1 /**
2  * Copyright (c) 2014 Redpine Signals Inc.
3  *
4  * Permission to use, copy, modify, and/or distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <linux/etherdevice.h>
18 #include "rsi_mgmt.h"
19 #include "rsi_common.h"
20 
21 static struct bootup_params boot_params_20 = {
22 	.magic_number = cpu_to_le16(0x5aa5),
23 	.crystal_good_time = 0x0,
24 	.valid = cpu_to_le32(VALID_20),
25 	.reserved_for_valids = 0x0,
26 	.bootup_mode_info = 0x0,
27 	.digital_loop_back_params = 0x0,
28 	.rtls_timestamp_en = 0x0,
29 	.host_spi_intr_cfg = 0x0,
30 	.device_clk_info = {{
31 		.pll_config_g = {
32 			.tapll_info_g = {
33 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_20 << 8)|
34 					      (TA_PLL_M_VAL_20)),
35 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_20),
36 			},
37 			.pll960_info_g = {
38 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_20 << 8)|
39 							 (PLL960_N_VAL_20)),
40 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_20),
41 				.pll_reg_3 = 0x0,
42 			},
43 			.afepll_info_g = {
44 				.pll_reg = cpu_to_le16(0x9f0),
45 			}
46 		},
47 		.switch_clk_g = {
48 			.switch_clk_info = cpu_to_le16(0xb),
49 			.bbp_lmac_clk_reg_val = cpu_to_le16(0x111),
50 			.umac_clock_reg_config = cpu_to_le16(0x48),
51 			.qspi_uart_clock_reg_config = cpu_to_le16(0x1211)
52 		}
53 	},
54 	{
55 		.pll_config_g = {
56 			.tapll_info_g = {
57 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_20 << 8)|
58 							 (TA_PLL_M_VAL_20)),
59 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_20),
60 			},
61 			.pll960_info_g = {
62 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_20 << 8)|
63 							 (PLL960_N_VAL_20)),
64 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_20),
65 				.pll_reg_3 = 0x0,
66 			},
67 			.afepll_info_g = {
68 				.pll_reg = cpu_to_le16(0x9f0),
69 			}
70 		},
71 		.switch_clk_g = {
72 			.switch_clk_info = 0x0,
73 			.bbp_lmac_clk_reg_val = 0x0,
74 			.umac_clock_reg_config = 0x0,
75 			.qspi_uart_clock_reg_config = 0x0
76 		}
77 	},
78 	{
79 		.pll_config_g = {
80 			.tapll_info_g = {
81 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_20 << 8)|
82 							 (TA_PLL_M_VAL_20)),
83 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_20),
84 			},
85 			.pll960_info_g = {
86 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_20 << 8)|
87 							 (PLL960_N_VAL_20)),
88 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_20),
89 				.pll_reg_3 = 0x0,
90 			},
91 			.afepll_info_g = {
92 				.pll_reg = cpu_to_le16(0x9f0),
93 			}
94 		},
95 		.switch_clk_g = {
96 			.switch_clk_info = 0x0,
97 			.bbp_lmac_clk_reg_val = 0x0,
98 			.umac_clock_reg_config = 0x0,
99 			.qspi_uart_clock_reg_config = 0x0
100 		}
101 	} },
102 	.buckboost_wakeup_cnt = 0x0,
103 	.pmu_wakeup_wait = 0x0,
104 	.shutdown_wait_time = 0x0,
105 	.pmu_slp_clkout_sel = 0x0,
106 	.wdt_prog_value = 0x0,
107 	.wdt_soc_rst_delay = 0x0,
108 	.dcdc_operation_mode = 0x0,
109 	.soc_reset_wait_cnt = 0x0,
110 	.waiting_time_at_fresh_sleep = 0x0,
111 	.max_threshold_to_avoid_sleep = 0x0,
112 	.beacon_resedue_alg_en = 0,
113 };
114 
115 static struct bootup_params boot_params_40 = {
116 	.magic_number = cpu_to_le16(0x5aa5),
117 	.crystal_good_time = 0x0,
118 	.valid = cpu_to_le32(VALID_40),
119 	.reserved_for_valids = 0x0,
120 	.bootup_mode_info = 0x0,
121 	.digital_loop_back_params = 0x0,
122 	.rtls_timestamp_en = 0x0,
123 	.host_spi_intr_cfg = 0x0,
124 	.device_clk_info = {{
125 		.pll_config_g = {
126 			.tapll_info_g = {
127 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_40 << 8)|
128 							 (TA_PLL_M_VAL_40)),
129 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_40),
130 			},
131 			.pll960_info_g = {
132 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_40 << 8)|
133 							 (PLL960_N_VAL_40)),
134 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_40),
135 				.pll_reg_3 = 0x0,
136 			},
137 			.afepll_info_g = {
138 				.pll_reg = cpu_to_le16(0x9f0),
139 			}
140 		},
141 		.switch_clk_g = {
142 			.switch_clk_info = cpu_to_le16(0x09),
143 			.bbp_lmac_clk_reg_val = cpu_to_le16(0x1121),
144 			.umac_clock_reg_config = cpu_to_le16(0x48),
145 			.qspi_uart_clock_reg_config = cpu_to_le16(0x1211)
146 		}
147 	},
148 	{
149 		.pll_config_g = {
150 			.tapll_info_g = {
151 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_40 << 8)|
152 							 (TA_PLL_M_VAL_40)),
153 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_40),
154 			},
155 			.pll960_info_g = {
156 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_40 << 8)|
157 							 (PLL960_N_VAL_40)),
158 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_40),
159 				.pll_reg_3 = 0x0,
160 			},
161 			.afepll_info_g = {
162 				.pll_reg = cpu_to_le16(0x9f0),
163 			}
164 		},
165 		.switch_clk_g = {
166 			.switch_clk_info = 0x0,
167 			.bbp_lmac_clk_reg_val = 0x0,
168 			.umac_clock_reg_config = 0x0,
169 			.qspi_uart_clock_reg_config = 0x0
170 		}
171 	},
172 	{
173 		.pll_config_g = {
174 			.tapll_info_g = {
175 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_40 << 8)|
176 							 (TA_PLL_M_VAL_40)),
177 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_40),
178 			},
179 			.pll960_info_g = {
180 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_40 << 8)|
181 							 (PLL960_N_VAL_40)),
182 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_40),
183 				.pll_reg_3 = 0x0,
184 			},
185 			.afepll_info_g = {
186 				.pll_reg = cpu_to_le16(0x9f0),
187 			}
188 		},
189 		.switch_clk_g = {
190 			.switch_clk_info = 0x0,
191 			.bbp_lmac_clk_reg_val = 0x0,
192 			.umac_clock_reg_config = 0x0,
193 			.qspi_uart_clock_reg_config = 0x0
194 		}
195 	} },
196 	.buckboost_wakeup_cnt = 0x0,
197 	.pmu_wakeup_wait = 0x0,
198 	.shutdown_wait_time = 0x0,
199 	.pmu_slp_clkout_sel = 0x0,
200 	.wdt_prog_value = 0x0,
201 	.wdt_soc_rst_delay = 0x0,
202 	.dcdc_operation_mode = 0x0,
203 	.soc_reset_wait_cnt = 0x0,
204 	.waiting_time_at_fresh_sleep = 0x0,
205 	.max_threshold_to_avoid_sleep = 0x0,
206 	.beacon_resedue_alg_en = 0,
207 };
208 
209 static u16 mcs[] = {13, 26, 39, 52, 78, 104, 117, 130};
210 
211 /**
212  * rsi_set_default_parameters() - This function sets default parameters.
213  * @common: Pointer to the driver private structure.
214  *
215  * Return: none
216  */
217 static void rsi_set_default_parameters(struct rsi_common *common)
218 {
219 	common->band = NL80211_BAND_2GHZ;
220 	common->channel_width = BW_20MHZ;
221 	common->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
222 	common->channel = 1;
223 	common->min_rate = 0xffff;
224 	common->fsm_state = FSM_CARD_NOT_READY;
225 	common->iface_down = true;
226 	common->endpoint = EP_2GHZ_20MHZ;
227 	common->driver_mode = 1; /* End to end mode */
228 	common->lp_ps_handshake_mode = 0; /* Default no handShake mode*/
229 	common->ulp_ps_handshake_mode = 2; /* Default PKT handShake mode*/
230 	common->rf_power_val = 0; /* Default 1.9V */
231 	common->wlan_rf_power_mode = 0;
232 	common->obm_ant_sel_val = 2;
233 }
234 
235 /**
236  * rsi_set_contention_vals() - This function sets the contention values for the
237  *			       backoff procedure.
