1 /**
2  * Copyright (c) 2014 Redpine Signals Inc.
3  *
4  * Permission to use, copy, modify, and/or distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <linux/etherdevice.h>
18 #include "rsi_mgmt.h"
19 #include "rsi_common.h"
20 #include "rsi_ps.h"
21 #include "rsi_hal.h"
22 
23 static struct bootup_params boot_params_20 = {
24 	.magic_number = cpu_to_le16(0x5aa5),
25 	.crystal_good_time = 0x0,
26 	.valid = cpu_to_le32(VALID_20),
27 	.reserved_for_valids = 0x0,
28 	.bootup_mode_info = 0x0,
29 	.digital_loop_back_params = 0x0,
30 	.rtls_timestamp_en = 0x0,
31 	.host_spi_intr_cfg = 0x0,
32 	.device_clk_info = {{
33 		.pll_config_g = {
34 			.tapll_info_g = {
35 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_20 << 8)|
36 					      (TA_PLL_M_VAL_20)),
37 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_20),
38 			},
39 			.pll960_info_g = {
40 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_20 << 8)|
41 							 (PLL960_N_VAL_20)),
42 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_20),
43 				.pll_reg_3 = 0x0,
44 			},
45 			.afepll_info_g = {
46 				.pll_reg = cpu_to_le16(0x9f0),
47 			}
48 		},
49 		.switch_clk_g = {
50 			.switch_clk_info = cpu_to_le16(0xb),
51 			.bbp_lmac_clk_reg_val = cpu_to_le16(0x111),
52 			.umac_clock_reg_config = cpu_to_le16(0x48),
53 			.qspi_uart_clock_reg_config = cpu_to_le16(0x1211)
54 		}
55 	},
56 	{
57 		.pll_config_g = {
58 			.tapll_info_g = {
59 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_20 << 8)|
60 							 (TA_PLL_M_VAL_20)),
61 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_20),
62 			},
63 			.pll960_info_g = {
64 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_20 << 8)|
65 							 (PLL960_N_VAL_20)),
66 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_20),
67 				.pll_reg_3 = 0x0,
68 			},
69 			.afepll_info_g = {
70 				.pll_reg = cpu_to_le16(0x9f0),
71 			}
72 		},
73 		.switch_clk_g = {
74 			.switch_clk_info = 0x0,
75 			.bbp_lmac_clk_reg_val = 0x0,
76 			.umac_clock_reg_config = 0x0,
77 			.qspi_uart_clock_reg_config = 0x0
78 		}
79 	},
80 	{
81 		.pll_config_g = {
82 			.tapll_info_g = {
83 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_20 << 8)|
84 							 (TA_PLL_M_VAL_20)),
85 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_20),
86 			},
87 			.pll960_info_g = {
88 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_20 << 8)|
89 							 (PLL960_N_VAL_20)),
90 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_20),
91 				.pll_reg_3 = 0x0,
92 			},
93 			.afepll_info_g = {
94 				.pll_reg = cpu_to_le16(0x9f0),
95 			}
96 		},
97 		.switch_clk_g = {
98 			.switch_clk_info = 0x0,
99 			.bbp_lmac_clk_reg_val = 0x0,
100 			.umac_clock_reg_config = 0x0,
101 			.qspi_uart_clock_reg_config = 0x0
102 		}
103 	} },
104 	.buckboost_wakeup_cnt = 0x0,
105 	.pmu_wakeup_wait = 0x0,
106 	.shutdown_wait_time = 0x0,
107 	.pmu_slp_clkout_sel = 0x0,
108 	.wdt_prog_value = 0x0,
109 	.wdt_soc_rst_delay = 0x0,
110 	.dcdc_operation_mode = 0x0,
111 	.soc_reset_wait_cnt = 0x0,
112 	.waiting_time_at_fresh_sleep = 0x0,
113 	.max_threshold_to_avoid_sleep = 0x0,
114 	.beacon_resedue_alg_en = 0,
115 };
116 
117 static struct bootup_params boot_params_40 = {
118 	.magic_number = cpu_to_le16(0x5aa5),
119 	.crystal_good_time = 0x0,
120 	.valid = cpu_to_le32(VALID_40),
121 	.reserved_for_valids = 0x0,
122 	.bootup_mode_info = 0x0,
123 	.digital_loop_back_params = 0x0,
124 	.rtls_timestamp_en = 0x0,
125 	.host_spi_intr_cfg = 0x0,
126 	.device_clk_info = {{
127 		.pll_config_g = {
128 			.tapll_info_g = {
129 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_40 << 8)|
130 							 (TA_PLL_M_VAL_40)),
131 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_40),
132 			},
133 			.pll960_info_g = {
134 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_40 << 8)|
135 							 (PLL960_N_VAL_40)),
136 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_40),
137 				.pll_reg_3 = 0x0,
138 			},
139 			.afepll_info_g = {
140 				.pll_reg = cpu_to_le16(0x9f0),
141 			}
142 		},
143 		.switch_clk_g = {
144 			.switch_clk_info = cpu_to_le16(0x09),
145 			.bbp_lmac_clk_reg_val = cpu_to_le16(0x1121),
146 			.umac_clock_reg_config = cpu_to_le16(0x48),
147 			.qspi_uart_clock_reg_config = cpu_to_le16(0x1211)
148 		}
149 	},
150 	{
151 		.pll_config_g = {
152 			.tapll_info_g = {
153 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_40 << 8)|
154 							 (TA_PLL_M_VAL_40)),
155 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_40),
156 			},
157 			.pll960_info_g = {
158 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_40 << 8)|
159 							 (PLL960_N_VAL_40)),
160 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_40),
161 				.pll_reg_3 = 0x0,
162 			},
163 			.afepll_info_g = {
164 				.pll_reg = cpu_to_le16(0x9f0),
165 			}
166 		},
167 		.switch_clk_g = {
168 			.switch_clk_info = 0x0,
169 			.bbp_lmac_clk_reg_val = 0x0,
170 			.umac_clock_reg_config = 0x0,
171 			.qspi_uart_clock_reg_config = 0x0
172 		}
173 	},
174 	{
175 		.pll_config_g = {
176 			.tapll_info_g = {
177 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_40 << 8)|
178 							 (TA_PLL_M_VAL_40)),
179 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_40),
180 			},
181 			.pll960_info_g = {
182 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_40 << 8)|
183 							 (PLL960_N_VAL_40)),
184 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_40),
185 				.pll_reg_3 = 0x0,
186 			},
187 			.afepll_info_g = {
188 				.pll_reg = cpu_to_le16(0x9f0),
189 			}
190 		},
191 		.switch_clk_g = {
192 			.switch_clk_info = 0x0,
193 			.bbp_lmac_clk_reg_val = 0x0,
194 			.umac_clock_reg_config = 0x0,
195 			.qspi_uart_clock_reg_config = 0x0
196 		}
197 	} },
198 	.buckboost_wakeup_cnt = 0x0,
199 	.pmu_wakeup_wait = 0x0,
200 	.shutdown_wait_time = 0x0,
201 	.pmu_slp_clkout_sel = 0x0,
202 	.wdt_prog_value = 0x0,
203 	.wdt_soc_rst_delay = 0x0,
204 	.dcdc_operation_mode = 0x0,
205 	.soc_reset_wait_cnt = 0x0,
206 	.waiting_time_at_fresh_sleep = 0x0,
207 	.max_threshold_to_avoid_sleep = 0x0,
208 	.beacon_resedue_alg_en = 0,
209 };
210 
211 static u16 mcs[] = {13, 26, 39, 52, 78, 104, 117, 130};
212 
213 /**
214  * rsi_set_default_parameters() - This function sets default parameters.
215  * @common: Pointer to the driver private structure.
216  *
217  * Return: none
218  */
219 static void rsi_set_default_parameters(struct rsi_common *common)
220 {
221 	common->band = NL80211_BAND_2GHZ;
222 	common->channel_width = BW_20MHZ;
223 	common->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
224 	common->channel = 1;
225 	common->min_rate = 0xffff;
226 	common->fsm_state = FSM_CARD_NOT_READY;
227 	common->iface_down = true;
228 	common->endpoint = EP_2GHZ_20MHZ;
229 	common->driver_mode = 1; /* End to end mode */
230 	common->lp_ps_handshake_mode = 0; /* Default no handShake mode*/
231 	common->ulp_ps_handshake_mode = 2; /* Default PKT handShake mode*/
232 	common->rf_power_val = 0; /* Default 1.9V */
233 	common->wlan_rf_power_mode = 0;
234 	common->obm_ant_sel_val = 2;
235 	common->beacon_interval = RSI_BEACON_INTERVAL;
236 	common->dtim_cnt = RSI_DTIM_COUNT;
237 }
238 
239 /**
240  * rsi_set_contention_vals() - This function sets the contention values for the
241  *			       backoff procedure.
242  * @common: Pointer to the driver private structure.
243  *
244  * Return: None.
245  */
246 static void rsi_set_contention_vals(struct rsi_common *common)
247 {
248 	u8 ii = 0;
249 
250 	for (; ii < NUM_EDCA_QUEUES; ii++) {
251 		common->tx_qinfo[ii].wme_params =
252 			(((common->edca_params[ii].cw_min / 2) +
253 			  (common->edca_params[ii].aifs)) *
254 			  WMM_SHORT_SLOT_TIME + SIFS_DURATION);
255 		common->tx_qinfo[ii].weight = common->tx_qinfo[ii].wme_params;
256 		common->tx_qinfo[ii].pkt_contended = 0;
257 	}
258 }
259 
260 /**
261  * rsi_send_internal_mgmt_frame() - This function sends management frames to
262  *				    firmware.Also schedules packet to queue
263  *				    for transmission.
264  * @common: Pointer to the driver private structure.
265  * @skb: Pointer to the socket buffer structure.
266  *
267  * Return: 0 on success, -1 on failure.
