1 /**
2  * Copyright (c) 2014 Redpine Signals Inc.
3  *
4  * Permission to use, copy, modify, and/or distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <linux/etherdevice.h>
18 #include "rsi_mgmt.h"
19 #include "rsi_common.h"
20 #include "rsi_ps.h"
21 #include "rsi_hal.h"
22 
23 static struct bootup_params boot_params_20 = {
24 	.magic_number = cpu_to_le16(0x5aa5),
25 	.crystal_good_time = 0x0,
26 	.valid = cpu_to_le32(VALID_20),
27 	.reserved_for_valids = 0x0,
28 	.bootup_mode_info = 0x0,
29 	.digital_loop_back_params = 0x0,
30 	.rtls_timestamp_en = 0x0,
31 	.host_spi_intr_cfg = 0x0,
32 	.device_clk_info = {{
33 		.pll_config_g = {
34 			.tapll_info_g = {
35 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_20 << 8)|
36 					      (TA_PLL_M_VAL_20)),
37 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_20),
38 			},
39 			.pll960_info_g = {
40 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_20 << 8)|
41 							 (PLL960_N_VAL_20)),
42 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_20),
43 				.pll_reg_3 = 0x0,
44 			},
45 			.afepll_info_g = {
46 				.pll_reg = cpu_to_le16(0x9f0),
47 			}
48 		},
49 		.switch_clk_g = {
50 			.switch_clk_info = cpu_to_le16(0xb),
51 			.bbp_lmac_clk_reg_val = cpu_to_le16(0x111),
52 			.umac_clock_reg_config = cpu_to_le16(0x48),
53 			.qspi_uart_clock_reg_config = cpu_to_le16(0x1211)
54 		}
55 	},
56 	{
57 		.pll_config_g = {
58 			.tapll_info_g = {
59 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_20 << 8)|
60 							 (TA_PLL_M_VAL_20)),
61 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_20),
62 			},
63 			.pll960_info_g = {
64 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_20 << 8)|
65 							 (PLL960_N_VAL_20)),
66 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_20),
67 				.pll_reg_3 = 0x0,
68 			},
69 			.afepll_info_g = {
70 				.pll_reg = cpu_to_le16(0x9f0),
71 			}
72 		},
73 		.switch_clk_g = {
74 			.switch_clk_info = 0x0,
75 			.bbp_lmac_clk_reg_val = 0x0,
76 			.umac_clock_reg_config = 0x0,
77 			.qspi_uart_clock_reg_config = 0x0
78 		}
79 	},
80 	{
81 		.pll_config_g = {
82 			.tapll_info_g = {
83 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_20 << 8)|
84 							 (TA_PLL_M_VAL_20)),
85 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_20),
86 			},
87 			.pll960_info_g = {
88 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_20 << 8)|
89 							 (PLL960_N_VAL_20)),
90 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_20),
91 				.pll_reg_3 = 0x0,
92 			},
93 			.afepll_info_g = {
94 				.pll_reg = cpu_to_le16(0x9f0),
95 			}
96 		},
97 		.switch_clk_g = {
98 			.switch_clk_info = 0x0,
99 			.bbp_lmac_clk_reg_val = 0x0,
100 			.umac_clock_reg_config = 0x0,
101 			.qspi_uart_clock_reg_config = 0x0
102 		}
103 	} },
104 	.buckboost_wakeup_cnt = 0x0,
105 	.pmu_wakeup_wait = 0x0,
106 	.shutdown_wait_time = 0x0,
107 	.pmu_slp_clkout_sel = 0x0,
108 	.wdt_prog_value = 0x0,
109 	.wdt_soc_rst_delay = 0x0,
110 	.dcdc_operation_mode = 0x0,
111 	.soc_reset_wait_cnt = 0x0,
112 	.waiting_time_at_fresh_sleep = 0x0,
113 	.max_threshold_to_avoid_sleep = 0x0,
114 	.beacon_resedue_alg_en = 0,
115 };
116 
117 static struct bootup_params boot_params_40 = {
118 	.magic_number = cpu_to_le16(0x5aa5),
119 	.crystal_good_time = 0x0,
120 	.valid = cpu_to_le32(VALID_40),
121 	.reserved_for_valids = 0x0,
122 	.bootup_mode_info = 0x0,
123 	.digital_loop_back_params = 0x0,
124 	.rtls_timestamp_en = 0x0,
125 	.host_spi_intr_cfg = 0x0,
126 	.device_clk_info = {{
127 		.pll_config_g = {
128 			.tapll_info_g = {
129 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_40 << 8)|
130 							 (TA_PLL_M_VAL_40)),
131 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_40),
132 			},
133 			.pll960_info_g = {
134 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_40 << 8)|
135 							 (PLL960_N_VAL_40)),
136 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_40),
137 				.pll_reg_3 = 0x0,
138 			},
139 			.afepll_info_g = {
140 				.pll_reg = cpu_to_le16(0x9f0),
141 			}
142 		},
143 		.switch_clk_g = {
144 			.switch_clk_info = cpu_to_le16(0x09),
145 			.bbp_lmac_clk_reg_val = cpu_to_le16(0x1121),
146 			.umac_clock_reg_config = cpu_to_le16(0x48),
147 			.qspi_uart_clock_reg_config = cpu_to_le16(0x1211)
148 		}
149 	},
150 	{
151 		.pll_config_g = {
152 			.tapll_info_g = {
153 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_40 << 8)|
154 							 (TA_PLL_M_VAL_40)),
155 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_40),
156 			},
157 			.pll960_info_g = {
158 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_40 << 8)|
159 							 (PLL960_N_VAL_40)),
160 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_40),
161 				.pll_reg_3 = 0x0,
162 			},
163 			.afepll_info_g = {
164 				.pll_reg = cpu_to_le16(0x9f0),
165 			}
166 		},
167 		.switch_clk_g = {
168 			.switch_clk_info = 0x0,
169 			.bbp_lmac_clk_reg_val = 0x0,
170 			.umac_clock_reg_config = 0x0,
171 			.qspi_uart_clock_reg_config = 0x0
172 		}
173 	},
174 	{
175 		.pll_config_g = {
176 			.tapll_info_g = {
177 				.pll_reg_1 = cpu_to_le16((TA_PLL_N_VAL_40 << 8)|
178 							 (TA_PLL_M_VAL_40)),
179 				.pll_reg_2 = cpu_to_le16(TA_PLL_P_VAL_40),
180 			},
181 			.pll960_info_g = {
182 				.pll_reg_1 = cpu_to_le16((PLL960_P_VAL_40 << 8)|
183 							 (PLL960_N_VAL_40)),
184 				.pll_reg_2 = cpu_to_le16(PLL960_M_VAL_40),
185 				.pll_reg_3 = 0x0,
186 			},
187 			.afepll_info_g = {
188 				.pll_reg = cpu_to_le16(0x9f0),
189 			}
190 		},
191 		.switch_clk_g = {
192 			.switch_clk_info = 0x0,
193 			.bbp_lmac_clk_reg_val = 0x0,
194 			.umac_clock_reg_config = 0x0,
195 			.qspi_uart_clock_reg_config = 0x0
196 		}
197 	} },
198 	.buckboost_wakeup_cnt = 0x0,
199 	.pmu_wakeup_wait = 0x0,
200 	.shutdown_wait_time = 0x0,
201 	.pmu_slp_clkout_sel = 0x0,
202 	.wdt_prog_value = 0x0,
203 	.wdt_soc_rst_delay = 0x0,
204 	.dcdc_operation_mode = 0x0,
205 	.soc_reset_wait_cnt = 0x0,
206 	.waiting_time_at_fresh_sleep = 0x0,
207 	.max_threshold_to_avoid_sleep = 0x0,
208 	.beacon_resedue_alg_en = 0,
209 };
210 
211 static u16 mcs[] = {13, 26, 39, 52, 78, 104, 117, 130};
212 
213 /**
214  * rsi_set_default_parameters() - This function sets default parameters.
215  * @common: Pointer to the driver private structure.
216  *
217  * Return: none
218  */
219 static void rsi_set_default_parameters(struct rsi_common *common)
220 {
221 	common->band = NL80211_BAND_2GHZ;
222 	common->channel_width = BW_20MHZ;
223 	common->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
224 	common->channel = 1;
225 	common->min_rate = 0xffff;
226 	common->fsm_state = FSM_CARD_NOT_READY;
227 	common->iface_down = true;
228 	common->endpoint = EP_2GHZ_20MHZ;
229 	common->driver_mode = 1; /* End to end mode */
230 	common->lp_ps_handshake_mode = 0; /* Default no handShake mode*/
231 	common->ulp_ps_handshake_mode = 2; /* Default PKT handShake mode*/
232 	common->rf_power_val = 0; /* Default 1.9V */
233 	common->wlan_rf_power_mode = 0;
234 	common->obm_ant_sel_val = 2;
235 	common->beacon_interval = RSI_BEACON_INTERVAL;
236 	common->dtim_cnt = RSI_DTIM_COUNT;
237 }
238 
239 /**
240  * rsi_set_contention_vals() - This function sets the contention values for the
241  *			       backoff procedure.
242  * @common: Pointer to the driver private structure.
243  *
244  * Return: None.
245  */
246 static void rsi_set_contention_vals(struct rsi_common *common)
247 {
248 	u8 ii = 0;
249 
250 	for (; ii < NUM_EDCA_QUEUES; ii++) {
251 		common->tx_qinfo[ii].wme_params =
252 			(((common->edca_params[ii].cw_min / 2) +
253 			  (common->edca_params[ii].aifs)) *
254 			  WMM_SHORT_SLOT_TIME + SIFS_DURATION);
255 		common->tx_qinfo[ii].weight = common->tx_qinfo[ii].wme_params;
256 		common->tx_qinfo[ii].pkt_contended = 0;
257 	}
258 }
259 
260 /**
261  * rsi_send_internal_mgmt_frame() - This function sends management frames to
262  *				    firmware.Also schedules packet to queue
263  *				    for transmission.