238  * @common: Pointer to the driver private structure.
239  *
240  * Return: None.
241  */
242 static void rsi_set_contention_vals(struct rsi_common *common)
243 {
244 	u8 ii = 0;
245 
246 	for (; ii < NUM_EDCA_QUEUES; ii++) {
247 		common->tx_qinfo[ii].wme_params =
248 			(((common->edca_params[ii].cw_min / 2) +
249 			  (common->edca_params[ii].aifs)) *
250 			  WMM_SHORT_SLOT_TIME + SIFS_DURATION);
251 		common->tx_qinfo[ii].weight = common->tx_qinfo[ii].wme_params;
252 		common->tx_qinfo[ii].pkt_contended = 0;
253 	}
254 }
255 
256 /**
257  * rsi_send_internal_mgmt_frame() - This function sends management frames to
258  *				    firmware.Also schedules packet to queue
259  *				    for transmission.
260  * @common: Pointer to the driver private structure.
261  * @skb: Pointer to the socket buffer structure.
262  *
263  * Return: 0 on success, -1 on failure.
264  */
265 static int rsi_send_internal_mgmt_frame(struct rsi_common *common,
266 					struct sk_buff *skb)
267 {
268 	struct skb_info *tx_params;
269 
270 	if (skb == NULL) {
271 		rsi_dbg(ERR_ZONE, "%s: Unable to allocate skb\n", __func__);
272 		return -ENOMEM;
273 	}
274 	tx_params = (struct skb_info *)&IEEE80211_SKB_CB(skb)->driver_data;
275 	tx_params->flags |= INTERNAL_MGMT_PKT;
276 	skb_queue_tail(&common->tx_queue[MGMT_SOFT_Q], skb);
277 	rsi_set_event(&common->tx_thread.event);
278 	return 0;
279 }
280 
281 /**
282  * rsi_load_radio_caps() - This function is used to send radio capabilities
283  *			   values to firmware.
284  * @common: Pointer to the driver private structure.
285  *
286  * Return: 0 on success, corresponding negative error code on failure.
287  */
288 static int rsi_load_radio_caps(struct rsi_common *common)
289 {
290 	struct rsi_radio_caps *radio_caps;
291 	struct rsi_hw *adapter = common->priv;
292 	u16 inx = 0;
293 	u8 ii;
294 	u8 radio_id = 0;
295 	u16 gc[20] = {0xf0, 0xf0, 0xf0, 0xf0,
296 		      0xf0, 0xf0, 0xf0, 0xf0,
297 		      0xf0, 0xf0, 0xf0, 0xf0,
298 		      0xf0, 0xf0, 0xf0, 0xf0,
299 		      0xf0, 0xf0, 0xf0, 0xf0};
300 	struct sk_buff *skb;
301 
302 	rsi_dbg(INFO_ZONE, "%s: Sending rate symbol req frame\n", __func__);
303 
304 	skb = dev_alloc_skb(sizeof(struct rsi_radio_caps));
305 
306 	if (!skb) {
307 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
308 			__func__);
309 		return -ENOMEM;
310 	}
311 
312 	memset(skb->data, 0, sizeof(struct rsi_radio_caps));
313 	radio_caps = (struct rsi_radio_caps *)skb->data;
314 
315 	radio_caps->desc_word[1] = cpu_to_le16(RADIO_CAPABILITIES);
316 	radio_caps->desc_word[4] = cpu_to_le16(RSI_RF_TYPE << 8);
317 
318 	if (common->channel_width == BW_40MHZ) {
319 		radio_caps->desc_word[7] |= cpu_to_le16(RSI_LMAC_CLOCK_80MHZ);
320 		radio_caps->desc_word[7] |= cpu_to_le16(RSI_ENABLE_40MHZ);
321 
322 		if (common->fsm_state == FSM_MAC_INIT_DONE) {
323 			struct ieee80211_hw *hw = adapter->hw;
324 			struct ieee80211_conf *conf = &hw->conf;
325 			if (conf_is_ht40_plus(conf)) {
326 				radio_caps->desc_word[5] =
327 					cpu_to_le16(LOWER_20_ENABLE);
328 				radio_caps->desc_word[5] |=
329 					cpu_to_le16(LOWER_20_ENABLE >> 12);
330 			} else if (conf_is_ht40_minus(conf)) {
331 				radio_caps->desc_word[5] =
332 					cpu_to_le16(UPPER_20_ENABLE);
333 				radio_caps->desc_word[5] |=
334 					cpu_to_le16(UPPER_20_ENABLE >> 12);
335 			} else {
336 				radio_caps->desc_word[5] =
337 					cpu_to_le16(BW_40MHZ << 12);
338 				radio_caps->desc_word[5] |=
339 					cpu_to_le16(FULL40M_ENABLE);
340 			}
341 		}
342 	}
343 
344 	radio_caps->sifs_tx_11n = cpu_to_le16(SIFS_TX_11N_VALUE);
345 	radio_caps->sifs_tx_11b = cpu_to_le16(SIFS_TX_11B_VALUE);
346 	radio_caps->slot_rx_11n = cpu_to_le16(SHORT_SLOT_VALUE);
347 	radio_caps->ofdm_ack_tout = cpu_to_le16(OFDM_ACK_TOUT_VALUE);
348 	radio_caps->cck_ack_tout = cpu_to_le16(CCK_ACK_TOUT_VALUE);
349 	radio_caps->preamble_type = cpu_to_le16(LONG_PREAMBLE);
350 
351 	radio_caps->desc_word[7] |= cpu_to_le16(radio_id << 8);
352 
353 	for (ii = 0; ii < MAX_HW_QUEUES; ii++) {
354 		radio_caps->qos_params[ii].cont_win_min_q = cpu_to_le16(3);
355 		radio_caps->qos_params[ii].cont_win_max_q = cpu_to_le16(0x3f);
356 		radio_caps->qos_params[ii].aifsn_val_q = cpu_to_le16(2);
357 		radio_caps->qos_params[ii].txop_q = 0;
358 	}
359 
360 	for (ii = 0; ii < MAX_HW_QUEUES - 4; ii++) {
361 		radio_caps->qos_params[ii].cont_win_min_q =
362 			cpu_to_le16(common->edca_params[ii].cw_min);
363 		radio_caps->qos_params[ii].cont_win_max_q =
364 			cpu_to_le16(common->edca_params[ii].cw_max);
365 		radio_caps->qos_params[ii].aifsn_val_q =
366 			cpu_to_le16((common->edca_params[ii].aifs) << 8);
367 		radio_caps->qos_params[ii].txop_q =
368 			cpu_to_le16(common->edca_params[ii].txop);
369 	}
370 
371 	memcpy(&common->rate_pwr[0], &gc[0], 40);
372 	for (ii = 0; ii < 20; ii++)
373 		radio_caps->gcpd_per_rate[inx++] =
374 			cpu_to_le16(common->rate_pwr[ii]  & 0x00FF);
375 
376 	radio_caps->desc_word[0] = cpu_to_le16((sizeof(struct rsi_radio_caps) -
377 						FRAME_DESC_SZ) |
378 					       (RSI_WIFI_MGMT_Q << 12));
379 
380 
381 	skb_put(skb, (sizeof(struct rsi_radio_caps)));
382 
383 	return rsi_send_internal_mgmt_frame(common, skb);
384 }
385 
386 /**
387  * rsi_mgmt_pkt_to_core() - This function is the entry point for Mgmt module.
388  * @common: Pointer to the driver private structure.
389  * @msg: Pointer to received packet.
390  * @msg_len: Length of the recieved packet.
391  * @type: Type of recieved packet.
392  *
393  * Return: 0 on success, -1 on failure.