268  */
269 static int rsi_send_internal_mgmt_frame(struct rsi_common *common,
270 					struct sk_buff *skb)
271 {
272 	struct skb_info *tx_params;
273 	struct rsi_cmd_desc *desc;
274 
275 	if (skb == NULL) {
276 		rsi_dbg(ERR_ZONE, "%s: Unable to allocate skb\n", __func__);
277 		return -ENOMEM;
278 	}
279 	desc = (struct rsi_cmd_desc *)skb->data;
280 	desc->desc_dword0.len_qno |= cpu_to_le16(DESC_IMMEDIATE_WAKEUP);
281 	skb->priority = MGMT_SOFT_Q;
282 	tx_params = (struct skb_info *)&IEEE80211_SKB_CB(skb)->driver_data;
283 	tx_params->flags |= INTERNAL_MGMT_PKT;
284 	skb_queue_tail(&common->tx_queue[MGMT_SOFT_Q], skb);
285 	rsi_set_event(&common->tx_thread.event);
286 	return 0;
287 }
288 
289 /**
290  * rsi_load_radio_caps() - This function is used to send radio capabilities
291  *			   values to firmware.
292  * @common: Pointer to the driver private structure.
293  *
294  * Return: 0 on success, corresponding negative error code on failure.
295  */
296 static int rsi_load_radio_caps(struct rsi_common *common)
297 {
298 	struct rsi_radio_caps *radio_caps;
299 	struct rsi_hw *adapter = common->priv;
300 	u16 inx = 0;
301 	u8 ii;
302 	u8 radio_id = 0;
303 	u16 gc[20] = {0xf0, 0xf0, 0xf0, 0xf0,
304 		      0xf0, 0xf0, 0xf0, 0xf0,
305 		      0xf0, 0xf0, 0xf0, 0xf0,
306 		      0xf0, 0xf0, 0xf0, 0xf0,
307 		      0xf0, 0xf0, 0xf0, 0xf0};
308 	struct sk_buff *skb;
309 	u16 frame_len = sizeof(struct rsi_radio_caps);
310 
311 	rsi_dbg(INFO_ZONE, "%s: Sending rate symbol req frame\n", __func__);
312 
313 	skb = dev_alloc_skb(frame_len);
314 
315 	if (!skb) {
316 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
317 			__func__);
318 		return -ENOMEM;
319 	}
320 
321 	memset(skb->data, 0, frame_len);
322 	radio_caps = (struct rsi_radio_caps *)skb->data;
323 
324 	radio_caps->desc_dword0.frame_type = RADIO_CAPABILITIES;
325 	radio_caps->channel_num = common->channel;
326 	radio_caps->rf_model = RSI_RF_TYPE;
327 
328 	radio_caps->radio_cfg_info = RSI_LMAC_CLOCK_80MHZ;
329 	if (common->channel_width == BW_40MHZ) {
330 		radio_caps->radio_cfg_info |= RSI_ENABLE_40MHZ;
331 
332 		if (common->fsm_state == FSM_MAC_INIT_DONE) {
333 			struct ieee80211_hw *hw = adapter->hw;
334 			struct ieee80211_conf *conf = &hw->conf;
335 
336 			if (conf_is_ht40_plus(conf)) {
337 				radio_caps->ppe_ack_rate =
338 					cpu_to_le16(LOWER_20_ENABLE |
339 						    (LOWER_20_ENABLE >> 12));
340 			} else if (conf_is_ht40_minus(conf)) {
341 				radio_caps->ppe_ack_rate =
342 					cpu_to_le16(UPPER_20_ENABLE |
343 						    (UPPER_20_ENABLE >> 12));
344 			} else {
345 				radio_caps->ppe_ack_rate =
346 					cpu_to_le16((BW_40MHZ << 12) |
347 						    FULL40M_ENABLE);
348 			}
349 		}
350 	}
351 	radio_caps->radio_info |= radio_id;
352 
353 	radio_caps->sifs_tx_11n = cpu_to_le16(SIFS_TX_11N_VALUE);
354 	radio_caps->sifs_tx_11b = cpu_to_le16(SIFS_TX_11B_VALUE);
355 	radio_caps->slot_rx_11n = cpu_to_le16(SHORT_SLOT_VALUE);
356 	radio_caps->ofdm_ack_tout = cpu_to_le16(OFDM_ACK_TOUT_VALUE);
357 	radio_caps->cck_ack_tout = cpu_to_le16(CCK_ACK_TOUT_VALUE);
358 	radio_caps->preamble_type = cpu_to_le16(LONG_PREAMBLE);
359 
360 	for (ii = 0; ii < MAX_HW_QUEUES; ii++) {
361 		radio_caps->qos_params[ii].cont_win_min_q = cpu_to_le16(3);
362 		radio_caps->qos_params[ii].cont_win_max_q = cpu_to_le16(0x3f);
363 		radio_caps->qos_params[ii].aifsn_val_q = cpu_to_le16(2);
364 		radio_caps->qos_params[ii].txop_q = 0;
365 	}
366 
367 	for (ii = 0; ii < NUM_EDCA_QUEUES; ii++) {
368 		radio_caps->qos_params[ii].cont_win_min_q =
369 			cpu_to_le16(common->edca_params[ii].cw_min);
370 		radio_caps->qos_params[ii].cont_win_max_q =
371 			cpu_to_le16(common->edca_params[ii].cw_max);
372 		radio_caps->qos_params[ii].aifsn_val_q =
373 			cpu_to_le16((common->edca_params[ii].aifs) << 8);
374 		radio_caps->qos_params[ii].txop_q =
375 			cpu_to_le16(common->edca_params[ii].txop);
376 	}
377 
378 	radio_caps->qos_params[BROADCAST_HW_Q].txop_q = cpu_to_le16(0xffff);
379 	radio_caps->qos_params[MGMT_HW_Q].txop_q = 0;
380 	radio_caps->qos_params[BEACON_HW_Q].txop_q = cpu_to_le16(0xffff);
381 
382 	memcpy(&common->rate_pwr[0], &gc[0], 40);
383 	for (ii = 0; ii < 20; ii++)
384 		radio_caps->gcpd_per_rate[inx++] =
385 			cpu_to_le16(common->rate_pwr[ii]  & 0x00FF);
386 
387 	rsi_set_len_qno(&radio_caps->desc_dword0.len_qno,
388 			(frame_len - FRAME_DESC_SZ), RSI_WIFI_MGMT_Q);
389 
390 	skb_put(skb, frame_len);
391 
392 	return rsi_send_internal_mgmt_frame(common, skb);
393 }
394 
395 /**
396  * rsi_mgmt_pkt_to_core() - This function is the entry point for Mgmt module.
397  * @common: Pointer to the driver private structure.
398  * @msg: Pointer to received packet.
399  * @msg_len: Length of the recieved packet.
400  * @type: Type of recieved packet.
401  *
402  * Return: 0 on success, -1 on failure.
403  */
404 static int rsi_mgmt_pkt_to_core(struct rsi_common *common,
405 				u8 *msg,
406 				s32 msg_len)
407 {
408 	struct rsi_hw *adapter = common->priv;
409 	struct ieee80211_tx_info *info;
410 	struct skb_info *rx_params;
411 	u8 pad_bytes = msg[4];
412 	struct sk_buff *skb;
413 
414 	if (!adapter->sc_nvifs)
415 		return -ENOLINK;
416 
417 	msg_len -= pad_bytes;
418 	if (msg_len <= 0) {
419 		rsi_dbg(MGMT_RX_ZONE,
420 			"%s: Invalid rx msg of len = %d\n",
421 			__func__, msg_len);
422 		return -EINVAL;
423 	}
424 
425 	skb = dev_alloc_skb(msg_len);
426 	if (!skb)
427 		return -ENOMEM;
428 
429 	skb_put_data(skb,
430 		     (u8 *)(msg + FRAME_DESC_SZ + pad_bytes),
431 		     msg_len);
432 
433 	info = IEEE80211_SKB_CB(skb);
434 	rx_params = (struct skb_info *)info->driver_data;
435 	rx_params->rssi = rsi_get_rssi(msg);
436 	rx_params->channel = rsi_get_channel(msg);
437 	rsi_indicate_pkt_to_os(common, skb);
438 
439 	return 0;
440 }
441 
442 /**
443  * rsi_hal_send_sta_notify_frame() - This function sends the station notify
444  *				     frame to firmware.
445  * @common: Pointer to the driver private structure.
446  * @opmode: Operating mode of device.
447  * @notify_event: Notification about station connection.
448  * @bssid: bssid.
449  * @qos_enable: Qos is enabled.
450  * @aid: Aid (unique for all STA).
451  *
452  * Return: status: 0 on success, corresponding negative error code on failure.
453  */
454 int rsi_hal_send_sta_notify_frame(struct rsi_common *common, enum opmode opmode,
455 				  u8 notify_event, const unsigned char *bssid,
456 				  u8 qos_enable, u16 aid, u16 sta_id,
457 				  struct ieee80211_vif *vif)
458 {
459 	struct sk_buff *skb = NULL;
460 	struct rsi_peer_notify *peer_notify;
461 	u16 vap_id = ((struct vif_priv *)vif->drv_priv)->vap_id;
462 	int status;
463 	u16 frame_len = sizeof(struct rsi_peer_notify);
464 
465 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending sta notify frame\n", __func__);
466 
467 	skb = dev_alloc_skb(frame_len);
468 
469 	if (!skb) {
470 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
471 			__func__);
472 		return -ENOMEM;
473 	}
474 
475 	memset(skb->data, 0, frame_len);
476 	peer_notify = (struct rsi_peer_notify *)skb->data;
477 
478 	if (opmode == RSI_OPMODE_STA)
479 		peer_notify->command = cpu_to_le16(PEER_TYPE_AP << 1);
480 	else if (opmode == RSI_OPMODE_AP)
481 		peer_notify->command = cpu_to_le16(PEER_TYPE_STA << 1);
482 
483 	switch (notify_event) {
484 	case STA_CONNECTED:
485 		peer_notify->command |= cpu_to_le16(RSI_ADD_PEER);
486 		break;
487 	case STA_DISCONNECTED:
488 		peer_notify->command |= cpu_to_le16(RSI_DELETE_PEER);
489 		break;
490 	default:
491 		break;
492 	}
493 
494 	peer_notify->command |= cpu_to_le16((aid & 0xfff) << 4);
495 	ether_addr_copy(peer_notify->mac_addr, bssid);
496 	peer_notify->mpdu_density = cpu_to_le16(RSI_MPDU_DENSITY);
497 	peer_notify->sta_flags = cpu_to_le32((qos_enable) ? 1 : 0);
498 
499 	rsi_set_len_qno(&peer_notify->desc.desc_dword0.len_qno,
500 			(frame_len - FRAME_DESC_SZ),
501 			RSI_WIFI_MGMT_Q);
502 	peer_notify->desc.desc_dword0.frame_type = PEER_NOTIFY;
503 	peer_notify->desc.desc_dword3.qid_tid = sta_id;
504 	peer_notify->desc.desc_dword3.sta_id = vap_id;
505 
506 	skb_put(skb, frame_len);
507 
508 	status = rsi_send_internal_mgmt_frame(common, skb);
509 
510 	if ((vif->type == NL80211_IFTYPE_STATION) &&
511 	    (!status && qos_enable)) {
512 		rsi_set_contention_vals(common);
513 		status = rsi_load_radio_caps(common);
514 	}
515 	return status;
516 }
517 
518 /**
519  * rsi_send_aggregation_params_frame() - This function sends the ampdu
520  *					 indication frame to firmware.