264  * @common: Pointer to the driver private structure.
265  * @skb: Pointer to the socket buffer structure.
266  *
267  * Return: 0 on success, -1 on failure.
268  */
269 static int rsi_send_internal_mgmt_frame(struct rsi_common *common,
270 					struct sk_buff *skb)
271 {
272 	struct skb_info *tx_params;
273 	struct rsi_cmd_desc *desc;
274 
275 	if (skb == NULL) {
276 		rsi_dbg(ERR_ZONE, "%s: Unable to allocate skb\n", __func__);
277 		return -ENOMEM;
278 	}
279 	desc = (struct rsi_cmd_desc *)skb->data;
280 	desc->desc_dword0.len_qno |= cpu_to_le16(DESC_IMMEDIATE_WAKEUP);
281 	skb->priority = MGMT_SOFT_Q;
282 	tx_params = (struct skb_info *)&IEEE80211_SKB_CB(skb)->driver_data;
283 	tx_params->flags |= INTERNAL_MGMT_PKT;
284 	skb_queue_tail(&common->tx_queue[MGMT_SOFT_Q], skb);
285 	rsi_set_event(&common->tx_thread.event);
286 	return 0;
287 }
288 
289 /**
290  * rsi_load_radio_caps() - This function is used to send radio capabilities
291  *			   values to firmware.
292  * @common: Pointer to the driver private structure.
293  *
294  * Return: 0 on success, corresponding negative error code on failure.
295  */
296 static int rsi_load_radio_caps(struct rsi_common *common)
297 {
298 	struct rsi_radio_caps *radio_caps;
299 	struct rsi_hw *adapter = common->priv;
300 	u16 inx = 0;
301 	u8 ii;
302 	u8 radio_id = 0;
303 	u16 gc[20] = {0xf0, 0xf0, 0xf0, 0xf0,
304 		      0xf0, 0xf0, 0xf0, 0xf0,
305 		      0xf0, 0xf0, 0xf0, 0xf0,
306 		      0xf0, 0xf0, 0xf0, 0xf0,
307 		      0xf0, 0xf0, 0xf0, 0xf0};
308 	struct sk_buff *skb;
309 	u16 frame_len = sizeof(struct rsi_radio_caps);
310 
311 	rsi_dbg(INFO_ZONE, "%s: Sending rate symbol req frame\n", __func__);
312 
313 	skb = dev_alloc_skb(frame_len);
314 
315 	if (!skb) {
316 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
317 			__func__);
318 		return -ENOMEM;
319 	}
320 
321 	memset(skb->data, 0, frame_len);
322 	radio_caps = (struct rsi_radio_caps *)skb->data;
323 
324 	radio_caps->desc_dword0.frame_type = RADIO_CAPABILITIES;
325 	radio_caps->channel_num = common->channel;
326 	radio_caps->rf_model = RSI_RF_TYPE;
327 
328 	if (common->channel_width == BW_40MHZ) {
329 		radio_caps->radio_cfg_info = RSI_LMAC_CLOCK_80MHZ;
330 		radio_caps->radio_cfg_info |= RSI_ENABLE_40MHZ;
331 
332 		if (common->fsm_state == FSM_MAC_INIT_DONE) {
333 			struct ieee80211_hw *hw = adapter->hw;
334 			struct ieee80211_conf *conf = &hw->conf;
335 
336 			if (conf_is_ht40_plus(conf)) {
337 				radio_caps->radio_cfg_info =
338 					RSI_CMDDESC_LOWER_20_ENABLE;
339 				radio_caps->radio_info =
340 					RSI_CMDDESC_LOWER_20_ENABLE;
341 			} else if (conf_is_ht40_minus(conf)) {
342 				radio_caps->radio_cfg_info =
343 					RSI_CMDDESC_UPPER_20_ENABLE;
344 				radio_caps->radio_info =
345 					RSI_CMDDESC_UPPER_20_ENABLE;
346 			} else {
347 				radio_caps->radio_cfg_info =
348 					RSI_CMDDESC_40MHZ;
349 				radio_caps->radio_info =
350 					RSI_CMDDESC_FULL_40_ENABLE;
351 			}
352 		}
353 	}
354 	radio_caps->radio_info |= radio_id;
355 
356 	radio_caps->sifs_tx_11n = cpu_to_le16(SIFS_TX_11N_VALUE);
357 	radio_caps->sifs_tx_11b = cpu_to_le16(SIFS_TX_11B_VALUE);
358 	radio_caps->slot_rx_11n = cpu_to_le16(SHORT_SLOT_VALUE);
359 	radio_caps->ofdm_ack_tout = cpu_to_le16(OFDM_ACK_TOUT_VALUE);
360 	radio_caps->cck_ack_tout = cpu_to_le16(CCK_ACK_TOUT_VALUE);
361 	radio_caps->preamble_type = cpu_to_le16(LONG_PREAMBLE);
362 
363 	for (ii = 0; ii < MAX_HW_QUEUES; ii++) {
364 		radio_caps->qos_params[ii].cont_win_min_q = cpu_to_le16(3);
365 		radio_caps->qos_params[ii].cont_win_max_q = cpu_to_le16(0x3f);
366 		radio_caps->qos_params[ii].aifsn_val_q = cpu_to_le16(2);
367 		radio_caps->qos_params[ii].txop_q = 0;
368 	}
369 
370 	for (ii = 0; ii < NUM_EDCA_QUEUES; ii++) {
371 		radio_caps->qos_params[ii].cont_win_min_q =
372 			cpu_to_le16(common->edca_params[ii].cw_min);
373 		radio_caps->qos_params[ii].cont_win_max_q =
374 			cpu_to_le16(common->edca_params[ii].cw_max);
375 		radio_caps->qos_params[ii].aifsn_val_q =
376 			cpu_to_le16((common->edca_params[ii].aifs) << 8);
377 		radio_caps->qos_params[ii].txop_q =
378 			cpu_to_le16(common->edca_params[ii].txop);
379 	}
380 
381 	radio_caps->qos_params[BROADCAST_HW_Q].txop_q = cpu_to_le16(0xffff);
382 	radio_caps->qos_params[MGMT_HW_Q].txop_q = 0;
383 	radio_caps->qos_params[BEACON_HW_Q].txop_q = cpu_to_le16(0xffff);
384 
385 	memcpy(&common->rate_pwr[0], &gc[0], 40);
386 	for (ii = 0; ii < 20; ii++)
387 		radio_caps->gcpd_per_rate[inx++] =
388 			cpu_to_le16(common->rate_pwr[ii]  & 0x00FF);
389 
390 	rsi_set_len_qno(&radio_caps->desc_dword0.len_qno,
391 			(frame_len - FRAME_DESC_SZ), RSI_WIFI_MGMT_Q);
392 
393 	skb_put(skb, frame_len);
394 
395 	return rsi_send_internal_mgmt_frame(common, skb);
396 }
397 
398 /**
399  * rsi_mgmt_pkt_to_core() - This function is the entry point for Mgmt module.
400  * @common: Pointer to the driver private structure.
401  * @msg: Pointer to received packet.
402  * @msg_len: Length of the recieved packet.
403  * @type: Type of recieved packet.
404  *
405  * Return: 0 on success, -1 on failure.
406  */
407 static int rsi_mgmt_pkt_to_core(struct rsi_common *common,
408 				u8 *msg,
409 				s32 msg_len)
410 {
411 	struct rsi_hw *adapter = common->priv;
412 	struct ieee80211_tx_info *info;
413 	struct skb_info *rx_params;
414 	u8 pad_bytes = msg[4];
415 	struct sk_buff *skb;
416 
417 	if (!adapter->sc_nvifs)
418 		return -ENOLINK;
419 
420 	msg_len -= pad_bytes;
421 	if (msg_len <= 0) {
422 		rsi_dbg(MGMT_RX_ZONE,
423 			"%s: Invalid rx msg of len = %d\n",
424 			__func__, msg_len);
425 		return -EINVAL;
426 	}
427 
428 	skb = dev_alloc_skb(msg_len);
429 	if (!skb)
430 		return -ENOMEM;
431 
432 	skb_put_data(skb,
433 		     (u8 *)(msg + FRAME_DESC_SZ + pad_bytes),
434 		     msg_len);
435 
436 	info = IEEE80211_SKB_CB(skb);
437 	rx_params = (struct skb_info *)info->driver_data;
438 	rx_params->rssi = rsi_get_rssi(msg);
439 	rx_params->channel = rsi_get_channel(msg);
440 	rsi_indicate_pkt_to_os(common, skb);
441 
442 	return 0;
443 }
444 
445 /**
446  * rsi_hal_send_sta_notify_frame() - This function sends the station notify
447  *				     frame to firmware.
448  * @common: Pointer to the driver private structure.
449  * @opmode: Operating mode of device.
450  * @notify_event: Notification about station connection.
451  * @bssid: bssid.
452  * @qos_enable: Qos is enabled.
453  * @aid: Aid (unique for all STA).
454  *
455  * Return: status: 0 on success, corresponding negative error code on failure.
