xref: /openbmc/linux/drivers/net/wireless/mediatek/mt76/mt7915/mcu.c (revision 9df839a711aee437390b16ee39cf0b5c1620be6a)
1 // SPDX-License-Identifier: ISC
2 /* Copyright (C) 2020 MediaTek Inc. */
3 
4 #include <linux/fs.h>
5 #include "mt7915.h"
6 #include "mcu.h"
7 #include "mac.h"
8 #include "eeprom.h"
9 
10 #define fw_name(_dev, name, ...)	({			\
11 	char *_fw;						\
12 	switch (mt76_chip(&(_dev)->mt76)) {			\
13 	case 0x7915:						\
14 		_fw = MT7915_##name;				\
15 		break;						\
16 	case 0x7986:						\
17 		_fw = MT7986_##name##__VA_ARGS__;		\
18 		break;						\
19 	default:						\
20 		_fw = MT7916_##name;				\
21 		break;						\
22 	}							\
23 	_fw;							\
24 })
25 
26 #define fw_name_var(_dev, name)		(mt7915_check_adie(dev, false) ?	\
27 					 fw_name(_dev, name) :			\
28 					 fw_name(_dev, name, _MT7975))
29 
30 #define MCU_PATCH_ADDRESS		0x200000
31 
32 #define HE_PHY(p, c)			u8_get_bits(c, IEEE80211_HE_PHY_##p)
33 #define HE_MAC(m, c)			u8_get_bits(c, IEEE80211_HE_MAC_##m)
34 
35 static bool sr_scene_detect = true;
36 module_param(sr_scene_detect, bool, 0644);
37 MODULE_PARM_DESC(sr_scene_detect, "Enable firmware scene detection algorithm");
38 
39 static u8
40 mt7915_mcu_get_sta_nss(u16 mcs_map)
41 {
42 	u8 nss;
43 
44 	for (nss = 8; nss > 0; nss--) {
45 		u8 nss_mcs = (mcs_map >> (2 * (nss - 1))) & 3;
46 
47 		if (nss_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED)
48 			break;
49 	}
50 
51 	return nss - 1;
52 }
53 
54 static void
55 mt7915_mcu_set_sta_he_mcs(struct ieee80211_sta *sta, __le16 *he_mcs,
56 			  u16 mcs_map)
57 {
58 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
59 	struct mt7915_dev *dev = msta->vif->phy->dev;
60 	enum nl80211_band band = msta->vif->phy->mt76->chandef.chan->band;
61 	const u16 *mask = msta->vif->bitrate_mask.control[band].he_mcs;
62 	int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
63 
64 	for (nss = 0; nss < max_nss; nss++) {
65 		int mcs;
66 
67 		switch ((mcs_map >> (2 * nss)) & 0x3) {
68 		case IEEE80211_HE_MCS_SUPPORT_0_11:
69 			mcs = GENMASK(11, 0);
70 			break;
71 		case IEEE80211_HE_MCS_SUPPORT_0_9:
72 			mcs = GENMASK(9, 0);
73 			break;
74 		case IEEE80211_HE_MCS_SUPPORT_0_7:
75 			mcs = GENMASK(7, 0);
76 			break;
77 		default:
78 			mcs = 0;
79 		}
80 
81 		mcs = mcs ? fls(mcs & mask[nss]) - 1 : -1;
82 
83 		switch (mcs) {
84 		case 0 ... 7:
85 			mcs = IEEE80211_HE_MCS_SUPPORT_0_7;
86 			break;
87 		case 8 ... 9:
88 			mcs = IEEE80211_HE_MCS_SUPPORT_0_9;
89 			break;
90 		case 10 ... 11:
91 			mcs = IEEE80211_HE_MCS_SUPPORT_0_11;
92 			break;
93 		default:
94 			mcs = IEEE80211_HE_MCS_NOT_SUPPORTED;
95 			break;
96 		}
97 		mcs_map &= ~(0x3 << (nss * 2));
98 		mcs_map |= mcs << (nss * 2);
99 
100 		/* only support 2ss on 160MHz for mt7915 */
101 		if (is_mt7915(&dev->mt76) && nss > 1 &&
102 		    sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
103 			break;
104 	}
105 
106 	*he_mcs = cpu_to_le16(mcs_map);
107 }
108 
109 static void
110 mt7915_mcu_set_sta_vht_mcs(struct ieee80211_sta *sta, __le16 *vht_mcs,
111 			   const u16 *mask)
112 {
113 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
114 	struct mt7915_dev *dev = msta->vif->phy->dev;
115 	u16 mcs_map = le16_to_cpu(sta->deflink.vht_cap.vht_mcs.rx_mcs_map);
116 	int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
117 	u16 mcs;
118 
119 	for (nss = 0; nss < max_nss; nss++, mcs_map >>= 2) {
120 		switch (mcs_map & 0x3) {
121 		case IEEE80211_VHT_MCS_SUPPORT_0_9:
122 			mcs = GENMASK(9, 0);
123 			break;
124 		case IEEE80211_VHT_MCS_SUPPORT_0_8:
125 			mcs = GENMASK(8, 0);
126 			break;
127 		case IEEE80211_VHT_MCS_SUPPORT_0_7:
128 			mcs = GENMASK(7, 0);
129 			break;
130 		default:
131 			mcs = 0;
132 		}
133 
134 		vht_mcs[nss] = cpu_to_le16(mcs & mask[nss]);
135 
136 		/* only support 2ss on 160MHz for mt7915 */
137 		if (is_mt7915(&dev->mt76) && nss > 1 &&
138 		    sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
139 			break;
140 	}
141 }
142 
143 static void
144 mt7915_mcu_set_sta_ht_mcs(struct ieee80211_sta *sta, u8 *ht_mcs,
145 			  const u8 *mask)
146 {
147 	int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
148 
149 	for (nss = 0; nss < max_nss; nss++)
150 		ht_mcs[nss] = sta->deflink.ht_cap.mcs.rx_mask[nss] & mask[nss];
151 }
152 
153 static int
154 mt7915_mcu_parse_response(struct mt76_dev *mdev, int cmd,
155 			  struct sk_buff *skb, int seq)
156 {
157 	struct mt76_connac2_mcu_rxd *rxd;
158 	int ret = 0;
159 
160 	if (!skb) {
161 		dev_err(mdev->dev, "Message %08x (seq %d) timeout\n",
162 			cmd, seq);
163 		return -ETIMEDOUT;
164 	}
165 
166 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
167 	if (seq != rxd->seq)
168 		return -EAGAIN;
169 
170 	if (cmd == MCU_CMD(PATCH_SEM_CONTROL)) {
171 		skb_pull(skb, sizeof(*rxd) - 4);
172 		ret = *skb->data;
173 	} else if (cmd == MCU_EXT_CMD(THERMAL_CTRL)) {
174 		skb_pull(skb, sizeof(*rxd) + 4);
175 		ret = le32_to_cpu(*(__le32 *)skb->data);
176 	} else {
177 		skb_pull(skb, sizeof(struct mt76_connac2_mcu_rxd));
178 	}
179 
180 	return ret;
181 }
182 
183 static int
184 mt7915_mcu_send_message(struct mt76_dev *mdev, struct sk_buff *skb,
185 			int cmd, int *wait_seq)
186 {
187 	struct mt7915_dev *dev = container_of(mdev, struct mt7915_dev, mt76);
188 	enum mt76_mcuq_id qid;
189 	int ret;
190 
191 	ret = mt76_connac2_mcu_fill_message(mdev, skb, cmd, wait_seq);
192 	if (ret)
193 		return ret;
194 
195 	if (cmd == MCU_CMD(FW_SCATTER))
196 		qid = MT_MCUQ_FWDL;
197 	else if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state))
198 		qid = MT_MCUQ_WA;
199 	else
200 		qid = MT_MCUQ_WM;
201 
202 	return mt76_tx_queue_skb_raw(dev, mdev->q_mcu[qid], skb, 0);
203 }
204 
205 int mt7915_mcu_wa_cmd(struct mt7915_dev *dev, int cmd, u32 a1, u32 a2, u32 a3)
206 {
207 	struct {
208 		__le32 args[3];
209 	} req = {
210 		.args = {
211 			cpu_to_le32(a1),
212 			cpu_to_le32(a2),
213 			cpu_to_le32(a3),
214 		},
215 	};
216 
217 	return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), false);
218 }
219 
220 static void
221 mt7915_mcu_csa_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
222 {
223 	if (vif->bss_conf.csa_active)
224 		ieee80211_csa_finish(vif);
225 }
226 
227 static void
228 mt7915_mcu_rx_csa_notify(struct mt7915_dev *dev, struct sk_buff *skb)
229 {
230 	struct mt76_phy *mphy = &dev->mt76.phy;
231 	struct mt7915_mcu_csa_notify *c;
232 
233 	c = (struct mt7915_mcu_csa_notify *)skb->data;
234 
235 	if (c->band_idx > MT_BAND1)
236 		return;
237 
238 	if ((c->band_idx && !dev->phy.mt76->band_idx) &&
239 	    dev->mt76.phys[MT_BAND1])
240 		mphy = dev->mt76.phys[MT_BAND1];
241 
242 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
243 			IEEE80211_IFACE_ITER_RESUME_ALL,
244 			mt7915_mcu_csa_finish, mphy->hw);
245 }
246 
247 static void
248 mt7915_mcu_rx_thermal_notify(struct mt7915_dev *dev, struct sk_buff *skb)
249 {
250 	struct mt76_phy *mphy = &dev->mt76.phy;
251 	struct mt7915_mcu_thermal_notify *t;
252 	struct mt7915_phy *phy;
253 
254 	t = (struct mt7915_mcu_thermal_notify *)skb->data;
255 	if (t->ctrl.ctrl_id != THERMAL_PROTECT_ENABLE)
256 		return;
257 
258 	if (t->ctrl.band_idx > MT_BAND1)
259 		return;
260 
261 	if ((t->ctrl.band_idx && !dev->phy.mt76->band_idx) &&
262 	    dev->mt76.phys[MT_BAND1])
263 		mphy = dev->mt76.phys[MT_BAND1];
264 
265 	phy = (struct mt7915_phy *)mphy->priv;
266 	phy->throttle_state = t->ctrl.duty.duty_cycle;
267 }
268 
269 static void
270 mt7915_mcu_rx_radar_detected(struct mt7915_dev *dev, struct sk_buff *skb)
271 {
272 	struct mt76_phy *mphy = &dev->mt76.phy;
273 	struct mt7915_mcu_rdd_report *r;
274 
275 	r = (struct mt7915_mcu_rdd_report *)skb->data;
276 
277 	if (r->band_idx > MT_BAND1)
278 		return;
279 
280 	if ((r->band_idx && !dev->phy.mt76->band_idx) &&
281 	    dev->mt76.phys[MT_BAND1])
282 		mphy = dev->mt76.phys[MT_BAND1];
283 
284 	if (r->band_idx == MT_RX_SEL2)
285 		cfg80211_background_radar_event(mphy->hw->wiphy,
286 						&dev->rdd2_chandef,
287 						GFP_ATOMIC);
288 	else
289 		ieee80211_radar_detected(mphy->hw);
290 	dev->hw_pattern++;
291 }
292 
293 static void
294 mt7915_mcu_rx_log_message(struct mt7915_dev *dev, struct sk_buff *skb)
295 {
296 	struct mt76_connac2_mcu_rxd *rxd;
297 	int len = skb->len - sizeof(*rxd);
298 	const char *data, *type;
299 
300 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
301 	data = (char *)&rxd[1];
302 
303 	switch (rxd->s2d_index) {
304 	case 0:
305 		if (mt7915_debugfs_rx_log(dev, data, len))
306 			return;
307 
308 		type = "WM";
309 		break;
310 	case 2:
311 		type = "WA";
312 		break;
313 	default:
314 		type = "unknown";
315 		break;
316 	}
317 
318 	wiphy_info(mt76_hw(dev)->wiphy, "%s: %.*s", type, len, data);
319 }
320 
321 static void
322 mt7915_mcu_cca_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
323 {
324 	if (!vif->bss_conf.color_change_active)
325 		return;
326 
327 	ieee80211_color_change_finish(vif);
328 }
329 
330 static void
331 mt7915_mcu_rx_bcc_notify(struct mt7915_dev *dev, struct sk_buff *skb)
332 {
333 	struct mt76_phy *mphy = &dev->mt76.phy;
334 	struct mt7915_mcu_bcc_notify *b;
335 
336 	b = (struct mt7915_mcu_bcc_notify *)skb->data;
337 
338 	if (b->band_idx > MT_BAND1)
339 		return;
340 
341 	if ((b->band_idx && !dev->phy.mt76->band_idx) &&
342 	    dev->mt76.phys[MT_BAND1])
343 		mphy = dev->mt76.phys[MT_BAND1];
344 
345 	ieee80211_iterate_active_interfaces_atomic(mphy->hw,
346 			IEEE80211_IFACE_ITER_RESUME_ALL,
347 			mt7915_mcu_cca_finish, mphy->hw);
348 }
349 
350 static void
351 mt7915_mcu_rx_ext_event(struct mt7915_dev *dev, struct sk_buff *skb)
352 {
353 	struct mt76_connac2_mcu_rxd *rxd;
354 
355 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
356 	switch (rxd->ext_eid) {
357 	case MCU_EXT_EVENT_THERMAL_PROTECT:
358 		mt7915_mcu_rx_thermal_notify(dev, skb);
359 		break;
360 	case MCU_EXT_EVENT_RDD_REPORT:
361 		mt7915_mcu_rx_radar_detected(dev, skb);
362 		break;
363 	case MCU_EXT_EVENT_CSA_NOTIFY:
364 		mt7915_mcu_rx_csa_notify(dev, skb);
365 		break;
366 	case MCU_EXT_EVENT_FW_LOG_2_HOST:
367 		mt7915_mcu_rx_log_message(dev, skb);
368 		break;
369 	case MCU_EXT_EVENT_BCC_NOTIFY:
370 		mt7915_mcu_rx_bcc_notify(dev, skb);
371 		break;
372 	default:
373 		break;
374 	}
375 }
376 
377 static void
378 mt7915_mcu_rx_unsolicited_event(struct mt7915_dev *dev, struct sk_buff *skb)
379 {
380 	struct mt76_connac2_mcu_rxd *rxd;
381 
382 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
383 	switch (rxd->eid) {
384 	case MCU_EVENT_EXT:
385 		mt7915_mcu_rx_ext_event(dev, skb);
386 		break;
387 	default:
388 		break;
389 	}
390 	dev_kfree_skb(skb);
391 }
392 
393 void mt7915_mcu_rx_event(struct mt7915_dev *dev, struct sk_buff *skb)
394 {
395 	struct mt76_connac2_mcu_rxd *rxd;
396 
397 	rxd = (struct mt76_connac2_mcu_rxd *)skb->data;
398 	if (rxd->ext_eid == MCU_EXT_EVENT_THERMAL_PROTECT ||
399 	    rxd->ext_eid == MCU_EXT_EVENT_FW_LOG_2_HOST ||
400 	    rxd->ext_eid == MCU_EXT_EVENT_ASSERT_DUMP ||
401 	    rxd->ext_eid == MCU_EXT_EVENT_PS_SYNC ||
402 	    rxd->ext_eid == MCU_EXT_EVENT_BCC_NOTIFY ||
403 	    !rxd->seq)
404 		mt7915_mcu_rx_unsolicited_event(dev, skb);
405 	else
406 		mt76_mcu_rx_event(&dev->mt76, skb);
407 }
408 
409 static struct tlv *
410 mt7915_mcu_add_nested_subtlv(struct sk_buff *skb, int sub_tag, int sub_len,
411 			     __le16 *sub_ntlv, __le16 *len)
412 {
413 	struct tlv *ptlv, tlv = {
414 		.tag = cpu_to_le16(sub_tag),
415 		.len = cpu_to_le16(sub_len),
416 	};
417 
418 	ptlv = skb_put(skb, sub_len);
419 	memcpy(ptlv, &tlv, sizeof(tlv));
420 
421 	le16_add_cpu(sub_ntlv, 1);
422 	le16_add_cpu(len, sub_len);
423 
424 	return ptlv;
425 }
426 
427 /** bss info **/
428 struct mt7915_he_obss_narrow_bw_ru_data {
429 	bool tolerated;
430 };
431 
432 static void mt7915_check_he_obss_narrow_bw_ru_iter(struct wiphy *wiphy,
433 						   struct cfg80211_bss *bss,
434 						   void *_data)
435 {
436 	struct mt7915_he_obss_narrow_bw_ru_data *data = _data;
437 	const struct element *elem;
438 
439 	rcu_read_lock();
440 	elem = ieee80211_bss_get_elem(bss, WLAN_EID_EXT_CAPABILITY);
441 
442 	if (!elem || elem->datalen <= 10 ||
443 	    !(elem->data[10] &
444 	      WLAN_EXT_CAPA10_OBSS_NARROW_BW_RU_TOLERANCE_SUPPORT))
445 		data->tolerated = false;
446 
447 	rcu_read_unlock();
448 }
449 
450 static bool mt7915_check_he_obss_narrow_bw_ru(struct ieee80211_hw *hw,
451 					      struct ieee80211_vif *vif)
452 {
453 	struct mt7915_he_obss_narrow_bw_ru_data iter_data = {
454 		.tolerated = true,
455 	};
456 
457 	if (!(vif->bss_conf.chandef.chan->flags & IEEE80211_CHAN_RADAR))
458 		return false;
459 
460 	cfg80211_bss_iter(hw->wiphy, &vif->bss_conf.chandef,
461 			  mt7915_check_he_obss_narrow_bw_ru_iter,
462 			  &iter_data);
463 
464 	/*
465 	 * If there is at least one AP on radar channel that cannot
466 	 * tolerate 26-tone RU UL OFDMA transmissions using HE TB PPDU.
