xref: /openbmc/linux/drivers/net/wireless/mediatek/mt76/mt7615/mcu.c (revision 4984dd069f2995f239f075199ee8c0d9f020bcd9)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2019 MediaTek Inc.
3  *
4  * Author: Roy Luo <royluo@google.com>
5  *         Ryder Lee <ryder.lee@mediatek.com>
6  */
7 
8 #include <linux/firmware.h>
9 #include "mt7615.h"
10 #include "mcu.h"
11 #include "mac.h"
12 #include "eeprom.h"
13 
14 struct mt7615_patch_hdr {
15 	char build_date[16];
16 	char platform[4];
17 	__be32 hw_sw_ver;
18 	__be32 patch_ver;
19 	__be16 checksum;
20 } __packed;
21 
22 struct mt7615_fw_trailer {
23 	__le32 addr;
24 	u8 chip_id;
25 	u8 feature_set;
26 	u8 eco_code;
27 	char fw_ver[10];
28 	char build_date[15];
29 	__le32 len;
30 } __packed;
31 
32 #define MCU_PATCH_ADDRESS		0x80000
33 
34 #define N9_REGION_NUM			2
35 #define CR4_REGION_NUM			1
36 
37 #define IMG_CRC_LEN			4
38 
39 #define FW_FEATURE_SET_ENCRYPT		BIT(0)
40 #define FW_FEATURE_SET_KEY_IDX		GENMASK(2, 1)
41 
42 #define DL_MODE_ENCRYPT			BIT(0)
43 #define DL_MODE_KEY_IDX			GENMASK(2, 1)
44 #define DL_MODE_RESET_SEC_IV		BIT(3)
45 #define DL_MODE_WORKING_PDA_CR4		BIT(4)
46 #define DL_MODE_NEED_RSP		BIT(31)
47 
48 #define FW_START_OVERRIDE		BIT(0)
49 #define FW_START_WORKING_PDA_CR4	BIT(2)
50 
51 static int __mt7615_mcu_msg_send(struct mt7615_dev *dev, struct sk_buff *skb,
52 				 int cmd, int query, int dest, int *wait_seq)
53 {
54 	struct mt7615_mcu_txd *mcu_txd;
55 	u8 seq, q_idx, pkt_fmt;
56 	enum mt76_txq_id qid;
57 	u32 val;
58 	__le32 *txd;
59 
60 	if (!skb)
61 		return -EINVAL;
62 
63 	seq = ++dev->mt76.mmio.mcu.msg_seq & 0xf;
64 	if (!seq)
65 		seq = ++dev->mt76.mmio.mcu.msg_seq & 0xf;
66 
67 	mcu_txd = (struct mt7615_mcu_txd *)skb_push(skb,
68 		   sizeof(struct mt7615_mcu_txd));
69 	memset(mcu_txd, 0, sizeof(struct mt7615_mcu_txd));
70 
71 	if (cmd != -MCU_CMD_FW_SCATTER) {
72 		q_idx = MT_TX_MCU_PORT_RX_Q0;
73 		pkt_fmt = MT_TX_TYPE_CMD;
74 	} else {
75 		q_idx = MT_TX_MCU_PORT_RX_FWDL;
76 		pkt_fmt = MT_TX_TYPE_FW;
77 	}
78 
79 	txd = mcu_txd->txd;
80 
81 	val = FIELD_PREP(MT_TXD0_TX_BYTES, cpu_to_le16(skb->len)) |
82 	      FIELD_PREP(MT_TXD0_P_IDX, MT_TX_PORT_IDX_MCU) |
83 	      FIELD_PREP(MT_TXD0_Q_IDX, q_idx);
84 	txd[0] = cpu_to_le32(val);
85 
86 	val = MT_TXD1_LONG_FORMAT |
87 	      FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD) |
88 	      FIELD_PREP(MT_TXD1_PKT_FMT, pkt_fmt);
89 	txd[1] = cpu_to_le32(val);
90 
91 	mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
92 	mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU, q_idx));
93 	mcu_txd->pkt_type = MCU_PKT_ID;
94 	mcu_txd->seq = seq;
95 
96 	if (cmd < 0) {
97 		mcu_txd->cid = -cmd;
98 	} else {
99 		mcu_txd->cid = MCU_CMD_EXT_CID;
100 		mcu_txd->ext_cid = cmd;
101 		if (query != MCU_Q_NA)
102 			mcu_txd->ext_cid_ack = 1;
103 	}
104 
105 	mcu_txd->set_query = query;
106 	mcu_txd->s2d_index = dest;
107 
108 	if (wait_seq)
109 		*wait_seq = seq;
110 
111 	if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mt76.state))
112 		qid = MT_TXQ_MCU;
113 	else
114 		qid = MT_TXQ_FWDL;
115 
116 	return mt76_tx_queue_skb_raw(dev, qid, skb, 0);
117 }
118 
119 static int mt7615_mcu_msg_send(struct mt7615_dev *dev, struct sk_buff *skb,
120 			       int cmd, int query, int dest,
121 			       struct sk_buff **skb_ret)
122 {
123 	unsigned long expires = jiffies + 10 * HZ;
124 	struct mt7615_mcu_rxd *rxd;
125 	int ret, seq;
126 
127 	mutex_lock(&dev->mt76.mmio.mcu.mutex);
128 
129 	ret = __mt7615_mcu_msg_send(dev, skb, cmd, query, dest, &seq);
130 	if (ret)
131 		goto out;
132 
133 	while (1) {
134 		skb = mt76_mcu_get_response(&dev->mt76, expires);
135 		if (!skb) {
136 			dev_err(dev->mt76.dev, "Message %d (seq %d) timeout\n",
137 				cmd, seq);
138 			ret = -ETIMEDOUT;
139 			break;
140 		}
141 
142 		rxd = (struct mt7615_mcu_rxd *)skb->data;
143 		if (seq != rxd->seq)
144 			continue;
145 
146 		if (skb_ret) {
147 			int hdr_len = sizeof(*rxd);
148 
149 			if (!test_bit(MT76_STATE_MCU_RUNNING,
150 				      &dev->mt76.state))
151 				hdr_len -= 4;
152 			skb_pull(skb, hdr_len);
153 			*skb_ret = skb;
154 		} else {
155 			dev_kfree_skb(skb);
156 		}
157 
158 		break;
159 	}
160 
161 out:
162 	mutex_unlock(&dev->mt76.mmio.mcu.mutex);
163 
164 	return ret;
165 }
166 
167 static int mt7615_mcu_init_download(struct mt7615_dev *dev, u32 addr,
168 				    u32 len, u32 mode)
169 {
170 	struct {
171 		__le32 addr;
172 		__le32 len;
173 		__le32 mode;
174 	} req = {
175 		.addr = cpu_to_le32(addr),
176 		.len = cpu_to_le32(len),
177 		.mode = cpu_to_le32(mode),
178 	};
179 	struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
180 
181 	return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_TARGET_ADDRESS_LEN_REQ,
182 				   MCU_Q_NA, MCU_S2D_H2N, NULL);
183 }
184 
185 static int mt7615_mcu_send_firmware(struct mt7615_dev *dev, const void *data,
186 				    int len)
187 {
188 	struct sk_buff *skb;
189 	int ret = 0;
190 
191 	while (len > 0) {
192 		int cur_len = min_t(int, 4096 - sizeof(struct mt7615_mcu_txd),
193 				    len);
194 
195 		skb = mt7615_mcu_msg_alloc(data, cur_len);
196 		if (!skb)
197 			return -ENOMEM;
198 
199 		ret = __mt7615_mcu_msg_send(dev, skb, -MCU_CMD_FW_SCATTER,
200 					    MCU_Q_NA, MCU_S2D_H2N, NULL);
201 		if (ret)
202 			break;
203 
204 		data += cur_len;
205 		len -= cur_len;
206 	}
207 
208 	return ret;
209 }
210 
211 static int mt7615_mcu_start_firmware(struct mt7615_dev *dev, u32 addr,
212 				     u32 option)
213 {
214 	struct {
215 		__le32 option;
216 		__le32 addr;
217 	} req = {
218 		.option = cpu_to_le32(option),
219 		.addr = cpu_to_le32(addr),
220 	};
221 	struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
222 
223 	return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_FW_START_REQ,
224 				   MCU_Q_NA, MCU_S2D_H2N, NULL);
225 }
226 
227 static int mt7615_mcu_restart(struct mt7615_dev *dev)
228 {
229 	struct sk_buff *skb = mt7615_mcu_msg_alloc(NULL, 0);
230 
231 	return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_RESTART_DL_REQ,
232 				   MCU_Q_NA, MCU_S2D_H2N, NULL);
233 }
234 
235 static int mt7615_mcu_patch_sem_ctrl(struct mt7615_dev *dev, bool get)
236 {
237 	struct {
238 		__le32 operation;
239 	} req = {
240 		.operation = cpu_to_le32(get ? PATCH_SEM_GET :
241 					 PATCH_SEM_RELEASE),
242 	};
243 	struct event {
244 		u8 status;
245 		u8 reserved[3];
246 	} *resp;
247 	struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
248 	struct sk_buff *skb_ret;
249 	int ret;
250 
251 	ret = mt7615_mcu_msg_send(dev, skb, -MCU_CMD_PATCH_SEM_CONTROL,
252 				  MCU_Q_NA, MCU_S2D_H2N, &skb_ret);
253 	if (ret)
254 		goto out;
255 
