
8590 
8591 	ieee80211_queue_work(hw, &arsta->update_wk);
8592 }
8593 
8594 static void ath10k_offset_tsf(struct ieee80211_hw *hw,
8595 			      struct ieee80211_vif *vif, s64 tsf_offset)
8596 {
8597 	struct ath10k *ar = hw->priv;
8598 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8599 	u32 offset, vdev_param;
8600 	int ret;
8601 
8602 	if (tsf_offset < 0) {
8603 		vdev_param = ar->wmi.vdev_param->dec_tsf;
8604 		offset = -tsf_offset;
8605 	} else {
8606 		vdev_param = ar->wmi.vdev_param->inc_tsf;
8607 		offset = tsf_offset;
8608 	}
8609 
8610 	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
8611 					vdev_param, offset);
8612 
8613 	if (ret && ret != -EOPNOTSUPP)
8614 		ath10k_warn(ar, "failed to set tsf offset %d cmd %d: %d\n",
8615 			    offset, vdev_param, ret);
8616 }
8617 
8618 static int ath10k_ampdu_action(struct ieee80211_hw *hw,
8619 			       struct ieee80211_vif *vif,
8620 			       struct ieee80211_ampdu_params *params)
8621 {
8622 	struct ath10k *ar = hw->priv;
8623 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8624 	struct ieee80211_sta *sta = params->sta;
8625 	enum ieee80211_ampdu_mlme_action action = params->action;
8626 	u16 tid = params->tid;
8627 
8628 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %u action %d\n",
8629 		   arvif->vdev_id, sta->addr, tid, action);
8630 
8631 	switch (action) {
8632 	case IEEE80211_AMPDU_RX_START:
8633 	case IEEE80211_AMPDU_RX_STOP:
8634 		/* HTT AddBa/DelBa events trigger mac80211 Rx BA session
8635 		 * creation/removal. Do we need to verify this?
8636 		 */
8637 		return 0;
8638 	case IEEE80211_AMPDU_TX_START:
8639 	case IEEE80211_AMPDU_TX_STOP_CONT:
8640 	case IEEE80211_AMPDU_TX_STOP_FLUSH:
8641 	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
8642 	case IEEE80211_AMPDU_TX_OPERATIONAL:
8643 		/* Firmware offloads Tx aggregation entirely so deny mac80211
8644 		 * Tx aggregation requests.
8645 		 */
8646 		return -EOPNOTSUPP;
8647 	}
8648 
8649 	return -EINVAL;
8650 }
8651 
8652 static void
8653 ath10k_mac_update_rx_channel(struct ath10k *ar,
8654 			     struct ieee80211_chanctx_conf *ctx,
8655 			     struct ieee80211_vif_chanctx_switch *vifs,
8656 			     int n_vifs)
8657 {
8658 	struct cfg80211_chan_def *def = NULL;
8659 
8660 	/* Both locks are required because ar->rx_channel is modified. This
8661 	 * allows readers to hold either lock.
8662 	 */
8663 	lockdep_assert_held(&ar->conf_mutex);
8664 	lockdep_assert_held(&ar->data_lock);
8665 
8666 	WARN_ON(ctx && vifs);
8667 	WARN_ON(vifs && !n_vifs);
8668 
8669 	/* FIXME: Sort of an optimization and a workaround. Peers and vifs are
8670 	 * on a linked list now. Doing a lookup peer -> vif -> chanctx for each
8671 	 * ppdu on Rx may reduce performance on low-end systems. It should be
8672 	 * possible to make tables/hashmaps to speed the lookup up (be vary of
8673 	 * cpu data cache lines though regarding sizes) but to keep the initial
8674 	 * implementation simple and less intrusive fallback to the slow lookup
8675 	 * only for multi-channel cases. Single-channel cases will remain to
8676 	 * use the old channel derival and thus performance should not be
8677 	 * affected much.
8678 	 */
8679 	rcu_read_lock();
8680 	if (!ctx && ath10k_mac_num_chanctxs(ar) == 1) {
8681 		ieee80211_iter_chan_contexts_atomic(ar->hw,
8682 						    ath10k_mac_get_any_chandef_iter,
8683 						    &def);
8684 
8685 		if (vifs)
8686 			def = &vifs[0].new_ctx->def;
8687 
8688 		ar->rx_channel = def->chan;
8689 	} else if ((ctx && ath10k_mac_num_chanctxs(ar) == 0) ||
8690 		   (ctx && (ar->state == ATH10K_STATE_RESTARTED))) {
8691 		/* During driver restart due to firmware assert, since mac80211
8692 		 * already has valid channel context for given radio, channel
8693 		 * context iteration return num_chanctx > 0. So fix rx_channel
8694 		 * when restart is in progress.
8695 		 */
8696 		ar->rx_channel = ctx->def.chan;
8697 	} else {
8698 		ar->rx_channel = NULL;
8699 	}
8700 	rcu_read_unlock();
8701 }
8702 
8703 static void
8704 ath10k_mac_update_vif_chan(struct ath10k *ar,
8705 			   struct ieee80211_vif_chanctx_switch *vifs,
8706 			   int n_vifs)
8707 {
8708 	struct ath10k_vif *arvif;
8709 	int ret;
8710 	int i;
8711 
8712 	lockdep_assert_held(&ar->conf_mutex);
8713 
8714 	/* First stop monitor interface. Some FW versions crash if there's a
8715 	 * lone monitor interface.
8716 	 */
8717 	if (ar->monitor_started)
8718 		ath10k_monitor_stop(ar);
8719 
8720 	for (i = 0; i < n_vifs; i++) {
8721 		arvif = (void *)vifs[i].vif->drv_priv;
8722 
8723 		ath10k_dbg(ar, ATH10K_DBG_MAC,
8724 			   "mac chanctx switch vdev_id %i freq %u->%u width %d->%d\n",
8725 			   arvif->vdev_id,
8726 			   vifs[i].old_ctx->def.chan->center_freq,
8727 			   vifs[i].new_ctx->def.chan->center_freq,
8728 			   vifs[i].old_ctx->def.width,
8729 			   vifs[i].new_ctx->def.width);
8730 
8731 		if (WARN_ON(!arvif->is_started))
8732 			continue;
8733 
8734 		if (WARN_ON(!arvif->is_up))
8735 			continue;
8736 
8737 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
8738 		if (ret) {
8739 			ath10k_warn(ar, "failed to down vdev %d: %d\n",
8740 				    arvif->vdev_id, ret);
8741 			continue;
8742 		}
8743 	}
8744 
8745 	/* All relevant vdevs are downed and associated channel resources
8746 	 * should be available for the channel switch now.
8747 	 */
8748 
8749 	spin_lock_bh(&ar->data_lock);
8750 	ath10k_mac_update_rx_channel(ar, NULL, vifs, n_vifs);
8751 	spin_unlock_bh(&ar->data_lock);
8752 
8753 	for (i = 0; i < n_vifs; i++) {
8754 		arvif = (void *)vifs[i].vif->drv_priv;
8755 
8756 		if (WARN_ON(!arvif->is_started))
8757 			continue;
8758 
8759 		if (WARN_ON(!arvif->is_up))
8760 			continue;
8761 
8762 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
8763 		if (ret)
8764 			ath10k_warn(ar, "failed to update bcn tmpl during csa: %d\n",
8765 				    ret);
8766 
8767 		ret = ath10k_mac_setup_prb_tmpl(arvif);
8768 		if (ret)
8769 			ath10k_warn(ar, "failed to update prb tmpl during csa: %d\n",
8770 				    ret);
8771 
8772 		ret = ath10k_vdev_restart(arvif, &vifs[i].new_ctx->def);
8773 		if (ret) {
8774 			ath10k_warn(ar, "failed to restart vdev %d: %d\n",
8775 				    arvif->vdev_id, ret);
8776 			continue;
8777 		}
8778 
8779 		ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
8780 					 arvif->bssid);
8781 		if (ret) {
8782 			ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
8783 				    arvif->vdev_id, ret);
8784 			continue;
8785 		}
8786 	}
8787 
8788 	ath10k_monitor_recalc(ar);
8789 }
8790 
8791 static int
8792 ath10k_mac_op_add_chanctx(struct ieee80211_hw *hw,
8793 			  struct ieee80211_chanctx_conf *ctx)
8794 {
8795 	struct ath10k *ar = hw->priv;
8796 
8797 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8798 		   "mac chanctx add freq %u width %d ptr %pK\n",
8799 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8800 
8801 	mutex_lock(&ar->conf_mutex);
8802 
8803 	spin_lock_bh(&ar->data_lock);
8804 	ath10k_mac_update_rx_channel(ar, ctx, NULL, 0);
8805 	spin_unlock_bh(&ar->data_lock);
8806 
8807 	ath10k_recalc_radar_detection(ar);
8808 	ath10k_monitor_recalc(ar);
8809 
8810 	mutex_unlock(&ar->conf_mutex);
8811 
8812 	return 0;
8813 }
8814 
8815 static void
8816 ath10k_mac_op_remove_chanctx(struct ieee80211_hw *hw,
8817 			     struct ieee80211_chanctx_conf *ctx)
8818 {
8819 	struct ath10k *ar = hw->priv;
8820 
8821 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8822 		   "mac chanctx remove freq %u width %d ptr %pK\n",
8823 		   ctx->def.chan->center_freq, ctx->def.width, ctx);
8824 
8825 	mutex_lock(&ar->conf_mutex);
8826 
8827 	spin_lock_bh(&ar->data_lock);
8828 	ath10k_mac_update_rx_channel(ar, NULL, NULL, 0);
8829 	spin_unlock_bh(&ar->data_lock);
8830 
8831 	ath10k_recalc_radar_detection(ar);
8832 	ath10k_monitor_recalc(ar);
8833 
8834 	mutex_unlock(&ar->conf_mutex);
8835 }
8836 
8837 struct ath10k_mac_change_chanctx_arg {
8838 	struct ieee80211_chanctx_conf *ctx;
8839 	struct ieee80211_vif_chanctx_switch *vifs;
8840 	int n_vifs;
8841 	int next_vif;
8842 };
8843 
8844 static void
8845 ath10k_mac_change_chanctx_cnt_iter(void *data, u8 *mac,
8846 				   struct ieee80211_vif *vif)
8847 {
8848 	struct ath10k_mac_change_chanctx_arg *arg = data;
8849 
8850 	if (rcu_access_pointer(vif->bss_conf.chanctx_conf) != arg->ctx)
8851 		return;
8852 
8853 	arg->n_vifs++;
8854 }
8855 
8856 static void
8857 ath10k_mac_change_chanctx_fill_iter(void *data, u8 *mac,
8858 				    struct ieee80211_vif *vif)
8859 {
8860 	struct ath10k_mac_change_chanctx_arg *arg = data;
8861 	struct ieee80211_chanctx_conf *ctx;
8862 
8863 	ctx = rcu_access_pointer(vif->bss_conf.chanctx_conf);
8864 	if (ctx != arg->ctx)
8865 		return;
8866 
8867 	if (WARN_ON(arg->next_vif == arg->n_vifs))
8868 		return;
8869 
8870 	arg->vifs[arg->next_vif].vif = vif;
8871 	arg->vifs[arg->next_vif].old_ctx = ctx;
8872 	arg->vifs[arg->next_vif].new_ctx = ctx;
8873 	arg->next_vif++;
8874 }
8875 
8876 static void
8877 ath10k_mac_op_change_chanctx(struct ieee80211_hw *hw,
8878 			     struct ieee80211_chanctx_conf *ctx,
8879 			     u32 changed)
8880 {
8881 	struct ath10k *ar = hw->priv;
8882 	struct ath10k_mac_change_chanctx_arg arg = { .ctx = ctx };
8883 
8884 	mutex_lock(&ar->conf_mutex);
8885 
8886 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8887 		   "mac chanctx change freq %u width %d ptr %pK changed %x\n",
8888 		   ctx->def.chan->center_freq, ctx->def.width, ctx, changed);
8889 
8890 	/* This shouldn't really happen because channel switching should use
8891 	 * switch_vif_chanctx().