394  */
395 static int rsi_mgmt_pkt_to_core(struct rsi_common *common,
396 				u8 *msg,
397 				s32 msg_len,
398 				u8 type)
399 {
400 	struct rsi_hw *adapter = common->priv;
401 	struct ieee80211_tx_info *info;
402 	struct skb_info *rx_params;
403 	u8 pad_bytes = msg[4];
404 	struct sk_buff *skb;
405 
406 	if (type == RX_DOT11_MGMT) {
407 		if (!adapter->sc_nvifs)
408 			return -ENOLINK;
409 
410 		msg_len -= pad_bytes;
411 		if (msg_len <= 0) {
412 			rsi_dbg(MGMT_RX_ZONE,
413 				"%s: Invalid rx msg of len = %d\n",
414 				__func__, msg_len);
415 			return -EINVAL;
416 		}
417 
418 		skb = dev_alloc_skb(msg_len);
419 		if (!skb) {
420 			rsi_dbg(ERR_ZONE, "%s: Failed to allocate skb\n",
421 				__func__);
422 			return -ENOMEM;
423 		}
424 
425 		skb_put_data(skb,
426 			     (u8 *)(msg + FRAME_DESC_SZ + pad_bytes),
427 			     msg_len);
428 
429 		info = IEEE80211_SKB_CB(skb);
430 		rx_params = (struct skb_info *)info->driver_data;
431 		rx_params->rssi = rsi_get_rssi(msg);
432 		rx_params->channel = rsi_get_channel(msg);
433 		rsi_indicate_pkt_to_os(common, skb);
434 	} else {
435 		rsi_dbg(MGMT_TX_ZONE, "%s: Internal Packet\n", __func__);
436 	}
437 
438 	return 0;
439 }
440 
441 /**
442  * rsi_hal_send_sta_notify_frame() - This function sends the station notify
443  *				     frame to firmware.
444  * @common: Pointer to the driver private structure.
445  * @opmode: Operating mode of device.
446  * @notify_event: Notification about station connection.
447  * @bssid: bssid.
448  * @qos_enable: Qos is enabled.
449  * @aid: Aid (unique for all STA).
450  *
451  * Return: status: 0 on success, corresponding negative error code on failure.
452  */
453 static int rsi_hal_send_sta_notify_frame(struct rsi_common *common,
454 					 u8 opmode,
455 					 u8 notify_event,
456 					 const unsigned char *bssid,
457 					 u8 qos_enable,
458 					 u16 aid)
459 {
460 	struct sk_buff *skb = NULL;
461 	struct rsi_peer_notify *peer_notify;
462 	u16 vap_id = 0;
463 	int status;
464 
465 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending sta notify frame\n", __func__);
466 
467 	skb = dev_alloc_skb(sizeof(struct rsi_peer_notify));
468 
469 	if (!skb) {
470 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
471 			__func__);
472 		return -ENOMEM;
473 	}
474 
475 	memset(skb->data, 0, sizeof(struct rsi_peer_notify));
476 	peer_notify = (struct rsi_peer_notify *)skb->data;
477 
478 	peer_notify->command = cpu_to_le16(opmode << 1);
479 
480 	switch (notify_event) {
481 	case STA_CONNECTED:
482 		peer_notify->command |= cpu_to_le16(RSI_ADD_PEER);
483 		break;
484 	case STA_DISCONNECTED:
485 		peer_notify->command |= cpu_to_le16(RSI_DELETE_PEER);
486 		break;
487 	default:
488 		break;
489 	}
490 
491 	peer_notify->command |= cpu_to_le16((aid & 0xfff) << 4);
492 	ether_addr_copy(peer_notify->mac_addr, bssid);
493 
494 	peer_notify->sta_flags = cpu_to_le32((qos_enable) ? 1 : 0);
495 
496 	peer_notify->desc_word[0] =
497 		cpu_to_le16((sizeof(struct rsi_peer_notify) - FRAME_DESC_SZ) |
498 			    (RSI_WIFI_MGMT_Q << 12));
499 	peer_notify->desc_word[1] = cpu_to_le16(PEER_NOTIFY);
500 	peer_notify->desc_word[7] |= cpu_to_le16(vap_id << 8);
501 
502 	skb_put(skb, sizeof(struct rsi_peer_notify));
503 
504 	status = rsi_send_internal_mgmt_frame(common, skb);
505 
506 	if (!status && qos_enable) {
507 		rsi_set_contention_vals(common);
508 		status = rsi_load_radio_caps(common);
509 	}
510 	return status;
511 }
512 
513 /**
514  * rsi_send_aggregation_params_frame() - This function sends the ampdu
515  *					 indication frame to firmware.
516  * @common: Pointer to the driver private structure.
517  * @tid: traffic identifier.
518  * @ssn: ssn.
519  * @buf_size: buffer size.
520  * @event: notification about station connection.
521  *
522  * Return: 0 on success, corresponding negative error code on failure.
523  */
524 int rsi_send_aggregation_params_frame(struct rsi_common *common,
525 				      u16 tid,
526 				      u16 ssn,
527 				      u8 buf_size,
528 				      u8 event)
529 {
530 	struct sk_buff *skb = NULL;
531 	struct rsi_mac_frame *mgmt_frame;
532 	u8 peer_id = 0;
533 
534 	skb = dev_alloc_skb(FRAME_DESC_SZ);
535 
536 	if (!skb) {
537 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
538 			__func__);
539 		return -ENOMEM;
540 	}
541 
542 	memset(skb->data, 0, FRAME_DESC_SZ);
543 	mgmt_frame = (struct rsi_mac_frame *)skb->data;
544 
545 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending AMPDU indication frame\n", __func__);
546 
547 	mgmt_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
548 	mgmt_frame->desc_word[1] = cpu_to_le16(AMPDU_IND);
549 
550 	if (event == STA_TX_ADDBA_DONE) {
551 		mgmt_frame->desc_word[4] = cpu_to_le16(ssn);
552 		mgmt_frame->desc_word[5] = cpu_to_le16(buf_size);
553 		mgmt_frame->desc_word[7] =
554 		cpu_to_le16((tid | (START_AMPDU_AGGR << 4) | (peer_id << 8)));
555 	} else if (event == STA_RX_ADDBA_DONE) {
556 		mgmt_frame->desc_word[4] = cpu_to_le16(ssn);
557 		mgmt_frame->desc_word[7] = cpu_to_le16(tid |
558 						       (START_AMPDU_AGGR << 4) |
559 						       (RX_BA_INDICATION << 5) |
560 						       (peer_id << 8));
561 	} else if (event == STA_TX_DELBA) {
562 		mgmt_frame->desc_word[7] = cpu_to_le16(tid |
563 						       (STOP_AMPDU_AGGR << 4) |
564 						       (peer_id << 8));
565 	} else if (event == STA_RX_DELBA) {
566 		mgmt_frame->desc_word[7] = cpu_to_le16(tid |
567 						       (STOP_AMPDU_AGGR << 4) |
568 						       (RX_BA_INDICATION << 5) |
569 						       (peer_id << 8));
570 	}
571 
572 	skb_put(skb, FRAME_DESC_SZ);
573 
574 	return rsi_send_internal_mgmt_frame(common, skb);
575 }
576 
577 /**
578  * rsi_program_bb_rf() - This function starts base band and RF programming.
579  *			 This is called after initial configurations are done.
580  * @common: Pointer to the driver private structure.
581  *
582  * Return: 0 on success, corresponding negative error code on failure.
583  */
584 static int rsi_program_bb_rf(struct rsi_common *common)
585 {
586 	struct sk_buff *skb;
587 	struct rsi_mac_frame *mgmt_frame;
588 
589 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending program BB/RF frame\n", __func__);
590 
591 	skb = dev_alloc_skb(FRAME_DESC_SZ);
592 	if (!skb) {
593 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
594 			__func__);
595 		return -ENOMEM;
596 	}
597 
598 	memset(skb->data, 0, FRAME_DESC_SZ);
599 	mgmt_frame = (struct rsi_mac_frame *)skb->data;
600 
601 	mgmt_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
602 	mgmt_frame->desc_word[1] = cpu_to_le16(BBP_PROG_IN_TA);
603 	mgmt_frame->desc_word[4] = cpu_to_le16(common->endpoint);
604 
605 	if (common->rf_reset) {
606 		mgmt_frame->desc_word[7] =  cpu_to_le16(RF_RESET_ENABLE);
607 		rsi_dbg(MGMT_TX_ZONE, "%s: ===> RF RESET REQUEST SENT <===\n",
608 			__func__);
609 		common->rf_reset = 0;
610 	}
611 	common->bb_rf_prog_count = 1;
612 	mgmt_frame->desc_word[7] |= cpu_to_le16(PUT_BBP_RESET |
613 				     BBP_REG_WRITE | (RSI_RF_TYPE << 4));
614 	skb_put(skb, FRAME_DESC_SZ);
615 
616 	return rsi_send_internal_mgmt_frame(common, skb);
617 }
618 
619 /**
620  * rsi_set_vap_capabilities() - This function send vap capability to firmware.
