1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2020 MediaTek Inc. */
3 
4 #include <linux/fs.h>
5 #include "mt7915.h"
6 #include "mcu.h"
7 #include "mac.h"
8 #include "eeprom.h"
9 
10 #define fw_name(_dev, name, ...)	({			\
11 	char *_fw;						\
12 	switch (mt76_chip(&(_dev)->mt76)) {			\
13 	case 0x7915:						\
14 		_fw = MT7915_##name;				\
15 		break;						\
16 	case 0x7986:						\
17 		_fw = MT7986_##name##__VA_ARGS__;		\
18 		break;						\
19 	default:						\
20 		_fw = MT7916_##name;				\
21 		break;						\
22 	}							\
23 	_fw;							\
24 })
25 
26 #define fw_name_var(_dev, name)		(mt7915_check_adie(dev, false) ?	\
27 					 fw_name(_dev, name) :			\
28 					 fw_name(_dev, name, _MT7975))
29 
30 #define MCU_PATCH_ADDRESS		0x200000
31 
32 #define HE_PHY(p, c)			u8_get_bits(c, IEEE80211_HE_PHY_##p)
33 #define HE_MAC(m, c)			u8_get_bits(c, IEEE80211_HE_MAC_##m)
34 
35 static u8
36 mt7915_mcu_get_sta_nss(u16 mcs_map)
37 {
38 	u8 nss;
39 
40 	for (nss = 8; nss > 0; nss--) {
41 		u8 nss_mcs = (mcs_map >> (2 * (nss - 1))) & 3;
42 
43 		if (nss_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED)
44 			break;
45 	}
46 
47 	return nss - 1;
48 }
49 
50 static void
51 mt7915_mcu_set_sta_he_mcs(struct ieee80211_sta *sta, __le16 *he_mcs,
52 			  u16 mcs_map)
53 {
54 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
55 	struct mt7915_dev *dev = msta->vif->phy->dev;
56 	enum nl80211_band band = msta->vif->phy->mt76->chandef.chan->band;
57 	const u16 *mask = msta->vif->bitrate_mask.control[band].he_mcs;
58 	int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
59 
60 	for (nss = 0; nss < max_nss; nss++) {
61 		int mcs;
62 
63 		switch ((mcs_map >> (2 * nss)) & 0x3) {
64 		case IEEE80211_HE_MCS_SUPPORT_0_11:
65 			mcs = GENMASK(11, 0);
66 			break;
67 		case IEEE80211_HE_MCS_SUPPORT_0_9:
68 			mcs = GENMASK(9, 0);
69 			break;
70 		case IEEE80211_HE_MCS_SUPPORT_0_7:
71 			mcs = GENMASK(7, 0);
72 			break;
73 		default:
74 			mcs = 0;
75 		}
76 
77 		mcs = mcs ? fls(mcs & mask[nss]) - 1 : -1;
78 
79 		switch (mcs) {
80 		case 0 ... 7:
81 			mcs = IEEE80211_HE_MCS_SUPPORT_0_7;
82 			break;
83 		case 8 ... 9:
84 			mcs = IEEE80211_HE_MCS_SUPPORT_0_9;
85 			break;
86 		case 10 ... 11:
87 			mcs = IEEE80211_HE_MCS_SUPPORT_0_11;
88 			break;
89 		default:
90 			mcs = IEEE80211_HE_MCS_NOT_SUPPORTED;
91 			break;
92 		}
93 		mcs_map &= ~(0x3 << (nss * 2));
94 		mcs_map |= mcs << (nss * 2);
95 
96 		/* only support 2ss on 160MHz for mt7915 */
97 		if (is_mt7915(&dev->mt76) && nss > 1 &&
98 		    sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
99 			break;
100 	}
101 
102 	*he_mcs = cpu_to_le16(mcs_map);
103 }
104 
105 static void
106 mt7915_mcu_set_sta_vht_mcs(struct ieee80211_sta *sta, __le16 *vht_mcs,
107 			   const u16 *mask)
108 {
109 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
110 	struct mt7915_dev *dev = msta->vif->phy->dev;
111 	u16 mcs_map = le16_to_cpu(sta->deflink.vht_cap.vht_mcs.rx_mcs_map);
112 	int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
113 	u16 mcs;
114 
115 	for (nss = 0; nss < max_nss; nss++, mcs_map >>= 2) {
116 		switch (mcs_map & 0x3) {
117 		case IEEE80211_VHT_MCS_SUPPORT_0_9:
118 			mcs = GENMASK(9, 0);
119 			break;
120 		case IEEE80211_VHT_MCS_SUPPORT_0_8:
121 			mcs = GENMASK(8, 0);
122 			break;
123 		case IEEE80211_VHT_MCS_SUPPORT_0_7:
124 			mcs = GENMASK(7, 0);
125 			break;
126 		default:
127 			mcs = 0;
128 		}
129 
130 		vht_mcs[nss] = cpu_to_le16(mcs & mask[nss]);
131 
132 		/* only support 2ss on 160MHz for mt7915 */
133 		if (is_mt7915(&dev->mt76) && nss > 1 &&
134 		    sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
135 			break;
136 	}
137 }
138 
139 static void
140 mt7915_mcu_set_sta_ht_mcs(struct ieee80211_sta *sta, u8 *ht_mcs,
141 			  const u8 *mask)
142 {
143 	int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
144 
145 	for (nss = 0; nss < max_nss; nss++)
146 		ht_mcs[nss] = sta->deflink.ht_cap.mcs.rx_mask[nss] & mask[nss];
147 }
148 
149 static int
150 mt7915_mcu_parse_response(struct mt76_dev *mdev, int cmd,
151 			  struct sk_buff *skb, int seq)
152 {
153 	struct mt76_connac2_mcu_rxd *rxd;
154 	int ret = 0;
155 
156 	if (!skb) {
157 		dev_err(mdev->dev, "Message %08x (seq %d) timeout\n",
158 			cmd, seq);
159 		return -ETIMEDOUT;
160 	}
161 
162 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
163 	if (seq != rxd->seq)
164 		return -EAGAIN;
165 
166 	if (cmd == MCU_CMD(PATCH_SEM_CONTROL)) {
167 		skb_pull(skb, sizeof(*rxd) - 4);
168 		ret = *skb->data;
169 	} else if (cmd == MCU_EXT_CMD(THERMAL_CTRL)) {
170 		skb_pull(skb, sizeof(*rxd) + 4);
171 		ret = le32_to_cpu(*(__le32 *)skb->data);
172 	} else {
173 		skb_pull(skb, sizeof(struct mt76_connac2_mcu_rxd));
174 	}
175 
176 	return ret;
177 }
178 
179 static int
180 mt7915_mcu_send_message(struct mt76_dev *mdev, struct sk_buff *skb,
181 			int cmd, int *wait_seq)
182 {
183 	struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);
184 	enum mt76_mcuq_id qid;
185 	int ret;
186 
187 	ret = mt76_connac2_mcu_fill_message(mdev, skb, cmd, wait_seq);
188 	if (ret)
189 		return ret;
190 
191 	if (cmd == MCU_CMD(FW_SCATTER))
192 		qid = MT_MCUQ_FWDL;
193 	else if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state))
194 		qid = MT_MCUQ_WA;
195 	else
196 		qid = MT_MCUQ_WM;
197 
198 	return mt76_tx_queue_skb_raw(dev, mdev->q_mcu[qid], skb, 0);
199 }
200 
201 int mt7915_mcu_wa_cmd(struct mt7915_dev *dev, int cmd, u32 a1, u32 a2, u32 a3)
202 {
203 	struct {
204 		__le32 args[3];
205 	} req = {
206 		.args = {
207 			cpu_to_le32(a1),
208 			cpu_to_le32(a2),
209 			cpu_to_le32(a3),
210 		},
211 	};
212 
213 	return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), false);
214 }
215 
216 static void
217 mt7915_mcu_csa_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
218 {
219 	if (vif->bss_conf.csa_active)
220 		ieee80211_csa_finish(vif);
221 }
222 
223 static void
224 mt7915_mcu_rx_csa_notify(struct mt7915_dev *dev, struct sk_buff *skb)
225 {
226 	struct mt76_phy *mphy = &dev->mt76.phy;
227 	struct mt7915_mcu_csa_notify *c;
228 
229 	c = (struct mt7915_mcu_csa_notify *)skb->data;
230 
231 	if ((c->band_idx && !dev->phy.band_idx) && dev->mt76.phys[MT_BAND1])
232 		mphy = dev->mt76.phys[MT_BAND1];
233 
234 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
235 			IEEE80211_IFACE_ITER_RESUME_ALL,
236 			mt7915_mcu_csa_finish, mphy->hw);
237 }
238 
239 static void
240 mt7915_mcu_rx_thermal_notify(struct mt7915_dev *dev, struct sk_buff *skb)
241 {
242 	struct mt76_phy *mphy = &dev->mt76.phy;
243 	struct mt7915_mcu_thermal_notify *t;
244 	struct mt7915_phy *phy;
245 
246 	t = (struct mt7915_mcu_thermal_notify *)skb->data;
247 	if (t->ctrl.ctrl_id != THERMAL_PROTECT_ENABLE)
248 		return;
249 
250 	if ((t->ctrl.band_idx && !dev->phy.band_idx) && dev->mt76.phys[MT_BAND1])
251 		mphy = dev->mt76.phys[MT_BAND1];
252 
253 	phy = (struct mt7915_phy *)mphy->priv;
254 	phy->throttle_state = t->ctrl.duty.duty_cycle;
255 }
256 
257 static void
258 mt7915_mcu_rx_radar_detected(struct mt7915_dev *dev, struct sk_buff *skb)
259 {
260 	struct mt76_phy *mphy = &dev->mt76.phy;
261 	struct mt7915_mcu_rdd_report *r;
262 
263 	r = (struct mt7915_mcu_rdd_report *)skb->data;
264 
265 	if ((r->band_idx && !dev->phy.band_idx) && dev->mt76.phys[MT_BAND1])
266 		mphy = dev->mt76.phys[MT_BAND1];
267 
268 	if (r->band_idx == MT_RX_SEL2)
269 		cfg80211_background_radar_event(mphy->hw->wiphy,
270 						&dev->rdd2_chandef,
271 						GFP_ATOMIC);
272 	else
273 		ieee80211_radar_detected(mphy->hw);
274 	dev->hw_pattern++;
275 }
276 
277 static void
278 mt7915_mcu_rx_log_message(struct mt7915_dev *dev, struct sk_buff *skb)
279 {
280 	struct mt76_connac2_mcu_rxd *rxd;
281 	int len = skb->len - sizeof(*rxd);
282 	const char *data, *type;
283 
284 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
285 	data = (char *)&rxd[1];
286 
287 	switch (rxd->s2d_index) {
288 	case 0:
289 		if (mt7915_debugfs_rx_log(dev, data, len))
290 			return;
291 
292 		type = "WM";
293 		break;
294 	case 2:
295 		type = "WA";
296 		break;
297 	default:
298 		type = "unknown";
299 		break;
300 	}
301 
302 	wiphy_info(mt76_hw(dev)->wiphy, "%s: %.*s", type, len, data);
303 }
304 
305 static void
306 mt7915_mcu_cca_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
307 {
308 	if (!vif->bss_conf.color_change_active)
309 		return;
310 
311 	ieee80211_color_change_finish(vif);
312 }
313 
314 static void
315 mt7915_mcu_rx_bcc_notify(struct mt7915_dev *dev, struct sk_buff *skb)
316 {
317 	struct mt76_phy *mphy = &dev->mt76.phy;
318 	struct mt7915_mcu_bcc_notify *b;
319 
320 	b = (struct mt7915_mcu_bcc_notify *)skb->data;
321 
322 	if ((b->band_idx && !dev->phy.band_idx) && dev->mt76.phys[MT_BAND1])
323 		mphy = dev->mt76.phys[MT_BAND1];
324 
325 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
326 			IEEE80211_IFACE_ITER_RESUME_ALL,
327 			mt7915_mcu_cca_finish, mphy->hw);
328 }
329 
330 static void
331 mt7915_mcu_rx_ext_event(struct mt7915_dev *dev, struct sk_buff *skb)
332 {
333 	struct mt76_connac2_mcu_rxd *rxd;
334 
335 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
336 	switch (rxd->ext_eid) {
337 	case MCU_EXT_EVENT_THERMAL_PROTECT:
338 		mt7915_mcu_rx_thermal_notify(dev, skb);
339 		break;
340 	case MCU_EXT_EVENT_RDD_REPORT:
341 		mt7915_mcu_rx_radar_detected(dev, skb);
342 		break;
343 	case MCU_EXT_EVENT_CSA_NOTIFY:
344 		mt7915_mcu_rx_csa_notify(dev, skb);
345 		break;
346 	case MCU_EXT_EVENT_FW_LOG_2_HOST:
347 		mt7915_mcu_rx_log_message(dev, skb);
348 		break;
349 	case MCU_EXT_EVENT_BCC_NOTIFY:
350 		mt7915_mcu_rx_bcc_notify(dev, skb);
351 		break;
352 	default:
353 		break;
354 	}
355 }
356 
357 static void
358 mt7915_mcu_rx_unsolicited_event(struct mt7915_dev *dev, struct sk_buff *skb)
359 {
360 	struct mt76_connac2_mcu_rxd *rxd;
361 
362 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
363 	switch (rxd->eid) {
364 	case MCU_EVENT_EXT:
365 		mt7915_mcu_rx_ext_event(dev, skb);
366 		break;
367 	default:
368 		break;
369 	}
370 	dev_kfree_skb(skb);
371 }
372 
373 void mt7915_mcu_rx_event(struct mt7915_dev *dev, struct sk_buff *skb)
374 {
375 	struct mt76_connac2_mcu_rxd *rxd;
376 
377 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
378 	if (rxd->ext_eid == MCU_EXT_EVENT_THERMAL_PROTECT ||
379 	    rxd->ext_eid == MCU_EXT_EVENT_FW_LOG_2_HOST ||
380 	    rxd->ext_eid == MCU_EXT_EVENT_ASSERT_DUMP ||
381 	    rxd->ext_eid == MCU_EXT_EVENT_PS_SYNC ||
382 	    rxd->ext_eid == MCU_EXT_EVENT_BCC_NOTIFY ||
383 	    !rxd->seq)
384 		mt7915_mcu_rx_unsolicited_event(dev, skb);
385 	else
386 		mt76_mcu_rx_event(&dev->mt76, skb);
387 }
388 
389 static struct tlv *
390 mt7915_mcu_add_nested_subtlv(struct sk_buff *skb, int sub_tag, int sub_len,
391 			     __le16 *sub_ntlv, __le16 *len)
392 {
393 	struct tlv *ptlv, tlv = {
394 		.tag = cpu_to_le16(sub_tag),
395 		.len = cpu_to_le16(sub_len),
396 	};
397 
398 	ptlv = skb_put(skb, sub_len);
399 	memcpy(ptlv, &tlv, sizeof(tlv));
400 
401 	le16_add_cpu(sub_ntlv, 1);
402 	le16_add_cpu(len, sub_len);
403 
404 	return ptlv;
405 }
406 
407 /** bss info **/
408 struct mt7915_he_obss_narrow_bw_ru_data {
409 	bool tolerated;
410 };
411 
412 static void mt7915_check_he_obss_narrow_bw_ru_iter(struct wiphy *wiphy,
413 						   struct cfg80211_bss *bss,
414 						   void *_data)
415 {
416 	struct mt7915_he_obss_narrow_bw_ru_data *data = _data;
417 	const struct element *elem;
418 
419 	rcu_read_lock();
420 	elem = ieee80211_bss_get_elem(bss, WLAN_EID_EXT_CAPABILITY);
421 
422 	if (!elem || elem->datalen <= 10 ||
423 	    !(elem->data[10] &
424 	      WLAN_EXT_CAPA10_OBSS_NARROW_BW_RU_TOLERANCE_SUPPORT))
425 		data->tolerated = false;
426 
427 	rcu_read_unlock();
428 }
429 
430 static bool mt7915_check_he_obss_narrow_bw_ru(struct ieee80211_hw *hw,
431 					      struct ieee80211_vif *vif)
432 {
433 	struct mt7915_he_obss_narrow_bw_ru_data iter_data = {
434 		.tolerated = true,
435 	};
436 
437 	if (!(vif->bss_conf.chandef.chan->flags & IEEE80211_CHAN_RADAR))
438 		return false;
439 
440 	cfg80211_bss_iter(hw->wiphy, &vif->bss_conf.chandef,
441 			  mt7915_check_he_obss_narrow_bw_ru_iter,
442 			  &iter_data);
443 
444 	/*
445 	 * If there is at least one AP on radar channel that cannot
446 	 * tolerate 26-tone RU UL OFDMA transmissions using HE TB PPDU.
