Loading...
Note: File does not exist in v3.1.
1// SPDX-License-Identifier: ISC
2/*
3 * Copyright (C) 2022 MediaTek Inc.
4 */
5
6#include <linux/firmware.h>
7#include <linux/fs.h>
8#include "mt7996.h"
9#include "mcu.h"
10#include "mac.h"
11#include "eeprom.h"
12
13#define fw_name(_dev, name, ...) ({ \
14 char *_fw; \
15 switch (mt76_chip(&(_dev)->mt76)) { \
16 case 0x7992: \
17 _fw = MT7992_##name; \
18 break; \
19 case 0x7990: \
20 default: \
21 _fw = MT7996_##name; \
22 break; \
23 } \
24 _fw; \
25})
26
27struct mt7996_patch_hdr {
28 char build_date[16];
29 char platform[4];
30 __be32 hw_sw_ver;
31 __be32 patch_ver;
32 __be16 checksum;
33 u16 reserved;
34 struct {
35 __be32 patch_ver;
36 __be32 subsys;
37 __be32 feature;
38 __be32 n_region;
39 __be32 crc;
40 u32 reserved[11];
41 } desc;
42} __packed;
43
44struct mt7996_patch_sec {
45 __be32 type;
46 __be32 offs;
47 __be32 size;
48 union {
49 __be32 spec[13];
50 struct {
51 __be32 addr;
52 __be32 len;
53 __be32 sec_key_idx;
54 __be32 align_len;
55 u32 reserved[9];
56 } info;
57 };
58} __packed;
59
60struct mt7996_fw_trailer {
61 u8 chip_id;
62 u8 eco_code;
63 u8 n_region;
64 u8 format_ver;
65 u8 format_flag;
66 u8 reserved[2];
67 char fw_ver[10];
68 char build_date[15];
69 u32 crc;
70} __packed;
71
72struct mt7996_fw_region {
73 __le32 decomp_crc;
74 __le32 decomp_len;
75 __le32 decomp_blk_sz;
76 u8 reserved[4];
77 __le32 addr;
78 __le32 len;
79 u8 feature_set;
80 u8 reserved1[15];
81} __packed;
82
83#define MCU_PATCH_ADDRESS 0x200000
84
85#define HE_PHY(p, c) u8_get_bits(c, IEEE80211_HE_PHY_##p)
86#define HE_MAC(m, c) u8_get_bits(c, IEEE80211_HE_MAC_##m)
87#define EHT_PHY(p, c) u8_get_bits(c, IEEE80211_EHT_PHY_##p)
88
89static bool sr_scene_detect = true;
90module_param(sr_scene_detect, bool, 0644);
91MODULE_PARM_DESC(sr_scene_detect, "Enable firmware scene detection algorithm");
92
93static u8
94mt7996_mcu_get_sta_nss(u16 mcs_map)
95{
96 u8 nss;
97
98 for (nss = 8; nss > 0; nss--) {
99 u8 nss_mcs = (mcs_map >> (2 * (nss - 1))) & 3;
100
101 if (nss_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED)
102 break;
103 }
104
105 return nss - 1;
106}
107
108static void
109mt7996_mcu_set_sta_he_mcs(struct ieee80211_sta *sta, __le16 *he_mcs,
110 u16 mcs_map)
111{
112 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
113 enum nl80211_band band = msta->vif->phy->mt76->chandef.chan->band;
114 const u16 *mask = msta->vif->bitrate_mask.control[band].he_mcs;
115 int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
116
117 for (nss = 0; nss < max_nss; nss++) {
118 int mcs;
119
120 switch ((mcs_map >> (2 * nss)) & 0x3) {
121 case IEEE80211_HE_MCS_SUPPORT_0_11:
122 mcs = GENMASK(11, 0);
123 break;
124 case IEEE80211_HE_MCS_SUPPORT_0_9:
125 mcs = GENMASK(9, 0);
126 break;
127 case IEEE80211_HE_MCS_SUPPORT_0_7:
128 mcs = GENMASK(7, 0);
129 break;
130 default:
131 mcs = 0;
132 }
133
134 mcs = mcs ? fls(mcs & mask[nss]) - 1 : -1;
135
136 switch (mcs) {
137 case 0 ... 7:
138 mcs = IEEE80211_HE_MCS_SUPPORT_0_7;
139 break;
140 case 8 ... 9:
141 mcs = IEEE80211_HE_MCS_SUPPORT_0_9;
142 break;
143 case 10 ... 11:
144 mcs = IEEE80211_HE_MCS_SUPPORT_0_11;
145 break;
146 default:
147 mcs = IEEE80211_HE_MCS_NOT_SUPPORTED;
148 break;
149 }
150 mcs_map &= ~(0x3 << (nss * 2));
151 mcs_map |= mcs << (nss * 2);
152 }
153
154 *he_mcs = cpu_to_le16(mcs_map);
155}
156
157static void
158mt7996_mcu_set_sta_vht_mcs(struct ieee80211_sta *sta, __le16 *vht_mcs,
159 const u16 *mask)
160{
161 u16 mcs, mcs_map = le16_to_cpu(sta->deflink.vht_cap.vht_mcs.rx_mcs_map);
162 int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
163
164 for (nss = 0; nss < max_nss; nss++, mcs_map >>= 2) {
165 switch (mcs_map & 0x3) {
166 case IEEE80211_VHT_MCS_SUPPORT_0_9:
167 mcs = GENMASK(9, 0);
168 break;
169 case IEEE80211_VHT_MCS_SUPPORT_0_8:
170 mcs = GENMASK(8, 0);
171 break;
172 case IEEE80211_VHT_MCS_SUPPORT_0_7:
173 mcs = GENMASK(7, 0);
174 break;
175 default:
176 mcs = 0;
177 }
178
179 vht_mcs[nss] = cpu_to_le16(mcs & mask[nss]);
180 }
181}
182
183static void
184mt7996_mcu_set_sta_ht_mcs(struct ieee80211_sta *sta, u8 *ht_mcs,
185 const u8 *mask)
186{
187 int nss, max_nss = sta->deflink.rx_nss > 3 ? 4 : sta->deflink.rx_nss;
188
189 for (nss = 0; nss < max_nss; nss++)
190 ht_mcs[nss] = sta->deflink.ht_cap.mcs.rx_mask[nss] & mask[nss];
191}
192
193static int
194mt7996_mcu_parse_response(struct mt76_dev *mdev, int cmd,
195 struct sk_buff *skb, int seq)
196{
197 struct mt7996_mcu_rxd *rxd;
198 struct mt7996_mcu_uni_event *event;
199 int mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
200 int ret = 0;
201
202 if (!skb) {
203 dev_err(mdev->dev, "Message %08x (seq %d) timeout\n",
204 cmd, seq);
205 return -ETIMEDOUT;
206 }
207
208 rxd = (struct mt7996_mcu_rxd *)skb->data;
209 if (seq != rxd->seq)
210 return -EAGAIN;
211
212 if (cmd == MCU_CMD(PATCH_SEM_CONTROL)) {
213 skb_pull(skb, sizeof(*rxd) - 4);
214 ret = *skb->data;
215 } else if ((rxd->option & MCU_UNI_CMD_EVENT) &&
216 rxd->eid == MCU_UNI_EVENT_RESULT) {
217 skb_pull(skb, sizeof(*rxd));
218 event = (struct mt7996_mcu_uni_event *)skb->data;
219 ret = le32_to_cpu(event->status);
220 /* skip invalid event */
221 if (mcu_cmd != event->cid)
222 ret = -EAGAIN;
223 } else {
224 skb_pull(skb, sizeof(struct mt7996_mcu_rxd));
225 }
226
227 return ret;
228}
229
230static int
231mt7996_mcu_send_message(struct mt76_dev *mdev, struct sk_buff *skb,
232 int cmd, int *wait_seq)
233{
234 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
235 int txd_len, mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
236 struct mt76_connac2_mcu_uni_txd *uni_txd;
237 struct mt76_connac2_mcu_txd *mcu_txd;
238 enum mt76_mcuq_id qid;
239 __le32 *txd;
240 u32 val;
241 u8 seq;
242
243 mdev->mcu.timeout = 20 * HZ;
244
245 seq = ++dev->mt76.mcu.msg_seq & 0xf;
246 if (!seq)
247 seq = ++dev->mt76.mcu.msg_seq & 0xf;
248
249 if (cmd == MCU_CMD(FW_SCATTER)) {
250 qid = MT_MCUQ_FWDL;
251 goto exit;
252 }
253
254 txd_len = cmd & __MCU_CMD_FIELD_UNI ? sizeof(*uni_txd) : sizeof(*mcu_txd);
255 txd = (__le32 *)skb_push(skb, txd_len);
256 if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state))
257 qid = MT_MCUQ_WA;
258 else
259 qid = MT_MCUQ_WM;
260
261 val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len) |
262 FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CMD) |
263 FIELD_PREP(MT_TXD0_Q_IDX, MT_TX_MCU_PORT_RX_Q0);
264 txd[0] = cpu_to_le32(val);
265
266 val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD);
267 txd[1] = cpu_to_le32(val);
268
269 if (cmd & __MCU_CMD_FIELD_UNI) {
270 uni_txd = (struct mt76_connac2_mcu_uni_txd *)txd;
271 uni_txd->len = cpu_to_le16(skb->len - sizeof(uni_txd->txd));
272 uni_txd->cid = cpu_to_le16(mcu_cmd);
273 uni_txd->s2d_index = MCU_S2D_H2CN;
274 uni_txd->pkt_type = MCU_PKT_ID;
275 uni_txd->seq = seq;
276
277 if (cmd & __MCU_CMD_FIELD_QUERY)
278 uni_txd->option = MCU_CMD_UNI_QUERY_ACK;
279 else
280 uni_txd->option = MCU_CMD_UNI_EXT_ACK;
281
282 if ((cmd & __MCU_CMD_FIELD_WA) && (cmd & __MCU_CMD_FIELD_WM))
283 uni_txd->s2d_index = MCU_S2D_H2CN;
284 else if (cmd & __MCU_CMD_FIELD_WA)
285 uni_txd->s2d_index = MCU_S2D_H2C;
286 else if (cmd & __MCU_CMD_FIELD_WM)
287 uni_txd->s2d_index = MCU_S2D_H2N;
288
289 goto exit;
290 }
291
292 mcu_txd = (struct mt76_connac2_mcu_txd *)txd;
293 mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
294 mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU,
295 MT_TX_MCU_PORT_RX_Q0));
296 mcu_txd->pkt_type = MCU_PKT_ID;
297 mcu_txd->seq = seq;
298
299 mcu_txd->cid = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
300 mcu_txd->set_query = MCU_Q_NA;
301 mcu_txd->ext_cid = FIELD_GET(__MCU_CMD_FIELD_EXT_ID, cmd);
302 if (mcu_txd->ext_cid) {
303 mcu_txd->ext_cid_ack = 1;
304
305 if (cmd & __MCU_CMD_FIELD_QUERY)
306 mcu_txd->set_query = MCU_Q_QUERY;
307 else
308 mcu_txd->set_query = MCU_Q_SET;
309 }
310
311 if (cmd & __MCU_CMD_FIELD_WA)
312 mcu_txd->s2d_index = MCU_S2D_H2C;
313 else
314 mcu_txd->s2d_index = MCU_S2D_H2N;
315
316exit:
317 if (wait_seq)
318 *wait_seq = seq;
319
320 return mt76_tx_queue_skb_raw(dev, mdev->q_mcu[qid], skb, 0);
321}
322
323int mt7996_mcu_wa_cmd(struct mt7996_dev *dev, int cmd, u32 a1, u32 a2, u32 a3)
324{
325 struct {
326 __le32 args[3];
327 } req = {
328 .args = {
329 cpu_to_le32(a1),
330 cpu_to_le32(a2),
331 cpu_to_le32(a3),
332 },
333 };
334
335 return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), false);
336}
337
338static void
339mt7996_mcu_csa_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
340{
341 if (!vif->bss_conf.csa_active || vif->type == NL80211_IFTYPE_STATION)
342 return;
343
344 ieee80211_csa_finish(vif);
345}
346
347static void
348mt7996_mcu_rx_radar_detected(struct mt7996_dev *dev, struct sk_buff *skb)
349{
350 struct mt76_phy *mphy = &dev->mt76.phy;
351 struct mt7996_mcu_rdd_report *r;
352
353 r = (struct mt7996_mcu_rdd_report *)skb->data;
354
355 if (r->band_idx >= ARRAY_SIZE(dev->mt76.phys))
356 return;
357
358 if (dev->rdd2_phy && r->band_idx == MT_RX_SEL2)
359 mphy = dev->rdd2_phy->mt76;
360 else
361 mphy = dev->mt76.phys[r->band_idx];
362
363 if (!mphy)
364 return;
365
366 if (r->band_idx == MT_RX_SEL2)
367 cfg80211_background_radar_event(mphy->hw->wiphy,
368 &dev->rdd2_chandef,
369 GFP_ATOMIC);
370 else
371 ieee80211_radar_detected(mphy->hw);
372 dev->hw_pattern++;
373}
374
375static void
376mt7996_mcu_rx_log_message(struct mt7996_dev *dev, struct sk_buff *skb)
377{
378#define UNI_EVENT_FW_LOG_FORMAT 0
379 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
380 const char *data = (char *)&rxd[1] + 4, *type;
381 struct tlv *tlv = (struct tlv *)data;
382 int len;
383
384 if (!(rxd->option & MCU_UNI_CMD_EVENT)) {
385 len = skb->len - sizeof(*rxd);
386 data = (char *)&rxd[1];
387 goto out;
388 }
389
390 if (le16_to_cpu(tlv->tag) != UNI_EVENT_FW_LOG_FORMAT)
391 return;
392
393 data += sizeof(*tlv) + 4;
394 len = le16_to_cpu(tlv->len) - sizeof(*tlv) - 4;
395
396out:
397 switch (rxd->s2d_index) {
398 case 0:
399 if (mt7996_debugfs_rx_log(dev, data, len))
400 return;
401
402 type = "WM";
403 break;
404 case 2:
405 type = "WA";
406 break;
407 default:
408 type = "unknown";
409 break;
410 }
411
412 wiphy_info(mt76_hw(dev)->wiphy, "%s: %.*s", type, len, data);
413}
414
415static void
416mt7996_mcu_cca_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
417{
418 if (!vif->bss_conf.color_change_active || vif->type == NL80211_IFTYPE_STATION)
419 return;
420
421 ieee80211_color_change_finish(vif);
422}
423
424static void
425mt7996_mcu_ie_countdown(struct mt7996_dev *dev, struct sk_buff *skb)
426{
427#define UNI_EVENT_IE_COUNTDOWN_CSA 0
428#define UNI_EVENT_IE_COUNTDOWN_BCC 1
429 struct header {
430 u8 band;
431 u8 rsv[3];
432 };
433 struct mt76_phy *mphy = &dev->mt76.phy;
434 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
435 const char *data = (char *)&rxd[1], *tail;
436 struct header *hdr = (struct header *)data;
437 struct tlv *tlv = (struct tlv *)(data + 4);
438
439 if (hdr->band >= ARRAY_SIZE(dev->mt76.phys))
440 return;
441
442 if (hdr->band && dev->mt76.phys[hdr->band])
443 mphy = dev->mt76.phys[hdr->band];
444
445 tail = skb->data + skb->len;
446 data += sizeof(struct header);
447 while (data + sizeof(struct tlv) < tail && le16_to_cpu(tlv->len)) {
448 switch (le16_to_cpu(tlv->tag)) {
449 case UNI_EVENT_IE_COUNTDOWN_CSA:
450 ieee80211_iterate_active_interfaces_atomic(mphy->hw,
451 IEEE80211_IFACE_ITER_RESUME_ALL,
452 mt7996_mcu_csa_finish, mphy->hw);
453 break;
454 case UNI_EVENT_IE_COUNTDOWN_BCC:
455 ieee80211_iterate_active_interfaces_atomic(mphy->hw,
456 IEEE80211_IFACE_ITER_RESUME_ALL,
457 mt7996_mcu_cca_finish, mphy->hw);
458 break;
459 }
460
461 data += le16_to_cpu(tlv->len);
462 tlv = (struct tlv *)data;
463 }
464}
465
466static int
467mt7996_mcu_update_tx_gi(struct rate_info *rate, struct all_sta_trx_rate *mcu_rate)
468{
469 switch (mcu_rate->tx_mode) {
470 case MT_PHY_TYPE_CCK:
471 case MT_PHY_TYPE_OFDM:
472 break;
473 case MT_PHY_TYPE_HT:
474 case MT_PHY_TYPE_HT_GF:
475 case MT_PHY_TYPE_VHT:
476 if (mcu_rate->tx_gi)
477 rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
478 else
479 rate->flags &= ~RATE_INFO_FLAGS_SHORT_GI;
480 break;
481 case MT_PHY_TYPE_HE_SU:
482 case MT_PHY_TYPE_HE_EXT_SU:
483 case MT_PHY_TYPE_HE_TB:
484 case MT_PHY_TYPE_HE_MU:
485 if (mcu_rate->tx_gi > NL80211_RATE_INFO_HE_GI_3_2)
486 return -EINVAL;
487 rate->he_gi = mcu_rate->tx_gi;
488 break;
489 case MT_PHY_TYPE_EHT_SU:
490 case MT_PHY_TYPE_EHT_TRIG:
491 case MT_PHY_TYPE_EHT_MU:
492 if (mcu_rate->tx_gi > NL80211_RATE_INFO_EHT_GI_3_2)
493 return -EINVAL;
494 rate->eht_gi = mcu_rate->tx_gi;
495 break;
496 default:
497 return -EINVAL;
498 }
499
500 return 0;
501}
502
503static void
504mt7996_mcu_rx_all_sta_info_event(struct mt7996_dev *dev, struct sk_buff *skb)
505{
506 struct mt7996_mcu_all_sta_info_event *res;
507 u16 i;
508
509 skb_pull(skb, sizeof(struct mt7996_mcu_rxd));
510
511 res = (struct mt7996_mcu_all_sta_info_event *)skb->data;
512
513 for (i = 0; i < le16_to_cpu(res->sta_num); i++) {
514 u8 ac;
515 u16 wlan_idx;
516 struct mt76_wcid *wcid;
517
518 switch (le16_to_cpu(res->tag)) {
519 case UNI_ALL_STA_TXRX_RATE:
520 wlan_idx = le16_to_cpu(res->rate[i].wlan_idx);
521 wcid = rcu_dereference(dev->mt76.wcid[wlan_idx]);
522
523 if (!wcid)
524 break;
525
526 if (mt7996_mcu_update_tx_gi(&wcid->rate, &res->rate[i]))
527 dev_err(dev->mt76.dev, "Failed to update TX GI\n");
528 break;
529 case UNI_ALL_STA_TXRX_ADM_STAT:
530 wlan_idx = le16_to_cpu(res->adm_stat[i].wlan_idx);
531 wcid = rcu_dereference(dev->mt76.wcid[wlan_idx]);
532
533 if (!wcid)
534 break;
535
536 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
537 wcid->stats.tx_bytes +=
538 le32_to_cpu(res->adm_stat[i].tx_bytes[ac]);
539 wcid->stats.rx_bytes +=
540 le32_to_cpu(res->adm_stat[i].rx_bytes[ac]);
541 }
542 break;
543 case UNI_ALL_STA_TXRX_MSDU_COUNT:
544 wlan_idx = le16_to_cpu(res->msdu_cnt[i].wlan_idx);
545 wcid = rcu_dereference(dev->mt76.wcid[wlan_idx]);
546
547 if (!wcid)
548 break;
549
550 wcid->stats.tx_packets +=
551 le32_to_cpu(res->msdu_cnt[i].tx_msdu_cnt);
552 wcid->stats.rx_packets +=
553 le32_to_cpu(res->msdu_cnt[i].rx_msdu_cnt);
554 break;
555 default:
556 break;
557 }
558 }
559}
560
561static void
562mt7996_mcu_rx_thermal_notify(struct mt7996_dev *dev, struct sk_buff *skb)
563{
564#define THERMAL_NOTIFY_TAG 0x4
565#define THERMAL_NOTIFY 0x2
566 struct mt76_phy *mphy = &dev->mt76.phy;
567 struct mt7996_mcu_thermal_notify *n;
568 struct mt7996_phy *phy;
569
570 n = (struct mt7996_mcu_thermal_notify *)skb->data;
571
572 if (le16_to_cpu(n->tag) != THERMAL_NOTIFY_TAG)
573 return;
574
575 if (n->event_id != THERMAL_NOTIFY)
576 return;
577
578 if (n->band_idx > MT_BAND2)
579 return;
580
581 mphy = dev->mt76.phys[n->band_idx];
582 if (!mphy)
583 return;
584
585 phy = (struct mt7996_phy *)mphy->priv;
586 phy->throttle_state = n->duty_percent;
587}
588
589static void
590mt7996_mcu_rx_ext_event(struct mt7996_dev *dev, struct sk_buff *skb)
591{
592 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
593
594 switch (rxd->ext_eid) {
595 case MCU_EXT_EVENT_FW_LOG_2_HOST:
596 mt7996_mcu_rx_log_message(dev, skb);
597 break;
598 default:
599 break;
600 }
601}
602
603static void
604mt7996_mcu_rx_unsolicited_event(struct mt7996_dev *dev, struct sk_buff *skb)
605{
606 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
607
608 switch (rxd->eid) {
609 case MCU_EVENT_EXT:
610 mt7996_mcu_rx_ext_event(dev, skb);
611 break;
612 case MCU_UNI_EVENT_THERMAL:
613 mt7996_mcu_rx_thermal_notify(dev, skb);
614 break;
615 default:
616 break;
617 }
618 dev_kfree_skb(skb);
619}
620
621static void
622mt7996_mcu_wed_rro_event(struct mt7996_dev *dev, struct sk_buff *skb)
623{
624 struct mt7996_mcu_wed_rro_event *event = (void *)skb->data;
625
626 if (!dev->has_rro)
627 return;
628
629 skb_pull(skb, sizeof(struct mt7996_mcu_rxd) + 4);
630
631 switch (le16_to_cpu(event->tag)) {
632 case UNI_WED_RRO_BA_SESSION_STATUS: {
633 struct mt7996_mcu_wed_rro_ba_event *e;
634
635 while (skb->len >= sizeof(*e)) {
636 struct mt76_rx_tid *tid;
637 struct mt76_wcid *wcid;
638 u16 idx;
639
640 e = (void *)skb->data;
641 idx = le16_to_cpu(e->wlan_id);
642 if (idx >= ARRAY_SIZE(dev->mt76.wcid))
643 break;
644
645 wcid = rcu_dereference(dev->mt76.wcid[idx]);
646 if (!wcid || !wcid->sta)
647 break;
648
649 if (e->tid >= ARRAY_SIZE(wcid->aggr))
650 break;
651
652 tid = rcu_dereference(wcid->aggr[e->tid]);
653 if (!tid)
654 break;
655
656 tid->id = le16_to_cpu(e->id);
657 skb_pull(skb, sizeof(*e));
658 }
659 break;
660 }
661 case UNI_WED_RRO_BA_SESSION_DELETE: {
662 struct mt7996_mcu_wed_rro_ba_delete_event *e;
663
664 while (skb->len >= sizeof(*e)) {
665 struct mt7996_wed_rro_session_id *session;
666
667 e = (void *)skb->data;
668 session = kzalloc(sizeof(*session), GFP_ATOMIC);
669 if (!session)
670 break;
671
672 session->id = le16_to_cpu(e->session_id);
673
674 spin_lock_bh(&dev->wed_rro.lock);
675 list_add_tail(&session->list, &dev->wed_rro.poll_list);
676 spin_unlock_bh(&dev->wed_rro.lock);
677
678 ieee80211_queue_work(mt76_hw(dev), &dev->wed_rro.work);
679 skb_pull(skb, sizeof(*e));
680 }
681 break;
682 }
683 default:
684 break;
685 }
686}
687
688static void
689mt7996_mcu_uni_rx_unsolicited_event(struct mt7996_dev *dev, struct sk_buff *skb)
690{
691 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
692
693 switch (rxd->eid) {
694 case MCU_UNI_EVENT_FW_LOG_2_HOST:
695 mt7996_mcu_rx_log_message(dev, skb);
696 break;
697 case MCU_UNI_EVENT_IE_COUNTDOWN:
698 mt7996_mcu_ie_countdown(dev, skb);
699 break;
700 case MCU_UNI_EVENT_RDD_REPORT:
701 mt7996_mcu_rx_radar_detected(dev, skb);
702 break;
703 case MCU_UNI_EVENT_ALL_STA_INFO:
704 mt7996_mcu_rx_all_sta_info_event(dev, skb);
705 break;
706 case MCU_UNI_EVENT_WED_RRO:
707 mt7996_mcu_wed_rro_event(dev, skb);
708 break;
709 default:
710 break;
711 }
712 dev_kfree_skb(skb);
713}
714
715void mt7996_mcu_rx_event(struct mt7996_dev *dev, struct sk_buff *skb)
716{
717 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
718
719 if (rxd->option & MCU_UNI_CMD_UNSOLICITED_EVENT) {
720 mt7996_mcu_uni_rx_unsolicited_event(dev, skb);
721 return;
722 }
723
724 /* WA still uses legacy event*/
725 if (rxd->ext_eid == MCU_EXT_EVENT_FW_LOG_2_HOST ||
726 !rxd->seq)
727 mt7996_mcu_rx_unsolicited_event(dev, skb);
728 else
729 mt76_mcu_rx_event(&dev->mt76, skb);
730}
731
732static struct tlv *
733mt7996_mcu_add_uni_tlv(struct sk_buff *skb, u16 tag, u16 len)
734{
735 struct tlv *ptlv, tlv = {
736 .tag = cpu_to_le16(tag),
737 .len = cpu_to_le16(len),
738 };
739
740 ptlv = skb_put(skb, len);
741 memcpy(ptlv, &tlv, sizeof(tlv));
742
743 return ptlv;
744}
745
746static void
747mt7996_mcu_bss_rfch_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
748 struct mt7996_phy *phy)
749{
750 static const u8 rlm_ch_band[] = {
751 [NL80211_BAND_2GHZ] = 1,
752 [NL80211_BAND_5GHZ] = 2,
753 [NL80211_BAND_6GHZ] = 3,
754 };
755 struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
756 struct bss_rlm_tlv *ch;
757 struct tlv *tlv;
758 int freq1 = chandef->center_freq1;
759
760 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_RLM, sizeof(*ch));
761
762 ch = (struct bss_rlm_tlv *)tlv;
763 ch->control_channel = chandef->chan->hw_value;
764 ch->center_chan = ieee80211_frequency_to_channel(freq1);
765 ch->bw = mt76_connac_chan_bw(chandef);
766 ch->tx_streams = hweight8(phy->mt76->antenna_mask);
767 ch->rx_streams = hweight8(phy->mt76->antenna_mask);
768 ch->band = rlm_ch_band[chandef->chan->band];
769
770 if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
771 int freq2 = chandef->center_freq2;
772
773 ch->center_chan2 = ieee80211_frequency_to_channel(freq2);
774 }
775}
776
777static void
778mt7996_mcu_bss_ra_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
779 struct mt7996_phy *phy)
780{
781 struct bss_ra_tlv *ra;
782 struct tlv *tlv;
783
784 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_RA, sizeof(*ra));
785
786 ra = (struct bss_ra_tlv *)tlv;
787 ra->short_preamble = true;
788}
789
790static void
791mt7996_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
792 struct mt7996_phy *phy)
793{
794#define DEFAULT_HE_PE_DURATION 4
795#define DEFAULT_HE_DURATION_RTS_THRES 1023
796 const struct ieee80211_sta_he_cap *cap;
797 struct bss_info_uni_he *he;
798 struct tlv *tlv;
799
800 cap = mt76_connac_get_he_phy_cap(phy->mt76, vif);
801
802 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_HE_BASIC, sizeof(*he));
803
804 he = (struct bss_info_uni_he *)tlv;
805 he->he_pe_duration = vif->bss_conf.htc_trig_based_pkt_ext;
806 if (!he->he_pe_duration)
807 he->he_pe_duration = DEFAULT_HE_PE_DURATION;
808
809 he->he_rts_thres = cpu_to_le16(vif->bss_conf.frame_time_rts_th);
810 if (!he->he_rts_thres)
811 he->he_rts_thres = cpu_to_le16(DEFAULT_HE_DURATION_RTS_THRES);
812
813 he->max_nss_mcs[CMD_HE_MCS_BW80] = cap->he_mcs_nss_supp.tx_mcs_80;
814 he->max_nss_mcs[CMD_HE_MCS_BW160] = cap->he_mcs_nss_supp.tx_mcs_160;
815 he->max_nss_mcs[CMD_HE_MCS_BW8080] = cap->he_mcs_nss_supp.tx_mcs_80p80;
816}
817
818static void
819mt7996_mcu_bss_mbssid_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
820 struct mt7996_phy *phy, int enable)
821{
822 struct bss_info_uni_mbssid *mbssid;
823 struct tlv *tlv;
824
825 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_11V_MBSSID, sizeof(*mbssid));
826
827 mbssid = (struct bss_info_uni_mbssid *)tlv;
828
829 if (enable && vif->bss_conf.bssid_indicator) {
830 mbssid->max_indicator = vif->bss_conf.bssid_indicator;
831 mbssid->mbss_idx = vif->bss_conf.bssid_index;
832 mbssid->tx_bss_omac_idx = 0;
833 }
834}
835
836static void
837mt7996_mcu_bss_bmc_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
838 struct mt7996_phy *phy)
839{
840 struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
841 struct bss_rate_tlv *bmc;
842 struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
843 enum nl80211_band band = chandef->chan->band;
844 struct tlv *tlv;
845 u8 idx = mvif->mcast_rates_idx ?
846 mvif->mcast_rates_idx : mvif->basic_rates_idx;
847
848 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_RATE, sizeof(*bmc));
849
850 bmc = (struct bss_rate_tlv *)tlv;
851
852 bmc->short_preamble = (band == NL80211_BAND_2GHZ);
853 bmc->bc_fixed_rate = idx;
854 bmc->mc_fixed_rate = idx;
855}
856
857static void
858mt7996_mcu_bss_txcmd_tlv(struct sk_buff *skb, bool en)
859{
860 struct bss_txcmd_tlv *txcmd;
861 struct tlv *tlv;
862
863 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_TXCMD, sizeof(*txcmd));
864
865 txcmd = (struct bss_txcmd_tlv *)tlv;
866 txcmd->txcmd_mode = en;
867}
868
869static void
870mt7996_mcu_bss_mld_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
871{
872 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
873 struct bss_mld_tlv *mld;
874 struct tlv *tlv;
875
876 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_MLD, sizeof(*mld));
877
878 mld = (struct bss_mld_tlv *)tlv;
879 mld->group_mld_id = 0xff;
880 mld->own_mld_id = mvif->mt76.idx;
881 mld->remap_idx = 0xff;
882}
883
884static void
885mt7996_mcu_bss_sec_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
886{
887 struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
888 struct bss_sec_tlv *sec;
889 struct tlv *tlv;
890
891 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_SEC, sizeof(*sec));
892
893 sec = (struct bss_sec_tlv *)tlv;
894 sec->cipher = mvif->cipher;
895}
896
897static int
898mt7996_mcu_muar_config(struct mt7996_phy *phy, struct ieee80211_vif *vif,
899 bool bssid, bool enable)
900{
901#define UNI_MUAR_ENTRY 2
902 struct mt7996_dev *dev = phy->dev;
903 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
904 u32 idx = mvif->mt76.omac_idx - REPEATER_BSSID_START;
905 const u8 *addr = vif->addr;
906
907 struct {
908 struct {
909 u8 band;
910 u8 __rsv[3];
911 } hdr;
912
913 __le16 tag;
914 __le16 len;
915
916 bool smesh;
917 u8 bssid;
918 u8 index;
919 u8 entry_add;
920 u8 addr[ETH_ALEN];
921 u8 __rsv[2];
922 } __packed req = {
923 .hdr.band = phy->mt76->band_idx,
924 .tag = cpu_to_le16(UNI_MUAR_ENTRY),
925 .len = cpu_to_le16(sizeof(req) - sizeof(req.hdr)),
926 .smesh = false,
927 .index = idx * 2 + bssid,
928 .entry_add = true,
929 };
930
931 if (bssid)
932 addr = vif->bss_conf.bssid;
933
934 if (enable)
935 memcpy(req.addr, addr, ETH_ALEN);
936
937 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(REPT_MUAR), &req,
938 sizeof(req), true);
939}
940
941static void
942mt7996_mcu_bss_ifs_timing_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
943{
944 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
945 struct mt7996_phy *phy = mvif->phy;
946 struct bss_ifs_time_tlv *ifs_time;
947 struct tlv *tlv;
948 bool is_2ghz = phy->mt76->chandef.chan->band == NL80211_BAND_2GHZ;
949
950 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_IFS_TIME, sizeof(*ifs_time));
951
952 ifs_time = (struct bss_ifs_time_tlv *)tlv;
953 ifs_time->slot_valid = true;
954 ifs_time->sifs_valid = true;
955 ifs_time->rifs_valid = true;
956 ifs_time->eifs_valid = true;
957
958 ifs_time->slot_time = cpu_to_le16(phy->slottime);
959 ifs_time->sifs_time = cpu_to_le16(10);
960 ifs_time->rifs_time = cpu_to_le16(2);
961 ifs_time->eifs_time = cpu_to_le16(is_2ghz ? 78 : 84);
962
963 if (is_2ghz) {
964 ifs_time->eifs_cck_valid = true;
965 ifs_time->eifs_cck_time = cpu_to_le16(314);
966 }
967}
968
969static int
970mt7996_mcu_bss_basic_tlv(struct sk_buff *skb,
971 struct ieee80211_vif *vif,
972 struct ieee80211_sta *sta,
973 struct mt76_phy *phy, u16 wlan_idx,
974 bool enable)
975{
976 struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
977 struct cfg80211_chan_def *chandef = &phy->chandef;
978 struct mt76_connac_bss_basic_tlv *bss;
979 u32 type = CONNECTION_INFRA_AP;
980 u16 sta_wlan_idx = wlan_idx;
981 struct tlv *tlv;
982 int idx;
983
984 switch (vif->type) {
985 case NL80211_IFTYPE_MESH_POINT:
986 case NL80211_IFTYPE_AP:
987 case NL80211_IFTYPE_MONITOR:
988 break;
989 case NL80211_IFTYPE_STATION:
990 if (enable) {
991 rcu_read_lock();
992 if (!sta)
993 sta = ieee80211_find_sta(vif,
994 vif->bss_conf.bssid);
995 /* TODO: enable BSS_INFO_UAPSD & BSS_INFO_PM */
996 if (sta) {
997 struct mt76_wcid *wcid;
998
999 wcid = (struct mt76_wcid *)sta->drv_priv;
1000 sta_wlan_idx = wcid->idx;
1001 }
1002 rcu_read_unlock();
1003 }
1004 type = CONNECTION_INFRA_STA;
1005 break;
1006 case NL80211_IFTYPE_ADHOC:
1007 type = CONNECTION_IBSS_ADHOC;
1008 break;
1009 default:
1010 WARN_ON(1);
1011 break;
1012 }
1013
1014 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_BASIC, sizeof(*bss));
1015
1016 bss = (struct mt76_connac_bss_basic_tlv *)tlv;
1017 bss->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
1018 bss->dtim_period = vif->bss_conf.dtim_period;
1019 bss->bmc_tx_wlan_idx = cpu_to_le16(wlan_idx);
1020 bss->sta_idx = cpu_to_le16(sta_wlan_idx);
1021 bss->conn_type = cpu_to_le32(type);
1022 bss->omac_idx = mvif->omac_idx;
1023 bss->band_idx = mvif->band_idx;
1024 bss->wmm_idx = mvif->wmm_idx;
1025 bss->conn_state = !enable;
1026 bss->active = enable;
1027
1028 idx = mvif->omac_idx > EXT_BSSID_START ? HW_BSSID_0 : mvif->omac_idx;
1029 bss->hw_bss_idx = idx;
1030
1031 if (vif->type == NL80211_IFTYPE_MONITOR) {
1032 memcpy(bss->bssid, phy->macaddr, ETH_ALEN);
1033 return 0;
1034 }
1035
1036 memcpy(bss->bssid, vif->bss_conf.bssid, ETH_ALEN);
1037 bss->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
1038 bss->dtim_period = vif->bss_conf.dtim_period;
1039 bss->phymode = mt76_connac_get_phy_mode(phy, vif,
1040 chandef->chan->band, NULL);
1041 bss->phymode_ext = mt76_connac_get_phy_mode_ext(phy, vif,
1042 chandef->chan->band);
1043
1044 return 0;
1045}
1046
1047static struct sk_buff *
1048__mt7996_mcu_alloc_bss_req(struct mt76_dev *dev, struct mt76_vif *mvif, int len)
1049{
1050 struct bss_req_hdr hdr = {
1051 .bss_idx = mvif->idx,
1052 };
1053 struct sk_buff *skb;
1054
1055 skb = mt76_mcu_msg_alloc(dev, NULL, len);
1056 if (!skb)
1057 return ERR_PTR(-ENOMEM);
1058
1059 skb_put_data(skb, &hdr, sizeof(hdr));
1060
1061 return skb;
1062}
1063
1064int mt7996_mcu_add_bss_info(struct mt7996_phy *phy,
1065 struct ieee80211_vif *vif, int enable)
1066{
1067 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1068 struct mt7996_dev *dev = phy->dev;
1069 struct sk_buff *skb;
1070
1071 if (mvif->mt76.omac_idx >= REPEATER_BSSID_START) {
1072 mt7996_mcu_muar_config(phy, vif, false, enable);
1073 mt7996_mcu_muar_config(phy, vif, true, enable);
1074 }
1075
1076 skb = __mt7996_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76,
1077 MT7996_BSS_UPDATE_MAX_SIZE);
1078 if (IS_ERR(skb))
1079 return PTR_ERR(skb);
1080
1081 /* bss_basic must be first */
1082 mt7996_mcu_bss_basic_tlv(skb, vif, NULL, phy->mt76,
1083 mvif->sta.wcid.idx, enable);
1084 mt7996_mcu_bss_sec_tlv(skb, vif);
1085
1086 if (vif->type == NL80211_IFTYPE_MONITOR)
1087 goto out;
1088
1089 if (enable) {
1090 mt7996_mcu_bss_rfch_tlv(skb, vif, phy);
1091 mt7996_mcu_bss_bmc_tlv(skb, vif, phy);
1092 mt7996_mcu_bss_ra_tlv(skb, vif, phy);
1093 mt7996_mcu_bss_txcmd_tlv(skb, true);
1094 mt7996_mcu_bss_ifs_timing_tlv(skb, vif);
1095
1096 if (vif->bss_conf.he_support)
1097 mt7996_mcu_bss_he_tlv(skb, vif, phy);
1098
1099 /* this tag is necessary no matter if the vif is MLD */
1100 mt7996_mcu_bss_mld_tlv(skb, vif);
1101 }
1102
1103 mt7996_mcu_bss_mbssid_tlv(skb, vif, phy, enable);
1104
1105out:
1106 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1107 MCU_WMWA_UNI_CMD(BSS_INFO_UPDATE), true);
1108}
1109
1110int mt7996_mcu_set_timing(struct mt7996_phy *phy, struct ieee80211_vif *vif)
1111{
1112 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1113 struct mt7996_dev *dev = phy->dev;
1114 struct sk_buff *skb;
1115
1116 skb = __mt7996_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76,
1117 MT7996_BSS_UPDATE_MAX_SIZE);
1118 if (IS_ERR(skb))
1119 return PTR_ERR(skb);
1120
1121 mt7996_mcu_bss_ifs_timing_tlv(skb, vif);
1122
1123 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1124 MCU_WMWA_UNI_CMD(BSS_INFO_UPDATE), true);
1125}
1126
1127static int
1128mt7996_mcu_sta_ba(struct mt7996_dev *dev, struct mt76_vif *mvif,
1129 struct ieee80211_ampdu_params *params,
1130 bool enable, bool tx)
1131{
1132 struct mt76_wcid *wcid = (struct mt76_wcid *)params->sta->drv_priv;
1133 struct sta_rec_ba_uni *ba;
1134 struct sk_buff *skb;
1135 struct tlv *tlv;
1136
1137 skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, mvif, wcid,
1138 MT7996_STA_UPDATE_MAX_SIZE);
1139 if (IS_ERR(skb))
1140 return PTR_ERR(skb);
1141
1142 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BA, sizeof(*ba));
1143
1144 ba = (struct sta_rec_ba_uni *)tlv;
1145 ba->ba_type = tx ? MT_BA_TYPE_ORIGINATOR : MT_BA_TYPE_RECIPIENT;
1146 ba->winsize = cpu_to_le16(params->buf_size);
1147 ba->ssn = cpu_to_le16(params->ssn);
1148 ba->ba_en = enable << params->tid;
1149 ba->amsdu = params->amsdu;
1150 ba->tid = params->tid;
1151 ba->ba_rdd_rro = !tx && enable && dev->has_rro;
1152
