1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2019 MediaTek Inc.
3  *
4  * Author: Roy Luo <royluo@google.com>
5  *         Ryder Lee <ryder.lee@mediatek.com>
6  */
7 
8 #include <linux/firmware.h>
9 #include "mt7615.h"
10 #include "mcu.h"
11 #include "mac.h"
12 #include "eeprom.h"
13 
14 static bool prefer_offload_fw = true;
15 module_param(prefer_offload_fw, bool, 0644);
16 MODULE_PARM_DESC(prefer_offload_fw,
17 		 "Prefer client mode offload firmware (MT7663)");
18 
19 struct mt7615_patch_hdr {
20 	char build_date[16];
21 	char platform[4];
22 	__be32 hw_sw_ver;
23 	__be32 patch_ver;
24 	__be16 checksum;
25 } __packed;
26 
27 struct mt7615_fw_trailer {
28 	__le32 addr;
29 	u8 chip_id;
30 	u8 feature_set;
31 	u8 eco_code;
32 	char fw_ver[10];
33 	char build_date[15];
34 	__le32 len;
35 } __packed;
36 
37 #define FW_V3_COMMON_TAILER_SIZE	36
38 #define FW_V3_REGION_TAILER_SIZE	40
39 #define FW_START_OVERRIDE		BIT(0)
40 #define FW_START_DLYCAL                 BIT(1)
41 #define FW_START_WORKING_PDA_CR4	BIT(2)
42 
43 struct mt7663_fw_trailer {
44 	u8 chip_id;
45 	u8 eco_code;
46 	u8 n_region;
47 	u8 format_ver;
48 	u8 format_flag;
49 	u8 reserv[2];
50 	char fw_ver[10];
51 	char build_date[15];
52 	__le32 crc;
53 } __packed;
54 
55 struct mt7663_fw_buf {
56 	__le32 crc;
57 	__le32 d_img_size;
58 	__le32 block_size;
59 	u8 rsv[4];
60 	__le32 img_dest_addr;
61 	__le32 img_size;
62 	u8 feature_set;
63 };
64 
65 #define MT7615_PATCH_ADDRESS		0x80000
66 #define MT7622_PATCH_ADDRESS		0x9c000
67 #define MT7663_PATCH_ADDRESS		0xdc000
68 
69 #define N9_REGION_NUM			2
70 #define CR4_REGION_NUM			1
71 
72 #define IMG_CRC_LEN			4
73 
74 #define FW_FEATURE_SET_ENCRYPT		BIT(0)
75 #define FW_FEATURE_SET_KEY_IDX		GENMASK(2, 1)
76 
77 #define DL_MODE_ENCRYPT			BIT(0)
78 #define DL_MODE_KEY_IDX			GENMASK(2, 1)
79 #define DL_MODE_RESET_SEC_IV		BIT(3)
80 #define DL_MODE_WORKING_PDA_CR4		BIT(4)
81 #define DL_MODE_VALID_RAM_ENTRY         BIT(5)
82 #define DL_MODE_NEED_RSP		BIT(31)
83 
84 #define FW_START_OVERRIDE		BIT(0)
85 #define FW_START_WORKING_PDA_CR4	BIT(2)
86 
87 void mt7615_mcu_fill_msg(struct mt7615_dev *dev, struct sk_buff *skb,
88 			 int cmd, int *wait_seq)
89 {
90 	int txd_len, mcu_cmd = cmd & MCU_CMD_MASK;
91 	struct mt7615_uni_txd *uni_txd;
92 	struct mt7615_mcu_txd *mcu_txd;
93 	u8 seq, q_idx, pkt_fmt;
94 	__le32 *txd;
95 	u32 val;
96 
97 	seq = ++dev->mt76.mcu.msg_seq & 0xf;
98 	if (!seq)
99 		seq = ++dev->mt76.mcu.msg_seq & 0xf;
100 	if (wait_seq)
101 		*wait_seq = seq;
102 
103 	txd_len = cmd & MCU_UNI_PREFIX ? sizeof(*uni_txd) : sizeof(*mcu_txd);
104 	txd = (__le32 *)skb_push(skb, txd_len);
105 
106 	if (cmd != MCU_CMD_FW_SCATTER) {
107 		q_idx = MT_TX_MCU_PORT_RX_Q0;
108 		pkt_fmt = MT_TX_TYPE_CMD;
109 	} else {
110 		q_idx = MT_TX_MCU_PORT_RX_FWDL;
111 		pkt_fmt = MT_TX_TYPE_FW;
112 	}
113 
114 	val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len) |
115 	      FIELD_PREP(MT_TXD0_P_IDX, MT_TX_PORT_IDX_MCU) |
116 	      FIELD_PREP(MT_TXD0_Q_IDX, q_idx);
117 	txd[0] = cpu_to_le32(val);
118 
119 	val = MT_TXD1_LONG_FORMAT |
120 	      FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD) |
121 	      FIELD_PREP(MT_TXD1_PKT_FMT, pkt_fmt);
122 	txd[1] = cpu_to_le32(val);
123 
124 	if (cmd & MCU_UNI_PREFIX) {
125 		uni_txd = (struct mt7615_uni_txd *)txd;
126 		uni_txd->len = cpu_to_le16(skb->len - sizeof(uni_txd->txd));
127 		uni_txd->option = MCU_CMD_UNI_EXT_ACK;
128 		uni_txd->cid = cpu_to_le16(mcu_cmd);
129 		uni_txd->s2d_index = MCU_S2D_H2N;
130 		uni_txd->pkt_type = MCU_PKT_ID;
131 		uni_txd->seq = seq;
132 
133 		return;
134 	}
135 
136 	mcu_txd = (struct mt7615_mcu_txd *)txd;
137 	mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
138 	mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU, q_idx));
139 	mcu_txd->s2d_index = MCU_S2D_H2N;
140 	mcu_txd->pkt_type = MCU_PKT_ID;
141 	mcu_txd->seq = seq;
142 
143 	switch (cmd & ~MCU_CMD_MASK) {
144 	case MCU_FW_PREFIX:
145 		mcu_txd->set_query = MCU_Q_NA;
146 		mcu_txd->cid = mcu_cmd;
147 		break;
148 	case MCU_CE_PREFIX:
149 		if (cmd & MCU_QUERY_MASK)
150 			mcu_txd->set_query = MCU_Q_QUERY;
151 		else
152 			mcu_txd->set_query = MCU_Q_SET;
153 		mcu_txd->cid = mcu_cmd;
154 		break;
155 	default:
156 		mcu_txd->cid = MCU_CMD_EXT_CID;
157 		if (cmd & MCU_QUERY_PREFIX)
158 			mcu_txd->set_query = MCU_Q_QUERY;
159 		else
160 			mcu_txd->set_query = MCU_Q_SET;
161 		mcu_txd->ext_cid = mcu_cmd;
162 		mcu_txd->ext_cid_ack = 1;
163 		break;
164 	}
165 }
166 EXPORT_SYMBOL_GPL(mt7615_mcu_fill_msg);
167 
168 static int __mt7615_mcu_msg_send(struct mt7615_dev *dev, struct sk_buff *skb,
169 				 int cmd, int *wait_seq)
170 {
171 	enum mt76_txq_id qid;
172 
173 	mt7615_mcu_fill_msg(dev, skb, cmd, wait_seq);
174 	if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state))
175 		qid = MT_TXQ_MCU;
176 	else
177 		qid = MT_TXQ_FWDL;
178 
179 	return mt76_tx_queue_skb_raw(dev, qid, skb, 0);
180 }
181 
182 static int
183 mt7615_mcu_parse_response(struct mt7615_dev *dev, int cmd,
184 			  struct sk_buff *skb, int seq)
185 {
186 	struct mt7615_mcu_rxd *rxd = (struct mt7615_mcu_rxd *)skb->data;
187 	int ret = 0;
188 
189 	if (seq != rxd->seq) {
190 		ret = -EAGAIN;
191 		goto out;
192 	}
193 
194 	switch (cmd) {
195 	case MCU_CMD_PATCH_SEM_CONTROL:
196 		skb_pull(skb, sizeof(*rxd) - 4);
197 		ret = *skb->data;
198 		break;
199 	case MCU_EXT_CMD_GET_TEMP:
200 		skb_pull(skb, sizeof(*rxd));
201 		ret = le32_to_cpu(*(__le32 *)skb->data);
202 		break;
203 	case MCU_EXT_CMD_RF_REG_ACCESS | MCU_QUERY_PREFIX:
204 		skb_pull(skb, sizeof(*rxd));
205 		ret = le32_to_cpu(*(__le32 *)&skb->data[8]);
206 		break;
207 	case MCU_UNI_CMD_DEV_INFO_UPDATE:
208 	case MCU_UNI_CMD_BSS_INFO_UPDATE:
209 	case MCU_UNI_CMD_STA_REC_UPDATE:
210 	case MCU_UNI_CMD_HIF_CTRL:
211 	case MCU_UNI_CMD_OFFLOAD:
212 	case MCU_UNI_CMD_SUSPEND: {
213 		struct mt7615_mcu_uni_event *event;
214 
215 		skb_pull(skb, sizeof(*rxd));
216 		event = (struct mt7615_mcu_uni_event *)skb->data;
217 		ret = le32_to_cpu(event->status);
218 		break;
219 	}
220 	case MCU_CMD_REG_READ: {
221 		struct mt7615_mcu_reg_event *event;
222 
223 		skb_pull(skb, sizeof(*rxd));
224 		event = (struct mt7615_mcu_reg_event *)skb->data;
225 		ret = (int)le32_to_cpu(event->val);
226 		break;
227 	}
228 	default:
229 		break;
230 	}
231 out:
232 	dev_kfree_skb(skb);
233 
234 	return ret;
235 }
236 
237 int mt7615_mcu_wait_response(struct mt7615_dev *dev, int cmd, int seq)
238 {
239 	unsigned long expires = jiffies + 20 * HZ;
240 	struct sk_buff *skb;
241 	int ret = 0;
242 
243 	while (true) {
244 		skb = mt76_mcu_get_response(&dev->mt76, expires);
245 		if (!skb) {
246 			dev_err(dev->mt76.dev, "Message %ld (seq %d) timeout\n",
247 				cmd & MCU_CMD_MASK, seq);
248 			return -ETIMEDOUT;
249 		}
250 
251 		ret = mt7615_mcu_parse_response(dev, cmd, skb, seq);
252 		if (ret != -EAGAIN)
253 			break;
254 	}
255 
256 	return ret;
257 }
258 EXPORT_SYMBOL_GPL(mt7615_mcu_wait_response);
259 
260 static int
261 mt7615_mcu_send_message(struct mt76_dev *mdev, struct sk_buff *skb,
262 			int cmd, bool wait_resp)
263 {
264 	struct mt7615_dev *dev = container_of(mdev, struct mt7615_dev, mt76);
265 	int ret, seq;
266 
267 	mutex_lock(&mdev->mcu.mutex);
268 
269 	ret = __mt7615_mcu_msg_send(dev, skb, cmd, &seq);
270 	if (ret)
271 		goto out;
272 
273 	if (wait_resp)
274 		ret = mt7615_mcu_wait_response(dev, cmd, seq);
275 
276 out:
277 	mutex_unlock(&mdev->mcu.mutex);
278 
279 	return ret;
280 }
281 
282 int mt7615_mcu_msg_send(struct mt76_dev *mdev, int cmd, const void *data,
283 			int len, bool wait_resp)
284 {
285 	struct sk_buff *skb;
286 
287 	skb = mt76_mcu_msg_alloc(mdev, data, len);
288 	if (!skb)
289 		return -ENOMEM;
290 
291 	return __mt76_mcu_skb_send_msg(mdev, skb, cmd, wait_resp);
292 }
293 EXPORT_SYMBOL_GPL(mt7615_mcu_msg_send);
294 
295 u32 mt7615_rf_rr(struct mt7615_dev *dev, u32 wf, u32 reg)
296 {
297 	struct {
298 		__le32 wifi_stream;
299 		__le32 address;
300 		__le32 data;
301 	} req = {
302 		.wifi_stream = cpu_to_le32(wf),
303 		.address = cpu_to_le32(reg),
304 	};
305 
306 	return __mt76_mcu_send_msg(&dev->mt76,
307 				   MCU_EXT_CMD_RF_REG_ACCESS | MCU_QUERY_PREFIX,
308 				   &req, sizeof(req), true);
309 }
310 
311 int mt7615_rf_wr(struct mt7615_dev *dev, u32 wf, u32 reg, u32 val)
312 {
313 	struct {
314 		__le32 wifi_stream;
315 		__le32 address;
316 		__le32 data;
317 	} req = {
318 		.wifi_stream = cpu_to_le32(wf),
319 		.address = cpu_to_le32(reg),
320 		.data = cpu_to_le32(val),
321 	};
322 
323 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_RF_REG_ACCESS, &req,
324 				   sizeof(req), false);
325 }
326 
327 static void mt7622_trigger_hif_int(struct mt7615_dev *dev, bool en)
328 {
329 	if (!is_mt7622(&dev->mt76))
330 		return;
331 
332 	regmap_update_bits(dev->infracfg, MT_INFRACFG_MISC,
333 			   MT_INFRACFG_MISC_AP2CONN_WAKE,
334 			   !en * MT_INFRACFG_MISC_AP2CONN_WAKE);
335 }
336 
337 static int mt7615_mcu_drv_pmctrl(struct mt7615_dev *dev)
338 {
339 	struct mt76_phy *mphy = &dev->mt76.phy;
340 	struct mt76_dev *mdev = &dev->mt76;
341 	u32 addr;
342 	int err;
343 
344 	addr = is_mt7663(mdev) ? MT_PCIE_DOORBELL_PUSH : MT_CFG_LPCR_HOST;
345 	mt76_wr(dev, addr, MT_CFG_LPCR_HOST_DRV_OWN);
346 
347 	mt7622_trigger_hif_int(dev, true);
348 
349 	addr = is_mt7663(mdev) ? MT_CONN_HIF_ON_LPCTL : MT_CFG_LPCR_HOST;
350 	err = !mt76_poll_msec(dev, addr, MT_CFG_LPCR_HOST_FW_OWN, 0, 3000);
351 
352 	mt7622_trigger_hif_int(dev, false);
353 
354 	if (err) {
355 		dev_err(mdev->dev, "driver own failed\n");
356 		return -ETIMEDOUT;
357 	}
358 
359 	clear_bit(MT76_STATE_PM, &mphy->state);
360 
361 	return 0;
362 }
363 
364 static int mt7615_mcu_lp_drv_pmctrl(struct mt7615_dev *dev)
365 {
366 	struct mt76_phy *mphy = &dev->mt76.phy;
367 	int i;
368 
369 	if (!test_and_clear_bit(MT76_STATE_PM, &mphy->state))
370 		goto out;
371 
372 	for (i = 0; i < MT7615_DRV_OWN_RETRY_COUNT; i++) {
373 		mt76_wr(dev, MT_PCIE_DOORBELL_PUSH, MT_CFG_LPCR_HOST_DRV_OWN);
374 		if (mt76_poll_msec(dev, MT_CONN_HIF_ON_LPCTL,
375 				   MT_CFG_LPCR_HOST_FW_OWN, 0, 50))
376 			break;
377 	}
378 
379 	if (i == MT7615_DRV_OWN_RETRY_COUNT) {
380 		dev_err(dev->mt76.dev, "driver own failed\n");
381 		set_bit(MT76_STATE_PM, &mphy->state);
382 		return -EIO;
383 	}
384 
385 out:
386 	dev->pm.last_activity = jiffies;
387 
388 	return 0;
389 }
390 
391 static int mt7615_mcu_fw_pmctrl(struct mt7615_dev *dev)
392 {
393 	struct mt76_phy *mphy = &dev->mt76.phy;
394 	int err = 0;
395 	u32 addr;
396 
397 	if (test_and_set_bit(MT76_STATE_PM, &mphy->state))
398 		return 0;
399 
400 	mt7622_trigger_hif_int(dev, true);
401 
402 	addr = is_mt7663(&dev->mt76) ? MT_CONN_HIF_ON_LPCTL : MT_CFG_LPCR_HOST;
403 	mt76_wr(dev, addr, MT_CFG_LPCR_HOST_FW_OWN);
404 
405 	if (is_mt7622(&dev->mt76) &&
406 	    !mt76_poll_msec(dev, addr, MT_CFG_LPCR_HOST_FW_OWN,
407 			    MT_CFG_LPCR_HOST_FW_OWN, 3000)) {
408 		dev_err(dev->mt76.dev, "Timeout for firmware own\n");
409 		clear_bit(MT76_STATE_PM, &mphy->state);
410 		err = -EIO;
411 	}
412 
413 	mt7622_trigger_hif_int(dev, false);
414 
415 	return err;
416 }
417 
418 static void
419 mt7615_mcu_csa_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
420 {
421 	if (vif->csa_active)
422 		ieee80211_csa_finish(vif);
423 }
424 
425 static void
426 mt7615_mcu_rx_radar_detected(struct mt7615_dev *dev, struct sk_buff *skb)
427 {
428 	struct mt76_phy *mphy = &dev->mt76.phy;
429 	struct mt7615_mcu_rdd_report *r;
430 
431 	r = (struct mt7615_mcu_rdd_report *)skb->data;
432 
433 	if (r->idx && dev->mt76.phy2)
434 		mphy = dev->mt76.phy2;
435 
436 	ieee80211_radar_detected(mphy->hw);
437 	dev->hw_pattern++;
438 }
439 
440 static void
441 mt7615_mcu_rx_log_message(struct mt7615_dev *dev, struct sk_buff *skb)
442 {
443 	struct mt7615_mcu_rxd *rxd = (struct mt7615_mcu_rxd *)skb->data;
444 	const char *data = (char *)&rxd[1];
445 	const char *type;
446 
447 	switch (rxd->s2d_index) {
448 	case 0:
449 		type = "N9";
450 		break;
451 	case 2:
452 		type = "CR4";
453 		break;
454 	default:
455 		type = "unknown";
456 		break;
457 	}
458 
459 	wiphy_info(mt76_hw(dev)->wiphy, "%s: %s", type, data);
460 }
461 
462 static void
463 mt7615_mcu_rx_ext_event(struct mt7615_dev *dev, struct sk_buff *skb)
464 {
465 	struct mt7615_mcu_rxd *rxd = (struct mt7615_mcu_rxd *)skb->data;
466 
467 	switch (rxd->ext_eid) {
468 	case MCU_EXT_EVENT_RDD_REPORT:
469 		mt7615_mcu_rx_radar_detected(dev, skb);
470 		break;
471 	case MCU_EXT_EVENT_CSA_NOTIFY:
472 		ieee80211_iterate_active_interfaces_atomic(dev->mt76.hw,
473 				IEEE80211_IFACE_ITER_RESUME_ALL,
474 				mt7615_mcu_csa_finish, dev);
475 		break;
476 	case MCU_EXT_EVENT_FW_LOG_2_HOST:
477 		mt7615_mcu_rx_log_message(dev, skb);
478 		break;
479 	default:
480 		break;
481 	}
482 }
483 
484 static void
485 mt7615_mcu_scan_event(struct mt7615_dev *dev, struct sk_buff *skb)
486 {
487 	u8 *seq_num = skb->data + sizeof(struct mt7615_mcu_rxd);
488 	struct mt7615_phy *phy;
489 	struct mt76_phy *mphy;
490 
491 	if (*seq_num & BIT(7) && dev->mt76.phy2)
492 		mphy = dev->mt76.phy2;
493 	else
494 		mphy = &dev->mt76.phy;
495 
496 	phy = (struct mt7615_phy *)mphy->priv;
497 
498 	spin_lock_bh(&dev->mt76.lock);
499 	__skb_queue_tail(&phy->scan_event_list, skb);
500 	spin_unlock_bh(&dev->mt76.lock);
501 
502 	ieee80211_queue_delayed_work(mphy->hw, &phy->scan_work,
503 				     MT7615_HW_SCAN_TIMEOUT);
504 }
505 
506 static void
507 mt7615_mcu_roc_event(struct mt7615_dev *dev, struct sk_buff *skb)
508 {
509 	struct mt7615_roc_tlv *event;
510 	struct mt7615_phy *phy;
511 	struct mt76_phy *mphy;
512 	int duration;
513 
514 	skb_pull(skb, sizeof(struct mt7615_mcu_rxd));
515 	event = (struct mt7615_roc_tlv *)skb->data;
516 
517 	if (event->dbdc_band && dev->mt76.phy2)
518 		mphy = dev->mt76.phy2;
519 	else
520 		mphy = &dev->mt76.phy;
521 
522 	ieee80211_ready_on_channel(mphy->hw);
523 
524 	phy = (struct mt7615_phy *)mphy->priv;
525 	phy->roc_grant = true;
526 	wake_up(&phy->roc_wait);
527 
528 	duration = le32_to_cpu(event->max_interval);
529 	mod_timer(&phy->roc_timer,
530 		  round_jiffies_up(jiffies + msecs_to_jiffies(duration)));
531 }
532 
533 static void
534 mt7615_mcu_beacon_loss_iter(void *priv, u8 *mac, struct ieee80211_vif *vif)
535 {
536 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
537 	struct mt7615_beacon_loss_event *event = priv;
538 
539 	if (mvif->idx != event->bss_idx)
540 		return;
541 
542 	if (!(vif->driver_flags & IEEE80211_VIF_BEACON_FILTER))
543 		return;
544 
545 	ieee80211_beacon_loss(vif);
546 }
547 
548 static void
549 mt7615_mcu_beacon_loss_event(struct mt7615_dev *dev, struct sk_buff *skb)
550 {
551 	struct mt7615_beacon_loss_event *event;
552 	struct mt76_phy *mphy;
553 	u8 band_idx = 0; /* DBDC support */
554 
555 	skb_pull(skb, sizeof(struct mt7615_mcu_rxd));
556 	event = (struct mt7615_beacon_loss_event *)skb->data;
557 	if (band_idx && dev->mt76.phy2)
558 		mphy = dev->mt76.phy2;
559 	else
560 		mphy = &dev->mt76.phy;
561 
562 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