256 	resp = (struct event *)(skb_ret->data);
257 	ret = resp->status;
258 	dev_kfree_skb(skb_ret);
259 
260 out:
261 	return ret;
262 }
263 
264 static int mt7615_mcu_start_patch(struct mt7615_dev *dev)
265 {
266 	struct {
267 		u8 check_crc;
268 		u8 reserved[3];
269 	} req = {
270 		.check_crc = 0,
271 	};
272 	struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
273 
274 	return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_PATCH_FINISH_REQ,
275 				   MCU_Q_NA, MCU_S2D_H2N, NULL);
276 }
277 
278 static int mt7615_driver_own(struct mt7615_dev *dev)
279 {
280 	mt76_wr(dev, MT_CFG_LPCR_HOST, MT_CFG_LPCR_HOST_DRV_OWN);
281 	if (!mt76_poll_msec(dev, MT_CFG_LPCR_HOST,
282 			    MT_CFG_LPCR_HOST_FW_OWN, 0, 500)) {
283 		dev_err(dev->mt76.dev, "Timeout for driver own\n");
284 		return -EIO;
285 	}
286 
287 	return 0;
288 }
289 
290 static int mt7615_load_patch(struct mt7615_dev *dev)
291 {
292 	const struct firmware *fw;
293 	const struct mt7615_patch_hdr *hdr;
294 	const char *firmware = MT7615_ROM_PATCH;
295 	int len, ret, sem;
296 
297 	sem = mt7615_mcu_patch_sem_ctrl(dev, 1);
298 	switch (sem) {
299 	case PATCH_IS_DL:
300 		return 0;
301 	case PATCH_NOT_DL_SEM_SUCCESS:
302 		break;
303 	default:
304 		dev_err(dev->mt76.dev, "Failed to get patch semaphore\n");
305 		return -EAGAIN;
306 	}
307 
308 	ret = request_firmware(&fw, firmware, dev->mt76.dev);
309 	if (ret)
310 		return ret;
311 
312 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
313 		dev_err(dev->mt76.dev, "Invalid firmware\n");
314 		ret = -EINVAL;
315 		goto out;
316 	}
317 
318 	hdr = (const struct mt7615_patch_hdr *)(fw->data);
319 
320 	dev_info(dev->mt76.dev, "HW/SW Version: 0x%x, Build Time: %.16s\n",
321 		 be32_to_cpu(hdr->hw_sw_ver), hdr->build_date);
322 
323 	len = fw->size - sizeof(*hdr);
324 
325 	ret = mt7615_mcu_init_download(dev, MCU_PATCH_ADDRESS, len,
326 				       DL_MODE_NEED_RSP);
327 	if (ret) {
328 		dev_err(dev->mt76.dev, "Download request failed\n");
329 		goto out;
330 	}
331 
332 	ret = mt7615_mcu_send_firmware(dev, fw->data + sizeof(*hdr), len);
333 	if (ret) {
334 		dev_err(dev->mt76.dev, "Failed to send firmware to device\n");
335 		goto out;
336 	}
337 
338 	ret = mt7615_mcu_start_patch(dev);
339 	if (ret)
340 		dev_err(dev->mt76.dev, "Failed to start patch\n");
341 
342 out:
343 	release_firmware(fw);
344 
345 	sem = mt7615_mcu_patch_sem_ctrl(dev, 0);
346 	switch (sem) {
347 	case PATCH_REL_SEM_SUCCESS:
348 		break;
349 	default:
350 		ret = -EAGAIN;
351 		dev_err(dev->mt76.dev, "Failed to release patch semaphore\n");
352 		break;
353 	}
354 
355 	return ret;
356 }
357 
358 static u32 gen_dl_mode(u8 feature_set, bool is_cr4)
359 {
360 	u32 ret = 0;
361 
362 	ret |= (feature_set & FW_FEATURE_SET_ENCRYPT) ?
363 	       (DL_MODE_ENCRYPT | DL_MODE_RESET_SEC_IV) : 0;
364 	ret |= FIELD_PREP(DL_MODE_KEY_IDX,
365 			  FIELD_GET(FW_FEATURE_SET_KEY_IDX, feature_set));
366 	ret |= DL_MODE_NEED_RSP;
367 	ret |= is_cr4 ? DL_MODE_WORKING_PDA_CR4 : 0;
368 
369 	return ret;
370 }
371 
372 static int mt7615_load_ram(struct mt7615_dev *dev)
373 {
374 	const struct firmware *fw;
375 	const struct mt7615_fw_trailer *hdr;
376 	const char *n9_firmware = MT7615_FIRMWARE_N9;
377 	const char *cr4_firmware = MT7615_FIRMWARE_CR4;
378 	u32 n9_ilm_addr, offset;
379 	int i, ret;
380 
381 	ret = request_firmware(&fw, n9_firmware, dev->mt76.dev);
382 	if (ret)
383 		return ret;
384 
385 	if (!fw || !fw->data || fw->size < N9_REGION_NUM * sizeof(*hdr)) {
386 		dev_err(dev->mt76.dev, "Invalid firmware\n");
387 		ret = -EINVAL;
388 		goto out;
389 	}
390 
391 	hdr = (const struct mt7615_fw_trailer *)(fw->data + fw->size -
392 					N9_REGION_NUM * sizeof(*hdr));
393 
394 	dev_info(dev->mt76.dev, "N9 Firmware Version: %.10s, Build Time: %.15s\n",
395 		 hdr->fw_ver, hdr->build_date);
396 
397 	n9_ilm_addr = le32_to_cpu(hdr->addr);
398 
399 	for (offset = 0, i = 0; i < N9_REGION_NUM; i++) {
400 		u32 len, addr, mode;
401 
402 		len = le32_to_cpu(hdr[i].len) + IMG_CRC_LEN;
403 		addr = le32_to_cpu(hdr[i].addr);
404 		mode = gen_dl_mode(hdr[i].feature_set, false);
405 
406 		ret = mt7615_mcu_init_download(dev, addr, len, mode);
407 		if (ret) {
408 			dev_err(dev->mt76.dev, "Download request failed\n");
409 			goto out;
410 		}
411 
412 		ret = mt7615_mcu_send_firmware(dev, fw->data + offset, len);
413 		if (ret) {
414 			dev_err(dev->mt76.dev, "Failed to send firmware to device\n");
415 			goto out;
416 		}
417 
418 		offset += len;
419 	}
420 
421 	ret = mt7615_mcu_start_firmware(dev, n9_ilm_addr, FW_START_OVERRIDE);
422 	if (ret) {
423 		dev_err(dev->mt76.dev, "Failed to start N9 firmware\n");
424 		goto out;
425 	}
426 
427 	release_firmware(fw);
428 
429 	ret = request_firmware(&fw, cr4_firmware, dev->mt76.dev);
430 	if (ret)
431 		return ret;
432 
433 	if (!fw || !fw->data || fw->size < CR4_REGION_NUM * sizeof(*hdr)) {
434 		dev_err(dev->mt76.dev, "Invalid firmware\n");
435 		ret = -EINVAL;
436 		goto out;
437 	}
438 
439 	hdr = (const struct mt7615_fw_trailer *)(fw->data + fw->size -
440 					CR4_REGION_NUM * sizeof(*hdr));
441 
442 	dev_info(dev->mt76.dev, "CR4 Firmware Version: %.10s, Build Time: %.15s\n",
443 		 hdr->fw_ver, hdr->build_date);
444 
445 	for (offset = 0, i = 0; i < CR4_REGION_NUM; i++) {
446 		u32 len, addr, mode;
447 
448 		len = le32_to_cpu(hdr[i].len) + IMG_CRC_LEN;
449 		addr = le32_to_cpu(hdr[i].addr);
450 		mode = gen_dl_mode(hdr[i].feature_set, true);
451 
452 		ret = mt7615_mcu_init_download(dev, addr, len, mode);
453 		if (ret) {
454 			dev_err(dev->mt76.dev, "Download request failed\n");
455 			goto out;
456 		}
457 
458 		ret = mt7615_mcu_send_firmware(dev, fw->data + offset, len);
459 		if (ret) {
460 			dev_err(dev->mt76.dev, "Failed to send firmware to device\n");
461 			goto out;
462 		}
463 
464 		offset += len;
465 	}
466 
467 	ret = mt7615_mcu_start_firmware(dev, 0, FW_START_WORKING_PDA_CR4);
468 	if (ret)
469 		dev_err(dev->mt76.dev, "Failed to start CR4 firmware\n");
470 
471 out:
472 	release_firmware(fw);
473 
474 	return ret;
475 }
476 
477 static int mt7615_load_firmware(struct mt7615_dev *dev)
478 {
479 	int ret;
480 	u32 val;
481 
482 	val = mt76_get_field(dev, MT_TOP_MISC2, MT_TOP_MISC2_FW_STATE);
483 
484 	if (val != FW_STATE_FW_DOWNLOAD) {
485 		dev_err(dev->mt76.dev, "Firmware is not ready for download\n");
486 		return -EIO;
487 	}
488 
489 	ret = mt7615_load_patch(dev);
490 	if (ret)
491 		return ret;
492 
493 	ret = mt7615_load_ram(dev);
494 	if (ret)
495 		return ret;
496 
497 	if (!mt76_poll_msec(dev, MT_TOP_MISC2, MT_TOP_MISC2_FW_STATE,
498 			    FIELD_PREP(MT_TOP_MISC2_FW_STATE,
499 				       FW_STATE_CR4_RDY), 500)) {
