1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
2 /* Copyright(c) 2018-2019  Realtek Corporation
3  */
4 
5 #include <linux/iopoll.h>
6 
7 #include "main.h"
8 #include "coex.h"
9 #include "fw.h"
10 #include "tx.h"
11 #include "reg.h"
12 #include "sec.h"
13 #include "debug.h"
14 #include "util.h"
15 #include "wow.h"
16 #include "ps.h"
17 
18 static void rtw_fw_c2h_cmd_handle_ext(struct rtw_dev *rtwdev,
19 				      struct sk_buff *skb)
20 {
21 	struct rtw_c2h_cmd *c2h;
22 	u8 sub_cmd_id;
23 
24 	c2h = get_c2h_from_skb(skb);
25 	sub_cmd_id = c2h->payload[0];
26 
27 	switch (sub_cmd_id) {
28 	case C2H_CCX_RPT:
29 		rtw_tx_report_handle(rtwdev, skb, C2H_CCX_RPT);
30 		break;
31 	case C2H_SCAN_STATUS_RPT:
32 		rtw_hw_scan_status_report(rtwdev, skb);
33 		break;
34 	case C2H_CHAN_SWITCH:
35 		rtw_hw_scan_chan_switch(rtwdev, skb);
36 		break;
37 	default:
38 		break;
39 	}
40 }
41 
42 static u16 get_max_amsdu_len(u32 bit_rate)
43 {
44 	/* lower than ofdm, do not aggregate */
45 	if (bit_rate < 550)
46 		return 1;
47 
48 	/* lower than 20M 2ss mcs8, make it small */
49 	if (bit_rate < 1800)
50 		return 1200;
51 
52 	/* lower than 40M 2ss mcs9, make it medium */
53 	if (bit_rate < 4000)
54 		return 2600;
55 
56 	/* not yet 80M 2ss mcs8/9, make it twice regular packet size */
57 	if (bit_rate < 7000)
58 		return 3500;
59 
60 	/* unlimited */
61 	return 0;
62 }
63 
64 struct rtw_fw_iter_ra_data {
65 	struct rtw_dev *rtwdev;
66 	u8 *payload;
67 };
68 
69 static void rtw_fw_ra_report_iter(void *data, struct ieee80211_sta *sta)
70 {
71 	struct rtw_fw_iter_ra_data *ra_data = data;
72 	struct rtw_sta_info *si = (struct rtw_sta_info *)sta->drv_priv;
73 	u8 mac_id, rate, sgi, bw;
74 	u8 mcs, nss;
75 	u32 bit_rate;
76 
77 	mac_id = GET_RA_REPORT_MACID(ra_data->payload);
78 	if (si->mac_id != mac_id)
79 		return;
80 
81 	si->ra_report.txrate.flags = 0;
82 
83 	rate = GET_RA_REPORT_RATE(ra_data->payload);
84 	sgi = GET_RA_REPORT_SGI(ra_data->payload);
85 	bw = GET_RA_REPORT_BW(ra_data->payload);
86 
87 	if (rate < DESC_RATEMCS0) {
88 		si->ra_report.txrate.legacy = rtw_desc_to_bitrate(rate);
89 		goto legacy;
90 	}
91 
92 	rtw_desc_to_mcsrate(rate, &mcs, &nss);
93 	if (rate >= DESC_RATEVHT1SS_MCS0)
94 		si->ra_report.txrate.flags |= RATE_INFO_FLAGS_VHT_MCS;
95 	else if (rate >= DESC_RATEMCS0)
96 		si->ra_report.txrate.flags |= RATE_INFO_FLAGS_MCS;
97 
98 	if (rate >= DESC_RATEMCS0) {
99 		si->ra_report.txrate.mcs = mcs;
100 		si->ra_report.txrate.nss = nss;
101 	}
102 
103 	if (sgi)
104 		si->ra_report.txrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
105 
106 	if (bw == RTW_CHANNEL_WIDTH_80)
107 		si->ra_report.txrate.bw = RATE_INFO_BW_80;
108 	else if (bw == RTW_CHANNEL_WIDTH_40)
109 		si->ra_report.txrate.bw = RATE_INFO_BW_40;
110 	else
111 		si->ra_report.txrate.bw = RATE_INFO_BW_20;
112 
113 legacy:
114 	bit_rate = cfg80211_calculate_bitrate(&si->ra_report.txrate);
115 
116 	si->ra_report.desc_rate = rate;
117 	si->ra_report.bit_rate = bit_rate;
118 
119 	sta->max_rc_amsdu_len = get_max_amsdu_len(bit_rate);
120 }
121 
122 static void rtw_fw_ra_report_handle(struct rtw_dev *rtwdev, u8 *payload,
123 				    u8 length)
124 {
125 	struct rtw_fw_iter_ra_data ra_data;
126 
127 	if (WARN(length < 7, "invalid ra report c2h length\n"))
128 		return;
129 
130 	rtwdev->dm_info.tx_rate = GET_RA_REPORT_RATE(payload);
131 	ra_data.rtwdev = rtwdev;
132 	ra_data.payload = payload;
133 	rtw_iterate_stas_atomic(rtwdev, rtw_fw_ra_report_iter, &ra_data);
134 }
135 
136 struct rtw_beacon_filter_iter_data {
137 	struct rtw_dev *rtwdev;
138 	u8 *payload;
139 };
140 
141 static void rtw_fw_bcn_filter_notify_vif_iter(void *data, u8 *mac,
142 					      struct ieee80211_vif *vif)
143 {
144 	struct rtw_beacon_filter_iter_data *iter_data = data;
145 	struct rtw_dev *rtwdev = iter_data->rtwdev;
146 	u8 *payload = iter_data->payload;
147 	u8 type = GET_BCN_FILTER_NOTIFY_TYPE(payload);
148 	u8 event = GET_BCN_FILTER_NOTIFY_EVENT(payload);
149 	s8 sig = (s8)GET_BCN_FILTER_NOTIFY_RSSI(payload);
150 
151 	switch (type) {
152 	case BCN_FILTER_NOTIFY_SIGNAL_CHANGE:
153 		event = event ? NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH :
154 			NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW;
155 		ieee80211_cqm_rssi_notify(vif, event, sig, GFP_KERNEL);
156 		break;
157 	case BCN_FILTER_CONNECTION_LOSS:
158 		ieee80211_connection_loss(vif);
159 		break;
160 	case BCN_FILTER_CONNECTED:
161 		rtwdev->beacon_loss = false;
162 		break;
163 	case BCN_FILTER_NOTIFY_BEACON_LOSS:
164 		rtwdev->beacon_loss = true;
165 		rtw_leave_lps(rtwdev);
166 		break;
167 	}
168 }
169 
170 static void rtw_fw_bcn_filter_notify(struct rtw_dev *rtwdev, u8 *payload,
171 				     u8 length)
172 {
173 	struct rtw_beacon_filter_iter_data dev_iter_data;
174 
175 	dev_iter_data.rtwdev = rtwdev;
176 	dev_iter_data.payload = payload;
177 	rtw_iterate_vifs(rtwdev, rtw_fw_bcn_filter_notify_vif_iter,
178 			 &dev_iter_data);
179 }
180 
181 static void rtw_fw_scan_result(struct rtw_dev *rtwdev, u8 *payload,
182 			       u8 length)
183 {
184 	struct rtw_dm_info *dm_info = &rtwdev->dm_info;
185 
186 	dm_info->scan_density = payload[0];
187 
188 	rtw_dbg(rtwdev, RTW_DBG_FW, "scan.density = %x\n",
189 		dm_info->scan_density);
190 }
191 
192 static void rtw_fw_adaptivity_result(struct rtw_dev *rtwdev, u8 *payload,
193 				     u8 length)
194 {
195 	struct rtw_hw_reg_offset *edcca_th = rtwdev->chip->edcca_th;
196 	struct rtw_c2h_adaptivity *result = (struct rtw_c2h_adaptivity *)payload;
197 
198 	rtw_dbg(rtwdev, RTW_DBG_ADAPTIVITY,
199 		"Adaptivity: density %x igi %x l2h_th_init %x l2h %x h2l %x option %x\n",
200 		result->density, result->igi, result->l2h_th_init, result->l2h,
201 		result->h2l, result->option);
202 
203 	rtw_dbg(rtwdev, RTW_DBG_ADAPTIVITY, "Reg Setting: L2H %x H2L %x\n",
204 		rtw_read32_mask(rtwdev, edcca_th[EDCCA_TH_L2H_IDX].hw_reg.addr,
205 				edcca_th[EDCCA_TH_L2H_IDX].hw_reg.mask),
206 		rtw_read32_mask(rtwdev, edcca_th[EDCCA_TH_H2L_IDX].hw_reg.addr,
207 				edcca_th[EDCCA_TH_H2L_IDX].hw_reg.mask));
208 
209 	rtw_dbg(rtwdev, RTW_DBG_ADAPTIVITY, "EDCCA Flag %s\n",
210 		rtw_read32_mask(rtwdev, REG_EDCCA_REPORT, BIT_EDCCA_FLAG) ?