467 	 */
468 	return !iter_data.tolerated;
469 }
470 
471 static void
472 mt7915_mcu_bss_rfch_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
473 			struct mt7915_phy *phy)
474 {
475 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
476 	struct bss_info_rf_ch *ch;
477 	struct tlv *tlv;
478 	int freq1 = chandef->center_freq1;
479 
480 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_RF_CH, sizeof(*ch));
481 
482 	ch = (struct bss_info_rf_ch *)tlv;
483 	ch->pri_ch = chandef->chan->hw_value;
484 	ch->center_ch0 = ieee80211_frequency_to_channel(freq1);
485 	ch->bw = mt76_connac_chan_bw(chandef);
486 
487 	if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
488 		int freq2 = chandef->center_freq2;
489 
490 		ch->center_ch1 = ieee80211_frequency_to_channel(freq2);
491 	}
492 
493 	if (vif->bss_conf.he_support && vif->type == NL80211_IFTYPE_STATION) {
494 		struct mt76_phy *mphy = phy->mt76;
495 
496 		ch->he_ru26_block =
497 			mt7915_check_he_obss_narrow_bw_ru(mphy->hw, vif);
498 		ch->he_all_disable = false;
499 	} else {
500 		ch->he_all_disable = true;
501 	}
502 }
503 
504 static void
505 mt7915_mcu_bss_ra_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
506 		      struct mt7915_phy *phy)
507 {
508 	int max_nss = hweight8(phy->mt76->antenna_mask);
509 	struct bss_info_ra *ra;
510 	struct tlv *tlv;
511 
512 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_RA, sizeof(*ra));
513 
514 	ra = (struct bss_info_ra *)tlv;
515 	ra->op_mode = vif->type == NL80211_IFTYPE_AP;
516 	ra->adhoc_en = vif->type == NL80211_IFTYPE_ADHOC;
517 	ra->short_preamble = true;
518 	ra->tx_streams = max_nss;
519 	ra->rx_streams = max_nss;
520 	ra->algo = 4;
521 	ra->train_up_rule = 2;
522 	ra->train_up_high_thres = 110;
523 	ra->train_up_rule_rssi = -70;
524 	ra->low_traffic_thres = 2;
525 	ra->phy_cap = cpu_to_le32(0xfdf);
526 	ra->interval = cpu_to_le32(500);
527 	ra->fast_interval = cpu_to_le32(100);
528 }
529 
530 static void
531 mt7915_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
532 		      struct mt7915_phy *phy)
533 {
534 #define DEFAULT_HE_PE_DURATION		4
535 #define DEFAULT_HE_DURATION_RTS_THRES	1023
536 	const struct ieee80211_sta_he_cap *cap;
537 	struct bss_info_he *he;
538 	struct tlv *tlv;
539 
540 	cap = mt76_connac_get_he_phy_cap(phy->mt76, vif);
541 
542 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_HE_BASIC, sizeof(*he));
543 
544 	he = (struct bss_info_he *)tlv;
545 	he->he_pe_duration = vif->bss_conf.htc_trig_based_pkt_ext;
546 	if (!he->he_pe_duration)
547 		he->he_pe_duration = DEFAULT_HE_PE_DURATION;
548 
549 	he->he_rts_thres = cpu_to_le16(vif->bss_conf.frame_time_rts_th);
550 	if (!he->he_rts_thres)
551 		he->he_rts_thres = cpu_to_le16(DEFAULT_HE_DURATION_RTS_THRES);
552 
553 	he->max_nss_mcs[CMD_HE_MCS_BW80] = cap->he_mcs_nss_supp.tx_mcs_80;
554 	he->max_nss_mcs[CMD_HE_MCS_BW160] = cap->he_mcs_nss_supp.tx_mcs_160;
555 	he->max_nss_mcs[CMD_HE_MCS_BW8080] = cap->he_mcs_nss_supp.tx_mcs_80p80;
556 }
557 
558 static void
559 mt7915_mcu_bss_hw_amsdu_tlv(struct sk_buff *skb)
560 {
561 #define TXD_CMP_MAP1		GENMASK(15, 0)
562 #define TXD_CMP_MAP2		(GENMASK(31, 0) & ~BIT(23))
563 	struct bss_info_hw_amsdu *amsdu;
564 	struct tlv *tlv;
565 
566 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_HW_AMSDU, sizeof(*amsdu));
567 
568 	amsdu = (struct bss_info_hw_amsdu *)tlv;
569 	amsdu->cmp_bitmap_0 = cpu_to_le32(TXD_CMP_MAP1);
570 	amsdu->cmp_bitmap_1 = cpu_to_le32(TXD_CMP_MAP2);
571 	amsdu->trig_thres = cpu_to_le16(2);
572 	amsdu->enable = true;
573 }
574 
575 static void
576 mt7915_mcu_bss_bmc_tlv(struct sk_buff *skb, struct mt7915_phy *phy)
577 {
578 	struct bss_info_bmc_rate *bmc;
579 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
580 	enum nl80211_band band = chandef->chan->band;
581 	struct tlv *tlv;
582 
583 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_BMC_RATE, sizeof(*bmc));
584 
585 	bmc = (struct bss_info_bmc_rate *)tlv;
586 	if (band == NL80211_BAND_2GHZ) {
587 		bmc->short_preamble = true;
588 	} else {
589 		bmc->bc_trans = cpu_to_le16(0x2000);
590 		bmc->mc_trans = cpu_to_le16(0x2080);
591 	}
592 }
593 
594 static int
595 mt7915_mcu_muar_config(struct mt7915_phy *phy, struct ieee80211_vif *vif,
596 		       bool bssid, bool enable)
597 {
598 	struct mt7915_dev *dev = phy->dev;
599 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
600 	u32 idx = mvif->mt76.omac_idx - REPEATER_BSSID_START;
601 	u32 mask = phy->omac_mask >> 32 & ~BIT(idx);
602 	const u8 *addr = vif->addr;
603 	struct {
604 		u8 mode;
605 		u8 force_clear;
606 		u8 clear_bitmap[8];
607 		u8 entry_count;
608 		u8 write;
609 		u8 band;
610 
611 		u8 index;
612 		u8 bssid;
613 		u8 addr[ETH_ALEN];
614 	} __packed req = {
615 		.mode = !!mask || enable,
616 		.entry_count = 1,
617 		.write = 1,
618 		.band = phy->mt76->band_idx,
619 		.index = idx * 2 + bssid,
620 	};
621 
622 	if (bssid)
623 		addr = vif->bss_conf.bssid;
624 
625 	if (enable)
626 		ether_addr_copy(req.addr, addr);
627 
628 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MUAR_UPDATE), &req,
629 				 sizeof(req), true);
630 }
631 
632 int mt7915_mcu_add_bss_info(struct mt7915_phy *phy,
633 			    struct ieee80211_vif *vif, int enable)
634 {
635 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
636 	struct mt7915_dev *dev = phy->dev;
637 	struct sk_buff *skb;
638 
639 	if (mvif->mt76.omac_idx >= REPEATER_BSSID_START) {
640 		mt7915_mcu_muar_config(phy, vif, false, enable);
641 		mt7915_mcu_muar_config(phy, vif, true, enable);
642 	}
643 
644 	skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76, NULL,
645 					      MT7915_BSS_UPDATE_MAX_SIZE);
646 	if (IS_ERR(skb))
647 		return PTR_ERR(skb);
648 
649 	/* bss_omac must be first */
650 	if (enable)
651 		mt76_connac_mcu_bss_omac_tlv(skb, vif);
652 
653 	mt76_connac_mcu_bss_basic_tlv(skb, vif, NULL, phy->mt76,
654 				      mvif->sta.wcid.idx, enable);
655 
656 	if (vif->type == NL80211_IFTYPE_MONITOR)
657 		goto out;
658 
659 	if (enable) {
660 		mt7915_mcu_bss_rfch_tlv(skb, vif, phy);
661 		mt7915_mcu_bss_bmc_tlv(skb, phy);
662 		mt7915_mcu_bss_ra_tlv(skb, vif, phy);
663 		mt7915_mcu_bss_hw_amsdu_tlv(skb);
664 
665 		if (vif->bss_conf.he_support)
666 			mt7915_mcu_bss_he_tlv(skb, vif, phy);
667 
668 		if (mvif->mt76.omac_idx >= EXT_BSSID_START &&
669 		    mvif->mt76.omac_idx < REPEATER_BSSID_START)
670 			mt76_connac_mcu_bss_ext_tlv(skb, &mvif->mt76);
671 	}
672 out:
673 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
674 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
675 }
676 
677 /** starec & wtbl **/
678 int mt7915_mcu_add_tx_ba(struct mt7915_dev *dev,
679 			 struct ieee80211_ampdu_params *params,
680 			 bool enable)
681 {
682 	struct mt7915_sta *msta = (struct mt7915_sta *)params->sta->drv_priv;
683 	struct mt7915_vif *mvif = msta->vif;
684 
685 	if (enable && !params->amsdu)
686 		msta->wcid.amsdu = false;
687 
688 	return mt76_connac_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
689 				      MCU_EXT_CMD(STA_REC_UPDATE),
690 				      enable, true);
691 }
692 
693 int mt7915_mcu_add_rx_ba(struct mt7915_dev *dev,
694 			 struct ieee80211_ampdu_params *params,
695 			 bool enable)
696 {
697 	struct mt7915_sta *msta = (struct mt7915_sta *)params->sta->drv_priv;
698 	struct mt7915_vif *mvif = msta->vif;
699 
700 	return mt76_connac_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
701 				      MCU_EXT_CMD(STA_REC_UPDATE),
702 				      enable, false);
703 }
704 
705 static void
706 mt7915_mcu_sta_he_tlv(struct sk_buff *skb, struct ieee80211_sta *sta,
707 		      struct ieee80211_vif *vif)
708 {
709 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
710 	struct ieee80211_he_cap_elem *elem = &sta->deflink.he_cap.he_cap_elem;
711 	struct ieee80211_he_mcs_nss_supp mcs_map;
712 	struct sta_rec_he *he;
713 	struct tlv *tlv;
714 	u32 cap = 0;
715 
716 	if (!sta->deflink.he_cap.has_he)
717 		return;
718 
719 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HE, sizeof(*he));
720 
721 	he = (struct sta_rec_he *)tlv;
722 
723 	if (elem->mac_cap_info[0] & IEEE80211_HE_MAC_CAP0_HTC_HE)
724 		cap |= STA_REC_HE_CAP_HTC;
725 
726 	if (elem->mac_cap_info[2] & IEEE80211_HE_MAC_CAP2_BSR)
727 		cap |= STA_REC_HE_CAP_BSR;
728 
729 	if (elem->mac_cap_info[3] & IEEE80211_HE_MAC_CAP3_OMI_CONTROL)
730 		cap |= STA_REC_HE_CAP_OM;
731 
732 	if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU)
733 		cap |= STA_REC_HE_CAP_AMSDU_IN_AMPDU;
734 
735 	if (elem->mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_BQR)
736 		cap |= STA_REC_HE_CAP_BQR;
737 
738 	if (elem->phy_cap_info[0] &
739 	    (IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_RU_MAPPING_IN_2G |
740 	     IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_RU_MAPPING_IN_5G))
741 		cap |= STA_REC_HE_CAP_BW20_RU242_SUPPORT;
742 
743 	if (mvif->cap.he_ldpc &&
744 	    (elem->phy_cap_info[1] &
745 	     IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD))
746 		cap |= STA_REC_HE_CAP_LDPC;
747 
748 	if (elem->phy_cap_info[1] &
749 	    IEEE80211_HE_PHY_CAP1_HE_LTF_AND_GI_FOR_HE_PPDUS_0_8US)
750 		cap |= STA_REC_HE_CAP_SU_PPDU_1LTF_8US_GI;
751 
752 	if (elem->phy_cap_info[2] &
753 	    IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US)
754 		cap |= STA_REC_HE_CAP_NDP_4LTF_3DOT2MS_GI;
755 
756 	if (elem->phy_cap_info[2] &
757 	    IEEE80211_HE_PHY_CAP2_STBC_TX_UNDER_80MHZ)
758 		cap |= STA_REC_HE_CAP_LE_EQ_80M_TX_STBC;
759 
760 	if (elem->phy_cap_info[2] &
761 	    IEEE80211_HE_PHY_CAP2_STBC_RX_UNDER_80MHZ)
762 		cap |= STA_REC_HE_CAP_LE_EQ_80M_RX_STBC;
763 
764 	if (elem->phy_cap_info[6] &
765 	    IEEE80211_HE_PHY_CAP6_TRIG_CQI_FB)
766 		cap |= STA_REC_HE_CAP_TRIG_CQI_FK;
767 
768 	if (elem->phy_cap_info[6] &
769 	    IEEE80211_HE_PHY_CAP6_PARTIAL_BW_EXT_RANGE)
770 		cap |= STA_REC_HE_CAP_PARTIAL_BW_EXT_RANGE;
771 
772 	if (elem->phy_cap_info[7] &
773 	    IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI)
774 		cap |= STA_REC_HE_CAP_SU_MU_PPDU_4LTF_8US_GI;
775 
776 	if (elem->phy_cap_info[7] &
777 	    IEEE80211_HE_PHY_CAP7_STBC_TX_ABOVE_80MHZ)
778 		cap |= STA_REC_HE_CAP_GT_80M_TX_STBC;
779 
780 	if (elem->phy_cap_info[7] &
781 	    IEEE80211_HE_PHY_CAP7_STBC_RX_ABOVE_80MHZ)
782 		cap |= STA_REC_HE_CAP_GT_80M_RX_STBC;
783 
784 	if (elem->phy_cap_info[8] &
785 	    IEEE80211_HE_PHY_CAP8_HE_ER_SU_PPDU_4XLTF_AND_08_US_GI)
786 		cap |= STA_REC_HE_CAP_ER_SU_PPDU_4LTF_8US_GI;
787 
788 	if (elem->phy_cap_info[8] &
789 	    IEEE80211_HE_PHY_CAP8_HE_ER_SU_1XLTF_AND_08_US_GI)
790 		cap |= STA_REC_HE_CAP_ER_SU_PPDU_1LTF_8US_GI;
791 
792 	if (elem->phy_cap_info[9] &
793 	    IEEE80211_HE_PHY_CAP9_TX_1024_QAM_LESS_THAN_242_TONE_RU)
794 		cap |= STA_REC_HE_CAP_TX_1024QAM_UNDER_RU242;
795 
796 	if (elem->phy_cap_info[9] &
797 	    IEEE80211_HE_PHY_CAP9_RX_1024_QAM_LESS_THAN_242_TONE_RU)
798 		cap |= STA_REC_HE_CAP_RX_1024QAM_UNDER_RU242;
799 
800 	he->he_cap = cpu_to_le32(cap);
801 
802 	mcs_map = sta->deflink.he_cap.he_mcs_nss_supp;
803 	switch (sta->deflink.bandwidth) {
804 	case IEEE80211_STA_RX_BW_160:
805 		if (elem->phy_cap_info[0] &
806 		    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)
807 			mt7915_mcu_set_sta_he_mcs(sta,
808 						  &he->max_nss_mcs[CMD_HE_MCS_BW8080],
809 						  le16_to_cpu(mcs_map.rx_mcs_80p80));
810 
811 		mt7915_mcu_set_sta_he_mcs(sta,
812 					  &he->max_nss_mcs[CMD_HE_MCS_BW160],
813 					  le16_to_cpu(mcs_map.rx_mcs_160));
814 		fallthrough;
815 	default:
816 		mt7915_mcu_set_sta_he_mcs(sta,
817 					  &he->max_nss_mcs[CMD_HE_MCS_BW80],
818 					  le16_to_cpu(mcs_map.rx_mcs_80));
819 		break;
820 	}
821 
822 	he->t_frame_dur =
823 		HE_MAC(CAP1_TF_MAC_PAD_DUR_MASK, elem->mac_cap_info[1]);
824 	he->max_ampdu_exp =
825 		HE_MAC(CAP3_MAX_AMPDU_LEN_EXP_MASK, elem->mac_cap_info[3]);
826 
827 	he->bw_set =
828 		HE_PHY(CAP0_CHANNEL_WIDTH_SET_MASK, elem->phy_cap_info[0]);
829 	he->device_class =
830 		HE_PHY(CAP1_DEVICE_CLASS_A, elem->phy_cap_info[1]);
831 	he->punc_pream_rx =
832 		HE_PHY(CAP1_PREAMBLE_PUNC_RX_MASK, elem->phy_cap_info[1]);
833 
834 	he->dcm_tx_mode =
835 		HE_PHY(CAP3_DCM_MAX_CONST_TX_MASK, elem->phy_cap_info[3]);
836 	he->dcm_tx_max_nss =
837 		HE_PHY(CAP3_DCM_MAX_TX_NSS_2, elem->phy_cap_info[3]);
838 	he->dcm_rx_mode =
839 		HE_PHY(CAP3_DCM_MAX_CONST_RX_MASK, elem->phy_cap_info[3]);
840 	he->dcm_rx_max_nss =
841 		HE_PHY(CAP3_DCM_MAX_RX_NSS_2, elem->phy_cap_info[3]);
842 	he->dcm_rx_max_nss =
843 		HE_PHY(CAP8_DCM_MAX_RU_MASK, elem->phy_cap_info[8]);
844 
845 	he->pkt_ext = 2;
846 }
847 
848 static void
849 mt7915_mcu_sta_muru_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
850 			struct ieee80211_sta *sta, struct ieee80211_vif *vif)
851 {
852 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
853 	struct ieee80211_he_cap_elem *elem = &sta->deflink.he_cap.he_cap_elem;
854 	struct sta_rec_muru *muru;
855 	struct tlv *tlv;
856 
857 	if (vif->type != NL80211_IFTYPE_STATION &&
858 	    vif->type != NL80211_IFTYPE_AP)
859 		return;
860 
861 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_MURU, sizeof(*muru));
862 
863 	muru = (struct sta_rec_muru *)tlv;
864 
865 	muru->cfg.mimo_dl_en = mvif->cap.he_mu_ebfer ||
866 			       mvif->cap.vht_mu_ebfer ||
867 			       mvif->cap.vht_mu_ebfee;
868 	if (!is_mt7915(&dev->mt76))
869 		muru->cfg.mimo_ul_en = true;
870 	muru->cfg.ofdma_dl_en = true;
871 
872 	if (sta->deflink.vht_cap.vht_supported)
873 		muru->mimo_dl.vht_mu_bfee =
874 			!!(sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
875 
876 	if (!sta->deflink.he_cap.has_he)
877 		return;
878 
879 	muru->mimo_dl.partial_bw_dl_mimo =
880 		HE_PHY(CAP6_PARTIAL_BANDWIDTH_DL_MUMIMO, elem->phy_cap_info[6]);
881 
882 	muru->mimo_ul.full_ul_mimo =
883 		HE_PHY(CAP2_UL_MU_FULL_MU_MIMO, elem->phy_cap_info[2]);
884 	muru->mimo_ul.partial_ul_mimo =
885 		HE_PHY(CAP2_UL_MU_PARTIAL_MU_MIMO, elem->phy_cap_info[2]);
886 
887 	muru->ofdma_dl.punc_pream_rx =
888 		HE_PHY(CAP1_PREAMBLE_PUNC_RX_MASK, elem->phy_cap_info[1]);
889 	muru->ofdma_dl.he_20m_in_40m_2g =
890 		HE_PHY(CAP8_20MHZ_IN_40MHZ_HE_PPDU_IN_2G, elem->phy_cap_info[8]);
891 	muru->ofdma_dl.he_20m_in_160m =
892 		HE_PHY(CAP8_20MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
893 	muru->ofdma_dl.he_80m_in_160m =
894 		HE_PHY(CAP8_80MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
895 
896 	muru->ofdma_ul.t_frame_dur =
897 		HE_MAC(CAP1_TF_MAC_PAD_DUR_MASK, elem->mac_cap_info[1]);
898 	muru->ofdma_ul.mu_cascading =
899 		HE_MAC(CAP2_MU_CASCADING, elem->mac_cap_info[2]);
900 	muru->ofdma_ul.uo_ra =
901 		HE_MAC(CAP3_OFDMA_RA, elem->mac_cap_info[3]);
902 }
903 
904 static void
905 mt7915_mcu_sta_ht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
906 {
907 	struct sta_rec_ht *ht;
908 	struct tlv *tlv;
909 
910 	if (!sta->deflink.ht_cap.ht_supported)
911 		return;
912 
913 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
914 
915 	ht = (struct sta_rec_ht *)tlv;
916 	ht->ht_cap = cpu_to_le16(sta->deflink.ht_cap.cap);
917 }
918 
919 static void
920 mt7915_mcu_sta_vht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
921 {
922 	struct sta_rec_vht *vht;
923 	struct tlv *tlv;
924 
925 	if (!sta->deflink.vht_cap.vht_supported)
926 		return;
927 
928 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
929 
930 	vht = (struct sta_rec_vht *)tlv;
931 	vht->vht_cap = cpu_to_le32(sta->deflink.vht_cap.cap);
932 	vht->vht_rx_mcs_map = sta->deflink.vht_cap.vht_mcs.rx_mcs_map;
933 	vht->vht_tx_mcs_map = sta->deflink.vht_cap.vht_mcs.tx_mcs_map;
934 }
935 
936 static void
937 mt7915_mcu_sta_amsdu_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
938 			 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
939 {
940 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
941 	struct sta_rec_amsdu *amsdu;
942 	struct tlv *tlv;
943 
944 	if (vif->type != NL80211_IFTYPE_STATION &&
945 	    vif->type != NL80211_IFTYPE_AP)
946 		return;
947 
948 	if (!sta->deflink.agg.max_amsdu_len)
949 	    return;
950 
951 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HW_AMSDU, sizeof(*amsdu));
952 	amsdu = (struct sta_rec_amsdu *)tlv;
953 	amsdu->max_amsdu_num = 8;
954 	amsdu->amsdu_en = true;
955 	msta->wcid.amsdu = true;
956 
957 	switch (sta->deflink.agg.max_amsdu_len) {
958 	case IEEE80211_MAX_MPDU_LEN_VHT_11454:
959 		if (!is_mt7915(&dev->mt76)) {
960 			amsdu->max_mpdu_size =
961 				IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454;
962 			return;
963 		}
964 		fallthrough;
965 	case IEEE80211_MAX_MPDU_LEN_HT_7935:
966 	case IEEE80211_MAX_MPDU_LEN_VHT_7991:
967 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991;
968 		return;
969 	default:
970 		amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895;
971 		return;
972 	}
973 }
974 
975 static int
976 mt7915_mcu_sta_wtbl_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
977 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
978 {
979 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
980 	struct mt7915_sta *msta;
981 	struct wtbl_req_hdr *wtbl_hdr;
982 	struct mt76_wcid *wcid;
983 	struct tlv *tlv;
984 
985 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
986 	wcid = sta ? &msta->wcid : NULL;
987 
988 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_WTBL, sizeof(struct tlv));
989 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
990 						  WTBL_RESET_AND_SET, tlv,
991 						  &skb);
992 	if (IS_ERR(wtbl_hdr))
993 		return PTR_ERR(wtbl_hdr);
994 
995 	mt76_connac_mcu_wtbl_generic_tlv(&dev->mt76, skb, vif, sta, tlv,
996 					 wtbl_hdr);
997 	mt76_connac_mcu_wtbl_hdr_trans_tlv(skb, vif, wcid, tlv, wtbl_hdr);
998 	if (sta)
999 		mt76_connac_mcu_wtbl_ht_tlv(&dev->mt76, skb, sta, tlv,
1000 					    wtbl_hdr, mvif->cap.ht_ldpc,
1001 					    mvif->cap.vht_ldpc);
1002 
1003 	return 0;
1004 }
1005 
1006 static inline bool
1007 mt7915_is_ebf_supported(struct mt7915_phy *phy, struct ieee80211_vif *vif,
1008 			struct ieee80211_sta *sta, bool bfee)
1009 {
1010 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1011 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
1012 
1013 	if (vif->type != NL80211_IFTYPE_STATION &&
1014 	    vif->type != NL80211_IFTYPE_AP)
1015 		return false;
1016 
1017 	if (!bfee && tx_ant < 2)
1018 		return false;
1019 
1020 	if (sta->deflink.he_cap.has_he) {
1021 		struct ieee80211_he_cap_elem *pe = &sta->deflink.he_cap.he_cap_elem;
1022 
1023 		if (bfee)
1024 			return mvif->cap.he_su_ebfee &&
1025 			       HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]);
1026 		else
1027 			return mvif->cap.he_su_ebfer &&
1028 			       HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]);
1029 	}
1030 
1031 	if (sta->deflink.vht_cap.vht_supported) {
1032 		u32 cap = sta->deflink.vht_cap.cap;
1033 
1034 		if (bfee)
1035 			return mvif->cap.vht_su_ebfee &&
1036 			       (cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1037 		else
1038 			return mvif->cap.vht_su_ebfer &&
1039 			       (cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1040 	}
1041 
1042 	return false;
1043 }
1044 
1045 static void
1046 mt7915_mcu_sta_sounding_rate(struct sta_rec_bf *bf)
1047 {
1048 	bf->sounding_phy = MT_PHY_TYPE_OFDM;
1049 	bf->ndp_rate = 0;				/* mcs0 */
1050 	bf->ndpa_rate = MT7915_CFEND_RATE_DEFAULT;	/* ofdm 24m */
1051 	bf->rept_poll_rate = MT7915_CFEND_RATE_DEFAULT;	/* ofdm 24m */
1052 }
1053 
1054 static void
1055 mt7915_mcu_sta_bfer_ht(struct ieee80211_sta *sta, struct mt7915_phy *phy,
1056 		       struct sta_rec_bf *bf)
1057 {
1058 	struct ieee80211_mcs_info *mcs = &sta->deflink.ht_cap.mcs;
1059 	u8 n = 0;
1060 
1061 	bf->tx_mode = MT_PHY_TYPE_HT;
1062 
1063 	if ((mcs->tx_params & IEEE80211_HT_MCS_TX_RX_DIFF) &&
1064 	    (mcs->tx_params & IEEE80211_HT_MCS_TX_DEFINED))
1065 		n = FIELD_GET(IEEE80211_HT_MCS_TX_MAX_STREAMS_MASK,
1066 			      mcs->tx_params);
1067 	else if (mcs->rx_mask[3])
1068 		n = 3;
1069 	else if (mcs->rx_mask[2])
1070 		n = 2;
1071 	else if (mcs->rx_mask[1])
1072 		n = 1;
1073 
1074 	bf->nrow = hweight8(phy->mt76->chainmask) - 1;
1075 	bf->ncol = min_t(u8, bf->nrow, n);
1076 	bf->ibf_ncol = n;
1077 }
1078 
1079 static void
1080 mt7915_mcu_sta_bfer_vht(struct ieee80211_sta *sta, struct mt7915_phy *phy,
1081 			struct sta_rec_bf *bf, bool explicit)
1082 {
1083 	struct ieee80211_sta_vht_cap *pc = &sta->deflink.vht_cap;
1084 	struct ieee80211_sta_vht_cap *vc = &phy->mt76->sband_5g.sband.vht_cap;
1085 	u16 mcs_map = le16_to_cpu(pc->vht_mcs.rx_mcs_map);
1086 	u8 nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1087 	u8 tx_ant = hweight8(phy->mt76->chainmask) - 1;
1088 
1089 	bf->tx_mode = MT_PHY_TYPE_VHT;
1090 
1091 	if (explicit) {
1092 		u8 sts, snd_dim;
1093 
1094 		mt7915_mcu_sta_sounding_rate(bf);
1095 
1096 		sts = FIELD_GET(IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK,
1097 				pc->cap);
1098 		snd_dim = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1099 				    vc->cap);
1100 		bf->nrow = min_t(u8, min_t(u8, snd_dim, sts), tx_ant);
1101 		bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1102 		bf->ibf_ncol = bf->ncol;
1103 
1104 		if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
1105 			bf->nrow = 1;
1106 	} else {
1107 		bf->nrow = tx_ant;
1108 		bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1109 		bf->ibf_ncol = nss_mcs;
1110 
1111 		if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
1112 			bf->ibf_nrow = 1;
1113 	}
1114 }
1115 
1116 static void
1117 mt7915_mcu_sta_bfer_he(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
1118 		       struct mt7915_phy *phy, struct sta_rec_bf *bf)
1119 {
1120 	struct ieee80211_sta_he_cap *pc = &sta->deflink.he_cap;
1121 	struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
1122 	const struct ieee80211_sta_he_cap *vc =
1123 		mt76_connac_get_he_phy_cap(phy->mt76, vif);
1124 	const struct ieee80211_he_cap_elem *ve = &vc->he_cap_elem;
1125 	u16 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80);
1126 	u8 nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1127 	u8 snd_dim, sts;
1128 
1129 	bf->tx_mode = MT_PHY_TYPE_HE_SU;
1130 
1131 	mt7915_mcu_sta_sounding_rate(bf);
1132 
1133 	bf->trigger_su = HE_PHY(CAP6_TRIG_SU_BEAMFORMING_FB,
1134 				pe->phy_cap_info[6]);
1135 	bf->trigger_mu = HE_PHY(CAP6_TRIG_MU_BEAMFORMING_PARTIAL_BW_FB,
1136 				pe->phy_cap_info[6]);
1137 	snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1138 			 ve->phy_cap_info[5]);
1139 	sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_MASK,
1140 		     pe->phy_cap_info[4]);
1141 	bf->nrow = min_t(u8, snd_dim, sts);
1142 	bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1143 	bf->ibf_ncol = bf->ncol;
1144 
1145 	if (sta->deflink.bandwidth != IEEE80211_STA_RX_BW_160)
1146 		return;
1147 
1148 	/* go over for 160MHz and 80p80 */
1149 	if (pe->phy_cap_info[0] &
1150 	    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G) {
1151 		mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_160);
1152 		nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1153 
1154 		bf->ncol_gt_bw80 = nss_mcs;
1155 	}
1156 
1157 	if (pe->phy_cap_info[0] &
1158 	    IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G) {
1159 		mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80p80);
1160 		nss_mcs = mt7915_mcu_get_sta_nss(mcs_map);
1161 
1162 		if (bf->ncol_gt_bw80)
1163 			bf->ncol_gt_bw80 = min_t(u8, bf->ncol_gt_bw80, nss_mcs);
1164 		else
1165 			bf->ncol_gt_bw80 = nss_mcs;
1166 	}
1167 
1168 	snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_MASK,
1169 			 ve->phy_cap_info[5]);
1170 	sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_ABOVE_80MHZ_MASK,
1171 		     pe->phy_cap_info[4]);
1172 
1173 	bf->nrow_gt_bw80 = min_t(int, snd_dim, sts);
1174 }
1175 
1176 static void
1177 mt7915_mcu_sta_bfer_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
1178 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1179 {
1180 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1181 	struct mt7915_phy *phy = mvif->phy;
1182 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
1183 	struct sta_rec_bf *bf;
1184 	struct tlv *tlv;
1185 	const u8 matrix[4][4] = {
1186 		{0, 0, 0, 0},
1187 		{1, 1, 0, 0},	/* 2x1, 2x2, 2x3, 2x4 */
1188 		{2, 4, 4, 0},	/* 3x1, 3x2, 3x3, 3x4 */
1189 		{3, 5, 6, 0}	/* 4x1, 4x2, 4x3, 4x4 */
1190 	};
1191 	bool ebf;
1192 
1193 	if (!(sta->deflink.ht_cap.ht_supported || sta->deflink.he_cap.has_he))
1194 		return;
1195 
1196 	ebf = mt7915_is_ebf_supported(phy, vif, sta, false);
1197 	if (!ebf && !dev->ibf)
1198 		return;
1199 
1200 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BF, sizeof(*bf));
1201 	bf = (struct sta_rec_bf *)tlv;
1202 
1203 	/* he: eBF only, in accordance with spec
1204 	 * vht: support eBF and iBF
1205 	 * ht: iBF only, since mac80211 lacks of eBF support
1206 	 */
1207 	if (sta->deflink.he_cap.has_he && ebf)
1208 		mt7915_mcu_sta_bfer_he(sta, vif, phy, bf);
1209 	else if (sta->deflink.vht_cap.vht_supported)
1210 		mt7915_mcu_sta_bfer_vht(sta, phy, bf, ebf);
1211 	else if (sta->deflink.ht_cap.ht_supported)
1212 		mt7915_mcu_sta_bfer_ht(sta, phy, bf);
1213 	else
1214 		return;
1215 
1216 	bf->bf_cap = ebf ? ebf : dev->ibf << 1;
1217 	bf->bw = sta->deflink.bandwidth;
1218 	bf->ibf_dbw = sta->deflink.bandwidth;
1219 	bf->ibf_nrow = tx_ant;
1220 
1221 	if (!ebf && sta->deflink.bandwidth <= IEEE80211_STA_RX_BW_40 && !bf->ncol)
1222 		bf->ibf_timeout = 0x48;
1223 	else
1224 		bf->ibf_timeout = 0x18;
1225 
1226 	if (ebf && bf->nrow != tx_ant)
1227 		bf->mem_20m = matrix[tx_ant][bf->ncol];
1228 	else
1229 		bf->mem_20m = matrix[bf->nrow][bf->ncol];
1230 
1231 	switch (sta->deflink.bandwidth) {
1232 	case IEEE80211_STA_RX_BW_160:
1233 	case IEEE80211_STA_RX_BW_80:
1234 		bf->mem_total = bf->mem_20m * 2;
1235 		break;
1236 	case IEEE80211_STA_RX_BW_40:
1237 		bf->mem_total = bf->mem_20m;
1238 		break;
1239 	case IEEE80211_STA_RX_BW_20:
1240 	default:
1241 		break;
1242 	}
1243 }
1244 
1245 static void
1246 mt7915_mcu_sta_bfee_tlv(struct mt7915_dev *dev, struct sk_buff *skb,
1247 			struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1248 {
1249 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1250 	struct mt7915_phy *phy = mvif->phy;
1251 	int tx_ant = hweight8(phy->mt76->chainmask) - 1;
1252 	struct sta_rec_bfee *bfee;
1253 	struct tlv *tlv;
1254 	u8 nrow = 0;
1255 
1256 	if (!(sta->deflink.vht_cap.vht_supported || sta->deflink.he_cap.has_he))
1257 		return;
1258 
1259 	if (!mt7915_is_ebf_supported(phy, vif, sta, true))
1260 		return;
1261 
1262 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BFEE, sizeof(*bfee));
1263 	bfee = (struct sta_rec_bfee *)tlv;
1264 
1265 	if (sta->deflink.he_cap.has_he) {
1266 		struct ieee80211_he_cap_elem *pe = &sta->deflink.he_cap.he_cap_elem;
1267 
1268 		nrow = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1269 			      pe->phy_cap_info[5]);
1270 	} else if (sta->deflink.vht_cap.vht_supported) {
1271 		struct ieee80211_sta_vht_cap *pc = &sta->deflink.vht_cap;
1272 
1273 		nrow = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1274 				 pc->cap);
1275 	}
1276 
1277 	/* reply with identity matrix to avoid 2x2 BF negative gain */
1278 	bfee->fb_identity_matrix = (nrow == 1 && tx_ant == 2);
1279 }
1280 
1281 static enum mcu_mmps_mode
1282 mt7915_mcu_get_mmps_mode(enum ieee80211_smps_mode smps)
1283 {
1284 	switch (smps) {
1285 	case IEEE80211_SMPS_OFF:
1286 		return MCU_MMPS_DISABLE;
1287 	case IEEE80211_SMPS_STATIC:
1288 		return MCU_MMPS_STATIC;
1289 	case IEEE80211_SMPS_DYNAMIC:
1290 		return MCU_MMPS_DYNAMIC;
1291 	default:
1292 		return MCU_MMPS_DISABLE;
1293 	}
1294 }
1295 
1296 int mt7915_mcu_set_fixed_rate_ctrl(struct mt7915_dev *dev,
1297 				   struct ieee80211_vif *vif,
1298 				   struct ieee80211_sta *sta,
1299 				   void *data, u32 field)
1300 {
1301 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1302 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1303 	struct sta_phy *phy = data;
1304 	struct sta_rec_ra_fixed *ra;
1305 	struct sk_buff *skb;
1306 	struct tlv *tlv;
1307 
1308 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1309 					    &msta->wcid);
1310 	if (IS_ERR(skb))
1311 		return PTR_ERR(skb);
1312 
1313 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA_UPDATE, sizeof(*ra));
1314 	ra = (struct sta_rec_ra_fixed *)tlv;
1315 
1316 	switch (field) {
1317 	case RATE_PARAM_AUTO:
1318 		break;
1319 	case RATE_PARAM_FIXED:
1320 	case RATE_PARAM_FIXED_MCS:
1321 	case RATE_PARAM_FIXED_GI:
1322 	case RATE_PARAM_FIXED_HE_LTF:
1323 		if (phy)
1324 			ra->phy = *phy;
1325 		break;
1326 	case RATE_PARAM_MMPS_UPDATE:
1327 		ra->mmps_mode = mt7915_mcu_get_mmps_mode(sta->deflink.smps_mode);
1328 		break;
1329 	case RATE_PARAM_SPE_UPDATE:
1330 		ra->spe_idx = *(u8 *)data;
1331 		break;
1332 	default:
1333 		break;
1334 	}
1335 	ra->field = cpu_to_le32(field);
1336 
1337 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1338 				     MCU_EXT_CMD(STA_REC_UPDATE), true);
1339 }
1340 
1341 int mt7915_mcu_add_smps(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1342 			struct ieee80211_sta *sta)
1343 {
1344 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1345 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1346 	struct wtbl_req_hdr *wtbl_hdr;
1347 	struct tlv *sta_wtbl;
1348 	struct sk_buff *skb;
1349 	int ret;
1350 
1351 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1352 					    &msta->wcid);
1353 	if (IS_ERR(skb))
1354 		return PTR_ERR(skb);
1355 
1356 	sta_wtbl = mt76_connac_mcu_add_tlv(skb, STA_REC_WTBL,
1357 					   sizeof(struct tlv));
1358 	wtbl_hdr = mt76_connac_mcu_alloc_wtbl_req(&dev->mt76, &msta->wcid,
1359 						  WTBL_SET, sta_wtbl, &skb);
1360 	if (IS_ERR(wtbl_hdr))
1361 		return PTR_ERR(wtbl_hdr);
1362 
1363 	mt76_connac_mcu_wtbl_smps_tlv(skb, sta, sta_wtbl, wtbl_hdr);
1364 
1365 	ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
1366 				    MCU_EXT_CMD(STA_REC_UPDATE), true);
1367 	if (ret)
1368 		return ret;
1369 
1370 	return mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, NULL,
1371 					      RATE_PARAM_MMPS_UPDATE);
1372 }
1373 
1374 static int
1375 mt7915_mcu_set_spe_idx(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1376 		       struct ieee80211_sta *sta)
1377 {
1378 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1379 	struct mt76_phy *mphy = mvif->phy->mt76;
1380 	u8 spe_idx = mt76_connac_spe_idx(mphy->antenna_mask);
1381 
1382 	return mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &spe_idx,
1383 					      RATE_PARAM_SPE_UPDATE);
1384 }
1385 
1386 static int
1387 mt7915_mcu_add_rate_ctrl_fixed(struct mt7915_dev *dev,
1388 			       struct ieee80211_vif *vif,
1389 			       struct ieee80211_sta *sta)
1390 {
1391 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1392 	struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
1393 	struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
1394 	enum nl80211_band band = chandef->chan->band;
1395 	struct sta_phy phy = {};
1396 	int ret, nrates = 0;
1397 
1398 #define __sta_phy_bitrate_mask_check(_mcs, _gi, _ht, _he)			\
1399 	do {									\
1400 		u8 i, gi = mask->control[band]._gi;				\
1401 		gi = (_he) ? gi : gi == NL80211_TXRATE_FORCE_SGI;		\
1402 		for (i = 0; i <= sta->deflink.bandwidth; i++) {			\
1403 			phy.sgi |= gi << (i << (_he));				\
1404 			phy.he_ltf |= mask->control[band].he_ltf << (i << (_he));\
1405 		}								\
1406 		for (i = 0; i < ARRAY_SIZE(mask->control[band]._mcs); i++) {	\
1407 			if (!mask->control[band]._mcs[i])			\
1408 				continue;					\
1409 			nrates += hweight16(mask->control[band]._mcs[i]);	\
1410 			phy.mcs = ffs(mask->control[band]._mcs[i]) - 1;		\
1411 			if (_ht)						\
1412 				phy.mcs += 8 * i;				\
1413 		}								\
1414 	} while (0)
1415 
1416 	if (sta->deflink.he_cap.has_he) {
1417 		__sta_phy_bitrate_mask_check(he_mcs, he_gi, 0, 1);
1418 	} else if (sta->deflink.vht_cap.vht_supported) {
1419 		__sta_phy_bitrate_mask_check(vht_mcs, gi, 0, 0);
1420 	} else if (sta->deflink.ht_cap.ht_supported) {
1421 		__sta_phy_bitrate_mask_check(ht_mcs, gi, 1, 0);
1422 	} else {
1423 		nrates = hweight32(mask->control[band].legacy);
1424 		phy.mcs = ffs(mask->control[band].legacy) - 1;
1425 	}
1426 #undef __sta_phy_bitrate_mask_check
1427 
1428 	/* fall back to auto rate control */
1429 	if (mask->control[band].gi == NL80211_TXRATE_DEFAULT_GI &&
1430 	    mask->control[band].he_gi == GENMASK(7, 0) &&
1431 	    mask->control[band].he_ltf == GENMASK(7, 0) &&
1432 	    nrates != 1)
1433 		return 0;
1434 
1435 	/* fixed single rate */
1436 	if (nrates == 1) {
1437 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
1438 						     RATE_PARAM_FIXED_MCS);
1439 		if (ret)
1440 			return ret;
1441 	}
1442 
1443 	/* fixed GI */
1444 	if (mask->control[band].gi != NL80211_TXRATE_DEFAULT_GI ||
1445 	    mask->control[band].he_gi != GENMASK(7, 0)) {
1446 		struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1447 		u32 addr;
1448 
1449 		/* firmware updates only TXCMD but doesn't take WTBL into
1450 		 * account, so driver should update here to reflect the
1451 		 * actual txrate hardware sends out.