447 	 */
448 	return !iter_data.tolerated;
449 }
450 
451 static void
452 mt7915_mcu_bss_rfch_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
453 			struct mt7915_phy *phy)
454 {
455 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
456 	struct bss_info_rf_ch *ch;
457 	struct tlv *tlv;
458 	int freq1 = chandef->center_freq1;
459 
460 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_RF_CH, sizeof(*ch));
461 
462 	ch = (struct bss_info_rf_ch *)tlv;
463 	ch->pri_ch = chandef->chan->hw_value;
464 	ch->center_ch0 = ieee80211_frequency_to_channel(freq1);
465 	ch->bw = mt76_connac_chan_bw(chandef);
466 
467 	if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
468 		int freq2 = chandef->center_freq2;
469 
470 		ch->center_ch1 = ieee80211_frequency_to_channel(freq2);
471 	}
472 
473 	if (vif->bss_conf.he_support && vif->type == NL80211_IFTYPE_STATION) {
474 		struct mt76_phy *mphy = phy->mt76;
475 
476 		ch->he_ru26_block =
477 			mt7915_check_he_obss_narrow_bw_ru(mphy->hw, vif);
478 		ch->he_all_disable = false;
479 	} else {
480 		ch->he_all_disable = true;
481 	}
482 }
483 
484 static void
485 mt7915_mcu_bss_ra_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
486 		      struct mt7915_phy *phy)
487 {
488 	int max_nss = hweight8(phy->mt76->chainmask);
489 	struct bss_info_ra *ra;
490 	struct tlv *tlv;
491 
492 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_RA, sizeof(*ra));
493 
494 	ra = (struct bss_info_ra *)tlv;
495 	ra->op_mode = vif->type == NL80211_IFTYPE_AP;
496 	ra->adhoc_en = vif->type == NL80211_IFTYPE_ADHOC;
497 	ra->short_preamble = true;
498 	ra->tx_streams = max_nss;
499 	ra->rx_streams = max_nss;
500 	ra->algo = 4;
501 	ra->train_up_rule = 2;
502 	ra->train_up_high_thres = 110;
503 	ra->train_up_rule_rssi = -70;
504 	ra->low_traffic_thres = 2;
505 	ra->phy_cap = cpu_to_le32(0xfdf);
506 	ra->interval = cpu_to_le32(500);
507 	ra->fast_interval = cpu_to_le32(100);
508 }
509 
510 static void
511 mt7915_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
512 		      struct mt7915_phy *phy)
513 {
514 #define DEFAULT_HE_PE_DURATION		4
515 #define DEFAULT_HE_DURATION_RTS_THRES	1023
516 	const struct ieee80211_sta_he_cap *cap;
517 	struct bss_info_he *he;
518 	struct tlv *tlv;
519 
520 	cap = mt76_connac_get_he_phy_cap(phy->mt76, vif);
521 
522 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_HE_BASIC, sizeof(*he));
523 
524 	he = (struct bss_info_he *)tlv;
525 	he->he_pe_duration = vif->bss_conf.htc_trig_based_pkt_ext;
526 	if (!he->he_pe_duration)
527 		he->he_pe_duration = DEFAULT_HE_PE_DURATION;
528 
529 	he->he_rts_thres = cpu_to_le16(vif->bss_conf.frame_time_rts_th);
530 	if (!he->he_rts_thres)
531 		he->he_rts_thres = cpu_to_le16(DEFAULT_HE_DURATION_RTS_THRES);
532 
533 	he->max_nss_mcs[CMD_HE_MCS_BW80] = cap->he_mcs_nss_supp.tx_mcs_80;
534 	he->max_nss_mcs[CMD_HE_MCS_BW160] = cap->he_mcs_nss_supp.tx_mcs_160;
535 	he->max_nss_mcs[CMD_HE_MCS_BW8080] = cap->he_mcs_nss_supp.tx_mcs_80p80;
536 }
537 
538 static void
539 mt7915_mcu_bss_hw_amsdu_tlv(struct sk_buff *skb)
540 {
541 #define TXD_CMP_MAP1		GENMASK(15, 0)
542 #define TXD_CMP_MAP2		(GENMASK(31, 0) & ~BIT(23))
543 	struct bss_info_hw_amsdu *amsdu;
544 	struct tlv *tlv;
545 
546 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_HW_AMSDU, sizeof(*amsdu));
547 
548 	amsdu = (struct bss_info_hw_amsdu *)tlv;
549 	amsdu->cmp_bitmap_0 = cpu_to_le32(TXD_CMP_MAP1);
550 	amsdu->cmp_bitmap_1 = cpu_to_le32(TXD_CMP_MAP2);
551 	amsdu->trig_thres = cpu_to_le16(2);
552 	amsdu->enable = true;
553 }
554 
555 static void
556 mt7915_mcu_bss_bmc_tlv(struct sk_buff *skb, struct mt7915_phy *phy)
557 {
558 	struct bss_info_bmc_rate *bmc;
559 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
560 	enum nl80211_band band = chandef->chan->band;
561 	struct tlv *tlv;
562 
563 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_BMC_RATE, sizeof(*bmc));
564 
565 	bmc = (struct bss_info_bmc_rate *)tlv;
566 	if (band == NL80211_BAND_2GHZ) {
567 		bmc->short_preamble = true;
568 	} else {
569 		bmc->bc_trans = cpu_to_le16(0x2000);
570 		bmc->mc_trans = cpu_to_le16(0x2080);
571 	}
572 }
573 
574 static int
575 mt7915_mcu_muar_config(struct mt7915_phy *phy, struct ieee80211_vif *vif,
576 		       bool bssid, bool enable)
577 {
578 	struct mt7915_dev *dev = phy->dev;
579 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
580 	u32 idx = mvif->mt76.omac_idx - REPEATER_BSSID_START;
581 	u32 mask = phy->omac_mask >> 32 & ~BIT(idx);
582 	const u8 *addr = vif->addr;
583 	struct {
584 		u8 mode;
585 		u8 force_clear;
586 		u8 clear_bitmap[8];
587 		u8 entry_count;
588 		u8 write;
589 		u8 band;
590 
591 		u8 index;
592 		u8 bssid;
593 		u8 addr[ETH_ALEN];
594 	} __packed req = {
595 		.mode = !!mask || enable,
596 		.entry_count = 1,
597 		.write = 1,
598 		.band = phy != &dev->phy,
599 		.index = idx * 2 + bssid,
600 	};
601 
602 	if (bssid)
603 		addr = vif->bss_conf.bssid;
604 
605 	if (enable)
606 		ether_addr_copy(req.addr, addr);
607 
608 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MUAR_UPDATE), &req,
609 				 sizeof(req), true);
610 }
611 
612 int mt7915_mcu_add_bss_info(struct mt7915_phy *phy,
613 			    struct ieee80211_vif *vif, int enable)
614 {
615 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
616 	struct mt7915_dev *dev = phy->dev;
617 	struct sk_buff *skb;
618 
619 	if (mvif->mt76.omac_idx >= REPEATER_BSSID_START) {
620 		mt7915_mcu_muar_config(phy, vif, false, enable);
621 		mt7915_mcu_muar_config(phy, vif, true, enable);
622 	}
623 
624 	skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76, NULL,
625 					      MT7915_BSS_UPDATE_MAX_SIZE);
626 	if (IS_ERR(skb))
627 		return PTR_ERR(skb);
628 
629 	/* bss_omac must be first */
630 	if (enable)
631 		mt76_connac_mcu_bss_omac_tlv(skb, vif);
632 
633 	mt76_connac_mcu_bss_basic_tlv(skb, vif, NULL, phy->mt76,
634 				      mvif->sta.wcid.idx, enable);
635 
636 	if (vif->type == NL80211_IFTYPE_MONITOR)
637 		goto out;
638 
639 	if (enable) {
640 		mt7915_mcu_bss_rfch_tlv(skb, vif, phy);
641 		mt7915_mcu_bss_bmc_tlv(skb, phy);
642 		mt7915_mcu_bss_ra_tlv(skb, vif, phy);
643 		mt7915_mcu_bss_hw_amsdu_tlv(skb);
644 
645 		if (vif->bss_conf.he_support)
646 			mt7915_mcu_bss_he_tlv(skb, vif, phy);
647 
648 		if (mvif->mt76.omac_idx >= EXT_BSSID_START &&
649 		    mvif->mt76.omac_idx < REPEATER_BSSID_START)
650 			mt76_connac_mcu_bss_ext_tlv(skb, &mvif->mt76);
651 	}
652 out:
653 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
654 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
655 }
656 
657 /** starec & wtbl **/
658 int mt7915_mcu_add_tx_ba(struct mt7915_dev *dev,
659 			 struct ieee80211_ampdu_params *params,
660 			 bool enable)
661 {
662 	struct mt7915_sta *msta = (struct mt7915_sta *)params->sta->drv_priv;
663 	struct mt7915_vif *mvif = msta->vif;
664 
665 	if (enable && !params->amsdu)
666 		msta->wcid.amsdu = false;
667 
668 	return mt76_connac_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
669 				      MCU_EXT_CMD(STA_REC_UPDATE),
670 				      enable, true);
671 }
672 
673 int mt7915_mcu_add_rx_ba(struct mt7915_dev *dev,
674 			 struct ieee80211_ampdu_params *params,
675 			 bool enable)
676 {
677 	struct mt7915_sta *msta = (struct mt7915_sta *)params->sta->drv_priv;
678 	struct mt7915_vif *mvif = msta->vif;
679 
680 	return mt76_connac_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
681 				      MCU_EXT_CMD(STA_REC_UPDATE),
682 				      enable, false);
683 }
684 
685 static void
686 mt7915_mcu_sta_he_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
687 		      struct ieee80211_vif *vif)
688 {
689 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
690 	struct ieee80211_he_cap_elem *elem = &sta->deflink.he_cap.he_cap_elem;
691 	struct ieee80211_he_mcs_nss_supp mcs_map;
692 	struct sta_rec_he *he;
693 	struct tlv *tlv;
694 	u32 cap = 0;
695 
696 	if (!sta->deflink.he_cap.has_he)
697 		return;
698 
699 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HE, sizeof(*he));
700 
701 	he = (struct sta_rec_he *)tlv;
702 
703 	if (elem->mac_cap_info[0] & IEEE80211_HE_MAC_CAP0_HTC_HE)
704 		cap |= STA_REC_HE_CAP_HTC;
705 
706 	if (elem->mac_cap_info[2] & IEEE80211_HE_MAC_CAP2_BSR)
707 		cap |= STA_REC_HE_CAP_BSR;
708 
709 	if (elem->mac_cap_info[3] & IEEE80211_HE_MAC_CAP3_OMI_CONTROL)
710 		cap |= STA_REC_HE_CAP_OM;
711 
712 	if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU)
713 		cap |= STA_REC_HE_CAP_AMSDU_IN_AMPDU;
714 
715 	if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_BQR)
716 		cap |= STA_REC_HE_CAP_BQR;
717 
718 	if (elem->phy_cap_info[0] &
719 	    (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_RU_MAPPING_IN_2G |
720 	     IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_RU_MAPPING_IN_5G))
721 		cap |= STA_REC_HE_CAP_BW20_RU242_SUPPORT;
722 
723 	if (mvif->cap.he_ldpc &&
724 	    (elem->phy_cap_info[1] &
725 	     IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD))
726 		cap |= STA_REC_HE_CAP_LDPC;
727 
728 	if (elem->phy_cap_info[1] &
729 	    IEEE80211_HE_PHY_CAP1_HE_LTF_AND_GI_FOR_HE_PPDUS_0_8US)
730 		cap |= STA_REC_HE_CAP_SU_PPDU_1LTF_8US_GI;
731 
732 	if (elem->phy_cap_info[2] &
733 	    IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US)
734 		cap |= STA_REC_HE_CAP_NDP_4LTF_3DOT2MS_GI;
735 
736 	if (elem->phy_cap_info[2] &
737 	    IEEE80211_HE_PHY_CAP2_STBC_TX_UNDER_80MHZ)
738 		cap |= STA_REC_HE_CAP_LE_EQ_80M_TX_STBC;
739 
740 	if (elem->phy_cap_info[2] &
741 	    IEEE80211_HE_PHY_CAP2_STBC_RX_UNDER_80MHZ)
742 		cap |= STA_REC_HE_CAP_LE_EQ_80M_RX_STBC;
743 
744 	if (elem->phy_cap_info[6] &
745 	    IEEE80211_HE_PHY_CAP6_TRIG_CQI_FB)
746 		cap |= STA_REC_HE_CAP_TRIG_CQI_FK;
747 
748 	if (elem->phy_cap_info[6] &
749 	    IEEE80211_HE_PHY_CAP6_PARTIAL_BW_EXT_RANGE)
750 		cap |= STA_REC_HE_CAP_PARTIAL_BW_EXT_RANGE;
751 
752 	if (elem->phy_cap_info[7] &
753 	    IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI)
754 		cap |= STA_REC_HE_CAP_SU_MU_PPDU_4LTF_8US_GI;
755 
756 	if (elem->phy_cap_info[7] &
757 	    IEEE80211_HE_PHY_CAP7_STBC_TX_ABOVE_80MHZ)
758 		cap |= STA_REC_HE_CAP_GT_80M_TX_STBC;
759 
760 	if (elem->phy_cap_info[7] &
761 	    IEEE80211_HE_PHY_CAP7_STBC_RX_ABOVE_80MHZ)
762 		cap |= STA_REC_HE_CAP_GT_80M_RX_STBC;
763 
764 	if (elem->phy_cap_info[8] &
765 	    IEEE80211_HE_PHY_CAP8_HE_ER_SU_PPDU_4XLTF_AND_08_US_GI)
766 		cap |= STA_REC_HE_CAP_ER_SU_PPDU_4LTF_8US_GI;
767 
768 	if (elem->phy_cap_info[8] &
769 	    IEEE80211_HE_PHY_CAP8_HE_ER_SU_1XLTF_AND_08_US_GI)
770 		cap |= STA_REC_HE_CAP_ER_SU_PPDU_1LTF_8US_GI;
771 
772 	if (elem->phy_cap_info[9] &
773 	    IEEE80211_HE_PHY_CAP9_TX_1024_QAM_LESS_THAN_242_TONE_RU)
774 		cap |= STA_REC_HE_CAP_TX_1024QAM_UNDER_RU242;
775 
776 	if (elem->phy_cap_info[9] &
777 	    IEEE80211_HE_PHY_CAP9_RX_1024_QAM_LESS_THAN_242_TONE_RU)
778 		cap |= STA_REC_HE_CAP_RX_1024QAM_UNDER_RU242;
779 
780 	he->he_cap = cpu_to_le32(cap);
781 
782 	mcs_map = sta->deflink.he_cap.he_mcs_nss_supp;
783 	switch (sta->deflink.bandwidth) {
784 	case IEEE80211_STA_RX_BW_160:
785 		if (elem->phy_cap_info[0] &
786 		    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)
787 			mt7915_mcu_set_sta_he_mcs(sta,
788 						  &he->max_nss_mcs[CMD_HE_MCS_BW8080],
789 						  le16_to_cpu(mcs_map.rx_mcs_80p80));
790 
791 		mt7915_mcu_set_sta_he_mcs(sta,
792 					  &he->max_nss_mcs[CMD_HE_MCS_BW160],
793 					  le16_to_cpu(mcs_map.rx_mcs_160));
794 		fallthrough;
795 	default:
796 		mt7915_mcu_set_sta_he_mcs(sta,
797 					  &he->max_nss_mcs[CMD_HE_MCS_BW80],
798 					  le16_to_cpu(mcs_map.rx_mcs_80));
799 		break;
800 	}
801 
802 	he->t_frame_dur =
803 		HE_MAC(CAP1_TF_MAC_PAD_DUR_MASK, elem->mac_cap_info[1]);
804 	he->max_ampdu_exp =
805 		HE_MAC(CAP3_MAX_AMPDU_LEN_EXP_MASK, elem->mac_cap_info[3]);
806 
807 	he->bw_set =
808 		HE_PHY(CAP0_CHANNEL_WIDTH_SET_MASK, elem->phy_cap_info[0]);
809 	he->device_class =
810 		HE_PHY(CAP1_DEVICE_CLASS_A, elem->phy_cap_info[1]);
811 	he->punc_pream_rx =
812 		HE_PHY(CAP1_PREAMBLE_PUNC_RX_MASK, elem->phy_cap_info[1]);
813 
814 	he->dcm_tx_mode =
815 		HE_PHY(CAP3_DCM_MAX_CONST_TX_MASK, elem->phy_cap_info[3]);
816 	he->dcm_tx_max_nss =
817 		HE_PHY(CAP3_DCM_MAX_TX_NSS_2, elem->phy_cap_info[3]);
818 	he->dcm_rx_mode =
819 		HE_PHY(CAP3_DCM_MAX_CONST_RX_MASK, elem->phy_cap_info[3]);
820 	he->dcm_rx_max_nss =
821 		HE_PHY(CAP3_DCM_MAX_RX_NSS_2, elem->phy_cap_info[3]);
822 	he->dcm_rx_max_nss =
823 		HE_PHY(CAP8_DCM_MAX_RU_MASK, elem->phy_cap_info[8]);
824 
825 	he->pkt_ext = 2;
826 }
827 
828 static void
829 mt7915_mcu_sta_muru_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
830 			struct ieee80211_sta *sta, struct ieee80211_vif *vif)