8892 	 */
8893 	if (WARN_ON(changed & IEEE80211_CHANCTX_CHANGE_CHANNEL))
8894 		goto unlock;
8895 
8896 	if (changed & IEEE80211_CHANCTX_CHANGE_WIDTH) {
8897 		ieee80211_iterate_active_interfaces_atomic(
8898 					hw,
8899 					ATH10K_ITER_NORMAL_FLAGS,
8900 					ath10k_mac_change_chanctx_cnt_iter,
8901 					&arg);
8902 		if (arg.n_vifs == 0)
8903 			goto radar;
8904 
8905 		arg.vifs = kcalloc(arg.n_vifs, sizeof(arg.vifs[0]),
8906 				   GFP_KERNEL);
8907 		if (!arg.vifs)
8908 			goto radar;
8909 
8910 		ieee80211_iterate_active_interfaces_atomic(
8911 					hw,
8912 					ATH10K_ITER_NORMAL_FLAGS,
8913 					ath10k_mac_change_chanctx_fill_iter,
8914 					&arg);
8915 		ath10k_mac_update_vif_chan(ar, arg.vifs, arg.n_vifs);
8916 		kfree(arg.vifs);
8917 	}
8918 
8919 radar:
8920 	ath10k_recalc_radar_detection(ar);
8921 
8922 	/* FIXME: How to configure Rx chains properly? */
8923 
8924 	/* No other actions are actually necessary. Firmware maintains channel
8925 	 * definitions per vdev internally and there's no host-side channel
8926 	 * context abstraction to configure, e.g. channel width.
8927 	 */
8928 
8929 unlock:
8930 	mutex_unlock(&ar->conf_mutex);
8931 }
8932 
8933 static int
8934 ath10k_mac_op_assign_vif_chanctx(struct ieee80211_hw *hw,
8935 				 struct ieee80211_vif *vif,
8936 				 struct ieee80211_bss_conf *link_conf,
8937 				 struct ieee80211_chanctx_conf *ctx)
8938 {
8939 	struct ath10k *ar = hw->priv;
8940 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
8941 	int ret;
8942 
8943 	mutex_lock(&ar->conf_mutex);
8944 
8945 	ath10k_dbg(ar, ATH10K_DBG_MAC,
8946 		   "mac chanctx assign ptr %pK vdev_id %i\n",
8947 		   ctx, arvif->vdev_id);
8948 
8949 	if (WARN_ON(arvif->is_started)) {
8950 		mutex_unlock(&ar->conf_mutex);
8951 		return -EBUSY;
8952 	}
8953 
8954 	ret = ath10k_vdev_start(arvif, &ctx->def);
8955 	if (ret) {
8956 		ath10k_warn(ar, "failed to start vdev %i addr %pM on freq %d: %d\n",
8957 			    arvif->vdev_id, vif->addr,
8958 			    ctx->def.chan->center_freq, ret);
8959 		goto err;
8960 	}
8961 
8962 	arvif->is_started = true;
8963 
8964 	ret = ath10k_mac_vif_setup_ps(arvif);
8965 	if (ret) {
8966 		ath10k_warn(ar, "failed to update vdev %i ps: %d\n",
8967 			    arvif->vdev_id, ret);
8968 		goto err_stop;
8969 	}
8970 
8971 	if (vif->type == NL80211_IFTYPE_MONITOR) {
8972 		ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, 0, vif->addr);
8973 		if (ret) {
8974 			ath10k_warn(ar, "failed to up monitor vdev %i: %d\n",
8975 				    arvif->vdev_id, ret);
8976 			goto err_stop;
8977 		}
8978 
8979 		arvif->is_up = true;
8980 	}
8981 
8982 	if (ath10k_mac_can_set_cts_prot(arvif)) {
8983 		ret = ath10k_mac_set_cts_prot(arvif);
8984 		if (ret)
8985 			ath10k_warn(ar, "failed to set cts protection for vdev %d: %d\n",
8986 				    arvif->vdev_id, ret);
8987 	}
8988 
8989 	if (ath10k_peer_stats_enabled(ar) &&
8990 	    ar->hw_params.tx_stats_over_pktlog) {
8991 		ar->pktlog_filter |= ATH10K_PKTLOG_PEER_STATS;
8992 		ret = ath10k_wmi_pdev_pktlog_enable(ar,
8993 						    ar->pktlog_filter);
8994 		if (ret) {
8995 			ath10k_warn(ar, "failed to enable pktlog %d\n", ret);
8996 			goto err_stop;
8997 		}
8998 	}
8999 
9000 	mutex_unlock(&ar->conf_mutex);
9001 	return 0;
9002 
9003 err_stop:
9004 	ath10k_vdev_stop(arvif);
9005 	arvif->is_started = false;
9006 	ath10k_mac_vif_setup_ps(arvif);
9007 
9008 err:
9009 	mutex_unlock(&ar->conf_mutex);
9010 	return ret;
9011 }
9012 
9013 static void
9014 ath10k_mac_op_unassign_vif_chanctx(struct ieee80211_hw *hw,
9015 				   struct ieee80211_vif *vif,
9016 				   struct ieee80211_bss_conf *link_conf,
9017 				   struct ieee80211_chanctx_conf *ctx)
9018 {
9019 	struct ath10k *ar = hw->priv;
9020 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9021 	int ret;
9022 
9023 	mutex_lock(&ar->conf_mutex);
9024 
9025 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9026 		   "mac chanctx unassign ptr %pK vdev_id %i\n",
9027 		   ctx, arvif->vdev_id);
9028 
9029 	WARN_ON(!arvif->is_started);
9030 
9031 	if (vif->type == NL80211_IFTYPE_MONITOR) {
9032 		WARN_ON(!arvif->is_up);
9033 
9034 		ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
9035 		if (ret)
9036 			ath10k_warn(ar, "failed to down monitor vdev %i: %d\n",
9037 				    arvif->vdev_id, ret);
9038 
9039 		arvif->is_up = false;
9040 	}
9041 
9042 	ret = ath10k_vdev_stop(arvif);
9043 	if (ret)
9044 		ath10k_warn(ar, "failed to stop vdev %i: %d\n",
9045 			    arvif->vdev_id, ret);
9046 
9047 	arvif->is_started = false;
9048 
9049 	mutex_unlock(&ar->conf_mutex);
9050 }
9051 
9052 static int
9053 ath10k_mac_op_switch_vif_chanctx(struct ieee80211_hw *hw,
9054 				 struct ieee80211_vif_chanctx_switch *vifs,
9055 				 int n_vifs,
9056 				 enum ieee80211_chanctx_switch_mode mode)
9057 {
9058 	struct ath10k *ar = hw->priv;
9059 
9060 	mutex_lock(&ar->conf_mutex);
9061 
9062 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9063 		   "mac chanctx switch n_vifs %d mode %d\n",
9064 		   n_vifs, mode);
9065 	ath10k_mac_update_vif_chan(ar, vifs, n_vifs);
9066 
9067 	mutex_unlock(&ar->conf_mutex);
9068 	return 0;
9069 }
9070 
9071 static void ath10k_mac_op_sta_pre_rcu_remove(struct ieee80211_hw *hw,
9072 					     struct ieee80211_vif *vif,
9073 					     struct ieee80211_sta *sta)
9074 {
9075 	struct ath10k *ar;
9076 	struct ath10k_peer *peer;
9077 
9078 	ar = hw->priv;
9079 
9080 	list_for_each_entry(peer, &ar->peers, list)
9081 		if (peer->sta == sta)
9082 			peer->removed = true;
9083 }
9084 
9085 /* HT MCS parameters with Nss = 1 */
9086 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss1[] = {
9087 	/* MCS  L20   L40   S20  S40 */
9088 	{0,  { 65,  135,  72,  150} },
9089 	{1,  { 130, 270,  144, 300} },
9090 	{2,  { 195, 405,  217, 450} },
9091 	{3,  { 260, 540,  289, 600} },
9092 	{4,  { 390, 810,  433, 900} },
9093 	{5,  { 520, 1080, 578, 1200} },
9094 	{6,  { 585, 1215, 650, 1350} },
9095 	{7,  { 650, 1350, 722, 1500} }
9096 };
9097 
9098 /* HT MCS parameters with Nss = 2 */
9099 static const struct ath10k_index_ht_data_rate_type supported_ht_mcs_rate_nss2[] = {
9100 	/* MCS  L20    L40   S20   S40 */
9101 	{0,  {130,  270,  144,  300} },
9102 	{1,  {260,  540,  289,  600} },
9103 	{2,  {390,  810,  433,  900} },
9104 	{3,  {520,  1080, 578,  1200} },
9105 	{4,  {780,  1620, 867,  1800} },
9106 	{5,  {1040, 2160, 1156, 2400} },
9107 	{6,  {1170, 2430, 1300, 2700} },
9108 	{7,  {1300, 2700, 1444, 3000} }