621  * @common: Pointer to the driver private structure.
622  * @opmode: Operating mode of device.
623  *
624  * Return: 0 on success, corresponding negative error code on failure.
625  */
626 int rsi_set_vap_capabilities(struct rsi_common *common,
627 			     enum opmode mode,
628 			     u8 vap_status)
629 {
630 	struct sk_buff *skb = NULL;
631 	struct rsi_vap_caps *vap_caps;
632 	struct rsi_hw *adapter = common->priv;
633 	struct ieee80211_hw *hw = adapter->hw;
634 	struct ieee80211_conf *conf = &hw->conf;
635 	u16 vap_id = 0;
636 
637 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending VAP capabilities frame\n", __func__);
638 
639 	skb = dev_alloc_skb(sizeof(struct rsi_vap_caps));
640 	if (!skb) {
641 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
642 			__func__);
643 		return -ENOMEM;
644 	}
645 
646 	memset(skb->data, 0, sizeof(struct rsi_vap_caps));
647 	vap_caps = (struct rsi_vap_caps *)skb->data;
648 
649 	vap_caps->desc_word[0] = cpu_to_le16((sizeof(struct rsi_vap_caps) -
650 					     FRAME_DESC_SZ) |
651 					     (RSI_WIFI_MGMT_Q << 12));
652 	vap_caps->desc_word[1] = cpu_to_le16(VAP_CAPABILITIES);
653 	vap_caps->desc_word[2] = cpu_to_le16(vap_status << 8);
654 	vap_caps->desc_word[4] = cpu_to_le16(mode |
655 					     (common->channel_width << 8));
656 	vap_caps->desc_word[7] = cpu_to_le16((vap_id << 8) |
657 					     (common->mac_id << 4) |
658 					     common->radio_id);
659 
660 	memcpy(vap_caps->mac_addr, common->mac_addr, IEEE80211_ADDR_LEN);
661 	vap_caps->keep_alive_period = cpu_to_le16(90);
662 	vap_caps->frag_threshold = cpu_to_le16(IEEE80211_MAX_FRAG_THRESHOLD);
663 
664 	vap_caps->rts_threshold = cpu_to_le16(common->rts_threshold);
665 	vap_caps->default_mgmt_rate = cpu_to_le32(RSI_RATE_6);
666 
667 	if (common->band == NL80211_BAND_5GHZ) {
668 		vap_caps->default_ctrl_rate = cpu_to_le32(RSI_RATE_6);
669 		if (conf_is_ht40(&common->priv->hw->conf)) {
670 			vap_caps->default_ctrl_rate |=
671 				cpu_to_le32(FULL40M_ENABLE << 16);
672 		}
673 	} else {
674 		vap_caps->default_ctrl_rate = cpu_to_le32(RSI_RATE_1);
675 		if (conf_is_ht40_minus(conf))
676 			vap_caps->default_ctrl_rate |=
677 				cpu_to_le32(UPPER_20_ENABLE << 16);
678 		else if (conf_is_ht40_plus(conf))
679 			vap_caps->default_ctrl_rate |=
680 				cpu_to_le32(LOWER_20_ENABLE << 16);
681 	}
682 
683 	vap_caps->default_data_rate = 0;
684 	vap_caps->beacon_interval = cpu_to_le16(200);
685 	vap_caps->dtim_period = cpu_to_le16(4);
686 
687 	skb_put(skb, sizeof(*vap_caps));
688 
689 	return rsi_send_internal_mgmt_frame(common, skb);
690 }
691 
692 /**
693  * rsi_hal_load_key() - This function is used to load keys within the firmware.
694  * @common: Pointer to the driver private structure.
695  * @data: Pointer to the key data.
696  * @key_len: Key length to be loaded.
697  * @key_type: Type of key: GROUP/PAIRWISE.
698  * @key_id: Key index.
699  * @cipher: Type of cipher used.
700  *
701  * Return: 0 on success, -1 on failure.
702  */
703 int rsi_hal_load_key(struct rsi_common *common,
704 		     u8 *data,
705 		     u16 key_len,
706 		     u8 key_type,
707 		     u8 key_id,
708 		     u32 cipher)
709 {
710 	struct sk_buff *skb = NULL;
711 	struct rsi_set_key *set_key;
712 	u16 key_descriptor = 0;
713 
714 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending load key frame\n", __func__);
715 
716 	skb = dev_alloc_skb(sizeof(struct rsi_set_key));
717 	if (!skb) {
718 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
719 			__func__);
720 		return -ENOMEM;
721 	}
722 
723 	memset(skb->data, 0, sizeof(struct rsi_set_key));
724 	set_key = (struct rsi_set_key *)skb->data;
725 
726 	if ((cipher == WLAN_CIPHER_SUITE_WEP40) ||
727 	    (cipher == WLAN_CIPHER_SUITE_WEP104)) {
728 		key_len += 1;
729 		key_descriptor |= BIT(2);
730 		if (key_len >= 13)
731 			key_descriptor |= BIT(3);
732 	} else if (cipher != KEY_TYPE_CLEAR) {
733 		key_descriptor |= BIT(4);
734 		if (key_type == RSI_PAIRWISE_KEY)
735 			key_id = 0;
736 		if (cipher == WLAN_CIPHER_SUITE_TKIP)
737 			key_descriptor |= BIT(5);
738 	}
739 	key_descriptor |= (key_type | BIT(13) | (key_id << 14));
740 
741 	set_key->desc_word[0] = cpu_to_le16((sizeof(struct rsi_set_key) -
742 					    FRAME_DESC_SZ) |
743 					    (RSI_WIFI_MGMT_Q << 12));
744 	set_key->desc_word[1] = cpu_to_le16(SET_KEY_REQ);
745 	set_key->desc_word[4] = cpu_to_le16(key_descriptor);
746 
747 	if ((cipher == WLAN_CIPHER_SUITE_WEP40) ||
748 	    (cipher == WLAN_CIPHER_SUITE_WEP104)) {
749 		memcpy(&set_key->key[key_id][1],
750 		       data,
751 		       key_len * 2);
752 	} else {
753 		memcpy(&set_key->key[0][0], data, key_len);
754 	}
755 
756 	memcpy(set_key->tx_mic_key, &data[16], 8);
757 	memcpy(set_key->rx_mic_key, &data[24], 8);
758 
759 	skb_put(skb, sizeof(struct rsi_set_key));
760 
761 	return rsi_send_internal_mgmt_frame(common, skb);
762 }
763 
764 /*
765  * This function sends the common device configuration parameters to device.
766  * This frame includes the useful information to make device works on
767  * specific operating mode.
768  */
769 static int rsi_send_common_dev_params(struct rsi_common *common)
770 {
771 	struct sk_buff *skb;
772 	u16 frame_len;
773 	struct rsi_config_vals *dev_cfgs;
774 
775 	frame_len = sizeof(struct rsi_config_vals);
776 
777 	rsi_dbg(MGMT_TX_ZONE, "Sending common device config params\n");
778 	skb = dev_alloc_skb(frame_len);
779 	if (!skb) {
780 		rsi_dbg(ERR_ZONE, "%s: Unable to allocate skb\n", __func__);
781 		return -ENOMEM;
782 	}
783 
784 	memset(skb->data, 0, frame_len);
785 
786 	dev_cfgs = (struct rsi_config_vals *)skb->data;
787 	memset(dev_cfgs, 0, (sizeof(struct rsi_config_vals)));
788 
789 	rsi_set_len_qno(&dev_cfgs->len_qno, (frame_len - FRAME_DESC_SZ),
790 			RSI_COEX_Q);
791 	dev_cfgs->pkt_type = COMMON_DEV_CONFIG;
792 
793 	dev_cfgs->lp_ps_handshake = common->lp_ps_handshake_mode;
794 	dev_cfgs->ulp_ps_handshake = common->ulp_ps_handshake_mode;
795 
796 	dev_cfgs->unused_ulp_gpio = RSI_UNUSED_ULP_GPIO_BITMAP;
797 	dev_cfgs->unused_soc_gpio_bitmap =
798 				cpu_to_le32(RSI_UNUSED_SOC_GPIO_BITMAP);
799 
800 	dev_cfgs->opermode = common->oper_mode;
801 	dev_cfgs->wlan_rf_pwr_mode = common->wlan_rf_power_mode;
802 	dev_cfgs->driver_mode = common->driver_mode;
803 	dev_cfgs->region_code = NL80211_DFS_FCC;
804 	dev_cfgs->antenna_sel_val = common->obm_ant_sel_val;
805 
806 	skb_put(skb, frame_len);
807 
808 	return rsi_send_internal_mgmt_frame(common, skb);
809 }
810 
811 /*
812  * rsi_load_bootup_params() - This function send bootup params to the firmware.
