Gitiles
Code Review Sign In
git01.mediatek.com / openwrt / feeds / mtk-openwrt-feeds / e1abd052b80ce847f649ca2f0112363956819684 / . / autobuild_mac80211_release / mt7988_mt7996_mac80211 / package / kernel / mt76 / src / mt7996 / mcu.c
blob: d410fa7fd4720dde6363c966992a70f7e071a20e [file] [log] [blame]
developer0f312e82022-11-01 12:31:52 +0800[diff] [blame]1// SPDX-License-Identifier: ISC
2/*
3 * Copyright (C) 2022 MediaTek Inc.
4 */
5
6#include <linux/firmware.h>
7#include <linux/fs.h>
8#include "mt7996.h"
9#include "mcu.h"
10#include "mac.h"
11#include "eeprom.h"
12
13struct mt7996_patch_hdr {
14 char build_date[16];
15 char platform[4];
16 __be32 hw_sw_ver;
17 __be32 patch_ver;
18 __be16 checksum;
19 u16 reserved;
20 struct {
21 __be32 patch_ver;
22 __be32 subsys;
23 __be32 feature;
24 __be32 n_region;
25 __be32 crc;
26 u32 reserved[11];
27 } desc;
28} __packed;
29
30struct mt7996_patch_sec {
31 __be32 type;
32 __be32 offs;
33 __be32 size;
34 union {
35 __be32 spec[13];
36 struct {
37 __be32 addr;
38 __be32 len;
39 __be32 sec_key_idx;
40 __be32 align_len;
41 u32 reserved[9];
42 } info;
43 };
44} __packed;
45
46struct mt7996_fw_trailer {
47 u8 chip_id;
48 u8 eco_code;
49 u8 n_region;
50 u8 format_ver;
51 u8 format_flag;
52 u8 reserved[2];
53 char fw_ver[10];
54 char build_date[15];
55 u32 crc;
56} __packed;
57
58struct mt7996_fw_region {
59 __le32 decomp_crc;
60 __le32 decomp_len;
61 __le32 decomp_blk_sz;
62 u8 reserved[4];
63 __le32 addr;
64 __le32 len;
65 u8 feature_set;
66 u8 reserved1[15];
67} __packed;
68
69#define MCU_PATCH_ADDRESS 0x200000
70
71#define HE_PHY(p, c) u8_get_bits(c, IEEE80211_HE_PHY_##p)
72#define HE_MAC(m, c) u8_get_bits(c, IEEE80211_HE_MAC_##m)
73
74static u8
75mt7996_mcu_get_sta_nss(u16 mcs_map)
76{
77 u8 nss;
78
79 for (nss = 8; nss > 0; nss--) {
80 u8 nss_mcs = (mcs_map >> (2 * (nss - 1))) & 3;
81
82 if (nss_mcs != IEEE80211_VHT_MCS_NOT_SUPPORTED)
83 break;
84 }
85
86 return nss - 1;
87}
88
89static void
90mt7996_mcu_set_sta_he_mcs(struct ieee80211_sta *sta, __le16 *he_mcs,
91 u16 mcs_map)
92{
93 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
94 enum nl80211_band band = msta->vif->phy->mt76->chandef.chan->band;
95 const u16 *mask = msta->vif->bitrate_mask.control[band].he_mcs;
96 int nss, max_nss = sta->rx_nss > 3 ? 4 : sta->rx_nss;
97
98 for (nss = 0; nss < max_nss; nss++) {
99 int mcs;
100
101 switch ((mcs_map >> (2 * nss)) & 0x3) {
102 case IEEE80211_HE_MCS_SUPPORT_0_11:
103 mcs = GENMASK(11, 0);
104 break;
105 case IEEE80211_HE_MCS_SUPPORT_0_9:
106 mcs = GENMASK(9, 0);
107 break;
108 case IEEE80211_HE_MCS_SUPPORT_0_7:
109 mcs = GENMASK(7, 0);
110 break;
111 default:
112 mcs = 0;
113 }
114
115 mcs = mcs ? fls(mcs & mask[nss]) - 1 : -1;
116
117 switch (mcs) {
118 case 0 ... 7:
119 mcs = IEEE80211_HE_MCS_SUPPORT_0_7;
120 break;
121 case 8 ... 9:
122 mcs = IEEE80211_HE_MCS_SUPPORT_0_9;
123 break;
124 case 10 ... 11:
125 mcs = IEEE80211_HE_MCS_SUPPORT_0_11;
126 break;
127 default:
128 mcs = IEEE80211_HE_MCS_NOT_SUPPORTED;
129 break;
130 }
131 mcs_map &= ~(0x3 << (nss * 2));
132 mcs_map |= mcs << (nss * 2);
133 }
134
135 *he_mcs = cpu_to_le16(mcs_map);
136}
137
138static void
139mt7996_mcu_set_sta_vht_mcs(struct ieee80211_sta *sta, __le16 *vht_mcs,
140 const u16 *mask)
141{
142 u16 mcs, mcs_map = le16_to_cpu(sta->vht_cap.vht_mcs.rx_mcs_map);
143 int nss, max_nss = sta->rx_nss > 3 ? 4 : sta->rx_nss;
144
145 for (nss = 0; nss < max_nss; nss++, mcs_map >>= 2) {
146 switch (mcs_map & 0x3) {
147 case IEEE80211_VHT_MCS_SUPPORT_0_9:
148 mcs = GENMASK(9, 0);
149 break;
150 case IEEE80211_VHT_MCS_SUPPORT_0_8:
151 mcs = GENMASK(8, 0);
152 break;
153 case IEEE80211_VHT_MCS_SUPPORT_0_7:
154 mcs = GENMASK(7, 0);
155 break;
156 default:
157 mcs = 0;
158 }
159
160 vht_mcs[nss] = cpu_to_le16(mcs & mask[nss]);
161 }
162}
163
164static void
165mt7996_mcu_set_sta_ht_mcs(struct ieee80211_sta *sta, u8 *ht_mcs,
166 const u8 *mask)
167{
168 int nss, max_nss = sta->rx_nss > 3 ? 4 : sta->rx_nss;
169
170 for (nss = 0; nss < max_nss; nss++)
171 ht_mcs[nss] = sta->ht_cap.mcs.rx_mask[nss] & mask[nss];
172}
173
174static int
175mt7996_mcu_parse_response(struct mt76_dev *mdev, int cmd,
176 struct sk_buff *skb, int seq)
177{
178 struct mt7996_mcu_rxd *rxd;
179 struct mt7996_mcu_uni_event *event;
180 int mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
181 int ret = 0;
182
183 if (!skb) {
184 dev_err(mdev->dev, "Message %08x (seq %d) timeout\n",
185 cmd, seq);
186 return -ETIMEDOUT;
187 }
188
189 rxd = (struct mt7996_mcu_rxd *)skb->data;
190 if (seq != rxd->seq)
191 return -EAGAIN;
192
193 if (cmd == MCU_CMD(PATCH_SEM_CONTROL)) {
194 skb_pull(skb, sizeof(*rxd) - 4);
195 ret = *skb->data;
196 } else if ((rxd->option & MCU_UNI_CMD_EVENT) &&
197 rxd->eid == MCU_UNI_EVENT_RESULT) {
198 skb_pull(skb, sizeof(*rxd));
199 event = (struct mt7996_mcu_uni_event *)skb->data;
200 ret = le32_to_cpu(event->status);
201 /* skip invalid event */
202 if (mcu_cmd != event->cid)
203 ret = -EAGAIN;
204 } else {
205 skb_pull(skb, sizeof(struct mt7996_mcu_rxd));
206 }
207
208 return ret;
209}
210
211static int
212mt7996_mcu_send_message(struct mt76_dev *mdev, struct sk_buff *skb,
213 int cmd, int *wait_seq)
214{
215 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76);
216 int txd_len, mcu_cmd = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
217 struct mt76_connac2_mcu_uni_txd *uni_txd;
218 struct mt76_connac2_mcu_txd *mcu_txd;
219 enum mt76_mcuq_id qid;
220 __le32 *txd;
221 u32 val;
222 u8 seq;
223
224 mdev->mcu.timeout = 20 * HZ;
225
226 seq = ++dev->mt76.mcu.msg_seq & 0xf;
227 if (!seq)
228 seq = ++dev->mt76.mcu.msg_seq & 0xf;
229
230 if (cmd == MCU_CMD(FW_SCATTER)) {
231 qid = MT_MCUQ_FWDL;
232 goto exit;
233 }
234
235 txd_len = cmd & __MCU_CMD_FIELD_UNI ? sizeof(*uni_txd) : sizeof(*mcu_txd);
236 txd = (__le32 *)skb_push(skb, txd_len);
237 if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state))
238 qid = MT_MCUQ_WA;
239 else
240 qid = MT_MCUQ_WM;
241
242 val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len) |
243 FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CMD) |
244 FIELD_PREP(MT_TXD0_Q_IDX, MT_TX_MCU_PORT_RX_Q0);
245 txd[0] = cpu_to_le32(val);
246
247 val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD);
248 txd[1] = cpu_to_le32(val);
249
250 if (cmd & __MCU_CMD_FIELD_UNI) {
251 uni_txd = (struct mt76_connac2_mcu_uni_txd *)txd;
252 uni_txd->len = cpu_to_le16(skb->len - sizeof(uni_txd->txd));
253 uni_txd->cid = cpu_to_le16(mcu_cmd);
254 uni_txd->s2d_index = MCU_S2D_H2CN;
255 uni_txd->pkt_type = MCU_PKT_ID;
256 uni_txd->seq = seq;
257
258 if (cmd & __MCU_CMD_FIELD_QUERY)
259 uni_txd->option = MCU_CMD_UNI_QUERY_ACK;
260 else
261 uni_txd->option = MCU_CMD_UNI_EXT_ACK;
262
263 if ((cmd & __MCU_CMD_FIELD_WA) && (cmd & __MCU_CMD_FIELD_WM))
264 uni_txd->s2d_index = MCU_S2D_H2CN;
265 else if (cmd & __MCU_CMD_FIELD_WA)
266 uni_txd->s2d_index = MCU_S2D_H2C;
267 else if (cmd & __MCU_CMD_FIELD_WM)
268 uni_txd->s2d_index = MCU_S2D_H2N;
269
270 goto exit;
271 }
272
273 mcu_txd = (struct mt76_connac2_mcu_txd *)txd;
274 mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
275 mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU,
276 MT_TX_MCU_PORT_RX_Q0));
277 mcu_txd->pkt_type = MCU_PKT_ID;
278 mcu_txd->seq = seq;
279
280 mcu_txd->cid = FIELD_GET(__MCU_CMD_FIELD_ID, cmd);
281 mcu_txd->set_query = MCU_Q_NA;
282 mcu_txd->ext_cid = FIELD_GET(__MCU_CMD_FIELD_EXT_ID, cmd);
283 if (mcu_txd->ext_cid) {
284 mcu_txd->ext_cid_ack = 1;
285
286 if (cmd & __MCU_CMD_FIELD_QUERY)
287 mcu_txd->set_query = MCU_Q_QUERY;
288 else
289 mcu_txd->set_query = MCU_Q_SET;
290 }
291
292 if (cmd & __MCU_CMD_FIELD_WA)
293 mcu_txd->s2d_index = MCU_S2D_H2C;
294 else
295 mcu_txd->s2d_index = MCU_S2D_H2N;
296
297exit:
298 if (wait_seq)
299 *wait_seq = seq;
300
301 return mt76_tx_queue_skb_raw(dev, mdev->q_mcu[qid], skb, 0);
302}
303
304int mt7996_mcu_wa_cmd(struct mt7996_dev *dev, int cmd, u32 a1, u32 a2, u32 a3)
305{
306 struct {
307 __le32 args[3];
308 } req = {
309 .args = {
310 cpu_to_le32(a1),
311 cpu_to_le32(a2),
312 cpu_to_le32(a3),
313 },
314 };
315
316 return mt76_mcu_send_msg(&dev->mt76, cmd, &req, sizeof(req), false);
317}
318
319static void
320mt7996_mcu_csa_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
321{
322 if (vif->csa_active)
323 ieee80211_csa_finish(vif);
324}
325
326static void
327mt7996_mcu_rx_radar_detected(struct mt7996_dev *dev, struct sk_buff *skb)
328{
329 struct mt76_phy *mphy = &dev->mt76.phy;
330 struct mt7996_mcu_rdd_report *r;
331
332 r = (struct mt7996_mcu_rdd_report *)skb->data;
333
334 mphy = dev->mt76.phys[r->band_idx];
335 if (!mphy)
336 return;
337
338 if (r->band_idx == MT_RX_SEL2)
339 cfg80211_background_radar_event(mphy->hw->wiphy,
340 &dev->rdd2_chandef,
341 GFP_ATOMIC);
342 else
343 ieee80211_radar_detected(mphy->hw);
344 dev->hw_pattern++;
345}
346
347static void
348mt7996_mcu_rx_log_message(struct mt7996_dev *dev, struct sk_buff *skb)
349{
350#define UNI_EVENT_FW_LOG_FORMAT 0
351 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
352 const char *data = (char *)&rxd[1] + 4, *type;
353 struct tlv *tlv = (struct tlv *)data;
354 int len;
355
356 if (!(rxd->option & MCU_UNI_CMD_EVENT)) {
357 len = skb->len - sizeof(*rxd);
358 data = (char *)&rxd[1];
359 goto out;
360 }
361
362 if (le16_to_cpu(tlv->tag) != UNI_EVENT_FW_LOG_FORMAT)
363 return;
364
365 data += sizeof(*tlv) + 4;
366 len = le16_to_cpu(tlv->len) - sizeof(*tlv) - 4;
367
368out:
369 switch (rxd->s2d_index) {
370 case 0:
371 if (mt7996_debugfs_rx_log(dev, data, len))
372 return;
373
374 type = "WM";
375 break;
376 case 2:
377 type = "WA";
378 break;
379 default:
380 type = "unknown";
381 break;
382 }
383
384 wiphy_info(mt76_hw(dev)->wiphy, "%s: %.*s", type, len, data);
385}
386
387static void
388mt7996_mcu_cca_finish(void *priv, u8 *mac, struct ieee80211_vif *vif)
389{
390 if (!vif->color_change_active)
391 return;
392
393 ieee80211_color_change_finish(vif);
394}
395
396static void
397mt7996_mcu_ie_countdown(struct mt7996_dev *dev, struct sk_buff *skb)
398{
399#define UNI_EVENT_IE_COUNTDOWN_CSA 0
400#define UNI_EVENT_IE_COUNTDOWN_BCC 1
401 struct header {
402 u8 band;
403 u8 rsv[3];
404 };
405 struct mt76_phy *mphy = &dev->mt76.phy;
406 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
407 const char *data = (char *)&rxd[1], *tail;
408 struct header *hdr = (struct header *)data;
409 struct tlv *tlv = (struct tlv *)(data + 4);
410
411 if (hdr->band && dev->mt76.phys[hdr->band])
412 mphy = dev->mt76.phys[hdr->band];
413
414 tail = skb->data + le16_to_cpu(rxd->len);
415 while (data + sizeof(struct tlv) < tail && le16_to_cpu(tlv->len)) {
416 switch (le16_to_cpu(tlv->tag)) {
417 case UNI_EVENT_IE_COUNTDOWN_CSA:
418 ieee80211_iterate_active_interfaces_atomic(mphy->hw,
419 IEEE80211_IFACE_ITER_RESUME_ALL,
420 mt7996_mcu_csa_finish, mphy->hw);
421 break;
422 case UNI_EVENT_IE_COUNTDOWN_BCC:
423 ieee80211_iterate_active_interfaces_atomic(mphy->hw,
424 IEEE80211_IFACE_ITER_RESUME_ALL,
425 mt7996_mcu_cca_finish, mphy->hw);
426 break;
427 }
428
429 data += le16_to_cpu(tlv->len);
430 tlv = (struct tlv *)data;
431 }
432}
433
434static void
435mt7996_mcu_rx_ext_event(struct mt7996_dev *dev, struct sk_buff *skb)
436{
437 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
438
439 switch (rxd->ext_eid) {
440 case MCU_EXT_EVENT_FW_LOG_2_HOST:
441 mt7996_mcu_rx_log_message(dev, skb);
442 break;
443 default:
444 break;
445 }
446}
447
448static void
449mt7996_mcu_rx_unsolicited_event(struct mt7996_dev *dev, struct sk_buff *skb)
450{
451 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
452
453 switch (rxd->eid) {
454 case MCU_EVENT_EXT:
455 mt7996_mcu_rx_ext_event(dev, skb);
456 break;
457 default:
458 break;
459 }
460 dev_kfree_skb(skb);
461}
462
463static void
464mt7996_mcu_uni_rx_unsolicited_event(struct mt7996_dev *dev, struct sk_buff *skb)
465{
466 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
467
468 switch (rxd->eid) {
469 case MCU_UNI_EVENT_FW_LOG_2_HOST:
470 mt7996_mcu_rx_log_message(dev, skb);
471 break;
472 case MCU_UNI_EVENT_IE_COUNTDOWN:
473 mt7996_mcu_ie_countdown(dev, skb);
474 break;
475 case MCU_UNI_EVENT_RDD_REPORT:
476 mt7996_mcu_rx_radar_detected(dev, skb);
477 break;
478 default:
479 break;
480 }
481 dev_kfree_skb(skb);
482}
483
484void mt7996_mcu_rx_event(struct mt7996_dev *dev, struct sk_buff *skb)
485{
486 struct mt7996_mcu_rxd *rxd = (struct mt7996_mcu_rxd *)skb->data;
487
488 if (rxd->option & MCU_UNI_CMD_UNSOLICITED_EVENT) {
489 mt7996_mcu_uni_rx_unsolicited_event(dev, skb);
490 return;
491 }
492
493 /* WA still uses legacy event*/
494 if (rxd->ext_eid == MCU_EXT_EVENT_FW_LOG_2_HOST ||
495 !rxd->seq)
496 mt7996_mcu_rx_unsolicited_event(dev, skb);
497 else
498 mt76_mcu_rx_event(&dev->mt76, skb);
499}
500
501static struct tlv *
502mt7996_mcu_add_uni_tlv(struct sk_buff *skb, u16 tag, u16 len)
503{
504 struct tlv *ptlv, tlv = {
505 .tag = cpu_to_le16(tag),
506 .len = cpu_to_le16(len),
507 };
508
509 ptlv = skb_put(skb, len);
510 memcpy(ptlv, &tlv, sizeof(tlv));
511
512 return ptlv;
513}
514
515static void
516mt7996_mcu_bss_rfch_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