1452 		 */
1453 		addr = mt7915_mac_wtbl_lmac_addr(dev, msta->wcid.idx, 7);
1454 		if (sta->deflink.he_cap.has_he)
1455 			mt76_rmw_field(dev, addr, GENMASK(31, 24), phy.sgi);
1456 		else
1457 			mt76_rmw_field(dev, addr, GENMASK(15, 12), phy.sgi);
1458 
1459 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
1460 						     RATE_PARAM_FIXED_GI);
1461 		if (ret)
1462 			return ret;
1463 	}
1464 
1465 	/* fixed HE_LTF */
1466 	if (mask->control[band].he_ltf != GENMASK(7, 0)) {
1467 		ret = mt7915_mcu_set_fixed_rate_ctrl(dev, vif, sta, &phy,
1468 						     RATE_PARAM_FIXED_HE_LTF);
1469 		if (ret)
1470 			return ret;
1471 	}
1472 
1473 	return mt7915_mcu_set_spe_idx(dev, vif, sta);
1474 }
1475 
1476 static void
1477 mt7915_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb, struct mt7915_dev *dev,
1478 			     struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1479 {
1480 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1481 	struct mt76_phy *mphy = mvif->phy->mt76;
1482 	struct cfg80211_chan_def *chandef = &mphy->chandef;
1483 	struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
1484 	enum nl80211_band band = chandef->chan->band;
1485 	struct sta_rec_ra *ra;
1486 	struct tlv *tlv;
1487 	u32 supp_rate = sta->deflink.supp_rates[band];
1488 	u32 cap = sta->wme ? STA_CAP_WMM : 0;
1489 
1490 	tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA, sizeof(*ra));
1491 	ra = (struct sta_rec_ra *)tlv;
1492 
1493 	ra->valid = true;
1494 	ra->auto_rate = true;
1495 	ra->phy_mode = mt76_connac_get_phy_mode(mphy, vif, band, sta);
1496 	ra->channel = chandef->chan->hw_value;
1497 	ra->bw = sta->deflink.bandwidth;
1498 	ra->phy.bw = sta->deflink.bandwidth;
1499 	ra->mmps_mode = mt7915_mcu_get_mmps_mode(sta->deflink.smps_mode);
1500 
1501 	if (supp_rate) {
1502 		supp_rate &= mask->control[band].legacy;
1503 		ra->rate_len = hweight32(supp_rate);
1504 
1505 		if (band == NL80211_BAND_2GHZ) {
1506 			ra->supp_mode = MODE_CCK;
1507 			ra->supp_cck_rate = supp_rate & GENMASK(3, 0);
1508 
1509 			if (ra->rate_len > 4) {
1510 				ra->supp_mode |= MODE_OFDM;
1511 				ra->supp_ofdm_rate = supp_rate >> 4;
1512 			}
1513 		} else {
1514 			ra->supp_mode = MODE_OFDM;
1515 			ra->supp_ofdm_rate = supp_rate;
1516 		}
1517 	}
1518 
1519 	if (sta->deflink.ht_cap.ht_supported) {
1520 		ra->supp_mode |= MODE_HT;
1521 		ra->af = sta->deflink.ht_cap.ampdu_factor;
1522 		ra->ht_gf = !!(sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_GRN_FLD);
1523 
1524 		cap |= STA_CAP_HT;
1525 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SGI_20)
1526 			cap |= STA_CAP_SGI_20;
1527 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SGI_40)
1528 			cap |= STA_CAP_SGI_40;
1529 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_TX_STBC)
1530 			cap |= STA_CAP_TX_STBC;
1531 		if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_RX_STBC)
1532 			cap |= STA_CAP_RX_STBC;
1533 		if (mvif->cap.ht_ldpc &&
1534 		    (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING))
1535 			cap |= STA_CAP_LDPC;
1536 
1537 		mt7915_mcu_set_sta_ht_mcs(sta, ra->ht_mcs,
1538 					  mask->control[band].ht_mcs);
1539 		ra->supp_ht_mcs = *(__le32 *)ra->ht_mcs;
1540 	}
1541 
1542 	if (sta->deflink.vht_cap.vht_supported) {
1543 		u8 af;
1544 
1545 		ra->supp_mode |= MODE_VHT;
1546 		af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
1547 			       sta->deflink.vht_cap.cap);
1548 		ra->af = max_t(u8, ra->af, af);
1549 
1550 		cap |= STA_CAP_VHT;
1551 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80)
1552 			cap |= STA_CAP_VHT_SGI_80;
1553 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160)
1554 			cap |= STA_CAP_VHT_SGI_160;
1555 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_TXSTBC)
1556 			cap |= STA_CAP_VHT_TX_STBC;
1557 		if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_RXSTBC_1)
1558 			cap |= STA_CAP_VHT_RX_STBC;
1559 		if (mvif->cap.vht_ldpc &&
1560 		    (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC))
1561 			cap |= STA_CAP_VHT_LDPC;
1562 
1563 		mt7915_mcu_set_sta_vht_mcs(sta, ra->supp_vht_mcs,
1564 					   mask->control[band].vht_mcs);
1565 	}
1566 
1567 	if (sta->deflink.he_cap.has_he) {
1568 		ra->supp_mode |= MODE_HE;
1569 		cap |= STA_CAP_HE;
1570 
1571 		if (sta->deflink.he_6ghz_capa.capa)
1572 			ra->af = le16_get_bits(sta->deflink.he_6ghz_capa.capa,
1573 					       IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP);
1574 	}
1575 
1576 	ra->sta_cap = cpu_to_le32(cap);
1577 }
1578 
1579 int mt7915_mcu_add_rate_ctrl(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1580 			     struct ieee80211_sta *sta, bool changed)
1581 {
1582 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1583 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
1584 	struct sk_buff *skb;
1585 	int ret;
1586 
1587 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1588 					    &msta->wcid);
1589 	if (IS_ERR(skb))
1590 		return PTR_ERR(skb);
1591 
1592 	/* firmware rc algorithm refers to sta_rec_he for HE control.
1593 	 * once dev->rc_work changes the settings driver should also
1594 	 * update sta_rec_he here.
1595 	 */
1596 	if (changed)
1597 		mt7915_mcu_sta_he_tlv(skb, sta, vif);
1598 
1599 	/* sta_rec_ra accommodates BW, NSS and only MCS range format
1600 	 * i.e 0-{7,8,9} for VHT.
1601 	 */
1602 	mt7915_mcu_sta_rate_ctrl_tlv(skb, dev, vif, sta);
1603 
1604 	ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
1605 				    MCU_EXT_CMD(STA_REC_UPDATE), true);
1606 	if (ret)
1607 		return ret;
1608 
1609 	/* sta_rec_ra_fixed accommodates single rate, (HE)GI and HE_LTE,
1610 	 * and updates as peer fixed rate parameters, which overrides
1611 	 * sta_rec_ra and firmware rate control algorithm.
1612 	 */
1613 	return mt7915_mcu_add_rate_ctrl_fixed(dev, vif, sta);
1614 }
1615 
1616 static int
1617 mt7915_mcu_add_group(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1618 		     struct ieee80211_sta *sta)
1619 {
1620 #define MT_STA_BSS_GROUP		1
1621 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1622 	struct mt7915_sta *msta;
1623 	struct {
1624 		__le32 action;
1625 		u8 wlan_idx_lo;
1626 		u8 status;
1627 		u8 wlan_idx_hi;
1628 		u8 rsv0[5];
1629 		__le32 val;
1630 		u8 rsv1[8];
1631 	} __packed req = {
1632 		.action = cpu_to_le32(MT_STA_BSS_GROUP),
1633 		.val = cpu_to_le32(mvif->mt76.idx % 16),
1634 	};
1635 
1636 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
1637 	req.wlan_idx_lo = to_wcid_lo(msta->wcid.idx);
1638 	req.wlan_idx_hi = to_wcid_hi(msta->wcid.idx);
1639 
1640 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_DRR_CTRL), &req,
1641 				 sizeof(req), true);
1642 }
1643 
1644 int mt7915_mcu_add_sta(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1645 		       struct ieee80211_sta *sta, bool enable)
1646 {
1647 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1648 	struct mt7915_sta *msta;
1649 	struct sk_buff *skb;
1650 	int ret;
1651 
1652 	msta = sta ? (struct mt7915_sta *)sta->drv_priv : &mvif->sta;
1653 
1654 	skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1655 					    &msta->wcid);
1656 	if (IS_ERR(skb))
1657 		return PTR_ERR(skb);
1658 
1659 	/* starec basic */
1660 	mt76_connac_mcu_sta_basic_tlv(skb, vif, sta, enable,
1661 			!rcu_access_pointer(dev->mt76.wcid[msta->wcid.idx]));
1662 	if (!enable)
1663 		goto out;
1664 
1665 	/* tag order is in accordance with firmware dependency. */
1666 	if (sta) {
1667 		/* starec bfer */
1668 		mt7915_mcu_sta_bfer_tlv(dev, skb, vif, sta);
1669 		/* starec ht */
1670 		mt7915_mcu_sta_ht_tlv(skb, sta);
1671 		/* starec vht */
1672 		mt7915_mcu_sta_vht_tlv(skb, sta);
1673 		/* starec uapsd */
1674 		mt76_connac_mcu_sta_uapsd(skb, vif, sta);
1675 	}
1676 
1677 	ret = mt7915_mcu_sta_wtbl_tlv(dev, skb, vif, sta);
1678 	if (ret) {
1679 		dev_kfree_skb(skb);
1680 		return ret;
1681 	}
1682 
1683 	if (sta) {
1684 		/* starec amsdu */
1685 		mt7915_mcu_sta_amsdu_tlv(dev, skb, vif, sta);
1686 		/* starec he */
1687 		mt7915_mcu_sta_he_tlv(skb, sta, vif);
1688 		/* starec muru */
1689 		mt7915_mcu_sta_muru_tlv(dev, skb, sta, vif);
1690 		/* starec bfee */
1691 		mt7915_mcu_sta_bfee_tlv(dev, skb, vif, sta);
1692 	}
1693 
1694 	ret = mt7915_mcu_add_group(dev, vif, sta);
1695 	if (ret) {
1696 		dev_kfree_skb(skb);
1697 		return ret;
1698 	}
1699 out:
1700 	ret = mt76_connac_mcu_sta_wed_update(&dev->mt76, skb);
1701 	if (ret)
1702 		return ret;
1703 
1704 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1705 				     MCU_EXT_CMD(STA_REC_UPDATE), true);
1706 }
1707 
1708 int mt7915_mcu_wed_enable_rx_stats(struct mt7915_dev *dev)
1709 {
1710 #ifdef CONFIG_NET_MEDIATEK_SOC_WED
1711 	struct mtk_wed_device *wed = &dev->mt76.mmio.wed;
1712 	struct {
1713 		__le32 args[2];
1714 	} req = {
1715 		.args[0] = cpu_to_le32(1),
1716 		.args[1] = cpu_to_le32(6),
1717 	};
1718 
1719 	return mtk_wed_device_update_msg(wed, MTK_WED_WO_CMD_RXCNT_CTRL,
1720 					 &req, sizeof(req));
1721 #else
1722 	return 0;
1723 #endif
1724 }
1725 
1726 int mt7915_mcu_add_dev_info(struct mt7915_phy *phy,
1727 			    struct ieee80211_vif *vif, bool enable)
1728 {
1729 	struct mt7915_dev *dev = phy->dev;
1730 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1731 	struct {
1732 		struct req_hdr {
1733 			u8 omac_idx;
1734 			u8 band_idx;
1735 			__le16 tlv_num;
1736 			u8 is_tlv_append;
1737 			u8 rsv[3];
1738 		} __packed hdr;
1739 		struct req_tlv {
1740 			__le16 tag;
1741 			__le16 len;
1742 			u8 active;
1743 			u8 band_idx;
1744 			u8 omac_addr[ETH_ALEN];
1745 		} __packed tlv;
1746 	} data = {
1747 		.hdr = {
1748 			.omac_idx = mvif->mt76.omac_idx,
1749 			.band_idx = mvif->mt76.band_idx,
1750 			.tlv_num = cpu_to_le16(1),
1751 			.is_tlv_append = 1,
1752 		},
1753 		.tlv = {
1754 			.tag = cpu_to_le16(DEV_INFO_ACTIVE),
1755 			.len = cpu_to_le16(sizeof(struct req_tlv)),
1756 			.active = enable,
1757 			.band_idx = mvif->mt76.band_idx,
1758 		},
1759 	};
1760 
1761 	if (mvif->mt76.omac_idx >= REPEATER_BSSID_START)
1762 		return mt7915_mcu_muar_config(phy, vif, false, enable);
1763 
1764 	memcpy(data.tlv.omac_addr, vif->addr, ETH_ALEN);
1765 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(DEV_INFO_UPDATE),
1766 				 &data, sizeof(data), true);
1767 }
1768 
1769 static void
1770 mt7915_mcu_beacon_cntdwn(struct ieee80211_vif *vif, struct sk_buff *rskb,
1771 			 struct sk_buff *skb, struct bss_info_bcn *bcn,
1772 			 struct ieee80211_mutable_offsets *offs)
1773 {
1774 	struct bss_info_bcn_cntdwn *info;
1775 	struct tlv *tlv;
1776 	int sub_tag;
1777 
1778 	if (!offs->cntdwn_counter_offs[0])
1779 		return;
1780 
1781 	sub_tag = vif->bss_conf.csa_active ? BSS_INFO_BCN_CSA : BSS_INFO_BCN_BCC;
1782 	tlv = mt7915_mcu_add_nested_subtlv(rskb, sub_tag, sizeof(*info),
1783 					   &bcn->sub_ntlv, &bcn->len);
1784 	info = (struct bss_info_bcn_cntdwn *)tlv;
1785 	info->cnt = skb->data[offs->cntdwn_counter_offs[0]];
1786 }
1787 
1788 static void
1789 mt7915_mcu_beacon_mbss(struct sk_buff *rskb, struct sk_buff *skb,
1790 		       struct ieee80211_vif *vif, struct bss_info_bcn *bcn,
1791 		       struct ieee80211_mutable_offsets *offs)
1792 {
1793 	struct bss_info_bcn_mbss *mbss;
1794 	const struct element *elem;
1795 	struct tlv *tlv;
1796 
1797 	if (!vif->bss_conf.bssid_indicator)
1798 		return;
1799 
1800 	tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_MBSSID,
1801 					   sizeof(*mbss), &bcn->sub_ntlv,
1802 					   &bcn->len);
1803 
1804 	mbss = (struct bss_info_bcn_mbss *)tlv;
1805 	mbss->offset[0] = cpu_to_le16(offs->tim_offset);
1806 	mbss->bitmap = cpu_to_le32(1);
1807 
1808 	for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID,
1809 			    &skb->data[offs->mbssid_off],
1810 			    skb->len - offs->mbssid_off) {
1811 		const struct element *sub_elem;
1812 
1813 		if (elem->datalen < 2)
1814 			continue;
1815 
1816 		for_each_element(sub_elem, elem->data + 1, elem->datalen - 1) {
1817 			const struct ieee80211_bssid_index *idx;
1818 			const u8 *idx_ie;
1819 
1820 			if (sub_elem->id || sub_elem->datalen < 4)
1821 				continue; /* not a valid BSS profile */
1822 
1823 			/* Find WLAN_EID_MULTI_BSSID_IDX
1824 			 * in the merged nontransmitted profile
1825 			 */
1826 			idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX,
1827 						  sub_elem->data,
1828 						  sub_elem->datalen);
1829 			if (!idx_ie || idx_ie[1] < sizeof(*idx))
1830 				continue;
1831 
1832 			idx = (void *)(idx_ie + 2);
1833 			if (!idx->bssid_index || idx->bssid_index > 31)
1834 				continue;
1835 
1836 			mbss->offset[idx->bssid_index] =
1837 				cpu_to_le16(idx_ie - skb->data);
1838 			mbss->bitmap |= cpu_to_le32(BIT(idx->bssid_index));
1839 		}
1840 	}
1841 }
1842 
1843 static void
1844 mt7915_mcu_beacon_cont(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1845 		       struct sk_buff *rskb, struct sk_buff *skb,
1846 		       struct bss_info_bcn *bcn,
1847 		       struct ieee80211_mutable_offsets *offs)
1848 {
1849 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1850 	struct bss_info_bcn_cont *cont;
1851 	struct tlv *tlv;
1852 	u8 *buf;
1853 	int len = sizeof(*cont) + MT_TXD_SIZE + skb->len;
1854 
1855 	len = (len & 0x3) ? ((len | 0x3) + 1) : len;
1856 	tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_CONTENT,
1857 					   len, &bcn->sub_ntlv, &bcn->len);
1858 
1859 	cont = (struct bss_info_bcn_cont *)tlv;
1860 	cont->pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
1861 	cont->tim_ofs = cpu_to_le16(offs->tim_offset);
1862 
1863 	if (offs->cntdwn_counter_offs[0]) {
1864 		u16 offset = offs->cntdwn_counter_offs[0];
1865 
1866 		if (vif->bss_conf.csa_active)
1867 			cont->csa_ofs = cpu_to_le16(offset - 4);
1868 		if (vif->bss_conf.color_change_active)
1869 			cont->bcc_ofs = cpu_to_le16(offset - 3);
1870 	}
1871 
1872 	buf = (u8 *)tlv + sizeof(*cont);
1873 	mt7915_mac_write_txwi(&dev->mt76, (__le32 *)buf, skb, wcid, 0, NULL,
1874 			      0, BSS_CHANGED_BEACON);
1875 	memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
1876 }
1877 
1878 static void
1879 mt7915_mcu_beacon_check_caps(struct mt7915_phy *phy, struct ieee80211_vif *vif,
1880 			     struct sk_buff *skb)
1881 {
1882 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1883 	struct mt7915_vif_cap *vc = &mvif->cap;
1884 	const struct ieee80211_he_cap_elem *he;
1885 	const struct ieee80211_vht_cap *vht;
1886 	const struct ieee80211_ht_cap *ht;
1887 	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
1888 	const u8 *ie;
1889 	u32 len, bc;
1890 
1891 	/* Check missing configuration options to allow AP mode in mac80211
1892 	 * to remain in sync with hostapd settings, and get a subset of
1893 	 * beacon and hardware capabilities.