456  */
457 static int rsi_hal_send_sta_notify_frame(struct rsi_common *common,
458 					 enum opmode opmode,
459 					 u8 notify_event,
460 					 const unsigned char *bssid,
461 					 u8 qos_enable,
462 					 u16 aid,
463 					 u16 sta_id)
464 {
465 	struct ieee80211_vif *vif = common->priv->vifs[0];
466 	struct sk_buff *skb = NULL;
467 	struct rsi_peer_notify *peer_notify;
468 	u16 vap_id = 0;
469 	int status;
470 	u16 frame_len = sizeof(struct rsi_peer_notify);
471 
472 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending sta notify frame\n", __func__);
473 
474 	skb = dev_alloc_skb(frame_len);
475 
476 	if (!skb) {
477 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
478 			__func__);
479 		return -ENOMEM;
480 	}
481 
482 	memset(skb->data, 0, frame_len);
483 	peer_notify = (struct rsi_peer_notify *)skb->data;
484 
485 	if (opmode == STA_OPMODE)
486 		peer_notify->command = cpu_to_le16(PEER_TYPE_AP << 1);
487 	else if (opmode == AP_OPMODE)
488 		peer_notify->command = cpu_to_le16(PEER_TYPE_STA << 1);
489 
490 	switch (notify_event) {
491 	case STA_CONNECTED:
492 		peer_notify->command |= cpu_to_le16(RSI_ADD_PEER);
493 		break;
494 	case STA_DISCONNECTED:
495 		peer_notify->command |= cpu_to_le16(RSI_DELETE_PEER);
496 		break;
497 	default:
498 		break;
499 	}
500 
501 	peer_notify->command |= cpu_to_le16((aid & 0xfff) << 4);
502 	ether_addr_copy(peer_notify->mac_addr, bssid);
503 	peer_notify->mpdu_density = cpu_to_le16(RSI_MPDU_DENSITY);
504 	peer_notify->sta_flags = cpu_to_le32((qos_enable) ? 1 : 0);
505 
506 	rsi_set_len_qno(&peer_notify->desc.desc_dword0.len_qno,
507 			(frame_len - FRAME_DESC_SZ),
508 			RSI_WIFI_MGMT_Q);
509 	peer_notify->desc.desc_dword0.frame_type = PEER_NOTIFY;
510 	peer_notify->desc.desc_dword3.qid_tid = sta_id;
511 	peer_notify->desc.desc_dword3.sta_id = vap_id;
512 
513 	skb_put(skb, frame_len);
514 
515 	status = rsi_send_internal_mgmt_frame(common, skb);
516 
517 	if ((vif->type == NL80211_IFTYPE_STATION) &&
518 	    (!status && qos_enable)) {
519 		rsi_set_contention_vals(common);
520 		status = rsi_load_radio_caps(common);
521 	}
522 	return status;
523 }
524 
525 /**
526  * rsi_send_aggregation_params_frame() - This function sends the ampdu
527  *					 indication frame to firmware.
528  * @common: Pointer to the driver private structure.
529  * @tid: traffic identifier.
530  * @ssn: ssn.
531  * @buf_size: buffer size.
532  * @event: notification about station connection.
533  *
534  * Return: 0 on success, corresponding negative error code on failure.
535  */
536 int rsi_send_aggregation_params_frame(struct rsi_common *common,
537 				      u16 tid,
538 				      u16 ssn,
539 				      u8 buf_size,
540 				      u8 event,
541 				      u8 sta_id)
542 {
543 	struct sk_buff *skb = NULL;
544 	struct rsi_aggr_params *aggr_params;
545 	u16 frame_len = sizeof(struct rsi_aggr_params);
546 
547 	skb = dev_alloc_skb(frame_len);
548 
549 	if (!skb) {
550 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
551 			__func__);
552 		return -ENOMEM;
553 	}
554 
555 	memset(skb->data, 0, frame_len);
556 	aggr_params = (struct rsi_aggr_params *)skb->data;
557 
558 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending AMPDU indication frame\n", __func__);
559 
560 	rsi_set_len_qno(&aggr_params->desc_dword0.len_qno, 0, RSI_WIFI_MGMT_Q);
561 	aggr_params->desc_dword0.frame_type = AMPDU_IND;
562 
563 	aggr_params->aggr_params = tid & RSI_AGGR_PARAMS_TID_MASK;
564 	aggr_params->peer_id = sta_id;
565 	if (event == STA_TX_ADDBA_DONE) {
566 		aggr_params->seq_start = cpu_to_le16(ssn);
567 		aggr_params->baw_size = cpu_to_le16(buf_size);
568 		aggr_params->aggr_params |= RSI_AGGR_PARAMS_START;
569 	} else if (event == STA_RX_ADDBA_DONE) {
570 		aggr_params->seq_start = cpu_to_le16(ssn);
571 		aggr_params->aggr_params |= (RSI_AGGR_PARAMS_START |
572 					     RSI_AGGR_PARAMS_RX_AGGR);
573 	} else if (event == STA_RX_DELBA) {
574 		aggr_params->aggr_params |= RSI_AGGR_PARAMS_RX_AGGR;
575 	}
576 
577 	skb_put(skb, frame_len);
578 
579 	return rsi_send_internal_mgmt_frame(common, skb);
580 }
581 
582 /**
583  * rsi_program_bb_rf() - This function starts base band and RF programming.
584  *			 This is called after initial configurations are done.
585  * @common: Pointer to the driver private structure.
586  *
587  * Return: 0 on success, corresponding negative error code on failure.
588  */
589 static int rsi_program_bb_rf(struct rsi_common *common)
590 {
591 	struct sk_buff *skb;
592 	struct rsi_bb_rf_prog *bb_rf_prog;
593 	u16 frame_len = sizeof(struct rsi_bb_rf_prog);
594 
595 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending program BB/RF frame\n", __func__);
596 
597 	skb = dev_alloc_skb(frame_len);
598 	if (!skb) {
599 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
600 			__func__);
601 		return -ENOMEM;
602 	}
603 
604 	memset(skb->data, 0, frame_len);
605 	bb_rf_prog = (struct rsi_bb_rf_prog *)skb->data;
606 
607 	rsi_set_len_qno(&bb_rf_prog->desc_dword0.len_qno, 0, RSI_WIFI_MGMT_Q);
608 	bb_rf_prog->desc_dword0.frame_type = BBP_PROG_IN_TA;
609 	bb_rf_prog->endpoint = common->endpoint;
610 	bb_rf_prog->rf_power_mode = common->wlan_rf_power_mode;
611 
612 	if (common->rf_reset) {
613 		bb_rf_prog->flags =  cpu_to_le16(RF_RESET_ENABLE);
614 		rsi_dbg(MGMT_TX_ZONE, "%s: ===> RF RESET REQUEST SENT <===\n",
615 			__func__);
616 		common->rf_reset = 0;
617 	}
618 	common->bb_rf_prog_count = 1;
619 	bb_rf_prog->flags |= cpu_to_le16(PUT_BBP_RESET | BBP_REG_WRITE |
620 					 (RSI_RF_TYPE << 4));
621 	skb_put(skb, frame_len);
622 
623 	return rsi_send_internal_mgmt_frame(common, skb);
624 }
625 
626 /**
627  * rsi_set_vap_capabilities() - This function send vap capability to firmware.
628  * @common: Pointer to the driver private structure.
629  * @opmode: Operating mode of device.
630  *
631  * Return: 0 on success, corresponding negative error code on failure.
632  */
633 int rsi_set_vap_capabilities(struct rsi_common *common,
634 			     enum opmode mode,
635 			     u8 *mac_addr,
636 			     u8 vap_id,
637 			     u8 vap_status)
638 {
639 	struct sk_buff *skb = NULL;
640 	struct rsi_vap_caps *vap_caps;
641 	struct rsi_hw *adapter = common->priv;
642 	struct ieee80211_hw *hw = adapter->hw;
643 	struct ieee80211_conf *conf = &hw->conf;
644 	u16 frame_len = sizeof(struct rsi_vap_caps);
645 
646 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending VAP capabilities frame\n", __func__);
647 
648 	skb = dev_alloc_skb(frame_len);
649 	if (!skb) {
650 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
651 			__func__);
652 		return -ENOMEM;
653 	}
654 
655 	memset(skb->data, 0, frame_len);
656 	vap_caps = (struct rsi_vap_caps *)skb->data;
657 
658 	rsi_set_len_qno(&vap_caps->desc_dword0.len_qno,
659 			(frame_len - FRAME_DESC_SZ), RSI_WIFI_MGMT_Q);
660 	vap_caps->desc_dword0.frame_type = VAP_CAPABILITIES;
661 	vap_caps->status = vap_status;
662 	vap_caps->vif_type = mode;
663 	vap_caps->channel_bw = common->channel_width;
664 	vap_caps->vap_id = vap_id;
665 	vap_caps->radioid_macid = ((common->mac_id & 0xf) << 4) |
666 				   (common->radio_id & 0xf);
667 
668 	memcpy(vap_caps->mac_addr, mac_addr, IEEE80211_ADDR_LEN);
669 	vap_caps->keep_alive_period = cpu_to_le16(90);
670 	vap_caps->frag_threshold = cpu_to_le16(IEEE80211_MAX_FRAG_THRESHOLD);
671 
672 	vap_caps->rts_threshold = cpu_to_le16(common->rts_threshold);
673 
674 	if (common->band == NL80211_BAND_5GHZ) {
675 		vap_caps->default_ctrl_rate = cpu_to_le16(RSI_RATE_6);
676 		vap_caps->default_mgmt_rate = cpu_to_le32(RSI_RATE_6);
677 	} else {
678 		vap_caps->default_ctrl_rate = cpu_to_le16(RSI_RATE_1);
679 		vap_caps->default_mgmt_rate = cpu_to_le32(RSI_RATE_1);
680 	}
681 	if (conf_is_ht40(conf)) {
682 		if (conf_is_ht40_minus(conf))
683 			vap_caps->ctrl_rate_flags =
684 				cpu_to_le16(UPPER_20_ENABLE);
685 		else if (conf_is_ht40_plus(conf))
686 			vap_caps->ctrl_rate_flags =
687 				cpu_to_le16(LOWER_20_ENABLE);
688 		else
689 			vap_caps->ctrl_rate_flags =
690 				cpu_to_le16(FULL40M_ENABLE);
691 	}
692 
693 	vap_caps->default_data_rate = 0;
694 	vap_caps->beacon_interval = cpu_to_le16(common->beacon_interval);
695 	vap_caps->dtim_period = cpu_to_le16(common->dtim_cnt);
696 
697 	skb_put(skb, frame_len);
698 
699 	return rsi_send_internal_mgmt_frame(common, skb);
700 }
701 
702 /**
703  * rsi_hal_load_key() - This function is used to load keys within the firmware.
