xref: /openbmc/linux/drivers/net/wireless/realtek/rtw88/fw.c (revision 7994a4849c8b1501c2e5c21edd1085b16efb98fa)
1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
2 /* Copyright(c) 2018-2019  Realtek Corporation
3  */
4 
5 #include <linux/iopoll.h>
6 
7 #include "main.h"
8 #include "coex.h"
9 #include "fw.h"
10 #include "tx.h"
11 #include "reg.h"
12 #include "sec.h"
13 #include "debug.h"
14 #include "util.h"
15 #include "wow.h"
16 #include "ps.h"
17 #include "phy.h"
18 #include "mac.h"
19 
20 static void rtw_fw_c2h_cmd_handle_ext(struct rtw_dev *rtwdev,
21 				      struct sk_buff *skb)
22 {
23 	struct rtw_c2h_cmd *c2h;
24 	u8 sub_cmd_id;
25 
26 	c2h = get_c2h_from_skb(skb);
27 	sub_cmd_id = c2h->payload[0];
28 
29 	switch (sub_cmd_id) {
30 	case C2H_CCX_RPT:
31 		rtw_tx_report_handle(rtwdev, skb, C2H_CCX_RPT);
32 		break;
33 	case C2H_SCAN_STATUS_RPT:
34 		rtw_hw_scan_status_report(rtwdev, skb);
35 		break;
36 	case C2H_CHAN_SWITCH:
37 		rtw_hw_scan_chan_switch(rtwdev, skb);
38 		break;
39 	default:
40 		break;
41 	}
42 }
43 
44 static u16 get_max_amsdu_len(u32 bit_rate)
45 {
46 	/* lower than ofdm, do not aggregate */
47 	if (bit_rate < 550)
48 		return 1;
49 
50 	/* lower than 20M 2ss mcs8, make it small */
51 	if (bit_rate < 1800)
52 		return 1200;
53 
54 	/* lower than 40M 2ss mcs9, make it medium */
55 	if (bit_rate < 4000)
56 		return 2600;
57 
58 	/* not yet 80M 2ss mcs8/9, make it twice regular packet size */
59 	if (bit_rate < 7000)
60 		return 3500;
61 
62 	/* unlimited */
63 	return 0;
64 }
65 
66 struct rtw_fw_iter_ra_data {
67 	struct rtw_dev *rtwdev;
68 	u8 *payload;
69 };
70 
71 static void rtw_fw_ra_report_iter(void *data, struct ieee80211_sta *sta)
72 {
73 	struct rtw_fw_iter_ra_data *ra_data = data;
74 	struct rtw_sta_info *si = (struct rtw_sta_info *)sta->drv_priv;
75 	u8 mac_id, rate, sgi, bw;
76 	u8 mcs, nss;
77 	u32 bit_rate;
78 
79 	mac_id = GET_RA_REPORT_MACID(ra_data->payload);
80 	if (si->mac_id != mac_id)
81 		return;
82 
83 	si->ra_report.txrate.flags = 0;
84 
85 	rate = GET_RA_REPORT_RATE(ra_data->payload);
86 	sgi = GET_RA_REPORT_SGI(ra_data->payload);
87 	bw = GET_RA_REPORT_BW(ra_data->payload);
88 
89 	if (rate < DESC_RATEMCS0) {
90 		si->ra_report.txrate.legacy = rtw_desc_to_bitrate(rate);
91 		goto legacy;
92 	}
93 
94 	rtw_desc_to_mcsrate(rate, &mcs, &nss);
95 	if (rate >= DESC_RATEVHT1SS_MCS0)
96 		si->ra_report.txrate.flags |= RATE_INFO_FLAGS_VHT_MCS;
97 	else if (rate >= DESC_RATEMCS0)
98 		si->ra_report.txrate.flags |= RATE_INFO_FLAGS_MCS;
99 
100 	if (rate >= DESC_RATEMCS0) {
101 		si->ra_report.txrate.mcs = mcs;
102 		si->ra_report.txrate.nss = nss;
103 	}
104 
105 	if (sgi)
106 		si->ra_report.txrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
107 
108 	if (bw == RTW_CHANNEL_WIDTH_80)
109 		si->ra_report.txrate.bw = RATE_INFO_BW_80;
110 	else if (bw == RTW_CHANNEL_WIDTH_40)
111 		si->ra_report.txrate.bw = RATE_INFO_BW_40;
112 	else
113 		si->ra_report.txrate.bw = RATE_INFO_BW_20;
114 
115 legacy:
116 	bit_rate = cfg80211_calculate_bitrate(&si->ra_report.txrate);
117 
118 	si->ra_report.desc_rate = rate;
119 	si->ra_report.bit_rate = bit_rate;
120 
121 	sta->deflink.agg.max_rc_amsdu_len = get_max_amsdu_len(bit_rate);
122 }
123 
124 static void rtw_fw_ra_report_handle(struct rtw_dev *rtwdev, u8 *payload,
125 				    u8 length)
126 {
127 	struct rtw_fw_iter_ra_data ra_data;
128 
129 	if (WARN(length < 7, "invalid ra report c2h length\n"))
130 		return;
131 
132 	rtwdev->dm_info.tx_rate = GET_RA_REPORT_RATE(payload);
133 	ra_data.rtwdev = rtwdev;
134 	ra_data.payload = payload;
135 	rtw_iterate_stas_atomic(rtwdev, rtw_fw_ra_report_iter, &ra_data);
136 }
137 
138 struct rtw_beacon_filter_iter_data {
139 	struct rtw_dev *rtwdev;
140 	u8 *payload;
141 };
142 
143 static void rtw_fw_bcn_filter_notify_vif_iter(void *data,
144 					      struct ieee80211_vif *vif)
145 {
146 	struct rtw_beacon_filter_iter_data *iter_data = data;
147 	struct rtw_dev *rtwdev = iter_data->rtwdev;
148 	u8 *payload = iter_data->payload;
149 	u8 type = GET_BCN_FILTER_NOTIFY_TYPE(payload);
150 	u8 event = GET_BCN_FILTER_NOTIFY_EVENT(payload);
151 	s8 sig = (s8)GET_BCN_FILTER_NOTIFY_RSSI(payload);
152 
153 	switch (type) {
154 	case BCN_FILTER_NOTIFY_SIGNAL_CHANGE:
155 		event = event ? NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH :
156 			NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW;
157 		ieee80211_cqm_rssi_notify(vif, event, sig, GFP_KERNEL);
158 		break;
159 	case BCN_FILTER_CONNECTION_LOSS:
160 		ieee80211_connection_loss(vif);
161 		break;
162 	case BCN_FILTER_CONNECTED:
163 		rtwdev->beacon_loss = false;
164 		break;
165 	case BCN_FILTER_NOTIFY_BEACON_LOSS:
166 		rtwdev->beacon_loss = true;
167 		rtw_leave_lps(rtwdev);
168 		break;
169 	}
170 }
171 
172 static void rtw_fw_bcn_filter_notify(struct rtw_dev *rtwdev, u8 *payload,
173 				     u8 length)
174 {
175 	struct rtw_beacon_filter_iter_data dev_iter_data;
176 
177 	dev_iter_data.rtwdev = rtwdev;
178 	dev_iter_data.payload = payload;
179 	rtw_iterate_vifs(rtwdev, rtw_fw_bcn_filter_notify_vif_iter,
180 			 &dev_iter_data);
181 }
182 
183 static void rtw_fw_scan_result(struct rtw_dev *rtwdev, u8 *payload,
184 			       u8 length)
185 {
186 	struct rtw_dm_info *dm_info = &rtwdev->dm_info;
187 
188 	dm_info->scan_density = payload[0];
189 
190 	rtw_dbg(rtwdev, RTW_DBG_FW, "scan.density = %x\n",
191 		dm_info->scan_density);
192 }
193 
194 static void rtw_fw_adaptivity_result(struct rtw_dev *rtwdev, u8 *payload,
195 				     u8 length)
196 {
197 	struct rtw_hw_reg_offset *edcca_th = rtwdev->chip->edcca_th;
198 	struct rtw_c2h_adaptivity *result = (struct rtw_c2h_adaptivity *)payload;
199 
200 	rtw_dbg(rtwdev, RTW_DBG_ADAPTIVITY,
201 		"Adaptivity: density %x igi %x l2h_th_init %x l2h %x h2l %x option %x\n",
202 		result->density, result->igi, result->l2h_th_init, result->l2h,
203 		result->h2l, result->option);
204 
205 	rtw_dbg(rtwdev, RTW_DBG_ADAPTIVITY, "Reg Setting: L2H %x H2L %x\n",
206 		rtw_read32_mask(rtwdev, edcca_th[EDCCA_TH_L2H_IDX].hw_reg.addr,
207 				edcca_th[EDCCA_TH_L2H_IDX].hw_reg.mask),
208 		rtw_read32_mask(rtwdev, edcca_th[EDCCA_TH_H2L_IDX].hw_reg.addr,
209 				edcca_th[EDCCA_TH_H2L_IDX].hw_reg.mask));
210 
211 	rtw_dbg(rtwdev, RTW_DBG_ADAPTIVITY, "EDCCA Flag %s\n",
212 		rtw_read32_mask(rtwdev, REG_EDCCA_REPORT, BIT_EDCCA_FLAG) ?
213 		"Set" : "Unset");
214 }
215 
216 void rtw_fw_c2h_cmd_handle(struct rtw_dev *rtwdev, struct sk_buff *skb)
217 {
218 	struct rtw_c2h_cmd *c2h;
219 	u32 pkt_offset;
220 	u8 len;
221 
222 	pkt_offset = *((u32 *)skb->cb);
223 	c2h = (struct rtw_c2h_cmd *)(skb->data + pkt_offset);
224 	len = skb->len - pkt_offset - 2;
225 
226 	mutex_lock(&rtwdev->mutex);
227 
228 	if (!test_bit(RTW_FLAG_RUNNING, rtwdev->flags))
229 		goto unlock;
230 
231 	switch (c2h->id) {
232 	case C2H_CCX_TX_RPT:
233 		rtw_tx_report_handle(rtwdev, skb, C2H_CCX_TX_RPT);
234 		break;
235 	case C2H_BT_INFO:
236 		rtw_coex_bt_info_notify(rtwdev, c2h->payload, len);
237 		break;
238 	case C2H_BT_HID_INFO:
239 		rtw_coex_bt_hid_info_notify(rtwdev, c2h->payload, len);
240 		break;
241 	case C2H_WLAN_INFO:
242 		rtw_coex_wl_fwdbginfo_notify(rtwdev, c2h->payload, len);
243 		break;
244 	case C2H_BCN_FILTER_NOTIFY:
245 		rtw_fw_bcn_filter_notify(rtwdev, c2h->payload, len);
246 		break;
247 	case C2H_HALMAC:
248 		rtw_fw_c2h_cmd_handle_ext(rtwdev, skb);
249 		break;
250 	case C2H_RA_RPT:
251 		rtw_fw_ra_report_handle(rtwdev, c2h->payload, len);
252 		break;
253 	default:
254 		rtw_dbg(rtwdev, RTW_DBG_FW, "C2H 0x%x isn't handled\n", c2h->id);
255 		break;
256 	}
257 
258 unlock:
259 	mutex_unlock(&rtwdev->mutex);
260 }
261 
262 void rtw_fw_c2h_cmd_rx_irqsafe(struct rtw_dev *rtwdev, u32 pkt_offset,
263 			       struct sk_buff *skb)
264 {
265 	struct rtw_c2h_cmd *c2h;
266 	u8 len;
267 
268 	c2h = (struct rtw_c2h_cmd *)(skb->data + pkt_offset);
269 	len = skb->len - pkt_offset - 2;
270 	*((u32 *)skb->cb) = pkt_offset;
271 
272 	rtw_dbg(rtwdev, RTW_DBG_FW, "recv C2H, id=0x%02x, seq=0x%02x, len=%d\n",
273 		c2h->id, c2h->seq, len);
274 
275 	switch (c2h->id) {
276 	case C2H_BT_MP_INFO:
277 		rtw_coex_info_response(rtwdev, skb);
278 		break;
279 	case C2H_WLAN_RFON:
280 		complete(&rtwdev->lps_leave_check);
281 		dev_kfree_skb_any(skb);
282 		break;
283 	case C2H_SCAN_RESULT:
284 		complete(&rtwdev->fw_scan_density);
285 		rtw_fw_scan_result(rtwdev, c2h->payload, len);
286 		dev_kfree_skb_any(skb);
287 		break;
288 	case C2H_ADAPTIVITY:
289 		rtw_fw_adaptivity_result(rtwdev, c2h->payload, len);
290 		dev_kfree_skb_any(skb);
291 		break;
292 	default:
293 		/* pass offset for further operation */
294 		*((u32 *)skb->cb) = pkt_offset;
295 		skb_queue_tail(&rtwdev->c2h_queue, skb);
296 		ieee80211_queue_work(rtwdev->hw, &rtwdev->c2h_work);
297 		break;
298 	}
299 }
300 EXPORT_SYMBOL(rtw_fw_c2h_cmd_rx_irqsafe);
301 
302 void rtw_fw_c2h_cmd_isr(struct rtw_dev *rtwdev)
303 {
304 	if (rtw_read8(rtwdev, REG_MCU_TST_CFG) == VAL_FW_TRIGGER)
305 		rtw_fw_recovery(rtwdev);
306 	else
307 		rtw_warn(rtwdev, "unhandled firmware c2h interrupt\n");
308 }
309 EXPORT_SYMBOL(rtw_fw_c2h_cmd_isr);
310 
311 static void rtw_fw_send_h2c_command_register(struct rtw_dev *rtwdev,
312 					     struct rtw_h2c_register *h2c)
313 {
314 	u32 box_reg, box_ex_reg;
315 	u8 box_state, box;
316 	int ret;
317 
318 	rtw_dbg(rtwdev, RTW_DBG_FW, "send H2C content %08x %08x\n", h2c->w0,
319 		h2c->w1);
320 
321 	lockdep_assert_held(&rtwdev->mutex);
322 
323 	box = rtwdev->h2c.last_box_num;
324 	switch (box) {
325 	case 0:
326 		box_reg = REG_HMEBOX0;
327 		box_ex_reg = REG_HMEBOX0_EX;
328 		break;
329 	case 1:
330 		box_reg = REG_HMEBOX1;
331 		box_ex_reg = REG_HMEBOX1_EX;
332 		break;
333 	case 2:
334 		box_reg = REG_HMEBOX2;
335 		box_ex_reg = REG_HMEBOX2_EX;
336 		break;
337 	case 3:
338 		box_reg = REG_HMEBOX3;
339 		box_ex_reg = REG_HMEBOX3_EX;
340 		break;
341 	default:
342 		WARN(1, "invalid h2c mail box number\n");
343 		return;
344 	}
345 
346 	ret = read_poll_timeout_atomic(rtw_read8, box_state,
347 				       !((box_state >> box) & 0x1), 100, 3000,
348 				       false, rtwdev, REG_HMETFR);
349 
350 	if (ret) {
351 		rtw_err(rtwdev, "failed to send h2c command\n");
352 		return;
353 	}
354 
355 	rtw_write32(rtwdev, box_ex_reg, h2c->w1);
356 	rtw_write32(rtwdev, box_reg, h2c->w0);
357 
358 	if (++rtwdev->h2c.last_box_num >= 4)
359 		rtwdev->h2c.last_box_num = 0;
360 }
361 
362 static void rtw_fw_send_h2c_command(struct rtw_dev *rtwdev,
363 				    u8 *h2c)
364 {
365 	struct rtw_h2c_cmd *h2c_cmd = (struct rtw_h2c_cmd *)h2c;
366 	u8 box;
367 	u8 box_state;
368 	u32 box_reg, box_ex_reg;
369 	int ret;
370 
371 	rtw_dbg(rtwdev, RTW_DBG_FW,
372 		"send H2C content %02x%02x%02x%02x %02x%02x%02x%02x\n",
373 		h2c[3], h2c[2], h2c[1], h2c[0],
374 		h2c[7], h2c[6], h2c[5], h2c[4]);
375 
376 	lockdep_assert_held(&rtwdev->mutex);
377 
378 	box = rtwdev->h2c.last_box_num;
379 	switch (box) {
380 	case 0:
381 		box_reg = REG_HMEBOX0;
382 		box_ex_reg = REG_HMEBOX0_EX;
383 		break;
384 	case 1:
385 		box_reg = REG_HMEBOX1;
386 		box_ex_reg = REG_HMEBOX1_EX;
387 		break;
388 	case 2:
389 		box_reg = REG_HMEBOX2;
390 		box_ex_reg = REG_HMEBOX2_EX;
391 		break;
392 	case 3:
393 		box_reg = REG_HMEBOX3;
394 		box_ex_reg = REG_HMEBOX3_EX;
395 		break;
396 	default:
397 		WARN(1, "invalid h2c mail box number\n");
398 		return;
399 	}
400 
401 	ret = read_poll_timeout_atomic(rtw_read8, box_state,
402 				       !((box_state >> box) & 0x1), 100, 3000,
403 				       false, rtwdev, REG_HMETFR);
404 
405 	if (ret) {
406 		rtw_err(rtwdev, "failed to send h2c command\n");
407 		return;
408 	}
409 
410 	rtw_write32(rtwdev, box_ex_reg, le32_to_cpu(h2c_cmd->msg_ext));
411 	rtw_write32(rtwdev, box_reg, le32_to_cpu(h2c_cmd->msg));
412 
413 	if (++rtwdev->h2c.last_box_num >= 4)
414 		rtwdev->h2c.last_box_num = 0;
415 }
416 
417 void rtw_fw_h2c_cmd_dbg(struct rtw_dev *rtwdev, u8 *h2c)
418 {
419 	rtw_fw_send_h2c_command(rtwdev, h2c);
420 }
421 
422 static void rtw_fw_send_h2c_packet(struct rtw_dev *rtwdev, u8 *h2c_pkt)
423 {
424 	int ret;
425 
426 	lockdep_assert_held(&rtwdev->mutex);
427 
428 	FW_OFFLOAD_H2C_SET_SEQ_NUM(h2c_pkt, rtwdev->h2c.seq);
429 	ret = rtw_hci_write_data_h2c(rtwdev, h2c_pkt, H2C_PKT_SIZE);
430 	if (ret)
431 		rtw_err(rtwdev, "failed to send h2c packet\n");
432 	rtwdev->h2c.seq++;
433 }
434 
435 void
436 rtw_fw_send_general_info(struct rtw_dev *rtwdev)
437 {
438 	struct rtw_fifo_conf *fifo = &rtwdev->fifo;
439 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
440 	u16 total_size = H2C_PKT_HDR_SIZE + 4;
441 
442 	if (rtw_chip_wcpu_11n(rtwdev))
443 		return;
444 
445 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_GENERAL_INFO);
446 
447 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, total_size);
448 
449 	GENERAL_INFO_SET_FW_TX_BOUNDARY(h2c_pkt,
450 					fifo->rsvd_fw_txbuf_addr -
451 					fifo->rsvd_boundary);
452 
453 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
454 }
455 
456 void
457 rtw_fw_send_phydm_info(struct rtw_dev *rtwdev)
458 {
459 	struct rtw_hal *hal = &rtwdev->hal;
460 	struct rtw_efuse *efuse = &rtwdev->efuse;
461 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
462 	u16 total_size = H2C_PKT_HDR_SIZE + 8;
463 	u8 fw_rf_type = 0;
464 
465 	if (rtw_chip_wcpu_11n(rtwdev))
466 		return;
467 
468 	if (hal->rf_type == RF_1T1R)
469 		fw_rf_type = FW_RF_1T1R;
470 	else if (hal->rf_type == RF_2T2R)
471 		fw_rf_type = FW_RF_2T2R;
472 
473 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_PHYDM_INFO);
474 
475 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, total_size);
476 	PHYDM_INFO_SET_REF_TYPE(h2c_pkt, efuse->rfe_option);
477 	PHYDM_INFO_SET_RF_TYPE(h2c_pkt, fw_rf_type);
478 	PHYDM_INFO_SET_CUT_VER(h2c_pkt, hal->cut_version);
479 	PHYDM_INFO_SET_RX_ANT_STATUS(h2c_pkt, hal->antenna_tx);
480 	PHYDM_INFO_SET_TX_ANT_STATUS(h2c_pkt, hal->antenna_rx);
481 
482 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
483 }
484 
485 void rtw_fw_do_iqk(struct rtw_dev *rtwdev, struct rtw_iqk_para *para)
486 {
487 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
488 	u16 total_size = H2C_PKT_HDR_SIZE + 1;
489 
490 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_IQK);
491 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, total_size);
492 	IQK_SET_CLEAR(h2c_pkt, para->clear);
493 	IQK_SET_SEGMENT_IQK(h2c_pkt, para->segment_iqk);
494 
495 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
496 }
497 EXPORT_SYMBOL(rtw_fw_do_iqk);
498 
499 void rtw_fw_inform_rfk_status(struct rtw_dev *rtwdev, bool start)
500 {
501 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
502 
503 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_WIFI_CALIBRATION);
504 
505 	RFK_SET_INFORM_START(h2c_pkt, start);
506 
507 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
508 }
509 EXPORT_SYMBOL(rtw_fw_inform_rfk_status);
510 
511 void rtw_fw_query_bt_info(struct rtw_dev *rtwdev)
512 {
513 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
514 
515 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_QUERY_BT_INFO);
516 
517 	SET_QUERY_BT_INFO(h2c_pkt, true);
518 
519 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
520 }
521 
522 void rtw_fw_default_port(struct rtw_dev *rtwdev, struct rtw_vif *rtwvif)
523 {
524 	struct rtw_h2c_register h2c = {};
525 
526 	if (rtwvif->net_type != RTW_NET_MGD_LINKED)
527 		return;
528 
529 	/* Leave LPS before default port H2C so FW timer is correct */
530 	rtw_leave_lps(rtwdev);
531 
532 	h2c.w0 = u32_encode_bits(H2C_CMD_DEFAULT_PORT, RTW_H2C_W0_CMDID) |
533 		 u32_encode_bits(rtwvif->port, RTW_H2C_DEFAULT_PORT_W0_PORTID) |
534 		 u32_encode_bits(rtwvif->mac_id, RTW_H2C_DEFAULT_PORT_W0_MACID);
535 
536 	rtw_fw_send_h2c_command_register(rtwdev, &h2c);
537 }
538 
539 void rtw_fw_wl_ch_info(struct rtw_dev *rtwdev, u8 link, u8 ch, u8 bw)
540 {
541 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
542 
543 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_WL_CH_INFO);
544 
545 	SET_WL_CH_INFO_LINK(h2c_pkt, link);
546 	SET_WL_CH_INFO_CHNL(h2c_pkt, ch);
547 	SET_WL_CH_INFO_BW(h2c_pkt, bw);
548 
549 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
550 }
551 
552 void rtw_fw_query_bt_mp_info(struct rtw_dev *rtwdev,
553 			     struct rtw_coex_info_req *req)
554 {
555 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
556 
557 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_QUERY_BT_MP_INFO);
558 
559 	SET_BT_MP_INFO_SEQ(h2c_pkt, req->seq);
560 	SET_BT_MP_INFO_OP_CODE(h2c_pkt, req->op_code);
561 	SET_BT_MP_INFO_PARA1(h2c_pkt, req->para1);
562 	SET_BT_MP_INFO_PARA2(h2c_pkt, req->para2);
563 	SET_BT_MP_INFO_PARA3(h2c_pkt, req->para3);
564 
565 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
566 }
567 
568 void rtw_fw_force_bt_tx_power(struct rtw_dev *rtwdev, u8 bt_pwr_dec_lvl)
569 {
570 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
571 	u8 index = 0 - bt_pwr_dec_lvl;
572 
573 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_FORCE_BT_TX_POWER);
574 
575 	SET_BT_TX_POWER_INDEX(h2c_pkt, index);
576 
577 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
578 }
579 
580 void rtw_fw_bt_ignore_wlan_action(struct rtw_dev *rtwdev, bool enable)
581 {
582 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
583 
584 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_IGNORE_WLAN_ACTION);
585 
586 	SET_IGNORE_WLAN_ACTION_EN(h2c_pkt, enable);
587 
588 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
589 }
590 
591 void rtw_fw_coex_tdma_type(struct rtw_dev *rtwdev,
592 			   u8 para1, u8 para2, u8 para3, u8 para4, u8 para5)
593 {
594 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
595 
596 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_COEX_TDMA_TYPE);
597 
598 	SET_COEX_TDMA_TYPE_PARA1(h2c_pkt, para1);
599 	SET_COEX_TDMA_TYPE_PARA2(h2c_pkt, para2);
600 	SET_COEX_TDMA_TYPE_PARA3(h2c_pkt, para3);
601 	SET_COEX_TDMA_TYPE_PARA4(h2c_pkt, para4);
602 	SET_COEX_TDMA_TYPE_PARA5(h2c_pkt, para5);
603 
604 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
605 }
606 
607 void rtw_fw_coex_query_hid_info(struct rtw_dev *rtwdev, u8 sub_id, u8 data)
608 {
609 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
610 
611 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_QUERY_BT_HID_INFO);
612 
613 	SET_COEX_QUERY_HID_INFO_SUBID(h2c_pkt, sub_id);
614 	SET_COEX_QUERY_HID_INFO_DATA1(h2c_pkt, data);
615 
616 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
617 }
618 
619 void rtw_fw_bt_wifi_control(struct rtw_dev *rtwdev, u8 op_code, u8 *data)
620 {
621 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
622 
623 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_BT_WIFI_CONTROL);
624 
625 	SET_BT_WIFI_CONTROL_OP_CODE(h2c_pkt, op_code);
626 
627 	SET_BT_WIFI_CONTROL_DATA1(h2c_pkt, *data);
628 	SET_BT_WIFI_CONTROL_DATA2(h2c_pkt, *(data + 1));
629 	SET_BT_WIFI_CONTROL_DATA3(h2c_pkt, *(data + 2));
630 	SET_BT_WIFI_CONTROL_DATA4(h2c_pkt, *(data + 3));
631 	SET_BT_WIFI_CONTROL_DATA5(h2c_pkt, *(data + 4));
632 
633 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
634 }
635 
636 void rtw_fw_send_rssi_info(struct rtw_dev *rtwdev, struct rtw_sta_info *si)
637 {
638 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
639 	u8 rssi = ewma_rssi_read(&si->avg_rssi);
640 	bool stbc_en = si->stbc_en ? true : false;
641 
642 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_RSSI_MONITOR);
643 
644 	SET_RSSI_INFO_MACID(h2c_pkt, si->mac_id);
645 	SET_RSSI_INFO_RSSI(h2c_pkt, rssi);
646 	SET_RSSI_INFO_STBC(h2c_pkt, stbc_en);
647 
648 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
649 }
650 
651 void rtw_fw_send_ra_info(struct rtw_dev *rtwdev, struct rtw_sta_info *si,