563 					IEEE80211_IFACE_ITER_RESUME_ALL,
564 					mt7615_mcu_beacon_loss_iter, event);
565 }
566 
567 static void
568 mt7615_mcu_bss_event(struct mt7615_dev *dev, struct sk_buff *skb)
569 {
570 	struct mt7615_mcu_bss_event *event;
571 	struct mt76_phy *mphy;
572 	u8 band_idx = 0; /* DBDC support */
573 
574 	event = (struct mt7615_mcu_bss_event *)(skb->data +
575 						sizeof(struct mt7615_mcu_rxd));
576 
577 	if (band_idx && dev->mt76.phy2)
578 		mphy = dev->mt76.phy2;
579 	else
580 		mphy = &dev->mt76.phy;
581 
582 	if (event->is_absent)
583 		ieee80211_stop_queues(mphy->hw);
584 	else
585 		ieee80211_wake_queues(mphy->hw);
586 }
587 
588 static void
589 mt7615_mcu_rx_unsolicited_event(struct mt7615_dev *dev, struct sk_buff *skb)
590 {
591 	struct mt7615_mcu_rxd *rxd = (struct mt7615_mcu_rxd *)skb->data;
592 
593 	switch (rxd->eid) {
594 	case MCU_EVENT_EXT:
595 		mt7615_mcu_rx_ext_event(dev, skb);
596 		break;
597 	case MCU_EVENT_BSS_BEACON_LOSS:
598 		mt7615_mcu_beacon_loss_event(dev, skb);
599 		break;
600 	case MCU_EVENT_ROC:
601 		mt7615_mcu_roc_event(dev, skb);
602 		break;
603 	case MCU_EVENT_SCHED_SCAN_DONE:
604 	case MCU_EVENT_SCAN_DONE:
605 		mt7615_mcu_scan_event(dev, skb);
606 		return;
607 	case MCU_EVENT_BSS_ABSENCE:
608 		mt7615_mcu_bss_event(dev, skb);
609 		break;
610 	default:
611 		break;
612 	}
613 	dev_kfree_skb(skb);
614 }
615 
616 void mt7615_mcu_rx_event(struct mt7615_dev *dev, struct sk_buff *skb)
617 {
618 	struct mt7615_mcu_rxd *rxd = (struct mt7615_mcu_rxd *)skb->data;
619 
620 	if (rxd->ext_eid == MCU_EXT_EVENT_THERMAL_PROTECT ||
621 	    rxd->ext_eid == MCU_EXT_EVENT_FW_LOG_2_HOST ||
622 	    rxd->ext_eid == MCU_EXT_EVENT_ASSERT_DUMP ||
623 	    rxd->ext_eid == MCU_EXT_EVENT_PS_SYNC ||
624 	    rxd->eid == MCU_EVENT_BSS_BEACON_LOSS ||
625 	    rxd->eid == MCU_EVENT_SCHED_SCAN_DONE ||
626 	    rxd->eid == MCU_EVENT_BSS_ABSENCE ||
627 	    rxd->eid == MCU_EVENT_SCAN_DONE ||
628 	    rxd->eid == MCU_EVENT_ROC ||
629 	    !rxd->seq)
630 		mt7615_mcu_rx_unsolicited_event(dev, skb);
631 	else
632 		mt76_mcu_rx_event(&dev->mt76, skb);
633 }
634 
635 static int mt7615_mcu_init_download(struct mt7615_dev *dev, u32 addr,
636 				    u32 len, u32 mode)
637 {
638 	struct {
639 		__le32 addr;
640 		__le32 len;
641 		__le32 mode;
642 	} req = {
643 		.addr = cpu_to_le32(addr),
644 		.len = cpu_to_le32(len),
645 		.mode = cpu_to_le32(mode),
646 	};
647 
648 	return __mt76_mcu_send_msg(&dev->mt76, MCU_CMD_TARGET_ADDRESS_LEN_REQ,
649 				   &req, sizeof(req), true);
650 }
651 
652 static int
653 mt7615_mcu_add_dev(struct mt7615_dev *dev, struct ieee80211_vif *vif,
654 		   bool enable)
655 {
656 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
657 	struct {
658 		struct req_hdr {
659 			u8 omac_idx;
660 			u8 band_idx;
661 			__le16 tlv_num;
662 			u8 is_tlv_append;
663 			u8 rsv[3];
664 		} __packed hdr;
665 		struct req_tlv {
666 			__le16 tag;
667 			__le16 len;
668 			u8 active;
669 			u8 band_idx;
670 			u8 omac_addr[ETH_ALEN];
671 		} __packed tlv;
672 	} data = {
673 		.hdr = {
674 			.omac_idx = mvif->omac_idx,
675 			.band_idx = mvif->band_idx,
676 			.tlv_num = cpu_to_le16(1),
677 			.is_tlv_append = 1,
678 		},
679 		.tlv = {
680 			.tag = cpu_to_le16(DEV_INFO_ACTIVE),
681 			.len = cpu_to_le16(sizeof(struct req_tlv)),
682 			.active = enable,
683 			.band_idx = mvif->band_idx,
684 		},
685 	};
686 
687 	memcpy(data.tlv.omac_addr, vif->addr, ETH_ALEN);
688 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_DEV_INFO_UPDATE,
689 				   &data, sizeof(data), true);
690 }
691 
692 static int
693 mt7615_mcu_add_beacon_offload(struct mt7615_dev *dev,
694 			      struct ieee80211_hw *hw,
695 			      struct ieee80211_vif *vif, bool enable)
696 {
697 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
698 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
699 	struct ieee80211_mutable_offsets offs;
700 	struct ieee80211_tx_info *info;
701 	struct req {
702 		u8 omac_idx;
703 		u8 enable;
704 		u8 wlan_idx;
705 		u8 band_idx;
706 		u8 pkt_type;
707 		u8 need_pre_tbtt_int;
708 		__le16 csa_ie_pos;
709 		__le16 pkt_len;
710 		__le16 tim_ie_pos;
711 		u8 pkt[512];
712 		u8 csa_cnt;
713 		/* bss color change */
714 		u8 bcc_cnt;
715 		__le16 bcc_ie_pos;
716 	} __packed req = {
717 		.omac_idx = mvif->omac_idx,
718 		.enable = enable,
719 		.wlan_idx = wcid->idx,
720 		.band_idx = mvif->band_idx,
721 	};
722 	struct sk_buff *skb;
723 
724 	skb = ieee80211_beacon_get_template(hw, vif, &offs);
725 	if (!skb)
726 		return -EINVAL;
727 
728 	if (skb->len > 512 - MT_TXD_SIZE) {
729 		dev_err(dev->mt76.dev, "Bcn size limit exceed\n");
730 		dev_kfree_skb(skb);
731 		return -EINVAL;
732 	}
733 
734 	if (mvif->band_idx) {
735 		info = IEEE80211_SKB_CB(skb);
736 		info->hw_queue |= MT_TX_HW_QUEUE_EXT_PHY;
737 	}
738 
739 	mt7615_mac_write_txwi(dev, (__le32 *)(req.pkt), skb, wcid, NULL,
740 			      0, NULL, true);
741 	memcpy(req.pkt + MT_TXD_SIZE, skb->data, skb->len);
742 	req.pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
743 	req.tim_ie_pos = cpu_to_le16(MT_TXD_SIZE + offs.tim_offset);
744 	if (offs.cntdwn_counter_offs[0]) {
745 		u16 csa_offs;
746 
747 		csa_offs = MT_TXD_SIZE + offs.cntdwn_counter_offs[0] - 4;
748 		req.csa_ie_pos = cpu_to_le16(csa_offs);
749 		req.csa_cnt = skb->data[offs.cntdwn_counter_offs[0]];
750 	}
751 	dev_kfree_skb(skb);
752 
753 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_BCN_OFFLOAD,
754 				   &req, sizeof(req), true);
755 }
756 
757 static int
758 mt7615_mcu_ctrl_pm_state(struct mt7615_dev *dev, int band, int state)
759 {
760 #define ENTER_PM_STATE	1
761 #define EXIT_PM_STATE	2
762 	struct {
763 		u8 pm_number;
764 		u8 pm_state;
765 		u8 bssid[ETH_ALEN];
766 		u8 dtim_period;
767 		u8 wlan_idx;
768 		__le16 bcn_interval;
769 		__le32 aid;
770 		__le32 rx_filter;
771 		u8 band_idx;
772 		u8 rsv[3];
773 		__le32 feature;
774 		u8 omac_idx;
775 		u8 wmm_idx;
776 		u8 bcn_loss_cnt;
777 		u8 bcn_sp_duration;
778 	} __packed req = {
779 		.pm_number = 5,
780 		.pm_state = state ? ENTER_PM_STATE : EXIT_PM_STATE,
781 		.band_idx = band,
782 	};
783 
784 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_PM_STATE_CTRL,
785 				   &req, sizeof(req), true);
786 }
787 
788 static struct sk_buff *
789 mt7615_mcu_alloc_sta_req(struct mt7615_dev *dev, struct mt7615_vif *mvif,
790 			 struct mt7615_sta *msta)
791 {
792 	struct sta_req_hdr hdr = {
793 		.bss_idx = mvif->idx,
794 		.wlan_idx = msta ? msta->wcid.idx : 0,
795 		.muar_idx = msta ? mvif->omac_idx : 0,
796 		.is_tlv_append = 1,
797 	};
798 	struct sk_buff *skb;
799 
800 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, MT7615_STA_UPDATE_MAX_SIZE);
801 	if (!skb)
802 		return ERR_PTR(-ENOMEM);
803 
804 	skb_put_data(skb, &hdr, sizeof(hdr));
805 
806 	return skb;
807 }
808 
809 static struct wtbl_req_hdr *
810 mt7615_mcu_alloc_wtbl_req(struct mt7615_dev *dev, struct mt7615_sta *msta,
811 			  int cmd, void *sta_wtbl, struct sk_buff **skb)
812 {
813 	struct tlv *sta_hdr = sta_wtbl;
814 	struct wtbl_req_hdr hdr = {
815 		.wlan_idx = msta->wcid.idx,
816 		.operation = cmd,
817 	};
818 	struct sk_buff *nskb = *skb;
819 
820 	if (!nskb) {
821 		nskb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
822 					  MT7615_WTBL_UPDATE_BA_SIZE);
823 		if (!nskb)
824 			return ERR_PTR(-ENOMEM);
825 
826 		*skb = nskb;
827 	}
828 
829 	if (sta_hdr)
830 		sta_hdr->len = cpu_to_le16(sizeof(hdr));
831 
832 	return skb_put_data(nskb, &hdr, sizeof(hdr));
833 }
834 
835 static struct tlv *
836 mt7615_mcu_add_nested_tlv(struct sk_buff *skb, int tag, int len,
837 			  void *sta_ntlv, void *sta_wtbl)
838 {
839 	struct sta_ntlv_hdr *ntlv_hdr = sta_ntlv;
840 	struct tlv *sta_hdr = sta_wtbl;
841 	struct tlv *ptlv, tlv = {
842 		.tag = cpu_to_le16(tag),
843 		.len = cpu_to_le16(len),
844 	};
845 	u16 ntlv;
846 
847 	ptlv = skb_put(skb, len);
848 	memcpy(ptlv, &tlv, sizeof(tlv));
849 
850 	ntlv = le16_to_cpu(ntlv_hdr->tlv_num);
851 	ntlv_hdr->tlv_num = cpu_to_le16(ntlv + 1);
852 
853 	if (sta_hdr) {
854 		u16 size = le16_to_cpu(sta_hdr->len);
855 
856 		sta_hdr->len = cpu_to_le16(size + len);
857 	}
858 
859 	return ptlv;
860 }
861 
862 static struct tlv *
863 mt7615_mcu_add_tlv(struct sk_buff *skb, int tag, int len)
864 {
865 	return mt7615_mcu_add_nested_tlv(skb, tag, len, skb->data, NULL);
866 }
867 
868 static int
869 mt7615_mcu_bss_basic_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
870 			 struct ieee80211_sta *sta, bool enable)
871 {
872 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
873 	u32 type = vif->p2p ? NETWORK_P2P : NETWORK_INFRA;
874 	struct bss_info_basic *bss;
875 	u8 wlan_idx = mvif->sta.wcid.idx;
876 	struct tlv *tlv;
877 
878 	tlv = mt7615_mcu_add_tlv(skb, BSS_INFO_BASIC, sizeof(*bss));
879 
880 	switch (vif->type) {
881 	case NL80211_IFTYPE_MESH_POINT:
882 	case NL80211_IFTYPE_AP:
883 		break;
884 	case NL80211_IFTYPE_STATION:
885 		/* TODO: enable BSS_INFO_UAPSD & BSS_INFO_PM */
886 		if (enable && sta) {
887 			struct mt7615_sta *msta;
888 
889 			msta = (struct mt7615_sta *)sta->drv_priv;
890 			wlan_idx = msta->wcid.idx;
891 		}
892 		break;
893 	case NL80211_IFTYPE_ADHOC:
894 		type = NETWORK_IBSS;
895 		break;
896 	default:
897 		WARN_ON(1);
898 		break;
899 	}
900 
901 	bss = (struct bss_info_basic *)tlv;
902 	memcpy(bss->bssid, vif->bss_conf.bssid, ETH_ALEN);
903 	bss->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
904 	bss->network_type = cpu_to_le32(type);
905 	bss->dtim_period = vif->bss_conf.dtim_period;
906 	bss->bmc_tx_wlan_idx = wlan_idx;
907 	bss->wmm_idx = mvif->wmm_idx;
908 	bss->active = enable;
909 
910 	return 0;
911 }
912 
913 static void
914 mt7615_mcu_bss_omac_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
915 {
916 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
917 	struct bss_info_omac *omac;
918 	struct tlv *tlv;
919 	u32 type = 0;
920 	u8 idx;
921 
922 	tlv = mt7615_mcu_add_tlv(skb, BSS_INFO_OMAC, sizeof(*omac));
923 
924 	switch (vif->type) {
925 	case NL80211_IFTYPE_MESH_POINT:
926 	case NL80211_IFTYPE_AP:
927 		if (vif->p2p)
928 			type = CONNECTION_P2P_GO;
929 		else
930 			type = CONNECTION_INFRA_AP;
931 		break;
932 	case NL80211_IFTYPE_STATION:
933 		if (vif->p2p)
934 			type = CONNECTION_P2P_GC;
935 		else
936 			type = CONNECTION_INFRA_STA;
937 		break;
938 	case NL80211_IFTYPE_ADHOC:
939 		type = CONNECTION_IBSS_ADHOC;
940 		break;
941 	default:
942 		WARN_ON(1);
943 		break;
944 	}
945 
946 	omac = (struct bss_info_omac *)tlv;
947 	idx = mvif->omac_idx > EXT_BSSID_START ? HW_BSSID_0 : mvif->omac_idx;
948 	omac->conn_type = cpu_to_le32(type);
949 	omac->omac_idx = mvif->omac_idx;
950 	omac->band_idx = mvif->band_idx;
951 	omac->hw_bss_idx = idx;
952 }
953 
954 /* SIFS 20us + 512 byte beacon tranmitted by 1Mbps (3906us) */
955 #define BCN_TX_ESTIMATE_TIME (4096 + 20)
956 static void
957 mt7615_mcu_bss_ext_tlv(struct sk_buff *skb, struct mt7615_vif *mvif)
958 {
959 	struct bss_info_ext_bss *ext;
960 	int ext_bss_idx, tsf_offset;
961 	struct tlv *tlv;
962 
963 	ext_bss_idx = mvif->omac_idx - EXT_BSSID_START;
964 	if (ext_bss_idx < 0)
965 		return;
966 
967 	tlv = mt7615_mcu_add_tlv(skb, BSS_INFO_EXT_BSS, sizeof(*ext));
968 
969 	ext = (struct bss_info_ext_bss *)tlv;
970 	tsf_offset = ext_bss_idx * BCN_TX_ESTIMATE_TIME;
971 	ext->mbss_tsf_offset = cpu_to_le32(tsf_offset);
972 }
973 
974 static void
975 mt7615_mcu_sta_ba_tlv(struct sk_buff *skb,
976 		      struct ieee80211_ampdu_params *params,
977 		      bool enable, bool tx)
978 {
979 	struct sta_rec_ba *ba;
980 	struct tlv *tlv;
981 
982 	tlv = mt7615_mcu_add_tlv(skb, STA_REC_BA, sizeof(*ba));
983 
984 	ba = (struct sta_rec_ba *)tlv;
985 	ba->ba_type = tx ? MT_BA_TYPE_ORIGINATOR : MT_BA_TYPE_RECIPIENT,
986 	ba->winsize = cpu_to_le16(params->buf_size);
987 	ba->ssn = cpu_to_le16(params->ssn);
988 	ba->ba_en = enable << params->tid;
989 	ba->amsdu = params->amsdu;
990 	ba->tid = params->tid;
991 }
992 
993 static void
994 mt7615_mcu_sta_basic_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
995 			 struct ieee80211_sta *sta, bool enable)
996 {
997 	struct sta_rec_basic *basic;
998 	struct tlv *tlv;
999 	int conn_type;
1000 
1001 	tlv = mt7615_mcu_add_tlv(skb, STA_REC_BASIC, sizeof(*basic));
1002 
1003 	basic = (struct sta_rec_basic *)tlv;
1004 	basic->extra_info = cpu_to_le16(EXTRA_INFO_VER);
1005 
1006 	if (enable) {
1007 		basic->extra_info |= cpu_to_le16(EXTRA_INFO_NEW);
1008 		basic->conn_state = CONN_STATE_PORT_SECURE;
1009 	} else {
1010 		basic->conn_state = CONN_STATE_DISCONNECT;
1011 	}
1012 
1013 	if (!sta) {
1014 		basic->conn_type = cpu_to_le32(CONNECTION_INFRA_BC);
1015 		eth_broadcast_addr(basic->peer_addr);
1016 		return;
1017 	}
1018 
1019 	switch (vif->type) {
1020 	case NL80211_IFTYPE_MESH_POINT:
1021 	case NL80211_IFTYPE_AP:
1022 		if (vif->p2p)
1023 			conn_type = CONNECTION_P2P_GC;
1024 		else
1025 			conn_type = CONNECTION_INFRA_STA;
1026 		basic->conn_type = cpu_to_le32(conn_type);
1027 		basic->aid = cpu_to_le16(sta->aid);
1028 		break;
1029 	case NL80211_IFTYPE_STATION:
1030 		if (vif->p2p)
1031 			conn_type = CONNECTION_P2P_GO;
1032 		else
1033 			conn_type = CONNECTION_INFRA_AP;
1034 		basic->conn_type = cpu_to_le32(conn_type);
1035 		basic->aid = cpu_to_le16(vif->bss_conf.aid);
1036 		break;
1037 	case NL80211_IFTYPE_ADHOC:
1038 		basic->conn_type = cpu_to_le32(CONNECTION_IBSS_ADHOC);
1039 		basic->aid = cpu_to_le16(sta->aid);
1040 		break;
1041 	default:
1042 		WARN_ON(1);
1043 		break;
1044 	}
1045 
1046 	memcpy(basic->peer_addr, sta->addr, ETH_ALEN);
1047 	basic->qos = sta->wme;
1048 }
1049 
1050 static void
1051 mt7615_mcu_sta_ht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1052 {
1053 	struct tlv *tlv;
1054 
1055 	if (sta->ht_cap.ht_supported) {
1056 		struct sta_rec_ht *ht;
1057 
1058 		tlv = mt7615_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
1059 		ht = (struct sta_rec_ht *)tlv;
1060 		ht->ht_cap = cpu_to_le16(sta->ht_cap.cap);
1061 	}
1062 	if (sta->vht_cap.vht_supported) {
1063 		struct sta_rec_vht *vht;
1064 
1065 		tlv = mt7615_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
1066 		vht = (struct sta_rec_vht *)tlv;
1067 		vht->vht_rx_mcs_map = sta->vht_cap.vht_mcs.rx_mcs_map;
1068 		vht->vht_tx_mcs_map = sta->vht_cap.vht_mcs.tx_mcs_map;
1069 		vht->vht_cap = cpu_to_le32(sta->vht_cap.cap);
1070 	}
1071 }
1072 
1073 static void
1074 mt7615_mcu_sta_uapsd(struct sk_buff *skb, struct ieee80211_vif *vif,
1075 		     struct ieee80211_sta *sta)
1076 {
1077 	struct sta_rec_uapsd *uapsd;
1078 	struct tlv *tlv;
1079 
1080 	if (vif->type != NL80211_IFTYPE_AP || !sta->wme)
1081 		return;
1082 
1083 	tlv = mt7615_mcu_add_tlv(skb, STA_REC_APPS, sizeof(*uapsd));
1084 	uapsd = (struct sta_rec_uapsd *)tlv;
1085 
1086 	if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) {
1087 		uapsd->dac_map |= BIT(3);
1088 		uapsd->tac_map |= BIT(3);
1089 	}
1090 	if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI) {
1091 		uapsd->dac_map |= BIT(2);
1092 		uapsd->tac_map |= BIT(2);
1093 	}