1153 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1154 MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
1155}
1156
1157/** starec & wtbl **/
1158int mt7996_mcu_add_tx_ba(struct mt7996_dev *dev,
1159 struct ieee80211_ampdu_params *params,
1160 bool enable)
1161{
1162 struct mt7996_sta *msta = (struct mt7996_sta *)params->sta->drv_priv;
1163 struct mt7996_vif *mvif = msta->vif;
1164
1165 if (enable && !params->amsdu)
1166 msta->wcid.amsdu = false;
1167
1168 return mt7996_mcu_sta_ba(dev, &mvif->mt76, params, enable, true);
1169}
1170
1171int mt7996_mcu_add_rx_ba(struct mt7996_dev *dev,
1172 struct ieee80211_ampdu_params *params,
1173 bool enable)
1174{
1175 struct mt7996_sta *msta = (struct mt7996_sta *)params->sta->drv_priv;
1176 struct mt7996_vif *mvif = msta->vif;
1177
1178 return mt7996_mcu_sta_ba(dev, &mvif->mt76, params, enable, false);
1179}
1180
1181static void
1182mt7996_mcu_sta_he_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1183{
1184 struct ieee80211_he_cap_elem *elem = &sta->deflink.he_cap.he_cap_elem;
1185 struct ieee80211_he_mcs_nss_supp mcs_map;
1186 struct sta_rec_he_v2 *he;
1187 struct tlv *tlv;
1188 int i = 0;
1189
1190 if (!sta->deflink.he_cap.has_he)
1191 return;
1192
1193 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HE_V2, sizeof(*he));
1194
1195 he = (struct sta_rec_he_v2 *)tlv;
1196 for (i = 0; i < 11; i++) {
1197 if (i < 6)
1198 he->he_mac_cap[i] = elem->mac_cap_info[i];
1199 he->he_phy_cap[i] = elem->phy_cap_info[i];
1200 }
1201
1202 mcs_map = sta->deflink.he_cap.he_mcs_nss_supp;
1203 switch (sta->deflink.bandwidth) {
1204 case IEEE80211_STA_RX_BW_160:
1205 if (elem->phy_cap_info[0] &
1206 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)
1207 mt7996_mcu_set_sta_he_mcs(sta,
1208 &he->max_nss_mcs[CMD_HE_MCS_BW8080],
1209 le16_to_cpu(mcs_map.rx_mcs_80p80));
1210
1211 mt7996_mcu_set_sta_he_mcs(sta,
1212 &he->max_nss_mcs[CMD_HE_MCS_BW160],
1213 le16_to_cpu(mcs_map.rx_mcs_160));
1214 fallthrough;
1215 default:
1216 mt7996_mcu_set_sta_he_mcs(sta,
1217 &he->max_nss_mcs[CMD_HE_MCS_BW80],
1218 le16_to_cpu(mcs_map.rx_mcs_80));
1219 break;
1220 }
1221
1222 he->pkt_ext = 2;
1223}
1224
1225static void
1226mt7996_mcu_sta_he_6g_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1227{
1228 struct sta_rec_he_6g_capa *he_6g;
1229 struct tlv *tlv;
1230
1231 if (!sta->deflink.he_6ghz_capa.capa)
1232 return;
1233
1234 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HE_6G, sizeof(*he_6g));
1235
1236 he_6g = (struct sta_rec_he_6g_capa *)tlv;
1237 he_6g->capa = sta->deflink.he_6ghz_capa.capa;
1238}
1239
1240static void
1241mt7996_mcu_sta_eht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1242{
1243 struct ieee80211_eht_mcs_nss_supp *mcs_map;
1244 struct ieee80211_eht_cap_elem_fixed *elem;
1245 struct sta_rec_eht *eht;
1246 struct tlv *tlv;
1247
1248 if (!sta->deflink.eht_cap.has_eht)
1249 return;
1250
1251 mcs_map = &sta->deflink.eht_cap.eht_mcs_nss_supp;
1252 elem = &sta->deflink.eht_cap.eht_cap_elem;
1253
1254 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_EHT, sizeof(*eht));
1255
1256 eht = (struct sta_rec_eht *)tlv;
1257 eht->tid_bitmap = 0xff;
1258 eht->mac_cap = cpu_to_le16(*(u16 *)elem->mac_cap_info);
1259 eht->phy_cap = cpu_to_le64(*(u64 *)elem->phy_cap_info);
1260 eht->phy_cap_ext = cpu_to_le64(elem->phy_cap_info[8]);
1261
1262 if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_20)
1263 memcpy(eht->mcs_map_bw20, &mcs_map->only_20mhz, sizeof(eht->mcs_map_bw20));
1264 memcpy(eht->mcs_map_bw80, &mcs_map->bw._80, sizeof(eht->mcs_map_bw80));
1265 memcpy(eht->mcs_map_bw160, &mcs_map->bw._160, sizeof(eht->mcs_map_bw160));
1266 memcpy(eht->mcs_map_bw320, &mcs_map->bw._320, sizeof(eht->mcs_map_bw320));
1267}
1268
1269static void
1270mt7996_mcu_sta_ht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1271{
1272 struct sta_rec_ht_uni *ht;
1273 struct tlv *tlv;
1274
1275 if (!sta->deflink.ht_cap.ht_supported)
1276 return;
1277
1278 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
1279
1280 ht = (struct sta_rec_ht_uni *)tlv;
1281 ht->ht_cap = cpu_to_le16(sta->deflink.ht_cap.cap);
1282 ht->ampdu_param = u8_encode_bits(sta->deflink.ht_cap.ampdu_factor,
1283 IEEE80211_HT_AMPDU_PARM_FACTOR) |
1284 u8_encode_bits(sta->deflink.ht_cap.ampdu_density,
1285 IEEE80211_HT_AMPDU_PARM_DENSITY);
1286}
1287
1288static void
1289mt7996_mcu_sta_vht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
1290{
1291 struct sta_rec_vht *vht;
1292 struct tlv *tlv;
1293
1294 /* For 6G band, this tlv is necessary to let hw work normally */
1295 if (!sta->deflink.he_6ghz_capa.capa && !sta->deflink.vht_cap.vht_supported)
1296 return;
1297
1298 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
1299
1300 vht = (struct sta_rec_vht *)tlv;
1301 vht->vht_cap = cpu_to_le32(sta->deflink.vht_cap.cap);
1302 vht->vht_rx_mcs_map = sta->deflink.vht_cap.vht_mcs.rx_mcs_map;
1303 vht->vht_tx_mcs_map = sta->deflink.vht_cap.vht_mcs.tx_mcs_map;
1304}
1305
1306static void
1307mt7996_mcu_sta_amsdu_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
1308 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1309{
1310 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1311 struct sta_rec_amsdu *amsdu;
1312 struct tlv *tlv;
1313
1314 if (vif->type != NL80211_IFTYPE_STATION &&
1315 vif->type != NL80211_IFTYPE_MESH_POINT &&
1316 vif->type != NL80211_IFTYPE_AP)
1317 return;
1318
1319 if (!sta->deflink.agg.max_amsdu_len)
1320 return;
1321
1322 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HW_AMSDU, sizeof(*amsdu));
1323 amsdu = (struct sta_rec_amsdu *)tlv;
1324 amsdu->max_amsdu_num = 8;
1325 amsdu->amsdu_en = true;
1326 msta->wcid.amsdu = true;
1327
1328 switch (sta->deflink.agg.max_amsdu_len) {
1329 case IEEE80211_MAX_MPDU_LEN_VHT_11454:
1330 amsdu->max_mpdu_size =
1331 IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454;
1332 return;
1333 case IEEE80211_MAX_MPDU_LEN_HT_7935:
1334 case IEEE80211_MAX_MPDU_LEN_VHT_7991:
1335 amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991;
1336 return;
1337 default:
1338 amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895;
1339 return;
1340 }
1341}
1342
1343static void
1344mt7996_mcu_sta_muru_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
1345 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1346{
1347 struct ieee80211_he_cap_elem *elem = &sta->deflink.he_cap.he_cap_elem;
1348 struct sta_rec_muru *muru;
1349 struct tlv *tlv;
1350
1351 if (vif->type != NL80211_IFTYPE_STATION &&
1352 vif->type != NL80211_IFTYPE_AP)
1353 return;
1354
1355 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_MURU, sizeof(*muru));
1356
1357 muru = (struct sta_rec_muru *)tlv;
1358 muru->cfg.mimo_dl_en = vif->bss_conf.eht_mu_beamformer ||
1359 vif->bss_conf.he_mu_beamformer ||
1360 vif->bss_conf.vht_mu_beamformer ||
1361 vif->bss_conf.vht_mu_beamformee;
1362 muru->cfg.ofdma_dl_en = true;
1363
1364 if (sta->deflink.vht_cap.vht_supported)
1365 muru->mimo_dl.vht_mu_bfee =
1366 !!(sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1367
1368 if (!sta->deflink.he_cap.has_he)
1369 return;
1370
1371 muru->mimo_dl.partial_bw_dl_mimo =
1372 HE_PHY(CAP6_PARTIAL_BANDWIDTH_DL_MUMIMO, elem->phy_cap_info[6]);
1373
1374 muru->mimo_ul.full_ul_mimo =
1375 HE_PHY(CAP2_UL_MU_FULL_MU_MIMO, elem->phy_cap_info[2]);
1376 muru->mimo_ul.partial_ul_mimo =
1377 HE_PHY(CAP2_UL_MU_PARTIAL_MU_MIMO, elem->phy_cap_info[2]);
1378
1379 muru->ofdma_dl.punc_pream_rx =
1380 HE_PHY(CAP1_PREAMBLE_PUNC_RX_MASK, elem->phy_cap_info[1]);
1381 muru->ofdma_dl.he_20m_in_40m_2g =
1382 HE_PHY(CAP8_20MHZ_IN_40MHZ_HE_PPDU_IN_2G, elem->phy_cap_info[8]);
1383 muru->ofdma_dl.he_20m_in_160m =
1384 HE_PHY(CAP8_20MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
1385 muru->ofdma_dl.he_80m_in_160m =
1386 HE_PHY(CAP8_80MHZ_IN_160MHZ_HE_PPDU, elem->phy_cap_info[8]);
1387
1388 muru->ofdma_ul.t_frame_dur =
1389 HE_MAC(CAP1_TF_MAC_PAD_DUR_MASK, elem->mac_cap_info[1]);
1390 muru->ofdma_ul.mu_cascading =
1391 HE_MAC(CAP2_MU_CASCADING, elem->mac_cap_info[2]);
1392 muru->ofdma_ul.uo_ra =
1393 HE_MAC(CAP3_OFDMA_RA, elem->mac_cap_info[3]);
1394 muru->ofdma_ul.rx_ctrl_frame_to_mbss =
1395 HE_MAC(CAP3_RX_CTRL_FRAME_TO_MULTIBSS, elem->mac_cap_info[3]);
1396}
1397
1398static inline bool
1399mt7996_is_ebf_supported(struct mt7996_phy *phy, struct ieee80211_vif *vif,
1400 struct ieee80211_sta *sta, bool bfee)
1401{
1402 int sts = hweight16(phy->mt76->chainmask);
1403
1404 if (vif->type != NL80211_IFTYPE_STATION &&
1405 vif->type != NL80211_IFTYPE_AP)
1406 return false;
1407
1408 if (!bfee && sts < 2)
1409 return false;
1410
1411 if (sta->deflink.eht_cap.has_eht) {
1412 struct ieee80211_sta_eht_cap *pc = &sta->deflink.eht_cap;
1413 struct ieee80211_eht_cap_elem_fixed *pe = &pc->eht_cap_elem;
1414
1415 if (bfee)
1416 return vif->bss_conf.eht_su_beamformee &&
1417 EHT_PHY(CAP0_SU_BEAMFORMEE, pe->phy_cap_info[0]);
1418 else
1419 return vif->bss_conf.eht_su_beamformer &&
1420 EHT_PHY(CAP0_SU_BEAMFORMER, pe->phy_cap_info[0]);
1421 }
1422
1423 if (sta->deflink.he_cap.has_he) {
1424 struct ieee80211_he_cap_elem *pe = &sta->deflink.he_cap.he_cap_elem;
1425
1426 if (bfee)
1427 return vif->bss_conf.he_su_beamformee &&
1428 HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]);
1429 else
1430 return vif->bss_conf.he_su_beamformer &&
1431 HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]);
1432 }
1433
1434 if (sta->deflink.vht_cap.vht_supported) {
1435 u32 cap = sta->deflink.vht_cap.cap;
1436
1437 if (bfee)
1438 return vif->bss_conf.vht_su_beamformee &&
1439 (cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1440 else
1441 return vif->bss_conf.vht_su_beamformer &&
1442 (cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1443 }
1444
1445 return false;
1446}
1447
1448static void
1449mt7996_mcu_sta_sounding_rate(struct sta_rec_bf *bf)
1450{
1451 bf->sounding_phy = MT_PHY_TYPE_OFDM;
1452 bf->ndp_rate = 0; /* mcs0 */
1453 bf->ndpa_rate = MT7996_CFEND_RATE_DEFAULT; /* ofdm 24m */
1454 bf->rept_poll_rate = MT7996_CFEND_RATE_DEFAULT; /* ofdm 24m */
1455}
1456
1457static void
1458mt7996_mcu_sta_bfer_ht(struct ieee80211_sta *sta, struct mt7996_phy *phy,
1459 struct sta_rec_bf *bf)
1460{
1461 struct ieee80211_mcs_info *mcs = &sta->deflink.ht_cap.mcs;
1462 u8 n = 0;
1463
1464 bf->tx_mode = MT_PHY_TYPE_HT;
1465
1466 if ((mcs->tx_params & IEEE80211_HT_MCS_TX_RX_DIFF) &&
1467 (mcs->tx_params & IEEE80211_HT_MCS_TX_DEFINED))
1468 n = FIELD_GET(IEEE80211_HT_MCS_TX_MAX_STREAMS_MASK,
1469 mcs->tx_params);
1470 else if (mcs->rx_mask[3])
1471 n = 3;
1472 else if (mcs->rx_mask[2])
1473 n = 2;
1474 else if (mcs->rx_mask[1])
1475 n = 1;
1476
1477 bf->nrow = hweight8(phy->mt76->antenna_mask) - 1;
1478 bf->ncol = min_t(u8, bf->nrow, n);
1479 bf->ibf_ncol = n;
1480}
1481
1482static void
1483mt7996_mcu_sta_bfer_vht(struct ieee80211_sta *sta, struct mt7996_phy *phy,
1484 struct sta_rec_bf *bf, bool explicit)
1485{
1486 struct ieee80211_sta_vht_cap *pc = &sta->deflink.vht_cap;
1487 struct ieee80211_sta_vht_cap *vc = &phy->mt76->sband_5g.sband.vht_cap;
1488 u16 mcs_map = le16_to_cpu(pc->vht_mcs.rx_mcs_map);
1489 u8 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map);
1490 u8 tx_ant = hweight8(phy->mt76->antenna_mask) - 1;
1491
1492 bf->tx_mode = MT_PHY_TYPE_VHT;
1493
1494 if (explicit) {
1495 u8 sts, snd_dim;
1496
1497 mt7996_mcu_sta_sounding_rate(bf);
1498
1499 sts = FIELD_GET(IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK,
1500 pc->cap);
1501 snd_dim = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1502 vc->cap);
1503 bf->nrow = min_t(u8, min_t(u8, snd_dim, sts), tx_ant);
1504 bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1505 bf->ibf_ncol = bf->ncol;
1506
1507 if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
1508 bf->nrow = 1;
1509 } else {
1510 bf->nrow = tx_ant;
1511 bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1512 bf->ibf_ncol = nss_mcs;
1513
1514 if (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_160)
1515 bf->ibf_nrow = 1;
1516 }
1517}
1518
1519static void
1520mt7996_mcu_sta_bfer_he(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
1521 struct mt7996_phy *phy, struct sta_rec_bf *bf)
1522{
1523 struct ieee80211_sta_he_cap *pc = &sta->deflink.he_cap;
1524 struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
1525 const struct ieee80211_sta_he_cap *vc =
1526 mt76_connac_get_he_phy_cap(phy->mt76, vif);
1527 const struct ieee80211_he_cap_elem *ve = &vc->he_cap_elem;
1528 u16 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80);
1529 u8 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map);
1530 u8 snd_dim, sts;
1531
1532 bf->tx_mode = MT_PHY_TYPE_HE_SU;
1533
1534 mt7996_mcu_sta_sounding_rate(bf);
1535
1536 bf->trigger_su = HE_PHY(CAP6_TRIG_SU_BEAMFORMING_FB,
1537 pe->phy_cap_info[6]);
1538 bf->trigger_mu = HE_PHY(CAP6_TRIG_MU_BEAMFORMING_PARTIAL_BW_FB,
1539 pe->phy_cap_info[6]);
1540 snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1541 ve->phy_cap_info[5]);
1542 sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_MASK,
1543 pe->phy_cap_info[4]);
1544 bf->nrow = min_t(u8, snd_dim, sts);
1545 bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1546 bf->ibf_ncol = bf->ncol;
1547
1548 if (sta->deflink.bandwidth != IEEE80211_STA_RX_BW_160)
1549 return;
1550
1551 /* go over for 160MHz and 80p80 */
1552 if (pe->phy_cap_info[0] &
1553 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G) {
1554 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_160);
1555 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map);
1556
1557 bf->ncol_gt_bw80 = nss_mcs;
1558 }
1559
1560 if (pe->phy_cap_info[0] &
1561 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G) {
1562 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80p80);
1563 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map);
1564
1565 if (bf->ncol_gt_bw80)
1566 bf->ncol_gt_bw80 = min_t(u8, bf->ncol_gt_bw80, nss_mcs);
1567 else
1568 bf->ncol_gt_bw80 = nss_mcs;
1569 }
1570
1571 snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_MASK,
1572 ve->phy_cap_info[5]);
1573 sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_ABOVE_80MHZ_MASK,
1574 pe->phy_cap_info[4]);
1575
1576 bf->nrow_gt_bw80 = min_t(int, snd_dim, sts);
1577}
1578
1579static void
1580mt7996_mcu_sta_bfer_eht(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
1581 struct mt7996_phy *phy, struct sta_rec_bf *bf)
1582{
1583 struct ieee80211_sta_eht_cap *pc = &sta->deflink.eht_cap;
1584 struct ieee80211_eht_cap_elem_fixed *pe = &pc->eht_cap_elem;
1585 struct ieee80211_eht_mcs_nss_supp *eht_nss = &pc->eht_mcs_nss_supp;
1586 const struct ieee80211_sta_eht_cap *vc =
1587 mt76_connac_get_eht_phy_cap(phy->mt76, vif);
1588 const struct ieee80211_eht_cap_elem_fixed *ve = &vc->eht_cap_elem;
1589 u8 nss_mcs = u8_get_bits(eht_nss->bw._80.rx_tx_mcs9_max_nss,
1590 IEEE80211_EHT_MCS_NSS_RX) - 1;
1591 u8 snd_dim, sts;
1592
1593 bf->tx_mode = MT_PHY_TYPE_EHT_MU;
1594
1595 mt7996_mcu_sta_sounding_rate(bf);
1596
1597 bf->trigger_su = EHT_PHY(CAP3_TRIG_SU_BF_FDBK, pe->phy_cap_info[3]);
1598 bf->trigger_mu = EHT_PHY(CAP3_TRIG_MU_BF_PART_BW_FDBK, pe->phy_cap_info[3]);
1599 snd_dim = EHT_PHY(CAP2_SOUNDING_DIM_80MHZ_MASK, ve->phy_cap_info[2]);
1600 sts = EHT_PHY(CAP0_BEAMFORMEE_SS_80MHZ_MASK, pe->phy_cap_info[0]) +
1601 (EHT_PHY(CAP1_BEAMFORMEE_SS_80MHZ_MASK, pe->phy_cap_info[1]) << 1);
1602 bf->nrow = min_t(u8, snd_dim, sts);
1603 bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1604 bf->ibf_ncol = bf->ncol;
1605
1606 if (sta->deflink.bandwidth < IEEE80211_STA_RX_BW_160)
