1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
2 /* Copyright(c) 2019-2020  Realtek Corporation
3  */
4 #include <linux/ip.h>
5 #include <linux/udp.h>
6 
7 #include "cam.h"
8 #include "chan.h"
9 #include "coex.h"
10 #include "core.h"
11 #include "efuse.h"
12 #include "fw.h"
13 #include "mac.h"
14 #include "phy.h"
15 #include "ps.h"
16 #include "reg.h"
17 #include "sar.h"
18 #include "ser.h"
19 #include "txrx.h"
20 #include "util.h"
21 
22 static bool rtw89_disable_ps_mode;
23 module_param_named(disable_ps_mode, rtw89_disable_ps_mode, bool, 0644);
24 MODULE_PARM_DESC(disable_ps_mode, "Set Y to disable low power mode");
25 
26 #define RTW89_DEF_CHAN(_freq, _hw_val, _flags, _band)	\
27 	{ .center_freq = _freq, .hw_value = _hw_val, .flags = _flags, .band = _band, }
28 #define RTW89_DEF_CHAN_2G(_freq, _hw_val)	\
29 	RTW89_DEF_CHAN(_freq, _hw_val, 0, NL80211_BAND_2GHZ)
30 #define RTW89_DEF_CHAN_5G(_freq, _hw_val)	\
31 	RTW89_DEF_CHAN(_freq, _hw_val, 0, NL80211_BAND_5GHZ)
32 #define RTW89_DEF_CHAN_5G_NO_HT40MINUS(_freq, _hw_val)	\
33 	RTW89_DEF_CHAN(_freq, _hw_val, IEEE80211_CHAN_NO_HT40MINUS, NL80211_BAND_5GHZ)
34 #define RTW89_DEF_CHAN_6G(_freq, _hw_val)	\
35 	RTW89_DEF_CHAN(_freq, _hw_val, 0, NL80211_BAND_6GHZ)
36 
37 static struct ieee80211_channel rtw89_channels_2ghz[] = {
38 	RTW89_DEF_CHAN_2G(2412, 1),
39 	RTW89_DEF_CHAN_2G(2417, 2),
40 	RTW89_DEF_CHAN_2G(2422, 3),
41 	RTW89_DEF_CHAN_2G(2427, 4),
42 	RTW89_DEF_CHAN_2G(2432, 5),
43 	RTW89_DEF_CHAN_2G(2437, 6),
44 	RTW89_DEF_CHAN_2G(2442, 7),
45 	RTW89_DEF_CHAN_2G(2447, 8),
46 	RTW89_DEF_CHAN_2G(2452, 9),
47 	RTW89_DEF_CHAN_2G(2457, 10),
48 	RTW89_DEF_CHAN_2G(2462, 11),
49 	RTW89_DEF_CHAN_2G(2467, 12),
50 	RTW89_DEF_CHAN_2G(2472, 13),
51 	RTW89_DEF_CHAN_2G(2484, 14),
52 };
53 
54 static struct ieee80211_channel rtw89_channels_5ghz[] = {
55 	RTW89_DEF_CHAN_5G(5180, 36),
56 	RTW89_DEF_CHAN_5G(5200, 40),
57 	RTW89_DEF_CHAN_5G(5220, 44),
58 	RTW89_DEF_CHAN_5G(5240, 48),
59 	RTW89_DEF_CHAN_5G(5260, 52),
60 	RTW89_DEF_CHAN_5G(5280, 56),
61 	RTW89_DEF_CHAN_5G(5300, 60),
62 	RTW89_DEF_CHAN_5G(5320, 64),
63 	RTW89_DEF_CHAN_5G(5500, 100),
64 	RTW89_DEF_CHAN_5G(5520, 104),
65 	RTW89_DEF_CHAN_5G(5540, 108),
66 	RTW89_DEF_CHAN_5G(5560, 112),
67 	RTW89_DEF_CHAN_5G(5580, 116),
68 	RTW89_DEF_CHAN_5G(5600, 120),
69 	RTW89_DEF_CHAN_5G(5620, 124),
70 	RTW89_DEF_CHAN_5G(5640, 128),
71 	RTW89_DEF_CHAN_5G(5660, 132),
72 	RTW89_DEF_CHAN_5G(5680, 136),
73 	RTW89_DEF_CHAN_5G(5700, 140),
74 	RTW89_DEF_CHAN_5G(5720, 144),
75 	RTW89_DEF_CHAN_5G(5745, 149),
76 	RTW89_DEF_CHAN_5G(5765, 153),
77 	RTW89_DEF_CHAN_5G(5785, 157),
78 	RTW89_DEF_CHAN_5G(5805, 161),
79 	RTW89_DEF_CHAN_5G_NO_HT40MINUS(5825, 165),
80 	RTW89_DEF_CHAN_5G(5845, 169),
81 	RTW89_DEF_CHAN_5G(5865, 173),
82 	RTW89_DEF_CHAN_5G(5885, 177),
83 };
84 
85 static struct ieee80211_channel rtw89_channels_6ghz[] = {
86 	RTW89_DEF_CHAN_6G(5955, 1),
87 	RTW89_DEF_CHAN_6G(5975, 5),
88 	RTW89_DEF_CHAN_6G(5995, 9),
89 	RTW89_DEF_CHAN_6G(6015, 13),
90 	RTW89_DEF_CHAN_6G(6035, 17),
91 	RTW89_DEF_CHAN_6G(6055, 21),
92 	RTW89_DEF_CHAN_6G(6075, 25),
93 	RTW89_DEF_CHAN_6G(6095, 29),
94 	RTW89_DEF_CHAN_6G(6115, 33),
95 	RTW89_DEF_CHAN_6G(6135, 37),
96 	RTW89_DEF_CHAN_6G(6155, 41),
97 	RTW89_DEF_CHAN_6G(6175, 45),
98 	RTW89_DEF_CHAN_6G(6195, 49),
99 	RTW89_DEF_CHAN_6G(6215, 53),
100 	RTW89_DEF_CHAN_6G(6235, 57),
101 	RTW89_DEF_CHAN_6G(6255, 61),
102 	RTW89_DEF_CHAN_6G(6275, 65),
103 	RTW89_DEF_CHAN_6G(6295, 69),
104 	RTW89_DEF_CHAN_6G(6315, 73),
105 	RTW89_DEF_CHAN_6G(6335, 77),
106 	RTW89_DEF_CHAN_6G(6355, 81),
107 	RTW89_DEF_CHAN_6G(6375, 85),
108 	RTW89_DEF_CHAN_6G(6395, 89),
109 	RTW89_DEF_CHAN_6G(6415, 93),
110 	RTW89_DEF_CHAN_6G(6435, 97),
111 	RTW89_DEF_CHAN_6G(6455, 101),
112 	RTW89_DEF_CHAN_6G(6475, 105),
113 	RTW89_DEF_CHAN_6G(6495, 109),
114 	RTW89_DEF_CHAN_6G(6515, 113),
115 	RTW89_DEF_CHAN_6G(6535, 117),
116 	RTW89_DEF_CHAN_6G(6555, 121),
117 	RTW89_DEF_CHAN_6G(6575, 125),
118 	RTW89_DEF_CHAN_6G(6595, 129),
119 	RTW89_DEF_CHAN_6G(6615, 133),
120 	RTW89_DEF_CHAN_6G(6635, 137),
121 	RTW89_DEF_CHAN_6G(6655, 141),
122 	RTW89_DEF_CHAN_6G(6675, 145),
123 	RTW89_DEF_CHAN_6G(6695, 149),
124 	RTW89_DEF_CHAN_6G(6715, 153),
125 	RTW89_DEF_CHAN_6G(6735, 157),
126 	RTW89_DEF_CHAN_6G(6755, 161),
127 	RTW89_DEF_CHAN_6G(6775, 165),
128 	RTW89_DEF_CHAN_6G(6795, 169),
129 	RTW89_DEF_CHAN_6G(6815, 173),
130 	RTW89_DEF_CHAN_6G(6835, 177),
131 	RTW89_DEF_CHAN_6G(6855, 181),
132 	RTW89_DEF_CHAN_6G(6875, 185),
133 	RTW89_DEF_CHAN_6G(6895, 189),
134 	RTW89_DEF_CHAN_6G(6915, 193),
135 	RTW89_DEF_CHAN_6G(6935, 197),
136 	RTW89_DEF_CHAN_6G(6955, 201),
137 	RTW89_DEF_CHAN_6G(6975, 205),
138 	RTW89_DEF_CHAN_6G(6995, 209),
139 	RTW89_DEF_CHAN_6G(7015, 213),
140 	RTW89_DEF_CHAN_6G(7035, 217),
141 	RTW89_DEF_CHAN_6G(7055, 221),
142 	RTW89_DEF_CHAN_6G(7075, 225),
143 	RTW89_DEF_CHAN_6G(7095, 229),
144 	RTW89_DEF_CHAN_6G(7115, 233),
145 };
146 
147 static struct ieee80211_rate rtw89_bitrates[] = {
148 	{ .bitrate = 10,  .hw_value = 0x00, },
149 	{ .bitrate = 20,  .hw_value = 0x01, },
150 	{ .bitrate = 55,  .hw_value = 0x02, },
151 	{ .bitrate = 110, .hw_value = 0x03, },
152 	{ .bitrate = 60,  .hw_value = 0x04, },
153 	{ .bitrate = 90,  .hw_value = 0x05, },
154 	{ .bitrate = 120, .hw_value = 0x06, },
155 	{ .bitrate = 180, .hw_value = 0x07, },
156 	{ .bitrate = 240, .hw_value = 0x08, },
157 	{ .bitrate = 360, .hw_value = 0x09, },
158 	{ .bitrate = 480, .hw_value = 0x0a, },
159 	{ .bitrate = 540, .hw_value = 0x0b, },
160 };
161 
162 static const struct ieee80211_iface_limit rtw89_iface_limits[] = {
163 	{
164 		.max = 1,
165 		.types = BIT(NL80211_IFTYPE_STATION),
166 	},
167 	{
168 		.max = 1,
169 		.types = BIT(NL80211_IFTYPE_P2P_CLIENT) |
170 			 BIT(NL80211_IFTYPE_P2P_GO) |
171 			 BIT(NL80211_IFTYPE_AP),
172 	},
173 };
174 
175 static const struct ieee80211_iface_combination rtw89_iface_combs[] = {
176 	{
177 		.limits = rtw89_iface_limits,
178 		.n_limits = ARRAY_SIZE(rtw89_iface_limits),
179 		.max_interfaces = 2,
180 		.num_different_channels = 1,
181 	}
182 };
183 
184 bool rtw89_ra_report_to_bitrate(struct rtw89_dev *rtwdev, u8 rpt_rate, u16 *bitrate)
185 {
186 	struct ieee80211_rate rate;
187 
188 	if (unlikely(rpt_rate >= ARRAY_SIZE(rtw89_bitrates))) {
189 		rtw89_debug(rtwdev, RTW89_DBG_UNEXP, "invalid rpt rate %d\n", rpt_rate);
190 		return false;
191 	}
192 
193 	rate = rtw89_bitrates[rpt_rate];
194 	*bitrate = rate.bitrate;
195 
196 	return true;
197 }
198 
199 static const struct ieee80211_supported_band rtw89_sband_2ghz = {
200 	.band		= NL80211_BAND_2GHZ,
201 	.channels	= rtw89_channels_2ghz,
202 	.n_channels	= ARRAY_SIZE(rtw89_channels_2ghz),
203 	.bitrates	= rtw89_bitrates,
204 	.n_bitrates	= ARRAY_SIZE(rtw89_bitrates),
205 	.ht_cap		= {0},
206 	.vht_cap	= {0},
207 };
208 
209 static const struct ieee80211_supported_band rtw89_sband_5ghz = {
210 	.band		= NL80211_BAND_5GHZ,
211 	.channels	= rtw89_channels_5ghz,
212 	.n_channels	= ARRAY_SIZE(rtw89_channels_5ghz),
213 
214 	/* 5G has no CCK rates, 1M/2M/5.5M/11M */
215 	.bitrates	= rtw89_bitrates + 4,
216 	.n_bitrates	= ARRAY_SIZE(rtw89_bitrates) - 4,
217 	.ht_cap		= {0},
218 	.vht_cap	= {0},
219 };
220 
221 static const struct ieee80211_supported_band rtw89_sband_6ghz = {
222 	.band		= NL80211_BAND_6GHZ,
223 	.channels	= rtw89_channels_6ghz,
224 	.n_channels	= ARRAY_SIZE(rtw89_channels_6ghz),
225 
226 	/* 6G has no CCK rates, 1M/2M/5.5M/11M */
227 	.bitrates	= rtw89_bitrates + 4,
228 	.n_bitrates	= ARRAY_SIZE(rtw89_bitrates) - 4,
229 };
230 
231 static void rtw89_traffic_stats_accu(struct rtw89_dev *rtwdev,
232 				     struct rtw89_traffic_stats *stats,
233 				     struct sk_buff *skb, bool tx)
234 {
235 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
236 
237 	if (!ieee80211_is_data(hdr->frame_control))
238 		return;
239 
240 	if (is_broadcast_ether_addr(hdr->addr1) ||
241 	    is_multicast_ether_addr(hdr->addr1))
242 		return;
243 
244 	if (tx) {
245 		stats->tx_cnt++;
246 		stats->tx_unicast += skb->len;
247 	} else {
248 		stats->rx_cnt++;
249 		stats->rx_unicast += skb->len;
250 	}
251 }
252 
253 void rtw89_get_default_chandef(struct cfg80211_chan_def *chandef)
254 {
255 	cfg80211_chandef_create(chandef, &rtw89_channels_2ghz[0],
256 				NL80211_CHAN_NO_HT);
257 }
258 
259 static void rtw89_get_channel_params(const struct cfg80211_chan_def *chandef,
260 				     struct rtw89_chan *chan)
261 {
262 	struct ieee80211_channel *channel = chandef->chan;
263 	enum nl80211_chan_width width = chandef->width;
264 	u32 primary_freq, center_freq;
265 	u8 center_chan;
266 	u8 bandwidth = RTW89_CHANNEL_WIDTH_20;
267 	u32 offset;
268 	u8 band;
269 
270 	center_chan = channel->hw_value;
271 	primary_freq = channel->center_freq;
272 	center_freq = chandef->center_freq1;
273 
274 	switch (width) {
275 	case NL80211_CHAN_WIDTH_20_NOHT:
276 	case NL80211_CHAN_WIDTH_20:
277 		bandwidth = RTW89_CHANNEL_WIDTH_20;
278 		break;
279 	case NL80211_CHAN_WIDTH_40:
280 		bandwidth = RTW89_CHANNEL_WIDTH_40;
281 		if (primary_freq > center_freq) {
282 			center_chan -= 2;
283 		} else {
284 			center_chan += 2;
285 		}
286 		break;
287 	case NL80211_CHAN_WIDTH_80:
288 	case NL80211_CHAN_WIDTH_160:
289 		bandwidth = nl_to_rtw89_bandwidth(width);
290 		if (primary_freq > center_freq) {
291 			offset = (primary_freq - center_freq - 10) / 20;
292 			center_chan -= 2 + offset * 4;
293 		} else {
294 			offset = (center_freq - primary_freq - 10) / 20;
295 			center_chan += 2 + offset * 4;
296 		}
297 		break;
298 	default:
299 		center_chan = 0;
300 		break;
301 	}
302 
303 	switch (channel->band) {
304 	default:
305 	case NL80211_BAND_2GHZ:
306 		band = RTW89_BAND_2G;
307 		break;
308 	case NL80211_BAND_5GHZ:
309 		band = RTW89_BAND_5G;
310 		break;
311 	case NL80211_BAND_6GHZ:
312 		band = RTW89_BAND_6G;
313 		break;
314 	}
315 
316 	rtw89_chan_create(chan, center_chan, channel->hw_value, band, bandwidth);
317 }
318 
319 void rtw89_core_set_chip_txpwr(struct rtw89_dev *rtwdev)
320 {
321 	const struct rtw89_chip_info *chip = rtwdev->chip;
322 	const struct rtw89_chan *chan;
323 	enum rtw89_sub_entity_idx sub_entity_idx;
324 	enum rtw89_phy_idx phy_idx;
325 	enum rtw89_entity_mode mode;
326 	bool entity_active;
327 
328 	entity_active = rtw89_get_entity_state(rtwdev);
329 	if (!entity_active)
330 		return;
331 
332 	mode = rtw89_get_entity_mode(rtwdev);
333 	if (WARN(mode != RTW89_ENTITY_MODE_SCC, "Invalid ent mode: %d\n", mode))
334 		return;
335 
336 	sub_entity_idx = RTW89_SUB_ENTITY_0;
337 	phy_idx = RTW89_PHY_0;
338 	chan = rtw89_chan_get(rtwdev, sub_entity_idx);
339 	chip->ops->set_txpwr(rtwdev, chan, phy_idx);
340 }
341 
342 void rtw89_set_channel(struct rtw89_dev *rtwdev)
343 {
344 	const struct rtw89_chip_info *chip = rtwdev->chip;
345 	const struct cfg80211_chan_def *chandef;
346 	enum rtw89_sub_entity_idx sub_entity_idx;
347 	enum rtw89_mac_idx mac_idx;
348 	enum rtw89_phy_idx phy_idx;
349 	struct rtw89_chan chan;
350 	struct rtw89_channel_help_params bak;
351 	enum rtw89_entity_mode mode;
352 	bool band_changed;
353 	bool entity_active;
354 
355 	entity_active = rtw89_get_entity_state(rtwdev);
356 
357 	mode = rtw89_entity_recalc(rtwdev);
358 	if (WARN(mode != RTW89_ENTITY_MODE_SCC, "Invalid ent mode: %d\n", mode))
359 		return;
360 
361 	sub_entity_idx = RTW89_SUB_ENTITY_0;
362 	mac_idx = RTW89_MAC_0;
363 	phy_idx = RTW89_PHY_0;
364 	chandef = rtw89_chandef_get(rtwdev, sub_entity_idx);
365 	rtw89_get_channel_params(chandef, &chan);
366 	if (WARN(chan.channel == 0, "Invalid channel\n"))
367 		return;
368 
369 	band_changed = rtw89_assign_entity_chan(rtwdev, sub_entity_idx, &chan);
370 
371 	rtw89_chip_set_channel_prepare(rtwdev, &bak, &chan, mac_idx, phy_idx);
372 
373 	chip->ops->set_channel(rtwdev, &chan, mac_idx, phy_idx);
374 
375 	chip->ops->set_txpwr(rtwdev, &chan, phy_idx);
376 
377 	rtw89_chip_set_channel_done(rtwdev, &bak, &chan, mac_idx, phy_idx);
378 
379 	if (!entity_active || band_changed) {
380 		rtw89_btc_ntfy_switch_band(rtwdev, phy_idx, chan.band_type);
381 		rtw89_chip_rfk_band_changed(rtwdev, phy_idx);
382 	}
383 
384 	rtw89_set_entity_state(rtwdev, true);
385 }
386 
387 void rtw89_get_channel(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif,
388 		       struct rtw89_chan *chan)
389 {
390 	const struct cfg80211_chan_def *chandef;
391 
392 	chandef = rtw89_chandef_get(rtwdev, rtwvif->sub_entity_idx);
393 	rtw89_get_channel_params(chandef, chan);
394 }
395 
396 static enum rtw89_core_tx_type
397 rtw89_core_get_tx_type(struct rtw89_dev *rtwdev,
398 		       struct sk_buff *skb)
399 {
400 	struct ieee80211_hdr *hdr = (void *)skb->data;
401 	__le16 fc = hdr->frame_control;
402 
403 	if (ieee80211_is_mgmt(fc) || ieee80211_is_nullfunc(fc))
404 		return RTW89_CORE_TX_TYPE_MGMT;
405 
406 	return RTW89_CORE_TX_TYPE_DATA;
407 }
408 
409 static void
410 rtw89_core_tx_update_ampdu_info(struct rtw89_dev *rtwdev,
411 				struct rtw89_core_tx_request *tx_req,
412 				enum btc_pkt_type pkt_type)
413 {
414 	struct ieee80211_sta *sta = tx_req->sta;
415 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
416 	struct sk_buff *skb = tx_req->skb;
417 	struct rtw89_sta *rtwsta;
418 	u8 ampdu_num;
419 	u8 tid;
420 
421 	if (pkt_type == PACKET_EAPOL) {
422 		desc_info->bk = true;
423 		return;
424 	}
425 
426 	if (!(IEEE80211_SKB_CB(skb)->flags & IEEE80211_TX_CTL_AMPDU))
427 		return;
428 
429 	if (!sta) {
430 		rtw89_warn(rtwdev, "cannot set ampdu info without sta\n");
431 		return;
432 	}
433 
434 	tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
435 	rtwsta = (struct rtw89_sta *)sta->drv_priv;
436 
437 	ampdu_num = (u8)((rtwsta->ampdu_params[tid].agg_num ?