521  * @common: Pointer to the driver private structure.
522  * @tid: traffic identifier.
523  * @ssn: ssn.
524  * @buf_size: buffer size.
525  * @event: notification about station connection.
526  *
527  * Return: 0 on success, corresponding negative error code on failure.
528  */
529 int rsi_send_aggregation_params_frame(struct rsi_common *common,
530 				      u16 tid,
531 				      u16 ssn,
532 				      u8 buf_size,
533 				      u8 event,
534 				      u8 sta_id)
535 {
536 	struct sk_buff *skb = NULL;
537 	struct rsi_aggr_params *aggr_params;
538 	u16 frame_len = sizeof(struct rsi_aggr_params);
539 
540 	skb = dev_alloc_skb(frame_len);
541 
542 	if (!skb) {
543 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
544 			__func__);
545 		return -ENOMEM;
546 	}
547 
548 	memset(skb->data, 0, frame_len);
549 	aggr_params = (struct rsi_aggr_params *)skb->data;
550 
551 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending AMPDU indication frame\n", __func__);
552 
553 	rsi_set_len_qno(&aggr_params->desc_dword0.len_qno, 0, RSI_WIFI_MGMT_Q);
554 	aggr_params->desc_dword0.frame_type = AMPDU_IND;
555 
556 	aggr_params->aggr_params = tid & RSI_AGGR_PARAMS_TID_MASK;
557 	aggr_params->peer_id = sta_id;
558 	if (event == STA_TX_ADDBA_DONE) {
559 		aggr_params->seq_start = cpu_to_le16(ssn);
560 		aggr_params->baw_size = cpu_to_le16(buf_size);
561 		aggr_params->aggr_params |= RSI_AGGR_PARAMS_START;
562 	} else if (event == STA_RX_ADDBA_DONE) {
563 		aggr_params->seq_start = cpu_to_le16(ssn);
564 		aggr_params->aggr_params |= (RSI_AGGR_PARAMS_START |
565 					     RSI_AGGR_PARAMS_RX_AGGR);
566 	} else if (event == STA_RX_DELBA) {
567 		aggr_params->aggr_params |= RSI_AGGR_PARAMS_RX_AGGR;
568 	}
569 
570 	skb_put(skb, frame_len);
571 
572 	return rsi_send_internal_mgmt_frame(common, skb);
573 }
574 
575 /**
576  * rsi_program_bb_rf() - This function starts base band and RF programming.
577  *			 This is called after initial configurations are done.
578  * @common: Pointer to the driver private structure.
579  *
580  * Return: 0 on success, corresponding negative error code on failure.
581  */
582 static int rsi_program_bb_rf(struct rsi_common *common)
583 {
584 	struct sk_buff *skb;
585 	struct rsi_bb_rf_prog *bb_rf_prog;
586 	u16 frame_len = sizeof(struct rsi_bb_rf_prog);
587 
588 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending program BB/RF frame\n", __func__);
589 
590 	skb = dev_alloc_skb(frame_len);
591 	if (!skb) {
592 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
593 			__func__);
594 		return -ENOMEM;
595 	}
596 
597 	memset(skb->data, 0, frame_len);
598 	bb_rf_prog = (struct rsi_bb_rf_prog *)skb->data;
599 
600 	rsi_set_len_qno(&bb_rf_prog->desc_dword0.len_qno, 0, RSI_WIFI_MGMT_Q);
601 	bb_rf_prog->desc_dword0.frame_type = BBP_PROG_IN_TA;
602 	bb_rf_prog->endpoint = common->endpoint;
603 	bb_rf_prog->rf_power_mode = common->wlan_rf_power_mode;
604 
605 	if (common->rf_reset) {
606 		bb_rf_prog->flags =  cpu_to_le16(RF_RESET_ENABLE);
607 		rsi_dbg(MGMT_TX_ZONE, "%s: ===> RF RESET REQUEST SENT <===\n",
608 			__func__);
609 		common->rf_reset = 0;
610 	}
611 	common->bb_rf_prog_count = 1;
612 	bb_rf_prog->flags |= cpu_to_le16(PUT_BBP_RESET | BBP_REG_WRITE |
613 					 (RSI_RF_TYPE << 4));
614 	skb_put(skb, frame_len);
615 
616 	return rsi_send_internal_mgmt_frame(common, skb);
617 }
618 
619 /**
620  * rsi_set_vap_capabilities() - This function send vap capability to firmware.
621  * @common: Pointer to the driver private structure.
622  * @opmode: Operating mode of device.
623  *
624  * Return: 0 on success, corresponding negative error code on failure.
625  */
626 int rsi_set_vap_capabilities(struct rsi_common *common,
627 			     enum opmode mode,
628 			     u8 *mac_addr,
629 			     u8 vap_id,
630 			     u8 vap_status)
631 {
632 	struct sk_buff *skb = NULL;
633 	struct rsi_vap_caps *vap_caps;
634 	struct rsi_hw *adapter = common->priv;
635 	struct ieee80211_hw *hw = adapter->hw;
636 	struct ieee80211_conf *conf = &hw->conf;
637 	u16 frame_len = sizeof(struct rsi_vap_caps);
638 
639 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending VAP capabilities frame\n", __func__);
640 
641 	skb = dev_alloc_skb(frame_len);
642 	if (!skb) {
643 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
644 			__func__);
645 		return -ENOMEM;
646 	}
647 
648 	memset(skb->data, 0, frame_len);
649 	vap_caps = (struct rsi_vap_caps *)skb->data;
650 
651 	rsi_set_len_qno(&vap_caps->desc_dword0.len_qno,
652 			(frame_len - FRAME_DESC_SZ), RSI_WIFI_MGMT_Q);
653 	vap_caps->desc_dword0.frame_type = VAP_CAPABILITIES;
654 	vap_caps->status = vap_status;
655 	vap_caps->vif_type = mode;
656 	vap_caps->channel_bw = common->channel_width;
657 	vap_caps->vap_id = vap_id;
658 	vap_caps->radioid_macid = ((common->mac_id & 0xf) << 4) |
659 				   (common->radio_id & 0xf);
660 
661 	memcpy(vap_caps->mac_addr, mac_addr, IEEE80211_ADDR_LEN);
662 	vap_caps->keep_alive_period = cpu_to_le16(90);
663 	vap_caps->frag_threshold = cpu_to_le16(IEEE80211_MAX_FRAG_THRESHOLD);
664 
665 	vap_caps->rts_threshold = cpu_to_le16(common->rts_threshold);
666 
667 	if (common->band == NL80211_BAND_5GHZ) {
668 		vap_caps->default_ctrl_rate = cpu_to_le16(RSI_RATE_6);
669 		vap_caps->default_mgmt_rate = cpu_to_le32(RSI_RATE_6);
670 	} else {
671 		vap_caps->default_ctrl_rate = cpu_to_le16(RSI_RATE_1);
672 		vap_caps->default_mgmt_rate = cpu_to_le32(RSI_RATE_1);
673 	}
674 	if (conf_is_ht40(conf)) {
675 		if (conf_is_ht40_minus(conf))
676 			vap_caps->ctrl_rate_flags =
677 				cpu_to_le16(UPPER_20_ENABLE);
678 		else if (conf_is_ht40_plus(conf))
679 			vap_caps->ctrl_rate_flags =
680 				cpu_to_le16(LOWER_20_ENABLE);
681 		else
682 			vap_caps->ctrl_rate_flags =
683 				cpu_to_le16(FULL40M_ENABLE);
684 	}
685 
686 	vap_caps->default_data_rate = 0;
687 	vap_caps->beacon_interval = cpu_to_le16(common->beacon_interval);
688 	vap_caps->dtim_period = cpu_to_le16(common->dtim_cnt);
689 
690 	skb_put(skb, frame_len);
691 
692 	return rsi_send_internal_mgmt_frame(common, skb);
693 }
694 
695 /**
696  * rsi_hal_load_key() - This function is used to load keys within the firmware.
697  * @common: Pointer to the driver private structure.
698  * @data: Pointer to the key data.
699  * @key_len: Key length to be loaded.
700  * @key_type: Type of key: GROUP/PAIRWISE.
701  * @key_id: Key index.
702  * @cipher: Type of cipher used.
703  *
704  * Return: 0 on success, -1 on failure.