517 struct mt7996_phy *phy)
518{
519 static const u8 rlm_ch_band[] = {
520 [NL80211_BAND_2GHZ] = 1,
521 [NL80211_BAND_5GHZ] = 2,
522 [NL80211_BAND_6GHZ] = 3,
523 };
524 struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
525 struct bss_rlm_tlv *ch;
526 struct tlv *tlv;
527 int freq1 = chandef->center_freq1;
528
529 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_RLM, sizeof(*ch));
530
531 ch = (struct bss_rlm_tlv *)tlv;
532 ch->control_channel = chandef->chan->hw_value;
533 ch->center_chan = ieee80211_frequency_to_channel(freq1);
534 ch->bw = mt76_connac_chan_bw(chandef);
535 ch->tx_streams = hweight8(phy->mt76->antenna_mask);
536 ch->rx_streams = hweight8(phy->mt76->antenna_mask);
537 ch->band = rlm_ch_band[chandef->chan->band];
538
539 if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
540 int freq2 = chandef->center_freq2;
541
542 ch->center_chan2 = ieee80211_frequency_to_channel(freq2);
543 }
544}
545
546static void
547mt7996_mcu_bss_ra_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
548 struct mt7996_phy *phy)
549{
550 struct bss_ra_tlv *ra;
551 struct tlv *tlv;
552
553 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_RA, sizeof(*ra));
554
555 ra = (struct bss_ra_tlv *)tlv;
556 ra->short_preamble = true;
557}
558
559static void
560mt7996_mcu_bss_he_tlv(struct sk_buff *skb, struct ieee80211_vif *vif,
561 struct mt7996_phy *phy)
562{
563#define DEFAULT_HE_PE_DURATION 4
564#define DEFAULT_HE_DURATION_RTS_THRES 1023
565 const struct ieee80211_sta_he_cap *cap;
566 struct bss_info_uni_he *he;
567 struct tlv *tlv;
568
569 cap = mt76_connac_get_he_phy_cap(phy->mt76, vif);
570
571 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_HE_BASIC, sizeof(*he));
572
573 he = (struct bss_info_uni_he *)tlv;
574 he->he_pe_duration = vif->bss_conf.htc_trig_based_pkt_ext;
575 if (!he->he_pe_duration)
576 he->he_pe_duration = DEFAULT_HE_PE_DURATION;
577
578 he->he_rts_thres = cpu_to_le16(vif->bss_conf.frame_time_rts_th);
579 if (!he->he_rts_thres)
580 he->he_rts_thres = cpu_to_le16(DEFAULT_HE_DURATION_RTS_THRES);
581
582 he->max_nss_mcs[CMD_HE_MCS_BW80] = cap->he_mcs_nss_supp.tx_mcs_80;
583 he->max_nss_mcs[CMD_HE_MCS_BW160] = cap->he_mcs_nss_supp.tx_mcs_160;
584 he->max_nss_mcs[CMD_HE_MCS_BW8080] = cap->he_mcs_nss_supp.tx_mcs_80p80;
585}
586
587static void
588mt7996_mcu_bss_bmc_tlv(struct sk_buff *skb, struct mt7996_phy *phy)
589{
590 struct bss_rate_tlv *bmc;
591 struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
592 enum nl80211_band band = chandef->chan->band;
593 struct tlv *tlv;
594
595 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_RATE, sizeof(*bmc));
596
597 bmc = (struct bss_rate_tlv *)tlv;
598 if (band == NL80211_BAND_2GHZ) {
599 bmc->short_preamble = true;
600 } else {
601 bmc->bc_trans = cpu_to_le16(0x8080);
602 bmc->mc_trans = cpu_to_le16(0x8080);
603 bmc->bc_fixed_rate = 1;
604 bmc->mc_fixed_rate = 1;
605 bmc->short_preamble = 1;
606 }
607}
608
609static void
610mt7996_mcu_bss_txcmd_tlv(struct sk_buff *skb, bool en)
611{
612 struct bss_txcmd_tlv *txcmd;
613 struct tlv *tlv;
614
615 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_TXCMD, sizeof(*txcmd));
616
617 txcmd = (struct bss_txcmd_tlv *)tlv;
618 txcmd->txcmd_mode = en;
619}
620
621static void
622mt7996_mcu_bss_mld_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
623{
624 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
625 struct bss_mld_tlv *mld;
626 struct tlv *tlv;
627
628 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_MLD, sizeof(*mld));
629
630 mld = (struct bss_mld_tlv *)tlv;
631 mld->group_mld_id = 0xff;
632 mld->own_mld_id = mvif->mt76.idx;
633 mld->remap_idx = 0xff;
634}
635
636static void
637mt7996_mcu_bss_sec_tlv(struct sk_buff *skb, struct ieee80211_vif *vif)
638{
639 struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
640 struct bss_sec_tlv *sec;
641 struct tlv *tlv;
642
643 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_SEC, sizeof(*sec));
644
645 sec = (struct bss_sec_tlv *)tlv;
646 sec->cipher = mvif->cipher;
647}
648
649static int
650mt7996_mcu_muar_config(struct mt7996_phy *phy, struct ieee80211_vif *vif,
651 bool bssid, bool enable)
652{
653 struct mt7996_dev *dev = phy->dev;
654 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
655 u32 idx = mvif->mt76.omac_idx - REPEATER_BSSID_START;
656 u32 mask = phy->omac_mask >> 32 & ~BIT(idx);
657 const u8 *addr = vif->addr;
658 struct {
659 u8 mode;
660 u8 force_clear;
661 u8 clear_bitmap[8];
662 u8 entry_count;
663 u8 write;
664 u8 band;
665
666 u8 index;
667 u8 bssid;
668 u8 addr[ETH_ALEN];
669 } __packed req = {
670 .mode = !!mask || enable,
671 .entry_count = 1,
672 .write = 1,
673 .band = phy->mt76->band_idx,
674 .index = idx * 2 + bssid,
675 };
676
677 if (bssid)
678 addr = vif->bss_conf.bssid;
679
680 if (enable)
681 ether_addr_copy(req.addr, addr);
682
683 return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(MUAR_UPDATE), &req,
684 sizeof(req), true);
685}
686
687static int
688mt7996_mcu_bss_basic_tlv(struct sk_buff *skb,
689 struct ieee80211_vif *vif,
690 struct ieee80211_sta *sta,
691 struct mt76_phy *phy, u16 wlan_idx,
692 bool enable)
693{
694 struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
695 struct cfg80211_chan_def *chandef = &phy->chandef;
696 struct mt76_connac_bss_basic_tlv *bss;
697 struct tlv *tlv;
698 u32 type;
699 int idx;
700
701 switch (vif->type) {
702 case NL80211_IFTYPE_MESH_POINT:
703 case NL80211_IFTYPE_AP:
704 case NL80211_IFTYPE_MONITOR:
705 type = CONNECTION_INFRA_AP;
706 break;
707 case NL80211_IFTYPE_STATION:
708 if (enable) {
709 rcu_read_lock();
710 if (!sta)
711 sta = ieee80211_find_sta(vif,
712 vif->bss_conf.bssid);
713 /* TODO: enable BSS_INFO_UAPSD & BSS_INFO_PM */
714 if (sta) {
715 struct mt76_wcid *wcid;
716
717 wcid = (struct mt76_wcid *)sta->drv_priv;
718 wlan_idx = wcid->idx;
719 }
720 rcu_read_unlock();
721 }
722 type = CONNECTION_INFRA_STA;
723 break;
724 case NL80211_IFTYPE_ADHOC:
725 type = CONNECTION_IBSS_ADHOC;
726 break;
727 default:
728 WARN_ON(1);
729 break;
730 }
731
732 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_BASIC, sizeof(*bss));
733
734 bss = (struct mt76_connac_bss_basic_tlv *)tlv;
735 bss->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
736 bss->dtim_period = vif->bss_conf.dtim_period;
737 bss->bmc_tx_wlan_idx = cpu_to_le16(wlan_idx);
738 bss->sta_idx = cpu_to_le16(wlan_idx);
739 bss->conn_type = cpu_to_le32(type);
740 bss->omac_idx = mvif->omac_idx;
741 bss->band_idx = mvif->band_idx;
742 bss->wmm_idx = mvif->wmm_idx;
743 bss->conn_state = !enable;
744 bss->active = enable;
745
746 idx = mvif->omac_idx > EXT_BSSID_START ? HW_BSSID_0 : mvif->omac_idx;
747 bss->hw_bss_idx = idx;
748
749 if (vif->type == NL80211_IFTYPE_MONITOR) {
750 memcpy(bss->bssid, phy->macaddr, ETH_ALEN);
751 return 0;
752 }
753
754 memcpy(bss->bssid, vif->bss_conf.bssid, ETH_ALEN);
755 bss->bcn_interval = cpu_to_le16(vif->bss_conf.beacon_int);
756 bss->dtim_period = vif->bss_conf.dtim_period;
757 bss->phymode = mt76_connac_get_phy_mode(phy, vif,
758 chandef->chan->band, NULL);
759
760 if (chandef->chan->band == NL80211_BAND_6GHZ)
761 bss->phymode_ext |= PHY_MODE_AX_6G;
762
763 return 0;
764}
765
766static struct sk_buff *
767__mt7996_mcu_alloc_bss_req(struct mt76_dev *dev, struct mt76_vif *mvif, int len)
768{
769 struct bss_req_hdr hdr = {
770 .bss_idx = mvif->idx,
771 };
772 struct sk_buff *skb;
773
774 skb = mt76_mcu_msg_alloc(dev, NULL, len);
775 if (!skb)
776 return ERR_PTR(-ENOMEM);
777
778 skb_put_data(skb, &hdr, sizeof(hdr));
779
780 return skb;
781}
782
783int mt7996_mcu_add_bss_info(struct mt7996_phy *phy,
784 struct ieee80211_vif *vif, int enable)
785{
786 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
787 struct mt7996_dev *dev = phy->dev;
788 struct sk_buff *skb;
789
790 if (mvif->mt76.omac_idx >= REPEATER_BSSID_START) {
791 mt7996_mcu_muar_config(phy, vif, false, enable);
792 mt7996_mcu_muar_config(phy, vif, true, enable);
793 }
794
795 skb = __mt7996_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76,
796 MT7996_BSS_UPDATE_MAX_SIZE);
797 if (IS_ERR(skb))
798 return PTR_ERR(skb);
799
800 /* bss_basic must be first */
801 mt7996_mcu_bss_basic_tlv(skb, vif, NULL, phy->mt76,
802 mvif->sta.wcid.idx, enable);
803 mt7996_mcu_bss_sec_tlv(skb, vif);
804
805 if (vif->type == NL80211_IFTYPE_MONITOR)
806 goto out;
807
808 if (enable) {
809 mt7996_mcu_bss_rfch_tlv(skb, vif, phy);
810 mt7996_mcu_bss_bmc_tlv(skb, phy);
811 mt7996_mcu_bss_ra_tlv(skb, vif, phy);
812 mt7996_mcu_bss_txcmd_tlv(skb, true);
813
814 if (vif->bss_conf.he_support)
815 mt7996_mcu_bss_he_tlv(skb, vif, phy);
816
817 /* this tag is necessary no matter if the vif is MLD */
818 mt7996_mcu_bss_mld_tlv(skb, vif);
819 }
820out:
821 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
822 MCU_WMWA_UNI_CMD(BSS_INFO_UPDATE), true);
823}
824
825static int
826mt7996_mcu_sta_ba(struct mt76_dev *dev, struct mt76_vif *mvif,
827 struct ieee80211_ampdu_params *params,
828 bool enable, bool tx)
829{
830 struct mt76_wcid *wcid = (struct mt76_wcid *)params->sta->drv_priv;
831 struct sta_rec_ba_uni *ba;
832 struct sk_buff *skb;
833 struct tlv *tlv;
834
835 skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, wcid,
836 MT7996_STA_UPDATE_MAX_SIZE);
837 if (IS_ERR(skb))
838 return PTR_ERR(skb);
839
840 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BA, sizeof(*ba));
841
842 ba = (struct sta_rec_ba_uni *)tlv;
843 ba->ba_type = tx ? MT_BA_TYPE_ORIGINATOR : MT_BA_TYPE_RECIPIENT;
844 ba->winsize = cpu_to_le16(params->buf_size);
845 ba->ssn = cpu_to_le16(params->ssn);
846 ba->ba_en = enable << params->tid;
847 ba->amsdu = params->amsdu;
848 ba->tid = params->tid;
849
850 return mt76_mcu_skb_send_msg(dev, skb,
851 MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
852}
853
854/** starec & wtbl **/
855int mt7996_mcu_add_tx_ba(struct mt7996_dev *dev,
856 struct ieee80211_ampdu_params *params,
857 bool enable)
858{
859 struct mt7996_sta *msta = (struct mt7996_sta *)params->sta->drv_priv;
860 struct mt7996_vif *mvif = msta->vif;
861
862 if (enable && !params->amsdu)
863 msta->wcid.amsdu = false;
864
865 return mt7996_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
866 enable, true);
867}
868
869int mt7996_mcu_add_rx_ba(struct mt7996_dev *dev,
870 struct ieee80211_ampdu_params *params,
871 bool enable)
872{
873 struct mt7996_sta *msta = (struct mt7996_sta *)params->sta->drv_priv;
874 struct mt7996_vif *mvif = msta->vif;
875
876 return mt7996_mcu_sta_ba(&dev->mt76, &mvif->mt76, params,
877 enable, false);
878}
879
880static void
881mt7996_mcu_sta_he_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
882{
883 struct ieee80211_he_cap_elem *elem = &sta->he_cap.he_cap_elem;
884 struct ieee80211_he_mcs_nss_supp mcs_map;
885 struct sta_rec_he_v2 *he;
886 struct tlv *tlv;
887 int i = 0;
888
889 if (!sta->he_cap.has_he)
890 return;
891
892 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HE_V2, sizeof(*he));
893
894 he = (struct sta_rec_he_v2 *)tlv;
895 for (i = 0; i < 11; i++){
896 if (i < 6)
897 he->he_mac_cap[i] = cpu_to_le16(elem->mac_cap_info[i]);
898 he->he_phy_cap[i] = cpu_to_le16(elem->phy_cap_info[i]);
899 }
900
901 mcs_map = sta->he_cap.he_mcs_nss_supp;
902 switch (sta->bandwidth) {
903 case IEEE80211_STA_RX_BW_160:
904 if (elem->phy_cap_info[0] &
905 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G)
906 mt7996_mcu_set_sta_he_mcs(sta,
907 &he->max_nss_mcs[CMD_HE_MCS_BW8080],
908 le16_to_cpu(mcs_map.rx_mcs_80p80));
909
910 mt7996_mcu_set_sta_he_mcs(sta,
911 &he->max_nss_mcs[CMD_HE_MCS_BW160],
912 le16_to_cpu(mcs_map.rx_mcs_160));
913 fallthrough;
914 default:
915 mt7996_mcu_set_sta_he_mcs(sta,
916 &he->max_nss_mcs[CMD_HE_MCS_BW80],
917 le16_to_cpu(mcs_map.rx_mcs_80));
918 break;
919 }
920
921 he->pkt_ext = 2;
922}
923
924static void
925mt7996_mcu_sta_he_6g_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
926{
927 struct sta_rec_he_6g_capa *he_6g;
928 struct tlv *tlv;
929
930 if (!sta->he_6ghz_capa.capa)
931 return;
932
933 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HE_6G, sizeof(*he_6g));
934
935 he_6g = (struct sta_rec_he_6g_capa *)tlv;
936 he_6g->capa = cpu_to_le16(sta->he_6ghz_capa.capa);
937
938}
939
940static void
941mt7996_mcu_sta_ht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
942{
943 struct sta_rec_ht *ht;
944 struct tlv *tlv;
945
946 if (!sta->ht_cap.ht_supported)
947 return;
948
949 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HT, sizeof(*ht));
950
951 ht = (struct sta_rec_ht *)tlv;
952 ht->ht_cap = cpu_to_le16(sta->ht_cap.cap);
953}
954
955static void
956mt7996_mcu_sta_vht_tlv(struct sk_buff *skb, struct ieee80211_sta *sta)
957{
958 struct sta_rec_vht *vht;
959 struct tlv *tlv;
960
961 /* For 6G band, this tlv is necessary to let hw work normally */
962 if (!sta->he_6ghz_capa.capa && !sta->vht_cap.vht_supported)
963 return;
964
965 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_VHT, sizeof(*vht));
966
967 vht = (struct sta_rec_vht *)tlv;
968 vht->vht_cap = cpu_to_le32(sta->vht_cap.cap);
969 vht->vht_rx_mcs_map = sta->vht_cap.vht_mcs.rx_mcs_map;