9109 };
9110 
9111 /* MCS parameters with Nss = 1 */
9112 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss1[] = {
9113 	/* MCS  L80    S80     L40   S40    L20   S20 */
9114 	{0,  {293,  325},  {135,  150},  {65,   72} },
9115 	{1,  {585,  650},  {270,  300},  {130,  144} },
9116 	{2,  {878,  975},  {405,  450},  {195,  217} },
9117 	{3,  {1170, 1300}, {540,  600},  {260,  289} },
9118 	{4,  {1755, 1950}, {810,  900},  {390,  433} },
9119 	{5,  {2340, 2600}, {1080, 1200}, {520,  578} },
9120 	{6,  {2633, 2925}, {1215, 1350}, {585,  650} },
9121 	{7,  {2925, 3250}, {1350, 1500}, {650,  722} },
9122 	{8,  {3510, 3900}, {1620, 1800}, {780,  867} },
9123 	{9,  {3900, 4333}, {1800, 2000}, {865,  960} }
9124 };
9125 
9126 /*MCS parameters with Nss = 2 */
9127 static const struct ath10k_index_vht_data_rate_type supported_vht_mcs_rate_nss2[] = {
9128 	/* MCS  L80    S80     L40   S40    L20   S20 */
9129 	{0,  {585,  650},  {270,  300},  {130,  144} },
9130 	{1,  {1170, 1300}, {540,  600},  {260,  289} },
9131 	{2,  {1755, 1950}, {810,  900},  {390,  433} },
9132 	{3,  {2340, 2600}, {1080, 1200}, {520,  578} },
9133 	{4,  {3510, 3900}, {1620, 1800}, {780,  867} },
9134 	{5,  {4680, 5200}, {2160, 2400}, {1040, 1156} },
9135 	{6,  {5265, 5850}, {2430, 2700}, {1170, 1300} },
9136 	{7,  {5850, 6500}, {2700, 3000}, {1300, 1444} },
9137 	{8,  {7020, 7800}, {3240, 3600}, {1560, 1733} },
9138 	{9,  {7800, 8667}, {3600, 4000}, {1730, 1920} }
9139 };
9140 
9141 static void ath10k_mac_get_rate_flags_ht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9142 					 u8 *flags, u8 *bw)
9143 {
9144 	struct ath10k_index_ht_data_rate_type *mcs_rate;
9145 	u8 index;
9146 	size_t len_nss1 = ARRAY_SIZE(supported_ht_mcs_rate_nss1);
9147 	size_t len_nss2 = ARRAY_SIZE(supported_ht_mcs_rate_nss2);
9148 
9149 	if (mcs >= (len_nss1 + len_nss2)) {
9150 		ath10k_warn(ar, "not supported mcs %d in current rate table", mcs);
9151 		return;
9152 	}
9153 
9154 	mcs_rate = (struct ath10k_index_ht_data_rate_type *)
9155 		   ((nss == 1) ? &supported_ht_mcs_rate_nss1 :
9156 		   &supported_ht_mcs_rate_nss2);
9157 
9158 	if (mcs >= len_nss1)
9159 		index = mcs - len_nss1;
9160 	else
9161 		index = mcs;
9162 
9163 	if (rate == mcs_rate[index].supported_rate[0]) {
9164 		*bw = RATE_INFO_BW_20;
9165 	} else if (rate == mcs_rate[index].supported_rate[1]) {
9166 		*bw |= RATE_INFO_BW_40;
9167 	} else if (rate == mcs_rate[index].supported_rate[2]) {
9168 		*bw |= RATE_INFO_BW_20;
9169 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9170 	} else if (rate == mcs_rate[index].supported_rate[3]) {
9171 		*bw |= RATE_INFO_BW_40;
9172 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9173 	} else {
9174 		ath10k_warn(ar, "invalid ht params rate %d 100kbps nss %d mcs %d",
9175 			    rate, nss, mcs);
9176 	}
9177 }
9178 
9179 static void ath10k_mac_get_rate_flags_vht(struct ath10k *ar, u32 rate, u8 nss, u8 mcs,
9180 					  u8 *flags, u8 *bw)
9181 {
9182 	struct ath10k_index_vht_data_rate_type *mcs_rate;
9183 
9184 	mcs_rate = (struct ath10k_index_vht_data_rate_type *)
9185 		   ((nss == 1) ? &supported_vht_mcs_rate_nss1 :
9186 		   &supported_vht_mcs_rate_nss2);
9187 
9188 	if (rate == mcs_rate[mcs].supported_VHT80_rate[0]) {
9189 		*bw = RATE_INFO_BW_80;
9190 	} else if (rate == mcs_rate[mcs].supported_VHT80_rate[1]) {
9191 		*bw = RATE_INFO_BW_80;
9192 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9193 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[0]) {
9194 		*bw = RATE_INFO_BW_40;
9195 	} else if (rate == mcs_rate[mcs].supported_VHT40_rate[1]) {
9196 		*bw = RATE_INFO_BW_40;
9197 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9198 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[0]) {
9199 		*bw = RATE_INFO_BW_20;
9200 	} else if (rate == mcs_rate[mcs].supported_VHT20_rate[1]) {
9201 		*bw = RATE_INFO_BW_20;
9202 		*flags |= RATE_INFO_FLAGS_SHORT_GI;
9203 	} else {
9204 		ath10k_warn(ar, "invalid vht params rate %d 100kbps nss %d mcs %d",
9205 			    rate, nss, mcs);
9206 	}
9207 }
9208 
9209 static void ath10k_mac_get_rate_flags(struct ath10k *ar, u32 rate,
9210 				      enum ath10k_phy_mode mode, u8 nss, u8 mcs,
9211 				      u8 *flags, u8 *bw)
9212 {
9213 	if (mode == ATH10K_PHY_MODE_HT) {
9214 		*flags = RATE_INFO_FLAGS_MCS;
9215 		ath10k_mac_get_rate_flags_ht(ar, rate, nss, mcs, flags, bw);
9216 	} else if (mode == ATH10K_PHY_MODE_VHT) {
9217 		*flags = RATE_INFO_FLAGS_VHT_MCS;
9218 		ath10k_mac_get_rate_flags_vht(ar, rate, nss, mcs, flags, bw);
9219 	}
9220 }
9221 
9222 static void ath10k_mac_parse_bitrate(struct ath10k *ar, u32 rate_code,
9223 				     u32 bitrate_kbps, struct rate_info *rate)
9224 {
9225 	enum ath10k_phy_mode mode = ATH10K_PHY_MODE_LEGACY;
9226 	enum wmi_rate_preamble preamble = WMI_TLV_GET_HW_RC_PREAM_V1(rate_code);
9227 	u8 nss = WMI_TLV_GET_HW_RC_NSS_V1(rate_code) + 1;
9228 	u8 mcs = WMI_TLV_GET_HW_RC_RATE_V1(rate_code);
9229 	u8 flags = 0, bw = 0;
9230 
9231 	ath10k_dbg(ar, ATH10K_DBG_MAC, "mac parse rate code 0x%x bitrate %d kbps\n",
9232 		   rate_code, bitrate_kbps);
9233 
9234 	if (preamble == WMI_RATE_PREAMBLE_HT)
9235 		mode = ATH10K_PHY_MODE_HT;
9236 	else if (preamble == WMI_RATE_PREAMBLE_VHT)
9237 		mode = ATH10K_PHY_MODE_VHT;
9238 
9239 	ath10k_mac_get_rate_flags(ar, bitrate_kbps / 100, mode, nss, mcs, &flags, &bw);
9240 
9241 	ath10k_dbg(ar, ATH10K_DBG_MAC,
9242 		   "mac parse bitrate preamble %d mode %d nss %d mcs %d flags %x bw %d\n",
9243 		   preamble, mode, nss, mcs, flags, bw);
9244 
9245 	rate->flags = flags;
9246 	rate->bw = bw;
9247 	rate->legacy = bitrate_kbps / 100;
9248 	rate->nss = nss;
9249 	rate->mcs = mcs;
9250 }
9251 
9252 static void ath10k_mac_sta_get_peer_stats_info(struct ath10k *ar,
9253 					       struct ieee80211_sta *sta,
9254 					       struct station_info *sinfo)
9255 {
9256 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9257 	struct ath10k_peer *peer;
9258 	unsigned long time_left;
9259 	int ret;
9260 
9261 	if (!(ar->hw_params.supports_peer_stats_info &&
9262 	      arsta->arvif->vdev_type == WMI_VDEV_TYPE_STA))
9263 		return;
9264 
9265 	spin_lock_bh(&ar->data_lock);
9266 	peer = ath10k_peer_find(ar, arsta->arvif->vdev_id, sta->addr);
9267 	spin_unlock_bh(&ar->data_lock);
9268 	if (!peer)
9269 		return;
9270 
9271 	reinit_completion(&ar->peer_stats_info_complete);
9272 
9273 	ret = ath10k_wmi_request_peer_stats_info(ar,
9274 						 arsta->arvif->vdev_id,