500 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
501 		return -EIO;
502 	}
503 
504 	dev_dbg(dev->mt76.dev, "Firmware init done\n");
505 
506 	return 0;
507 }
508 
509 int mt7615_mcu_init(struct mt7615_dev *dev)
510 {
511 	int ret;
512 
513 	ret = mt7615_driver_own(dev);
514 	if (ret)
515 		return ret;
516 
517 	ret = mt7615_load_firmware(dev);
518 	if (ret)
519 		return ret;
520 
521 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mt76.state);
522 
523 	return 0;
524 }
525 
526 void mt7615_mcu_exit(struct mt7615_dev *dev)
527 {
528 	mt7615_mcu_restart(dev);
529 	mt76_wr(dev, MT_CFG_LPCR_HOST, MT_CFG_LPCR_HOST_FW_OWN);
530 	skb_queue_purge(&dev->mt76.mmio.mcu.res_q);
531 }
532 
533 int mt7615_mcu_set_eeprom(struct mt7615_dev *dev)
534 {
535 	struct req_data {
536 		u8 val;
537 	} __packed;
538 	struct {
539 		u8 buffer_mode;
540 		u8 pad;
541 		u16 len;
542 	} __packed req_hdr = {
543 		.buffer_mode = 1,
544 		.len = __MT_EE_MAX - MT_EE_NIC_CONF_0,
545 	};
546 	struct sk_buff *skb;
547 	struct req_data *data;
548 	const int size = (__MT_EE_MAX - MT_EE_NIC_CONF_0) *
549 			 sizeof(struct req_data);
550 	u8 *eep = (u8 *)dev->mt76.eeprom.data;
551 	u16 off;
552 
553 	skb = mt7615_mcu_msg_alloc(NULL, size + sizeof(req_hdr));
554 	memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr));
555 	data = (struct req_data *)skb_put(skb, size);
556 	memset(data, 0, size);
557 
558 	for (off = MT_EE_NIC_CONF_0; off < __MT_EE_MAX; off++)
559 		data[off - MT_EE_NIC_CONF_0].val = eep[off];
560 
561 	return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_EFUSE_BUFFER_MODE,
562 				   MCU_Q_SET, MCU_S2D_H2N, NULL);
563 }
564 
565 int mt7615_mcu_init_mac(struct mt7615_dev *dev)
566 {
567 	struct {
568 		u8 enable;
569 		u8 band;
570 		u8 rsv[2];
571 	} __packed req = {
572 		.enable = 1,
573 		.band = 0,
574 	};
575 	struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
576 
577 	return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_MAC_INIT_CTRL,
578 				   MCU_Q_SET, MCU_S2D_H2N, NULL);
579 }
580 
581 int mt7615_mcu_set_rts_thresh(struct mt7615_dev *dev, u32 val)
582 {
583 	struct {
584 		u8 prot_idx;
585 		u8 band;
586 		u8 rsv[2];
587 		__le32 len_thresh;
588 		__le32 pkt_thresh;
589 	} __packed req = {
590 		.prot_idx = 1,
591 		.band = 0,
592 		.len_thresh = cpu_to_le32(val),
593 		.pkt_thresh = cpu_to_le32(0x2),
594 	};
595 	struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
596 
597 	return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_PROTECT_CTRL,
598 				   MCU_Q_SET, MCU_S2D_H2N, NULL);
599 }
600 
601 int mt7615_mcu_set_wmm(struct mt7615_dev *dev, u8 queue,
602 		       const struct ieee80211_tx_queue_params *params)
603 {
604 #define WMM_AIFS_SET	BIT(0)
605 #define WMM_CW_MIN_SET	BIT(1)
606 #define WMM_CW_MAX_SET	BIT(2)
607 #define WMM_TXOP_SET	BIT(3)
608 	struct req_data {
609 		u8 number;
610 		u8 rsv[3];
611 		u8 queue;
612 		u8 valid;
613 		u8 aifs;
614 		u8 cw_min;
615 		__le16 cw_max;
616 		__le16 txop;
617 	} __packed req = {
618 		.number = 1,
619 		.queue = queue,
620 		.valid = WMM_AIFS_SET | WMM_TXOP_SET,
621 		.aifs = params->aifs,
622 		.txop = cpu_to_le16(params->txop),
623 	};
624 	struct sk_buff *skb;
625 
626 	if (params->cw_min) {
627 		req.valid |= WMM_CW_MIN_SET;
628 		req.cw_min = params->cw_min;
629 	}
630 	if (params->cw_max) {
631 		req.valid |= WMM_CW_MAX_SET;
632 		req.cw_max = cpu_to_le16(params->cw_max);
633 	}
634 
635 	skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
636 	return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_EDCA_UPDATE,
637 				   MCU_Q_SET, MCU_S2D_H2N, NULL);
638 }
639 
640 int mt7615_mcu_ctrl_pm_state(struct mt7615_dev *dev, int enter)
641 {
642 #define ENTER_PM_STATE	1
643 #define EXIT_PM_STATE	2
644 	struct {
645 		u8 pm_number;
646 		u8 pm_state;
647 		u8 bssid[ETH_ALEN];
648 		u8 dtim_period;
649 		u8 wlan_idx;
650 		__le16 bcn_interval;
651 		__le32 aid;
652 		__le32 rx_filter;
653 		u8 band_idx;
654 		u8 rsv[3];
655 		__le32 feature;
656 		u8 omac_idx;
657 		u8 wmm_idx;
658 		u8 bcn_loss_cnt;
659 		u8 bcn_sp_duration;
660 	} __packed req = {
661 		.pm_number = 5,
662 		.pm_state = (enter) ? ENTER_PM_STATE : EXIT_PM_STATE,
663 		.band_idx = 0,
664 	};
665 	struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
666 
667 	return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_PM_STATE_CTRL,
668 				   MCU_Q_SET, MCU_S2D_H2N, NULL);
669 }
670 
671 static int __mt7615_mcu_set_dev_info(struct mt7615_dev *dev,
672 				     struct dev_info *dev_info)
673 {
674 	struct req_hdr {
675 		u8 omac_idx;
676 		u8 band_idx;
677 		__le16 tlv_num;
678 		u8 is_tlv_append;
679 		u8 rsv[3];
680 	} __packed req_hdr = {0};
681 	struct req_tlv {
682 		__le16 tag;
683 		__le16 len;
684 		u8 active;
685 		u8 band_idx;
686 		u8 omac_addr[ETH_ALEN];
687 	} __packed;
688 	struct sk_buff *skb;
689 	u16 tlv_num = 0;
690 
691 	skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) +
692 				   sizeof(struct req_tlv));
693 	skb_reserve(skb, sizeof(req_hdr));
694 
695 	if (dev_info->feature & BIT(DEV_INFO_ACTIVE)) {
696 		struct req_tlv req_tlv = {
697 			.tag = cpu_to_le16(DEV_INFO_ACTIVE),
698 			.len = cpu_to_le16(sizeof(req_tlv)),
699 			.active = dev_info->enable,
700 			.band_idx = dev_info->band_idx,
701 		};
702 		memcpy(req_tlv.omac_addr, dev_info->omac_addr, ETH_ALEN);
703 		memcpy(skb_put(skb, sizeof(req_tlv)), &req_tlv,
704 		       sizeof(req_tlv));
705 		tlv_num++;
706 	}
707 
708 	req_hdr.omac_idx = dev_info->omac_idx;
709 	req_hdr.band_idx = dev_info->band_idx;
710 	req_hdr.tlv_num = cpu_to_le16(tlv_num);
711 	req_hdr.is_tlv_append = tlv_num ? 1 : 0;
712 
713 	memcpy(skb_push(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr));
714 
715 	return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_DEV_INFO_UPDATE,
716 				   MCU_Q_SET, MCU_S2D_H2N, NULL);
717 }
718 
719 int mt7615_mcu_set_dev_info(struct mt7615_dev *dev, struct ieee80211_vif *vif,
720 			    int en)
721 {
722 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
723 	struct dev_info dev_info = {0};
724 
725 	dev_info.omac_idx = mvif->omac_idx;
726 	memcpy(dev_info.omac_addr, vif->addr, ETH_ALEN);
727 	dev_info.band_idx = mvif->band_idx;
728 	dev_info.enable = en;
729 	dev_info.feature = BIT(DEV_INFO_ACTIVE);
730 
731 	return __mt7615_mcu_set_dev_info(dev, &dev_info);
732 }
733 
734 static void bss_info_omac_handler (struct mt7615_dev *dev,
735 				   struct bss_info *bss_info,
736 				   struct sk_buff *skb)
737 {
738 	struct bss_info_omac tlv = {0};
739 
740 	tlv.tag = cpu_to_le16(BSS_INFO_OMAC);
741 	tlv.len = cpu_to_le16(sizeof(tlv));
742 	tlv.hw_bss_idx = (bss_info->omac_idx > EXT_BSSID_START) ?