970 vht->vht_tx_mcs_map = sta->vht_cap.vht_mcs.tx_mcs_map;
971}
972
973static void
974mt7996_mcu_sta_amsdu_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
975 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
976{
977 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
978 struct sta_rec_amsdu *amsdu;
979 struct tlv *tlv;
980
981 if (vif->type != NL80211_IFTYPE_STATION &&
982 vif->type != NL80211_IFTYPE_AP)
983 return;
984
985 if (!sta->max_amsdu_len)
986 return;
987
988 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HW_AMSDU, sizeof(*amsdu));
989 amsdu = (struct sta_rec_amsdu *)tlv;
990 amsdu->max_amsdu_num = 8;
991 amsdu->amsdu_en = true;
992 msta->wcid.amsdu = true;
993
994 switch (sta->max_amsdu_len) {
995 case IEEE80211_MAX_MPDU_LEN_VHT_11454:
996 amsdu->max_mpdu_size =
997 IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454;
998 return;
999 case IEEE80211_MAX_MPDU_LEN_HT_7935:
1000 case IEEE80211_MAX_MPDU_LEN_VHT_7991:
1001 amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991;
1002 return;
1003 default:
1004 amsdu->max_mpdu_size = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895;
1005 return;
1006 }
1007}
1008
1009static inline bool
1010mt7996_is_ebf_supported(struct mt7996_phy *phy, struct ieee80211_vif *vif,
1011 struct ieee80211_sta *sta, bool bfee)
1012{
1013 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1014 int tx_ant = hweight8(phy->mt76->antenna_mask) - 1;
1015
1016 if (vif->type != NL80211_IFTYPE_STATION &&
1017 vif->type != NL80211_IFTYPE_AP)
1018 return false;
1019
1020 if (!bfee && tx_ant < 2)
1021 return false;
1022
1023 if (sta->he_cap.has_he) {
1024 struct ieee80211_he_cap_elem *pe = &sta->he_cap.he_cap_elem;
1025
1026 if (bfee)
1027 return mvif->cap.he_su_ebfee &&
1028 HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]);
1029 else
1030 return mvif->cap.he_su_ebfer &&
1031 HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]);
1032 }
1033
1034 if (sta->vht_cap.vht_supported) {
1035 u32 cap = sta->vht_cap.cap;
1036
1037 if (bfee)
1038 return mvif->cap.vht_su_ebfee &&
1039 (cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1040 else
1041 return mvif->cap.vht_su_ebfer &&
1042 (cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1043 }
1044
1045 return false;
1046}
1047
1048static void
1049mt7996_mcu_sta_sounding_rate(struct sta_rec_bf *bf)
1050{
1051 bf->sounding_phy = MT_PHY_TYPE_OFDM;
1052 bf->ndp_rate = 0; /* mcs0 */
1053 bf->ndpa_rate = MT7996_CFEND_RATE_DEFAULT; /* ofdm 24m */
1054 bf->rept_poll_rate = MT7996_CFEND_RATE_DEFAULT; /* ofdm 24m */
1055}
1056
1057static void
1058mt7996_mcu_sta_bfer_ht(struct ieee80211_sta *sta, struct mt7996_phy *phy,
1059 struct sta_rec_bf *bf)
1060{
1061 struct ieee80211_mcs_info *mcs = &sta->ht_cap.mcs;
1062 u8 n = 0;
1063
1064 bf->tx_mode = MT_PHY_TYPE_HT;
1065
1066 if ((mcs->tx_params & IEEE80211_HT_MCS_TX_RX_DIFF) &&
1067 (mcs->tx_params & IEEE80211_HT_MCS_TX_DEFINED))
1068 n = FIELD_GET(IEEE80211_HT_MCS_TX_MAX_STREAMS_MASK,
1069 mcs->tx_params);
1070 else if (mcs->rx_mask[3])
1071 n = 3;
1072 else if (mcs->rx_mask[2])
1073 n = 2;
1074 else if (mcs->rx_mask[1])
1075 n = 1;
1076
1077 bf->nrow = hweight8(phy->mt76->antenna_mask) - 1;
1078 bf->ncol = min_t(u8, bf->nrow, n);
1079 bf->ibf_ncol = n;
1080}
1081
1082static void
1083mt7996_mcu_sta_bfer_vht(struct ieee80211_sta *sta, struct mt7996_phy *phy,
1084 struct sta_rec_bf *bf, bool explicit)
1085{
1086 struct ieee80211_sta_vht_cap *pc = &sta->vht_cap;
1087 struct ieee80211_sta_vht_cap *vc = &phy->mt76->sband_5g.sband.vht_cap;
1088 u16 mcs_map = le16_to_cpu(pc->vht_mcs.rx_mcs_map);
1089 u8 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map);
1090 u8 tx_ant = hweight8(phy->mt76->antenna_mask) - 1;
1091
1092 bf->tx_mode = MT_PHY_TYPE_VHT;
1093
1094 if (explicit) {
1095 u8 sts, snd_dim;
1096
1097 mt7996_mcu_sta_sounding_rate(bf);
1098
1099 sts = FIELD_GET(IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK,
1100 pc->cap);
1101 snd_dim = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1102 vc->cap);
1103 bf->nrow = min_t(u8, min_t(u8, snd_dim, sts), tx_ant);
1104 bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1105 bf->ibf_ncol = bf->ncol;
1106
1107 if (sta->bandwidth == IEEE80211_STA_RX_BW_160)
1108 bf->nrow = 1;
1109 } else {
1110 bf->nrow = tx_ant;
1111 bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1112 bf->ibf_ncol = nss_mcs;
1113
1114 if (sta->bandwidth == IEEE80211_STA_RX_BW_160)
1115 bf->ibf_nrow = 1;
1116 }
1117}
1118
1119static void
1120mt7996_mcu_sta_bfer_he(struct ieee80211_sta *sta, struct ieee80211_vif *vif,
1121 struct mt7996_phy *phy, struct sta_rec_bf *bf)
1122{
1123 struct ieee80211_sta_he_cap *pc = &sta->he_cap;
1124 struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
1125 const struct ieee80211_sta_he_cap *vc =
1126 mt76_connac_get_he_phy_cap(phy->mt76, vif);
1127 const struct ieee80211_he_cap_elem *ve = &vc->he_cap_elem;
1128 u16 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80);
1129 u8 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map);
1130 u8 snd_dim, sts;
1131
1132 bf->tx_mode = MT_PHY_TYPE_HE_SU;
1133
1134 mt7996_mcu_sta_sounding_rate(bf);
1135
1136 bf->trigger_su = HE_PHY(CAP6_TRIG_SU_BEAMFORMING_FB,
1137 pe->phy_cap_info[6]);
1138 bf->trigger_mu = HE_PHY(CAP6_TRIG_MU_BEAMFORMING_PARTIAL_BW_FB,
1139 pe->phy_cap_info[6]);
1140 snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1141 ve->phy_cap_info[5]);
1142 sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_UNDER_80MHZ_MASK,
1143 pe->phy_cap_info[4]);
1144 bf->nrow = min_t(u8, snd_dim, sts);
1145 bf->ncol = min_t(u8, nss_mcs, bf->nrow);
1146 bf->ibf_ncol = bf->ncol;
1147
1148 if (sta->bandwidth != IEEE80211_STA_RX_BW_160)
1149 return;
1150
1151 /* go over for 160MHz and 80p80 */
1152 if (pe->phy_cap_info[0] &
1153 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G) {
1154 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_160);
1155 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map);
1156
1157 bf->ncol_gt_bw80 = nss_mcs;
1158 }
1159
1160 if (pe->phy_cap_info[0] &
1161 IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G) {
1162 mcs_map = le16_to_cpu(pc->he_mcs_nss_supp.rx_mcs_80p80);
1163 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map);
1164
1165 if (bf->ncol_gt_bw80)
1166 bf->ncol_gt_bw80 = min_t(u8, bf->ncol_gt_bw80, nss_mcs);
1167 else
1168 bf->ncol_gt_bw80 = nss_mcs;
1169 }
1170
1171 snd_dim = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_MASK,
1172 ve->phy_cap_info[5]);
1173 sts = HE_PHY(CAP4_BEAMFORMEE_MAX_STS_ABOVE_80MHZ_MASK,
1174 pe->phy_cap_info[4]);
1175
1176 bf->nrow_gt_bw80 = min_t(int, snd_dim, sts);
1177}
1178
1179static void
1180mt7996_mcu_sta_bfer_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
1181 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1182{
1183 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1184 struct mt7996_phy *phy = mvif->phy;
1185 int tx_ant = hweight8(phy->mt76->antenna_mask) - 1;
1186 struct sta_rec_bf *bf;
1187 struct tlv *tlv;
1188 const u8 matrix[4][4] = {
1189 {0, 0, 0, 0},
1190 {1, 1, 0, 0}, /* 2x1, 2x2, 2x3, 2x4 */
1191 {2, 4, 4, 0}, /* 3x1, 3x2, 3x3, 3x4 */
1192 {3, 5, 6, 0} /* 4x1, 4x2, 4x3, 4x4 */
1193 };
1194 bool ebf;
1195
1196 if (!(sta->ht_cap.ht_supported || sta->he_cap.has_he))
1197 return;
1198
1199 ebf = mt7996_is_ebf_supported(phy, vif, sta, false);
1200 if (!ebf && !dev->ibf)
1201 return;
1202
1203 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BF, sizeof(*bf));
1204 bf = (struct sta_rec_bf *)tlv;
1205
1206 /* he: eBF only, in accordance with spec
1207 * vht: support eBF and iBF
1208 * ht: iBF only, since mac80211 lacks of eBF support
1209 */
1210 if (sta->he_cap.has_he && ebf)
1211 mt7996_mcu_sta_bfer_he(sta, vif, phy, bf);
1212 else if (sta->vht_cap.vht_supported)
1213 mt7996_mcu_sta_bfer_vht(sta, phy, bf, ebf);
1214 else if (sta->ht_cap.ht_supported)
1215 mt7996_mcu_sta_bfer_ht(sta, phy, bf);
1216 else
1217 return;
1218
1219 bf->bf_cap = ebf ? ebf : dev->ibf << 1;
1220 bf->bw = sta->bandwidth;
1221 bf->ibf_dbw = sta->bandwidth;
1222 bf->ibf_nrow = tx_ant;
1223
1224 if (!ebf && sta->bandwidth <= IEEE80211_STA_RX_BW_40 && !bf->ncol)
1225 bf->ibf_timeout = 0x48;
1226 else
1227 bf->ibf_timeout = 0x18;
1228
1229 if (ebf && bf->nrow != tx_ant)
1230 bf->mem_20m = matrix[tx_ant][bf->ncol];
1231 else
1232 bf->mem_20m = matrix[bf->nrow][bf->ncol];
1233
1234 switch (sta->bandwidth) {
1235 case IEEE80211_STA_RX_BW_160:
1236 case IEEE80211_STA_RX_BW_80:
1237 bf->mem_total = bf->mem_20m * 2;
1238 break;
1239 case IEEE80211_STA_RX_BW_40:
1240 bf->mem_total = bf->mem_20m;
1241 break;
1242 case IEEE80211_STA_RX_BW_20:
1243 default:
1244 break;
1245 }
1246}
1247
1248static void
1249mt7996_mcu_sta_bfee_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
1250 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1251{
1252 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1253 struct mt7996_phy *phy = mvif->phy;
1254 int tx_ant = hweight8(phy->mt76->antenna_mask) - 1;
1255 struct sta_rec_bfee *bfee;
1256 struct tlv *tlv;
1257 u8 nrow = 0;
1258
1259 if (!(sta->vht_cap.vht_supported || sta->he_cap.has_he))
1260 return;
1261
1262 if (!mt7996_is_ebf_supported(phy, vif, sta, true))
1263 return;
1264
1265 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_BFEE, sizeof(*bfee));
1266 bfee = (struct sta_rec_bfee *)tlv;
1267
1268 if (sta->he_cap.has_he) {
1269 struct ieee80211_he_cap_elem *pe = &sta->he_cap.he_cap_elem;
1270
1271 nrow = HE_PHY(CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK,
1272 pe->phy_cap_info[5]);
1273 } else if (sta->vht_cap.vht_supported) {
1274 struct ieee80211_sta_vht_cap *pc = &sta->vht_cap;
1275
1276 nrow = FIELD_GET(IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK,
1277 pc->cap);
1278 }
1279
1280 /* reply with identity matrix to avoid 2x2 BF negative gain */
1281 bfee->fb_identity_matrix = (nrow == 1 && tx_ant == 2);
1282}
1283
1284static void
1285mt7996_mcu_sta_phy_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
1286 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1287{
1288 struct sta_rec_phy *phy;
1289 struct tlv *tlv;
1290 u8 af = 0, mm = 0;
1291
1292 if (!sta->ht_cap.ht_supported && !sta->he_6ghz_capa.capa)
1293 return;
1294
1295 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_PHY, sizeof(*phy));
1296
1297 phy = (struct sta_rec_phy *)tlv;
1298 if (sta->ht_cap.ht_supported) {
1299 af = sta->ht_cap.ampdu_factor;
1300 mm = sta->ht_cap.ampdu_density;
1301 }
1302
1303 if (sta->vht_cap.vht_supported) {
1304 u8 vht_af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
1305 sta->vht_cap.cap);
1306
1307 af = max_t(u8, af, vht_af);
1308 }
1309
1310 if (sta->he_6ghz_capa.capa) {
1311 af = le16_get_bits(sta->he_6ghz_capa.capa,
1312 IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP);
1313 mm = le16_get_bits(sta->he_6ghz_capa.capa,
1314 IEEE80211_HE_6GHZ_CAP_MIN_MPDU_START);
1315 }
1316
1317 phy->ampdu = FIELD_PREP(IEEE80211_HT_AMPDU_PARM_FACTOR, af) |
1318 FIELD_PREP(IEEE80211_HT_AMPDU_PARM_DENSITY, mm);
1319 phy->max_ampdu_len = af;
1320}
1321
1322static void
1323mt7996_mcu_sta_hdrt_tlv(struct mt7996_dev *dev, struct sk_buff *skb)
1324{
1325 struct sta_rec_hdrt *hdrt;
1326 struct tlv *tlv;
1327
1328 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HDRT, sizeof(*hdrt));
1329
1330 hdrt = (struct sta_rec_hdrt *)tlv;
1331 hdrt->hdrt_mode = 1;
1332}
1333
1334static void
1335mt7996_mcu_sta_hdr_trans_tlv(struct mt7996_dev *dev, struct sk_buff *skb,
1336 struct ieee80211_vif *vif,
1337 struct ieee80211_sta *sta)
1338{
1339 struct sta_rec_hdr_trans *hdr_trans;
1340 struct mt76_wcid *wcid;
1341 struct tlv *tlv;
1342
1343 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_HDR_TRANS, sizeof(*hdr_trans));
1344 hdr_trans = (struct sta_rec_hdr_trans*) tlv;
1345 hdr_trans->dis_rx_hdr_tran = true;
1346
1347 if (vif->type == NL80211_IFTYPE_STATION)
1348 hdr_trans->to_ds = true;
1349 else
1350 hdr_trans->from_ds = true;
1351
1352 wcid = (struct mt76_wcid *)sta->drv_priv;
1353 if (!wcid)
1354 return;
1355
1356 hdr_trans->dis_rx_hdr_tran = !test_bit(MT_WCID_FLAG_HDR_TRANS, &wcid->flags);
1357 if (test_bit(MT_WCID_FLAG_4ADDR, &wcid->flags)) {
1358 hdr_trans->to_ds = true;
1359 hdr_trans->from_ds = true;
1360 }
1361}
1362
1363static enum mcu_mmps_mode
1364mt7996_mcu_get_mmps_mode(enum ieee80211_smps_mode smps)
1365{
1366 switch (smps) {
1367 case IEEE80211_SMPS_OFF:
1368 return MCU_MMPS_DISABLE;
1369 case IEEE80211_SMPS_STATIC:
1370 return MCU_MMPS_STATIC;
1371 case IEEE80211_SMPS_DYNAMIC:
1372 return MCU_MMPS_DYNAMIC;
1373 default:
1374 return MCU_MMPS_DISABLE;
1375 }
1376}
1377
1378int mt7996_mcu_set_fixed_rate_ctrl(struct mt7996_dev *dev,
1379 void *data, u16 version)
1380{
1381 struct ra_fixed_rate *req;
1382 struct uni_header hdr;
1383 struct sk_buff *skb;
1384 struct tlv *tlv;
1385 int len;
1386
1387 len = sizeof(hdr) + sizeof(*req);
1388
1389 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
1390 if (!skb)
1391 return -ENOMEM;
1392
1393 skb_put_data(skb, &hdr, sizeof(hdr));
1394