438 			  rtwsta->ampdu_params[tid].agg_num :
439 			  4 << sta->deflink.ht_cap.ampdu_factor) - 1);
440 
441 	desc_info->agg_en = true;
442 	desc_info->ampdu_density = sta->deflink.ht_cap.ampdu_density;
443 	desc_info->ampdu_num = ampdu_num;
444 }
445 
446 static void
447 rtw89_core_tx_update_sec_key(struct rtw89_dev *rtwdev,
448 			     struct rtw89_core_tx_request *tx_req)
449 {
450 	const struct rtw89_chip_info *chip = rtwdev->chip;
451 	struct ieee80211_vif *vif = tx_req->vif;
452 	struct ieee80211_sta *sta = tx_req->sta;
453 	struct ieee80211_tx_info *info;
454 	struct ieee80211_key_conf *key;
455 	struct rtw89_vif *rtwvif;
456 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
457 	struct rtw89_addr_cam_entry *addr_cam;
458 	struct rtw89_sec_cam_entry *sec_cam;
459 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
460 	struct sk_buff *skb = tx_req->skb;
461 	u8 sec_type = RTW89_SEC_KEY_TYPE_NONE;
462 	u64 pn64;
463 
464 	if (!vif) {
465 		rtw89_warn(rtwdev, "cannot set sec key without vif\n");
466 		return;
467 	}
468 
469 	rtwvif = (struct rtw89_vif *)vif->drv_priv;
470 	addr_cam = rtw89_get_addr_cam_of(rtwvif, rtwsta);
471 
472 	info = IEEE80211_SKB_CB(skb);
473 	key = info->control.hw_key;
474 	sec_cam = addr_cam->sec_entries[key->hw_key_idx];
475 	if (!sec_cam) {
476 		rtw89_warn(rtwdev, "sec cam entry is empty\n");
477 		return;
478 	}
479 
480 	switch (key->cipher) {
481 	case WLAN_CIPHER_SUITE_WEP40:
482 		sec_type = RTW89_SEC_KEY_TYPE_WEP40;
483 		break;
484 	case WLAN_CIPHER_SUITE_WEP104:
485 		sec_type = RTW89_SEC_KEY_TYPE_WEP104;
486 		break;
487 	case WLAN_CIPHER_SUITE_TKIP:
488 		sec_type = RTW89_SEC_KEY_TYPE_TKIP;
489 		break;
490 	case WLAN_CIPHER_SUITE_CCMP:
491 		sec_type = RTW89_SEC_KEY_TYPE_CCMP128;
492 		break;
493 	case WLAN_CIPHER_SUITE_CCMP_256:
494 		sec_type = RTW89_SEC_KEY_TYPE_CCMP256;
495 		break;
496 	case WLAN_CIPHER_SUITE_GCMP:
497 		sec_type = RTW89_SEC_KEY_TYPE_GCMP128;
498 		break;
499 	case WLAN_CIPHER_SUITE_GCMP_256:
500 		sec_type = RTW89_SEC_KEY_TYPE_GCMP256;
501 		break;
502 	default:
503 		rtw89_warn(rtwdev, "key cipher not supported %d\n", key->cipher);
504 		return;
505 	}
506 
507 	desc_info->sec_en = true;
508 	desc_info->sec_keyid = key->keyidx;
509 	desc_info->sec_type = sec_type;
510 	desc_info->sec_cam_idx = sec_cam->sec_cam_idx;
511 
512 	if (!chip->hw_sec_hdr)
513 		return;
514 
515 	pn64 = atomic64_inc_return(&key->tx_pn);
516 	desc_info->sec_seq[0] = pn64;
517 	desc_info->sec_seq[1] = pn64 >> 8;
518 	desc_info->sec_seq[2] = pn64 >> 16;
519 	desc_info->sec_seq[3] = pn64 >> 24;
520 	desc_info->sec_seq[4] = pn64 >> 32;
521 	desc_info->sec_seq[5] = pn64 >> 40;
522 	desc_info->wp_offset = 1; /* in unit of 8 bytes for security header */
523 }
524 
525 static u16 rtw89_core_get_mgmt_rate(struct rtw89_dev *rtwdev,
526 				    struct rtw89_core_tx_request *tx_req)
527 {
528 	struct sk_buff *skb = tx_req->skb;
529 	struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb);
530 	struct ieee80211_vif *vif = tx_info->control.vif;
531 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev, RTW89_SUB_ENTITY_0);
532 	u16 lowest_rate;
533 
534 	if (tx_info->flags & IEEE80211_TX_CTL_NO_CCK_RATE ||
535 	    (vif && vif->p2p))
536 		lowest_rate = RTW89_HW_RATE_OFDM6;
537 	else if (chan->band_type == RTW89_BAND_2G)
538 		lowest_rate = RTW89_HW_RATE_CCK1;
539 	else
540 		lowest_rate = RTW89_HW_RATE_OFDM6;
541 
542 	if (!vif || !vif->bss_conf.basic_rates || !tx_req->sta)
543 		return lowest_rate;
544 
545 	return __ffs(vif->bss_conf.basic_rates) + lowest_rate;
546 }
547 
548 static u8 rtw89_core_tx_get_mac_id(struct rtw89_dev *rtwdev,
549 				   struct rtw89_core_tx_request *tx_req)
550 {
551 	struct ieee80211_vif *vif = tx_req->vif;
552 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
553 	struct ieee80211_sta *sta = tx_req->sta;
554 	struct rtw89_sta *rtwsta;
555 
556 	if (!sta)
557 		return rtwvif->mac_id;
558 
559 	rtwsta = (struct rtw89_sta *)sta->drv_priv;
560 	return rtwsta->mac_id;
561 }
562 
563 static void
564 rtw89_core_tx_update_mgmt_info(struct rtw89_dev *rtwdev,
565 			       struct rtw89_core_tx_request *tx_req)
566 {
567 	struct ieee80211_vif *vif = tx_req->vif;
568 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
569 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
570 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev, RTW89_SUB_ENTITY_0);
571 	u8 qsel, ch_dma;
572 
573 	qsel = desc_info->hiq ? RTW89_TX_QSEL_B0_HI : RTW89_TX_QSEL_B0_MGMT;
574 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
575 
576 	desc_info->qsel = qsel;
577 	desc_info->ch_dma = ch_dma;
578 	desc_info->port = desc_info->hiq ? rtwvif->port : 0;
579 	desc_info->mac_id = rtw89_core_tx_get_mac_id(rtwdev, tx_req);
580 	desc_info->hw_ssn_sel = RTW89_MGMT_HW_SSN_SEL;
581 	desc_info->hw_seq_mode = RTW89_MGMT_HW_SEQ_MODE;
582 
583 	/* fixed data rate for mgmt frames */
584 	desc_info->en_wd_info = true;
585 	desc_info->use_rate = true;
586 	desc_info->dis_data_fb = true;
587 	desc_info->data_rate = rtw89_core_get_mgmt_rate(rtwdev, tx_req);
588 
589 	rtw89_debug(rtwdev, RTW89_DBG_TXRX,
590 		    "tx mgmt frame with rate 0x%x on channel %d (band %d, bw %d)\n",
591 		    desc_info->data_rate, chan->channel, chan->band_type,
592 		    chan->band_width);
593 }
594 
595 static void
596 rtw89_core_tx_update_h2c_info(struct rtw89_dev *rtwdev,
597 			      struct rtw89_core_tx_request *tx_req)
598 {
599 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
600 
601 	desc_info->is_bmc = false;
602 	desc_info->wd_page = false;
603 	desc_info->ch_dma = RTW89_DMA_H2C;
604 }
605 
606 static void rtw89_core_get_no_ul_ofdma_htc(struct rtw89_dev *rtwdev, __le32 *htc)
607 {
608 	static const u8 rtw89_bandwidth_to_om[] = {
609 		[RTW89_CHANNEL_WIDTH_20] = HTC_OM_CHANNEL_WIDTH_20,
610 		[RTW89_CHANNEL_WIDTH_40] = HTC_OM_CHANNEL_WIDTH_40,
611 		[RTW89_CHANNEL_WIDTH_80] = HTC_OM_CHANNEL_WIDTH_80,
612 		[RTW89_CHANNEL_WIDTH_160] = HTC_OM_CHANNEL_WIDTH_160_OR_80_80,
613 		[RTW89_CHANNEL_WIDTH_80_80] = HTC_OM_CHANNEL_WIDTH_160_OR_80_80,
614 	};
615 	const struct rtw89_chip_info *chip = rtwdev->chip;
616 	struct rtw89_hal *hal = &rtwdev->hal;
617 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev, RTW89_SUB_ENTITY_0);
618 	u8 om_bandwidth;
619 
620 	if (!chip->dis_2g_40m_ul_ofdma ||
621 	    chan->band_type != RTW89_BAND_2G ||
622 	    chan->band_width != RTW89_CHANNEL_WIDTH_40)
623 		return;
624 
625 	om_bandwidth = chan->band_width < ARRAY_SIZE(rtw89_bandwidth_to_om) ?
626 		       rtw89_bandwidth_to_om[chan->band_width] : 0;
627 	*htc = le32_encode_bits(RTW89_HTC_VARIANT_HE, RTW89_HTC_MASK_VARIANT) |
628 	       le32_encode_bits(RTW89_HTC_VARIANT_HE_CID_OM, RTW89_HTC_MASK_CTL_ID) |
629 	       le32_encode_bits(hal->rx_nss - 1, RTW89_HTC_MASK_HTC_OM_RX_NSS) |
630 	       le32_encode_bits(om_bandwidth, RTW89_HTC_MASK_HTC_OM_CH_WIDTH) |
631 	       le32_encode_bits(1, RTW89_HTC_MASK_HTC_OM_UL_MU_DIS) |
632 	       le32_encode_bits(hal->tx_nss - 1, RTW89_HTC_MASK_HTC_OM_TX_NSTS) |
633 	       le32_encode_bits(0, RTW89_HTC_MASK_HTC_OM_ER_SU_DIS) |
634 	       le32_encode_bits(0, RTW89_HTC_MASK_HTC_OM_DL_MU_MIMO_RR) |
635 	       le32_encode_bits(0, RTW89_HTC_MASK_HTC_OM_UL_MU_DATA_DIS);
636 }
637 
638 static bool
639 __rtw89_core_tx_check_he_qos_htc(struct rtw89_dev *rtwdev,
640 				 struct rtw89_core_tx_request *tx_req,
641 				 enum btc_pkt_type pkt_type)
642 {
643 	struct ieee80211_sta *sta = tx_req->sta;
644 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
645 	struct sk_buff *skb = tx_req->skb;
646 	struct ieee80211_hdr *hdr = (void *)skb->data;
647 	__le16 fc = hdr->frame_control;
648 
649 	/* AP IOT issue with EAPoL, ARP and DHCP */
650 	if (pkt_type < PACKET_MAX)
651 		return false;
652 
653 	if (!sta || !sta->deflink.he_cap.has_he)
654 		return false;
655 
656 	if (!ieee80211_is_data_qos(fc))
657 		return false;
658 
659 	if (skb_headroom(skb) < IEEE80211_HT_CTL_LEN)
660 		return false;
661 
662 	if (rtwsta && rtwsta->ra_report.might_fallback_legacy)
663 		return false;
664 
665 	return true;
666 }
667 
668 static void
669 __rtw89_core_tx_adjust_he_qos_htc(struct rtw89_dev *rtwdev,
670 				  struct rtw89_core_tx_request *tx_req)
671 {
672 	struct ieee80211_sta *sta = tx_req->sta;
673 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
674 	struct sk_buff *skb = tx_req->skb;
675 	struct ieee80211_hdr *hdr = (void *)skb->data;
676 	__le16 fc = hdr->frame_control;
677 	void *data;
678 	__le32 *htc;
679 	u8 *qc;
680 	int hdr_len;
681 
682 	hdr_len = ieee80211_has_a4(fc) ? 32 : 26;
683 	data = skb_push(skb, IEEE80211_HT_CTL_LEN);
684 	memmove(data, data + IEEE80211_HT_CTL_LEN, hdr_len);
685 
686 	hdr = data;
687 	htc = data + hdr_len;
688 	hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_ORDER);
689 	*htc = rtwsta->htc_template ? rtwsta->htc_template :
690 	       le32_encode_bits(RTW89_HTC_VARIANT_HE, RTW89_HTC_MASK_VARIANT) |
691 	       le32_encode_bits(RTW89_HTC_VARIANT_HE_CID_CAS, RTW89_HTC_MASK_CTL_ID);
692 
693 	qc = data + hdr_len - IEEE80211_QOS_CTL_LEN;
694 	qc[0] |= IEEE80211_QOS_CTL_EOSP;
695 }
696 
697 static void
698 rtw89_core_tx_update_he_qos_htc(struct rtw89_dev *rtwdev,
699 				struct rtw89_core_tx_request *tx_req,
700 				enum btc_pkt_type pkt_type)
701 {
702 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
703 	struct ieee80211_vif *vif = tx_req->vif;
704 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
705 
706 	if (!__rtw89_core_tx_check_he_qos_htc(rtwdev, tx_req, pkt_type))
707 		goto desc_bk;
708 
709 	__rtw89_core_tx_adjust_he_qos_htc(rtwdev, tx_req);
710 
711 	desc_info->pkt_size += IEEE80211_HT_CTL_LEN;
712 	desc_info->a_ctrl_bsr = true;
713 
714 desc_bk:
715 	if (!rtwvif || rtwvif->last_a_ctrl == desc_info->a_ctrl_bsr)
716 		return;
717 
718 	rtwvif->last_a_ctrl = desc_info->a_ctrl_bsr;
719 	desc_info->bk = true;
720 }
721 
722 static u16 rtw89_core_get_data_rate(struct rtw89_dev *rtwdev,
723 				    struct rtw89_core_tx_request *tx_req)
724 {
725 	struct ieee80211_vif *vif = tx_req->vif;
726 	struct ieee80211_sta *sta = tx_req->sta;
727 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
728 	struct rtw89_phy_rate_pattern *rate_pattern = &rtwvif->rate_pattern;
729 	enum rtw89_sub_entity_idx idx = rtwvif->sub_entity_idx;
730 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev, idx);
731 	u16 lowest_rate;
732 
733 	if (rate_pattern->enable)
734 		return rate_pattern->rate;
735 
736 	if (vif->p2p)
737 		lowest_rate = RTW89_HW_RATE_OFDM6;
738 	else if (chan->band_type == RTW89_BAND_2G)
739 		lowest_rate = RTW89_HW_RATE_CCK1;
740 	else
741 		lowest_rate = RTW89_HW_RATE_OFDM6;
742 
743 	if (!sta || !sta->deflink.supp_rates[chan->band_type])
744 		return lowest_rate;
745 
746 	return __ffs(sta->deflink.supp_rates[chan->band_type]) + lowest_rate;
747 }
748 
749 static void
750 rtw89_core_tx_update_data_info(struct rtw89_dev *rtwdev,
751 			       struct rtw89_core_tx_request *tx_req)
752 {
753 	struct ieee80211_vif *vif = tx_req->vif;
754 	struct ieee80211_sta *sta = tx_req->sta;
755 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
756 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
757 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
758 	struct sk_buff *skb = tx_req->skb;
759 	u8 tid, tid_indicate;
760 	u8 qsel, ch_dma;
761 
762 	tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
763 	tid_indicate = rtw89_core_get_tid_indicate(rtwdev, tid);
764 	qsel = desc_info->hiq ? RTW89_TX_QSEL_B0_HI : rtw89_core_get_qsel(rtwdev, tid);
765 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
766 
767 	desc_info->ch_dma = ch_dma;
768 	desc_info->tid_indicate = tid_indicate;
769 	desc_info->qsel = qsel;
770 	desc_info->mac_id = rtw89_core_tx_get_mac_id(rtwdev, tx_req);
771 	desc_info->port = desc_info->hiq ? rtwvif->port : 0;
772 	desc_info->er_cap = rtwsta ? rtwsta->er_cap : false;
773 
774 	/* enable wd_info for AMPDU */
775 	desc_info->en_wd_info = true;
776 
777 	if (IEEE80211_SKB_CB(skb)->control.hw_key)
778 		rtw89_core_tx_update_sec_key(rtwdev, tx_req);
779 
780 	desc_info->data_retry_lowest_rate = rtw89_core_get_data_rate(rtwdev, tx_req);
781 }
782 
783 static enum btc_pkt_type
784 rtw89_core_tx_btc_spec_pkt_notify(struct rtw89_dev *rtwdev,
785 				  struct rtw89_core_tx_request *tx_req)
786 {
787 	struct sk_buff *skb = tx_req->skb;
788 	struct udphdr *udphdr;
789 
790 	if (IEEE80211_SKB_CB(skb)->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO) {
791 		ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.eapol_notify_work);
792 		return PACKET_EAPOL;
793 	}
794 
795 	if (skb->protocol == htons(ETH_P_ARP)) {
796 		ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.arp_notify_work);
797 		return PACKET_ARP;
798 	}
799 
800 	if (skb->protocol == htons(ETH_P_IP) &&
801 	    ip_hdr(skb)->protocol == IPPROTO_UDP) {
802 		udphdr = udp_hdr(skb);
803 		if (((udphdr->source == htons(67) && udphdr->dest == htons(68)) ||
804 		     (udphdr->source == htons(68) && udphdr->dest == htons(67))) &&
805 		    skb->len > 282) {
806 			ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.dhcp_notify_work);
807 			return PACKET_DHCP;
808 		}
809 	}
810 
811 	if (skb->protocol == htons(ETH_P_IP) &&
812 	    ip_hdr(skb)->protocol == IPPROTO_ICMP) {
813 		ieee80211_queue_work(rtwdev->hw, &rtwdev->btc.icmp_notify_work);
814 		return PACKET_ICMP;
815 	}
816 
817 	return PACKET_MAX;
818 }
819 
820 static void rtw89_core_tx_update_llc_hdr(struct rtw89_dev *rtwdev,
821 					 struct rtw89_tx_desc_info *desc_info,
822 					 struct sk_buff *skb)
823 {
824 	struct ieee80211_hdr *hdr = (void *)skb->data;
825 	__le16 fc = hdr->frame_control;
826 
827 	desc_info->hdr_llc_len = ieee80211_hdrlen(fc);
828 	desc_info->hdr_llc_len >>= 1; /* in unit of 2 bytes */
829 }
830 
831 static void
832 rtw89_core_tx_wake(struct rtw89_dev *rtwdev,
833 		   struct rtw89_core_tx_request *tx_req)
834 {
835 	const struct rtw89_chip_info *chip = rtwdev->chip;
836 
837 	if (!RTW89_CHK_FW_FEATURE(TX_WAKE, &rtwdev->fw))
838 		return;
839 
840 	if (!test_bit(RTW89_FLAG_LOW_POWER_MODE, rtwdev->flags))
841 		return;
842 
843 	if (chip->chip_id != RTL8852C &&
844 	    tx_req->tx_type != RTW89_CORE_TX_TYPE_MGMT)
845 		return;
846 
847 	rtw89_mac_notify_wake(rtwdev);
848 }
849 
850 static void
851 rtw89_core_tx_update_desc_info(struct rtw89_dev *rtwdev,
852 			       struct rtw89_core_tx_request *tx_req)
853 {
854 	struct rtw89_tx_desc_info *desc_info = &tx_req->desc_info;
855 	struct sk_buff *skb = tx_req->skb;
856 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
857 	struct ieee80211_hdr *hdr = (void *)skb->data;
858 	enum rtw89_core_tx_type tx_type;
859 	enum btc_pkt_type pkt_type;
860 	bool is_bmc;
861 	u16 seq;
862 
863 	seq = (le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ) >> 4;
864 	if (tx_req->tx_type != RTW89_CORE_TX_TYPE_FWCMD) {
865 		tx_type = rtw89_core_get_tx_type(rtwdev, skb);
866 		tx_req->tx_type = tx_type;
867 	}
868 	is_bmc = (is_broadcast_ether_addr(hdr->addr1) ||
869 		  is_multicast_ether_addr(hdr->addr1));
870 
871 	desc_info->seq = seq;
872 	desc_info->pkt_size = skb->len;
873 	desc_info->is_bmc = is_bmc;
874 	desc_info->wd_page = true;
875 	desc_info->hiq = info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM;
876 
877 	switch (tx_req->tx_type) {
878 	case RTW89_CORE_TX_TYPE_MGMT:
879 		rtw89_core_tx_update_mgmt_info(rtwdev, tx_req);
880 		break;
881 	case RTW89_CORE_TX_TYPE_DATA:
882 		rtw89_core_tx_update_data_info(rtwdev, tx_req);
883 		pkt_type = rtw89_core_tx_btc_spec_pkt_notify(rtwdev, tx_req);
884 		rtw89_core_tx_update_he_qos_htc(rtwdev, tx_req, pkt_type);
885 		rtw89_core_tx_update_ampdu_info(rtwdev, tx_req, pkt_type);
886 		rtw89_core_tx_update_llc_hdr(rtwdev, desc_info, skb);
887 		break;
888 	case RTW89_CORE_TX_TYPE_FWCMD:
889 		rtw89_core_tx_update_h2c_info(rtwdev, tx_req);
890 		break;
891 	}
892 }
893 
894 void rtw89_core_tx_kick_off(struct rtw89_dev *rtwdev, u8 qsel)
895 {
896 	u8 ch_dma;
897 
898 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
899 
900 	rtw89_hci_tx_kick_off(rtwdev, ch_dma);
901 }
902 
903 int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *skb,
904 				    int qsel, unsigned int timeout)
905 {
906 	struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb);
907 	struct rtw89_tx_wait_info *wait;
908 	unsigned long time_left;
909 	int ret = 0;
910 
911 	wait = kzalloc(sizeof(*wait), GFP_KERNEL);
912 	if (!wait) {
913 		rtw89_core_tx_kick_off(rtwdev, qsel);
914 		return 0;
915 	}
916 
917 	init_completion(&wait->completion);
918 	rcu_assign_pointer(skb_data->wait, wait);
919 
920 	rtw89_core_tx_kick_off(rtwdev, qsel);
921 	time_left = wait_for_completion_timeout(&wait->completion,
922 						msecs_to_jiffies(timeout));
923 	if (time_left == 0)
924 		ret = -ETIMEDOUT;
925 	else if (!wait->tx_done)
926 		ret = -EAGAIN;
927 
928 	rcu_assign_pointer(skb_data->wait, NULL);
929 	kfree_rcu(wait, rcu_head);
930 
931 	return ret;
932 }
933 
934 int rtw89_h2c_tx(struct rtw89_dev *rtwdev,
935 		 struct sk_buff *skb, bool fwdl)
936 {
937 	struct rtw89_core_tx_request tx_req = {0};
938 	u32 cnt;
939 	int ret;
940 
941 	if (!test_bit(RTW89_FLAG_POWERON, rtwdev->flags)) {
942 		rtw89_debug(rtwdev, RTW89_DBG_FW,
943 			    "ignore h2c due to power is off with firmware state=%d\n",
944 			    test_bit(RTW89_FLAG_FW_RDY, rtwdev->flags));
945 		dev_kfree_skb(skb);
946 		return 0;
947 	}
948 
949 	tx_req.skb = skb;
950 	tx_req.tx_type = RTW89_CORE_TX_TYPE_FWCMD;
951 	if (fwdl)
952 		tx_req.desc_info.fw_dl = true;
953 
954 	rtw89_core_tx_update_desc_info(rtwdev, &tx_req);
955 
956 	if (!fwdl)
957 		rtw89_hex_dump(rtwdev, RTW89_DBG_FW, "H2C: ", skb->data, skb->len);
958 
959 	cnt = rtw89_hci_check_and_reclaim_tx_resource(rtwdev, RTW89_TXCH_CH12);
960 	if (cnt == 0) {
961 		rtw89_err(rtwdev, "no tx fwcmd resource\n");
962 		return -ENOSPC;
963 	}
964 
965 	ret = rtw89_hci_tx_write(rtwdev, &tx_req);
966 	if (ret) {
967 		rtw89_err(rtwdev, "failed to transmit skb to HCI\n");
968 		return ret;
969 	}
970 	rtw89_hci_tx_kick_off(rtwdev, RTW89_TXCH_CH12);
971 
972 	return 0;
973 }
974 
975 int rtw89_core_tx_write(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif,
976 			struct ieee80211_sta *sta, struct sk_buff *skb, int *qsel)
977 {
978 	struct rtw89_core_tx_request tx_req = {0};
979 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
980 	int ret;
981 
982 	tx_req.skb = skb;
983 	tx_req.sta = sta;
984 	tx_req.vif = vif;
985 
986 	rtw89_traffic_stats_accu(rtwdev, &rtwdev->stats, skb, true);
987 	rtw89_traffic_stats_accu(rtwdev, &rtwvif->stats, skb, true);
988 	rtw89_core_tx_update_desc_info(rtwdev, &tx_req);
989 	rtw89_core_tx_wake(rtwdev, &tx_req);
990 
991 	ret = rtw89_hci_tx_write(rtwdev, &tx_req);
992 	if (ret) {
993 		rtw89_err(rtwdev, "failed to transmit skb to HCI\n");
994 		return ret;
995 	}
996 
997 	if (qsel)
998 		*qsel = tx_req.desc_info.qsel;
999 
1000 	return 0;
1001 }
1002 
1003 static __le32 rtw89_build_txwd_body0(struct rtw89_tx_desc_info *desc_info)
1004 {
1005 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY0_WP_OFFSET, desc_info->wp_offset) |
1006 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_INFO_EN, desc_info->en_wd_info) |
1007 		    FIELD_PREP(RTW89_TXWD_BODY0_CHANNEL_DMA, desc_info->ch_dma) |
1008 		    FIELD_PREP(RTW89_TXWD_BODY0_HDR_LLC_LEN, desc_info->hdr_llc_len) |
1009 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_PAGE, desc_info->wd_page) |
1010 		    FIELD_PREP(RTW89_TXWD_BODY0_FW_DL, desc_info->fw_dl) |
1011 		    FIELD_PREP(RTW89_TXWD_BODY0_HW_SSN_SEL, desc_info->hw_ssn_sel) |
1012 		    FIELD_PREP(RTW89_TXWD_BODY0_HW_SSN_MODE, desc_info->hw_seq_mode);
1013 
1014 	return cpu_to_le32(dword);
1015 }
1016 
1017 static __le32 rtw89_build_txwd_body0_v1(struct rtw89_tx_desc_info *desc_info)
1018 {
1019 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY0_WP_OFFSET_V1, desc_info->wp_offset) |