9275 						 WMI_REQUEST_ONE_PEER_STATS_INFO,
9276 						 arsta->arvif->bssid,
9277 						 0);
9278 	if (ret && ret != -EOPNOTSUPP) {
9279 		ath10k_warn(ar, "could not request peer stats info: %d\n", ret);
9280 		return;
9281 	}
9282 
9283 	time_left = wait_for_completion_timeout(&ar->peer_stats_info_complete, 3 * HZ);
9284 	if (time_left == 0) {
9285 		ath10k_warn(ar, "timed out waiting peer stats info\n");
9286 		return;
9287 	}
9288 
9289 	if (arsta->rx_rate_code != 0 && arsta->rx_bitrate_kbps != 0) {
9290 		ath10k_mac_parse_bitrate(ar, arsta->rx_rate_code,
9291 					 arsta->rx_bitrate_kbps,
9292 					 &sinfo->rxrate);
9293 
9294 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
9295 		arsta->rx_rate_code = 0;
9296 		arsta->rx_bitrate_kbps = 0;
9297 	}
9298 
9299 	if (arsta->tx_rate_code != 0 && arsta->tx_bitrate_kbps != 0) {
9300 		ath10k_mac_parse_bitrate(ar, arsta->tx_rate_code,
9301 					 arsta->tx_bitrate_kbps,
9302 					 &sinfo->txrate);
9303 
9304 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9305 		arsta->tx_rate_code = 0;
9306 		arsta->tx_bitrate_kbps = 0;
9307 	}
9308 }
9309 
9310 static void ath10k_sta_statistics(struct ieee80211_hw *hw,
9311 				  struct ieee80211_vif *vif,
9312 				  struct ieee80211_sta *sta,
9313 				  struct station_info *sinfo)
9314 {
9315 	struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
9316 	struct ath10k *ar = arsta->arvif->ar;
9317 
9318 	if (!ath10k_peer_stats_enabled(ar))
9319 		return;
9320 
9321 	mutex_lock(&ar->conf_mutex);
9322 	ath10k_debug_fw_stats_request(ar);
9323 	mutex_unlock(&ar->conf_mutex);
9324 
9325 	sinfo->rx_duration = arsta->rx_duration;
9326 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
9327 
9328 	if (arsta->txrate.legacy || arsta->txrate.nss) {
9329 		if (arsta->txrate.legacy) {
9330 			sinfo->txrate.legacy = arsta->txrate.legacy;
9331 		} else {
9332 			sinfo->txrate.mcs = arsta->txrate.mcs;
9333 			sinfo->txrate.nss = arsta->txrate.nss;
9334 			sinfo->txrate.bw = arsta->txrate.bw;
9335 		}
9336 		sinfo->txrate.flags = arsta->txrate.flags;
9337 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
9338 	}
9339 
9340 	if (ar->htt.disable_tx_comp) {
9341 		sinfo->tx_failed = arsta->tx_failed;
9342 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
9343 	}
9344 
9345 	sinfo->tx_retries = arsta->tx_retries;
9346 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
9347 
9348 	ath10k_mac_sta_get_peer_stats_info(ar, sta, sinfo);
9349 }
9350 
9351 static int ath10k_mac_op_set_tid_config(struct ieee80211_hw *hw,
9352 					struct ieee80211_vif *vif,
9353 					struct ieee80211_sta *sta,
9354 					struct cfg80211_tid_config *tid_config)
9355 {
9356 	struct ath10k *ar = hw->priv;
9357 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9358 	struct ath10k_mac_iter_tid_conf_data data = {};
9359 	struct wmi_per_peer_per_tid_cfg_arg arg = {};
9360 	int ret, i;
9361 
9362 	mutex_lock(&ar->conf_mutex);
9363 	arg.vdev_id = arvif->vdev_id;
9364 
9365 	arvif->tids_rst = 0;
9366 	memset(arvif->tid_conf_changed, 0, sizeof(arvif->tid_conf_changed));
9367 
9368 	for (i = 0; i < tid_config->n_tid_conf; i++) {
9369 		ret = ath10k_mac_parse_tid_config(ar, sta, vif,
9370 						  &tid_config->tid_conf[i],
9371 						  &arg);
9372 		if (ret)
9373 			goto exit;
9374 	}
9375 
9376 	ret = 0;
9377 
9378 	if (sta)
9379 		goto exit;
9380 
9381 	arvif->tids_rst = 0;
9382 	data.curr_vif = vif;
9383 	data.ar = ar;
9384 
9385 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9386 					  &data);
9387 
9388 exit:
9389 	mutex_unlock(&ar->conf_mutex);
9390 	return ret;
9391 }
9392 
9393 static int ath10k_mac_op_reset_tid_config(struct ieee80211_hw *hw,
9394 					  struct ieee80211_vif *vif,
9395 					  struct ieee80211_sta *sta,
9396 					  u8 tids)
9397 {
9398 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9399 	struct ath10k_mac_iter_tid_conf_data data = {};
9400 	struct ath10k *ar = hw->priv;
9401 	int ret = 0;
9402 
9403 	mutex_lock(&ar->conf_mutex);
9404 
9405 	if (sta) {
9406 		arvif->tids_rst = 0;
9407 		ret = ath10k_mac_reset_tid_config(ar, sta, arvif, tids);
9408 		goto exit;
9409 	}
9410 
9411 	arvif->tids_rst = tids;
9412 	data.curr_vif = vif;
9413 	data.ar = ar;
9414 	ieee80211_iterate_stations_atomic(hw, ath10k_mac_vif_stations_tid_conf,
9415 					  &data);
9416 
9417 exit:
9418 	mutex_unlock(&ar->conf_mutex);
9419 	return ret;
9420 }
9421 
9422 static const struct ieee80211_ops ath10k_ops = {
9423 	.tx				= ath10k_mac_op_tx,
9424 	.wake_tx_queue			= ath10k_mac_op_wake_tx_queue,
9425 	.start				= ath10k_start,
9426 	.stop				= ath10k_stop,
9427 	.config				= ath10k_config,
9428 	.add_interface			= ath10k_add_interface,
9429 	.update_vif_offload		= ath10k_update_vif_offload,
9430 	.remove_interface		= ath10k_remove_interface,
9431 	.configure_filter		= ath10k_configure_filter,
9432 	.bss_info_changed		= ath10k_bss_info_changed,
9433 	.set_coverage_class		= ath10k_mac_op_set_coverage_class,
9434 	.hw_scan			= ath10k_hw_scan,
9435 	.cancel_hw_scan			= ath10k_cancel_hw_scan,
9436 	.set_key			= ath10k_set_key,
9437 	.set_default_unicast_key        = ath10k_set_default_unicast_key,
9438 	.sta_state			= ath10k_sta_state,
9439 	.sta_set_txpwr			= ath10k_sta_set_txpwr,
9440 	.conf_tx			= ath10k_conf_tx,
9441 	.remain_on_channel		= ath10k_remain_on_channel,
9442 	.cancel_remain_on_channel	= ath10k_cancel_remain_on_channel,
9443 	.set_rts_threshold		= ath10k_set_rts_threshold,
9444 	.set_frag_threshold		= ath10k_mac_op_set_frag_threshold,
9445 	.flush				= ath10k_flush,
9446 	.tx_last_beacon			= ath10k_tx_last_beacon,
9447 	.set_antenna			= ath10k_set_antenna,
9448 	.get_antenna			= ath10k_get_antenna,
9449 	.reconfig_complete		= ath10k_reconfig_complete,
9450 	.get_survey			= ath10k_get_survey,
9451 	.set_bitrate_mask		= ath10k_mac_op_set_bitrate_mask,
9452 	.sta_rc_update			= ath10k_sta_rc_update,
9453 	.offset_tsf			= ath10k_offset_tsf,
9454 	.ampdu_action			= ath10k_ampdu_action,
9455 	.get_et_sset_count		= ath10k_debug_get_et_sset_count,
9456 	.get_et_stats			= ath10k_debug_get_et_stats,
9457 	.get_et_strings			= ath10k_debug_get_et_strings,
9458 	.add_chanctx			= ath10k_mac_op_add_chanctx,
9459 	.remove_chanctx			= ath10k_mac_op_remove_chanctx,
9460 	.change_chanctx			= ath10k_mac_op_change_chanctx,
9461 	.assign_vif_chanctx		= ath10k_mac_op_assign_vif_chanctx,
9462 	.unassign_vif_chanctx		= ath10k_mac_op_unassign_vif_chanctx,