211 		"Set" : "Unset");
212 }
213 
214 void rtw_fw_c2h_cmd_handle(struct rtw_dev *rtwdev, struct sk_buff *skb)
215 {
216 	struct rtw_c2h_cmd *c2h;
217 	u32 pkt_offset;
218 	u8 len;
219 
220 	pkt_offset = *((u32 *)skb->cb);
221 	c2h = (struct rtw_c2h_cmd *)(skb->data + pkt_offset);
222 	len = skb->len - pkt_offset - 2;
223 
224 	mutex_lock(&rtwdev->mutex);
225 
226 	if (!test_bit(RTW_FLAG_RUNNING, rtwdev->flags))
227 		goto unlock;
228 
229 	switch (c2h->id) {
230 	case C2H_CCX_TX_RPT:
231 		rtw_tx_report_handle(rtwdev, skb, C2H_CCX_TX_RPT);
232 		break;
233 	case C2H_BT_INFO:
234 		rtw_coex_bt_info_notify(rtwdev, c2h->payload, len);
235 		break;
236 	case C2H_BT_HID_INFO:
237 		rtw_coex_bt_hid_info_notify(rtwdev, c2h->payload, len);
238 		break;
239 	case C2H_WLAN_INFO:
240 		rtw_coex_wl_fwdbginfo_notify(rtwdev, c2h->payload, len);
241 		break;
242 	case C2H_BCN_FILTER_NOTIFY:
243 		rtw_fw_bcn_filter_notify(rtwdev, c2h->payload, len);
244 		break;
245 	case C2H_HALMAC:
246 		rtw_fw_c2h_cmd_handle_ext(rtwdev, skb);
247 		break;
248 	case C2H_RA_RPT:
249 		rtw_fw_ra_report_handle(rtwdev, c2h->payload, len);
250 		break;
251 	default:
252 		rtw_dbg(rtwdev, RTW_DBG_FW, "C2H 0x%x isn't handled\n", c2h->id);
253 		break;
254 	}
255 
256 unlock:
257 	mutex_unlock(&rtwdev->mutex);
258 }
259 
260 void rtw_fw_c2h_cmd_rx_irqsafe(struct rtw_dev *rtwdev, u32 pkt_offset,
261 			       struct sk_buff *skb)
262 {
263 	struct rtw_c2h_cmd *c2h;
264 	u8 len;
265 
266 	c2h = (struct rtw_c2h_cmd *)(skb->data + pkt_offset);
267 	len = skb->len - pkt_offset - 2;
268 	*((u32 *)skb->cb) = pkt_offset;
269 
270 	rtw_dbg(rtwdev, RTW_DBG_FW, "recv C2H, id=0x%02x, seq=0x%02x, len=%d\n",
271 		c2h->id, c2h->seq, len);
272 
273 	switch (c2h->id) {
274 	case C2H_BT_MP_INFO:
275 		rtw_coex_info_response(rtwdev, skb);
276 		break;
277 	case C2H_WLAN_RFON:
278 		complete(&rtwdev->lps_leave_check);
279 		dev_kfree_skb_any(skb);
280 		break;
281 	case C2H_SCAN_RESULT:
282 		complete(&rtwdev->fw_scan_density);
283 		rtw_fw_scan_result(rtwdev, c2h->payload, len);
284 		dev_kfree_skb_any(skb);
285 		break;
286 	case C2H_ADAPTIVITY:
287 		rtw_fw_adaptivity_result(rtwdev, c2h->payload, len);
288 		dev_kfree_skb_any(skb);
289 		break;
290 	default:
291 		/* pass offset for further operation */
292 		*((u32 *)skb->cb) = pkt_offset;
293 		skb_queue_tail(&rtwdev->c2h_queue, skb);
294 		ieee80211_queue_work(rtwdev->hw, &rtwdev->c2h_work);
295 		break;
296 	}
297 }
298 EXPORT_SYMBOL(rtw_fw_c2h_cmd_rx_irqsafe);
299 
300 void rtw_fw_c2h_cmd_isr(struct rtw_dev *rtwdev)
301 {
302 	if (rtw_read8(rtwdev, REG_MCU_TST_CFG) == VAL_FW_TRIGGER)
303 		rtw_fw_recovery(rtwdev);
304 	else
305 		rtw_warn(rtwdev, "unhandled firmware c2h interrupt\n");
306 }
307 EXPORT_SYMBOL(rtw_fw_c2h_cmd_isr);
308 
309 static void rtw_fw_send_h2c_command(struct rtw_dev *rtwdev,
310 				    u8 *h2c)
311 {
312 	u8 box;
313 	u8 box_state;
314 	u32 box_reg, box_ex_reg;
315 	int idx;
316 	int ret;
317 
318 	rtw_dbg(rtwdev, RTW_DBG_FW,
319 		"send H2C content %02x%02x%02x%02x %02x%02x%02x%02x\n",
320 		h2c[3], h2c[2], h2c[1], h2c[0],
321 		h2c[7], h2c[6], h2c[5], h2c[4]);
322 
323 	spin_lock(&rtwdev->h2c.lock);
324 
325 	box = rtwdev->h2c.last_box_num;
326 	switch (box) {
327 	case 0:
328 		box_reg = REG_HMEBOX0;
329 		box_ex_reg = REG_HMEBOX0_EX;
330 		break;
331 	case 1:
332 		box_reg = REG_HMEBOX1;
333 		box_ex_reg = REG_HMEBOX1_EX;
334 		break;
335 	case 2:
336 		box_reg = REG_HMEBOX2;
337 		box_ex_reg = REG_HMEBOX2_EX;
338 		break;
339 	case 3:
340 		box_reg = REG_HMEBOX3;
341 		box_ex_reg = REG_HMEBOX3_EX;
342 		break;
343 	default:
344 		WARN(1, "invalid h2c mail box number\n");
345 		goto out;
346 	}
347 
348 	ret = read_poll_timeout_atomic(rtw_read8, box_state,
349 				       !((box_state >> box) & 0x1), 100, 3000,
350 				       false, rtwdev, REG_HMETFR);
351 
352 	if (ret) {
353 		rtw_err(rtwdev, "failed to send h2c command\n");
354 		goto out;
355 	}
356 
357 	for (idx = 0; idx < 4; idx++)
358 		rtw_write8(rtwdev, box_reg + idx, h2c[idx]);
359 	for (idx = 0; idx < 4; idx++)
360 		rtw_write8(rtwdev, box_ex_reg + idx, h2c[idx + 4]);
361 
362 	if (++rtwdev->h2c.last_box_num >= 4)
363 		rtwdev->h2c.last_box_num = 0;
364 
365 out:
366 	spin_unlock(&rtwdev->h2c.lock);
367 }
368 
369 void rtw_fw_h2c_cmd_dbg(struct rtw_dev *rtwdev, u8 *h2c)
370 {
371 	rtw_fw_send_h2c_command(rtwdev, h2c);
372 }
373 
374 static void rtw_fw_send_h2c_packet(struct rtw_dev *rtwdev, u8 *h2c_pkt)
375 {
376 	int ret;
377 
378 	spin_lock(&rtwdev->h2c.lock);
379 
380 	FW_OFFLOAD_H2C_SET_SEQ_NUM(h2c_pkt, rtwdev->h2c.seq);
381 	ret = rtw_hci_write_data_h2c(rtwdev, h2c_pkt, H2C_PKT_SIZE);
382 	if (ret)
383 		rtw_err(rtwdev, "failed to send h2c packet\n");
384 	rtwdev->h2c.seq++;
385 
386 	spin_unlock(&rtwdev->h2c.lock);
387 }
388 
389 void
390 rtw_fw_send_general_info(struct rtw_dev *rtwdev)
391 {
392 	struct rtw_fifo_conf *fifo = &rtwdev->fifo;
393 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
394 	u16 total_size = H2C_PKT_HDR_SIZE + 4;
395 
396 	if (rtw_chip_wcpu_11n(rtwdev))
397 		return;
398 
399 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_GENERAL_INFO);
400 
401 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, total_size);
402 
403 	GENERAL_INFO_SET_FW_TX_BOUNDARY(h2c_pkt,
404 					fifo->rsvd_fw_txbuf_addr -
405 					fifo->rsvd_boundary);
406 
407 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
408 }
409 
410 void
411 rtw_fw_send_phydm_info(struct rtw_dev *rtwdev)
412 {
413 	struct rtw_hal *hal = &rtwdev->hal;
414 	struct rtw_efuse *efuse = &rtwdev->efuse;
415 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
416 	u16 total_size = H2C_PKT_HDR_SIZE + 8;
417 	u8 fw_rf_type = 0;
418 
419 	if (rtw_chip_wcpu_11n(rtwdev))
420 		return;
421 
422 	if (hal->rf_type == RF_1T1R)
423 		fw_rf_type = FW_RF_1T1R;
424 	else if (hal->rf_type == RF_2T2R)
425 		fw_rf_type = FW_RF_2T2R;
426 
427 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_PHYDM_INFO);
428 
429 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, total_size);
430 	PHYDM_INFO_SET_REF_TYPE(h2c_pkt, efuse->rfe_option);
431 	PHYDM_INFO_SET_RF_TYPE(h2c_pkt, fw_rf_type);
432 	PHYDM_INFO_SET_CUT_VER(h2c_pkt, hal->cut_version);
433 	PHYDM_INFO_SET_RX_ANT_STATUS(h2c_pkt, hal->antenna_tx);
434 	PHYDM_INFO_SET_TX_ANT_STATUS(h2c_pkt, hal->antenna_rx);
435 
436 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
437 }
438 
439 void rtw_fw_do_iqk(struct rtw_dev *rtwdev, struct rtw_iqk_para *para)
440 {
441 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
442 	u16 total_size = H2C_PKT_HDR_SIZE + 1;
443 
444 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_IQK);
445 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, total_size);
446 	IQK_SET_CLEAR(h2c_pkt, para->clear);
447 	IQK_SET_SEGMENT_IQK(h2c_pkt, para->segment_iqk);
448 
449 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
450 }
451 EXPORT_SYMBOL(rtw_fw_do_iqk);
452 
453 void rtw_fw_inform_rfk_status(struct rtw_dev *rtwdev, bool start)
454 {
455 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
456 
457 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_WIFI_CALIBRATION);
458 
459 	RFK_SET_INFORM_START(h2c_pkt, start);
460 
461 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
462 }
463 EXPORT_SYMBOL(rtw_fw_inform_rfk_status);
464 
465 void rtw_fw_query_bt_info(struct rtw_dev *rtwdev)
466 {
467 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
468 
469 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_QUERY_BT_INFO);
470 
471 	SET_QUERY_BT_INFO(h2c_pkt, true);
472 
473 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
474 }
475 
476 void rtw_fw_wl_ch_info(struct rtw_dev *rtwdev, u8 link, u8 ch, u8 bw)
477 {
478 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
479 
480 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_WL_CH_INFO);
481 
482 	SET_WL_CH_INFO_LINK(h2c_pkt, link);
483 	SET_WL_CH_INFO_CHNL(h2c_pkt, ch);
484 	SET_WL_CH_INFO_BW(h2c_pkt, bw);
485 
486 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
487 }
488 
489 void rtw_fw_query_bt_mp_info(struct rtw_dev *rtwdev,
490 			     struct rtw_coex_info_req *req)
491 {
492 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
493 
494 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_QUERY_BT_MP_INFO);
495 
496 	SET_BT_MP_INFO_SEQ(h2c_pkt, req->seq);
497 	SET_BT_MP_INFO_OP_CODE(h2c_pkt, req->op_code);
498 	SET_BT_MP_INFO_PARA1(h2c_pkt, req->para1);
499 	SET_BT_MP_INFO_PARA2(h2c_pkt, req->para2);
500 	SET_BT_MP_INFO_PARA3(h2c_pkt, req->para3);
501 
502 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
503 }
504 
505 void rtw_fw_force_bt_tx_power(struct rtw_dev *rtwdev, u8 bt_pwr_dec_lvl)
506 {
507 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
508 	u8 index = 0 - bt_pwr_dec_lvl;
509 
510 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_FORCE_BT_TX_POWER);
511 
512 	SET_BT_TX_POWER_INDEX(h2c_pkt, index);
513 
514 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
515 }
516 
517 void rtw_fw_bt_ignore_wlan_action(struct rtw_dev *rtwdev, bool enable)
518 {
519 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
520 
521 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_IGNORE_WLAN_ACTION);
522 
523 	SET_IGNORE_WLAN_ACTION_EN(h2c_pkt, enable);
524 
525 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
526 }
527 
528 void rtw_fw_coex_tdma_type(struct rtw_dev *rtwdev,
529 			   u8 para1, u8 para2, u8 para3, u8 para4, u8 para5)
530 {
531 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
532 
533 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_COEX_TDMA_TYPE);
534 
535 	SET_COEX_TDMA_TYPE_PARA1(h2c_pkt, para1);
536 	SET_COEX_TDMA_TYPE_PARA2(h2c_pkt, para2);
537 	SET_COEX_TDMA_TYPE_PARA3(h2c_pkt, para3);
538 	SET_COEX_TDMA_TYPE_PARA4(h2c_pkt, para4);
539 	SET_COEX_TDMA_TYPE_PARA5(h2c_pkt, para5);
540 
541 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
542 }
543 
544 void rtw_fw_coex_query_hid_info(struct rtw_dev *rtwdev, u8 sub_id, u8 data)
545 {
546 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
