1 // SPDX-License-Identifier: ISC 2 /* Copyright (C) 2019 MediaTek Inc. 3 * 4 * Author: Roy Luo <royluo@google.com> 5 * Ryder Lee <ryder.lee@mediatek.com> 6 */ 7 8 #include <linux/firmware.h> 9 #include "mt7615.h" 10 #include "mcu.h" 11 #include "mac.h" 12 #include "eeprom.h" 13 14 struct mt7615_patch_hdr { 15 char build_date[16]; 16 char platform[4]; 17 __be32 hw_sw_ver; 18 __be32 patch_ver; 19 __be16 checksum; 20 } __packed; 21 22 struct mt7615_fw_trailer { 23 __le32 addr; 24 u8 chip_id; 25 u8 feature_set; 26 u8 eco_code; 27 char fw_ver[10]; 28 char build_date[15]; 29 __le32 len; 30 } __packed; 31 32 #define MCU_PATCH_ADDRESS 0x80000 33 34 #define N9_REGION_NUM 2 35 #define CR4_REGION_NUM 1 36 37 #define IMG_CRC_LEN 4 38 39 #define FW_FEATURE_SET_ENCRYPT BIT(0) 40 #define FW_FEATURE_SET_KEY_IDX GENMASK(2, 1) 41 42 #define DL_MODE_ENCRYPT BIT(0) 43 #define DL_MODE_KEY_IDX GENMASK(2, 1) 44 #define DL_MODE_RESET_SEC_IV BIT(3) 45 #define DL_MODE_WORKING_PDA_CR4 BIT(4) 46 #define DL_MODE_NEED_RSP BIT(31) 47 48 #define FW_START_OVERRIDE BIT(0) 49 #define FW_START_WORKING_PDA_CR4 BIT(2) 50 51 static int __mt7615_mcu_msg_send(struct mt7615_dev *dev, struct sk_buff *skb, 52 int cmd, int query, int dest, int *wait_seq) 53 { 54 struct mt7615_mcu_txd *mcu_txd; 55 u8 seq, q_idx, pkt_fmt; 56 enum mt76_txq_id qid; 57 u32 val; 58 __le32 *txd; 59 60 if (!skb) 61 return -EINVAL; 62 63 seq = ++dev->mt76.mmio.mcu.msg_seq & 0xf; 64 if (!seq) 65 seq = ++dev->mt76.mmio.mcu.msg_seq & 0xf; 66 67 mcu_txd = (struct mt7615_mcu_txd *)skb_push(skb, 68 sizeof(struct mt7615_mcu_txd)); 69 memset(mcu_txd, 0, sizeof(struct mt7615_mcu_txd)); 70 71 if (cmd != -MCU_CMD_FW_SCATTER) { 72 q_idx = MT_TX_MCU_PORT_RX_Q0; 73 pkt_fmt = MT_TX_TYPE_CMD; 74 } else { 75 q_idx = MT_TX_MCU_PORT_RX_FWDL; 76 pkt_fmt = MT_TX_TYPE_FW; 77 } 78 79 txd = mcu_txd->txd; 80 81 val = FIELD_PREP(MT_TXD0_TX_BYTES, cpu_to_le16(skb->len)) | 82 FIELD_PREP(MT_TXD0_P_IDX, MT_TX_PORT_IDX_MCU) | 83 FIELD_PREP(MT_TXD0_Q_IDX, q_idx); 84 txd[0] = cpu_to_le32(val); 85 86 val = MT_TXD1_LONG_FORMAT | 87 FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD) | 88 FIELD_PREP(MT_TXD1_PKT_FMT, pkt_fmt); 89 txd[1] = cpu_to_le32(val); 90 91 mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd)); 92 mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU, q_idx)); 93 mcu_txd->pkt_type = MCU_PKT_ID; 94 mcu_txd->seq = seq; 95 96 if (cmd < 0) { 97 mcu_txd->cid = -cmd; 98 } else { 99 mcu_txd->cid = MCU_CMD_EXT_CID; 100 mcu_txd->ext_cid = cmd; 101 if (query != MCU_Q_NA) 102 mcu_txd->ext_cid_ack = 1; 103 } 104 105 mcu_txd->set_query = query; 106 mcu_txd->s2d_index = dest; 107 108 if (wait_seq) 109 *wait_seq = seq; 110 111 if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mt76.state)) 112 qid = MT_TXQ_MCU; 113 else 114 qid = MT_TXQ_FWDL; 115 116 return mt76_tx_queue_skb_raw(dev, qid, skb, 0); 117 } 118 119 static int mt7615_mcu_msg_send(struct mt7615_dev *dev, struct sk_buff *skb, 120 int cmd, int query, int dest, 121 struct sk_buff **skb_ret) 122 { 123 unsigned long expires = jiffies + 10 * HZ; 124 struct mt7615_mcu_rxd *rxd; 125 int ret, seq; 126 127 mutex_lock(&dev->mt76.mmio.mcu.mutex); 128 129 ret = __mt7615_mcu_msg_send(dev, skb, cmd, query, dest, &seq); 130 if (ret) 131 goto out; 132 133 while (1) { 134 skb = mt76_mcu_get_response(&dev->mt76, expires); 135 if (!skb) { 136 dev_err(dev->mt76.dev, "Message %d (seq %d) timeout\n", 137 cmd, seq); 138 ret = -ETIMEDOUT; 139 break; 140 } 141 142 rxd = (struct mt7615_mcu_rxd *)skb->data; 143 if (seq != rxd->seq) 144 continue; 145 146 if (skb_ret) { 147 int hdr_len = sizeof(*rxd); 148 149 if (!test_bit(MT76_STATE_MCU_RUNNING, 150 &dev->mt76.state)) 151 hdr_len -= 4; 152 skb_pull(skb, hdr_len); 153 *skb_ret = skb; 154 } else { 155 dev_kfree_skb(skb); 156 } 157 158 break; 159 } 160 161 out: 162 mutex_unlock(&dev->mt76.mmio.mcu.mutex); 163 164 return ret; 165 } 166 167 static int mt7615_mcu_init_download(struct mt7615_dev *dev, u32 addr, 168 u32 len, u32 mode) 169 { 170 struct { 171 __le32 addr; 172 __le32 len; 173 __le32 mode; 174 } req = { 175 .addr = cpu_to_le32(addr), 176 .len = cpu_to_le32(len), 177 .mode = cpu_to_le32(mode), 178 }; 179 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req)); 180 181 return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_TARGET_ADDRESS_LEN_REQ, 182 MCU_Q_NA, MCU_S2D_H2N, NULL); 183 } 184 185 static int mt7615_mcu_send_firmware(struct mt7615_dev *dev, const void *data, 186 int len) 187 { 188 struct sk_buff *skb; 189 int ret = 0; 190 191 while (len > 0) { 192 int cur_len = min_t(int, 4096 - sizeof(struct mt7615_mcu_txd), 193 len); 194 195 skb = mt7615_mcu_msg_alloc(data, cur_len); 196 if (!skb) 197 return -ENOMEM; 198 199 ret = __mt7615_mcu_msg_send(dev, skb, -MCU_CMD_FW_SCATTER, 200 MCU_Q_NA, MCU_S2D_H2N, NULL); 201 if (ret) 202 break; 203 204 data += cur_len; 205 len -= cur_len; 206 } 207 208 return ret; 209 } 210 211 static int mt7615_mcu_start_firmware(struct mt7615_dev *dev, u32 addr, 212 u32 option) 213 { 214 struct { 215 __le32 option; 216 __le32 addr; 217 } req = { 218 .option = cpu_to_le32(option), 219 .addr = cpu_to_le32(addr), 220 }; 221 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req)); 222 223 return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_FW_START_REQ, 224 MCU_Q_NA, MCU_S2D_H2N, NULL); 225 } 226 227 static int mt7615_mcu_restart(struct mt7615_dev *dev) 228 { 229 struct sk_buff *skb = mt7615_mcu_msg_alloc(NULL, 0); 230 231 return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_RESTART_DL_REQ, 232 MCU_Q_NA, MCU_S2D_H2N, NULL); 233 } 234 235 static int mt7615_mcu_patch_sem_ctrl(struct mt7615_dev *dev, bool get) 236 { 237 struct { 238 __le32 operation; 239 } req = { 240 .operation = cpu_to_le32(get ? PATCH_SEM_GET : 241 PATCH_SEM_RELEASE), 242 }; 243 struct