1020 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_INFO_EN, desc_info->en_wd_info) |
1021 		    FIELD_PREP(RTW89_TXWD_BODY0_CHANNEL_DMA, desc_info->ch_dma) |
1022 		    FIELD_PREP(RTW89_TXWD_BODY0_HDR_LLC_LEN, desc_info->hdr_llc_len) |
1023 		    FIELD_PREP(RTW89_TXWD_BODY0_WD_PAGE, desc_info->wd_page) |
1024 		    FIELD_PREP(RTW89_TXWD_BODY0_FW_DL, desc_info->fw_dl);
1025 
1026 	return cpu_to_le32(dword);
1027 }
1028 
1029 static __le32 rtw89_build_txwd_body1_v1(struct rtw89_tx_desc_info *desc_info)
1030 {
1031 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY1_ADDR_INFO_NUM, desc_info->addr_info_nr) |
1032 		    FIELD_PREP(RTW89_TXWD_BODY1_SEC_KEYID, desc_info->sec_keyid) |
1033 		    FIELD_PREP(RTW89_TXWD_BODY1_SEC_TYPE, desc_info->sec_type);
1034 
1035 	return cpu_to_le32(dword);
1036 }
1037 
1038 static __le32 rtw89_build_txwd_body2(struct rtw89_tx_desc_info *desc_info)
1039 {
1040 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY2_TID_INDICATE, desc_info->tid_indicate) |
1041 		    FIELD_PREP(RTW89_TXWD_BODY2_QSEL, desc_info->qsel) |
1042 		    FIELD_PREP(RTW89_TXWD_BODY2_TXPKT_SIZE, desc_info->pkt_size) |
1043 		    FIELD_PREP(RTW89_TXWD_BODY2_MACID, desc_info->mac_id);
1044 
1045 	return cpu_to_le32(dword);
1046 }
1047 
1048 static __le32 rtw89_build_txwd_body3(struct rtw89_tx_desc_info *desc_info)
1049 {
1050 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY3_SW_SEQ, desc_info->seq) |
1051 		    FIELD_PREP(RTW89_TXWD_BODY3_AGG_EN, desc_info->agg_en) |
1052 		    FIELD_PREP(RTW89_TXWD_BODY3_BK, desc_info->bk);
1053 
1054 	return cpu_to_le32(dword);
1055 }
1056 
1057 static __le32 rtw89_build_txwd_body4(struct rtw89_tx_desc_info *desc_info)
1058 {
1059 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY4_SEC_IV_L0, desc_info->sec_seq[0]) |
1060 		    FIELD_PREP(RTW89_TXWD_BODY4_SEC_IV_L1, desc_info->sec_seq[1]);
1061 
1062 	return cpu_to_le32(dword);
1063 }
1064 
1065 static __le32 rtw89_build_txwd_body5(struct rtw89_tx_desc_info *desc_info)
1066 {
1067 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H2, desc_info->sec_seq[2]) |
1068 		    FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H3, desc_info->sec_seq[3]) |
1069 		    FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H4, desc_info->sec_seq[4]) |
1070 		    FIELD_PREP(RTW89_TXWD_BODY5_SEC_IV_H5, desc_info->sec_seq[5]);
1071 
1072 	return cpu_to_le32(dword);
1073 }
1074 
1075 static __le32 rtw89_build_txwd_body7_v1(struct rtw89_tx_desc_info *desc_info)
1076 {
1077 	u32 dword = FIELD_PREP(RTW89_TXWD_BODY7_USE_RATE_V1, desc_info->use_rate) |
1078 		    FIELD_PREP(RTW89_TXWD_BODY7_DATA_RATE, desc_info->data_rate);
1079 
1080 	return cpu_to_le32(dword);
1081 }
1082 
1083 static __le32 rtw89_build_txwd_info0(struct rtw89_tx_desc_info *desc_info)
1084 {
1085 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO0_USE_RATE, desc_info->use_rate) |
1086 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_RATE, desc_info->data_rate) |
1087 		    FIELD_PREP(RTW89_TXWD_INFO0_DISDATAFB, desc_info->dis_data_fb) |
1088 		    FIELD_PREP(RTW89_TXWD_INFO0_MULTIPORT_ID, desc_info->port);
1089 
1090 	return cpu_to_le32(dword);
1091 }
1092 
1093 static __le32 rtw89_build_txwd_info0_v1(struct rtw89_tx_desc_info *desc_info)
1094 {
1095 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO0_DISDATAFB, desc_info->dis_data_fb) |
1096 		    FIELD_PREP(RTW89_TXWD_INFO0_MULTIPORT_ID, desc_info->port) |
1097 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_ER, desc_info->er_cap) |
1098 		    FIELD_PREP(RTW89_TXWD_INFO0_DATA_BW_ER, 0);
1099 
1100 	return cpu_to_le32(dword);
1101 }
1102 
1103 static __le32 rtw89_build_txwd_info1(struct rtw89_tx_desc_info *desc_info)
1104 {
1105 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO1_MAX_AGGNUM, desc_info->ampdu_num) |
1106 		    FIELD_PREP(RTW89_TXWD_INFO1_A_CTRL_BSR, desc_info->a_ctrl_bsr) |
1107 		    FIELD_PREP(RTW89_TXWD_INFO1_DATA_RTY_LOWEST_RATE,
1108 			       desc_info->data_retry_lowest_rate);
1109 
1110 	return cpu_to_le32(dword);
1111 }
1112 
1113 static __le32 rtw89_build_txwd_info2(struct rtw89_tx_desc_info *desc_info)
1114 {
1115 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO2_AMPDU_DENSITY, desc_info->ampdu_density) |
1116 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_TYPE, desc_info->sec_type) |
1117 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_HW_ENC, desc_info->sec_en) |
1118 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_CAM_IDX, desc_info->sec_cam_idx);
1119 
1120 	return cpu_to_le32(dword);
1121 }
1122 
1123 static __le32 rtw89_build_txwd_info2_v1(struct rtw89_tx_desc_info *desc_info)
1124 {
1125 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO2_AMPDU_DENSITY, desc_info->ampdu_density) |
1126 		    FIELD_PREP(RTW89_TXWD_INFO2_FORCE_KEY_EN, desc_info->sec_en) |
1127 		    FIELD_PREP(RTW89_TXWD_INFO2_SEC_CAM_IDX, desc_info->sec_cam_idx);
1128 
1129 	return cpu_to_le32(dword);
1130 }
1131 
1132 static __le32 rtw89_build_txwd_info4(struct rtw89_tx_desc_info *desc_info)
1133 {
1134 	u32 dword = FIELD_PREP(RTW89_TXWD_INFO4_RTS_EN, 1) |
1135 		    FIELD_PREP(RTW89_TXWD_INFO4_HW_RTS_EN, 1);
1136 
1137 	return cpu_to_le32(dword);
1138 }
1139 
1140 void rtw89_core_fill_txdesc(struct rtw89_dev *rtwdev,
1141 			    struct rtw89_tx_desc_info *desc_info,
1142 			    void *txdesc)
1143 {
1144 	struct rtw89_txwd_body *txwd_body = (struct rtw89_txwd_body *)txdesc;
1145 	struct rtw89_txwd_info *txwd_info;
1146 
1147 	txwd_body->dword0 = rtw89_build_txwd_body0(desc_info);
1148 	txwd_body->dword2 = rtw89_build_txwd_body2(desc_info);
1149 	txwd_body->dword3 = rtw89_build_txwd_body3(desc_info);
1150 
1151 	if (!desc_info->en_wd_info)
1152 		return;
1153 
1154 	txwd_info = (struct rtw89_txwd_info *)(txwd_body + 1);
1155 	txwd_info->dword0 = rtw89_build_txwd_info0(desc_info);
1156 	txwd_info->dword1 = rtw89_build_txwd_info1(desc_info);
1157 	txwd_info->dword2 = rtw89_build_txwd_info2(desc_info);
1158 	txwd_info->dword4 = rtw89_build_txwd_info4(desc_info);
1159 
1160 }
1161 EXPORT_SYMBOL(rtw89_core_fill_txdesc);
1162 
1163 void rtw89_core_fill_txdesc_v1(struct rtw89_dev *rtwdev,
1164 			       struct rtw89_tx_desc_info *desc_info,
1165 			       void *txdesc)
1166 {
1167 	struct rtw89_txwd_body_v1 *txwd_body = (struct rtw89_txwd_body_v1 *)txdesc;
1168 	struct rtw89_txwd_info *txwd_info;
1169 
1170 	txwd_body->dword0 = rtw89_build_txwd_body0_v1(desc_info);
1171 	txwd_body->dword1 = rtw89_build_txwd_body1_v1(desc_info);
1172 	txwd_body->dword2 = rtw89_build_txwd_body2(desc_info);
1173 	txwd_body->dword3 = rtw89_build_txwd_body3(desc_info);
1174 	if (desc_info->sec_en) {
1175 		txwd_body->dword4 = rtw89_build_txwd_body4(desc_info);
1176 		txwd_body->dword5 = rtw89_build_txwd_body5(desc_info);
1177 	}
1178 	txwd_body->dword7 = rtw89_build_txwd_body7_v1(desc_info);
1179 
1180 	if (!desc_info->en_wd_info)
1181 		return;
1182 
1183 	txwd_info = (struct rtw89_txwd_info *)(txwd_body + 1);
1184 	txwd_info->dword0 = rtw89_build_txwd_info0_v1(desc_info);
1185 	txwd_info->dword1 = rtw89_build_txwd_info1(desc_info);
1186 	txwd_info->dword2 = rtw89_build_txwd_info2_v1(desc_info);
1187 	txwd_info->dword4 = rtw89_build_txwd_info4(desc_info);
1188 }
1189 EXPORT_SYMBOL(rtw89_core_fill_txdesc_v1);
1190 
1191 static __le32 rtw89_build_txwd_fwcmd0_v1(struct rtw89_tx_desc_info *desc_info)
1192 {
1193 	u32 dword = FIELD_PREP(AX_RXD_RPKT_LEN_MASK, desc_info->pkt_size) |
1194 		    FIELD_PREP(AX_RXD_RPKT_TYPE_MASK, desc_info->fw_dl ?
1195 						      RTW89_CORE_RX_TYPE_FWDL :
1196 						      RTW89_CORE_RX_TYPE_H2C);
1197 
1198 	return cpu_to_le32(dword);
1199 }
1200 
1201 void rtw89_core_fill_txdesc_fwcmd_v1(struct rtw89_dev *rtwdev,
1202 				     struct rtw89_tx_desc_info *desc_info,
1203 				     void *txdesc)
1204 {
1205 	struct rtw89_rxdesc_short *txwd_v1 = (struct rtw89_rxdesc_short *)txdesc;
1206 
1207 	txwd_v1->dword0 = rtw89_build_txwd_fwcmd0_v1(desc_info);
1208 }
1209 EXPORT_SYMBOL(rtw89_core_fill_txdesc_fwcmd_v1);
1210 
1211 static int rtw89_core_rx_process_mac_ppdu(struct rtw89_dev *rtwdev,
1212 					  struct sk_buff *skb,
1213 					  struct rtw89_rx_phy_ppdu *phy_ppdu)
1214 {
1215 	const struct rtw89_rxinfo *rxinfo = (const struct rtw89_rxinfo *)skb->data;
1216 	bool rx_cnt_valid = false;
1217 	u8 plcp_size = 0;
1218 	u8 usr_num = 0;
1219 	u8 *phy_sts;
1220 
1221 	rx_cnt_valid = le32_get_bits(rxinfo->w0, RTW89_RXINFO_W0_RX_CNT_VLD);
1222 	plcp_size = le32_get_bits(rxinfo->w1, RTW89_RXINFO_W1_PLCP_LEN) << 3;
1223 	usr_num = le32_get_bits(rxinfo->w0, RTW89_RXINFO_W0_USR_NUM);
1224 	if (usr_num > RTW89_PPDU_MAX_USR) {
1225 		rtw89_warn(rtwdev, "Invalid user number in mac info\n");
1226 		return -EINVAL;
1227 	}
1228 
1229 	phy_sts = skb->data + RTW89_PPDU_MAC_INFO_SIZE;
1230 	phy_sts += usr_num * RTW89_PPDU_MAC_INFO_USR_SIZE;
1231 	/* 8-byte alignment */
1232 	if (usr_num & BIT(0))
1233 		phy_sts += RTW89_PPDU_MAC_INFO_USR_SIZE;
1234 	if (rx_cnt_valid)
1235 		phy_sts += RTW89_PPDU_MAC_RX_CNT_SIZE;
1236 	phy_sts += plcp_size;
1237 
1238 	phy_ppdu->buf = phy_sts;
1239 	phy_ppdu->len = skb->data + skb->len - phy_sts;
1240 
1241 	return 0;
1242 }
1243 
1244 static void rtw89_core_rx_process_phy_ppdu_iter(void *data,
1245 						struct ieee80211_sta *sta)
1246 {
1247 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
1248 	struct rtw89_rx_phy_ppdu *phy_ppdu = (struct rtw89_rx_phy_ppdu *)data;
1249 	struct rtw89_dev *rtwdev = rtwsta->rtwdev;
1250 	struct rtw89_hal *hal = &rtwdev->hal;
1251 	u8 ant_num = hal->ant_diversity ? 2 : rtwdev->chip->rf_path_num;
1252 	u8 ant_pos = U8_MAX;
1253 	u8 evm_pos = 0;
1254 	int i;
1255 
1256 	if (rtwsta->mac_id != phy_ppdu->mac_id || !phy_ppdu->to_self)
1257 		return;
1258 
1259 	if (hal->ant_diversity && hal->antenna_rx) {
1260 		ant_pos = __ffs(hal->antenna_rx);
1261 		evm_pos = ant_pos;
1262 	}
1263 
1264 	ewma_rssi_add(&rtwsta->avg_rssi, phy_ppdu->rssi_avg);
1265 
1266 	if (ant_pos < ant_num) {
1267 		ewma_rssi_add(&rtwsta->rssi[ant_pos], phy_ppdu->rssi[0]);
1268 	} else {
1269 		for (i = 0; i < rtwdev->chip->rf_path_num; i++)
1270 			ewma_rssi_add(&rtwsta->rssi[i], phy_ppdu->rssi[i]);
1271 	}
1272 
1273 	if (phy_ppdu->ofdm.has) {
1274 		ewma_snr_add(&rtwsta->avg_snr, phy_ppdu->ofdm.avg_snr);
1275 		ewma_evm_add(&rtwsta->evm_min[evm_pos], phy_ppdu->ofdm.evm_min);
1276 		ewma_evm_add(&rtwsta->evm_max[evm_pos], phy_ppdu->ofdm.evm_max);
1277 	}
1278 }
1279 
1280 #define VAR_LEN 0xff
1281 #define VAR_LEN_UNIT 8
1282 static u16 rtw89_core_get_phy_status_ie_len(struct rtw89_dev *rtwdev,
1283 					    const struct rtw89_phy_sts_iehdr *iehdr)
1284 {
1285 	static const u8 physts_ie_len_tab[32] = {
1286 		16, 32, 24, 24, 8, 8, 8, 8, VAR_LEN, 8, VAR_LEN, 176, VAR_LEN,
1287 		VAR_LEN, VAR_LEN, VAR_LEN, VAR_LEN, VAR_LEN, 16, 24, VAR_LEN,
1288 		VAR_LEN, VAR_LEN, 0, 24, 24, 24, 24, 32, 32, 32, 32
1289 	};
1290 	u16 ie_len;
1291 	u8 ie;
1292 
1293 	ie = le32_get_bits(iehdr->w0, RTW89_PHY_STS_IEHDR_TYPE);
1294 	if (physts_ie_len_tab[ie] != VAR_LEN)
1295 		ie_len = physts_ie_len_tab[ie];
1296 	else
1297 		ie_len = le32_get_bits(iehdr->w0, RTW89_PHY_STS_IEHDR_LEN) * VAR_LEN_UNIT;
1298 
1299 	return ie_len;
1300 }
1301 
1302 static void rtw89_core_parse_phy_status_ie01(struct rtw89_dev *rtwdev,
1303 					     const struct rtw89_phy_sts_iehdr *iehdr,
1304 					     struct rtw89_rx_phy_ppdu *phy_ppdu)
1305 {
1306 	const struct rtw89_phy_sts_ie0 *ie = (const struct rtw89_phy_sts_ie0 *)iehdr;
1307 	s16 cfo;
1308 	u32 t;
1309 
1310 	phy_ppdu->chan_idx = le32_get_bits(ie->w0, RTW89_PHY_STS_IE01_W0_CH_IDX);
1311 	if (phy_ppdu->rate < RTW89_HW_RATE_OFDM6)
1312 		return;
1313 
1314 	if (!phy_ppdu->to_self)
1315 		return;
1316 
1317 	phy_ppdu->ofdm.avg_snr = le32_get_bits(ie->w2, RTW89_PHY_STS_IE01_W2_AVG_SNR);
1318 	phy_ppdu->ofdm.evm_max = le32_get_bits(ie->w2, RTW89_PHY_STS_IE01_W2_EVM_MAX);
1319 	phy_ppdu->ofdm.evm_min = le32_get_bits(ie->w2, RTW89_PHY_STS_IE01_W2_EVM_MIN);
1320 	phy_ppdu->ofdm.has = true;
1321 
1322 	/* sign conversion for S(12,2) */
1323 	if (rtwdev->chip->cfo_src_fd) {
1324 		t = le32_get_bits(ie->w1, RTW89_PHY_STS_IE01_W1_FD_CFO);
1325 		cfo = sign_extend32(t, 11);
1326 	} else {
1327 		t = le32_get_bits(ie->w1, RTW89_PHY_STS_IE01_W1_PREMB_CFO);
1328 		cfo = sign_extend32(t, 11);
1329 	}
1330 
1331 	rtw89_phy_cfo_parse(rtwdev, cfo, phy_ppdu);
1332 }
1333 
1334 static int rtw89_core_process_phy_status_ie(struct rtw89_dev *rtwdev,
1335 					    const struct rtw89_phy_sts_iehdr *iehdr,
1336 					    struct rtw89_rx_phy_ppdu *phy_ppdu)
1337 {
1338 	u8 ie;
1339 
1340 	ie = le32_get_bits(iehdr->w0, RTW89_PHY_STS_IEHDR_TYPE);
1341 
1342 	switch (ie) {
1343 	case RTW89_PHYSTS_IE01_CMN_OFDM:
1344 		rtw89_core_parse_phy_status_ie01(rtwdev, iehdr, phy_ppdu);
1345 		break;
1346 	default:
1347 		break;
1348 	}
1349 
1350 	return 0;
1351 }
1352 
1353 static void rtw89_core_update_phy_ppdu(struct rtw89_rx_phy_ppdu *phy_ppdu)
1354 {
1355 	const struct rtw89_phy_sts_hdr *hdr = phy_ppdu->buf;
1356 	u8 *rssi = phy_ppdu->rssi;
1357 
1358 	phy_ppdu->ie = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_W0_IE_MAP);
1359 	phy_ppdu->rssi_avg = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_W0_RSSI_AVG);
1360 	rssi[RF_PATH_A] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_A);
1361 	rssi[RF_PATH_B] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_B);
1362 	rssi[RF_PATH_C] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_C);
1363 	rssi[RF_PATH_D] = le32_get_bits(hdr->w1, RTW89_PHY_STS_HDR_W1_RSSI_D);
1364 }
1365 
1366 static int rtw89_core_rx_process_phy_ppdu(struct rtw89_dev *rtwdev,
1367 					  struct rtw89_rx_phy_ppdu *phy_ppdu)
1368 {
1369 	const struct rtw89_phy_sts_hdr *hdr = phy_ppdu->buf;
1370 	u32 len_from_header;
1371 
1372 	len_from_header = le32_get_bits(hdr->w0, RTW89_PHY_STS_HDR_W0_LEN) << 3;
1373 
1374 	if (len_from_header != phy_ppdu->len) {
1375 		rtw89_debug(rtwdev, RTW89_DBG_UNEXP, "phy ppdu len mismatch\n");
1376 		return -EINVAL;
1377 	}
1378 	rtw89_core_update_phy_ppdu(phy_ppdu);
1379 
1380 	return 0;
1381 }
1382 
1383 static int rtw89_core_rx_parse_phy_sts(struct rtw89_dev *rtwdev,
1384 				       struct rtw89_rx_phy_ppdu *phy_ppdu)
1385 {
1386 	u16 ie_len;
1387 	void *pos, *end;
1388 
1389 	/* mark invalid reports and bypass them */
1390 	if (phy_ppdu->ie < RTW89_CCK_PKT)
1391 		return -EINVAL;
1392 
1393 	pos = phy_ppdu->buf + PHY_STS_HDR_LEN;
1394 	end = phy_ppdu->buf + phy_ppdu->len;
1395 	while (pos < end) {
1396 		const struct rtw89_phy_sts_iehdr *iehdr = pos;
1397 
1398 		ie_len = rtw89_core_get_phy_status_ie_len(rtwdev, iehdr);
1399 		rtw89_core_process_phy_status_ie(rtwdev, iehdr, phy_ppdu);
1400 		pos += ie_len;
1401 		if (pos > end || ie_len == 0) {
1402 			rtw89_debug(rtwdev, RTW89_DBG_TXRX,
1403 				    "phy status parse failed\n");
1404 			return -EINVAL;
1405 		}
1406 	}
1407 
1408 	rtw89_phy_antdiv_parse(rtwdev, phy_ppdu);
1409 
1410 	return 0;
1411 }
1412 
1413 static void rtw89_core_rx_process_phy_sts(struct rtw89_dev *rtwdev,
1414 					  struct rtw89_rx_phy_ppdu *phy_ppdu)
1415 {
1416 	int ret;
1417 
1418 	ret = rtw89_core_rx_parse_phy_sts(rtwdev, phy_ppdu);
1419 	if (ret)
1420 		rtw89_debug(rtwdev, RTW89_DBG_TXRX, "parse phy sts failed\n");
1421 	else
1422 		phy_ppdu->valid = true;
1423 
1424 	ieee80211_iterate_stations_atomic(rtwdev->hw,
1425 					  rtw89_core_rx_process_phy_ppdu_iter,
1426 					  phy_ppdu);
1427 }
1428 
1429 static u8 rtw89_rxdesc_to_nl_he_gi(struct rtw89_dev *rtwdev,
1430 				   const struct rtw89_rx_desc_info *desc_info,
1431 				   bool rx_status)
1432 {
1433 	switch (desc_info->gi_ltf) {
1434 	case RTW89_GILTF_SGI_4XHE08:
1435 	case RTW89_GILTF_2XHE08:
1436 	case RTW89_GILTF_1XHE08:
1437 		return NL80211_RATE_INFO_HE_GI_0_8;
1438 	case RTW89_GILTF_2XHE16:
1439 	case RTW89_GILTF_1XHE16:
1440 		return NL80211_RATE_INFO_HE_GI_1_6;
1441 	case RTW89_GILTF_LGI_4XHE32:
1442 		return NL80211_RATE_INFO_HE_GI_3_2;
1443 	default:
1444 		rtw89_warn(rtwdev, "invalid gi_ltf=%d", desc_info->gi_ltf);
1445 		return rx_status ? NL80211_RATE_INFO_HE_GI_3_2 : U8_MAX;
1446 	}
1447 }
1448 
1449 static bool rtw89_core_rx_ppdu_match(struct rtw89_dev *rtwdev,
1450 				     struct rtw89_rx_desc_info *desc_info,
1451 				     struct ieee80211_rx_status *status)
1452 {
1453 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
1454 	u8 data_rate_mode, bw, rate_idx = MASKBYTE0, gi_ltf;
1455 	u16 data_rate;
1456 	bool ret;
1457 
1458 	data_rate = desc_info->data_rate;
1459 	data_rate_mode = rtw89_get_data_rate_mode(rtwdev, data_rate);
1460 	if (data_rate_mode == DATA_RATE_MODE_NON_HT) {
1461 		rate_idx = rtw89_get_data_not_ht_idx(rtwdev, data_rate);
1462 		/* rate_idx is still hardware value here */
1463 	} else if (data_rate_mode == DATA_RATE_MODE_HT) {
1464 		rate_idx = rtw89_get_data_ht_mcs(rtwdev, data_rate);
1465 	} else if (data_rate_mode == DATA_RATE_MODE_VHT) {
1466 		rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
1467 	} else if (data_rate_mode == DATA_RATE_MODE_HE) {
1468 		rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
1469 	} else {
1470 		rtw89_warn(rtwdev, "invalid RX rate mode %d\n", data_rate_mode);
1471 	}
1472 
1473 	bw = rtw89_hw_to_rate_info_bw(desc_info->bw);
1474 	gi_ltf = rtw89_rxdesc_to_nl_he_gi(rtwdev, desc_info, false);
1475 	ret = rtwdev->ppdu_sts.curr_rx_ppdu_cnt[band] == desc_info->ppdu_cnt &&
1476 	      status->rate_idx == rate_idx &&
1477 	      status->he_gi == gi_ltf &&
1478 	      status->bw == bw;
1479 
1480 	return ret;
1481 }
1482 
1483 struct rtw89_vif_rx_stats_iter_data {
1484 	struct rtw89_dev *rtwdev;
1485 	struct rtw89_rx_phy_ppdu *phy_ppdu;
1486 	struct rtw89_rx_desc_info *desc_info;
1487 	struct sk_buff *skb;
1488 	const u8 *bssid;
1489 };
1490 
1491 static void rtw89_stats_trigger_frame(struct rtw89_dev *rtwdev,
1492 				      struct ieee80211_vif *vif,
1493 				      struct sk_buff *skb)
1494 {
1495 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
1496 	struct ieee80211_trigger *tf = (struct ieee80211_trigger *)skb->data;
1497 	u8 *pos, *end, type;
1498 	u16 aid;
1499 
1500 	if (!ether_addr_equal(vif->bss_conf.bssid, tf->ta) ||
1501 	    rtwvif->wifi_role != RTW89_WIFI_ROLE_STATION ||
1502 	    rtwvif->net_type == RTW89_NET_TYPE_NO_LINK)
1503 		return;
1504 
1505 	type = le64_get_bits(tf->common_info, IEEE80211_TRIGGER_TYPE_MASK);
1506 	if (type != IEEE80211_TRIGGER_TYPE_BASIC)
1507 		return;
1508 
1509 	end = (u8 *)tf + skb->len;
1510 	pos = tf->variable;
1511 
1512 	while (end - pos >= RTW89_TF_BASIC_USER_INFO_SZ) {
1513 		aid = RTW89_GET_TF_USER_INFO_AID12(pos);
1514 		rtw89_debug(rtwdev, RTW89_DBG_TXRX,
1515 			    "[TF] aid: %d, ul_mcs: %d, rua: %d\n",
1516 			    aid, RTW89_GET_TF_USER_INFO_UL_MCS(pos),
1517 			    RTW89_GET_TF_USER_INFO_RUA(pos));
1518 
1519 		if (aid == RTW89_TF_PAD)
1520 			break;
1521 
1522 		if (aid == vif->cfg.aid) {
1523 			rtwvif->stats.rx_tf_acc++;
1524 			rtwdev->stats.rx_tf_acc++;
1525 			break;
1526 		}
1527 
1528 		pos += RTW89_TF_BASIC_USER_INFO_SZ;
1529 	}
1530 }
1531 
1532 static void rtw89_cancel_6ghz_probe_work(struct work_struct *work)
1533 {
1534 	struct rtw89_dev *rtwdev = container_of(work, struct rtw89_dev,
1535 						cancel_6ghz_probe_work);
1536 	struct list_head *pkt_list = rtwdev->scan_info.pkt_list;
1537 	struct rtw89_pktofld_info *info;
1538 
1539 	mutex_lock(&rtwdev->mutex);
1540 
1541 	if (!rtwdev->scanning)
1542 		goto out;
1543 
1544 	list_for_each_entry(info, &pkt_list[NL80211_BAND_6GHZ], list) {
1545 		if (!info->cancel || !test_bit(info->id, rtwdev->pkt_offload))
1546 			continue;
1547 
1548 		rtw89_fw_h2c_del_pkt_offload(rtwdev, info->id);
1549 
1550 		/* Don't delete/free info from pkt_list at this moment. Let it
1551 		 * be deleted/freed in rtw89_release_pkt_list() after scanning,
1552 		 * since if during scanning, pkt_list is accessed in bottom half.