547 
548 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_QUERY_BT_HID_INFO);
549 
550 	SET_COEX_QUERY_HID_INFO_SUBID(h2c_pkt, sub_id);
551 	SET_COEX_QUERY_HID_INFO_DATA1(h2c_pkt, data);
552 
553 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
554 }
555 
556 void rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)
557 {
558 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
559 
560 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_BT_WIFI_CONTROL);
561 
562 	SET_BT_WIFI_CONTROL_OP_CODE(h2c_pkt, op_code);
563 
564 	SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);
565 	SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));
566 	SET_BT_WIFI_CONTROL_DATA3(h2c_pkt, *(data + 2));
567 	SET_BT_WIFI_CONTROL_DATA4(h2c_pkt, *(data + 3));
568 	SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));
569 
570 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
571 }
572 
573 void rtw_fw_send_rssi_info(struct rtw_dev *rtwdev, struct rtw_sta_info *si)
574 {
575 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
576 	u8 rssi = ewma_rssi_read(&si->avg_rssi);
577 	bool stbc_en = si->stbc_en ? true : false;
578 
579 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_RSSI_MONITOR);
580 
581 	SET_RSSI_INFO_MACID(h2c_pkt, si->mac_id);
582 	SET_RSSI_INFO_RSSI(h2c_pkt, rssi);
583 	SET_RSSI_INFO_STBC(h2c_pkt, stbc_en);
584 
585 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
586 }
587 
588 void rtw_fw_send_ra_info(struct rtw_dev *rtwdev, struct rtw_sta_info *si)
589 {
590 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
591 	bool no_update = si->updated;
592 	bool disable_pt = true;
593 
594 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_RA_INFO);
595 
596 	SET_RA_INFO_MACID(h2c_pkt, si->mac_id);
597 	SET_RA_INFO_RATE_ID(h2c_pkt, si->rate_id);
598 	SET_RA_INFO_INIT_RA_LVL(h2c_pkt, si->init_ra_lv);
599 	SET_RA_INFO_SGI_EN(h2c_pkt, si->sgi_enable);
600 	SET_RA_INFO_BW_MODE(h2c_pkt, si->bw_mode);
601 	SET_RA_INFO_LDPC(h2c_pkt, !!si->ldpc_en);
602 	SET_RA_INFO_NO_UPDATE(h2c_pkt, no_update);
603 	SET_RA_INFO_VHT_EN(h2c_pkt, si->vht_enable);
604 	SET_RA_INFO_DIS_PT(h2c_pkt, disable_pt);
605 	SET_RA_INFO_RA_MASK0(h2c_pkt, (si->ra_mask & 0xff));
606 	SET_RA_INFO_RA_MASK1(h2c_pkt, (si->ra_mask & 0xff00) >> 8);
607 	SET_RA_INFO_RA_MASK2(h2c_pkt, (si->ra_mask & 0xff0000) >> 16);
608 	SET_RA_INFO_RA_MASK3(h2c_pkt, (si->ra_mask & 0xff000000) >> 24);
609 
610 	si->init_ra_lv = 0;
611 	si->updated = true;
612 
613 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
614 }
615 
616 void rtw_fw_media_status_report(struct rtw_dev *rtwdev, u8 mac_id, bool connect)
617 {
618 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
619 
620 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_MEDIA_STATUS_RPT);
621 	MEDIA_STATUS_RPT_SET_OP_MODE(h2c_pkt, connect);
622 	MEDIA_STATUS_RPT_SET_MACID(h2c_pkt, mac_id);
623 
624 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
625 }
626 
627 void rtw_fw_update_wl_phy_info(struct rtw_dev *rtwdev)
628 {
629 	struct rtw_traffic_stats *stats = &rtwdev->stats;
630 	struct rtw_dm_info *dm_info = &rtwdev->dm_info;
631 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
632 
633 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_WL_PHY_INFO);
634 	SET_WL_PHY_INFO_TX_TP(h2c_pkt, stats->tx_throughput);
635 	SET_WL_PHY_INFO_RX_TP(h2c_pkt, stats->rx_throughput);
636 	SET_WL_PHY_INFO_TX_RATE_DESC(h2c_pkt, dm_info->tx_rate);
637 	SET_WL_PHY_INFO_RX_RATE_DESC(h2c_pkt, dm_info->curr_rx_rate);
638 	SET_WL_PHY_INFO_RX_EVM(h2c_pkt, dm_info->rx_evm_dbm[RF_PATH_A]);
639 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
640 }
641 
642 void rtw_fw_beacon_filter_config(struct rtw_dev *rtwdev, bool connect,
643 				 struct ieee80211_vif *vif)
644 {
645 	struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
646 	struct ieee80211_sta *sta = ieee80211_find_sta(vif, bss_conf->bssid);
647 	static const u8 rssi_min = 0, rssi_max = 100, rssi_offset = 100;
648 	struct rtw_sta_info *si =
649 		sta ? (struct rtw_sta_info *)sta->drv_priv : NULL;
650 	s32 threshold = bss_conf->cqm_rssi_thold + rssi_offset;
651 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
652 
653 	if (!rtw_fw_feature_check(&rtwdev->fw, FW_FEATURE_BCN_FILTER) || !si)
654 		return;
655 
656 	if (!connect) {
657 		SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_BCN_FILTER_OFFLOAD_P1);
658 		SET_BCN_FILTER_OFFLOAD_P1_ENABLE(h2c_pkt, connect);
659 		rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
660 
661 		return;
662 	}
663 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_BCN_FILTER_OFFLOAD_P0);
664 	ether_addr_copy(&h2c_pkt[1], bss_conf->bssid);
665 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
666 
667 	memset(h2c_pkt, 0, sizeof(h2c_pkt));
668 	threshold = clamp_t(s32, threshold, rssi_min, rssi_max);
669 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_BCN_FILTER_OFFLOAD_P1);
670 	SET_BCN_FILTER_OFFLOAD_P1_ENABLE(h2c_pkt, connect);
671 	SET_BCN_FILTER_OFFLOAD_P1_OFFLOAD_MODE(h2c_pkt,
672 					       BCN_FILTER_OFFLOAD_MODE_DEFAULT);
673 	SET_BCN_FILTER_OFFLOAD_P1_THRESHOLD(h2c_pkt, (u8)threshold);
674 	SET_BCN_FILTER_OFFLOAD_P1_BCN_LOSS_CNT(h2c_pkt, BCN_LOSS_CNT);
675 	SET_BCN_FILTER_OFFLOAD_P1_MACID(h2c_pkt, si->mac_id);
676 	SET_BCN_FILTER_OFFLOAD_P1_HYST(h2c_pkt, bss_conf->cqm_rssi_hyst);
677 	SET_BCN_FILTER_OFFLOAD_P1_BCN_INTERVAL(h2c_pkt, bss_conf->beacon_int);
678 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
679 }
680 
681 void rtw_fw_set_pwr_mode(struct rtw_dev *rtwdev)
682 {
683 	struct rtw_lps_conf *conf = &rtwdev->lps_conf;
684 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
685 
686 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_SET_PWR_MODE);
687 
688 	SET_PWR_MODE_SET_MODE(h2c_pkt, conf->mode);
689 	SET_PWR_MODE_SET_RLBM(h2c_pkt, conf->rlbm);
690 	SET_PWR_MODE_SET_SMART_PS(h2c_pkt, conf->smart_ps);
691 	SET_PWR_MODE_SET_AWAKE_INTERVAL(h2c_pkt, conf->awake_interval);
692 	SET_PWR_MODE_SET_PORT_ID(h2c_pkt, conf->port_id);
693 	SET_PWR_MODE_SET_PWR_STATE(h2c_pkt, conf->state);
694 
695 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
696 }
697 
698 void rtw_fw_set_keep_alive_cmd(struct rtw_dev *rtwdev, bool enable)
699 {
700 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
701 	struct rtw_fw_wow_keep_alive_para mode = {
702 		.adopt = true,
703 		.pkt_type = KEEP_ALIVE_NULL_PKT,
704 		.period = 5,
705 	};
706 
707 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_KEEP_ALIVE);
708 	SET_KEEP_ALIVE_ENABLE(h2c_pkt, enable);
709 	SET_KEEP_ALIVE_ADOPT(h2c_pkt, mode.adopt);
710 	SET_KEEP_ALIVE_PKT_TYPE(h2c_pkt, mode.pkt_type);
711 	SET_KEEP_ALIVE_CHECK_PERIOD(h2c_pkt, mode.period);
712 
713 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
714 }
715 
716 void rtw_fw_set_disconnect_decision_cmd(struct rtw_dev *rtwdev, bool enable)
717 {
718 	struct rtw_wow_param *rtw_wow = &rtwdev->wow;
719 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
720 	struct rtw_fw_wow_disconnect_para mode = {
721 		.adopt = true,
722 		.period = 30,
723 		.retry_count = 5,
724 	};
725 
726 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_DISCONNECT_DECISION);
727 
728 	if (test_bit(RTW_WOW_FLAG_EN_DISCONNECT, rtw_wow->flags)) {
729 		SET_DISCONNECT_DECISION_ENABLE(h2c_pkt, enable);
730 		SET_DISCONNECT_DECISION_ADOPT(h2c_pkt, mode.adopt);
731 		SET_DISCONNECT_DECISION_CHECK_PERIOD(h2c_pkt, mode.period);
732 		SET_DISCONNECT_DECISION_TRY_PKT_NUM(h2c_pkt, mode.retry_count);
733 	}
734 
735 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
736 }
737 
738 void rtw_fw_set_wowlan_ctrl_cmd(struct rtw_dev *rtwdev, bool enable)
739 {
740 	struct rtw_wow_param *rtw_wow = &rtwdev->wow;
741 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
742 
743 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_WOWLAN);
744 
745 	SET_WOWLAN_FUNC_ENABLE(h2c_pkt, enable);
746 	if (rtw_wow_mgd_linked(rtwdev)) {
747 		if (test_bit(RTW_WOW_FLAG_EN_MAGIC_PKT, rtw_wow->flags))
748 			SET_WOWLAN_MAGIC_PKT_ENABLE(h2c_pkt, enable);
749 		if (test_bit(RTW_WOW_FLAG_EN_DISCONNECT, rtw_wow->flags))
750 			SET_WOWLAN_DEAUTH_WAKEUP_ENABLE(h2c_pkt, enable);
751 		if (test_bit(RTW_WOW_FLAG_EN_REKEY_PKT, rtw_wow->flags))
752 			SET_WOWLAN_REKEY_WAKEUP_ENABLE(h2c_pkt, enable);
753 		if (rtw_wow->pattern_cnt)
754 			SET_WOWLAN_PATTERN_MATCH_ENABLE(h2c_pkt, enable);
755 	}
756 
757 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
758 }
759 
760 void rtw_fw_set_aoac_global_info_cmd(struct rtw_dev *rtwdev,
761 				     u8 pairwise_key_enc,
762 				     u8 group_key_enc)
763 {
764 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
765 
766 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_AOAC_GLOBAL_INFO);
767 
768 	SET_AOAC_GLOBAL_INFO_PAIRWISE_ENC_ALG(h2c_pkt, pairwise_key_enc);
769 	SET_AOAC_GLOBAL_INFO_GROUP_ENC_ALG(h2c_pkt, group_key_enc);
770 
771 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
772 }
773 
774 void rtw_fw_set_remote_wake_ctrl_cmd(struct rtw_dev *rtwdev, bool enable)
775 {
776 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
777 
778 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_REMOTE_WAKE_CTRL);
779 
780 	SET_REMOTE_WAKECTRL_ENABLE(h2c_pkt, enable);
781 
782 	if (rtw_wow_no_link(rtwdev))
783 		SET_REMOTE_WAKE_CTRL_NLO_OFFLOAD_EN(h2c_pkt, enable);
784 
785 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
786 }
787 
788 static u8 rtw_get_rsvd_page_location(struct rtw_dev *rtwdev,
789 				     enum rtw_rsvd_packet_type type)
790 {
791 	struct rtw_rsvd_page *rsvd_pkt;
792 	u8 location = 0;
793 
794 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
795 		if (type == rsvd_pkt->type)
796 			location = rsvd_pkt->page;
797 	}
798 
799 	return location;
800 }
801 
802 void rtw_fw_set_nlo_info(struct rtw_dev *rtwdev, bool enable)
803 {
804 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
805 	u8 loc_nlo;
806 
807 	loc_nlo = rtw_get_rsvd_page_location(rtwdev, RSVD_NLO_INFO);
808 
809 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_NLO_INFO);
810 
811 	SET_NLO_FUN_EN(h2c_pkt, enable);