743 			 HW_BSSID_0 : bss_info->omac_idx;
744 	tlv.omac_idx = bss_info->omac_idx;
745 	tlv.band_idx = bss_info->band_idx;
746 	tlv.conn_type = cpu_to_le32(bss_info->conn_type);
747 
748 	memcpy(skb_put(skb, sizeof(tlv)), &tlv, sizeof(tlv));
749 }
750 
751 static void bss_info_basic_handler (struct mt7615_dev *dev,
752 				    struct bss_info *bss_info,
753 				    struct sk_buff *skb)
754 {
755 	struct bss_info_basic tlv = {0};
756 
757 	tlv.tag = cpu_to_le16(BSS_INFO_BASIC);
758 	tlv.len = cpu_to_le16(sizeof(tlv));
759 	tlv.network_type = cpu_to_le32(bss_info->network_type);
760 	tlv.active = bss_info->enable;
761 	tlv.bcn_interval = cpu_to_le16(bss_info->bcn_interval);
762 	memcpy(tlv.bssid, bss_info->bssid, ETH_ALEN);
763 	tlv.wmm_idx = bss_info->wmm_idx;
764 	tlv.dtim_period = bss_info->dtim_period;
765 	tlv.bmc_tx_wlan_idx = bss_info->bmc_tx_wlan_idx;
766 
767 	memcpy(skb_put(skb, sizeof(tlv)), &tlv, sizeof(tlv));
768 }
769 
770 static void bss_info_ext_bss_handler (struct mt7615_dev *dev,
771 				      struct bss_info *bss_info,
772 				      struct sk_buff *skb)
773 {
774 /* SIFS 20us + 512 byte beacon tranmitted by 1Mbps (3906us) */
775 #define BCN_TX_ESTIMATE_TIME (4096 + 20)
776 	struct bss_info_ext_bss tlv = {0};
777 	int ext_bss_idx;
778 
779 	ext_bss_idx = bss_info->omac_idx - EXT_BSSID_START;
780 
781 	if (ext_bss_idx < 0)
782 		return;
783 
784 	tlv.tag = cpu_to_le16(BSS_INFO_EXT_BSS);
785 	tlv.len = cpu_to_le16(sizeof(tlv));
786 	tlv.mbss_tsf_offset = ext_bss_idx * BCN_TX_ESTIMATE_TIME;
787 
788 	memcpy(skb_put(skb, sizeof(tlv)), &tlv, sizeof(tlv));
789 }
790 
791 static struct bss_info_tag_handler bss_info_tag_handler[] = {
792 	{BSS_INFO_OMAC, sizeof(struct bss_info_omac), bss_info_omac_handler},
793 	{BSS_INFO_BASIC, sizeof(struct bss_info_basic), bss_info_basic_handler},
794 	{BSS_INFO_RF_CH, sizeof(struct bss_info_rf_ch), NULL},
795 	{BSS_INFO_PM, 0, NULL},
796 	{BSS_INFO_UAPSD, 0, NULL},
797 	{BSS_INFO_ROAM_DETECTION, 0, NULL},
798 	{BSS_INFO_LQ_RM, 0, NULL},
799 	{BSS_INFO_EXT_BSS, sizeof(struct bss_info_ext_bss), bss_info_ext_bss_handler},
800 	{BSS_INFO_BMC_INFO, 0, NULL},
801 	{BSS_INFO_SYNC_MODE, 0, NULL},
802 	{BSS_INFO_RA, 0, NULL},
803 	{BSS_INFO_MAX_NUM, 0, NULL},
804 };
805 
806 static int __mt7615_mcu_set_bss_info(struct mt7615_dev *dev,
807 				     struct bss_info *bss_info)
808 {
809 	struct req_hdr {
810 		u8 bss_idx;
811 		u8 rsv0;
812 		__le16 tlv_num;
813 		u8 is_tlv_append;
814 		u8 rsv1[3];
815 	} __packed req_hdr = {0};
816 	struct sk_buff *skb;
817 	u16 tlv_num = 0;
818 	u32 size = 0;
819 	int i;
820 
821 	for (i = 0; i < BSS_INFO_MAX_NUM; i++)
822 		if ((BIT(bss_info_tag_handler[i].tag) & bss_info->feature) &&
823 		    bss_info_tag_handler[i].handler) {
824 			tlv_num++;
825 			size += bss_info_tag_handler[i].len;
826 		}
827 
828 	skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) + size);
829 
830 	req_hdr.bss_idx = bss_info->bss_idx;
831 	req_hdr.tlv_num = cpu_to_le16(tlv_num);
832 	req_hdr.is_tlv_append = tlv_num ? 1 : 0;
833 
834 	memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr));
835 
836 	for (i = 0; i < BSS_INFO_MAX_NUM; i++)
837 		if ((BIT(bss_info_tag_handler[i].tag) & bss_info->feature) &&
838 		    bss_info_tag_handler[i].handler)
839 			bss_info_tag_handler[i].handler(dev, bss_info, skb);
840 
841 	return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_BSS_INFO_UPDATE,
842 				   MCU_Q_SET, MCU_S2D_H2N, NULL);
843 }
844 
845 static void bss_info_convert_vif_type(enum nl80211_iftype type,
846 				      u32 *network_type, u32 *conn_type)
847 {
848 	switch (type) {
849 	case NL80211_IFTYPE_AP:
850 		if (network_type)
851 			*network_type = NETWORK_INFRA;
852 		if (conn_type)
853 			*conn_type = CONNECTION_INFRA_AP;
854 		break;
855 	case NL80211_IFTYPE_STATION:
856 		if (network_type)
857 			*network_type = NETWORK_INFRA;
858 		if (conn_type)
859 			*conn_type = CONNECTION_INFRA_STA;
860 		break;
861 	default:
862 		WARN_ON(1);
863 		break;
864 	};
865 }
866 
867 int mt7615_mcu_set_bss_info(struct mt7615_dev *dev, struct ieee80211_vif *vif,
868 			    int en)
869 {
870 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
871 	struct bss_info bss_info = {0};
872 	u8 bmc_tx_wlan_idx = 0;
873 	u32 network_type = 0, conn_type = 0;
874 
875 	if (vif->type == NL80211_IFTYPE_AP) {
876 		bmc_tx_wlan_idx = mvif->sta.wcid.idx;
877 	} else if (vif->type == NL80211_IFTYPE_STATION) {
878 		/* find the unicast entry for sta mode bmc tx */
879 		struct ieee80211_sta *ap_sta;
880 		struct mt7615_sta *msta;
881 
882 		rcu_read_lock();
883 
884 		ap_sta = ieee80211_find_sta(vif, vif->bss_conf.bssid);
885 		if (!ap_sta) {
886 			rcu_read_unlock();
887 			return -EINVAL;
888 		}
889 
890 		msta = (struct mt7615_sta *)ap_sta->drv_priv;
891 		bmc_tx_wlan_idx = msta->wcid.idx;
892 
893 		rcu_read_unlock();
894 	} else {
895 		WARN_ON(1);
896 	}
897 
898 	bss_info_convert_vif_type(vif->type, &network_type, &conn_type);
899 
900 	bss_info.bss_idx = mvif->idx;
901 	memcpy(bss_info.bssid, vif->bss_conf.bssid, ETH_ALEN);
902 	bss_info.omac_idx = mvif->omac_idx;
903 	bss_info.band_idx = mvif->band_idx;
904 	bss_info.bmc_tx_wlan_idx = bmc_tx_wlan_idx;
905 	bss_info.wmm_idx = mvif->wmm_idx;
906 	bss_info.network_type = network_type;
907 	bss_info.conn_type = conn_type;
908 	bss_info.bcn_interval = vif->bss_conf.beacon_int;
909 	bss_info.dtim_period = vif->bss_conf.dtim_period;
910 	bss_info.enable = en;
911 	bss_info.feature = BIT(BSS_INFO_BASIC);
912 	if (en) {
913 		bss_info.feature |= BIT(BSS_INFO_OMAC);
914 		if (mvif->omac_idx > EXT_BSSID_START)
915 			bss_info.feature |= BIT(BSS_INFO_EXT_BSS);
916 	}
917 
918 	return __mt7615_mcu_set_bss_info(dev, &bss_info);
919 }
920 
921 static int __mt7615_mcu_set_wtbl(struct mt7615_dev *dev, int wlan_idx,
922 				 int operation, void *buf, int buf_len)