813  * @common: Pointer to the driver private structure.
814  *
815  * Return: 0 on success, corresponding error code on failure.
816  */
817 static int rsi_load_bootup_params(struct rsi_common *common)
818 {
819 	struct sk_buff *skb;
820 	struct rsi_boot_params *boot_params;
821 
822 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending boot params frame\n", __func__);
823 	skb = dev_alloc_skb(sizeof(struct rsi_boot_params));
824 	if (!skb) {
825 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
826 			__func__);
827 		return -ENOMEM;
828 	}
829 
830 	memset(skb->data, 0, sizeof(struct rsi_boot_params));
831 	boot_params = (struct rsi_boot_params *)skb->data;
832 
833 	rsi_dbg(MGMT_TX_ZONE, "%s:\n", __func__);
834 
835 	if (common->channel_width == BW_40MHZ) {
836 		memcpy(&boot_params->bootup_params,
837 		       &boot_params_40,
838 		       sizeof(struct bootup_params));
839 		rsi_dbg(MGMT_TX_ZONE, "%s: Packet 40MHZ <=== %d\n", __func__,
840 			UMAC_CLK_40BW);
841 		boot_params->desc_word[7] = cpu_to_le16(UMAC_CLK_40BW);
842 	} else {
843 		memcpy(&boot_params->bootup_params,
844 		       &boot_params_20,
845 		       sizeof(struct bootup_params));
846 		if (boot_params_20.valid != cpu_to_le32(VALID_20)) {
847 			boot_params->desc_word[7] = cpu_to_le16(UMAC_CLK_20BW);
848 			rsi_dbg(MGMT_TX_ZONE,
849 				"%s: Packet 20MHZ <=== %d\n", __func__,
850 				UMAC_CLK_20BW);
851 		} else {
852 			boot_params->desc_word[7] = cpu_to_le16(UMAC_CLK_40MHZ);
853 			rsi_dbg(MGMT_TX_ZONE,
854 				"%s: Packet 20MHZ <=== %d\n", __func__,
855 				UMAC_CLK_40MHZ);
856 		}
857 	}
858 
859 	/**
860 	 * Bit{0:11} indicates length of the Packet
861 	 * Bit{12:15} indicates host queue number
862 	 */
863 	boot_params->desc_word[0] = cpu_to_le16(sizeof(struct bootup_params) |
864 				    (RSI_WIFI_MGMT_Q << 12));
865 	boot_params->desc_word[1] = cpu_to_le16(BOOTUP_PARAMS_REQUEST);
866 
867 	skb_put(skb, sizeof(struct rsi_boot_params));
868 
869 	return rsi_send_internal_mgmt_frame(common, skb);
870 }
871 
872 /**
873  * rsi_send_reset_mac() - This function prepares reset MAC request and sends an
874  *			  internal management frame to indicate it to firmware.
875  * @common: Pointer to the driver private structure.
876  *
877  * Return: 0 on success, corresponding error code on failure.
878  */
879 static int rsi_send_reset_mac(struct rsi_common *common)
880 {
881 	struct sk_buff *skb;
882 	struct rsi_mac_frame *mgmt_frame;
883 
884 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending reset MAC frame\n", __func__);
885 
886 	skb = dev_alloc_skb(FRAME_DESC_SZ);
887 	if (!skb) {
888 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
889 			__func__);
890 		return -ENOMEM;
891 	}
892 
893 	memset(skb->data, 0, FRAME_DESC_SZ);
894 	mgmt_frame = (struct rsi_mac_frame *)skb->data;
895 
896 	mgmt_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
897 	mgmt_frame->desc_word[1] = cpu_to_le16(RESET_MAC_REQ);
898 	mgmt_frame->desc_word[4] = cpu_to_le16(RETRY_COUNT << 8);
899 
900 	skb_put(skb, FRAME_DESC_SZ);
901 
902 	return rsi_send_internal_mgmt_frame(common, skb);
903 }
904 
905 /**
906  * rsi_band_check() - This function programs the band
907  * @common: Pointer to the driver private structure.
908  *
909  * Return: 0 on success, corresponding error code on failure.
910  */
911 int rsi_band_check(struct rsi_common *common)
912 {
913 	struct rsi_hw *adapter = common->priv;
914 	struct ieee80211_hw *hw = adapter->hw;
915 	u8 prev_bw = common->channel_width;
916 	u8 prev_ep = common->endpoint;
917 	struct ieee80211_channel *curchan = hw->conf.chandef.chan;
918 	int status = 0;
919 
920 	if (common->band != curchan->band) {
921 		common->rf_reset = 1;
922 		common->band = curchan->band;
923 	}
924 
925 	if ((hw->conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT) ||
926 	    (hw->conf.chandef.width == NL80211_CHAN_WIDTH_20))
927 		common->channel_width = BW_20MHZ;
928 	else
929 		common->channel_width = BW_40MHZ;
930 
931 	if (common->band == NL80211_BAND_2GHZ) {
932 		if (common->channel_width)
933 			common->endpoint = EP_2GHZ_40MHZ;
934 		else
935 			common->endpoint = EP_2GHZ_20MHZ;
936 	} else {
937 		if (common->channel_width)
938 			common->endpoint = EP_5GHZ_40MHZ;
939 		else
940 			common->endpoint = EP_5GHZ_20MHZ;
941 	}
942 
943 	if (common->endpoint != prev_ep) {
944 		status = rsi_program_bb_rf(common);
945 		if (status)
946 			return status;
947 	}
948 
949 	if (common->channel_width != prev_bw) {
950 		status = rsi_load_bootup_params(common);
951 		if (status)
952 			return status;
953 
954 		status = rsi_load_radio_caps(common);
955 		if (status)
956 			return status;
957 	}
958 
959 	return status;
960 }
961 
962 /**
963  * rsi_set_channel() - This function programs the channel.
964  * @common: Pointer to the driver private structure.
965  * @channel: Channel value to be set.
966  *
967  * Return: 0 on success, corresponding error code on failure.
968  */
969 int rsi_set_channel(struct rsi_common *common,
970 		    struct ieee80211_channel *channel)
971 {
972 	struct sk_buff *skb = NULL;
973 	struct rsi_mac_frame *mgmt_frame;
974 
975 	rsi_dbg(MGMT_TX_ZONE,
976 		"%s: Sending scan req frame\n", __func__);
977 
978 	skb = dev_alloc_skb(FRAME_DESC_SZ);
979 	if (!skb) {
980 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
981 			__func__);
982 		return -ENOMEM;
983 	}
984 
985 	if (!channel) {
986 		dev_kfree_skb(skb);
987 		return 0;
988 	}
989 	memset(skb->data, 0, FRAME_DESC_SZ);
990 	mgmt_frame = (struct rsi_mac_frame *)skb->data;
991 
992 	mgmt_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
993 	mgmt_frame->desc_word[1] = cpu_to_le16(SCAN_REQUEST);
994 	mgmt_frame->desc_word[4] = cpu_to_le16(channel->hw_value);
995 
996 	mgmt_frame->desc_word[4] |=
997 		cpu_to_le16(((char)(channel->max_antenna_gain)) << 8);
998 	mgmt_frame->desc_word[5] =
999 		cpu_to_le16((char)(channel->max_antenna_gain));
1000 
1001 	mgmt_frame->desc_word[7] = cpu_to_le16(PUT_BBP_RESET |
1002 					       BBP_REG_WRITE |
1003 					       (RSI_RF_TYPE << 4));
1004 
1005 	if (!(channel->flags & IEEE80211_CHAN_NO_IR) &&
1006 	       !(channel->flags & IEEE80211_CHAN_RADAR)) {
1007 		if (common->tx_power < channel->max_power)
1008 			mgmt_frame->desc_word[6] = cpu_to_le16(common->tx_power);
1009 		else
1010 			mgmt_frame->desc_word[6] = cpu_to_le16(channel->max_power);
1011 	}
1012 	mgmt_frame->desc_word[7] = cpu_to_le16(common->priv->dfs_region);
1013 
1014 	if (common->channel_width == BW_40MHZ)
1015 		mgmt_frame->desc_word[5] |= cpu_to_le16(0x1 << 8);
1016 
1017 	common->channel = channel->hw_value;
1018 
1019 	skb_put(skb, FRAME_DESC_SZ);
1020 
1021 	return rsi_send_internal_mgmt_frame(common, skb);
1022 }
1023 
1024 /**
1025  * rsi_send_radio_params_update() - This function sends the radio
1026  *				parameters update to device
1027  * @common: Pointer to the driver private structure.