1094 	if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE) {
1095 		uapsd->dac_map |= BIT(1);
1096 		uapsd->tac_map |= BIT(1);
1097 	}
1098 	if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK) {
1099 		uapsd->dac_map |= BIT(0);
1100 		uapsd->tac_map |= BIT(0);
1101 	}
1102 	uapsd->max_sp = sta->max_sp;
1103 }
1104 
1105 static void
1106 mt7615_mcu_wtbl_ba_tlv(struct sk_buff *skb,
1107 		       struct ieee80211_ampdu_params *params,
1108 		       bool enable, bool tx, void *sta_wtbl,
1109 		       void *wtbl_tlv)
1110 {
1111 	struct wtbl_ba *ba;
1112 	struct tlv *tlv;
1113 
1114 	tlv = mt7615_mcu_add_nested_tlv(skb, WTBL_BA, sizeof(*ba),
1115 					wtbl_tlv, sta_wtbl);
1116 
1117 	ba = (struct wtbl_ba *)tlv;
1118 	ba->tid = params->tid;
1119 
1120 	if (tx) {
1121 		ba->ba_type = MT_BA_TYPE_ORIGINATOR;
1122 		ba->sn = enable ? cpu_to_le16(params->ssn) : 0;
1123 		ba->ba_winsize = cpu_to_le16(params->buf_size);
1124 		ba->ba_en = enable;
1125 	} else {
1126 		memcpy(ba->peer_addr, params->sta->addr, ETH_ALEN);
1127 		ba->ba_type = MT_BA_TYPE_RECIPIENT;
1128 		ba->rst_ba_tid = params->tid;
1129 		ba->rst_ba_sel = RST_BA_MAC_TID_MATCH;
1130 		ba->rst_ba_sb = 1;
1131 	}
1132 
1133 	if (enable && tx) {
1134 		u8 ba_range[] = { 4, 8, 12, 24, 36, 48, 54, 64 };
1135 		int i;
1136 
1137 		for (i = 7; i > 0; i--) {
1138 			if (params->buf_size >= ba_range[i])
1139 				break;
1140 		}
1141 		ba->ba_winsize_idx = i;
1142 	}
1143 }
1144 
1145 static void
1146 mt7615_mcu_wtbl_generic_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
1147 			    struct ieee80211_sta *sta, void *sta_wtbl,
1148 			    void *wtbl_tlv)
1149 {
1150 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1151 	struct wtbl_generic *generic;
1152 	struct wtbl_rx *rx;
1153 	struct wtbl_spe *spe;
1154 	struct tlv *tlv;
1155 
1156 	tlv = mt7615_mcu_add_nested_tlv(skb, WTBL_GENERIC, sizeof(*generic),
1157 					wtbl_tlv, sta_wtbl);
1158 
1159 	generic = (struct wtbl_generic *)tlv;
1160 
1161 	if (sta) {
1162 		if (vif->type == NL80211_IFTYPE_STATION)
1163 			generic->partial_aid = cpu_to_le16(vif->bss_conf.aid);
1164 		else
1165 			generic->partial_aid = cpu_to_le16(sta->aid);
1166 		memcpy(generic->peer_addr, sta->addr, ETH_ALEN);
1167 		generic->muar_idx = mvif->omac_idx;
1168 		generic->qos = sta->wme;
1169 	} else {
1170 		eth_broadcast_addr(generic->peer_addr);
1171 		generic->muar_idx = 0xe;
1172 	}
1173 
1174 	tlv = mt7615_mcu_add_nested_tlv(skb, WTBL_RX, sizeof(*rx),
1175 					wtbl_tlv, sta_wtbl);
1176 
1177 	rx = (struct wtbl_rx *)tlv;
1178 	rx->rca1 = sta ? vif->type != NL80211_IFTYPE_AP : 1;
1179 	rx->rca2 = 1;
1180 	rx->rv = 1;
1181 
1182 	tlv = mt7615_mcu_add_nested_tlv(skb, WTBL_SPE, sizeof(*spe),
1183 					wtbl_tlv, sta_wtbl);
1184 	spe = (struct wtbl_spe *)tlv;
1185 	spe->spe_idx = 24;
1186 }
1187 
1188 static void
1189 mt7615_mcu_wtbl_ht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
1190 		       void *sta_wtbl, void *wtbl_tlv)
1191 {
1192 	struct tlv *tlv;
1193 	struct wtbl_ht *ht = NULL;
1194 	u32 flags = 0;
1195 
1196 	if (sta->ht_cap.ht_supported) {
1197 		tlv = mt7615_mcu_add_nested_tlv(skb, WTBL_HT, sizeof(*ht),
1198 						wtbl_tlv, sta_wtbl);
1199 		ht = (struct wtbl_ht *)tlv;
1200 		ht->ldpc = !!(sta->ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING);
1201 		ht->af = sta->ht_cap.ampdu_factor;
1202 		ht->mm = sta->ht_cap.ampdu_density;
1203 		ht->ht = 1;
1204 
1205 		if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20)
1206 			flags |= MT_WTBL_W5_SHORT_GI_20;
1207 		if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40)
1208 			flags |= MT_WTBL_W5_SHORT_GI_40;
1209 	}
1210 
1211 	if (sta->vht_cap.vht_supported) {
1212 		struct wtbl_vht *vht;
1213 		u8 af;
1214 
1215 		tlv = mt7615_mcu_add_nested_tlv(skb, WTBL_VHT, sizeof(*vht),
1216 						wtbl_tlv, sta_wtbl);
1217 		vht = (struct wtbl_vht *)tlv;
1218 		vht->ldpc = !!(sta->vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC);
1219 		vht->vht = 1;
1220 
1221 		af = (sta->vht_cap.cap &
1222 		      IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
1223 		      IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT;
1224 
1225 		if (ht)
1226 		    ht->af = max(ht->af, af);
1227 
1228 		if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80)
1229 			flags |= MT_WTBL_W5_SHORT_GI_80;
1230 		if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160)
1231 			flags |= MT_WTBL_W5_SHORT_GI_160;
1232 	}
1233 
1234 	/* wtbl smps */
1235 	if (sta->smps_mode == IEEE80211_SMPS_DYNAMIC) {
1236 		struct wtbl_smps *smps;
1237 
1238 		tlv = mt7615_mcu_add_nested_tlv(skb, WTBL_SMPS, sizeof(*smps),
1239 						wtbl_tlv, sta_wtbl);
1240 		smps = (struct wtbl_smps *)tlv;
1241 		smps->smps = 1;
1242 	}
1243 
1244 	if (sta->ht_cap.ht_supported) {
1245 		/* sgi */
1246 		u32 msk = MT_WTBL_W5_SHORT_GI_20 | MT_WTBL_W5_SHORT_GI_40 |
1247 			  MT_WTBL_W5_SHORT_GI_80 | MT_WTBL_W5_SHORT_GI_160;
1248 		struct wtbl_raw *raw;
1249 
1250 		tlv = mt7615_mcu_add_nested_tlv(skb, WTBL_RAW_DATA,
1251 						sizeof(*raw), wtbl_tlv,
1252 						sta_wtbl);
1253 		raw = (struct wtbl_raw *)tlv;
1254 		raw->val = cpu_to_le32(flags);
1255 		raw->msk = cpu_to_le32(~msk);
1256 		raw->wtbl_idx = 1;
1257 		raw->dw = 5;
1258 	}
1259 }
1260 
1261 static int
1262 mt7615_mcu_add_bss(struct mt7615_phy *phy, struct ieee80211_vif *vif,
1263 		   struct ieee80211_sta *sta, bool enable)
1264 {
1265 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1266 	struct mt7615_dev *dev = phy->dev;
1267 	struct sk_buff *skb;
1268 
1269 	skb = mt7615_mcu_alloc_sta_req(dev, mvif, NULL);
1270 	if (IS_ERR(skb))
1271 		return PTR_ERR(skb);
1272 
1273 	if (enable)
1274 		mt7615_mcu_bss_omac_tlv(skb, vif);
1275 
1276 	mt7615_mcu_bss_basic_tlv(skb, vif, sta, enable);
1277 
1278 	if (enable && mvif->omac_idx > EXT_BSSID_START)
1279 		mt7615_mcu_bss_ext_tlv(skb, mvif);
1280 
1281 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
1282 				       MCU_EXT_CMD_BSS_INFO_UPDATE, true);
1283 }
1284 
1285 static int
1286 mt7615_mcu_wtbl_tx_ba(struct mt7615_dev *dev,
1287 		      struct ieee80211_ampdu_params *params,
1288 		      bool enable)
1289 {
1290 	struct mt7615_sta *msta = (struct mt7615_sta *)params->sta->drv_priv;
1291 	struct mt7615_vif *mvif = msta->vif;
1292 	struct wtbl_req_hdr *wtbl_hdr;
1293 	struct sk_buff *skb = NULL;
1294 	int err;
1295 
1296 	wtbl_hdr = mt7615_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, NULL, &skb);
1297 	if (IS_ERR(wtbl_hdr))
1298 		return PTR_ERR(wtbl_hdr);
1299 
1300 	mt7615_mcu_wtbl_ba_tlv(skb, params, enable, true, NULL, wtbl_hdr);
1301 
1302 	err = __mt76_mcu_skb_send_msg(&dev->mt76, skb,
1303 				      MCU_EXT_CMD_WTBL_UPDATE, true);
1304 	if (err < 0)
1305 		return err;
1306 
1307 	skb = mt7615_mcu_alloc_sta_req(dev, mvif, msta);
1308 	if (IS_ERR(skb))
1309 		return PTR_ERR(skb);
1310 
1311 	mt7615_mcu_sta_ba_tlv(skb, params, enable, true);
1312 
1313 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
1314 				       MCU_EXT_CMD_STA_REC_UPDATE, true);
1315 }
1316 
1317 static int
1318 mt7615_mcu_wtbl_rx_ba(struct mt7615_dev *dev,
1319 		      struct ieee80211_ampdu_params *params,
1320 		      bool enable)
1321 {
1322 	struct mt7615_sta *msta = (struct mt7615_sta *)params->sta->drv_priv;
1323 	struct mt7615_vif *mvif = msta->vif;
1324 	struct wtbl_req_hdr *wtbl_hdr;
1325 	struct sk_buff *skb;
1326 	int err;
1327 
1328 	skb = mt7615_mcu_alloc_sta_req(dev, mvif, msta);
1329 	if (IS_ERR(skb))
1330 		return PTR_ERR(skb);
1331 
1332 	mt7615_mcu_sta_ba_tlv(skb, params, enable, false);
1333 
1334 	err = __mt76_mcu_skb_send_msg(&dev->mt76, skb,
1335 				      MCU_EXT_CMD_STA_REC_UPDATE, true);
1336 	if (err < 0 || !enable)
1337 		return err;
1338 
1339 	skb = NULL;
1340 	wtbl_hdr = mt7615_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, NULL, &skb);
1341 	if (IS_ERR(wtbl_hdr))
1342 		return PTR_ERR(wtbl_hdr);
1343 
1344 	mt7615_mcu_wtbl_ba_tlv(skb, params, enable, false, NULL, wtbl_hdr);
1345 
1346 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
1347 				       MCU_EXT_CMD_WTBL_UPDATE, true);
1348 }
1349 
1350 static int
1351 mt7615_mcu_wtbl_sta_add(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1352 			struct ieee80211_sta *sta, bool enable)
1353 {
1354 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1355 	struct sk_buff *skb, *sskb, *wskb = NULL;
1356 	struct wtbl_req_hdr *wtbl_hdr;
1357 	struct mt7615_sta *msta;
1358 	int cmd, err;
1359 
1360 	msta = sta ? (struct mt7615_sta *)sta->drv_priv : &mvif->sta;
1361 
1362 	sskb = mt7615_mcu_alloc_sta_req(dev, mvif, msta);
1363 	if (IS_ERR(sskb))
1364 		return PTR_ERR(sskb);
1365 
1366 	mt7615_mcu_sta_basic_tlv(sskb, vif, sta, enable);
1367 	if (enable && sta) {
1368 		mt7615_mcu_sta_ht_tlv(sskb, sta);
1369 		mt7615_mcu_sta_uapsd(sskb, vif, sta);
1370 	}
1371 
1372 	wtbl_hdr = mt7615_mcu_alloc_wtbl_req(dev, msta, WTBL_RESET_AND_SET,
1373 					     NULL, &wskb);
1374 	if (IS_ERR(wtbl_hdr))
1375 		return PTR_ERR(wtbl_hdr);
1376 
1377 	if (enable) {
1378 		mt7615_mcu_wtbl_generic_tlv(wskb, vif, sta, NULL, wtbl_hdr);
1379 		if (sta)
1380 			mt7615_mcu_wtbl_ht_tlv(wskb, sta, NULL, wtbl_hdr);
1381 	}
1382 
1383 	cmd = enable ? MCU_EXT_CMD_WTBL_UPDATE : MCU_EXT_CMD_STA_REC_UPDATE;
1384 	skb = enable ? wskb : sskb;
1385 
1386 	err = __mt76_mcu_skb_send_msg(&dev->mt76, skb, cmd, true);
1387 	if (err < 0) {
1388 		skb = enable ? sskb : wskb;
1389 		dev_kfree_skb(skb);
1390 
1391 		return err;
1392 	}
1393 
1394 	cmd = enable ? MCU_EXT_CMD_STA_REC_UPDATE : MCU_EXT_CMD_WTBL_UPDATE;
1395 	skb = enable ? sskb : wskb;
1396 
1397 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb, cmd, true);
1398 }
1399 
1400 static const struct mt7615_mcu_ops wtbl_update_ops = {
1401 	.add_beacon_offload = mt7615_mcu_add_beacon_offload,
1402 	.set_pm_state = mt7615_mcu_ctrl_pm_state,
1403 	.add_dev_info = mt7615_mcu_add_dev,
1404 	.add_bss_info = mt7615_mcu_add_bss,
1405 	.add_tx_ba = mt7615_mcu_wtbl_tx_ba,
1406 	.add_rx_ba = mt7615_mcu_wtbl_rx_ba,
1407 	.sta_add = mt7615_mcu_wtbl_sta_add,
1408 	.set_drv_ctrl = mt7615_mcu_drv_pmctrl,
1409 	.set_fw_ctrl = mt7615_mcu_fw_pmctrl,
1410 };
1411 
1412 static int
1413 mt7615_mcu_sta_ba(struct mt7615_dev *dev,
1414 		  struct ieee80211_ampdu_params *params,
1415 		  bool enable, bool tx)
1416 {
1417 	struct mt7615_sta *msta = (struct mt7615_sta *)params->sta->drv_priv;
1418 	struct mt7615_vif *mvif = msta->vif;
1419 	struct wtbl_req_hdr *wtbl_hdr;
1420 	struct tlv *sta_wtbl;
1421 	struct sk_buff *skb;
1422 
1423 	skb = mt7615_mcu_alloc_sta_req(dev, mvif, msta);
1424 	if (IS_ERR(skb))
1425 		return PTR_ERR(skb);
1426 
1427 	mt7615_mcu_sta_ba_tlv(skb, params, enable, tx);
1428 
1429 	sta_wtbl = mt7615_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
1430 
1431 	wtbl_hdr = mt7615_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, sta_wtbl,
1432 					     &skb);
1433 	mt7615_mcu_wtbl_ba_tlv(skb, params, enable, tx, sta_wtbl, wtbl_hdr);
1434 
1435 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
1436 				       MCU_EXT_CMD_STA_REC_UPDATE, true);
1437 }
1438 
1439 static int
1440 mt7615_mcu_sta_tx_ba(struct mt7615_dev *dev,
1441 		     struct ieee80211_ampdu_params *params,
1442 		     bool enable)
1443 {
1444 	return mt7615_mcu_sta_ba(dev, params, enable, true);
1445 }
1446 
1447 static int
1448 mt7615_mcu_sta_rx_ba(struct mt7615_dev *dev,
1449 		     struct ieee80211_ampdu_params *params,
1450 		     bool enable)
1451 {
1452 	return mt7615_mcu_sta_ba(dev, params, enable, false);
1453 }
1454 
1455 static int
1456 mt7615_mcu_add_sta_cmd(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1457 		       struct ieee80211_sta *sta, bool enable, int cmd)
1458 {
1459 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1460 	struct wtbl_req_hdr *wtbl_hdr;
1461 	struct mt7615_sta *msta;
1462 	struct tlv *sta_wtbl;
1463 	struct sk_buff *skb;
1464 
1465 	msta = sta ? (struct mt7615_sta *)sta->drv_priv : &mvif->sta;
1466 
1467 	skb = mt7615_mcu_alloc_sta_req(dev, mvif, msta);
1468 	if (IS_ERR(skb))
1469 		return PTR_ERR(skb);
1470 
1471 	mt7615_mcu_sta_basic_tlv(skb, vif, sta, enable);
1472 	if (enable && sta) {
1473 		mt7615_mcu_sta_ht_tlv(skb, sta);
1474 		mt7615_mcu_sta_uapsd(skb, vif, sta);
1475 	}
1476 
1477 	sta_wtbl = mt7615_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
1478 
1479 	wtbl_hdr = mt7615_mcu_alloc_wtbl_req(dev, msta, WTBL_RESET_AND_SET,
1480 					     sta_wtbl, &skb);
1481 	if (enable) {
1482 		mt7615_mcu_wtbl_generic_tlv(skb, vif, sta, sta_wtbl, wtbl_hdr);
1483 		if (sta)
1484 			mt7615_mcu_wtbl_ht_tlv(skb, sta, sta_wtbl, wtbl_hdr);
1485 	}
1486 
1487 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb, cmd, true);
1488 }
1489 
1490 static int
1491 mt7615_mcu_add_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1492 		   struct ieee80211_sta *sta, bool enable)
1493 {
1494 	return mt7615_mcu_add_sta_cmd(dev, vif, sta, enable,
1495 				      MCU_EXT_CMD_STA_REC_UPDATE);
1496 }
1497 
1498 static const struct mt7615_mcu_ops sta_update_ops = {
1499 	.add_beacon_offload = mt7615_mcu_add_beacon_offload,
1500 	.set_pm_state = mt7615_mcu_ctrl_pm_state,
1501 	.add_dev_info = mt7615_mcu_add_dev,
1502 	.add_bss_info = mt7615_mcu_add_bss,
1503 	.add_tx_ba = mt7615_mcu_sta_tx_ba,
1504 	.add_rx_ba = mt7615_mcu_sta_rx_ba,
1505 	.sta_add = mt7615_mcu_add_sta,
1506 	.set_drv_ctrl = mt7615_mcu_drv_pmctrl,
1507 	.set_fw_ctrl = mt7615_mcu_fw_pmctrl,
1508 };
1509 
1510 static int
1511 mt7615_mcu_uni_add_dev(struct mt7615_dev *dev,
1512 		       struct ieee80211_vif *vif, bool enable)
1513 {
1514 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1515 	struct {
1516 		struct {
1517 			u8 omac_idx;
1518 			u8 band_idx;
1519 			__le16 pad;
1520 		} __packed hdr;
1521 		struct req_tlv {
1522 			__le16 tag;
1523 			__le16 len;
1524 			u8 active;
1525 			u8 pad;
1526 			u8 omac_addr[ETH_ALEN];
1527 		} __packed tlv;
1528 	} dev_req = {
1529 		.hdr = {
1530 			.omac_idx = mvif->omac_idx,
1531 			.band_idx = mvif->band_idx,
1532 		},
1533 		.tlv = {
1534 			.tag = cpu_to_le16(DEV_INFO_ACTIVE),
1535 			.len = cpu_to_le16(sizeof(struct req_tlv)),
1536 			.active = enable,
1537 		},
1538 	};
1539 	struct {
1540 		struct {
1541 			u8 bss_idx;
1542 			u8 pad[3];
1543 		} __packed hdr;
1544 		struct mt7615_bss_basic_tlv basic;
1545 	} basic_req = {
1546 		.hdr = {
1547 			.bss_idx = mvif->idx,
1548 		},
1549 		.basic = {
1550 			.tag = cpu_to_le16(UNI_BSS_INFO_BASIC),
1551 			.len = cpu_to_le16(sizeof(struct mt7615_bss_basic_tlv)),
1552 			.omac_idx = mvif->omac_idx,
1553 			.band_idx = mvif->band_idx,
1554 			.wmm_idx = mvif->wmm_idx,
1555 			.active = enable,
1556 			.bmc_tx_wlan_idx = cpu_to_le16(mvif->sta.wcid.idx),
1557 			.sta_idx = cpu_to_le16(mvif->sta.wcid.idx),
1558 			.conn_state = 1,
1559 		},
1560 	};
1561 	int err, idx, cmd, len;
1562 	void *data;
1563 
1564 	switch (vif->type) {
1565 	case NL80211_IFTYPE_MESH_POINT:
1566 	case NL80211_IFTYPE_AP:
1567 		basic_req.basic.conn_type = cpu_to_le32(CONNECTION_INFRA_AP);
1568 		break;
1569 	case NL80211_IFTYPE_STATION:
1570 		basic_req.basic.conn_type = cpu_to_le32(CONNECTION_INFRA_STA);
1571 		break;
1572 	case NL80211_IFTYPE_ADHOC:
1573 		basic_req.basic.conn_type = cpu_to_le32(CONNECTION_IBSS_ADHOC);
1574 		break;
1575 	default:
1576 		WARN_ON(1);
1577 		break;
1578 	}
1579 
1580 	idx = mvif->omac_idx > EXT_BSSID_START ? HW_BSSID_0 : mvif->omac_idx;
1581 	basic_req.basic.hw_bss_idx = idx;
1582 
1583 	memcpy(dev_req.tlv.omac_addr, vif->addr, ETH_ALEN);
1584 
1585 	cmd = enable ? MCU_UNI_CMD_DEV_INFO_UPDATE : MCU_UNI_CMD_BSS_INFO_UPDATE;
1586 	data = enable ? (void *)&dev_req : (void *)&basic_req;
1587 	len = enable ? sizeof(dev_req) : sizeof(basic_req);
1588 
1589 	err = __mt76_mcu_send_msg(&dev->mt76, cmd, data, len, true);
1590 	if (err < 0)
1591 		return err;
1592 
1593 	cmd = enable ? MCU_UNI_CMD_BSS_INFO_UPDATE : MCU_UNI_CMD_DEV_INFO_UPDATE;
1594 	data = enable ? (void *)&basic_req : (void *)&dev_req;
1595 	len = enable ? sizeof(basic_req) : sizeof(dev_req);
1596 
1597 	return __mt76_mcu_send_msg(&dev->mt76, cmd, data, len, true);
1598 }
1599 
1600 static int
1601 mt7615_mcu_uni_ctrl_pm_state(struct mt7615_dev *dev, int band, int state)
1602 {
1603 	return 0;
1604 }
1605 
1606 static int
1607 mt7615_mcu_uni_add_bss(struct mt7615_phy *phy, struct ieee80211_vif *vif,
1608 		       struct ieee80211_sta *sta, bool enable)
1609 {
1610 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1611 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
1612 	int freq1 = chandef->center_freq1, freq2 = chandef->center_freq2;
1613 	struct mt7615_dev *dev = phy->dev;
1614 	struct {
1615 		struct {
1616 			u8 bss_idx;
1617 			u8 pad[3];
1618 		} __packed hdr;
1619 		struct mt7615_bss_basic_tlv basic;
1620 		struct mt7615_bss_qos_tlv qos;
1621 	} basic_req = {
1622 		.hdr = {
1623 			.bss_idx = mvif->idx,
1624 		},
1625 		.basic = {
1626 			.tag = cpu_to_le16(UNI_BSS_INFO_BASIC),
1627 			.len = cpu_to_le16(sizeof(struct mt7615_bss_basic_tlv)),
1628 			.bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int),
1629 			.dtim_period = vif->bss_conf.dtim_period,
1630 			.omac_idx = mvif->omac_idx,
1631 			.band_idx = mvif->band_idx,
1632 			.wmm_idx = mvif->wmm_idx,
1633 			.active = true, /* keep bss deactivated */
1634 			.phymode = 0x38,
1635 		},
1636 		.qos = {
1637 			.tag = cpu_to_le16(UNI_BSS_INFO_QBSS),
1638 			.len = cpu_to_le16(sizeof(struct mt7615_bss_qos_tlv)),
1639 			.qos = vif->bss_conf.qos,
1640 		},
1641 	};
1642 	struct {
1643 		struct {
1644 			u8 bss_idx;
1645 			u8 pad[3];
1646 		} __packed hdr;
1647 		struct rlm_tlv {
1648 			__le16 tag;
1649 			__le16 len;
1650 			u8 control_channel;
1651 			u8 center_chan;
1652 			u8 center_chan2;
1653 			u8 bw;
1654 			u8 tx_streams;
1655 			u8 rx_streams;
1656 			u8 short_st;
1657 			u8 ht_op_info;
1658 			u8 sco;
1659 			u8 pad[3];
1660 		} __packed rlm;
1661 	} __packed rlm_req = {
1662 		.hdr = {
1663 			.bss_idx = mvif->idx,
1664 		},
1665 		.rlm = {
1666 			.tag = cpu_to_le16(UNI_BSS_INFO_RLM),
1667 			.len = cpu_to_le16(sizeof(struct rlm_tlv)),
1668 			.control_channel = chandef->chan->hw_value,
1669 			.center_chan = ieee80211_frequency_to_channel(freq1),
1670 			.center_chan2 = ieee80211_frequency_to_channel(freq2),
1671 			.tx_streams = hweight8(phy->mt76->antenna_mask),
1672 			.rx_streams = phy->chainmask,
1673 			.short_st = true,
1674 		},
1675 	};
1676 	int err, conn_type;
1677 	u8 idx;
1678 
1679 	idx = mvif->omac_idx > EXT_BSSID_START ? HW_BSSID_0 : mvif->omac_idx;
1680 	basic_req.basic.hw_bss_idx = idx;
1681 
1682 	switch (vif->type) {
1683 	case NL80211_IFTYPE_MESH_POINT:
1684 	case NL80211_IFTYPE_AP:
1685 		if (vif->p2p)
1686 			conn_type = CONNECTION_P2P_GO;
1687 		else
1688 			conn_type = CONNECTION_INFRA_AP;
1689 		basic_req.basic.conn_type = cpu_to_le32(conn_type);
1690 		break;
1691 	case NL80211_IFTYPE_STATION:
1692 		if (vif->p2p)
1693 			conn_type = CONNECTION_P2P_GC;
1694 		else
1695 			conn_type = CONNECTION_INFRA_STA;
1696 		basic_req.basic.conn_type = cpu_to_le32(conn_type);
1697 		break;
1698 	case NL80211_IFTYPE_ADHOC:
1699 		basic_req.basic.conn_type = cpu_to_le32(CONNECTION_IBSS_ADHOC);
1700 		break;
1701 	default:
1702 		WARN_ON(1);
1703 		break;
1704 	}
1705 
1706 	memcpy(basic_req.basic.bssid, vif->bss_conf.bssid, ETH_ALEN);
1707 	basic_req.basic.bmc_tx_wlan_idx = cpu_to_le16(mvif->sta.wcid.idx);
1708 	basic_req.basic.sta_idx = cpu_to_le16(mvif->sta.wcid.idx);
1709 	basic_req.basic.conn_state = !enable;
1710 
1711 	err = __mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD_BSS_INFO_UPDATE,
1712 				  &basic_req, sizeof(basic_req), true);
1713 	if (err < 0)
1714 		return err;
1715 
1716 	switch (chandef->width) {
1717 	case NL80211_CHAN_WIDTH_40:
1718 		rlm_req.rlm.bw = CMD_CBW_40MHZ;
1719 		break;
1720 	case NL80211_CHAN_WIDTH_80:
1721 		rlm_req.rlm.bw = CMD_CBW_80MHZ;
1722 		break;
1723 	case NL80211_CHAN_WIDTH_80P80:
1724 		rlm_req.rlm.bw = CMD_CBW_8080MHZ;
1725 		break;
1726 	case NL80211_CHAN_WIDTH_160:
1727 		rlm_req.rlm.bw = CMD_CBW_160MHZ;
1728 		break;
1729 	case NL80211_CHAN_WIDTH_5:
1730 		rlm_req.rlm.bw = CMD_CBW_5MHZ;
1731 		break;
1732 	case NL80211_CHAN_WIDTH_10:
1733 		rlm_req.rlm.bw = CMD_CBW_10MHZ;
1734 		break;
1735 	case NL80211_CHAN_WIDTH_20_NOHT:
1736 	case NL80211_CHAN_WIDTH_20:
1737 	default:
1738 		rlm_req.rlm.bw = CMD_CBW_20MHZ;
1739 		break;
1740 	}
1741 
1742 	if (rlm_req.rlm.control_channel < rlm_req.rlm.center_chan)
1743 		rlm_req.rlm.sco = 1; /* SCA */
1744 	else if (rlm_req.rlm.control_channel > rlm_req.rlm.center_chan)
1745 		rlm_req.rlm.sco = 3; /* SCB */
1746 
1747 	return __mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD_BSS_INFO_UPDATE,
1748 				   &rlm_req, sizeof(rlm_req), true);
1749 }
1750 
1751 static int
1752 mt7615_mcu_uni_add_beacon_offload(struct mt7615_dev *dev,
1753 				  struct ieee80211_hw *hw,
1754 				  struct ieee80211_vif *vif,
1755 				  bool enable)
1756 {
1757 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1758 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1759 	struct ieee80211_mutable_offsets offs;
1760 	struct {
1761 		struct req_hdr {
1762 			u8 bss_idx;
1763 			u8 pad[3];
1764 		} __packed hdr;
1765 		struct bcn_content_tlv {
1766 			__le16 tag;
1767 			__le16 len;
1768 			__le16 tim_ie_pos;
1769 			__le16 csa_ie_pos;
1770 			__le16 bcc_ie_pos;
1771 			/* 0: enable beacon offload
1772 			 * 1: disable beacon offload
1773 			 * 2: update probe respond offload
1774 			 */
1775 			u8 enable;
1776 			/* 0: legacy format (TXD + payload)
1777 			 * 1: only cap field IE
1778 			 */
1779 			u8 type;
1780 			__le16 pkt_len;
1781 			u8 pkt[512];
1782 		} __packed beacon_tlv;
1783 	} req = {
1784 		.hdr = {
1785 			.bss_idx = mvif->idx,
1786 		},
1787 		.beacon_tlv = {
1788 			.tag = cpu_to_le16(UNI_BSS_INFO_BCN_CONTENT),
1789 			.len = cpu_to_le16(sizeof(struct bcn_content_tlv)),
1790 			.enable = enable,
1791 		},
1792 	};
1793 	struct sk_buff *skb;
1794 
1795 	skb = ieee80211_beacon_get_template(mt76_hw(dev), vif, &offs);
1796 	if (!skb)
1797 		return -EINVAL;
1798 
1799 	if (skb->len > 512 - MT_TXD_SIZE) {
1800 		dev_err(dev->mt76.dev, "beacon size limit exceed\n");
1801 		dev_kfree_skb(skb);
1802 		return -EINVAL;
1803 	}
1804 
1805 	mt7615_mac_write_txwi(dev, (__le32 *)(req.beacon_tlv.pkt), skb,
1806 			      wcid, NULL, 0, NULL, true);
1807 	memcpy(req.beacon_tlv.pkt + MT_TXD_SIZE, skb->data, skb->len);
1808 	req.beacon_tlv.pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
1809 	req.beacon_tlv.tim_ie_pos = cpu_to_le16(MT_TXD_SIZE + offs.tim_offset);
1810 
1811 	if (offs.cntdwn_counter_offs[0]) {
1812 		u16 csa_offs;
1813 
1814 		csa_offs = MT_TXD_SIZE + offs.cntdwn_counter_offs[0] - 4;
1815 		req.beacon_tlv.csa_ie_pos = cpu_to_le16(csa_offs);
1816 	}
1817 	dev_kfree_skb(skb);
1818 
1819 	return __mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD_BSS_INFO_UPDATE,
1820 				   &req, sizeof(req), true);
1821 }
1822 
1823 static int
1824 mt7615_mcu_uni_tx_ba(struct mt7615_dev *dev,
1825 		     struct ieee80211_ampdu_params *params,
1826 		     bool enable)
1827 {
1828 	struct mt7615_sta *msta = (struct mt7615_sta *)params->sta->drv_priv;
1829 	struct mt7615_vif *mvif = msta->vif;
1830 	struct wtbl_req_hdr *wtbl_hdr;
1831 	struct tlv *sta_wtbl;
1832 	struct sk_buff *skb;
1833 	int err;
1834 
1835 	skb = mt7615_mcu_alloc_sta_req(dev, mvif, msta);
1836 	if (IS_ERR(skb))
1837 		return PTR_ERR(skb);
1838 
1839 	sta_wtbl = mt7615_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
1840 
1841 	wtbl_hdr = mt7615_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, sta_wtbl,
1842 					     &skb);
1843 	if (IS_ERR(wtbl_hdr))
1844 		return PTR_ERR(wtbl_hdr);
1845 
1846 	mt7615_mcu_wtbl_ba_tlv(skb, params, enable, true, sta_wtbl,
1847 			       wtbl_hdr);
1848 
1849 	err =  __mt76_mcu_skb_send_msg(&dev->mt76, skb,
1850 				       MCU_UNI_CMD_STA_REC_UPDATE, true);
1851 	if (err < 0)
1852 		return err;
1853 
1854 	skb = mt7615_mcu_alloc_sta_req(dev, mvif, msta);
1855 	if (IS_ERR(skb))
1856 		return PTR_ERR(skb);
1857 
1858 	mt7615_mcu_sta_ba_tlv(skb, params, enable, true);
1859 
1860 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
1861 				       MCU_UNI_CMD_STA_REC_UPDATE, true);
1862 }
1863 
1864 static int
1865 mt7615_mcu_uni_rx_ba(struct mt7615_dev *dev,
1866 		     struct ieee80211_ampdu_params *params,
1867 		     bool enable)
1868 {
1869 	struct mt7615_sta *msta = (struct mt7615_sta *)params->sta->drv_priv;
1870 	struct mt7615_vif *mvif = msta->vif;
1871 	struct wtbl_req_hdr *wtbl_hdr;
1872 	struct tlv *sta_wtbl;
1873 	struct sk_buff *skb;
1874 	int err;
1875 
1876 	skb = mt7615_mcu_alloc_sta_req(dev, mvif, msta);
1877 	if (IS_ERR(skb))
1878 		return PTR_ERR(skb);
1879 
1880 	mt7615_mcu_sta_ba_tlv(skb, params, enable, false);
1881 
1882 	err = __mt76_mcu_skb_send_msg(&dev->mt76, skb,
1883 				      MCU_UNI_CMD_STA_REC_UPDATE, true);
1884 	if (err < 0 || !enable)
1885 		return err;
1886 
1887 	skb = mt7615_mcu_alloc_sta_req(dev, mvif, msta);
1888 	if (IS_ERR(skb))
1889 		return PTR_ERR(skb);
1890 
1891 	sta_wtbl = mt7615_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
1892 
1893 	wtbl_hdr = mt7615_mcu_alloc_wtbl_req(dev, msta, WTBL_SET, sta_wtbl,
1894 					     &skb);
1895 	if (IS_ERR(wtbl_hdr))
1896 		return PTR_ERR(wtbl_hdr);
1897 
1898 	mt7615_mcu_wtbl_ba_tlv(skb, params, enable, false, sta_wtbl,
1899 			       wtbl_hdr);
1900 
1901 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
1902 				       MCU_UNI_CMD_STA_REC_UPDATE, true);
1903 }
1904 
1905 static int
1906 mt7615_mcu_uni_add_sta(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1907 		       struct ieee80211_sta *sta, bool enable)
1908 {
1909 	return mt7615_mcu_add_sta_cmd(dev, vif, sta, enable,
1910 				      MCU_UNI_CMD_STA_REC_UPDATE);
1911 }
1912 
1913 static const struct mt7615_mcu_ops uni_update_ops = {
1914 	.add_beacon_offload = mt7615_mcu_uni_add_beacon_offload,
1915 	.set_pm_state = mt7615_mcu_uni_ctrl_pm_state,
1916 	.add_dev_info = mt7615_mcu_uni_add_dev,
1917 	.add_bss_info = mt7615_mcu_uni_add_bss,
1918 	.add_tx_ba = mt7615_mcu_uni_tx_ba,
1919 	.add_rx_ba = mt7615_mcu_uni_rx_ba,
1920 	.sta_add = mt7615_mcu_uni_add_sta,
1921 	.set_drv_ctrl = mt7615_mcu_lp_drv_pmctrl,
1922 	.set_fw_ctrl = mt7615_mcu_fw_pmctrl,
1923 };
1924 
1925 static int mt7615_mcu_send_firmware(struct mt7615_dev *dev, const void *data,
1926 				    int len)
1927 {
1928 	int ret = 0, cur_len;
1929 
1930 	while (len > 0) {
1931 		cur_len = min_t(int, 4096 - dev->mt76.mcu_ops->headroom, len);
1932 
1933 		ret = __mt76_mcu_send_msg(&dev->mt76, MCU_CMD_FW_SCATTER,
1934 					  data, cur_len, false);
1935 		if (ret)
1936 			break;
1937 
1938 		data += cur_len;
1939 		len -= cur_len;
1940 
1941 		if (mt76_is_mmio(&dev->mt76))
1942 			mt76_queue_tx_cleanup(dev, MT_TXQ_FWDL, false);
1943 	}
1944 
1945 	return ret;
1946 }
1947 
1948 static int mt7615_mcu_start_firmware(struct mt7615_dev *dev, u32 addr,
1949 				     u32 option)
1950 {
1951 	struct {
1952 		__le32 option;
1953 		__le32 addr;
1954 	} req = {
1955 		.option = cpu_to_le32(option),
1956 		.addr = cpu_to_le32(addr),
1957 	};
1958 
1959 	return __mt76_mcu_send_msg(&dev->mt76, MCU_CMD_FW_START_REQ,
1960 				   &req, sizeof(req), true);
1961 }
1962 
1963 int mt7615_mcu_restart(struct mt76_dev *dev)
1964 {
1965 	return __mt76_mcu_send_msg(dev, MCU_CMD_RESTART_DL_REQ, NULL,
1966 				   0, true);
1967 }
1968 EXPORT_SYMBOL_GPL(mt7615_mcu_restart);
1969 
1970 static int mt7615_mcu_patch_sem_ctrl(struct mt7615_dev *dev, bool get)
1971 {
1972 	struct {
1973 		__le32 op;
1974 	} req = {
1975 		.op = cpu_to_le32(get ? PATCH_SEM_GET : PATCH_SEM_RELEASE),
1976 	};
1977 
1978 	return __mt76_mcu_send_msg(&dev->mt76, MCU_CMD_PATCH_SEM_CONTROL,
1979 				   &req, sizeof(req), true);
1980 }
1981 
1982 static int mt7615_mcu_start_patch(struct mt7615_dev *dev)
1983 {
1984 	struct {
1985 		u8 check_crc;
1986 		u8 reserved[3];
1987 	} req = {
1988 		.check_crc = 0,
1989 	};
1990 
1991 	return __mt76_mcu_send_msg(&dev->mt76, MCU_CMD_PATCH_FINISH_REQ,
1992 				   &req, sizeof(req), true);
1993 }
1994 
1995 static int mt7615_load_patch(struct mt7615_dev *dev, u32 addr, const char *name)
1996 {
1997 	const struct mt7615_patch_hdr *hdr;
1998 	const struct firmware *fw = NULL;
1999 	int len, ret, sem;
2000 
2001 	sem = mt7615_mcu_patch_sem_ctrl(dev, 1);
2002 	switch (sem) {
2003 	case PATCH_IS_DL:
2004 		return 0;
2005 	case PATCH_NOT_DL_SEM_SUCCESS:
2006 		break;
2007 	default:
2008 		dev_err(dev->mt76.dev, "Failed to get patch semaphore\n");
2009 		return -EAGAIN;
2010 	}
2011 
2012 	ret = firmware_request_nowarn(&fw, name, dev->mt76.dev);
2013 	if (ret)
2014 		goto out;
2015 
2016 	if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2017 		dev_err(dev->mt76.dev, "Invalid firmware\n");
2018 		ret = -EINVAL;
2019 		goto out;
2020 	}
2021 
2022 	hdr = (const struct mt7615_patch_hdr *)(fw->data);
2023 
2024 	dev_info(dev->mt76.dev, "HW/SW Version: 0x%x, Build Time: %.16s\n",
2025 		 be32_to_cpu(hdr->hw_sw_ver), hdr->build_date);
2026 
2027 	len = fw->size - sizeof(*hdr);
2028 
2029 	ret = mt7615_mcu_init_download(dev, addr, len, DL_MODE_NEED_RSP);
2030 	if (ret) {
2031 		dev_err(dev->mt76.dev, "Download request failed\n");
2032 		goto out;
2033 	}
2034 
2035 	ret = mt7615_mcu_send_firmware(dev, fw->data + sizeof(*hdr), len);
2036 	if (ret) {
2037 		dev_err(dev->mt76.dev, "Failed to send firmware to device\n");
2038 		goto out;
2039 	}
2040 
2041 	ret = mt7615_mcu_start_patch(dev);
2042 	if (ret)
2043 		dev_err(dev->mt76.dev, "Failed to start patch\n");
2044 
2045 out:
2046 	release_firmware(fw);
2047 
2048 	sem = mt7615_mcu_patch_sem_ctrl(dev, 0);
2049 	switch (sem) {
2050 	case PATCH_REL_SEM_SUCCESS:
2051 		break;
2052 	default:
2053 		ret = -EAGAIN;
2054 		dev_err(dev->mt76.dev, "Failed to release patch semaphore\n");
2055 		break;
2056 	}
2057 
2058 	return ret;
2059 }
2060 
2061 static u32 mt7615_mcu_gen_dl_mode(u8 feature_set, bool is_cr4)
2062 {
2063 	u32 ret = 0;
2064 
2065 	ret |= (feature_set & FW_FEATURE_SET_ENCRYPT) ?