923 {
924 	struct req_hdr {
925 		u8 wlan_idx;
926 		u8 operation;
927 		__le16 tlv_num;
928 		u8 rsv[4];
929 	} __packed req_hdr = {0};
930 	struct tlv {
931 		__le16 tag;
932 		__le16 len;
933 		u8 buf[0];
934 	} __packed;
935 	struct sk_buff *skb;
936 	u16 tlv_num = 0;
937 	int offset = 0;
938 
939 	while (offset < buf_len) {
940 		struct tlv *tlv = (struct tlv *)((u8 *)buf + offset);
941 
942 		tlv_num++;
943 		offset += tlv->len;
944 	}
945 
946 	skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) + buf_len);
947 
948 	req_hdr.wlan_idx = wlan_idx;
949 	req_hdr.operation = operation;
950 	req_hdr.tlv_num = cpu_to_le16(tlv_num);
951 
952 	memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr));
953 
954 	if (buf && buf_len)
955 		memcpy(skb_put(skb, buf_len), buf, buf_len);
956 
957 	return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_WTBL_UPDATE,
958 				   MCU_Q_SET, MCU_S2D_H2N, NULL);
959 }
960 
961 static enum mt7615_cipher_type
962 mt7615_get_key_info(struct ieee80211_key_conf *key, u8 *key_data)
963 {
964 	if (!key || key->keylen > 32)
965 		return MT_CIPHER_NONE;
966 
967 	memcpy(key_data, key->key, key->keylen);
968 
969 	switch (key->cipher) {
970 	case WLAN_CIPHER_SUITE_WEP40:
971 		return MT_CIPHER_WEP40;
972 	case WLAN_CIPHER_SUITE_WEP104:
973 		return MT_CIPHER_WEP104;
974 	case WLAN_CIPHER_SUITE_TKIP:
975 		/* Rx/Tx MIC keys are swapped */
976 		memcpy(key_data + 16, key->key + 24, 8);
977 		memcpy(key_data + 24, key->key + 16, 8);
978 		return MT_CIPHER_TKIP;
979 	case WLAN_CIPHER_SUITE_CCMP:
980 		return MT_CIPHER_AES_CCMP;
981 	case WLAN_CIPHER_SUITE_CCMP_256:
982 		return MT_CIPHER_CCMP_256;
983 	case WLAN_CIPHER_SUITE_GCMP:
984 		return MT_CIPHER_GCMP;
985 	case WLAN_CIPHER_SUITE_GCMP_256:
986 		return MT_CIPHER_GCMP_256;
987 	case WLAN_CIPHER_SUITE_SMS4:
988 		return MT_CIPHER_WAPI;
989 	default:
990 		return MT_CIPHER_NONE;
991 	}
992 }
993 
994 int mt7615_mcu_set_wtbl_key(struct mt7615_dev *dev, int wcid,
995 			    struct ieee80211_key_conf *key,
996 			    enum set_key_cmd cmd)
997 {
998 	struct wtbl_sec_key wtbl_sec_key = {0};
999 	int buf_len = sizeof(struct wtbl_sec_key);
1000 	u8 cipher;
1001 
1002 	wtbl_sec_key.tag = cpu_to_le16(WTBL_SEC_KEY);
1003 	wtbl_sec_key.len = cpu_to_le16(buf_len);
1004 	wtbl_sec_key.add = cmd;
1005 
1006 	if (cmd == SET_KEY) {
1007 		cipher = mt7615_get_key_info(key, wtbl_sec_key.key_material);
1008 		if (cipher == MT_CIPHER_NONE && key)
1009 			return -EOPNOTSUPP;
1010 
1011 		wtbl_sec_key.cipher_id = cipher;
1012 		wtbl_sec_key.key_id = key->keyidx;
1013 		wtbl_sec_key.key_len = key->keylen;
1014 	} else {
1015 		wtbl_sec_key.key_len = sizeof(wtbl_sec_key.key_material);
1016 	}
1017 
1018 	return __mt7615_mcu_set_wtbl(dev, wcid, WTBL_SET, &wtbl_sec_key,
1019 				     buf_len);
1020 }
1021 
1022 int mt7615_mcu_add_wtbl_bmc(struct mt7615_dev *dev, struct ieee80211_vif *vif)
1023 {
1024 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1025 	struct wtbl_generic *wtbl_generic;
1026 	struct wtbl_rx *wtbl_rx;
1027 	int buf_len, ret;
1028 	u8 *buf;
1029 
1030 	buf = kzalloc(MT7615_WTBL_UPDATE_MAX_SIZE, GFP_KERNEL);
1031 	if (!buf)
1032 		return -ENOMEM;
1033 
1034 	wtbl_generic = (struct wtbl_generic *)buf;
1035 	buf_len = sizeof(*wtbl_generic);
1036 	wtbl_generic->tag = cpu_to_le16(WTBL_GENERIC);
1037 	wtbl_generic->len = cpu_to_le16(buf_len);
1038 	eth_broadcast_addr(wtbl_generic->peer_addr);
1039 	wtbl_generic->muar_idx = 0xe;
1040 
1041 	wtbl_rx = (struct wtbl_rx *)(buf + buf_len);
1042 	buf_len += sizeof(*wtbl_rx);
1043 	wtbl_rx->tag = cpu_to_le16(WTBL_RX);
1044 	wtbl_rx->len = cpu_to_le16(sizeof(*wtbl_rx));
1045 	wtbl_rx->rca1 = 1;
1046 	wtbl_rx->rca2 = 1;
1047 	wtbl_rx->rv = 1;
1048 
1049 	ret = __mt7615_mcu_set_wtbl(dev, mvif->sta.wcid.idx,
1050 				    WTBL_RESET_AND_SET, buf, buf_len);
1051 
1052 	kfree(buf);
1053 	return ret;
1054 }
1055 
1056 int mt7615_mcu_del_wtbl_bmc(struct mt7615_dev *dev, struct ieee80211_vif *vif)
1057 {
1058 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1059 
1060 	return __mt7615_mcu_set_wtbl(dev, mvif->sta.wcid.idx,
1061 				     WTBL_RESET_AND_SET, NULL, 0);
1062 }
1063 
1064 int mt7615_mcu_add_wtbl(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1065 			struct ieee80211_sta *sta)
1066 {
1067 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1068 	struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1069 	struct wtbl_generic *wtbl_generic;
1070 	struct wtbl_rx *wtbl_rx;
1071 	int buf_len, ret;
1072 	u8 *buf;
1073 
1074 	buf = kzalloc(MT7615_WTBL_UPDATE_MAX_SIZE, GFP_KERNEL);
1075 	if (!buf)
1076 		return -ENOMEM;
1077 
1078 	wtbl_generic = (struct wtbl_generic *)buf;
1079 	buf_len = sizeof(*wtbl_generic);
1080 	wtbl_generic->tag = cpu_to_le16(WTBL_GENERIC);
1081 	wtbl_generic->len = cpu_to_le16(buf_len);
1082 	memcpy(wtbl_generic->peer_addr, sta->addr, ETH_ALEN);
1083 	wtbl_generic->muar_idx = mvif->omac_idx;
1084 	wtbl_generic->qos = sta->wme;
1085 	wtbl_generic->partial_aid = cpu_to_le16(sta->aid);
1086 
1087 	wtbl_rx = (struct wtbl_rx *)(buf + buf_len);
1088 	buf_len += sizeof(*wtbl_rx);
1089 	wtbl_rx->tag = cpu_to_le16(WTBL_RX);
1090 	wtbl_rx->len = cpu_to_le16(sizeof(*wtbl_rx));
1091 	wtbl_rx->rca1 = (vif->type == NL80211_IFTYPE_AP) ? 0 : 1;
1092 	wtbl_rx->rca2 = 1;
1093 	wtbl_rx->rv = 1;
1094 
1095 	ret = __mt7615_mcu_set_wtbl(dev, msta->wcid.idx,
1096 				    WTBL_RESET_AND_SET, buf, buf_len);
1097 
1098 	kfree(buf);
1099 	return ret;
1100 }
1101 
1102 int mt7615_mcu_del_wtbl(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1103 			struct ieee80211_sta *sta)
1104 {
1105 	struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1106 
1107 	return __mt7615_mcu_set_wtbl(dev, msta->wcid.idx,
1108 				     WTBL_RESET_AND_SET, NULL, 0);
1109 }
1110 
1111 int mt7615_mcu_del_wtbl_all(struct mt7615_dev *dev)