652 			 bool reset_ra_mask)
653 {
654 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
655 	bool disable_pt = true;
656 
657 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_RA_INFO);
658 
659 	SET_RA_INFO_MACID(h2c_pkt, si->mac_id);
660 	SET_RA_INFO_RATE_ID(h2c_pkt, si->rate_id);
661 	SET_RA_INFO_INIT_RA_LVL(h2c_pkt, si->init_ra_lv);
662 	SET_RA_INFO_SGI_EN(h2c_pkt, si->sgi_enable);
663 	SET_RA_INFO_BW_MODE(h2c_pkt, si->bw_mode);
664 	SET_RA_INFO_LDPC(h2c_pkt, !!si->ldpc_en);
665 	SET_RA_INFO_NO_UPDATE(h2c_pkt, !reset_ra_mask);
666 	SET_RA_INFO_VHT_EN(h2c_pkt, si->vht_enable);
667 	SET_RA_INFO_DIS_PT(h2c_pkt, disable_pt);
668 	SET_RA_INFO_RA_MASK0(h2c_pkt, (si->ra_mask & 0xff));
669 	SET_RA_INFO_RA_MASK1(h2c_pkt, (si->ra_mask & 0xff00) >> 8);
670 	SET_RA_INFO_RA_MASK2(h2c_pkt, (si->ra_mask & 0xff0000) >> 16);
671 	SET_RA_INFO_RA_MASK3(h2c_pkt, (si->ra_mask & 0xff000000) >> 24);
672 
673 	si->init_ra_lv = 0;
674 
675 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
676 }
677 
678 void rtw_fw_media_status_report(struct rtw_dev *rtwdev, u8 mac_id, bool connect)
679 {
680 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
681 
682 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_MEDIA_STATUS_RPT);
683 	MEDIA_STATUS_RPT_SET_OP_MODE(h2c_pkt, connect);
684 	MEDIA_STATUS_RPT_SET_MACID(h2c_pkt, mac_id);
685 
686 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
687 }
688 
689 void rtw_fw_update_wl_phy_info(struct rtw_dev *rtwdev)
690 {
691 	struct rtw_traffic_stats *stats = &rtwdev->stats;
692 	struct rtw_dm_info *dm_info = &rtwdev->dm_info;
693 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
694 
695 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_WL_PHY_INFO);
696 	SET_WL_PHY_INFO_TX_TP(h2c_pkt, stats->tx_throughput);
697 	SET_WL_PHY_INFO_RX_TP(h2c_pkt, stats->rx_throughput);
698 	SET_WL_PHY_INFO_TX_RATE_DESC(h2c_pkt, dm_info->tx_rate);
699 	SET_WL_PHY_INFO_RX_RATE_DESC(h2c_pkt, dm_info->curr_rx_rate);
700 	SET_WL_PHY_INFO_RX_EVM(h2c_pkt, dm_info->rx_evm_dbm[RF_PATH_A]);
701 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
702 }
703 
704 void rtw_fw_beacon_filter_config(struct rtw_dev *rtwdev, bool connect,
705 				 struct ieee80211_vif *vif)
706 {
707 	struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
708 	struct ieee80211_sta *sta = ieee80211_find_sta(vif, bss_conf->bssid);
709 	static const u8 rssi_min = 0, rssi_max = 100, rssi_offset = 100;
710 	struct rtw_sta_info *si =
711 		sta ? (struct rtw_sta_info *)sta->drv_priv : NULL;
712 	s32 threshold = bss_conf->cqm_rssi_thold + rssi_offset;
713 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
714 
715 	if (!rtw_fw_feature_check(&rtwdev->fw, FW_FEATURE_BCN_FILTER))
716 		return;
717 
718 	if (!connect) {
719 		SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_BCN_FILTER_OFFLOAD_P1);
720 		SET_BCN_FILTER_OFFLOAD_P1_ENABLE(h2c_pkt, connect);
721 		rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
722 
723 		return;
724 	}
725 
726 	if (!si)
727 		return;
728 
729 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_BCN_FILTER_OFFLOAD_P0);
730 	ether_addr_copy(&h2c_pkt[1], bss_conf->bssid);
731 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
732 
733 	memset(h2c_pkt, 0, sizeof(h2c_pkt));
734 	threshold = clamp_t(s32, threshold, rssi_min, rssi_max);
735 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_BCN_FILTER_OFFLOAD_P1);
736 	SET_BCN_FILTER_OFFLOAD_P1_ENABLE(h2c_pkt, connect);
737 	SET_BCN_FILTER_OFFLOAD_P1_OFFLOAD_MODE(h2c_pkt,
738 					       BCN_FILTER_OFFLOAD_MODE_DEFAULT);
739 	SET_BCN_FILTER_OFFLOAD_P1_THRESHOLD(h2c_pkt, (u8)threshold);
740 	SET_BCN_FILTER_OFFLOAD_P1_BCN_LOSS_CNT(h2c_pkt, BCN_LOSS_CNT);
741 	SET_BCN_FILTER_OFFLOAD_P1_MACID(h2c_pkt, si->mac_id);
742 	SET_BCN_FILTER_OFFLOAD_P1_HYST(h2c_pkt, bss_conf->cqm_rssi_hyst);
743 	SET_BCN_FILTER_OFFLOAD_P1_BCN_INTERVAL(h2c_pkt, bss_conf->beacon_int);
744 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
745 }
746 
747 void rtw_fw_set_pwr_mode(struct rtw_dev *rtwdev)
748 {
749 	struct rtw_lps_conf *conf = &rtwdev->lps_conf;
750 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
751 
752 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_SET_PWR_MODE);
753 
754 	SET_PWR_MODE_SET_MODE(h2c_pkt, conf->mode);
755 	SET_PWR_MODE_SET_RLBM(h2c_pkt, conf->rlbm);
756 	SET_PWR_MODE_SET_SMART_PS(h2c_pkt, conf->smart_ps);
757 	SET_PWR_MODE_SET_AWAKE_INTERVAL(h2c_pkt, conf->awake_interval);
758 	SET_PWR_MODE_SET_PORT_ID(h2c_pkt, conf->port_id);
759 	SET_PWR_MODE_SET_PWR_STATE(h2c_pkt, conf->state);
760 
761 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
762 }
763 
764 void rtw_fw_set_keep_alive_cmd(struct rtw_dev *rtwdev, bool enable)
765 {
766 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
767 	struct rtw_fw_wow_keep_alive_para mode = {
768 		.adopt = true,
769 		.pkt_type = KEEP_ALIVE_NULL_PKT,
770 		.period = 5,
771 	};
772 
773 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_KEEP_ALIVE);
774 	SET_KEEP_ALIVE_ENABLE(h2c_pkt, enable);
775 	SET_KEEP_ALIVE_ADOPT(h2c_pkt, mode.adopt);
776 	SET_KEEP_ALIVE_PKT_TYPE(h2c_pkt, mode.pkt_type);
777 	SET_KEEP_ALIVE_CHECK_PERIOD(h2c_pkt, mode.period);
778 
779 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
780 }
781 
782 void rtw_fw_set_disconnect_decision_cmd(struct rtw_dev *rtwdev, bool enable)
783 {
784 	struct rtw_wow_param *rtw_wow = &rtwdev->wow;
785 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
786 	struct rtw_fw_wow_disconnect_para mode = {
787 		.adopt = true,
788 		.period = 30,
789 		.retry_count = 5,
790 	};
791 
792 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_DISCONNECT_DECISION);
793 
794 	if (test_bit(RTW_WOW_FLAG_EN_DISCONNECT, rtw_wow->flags)) {
795 		SET_DISCONNECT_DECISION_ENABLE(h2c_pkt, enable);
796 		SET_DISCONNECT_DECISION_ADOPT(h2c_pkt, mode.adopt);
797 		SET_DISCONNECT_DECISION_CHECK_PERIOD(h2c_pkt, mode.period);
798 		SET_DISCONNECT_DECISION_TRY_PKT_NUM(h2c_pkt, mode.retry_count);
799 	}
800 
801 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
802 }
803 
804 void rtw_fw_set_wowlan_ctrl_cmd(struct rtw_dev *rtwdev, bool enable)
805 {
806 	struct rtw_wow_param *rtw_wow = &rtwdev->wow;
807 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
808 
809 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_WOWLAN);
810 
811 	SET_WOWLAN_FUNC_ENABLE(h2c_pkt, enable);
812 	if (rtw_wow_mgd_linked(rtwdev)) {
813 		if (test_bit(RTW_WOW_FLAG_EN_MAGIC_PKT, rtw_wow->flags))
814 			SET_WOWLAN_MAGIC_PKT_ENABLE(h2c_pkt, enable);
815 		if (test_bit(RTW_WOW_FLAG_EN_DISCONNECT, rtw_wow->flags))
816 			SET_WOWLAN_DEAUTH_WAKEUP_ENABLE(h2c_pkt, enable);
817 		if (test_bit(RTW_WOW_FLAG_EN_REKEY_PKT, rtw_wow->flags))
818 			SET_WOWLAN_REKEY_WAKEUP_ENABLE(h2c_pkt, enable);
819 		if (rtw_wow->pattern_cnt)
820 			SET_WOWLAN_PATTERN_MATCH_ENABLE(h2c_pkt, enable);
821 	}
822 
823 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
824 }
825 
826 void rtw_fw_set_aoac_global_info_cmd(struct rtw_dev *rtwdev,
827 				     u8 pairwise_key_enc,
828 				     u8 group_key_enc)
829 {
830 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
831 
832 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_AOAC_GLOBAL_INFO);
833 
834 	SET_AOAC_GLOBAL_INFO_PAIRWISE_ENC_ALG(h2c_pkt, pairwise_key_enc);
835 	SET_AOAC_GLOBAL_INFO_GROUP_ENC_ALG(h2c_pkt, group_key_enc);
836 
837 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
838 }
839 
840 void rtw_fw_set_remote_wake_ctrl_cmd(struct rtw_dev *rtwdev, bool enable)
841 {
842 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
843 
844 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_REMOTE_WAKE_CTRL);
845 
846 	SET_REMOTE_WAKECTRL_ENABLE(h2c_pkt, enable);
847 
848 	if (rtw_wow_no_link(rtwdev))
849 		SET_REMOTE_WAKE_CTRL_NLO_OFFLOAD_EN(h2c_pkt, enable);
850 
851 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
852 }
853 
854 static u8 rtw_get_rsvd_page_location(struct rtw_dev *rtwdev,
855 				     enum rtw_rsvd_packet_type type)
856 {
857 	struct rtw_rsvd_page *rsvd_pkt;
858 	u8 location = 0;
859 
860 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
861 		if (type == rsvd_pkt->type)
862 			location = rsvd_pkt->page;
863 	}
864 
865 	return location;
866 }
867 
868 void rtw_fw_set_nlo_info(struct rtw_dev *rtwdev, bool enable)
869 {
870 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
871 	u8 loc_nlo;
872 
873 	loc_nlo = rtw_get_rsvd_page_location(rtwdev, RSVD_NLO_INFO);
874 
875 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_NLO_INFO);
876 
877 	SET_NLO_FUN_EN(h2c_pkt, enable);
878 	if (enable) {
879 		if (rtw_get_lps_deep_mode(rtwdev) != LPS_DEEP_MODE_NONE)
880 			SET_NLO_PS_32K(h2c_pkt, enable);
881 		SET_NLO_IGNORE_SECURITY(h2c_pkt, enable);
882 		SET_NLO_LOC_NLO_INFO(h2c_pkt, loc_nlo);
883 	}
884 
885 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
886 }
887 
888 void rtw_fw_set_recover_bt_device(struct rtw_dev *rtwdev)
889 {
890 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
891 
892 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_RECOVER_BT_DEV);
893 	SET_RECOVER_BT_DEV_EN(h2c_pkt, 1);
894 
895 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
896 }
897 
898 void rtw_fw_set_pg_info(struct rtw_dev *rtwdev)
899 {
900 	struct rtw_lps_conf *conf = &rtwdev->lps_conf;
901 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
902 	u8 loc_pg, loc_dpk;
903 
904 	loc_pg = rtw_get_rsvd_page_location(rtwdev, RSVD_LPS_PG_INFO);
905 	loc_dpk = rtw_get_rsvd_page_location(rtwdev, RSVD_LPS_PG_DPK);
906 
907 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_LPS_PG_INFO);
908 
909 	LPS_PG_INFO_LOC(h2c_pkt, loc_pg);
910 	LPS_PG_DPK_LOC(h2c_pkt, loc_dpk);
911 	LPS_PG_SEC_CAM_EN(h2c_pkt, conf->sec_cam_backup);
912 	LPS_PG_PATTERN_CAM_EN(h2c_pkt, conf->pattern_cam_backup);
913 