1395 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_RA_FIXED_RATE, sizeof(*req));
1396 req = (struct ra_fixed_rate *)tlv;
1397 req->version = cpu_to_le16(version);
1398 memcpy(&req->rate, data, sizeof(req->rate));
1399
1400 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1401 MCU_WM_UNI_CMD(RA), true);
1402}
1403
1404static void
1405mt7996_mcu_sta_rate_ctrl_tlv(struct sk_buff *skb, struct mt7996_dev *dev,
1406 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
1407{
1408 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1409 struct mt76_phy *mphy = mvif->phy->mt76;
1410 struct cfg80211_chan_def *chandef = &mphy->chandef;
1411 struct cfg80211_bitrate_mask *mask = &mvif->bitrate_mask;
1412 enum nl80211_band band = chandef->chan->band;
1413 struct sta_rec_ra *ra;
1414 struct tlv *tlv;
1415 u32 supp_rate = sta->supp_rates[band];
1416 u32 cap = sta->wme ? STA_CAP_WMM : 0;
1417
1418 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA, sizeof(*ra));
1419 ra = (struct sta_rec_ra *)tlv;
1420
1421 ra->valid = true;
1422 ra->auto_rate = true;
1423 ra->phy_mode = mt76_connac_get_phy_mode(mphy, vif, band, sta);
1424 ra->channel = chandef->chan->hw_value;
1425 ra->bw = sta->bandwidth;
1426 ra->phy.bw = sta->bandwidth;
1427 ra->mmps_mode = mt7996_mcu_get_mmps_mode(sta->smps_mode);
1428
1429 if (supp_rate) {
1430 supp_rate &= mask->control[band].legacy;
1431 ra->rate_len = hweight32(supp_rate);
1432
1433 if (band == NL80211_BAND_2GHZ) {
1434 ra->supp_mode = MODE_CCK;
1435 ra->supp_cck_rate = supp_rate & GENMASK(3, 0);
1436
1437 if (ra->rate_len > 4) {
1438 ra->supp_mode |= MODE_OFDM;
1439 ra->supp_ofdm_rate = supp_rate >> 4;
1440 }
1441 } else {
1442 ra->supp_mode = MODE_OFDM;
1443 ra->supp_ofdm_rate = supp_rate;
1444 }
1445 }
1446
1447 if (sta->ht_cap.ht_supported) {
1448 ra->supp_mode |= MODE_HT;
1449 ra->af = sta->ht_cap.ampdu_factor;
1450 ra->ht_gf = !!(sta->ht_cap.cap & IEEE80211_HT_CAP_GRN_FLD);
1451
1452 cap |= STA_CAP_HT;
1453 if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20)
1454 cap |= STA_CAP_SGI_20;
1455 if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40)
1456 cap |= STA_CAP_SGI_40;
1457 if (sta->ht_cap.cap & IEEE80211_HT_CAP_TX_STBC)
1458 cap |= STA_CAP_TX_STBC;
1459 if (sta->ht_cap.cap & IEEE80211_HT_CAP_RX_STBC)
1460 cap |= STA_CAP_RX_STBC;
1461 if (mvif->cap.ht_ldpc &&
1462 (sta->ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING))
1463 cap |= STA_CAP_LDPC;
1464
1465 mt7996_mcu_set_sta_ht_mcs(sta, ra->ht_mcs,
1466 mask->control[band].ht_mcs);
1467 ra->supp_ht_mcs = *(__le32 *)ra->ht_mcs;
1468 }
1469
1470 if (sta->vht_cap.vht_supported) {
1471 u8 af;
1472
1473 ra->supp_mode |= MODE_VHT;
1474 af = FIELD_GET(IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK,
1475 sta->vht_cap.cap);
1476 ra->af = max_t(u8, ra->af, af);
1477
1478 cap |= STA_CAP_VHT;
1479 if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80)
1480 cap |= STA_CAP_VHT_SGI_80;
1481 if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160)
1482 cap |= STA_CAP_VHT_SGI_160;
1483 if (sta->vht_cap.cap & IEEE80211_VHT_CAP_TXSTBC)
1484 cap |= STA_CAP_VHT_TX_STBC;
1485 if (sta->vht_cap.cap & IEEE80211_VHT_CAP_RXSTBC_1)
1486 cap |= STA_CAP_VHT_RX_STBC;
1487 if (mvif->cap.vht_ldpc &&
1488 (sta->vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC))
1489 cap |= STA_CAP_VHT_LDPC;
1490
1491 mt7996_mcu_set_sta_vht_mcs(sta, ra->supp_vht_mcs,
1492 mask->control[band].vht_mcs);
1493 }
1494
1495 if (sta->he_cap.has_he) {
1496 ra->supp_mode |= MODE_HE;
1497 cap |= STA_CAP_HE;
1498
1499 if (sta->he_6ghz_capa.capa)
1500 ra->af = le16_get_bits(sta->he_6ghz_capa.capa,
1501 IEEE80211_HE_6GHZ_CAP_MAX_AMPDU_LEN_EXP);
1502 }
1503 ra->sta_cap = cpu_to_le32(cap);
1504}
1505
1506int mt7996_mcu_add_rate_ctrl(struct mt7996_dev *dev, struct ieee80211_vif *vif,
1507 struct ieee80211_sta *sta, bool changed)
1508{
1509 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1510 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
1511 struct sk_buff *skb;
1512
1513 skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1514 &msta->wcid,
1515 MT7996_STA_UPDATE_MAX_SIZE);
1516 if (IS_ERR(skb))
1517 return PTR_ERR(skb);
1518
1519 /* firmware rc algorithm refers to sta_rec_he for HE control.
1520 * once dev->rc_work changes the settings driver should also
1521 * update sta_rec_he here.
1522 */
1523 if (changed)
1524 mt7996_mcu_sta_he_tlv(skb, sta);
1525
1526 /* sta_rec_ra accommodates BW, NSS and only MCS range format
1527 * i.e 0-{7,8,9} for VHT.
1528 */
1529 mt7996_mcu_sta_rate_ctrl_tlv(skb, dev, vif, sta);
1530
1531 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1532 MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
1533}
1534
1535static int
1536mt7996_mcu_add_group(struct mt7996_dev *dev, struct ieee80211_vif *vif,
1537 struct ieee80211_sta *sta)
1538{
1539#define MT_STA_BSS_GROUP 1
1540 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1541 struct mt7996_sta *msta;
1542 struct {
1543 u8 __rsv1[4];
1544
1545 __le16 tag;
1546 __le16 len;
1547 __le16 wlan_idx;
1548 u8 __rsv2[2];
1549 __le32 action;
1550 __le32 val;
1551 u8 __rsv3[8];
1552 } __packed req = {
1553 .tag = cpu_to_le16(UNI_VOW_DRR_CTRL),
1554 .len = cpu_to_le16(sizeof(req) - 4),
1555 .action = cpu_to_le32(MT_STA_BSS_GROUP),
1556 .val = cpu_to_le32(mvif->mt76.idx % 16),
1557 };
1558
1559 msta = sta ? (struct mt7996_sta *)sta->drv_priv : &mvif->sta;
1560 req.wlan_idx = cpu_to_le16(msta->wcid.idx);
1561
1562 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(VOW), &req,
1563 sizeof(req), true);
1564}
1565
1566int mt7996_mcu_add_sta(struct mt7996_dev *dev, struct ieee80211_vif *vif,
1567 struct ieee80211_sta *sta, bool enable)
1568{
1569 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1570 struct mt7996_sta *msta;
1571 struct sk_buff *skb;
1572 int ret;
1573
1574 msta = sta ? (struct mt7996_sta *)sta->drv_priv : &mvif->sta;
1575
1576 skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
1577 &msta->wcid,
1578 MT7996_STA_UPDATE_MAX_SIZE);
1579 if (IS_ERR(skb))
1580 return PTR_ERR(skb);
1581
1582 /* starec basic */
1583 mt76_connac_mcu_sta_basic_tlv(skb, vif, sta, enable,
1584 !rcu_access_pointer(dev->mt76.wcid[msta->wcid.idx]));
1585 if (!enable)
1586 goto out;
1587
1588 /* tag order is in accordance with firmware dependency. */
1589 if (sta) {
1590 /* starec phy */
1591 mt7996_mcu_sta_phy_tlv(dev, skb, vif, sta);
1592 /* starec hdrt mode */
1593 mt7996_mcu_sta_hdrt_tlv(dev, skb);
1594 /* starec bfer */
1595 mt7996_mcu_sta_bfer_tlv(dev, skb, vif, sta);
1596 /* starec ht */
1597 mt7996_mcu_sta_ht_tlv(skb, sta);
1598 /* starec vht */
1599 mt7996_mcu_sta_vht_tlv(skb, sta);
1600 /* starec uapsd */
1601 mt76_connac_mcu_sta_uapsd(skb, vif, sta);
1602 /* starec amsdu */
1603 mt7996_mcu_sta_amsdu_tlv(dev, skb, vif, sta);
1604 /* starec he */
1605 mt7996_mcu_sta_he_tlv(skb, sta);
1606 /* starec he 6g*/
1607 mt7996_mcu_sta_he_6g_tlv(skb, sta);
1608 /* TODO: starec muru */
1609 /* starec bfee */
1610 mt7996_mcu_sta_bfee_tlv(dev, skb, vif, sta);
1611 /* starec hdr trans */
1612 mt7996_mcu_sta_hdr_trans_tlv(dev, skb, vif, sta);
1613 }
1614
1615 ret = mt7996_mcu_add_group(dev, vif, sta);
1616 if (ret) {
1617 dev_kfree_skb(skb);
1618 return ret;
1619 }
1620out:
1621 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
1622 MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
1623}
1624
1625static int
1626mt7996_mcu_sta_key_tlv(struct mt76_wcid *wcid,
1627 struct mt76_connac_sta_key_conf *sta_key_conf,
1628 struct sk_buff *skb,
1629 struct ieee80211_key_conf *key,
1630 enum set_key_cmd cmd)
1631{
1632 struct sta_rec_sec_uni *sec;
1633 struct tlv *tlv;
1634
1635 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_KEY_V2, sizeof(*sec));
1636 sec = (struct sta_rec_sec_uni *)tlv;
1637 sec->add = cmd;
1638
1639 if (cmd == SET_KEY) {
1640 struct sec_key_uni *sec_key;
1641 u8 cipher;
1642
1643 cipher = mt76_connac_mcu_get_cipher(key->cipher);
1644 if (cipher == MCU_CIPHER_NONE)
1645 return -EOPNOTSUPP;
1646
1647 sec_key = &sec->key[0];
1648 sec_key->cipher_len = sizeof(*sec_key);
1649
1650 if (cipher == MCU_CIPHER_BIP_CMAC_128) {
1651 sec_key->wlan_idx = cpu_to_le16(wcid->idx);
1652 sec_key->cipher_id = MCU_CIPHER_AES_CCMP;
1653 sec_key->key_id = sta_key_conf->keyidx;
1654 sec_key->key_len = 16;
1655 memcpy(sec_key->key, sta_key_conf->key, 16);
1656
1657 sec_key = &sec->key[1];
1658 sec_key->wlan_idx = cpu_to_le16(wcid->idx);
1659 sec_key->cipher_id = MCU_CIPHER_BIP_CMAC_128;
1660 sec_key->cipher_len = sizeof(*sec_key);
1661 sec_key->key_len = 16;
1662 memcpy(sec_key->key, key->key, 16);
1663 sec->n_cipher = 2;
1664 } else {
1665 sec_key->wlan_idx = cpu_to_le16(wcid->idx);
1666 sec_key->cipher_id = cipher;
1667 sec_key->key_id = key->keyidx;
1668 sec_key->key_len = key->keylen;
1669 memcpy(sec_key->key, key->key, key->keylen);
1670
1671 if (cipher == MCU_CIPHER_TKIP) {
1672 /* Rx/Tx MIC keys are swapped */
1673 memcpy(sec_key->key + 16, key->key + 24, 8);
1674 memcpy(sec_key->key + 24, key->key + 16, 8);
1675 }
1676
1677 /* store key_conf for BIP batch update */
1678 if (cipher == MCU_CIPHER_AES_CCMP) {
1679 memcpy(sta_key_conf->key, key->key, key->keylen);
1680 sta_key_conf->keyidx = key->keyidx;
1681 }
1682
1683 sec->n_cipher = 1;
1684 }
1685 } else {
1686 sec->n_cipher = 0;
1687 }
1688
1689 return 0;
1690}
1691
1692int mt7996_mcu_add_key(struct mt76_dev *dev, struct ieee80211_vif *vif,
1693 struct mt76_connac_sta_key_conf *sta_key_conf,
1694 struct ieee80211_key_conf *key, int mcu_cmd,
1695 struct mt76_wcid *wcid, enum set_key_cmd cmd)
1696{
1697 struct mt76_vif *mvif = (struct mt76_vif *)vif->drv_priv;
1698 struct sk_buff *skb;
1699 int ret;
1700
1701 skb = __mt76_connac_mcu_alloc_sta_req(dev, mvif, wcid,
1702 MT7996_STA_UPDATE_MAX_SIZE);
1703 if (IS_ERR(skb))
1704 return PTR_ERR(skb);
1705
1706 ret = mt7996_mcu_sta_key_tlv(wcid, sta_key_conf, skb, key, cmd);
1707 if (ret)
1708 return ret;
1709
1710 return mt76_mcu_skb_send_msg(dev, skb, mcu_cmd, true);
1711}
1712
1713int mt7996_mcu_add_dev_info(struct mt7996_phy *phy,
1714 struct ieee80211_vif *vif, bool enable)
1715{
1716 struct mt7996_dev *dev = phy->dev;
1717 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1718 struct {
1719 struct req_hdr {
1720 u8 omac_idx;
1721 u8 dbdc_idx;
1722 u8 __rsv[2];
1723 } __packed hdr;
1724 struct req_tlv {
1725 __le16 tag;
1726 __le16 len;
1727 u8 active;
1728 u8 __rsv;
1729 u8 omac_addr[ETH_ALEN];
1730 } __packed tlv;
1731 } data = {
1732 .hdr = {
1733 .omac_idx = mvif->mt76.omac_idx,
1734 .dbdc_idx = mvif->mt76.band_idx,
1735 },
1736 .tlv = {
1737 .tag = cpu_to_le16(DEV_INFO_ACTIVE),
1738 .len = cpu_to_le16(sizeof(struct req_tlv)),
1739 .active = enable,
1740 },
1741 };
1742
1743 if (mvif->mt76.omac_idx >= REPEATER_BSSID_START)
1744 return mt7996_mcu_muar_config(phy, vif, false, enable);
1745
1746 memcpy(data.tlv.omac_addr, vif->addr, ETH_ALEN);
1747 return mt76_mcu_send_msg(&dev->mt76, MCU_WMWA_UNI_CMD(DEV_INFO_UPDATE),
1748 &data, sizeof(data), true);
1749}
1750
1751static void
1752mt7996_mcu_beacon_cntdwn(struct ieee80211_vif *vif, struct sk_buff *rskb,
1753 struct sk_buff *skb,
1754 struct ieee80211_mutable_offsets *offs)
1755{
1756 struct bss_bcn_cntdwn_tlv *info;
1757 struct tlv *tlv;
1758 u16 tag;
1759
1760 if (!offs->cntdwn_counter_offs[0])
1761 return;
1762
1763 tag = vif->csa_active ? UNI_BSS_INFO_BCN_CSA : UNI_BSS_INFO_BCN_BCC;
1764
1765 tlv = mt7996_mcu_add_uni_tlv(rskb, tag, sizeof(*info));
1766
1767 info = (struct bss_bcn_cntdwn_tlv *)tlv;
1768 info->cnt = skb->data[offs->cntdwn_counter_offs[0]];
1769}
1770
1771static void
1772mt7996_mcu_beacon_cont(struct mt7996_dev *dev, struct ieee80211_vif *vif,
1773 struct sk_buff *rskb, struct sk_buff *skb,
1774 struct bss_bcn_content_tlv *bcn,
1775 struct ieee80211_mutable_offsets *offs)
1776{
1777 struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1778 u8 *buf;
1779
1780 bcn->pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
1781 bcn->tim_ie_pos = cpu_to_le16(offs->tim_offset);
1782
1783 if (offs->cntdwn_counter_offs[0]) {
1784 u16 offset = offs->cntdwn_counter_offs[0];
1785
1786 if (vif->csa_active)
1787 bcn->csa_ie_pos = cpu_to_le16(offset - 4);
1788 if (vif->color_change_active)
1789 bcn->bcc_ie_pos = cpu_to_le16(offset - 3);
1790 }
1791
1792 buf = (u8 *)bcn + sizeof(*bcn) - MAX_BEACON_SIZE;
1793 mt7996_mac_write_txwi(dev, (__le32 *)buf, skb, wcid, 0, NULL,
1794 BSS_CHANGED_BEACON);
1795 memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
1796}
1797
1798static void
1799mt7996_mcu_beacon_check_caps(struct mt7996_phy *phy, struct ieee80211_vif *vif,
1800 struct sk_buff *skb)
1801{
1802 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1803 struct mt7996_vif_cap *vc = &mvif->cap;
1804 const struct ieee80211_he_cap_elem *he;
1805 const struct ieee80211_vht_cap *vht;
1806 const struct ieee80211_ht_cap *ht;
1807 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data;
1808 const u8 *ie;
1809 u32 len, bc;
1810
1811 /* Check missing configuration options to allow AP mode in mac80211
1812 * to remain in sync with hostapd settings, and get a subset of
1813 * beacon and hardware capabilities.