1112 {
1113 	return __mt7615_mcu_set_wtbl(dev, 0, WTBL_RESET_ALL, NULL, 0);
1114 }
1115 
1116 static int __mt7615_mcu_set_sta_rec(struct mt7615_dev *dev, int bss_idx,
1117 				    int wlan_idx, int muar_idx, void *buf,
1118 				    int buf_len)
1119 {
1120 	struct req_hdr {
1121 		u8 bss_idx;
1122 		u8 wlan_idx;
1123 		__le16 tlv_num;
1124 		u8 is_tlv_append;
1125 		u8 muar_idx;
1126 		u8 rsv[2];
1127 	} __packed req_hdr = {0};
1128 	struct tlv {
1129 		__le16 tag;
1130 		__le16 len;
1131 		u8 buf[0];
1132 	} __packed;
1133 	struct sk_buff *skb;
1134 	u16 tlv_num = 0;
1135 	int offset = 0;
1136 
1137 	while (offset < buf_len) {
1138 		struct tlv *tlv = (struct tlv *)((u8 *)buf + offset);
1139 
1140 		tlv_num++;
1141 		offset += tlv->len;
1142 	}
1143 
1144 	skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) + buf_len);
1145 
1146 	req_hdr.bss_idx = bss_idx;
1147 	req_hdr.wlan_idx = wlan_idx;
1148 	req_hdr.tlv_num = cpu_to_le16(tlv_num);
1149 	req_hdr.is_tlv_append = tlv_num ? 1 : 0;
1150 	req_hdr.muar_idx = muar_idx;
1151 
1152 	memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr));
1153 
1154 	if (buf && buf_len)
1155 		memcpy(skb_put(skb, buf_len), buf, buf_len);
1156 
1157 	return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_STA_REC_UPDATE,
1158 				   MCU_Q_SET, MCU_S2D_H2N, NULL);
1159 }
1160 
1161 int mt7615_mcu_set_sta_rec_bmc(struct mt7615_dev *dev,
1162 			       struct ieee80211_vif *vif, bool en)
1163 {
1164 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1165 	struct sta_rec_basic sta_rec_basic = {0};
1166 	int buf_len = sizeof(struct sta_rec_basic);
1167 
1168 	sta_rec_basic.tag = cpu_to_le16(STA_REC_BASIC);
1169 	sta_rec_basic.len = cpu_to_le16(buf_len);
1170 	sta_rec_basic.conn_type = cpu_to_le32(CONNECTION_INFRA_BC);
1171 	eth_broadcast_addr(sta_rec_basic.peer_addr);
1172 	if (en) {
1173 		sta_rec_basic.conn_state = CONN_STATE_PORT_SECURE;
1174 		sta_rec_basic.extra_info =
1175 			cpu_to_le16(EXTRA_INFO_VER | EXTRA_INFO_NEW);
1176 	} else {
1177 		sta_rec_basic.conn_state = CONN_STATE_DISCONNECT;
1178 		sta_rec_basic.extra_info = cpu_to_le16(EXTRA_INFO_VER);
1179 	}
1180 
1181 	return __mt7615_mcu_set_sta_rec(dev, mvif->idx, mvif->sta.wcid.idx,
1182 					mvif->omac_idx, &sta_rec_basic,
1183 					buf_len);
1184 }
1185 
1186 static void sta_rec_convert_vif_type(enum nl80211_iftype type, u32 *conn_type)
1187 {
1188 	switch (type) {
1189 	case NL80211_IFTYPE_AP:
1190 		if (conn_type)
1191 			*conn_type = CONNECTION_INFRA_STA;
1192 		break;
1193 	case NL80211_IFTYPE_STATION:
1194 		if (conn_type)
1195 			*conn_type = CONNECTION_INFRA_AP;
1196 		break;
1197 	default:
1198 		WARN_ON(1);
1199 		break;
1200 	};
1201 }
1202 
1203 int mt7615_mcu_set_sta_rec(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1204 			   struct ieee80211_sta *sta, bool en)
1205 {
1206 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1207 	struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1208 	struct sta_rec_basic sta_rec_basic = {0};
1209 	int buf_len = sizeof(struct sta_rec_basic);
1210 	u32 conn_type = 0;
1211 
1212 	sta_rec_convert_vif_type(vif->type, &conn_type);
1213 
1214 	sta_rec_basic.tag = cpu_to_le16(STA_REC_BASIC);
1215 	sta_rec_basic.len = cpu_to_le16(buf_len);
1216 	sta_rec_basic.conn_type = cpu_to_le32(conn_type);
1217 	sta_rec_basic.qos = sta->wme;
1218 	sta_rec_basic.aid = cpu_to_le16(sta->aid);
1219 	memcpy(sta_rec_basic.peer_addr, sta->addr, ETH_ALEN);
1220 
1221 	if (en) {
1222 		sta_rec_basic.conn_state = CONN_STATE_PORT_SECURE;
1223 		sta_rec_basic.extra_info =
1224 			cpu_to_le16(EXTRA_INFO_VER | EXTRA_INFO_NEW);
1225 	} else {
1226 		sta_rec_basic.conn_state = CONN_STATE_DISCONNECT;
1227 		sta_rec_basic.extra_info = cpu_to_le16(EXTRA_INFO_VER);
1228 	}
1229 
1230 	return __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx,
1231 					mvif->omac_idx, &sta_rec_basic,
1232 					buf_len);
1233 }
1234 
1235 int mt7615_mcu_set_bcn(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1236 		       int en)
1237 {
1238 	struct req {
1239 		u8 omac_idx;
1240 		u8 enable;
1241 		u8 wlan_idx;
1242 		u8 band_idx;
1243 		u8 pkt_type;
1244 		u8 need_pre_tbtt_int;
1245 		__le16 csa_ie_pos;
1246 		__le16 pkt_len;
1247 		__le16 tim_ie_pos;
1248 		u8 pkt[512];
1249 		u8 csa_cnt;
1250 		/* bss color change */
1251 		u8 bcc_cnt;
1252 		__le16 bcc_ie_pos;
1253 	} __packed req = {0};
1254 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1255 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1256 	struct sk_buff *skb;
1257 	u16 tim_off, tim_len;
1258 
1259 	skb = ieee80211_beacon_get_tim(mt76_hw(dev), vif, &tim_off, &tim_len);
1260 
1261 	if (!skb)
1262 		return -EINVAL;
1263 
1264 	if (skb->len > 512 - MT_TXD_SIZE) {
1265 		dev_err(dev->mt76.dev, "Bcn size limit exceed\n");
1266 		dev_kfree_skb(skb);
1267 		return -EINVAL;
1268 	}
1269 
1270 	mt7615_mac_write_txwi(dev, (__le32 *)(req.pkt), skb, wcid, NULL,
1271 			      0, NULL);
1272 	memcpy(req.pkt + MT_TXD_SIZE, skb->data, skb->len);
1273 	dev_kfree_skb(skb);
1274 
1275 	req.omac_idx = mvif->omac_idx;
1276 	req.enable = en;
1277 	req.wlan_idx = wcid->idx;
1278 	req.band_idx = mvif->band_idx;
1279 	/* pky_type: 0 for bcn, 1 for tim */
1280 	req.pkt_type = 0;
1281 	req.pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
1282 	req.tim_ie_pos = cpu_to_le16(MT_TXD_SIZE + tim_off);
1283 
1284 	skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
1285 
1286 	return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_BCN_OFFLOAD,
1287 				   MCU_Q_SET, MCU_S2D_H2N, NULL);
1288 }
1289 
1290 int mt7615_mcu_set_channel(struct mt7615_dev *dev)
1291 {
1292 	struct cfg80211_chan_def *chdef = &dev->mt76.chandef;
1293 	struct {
1294 		u8 control_chan;
1295 		u8 center_chan;
1296 		u8 bw;
1297 		u8 tx_streams;
1298 		u8 rx_streams_mask;
1299 		u8 switch_reason;