event { 244 u8 status; 245 u8 reserved[3]; 246 } *resp; 247 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req)); 248 struct sk_buff *skb_ret; 249 int ret; 250 251 ret = mt7615_mcu_msg_send(dev, skb, -MCU_CMD_PATCH_SEM_CONTROL, 252 MCU_Q_NA, MCU_S2D_H2N, &skb_ret); 253 if (ret) 254 goto out; 255 256 resp = (struct event *)(skb_ret->data); 257 ret = resp->status; 258 dev_kfree_skb(skb_ret); 259 260 out: 261 return ret; 262 } 263 264 static int mt7615_mcu_start_patch(struct mt7615_dev *dev) 265 { 266 struct { 267 u8 check_crc; 268 u8 reserved[3]; 269 } req = { 270 .check_crc = 0, 271 }; 272 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req)); 273 274 return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_PATCH_FINISH_REQ, 275 MCU_Q_NA, MCU_S2D_H2N, NULL); 276 } 277 278 static int mt7615_driver_own(struct mt7615_dev *dev) 279 { 280 mt76_wr(dev, MT_CFG_LPCR_HOST, MT_CFG_LPCR_HOST_DRV_OWN); 281 if (!mt76_poll_msec(dev, MT_CFG_LPCR_HOST, 282 MT_CFG_LPCR_HOST_FW_OWN, 0, 500)) { 283 dev_err(dev->mt76.dev, "Timeout for driver own\n"); 284 return -EIO; 285 } 286 287 return 0; 288 } 289 290 static int mt7615_load_patch(struct mt7615_dev *dev) 291 { 292 const struct firmware *fw; 293 const struct mt7615_patch_hdr *hdr; 294 const char *firmware = MT7615_ROM_PATCH; 295 int len, ret, sem; 296 297 sem = mt7615_mcu_patch_sem_ctrl(dev, 1); 298 switch (sem) { 299 case PATCH_IS_DL: 300 return 0; 301 case PATCH_NOT_DL_SEM_SUCCESS: 302 break; 303 default: 304 dev_err(dev->mt76.dev, "Failed to get patch semaphore\n"); 305 return -EAGAIN; 306 } 307 308 ret = request_firmware(&fw, firmware, dev->mt76.dev); 309 if (ret) 310 return ret; 311 312 if (!fw || !fw->data || fw->size < sizeof(*hdr)) { 313 dev_err(dev->mt76.dev, "Invalid firmware\n"); 314 ret = -EINVAL; 315 goto out; 316 } 317 318 hdr = (const struct mt7615_patch_hdr *)(fw->data); 319 320 dev_info(dev->mt76.dev, "HW/SW Version: 0x%x, Build Time: %.16s\n", 321 be32_to_cpu(hdr->hw_sw_ver), hdr->build_date); 322 323 len = fw->size - sizeof(*hdr); 324 325 ret = mt7615_mcu_init_download(dev, MCU_PATCH_ADDRESS, len, 326 DL_MODE_NEED_RSP); 327 if (ret) { 328 dev_err(dev->mt76.dev, "Download request failed\n"); 329 goto out; 330 } 331 332 ret = mt7615_mcu_send_firmware(dev, fw->data + sizeof(*hdr), len); 333 if (ret) { 334 dev_err(dev->mt76.dev, "Failed to send firmware to device\n"); 335 goto out; 336 } 337 338 ret = mt7615_mcu_start_patch(dev); 339 if (ret) 340 dev_err(dev->mt76.dev, "Failed to start patch\n"); 341 342 out: 343 release_firmware(fw); 344 345 sem = mt7615_mcu_patch_sem_ctrl(dev, 0); 346 switch (sem) { 347 case PATCH_REL_SEM_SUCCESS: 348 break; 349 default: 350 ret = -EAGAIN; 351 dev_err(dev->mt76.dev, "Failed to release patch semaphore\n"); 352 break; 353 } 354 355 return ret; 356 } 357 358 static u32 gen_dl_mode(u8 feature_set, bool is_cr4) 359 { 360 u32 ret = 0; 361 362 ret |= (feature_set & FW_FEATURE_SET_ENCRYPT) ? 363 (DL_MODE_ENCRYPT | DL_MODE_RESET_SEC_IV) : 0; 364 ret |= FIELD_PREP(DL_MODE_KEY_IDX, 365 FIELD_GET(FW_FEATURE_SET_KEY_IDX, feature_set)); 366 ret |= DL_MODE_NEED_RSP; 367 ret |= is_cr4 ? DL_MODE_WORKING_PDA_CR4 : 0; 368 369 return ret; 370 } 371 372 static int mt7615_load_ram(struct mt7615_dev *dev) 373 { 374 const struct firmware *fw; 375 const struct mt7615_fw_trailer *hdr; 376 const char *n9_firmware = MT7615_FIRMWARE_N9; 377 const char *cr4_firmware = MT7615_FIRMWARE_CR4; 378 u32 n9_ilm_addr, offset; 379 int i, ret; 380 381 ret = request_firmware(&fw, n9_firmware, dev->mt76.dev); 382 if (ret) 383 return ret; 384 385 if (!fw || !fw->data || fw->size < N9_REGION_NUM * sizeof(*hdr)) { 386 dev_err(dev->mt76.dev, "Invalid firmware\n"); 387 ret = -EINVAL; 388 goto out; 389 } 390 391 hdr = (const struct mt7615_fw_trailer *)(fw->data + fw->size - 392 N9_REGION_NUM * sizeof(*hdr)); 393 394 dev_info(dev->mt76.dev, "N9 Firmware Version: %.10s, Build Time: %.15s\n", 395 hdr->fw_ver, hdr->build_date); 396 397 n9_ilm_addr = le32_to_cpu(hdr->addr); 398 399 for (offset = 0, i = 0; i < N9_REGION_NUM; i++) { 400 u32 len, addr, mode; 401 402 len = le32_to_cpu(hdr[i].len) + IMG_CRC_LEN; 403 addr = le32_to_cpu(hdr[i].addr); 404 mode = gen_dl_mode(hdr[i].feature_set, false); 405 406 ret = mt7615_mcu_init_download(dev, addr, len, mode); 407 if (ret) { 408 dev_err(dev->mt76.dev, "Download request failed\n"); 409 goto out; 410 } 411 412 ret = mt7615_mcu_send_firmware(dev, fw->data + offset, len); 413 if (ret) { 414 dev_err(dev->mt76.dev, "Failed to send firmware to device\n"); 415 goto out; 416 } 417 418 offset += len; 419 } 420 421 ret = mt7615_mcu_start_firmware(dev, n9_ilm_addr, FW_START_OVERRIDE); 422 if (ret) { 423 dev_err(dev->mt76.dev, "Failed to start N9 firmware\n"); 424 goto out; 425 } 426 427 release_firmware(fw); 428 429 ret = request_firmware(&fw, cr4_firmware, dev->mt76.dev); 430 if (ret) 431 return ret; 432 433 if (!fw || !fw->data || fw->size < CR4_REGION_NUM * sizeof(*hdr)) { 434 dev_err(dev->mt76.dev, "Invalid firmware\n"); 435 ret = -EINVAL; 436 goto out; 437 } 438 439 hdr = (const struct mt7615_fw_trailer *)(fw->data + fw->size - 440 CR4_REGION_NUM * sizeof(*hdr)); 441 442 dev_info(dev->mt76.dev, "CR4 Firmware Version: %.10s, Build Time: %.15s\n", 443 hdr->fw_ver, hdr->build_date); 444 445 for (offset = 0, i = 0; i < CR4_REGION_NUM; i++) { 446 u32 len, addr, mode; 447 448 len = le32_to_cpu(hdr[i].len) + IMG_CRC_LEN; 449 addr = le32_to_cpu(hdr[i].addr); 450 mode = gen_dl_mode(hdr[i].feature_set, true); 451 452 ret = mt7615_mcu_init_download(dev, addr, len, mode); 453 if (ret) { 454 dev_err(dev->mt76.dev, "Download request failed\n"); 455 goto out; 456 } 457 458 ret = mt7615_mcu_send_firmware(dev, fw->data + offset, len); 459 if (ret) { 460 dev_err(dev->mt76.dev, "Failed to send firmware to device\n"); 461 goto out; 462 } 463 464 offset += len; 465 } 466 467 ret = mt7615_mcu_start_firmware(dev, 0, FW_START_WORKING_PDA_CR4); 468 if (ret) 469 dev_err(dev->mt76.dev, "Failed to start CR4 firmware\n"); 470 471 out: 472 release_firmware(fw); 473 474 return ret; 475 } 476 477 static int mt7615_load_firmware(struct mt7615_dev *dev) 478 { 479 int ret; 480 u32 val; 481 482 val = mt76_get_field(dev, MT_TOP_MISC2, MT_TOP_MISC2_FW_STATE); 483 484 if (val != FW_STATE_FW_DOWNLOAD) { 485 dev_err(dev->mt76.dev, "Firmware is not ready for download\n"); 486 return -EIO; 487 } 488 489 ret = mt7615_load_patch(dev); 490 if (ret) 491 return ret; 492 493 ret = mt7615_load_ram(dev); 494 if (ret) 495 return ret; 496 497 if (!mt76_poll_msec(dev, MT_TOP_MISC2, MT_TOP_MISC2_FW_STATE, 498 FIELD_PREP(MT_TOP_MISC2_FW_STATE, 499 FW_STATE_CR4_RDY), 500)) { 500 dev_err(dev->mt76.dev, "Timeout for initializing firmware\n"); 501 return -EIO; 502 } 503 504 dev_dbg(dev->mt76.dev, "Firmware init done\n"); 505 506 return 0; 507 } 508 509 int mt7615_mcu_init(struct mt7615_dev *dev) 510 { 511 int ret; 512 513 ret = mt7615_driver_own(dev); 514 if (ret) 515 return ret; 516 517 ret = mt7615_load_firmware(dev); 518 if (ret) 519 return ret; 520 521 set_bit(MT76_STATE_MCU_RUNNING, &dev->mt76.state); 522 523 return 0; 524 } 525 526 void mt7615_mcu_exit(struct mt7615_dev *dev) 527 { 528 mt7615_mcu_restart(dev); 529 mt76_wr(dev, MT_CFG_LPCR_HOST, MT_CFG_LPCR_HOST_FW_OWN); 530 skb_queue_purge(&dev->mt76.mmio.mcu.res_q); 531 } 532 533 int mt7615_mcu_set_eeprom(struct mt7615_dev *dev) 534 { 535 struct req_data { 536 u8 val; 537 } __packed; 538 struct { 539 u8 buffer_mode; 540 u8 pad; 541 u16 len; 542 } __packed req_hdr = { 543 .buffer_mode = 1, 544 .len = __MT_EE_MAX - MT_EE_NIC_CONF_0, 545 }; 546 struct sk_buff *skb; 547 struct req_data *data; 548 const int size = (__MT_EE_MAX - MT_EE_NIC_CONF_0) * 549 sizeof(struct req_data); 550 u8 *eep = (u8 *)dev->mt76.eeprom.data; 551 u16 off; 552 553 skb = mt7615_mcu_msg_alloc(NULL, size + sizeof(req_hdr)); 554 memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr)); 555 data = (struct req_data *)skb_put(skb, size); 556 memset(data, 0, size); 557 558 for (off = MT_EE_NIC_CONF_0; off < __MT_EE_MAX; off++) 559 data[off - MT_EE_NIC_CONF_0].val = eep[off]; 560 561 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_EFUSE_BUFFER_MODE, 562 MCU_Q_SET, MCU_S2D_H2N, NULL); 563 } 564 565 int mt7615_mcu_init_mac(struct mt7615_dev *dev) 566 { 567 struct { 568 u8 enable; 569 u8 band; 570 u8 rsv[2]; 571 } __packed req = { 572 .enable = 1, 573 .band = 0, 574 }; 575 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req)); 576 577 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_MAC_INIT_CTRL, 578 MCU_Q_SET, MCU_S2D_H2N, NULL); 579 } 580 581 int mt7615_mcu_set_rts_thresh(struct mt7615_dev *dev, u32 val) 582 { 583 struct { 584 u8 prot_idx; 585 u8 band; 586 u8 rsv[2]; 587 __le32 len_thresh; 588 __le32 pkt_thresh; 589 } __packed req = { 590 .prot_idx = 1, 591 .band = 0, 592 .len_thresh = cpu_to_le32(val), 593 .pkt_thresh = cpu_to_le32(0x2), 594 }; 595 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req)); 596 597 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_PROTECT_CTRL, 598 MCU_Q_SET, MCU_S2D_H2N, NULL); 599 } 600 601 int mt7615_mcu_set_wmm(struct mt7615_dev *dev, u8 queue, 602 const struct ieee80211_tx_queue_params *params) 603 { 604 #define WMM_AIFS_SET BIT(0) 605 #define WMM_CW_MIN_SET BIT(1) 606 #define WMM_CW_MAX_SET BIT(2) 607 #define WMM_TXOP_SET BIT(3) 608 struct req_data { 609 u8 number; 610 u8 rsv[3]; 611 u8 queue; 612 u8 valid; 613 u8 aifs; 614 u8 cw_min; 615 __le16 cw_max; 616 __le16 txop; 617 } __packed req = { 618 .number = 1, 619 .queue = queue, 620 .valid = WMM_AIFS_SET | WMM_TXOP_SET, 621 .aifs = params->aifs, 622 .txop = cpu_to_le16(params->txop), 623 }; 624 struct sk_buff *skb; 625 626 if (params->cw_min) { 627 req.valid |= WMM_CW_MIN_SET; 628 req.cw_min = params->cw_min; 629 } 630 if (params->cw_max) { 631 req.valid |= WMM_CW_MAX_SET; 632 req.cw_max = cpu_to_le16(params->cw_max); 633 } 634 635 skb = mt7615_mcu_msg_alloc(&req, sizeof(req)); 636 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_EDCA_UPDATE, 637 MCU_Q_SET, MCU_S2D_H2N, NULL); 638 } 639 640 int mt7615_mcu_ctrl_pm_state(struct mt7615_dev *dev, int enter) 641 { 642 #define ENTER_PM_STATE 1 643 #define EXIT_PM_STATE 2 644 struct { 645 u8 pm_number; 646 u8 pm_state; 647 u8 bssid[ETH_ALEN]; 648 u8 dtim_period; 649 u8 wlan_idx; 650 __le16 bcn_interval; 651 __le32 aid; 652 __le32 rx_filter; 653 u8 band_idx; 654 u8 rsv[3]; 655 __le32 feature; 656 u8 omac_idx; 657 u8 wmm_idx; 658 u8 bcn_loss_cnt; 659 u8 bcn_sp_duration; 660 } __packed req = { 661 .pm_number = 5, 662 .pm_state = (enter) ? ENTER_PM_STATE : EXIT_PM_STATE, 663 .band_idx = 0, 664 }; 665 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req)); 666 667 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_PM_STATE_CTRL, 668 MCU_Q_SET, MCU_S2D_H2N, NULL); 669 } 670 671 static int __mt7615_mcu_set_dev_info(struct mt7615_dev *dev, 672 struct dev_info *dev_info) 673 { 674 struct req_hdr { 675 u8 omac_idx; 676 u8 band_idx; 677 __le16 tlv_num; 678 u8 is_tlv_append; 679 u8 rsv[3]; 680 } __packed req_hdr = {0}; 681 struct req_tlv { 682 __le16 tag; 683 __le16 len; 684 u8 active; 685 u8 band_idx; 686 u8 omac_addr[ETH_ALEN]; 687 } __packed; 688 struct sk_buff *skb; 689 u16 tlv_num = 0; 690 691 skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) + 692 sizeof(struct req_tlv)); 693 skb_reserve(skb, sizeof(req_hdr)); 694 695 if (dev_info->feature & BIT(DEV_INFO_ACTIVE)) { 696 struct req_tlv req_tlv = { 697 .tag = cpu_to_le16(DEV_INFO_ACTIVE), 698 .len = cpu_to_le16(sizeof(req_tlv)), 699 .active = dev_info->enable, 700 .band_idx = dev_info->band_idx, 701 }; 702 memcpy(req_tlv.omac_addr, dev_info->omac_addr, ETH_ALEN); 703 memcpy(skb_put(skb, sizeof(req_tlv)), &req_tlv, 704 sizeof(req_tlv)); 705 tlv_num++; 706 } 707 708 req_hdr.omac_idx = dev_info->omac_idx; 709 req_hdr.band_idx = dev_info->band_idx; 710 req_hdr.tlv_num = cpu_to_le16(tlv_num); 711 req_hdr.is_tlv_append = tlv_num ? 