1607 return;
1608
1609 switch (sta->deflink.bandwidth) {
1610 case IEEE80211_STA_RX_BW_160:
1611 snd_dim = EHT_PHY(CAP2_SOUNDING_DIM_160MHZ_MASK, ve->phy_cap_info[2]);
1612 sts = EHT_PHY(CAP1_BEAMFORMEE_SS_160MHZ_MASK, pe->phy_cap_info[1]);
1613 nss_mcs = u8_get_bits(eht_nss->bw._160.rx_tx_mcs9_max_nss,
1614 IEEE80211_EHT_MCS_NSS_RX) - 1;
1615
1616 bf->nrow_gt_bw80 = min_t(u8, snd_dim, sts);
1617 bf->ncol_gt_bw80 = nss_mcs;
1618 break;
1619 case IEEE80211_STA_RX_BW_320:
1620 snd_dim = EHT_PHY(CAP2_SOUNDING_DIM_320MHZ_MASK, ve->phy_cap_info[2]) +
1621 (EHT_PHY(CAP3_SOUNDING_DIM_320MHZ_MASK,
1622 ve->phy_cap_info[3]) << 1);
1623 sts = EHT_PHY(CAP1_BEAMFORMEE_SS_320MHZ_MASK, pe->phy_cap_info[1]);
1624 nss_mcs = u8_get_bits(eht_nss->bw._320.rx_tx_mcs9_max_nss,
1625 IEEE80211_EHT_MCS_NSS_RX) - 1;
1626
1627 bf->nrow_gt_bw80 = min_t(u8, snd_dim, sts) << 4;
1628 bf->ncol_gt_bw80 = nss_mcs << 4;
1629 break;
1630 default:
1631 break;
1632 }
1633}
1634
1635static void
1636mt7996_mcu_sta_bfer_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
1637 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1638{
1639 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1640 struct mt7996_phy *phy = mvif->phy;
1641 int tx_ant = hweight8(phy->mt76->chainmask) - 1;
1642 struct sta_rec_bf *bf;
1643 struct tlv *tlv;
1644 const u8 matrix[4][4] = {
1645 {0, 0, 0, 0},
1646 {1, 1, 0, 0}, /* 2x1, 2x2, 2x3, 2x4 */
1647 {2, 4, 4, 0}, /* 3x1, 3x2, 3x3, 3x4 */
1648 {3, 5, 6, 0} /* 4x1, 4x2, 4x3, 4x4 */
1649 };
1650 bool ebf;
1651
1652 if (!(sta->deflink.ht_cap.ht_supported || sta->deflink.he_cap.has_he))
1653 return;
1654
1655 ebf = mt7996_is_ebf_supported(phy, vif, sta, false);
1656 if (!ebf && !dev->ibf)
1657 return;
1658
1659 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BF, sizeof(*bf));
1660 bf = (struct sta_rec_bf *)tlv;
1661
1662 /* he/eht: eBF only, in accordance with spec
1663 * vht: support eBF and iBF
1664 * ht: iBF only, since mac80211 lacks of eBF support
1665 */
1666 if (sta->deflink.eht_cap.has_eht && ebf)
1667 mt7996_mcu_sta_bfer_eht(sta, vif, phy, bf);
1668 else if (sta->deflink.he_cap.has_he && ebf)
1669 mt7996_mcu_sta_bfer_he(sta, vif, phy, bf);
1670 else if (sta->deflink.vht_cap.vht_supported)
1671 mt7996_mcu_sta_bfer_vht(sta, phy, bf, ebf);
1672 else if (sta->deflink.ht_cap.ht_supported)
1673 mt7996_mcu_sta_bfer_ht(sta, phy, bf);
1674 else
1675 return;
1676
1677 bf->bf_cap = ebf ? ebf : dev->ibf << 1;
1678 bf->bw = sta->deflink.bandwidth;
1679 bf->ibf_dbw = sta->deflink.bandwidth;
1680 bf->ibf_nrow = tx_ant;
1681
1682 if (!ebf && sta->deflink.bandwidth <= IEEE80211_STA_RX_BW_40 && !bf->ncol)
1683 bf->ibf_timeout = 0x48;
1684 else
1685 bf->ibf_timeout = 0x18;
1686
1687 if (ebf && bf->nrow != tx_ant)
1688 bf->mem_20m = matrix[tx_ant][bf->ncol];
1689 else
1690 bf->mem_20m = matrix[bf->nrow][bf->ncol];
1691
1692 switch (sta->deflink.bandwidth) {
1693 case IEEE80211_STA_RX_BW_160:
1694 case IEEE80211_STA_RX_BW_80:
1695 bf->mem_total = bf->mem_20m * 2;
1696 break;
1697 case IEEE80211_STA_RX_BW_40:
1698 bf->mem_total = bf->mem_20m;
1699 break;
1700 case IEEE80211_STA_RX_BW_20:
1701 default:
1702 break;
1703 }
1704}
1705
1706static void
1707mt7996_mcu_sta_bfee_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
1708 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1709{
1710 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1711 struct mt7996_phy *phy = mvif->phy;
1712 int tx_ant = hweight8(phy->mt76->antenna_mask) - 1;
1713 struct sta_rec_bfee *bfee;
1714 struct tlv *tlv;
1715 u8 nrow = 0;
1716
1717 if (!(sta->deflink.vht_cap.vht_supported || sta->deflink.he_cap.has_he))
1718 return;
1719
1720 if (!mt7996_is_ebf_supported(phy, vif, sta, true))
1721 return;
1722
1723 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BFEE, sizeof(*bfee));
1724 bfee = (struct sta_rec_bfee *)tlv;
1725
1726 if (sta->deflink.he_cap.has_he) {
1727 struct ieee80211_he_cap_elem *pe = &sta->deflink.he_cap.he_cap_elem;
1728
1729 nrow = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1730 pe->phy_cap_info[5]);
1731 } else if (sta->deflink.vht_cap.vht_supported) {
1732 struct ieee80211_sta_vht_cap *pc = &sta->deflink.vht_cap;
1733
1734 nrow = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1735 pc->cap);
1736 }
1737
1738 /* reply with identity matrix to avoid 2x2 BF negative gain */
1739 bfee->fb_identity_matrix = (nrow == 1 && tx_ant == 2);
1740}
1741
1742static void
1743mt7996_mcu_sta_hdrt_tlv(struct mt7996_dev *dev, struct sk_buff *skb)
1744{
1745 struct sta_rec_hdrt *hdrt;
1746 struct tlv *tlv;
1747
1748 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HDRT, sizeof(*hdrt));
1749
1750 hdrt = (struct sta_rec_hdrt *)tlv;
1751 hdrt->hdrt_mode = 1;
1752}
1753
1754static void
1755mt7996_mcu_sta_hdr_trans_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
1756 struct ieee80211_vif *vif,
1757 struct ieee80211_sta *sta)
1758{
1759 struct sta_rec_hdr_trans *hdr_trans;
1760 struct mt76_wcid *wcid;
1761 struct tlv *tlv;
1762
1763 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HDR_TRANS, sizeof(*hdr_trans));
1764 hdr_trans = (struct sta_rec_hdr_trans *)tlv;
1765 hdr_trans->dis_rx_hdr_tran = true;
1766
1767 if (vif->type == NL80211_IFTYPE_STATION)
1768 hdr_trans->to_ds = true;
1769 else
1770 hdr_trans->from_ds = true;
1771
1772 wcid = (struct mt76_wcid *)sta->drv_priv;
1773 if (!wcid)
1774 return;
1775
1776 hdr_trans->dis_rx_hdr_tran = !test_bit(MT_WCID_FLAG_HDR_TRANS, &wcid->flags);
1777 if (test_bit(MT_WCID_FLAG_4ADDR, &wcid->flags)) {
1778 hdr_trans->to_ds = true;
1779 hdr_trans->from_ds = true;
1780 }
1781
1782 if (vif->type == NL80211_IFTYPE_MESH_POINT) {
1783 hdr_trans->to_ds = true;
1784 hdr_trans->from_ds = true;
1785 hdr_trans->mesh = true;
1786 }
1787}
1788
1789static enum mcu_mmps_mode
1790mt7996_mcu_get_mmps_mode(enum ieee80211_smps_mode smps)
1791{
1792 switch (smps) {
1793 case IEEE80211_SMPS_OFF:
1794 return MCU_MMPS_DISABLE;
1795 case IEEE80211_SMPS_STATIC:
1796 return MCU_MMPS_STATIC;
1797 case IEEE80211_SMPS_DYNAMIC:
1798 return MCU_MMPS_DYNAMIC;
1799 default:
1800 return MCU_MMPS_DISABLE;
1801 }
1802}
1803
1804int mt7996_mcu_set_fixed_rate_ctrl(struct mt7996_dev *dev,
1805 void *data, u16 version)
1806{
1807 struct ra_fixed_rate *req;
1808 struct uni_header hdr;
1809 struct sk_buff *skb;
1810 struct tlv *tlv;
1811 int len;
1812
1813 len = sizeof(hdr) + sizeof(*req);
1814
1815 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
1816 if (!skb)
1817 return -ENOMEM;
1818
1819 skb_put_data(skb, &hdr, sizeof(hdr));
1820
1821 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_RA_FIXED_RATE, sizeof(*req));
1822 req = (struct ra_fixed_rate *)tlv;
1823 req->version = cpu_to_le16(version);
1824 memcpy(&req->rate, data, sizeof(req->rate));
1825
1826 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1827 MCU_WM_UNI_CMD(RA), true);
1828}
1829
1830int mt7996_mcu_set_fixed_field(struct mt7996_dev *dev, struct ieee80211_vif *vif,
1831 struct ieee80211_sta *sta, void *data, u32 field)
1832{
1833 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1834 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1835 struct sta_phy_uni *phy = data;
1836 struct sta_rec_ra_fixed_uni *ra;
1837 struct sk_buff *skb;
1838 struct tlv *tlv;
1839
1840 skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1841 &msta->wcid,
1842 MT7996_STA_UPDATE_MAX_SIZE);
1843 if (IS_ERR(skb))
1844 return PTR_ERR(skb);
1845
1846 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA_UPDATE, sizeof(*ra));
1847 ra = (struct sta_rec_ra_fixed_uni *)tlv;
1848
1849 switch (field) {
1850 case RATE_PARAM_AUTO:
1851 break;
1852 case RATE_PARAM_FIXED:
1853 case RATE_PARAM_FIXED_MCS:
1854 case RATE_PARAM_FIXED_GI:
1855 case RATE_PARAM_FIXED_HE_LTF:
1856 if (phy)
1857 ra->phy = *phy;
1858 break;
1859 case RATE_PARAM_MMPS_UPDATE:
1860 ra->mmps_mode = mt7996_mcu_get_mmps_mode(sta->deflink.smps_mode);
1861 break;
1862 default:
1863 break;
1864 }
1865 ra->field = cpu_to_le32(field);
1866
1867 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1868 MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
1869}
1870
1871static int
1872mt7996_mcu_add_rate_ctrl_fixed(struct mt7996_dev *dev, struct ieee80211_vif *vif,
1873 struct ieee80211_sta *sta)
1874{
1875 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1876 struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
1877 struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
1878 enum nl80211_band band = chandef->chan->band;
1879 struct sta_phy_uni phy = {};
1880 int ret, nrates = 0;
1881
1882#define __sta_phy_bitrate_mask_check(_mcs, _gi, _ht, _he) \
1883 do { \
1884 u8 i, gi = mask->control[band]._gi; \
1885 gi = (_he) ? gi : gi == NL80211_TXRATE_FORCE_SGI; \
1886 phy.sgi = gi; \
1887 phy.he_ltf = mask->control[band].he_ltf; \
1888 for (i = 0; i < ARRAY_SIZE(mask->control[band]._mcs); i++) { \
1889 if (!mask->control[band]._mcs[i]) \
1890 continue; \
1891 nrates += hweight16(mask->control[band]._mcs[i]); \
1892 phy.mcs = ffs(mask->control[band]._mcs[i]) - 1; \
1893 if (_ht) \
1894 phy.mcs += 8 * i; \
1895 } \
1896 } while (0)
1897
1898 if (sta->deflink.he_cap.has_he) {
1899 __sta_phy_bitrate_mask_check(he_mcs, he_gi, 0, 1);
1900 } else if (sta->deflink.vht_cap.vht_supported) {
1901 __sta_phy_bitrate_mask_check(vht_mcs, gi, 0, 0);
1902 } else if (sta->deflink.ht_cap.ht_supported) {
1903 __sta_phy_bitrate_mask_check(ht_mcs, gi, 1, 0);
1904 } else {
1905 nrates = hweight32(mask->control[band].legacy);
1906 phy.mcs = ffs(mask->control[band].legacy) - 1;
1907 }
1908#undef __sta_phy_bitrate_mask_check
1909
1910 /* fall back to auto rate control */
1911 if (mask->control[band].gi == NL80211_TXRATE_DEFAULT_GI &&
1912 mask->control[band].he_gi == GENMASK(7, 0) &&
1913 mask->control[band].he_ltf == GENMASK(7, 0) &&
1914 nrates != 1)
1915 return 0;
1916
1917 /* fixed single rate */
1918 if (nrates == 1) {
1919 ret = mt7996_mcu_set_fixed_field(dev, vif, sta, &phy,
1920 RATE_PARAM_FIXED_MCS);
1921 if (ret)
1922 return ret;
1923 }
1924
1925 /* fixed GI */
1926 if (mask->control[band].gi != NL80211_TXRATE_DEFAULT_GI ||
1927 mask->control[band].he_gi != GENMASK(7, 0)) {
1928 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1929 u32 addr;
1930
1931 /* firmware updates only TXCMD but doesn't take WTBL into
1932 * account, so driver should update here to reflect the
1933 * actual txrate hardware sends out.
1934 */
1935 addr = mt7996_mac_wtbl_lmac_addr(dev, msta->wcid.idx, 7);
1936 if (sta->deflink.he_cap.has_he)
1937 mt76_rmw_field(dev, addr, GENMASK(31, 24), phy.sgi);
1938 else
1939 mt76_rmw_field(dev, addr, GENMASK(15, 12), phy.sgi);
1940
1941 ret = mt7996_mcu_set_fixed_field(dev, vif, sta, &phy,
1942 RATE_PARAM_FIXED_GI);
1943 if (ret)
1944 return ret;
1945 }
1946
1947 /* fixed HE_LTF */
1948 if (mask->control[band].he_ltf != GENMASK(7, 0)) {
1949 ret = mt7996_mcu_set_fixed_field(dev, vif, sta, &phy,
1950 RATE_PARAM_FIXED_HE_LTF);
1951 if (ret)
1952 return ret;
1953 }
1954
1955 return 0;
1956}
1957
1958static void
1959mt7996_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb, struct mt7996_dev *dev,
1960 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1961{
1962 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1963 struct mt76_phy *mphy = mvif->phy->mt76;
1964 struct cfg80211_chan_def *chandef = &mphy->chandef;
1965 struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
1966 enum nl80211_band band = chandef->chan->band;
1967 struct sta_rec_ra_uni *ra;
1968 struct tlv *tlv;
1969 u32 supp_rate = sta->deflink.supp_rates[band];
1970 u32 cap = sta->wme ? STA_CAP_WMM : 0;
1971
1972 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA, sizeof(*ra));
1973 ra = (struct sta_rec_ra_uni *)tlv;
1974
1975 ra->valid = true;
1976 ra->auto_rate = true;
1977 ra->phy_mode = mt76_connac_get_phy_mode(mphy, vif, band, sta);
1978 ra->channel = chandef->chan->hw_value;
1979 ra->bw = (sta->deflink.bandwidth == IEEE80211_STA_RX_BW_320) ?
1980 CMD_CBW_320MHZ : sta->deflink.bandwidth;
1981 ra->phy.bw = ra->bw;
1982 ra->mmps_mode = mt7996_mcu_get_mmps_mode(sta->deflink.smps_mode);
1983
1984 if (supp_rate) {
1985 supp_rate &= mask->control[band].legacy;
1986 ra->rate_len = hweight32(supp_rate);
1987
1988 if (band == NL80211_BAND_2GHZ) {
1989 ra->supp_mode = MODE_CCK;
1990 ra->supp_cck_rate = supp_rate & GENMASK(3, 0);
1991
1992 if (ra->rate_len > 4) {
1993 ra->supp_mode |= MODE_OFDM;
1994 ra->supp_ofdm_rate = supp_rate >> 4;
1995 }
1996 } else {
1997 ra->supp_mode = MODE_OFDM;
1998 ra->supp_ofdm_rate = supp_rate;
1999 }
2000 }
2001
2002 if (sta->deflink.ht_cap.ht_supported) {
2003 ra->supp_mode |= MODE_HT;
2004 ra->af = sta->deflink.ht_cap.ampdu_factor;
2005 ra->ht_gf = !!(sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_GRN_FLD);
2006
2007 cap |= STA_CAP_HT;
2008 if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SGI_20)
2009 cap |= STA_CAP_SGI_20;
2010 if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SGI_40)
2011 cap |= STA_CAP_SGI_40;
2012 if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_TX_STBC)
2013 cap |= STA_CAP_TX_STBC;
2014 if (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_RX_STBC)
2015 cap |= STA_CAP_RX_STBC;
2016 if (vif->bss_conf.ht_ldpc &&
2017 (sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING))
2018 cap |= STA_CAP_LDPC;
2019
2020 mt7996_mcu_set_sta_ht_mcs(sta, ra->ht_mcs,
2021 mask->control[band].ht_mcs);
2022 ra->supp_ht_mcs = *(__le32 *)ra->ht_mcs;
2023 }
2024
2025 if (sta->deflink.vht_cap.vht_supported) {
2026 u8 af;
2027
2028 ra->supp_mode |= MODE_VHT;
2029 af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
2030 sta->deflink.vht_cap.cap);
2031 ra->af = max_t(u8, ra->af, af);
2032
2033 cap |= STA_CAP_VHT;
2034 if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80)
2035 cap |= STA_CAP_VHT_SGI_80;
2036 if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160)
2037 cap |= STA_CAP_VHT_SGI_160;
2038 if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_TXSTBC)
2039 cap |= STA_CAP_VHT_TX_STBC;
2040 if (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_RXSTBC_1)
2041 cap |= STA_CAP_VHT_RX_STBC;
2042 if (vif->bss_conf.vht_ldpc &&
2043 (sta->deflink.vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC))
2044 cap |= STA_CAP_VHT_LDPC;
2045
2046 mt7996_mcu_set_sta_vht_mcs(sta, ra->supp_vht_mcs,
2047 mask->control[band].vht_mcs);
2048 }
2049
2050 if (sta->deflink.he_cap.has_he) {
2051 ra->supp_mode |= MODE_HE;
2052 cap |= STA_CAP_HE;
2053
2054 if (sta->deflink.he_6ghz_capa.capa)
2055 ra->af = le16_get_bits(sta->deflink.he_6ghz_capa.capa,
2056 IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP);
2057 }
2058 ra->sta_cap = cpu_to_le32(cap);
2059}
2060
2061int mt7996_mcu_add_rate_ctrl(struct mt7996_dev *dev, struct ieee80211_vif *vif,
2062 struct ieee80211_sta *sta, bool changed)
2063{
2064 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
2065 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
2066 struct sk_buff *skb;
2067 int ret;
2068
2069 skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
2070 &msta->wcid,
2071 MT7996_STA_UPDATE_MAX_SIZE);
2072 if (IS_ERR(skb))
2073 return PTR_ERR(skb);
2074
2075 /* firmware rc algorithm refers to sta_rec_he for HE control.
2076 * once dev->rc_work changes the settings driver should also
2077 * update sta_rec_he here.
2078 */
2079 if (changed)
2080 mt7996_mcu_sta_he_tlv(skb, sta);
2081
2082 /* sta_rec_ra accommodates BW, NSS and only MCS range format
2083 * i.e 0-{7,8,9} for VHT.