705  */
706 int rsi_hal_load_key(struct rsi_common *common,
707 		     u8 *data,
708 		     u16 key_len,
709 		     u8 key_type,
710 		     u8 key_id,
711 		     u32 cipher,
712 		     s16 sta_id,
713 		     struct ieee80211_vif *vif)
714 {
715 	struct sk_buff *skb = NULL;
716 	struct rsi_set_key *set_key;
717 	u16 key_descriptor = 0;
718 	u16 frame_len = sizeof(struct rsi_set_key);
719 
720 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending load key frame\n", __func__);
721 
722 	skb = dev_alloc_skb(frame_len);
723 	if (!skb) {
724 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
725 			__func__);
726 		return -ENOMEM;
727 	}
728 
729 	memset(skb->data, 0, frame_len);
730 	set_key = (struct rsi_set_key *)skb->data;
731 
732 	if (key_type == RSI_GROUP_KEY) {
733 		key_descriptor = RSI_KEY_TYPE_BROADCAST;
734 		if (vif->type == NL80211_IFTYPE_AP)
735 			key_descriptor |= RSI_KEY_MODE_AP;
736 	}
737 	if ((cipher == WLAN_CIPHER_SUITE_WEP40) ||
738 	    (cipher == WLAN_CIPHER_SUITE_WEP104)) {
739 		key_id = 0;
740 		key_descriptor |= RSI_WEP_KEY;
741 		if (key_len >= 13)
742 			key_descriptor |= RSI_WEP_KEY_104;
743 	} else if (cipher != KEY_TYPE_CLEAR) {
744 		key_descriptor |= RSI_CIPHER_WPA;
745 		if (cipher == WLAN_CIPHER_SUITE_TKIP)
746 			key_descriptor |= RSI_CIPHER_TKIP;
747 	}
748 	key_descriptor |= RSI_PROTECT_DATA_FRAMES;
749 	key_descriptor |= (key_id << RSI_KEY_ID_OFFSET);
750 
751 	rsi_set_len_qno(&set_key->desc_dword0.len_qno,
752 			(frame_len - FRAME_DESC_SZ), RSI_WIFI_MGMT_Q);
753 	set_key->desc_dword0.frame_type = SET_KEY_REQ;
754 	set_key->key_desc = cpu_to_le16(key_descriptor);
755 	set_key->sta_id = sta_id;
756 
757 	if (data) {
758 		if ((cipher == WLAN_CIPHER_SUITE_WEP40) ||
759 		    (cipher == WLAN_CIPHER_SUITE_WEP104)) {
760 			memcpy(&set_key->key[key_id][1], data, key_len * 2);
761 		} else {
762 			memcpy(&set_key->key[0][0], data, key_len);
763 		}
764 		memcpy(set_key->tx_mic_key, &data[16], 8);
765 		memcpy(set_key->rx_mic_key, &data[24], 8);
766 	} else {
767 		memset(&set_key[FRAME_DESC_SZ], 0, frame_len - FRAME_DESC_SZ);
768 	}
769 
770 	skb_put(skb, frame_len);
771 
772 	return rsi_send_internal_mgmt_frame(common, skb);
773 }
774 
775 /*
776  * This function sends the common device configuration parameters to device.
777  * This frame includes the useful information to make device works on
778  * specific operating mode.
779  */
780 static int rsi_send_common_dev_params(struct rsi_common *common)
781 {
782 	struct sk_buff *skb;
783 	u16 frame_len;
784 	struct rsi_config_vals *dev_cfgs;
785 
786 	frame_len = sizeof(struct rsi_config_vals);
787 
788 	rsi_dbg(MGMT_TX_ZONE, "Sending common device config params\n");
789 	skb = dev_alloc_skb(frame_len);
790 	if (!skb) {
791 		rsi_dbg(ERR_ZONE, "%s: Unable to allocate skb\n", __func__);
792 		return -ENOMEM;
793 	}
794 
795 	memset(skb->data, 0, frame_len);
796 
797 	dev_cfgs = (struct rsi_config_vals *)skb->data;
798 	memset(dev_cfgs, 0, (sizeof(struct rsi_config_vals)));
799 
800 	rsi_set_len_qno(&dev_cfgs->len_qno, (frame_len - FRAME_DESC_SZ),
801 			RSI_COEX_Q);
802 	dev_cfgs->pkt_type = COMMON_DEV_CONFIG;
803 
804 	dev_cfgs->lp_ps_handshake = common->lp_ps_handshake_mode;
805 	dev_cfgs->ulp_ps_handshake = common->ulp_ps_handshake_mode;
806 
807 	dev_cfgs->unused_ulp_gpio = RSI_UNUSED_ULP_GPIO_BITMAP;
808 	dev_cfgs->unused_soc_gpio_bitmap =
809 				cpu_to_le32(RSI_UNUSED_SOC_GPIO_BITMAP);
810 
811 	dev_cfgs->opermode = common->oper_mode;
812 	dev_cfgs->wlan_rf_pwr_mode = common->wlan_rf_power_mode;
813 	dev_cfgs->driver_mode = common->driver_mode;
814 	dev_cfgs->region_code = NL80211_DFS_FCC;
815 	dev_cfgs->antenna_sel_val = common->obm_ant_sel_val;
816 
817 	skb_put(skb, frame_len);
818 
819 	return rsi_send_internal_mgmt_frame(common, skb);
820 }
821 
822 /*
823  * rsi_load_bootup_params() - This function send bootup params to the firmware.
824  * @common: Pointer to the driver private structure.
825  *
826  * Return: 0 on success, corresponding error code on failure.
827  */
828 static int rsi_load_bootup_params(struct rsi_common *common)
829 {
830 	struct sk_buff *skb;
831 	struct rsi_boot_params *boot_params;
832 
833 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending boot params frame\n", __func__);
834 	skb = dev_alloc_skb(sizeof(struct rsi_boot_params));
835 	if (!skb) {
836 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
837 			__func__);
838 		return -ENOMEM;
839 	}
840 
841 	memset(skb->data, 0, sizeof(struct rsi_boot_params));
842 	boot_params = (struct rsi_boot_params *)skb->data;
843 
844 	rsi_dbg(MGMT_TX_ZONE, "%s:\n", __func__);
845 
846 	if (common->channel_width == BW_40MHZ) {
847 		memcpy(&boot_params->bootup_params,
848 		       &boot_params_40,
849 		       sizeof(struct bootup_params));
850 		rsi_dbg(MGMT_TX_ZONE, "%s: Packet 40MHZ <=== %d\n", __func__,
851 			UMAC_CLK_40BW);
852 		boot_params->desc_word[7] = cpu_to_le16(UMAC_CLK_40BW);
853 	} else {
854 		memcpy(&boot_params->bootup_params,
855 		       &boot_params_20,
856 		       sizeof(struct bootup_params));
857 		if (boot_params_20.valid != cpu_to_le32(VALID_20)) {
858 			boot_params->desc_word[7] = cpu_to_le16(UMAC_CLK_20BW);
859 			rsi_dbg(MGMT_TX_ZONE,
860 				"%s: Packet 20MHZ <=== %d\n", __func__,
861 				UMAC_CLK_20BW);
862 		} else {
863 			boot_params->desc_word[7] = cpu_to_le16(UMAC_CLK_40MHZ);
864 			rsi_dbg(MGMT_TX_ZONE,
865 				"%s: Packet 20MHZ <=== %d\n", __func__,
866 				UMAC_CLK_40MHZ);
867 		}
868 	}
869 
870 	/**
871 	 * Bit{0:11} indicates length of the Packet
872 	 * Bit{12:15} indicates host queue number
873 	 */
874 	boot_params->desc_word[0] = cpu_to_le16(sizeof(struct bootup_params) |
875 				    (RSI_WIFI_MGMT_Q << 12));
876 	boot_params->desc_word[1] = cpu_to_le16(BOOTUP_PARAMS_REQUEST);
877 
878 	skb_put(skb, sizeof(struct rsi_boot_params));
879 
880 	return rsi_send_internal_mgmt_frame(common, skb);
881 }
882 
883 /**
884  * rsi_send_reset_mac() - This function prepares reset MAC request and sends an
885  *			  internal management frame to indicate it to firmware.
886  * @common: Pointer to the driver private structure.
887  *
888  * Return: 0 on success, corresponding error code on failure.
889  */
890 static int rsi_send_reset_mac(struct rsi_common *common)
891 {
892 	struct sk_buff *skb;
893 	struct rsi_mac_frame *mgmt_frame;
894 
895 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending reset MAC frame\n", __func__);
896 
897 	skb = dev_alloc_skb(FRAME_DESC_SZ);
898 	if (!skb) {
899 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
900 			__func__);
901 		return -ENOMEM;
902 	}
903 
904 	memset(skb->data, 0, FRAME_DESC_SZ);
905 	mgmt_frame = (struct rsi_mac_frame *)skb->data;
906 
907 	mgmt_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
908 	mgmt_frame->desc_word[1] = cpu_to_le16(RESET_MAC_REQ);
909 	mgmt_frame->desc_word[4] = cpu_to_le16(RETRY_COUNT << 8);
910 
911 	skb_put(skb, FRAME_DESC_SZ);
912 
913 	return rsi_send_internal_mgmt_frame(common, skb);
914 }
915 
916 /**
917  * rsi_band_check() - This function programs the band
918  * @common: Pointer to the driver private structure.
919  *
920  * Return: 0 on success, corresponding error code on failure.
921  */
922 int rsi_band_check(struct rsi_common *common,
923 		   struct ieee80211_channel *curchan)
924 {
925 	struct rsi_hw *adapter = common->priv;
926 	struct ieee80211_hw *hw = adapter->hw;
927 	u8 prev_bw = common->channel_width;
928 	u8 prev_ep = common->endpoint;
929 	int status = 0;
930 
931 	if (common->band != curchan->band) {
932 		common->rf_reset = 1;
933 		common->band = curchan->band;
934 	}
935 
936 	if ((hw->conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT) ||
937 	    (hw->conf.chandef.width == NL80211_CHAN_WIDTH_20))
938 		common->channel_width = BW_20MHZ;
939 	else
940 		common->channel_width = BW_40MHZ;
941 
942 	if (common->band == NL80211_BAND_2GHZ) {
943 		if (common->channel_width)
944 			common->endpoint = EP_2GHZ_40MHZ;
945 		else
946 			common->endpoint = EP_2GHZ_20MHZ;
947 	} else {
948 		if (common->channel_width)
949 			common->endpoint = EP_5GHZ_40MHZ;
950 		else
951 			common->endpoint = EP_5GHZ_20MHZ;
952 	}
953 
954 	if (common->endpoint != prev_ep) {
955 		status = rsi_program_bb_rf(common);
956 		if (status)
957 			return status;
958 	}
959 
960 	if (common->channel_width != prev_bw) {
961 		status = rsi_load_bootup_params(common);
962 		if (status)
963 			return status;
964 
965 		status = rsi_load_radio_caps(common);
966 		if (status)
967 			return status;
968 	}
969 
970 	return status;
971 }
972 
973 /**
974  * rsi_set_channel() - This function programs the channel.