1028  * @channel: Channel value to be set.
1029  *
1030  * Return: 0 on success, corresponding error code on failure.
1031  */
1032 int rsi_send_radio_params_update(struct rsi_common *common)
1033 {
1034 	struct rsi_mac_frame *cmd_frame;
1035 	struct sk_buff *skb = NULL;
1036 
1037 	rsi_dbg(MGMT_TX_ZONE,
1038 		"%s: Sending Radio Params update frame\n", __func__);
1039 
1040 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1041 	if (!skb) {
1042 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1043 			__func__);
1044 		return -ENOMEM;
1045 	}
1046 
1047 	memset(skb->data, 0, FRAME_DESC_SZ);
1048 	cmd_frame = (struct rsi_mac_frame *)skb->data;
1049 
1050 	cmd_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
1051 	cmd_frame->desc_word[1] = cpu_to_le16(RADIO_PARAMS_UPDATE);
1052 	cmd_frame->desc_word[3] = cpu_to_le16(BIT(0));
1053 
1054 	cmd_frame->desc_word[3] |= cpu_to_le16(common->tx_power << 8);
1055 
1056 	skb_put(skb, FRAME_DESC_SZ);
1057 
1058 	return rsi_send_internal_mgmt_frame(common, skb);
1059 }
1060 
1061 /**
1062  * rsi_compare() - This function is used to compare two integers
1063  * @a: pointer to the first integer
1064  * @b: pointer to the second integer
1065  *
1066  * Return: 0 if both are equal, -1 if the first is smaller, else 1
1067  */
1068 static int rsi_compare(const void *a, const void *b)
1069 {
1070 	u16 _a = *(const u16 *)(a);
1071 	u16 _b = *(const u16 *)(b);
1072 
1073 	if (_a > _b)
1074 		return -1;
1075 
1076 	if (_a < _b)
1077 		return 1;
1078 
1079 	return 0;
1080 }
1081 
1082 /**
1083  * rsi_map_rates() - This function is used to map selected rates to hw rates.
1084  * @rate: The standard rate to be mapped.
1085  * @offset: Offset that will be returned.
1086  *
1087  * Return: 0 if it is a mcs rate, else 1
1088  */
1089 static bool rsi_map_rates(u16 rate, int *offset)
1090 {
1091 	int kk;
1092 	for (kk = 0; kk < ARRAY_SIZE(rsi_mcsrates); kk++) {
1093 		if (rate == mcs[kk]) {
1094 			*offset = kk;
1095 			return false;
1096 		}
1097 	}
1098 
1099 	for (kk = 0; kk < ARRAY_SIZE(rsi_rates); kk++) {
1100 		if (rate == rsi_rates[kk].bitrate / 5) {
1101 			*offset = kk;
1102 			break;
1103 		}
1104 	}
1105 	return true;
1106 }
1107 
1108 /**
1109  * rsi_send_auto_rate_request() - This function is to set rates for connection
1110  *				  and send autorate request to firmware.
1111  * @common: Pointer to the driver private structure.
1112  *
1113  * Return: 0 on success, corresponding error code on failure.
1114  */
1115 static int rsi_send_auto_rate_request(struct rsi_common *common)
1116 {
1117 	struct sk_buff *skb;
1118 	struct rsi_auto_rate *auto_rate;
1119 	int ii = 0, jj = 0, kk = 0;
1120 	struct ieee80211_hw *hw = common->priv->hw;
1121 	u8 band = hw->conf.chandef.chan->band;
1122 	u8 num_supported_rates = 0;
1123 	u8 rate_table_offset, rate_offset = 0;
1124 	u32 rate_bitmap = common->bitrate_mask[band];
1125 
1126 	u16 *selected_rates, min_rate;
1127 
1128 	skb = dev_alloc_skb(sizeof(struct rsi_auto_rate));
1129 	if (!skb) {
1130 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1131 			__func__);
1132 		return -ENOMEM;
1133 	}
1134 
1135 	selected_rates = kzalloc(2 * RSI_TBL_SZ, GFP_KERNEL);
1136 	if (!selected_rates) {
1137 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of mem\n",
1138 			__func__);
1139 		dev_kfree_skb(skb);
1140 		return -ENOMEM;
1141 	}
1142 
1143 	memset(skb->data, 0, sizeof(struct rsi_auto_rate));
1144 
1145 	auto_rate = (struct rsi_auto_rate *)skb->data;
1146 
1147 	auto_rate->aarf_rssi = cpu_to_le16(((u16)3 << 6) | (u16)(18 & 0x3f));
1148 	auto_rate->collision_tolerance = cpu_to_le16(3);
1149 	auto_rate->failure_limit = cpu_to_le16(3);
1150 	auto_rate->initial_boundary = cpu_to_le16(3);
1151 	auto_rate->max_threshold_limt = cpu_to_le16(27);
1152 
1153 	auto_rate->desc_word[1] = cpu_to_le16(AUTO_RATE_IND);
1154 
1155 	if (common->channel_width == BW_40MHZ)
1156 		auto_rate->desc_word[7] |= cpu_to_le16(1);
1157 
1158 	if (band == NL80211_BAND_2GHZ) {
1159 		min_rate = RSI_RATE_1;
1160 		rate_table_offset = 0;
1161 	} else {
1162 		min_rate = RSI_RATE_6;
1163 		rate_table_offset = 4;
1164 	}
1165 
1166 	for (ii = 0, jj = 0;
1167 	     ii < (ARRAY_SIZE(rsi_rates) - rate_table_offset); ii++) {
1168 		if (rate_bitmap & BIT(ii)) {
1169 			selected_rates[jj++] =
1170 			(rsi_rates[ii + rate_table_offset].bitrate / 5);
1171 			rate_offset++;
1172 		}
1173 	}
1174 	num_supported_rates = jj;
1175 
1176 	if (common->vif_info[0].is_ht) {
1177 		for (ii = 0; ii < ARRAY_SIZE(mcs); ii++)
1178 			selected_rates[jj++] = mcs[ii];
1179 		num_supported_rates += ARRAY_SIZE(mcs);
1180 		rate_offset += ARRAY_SIZE(mcs);
1181 	}
1182 
1183 	sort(selected_rates, jj, sizeof(u16), &rsi_compare, NULL);
1184 
1185 	/* mapping the rates to RSI rates */
1186 	for (ii = 0; ii < jj; ii++) {
1187 		if (rsi_map_rates(selected_rates[ii], &kk)) {
1188 			auto_rate->supported_rates[ii] =
1189 				cpu_to_le16(rsi_rates[kk].hw_value);
1190 		} else {
1191 			auto_rate->supported_rates[ii] =
1192 				cpu_to_le16(rsi_mcsrates[kk]);
1193 		}
1194 	}
1195 
1196 	/* loading HT rates in the bottom half of the auto rate table */
1197 	if (common->vif_info[0].is_ht) {
1198 		for (ii = rate_offset, kk = ARRAY_SIZE(rsi_mcsrates) - 1;
1199 		     ii < rate_offset + 2 * ARRAY_SIZE(rsi_mcsrates); ii++) {
1200 			if (common->vif_info[0].sgi ||
1201 			    conf_is_ht40(&common->priv->hw->conf))
1202 				auto_rate->supported_rates[ii++] =
1203 					cpu_to_le16(rsi_mcsrates[kk] | BIT(9));
1204 			auto_rate->supported_rates[ii] =
1205 				cpu_to_le16(rsi_mcsrates[kk--]);
1206 		}
1207 
1208 		for (; ii < (RSI_TBL_SZ - 1); ii++) {
1209 			auto_rate->supported_rates[ii] =
1210 				cpu_to_le16(rsi_mcsrates[0]);
1211 		}
1212 	}
1213 
1214 	for (; ii < RSI_TBL_SZ; ii++)
1215 		auto_rate->supported_rates[ii] = cpu_to_le16(min_rate);
1216 
1217 	auto_rate->num_supported_rates = cpu_to_le16(num_supported_rates * 2);
1218 	auto_rate->moderate_rate_inx = cpu_to_le16(num_supported_rates / 2);
1219 	auto_rate->desc_word[7] |= cpu_to_le16(0 << 8);
1220 	num_supported_rates *= 2;
1221 
1222 	auto_rate->desc_word[0] = cpu_to_le16((sizeof(*auto_rate) -
1223 					       FRAME_DESC_SZ) |
1224 					       (RSI_WIFI_MGMT_Q << 12));
1225 
1226 	skb_put(skb,
1227 		sizeof(struct rsi_auto_rate));
1228 	kfree(selected_rates);
1229 
1230 	return rsi_send_internal_mgmt_frame(common, skb);
1231 }
1232 
1233 /**
1234  * rsi_inform_bss_status() - This function informs about bss status with the
1235  *			     help of sta notify params by sending an internal
1236  *			     management frame to firmware.