2084 */
2085 mt7996_mcu_sta_rate_ctrl_tlv(skb, dev, vif, sta);
2086
2087 ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2088 MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
2089 if (ret)
2090 return ret;
2091
2092 return mt7996_mcu_add_rate_ctrl_fixed(dev, vif, sta);
2093}
2094
2095static int
2096mt7996_mcu_add_group(struct mt7996_dev *dev, struct ieee80211_vif *vif,
2097 struct ieee80211_sta *sta)
2098{
2099#define MT_STA_BSS_GROUP 1
2100 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
2101 struct mt7996_sta *msta;
2102 struct {
2103 u8 __rsv1[4];
2104
2105 __le16 tag;
2106 __le16 len;
2107 __le16 wlan_idx;
2108 u8 __rsv2[2];
2109 __le32 action;
2110 __le32 val;
2111 u8 __rsv3[8];
2112 } __packed req = {
2113 .tag = cpu_to_le16(UNI_VOW_DRR_CTRL),
2114 .len = cpu_to_le16(sizeof(req) - 4),
2115 .action = cpu_to_le32(MT_STA_BSS_GROUP),
2116 .val = cpu_to_le32(mvif->mt76.idx % 16),
2117 };
2118
2119 msta = sta ? (struct mt7996_sta *)sta->drv_priv : &mvif->sta;
2120 req.wlan_idx = cpu_to_le16(msta->wcid.idx);
2121
2122 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(VOW), &req,
2123 sizeof(req), true);
2124}
2125
2126int mt7996_mcu_add_sta(struct mt7996_dev *dev, struct ieee80211_vif *vif,
2127 struct ieee80211_sta *sta, bool enable)
2128{
2129 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
2130 struct mt7996_sta *msta;
2131 struct sk_buff *skb;
2132 int ret;
2133
2134 msta = sta ? (struct mt7996_sta *)sta->drv_priv : &mvif->sta;
2135
2136 skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
2137 &msta->wcid,
2138 MT7996_STA_UPDATE_MAX_SIZE);
2139 if (IS_ERR(skb))
2140 return PTR_ERR(skb);
2141
2142 /* starec basic */
2143 mt76_connac_mcu_sta_basic_tlv(&dev->mt76, skb, vif, sta, enable,
2144 !rcu_access_pointer(dev->mt76.wcid[msta->wcid.idx]));
2145 if (!enable)
2146 goto out;
2147
2148 /* tag order is in accordance with firmware dependency. */
2149 if (sta) {
2150 /* starec hdrt mode */
2151 mt7996_mcu_sta_hdrt_tlv(dev, skb);
2152 /* starec bfer */
2153 mt7996_mcu_sta_bfer_tlv(dev, skb, vif, sta);
2154 /* starec ht */
2155 mt7996_mcu_sta_ht_tlv(skb, sta);
2156 /* starec vht */
2157 mt7996_mcu_sta_vht_tlv(skb, sta);
2158 /* starec uapsd */
2159 mt76_connac_mcu_sta_uapsd(skb, vif, sta);
2160 /* starec amsdu */
2161 mt7996_mcu_sta_amsdu_tlv(dev, skb, vif, sta);
2162 /* starec he */
2163 mt7996_mcu_sta_he_tlv(skb, sta);
2164 /* starec he 6g*/
2165 mt7996_mcu_sta_he_6g_tlv(skb, sta);
2166 /* starec eht */
2167 mt7996_mcu_sta_eht_tlv(skb, sta);
2168 /* starec muru */
2169 mt7996_mcu_sta_muru_tlv(dev, skb, vif, sta);
2170 /* starec bfee */
2171 mt7996_mcu_sta_bfee_tlv(dev, skb, vif, sta);
2172 /* starec hdr trans */
2173 mt7996_mcu_sta_hdr_trans_tlv(dev, skb, vif, sta);
2174 }
2175
2176 ret = mt7996_mcu_add_group(dev, vif, sta);
2177 if (ret) {
2178 dev_kfree_skb(skb);
2179 return ret;
2180 }
2181out:
2182 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2183 MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
2184}
2185
2186static int
2187mt7996_mcu_sta_key_tlv(struct mt76_wcid *wcid,
2188 struct sk_buff *skb,
2189 struct ieee80211_key_conf *key,
2190 enum set_key_cmd cmd)
2191{
2192 struct sta_rec_sec_uni *sec;
2193 struct tlv *tlv;
2194
2195 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_KEY_V2, sizeof(*sec));
2196 sec = (struct sta_rec_sec_uni *)tlv;
2197 sec->add = cmd;
2198
2199 if (cmd == SET_KEY) {
2200 struct sec_key_uni *sec_key;
2201 u8 cipher;
2202
2203 cipher = mt76_connac_mcu_get_cipher(key->cipher);
2204 if (cipher == MCU_CIPHER_NONE)
2205 return -EOPNOTSUPP;
2206
2207 sec_key = &sec->key[0];
2208 sec_key->wlan_idx = cpu_to_le16(wcid->idx);
2209 sec_key->mgmt_prot = 0;
2210 sec_key->cipher_id = cipher;
2211 sec_key->cipher_len = sizeof(*sec_key);
2212 sec_key->key_id = key->keyidx;
2213 sec_key->key_len = key->keylen;
2214 sec_key->need_resp = 0;
2215 memcpy(sec_key->key, key->key, key->keylen);
2216
2217 if (cipher == MCU_CIPHER_TKIP) {
2218 /* Rx/Tx MIC keys are swapped */
2219 memcpy(sec_key->key + 16, key->key + 24, 8);
2220 memcpy(sec_key->key + 24, key->key + 16, 8);
2221 }
2222
2223 sec->n_cipher = 1;
2224 } else {
2225 sec->n_cipher = 0;
2226 }
2227
2228 return 0;
2229}
2230
2231int mt7996_mcu_add_key(struct mt76_dev *dev, struct ieee80211_vif *vif,
2232 struct ieee80211_key_conf *key, int mcu_cmd,
2233 struct mt76_wcid *wcid, enum set_key_cmd cmd)
2234{
2235 struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
2236 struct sk_buff *skb;
2237 int ret;
2238
2239 skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, wcid,
2240 MT7996_STA_UPDATE_MAX_SIZE);
2241 if (IS_ERR(skb))
2242 return PTR_ERR(skb);
2243
2244 ret = mt7996_mcu_sta_key_tlv(wcid, skb, key, cmd);
2245 if (ret)
2246 return ret;
2247
2248 return mt76_mcu_skb_send_msg(dev, skb, mcu_cmd, true);
2249}
2250
2251static int mt7996_mcu_get_pn(struct mt7996_dev *dev, struct ieee80211_vif *vif,
2252 u8 *pn)
2253{
2254#define TSC_TYPE_BIGTK_PN 2
2255 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
2256 struct sta_rec_pn_info *pn_info;
2257 struct sk_buff *skb, *rskb;
2258 struct tlv *tlv;
2259 int ret;
2260
2261 skb = mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76, &mvif->sta.wcid);
2262 if (IS_ERR(skb))
2263 return PTR_ERR(skb);
2264
2265 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_PN_INFO, sizeof(*pn_info));
2266 pn_info = (struct sta_rec_pn_info *)tlv;
2267
2268 pn_info->tsc_type = TSC_TYPE_BIGTK_PN;
2269 ret = mt76_mcu_skb_send_and_get_msg(&dev->mt76, skb,
2270 MCU_WM_UNI_CMD_QUERY(STA_REC_UPDATE),
2271 true, &rskb);
2272 if (ret)
2273 return ret;
2274
2275 skb_pull(rskb, 4);
2276
2277 pn_info = (struct sta_rec_pn_info *)rskb->data;
2278 if (le16_to_cpu(pn_info->tag) == STA_REC_PN_INFO)
2279 memcpy(pn, pn_info->pn, 6);
2280
2281 dev_kfree_skb(rskb);
2282 return 0;
2283}
2284
2285int mt7996_mcu_bcn_prot_enable(struct mt7996_dev *dev, struct ieee80211_vif *vif,
2286 struct ieee80211_key_conf *key)
2287{
2288 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
2289 struct mt7996_mcu_bcn_prot_tlv *bcn_prot;
2290 struct sk_buff *skb;
2291 struct tlv *tlv;
2292 u8 pn[6] = {};
2293 int len = sizeof(struct bss_req_hdr) +
2294 sizeof(struct mt7996_mcu_bcn_prot_tlv);
2295 int ret;
2296
2297 skb = __mt7996_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76, len);
2298 if (IS_ERR(skb))
2299 return PTR_ERR(skb);
2300
2301 tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_BCN_PROT, sizeof(*bcn_prot));
2302
2303 bcn_prot = (struct mt7996_mcu_bcn_prot_tlv *)tlv;
2304
2305 ret = mt7996_mcu_get_pn(dev, vif, pn);
2306 if (ret) {
2307 dev_kfree_skb(skb);
2308 return ret;
2309 }
2310
2311 switch (key->cipher) {
2312 case WLAN_CIPHER_SUITE_AES_CMAC:
2313 bcn_prot->cipher_id = MCU_CIPHER_BCN_PROT_CMAC_128;
2314 break;
2315 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
2316 bcn_prot->cipher_id = MCU_CIPHER_BCN_PROT_GMAC_128;
2317 break;
2318 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
2319 bcn_prot->cipher_id = MCU_CIPHER_BCN_PROT_GMAC_256;
2320 break;
2321 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
2322 default:
2323 dev_err(dev->mt76.dev, "Not supported Bigtk Cipher\n");
2324 dev_kfree_skb(skb);
2325 return -EOPNOTSUPP;
2326 }
2327
2328 pn[0]++;
2329 memcpy(bcn_prot->pn, pn, 6);
2330 bcn_prot->enable = BP_SW_MODE;
2331 memcpy(bcn_prot->key, key->key, WLAN_MAX_KEY_LEN);
2332 bcn_prot->key_id = key->keyidx;
2333
2334 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2335 MCU_WMWA_UNI_CMD(BSS_INFO_UPDATE), true);
2336}
2337int mt7996_mcu_add_dev_info(struct mt7996_phy *phy,
2338 struct ieee80211_vif *vif, bool enable)
2339{
2340 struct mt7996_dev *dev = phy->dev;
2341 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
2342 struct {
2343 struct req_hdr {
2344 u8 omac_idx;
2345 u8 band_idx;
2346 u8 __rsv[2];
2347 } __packed hdr;
2348 struct req_tlv {
2349 __le16 tag;
2350 __le16 len;
2351 u8 active;
2352 u8 __rsv;
2353 u8 omac_addr[ETH_ALEN];
2354 } __packed tlv;
2355 } data = {
2356 .hdr = {
2357 .omac_idx = mvif->mt76.omac_idx,
2358 .band_idx = mvif->mt76.band_idx,
2359 },
2360 .tlv = {
2361 .tag = cpu_to_le16(DEV_INFO_ACTIVE),
2362 .len = cpu_to_le16(sizeof(struct req_tlv)),
2363 .active = enable,
2364 },
2365 };
2366
2367 if (mvif->mt76.omac_idx >= REPEATER_BSSID_START)
2368 return mt7996_mcu_muar_config(phy, vif, false, enable);
2369
2370 memcpy(data.tlv.omac_addr, vif->addr, ETH_ALEN);
2371 return mt76_mcu_send_msg(&dev->mt76, MCU_WMWA_UNI_CMD(DEV_INFO_UPDATE),
2372 &data, sizeof(data), true);
2373}
2374
2375static void
2376mt7996_mcu_beacon_cntdwn(struct ieee80211_vif *vif, struct sk_buff *rskb,
2377 struct sk_buff *skb,
2378 struct ieee80211_mutable_offsets *offs)
2379{
2380 struct bss_bcn_cntdwn_tlv *info;
2381 struct tlv *tlv;
2382 u16 tag;
2383
2384 if (!offs->cntdwn_counter_offs[0])
2385 return;
2386
2387 tag = vif->bss_conf.csa_active ? UNI_BSS_INFO_BCN_CSA : UNI_BSS_INFO_BCN_BCC;
2388
2389 tlv = mt7996_mcu_add_uni_tlv(rskb, tag, sizeof(*info));
2390
2391 info = (struct bss_bcn_cntdwn_tlv *)tlv;
2392 info->cnt = skb->data[offs->cntdwn_counter_offs[0]];
2393}
2394
2395static void
2396mt7996_mcu_beacon_mbss(struct sk_buff *rskb, struct sk_buff *skb,
2397 struct ieee80211_vif *vif, struct bss_bcn_content_tlv *bcn,
2398 struct ieee80211_mutable_offsets *offs)
2399{
2400 struct bss_bcn_mbss_tlv *mbss;
2401 const struct element *elem;
2402 struct tlv *tlv;
2403
2404 if (!vif->bss_conf.bssid_indicator)
2405 return;
2406
2407 tlv = mt7996_mcu_add_uni_tlv(rskb, UNI_BSS_INFO_BCN_MBSSID, sizeof(*mbss));
2408
2409 mbss = (struct bss_bcn_mbss_tlv *)tlv;
2410 mbss->offset[0] = cpu_to_le16(offs->tim_offset);
2411 mbss->bitmap = cpu_to_le32(1);
2412
2413 for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID,
2414 &skb->data[offs->mbssid_off],
2415 skb->len - offs->mbssid_off) {
2416 const struct element *sub_elem;
2417
2418 if (elem->datalen < 2)
2419 continue;
2420
2421 for_each_element(sub_elem, elem->data + 1, elem->datalen - 1) {
2422 const struct ieee80211_bssid_index *idx;
2423 const u8 *idx_ie;
2424
2425 /* not a valid BSS profile */
2426 if (sub_elem->id || sub_elem->datalen < 4)
2427 continue;
2428
2429 /* Find WLAN_EID_MULTI_BSSID_IDX
2430 * in the merged nontransmitted profile
2431 */
2432 idx_ie = cfg80211_find_ie(WLAN_EID_MULTI_BSSID_IDX,
2433 sub_elem->data, sub_elem->datalen);
2434 if (!idx_ie || idx_ie[1] < sizeof(*idx))
2435 continue;
2436
2437 idx = (void *)(idx_ie + 2);
2438 if (!idx->bssid_index || idx->bssid_index > 31)
2439 continue;
2440
2441 mbss->offset[idx->bssid_index] = cpu_to_le16(idx_ie -
2442 skb->data);
2443 mbss->bitmap |= cpu_to_le32(BIT(idx->bssid_index));
2444 }
2445 }
2446}
2447
2448static void
2449mt7996_mcu_beacon_cont(struct mt7996_dev *dev, struct ieee80211_vif *vif,
2450 struct sk_buff *rskb, struct sk_buff *skb,
2451 struct bss_bcn_content_tlv *bcn,
2452 struct ieee80211_mutable_offsets *offs)
2453{
2454 struct mt76_wcid *wcid = &dev->mt76.global_wcid;
2455 u8 *buf;
2456
2457 bcn->pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
2458 bcn->tim_ie_pos = cpu_to_le16(offs->tim_offset);
2459
2460 if (offs->cntdwn_counter_offs[0]) {
2461 u16 offset = offs->cntdwn_counter_offs[0];
2462
2463 if (vif->bss_conf.csa_active)
2464 bcn->csa_ie_pos = cpu_to_le16(offset - 4);
2465 if (vif->bss_conf.color_change_active)
2466 bcn->bcc_ie_pos = cpu_to_le16(offset - 3);
2467 }
2468
2469 buf = (u8 *)bcn + sizeof(*bcn);
2470 mt7996_mac_write_txwi(dev, (__le32 *)buf, skb, wcid, NULL, 0, 0,
2471 BSS_CHANGED_BEACON);
2472
2473 memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
2474}
2475
2476int mt7996_mcu_add_beacon(struct ieee80211_hw *hw,
2477 struct ieee80211_vif *vif, int en)
2478{
2479 struct mt7996_dev *dev = mt7996_hw_dev(hw);
2480 struct mt7996_phy *phy = mt7996_hw_phy(hw);
2481 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
2482 struct ieee80211_mutable_offsets offs;
2483 struct ieee80211_tx_info *info;
2484 struct sk_buff *skb, *rskb;
2485 struct tlv *tlv;
2486 struct bss_bcn_content_tlv *bcn;
2487 int len;
2488
2489 if (vif->bss_conf.nontransmitted)
2490 return 0;
2491
2492 rskb = __mt7996_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76,
2493 MT7996_MAX_BSS_OFFLOAD_SIZE);
2494 if (IS_ERR(rskb))
2495 return PTR_ERR(rskb);
2496
2497 skb = ieee80211_beacon_get_template(hw, vif, &offs, 0);
2498 if (!skb) {
2499 dev_kfree_skb(rskb);
2500 return -EINVAL;
2501 }
2502
2503 if (skb->len > MT7996_MAX_BEACON_SIZE) {
2504 dev_err(dev->mt76.dev, "Bcn size limit exceed\n");
2505 dev_kfree_skb(rskb);
2506 dev_kfree_skb(skb);
2507 return -EINVAL;
2508 }
2509
2510 info = IEEE80211_SKB_CB(skb);
2511 info->hw_queue |= FIELD_PREP(MT_TX_HW_QUEUE_PHY, phy->mt76->band_idx);
2512
2513 len = sizeof(*bcn) + MT_TXD_SIZE + skb->len;
2514 tlv = mt7996_mcu_add_uni_tlv(rskb, UNI_BSS_INFO_BCN_CONTENT, len);
2515 bcn = (struct bss_bcn_content_tlv *)tlv;
2516 bcn->enable = en;
2517 if (!en)
2518 goto out;
2519
2520 mt7996_mcu_beacon_cont(dev, vif, rskb, skb, bcn, &offs);
2521 mt7996_mcu_beacon_mbss(rskb, skb, vif, bcn, &offs);
2522 mt7996_mcu_beacon_cntdwn(vif, rskb, skb, &offs);
2523out:
2524 dev_kfree_skb(skb);
2525 return mt76_mcu_skb_send_msg(&phy->dev->mt76, rskb,
2526 MCU_WMWA_UNI_CMD(BSS_INFO_UPDATE), true);
2527}
2528
2529int mt7996_mcu_beacon_inband_discov(struct mt7996_dev *dev,
2530 struct ieee80211_vif *vif, u32 changed)
2531{
2532#define OFFLOAD_TX_MODE_SU BIT(0)
2533#define OFFLOAD_TX_MODE_MU BIT(1)
2534 struct ieee80211_hw *hw = mt76_hw(dev);
2535 struct mt7996_phy *phy = mt7996_hw_phy(hw);
2536 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
2537 struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
2538 enum nl80211_band band = chandef->chan->band;
2539 struct mt76_wcid *wcid = &dev->mt76.global_wcid;
2540 struct bss_inband_discovery_tlv *discov;
2541 struct ieee80211_tx_info *info;
2542 struct sk_buff *rskb, *skb = NULL;
2543 struct tlv *tlv;
2544 u8 *buf, interval;
2545 int len;
2546
2547 if (vif->bss_conf.nontransmitted)
2548 return 0;
2549
2550 rskb = __mt7996_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76,
2551 MT7996_MAX_BSS_OFFLOAD_SIZE);
2552 if (IS_ERR(rskb))
2553 return PTR_ERR(rskb);
2554
2555 if (changed & BSS_CHANGED_FILS_DISCOVERY &&
2556 vif->bss_conf.fils_discovery.max_interval) {
2557 interval = vif->bss_conf.fils_discovery.max_interval;
2558 skb = ieee80211_get_fils_discovery_tmpl(hw, vif);
2559 } else if (changed & BSS_CHANGED_UNSOL_BCAST_PROBE_RESP &&
2560 vif->bss_conf.unsol_bcast_probe_resp_interval) {
2561 interval = vif->bss_conf.unsol_bcast_probe_resp_interval;
2562 skb = ieee80211_get_unsol_bcast_probe_resp_tmpl(hw, vif);
2563 }
2564
2565 if (!skb) {
2566 dev_kfree_skb(rskb);
2567 return -EINVAL;
2568 }
2569
2570 if (skb->len > MT7996_MAX_BEACON_SIZE) {
2571 dev_err(dev->mt76.dev, "inband discovery size limit exceed\n");
2572 dev_kfree_skb(rskb);
2573 dev_kfree_skb(skb);
2574 return -EINVAL;
2575 }
2576
2577 info = IEEE80211_SKB_CB(skb);
2578 info->control.vif = vif;
2579 info->band = band;
2580 info->hw_queue |= FIELD_PREP(MT_TX_HW_QUEUE_PHY, phy->mt76->band_idx);
2581
2582 len = sizeof(*discov) + MT_TXD_SIZE + skb->len;
2583
2584 tlv = mt7996_mcu_add_uni_tlv(rskb, UNI_BSS_INFO_OFFLOAD, len);
2585
2586 discov = (struct bss_inband_discovery_tlv *)tlv;
2587 discov->tx_mode = OFFLOAD_TX_MODE_SU;
2588 /* 0: UNSOL PROBE RESP, 1: FILS DISCOV */
2589 discov->tx_type = !!(changed & BSS_CHANGED_FILS_DISCOVERY);
2590 discov->tx_interval = interval;
2591 discov->prob_rsp_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
2592 discov->enable = true;
2593 discov->wcid = cpu_to_le16(MT7996_WTBL_RESERVED);
2594
2595 buf = (u8 *)tlv + sizeof(*discov);
2596
2597 mt7996_mac_write_txwi(dev, (__le32 *)buf, skb, wcid, NULL, 0, 0, changed);
2598
2599 memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
2600
2601 dev_kfree_skb(skb);
2602
2603 return mt76_mcu_skb_send_msg(&dev->mt76, rskb,
2604 MCU_WMWA_UNI_CMD(BSS_INFO_UPDATE), true);
2605}
2606
2607static int mt7996_driver_own(struct mt7996_dev *dev, u8 band)
2608{
2609 mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(band), MT_TOP_LPCR_HOST_DRV_OWN);
2610 if (!mt76_poll_msec(dev, MT_TOP_LPCR_HOST_BAND(band),
2611 MT_TOP_LPCR_HOST_FW_OWN_STAT, 0, 500)) {
2612 dev_err(dev->mt76.dev, "Timeout for driver own\n");
2613 return -EIO;
2614 }
2615
2616 /* clear irq when the driver own success */
2617 mt76_wr(dev, MT_TOP_LPCR_HOST_BAND_IRQ_STAT(band),
2618 MT_TOP_LPCR_HOST_BAND_STAT);
2619
2620 return 0;
2621}
2622
2623static u32 mt7996_patch_sec_mode(u32 key_info)
2624{
2625 u32 sec = u32_get_bits(key_info, MT7996_PATCH_SEC), key = 0;
2626
2627 if (key_info == GENMASK(31, 0) || sec == MT7996_SEC_MODE_PLAIN)
2628 return 0;
2629