914 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
915 }
916 
917 static u8 rtw_get_rsvd_page_probe_req_location(struct rtw_dev *rtwdev,
918 					       struct cfg80211_ssid *ssid)
919 {
920 	struct rtw_rsvd_page *rsvd_pkt;
921 	u8 location = 0;
922 
923 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
924 		if (rsvd_pkt->type != RSVD_PROBE_REQ)
925 			continue;
926 		if ((!ssid && !rsvd_pkt->ssid) ||
927 		    rtw_ssid_equal(rsvd_pkt->ssid, ssid))
928 			location = rsvd_pkt->page;
929 	}
930 
931 	return location;
932 }
933 
934 static u16 rtw_get_rsvd_page_probe_req_size(struct rtw_dev *rtwdev,
935 					    struct cfg80211_ssid *ssid)
936 {
937 	struct rtw_rsvd_page *rsvd_pkt;
938 	u16 size = 0;
939 
940 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
941 		if (rsvd_pkt->type != RSVD_PROBE_REQ)
942 			continue;
943 		if ((!ssid && !rsvd_pkt->ssid) ||
944 		    rtw_ssid_equal(rsvd_pkt->ssid, ssid))
945 			size = rsvd_pkt->probe_req_size;
946 	}
947 
948 	return size;
949 }
950 
951 void rtw_send_rsvd_page_h2c(struct rtw_dev *rtwdev)
952 {
953 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
954 	u8 location = 0;
955 
956 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_RSVD_PAGE);
957 
958 	location = rtw_get_rsvd_page_location(rtwdev, RSVD_PROBE_RESP);
959 	*(h2c_pkt + 1) = location;
960 	rtw_dbg(rtwdev, RTW_DBG_FW, "RSVD_PROBE_RESP loc: %d\n", location);
961 
962 	location = rtw_get_rsvd_page_location(rtwdev, RSVD_PS_POLL);
963 	*(h2c_pkt + 2) = location;
964 	rtw_dbg(rtwdev, RTW_DBG_FW, "RSVD_PS_POLL loc: %d\n", location);
965 
966 	location = rtw_get_rsvd_page_location(rtwdev, RSVD_NULL);
967 	*(h2c_pkt + 3) = location;
968 	rtw_dbg(rtwdev, RTW_DBG_FW, "RSVD_NULL loc: %d\n", location);
969 
970 	location = rtw_get_rsvd_page_location(rtwdev, RSVD_QOS_NULL);
971 	*(h2c_pkt + 4) = location;
972 	rtw_dbg(rtwdev, RTW_DBG_FW, "RSVD_QOS_NULL loc: %d\n", location);
973 
974 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
975 }
976 
977 static struct sk_buff *rtw_nlo_info_get(struct ieee80211_hw *hw)
978 {
979 	struct rtw_dev *rtwdev = hw->priv;
980 	const struct rtw_chip_info *chip = rtwdev->chip;
981 	struct rtw_pno_request *pno_req = &rtwdev->wow.pno_req;
982 	struct rtw_nlo_info_hdr *nlo_hdr;
983 	struct cfg80211_ssid *ssid;
984 	struct sk_buff *skb;
985 	u8 *pos, loc;
986 	u32 size;
987 	int i;
988 
989 	if (!pno_req->inited || !pno_req->match_set_cnt)
990 		return NULL;
991 
992 	size = sizeof(struct rtw_nlo_info_hdr) + pno_req->match_set_cnt *
993 		      IEEE80211_MAX_SSID_LEN + chip->tx_pkt_desc_sz;
994 
995 	skb = alloc_skb(size, GFP_KERNEL);
996 	if (!skb)
997 		return NULL;
998 
999 	skb_reserve(skb, chip->tx_pkt_desc_sz);
1000 
1001 	nlo_hdr = skb_put_zero(skb, sizeof(struct rtw_nlo_info_hdr));
1002 
1003 	nlo_hdr->nlo_count = pno_req->match_set_cnt;
1004 	nlo_hdr->hidden_ap_count = pno_req->match_set_cnt;
1005 
1006 	/* pattern check for firmware */
1007 	memset(nlo_hdr->pattern_check, 0xA5, FW_NLO_INFO_CHECK_SIZE);
1008 
1009 	for (i = 0; i < pno_req->match_set_cnt; i++)
1010 		nlo_hdr->ssid_len[i] = pno_req->match_sets[i].ssid.ssid_len;
1011 
1012 	for (i = 0; i < pno_req->match_set_cnt; i++) {
1013 		ssid = &pno_req->match_sets[i].ssid;
1014 		loc  = rtw_get_rsvd_page_probe_req_location(rtwdev, ssid);
1015 		if (!loc) {
1016 			rtw_err(rtwdev, "failed to get probe req rsvd loc\n");
1017 			kfree_skb(skb);
1018 			return NULL;
1019 		}
1020 		nlo_hdr->location[i] = loc;
1021 	}
1022 
1023 	for (i = 0; i < pno_req->match_set_cnt; i++) {
1024 		pos = skb_put_zero(skb, IEEE80211_MAX_SSID_LEN);
1025 		memcpy(pos, pno_req->match_sets[i].ssid.ssid,
1026 		       pno_req->match_sets[i].ssid.ssid_len);
1027 	}
1028 
1029 	return skb;
1030 }
1031 
1032 static struct sk_buff *rtw_cs_channel_info_get(struct ieee80211_hw *hw)
1033 {
1034 	struct rtw_dev *rtwdev = hw->priv;
1035 	const struct rtw_chip_info *chip = rtwdev->chip;
1036 	struct rtw_pno_request *pno_req = &rtwdev->wow.pno_req;
1037 	struct ieee80211_channel *channels = pno_req->channels;
1038 	struct sk_buff *skb;
1039 	int count =  pno_req->channel_cnt;
1040 	u8 *pos;
1041 	int i = 0;
1042 
1043 	skb = alloc_skb(4 * count + chip->tx_pkt_desc_sz, GFP_KERNEL);
1044 	if (!skb)
1045 		return NULL;
1046 
1047 	skb_reserve(skb, chip->tx_pkt_desc_sz);
1048 
1049 	for (i = 0; i < count; i++) {
1050 		pos = skb_put_zero(skb, 4);
1051 
1052 		CHSW_INFO_SET_CH(pos, channels[i].hw_value);
1053 
1054 		if (channels[i].flags & IEEE80211_CHAN_RADAR)
1055 			CHSW_INFO_SET_ACTION_ID(pos, 0);
1056 		else
1057 			CHSW_INFO_SET_ACTION_ID(pos, 1);
1058 		CHSW_INFO_SET_TIMEOUT(pos, 1);
1059 		CHSW_INFO_SET_PRI_CH_IDX(pos, 1);
1060 		CHSW_INFO_SET_BW(pos, 0);
1061 	}
1062 
1063 	return skb;
1064 }
1065 
1066 static struct sk_buff *rtw_lps_pg_dpk_get(struct ieee80211_hw *hw)
1067 {
1068 	struct rtw_dev *rtwdev = hw->priv;
1069 	const struct rtw_chip_info *chip = rtwdev->chip;
1070 	struct rtw_dpk_info *dpk_info = &rtwdev->dm_info.dpk_info;
1071 	struct rtw_lps_pg_dpk_hdr *dpk_hdr;
1072 	struct sk_buff *skb;
1073 	u32 size;
1074 
1075 	size = chip->tx_pkt_desc_sz + sizeof(*dpk_hdr);
1076 	skb = alloc_skb(size, GFP_KERNEL);
1077 	if (!skb)
1078 		return NULL;
1079 
1080 	skb_reserve(skb, chip->tx_pkt_desc_sz);
1081 	dpk_hdr = skb_put_zero(skb, sizeof(*dpk_hdr));
1082 	dpk_hdr->dpk_ch = dpk_info->dpk_ch;
1083 	dpk_hdr->dpk_path_ok = dpk_info->dpk_path_ok[0];
1084 	memcpy(dpk_hdr->dpk_txagc, dpk_info->dpk_txagc, 2);
1085 	memcpy(dpk_hdr->dpk_gs, dpk_info->dpk_gs, 4);
1086 	memcpy(dpk_hdr->coef, dpk_info->coef, 160);
1087 
1088 	return skb;
1089 }
1090 
1091 static struct sk_buff *rtw_lps_pg_info_get(struct ieee80211_hw *hw)
1092 {
1093 	struct rtw_dev *rtwdev = hw->priv;
1094 	const struct rtw_chip_info *chip = rtwdev->chip;
1095 	struct rtw_lps_conf *conf = &rtwdev->lps_conf;
1096 	struct rtw_lps_pg_info_hdr *pg_info_hdr;
1097 	struct rtw_wow_param *rtw_wow = &rtwdev->wow;
1098 	struct sk_buff *skb;
1099 	u32 size;
1100 
1101 	size = chip->tx_pkt_desc_sz + sizeof(*pg_info_hdr);
1102 	skb = alloc_skb(size, GFP_KERNEL);
1103 	if (!skb)
1104 		return NULL;
1105 
1106 	skb_reserve(skb, chip->tx_pkt_desc_sz);
1107 	pg_info_hdr = skb_put_zero(skb, sizeof(*pg_info_hdr));
1108 	pg_info_hdr->tx_bu_page_count = rtwdev->fifo.rsvd_drv_pg_num;
1109 	pg_info_hdr->macid = find_first_bit(rtwdev->mac_id_map, RTW_MAX_MAC_ID_NUM);
1110 	pg_info_hdr->sec_cam_count =
1111 		rtw_sec_cam_pg_backup(rtwdev, pg_info_hdr->sec_cam);
1112 	pg_info_hdr->pattern_count = rtw_wow->pattern_cnt;
1113 
1114 	conf->sec_cam_backup = pg_info_hdr->sec_cam_count != 0;
1115 	conf->pattern_cam_backup = rtw_wow->pattern_cnt != 0;
1116 
1117 	return skb;
1118 }
1119 
1120 static struct sk_buff *rtw_get_rsvd_page_skb(struct ieee80211_hw *hw,
1121 					     struct rtw_rsvd_page *rsvd_pkt)
1122 {
1123 	struct ieee80211_vif *vif;
1124 	struct rtw_vif *rtwvif;
1125 	struct sk_buff *skb_new;
1126 	struct cfg80211_ssid *ssid;
1127 	u16 tim_offset = 0;
1128 
1129 	if (rsvd_pkt->type == RSVD_DUMMY) {
1130 		skb_new = alloc_skb(1, GFP_KERNEL);
1131 		if (!skb_new)
1132 			return NULL;
1133 
1134 		skb_put(skb_new, 1);
1135 		return skb_new;
1136 	}
1137 
1138 	rtwvif = rsvd_pkt->rtwvif;
1139 	if (!rtwvif)
1140 		return NULL;
1141 
1142 	vif = rtwvif_to_vif(rtwvif);
1143 
1144 	switch (rsvd_pkt->type) {
1145 	case RSVD_BEACON:
1146 		skb_new = ieee80211_beacon_get_tim(hw, vif, &tim_offset, NULL, 0);
1147 		rsvd_pkt->tim_offset = tim_offset;
1148 		break;
1149 	case RSVD_PS_POLL:
1150 		skb_new = ieee80211_pspoll_get(hw, vif);
1151 		break;
1152 	case RSVD_PROBE_RESP:
1153 		skb_new = ieee80211_proberesp_get(hw, vif);
1154 		break;
1155 	case RSVD_NULL:
1156 		skb_new = ieee80211_nullfunc_get(hw, vif, -1, false);
1157 		break;
1158 	case RSVD_QOS_NULL:
1159 		skb_new = ieee80211_nullfunc_get(hw, vif, -1, true);
1160 		break;
1161 	case RSVD_LPS_PG_DPK:
1162 		skb_new = rtw_lps_pg_dpk_get(hw);
1163 		break;
1164 	case RSVD_LPS_PG_INFO:
1165 		skb_new = rtw_lps_pg_info_get(hw);
1166 		break;
1167 	case RSVD_PROBE_REQ:
1168 		ssid = (struct cfg80211_ssid *)rsvd_pkt->ssid;
1169 		if (ssid)
1170 			skb_new = ieee80211_probereq_get(hw, vif->addr,
1171 							 ssid->ssid,
1172 							 ssid->ssid_len, 0);
1173 		else
1174 			skb_new = ieee80211_probereq_get(hw, vif->addr, NULL, 0, 0);
1175 		if (skb_new)
1176 			rsvd_pkt->probe_req_size = (u16)skb_new->len;
1177 		break;
1178 	case RSVD_NLO_INFO:
1179 		skb_new = rtw_nlo_info_get(hw);
1180 		break;
1181 	case RSVD_CH_INFO:
1182 		skb_new = rtw_cs_channel_info_get(hw);
1183 		break;
1184 	default:
1185 		return NULL;
1186 	}
1187 
1188 	if (!skb_new)
1189 		return NULL;
1190 
1191 	return skb_new;
1192 }
1193 
1194 static void rtw_fill_rsvd_page_desc(struct rtw_dev *rtwdev, struct sk_buff *skb,
1195 				    enum rtw_rsvd_packet_type type)
1196 {
1197 	struct rtw_tx_pkt_info pkt_info = {0};
1198 	const struct rtw_chip_info *chip = rtwdev->chip;
1199 	u8 *pkt_desc;
1200 
1201 	rtw_tx_rsvd_page_pkt_info_update(rtwdev, &pkt_info, skb, type);
1202 	pkt_desc = skb_push(skb, chip->tx_pkt_desc_sz);
1203 	memset(pkt_desc, 0, chip->tx_pkt_desc_sz);
1204 	rtw_tx_fill_tx_desc(&pkt_info, skb);
1205 }
1206 
1207 static inline u8 rtw_len_to_page(unsigned int len, u8 page_size)
1208 {
1209 	return DIV_ROUND_UP(len, page_size);
1210 }
1211 
1212 static void rtw_rsvd_page_list_to_buf(struct rtw_dev *rtwdev, u8 page_size,
1213 				      u8 page_margin, u32 page, u8 *buf,
1214 				      struct rtw_rsvd_page *rsvd_pkt)
1215 {
1216 	struct sk_buff *skb = rsvd_pkt->skb;
1217 
1218 	if (page >= 1)
1219 		memcpy(buf + page_margin + page_size * (page - 1),
1220 		       skb->data, skb->len);
1221 	else
1222 		memcpy(buf, skb->data, skb->len);
1223 }
1224 
1225 static struct rtw_rsvd_page *rtw_alloc_rsvd_page(struct rtw_dev *rtwdev,