1 : 0; 712 713 memcpy(skb_push(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr)); 714 715 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_DEV_INFO_UPDATE, 716 MCU_Q_SET, MCU_S2D_H2N, NULL); 717 } 718 719 int mt7615_mcu_set_dev_info(struct mt7615_dev *dev, struct ieee80211_vif *vif, 720 int en) 721 { 722 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv; 723 struct dev_info dev_info = {0}; 724 725 dev_info.omac_idx = mvif->omac_idx; 726 memcpy(dev_info.omac_addr, vif->addr, ETH_ALEN); 727 dev_info.band_idx = mvif->band_idx; 728 dev_info.enable = en; 729 dev_info.feature = BIT(DEV_INFO_ACTIVE); 730 731 return __mt7615_mcu_set_dev_info(dev, &dev_info); 732 } 733 734 static void bss_info_omac_handler (struct mt7615_dev *dev, 735 struct bss_info *bss_info, 736 struct sk_buff *skb) 737 { 738 struct bss_info_omac tlv = {0}; 739 740 tlv.tag = cpu_to_le16(BSS_INFO_OMAC); 741 tlv.len = cpu_to_le16(sizeof(tlv)); 742 tlv.hw_bss_idx = (bss_info->omac_idx > EXT_BSSID_START) ? 743 HW_BSSID_0 : bss_info->omac_idx; 744 tlv.omac_idx = bss_info->omac_idx; 745 tlv.band_idx = bss_info->band_idx; 746 tlv.conn_type = cpu_to_le32(bss_info->conn_type); 747 748 memcpy(skb_put(skb, sizeof(tlv)), &tlv, sizeof(tlv)); 749 } 750 751 static void bss_info_basic_handler (struct mt7615_dev *dev, 752 struct bss_info *bss_info, 753 struct sk_buff *skb) 754 { 755 struct bss_info_basic tlv = {0}; 756 757 tlv.tag = cpu_to_le16(BSS_INFO_BASIC); 758 tlv.len = cpu_to_le16(sizeof(tlv)); 759 tlv.network_type = cpu_to_le32(bss_info->network_type); 760 tlv.active = bss_info->enable; 761 tlv.bcn_interval = cpu_to_le16(bss_info->bcn_interval); 762 memcpy(tlv.bssid, bss_info->bssid, ETH_ALEN); 763 tlv.wmm_idx = bss_info->wmm_idx; 764 tlv.dtim_period = bss_info->dtim_period; 765 tlv.bmc_tx_wlan_idx = bss_info->bmc_tx_wlan_idx; 766 767 memcpy(skb_put(skb, sizeof(tlv)), &tlv, sizeof(tlv)); 768 } 769 770 static void bss_info_ext_bss_handler (struct mt7615_dev *dev, 771 struct bss_info *bss_info, 772 struct sk_buff *skb) 773 { 774 /* SIFS 20us + 512 byte beacon tranmitted by 1Mbps (3906us) */ 775 #define BCN_TX_ESTIMATE_TIME (4096 + 20) 776 struct bss_info_ext_bss tlv = {0}; 777 int ext_bss_idx; 778 779 ext_bss_idx = bss_info->omac_idx - EXT_BSSID_START; 780 781 if (ext_bss_idx < 0) 782 return; 783 784 tlv.tag = cpu_to_le16(BSS_INFO_EXT_BSS); 785 tlv.len = cpu_to_le16(sizeof(tlv)); 786 tlv.mbss_tsf_offset = ext_bss_idx * BCN_TX_ESTIMATE_TIME; 787 788 memcpy(skb_put(skb, sizeof(tlv)), &tlv, sizeof(tlv)); 789 } 790 791 static struct bss_info_tag_handler bss_info_tag_handler[] = { 792 {BSS_INFO_OMAC, sizeof(struct bss_info_omac), bss_info_omac_handler}, 793 {BSS_INFO_BASIC, sizeof(struct bss_info_basic), bss_info_basic_handler}, 794 {BSS_INFO_RF_CH, sizeof(struct bss_info_rf_ch), NULL}, 795 {BSS_INFO_PM, 0, NULL}, 796 {BSS_INFO_UAPSD, 0, NULL}, 797 {BSS_INFO_ROAM_DETECTION, 0, NULL}, 798 {BSS_INFO_LQ_RM, 0, NULL}, 799 {BSS_INFO_EXT_BSS, sizeof(struct bss_info_ext_bss), bss_info_ext_bss_handler}, 800 {BSS_INFO_BMC_INFO, 0, NULL}, 801 {BSS_INFO_SYNC_MODE, 0, NULL}, 802 {BSS_INFO_RA, 0, NULL}, 803 {BSS_INFO_MAX_NUM, 0, NULL}, 804 }; 805 806 static int __mt7615_mcu_set_bss_info(struct mt7615_dev *dev, 807 struct bss_info *bss_info) 808 { 809 struct req_hdr { 810 u8 bss_idx; 811 u8 rsv0; 812 __le16 tlv_num; 813 u8 is_tlv_append; 814 u8 rsv1[3]; 815 } __packed req_hdr = {0}; 816 struct sk_buff *skb; 817 u16 tlv_num = 0; 818 u32 size = 0; 819 int i; 820 821 for (i = 0; i < BSS_INFO_MAX_NUM; i++) 822 if ((BIT(bss_info_tag_handler[i].tag) & bss_info->feature) && 823 bss_info_tag_handler[i].handler) { 824 tlv_num++; 825 size += bss_info_tag_handler[i].len; 826 } 827 828 skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) + size); 829 830 req_hdr.bss_idx = bss_info->bss_idx; 831 req_hdr.tlv_num = cpu_to_le16(tlv_num); 832 req_hdr.is_tlv_append = tlv_num ? 1 : 0; 833 834 memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr)); 835 836 for (i = 0; i < BSS_INFO_MAX_NUM; i++) 837 if ((BIT(bss_info_tag_handler[i].tag) & bss_info->feature) && 838 bss_info_tag_handler[i].handler) 839 bss_info_tag_handler[i].handler(dev, bss_info, skb); 840 841 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_BSS_INFO_UPDATE, 842 MCU_Q_SET, MCU_S2D_H2N, NULL); 843 } 844 845 static void bss_info_convert_vif_type(enum nl80211_iftype type, 846 u32 *network_type, u32 *conn_type) 847 { 848 switch (type) { 849 case NL80211_IFTYPE_AP: 850 if (network_type) 851 *network_type = NETWORK_INFRA; 852 if (conn_type) 853 *conn_type = CONNECTION_INFRA_AP; 854 break; 855 case NL80211_IFTYPE_STATION: 856 if (network_type) 857 *network_type = NETWORK_INFRA; 858 if (conn_type) 859 *conn_type = CONNECTION_INFRA_STA; 860 break; 861 default: 862 WARN_ON(1); 863 break; 864 }; 865 } 866 867 int mt7615_mcu_set_bss_info(struct mt7615_dev *dev, struct ieee80211_vif *vif, 868 int en) 869 { 870 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv; 871 struct bss_info bss_info = {0}; 872 u8 bmc_tx_wlan_idx = 0; 873 u32 network_type = 0, conn_type = 0; 874 875 if (vif->type == NL80211_IFTYPE_AP) { 876 bmc_tx_wlan_idx = mvif->sta.wcid.idx; 877 } else if (vif->type == NL80211_IFTYPE_STATION) { 878 /* find the unicast entry for sta mode bmc tx */ 879 struct ieee80211_sta *ap_sta; 880 struct mt7615_sta *msta; 881 882 rcu_read_lock(); 883 884 ap_sta = ieee80211_find_sta(vif, vif->bss_conf.bssid); 885 if (!ap_sta) { 886 rcu_read_unlock(); 887 return -EINVAL; 888 } 889 890 msta = (struct mt7615_sta *)ap_sta->drv_priv; 891 bmc_tx_wlan_idx = msta->wcid.idx; 892 893 rcu_read_unlock(); 894 } else { 895 WARN_ON(1); 896 } 897 898 bss_info_convert_vif_type(vif->type, &network_type, &conn_type); 899 900 bss_info.bss_idx = mvif->idx; 901 memcpy(bss_info.bssid, vif->bss_conf.bssid, ETH_ALEN); 902 bss_info.omac_idx = mvif->omac_idx; 903 bss_info.band_idx = mvif->band_idx; 904 bss_info.bmc_tx_wlan_idx = bmc_tx_wlan_idx; 905 bss_info.wmm_idx = mvif->wmm_idx; 906 bss_info.network_type = network_type; 907 bss_info.conn_type = conn_type; 908 bss_info.bcn_interval = vif->bss_conf.beacon_int; 909 bss_info.dtim_period = vif->bss_conf.dtim_period; 910 bss_info.enable = en; 911 bss_info.feature = BIT(BSS_INFO_BASIC); 912 if (en) { 913 bss_info.feature |= BIT(BSS_INFO_OMAC); 914 if (mvif->omac_idx > EXT_BSSID_START) 915 bss_info.feature |= BIT(BSS_INFO_EXT_BSS); 916 } 917 918 return __mt7615_mcu_set_bss_info(dev, &bss_info); 919 } 920 921 static int __mt7615_mcu_set_wtbl(struct mt7615_dev *dev, int wlan_idx, 922 int operation, void *buf, int buf_len) 923 { 924 struct req_hdr { 925 u8 wlan_idx; 926 u8 operation; 927 __le16 tlv_num; 928 u8 rsv[4]; 929 } __packed req_hdr = {0}; 930 struct tlv { 931 __le16 tag; 932 __le16 len; 933 u8 buf[0]; 934 } __packed; 935 struct sk_buff *skb; 936 u16 tlv_num = 0; 937 int offset = 0; 938 939 while (offset < buf_len) { 940 struct tlv *tlv = (struct tlv *)((u8 *)buf + offset); 941 942 tlv_num++; 943 offset += tlv->len; 944 } 945 946 skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) + buf_len); 947 948 req_hdr.wlan_idx = wlan_idx; 949 req_hdr.operation = operation; 950 req_hdr.tlv_num = cpu_to_le16(tlv_num); 951 952 memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr)); 953 954 if (buf && buf_len) 955 memcpy(skb_put(skb, buf_len), buf, buf_len); 956 957 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_WTBL_UPDATE, 958 MCU_Q_SET, MCU_S2D_H2N, NULL); 959 } 960 961 static enum mt7615_cipher_type 962 mt7615_get_key_info(struct ieee80211_key_conf *key, u8 *key_data) 963 { 964 if (!key || key->keylen > 32) 965 return MT_CIPHER_NONE; 966 967 memcpy(key_data, key->key, key->keylen); 968 969 switch (key->cipher) { 970 case WLAN_CIPHER_SUITE_WEP40: 971 return MT_CIPHER_WEP40; 972 case WLAN_CIPHER_SUITE_WEP104: 973 return MT_CIPHER_WEP104; 974 case WLAN_CIPHER_SUITE_TKIP: 975 /* Rx/Tx MIC keys are swapped */ 976 memcpy(key_data + 16, key->key + 24, 8); 977 memcpy(key_data + 24, key->key + 16, 8); 978 return MT_CIPHER_TKIP; 979 case WLAN_CIPHER_SUITE_CCMP: 980 return MT_CIPHER_AES_CCMP; 981 case WLAN_CIPHER_SUITE_CCMP_256: 982 return MT_CIPHER_CCMP_256; 983 case WLAN_CIPHER_SUITE_GCMP: 984 return MT_CIPHER_GCMP; 985 case WLAN_CIPHER_SUITE_GCMP_256: 986 return MT_CIPHER_GCMP_256; 987 case WLAN_CIPHER_SUITE_SMS4: 988 return MT_CIPHER_WAPI; 989 default: 990 return MT_CIPHER_NONE; 991 } 992 } 993 994 int mt7615_mcu_set_wtbl_key(struct mt7615_dev *dev, int wcid, 995 struct ieee80211_key_conf *key, 996 enum set_key_cmd cmd) 997 { 998 struct wtbl_sec_key wtbl_sec_key = {0}; 999 int buf_len = sizeof(struct wtbl_sec_key); 1000 u8 cipher; 1001 1002 wtbl_sec_key.tag = cpu_to_le16(WTBL_SEC_KEY); 1003 wtbl_sec_key.len = cpu_to_le16(buf_len); 1004 wtbl_sec_key.add = cmd; 1005 1006 if (cmd == SET_KEY) { 1007 cipher = mt7615_get_key_info(key, wtbl_sec_key.key_material); 1008 if (cipher == MT_CIPHER_NONE && key) 1009 return -EOPNOTSUPP; 1010 1011 wtbl_sec_key.cipher_id = cipher; 1012 wtbl_sec_key.key_id = key->keyidx; 1013 wtbl_sec_key.key_len = key->keylen; 1014 } else { 1015 wtbl_sec_key.key_len = sizeof(wtbl_sec_key.key_material); 1016 } 1017 1018 return __mt7615_mcu_set_wtbl(dev, wcid, WTBL_SET, &wtbl_sec_key, 1019 buf_len); 1020 } 1021 1022 int mt7615_mcu_add_wtbl_bmc(struct mt7615_dev *dev, struct ieee80211_vif *vif) 1023 { 1024 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv; 1025 struct wtbl_generic *wtbl_generic; 1026 struct wtbl_rx *wtbl_rx; 1027 int buf_len, ret; 1028 u8 *buf; 1029 1030 buf = kzalloc(MT7615_WTBL_UPDATE_MAX_SIZE, GFP_KERNEL); 1031 if (!buf) 1032 return -ENOMEM; 1033 1034 wtbl_generic = (struct wtbl_generic *)buf; 1035 buf_len = sizeof(*wtbl_generic); 1036 wtbl_generic->tag = cpu_to_le16(WTBL_GENERIC); 1037 wtbl_generic->len = cpu_to_le16(buf_len); 1038 eth_broadcast_addr(wtbl_generic->peer_addr); 1039 wtbl_generic->muar_idx = 0xe; 1040 1041 wtbl_rx = (struct wtbl_rx *)(buf + buf_len); 1042 buf_len += sizeof(*wtbl_rx); 1043 wtbl_rx->tag = cpu_to_le16(WTBL_RX); 1044 wtbl_rx->len = cpu_to_le16(sizeof(*wtbl_rx)); 1045 wtbl_rx->rca1 = 1; 1046 wtbl_rx->rca2 = 1; 1047 wtbl_rx->rv = 1; 1048 1049 ret = __mt7615_mcu_set_wtbl(dev, mvif->sta.wcid.idx, 1050 WTBL_RESET_AND_SET, buf, buf_len); 1051 1052 kfree(buf); 1053 return ret; 1054 } 1055 1056 int mt7615_mcu_del_wtbl_bmc(struct mt7615_dev *dev, struct ieee80211_vif *vif) 1057 { 1058 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv; 1059 1060 return __mt7615_mcu_set_wtbl(dev, mvif->sta.wcid.idx, 1061 WTBL_RESET_AND_SET, NULL, 0); 1062 } 1063 1064 int mt7615_mcu_add_wtbl(struct mt7615_dev *dev, struct ieee80211_vif *vif, 1065 struct ieee80211_sta *sta) 1066 { 1067 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv; 1068 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv; 1069 struct wtbl_generic *wtbl_generic; 1070 struct wtbl_rx *wtbl_rx; 1071 int buf_len, ret; 1072 u8 *buf; 1073 1074 buf = kzalloc(MT7615_WTBL_UPDATE_MAX_SIZE, GFP_KERNEL); 1075 if (!buf) 1076 return -ENOMEM; 1077 1078 wtbl_generic = (struct wtbl_generic *)buf; 1079 buf_len = sizeof(*wtbl_generic); 1080 wtbl_generic->tag = cpu_to_le16(WTBL_GENERIC); 1081 wtbl_generic->len = cpu_to_le16(buf_len); 1082 memcpy(wtbl_generic->peer_addr, sta->addr, ETH_ALEN); 1083 wtbl_generic->muar_idx = mvif->omac_idx; 1084 wtbl_generic->qos = sta->wme; 1085 wtbl_generic->partial_aid = cpu_to_le16(sta->aid); 1086 1087 wtbl_rx = (struct wtbl_rx *)(buf + buf_len); 1088 buf_len += sizeof(*wtbl_rx); 1089 wtbl_rx->tag = cpu_to_le16(WTBL_RX); 1090 wtbl_rx->len = cpu_to_le16(sizeof(*wtbl_rx)); 1091 wtbl_rx->rca1 = (vif->type == NL80211_IFTYPE_AP) ? 