1894 	 */
1895 	if (WARN_ON_ONCE(skb->len <= (mgmt->u.beacon.variable - skb->data)))
1896 		return;
1897 
1898 	memset(vc, 0, sizeof(*vc));
1899 
1900 	len = skb->len - (mgmt->u.beacon.variable - skb->data);
1901 
1902 	ie = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, mgmt->u.beacon.variable,
1903 			      len);
1904 	if (ie && ie[1] >= sizeof(*ht)) {
1905 		ht = (void *)(ie + 2);
1906 		vc->ht_ldpc = !!(le16_to_cpu(ht->cap_info) &
1907 				 IEEE80211_HT_CAP_LDPC_CODING);
1908 	}
1909 
1910 	ie = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, mgmt->u.beacon.variable,
1911 			      len);
1912 	if (ie && ie[1] >= sizeof(*vht)) {
1913 		u32 pc = phy->mt76->sband_5g.sband.vht_cap.cap;
1914 
1915 		vht = (void *)(ie + 2);
1916 		bc = le32_to_cpu(vht->vht_cap_info);
1917 
1918 		vc->vht_ldpc = !!(bc & IEEE80211_VHT_CAP_RXLDPC);
1919 		vc->vht_su_ebfer =
1920 			(bc & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE) &&
1921 			(pc & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1922 		vc->vht_su_ebfee =
1923 			(bc & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE) &&
1924 			(pc & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1925 		vc->vht_mu_ebfer =
1926 			(bc & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE) &&
1927 			(pc & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE);
1928 		vc->vht_mu_ebfee =
1929 			(bc & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) &&
1930 			(pc & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1931 	}
1932 
1933 	ie = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY,
1934 				  mgmt->u.beacon.variable, len);
1935 	if (ie && ie[1] >= sizeof(*he) + 1) {
1936 		const struct ieee80211_sta_he_cap *pc =
1937 			mt76_connac_get_he_phy_cap(phy->mt76, vif);
1938 		const struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
1939 
1940 		he = (void *)(ie + 3);
1941 
1942 		vc->he_ldpc =
1943 			HE_PHY(CAP1_LDPC_CODING_IN_PAYLOAD, pe->phy_cap_info[1]);
1944 		vc->he_su_ebfer =
1945 			HE_PHY(CAP3_SU_BEAMFORMER, he->phy_cap_info[3]) &&
1946 			HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]);
1947 		vc->he_su_ebfee =
1948 			HE_PHY(CAP4_SU_BEAMFORMEE, he->phy_cap_info[4]) &&
1949 			HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]);
1950 		vc->he_mu_ebfer =
1951 			HE_PHY(CAP4_MU_BEAMFORMER, he->phy_cap_info[4]) &&
1952 			HE_PHY(CAP4_MU_BEAMFORMER, pe->phy_cap_info[4]);
1953 	}
1954 }
1955 
1956 static void
1957 mt7915_mcu_beacon_inband_discov(struct mt7915_dev *dev, struct ieee80211_vif *vif,
1958 				struct sk_buff *rskb, struct bss_info_bcn *bcn,
1959 				u32 changed)
1960 {
1961 #define OFFLOAD_TX_MODE_SU	BIT(0)
1962 #define OFFLOAD_TX_MODE_MU	BIT(1)
1963 	struct ieee80211_hw *hw = mt76_hw(dev);
1964 	struct mt7915_phy *phy = mt7915_hw_phy(hw);
1965 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
1966 	struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
1967 	enum nl80211_band band = chandef->chan->band;
1968 	struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1969 	struct bss_info_inband_discovery *discov;
1970 	struct ieee80211_tx_info *info;
1971 	struct sk_buff *skb = NULL;
1972 	struct tlv *tlv;
1973 	bool ext_phy = phy != &dev->phy;
1974 	u8 *buf, interval;
1975 	int len;
1976 
1977 	if (changed & BSS_CHANGED_FILS_DISCOVERY &&
1978 	    vif->bss_conf.fils_discovery.max_interval) {
1979 		interval = vif->bss_conf.fils_discovery.max_interval;
1980 		skb = ieee80211_get_fils_discovery_tmpl(hw, vif);
1981 	} else if (changed & BSS_CHANGED_UNSOL_BCAST_PROBE_RESP &&
1982 		   vif->bss_conf.unsol_bcast_probe_resp_interval) {
1983 		interval = vif->bss_conf.unsol_bcast_probe_resp_interval;
1984 		skb = ieee80211_get_unsol_bcast_probe_resp_tmpl(hw, vif);
1985 	}
1986 
1987 	if (!skb)
1988 		return;
1989 
1990 	info = IEEE80211_SKB_CB(skb);
1991 	info->control.vif = vif;
1992 	info->band = band;
1993 
1994 	info->hw_queue |= FIELD_PREP(MT_TX_HW_QUEUE_PHY, ext_phy);
1995 
1996 	len = sizeof(*discov) + MT_TXD_SIZE + skb->len;
1997 	len = (len & 0x3) ? ((len | 0x3) + 1) : len;
1998 
1999 	if (len > (MT7915_MAX_BSS_OFFLOAD_SIZE - rskb->len)) {
2000 		dev_err(dev->mt76.dev, "inband discovery size limit exceed\n");
2001 		dev_kfree_skb(skb);
2002 		return;
2003 	}
2004 
2005 	tlv = mt7915_mcu_add_nested_subtlv(rskb, BSS_INFO_BCN_DISCOV,
2006 					   len, &bcn->sub_ntlv, &bcn->len);
2007 	discov = (struct bss_info_inband_discovery *)tlv;
2008 	discov->tx_mode = OFFLOAD_TX_MODE_SU;
2009 	/* 0: UNSOL PROBE RESP, 1: FILS DISCOV */
2010 	discov->tx_type = !!(changed & BSS_CHANGED_FILS_DISCOVERY);
2011 	discov->tx_interval = interval;
2012 	discov->prob_rsp_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
2013 	discov->enable = true;
2014 
2015 	buf = (u8 *)tlv + sizeof(*discov);
2016 
2017 	mt7915_mac_write_txwi(&dev->mt76, (__le32 *)buf, skb, wcid, 0, NULL,
2018 			      0, changed);
2019 	memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
2020 
2021 	dev_kfree_skb(skb);
2022 }
2023 
2024 int mt7915_mcu_add_beacon(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
2025 			  int en, u32 changed)
2026 {
2027 	struct mt7915_dev *dev = mt7915_hw_dev(hw);
2028 	struct mt7915_phy *phy = mt7915_hw_phy(hw);
2029 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2030 	struct ieee80211_mutable_offsets offs;
2031 	struct ieee80211_tx_info *info;
2032 	struct sk_buff *skb, *rskb;
2033 	struct tlv *tlv;
2034 	struct bss_info_bcn *bcn;
2035 	int len = MT7915_MAX_BSS_OFFLOAD_SIZE;
2036 	bool ext_phy = phy != &dev->phy;
2037 
2038 	if (vif->bss_conf.nontransmitted)
2039 		return 0;
2040 
2041 	rskb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
2042 					       NULL, len);
2043 	if (IS_ERR(rskb))
2044 		return PTR_ERR(rskb);
2045 
2046 	tlv = mt76_connac_mcu_add_tlv(rskb, BSS_INFO_OFFLOAD, sizeof(*bcn));
2047 	bcn = (struct bss_info_bcn *)tlv;
2048 	bcn->enable = en;
2049 
2050 	if (!en)
2051 		goto out;
2052 
2053 	skb = ieee80211_beacon_get_template(hw, vif, &offs, 0);
2054 	if (!skb)
2055 		return -EINVAL;
2056 
2057 	if (skb->len > MT7915_MAX_BEACON_SIZE - MT_TXD_SIZE) {
2058 		dev_err(dev->mt76.dev, "Bcn size limit exceed\n");
2059 		dev_kfree_skb(skb);
2060 		return -EINVAL;
2061 	}
2062 
2063 	info = IEEE80211_SKB_CB(skb);
2064 	info->hw_queue = FIELD_PREP(MT_TX_HW_QUEUE_PHY, ext_phy);
2065 
2066 	mt7915_mcu_beacon_check_caps(phy, vif, skb);
2067 
2068 	mt7915_mcu_beacon_cntdwn(vif, rskb, skb, bcn, &offs);
2069 	mt7915_mcu_beacon_mbss(rskb, skb, vif, bcn, &offs);
2070 	mt7915_mcu_beacon_cont(dev, vif, rskb, skb, bcn, &offs);
2071 	dev_kfree_skb(skb);
2072 
2073 	if (changed & BSS_CHANGED_UNSOL_BCAST_PROBE_RESP ||
2074 	    changed & BSS_CHANGED_FILS_DISCOVERY)
2075 		mt7915_mcu_beacon_inband_discov(dev, vif, rskb,
2076 						bcn, changed);
2077 
2078 out:
2079 	return mt76_mcu_skb_send_msg(&phy->dev->mt76, rskb,
2080 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
2081 }
2082 
2083 static int mt7915_driver_own(struct mt7915_dev *dev, u8 band)
2084 {
2085 	mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(band), MT_TOP_LPCR_HOST_DRV_OWN);
2086 	if (!mt76_poll_msec(dev, MT_TOP_LPCR_HOST_BAND(band),
2087 			    MT_TOP_LPCR_HOST_FW_OWN_STAT, 0, 500)) {
2088 		dev_err(dev->mt76.dev, "Timeout for driver own\n");
2089 		return -EIO;
2090 	}
2091 
2092 	/* clear irq when the driver own success */
2093 	mt76_wr(dev, MT_TOP_LPCR_HOST_BAND_IRQ_STAT(band),
2094 		MT_TOP_LPCR_HOST_BAND_STAT);
2095 
2096 	return 0;
2097 }
2098 
2099 static int
2100 mt7915_firmware_state(struct mt7915_dev *dev, bool wa)
2101 {
2102 	u32 state = FIELD_PREP(MT_TOP_MISC_FW_STATE,
2103 			       wa ? FW_STATE_RDY : FW_STATE_FW_DOWNLOAD);
2104 
2105 	if (!mt76_poll_msec(dev, MT_TOP_MISC, MT_TOP_MISC_FW_STATE,
2106 			    state, 1000)) {
2107 		dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
2108 		return -EIO;
2109 	}
2110 	return 0;
2111 }
2112 
2113 static int mt7915_load_firmware(struct mt7915_dev *dev)
2114 {
2115 	int ret;
2116 
2117 	/* make sure fw is download state */
2118 	if (mt7915_firmware_state(dev, false)) {
2119 		/* restart firmware once */
2120 		mt76_connac_mcu_restart(&dev->mt76);
2121 		ret = mt7915_firmware_state(dev, false);
2122 		if (ret) {
2123 			dev_err(dev->mt76.dev,
2124 				"Firmware is not ready for download\n");
2125 			return ret;
2126 		}
2127 	}
2128 
2129 	ret = mt76_connac2_load_patch(&dev->mt76, fw_name_var(dev, ROM_PATCH));
2130 	if (ret)
2131 		return ret;
2132 
2133 	ret = mt76_connac2_load_ram(&dev->mt76, fw_name_var(dev, FIRMWARE_WM),
2134 				    fw_name(dev, FIRMWARE_WA));
2135 	if (ret)
2136 		return ret;
2137 
2138 	ret = mt7915_firmware_state(dev, true);
2139 	if (ret)
2140 		return ret;
2141 
2142 	mt76_queue_tx_cleanup(dev, dev->mt76.q_mcu[MT_MCUQ_FWDL], false);
2143 
2144 	dev_dbg(dev->mt76.dev, "Firmware init done\n");
2145 
2146 	return 0;
2147 }
2148 
2149 int mt7915_mcu_fw_log_2_host(struct mt7915_dev *dev, u8 type, u8 ctrl)
2150 {
2151 	struct {
2152 		u8 ctrl_val;
2153 		u8 pad[3];
2154 	} data = {
2155 		.ctrl_val = ctrl
2156 	};
2157 
2158 	if (type == MCU_FW_LOG_WA)
2159 		return mt76_mcu_send_msg(&dev->mt76, MCU_WA_EXT_CMD(FW_LOG_2_HOST),
2160 					 &data, sizeof(data), true);
2161 
2162 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(FW_LOG_2_HOST), &data,
2163 				 sizeof(data), true);
2164 }
2165 
2166 int mt7915_mcu_fw_dbg_ctrl(struct mt7915_dev *dev, u32 module, u8 level)
2167 {
2168 	struct {
2169 		u8 ver;
2170 		u8 pad;
2171 		__le16 len;
2172 		u8 level;
2173 		u8 rsv[3];
2174 		__le32 module_idx;
2175 	} data = {
2176 		.module_idx = cpu_to_le32(module),
2177 		.level = level,
2178 	};
2179 
2180 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(FW_DBG_CTRL), &data,
2181 				 sizeof(data), false);
2182 }
2183 
2184 int mt7915_mcu_muru_debug_set(struct mt7915_dev *dev, bool enabled)
2185 {
2186 	struct {
2187 		__le32 cmd;
2188 		u8 enable;
2189 	} data = {
2190 		.cmd = cpu_to_le32(MURU_SET_TXC_TX_STATS_EN),
2191 		.enable = enabled,
2192 	};
2193 
2194 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL), &data,
2195 				sizeof(data), false);
2196 }
2197 
2198 int mt7915_mcu_muru_debug_get(struct mt7915_phy *phy, void *ms)
2199 {
2200 	struct mt7915_dev *dev = phy->dev;
2201 	struct sk_buff *skb;
2202 	struct mt7915_mcu_muru_stats *mu_stats =
2203 				(struct mt7915_mcu_muru_stats *)ms;
2204 	int ret;
2205 
2206 	struct {
2207 		__le32 cmd;
2208 		u8 band_idx;
2209 	} req = {
2210 		.cmd = cpu_to_le32(MURU_GET_TXC_TX_STATS),
2211 		.band_idx = phy->mt76->band_idx,
2212 	};
2213 
2214 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL),
2215 					&req, sizeof(req), true, &skb);
2216 	if (ret)
2217 		return ret;
2218 
2219 	memcpy(mu_stats, skb->data, sizeof(struct mt7915_mcu_muru_stats));
2220 	dev_kfree_skb(skb);
2221 
2222 	return 0;
2223 }
2224 
2225 static int mt7915_mcu_set_mwds(struct mt7915_dev *dev, bool enabled)
2226 {
2227 	struct {
2228 		u8 enable;
2229 		u8 _rsv[3];
2230 	} __packed req = {
2231 		.enable = enabled
2232 	};
2233 
2234 	return mt76_mcu_send_msg(&dev->mt76, MCU_WA_EXT_CMD(MWDS_SUPPORT), &req,
2235 				 sizeof(req), false);
2236 }
2237 
2238 int mt7915_mcu_set_muru_ctrl(struct mt7915_dev *dev, u32 cmd, u32 val)
2239 {
2240 	struct {
2241 		__le32 cmd;
2242 		u8 val[4];
2243 	} __packed req = {
2244 		.cmd = cpu_to_le32(cmd),
2245 	};
2246 
2247 	put_unaligned_le32(val, req.val);
2248 
2249 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MURU_CTRL), &req,
2250 				 sizeof(req), false);
2251 }
2252 
2253 static int
2254 mt7915_mcu_init_rx_airtime(struct mt7915_dev *dev)
2255 {
2256 #define RX_AIRTIME_FEATURE_CTRL		1
2257 #define RX_AIRTIME_BITWISE_CTRL		2
2258 #define RX_AIRTIME_CLEAR_EN	1
2259 	struct {
2260 		__le16 field;
2261 		__le16 sub_field;
2262 		__le32 set_status;
2263 		__le32 get_status;
2264 		u8 _rsv[12];
2265 
2266 		bool airtime_en;
2267 		bool mibtime_en;
2268 		bool earlyend_en;
2269 		u8 _rsv1[9];
2270 
2271 		bool airtime_clear;
2272 		bool mibtime_clear;
2273 		u8 _rsv2[98];
2274 	} __packed req = {
2275 		.field = cpu_to_le16(RX_AIRTIME_BITWISE_CTRL),
2276 		.sub_field = cpu_to_le16(RX_AIRTIME_CLEAR_EN),
2277 		.airtime_clear = true,
2278 	};
2279 	int ret;
2280 
2281 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_AIRTIME_CTRL), &req,
2282 				sizeof(req), true);
2283 	if (ret)
2284 		return ret;
2285 
2286 	req.field = cpu_to_le16(RX_AIRTIME_FEATURE_CTRL);
2287 	req.sub_field = cpu_to_le16(RX_AIRTIME_CLEAR_EN);
2288 	req.airtime_en = true;
2289 
2290 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_AIRTIME_CTRL), &req,
2291 				 sizeof(req), true);
2292 }
2293 
2294 static int mt7915_red_set_watermark(struct mt7915_dev *dev)
2295 {
2296 #define RED_GLOBAL_TOKEN_WATERMARK 2
2297 	struct {
2298 		__le32 args[3];
2299 		u8 cmd;
2300 		u8 version;
2301 		u8 __rsv1[4];
2302 		__le16 len;
2303 		__le16 high_mark;
2304 		__le16 low_mark;
2305 		u8 __rsv2[12];
2306 	} __packed req = {
2307 		.args[0] = cpu_to_le32(MCU_WA_PARAM_RED_SETTING),
2308 		.cmd = RED_GLOBAL_TOKEN_WATERMARK,
2309 		.len = cpu_to_le16(sizeof(req) - sizeof(req.args)),
2310 		.high_mark = cpu_to_le16(MT7915_HW_TOKEN_SIZE - 256),
2311 		.low_mark = cpu_to_le16(MT7915_HW_TOKEN_SIZE - 256 - 1536),
2312 	};
2313 
2314 	return mt76_mcu_send_msg(&dev->mt76, MCU_WA_PARAM_CMD(SET), &req,
2315 				 sizeof(req), false);
2316 }
2317 
2318 static int mt7915_mcu_set_red(struct mt7915_dev *dev, bool enabled)
2319 {
2320 #define RED_DISABLE		0
2321 #define RED_BY_WA_ENABLE	2
2322 	int ret;
2323 	u32 red_type = enabled ? RED_BY_WA_ENABLE : RED_DISABLE;
2324 	__le32 req = cpu_to_le32(red_type);
2325 
2326 	if (enabled) {
2327 		ret = mt7915_red_set_watermark(dev);
2328 		if (ret < 0)
2329 			return ret;
2330 	}
2331 
2332 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RED_ENABLE), &req,
2333 				sizeof(req), false);
2334 	if (ret < 0)
2335 		return ret;
2336 
2337 	return mt7915_mcu_wa_cmd(dev, MCU_WA_PARAM_CMD(SET),
2338 				 MCU_WA_PARAM_RED, enabled, 0);
2339 }
2340 
2341 int mt7915_mcu_init_firmware(struct mt7915_dev *dev)
2342 {
2343 	int ret;
2344 
2345 	/* force firmware operation mode into normal state,
2346 	 * which should be set before firmware download stage.