812 	if (enable) {
813 		if (rtw_get_lps_deep_mode(rtwdev) != LPS_DEEP_MODE_NONE)
814 			SET_NLO_PS_32K(h2c_pkt, enable);
815 		SET_NLO_IGNORE_SECURITY(h2c_pkt, enable);
816 		SET_NLO_LOC_NLO_INFO(h2c_pkt, loc_nlo);
817 	}
818 
819 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
820 }
821 
822 void rtw_fw_set_pg_info(struct rtw_dev *rtwdev)
823 {
824 	struct rtw_lps_conf *conf = &rtwdev->lps_conf;
825 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
826 	u8 loc_pg, loc_dpk;
827 
828 	loc_pg = rtw_get_rsvd_page_location(rtwdev, RSVD_LPS_PG_INFO);
829 	loc_dpk = rtw_get_rsvd_page_location(rtwdev, RSVD_LPS_PG_DPK);
830 
831 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_LPS_PG_INFO);
832 
833 	LPS_PG_INFO_LOC(h2c_pkt, loc_pg);
834 	LPS_PG_DPK_LOC(h2c_pkt, loc_dpk);
835 	LPS_PG_SEC_CAM_EN(h2c_pkt, conf->sec_cam_backup);
836 	LPS_PG_PATTERN_CAM_EN(h2c_pkt, conf->pattern_cam_backup);
837 
838 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
839 }
840 
841 static u8 rtw_get_rsvd_page_probe_req_location(struct rtw_dev *rtwdev,
842 					       struct cfg80211_ssid *ssid)
843 {
844 	struct rtw_rsvd_page *rsvd_pkt;
845 	u8 location = 0;
846 
847 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
848 		if (rsvd_pkt->type != RSVD_PROBE_REQ)
849 			continue;
850 		if ((!ssid && !rsvd_pkt->ssid) ||
851 		    rtw_ssid_equal(rsvd_pkt->ssid, ssid))
852 			location = rsvd_pkt->page;
853 	}
854 
855 	return location;
856 }
857 
858 static u16 rtw_get_rsvd_page_probe_req_size(struct rtw_dev *rtwdev,
859 					    struct cfg80211_ssid *ssid)
860 {
861 	struct rtw_rsvd_page *rsvd_pkt;
862 	u16 size = 0;
863 
864 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
865 		if (rsvd_pkt->type != RSVD_PROBE_REQ)
866 			continue;
867 		if ((!ssid && !rsvd_pkt->ssid) ||
868 		    rtw_ssid_equal(rsvd_pkt->ssid, ssid))
869 			size = rsvd_pkt->probe_req_size;
870 	}
871 
872 	return size;
873 }
874 
875 void rtw_send_rsvd_page_h2c(struct rtw_dev *rtwdev)
876 {
877 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
878 	u8 location = 0;
879 
880 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_RSVD_PAGE);
881 
882 	location = rtw_get_rsvd_page_location(rtwdev, RSVD_PROBE_RESP);
883 	*(h2c_pkt + 1) = location;
884 	rtw_dbg(rtwdev, RTW_DBG_FW, "RSVD_PROBE_RESP loc: %d\n", location);
885 
886 	location = rtw_get_rsvd_page_location(rtwdev, RSVD_PS_POLL);
887 	*(h2c_pkt + 2) = location;
888 	rtw_dbg(rtwdev, RTW_DBG_FW, "RSVD_PS_POLL loc: %d\n", location);
889 
890 	location = rtw_get_rsvd_page_location(rtwdev, RSVD_NULL);
891 	*(h2c_pkt + 3) = location;
892 	rtw_dbg(rtwdev, RTW_DBG_FW, "RSVD_NULL loc: %d\n", location);
893 
894 	location = rtw_get_rsvd_page_location(rtwdev, RSVD_QOS_NULL);
895 	*(h2c_pkt + 4) = location;
896 	rtw_dbg(rtwdev, RTW_DBG_FW, "RSVD_QOS_NULL loc: %d\n", location);
897 
898 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
899 }
900 
901 static struct sk_buff *rtw_nlo_info_get(struct ieee80211_hw *hw)
902 {
903 	struct rtw_dev *rtwdev = hw->priv;
904 	struct rtw_chip_info *chip = rtwdev->chip;
905 	struct rtw_pno_request *pno_req = &rtwdev->wow.pno_req;
906 	struct rtw_nlo_info_hdr *nlo_hdr;
907 	struct cfg80211_ssid *ssid;
908 	struct sk_buff *skb;
909 	u8 *pos, loc;
910 	u32 size;
911 	int i;
912 
913 	if (!pno_req->inited || !pno_req->match_set_cnt)
914 		return NULL;
915 
916 	size = sizeof(struct rtw_nlo_info_hdr) + pno_req->match_set_cnt *
917 		      IEEE80211_MAX_SSID_LEN + chip->tx_pkt_desc_sz;
918 
919 	skb = alloc_skb(size, GFP_KERNEL);
920 	if (!skb)
921 		return NULL;
922 
923 	skb_reserve(skb, chip->tx_pkt_desc_sz);
924 
925 	nlo_hdr = skb_put_zero(skb, sizeof(struct rtw_nlo_info_hdr));
926 
927 	nlo_hdr->nlo_count = pno_req->match_set_cnt;
928 	nlo_hdr->hidden_ap_count = pno_req->match_set_cnt;
929 
930 	/* pattern check for firmware */
931 	memset(nlo_hdr->pattern_check, 0xA5, FW_NLO_INFO_CHECK_SIZE);
932 
933 	for (i = 0; i < pno_req->match_set_cnt; i++)
934 		nlo_hdr->ssid_len[i] = pno_req->match_sets[i].ssid.ssid_len;
935 
936 	for (i = 0; i < pno_req->match_set_cnt; i++) {
937 		ssid = &pno_req->match_sets[i].ssid;
938 		loc  = rtw_get_rsvd_page_probe_req_location(rtwdev, ssid);
939 		if (!loc) {
940 			rtw_err(rtwdev, "failed to get probe req rsvd loc\n");
941 			kfree_skb(skb);
942 			return NULL;
943 		}
944 		nlo_hdr->location[i] = loc;
945 	}
946 
947 	for (i = 0; i < pno_req->match_set_cnt; i++) {
948 		pos = skb_put_zero(skb, IEEE80211_MAX_SSID_LEN);
949 		memcpy(pos, pno_req->match_sets[i].ssid.ssid,
950 		       pno_req->match_sets[i].ssid.ssid_len);
951 	}
952 
953 	return skb;
954 }
955 
956 static struct sk_buff *rtw_cs_channel_info_get(struct ieee80211_hw *hw)
957 {
958 	struct rtw_dev *rtwdev = hw->priv;
959 	struct rtw_chip_info *chip = rtwdev->chip;
960 	struct rtw_pno_request *pno_req = &rtwdev->wow.pno_req;
961 	struct ieee80211_channel *channels = pno_req->channels;
962 	struct sk_buff *skb;
963 	int count =  pno_req->channel_cnt;
964 	u8 *pos;
965 	int i = 0;
966 
967 	skb = alloc_skb(4 * count + chip->tx_pkt_desc_sz, GFP_KERNEL);
968 	if (!skb)
969 		return NULL;
970 
971 	skb_reserve(skb, chip->tx_pkt_desc_sz);
972 
973 	for (i = 0; i < count; i++) {
974 		pos = skb_put_zero(skb, 4);
975 
976 		CHSW_INFO_SET_CH(pos, channels[i].hw_value);
977 
978 		if (channels[i].flags & IEEE80211_CHAN_RADAR)
979 			CHSW_INFO_SET_ACTION_ID(pos, 0);
980 		else
981 			CHSW_INFO_SET_ACTION_ID(pos, 1);
982 		CHSW_INFO_SET_TIMEOUT(pos, 1);
983 		CHSW_INFO_SET_PRI_CH_IDX(pos, 1);
984 		CHSW_INFO_SET_BW(pos, 0);
985 	}
986 
987 	return skb;
988 }
989 
990 static struct sk_buff *rtw_lps_pg_dpk_get(struct ieee80211_hw *hw)
991 {
992 	struct rtw_dev *rtwdev = hw->priv;
993 	struct rtw_chip_info *chip = rtwdev->chip;
994 	struct rtw_dpk_info *dpk_info = &rtwdev->dm_info.dpk_info;
995 	struct rtw_lps_pg_dpk_hdr *dpk_hdr;
996 	struct sk_buff *skb;
997 	u32 size;
998 
999 	size = chip->tx_pkt_desc_sz + sizeof(*dpk_hdr);
1000 	skb = alloc_skb(size, GFP_KERNEL);
1001 	if (!skb)
1002 		return NULL;
1003 
1004 	skb_reserve(skb, chip->tx_pkt_desc_sz);
1005 	dpk_hdr = skb_put_zero(skb, sizeof(*dpk_hdr));
1006 	dpk_hdr->dpk_ch = dpk_info->dpk_ch;
1007 	dpk_hdr->dpk_path_ok = dpk_info->dpk_path_ok[0];
1008 	memcpy(dpk_hdr->dpk_txagc, dpk_info->dpk_txagc, 2);
1009 	memcpy(dpk_hdr->dpk_gs, dpk_info->dpk_gs, 4);
1010 	memcpy(dpk_hdr->coef, dpk_info->coef, 160);
1011 
1012 	return skb;
1013 }
1014 
1015 static struct sk_buff *rtw_lps_pg_info_get(struct ieee80211_hw *hw)
1016 {
1017 	struct rtw_dev *rtwdev = hw->priv;
1018 	struct rtw_chip_info *chip = rtwdev->chip;
1019 	struct rtw_lps_conf *conf = &rtwdev->lps_conf;
1020 	struct rtw_lps_pg_info_hdr *pg_info_hdr;
1021 	struct rtw_wow_param *rtw_wow = &rtwdev->wow;
1022 	struct sk_buff *skb;
1023 	u32 size;
1024 
1025 	size = chip->tx_pkt_desc_sz + sizeof(*pg_info_hdr);
1026 	skb = alloc_skb(size, GFP_KERNEL);
1027 	if (!skb)
1028 		return NULL;
1029 
1030 	skb_reserve(skb, chip->tx_pkt_desc_sz);
1031 	pg_info_hdr = skb_put_zero(skb, sizeof(*pg_info_hdr));
1032 	pg_info_hdr->tx_bu_page_count = rtwdev->fifo.rsvd_drv_pg_num;
1033 	pg_info_hdr->macid = find_first_bit(rtwdev->mac_id_map, RTW_MAX_MAC_ID_NUM);
1034 	pg_info_hdr->sec_cam_count =
1035 		rtw_sec_cam_pg_backup(rtwdev, pg_info_hdr->sec_cam);
1036 	pg_info_hdr->pattern_count = rtw_wow->pattern_cnt;
1037 
1038 	conf->sec_cam_backup = pg_info_hdr->sec_cam_count != 0;
1039 	conf->pattern_cam_backup = rtw_wow->pattern_cnt != 0;
1040 
1041 	return skb;
1042 }
1043 
1044 static struct sk_buff *rtw_get_rsvd_page_skb(struct ieee80211_hw *hw,
1045 					     struct rtw_rsvd_page *rsvd_pkt)
1046 {
1047 	struct ieee80211_vif *vif;
1048 	struct rtw_vif *rtwvif;
1049 	struct sk_buff *skb_new;
1050 	struct cfg80211_ssid *ssid;
1051 
1052 	if (rsvd_pkt->type == RSVD_DUMMY) {
1053 		skb_new = alloc_skb(1, GFP_KERNEL);
1054 		if (!skb_new)
1055 			return NULL;
1056 
1057 		skb_put(skb_new, 1);
1058 		return skb_new;
1059 	}
1060 
1061 	rtwvif = rsvd_pkt->rtwvif;
1062 	if (!rtwvif)
1063 		return NULL;
1064 
1065 	vif = rtwvif_to_vif(rtwvif);
1066 
1067 	switch (rsvd_pkt->type) {
1068 	case RSVD_BEACON:
1069 		skb_new = ieee80211_beacon_get(hw, vif);
1070 		break;
1071 	case RSVD_PS_POLL:
1072 		skb_new = ieee80211_pspoll_get(hw, vif);
1073 		break;
1074 	case RSVD_PROBE_RESP:
1075 		skb_new = ieee80211_proberesp_get(hw, vif);
1076 		break;
1077 	case RSVD_NULL:
1078 		skb_new = ieee80211_nullfunc_get(hw, vif, false);
1079 		break;
1080 	case RSVD_QOS_NULL:
1081 		skb_new = ieee80211_nullfunc_get(hw, vif, true);
1082 		break;
1083 	case RSVD_LPS_PG_DPK:
1084 		skb_new = rtw_lps_pg_dpk_get(hw);
1085 		break;
1086 	case RSVD_LPS_PG_INFO:
1087 		skb_new = rtw_lps_pg_info_get(hw);
1088 		break;
1089 	case RSVD_PROBE_REQ:
1090 		ssid = (struct cfg80211_ssid *)rsvd_pkt->ssid;
1091 		if (ssid)
1092 			skb_new = ieee80211_probereq_get(hw, vif->addr,
1093 							 ssid->ssid,
1094 							 ssid->ssid_len, 0);
1095 		else
1096 			skb_new = ieee80211_probereq_get(hw, vif->addr, NULL, 0, 0);
1097 		if (skb_new)
1098 			rsvd_pkt->probe_req_size = (u16)skb_new->len;
1099 		break;
1100 	case RSVD_NLO_INFO:
1101 		skb_new = rtw_nlo_info_get(hw);
1102 		break;
1103 	case RSVD_CH_INFO:
1104 		skb_new = rtw_cs_channel_info_get(hw);
1105 		break;
1106 	default:
1107 		return NULL;
1108 	}
1109 
1110 	if (!skb_new)
1111 		return NULL;
1112 
1113 	return skb_new;
1114 }
1115 
1116 static void rtw_fill_rsvd_page_desc(struct rtw_dev *rtwdev, struct sk_buff *skb,
1117 				    enum rtw_rsvd_packet_type type)
1118 {
1119 	struct rtw_tx_pkt_info pkt_info = {0};
1120 	struct rtw_chip_info *chip = rtwdev->chip;
1121 	u8 *pkt_desc;
1122 
1123 	rtw_tx_rsvd_page_pkt_info_update(rtwdev, &pkt_info, skb, type);
1124 	pkt_desc = skb_push(skb, chip->tx_pkt_desc_sz);
1125 	memset(pkt_desc, 0, chip->tx_pkt_desc_sz);
1126 	rtw_tx_fill_tx_desc(&pkt_info, skb);
1127 }
1128 
1129 static inline u8 rtw_len_to_page(unsigned int len, u8 page_size)
1130 {
1131 	return DIV_ROUND_UP(len, page_size);
1132 }
1133 