9463 	.switch_vif_chanctx		= ath10k_mac_op_switch_vif_chanctx,
9464 	.sta_pre_rcu_remove		= ath10k_mac_op_sta_pre_rcu_remove,
9465 	.sta_statistics			= ath10k_sta_statistics,
9466 	.set_tid_config			= ath10k_mac_op_set_tid_config,
9467 	.reset_tid_config		= ath10k_mac_op_reset_tid_config,
9468 
9469 	CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
9470 
9471 #ifdef CONFIG_PM
9472 	.suspend			= ath10k_wow_op_suspend,
9473 	.resume				= ath10k_wow_op_resume,
9474 	.set_wakeup			= ath10k_wow_op_set_wakeup,
9475 #endif
9476 #ifdef CONFIG_MAC80211_DEBUGFS
9477 	.sta_add_debugfs		= ath10k_sta_add_debugfs,
9478 #endif
9479 	.set_sar_specs			= ath10k_mac_set_sar_specs,
9480 };
9481 
9482 #define CHAN2G(_channel, _freq, _flags) { \
9483 	.band			= NL80211_BAND_2GHZ, \
9484 	.hw_value		= (_channel), \
9485 	.center_freq		= (_freq), \
9486 	.flags			= (_flags), \
9487 	.max_antenna_gain	= 0, \
9488 	.max_power		= 30, \
9489 }
9490 
9491 #define CHAN5G(_channel, _freq, _flags) { \
9492 	.band			= NL80211_BAND_5GHZ, \
9493 	.hw_value		= (_channel), \
9494 	.center_freq		= (_freq), \
9495 	.flags			= (_flags), \
9496 	.max_antenna_gain	= 0, \
9497 	.max_power		= 30, \
9498 }
9499 
9500 static const struct ieee80211_channel ath10k_2ghz_channels[] = {
9501 	CHAN2G(1, 2412, 0),
9502 	CHAN2G(2, 2417, 0),
9503 	CHAN2G(3, 2422, 0),
9504 	CHAN2G(4, 2427, 0),
9505 	CHAN2G(5, 2432, 0),
9506 	CHAN2G(6, 2437, 0),
9507 	CHAN2G(7, 2442, 0),
9508 	CHAN2G(8, 2447, 0),
9509 	CHAN2G(9, 2452, 0),
9510 	CHAN2G(10, 2457, 0),
9511 	CHAN2G(11, 2462, 0),
9512 	CHAN2G(12, 2467, 0),
9513 	CHAN2G(13, 2472, 0),
9514 	CHAN2G(14, 2484, 0),
9515 };
9516 
9517 static const struct ieee80211_channel ath10k_5ghz_channels[] = {
9518 	CHAN5G(36, 5180, 0),
9519 	CHAN5G(40, 5200, 0),
9520 	CHAN5G(44, 5220, 0),
9521 	CHAN5G(48, 5240, 0),
9522 	CHAN5G(52, 5260, 0),
9523 	CHAN5G(56, 5280, 0),
9524 	CHAN5G(60, 5300, 0),
9525 	CHAN5G(64, 5320, 0),
9526 	CHAN5G(100, 5500, 0),
9527 	CHAN5G(104, 5520, 0),
9528 	CHAN5G(108, 5540, 0),
9529 	CHAN5G(112, 5560, 0),
9530 	CHAN5G(116, 5580, 0),
9531 	CHAN5G(120, 5600, 0),
9532 	CHAN5G(124, 5620, 0),
9533 	CHAN5G(128, 5640, 0),
9534 	CHAN5G(132, 5660, 0),
9535 	CHAN5G(136, 5680, 0),
9536 	CHAN5G(140, 5700, 0),
9537 	CHAN5G(144, 5720, 0),
9538 	CHAN5G(149, 5745, 0),
9539 	CHAN5G(153, 5765, 0),
9540 	CHAN5G(157, 5785, 0),
9541 	CHAN5G(161, 5805, 0),
9542 	CHAN5G(165, 5825, 0),
9543 	CHAN5G(169, 5845, 0),
9544 	CHAN5G(173, 5865, 0),
9545 	/* If you add more, you may need to change ATH10K_MAX_5G_CHAN */
9546 	/* And you will definitely need to change ATH10K_NUM_CHANS in core.h */
9547 };
9548 
9549 struct ath10k *ath10k_mac_create(size_t priv_size)
9550 {
9551 	struct ieee80211_hw *hw;
9552 	struct ieee80211_ops *ops;
9553 	struct ath10k *ar;
9554 
9555 	ops = kmemdup(&ath10k_ops, sizeof(ath10k_ops), GFP_KERNEL);
9556 	if (!ops)
9557 		return NULL;
9558 
9559 	hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, ops);
9560 	if (!hw) {
9561 		kfree(ops);
9562 		return NULL;
9563 	}
9564 
9565 	ar = hw->priv;
9566 	ar->hw = hw;
9567 	ar->ops = ops;
9568 
9569 	return ar;
9570 }
9571 
9572 void ath10k_mac_destroy(struct ath10k *ar)
9573 {
9574 	struct ieee80211_ops *ops = ar->ops;
9575 
9576 	ieee80211_free_hw(ar->hw);
9577 	kfree(ops);
9578 }
9579 
9580 static const struct ieee80211_iface_limit ath10k_if_limits[] = {
9581 	{
9582 		.max	= 8,
9583 		.types	= BIT(NL80211_IFTYPE_STATION)
9584 			| BIT(NL80211_IFTYPE_P2P_CLIENT)
9585 	},
9586 	{
9587 		.max	= 3,
9588 		.types	= BIT(NL80211_IFTYPE_P2P_GO)
9589 	},
9590 	{
9591 		.max	= 1,
9592 		.types	= BIT(NL80211_IFTYPE_P2P_DEVICE)
9593 	},
9594 	{
9595 		.max	= 7,
9596 		.types	= BIT(NL80211_IFTYPE_AP)
9597 #ifdef CONFIG_MAC80211_MESH
9598 			| BIT(NL80211_IFTYPE_MESH_POINT)
9599 #endif
9600 	},
9601 };
9602 
9603 static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
9604 	{
9605 		.max	= 8,
9606 		.types	= BIT(NL80211_IFTYPE_AP)
9607 #ifdef CONFIG_MAC80211_MESH
9608 			| BIT(NL80211_IFTYPE_MESH_POINT)
9609 #endif
9610 	},
9611 	{
9612 		.max	= 1,
9613 		.types	= BIT(NL80211_IFTYPE_STATION)
9614 	},
9615 };
9616 
9617 static const struct ieee80211_iface_combination ath10k_if_comb[] = {
9618 	{
9619 		.limits = ath10k_if_limits,
9620 		.n_limits = ARRAY_SIZE(ath10k_if_limits),
9621 		.max_interfaces = 8,
9622 		.num_different_channels = 1,
9623 		.beacon_int_infra_match = true,
9624 	},
9625 };
9626 
9627 static const struct ieee80211_iface_combination ath10k_10x_if_comb[] = {
9628 	{
9629 		.limits = ath10k_10x_if_limits,
9630 		.n_limits = ARRAY_SIZE(ath10k_10x_if_limits),
9631 		.max_interfaces = 8,
9632 		.num_different_channels = 1,
9633 		.beacon_int_infra_match = true,
9634 		.beacon_int_min_gcd = 1,
9635 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9636 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9637 					BIT(NL80211_CHAN_WIDTH_20) |
9638 					BIT(NL80211_CHAN_WIDTH_40) |
9639 					BIT(NL80211_CHAN_WIDTH_80),
9640 #endif
9641 	},
9642 };
9643 
9644 static const struct ieee80211_iface_limit ath10k_tlv_if_limit[] = {
9645 	{
9646 		.max = 2,
9647 		.types = BIT(NL80211_IFTYPE_STATION),
9648 	},
9649 	{
9650 		.max = 2,
9651 		.types = BIT(NL80211_IFTYPE_AP) |
9652 #ifdef CONFIG_MAC80211_MESH
9653 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9654 #endif
9655 			 BIT(NL80211_IFTYPE_P2P_CLIENT) |
9656 			 BIT(NL80211_IFTYPE_P2P_GO),
9657 	},
9658 	{
9659 		.max = 1,
9660 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9661 	},
9662 };
9663 
9664 static const struct ieee80211_iface_limit ath10k_tlv_qcs_if_limit[] = {
9665 	{
9666 		.max = 2,
9667 		.types = BIT(NL80211_IFTYPE_STATION),
9668 	},
9669 	{
9670 		.max = 2,
9671 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT),
9672 	},
9673 	{
9674 		.max = 1,
9675 		.types = BIT(NL80211_IFTYPE_AP) |
9676 #ifdef CONFIG_MAC80211_MESH
9677 			 BIT(NL80211_IFTYPE_MESH_POINT) |
9678 #endif
9679 			 BIT(NL80211_IFTYPE_P2P_GO),
9680 	},
9681 	{
9682 		.max = 1,
9683 		.types = BIT(NL80211_IFTYPE_P2P_DEVICE),
9684 	},
9685 };
9686 
9687 static const struct ieee80211_iface_limit ath10k_tlv_if_limit_ibss[] = {
9688 	{
9689 		.max = 1,
9690 		.types = BIT(NL80211_IFTYPE_STATION),
9691 	},
9692 	{
9693 		.max = 1,
9694 		.types = BIT(NL80211_IFTYPE_ADHOC),
9695 	},
9696 };
9697 
9698 /* FIXME: This is not thoroughly tested. These combinations may over- or
9699  * underestimate hw/fw capabilities.