2066 	       (DL_MODE_ENCRYPT | DL_MODE_RESET_SEC_IV) : 0;
2067 	ret |= FIELD_PREP(DL_MODE_KEY_IDX,
2068 			  FIELD_GET(FW_FEATURE_SET_KEY_IDX, feature_set));
2069 	ret |= DL_MODE_NEED_RSP;
2070 	ret |= is_cr4 ? DL_MODE_WORKING_PDA_CR4 : 0;
2071 
2072 	return ret;
2073 }
2074 
2075 static int
2076 mt7615_mcu_send_ram_firmware(struct mt7615_dev *dev,
2077 			     const struct mt7615_fw_trailer *hdr,
2078 			     const u8 *data, bool is_cr4)
2079 {
2080 	int n_region = is_cr4 ? CR4_REGION_NUM : N9_REGION_NUM;
2081 	int err, i, offset = 0;
2082 	u32 len, addr, mode;
2083 
2084 	for (i = 0; i < n_region; i++) {
2085 		mode = mt7615_mcu_gen_dl_mode(hdr[i].feature_set, is_cr4);
2086 		len = le32_to_cpu(hdr[i].len) + IMG_CRC_LEN;
2087 		addr = le32_to_cpu(hdr[i].addr);
2088 
2089 		err = mt7615_mcu_init_download(dev, addr, len, mode);
2090 		if (err) {
2091 			dev_err(dev->mt76.dev, "Download request failed\n");
2092 			return err;
2093 		}
2094 
2095 		err = mt7615_mcu_send_firmware(dev, data + offset, len);
2096 		if (err) {
2097 			dev_err(dev->mt76.dev, "Failed to send firmware to device\n");
2098 			return err;
2099 		}
2100 
2101 		offset += len;
2102 	}
2103 
2104 	return 0;
2105 }
2106 
2107 static const struct wiphy_wowlan_support mt7615_wowlan_support = {
2108 	.flags = WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT |
2109 		 WIPHY_WOWLAN_SUPPORTS_GTK_REKEY | WIPHY_WOWLAN_NET_DETECT,
2110 	.n_patterns = 1,
2111 	.pattern_min_len = 1,
2112 	.pattern_max_len = MT7615_WOW_PATTEN_MAX_LEN,
2113 	.max_nd_match_sets = 10,
2114 };
2115 
2116 static int mt7615_load_n9(struct mt7615_dev *dev, const char *name)
2117 {
2118 	const struct mt7615_fw_trailer *hdr;
2119 	const struct firmware *fw;
2120 	int ret;
2121 
2122 	ret = request_firmware(&fw, name, dev->mt76.dev);
2123 	if (ret)
2124 		return ret;
2125 
2126 	if (!fw || !fw->data || fw->size < N9_REGION_NUM * sizeof(*hdr)) {
2127 		dev_err(dev->mt76.dev, "Invalid firmware\n");
2128 		ret = -EINVAL;
2129 		goto out;
2130 	}
2131 
2132 	hdr = (const struct mt7615_fw_trailer *)(fw->data + fw->size -
2133 					N9_REGION_NUM * sizeof(*hdr));
2134 
2135 	dev_info(dev->mt76.dev, "N9 Firmware Version: %.10s, Build Time: %.15s\n",
2136 		 hdr->fw_ver, hdr->build_date);
2137 
2138 	ret = mt7615_mcu_send_ram_firmware(dev, hdr, fw->data, false);
2139 	if (ret)
2140 		goto out;
2141 
2142 	ret = mt7615_mcu_start_firmware(dev, le32_to_cpu(hdr->addr),
2143 					FW_START_OVERRIDE);
2144 	if (ret) {
2145 		dev_err(dev->mt76.dev, "Failed to start N9 firmware\n");
2146 		goto out;
2147 	}
2148 
2149 	snprintf(dev->mt76.hw->wiphy->fw_version,
2150 		 sizeof(dev->mt76.hw->wiphy->fw_version),
2151 		 "%.10s-%.15s", hdr->fw_ver, hdr->build_date);
2152 
2153 	if (!is_mt7615(&dev->mt76) &&
2154 	    !strncmp(hdr->fw_ver, "2.0", sizeof(hdr->fw_ver))) {
2155 		dev->fw_ver = MT7615_FIRMWARE_V2;
2156 		dev->mcu_ops = &sta_update_ops;
2157 	} else {
2158 		dev->fw_ver = MT7615_FIRMWARE_V1;
2159 		dev->mcu_ops = &wtbl_update_ops;
2160 	}
2161 
2162 out:
2163 	release_firmware(fw);
2164 	return ret;
2165 }
2166 
2167 static int mt7615_load_cr4(struct mt7615_dev *dev, const char *name)
2168 {
2169 	const struct mt7615_fw_trailer *hdr;
2170 	const struct firmware *fw;
2171 	int ret;
2172 
2173 	ret = request_firmware(&fw, name, dev->mt76.dev);
2174 	if (ret)
2175 		return ret;
2176 
2177 	if (!fw || !fw->data || fw->size < CR4_REGION_NUM * sizeof(*hdr)) {
2178 		dev_err(dev->mt76.dev, "Invalid firmware\n");
2179 		ret = -EINVAL;
2180 		goto out;
2181 	}
2182 
2183 	hdr = (const struct mt7615_fw_trailer *)(fw->data + fw->size -
2184 					CR4_REGION_NUM * sizeof(*hdr));
2185 
2186 	dev_info(dev->mt76.dev, "CR4 Firmware Version: %.10s, Build Time: %.15s\n",
2187 		 hdr->fw_ver, hdr->build_date);
2188 
2189 	ret = mt7615_mcu_send_ram_firmware(dev, hdr, fw->data, true);
2190 	if (ret)
2191 		goto out;
2192 
2193 	ret = mt7615_mcu_start_firmware(dev, 0, FW_START_WORKING_PDA_CR4);
2194 	if (ret) {
2195 		dev_err(dev->mt76.dev, "Failed to start CR4 firmware\n");
2196 		goto out;
2197 	}
2198 
2199 out:
2200 	release_firmware(fw);
2201 
2202 	return ret;
2203 }
2204 
2205 static int mt7615_load_ram(struct mt7615_dev *dev)
2206 {
2207 	int ret;
2208 
2209 	ret = mt7615_load_n9(dev, MT7615_FIRMWARE_N9);
2210 	if (ret)
2211 		return ret;
2212 
2213 	return mt7615_load_cr4(dev, MT7615_FIRMWARE_CR4);
2214 }
2215 
2216 static int mt7615_load_firmware(struct mt7615_dev *dev)
2217 {
2218 	int ret;
2219 	u32 val;
2220 
2221 	val = mt76_get_field(dev, MT_TOP_MISC2, MT_TOP_MISC2_FW_STATE);
2222 
2223 	if (val != FW_STATE_FW_DOWNLOAD) {
2224 		dev_err(dev->mt76.dev, "Firmware is not ready for download\n");
2225 		return -EIO;
2226 	}
2227 
2228 	ret = mt7615_load_patch(dev, MT7615_PATCH_ADDRESS, MT7615_ROM_PATCH);
2229 	if (ret)
2230 		return ret;
2231 
2232 	ret = mt7615_load_ram(dev);
2233 	if (ret)
2234 		return ret;
2235 
2236 	if (!mt76_poll_msec(dev, MT_TOP_MISC2, MT_TOP_MISC2_FW_STATE,
2237 			    FIELD_PREP(MT_TOP_MISC2_FW_STATE,
2238 				       FW_STATE_CR4_RDY), 500)) {
2239 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
2240 		return -EIO;
2241 	}
2242 
2243 	return 0;
2244 }
2245 
2246 static int mt7622_load_firmware(struct mt7615_dev *dev)
2247 {
2248 	int ret;
2249 	u32 val;
2250 
2251 	mt76_set(dev, MT_WPDMA_GLO_CFG, MT_WPDMA_GLO_CFG_BYPASS_TX_SCH);
2252 
2253 	val = mt76_get_field(dev, MT_TOP_OFF_RSV, MT_TOP_OFF_RSV_FW_STATE);
2254 	if (val != FW_STATE_FW_DOWNLOAD) {
2255 		dev_err(dev->mt76.dev, "Firmware is not ready for download\n");
2256 		return -EIO;
2257 	}
2258 
2259 	ret = mt7615_load_patch(dev, MT7622_PATCH_ADDRESS, MT7622_ROM_PATCH);
2260 	if (ret)
2261 		return ret;
2262 
2263 	ret = mt7615_load_n9(dev, MT7622_FIRMWARE_N9);
2264 	if (ret)
2265 		return ret;
2266 
2267 	if (!mt76_poll_msec(dev, MT_TOP_OFF_RSV, MT_TOP_OFF_RSV_FW_STATE,
2268 			    FIELD_PREP(MT_TOP_OFF_RSV_FW_STATE,
2269 				       FW_STATE_NORMAL_TRX), 1500)) {
2270 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
2271 		return -EIO;
2272 	}
2273 
2274 	mt76_clear(dev, MT_WPDMA_GLO_CFG, MT_WPDMA_GLO_CFG_BYPASS_TX_SCH);
2275 
2276 	return 0;
2277 }
2278 
2279 int mt7615_mcu_fw_log_2_host(struct mt7615_dev *dev, u8 ctrl)
2280 {
2281 	struct {
2282 		u8 ctrl_val;
2283 		u8 pad[3];
2284 	} data = {
2285 		.ctrl_val = ctrl
2286 	};
2287 
2288 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_FW_LOG_2_HOST,
2289 				   &data, sizeof(data), true);
2290 }
2291 
2292 static int mt7663_load_n9(struct mt7615_dev *dev, const char *name)
2293 {
2294 	u32 offset = 0, override_addr = 0, flag = FW_START_DLYCAL;
2295 	const struct mt7663_fw_trailer *hdr;
2296 	const struct mt7663_fw_buf *buf;
2297 	const struct firmware *fw;
2298 	const u8 *base_addr;
2299 	int i, ret;
2300 
2301 	ret = request_firmware(&fw, name, dev->mt76.dev);
2302 	if (ret)
2303 		return ret;
2304 
2305 	if (!fw || !fw->data || fw->size < FW_V3_COMMON_TAILER_SIZE) {
2306 		dev_err(dev->mt76.dev, "Invalid firmware\n");
2307 		ret = -EINVAL;
2308 		goto out;
2309 	}
2310 
2311 	hdr = (const struct mt7663_fw_trailer *)(fw->data + fw->size -
2312 						 FW_V3_COMMON_TAILER_SIZE);
2313 
2314 	dev_info(dev->mt76.dev, "N9 Firmware Version: %.10s, Build Time: %.15s\n",
2315 		 hdr->fw_ver, hdr->build_date);
2316 	dev_info(dev->mt76.dev, "Region number: 0x%x\n", hdr->n_region);
2317 
2318 	base_addr = fw->data + fw->size - FW_V3_COMMON_TAILER_SIZE;
2319 	for (i = 0; i < hdr->n_region; i++) {
2320 		u32 shift = (hdr->n_region - i) * FW_V3_REGION_TAILER_SIZE;
2321 		u32 len, addr, mode;
2322 
2323 		dev_info(dev->mt76.dev, "Parsing tailer Region: %d\n", i);
2324 
2325 		buf = (const struct mt7663_fw_buf *)(base_addr - shift);
2326 		mode = mt7615_mcu_gen_dl_mode(buf->feature_set, false);
2327 		addr = le32_to_cpu(buf->img_dest_addr);
2328 		len = le32_to_cpu(buf->img_size);
2329 
2330 		ret = mt7615_mcu_init_download(dev, addr, len, mode);
2331 		if (ret) {
2332 			dev_err(dev->mt76.dev, "Download request failed\n");
2333 			goto out;
2334 		}
2335 
2336 		ret = mt7615_mcu_send_firmware(dev, fw->data + offset, len);
2337 		if (ret) {
2338 			dev_err(dev->mt76.dev, "Failed to send firmware\n");
2339 			goto out;
2340 		}
2341 
2342 		offset += le32_to_cpu(buf->img_size);
2343 		if (buf->feature_set & DL_MODE_VALID_RAM_ENTRY) {
2344 			override_addr = le32_to_cpu(buf->img_dest_addr);
2345 			dev_info(dev->mt76.dev, "Region %d, override_addr = 0x%08x\n",
2346 				 i, override_addr);
2347 		}
2348 	}
2349 
2350 	if (override_addr)
2351 		flag |= FW_START_OVERRIDE;
2352 
2353 	dev_info(dev->mt76.dev, "override_addr = 0x%08x, option = %d\n",
2354 		 override_addr, flag);
2355 
2356 	ret = mt7615_mcu_start_firmware(dev, override_addr, flag);
2357 	if (ret) {
2358 		dev_err(dev->mt76.dev, "Failed to start N9 firmware\n");
2359 		goto out;
2360 	}
2361 
2362 	snprintf(dev->mt76.hw->wiphy->fw_version,
2363 		 sizeof(dev->mt76.hw->wiphy->fw_version),
2364 		 "%.10s-%.15s", hdr->fw_ver, hdr->build_date);
2365 
2366 out:
2367 	release_firmware(fw);
2368 
2369 	return ret;
2370 }
2371 
2372 static int
2373 mt7663_load_rom_patch(struct mt7615_dev *dev, const char **n9_firmware)
2374 {
2375 	const char *selected_rom, *secondary_rom = MT7663_ROM_PATCH;
2376 	const char *primary_rom = MT7663_OFFLOAD_ROM_PATCH;
2377 	int ret;
2378 
2379 	if (!prefer_offload_fw) {
2380 		secondary_rom = MT7663_OFFLOAD_ROM_PATCH;
2381 		primary_rom = MT7663_ROM_PATCH;
2382 	}
2383 	selected_rom = primary_rom;
2384 
2385 	ret = mt7615_load_patch(dev, MT7663_PATCH_ADDRESS, primary_rom);
2386 	if (ret) {
2387 		dev_info(dev->mt76.dev, "%s not found, switching to %s",
2388 			 primary_rom, secondary_rom);
2389 		ret = mt7615_load_patch(dev, MT7663_PATCH_ADDRESS,
2390 					secondary_rom);
2391 		if (ret) {
2392 			dev_err(dev->mt76.dev, "failed to load %s",
2393 				secondary_rom);
2394 			return ret;
2395 		}
2396 		selected_rom = secondary_rom;
2397 	}
2398 
2399 	if (!strcmp(selected_rom, MT7663_OFFLOAD_ROM_PATCH)) {
2400 		*n9_firmware = MT7663_OFFLOAD_FIRMWARE_N9;
2401 		dev->fw_ver = MT7615_FIRMWARE_V3;
2402 		dev->mcu_ops = &uni_update_ops;
2403 	} else {
2404 		*n9_firmware = MT7663_FIRMWARE_N9;
2405 		dev->fw_ver = MT7615_FIRMWARE_V2;
2406 		dev->mcu_ops = &sta_update_ops;
2407 	}
2408 
2409 	return 0;
2410 }
2411 
2412 int __mt7663_load_firmware(struct mt7615_dev *dev)
2413 {
2414 	const char *n9_firmware;
2415 	int ret;
2416 
2417 	ret = mt76_get_field(dev, MT_CONN_ON_MISC, MT_TOP_MISC2_FW_N9_RDY);
2418 	if (ret) {
2419 		dev_dbg(dev->mt76.dev, "Firmware is already download\n");
2420 		return -EIO;
2421 	}
2422 
2423 	ret = mt7663_load_rom_patch(dev, &n9_firmware);
2424 	if (ret)
2425 		return ret;
2426 
2427 	ret = mt7663_load_n9(dev, n9_firmware);
2428 	if (ret)
2429 		return ret;
2430 
2431 	if (!mt76_poll_msec(dev, MT_CONN_ON_MISC, MT_TOP_MISC2_FW_N9_RDY,
2432 			    MT_TOP_MISC2_FW_N9_RDY, 1500)) {
2433 		ret = mt76_get_field(dev, MT_CONN_ON_MISC,
2434 				     MT7663_TOP_MISC2_FW_STATE);
2435 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
2436 		return -EIO;
2437 	}
2438 
2439 #ifdef CONFIG_PM
2440 	if (mt7615_firmware_offload(dev))
2441 		dev->mt76.hw->wiphy->wowlan = &mt7615_wowlan_support;
2442 #endif /* CONFIG_PM */
2443 
2444 	dev_dbg(dev->mt76.dev, "Firmware init done\n");
2445 
2446 	return 0;
2447 }
2448 EXPORT_SYMBOL_GPL(__mt7663_load_firmware);
2449 
2450 static int mt7663_load_firmware(struct mt7615_dev *dev)
2451 {
2452 	int ret;
2453 
2454 	mt76_set(dev, MT_WPDMA_GLO_CFG, MT_WPDMA_GLO_CFG_BYPASS_TX_SCH);
2455 
2456 	ret = __mt7663_load_firmware(dev);
2457 	if (ret)
2458 		return ret;
2459 
2460 	mt76_clear(dev, MT_WPDMA_GLO_CFG, MT_WPDMA_GLO_CFG_BYPASS_TX_SCH);
2461 
2462 	return 0;
2463 }
2464 
2465 int mt7615_mcu_init(struct mt7615_dev *dev)
2466 {
2467 	static const struct mt76_mcu_ops mt7615_mcu_ops = {
2468 		.headroom = sizeof(struct mt7615_mcu_txd),
2469 		.mcu_skb_send_msg = mt7615_mcu_send_message,
2470 		.mcu_send_msg = mt7615_mcu_msg_send,
2471 		.mcu_restart = mt7615_mcu_restart,
2472 	};
2473 	int ret;
2474 
2475 	dev->mt76.mcu_ops = &mt7615_mcu_ops,
2476 
2477 	ret = mt7615_mcu_drv_pmctrl(dev);
2478 	if (ret)
2479 		return ret;
2480 
2481 	switch (mt76_chip(&dev->mt76)) {
2482 	case 0x7622:
2483 		ret = mt7622_load_firmware(dev);
2484 		break;
2485 	case 0x7663:
2486 		ret = mt7663_load_firmware(dev);
2487 		break;
2488 	default:
2489 		ret = mt7615_load_firmware(dev);
2490 		break;
2491 	}
2492 	if (ret)
2493 		return ret;
2494 
2495 	mt76_queue_tx_cleanup(dev, MT_TXQ_FWDL, false);
2496 	dev_dbg(dev->mt76.dev, "Firmware init done\n");
2497 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
2498 	mt7615_mcu_fw_log_2_host(dev, 0);
2499 
2500 	return 0;
2501 }
2502 EXPORT_SYMBOL_GPL(mt7615_mcu_init);
2503 
2504 void mt7615_mcu_exit(struct mt7615_dev *dev)
2505 {
2506 	__mt76_mcu_restart(&dev->mt76);
2507 	mt7615_mcu_set_fw_ctrl(dev);
2508 	skb_queue_purge(&dev->mt76.mcu.res_q);
2509 }
2510 EXPORT_SYMBOL_GPL(mt7615_mcu_exit);
2511 
2512 int mt7615_mcu_set_eeprom(struct mt7615_dev *dev)
2513 {
2514 	struct {
2515 		u8 buffer_mode;
2516 		u8 content_format;
2517 		__le16 len;
2518 	} __packed req_hdr = {
2519 		.buffer_mode = 1,
2520 	};
2521 	u8 *eep = (u8 *)dev->mt76.eeprom.data;
2522 	struct sk_buff *skb;
2523 	int eep_len, offset;
2524 
2525 	switch (mt76_chip(&dev->mt76)) {
2526 	case 0x7622:
2527 		eep_len = MT7622_EE_MAX - MT_EE_NIC_CONF_0;
2528 		offset = MT_EE_NIC_CONF_0;
2529 		break;
2530 	case 0x7663:
2531 		eep_len = MT7663_EE_MAX - MT_EE_CHIP_ID;
2532 		req_hdr.content_format = 1;
2533 		offset = MT_EE_CHIP_ID;
2534 		break;
2535 	default:
2536 		eep_len = MT7615_EE_MAX - MT_EE_NIC_CONF_0;
2537 		offset = MT_EE_NIC_CONF_0;
2538 		break;
2539 	}
2540 
2541 	req_hdr.len = cpu_to_le16(eep_len);
2542 
2543 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, sizeof(req_hdr) + eep_len);
2544 	if (!skb)
2545 		return -ENOMEM;
2546 
2547 	skb_put_data(skb, &req_hdr, sizeof(req_hdr));
2548 	skb_put_data(skb, eep + offset, eep_len);
2549 
2550 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
2551 				       MCU_EXT_CMD_EFUSE_BUFFER_MODE, true);
2552 }
2553 EXPORT_SYMBOL_GPL(mt7615_mcu_set_eeprom);
2554 
2555 int mt7615_mcu_set_mac_enable(struct mt7615_dev *dev, int band, bool enable)
2556 {
2557 	struct {
2558 		u8 enable;
2559 		u8 band;
2560 		u8 rsv[2];
2561 	} __packed req = {
2562 		.enable = enable,
2563 		.band = band,
2564 	};
2565 
2566 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_MAC_INIT_CTRL,
2567 				   &req, sizeof(req), true);
2568 }
2569 
2570 int mt7615_mcu_set_rts_thresh(struct mt7615_phy *phy, u32 val)
2571 {
2572 	struct mt7615_dev *dev = phy->dev;
2573 	struct {
2574 		u8 prot_idx;
2575 		u8 band;
2576 		u8 rsv[2];
2577 		__le32 len_thresh;
2578 		__le32 pkt_thresh;
2579 	} __packed req = {
2580 		.prot_idx = 1,
2581 		.band = phy != &dev->phy,
2582 		.len_thresh = cpu_to_le32(val),
2583 		.pkt_thresh = cpu_to_le32(0x2),
2584 	};
2585 
2586 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_PROTECT_CTRL,
2587 				   &req, sizeof(req), true);
2588 }
2589 
2590 int mt7615_mcu_set_wmm(struct mt7615_dev *dev, u8 queue,
2591 		       const struct ieee80211_tx_queue_params *params)
2592 {
2593 #define WMM_AIFS_SET	BIT(0)
2594 #define WMM_CW_MIN_SET	BIT(1)
2595 #define WMM_CW_MAX_SET	BIT(2)
2596 #define WMM_TXOP_SET	BIT(3)
2597 #define WMM_PARAM_SET	(WMM_AIFS_SET | WMM_CW_MIN_SET | \
2598 			 WMM_CW_MAX_SET | WMM_TXOP_SET)
2599 	struct req_data {
2600 		u8 number;
2601 		u8 rsv[3];
2602 		u8 queue;
2603 		u8 valid;
2604 		u8 aifs;
2605 		u8 cw_min;
2606 		__le16 cw_max;
2607 		__le16 txop;
2608 	} __packed req = {
2609 		.number = 1,
2610 		.queue = queue,
2611 		.valid = WMM_PARAM_SET,
2612 		.aifs = params->aifs,
2613 		.cw_min = 5,
2614 		.cw_max = cpu_to_le16(10),
2615 		.txop = cpu_to_le16(params->txop),
2616 	};
2617 
2618 	if (params->cw_min)
2619 		req.cw_min = fls(params->cw_min);
2620 	if (params->cw_max)
2621 		req.cw_max = cpu_to_le16(fls(params->cw_max));
2622 
2623 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_EDCA_UPDATE,
2624 				   &req, sizeof(req), true);
2625 }
2626 
2627 int mt7615_mcu_set_dbdc(struct mt7615_dev *dev)
2628 {
2629 	struct mt7615_phy *ext_phy = mt7615_ext_phy(dev);
2630 	struct dbdc_entry {
2631 		u8 type;
2632 		u8 index;
2633 		u8 band;
2634 		u8 _rsv;
2635 	};
2636 	struct {
2637 		u8 enable;
2638 		u8 num;
2639 		u8 _rsv[2];
2640 		struct dbdc_entry entry[64];
2641 	} req = {
2642 		.enable = !!ext_phy,
2643 	};
2644 	int i;
2645 
2646 	if (!ext_phy)
2647 		goto out;
2648 
2649 #define ADD_DBDC_ENTRY(_type, _idx, _band)		\
2650 	do { \
2651 		req.entry[req.num].type = _type;		\
2652 		req.entry[req.num].index = _idx;		\
2653 		req.entry[req.num++].band = _band;		\
2654 	} while (0)
2655 
2656 	for (i = 0; i < 4; i++) {
2657 		bool band = !!(ext_phy->omac_mask & BIT(i));
2658 
2659 		ADD_DBDC_ENTRY(DBDC_TYPE_BSS, i, band);
2660 	}
2661 
2662 	for (i = 0; i < 14; i++) {
2663 		bool band = !!(ext_phy->omac_mask & BIT(0x11 + i));
2664 
2665 		ADD_DBDC_ENTRY(DBDC_TYPE_MBSS, i, band);
2666 	}
2667 
2668 	ADD_DBDC_ENTRY(DBDC_TYPE_MU, 0, 1);
2669 
2670 	for (i = 0; i < 3; i++)
2671 		ADD_DBDC_ENTRY(DBDC_TYPE_BF, i, 1);
2672 
2673 	ADD_DBDC_ENTRY(DBDC_TYPE_WMM, 0, 0);
2674 	ADD_DBDC_ENTRY(DBDC_TYPE_WMM, 1, 0);
2675 	ADD_DBDC_ENTRY(DBDC_TYPE_WMM, 2, 1);
2676 	ADD_DBDC_ENTRY(DBDC_TYPE_WMM, 3, 1);
2677 
2678 	ADD_DBDC_ENTRY(DBDC_TYPE_MGMT, 0, 0);
2679 	ADD_DBDC_ENTRY(DBDC_TYPE_MGMT, 1, 1);
2680 
2681 out:
2682 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_DBDC_CTRL,
2683 				   &req, sizeof(req), true);
2684 }
2685 
2686 int mt7615_mcu_del_wtbl_all(struct mt7615_dev *dev)
2687 {
2688 	struct wtbl_req_hdr req = {
2689 		.operation = WTBL_RESET_ALL,
2690 	};
2691 
2692 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_WTBL_UPDATE,
2693 				   &req, sizeof(req), true);
2694 }
2695 EXPORT_SYMBOL_GPL(mt7615_mcu_del_wtbl_all);
2696 
2697 int mt7615_mcu_rdd_cmd(struct mt7615_dev *dev,
2698 		       enum mt7615_rdd_cmd cmd, u8 index,
2699 		       u8 rx_sel, u8 val)
2700 {
2701 	struct {
2702 		u8 ctrl;
2703 		u8 rdd_idx;
2704 		u8 rdd_rx_sel;
2705 		u8 val;
2706 		u8 rsv[4];
2707 	} req = {
2708 		.ctrl = cmd,
2709 		.rdd_idx = index,
2710 		.rdd_rx_sel = rx_sel,
2711 		.val = val,
2712 	};
2713 
2714 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_SET_RDD_CTRL,
2715 				   &req, sizeof(req), true);
2716 }
2717 
2718 int mt7615_mcu_set_fcc5_lpn(struct mt7615_dev *dev, int val)
2719 {
2720 	struct {
2721 		u16 tag;
2722 		u16 min_lpn;
2723 	} req = {
2724 		.tag = 0x1,
2725 		.min_lpn = val,
2726 	};
2727 
2728 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_SET_RDD_TH,
2729 				   &req, sizeof(req), true);
2730 }
2731 
2732 int mt7615_mcu_set_pulse_th(struct mt7615_dev *dev,
2733 			    const struct mt7615_dfs_pulse *pulse)
2734 {
2735 	struct {
2736 		u16 tag;
2737 		struct mt7615_dfs_pulse pulse;
2738 	} req = {
2739 		.tag = 0x3,
2740 	};
2741 
2742 	memcpy(&req.pulse, pulse, sizeof(*pulse));
2743 
2744 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_SET_RDD_TH,
2745 				   &req, sizeof(req), true);
2746 }
2747 
2748 int mt7615_mcu_set_radar_th(struct mt7615_dev *dev, int index,
2749 			    const struct mt7615_dfs_pattern *pattern)
2750 {
2751 	struct {
2752 		u16 tag;
2753 		u16 radar_type;
2754 		struct mt7615_dfs_pattern pattern;
2755 	} req = {
2756 		.tag = 0x2,
2757 		.radar_type = index,
2758 	};
2759 
2760 	memcpy(&req.pattern, pattern, sizeof(*pattern));
2761 
2762 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_SET_RDD_TH,
2763 				   &req, sizeof(req), true);
2764 }
2765 
2766 int mt7615_mcu_rdd_send_pattern(struct mt7615_dev *dev)
2767 {
2768 	struct {
2769 		u8 pulse_num;
2770 		u8 rsv[3];
2771 		struct {
2772 			u32 start_time;
2773 			u16 width;
2774 			s16 power;
2775 		} pattern[32];
2776 	} req = {
2777 		.pulse_num = dev->radar_pattern.n_pulses,
2778 	};
2779 	u32 start_time = ktime_to_ms(ktime_get_boottime());
2780 	int i;
2781 
2782 	if (dev->radar_pattern.n_pulses > ARRAY_SIZE(req.pattern))
2783 		return -EINVAL;
2784 
2785 	/* TODO: add some noise here */
2786 	for (i = 0; i < dev->radar_pattern.n_pulses; i++) {
2787 		req.pattern[i].width = dev->radar_pattern.width;
2788 		req.pattern[i].power = dev->radar_pattern.power;
2789 		req.pattern[i].start_time = start_time +
2790 					    i * dev->radar_pattern.period;
2791 	}
2792 
2793 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_SET_RDD_PATTERN,
2794 				   &req, sizeof(req), false);
2795 }
2796 
2797 static void mt7615_mcu_set_txpower_sku(struct mt7615_phy *phy, u8 *sku)
2798 {
2799 	struct mt76_phy *mphy = phy->mt76;
2800 	struct ieee80211_hw *hw = mphy->hw;
2801 	int n_chains = hweight8(mphy->antenna_mask);
2802 	int tx_power;
2803 	int i;
2804 
2805 	tx_power = hw->conf.power_level * 2 -
2806 		   mt76_tx_power_nss_delta(n_chains);
2807 	mphy->txpower_cur = tx_power;
2808 
2809 	for (i = 0; i < MT_SKU_1SS_DELTA; i++)
2810 		sku[i] = tx_power;
2811 
2812 	for (i = 0; i < 4; i++) {
2813 		int delta = 0;
2814 
2815 		if (i < n_chains - 1)
2816 			delta = mt76_tx_power_nss_delta(n_chains) -
2817 				mt76_tx_power_nss_delta(i + 1);
2818 		sku[MT_SKU_1SS_DELTA + i] = delta;
2819 	}
2820 }
2821 
2822 static u8 mt7615_mcu_chan_bw(struct cfg80211_chan_def *chandef)
2823 {
2824 	static const u8 width_to_bw[] = {
2825 		[NL80211_CHAN_WIDTH_40] = CMD_CBW_40MHZ,
2826 		[NL80211_CHAN_WIDTH_80] = CMD_CBW_80MHZ,
2827 		[NL80211_CHAN_WIDTH_80P80] = CMD_CBW_8080MHZ,
2828 		[NL80211_CHAN_WIDTH_160] = CMD_CBW_160MHZ,
2829 		[NL80211_CHAN_WIDTH_5] = CMD_CBW_5MHZ,
2830 		[NL80211_CHAN_WIDTH_10] = CMD_CBW_10MHZ,
2831 		[NL80211_CHAN_WIDTH_20] = CMD_CBW_20MHZ,
2832 		[NL80211_CHAN_WIDTH_20_NOHT] = CMD_CBW_20MHZ,
2833 	};
2834 
2835 	if (chandef->width >= ARRAY_SIZE(width_to_bw))
2836 		return 0;
2837 
2838 	return width_to_bw[chandef->width];
2839 }
2840 
2841 int mt7615_mcu_set_chan_info(struct mt7615_phy *phy, int cmd)
2842 {
2843 	struct mt7615_dev *dev = phy->dev;
2844 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2845 	int freq1 = chandef->center_freq1, freq2 = chandef->center_freq2;
2846 	struct {
2847 		u8 control_chan;
2848 		u8 center_chan;
2849 		u8 bw;
2850 		u8 tx_streams;
2851 		u8 rx_streams_mask;
2852 		u8 switch_reason;
2853 		u8 band_idx;
2854 		/* for 80+80 only */
2855 		u8 center_chan2;
2856 		__le16 cac_case;
2857 		u8 channel_band;
2858 		u8 rsv0;
2859 		__le32 outband_freq;
2860 		u8 txpower_drop;
2861 		u8 rsv1[3];
2862 		u8 txpower_sku[53];
2863 		u8 rsv2[3];
2864 	} req = {
2865 		.control_chan = chandef->chan->hw_value,
2866 		.center_chan = ieee80211_frequency_to_channel(freq1),
2867 		.tx_streams = hweight8(phy->mt76->antenna_mask),
2868 		.rx_streams_mask = phy->chainmask,
2869 		.center_chan2 = ieee80211_frequency_to_channel(freq2),
2870 	};
2871 
2872 	if (dev->mt76.hw->conf.flags & IEEE80211_CONF_OFFCHANNEL)
2873 		req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
2874 	else if ((chandef->chan->flags & IEEE80211_CHAN_RADAR) &&
2875 		 chandef->chan->dfs_state != NL80211_DFS_AVAILABLE)
2876 		req.switch_reason = CH_SWITCH_DFS;
2877 	else
2878 		req.switch_reason = CH_SWITCH_NORMAL;
2879 
2880 	req.band_idx = phy != &dev->phy;
2881 	req.bw = mt7615_mcu_chan_bw(chandef);
2882 
2883 	if (mt76_testmode_enabled(&dev->mt76))
2884 		memset(req.txpower_sku, 0x3f, 49);
2885 	else
2886 		mt7615_mcu_set_txpower_sku(phy, req.txpower_sku);
2887 
2888 	return __mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), true);
2889 }
2890 
2891 int mt7615_mcu_get_temperature(struct mt7615_dev *dev, int index)
2892 {
2893 	struct {
2894 		u8 action;
2895 		u8 rsv[3];
2896 	} req = {
2897 		.action = index,
2898 	};
2899 
2900 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_GET_TEMP, &req,
2901 				   sizeof(req), true);
2902 }
2903 
2904 int mt7615_mcu_set_test_param(struct mt7615_dev *dev, u8 param, bool test_mode,
2905 			      u32 val)
2906 {
2907 	struct {
2908 		u8 test_mode_en;
2909 		u8 param_idx;
2910 		u8 _rsv[2];
2911 
2912 		__le32 value;
2913 
2914 		u8 pad[8];
2915 	} req = {
2916 		.test_mode_en = test_mode,
2917 		.param_idx = param,
2918 		.value = cpu_to_le32(val),
2919 	};
2920 
2921 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_ATE_CTRL, &req,
2922 				   sizeof(req), false);
2923 }
2924 
2925 int mt7615_mcu_set_sku_en(struct mt7615_phy *phy, bool enable)
2926 {
2927 	struct mt7615_dev *dev = phy->dev;
2928 	struct {
2929 		u8 format_id;
2930 		u8 sku_enable;
2931 		u8 band_idx;
2932 		u8 rsv;
2933 	} req = {
2934 		.format_id = 0,
2935 		.band_idx = phy != &dev->phy,
2936 		.sku_enable = enable,
2937 	};
2938 
2939 	return __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_TX_POWER_FEATURE_CTRL, &req,
2940 				   sizeof(req), true);
2941 }
2942 
2943 int mt7615_mcu_set_vif_ps(struct mt7615_dev *dev, struct ieee80211_vif *vif)
2944 {
2945 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
2946 	struct {
2947 		u8 bss_idx;
2948 		u8 ps_state; /* 0: device awake
2949 			      * 1: static power save
2950 			      * 2: dynamic power saving
2951 			      */
2952 	} req = {
2953 		.bss_idx = mvif->idx,
2954 		.ps_state = vif->bss_conf.ps ? 2 : 0,
2955 	};
2956 
2957 	if (vif->type != NL80211_IFTYPE_STATION)
2958 		return -ENOTSUPP;
2959 
2960 	return __mt76_mcu_send_msg(&dev->mt76,  MCU_CMD_SET_PS_PROFILE,
2961 				   &req, sizeof(req), false);
2962 }
2963 
2964 int mt7615_mcu_set_channel_domain(struct mt7615_phy *phy)
2965 {
2966 	struct mt76_phy *mphy = phy->mt76;
2967 	struct mt7615_dev *dev = phy->dev;
2968 	struct mt7615_mcu_channel_domain {
2969 		__le32 country_code; /* regulatory_request.alpha2 */
2970 		u8 bw_2g; /* BW_20_40M		0
2971 			   * BW_20M		1
2972 			   * BW_20_40_80M	2
2973 			   * BW_20_40_80_160M	3
2974 			   * BW_20_40_80_8080M	4
2975 			   */
2976 		u8 bw_5g;
2977 		__le16 pad;
2978 		u8 n_2ch;
2979 		u8 n_5ch;
2980 		__le16 pad2;
2981 	} __packed hdr = {
2982 		.bw_2g = 0,
2983 		.bw_5g = 3,
2984 		.n_2ch = mphy->sband_2g.sband.n_channels,
2985 		.n_5ch = mphy->sband_5g.sband.n_channels,
2986 	};
2987 	struct mt7615_mcu_chan {
2988 		__le16 hw_value;
2989 		__le16 pad;
2990 		__le32 flags;
2991 	} __packed;
2992 	int i, n_channels = hdr.n_2ch + hdr.n_5ch;
2993 	int len = sizeof(hdr) + n_channels * sizeof(struct mt7615_mcu_chan);
2994 	struct sk_buff *skb;
2995 
2996 	if (!mt7615_firmware_offload(dev))
2997 		return 0;
2998 
2999 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
3000 	if (!skb)
3001 		return -ENOMEM;
3002 
3003 	skb_put_data(skb, &hdr, sizeof(hdr));
3004 
3005 	for (i = 0; i < n_channels; i++) {
3006 		struct ieee80211_channel *chan;
3007 		struct mt7615_mcu_chan channel;
3008 
3009 		if (i < hdr.n_2ch)
3010 			chan = &mphy->sband_2g.sband.channels[i];
3011 		else
3012 			chan = &mphy->sband_5g.sband.channels[i - hdr.n_2ch];
3013 
3014 		channel.hw_value = cpu_to_le16(chan->hw_value);
3015 		channel.flags = cpu_to_le32(chan->flags);
3016 		channel.pad = 0;
3017 
3018 		skb_put_data(skb, &channel, sizeof(channel));
3019 	}
3020 
3021 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
3022 				       MCU_CMD_SET_CHAN_DOMAIN, false);
3023 }
3024 
3025 #define MT7615_SCAN_CHANNEL_TIME	60
3026 int mt7615_mcu_hw_scan(struct mt7615_phy *phy, struct ieee80211_vif *vif,