1134 static void rtw_rsvd_page_list_to_buf(struct rtw_dev *rtwdev, u8 page_size,
1135 				      u8 page_margin, u32 page, u8 *buf,
1136 				      struct rtw_rsvd_page *rsvd_pkt)
1137 {
1138 	struct sk_buff *skb = rsvd_pkt->skb;
1139 
1140 	if (page >= 1)
1141 		memcpy(buf + page_margin + page_size * (page - 1),
1142 		       skb->data, skb->len);
1143 	else
1144 		memcpy(buf, skb->data, skb->len);
1145 }
1146 
1147 static struct rtw_rsvd_page *rtw_alloc_rsvd_page(struct rtw_dev *rtwdev,
1148 						 enum rtw_rsvd_packet_type type,
1149 						 bool txdesc)
1150 {
1151 	struct rtw_rsvd_page *rsvd_pkt = NULL;
1152 
1153 	rsvd_pkt = kzalloc(sizeof(*rsvd_pkt), GFP_KERNEL);
1154 
1155 	if (!rsvd_pkt)
1156 		return NULL;
1157 
1158 	INIT_LIST_HEAD(&rsvd_pkt->vif_list);
1159 	INIT_LIST_HEAD(&rsvd_pkt->build_list);
1160 	rsvd_pkt->type = type;
1161 	rsvd_pkt->add_txdesc = txdesc;
1162 
1163 	return rsvd_pkt;
1164 }
1165 
1166 static void rtw_insert_rsvd_page(struct rtw_dev *rtwdev,
1167 				 struct rtw_vif *rtwvif,
1168 				 struct rtw_rsvd_page *rsvd_pkt)
1169 {
1170 	lockdep_assert_held(&rtwdev->mutex);
1171 
1172 	list_add_tail(&rsvd_pkt->vif_list, &rtwvif->rsvd_page_list);
1173 }
1174 
1175 static void rtw_add_rsvd_page(struct rtw_dev *rtwdev,
1176 			      struct rtw_vif *rtwvif,
1177 			      enum rtw_rsvd_packet_type type,
1178 			      bool txdesc)
1179 {
1180 	struct rtw_rsvd_page *rsvd_pkt;
1181 
1182 	rsvd_pkt = rtw_alloc_rsvd_page(rtwdev, type, txdesc);
1183 	if (!rsvd_pkt) {
1184 		rtw_err(rtwdev, "failed to alloc rsvd page %d\n", type);
1185 		return;
1186 	}
1187 
1188 	rsvd_pkt->rtwvif = rtwvif;
1189 	rtw_insert_rsvd_page(rtwdev, rtwvif, rsvd_pkt);
1190 }
1191 
1192 static void rtw_add_rsvd_page_probe_req(struct rtw_dev *rtwdev,
1193 					struct rtw_vif *rtwvif,
1194 					struct cfg80211_ssid *ssid)
1195 {
1196 	struct rtw_rsvd_page *rsvd_pkt;
1197 
1198 	rsvd_pkt = rtw_alloc_rsvd_page(rtwdev, RSVD_PROBE_REQ, true);
1199 	if (!rsvd_pkt) {
1200 		rtw_err(rtwdev, "failed to alloc probe req rsvd page\n");
1201 		return;
1202 	}
1203 
1204 	rsvd_pkt->rtwvif = rtwvif;
1205 	rsvd_pkt->ssid = ssid;
1206 	rtw_insert_rsvd_page(rtwdev, rtwvif, rsvd_pkt);
1207 }
1208 
1209 void rtw_remove_rsvd_page(struct rtw_dev *rtwdev,
1210 			  struct rtw_vif *rtwvif)
1211 {
1212 	struct rtw_rsvd_page *rsvd_pkt, *tmp;
1213 
1214 	lockdep_assert_held(&rtwdev->mutex);
1215 
1216 	/* remove all of the rsvd pages for vif */
1217 	list_for_each_entry_safe(rsvd_pkt, tmp, &rtwvif->rsvd_page_list,
1218 				 vif_list) {
1219 		list_del(&rsvd_pkt->vif_list);
1220 		if (!list_empty(&rsvd_pkt->build_list))
1221 			list_del(&rsvd_pkt->build_list);
1222 		kfree(rsvd_pkt);
1223 	}
1224 }
1225 
1226 void rtw_add_rsvd_page_bcn(struct rtw_dev *rtwdev,
1227 			   struct rtw_vif *rtwvif)
1228 {
1229 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
1230 
1231 	if (vif->type != NL80211_IFTYPE_AP &&
1232 	    vif->type != NL80211_IFTYPE_ADHOC &&
1233 	    vif->type != NL80211_IFTYPE_MESH_POINT) {
1234 		rtw_warn(rtwdev, "Cannot add beacon rsvd page for %d\n",
1235 			 vif->type);
1236 		return;
1237 	}
1238 
1239 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_BEACON, false);
1240 }
1241 
1242 void rtw_add_rsvd_page_pno(struct rtw_dev *rtwdev,
1243 			   struct rtw_vif *rtwvif)
1244 {
1245 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
1246 	struct rtw_wow_param *rtw_wow = &rtwdev->wow;
1247 	struct rtw_pno_request *rtw_pno_req = &rtw_wow->pno_req;
1248 	struct cfg80211_ssid *ssid;
1249 	int i;
1250 
1251 	if (vif->type != NL80211_IFTYPE_STATION) {
1252 		rtw_warn(rtwdev, "Cannot add PNO rsvd page for %d\n",
1253 			 vif->type);
1254 		return;
1255 	}
1256 
1257 	for (i = 0 ; i < rtw_pno_req->match_set_cnt; i++) {
1258 		ssid = &rtw_pno_req->match_sets[i].ssid;
1259 		rtw_add_rsvd_page_probe_req(rtwdev, rtwvif, ssid);
1260 	}
1261 
1262 	rtw_add_rsvd_page_probe_req(rtwdev, rtwvif, NULL);
1263 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_NLO_INFO, false);
1264 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_CH_INFO, true);
1265 }
1266 
1267 void rtw_add_rsvd_page_sta(struct rtw_dev *rtwdev,
1268 			   struct rtw_vif *rtwvif)
1269 {
1270 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
1271 
1272 	if (vif->type != NL80211_IFTYPE_STATION) {
1273 		rtw_warn(rtwdev, "Cannot add sta rsvd page for %d\n",
1274 			 vif->type);
1275 		return;
1276 	}
1277 
1278 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_PS_POLL, true);
1279 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_QOS_NULL, true);
1280 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_NULL, true);
1281 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_LPS_PG_DPK, true);
1282 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_LPS_PG_INFO, true);
1283 }
1284 
1285 int rtw_fw_write_data_rsvd_page(struct rtw_dev *rtwdev, u16 pg_addr,
1286 				u8 *buf, u32 size)
1287 {
1288 	u8 bckp[2];
1289 	u8 val;
1290 	u16 rsvd_pg_head;
1291 	u32 bcn_valid_addr;
1292 	u32 bcn_valid_mask;
1293 	int ret;
1294 
1295 	lockdep_assert_held(&rtwdev->mutex);
1296 
1297 	if (!size)
1298 		return -EINVAL;
1299 
1300 	if (rtw_chip_wcpu_11n(rtwdev)) {
1301 		rtw_write32_set(rtwdev, REG_DWBCN0_CTRL, BIT_BCN_VALID);
1302 	} else {
1303 		pg_addr &= BIT_MASK_BCN_HEAD_1_V1;
1304 		pg_addr |= BIT_BCN_VALID_V1;
1305 		rtw_write16(rtwdev, REG_FIFOPAGE_CTRL_2, pg_addr);
1306 	}
1307 
1308 	val = rtw_read8(rtwdev, REG_CR + 1);
1309 	bckp[0] = val;
1310 	val |= BIT_ENSWBCN >> 8;
1311 	rtw_write8(rtwdev, REG_CR + 1, val);
1312 
1313 	val = rtw_read8(rtwdev, REG_FWHW_TXQ_CTRL + 2);
1314 	bckp[1] = val;
1315 	val &= ~(BIT_EN_BCNQ_DL >> 16);
1316 	rtw_write8(rtwdev, REG_FWHW_TXQ_CTRL + 2, val);
1317 
1318 	ret = rtw_hci_write_data_rsvd_page(rtwdev, buf, size);
1319 	if (ret) {
1320 		rtw_err(rtwdev, "failed to write data to rsvd page\n");
1321 		goto restore;
1322 	}
1323 
1324 	if (rtw_chip_wcpu_11n(rtwdev)) {
1325 		bcn_valid_addr = REG_DWBCN0_CTRL;
1326 		bcn_valid_mask = BIT_BCN_VALID;
1327 	} else {
1328 		bcn_valid_addr = REG_FIFOPAGE_CTRL_2;
1329 		bcn_valid_mask = BIT_BCN_VALID_V1;
1330 	}
1331 
1332 	if (!check_hw_ready(rtwdev, bcn_valid_addr, bcn_valid_mask, 1)) {
1333 		rtw_err(rtwdev, "error beacon valid\n");
1334 		ret = -EBUSY;
1335 	}
1336 
1337 restore:
1338 	rsvd_pg_head = rtwdev->fifo.rsvd_boundary;
1339 	rtw_write16(rtwdev, REG_FIFOPAGE_CTRL_2,
1340 		    rsvd_pg_head | BIT_BCN_VALID_V1);
1341 	rtw_write8(rtwdev, REG_FWHW_TXQ_CTRL + 2, bckp[1]);
1342 	rtw_write8(rtwdev, REG_CR + 1, bckp[0]);
1343 
1344 	return ret;
1345 }
1346 
1347 static int rtw_download_drv_rsvd_page(struct rtw_dev *rtwdev, u8 *buf, u32 size)
1348 {
1349 	u32 pg_size;
1350 	u32 pg_num = 0;
1351 	u16 pg_addr = 0;
1352 
1353 	pg_size = rtwdev->chip->page_size;
1354 	pg_num = size / pg_size + ((size & (pg_size - 1)) ? 1 : 0);
1355 	if (pg_num > rtwdev->fifo.rsvd_drv_pg_num)
1356 		return -ENOMEM;
1357 
1358 	pg_addr = rtwdev->fifo.rsvd_drv_addr;
1359 
1360 	return rtw_fw_write_data_rsvd_page(rtwdev, pg_addr, buf, size);
1361 }
1362 
1363 static void __rtw_build_rsvd_page_reset(struct rtw_dev *rtwdev)
1364 {
1365 	struct rtw_rsvd_page *rsvd_pkt, *tmp;
1366 
1367 	list_for_each_entry_safe(rsvd_pkt, tmp, &rtwdev->rsvd_page_list,
1368 				 build_list) {
1369 		list_del_init(&rsvd_pkt->build_list);
1370 
1371 		/* Don't free except for the dummy rsvd page,
1372 		 * others will be freed when removing vif
1373 		 */
1374 		if (rsvd_pkt->type == RSVD_DUMMY)
1375 			kfree(rsvd_pkt);
1376 	}
1377 }
1378 
1379 static void rtw_build_rsvd_page_iter(void *data, u8 *mac,
1380 				     struct ieee80211_vif *vif)
1381 {
1382 	struct rtw_dev *rtwdev = data;
1383 	struct rtw_vif *rtwvif = (struct rtw_vif *)vif->drv_priv;
1384 	struct rtw_rsvd_page *rsvd_pkt;
1385 
1386 	list_for_each_entry(rsvd_pkt, &rtwvif->rsvd_page_list, vif_list) {
1387 		if (rsvd_pkt->type == RSVD_BEACON)
1388 			list_add(&rsvd_pkt->build_list,
1389 				 &rtwdev->rsvd_page_list);
1390 		else
1391 			list_add_tail(&rsvd_pkt->build_list,
1392 				      &rtwdev->rsvd_page_list);
1393 	}
1394 }
1395 
1396 static int  __rtw_build_rsvd_page_from_vifs(struct rtw_dev *rtwdev)
1397 {
1398 	struct rtw_rsvd_page *rsvd_pkt;
1399 
1400 	__rtw_build_rsvd_page_reset(rtwdev);
1401 
1402 	/* gather rsvd page from vifs */
1403 	rtw_iterate_vifs_atomic(rtwdev, rtw_build_rsvd_page_iter, rtwdev);
1404 
1405 	rsvd_pkt = list_first_entry_or_null(&rtwdev->rsvd_page_list,
1406 					    struct rtw_rsvd_page, build_list);
1407 	if (!rsvd_pkt) {
1408 		WARN(1, "Should not have an empty reserved page\n");
1409 		return -EINVAL;
1410 	}
1411 
1412 	/* the first rsvd should be beacon, otherwise add a dummy one */
1413 	if (rsvd_pkt->type != RSVD_BEACON) {
1414 		struct rtw_rsvd_page *dummy_pkt;
1415 
1416 		dummy_pkt = rtw_alloc_rsvd_page(rtwdev, RSVD_DUMMY, false);
1417 		if (!dummy_pkt) {
1418 			rtw_err(rtwdev, "failed to alloc dummy rsvd page\n");
1419 			return -ENOMEM;
1420 		}
1421 
1422 		list_add(&dummy_pkt->build_list, &rtwdev->rsvd_page_list);
1423 	}
1424 
1425 	return 0;
1426 }
1427 
1428 static u8 *rtw_build_rsvd_page(struct rtw_dev *rtwdev, u32 *size)
1429 {
1430 	struct ieee80211_hw *hw = rtwdev->hw;
1431 	struct rtw_chip_info *chip = rtwdev->chip;
1432 	struct sk_buff *iter;
1433 	struct rtw_rsvd_page *rsvd_pkt;
1434 	u32 page = 0;
1435 	u8 total_page = 0;
1436 	u8 page_size, page_margin, tx_desc_sz;
1437 	u8 *buf;
1438 	int ret;
1439 
1440 	page_size = chip->page_size;
1441 	tx_desc_sz = chip->tx_pkt_desc_sz;
1442 	page_margin = page_size - tx_desc_sz;
1443 
1444 	ret = __rtw_build_rsvd_page_from_vifs(rtwdev);
1445 	if (ret) {
1446 		rtw_err(rtwdev,
1447 			"failed to build rsvd page from vifs, ret %d\n", ret);
1448 		return NULL;
1449 	}
1450 
1451 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
1452 		iter = rtw_get_rsvd_page_skb(hw, rsvd_pkt);
1453 		if (!iter) {
1454 			rtw_err(rtwdev, "failed to build rsvd packet\n");
1455 			goto release_skb;
1456 		}
1457 
1458 		/* Fill the tx_desc for the rsvd pkt that requires one.