831 {
832 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
833 	struct ieee80211_he_cap_elem *elem = &sta->deflink.he_cap.he_cap_elem;
834 	struct sta_rec_muru *muru;
835 	struct tlv *tlv;
836 
837 	if (vif->type != NL80211_IFTYPE_STATION &&
838 	    vif->type != NL80211_IFTYPE_AP)
839 		return;
840 
841 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_MURU, sizeof(*muru));
842 
843 	muru = (struct sta_rec_muru *)tlv;
844 
845 	muru->cfg.mimo_dl_en = mvif->cap.he_mu_ebfer ||
846 			       mvif->cap.vht_mu_ebfer ||
847 			       mvif->cap.vht_mu_ebfee;
848 	if (!is_mt7915(&dev->mt76))
849 		muru->cfg.mimo_ul_en = true;
850 	muru->cfg.ofdma_dl_en = true;
851 
852 	if (sta->deflink.vht_cap.vht_supported)
853 		muru->mimo_dl.vht_mu_bfee =
854 			!!(sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
855 
856 	if (!sta->deflink.he_cap.has_he)
857 		return;
858 
859 	muru->mimo_dl.partial_bw_dl_mimo =
860 		HE_PHY(CAP6_PARTIAL_BANDWIDTH_DL_MUMIMO, elem->phy_cap_info[6]);
861 
862 	muru->mimo_ul.full_ul_mimo =
863 		HE_PHY(CAP2_UL_MU_FULL_MU_MIMO, elem->phy_cap_info[2]);
864 	muru->mimo_ul.partial_ul_mimo =
865 		HE_PHY(CAP2_UL_MU_PARTIAL_MU_MIMO, elem->phy_cap_info[2]);
866 
867 	muru->ofdma_dl.punc_pream_rx =
868 		HE_PHY(CAP1_PREAMBLE_PUNC_RX_MASK, elem->phy_cap_info[1]);
869 	muru->ofdma_dl.he_20m_in_40m_2g =
870 		HE_PHY(CAP8_20MHZ_IN_40MHZ_HE_PPDU_IN_2G, elem->phy_cap_info[8]);
871 	muru->ofdma_dl.he_20m_in_160m =
872 		HE_PHY(CAP8_20MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
873 	muru->ofdma_dl.he_80m_in_160m =
874 		HE_PHY(CAP8_80MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
875 
876 	muru->ofdma_ul.t_frame_dur =
877 		HE_MAC(CAP1_TF_MAC_PAD_DUR_MASK, elem->mac_cap_info[1]);
878 	muru->ofdma_ul.mu_cascading =
879 		HE_MAC(CAP2_MU_CASCADING, elem->mac_cap_info[2]);
880 	muru->ofdma_ul.uo_ra =
881 		HE_MAC(CAP3_OFDMA_RA, elem->mac_cap_info[3]);
882 }
883 
884 static void
885 mt7915_mcu_sta_ht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
886 {
887 	struct sta_rec_ht *ht;
888 	struct tlv *tlv;
889 
890 	if (!sta->deflink.ht_cap.ht_supported)
891 		return;
892 
893 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
894 
895 	ht = (struct sta_rec_ht *)tlv;
896 	ht->ht_cap = cpu_to_le16(sta->deflink.ht_cap.cap);
897 }
898 
899 static void
900 mt7915_mcu_sta_vht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
901 {
902 	struct sta_rec_vht *vht;
903 	struct tlv *tlv;
904 
905 	if (!sta->deflink.vht_cap.vht_supported)
906 		return;
907 
908 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
909 
910 	vht = (struct sta_rec_vht *)tlv;
911 	vht->vht_cap = cpu_to_le32(sta->deflink.vht_cap.cap);
912 	vht->vht_rx_mcs_map = sta->deflink.vht_cap.vht_mcs.rx_mcs_map;
913 	vht->vht_tx_mcs_map = sta->deflink.vht_cap.vht_mcs.tx_mcs_map;
914 }
915 
916 static void
917 mt7915_mcu_sta_amsdu_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
918 			 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
919 {
920 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
921 	struct sta_rec_amsdu *amsdu;
922 	struct tlv *tlv;
923 
924 	if (vif->type != NL80211_IFTYPE_STATION &&
925 	    vif->type != NL80211_IFTYPE_AP)
926 		return;
927 
928 	if (!sta->max_amsdu_len)
929 	    return;
930 
931 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HW_AMSDU, sizeof(*amsdu));
932 	amsdu = (struct sta_rec_amsdu *)tlv;
933 	amsdu->max_amsdu_num = 8;
934 	amsdu->amsdu_en = true;
935 	msta->wcid.amsdu = true;
936 
937 	switch (sta->max_amsdu_len) {
938 	case IEEE80211_MAX_MPDU_LEN_VHT_11454:
939 		if (!is_mt7915(&dev->mt76)) {
940 			amsdu->max_mpdu_size =
941 				IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454;
942 			return;
943 		}
944 		fallthrough;
945 	case IEEE80211_MAX_MPDU_LEN_HT_7935:
946 	case IEEE80211_MAX_MPDU_LEN_VHT_7991:
947 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991;
948 		return;
949 	default:
950 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895;
951 		return;
952 	}
953 }
954 
955 static int
956 mt7915_mcu_sta_wtbl_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
957 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
958 {
959 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
960 	struct mt7915_sta *msta;
961 	struct wtbl_req_hdr *wtbl_hdr;
962 	struct mt76_wcid *wcid;
963 	struct tlv *tlv;
964 
965 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
966 	wcid = sta ? &msta->wcid : NULL;
967 
968 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
969 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
970 						  WTBL_RESET_AND_SET, tlv,
971 						  &skb);
972 	if (IS_ERR(wtbl_hdr))
973 		return PTR_ERR(wtbl_hdr);
974 
975 	mt76_connac_mcu_wtbl_generic_tlv(&dev->mt76, skb, vif, sta, tlv,
976 					 wtbl_hdr);
977 	mt76_connac_mcu_wtbl_hdr_trans_tlv(skb, vif, wcid, tlv, wtbl_hdr);
978 	if (sta)
979 		mt76_connac_mcu_wtbl_ht_tlv(&dev->mt76, skb, sta, tlv,
980 					    wtbl_hdr, mvif->cap.ht_ldpc,
981 					    mvif->cap.vht_ldpc);
982 
983 	return 0;
984 }
985 
986 static inline bool
987 mt7915_is_ebf_supported(struct mt7915_phy *phy, struct ieee80211_vif *vif,
988 			struct ieee80211_sta *sta, bool bfee)
989 {
990 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
991 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
992 
993 	if (vif->type != NL80211_IFTYPE_STATION &&
994 	    vif->type != NL80211_IFTYPE_AP)
995 		return false;
996 
997 	if (!bfee && tx_ant < 2)
998 		return false;
999 
1000 	if (sta->deflink.he_cap.has_he) {
1001 		struct ieee80211_he_cap_elem *pe = &sta->deflink.he_cap.he_cap_elem;
1002 
1003 		if (bfee)
1004 			return mvif->cap.he_su_ebfee &&
1005 			       HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]);
1006 		else
1007 			return mvif->cap.he_su_ebfer &&
1008 			       HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]);
1009 	}
1010 
1011 	if (sta->deflink.vht_cap.vht_supported) {
1012 		u32 cap = sta->deflink.vht_cap.cap;
1013 
1014 		if (bfee)
1015 			return mvif->cap.vht_su_ebfee &&
1016 			       (cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1017 		else
1018 			return mvif->cap.vht_su_ebfer &&
1019 			       (cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1020 	}
1021 
1022 	return false;
1023 }
1024 
1025 static void
1026 mt7915_mcu_sta_sounding_rate(struct sta_rec_bf *bf)
1027 {
1028 	bf->sounding_phy = MT_PHY_TYPE_OFDM;
1029 	bf->ndp_rate = 0;				/* mcs0 */
1030 	bf->ndpa_rate = MT7915_CFEND_RATE_DEFAULT;	/* ofdm 24m */
1031 	bf->rept_poll_rate = MT7915_CFEND_RATE_DEFAULT;	/* ofdm 24m */
1032 }
1033 
1034 static void
1035 mt7915_mcu_sta_bfer_ht(struct ieee80211_sta *sta, struct mt7915_phy *phy,
1036 		       struct sta_rec_bf *bf)
1037 {
1038 	struct ieee80211_mcs_info *mcs = &sta->deflink.ht_cap.mcs;
1039 	u8 n = 0;
1040 
1041 	bf->tx_mode = MT_PHY_TYPE_HT;
1042 
1043 	if ((mcs->tx_params & IEEE80211_HT_MCS_TX_RX_DIFF) &&
1044 	    (mcs->tx_params & IEEE80211_HT_MCS_TX_DEFINED))
1045 		n = FIELD_GET(IEEE80211_HT_MCS_TX_MAX_STREAMS_MASK,
1046 			      mcs->tx_params);
1047 	else if (mcs->rx_mask[3])
1048 		n = 3;
1049 	else if (mcs->rx_mask[2])
1050 		n = 2;
1051 	else if (mcs->rx_mask[1])
1052 		n = 1;
1053 
1054 	bf->nrow = hweight8(phy->mt76->chainmask) - 1;
1055 	bf->ncol = min_t(u8, bf->nrow, n);
1056 	bf->ibf_ncol = n;
1057 }
1058 
1059 static void
1060 mt7915_mcu_sta_bfer_vht(struct ieee80211_sta *sta, struct mt7915_phy *phy,
1061 			struct sta_rec_bf *bf, bool explicit)
1062 {
1063 	struct ieee80211_sta_vht_cap *pc = &sta->deflink.vht_cap;
1064 	struct ieee80211_sta_vht_cap *vc = &phy->mt76->sband_5g.sband.vht_cap;
1065 	u16 mcs_map = le16_to_cpu(pc->vht_mcs.rx_mcs_map);
1066 	u8 nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1067 	u8 tx_ant = hweight8(phy->mt76->chainmask) - 1;
1068 
1069 	bf->tx_mode = MT_PHY_TYPE_VHT;
1070 
1071 	if (explicit) {
1072 		u8 sts, snd_dim;
1073 
1074 		mt7915_mcu_sta_sounding_rate(bf);
1075 
1076 		sts = FIELD_GET(IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK,
1077 				pc->cap);
1078 		snd_dim = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1079 				    vc->cap);
1080 		bf->nrow = min_t(u8, min_t(u8, snd_dim, sts), tx_ant);
1081 		bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1082 		bf->ibf_ncol = bf->ncol;
1083 
1084 		if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
1085 			bf->nrow = 1;
1086 	} else {
1087 		bf->nrow = tx_ant;
1088 		bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1089 		bf->ibf_ncol = nss_mcs;
1090 
1091 		if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
1092 			bf->ibf_nrow = 1;
1093 	}
1094 }
1095 
1096 static void
1097 mt7915_mcu_sta_bfer_he(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
1098 		       struct mt7915_phy *phy, struct sta_rec_bf *bf)
1099 {
1100 	struct ieee80211_sta_he_cap *pc = &sta->deflink.he_cap;
1101 	struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
1102 	const struct ieee80211_sta_he_cap *vc =
1103 		mt76_connac_get_he_phy_cap(phy->mt76, vif);
1104 	const struct ieee80211_he_cap_elem *ve = &vc->he_cap_elem;
1105 	u16 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80);
1106 	u8 nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1107 	u8 snd_dim, sts;
1108 
1109 	bf->tx_mode = MT_PHY_TYPE_HE_SU;
1110 
1111 	mt7915_mcu_sta_sounding_rate(bf);
1112 
1113 	bf->trigger_su = HE_PHY(CAP6_TRIG_SU_BEAMFORMING_FB,
1114 				pe->phy_cap_info[6]);
1115 	bf->trigger_mu = HE_PHY(CAP6_TRIG_MU_BEAMFORMING_PARTIAL_BW_FB,
1116 				pe->phy_cap_info[6]);
1117 	snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1118 			 ve->phy_cap_info[5]);
1119 	sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_MASK,
1120 		     pe->phy_cap_info[4]);
1121 	bf->nrow = min_t(u8, snd_dim, sts);
1122 	bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1123 	bf->ibf_ncol = bf->ncol;
1124 
1125 	if (sta->deflink.bandwidth != IEEE80211_STA_RX_BW_160)
1126 		return;
1127 
1128 	/* go over for 160MHz and 80p80 */
1129 	if (pe->phy_cap_info[0] &
1130 	    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G) {
1131 		mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_160);
1132 		nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1133 
1134 		bf->ncol_bw160 = nss_mcs;
1135 	}
1136 
1137 	if (pe->phy_cap_info[0] &
1138 	    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G) {
1139 		mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80p80);
1140 		nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1141 
1142 		if (bf->ncol_bw160)
1143 			bf->ncol_bw160 = min_t(u8, bf->ncol_bw160, nss_mcs);
1144 		else
1145 			bf->ncol_bw160 = nss_mcs;
1146 	}
1147 
1148 	snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_MASK,
1149 			 ve->phy_cap_info[5]);
1150 	sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_ABOVE_80MHZ_MASK,
1151 		     pe->phy_cap_info[4]);
1152 
1153 	bf->nrow_bw160 = min_t(int, snd_dim, sts);
1154 }
1155 
1156 static void
1157 mt7915_mcu_sta_bfer_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
1158 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1159 {
1160 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1161 	struct mt7915_phy *phy = mvif->phy;
1162 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
1163 	struct sta_rec_bf *bf;
1164 	struct tlv *tlv;
1165 	const u8 matrix[4][4] = {
1166 		{0, 0, 0, 0},
1167 		{1, 1, 0, 0},	/* 2x1, 2x2, 2x3, 2x4 */
1168 		{2, 4, 4, 0},	/* 3x1, 3x2, 3x3, 3x4 */
1169 		{3, 5, 6, 0}	/* 4x1, 4x2, 4x3, 4x4 */
1170 	};
1171 	bool ebf;
1172 
1173 	if (!(sta->deflink.ht_cap.ht_supported || sta->deflink.he_cap.has_he))
1174 		return;
1175 
1176 	ebf = mt7915_is_ebf_supported(phy, vif, sta, false);
1177 	if (!ebf && !dev->ibf)
1178 		return;
1179 
1180 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BF, sizeof(*bf));
1181 	bf = (struct sta_rec_bf *)tlv;
1182 
1183 	/* he: eBF only, in accordance with spec
1184 	 * vht: support eBF and iBF
1185 	 * ht: iBF only, since mac80211 lacks of eBF support
1186 	 */
1187 	if (sta->deflink.he_cap.has_he && ebf)
1188 		mt7915_mcu_sta_bfer_he(sta, vif, phy, bf);
1189 	else if (sta->deflink.vht_cap.vht_supported)
1190 		mt7915_mcu_sta_bfer_vht(sta, phy, bf, ebf);
1191 	else if (sta->deflink.ht_cap.ht_supported)
1192 		mt7915_mcu_sta_bfer_ht(sta, phy, bf);
1193 	else
1194 		return;
1195 
1196 	bf->bf_cap = ebf ? ebf : dev->ibf << 1;
1197 	bf->bw = sta->deflink.bandwidth;
1198 	bf->ibf_dbw = sta->deflink.bandwidth;
1199 	bf->ibf_nrow = tx_ant;
1200 
1201 	if (!ebf && sta->deflink.bandwidth <= IEEE80211_STA_RX_BW_40 && !bf->ncol)
1202 		bf->ibf_timeout = 0x48;
1203 	else
1204 		bf->ibf_timeout = 0x18;
1205 
1206 	if (ebf && bf->nrow != tx_ant)