975  * @common: Pointer to the driver private structure.
976  * @channel: Channel value to be set.
977  *
978  * Return: 0 on success, corresponding error code on failure.
979  */
980 int rsi_set_channel(struct rsi_common *common,
981 		    struct ieee80211_channel *channel)
982 {
983 	struct sk_buff *skb = NULL;
984 	struct rsi_chan_config *chan_cfg;
985 	u16 frame_len = sizeof(struct rsi_chan_config);
986 
987 	rsi_dbg(MGMT_TX_ZONE,
988 		"%s: Sending scan req frame\n", __func__);
989 
990 	skb = dev_alloc_skb(frame_len);
991 	if (!skb) {
992 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
993 			__func__);
994 		return -ENOMEM;
995 	}
996 
997 	if (!channel) {
998 		dev_kfree_skb(skb);
999 		return 0;
1000 	}
1001 	memset(skb->data, 0, frame_len);
1002 	chan_cfg = (struct rsi_chan_config *)skb->data;
1003 
1004 	rsi_set_len_qno(&chan_cfg->desc_dword0.len_qno, 0, RSI_WIFI_MGMT_Q);
1005 	chan_cfg->desc_dword0.frame_type = SCAN_REQUEST;
1006 	chan_cfg->channel_number = channel->hw_value;
1007 	chan_cfg->antenna_gain_offset_2g = channel->max_antenna_gain;
1008 	chan_cfg->antenna_gain_offset_5g = channel->max_antenna_gain;
1009 	chan_cfg->region_rftype = (RSI_RF_TYPE & 0xf) << 4;
1010 
1011 	if ((channel->flags & IEEE80211_CHAN_NO_IR) ||
1012 	    (channel->flags & IEEE80211_CHAN_RADAR)) {
1013 		chan_cfg->antenna_gain_offset_2g |= RSI_CHAN_RADAR;
1014 	} else {
1015 		if (common->tx_power < channel->max_power)
1016 			chan_cfg->tx_power = cpu_to_le16(common->tx_power);
1017 		else
1018 			chan_cfg->tx_power = cpu_to_le16(channel->max_power);
1019 	}
1020 	chan_cfg->region_rftype |= (common->priv->dfs_region & 0xf);
1021 
1022 	if (common->channel_width == BW_40MHZ)
1023 		chan_cfg->channel_width = 0x1;
1024 
1025 	common->channel = channel->hw_value;
1026 
1027 	skb_put(skb, frame_len);
1028 
1029 	return rsi_send_internal_mgmt_frame(common, skb);
1030 }
1031 
1032 /**
1033  * rsi_send_radio_params_update() - This function sends the radio
1034  *				parameters update to device
1035  * @common: Pointer to the driver private structure.
1036  * @channel: Channel value to be set.
1037  *
1038  * Return: 0 on success, corresponding error code on failure.
1039  */
1040 int rsi_send_radio_params_update(struct rsi_common *common)
1041 {
1042 	struct rsi_mac_frame *cmd_frame;
1043 	struct sk_buff *skb = NULL;
1044 
1045 	rsi_dbg(MGMT_TX_ZONE,
1046 		"%s: Sending Radio Params update frame\n", __func__);
1047 
1048 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1049 	if (!skb) {
1050 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1051 			__func__);
1052 		return -ENOMEM;
1053 	}
1054 
1055 	memset(skb->data, 0, FRAME_DESC_SZ);
1056 	cmd_frame = (struct rsi_mac_frame *)skb->data;
1057 
1058 	cmd_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
1059 	cmd_frame->desc_word[1] = cpu_to_le16(RADIO_PARAMS_UPDATE);
1060 	cmd_frame->desc_word[3] = cpu_to_le16(BIT(0));
1061 
1062 	cmd_frame->desc_word[3] |= cpu_to_le16(common->tx_power << 8);
1063 
1064 	skb_put(skb, FRAME_DESC_SZ);
1065 
1066 	return rsi_send_internal_mgmt_frame(common, skb);
1067 }
1068 
1069 /* This function programs the threshold. */
1070 int rsi_send_vap_dynamic_update(struct rsi_common *common)
1071 {
1072 	struct sk_buff *skb;
1073 	struct rsi_dynamic_s *dynamic_frame;
1074 
1075 	rsi_dbg(MGMT_TX_ZONE,
1076 		"%s: Sending vap update indication frame\n", __func__);
1077 
1078 	skb = dev_alloc_skb(sizeof(struct rsi_dynamic_s));
1079 	if (!skb)
1080 		return -ENOMEM;
1081 
1082 	memset(skb->data, 0, sizeof(struct rsi_dynamic_s));
1083 	dynamic_frame = (struct rsi_dynamic_s *)skb->data;
1084 	rsi_set_len_qno(&dynamic_frame->desc_dword0.len_qno,
1085 			sizeof(dynamic_frame->frame_body), RSI_WIFI_MGMT_Q);
1086 
1087 	dynamic_frame->desc_dword0.frame_type = VAP_DYNAMIC_UPDATE;
1088 	dynamic_frame->desc_dword2.pkt_info =
1089 					cpu_to_le32(common->rts_threshold);
1090 
1091 	if (common->wow_flags & RSI_WOW_ENABLED) {
1092 		/* Beacon miss threshold */
1093 		dynamic_frame->desc_dword3.token =
1094 					cpu_to_le16(RSI_BCN_MISS_THRESHOLD);
1095 		dynamic_frame->frame_body.keep_alive_period =
1096 					cpu_to_le16(RSI_WOW_KEEPALIVE);
1097 	} else {
1098 		dynamic_frame->frame_body.keep_alive_period =
1099 					cpu_to_le16(RSI_DEF_KEEPALIVE);
1100 	}
1101 
1102 	dynamic_frame->desc_dword3.sta_id = 0; /* vap id */
1103 
1104 	skb_put(skb, sizeof(struct rsi_dynamic_s));
1105 
1106 	return rsi_send_internal_mgmt_frame(common, skb);
1107 }
1108 
1109 /**
1110  * rsi_compare() - This function is used to compare two integers
1111  * @a: pointer to the first integer
1112  * @b: pointer to the second integer
1113  *
1114  * Return: 0 if both are equal, -1 if the first is smaller, else 1
1115  */
1116 static int rsi_compare(const void *a, const void *b)
1117 {
1118 	u16 _a = *(const u16 *)(a);
1119 	u16 _b = *(const u16 *)(b);
1120 
1121 	if (_a > _b)
1122 		return -1;
1123 
1124 	if (_a < _b)
1125 		return 1;
1126 
1127 	return 0;
1128 }
1129 
1130 /**
1131  * rsi_map_rates() - This function is used to map selected rates to hw rates.
1132  * @rate: The standard rate to be mapped.
1133  * @offset: Offset that will be returned.
1134  *
1135  * Return: 0 if it is a mcs rate, else 1
1136  */
1137 static bool rsi_map_rates(u16 rate, int *offset)
1138 {
1139 	int kk;
1140 	for (kk = 0; kk < ARRAY_SIZE(rsi_mcsrates); kk++) {
1141 		if (rate == mcs[kk]) {
1142 			*offset = kk;
1143 			return false;
1144 		}
1145 	}
1146 
1147 	for (kk = 0; kk < ARRAY_SIZE(rsi_rates); kk++) {
1148 		if (rate == rsi_rates[kk].bitrate / 5) {
1149 			*offset = kk;
1150 			break;
1151 		}
1152 	}
1153 	return true;
1154 }
1155 
1156 /**
1157  * rsi_send_auto_rate_request() - This function is to set rates for connection
1158  *				  and send autorate request to firmware.
1159  * @common: Pointer to the driver private structure.
1160  *
1161  * Return: 0 on success, corresponding error code on failure.