2347 	 */
2348 	mt76_wr(dev, MT_SWDEF_MODE, MT_SWDEF_NORMAL_MODE);
2349 
2350 	ret = mt7915_driver_own(dev, 0);
2351 	if (ret)
2352 		return ret;
2353 	/* set driver own for band1 when two hif exist */
2354 	if (dev->hif2) {
2355 		ret = mt7915_driver_own(dev, 1);
2356 		if (ret)
2357 			return ret;
2358 	}
2359 
2360 	ret = mt7915_load_firmware(dev);
2361 	if (ret)
2362 		return ret;
2363 
2364 	set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
2365 	ret = mt7915_mcu_fw_log_2_host(dev, MCU_FW_LOG_WM, 0);
2366 	if (ret)
2367 		return ret;
2368 
2369 	ret = mt7915_mcu_fw_log_2_host(dev, MCU_FW_LOG_WA, 0);
2370 	if (ret)
2371 		return ret;
2372 
2373 	if (mtk_wed_device_active(&dev->mt76.mmio.wed) && is_mt7915(&dev->mt76))
2374 		mt7915_mcu_wa_cmd(dev, MCU_WA_PARAM_CMD(CAPABILITY), 0, 0, 0);
2375 
2376 	ret = mt7915_mcu_set_mwds(dev, 1);
2377 	if (ret)
2378 		return ret;
2379 
2380 	ret = mt7915_mcu_set_muru_ctrl(dev, MURU_SET_PLATFORM_TYPE,
2381 				       MURU_PLATFORM_TYPE_PERF_LEVEL_2);
2382 	if (ret)
2383 		return ret;
2384 
2385 	ret = mt7915_mcu_init_rx_airtime(dev);
2386 	if (ret)
2387 		return ret;
2388 
2389 	return mt7915_mcu_set_red(dev, mtk_wed_device_active(&dev->mt76.mmio.wed));
2390 }
2391 
2392 int mt7915_mcu_init(struct mt7915_dev *dev)
2393 {
2394 	static const struct mt76_mcu_ops mt7915_mcu_ops = {
2395 		.headroom = sizeof(struct mt76_connac2_mcu_txd),
2396 		.mcu_skb_send_msg = mt7915_mcu_send_message,
2397 		.mcu_parse_response = mt7915_mcu_parse_response,
2398 	};
2399 
2400 	dev->mt76.mcu_ops = &mt7915_mcu_ops;
2401 
2402 	return mt7915_mcu_init_firmware(dev);
2403 }
2404 
2405 void mt7915_mcu_exit(struct mt7915_dev *dev)
2406 {
2407 	mt76_connac_mcu_restart(&dev->mt76);
2408 	if (mt7915_firmware_state(dev, false)) {
2409 		dev_err(dev->mt76.dev, "Failed to exit mcu\n");
2410 		goto out;
2411 	}
2412 
2413 	mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(0), MT_TOP_LPCR_HOST_FW_OWN);
2414 	if (dev->hif2)
2415 		mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(1),
2416 			MT_TOP_LPCR_HOST_FW_OWN);
2417 out:
2418 	skb_queue_purge(&dev->mt76.mcu.res_q);
2419 }
2420 
2421 static int
2422 mt7915_mcu_set_rx_hdr_trans_blacklist(struct mt7915_dev *dev, int band)
2423 {
2424 	struct {
2425 		u8 operation;
2426 		u8 count;
2427 		u8 _rsv[2];
2428 		u8 index;
2429 		u8 enable;
2430 		__le16 etype;
2431 	} req = {
2432 		.operation = 1,
2433 		.count = 1,
2434 		.enable = 1,
2435 		.etype = cpu_to_le16(ETH_P_PAE),
2436 	};
2437 
2438 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_HDR_TRANS),
2439 				 &req, sizeof(req), false);
2440 }
2441 
2442 int mt7915_mcu_set_mac(struct mt7915_dev *dev, int band,
2443 		       bool enable, bool hdr_trans)
2444 {
2445 	struct {
2446 		u8 operation;
2447 		u8 enable;
2448 		u8 check_bssid;
2449 		u8 insert_vlan;
2450 		u8 remove_vlan;
2451 		u8 tid;
2452 		u8 mode;
2453 		u8 rsv;
2454 	} __packed req_trans = {
2455 		.enable = hdr_trans,
2456 	};
2457 	struct {
2458 		u8 enable;
2459 		u8 band;
2460 		u8 rsv[2];
2461 	} __packed req_mac = {
2462 		.enable = enable,
2463 		.band = band,
2464 	};
2465 	int ret;
2466 
2467 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RX_HDR_TRANS),
2468 				&req_trans, sizeof(req_trans), false);
2469 	if (ret)
2470 		return ret;
2471 
2472 	if (hdr_trans)
2473 		mt7915_mcu_set_rx_hdr_trans_blacklist(dev, band);
2474 
2475 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MAC_INIT_CTRL),
2476 				 &req_mac, sizeof(req_mac), true);
2477 }
2478 
2479 int mt7915_mcu_update_edca(struct mt7915_dev *dev, void *param)
2480 {
2481 	struct mt7915_mcu_tx *req = (struct mt7915_mcu_tx *)param;
2482 	u8 num = req->total;
2483 	size_t len = sizeof(*req) -
2484 		     (IEEE80211_NUM_ACS - num) * sizeof(struct edca);
2485 
2486 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(EDCA_UPDATE), req,
2487 				 len, true);
2488 }
2489 
2490 int mt7915_mcu_set_tx(struct mt7915_dev *dev, struct ieee80211_vif *vif)
2491 {
2492 #define TX_CMD_MODE		1
2493 	struct mt7915_mcu_tx req = {
2494 		.valid = true,
2495 		.mode = TX_CMD_MODE,
2496 		.total = IEEE80211_NUM_ACS,
2497 	};
2498 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
2499 	int ac;
2500 
2501 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2502 		struct ieee80211_tx_queue_params *q = &mvif->queue_params[ac];
2503 		struct edca *e = &req.edca[ac];
2504 
2505 		e->set = WMM_PARAM_SET;
2506 		e->queue = ac + mvif->mt76.wmm_idx * MT76_CONNAC_MAX_WMM_SETS;
2507 		e->aifs = q->aifs;
2508 		e->txop = cpu_to_le16(q->txop);
2509 
2510 		if (q->cw_min)
2511 			e->cw_min = fls(q->cw_min);
2512 		else
2513 			e->cw_min = 5;
2514 
2515 		if (q->cw_max)
2516 			e->cw_max = cpu_to_le16(fls(q->cw_max));
2517 		else
2518 			e->cw_max = cpu_to_le16(10);
2519 	}
2520 
2521 	return mt7915_mcu_update_edca(dev, &req);
2522 }
2523 
2524 int mt7915_mcu_set_fcc5_lpn(struct mt7915_dev *dev, int val)
2525 {
2526 	struct {
2527 		__le32 tag;
2528 		__le16 min_lpn;
2529 		u8 rsv[2];
2530 	} __packed req = {
2531 		.tag = cpu_to_le32(0x1),
2532 		.min_lpn = cpu_to_le16(val),
2533 	};
2534 
2535 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2536 				 sizeof(req), true);
2537 }
2538 
2539 int mt7915_mcu_set_pulse_th(struct mt7915_dev *dev,
2540 			    const struct mt7915_dfs_pulse *pulse)
2541 {
2542 	struct {
2543 		__le32 tag;
2544 
2545 		__le32 max_width;		/* us */
2546 		__le32 max_pwr;			/* dbm */
2547 		__le32 min_pwr;			/* dbm */
2548 		__le32 min_stgr_pri;		/* us */
2549 		__le32 max_stgr_pri;		/* us */
2550 		__le32 min_cr_pri;		/* us */
2551 		__le32 max_cr_pri;		/* us */
2552 	} __packed req = {
2553 		.tag = cpu_to_le32(0x3),
2554 
2555 #define __req_field(field) .field = cpu_to_le32(pulse->field)
2556 		__req_field(max_width),
2557 		__req_field(max_pwr),
2558 		__req_field(min_pwr),
2559 		__req_field(min_stgr_pri),
2560 		__req_field(max_stgr_pri),
2561 		__req_field(min_cr_pri),
2562 		__req_field(max_cr_pri),
2563 #undef __req_field
2564 	};
2565 
2566 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2567 				 sizeof(req), true);
2568 }
2569 
2570 int mt7915_mcu_set_radar_th(struct mt7915_dev *dev, int index,
2571 			    const struct mt7915_dfs_pattern *pattern)
2572 {
2573 	struct {
2574 		__le32 tag;
2575 		__le16 radar_type;
2576 
2577 		u8 enb;
2578 		u8 stgr;
2579 		u8 min_crpn;
2580 		u8 max_crpn;
2581 		u8 min_crpr;
2582 		u8 min_pw;
2583 		__le32 min_pri;
2584 		__le32 max_pri;
2585 		u8 max_pw;
2586 		u8 min_crbn;
2587 		u8 max_crbn;
2588 		u8 min_stgpn;
2589 		u8 max_stgpn;
2590 		u8 min_stgpr;
2591 		u8 rsv[2];
2592 		__le32 min_stgpr_diff;
2593 	} __packed req = {
2594 		.tag = cpu_to_le32(0x2),
2595 		.radar_type = cpu_to_le16(index),
2596 
2597 #define __req_field_u8(field) .field = pattern->field
2598 #define __req_field_u32(field) .field = cpu_to_le32(pattern->field)
2599 		__req_field_u8(enb),
2600 		__req_field_u8(stgr),
2601 		__req_field_u8(min_crpn),
2602 		__req_field_u8(max_crpn),
2603 		__req_field_u8(min_crpr),
2604 		__req_field_u8(min_pw),
2605 		__req_field_u32(min_pri),
2606 		__req_field_u32(max_pri),
2607 		__req_field_u8(max_pw),
2608 		__req_field_u8(min_crbn),
2609 		__req_field_u8(max_crbn),
2610 		__req_field_u8(min_stgpn),
2611 		__req_field_u8(max_stgpn),
2612 		__req_field_u8(min_stgpr),
2613 		__req_field_u32(min_stgpr_diff),
2614 #undef __req_field_u8
2615 #undef __req_field_u32
2616 	};
2617 
2618 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2619 				 sizeof(req), true);
2620 }
2621 
2622 static int
2623 mt7915_mcu_background_chain_ctrl(struct mt7915_phy *phy,
2624 				 struct cfg80211_chan_def *chandef,
2625 				 int cmd)
2626 {
2627 	struct mt7915_dev *dev = phy->dev;
2628 	struct mt76_phy *mphy = phy->mt76;
2629 	struct ieee80211_channel *chan = mphy->chandef.chan;
2630 	int freq = mphy->chandef.center_freq1;
2631 	struct mt7915_mcu_background_chain_ctrl req = {
2632 		.monitor_scan_type = 2, /* simple rx */
2633 	};
2634 
2635 	if (!chandef && cmd != CH_SWITCH_BACKGROUND_SCAN_STOP)
2636 		return -EINVAL;
2637 
2638 	if (!cfg80211_chandef_valid(&mphy->chandef))
2639 		return -EINVAL;
2640 
2641 	switch (cmd) {
2642 	case CH_SWITCH_BACKGROUND_SCAN_START: {
2643 		req.chan = chan->hw_value;
2644 		req.central_chan = ieee80211_frequency_to_channel(freq);
2645 		req.bw = mt76_connac_chan_bw(&mphy->chandef);
2646 		req.monitor_chan = chandef->chan->hw_value;
2647 		req.monitor_central_chan =
2648 			ieee80211_frequency_to_channel(chandef->center_freq1);
2649 		req.monitor_bw = mt76_connac_chan_bw(chandef);
2650 		req.band_idx = phy->mt76->band_idx;
2651 		req.scan_mode = 1;
2652 		break;
2653 	}
2654 	case CH_SWITCH_BACKGROUND_SCAN_RUNNING:
2655 		req.monitor_chan = chandef->chan->hw_value;
2656 		req.monitor_central_chan =
2657 			ieee80211_frequency_to_channel(chandef->center_freq1);
2658 		req.band_idx = phy->mt76->band_idx;
2659 		req.scan_mode = 2;
2660 		break;
2661 	case CH_SWITCH_BACKGROUND_SCAN_STOP:
2662 		req.chan = chan->hw_value;
2663 		req.central_chan = ieee80211_frequency_to_channel(freq);
2664 		req.bw = mt76_connac_chan_bw(&mphy->chandef);
2665 		req.tx_stream = hweight8(mphy->antenna_mask);
2666 		req.rx_stream = mphy->antenna_mask;
2667 		break;
2668 	default:
2669 		return -EINVAL;
2670 	}
2671 	req.band = chandef ? chandef->chan->band == NL80211_BAND_5GHZ : 1;
2672 
2673 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(OFFCH_SCAN_CTRL),
2674 				 &req, sizeof(req), false);
2675 }
2676 
2677 int mt7915_mcu_rdd_background_enable(struct mt7915_phy *phy,
2678 				     struct cfg80211_chan_def *chandef)
2679 {
2680 	struct mt7915_dev *dev = phy->dev;
2681 	int err, region;
2682 
2683 	if (!chandef) { /* disable offchain */
2684 		err = mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_STOP, MT_RX_SEL2,
2685 					      0, 0);
2686 		if (err)
2687 			return err;
2688 
2689 		return mt7915_mcu_background_chain_ctrl(phy, NULL,
2690 				CH_SWITCH_BACKGROUND_SCAN_STOP);
2691 	}
2692 
2693 	err = mt7915_mcu_background_chain_ctrl(phy, chandef,
2694 					       CH_SWITCH_BACKGROUND_SCAN_START);
2695 	if (err)
2696 		return err;
2697 
2698 	switch (dev->mt76.region) {
2699 	case NL80211_DFS_ETSI:
2700 		region = 0;
2701 		break;
2702 	case NL80211_DFS_JP:
2703 		region = 2;
2704 		break;
2705 	case NL80211_DFS_FCC:
2706 	default:
2707 		region = 1;
2708 		break;
2709 	}
2710 
2711 	return mt76_connac_mcu_rdd_cmd(&dev->mt76, RDD_START, MT_RX_SEL2,
2712 				       0, region);
2713 }
2714 
2715 int mt7915_mcu_set_chan_info(struct mt7915_phy *phy, int cmd)
2716 {
2717 	static const u8 ch_band[] = {
2718 		[NL80211_BAND_2GHZ] = 0,
2719 		[NL80211_BAND_5GHZ] = 1,
2720 		[NL80211_BAND_6GHZ] = 2,
2721 	};
2722 	struct mt7915_dev *dev = phy->dev;
2723 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2724 	int freq1 = chandef->center_freq1;
2725 	u8 band = phy->mt76->band_idx;
2726 	struct {
2727 		u8 control_ch;
2728 		u8 center_ch;
2729 		u8 bw;
2730 		u8 tx_path_num;
2731 		u8 rx_path;	/* mask or num */
2732 		u8 switch_reason;
2733 		u8 band_idx;
2734 		u8 center_ch2;	/* for 80+80 only */
2735 		__le16 cac_case;
2736 		u8 channel_band;
2737 		u8 rsv0;
2738 		__le32 outband_freq;
2739 		u8 txpower_drop;
2740 		u8 ap_bw;
2741 		u8 ap_center_ch;
2742 		u8 rsv1[57];
2743 	} __packed req = {
2744 		.control_ch = chandef->chan->hw_value,
2745 		.center_ch = ieee80211_frequency_to_channel(freq1),
2746 		.bw = mt76_connac_chan_bw(chandef),
2747 		.tx_path_num = hweight16(phy->mt76->chainmask),
2748 		.rx_path = phy->mt76->chainmask >> (dev->chainshift * band),
2749 		.band_idx = band,
2750 		.channel_band = ch_band[chandef->chan->band],
2751 	};
2752 
2753 #ifdef CONFIG_NL80211_TESTMODE
2754 	if (phy->mt76->test.tx_antenna_mask &&
2755 	    mt76_testmode_enabled(phy->mt76)) {
2756 		req.tx_path_num = fls(phy->mt76->test.tx_antenna_mask);
2757 		req.rx_path = phy->mt76->test.tx_antenna_mask;
2758 	}
2759 #endif
2760 
2761 	if (mt76_connac_spe_idx(phy->mt76->antenna_mask))
2762 		req.tx_path_num = fls(phy->mt76->antenna_mask);
2763 
2764 	if (cmd == MCU_EXT_CMD(SET_RX_PATH) ||
2765 	    dev->mt76.hw->conf.flags & IEEE80211_CONF_MONITOR)
2766 		req.switch_reason = CH_SWITCH_NORMAL;
2767 	else if (phy->mt76->hw->conf.flags & IEEE80211_CONF_OFFCHANNEL)
2768 		req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
2769 	else if (!cfg80211_reg_can_beacon(phy->mt76->hw->wiphy, chandef,
2770 					  NL80211_IFTYPE_AP))
2771 		req.switch_reason = CH_SWITCH_DFS;
2772 	else
2773 		req.switch_reason = CH_SWITCH_NORMAL;
2774 
2775 	if (cmd == MCU_EXT_CMD(CHANNEL_SWITCH))
2776 		req.rx_path = hweight8(req.rx_path);
2777 
2778 	if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
2779 		int freq2 = chandef->center_freq2;
2780 
2781 		req.center_ch2 = ieee80211_frequency_to_channel(freq2);
2782 	}
2783 
2784 	return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), true);
2785 }
2786 
2787 static int mt7915_mcu_set_eeprom_flash(struct mt7915_dev *dev)
2788 {
2789 #define MAX_PAGE_IDX_MASK	GENMASK(7, 5)
2790 #define PAGE_IDX_MASK		GENMASK(4, 2)
2791 #define PER_PAGE_SIZE		0x400
2792 	struct mt7915_mcu_eeprom req = { .buffer_mode = EE_MODE_BUFFER };
2793 	u16 eeprom_size = mt7915_eeprom_size(dev);
2794 	u8 total = DIV_ROUND_UP(eeprom_size, PER_PAGE_SIZE);
2795 	u8 *eep = (u8 *)dev->mt76.eeprom.data;
2796 	int eep_len;
2797 	int i;
2798 
2799 	for (i = 0; i < total; i++, eep += eep_len) {
2800 		struct sk_buff *skb;
2801 		int ret;
2802 
2803 		if (i == total - 1 && !!(eeprom_size % PER_PAGE_SIZE))
2804 			eep_len = eeprom_size % PER_PAGE_SIZE;
2805 		else
2806 			eep_len = PER_PAGE_SIZE;
2807 
2808 		skb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
2809 					 sizeof(req) + eep_len);
2810 		if (!skb)
2811 			return -ENOMEM;
2812 
2813 		req.format = FIELD_PREP(MAX_PAGE_IDX_MASK, total - 1) |
2814 			     FIELD_PREP(PAGE_IDX_MASK, i) | EE_FORMAT_WHOLE;
2815 		req.len = cpu_to_le16(eep_len);
2816 
2817 		skb_put_data(skb, &req, sizeof(req));
2818 		skb_put_data(skb, eep, eep_len);
2819 
2820 		ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2821 					    MCU_EXT_CMD(EFUSE_BUFFER_MODE), true);
2822 		if (ret)
2823 			return ret;
2824 	}
2825 
2826 	return 0;
2827 }
2828 
2829 int mt7915_mcu_set_eeprom(struct mt7915_dev *dev)