704  * @common: Pointer to the driver private structure.
705  * @data: Pointer to the key data.
706  * @key_len: Key length to be loaded.
707  * @key_type: Type of key: GROUP/PAIRWISE.
708  * @key_id: Key index.
709  * @cipher: Type of cipher used.
710  *
711  * Return: 0 on success, -1 on failure.
712  */
713 int rsi_hal_load_key(struct rsi_common *common,
714 		     u8 *data,
715 		     u16 key_len,
716 		     u8 key_type,
717 		     u8 key_id,
718 		     u32 cipher,
719 		     s16 sta_id)
720 {
721 	struct ieee80211_vif *vif = common->priv->vifs[0];
722 	struct sk_buff *skb = NULL;
723 	struct rsi_set_key *set_key;
724 	u16 key_descriptor = 0;
725 	u16 frame_len = sizeof(struct rsi_set_key);
726 
727 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending load key frame\n", __func__);
728 
729 	skb = dev_alloc_skb(frame_len);
730 	if (!skb) {
731 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
732 			__func__);
733 		return -ENOMEM;
734 	}
735 
736 	memset(skb->data, 0, frame_len);
737 	set_key = (struct rsi_set_key *)skb->data;
738 
739 	if (key_type == RSI_GROUP_KEY) {
740 		key_descriptor = RSI_KEY_TYPE_BROADCAST;
741 		if (vif->type == NL80211_IFTYPE_AP)
742 			key_descriptor |= RSI_KEY_MODE_AP;
743 	}
744 	if ((cipher == WLAN_CIPHER_SUITE_WEP40) ||
745 	    (cipher == WLAN_CIPHER_SUITE_WEP104)) {
746 		key_id = 0;
747 		key_descriptor |= RSI_WEP_KEY;
748 		if (key_len >= 13)
749 			key_descriptor |= RSI_WEP_KEY_104;
750 	} else if (cipher != KEY_TYPE_CLEAR) {
751 		key_descriptor |= RSI_CIPHER_WPA;
752 		if (cipher == WLAN_CIPHER_SUITE_TKIP)
753 			key_descriptor |= RSI_CIPHER_TKIP;
754 	}
755 	key_descriptor |= RSI_PROTECT_DATA_FRAMES;
756 	key_descriptor |= ((key_id << RSI_KEY_ID_OFFSET) & RSI_KEY_ID_MASK);
757 
758 	rsi_set_len_qno(&set_key->desc_dword0.len_qno,
759 			(frame_len - FRAME_DESC_SZ), RSI_WIFI_MGMT_Q);
760 	set_key->desc_dword0.frame_type = SET_KEY_REQ;
761 	set_key->key_desc = cpu_to_le16(key_descriptor);
762 	set_key->sta_id = sta_id;
763 
764 	if (data) {
765 		if ((cipher == WLAN_CIPHER_SUITE_WEP40) ||
766 		    (cipher == WLAN_CIPHER_SUITE_WEP104)) {
767 			memcpy(&set_key->key[key_id][1], data, key_len * 2);
768 		} else {
769 			memcpy(&set_key->key[0][0], data, key_len);
770 		}
771 		memcpy(set_key->tx_mic_key, &data[16], 8);
772 		memcpy(set_key->rx_mic_key, &data[24], 8);
773 	} else {
774 		memset(&set_key[FRAME_DESC_SZ], 0, frame_len - FRAME_DESC_SZ);
775 	}
776 
777 	skb_put(skb, frame_len);
778 
779 	return rsi_send_internal_mgmt_frame(common, skb);
780 }
781 
782 /*
783  * This function sends the common device configuration parameters to device.
784  * This frame includes the useful information to make device works on
785  * specific operating mode.
786  */
787 static int rsi_send_common_dev_params(struct rsi_common *common)
788 {
789 	struct sk_buff *skb;
790 	u16 frame_len;
791 	struct rsi_config_vals *dev_cfgs;
792 
793 	frame_len = sizeof(struct rsi_config_vals);
794 
795 	rsi_dbg(MGMT_TX_ZONE, "Sending common device config params\n");
796 	skb = dev_alloc_skb(frame_len);
797 	if (!skb) {
798 		rsi_dbg(ERR_ZONE, "%s: Unable to allocate skb\n", __func__);
799 		return -ENOMEM;
800 	}
801 
802 	memset(skb->data, 0, frame_len);
803 
804 	dev_cfgs = (struct rsi_config_vals *)skb->data;
805 	memset(dev_cfgs, 0, (sizeof(struct rsi_config_vals)));
806 
807 	rsi_set_len_qno(&dev_cfgs->len_qno, (frame_len - FRAME_DESC_SZ),
808 			RSI_COEX_Q);
809 	dev_cfgs->pkt_type = COMMON_DEV_CONFIG;
810 
811 	dev_cfgs->lp_ps_handshake = common->lp_ps_handshake_mode;
812 	dev_cfgs->ulp_ps_handshake = common->ulp_ps_handshake_mode;
813 
814 	dev_cfgs->unused_ulp_gpio = RSI_UNUSED_ULP_GPIO_BITMAP;
815 	dev_cfgs->unused_soc_gpio_bitmap =
816 				cpu_to_le32(RSI_UNUSED_SOC_GPIO_BITMAP);
817 
818 	dev_cfgs->opermode = common->oper_mode;
819 	dev_cfgs->wlan_rf_pwr_mode = common->wlan_rf_power_mode;
820 	dev_cfgs->driver_mode = common->driver_mode;
821 	dev_cfgs->region_code = NL80211_DFS_FCC;
822 	dev_cfgs->antenna_sel_val = common->obm_ant_sel_val;
823 
824 	skb_put(skb, frame_len);
825 
826 	return rsi_send_internal_mgmt_frame(common, skb);
827 }
828 
829 /*
830  * rsi_load_bootup_params() - This function send bootup params to the firmware.
831  * @common: Pointer to the driver private structure.
832  *
833  * Return: 0 on success, corresponding error code on failure.
834  */
835 static int rsi_load_bootup_params(struct rsi_common *common)
836 {
837 	struct sk_buff *skb;
838 	struct rsi_boot_params *boot_params;
839 
840 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending boot params frame\n", __func__);
841 	skb = dev_alloc_skb(sizeof(struct rsi_boot_params));
842 	if (!skb) {
843 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
844 			__func__);
845 		return -ENOMEM;
846 	}
847 
848 	memset(skb->data, 0, sizeof(struct rsi_boot_params));
849 	boot_params = (struct rsi_boot_params *)skb->data;
850 
851 	rsi_dbg(MGMT_TX_ZONE, "%s:\n", __func__);
852 
853 	if (common->channel_width == BW_40MHZ) {
854 		memcpy(&boot_params->bootup_params,
855 		       &boot_params_40,
856 		       sizeof(struct bootup_params));
857 		rsi_dbg(MGMT_TX_ZONE, "%s: Packet 40MHZ <=== %d\n", __func__,
858 			UMAC_CLK_40BW);
859 		boot_params->desc_word[7] = cpu_to_le16(UMAC_CLK_40BW);
860 	} else {
861 		memcpy(&boot_params->bootup_params,
862 		       &boot_params_20,
863 		       sizeof(struct bootup_params));
864 		if (boot_params_20.valid != cpu_to_le32(VALID_20)) {
865 			boot_params->desc_word[7] = cpu_to_le16(UMAC_CLK_20BW);
866 			rsi_dbg(MGMT_TX_ZONE,
867 				"%s: Packet 20MHZ <=== %d\n", __func__,
868 				UMAC_CLK_20BW);
869 		} else {
870 			boot_params->desc_word[7] = cpu_to_le16(UMAC_CLK_40MHZ);
871 			rsi_dbg(MGMT_TX_ZONE,
872 				"%s: Packet 20MHZ <=== %d\n", __func__,
873 				UMAC_CLK_40MHZ);
874 		}
875 	}
876 
877 	/**
878 	 * Bit{0:11} indicates length of the Packet
879 	 * Bit{12:15} indicates host queue number
880 	 */
881 	boot_params->desc_word[0] = cpu_to_le16(sizeof(struct bootup_params) |
882 				    (RSI_WIFI_MGMT_Q << 12));
883 	boot_params->desc_word[1] = cpu_to_le16(BOOTUP_PARAMS_REQUEST);
884 
885 	skb_put(skb, sizeof(struct rsi_boot_params));
886 
887 	return rsi_send_internal_mgmt_frame(common, skb);
888 }
889 
890 /**
891  * rsi_send_reset_mac() - This function prepares reset MAC request and sends an
892  *			  internal management frame to indicate it to firmware.
893  * @common: Pointer to the driver private structure.
894  *
895  * Return: 0 on success, corresponding error code on failure.
896  */
897 static int rsi_send_reset_mac(struct rsi_common *common)
898 {
899 	struct sk_buff *skb;
900 	struct rsi_mac_frame *mgmt_frame;
901 
902 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending reset MAC frame\n", __func__);
903 
904 	skb = dev_alloc_skb(FRAME_DESC_SZ);
905 	if (!skb) {
906 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
907 			__func__);
908 		return -ENOMEM;
909 	}
910 
911 	memset(skb->data, 0, FRAME_DESC_SZ);
912 	mgmt_frame = (struct rsi_mac_frame *)skb->data;
913 
914 	mgmt_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
915 	mgmt_frame->desc_word[1] = cpu_to_le16(RESET_MAC_REQ);
916 	mgmt_frame->desc_word[4] = cpu_to_le16(RETRY_COUNT << 8);
917 
918 	skb_put(skb, FRAME_DESC_SZ);
919 
920 	return rsi_send_internal_mgmt_frame(common, skb);
921 }
922 
923 /**
924  * rsi_band_check() - This function programs the band
925  * @common: Pointer to the driver private structure.