1459 		 * And iter->len will be added with size of tx_desc_sz.
1460 		 */
1461 		if (rsvd_pkt->add_txdesc)
1462 			rtw_fill_rsvd_page_desc(rtwdev, iter, rsvd_pkt->type);
1463 
1464 		rsvd_pkt->skb = iter;
1465 		rsvd_pkt->page = total_page;
1466 
1467 		/* Reserved page is downloaded via TX path, and TX path will
1468 		 * generate a tx_desc at the header to describe length of
1469 		 * the buffer. If we are not counting page numbers with the
1470 		 * size of tx_desc added at the first rsvd_pkt (usually a
1471 		 * beacon, firmware default refer to the first page as the
1472 		 * content of beacon), we could generate a buffer which size
1473 		 * is smaller than the actual size of the whole rsvd_page
1474 		 */
1475 		if (total_page == 0) {
1476 			if (rsvd_pkt->type != RSVD_BEACON &&
1477 			    rsvd_pkt->type != RSVD_DUMMY) {
1478 				rtw_err(rtwdev, "first page should be a beacon\n");
1479 				goto release_skb;
1480 			}
1481 			total_page += rtw_len_to_page(iter->len + tx_desc_sz,
1482 						      page_size);
1483 		} else {
1484 			total_page += rtw_len_to_page(iter->len, page_size);
1485 		}
1486 	}
1487 
1488 	if (total_page > rtwdev->fifo.rsvd_drv_pg_num) {
1489 		rtw_err(rtwdev, "rsvd page over size: %d\n", total_page);
1490 		goto release_skb;
1491 	}
1492 
1493 	*size = (total_page - 1) * page_size + page_margin;
1494 	buf = kzalloc(*size, GFP_KERNEL);
1495 	if (!buf)
1496 		goto release_skb;
1497 
1498 	/* Copy the content of each rsvd_pkt to the buf, and they should
1499 	 * be aligned to the pages.
1500 	 *
1501 	 * Note that the first rsvd_pkt is a beacon no matter what vif->type.
1502 	 * And that rsvd_pkt does not require tx_desc because when it goes
1503 	 * through TX path, the TX path will generate one for it.
1504 	 */
1505 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
1506 		rtw_rsvd_page_list_to_buf(rtwdev, page_size, page_margin,
1507 					  page, buf, rsvd_pkt);
1508 		if (page == 0)
1509 			page += rtw_len_to_page(rsvd_pkt->skb->len +
1510 						tx_desc_sz, page_size);
1511 		else
1512 			page += rtw_len_to_page(rsvd_pkt->skb->len, page_size);
1513 
1514 		kfree_skb(rsvd_pkt->skb);
1515 		rsvd_pkt->skb = NULL;
1516 	}
1517 
1518 	return buf;
1519 
1520 release_skb:
1521 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
1522 		kfree_skb(rsvd_pkt->skb);
1523 		rsvd_pkt->skb = NULL;
1524 	}
1525 
1526 	return NULL;
1527 }
1528 
1529 static int rtw_download_beacon(struct rtw_dev *rtwdev)
1530 {
1531 	struct ieee80211_hw *hw = rtwdev->hw;
1532 	struct rtw_rsvd_page *rsvd_pkt;
1533 	struct sk_buff *skb;
1534 	int ret = 0;
1535 
1536 	rsvd_pkt = list_first_entry_or_null(&rtwdev->rsvd_page_list,
1537 					    struct rtw_rsvd_page, build_list);
1538 	if (!rsvd_pkt) {
1539 		rtw_err(rtwdev, "failed to get rsvd page from build list\n");
1540 		return -ENOENT;
1541 	}
1542 
1543 	if (rsvd_pkt->type != RSVD_BEACON &&
1544 	    rsvd_pkt->type != RSVD_DUMMY) {
1545 		rtw_err(rtwdev, "invalid rsvd page type %d, should be beacon or dummy\n",
1546 			rsvd_pkt->type);
1547 		return -EINVAL;
1548 	}
1549 
1550 	skb = rtw_get_rsvd_page_skb(hw, rsvd_pkt);
1551 	if (!skb) {
1552 		rtw_err(rtwdev, "failed to get beacon skb\n");
1553 		return -ENOMEM;
1554 	}
1555 
1556 	ret = rtw_download_drv_rsvd_page(rtwdev, skb->data, skb->len);
1557 	if (ret)
1558 		rtw_err(rtwdev, "failed to download drv rsvd page\n");
1559 
1560 	dev_kfree_skb(skb);
1561 
1562 	return ret;
1563 }
1564 
1565 int rtw_fw_download_rsvd_page(struct rtw_dev *rtwdev)
1566 {
1567 	u8 *buf;
1568 	u32 size;
1569 	int ret;
1570 
1571 	buf = rtw_build_rsvd_page(rtwdev, &size);
1572 	if (!buf) {
1573 		rtw_err(rtwdev, "failed to build rsvd page pkt\n");
1574 		return -ENOMEM;
1575 	}
1576 
1577 	ret = rtw_download_drv_rsvd_page(rtwdev, buf, size);
1578 	if (ret) {
1579 		rtw_err(rtwdev, "failed to download drv rsvd page\n");
1580 		goto free;
1581 	}
1582 
1583 	/* The last thing is to download the *ONLY* beacon again, because
1584 	 * the previous tx_desc is to describe the total rsvd page. Download
1585 	 * the beacon again to replace the TX desc header, and we will get
1586 	 * a correct tx_desc for the beacon in the rsvd page.
1587 	 */
1588 	ret = rtw_download_beacon(rtwdev);
1589 	if (ret) {
1590 		rtw_err(rtwdev, "failed to download beacon\n");
1591 		goto free;
1592 	}
1593 
1594 free:
1595 	kfree(buf);
1596 
1597 	return ret;
1598 }
1599 
1600 static void rtw_fw_read_fifo_page(struct rtw_dev *rtwdev, u32 offset, u32 size,
1601 				  u32 *buf, u32 residue, u16 start_pg)
1602 {
1603 	u32 i;
1604 	u16 idx = 0;
1605 	u16 ctl;
1606 
1607 	ctl = rtw_read16(rtwdev, REG_PKTBUF_DBG_CTRL) & 0xf000;
1608 	/* disable rx clock gate */
1609 	rtw_write32_set(rtwdev, REG_RCR, BIT_DISGCLK);
1610 
1611 	do {
1612 		rtw_write16(rtwdev, REG_PKTBUF_DBG_CTRL, start_pg | ctl);
1613 
1614 		for (i = FIFO_DUMP_ADDR + residue;
1615 		     i < FIFO_DUMP_ADDR + FIFO_PAGE_SIZE; i += 4) {
1616 			buf[idx++] = rtw_read32(rtwdev, i);
1617 			size -= 4;
1618 			if (size == 0)
1619 				goto out;
1620 		}
1621 
1622 		residue = 0;
1623 		start_pg++;
1624 	} while (size);
1625 
1626 out:
1627 	rtw_write16(rtwdev, REG_PKTBUF_DBG_CTRL, ctl);
1628 	/* restore rx clock gate */
1629 	rtw_write32_clr(rtwdev, REG_RCR, BIT_DISGCLK);
1630 }
1631 
1632 static void rtw_fw_read_fifo(struct rtw_dev *rtwdev, enum rtw_fw_fifo_sel sel,
1633 			     u32 offset, u32 size, u32 *buf)
1634 {
1635 	struct rtw_chip_info *chip = rtwdev->chip;
1636 	u32 start_pg, residue;
1637 
1638 	if (sel >= RTW_FW_FIFO_MAX) {
1639 		rtw_dbg(rtwdev, RTW_DBG_FW, "wrong fw fifo sel\n");
1640 		return;
1641 	}
1642 	if (sel == RTW_FW_FIFO_SEL_RSVD_PAGE)
1643 		offset += rtwdev->fifo.rsvd_boundary << TX_PAGE_SIZE_SHIFT;
1644 	residue = offset & (FIFO_PAGE_SIZE - 1);
1645 	start_pg = (offset >> FIFO_PAGE_SIZE_SHIFT) + chip->fw_fifo_addr[sel];
1646 
1647 	rtw_fw_read_fifo_page(rtwdev, offset, size, buf, residue, start_pg);
1648 }
1649 
1650 static bool rtw_fw_dump_check_size(struct rtw_dev *rtwdev,
1651 				   enum rtw_fw_fifo_sel sel,
1652 				   u32 start_addr, u32 size)
1653 {
1654 	switch (sel) {
1655 	case RTW_FW_FIFO_SEL_TX:
1656 	case RTW_FW_FIFO_SEL_RX:
1657 		if ((start_addr + size) > rtwdev->chip->fw_fifo_addr[sel])
1658 			return false;
1659 		fallthrough;
1660 	default:
1661 		return true;
1662 	}
1663 }
1664 
1665 int rtw_fw_dump_fifo(struct rtw_dev *rtwdev, u8 fifo_sel, u32 addr, u32 size,
1666 		     u32 *buffer)
1667 {
1668 	if (!rtwdev->chip->fw_fifo_addr[0]) {
1669 		rtw_dbg(rtwdev, RTW_DBG_FW, "chip not support dump fw fifo\n");
1670 		return -ENOTSUPP;
1671 	}
1672 
1673 	if (size == 0 || !buffer)
1674 		return -EINVAL;
1675 
1676 	if (size & 0x3) {
1677 		rtw_dbg(rtwdev, RTW_DBG_FW, "not 4byte alignment\n");
1678 		return -EINVAL;
1679 	}
1680 
1681 	if (!rtw_fw_dump_check_size(rtwdev, fifo_sel, addr, size)) {
1682 		rtw_dbg(rtwdev, RTW_DBG_FW, "fw fifo dump size overflow\n");
1683 		return -EINVAL;
1684 	}
1685 
1686 	rtw_fw_read_fifo(rtwdev, fifo_sel, addr, size, buffer);
1687 
1688 	return 0;
1689 }
1690 
1691 static void __rtw_fw_update_pkt(struct rtw_dev *rtwdev, u8 pkt_id, u16 size,
1692 				u8 location)
1693 {
1694 	struct rtw_chip_info *chip = rtwdev->chip;
1695 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
1696 	u16 total_size = H2C_PKT_HDR_SIZE + H2C_PKT_UPDATE_PKT_LEN;
1697 
1698 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_UPDATE_PKT);
1699 
1700 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, total_size);
1701 	UPDATE_PKT_SET_PKT_ID(h2c_pkt, pkt_id);
1702 	UPDATE_PKT_SET_LOCATION(h2c_pkt, location);
1703 
1704 	/* include txdesc size */
1705 	size += chip->tx_pkt_desc_sz;
1706 	UPDATE_PKT_SET_SIZE(h2c_pkt, size);
1707 
1708 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
1709 }
1710 
1711 void rtw_fw_update_pkt_probe_req(struct rtw_dev *rtwdev,
1712 				 struct cfg80211_ssid *ssid)
1713 {
1714 	u8 loc;
1715 	u16 size;
1716 
1717 	loc = rtw_get_rsvd_page_probe_req_location(rtwdev, ssid);
1718 	if (!loc) {
1719 		rtw_err(rtwdev, "failed to get probe_req rsvd loc\n");
1720 		return;
1721 	}
1722 
1723 	size = rtw_get_rsvd_page_probe_req_size(rtwdev, ssid);
1724 	if (!size) {
1725 		rtw_err(rtwdev, "failed to get probe_req rsvd size\n");