1207 		bf->mem_20m = matrix[tx_ant][bf->ncol];
1208 	else
1209 		bf->mem_20m = matrix[bf->nrow][bf->ncol];
1210 
1211 	switch (sta->deflink.bandwidth) {
1212 	case IEEE80211_STA_RX_BW_160:
1213 	case IEEE80211_STA_RX_BW_80:
1214 		bf->mem_total = bf->mem_20m * 2;
1215 		break;
1216 	case IEEE80211_STA_RX_BW_40:
1217 		bf->mem_total = bf->mem_20m;
1218 		break;
1219 	case IEEE80211_STA_RX_BW_20:
1220 	default:
1221 		break;
1222 	}
1223 }
1224 
1225 static void
1226 mt7915_mcu_sta_bfee_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
1227 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1228 {
1229 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1230 	struct mt7915_phy *phy = mvif->phy;
1231 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
1232 	struct sta_rec_bfee *bfee;
1233 	struct tlv *tlv;
1234 	u8 nrow = 0;
1235 
1236 	if (!(sta->deflink.vht_cap.vht_supported || sta->deflink.he_cap.has_he))
1237 		return;
1238 
1239 	if (!mt7915_is_ebf_supported(phy, vif, sta, true))
1240 		return;
1241 
1242 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BFEE, sizeof(*bfee));
1243 	bfee = (struct sta_rec_bfee *)tlv;
1244 
1245 	if (sta->deflink.he_cap.has_he) {
1246 		struct ieee80211_he_cap_elem *pe = &sta->deflink.he_cap.he_cap_elem;
1247 
1248 		nrow = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1249 			      pe->phy_cap_info[5]);
1250 	} else if (sta->deflink.vht_cap.vht_supported) {
1251 		struct ieee80211_sta_vht_cap *pc = &sta->deflink.vht_cap;
1252 
1253 		nrow = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1254 				 pc->cap);
1255 	}
1256 
1257 	/* reply with identity matrix to avoid 2x2 BF negative gain */
1258 	bfee->fb_identity_matrix = (nrow == 1 && tx_ant == 2);
1259 }
1260 
1261 static enum mcu_mmps_mode
1262 mt7915_mcu_get_mmps_mode(enum ieee80211_smps_mode smps)
1263 {
1264 	switch (smps) {
1265 	case IEEE80211_SMPS_OFF:
1266 		return MCU_MMPS_DISABLE;
1267 	case IEEE80211_SMPS_STATIC:
1268 		return MCU_MMPS_STATIC;
1269 	case IEEE80211_SMPS_DYNAMIC:
1270 		return MCU_MMPS_DYNAMIC;
1271 	default:
1272 		return MCU_MMPS_DISABLE;
1273 	}
1274 }
1275 
1276 int mt7915_mcu_set_fixed_rate_ctrl(struct mt7915_dev *dev,
1277 				   struct ieee80211_vif *vif,
1278 				   struct ieee80211_sta *sta,
1279 				   void *data, u32 field)
1280 {
1281 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1282 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1283 	struct sta_phy *phy = data;
1284 	struct sta_rec_ra_fixed *ra;
1285 	struct sk_buff *skb;
1286 	struct tlv *tlv;
1287 
1288 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1289 					    &msta->wcid);
1290 	if (IS_ERR(skb))
1291 		return PTR_ERR(skb);
1292 
1293 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA_UPDATE, sizeof(*ra));
1294 	ra = (struct sta_rec_ra_fixed *)tlv;
1295 
1296 	switch (field) {
1297 	case RATE_PARAM_AUTO:
1298 		break;
1299 	case RATE_PARAM_FIXED:
1300 	case RATE_PARAM_FIXED_MCS:
1301 	case RATE_PARAM_FIXED_GI:
1302 	case RATE_PARAM_FIXED_HE_LTF:
1303 		if (phy)
1304 			ra->phy = *phy;
1305 		break;
1306 	case RATE_PARAM_MMPS_UPDATE:
1307 		ra->mmps_mode = mt7915_mcu_get_mmps_mode(sta->smps_mode);
1308 		break;
1309 	default:
1310 		break;
1311 	}
1312 	ra->field = cpu_to_le32(field);
1313 
1314 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1315 				     MCU_EXT_CMD(STA_REC_UPDATE), true);
1316 }
1317 
1318 int mt7915_mcu_add_smps(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1319 			struct ieee80211_sta *sta)
1320 {
1321 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1322 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1323 	struct wtbl_req_hdr *wtbl_hdr;
1324 	struct tlv *sta_wtbl;
1325 	struct sk_buff *skb;
1326 	int ret;
1327 
1328 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1329 					    &msta->wcid);
1330 	if (IS_ERR(skb))
1331 		return PTR_ERR(skb);
1332 
1333 	sta_wtbl = mt76_connac_mcu_add_tlv(skb, STA_REC_WTBL,
1334 					   sizeof(struct tlv));
1335 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
1336 						  WTBL_SET, sta_wtbl, &skb);
1337 	if (IS_ERR(wtbl_hdr))
1338 		return PTR_ERR(wtbl_hdr);
1339 
1340 	mt76_connac_mcu_wtbl_smps_tlv(skb, sta, sta_wtbl, wtbl_hdr);
1341 
1342 	ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
1343 				    MCU_EXT_CMD(STA_REC_UPDATE), true);
1344 	if (ret)
1345 		return ret;
1346 
1347 	return mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, NULL,
1348 					      RATE_PARAM_MMPS_UPDATE);
1349 }
1350 
1351 static int
1352 mt7915_mcu_add_rate_ctrl_fixed(struct mt7915_dev *dev,
1353 			       struct ieee80211_vif *vif,
1354 			       struct ieee80211_sta *sta)
1355 {
1356 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1357 	struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
1358 	struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
1359 	enum nl80211_band band = chandef->chan->band;
1360 	struct sta_phy phy = {};
1361 	int ret, nrates = 0;
1362 
1363 #define __sta_phy_bitrate_mask_check(_mcs, _gi, _he)				\
1364 	do {									\
1365 		u8 i, gi = mask->control[band]._gi;				\
1366 		gi = (_he) ? gi : gi == NL80211_TXRATE_FORCE_SGI;		\
1367 		for (i = 0; i <= sta->deflink.bandwidth; i++) {			\
1368 			phy.sgi |= gi << (i << (_he));				\
1369 			phy.he_ltf |= mask->control[band].he_ltf << (i << (_he));\
1370 		}								\
1371 		for (i = 0; i < ARRAY_SIZE(mask->control[band]._mcs); i++) {	\
1372 			if (!mask->control[band]._mcs[i])			\
1373 				continue;					\
1374 			nrates += hweight16(mask->control[band]._mcs[i]);	\
1375 			phy.mcs = ffs(mask->control[band]._mcs[i]) - 1;		\
1376 		}								\
1377 	} while (0)
1378 
1379 	if (sta->deflink.he_cap.has_he) {
1380 		__sta_phy_bitrate_mask_check(he_mcs, he_gi, 1);
1381 	} else if (sta->deflink.vht_cap.vht_supported) {
1382 		__sta_phy_bitrate_mask_check(vht_mcs, gi, 0);
1383 	} else if (sta->deflink.ht_cap.ht_supported) {
1384 		__sta_phy_bitrate_mask_check(ht_mcs, gi, 0);
1385 	} else {
1386 		nrates = hweight32(mask->control[band].legacy);
1387 		phy.mcs = ffs(mask->control[band].legacy) - 1;
1388 	}
1389 #undef __sta_phy_bitrate_mask_check
1390 
1391 	/* fall back to auto rate control */
1392 	if (mask->control[band].gi == NL80211_TXRATE_DEFAULT_GI &&
1393 	    mask->control[band].he_gi == GENMASK(7, 0) &&
1394 	    mask->control[band].he_ltf == GENMASK(7, 0) &&
1395 	    nrates != 1)
1396 		return 0;
1397 
1398 	/* fixed single rate */
1399 	if (nrates == 1) {
1400 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
1401 						     RATE_PARAM_FIXED_MCS);
1402 		if (ret)
1403 			return ret;
1404 	}
1405 
1406 	/* fixed GI */
1407 	if (mask->control[band].gi != NL80211_TXRATE_DEFAULT_GI ||
1408 	    mask->control[band].he_gi != GENMASK(7, 0)) {
1409 		struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1410 		u32 addr;
1411 
1412 		/* firmware updates only TXCMD but doesn't take WTBL into
1413 		 * account, so driver should update here to reflect the
1414 		 * actual txrate hardware sends out.
1415 		 */
1416 		addr = mt7915_mac_wtbl_lmac_addr(dev, msta->wcid.idx, 7);
1417 		if (sta->deflink.he_cap.has_he)
1418 			mt76_rmw_field(dev, addr, GENMASK(31, 24), phy.sgi);
1419 		else
1420 			mt76_rmw_field(dev, addr, GENMASK(15, 12), phy.sgi);
1421 
1422 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
1423 						     RATE_PARAM_FIXED_GI);
1424 		if (ret)
1425 			return ret;
1426 	}
1427 
1428 	/* fixed HE_LTF */
1429 	if (mask->control[band].he_ltf != GENMASK(7, 0)) {
1430 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
1431 						     RATE_PARAM_FIXED_HE_LTF);
1432 		if (ret)
1433 			return ret;
1434 	}
1435 
1436 	return 0;
1437 }
1438 
1439 static void
1440 mt7915_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb, struct mt7915_dev *dev,
1441 			     struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1442 {
1443 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1444 	struct mt76_phy *mphy = mvif->phy->mt76;
1445 	struct cfg80211_chan_def *chandef = &mphy->chandef;
1446 	struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
1447 	enum nl80211_band band = chandef->chan->band;
1448 	struct sta_rec_ra *ra;
1449 	struct tlv *tlv;
1450 	u32 supp_rate = sta->deflink.supp_rates[band];
1451 	u32 cap = sta->wme ? STA_CAP_WMM : 0;
1452 
1453 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA, sizeof(*ra));
1454 	ra = (struct sta_rec_ra *)tlv;
1455 
1456 	ra->valid = true;
1457 	ra->auto_rate = true;
1458 	ra->phy_mode = mt76_connac_get_phy_mode(mphy, vif, band, sta);
1459 	ra->channel = chandef->chan->hw_value;
1460 	ra->bw = sta->deflink.bandwidth;
1461 	ra->phy.bw = sta->deflink.bandwidth;
1462 	ra->mmps_mode = mt7915_mcu_get_mmps_mode(sta->smps_mode);
1463 
1464 	if (supp_rate) {
1465 		supp_rate &= mask->control[band].legacy;
1466 		ra->rate_len = hweight32(supp_rate);
1467 
1468 		if (band == NL80211_BAND_2GHZ) {
1469 			ra->supp_mode = MODE_CCK;
1470 			ra->supp_cck_rate = supp_rate & GENMASK(3, 0);
1471 
1472 			if (ra->rate_len > 4) {
1473 				ra->supp_mode |= MODE_OFDM;
1474 				ra->supp_ofdm_rate = supp_rate >> 4;
1475 			}
1476 		} else {
1477 			ra->supp_mode = MODE_OFDM;
1478 			ra->supp_ofdm_rate = supp_rate;
1479 		}
1480 	}
1481 
1482 	if (sta->deflink.ht_cap.ht_supported) {
1483 		ra->supp_mode |= MODE_HT;
1484 		ra->af = sta->deflink.ht_cap.ampdu_factor;
1485 		ra->ht_gf = !!(sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_GRN_FLD);
1486 
1487 		cap |= STA_CAP_HT;
1488 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SGI_20)
1489 			cap |= STA_CAP_SGI_20;
1490 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SGI_40)
1491 			cap |= STA_CAP_SGI_40;
1492 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_TX_STBC)
1493 			cap |= STA_CAP_TX_STBC;
1494 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_RX_STBC)
1495 			cap |= STA_CAP_RX_STBC;
1496 		if (mvif->cap.ht_ldpc &&
1497 		    (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING))
1498 			cap |= STA_CAP_LDPC;
1499 
1500 		mt7915_mcu_set_sta_ht_mcs(sta, ra->ht_mcs,
1501 					  mask->control[band].ht_mcs);
1502 		ra->supp_ht_mcs = *(__le32 *)ra->ht_mcs;
1503 	}
1504 
1505 	if (sta->deflink.vht_cap.vht_supported) {
1506 		u8 af;
1507 
1508 		ra->supp_mode |= MODE_VHT;
1509 		af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
1510 			       sta->deflink.vht_cap.cap);
1511 		ra->af = max_t(u8, ra->af, af);
1512 
1513 		cap |= STA_CAP_VHT;
1514 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80)
1515 			cap |= STA_CAP_VHT_SGI_80;
1516 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160)
1517 			cap |= STA_CAP_VHT_SGI_160;
1518 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_TXSTBC)
1519 			cap |= STA_CAP_VHT_TX_STBC;
1520 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_RXSTBC_1)
1521 			cap |= STA_CAP_VHT_RX_STBC;
1522 		if (mvif->cap.vht_ldpc &&
1523 		    (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC))
1524 			cap |= STA_CAP_VHT_LDPC;
1525 
1526 		mt7915_mcu_set_sta_vht_mcs(sta, ra->supp_vht_mcs,
1527 					   mask->control[band].vht_mcs);
1528 	}
1529 
1530 	if (sta->deflink.he_cap.has_he) {
1531 		ra->supp_mode |= MODE_HE;
1532 		cap |= STA_CAP_HE;
1533 
1534 		if (sta->deflink.he_6ghz_capa.capa)
1535 			ra->af = le16_get_bits(sta->deflink.he_6ghz_capa.capa,
1536 					       IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP);
1537 	}
1538 
1539 	ra->sta_cap = cpu_to_le32(cap);
1540 }
1541 
1542 int mt7915_mcu_add_rate_ctrl(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1543 			     struct ieee80211_sta *sta, bool changed)
1544 {
1545 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1546 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1547 	struct sk_buff *skb;
1548 	int ret;
1549 
1550 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1551 					    &msta->wcid);
1552 	if (IS_ERR(skb))
1553 		return PTR_ERR(skb);
1554 
1555 	/* firmware rc algorithm refers to sta_rec_he for HE control.
1556 	 * once dev->rc_work changes the settings driver should also
1557 	 * update sta_rec_he here.
1558 	 */
1559 	if (changed)
1560 		mt7915_mcu_sta_he_tlv(skb, sta, vif);
1561 
1562 	/* sta_rec_ra accommodates BW, NSS and only MCS range format
1563 	 * i.e 0-{7,8,9} for VHT.
1564 	 */
1565 	mt7915_mcu_sta_rate_ctrl_tlv(skb, dev, vif, sta);
1566 
1567 	ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
1568 				    MCU_EXT_CMD(STA_REC_UPDATE), true);
1569 	if (ret)
1570 		return ret;
1571 
1572 	/* sta_rec_ra_fixed accommodates single rate, (HE)GI and HE_LTE,
1573 	 * and updates as peer fixed rate parameters, which overrides
1574 	 * sta_rec_ra and firmware rate control algorithm.