1814 */
1815 if (WARN_ON_ONCE(skb->len <= (mgmt->u.beacon.variable - skb->data)))
1816 return;
1817
1818 memset(vc, 0, sizeof(*vc));
1819
1820 len = skb->len - (mgmt->u.beacon.variable - skb->data);
1821
1822 ie = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, mgmt->u.beacon.variable,
1823 len);
1824 if (ie && ie[1] >= sizeof(*ht)) {
1825 ht = (void *)(ie + 2);
1826 vc->ht_ldpc |= !!(le16_to_cpu(ht->cap_info) &
1827 IEEE80211_HT_CAP_LDPC_CODING);
1828 }
1829
1830 ie = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, mgmt->u.beacon.variable,
1831 len);
1832 if (ie && ie[1] >= sizeof(*vht)) {
1833 u32 pc = phy->mt76->sband_5g.sband.vht_cap.cap;
1834
1835 vht = (void *)(ie + 2);
1836 bc = le32_to_cpu(vht->vht_cap_info);
1837
1838 vc->vht_ldpc |= !!(bc & IEEE80211_VHT_CAP_RXLDPC);
1839 vc->vht_su_ebfer =
1840 (bc & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE) &&
1841 (pc & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1842 vc->vht_su_ebfee =
1843 (bc & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE) &&
1844 (pc & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1845 vc->vht_mu_ebfer =
1846 (bc & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE) &&
1847 (pc & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE);
1848 vc->vht_mu_ebfee =
1849 (bc & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE) &&
1850 (pc & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1851 }
1852
1853 ie = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY,
1854 mgmt->u.beacon.variable, len);
1855 if (ie && ie[1] >= sizeof(*he) + 1) {
1856 const struct ieee80211_sta_he_cap *pc =
1857 mt76_connac_get_he_phy_cap(phy->mt76, vif);
1858 const struct ieee80211_he_cap_elem *pe = &pc->he_cap_elem;
1859
1860 he = (void *)(ie + 3);
1861
1862 vc->he_ldpc =
1863 HE_PHY(CAP1_LDPC_CODING_IN_PAYLOAD, pe->phy_cap_info[1]);
1864 vc->he_su_ebfer =
1865 HE_PHY(CAP3_SU_BEAMFORMER, he->phy_cap_info[3]) &&
1866 HE_PHY(CAP3_SU_BEAMFORMER, pe->phy_cap_info[3]);
1867 vc->he_su_ebfee =
1868 HE_PHY(CAP4_SU_BEAMFORMEE, he->phy_cap_info[4]) &&
1869 HE_PHY(CAP4_SU_BEAMFORMEE, pe->phy_cap_info[4]);
1870 vc->he_mu_ebfer =
1871 HE_PHY(CAP4_MU_BEAMFORMER, he->phy_cap_info[4]) &&
1872 HE_PHY(CAP4_MU_BEAMFORMER, pe->phy_cap_info[4]);
1873 }
1874}
1875
1876int mt7996_mcu_add_beacon(struct ieee80211_hw *hw,
1877 struct ieee80211_vif *vif, int en)
1878{
1879 struct mt7996_dev *dev = mt7996_hw_dev(hw);
1880 struct mt7996_phy *phy = mt7996_hw_phy(hw);
1881 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1882 struct ieee80211_mutable_offsets offs;
1883 struct ieee80211_tx_info *info;
1884 struct sk_buff *skb, *rskb;
1885 struct tlv *tlv;
1886 struct bss_bcn_content_tlv *bcn;
1887
1888 rskb = __mt7996_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76,
1889 MT7996_BEACON_UPDATE_SIZE);
1890 if (IS_ERR(rskb))
1891 return PTR_ERR(rskb);
1892
1893 tlv = mt7996_mcu_add_uni_tlv(rskb,
1894 UNI_BSS_INFO_BCN_CONTENT, sizeof(*bcn));
1895 bcn = (struct bss_bcn_content_tlv *)tlv;
1896 bcn->enable = en;
1897
1898 if (!en)
1899 goto out;
1900
1901 skb = ieee80211_beacon_get_template(hw, vif, &offs);
1902 if (!skb)
1903 return -EINVAL;
1904
1905 if (skb->len > MAX_BEACON_SIZE - MT_TXD_SIZE) {
1906 dev_err(dev->mt76.dev, "Bcn size limit exceed\n");
1907 dev_kfree_skb(skb);
1908 return -EINVAL;
1909 }
1910
1911 info = IEEE80211_SKB_CB(skb);
1912 info->hw_queue |= FIELD_PREP(MT_TX_HW_QUEUE_PHY, phy->mt76->band_idx);
1913
1914 mt7996_mcu_beacon_check_caps(phy, vif, skb);
1915
1916 mt7996_mcu_beacon_cont(dev, vif, rskb, skb, bcn, &offs);
1917 /* TODO: subtag - 11v MBSSID */
1918 mt7996_mcu_beacon_cntdwn(vif, rskb, skb, &offs);
1919 dev_kfree_skb(skb);
1920out:
1921 return mt76_mcu_skb_send_msg(&phy->dev->mt76, rskb,
1922 MCU_WMWA_UNI_CMD(BSS_INFO_UPDATE), true);
1923}
1924
1925int mt7996_mcu_beacon_inband_discov(struct mt7996_dev *dev,
1926 struct ieee80211_vif *vif, u32 changed)
1927{
1928#define OFFLOAD_TX_MODE_SU BIT(0)
1929#define OFFLOAD_TX_MODE_MU BIT(1)
1930 struct ieee80211_hw *hw = mt76_hw(dev);
1931 struct mt7996_phy *phy = mt7996_hw_phy(hw);
1932 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
1933 struct cfg80211_chan_def *chandef = &mvif->phy->mt76->chandef;
1934 enum nl80211_band band = chandef->chan->band;
1935 struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1936 struct bss_inband_discovery_tlv *discov;
1937 struct ieee80211_tx_info *info;
1938 struct sk_buff *rskb, *skb = NULL;
1939 struct tlv *tlv;
1940 u8 *buf, interval;
1941
1942 rskb = __mt7996_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76,
1943 MT7996_INBAND_FRAME_SIZE);
1944 if (IS_ERR(rskb))
1945 return PTR_ERR(rskb);
1946
1947 if (changed & BSS_CHANGED_FILS_DISCOVERY &&
1948 vif->bss_conf.fils_discovery.max_interval) {
1949 interval = vif->bss_conf.fils_discovery.max_interval;
1950 skb = ieee80211_get_fils_discovery_tmpl(hw, vif);
1951 } else if (changed & BSS_CHANGED_UNSOL_BCAST_PROBE_RESP &&
1952 vif->bss_conf.unsol_bcast_probe_resp_interval) {
1953 interval = vif->bss_conf.unsol_bcast_probe_resp_interval;
1954 skb = ieee80211_get_unsol_bcast_probe_resp_tmpl(hw, vif);
1955 }
1956
1957 if (!skb)
1958 return -EINVAL;
1959
1960 if (skb->len > MAX_INBAND_FRAME_SIZE - MT_TXD_SIZE) {
1961 dev_err(dev->mt76.dev, "inband discovery size limit exceed\n");
1962 dev_kfree_skb(skb);
1963 return -EINVAL;
1964 }
1965
1966 info = IEEE80211_SKB_CB(skb);
1967 info->control.vif = vif;
1968 info->band = band;
1969 info->hw_queue |= FIELD_PREP(MT_TX_HW_QUEUE_PHY, phy->mt76->band_idx);
1970
1971 tlv = mt7996_mcu_add_uni_tlv(rskb, UNI_BSS_INFO_OFFLOAD, sizeof(*discov));
1972
1973 discov = (struct bss_inband_discovery_tlv *)tlv;
1974 discov->tx_mode = OFFLOAD_TX_MODE_SU;
1975 /* 0: UNSOL PROBE RESP, 1: FILS DISCOV */
1976 discov->tx_type = !!(changed & BSS_CHANGED_FILS_DISCOVERY);
1977 discov->tx_interval = interval;
1978 discov->prob_rsp_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
1979 discov->enable = true;
1980 discov->wcid = cpu_to_le16(MT7996_WTBL_RESERVED);
1981
1982 buf = (u8 *)tlv + sizeof(*discov) - MAX_INBAND_FRAME_SIZE;
1983
1984 mt7996_mac_write_txwi(dev, (__le32 *)buf, skb, wcid, 0, NULL,
1985 changed);
1986
1987 memcpy(buf + MT_TXD_SIZE, skb->data, skb->len);
1988
1989 dev_kfree_skb(skb);
1990
1991 return mt76_mcu_skb_send_msg(&dev->mt76, rskb,
1992 MCU_WMWA_UNI_CMD(BSS_INFO_UPDATE), true);
1993}
1994
1995static int mt7996_driver_own(struct mt7996_dev *dev, u8 band)
1996{
1997 mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(band), MT_TOP_LPCR_HOST_DRV_OWN);
1998 if (!mt76_poll_msec(dev, MT_TOP_LPCR_HOST_BAND(band),
1999 MT_TOP_LPCR_HOST_FW_OWN_STAT, 0, 500)) {
2000 dev_err(dev->mt76.dev, "Timeout for driver own\n");
2001 return -EIO;
2002 }
2003
2004 /* clear irq when the driver own success */
2005 mt76_wr(dev, MT_TOP_LPCR_HOST_BAND_IRQ_STAT(band),
2006 MT_TOP_LPCR_HOST_BAND_STAT);
2007
2008 return 0;
2009}
2010
2011static u32 mt7996_patch_sec_mode(u32 key_info)
2012{
2013 u32 sec = u32_get_bits(key_info, MT7996_PATCH_SEC), key = 0;
2014
2015 if (key_info == GENMASK(31, 0) || sec == MT7996_SEC_MODE_PLAIN)
2016 return 0;
2017
2018 if (sec == MT7996_SEC_MODE_AES)
2019 key = u32_get_bits(key_info, MT7996_PATCH_AES_KEY);
2020 else
2021 key = u32_get_bits(key_info, MT7996_PATCH_SCRAMBLE_KEY);
2022
2023 return MT7996_SEC_ENCRYPT | MT7996_SEC_IV |
2024 u32_encode_bits(key, MT7996_SEC_KEY_IDX);
2025}
2026
2027static int mt7996_load_patch(struct mt7996_dev *dev)
2028{
2029 const struct mt7996_patch_hdr *hdr;
2030 const struct firmware *fw = NULL;
2031 int i, ret, sem;
2032
2033 sem = mt76_connac_mcu_patch_sem_ctrl(&dev->mt76, 1);
2034 switch (sem) {
2035 case PATCH_IS_DL:
2036 return 0;
2037 case PATCH_NOT_DL_SEM_SUCCESS:
2038 break;
2039 default:
2040 dev_err(dev->mt76.dev, "Failed to get patch semaphore\n");
2041 return -EAGAIN;
2042 }
2043
2044 ret = request_firmware(&fw, MT7996_ROM_PATCH, dev->mt76.dev);
2045 if (ret)
2046 goto out;
2047
2048 if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2049 dev_err(dev->mt76.dev, "Invalid firmware\n");
2050 ret = -EINVAL;
2051 goto out;
2052 }
2053
2054 hdr = (const struct mt7996_patch_hdr *)(fw->data);
2055
2056 dev_info(dev->mt76.dev, "HW/SW Version: 0x%x, Build Time: %.16s\n",
2057 be32_to_cpu(hdr->hw_sw_ver), hdr->build_date);
2058
2059 for (i = 0; i < be32_to_cpu(hdr->desc.n_region); i++) {
2060 struct mt7996_patch_sec *sec;
2061 const u8 *dl;
2062 u32 len, addr, sec_key_idx, mode = DL_MODE_NEED_RSP;
2063
2064 sec = (struct mt7996_patch_sec *)(fw->data + sizeof(*hdr) +
2065 i * sizeof(*sec));
2066 if ((be32_to_cpu(sec->type) & PATCH_SEC_TYPE_MASK) !=
2067 PATCH_SEC_TYPE_INFO) {
2068 ret = -EINVAL;
2069 goto out;
2070 }
2071
2072 addr = be32_to_cpu(sec->info.addr);
2073 len = be32_to_cpu(sec->info.len);
2074 sec_key_idx = be32_to_cpu(sec->info.sec_key_idx);
2075 dl = fw->data + be32_to_cpu(sec->offs);
2076
2077 mode |= mt7996_patch_sec_mode(sec_key_idx);
2078
2079 ret = mt76_connac_mcu_init_download(&dev->mt76, addr, len,
2080 mode);
2081 if (ret) {
2082 dev_err(dev->mt76.dev, "Download request failed\n");
2083 goto out;
2084 }
2085
2086 ret = __mt76_mcu_send_firmware(&dev->mt76, MCU_CMD(FW_SCATTER),
2087 dl, len, 4096);
2088 if (ret) {
2089 dev_err(dev->mt76.dev, "Failed to send patch\n");
2090 goto out;
2091 }
2092 }
2093
2094 ret = mt76_connac_mcu_start_patch(&dev->mt76);
2095 if (ret)
2096 dev_err(dev->mt76.dev, "Failed to start patch\n");
2097
2098out:
2099 sem = mt76_connac_mcu_patch_sem_ctrl(&dev->mt76, 0);
2100 switch (sem) {
2101 case PATCH_REL_SEM_SUCCESS:
2102 break;
2103 default:
2104 ret = -EAGAIN;
2105 dev_err(dev->mt76.dev, "Failed to release patch semaphore\n");
2106 break;
2107 }
2108 release_firmware(fw);
2109
2110 return ret;
2111}
2112
2113static int
2114mt7996_mcu_send_ram_firmware(struct mt7996_dev *dev,
2115 const struct mt7996_fw_trailer *hdr,
2116 const u8 *data, bool is_wa)
2117{
2118 int i, offset = 0;
2119 u32 override = 0, option = 0;
2120
2121 for (i = 0; i < hdr->n_region; i++) {
2122 const struct mt7996_fw_region *region;
2123 int err;
2124 u32 len, addr, mode;
2125
2126 region = (const struct mt7996_fw_region *)((const u8 *)hdr -
2127 (hdr->n_region - i) * sizeof(*region));
2128 mode = mt76_connac_mcu_gen_dl_mode(&dev->mt76,
2129 region->feature_set, is_wa);
2130 len = le32_to_cpu(region->len);
2131 addr = le32_to_cpu(region->addr);
2132
2133 if (region->feature_set & FW_FEATURE_OVERRIDE_ADDR)
2134 override = addr;
2135
2136 err = mt76_connac_mcu_init_download(&dev->mt76, addr, len,
2137 mode);
2138 if (err) {
2139 dev_err(dev->mt76.dev, "Download request failed\n");
2140 return err;
2141 }
2142
2143 err = __mt76_mcu_send_firmware(&dev->mt76, MCU_CMD(FW_SCATTER),
2144 data + offset, len, 4096);
2145 if (err) {
2146 dev_err(dev->mt76.dev, "Failed to send firmware.\n");
2147 return err;
2148 }
2149
2150 offset += len;
2151 }
2152
2153 if (override)
2154 option |= FW_START_OVERRIDE;
2155
2156 if (is_wa)
2157 option |= FW_START_WORKING_PDA_CR4;
2158
2159 return mt76_connac_mcu_start_firmware(&dev->mt76, override, option);
2160}
2161
2162static int mt7996_load_ram(struct mt7996_dev *dev)
2163{
2164 const struct mt7996_fw_trailer *hdr;
2165 const struct firmware *fw;
2166 int ret;
2167
2168 ret = request_firmware(&fw, MT7996_FIRMWARE_WM, dev->mt76.dev);
2169 if (ret)
2170 return ret;
2171
2172 if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2173 dev_err(dev->mt76.dev, "Invalid firmware\n");
2174 ret = -EINVAL;
2175 goto out;
2176 }
2177
2178 hdr = (const struct mt7996_fw_trailer *)(fw->data + fw->size - sizeof(*hdr));
2179
2180 dev_info(dev->mt76.dev, "WM Firmware Version: %.10s, Build Time: %.15s\n",
2181 hdr->fw_ver, hdr->build_date);
2182