1162  */
1163 static int rsi_send_auto_rate_request(struct rsi_common *common,
1164 				      struct ieee80211_sta *sta,
1165 				      u16 sta_id,
1166 				      struct ieee80211_vif *vif)
1167 {
1168 	struct sk_buff *skb;
1169 	struct rsi_auto_rate *auto_rate;
1170 	int ii = 0, jj = 0, kk = 0;
1171 	struct ieee80211_hw *hw = common->priv->hw;
1172 	u8 band = hw->conf.chandef.chan->band;
1173 	u8 num_supported_rates = 0;
1174 	u8 rate_table_offset, rate_offset = 0;
1175 	u32 rate_bitmap;
1176 	u16 *selected_rates, min_rate;
1177 	bool is_ht = false, is_sgi = false;
1178 	u16 frame_len = sizeof(struct rsi_auto_rate);
1179 
1180 	rsi_dbg(MGMT_TX_ZONE,
1181 		"%s: Sending auto rate request frame\n", __func__);
1182 
1183 	skb = dev_alloc_skb(frame_len);
1184 	if (!skb) {
1185 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1186 			__func__);
1187 		return -ENOMEM;
1188 	}
1189 
1190 	memset(skb->data, 0, frame_len);
1191 	selected_rates = kzalloc(2 * RSI_TBL_SZ, GFP_KERNEL);
1192 	if (!selected_rates) {
1193 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of mem\n",
1194 			__func__);
1195 		dev_kfree_skb(skb);
1196 		return -ENOMEM;
1197 	}
1198 
1199 	auto_rate = (struct rsi_auto_rate *)skb->data;
1200 
1201 	auto_rate->aarf_rssi = cpu_to_le16(((u16)3 << 6) | (u16)(18 & 0x3f));
1202 	auto_rate->collision_tolerance = cpu_to_le16(3);
1203 	auto_rate->failure_limit = cpu_to_le16(3);
1204 	auto_rate->initial_boundary = cpu_to_le16(3);
1205 	auto_rate->max_threshold_limt = cpu_to_le16(27);
1206 
1207 	auto_rate->desc.desc_dword0.frame_type = AUTO_RATE_IND;
1208 
1209 	if (common->channel_width == BW_40MHZ)
1210 		auto_rate->desc.desc_dword3.qid_tid = BW_40MHZ;
1211 	auto_rate->desc.desc_dword3.sta_id = sta_id;
1212 
1213 	if (vif->type == NL80211_IFTYPE_STATION) {
1214 		rate_bitmap = common->bitrate_mask[band];
1215 		is_ht = common->vif_info[0].is_ht;
1216 		is_sgi = common->vif_info[0].sgi;
1217 	} else {
1218 		rate_bitmap = sta->supp_rates[band];
1219 		is_ht = sta->ht_cap.ht_supported;
1220 		if ((sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20) ||
1221 		    (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40))
1222 			is_sgi = true;
1223 	}
1224 
1225 	if (band == NL80211_BAND_2GHZ) {
1226 		if ((rate_bitmap == 0) && (is_ht))
1227 			min_rate = RSI_RATE_MCS0;
1228 		else
1229 			min_rate = RSI_RATE_1;
1230 		rate_table_offset = 0;
1231 	} else {
1232 		if ((rate_bitmap == 0) && (is_ht))
1233 			min_rate = RSI_RATE_MCS0;
1234 		else
1235 			min_rate = RSI_RATE_6;
1236 		rate_table_offset = 4;
1237 	}
1238 
1239 	for (ii = 0, jj = 0;
1240 	     ii < (ARRAY_SIZE(rsi_rates) - rate_table_offset); ii++) {
1241 		if (rate_bitmap & BIT(ii)) {
1242 			selected_rates[jj++] =
1243 			(rsi_rates[ii + rate_table_offset].bitrate / 5);
1244 			rate_offset++;
1245 		}
1246 	}
1247 	num_supported_rates = jj;
1248 
1249 	if (is_ht) {
1250 		for (ii = 0; ii < ARRAY_SIZE(mcs); ii++)
1251 			selected_rates[jj++] = mcs[ii];
1252 		num_supported_rates += ARRAY_SIZE(mcs);
1253 		rate_offset += ARRAY_SIZE(mcs);
1254 	}
1255 
1256 	sort(selected_rates, jj, sizeof(u16), &rsi_compare, NULL);
1257 
1258 	/* mapping the rates to RSI rates */
1259 	for (ii = 0; ii < jj; ii++) {
1260 		if (rsi_map_rates(selected_rates[ii], &kk)) {
1261 			auto_rate->supported_rates[ii] =
1262 				cpu_to_le16(rsi_rates[kk].hw_value);
1263 		} else {
1264 			auto_rate->supported_rates[ii] =
1265 				cpu_to_le16(rsi_mcsrates[kk]);
1266 		}
1267 	}
1268 
1269 	/* loading HT rates in the bottom half of the auto rate table */
1270 	if (is_ht) {
1271 		for (ii = rate_offset, kk = ARRAY_SIZE(rsi_mcsrates) - 1;
1272 		     ii < rate_offset + 2 * ARRAY_SIZE(rsi_mcsrates); ii++) {
1273 			if (is_sgi || conf_is_ht40(&common->priv->hw->conf))
1274 				auto_rate->supported_rates[ii++] =
1275 					cpu_to_le16(rsi_mcsrates[kk] | BIT(9));
1276 			else
1277 				auto_rate->supported_rates[ii++] =
1278 					cpu_to_le16(rsi_mcsrates[kk]);
1279 			auto_rate->supported_rates[ii] =
1280 				cpu_to_le16(rsi_mcsrates[kk--]);
1281 		}
1282 
1283 		for (; ii < (RSI_TBL_SZ - 1); ii++) {
1284 			auto_rate->supported_rates[ii] =
1285 				cpu_to_le16(rsi_mcsrates[0]);
1286 		}
1287 	}
1288 
1289 	for (; ii < RSI_TBL_SZ; ii++)
1290 		auto_rate->supported_rates[ii] = cpu_to_le16(min_rate);
1291 
1292 	auto_rate->num_supported_rates = cpu_to_le16(num_supported_rates * 2);
1293 	auto_rate->moderate_rate_inx = cpu_to_le16(num_supported_rates / 2);
1294 	num_supported_rates *= 2;
1295 
1296 	rsi_set_len_qno(&auto_rate->desc.desc_dword0.len_qno,
1297 			(frame_len - FRAME_DESC_SZ), RSI_WIFI_MGMT_Q);
1298 
1299 	skb_put(skb, frame_len);
1300 	kfree(selected_rates);
1301 
1302 	return rsi_send_internal_mgmt_frame(common, skb);
1303 }
1304 
1305 /**
1306  * rsi_inform_bss_status() - This function informs about bss status with the
1307  *			     help of sta notify params by sending an internal
1308  *			     management frame to firmware.
1309  * @common: Pointer to the driver private structure.
1310  * @status: Bss status type.
1311  * @bssid: Bssid.
1312  * @qos_enable: Qos is enabled.
1313  * @aid: Aid (unique for all STAs).
1314  *
1315  * Return: None.
1316  */
1317 void rsi_inform_bss_status(struct rsi_common *common,
1318 			   enum opmode opmode,
1319 			   u8 status,
1320 			   const u8 *addr,
1321 			   u8 qos_enable,
1322 			   u16 aid,
1323 			   struct ieee80211_sta *sta,
1324 			   u16 sta_id,
1325 			   u16 assoc_cap,
1326 			   struct ieee80211_vif *vif)
1327 {
1328 	if (status) {
1329 		if (opmode == RSI_OPMODE_STA)
1330 			common->hw_data_qs_blocked = true;
1331 		rsi_hal_send_sta_notify_frame(common,
1332 					      opmode,
1333 					      STA_CONNECTED,
1334 					      addr,
1335 					      qos_enable,
1336 					      aid, sta_id,
1337 					      vif);
1338 		if (common->min_rate == 0xffff)
1339 			rsi_send_auto_rate_request(common, sta, sta_id, vif);
1340 		if (opmode == RSI_OPMODE_STA &&
1341 		    !(assoc_cap & WLAN_CAPABILITY_PRIVACY) &&
1342 		    !rsi_send_block_unblock_frame(common, false))
1343 			common->hw_data_qs_blocked = false;
1344 	} else {
1345 		if (opmode == RSI_OPMODE_STA)
1346 			common->hw_data_qs_blocked = true;
1347 
1348 		if (!(common->wow_flags & RSI_WOW_ENABLED))
1349 			rsi_hal_send_sta_notify_frame(common, opmode,
1350 						      STA_DISCONNECTED, addr,
1351 						      qos_enable, aid, sta_id,
1352 						      vif);
1353 		if (opmode == RSI_OPMODE_STA)
1354 			rsi_send_block_unblock_frame(common, true);
1355 	}
1356 }
1357 
1358 /**
1359  * rsi_eeprom_read() - This function sends a frame to read the mac address
1360  *		       from the eeprom.
1361  * @common: Pointer to the driver private structure.
1362  *
1363  * Return: 0 on success, -1 on failure.
1364  */
1365 static int rsi_eeprom_read(struct rsi_common *common)
1366 {
1367 	struct rsi_eeprom_read_frame *mgmt_frame;
1368 	struct rsi_hw *adapter = common->priv;
1369 	struct sk_buff *skb;
1370 
1371 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending EEPROM read req frame\n", __func__);
1372 
1373 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1374 	if (!skb) {
1375 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1376 			__func__);
1377 		return -ENOMEM;
1378 	}
1379 
1380 	memset(skb->data, 0, FRAME_DESC_SZ);
1381 	mgmt_frame = (struct rsi_eeprom_read_frame *)skb->data;
1382 
1383 	/* FrameType */
1384 	rsi_set_len_qno(&mgmt_frame->len_qno, 0, RSI_WIFI_MGMT_Q);
1385 	mgmt_frame->pkt_type = EEPROM_READ;
1386 
1387 	/* Number of bytes to read */
1388 	mgmt_frame->pkt_info =
1389 		cpu_to_le32((adapter->eeprom.length << RSI_EEPROM_LEN_OFFSET) &
1390 			    RSI_EEPROM_LEN_MASK);
1391 	mgmt_frame->pkt_info |= cpu_to_le32((3 << RSI_EEPROM_HDR_SIZE_OFFSET) &
1392 					    RSI_EEPROM_HDR_SIZE_MASK);
1393 
1394 	/* Address to read */
1395 	mgmt_frame->eeprom_offset = cpu_to_le32(adapter->eeprom.offset);
1396 
1397 	skb_put(skb, FRAME_DESC_SZ);
1398 
1399 	return rsi_send_internal_mgmt_frame(common, skb);
1400 }
1401 
1402 /**
1403  * This function sends a frame to block/unblock
1404  * data queues in the firmware
1405  *
1406  * @param common Pointer to the driver private structure.
1407  * @param block event - block if true, unblock if false
1408  * @return 0 on success, -1 on failure.
1409  */
1410 int rsi_send_block_unblock_frame(struct rsi_common *common, bool block_event)
1411 {
1412 	struct rsi_block_unblock_data *mgmt_frame;
1413 	struct sk_buff *skb;
1414 
1415 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending block/unblock frame\n", __func__);
1416 
1417 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1418 	if (!skb) {
1419 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1420 			__func__);
1421 		return -ENOMEM;
1422 	}
1423 
1424 	memset(skb->data, 0, FRAME_DESC_SZ);
1425 	mgmt_frame = (struct rsi_block_unblock_data *)skb->data;
1426 
1427 	rsi_set_len_qno(&mgmt_frame->desc_dword0.len_qno, 0, RSI_WIFI_MGMT_Q);
1428 	mgmt_frame->desc_dword0.frame_type = BLOCK_HW_QUEUE;
1429 	mgmt_frame->host_quiet_info = QUIET_INFO_VALID;
1430 
1431 	if (block_event) {
1432 		rsi_dbg(INFO_ZONE, "blocking the data qs\n");
1433 		mgmt_frame->block_q_bitmap = cpu_to_le16(0xf);
1434 		mgmt_frame->block_q_bitmap |= cpu_to_le16(0xf << 4);
1435 	} else {
1436 		rsi_dbg(INFO_ZONE, "unblocking the data qs\n");
1437 		mgmt_frame->unblock_q_bitmap = cpu_to_le16(0xf);
1438 		mgmt_frame->unblock_q_bitmap |= cpu_to_le16(0xf << 4);
1439 	}
1440 
1441 	skb_put(skb, FRAME_DESC_SZ);
1442 
1443 	return rsi_send_internal_mgmt_frame(common, skb);
1444 }
1445 
1446 /**
1447  * rsi_send_rx_filter_frame() - Sends a frame to filter the RX packets
1448  *
1449  * @common: Pointer to the driver private structure.