9700  */
9701 static struct ieee80211_iface_combination ath10k_tlv_if_comb[] = {
9702 	{
9703 		.limits = ath10k_tlv_if_limit,
9704 		.num_different_channels = 1,
9705 		.max_interfaces = 4,
9706 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9707 	},
9708 	{
9709 		.limits = ath10k_tlv_if_limit_ibss,
9710 		.num_different_channels = 1,
9711 		.max_interfaces = 2,
9712 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9713 	},
9714 };
9715 
9716 static struct ieee80211_iface_combination ath10k_tlv_qcs_if_comb[] = {
9717 	{
9718 		.limits = ath10k_tlv_if_limit,
9719 		.num_different_channels = 1,
9720 		.max_interfaces = 4,
9721 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit),
9722 	},
9723 	{
9724 		.limits = ath10k_tlv_qcs_if_limit,
9725 		.num_different_channels = 2,
9726 		.max_interfaces = 4,
9727 		.n_limits = ARRAY_SIZE(ath10k_tlv_qcs_if_limit),
9728 	},
9729 	{
9730 		.limits = ath10k_tlv_if_limit_ibss,
9731 		.num_different_channels = 1,
9732 		.max_interfaces = 2,
9733 		.n_limits = ARRAY_SIZE(ath10k_tlv_if_limit_ibss),
9734 	},
9735 };
9736 
9737 static const struct ieee80211_iface_limit ath10k_10_4_if_limits[] = {
9738 	{
9739 		.max = 1,
9740 		.types = BIT(NL80211_IFTYPE_STATION),
9741 	},
9742 	{
9743 		.max	= 16,
9744 		.types	= BIT(NL80211_IFTYPE_AP)
9745 #ifdef CONFIG_MAC80211_MESH
9746 			| BIT(NL80211_IFTYPE_MESH_POINT)
9747 #endif
9748 	},
9749 };
9750 
9751 static const struct ieee80211_iface_combination ath10k_10_4_if_comb[] = {
9752 	{
9753 		.limits = ath10k_10_4_if_limits,
9754 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9755 		.max_interfaces = 16,
9756 		.num_different_channels = 1,
9757 		.beacon_int_infra_match = true,
9758 		.beacon_int_min_gcd = 1,
9759 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9760 		.radar_detect_widths =	BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9761 					BIT(NL80211_CHAN_WIDTH_20) |
9762 					BIT(NL80211_CHAN_WIDTH_40) |
9763 					BIT(NL80211_CHAN_WIDTH_80) |
9764 					BIT(NL80211_CHAN_WIDTH_80P80) |
9765 					BIT(NL80211_CHAN_WIDTH_160),
9766 #endif
9767 	},
9768 };
9769 
9770 static const struct
9771 ieee80211_iface_combination ath10k_10_4_bcn_int_if_comb[] = {
9772 	{
9773 		.limits = ath10k_10_4_if_limits,
9774 		.n_limits = ARRAY_SIZE(ath10k_10_4_if_limits),
9775 		.max_interfaces = 16,
9776 		.num_different_channels = 1,
9777 		.beacon_int_infra_match = true,
9778 		.beacon_int_min_gcd = 100,
9779 #ifdef CONFIG_ATH10K_DFS_CERTIFIED
9780 		.radar_detect_widths =  BIT(NL80211_CHAN_WIDTH_20_NOHT) |
9781 					BIT(NL80211_CHAN_WIDTH_20) |
9782 					BIT(NL80211_CHAN_WIDTH_40) |
9783 					BIT(NL80211_CHAN_WIDTH_80) |
9784 					BIT(NL80211_CHAN_WIDTH_80P80) |
9785 					BIT(NL80211_CHAN_WIDTH_160),
9786 #endif
9787 	},
9788 };
9789 
9790 static void ath10k_get_arvif_iter(void *data, u8 *mac,
9791 				  struct ieee80211_vif *vif)
9792 {
9793 	struct ath10k_vif_iter *arvif_iter = data;
9794 	struct ath10k_vif *arvif = (void *)vif->drv_priv;
9795 
9796 	if (arvif->vdev_id == arvif_iter->vdev_id)
9797 		arvif_iter->arvif = arvif;
9798 }
9799 
9800 struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id)
9801 {
9802 	struct ath10k_vif_iter arvif_iter;
9803 
9804 	memset(&arvif_iter, 0, sizeof(struct ath10k_vif_iter));
9805 	arvif_iter.vdev_id = vdev_id;
9806 
9807 	ieee80211_iterate_active_interfaces_atomic(ar->hw,
9808 						   ATH10K_ITER_RESUME_FLAGS,
9809 						   ath10k_get_arvif_iter,
9810 						   &arvif_iter);
9811 	if (!arvif_iter.arvif) {
9812 		ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
9813 		return NULL;
9814 	}
9815 
9816 	return arvif_iter.arvif;
9817 }
9818 
9819 #define WRD_METHOD "WRDD"
9820 #define WRDD_WIFI  (0x07)
9821 
9822 static u32 ath10k_mac_wrdd_get_mcc(struct ath10k *ar, union acpi_object *wrdd)
9823 {
9824 	union acpi_object *mcc_pkg;
9825 	union acpi_object *domain_type;
9826 	union acpi_object *mcc_value;
9827 	u32 i;
9828 
9829 	if (wrdd->type != ACPI_TYPE_PACKAGE ||
9830 	    wrdd->package.count < 2 ||
9831 	    wrdd->package.elements[0].type != ACPI_TYPE_INTEGER ||
9832 	    wrdd->package.elements[0].integer.value != 0) {
9833 		ath10k_warn(ar, "ignoring malformed/unsupported wrdd structure\n");
9834 		return 0;
9835 	}
9836 
9837 	for (i = 1; i < wrdd->package.count; ++i) {
9838 		mcc_pkg = &wrdd->package.elements[i];
9839 
9840 		if (mcc_pkg->type != ACPI_TYPE_PACKAGE)
9841 			continue;
9842 		if (mcc_pkg->package.count < 2)
9843 			continue;
9844 		if (mcc_pkg->package.elements[0].type != ACPI_TYPE_INTEGER ||
9845 		    mcc_pkg->package.elements[1].type != ACPI_TYPE_INTEGER)
9846 			continue;
9847 
9848 		domain_type = &mcc_pkg->package.elements[0];
9849 		if (domain_type->integer.value != WRDD_WIFI)
9850 			continue;
9851 
9852 		mcc_value = &mcc_pkg->package.elements[1];
9853 		return mcc_value->integer.value;
9854 	}
9855 	return 0;
9856 }
9857 
9858 static int ath10k_mac_get_wrdd_regulatory(struct ath10k *ar, u16 *rd)
9859 {
9860 	acpi_handle root_handle;
9861 	acpi_handle handle;
9862 	struct acpi_buffer wrdd = {ACPI_ALLOCATE_BUFFER, NULL};
9863 	acpi_status status;
9864 	u32 alpha2_code;
9865 	char alpha2[3];
9866 
9867 	root_handle = ACPI_HANDLE(ar->dev);
9868 	if (!root_handle)
9869 		return -EOPNOTSUPP;
9870 
9871 	status = acpi_get_handle(root_handle, (acpi_string)WRD_METHOD, &handle);
9872 	if (ACPI_FAILURE(status)) {
9873 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9874 			   "failed to get wrd method %d\n", status);
9875 		return -EIO;
9876 	}
9877 
9878 	status = acpi_evaluate_object(handle, NULL, NULL, &wrdd);
9879 	if (ACPI_FAILURE(status)) {
9880 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9881 			   "failed to call wrdc %d\n", status);
9882 		return -EIO;
9883 	}
9884 
9885 	alpha2_code = ath10k_mac_wrdd_get_mcc(ar, wrdd.pointer);
9886 	kfree(wrdd.pointer);
9887 	if (!alpha2_code)
9888 		return -EIO;
9889 
9890 	alpha2[0] = (alpha2_code >> 8) & 0xff;
9891 	alpha2[1] = (alpha2_code >> 0) & 0xff;
9892 	alpha2[2] = '\0';
9893 
9894 	ath10k_dbg(ar, ATH10K_DBG_BOOT,
9895 		   "regulatory hint from WRDD (alpha2-code): %s\n", alpha2);
9896 
9897 	*rd = ath_regd_find_country_by_name(alpha2);
9898 	if (*rd == 0xffff)
9899 		return -EIO;
9900 
9901 	*rd |= COUNTRY_ERD_FLAG;
9902 	return 0;
9903 }
9904 
9905 static int ath10k_mac_init_rd(struct ath10k *ar)
9906 {
9907 	int ret;
9908 	u16 rd;
9909 
9910 	ret = ath10k_mac_get_wrdd_regulatory(ar, &rd);
9911 	if (ret) {
9912 		ath10k_dbg(ar, ATH10K_DBG_BOOT,
9913 			   "fallback to eeprom programmed regulatory settings\n");
9914 		rd = ar->hw_eeprom_rd;
9915 	}
9916 
9917 	ar->ath_common.regulatory.current_rd = rd;
9918 	return 0;
9919 }
9920 
9921 int ath10k_mac_register(struct ath10k *ar)
9922 {
9923 	static const u32 cipher_suites[] = {
9924 		WLAN_CIPHER_SUITE_WEP40,
9925 		WLAN_CIPHER_SUITE_WEP104,
9926 		WLAN_CIPHER_SUITE_TKIP,
9927 		WLAN_CIPHER_SUITE_CCMP,
9928 
9929 		/* Do not add hardware supported ciphers before this line.
9930 		 * Allow software encryption for all chips. Don't forget to
9931 		 * update n_cipher_suites below.
9932 		 */
9933 		WLAN_CIPHER_SUITE_AES_CMAC,
9934 		WLAN_CIPHER_SUITE_BIP_CMAC_256,
9935 		WLAN_CIPHER_SUITE_BIP_GMAC_128,
9936 		WLAN_CIPHER_SUITE_BIP_GMAC_256,
9937 
9938 		/* Only QCA99x0 and QCA4019 variants support GCMP-128, GCMP-256
9939 		 * and CCMP-256 in hardware.