2183 ret = mt7996_mcu_send_ram_firmware(dev, hdr, fw->data, false);
2184 if (ret) {
2185 dev_err(dev->mt76.dev, "Failed to start WM firmware\n");
2186 goto out;
2187 }
2188
2189 release_firmware(fw);
2190
2191 ret = request_firmware(&fw, MT7996_FIRMWARE_WA, dev->mt76.dev);
2192 if (ret)
2193 return ret;
2194
2195 if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
2196 dev_err(dev->mt76.dev, "Invalid firmware\n");
2197 ret = -EINVAL;
2198 goto out;
2199 }
2200
2201 hdr = (const struct mt7996_fw_trailer *)(fw->data + fw->size - sizeof(*hdr));
2202
2203 dev_info(dev->mt76.dev, "WA Firmware Version: %.10s, Build Time: %.15s\n",
2204 hdr->fw_ver, hdr->build_date);
2205
2206 ret = mt7996_mcu_send_ram_firmware(dev, hdr, fw->data, true);
2207 if (ret) {
2208 dev_err(dev->mt76.dev, "Failed to start WA firmware\n");
2209 goto out;
2210 }
2211
2212 snprintf(dev->mt76.hw->wiphy->fw_version,
2213 sizeof(dev->mt76.hw->wiphy->fw_version),
2214 "%.10s-%.15s", hdr->fw_ver, hdr->build_date);
2215
2216out:
2217 release_firmware(fw);
2218
2219 return ret;
2220}
2221
2222static int
2223mt7996_firmware_state(struct mt7996_dev *dev, bool wa)
2224{
2225 u32 state = FIELD_PREP(MT_TOP_MISC_FW_STATE,
2226 wa ? FW_STATE_RDY : FW_STATE_FW_DOWNLOAD);
2227
2228 if (!mt76_poll_msec(dev, MT_TOP_MISC, MT_TOP_MISC_FW_STATE,
2229 state, 1000)) {
2230 dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
2231 return -EIO;
2232 }
2233 return 0;
2234}
2235
2236static int mt7996_load_firmware(struct mt7996_dev *dev)
2237{
2238 int ret;
2239
2240 /* make sure fw is download state */
2241 if (mt7996_firmware_state(dev, false)) {
2242 /* restart firmware once */
2243 __mt76_mcu_restart(&dev->mt76);
2244 ret = mt7996_firmware_state(dev, false);
2245 if (ret) {
2246 dev_err(dev->mt76.dev,
2247 "Firmware is not ready for download\n");
2248 return ret;
2249 }
2250 }
2251
2252 ret = mt7996_load_patch(dev);
2253 if (ret)
2254 return ret;
2255
2256 ret = mt7996_load_ram(dev);
2257 if (ret)
2258 return ret;
2259
2260 ret = mt7996_firmware_state(dev, true);
2261 if (ret)
2262 return ret;
2263
2264 mt76_queue_tx_cleanup(dev, dev->mt76.q_mcu[MT_MCUQ_FWDL], false);
2265
2266 dev_dbg(dev->mt76.dev, "Firmware init done\n");
2267
2268 return 0;
2269}
2270
2271int mt7996_mcu_fw_log_2_host(struct mt7996_dev *dev, u8 type, u8 ctrl)
2272{
2273 struct {
2274 u8 _rsv[4];
2275
2276 __le16 tag;
2277 __le16 len;
2278 u8 ctrl;
2279 u8 interval;
2280 u8 _rsv2[2];
2281 } __packed data = {
2282 .tag = cpu_to_le16(UNI_WSYS_CONFIG_FW_LOG_CTRL),
2283 .len = cpu_to_le16(sizeof(data) - 4),
2284 .ctrl = ctrl,
2285 };
2286
2287 if (type == MCU_FW_LOG_WA)
2288 return mt76_mcu_send_msg(&dev->mt76, MCU_WA_UNI_CMD(WSYS_CONFIG),
2289 &data, sizeof(data), true);
2290
2291 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(WSYS_CONFIG), &data,
2292 sizeof(data), true);
2293}
2294
2295int mt7996_mcu_fw_dbg_ctrl(struct mt7996_dev *dev, u32 module, u8 level)
2296{
2297 struct {
2298 u8 _rsv[4];
2299
2300 __le16 tag;
2301 __le16 len;
2302 __le32 module_idx;
2303 u8 level;
2304 u8 _rsv2[3];
2305 } data = {
2306 .tag = cpu_to_le16(UNI_WSYS_CONFIG_FW_DBG_CTRL),
2307 .len = cpu_to_le16(sizeof(data) - 4),
2308 .module_idx = cpu_to_le32(module),
2309 .level = level,
2310 };
2311
2312 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(WSYS_CONFIG), &data,
2313 sizeof(data), false);
2314}
2315
2316static int mt7996_mcu_set_mwds(struct mt7996_dev *dev, bool enabled)
2317{
2318 struct {
2319 u8 enable;
2320 u8 _rsv[3];
2321 } __packed req = {
2322 .enable = enabled
2323 };
2324
2325 return mt76_mcu_send_msg(&dev->mt76, MCU_WA_EXT_CMD(MWDS_SUPPORT), &req,
2326 sizeof(req), false);
2327}
2328
2329static void mt7996_add_rx_airtime_tlv(struct sk_buff *skb, u8 band_idx)
2330{
2331 struct vow_rx_airtime *req;
2332 struct tlv *tlv;
2333
2334 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_VOW_RX_AT_AIRTIME_CLR_EN, sizeof(*req));
2335 req = (struct vow_rx_airtime *)tlv;
2336 req->enable = true;
2337 req->band = band_idx;
2338
2339 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_VOW_RX_AT_AIRTIME_EN, sizeof(*req));
2340 req = (struct vow_rx_airtime *)tlv;
2341 req->enable = true;
2342 req->band = band_idx;
2343}
2344
2345static int
2346mt7996_mcu_init_rx_airtime(struct mt7996_dev *dev)
2347{
2348 struct uni_header hdr = {};
2349 struct sk_buff *skb;
2350 int len, num;
2351
2352 num = 2 + 2 * (dev->dbdc_support + dev->tbtc_support);
2353 len = sizeof(hdr) + num * sizeof(struct vow_rx_airtime);
2354 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
2355 if (!skb)
2356 return -ENOMEM;
2357
2358 skb_put_data(skb, &hdr, sizeof(hdr));
2359
2360 mt7996_add_rx_airtime_tlv(skb, dev->mt76.phy.band_idx);
2361
2362 if (dev->dbdc_support)
2363 mt7996_add_rx_airtime_tlv(skb, MT_BAND1);
2364
2365 if (dev->tbtc_support)
2366 mt7996_add_rx_airtime_tlv(skb, MT_BAND2);
2367
2368 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2369 MCU_WM_UNI_CMD(VOW), true);
2370}
2371
2372int mt7996_mcu_restart(struct mt76_dev *dev)
2373{
2374 struct {
2375 u8 __rsv1[4];
2376
2377 __le16 tag;
2378 __le16 len;
2379 u8 power_mode;
2380 u8 __rsv2[3];
2381 } __packed req = {
2382 .tag = cpu_to_le16(UNI_POWER_OFF),
2383 .len = cpu_to_le16(sizeof(req) - 4),
2384 .power_mode = 1,
2385 };
2386
2387 return mt76_mcu_send_msg(dev, MCU_WM_UNI_CMD(POWER_CREL), &req,
2388 sizeof(req), false);
2389}
2390
2391int mt7996_mcu_init(struct mt7996_dev *dev)
2392{
2393 static const struct mt76_mcu_ops mt7996_mcu_ops = {
2394 .headroom = sizeof(struct mt76_connac2_mcu_txd), /* reuse */
2395 .mcu_skb_send_msg = mt7996_mcu_send_message,
2396 .mcu_parse_response = mt7996_mcu_parse_response,
2397 .mcu_restart = mt7996_mcu_restart,
2398 };
2399 int ret;
2400
2401 dev->mt76.mcu_ops = &mt7996_mcu_ops;
2402
2403 /* force firmware operation mode into normal state,
2404 * which should be set before firmware download stage.
2405 */
2406 mt76_wr(dev, MT_SWDEF_MODE, MT_SWDEF_NORMAL_MODE);
2407
2408 ret = mt7996_driver_own(dev, 0);
2409 if (ret)
2410 return ret;
2411 /* set driver own for band1 when two hif exist */
2412 if (dev->hif2) {
2413 ret = mt7996_driver_own(dev, 1);
2414 if (ret)
2415 return ret;
2416 }
2417
2418 ret = mt7996_load_firmware(dev);
2419 if (ret)
2420 return ret;
2421
2422 set_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state);
2423 ret = mt7996_mcu_fw_log_2_host(dev, MCU_FW_LOG_WM, 0);
2424 if (ret)
2425 return ret;
2426
2427 ret = mt7996_mcu_fw_log_2_host(dev, MCU_FW_LOG_WA, 0);
2428 if (ret)
2429 return ret;
2430
2431 ret = mt7996_mcu_set_mwds(dev, 1);
2432 if (ret)
2433 return ret;
2434
2435 ret = mt7996_mcu_init_rx_airtime(dev);
2436 if (ret)
2437 return ret;
2438
2439 return mt7996_mcu_wa_cmd(dev, MCU_WA_PARAM_CMD(SET),
2440 MCU_WA_PARAM_RED, 0, 0);
2441}
2442
2443void mt7996_mcu_exit(struct mt7996_dev *dev)
2444{
2445 __mt76_mcu_restart(&dev->mt76);
2446 if (mt7996_firmware_state(dev, false)) {
2447 dev_err(dev->mt76.dev, "Failed to exit mcu\n");
2448 return;
2449 }
2450
2451 mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(0), MT_TOP_LPCR_HOST_FW_OWN);
2452 if (dev->hif2)
2453 mt76_wr(dev, MT_TOP_LPCR_HOST_BAND(1),
2454 MT_TOP_LPCR_HOST_FW_OWN);
2455 skb_queue_purge(&dev->mt76.mcu.res_q);
2456}
2457
2458int mt7996_mcu_set_hdr_trans(struct mt7996_dev *dev, bool hdr_trans)
2459{
2460 struct {
2461 u8 __rsv[4];
2462 } __packed hdr;
2463 struct hdr_trans_blacklist *req_blacklist;
2464 struct hdr_trans_en *req_en;
2465 struct sk_buff *skb;
2466 struct tlv *tlv;
2467 int len = MT7996_HDR_TRANS_MAX_SIZE + sizeof(hdr);
2468
2469 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
2470 if (!skb)
2471 return -ENOMEM;
2472
2473 skb_put_data(skb, &hdr, sizeof(hdr));
2474
2475 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_HDR_TRANS_EN, sizeof(*req_en));
2476 req_en = (struct hdr_trans_en *)tlv;
2477 req_en->enable = hdr_trans;
2478
2479 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_HDR_TRANS_VLAN,
2480 sizeof(struct hdr_trans_vlan));
2481
2482 if (hdr_trans) {
2483 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_HDR_TRANS_BLACKLIST,
2484 sizeof(*req_blacklist));
2485 req_blacklist = (struct hdr_trans_blacklist *)tlv;
2486 req_blacklist->enable = 1;
2487 req_blacklist->type = cpu_to_le16(ETH_P_PAE);
2488 }
2489
2490 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2491 MCU_WM_UNI_CMD(RX_HDR_TRANS), true);
2492}
2493
2494int mt7996_mcu_set_tx(struct mt7996_dev *dev, struct ieee80211_vif *vif)
2495{
2496#define MCU_EDCA_AC_PARAM 0
2497#define WMM_AIFS_SET BIT(0)
2498#define WMM_CW_MIN_SET BIT(1)
2499#define WMM_CW_MAX_SET BIT(2)
2500#define WMM_TXOP_SET BIT(3)
2501#define WMM_PARAM_SET (WMM_AIFS_SET | WMM_CW_MIN_SET | \
2502 WMM_CW_MAX_SET | WMM_TXOP_SET)
2503 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
2504 struct {
2505 u8 bss_idx;
2506 u8 __rsv[3];
2507 } __packed hdr = {
2508 .bss_idx = mvif->mt76.idx,
2509 };
2510 struct sk_buff *skb;
2511 int len = sizeof(hdr) + IEEE80211_NUM_ACS * sizeof(struct edca);
2512 int ac;
2513
2514 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
2515 if (!skb)
2516 return -ENOMEM;
2517
2518 skb_put_data(skb, &hdr, sizeof(hdr));
2519
2520 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
2521 struct ieee80211_tx_queue_params *q = &mvif->queue_params[ac];
2522 struct edca *e;
2523 struct tlv *tlv;
2524
2525 tlv = mt7996_mcu_add_uni_tlv(skb, MCU_EDCA_AC_PARAM, sizeof(*e));
2526
2527 e = (struct edca *)tlv;
2528 e->set = WMM_PARAM_SET;
2529 e->queue = ac + mvif->mt76.wmm_idx * MT7996_MAX_WMM_SETS;
2530 e->aifs = q->aifs;
2531 e->txop = cpu_to_le16(q->txop);
2532
2533 if (q->cw_min)
2534 e->cw_min = fls(q->cw_min);
2535 else
2536 e->cw_min = 5;
2537
2538 if (q->cw_max)
2539 e->cw_max = cpu_to_le16(fls(q->cw_max));
2540 else
2541 e->cw_max = cpu_to_le16(10);
2542 }
2543 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
2544 MCU_WM_UNI_CMD(EDCA_UPDATE), true);
2545}
2546
2547int mt7996_mcu_set_fcc5_lpn(struct mt7996_dev *dev, int val)
2548{
2549 struct {
2550 __le32 tag;
2551 __le16 min_lpn;
2552 u8 rsv[2];
2553 } __packed req = {
2554 .tag = cpu_to_le32(0x1),
2555 .min_lpn = cpu_to_le16(val),
2556 };
2557
2558 return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2559 sizeof(req), true);
2560}
2561
2562int mt7996_mcu_set_pulse_th(struct mt7996_dev *dev,
2563 const struct mt7996_dfs_pulse *pulse)
2564{
2565 struct {
2566 __le32 tag;
2567
2568 __le32 max_width; /* us */
2569 __le32 max_pwr; /* dbm */
2570 __le32 min_pwr; /* dbm */
2571 __le32 min_stgr_pri; /* us */
2572 __le32 max_stgr_pri; /* us */
2573 __le32 min_cr_pri; /* us */
2574 __le32 max_cr_pri; /* us */
2575 } __packed req = {
2576 .tag = cpu_to_le32(0x3),
2577
2578#define __req_field(field) .field = cpu_to_le32(pulse->field)
2579 __req_field(max_width),
2580 __req_field(max_pwr),
2581 __req_field(min_pwr),
2582 __req_field(min_stgr_pri),
2583 __req_field(max_stgr_pri),
2584 __req_field(min_cr_pri),
2585 __req_field(max_cr_pri),
2586#undef __req_field
2587 };
2588
2589 return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2590 sizeof(req), true);
2591}
2592
2593int mt7996_mcu_set_radar_th(struct mt7996_dev *dev, int index,
2594 const struct mt7996_dfs_pattern *pattern)
2595{
2596 struct {
2597 __le32 tag;
2598 __le16 radar_type;
2599
2600 u8 enb;
2601 u8 stgr;
2602 u8 min_crpn;
2603 u8 max_crpn;
2604 u8 min_crpr;
2605 u8 min_pw;
2606 __le32 min_pri;
2607 __le32 max_pri;
2608 u8 max_pw;
2609 u8 min_crbn;
2610 u8 max_crbn;
2611 u8 min_stgpn;
2612 u8 max_stgpn;
2613 u8 min_stgpr;
2614 u8 rsv[2];
2615 __le32 min_stgpr_diff;
2616 } __packed req = {
2617 .tag = cpu_to_le32(0x2),
2618 .radar_type = cpu_to_le16(index),
2619
2620#define __req_field_u8(field) .field = pattern->field