1553 		 */
1554 	}
1555 
1556 out:
1557 	mutex_unlock(&rtwdev->mutex);
1558 }
1559 
1560 static void rtw89_core_cancel_6ghz_probe_tx(struct rtw89_dev *rtwdev,
1561 					    struct sk_buff *skb)
1562 {
1563 	struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
1564 	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
1565 	struct list_head *pkt_list = rtwdev->scan_info.pkt_list;
1566 	struct rtw89_pktofld_info *info;
1567 	const u8 *ies = mgmt->u.beacon.variable, *ssid_ie;
1568 	bool queue_work = false;
1569 
1570 	if (rx_status->band != NL80211_BAND_6GHZ)
1571 		return;
1572 
1573 	ssid_ie = cfg80211_find_ie(WLAN_EID_SSID, ies, skb->len);
1574 
1575 	list_for_each_entry(info, &pkt_list[NL80211_BAND_6GHZ], list) {
1576 		if (ether_addr_equal(info->bssid, mgmt->bssid)) {
1577 			info->cancel = true;
1578 			queue_work = true;
1579 			continue;
1580 		}
1581 
1582 		if (!ssid_ie || ssid_ie[1] != info->ssid_len || info->ssid_len == 0)
1583 			continue;
1584 
1585 		if (memcmp(&ssid_ie[2], info->ssid, info->ssid_len) == 0) {
1586 			info->cancel = true;
1587 			queue_work = true;
1588 		}
1589 	}
1590 
1591 	if (queue_work)
1592 		ieee80211_queue_work(rtwdev->hw, &rtwdev->cancel_6ghz_probe_work);
1593 }
1594 
1595 static void rtw89_vif_rx_stats_iter(void *data, u8 *mac,
1596 				    struct ieee80211_vif *vif)
1597 {
1598 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
1599 	struct rtw89_vif_rx_stats_iter_data *iter_data = data;
1600 	struct rtw89_dev *rtwdev = iter_data->rtwdev;
1601 	struct rtw89_pkt_stat *pkt_stat = &rtwdev->phystat.cur_pkt_stat;
1602 	struct rtw89_rx_desc_info *desc_info = iter_data->desc_info;
1603 	struct sk_buff *skb = iter_data->skb;
1604 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1605 	struct rtw89_rx_phy_ppdu *phy_ppdu = iter_data->phy_ppdu;
1606 	const u8 *bssid = iter_data->bssid;
1607 
1608 	if (rtwdev->scanning &&
1609 	    (ieee80211_is_beacon(hdr->frame_control) ||
1610 	     ieee80211_is_probe_resp(hdr->frame_control)))
1611 		rtw89_core_cancel_6ghz_probe_tx(rtwdev, skb);
1612 
1613 	if (!vif->bss_conf.bssid)
1614 		return;
1615 
1616 	if (ieee80211_is_trigger(hdr->frame_control)) {
1617 		rtw89_stats_trigger_frame(rtwdev, vif, skb);
1618 		return;
1619 	}
1620 
1621 	if (!ether_addr_equal(vif->bss_conf.bssid, bssid))
1622 		return;
1623 
1624 	if (ieee80211_is_beacon(hdr->frame_control)) {
1625 		if (vif->type == NL80211_IFTYPE_STATION)
1626 			rtw89_fw_h2c_rssi_offload(rtwdev, phy_ppdu);
1627 		pkt_stat->beacon_nr++;
1628 	}
1629 
1630 	if (!ether_addr_equal(vif->addr, hdr->addr1))
1631 		return;
1632 
1633 	if (desc_info->data_rate < RTW89_HW_RATE_NR)
1634 		pkt_stat->rx_rate_cnt[desc_info->data_rate]++;
1635 
1636 	rtw89_traffic_stats_accu(rtwdev, &rtwvif->stats, skb, false);
1637 }
1638 
1639 static void rtw89_core_rx_stats(struct rtw89_dev *rtwdev,
1640 				struct rtw89_rx_phy_ppdu *phy_ppdu,
1641 				struct rtw89_rx_desc_info *desc_info,
1642 				struct sk_buff *skb)
1643 {
1644 	struct rtw89_vif_rx_stats_iter_data iter_data;
1645 
1646 	rtw89_traffic_stats_accu(rtwdev, &rtwdev->stats, skb, false);
1647 
1648 	iter_data.rtwdev = rtwdev;
1649 	iter_data.phy_ppdu = phy_ppdu;
1650 	iter_data.desc_info = desc_info;
1651 	iter_data.skb = skb;
1652 	iter_data.bssid = get_hdr_bssid((struct ieee80211_hdr *)skb->data);
1653 	rtw89_iterate_vifs_bh(rtwdev, rtw89_vif_rx_stats_iter, &iter_data);
1654 }
1655 
1656 static void rtw89_correct_cck_chan(struct rtw89_dev *rtwdev,
1657 				   struct ieee80211_rx_status *status)
1658 {
1659 	const struct rtw89_chan_rcd *rcd =
1660 		rtw89_chan_rcd_get(rtwdev, RTW89_SUB_ENTITY_0);
1661 	u16 chan = rcd->prev_primary_channel;
1662 	u8 band = rcd->prev_band_type == RTW89_BAND_2G ?
1663 		  NL80211_BAND_2GHZ : NL80211_BAND_5GHZ;
1664 
1665 	if (status->band != NL80211_BAND_2GHZ &&
1666 	    status->encoding == RX_ENC_LEGACY &&
1667 	    status->rate_idx < RTW89_HW_RATE_OFDM6) {
1668 		status->freq = ieee80211_channel_to_frequency(chan, band);
1669 		status->band = band;
1670 	}
1671 }
1672 
1673 static void rtw89_core_hw_to_sband_rate(struct ieee80211_rx_status *rx_status)
1674 {
1675 	if (rx_status->band == NL80211_BAND_2GHZ ||
1676 	    rx_status->encoding != RX_ENC_LEGACY)
1677 		return;
1678 
1679 	/* Some control frames' freq(ACKs in this case) are reported wrong due
1680 	 * to FW notify timing, set to lowest rate to prevent overflow.
1681 	 */
1682 	if (rx_status->rate_idx < RTW89_HW_RATE_OFDM6) {
1683 		rx_status->rate_idx = 0;
1684 		return;
1685 	}
1686 
1687 	/* No 4 CCK rates for non-2G */
1688 	rx_status->rate_idx -= 4;
1689 }
1690 
1691 static void rtw89_core_update_radiotap(struct rtw89_dev *rtwdev,
1692 				       struct sk_buff *skb,
1693 				       struct ieee80211_rx_status *rx_status)
1694 {
1695 	static const struct ieee80211_radiotap_he known_he = {
1696 		.data1 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_DATA_MCS_KNOWN |
1697 				     IEEE80211_RADIOTAP_HE_DATA1_BW_RU_ALLOC_KNOWN),
1698 		.data2 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA2_GI_KNOWN),
1699 	};
1700 	struct ieee80211_radiotap_he *he;
1701 
1702 	if (!(rtwdev->hw->conf.flags & IEEE80211_CONF_MONITOR))
1703 		return;
1704 
1705 	if (rx_status->encoding == RX_ENC_HE) {
1706 		rx_status->flag |= RX_FLAG_RADIOTAP_HE;
1707 		he = skb_push(skb, sizeof(*he));
1708 		*he = known_he;
1709 	}
1710 }
1711 
1712 static void rtw89_core_rx_to_mac80211(struct rtw89_dev *rtwdev,
1713 				      struct rtw89_rx_phy_ppdu *phy_ppdu,
1714 				      struct rtw89_rx_desc_info *desc_info,
1715 				      struct sk_buff *skb_ppdu,
1716 				      struct ieee80211_rx_status *rx_status)
1717 {
1718 	struct napi_struct *napi = &rtwdev->napi;
1719 
1720 	/* In low power mode, napi isn't scheduled. Receive it to netif. */
1721 	if (unlikely(!test_bit(NAPI_STATE_SCHED, &napi->state)))
1722 		napi = NULL;
1723 
1724 	rtw89_core_hw_to_sband_rate(rx_status);
1725 	rtw89_core_rx_stats(rtwdev, phy_ppdu, desc_info, skb_ppdu);
1726 	rtw89_core_update_radiotap(rtwdev, skb_ppdu, rx_status);
1727 	/* In low power mode, it does RX in thread context. */
1728 	local_bh_disable();
1729 	ieee80211_rx_napi(rtwdev->hw, NULL, skb_ppdu, napi);
1730 	local_bh_enable();
1731 	rtwdev->napi_budget_countdown--;
1732 }
1733 
1734 static void rtw89_core_rx_pending_skb(struct rtw89_dev *rtwdev,
1735 				      struct rtw89_rx_phy_ppdu *phy_ppdu,
1736 				      struct rtw89_rx_desc_info *desc_info,
1737 				      struct sk_buff *skb)
1738 {
1739 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
1740 	int curr = rtwdev->ppdu_sts.curr_rx_ppdu_cnt[band];
1741 	struct sk_buff *skb_ppdu = NULL, *tmp;
1742 	struct ieee80211_rx_status *rx_status;
1743 
1744 	if (curr > RTW89_MAX_PPDU_CNT)
1745 		return;
1746 
1747 	skb_queue_walk_safe(&rtwdev->ppdu_sts.rx_queue[band], skb_ppdu, tmp) {
1748 		skb_unlink(skb_ppdu, &rtwdev->ppdu_sts.rx_queue[band]);
1749 		rx_status = IEEE80211_SKB_RXCB(skb_ppdu);
1750 		if (rtw89_core_rx_ppdu_match(rtwdev, desc_info, rx_status))
1751 			rtw89_chip_query_ppdu(rtwdev, phy_ppdu, rx_status);
1752 		rtw89_correct_cck_chan(rtwdev, rx_status);
1753 		rtw89_core_rx_to_mac80211(rtwdev, phy_ppdu, desc_info, skb_ppdu, rx_status);
1754 	}
1755 }
1756 
1757 static void rtw89_core_rx_process_ppdu_sts(struct rtw89_dev *rtwdev,
1758 					   struct rtw89_rx_desc_info *desc_info,
1759 					   struct sk_buff *skb)
1760 {
1761 	struct rtw89_rx_phy_ppdu phy_ppdu = {.buf = skb->data, .valid = false,
1762 					     .len = skb->len,
1763 					     .to_self = desc_info->addr1_match,
1764 					     .rate = desc_info->data_rate,
1765 					     .mac_id = desc_info->mac_id};
1766 	int ret;
1767 
1768 	if (desc_info->mac_info_valid)
1769 		rtw89_core_rx_process_mac_ppdu(rtwdev, skb, &phy_ppdu);
1770 	ret = rtw89_core_rx_process_phy_ppdu(rtwdev, &phy_ppdu);
1771 	if (ret)
1772 		rtw89_debug(rtwdev, RTW89_DBG_TXRX, "process ppdu failed\n");
1773 
1774 	rtw89_core_rx_process_phy_sts(rtwdev, &phy_ppdu);
1775 	rtw89_core_rx_pending_skb(rtwdev, &phy_ppdu, desc_info, skb);
1776 	dev_kfree_skb_any(skb);
1777 }
1778 
1779 static void rtw89_core_rx_process_report(struct rtw89_dev *rtwdev,
1780 					 struct rtw89_rx_desc_info *desc_info,
1781 					 struct sk_buff *skb)
1782 {
1783 	switch (desc_info->pkt_type) {
1784 	case RTW89_CORE_RX_TYPE_C2H:
1785 		rtw89_fw_c2h_irqsafe(rtwdev, skb);
1786 		break;
1787 	case RTW89_CORE_RX_TYPE_PPDU_STAT:
1788 		rtw89_core_rx_process_ppdu_sts(rtwdev, desc_info, skb);
1789 		break;
1790 	default:
1791 		rtw89_debug(rtwdev, RTW89_DBG_TXRX, "unhandled pkt_type=%d\n",
1792 			    desc_info->pkt_type);
1793 		dev_kfree_skb_any(skb);
1794 		break;
1795 	}
1796 }
1797 
1798 void rtw89_core_query_rxdesc(struct rtw89_dev *rtwdev,
1799 			     struct rtw89_rx_desc_info *desc_info,
1800 			     u8 *data, u32 data_offset)
1801 {
1802 	const struct rtw89_chip_info *chip = rtwdev->chip;
1803 	struct rtw89_rxdesc_short *rxd_s;
1804 	struct rtw89_rxdesc_long *rxd_l;
1805 	u8 shift_len, drv_info_len;
1806 
1807 	rxd_s = (struct rtw89_rxdesc_short *)(data + data_offset);
1808 	desc_info->pkt_size = le32_get_bits(rxd_s->dword0, AX_RXD_RPKT_LEN_MASK);
1809 	desc_info->drv_info_size = le32_get_bits(rxd_s->dword0, AX_RXD_DRV_INFO_SIZE_MASK);
1810 	desc_info->long_rxdesc = le32_get_bits(rxd_s->dword0,  AX_RXD_LONG_RXD);
1811 	desc_info->pkt_type = le32_get_bits(rxd_s->dword0,  AX_RXD_RPKT_TYPE_MASK);
1812 	desc_info->mac_info_valid = le32_get_bits(rxd_s->dword0, AX_RXD_MAC_INFO_VLD);
1813 	if (chip->chip_id == RTL8852C)
1814 		desc_info->bw = le32_get_bits(rxd_s->dword1, AX_RXD_BW_v1_MASK);
1815 	else
1816 		desc_info->bw = le32_get_bits(rxd_s->dword1, AX_RXD_BW_MASK);
1817 	desc_info->data_rate = le32_get_bits(rxd_s->dword1, AX_RXD_RX_DATARATE_MASK);
1818 	desc_info->gi_ltf = le32_get_bits(rxd_s->dword1, AX_RXD_RX_GI_LTF_MASK);
1819 	desc_info->user_id = le32_get_bits(rxd_s->dword1, AX_RXD_USER_ID_MASK);
1820 	desc_info->sr_en = le32_get_bits(rxd_s->dword1, AX_RXD_SR_EN);
1821 	desc_info->ppdu_cnt = le32_get_bits(rxd_s->dword1, AX_RXD_PPDU_CNT_MASK);
1822 	desc_info->ppdu_type = le32_get_bits(rxd_s->dword1, AX_RXD_PPDU_TYPE_MASK);
1823 	desc_info->free_run_cnt = le32_get_bits(rxd_s->dword2, AX_RXD_FREERUN_CNT_MASK);
1824 	desc_info->icv_err = le32_get_bits(rxd_s->dword3, AX_RXD_ICV_ERR);
1825 	desc_info->crc32_err = le32_get_bits(rxd_s->dword3, AX_RXD_CRC32_ERR);
1826 	desc_info->hw_dec = le32_get_bits(rxd_s->dword3, AX_RXD_HW_DEC);
1827 	desc_info->sw_dec = le32_get_bits(rxd_s->dword3, AX_RXD_SW_DEC);
1828 	desc_info->addr1_match = le32_get_bits(rxd_s->dword3, AX_RXD_A1_MATCH);
1829 
1830 	shift_len = desc_info->shift << 1; /* 2-byte unit */
1831 	drv_info_len = desc_info->drv_info_size << 3; /* 8-byte unit */
1832 	desc_info->offset = data_offset + shift_len + drv_info_len;
1833 	if (desc_info->long_rxdesc)
1834 		desc_info->rxd_len = sizeof(struct rtw89_rxdesc_long);
1835 	else
1836 		desc_info->rxd_len = sizeof(struct rtw89_rxdesc_short);
1837 	desc_info->ready = true;
1838 
1839 	if (!desc_info->long_rxdesc)
1840 		return;
1841 
1842 	rxd_l = (struct rtw89_rxdesc_long *)(data + data_offset);
1843 	desc_info->frame_type = le32_get_bits(rxd_l->dword4, AX_RXD_TYPE_MASK);
1844 	desc_info->addr_cam_valid = le32_get_bits(rxd_l->dword5, AX_RXD_ADDR_CAM_VLD);
1845 	desc_info->addr_cam_id = le32_get_bits(rxd_l->dword5, AX_RXD_ADDR_CAM_MASK);
1846 	desc_info->sec_cam_id = le32_get_bits(rxd_l->dword5, AX_RXD_SEC_CAM_IDX_MASK);
1847 	desc_info->mac_id = le32_get_bits(rxd_l->dword5, AX_RXD_MAC_ID_MASK);
1848 	desc_info->rx_pl_id = le32_get_bits(rxd_l->dword5, AX_RXD_RX_PL_ID_MASK);
1849 }
1850 EXPORT_SYMBOL(rtw89_core_query_rxdesc);
1851 
1852 struct rtw89_core_iter_rx_status {
1853 	struct rtw89_dev *rtwdev;
1854 	struct ieee80211_rx_status *rx_status;
1855 	struct rtw89_rx_desc_info *desc_info;
1856 	u8 mac_id;
1857 };
1858 
1859 static
1860 void rtw89_core_stats_sta_rx_status_iter(void *data, struct ieee80211_sta *sta)
1861 {
1862 	struct rtw89_core_iter_rx_status *iter_data =
1863 				(struct rtw89_core_iter_rx_status *)data;
1864 	struct ieee80211_rx_status *rx_status = iter_data->rx_status;
1865 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
1866 	struct rtw89_rx_desc_info *desc_info = iter_data->desc_info;
1867 	u8 mac_id = iter_data->mac_id;
1868 
1869 	if (mac_id != rtwsta->mac_id)
1870 		return;
1871 
1872 	rtwsta->rx_status = *rx_status;
1873 	rtwsta->rx_hw_rate = desc_info->data_rate;
1874 }
1875 
1876 static void rtw89_core_stats_sta_rx_status(struct rtw89_dev *rtwdev,
1877 					   struct rtw89_rx_desc_info *desc_info,
1878 					   struct ieee80211_rx_status *rx_status)
1879 {
1880 	struct rtw89_core_iter_rx_status iter_data;
1881 
1882 	if (!desc_info->addr1_match || !desc_info->long_rxdesc)
1883 		return;
1884 
1885 	if (desc_info->frame_type != RTW89_RX_TYPE_DATA)
1886 		return;
1887 
1888 	iter_data.rtwdev = rtwdev;
1889 	iter_data.rx_status = rx_status;
1890 	iter_data.desc_info = desc_info;
1891 	iter_data.mac_id = desc_info->mac_id;
1892 	ieee80211_iterate_stations_atomic(rtwdev->hw,
1893 					  rtw89_core_stats_sta_rx_status_iter,
1894 					  &iter_data);
1895 }
1896 
1897 static void rtw89_core_update_rx_status(struct rtw89_dev *rtwdev,
1898 					struct rtw89_rx_desc_info *desc_info,
1899 					struct ieee80211_rx_status *rx_status)
1900 {
1901 	const struct cfg80211_chan_def *chandef =
1902 		rtw89_chandef_get(rtwdev, RTW89_SUB_ENTITY_0);
1903 	const struct rtw89_chan *cur = rtw89_chan_get(rtwdev, RTW89_SUB_ENTITY_0);
1904 	u16 data_rate;
1905 	u8 data_rate_mode;
1906 
1907 	/* currently using single PHY */
1908 	rx_status->freq = chandef->chan->center_freq;
1909 	rx_status->band = chandef->chan->band;
1910 
1911 	if (rtwdev->scanning &&
1912 	    RTW89_CHK_FW_FEATURE(SCAN_OFFLOAD, &rtwdev->fw)) {
1913 		u8 chan = cur->primary_channel;
1914 		u8 band = cur->band_type;
1915 		enum nl80211_band nl_band;
1916 
1917 		nl_band = rtw89_hw_to_nl80211_band(band);
1918 		rx_status->freq = ieee80211_channel_to_frequency(chan, nl_band);
1919 		rx_status->band = nl_band;
1920 	}
1921 
1922 	if (desc_info->icv_err || desc_info->crc32_err)
1923 		rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
1924 
1925 	if (desc_info->hw_dec &&
1926 	    !(desc_info->sw_dec || desc_info->icv_err))
1927 		rx_status->flag |= RX_FLAG_DECRYPTED;
1928 
1929 	rx_status->bw = rtw89_hw_to_rate_info_bw(desc_info->bw);
1930 
1931 	data_rate = desc_info->data_rate;
1932 	data_rate_mode = rtw89_get_data_rate_mode(rtwdev, data_rate);
1933 	if (data_rate_mode == DATA_RATE_MODE_NON_HT) {
1934 		rx_status->encoding = RX_ENC_LEGACY;
1935 		rx_status->rate_idx = rtw89_get_data_not_ht_idx(rtwdev, data_rate);
1936 		/* convert rate_idx after we get the correct band */
1937 	} else if (data_rate_mode == DATA_RATE_MODE_HT) {
1938 		rx_status->encoding = RX_ENC_HT;
1939 		rx_status->rate_idx = rtw89_get_data_ht_mcs(rtwdev, data_rate);
1940 		if (desc_info->gi_ltf)
1941 			rx_status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
1942 	} else if (data_rate_mode == DATA_RATE_MODE_VHT) {
1943 		rx_status->encoding = RX_ENC_VHT;
1944 		rx_status->rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
1945 		rx_status->nss = rtw89_get_data_nss(rtwdev, data_rate) + 1;
1946 		if (desc_info->gi_ltf)
1947 			rx_status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
1948 	} else if (data_rate_mode == DATA_RATE_MODE_HE) {
1949 		rx_status->encoding = RX_ENC_HE;
1950 		rx_status->rate_idx = rtw89_get_data_mcs(rtwdev, data_rate);
1951 		rx_status->nss = rtw89_get_data_nss(rtwdev, data_rate) + 1;
1952 	} else {
1953 		rtw89_warn(rtwdev, "invalid RX rate mode %d\n", data_rate_mode);
1954 	}
1955 
1956 	/* he_gi is used to match ppdu, so we always fill it. */
1957 	rx_status->he_gi = rtw89_rxdesc_to_nl_he_gi(rtwdev, desc_info, true);
1958 	rx_status->flag |= RX_FLAG_MACTIME_START;
1959 	rx_status->mactime = desc_info->free_run_cnt;
1960 
1961 	rtw89_core_stats_sta_rx_status(rtwdev, desc_info, rx_status);
1962 }
1963 
1964 static enum rtw89_ps_mode rtw89_update_ps_mode(struct rtw89_dev *rtwdev)
1965 {
1966 	const struct rtw89_chip_info *chip = rtwdev->chip;
1967 
1968 	if (rtw89_disable_ps_mode || !chip->ps_mode_supported ||
1969 	    RTW89_CHK_FW_FEATURE(NO_DEEP_PS, &rtwdev->fw))
1970 		return RTW89_PS_MODE_NONE;
1971 
1972 	if ((chip->ps_mode_supported & BIT(RTW89_PS_MODE_PWR_GATED)) &&
1973 	    !RTW89_CHK_FW_FEATURE(NO_LPS_PG, &rtwdev->fw))
1974 		return RTW89_PS_MODE_PWR_GATED;
1975 
1976 	if (chip->ps_mode_supported & BIT(RTW89_PS_MODE_CLK_GATED))
1977 		return RTW89_PS_MODE_CLK_GATED;
1978 
1979 	if (chip->ps_mode_supported & BIT(RTW89_PS_MODE_RFOFF))
1980 		return RTW89_PS_MODE_RFOFF;
1981 
1982 	return RTW89_PS_MODE_NONE;
1983 }
1984 
1985 static void rtw89_core_flush_ppdu_rx_queue(struct rtw89_dev *rtwdev,
1986 					   struct rtw89_rx_desc_info *desc_info)
1987 {
1988 	struct rtw89_ppdu_sts_info *ppdu_sts = &rtwdev->ppdu_sts;
1989 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
1990 	struct ieee80211_rx_status *rx_status;
1991 	struct sk_buff *skb_ppdu, *tmp;
1992 
1993 	skb_queue_walk_safe(&ppdu_sts->rx_queue[band], skb_ppdu, tmp) {
1994 		skb_unlink(skb_ppdu, &ppdu_sts->rx_queue[band]);
1995 		rx_status = IEEE80211_SKB_RXCB(skb_ppdu);
1996 		rtw89_core_rx_to_mac80211(rtwdev, NULL, desc_info, skb_ppdu, rx_status);
1997 	}
1998 }
1999 
2000 void rtw89_core_rx(struct rtw89_dev *rtwdev,
2001 		   struct rtw89_rx_desc_info *desc_info,
2002 		   struct sk_buff *skb)
2003 {
2004 	struct ieee80211_rx_status *rx_status;
2005 	struct rtw89_ppdu_sts_info *ppdu_sts = &rtwdev->ppdu_sts;
2006 	u8 ppdu_cnt = desc_info->ppdu_cnt;
2007 	u8 band = desc_info->bb_sel ? RTW89_PHY_1 : RTW89_PHY_0;
2008 
2009 	if (desc_info->pkt_type != RTW89_CORE_RX_TYPE_WIFI) {
2010 		rtw89_core_rx_process_report(rtwdev, desc_info, skb);
2011 		return;
2012 	}
2013 
2014 	if (ppdu_sts->curr_rx_ppdu_cnt[band] != ppdu_cnt) {
2015 		rtw89_core_flush_ppdu_rx_queue(rtwdev, desc_info);
2016 		ppdu_sts->curr_rx_ppdu_cnt[band] = ppdu_cnt;
2017 	}
2018 
2019 	rx_status = IEEE80211_SKB_RXCB(skb);
2020 	memset(rx_status, 0, sizeof(*rx_status));