1237  * @common: Pointer to the driver private structure.
1238  * @status: Bss status type.
1239  * @bssid: Bssid.
1240  * @qos_enable: Qos is enabled.
1241  * @aid: Aid (unique for all STAs).
1242  *
1243  * Return: None.
1244  */
1245 void rsi_inform_bss_status(struct rsi_common *common,
1246 			   u8 status,
1247 			   const unsigned char *bssid,
1248 			   u8 qos_enable,
1249 			   u16 aid)
1250 {
1251 	if (status) {
1252 		rsi_hal_send_sta_notify_frame(common,
1253 					      RSI_IFTYPE_STATION,
1254 					      STA_CONNECTED,
1255 					      bssid,
1256 					      qos_enable,
1257 					      aid);
1258 		if (common->min_rate == 0xffff)
1259 			rsi_send_auto_rate_request(common);
1260 	} else {
1261 		rsi_hal_send_sta_notify_frame(common,
1262 					      RSI_IFTYPE_STATION,
1263 					      STA_DISCONNECTED,
1264 					      bssid,
1265 					      qos_enable,
1266 					      aid);
1267 	}
1268 }
1269 
1270 /**
1271  * rsi_eeprom_read() - This function sends a frame to read the mac address
1272  *		       from the eeprom.
1273  * @common: Pointer to the driver private structure.
1274  *
1275  * Return: 0 on success, -1 on failure.
1276  */
1277 static int rsi_eeprom_read(struct rsi_common *common)
1278 {
1279 	struct rsi_mac_frame *mgmt_frame;
1280 	struct sk_buff *skb;
1281 
1282 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending EEPROM read req frame\n", __func__);
1283 
1284 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1285 	if (!skb) {
1286 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1287 			__func__);
1288 		return -ENOMEM;
1289 	}
1290 
1291 	memset(skb->data, 0, FRAME_DESC_SZ);
1292 	mgmt_frame = (struct rsi_mac_frame *)skb->data;
1293 
1294 	/* FrameType */
1295 	mgmt_frame->desc_word[1] = cpu_to_le16(EEPROM_READ_TYPE);
1296 	mgmt_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
1297 	/* Number of bytes to read */
1298 	mgmt_frame->desc_word[3] = cpu_to_le16(ETH_ALEN +
1299 					       WLAN_MAC_MAGIC_WORD_LEN +
1300 					       WLAN_HOST_MODE_LEN +
1301 					       WLAN_FW_VERSION_LEN);
1302 	/* Address to read */
1303 	mgmt_frame->desc_word[4] = cpu_to_le16(WLAN_MAC_EEPROM_ADDR);
1304 
1305 	skb_put(skb, FRAME_DESC_SZ);
1306 
1307 	return rsi_send_internal_mgmt_frame(common, skb);
1308 }
1309 
1310 /**
1311  * This function sends a frame to block/unblock
1312  * data queues in the firmware
1313  *
1314  * @param common Pointer to the driver private structure.
1315  * @param block event - block if true, unblock if false
1316  * @return 0 on success, -1 on failure.
1317  */
1318 int rsi_send_block_unblock_frame(struct rsi_common *common, bool block_event)
1319 {
1320 	struct rsi_mac_frame *mgmt_frame;
1321 	struct sk_buff *skb;
1322 
1323 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending block/unblock frame\n", __func__);
1324 
1325 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1326 	if (!skb) {
1327 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1328 			__func__);
1329 		return -ENOMEM;
1330 	}
1331 
1332 	memset(skb->data, 0, FRAME_DESC_SZ);
1333 	mgmt_frame = (struct rsi_mac_frame *)skb->data;
1334 
1335 	mgmt_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
1336 	mgmt_frame->desc_word[1] = cpu_to_le16(BLOCK_HW_QUEUE);
1337 
1338 	if (block_event) {
1339 		rsi_dbg(INFO_ZONE, "blocking the data qs\n");
1340 		mgmt_frame->desc_word[4] = cpu_to_le16(0xf);
1341 	} else {
1342 		rsi_dbg(INFO_ZONE, "unblocking the data qs\n");
1343 		mgmt_frame->desc_word[5] = cpu_to_le16(0xf);
1344 	}
1345 
1346 	skb_put(skb, FRAME_DESC_SZ);
1347 
1348 	return rsi_send_internal_mgmt_frame(common, skb);
1349 
1350 }
1351 
1352 /**
1353  * rsi_send_rx_filter_frame() - Sends a frame to filter the RX packets
1354  *
1355  * @common: Pointer to the driver private structure.
1356  * @rx_filter_word: Flags of filter packets
1357  *
1358  * @Return: 0 on success, -1 on failure.
1359  */
1360 int rsi_send_rx_filter_frame(struct rsi_common *common, u16 rx_filter_word)
1361 {
1362 	struct rsi_mac_frame *cmd_frame;
1363 	struct sk_buff *skb;
1364 
1365 	rsi_dbg(MGMT_TX_ZONE, "Sending RX filter frame\n");
1366 
1367 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1368 	if (!skb) {
1369 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1370 			__func__);
1371 		return -ENOMEM;
1372 	}
1373 
1374 	memset(skb->data, 0, FRAME_DESC_SZ);
1375 	cmd_frame = (struct rsi_mac_frame *)skb->data;
1376 
1377 	cmd_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
1378 	cmd_frame->desc_word[1] = cpu_to_le16(SET_RX_FILTER);
1379 	cmd_frame->desc_word[4] = cpu_to_le16(rx_filter_word);
1380 
1381 	skb_put(skb, FRAME_DESC_SZ);
1382 
1383 	return rsi_send_internal_mgmt_frame(common, skb);
1384 }
1385 
1386 /**
1387  * rsi_set_antenna() - This fuction send antenna configuration request
1388  *		       to device
1389  *
1390  * @common: Pointer to the driver private structure.
1391  * @antenna: bitmap for tx antenna selection
1392  *
1393  * Return: 0 on Success, negative error code on failure
1394  */
1395 int rsi_set_antenna(struct rsi_common *common, u8 antenna)
1396 {
1397 	struct rsi_mac_frame *cmd_frame;
1398 	struct sk_buff *skb;
1399 
1400 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1401 	if (!skb) {
1402 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1403 			__func__);
1404 		return -ENOMEM;
1405 	}
1406 
1407 	memset(skb->data, 0, FRAME_DESC_SZ);
1408 	cmd_frame = (struct rsi_mac_frame *)skb->data;
1409 
1410 	cmd_frame->desc_word[1] = cpu_to_le16(ANT_SEL_FRAME);
1411 	cmd_frame->desc_word[3] = cpu_to_le16(antenna & 0x00ff);
1412 	cmd_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
1413 
1414 	skb_put(skb, FRAME_DESC_SZ);
1415 
1416 	return rsi_send_internal_mgmt_frame(common, skb);
1417 }
1418 
1419 /**
1420  * rsi_handle_ta_confirm_type() - This function handles the confirm frames.