2630 if (sec == MT7996_SEC_MODE_AES)
2631 key = u32_get_bits(key_info, MT7996_PATCH_AES_KEY);
2632 else
2633 key = u32_get_bits(key_info, MT7996_PATCH_SCRAMBLE_KEY);
2634
2635 return MT7996_SEC_ENCRYPT | MT7996_SEC_IV |
2636 u32_encode_bits(key, MT7996_SEC_KEY_IDX);
2637}
2638
2639static int mt7996_load_patch(struct mt7996_dev *dev)
2640{
2641 const struct mt7996_patch_hdr *hdr;
2642 const struct firmware *fw = NULL;
2643 int i, ret, sem;
2644
2645 sem = mt76_connac_mcu_patch_sem_ctrl(&dev->mt76, 1);
2646 switch (sem) {
2647 case PATCH_IS_DL:
2648 return 0;
2649 case PATCH_NOT_DL_SEM_SUCCESS:
2650 break;
2651 default:
2652 dev_err(dev->mt76.dev, "Failed to get patch semaphore\n");
2653 return -EAGAIN;
2654 }
2655
2656 ret = request_firmware(&fw, fw_name(dev, ROM_PATCH), dev->mt76.dev);
2657 if (ret)
2658 goto out;
2659
2660 if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2661 dev_err(dev->mt76.dev, "Invalid firmware\n");
2662 ret = -EINVAL;
2663 goto out;
2664 }
2665
2666 hdr = (const struct mt7996_patch_hdr *)(fw->data);
2667
2668 dev_info(dev->mt76.dev, "HW/SW Version: 0x%x, Build Time: %.16s\n",
2669 be32_to_cpu(hdr->hw_sw_ver), hdr->build_date);
2670
2671 for (i = 0; i < be32_to_cpu(hdr->desc.n_region); i++) {
2672 struct mt7996_patch_sec *sec;
2673 const u8 *dl;
2674 u32 len, addr, sec_key_idx, mode = DL_MODE_NEED_RSP;
2675
2676 sec = (struct mt7996_patch_sec *)(fw->data + sizeof(*hdr) +
2677 i * sizeof(*sec));
2678 if ((be32_to_cpu(sec->type) & PATCH_SEC_TYPE_MASK) !=
2679 PATCH_SEC_TYPE_INFO) {
2680 ret = -EINVAL;
2681 goto out;
2682 }
2683
2684 addr = be32_to_cpu(sec->info.addr);
2685 len = be32_to_cpu(sec->info.len);
2686 sec_key_idx = be32_to_cpu(sec->info.sec_key_idx);
2687 dl = fw->data + be32_to_cpu(sec->offs);
2688
2689 mode |= mt7996_patch_sec_mode(sec_key_idx);
2690
2691 ret = mt76_connac_mcu_init_download(&dev->mt76, addr, len,
2692 mode);
2693 if (ret) {
2694 dev_err(dev->mt76.dev, "Download request failed\n");
2695 goto out;
2696 }
2697
2698 ret = __mt76_mcu_send_firmware(&dev->mt76, MCU_CMD(FW_SCATTER),
2699 dl, len, 4096);
2700 if (ret) {
2701 dev_err(dev->mt76.dev, "Failed to send patch\n");
2702 goto out;
2703 }
2704 }
2705
2706 ret = mt76_connac_mcu_start_patch(&dev->mt76);
2707 if (ret)
2708 dev_err(dev->mt76.dev, "Failed to start patch\n");
2709
2710out:
2711 sem = mt76_connac_mcu_patch_sem_ctrl(&dev->mt76, 0);
2712 switch (sem) {
2713 case PATCH_REL_SEM_SUCCESS:
2714 break;
2715 default:
2716 ret = -EAGAIN;
2717 dev_err(dev->mt76.dev, "Failed to release patch semaphore\n");
2718 break;
2719 }
2720 release_firmware(fw);
2721
2722 return ret;
2723}
2724
2725static int
2726mt7996_mcu_send_ram_firmware(struct mt7996_dev *dev,
2727 const struct mt7996_fw_trailer *hdr,
2728 const u8 *data, enum mt7996_ram_type type)
2729{
2730 int i, offset = 0;
2731 u32 override = 0, option = 0;
2732
2733 for (i = 0; i < hdr->n_region; i++) {
2734 const struct mt7996_fw_region *region;
2735 int err;
2736 u32 len, addr, mode;
2737
2738 region = (const struct mt7996_fw_region *)((const u8 *)hdr -
2739 (hdr->n_region - i) * sizeof(*region));
2740 /* DSP and WA use same mode */
2741 mode = mt76_connac_mcu_gen_dl_mode(&dev->mt76,
2742 region->feature_set,
2743 type != MT7996_RAM_TYPE_WM);
2744 len = le32_to_cpu(region->len);
2745 addr = le32_to_cpu(region->addr);
2746
2747 if (region->feature_set & FW_FEATURE_OVERRIDE_ADDR)
2748 override = addr;
2749
2750 err = mt76_connac_mcu_init_download(&dev->mt76, addr, len,
2751 mode);
2752 if (err) {
2753 dev_err(dev->mt76.dev, "Download request failed\n");
2754 return err;
2755 }
2756
2757 err = __mt76_mcu_send_firmware(&dev->mt76, MCU_CMD(FW_SCATTER),
2758 data + offset, len, 4096);
2759 if (err) {
2760 dev_err(dev->mt76.dev, "Failed to send firmware.\n");
2761 return err;
2762 }
2763
2764 offset += len;
2765 }
2766
2767 if (override)
2768 option |= FW_START_OVERRIDE;
2769
2770 if (type == MT7996_RAM_TYPE_WA)
2771 option |= FW_START_WORKING_PDA_CR4;
2772 else if (type == MT7996_RAM_TYPE_DSP)
2773 option |= FW_START_WORKING_PDA_DSP;
2774
2775 return mt76_connac_mcu_start_firmware(&dev->mt76, override, option);
2776}
2777
2778static int __mt7996_load_ram(struct mt7996_dev *dev, const char *fw_type,
2779 const char *fw_file, enum mt7996_ram_type ram_type)
2780{
2781 const struct mt7996_fw_trailer *hdr;
2782 const struct firmware *fw;
2783 int ret;
2784
2785 ret = request_firmware(&fw, fw_file, dev->mt76.dev);
2786 if (ret)
2787 return ret;
2788
2789 if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2790 dev_err(dev->mt76.dev, "Invalid firmware\n");
2791 ret = -EINVAL;
2792 goto out;
2793 }
2794
2795 hdr = (const void *)(fw->data + fw->size - sizeof(*hdr));
2796 dev_info(dev->mt76.dev, "%s Firmware Version: %.10s, Build Time: %.15s\n",
2797 fw_type, hdr->fw_ver, hdr->build_date);
2798
2799 ret = mt7996_mcu_send_ram_firmware(dev, hdr, fw->data, ram_type);
2800 if (ret) {
2801 dev_err(dev->mt76.dev, "Failed to start %s firmware\n", fw_type);
2802 goto out;
2803 }
2804
2805 snprintf(dev->mt76.hw->wiphy->fw_version,
2806 sizeof(dev->mt76.hw->wiphy->fw_version),
2807 "%.10s-%.15s", hdr->fw_ver, hdr->build_date);
2808
2809out:
2810 release_firmware(fw);
2811
2812 return ret;
2813}
2814
2815static int mt7996_load_ram(struct mt7996_dev *dev)
2816{
2817 int ret;
2818
2819 ret = __mt7996_load_ram(dev, "WM", fw_name(dev, FIRMWARE_WM),
2820 MT7996_RAM_TYPE_WM);
2821 if (ret)
2822 return ret;
2823
2824 ret = __mt7996_load_ram(dev, "DSP", fw_name(dev, FIRMWARE_DSP),
2825 MT7996_RAM_TYPE_DSP);
2826 if (ret)
2827 return ret;
2828
2829 return __mt7996_load_ram(dev, "WA", fw_name(dev, FIRMWARE_WA),
2830 MT7996_RAM_TYPE_WA);
2831}
2832
2833static int
2834mt7996_firmware_state(struct mt7996_dev *dev, bool wa)
2835{
2836 u32 state = FIELD_PREP(MT_TOP_MISC_FW_STATE,
2837 wa ? FW_STATE_RDY : FW_STATE_FW_DOWNLOAD);
2838
2839 if (!mt76_poll_msec(dev, MT_TOP_MISC, MT_TOP_MISC_FW_STATE,
2840 state, 1000)) {
2841 dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
2842 return -EIO;
2843 }
2844 return 0;
2845}
2846
2847static int
2848mt7996_mcu_restart(struct mt76_dev *dev)
2849{
2850 struct {
2851 u8 __rsv1[4];
2852
2853 __le16 tag;
2854 __le16 len;
2855 u8 power_mode;
2856 u8 __rsv2[3];
2857 } __packed req = {
2858 .tag = cpu_to_le16(UNI_POWER_OFF),
2859 .len = cpu_to_le16(sizeof(req) - 4),
2860 .power_mode = 1,
2861 };
2862
2863 return mt76_mcu_send_msg(dev, MCU_WM_UNI_CMD(POWER_CTRL), &req,
2864 sizeof(req), false);
2865}
2866
2867static int mt7996_load_firmware(struct mt7996_dev *dev)
2868{
2869 int ret;
2870
2871 /* make sure fw is download state */
2872 if (mt7996_firmware_state(dev, false)) {
2873 /* restart firmware once */
2874 mt7996_mcu_restart(&dev->mt76);
2875 ret = mt7996_firmware_state(dev, false);
2876 if (ret) {
2877 dev_err(dev->mt76.dev,
2878 "Firmware is not ready for download\n");
2879 return ret;
2880 }
2881 }
2882
2883 ret = mt7996_load_patch(dev);
2884 if (ret)
2885 return ret;
2886
2887 ret = mt7996_load_ram(dev);
2888 if (ret)
2889 return ret;
2890
2891 ret = mt7996_firmware_state(dev, true);
2892 if (ret)
2893 return ret;
2894
2895 mt76_queue_tx_cleanup(dev, dev->mt76.q_mcu[MT_MCUQ_FWDL], false);
2896
2897 dev_dbg(dev->mt76.dev, "Firmware init done\n");
2898
2899 return 0;
2900}
2901
2902int mt7996_mcu_fw_log_2_host(struct mt7996_dev *dev, u8 type, u8 ctrl)
2903{
2904 struct {
2905 u8 _rsv[4];
2906
2907 __le16 tag;
2908 __le16 len;
2909 u8 ctrl;
2910 u8 interval;
2911 u8 _rsv2[2];
2912 } __packed data = {
2913 .tag = cpu_to_le16(UNI_WSYS_CONFIG_FW_LOG_CTRL),
2914 .len = cpu_to_le16(sizeof(data) - 4),
2915 .ctrl = ctrl,
2916 };
2917
2918 if (type == MCU_FW_LOG_WA)
2919 return mt76_mcu_send_msg(&dev->mt76, MCU_WA_UNI_CMD(WSYS_CONFIG),
2920 &data, sizeof(data), true);
2921
2922 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(WSYS_CONFIG), &data,
2923 sizeof(data), true);
2924}
2925
2926int mt7996_mcu_fw_dbg_ctrl(struct mt7996_dev *dev, u32 module, u8 level)
2927{
2928 struct {
2929 u8 _rsv[4];
2930
2931 __le16 tag;
2932 __le16 len;
2933 __le32 module_idx;
2934 u8 level;
2935 u8 _rsv2[3];
2936 } data = {
2937 .tag = cpu_to_le16(UNI_WSYS_CONFIG_FW_DBG_CTRL),
2938 .len = cpu_to_le16(sizeof(data) - 4),
2939 .module_idx = cpu_to_le32(module),
2940 .level = level,
2941 };
2942
2943 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(WSYS_CONFIG), &data,
2944 sizeof(data), false);
2945}
2946
2947static int mt7996_mcu_set_mwds(struct mt7996_dev *dev, bool enabled)
2948{
2949 struct {
2950 u8 enable;
2951 u8 _rsv[3];
2952 } __packed req = {
2953 .enable = enabled
2954 };
2955
2956 return mt76_mcu_send_msg(&dev->mt76, MCU_WA_EXT_CMD(MWDS_SUPPORT), &req,
2957 sizeof(req), false);
2958}
2959
2960static void mt7996_add_rx_airtime_tlv(struct sk_buff *skb, u8 band_idx)
2961{
2962 struct vow_rx_airtime *req;
2963 struct tlv *tlv;
2964
2965 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_VOW_RX_AT_AIRTIME_CLR_EN, sizeof(*req));
2966 req = (struct vow_rx_airtime *)tlv;
2967 req->enable = true;
2968 req->band = band_idx;
2969
2970 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_VOW_RX_AT_AIRTIME_EN, sizeof(*req));
2971 req = (struct vow_rx_airtime *)tlv;
2972 req->enable = true;
2973 req->band = band_idx;
2974}
2975
2976static int
2977mt7996_mcu_init_rx_airtime(struct mt7996_dev *dev)
2978{
2979 struct uni_header hdr = {};
2980 struct sk_buff *skb;
2981 int len, num, i;
2982
2983 num = 2 + 2 * (mt7996_band_valid(dev, MT_BAND1) +
2984 mt7996_band_valid(dev, MT_BAND2));
2985 len = sizeof(hdr) + num * sizeof(struct vow_rx_airtime);
2986 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
2987 if (!skb)
2988 return -ENOMEM;
2989
2990 skb_put_data(skb, &hdr, sizeof(hdr));
2991
2992 for (i = 0; i < __MT_MAX_BAND; i++) {
2993 if (mt7996_band_valid(dev, i))
2994 mt7996_add_rx_airtime_tlv(skb, i);
2995 }
2996
2997 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2998 MCU_WM_UNI_CMD(VOW), true);
2999}
3000
3001int mt7996_mcu_init_firmware(struct mt7996_dev *dev)
3002{
3003 int ret;
3004
3005 /* force firmware operation mode into normal state,
3006 * which should be set before firmware download stage.
3007 */
3008 mt76_wr(dev, MT_SWDEF_MODE, MT_SWDEF_NORMAL_MODE);
3009
3010 ret = mt7996_driver_own(dev, 0);
3011 if (ret)
3012 return ret;
3013 /* set driver own for band1 when two hif exist */
3014 if (dev->hif2) {
3015 ret = mt7996_driver_own(dev, 1);
3016 if (ret)
3017 return ret;
3018 }
3019
3020 ret = mt7996_load_firmware(dev);
3021 if (ret)
3022 return ret;
3023
3024 set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
3025 ret = mt7996_mcu_fw_log_2_host(dev, MCU_FW_LOG_WM, 0);
3026 if (ret)
3027 return ret;
3028
3029 ret = mt7996_mcu_fw_log_2_host(dev, MCU_FW_LOG_WA, 0);
3030 if (ret)
3031 return ret;
3032
3033 ret = mt7996_mcu_set_mwds(dev, 1);
3034 if (ret)
3035 return ret;
3036
3037 ret = mt7996_mcu_init_rx_airtime(dev);
3038 if (ret)
3039 return ret;
3040
3041 return mt7996_mcu_wa_cmd(dev, MCU_WA_PARAM_CMD(SET),
3042 MCU_WA_PARAM_RED, 0, 0);
3043}
3044
3045int mt7996_mcu_init(struct mt7996_dev *dev)
3046{
3047 static const struct mt76_mcu_ops mt7996_mcu_ops = {
3048 .headroom = sizeof(struct mt76_connac2_mcu_txd), /* reuse */
3049 .mcu_skb_send_msg = mt7996_mcu_send_message,
3050 .mcu_parse_response = mt7996_mcu_parse_response,
3051 };
3052
3053 dev->mt76.mcu_ops = &mt7996_mcu_ops;
3054
3055 return mt7996_mcu_init_firmware(dev);
3056}
3057
3058void mt7996_mcu_exit(struct mt7996_dev *dev)
3059{
3060 mt7996_mcu_restart(&dev->mt76);
3061 if (mt7996_firmware_state(dev, false)) {
3062 dev_err(dev->mt76.dev, "Failed to exit mcu\n");
3063 goto out;
3064 }
3065
3066 mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(0), MT_TOP_LPCR_HOST_FW_OWN);
3067 if (dev->hif2)
3068 mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(1),
3069 MT_TOP_LPCR_HOST_FW_OWN);
3070out:
3071 skb_queue_purge(&dev->mt76.mcu.res_q);
3072}
3073
3074int mt7996_mcu_set_hdr_trans(struct mt7996_dev *dev, bool hdr_trans)
3075{
3076 struct {
3077 u8 __rsv[4];
3078 } __packed hdr;
3079 struct hdr_trans_blacklist *req_blacklist;
3080 struct hdr_trans_en *req_en;
3081 struct sk_buff *skb;
3082 struct tlv *tlv;
3083 int len = MT7996_HDR_TRANS_MAX_SIZE + sizeof(hdr);
3084
3085 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
3086 if (!skb)
3087 return -ENOMEM;
3088
3089 skb_put_data(skb, &hdr, sizeof(hdr));
3090
3091 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_HDR_TRANS_EN, sizeof(*req_en));
3092 req_en = (struct hdr_trans_en *)tlv;
3093 req_en->enable = hdr_trans;
3094
3095 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_HDR_TRANS_VLAN,
3096 sizeof(struct hdr_trans_vlan));
3097
3098 if (hdr_trans) {
3099 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_HDR_TRANS_BLACKLIST,
3100 sizeof(*req_blacklist));
3101 req_blacklist = (struct hdr_trans_blacklist *)tlv;
3102 req_blacklist->enable = 1;
3103 req_blacklist->type = cpu_to_le16(ETH_P_PAE);
3104 }
3105
3106 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
3107 MCU_WM_UNI_CMD(RX_HDR_TRANS), true);
3108}
3109
3110int mt7996_mcu_set_tx(struct mt7996_dev *dev, struct ieee80211_vif *vif)
3111{
3112#define MCU_EDCA_AC_PARAM 0
3113#define WMM_AIFS_SET BIT(0)
3114#define WMM_CW_MIN_SET BIT(1)
3115#define WMM_CW_MAX_SET BIT(2)
3116#define WMM_TXOP_SET BIT(3)
3117#define WMM_PARAM_SET (WMM_AIFS_SET | WMM_CW_MIN_SET | \
3118 WMM_CW_MAX_SET | WMM_TXOP_SET)
3119 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
3120 struct {
3121 u8 bss_idx;
3122 u8 __rsv[3];
3123 } __packed hdr = {
3124 .bss_idx = mvif->mt76.idx,
3125 };
3126 struct sk_buff *skb;
3127 int len = sizeof(hdr) + IEEE80211_NUM_ACS * sizeof(struct edca);
3128 int ac;
3129
3130 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
3131 if (!skb)
3132 return -ENOMEM;
3133
3134 skb_put_data(skb, &hdr, sizeof(hdr));
3135
3136 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3137 struct ieee80211_tx_queue_params *q = &mvif->queue_params[ac];
3138 struct edca *e;
3139 struct tlv *tlv;
3140
3141 tlv = mt7996_mcu_add_uni_tlv(skb, MCU_EDCA_AC_PARAM, sizeof(*e));
3142
3143 e = (struct edca *)tlv;
3144 e->set = WMM_PARAM_SET;
3145 e->queue = ac;
3146 e->aifs = q->aifs;
3147 e->txop = cpu_to_le16(q->txop);
3148
3149 if (q->cw_min)
3150 e->cw_min = fls(q->cw_min);
3151 else
3152 e->cw_min = 5;
3153
3154 if (q->cw_max)
3155 e->cw_max = fls(q->cw_max);
3156 else
3157 e->cw_max = 10;
3158 }
3159
3160 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
3161 MCU_WM_UNI_CMD(EDCA_UPDATE), true);
3162}
3163
3164int mt7996_mcu_set_fcc5_lpn(struct mt7996_dev *dev, int val)
3165{
3166 struct {
3167 u8 _rsv[4];
3168
3169 __le16 tag;
3170 __le16 len;
3171
3172 __le32 ctrl;
3173 __le16 min_lpn;
3174 u8 rsv[2];
3175 } __packed req = {
3176 .tag = cpu_to_le16(UNI_RDD_CTRL_SET_TH),
3177 .len = cpu_to_le16(sizeof(req) - 4),
3178
3179 .ctrl = cpu_to_le32(0x1),
3180 .min_lpn = cpu_to_le16(val),
3181 };
3182
3183 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(RDD_CTRL),
3184 &req, sizeof(req), true);
3185}
3186
3187int mt7996_mcu_set_pulse_th(struct mt7996_dev *dev,
3188 const struct mt7996_dfs_pulse *pulse)
3189{
3190 struct {
3191 u8 _rsv[4];
3192
3193 __le16 tag;
3194 __le16 len;
3195
3196 __le32 ctrl;
3197
3198 __le32 max_width; /* us */
3199 __le32 max_pwr; /* dbm */
3200 __le32 min_pwr; /* dbm */
3201 __le32 min_stgr_pri; /* us */
3202 __le32 max_stgr_pri; /* us */
3203 __le32 min_cr_pri; /* us */
3204 __le32 max_cr_pri; /* us */
3205 } __packed req = {
3206 .tag = cpu_to_le16(UNI_RDD_CTRL_SET_TH),
3207 .len = cpu_to_le16(sizeof(req) - 4),
3208
3209 .ctrl = cpu_to_le32(0x3),
3210
3211#define __req_field(field) .field = cpu_to_le32(pulse->field)
3212 __req_field(max_width),
3213 __req_field(max_pwr),
3214 __req_field(min_pwr),
3215 __req_field(min_stgr_pri),
3216 __req_field(max_stgr_pri),
3217 __req_field(min_cr_pri),
3218 __req_field(max_cr_pri),
3219#undef __req_field
3220 };
3221
3222 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(RDD_CTRL),
3223 &req, sizeof(req), true);
3224}
3225
3226int mt7996_mcu_set_radar_th(struct mt7996_dev *dev, int index,
3227 const struct mt7996_dfs_pattern *pattern)
3228{
3229 struct {
3230 u8 _rsv[4];
3231
3232 __le16 tag;
3233 __le16 len;
3234
3235 __le32 ctrl;
3236 __le16 radar_type;
3237
3238 u8 enb;
3239 u8 stgr;
3240 u8 min_crpn;
3241 u8 max_crpn;
3242 u8 min_crpr;
3243 u8 min_pw;
3244 __le32 min_pri;
3245 __le32 max_pri;
3246 u8 max_pw;
3247 u8 min_crbn;
3248 u8 max_crbn;
3249 u8 min_stgpn;
3250 u8 max_stgpn;
3251 u8 min_stgpr;
3252 u8 rsv[2];
3253 __le32 min_stgpr_diff;
3254 } __packed req = {
3255 .tag = cpu_to_le16(UNI_RDD_CTRL_SET_TH),
3256 .len = cpu_to_le16(sizeof(req) - 4),
3257
3258 .ctrl = cpu_to_le32(0x2),
3259 .radar_type = cpu_to_le16(index),