2021 	rtw89_core_update_rx_status(rtwdev, desc_info, rx_status);
2022 	if (desc_info->long_rxdesc &&
2023 	    BIT(desc_info->frame_type) & PPDU_FILTER_BITMAP)
2024 		skb_queue_tail(&ppdu_sts->rx_queue[band], skb);
2025 	else
2026 		rtw89_core_rx_to_mac80211(rtwdev, NULL, desc_info, skb, rx_status);
2027 }
2028 EXPORT_SYMBOL(rtw89_core_rx);
2029 
2030 void rtw89_core_napi_start(struct rtw89_dev *rtwdev)
2031 {
2032 	if (test_and_set_bit(RTW89_FLAG_NAPI_RUNNING, rtwdev->flags))
2033 		return;
2034 
2035 	napi_enable(&rtwdev->napi);
2036 }
2037 EXPORT_SYMBOL(rtw89_core_napi_start);
2038 
2039 void rtw89_core_napi_stop(struct rtw89_dev *rtwdev)
2040 {
2041 	if (!test_and_clear_bit(RTW89_FLAG_NAPI_RUNNING, rtwdev->flags))
2042 		return;
2043 
2044 	napi_synchronize(&rtwdev->napi);
2045 	napi_disable(&rtwdev->napi);
2046 }
2047 EXPORT_SYMBOL(rtw89_core_napi_stop);
2048 
2049 void rtw89_core_napi_init(struct rtw89_dev *rtwdev)
2050 {
2051 	init_dummy_netdev(&rtwdev->netdev);
2052 	netif_napi_add(&rtwdev->netdev, &rtwdev->napi,
2053 		       rtwdev->hci.ops->napi_poll);
2054 }
2055 EXPORT_SYMBOL(rtw89_core_napi_init);
2056 
2057 void rtw89_core_napi_deinit(struct rtw89_dev *rtwdev)
2058 {
2059 	rtw89_core_napi_stop(rtwdev);
2060 	netif_napi_del(&rtwdev->napi);
2061 }
2062 EXPORT_SYMBOL(rtw89_core_napi_deinit);
2063 
2064 static void rtw89_core_ba_work(struct work_struct *work)
2065 {
2066 	struct rtw89_dev *rtwdev =
2067 		container_of(work, struct rtw89_dev, ba_work);
2068 	struct rtw89_txq *rtwtxq, *tmp;
2069 	int ret;
2070 
2071 	spin_lock_bh(&rtwdev->ba_lock);
2072 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->ba_list, list) {
2073 		struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2074 		struct ieee80211_sta *sta = txq->sta;
2075 		struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
2076 		u8 tid = txq->tid;
2077 
2078 		if (!sta) {
2079 			rtw89_warn(rtwdev, "cannot start BA without sta\n");
2080 			goto skip_ba_work;
2081 		}
2082 
2083 		if (rtwsta->disassoc) {
2084 			rtw89_debug(rtwdev, RTW89_DBG_TXRX,
2085 				    "cannot start BA with disassoc sta\n");
2086 			goto skip_ba_work;
2087 		}
2088 
2089 		ret = ieee80211_start_tx_ba_session(sta, tid, 0);
2090 		if (ret) {
2091 			rtw89_debug(rtwdev, RTW89_DBG_TXRX,
2092 				    "failed to setup BA session for %pM:%2d: %d\n",
2093 				    sta->addr, tid, ret);
2094 			if (ret == -EINVAL)
2095 				set_bit(RTW89_TXQ_F_BLOCK_BA, &rtwtxq->flags);
2096 		}
2097 skip_ba_work:
2098 		list_del_init(&rtwtxq->list);
2099 	}
2100 	spin_unlock_bh(&rtwdev->ba_lock);
2101 }
2102 
2103 static void rtw89_core_free_sta_pending_ba(struct rtw89_dev *rtwdev,
2104 					   struct ieee80211_sta *sta)
2105 {
2106 	struct rtw89_txq *rtwtxq, *tmp;
2107 
2108 	spin_lock_bh(&rtwdev->ba_lock);
2109 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->ba_list, list) {
2110 		struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2111 
2112 		if (sta == txq->sta)
2113 			list_del_init(&rtwtxq->list);
2114 	}
2115 	spin_unlock_bh(&rtwdev->ba_lock);
2116 }
2117 
2118 static void rtw89_core_free_sta_pending_forbid_ba(struct rtw89_dev *rtwdev,
2119 						  struct ieee80211_sta *sta)
2120 {
2121 	struct rtw89_txq *rtwtxq, *tmp;
2122 
2123 	spin_lock_bh(&rtwdev->ba_lock);
2124 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->forbid_ba_list, list) {
2125 		struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2126 
2127 		if (sta == txq->sta) {
2128 			clear_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
2129 			list_del_init(&rtwtxq->list);
2130 		}
2131 	}
2132 	spin_unlock_bh(&rtwdev->ba_lock);
2133 }
2134 
2135 static void rtw89_core_free_sta_pending_roc_tx(struct rtw89_dev *rtwdev,
2136 					       struct ieee80211_sta *sta)
2137 {
2138 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2139 	struct sk_buff *skb, *tmp;
2140 
2141 	skb_queue_walk_safe(&rtwsta->roc_queue, skb, tmp) {
2142 		skb_unlink(skb, &rtwsta->roc_queue);
2143 		dev_kfree_skb_any(skb);
2144 	}
2145 }
2146 
2147 static void rtw89_core_stop_tx_ba_session(struct rtw89_dev *rtwdev,
2148 					  struct rtw89_txq *rtwtxq)
2149 {
2150 	struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2151 	struct ieee80211_sta *sta = txq->sta;
2152 	struct rtw89_sta *rtwsta = sta_to_rtwsta_safe(sta);
2153 
2154 	if (unlikely(!rtwsta) || unlikely(rtwsta->disassoc))
2155 		return;
2156 
2157 	if (!test_bit(RTW89_TXQ_F_AMPDU, &rtwtxq->flags) ||
2158 	    test_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags))
2159 		return;
2160 
2161 	spin_lock_bh(&rtwdev->ba_lock);
2162 	if (!test_and_set_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags))
2163 		list_add_tail(&rtwtxq->list, &rtwdev->forbid_ba_list);
2164 	spin_unlock_bh(&rtwdev->ba_lock);
2165 
2166 	ieee80211_stop_tx_ba_session(sta, txq->tid);
2167 	cancel_delayed_work(&rtwdev->forbid_ba_work);
2168 	ieee80211_queue_delayed_work(rtwdev->hw, &rtwdev->forbid_ba_work,
2169 				     RTW89_FORBID_BA_TIMER);
2170 }
2171 
2172 static void rtw89_core_txq_check_agg(struct rtw89_dev *rtwdev,
2173 				     struct rtw89_txq *rtwtxq,
2174 				     struct sk_buff *skb)
2175 {
2176 	struct ieee80211_hw *hw = rtwdev->hw;
2177 	struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2178 	struct ieee80211_sta *sta = txq->sta;
2179 	struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
2180 
2181 	if (test_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags))
2182 		return;
2183 
2184 	if (unlikely(skb->protocol == cpu_to_be16(ETH_P_PAE))) {
2185 		rtw89_core_stop_tx_ba_session(rtwdev, rtwtxq);
2186 		return;
2187 	}
2188 
2189 	if (unlikely(!sta))
2190 		return;
2191 
2192 	if (unlikely(test_bit(RTW89_TXQ_F_BLOCK_BA, &rtwtxq->flags)))
2193 		return;
2194 
2195 	if (test_bit(RTW89_TXQ_F_AMPDU, &rtwtxq->flags)) {
2196 		IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_AMPDU;
2197 		return;
2198 	}
2199 
2200 	spin_lock_bh(&rtwdev->ba_lock);
2201 	if (!rtwsta->disassoc && list_empty(&rtwtxq->list)) {
2202 		list_add_tail(&rtwtxq->list, &rtwdev->ba_list);
2203 		ieee80211_queue_work(hw, &rtwdev->ba_work);
2204 	}
2205 	spin_unlock_bh(&rtwdev->ba_lock);
2206 }
2207 
2208 static void rtw89_core_txq_push(struct rtw89_dev *rtwdev,
2209 				struct rtw89_txq *rtwtxq,
2210 				unsigned long frame_cnt,
2211 				unsigned long byte_cnt)
2212 {
2213 	struct ieee80211_txq *txq = rtw89_txq_to_txq(rtwtxq);
2214 	struct ieee80211_vif *vif = txq->vif;
2215 	struct ieee80211_sta *sta = txq->sta;
2216 	struct sk_buff *skb;
2217 	unsigned long i;
2218 	int ret;
2219 
2220 	rcu_read_lock();
2221 	for (i = 0; i < frame_cnt; i++) {
2222 		skb = ieee80211_tx_dequeue_ni(rtwdev->hw, txq);
2223 		if (!skb) {
2224 			rtw89_debug(rtwdev, RTW89_DBG_TXRX, "dequeue a NULL skb\n");
2225 			goto out;
2226 		}
2227 		rtw89_core_txq_check_agg(rtwdev, rtwtxq, skb);
2228 		ret = rtw89_core_tx_write(rtwdev, vif, sta, skb, NULL);
2229 		if (ret) {
2230 			rtw89_err(rtwdev, "failed to push txq: %d\n", ret);
2231 			ieee80211_free_txskb(rtwdev->hw, skb);
2232 			break;
2233 		}
2234 	}
2235 out:
2236 	rcu_read_unlock();
2237 }
2238 
2239 static u32 rtw89_check_and_reclaim_tx_resource(struct rtw89_dev *rtwdev, u8 tid)
2240 {
2241 	u8 qsel, ch_dma;
2242 
2243 	qsel = rtw89_core_get_qsel(rtwdev, tid);
2244 	ch_dma = rtw89_core_get_ch_dma(rtwdev, qsel);
2245 
2246 	return rtw89_hci_check_and_reclaim_tx_resource(rtwdev, ch_dma);
2247 }
2248 
2249 static bool rtw89_core_txq_agg_wait(struct rtw89_dev *rtwdev,
2250 				    struct ieee80211_txq *txq,
2251 				    unsigned long *frame_cnt,
2252 				    bool *sched_txq, bool *reinvoke)
2253 {
2254 	struct rtw89_txq *rtwtxq = (struct rtw89_txq *)txq->drv_priv;
2255 	struct ieee80211_sta *sta = txq->sta;
2256 	struct rtw89_sta *rtwsta = sta ? (struct rtw89_sta *)sta->drv_priv : NULL;
2257 
2258 	if (!sta || rtwsta->max_agg_wait <= 0)
2259 		return false;
2260 
2261 	if (rtwdev->stats.tx_tfc_lv <= RTW89_TFC_MID)
2262 		return false;
2263 
2264 	if (*frame_cnt > 1) {
2265 		*frame_cnt -= 1;
2266 		*sched_txq = true;
2267 		*reinvoke = true;
2268 		rtwtxq->wait_cnt = 1;
2269 		return false;
2270 	}
2271 
2272 	if (*frame_cnt == 1 && rtwtxq->wait_cnt < rtwsta->max_agg_wait) {
2273 		*reinvoke = true;
2274 		rtwtxq->wait_cnt++;
2275 		return true;
2276 	}
2277 
2278 	rtwtxq->wait_cnt = 0;
2279 	return false;
2280 }
2281 
2282 static void rtw89_core_txq_schedule(struct rtw89_dev *rtwdev, u8 ac, bool *reinvoke)
2283 {
2284 	struct ieee80211_hw *hw = rtwdev->hw;
2285 	struct ieee80211_txq *txq;
2286 	struct rtw89_vif *rtwvif;
2287 	struct rtw89_txq *rtwtxq;
2288 	unsigned long frame_cnt;
2289 	unsigned long byte_cnt;
2290 	u32 tx_resource;
2291 	bool sched_txq;
2292 
2293 	ieee80211_txq_schedule_start(hw, ac);
2294 	while ((txq = ieee80211_next_txq(hw, ac))) {
2295 		rtwtxq = (struct rtw89_txq *)txq->drv_priv;
2296 		rtwvif = (struct rtw89_vif *)txq->vif->drv_priv;
2297 
2298 		if (rtwvif->offchan) {
2299 			ieee80211_return_txq(hw, txq, true);
2300 			continue;
2301 		}
2302 		tx_resource = rtw89_check_and_reclaim_tx_resource(rtwdev, txq->tid);
2303 		sched_txq = false;
2304 
2305 		ieee80211_txq_get_depth(txq, &frame_cnt, &byte_cnt);
2306 		if (rtw89_core_txq_agg_wait(rtwdev, txq, &frame_cnt, &sched_txq, reinvoke)) {
2307 			ieee80211_return_txq(hw, txq, true);
2308 			continue;
2309 		}
2310 		frame_cnt = min_t(unsigned long, frame_cnt, tx_resource);
2311 		rtw89_core_txq_push(rtwdev, rtwtxq, frame_cnt, byte_cnt);
2312 		ieee80211_return_txq(hw, txq, sched_txq);
2313 		if (frame_cnt != 0)
2314 			rtw89_core_tx_kick_off(rtwdev, rtw89_core_get_qsel(rtwdev, txq->tid));
2315 
2316 		/* bound of tx_resource could get stuck due to burst traffic */
2317 		if (frame_cnt == tx_resource)
2318 			*reinvoke = true;
2319 	}
2320 	ieee80211_txq_schedule_end(hw, ac);
2321 }
2322 
2323 static void rtw89_ips_work(struct work_struct *work)
2324 {
2325 	struct rtw89_dev *rtwdev = container_of(work, struct rtw89_dev,
2326 						ips_work);
2327 	mutex_lock(&rtwdev->mutex);
2328 	rtw89_enter_ips_by_hwflags(rtwdev);
2329 	mutex_unlock(&rtwdev->mutex);
2330 }
2331 
2332 static void rtw89_core_txq_work(struct work_struct *w)
2333 {
2334 	struct rtw89_dev *rtwdev = container_of(w, struct rtw89_dev, txq_work);
2335 	bool reinvoke = false;
2336 	u8 ac;
2337 
2338 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
2339 		rtw89_core_txq_schedule(rtwdev, ac, &reinvoke);
2340 
2341 	if (reinvoke) {
2342 		/* reinvoke to process the last frame */
2343 		mod_delayed_work(rtwdev->txq_wq, &rtwdev->txq_reinvoke_work, 1);
2344 	}
2345 }
2346 
2347 static void rtw89_core_txq_reinvoke_work(struct work_struct *w)
2348 {
2349 	struct rtw89_dev *rtwdev = container_of(w, struct rtw89_dev,
2350 						txq_reinvoke_work.work);
2351 
2352 	queue_work(rtwdev->txq_wq, &rtwdev->txq_work);
2353 }
2354 
2355 static void rtw89_forbid_ba_work(struct work_struct *w)
2356 {
2357 	struct rtw89_dev *rtwdev = container_of(w, struct rtw89_dev,
2358 						forbid_ba_work.work);
2359 	struct rtw89_txq *rtwtxq, *tmp;
2360 
2361 	spin_lock_bh(&rtwdev->ba_lock);
2362 	list_for_each_entry_safe(rtwtxq, tmp, &rtwdev->forbid_ba_list, list) {
2363 		clear_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
2364 		list_del_init(&rtwtxq->list);
2365 	}
2366 	spin_unlock_bh(&rtwdev->ba_lock);
2367 }
2368 
2369 static void rtw89_core_sta_pending_tx_iter(void *data,
2370 					   struct ieee80211_sta *sta)
2371 {
2372 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2373 	struct rtw89_vif *rtwvif_target = data, *rtwvif = rtwsta->rtwvif;
2374 	struct rtw89_dev *rtwdev = rtwvif->rtwdev;
2375 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
2376 	struct sk_buff *skb, *tmp;
2377 	int qsel, ret;
2378 
2379 	if (rtwvif->sub_entity_idx != rtwvif_target->sub_entity_idx)
2380 		return;
2381 
2382 	if (skb_queue_len(&rtwsta->roc_queue) == 0)
2383 		return;
2384 
2385 	skb_queue_walk_safe(&rtwsta->roc_queue, skb, tmp) {
2386 		skb_unlink(skb, &rtwsta->roc_queue);
2387 
2388 		ret = rtw89_core_tx_write(rtwdev, vif, sta, skb, &qsel);
2389 		if (ret) {
2390 			rtw89_warn(rtwdev, "pending tx failed with %d\n", ret);
2391 			dev_kfree_skb_any(skb);
2392 		} else {
2393 			rtw89_core_tx_kick_off(rtwdev, qsel);
2394 		}
2395 	}
2396 }
2397 
2398 static void rtw89_core_handle_sta_pending_tx(struct rtw89_dev *rtwdev,
2399 					     struct rtw89_vif *rtwvif)
2400 {
2401 	ieee80211_iterate_stations_atomic(rtwdev->hw,
2402 					  rtw89_core_sta_pending_tx_iter,
2403 					  rtwvif);
2404 }
2405 
2406 static int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev,
2407 				    struct rtw89_vif *rtwvif, bool qos, bool ps)
2408 {
2409 	struct ieee80211_vif *vif = rtwvif_to_vif(rtwvif);
2410 	struct ieee80211_sta *sta;
2411 	struct ieee80211_hdr *hdr;
2412 	struct sk_buff *skb;
2413 	int ret, qsel;
2414 
2415 	if (vif->type != NL80211_IFTYPE_STATION || !vif->cfg.assoc)
2416 		return 0;
2417 
2418 	rcu_read_lock();
2419 	sta = ieee80211_find_sta(vif, vif->bss_conf.bssid);
2420 	if (!sta) {
2421 		ret = -EINVAL;
2422 		goto out;
2423 	}
2424 
2425 	skb = ieee80211_nullfunc_get(rtwdev->hw, vif, -1, qos);
2426 	if (!skb) {
2427 		ret = -ENOMEM;
2428 		goto out;
2429 	}
2430 
2431 	hdr = (struct ieee80211_hdr *)skb->data;
2432 	if (ps)
2433 		hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
2434 
2435 	ret = rtw89_core_tx_write(rtwdev, vif, sta, skb, &qsel);
2436 	if (ret) {
2437 		rtw89_warn(rtwdev, "nullfunc transmit failed: %d\n", ret);
2438 		dev_kfree_skb_any(skb);
2439 		goto out;
2440 	}
2441 
2442 	rcu_read_unlock();
2443 
2444 	return rtw89_core_tx_kick_off_and_wait(rtwdev, skb, qsel,
2445 					       RTW89_ROC_TX_TIMEOUT);
2446 out:
2447 	rcu_read_unlock();
2448 
2449 	return ret;
2450 }
2451 
2452 void rtw89_roc_start(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
2453 {
2454 	struct ieee80211_hw *hw = rtwdev->hw;
2455 	struct rtw89_roc *roc = &rtwvif->roc;
2456 	struct cfg80211_chan_def roc_chan;
2457 	struct rtw89_vif *tmp;
2458 	int ret;
2459 
2460 	lockdep_assert_held(&rtwdev->mutex);
2461 
2462 	ieee80211_queue_delayed_work(hw, &rtwvif->roc.roc_work,
2463 				     msecs_to_jiffies(rtwvif->roc.duration));
2464 
2465 	rtw89_leave_ips_by_hwflags(rtwdev);
2466 	rtw89_leave_lps(rtwdev);
2467 
2468 	ret = rtw89_core_send_nullfunc(rtwdev, rtwvif, true, true);
2469 	if (ret)
2470 		rtw89_debug(rtwdev, RTW89_DBG_TXRX,
2471 			    "roc send null-1 failed: %d\n", ret);
2472 
2473 	rtw89_for_each_rtwvif(rtwdev, tmp)
2474 		if (tmp->sub_entity_idx == rtwvif->sub_entity_idx)
2475 			tmp->offchan = true;
2476 
2477 	cfg80211_chandef_create(&roc_chan, &roc->chan, NL80211_CHAN_NO_HT);
2478 	rtw89_config_roc_chandef(rtwdev, rtwvif->sub_entity_idx, &roc_chan);
2479 	rtw89_set_channel(rtwdev);
2480 	rtw89_write32_clr(rtwdev,
2481 			  rtw89_mac_reg_by_idx(R_AX_RX_FLTR_OPT, RTW89_MAC_0),
2482 			  B_AX_A_UC_CAM_MATCH | B_AX_A_BC_CAM_MATCH);
2483 
2484 	ieee80211_ready_on_channel(hw);
2485 }
2486 
2487 void rtw89_roc_end(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
2488 {
2489 	struct ieee80211_hw *hw = rtwdev->hw;
2490 	struct rtw89_roc *roc = &rtwvif->roc;
2491 	struct rtw89_vif *tmp;
2492 	int ret;
2493 
2494 	lockdep_assert_held(&rtwdev->mutex);
2495 
2496 	ieee80211_remain_on_channel_expired(hw);
2497 
2498 	rtw89_leave_ips_by_hwflags(rtwdev);
2499 	rtw89_leave_lps(rtwdev);
2500 
2501 	rtw89_write32_mask(rtwdev,
2502 			   rtw89_mac_reg_by_idx(R_AX_RX_FLTR_OPT, RTW89_MAC_0),
2503 			   B_AX_RX_FLTR_CFG_MASK,
2504 			   rtwdev->hal.rx_fltr);
2505 
2506 	roc->state = RTW89_ROC_IDLE;
2507 	rtw89_config_roc_chandef(rtwdev, rtwvif->sub_entity_idx, NULL);
2508 	rtw89_set_channel(rtwdev);
2509 	ret = rtw89_core_send_nullfunc(rtwdev, rtwvif, true, false);
2510 	if (ret)
2511 		rtw89_debug(rtwdev, RTW89_DBG_TXRX,
2512 			    "roc send null-0 failed: %d\n", ret);
2513 
2514 	rtw89_for_each_rtwvif(rtwdev, tmp)
2515 		if (tmp->sub_entity_idx == rtwvif->sub_entity_idx)
2516 			tmp->offchan = false;
2517 
2518 	rtw89_core_handle_sta_pending_tx(rtwdev, rtwvif);
2519 	queue_work(rtwdev->txq_wq, &rtwdev->txq_work);
2520 
2521 	if (hw->conf.flags & IEEE80211_CONF_IDLE)
2522 		ieee80211_queue_delayed_work(hw, &roc->roc_work,
2523 					     RTW89_ROC_IDLE_TIMEOUT);
2524 }
2525 
2526 void rtw89_roc_work(struct work_struct *work)
2527 {
2528 	struct rtw89_vif *rtwvif = container_of(work, struct rtw89_vif,
2529 						roc.roc_work.work);
2530 	struct rtw89_dev *rtwdev = rtwvif->rtwdev;
2531 	struct rtw89_roc *roc = &rtwvif->roc;
2532 
2533 	mutex_lock(&rtwdev->mutex);
2534 
2535 	switch (roc->state) {
2536 	case RTW89_ROC_IDLE:
2537 		rtw89_enter_ips_by_hwflags(rtwdev);
2538 		break;
2539 	case RTW89_ROC_MGMT:
2540 	case RTW89_ROC_NORMAL:
2541 		rtw89_roc_end(rtwdev, rtwvif);
2542 		break;
2543 	default:
2544 		break;
2545 	}
2546 
2547 	mutex_unlock(&rtwdev->mutex);
2548 }
2549 
2550 static enum rtw89_tfc_lv rtw89_get_traffic_level(struct rtw89_dev *rtwdev,
2551 						 u32 throughput, u64 cnt)
2552 {
2553 	if (cnt < 100)
2554 		return RTW89_TFC_IDLE;
2555 	if (throughput > 50)
2556 		return RTW89_TFC_HIGH;
2557 	if (throughput > 10)
2558 		return RTW89_TFC_MID;
2559 	if (throughput > 2)
2560 		return RTW89_TFC_LOW;
2561 	return RTW89_TFC_ULTRA_LOW;
2562 }
2563 
2564 static bool rtw89_traffic_stats_calc(struct rtw89_dev *rtwdev,
2565 				     struct rtw89_traffic_stats *stats)
2566 {
2567 	enum rtw89_tfc_lv tx_tfc_lv = stats->tx_tfc_lv;
2568 	enum rtw89_tfc_lv rx_tfc_lv = stats->rx_tfc_lv;
2569 
2570 	stats->tx_throughput_raw = (u32)(stats->tx_unicast >> RTW89_TP_SHIFT);
2571 	stats->rx_throughput_raw = (u32)(stats->rx_unicast >> RTW89_TP_SHIFT);
2572 
2573 	ewma_tp_add(&stats->tx_ewma_tp, stats->tx_throughput_raw);
2574 	ewma_tp_add(&stats->rx_ewma_tp, stats->rx_throughput_raw);
2575 
2576 	stats->tx_throughput = ewma_tp_read(&stats->tx_ewma_tp);
2577 	stats->rx_throughput = ewma_tp_read(&stats->rx_ewma_tp);
2578 	stats->tx_tfc_lv = rtw89_get_traffic_level(rtwdev, stats->tx_throughput,
2579 						   stats->tx_cnt);
2580 	stats->rx_tfc_lv = rtw89_get_traffic_level(rtwdev, stats->rx_throughput,
2581 						   stats->rx_cnt);
2582 	stats->tx_avg_len = stats->tx_cnt ?