1726 		return;
1727 	}
1728 
1729 	__rtw_fw_update_pkt(rtwdev, RTW_PACKET_PROBE_REQ, size, loc);
1730 }
1731 
1732 void rtw_fw_channel_switch(struct rtw_dev *rtwdev, bool enable)
1733 {
1734 	struct rtw_pno_request *rtw_pno_req = &rtwdev->wow.pno_req;
1735 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
1736 	u16 total_size = H2C_PKT_HDR_SIZE + H2C_PKT_CH_SWITCH_LEN;
1737 	u8 loc_ch_info;
1738 	const struct rtw_ch_switch_option cs_option = {
1739 		.dest_ch_en = 1,
1740 		.dest_ch = 1,
1741 		.periodic_option = 2,
1742 		.normal_period = 5,
1743 		.normal_period_sel = 0,
1744 		.normal_cycle = 10,
1745 		.slow_period = 1,
1746 		.slow_period_sel = 1,
1747 	};
1748 
1749 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_CH_SWITCH);
1750 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, total_size);
1751 
1752 	CH_SWITCH_SET_START(h2c_pkt, enable);
1753 	CH_SWITCH_SET_DEST_CH_EN(h2c_pkt, cs_option.dest_ch_en);
1754 	CH_SWITCH_SET_DEST_CH(h2c_pkt, cs_option.dest_ch);
1755 	CH_SWITCH_SET_NORMAL_PERIOD(h2c_pkt, cs_option.normal_period);
1756 	CH_SWITCH_SET_NORMAL_PERIOD_SEL(h2c_pkt, cs_option.normal_period_sel);
1757 	CH_SWITCH_SET_SLOW_PERIOD(h2c_pkt, cs_option.slow_period);
1758 	CH_SWITCH_SET_SLOW_PERIOD_SEL(h2c_pkt, cs_option.slow_period_sel);
1759 	CH_SWITCH_SET_NORMAL_CYCLE(h2c_pkt, cs_option.normal_cycle);
1760 	CH_SWITCH_SET_PERIODIC_OPT(h2c_pkt, cs_option.periodic_option);
1761 
1762 	CH_SWITCH_SET_CH_NUM(h2c_pkt, rtw_pno_req->channel_cnt);
1763 	CH_SWITCH_SET_INFO_SIZE(h2c_pkt, rtw_pno_req->channel_cnt * 4);
1764 
1765 	loc_ch_info = rtw_get_rsvd_page_location(rtwdev, RSVD_CH_INFO);
1766 	CH_SWITCH_SET_INFO_LOC(h2c_pkt, loc_ch_info);
1767 
1768 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
1769 }
1770 
1771 void rtw_fw_adaptivity(struct rtw_dev *rtwdev)
1772 {
1773 	struct rtw_dm_info *dm_info = &rtwdev->dm_info;
1774 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
1775 
1776 	if (!rtw_edcca_enabled) {
1777 		dm_info->edcca_mode = RTW_EDCCA_NORMAL;
1778 		rtw_dbg(rtwdev, RTW_DBG_ADAPTIVITY,
1779 			"EDCCA disabled by debugfs\n");
1780 	}
1781 
1782 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_ADAPTIVITY);
1783 	SET_ADAPTIVITY_MODE(h2c_pkt, dm_info->edcca_mode);
1784 	SET_ADAPTIVITY_OPTION(h2c_pkt, 2);
1785 	SET_ADAPTIVITY_IGI(h2c_pkt, dm_info->igi_history[0]);
1786 	SET_ADAPTIVITY_L2H(h2c_pkt, dm_info->l2h_th_ini);
1787 	SET_ADAPTIVITY_DENSITY(h2c_pkt, dm_info->scan_density);
1788 
1789 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
1790 }
1791 
1792 void rtw_fw_scan_notify(struct rtw_dev *rtwdev, bool start)
1793 {
1794 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
1795 
1796 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_SCAN);
1797 	SET_SCAN_START(h2c_pkt, start);
1798 
1799 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
1800 }
1801 
1802 static int rtw_append_probe_req_ie(struct rtw_dev *rtwdev, struct sk_buff *skb,
1803 				   struct sk_buff_head *list, u8 *bands,
1804 				   struct rtw_vif *rtwvif)
1805 {
1806 	struct ieee80211_scan_ies *ies = rtwvif->scan_ies;
1807 	struct rtw_chip_info *chip = rtwdev->chip;
1808 	struct sk_buff *new;
1809 	u8 idx;
1810 
1811 	for (idx = NL80211_BAND_2GHZ; idx < NUM_NL80211_BANDS; idx++) {
1812 		if (!(BIT(idx) & chip->band))
1813 			continue;
1814 		new = skb_copy(skb, GFP_KERNEL);
1815 		if (!new)
1816 			return -ENOMEM;
1817 		skb_put_data(new, ies->ies[idx], ies->len[idx]);
1818 		skb_put_data(new, ies->common_ies, ies->common_ie_len);
1819 		skb_queue_tail(list, new);
1820 		(*bands)++;
1821 	}
1822 
1823 	return 0;
1824 }
1825 
1826 static int _rtw_hw_scan_update_probe_req(struct rtw_dev *rtwdev, u8 num_probes,
1827 					 struct sk_buff_head *probe_req_list)
1828 {
1829 	struct rtw_chip_info *chip = rtwdev->chip;
1830 	struct sk_buff *skb, *tmp;
1831 	u8 page_offset = 1, *buf, page_size = chip->page_size;
1832 	u8 pages = page_offset + num_probes * RTW_PROBE_PG_CNT;
1833 	u16 pg_addr = rtwdev->fifo.rsvd_h2c_info_addr, loc;
1834 	u16 buf_offset = page_size * page_offset;
1835 	u8 tx_desc_sz = chip->tx_pkt_desc_sz;
1836 	unsigned int pkt_len;
1837 	int ret;
1838 
1839 	buf = kzalloc(page_size * pages, GFP_KERNEL);
1840 	if (!buf)
1841 		return -ENOMEM;
1842 
1843 	buf_offset -= tx_desc_sz;
1844 	skb_queue_walk_safe(probe_req_list, skb, tmp) {
1845 		skb_unlink(skb, probe_req_list);
1846 		rtw_fill_rsvd_page_desc(rtwdev, skb, RSVD_PROBE_REQ);
1847 		if (skb->len > page_size * RTW_PROBE_PG_CNT) {
1848 			ret = -EINVAL;
1849 			goto out;
1850 		}
1851 
1852 		memcpy(buf + buf_offset, skb->data, skb->len);
1853 		pkt_len = skb->len - tx_desc_sz;
1854 		loc = pg_addr - rtwdev->fifo.rsvd_boundary + page_offset;
1855 		__rtw_fw_update_pkt(rtwdev, RTW_PACKET_PROBE_REQ, pkt_len, loc);
1856 
1857 		buf_offset += RTW_PROBE_PG_CNT * page_size;
1858 		page_offset += RTW_PROBE_PG_CNT;
1859 		kfree_skb(skb);
1860 	}
1861 
1862 	ret = rtw_fw_write_data_rsvd_page(rtwdev, pg_addr, buf, buf_offset);
1863 	if (ret) {
1864 		rtw_err(rtwdev, "Download probe request to firmware failed\n");
1865 		goto out;
1866 	}
1867 
1868 	rtwdev->scan_info.probe_pg_size = page_offset;
1869 out:
1870 	kfree(buf);
1871 	skb_queue_walk_safe(probe_req_list, skb, tmp)
1872 		kfree_skb(skb);
1873 
1874 	return ret;
1875 }
1876 
1877 static int rtw_hw_scan_update_probe_req(struct rtw_dev *rtwdev,
1878 					struct rtw_vif *rtwvif)
1879 {
1880 	struct cfg80211_scan_request *req = rtwvif->scan_req;
1881 	struct sk_buff_head list;
1882 	struct sk_buff *skb, *tmp;
1883 	u8 num = req->n_ssids, i, bands = 0;
1884 	int ret;
1885 
1886 	skb_queue_head_init(&list);
1887 	for (i = 0; i < num; i++) {
1888 		skb = ieee80211_probereq_get(rtwdev->hw, rtwvif->mac_addr,
1889 					     req->ssids[i].ssid,
1890 					     req->ssids[i].ssid_len,
1891 					     req->ie_len);
1892 		if (!skb) {
1893 			ret = -ENOMEM;
1894 			goto out;
1895 		}
1896 		ret = rtw_append_probe_req_ie(rtwdev, skb, &list, &bands,
1897 					      rtwvif);
1898 		if (ret)
1899 			goto out;
1900 
1901 		kfree_skb(skb);
1902 	}
1903 
1904 	return _rtw_hw_scan_update_probe_req(rtwdev, num * bands, &list);
1905 
1906 out:
1907 	skb_queue_walk_safe(&list, skb, tmp)
1908 		kfree_skb(skb);
1909 
1910 	return ret;
1911 }
1912 
1913 static int rtw_add_chan_info(struct rtw_dev *rtwdev, struct rtw_chan_info *info,
1914 			     struct rtw_chan_list *list, u8 *buf)
1915 {
1916 	u8 *chan = &buf[list->size];
1917 	u8 info_size = RTW_CH_INFO_SIZE;
1918 
1919 	if (list->size > list->buf_size)
1920 		return -ENOMEM;
1921 
1922 	CH_INFO_SET_CH(chan, info->channel);
1923 	CH_INFO_SET_PRI_CH_IDX(chan, info->pri_ch_idx);
1924 	CH_INFO_SET_BW(chan, info->bw);
1925 	CH_INFO_SET_TIMEOUT(chan, info->timeout);
1926 	CH_INFO_SET_ACTION_ID(chan, info->action_id);
1927 	CH_INFO_SET_EXTRA_INFO(chan, info->extra_info);
1928 	if (info->extra_info) {
1929 		EXTRA_CH_INFO_SET_ID(chan, RTW_SCAN_EXTRA_ID_DFS);
1930 		EXTRA_CH_INFO_SET_INFO(chan, RTW_SCAN_EXTRA_ACTION_SCAN);
1931 		EXTRA_CH_INFO_SET_SIZE(chan, RTW_EX_CH_INFO_SIZE -
1932 				       RTW_EX_CH_INFO_HDR_SIZE);
1933 		EXTRA_CH_INFO_SET_DFS_EXT_TIME(chan, RTW_DFS_CHAN_TIME);
1934 		info_size += RTW_EX_CH_INFO_SIZE;
1935 	}
1936 	list->size += info_size;
1937 	list->ch_num++;
1938 
1939 	return 0;
1940 }
1941 
1942 static int rtw_add_chan_list(struct rtw_dev *rtwdev, struct rtw_vif *rtwvif,
1943 			     struct rtw_chan_list *list, u8 *buf)
1944 {
1945 	struct cfg80211_scan_request *req = rtwvif->scan_req;
1946 	struct rtw_fifo_conf *fifo = &rtwdev->fifo;
1947 	struct ieee80211_channel *channel;
1948 	int i, ret = 0;
1949 
1950 	for (i = 0; i < req->n_channels; i++) {
1951 		struct rtw_chan_info ch_info = {0};
1952 
1953 		channel = req->channels[i];
1954 		ch_info.channel = channel->hw_value;
1955 		ch_info.bw = RTW_SCAN_WIDTH;
1956 		ch_info.pri_ch_idx = RTW_PRI_CH_IDX;
1957 		ch_info.timeout = req->duration_mandatory ?
1958 				  req->duration : RTW_CHANNEL_TIME;
1959 
1960 		if (channel->flags & (IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR)) {
1961 			ch_info.action_id = RTW_CHANNEL_RADAR;
1962 			ch_info.extra_info = 1;
1963 			/* Overwrite duration for passive scans if necessary */
1964 			ch_info.timeout = ch_info.timeout > RTW_PASS_CHAN_TIME ?