926  *
927  * Return: 0 on success, corresponding error code on failure.
928  */
929 int rsi_band_check(struct rsi_common *common)
930 {
931 	struct rsi_hw *adapter = common->priv;
932 	struct ieee80211_hw *hw = adapter->hw;
933 	u8 prev_bw = common->channel_width;
934 	u8 prev_ep = common->endpoint;
935 	struct ieee80211_channel *curchan = hw->conf.chandef.chan;
936 	int status = 0;
937 
938 	if (common->band != curchan->band) {
939 		common->rf_reset = 1;
940 		common->band = curchan->band;
941 	}
942 
943 	if ((hw->conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT) ||
944 	    (hw->conf.chandef.width == NL80211_CHAN_WIDTH_20))
945 		common->channel_width = BW_20MHZ;
946 	else
947 		common->channel_width = BW_40MHZ;
948 
949 	if (common->band == NL80211_BAND_2GHZ) {
950 		if (common->channel_width)
951 			common->endpoint = EP_2GHZ_40MHZ;
952 		else
953 			common->endpoint = EP_2GHZ_20MHZ;
954 	} else {
955 		if (common->channel_width)
956 			common->endpoint = EP_5GHZ_40MHZ;
957 		else
958 			common->endpoint = EP_5GHZ_20MHZ;
959 	}
960 
961 	if (common->endpoint != prev_ep) {
962 		status = rsi_program_bb_rf(common);
963 		if (status)
964 			return status;
965 	}
966 
967 	if (common->channel_width != prev_bw) {
968 		status = rsi_load_bootup_params(common);
969 		if (status)
970 			return status;
971 
972 		status = rsi_load_radio_caps(common);
973 		if (status)
974 			return status;
975 	}
976 
977 	return status;
978 }
979 
980 /**
981  * rsi_set_channel() - This function programs the channel.
982  * @common: Pointer to the driver private structure.
983  * @channel: Channel value to be set.
984  *
985  * Return: 0 on success, corresponding error code on failure.
986  */
987 int rsi_set_channel(struct rsi_common *common,
988 		    struct ieee80211_channel *channel)
989 {
990 	struct sk_buff *skb = NULL;
991 	struct rsi_chan_config *chan_cfg;
992 	u16 frame_len = sizeof(struct rsi_chan_config);
993 
994 	rsi_dbg(MGMT_TX_ZONE,
995 		"%s: Sending scan req frame\n", __func__);
996 
997 	skb = dev_alloc_skb(frame_len);
998 	if (!skb) {
999 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1000 			__func__);
1001 		return -ENOMEM;
1002 	}
1003 
1004 	if (!channel) {
1005 		dev_kfree_skb(skb);
1006 		return 0;
1007 	}
1008 	memset(skb->data, 0, frame_len);
1009 	chan_cfg = (struct rsi_chan_config *)skb->data;
1010 
1011 	rsi_set_len_qno(&chan_cfg->desc_dword0.len_qno, 0, RSI_WIFI_MGMT_Q);
1012 	chan_cfg->desc_dword0.frame_type = SCAN_REQUEST;
1013 	chan_cfg->channel_number = channel->hw_value;
1014 	chan_cfg->antenna_gain_offset_2g = channel->max_antenna_gain;
1015 	chan_cfg->antenna_gain_offset_5g = channel->max_antenna_gain;
1016 	chan_cfg->region_rftype = (RSI_RF_TYPE & 0xf) << 4;
1017 
1018 	if ((channel->flags & IEEE80211_CHAN_NO_IR) ||
1019 	    (channel->flags & IEEE80211_CHAN_RADAR)) {
1020 		chan_cfg->antenna_gain_offset_2g |= RSI_CHAN_RADAR;
1021 	} else {
1022 		if (common->tx_power < channel->max_power)
1023 			chan_cfg->tx_power = cpu_to_le16(common->tx_power);
1024 		else
1025 			chan_cfg->tx_power = cpu_to_le16(channel->max_power);
1026 	}
1027 	chan_cfg->region_rftype |= (common->priv->dfs_region & 0xf);
1028 
1029 	if (common->channel_width == BW_40MHZ)
1030 		chan_cfg->channel_width = 0x1;
1031 
1032 	common->channel = channel->hw_value;
1033 
1034 	skb_put(skb, frame_len);
1035 
1036 	return rsi_send_internal_mgmt_frame(common, skb);
1037 }
1038 
1039 /**
1040  * rsi_send_radio_params_update() - This function sends the radio
1041  *				parameters update to device
1042  * @common: Pointer to the driver private structure.
1043  * @channel: Channel value to be set.
1044  *
1045  * Return: 0 on success, corresponding error code on failure.
1046  */
1047 int rsi_send_radio_params_update(struct rsi_common *common)
1048 {
1049 	struct rsi_mac_frame *cmd_frame;
1050 	struct sk_buff *skb = NULL;
1051 
1052 	rsi_dbg(MGMT_TX_ZONE,
1053 		"%s: Sending Radio Params update frame\n", __func__);
1054 
1055 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1056 	if (!skb) {
1057 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1058 			__func__);
1059 		return -ENOMEM;
1060 	}
1061 
1062 	memset(skb->data, 0, FRAME_DESC_SZ);
1063 	cmd_frame = (struct rsi_mac_frame *)skb->data;
1064 
1065 	cmd_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
1066 	cmd_frame->desc_word[1] = cpu_to_le16(RADIO_PARAMS_UPDATE);
1067 	cmd_frame->desc_word[3] = cpu_to_le16(BIT(0));
1068 
1069 	cmd_frame->desc_word[3] |= cpu_to_le16(common->tx_power << 8);
1070 
1071 	skb_put(skb, FRAME_DESC_SZ);
1072 
1073 	return rsi_send_internal_mgmt_frame(common, skb);
1074 }
1075 
1076 /* This function programs the threshold. */
1077 int rsi_send_vap_dynamic_update(struct rsi_common *common)
1078 {
1079 	struct sk_buff *skb;
1080 	struct rsi_dynamic_s *dynamic_frame;
1081 
1082 	rsi_dbg(MGMT_TX_ZONE,
1083 		"%s: Sending vap update indication frame\n", __func__);
1084 
1085 	skb = dev_alloc_skb(sizeof(struct rsi_dynamic_s));
1086 	if (!skb)
1087 		return -ENOMEM;
1088 
1089 	memset(skb->data, 0, sizeof(struct rsi_dynamic_s));
1090 	dynamic_frame = (struct rsi_dynamic_s *)skb->data;
1091 	rsi_set_len_qno(&dynamic_frame->desc_dword0.len_qno,
1092 			sizeof(dynamic_frame->frame_body), RSI_WIFI_MGMT_Q);
1093 
1094 	dynamic_frame->desc_dword0.frame_type = VAP_DYNAMIC_UPDATE;
1095 	dynamic_frame->desc_dword2.pkt_info =
1096 					cpu_to_le32(common->rts_threshold);
1097 	/* Beacon miss threshold */
1098 	dynamic_frame->frame_body.keep_alive_period =
1099 					cpu_to_le16(RSI_DEF_KEEPALIVE);
1100 	dynamic_frame->desc_dword3.sta_id = 0; /* vap id */
1101 
1102 	skb_put(skb, sizeof(struct rsi_dynamic_s));
1103 
1104 	return rsi_send_internal_mgmt_frame(common, skb);
1105 }
1106 
1107 /**
1108  * rsi_compare() - This function is used to compare two integers
1109  * @a: pointer to the first integer
1110  * @b: pointer to the second integer
1111  *
1112  * Return: 0 if both are equal, -1 if the first is smaller, else 1
1113  */
1114 static int rsi_compare(const void *a, const void *b)
1115 {
1116 	u16 _a = *(const u16 *)(a);
1117 	u16 _b = *(const u16 *)(b);
1118 
1119 	if (_a > _b)
1120 		return -1;
1121 
1122 	if (_a < _b)
1123 		return 1;
1124 
1125 	return 0;
1126 }
1127 
1128 /**
1129  * rsi_map_rates() - This function is used to map selected rates to hw rates.
1130  * @rate: The standard rate to be mapped.
1131  * @offset: Offset that will be returned.
1132  *
1133  * Return: 0 if it is a mcs rate, else 1
1134  */
1135 static bool rsi_map_rates(u16 rate, int *offset)
1136 {
1137 	int kk;
1138 	for (kk = 0; kk < ARRAY_SIZE(rsi_mcsrates); kk++) {
1139 		if (rate == mcs[kk]) {
1140 			*offset = kk;
1141 			return false;
1142 		}
1143 	}
1144 
1145 	for (kk = 0; kk < ARRAY_SIZE(rsi_rates); kk++) {
1146 		if (rate == rsi_rates[kk].bitrate / 5) {
1147 			*offset = kk;
1148 			break;
1149 		}
1150 	}
1151 	return true;
1152 }
1153 
1154 /**
1155  * rsi_send_auto_rate_request() - This function is to set rates for connection
1156  *				  and send autorate request to firmware.
1157  * @common: Pointer to the driver private structure.
1158  *
1159  * Return: 0 on success, corresponding error code on failure.