1575 	 */
1576 	return mt7915_mcu_add_rate_ctrl_fixed(dev, vif, sta);
1577 }
1578 
1579 static int
1580 mt7915_mcu_add_group(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1581 		     struct ieee80211_sta *sta)
1582 {
1583 #define MT_STA_BSS_GROUP		1
1584 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1585 	struct mt7915_sta *msta;
1586 	struct {
1587 		__le32 action;
1588 		u8 wlan_idx_lo;
1589 		u8 status;
1590 		u8 wlan_idx_hi;
1591 		u8 rsv0[5];
1592 		__le32 val;
1593 		u8 rsv1[8];
1594 	} __packed req = {
1595 		.action = cpu_to_le32(MT_STA_BSS_GROUP),
1596 		.val = cpu_to_le32(mvif->mt76.idx % 16),
1597 	};
1598 
1599 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
1600 	req.wlan_idx_lo = to_wcid_lo(msta->wcid.idx);
1601 	req.wlan_idx_hi = to_wcid_hi(msta->wcid.idx);
1602 
1603 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_DRR_CTRL), &req,
1604 				 sizeof(req), true);
1605 }
1606 
1607 int mt7915_mcu_add_sta(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1608 		       struct ieee80211_sta *sta, bool enable)
1609 {
1610 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1611 	struct mt7915_sta *msta;
1612 	struct sk_buff *skb;
1613 	int ret;
1614 
1615 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
1616 
1617 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1618 					    &msta->wcid);
1619 	if (IS_ERR(skb))
1620 		return PTR_ERR(skb);
1621 
1622 	/* starec basic */
1623 	mt76_connac_mcu_sta_basic_tlv(skb, vif, sta, enable,
1624 			!rcu_access_pointer(dev->mt76.wcid[msta->wcid.idx]));
1625 	if (!enable)
1626 		goto out;
1627 
1628 	/* tag order is in accordance with firmware dependency. */
1629 	if (sta) {
1630 		/* starec bfer */
1631 		mt7915_mcu_sta_bfer_tlv(dev, skb, vif, sta);
1632 		/* starec ht */
1633 		mt7915_mcu_sta_ht_tlv(skb, sta);
1634 		/* starec vht */
1635 		mt7915_mcu_sta_vht_tlv(skb, sta);
1636 		/* starec uapsd */
1637 		mt76_connac_mcu_sta_uapsd(skb, vif, sta);
1638 	}
1639 
1640 	ret = mt7915_mcu_sta_wtbl_tlv(dev, skb, vif, sta);
1641 	if (ret) {
1642 		dev_kfree_skb(skb);
1643 		return ret;
1644 	}
1645 
1646 	if (sta) {
1647 		/* starec amsdu */
1648 		mt7915_mcu_sta_amsdu_tlv(dev, skb, vif, sta);
1649 		/* starec he */
1650 		mt7915_mcu_sta_he_tlv(skb, sta, vif);
1651 		/* starec muru */
1652 		mt7915_mcu_sta_muru_tlv(dev, skb, sta, vif);
1653 		/* starec bfee */
1654 		mt7915_mcu_sta_bfee_tlv(dev, skb, vif, sta);
1655 	}
1656 
1657 	ret = mt7915_mcu_add_group(dev, vif, sta);
1658 	if (ret) {
1659 		dev_kfree_skb(skb);
1660 		return ret;
1661 	}
1662 out:
1663 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1664 				     MCU_EXT_CMD(STA_REC_UPDATE), true);
1665 }
1666 
1667 int mt7915_mcu_add_dev_info(struct mt7915_phy *phy,
1668 			    struct ieee80211_vif *vif, bool enable)
1669 {
1670 	struct mt7915_dev *dev = phy->dev;
1671 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1672 	struct {
1673 		struct req_hdr {
1674 			u8 omac_idx;
1675 			u8 dbdc_idx;
1676 			__le16 tlv_num;
1677 			u8 is_tlv_append;
1678 			u8 rsv[3];
1679 		} __packed hdr;
1680 		struct req_tlv {
1681 			__le16 tag;
1682 			__le16 len;
1683 			u8 active;
1684 			u8 dbdc_idx;
1685 			u8 omac_addr[ETH_ALEN];
1686 		} __packed tlv;
1687 	} data = {
1688 		.hdr = {
1689 			.omac_idx = mvif->mt76.omac_idx,
1690 			.dbdc_idx = mvif->mt76.band_idx,
1691 			.tlv_num = cpu_to_le16(1),
1692 			.is_tlv_append = 1,
1693 		},
1694 		.tlv = {
1695 			.tag = cpu_to_le16(DEV_INFO_ACTIVE),
1696 			.len = cpu_to_le16(sizeof(struct req_tlv)),
1697 			.active = enable,
1698 			.dbdc_idx = mvif->mt76.band_idx,
1699 		},
1700 	};
1701 
1702 	if (mvif->mt76.omac_idx >= REPEATER_BSSID_START)
1703 		return mt7915_mcu_muar_config(phy, vif, false, enable);
1704 
1705 	memcpy(data.tlv.omac_addr, vif->addr, ETH_ALEN);
1706 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(DEV_INFO_UPDATE),
1707 				 &data, sizeof(data), true);
1708 }
1709 
1710 static void
1711 mt7915_mcu_beacon_cntdwn(struct ieee80211_vif *vif, struct sk_buff *rskb,
1712 			 struct sk_buff *skb, struct bss_info_bcn *bcn,
1713 			 struct ieee80211_mutable_offsets *offs)
1714 {
1715 	struct bss_info_bcn_cntdwn *info;
1716 	struct tlv *tlv;
1717 	int sub_tag;
1718 
1719 	if (!offs->cntdwn_counter_offs[0])
1720 		return;
1721 
1722 	sub_tag = vif->bss_conf.csa_active ? BSS_INFO_BCN_CSA : BSS_INFO_BCN_BCC;
1723 	tlv = mt7915_mcu_add_nested_subtlv(rskb, sub_tag, sizeof(*info),
1724 					   &bcn->sub_ntlv, &bcn->len);
1725 	info = (struct bss_info_bcn_cntdwn *)tlv;
1726 	info->cnt = skb->data[offs->cntdwn_counter_offs[0]];
1727 }
1728 
1729 static void
1730 mt7915_mcu_beacon_mbss(struct sk_buff *rskb, struct sk_buff *skb,
1731 		       struct ieee80211_vif *vif, struct bss_info_bcn *bcn,
1732 		       struct ieee80211_mutable_offsets *offs)
1733 {
1734 	struct bss_info_bcn_mbss *mbss;
1735 	const struct element *elem;
1736 	struct tlv *tlv;
1737 
1738 	if (!vif->bss_conf.bssid_indicator)
1739 		return;
1740 
1741 	tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_MBSSID,
1742 					   sizeof(*mbss), &bcn->sub_ntlv,
1743 					   &bcn->len);
1744 
1745 	mbss = (struct bss_info_bcn_mbss *)tlv;
1746 	mbss->offset[0] = cpu_to_le16(offs->tim_offset);
1747 	mbss->bitmap = cpu_to_le32(1);
1748 
1749 	for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID,
1750 			    &skb->data[offs->mbssid_off],
1751 			    skb->len - offs->mbssid_off) {
1752 		const struct element *sub_elem;
1753 
1754 		if (elem->datalen < 2)
1755 			continue;
1756 
1757 		for_each_element(sub_elem, elem->data + 1, elem->datalen - 1) {
1758 			const struct ieee80211_bssid_index *idx;
1759 			const u8 *idx_ie;
1760 
1761 			if (sub_elem->id || sub_elem->datalen < 4)
1762 				continue; /* not a valid BSS profile */
1763 
1764 			/* Find WLAN_EID_MULTI_BSSID_IDX
1765 			 * in the merged nontransmitted profile
1766 			 */
1767 			idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX,
1768 						  sub_elem->data,
1769 						  sub_elem->datalen);
1770 			if (!idx_ie || idx_ie[1] < sizeof(*idx))
1771 				continue;
1772 
1773 			idx = (void *)(idx_ie + 2);
1774 			if (!idx->bssid_index || idx->bssid_index > 31)
1775 				continue;
1776 
1777 			mbss->offset[idx->bssid_index] =
1778 				cpu_to_le16(idx_ie - skb->data);
1779 			mbss->bitmap |= cpu_to_le32(BIT(idx->bssid_index));
1780 		}
1781 	}
1782 }
1783 
1784 static void
1785 mt7915_mcu_beacon_cont(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1786 		       struct sk_buff *rskb, struct sk_buff *skb,
1787 		       struct bss_info_bcn *bcn,
1788 		       struct ieee80211_mutable_offsets *offs)
1789 {
1790 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1791 	struct bss_info_bcn_cont *cont;
1792 	struct tlv *tlv;
1793 	u8 *buf;
1794 	int len = sizeof(*cont) + MT_TXD_SIZE + skb->len;
1795 
1796 	len = (len & 0x3) ? ((len | 0x3) + 1) : len;
1797 	tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_CONTENT,
1798 					   len, &bcn->sub_ntlv, &bcn->len);
1799 
1800 	cont = (struct bss_info_bcn_cont *)tlv;
1801 	cont->pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
1802 	cont->tim_ofs = cpu_to_le16(offs->tim_offset);
1803 
1804 	if (offs->cntdwn_counter_offs[0]) {
1805 		u16 offset = offs->cntdwn_counter_offs[0];
1806 
1807 		if (vif->bss_conf.csa_active)
1808 			cont->csa_ofs = cpu_to_le16(offset - 4);
1809 		if (vif->bss_conf.color_change_active)
1810 			cont->bcc_ofs = cpu_to_le16(offset - 3);
1811 	}
1812 
1813 	buf = (u8 *)tlv + sizeof(*cont);
1814 	mt7915_mac_write_txwi(&dev->mt76, (__le32 *)buf, skb, wcid, 0, NULL,
1815 			      0, BSS_CHANGED_BEACON);
1816 	memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
1817 }
1818 
1819 static void
1820 mt7915_mcu_beacon_check_caps(struct mt7915_phy *phy, struct ieee80211_vif *vif,
1821 			     struct sk_buff *skb)
1822 {
1823 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1824 	struct mt7915_vif_cap *vc = &mvif->cap;
1825 	const struct ieee80211_he_cap_elem *he;
1826 	const struct ieee80211_vht_cap *vht;
1827 	const struct ieee80211_ht_cap *ht;
1828 	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
1829 	const u8 *ie;
1830 	u32 len, bc;
1831 
1832 	/* Check missing configuration options to allow AP mode in mac80211
1833 	 * to remain in sync with hostapd settings, and get a subset of
1834 	 * beacon and hardware capabilities.
1835 	 */
1836 	if (WARN_ON_ONCE(skb->len <= (mgmt->u.beacon.variable - skb->data)))
1837 		return;
1838 
1839 	memset(vc, 0, sizeof(*vc));
1840 
1841 	len = skb->len - (mgmt->u.beacon.variable - skb->data);
1842 
1843 	ie = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, mgmt->u.beacon.variable,
1844 			      len);
1845 	if (ie && ie[1] >= sizeof(*ht)) {
1846 		ht = (void *)(ie + 2);
1847 		vc->ht_ldpc = !!(le16_to_cpu(ht->cap_info) &
1848 				 IEEE80211_HT_CAP_LDPC_CODING);
1849 	}
1850 
1851 	ie = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, mgmt->u.beacon.variable,
1852 			      len);
1853 	if (ie && ie[1] >= sizeof(*vht)) {
1854 		u32 pc = phy->mt76->sband_5g.sband.vht_cap.cap;
1855 
1856 		vht = (void *)(ie + 2);
1857 		bc = le32_to_cpu(vht->vht_cap_info);
1858 
1859 		vc->vht_ldpc = !!(bc & IEEE80211_VHT_CAP_RXLDPC);
1860 		vc->vht_su_ebfer =
1861 			(bc & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE) &&
1862 			(pc & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1863 		vc->vht_su_ebfee =
1864 			(bc & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE) &&
1865 			(pc & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1866 		vc->vht_mu_ebfer =
1867 			(bc & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE) &&
1868 			(pc & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE);
1869 		vc->vht_mu_ebfee =
1870 			(bc & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) &&
1871 			(pc & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1872 	}
1873 
1874 	ie = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY,
1875 				  mgmt->u.beacon.variable, len);
1876 	if (ie && ie[1] >= sizeof(*he) + 1) {
1877 		const struct ieee80211_sta_he_cap *pc =
1878 			mt76_connac_get_he_phy_cap(phy->mt76, vif);
1879 		const struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
1880 
1881 		he = (void *)(ie + 3);
1882 
1883 		vc->he_ldpc =
1884 			HE_PHY(CAP1_LDPC_CODING_IN_PAYLOAD, pe->phy_cap_info[1]);
1885 		vc->he_su_ebfer =
1886 			HE_PHY(CAP3_SU_BEAMFORMER, he->phy_cap_info[3]) &&
1887 			HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]);
1888 		vc->he_su_ebfee =
1889 			HE_PHY(CAP4_SU_BEAMFORMEE, he->phy_cap_info[4]) &&
1890 			HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]);
1891 		vc->he_mu_ebfer =
1892 			HE_PHY(CAP4_MU_BEAMFORMER, he->phy_cap_info[4]) &&
1893 			HE_PHY(CAP4_MU_BEAMFORMER, pe->phy_cap_info[4]);
1894 	}
1895 }
1896 
1897 static void
1898 mt7915_mcu_beacon_inband_discov(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1899 				struct sk_buff *rskb, struct bss_info_bcn *bcn,
1900 				u32 changed)
1901 {
1902 #define OFFLOAD_TX_MODE_SU	BIT(0)
1903 #define OFFLOAD_TX_MODE_MU	BIT(1)
1904 	struct ieee80211_hw *hw = mt76_hw(dev);
1905 	struct mt7915_phy *phy = mt7915_hw_phy(hw);
1906 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1907 	struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
1908 	enum nl80211_band band = chandef->chan->band;
1909 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1910 	struct bss_info_inband_discovery *discov;
1911 	struct ieee80211_tx_info *info;
1912 	struct sk_buff *skb = NULL;
1913 	struct tlv *tlv;
1914 	bool ext_phy = phy != &dev->phy;
1915 	u8 *buf, interval;
1916 	int len;
1917 
1918 	if (changed & BSS_CHANGED_FILS_DISCOVERY &&
1919 	    vif->bss_conf.fils_discovery.max_interval) {
1920 		interval = vif->bss_conf.fils_discovery.max_interval;
1921 		skb = ieee80211_get_fils_discovery_tmpl(hw, vif);
1922 	} else if (changed & BSS_CHANGED_UNSOL_BCAST_PROBE_RESP &&
1923 		   vif->bss_conf.unsol_bcast_probe_resp_interval) {
1924 		interval = vif->bss_conf.unsol_bcast_probe_resp_interval;
1925 		skb = ieee80211_get_unsol_bcast_probe_resp_tmpl(hw, vif);
1926 	}
1927 
1928 	if (!skb)
1929 		return;
1930 
1931 	info = IEEE80211_SKB_CB(skb);
1932 	info->control.vif = vif;
1933 	info->band = band;
1934 
1935 	info->hw_queue |= FIELD_PREP(MT_TX_HW_QUEUE_PHY, ext_phy);
1936 
1937 	len = sizeof(*discov) + MT_TXD_SIZE + skb->len;
1938 	len = (len & 0x3) ? ((len | 0x3) + 1) : len;
1939 
1940 	if (len > (MT7915_MAX_BSS_OFFLOAD_SIZE - rskb->len)) {
1941 		dev_err(dev->mt76.dev, "inband discovery size limit exceed\n");
1942 		dev_kfree_skb(skb);
1943 		return;
1944 	}
1945 
1946 	tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_DISCOV,
1947 					   len, &bcn->sub_ntlv, &bcn->len);
1948 	discov = (struct bss_info_inband_discovery *)tlv;
1949 	discov->tx_mode = OFFLOAD_TX_MODE_SU;
1950 	/* 0: UNSOL PROBE RESP, 1: FILS DISCOV */
1951 	discov->tx_type = !!(changed & BSS_CHANGED_FILS_DISCOVERY);
1952 	discov->tx_interval = interval;
1953 	discov->prob_rsp_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
1954 	discov->enable = true;
1955 
1956 	buf = (u8 *)tlv + sizeof(*discov);
1957 
1958 	mt7915_mac_write_txwi(&dev->mt76, (__le32 *)buf, skb, wcid, 0, NULL,
1959 			      0, changed);
1960 	memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
1961 
1962 	dev_kfree_skb(skb);
1963 }
1964 
1965 int mt7915_mcu_add_beacon(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1966 			  int en, u32 changed)
1967 {
1968 	struct mt7915_dev *dev = mt7915_hw_dev(hw);
1969 	struct mt7915_phy *phy = mt7915_hw_phy(hw);
1970 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1971 	struct ieee80211_mutable_offsets offs;
1972 	struct ieee80211_tx_info *info;
1973 	struct sk_buff *skb, *rskb;
1974 	struct tlv *tlv;
1975 	struct bss_info_bcn *bcn;
1976 	int len = MT7915_MAX_BSS_OFFLOAD_SIZE;
1977 	bool ext_phy = phy != &dev->phy;
1978 
1979 	if (vif->bss_conf.nontransmitted)
1980 		return 0;