1226 						 enum rtw_rsvd_packet_type type,
1227 						 bool txdesc)
1228 {
1229 	struct rtw_rsvd_page *rsvd_pkt = NULL;
1230 
1231 	rsvd_pkt = kzalloc(sizeof(*rsvd_pkt), GFP_KERNEL);
1232 
1233 	if (!rsvd_pkt)
1234 		return NULL;
1235 
1236 	INIT_LIST_HEAD(&rsvd_pkt->vif_list);
1237 	INIT_LIST_HEAD(&rsvd_pkt->build_list);
1238 	rsvd_pkt->type = type;
1239 	rsvd_pkt->add_txdesc = txdesc;
1240 
1241 	return rsvd_pkt;
1242 }
1243 
1244 static void rtw_insert_rsvd_page(struct rtw_dev *rtwdev,
1245 				 struct rtw_vif *rtwvif,
1246 				 struct rtw_rsvd_page *rsvd_pkt)
1247 {
1248 	lockdep_assert_held(&rtwdev->mutex);
1249 
1250 	list_add_tail(&rsvd_pkt->vif_list, &rtwvif->rsvd_page_list);
1251 }
1252 
1253 static void rtw_add_rsvd_page(struct rtw_dev *rtwdev,
1254 			      struct rtw_vif *rtwvif,
1255 			      enum rtw_rsvd_packet_type type,
1256 			      bool txdesc)
1257 {
1258 	struct rtw_rsvd_page *rsvd_pkt;
1259 
1260 	rsvd_pkt = rtw_alloc_rsvd_page(rtwdev, type, txdesc);
1261 	if (!rsvd_pkt) {
1262 		rtw_err(rtwdev, "failed to alloc rsvd page %d\n", type);
1263 		return;
1264 	}
1265 
1266 	rsvd_pkt->rtwvif = rtwvif;
1267 	rtw_insert_rsvd_page(rtwdev, rtwvif, rsvd_pkt);
1268 }
1269 
1270 static void rtw_add_rsvd_page_probe_req(struct rtw_dev *rtwdev,
1271 					struct rtw_vif *rtwvif,
1272 					struct cfg80211_ssid *ssid)
1273 {
1274 	struct rtw_rsvd_page *rsvd_pkt;
1275 
1276 	rsvd_pkt = rtw_alloc_rsvd_page(rtwdev, RSVD_PROBE_REQ, true);
1277 	if (!rsvd_pkt) {
1278 		rtw_err(rtwdev, "failed to alloc probe req rsvd page\n");
1279 		return;
1280 	}
1281 
1282 	rsvd_pkt->rtwvif = rtwvif;
1283 	rsvd_pkt->ssid = ssid;
1284 	rtw_insert_rsvd_page(rtwdev, rtwvif, rsvd_pkt);
1285 }
1286 
1287 void rtw_remove_rsvd_page(struct rtw_dev *rtwdev,
1288 			  struct rtw_vif *rtwvif)
1289 {
1290 	struct rtw_rsvd_page *rsvd_pkt, *tmp;
1291 
1292 	lockdep_assert_held(&rtwdev->mutex);
1293 
1294 	/* remove all of the rsvd pages for vif */
1295 	list_for_each_entry_safe(rsvd_pkt, tmp, &rtwvif->rsvd_page_list,
1296 				 vif_list) {
1297 		list_del(&rsvd_pkt->vif_list);
1298 		if (!list_empty(&rsvd_pkt->build_list))
1299 			list_del(&rsvd_pkt->build_list);
1300 		kfree(rsvd_pkt);
1301 	}
1302 }
1303 
1304 void rtw_add_rsvd_page_bcn(struct rtw_dev *rtwdev,
1305 			   struct rtw_vif *rtwvif)
1306 {
1307 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
1308 
1309 	if (vif->type != NL80211_IFTYPE_AP &&
1310 	    vif->type != NL80211_IFTYPE_ADHOC &&
1311 	    vif->type != NL80211_IFTYPE_MESH_POINT) {
1312 		rtw_warn(rtwdev, "Cannot add beacon rsvd page for %d\n",
1313 			 vif->type);
1314 		return;
1315 	}
1316 
1317 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_BEACON, false);
1318 }
1319 
1320 void rtw_add_rsvd_page_pno(struct rtw_dev *rtwdev,
1321 			   struct rtw_vif *rtwvif)
1322 {
1323 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
1324 	struct rtw_wow_param *rtw_wow = &rtwdev->wow;
1325 	struct rtw_pno_request *rtw_pno_req = &rtw_wow->pno_req;
1326 	struct cfg80211_ssid *ssid;
1327 	int i;
1328 
1329 	if (vif->type != NL80211_IFTYPE_STATION) {
1330 		rtw_warn(rtwdev, "Cannot add PNO rsvd page for %d\n",
1331 			 vif->type);
1332 		return;
1333 	}
1334 
1335 	for (i = 0 ; i < rtw_pno_req->match_set_cnt; i++) {
1336 		ssid = &rtw_pno_req->match_sets[i].ssid;
1337 		rtw_add_rsvd_page_probe_req(rtwdev, rtwvif, ssid);
1338 	}
1339 
1340 	rtw_add_rsvd_page_probe_req(rtwdev, rtwvif, NULL);
1341 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_NLO_INFO, false);
1342 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_CH_INFO, true);
1343 }
1344 
1345 void rtw_add_rsvd_page_sta(struct rtw_dev *rtwdev,
1346 			   struct rtw_vif *rtwvif)
1347 {
1348 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
1349 
1350 	if (vif->type != NL80211_IFTYPE_STATION) {
1351 		rtw_warn(rtwdev, "Cannot add sta rsvd page for %d\n",
1352 			 vif->type);
1353 		return;
1354 	}
1355 
1356 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_PS_POLL, true);
1357 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_QOS_NULL, true);
1358 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_NULL, true);
1359 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_LPS_PG_DPK, true);
1360 	rtw_add_rsvd_page(rtwdev, rtwvif, RSVD_LPS_PG_INFO, true);
1361 }
1362 
1363 int rtw_fw_write_data_rsvd_page(struct rtw_dev *rtwdev, u16 pg_addr,
1364 				u8 *buf, u32 size)
1365 {
1366 	u8 bckp[2];
1367 	u8 val;
1368 	u16 rsvd_pg_head;
1369 	u32 bcn_valid_addr;
1370 	u32 bcn_valid_mask;
1371 	int ret;
1372 
1373 	lockdep_assert_held(&rtwdev->mutex);
1374 
1375 	if (!size)
1376 		return -EINVAL;
1377 
1378 	if (rtw_chip_wcpu_11n(rtwdev)) {
1379 		rtw_write32_set(rtwdev, REG_DWBCN0_CTRL, BIT_BCN_VALID);
1380 	} else {
1381 		pg_addr &= BIT_MASK_BCN_HEAD_1_V1;
1382 		pg_addr |= BIT_BCN_VALID_V1;
1383 		rtw_write16(rtwdev, REG_FIFOPAGE_CTRL_2, pg_addr);
1384 	}
1385 
1386 	val = rtw_read8(rtwdev, REG_CR + 1);
1387 	bckp[0] = val;
1388 	val |= BIT_ENSWBCN >> 8;
1389 	rtw_write8(rtwdev, REG_CR + 1, val);
1390 
1391 	if (rtw_hci_type(rtwdev) == RTW_HCI_TYPE_PCIE) {
1392 		val = rtw_read8(rtwdev, REG_FWHW_TXQ_CTRL + 2);
1393 		bckp[1] = val;
1394 		val &= ~(BIT_EN_BCNQ_DL >> 16);
1395 		rtw_write8(rtwdev, REG_FWHW_TXQ_CTRL + 2, val);
1396 	}
1397 
1398 	ret = rtw_hci_write_data_rsvd_page(rtwdev, buf, size);
1399 	if (ret) {
1400 		rtw_err(rtwdev, "failed to write data to rsvd page\n");
1401 		goto restore;
1402 	}
1403 
1404 	if (rtw_chip_wcpu_11n(rtwdev)) {
1405 		bcn_valid_addr = REG_DWBCN0_CTRL;
1406 		bcn_valid_mask = BIT_BCN_VALID;
1407 	} else {
1408 		bcn_valid_addr = REG_FIFOPAGE_CTRL_2;
1409 		bcn_valid_mask = BIT_BCN_VALID_V1;
1410 	}
1411 
1412 	if (!check_hw_ready(rtwdev, bcn_valid_addr, bcn_valid_mask, 1)) {
1413 		rtw_err(rtwdev, "error beacon valid\n");
1414 		ret = -EBUSY;
1415 	}
1416 
1417 restore:
1418 	rsvd_pg_head = rtwdev->fifo.rsvd_boundary;
1419 	rtw_write16(rtwdev, REG_FIFOPAGE_CTRL_2,
1420 		    rsvd_pg_head | BIT_BCN_VALID_V1);
1421 	if (rtw_hci_type(rtwdev) == RTW_HCI_TYPE_PCIE)
1422 		rtw_write8(rtwdev, REG_FWHW_TXQ_CTRL + 2, bckp[1]);
1423 	rtw_write8(rtwdev, REG_CR + 1, bckp[0]);
1424 
1425 	return ret;
1426 }
1427 
1428 static int rtw_download_drv_rsvd_page(struct rtw_dev *rtwdev, u8 *buf, u32 size)
1429 {
1430 	u32 pg_size;
1431 	u32 pg_num = 0;
1432 	u16 pg_addr = 0;
1433 
1434 	pg_size = rtwdev->chip->page_size;
1435 	pg_num = size / pg_size + ((size & (pg_size - 1)) ? 1 : 0);
1436 	if (pg_num > rtwdev->fifo.rsvd_drv_pg_num)
1437 		return -ENOMEM;
1438 
1439 	pg_addr = rtwdev->fifo.rsvd_drv_addr;
1440 
1441 	return rtw_fw_write_data_rsvd_page(rtwdev, pg_addr, buf, size);
1442 }
1443 
1444 static void __rtw_build_rsvd_page_reset(struct rtw_dev *rtwdev)
1445 {
1446 	struct rtw_rsvd_page *rsvd_pkt, *tmp;
1447 
1448 	list_for_each_entry_safe(rsvd_pkt, tmp, &rtwdev->rsvd_page_list,
1449 				 build_list) {
1450 		list_del_init(&rsvd_pkt->build_list);
1451 
1452 		/* Don't free except for the dummy rsvd page,
1453 		 * others will be freed when removing vif
1454 		 */
1455 		if (rsvd_pkt->type == RSVD_DUMMY)
1456 			kfree(rsvd_pkt);
1457 	}
1458 }
1459 
1460 static void rtw_build_rsvd_page_iter(void *data, u8 *mac,
1461 				     struct ieee80211_vif *vif)
1462 {
1463 	struct rtw_dev *rtwdev = data;
1464 	struct rtw_vif *rtwvif = (struct rtw_vif *)vif->drv_priv;
1465 	struct rtw_rsvd_page *rsvd_pkt;
1466 
1467 	/* AP not yet started, don't gather its rsvd pages */
1468 	if (vif->type == NL80211_IFTYPE_AP && !rtwdev->ap_active)
1469 		return;
1470 
1471 	list_for_each_entry(rsvd_pkt, &rtwvif->rsvd_page_list, vif_list) {
1472 		if (rsvd_pkt->type == RSVD_BEACON)
1473 			list_add(&rsvd_pkt->build_list,
1474 				 &rtwdev->rsvd_page_list);
1475 		else
1476 			list_add_tail(&rsvd_pkt->build_list,
1477 				      &rtwdev->rsvd_page_list);
1478 	}
1479 }
1480 
1481 static int  __rtw_build_rsvd_page_from_vifs(struct rtw_dev *rtwdev)
1482 {
1483 	struct rtw_rsvd_page *rsvd_pkt;
1484 
1485 	__rtw_build_rsvd_page_reset(rtwdev);
1486 
1487 	/* gather rsvd page from vifs */
1488 	rtw_iterate_vifs_atomic(rtwdev, rtw_build_rsvd_page_iter, rtwdev);
1489 
1490 	rsvd_pkt = list_first_entry_or_null(&rtwdev->rsvd_page_list,
1491 					    struct rtw_rsvd_page, build_list);
1492 	if (!rsvd_pkt) {
1493 		WARN(1, "Should not have an empty reserved page\n");
1494 		return -EINVAL;
1495 	}
1496 
1497 	/* the first rsvd should be beacon, otherwise add a dummy one */
1498 	if (rsvd_pkt->type != RSVD_BEACON) {
1499 		struct rtw_rsvd_page *dummy_pkt;
1500 
1501 		dummy_pkt = rtw_alloc_rsvd_page(rtwdev, RSVD_DUMMY, false);
1502 		if (!dummy_pkt) {
1503 			rtw_err(rtwdev, "failed to alloc dummy rsvd page\n");
1504 			return -ENOMEM;
1505 		}
1506 
1507 		list_add(&dummy_pkt->build_list, &rtwdev->rsvd_page_list);
1508 	}
1509 
1510 	return 0;
1511 }
1512 
1513 static u8 *rtw_build_rsvd_page(struct rtw_dev *rtwdev, u32 *size)
1514 {
1515 	struct ieee80211_hw *hw = rtwdev->hw;
1516 	const struct rtw_chip_info *chip = rtwdev->chip;
1517 	struct sk_buff *iter;
1518 	struct rtw_rsvd_page *rsvd_pkt;
1519 	u32 page = 0;
1520 	u8 total_page = 0;
1521 	u8 page_size, page_margin, tx_desc_sz;
1522 	u8 *buf;
1523 	int ret;
1524 
1525 	page_size = chip->page_size;
1526 	tx_desc_sz = chip->tx_pkt_desc_sz;
1527 	page_margin = page_size - tx_desc_sz;
1528 
1529 	ret = __rtw_build_rsvd_page_from_vifs(rtwdev);
1530 	if (ret) {
1531 		rtw_err(rtwdev,
1532 			"failed to build rsvd page from vifs, ret %d\n", ret);
1533 		return NULL;
1534 	}
1535 
1536 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
1537 		iter = rtw_get_rsvd_page_skb(hw, rsvd_pkt);
1538 		if (!iter) {
1539 			rtw_err(rtwdev, "failed to build rsvd packet\n");
1540 			goto release_skb;
1541 		}
1542 
1543 		/* Fill the tx_desc for the rsvd pkt that requires one.