3260
3261#define __req_field_u8(field) .field = pattern->field
3262#define __req_field_u32(field) .field = cpu_to_le32(pattern->field)
3263 __req_field_u8(enb),
3264 __req_field_u8(stgr),
3265 __req_field_u8(min_crpn),
3266 __req_field_u8(max_crpn),
3267 __req_field_u8(min_crpr),
3268 __req_field_u8(min_pw),
3269 __req_field_u32(min_pri),
3270 __req_field_u32(max_pri),
3271 __req_field_u8(max_pw),
3272 __req_field_u8(min_crbn),
3273 __req_field_u8(max_crbn),
3274 __req_field_u8(min_stgpn),
3275 __req_field_u8(max_stgpn),
3276 __req_field_u8(min_stgpr),
3277 __req_field_u32(min_stgpr_diff),
3278#undef __req_field_u8
3279#undef __req_field_u32
3280 };
3281
3282 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(RDD_CTRL),
3283 &req, sizeof(req), true);
3284}
3285
3286static int
3287mt7996_mcu_background_chain_ctrl(struct mt7996_phy *phy,
3288 struct cfg80211_chan_def *chandef,
3289 int cmd)
3290{
3291 struct mt7996_dev *dev = phy->dev;
3292 struct mt76_phy *mphy = phy->mt76;
3293 struct ieee80211_channel *chan = mphy->chandef.chan;
3294 int freq = mphy->chandef.center_freq1;
3295 struct mt7996_mcu_background_chain_ctrl req = {
3296 .tag = cpu_to_le16(0),
3297 .len = cpu_to_le16(sizeof(req) - 4),
3298 .monitor_scan_type = 2, /* simple rx */
3299 };
3300
3301 if (!chandef && cmd != CH_SWITCH_BACKGROUND_SCAN_STOP)
3302 return -EINVAL;
3303
3304 if (!cfg80211_chandef_valid(&mphy->chandef))
3305 return -EINVAL;
3306
3307 switch (cmd) {
3308 case CH_SWITCH_BACKGROUND_SCAN_START: {
3309 req.chan = chan->hw_value;
3310 req.central_chan = ieee80211_frequency_to_channel(freq);
3311 req.bw = mt76_connac_chan_bw(&mphy->chandef);
3312 req.monitor_chan = chandef->chan->hw_value;
3313 req.monitor_central_chan =
3314 ieee80211_frequency_to_channel(chandef->center_freq1);
3315 req.monitor_bw = mt76_connac_chan_bw(chandef);
3316 req.band_idx = phy->mt76->band_idx;
3317 req.scan_mode = 1;
3318 break;
3319 }
3320 case CH_SWITCH_BACKGROUND_SCAN_RUNNING:
3321 req.monitor_chan = chandef->chan->hw_value;
3322 req.monitor_central_chan =
3323 ieee80211_frequency_to_channel(chandef->center_freq1);
3324 req.band_idx = phy->mt76->band_idx;
3325 req.scan_mode = 2;
3326 break;
3327 case CH_SWITCH_BACKGROUND_SCAN_STOP:
3328 req.chan = chan->hw_value;
3329 req.central_chan = ieee80211_frequency_to_channel(freq);
3330 req.bw = mt76_connac_chan_bw(&mphy->chandef);
3331 req.tx_stream = hweight8(mphy->antenna_mask);
3332 req.rx_stream = mphy->antenna_mask;
3333 break;
3334 default:
3335 return -EINVAL;
3336 }
3337 req.band = chandef ? chandef->chan->band == NL80211_BAND_5GHZ : 1;
3338
3339 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(OFFCH_SCAN_CTRL),
3340 &req, sizeof(req), false);
3341}
3342
3343int mt7996_mcu_rdd_background_enable(struct mt7996_phy *phy,
3344 struct cfg80211_chan_def *chandef)
3345{
3346 struct mt7996_dev *dev = phy->dev;
3347 int err, region;
3348
3349 if (!chandef) { /* disable offchain */
3350 err = mt7996_mcu_rdd_cmd(dev, RDD_STOP, MT_RX_SEL2,
3351 0, 0);
3352 if (err)
3353 return err;
3354
3355 return mt7996_mcu_background_chain_ctrl(phy, NULL,
3356 CH_SWITCH_BACKGROUND_SCAN_STOP);
3357 }
3358
3359 err = mt7996_mcu_background_chain_ctrl(phy, chandef,
3360 CH_SWITCH_BACKGROUND_SCAN_START);
3361 if (err)
3362 return err;
3363
3364 switch (dev->mt76.region) {
3365 case NL80211_DFS_ETSI:
3366 region = 0;
3367 break;
3368 case NL80211_DFS_JP:
3369 region = 2;
3370 break;
3371 case NL80211_DFS_FCC:
3372 default:
3373 region = 1;
3374 break;
3375 }
3376
3377 return mt7996_mcu_rdd_cmd(dev, RDD_START, MT_RX_SEL2,
3378 0, region);
3379}
3380
3381int mt7996_mcu_set_chan_info(struct mt7996_phy *phy, u16 tag)
3382{
3383 static const u8 ch_band[] = {
3384 [NL80211_BAND_2GHZ] = 0,
3385 [NL80211_BAND_5GHZ] = 1,
3386 [NL80211_BAND_6GHZ] = 2,
3387 };
3388 struct mt7996_dev *dev = phy->dev;
3389 struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
3390 int freq1 = chandef->center_freq1;
3391 u8 band_idx = phy->mt76->band_idx;
3392 struct {
3393 /* fixed field */
3394 u8 __rsv[4];
3395
3396 __le16 tag;
3397 __le16 len;
3398 u8 control_ch;
3399 u8 center_ch;
3400 u8 bw;
3401 u8 tx_path_num;
3402 u8 rx_path; /* mask or num */
3403 u8 switch_reason;
3404 u8 band_idx;
3405 u8 center_ch2; /* for 80+80 only */
3406 __le16 cac_case;
3407 u8 channel_band;
3408 u8 rsv0;
3409 __le32 outband_freq;
3410 u8 txpower_drop;
3411 u8 ap_bw;
3412 u8 ap_center_ch;
3413 u8 rsv1[53];
3414 } __packed req = {
3415 .tag = cpu_to_le16(tag),
3416 .len = cpu_to_le16(sizeof(req) - 4),
3417 .control_ch = chandef->chan->hw_value,
3418 .center_ch = ieee80211_frequency_to_channel(freq1),
3419 .bw = mt76_connac_chan_bw(chandef),
3420 .tx_path_num = hweight16(phy->mt76->chainmask),
3421 .rx_path = mt7996_rx_chainmask(phy) >> dev->chainshift[band_idx],
3422 .band_idx = band_idx,
3423 .channel_band = ch_band[chandef->chan->band],
3424 };
3425
3426 if (phy->mt76->hw->conf.flags & IEEE80211_CONF_MONITOR)
3427 req.switch_reason = CH_SWITCH_NORMAL;
3428 else if (phy->mt76->hw->conf.flags & IEEE80211_CONF_OFFCHANNEL ||
3429 phy->mt76->hw->conf.flags & IEEE80211_CONF_IDLE)
3430 req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
3431 else if (!cfg80211_reg_can_beacon(phy->mt76->hw->wiphy, chandef,
3432 NL80211_IFTYPE_AP))
3433 req.switch_reason = CH_SWITCH_DFS;
3434 else
3435 req.switch_reason = CH_SWITCH_NORMAL;
3436
3437 if (tag == UNI_CHANNEL_SWITCH)
3438 req.rx_path = hweight8(req.rx_path);
3439
3440 if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
3441 int freq2 = chandef->center_freq2;
3442
3443 req.center_ch2 = ieee80211_frequency_to_channel(freq2);
3444 }
3445
3446 return mt76_mcu_send_msg(&dev->mt76, MCU_WMWA_UNI_CMD(CHANNEL_SWITCH),
3447 &req, sizeof(req), true);
3448}
3449
3450static int mt7996_mcu_set_eeprom_flash(struct mt7996_dev *dev)
3451{
3452#define MAX_PAGE_IDX_MASK GENMASK(7, 5)
3453#define PAGE_IDX_MASK GENMASK(4, 2)
3454#define PER_PAGE_SIZE 0x400
3455 struct mt7996_mcu_eeprom req = {
3456 .tag = cpu_to_le16(UNI_EFUSE_BUFFER_MODE),
3457 .buffer_mode = EE_MODE_BUFFER
3458 };
3459 u16 eeprom_size = MT7996_EEPROM_SIZE;
3460 u8 total = DIV_ROUND_UP(eeprom_size, PER_PAGE_SIZE);
3461 u8 *eep = (u8 *)dev->mt76.eeprom.data;
3462 int eep_len, i;
3463
3464 for (i = 0; i < total; i++, eep += eep_len) {
3465 struct sk_buff *skb;
3466 int ret, msg_len;
3467
3468 if (i == total - 1 && !!(eeprom_size % PER_PAGE_SIZE))
3469 eep_len = eeprom_size % PER_PAGE_SIZE;
3470 else
3471 eep_len = PER_PAGE_SIZE;
3472
3473 msg_len = sizeof(req) + eep_len;
3474 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, msg_len);
3475 if (!skb)
3476 return -ENOMEM;
3477
3478 req.len = cpu_to_le16(msg_len - 4);
3479 req.format = FIELD_PREP(MAX_PAGE_IDX_MASK, total - 1) |
3480 FIELD_PREP(PAGE_IDX_MASK, i) | EE_FORMAT_WHOLE;
3481 req.buf_len = cpu_to_le16(eep_len);
3482
3483 skb_put_data(skb, &req, sizeof(req));
3484 skb_put_data(skb, eep, eep_len);
3485
3486 ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
3487 MCU_WM_UNI_CMD(EFUSE_CTRL), true);
3488 if (ret)
3489 return ret;
3490 }
3491
3492 return 0;
3493}
3494
3495int mt7996_mcu_set_eeprom(struct mt7996_dev *dev)
3496{
3497 struct mt7996_mcu_eeprom req = {
3498 .tag = cpu_to_le16(UNI_EFUSE_BUFFER_MODE),
3499 .len = cpu_to_le16(sizeof(req) - 4),
3500 .buffer_mode = EE_MODE_EFUSE,
3501 .format = EE_FORMAT_WHOLE
3502 };
3503
3504 if (dev->flash_mode)
3505 return mt7996_mcu_set_eeprom_flash(dev);
3506
3507 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(EFUSE_CTRL),
3508 &req, sizeof(req), true);
3509}
3510
3511int mt7996_mcu_get_eeprom(struct mt7996_dev *dev, u32 offset)
3512{
3513 struct {
3514 u8 _rsv[4];
3515
3516 __le16 tag;
3517 __le16 len;
3518 __le32 addr;
3519 __le32 valid;
3520 u8 data[16];
3521 } __packed req = {
3522 .tag = cpu_to_le16(UNI_EFUSE_ACCESS),
3523 .len = cpu_to_le16(sizeof(req) - 4),
3524 .addr = cpu_to_le32(round_down(offset,
3525 MT7996_EEPROM_BLOCK_SIZE)),
3526 };
3527 struct sk_buff *skb;
3528 bool valid;
3529 int ret;
3530
3531 ret = mt76_mcu_send_and_get_msg(&dev->mt76,
3532 MCU_WM_UNI_CMD_QUERY(EFUSE_CTRL),
3533 &req, sizeof(req), true, &skb);
3534 if (ret)
3535 return ret;
3536
3537 valid = le32_to_cpu(*(__le32 *)(skb->data + 16));
3538 if (valid) {
3539 u32 addr = le32_to_cpu(*(__le32 *)(skb->data + 12));
3540 u8 *buf = (u8 *)dev->mt76.eeprom.data + addr;
3541
3542 skb_pull(skb, 64);
3543 memcpy(buf, skb->data, MT7996_EEPROM_BLOCK_SIZE);
3544 }
3545
3546 dev_kfree_skb(skb);
3547
3548 return 0;
3549}
3550
3551int mt7996_mcu_get_eeprom_free_block(struct mt7996_dev *dev, u8 *block_num)
3552{
3553 struct {
3554 u8 _rsv[4];
3555
3556 __le16 tag;
3557 __le16 len;
3558 u8 num;
3559 u8 version;
3560 u8 die_idx;
3561 u8 _rsv2;
3562 } __packed req = {
3563 .tag = cpu_to_le16(UNI_EFUSE_FREE_BLOCK),
3564 .len = cpu_to_le16(sizeof(req) - 4),
3565 .version = 2,
3566 };
3567 struct sk_buff *skb;
3568 int ret;
3569
3570 ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_WM_UNI_CMD_QUERY(EFUSE_CTRL), &req,
3571 sizeof(req), true, &skb);
3572 if (ret)
3573 return ret;
3574
3575 *block_num = *(u8 *)(skb->data + 8);
3576 dev_kfree_skb(skb);
3577
3578 return 0;
3579}
3580
3581int mt7996_mcu_get_chip_config(struct mt7996_dev *dev, u32 *cap)
3582{
3583#define NIC_CAP 3
3584#define UNI_EVENT_CHIP_CONFIG_EFUSE_VERSION 0x21
3585 struct {
3586 u8 _rsv[4];
3587
3588 __le16 tag;
3589 __le16 len;
3590 } __packed req = {
3591 .tag = cpu_to_le16(NIC_CAP),
3592 .len = cpu_to_le16(sizeof(req) - 4),
3593 };
3594 struct sk_buff *skb;
3595 u8 *buf;
3596 int ret;
3597
3598 ret = mt76_mcu_send_and_get_msg(&dev->mt76,
3599 MCU_WM_UNI_CMD_QUERY(CHIP_CONFIG), &req,
3600 sizeof(req), true, &skb);
3601 if (ret)
3602 return ret;
3603
3604 /* fixed field */
3605 skb_pull(skb, 4);
3606
3607 buf = skb->data;
3608 while (buf - skb->data < skb->len) {
3609 struct tlv *tlv = (struct tlv *)buf;
3610
3611 switch (le16_to_cpu(tlv->tag)) {
3612 case UNI_EVENT_CHIP_CONFIG_EFUSE_VERSION:
3613 *cap = le32_to_cpu(*(__le32 *)(buf + sizeof(*tlv)));
3614 break;
3615 default:
3616 break;
3617 }
3618
3619 buf += le16_to_cpu(tlv->len);
3620 }
3621
3622 dev_kfree_skb(skb);
3623
3624 return 0;
3625}
3626
3627int mt7996_mcu_get_chan_mib_info(struct mt7996_phy *phy, bool chan_switch)
3628{
3629 struct {
3630 struct {
3631 u8 band;
3632 u8 __rsv[3];
3633 } hdr;
3634 struct {
3635 __le16 tag;
3636 __le16 len;
3637 __le32 offs;
3638 } data[4];
3639 } __packed req = {
3640 .hdr.band = phy->mt76->band_idx,
3641 };
3642 /* strict order */
3643 static const u32 offs[] = {
3644 UNI_MIB_TX_TIME,
3645 UNI_MIB_RX_TIME,
3646 UNI_MIB_OBSS_AIRTIME,
3647 UNI_MIB_NON_WIFI_TIME,
3648 };
3649 struct mt76_channel_state *state = phy->mt76->chan_state;
3650 struct mt76_channel_state *state_ts = &phy->state_ts;
3651 struct mt7996_dev *dev = phy->dev;
3652 struct mt7996_mcu_mib *res;
3653 struct sk_buff *skb;
3654 int i, ret;
3655
3656 for (i = 0; i < 4; i++) {
3657 req.data[i].tag = cpu_to_le16(UNI_CMD_MIB_DATA);
3658 req.data[i].len = cpu_to_le16(sizeof(req.data[i]));
3659 req.data[i].offs = cpu_to_le32(offs[i]);
3660 }
3661
3662 ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_WM_UNI_CMD_QUERY(GET_MIB_INFO),
3663 &req, sizeof(req), true, &skb);
3664 if (ret)
3665 return ret;
3666
3667 skb_pull(skb, sizeof(req.hdr));
3668
3669 res = (struct mt7996_mcu_mib *)(skb->data);
3670
3671 if (chan_switch)
3672 goto out;
3673
3674#define __res_u64(s) le64_to_cpu(res[s].data)
3675 state->cc_tx += __res_u64(1) - state_ts->cc_tx;
3676 state->cc_bss_rx += __res_u64(2) - state_ts->cc_bss_rx;
3677 state->cc_rx += __res_u64(2) + __res_u64(3) - state_ts->cc_rx;
3678 state->cc_busy += __res_u64(0) + __res_u64(1) + __res_u64(2) + __res_u64(3) -
3679 state_ts->cc_busy;
3680
3681out:
3682 state_ts->cc_tx = __res_u64(1);
3683 state_ts->cc_bss_rx = __res_u64(2);
3684 state_ts->cc_rx = __res_u64(2) + __res_u64(3);
3685 state_ts->cc_busy = __res_u64(0) + __res_u64(1) + __res_u64(2) + __res_u64(3);
3686#undef __res_u64
3687
3688 dev_kfree_skb(skb);
3689
3690 return 0;
3691}
3692
3693int mt7996_mcu_get_temperature(struct mt7996_phy *phy)
3694{
3695#define TEMPERATURE_QUERY 0
3696#define GET_TEMPERATURE 0
3697 struct {
3698 u8 _rsv[4];
3699
3700 __le16 tag;
3701 __le16 len;
3702
3703 u8 rsv1;
3704 u8 action;
3705 u8 band_idx;
3706 u8 rsv2;
3707 } req = {
3708 .tag = cpu_to_le16(TEMPERATURE_QUERY),
3709 .len = cpu_to_le16(sizeof(req) - 4),
3710 .action = GET_TEMPERATURE,
3711 .band_idx = phy->mt76->band_idx,
3712 };
3713 struct mt7996_mcu_thermal {
3714 u8 _rsv[4];
3715
3716 __le16 tag;
3717 __le16 len;
3718
3719 __le32 rsv;
3720 __le32 temperature;
3721 } __packed * res;
3722 struct sk_buff *skb;
3723 int ret;
3724
3725 ret = mt76_mcu_send_and_get_msg(&phy->dev->mt76, MCU_WM_UNI_CMD(THERMAL),
3726 &req, sizeof(req), true, &skb);
3727 if (ret)
3728 return ret;
3729
3730 res = (void *)skb->data;
3731
3732 return le32_to_cpu(res->temperature);
3733}
3734
3735int mt7996_mcu_set_thermal_throttling(struct mt7996_phy *phy, u8 state)
3736{
3737 struct {
3738 u8 _rsv[4];
3739
3740 __le16 tag;
3741 __le16 len;
3742
3743 struct mt7996_mcu_thermal_ctrl ctrl;
3744 } __packed req = {
3745 .tag = cpu_to_le16(UNI_CMD_THERMAL_PROTECT_DUTY_CONFIG),
3746 .len = cpu_to_le16(sizeof(req) - 4),
3747 .ctrl = {
3748 .band_idx = phy->mt76->band_idx,
3749 },
3750 };
3751 int level, ret;
3752
3753 /* set duty cycle and level */
3754 for (level = 0; level < 4; level++) {
3755 req.ctrl.duty.duty_level = level;
3756 req.ctrl.duty.duty_cycle = state;
3757 state /= 2;
3758
3759 ret = mt76_mcu_send_msg(&phy->dev->mt76, MCU_WM_UNI_CMD(THERMAL),
3760 &req, sizeof(req), false);
3761 if (ret)
3762 return ret;
3763 }
3764
3765 return 0;
3766}
3767
3768int mt7996_mcu_set_thermal_protect(struct mt7996_phy *phy, bool enable)
3769{
3770#define SUSTAIN_PERIOD 10
3771 struct {
3772 u8 _rsv[4];
3773
3774 __le16 tag;
3775 __le16 len;
3776
3777 struct mt7996_mcu_thermal_ctrl ctrl;
3778 struct mt7996_mcu_thermal_enable enable;
3779 } __packed req = {
3780 .len = cpu_to_le16(sizeof(req) - 4 - sizeof(req.enable)),
3781 .ctrl = {
3782 .band_idx = phy->mt76->band_idx,
3783 .type.protect_type = 1,
3784 .type.trigger_type = 1,
3785 },
3786 };
3787 int ret;
3788
3789 req.tag = cpu_to_le16(UNI_CMD_THERMAL_PROTECT_DISABLE);
3790
3791 ret = mt76_mcu_send_msg(&phy->dev->mt76, MCU_WM_UNI_CMD(THERMAL),
3792 &req, sizeof(req) - sizeof(req.enable), false);
3793 if (ret || !enable)
3794 return ret;
3795
3796 /* set high-temperature trigger threshold */
3797 req.tag = cpu_to_le16(UNI_CMD_THERMAL_PROTECT_ENABLE);
3798 req.enable.restore_temp = cpu_to_le32(phy->throttle_temp[0]);
3799 req.enable.trigger_temp = cpu_to_le32(phy->throttle_temp[1]);
3800 req.enable.sustain_time = cpu_to_le16(SUSTAIN_PERIOD);
3801
3802 req.len = cpu_to_le16(sizeof(req) - 4);
3803
3804 return mt76_mcu_send_msg(&phy->dev->mt76, MCU_WM_UNI_CMD(THERMAL),
3805 &req, sizeof(req), false);
3806}
3807
3808int mt7996_mcu_set_ser(struct mt7996_dev *dev, u8 action, u8 val, u8 band)
3809{
3810 struct {
3811 u8 rsv[4];
3812
3813 __le16 tag;
3814 __le16 len;
3815
3816 union {
3817 struct {
3818 __le32 mask;
3819 } __packed set;
3820
3821 struct {
3822 u8 method;
3823 u8 band;
3824 u8 rsv2[2];
3825 } __packed trigger;
3826 };
3827 } __packed req = {
3828 .tag = cpu_to_le16(action),
3829 .len = cpu_to_le16(sizeof(req) - 4),
3830 };
3831
3832 switch (action) {
3833 case UNI_CMD_SER_SET:
3834 req.set.mask = cpu_to_le32(val);
3835 break;
3836 case UNI_CMD_SER_TRIGGER:
3837 req.trigger.method = val;
3838 req.trigger.band = band;
3839 break;
3840 default:
3841 return -EINVAL;
3842 }
3843
3844 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(SER),
3845 &req, sizeof(req), false);
3846}
3847
3848int mt7996_mcu_set_txbf(struct mt7996_dev *dev, u8 action)
3849{
3850#define MT7996_BF_MAX_SIZE sizeof(union bf_tag_tlv)
3851#define BF_PROCESSING 4
3852 struct uni_header hdr;
3853 struct sk_buff *skb;
3854 struct tlv *tlv;
3855 int len = sizeof(hdr) + MT7996_BF_MAX_SIZE;
3856
3857 memset(&hdr, 0, sizeof(hdr));
3858
3859 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
3860 if (!skb)
3861 return -ENOMEM;
3862
3863 skb_put_data(skb, &hdr, sizeof(hdr));
3864
3865 switch (action) {
3866 case BF_SOUNDING_ON: {
3867 struct bf_sounding_on *req_snd_on;
3868
3869 tlv = mt7996_mcu_add_uni_tlv(skb, action, sizeof(*req_snd_on));
3870 req_snd_on = (struct bf_sounding_on *)tlv;
3871 req_snd_on->snd_mode = BF_PROCESSING;
3872 break;
3873 }
3874 case BF_HW_EN_UPDATE: {
3875 struct bf_hw_en_status_update *req_hw_en;
3876
3877 tlv = mt7996_mcu_add_uni_tlv(skb, action, sizeof(*req_hw_en));
3878 req_hw_en = (struct bf_hw_en_status_update *)tlv;
3879 req_hw_en->ebf = true;
3880 req_hw_en->ibf = dev->ibf;
3881 break;
3882 }