2583 			    DIV_ROUND_DOWN_ULL(stats->tx_unicast, stats->tx_cnt) : 0;
2584 	stats->rx_avg_len = stats->rx_cnt ?
2585 			    DIV_ROUND_DOWN_ULL(stats->rx_unicast, stats->rx_cnt) : 0;
2586 
2587 	stats->tx_unicast = 0;
2588 	stats->rx_unicast = 0;
2589 	stats->tx_cnt = 0;
2590 	stats->rx_cnt = 0;
2591 	stats->rx_tf_periodic = stats->rx_tf_acc;
2592 	stats->rx_tf_acc = 0;
2593 
2594 	if (tx_tfc_lv != stats->tx_tfc_lv || rx_tfc_lv != stats->rx_tfc_lv)
2595 		return true;
2596 
2597 	return false;
2598 }
2599 
2600 static bool rtw89_traffic_stats_track(struct rtw89_dev *rtwdev)
2601 {
2602 	struct rtw89_vif *rtwvif;
2603 	bool tfc_changed;
2604 
2605 	tfc_changed = rtw89_traffic_stats_calc(rtwdev, &rtwdev->stats);
2606 	rtw89_for_each_rtwvif(rtwdev, rtwvif) {
2607 		rtw89_traffic_stats_calc(rtwdev, &rtwvif->stats);
2608 		rtw89_fw_h2c_tp_offload(rtwdev, rtwvif);
2609 	}
2610 
2611 	return tfc_changed;
2612 }
2613 
2614 static void rtw89_vif_enter_lps(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif)
2615 {
2616 	if ((rtwvif->wifi_role != RTW89_WIFI_ROLE_STATION &&
2617 	     rtwvif->wifi_role != RTW89_WIFI_ROLE_P2P_CLIENT) ||
2618 	    rtwvif->tdls_peer)
2619 		return;
2620 
2621 	if (rtwvif->offchan)
2622 		return;
2623 
2624 	if (rtwvif->stats.tx_tfc_lv == RTW89_TFC_IDLE &&
2625 	    rtwvif->stats.rx_tfc_lv == RTW89_TFC_IDLE)
2626 		rtw89_enter_lps(rtwdev, rtwvif, true);
2627 }
2628 
2629 static void rtw89_enter_lps_track(struct rtw89_dev *rtwdev)
2630 {
2631 	struct rtw89_vif *rtwvif;
2632 
2633 	rtw89_for_each_rtwvif(rtwdev, rtwvif)
2634 		rtw89_vif_enter_lps(rtwdev, rtwvif);
2635 }
2636 
2637 void rtw89_traffic_stats_init(struct rtw89_dev *rtwdev,
2638 			      struct rtw89_traffic_stats *stats)
2639 {
2640 	stats->tx_unicast = 0;
2641 	stats->rx_unicast = 0;
2642 	stats->tx_cnt = 0;
2643 	stats->rx_cnt = 0;
2644 	ewma_tp_init(&stats->tx_ewma_tp);
2645 	ewma_tp_init(&stats->rx_ewma_tp);
2646 }
2647 
2648 static void rtw89_track_work(struct work_struct *work)
2649 {
2650 	struct rtw89_dev *rtwdev = container_of(work, struct rtw89_dev,
2651 						track_work.work);
2652 	bool tfc_changed;
2653 
2654 	if (test_bit(RTW89_FLAG_FORBIDDEN_TRACK_WROK, rtwdev->flags))
2655 		return;
2656 
2657 	mutex_lock(&rtwdev->mutex);
2658 
2659 	if (!test_bit(RTW89_FLAG_RUNNING, rtwdev->flags))
2660 		goto out;
2661 
2662 	ieee80211_queue_delayed_work(rtwdev->hw, &rtwdev->track_work,
2663 				     RTW89_TRACK_WORK_PERIOD);
2664 
2665 	tfc_changed = rtw89_traffic_stats_track(rtwdev);
2666 	if (rtwdev->scanning)
2667 		goto out;
2668 
2669 	rtw89_leave_lps(rtwdev);
2670 
2671 	if (tfc_changed) {
2672 		rtw89_hci_recalc_int_mit(rtwdev);
2673 		rtw89_btc_ntfy_wl_sta(rtwdev);
2674 	}
2675 	rtw89_mac_bf_monitor_track(rtwdev);
2676 	rtw89_phy_stat_track(rtwdev);
2677 	rtw89_phy_env_monitor_track(rtwdev);
2678 	rtw89_phy_dig(rtwdev);
2679 	rtw89_chip_rfk_track(rtwdev);
2680 	rtw89_phy_ra_update(rtwdev);
2681 	rtw89_phy_cfo_track(rtwdev);
2682 	rtw89_phy_tx_path_div_track(rtwdev);
2683 	rtw89_phy_antdiv_track(rtwdev);
2684 	rtw89_phy_ul_tb_ctrl_track(rtwdev);
2685 
2686 	if (rtwdev->lps_enabled && !rtwdev->btc.lps)
2687 		rtw89_enter_lps_track(rtwdev);
2688 
2689 out:
2690 	mutex_unlock(&rtwdev->mutex);
2691 }
2692 
2693 u8 rtw89_core_acquire_bit_map(unsigned long *addr, unsigned long size)
2694 {
2695 	unsigned long bit;
2696 
2697 	bit = find_first_zero_bit(addr, size);
2698 	if (bit < size)
2699 		set_bit(bit, addr);
2700 
2701 	return bit;
2702 }
2703 
2704 void rtw89_core_release_bit_map(unsigned long *addr, u8 bit)
2705 {
2706 	clear_bit(bit, addr);
2707 }
2708 
2709 void rtw89_core_release_all_bits_map(unsigned long *addr, unsigned int nbits)
2710 {
2711 	bitmap_zero(addr, nbits);
2712 }
2713 
2714 int rtw89_core_acquire_sta_ba_entry(struct rtw89_dev *rtwdev,
2715 				    struct rtw89_sta *rtwsta, u8 tid, u8 *cam_idx)
2716 {
2717 	const struct rtw89_chip_info *chip = rtwdev->chip;
2718 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
2719 	struct rtw89_ba_cam_entry *entry = NULL, *tmp;
2720 	u8 idx;
2721 	int i;
2722 
2723 	lockdep_assert_held(&rtwdev->mutex);
2724 
2725 	idx = rtw89_core_acquire_bit_map(cam_info->ba_cam_map, chip->bacam_num);
2726 	if (idx == chip->bacam_num) {
2727 		/* allocate a static BA CAM to tid=0/5, so replace the existing
2728 		 * one if BA CAM is full. Hardware will process the original tid
2729 		 * automatically.
2730 		 */
2731 		if (tid != 0 && tid != 5)
2732 			return -ENOSPC;
2733 
2734 		for_each_set_bit(i, cam_info->ba_cam_map, chip->bacam_num) {
2735 			tmp = &cam_info->ba_cam_entry[i];
2736 			if (tmp->tid == 0 || tmp->tid == 5)
2737 				continue;
2738 
2739 			idx = i;
2740 			entry = tmp;
2741 			list_del(&entry->list);
2742 			break;
2743 		}
2744 
2745 		if (!entry)
2746 			return -ENOSPC;
2747 	} else {
2748 		entry = &cam_info->ba_cam_entry[idx];
2749 	}
2750 
2751 	entry->tid = tid;
2752 	list_add_tail(&entry->list, &rtwsta->ba_cam_list);
2753 
2754 	*cam_idx = idx;
2755 
2756 	return 0;
2757 }
2758 
2759 int rtw89_core_release_sta_ba_entry(struct rtw89_dev *rtwdev,
2760 				    struct rtw89_sta *rtwsta, u8 tid, u8 *cam_idx)
2761 {
2762 	struct rtw89_cam_info *cam_info = &rtwdev->cam_info;
2763 	struct rtw89_ba_cam_entry *entry = NULL, *tmp;
2764 	u8 idx;
2765 
2766 	lockdep_assert_held(&rtwdev->mutex);
2767 
2768 	list_for_each_entry_safe(entry, tmp, &rtwsta->ba_cam_list, list) {
2769 		if (entry->tid != tid)
2770 			continue;
2771 
2772 		idx = entry - cam_info->ba_cam_entry;
2773 		list_del(&entry->list);
2774 
2775 		rtw89_core_release_bit_map(cam_info->ba_cam_map, idx);
2776 		*cam_idx = idx;
2777 		return 0;
2778 	}
2779 
2780 	return -ENOENT;
2781 }
2782 
2783 #define RTW89_TYPE_MAPPING(_type)	\
2784 	case NL80211_IFTYPE_ ## _type:	\
2785 		rtwvif->wifi_role = RTW89_WIFI_ROLE_ ## _type;	\
2786 		break
2787 void rtw89_vif_type_mapping(struct ieee80211_vif *vif, bool assoc)
2788 {
2789 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
2790 
2791 	switch (vif->type) {
2792 	case NL80211_IFTYPE_STATION:
2793 		if (vif->p2p)
2794 			rtwvif->wifi_role = RTW89_WIFI_ROLE_P2P_CLIENT;
2795 		else
2796 			rtwvif->wifi_role = RTW89_WIFI_ROLE_STATION;
2797 		break;
2798 	case NL80211_IFTYPE_AP:
2799 		if (vif->p2p)
2800 			rtwvif->wifi_role = RTW89_WIFI_ROLE_P2P_GO;
2801 		else
2802 			rtwvif->wifi_role = RTW89_WIFI_ROLE_AP;
2803 		break;
2804 	RTW89_TYPE_MAPPING(ADHOC);
2805 	RTW89_TYPE_MAPPING(MONITOR);
2806 	RTW89_TYPE_MAPPING(MESH_POINT);
2807 	default:
2808 		WARN_ON(1);
2809 		break;
2810 	}
2811 
2812 	switch (vif->type) {
2813 	case NL80211_IFTYPE_AP:
2814 	case NL80211_IFTYPE_MESH_POINT:
2815 		rtwvif->net_type = RTW89_NET_TYPE_AP_MODE;
2816 		rtwvif->self_role = RTW89_SELF_ROLE_AP;
2817 		break;
2818 	case NL80211_IFTYPE_ADHOC:
2819 		rtwvif->net_type = RTW89_NET_TYPE_AD_HOC;
2820 		rtwvif->self_role = RTW89_SELF_ROLE_CLIENT;
2821 		break;
2822 	case NL80211_IFTYPE_STATION:
2823 		if (assoc) {
2824 			rtwvif->net_type = RTW89_NET_TYPE_INFRA;
2825 			rtwvif->trigger = vif->bss_conf.he_support;
2826 		} else {
2827 			rtwvif->net_type = RTW89_NET_TYPE_NO_LINK;
2828 			rtwvif->trigger = false;
2829 		}
2830 		rtwvif->self_role = RTW89_SELF_ROLE_CLIENT;
2831 		rtwvif->addr_cam.sec_ent_mode = RTW89_ADDR_CAM_SEC_NORMAL;
2832 		break;
2833 	case NL80211_IFTYPE_MONITOR:
2834 		break;
2835 	default:
2836 		WARN_ON(1);
2837 		break;
2838 	}
2839 }
2840 
2841 int rtw89_core_sta_add(struct rtw89_dev *rtwdev,
2842 		       struct ieee80211_vif *vif,
2843 		       struct ieee80211_sta *sta)
2844 {
2845 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
2846 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2847 	struct rtw89_hal *hal = &rtwdev->hal;
2848 	u8 ant_num = hal->ant_diversity ? 2 : rtwdev->chip->rf_path_num;
2849 	int i;
2850 	int ret;
2851 
2852 	rtwsta->rtwdev = rtwdev;
2853 	rtwsta->rtwvif = rtwvif;
2854 	rtwsta->prev_rssi = 0;
2855 	INIT_LIST_HEAD(&rtwsta->ba_cam_list);
2856 	skb_queue_head_init(&rtwsta->roc_queue);
2857 
2858 	for (i = 0; i < ARRAY_SIZE(sta->txq); i++)
2859 		rtw89_core_txq_init(rtwdev, sta->txq[i]);
2860 
2861 	ewma_rssi_init(&rtwsta->avg_rssi);
2862 	ewma_snr_init(&rtwsta->avg_snr);
2863 	for (i = 0; i < ant_num; i++) {
2864 		ewma_rssi_init(&rtwsta->rssi[i]);
2865 		ewma_evm_init(&rtwsta->evm_min[i]);
2866 		ewma_evm_init(&rtwsta->evm_max[i]);
2867 	}
2868 
2869 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
2870 		/* for station mode, assign the mac_id from itself */
2871 		rtwsta->mac_id = rtwvif->mac_id;
2872 		/* must do rtw89_reg_6ghz_power_recalc() before rfk channel */
2873 		rtw89_reg_6ghz_power_recalc(rtwdev, rtwvif, true);
2874 		rtw89_btc_ntfy_role_info(rtwdev, rtwvif, rtwsta,
2875 					 BTC_ROLE_MSTS_STA_CONN_START);
2876 		rtw89_chip_rfk_channel(rtwdev);
2877 	} else if (vif->type == NL80211_IFTYPE_AP || sta->tdls) {
2878 		rtwsta->mac_id = rtw89_core_acquire_bit_map(rtwdev->mac_id_map,
2879 							    RTW89_MAX_MAC_ID_NUM);
2880 		if (rtwsta->mac_id == RTW89_MAX_MAC_ID_NUM)
2881 			return -ENOSPC;
2882 
2883 		ret = rtw89_mac_set_macid_pause(rtwdev, rtwsta->mac_id, false);
2884 		if (ret) {
2885 			rtw89_core_release_bit_map(rtwdev->mac_id_map, rtwsta->mac_id);
2886 			rtw89_warn(rtwdev, "failed to send h2c macid pause\n");
2887 			return ret;
2888 		}
2889 
2890 		ret = rtw89_fw_h2c_role_maintain(rtwdev, rtwvif, rtwsta,
2891 						 RTW89_ROLE_CREATE);
2892 		if (ret) {
2893 			rtw89_core_release_bit_map(rtwdev->mac_id_map, rtwsta->mac_id);
2894 			rtw89_warn(rtwdev, "failed to send h2c role info\n");
2895 			return ret;
2896 		}
2897 	}
2898 
2899 	return 0;
2900 }
2901 
2902 int rtw89_core_sta_disassoc(struct rtw89_dev *rtwdev,
2903 			    struct ieee80211_vif *vif,
2904 			    struct ieee80211_sta *sta)
2905 {
2906 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
2907 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2908 
2909 	if (vif->type == NL80211_IFTYPE_STATION)
2910 		rtw89_fw_h2c_set_bcn_fltr_cfg(rtwdev, vif, false);
2911 
2912 	rtwdev->total_sta_assoc--;
2913 	if (sta->tdls)
2914 		rtwvif->tdls_peer--;
2915 	rtwsta->disassoc = true;
2916 
2917 	return 0;
2918 }
2919 
2920 int rtw89_core_sta_disconnect(struct rtw89_dev *rtwdev,
2921 			      struct ieee80211_vif *vif,
2922 			      struct ieee80211_sta *sta)
2923 {
2924 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
2925 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2926 	int ret;
2927 
2928 	rtw89_mac_bf_monitor_calc(rtwdev, sta, true);
2929 	rtw89_mac_bf_disassoc(rtwdev, vif, sta);
2930 	rtw89_core_free_sta_pending_ba(rtwdev, sta);
2931 	rtw89_core_free_sta_pending_forbid_ba(rtwdev, sta);
2932 	rtw89_core_free_sta_pending_roc_tx(rtwdev, sta);
2933 
2934 	if (vif->type == NL80211_IFTYPE_AP || sta->tdls)
2935 		rtw89_cam_deinit_addr_cam(rtwdev, &rtwsta->addr_cam);
2936 	if (sta->tdls)
2937 		rtw89_cam_deinit_bssid_cam(rtwdev, &rtwsta->bssid_cam);
2938 
2939 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
2940 		rtw89_vif_type_mapping(vif, false);
2941 		rtw89_fw_release_general_pkt_list_vif(rtwdev, rtwvif, true);
2942 	}
2943 
2944 	ret = rtw89_fw_h2c_assoc_cmac_tbl(rtwdev, vif, sta);
2945 	if (ret) {
2946 		rtw89_warn(rtwdev, "failed to send h2c cmac table\n");
2947 		return ret;
2948 	}
2949 
2950 	ret = rtw89_fw_h2c_join_info(rtwdev, rtwvif, rtwsta, true);
2951 	if (ret) {
2952 		rtw89_warn(rtwdev, "failed to send h2c join info\n");
2953 		return ret;
2954 	}
2955 
2956 	/* update cam aid mac_id net_type */
2957 	ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL);
2958 	if (ret) {
2959 		rtw89_warn(rtwdev, "failed to send h2c cam\n");
2960 		return ret;
2961 	}
2962 
2963 	return ret;
2964 }
2965 
2966 int rtw89_core_sta_assoc(struct rtw89_dev *rtwdev,
2967 			 struct ieee80211_vif *vif,
2968 			 struct ieee80211_sta *sta)
2969 {
2970 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
2971 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
2972 	struct rtw89_bssid_cam_entry *bssid_cam = rtw89_get_bssid_cam_of(rtwvif, rtwsta);
2973 	int ret;
2974 
2975 	if (vif->type == NL80211_IFTYPE_AP || sta->tdls) {
2976 		if (sta->tdls) {
2977 			ret = rtw89_cam_init_bssid_cam(rtwdev, rtwvif, bssid_cam, sta->addr);
2978 			if (ret) {
2979 				rtw89_warn(rtwdev, "failed to send h2c init bssid cam for TDLS\n");
2980 				return ret;
2981 			}
2982 		}
2983 
2984 		ret = rtw89_cam_init_addr_cam(rtwdev, &rtwsta->addr_cam, bssid_cam);
2985 		if (ret) {
2986 			rtw89_warn(rtwdev, "failed to send h2c init addr cam\n");
2987 			return ret;
2988 		}
2989 	}
2990 
2991 	ret = rtw89_fw_h2c_assoc_cmac_tbl(rtwdev, vif, sta);
2992 	if (ret) {
2993 		rtw89_warn(rtwdev, "failed to send h2c cmac table\n");
2994 		return ret;
2995 	}
2996 
2997 	ret = rtw89_fw_h2c_join_info(rtwdev, rtwvif, rtwsta, false);
2998 	if (ret) {
2999 		rtw89_warn(rtwdev, "failed to send h2c join info\n");
3000 		return ret;
3001 	}
3002 
3003 	/* update cam aid mac_id net_type */
3004 	ret = rtw89_fw_h2c_cam(rtwdev, rtwvif, rtwsta, NULL);
3005 	if (ret) {
3006 		rtw89_warn(rtwdev, "failed to send h2c cam\n");
3007 		return ret;
3008 	}
3009 
3010 	rtwdev->total_sta_assoc++;
3011 	if (sta->tdls)
3012 		rtwvif->tdls_peer++;
3013 	rtw89_phy_ra_assoc(rtwdev, sta);
3014 	rtw89_mac_bf_assoc(rtwdev, vif, sta);
3015 	rtw89_mac_bf_monitor_calc(rtwdev, sta, false);
3016 
3017 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
3018 		struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
3019 
3020 		if (bss_conf->he_support &&
3021 		    !(bss_conf->he_oper.params & IEEE80211_HE_OPERATION_ER_SU_DISABLE))
3022 			rtwsta->er_cap = true;
3023 
3024 		rtw89_btc_ntfy_role_info(rtwdev, rtwvif, rtwsta,
3025 					 BTC_ROLE_MSTS_STA_CONN_END);
3026 		rtw89_core_get_no_ul_ofdma_htc(rtwdev, &rtwsta->htc_template);
3027 		rtw89_phy_ul_tb_assoc(rtwdev, rtwvif);
3028 
3029 		ret = rtw89_fw_h2c_general_pkt(rtwdev, rtwvif, rtwsta->mac_id);
3030 		if (ret) {
3031 			rtw89_warn(rtwdev, "failed to send h2c general packet\n");
3032 			return ret;
3033 		}
3034 	}
3035 
3036 	return ret;
3037 }
3038 
3039 int rtw89_core_sta_remove(struct rtw89_dev *rtwdev,
3040 			  struct ieee80211_vif *vif,
3041 			  struct ieee80211_sta *sta)
3042 {
3043 	struct rtw89_vif *rtwvif = (struct rtw89_vif *)vif->drv_priv;
3044 	struct rtw89_sta *rtwsta = (struct rtw89_sta *)sta->drv_priv;
3045 	int ret;
3046 
3047 	if (vif->type == NL80211_IFTYPE_STATION && !sta->tdls) {
3048 		rtw89_reg_6ghz_power_recalc(rtwdev, rtwvif, false);
3049 		rtw89_btc_ntfy_role_info(rtwdev, rtwvif, rtwsta,
3050 					 BTC_ROLE_MSTS_STA_DIS_CONN);
3051 	} else if (vif->type == NL80211_IFTYPE_AP || sta->tdls) {
3052 		rtw89_core_release_bit_map(rtwdev->mac_id_map, rtwsta->mac_id);
3053 
3054 		ret = rtw89_fw_h2c_role_maintain(rtwdev, rtwvif, rtwsta,
3055 						 RTW89_ROLE_REMOVE);
3056 		if (ret) {
3057 			rtw89_warn(rtwdev, "failed to send h2c role info\n");
3058 			return ret;
3059 		}
3060 	}
3061 
3062 	return 0;
3063 }
3064 
3065 static void _rtw89_core_set_tid_config(struct rtw89_dev *rtwdev,
3066 				       struct ieee80211_sta *sta,
3067 				       struct cfg80211_tid_cfg *tid_conf)
3068 {
3069 	struct ieee80211_txq *txq;
3070 	struct rtw89_txq *rtwtxq;
3071 	u32 mask = tid_conf->mask;
3072 	u8 tids = tid_conf->tids;
3073 	int tids_nbit = BITS_PER_BYTE;
3074 	int i;
3075 
3076 	for (i = 0; i < tids_nbit; i++, tids >>= 1) {
3077 		if (!tids)
3078 			break;
3079 
3080 		if (!(tids & BIT(0)))
3081 			continue;
3082 
3083 		txq = sta->txq[i];
3084 		rtwtxq = (struct rtw89_txq *)txq->drv_priv;
3085 
3086 		if (mask & BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL)) {
3087 			if (tid_conf->ampdu == NL80211_TID_CONFIG_ENABLE) {
3088 				clear_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
3089 			} else {
3090 				if (test_bit(RTW89_TXQ_F_AMPDU, &rtwtxq->flags))
3091 					ieee80211_stop_tx_ba_session(sta, txq->tid);
3092 				spin_lock_bh(&rtwdev->ba_lock);
3093 				list_del_init(&rtwtxq->list);
3094 				set_bit(RTW89_TXQ_F_FORBID_BA, &rtwtxq->flags);
3095 				spin_unlock_bh(&rtwdev->ba_lock);