1544 		 * And iter->len will be added with size of tx_desc_sz.
1545 		 */
1546 		if (rsvd_pkt->add_txdesc)
1547 			rtw_fill_rsvd_page_desc(rtwdev, iter, rsvd_pkt->type);
1548 
1549 		rsvd_pkt->skb = iter;
1550 		rsvd_pkt->page = total_page;
1551 
1552 		/* Reserved page is downloaded via TX path, and TX path will
1553 		 * generate a tx_desc at the header to describe length of
1554 		 * the buffer. If we are not counting page numbers with the
1555 		 * size of tx_desc added at the first rsvd_pkt (usually a
1556 		 * beacon, firmware default refer to the first page as the
1557 		 * content of beacon), we could generate a buffer which size
1558 		 * is smaller than the actual size of the whole rsvd_page
1559 		 */
1560 		if (total_page == 0) {
1561 			if (rsvd_pkt->type != RSVD_BEACON &&
1562 			    rsvd_pkt->type != RSVD_DUMMY) {
1563 				rtw_err(rtwdev, "first page should be a beacon\n");
1564 				goto release_skb;
1565 			}
1566 			total_page += rtw_len_to_page(iter->len + tx_desc_sz,
1567 						      page_size);
1568 		} else {
1569 			total_page += rtw_len_to_page(iter->len, page_size);
1570 		}
1571 	}
1572 
1573 	if (total_page > rtwdev->fifo.rsvd_drv_pg_num) {
1574 		rtw_err(rtwdev, "rsvd page over size: %d\n", total_page);
1575 		goto release_skb;
1576 	}
1577 
1578 	*size = (total_page - 1) * page_size + page_margin;
1579 	buf = kzalloc(*size, GFP_KERNEL);
1580 	if (!buf)
1581 		goto release_skb;
1582 
1583 	/* Copy the content of each rsvd_pkt to the buf, and they should
1584 	 * be aligned to the pages.
1585 	 *
1586 	 * Note that the first rsvd_pkt is a beacon no matter what vif->type.
1587 	 * And that rsvd_pkt does not require tx_desc because when it goes
1588 	 * through TX path, the TX path will generate one for it.
1589 	 */
1590 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
1591 		rtw_rsvd_page_list_to_buf(rtwdev, page_size, page_margin,
1592 					  page, buf, rsvd_pkt);
1593 		if (page == 0)
1594 			page += rtw_len_to_page(rsvd_pkt->skb->len +
1595 						tx_desc_sz, page_size);
1596 		else
1597 			page += rtw_len_to_page(rsvd_pkt->skb->len, page_size);
1598 
1599 		kfree_skb(rsvd_pkt->skb);
1600 		rsvd_pkt->skb = NULL;
1601 	}
1602 
1603 	return buf;
1604 
1605 release_skb:
1606 	list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, build_list) {
1607 		kfree_skb(rsvd_pkt->skb);
1608 		rsvd_pkt->skb = NULL;
1609 	}
1610 
1611 	return NULL;
1612 }
1613 
1614 static int rtw_download_beacon(struct rtw_dev *rtwdev)
1615 {
1616 	struct ieee80211_hw *hw = rtwdev->hw;
1617 	struct rtw_rsvd_page *rsvd_pkt;
1618 	struct sk_buff *skb;
1619 	int ret = 0;
1620 
1621 	rsvd_pkt = list_first_entry_or_null(&rtwdev->rsvd_page_list,
1622 					    struct rtw_rsvd_page, build_list);
1623 	if (!rsvd_pkt) {
1624 		rtw_err(rtwdev, "failed to get rsvd page from build list\n");
1625 		return -ENOENT;
1626 	}
1627 
1628 	if (rsvd_pkt->type != RSVD_BEACON &&
1629 	    rsvd_pkt->type != RSVD_DUMMY) {
1630 		rtw_err(rtwdev, "invalid rsvd page type %d, should be beacon or dummy\n",
1631 			rsvd_pkt->type);
1632 		return -EINVAL;
1633 	}
1634 
1635 	skb = rtw_get_rsvd_page_skb(hw, rsvd_pkt);
1636 	if (!skb) {
1637 		rtw_err(rtwdev, "failed to get beacon skb\n");
1638 		return -ENOMEM;
1639 	}
1640 
1641 	ret = rtw_download_drv_rsvd_page(rtwdev, skb->data, skb->len);
1642 	if (ret)
1643 		rtw_err(rtwdev, "failed to download drv rsvd page\n");
1644 
1645 	dev_kfree_skb(skb);
1646 
1647 	return ret;
1648 }
1649 
1650 int rtw_fw_download_rsvd_page(struct rtw_dev *rtwdev)
1651 {
1652 	u8 *buf;
1653 	u32 size;
1654 	int ret;
1655 
1656 	buf = rtw_build_rsvd_page(rtwdev, &size);
1657 	if (!buf) {
1658 		rtw_err(rtwdev, "failed to build rsvd page pkt\n");
1659 		return -ENOMEM;
1660 	}
1661 
1662 	ret = rtw_download_drv_rsvd_page(rtwdev, buf, size);
1663 	if (ret) {
1664 		rtw_err(rtwdev, "failed to download drv rsvd page\n");
1665 		goto free;
1666 	}
1667 
1668 	/* The last thing is to download the *ONLY* beacon again, because
1669 	 * the previous tx_desc is to describe the total rsvd page. Download
1670 	 * the beacon again to replace the TX desc header, and we will get
1671 	 * a correct tx_desc for the beacon in the rsvd page.
1672 	 */
1673 	ret = rtw_download_beacon(rtwdev);
1674 	if (ret) {
1675 		rtw_err(rtwdev, "failed to download beacon\n");
1676 		goto free;
1677 	}
1678 
1679 free:
1680 	kfree(buf);
1681 
1682 	return ret;
1683 }
1684 
1685 void rtw_fw_update_beacon_work(struct work_struct *work)
1686 {
1687 	struct rtw_dev *rtwdev = container_of(work, struct rtw_dev,
1688 					      update_beacon_work);
1689 
1690 	mutex_lock(&rtwdev->mutex);
1691 	rtw_fw_download_rsvd_page(rtwdev);
1692 	rtw_send_rsvd_page_h2c(rtwdev);
1693 	mutex_unlock(&rtwdev->mutex);
1694 }
1695 
1696 static void rtw_fw_read_fifo_page(struct rtw_dev *rtwdev, u32 offset, u32 size,
1697 				  u32 *buf, u32 residue, u16 start_pg)
1698 {
1699 	u32 i;
1700 	u16 idx = 0;
1701 	u16 ctl;
1702 
1703 	ctl = rtw_read16(rtwdev, REG_PKTBUF_DBG_CTRL) & 0xf000;
1704 	/* disable rx clock gate */
1705 	rtw_write32_set(rtwdev, REG_RCR, BIT_DISGCLK);
1706 
1707 	do {
1708 		rtw_write16(rtwdev, REG_PKTBUF_DBG_CTRL, start_pg | ctl);
1709 
1710 		for (i = FIFO_DUMP_ADDR + residue;
1711 		     i < FIFO_DUMP_ADDR + FIFO_PAGE_SIZE; i += 4) {
1712 			buf[idx++] = rtw_read32(rtwdev, i);
1713 			size -= 4;
1714 			if (size == 0)
1715 				goto out;
1716 		}
1717 
1718 		residue = 0;
1719 		start_pg++;
1720 	} while (size);
1721 
1722 out:
1723 	rtw_write16(rtwdev, REG_PKTBUF_DBG_CTRL, ctl);
1724 	/* restore rx clock gate */
1725 	rtw_write32_clr(rtwdev, REG_RCR, BIT_DISGCLK);
1726 }
1727 
1728 static void rtw_fw_read_fifo(struct rtw_dev *rtwdev, enum rtw_fw_fifo_sel sel,
1729 			     u32 offset, u32 size, u32 *buf)
1730 {
1731 	const struct rtw_chip_info *chip = rtwdev->chip;
1732 	u32 start_pg, residue;
1733 
1734 	if (sel >= RTW_FW_FIFO_MAX) {
1735 		rtw_dbg(rtwdev, RTW_DBG_FW, "wrong fw fifo sel\n");
1736 		return;
1737 	}
1738 	if (sel == RTW_FW_FIFO_SEL_RSVD_PAGE)
1739 		offset += rtwdev->fifo.rsvd_boundary << TX_PAGE_SIZE_SHIFT;
1740 	residue = offset & (FIFO_PAGE_SIZE - 1);
1741 	start_pg = (offset >> FIFO_PAGE_SIZE_SHIFT) + chip->fw_fifo_addr[sel];
1742 
1743 	rtw_fw_read_fifo_page(rtwdev, offset, size, buf, residue, start_pg);
1744 }
1745 
1746 static bool rtw_fw_dump_check_size(struct rtw_dev *rtwdev,
1747 				   enum rtw_fw_fifo_sel sel,
1748 				   u32 start_addr, u32 size)
1749 {
1750 	switch (sel) {
1751 	case RTW_FW_FIFO_SEL_TX:
1752 	case RTW_FW_FIFO_SEL_RX:
1753 		if ((start_addr + size) > rtwdev->chip->fw_fifo_addr[sel])
1754 			return false;
1755 		fallthrough;
1756 	default:
1757 		return true;
1758 	}
1759 }
1760 
1761 int rtw_fw_dump_fifo(struct rtw_dev *rtwdev, u8 fifo_sel, u32 addr, u32 size,
1762 		     u32 *buffer)
1763 {
1764 	if (!rtwdev->chip->fw_fifo_addr[0]) {
1765 		rtw_dbg(rtwdev, RTW_DBG_FW, "chip not support dump fw fifo\n");
1766 		return -ENOTSUPP;
1767 	}
1768 
1769 	if (size == 0 || !buffer)
1770 		return -EINVAL;
1771 
1772 	if (size & 0x3) {
1773 		rtw_dbg(rtwdev, RTW_DBG_FW, "not 4byte alignment\n");
1774 		return -EINVAL;
1775 	}
1776 
1777 	if (!rtw_fw_dump_check_size(rtwdev, fifo_sel, addr, size)) {
1778 		rtw_dbg(rtwdev, RTW_DBG_FW, "fw fifo dump size overflow\n");
1779 		return -EINVAL;
1780 	}
1781 
1782 	rtw_fw_read_fifo(rtwdev, fifo_sel, addr, size, buffer);
1783 
1784 	return 0;
1785 }
1786 
1787 static void __rtw_fw_update_pkt(struct rtw_dev *rtwdev, u8 pkt_id, u16 size,
1788 				u8 location)
1789 {
1790 	const struct rtw_chip_info *chip = rtwdev->chip;
1791 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
1792 	u16 total_size = H2C_PKT_HDR_SIZE + H2C_PKT_UPDATE_PKT_LEN;
1793 
1794 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_UPDATE_PKT);
1795 
1796 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, total_size);
1797 	UPDATE_PKT_SET_PKT_ID(h2c_pkt, pkt_id);
1798 	UPDATE_PKT_SET_LOCATION(h2c_pkt, location);
1799 
1800 	/* include txdesc size */
1801 	size += chip->tx_pkt_desc_sz;
1802 	UPDATE_PKT_SET_SIZE(h2c_pkt, size);
1803 
1804 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
1805 }
1806 
1807 void rtw_fw_update_pkt_probe_req(struct rtw_dev *rtwdev,
1808 				 struct cfg80211_ssid *ssid)
1809 {
1810 	u8 loc;
1811 	u16 size;
1812 
1813 	loc = rtw_get_rsvd_page_probe_req_location(rtwdev, ssid);
1814 	if (!loc) {
1815 		rtw_err(rtwdev, "failed to get probe_req rsvd loc\n");
1816 		return;
1817 	}
1818 
1819 	size = rtw_get_rsvd_page_probe_req_size(rtwdev, ssid);