1981 
1982 	rskb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1983 					       NULL, len);
1984 	if (IS_ERR(rskb))
1985 		return PTR_ERR(rskb);
1986 
1987 	tlv = mt76_connac_mcu_add_tlv(rskb, BSS_INFO_OFFLOAD, sizeof(*bcn));
1988 	bcn = (struct bss_info_bcn *)tlv;
1989 	bcn->enable = en;
1990 
1991 	if (!en)
1992 		goto out;
1993 
1994 	skb = ieee80211_beacon_get_template(hw, vif, &offs, 0);
1995 	if (!skb)
1996 		return -EINVAL;
1997 
1998 	if (skb->len > MT7915_MAX_BEACON_SIZE - MT_TXD_SIZE) {
1999 		dev_err(dev->mt76.dev, "Bcn size limit exceed\n");
2000 		dev_kfree_skb(skb);
2001 		return -EINVAL;
2002 	}
2003 
2004 	info = IEEE80211_SKB_CB(skb);
2005 	info->hw_queue = FIELD_PREP(MT_TX_HW_QUEUE_PHY, ext_phy);
2006 
2007 	mt7915_mcu_beacon_check_caps(phy, vif, skb);
2008 
2009 	mt7915_mcu_beacon_cntdwn(vif, rskb, skb, bcn, &offs);
2010 	mt7915_mcu_beacon_mbss(rskb, skb, vif, bcn, &offs);
2011 	mt7915_mcu_beacon_cont(dev, vif, rskb, skb, bcn, &offs);
2012 	dev_kfree_skb(skb);
2013 
2014 	if (changed & BSS_CHANGED_UNSOL_BCAST_PROBE_RESP ||
2015 	    changed & BSS_CHANGED_FILS_DISCOVERY)
2016 		mt7915_mcu_beacon_inband_discov(dev, vif, rskb,
2017 						bcn, changed);
2018 
2019 out:
2020 	return mt76_mcu_skb_send_msg(&phy->dev->mt76, rskb,
2021 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
2022 }
2023 
2024 static int mt7915_driver_own(struct mt7915_dev *dev, u8 band)
2025 {
2026 	mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(band), MT_TOP_LPCR_HOST_DRV_OWN);
2027 	if (!mt76_poll_msec(dev, MT_TOP_LPCR_HOST_BAND(band),
2028 			    MT_TOP_LPCR_HOST_FW_OWN_STAT, 0, 500)) {
2029 		dev_err(dev->mt76.dev, "Timeout for driver own\n");
2030 		return -EIO;
2031 	}
2032 
2033 	/* clear irq when the driver own success */
2034 	mt76_wr(dev, MT_TOP_LPCR_HOST_BAND_IRQ_STAT(band),
2035 		MT_TOP_LPCR_HOST_BAND_STAT);
2036 
2037 	return 0;
2038 }
2039 
2040 static int
2041 mt7915_firmware_state(struct mt7915_dev *dev, bool wa)
2042 {
2043 	u32 state = FIELD_PREP(MT_TOP_MISC_FW_STATE,
2044 			       wa ? FW_STATE_RDY : FW_STATE_FW_DOWNLOAD);
2045 
2046 	if (!mt76_poll_msec(dev, MT_TOP_MISC, MT_TOP_MISC_FW_STATE,
2047 			    state, 1000)) {
2048 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
2049 		return -EIO;
2050 	}
2051 	return 0;
2052 }
2053 
2054 static int mt7915_load_firmware(struct mt7915_dev *dev)
2055 {
2056 	int ret;
2057 
2058 	/* make sure fw is download state */
2059 	if (mt7915_firmware_state(dev, false)) {
2060 		/* restart firmware once */
2061 		__mt76_mcu_restart(&dev->mt76);
2062 		ret = mt7915_firmware_state(dev, false);
2063 		if (ret) {
2064 			dev_err(dev->mt76.dev,
2065 				"Firmware is not ready for download\n");
2066 			return ret;
2067 		}
2068 	}
2069 
2070 	ret = mt76_connac2_load_patch(&dev->mt76, fw_name_var(dev, ROM_PATCH));
2071 	if (ret)
2072 		return ret;
2073 
2074 	ret = mt76_connac2_load_ram(&dev->mt76, fw_name_var(dev, FIRMWARE_WM),
2075 				    fw_name(dev, FIRMWARE_WA));
2076 	if (ret)
2077 		return ret;
2078 
2079 	ret = mt7915_firmware_state(dev, true);
2080 	if (ret)
2081 		return ret;
2082 
2083 	mt76_queue_tx_cleanup(dev, dev->mt76.q_mcu[MT_MCUQ_FWDL], false);
2084 
2085 	dev_dbg(dev->mt76.dev, "Firmware init done\n");
2086 
2087 	return 0;
2088 }
2089 
2090 int mt7915_mcu_fw_log_2_host(struct mt7915_dev *dev, u8 type, u8 ctrl)
2091 {
2092 	struct {
2093 		u8 ctrl_val;
2094 		u8 pad[3];
2095 	} data = {
2096 		.ctrl_val = ctrl
2097 	};
2098 
2099 	if (type == MCU_FW_LOG_WA)
2100 		return mt76_mcu_send_msg(&dev->mt76, MCU_WA_EXT_CMD(FW_LOG_2_HOST),
2101 					 &data, sizeof(data), true);
2102 
2103 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(FW_LOG_2_HOST), &data,
2104 				 sizeof(data), true);
2105 }
2106 
2107 int mt7915_mcu_fw_dbg_ctrl(struct mt7915_dev *dev, u32 module, u8 level)
2108 {
2109 	struct {
2110 		u8 ver;
2111 		u8 pad;
2112 		__le16 len;
2113 		u8 level;
2114 		u8 rsv[3];
2115 		__le32 module_idx;
2116 	} data = {
2117 		.module_idx = cpu_to_le32(module),
2118 		.level = level,
2119 	};
2120 
2121 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(FW_DBG_CTRL), &data,
2122 				 sizeof(data), false);
2123 }
2124 
2125 int mt7915_mcu_muru_debug_set(struct mt7915_dev *dev, bool enabled)
2126 {
2127 	struct {
2128 		__le32 cmd;
2129 		u8 enable;
2130 	} data = {
2131 		.cmd = cpu_to_le32(MURU_SET_TXC_TX_STATS_EN),
2132 		.enable = enabled,
2133 	};
2134 
2135 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL), &data,
2136 				sizeof(data), false);
2137 }
2138 
2139 int mt7915_mcu_muru_debug_get(struct mt7915_phy *phy, void *ms)
2140 {
2141 	struct mt7915_dev *dev = phy->dev;
2142 	struct sk_buff *skb;
2143 	struct mt7915_mcu_muru_stats *mu_stats =
2144 				(struct mt7915_mcu_muru_stats *)ms;
2145 	int ret;
2146 
2147 	struct {
2148 		__le32 cmd;
2149 		u8 band_idx;
2150 	} req = {
2151 		.cmd = cpu_to_le32(MURU_GET_TXC_TX_STATS),
2152 		.band_idx = phy->band_idx,
2153 	};
2154 
2155 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL),
2156 					&req, sizeof(req), true, &skb);
2157 	if (ret)
2158 		return ret;
2159 
2160 	memcpy(mu_stats, skb->data, sizeof(struct mt7915_mcu_muru_stats));
2161 	dev_kfree_skb(skb);
2162 
2163 	return 0;
2164 }
2165 
2166 static int mt7915_mcu_set_mwds(struct mt7915_dev *dev, bool enabled)
2167 {
2168 	struct {
2169 		u8 enable;
2170 		u8 _rsv[3];
2171 	} __packed req = {
2172 		.enable = enabled
2173 	};
2174 
2175 	return mt76_mcu_send_msg(&dev->mt76, MCU_WA_EXT_CMD(MWDS_SUPPORT), &req,
2176 				 sizeof(req), false);
2177 }
2178 
2179 int mt7915_mcu_set_muru_ctrl(struct mt7915_dev *dev, u32 cmd, u32 val)
2180 {
2181 	struct {
2182 		__le32 cmd;
2183 		u8 val[4];
2184 	} __packed req = {
2185 		.cmd = cpu_to_le32(cmd),
2186 	};
2187 
2188 	put_unaligned_le32(val, req.val);
2189 
2190 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL), &req,
2191 				 sizeof(req), false);
2192 }
2193 
2194 static int
2195 mt7915_mcu_init_rx_airtime(struct mt7915_dev *dev)
2196 {
2197 #define RX_AIRTIME_FEATURE_CTRL		1
2198 #define RX_AIRTIME_BITWISE_CTRL		2
2199 #define RX_AIRTIME_CLEAR_EN	1
2200 	struct {
2201 		__le16 field;
2202 		__le16 sub_field;
2203 		__le32 set_status;
2204 		__le32 get_status;
2205 		u8 _rsv[12];
2206 
2207 		bool airtime_en;
2208 		bool mibtime_en;
2209 		bool earlyend_en;
2210 		u8 _rsv1[9];
2211 
2212 		bool airtime_clear;
2213 		bool mibtime_clear;
2214 		u8 _rsv2[98];
2215 	} __packed req = {
2216 		.field = cpu_to_le16(RX_AIRTIME_BITWISE_CTRL),
2217 		.sub_field = cpu_to_le16(RX_AIRTIME_CLEAR_EN),
2218 		.airtime_clear = true,
2219 	};
2220 	int ret;
2221 
2222 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_AIRTIME_CTRL), &req,
2223 				sizeof(req), true);
2224 	if (ret)
2225 		return ret;
2226 
2227 	req.field = cpu_to_le16(RX_AIRTIME_FEATURE_CTRL);
2228 	req.sub_field = cpu_to_le16(RX_AIRTIME_CLEAR_EN);
2229 	req.airtime_en = true;
2230 
2231 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_AIRTIME_CTRL), &req,
2232 				 sizeof(req), true);
2233 }
2234 
2235 int mt7915_mcu_init(struct mt7915_dev *dev)
2236 {
2237 	static const struct mt76_mcu_ops mt7915_mcu_ops = {
2238 		.headroom = sizeof(struct mt76_connac2_mcu_txd),
2239 		.mcu_skb_send_msg = mt7915_mcu_send_message,
2240 		.mcu_parse_response = mt7915_mcu_parse_response,
2241 		.mcu_restart = mt76_connac_mcu_restart,
2242 	};
2243 	int ret;
2244 
2245 	dev->mt76.mcu_ops = &mt7915_mcu_ops;
2246 
2247 	/* force firmware operation mode into normal state,
2248 	 * which should be set before firmware download stage.
2249 	 */
2250 	mt76_wr(dev, MT_SWDEF_MODE, MT_SWDEF_NORMAL_MODE);
2251 
2252 	ret = mt7915_driver_own(dev, 0);
2253 	if (ret)
2254 		return ret;
2255 	/* set driver own for band1 when two hif exist */
2256 	if (dev->hif2) {
2257 		ret = mt7915_driver_own(dev, 1);
2258 		if (ret)
2259 			return ret;
2260 	}
2261 
2262 	ret = mt7915_load_firmware(dev);
2263 	if (ret)
2264 		return ret;
2265 
2266 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
2267 	ret = mt7915_mcu_fw_log_2_host(dev, MCU_FW_LOG_WM, 0);
2268 	if (ret)
2269 		return ret;
2270 
2271 	ret = mt7915_mcu_fw_log_2_host(dev, MCU_FW_LOG_WA, 0);
2272 	if (ret)
2273 		return ret;
2274 
2275 	if (mtk_wed_device_active(&dev->mt76.mmio.wed))
2276 		mt7915_mcu_wa_cmd(dev, MCU_WA_PARAM_CMD(CAPABILITY), 0, 0, 0);
2277 
2278 	ret = mt7915_mcu_set_mwds(dev, 1);
2279 	if (ret)
2280 		return ret;
2281 
2282 	ret = mt7915_mcu_set_muru_ctrl(dev, MURU_SET_PLATFORM_TYPE,
2283 				       MURU_PLATFORM_TYPE_PERF_LEVEL_2);
2284 	if (ret)
2285 		return ret;
2286 
2287 	ret = mt7915_mcu_init_rx_airtime(dev);
2288 	if (ret)
2289 		return ret;
2290 
2291 	return mt7915_mcu_wa_cmd(dev, MCU_WA_PARAM_CMD(SET),
2292 				 MCU_WA_PARAM_RED, 0, 0);
2293 }
2294 
2295 void mt7915_mcu_exit(struct mt7915_dev *dev)
2296 {
2297 	__mt76_mcu_restart(&dev->mt76);
2298 	if (mt7915_firmware_state(dev, false)) {
2299 		dev_err(dev->mt76.dev, "Failed to exit mcu\n");
2300 		return;
2301 	}
2302 
2303 	mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(0), MT_TOP_LPCR_HOST_FW_OWN);
2304 	if (dev->hif2)
2305 		mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(1),
2306 			MT_TOP_LPCR_HOST_FW_OWN);
2307 	skb_queue_purge(&dev->mt76.mcu.res_q);
2308 }
2309 
2310 static int
2311 mt7915_mcu_set_rx_hdr_trans_blacklist(struct mt7915_dev *dev, int band)
2312 {
2313 	struct {
2314 		u8 operation;
2315 		u8 count;
2316 		u8 _rsv[2];
2317 		u8 index;
2318 		u8 enable;
2319 		__le16 etype;
2320 	} req = {
2321 		.operation = 1,
2322 		.count = 1,
2323 		.enable = 1,
2324 		.etype = cpu_to_le16(ETH_P_PAE),
2325 	};
2326 
2327 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_HDR_TRANS),
2328 				 &req, sizeof(req), false);
2329 }
2330 
2331 int mt7915_mcu_set_mac(struct mt7915_dev *dev, int band,
2332 		       bool enable, bool hdr_trans)
2333 {
2334 	struct {
2335 		u8 operation;
2336 		u8 enable;
2337 		u8 check_bssid;
2338 		u8 insert_vlan;
2339 		u8 remove_vlan;
2340 		u8 tid;
2341 		u8 mode;
2342 		u8 rsv;
2343 	} __packed req_trans = {
2344 		.enable = hdr_trans,
2345 	};
2346 	struct {
2347 		u8 enable;
2348 		u8 band;
2349 		u8 rsv[2];
2350 	} __packed req_mac = {
2351 		.enable = enable,
2352 		.band = band,
2353 	};
2354 	int ret;
2355 
2356 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_HDR_TRANS),
2357 				&req_trans, sizeof(req_trans), false);
2358 	if (ret)
2359 		return ret;
2360 
2361 	if (hdr_trans)
2362 		mt7915_mcu_set_rx_hdr_trans_blacklist(dev, band);
2363 
2364 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MAC_INIT_CTRL),
2365 				 &req_mac, sizeof(req_mac), true);
2366 }
2367 
2368 int mt7915_mcu_update_edca(struct mt7915_dev *dev, void *param)
2369 {
2370 	struct mt7915_mcu_tx *req = (struct mt7915_mcu_tx *)param;
2371 	u8 num = req->total;
2372 	size_t len = sizeof(*req) -
2373 		     (IEEE80211_NUM_ACS - num) * sizeof(struct edca);
2374 
2375 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(EDCA_UPDATE), req,
2376 				 len, true);
2377 }
2378 
2379 int mt7915_mcu_set_tx(struct mt7915_dev *dev, struct ieee80211_vif *vif)
2380 {
2381 #define TX_CMD_MODE		1
2382 	struct mt7915_mcu_tx req = {
2383 		.valid = true,
2384 		.mode = TX_CMD_MODE,
2385 		.total = IEEE80211_NUM_ACS,
2386 	};
2387 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2388 	int ac;
2389 
2390 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2391 		struct ieee80211_tx_queue_params *q = &mvif->queue_params[ac];
2392 		struct edca *e = &req.edca[ac];
2393 
2394 		e->set = WMM_PARAM_SET;
2395 		e->queue = ac + mvif->mt76.wmm_idx * MT76_CONNAC_MAX_WMM_SETS;
2396 		e->aifs = q->aifs;
2397 		e->txop = cpu_to_le16(q->txop);
2398 
2399 		if (q->cw_min)
2400 			e->cw_min = fls(q->cw_min);
2401 		else
2402 			e->cw_min = 5;
2403 
2404 		if (q->cw_max)
2405 			e->cw_max = cpu_to_le16(fls(q->cw_max));
2406 		else
2407 			e->cw_max = cpu_to_le16(10);
2408 	}
2409 
2410 	return mt7915_mcu_update_edca(dev, &req);
2411 }
2412 
2413 int mt7915_mcu_set_fcc5_lpn(struct mt7915_dev *dev, int val)
2414 {
2415 	struct {
2416 		__le32 tag;
2417 		__le16 min_lpn;
2418 		u8 rsv[2];
2419 	} __packed req = {
2420 		.tag = cpu_to_le32(0x1),
2421 		.min_lpn = cpu_to_le16(val),
2422 	};
2423 
2424 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2425 				 sizeof(req), true);
2426 }
2427 
2428 int mt7915_mcu_set_pulse_th(struct mt7915_dev *dev,
2429 			    const struct mt7915_dfs_pulse *pulse)
2430 {
2431 	struct {
2432 		__le32 tag;
2433 
2434 		__le32 max_width;		/* us */
2435 		__le32 max_pwr;			/* dbm */
2436 		__le32 min_pwr;			/* dbm */
2437 		__le32 min_stgr_pri;		/* us */
2438 		__le32 max_stgr_pri;		/* us */
2439 		__le32 min_cr_pri;		/* us */
2440 		__le32 max_cr_pri;		/* us */
2441 	} __packed req = {
2442 		.tag = cpu_to_le32(0x3),
2443 
2444 #define __req_field(field) .field = cpu_to_le32(pulse->field)
2445 		__req_field(max_width),
2446 		__req_field(max_pwr),
2447 		__req_field(min_pwr),
2448 		__req_field(min_stgr_pri),
2449 		__req_field(max_stgr_pri),
2450 		__req_field(min_cr_pri),
2451 		__req_field(max_cr_pri),
2452 #undef __req_field
2453 	};
2454 
2455 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2456 				 sizeof(req), true);
2457 }
2458 
2459 int mt7915_mcu_set_radar_th(struct mt7915_dev *dev, int index,
2460 			    const struct mt7915_dfs_pattern *pattern)
2461 {
2462 	struct {
2463 		__le32 tag;
2464 		__le16 radar_type;
2465 
2466 		u8 enb;
2467 		u8 stgr;
2468 		u8 min_crpn;
2469 		u8 max_crpn;
2470 		u8 min_crpr;
2471 		u8 min_pw;
2472 		__le32 min_pri;
2473 		__le32 max_pri;
2474 		u8 max_pw;
2475 		u8 min_crbn;
2476 		u8 max_crbn;
2477 		u8 min_stgpn;
2478 		u8 max_stgpn;
2479 		u8 min_stgpr;
2480 		u8 rsv[2];
2481 		__le32 min_stgpr_diff;
2482 	} __packed req = {
2483 		.tag = cpu_to_le32(0x2),
2484 		.radar_type = cpu_to_le16(index),
2485 
2486 #define __req_field_u8(field) .field = pattern->field
2487 #define __req_field_u32(field) .field = cpu_to_le32(pattern->field)