1450  * @rx_filter_word: Flags of filter packets
1451  *
1452  * @Return: 0 on success, -1 on failure.
1453  */
1454 int rsi_send_rx_filter_frame(struct rsi_common *common, u16 rx_filter_word)
1455 {
1456 	struct rsi_mac_frame *cmd_frame;
1457 	struct sk_buff *skb;
1458 
1459 	rsi_dbg(MGMT_TX_ZONE, "Sending RX filter frame\n");
1460 
1461 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1462 	if (!skb) {
1463 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1464 			__func__);
1465 		return -ENOMEM;
1466 	}
1467 
1468 	memset(skb->data, 0, FRAME_DESC_SZ);
1469 	cmd_frame = (struct rsi_mac_frame *)skb->data;
1470 
1471 	cmd_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
1472 	cmd_frame->desc_word[1] = cpu_to_le16(SET_RX_FILTER);
1473 	cmd_frame->desc_word[4] = cpu_to_le16(rx_filter_word);
1474 
1475 	skb_put(skb, FRAME_DESC_SZ);
1476 
1477 	return rsi_send_internal_mgmt_frame(common, skb);
1478 }
1479 
1480 int rsi_send_ps_request(struct rsi_hw *adapter, bool enable,
1481 			struct ieee80211_vif *vif)
1482 {
1483 	struct rsi_common *common = adapter->priv;
1484 	struct ieee80211_bss_conf *bss = &vif->bss_conf;
1485 	struct rsi_request_ps *ps;
1486 	struct rsi_ps_info *ps_info;
1487 	struct sk_buff *skb;
1488 	int frame_len = sizeof(*ps);
1489 
1490 	skb = dev_alloc_skb(frame_len);
1491 	if (!skb)
1492 		return -ENOMEM;
1493 	memset(skb->data, 0, frame_len);
1494 
1495 	ps = (struct rsi_request_ps *)skb->data;
1496 	ps_info = &adapter->ps_info;
1497 
1498 	rsi_set_len_qno(&ps->desc.desc_dword0.len_qno,
1499 			(frame_len - FRAME_DESC_SZ), RSI_WIFI_MGMT_Q);
1500 	ps->desc.desc_dword0.frame_type = WAKEUP_SLEEP_REQUEST;
1501 	if (enable) {
1502 		ps->ps_sleep.enable = RSI_PS_ENABLE;
1503 		ps->desc.desc_dword3.token = cpu_to_le16(RSI_SLEEP_REQUEST);
1504 	} else {
1505 		ps->ps_sleep.enable = RSI_PS_DISABLE;
1506 		ps->desc.desc_dword0.len_qno |= cpu_to_le16(RSI_PS_DISABLE_IND);
1507 		ps->desc.desc_dword3.token = cpu_to_le16(RSI_WAKEUP_REQUEST);
1508 	}
1509 
1510 	ps->ps_uapsd_acs = common->uapsd_bitmap;
1511 
1512 	ps->ps_sleep.sleep_type = ps_info->sleep_type;
1513 	ps->ps_sleep.num_bcns_per_lis_int =
1514 		cpu_to_le16(ps_info->num_bcns_per_lis_int);
1515 	ps->ps_sleep.sleep_duration =
1516 		cpu_to_le32(ps_info->deep_sleep_wakeup_period);
1517 
1518 	if (bss->assoc)
1519 		ps->ps_sleep.connected_sleep = RSI_CONNECTED_SLEEP;
1520 	else
1521 		ps->ps_sleep.connected_sleep = RSI_DEEP_SLEEP;
1522 
1523 	ps->ps_listen_interval = cpu_to_le32(ps_info->listen_interval);
1524 	ps->ps_dtim_interval_duration =
1525 		cpu_to_le32(ps_info->dtim_interval_duration);
1526 
1527 	if (ps_info->listen_interval > ps_info->dtim_interval_duration)
1528 		ps->ps_listen_interval = cpu_to_le32(RSI_PS_DISABLE);
1529 
1530 	ps->ps_num_dtim_intervals = cpu_to_le16(ps_info->num_dtims_per_sleep);
1531 	skb_put(skb, frame_len);
1532 
1533 	return rsi_send_internal_mgmt_frame(common, skb);
1534 }
1535 
1536 /**
1537  * rsi_set_antenna() - This fuction send antenna configuration request
1538  *		       to device
1539  *
1540  * @common: Pointer to the driver private structure.
1541  * @antenna: bitmap for tx antenna selection
1542  *
1543  * Return: 0 on Success, negative error code on failure
1544  */
1545 int rsi_set_antenna(struct rsi_common *common, u8 antenna)
1546 {
1547 	struct rsi_ant_sel_frame *ant_sel_frame;
1548 	struct sk_buff *skb;
1549 
1550 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1551 	if (!skb) {
1552 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1553 			__func__);
1554 		return -ENOMEM;
1555 	}
1556 
1557 	memset(skb->data, 0, FRAME_DESC_SZ);
1558 
1559 	ant_sel_frame = (struct rsi_ant_sel_frame *)skb->data;
1560 	ant_sel_frame->desc_dword0.frame_type = ANT_SEL_FRAME;
1561 	ant_sel_frame->sub_frame_type = ANTENNA_SEL_TYPE;
1562 	ant_sel_frame->ant_value = cpu_to_le16(antenna & ANTENNA_MASK_VALUE);
1563 	rsi_set_len_qno(&ant_sel_frame->desc_dword0.len_qno,
1564 			0, RSI_WIFI_MGMT_Q);
1565 	skb_put(skb, FRAME_DESC_SZ);
1566 
1567 	return rsi_send_internal_mgmt_frame(common, skb);
1568 }
1569 
1570 static int rsi_send_beacon(struct rsi_common *common)
1571 {
1572 	struct sk_buff *skb = NULL;
1573 	u8 dword_align_bytes = 0;
1574 
1575 	skb = dev_alloc_skb(MAX_MGMT_PKT_SIZE);
1576 	if (!skb)
1577 		return -ENOMEM;
1578 
1579 	memset(skb->data, 0, MAX_MGMT_PKT_SIZE);
1580 
1581 	dword_align_bytes = ((unsigned long)skb->data & 0x3f);
1582 	if (dword_align_bytes)
1583 		skb_pull(skb, (64 - dword_align_bytes));
1584 	if (rsi_prepare_beacon(common, skb)) {
1585 		rsi_dbg(ERR_ZONE, "Failed to prepare beacon\n");
1586 		return -EINVAL;
1587 	}
1588 	skb_queue_tail(&common->tx_queue[MGMT_BEACON_Q], skb);
1589 	rsi_set_event(&common->tx_thread.event);
1590 	rsi_dbg(DATA_TX_ZONE, "%s: Added to beacon queue\n", __func__);
1591 
1592 	return 0;
1593 }
1594 
1595 #ifdef CONFIG_PM
1596 int rsi_send_wowlan_request(struct rsi_common *common, u16 flags,
1597 			    u16 sleep_status)
1598 {
1599 	struct rsi_wowlan_req *cmd_frame;
1600 	struct sk_buff *skb;
1601 	u8 length;
1602 
1603 	rsi_dbg(ERR_ZONE, "%s: Sending wowlan request frame\n", __func__);
1604 
1605 	length = sizeof(*cmd_frame);
1606 	skb = dev_alloc_skb(length);
1607 	if (!skb)
1608 		return -ENOMEM;
1609 	memset(skb->data, 0, length);
1610 	cmd_frame = (struct rsi_wowlan_req *)skb->data;
1611 
1612 	rsi_set_len_qno(&cmd_frame->desc.desc_dword0.len_qno,
1613 			(length - FRAME_DESC_SZ),
1614 			RSI_WIFI_MGMT_Q);
1615 	cmd_frame->desc.desc_dword0.frame_type = WOWLAN_CONFIG_PARAMS;
1616 	cmd_frame->host_sleep_status = sleep_status;
1617 	if (common->secinfo.security_enable &&
1618 	    common->secinfo.gtk_cipher)
1619 		flags |= RSI_WOW_GTK_REKEY;
1620 	if (sleep_status)
1621 		cmd_frame->wow_flags = flags;
1622 	rsi_dbg(INFO_ZONE, "Host_Sleep_Status : %d Flags : %d\n",
1623 		cmd_frame->host_sleep_status, cmd_frame->wow_flags);
1624 
1625 	skb_put(skb, length);
1626 
1627 	return rsi_send_internal_mgmt_frame(common, skb);
1628 }
1629 #endif
1630 
1631 /**
1632  * rsi_handle_ta_confirm_type() - This function handles the confirm frames.
1633  * @common: Pointer to the driver private structure.
1634  * @msg: Pointer to received packet.
1635  *
1636  * Return: 0 on success, -1 on failure.