2830 {
2831 	struct mt7915_mcu_eeprom req = {
2832 		.buffer_mode = EE_MODE_EFUSE,
2833 		.format = EE_FORMAT_WHOLE,
2834 	};
2835 
2836 	if (dev->flash_mode)
2837 		return mt7915_mcu_set_eeprom_flash(dev);
2838 
2839 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(EFUSE_BUFFER_MODE),
2840 				 &req, sizeof(req), true);
2841 }
2842 
2843 int mt7915_mcu_get_eeprom(struct mt7915_dev *dev, u32 offset)
2844 {
2845 	struct mt7915_mcu_eeprom_info req = {
2846 		.addr = cpu_to_le32(round_down(offset,
2847 				    MT7915_EEPROM_BLOCK_SIZE)),
2848 	};
2849 	struct mt7915_mcu_eeprom_info *res;
2850 	struct sk_buff *skb;
2851 	int ret;
2852 	u8 *buf;
2853 
2854 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
2855 					MCU_EXT_QUERY(EFUSE_ACCESS),
2856 					&req, sizeof(req), true, &skb);
2857 	if (ret)
2858 		return ret;
2859 
2860 	res = (struct mt7915_mcu_eeprom_info *)skb->data;
2861 	buf = dev->mt76.eeprom.data + le32_to_cpu(res->addr);
2862 	memcpy(buf, res->data, MT7915_EEPROM_BLOCK_SIZE);
2863 	dev_kfree_skb(skb);
2864 
2865 	return 0;
2866 }
2867 
2868 int mt7915_mcu_get_eeprom_free_block(struct mt7915_dev *dev, u8 *block_num)
2869 {
2870 	struct {
2871 		u8 _rsv;
2872 		u8 version;
2873 		u8 die_idx;
2874 		u8 _rsv2;
2875 	} __packed req = {
2876 		.version = 1,
2877 	};
2878 	struct sk_buff *skb;
2879 	int ret;
2880 
2881 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
2882 					MCU_EXT_QUERY(EFUSE_FREE_BLOCK),
2883 					&req, sizeof(req), true, &skb);
2884 	if (ret)
2885 		return ret;
2886 
2887 	*block_num = *(u8 *)skb->data;
2888 	dev_kfree_skb(skb);
2889 
2890 	return 0;
2891 }
2892 
2893 static int mt7915_mcu_set_pre_cal(struct mt7915_dev *dev, u8 idx,
2894 				  u8 *data, u32 len, int cmd)
2895 {
2896 	struct {
2897 		u8 dir;
2898 		u8 valid;
2899 		__le16 bitmap;
2900 		s8 precal;
2901 		u8 action;
2902 		u8 band;
2903 		u8 idx;
2904 		u8 rsv[4];
2905 		__le32 len;
2906 	} req = {};
2907 	struct sk_buff *skb;
2908 
2909 	skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, sizeof(req) + len);
2910 	if (!skb)
2911 		return -ENOMEM;
2912 
2913 	req.idx = idx;
2914 	req.len = cpu_to_le32(len);
2915 	skb_put_data(skb, &req, sizeof(req));
2916 	skb_put_data(skb, data, len);
2917 
2918 	return mt76_mcu_skb_send_msg(&dev->mt76, skb, cmd, false);
2919 }
2920 
2921 int mt7915_mcu_apply_group_cal(struct mt7915_dev *dev)
2922 {
2923 	u8 idx = 0, *cal = dev->cal, *eep = dev->mt76.eeprom.data;
2924 	u32 total = MT_EE_CAL_GROUP_SIZE;
2925 
2926 	if (!(eep[MT_EE_DO_PRE_CAL] & MT_EE_WIFI_CAL_GROUP))
2927 		return 0;
2928 
2929 	/*
2930 	 * Items: Rx DCOC, RSSI DCOC, Tx TSSI DCOC, Tx LPFG
2931 	 * Tx FDIQ, Tx DCIQ, Rx FDIQ, Rx FIIQ, ADCDCOC
2932 	 */
2933 	while (total > 0) {
2934 		int ret, len;
2935 
2936 		len = min_t(u32, total, MT_EE_CAL_UNIT);
2937 
2938 		ret = mt7915_mcu_set_pre_cal(dev, idx, cal, len,
2939 					     MCU_EXT_CMD(GROUP_PRE_CAL_INFO));
2940 		if (ret)
2941 			return ret;
2942 
2943 		total -= len;
2944 		cal += len;
2945 		idx++;
2946 	}
2947 
2948 	return 0;
2949 }
2950 
2951 static int mt7915_find_freq_idx(const u16 *freqs, int n_freqs, u16 cur)
2952 {
2953 	int i;
2954 
2955 	for (i = 0; i < n_freqs; i++)
2956 		if (cur == freqs[i])
2957 			return i;
2958 
2959 	return -1;
2960 }
2961 
2962 static int mt7915_dpd_freq_idx(u16 freq, u8 bw)
2963 {
2964 	static const u16 freq_list[] = {
2965 		5180, 5200, 5220, 5240,
2966 		5260, 5280, 5300, 5320,
2967 		5500, 5520, 5540, 5560,
2968 		5580, 5600, 5620, 5640,
2969 		5660, 5680, 5700, 5745,
2970 		5765, 5785, 5805, 5825
2971 	};
2972 	int offset_2g = ARRAY_SIZE(freq_list);
2973 	int idx;
2974 
2975 	if (freq < 4000) {
2976 		if (freq < 2432)
2977 			return offset_2g;
2978 		if (freq < 2457)
2979 			return offset_2g + 1;
2980 
2981 		return offset_2g + 2;
2982 	}
2983 
2984 	if (bw == NL80211_CHAN_WIDTH_80P80 || bw == NL80211_CHAN_WIDTH_160)
2985 		return -1;
2986 
2987 	if (bw != NL80211_CHAN_WIDTH_20) {
2988 		idx = mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
2989 					   freq + 10);
2990 		if (idx >= 0)
2991 			return idx;
2992 
2993 		idx = mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list),
2994 					   freq - 10);
2995 		if (idx >= 0)
2996 			return idx;
2997 	}
2998 
2999 	return mt7915_find_freq_idx(freq_list, ARRAY_SIZE(freq_list), freq);
3000 }
3001 
3002 int mt7915_mcu_apply_tx_dpd(struct mt7915_phy *phy)
3003 {
3004 	struct mt7915_dev *dev = phy->dev;
3005 	struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
3006 	u16 total = 2, center_freq = chandef->center_freq1;
3007 	u8 *cal = dev->cal, *eep = dev->mt76.eeprom.data;
3008 	int idx;
3009 
3010 	if (!(eep[MT_EE_DO_PRE_CAL] & MT_EE_WIFI_CAL_DPD))
3011 		return 0;
3012 
3013 	idx = mt7915_dpd_freq_idx(center_freq, chandef->width);
3014 	if (idx < 0)
3015 		return -EINVAL;
3016 
3017 	/* Items: Tx DPD, Tx Flatness */
3018 	idx = idx * 2;
3019 	cal += MT_EE_CAL_GROUP_SIZE;
3020 
3021 	while (total--) {
3022 		int ret;
3023 
3024 		cal += (idx * MT_EE_CAL_UNIT);
3025 		ret = mt7915_mcu_set_pre_cal(dev, idx, cal, MT_EE_CAL_UNIT,
3026 					     MCU_EXT_CMD(DPD_PRE_CAL_INFO));
3027 		if (ret)
3028 			return ret;
3029 
3030 		idx++;
3031 	}
3032 
3033 	return 0;
3034 }
3035 
3036 int mt7915_mcu_get_chan_mib_info(struct mt7915_phy *phy, bool chan_switch)
3037 {
3038 	struct mt76_channel_state *state = phy->mt76->chan_state;
3039 	struct mt76_channel_state *state_ts = &phy->state_ts;
3040 	struct mt7915_dev *dev = phy->dev;
3041 	struct mt7915_mcu_mib *res, req[5];
3042 	struct sk_buff *skb;
3043 	static const u32 *offs;
3044 	int i, ret, len, offs_cc;
3045 	u64 cc_tx;
3046 
3047 	/* strict order */
3048 	if (is_mt7915(&dev->mt76)) {
3049 		static const u32 chip_offs[] = {
3050 			MIB_NON_WIFI_TIME,
3051 			MIB_TX_TIME,
3052 			MIB_RX_TIME,
3053 			MIB_OBSS_AIRTIME,
3054 			MIB_TXOP_INIT_COUNT,
3055 		};
3056 		len = ARRAY_SIZE(chip_offs);
3057 		offs = chip_offs;
3058 		offs_cc = 20;
3059 	} else {
3060 		static const u32 chip_offs[] = {
3061 			MIB_NON_WIFI_TIME_V2,
3062 			MIB_TX_TIME_V2,
3063 			MIB_RX_TIME_V2,
3064 			MIB_OBSS_AIRTIME_V2
3065 		};
3066 		len = ARRAY_SIZE(chip_offs);
3067 		offs = chip_offs;
3068 		offs_cc = 0;
3069 	}
3070 
3071 	for (i = 0; i < len; i++) {
3072 		req[i].band = cpu_to_le32(phy->mt76->band_idx);
3073 		req[i].offs = cpu_to_le32(offs[i]);
3074 	}
3075 
3076 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(GET_MIB_INFO),
3077 					req, sizeof(req), true, &skb);
3078 	if (ret)
3079 		return ret;
3080 
3081 	res = (struct mt7915_mcu_mib *)(skb->data + offs_cc);
3082 
3083 #define __res_u64(s) le64_to_cpu(res[s].data)
3084 	/* subtract Tx backoff time from Tx duration */
3085 	cc_tx = is_mt7915(&dev->mt76) ? __res_u64(1) - __res_u64(4) : __res_u64(1);
3086 
3087 	if (chan_switch)
3088 		goto out;
3089 
3090 	state->cc_tx += cc_tx - state_ts->cc_tx;
3091 	state->cc_bss_rx += __res_u64(2) - state_ts->cc_bss_rx;
3092 	state->cc_rx += __res_u64(2) + __res_u64(3) - state_ts->cc_rx;
3093 	state->cc_busy += __res_u64(0) + cc_tx + __res_u64(2) + __res_u64(3) -
3094 			  state_ts->cc_busy;
3095 
3096 out:
3097 	state_ts->cc_tx = cc_tx;
3098 	state_ts->cc_bss_rx = __res_u64(2);
3099 	state_ts->cc_rx = __res_u64(2) + __res_u64(3);
3100 	state_ts->cc_busy = __res_u64(0) + cc_tx + __res_u64(2) + __res_u64(3);
3101 #undef __res_u64
3102 
3103 	dev_kfree_skb(skb);
3104 
3105 	return 0;
3106 }
3107 
3108 int mt7915_mcu_get_temperature(struct mt7915_phy *phy)
3109 {
3110 	struct mt7915_dev *dev = phy->dev;
3111 	struct {
3112 		u8 ctrl_id;
3113 		u8 action;
3114 		u8 band_idx;
3115 		u8 rsv[5];
3116 	} req = {
3117 		.ctrl_id = THERMAL_SENSOR_TEMP_QUERY,
3118 		.band_idx = phy->mt76->band_idx,
3119 	};
3120 
3121 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_CTRL), &req,
3122 				 sizeof(req), true);
3123 }
3124 
3125 int mt7915_mcu_set_thermal_throttling(struct mt7915_phy *phy, u8 state)
3126 {
3127 	struct mt7915_dev *dev = phy->dev;
3128 	struct mt7915_mcu_thermal_ctrl req = {
3129 		.band_idx = phy->mt76->band_idx,
3130 		.ctrl_id = THERMAL_PROTECT_DUTY_CONFIG,
3131 	};
3132 	int level, ret;
3133 
3134 	/* set duty cycle and level */
3135 	for (level = 0; level < 4; level++) {
3136 		req.duty.duty_level = level;
3137 		req.duty.duty_cycle = state;
3138 		state /= 2;
3139 
3140 		ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_PROT),
3141 					&req, sizeof(req), false);
3142 		if (ret)
3143 			return ret;
3144 	}
3145 	return 0;
3146 }
3147 
3148 int mt7915_mcu_set_thermal_protect(struct mt7915_phy *phy)
3149 {
3150 	struct mt7915_dev *dev = phy->dev;
3151 	struct {
3152 		struct mt7915_mcu_thermal_ctrl ctrl;
3153 
3154 		__le32 trigger_temp;
3155 		__le32 restore_temp;
3156 		__le16 sustain_time;
3157 		u8 rsv[2];
3158 	} __packed req = {
3159 		.ctrl = {
3160 			.band_idx = phy->mt76->band_idx,
3161 			.type.protect_type = 1,
3162 			.type.trigger_type = 1,
3163 		},
3164 	};
3165 	int ret;
3166 
3167 	req.ctrl.ctrl_id = THERMAL_PROTECT_DISABLE;
3168 	ret = mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_PROT),
3169 				&req, sizeof(req.ctrl), false);
3170 
3171 	if (ret)
3172 		return ret;
3173 
3174 	/* set high-temperature trigger threshold */
3175 	req.ctrl.ctrl_id = THERMAL_PROTECT_ENABLE;
3176 	/* add a safety margin ~10 */
3177 	req.restore_temp = cpu_to_le32(phy->throttle_temp[0] - 10);
3178 	req.trigger_temp = cpu_to_le32(phy->throttle_temp[1]);
3179 	req.sustain_time = cpu_to_le16(10);
3180 
3181 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(THERMAL_PROT),
3182 				 &req, sizeof(req), false);
3183 }
3184 
3185 int mt7915_mcu_set_txpower_frame_min(struct mt7915_phy *phy, s8 txpower)
3186 {
3187 	struct mt7915_dev *dev = phy->dev;
3188 	struct {
3189 		u8 format_id;
3190 		u8 rsv;
3191 		u8 band_idx;
3192 		s8 txpower_min;
3193 	} __packed req = {
3194 		.format_id = TX_POWER_LIMIT_FRAME_MIN,
3195 		.band_idx = phy->mt76->band_idx,
3196 		.txpower_min = txpower * 2, /* 0.5db */
3197 	};
3198 
3199 	return mt76_mcu_send_msg(&dev->mt76,
3200 				 MCU_EXT_CMD(TX_POWER_FEATURE_CTRL), &req,
3201 				 sizeof(req), true);
3202 }
3203 
3204 int mt7915_mcu_set_txpower_frame(struct mt7915_phy *phy,
3205 				 struct ieee80211_vif *vif,
3206 				 struct ieee80211_sta *sta, s8 txpower)
3207 {
3208 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
3209 	struct mt7915_dev *dev = phy->dev;
3210 	struct mt76_phy *mphy = phy->mt76;
3211 	struct {
3212 		u8 format_id;
3213 		u8 rsv[3];
3214 		u8 band_idx;
3215 		s8 txpower_max;
3216 		__le16 wcid;
3217 		s8 txpower_offs[48];
3218 	} __packed req = {
3219 		.format_id = TX_POWER_LIMIT_FRAME,
3220 		.band_idx = phy->mt76->band_idx,
3221 		.txpower_max = DIV_ROUND_UP(mphy->txpower_cur, 2),
3222 		.wcid = cpu_to_le16(msta->wcid.idx),
3223 	};
3224 	int ret;
3225 	s8 txpower_sku[MT7915_SKU_RATE_NUM];
3226 
3227 	ret = mt7915_mcu_get_txpower_sku(phy, txpower_sku, sizeof(txpower_sku));
3228 	if (ret)
3229 		return ret;
3230 
3231 	txpower = mt7915_get_power_bound(phy, txpower);
3232 	if (txpower > mphy->txpower_cur || txpower < 0)
3233 		return -EINVAL;
3234 
3235 	if (txpower) {
3236 		u32 offs, len, i;
3237 
3238 		if (sta->deflink.ht_cap.ht_supported) {
3239 			const u8 *sku_len = mt7915_sku_group_len;
3240 
3241 			offs = sku_len[SKU_CCK] + sku_len[SKU_OFDM];
3242 			len = sku_len[SKU_HT_BW20] + sku_len[SKU_HT_BW40];
3243 
3244 			if (sta->deflink.vht_cap.vht_supported) {
3245 				offs += len;
3246 				len = sku_len[SKU_VHT_BW20] * 4;
3247 
3248 				if (sta->deflink.he_cap.has_he) {
3249 					offs += len + sku_len[SKU_HE_RU26] * 3;
3250 					len = sku_len[SKU_HE_RU242] * 4;
3251 				}
3252 			}
3253 		} else {
3254 			return -EINVAL;
3255 		}
3256 
3257 		for (i = 0; i < len; i++, offs++)
3258 			req.txpower_offs[i] =
3259 				DIV_ROUND_UP(txpower - txpower_sku[offs], 2);
3260 	}
3261 
3262 	return mt76_mcu_send_msg(&dev->mt76,
3263 				 MCU_EXT_CMD(TX_POWER_FEATURE_CTRL), &req,
3264 				 sizeof(req), true);
3265 }
3266 
3267 int mt7915_mcu_set_txpower_sku(struct mt7915_phy *phy)
3268 {
3269 	struct mt7915_dev *dev = phy->dev;
3270 	struct mt76_phy *mphy = phy->mt76;
3271 	struct ieee80211_hw *hw = mphy->hw;
3272 	struct mt7915_mcu_txpower_sku req = {
3273 		.format_id = TX_POWER_LIMIT_TABLE,
3274 		.band_idx = phy->mt76->band_idx,
3275 	};
3276 	struct mt76_power_limits limits_array;
3277 	s8 *la = (s8 *)&limits_array;
3278 	int i, idx;
3279 	int tx_power;
3280 
3281 	tx_power = mt7915_get_power_bound(phy, hw->conf.power_level);
3282 	tx_power = mt76_get_rate_power_limits(mphy, mphy->chandef.chan,
3283 					      &limits_array, tx_power);
3284 	mphy->txpower_cur = tx_power;
3285 
3286 	for (i = 0, idx = 0; i < ARRAY_SIZE(mt7915_sku_group_len); i++) {
3287 		u8 mcs_num, len = mt7915_sku_group_len[i];
3288 		int j;
3289 
3290 		if (i >= SKU_HT_BW20 && i <= SKU_VHT_BW160) {
3291 			mcs_num = 10;
3292 
3293 			if (i == SKU_HT_BW20 || i == SKU_VHT_BW20)
3294 				la = (s8 *)&limits_array + 12;
3295 		} else {
3296 			mcs_num = len;
3297 		}
3298 
3299 		for (j = 0; j < min_t(u8, mcs_num, len); j++)
3300 			req.txpower_sku[idx + j] = la[j];
3301 
3302 		la += mcs_num;
3303 		idx += len;
3304 	}
3305 
3306 	return mt76_mcu_send_msg(&dev->mt76,
3307 				 MCU_EXT_CMD(TX_POWER_FEATURE_CTRL), &req,
3308 				 sizeof(req), true);
3309 }
3310 
3311 int mt7915_mcu_get_txpower_sku(struct mt7915_phy *phy, s8 *txpower, int len)
3312 {
3313 #define RATE_POWER_INFO	2
3314 	struct mt7915_dev *dev = phy->dev;
3315 	struct {
3316 		u8 format_id;
3317 		u8 category;
3318 		u8 band_idx;
3319 		u8 _rsv;
3320 	} __packed req = {
3321 		.format_id = TX_POWER_LIMIT_INFO,
3322 		.category = RATE_POWER_INFO,
3323 		.band_idx = phy->mt76->band_idx,
3324 	};
3325 	s8 txpower_sku[MT7915_SKU_RATE_NUM][2];
3326 	struct sk_buff *skb;
3327 	int ret, i;
3328 
3329 	ret = mt76_mcu_send_and_get_msg(&dev->mt76,
3330 					MCU_EXT_CMD(TX_POWER_FEATURE_CTRL),
3331 					&req, sizeof(req), true, &skb);
3332 	if (ret)
3333 		return ret;
3334 
3335 	memcpy(txpower_sku, skb->data + 4, sizeof(txpower_sku));
3336 	for (i = 0; i < len; i++)
3337 		txpower[i] = txpower_sku[i][req.band_idx];
3338 
3339 	dev_kfree_skb(skb);
3340 
3341 	return 0;
3342 }
3343 