1300 		u8 band_idx;
1301 		/* for 80+80 only */
1302 		u8 center_chan2;
1303 		__le16 cac_case;
1304 		u8 channel_band;
1305 		u8 rsv0;
1306 		__le32 outband_freq;
1307 		u8 txpower_drop;
1308 		u8 rsv1[3];
1309 		u8 txpower_sku[53];
1310 		u8 rsv2[3];
1311 	} req = {0};
1312 	struct sk_buff *skb;
1313 	int ret;
1314 
1315 	req.control_chan = chdef->chan->hw_value;
1316 	req.center_chan = ieee80211_frequency_to_channel(chdef->center_freq1);
1317 	req.tx_streams = (dev->mt76.chainmask >> 8) & 0xf;
1318 	req.rx_streams_mask = dev->mt76.antenna_mask;
1319 	req.switch_reason = CH_SWITCH_NORMAL;
1320 	req.band_idx = 0;
1321 	req.center_chan2 = ieee80211_frequency_to_channel(chdef->center_freq2);
1322 	req.txpower_drop = 0;
1323 
1324 	switch (dev->mt76.chandef.width) {
1325 	case NL80211_CHAN_WIDTH_40:
1326 		req.bw = CMD_CBW_40MHZ;
1327 		break;
1328 	case NL80211_CHAN_WIDTH_80:
1329 		req.bw = CMD_CBW_80MHZ;
1330 		break;
1331 	case NL80211_CHAN_WIDTH_80P80:
1332 		req.bw = CMD_CBW_8080MHZ;
1333 		break;
1334 	case NL80211_CHAN_WIDTH_160:
1335 		req.bw = CMD_CBW_160MHZ;
1336 		break;
1337 	case NL80211_CHAN_WIDTH_5:
1338 		req.bw = CMD_CBW_5MHZ;
1339 		break;
1340 	case NL80211_CHAN_WIDTH_10:
1341 		req.bw = CMD_CBW_10MHZ;
1342 		break;
1343 	case NL80211_CHAN_WIDTH_20_NOHT:
1344 	case NL80211_CHAN_WIDTH_20:
1345 	default:
1346 		req.bw = CMD_CBW_20MHZ;
1347 	}
1348 
1349 	memset(req.txpower_sku, 0x3f, 49);
1350 
1351 	skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
1352 	ret = mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_CHANNEL_SWITCH,
1353 				  MCU_Q_SET, MCU_S2D_H2N, NULL);
1354 	if (ret)
1355 		return ret;
1356 
1357 	skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
1358 	return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_SET_RX_PATH,
1359 				   MCU_Q_SET, MCU_S2D_H2N, NULL);
1360 }
1361 
1362 int mt7615_mcu_set_ht_cap(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1363 			  struct ieee80211_sta *sta)
1364 {
1365 	struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1366 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1367 	struct wtbl_ht *wtbl_ht;
1368 	struct wtbl_raw *wtbl_raw;
1369 	struct sta_rec_ht *sta_rec_ht;
1370 	int buf_len, ret;
1371 	u32 msk, val = 0;
1372 	u8 *buf;
1373 
1374 	buf = kzalloc(MT7615_WTBL_UPDATE_MAX_SIZE, GFP_KERNEL);
1375 	if (!buf)
1376 		return -ENOMEM;
1377 
1378 	/* ht basic */
1379 	buf_len = sizeof(*wtbl_ht);
1380 	wtbl_ht = (struct wtbl_ht *)buf;
1381 	wtbl_ht->tag = cpu_to_le16(WTBL_HT);
1382 	wtbl_ht->len = cpu_to_le16(sizeof(*wtbl_ht));
1383 	wtbl_ht->ht = 1;
1384 	wtbl_ht->ldpc = sta->ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING;
1385 	wtbl_ht->af = sta->ht_cap.ampdu_factor;
1386 	wtbl_ht->mm = sta->ht_cap.ampdu_density;
1387 
1388 	if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20)
1389 		val |= MT_WTBL_W5_SHORT_GI_20;
1390 	if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40)
1391 		val |= MT_WTBL_W5_SHORT_GI_40;
1392 
1393 	/* vht basic */
1394 	if (sta->vht_cap.vht_supported) {
1395 		struct wtbl_vht *wtbl_vht;
1396 
1397 		wtbl_vht = (struct wtbl_vht *)(buf + buf_len);
1398 		buf_len += sizeof(*wtbl_vht);
1399 		wtbl_vht->tag = cpu_to_le16(WTBL_VHT);
1400 		wtbl_vht->len = cpu_to_le16(sizeof(*wtbl_vht));
1401 		wtbl_vht->ldpc = sta->vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC;
1402 		wtbl_vht->vht = 1;
1403 
1404 		if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80)
1405 			val |= MT_WTBL_W5_SHORT_GI_80;
1406 		if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160)
1407 			val |= MT_WTBL_W5_SHORT_GI_160;
1408 	}
1409 
1410 	/* smps */
1411 	if (sta->smps_mode == IEEE80211_SMPS_DYNAMIC) {
1412 		struct wtbl_smps *wtbl_smps;
1413 
1414 		wtbl_smps = (struct wtbl_smps *)(buf + buf_len);
1415 		buf_len += sizeof(*wtbl_smps);
1416 		wtbl_smps->tag = cpu_to_le16(WTBL_SMPS);
1417 		wtbl_smps->len = cpu_to_le16(sizeof(*wtbl_smps));
1418 		wtbl_smps->smps = 1;
1419 	}
1420 
1421 	/* sgi */
1422 	msk = MT_WTBL_W5_SHORT_GI_20 | MT_WTBL_W5_SHORT_GI_40 |
1423 	      MT_WTBL_W5_SHORT_GI_80 | MT_WTBL_W5_SHORT_GI_160;
1424 
1425 	wtbl_raw = (struct wtbl_raw *)(buf + buf_len);
1426 	buf_len += sizeof(*wtbl_raw);
1427 	wtbl_raw->tag = cpu_to_le16(WTBL_RAW_DATA);
1428 	wtbl_raw->len = cpu_to_le16(sizeof(*wtbl_raw));
1429 	wtbl_raw->wtbl_idx = 1;
1430 	wtbl_raw->dw = 5;
1431 	wtbl_raw->msk = cpu_to_le32(~msk);
1432 	wtbl_raw->val = cpu_to_le32(val);
1433 
1434 	ret = __mt7615_mcu_set_wtbl(dev, msta->wcid.idx, WTBL_SET, buf,
1435 				    buf_len);
1436 	if (ret) {
1437 		kfree(buf);
1438 		return ret;
1439 	}
1440 
1441 	memset(buf, 0, MT7615_WTBL_UPDATE_MAX_SIZE);
1442 
1443 	buf_len = sizeof(*sta_rec_ht);
1444 	sta_rec_ht = (struct sta_rec_ht *)buf;
1445 	sta_rec_ht->tag = cpu_to_le16(STA_REC_HT);
1446 	sta_rec_ht->len = cpu_to_le16(sizeof(*sta_rec_ht));
1447 	sta_rec_ht->ht_cap = cpu_to_le16(sta->ht_cap.cap);
1448 
1449 	if (sta->vht_cap.vht_supported) {
1450 		struct sta_rec_vht *sta_rec_vht;
1451 
1452 		sta_rec_vht = (struct sta_rec_vht *)(buf + buf_len);
1453 		buf_len += sizeof(*sta_rec_vht);
1454 		sta_rec_vht->tag = cpu_to_le16(STA_REC_VHT);
1455 		sta_rec_vht->len = cpu_to_le16(sizeof(*sta_rec_vht));
1456 		sta_rec_vht->vht_cap = cpu_to_le32(sta->vht_cap.cap);
1457 		sta_rec_vht->vht_rx_mcs_map =
1458 			cpu_to_le16(sta->vht_cap.vht_mcs.rx_mcs_map);
1459 		sta_rec_vht->vht_tx_mcs_map =
1460 			cpu_to_le16(sta->vht_cap.vht_mcs.tx_mcs_map);
1461 	}
1462 
1463 	ret = __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx,
1464 				       mvif->omac_idx, buf, buf_len);
1465 	kfree(buf);
1466 	return ret;
1467 }
1468 
1469 int mt7615_mcu_set_tx_ba(struct mt7615_dev *dev,
1470 			 struct ieee80211_ampdu_params *params,
1471 			 bool add)
1472 {
1473 	struct ieee80211_sta *sta = params->sta;