9940 		 */
9941 		WLAN_CIPHER_SUITE_GCMP,
9942 		WLAN_CIPHER_SUITE_GCMP_256,
9943 		WLAN_CIPHER_SUITE_CCMP_256,
9944 	};
9945 	struct ieee80211_supported_band *band;
9946 	void *channels;
9947 	int ret;
9948 
9949 	if (!is_valid_ether_addr(ar->mac_addr)) {
9950 		ath10k_warn(ar, "invalid MAC address; choosing random\n");
9951 		eth_random_addr(ar->mac_addr);
9952 	}
9953 	SET_IEEE80211_PERM_ADDR(ar->hw, ar->mac_addr);
9954 
9955 	SET_IEEE80211_DEV(ar->hw, ar->dev);
9956 
9957 	BUILD_BUG_ON((ARRAY_SIZE(ath10k_2ghz_channels) +
9958 		      ARRAY_SIZE(ath10k_5ghz_channels)) !=
9959 		     ATH10K_NUM_CHANS);
9960 
9961 	if (ar->phy_capability & WHAL_WLAN_11G_CAPABILITY) {
9962 		channels = kmemdup(ath10k_2ghz_channels,
9963 				   sizeof(ath10k_2ghz_channels),
9964 				   GFP_KERNEL);
9965 		if (!channels) {
9966 			ret = -ENOMEM;
9967 			goto err_free;
9968 		}
9969 
9970 		band = &ar->mac.sbands[NL80211_BAND_2GHZ];
9971 		band->n_channels = ARRAY_SIZE(ath10k_2ghz_channels);
9972 		band->channels = channels;
9973 
9974 		if (ar->hw_params.cck_rate_map_rev2) {
9975 			band->n_bitrates = ath10k_g_rates_rev2_size;
9976 			band->bitrates = ath10k_g_rates_rev2;
9977 		} else {
9978 			band->n_bitrates = ath10k_g_rates_size;
9979 			band->bitrates = ath10k_g_rates;
9980 		}
9981 
9982 		ar->hw->wiphy->bands[NL80211_BAND_2GHZ] = band;
9983 	}
9984 
9985 	if (ar->phy_capability & WHAL_WLAN_11A_CAPABILITY) {
9986 		channels = kmemdup(ath10k_5ghz_channels,
9987 				   sizeof(ath10k_5ghz_channels),
9988 				   GFP_KERNEL);
9989 		if (!channels) {
9990 			ret = -ENOMEM;
9991 			goto err_free;
9992 		}
9993 
9994 		band = &ar->mac.sbands[NL80211_BAND_5GHZ];
9995 		band->n_channels = ARRAY_SIZE(ath10k_5ghz_channels);
9996 		band->channels = channels;
9997 		band->n_bitrates = ath10k_a_rates_size;
9998 		band->bitrates = ath10k_a_rates;
9999 		ar->hw->wiphy->bands[NL80211_BAND_5GHZ] = band;
10000 	}
10001 
10002 	wiphy_read_of_freq_limits(ar->hw->wiphy);
10003 	ath10k_mac_setup_ht_vht_cap(ar);
10004 
10005 	ar->hw->wiphy->interface_modes =
10006 		BIT(NL80211_IFTYPE_STATION) |
10007 		BIT(NL80211_IFTYPE_AP) |
10008 		BIT(NL80211_IFTYPE_MESH_POINT);
10009 
10010 	ar->hw->wiphy->available_antennas_rx = ar->cfg_rx_chainmask;
10011 	ar->hw->wiphy->available_antennas_tx = ar->cfg_tx_chainmask;
10012 
10013 	if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->normal_mode_fw.fw_file.fw_features))
10014 		ar->hw->wiphy->interface_modes |=
10015 			BIT(NL80211_IFTYPE_P2P_DEVICE) |
10016 			BIT(NL80211_IFTYPE_P2P_CLIENT) |
10017 			BIT(NL80211_IFTYPE_P2P_GO);
10018 
10019 	ieee80211_hw_set(ar->hw, SIGNAL_DBM);
10020 
10021 	if (!test_bit(ATH10K_FW_FEATURE_NO_PS,
10022 		      ar->running_fw->fw_file.fw_features)) {
10023 		ieee80211_hw_set(ar->hw, SUPPORTS_PS);
10024 		ieee80211_hw_set(ar->hw, SUPPORTS_DYNAMIC_PS);
10025 	}
10026 
10027 	ieee80211_hw_set(ar->hw, MFP_CAPABLE);
10028 	ieee80211_hw_set(ar->hw, REPORTS_TX_ACK_STATUS);
10029 	ieee80211_hw_set(ar->hw, HAS_RATE_CONTROL);
10030 	ieee80211_hw_set(ar->hw, AP_LINK_PS);
10031 	ieee80211_hw_set(ar->hw, SPECTRUM_MGMT);
10032 	ieee80211_hw_set(ar->hw, SUPPORT_FAST_XMIT);
10033 	ieee80211_hw_set(ar->hw, CONNECTION_MONITOR);
10034 	ieee80211_hw_set(ar->hw, SUPPORTS_PER_STA_GTK);
10035 	ieee80211_hw_set(ar->hw, WANT_MONITOR_VIF);
10036 	ieee80211_hw_set(ar->hw, CHANCTX_STA_CSA);
10037 	ieee80211_hw_set(ar->hw, QUEUE_CONTROL);
10038 	ieee80211_hw_set(ar->hw, SUPPORTS_TX_FRAG);
10039 	ieee80211_hw_set(ar->hw, REPORTS_LOW_ACK);
10040 
10041 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10042 		ieee80211_hw_set(ar->hw, SW_CRYPTO_CONTROL);
10043 
10044 	ar->hw->wiphy->features |= NL80211_FEATURE_STATIC_SMPS;
10045 	ar->hw->wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
10046 
10047 	if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
10048 		ar->hw->wiphy->features |= NL80211_FEATURE_DYNAMIC_SMPS;
10049 
10050 	if (ar->ht_cap_info & WMI_HT_CAP_ENABLED) {
10051 		ieee80211_hw_set(ar->hw, AMPDU_AGGREGATION);
10052 		ieee80211_hw_set(ar->hw, TX_AMPDU_SETUP_IN_HW);
10053 	}
10054 
10055 	ar->hw->wiphy->max_scan_ssids = WLAN_SCAN_PARAMS_MAX_SSID;
10056 	ar->hw->wiphy->max_scan_ie_len = WLAN_SCAN_PARAMS_MAX_IE_LEN;
10057 
10058 	if (test_bit(WMI_SERVICE_NLO, ar->wmi.svc_map)) {
10059 		ar->hw->wiphy->max_sched_scan_ssids = WMI_PNO_MAX_SUPP_NETWORKS;
10060 		ar->hw->wiphy->max_match_sets = WMI_PNO_MAX_SUPP_NETWORKS;
10061 		ar->hw->wiphy->max_sched_scan_ie_len = WMI_PNO_MAX_IE_LENGTH;
10062 		ar->hw->wiphy->max_sched_scan_plans = WMI_PNO_MAX_SCHED_SCAN_PLANS;
10063 		ar->hw->wiphy->max_sched_scan_plan_interval =
10064 			WMI_PNO_MAX_SCHED_SCAN_PLAN_INT;
10065 		ar->hw->wiphy->max_sched_scan_plan_iterations =
10066 			WMI_PNO_MAX_SCHED_SCAN_PLAN_ITRNS;
10067 		ar->hw->wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
10068 	}
10069 
10070 	ar->hw->vif_data_size = sizeof(struct ath10k_vif);
10071 	ar->hw->sta_data_size = sizeof(struct ath10k_sta);
10072 	ar->hw->txq_data_size = sizeof(struct ath10k_txq);
10073 
10074 	ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
10075 
10076 	if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
10077 		ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
10078 
10079 		/* Firmware delivers WPS/P2P Probe Requests frames to driver so
10080 		 * that userspace (e.g. wpa_supplicant/hostapd) can generate
10081 		 * correct Probe Responses. This is more of a hack advert..