3344 int mt7915_mcu_set_test_param(struct mt7915_dev *dev, u8 param, bool test_mode,
3345 			      u8 en)
3346 {
3347 	struct {
3348 		u8 test_mode_en;
3349 		u8 param_idx;
3350 		u8 _rsv[2];
3351 
3352 		u8 enable;
3353 		u8 _rsv2[3];
3354 
3355 		u8 pad[8];
3356 	} __packed req = {
3357 		.test_mode_en = test_mode,
3358 		.param_idx = param,
3359 		.enable = en,
3360 	};
3361 
3362 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(ATE_CTRL), &req,
3363 				 sizeof(req), false);
3364 }
3365 
3366 int mt7915_mcu_set_sku_en(struct mt7915_phy *phy, bool enable)
3367 {
3368 	struct mt7915_dev *dev = phy->dev;
3369 	struct mt7915_sku {
3370 		u8 format_id;
3371 		u8 sku_enable;
3372 		u8 band_idx;
3373 		u8 rsv;
3374 	} __packed req = {
3375 		.format_id = TX_POWER_LIMIT_ENABLE,
3376 		.band_idx = phy->mt76->band_idx,
3377 		.sku_enable = enable,
3378 	};
3379 
3380 	return mt76_mcu_send_msg(&dev->mt76,
3381 				 MCU_EXT_CMD(TX_POWER_FEATURE_CTRL), &req,
3382 				 sizeof(req), true);
3383 }
3384 
3385 int mt7915_mcu_set_ser(struct mt7915_dev *dev, u8 action, u8 set, u8 band)
3386 {
3387 	struct {
3388 		u8 action;
3389 		u8 set;
3390 		u8 band;
3391 		u8 rsv;
3392 	} req = {
3393 		.action = action,
3394 		.set = set,
3395 		.band = band,
3396 	};
3397 
3398 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SER_TRIGGER),
3399 				 &req, sizeof(req), false);
3400 }
3401 
3402 int mt7915_mcu_set_txbf(struct mt7915_dev *dev, u8 action)
3403 {
3404 	struct {
3405 		u8 action;
3406 		union {
3407 			struct {
3408 				u8 snd_mode;
3409 				u8 sta_num;
3410 				u8 rsv;
3411 				u8 wlan_idx[4];
3412 				__le32 snd_period;	/* ms */
3413 			} __packed snd;
3414 			struct {
3415 				bool ebf;
3416 				bool ibf;
3417 				u8 rsv;
3418 			} __packed type;
3419 			struct {
3420 				u8 bf_num;
3421 				u8 bf_bitmap;
3422 				u8 bf_sel[8];
3423 				u8 rsv[5];
3424 			} __packed mod;
3425 		};
3426 	} __packed req = {
3427 		.action = action,
3428 	};
3429 
3430 #define MT_BF_PROCESSING	4
3431 	switch (action) {
3432 	case MT_BF_SOUNDING_ON:
3433 		req.snd.snd_mode = MT_BF_PROCESSING;
3434 		break;
3435 	case MT_BF_TYPE_UPDATE:
3436 		req.type.ebf = true;
3437 		req.type.ibf = dev->ibf;
3438 		break;
3439 	case MT_BF_MODULE_UPDATE:
3440 		req.mod.bf_num = 2;
3441 		req.mod.bf_bitmap = GENMASK(1, 0);
3442 		break;
3443 	default:
3444 		return -EINVAL;
3445 	}
3446 
3447 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(TXBF_ACTION), &req,
3448 				 sizeof(req), true);
3449 }
3450 
3451 static int
3452 mt7915_mcu_enable_obss_spr(struct mt7915_phy *phy, u8 action, u8 val)
3453 {
3454 	struct mt7915_dev *dev = phy->dev;
3455 	struct mt7915_mcu_sr_ctrl req = {
3456 		.action = action,
3457 		.argnum = 1,
3458 		.band_idx = phy->mt76->band_idx,
3459 		.val = cpu_to_le32(val),
3460 	};
3461 
3462 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SPR), &req,
3463 				 sizeof(req), true);
3464 }
3465 
3466 static int
3467 mt7915_mcu_set_obss_spr_pd(struct mt7915_phy *phy,
3468 			   struct ieee80211_he_obss_pd *he_obss_pd)
3469 {
3470 	struct mt7915_dev *dev = phy->dev;
3471 	struct {
3472 		struct mt7915_mcu_sr_ctrl ctrl;
3473 		struct {
3474 			u8 pd_th_non_srg;
3475 			u8 pd_th_srg;
3476 			u8 period_offs;
3477 			u8 rcpi_src;
3478 			__le16 obss_pd_min;
3479 			__le16 obss_pd_min_srg;
3480 			u8 resp_txpwr_mode;
3481 			u8 txpwr_restrict_mode;
3482 			u8 txpwr_ref;
3483 			u8 rsv[3];
3484 		} __packed param;
3485 	} __packed req = {
3486 		.ctrl = {
3487 			.action = SPR_SET_PARAM,
3488 			.argnum = 9,
3489 			.band_idx = phy->mt76->band_idx,
3490 		},
3491 	};
3492 	int ret;
3493 	u8 max_th = 82, non_srg_max_th = 62;
3494 
3495 	/* disable firmware dynamical PD asjustment */
3496 	ret = mt7915_mcu_enable_obss_spr(phy, SPR_ENABLE_DPD, false);
3497 	if (ret)
3498 		return ret;
3499 
3500 	if (he_obss_pd->sr_ctrl &
3501 	    IEEE80211_HE_SPR_NON_SRG_OBSS_PD_SR_DISALLOWED)
3502 		req.param.pd_th_non_srg = max_th;
3503 	else if (he_obss_pd->sr_ctrl & IEEE80211_HE_SPR_NON_SRG_OFFSET_PRESENT)
3504 		req.param.pd_th_non_srg  = max_th - he_obss_pd->non_srg_max_offset;
3505 	else
3506 		req.param.pd_th_non_srg  = non_srg_max_th;
3507 
3508 	if (he_obss_pd->sr_ctrl & IEEE80211_HE_SPR_SRG_INFORMATION_PRESENT)
3509 		req.param.pd_th_srg = max_th - he_obss_pd->max_offset;
3510 
3511 	req.param.obss_pd_min = cpu_to_le16(82);
3512 	req.param.obss_pd_min_srg = cpu_to_le16(82);
3513 	req.param.txpwr_restrict_mode = 2;
3514 	req.param.txpwr_ref = 21;
3515 
3516 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SPR), &req,
3517 				 sizeof(req), true);
3518 }
3519 
3520 static int
3521 mt7915_mcu_set_obss_spr_siga(struct mt7915_phy *phy, struct ieee80211_vif *vif,
3522 			     struct ieee80211_he_obss_pd *he_obss_pd)
3523 {
3524 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
3525 	struct mt7915_dev *dev = phy->dev;
3526 	u8 omac = mvif->mt76.omac_idx;
3527 	struct {
3528 		struct mt7915_mcu_sr_ctrl ctrl;
3529 		struct {
3530 			u8 omac;
3531 			u8 rsv[3];
3532 			u8 flag[20];
3533 		} __packed siga;
3534 	} __packed req = {
3535 		.ctrl = {
3536 			.action = SPR_SET_SIGA,
3537 			.argnum = 1,
3538 			.band_idx = phy->mt76->band_idx,
3539 		},
3540 		.siga = {
3541 			.omac = omac > HW_BSSID_MAX ? omac - 12 : omac,
3542 		},
3543 	};
3544 	int ret;
3545 
3546 	if (he_obss_pd->sr_ctrl & IEEE80211_HE_SPR_HESIGA_SR_VAL15_ALLOWED)
3547 		req.siga.flag[req.siga.omac] = 0xf;
3548 	else
3549 		return 0;
3550 
3551 	/* switch to normal AP mode */
3552 	ret = mt7915_mcu_enable_obss_spr(phy, SPR_ENABLE_MODE, 0);
3553 	if (ret)
3554 		return ret;
3555 
3556 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SPR), &req,
3557 				 sizeof(req), true);
3558 }
3559 
3560 static int
3561 mt7915_mcu_set_obss_spr_bitmap(struct mt7915_phy *phy,
3562 			       struct ieee80211_he_obss_pd *he_obss_pd)
3563 {
3564 	struct mt7915_dev *dev = phy->dev;
3565 	struct {
3566 		struct mt7915_mcu_sr_ctrl ctrl;
3567 		struct {
3568 			__le32 color_l[2];
3569 			__le32 color_h[2];
3570 			__le32 bssid_l[2];
3571 			__le32 bssid_h[2];
3572 		} __packed bitmap;
3573 	} __packed req = {
3574 		.ctrl = {
3575 			.action = SPR_SET_SRG_BITMAP,
3576 			.argnum = 4,
3577 			.band_idx = phy->mt76->band_idx,
3578 		},
3579 	};
3580 	u32 bitmap;
3581 
3582 	memcpy(&bitmap, he_obss_pd->bss_color_bitmap, sizeof(bitmap));
3583 	req.bitmap.color_l[req.ctrl.band_idx] = cpu_to_le32(bitmap);
3584 
3585 	memcpy(&bitmap, he_obss_pd->bss_color_bitmap + 4, sizeof(bitmap));
3586 	req.bitmap.color_h[req.ctrl.band_idx] = cpu_to_le32(bitmap);
3587 
3588 	memcpy(&bitmap, he_obss_pd->partial_bssid_bitmap, sizeof(bitmap));
3589 	req.bitmap.bssid_l[req.ctrl.band_idx] = cpu_to_le32(bitmap);
3590 
3591 	memcpy(&bitmap, he_obss_pd->partial_bssid_bitmap + 4, sizeof(bitmap));
3592 	req.bitmap.bssid_h[req.ctrl.band_idx] = cpu_to_le32(bitmap);
3593 
3594 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SPR), &req,
3595 				 sizeof(req), true);
3596 }
3597 
3598 int mt7915_mcu_add_obss_spr(struct mt7915_phy *phy, struct ieee80211_vif *vif,
3599 			    struct ieee80211_he_obss_pd *he_obss_pd)
3600 {
3601 	int ret;
3602 
3603 	/* enable firmware scene detection algorithms */
3604 	ret = mt7915_mcu_enable_obss_spr(phy, SPR_ENABLE_SD, sr_scene_detect);
3605 	if (ret)
3606 		return ret;
3607 
3608 	/* firmware dynamically adjusts PD threshold so skip manual control */
3609 	if (sr_scene_detect && !he_obss_pd->enable)
3610 		return 0;
3611 
3612 	/* enable spatial reuse */
3613 	ret = mt7915_mcu_enable_obss_spr(phy, SPR_ENABLE, he_obss_pd->enable);
3614 	if (ret)
3615 		return ret;
3616 
3617 	if (sr_scene_detect || !he_obss_pd->enable)
3618 		return 0;
3619 
3620 	ret = mt7915_mcu_enable_obss_spr(phy, SPR_ENABLE_TX, true);
3621 	if (ret)
3622 		return ret;
3623 
3624 	/* set SRG/non-SRG OBSS PD threshold */
3625 	ret = mt7915_mcu_set_obss_spr_pd(phy, he_obss_pd);
3626 	if (ret)
3627 		return ret;
3628 
3629 	/* Set SR prohibit */
3630 	ret = mt7915_mcu_set_obss_spr_siga(phy, vif, he_obss_pd);
3631 	if (ret)
3632 		return ret;
3633 
3634 	/* set SRG BSS color/BSSID bitmap */
3635 	return mt7915_mcu_set_obss_spr_bitmap(phy, he_obss_pd);
3636 }
3637 
3638 int mt7915_mcu_get_rx_rate(struct mt7915_phy *phy, struct ieee80211_vif *vif,
3639 			   struct ieee80211_sta *sta, struct rate_info *rate)
3640 {
3641 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
3642 	struct mt7915_sta *msta = (struct mt7915_sta *)sta->drv_priv;
3643 	struct mt7915_dev *dev = phy->dev;
3644 	struct mt76_phy *mphy = phy->mt76;
3645 	struct {
3646 		u8 category;
3647 		u8 band;
3648 		__le16 wcid;
3649 	} __packed req = {
3650 		.category = MCU_PHY_STATE_CONTENTION_RX_RATE,
3651 		.band = mvif->mt76.band_idx,
3652 		.wcid = cpu_to_le16(msta->wcid.idx),
3653 	};
3654 	struct ieee80211_supported_band *sband;
3655 	struct mt7915_mcu_phy_rx_info *res;
3656 	struct sk_buff *skb;
3657 	int ret;
3658 	bool cck = false;
3659 
3660 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(PHY_STAT_INFO),
3661 					&req, sizeof(req), true, &skb);
3662 	if (ret)
3663 		return ret;
3664 
3665 	res = (struct mt7915_mcu_phy_rx_info *)skb->data;
3666 
3667 	rate->mcs = res->rate;
3668 	rate->nss = res->nsts + 1;
3669 
3670 	switch (res->mode) {
3671 	case MT_PHY_TYPE_CCK:
3672 		cck = true;
3673 		fallthrough;
3674 	case MT_PHY_TYPE_OFDM:
3675 		if (mphy->chandef.chan->band == NL80211_BAND_5GHZ)
3676 			sband = &mphy->sband_5g.sband;
3677 		else if (mphy->chandef.chan->band == NL80211_BAND_6GHZ)
3678 			sband = &mphy->sband_6g.sband;
3679 		else
3680 			sband = &mphy->sband_2g.sband;
3681 
3682 		rate->mcs = mt76_get_rate(&dev->mt76, sband, rate->mcs, cck);
3683 		rate->legacy = sband->bitrates[rate->mcs].bitrate;
3684 		break;
3685 	case MT_PHY_TYPE_HT:
3686 	case MT_PHY_TYPE_HT_GF:
3687 		if (rate->mcs > 31) {
3688 			ret = -EINVAL;
3689 			goto out;
3690 		}
3691 
3692 		rate->flags = RATE_INFO_FLAGS_MCS;
3693 		if (res->gi)
3694 			rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
3695 		break;
3696 	case MT_PHY_TYPE_VHT:
3697 		if (rate->mcs > 9) {
3698 			ret = -EINVAL;
3699 			goto out;
3700 		}
3701 
3702 		rate->flags = RATE_INFO_FLAGS_VHT_MCS;
3703 		if (res->gi)
3704 			rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
3705 		break;
3706 	case MT_PHY_TYPE_HE_SU:
3707 	case MT_PHY_TYPE_HE_EXT_SU:
3708 	case MT_PHY_TYPE_HE_TB:
3709 	case MT_PHY_TYPE_HE_MU:
3710 		if (res->gi > NL80211_RATE_INFO_HE_GI_3_2 || rate->mcs > 11) {
3711 			ret = -EINVAL;
3712 			goto out;
3713 		}
3714 		rate->he_gi = res->gi;
3715 		rate->flags = RATE_INFO_FLAGS_HE_MCS;
3716 		break;
3717 	default:
3718 		ret = -EINVAL;
3719 		goto out;
3720 	}
3721 
3722 	switch (res->bw) {
3723 	case IEEE80211_STA_RX_BW_160:
3724 		rate->bw = RATE_INFO_BW_160;
3725 		break;
3726 	case IEEE80211_STA_RX_BW_80:
3727 		rate->bw = RATE_INFO_BW_80;
3728 		break;
3729 	case IEEE80211_STA_RX_BW_40:
3730 		rate->bw = RATE_INFO_BW_40;
3731 		break;
3732 	default:
3733 		rate->bw = RATE_INFO_BW_20;
3734 		break;
3735 	}
3736 
3737 out:
3738 	dev_kfree_skb(skb);
3739 
3740 	return ret;
3741 }
3742 
3743 int mt7915_mcu_update_bss_color(struct mt7915_dev *dev, struct ieee80211_vif *vif,
3744 				struct cfg80211_he_bss_color *he_bss_color)
3745 {
3746 	int len = sizeof(struct sta_req_hdr) + sizeof(struct bss_info_color);
3747 	struct mt7915_vif *mvif = (struct mt7915_vif *)vif->drv_priv;
3748 	struct bss_info_color *bss_color;
3749 	struct sk_buff *skb;
3750 	struct tlv *tlv;
3751 
3752 	skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
3753 					      NULL, len);
3754 	if (IS_ERR(skb))
3755 		return PTR_ERR(skb);
3756 
3757 	tlv = mt76_connac_mcu_add_tlv(skb, BSS_INFO_BSS_COLOR,
3758 				      sizeof(*bss_color));
3759 	bss_color = (struct bss_info_color *)tlv;
3760 	bss_color->disable = !he_bss_color->enabled;
3761 	bss_color->color = he_bss_color->color;
3762 
3763 	return mt76_mcu_skb_send_msg(&dev->mt76, skb,
3764 				     MCU_EXT_CMD(BSS_INFO_UPDATE), true);
3765 }
3766 
3767 #define TWT_AGRT_TRIGGER	BIT(0)
3768 #define TWT_AGRT_ANNOUNCE	BIT(1)
3769 #define TWT_AGRT_PROTECT	BIT(2)
3770 
3771 int mt7915_mcu_twt_agrt_update(struct mt7915_dev *dev,
3772 			       struct mt7915_vif *mvif,
3773 			       struct mt7915_twt_flow *flow,
3774 			       int cmd)
3775 {
3776 	struct {
3777 		u8 tbl_idx;
3778 		u8 cmd;
3779 		u8 own_mac_idx;
3780 		u8 flowid; /* 0xff for group id */
3781 		__le16 peer_id; /* specify the peer_id (msb=0)
3782 				 * or group_id (msb=1)
3783 				 */
3784 		u8 duration; /* 256 us */
3785 		u8 bss_idx;
3786 		__le64 start_tsf;
3787 		__le16 mantissa;
3788 		u8 exponent;
3789 		u8 is_ap;
3790 		u8 agrt_params;
3791 		u8 rsv[23];
3792 	} __packed req = {
3793 		.tbl_idx = flow->table_id,
3794 		.cmd = cmd,
3795 		.own_mac_idx = mvif->mt76.omac_idx,
3796 		.flowid = flow->id,
3797 		.peer_id = cpu_to_le16(flow->wcid),
3798 		.duration = flow->duration,
3799 		.bss_idx = mvif->mt76.idx,
3800 		.start_tsf = cpu_to_le64(flow->tsf),
3801 		.mantissa = flow->mantissa,
3802 		.exponent = flow->exp,
3803 		.is_ap = true,
3804 	};
3805 
3806 	if (flow->protection)
3807 		req.agrt_params |= TWT_AGRT_PROTECT;
3808 	if (!flow->flowtype)
3809 		req.agrt_params |= TWT_AGRT_ANNOUNCE;
3810 	if (flow->trigger)
3811 		req.agrt_params |= TWT_AGRT_TRIGGER;
3812 
3813 	return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(TWT_AGRT_UPDATE),
3814 				 &req, sizeof(req), true);
3815 }
3816 
3817 int mt7915_mcu_rf_regval(struct mt7915_dev *dev, u32 regidx, u32 *val, bool set)
3818 {
3819 	struct {
3820 		__le32 idx;
3821 		__le32 ofs;
3822 		__le32 data;
3823 	} __packed req = {
3824 		.idx = cpu_to_le32(u32_get_bits(regidx, GENMASK(31, 24))),
3825 		.ofs = cpu_to_le32(u32_get_bits(regidx, GENMASK(23, 0))),
3826 		.data = set ? cpu_to_le32(*val) : 0,
3827 	};
3828 	struct sk_buff *skb;
3829 	int ret;
3830 
3831 	if (set)
3832 		return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(RF_REG_ACCESS),
3833 					 &req, sizeof(req), false);
3834 
3835 	ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_QUERY(RF_REG_ACCESS),
3836 					&req, sizeof(req), true, &skb);
3837 	if (ret)
3838 		return ret;
3839 
3840 	*val = le32_to_cpu(*(__le32 *)(skb->data + 8));
3841 	dev_kfree_skb(skb);
3842 
3843 	return 0;
3844 }
3845