1820 	if (!size) {
1821 		rtw_err(rtwdev, "failed to get probe_req rsvd size\n");
1822 		return;
1823 	}
1824 
1825 	__rtw_fw_update_pkt(rtwdev, RTW_PACKET_PROBE_REQ, size, loc);
1826 }
1827 
1828 void rtw_fw_channel_switch(struct rtw_dev *rtwdev, bool enable)
1829 {
1830 	struct rtw_pno_request *rtw_pno_req = &rtwdev->wow.pno_req;
1831 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
1832 	u16 total_size = H2C_PKT_HDR_SIZE + H2C_PKT_CH_SWITCH_LEN;
1833 	u8 loc_ch_info;
1834 	const struct rtw_ch_switch_option cs_option = {
1835 		.dest_ch_en = 1,
1836 		.dest_ch = 1,
1837 		.periodic_option = 2,
1838 		.normal_period = 5,
1839 		.normal_period_sel = 0,
1840 		.normal_cycle = 10,
1841 		.slow_period = 1,
1842 		.slow_period_sel = 1,
1843 	};
1844 
1845 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_CH_SWITCH);
1846 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, total_size);
1847 
1848 	CH_SWITCH_SET_START(h2c_pkt, enable);
1849 	CH_SWITCH_SET_DEST_CH_EN(h2c_pkt, cs_option.dest_ch_en);
1850 	CH_SWITCH_SET_DEST_CH(h2c_pkt, cs_option.dest_ch);
1851 	CH_SWITCH_SET_NORMAL_PERIOD(h2c_pkt, cs_option.normal_period);
1852 	CH_SWITCH_SET_NORMAL_PERIOD_SEL(h2c_pkt, cs_option.normal_period_sel);
1853 	CH_SWITCH_SET_SLOW_PERIOD(h2c_pkt, cs_option.slow_period);
1854 	CH_SWITCH_SET_SLOW_PERIOD_SEL(h2c_pkt, cs_option.slow_period_sel);
1855 	CH_SWITCH_SET_NORMAL_CYCLE(h2c_pkt, cs_option.normal_cycle);
1856 	CH_SWITCH_SET_PERIODIC_OPT(h2c_pkt, cs_option.periodic_option);
1857 
1858 	CH_SWITCH_SET_CH_NUM(h2c_pkt, rtw_pno_req->channel_cnt);
1859 	CH_SWITCH_SET_INFO_SIZE(h2c_pkt, rtw_pno_req->channel_cnt * 4);
1860 
1861 	loc_ch_info = rtw_get_rsvd_page_location(rtwdev, RSVD_CH_INFO);
1862 	CH_SWITCH_SET_INFO_LOC(h2c_pkt, loc_ch_info);
1863 
1864 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
1865 }
1866 
1867 void rtw_fw_adaptivity(struct rtw_dev *rtwdev)
1868 {
1869 	struct rtw_dm_info *dm_info = &rtwdev->dm_info;
1870 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
1871 
1872 	if (!rtw_edcca_enabled) {
1873 		dm_info->edcca_mode = RTW_EDCCA_NORMAL;
1874 		rtw_dbg(rtwdev, RTW_DBG_ADAPTIVITY,
1875 			"EDCCA disabled by debugfs\n");
1876 	}
1877 
1878 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_ADAPTIVITY);
1879 	SET_ADAPTIVITY_MODE(h2c_pkt, dm_info->edcca_mode);
1880 	SET_ADAPTIVITY_OPTION(h2c_pkt, 1);
1881 	SET_ADAPTIVITY_IGI(h2c_pkt, dm_info->igi_history[0]);
1882 	SET_ADAPTIVITY_L2H(h2c_pkt, dm_info->l2h_th_ini);
1883 	SET_ADAPTIVITY_DENSITY(h2c_pkt, dm_info->scan_density);
1884 
1885 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
1886 }
1887 
1888 void rtw_fw_scan_notify(struct rtw_dev *rtwdev, bool start)
1889 {
1890 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
1891 
1892 	SET_H2C_CMD_ID_CLASS(h2c_pkt, H2C_CMD_SCAN);
1893 	SET_SCAN_START(h2c_pkt, start);
1894 
1895 	rtw_fw_send_h2c_command(rtwdev, h2c_pkt);
1896 }
1897 
1898 static int rtw_append_probe_req_ie(struct rtw_dev *rtwdev, struct sk_buff *skb,
1899 				   struct sk_buff_head *list, u8 *bands,
1900 				   struct rtw_vif *rtwvif)
1901 {
1902 	const struct rtw_chip_info *chip = rtwdev->chip;
1903 	struct ieee80211_scan_ies *ies = rtwvif->scan_ies;
1904 	struct sk_buff *new;
1905 	u8 idx;
1906 
1907 	for (idx = NL80211_BAND_2GHZ; idx < NUM_NL80211_BANDS; idx++) {
1908 		if (!(BIT(idx) & chip->band))
1909 			continue;
1910 		new = skb_copy(skb, GFP_KERNEL);
1911 		if (!new)
1912 			return -ENOMEM;
1913 		skb_put_data(new, ies->ies[idx], ies->len[idx]);
1914 		skb_put_data(new, ies->common_ies, ies->common_ie_len);
1915 		skb_queue_tail(list, new);
1916 		(*bands)++;
1917 	}
1918 
1919 	return 0;
1920 }
1921 
1922 static int _rtw_hw_scan_update_probe_req(struct rtw_dev *rtwdev, u8 num_probes,
1923 					 struct sk_buff_head *probe_req_list)
1924 {
1925 	const struct rtw_chip_info *chip = rtwdev->chip;
1926 	struct sk_buff *skb, *tmp;
1927 	u8 page_offset = 1, *buf, page_size = chip->page_size;
1928 	u16 pg_addr = rtwdev->fifo.rsvd_h2c_info_addr, loc;
1929 	u16 buf_offset = page_size * page_offset;
1930 	u8 tx_desc_sz = chip->tx_pkt_desc_sz;
1931 	u8 page_cnt, pages;
1932 	unsigned int pkt_len;
1933 	int ret;
1934 
1935 	if (rtw_fw_feature_ext_check(&rtwdev->fw, FW_FEATURE_EXT_OLD_PAGE_NUM))
1936 		page_cnt = RTW_OLD_PROBE_PG_CNT;
1937 	else
1938 		page_cnt = RTW_PROBE_PG_CNT;
1939 
1940 	pages = page_offset + num_probes * page_cnt;
1941 
1942 	buf = kzalloc(page_size * pages, GFP_KERNEL);
1943 	if (!buf)
1944 		return -ENOMEM;
1945 
1946 	buf_offset -= tx_desc_sz;
1947 	skb_queue_walk_safe(probe_req_list, skb, tmp) {
1948 		skb_unlink(skb, probe_req_list);
1949 		rtw_fill_rsvd_page_desc(rtwdev, skb, RSVD_PROBE_REQ);
1950 		if (skb->len > page_size * page_cnt) {
1951 			ret = -EINVAL;
1952 			goto out;
1953 		}
1954 
1955 		memcpy(buf + buf_offset, skb->data, skb->len);
1956 		pkt_len = skb->len - tx_desc_sz;
1957 		loc = pg_addr - rtwdev->fifo.rsvd_boundary + page_offset;
1958 		__rtw_fw_update_pkt(rtwdev, RTW_PACKET_PROBE_REQ, pkt_len, loc);
1959 
1960 		buf_offset += page_cnt * page_size;
1961 		page_offset += page_cnt;
1962 		kfree_skb(skb);
1963 	}
1964 
1965 	ret = rtw_fw_write_data_rsvd_page(rtwdev, pg_addr, buf, buf_offset);
1966 	if (ret) {
1967 		rtw_err(rtwdev, "Download probe request to firmware failed\n");
1968 		goto out;
1969 	}
1970 
1971 	rtwdev->scan_info.probe_pg_size = page_offset;
1972 out:
1973 	kfree(buf);
1974 	skb_queue_walk_safe(probe_req_list, skb, tmp)
1975 		kfree_skb(skb);
1976 
1977 	return ret;
1978 }
1979 
1980 static int rtw_hw_scan_update_probe_req(struct rtw_dev *rtwdev,
1981 					struct rtw_vif *rtwvif)
1982 {
1983 	struct cfg80211_scan_request *req = rtwvif->scan_req;
1984 	struct sk_buff_head list;
1985 	struct sk_buff *skb, *tmp;
1986 	u8 num = req->n_ssids, i, bands = 0;
1987 	int ret;
1988 
1989 	skb_queue_head_init(&list);
1990 	for (i = 0; i < num; i++) {
1991 		skb = ieee80211_probereq_get(rtwdev->hw, rtwvif->mac_addr,
1992 					     req->ssids[i].ssid,
1993 					     req->ssids[i].ssid_len,
1994 					     req->ie_len);
1995 		if (!skb) {
1996 			ret = -ENOMEM;
1997 			goto out;
1998 		}
1999 		ret = rtw_append_probe_req_ie(rtwdev, skb, &list, &bands,
2000 					      rtwvif);
2001 		if (ret)
2002 			goto out;
2003 
2004 		kfree_skb(skb);
2005 	}
2006 
2007 	return _rtw_hw_scan_update_probe_req(rtwdev, num * bands, &list);
2008 
2009 out:
2010 	skb_queue_walk_safe(&list, skb, tmp)
2011 		kfree_skb(skb);
2012 
2013 	return ret;
2014 }
2015 
2016 static int rtw_add_chan_info(struct rtw_dev *rtwdev, struct rtw_chan_info *info,
2017 			     struct rtw_chan_list *list, u8 *buf)
2018 {
2019 	u8 *chan = &buf[list->size];
2020 	u8 info_size = RTW_CH_INFO_SIZE;
2021 
2022 	if (list->size > list->buf_size)
2023 		return -ENOMEM;
2024 
2025 	CH_INFO_SET_CH(chan, info->channel);
2026 	CH_INFO_SET_PRI_CH_IDX(chan, info->pri_ch_idx);
2027 	CH_INFO_SET_BW(chan, info->bw);
2028 	CH_INFO_SET_TIMEOUT(chan, info->timeout);
2029 	CH_INFO_SET_ACTION_ID(chan, info->action_id);
2030 	CH_INFO_SET_EXTRA_INFO(chan, info->extra_info);
2031 	if (info->extra_info) {
2032 		EXTRA_CH_INFO_SET_ID(chan, RTW_SCAN_EXTRA_ID_DFS);
2033 		EXTRA_CH_INFO_SET_INFO(chan, RTW_SCAN_EXTRA_ACTION_SCAN);
2034 		EXTRA_CH_INFO_SET_SIZE(chan, RTW_EX_CH_INFO_SIZE -
2035 				       RTW_EX_CH_INFO_HDR_SIZE);
2036 		EXTRA_CH_INFO_SET_DFS_EXT_TIME(chan, RTW_DFS_CHAN_TIME);
2037 		info_size += RTW_EX_CH_INFO_SIZE;
2038 	}
2039 	list->size += info_size;
2040 	list->ch_num++;
2041 
2042 	return 0;
2043 }
2044 
2045 static int rtw_add_chan_list(struct rtw_dev *rtwdev, struct rtw_vif *rtwvif,
2046 			     struct rtw_chan_list *list, u8 *buf)
2047 {
2048 	struct cfg80211_scan_request *req = rtwvif->scan_req;
2049 	struct rtw_fifo_conf *fifo = &rtwdev->fifo;
2050 	struct ieee80211_channel *channel;
2051 	int i, ret = 0;
2052 
2053 	for (i = 0; i < req->n_channels; i++) {
2054 		struct rtw_chan_info ch_info = {0};
2055 
2056 		channel = req->channels[i];
2057 		ch_info.channel = channel->hw_value;
2058 		ch_info.bw = RTW_SCAN_WIDTH;
2059 		ch_info.pri_ch_idx = RTW_PRI_CH_IDX;
2060 		ch_info.timeout = req->duration_mandatory ?
2061 				  req->duration : RTW_CHANNEL_TIME;
2062 
2063 		if (channel->flags & (IEEE80211_CHAN_RADAR | IEEE80211_CHAN_NO_IR)) {
2064 			ch_info.action_id = RTW_CHANNEL_RADAR;
2065 			ch_info.extra_info = 1;
2066 			/* Overwrite duration for passive scans if necessary */
2067 			ch_info.timeout = ch_info.timeout > RTW_PASS_CHAN_TIME ?