1160  */
1161 static int rsi_send_auto_rate_request(struct rsi_common *common,
1162 				      struct ieee80211_sta *sta,
1163 				      u16 sta_id)
1164 {
1165 	struct ieee80211_vif *vif = common->priv->vifs[0];
1166 	struct sk_buff *skb;
1167 	struct rsi_auto_rate *auto_rate;
1168 	int ii = 0, jj = 0, kk = 0;
1169 	struct ieee80211_hw *hw = common->priv->hw;
1170 	u8 band = hw->conf.chandef.chan->band;
1171 	u8 num_supported_rates = 0;
1172 	u8 rate_table_offset, rate_offset = 0;
1173 	u32 rate_bitmap;
1174 	u16 *selected_rates, min_rate;
1175 	bool is_ht = false, is_sgi = false;
1176 	u16 frame_len = sizeof(struct rsi_auto_rate);
1177 
1178 	rsi_dbg(MGMT_TX_ZONE,
1179 		"%s: Sending auto rate request frame\n", __func__);
1180 
1181 	skb = dev_alloc_skb(frame_len);
1182 	if (!skb) {
1183 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1184 			__func__);
1185 		return -ENOMEM;
1186 	}
1187 
1188 	selected_rates = kzalloc(2 * RSI_TBL_SZ, GFP_KERNEL);
1189 	if (!selected_rates) {
1190 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of mem\n",
1191 			__func__);
1192 		dev_kfree_skb(skb);
1193 		return -ENOMEM;
1194 	}
1195 
1196 	auto_rate = (struct rsi_auto_rate *)skb->data;
1197 
1198 	auto_rate->aarf_rssi = cpu_to_le16(((u16)3 << 6) | (u16)(18 & 0x3f));
1199 	auto_rate->collision_tolerance = cpu_to_le16(3);
1200 	auto_rate->failure_limit = cpu_to_le16(3);
1201 	auto_rate->initial_boundary = cpu_to_le16(3);
1202 	auto_rate->max_threshold_limt = cpu_to_le16(27);
1203 
1204 	auto_rate->desc.desc_dword0.frame_type = AUTO_RATE_IND;
1205 
1206 	if (common->channel_width == BW_40MHZ)
1207 		auto_rate->desc.desc_dword3.qid_tid = BW_40MHZ;
1208 	auto_rate->desc.desc_dword3.sta_id = sta_id;
1209 
1210 	if (vif->type == NL80211_IFTYPE_STATION) {
1211 		rate_bitmap = common->bitrate_mask[band];
1212 		is_ht = common->vif_info[0].is_ht;
1213 		is_sgi = common->vif_info[0].sgi;
1214 	} else {
1215 		rate_bitmap = sta->supp_rates[band];
1216 		is_ht = sta->ht_cap.ht_supported;
1217 		if ((sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20) ||
1218 		    (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40))
1219 			is_sgi = true;
1220 	}
1221 
1222 	if (band == NL80211_BAND_2GHZ) {
1223 		if ((rate_bitmap == 0) && (is_ht))
1224 			min_rate = RSI_RATE_MCS0;
1225 		else
1226 			min_rate = RSI_RATE_1;
1227 		rate_table_offset = 0;
1228 	} else {
1229 		if ((rate_bitmap == 0) && (is_ht))
1230 			min_rate = RSI_RATE_MCS0;
1231 		else
1232 			min_rate = RSI_RATE_6;
1233 		rate_table_offset = 4;
1234 	}
1235 
1236 	for (ii = 0, jj = 0;
1237 	     ii < (ARRAY_SIZE(rsi_rates) - rate_table_offset); ii++) {
1238 		if (rate_bitmap & BIT(ii)) {
1239 			selected_rates[jj++] =
1240 			(rsi_rates[ii + rate_table_offset].bitrate / 5);
1241 			rate_offset++;
1242 		}
1243 	}
1244 	num_supported_rates = jj;
1245 
1246 	if (is_ht) {
1247 		for (ii = 0; ii < ARRAY_SIZE(mcs); ii++)
1248 			selected_rates[jj++] = mcs[ii];
1249 		num_supported_rates += ARRAY_SIZE(mcs);
1250 		rate_offset += ARRAY_SIZE(mcs);
1251 	}
1252 
1253 	sort(selected_rates, jj, sizeof(u16), &rsi_compare, NULL);
1254 
1255 	/* mapping the rates to RSI rates */
1256 	for (ii = 0; ii < jj; ii++) {
1257 		if (rsi_map_rates(selected_rates[ii], &kk)) {
1258 			auto_rate->supported_rates[ii] =
1259 				cpu_to_le16(rsi_rates[kk].hw_value);
1260 		} else {
1261 			auto_rate->supported_rates[ii] =
1262 				cpu_to_le16(rsi_mcsrates[kk]);
1263 		}
1264 	}
1265 
1266 	/* loading HT rates in the bottom half of the auto rate table */
1267 	if (is_ht) {
1268 		for (ii = rate_offset, kk = ARRAY_SIZE(rsi_mcsrates) - 1;
1269 		     ii < rate_offset + 2 * ARRAY_SIZE(rsi_mcsrates); ii++) {
1270 			if (is_sgi || conf_is_ht40(&common->priv->hw->conf))
1271 				auto_rate->supported_rates[ii++] =
1272 					cpu_to_le16(rsi_mcsrates[kk] | BIT(9));
1273 			else
1274 				auto_rate->supported_rates[ii++] =
1275 					cpu_to_le16(rsi_mcsrates[kk]);
1276 			auto_rate->supported_rates[ii] =
1277 				cpu_to_le16(rsi_mcsrates[kk--]);
1278 		}
1279 
1280 		for (; ii < (RSI_TBL_SZ - 1); ii++) {
1281 			auto_rate->supported_rates[ii] =
1282 				cpu_to_le16(rsi_mcsrates[0]);
1283 		}
1284 	}
1285 
1286 	for (; ii < RSI_TBL_SZ; ii++)
1287 		auto_rate->supported_rates[ii] = cpu_to_le16(min_rate);
1288 
1289 	auto_rate->num_supported_rates = cpu_to_le16(num_supported_rates * 2);
1290 	auto_rate->moderate_rate_inx = cpu_to_le16(num_supported_rates / 2);
1291 	num_supported_rates *= 2;
1292 
1293 	rsi_set_len_qno(&auto_rate->desc.desc_dword0.len_qno,
1294 			(frame_len - FRAME_DESC_SZ), RSI_WIFI_MGMT_Q);
1295 
1296 	skb_put(skb, frame_len);
1297 	kfree(selected_rates);
1298 
1299 	return rsi_send_internal_mgmt_frame(common, skb);
1300 }
1301 
1302 /**
1303  * rsi_inform_bss_status() - This function informs about bss status with the
1304  *			     help of sta notify params by sending an internal
1305  *			     management frame to firmware.
1306  * @common: Pointer to the driver private structure.
1307  * @status: Bss status type.
1308  * @bssid: Bssid.
1309  * @qos_enable: Qos is enabled.
1310  * @aid: Aid (unique for all STAs).
1311  *
1312  * Return: None.
1313  */
1314 void rsi_inform_bss_status(struct rsi_common *common,
1315 			   enum opmode opmode,
1316 			   u8 status,
1317 			   const u8 *addr,
1318 			   u8 qos_enable,
1319 			   u16 aid,
1320 			   struct ieee80211_sta *sta,
1321 			   u16 sta_id)
1322 {
1323 	if (status) {
1324 		if (opmode == STA_OPMODE)
1325 			common->hw_data_qs_blocked = true;
1326 		rsi_hal_send_sta_notify_frame(common,
1327 					      opmode,
1328 					      STA_CONNECTED,
1329 					      addr,
1330 					      qos_enable,
1331 					      aid, sta_id);
1332 		if (common->min_rate == 0xffff)
1333 			rsi_send_auto_rate_request(common, sta, sta_id);
1334 		if (opmode == STA_OPMODE) {
1335 			if (!rsi_send_block_unblock_frame(common, false))
1336 				common->hw_data_qs_blocked = false;
1337 		}
1338 	} else {
1339 		if (opmode == STA_OPMODE)
1340 			common->hw_data_qs_blocked = true;
1341 		rsi_hal_send_sta_notify_frame(common,
1342 					      opmode,
1343 					      STA_DISCONNECTED,
1344 					      addr,
1345 					      qos_enable,
1346 					      aid, sta_id);
1347 		if (opmode == STA_OPMODE)
1348 			rsi_send_block_unblock_frame(common, true);
1349 	}
1350 }
1351 
1352 /**
1353  * rsi_eeprom_read() - This function sends a frame to read the mac address
1354  *		       from the eeprom.
1355  * @common: Pointer to the driver private structure.
1356  *
1357  * Return: 0 on success, -1 on failure.
1358  */
1359 static int rsi_eeprom_read(struct rsi_common *common)
1360 {
1361 	struct rsi_eeprom_read_frame *mgmt_frame;
1362 	struct rsi_hw *adapter = common->priv;
1363 	struct sk_buff *skb;
1364 
1365 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending EEPROM read req frame\n", __func__);
1366 
1367 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1368 	if (!skb) {
1369 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1370 			__func__);
1371 		return -ENOMEM;
1372 	}
1373 
1374 	memset(skb->data, 0, FRAME_DESC_SZ);
1375 	mgmt_frame = (struct rsi_eeprom_read_frame *)skb->data;
1376 
1377 	/* FrameType */
1378 	rsi_set_len_qno(&mgmt_frame->len_qno, 0, RSI_WIFI_MGMT_Q);
1379 	mgmt_frame->pkt_type = EEPROM_READ;
1380 
1381 	/* Number of bytes to read */
1382 	mgmt_frame->pkt_info =
1383 		cpu_to_le32((adapter->eeprom.length << RSI_EEPROM_LEN_OFFSET) &
1384 			    RSI_EEPROM_LEN_MASK);
1385 	mgmt_frame->pkt_info |= cpu_to_le32((3 << RSI_EEPROM_HDR_SIZE_OFFSET) &
1386 					    RSI_EEPROM_HDR_SIZE_MASK);
1387 
1388 	/* Address to read */
1389 	mgmt_frame->eeprom_offset = cpu_to_le32(adapter->eeprom.offset);
1390 
1391 	skb_put(skb, FRAME_DESC_SZ);
1392 
1393 	return rsi_send_internal_mgmt_frame(common, skb);
1394 }
1395 
1396 /**
1397  * This function sends a frame to block/unblock
1398  * data queues in the firmware
1399  *
1400  * @param common Pointer to the driver private structure.
1401  * @param block event - block if true, unblock if false
1402  * @return 0 on success, -1 on failure.