3096 			}
3097 		}
3098 
3099 		if (mask & BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL) && tids == 0xff) {
3100 			if (tid_conf->amsdu == NL80211_TID_CONFIG_ENABLE)
3101 				sta->max_amsdu_subframes = 0;
3102 			else
3103 				sta->max_amsdu_subframes = 1;
3104 		}
3105 	}
3106 }
3107 
3108 void rtw89_core_set_tid_config(struct rtw89_dev *rtwdev,
3109 			       struct ieee80211_sta *sta,
3110 			       struct cfg80211_tid_config *tid_config)
3111 {
3112 	int i;
3113 
3114 	for (i = 0; i < tid_config->n_tid_conf; i++)
3115 		_rtw89_core_set_tid_config(rtwdev, sta,
3116 					   &tid_config->tid_conf[i]);
3117 }
3118 
3119 static void rtw89_init_ht_cap(struct rtw89_dev *rtwdev,
3120 			      struct ieee80211_sta_ht_cap *ht_cap)
3121 {
3122 	static const __le16 highest[RF_PATH_MAX] = {
3123 		cpu_to_le16(150), cpu_to_le16(300), cpu_to_le16(450), cpu_to_le16(600),
3124 	};
3125 	struct rtw89_hal *hal = &rtwdev->hal;
3126 	u8 nss = hal->rx_nss;
3127 	int i;
3128 
3129 	ht_cap->ht_supported = true;
3130 	ht_cap->cap = 0;
3131 	ht_cap->cap |= IEEE80211_HT_CAP_SGI_20 |
3132 		       IEEE80211_HT_CAP_MAX_AMSDU |
3133 		       IEEE80211_HT_CAP_TX_STBC |
3134 		       (1 << IEEE80211_HT_CAP_RX_STBC_SHIFT);
3135 	ht_cap->cap |= IEEE80211_HT_CAP_LDPC_CODING;
3136 	ht_cap->cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40 |
3137 		       IEEE80211_HT_CAP_DSSSCCK40 |
3138 		       IEEE80211_HT_CAP_SGI_40;
3139 	ht_cap->ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
3140 	ht_cap->ampdu_density = IEEE80211_HT_MPDU_DENSITY_NONE;
3141 	ht_cap->mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
3142 	for (i = 0; i < nss; i++)
3143 		ht_cap->mcs.rx_mask[i] = 0xFF;
3144 	ht_cap->mcs.rx_mask[4] = 0x01;
3145 	ht_cap->mcs.rx_highest = highest[nss - 1];
3146 }
3147 
3148 static void rtw89_init_vht_cap(struct rtw89_dev *rtwdev,
3149 			       struct ieee80211_sta_vht_cap *vht_cap)
3150 {
3151 	static const __le16 highest_bw80[RF_PATH_MAX] = {
3152 		cpu_to_le16(433), cpu_to_le16(867), cpu_to_le16(1300), cpu_to_le16(1733),
3153 	};
3154 	static const __le16 highest_bw160[RF_PATH_MAX] = {
3155 		cpu_to_le16(867), cpu_to_le16(1733), cpu_to_le16(2600), cpu_to_le16(3467),
3156 	};
3157 	const struct rtw89_chip_info *chip = rtwdev->chip;
3158 	const __le16 *highest = chip->support_bw160 ? highest_bw160 : highest_bw80;
3159 	struct rtw89_hal *hal = &rtwdev->hal;
3160 	u16 tx_mcs_map = 0, rx_mcs_map = 0;
3161 	u8 sts_cap = 3;
3162 	int i;
3163 
3164 	for (i = 0; i < 8; i++) {
3165 		if (i < hal->tx_nss)
3166 			tx_mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
3167 		else
3168 			tx_mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
3169 		if (i < hal->rx_nss)
3170 			rx_mcs_map |= IEEE80211_VHT_MCS_SUPPORT_0_9 << (i * 2);
3171 		else
3172 			rx_mcs_map |= IEEE80211_VHT_MCS_NOT_SUPPORTED << (i * 2);
3173 	}
3174 
3175 	vht_cap->vht_supported = true;
3176 	vht_cap->cap = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454 |
3177 		       IEEE80211_VHT_CAP_SHORT_GI_80 |
3178 		       IEEE80211_VHT_CAP_RXSTBC_1 |
3179 		       IEEE80211_VHT_CAP_HTC_VHT |
3180 		       IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK |
3181 		       0;
3182 	vht_cap->cap |= IEEE80211_VHT_CAP_TXSTBC;
3183 	vht_cap->cap |= IEEE80211_VHT_CAP_RXLDPC;
3184 	vht_cap->cap |= IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
3185 			IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
3186 	vht_cap->cap |= sts_cap << IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT;
3187 	if (chip->support_bw160)
3188 		vht_cap->cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ |
3189 				IEEE80211_VHT_CAP_SHORT_GI_160;
3190 	vht_cap->vht_mcs.rx_mcs_map = cpu_to_le16(rx_mcs_map);
3191 	vht_cap->vht_mcs.tx_mcs_map = cpu_to_le16(tx_mcs_map);
3192 	vht_cap->vht_mcs.rx_highest = highest[hal->rx_nss - 1];
3193 	vht_cap->vht_mcs.tx_highest = highest[hal->tx_nss - 1];
3194 }
3195 
3196 #define RTW89_SBAND_IFTYPES_NR 2
3197 
3198 static void rtw89_init_he_cap(struct rtw89_dev *rtwdev,
3199 			      enum nl80211_band band,
3200 			      struct ieee80211_supported_band *sband)
3201 {
3202 	const struct rtw89_chip_info *chip = rtwdev->chip;
3203 	struct rtw89_hal *hal = &rtwdev->hal;
3204 	struct ieee80211_sband_iftype_data *iftype_data;
3205 	bool no_ng16 = (chip->chip_id == RTL8852A && hal->cv == CHIP_CBV) ||
3206 		       (chip->chip_id == RTL8852B && hal->cv == CHIP_CAV);
3207 	u16 mcs_map = 0;
3208 	int i;
3209 	int nss = hal->rx_nss;
3210 	int idx = 0;
3211 
3212 	iftype_data = kcalloc(RTW89_SBAND_IFTYPES_NR, sizeof(*iftype_data), GFP_KERNEL);
3213 	if (!iftype_data)
3214 		return;
3215 
3216 	for (i = 0; i < 8; i++) {
3217 		if (i < nss)
3218 			mcs_map |= IEEE80211_HE_MCS_SUPPORT_0_11 << (i * 2);
3219 		else
3220 			mcs_map |= IEEE80211_HE_MCS_NOT_SUPPORTED << (i * 2);
3221 	}
3222 
3223 	for (i = 0; i < NUM_NL80211_IFTYPES; i++) {
3224 		struct ieee80211_sta_he_cap *he_cap;
3225 		u8 *mac_cap_info;
3226 		u8 *phy_cap_info;
3227 
3228 		switch (i) {
3229 		case NL80211_IFTYPE_STATION:
3230 		case NL80211_IFTYPE_AP:
3231 			break;
3232 		default:
3233 			continue;
3234 		}
3235 
3236 		if (idx >= RTW89_SBAND_IFTYPES_NR) {
3237 			rtw89_warn(rtwdev, "run out of iftype_data\n");
3238 			break;
3239 		}
3240 
3241 		iftype_data[idx].types_mask = BIT(i);
3242 		he_cap = &iftype_data[idx].he_cap;
3243 		mac_cap_info = he_cap->he_cap_elem.mac_cap_info;
3244 		phy_cap_info = he_cap->he_cap_elem.phy_cap_info;
3245 
3246 		he_cap->has_he = true;
3247 		mac_cap_info[0] = IEEE80211_HE_MAC_CAP0_HTC_HE;
3248 		if (i == NL80211_IFTYPE_STATION)
3249 			mac_cap_info[1] = IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_16US;
3250 		mac_cap_info[2] = IEEE80211_HE_MAC_CAP2_ALL_ACK |
3251 				  IEEE80211_HE_MAC_CAP2_BSR;
3252 		mac_cap_info[3] = IEEE80211_HE_MAC_CAP3_MAX_AMPDU_LEN_EXP_EXT_2;
3253 		if (i == NL80211_IFTYPE_AP)
3254 			mac_cap_info[3] |= IEEE80211_HE_MAC_CAP3_OMI_CONTROL;
3255 		mac_cap_info[4] = IEEE80211_HE_MAC_CAP4_OPS |
3256 				  IEEE80211_HE_MAC_CAP4_AMSDU_IN_AMPDU;
3257 		if (i == NL80211_IFTYPE_STATION)
3258 			mac_cap_info[5] = IEEE80211_HE_MAC_CAP5_HT_VHT_TRIG_FRAME_RX;
3259 		if (band == NL80211_BAND_2GHZ) {
3260 			phy_cap_info[0] =
3261 				IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G;
3262 		} else {
3263 			phy_cap_info[0] =
3264 				IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G;
3265 			if (chip->support_bw160)
3266 				phy_cap_info[0] |= IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
3267 		}
3268 		phy_cap_info[1] = IEEE80211_HE_PHY_CAP1_DEVICE_CLASS_A |
3269 				  IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD |
3270 				  IEEE80211_HE_PHY_CAP1_HE_LTF_AND_GI_FOR_HE_PPDUS_0_8US;
3271 		phy_cap_info[2] = IEEE80211_HE_PHY_CAP2_NDP_4x_LTF_AND_3_2US |
3272 				  IEEE80211_HE_PHY_CAP2_STBC_TX_UNDER_80MHZ |
3273 				  IEEE80211_HE_PHY_CAP2_STBC_RX_UNDER_80MHZ |
3274 				  IEEE80211_HE_PHY_CAP2_DOPPLER_TX;
3275 		phy_cap_info[3] = IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_RX_16_QAM;
3276 		if (i == NL80211_IFTYPE_STATION)
3277 			phy_cap_info[3] |= IEEE80211_HE_PHY_CAP3_DCM_MAX_CONST_TX_16_QAM |
3278 					   IEEE80211_HE_PHY_CAP3_DCM_MAX_TX_NSS_2;
3279 		if (i == NL80211_IFTYPE_AP)
3280 			phy_cap_info[3] |= IEEE80211_HE_PHY_CAP3_RX_PARTIAL_BW_SU_IN_20MHZ_MU;
3281 		phy_cap_info[4] = IEEE80211_HE_PHY_CAP4_SU_BEAMFORMEE |
3282 				  IEEE80211_HE_PHY_CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_4;
3283 		if (chip->support_bw160)
3284 			phy_cap_info[4] |= IEEE80211_HE_PHY_CAP4_BEAMFORMEE_MAX_STS_ABOVE_80MHZ_4;
3285 		phy_cap_info[5] = no_ng16 ? 0 :
3286 				  IEEE80211_HE_PHY_CAP5_NG16_SU_FEEDBACK |
3287 				  IEEE80211_HE_PHY_CAP5_NG16_MU_FEEDBACK;
3288 		phy_cap_info[6] = IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_42_SU |
3289 				  IEEE80211_HE_PHY_CAP6_CODEBOOK_SIZE_75_MU |
3290 				  IEEE80211_HE_PHY_CAP6_TRIG_SU_BEAMFORMING_FB |
3291 				  IEEE80211_HE_PHY_CAP6_PARTIAL_BW_EXT_RANGE;
3292 		phy_cap_info[7] = IEEE80211_HE_PHY_CAP7_POWER_BOOST_FACTOR_SUPP |
3293 				  IEEE80211_HE_PHY_CAP7_HE_SU_MU_PPDU_4XLTF_AND_08_US_GI |
3294 				  IEEE80211_HE_PHY_CAP7_MAX_NC_1;
3295 		phy_cap_info[8] = IEEE80211_HE_PHY_CAP8_HE_ER_SU_PPDU_4XLTF_AND_08_US_GI |
3296 				  IEEE80211_HE_PHY_CAP8_HE_ER_SU_1XLTF_AND_08_US_GI |
3297 				  IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_996;
3298 		if (chip->support_bw160)
3299 			phy_cap_info[8] |= IEEE80211_HE_PHY_CAP8_20MHZ_IN_160MHZ_HE_PPDU |
3300 					   IEEE80211_HE_PHY_CAP8_80MHZ_IN_160MHZ_HE_PPDU;
3301 		phy_cap_info[9] = IEEE80211_HE_PHY_CAP9_LONGER_THAN_16_SIGB_OFDM_SYM |
3302 				  IEEE80211_HE_PHY_CAP9_RX_1024_QAM_LESS_THAN_242_TONE_RU |
3303 				  IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_COMP_SIGB |
3304 				  IEEE80211_HE_PHY_CAP9_RX_FULL_BW_SU_USING_MU_WITH_NON_COMP_SIGB |
3305 				  u8_encode_bits(IEEE80211_HE_PHY_CAP9_NOMINAL_PKT_PADDING_16US,
3306 						 IEEE80211_HE_PHY_CAP9_NOMINAL_PKT_PADDING_MASK);
3307 		if (i == NL80211_IFTYPE_STATION)
3308 			phy_cap_info[9] |= IEEE80211_HE_PHY_CAP9_TX_1024_QAM_LESS_THAN_242_TONE_RU;
3309 		he_cap->he_mcs_nss_supp.rx_mcs_80 = cpu_to_le16(mcs_map);
3310 		he_cap->he_mcs_nss_supp.tx_mcs_80 = cpu_to_le16(mcs_map);
3311 		if (chip->support_bw160) {
3312 			he_cap->he_mcs_nss_supp.rx_mcs_160 = cpu_to_le16(mcs_map);
3313 			he_cap->he_mcs_nss_supp.tx_mcs_160 = cpu_to_le16(mcs_map);
3314 		}
3315 
3316 		if (band == NL80211_BAND_6GHZ) {
3317 			__le16 capa;
3318 
3319 			capa = le16_encode_bits(IEEE80211_HT_MPDU_DENSITY_NONE,
3320 						IEEE80211_HE_6GHZ_CAP_MIN_MPDU_START) |
3321 			       le16_encode_bits(IEEE80211_VHT_MAX_AMPDU_1024K,
3322 						IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP) |
3323 			       le16_encode_bits(IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454,
3324 						IEEE80211_HE_6GHZ_CAP_MAX_MPDU_LEN);
3325 			iftype_data[idx].he_6ghz_capa.capa = capa;
3326 		}
3327 
3328 		idx++;
3329 	}
3330 
3331 	sband->iftype_data = iftype_data;
3332 	sband->n_iftype_data = idx;
3333 }
3334 
3335 static int rtw89_core_set_supported_band(struct rtw89_dev *rtwdev)
3336 {
3337 	struct ieee80211_hw *hw = rtwdev->hw;
3338 	struct ieee80211_supported_band *sband_2ghz = NULL, *sband_5ghz = NULL;
3339 	struct ieee80211_supported_band *sband_6ghz = NULL;
3340 	u32 size = sizeof(struct ieee80211_supported_band);
3341 	u8 support_bands = rtwdev->chip->support_bands;
3342 
3343 	if (support_bands & BIT(NL80211_BAND_2GHZ)) {
3344 		sband_2ghz = kmemdup(&rtw89_sband_2ghz, size, GFP_KERNEL);
3345 		if (!sband_2ghz)
3346 			goto err;
3347 		rtw89_init_ht_cap(rtwdev, &sband_2ghz->ht_cap);
3348 		rtw89_init_he_cap(rtwdev, NL80211_BAND_2GHZ, sband_2ghz);
3349 		hw->wiphy->bands[NL80211_BAND_2GHZ] = sband_2ghz;
3350 	}
3351 
3352 	if (support_bands & BIT(NL80211_BAND_5GHZ)) {
3353 		sband_5ghz = kmemdup(&rtw89_sband_5ghz, size, GFP_KERNEL);
3354 		if (!sband_5ghz)
3355 			goto err;
3356 		rtw89_init_ht_cap(rtwdev, &sband_5ghz->ht_cap);
3357 		rtw89_init_vht_cap(rtwdev, &sband_5ghz->vht_cap);
3358 		rtw89_init_he_cap(rtwdev, NL80211_BAND_5GHZ, sband_5ghz);
3359 		hw->wiphy->bands[NL80211_BAND_5GHZ] = sband_5ghz;
3360 	}
3361 
3362 	if (support_bands & BIT(NL80211_BAND_6GHZ)) {
3363 		sband_6ghz = kmemdup(&rtw89_sband_6ghz, size, GFP_KERNEL);
3364 		if (!sband_6ghz)
3365 			goto err;
3366 		rtw89_init_he_cap(rtwdev, NL80211_BAND_6GHZ, sband_6ghz);
3367 		hw->wiphy->bands[NL80211_BAND_6GHZ] = sband_6ghz;
3368 	}
3369 
3370 	return 0;
3371 
3372 err:
3373 	hw->wiphy->bands[NL80211_BAND_2GHZ] = NULL;
3374 	hw->wiphy->bands[NL80211_BAND_5GHZ] = NULL;
3375 	hw->wiphy->bands[NL80211_BAND_6GHZ] = NULL;
3376 	if (sband_2ghz)
3377 		kfree(sband_2ghz->iftype_data);
3378 	if (sband_5ghz)
3379 		kfree(sband_5ghz->iftype_data);
3380 	if (sband_6ghz)
3381 		kfree(sband_6ghz->iftype_data);
3382 	kfree(sband_2ghz);
3383 	kfree(sband_5ghz);
3384 	kfree(sband_6ghz);
3385 	return -ENOMEM;
3386 }
3387 
3388 static void rtw89_core_clr_supported_band(struct rtw89_dev *rtwdev)
3389 {
3390 	struct ieee80211_hw *hw = rtwdev->hw;
3391 
3392 	if (hw->wiphy->bands[NL80211_BAND_2GHZ])
3393 		kfree(hw->wiphy->bands[NL80211_BAND_2GHZ]->iftype_data);
3394 	if (hw->wiphy->bands[NL80211_BAND_5GHZ])
3395 		kfree(hw->wiphy->bands[NL80211_BAND_5GHZ]->iftype_data);
3396 	if (hw->wiphy->bands[NL80211_BAND_6GHZ])
3397 		kfree(hw->wiphy->bands[NL80211_BAND_6GHZ]->iftype_data);
3398 	kfree(hw->wiphy->bands[NL80211_BAND_2GHZ]);
3399 	kfree(hw->wiphy->bands[NL80211_BAND_5GHZ]);
3400 	kfree(hw->wiphy->bands[NL80211_BAND_6GHZ]);
3401 	hw->wiphy->bands[NL80211_BAND_2GHZ] = NULL;
3402 	hw->wiphy->bands[NL80211_BAND_5GHZ] = NULL;
3403 	hw->wiphy->bands[NL80211_BAND_6GHZ] = NULL;
3404 }
3405 
3406 static void rtw89_core_ppdu_sts_init(struct rtw89_dev *rtwdev)
3407 {
3408 	int i;
3409 
3410 	for (i = 0; i < RTW89_PHY_MAX; i++)
3411 		skb_queue_head_init(&rtwdev->ppdu_sts.rx_queue[i]);
3412 	for (i = 0; i < RTW89_PHY_MAX; i++)
3413 		rtwdev->ppdu_sts.curr_rx_ppdu_cnt[i] = U8_MAX;
3414 }
3415 
3416 void rtw89_core_update_beacon_work(struct work_struct *work)
3417 {
3418 	struct rtw89_dev *rtwdev;
3419 	struct rtw89_vif *rtwvif = container_of(work, struct rtw89_vif,
3420 						update_beacon_work);
3421 
3422 	if (rtwvif->net_type != RTW89_NET_TYPE_AP_MODE)
3423 		return;
3424 
3425 	rtwdev = rtwvif->rtwdev;
3426 	mutex_lock(&rtwdev->mutex);
3427 	rtw89_fw_h2c_update_beacon(rtwdev, rtwvif);
3428 	mutex_unlock(&rtwdev->mutex);
3429 }
3430 
3431 int rtw89_wait_for_cond(struct rtw89_wait_info *wait, unsigned int cond)
3432 {
3433 	struct completion *cmpl = &wait->completion;
3434 	unsigned long timeout;
3435 	unsigned int cur;
3436 
3437 	cur = atomic_cmpxchg(&wait->cond, RTW89_WAIT_COND_IDLE, cond);
3438 	if (cur != RTW89_WAIT_COND_IDLE)
3439 		return -EBUSY;
3440 
3441 	timeout = wait_for_completion_timeout(cmpl, RTW89_WAIT_FOR_COND_TIMEOUT);
3442 	if (timeout == 0) {
3443 		atomic_set(&wait->cond, RTW89_WAIT_COND_IDLE);
3444 		return -ETIMEDOUT;
3445 	}
3446 
3447 	if (wait->data.err)
3448 		return -EFAULT;
3449 
3450 	return 0;
3451 }
3452 
3453 void rtw89_complete_cond(struct rtw89_wait_info *wait, unsigned int cond,
3454 			 const struct rtw89_completion_data *data)
3455 {
3456 	unsigned int cur;
3457 
3458 	cur = atomic_cmpxchg(&wait->cond, cond, RTW89_WAIT_COND_IDLE);
3459 	if (cur != cond)
3460 		return;
3461 
3462 	wait->data = *data;
3463 	complete(&wait->completion);
3464 }
3465 
3466 int rtw89_core_start(struct rtw89_dev *rtwdev)
3467 {
3468 	int ret;
3469 
3470 	rtwdev->mac.qta_mode = RTW89_QTA_SCC;
3471 	ret = rtw89_mac_init(rtwdev);
3472 	if (ret) {
3473 		rtw89_err(rtwdev, "mac init fail, ret:%d\n", ret);
3474 		return ret;
3475 	}
3476 
3477 	rtw89_btc_ntfy_poweron(rtwdev);
3478 
3479 	/* efuse process */
3480 
3481 	/* pre-config BB/RF, BB reset/RFC reset */
3482 	ret = rtw89_chip_disable_bb_rf(rtwdev);
3483 	if (ret)
3484 		return ret;
3485 	ret = rtw89_chip_enable_bb_rf(rtwdev);
3486 	if (ret)
3487 		return ret;
3488 
3489 	rtw89_phy_init_bb_reg(rtwdev);
3490 	rtw89_phy_init_rf_reg(rtwdev, false);
3491 
3492 	rtw89_btc_ntfy_init(rtwdev, BTC_MODE_NORMAL);
3493 
3494 	rtw89_phy_dm_init(rtwdev);
3495 
3496 	rtw89_mac_cfg_ppdu_status(rtwdev, RTW89_MAC_0, true);
3497 	rtw89_mac_update_rts_threshold(rtwdev, RTW89_MAC_0);
3498 
3499 	ret = rtw89_hci_start(rtwdev);
3500 	if (ret) {
3501 		rtw89_err(rtwdev, "failed to start hci\n");
3502 		return ret;
3503 	}
3504 
3505 	ieee80211_queue_delayed_work(rtwdev->hw, &rtwdev->track_work,
3506 				     RTW89_TRACK_WORK_PERIOD);
3507 
3508 	set_bit(RTW89_FLAG_RUNNING, rtwdev->flags);
3509 
3510 	rtw89_btc_ntfy_radio_state(rtwdev, BTC_RFCTRL_WL_ON);
3511 	rtw89_fw_h2c_fw_log(rtwdev, rtwdev->fw.log.enable);
3512 	rtw89_fw_h2c_init_ba_cam(rtwdev);
3513 
3514 	return 0;
3515 }
3516 
3517 void rtw89_core_stop(struct rtw89_dev *rtwdev)
3518 {
3519 	struct rtw89_btc *btc = &rtwdev->btc;
3520 
3521 	/* Prvent to stop twice; enter_ips and ops_stop */
3522 	if (!test_bit(RTW89_FLAG_RUNNING, rtwdev->flags))
3523 		return;