0 : 1; 1092 wtbl_rx->rca2 = 1; 1093 wtbl_rx->rv = 1; 1094 1095 ret = __mt7615_mcu_set_wtbl(dev, msta->wcid.idx, 1096 WTBL_RESET_AND_SET, buf, buf_len); 1097 1098 kfree(buf); 1099 return ret; 1100 } 1101 1102 int mt7615_mcu_del_wtbl(struct mt7615_dev *dev, struct ieee80211_vif *vif, 1103 struct ieee80211_sta *sta) 1104 { 1105 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv; 1106 1107 return __mt7615_mcu_set_wtbl(dev, msta->wcid.idx, 1108 WTBL_RESET_AND_SET, NULL, 0); 1109 } 1110 1111 int mt7615_mcu_del_wtbl_all(struct mt7615_dev *dev) 1112 { 1113 return __mt7615_mcu_set_wtbl(dev, 0, WTBL_RESET_ALL, NULL, 0); 1114 } 1115 1116 static int __mt7615_mcu_set_sta_rec(struct mt7615_dev *dev, int bss_idx, 1117 int wlan_idx, int muar_idx, void *buf, 1118 int buf_len) 1119 { 1120 struct req_hdr { 1121 u8 bss_idx; 1122 u8 wlan_idx; 1123 __le16 tlv_num; 1124 u8 is_tlv_append; 1125 u8 muar_idx; 1126 u8 rsv[2]; 1127 } __packed req_hdr = {0}; 1128 struct tlv { 1129 __le16 tag; 1130 __le16 len; 1131 u8 buf[0]; 1132 } __packed; 1133 struct sk_buff *skb; 1134 u16 tlv_num = 0; 1135 int offset = 0; 1136 1137 while (offset < buf_len) { 1138 struct tlv *tlv = (struct tlv *)((u8 *)buf + offset); 1139 1140 tlv_num++; 1141 offset += tlv->len; 1142 } 1143 1144 skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) + buf_len); 1145 1146 req_hdr.bss_idx = bss_idx; 1147 req_hdr.wlan_idx = wlan_idx; 1148 req_hdr.tlv_num = cpu_to_le16(tlv_num); 1149 req_hdr.is_tlv_append = tlv_num ? 1 : 0; 1150 req_hdr.muar_idx = muar_idx; 1151 1152 memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr)); 1153 1154 if (buf && buf_len) 1155 memcpy(skb_put(skb, buf_len), buf, buf_len); 1156 1157 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_STA_REC_UPDATE, 1158 MCU_Q_SET, MCU_S2D_H2N, NULL); 1159 } 1160 1161 int mt7615_mcu_set_sta_rec_bmc(struct mt7615_dev *dev, 1162 struct ieee80211_vif *vif, bool en) 1163 { 1164 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv; 1165 struct sta_rec_basic sta_rec_basic = {0}; 1166 int buf_len = sizeof(struct sta_rec_basic); 1167 1168 sta_rec_basic.tag = cpu_to_le16(STA_REC_BASIC); 1169 sta_rec_basic.len = cpu_to_le16(buf_len); 1170 sta_rec_basic.conn_type = cpu_to_le32(CONNECTION_INFRA_BC); 1171 eth_broadcast_addr(sta_rec_basic.peer_addr); 1172 if (en) { 1173 sta_rec_basic.conn_state = CONN_STATE_PORT_SECURE; 1174 sta_rec_basic.extra_info = 1175 cpu_to_le16(EXTRA_INFO_VER | EXTRA_INFO_NEW); 1176 } else { 1177 sta_rec_basic.conn_state = CONN_STATE_DISCONNECT; 1178 sta_rec_basic.extra_info = cpu_to_le16(EXTRA_INFO_VER); 1179 } 1180 1181 return __mt7615_mcu_set_sta_rec(dev, mvif->idx, mvif->sta.wcid.idx, 1182 mvif->omac_idx, &sta_rec_basic, 1183 buf_len); 1184 } 1185 1186 static void sta_rec_convert_vif_type(enum nl80211_iftype type, u32 *conn_type) 1187 { 1188 switch (type) { 1189 case NL80211_IFTYPE_AP: 1190 if (conn_type) 1191 *conn_type = CONNECTION_INFRA_STA; 1192 break; 1193 case NL80211_IFTYPE_STATION: 1194 if (conn_type) 1195 *conn_type = CONNECTION_INFRA_AP; 1196 break; 1197 default: 1198 WARN_ON(1); 1199 break; 1200 }; 1201 } 1202 1203 int mt7615_mcu_set_sta_rec(struct mt7615_dev *dev, struct ieee80211_vif *vif, 1204 struct ieee80211_sta *sta, bool en) 1205 { 1206 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv; 1207 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv; 1208 struct sta_rec_basic sta_rec_basic = {0}; 1209 int buf_len = sizeof(struct sta_rec_basic); 1210 u32 conn_type = 0; 1211 1212 sta_rec_convert_vif_type(vif->type, &conn_type); 1213 1214 sta_rec_basic.tag = cpu_to_le16(STA_REC_BASIC); 1215 sta_rec_basic.len = cpu_to_le16(buf_len); 1216 sta_rec_basic.conn_type = cpu_to_le32(conn_type); 1217 sta_rec_basic.qos = sta->wme; 1218 sta_rec_basic.aid = cpu_to_le16(sta->aid); 1219 memcpy(sta_rec_basic.peer_addr, sta->addr, ETH_ALEN); 1220 1221 if (en) { 1222 sta_rec_basic.conn_state = CONN_STATE_PORT_SECURE; 1223 sta_rec_basic.extra_info = 1224 cpu_to_le16(EXTRA_INFO_VER | EXTRA_INFO_NEW); 1225 } else { 1226 sta_rec_basic.conn_state = CONN_STATE_DISCONNECT; 1227 sta_rec_basic.extra_info = cpu_to_le16(EXTRA_INFO_VER); 1228 } 1229 1230 return __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx, 1231 mvif->omac_idx, &sta_rec_basic, 1232 buf_len); 1233 } 1234 1235 int mt7615_mcu_set_bcn(struct mt7615_dev *dev, struct ieee80211_vif *vif, 1236 int en) 1237 { 1238 struct req { 1239 u8 omac_idx; 1240 u8 enable; 1241 u8 wlan_idx; 1242 u8 band_idx; 1243 u8 pkt_type; 1244 u8 need_pre_tbtt_int; 1245 __le16 csa_ie_pos; 1246 __le16 pkt_len; 1247 __le16 tim_ie_pos; 1248 u8 pkt[512]; 1249 u8 csa_cnt; 1250 /* bss color change */ 1251 u8 bcc_cnt; 1252 __le16 bcc_ie_pos; 1253 } __packed req = {0}; 1254 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv; 1255 struct mt76_wcid *wcid = &dev->mt76.global_wcid; 1256 struct sk_buff *skb; 1257 u16 tim_off, tim_len; 1258 1259 skb = ieee80211_beacon_get_tim(mt76_hw(dev), vif, &tim_off, &tim_len); 1260 1261 if (!skb) 1262 return -EINVAL; 1263 1264 if (skb->len > 512 - MT_TXD_SIZE) { 1265 dev_err(dev->mt76.dev, "Bcn size limit exceed\n"); 1266 dev_kfree_skb(skb); 1267 return -EINVAL; 1268 } 1269 1270 mt7615_mac_write_txwi(dev, (__le32 *)(req.pkt), skb, wcid, NULL, 1271 0, NULL); 1272 memcpy(req.pkt + MT_TXD_SIZE, skb->data, skb->len); 1273 dev_kfree_skb(skb); 1274 1275 req.omac_idx = mvif->omac_idx; 1276 req.enable = en; 1277 req.wlan_idx = wcid->idx; 1278 req.band_idx = mvif->band_idx; 1279 /* pky_type: 0 for bcn, 1 for tim */ 1280 req.pkt_type = 0; 1281 req.pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len); 