2488 		__req_field_u8(enb),
2489 		__req_field_u8(stgr),
2490 		__req_field_u8(min_crpn),
2491 		__req_field_u8(max_crpn),
2492 		__req_field_u8(min_crpr),
2493 		__req_field_u8(min_pw),
2494 		__req_field_u32(min_pri),
2495 		__req_field_u32(max_pri),
2496 		__req_field_u8(max_pw),
2497 		__req_field_u8(min_crbn),
2498 		__req_field_u8(max_crbn),
2499 		__req_field_u8(min_stgpn),
2500 		__req_field_u8(max_stgpn),
2501 		__req_field_u8(min_stgpr),
2502 		__req_field_u32(min_stgpr_diff),
2503 #undef __req_field_u8
2504 #undef __req_field_u32
2505 	};
2506 
2507 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2508 				 sizeof(req), true);
2509 }
2510 
2511 static int
2512 mt7915_mcu_background_chain_ctrl(struct mt7915_phy *phy,
2513 				 struct cfg80211_chan_def *chandef,
2514 				 int cmd)
2515 {
2516 	struct mt7915_dev *dev = phy->dev;
2517 	struct mt76_phy *mphy = phy->mt76;
2518 	struct ieee80211_channel *chan = mphy->chandef.chan;
2519 	int freq = mphy->chandef.center_freq1;
2520 	struct mt7915_mcu_background_chain_ctrl req = {
2521 		.monitor_scan_type = 2, /* simple rx */
2522 	};
2523 
2524 	if (!chandef && cmd != CH_SWITCH_BACKGROUND_SCAN_STOP)
2525 		return -EINVAL;
2526 
2527 	if (!cfg80211_chandef_valid(&mphy->chandef))
2528 		return -EINVAL;
2529 
2530 	switch (cmd) {
2531 	case CH_SWITCH_BACKGROUND_SCAN_START: {
2532 		req.chan = chan->hw_value;
2533 		req.central_chan = ieee80211_frequency_to_channel(freq);
2534 		req.bw = mt76_connac_chan_bw(&mphy->chandef);
2535 		req.monitor_chan = chandef->chan->hw_value;
2536 		req.monitor_central_chan =
2537 			ieee80211_frequency_to_channel(chandef->center_freq1);
2538 		req.monitor_bw = mt76_connac_chan_bw(chandef);
2539 		req.band_idx = phy != &dev->phy;
2540 		req.scan_mode = 1;
2541 		break;
2542 	}
2543 	case CH_SWITCH_BACKGROUND_SCAN_RUNNING:
2544 		req.monitor_chan = chandef->chan->hw_value;
2545 		req.monitor_central_chan =
2546 			ieee80211_frequency_to_channel(chandef->center_freq1);
2547 		req.band_idx = phy != &dev->phy;
2548 		req.scan_mode = 2;
2549 		break;
2550 	case CH_SWITCH_BACKGROUND_SCAN_STOP:
2551 		req.chan = chan->hw_value;
2552 		req.central_chan = ieee80211_frequency_to_channel(freq);
2553 		req.bw = mt76_connac_chan_bw(&mphy->chandef);
2554 		req.tx_stream = hweight8(mphy->antenna_mask);
2555 		req.rx_stream = mphy->antenna_mask;
2556 		break;
2557 	default:
2558 		return -EINVAL;
2559 	}
2560 	req.band = chandef ? chandef->chan->band == NL80211_BAND_5GHZ : 1;
2561 
2562 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(OFFCH_SCAN_CTRL),
2563 				 &req, sizeof(req), false);
2564 }
2565 
2566 int mt7915_mcu_rdd_background_enable(struct mt7915_phy *phy,
2567 				     struct cfg80211_chan_def *chandef)
2568 {
2569 	struct mt7915_dev *dev = phy->dev;
2570 	int err, region;
2571 
2572 	if (!chandef) { /* disable offchain */
2573 		err = mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_STOP, MT_RX_SEL2,
2574 					      0, 0);
2575 		if (err)
2576 			return err;
2577 
2578 		return mt7915_mcu_background_chain_ctrl(phy, NULL,
2579 				CH_SWITCH_BACKGROUND_SCAN_STOP);
2580 	}
2581 
2582 	err = mt7915_mcu_background_chain_ctrl(phy, chandef,
2583 					       CH_SWITCH_BACKGROUND_SCAN_START);
2584 	if (err)
2585 		return err;
2586 
2587 	switch (dev->mt76.region) {
2588 	case NL80211_DFS_ETSI:
2589 		region = 0;
2590 		break;
2591 	case NL80211_DFS_JP:
2592 		region = 2;
2593 		break;
2594 	case NL80211_DFS_FCC:
2595 	default:
2596 		region = 1;
2597 		break;
2598 	}
2599 
2600 	return mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_START, MT_RX_SEL2,
2601 				       0, region);
2602 }
2603 
2604 int mt7915_mcu_set_chan_info(struct mt7915_phy *phy, int cmd)
2605 {
2606 	static const u8 ch_band[] = {
2607 		[NL80211_BAND_2GHZ] = 0,
2608 		[NL80211_BAND_5GHZ] = 1,
2609 		[NL80211_BAND_6GHZ] = 2,
2610 	};
2611 	struct mt7915_dev *dev = phy->dev;
2612 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2613 	int freq1 = chandef->center_freq1;
2614 	struct {
2615 		u8 control_ch;
2616 		u8 center_ch;
2617 		u8 bw;
2618 		u8 tx_streams_num;
2619 		u8 rx_streams;	/* mask or num */
2620 		u8 switch_reason;
2621 		u8 band_idx;
2622 		u8 center_ch2;	/* for 80+80 only */
2623 		__le16 cac_case;
2624 		u8 channel_band;
2625 		u8 rsv0;
2626 		__le32 outband_freq;
2627 		u8 txpower_drop;
2628 		u8 ap_bw;
2629 		u8 ap_center_ch;
2630 		u8 rsv1[57];
2631 	} __packed req = {
2632 		.control_ch = chandef->chan->hw_value,
2633 		.center_ch = ieee80211_frequency_to_channel(freq1),
2634 		.bw = mt76_connac_chan_bw(chandef),
2635 		.tx_streams_num = hweight8(phy->mt76->antenna_mask),
2636 		.rx_streams = phy->mt76->antenna_mask,
2637 		.band_idx = phy->band_idx,
2638 		.channel_band = ch_band[chandef->chan->band],
2639 	};
2640 
2641 #ifdef CONFIG_NL80211_TESTMODE
2642 	if (phy->mt76->test.tx_antenna_mask &&
2643 	    (phy->mt76->test.state == MT76_TM_STATE_TX_FRAMES ||
2644 	     phy->mt76->test.state == MT76_TM_STATE_RX_FRAMES ||
2645 	     phy->mt76->test.state == MT76_TM_STATE_TX_CONT)) {
2646 		req.tx_streams_num = fls(phy->mt76->test.tx_antenna_mask);
2647 		req.rx_streams = phy->mt76->test.tx_antenna_mask;
2648 
2649 		if (phy != &dev->phy)
2650 			req.rx_streams >>= dev->chainshift;
2651 	}
2652 #endif
2653 
2654 	if (cmd == MCU_EXT_CMD(SET_RX_PATH) ||
2655 	    dev->mt76.hw->conf.flags & IEEE80211_CONF_MONITOR)
2656 		req.switch_reason = CH_SWITCH_NORMAL;
2657 	else if (phy->mt76->hw->conf.flags & IEEE80211_CONF_OFFCHANNEL)
2658 		req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
2659 	else if (!cfg80211_reg_can_beacon(phy->mt76->hw->wiphy, chandef,
2660 					  NL80211_IFTYPE_AP))
2661 		req.switch_reason = CH_SWITCH_DFS;
2662 	else
2663 		req.switch_reason = CH_SWITCH_NORMAL;
2664 
2665 	if (cmd == MCU_EXT_CMD(CHANNEL_SWITCH))
2666 		req.rx_streams = hweight8(req.rx_streams);
2667 
2668 	if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
2669 		int freq2 = chandef->center_freq2;
2670 
2671 		req.center_ch2 = ieee80211_frequency_to_channel(freq2);
2672 	}
2673 
2674 	return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), true);
2675 }
2676 
2677 static int mt7915_mcu_set_eeprom_flash(struct mt7915_dev *dev)
2678 {
2679 #define MAX_PAGE_IDX_MASK	GENMASK(7, 5)
2680 #define PAGE_IDX_MASK		GENMASK(4, 2)
2681 #define PER_PAGE_SIZE		0x400
2682 	struct mt7915_mcu_eeprom req = { .buffer_mode = EE_MODE_BUFFER };
2683 	u16 eeprom_size = mt7915_eeprom_size(dev);
2684 	u8 total = DIV_ROUND_UP(eeprom_size, PER_PAGE_SIZE);
2685 	u8 *eep = (u8 *)dev->mt76.eeprom.data;
2686 	int eep_len;
2687 	int i;
2688 
2689 	for (i = 0; i < total; i++, eep += eep_len) {
2690 		struct sk_buff *skb;
2691 		int ret;
2692 
2693 		if (i == total - 1 && !!(eeprom_size % PER_PAGE_SIZE))
2694 			eep_len = eeprom_size % PER_PAGE_SIZE;
2695 		else
2696 			eep_len = PER_PAGE_SIZE;
2697 
2698 		skb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
2699 					 sizeof(req) + eep_len);
2700 		if (!skb)
2701 			return -ENOMEM;
2702 
2703 		req.format = FIELD_PREP(MAX_PAGE_IDX_MASK, total - 1) |
2704 			     FIELD_PREP(PAGE_IDX_MASK, i) | EE_FORMAT_WHOLE;
2705 		req.len = cpu_to_le16(eep_len);
2706 
2707 		skb_put_data(skb, &req, sizeof(req));
2708 		skb_put_data(skb, eep, eep_len);
2709 
2710 		ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2711 					    MCU_EXT_CMD(EFUSE_BUFFER_MODE), true);
2712 		if (ret)
2713 			return ret;
2714 	}
2715 
2716 	return 0;
2717 }
2718 
2719 int mt7915_mcu_set_eeprom(struct mt7915_dev *dev)
2720 {
2721 	struct mt7915_mcu_eeprom req = {
2722 		.buffer_mode = EE_MODE_EFUSE,
2723 		.format = EE_FORMAT_WHOLE,
2724 	};
2725 
2726 	if (dev->flash_mode)
2727 		return mt7915_mcu_set_eeprom_flash(dev);
2728 
2729 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(EFUSE_BUFFER_MODE),
2730 				 &req, sizeof(req), true);
2731 }
2732 
2733 int mt7915_mcu_get_eeprom(struct mt7915_dev *dev, u32 offset)
2734 {
2735 	struct mt7915_mcu_eeprom_info req = {
2736 		.addr = cpu_to_le32(round_down(offset,
2737 				    MT7915_EEPROM_BLOCK_SIZE)),
2738 	};
2739 	struct mt7915_mcu_eeprom_info *res;
2740 	struct sk_buff *skb;
2741 	int ret;
2742 	u8 *buf;
2743 
2744 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(EFUSE_ACCESS), &req,
2745 				sizeof(req), true, &skb);
2746 	if (ret)
2747 		return ret;
2748 
2749 	res = (struct mt7915_mcu_eeprom_info *)skb->data;
2750 	buf = dev->mt76.eeprom.data + le32_to_cpu(res->addr);
2751 	memcpy(buf, res->data, MT7915_EEPROM_BLOCK_SIZE);
2752 	dev_kfree_skb(skb);
2753 
2754 	return 0;
2755 }
2756 
2757 int mt7915_mcu_get_eeprom_free_block(struct mt7915_dev *dev, u8 *block_num)
2758 {
2759 	struct {
2760 		u8 _rsv;
2761 		u8 version;
2762 		u8 die_idx;
2763 		u8 _rsv2;
2764 	} __packed req = {
2765 		.version = 1,
2766 	};
2767 	struct sk_buff *skb;
2768 	int ret;
2769 
2770 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(EFUSE_FREE_BLOCK), &req,
2771 					sizeof(req), true, &skb);
2772 	if (ret)
2773 		return ret;
2774 
2775 	*block_num = *(u8 *)skb->data;
2776 	dev_kfree_skb(skb);
2777 
2778 	return 0;
2779 }
2780 
2781 static int mt7915_mcu_set_pre_cal(struct mt7915_dev *dev, u8 idx,
2782 				  u8 *data, u32 len, int cmd)
2783 {
2784 	struct {
2785 		u8 dir;
2786 		u8 valid;
2787 		__le16 bitmap;
2788 		s8 precal;
2789 		u8 action;
2790 		u8 band;
2791 		u8 idx;
2792 		u8 rsv[4];
2793 		__le32 len;
2794 	} req = {};
2795 	struct sk_buff *skb;
2796 
2797 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, sizeof(req) + len);
2798 	if (!skb)
2799 		return -ENOMEM;
2800 
2801 	req.idx = idx;
2802 	req.len = cpu_to_le32(len);
2803 	skb_put_data(skb, &req, sizeof(req));
2804 	skb_put_data(skb, data, len);
2805 
2806 	return mt76_mcu_skb_send_msg(&dev->mt76, skb, cmd, false);
2807 }
2808 
2809 int mt7915_mcu_apply_group_cal(struct mt7915_dev *dev)
2810 {
2811 	u8 idx = 0, *cal = dev->cal, *eep = dev->mt76.eeprom.data;
2812 	u32 total = MT_EE_CAL_GROUP_SIZE;
2813 
2814 	if (!(eep[MT_EE_DO_PRE_CAL] & MT_EE_WIFI_CAL_GROUP))
2815 		return 0;
2816 
2817 	/*
2818 	 * Items: Rx DCOC, RSSI DCOC, Tx TSSI DCOC, Tx LPFG
2819 	 * Tx FDIQ, Tx DCIQ, Rx FDIQ, Rx FIIQ, ADCDCOC
2820 	 */
2821 	while (total > 0) {
2822 		int ret, len;
2823 
2824 		len = min_t(u32, total, MT_EE_CAL_UNIT);
2825 
2826 		ret = mt7915_mcu_set_pre_cal(dev, idx, cal, len,
2827 					     MCU_EXT_CMD(GROUP_PRE_CAL_INFO));
2828 		if (ret)
2829 			return ret;
2830 
2831 		total -= len;
2832 		cal += len;
2833 		idx++;
2834 	}
2835 
2836 	return 0;
2837 }
2838 
2839 static int mt7915_find_freq_idx(const u16 *freqs, int n_freqs, u16 cur)
2840 {
2841 	int i;
2842 
2843 	for (i = 0; i < n_freqs; i++)
2844 		if (cur == freqs[i])
2845 			return i;
2846 
2847 	return -1;
2848 }
2849 
2850 static int mt7915_dpd_freq_idx(u16 freq, u8 bw)
2851 {
2852 	static const u16 freq_list[] = {
2853 		5180, 5200, 5220, 5240,
2854 		5260, 5280, 5300, 5320,
2855 		5500, 5520, 5540, 5560,
2856 		5580, 5600, 5620, 5640,
2857 		5660, 5680, 5700, 5745,
2858 		5765, 5785, 5805, 5825
2859 	};
2860 	int offset_2g = ARRAY_SIZE(freq_list);
2861 	int idx;
2862 
2863 	if (freq < 4000) {
2864 		if (freq < 2432)
2865 			return offset_2g;
2866 		if (freq < 2457)
2867 			return offset_2g + 1;
2868 
2869 		return offset_2g + 2;
2870 	}
2871 
2872 	if (bw == NL80211_CHAN_WIDTH_80P80 || bw == NL80211_CHAN_WIDTH_160)
2873 		return -1;
2874 
2875 	if (bw != NL80211_CHAN_WIDTH_20) {
2876 		idx = mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
2877 					   freq + 10);
2878 		if (idx >= 0)
2879 			return idx;
2880 
2881 		idx = mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
2882 					   freq - 10);
2883 		if (idx >= 0)
2884 			return idx;
2885 	}
2886 
2887 	return mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list), freq);
2888 }
2889 
2890 int mt7915_mcu_apply_tx_dpd(struct mt7915_phy *phy)
2891 {
2892 	struct mt7915_dev *dev = phy->dev;
2893 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2894 	u16 total = 2, center_freq = chandef->center_freq1;
2895 	u8 *cal = dev->cal, *eep = dev->mt76.eeprom.data;
2896 	int idx;
2897 
2898 	if (!(eep[MT_EE_DO_PRE_CAL] & MT_EE_WIFI_CAL_DPD))
2899 		return 0;
2900 
2901 	idx = mt7915_dpd_freq_idx(center_freq, chandef->width);
2902 	if (idx < 0)
2903 		return -EINVAL;
2904 
2905 	/* Items: Tx DPD, Tx Flatness */
2906 	idx = idx * 2;
2907 	cal += MT_EE_CAL_GROUP_SIZE;
2908 
2909 	while (total--) {
2910 		int ret;
2911 
2912 		cal += (idx * MT_EE_CAL_UNIT);
2913 		ret = mt7915_mcu_set_pre_cal(dev, idx, cal, MT_EE_CAL_UNIT,
2914 					     MCU_EXT_CMD(DPD_PRE_CAL_INFO));
2915 		if (ret)
2916 			return ret;
2917 
2918 		idx++;
2919 	}
2920 
2921 	return 0;
2922 }
2923 
2924 int mt7915_mcu_get_chan_mib_info(struct mt7915_phy *phy, bool chan_switch)
2925 {
2926 	/* strict order */
2927 	static const u32 offs[] = {
2928 		MIB_BUSY_TIME, MIB_TX_TIME, MIB_RX_TIME, MIB_OBSS_AIRTIME,
2929 		MIB_BUSY_TIME_V2, MIB_TX_TIME_V2, MIB_RX_TIME_V2,
2930 		MIB_OBSS_AIRTIME_V2
2931 	};
2932 	struct mt76_channel_state *state = phy->mt76->chan_state;
2933 	struct mt76_channel_state *state_ts = &phy->state_ts;
2934 	struct mt7915_dev *dev = phy->dev;
2935 	struct mt7915_mcu_mib *res, req[4];
2936 	struct sk_buff *skb;
2937 	int i, ret, start = 0, ofs = 20;
2938 
2939 	if (!is_mt7915(&dev->mt76)) {
2940 		start = 4;
2941 		ofs = 0;
2942 	}
2943 
2944 	for (i = 0; i < 4; i++) {
2945 		req[i].band = cpu_to_le32(phy != &dev->phy);
2946 		req[i].offs = cpu_to_le32(offs[i + start]);
2947 	}
2948 
2949 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(GET_MIB_INFO),
2950 					req, sizeof(req), true, &skb);
2951 	if (ret)
2952 		return ret;
2953 
2954 	res = (struct mt7915_mcu_mib *)(skb->data + ofs);
2955 
2956 	if (chan_switch)
2957 		goto out;
2958 
2959 #define __res_u64(s) le64_to_cpu(res[s].data)
2960 	state->cc_busy += __res_u64(0) - state_ts->cc_busy;
2961 	state->cc_tx += __res_u64(1) - state_ts->cc_tx;