2621#define __req_field_u32(field) .field = cpu_to_le32(pattern->field)
2622 __req_field_u8(enb),
2623 __req_field_u8(stgr),
2624 __req_field_u8(min_crpn),
2625 __req_field_u8(max_crpn),
2626 __req_field_u8(min_crpr),
2627 __req_field_u8(min_pw),
2628 __req_field_u32(min_pri),
2629 __req_field_u32(max_pri),
2630 __req_field_u8(max_pw),
2631 __req_field_u8(min_crbn),
2632 __req_field_u8(max_crbn),
2633 __req_field_u8(min_stgpn),
2634 __req_field_u8(max_stgpn),
2635 __req_field_u8(min_stgpr),
2636 __req_field_u32(min_stgpr_diff),
2637#undef __req_field_u8
2638#undef __req_field_u32
2639 };
2640
2641 return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_RDD_TH), &req,
2642 sizeof(req), true);
2643}
2644
2645static int
2646mt7996_mcu_background_chain_ctrl(struct mt7996_phy *phy,
2647 struct cfg80211_chan_def *chandef,
2648 int cmd)
2649{
2650 struct mt7996_dev *dev = phy->dev;
2651 struct mt76_phy *mphy = phy->mt76;
2652 struct ieee80211_channel *chan = mphy->chandef.chan;
2653 int freq = mphy->chandef.center_freq1;
2654 struct mt7996_mcu_background_chain_ctrl req = {
2655 .monitor_scan_type = 2, /* simple rx */
2656 };
2657
2658 if (!chandef && cmd != CH_SWITCH_BACKGROUND_SCAN_STOP)
2659 return -EINVAL;
2660
2661 if (!cfg80211_chandef_valid(&mphy->chandef))
2662 return -EINVAL;
2663
2664 switch (cmd) {
2665 case CH_SWITCH_BACKGROUND_SCAN_START: {
2666 req.chan = chan->hw_value;
2667 req.central_chan = ieee80211_frequency_to_channel(freq);
2668 req.bw = mt76_connac_chan_bw(&mphy->chandef);
2669 req.monitor_chan = chandef->chan->hw_value;
2670 req.monitor_central_chan =
2671 ieee80211_frequency_to_channel(chandef->center_freq1);
2672 req.monitor_bw = mt76_connac_chan_bw(chandef);
2673 req.band_idx = phy->mt76->band_idx;
2674 req.scan_mode = 1;
2675 break;
2676 }
2677 case CH_SWITCH_BACKGROUND_SCAN_RUNNING:
2678 req.monitor_chan = chandef->chan->hw_value;
2679 req.monitor_central_chan =
2680 ieee80211_frequency_to_channel(chandef->center_freq1);
2681 req.band_idx = phy->mt76->band_idx;
2682 req.scan_mode = 2;
2683 break;
2684 case CH_SWITCH_BACKGROUND_SCAN_STOP:
2685 req.chan = chan->hw_value;
2686 req.central_chan = ieee80211_frequency_to_channel(freq);
2687 req.bw = mt76_connac_chan_bw(&mphy->chandef);
2688 req.tx_stream = hweight8(mphy->antenna_mask);
2689 req.rx_stream = mphy->antenna_mask;
2690 break;
2691 default:
2692 return -EINVAL;
2693 }
2694 req.band = chandef ? chandef->chan->band == NL80211_BAND_5GHZ : 1;
2695
2696 return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(OFFCH_SCAN_CTRL),
2697 &req, sizeof(req), false);
2698}
2699
2700int mt7996_mcu_rdd_background_enable(struct mt7996_phy *phy,
2701 struct cfg80211_chan_def *chandef)
2702{
2703 struct mt7996_dev *dev = phy->dev;
2704 int err, region;
2705
2706 if (!chandef) { /* disable offchain */
2707 err = mt7996_mcu_rdd_cmd(dev, RDD_STOP, MT_RX_SEL2,
2708 0, 0);
2709 if (err)
2710 return err;
2711
2712 return mt7996_mcu_background_chain_ctrl(phy, NULL,
2713 CH_SWITCH_BACKGROUND_SCAN_STOP);
2714 }
2715
2716 err = mt7996_mcu_background_chain_ctrl(phy, chandef,
2717 CH_SWITCH_BACKGROUND_SCAN_START);
2718 if (err)
2719 return err;
2720
2721 switch (dev->mt76.region) {
2722 case NL80211_DFS_ETSI:
2723 region = 0;
2724 break;
2725 case NL80211_DFS_JP:
2726 region = 2;
2727 break;
2728 case NL80211_DFS_FCC:
2729 default:
2730 region = 1;
2731 break;
2732 }
2733
2734 return mt7996_mcu_rdd_cmd(dev, RDD_START, MT_RX_SEL2,
2735 0, region);
2736}
2737
2738int mt7996_mcu_set_chan_info(struct mt7996_phy *phy, u16 tag)
2739{
2740 static const u8 ch_band[] = {
2741 [NL80211_BAND_2GHZ] = 0,
2742 [NL80211_BAND_5GHZ] = 1,
2743 [NL80211_BAND_6GHZ] = 2,
2744 };
2745 struct mt7996_dev *dev = phy->dev;
2746 struct cfg80211_chan_def *chandef = &phy->mt76->chandef;
2747 int freq1 = chandef->center_freq1;
2748 u8 band_idx = phy->mt76->band_idx;
2749 struct {
2750 /* fixed field */
2751 u8 __rsv[4];
2752
2753 __le16 tag;
2754 __le16 len;
2755 u8 control_ch;
2756 u8 center_ch;
2757 u8 bw;
2758 u8 tx_path_num;
2759 u8 rx_path; /* mask or num */
2760 u8 switch_reason;
2761 u8 band_idx;
2762 u8 center_ch2; /* for 80+80 only */
2763 __le16 cac_case;
2764 u8 channel_band;
2765 u8 rsv0;
2766 __le32 outband_freq;
2767 u8 txpower_drop;
2768 u8 ap_bw;
2769 u8 ap_center_ch;
2770 u8 rsv1[53];
2771 } __packed req = {
2772 .tag = cpu_to_le16(tag),
2773 .len = cpu_to_le16(sizeof(req) - 4),
2774 .control_ch = chandef->chan->hw_value,
2775 .center_ch = ieee80211_frequency_to_channel(freq1),
2776 .bw = mt76_connac_chan_bw(chandef),
2777 .tx_path_num = hweight16(phy->mt76->chainmask),
2778 .rx_path = phy->mt76->chainmask >> dev->chainshift[band_idx],
2779 .band_idx = band_idx,
2780 .channel_band = ch_band[chandef->chan->band],
2781 };
2782
2783 if (tag == UNI_CHANNEL_RX_PATH ||
2784 dev->mt76.hw->conf.flags & IEEE80211_CONF_MONITOR)
2785 req.switch_reason = CH_SWITCH_NORMAL;
2786 else if (phy->mt76->hw->conf.flags & IEEE80211_CONF_OFFCHANNEL)
2787 req.switch_reason = CH_SWITCH_SCAN_BYPASS_DPD;
2788 else if (!cfg80211_reg_can_beacon(phy->mt76->hw->wiphy, chandef,
2789 NL80211_IFTYPE_AP))
2790 req.switch_reason = CH_SWITCH_DFS;
2791 else
2792 req.switch_reason = CH_SWITCH_NORMAL;
2793
2794 if (tag == UNI_CHANNEL_SWITCH)
2795 req.rx_path = hweight8(req.rx_path);
2796
2797 if (chandef->width == NL80211_CHAN_WIDTH_80P80) {
2798 int freq2 = chandef->center_freq2;
2799
2800 req.center_ch2 = ieee80211_frequency_to_channel(freq2);
2801 }
2802
2803 return mt76_mcu_send_msg(&dev->mt76, MCU_WMWA_UNI_CMD(CHANNEL_SWITCH),
2804 &req, sizeof(req), true);
2805}
2806
2807static int mt7996_mcu_set_eeprom_flash(struct mt7996_dev *dev)
2808{
2809#define MAX_PAGE_IDX_MASK GENMASK(7, 5)
2810#define PAGE_IDX_MASK GENMASK(4, 2)
2811#define PER_PAGE_SIZE 0x400
2812 struct mt7996_mcu_eeprom req = {
2813 .tag = cpu_to_le16(UNI_EFUSE_BUFFER_MODE),
2814 .buffer_mode = EE_MODE_BUFFER
2815 };
2816 u16 eeprom_size = MT7996_EEPROM_SIZE;
2817 u8 total = DIV_ROUND_UP(eeprom_size, PER_PAGE_SIZE);
2818 u8 *eep = (u8 *)dev->mt76.eeprom.data;
2819 int eep_len, i;
2820
2821 for (i = 0; i < total; i++, eep += eep_len) {
2822 struct sk_buff *skb;
2823 int ret, msg_len;
2824
2825 if (i == total - 1 && !!(eeprom_size % PER_PAGE_SIZE))
2826 eep_len = eeprom_size % PER_PAGE_SIZE;
2827 else
2828 eep_len = PER_PAGE_SIZE;
2829
2830 msg_len = sizeof(req) + eep_len;
2831 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, msg_len);
2832 if (!skb)
2833 return -ENOMEM;
2834
2835 req.len = cpu_to_le16(msg_len - 4);
2836 req.format = FIELD_PREP(MAX_PAGE_IDX_MASK, total - 1) |
2837 FIELD_PREP(PAGE_IDX_MASK, i) | EE_FORMAT_WHOLE;
2838 req.buf_len = cpu_to_le16(eep_len);
2839
2840 skb_put_data(skb, &req, sizeof(req));
2841 skb_put_data(skb, eep, eep_len);
2842
2843 ret = mt76_mcu_skb_send_msg(&dev->mt76, skb,
2844 MCU_WM_UNI_CMD(EFUSE_CTRL), true);
2845 if (ret)
2846 return ret;
2847 }
2848
2849 return 0;
2850}
2851
2852int mt7996_mcu_set_eeprom(struct mt7996_dev *dev)
2853{
2854 struct mt7996_mcu_eeprom req = {
2855 .tag = cpu_to_le16(UNI_EFUSE_BUFFER_MODE),
2856 .len = cpu_to_le16(sizeof(req) - 4),
2857 .buffer_mode = EE_MODE_EFUSE,
2858 .format = EE_FORMAT_WHOLE
2859 };
2860
2861 if (dev->flash_mode)
2862 return mt7996_mcu_set_eeprom_flash(dev);
2863
2864 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(EFUSE_CTRL),
2865 &req, sizeof(req), true);
2866}
2867
2868int mt7996_mcu_get_eeprom(struct mt7996_dev *dev, u32 offset)
2869{
2870 struct {
2871 u8 _rsv[4];
2872
2873 __le16 tag;
2874 __le16 len;
2875 __le32 addr;
2876 __le32 valid;
2877 u8 data[16];
2878 } __packed req = {
2879 .tag = cpu_to_le16(UNI_EFUSE_ACCESS),
2880 .len = cpu_to_le16(sizeof(req) - 4),
2881 .addr = cpu_to_le32(round_down(offset,
2882 MT7996_EEPROM_BLOCK_SIZE)),
2883 };
2884 struct sk_buff *skb;
2885 bool valid;
2886 int ret;
2887
2888 ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_WM_UNI_CMD_QUERY(EFUSE_CTRL), &req,
2889 sizeof(req), true, &skb);
2890 if (ret)
2891 return ret;
2892
2893 valid = le32_to_cpu(*(__le32 *)(skb->data + 16));
2894 if (valid) {
2895 u32 addr = le32_to_cpu(*(__le32 *)(skb->data + 12));
2896 u8 *buf = (u8 *)dev->mt76.eeprom.data + addr;
2897
2898 skb_pull(skb, 64);
2899 memcpy(buf, skb->data, MT7996_EEPROM_BLOCK_SIZE);
2900 }
2901
2902 dev_kfree_skb(skb);
2903
2904 return 0;
2905}
2906
2907int mt7996_mcu_get_eeprom_free_block(struct mt7996_dev *dev, u8 *block_num)
2908{
2909 struct {
2910 u8 _rsv[4];
2911
2912 __le16 tag;
2913 __le16 len;
2914 u8 num;
2915 u8 version;
2916 u8 die_idx;
2917 u8 _rsv2;
2918 } __packed req = {
2919 .tag = cpu_to_le16(UNI_EFUSE_FREE_BLOCK),
2920 .len = cpu_to_le16(sizeof(req) - 4),
2921 .version = 2,
2922 };
2923 struct sk_buff *skb;
2924 int ret;
2925
2926 ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_WM_UNI_CMD_QUERY(EFUSE_CTRL), &req,
2927 sizeof(req), true, &skb);
2928 if (ret)
2929 return ret;
2930
2931 *block_num = *(u8 *)(skb->data + 8);
2932 dev_kfree_skb(skb);
2933
2934 return 0;
2935}
2936
2937int mt7996_mcu_get_chan_mib_info(struct mt7996_phy *phy, bool chan_switch)
2938{
2939 struct {
2940 struct {
2941 u8 band;
2942 u8 __rsv[3];
2943 } hdr;
2944 struct {
2945 __le16 tag;
2946 __le16 len;
2947 __le32 offs;
2948 } data[4];
2949 } __packed req = {
2950 .hdr.band = phy->mt76->band_idx,
2951 };
2952 /* strict order */
2953 static const u32 offs[] = {
2954 UNI_MIB_TX_TIME,
2955 UNI_MIB_RX_TIME,
2956 UNI_MIB_OBSS_AIRTIME,
2957 UNI_MIB_NON_WIFI_TIME,
2958 };
2959 struct mt76_channel_state *state = phy->mt76->chan_state;
2960 struct mt76_channel_state *state_ts = &phy->state_ts;
2961 struct mt7996_dev *dev = phy->dev;
2962 struct mt7996_mcu_mib *res;
2963 struct sk_buff *skb;
2964 int i, ret;
2965
2966 for (i = 0; i < 4; i++) {
2967 req.data[i].tag = cpu_to_le16(UNI_CMD_MIB_DATA);
2968 req.data[i].len = cpu_to_le16(sizeof(req.data[i]));
2969 req.data[i].offs = cpu_to_le32(offs[i]);
2970 }
2971
2972 ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_WM_UNI_CMD_QUERY(GET_MIB_INFO),
2973 &req, sizeof(req), true, &skb);
2974 if (ret)
2975 return ret;
2976
2977 skb_pull(skb, sizeof(req.hdr));
2978
2979 res = (struct mt7996_mcu_mib *)(skb->data);
2980
2981 if (chan_switch)
2982 goto out;
2983
2984#define __res_u64(s) le64_to_cpu(res[s].data)
2985 state->cc_tx += __res_u64(1) - state_ts->cc_tx;
2986 state->cc_bss_rx += __res_u64(2) - state_ts->cc_bss_rx;
2987 state->cc_rx += __res_u64(2) + __res_u64(3) - state_ts->cc_rx;
2988 state->cc_busy += __res_u64(0) + __res_u64(1) + __res_u64(2) + __res_u64(3) -
2989 state_ts->cc_busy;
2990
2991out:
2992 state_ts->cc_tx = __res_u64(1);
2993 state_ts->cc_bss_rx = __res_u64(2);
2994 state_ts->cc_rx = __res_u64(2) + __res_u64(3);
2995 state_ts->cc_busy = __res_u64(0) + __res_u64(1) + __res_u64(2) + __res_u64(3);
2996#undef __res_u64
2997
2998 dev_kfree_skb(skb);
2999
3000 return 0;
3001}
3002
3003int mt7996_mcu_set_ser(struct mt7996_dev *dev, u8 action, u8 set, u8 band)
3004{
3005 struct {
3006 u8 action;
3007 u8 set;
3008 u8 band;
3009 u8 rsv;
3010 } req = {
3011 .action = action,
3012 .set = set,
3013 .band = band,
3014 };
3015
3016 return mt76_mcu_send_msg(&dev->mt76, MCU_EXT_CMD(SET_SER_TRIGGER),
3017 &req, sizeof(req), false);
3018}
3019
3020int mt7996_mcu_set_txbf(struct mt7996_dev *dev, u8 action)
3021{
3022#define MT7996_BF_MAX_SIZE sizeof(union bf_tag_tlv)
3023#define BF_PROCESSING 4
3024 struct uni_header hdr;
3025 struct sk_buff *skb;
3026 struct tlv *tlv;
3027 int len = sizeof(hdr) + MT7996_BF_MAX_SIZE;
3028
3029 memset(&hdr, 0, sizeof(hdr));
3030
3031 skb = mt76_mcu_msg_alloc(&dev->mt76, NULL, len);
3032 if (!skb)
3033 return -ENOMEM;
3034
3035 skb_put_data(skb, &hdr, sizeof(hdr));
3036
3037 switch (action) {
3038 case BF_SOUNDING_ON: {
3039 struct bf_sounding_on *req_snd_on;
3040