1403  */
1404 int rsi_send_block_unblock_frame(struct rsi_common *common, bool block_event)
1405 {
1406 	struct rsi_block_unblock_data *mgmt_frame;
1407 	struct sk_buff *skb;
1408 
1409 	rsi_dbg(MGMT_TX_ZONE, "%s: Sending block/unblock frame\n", __func__);
1410 
1411 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1412 	if (!skb) {
1413 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1414 			__func__);
1415 		return -ENOMEM;
1416 	}
1417 
1418 	memset(skb->data, 0, FRAME_DESC_SZ);
1419 	mgmt_frame = (struct rsi_block_unblock_data *)skb->data;
1420 
1421 	rsi_set_len_qno(&mgmt_frame->desc_dword0.len_qno, 0, RSI_WIFI_MGMT_Q);
1422 	mgmt_frame->desc_dword0.frame_type = BLOCK_HW_QUEUE;
1423 	mgmt_frame->host_quiet_info = QUIET_INFO_VALID;
1424 
1425 	if (block_event) {
1426 		rsi_dbg(INFO_ZONE, "blocking the data qs\n");
1427 		mgmt_frame->block_q_bitmap = cpu_to_le16(0xf);
1428 		mgmt_frame->block_q_bitmap |= cpu_to_le16(0xf << 4);
1429 	} else {
1430 		rsi_dbg(INFO_ZONE, "unblocking the data qs\n");
1431 		mgmt_frame->unblock_q_bitmap = cpu_to_le16(0xf);
1432 		mgmt_frame->unblock_q_bitmap |= cpu_to_le16(0xf << 4);
1433 	}
1434 
1435 	skb_put(skb, FRAME_DESC_SZ);
1436 
1437 	return rsi_send_internal_mgmt_frame(common, skb);
1438 }
1439 
1440 /**
1441  * rsi_send_rx_filter_frame() - Sends a frame to filter the RX packets
1442  *
1443  * @common: Pointer to the driver private structure.
1444  * @rx_filter_word: Flags of filter packets
1445  *
1446  * @Return: 0 on success, -1 on failure.
1447  */
1448 int rsi_send_rx_filter_frame(struct rsi_common *common, u16 rx_filter_word)
1449 {
1450 	struct rsi_mac_frame *cmd_frame;
1451 	struct sk_buff *skb;
1452 
1453 	rsi_dbg(MGMT_TX_ZONE, "Sending RX filter frame\n");
1454 
1455 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1456 	if (!skb) {
1457 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1458 			__func__);
1459 		return -ENOMEM;
1460 	}
1461 
1462 	memset(skb->data, 0, FRAME_DESC_SZ);
1463 	cmd_frame = (struct rsi_mac_frame *)skb->data;
1464 
1465 	cmd_frame->desc_word[0] = cpu_to_le16(RSI_WIFI_MGMT_Q << 12);
1466 	cmd_frame->desc_word[1] = cpu_to_le16(SET_RX_FILTER);
1467 	cmd_frame->desc_word[4] = cpu_to_le16(rx_filter_word);
1468 
1469 	skb_put(skb, FRAME_DESC_SZ);
1470 
1471 	return rsi_send_internal_mgmt_frame(common, skb);
1472 }
1473 
1474 int rsi_send_ps_request(struct rsi_hw *adapter, bool enable)
1475 {
1476 	struct rsi_common *common = adapter->priv;
1477 	struct ieee80211_bss_conf *bss = &adapter->vifs[0]->bss_conf;
1478 	struct rsi_request_ps *ps;
1479 	struct rsi_ps_info *ps_info;
1480 	struct sk_buff *skb;
1481 	int frame_len = sizeof(*ps);
1482 
1483 	skb = dev_alloc_skb(frame_len);
1484 	if (!skb)
1485 		return -ENOMEM;
1486 	memset(skb->data, 0, frame_len);
1487 
1488 	ps = (struct rsi_request_ps *)skb->data;
1489 	ps_info = &adapter->ps_info;
1490 
1491 	rsi_set_len_qno(&ps->desc.desc_dword0.len_qno,
1492 			(frame_len - FRAME_DESC_SZ), RSI_WIFI_MGMT_Q);
1493 	ps->desc.desc_dword0.frame_type = WAKEUP_SLEEP_REQUEST;
1494 	if (enable) {
1495 		ps->ps_sleep.enable = RSI_PS_ENABLE;
1496 		ps->desc.desc_dword3.token = cpu_to_le16(RSI_SLEEP_REQUEST);
1497 	} else {
1498 		ps->ps_sleep.enable = RSI_PS_DISABLE;
1499 		ps->desc.desc_dword0.len_qno |= cpu_to_le16(RSI_PS_DISABLE_IND);
1500 		ps->desc.desc_dword3.token = cpu_to_le16(RSI_WAKEUP_REQUEST);
1501 	}
1502 
1503 	ps->ps_uapsd_acs = common->uapsd_bitmap;
1504 
1505 	ps->ps_sleep.sleep_type = ps_info->sleep_type;
1506 	ps->ps_sleep.num_bcns_per_lis_int =
1507 		cpu_to_le16(ps_info->num_bcns_per_lis_int);
1508 	ps->ps_sleep.sleep_duration =
1509 		cpu_to_le32(ps_info->deep_sleep_wakeup_period);
1510 
1511 	if (bss->assoc)
1512 		ps->ps_sleep.connected_sleep = RSI_CONNECTED_SLEEP;
1513 	else
1514 		ps->ps_sleep.connected_sleep = RSI_DEEP_SLEEP;
1515 
1516 	ps->ps_listen_interval = cpu_to_le32(ps_info->listen_interval);
1517 	ps->ps_dtim_interval_duration =
1518 		cpu_to_le32(ps_info->dtim_interval_duration);
1519 
1520 	if (ps_info->listen_interval > ps_info->dtim_interval_duration)
1521 		ps->ps_listen_interval = cpu_to_le32(RSI_PS_DISABLE);
1522 
1523 	ps->ps_num_dtim_intervals = cpu_to_le16(ps_info->num_dtims_per_sleep);
1524 	skb_put(skb, frame_len);
1525 
1526 	return rsi_send_internal_mgmt_frame(common, skb);
1527 }
1528 
1529 /**
1530  * rsi_set_antenna() - This fuction send antenna configuration request
1531  *		       to device
1532  *
1533  * @common: Pointer to the driver private structure.
1534  * @antenna: bitmap for tx antenna selection
1535  *
1536  * Return: 0 on Success, negative error code on failure
1537  */
1538 int rsi_set_antenna(struct rsi_common *common, u8 antenna)
1539 {
1540 	struct rsi_ant_sel_frame *ant_sel_frame;
1541 	struct sk_buff *skb;
1542 
1543 	skb = dev_alloc_skb(FRAME_DESC_SZ);
1544 	if (!skb) {
1545 		rsi_dbg(ERR_ZONE, "%s: Failed in allocation of skb\n",
1546 			__func__);
1547 		return -ENOMEM;
1548 	}
1549 
1550 	memset(skb->data, 0, FRAME_DESC_SZ);
1551 
1552 	ant_sel_frame = (struct rsi_ant_sel_frame *)skb->data;
1553 	ant_sel_frame->desc_dword0.frame_type = ANT_SEL_FRAME;
1554 	ant_sel_frame->sub_frame_type = ANTENNA_SEL_TYPE;
1555 	ant_sel_frame->ant_value = cpu_to_le16(antenna & ANTENNA_MASK_VALUE);
1556 	rsi_set_len_qno(&ant_sel_frame->desc_dword0.len_qno,
1557 			0, RSI_WIFI_MGMT_Q);
1558 	skb_put(skb, FRAME_DESC_SZ);
1559 
1560 	return rsi_send_internal_mgmt_frame(common, skb);
1561 }
1562 
1563 static int rsi_send_beacon(struct rsi_common *common)
1564 {
1565 	struct sk_buff *skb = NULL;
1566 	u8 dword_align_bytes = 0;
1567 
1568 	skb = dev_alloc_skb(MAX_MGMT_PKT_SIZE);
1569 	if (!skb)
1570 		return -ENOMEM;
1571 
1572 	memset(skb->data, 0, MAX_MGMT_PKT_SIZE);
1573 
1574 	dword_align_bytes = ((unsigned long)skb->data & 0x3f);
1575 	if (dword_align_bytes)
1576 		skb_pull(skb, (64 - dword_align_bytes));
1577 	if (rsi_prepare_beacon(common, skb)) {
1578 		rsi_dbg(ERR_ZONE, "Failed to prepare beacon\n");
1579 		return -EINVAL;
1580 	}
1581 	skb_queue_tail(&common->tx_queue[MGMT_BEACON_Q], skb);
1582 	rsi_set_event(&common->tx_thread.event);
1583 	rsi_dbg(DATA_TX_ZONE, "%s: Added to beacon queue\n", __func__);
1584 
1585 	return 0;
1586 }
1587 
1588 /**
1589  * rsi_handle_ta_confirm_type() - This function handles the confirm frames.
1590  * @common: Pointer to the driver private structure.
1591  * @msg: Pointer to received packet.
1592  *
1593  * Return: 0 on success, -1 on failure.