1282 req.tim_ie_pos = cpu_to_le16(MT_TXD_SIZE + tim_off); 1283 1284 skb = mt7615_mcu_msg_alloc(&req, sizeof(req)); 1285 1286 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_BCN_OFFLOAD, 1287 MCU_Q_SET, MCU_S2D_H2N, NULL); 1288 } 1289 1290 int mt7615_mcu_set_channel(struct mt7615_dev *dev) 1291 { 1292 struct cfg80211_chan_def *chdef = &dev->mt76.chandef; 1293 struct { 1294 u8 control_chan; 1295 u8 center_chan; 1296 u8 bw; 1297 u8 tx_streams; 1298 u8 rx_streams_mask; 1299 u8 switch_reason; 1300 u8 band_idx; 1301 /* for 80+80 only */ 1302 u8 center_chan2; 1303 __le16 cac_case; 1304 u8 channel_band; 1305 u8 rsv0; 1306 __le32 outband_freq; 1307 u8 txpower_drop; 1308 u8 rsv1[3]; 1309 u8 txpower_sku[53]; 1310 u8 rsv2[3]; 1311 } req = {0}; 1312 struct sk_buff *skb; 1313 int ret; 1314 1315 req.control_chan = chdef->chan->hw_value; 1316 req.center_chan = ieee80211_frequency_to_channel(chdef->center_freq1); 1317 req.tx_streams = (dev->mt76.chainmask >> 8) & 0xf; 1318 req.rx_streams_mask = dev->mt76.antenna_mask; 1319 req.switch_reason = CH_SWITCH_NORMAL; 1320 req.band_idx = 0; 1321 req.center_chan2 = ieee80211_frequency_to_channel(chdef->center_freq2); 1322 req.txpower_drop = 0; 1323 1324 switch (dev->mt76.chandef.width) { 1325 case NL80211_CHAN_WIDTH_40: 1326 req.bw = CMD_CBW_40MHZ; 1327 break; 1328 case NL80211_CHAN_WIDTH_80: 1329 req.bw = CMD_CBW_80MHZ; 1330 break; 1331 case NL80211_CHAN_WIDTH_80P80: 1332 req.bw = CMD_CBW_8080MHZ; 1333 break; 1334 case NL80211_CHAN_WIDTH_160: 1335 req.bw = CMD_CBW_160MHZ; 1336 break; 1337 case NL80211_CHAN_WIDTH_5: 1338 req.bw = CMD_CBW_5MHZ; 1339 break; 1340 case NL80211_CHAN_WIDTH_10: 1341 req.bw = CMD_CBW_10MHZ; 1342 break; 1343 case NL80211_CHAN_WIDTH_20_NOHT: 1344 case NL80211_CHAN_WIDTH_20: 1345 default: 1346 req.bw = CMD_CBW_20MHZ; 1347 } 1348 1349 memset(req.txpower_sku, 0x3f, 49); 1350 1351 skb = mt7615_mcu_msg_alloc(&req, sizeof(req)); 1352 ret = mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_CHANNEL_SWITCH, 1353 MCU_Q_SET, MCU_S2D_H2N, NULL); 1354 if (ret) 1355 return ret; 1356 1357 skb = mt7615_mcu_msg_alloc(&req, sizeof(req)); 1358 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_SET_RX_PATH, 1359 MCU_Q_SET, MCU_S2D_H2N, NULL); 1360 } 1361 1362 int mt7615_mcu_set_ht_cap(struct mt7615_dev *dev, struct ieee80211_vif *vif, 1363 struct ieee80211_sta *sta) 1364 { 1365 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv; 1366 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv; 1367 struct wtbl_ht *wtbl_ht; 1368 struct wtbl_raw *wtbl_raw; 1369 struct sta_rec_ht *sta_rec_ht; 1370 int buf_len, ret; 1371 u32 msk, val = 0; 1372 u8 *buf; 1373 1374 buf = kzalloc(MT7615_WTBL_UPDATE_MAX_SIZE, GFP_KERNEL); 1375 if (!buf) 1376 return -ENOMEM; 1377 1378 /* ht basic */ 1379 buf_len = sizeof(*wtbl_ht); 1380 wtbl_ht = (struct wtbl_ht *)buf; 1381 wtbl_ht->tag = cpu_to_le16(WTBL_HT); 1382 wtbl_ht->len = cpu_to_le16(sizeof(*wtbl_ht)); 1383 wtbl_ht->ht = 1; 1384 wtbl_ht->ldpc = sta->ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING; 1385 wtbl_ht->af = sta->ht_cap.ampdu_factor; 1386 wtbl_ht->mm = sta->ht_cap.ampdu_density; 1387 1388 if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20) 1389 val |= MT_WTBL_W5_SHORT_GI_20; 1390 if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40) 1391 val |= MT_WTBL_W5_SHORT_GI_40; 1392 1393 /* vht basic */ 1394 if (sta->vht_cap.vht_supported) { 1395 struct wtbl_vht *wtbl_vht; 1396 1397 wtbl_vht = (struct wtbl_vht *)(buf + buf_len); 1398 buf_len += sizeof(*wtbl_vht); 1399 wtbl_vht->tag = cpu_to_le16(WTBL_VHT); 1400 wtbl_vht->len = cpu_to_le16(sizeof(*wtbl_vht)); 1401 wtbl_vht->ldpc = sta->vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC; 1402 wtbl_vht->vht = 1; 1403 1404 if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80) 1405 val |= MT_WTBL_W5_SHORT_GI_80; 1406 if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160) 1407 val |= MT_WTBL_W5_SHORT_GI_160; 1408 } 1409 1410 /* smps */ 1411 if (sta->smps_mode == IEEE80211_SMPS_DYNAMIC) { 1412 struct wtbl_smps *wtbl_smps; 1413 1414 wtbl_smps = (struct wtbl_smps *)(buf + buf_len); 1415 buf_len += sizeof(*wtbl_smps); 1416 wtbl_smps->tag = cpu_to_le16(WTBL_SMPS); 1417 wtbl_smps->len = cpu_to_le16(sizeof(*wtbl_smps)); 1418 wtbl_smps->smps = 1; 1419 } 1420 1421 /* sgi */ 1422 msk = MT_WTBL_W5_SHORT_GI_20 | MT_WTBL_W5_SHORT_GI_40 | 1423 MT_WTBL_W5_SHORT_GI_80 | MT_WTBL_W5_SHORT_GI_160; 1424 1425 wtbl_raw = (struct wtbl_raw *)(buf + buf_len); 1426 buf_len += sizeof(*wtbl_raw); 1427 wtbl_raw->tag = cpu_to_le16(WTBL_RAW_DATA); 1428 wtbl_raw->len = cpu_to_le16(sizeof(*wtbl_raw)); 1429 wtbl_raw->wtbl_idx = 1; 1430 wtbl_raw->dw = 5; 1431 wtbl_raw->msk = cpu_to_le32(~msk); 1432 wtbl_raw->val = cpu_to_le32(val); 1433 1434 ret = __mt7615_mcu_set_wtbl(dev, msta->wcid.idx, WTBL_SET, buf, 1435 buf_len); 1436 if (ret) { 1437 kfree(buf); 1438 return ret; 1439 } 1440 1441 memset(buf, 0, MT7615_WTBL_UPDATE_MAX_SIZE); 1442 1443 buf_len = sizeof(*sta_rec_ht); 1444 sta_rec_ht = (struct sta_rec_ht *)buf; 1445 sta_rec_ht->tag = cpu_to_le16(STA_REC_HT); 1446 sta_rec_ht->len = cpu_to_le16(sizeof(*sta_rec_ht)); 1447 sta_rec_ht->ht_cap = cpu_to_le16(sta->ht_cap.cap); 1448 1449 if (sta->vht_cap.vht_supported) { 1450 struct sta_rec_vht *sta_rec_vht; 1451 1452 sta_rec_vht = (struct sta_rec_vht *)(buf + buf_len); 1453 buf_len += sizeof(*sta_rec_vht); 1454 sta_rec_vht->tag = cpu_to_le16(STA_REC_VHT); 1455 sta_rec_vht->len = cpu_to_le16(sizeof(*sta_rec_vht)); 1456 sta_rec_vht->vht_cap = cpu_to_le32(sta->vht_cap.cap); 1457 sta_rec_vht->vht_rx_mcs_map = 1458 cpu_to_le16(sta->vht_cap.vht_mcs.rx_mcs_map); 1459 sta_rec_vht->vht_tx_mcs_map = 1460 cpu_to_le16(sta->vht_cap.vht_mcs.tx_mcs_map); 1461 } 1462 1463 ret = __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx, 1464 