1637  */
1638 static int rsi_handle_ta_confirm_type(struct rsi_common *common,
1639 				      u8 *msg)
1640 {
1641 	struct rsi_hw *adapter = common->priv;
1642 	u8 sub_type = (msg[15] & 0xff);
1643 	u16 msg_len = ((u16 *)msg)[0] & 0xfff;
1644 	u8 offset;
1645 
1646 	switch (sub_type) {
1647 	case BOOTUP_PARAMS_REQUEST:
1648 		rsi_dbg(FSM_ZONE, "%s: Boot up params confirm received\n",
1649 			__func__);
1650 		if (common->fsm_state == FSM_BOOT_PARAMS_SENT) {
1651 			adapter->eeprom.length = (IEEE80211_ADDR_LEN +
1652 						  WLAN_MAC_MAGIC_WORD_LEN +
1653 						  WLAN_HOST_MODE_LEN);
1654 			adapter->eeprom.offset = WLAN_MAC_EEPROM_ADDR;
1655 			if (rsi_eeprom_read(common)) {
1656 				common->fsm_state = FSM_CARD_NOT_READY;
1657 				goto out;
1658 			}
1659 			common->fsm_state = FSM_EEPROM_READ_MAC_ADDR;
1660 		} else {
1661 			rsi_dbg(INFO_ZONE,
1662 				"%s: Received bootup params cfm in %d state\n",
1663 				 __func__, common->fsm_state);
1664 			return 0;
1665 		}
1666 		break;
1667 
1668 	case EEPROM_READ:
1669 		rsi_dbg(FSM_ZONE, "EEPROM READ confirm received\n");
1670 		if (msg_len <= 0) {
1671 			rsi_dbg(FSM_ZONE,
1672 				"%s: [EEPROM_READ] Invalid len %d\n",
1673 				__func__, msg_len);
1674 			goto out;
1675 		}
1676 		if (msg[16] != MAGIC_WORD) {
1677 			rsi_dbg(FSM_ZONE,
1678 				"%s: [EEPROM_READ] Invalid token\n", __func__);
1679 			common->fsm_state = FSM_CARD_NOT_READY;
1680 			goto out;
1681 		}
1682 		if (common->fsm_state == FSM_EEPROM_READ_MAC_ADDR) {
1683 			offset = (FRAME_DESC_SZ + WLAN_HOST_MODE_LEN +
1684 				  WLAN_MAC_MAGIC_WORD_LEN);
1685 			memcpy(common->mac_addr, &msg[offset], ETH_ALEN);
1686 			adapter->eeprom.length =
1687 				((WLAN_MAC_MAGIC_WORD_LEN + 3) & (~3));
1688 			adapter->eeprom.offset = WLAN_EEPROM_RFTYPE_ADDR;
1689 			if (rsi_eeprom_read(common)) {
1690 				rsi_dbg(ERR_ZONE,
1691 					"%s: Failed reading RF band\n",
1692 					__func__);
1693 				common->fsm_state = FSM_CARD_NOT_READY;
1694 				goto out;
1695 			}
1696 			common->fsm_state = FSM_EEPROM_READ_RF_TYPE;
1697 		} else if (common->fsm_state == FSM_EEPROM_READ_RF_TYPE) {
1698 			if ((msg[17] & 0x3) == 0x3) {
1699 				rsi_dbg(INIT_ZONE, "Dual band supported\n");
1700 				common->band = NL80211_BAND_5GHZ;
1701 				common->num_supp_bands = 2;
1702 			} else if ((msg[17] & 0x3) == 0x1) {
1703 				rsi_dbg(INIT_ZONE,
1704 					"Only 2.4Ghz band supported\n");
1705 				common->band = NL80211_BAND_2GHZ;
1706 				common->num_supp_bands = 1;
1707 			}
1708 			if (rsi_send_reset_mac(common))
1709 				goto out;
1710 			common->fsm_state = FSM_RESET_MAC_SENT;
1711 		} else {
1712 			rsi_dbg(ERR_ZONE, "%s: Invalid EEPROM read type\n",
1713 				__func__);
1714 			return 0;
1715 		}
1716 		break;
1717 
1718 	case RESET_MAC_REQ:
1719 		if (common->fsm_state == FSM_RESET_MAC_SENT) {
1720 			rsi_dbg(FSM_ZONE, "%s: Reset MAC cfm received\n",
1721 				__func__);
1722 
1723 			if (rsi_load_radio_caps(common))
1724 				goto out;
1725 			else
1726 				common->fsm_state = FSM_RADIO_CAPS_SENT;
1727 		} else {
1728 			rsi_dbg(ERR_ZONE,
1729 				"%s: Received reset mac cfm in %d state\n",
1730 				 __func__, common->fsm_state);
1731 			return 0;
1732 		}
1733 		break;
1734 
1735 	case RADIO_CAPABILITIES:
1736 		if (common->fsm_state == FSM_RADIO_CAPS_SENT) {
1737 			common->rf_reset = 1;
1738 			if (rsi_program_bb_rf(common)) {
1739 				goto out;
1740 			} else {
1741 				common->fsm_state = FSM_BB_RF_PROG_SENT;
1742 				rsi_dbg(FSM_ZONE, "%s: Radio cap cfm received\n",
1743 					__func__);
1744 			}
1745 		} else {
1746 			rsi_dbg(INFO_ZONE,
1747 				"%s: Received radio caps cfm in %d state\n",
1748 				 __func__, common->fsm_state);
1749 			return 0;
1750 		}
1751 		break;
1752 
1753 	case BB_PROG_VALUES_REQUEST:
1754 	case RF_PROG_VALUES_REQUEST:
1755 	case BBP_PROG_IN_TA:
1756 		rsi_dbg(FSM_ZONE, "%s: BB/RF cfm received\n", __func__);
1757 		if (common->fsm_state == FSM_BB_RF_PROG_SENT) {
1758 			common->bb_rf_prog_count--;
1759 			if (!common->bb_rf_prog_count) {
1760 				common->fsm_state = FSM_MAC_INIT_DONE;
1761 				if (common->reinit_hw) {
1762 					complete(&common->wlan_init_completion);
1763 				} else {
1764 					return rsi_mac80211_attach(common);
1765 				}
1766 			}
1767 		} else {
1768 			rsi_dbg(INFO_ZONE,
1769 				"%s: Received bbb_rf cfm in %d state\n",
1770 				 __func__, common->fsm_state);
1771 			return 0;
1772 		}
1773 		break;
1774 	case WAKEUP_SLEEP_REQUEST:
1775 		rsi_dbg(INFO_ZONE, "Wakeup/Sleep confirmation.\n");
1776 		return rsi_handle_ps_confirm(adapter, msg);
1777 	default:
1778 		rsi_dbg(INFO_ZONE, "%s: Invalid TA confirm pkt received\n",
1779 			__func__);
1780 		break;
1781 	}
1782 	return 0;
1783 out:
1784 	rsi_dbg(ERR_ZONE, "%s: Unable to send pkt/Invalid frame received\n",
1785 		__func__);
1786 	return -EINVAL;
1787 }
1788 
1789 int rsi_handle_card_ready(struct rsi_common *common, u8 *msg)
1790 {
1791 	switch (common->fsm_state) {
1792 	case FSM_CARD_NOT_READY:
1793 		rsi_dbg(INIT_ZONE, "Card ready indication from Common HAL\n");
1794 		rsi_set_default_parameters(common);
1795 		if (rsi_send_common_dev_params(common) < 0)
1796 			return -EINVAL;
1797 		common->fsm_state = FSM_COMMON_DEV_PARAMS_SENT;
1798 		break;
1799 	case FSM_COMMON_DEV_PARAMS_SENT:
1800 		rsi_dbg(INIT_ZONE, "Card ready indication from WLAN HAL\n");
1801 
1802 		/* Get usb buffer status register address */
1803 		common->priv->usb_buffer_status_reg = *(u32 *)&msg[8];
1804 		rsi_dbg(INFO_ZONE, "USB buffer status register = %x\n",
1805 			common->priv->usb_buffer_status_reg);
1806 
1807 		if (rsi_load_bootup_params(common)) {
1808 			common->fsm_state = FSM_CARD_NOT_READY;
1809 			return -EINVAL;
1810 		}
1811 		common->fsm_state = FSM_BOOT_PARAMS_SENT;
1812 		break;
1813 	default:
1814 		rsi_dbg(ERR_ZONE,
1815 			"%s: card ready indication in invalid state %d.\n",
1816 			__func__, common->fsm_state);
1817 		return -EINVAL;
1818 	}
1819 
1820 	return 0;
1821 }
1822 
1823 /**
1824  * rsi_mgmt_pkt_recv() - This function processes the management packets
1825  *			 recieved from the hardware.
1826  * @common: Pointer to the driver private structure.
1827  * @msg: Pointer to the received packet.
1828  *
1829  * Return: 0 on success, -1 on failure.
1830  */
1831 int rsi_mgmt_pkt_recv(struct rsi_common *common, u8 *msg)
1832 {
1833 	s32 msg_len = (le16_to_cpu(*(__le16 *)&msg[0]) & 0x0fff);
1834 	u16 msg_type = (msg[2]);
1835 
1836 	rsi_dbg(FSM_ZONE, "%s: Msg Len: %d, Msg Type: %4x\n",
1837 		__func__, msg_len, msg_type);
1838 
1839 	switch (msg_type) {
1840 	case TA_CONFIRM_TYPE:
1841 		return rsi_handle_ta_confirm_type(common, msg);
1842 	case CARD_READY_IND:
1843 		common->hibernate_resume = false;
1844 		rsi_dbg(FSM_ZONE, "%s: Card ready indication received\n",
1845 			__func__);
1846 		return rsi_handle_card_ready(common, msg);
1847 	case TX_STATUS_IND:
1848 		switch (msg[RSI_TX_STATUS_TYPE]) {
1849 		case PROBEREQ_CONFIRM:
1850 			common->mgmt_q_block = false;
1851 			rsi_dbg(FSM_ZONE, "%s: Probe confirm received\n",
1852 				__func__);
1853 			break;
1854 		case EAPOL4_CONFIRM:
1855 			if (msg[RSI_TX_STATUS]) {
1856 				common->eapol4_confirm = true;
1857 				if (!rsi_send_block_unblock_frame(common,
1858 								  false))
1859 					common->hw_data_qs_blocked = false;
1860 			}
1861 		}
1862 		break;
1863 	case BEACON_EVENT_IND:
1864 		rsi_dbg(INFO_ZONE, "Beacon event\n");
1865 		if (common->fsm_state != FSM_MAC_INIT_DONE)
1866 			return -1;
1867 		if (common->iface_down)
1868 			return -1;
1869 		if (!common->beacon_enabled)
1870 			return -1;
1871 		rsi_send_beacon(common);
1872 		break;
1873 	case RX_DOT11_MGMT:
1874 		return rsi_mgmt_pkt_to_core(common, msg, msg_len);
1875 	default:
1876 		rsi_dbg(INFO_ZONE, "Received packet type: 0x%x\n", msg_type);
1877 	}
1878 	return 0;
1879 }
1880