1594  */
1595 static int rsi_handle_ta_confirm_type(struct rsi_common *common,
1596 				      u8 *msg)
1597 {
1598 	struct rsi_hw *adapter = common->priv;
1599 	u8 sub_type = (msg[15] & 0xff);
1600 	u16 msg_len = ((u16 *)msg)[0] & 0xfff;
1601 	u8 offset;
1602 
1603 	switch (sub_type) {
1604 	case BOOTUP_PARAMS_REQUEST:
1605 		rsi_dbg(FSM_ZONE, "%s: Boot up params confirm received\n",
1606 			__func__);
1607 		if (common->fsm_state == FSM_BOOT_PARAMS_SENT) {
1608 			adapter->eeprom.length = (IEEE80211_ADDR_LEN +
1609 						  WLAN_MAC_MAGIC_WORD_LEN +
1610 						  WLAN_HOST_MODE_LEN);
1611 			adapter->eeprom.offset = WLAN_MAC_EEPROM_ADDR;
1612 			if (rsi_eeprom_read(common)) {
1613 				common->fsm_state = FSM_CARD_NOT_READY;
1614 				goto out;
1615 			}
1616 			common->fsm_state = FSM_EEPROM_READ_MAC_ADDR;
1617 		} else {
1618 			rsi_dbg(INFO_ZONE,
1619 				"%s: Received bootup params cfm in %d state\n",
1620 				 __func__, common->fsm_state);
1621 			return 0;
1622 		}
1623 		break;
1624 
1625 	case EEPROM_READ:
1626 		rsi_dbg(FSM_ZONE, "EEPROM READ confirm received\n");
1627 		if (msg_len <= 0) {
1628 			rsi_dbg(FSM_ZONE,
1629 				"%s: [EEPROM_READ] Invalid len %d\n",
1630 				__func__, msg_len);
1631 			goto out;
1632 		}
1633 		if (msg[16] != MAGIC_WORD) {
1634 			rsi_dbg(FSM_ZONE,
1635 				"%s: [EEPROM_READ] Invalid token\n", __func__);
1636 			common->fsm_state = FSM_CARD_NOT_READY;
1637 			goto out;
1638 		}
1639 		if (common->fsm_state == FSM_EEPROM_READ_MAC_ADDR) {
1640 			offset = (FRAME_DESC_SZ + WLAN_HOST_MODE_LEN +
1641 				  WLAN_MAC_MAGIC_WORD_LEN);
1642 			memcpy(common->mac_addr, &msg[offset], ETH_ALEN);
1643 			adapter->eeprom.length =
1644 				((WLAN_MAC_MAGIC_WORD_LEN + 3) & (~3));
1645 			adapter->eeprom.offset = WLAN_EEPROM_RFTYPE_ADDR;
1646 			if (rsi_eeprom_read(common)) {
1647 				rsi_dbg(ERR_ZONE,
1648 					"%s: Failed reading RF band\n",
1649 					__func__);
1650 				common->fsm_state = FSM_CARD_NOT_READY;
1651 				goto out;
1652 			}
1653 			common->fsm_state = FSM_EEPROM_READ_RF_TYPE;
1654 		} else if (common->fsm_state == FSM_EEPROM_READ_RF_TYPE) {
1655 			if ((msg[17] & 0x3) == 0x3) {
1656 				rsi_dbg(INIT_ZONE, "Dual band supported\n");
1657 				common->band = NL80211_BAND_5GHZ;
1658 				common->num_supp_bands = 2;
1659 			} else if ((msg[17] & 0x3) == 0x1) {
1660 				rsi_dbg(INIT_ZONE,
1661 					"Only 2.4Ghz band supported\n");
1662 				common->band = NL80211_BAND_2GHZ;
1663 				common->num_supp_bands = 1;
1664 			}
1665 			if (rsi_send_reset_mac(common))
1666 				goto out;
1667 			common->fsm_state = FSM_RESET_MAC_SENT;
1668 		} else {
1669 			rsi_dbg(ERR_ZONE, "%s: Invalid EEPROM read type\n",
1670 				__func__);
1671 			return 0;
1672 		}
1673 		break;
1674 
1675 	case RESET_MAC_REQ:
1676 		if (common->fsm_state == FSM_RESET_MAC_SENT) {
1677 			rsi_dbg(FSM_ZONE, "%s: Reset MAC cfm received\n",
1678 				__func__);
1679 
1680 			if (rsi_load_radio_caps(common))
1681 				goto out;
1682 			else
1683 				common->fsm_state = FSM_RADIO_CAPS_SENT;
1684 		} else {
1685 			rsi_dbg(ERR_ZONE,
1686 				"%s: Received reset mac cfm in %d state\n",
1687 				 __func__, common->fsm_state);
1688 			return 0;
1689 		}
1690 		break;
1691 
1692 	case RADIO_CAPABILITIES:
1693 		if (common->fsm_state == FSM_RADIO_CAPS_SENT) {
1694 			common->rf_reset = 1;
1695 			if (rsi_program_bb_rf(common)) {
1696 				goto out;
1697 			} else {
1698 				common->fsm_state = FSM_BB_RF_PROG_SENT;
1699 				rsi_dbg(FSM_ZONE, "%s: Radio cap cfm received\n",
1700 					__func__);
1701 			}
1702 		} else {
1703 			rsi_dbg(INFO_ZONE,
1704 				"%s: Received radio caps cfm in %d state\n",
1705 				 __func__, common->fsm_state);
1706 			return 0;
1707 		}
1708 		break;
1709 
1710 	case BB_PROG_VALUES_REQUEST:
1711 	case RF_PROG_VALUES_REQUEST:
1712 	case BBP_PROG_IN_TA:
1713 		rsi_dbg(FSM_ZONE, "%s: BB/RF cfm received\n", __func__);
1714 		if (common->fsm_state == FSM_BB_RF_PROG_SENT) {
1715 			common->bb_rf_prog_count--;
1716 			if (!common->bb_rf_prog_count) {
1717 				common->fsm_state = FSM_MAC_INIT_DONE;
1718 				return rsi_mac80211_attach(common);
1719 			}
1720 		} else {
1721 			rsi_dbg(INFO_ZONE,
1722 				"%s: Received bbb_rf cfm in %d state\n",
1723 				 __func__, common->fsm_state);
1724 			return 0;
1725 		}
1726 		break;
1727 	case WAKEUP_SLEEP_REQUEST:
1728 		rsi_dbg(INFO_ZONE, "Wakeup/Sleep confirmation.\n");
1729 		return rsi_handle_ps_confirm(adapter, msg);
1730 	default:
1731 		rsi_dbg(INFO_ZONE, "%s: Invalid TA confirm pkt received\n",
1732 			__func__);
1733 		break;
1734 	}
1735 	return 0;
1736 out:
1737 	rsi_dbg(ERR_ZONE, "%s: Unable to send pkt/Invalid frame received\n",
1738 		__func__);
1739 	return -EINVAL;
1740 }
1741 
1742 static int rsi_handle_card_ready(struct rsi_common *common, u8 *msg)
1743 {
1744 	switch (common->fsm_state) {
1745 	case FSM_CARD_NOT_READY:
1746 		rsi_dbg(INIT_ZONE, "Card ready indication from Common HAL\n");
1747 		rsi_set_default_parameters(common);
1748 		if (rsi_send_common_dev_params(common) < 0)
1749 			return -EINVAL;
1750 		common->fsm_state = FSM_COMMON_DEV_PARAMS_SENT;
1751 		break;
1752 	case FSM_COMMON_DEV_PARAMS_SENT:
1753 		rsi_dbg(INIT_ZONE, "Card ready indication from WLAN HAL\n");
1754 
1755 		/* Get usb buffer status register address */
1756 		common->priv->usb_buffer_status_reg = *(u32 *)&msg[8];
1757 		rsi_dbg(INFO_ZONE, "USB buffer status register = %x\n",
1758 			common->priv->usb_buffer_status_reg);
1759 
1760 		if (rsi_load_bootup_params(common)) {
1761 			common->fsm_state = FSM_CARD_NOT_READY;
1762 			return -EINVAL;
1763 		}
1764 		common->fsm_state = FSM_BOOT_PARAMS_SENT;
1765 		break;
1766 	default:
1767 		rsi_dbg(ERR_ZONE,
1768 			"%s: card ready indication in invalid state %d.\n",
1769 			__func__, common->fsm_state);
1770 		return -EINVAL;
1771 	}
1772 
1773 	return 0;
1774 }
1775 
1776 /**
1777  * rsi_mgmt_pkt_recv() - This function processes the management packets
1778  *			 recieved from the hardware.
1779  * @common: Pointer to the driver private structure.
1780  * @msg: Pointer to the received packet.
1781  *
1782  * Return: 0 on success, -1 on failure.
1783  */
1784 int rsi_mgmt_pkt_recv(struct rsi_common *common, u8 *msg)
1785 {
1786 	s32 msg_len = (le16_to_cpu(*(__le16 *)&msg[0]) & 0x0fff);
1787 	u16 msg_type = (msg[2]);
1788 
1789 	rsi_dbg(FSM_ZONE, "%s: Msg Len: %d, Msg Type: %4x\n",
1790 		__func__, msg_len, msg_type);
1791 
1792 	switch (msg_type) {
1793 	case TA_CONFIRM_TYPE:
1794 		return rsi_handle_ta_confirm_type(common, msg);
1795 	case CARD_READY_IND:
1796 		rsi_dbg(FSM_ZONE, "%s: Card ready indication received\n",
1797 			__func__);
1798 		return rsi_handle_card_ready(common, msg);
1799 	case TX_STATUS_IND:
1800 		if (msg[15] == PROBEREQ_CONFIRM) {
1801 			common->mgmt_q_block = false;
1802 			rsi_dbg(FSM_ZONE, "%s: Probe confirm received\n",
1803 				__func__);
1804 		}
1805 		break;
1806 	case BEACON_EVENT_IND:
1807 		rsi_dbg(INFO_ZONE, "Beacon event\n");
1808 		if (common->fsm_state != FSM_MAC_INIT_DONE)
1809 			return -1;
1810 		if (common->iface_down)
1811 			return -1;
1812 		if (!common->beacon_enabled)
1813 			return -1;
1814 		rsi_send_beacon(common);
1815 		break;
1816 	case RX_DOT11_MGMT:
1817 		return rsi_mgmt_pkt_to_core(common, msg, msg_len);
1818 	default:
1819 		rsi_dbg(INFO_ZONE, "Received packet type: 0x%x\n", msg_type);
1820 	}
1821 	return 0;
1822 }
1823