3524 
3525 	rtw89_btc_ntfy_radio_state(rtwdev, BTC_RFCTRL_WL_OFF);
3526 
3527 	clear_bit(RTW89_FLAG_RUNNING, rtwdev->flags);
3528 
3529 	mutex_unlock(&rtwdev->mutex);
3530 
3531 	cancel_work_sync(&rtwdev->c2h_work);
3532 	cancel_work_sync(&rtwdev->cancel_6ghz_probe_work);
3533 	cancel_work_sync(&btc->eapol_notify_work);
3534 	cancel_work_sync(&btc->arp_notify_work);
3535 	cancel_work_sync(&btc->dhcp_notify_work);
3536 	cancel_work_sync(&btc->icmp_notify_work);
3537 	cancel_delayed_work_sync(&rtwdev->txq_reinvoke_work);
3538 	cancel_delayed_work_sync(&rtwdev->track_work);
3539 	cancel_delayed_work_sync(&rtwdev->coex_act1_work);
3540 	cancel_delayed_work_sync(&rtwdev->coex_bt_devinfo_work);
3541 	cancel_delayed_work_sync(&rtwdev->coex_rfk_chk_work);
3542 	cancel_delayed_work_sync(&rtwdev->cfo_track_work);
3543 	cancel_delayed_work_sync(&rtwdev->forbid_ba_work);
3544 	cancel_delayed_work_sync(&rtwdev->antdiv_work);
3545 
3546 	mutex_lock(&rtwdev->mutex);
3547 
3548 	rtw89_btc_ntfy_poweroff(rtwdev);
3549 	rtw89_hci_flush_queues(rtwdev, BIT(rtwdev->hw->queues) - 1, true);
3550 	rtw89_mac_flush_txq(rtwdev, BIT(rtwdev->hw->queues) - 1, true);
3551 	rtw89_hci_stop(rtwdev);
3552 	rtw89_hci_deinit(rtwdev);
3553 	rtw89_mac_pwr_off(rtwdev);
3554 	rtw89_hci_reset(rtwdev);
3555 }
3556 
3557 int rtw89_core_init(struct rtw89_dev *rtwdev)
3558 {
3559 	struct rtw89_btc *btc = &rtwdev->btc;
3560 	u8 band;
3561 
3562 	INIT_LIST_HEAD(&rtwdev->ba_list);
3563 	INIT_LIST_HEAD(&rtwdev->forbid_ba_list);
3564 	INIT_LIST_HEAD(&rtwdev->rtwvifs_list);
3565 	INIT_LIST_HEAD(&rtwdev->early_h2c_list);
3566 	for (band = NL80211_BAND_2GHZ; band < NUM_NL80211_BANDS; band++) {
3567 		if (!(rtwdev->chip->support_bands & BIT(band)))
3568 			continue;
3569 		INIT_LIST_HEAD(&rtwdev->scan_info.pkt_list[band]);
3570 	}
3571 	INIT_WORK(&rtwdev->ba_work, rtw89_core_ba_work);
3572 	INIT_WORK(&rtwdev->txq_work, rtw89_core_txq_work);
3573 	INIT_DELAYED_WORK(&rtwdev->txq_reinvoke_work, rtw89_core_txq_reinvoke_work);
3574 	INIT_DELAYED_WORK(&rtwdev->track_work, rtw89_track_work);
3575 	INIT_DELAYED_WORK(&rtwdev->coex_act1_work, rtw89_coex_act1_work);
3576 	INIT_DELAYED_WORK(&rtwdev->coex_bt_devinfo_work, rtw89_coex_bt_devinfo_work);
3577 	INIT_DELAYED_WORK(&rtwdev->coex_rfk_chk_work, rtw89_coex_rfk_chk_work);
3578 	INIT_DELAYED_WORK(&rtwdev->cfo_track_work, rtw89_phy_cfo_track_work);
3579 	INIT_DELAYED_WORK(&rtwdev->forbid_ba_work, rtw89_forbid_ba_work);
3580 	INIT_DELAYED_WORK(&rtwdev->antdiv_work, rtw89_phy_antdiv_work);
3581 	rtwdev->txq_wq = alloc_workqueue("rtw89_tx_wq", WQ_UNBOUND | WQ_HIGHPRI, 0);
3582 	if (!rtwdev->txq_wq)
3583 		return -ENOMEM;
3584 	spin_lock_init(&rtwdev->ba_lock);
3585 	spin_lock_init(&rtwdev->rpwm_lock);
3586 	mutex_init(&rtwdev->mutex);
3587 	mutex_init(&rtwdev->rf_mutex);
3588 	rtwdev->total_sta_assoc = 0;
3589 
3590 	rtw89_init_wait(&rtwdev->mcc.wait);
3591 	rtw89_init_wait(&rtwdev->mac.fw_ofld_wait);
3592 
3593 	INIT_WORK(&rtwdev->c2h_work, rtw89_fw_c2h_work);
3594 	INIT_WORK(&rtwdev->ips_work, rtw89_ips_work);
3595 	INIT_WORK(&rtwdev->load_firmware_work, rtw89_load_firmware_work);
3596 	INIT_WORK(&rtwdev->cancel_6ghz_probe_work, rtw89_cancel_6ghz_probe_work);
3597 
3598 	skb_queue_head_init(&rtwdev->c2h_queue);
3599 	rtw89_core_ppdu_sts_init(rtwdev);
3600 	rtw89_traffic_stats_init(rtwdev, &rtwdev->stats);
3601 
3602 	rtwdev->hal.rx_fltr = DEFAULT_AX_RX_FLTR;
3603 
3604 	INIT_WORK(&btc->eapol_notify_work, rtw89_btc_ntfy_eapol_packet_work);
3605 	INIT_WORK(&btc->arp_notify_work, rtw89_btc_ntfy_arp_packet_work);
3606 	INIT_WORK(&btc->dhcp_notify_work, rtw89_btc_ntfy_dhcp_packet_work);
3607 	INIT_WORK(&btc->icmp_notify_work, rtw89_btc_ntfy_icmp_packet_work);
3608 
3609 	init_completion(&rtwdev->fw.req.completion);
3610 
3611 	schedule_work(&rtwdev->load_firmware_work);
3612 
3613 	rtw89_ser_init(rtwdev);
3614 	rtw89_entity_init(rtwdev);
3615 
3616 	return 0;
3617 }
3618 EXPORT_SYMBOL(rtw89_core_init);
3619 
3620 void rtw89_core_deinit(struct rtw89_dev *rtwdev)
3621 {
3622 	rtw89_ser_deinit(rtwdev);
3623 	rtw89_unload_firmware(rtwdev);
3624 	rtw89_fw_free_all_early_h2c(rtwdev);
3625 
3626 	destroy_workqueue(rtwdev->txq_wq);
3627 	mutex_destroy(&rtwdev->rf_mutex);
3628 	mutex_destroy(&rtwdev->mutex);
3629 }
3630 EXPORT_SYMBOL(rtw89_core_deinit);
3631 
3632 void rtw89_core_scan_start(struct rtw89_dev *rtwdev, struct rtw89_vif *rtwvif,
3633 			   const u8 *mac_addr, bool hw_scan)
3634 {
3635 	const struct rtw89_chan *chan = rtw89_chan_get(rtwdev, RTW89_SUB_ENTITY_0);
3636 
3637 	rtwdev->scanning = true;
3638 	rtw89_leave_lps(rtwdev);
3639 	if (hw_scan)
3640 		rtw89_leave_ips_by_hwflags(rtwdev);
3641 
3642 	ether_addr_copy(rtwvif->mac_addr, mac_addr);
3643 	rtw89_btc_ntfy_scan_start(rtwdev, RTW89_PHY_0, chan->band_type);
3644 	rtw89_chip_rfk_scan(rtwdev, true);
3645 	rtw89_hci_recalc_int_mit(rtwdev);
3646 	rtw89_phy_config_edcca(rtwdev, true);
3647 
3648 	rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, mac_addr);
3649 }
3650 
3651 void rtw89_core_scan_complete(struct rtw89_dev *rtwdev,
3652 			      struct ieee80211_vif *vif, bool hw_scan)
3653 {
3654 	struct rtw89_vif *rtwvif = vif ? (struct rtw89_vif *)vif->drv_priv : NULL;
3655 
3656 	if (!rtwvif)
3657 		return;
3658 
3659 	ether_addr_copy(rtwvif->mac_addr, vif->addr);
3660 	rtw89_fw_h2c_cam(rtwdev, rtwvif, NULL, NULL);
3661 
3662 	rtw89_chip_rfk_scan(rtwdev, false);
3663 	rtw89_btc_ntfy_scan_finish(rtwdev, RTW89_PHY_0);
3664 	rtw89_phy_config_edcca(rtwdev, false);
3665 
3666 	rtwdev->scanning = false;
3667 	rtwdev->dig.bypass_dig = true;
3668 	if (hw_scan && (rtwdev->hw->conf.flags & IEEE80211_CONF_IDLE))
3669 		ieee80211_queue_work(rtwdev->hw, &rtwdev->ips_work);
3670 }
3671 
3672 static void rtw89_read_chip_ver(struct rtw89_dev *rtwdev)
3673 {
3674 	const struct rtw89_chip_info *chip = rtwdev->chip;
3675 	int ret;
3676 	u8 val;
3677 	u8 cv;
3678 
3679 	cv = rtw89_read32_mask(rtwdev, R_AX_SYS_CFG1, B_AX_CHIP_VER_MASK);
3680 	if (chip->chip_id == RTL8852A && cv <= CHIP_CBV) {
3681 		if (rtw89_read32(rtwdev, R_AX_GPIO0_7_FUNC_SEL) == RTW89_R32_DEAD)
3682 			cv = CHIP_CAV;
3683 		else
3684 			cv = CHIP_CBV;
3685 	}
3686 
3687 	rtwdev->hal.cv = cv;
3688 
3689 	if (chip->chip_id == RTL8852B || chip->chip_id == RTL8851B) {
3690 		ret = rtw89_mac_read_xtal_si(rtwdev, XTAL_SI_CV, &val);
3691 		if (ret)
3692 			return;
3693 
3694 		rtwdev->hal.acv = u8_get_bits(val, XTAL_SI_ACV_MASK);
3695 	}
3696 }
3697 
3698 static void rtw89_core_setup_phycap(struct rtw89_dev *rtwdev)
3699 {
3700 	rtwdev->hal.support_cckpd =
3701 		!(rtwdev->chip->chip_id == RTL8852A && rtwdev->hal.cv <= CHIP_CBV) &&
3702 		!(rtwdev->chip->chip_id == RTL8852B && rtwdev->hal.cv <= CHIP_CAV);
3703 	rtwdev->hal.support_igi =
3704 		rtwdev->chip->chip_id == RTL8852A && rtwdev->hal.cv <= CHIP_CBV;
3705 }
3706 
3707 static void rtw89_core_setup_rfe_parms(struct rtw89_dev *rtwdev)
3708 {
3709 	const struct rtw89_chip_info *chip = rtwdev->chip;
3710 	const struct rtw89_rfe_parms_conf *conf = chip->rfe_parms_conf;
3711 	struct rtw89_efuse *efuse = &rtwdev->efuse;
3712 	u8 rfe_type = efuse->rfe_type;
3713 
3714 	if (!conf)
3715 		goto out;
3716 
3717 	while (conf->rfe_parms) {
3718 		if (rfe_type == conf->rfe_type) {
3719 			rtwdev->rfe_parms = conf->rfe_parms;
3720 			return;
3721 		}
3722 		conf++;
3723 	}
3724 
3725 out:
3726 	rtwdev->rfe_parms = chip->dflt_parms;
3727 }
3728 
3729 static int rtw89_chip_efuse_info_setup(struct rtw89_dev *rtwdev)
3730 {
3731 	int ret;
3732 
3733 	ret = rtw89_mac_partial_init(rtwdev);
3734 	if (ret)
3735 		return ret;
3736 
3737 	ret = rtw89_parse_efuse_map(rtwdev);
3738 	if (ret)
3739 		return ret;
3740 
3741 	ret = rtw89_parse_phycap_map(rtwdev);
3742 	if (ret)
3743 		return ret;
3744 
3745 	ret = rtw89_mac_setup_phycap(rtwdev);
3746 	if (ret)
3747 		return ret;
3748 
3749 	rtw89_core_setup_phycap(rtwdev);
3750 	rtw89_core_setup_rfe_parms(rtwdev);
3751 
3752 	rtw89_mac_pwr_off(rtwdev);
3753 
3754 	return 0;
3755 }
3756 
3757 static int rtw89_chip_board_info_setup(struct rtw89_dev *rtwdev)
3758 {
3759 	rtw89_chip_fem_setup(rtwdev);
3760 
3761 	return 0;
3762 }
3763 
3764 int rtw89_chip_info_setup(struct rtw89_dev *rtwdev)
3765 {
3766 	int ret;
3767 
3768 	rtw89_read_chip_ver(rtwdev);
3769 
3770 	ret = rtw89_wait_firmware_completion(rtwdev);
3771 	if (ret) {
3772 		rtw89_err(rtwdev, "failed to wait firmware completion\n");
3773 		return ret;
3774 	}
3775 
3776 	ret = rtw89_fw_recognize(rtwdev);
3777 	if (ret) {
3778 		rtw89_err(rtwdev, "failed to recognize firmware\n");
3779 		return ret;
3780 	}
3781 
3782 	ret = rtw89_fw_recognize_elements(rtwdev);
3783 	if (ret) {
3784 		rtw89_err(rtwdev, "failed to recognize firmware elements\n");
3785 		return ret;
3786 	}
3787 
3788 	ret = rtw89_chip_efuse_info_setup(rtwdev);
3789 	if (ret)
3790 		return ret;
3791 
3792 	ret = rtw89_chip_board_info_setup(rtwdev);
3793 	if (ret)
3794 		return ret;
3795 
3796 	rtwdev->ps_mode = rtw89_update_ps_mode(rtwdev);
3797 
3798 	return 0;
3799 }
3800 EXPORT_SYMBOL(rtw89_chip_info_setup);
3801 
3802 static int rtw89_core_register_hw(struct rtw89_dev *rtwdev)
3803 {
3804 	struct ieee80211_hw *hw = rtwdev->hw;
3805 	struct rtw89_efuse *efuse = &rtwdev->efuse;
3806 	struct rtw89_hal *hal = &rtwdev->hal;
3807 	int ret;
3808 	int tx_headroom = IEEE80211_HT_CTL_LEN;
3809 
3810 	hw->vif_data_size = sizeof(struct rtw89_vif);
3811 	hw->sta_data_size = sizeof(struct rtw89_sta);
3812 	hw->txq_data_size = sizeof(struct rtw89_txq);
3813 	hw->chanctx_data_size = sizeof(struct rtw89_chanctx_cfg);
3814 
3815 	SET_IEEE80211_PERM_ADDR(hw, efuse->addr);
3816 
3817 	hw->extra_tx_headroom = tx_headroom;
3818 	hw->queues = IEEE80211_NUM_ACS;
3819 	hw->max_rx_aggregation_subframes = RTW89_MAX_RX_AGG_NUM;
3820 	hw->max_tx_aggregation_subframes = RTW89_MAX_TX_AGG_NUM;
3821 	hw->uapsd_max_sp_len = IEEE80211_WMM_IE_STA_QOSINFO_SP_ALL;
3822 
3823 	ieee80211_hw_set(hw, SIGNAL_DBM);
3824 	ieee80211_hw_set(hw, HAS_RATE_CONTROL);
3825 	ieee80211_hw_set(hw, MFP_CAPABLE);
3826 	ieee80211_hw_set(hw, REPORTS_TX_ACK_STATUS);
3827 	ieee80211_hw_set(hw, AMPDU_AGGREGATION);
3828 	ieee80211_hw_set(hw, RX_INCLUDES_FCS);
3829 	ieee80211_hw_set(hw, TX_AMSDU);
3830 	ieee80211_hw_set(hw, SUPPORT_FAST_XMIT);
3831 	ieee80211_hw_set(hw, SUPPORTS_AMSDU_IN_AMPDU);
3832 	ieee80211_hw_set(hw, SUPPORTS_PS);
3833 	ieee80211_hw_set(hw, SUPPORTS_DYNAMIC_PS);
3834 	ieee80211_hw_set(hw, SINGLE_SCAN_ON_ALL_BANDS);
3835 	ieee80211_hw_set(hw, SUPPORTS_MULTI_BSSID);
3836 	ieee80211_hw_set(hw, WANT_MONITOR_VIF);
3837 	if (RTW89_CHK_FW_FEATURE(BEACON_FILTER, &rtwdev->fw))
3838 		ieee80211_hw_set(hw, CONNECTION_MONITOR);
3839 
3840 	hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
3841 				     BIT(NL80211_IFTYPE_AP) |
3842 				     BIT(NL80211_IFTYPE_P2P_CLIENT) |
3843 				     BIT(NL80211_IFTYPE_P2P_GO);
3844 
3845 	if (hal->ant_diversity) {
3846 		hw->wiphy->available_antennas_tx = 0x3;
3847 		hw->wiphy->available_antennas_rx = 0x3;
3848 	} else {
3849 		hw->wiphy->available_antennas_tx = BIT(rtwdev->chip->rf_path_num) - 1;
3850 		hw->wiphy->available_antennas_rx = BIT(rtwdev->chip->rf_path_num) - 1;
3851 	}
3852 
3853 	hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS |
3854 			    WIPHY_FLAG_TDLS_EXTERNAL_SETUP |
3855 			    WIPHY_FLAG_AP_UAPSD | WIPHY_FLAG_SPLIT_SCAN_6GHZ;
3856 	hw->wiphy->features |= NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
3857 
3858 	hw->wiphy->max_scan_ssids = RTW89_SCANOFLD_MAX_SSID;
3859 	hw->wiphy->max_scan_ie_len = RTW89_SCANOFLD_MAX_IE_LEN;
3860 
3861 #ifdef CONFIG_PM
3862 	hw->wiphy->wowlan = rtwdev->chip->wowlan_stub;
3863 #endif
3864 
3865 	hw->wiphy->tid_config_support.vif |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
3866 	hw->wiphy->tid_config_support.peer |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
3867 	hw->wiphy->tid_config_support.vif |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
3868 	hw->wiphy->tid_config_support.peer |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
3869 	hw->wiphy->max_remain_on_channel_duration = 1000;
3870 
3871 	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_CAN_REPLACE_PTK0);
3872 
3873 	ret = rtw89_core_set_supported_band(rtwdev);
3874 	if (ret) {
3875 		rtw89_err(rtwdev, "failed to set supported band\n");
3876 		return ret;
3877 	}
3878 
3879 	ret = rtw89_regd_setup(rtwdev);
3880 	if (ret) {
3881 		rtw89_err(rtwdev, "failed to set up regd\n");
3882 		goto err_free_supported_band;
3883 	}
3884 
3885 	hw->wiphy->sar_capa = &rtw89_sar_capa;
3886 
3887 	ret = ieee80211_register_hw(hw);
3888 	if (ret) {
3889 		rtw89_err(rtwdev, "failed to register hw\n");
3890 		goto err_free_supported_band;
3891 	}
3892 
3893 	ret = rtw89_regd_init(rtwdev, rtw89_regd_notifier);
3894 	if (ret) {
3895 		rtw89_err(rtwdev, "failed to init regd\n");
3896 		goto err_unregister_hw;
3897 	}
3898 
3899 	return 0;
3900 
3901 err_unregister_hw:
3902 	ieee80211_unregister_hw(hw);
3903 err_free_supported_band:
3904 	rtw89_core_clr_supported_band(rtwdev);
3905 
3906 	return ret;
3907 }
3908 
3909 static void rtw89_core_unregister_hw(struct rtw89_dev *rtwdev)
3910 {
3911 	struct ieee80211_hw *hw = rtwdev->hw;
3912 
3913 	ieee80211_unregister_hw(hw);
3914 	rtw89_core_clr_supported_band(rtwdev);
3915 }
3916 
3917 int rtw89_core_register(struct rtw89_dev *rtwdev)
3918 {
3919 	int ret;
3920 
3921 	ret = rtw89_core_register_hw(rtwdev);
3922 	if (ret) {
3923 		rtw89_err(rtwdev, "failed to register core hw\n");
3924 		return ret;
3925 	}
3926 
3927 	rtw89_debugfs_init(rtwdev);
3928 
3929 	return 0;
3930 }
3931 EXPORT_SYMBOL(rtw89_core_register);
3932 
3933 void rtw89_core_unregister(struct rtw89_dev *rtwdev)
3934 {
3935 	rtw89_core_unregister_hw(rtwdev);
3936 }
3937 EXPORT_SYMBOL(rtw89_core_unregister);
3938 
3939 struct rtw89_dev *rtw89_alloc_ieee80211_hw(struct device *device,
3940 					   u32 bus_data_size,
3941 					   const struct rtw89_chip_info *chip)
3942 {
3943 	struct rtw89_fw_info early_fw = {};
3944 	const struct firmware *firmware;
3945 	struct ieee80211_hw *hw;
3946 	struct rtw89_dev *rtwdev;
3947 	struct ieee80211_ops *ops;
3948 	u32 driver_data_size;
3949 	int fw_format = -1;
3950 	bool no_chanctx;
3951 
3952 	firmware = rtw89_early_fw_feature_recognize(device, chip, &early_fw, &fw_format);
3953 
3954 	ops = kmemdup(&rtw89_ops, sizeof(rtw89_ops), GFP_KERNEL);
3955 	if (!ops)
3956 		goto err;
3957 
3958 	no_chanctx = chip->support_chanctx_num == 0 ||
3959 		     !RTW89_CHK_FW_FEATURE(SCAN_OFFLOAD, &early_fw) ||
3960 		     !RTW89_CHK_FW_FEATURE(BEACON_FILTER, &early_fw);
3961 
3962 	if (no_chanctx) {
3963 		ops->add_chanctx = NULL;
3964 		ops->remove_chanctx = NULL;
3965 		ops->change_chanctx = NULL;
3966 		ops->assign_vif_chanctx = NULL;
3967 		ops->unassign_vif_chanctx = NULL;
3968 		ops->remain_on_channel = NULL;
3969 		ops->cancel_remain_on_channel = NULL;
3970 	}
3971 
3972 	driver_data_size = sizeof(struct rtw89_dev) + bus_data_size;
3973 	hw = ieee80211_alloc_hw(driver_data_size, ops);
3974 	if (!hw)
3975 		goto err;
3976 
3977 	hw->wiphy->iface_combinations = rtw89_iface_combs;
3978 	hw->wiphy->n_iface_combinations = ARRAY_SIZE(rtw89_iface_combs);
3979 
3980 	rtwdev = hw->priv;
3981 	rtwdev->hw = hw;
3982 	rtwdev->dev = device;
3983 	rtwdev->ops = ops;
3984 	rtwdev->chip = chip;
3985 	rtwdev->fw.req.firmware = firmware;
3986 	rtwdev->fw.fw_format = fw_format;
3987 
3988 	rtw89_debug(rtwdev, RTW89_DBG_FW, "probe driver %s chanctx\n",
3989 		    no_chanctx ? "without" : "with");
3990 
3991 	return rtwdev;
3992 
3993 err:
3994 	kfree(ops);
3995 	release_firmware(firmware);
3996 	return NULL;
3997 }
3998 EXPORT_SYMBOL(rtw89_alloc_ieee80211_hw);
3999 
4000 void rtw89_free_ieee80211_hw(struct rtw89_dev *rtwdev)
4001 {
4002 	kfree(rtwdev->ops);
4003 	release_firmware(rtwdev->fw.req.firmware);
4004 	ieee80211_free_hw(rtwdev->hw);
4005 }
4006 EXPORT_SYMBOL(rtw89_free_ieee80211_hw);
4007 
4008 MODULE_AUTHOR("Realtek Corporation");
4009 MODULE_DESCRIPTION("Realtek 802.11ax wireless core module");
4010 MODULE_LICENSE("Dual BSD/GPL");
4011