1421  * @common: Pointer to the driver private structure.
1422  * @msg: Pointer to received packet.
1423  *
1424  * Return: 0 on success, -1 on failure.
1425  */
1426 static int rsi_handle_ta_confirm_type(struct rsi_common *common,
1427 				      u8 *msg)
1428 {
1429 	u8 sub_type = (msg[15] & 0xff);
1430 
1431 	switch (sub_type) {
1432 	case BOOTUP_PARAMS_REQUEST:
1433 		rsi_dbg(FSM_ZONE, "%s: Boot up params confirm received\n",
1434 			__func__);
1435 		if (common->fsm_state == FSM_BOOT_PARAMS_SENT) {
1436 			if (rsi_eeprom_read(common)) {
1437 				common->fsm_state = FSM_CARD_NOT_READY;
1438 				goto out;
1439 			} else {
1440 				common->fsm_state = FSM_EEPROM_READ_MAC_ADDR;
1441 			}
1442 		} else {
1443 			rsi_dbg(INFO_ZONE,
1444 				"%s: Received bootup params cfm in %d state\n",
1445 				 __func__, common->fsm_state);
1446 			return 0;
1447 		}
1448 		break;
1449 
1450 	case EEPROM_READ_TYPE:
1451 		if (common->fsm_state == FSM_EEPROM_READ_MAC_ADDR) {
1452 			if (msg[16] == MAGIC_WORD) {
1453 				u8 offset = (FRAME_DESC_SZ + WLAN_HOST_MODE_LEN
1454 					     + WLAN_MAC_MAGIC_WORD_LEN);
1455 				memcpy(common->mac_addr,
1456 				       &msg[offset],
1457 				       ETH_ALEN);
1458 				memcpy(&common->fw_ver,
1459 				       &msg[offset + ETH_ALEN],
1460 				       sizeof(struct version_info));
1461 
1462 			} else {
1463 				common->fsm_state = FSM_CARD_NOT_READY;
1464 				break;
1465 			}
1466 			if (rsi_send_reset_mac(common))
1467 				goto out;
1468 			else
1469 				common->fsm_state = FSM_RESET_MAC_SENT;
1470 		} else {
1471 			rsi_dbg(ERR_ZONE,
1472 				"%s: Received eeprom mac addr in %d state\n",
1473 				__func__, common->fsm_state);
1474 			return 0;
1475 		}
1476 		break;
1477 
1478 	case RESET_MAC_REQ:
1479 		if (common->fsm_state == FSM_RESET_MAC_SENT) {
1480 			rsi_dbg(FSM_ZONE, "%s: Reset MAC cfm received\n",
1481 				__func__);
1482 
1483 			if (rsi_load_radio_caps(common))
1484 				goto out;
1485 			else
1486 				common->fsm_state = FSM_RADIO_CAPS_SENT;
1487 		} else {
1488 			rsi_dbg(ERR_ZONE,
1489 				"%s: Received reset mac cfm in %d state\n",
1490 				 __func__, common->fsm_state);
1491 			return 0;
1492 		}
1493 		break;
1494 
1495 	case RADIO_CAPABILITIES:
1496 		if (common->fsm_state == FSM_RADIO_CAPS_SENT) {
1497 			common->rf_reset = 1;
1498 			if (rsi_program_bb_rf(common)) {
1499 				goto out;
1500 			} else {
1501 				common->fsm_state = FSM_BB_RF_PROG_SENT;
1502 				rsi_dbg(FSM_ZONE, "%s: Radio cap cfm received\n",
1503 					__func__);
1504 			}
1505 		} else {
1506 			rsi_dbg(INFO_ZONE,
1507 				"%s: Received radio caps cfm in %d state\n",
1508 				 __func__, common->fsm_state);
1509 			return 0;
1510 		}
1511 		break;
1512 
1513 	case BB_PROG_VALUES_REQUEST:
1514 	case RF_PROG_VALUES_REQUEST:
1515 	case BBP_PROG_IN_TA:
1516 		rsi_dbg(FSM_ZONE, "%s: BB/RF cfm received\n", __func__);
1517 		if (common->fsm_state == FSM_BB_RF_PROG_SENT) {
1518 			common->bb_rf_prog_count--;
1519 			if (!common->bb_rf_prog_count) {
1520 				common->fsm_state = FSM_MAC_INIT_DONE;
1521 				return rsi_mac80211_attach(common);
1522 			}
1523 		} else {
1524 			rsi_dbg(INFO_ZONE,
1525 				"%s: Received bbb_rf cfm in %d state\n",
1526 				 __func__, common->fsm_state);
1527 			return 0;
1528 		}
1529 		break;
1530 
1531 	default:
1532 		rsi_dbg(INFO_ZONE, "%s: Invalid TA confirm pkt received\n",
1533 			__func__);
1534 		break;
1535 	}
1536 	return 0;
1537 out:
1538 	rsi_dbg(ERR_ZONE, "%s: Unable to send pkt/Invalid frame received\n",
1539 		__func__);
1540 	return -EINVAL;
1541 }
1542 
1543 static int rsi_handle_card_ready(struct rsi_common *common, u8 *msg)
1544 {
1545 	switch (common->fsm_state) {
1546 	case FSM_CARD_NOT_READY:
1547 		rsi_dbg(INIT_ZONE, "Card ready indication from Common HAL\n");
1548 		rsi_set_default_parameters(common);
1549 		if (rsi_send_common_dev_params(common) < 0)
1550 			return -EINVAL;
1551 		common->fsm_state = FSM_COMMON_DEV_PARAMS_SENT;
1552 		break;
1553 	case FSM_COMMON_DEV_PARAMS_SENT:
1554 		rsi_dbg(INIT_ZONE, "Card ready indication from WLAN HAL\n");
1555 
1556 		/* Get usb buffer status register address */
1557 		common->priv->usb_buffer_status_reg = *(u32 *)&msg[8];
1558 		rsi_dbg(INFO_ZONE, "USB buffer status register = %x\n",
1559 			common->priv->usb_buffer_status_reg);
1560 
1561 		if (rsi_load_bootup_params(common)) {
1562 			common->fsm_state = FSM_CARD_NOT_READY;
1563 			return -EINVAL;
1564 		}
1565 		common->fsm_state = FSM_BOOT_PARAMS_SENT;
1566 		break;
1567 	default:
1568 		rsi_dbg(ERR_ZONE,
1569 			"%s: card ready indication in invalid state %d.\n",
1570 			__func__, common->fsm_state);
1571 		return -EINVAL;
1572 	}
1573 
1574 	return 0;
1575 }
1576 
1577 /**
1578  * rsi_mgmt_pkt_recv() - This function processes the management packets
1579  *			 recieved from the hardware.
1580  * @common: Pointer to the driver private structure.
1581  * @msg: Pointer to the received packet.
1582  *
1583  * Return: 0 on success, -1 on failure.
1584  */
1585 int rsi_mgmt_pkt_recv(struct rsi_common *common, u8 *msg)
1586 {
1587 	s32 msg_len = (le16_to_cpu(*(__le16 *)&msg[0]) & 0x0fff);
1588 	u16 msg_type = (msg[2]);
1589 
1590 	rsi_dbg(FSM_ZONE, "%s: Msg Len: %d, Msg Type: %4x\n",
1591 		__func__, msg_len, msg_type);
1592 
1593 	if (msg_type == TA_CONFIRM_TYPE) {
1594 		return rsi_handle_ta_confirm_type(common, msg);
1595 	} else if (msg_type == CARD_READY_IND) {
1596 		rsi_dbg(FSM_ZONE, "%s: Card ready indication received\n",
1597 			__func__);
1598 		return rsi_handle_card_ready(common, msg);
1599 	} else if (msg_type == TX_STATUS_IND) {
1600 		if (msg[15] == PROBEREQ_CONFIRM) {
1601 			common->mgmt_q_block = false;
1602 			rsi_dbg(FSM_ZONE, "%s: Probe confirm received\n",
1603 				__func__);
1604 		}
1605 	} else {
1606 		return rsi_mgmt_pkt_to_core(common, msg, msg_len, msg_type);
1607 	}
1608 	return 0;
1609 }
1610