3027 		       struct ieee80211_scan_request *scan_req)
3028 {
3029 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3030 	struct cfg80211_scan_request *sreq = &scan_req->req;
3031 	int n_ssids = 0, err, i, duration = MT7615_SCAN_CHANNEL_TIME;
3032 	int ext_channels_num = max_t(int, sreq->n_channels - 32, 0);
3033 	struct ieee80211_channel **scan_list = sreq->channels;
3034 	struct mt7615_dev *dev = phy->dev;
3035 	bool ext_phy = phy != &dev->phy;
3036 	struct mt7615_mcu_scan_channel *chan;
3037 	struct mt7615_hw_scan_req *req;
3038 	struct sk_buff *skb;
3039 
3040 	/* fall-back to sw-scan */
3041 	if (!mt7615_firmware_offload(dev))
3042 		return 1;
3043 
3044 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, sizeof(*req));
3045 	if (!skb)
3046 		return -ENOMEM;
3047 
3048 	set_bit(MT76_HW_SCANNING, &phy->mt76->state);
3049 	mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
3050 
3051 	req = (struct mt7615_hw_scan_req *)skb_put(skb, sizeof(*req));
3052 
3053 	req->seq_num = mvif->scan_seq_num | ext_phy << 7;
3054 	req->bss_idx = mvif->idx;
3055 	req->scan_type = sreq->n_ssids ? 1 : 0;
3056 	req->probe_req_num = sreq->n_ssids ? 2 : 0;
3057 	req->version = 1;
3058 
3059 	for (i = 0; i < sreq->n_ssids; i++) {
3060 		if (!sreq->ssids[i].ssid_len)
3061 			continue;
3062 
3063 		req->ssids[i].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len);
3064 		memcpy(req->ssids[i].ssid, sreq->ssids[i].ssid,
3065 		       sreq->ssids[i].ssid_len);
3066 		n_ssids++;
3067 	}
3068 	req->ssid_type = n_ssids ? BIT(2) : BIT(0);
3069 	req->ssid_type_ext = n_ssids ? BIT(0) : 0;
3070 	req->ssids_num = n_ssids;
3071 
3072 	/* increase channel time for passive scan */
3073 	if (!sreq->n_ssids)
3074 		duration *= 2;
3075 	req->timeout_value = cpu_to_le16(sreq->n_channels * duration);
3076 	req->channel_min_dwell_time = cpu_to_le16(duration);
3077 	req->channel_dwell_time = cpu_to_le16(duration);
3078 
3079 	req->channels_num = min_t(u8, sreq->n_channels, 32);
3080 	req->ext_channels_num = min_t(u8, ext_channels_num, 32);
3081 	for (i = 0; i < req->channels_num + req->ext_channels_num; i++) {
3082 		if (i >= 32)
3083 			chan = &req->ext_channels[i - 32];
3084 		else
3085 			chan = &req->channels[i];
3086 
3087 		chan->band = scan_list[i]->band == NL80211_BAND_2GHZ ? 1 : 2;
3088 		chan->channel_num = scan_list[i]->hw_value;
3089 	}
3090 	req->channel_type = sreq->n_channels ? 4 : 0;
3091 
3092 	if (sreq->ie_len > 0) {
3093 		memcpy(req->ies, sreq->ie, sreq->ie_len);
3094 		req->ies_len = cpu_to_le16(sreq->ie_len);
3095 	}
3096 
3097 	memcpy(req->bssid, sreq->bssid, ETH_ALEN);
3098 	if (sreq->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
3099 		get_random_mask_addr(req->random_mac, sreq->mac_addr,
3100 				     sreq->mac_addr_mask);
3101 		req->scan_func = 1;
3102 	}
3103 
3104 	err = __mt76_mcu_skb_send_msg(&dev->mt76, skb, MCU_CMD_START_HW_SCAN,
3105 				      false);
3106 	if (err < 0)
3107 		clear_bit(MT76_HW_SCANNING, &phy->mt76->state);
3108 
3109 	return err;
3110 }
3111 
3112 int mt7615_mcu_cancel_hw_scan(struct mt7615_phy *phy,
3113 			      struct ieee80211_vif *vif)
3114 {
3115 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3116 	struct mt7615_dev *dev = phy->dev;
3117 	struct {
3118 		u8 seq_num;
3119 		u8 is_ext_channel;
3120 		u8 rsv[2];
3121 	} __packed req = {
3122 		.seq_num = mvif->scan_seq_num,
3123 	};
3124 
3125 	if (test_and_clear_bit(MT76_HW_SCANNING, &phy->mt76->state)) {
3126 		struct cfg80211_scan_info info = {
3127 			.aborted = true,
3128 		};
3129 
3130 		ieee80211_scan_completed(phy->mt76->hw, &info);
3131 	}
3132 
3133 	return __mt76_mcu_send_msg(&dev->mt76,  MCU_CMD_CANCEL_HW_SCAN, &req,
3134 				   sizeof(req), false);
3135 }
3136 
3137 int mt7615_mcu_sched_scan_req(struct mt7615_phy *phy,
3138 			      struct ieee80211_vif *vif,
3139 			      struct cfg80211_sched_scan_request *sreq)
3140 {
3141 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3142 	struct ieee80211_channel **scan_list = sreq->channels;
3143 	struct mt7615_dev *dev = phy->dev;
3144 	bool ext_phy = phy != &dev->phy;
3145 	struct mt7615_mcu_scan_channel *chan;
3146 	struct mt7615_sched_scan_req *req;
3147 	struct cfg80211_match_set *match;
3148 	struct cfg80211_ssid *ssid;
3149 	struct sk_buff *skb;
3150 	int i;
3151 
3152 	if (!mt7615_firmware_offload(dev))
3153 		return -ENOTSUPP;
3154 
3155 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
3156 				 sizeof(*req) + sreq->ie_len);
3157 	if (!skb)
3158 		return -ENOMEM;
3159 
3160 	mvif->scan_seq_num = (mvif->scan_seq_num + 1) & 0x7f;
3161 
3162 	req = (struct mt7615_sched_scan_req *)skb_put(skb, sizeof(*req));
3163 	req->version = 1;
3164 	req->seq_num = mvif->scan_seq_num | ext_phy << 7;
3165 
3166 	if (sreq->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
3167 		get_random_mask_addr(req->random_mac, sreq->mac_addr,
3168 				     sreq->mac_addr_mask);
3169 		req->scan_func = 1;
3170 	}
3171 
3172 	req->ssids_num = sreq->n_ssids;
3173 	for (i = 0; i < req->ssids_num; i++) {
3174 		ssid = &sreq->ssids[i];
3175 		memcpy(req->ssids[i].ssid, ssid->ssid, ssid->ssid_len);
3176 		req->ssids[i].ssid_len = cpu_to_le32(ssid->ssid_len);
3177 	}
3178 
3179 	req->match_num = sreq->n_match_sets;
3180 	for (i = 0; i < req->match_num; i++) {
3181 		match = &sreq->match_sets[i];
3182 		memcpy(req->match[i].ssid, match->ssid.ssid,
3183 		       match->ssid.ssid_len);
3184 		req->match[i].rssi_th = cpu_to_le32(match->rssi_thold);
3185 		req->match[i].ssid_len = match->ssid.ssid_len;
3186 	}
3187 
3188 	req->channel_type = sreq->n_channels ? 4 : 0;
3189 	req->channels_num = min_t(u8, sreq->n_channels, 64);
3190 	for (i = 0; i < req->channels_num; i++) {
3191 		chan = &req->channels[i];
3192 		chan->band = scan_list[i]->band == NL80211_BAND_2GHZ ? 1 : 2;
3193 		chan->channel_num = scan_list[i]->hw_value;
3194 	}
3195 
3196 	req->intervals_num = sreq->n_scan_plans;
3197 	for (i = 0; i < req->intervals_num; i++)
3198 		req->intervals[i] = cpu_to_le16(sreq->scan_plans[i].interval);
3199 
3200 	if (sreq->ie_len > 0) {
3201 		req->ie_len = cpu_to_le16(sreq->ie_len);
3202 		memcpy(skb_put(skb, sreq->ie_len), sreq->ie, sreq->ie_len);
3203 	}
3204 
3205 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
3206 				       MCU_CMD_SCHED_SCAN_REQ, false);
3207 }
3208 
3209 int mt7615_mcu_sched_scan_enable(struct mt7615_phy *phy,
3210 				 struct ieee80211_vif *vif,
3211 				 bool enable)
3212 {
3213 	struct mt7615_dev *dev = phy->dev;
3214 	struct {
3215 		u8 active; /* 0: enabled 1: disabled */
3216 		u8 rsv[3];
3217 	} __packed req = {
3218 		.active = !enable,
3219 	};
3220 
3221 	if (!mt7615_firmware_offload(dev))
3222 		return -ENOTSUPP;
3223 
3224 	if (enable)
3225 		set_bit(MT76_HW_SCHED_SCANNING, &phy->mt76->state);
3226 	else
3227 		clear_bit(MT76_HW_SCHED_SCANNING, &phy->mt76->state);
3228 
3229 	return __mt76_mcu_send_msg(&dev->mt76, MCU_CMD_SCHED_SCAN_ENABLE,
3230 				   &req, sizeof(req), false);
3231 }
3232 
3233 static int mt7615_find_freq_idx(const u16 *freqs, int n_freqs, u16 cur)
3234 {
3235 	int i;
3236 
3237 	for (i = 0; i < n_freqs; i++)
3238 		if (cur == freqs[i])
3239 			return i;
3240 
3241 	return -1;
3242 }
3243 
3244 static int mt7615_dcoc_freq_idx(u16 freq, u8 bw)
3245 {
3246 	static const u16 freq_list[] = {
3247 		4980, 5805, 5905, 5190,
3248 		5230, 5270, 5310, 5350,
3249 		5390, 5430, 5470, 5510,
3250 		5550, 5590, 5630, 5670,
3251 		5710, 5755, 5795, 5835,
3252 		5875, 5210, 5290, 5370,
3253 		5450, 5530, 5610, 5690,
3254 		5775, 5855
3255 	};
3256 	static const u16 freq_bw40[] = {
3257 		5190, 5230, 5270, 5310,
3258 		5350, 5390, 5430, 5470,
3259 		5510, 5550, 5590, 5630,
3260 		5670, 5710, 5755, 5795,
3261 		5835, 5875
3262 	};
3263 	int offset_2g = ARRAY_SIZE(freq_list);
3264 	int idx;
3265 
3266 	if (freq < 4000) {
3267 		if (freq < 2427)
3268 			return offset_2g;
3269 		if (freq < 2442)
3270 			return offset_2g + 1;
3271 		if (freq < 2457)
3272 			return offset_2g + 2;
3273 
3274 		return offset_2g + 3;
3275 	}
3276 
3277 	switch (bw) {
3278 	case NL80211_CHAN_WIDTH_80:
3279 	case NL80211_CHAN_WIDTH_80P80:
3280 	case NL80211_CHAN_WIDTH_160:
3281 		break;
3282 	default:
3283 		idx = mt7615_find_freq_idx(freq_bw40, ARRAY_SIZE(freq_bw40),
3284 					   freq + 10);
3285 		if (idx >= 0) {
3286 			freq = freq_bw40[idx];
3287 			break;
3288 		}
3289 
3290 		idx = mt7615_find_freq_idx(freq_bw40, ARRAY_SIZE(freq_bw40),
3291 					   freq - 10);
3292 		if (idx >= 0) {
3293 			freq = freq_bw40[idx];
3294 			break;
3295 		}
3296 		fallthrough;
3297 	case NL80211_CHAN_WIDTH_40:
3298 		idx = mt7615_find_freq_idx(freq_bw40, ARRAY_SIZE(freq_bw40),
3299 					   freq);
3300 		if (idx >= 0)
3301 			break;
3302 
3303 		return -1;
3304 
3305 	}
3306 
3307 	return mt7615_find_freq_idx(freq_list, ARRAY_SIZE(freq_list), freq);
3308 }
3309 
3310 int mt7615_mcu_apply_rx_dcoc(struct mt7615_phy *phy)
3311 {
3312 	struct mt7615_dev *dev = phy->dev;
3313 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
3314 	int freq2 = chandef->center_freq2;
3315 	int ret;
3316 	struct {
3317 		u8 direction;
3318 		u8 runtime_calibration;
3319 		u8 _rsv[2];
3320 
3321 		__le16 center_freq;
3322 		u8 bw;
3323 		u8 band;
3324 		u8 is_freq2;
3325 		u8 success;
3326 		u8 dbdc_en;
3327 
3328 		u8 _rsv2;
3329 
3330 		struct {
3331 			__le32 sx0_i_lna[4];
3332 			__le32 sx0_q_lna[4];
3333 
3334 			__le32 sx2_i_lna[4];
3335 			__le32 sx2_q_lna[4];
3336 		} dcoc_data[4];
3337 	} req = {
3338 		.direction = 1,
3339 
3340 		.bw = mt7615_mcu_chan_bw(chandef),
3341 		.band = chandef->center_freq1 > 4000,
3342 		.dbdc_en = !!dev->mt76.phy2,
3343 	};
3344 	u16 center_freq = chandef->center_freq1;
3345 	int freq_idx;
3346 	u8 *eep = dev->mt76.eeprom.data;
3347 
3348 	if (!(eep[MT_EE_CALDATA_FLASH] & MT_EE_CALDATA_FLASH_RX_CAL))
3349 		return 0;
3350 
3351 	if (chandef->width == NL80211_CHAN_WIDTH_160) {
3352 		freq2 = center_freq + 40;
3353 		center_freq -= 40;
3354 	}
3355 
3356 again:
3357 	req.runtime_calibration = 1;
3358 	freq_idx = mt7615_dcoc_freq_idx(center_freq, chandef->width);
3359 	if (freq_idx < 0)
3360 		goto out;
3361 
3362 	memcpy(req.dcoc_data, eep + MT7615_EEPROM_DCOC_OFFSET +
3363 			      freq_idx * MT7615_EEPROM_DCOC_SIZE,
3364 	       sizeof(req.dcoc_data));
3365 	req.runtime_calibration = 0;
3366 
3367 out:
3368 	req.center_freq = cpu_to_le16(center_freq);
3369 	ret = __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_RXDCOC_CAL, &req,
3370 				  sizeof(req), true);
3371 
3372 	if ((chandef->width == NL80211_CHAN_WIDTH_80P80 ||
3373 	     chandef->width == NL80211_CHAN_WIDTH_160) && !req.is_freq2) {
3374 		req.is_freq2 = true;
3375 		center_freq = freq2;
3376 		goto again;
3377 	}
3378 
3379 	return ret;
3380 }
3381 
3382 static int mt7615_dpd_freq_idx(u16 freq, u8 bw)
3383 {
3384 	static const u16 freq_list[] = {
3385 		4920, 4940, 4960, 4980,
3386 		5040, 5060, 5080, 5180,
3387 		5200, 5220, 5240, 5260,
3388 		5280, 5300, 5320, 5340,
3389 		5360, 5380, 5400, 5420,
3390 		5440, 5460, 5480, 5500,
3391 		5520, 5540, 5560, 5580,
3392 		5600, 5620, 5640, 5660,
3393 		5680, 5700, 5720, 5745,
3394 		5765, 5785, 5805, 5825,
3395 		5845, 5865, 5885, 5905
3396 	};
3397 	int offset_2g = ARRAY_SIZE(freq_list);
3398 	int idx;
3399 
3400 	if (freq < 4000) {
3401 		if (freq < 2432)
3402 			return offset_2g;
3403 		if (freq < 2457)
3404 			return offset_2g + 1;
3405 
3406 		return offset_2g + 2;
3407 	}
3408 
3409 	if (bw != NL80211_CHAN_WIDTH_20) {
3410 		idx = mt7615_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
3411 					   freq + 10);
3412 		if (idx >= 0)
3413 			return idx;
3414 
3415 		idx = mt7615_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
3416 					   freq - 10);
3417 		if (idx >= 0)
3418 			return idx;
3419 	}
3420 
3421 	return mt7615_find_freq_idx(freq_list, ARRAY_SIZE(freq_list), freq);
3422 }
3423 
3424 
3425 int mt7615_mcu_apply_tx_dpd(struct mt7615_phy *phy)
3426 {
3427 	struct mt7615_dev *dev = phy->dev;
3428 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
3429 	int freq2 = chandef->center_freq2;
3430 	int ret;
3431 	struct {
3432 		u8 direction;
3433 		u8 runtime_calibration;
3434 		u8 _rsv[2];
3435 
3436 		__le16 center_freq;
3437 		u8 bw;
3438 		u8 band;
3439 		u8 is_freq2;
3440 		u8 success;
3441 		u8 dbdc_en;
3442 
3443 		u8 _rsv2;
3444 
3445 		struct {
3446 			struct {
3447 				u32 dpd_g0;
3448 				u8 data[32];
3449 			} wf0, wf1;
3450 
3451 			struct {
3452 				u32 dpd_g0_prim;
3453 				u32 dpd_g0_sec;
3454 				u8 data_prim[32];
3455 				u8 data_sec[32];
3456 			} wf2, wf3;
3457 		} dpd_data;
3458 	} req = {
3459 		.direction = 1,
3460 
3461 		.bw = mt7615_mcu_chan_bw(chandef),
3462 		.band = chandef->center_freq1 > 4000,
3463 		.dbdc_en = !!dev->mt76.phy2,
3464 	};
3465 	u16 center_freq = chandef->center_freq1;
3466 	int freq_idx;
3467 	u8 *eep = dev->mt76.eeprom.data;
3468 
3469 	if (!(eep[MT_EE_CALDATA_FLASH] & MT_EE_CALDATA_FLASH_TX_DPD))
3470 		return 0;
3471 
3472 	if (chandef->width == NL80211_CHAN_WIDTH_160) {
3473 		freq2 = center_freq + 40;
3474 		center_freq -= 40;
3475 	}
3476 
3477 again:
3478 	req.runtime_calibration = 1;
3479 	freq_idx = mt7615_dpd_freq_idx(center_freq, chandef->width);
3480 	if (freq_idx < 0)
3481 		goto out;
3482 
3483 	memcpy(&req.dpd_data, eep + MT7615_EEPROM_TXDPD_OFFSET +
3484 			      freq_idx * MT7615_EEPROM_TXDPD_SIZE,
3485 	       sizeof(req.dpd_data));
3486 	req.runtime_calibration = 0;
3487 
3488 out:
3489 	req.center_freq = cpu_to_le16(center_freq);
3490 	ret = __mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD_TXDPD_CAL, &req,
3491 				  sizeof(req), true);
3492 