1965 					  ch_info.timeout : RTW_PASS_CHAN_TIME;
1966 		} else {
1967 			ch_info.action_id = RTW_CHANNEL_ACTIVE;
1968 		}
1969 
1970 		ret = rtw_add_chan_info(rtwdev, &ch_info, list, buf);
1971 		if (ret)
1972 			return ret;
1973 	}
1974 
1975 	if (list->size > fifo->rsvd_pg_num << TX_PAGE_SIZE_SHIFT) {
1976 		rtw_err(rtwdev, "List exceeds rsvd page total size\n");
1977 		return -EINVAL;
1978 	}
1979 
1980 	list->addr = fifo->rsvd_h2c_info_addr + rtwdev->scan_info.probe_pg_size;
1981 	ret = rtw_fw_write_data_rsvd_page(rtwdev, list->addr, buf, list->size);
1982 	if (ret)
1983 		rtw_err(rtwdev, "Download channel list failed\n");
1984 
1985 	return ret;
1986 }
1987 
1988 static void rtw_fw_set_scan_offload(struct rtw_dev *rtwdev,
1989 				    struct rtw_ch_switch_option *opt,
1990 				    struct rtw_vif *rtwvif,
1991 				    struct rtw_chan_list *list)
1992 {
1993 	struct rtw_hw_scan_info *scan_info = &rtwdev->scan_info;
1994 	struct cfg80211_scan_request *req = rtwvif->scan_req;
1995 	struct rtw_fifo_conf *fifo = &rtwdev->fifo;
1996 	/* reserve one dummy page at the beginning for tx descriptor */
1997 	u8 pkt_loc = fifo->rsvd_h2c_info_addr - fifo->rsvd_boundary + 1;
1998 	bool random_seq = req->flags & NL80211_SCAN_FLAG_RANDOM_SN;
1999 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
2000 
2001 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_SCAN_OFFLOAD);
2002 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, H2C_PKT_CH_SWITCH_LEN);
2003 
2004 	SCAN_OFFLOAD_SET_START(h2c_pkt, opt->switch_en);
2005 	SCAN_OFFLOAD_SET_BACK_OP_EN(h2c_pkt, opt->back_op_en);
2006 	SCAN_OFFLOAD_SET_RANDOM_SEQ_EN(h2c_pkt, random_seq);
2007 	SCAN_OFFLOAD_SET_NO_CCK_EN(h2c_pkt, req->no_cck);
2008 	SCAN_OFFLOAD_SET_CH_NUM(h2c_pkt, list->ch_num);
2009 	SCAN_OFFLOAD_SET_CH_INFO_SIZE(h2c_pkt, list->size);
2010 	SCAN_OFFLOAD_SET_CH_INFO_LOC(h2c_pkt, list->addr - fifo->rsvd_boundary);
2011 	SCAN_OFFLOAD_SET_OP_CH(h2c_pkt, scan_info->op_chan);
2012 	SCAN_OFFLOAD_SET_OP_PRI_CH_IDX(h2c_pkt, scan_info->op_pri_ch_idx);
2013 	SCAN_OFFLOAD_SET_OP_BW(h2c_pkt, scan_info->op_bw);
2014 	SCAN_OFFLOAD_SET_OP_PORT_ID(h2c_pkt, rtwvif->port);
2015 	SCAN_OFFLOAD_SET_OP_DWELL_TIME(h2c_pkt, req->duration_mandatory ?
2016 				       req->duration : RTW_CHANNEL_TIME);
2017 	SCAN_OFFLOAD_SET_OP_GAP_TIME(h2c_pkt, RTW_OFF_CHAN_TIME);
2018 	SCAN_OFFLOAD_SET_SSID_NUM(h2c_pkt, req->n_ssids);
2019 	SCAN_OFFLOAD_SET_PKT_LOC(h2c_pkt, pkt_loc);
2020 
2021 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
2022 }
2023 
2024 void rtw_hw_scan_start(struct rtw_dev *rtwdev, struct ieee80211_vif *vif,
2025 		       struct ieee80211_scan_request *scan_req)
2026 {
2027 	struct rtw_vif *rtwvif = (struct rtw_vif *)vif->drv_priv;
2028 	struct cfg80211_scan_request *req = &scan_req->req;
2029 	u8 mac_addr[ETH_ALEN];
2030 
2031 	rtwdev->scan_info.scanning_vif = vif;
2032 	rtwvif->scan_ies = &scan_req->ies;
2033 	rtwvif->scan_req = req;
2034 
2035 	ieee80211_stop_queues(rtwdev->hw);
2036 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
2037 		get_random_mask_addr(mac_addr, req->mac_addr,
2038 				     req->mac_addr_mask);
2039 	else
2040 		ether_addr_copy(mac_addr, vif->addr);
2041 
2042 	rtw_core_scan_start(rtwdev, rtwvif, mac_addr, true);
2043 
2044 	rtwdev->hal.rcr &= ~BIT_CBSSID_BCN;
2045 	rtw_write32(rtwdev, REG_RCR, rtwdev->hal.rcr);
2046 }
2047 
2048 void rtw_hw_scan_complete(struct rtw_dev *rtwdev, struct ieee80211_vif *vif,
2049 			  bool aborted)
2050 {
2051 	struct cfg80211_scan_info info = {
2052 		.aborted = aborted,
2053 	};
2054 	struct rtw_vif *rtwvif;
2055 
2056 	if (!vif)
2057 		return;
2058 
2059 	rtwdev->hal.rcr |= BIT_CBSSID_BCN;
2060 	rtw_write32(rtwdev, REG_RCR, rtwdev->hal.rcr);
2061 
2062 	rtw_core_scan_complete(rtwdev, vif, true);
2063 
2064 	ieee80211_wake_queues(rtwdev->hw);
2065 	ieee80211_scan_completed(rtwdev->hw, &info);
2066 
2067 	rtwvif = (struct rtw_vif *)vif->drv_priv;
2068 	rtwvif->scan_req = NULL;
2069 	rtwvif->scan_ies = NULL;
2070 	rtwdev->scan_info.scanning_vif = NULL;
2071 }
2072 
2073 static int rtw_hw_scan_prehandle(struct rtw_dev *rtwdev, struct rtw_vif *rtwvif,
2074 				 struct rtw_chan_list *list)
2075 {
2076 	struct cfg80211_scan_request *req = rtwvif->scan_req;
2077 	int size = req->n_channels * (RTW_CH_INFO_SIZE + RTW_EX_CH_INFO_SIZE);
2078 	u8 *buf;
2079 	int ret;
2080 
2081 	buf = kmalloc(size, GFP_KERNEL);
2082 	if (!buf)
2083 		return -ENOMEM;
2084 
2085 	ret = rtw_hw_scan_update_probe_req(rtwdev, rtwvif);
2086 	if (ret) {
2087 		rtw_err(rtwdev, "Update probe request failed\n");
2088 		goto out;
2089 	}
2090 
2091 	list->buf_size = size;
2092 	list->size = 0;
2093 	list->ch_num = 0;
2094 	ret = rtw_add_chan_list(rtwdev, rtwvif, list, buf);
2095 out:
2096 	kfree(buf);
2097 
2098 	return ret;
2099 }
2100 
2101 int rtw_hw_scan_offload(struct rtw_dev *rtwdev, struct ieee80211_vif *vif,
2102 			bool enable)
2103 {
2104 	struct rtw_vif *rtwvif = vif ? (struct rtw_vif *)vif->drv_priv : NULL;
2105 	struct rtw_ch_switch_option cs_option = {0};
2106 	struct rtw_chan_list chan_list = {0};
2107 	int ret = 0;
2108 
2109 	if (!rtwvif)
2110 		return -EINVAL;
2111 
2112 	cs_option.switch_en = enable;
2113 	cs_option.back_op_en = rtwvif->net_type == RTW_NET_MGD_LINKED;
2114 	if (enable) {
2115 		ret = rtw_hw_scan_prehandle(rtwdev, rtwvif, &chan_list);
2116 		if (ret)
2117 			goto out;
2118 	}
2119 	rtw_fw_set_scan_offload(rtwdev, &cs_option, rtwvif, &chan_list);
2120 out:
2121 	return ret;
2122 }
2123 
2124 void rtw_hw_scan_abort(struct rtw_dev *rtwdev, struct ieee80211_vif *vif)
2125 {
2126 	if (!rtw_fw_feature_check(&rtwdev->fw, FW_FEATURE_SCAN_OFFLOAD))
2127 		return;
2128 
2129 	rtw_hw_scan_offload(rtwdev, vif, false);
2130 	rtw_hw_scan_complete(rtwdev, vif, true);
2131 }
2132 
2133 void rtw_hw_scan_status_report(struct rtw_dev *rtwdev, struct sk_buff *skb)
2134 {
2135 	struct ieee80211_vif *vif = rtwdev->scan_info.scanning_vif;
2136 	struct rtw_c2h_cmd *c2h;
2137 	bool aborted;
2138 	u8 rc;
2139 
2140 	if (!test_bit(RTW_FLAG_SCANNING, rtwdev->flags))
2141 		return;
2142 
2143 	c2h = get_c2h_from_skb(skb);
2144 	rc = GET_SCAN_REPORT_RETURN_CODE(c2h->payload);
2145 	aborted = rc != RTW_SCAN_REPORT_SUCCESS;
2146 	rtw_hw_scan_complete(rtwdev, vif, aborted);
2147 
2148 	if (aborted)
2149 		rtw_dbg(rtwdev, RTW_DBG_HW_SCAN, "HW scan aborted with code: %d\n", rc);
2150 }
2151 
2152 void rtw_store_op_chan(struct rtw_dev *rtwdev)
2153 {
2154 	struct rtw_hw_scan_info *scan_info = &rtwdev->scan_info;
2155 	struct rtw_hal *hal = &rtwdev->hal;
2156 
2157 	scan_info->op_chan = hal->current_channel;
2158 	scan_info->op_bw = hal->current_band_width;
2159 	scan_info->op_pri_ch_idx = hal->current_primary_channel_index;
2160 }
2161 
2162 static bool rtw_is_op_chan(struct rtw_dev *rtwdev, u8 channel)
2163 {
2164 	struct rtw_hw_scan_info *scan_info = &rtwdev->scan_info;
2165 
2166 	return channel == scan_info->op_chan;
2167 }
2168 
2169 void rtw_hw_scan_chan_switch(struct rtw_dev *rtwdev, struct sk_buff *skb)
2170 {
2171 	struct rtw_hal *hal = &rtwdev->hal;
2172 	struct rtw_c2h_cmd *c2h;
2173 	enum rtw_scan_notify_id id;
2174 	u8 chan, status;
2175 
2176 	c2h = get_c2h_from_skb(skb);
2177 	chan = GET_CHAN_SWITCH_CENTRAL_CH(c2h->payload);
2178 	id = GET_CHAN_SWITCH_ID(c2h->payload);
2179 	status = GET_CHAN_SWITCH_STATUS(c2h->payload);
2180 
2181 	if (id == RTW_SCAN_NOTIFY_ID_POSTSWITCH) {
2182 		if (rtw_is_op_chan(rtwdev, chan))
2183 			ieee80211_wake_queues(rtwdev->hw);
2184 		hal->current_channel = chan;
2185 		hal->current_band_type = chan > 14 ? RTW_BAND_5G : RTW_BAND_2G;
2186 	} else if (id == RTW_SCAN_NOTIFY_ID_PRESWITCH) {
2187 		if (IS_CH_5G_BAND(chan)) {
2188 			rtw_coex_switchband_notify(rtwdev, COEX_SWITCH_TO_5G);
2189 		} else if (IS_CH_2G_BAND(chan)) {
2190 			u8 chan_type;
2191 
2192 			if (test_bit(RTW_FLAG_SCANNING, rtwdev->flags))
2193 				chan_type = COEX_SWITCH_TO_24G;
2194 			else
2195 				chan_type = COEX_SWITCH_TO_24G_NOFORSCAN;
2196 			rtw_coex_switchband_notify(rtwdev, chan_type);
2197 		}
2198 		if (rtw_is_op_chan(rtwdev, chan))
2199 			ieee80211_stop_queues(rtwdev->hw);
2200 	}
2201 
2202 	rtw_dbg(rtwdev, RTW_DBG_HW_SCAN,
2203 		"Chan switch: %x, id: %x, status: %x\n", chan, id, status);
2204 }
2205