mvif->omac_idx, buf, buf_len); 1465 kfree(buf); 1466 return ret; 1467 } 1468 1469 int mt7615_mcu_set_tx_ba(struct mt7615_dev *dev, 1470 struct ieee80211_ampdu_params *params, 1471 bool add) 1472 { 1473 struct ieee80211_sta *sta = params->sta; 1474 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv; 1475 struct mt7615_vif *mvif = msta->vif; 1476 u8 ba_range[8] = {4, 8, 12, 24, 36, 48, 54, 64}; 1477 u16 tid = params->tid; 1478 u16 ba_size = params->buf_size; 1479 u16 ssn = params->ssn; 1480 struct wtbl_ba wtbl_ba = {0}; 1481 struct sta_rec_ba sta_rec_ba = {0}; 1482 int ret, buf_len; 1483 1484 buf_len = sizeof(struct wtbl_ba); 1485 1486 wtbl_ba.tag = cpu_to_le16(WTBL_BA); 1487 wtbl_ba.len = cpu_to_le16(buf_len); 1488 wtbl_ba.tid = tid; 1489 wtbl_ba.ba_type = MT_BA_TYPE_ORIGINATOR; 1490 1491 if (add) { 1492 u8 idx; 1493 1494 for (idx = 7; idx > 0; idx--) { 1495 if (ba_size >= ba_range[idx]) 1496 break; 1497 } 1498 1499 wtbl_ba.sn = cpu_to_le16(ssn); 1500 wtbl_ba.ba_en = 1; 1501 wtbl_ba.ba_winsize_idx = idx; 1502 } 1503 1504 ret = __mt7615_mcu_set_wtbl(dev, msta->wcid.idx, WTBL_SET, &wtbl_ba, 1505 buf_len); 1506 if (ret) 1507 return ret; 1508 1509 buf_len = sizeof(struct sta_rec_ba); 1510 1511 sta_rec_ba.tag = cpu_to_le16(STA_REC_BA); 1512 sta_rec_ba.len = cpu_to_le16(buf_len); 1513 sta_rec_ba.tid = tid; 1514 sta_rec_ba.ba_type = MT_BA_TYPE_ORIGINATOR; 1515 sta_rec_ba.amsdu = params->amsdu; 1516 sta_rec_ba.ba_en = add << tid; 1517 sta_rec_ba.ssn = cpu_to_le16(ssn); 1518 sta_rec_ba.winsize = cpu_to_le16(ba_size); 1519 1520 return __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx, 1521 mvif->omac_idx, &sta_rec_ba, buf_len); 1522 } 1523 1524 int mt7615_mcu_set_rx_ba(struct mt7615_dev *dev, 1525 struct ieee80211_ampdu_params *params, 1526 bool add) 1527 { 1528 struct ieee80211_sta *sta = params->sta; 1529 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv; 1530 struct mt7615_vif *mvif = msta->vif; 1531 u16 tid = params->tid; 1532 struct wtbl_ba wtbl_ba = {0}; 1533 struct sta_rec_ba sta_rec_ba = {0}; 1534 int ret, buf_len; 1535 1536 buf_len = sizeof(struct sta_rec_ba); 1537 1538 sta_rec_ba.tag = cpu_to_le16(STA_REC_BA); 1539 sta_rec_ba.len = cpu_to_le16(buf_len); 1540 sta_rec_ba.tid = tid; 1541 sta_rec_ba.ba_type = MT_BA_TYPE_RECIPIENT; 1542 sta_rec_ba.amsdu = params->amsdu; 1543 sta_rec_ba.ba_en = add << tid; 1544 sta_rec_ba.ssn = cpu_to_le16(params->ssn); 1545 sta_rec_ba.winsize = cpu_to_le16(params->buf_size); 1546 1547 ret = __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx, 1548 mvif->omac_idx, &sta_rec_ba, buf_len); 1549 if (ret || !add) 1550 return ret; 1551 1552 buf_len = sizeof(struct wtbl_ba); 1553 1554 wtbl_ba.tag = cpu_to_le16(WTBL_BA); 1555 wtbl_ba.len = cpu_to_le16(buf_len); 1556 wtbl_ba.tid = tid; 1557 wtbl_ba.ba_type = MT_BA_TYPE_RECIPIENT; 1558 memcpy(wtbl_ba.peer_addr, sta->addr, ETH_ALEN); 1559 wtbl_ba.rst_ba_tid = tid; 1560 wtbl_ba.rst_ba_sel = RST_BA_MAC_TID_MATCH; 1561 wtbl_ba.rst_ba_sb = 1; 1562 1563 return __mt7615_mcu_set_wtbl(dev, msta->wcid.idx, WTBL_SET, 1564 &wtbl_ba, buf_len); 1565 } 1566 1567 void mt7615_mcu_set_rates(struct mt7615_dev *dev, struct mt7615_sta *sta, 1568 struct ieee80211_tx_rate *probe_rate, 1569 struct ieee80211_tx_rate *rates) 1570 { 1571 int wcid = sta->wcid.idx; 1572 u32 addr = MT_WTBL_BASE + wcid * MT_WTBL_ENTRY_SIZE; 1573 bool stbc = false; 1574 int n_rates = sta->n_rates; 1575 u8 bw, bw_prev, bw_idx = 0; 1576 u16 val[4]; 1577 u16 probe_val; 1578 u32 w5, w27; 1579 int i; 1580 1581 if (!mt76_poll(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_BUSY, 0, 5000)) 1582 return; 1583 1584 for (i = n_rates; i < 4; i++) 1585 rates[i] = rates[n_rates - 1]; 1586 1587 val[0] = mt7615_mac_tx_rate_val(dev, &rates[0], stbc, &bw); 1588 bw_prev = bw; 1589 1590 if (probe_rate) { 1591 probe_val = mt7615_mac_tx_rate_val(dev, probe_rate, stbc, &bw); 1592 if (bw) 1593 bw_idx = 1; 1594 else 1595 bw_prev = 0; 1596 } else { 1597 probe_val = val[0]; 1598 } 1599 1600 val[1] = mt7615_mac_tx_rate_val(dev, &rates[1], stbc, &bw); 1601 if (bw_prev) { 1602 bw_idx = 3; 1603 bw_prev = bw; 1604 } 1605 1606 val[2] = mt7615_mac_tx_rate_val(dev, &rates[2], stbc, &bw); 1607 if (bw_prev) { 1608 bw_idx = 5; 1609 bw_prev = bw; 1610 } 1611 1612 val[3] = mt7615_mac_tx_rate_val(dev, &rates[3], stbc, &bw); 1613 if (bw_prev) 1614 bw_idx = 7; 1615 1616 w27 = mt76_rr(dev, addr + 27 * 4); 1617 w27 &= ~MT_WTBL_W27_CC_BW_SEL; 1618 w27 |= FIELD_PREP(MT_WTBL_W27_CC_BW_SEL, bw); 1619 1620 w5 = mt76_rr(dev, addr + 5 * 4); 1621 w5 &= ~(MT_WTBL_W5_BW_CAP | MT_WTBL_W5_CHANGE_BW_RATE); 1622 w5 |= FIELD_PREP(MT_WTBL_W5_BW_CAP, bw) | 1623 FIELD_PREP(MT_WTBL_W5_CHANGE_BW_RATE, bw_idx ? bw_idx - 1 : 7); 1624 1625 mt76_wr(dev, MT_WTBL_RIUCR0, w5); 1626 1627 mt76_wr(dev, MT_WTBL_RIUCR1, 1628 FIELD_PREP(MT_WTBL_RIUCR1_RATE0, probe_val) | 1629 FIELD_PREP(MT_WTBL_RIUCR1_RATE1, val[0]) | 1630 FIELD_PREP(MT_WTBL_RIUCR1_RATE2_LO, val[0])); 1631 1632 mt76_wr(dev, MT_WTBL_RIUCR2, 1633 FIELD_PREP(MT_WTBL_RIUCR2_RATE2_HI, val[0] >> 8) | 1634 FIELD_PREP(MT_WTBL_RIUCR2_RATE3, val[1]) | 1635 FIELD_PREP(MT_WTBL_RIUCR2_RATE4, val[1]) | 1636 FIELD_PREP(MT_WTBL_RIUCR2_RATE5_LO, val[2])); 1637 1638 mt76_wr(dev, MT_WTBL_RIUCR3, 1639 FIELD_PREP(MT_WTBL_RIUCR3_RATE5_HI, val[2] >> 4) | 1640 FIELD_PREP(MT_WTBL_RIUCR3_RATE6, val[2]) | 1641 FIELD_PREP(MT_WTBL_RIUCR3_RATE7, val[3])); 1642 1643 mt76_wr(dev, MT_WTBL_UPDATE, 1644 FIELD_PREP(MT_WTBL_UPDATE_WLAN_IDX, wcid) | 1645 MT_WTBL_UPDATE_RATE_UPDATE | 1646 MT_WTBL_UPDATE_TX_COUNT_CLEAR); 1647 1648 mt76_wr(dev, addr + 27 * 4, w27); 1649 1650 if (!(sta->wcid.tx_info & MT_WCID_TX_INFO_SET)) 1651 mt76_poll(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_BUSY, 0, 5000); 1652 1653 sta->rate_count = 2 * MT7615_RATE_RETRY * n_rates; 1654 sta->wcid.tx_info |= MT_WCID_TX_INFO_SET; 1655 } 1656