2068 					  ch_info.timeout : RTW_PASS_CHAN_TIME;
2069 		} else {
2070 			ch_info.action_id = RTW_CHANNEL_ACTIVE;
2071 		}
2072 
2073 		ret = rtw_add_chan_info(rtwdev, &ch_info, list, buf);
2074 		if (ret)
2075 			return ret;
2076 	}
2077 
2078 	if (list->size > fifo->rsvd_pg_num << TX_PAGE_SIZE_SHIFT) {
2079 		rtw_err(rtwdev, "List exceeds rsvd page total size\n");
2080 		return -EINVAL;
2081 	}
2082 
2083 	list->addr = fifo->rsvd_h2c_info_addr + rtwdev->scan_info.probe_pg_size;
2084 	ret = rtw_fw_write_data_rsvd_page(rtwdev, list->addr, buf, list->size);
2085 	if (ret)
2086 		rtw_err(rtwdev, "Download channel list failed\n");
2087 
2088 	return ret;
2089 }
2090 
2091 static void rtw_fw_set_scan_offload(struct rtw_dev *rtwdev,
2092 				    struct rtw_ch_switch_option *opt,
2093 				    struct rtw_vif *rtwvif,
2094 				    struct rtw_chan_list *list)
2095 {
2096 	struct rtw_hw_scan_info *scan_info = &rtwdev->scan_info;
2097 	struct cfg80211_scan_request *req = rtwvif->scan_req;
2098 	struct rtw_fifo_conf *fifo = &rtwdev->fifo;
2099 	/* reserve one dummy page at the beginning for tx descriptor */
2100 	u8 pkt_loc = fifo->rsvd_h2c_info_addr - fifo->rsvd_boundary + 1;
2101 	bool random_seq = req->flags & NL80211_SCAN_FLAG_RANDOM_SN;
2102 	u8 h2c_pkt[H2C_PKT_SIZE] = {0};
2103 
2104 	rtw_h2c_pkt_set_header(h2c_pkt, H2C_PKT_SCAN_OFFLOAD);
2105 	SET_PKT_H2C_TOTAL_LEN(h2c_pkt, H2C_PKT_CH_SWITCH_LEN);
2106 
2107 	SCAN_OFFLOAD_SET_START(h2c_pkt, opt->switch_en);
2108 	SCAN_OFFLOAD_SET_BACK_OP_EN(h2c_pkt, opt->back_op_en);
2109 	SCAN_OFFLOAD_SET_RANDOM_SEQ_EN(h2c_pkt, random_seq);
2110 	SCAN_OFFLOAD_SET_NO_CCK_EN(h2c_pkt, req->no_cck);
2111 	SCAN_OFFLOAD_SET_CH_NUM(h2c_pkt, list->ch_num);
2112 	SCAN_OFFLOAD_SET_CH_INFO_SIZE(h2c_pkt, list->size);
2113 	SCAN_OFFLOAD_SET_CH_INFO_LOC(h2c_pkt, list->addr - fifo->rsvd_boundary);
2114 	SCAN_OFFLOAD_SET_OP_CH(h2c_pkt, scan_info->op_chan);
2115 	SCAN_OFFLOAD_SET_OP_PRI_CH_IDX(h2c_pkt, scan_info->op_pri_ch_idx);
2116 	SCAN_OFFLOAD_SET_OP_BW(h2c_pkt, scan_info->op_bw);
2117 	SCAN_OFFLOAD_SET_OP_PORT_ID(h2c_pkt, rtwvif->port);
2118 	SCAN_OFFLOAD_SET_OP_DWELL_TIME(h2c_pkt, req->duration_mandatory ?
2119 				       req->duration : RTW_CHANNEL_TIME);
2120 	SCAN_OFFLOAD_SET_OP_GAP_TIME(h2c_pkt, RTW_OFF_CHAN_TIME);
2121 	SCAN_OFFLOAD_SET_SSID_NUM(h2c_pkt, req->n_ssids);
2122 	SCAN_OFFLOAD_SET_PKT_LOC(h2c_pkt, pkt_loc);
2123 
2124 	rtw_fw_send_h2c_packet(rtwdev, h2c_pkt);
2125 }
2126 
2127 void rtw_hw_scan_start(struct rtw_dev *rtwdev, struct ieee80211_vif *vif,
2128 		       struct ieee80211_scan_request *scan_req)
2129 {
2130 	struct rtw_vif *rtwvif = (struct rtw_vif *)vif->drv_priv;
2131 	struct cfg80211_scan_request *req = &scan_req->req;
2132 	u8 mac_addr[ETH_ALEN];
2133 
2134 	rtwdev->scan_info.scanning_vif = vif;
2135 	rtwvif->scan_ies = &scan_req->ies;
2136 	rtwvif->scan_req = req;
2137 
2138 	ieee80211_stop_queues(rtwdev->hw);
2139 	rtw_leave_lps_deep(rtwdev);
2140 	rtw_hci_flush_all_queues(rtwdev, false);
2141 	rtw_mac_flush_all_queues(rtwdev, false);
2142 	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
2143 		get_random_mask_addr(mac_addr, req->mac_addr,
2144 				     req->mac_addr_mask);
2145 	else
2146 		ether_addr_copy(mac_addr, vif->addr);
2147 
2148 	rtw_core_scan_start(rtwdev, rtwvif, mac_addr, true);
2149 
2150 	rtwdev->hal.rcr &= ~BIT_CBSSID_BCN;
2151 	rtw_write32(rtwdev, REG_RCR, rtwdev->hal.rcr);
2152 }
2153 
2154 void rtw_hw_scan_complete(struct rtw_dev *rtwdev, struct ieee80211_vif *vif,
2155 			  bool aborted)
2156 {
2157 	struct cfg80211_scan_info info = {
2158 		.aborted = aborted,
2159 	};
2160 	struct rtw_hw_scan_info *scan_info = &rtwdev->scan_info;
2161 	struct rtw_hal *hal = &rtwdev->hal;
2162 	struct rtw_vif *rtwvif;
2163 	u8 chan = scan_info->op_chan;
2164 
2165 	if (!vif)
2166 		return;
2167 
2168 	rtwdev->hal.rcr |= BIT_CBSSID_BCN;
2169 	rtw_write32(rtwdev, REG_RCR, rtwdev->hal.rcr);
2170 
2171 	rtw_core_scan_complete(rtwdev, vif, true);
2172 
2173 	rtwvif = (struct rtw_vif *)vif->drv_priv;
2174 	if (chan)
2175 		rtw_store_op_chan(rtwdev, false);
2176 	rtw_phy_set_tx_power_level(rtwdev, hal->current_channel);
2177 	ieee80211_wake_queues(rtwdev->hw);
2178 	ieee80211_scan_completed(rtwdev->hw, &info);
2179 
2180 	rtwvif->scan_req = NULL;
2181 	rtwvif->scan_ies = NULL;
2182 	rtwdev->scan_info.scanning_vif = NULL;
2183 }
2184 
2185 static int rtw_hw_scan_prehandle(struct rtw_dev *rtwdev, struct rtw_vif *rtwvif,
2186 				 struct rtw_chan_list *list)
2187 {
2188 	struct cfg80211_scan_request *req = rtwvif->scan_req;
2189 	int size = req->n_channels * (RTW_CH_INFO_SIZE + RTW_EX_CH_INFO_SIZE);
2190 	u8 *buf;
2191 	int ret;
2192 
2193 	buf = kmalloc(size, GFP_KERNEL);
2194 	if (!buf)
2195 		return -ENOMEM;
2196 
2197 	ret = rtw_hw_scan_update_probe_req(rtwdev, rtwvif);
2198 	if (ret) {
2199 		rtw_err(rtwdev, "Update probe request failed\n");
2200 		goto out;
2201 	}
2202 
2203 	list->buf_size = size;
2204 	list->size = 0;
2205 	list->ch_num = 0;
2206 	ret = rtw_add_chan_list(rtwdev, rtwvif, list, buf);
2207 out:
2208 	kfree(buf);
2209 
2210 	return ret;
2211 }
2212 
2213 int rtw_hw_scan_offload(struct rtw_dev *rtwdev, struct ieee80211_vif *vif,
2214 			bool enable)
2215 {
2216 	struct rtw_vif *rtwvif = vif ? (struct rtw_vif *)vif->drv_priv : NULL;
2217 	struct rtw_hw_scan_info *scan_info = &rtwdev->scan_info;
2218 	struct rtw_ch_switch_option cs_option = {0};
2219 	struct rtw_chan_list chan_list = {0};
2220 	int ret = 0;
2221 
2222 	if (!rtwvif)
2223 		return -EINVAL;
2224 
2225 	cs_option.switch_en = enable;
2226 	cs_option.back_op_en = scan_info->op_chan != 0;
2227 	if (enable) {
2228 		ret = rtw_hw_scan_prehandle(rtwdev, rtwvif, &chan_list);
2229 		if (ret)
2230 			goto out;
2231 	}
2232 	rtw_fw_set_scan_offload(rtwdev, &cs_option, rtwvif, &chan_list);
2233 out:
2234 	if (rtwdev->ap_active) {
2235 		ret = rtw_download_beacon(rtwdev);
2236 		if (ret)
2237 			rtw_err(rtwdev, "HW scan download beacon failed\n");
2238 	}
2239 
2240 	return ret;
2241 }
2242 
2243 void rtw_hw_scan_abort(struct rtw_dev *rtwdev)
2244 {
2245 	struct ieee80211_vif *vif = rtwdev->scan_info.scanning_vif;
2246 
2247 	if (!rtw_fw_feature_check(&rtwdev->fw, FW_FEATURE_SCAN_OFFLOAD))
2248 		return;
2249 
2250 	rtw_hw_scan_offload(rtwdev, vif, false);
2251 	rtw_hw_scan_complete(rtwdev, vif, true);
2252 }
2253 
2254 void rtw_hw_scan_status_report(struct rtw_dev *rtwdev, struct sk_buff *skb)
2255 {
2256 	struct ieee80211_vif *vif = rtwdev->scan_info.scanning_vif;
2257 	struct rtw_c2h_cmd *c2h;
2258 	bool aborted;
2259 	u8 rc;
2260 
2261 	if (!test_bit(RTW_FLAG_SCANNING, rtwdev->flags))
2262 		return;
2263 
2264 	c2h = get_c2h_from_skb(skb);
2265 	rc = GET_SCAN_REPORT_RETURN_CODE(c2h->payload);
2266 	aborted = rc != RTW_SCAN_REPORT_SUCCESS;
2267 	rtw_hw_scan_complete(rtwdev, vif, aborted);
2268 
2269 	if (aborted)
2270 		rtw_dbg(rtwdev, RTW_DBG_HW_SCAN, "HW scan aborted with code: %d\n", rc);
2271 }
2272 
2273 void rtw_store_op_chan(struct rtw_dev *rtwdev, bool backup)
2274 {
2275 	struct rtw_hw_scan_info *scan_info = &rtwdev->scan_info;
2276 	struct rtw_hal *hal = &rtwdev->hal;
2277 	u8 band;
2278 
2279 	if (backup) {
2280 		scan_info->op_chan = hal->current_channel;
2281 		scan_info->op_bw = hal->current_band_width;
2282 		scan_info->op_pri_ch_idx = hal->current_primary_channel_index;
2283 		scan_info->op_pri_ch = hal->primary_channel;
2284 	} else {
2285 		band = scan_info->op_chan > 14 ? RTW_BAND_5G : RTW_BAND_2G;
2286 		rtw_update_channel(rtwdev, scan_info->op_chan,
2287 				   scan_info->op_pri_ch,
2288 				   band, scan_info->op_bw);
2289 	}
2290 }
2291 
2292 void rtw_clear_op_chan(struct rtw_dev *rtwdev)
2293 {
2294 	struct rtw_hw_scan_info *scan_info = &rtwdev->scan_info;
2295 
2296 	scan_info->op_chan = 0;
2297 	scan_info->op_bw = 0;
2298 	scan_info->op_pri_ch_idx = 0;
2299 	scan_info->op_pri_ch = 0;
2300 }
2301 
2302 static bool rtw_is_op_chan(struct rtw_dev *rtwdev, u8 channel)
2303 {
2304 	struct rtw_hw_scan_info *scan_info = &rtwdev->scan_info;
2305 
2306 	return channel == scan_info->op_chan;
2307 }
2308 
2309 void rtw_hw_scan_chan_switch(struct rtw_dev *rtwdev, struct sk_buff *skb)
2310 {
2311 	struct rtw_hal *hal = &rtwdev->hal;
2312 	struct rtw_c2h_cmd *c2h;
2313 	enum rtw_scan_notify_id id;
2314 	u8 chan, band, status;
2315 
2316 	if (!test_bit(RTW_FLAG_SCANNING, rtwdev->flags))
2317 		return;
2318 
2319 	c2h = get_c2h_from_skb(skb);
2320 	chan = GET_CHAN_SWITCH_CENTRAL_CH(c2h->payload);
2321 	id = GET_CHAN_SWITCH_ID(c2h->payload);
2322 	status = GET_CHAN_SWITCH_STATUS(c2h->payload);
2323 
2324 	if (id == RTW_SCAN_NOTIFY_ID_POSTSWITCH) {
2325 		band = chan > 14 ? RTW_BAND_5G : RTW_BAND_2G;
2326 		rtw_update_channel(rtwdev, chan, chan, band,
2327 				   RTW_CHANNEL_WIDTH_20);
2328 		if (rtw_is_op_chan(rtwdev, chan)) {
2329 			rtw_store_op_chan(rtwdev, false);
2330 			ieee80211_wake_queues(rtwdev->hw);
2331 			rtw_core_enable_beacon(rtwdev, true);
2332 		}
2333 	} else if (id == RTW_SCAN_NOTIFY_ID_PRESWITCH) {
2334 		if (IS_CH_5G_BAND(chan)) {
2335 			rtw_coex_switchband_notify(rtwdev, COEX_SWITCH_TO_5G);
2336 		} else if (IS_CH_2G_BAND(chan)) {
2337 			u8 chan_type;
2338 
2339 			if (test_bit(RTW_FLAG_SCANNING, rtwdev->flags))
2340 				chan_type = COEX_SWITCH_TO_24G;
2341 			else
2342 				chan_type = COEX_SWITCH_TO_24G_NOFORSCAN;
2343 			rtw_coex_switchband_notify(rtwdev, chan_type);
2344 		}
2345 		/* The channel of C2H RTW_SCAN_NOTIFY_ID_PRESWITCH is next
2346 		 * channel that hardware will switch. We need to stop queue
2347 		 * if next channel is non-op channel.
2348 		 */
2349 		if (!rtw_is_op_chan(rtwdev, chan) &&
2350 		    rtw_is_op_chan(rtwdev, hal->current_channel)) {
2351 			rtw_core_enable_beacon(rtwdev, false);
2352 			ieee80211_stop_queues(rtwdev->hw);
2353 		}
2354 	}
2355 
2356 	rtw_dbg(rtwdev, RTW_DBG_HW_SCAN,
2357 		"Chan switch: %x, id: %x, status: %x\n", chan, id, status);
2358 }
2359