3493 	if ((chandef->width == NL80211_CHAN_WIDTH_80P80 ||
3494 	     chandef->width == NL80211_CHAN_WIDTH_160) && !req.is_freq2) {
3495 		req.is_freq2 = true;
3496 		center_freq = freq2;
3497 		goto again;
3498 	}
3499 
3500 	return ret;
3501 }
3502 
3503 int mt7615_mcu_set_bss_pm(struct mt7615_dev *dev, struct ieee80211_vif *vif,
3504 			  bool enable)
3505 {
3506 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3507 	struct {
3508 		u8 bss_idx;
3509 		u8 dtim_period;
3510 		__le16 aid;
3511 		__le16 bcn_interval;
3512 		__le16 atim_window;
3513 		u8 uapsd;
3514 		u8 bmc_delivered_ac;
3515 		u8 bmc_triggered_ac;
3516 		u8 pad;
3517 	} req = {
3518 		.bss_idx = mvif->idx,
3519 		.aid = cpu_to_le16(vif->bss_conf.aid),
3520 		.dtim_period = vif->bss_conf.dtim_period,
3521 		.bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int),
3522 	};
3523 	struct {
3524 		u8 bss_idx;
3525 		u8 pad[3];
3526 	} req_hdr = {
3527 		.bss_idx = mvif->idx,
3528 	};
3529 	int err;
3530 
3531 	if (vif->type != NL80211_IFTYPE_STATION ||
3532 	    !mt7615_firmware_offload(dev))
3533 		return -ENOTSUPP;
3534 
3535 	err = __mt76_mcu_send_msg(&dev->mt76, MCU_CMD_SET_BSS_ABORT,
3536 				  &req_hdr, sizeof(req_hdr), false);
3537 	if (err < 0 || !enable)
3538 		return err;
3539 
3540 	return __mt76_mcu_send_msg(&dev->mt76, MCU_CMD_SET_BSS_CONNECTED,
3541 				   &req, sizeof(req), false);
3542 }
3543 
3544 #ifdef CONFIG_PM
3545 int mt7615_mcu_set_hif_suspend(struct mt7615_dev *dev, bool suspend)
3546 {
3547 	struct {
3548 		struct {
3549 			u8 hif_type; /* 0x0: HIF_SDIO
3550 				      * 0x1: HIF_USB
3551 				      * 0x2: HIF_PCIE
3552 				      */
3553 			u8 pad[3];
3554 		} __packed hdr;
3555 		struct hif_suspend_tlv {
3556 			__le16 tag;
3557 			__le16 len;
3558 			u8 suspend;
3559 		} __packed hif_suspend;
3560 	} req = {
3561 		.hif_suspend = {
3562 			.tag = cpu_to_le16(0), /* 0: UNI_HIF_CTRL_BASIC */
3563 			.len = cpu_to_le16(sizeof(struct hif_suspend_tlv)),
3564 			.suspend = suspend,
3565 		},
3566 	};
3567 
3568 	if (mt76_is_mmio(&dev->mt76))
3569 		req.hdr.hif_type = 2;
3570 	else if (mt76_is_usb(&dev->mt76))
3571 		req.hdr.hif_type = 1;
3572 
3573 	return __mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD_HIF_CTRL,
3574 				   &req, sizeof(req), true);
3575 }
3576 EXPORT_SYMBOL_GPL(mt7615_mcu_set_hif_suspend);
3577 
3578 static int
3579 mt7615_mcu_set_wow_ctrl(struct mt7615_phy *phy, struct ieee80211_vif *vif,
3580 			bool suspend, struct cfg80211_wowlan *wowlan)
3581 {
3582 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3583 	struct mt7615_dev *dev = phy->dev;
3584 	struct {
3585 		struct {
3586 			u8 bss_idx;
3587 			u8 pad[3];
3588 		} __packed hdr;
3589 		struct mt7615_wow_ctrl_tlv wow_ctrl_tlv;
3590 	} req = {
3591 		.hdr = {
3592 			.bss_idx = mvif->idx,
3593 		},
3594 		.wow_ctrl_tlv = {
3595 			.tag = cpu_to_le16(UNI_SUSPEND_WOW_CTRL),
3596 			.len = cpu_to_le16(sizeof(struct mt7615_wow_ctrl_tlv)),
3597 			.cmd = suspend ? 1 : 2,
3598 		},
3599 	};
3600 
3601 	if (wowlan->magic_pkt)
3602 		req.wow_ctrl_tlv.trigger |= BIT(0);
3603 	if (wowlan->disconnect)
3604 		req.wow_ctrl_tlv.trigger |= BIT(2);
3605 	if (wowlan->nd_config) {
3606 		mt7615_mcu_sched_scan_req(phy, vif, wowlan->nd_config);
3607 		req.wow_ctrl_tlv.trigger |= BIT(5);
3608 		mt7615_mcu_sched_scan_enable(phy, vif, suspend);
3609 	}
3610 
3611 	if (mt76_is_mmio(&dev->mt76))
3612 		req.wow_ctrl_tlv.wakeup_hif = 2;
3613 	else if (mt76_is_usb(&dev->mt76))
3614 		req.wow_ctrl_tlv.wakeup_hif = 1;
3615 
3616 	return __mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD_SUSPEND,
3617 				   &req, sizeof(req), true);
3618 }
3619 
3620 static int
3621 mt7615_mcu_set_wow_pattern(struct mt7615_dev *dev,
3622 			   struct ieee80211_vif *vif,
3623 			   u8 index, bool enable,
3624 			   struct cfg80211_pkt_pattern *pattern)
3625 {
3626 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3627 	struct mt7615_wow_pattern_tlv *ptlv;
3628 	struct sk_buff *skb;
3629 	struct req_hdr {
3630 		u8 bss_idx;
3631 		u8 pad[3];
3632 	} __packed hdr = {
3633 		.bss_idx = mvif->idx,
3634 	};
3635 
3636 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
3637 				 sizeof(hdr) + sizeof(*ptlv));
3638 	if (!skb)
3639 		return -ENOMEM;
3640 
3641 	skb_put_data(skb, &hdr, sizeof(hdr));
3642 	ptlv = (struct mt7615_wow_pattern_tlv *)skb_put(skb, sizeof(*ptlv));
3643 	ptlv->tag = cpu_to_le16(UNI_SUSPEND_WOW_PATTERN);
3644 	ptlv->len = cpu_to_le16(sizeof(*ptlv));
3645 	ptlv->data_len = pattern->pattern_len;
3646 	ptlv->enable = enable;
3647 	ptlv->index = index;
3648 
3649 	memcpy(ptlv->pattern, pattern->pattern, pattern->pattern_len);
3650 	memcpy(ptlv->mask, pattern->mask, pattern->pattern_len / 8);
3651 
3652 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
3653 				       MCU_UNI_CMD_SUSPEND, true);
3654 }
3655 
3656 static int
3657 mt7615_mcu_set_suspend_mode(struct mt7615_dev *dev,
3658 			    struct ieee80211_vif *vif,
3659 			    bool enable, u8 mdtim, bool wow_suspend)
3660 {
3661 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3662 	struct {
3663 		struct {
3664 			u8 bss_idx;
3665 			u8 pad[3];
3666 		} __packed hdr;
3667 		struct mt7615_suspend_tlv suspend_tlv;
3668 	} req = {
3669 		.hdr = {
3670 			.bss_idx = mvif->idx,
3671 		},
3672 		.suspend_tlv = {
3673 			.tag = cpu_to_le16(UNI_SUSPEND_MODE_SETTING),
3674 			.len = cpu_to_le16(sizeof(struct mt7615_suspend_tlv)),
3675 			.enable = enable,
3676 			.mdtim = mdtim,
3677 			.wow_suspend = wow_suspend,
3678 		},
3679 	};
3680 
3681 	return __mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD_SUSPEND,
3682 				   &req, sizeof(req), true);
3683 }
3684 
3685 static int
3686 mt7615_mcu_set_gtk_rekey(struct mt7615_dev *dev,
3687 			 struct ieee80211_vif *vif,
3688 			 bool suspend)
3689 {
3690 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3691 	struct {
3692 		struct {
3693 			u8 bss_idx;
3694 			u8 pad[3];
3695 		} __packed hdr;
3696 		struct mt7615_gtk_rekey_tlv gtk_tlv;
3697 	} __packed req = {
3698 		.hdr = {
3699 			.bss_idx = mvif->idx,
3700 		},
3701 		.gtk_tlv = {
3702 			.tag = cpu_to_le16(UNI_OFFLOAD_OFFLOAD_GTK_REKEY),
3703 			.len = cpu_to_le16(sizeof(struct mt7615_gtk_rekey_tlv)),
3704 			.rekey_mode = !suspend,
3705 		},
3706 	};
3707 
3708 	return __mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD_OFFLOAD,
3709 				   &req, sizeof(req), true);
3710 }
3711 
3712 static int
3713 mt7615_mcu_set_arp_filter(struct mt7615_dev *dev, struct ieee80211_vif *vif,
3714 			  bool suspend)
3715 {
3716 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3717 	struct {
3718 		struct {
3719 			u8 bss_idx;
3720 			u8 pad[3];
3721 		} __packed hdr;
3722 		struct mt7615_arpns_tlv arpns;
3723 	} req = {
3724 		.hdr = {
3725 			.bss_idx = mvif->idx,
3726 		},
3727 		.arpns = {
3728 			.tag = cpu_to_le16(UNI_OFFLOAD_OFFLOAD_ARP),
3729 			.len = cpu_to_le16(sizeof(struct mt7615_arpns_tlv)),
3730 			.mode = suspend,
3731 		},
3732 	};
3733 
3734 	return __mt76_mcu_send_msg(&dev->mt76, MCU_UNI_CMD_OFFLOAD,
3735 				   &req, sizeof(req), true);
3736 }
3737 
3738 void mt7615_mcu_set_suspend_iter(void *priv, u8 *mac,
3739 				 struct ieee80211_vif *vif)
3740 {
3741 	struct mt7615_phy *phy = priv;
3742 	bool suspend = test_bit(MT76_STATE_SUSPEND, &phy->mt76->state);
3743 	struct ieee80211_hw *hw = phy->mt76->hw;
3744 	struct cfg80211_wowlan *wowlan = hw->wiphy->wowlan_config;
3745 	int i;
3746 
3747 	mt7615_mcu_set_bss_pm(phy->dev, vif, suspend);
3748 
3749 	mt7615_mcu_set_gtk_rekey(phy->dev, vif, suspend);
3750 	mt7615_mcu_set_arp_filter(phy->dev, vif, suspend);
3751 
3752 	mt7615_mcu_set_suspend_mode(phy->dev, vif, suspend, 1, true);
3753 
3754 	for (i = 0; i < wowlan->n_patterns; i++)
3755 		mt7615_mcu_set_wow_pattern(phy->dev, vif, i, suspend,
3756 					   &wowlan->patterns[i]);
3757 	mt7615_mcu_set_wow_ctrl(phy, vif, suspend, wowlan);
3758 }
3759 
3760 static void
3761 mt7615_mcu_key_iter(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
3762 		    struct ieee80211_sta *sta, struct ieee80211_key_conf *key,
3763 		    void *data)
3764 {
3765 	struct mt7615_gtk_rekey_tlv *gtk_tlv = data;
3766 	u32 cipher;
3767 
3768 	if (key->cipher != WLAN_CIPHER_SUITE_AES_CMAC &&
3769 	    key->cipher != WLAN_CIPHER_SUITE_CCMP &&
3770 	    key->cipher != WLAN_CIPHER_SUITE_TKIP)
3771 		return;
3772 
3773 	if (key->cipher == WLAN_CIPHER_SUITE_TKIP) {
3774 		gtk_tlv->proto = cpu_to_le32(NL80211_WPA_VERSION_1);
3775 		cipher = BIT(3);
3776 	} else {
3777 		gtk_tlv->proto = cpu_to_le32(NL80211_WPA_VERSION_2);
3778 		cipher = BIT(4);
3779 	}
3780 
3781 	/* we are assuming here to have a single pairwise key */
3782 	if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) {
3783 		gtk_tlv->pairwise_cipher = cpu_to_le32(cipher);
3784 		gtk_tlv->group_cipher = cpu_to_le32(cipher);
3785 		gtk_tlv->keyid = key->keyidx;
3786 	}
3787 }
3788 
3789 int mt7615_mcu_update_gtk_rekey(struct ieee80211_hw *hw,
3790 				struct ieee80211_vif *vif,
3791 				struct cfg80211_gtk_rekey_data *key)
3792 {
3793 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3794 	struct mt7615_dev *dev = mt7615_hw_dev(hw);
3795 	struct mt7615_gtk_rekey_tlv *gtk_tlv;
3796 	struct sk_buff *skb;
3797 	struct {
3798 		u8 bss_idx;
3799 		u8 pad[3];
3800 	} __packed hdr = {
3801 		.bss_idx = mvif->idx,
3802 	};
3803 
3804 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
3805 				 sizeof(hdr) + sizeof(*gtk_tlv));
3806 	if (!skb)
3807 		return -ENOMEM;
3808 
3809 	skb_put_data(skb, &hdr, sizeof(hdr));
3810 	gtk_tlv = (struct mt7615_gtk_rekey_tlv *)skb_put(skb,
3811 							 sizeof(*gtk_tlv));
3812 	gtk_tlv->tag = cpu_to_le16(UNI_OFFLOAD_OFFLOAD_GTK_REKEY);
3813 	gtk_tlv->len = cpu_to_le16(sizeof(*gtk_tlv));
3814 	gtk_tlv->rekey_mode = 2;
3815 	gtk_tlv->option = 1;
3816 
3817 	rcu_read_lock();
3818 	ieee80211_iter_keys_rcu(hw, vif, mt7615_mcu_key_iter, gtk_tlv);
3819 	rcu_read_unlock();
3820 
3821 	memcpy(gtk_tlv->kek, key->kek, NL80211_KEK_LEN);
3822 	memcpy(gtk_tlv->kck, key->kck, NL80211_KCK_LEN);
3823 	memcpy(gtk_tlv->replay_ctr, key->replay_ctr, NL80211_REPLAY_CTR_LEN);
3824 
3825 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
3826 				       MCU_UNI_CMD_OFFLOAD, true);
3827 }
3828 #endif /* CONFIG_PM */
3829 
3830 int mt7615_mcu_set_roc(struct mt7615_phy *phy, struct ieee80211_vif *vif,
3831 		       struct ieee80211_channel *chan, int duration)
3832 {
3833 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3834 	struct mt7615_dev *dev = phy->dev;
3835 	struct mt7615_roc_tlv req = {
3836 		.bss_idx = mvif->idx,
3837 		.active = !chan,
3838 		.max_interval = cpu_to_le32(duration),
3839 		.primary_chan = chan ? chan->hw_value : 0,
3840 		.band = chan ? chan->band : 0,
3841 		.req_type = 2,
3842 	};
3843 
3844 	phy->roc_grant = false;
3845 
3846 	return __mt76_mcu_send_msg(&dev->mt76, MCU_CMD_SET_ROC, &req,
3847 				   sizeof(req), false);
3848 }
3849 
3850 int mt7615_mcu_update_arp_filter(struct ieee80211_hw *hw,
3851 				 struct ieee80211_vif *vif,
3852 				 struct ieee80211_bss_conf *info)
3853 {
3854 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3855 	struct mt7615_dev *dev = mt7615_hw_dev(hw);
3856 	struct sk_buff *skb;
3857 	int i, len = min_t(int, info->arp_addr_cnt,
3858 			   IEEE80211_BSS_ARP_ADDR_LIST_LEN);
3859 	struct {
3860 		struct {
3861 			u8 bss_idx;
3862 			u8 pad[3];
3863 		} __packed hdr;
3864 		struct mt7615_arpns_tlv arp;
3865 	} req_hdr = {
3866 		.hdr = {
3867 			.bss_idx = mvif->idx,
3868 		},
3869 		.arp = {
3870 			.tag = cpu_to_le16(UNI_OFFLOAD_OFFLOAD_ARP),
3871 			.len = cpu_to_le16(sizeof(struct mt7615_arpns_tlv)),
3872 			.ips_num = len,
3873 			.mode = 2,  /* update */
3874 			.option = 1,
3875 		},
3876 	};
3877 
3878 	if (!mt7615_firmware_offload(dev))
3879 		return 0;
3880 
3881 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
3882 				 sizeof(req_hdr) + len * sizeof(__be32));
3883 	if (!skb)
3884 		return -ENOMEM;
3885 
3886 	skb_put_data(skb, &req_hdr, sizeof(req_hdr));
3887 	for (i = 0; i < len; i++) {
3888 		u8 *addr = (u8 *)skb_put(skb, sizeof(__be32));
3889 
3890 		memcpy(addr, &info->arp_addr_list[i], sizeof(__be32));
3891 	}
3892 
3893 	return __mt76_mcu_skb_send_msg(&dev->mt76, skb,
3894 				       MCU_UNI_CMD_OFFLOAD, true);
3895 }
3896 
3897 int mt7615_mcu_set_p2p_oppps(struct ieee80211_hw *hw,
3898 			     struct ieee80211_vif *vif)
3899 {
3900 	struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
3901 	int ct_window = vif->bss_conf.p2p_noa_attr.oppps_ctwindow;
3902 	struct mt7615_dev *dev = mt7615_hw_dev(hw);
3903 	struct {
3904 		__le32 ct_win;
3905 		u8 bss_idx;
3906 		u8 rsv[3];
3907 	} __packed req = {
3908 		.ct_win = cpu_to_le32(ct_window),
3909 		.bss_idx = mvif->idx,
3910 	};
3911 
3912 	if (!mt7615_firmware_offload(dev))
3913 		return -ENOTSUPP;
3914 
3915 	return __mt76_mcu_send_msg(&dev->mt76, MCU_CMD_SET_P2P_OPPPS,
3916 				   &req, sizeof(req), false);
3917 }
3918 
3919 u32 mt7615_mcu_reg_rr(struct mt76_dev *dev, u32 offset)
3920 {
3921 	struct {
3922 		__le32 addr;
3923 		__le32 val;
3924 	} __packed req = {
3925 		.addr = cpu_to_le32(offset),
3926 	};
3927 
3928 	return __mt76_mcu_send_msg(dev, MCU_CMD_REG_READ,
3929 				   &req, sizeof(req), true);
3930 }
3931 EXPORT_SYMBOL_GPL(mt7615_mcu_reg_rr);
3932 
3933 void mt7615_mcu_reg_wr(struct mt76_dev *dev, u32 offset, u32 val)
3934 {
3935 	struct {
3936 		__le32 addr;
3937 		__le32 val;
3938 	} __packed req = {
3939 		.addr = cpu_to_le32(offset),
3940 		.val = cpu_to_le32(val),
3941 	};
3942 
3943 	__mt76_mcu_send_msg(dev, MCU_CMD_REG_WRITE,
3944 			    &req, sizeof(req), false);
3945 }
3946 EXPORT_SYMBOL_GPL(mt7615_mcu_reg_wr);
3947