1474 	struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1475 	struct mt7615_vif *mvif = msta->vif;
1476 	u8 ba_range[8] = {4, 8, 12, 24, 36, 48, 54, 64};
1477 	u16 tid = params->tid;
1478 	u16 ba_size = params->buf_size;
1479 	u16 ssn = params->ssn;
1480 	struct wtbl_ba wtbl_ba = {0};
1481 	struct sta_rec_ba sta_rec_ba = {0};
1482 	int ret, buf_len;
1483 
1484 	buf_len = sizeof(struct wtbl_ba);
1485 
1486 	wtbl_ba.tag = cpu_to_le16(WTBL_BA);
1487 	wtbl_ba.len = cpu_to_le16(buf_len);
1488 	wtbl_ba.tid = tid;
1489 	wtbl_ba.ba_type = MT_BA_TYPE_ORIGINATOR;
1490 
1491 	if (add) {
1492 		u8 idx;
1493 
1494 		for (idx = 7; idx > 0; idx--) {
1495 			if (ba_size >= ba_range[idx])
1496 				break;
1497 		}
1498 
1499 		wtbl_ba.sn = cpu_to_le16(ssn);
1500 		wtbl_ba.ba_en = 1;
1501 		wtbl_ba.ba_winsize_idx = idx;
1502 	}
1503 
1504 	ret = __mt7615_mcu_set_wtbl(dev, msta->wcid.idx, WTBL_SET, &wtbl_ba,
1505 				    buf_len);
1506 	if (ret)
1507 		return ret;
1508 
1509 	buf_len = sizeof(struct sta_rec_ba);
1510 
1511 	sta_rec_ba.tag = cpu_to_le16(STA_REC_BA);
1512 	sta_rec_ba.len = cpu_to_le16(buf_len);
1513 	sta_rec_ba.tid = tid;
1514 	sta_rec_ba.ba_type = MT_BA_TYPE_ORIGINATOR;
1515 	sta_rec_ba.amsdu = params->amsdu;
1516 	sta_rec_ba.ba_en = add << tid;
1517 	sta_rec_ba.ssn = cpu_to_le16(ssn);
1518 	sta_rec_ba.winsize = cpu_to_le16(ba_size);
1519 
1520 	return __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx,
1521 					mvif->omac_idx, &sta_rec_ba, buf_len);
1522 }
1523 
1524 int mt7615_mcu_set_rx_ba(struct mt7615_dev *dev,
1525 			 struct ieee80211_ampdu_params *params,
1526 			 bool add)
1527 {
1528 	struct ieee80211_sta *sta = params->sta;
1529 	struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1530 	struct mt7615_vif *mvif = msta->vif;
1531 	u16 tid = params->tid;
1532 	struct wtbl_ba wtbl_ba = {0};
1533 	struct sta_rec_ba sta_rec_ba = {0};
1534 	int ret, buf_len;
1535 
1536 	buf_len = sizeof(struct sta_rec_ba);
1537 
1538 	sta_rec_ba.tag = cpu_to_le16(STA_REC_BA);
1539 	sta_rec_ba.len = cpu_to_le16(buf_len);
1540 	sta_rec_ba.tid = tid;
1541 	sta_rec_ba.ba_type = MT_BA_TYPE_RECIPIENT;
1542 	sta_rec_ba.amsdu = params->amsdu;
1543 	sta_rec_ba.ba_en = add << tid;
1544 	sta_rec_ba.ssn = cpu_to_le16(params->ssn);
1545 	sta_rec_ba.winsize = cpu_to_le16(params->buf_size);
1546 
1547 	ret = __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx,
1548 				       mvif->omac_idx, &sta_rec_ba, buf_len);
1549 	if (ret || !add)
1550 		return ret;
1551 
1552 	buf_len = sizeof(struct wtbl_ba);
1553 
1554 	wtbl_ba.tag = cpu_to_le16(WTBL_BA);
1555 	wtbl_ba.len = cpu_to_le16(buf_len);
1556 	wtbl_ba.tid = tid;
1557 	wtbl_ba.ba_type = MT_BA_TYPE_RECIPIENT;
1558 	memcpy(wtbl_ba.peer_addr, sta->addr, ETH_ALEN);
1559 	wtbl_ba.rst_ba_tid = tid;
1560 	wtbl_ba.rst_ba_sel = RST_BA_MAC_TID_MATCH;
1561 	wtbl_ba.rst_ba_sb = 1;
1562 
1563 	return  __mt7615_mcu_set_wtbl(dev, msta->wcid.idx, WTBL_SET,
1564 				      &wtbl_ba, buf_len);
1565 }
1566 
1567 void mt7615_mcu_set_rates(struct mt7615_dev *dev, struct mt7615_sta *sta,
1568 			  struct ieee80211_tx_rate *probe_rate,
1569 			  struct ieee80211_tx_rate *rates)
1570 {
1571 	int wcid = sta->wcid.idx;
1572 	u32 addr = MT_WTBL_BASE + wcid * MT_WTBL_ENTRY_SIZE;
1573 	bool stbc = false;
1574 	int n_rates = sta->n_rates;
1575 	u8 bw, bw_prev, bw_idx = 0;
1576 	u16 val[4];
1577 	u16 probe_val;
1578 	u32 w5, w27;
1579 	int i;
1580 
1581 	if (!mt76_poll(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_BUSY, 0, 5000))
1582 		return;
1583 
1584 	for (i = n_rates; i < 4; i++)
1585 		rates[i] = rates[n_rates - 1];
1586 
1587 	val[0] = mt7615_mac_tx_rate_val(dev, &rates[0], stbc, &bw);
1588 	bw_prev = bw;
1589 
1590 	if (probe_rate) {
1591 		probe_val = mt7615_mac_tx_rate_val(dev, probe_rate, stbc, &bw);
1592 		if (bw)
1593 			bw_idx = 1;
1594 		else
1595 			bw_prev = 0;
1596 	} else {
1597 		probe_val = val[0];
1598 	}
1599 
1600 	val[1] = mt7615_mac_tx_rate_val(dev, &rates[1], stbc, &bw);
1601 	if (bw_prev) {
1602 		bw_idx = 3;
1603 		bw_prev = bw;
1604 	}
1605 
1606 	val[2] = mt7615_mac_tx_rate_val(dev, &rates[2], stbc, &bw);
1607 	if (bw_prev) {
1608 		bw_idx = 5;
1609 		bw_prev = bw;
1610 	}
1611 
1612 	val[3] = mt7615_mac_tx_rate_val(dev, &rates[3], stbc, &bw);
1613 	if (bw_prev)
1614 		bw_idx = 7;
1615 
1616 	w27 = mt76_rr(dev, addr + 27 * 4);
1617 	w27 &= ~MT_WTBL_W27_CC_BW_SEL;
1618 	w27 |= FIELD_PREP(MT_WTBL_W27_CC_BW_SEL, bw);
1619 
1620 	w5 = mt76_rr(dev, addr + 5 * 4);
1621 	w5 &= ~(MT_WTBL_W5_BW_CAP | MT_WTBL_W5_CHANGE_BW_RATE);
1622 	w5 |= FIELD_PREP(MT_WTBL_W5_BW_CAP, bw) |
1623 	      FIELD_PREP(MT_WTBL_W5_CHANGE_BW_RATE, bw_idx ? bw_idx - 1 : 7);
1624 
1625 	mt76_wr(dev, MT_WTBL_RIUCR0, w5);
1626 
1627 	mt76_wr(dev, MT_WTBL_RIUCR1,
1628 		FIELD_PREP(MT_WTBL_RIUCR1_RATE0, probe_val) |
1629 		FIELD_PREP(MT_WTBL_RIUCR1_RATE1, val[0]) |
1630 		FIELD_PREP(MT_WTBL_RIUCR1_RATE2_LO, val[0]));
1631 
1632 	mt76_wr(dev, MT_WTBL_RIUCR2,
1633 		FIELD_PREP(MT_WTBL_RIUCR2_RATE2_HI, val[0] >> 8) |
1634 		FIELD_PREP(MT_WTBL_RIUCR2_RATE3, val[1]) |
1635 		FIELD_PREP(MT_WTBL_RIUCR2_RATE4, val[1]) |
1636 		FIELD_PREP(MT_WTBL_RIUCR2_RATE5_LO, val[2]));
1637 
1638 	mt76_wr(dev, MT_WTBL_RIUCR3,
1639 		FIELD_PREP(MT_WTBL_RIUCR3_RATE5_HI, val[2] >> 4) |
1640 		FIELD_PREP(MT_WTBL_RIUCR3_RATE6, val[2]) |
1641 		FIELD_PREP(MT_WTBL_RIUCR3_RATE7, val[3]));
1642 
1643 	mt76_wr(dev, MT_WTBL_UPDATE,
1644 		FIELD_PREP(MT_WTBL_UPDATE_WLAN_IDX, wcid) |
1645 		MT_WTBL_UPDATE_RATE_UPDATE |
1646 		MT_WTBL_UPDATE_TX_COUNT_CLEAR);
1647 
1648 	mt76_wr(dev, addr + 27 * 4, w27);
1649 
1650 	if (!(sta->wcid.tx_info & MT_WCID_TX_INFO_SET))
1651 		mt76_poll(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_BUSY, 0, 5000);
1652 
1653 	sta->rate_count = 2 * MT7615_RATE_RETRY * n_rates;
1654 	sta->wcid.tx_info |= MT_WCID_TX_INFO_SET;
1655 }
1656