3883 case BF_MOD_EN_CTRL: {
3884 struct bf_mod_en_ctrl *req_mod_en;
3885
3886 tlv = mt7996_mcu_add_uni_tlv(skb, action, sizeof(*req_mod_en));
3887 req_mod_en = (struct bf_mod_en_ctrl *)tlv;
3888 req_mod_en->bf_num = 3;
3889 req_mod_en->bf_bitmap = GENMASK(2, 0);
3890 break;
3891 }
3892 default:
3893 return -EINVAL;
3894 }
3895
3896 return mt76_mcu_skb_send_msg(&dev->mt76, skb, MCU_WM_UNI_CMD(BF), true);
3897}
3898
3899static int
3900mt7996_mcu_enable_obss_spr(struct mt7996_phy *phy, u16 action, u8 val)
3901{
3902 struct mt7996_dev *dev = phy->dev;
3903 struct {
3904 u8 band_idx;
3905 u8 __rsv[3];
3906
3907 __le16 tag;
3908 __le16 len;
3909
3910 __le32 val;
3911 } __packed req = {
3912 .band_idx = phy->mt76->band_idx,
3913 .tag = cpu_to_le16(action),
3914 .len = cpu_to_le16(sizeof(req) - 4),
3915 .val = cpu_to_le32(val),
3916 };
3917
3918 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(SR),
3919 &req, sizeof(req), true);
3920}
3921
3922static int
3923mt7996_mcu_set_obss_spr_pd(struct mt7996_phy *phy,
3924 struct ieee80211_he_obss_pd *he_obss_pd)
3925{
3926 struct mt7996_dev *dev = phy->dev;
3927 u8 max_th = 82, non_srg_max_th = 62;
3928 struct {
3929 u8 band_idx;
3930 u8 __rsv[3];
3931
3932 __le16 tag;
3933 __le16 len;
3934
3935 u8 pd_th_non_srg;
3936 u8 pd_th_srg;
3937 u8 period_offs;
3938 u8 rcpi_src;
3939 __le16 obss_pd_min;
3940 __le16 obss_pd_min_srg;
3941 u8 resp_txpwr_mode;
3942 u8 txpwr_restrict_mode;
3943 u8 txpwr_ref;
3944 u8 __rsv2[3];
3945 } __packed req = {
3946 .band_idx = phy->mt76->band_idx,
3947 .tag = cpu_to_le16(UNI_CMD_SR_SET_PARAM),
3948 .len = cpu_to_le16(sizeof(req) - 4),
3949 .obss_pd_min = cpu_to_le16(max_th),
3950 .obss_pd_min_srg = cpu_to_le16(max_th),
3951 .txpwr_restrict_mode = 2,
3952 .txpwr_ref = 21
3953 };
3954 int ret;
3955
3956 /* disable firmware dynamical PD asjustment */
3957 ret = mt7996_mcu_enable_obss_spr(phy, UNI_CMD_SR_ENABLE_DPD, false);
3958 if (ret)
3959 return ret;
3960
3961 if (he_obss_pd->sr_ctrl &
3962 IEEE80211_HE_SPR_NON_SRG_OBSS_PD_SR_DISALLOWED)
3963 req.pd_th_non_srg = max_th;
3964 else if (he_obss_pd->sr_ctrl & IEEE80211_HE_SPR_NON_SRG_OFFSET_PRESENT)
3965 req.pd_th_non_srg = max_th - he_obss_pd->non_srg_max_offset;
3966 else
3967 req.pd_th_non_srg = non_srg_max_th;
3968
3969 if (he_obss_pd->sr_ctrl & IEEE80211_HE_SPR_SRG_INFORMATION_PRESENT)
3970 req.pd_th_srg = max_th - he_obss_pd->max_offset;
3971
3972 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(SR),
3973 &req, sizeof(req), true);
3974}
3975
3976static int
3977mt7996_mcu_set_obss_spr_siga(struct mt7996_phy *phy, struct ieee80211_vif *vif,
3978 struct ieee80211_he_obss_pd *he_obss_pd)
3979{
3980 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
3981 struct mt7996_dev *dev = phy->dev;
3982 u8 omac = mvif->mt76.omac_idx;
3983 struct {
3984 u8 band_idx;
3985 u8 __rsv[3];
3986
3987 __le16 tag;
3988 __le16 len;
3989
3990 u8 omac;
3991 u8 __rsv2[3];
3992 u8 flag[20];
3993 } __packed req = {
3994 .band_idx = phy->mt76->band_idx,
3995 .tag = cpu_to_le16(UNI_CMD_SR_SET_SIGA),
3996 .len = cpu_to_le16(sizeof(req) - 4),
3997 .omac = omac > HW_BSSID_MAX ? omac - 12 : omac,
3998 };
3999 int ret;
4000
4001 if (he_obss_pd->sr_ctrl & IEEE80211_HE_SPR_HESIGA_SR_VAL15_ALLOWED)
4002 req.flag[req.omac] = 0xf;
4003 else
4004 return 0;
4005
4006 /* switch to normal AP mode */
4007 ret = mt7996_mcu_enable_obss_spr(phy, UNI_CMD_SR_ENABLE_MODE, 0);
4008 if (ret)
4009 return ret;
4010
4011 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(SR),
4012 &req, sizeof(req), true);
4013}
4014
4015static int
4016mt7996_mcu_set_obss_spr_bitmap(struct mt7996_phy *phy,
4017 struct ieee80211_he_obss_pd *he_obss_pd)
4018{
4019 struct mt7996_dev *dev = phy->dev;
4020 struct {
4021 u8 band_idx;
4022 u8 __rsv[3];
4023
4024 __le16 tag;
4025 __le16 len;
4026
4027 __le32 color_l[2];
4028 __le32 color_h[2];
4029 __le32 bssid_l[2];
4030 __le32 bssid_h[2];
4031 } __packed req = {
4032 .band_idx = phy->mt76->band_idx,
4033 .tag = cpu_to_le16(UNI_CMD_SR_SET_SRG_BITMAP),
4034 .len = cpu_to_le16(sizeof(req) - 4),
4035 };
4036 u32 bitmap;
4037
4038 memcpy(&bitmap, he_obss_pd->bss_color_bitmap, sizeof(bitmap));
4039 req.color_l[req.band_idx] = cpu_to_le32(bitmap);
4040
4041 memcpy(&bitmap, he_obss_pd->bss_color_bitmap + 4, sizeof(bitmap));
4042 req.color_h[req.band_idx] = cpu_to_le32(bitmap);
4043
4044 memcpy(&bitmap, he_obss_pd->partial_bssid_bitmap, sizeof(bitmap));
4045 req.bssid_l[req.band_idx] = cpu_to_le32(bitmap);
4046
4047 memcpy(&bitmap, he_obss_pd->partial_bssid_bitmap + 4, sizeof(bitmap));
4048 req.bssid_h[req.band_idx] = cpu_to_le32(bitmap);
4049
4050 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(SR), &req,
4051 sizeof(req), true);
4052}
4053
4054int mt7996_mcu_add_obss_spr(struct mt7996_phy *phy, struct ieee80211_vif *vif,
4055 struct ieee80211_he_obss_pd *he_obss_pd)
4056{
4057 int ret;
4058
4059 /* enable firmware scene detection algorithms */
4060 ret = mt7996_mcu_enable_obss_spr(phy, UNI_CMD_SR_ENABLE_SD,
4061 sr_scene_detect);
4062 if (ret)
4063 return ret;
4064
4065 /* firmware dynamically adjusts PD threshold so skip manual control */
4066 if (sr_scene_detect && !he_obss_pd->enable)
4067 return 0;
4068
4069 /* enable spatial reuse */
4070 ret = mt7996_mcu_enable_obss_spr(phy, UNI_CMD_SR_ENABLE,
4071 he_obss_pd->enable);
4072 if (ret)
4073 return ret;
4074
4075 if (sr_scene_detect || !he_obss_pd->enable)
4076 return 0;
4077
4078 ret = mt7996_mcu_enable_obss_spr(phy, UNI_CMD_SR_ENABLE_TX, true);
4079 if (ret)
4080 return ret;
4081
4082 /* set SRG/non-SRG OBSS PD threshold */
4083 ret = mt7996_mcu_set_obss_spr_pd(phy, he_obss_pd);
4084 if (ret)
4085 return ret;
4086
4087 /* Set SR prohibit */
4088 ret = mt7996_mcu_set_obss_spr_siga(phy, vif, he_obss_pd);
4089 if (ret)
4090 return ret;
4091
4092 /* set SRG BSS color/BSSID bitmap */
4093 return mt7996_mcu_set_obss_spr_bitmap(phy, he_obss_pd);
4094}
4095
4096int mt7996_mcu_update_bss_color(struct mt7996_dev *dev, struct ieee80211_vif *vif,
4097 struct cfg80211_he_bss_color *he_bss_color)
4098{
4099 int len = sizeof(struct bss_req_hdr) + sizeof(struct bss_color_tlv);
4100 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
4101 struct bss_color_tlv *bss_color;
4102 struct sk_buff *skb;
4103 struct tlv *tlv;
4104
4105 skb = __mt7996_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76, len);
4106 if (IS_ERR(skb))
4107 return PTR_ERR(skb);
4108
4109 tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_BSS_COLOR,
4110 sizeof(*bss_color));
4111 bss_color = (struct bss_color_tlv *)tlv;
4112 bss_color->enable = he_bss_color->enabled;
4113 bss_color->color = he_bss_color->color;
4114
4115 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
4116 MCU_WMWA_UNI_CMD(BSS_INFO_UPDATE), true);
4117}
4118
4119#define TWT_AGRT_TRIGGER BIT(0)
4120#define TWT_AGRT_ANNOUNCE BIT(1)
4121#define TWT_AGRT_PROTECT BIT(2)
4122
4123int mt7996_mcu_twt_agrt_update(struct mt7996_dev *dev,
4124 struct mt7996_vif *mvif,
4125 struct mt7996_twt_flow *flow,
4126 int cmd)
4127{
4128 struct {
4129 /* fixed field */
4130 u8 bss;
4131 u8 _rsv[3];
4132
4133 __le16 tag;
4134 __le16 len;
4135 u8 tbl_idx;
4136 u8 cmd;
4137 u8 own_mac_idx;
4138 u8 flowid; /* 0xff for group id */
4139 __le16 peer_id; /* specify the peer_id (msb=0)
4140 * or group_id (msb=1)
4141 */
4142 u8 duration; /* 256 us */
4143 u8 bss_idx;
4144 __le64 start_tsf;
4145 __le16 mantissa;
4146 u8 exponent;
4147 u8 is_ap;
4148 u8 agrt_params;
4149 u8 __rsv2[23];
4150 } __packed req = {
4151 .tag = cpu_to_le16(UNI_CMD_TWT_ARGT_UPDATE),
4152 .len = cpu_to_le16(sizeof(req) - 4),
4153 .tbl_idx = flow->table_id,
4154 .cmd = cmd,
4155 .own_mac_idx = mvif->mt76.omac_idx,
4156 .flowid = flow->id,
4157 .peer_id = cpu_to_le16(flow->wcid),
4158 .duration = flow->duration,
4159 .bss = mvif->mt76.idx,
4160 .bss_idx = mvif->mt76.idx,
4161 .start_tsf = cpu_to_le64(flow->tsf),
4162 .mantissa = flow->mantissa,
4163 .exponent = flow->exp,
4164 .is_ap = true,
4165 };
4166
4167 if (flow->protection)
4168 req.agrt_params |= TWT_AGRT_PROTECT;
4169 if (!flow->flowtype)
4170 req.agrt_params |= TWT_AGRT_ANNOUNCE;
4171 if (flow->trigger)
4172 req.agrt_params |= TWT_AGRT_TRIGGER;
4173
4174 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(TWT),
4175 &req, sizeof(req), true);
4176}
4177
4178int mt7996_mcu_set_rts_thresh(struct mt7996_phy *phy, u32 val)
4179{
4180 struct {
4181 u8 band_idx;
4182 u8 _rsv[3];
4183
4184 __le16 tag;
4185 __le16 len;
4186 __le32 len_thresh;
4187 __le32 pkt_thresh;
4188 } __packed req = {
4189 .band_idx = phy->mt76->band_idx,
4190 .tag = cpu_to_le16(UNI_BAND_CONFIG_RTS_THRESHOLD),
4191 .len = cpu_to_le16(sizeof(req) - 4),
4192 .len_thresh = cpu_to_le32(val),
4193 .pkt_thresh = cpu_to_le32(0x2),
4194 };
4195
4196 return mt76_mcu_send_msg(&phy->dev->mt76, MCU_WM_UNI_CMD(BAND_CONFIG),
4197 &req, sizeof(req), true);
4198}
4199
4200int mt7996_mcu_set_radio_en(struct mt7996_phy *phy, bool enable)
4201{
4202 struct {
4203 u8 band_idx;
4204 u8 _rsv[3];
4205
4206 __le16 tag;
4207 __le16 len;
4208 u8 enable;
4209 u8 _rsv2[3];
4210 } __packed req = {
4211 .band_idx = phy->mt76->band_idx,
4212 .tag = cpu_to_le16(UNI_BAND_CONFIG_RADIO_ENABLE),
4213 .len = cpu_to_le16(sizeof(req) - 4),
4214 .enable = enable,
4215 };
4216
4217 return mt76_mcu_send_msg(&phy->dev->mt76, MCU_WM_UNI_CMD(BAND_CONFIG),
4218 &req, sizeof(req), true);
4219}
4220
4221int mt7996_mcu_rdd_cmd(struct mt7996_dev *dev, int cmd, u8 index,
4222 u8 rx_sel, u8 val)
4223{
4224 struct {
4225 u8 _rsv[4];
4226
4227 __le16 tag;
4228 __le16 len;
4229
4230 u8 ctrl;
4231 u8 rdd_idx;
4232 u8 rdd_rx_sel;
4233 u8 val;
4234 u8 rsv[4];
4235 } __packed req = {
4236 .tag = cpu_to_le16(UNI_RDD_CTRL_PARM),
4237 .len = cpu_to_le16(sizeof(req) - 4),
4238 .ctrl = cmd,
4239 .rdd_idx = index,
4240 .rdd_rx_sel = rx_sel,
4241 .val = val,
4242 };
4243
4244 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(RDD_CTRL),
4245 &req, sizeof(req), true);
4246}
4247
4248int mt7996_mcu_wtbl_update_hdr_trans(struct mt7996_dev *dev,
4249 struct ieee80211_vif *vif,
4250 struct ieee80211_sta *sta)
4251{
4252 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
4253 struct mt7996_sta *msta;
4254 struct sk_buff *skb;
4255
4256 msta = sta ? (struct mt7996_sta *)sta->drv_priv : &mvif->sta;
4257
4258 skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
4259 &msta->wcid,
4260 MT7996_STA_UPDATE_MAX_SIZE);
4261 if (IS_ERR(skb))
4262 return PTR_ERR(skb);
4263
4264 /* starec hdr trans */
4265 mt7996_mcu_sta_hdr_trans_tlv(dev, skb, vif, sta);
4266 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
4267 MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
4268}
4269
4270int mt7996_mcu_set_fixed_rate_table(struct mt7996_phy *phy, u8 table_idx,
4271 u16 rate_idx, bool beacon)
4272{
4273#define UNI_FIXED_RATE_TABLE_SET 0
4274#define SPE_IXD_SELECT_TXD 0
4275#define SPE_IXD_SELECT_BMC_WTBL 1
4276 struct mt7996_dev *dev = phy->dev;
4277 struct fixed_rate_table_ctrl req = {
4278 .tag = cpu_to_le16(UNI_FIXED_RATE_TABLE_SET),
4279 .len = cpu_to_le16(sizeof(req) - 4),
4280 .table_idx = table_idx,
4281 .rate_idx = cpu_to_le16(rate_idx),
4282 .gi = 1,
4283 .he_ltf = 1,
4284 };
4285 u8 band_idx = phy->mt76->band_idx;
4286
4287 if (beacon) {
4288 req.spe_idx_sel = SPE_IXD_SELECT_TXD;
4289 req.spe_idx = 24 + band_idx;
4290 phy->beacon_rate = rate_idx;
4291 } else {
4292 req.spe_idx_sel = SPE_IXD_SELECT_BMC_WTBL;
4293 }
4294
4295 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(FIXED_RATE_TABLE),
4296 &req, sizeof(req), false);
4297}
4298
4299int mt7996_mcu_rf_regval(struct mt7996_dev *dev, u32 regidx, u32 *val, bool set)
4300{
4301 struct {
4302 u8 __rsv1[4];
4303
4304 __le16 tag;
4305 __le16 len;
4306 __le16 idx;
4307 u8 __rsv2[2];
4308 __le32 ofs;
4309 __le32 data;
4310 } __packed *res, req = {
4311 .tag = cpu_to_le16(UNI_CMD_ACCESS_RF_REG_BASIC),
4312 .len = cpu_to_le16(sizeof(req) - 4),
4313
4314 .idx = cpu_to_le16(u32_get_bits(regidx, GENMASK(31, 24))),
4315 .ofs = cpu_to_le32(u32_get_bits(regidx, GENMASK(23, 0))),
4316 .data = set ? cpu_to_le32(*val) : 0,
4317 };
4318 struct sk_buff *skb;
4319 int ret;
4320
4321 if (set)
4322 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(REG_ACCESS),
4323 &req, sizeof(req), true);
4324
4325 ret = mt76_mcu_send_and_get_msg(&dev->mt76,
4326 MCU_WM_UNI_CMD_QUERY(REG_ACCESS),
4327 &req, sizeof(req), true, &skb);
4328 if (ret)
4329 return ret;
4330
4331 res = (void *)skb->data;
4332 *val = le32_to_cpu(res->data);
4333 dev_kfree_skb(skb);
4334
4335 return 0;
4336}
4337
4338int mt7996_mcu_trigger_assert(struct mt7996_dev *dev)
4339{
4340 struct {
4341 __le16 tag;
4342 __le16 len;
4343 u8 enable;
4344 u8 rsv[3];
4345 } __packed req = {
4346 .len = cpu_to_le16(sizeof(req) - 4),
4347 .enable = true,
4348 };
4349
4350 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(ASSERT_DUMP),
4351 &req, sizeof(req), false);
4352}
4353
4354int mt7996_mcu_set_rro(struct mt7996_dev *dev, u16 tag, u16 val)
4355{
4356 struct {
4357 u8 __rsv1[4];
4358 __le16 tag;
4359 __le16 len;
4360 union {
4361 struct {
4362 u8 type;
4363 u8 __rsv2[3];
4364 } __packed platform_type;
4365 struct {
4366 u8 type;
4367 u8 dest;
4368 u8 __rsv2[2];
4369 } __packed bypass_mode;
4370 struct {
4371 u8 path;
4372 u8 __rsv2[3];
4373 } __packed txfree_path;
4374 struct {
4375 __le16 flush_one;
4376 __le16 flush_all;
4377 u8 __rsv2[4];
4378 } __packed timeout;
4379 };
4380 } __packed req = {
4381 .tag = cpu_to_le16(tag),
4382 .len = cpu_to_le16(sizeof(req) - 4),
4383 };
4384
4385 switch (tag) {
4386 case UNI_RRO_SET_PLATFORM_TYPE:
4387 req.platform_type.type = val;
4388 break;
4389 case UNI_RRO_SET_BYPASS_MODE:
4390 req.bypass_mode.type = val;
4391 break;
4392 case UNI_RRO_SET_TXFREE_PATH:
4393 req.txfree_path.path = val;
4394 break;
4395 case UNI_RRO_SET_FLUSH_TIMEOUT:
4396 req.timeout.flush_one = cpu_to_le16(val);
4397 req.timeout.flush_all = cpu_to_le16(2 * val);
4398 break;
4399 default:
4400 return -EINVAL;
4401 }
4402
4403 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(RRO), &req,
4404 sizeof(req), true);
4405}
4406
4407int mt7996_mcu_get_all_sta_info(struct mt7996_phy *phy, u16 tag)
4408{
4409 struct mt7996_dev *dev = phy->dev;
4410 struct {
4411 u8 _rsv[4];
4412
4413 __le16 tag;
4414 __le16 len;
4415 } __packed req = {
4416 .tag = cpu_to_le16(tag),
4417 .len = cpu_to_le16(sizeof(req) - 4),
4418 };
4419
4420 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(ALL_STA_INFO),
4421 &req, sizeof(req), false);
4422}
4423
4424int mt7996_mcu_wed_rro_reset_sessions(struct mt7996_dev *dev, u16 id)
4425{
4426 struct {
4427 u8 __rsv[4];
4428
4429 __le16 tag;
4430 __le16 len;
4431 __le16 session_id;
4432 u8 pad[4];
4433 } __packed req = {
4434 .tag = cpu_to_le16(UNI_RRO_DEL_BA_SESSION),
4435 .len = cpu_to_le16(sizeof(req) - 4),
4436 .session_id = cpu_to_le16(id),
4437 };
4438
4439 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(RRO), &req,
4440 sizeof(req), true);
4441}
4442
4443int mt7996_mcu_set_txpower_sku(struct mt7996_phy *phy)
4444{
4445#define TX_POWER_LIMIT_TABLE_RATE 0
4446 struct mt7996_dev *dev = phy->dev;
4447 struct mt76_phy *mphy = phy->mt76;
4448 struct ieee80211_hw *hw = mphy->hw;
4449 struct tx_power_limit_table_ctrl {
4450 u8 __rsv1[4];
4451
4452 __le16 tag;
4453 __le16 len;
4454 u8 power_ctrl_id;
4455 u8 power_limit_type;
4456 u8 band_idx;
4457 } __packed req = {
4458 .tag = cpu_to_le16(UNI_TXPOWER_POWER_LIMIT_TABLE_CTRL),
4459 .len = cpu_to_le16(sizeof(req) + MT7996_SKU_RATE_NUM - 4),
4460 .power_ctrl_id = UNI_TXPOWER_POWER_LIMIT_TABLE_CTRL,
4461 .power_limit_type = TX_POWER_LIMIT_TABLE_RATE,
4462 .band_idx = phy->mt76->band_idx,
4463 };
4464 struct mt76_power_limits la = {};
4465 struct sk_buff *skb;
4466 int i, tx_power;
4467
4468 tx_power = mt7996_get_power_bound(phy, hw->conf.power_level);
4469 tx_power = mt76_get_rate_power_limits(mphy, mphy->chandef.chan,
4470 &la, tx_power);
4471 mphy->txpower_cur = tx_power;
4472
4473 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL,
4474 sizeof(req) + MT7996_SKU_RATE_NUM);
4475 if (!skb)
4476 return -ENOMEM;
4477
4478 skb_put_data(skb, &req, sizeof(req));
4479 /* cck and ofdm */
4480 skb_put_data(skb, &la.cck, sizeof(la.cck));
4481 skb_put_data(skb, &la.ofdm, sizeof(la.ofdm));
4482 /* ht20 */
4483 skb_put_data(skb, &la.mcs[0], 8);
4484 /* ht40 */
4485 skb_put_data(skb, &la.mcs[1], 9);
4486
4487 /* vht */
4488 for (i = 0; i < 4; i++) {
4489 skb_put_data(skb, &la.mcs[i], sizeof(la.mcs[i]));
4490 skb_put_zero(skb, 2); /* padding */
4491 }
4492
4493 /* he */
4494 skb_put_data(skb, &la.ru[0], sizeof(la.ru));
4495 /* eht */
4496 skb_put_data(skb, &la.eht[0], sizeof(la.eht));
4497
4498 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
4499 MCU_WM_UNI_CMD(TXPOWER), true);
4500}