3041 tlv = mt7996_mcu_add_uni_tlv(skb, action, sizeof(*req_snd_on));
3042 req_snd_on = (struct bf_sounding_on *)tlv;
3043 req_snd_on->snd_mode = BF_PROCESSING;
3044 break;
3045 }
3046 case BF_HW_EN_UPDATE: {
3047 struct bf_hw_en_status_update *req_hw_en;
3048
3049 tlv = mt7996_mcu_add_uni_tlv(skb, action, sizeof(*req_hw_en));
3050 req_hw_en = (struct bf_hw_en_status_update *)tlv;
3051 req_hw_en->ebf = true;
3052 req_hw_en->ibf = dev->ibf;
3053 break;
3054 }
3055 case BF_MOD_EN_CTRL: {
3056 struct bf_mod_en_ctrl *req_mod_en;
3057
3058 tlv = mt7996_mcu_add_uni_tlv(skb, action, sizeof(*req_mod_en));
3059 req_mod_en = (struct bf_mod_en_ctrl *)tlv;
3060 req_mod_en->bf_num = 2;
3061 req_mod_en->bf_bitmap = GENMASK(0, 0);
3062 break;
3063 }
3064 default:
3065 return -EINVAL;
3066 }
3067
3068 return mt76_mcu_skb_send_msg(&dev->mt76, skb, MCU_WM_UNI_CMD(BF), true);
3069}
3070
3071int mt7996_mcu_add_obss_spr(struct mt7996_dev *dev, struct ieee80211_vif *vif,
3072 bool enable)
3073{
3074#define MT_SPR_ENABLE 1
3075 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
3076 struct {
3077 u8 dbdc_idx;
3078 u8 __rsv[3];
3079
3080 __le16 tag;
3081 __le16 len;
3082 __le32 val;
3083 } __packed req = {
3084 .dbdc_idx = mvif->mt76.band_idx,
3085 .tag = cpu_to_le16(UNI_CMD_SR_ENABLE),
3086 .len = cpu_to_le16(sizeof(req) - 4),
3087 .val = cpu_to_le32(enable),
3088 };
3089
3090 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(SR),
3091 &req, sizeof(req), true);
3092}
3093
3094int mt7996_mcu_get_rx_rate(struct mt7996_phy *phy, struct ieee80211_vif *vif,
3095 struct ieee80211_sta *sta, struct rate_info *rate)
3096{
3097 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
3098 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv;
3099 struct mt7996_dev *dev = phy->dev;
3100 struct mt76_phy *mphy = phy->mt76;
3101 struct {
3102 u8 category;
3103 u8 band;
3104 __le16 wcid;
3105 } __packed req = {
3106 .category = MCU_PHY_STATE_CONTENTION_RX_RATE,
3107 .band = mvif->mt76.band_idx,
3108 .wcid = cpu_to_le16(msta->wcid.idx),
3109 };
3110 struct ieee80211_supported_band *sband;
3111 struct mt7996_mcu_phy_rx_info *res;
3112 struct sk_buff *skb;
3113 int ret;
3114 bool cck = false;
3115
3116 ret = mt76_mcu_send_and_get_msg(&dev->mt76, MCU_EXT_CMD(PHY_STAT_INFO),
3117 &req, sizeof(req), true, &skb);
3118 if (ret)
3119 return ret;
3120
3121 res = (struct mt7996_mcu_phy_rx_info *)skb->data;
3122
3123 rate->mcs = res->rate;
3124 rate->nss = res->nsts + 1;
3125
3126 switch (res->mode) {
3127 case MT_PHY_TYPE_CCK:
3128 cck = true;
3129 fallthrough;
3130 case MT_PHY_TYPE_OFDM:
3131 if (mphy->chandef.chan->band == NL80211_BAND_5GHZ)
3132 sband = &mphy->sband_5g.sband;
3133 else if (mphy->chandef.chan->band == NL80211_BAND_6GHZ)
3134 sband = &mphy->sband_6g.sband;
3135 else
3136 sband = &mphy->sband_2g.sband;
3137
3138 rate->mcs = mt76_get_rate(&dev->mt76, sband, rate->mcs, cck);
3139 rate->legacy = sband->bitrates[rate->mcs].bitrate;
3140 break;
3141 case MT_PHY_TYPE_HT:
3142 case MT_PHY_TYPE_HT_GF:
3143 if (rate->mcs > 31) {
3144 ret = -EINVAL;
3145 goto out;
3146 }
3147
3148 rate->flags = RATE_INFO_FLAGS_MCS;
3149 if (res->gi)
3150 rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
3151 break;
3152 case MT_PHY_TYPE_VHT:
3153 if (rate->mcs > 9) {
3154 ret = -EINVAL;
3155 goto out;
3156 }
3157
3158 rate->flags = RATE_INFO_FLAGS_VHT_MCS;
3159 if (res->gi)
3160 rate->flags |= RATE_INFO_FLAGS_SHORT_GI;
3161 break;
3162 case MT_PHY_TYPE_HE_SU:
3163 case MT_PHY_TYPE_HE_EXT_SU:
3164 case MT_PHY_TYPE_HE_TB:
3165 case MT_PHY_TYPE_HE_MU:
3166 if (res->gi > NL80211_RATE_INFO_HE_GI_3_2 || rate->mcs > 11) {
3167 ret = -EINVAL;
3168 goto out;
3169 }
3170 rate->he_gi = res->gi;
3171 rate->flags = RATE_INFO_FLAGS_HE_MCS;
3172 break;
3173 default:
3174 ret = -EINVAL;
3175 goto out;
3176 }
3177
3178 switch (res->bw) {
3179 case IEEE80211_STA_RX_BW_160:
3180 rate->bw = RATE_INFO_BW_160;
3181 break;
3182 case IEEE80211_STA_RX_BW_80:
3183 rate->bw = RATE_INFO_BW_80;
3184 break;
3185 case IEEE80211_STA_RX_BW_40:
3186 rate->bw = RATE_INFO_BW_40;
3187 break;
3188 default:
3189 rate->bw = RATE_INFO_BW_20;
3190 break;
3191 }
3192
3193out:
3194 dev_kfree_skb(skb);
3195
3196 return ret;
3197}
3198
3199int mt7996_mcu_update_bss_color(struct mt7996_dev *dev, struct ieee80211_vif *vif,
3200 struct cfg80211_he_bss_color *he_bss_color)
3201{
3202 int len = sizeof(struct bss_req_hdr) + sizeof(struct bss_color_tlv);
3203 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
3204 struct bss_color_tlv *bss_color;
3205 struct sk_buff *skb;
3206 struct tlv *tlv;
3207
3208 skb = __mt7996_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76, len);
3209 if (IS_ERR(skb))
3210 return PTR_ERR(skb);
3211
3212 tlv = mt76_connac_mcu_add_tlv(skb, UNI_BSS_INFO_BSS_COLOR,
3213 sizeof(*bss_color));
3214 bss_color = (struct bss_color_tlv *)tlv;
3215 bss_color->enable = he_bss_color->enabled;
3216 bss_color->color = he_bss_color->color;
3217
3218 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
3219 MCU_WMWA_UNI_CMD(BSS_INFO_UPDATE), true);
3220}
3221
3222#define TWT_AGRT_TRIGGER BIT(0)
3223#define TWT_AGRT_ANNOUNCE BIT(1)
3224#define TWT_AGRT_PROTECT BIT(2)
3225
3226int mt7996_mcu_twt_agrt_update(struct mt7996_dev *dev,
3227 struct mt7996_vif *mvif,
3228 struct mt7996_twt_flow *flow,
3229 int cmd)
3230{
3231 struct {
3232 u8 _rsv[4];
3233
3234 __le16 tag;
3235 __le16 len;
3236 u8 tbl_idx;
3237 u8 cmd;
3238 u8 own_mac_idx;
3239 u8 flowid; /* 0xff for group id */
3240 __le16 peer_id; /* specify the peer_id (msb=0)
3241 * or group_id (msb=1)
3242 */
3243 u8 duration; /* 256 us */
3244 u8 bss_idx;
3245 __le64 start_tsf;
3246 __le16 mantissa;
3247 u8 exponent;
3248 u8 is_ap;
3249 u8 agrt_params;
3250 u8 __rsv2[135];
3251 } __packed req = {
3252 .tag = cpu_to_le16(UNI_CMD_TWT_ARGT_UPDATE),
3253 .len = cpu_to_le16(sizeof(req) - 4),
3254 .tbl_idx = flow->table_id,
3255 .cmd = cmd,
3256 .own_mac_idx = mvif->mt76.omac_idx,
3257 .flowid = flow->id,
3258 .peer_id = cpu_to_le16(flow->wcid),
3259 .duration = flow->duration,
3260 .bss_idx = mvif->mt76.idx,
3261 .start_tsf = cpu_to_le64(flow->tsf),
3262 .mantissa = flow->mantissa,
3263 .exponent = flow->exp,
3264 .is_ap = true,
3265 };
3266
3267 if (flow->protection)
3268 req.agrt_params |= TWT_AGRT_PROTECT;
3269 if (!flow->flowtype)
3270 req.agrt_params |= TWT_AGRT_ANNOUNCE;
3271 if (flow->trigger)
3272 req.agrt_params |= TWT_AGRT_TRIGGER;
3273
3274 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(TWT),
3275 &req, sizeof(req), true);
3276}
3277
3278
3279void mt7996_mcu_set_pm(void *priv, u8 *mac, struct ieee80211_vif *vif)
3280{
3281#define EXIT_PM_STATE 0
3282#define ENTER_PM_STATE 1
3283 struct ieee80211_hw *hw = priv;
3284 struct mt7996_dev *dev = mt7996_hw_dev(hw);
3285 struct mt7996_phy *phy = mt7996_hw_phy(hw);
3286 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
3287 struct bss_power_save *ps;
3288 struct sk_buff *skb;
3289 struct tlv *tlv;
3290 bool running = test_bit(MT76_STATE_RUNNING, &phy->mt76->state);
3291
3292 skb = __mt7996_mcu_alloc_bss_req(&dev->mt76, &mvif->mt76,
3293 MT7996_BSS_UPDATE_MAX_SIZE);
3294 if (IS_ERR(skb))
3295 return;
3296
3297 tlv = mt7996_mcu_add_uni_tlv(skb, UNI_BSS_INFO_PS, sizeof(*ps));
3298 ps = (struct bss_power_save *)tlv;
3299 ps->profile = running ? EXIT_PM_STATE : ENTER_PM_STATE;
3300
3301 mt76_mcu_skb_send_msg(&dev->mt76, skb,
3302 MCU_WMWA_UNI_CMD(BSS_INFO_UPDATE), true);
3303}
3304
3305int mt7996_mcu_set_rts_thresh(struct mt7996_phy *phy, u32 val)
3306{
3307 struct {
3308 u8 band_idx;
3309 u8 _rsv[3];
3310
3311 __le16 tag;
3312 __le16 len;
3313 __le32 len_thresh;
3314 __le32 pkt_thresh;
3315 } __packed req = {
3316 .band_idx = phy->mt76->band_idx,
3317 .tag = cpu_to_le16(UNI_BAND_CONFIG_RTS_THRESHOLD),
3318 .len = cpu_to_le16(sizeof(req) - 4),
3319 .len_thresh = cpu_to_le32(val),
3320 .pkt_thresh = cpu_to_le32(0x2),
3321 };
3322
3323 return mt76_mcu_send_msg(&phy->dev->mt76, MCU_WM_UNI_CMD(BAND_CONFIG),
3324 &req, sizeof(req), true);
3325}
3326
3327int mt7996_mcu_set_radio_en(struct mt7996_phy *phy, bool enable)
3328{
3329 struct {
3330 u8 band_idx;
3331 u8 _rsv[3];
3332
3333 __le16 tag;
3334 __le16 len;
3335 u8 enable;
3336 u8 _rsv2[3];
3337 } __packed req = {
3338 .band_idx = phy->mt76->band_idx,
3339 .tag = cpu_to_le16(UNI_BAND_CONFIG_RADIO_ENABLE),
3340 .len = cpu_to_le16(sizeof(req) - 4),
3341 .enable = enable,
3342 };
3343
3344 return mt76_mcu_send_msg(&phy->dev->mt76, MCU_WM_UNI_CMD(BAND_CONFIG),
3345 &req, sizeof(req), true);
3346}
3347
3348int mt7996_mcu_rdd_cmd(struct mt7996_dev *dev, int cmd, u8 index,
3349 u8 rx_sel, u8 val)
3350{
3351 struct {
3352 u8 _rsv[4];
3353
3354 __le16 tag;
3355 __le16 len;
3356
3357 u8 ctrl;
3358 u8 rdd_idx;
3359 u8 rdd_rx_sel;
3360 u8 val;
3361 u8 rsv[4];
3362 } __packed req = {
3363 .tag = cpu_to_le16(UNI_RDD_CTRL_PARM),
3364 .len = cpu_to_le16(sizeof(req) - 4),
3365 .ctrl = cmd,
3366 .rdd_idx = index,
3367 .rdd_rx_sel = rx_sel,
3368 .val = val,
3369 };
3370
3371 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(RDD_CTRL),
3372 &req, sizeof(req), true);
3373}
3374
3375int mt7996_mcu_wtbl_update_hdr_trans(struct mt7996_dev *dev,
3376 struct ieee80211_vif *vif, struct ieee80211_sta *sta)
3377{
3378 struct mt7996_vif *mvif = (struct mt7996_vif *)vif->drv_priv;
3379 struct mt7996_sta *msta;
3380 struct sk_buff *skb;
3381
3382 msta = sta ? (struct mt7996_sta *)sta->drv_priv : &mvif->sta;
3383
3384 skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &mvif->mt76,
3385 &msta->wcid,
3386 MT7996_STA_UPDATE_MAX_SIZE);
3387 if (IS_ERR(skb))
3388 return PTR_ERR(skb);
3389
3390 /* starec hdr trans */
3391 mt7996_mcu_sta_hdr_trans_tlv(dev, skb, vif, sta);
3392 return mt76_mcu_skb_send_msg(&dev->mt76, skb,
3393 MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true);
3394}
3395
3396int mt7996_mcu_rf_regval(struct mt7996_dev *dev, u32 regidx, u32 *val, bool set)
3397{
3398 struct {
3399 u8 __rsv1[4];
3400
3401 __le16 tag;
3402 __le16 len;
3403 __le16 idx;
3404 u8 __rsv2[2];
3405 __le32 ofs;
3406 __le32 data;
3407 } __packed *res, req = {
3408 .tag = cpu_to_le16(UNI_CMD_ACCESS_RF_REG_BASIC),
3409 .len = cpu_to_le16(sizeof(req) - 4),
3410
3411 .idx = cpu_to_le16(u32_get_bits(regidx, GENMASK(31, 24))),
3412 .ofs = cpu_to_le32(u32_get_bits(regidx, GENMASK(23, 0))),
3413 .data = set ? cpu_to_le32(*val) : 0,
3414 };
3415 struct sk_buff *skb;
3416 int ret;
3417
3418 if (set)
3419 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(REG_ACCESS),
3420 &req, sizeof(req), true);
3421
3422 ret = mt76_mcu_send_and_get_msg(&dev->mt76,
3423 MCU_WM_UNI_CMD_QUERY(REG_ACCESS),
3424 &req, sizeof(req), true, &skb);
3425 if (ret)
3426 return ret;
3427
3428 res = (void *)skb->data;
3429 *val = le32_to_cpu(res->data);
3430 dev_kfree_skb(skb);
3431
3432 return 0;
3433}
3434
3435int mt7996_mcu_set_rro(struct mt7996_dev *dev, u16 tag, u8 val)
3436{
3437 struct {
3438 u8 __rsv1[4];
3439
3440 __le16 tag;
3441 __le16 len;
3442
3443 union {
3444 struct {
3445 u8 type;
3446 u8 __rsv2[3];
3447 } __packed platform_type;
3448 struct {
3449 u8 type;
3450 u8 dest;
3451 u8 __rsv2[2];
3452 } __packed bypass_mode;
3453 struct {
3454 u8 path;
3455 u8 __rsv2[3];
3456 } __packed txfree_path;
3457 };
3458 } __packed req = {
3459 .tag = cpu_to_le16(tag),
3460 .len = cpu_to_le16(sizeof(req) - 4),
3461 };
3462
3463 switch (tag) {
3464 case UNI_RRO_SET_PLATFORM_TYPE:
3465 req.platform_type.type = val;
3466 break;
3467 case UNI_RRO_SET_BYPASS_MODE:
3468 req.bypass_mode.type = val;
3469 break;
3470 case UNI_RRO_SET_TXFREE_PATH:
3471 req.txfree_path.path = val;
3472 break;
3473 default:
3474 return -EINVAL;
3475 }
3476
3477 return mt76_mcu_send_msg(&dev->mt76, MCU_WM_UNI_CMD(RRO), &req,
3478 sizeof(req), true);
3479}