2962 	state->cc_bss_rx += __res_u64(2) - state_ts->cc_bss_rx;
2963 	state->cc_rx += __res_u64(2) + __res_u64(3) - state_ts->cc_rx;
2964 
2965 out:
2966 	state_ts->cc_busy = __res_u64(0);
2967 	state_ts->cc_tx = __res_u64(1);
2968 	state_ts->cc_bss_rx = __res_u64(2);
2969 	state_ts->cc_rx = __res_u64(2) + __res_u64(3);
2970 #undef __res_u64
2971 
2972 	dev_kfree_skb(skb);
2973 
2974 	return 0;
2975 }
2976 
2977 int mt7915_mcu_get_temperature(struct mt7915_phy *phy)
2978 {
2979 	struct mt7915_dev *dev = phy->dev;
2980 	struct {
2981 		u8 ctrl_id;
2982 		u8 action;
2983 		u8 dbdc_idx;
2984 		u8 rsv[5];
2985 	} req = {
2986 		.ctrl_id = THERMAL_SENSOR_TEMP_QUERY,
2987 		.dbdc_idx = phy != &dev->phy,
2988 	};
2989 
2990 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_CTRL), &req,
2991 				 sizeof(req), true);
2992 }
2993 
2994 int mt7915_mcu_set_thermal_throttling(struct mt7915_phy *phy, u8 state)
2995 {
2996 	struct mt7915_dev *dev = phy->dev;
2997 	struct {
2998 		struct mt7915_mcu_thermal_ctrl ctrl;
2999 
3000 		__le32 trigger_temp;
3001 		__le32 restore_temp;
3002 		__le16 sustain_time;
3003 		u8 rsv[2];
3004 	} __packed req = {
3005 		.ctrl = {
3006 			.band_idx = phy->band_idx,
3007 		},
3008 	};
3009 	int level;
3010 
3011 	if (!state) {
3012 		req.ctrl.ctrl_id = THERMAL_PROTECT_DISABLE;
3013 		goto out;
3014 	}
3015 
3016 	/* set duty cycle and level */
3017 	for (level = 0; level < 4; level++) {
3018 		int ret;
3019 
3020 		req.ctrl.ctrl_id = THERMAL_PROTECT_DUTY_CONFIG;
3021 		req.ctrl.duty.duty_level = level;
3022 		req.ctrl.duty.duty_cycle = state;
3023 		state /= 2;
3024 
3025 		ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_PROT),
3026 					&req, sizeof(req.ctrl), false);
3027 		if (ret)
3028 			return ret;
3029 	}
3030 
3031 	/* set high-temperature trigger threshold */
3032 	req.ctrl.ctrl_id = THERMAL_PROTECT_ENABLE;
3033 	/* add a safety margin ~10 */
3034 	req.restore_temp = cpu_to_le32(phy->throttle_temp[0] - 10);
3035 	req.trigger_temp = cpu_to_le32(phy->throttle_temp[1]);
3036 	req.sustain_time = cpu_to_le16(10);
3037 
3038 out:
3039 	req.ctrl.type.protect_type = 1;
3040 	req.ctrl.type.trigger_type = 1;
3041 
3042 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_PROT),
3043 				 &req, sizeof(req), false);
3044 }
3045 
3046 int mt7915_mcu_set_txpower_sku(struct mt7915_phy *phy)
3047 {
3048 	struct mt7915_dev *dev = phy->dev;
3049 	struct mt76_phy *mphy = phy->mt76;
3050 	struct ieee80211_hw *hw = mphy->hw;
3051 	struct mt7915_sku_val {
3052 		u8 format_id;
3053 		u8 limit_type;
3054 		u8 dbdc_idx;
3055 		s8 val[MT7915_SKU_RATE_NUM];
3056 	} __packed req = {
3057 		.format_id = 4,
3058 		.dbdc_idx = phy != &dev->phy,
3059 	};
3060 	struct mt76_power_limits limits_array;
3061 	s8 *la = (s8 *)&limits_array;
3062 	int i, idx, n_chains = hweight8(mphy->antenna_mask);
3063 	int tx_power = hw->conf.power_level * 2;
3064 
3065 	tx_power = mt76_get_sar_power(mphy, mphy->chandef.chan,
3066 				      tx_power);
3067 	tx_power -= mt76_tx_power_nss_delta(n_chains);
3068 	tx_power = mt76_get_rate_power_limits(mphy, mphy->chandef.chan,
3069 					      &limits_array, tx_power);
3070 	mphy->txpower_cur = tx_power;
3071 
3072 	for (i = 0, idx = 0; i < ARRAY_SIZE(mt7915_sku_group_len); i++) {
3073 		u8 mcs_num, len = mt7915_sku_group_len[i];
3074 		int j;
3075 
3076 		if (i >= SKU_HT_BW20 && i <= SKU_VHT_BW160) {
3077 			mcs_num = 10;
3078 
3079 			if (i == SKU_HT_BW20 || i == SKU_VHT_BW20)
3080 				la = (s8 *)&limits_array + 12;
3081 		} else {
3082 			mcs_num = len;
3083 		}
3084 
3085 		for (j = 0; j < min_t(u8, mcs_num, len); j++)
3086 			req.val[idx + j] = la[j];
3087 
3088 		la += mcs_num;
3089 		idx += len;
3090 	}
3091 
3092 	return mt76_mcu_send_msg(&dev->mt76,
3093 				 MCU_EXT_CMD(TX_POWER_FEATURE_CTRL), &req,
3094 				 sizeof(req), true);
3095 }
3096 
3097 int mt7915_mcu_get_txpower_sku(struct mt7915_phy *phy, s8 *txpower, int len)
3098 {
3099 #define RATE_POWER_INFO	2
3100 	struct mt7915_dev *dev = phy->dev;
3101 	struct {
3102 		u8 format_id;
3103 		u8 category;
3104 		u8 band;
3105 		u8 _rsv;
3106 	} __packed req = {
3107 		.format_id = 7,
3108 		.category = RATE_POWER_INFO,
3109 		.band = phy != &dev->phy,
3110 	};
3111 	s8 res[MT7915_SKU_RATE_NUM][2];
3112 	struct sk_buff *skb;
3113 	int ret, i;
3114 
3115 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
3116 					MCU_EXT_CMD(TX_POWER_FEATURE_CTRL),
3117 					&req, sizeof(req), true, &skb);
3118 	if (ret)
3119 		return ret;
3120 
3121 	memcpy(res, skb->data + 4, sizeof(res));
3122 	for (i = 0; i < len; i++)
3123 		txpower[i] = res[i][req.band];
3124 
3125 	dev_kfree_skb(skb);
3126 
3127 	return 0;
3128 }
3129 
3130 int mt7915_mcu_set_test_param(struct mt7915_dev *dev, u8 param, bool test_mode,
3131 			      u8 en)
3132 {
3133 	struct {
3134 		u8 test_mode_en;
3135 		u8 param_idx;
3136 		u8 _rsv[2];
3137 
3138 		u8 enable;
3139 		u8 _rsv2[3];
3140 
3141 		u8 pad[8];
3142 	} __packed req = {
3143 		.test_mode_en = test_mode,
3144 		.param_idx = param,
3145 		.enable = en,
3146 	};
3147 
3148 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(ATE_CTRL), &req,
3149 				 sizeof(req), false);
3150 }
3151 
3152 int mt7915_mcu_set_sku_en(struct mt7915_phy *phy, bool enable)
3153 {
3154 	struct mt7915_dev *dev = phy->dev;
3155 	struct mt7915_sku {
3156 		u8 format_id;
3157 		u8 sku_enable;
3158 		u8 dbdc_idx;
3159 		u8 rsv;
3160 	} __packed req = {
3161 		.format_id = 0,
3162 		.dbdc_idx = phy != &dev->phy,
3163 		.sku_enable = enable,
3164 	};
3165 
3166 	return mt76_mcu_send_msg(&dev->mt76,
3167 				 MCU_EXT_CMD(TX_POWER_FEATURE_CTRL), &req,
3168 				 sizeof(req), true);
3169 }
3170 
3171 int mt7915_mcu_set_ser(struct mt7915_dev *dev, u8 action, u8 set, u8 band)
3172 {
3173 	struct {
3174 		u8 action;
3175 		u8 set;
3176 		u8 band;
3177 		u8 rsv;
3178 	} req = {
3179 		.action = action,
3180 		.set = set,
3181 		.band = band,
3182 	};
3183 
3184 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SER_TRIGGER),
3185 				 &req, sizeof(req), false);
3186 }
3187 
3188 int mt7915_mcu_set_txbf(struct mt7915_dev *dev, u8 action)
3189 {
3190 	struct {
3191 		u8 action;
3192 		union {
3193 			struct {
3194 				u8 snd_mode;
3195 				u8 sta_num;
3196 				u8 rsv;
3197 				u8 wlan_idx[4];
3198 				__le32 snd_period;	/* ms */
3199 			} __packed snd;
3200 			struct {
3201 				bool ebf;
3202 				bool ibf;
3203 				u8 rsv;
3204 			} __packed type;
3205 			struct {
3206 				u8 bf_num;
3207 				u8 bf_bitmap;
3208 				u8 bf_sel[8];
3209 				u8 rsv[5];
3210 			} __packed mod;
3211 		};
3212 	} __packed req = {
3213 		.action = action,
3214 	};
3215 
3216 #define MT_BF_PROCESSING	4
3217 	switch (action) {
3218 	case MT_BF_SOUNDING_ON:
3219 		req.snd.snd_mode = MT_BF_PROCESSING;
3220 		break;
3221 	case MT_BF_TYPE_UPDATE:
3222 		req.type.ebf = true;
3223 		req.type.ibf = dev->ibf;
3224 		break;
3225 	case MT_BF_MODULE_UPDATE:
3226 		req.mod.bf_num = 2;
3227 		req.mod.bf_bitmap = GENMASK(1, 0);
3228 		break;
3229 	default:
3230 		return -EINVAL;
3231 	}
3232 
3233 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(TXBF_ACTION), &req,
3234 				 sizeof(req), true);
3235 }
3236 
3237 int mt7915_mcu_add_obss_spr(struct mt7915_dev *dev, struct ieee80211_vif *vif,
3238 			    bool enable)
3239 {
3240 #define MT_SPR_ENABLE		1
3241 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
3242 	struct {
3243 		u8 action;
3244 		u8 arg_num;
3245 		u8 band_idx;
3246 		u8 status;
3247 		u8 drop_tx_idx;
3248 		u8 sta_idx;	/* 256 sta */
3249 		u8 rsv[2];
3250 		__le32 val;
3251 	} __packed req = {
3252 		.action = MT_SPR_ENABLE,
3253 		.arg_num = 1,
3254 		.band_idx = mvif->mt76.band_idx,
3255 		.val = cpu_to_le32(enable),
3256 	};
3257 
3258 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SPR), &req,
3259 				 sizeof(req), true);
3260 }
3261 
3262 int mt7915_mcu_get_rx_rate(struct mt7915_phy *phy, struct ieee80211_vif *vif,
3263 			   struct ieee80211_sta *sta, struct rate_info *rate)
3264 {
3265 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
3266 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
3267 	struct mt7915_dev *dev = phy->dev;
3268 	struct mt76_phy *mphy = phy->mt76;
3269 	struct {
3270 		u8 category;
3271 		u8 band;
3272 		__le16 wcid;
3273 	} __packed req = {
3274 		.category = MCU_PHY_STATE_CONTENTION_RX_RATE,
3275 		.band = mvif->mt76.band_idx,
3276 		.wcid = cpu_to_le16(msta->wcid.idx),
3277 	};
3278 	struct ieee80211_supported_band *sband;
3279 	struct mt7915_mcu_phy_rx_info *res;
3280 	struct sk_buff *skb;
3281 	int ret;
3282 	bool cck = false;
3283 
3284 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(PHY_STAT_INFO),
3285 					&req, sizeof(req), true, &skb);
3286 	if (ret)
3287 		return ret;
3288 
3289 	res = (struct mt7915_mcu_phy_rx_info *)skb->data;
3290 
3291 	rate->mcs = res->rate;
3292 	rate->nss = res->nsts + 1;
3293 
3294 	switch (res->mode) {
3295 	case MT_PHY_TYPE_CCK:
3296 		cck = true;
3297 		fallthrough;
3298 	case MT_PHY_TYPE_OFDM:
3299 		if (mphy->chandef.chan->band == NL80211_BAND_5GHZ)
3300 			sband = &mphy->sband_5g.sband;
3301 		else if (mphy->chandef.chan->band == NL80211_BAND_6GHZ)
3302 			sband = &mphy->sband_6g.sband;
3303 		else
3304 			sband = &mphy->sband_2g.sband;
3305 
3306 		rate->mcs = mt76_get_rate(&dev->mt76, sband, rate->mcs, cck);
3307 		rate->legacy = sband->bitrates[rate->mcs].bitrate;
3308 		break;
3309 	case MT_PHY_TYPE_HT:
3310 	case MT_PHY_TYPE_HT_GF:
3311 		if (rate->mcs > 31) {
3312 			ret = -EINVAL;
3313 			goto out;
3314 		}
3315 
3316 		rate->flags = RATE_INFO_FLAGS_MCS;
3317 		if (res->gi)
3318 			rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
3319 		break;
3320 	case MT_PHY_TYPE_VHT:
3321 		if (rate->mcs > 9) {
3322 			ret = -EINVAL;
3323 			goto out;
3324 		}
3325 
3326 		rate->flags = RATE_INFO_FLAGS_VHT_MCS;
3327 		if (res->gi)
3328 			rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
3329 		break;
3330 	case MT_PHY_TYPE_HE_SU:
3331 	case MT_PHY_TYPE_HE_EXT_SU:
3332 	case MT_PHY_TYPE_HE_TB:
3333 	case MT_PHY_TYPE_HE_MU:
3334 		if (res->gi > NL80211_RATE_INFO_HE_GI_3_2 || rate->mcs > 11) {
3335 			ret = -EINVAL;
3336 			goto out;
3337 		}
3338 		rate->he_gi = res->gi;
3339 		rate->flags = RATE_INFO_FLAGS_HE_MCS;
3340 		break;
3341 	default:
3342 		ret = -EINVAL;
3343 		goto out;
3344 	}
3345 
3346 	switch (res->bw) {
3347 	case IEEE80211_STA_RX_BW_160:
3348 		rate->bw = RATE_INFO_BW_160;
3349 		break;
3350 	case IEEE80211_STA_RX_BW_80:
3351 		rate->bw = RATE_INFO_BW_80;
3352 		break;
3353 	case IEEE80211_STA_RX_BW_40:
3354 		rate->bw = RATE_INFO_BW_40;
3355 		break;
3356 	default:
3357 		rate->bw = RATE_INFO_BW_20;
3358 		break;
3359 	}
3360 
3361 out:
3362 	dev_kfree_skb(skb);
3363 
3364 	return ret;
3365 }
3366 
3367 int mt7915_mcu_update_bss_color(struct mt7915_dev *dev, struct ieee80211_vif *vif,
3368 				struct cfg80211_he_bss_color *he_bss_color)
3369 {
3370 	int len = sizeof(struct sta_req_hdr) + sizeof(struct bss_info_color);
3371 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
3372 	struct bss_info_color *bss_color;
3373 	struct sk_buff *skb;
3374 	struct tlv *tlv;
3375 
3376 	skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
3377 					      NULL, len);
3378 	if (IS_ERR(skb))
3379 		return PTR_ERR(skb);
3380 
3381 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_BSS_COLOR,
3382 				      sizeof(*bss_color));
3383 	bss_color = (struct bss_info_color *)tlv;
3384 	bss_color->disable = !he_bss_color->enabled;
3385 	bss_color->color = he_bss_color->color;
3386 
3387 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
3388 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
3389 }
3390 
3391 #define TWT_AGRT_TRIGGER	BIT(0)
3392 #define TWT_AGRT_ANNOUNCE	BIT(1)
3393 #define TWT_AGRT_PROTECT	BIT(2)
3394 
3395 int mt7915_mcu_twt_agrt_update(struct mt7915_dev *dev,
3396 			       struct mt7915_vif *mvif,
3397 			       struct mt7915_twt_flow *flow,
3398 			       int cmd)
3399 {
3400 	struct {
3401 		u8 tbl_idx;
3402 		u8 cmd;
3403 		u8 own_mac_idx;
3404 		u8 flowid; /* 0xff for group id */
3405 		__le16 peer_id; /* specify the peer_id (msb=0)
3406 				 * or group_id (msb=1)
3407 				 */
3408 		u8 duration; /* 256 us */
3409 		u8 bss_idx;
3410 		__le64 start_tsf;
3411 		__le16 mantissa;
3412 		u8 exponent;
3413 		u8 is_ap;
3414 		u8 agrt_params;
3415 		u8 rsv[23];
3416 	} __packed req = {
3417 		.tbl_idx = flow->table_id,
3418 		.cmd = cmd,
3419 		.own_mac_idx = mvif->mt76.omac_idx,
3420 		.flowid = flow->id,
3421 		.peer_id = cpu_to_le16(flow->wcid),
3422 		.duration = flow->duration,
3423 		.bss_idx = mvif->mt76.idx,
3424 		.start_tsf = cpu_to_le64(flow->tsf),
3425 		.mantissa = flow->mantissa,
3426 		.exponent = flow->exp,
3427 		.is_ap = true,
3428 	};
3429 
3430 	if (flow->protection)
3431 		req.agrt_params |= TWT_AGRT_PROTECT;
3432 	if (!flow->flowtype)
3433 		req.agrt_params |= TWT_AGRT_ANNOUNCE;
3434 	if (flow->trigger)
3435 		req.agrt_params |= TWT_AGRT_TRIGGER;
3436 
3437 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(TWT_AGRT_UPDATE),
3438 				 &req, sizeof(req), true);
3439 }
3440 
3441 int mt7915_mcu_rf_regval(struct mt7915_dev *dev, u32 regidx, u32 *val, bool set)
3442 {
3443 	struct {
3444 		__le32 idx;
3445 		__le32 ofs;
3446 		__le32 data;
3447 	} __packed req = {
3448 		.idx = cpu_to_le32(u32_get_bits(regidx, GENMASK(31, 28))),
3449 		.ofs = cpu_to_le32(u32_get_bits(regidx, GENMASK(27, 0))),
3450 		.data = set ? cpu_to_le32(*val) : 0,
3451 	};
3452 	struct sk_buff *skb;
3453 	int ret;
3454 
3455 	if (set)
3456 		return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RF_REG_ACCESS),
3457 					 &req, sizeof(req), false);
3458 
3459 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(RF_REG_ACCESS),
3460 					&req, sizeof(req), true, &skb);
3461 	if (ret)
3462 		return ret;
3463 
3464 	*val = le32_to_cpu(*(__le32 *)(skb->data + 8));
3465 	dev_kfree_skb(skb);
3466 
3467 	return 0;
3468 }
3469