10082 		 */
10083 		ar->hw->wiphy->probe_resp_offload |=
10084 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
10085 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
10086 			NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
10087 	}
10088 
10089 	if (test_bit(WMI_SERVICE_TDLS, ar->wmi.svc_map) ||
10090 	    test_bit(WMI_SERVICE_TDLS_EXPLICIT_MODE_ONLY, ar->wmi.svc_map)) {
10091 		ar->hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
10092 		if (test_bit(WMI_SERVICE_TDLS_WIDER_BANDWIDTH, ar->wmi.svc_map))
10093 			ieee80211_hw_set(ar->hw, TDLS_WIDER_BW);
10094 	}
10095 
10096 	if (test_bit(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, ar->wmi.svc_map))
10097 		ieee80211_hw_set(ar->hw, SUPPORTS_TDLS_BUFFER_STA);
10098 
10099 	if (ath10k_frame_mode == ATH10K_HW_TXRX_ETHERNET) {
10100 		if (ar->wmi.vdev_param->tx_encap_type !=
10101 		    WMI_VDEV_PARAM_UNSUPPORTED)
10102 			ieee80211_hw_set(ar->hw, SUPPORTS_TX_ENCAP_OFFLOAD);
10103 	}
10104 
10105 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
10106 	ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
10107 	ar->hw->wiphy->max_remain_on_channel_duration = 5000;
10108 
10109 	ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
10110 	ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
10111 				   NL80211_FEATURE_AP_SCAN;
10112 
10113 	ar->hw->wiphy->max_ap_assoc_sta = ar->max_num_stations;
10114 
10115 	ret = ath10k_wow_init(ar);
10116 	if (ret) {
10117 		ath10k_warn(ar, "failed to init wow: %d\n", ret);
10118 		goto err_free;
10119 	}
10120 
10121 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
10122 	wiphy_ext_feature_set(ar->hw->wiphy,
10123 			      NL80211_EXT_FEATURE_SET_SCAN_DWELL);
10124 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_AQL);
10125 
10126 	if (test_bit(WMI_SERVICE_TX_DATA_ACK_RSSI, ar->wmi.svc_map) ||
10127 	    test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS, ar->wmi.svc_map))
10128 		wiphy_ext_feature_set(ar->hw->wiphy,
10129 				      NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT);
10130 
10131 	if (ath10k_peer_stats_enabled(ar) ||
10132 	    test_bit(WMI_SERVICE_REPORT_AIRTIME, ar->wmi.svc_map))
10133 		wiphy_ext_feature_set(ar->hw->wiphy,
10134 				      NL80211_EXT_FEATURE_AIRTIME_FAIRNESS);
10135 
10136 	if (test_bit(WMI_SERVICE_RTT_RESPONDER_ROLE, ar->wmi.svc_map))
10137 		wiphy_ext_feature_set(ar->hw->wiphy,
10138 				      NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
10139 
10140 	if (test_bit(WMI_SERVICE_TX_PWR_PER_PEER, ar->wmi.svc_map))
10141 		wiphy_ext_feature_set(ar->hw->wiphy,
10142 				      NL80211_EXT_FEATURE_STA_TX_PWR);
10143 
10144 	if (test_bit(WMI_SERVICE_PEER_TID_CONFIGS_SUPPORT, ar->wmi.svc_map)) {
10145 		ar->hw->wiphy->tid_config_support.vif |=
10146 				BIT(NL80211_TID_CONFIG_ATTR_NOACK) |
10147 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT) |
10148 				BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG) |
10149 				BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL) |
10150 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE) |
10151 				BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
10152 
10153 		if (test_bit(WMI_SERVICE_EXT_PEER_TID_CONFIGS_SUPPORT,
10154 			     ar->wmi.svc_map)) {
10155 			ar->hw->wiphy->tid_config_support.vif |=
10156 				BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
10157 		}
10158 
10159 		ar->hw->wiphy->tid_config_support.peer =
10160 				ar->hw->wiphy->tid_config_support.vif;
10161 		ar->hw->wiphy->max_data_retry_count = ATH10K_MAX_RETRY_COUNT;
10162 	} else {
10163 		ar->ops->set_tid_config = NULL;
10164 	}
10165 	/*
10166 	 * on LL hardware queues are managed entirely by the FW
10167 	 * so we only advertise to mac we can do the queues thing
10168 	 */
10169 	ar->hw->queues = IEEE80211_MAX_QUEUES;
10170 
10171 	/* vdev_ids are used as hw queue numbers. Make sure offchan tx queue is
10172 	 * something that vdev_ids can't reach so that we don't stop the queue
10173 	 * accidentally.
10174 	 */
10175 	ar->hw->offchannel_tx_hw_queue = IEEE80211_MAX_QUEUES - 1;
10176 
10177 	switch (ar->running_fw->fw_file.wmi_op_version) {
10178 	case ATH10K_FW_WMI_OP_VERSION_MAIN:
10179 		ar->hw->wiphy->iface_combinations = ath10k_if_comb;
10180 		ar->hw->wiphy->n_iface_combinations =
10181 			ARRAY_SIZE(ath10k_if_comb);
10182 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10183 		break;
10184 	case ATH10K_FW_WMI_OP_VERSION_TLV:
10185 		if (test_bit(WMI_SERVICE_ADAPTIVE_OCS, ar->wmi.svc_map)) {
10186 			ar->hw->wiphy->iface_combinations =
10187 				ath10k_tlv_qcs_if_comb;
10188 			ar->hw->wiphy->n_iface_combinations =
10189 				ARRAY_SIZE(ath10k_tlv_qcs_if_comb);
10190 		} else {
10191 			ar->hw->wiphy->iface_combinations = ath10k_tlv_if_comb;
10192 			ar->hw->wiphy->n_iface_combinations =
10193 				ARRAY_SIZE(ath10k_tlv_if_comb);
10194 		}
10195 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
10196 		break;
10197 	case ATH10K_FW_WMI_OP_VERSION_10_1:
10198 	case ATH10K_FW_WMI_OP_VERSION_10_2:
10199 	case ATH10K_FW_WMI_OP_VERSION_10_2_4:
10200 		ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
10201 		ar->hw->wiphy->n_iface_combinations =
10202 			ARRAY_SIZE(ath10k_10x_if_comb);
10203 		break;
10204 	case ATH10K_FW_WMI_OP_VERSION_10_4:
10205 		ar->hw->wiphy->iface_combinations = ath10k_10_4_if_comb;
10206 		ar->hw->wiphy->n_iface_combinations =
10207 			ARRAY_SIZE(ath10k_10_4_if_comb);
10208 		if (test_bit(WMI_SERVICE_VDEV_DIFFERENT_BEACON_INTERVAL_SUPPORT,
10209 			     ar->wmi.svc_map)) {
10210 			ar->hw->wiphy->iface_combinations =
10211 				ath10k_10_4_bcn_int_if_comb;
10212 			ar->hw->wiphy->n_iface_combinations =
10213 				ARRAY_SIZE(ath10k_10_4_bcn_int_if_comb);
10214 		}
10215 		break;
10216 	case ATH10K_FW_WMI_OP_VERSION_UNSET:
10217 	case ATH10K_FW_WMI_OP_VERSION_MAX:
10218 		WARN_ON(1);
10219 		ret = -EINVAL;
10220 		goto err_free;
10221 	}
10222 
10223 	if (ar->hw_params.dynamic_sar_support)
10224 		ar->hw->wiphy->sar_capa = &ath10k_sar_capa;
10225 
10226 	if (!test_bit(ATH10K_FLAG_RAW_MODE, &ar->dev_flags))
10227 		ar->hw->netdev_features = NETIF_F_HW_CSUM;
10228 
10229 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED)) {
10230 		/* Init ath dfs pattern detector */
10231 		ar->ath_common.debug_mask = ATH_DBG_DFS;
10232 		ar->dfs_detector = dfs_pattern_detector_init(&ar->ath_common,
10233 							     NL80211_DFS_UNSET);
10234 
10235 		if (!ar->dfs_detector)
10236 			ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
10237 	}
10238 
10239 	ret = ath10k_mac_init_rd(ar);
10240 	if (ret) {
10241 		ath10k_err(ar, "failed to derive regdom: %d\n", ret);
10242 		goto err_dfs_detector_exit;
10243 	}
10244 
10245 	/* Disable set_coverage_class for chipsets that do not support it. */
10246 	if (!ar->hw_params.hw_ops->set_coverage_class)
10247 		ar->ops->set_coverage_class = NULL;
10248 
10249 	ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
10250 			    ath10k_reg_notifier);
10251 	if (ret) {
10252 		ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
10253 		goto err_dfs_detector_exit;
10254 	}
10255 
10256 	if (test_bit(WMI_SERVICE_SPOOF_MAC_SUPPORT, ar->wmi.svc_map)) {
10257 		ar->hw->wiphy->features |=
10258 			NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
10259 	}
10260 
10261 	ar->hw->wiphy->cipher_suites = cipher_suites;
10262 
10263 	/* QCA988x and QCA6174 family chips do not support CCMP-256, GCMP-128
10264 	 * and GCMP-256 ciphers in hardware. Fetch number of ciphers supported
10265 	 * from chip specific hw_param table.
10266 	 */
10267 	if (!ar->hw_params.n_cipher_suites ||
10268 	    ar->hw_params.n_cipher_suites > ARRAY_SIZE(cipher_suites)) {
10269 		ath10k_err(ar, "invalid hw_params.n_cipher_suites %d\n",
10270 			   ar->hw_params.n_cipher_suites);
10271 		ar->hw_params.n_cipher_suites = 8;
10272 	}
10273 	ar->hw->wiphy->n_cipher_suites = ar->hw_params.n_cipher_suites;
10274 
10275 	wiphy_ext_feature_set(ar->hw->wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
10276 
10277 	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
10278 
10279 	ret = ieee80211_register_hw(ar->hw);
10280 	if (ret) {
10281 		ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
10282 		goto err_dfs_detector_exit;
10283 	}
10284 
10285 	if (test_bit(WMI_SERVICE_PER_PACKET_SW_ENCRYPT, ar->wmi.svc_map)) {
10286 		ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
10287 		ar->hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
10288 	}
10289 
10290 	if (!ath_is_world_regd(&ar->ath_common.reg_world_copy) &&
10291 	    !ath_is_world_regd(&ar->ath_common.regulatory)) {
10292 		ret = regulatory_hint(ar->hw->wiphy,
10293 				      ar->ath_common.regulatory.alpha2);
10294 		if (ret)
10295 			goto err_unregister;
10296 	}
10297 
10298 	return 0;
10299 
10300 err_unregister:
10301 	ieee80211_unregister_hw(ar->hw);
10302 
10303 err_dfs_detector_exit:
10304 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10305 		ar->dfs_detector->exit(ar->dfs_detector);
10306 
10307 err_free:
10308 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10309 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10310 
10311 	SET_IEEE80211_DEV(ar->hw, NULL);
10312 	return ret;
10313 }
10314 
10315 void ath10k_mac_unregister(struct ath10k *ar)
10316 {
10317 	ieee80211_unregister_hw(ar->hw);
10318 
10319 	if (IS_ENABLED(CONFIG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector)
10320 		ar->dfs_detector->exit(ar->dfs_detector);
10321 
10322 	kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels);
10323 	kfree(ar->mac.sbands[NL80211_BAND_5GHZ].channels);
10324 
10325 	SET_IEEE80211_DEV(ar->hw, NULL);
10326 }
10327