1
2
3
4
5
6
7
8#include <linux/firmware.h>
9#include "mt7615.h"
10#include "mcu.h"
11#include "mac.h"
12#include "eeprom.h"
13
14struct mt7615_patch_hdr {
15 char build_date[16];
16 char platform[4];
17 __be32 hw_sw_ver;
18 __be32 patch_ver;
19 __be16 checksum;
20} __packed;
21
22struct mt7615_fw_trailer {
23 __le32 addr;
24 u8 chip_id;
25 u8 feature_set;
26 u8 eco_code;
27 char fw_ver[10];
28 char build_date[15];
29 __le32 len;
30} __packed;
31
32#define MCU_PATCH_ADDRESS 0x80000
33
34#define N9_REGION_NUM 2
35#define CR4_REGION_NUM 1
36
37#define IMG_CRC_LEN 4
38
39#define FW_FEATURE_SET_ENCRYPT BIT(0)
40#define FW_FEATURE_SET_KEY_IDX GENMASK(2, 1)
41
42#define DL_MODE_ENCRYPT BIT(0)
43#define DL_MODE_KEY_IDX GENMASK(2, 1)
44#define DL_MODE_RESET_SEC_IV BIT(3)
45#define DL_MODE_WORKING_PDA_CR4 BIT(4)
46#define DL_MODE_NEED_RSP BIT(31)
47
48#define FW_START_OVERRIDE BIT(0)
49#define FW_START_WORKING_PDA_CR4 BIT(2)
50
51static int __mt7615_mcu_msg_send(struct mt7615_dev *dev, struct sk_buff *skb,
52 int cmd, int query, int dest, int *wait_seq)
53{
54 struct mt7615_mcu_txd *mcu_txd;
55 u8 seq, q_idx, pkt_fmt;
56 enum mt76_txq_id qid;
57 u32 val;
58 __le32 *txd;
59
60 if (!skb)
61 return -EINVAL;
62
63 seq = ++dev->mt76.mmio.mcu.msg_seq & 0xf;
64 if (!seq)
65 seq = ++dev->mt76.mmio.mcu.msg_seq & 0xf;
66
67 mcu_txd = (struct mt7615_mcu_txd *)skb_push(skb,
68 sizeof(struct mt7615_mcu_txd));
69 memset(mcu_txd, 0, sizeof(struct mt7615_mcu_txd));
70
71 if (cmd != -MCU_CMD_FW_SCATTER) {
72 q_idx = MT_TX_MCU_PORT_RX_Q0;
73 pkt_fmt = MT_TX_TYPE_CMD;
74 } else {
75 q_idx = MT_TX_MCU_PORT_RX_FWDL;
76 pkt_fmt = MT_TX_TYPE_FW;
77 }
78
79 txd = mcu_txd->txd;
80
81 val = FIELD_PREP(MT_TXD0_TX_BYTES, cpu_to_le16(skb->len)) |
82 FIELD_PREP(MT_TXD0_P_IDX, MT_TX_PORT_IDX_MCU) |
83 FIELD_PREP(MT_TXD0_Q_IDX, q_idx);
84 txd[0] = cpu_to_le32(val);
85
86 val = MT_TXD1_LONG_FORMAT |
87 FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_CMD) |
88 FIELD_PREP(MT_TXD1_PKT_FMT, pkt_fmt);
89 txd[1] = cpu_to_le32(val);
90
91 mcu_txd->len = cpu_to_le16(skb->len - sizeof(mcu_txd->txd));
92 mcu_txd->pq_id = cpu_to_le16(MCU_PQ_ID(MT_TX_PORT_IDX_MCU, q_idx));
93 mcu_txd->pkt_type = MCU_PKT_ID;
94 mcu_txd->seq = seq;
95
96 if (cmd < 0) {
97 mcu_txd->cid = -cmd;
98 } else {
99 mcu_txd->cid = MCU_CMD_EXT_CID;
100 mcu_txd->ext_cid = cmd;
101 if (query != MCU_Q_NA)
102 mcu_txd->ext_cid_ack = 1;
103 }
104
105 mcu_txd->set_query = query;
106 mcu_txd->s2d_index = dest;
107
108 if (wait_seq)
109 *wait_seq = seq;
110
111 if (test_bit(MT76_STATE_MCU_RUNNING, &dev->mt76.state))
112 qid = MT_TXQ_MCU;
113 else
114 qid = MT_TXQ_FWDL;
115
116 return mt76_tx_queue_skb_raw(dev, qid, skb, 0);
117}
118
119static int mt7615_mcu_msg_send(struct mt7615_dev *dev, struct sk_buff *skb,
120 int cmd, int query, int dest,
121 struct sk_buff **skb_ret)
122{
123 unsigned long expires = jiffies + 10 * HZ;
124 struct mt7615_mcu_rxd *rxd;
125 int ret, seq;
126
127 mutex_lock(&dev->mt76.mmio.mcu.mutex);
128
129 ret = __mt7615_mcu_msg_send(dev, skb, cmd, query, dest, &seq);
130 if (ret)
131 goto out;
132
133 while (1) {
134 skb = mt76_mcu_get_response(&dev->mt76, expires);
135 if (!skb) {
136 dev_err(dev->mt76.dev, "Message %d (seq %d) timeout\n",
137 cmd, seq);
138 ret = -ETIMEDOUT;
139 break;
140 }
141
142 rxd = (struct mt7615_mcu_rxd *)skb->data;
143 if (seq != rxd->seq)
144 continue;
145
146 if (skb_ret) {
147 int hdr_len = sizeof(*rxd);
148
149 if (!test_bit(MT76_STATE_MCU_RUNNING,
150 &dev->mt76.state))
151 hdr_len -= 4;
152 skb_pull(skb, hdr_len);
153 *skb_ret = skb;
154 } else {
155 dev_kfree_skb(skb);
156 }
157
158 break;
159 }
160
161out:
162 mutex_unlock(&dev->mt76.mmio.mcu.mutex);
163
164 return ret;
165}
166
167static int mt7615_mcu_init_download(struct mt7615_dev *dev, u32 addr,
168 u32 len, u32 mode)
169{
170 struct {
171 __le32 addr;
172 __le32 len;
173 __le32 mode;
174 } req = {
175 .addr = cpu_to_le32(addr),
176 .len = cpu_to_le32(len),
177 .mode = cpu_to_le32(mode),
178 };
179 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
180
181 return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_TARGET_ADDRESS_LEN_REQ,
182 MCU_Q_NA, MCU_S2D_H2N, NULL);
183}
184
185static int mt7615_mcu_send_firmware(struct mt7615_dev *dev, const void *data,
186 int len)
187{
188 struct sk_buff *skb;
189 int ret = 0;
190
191 while (len > 0) {
192 int cur_len = min_t(int, 4096 - sizeof(struct mt7615_mcu_txd),
193 len);
194
195 skb = mt7615_mcu_msg_alloc(data, cur_len);
196 if (!skb)
197 return -ENOMEM;
198
199 ret = __mt7615_mcu_msg_send(dev, skb, -MCU_CMD_FW_SCATTER,
200 MCU_Q_NA, MCU_S2D_H2N, NULL);
201 if (ret)
202 break;
203
204 data += cur_len;
205 len -= cur_len;
206 }
207
208 return ret;
209}
210
211static int mt7615_mcu_start_firmware(struct mt7615_dev *dev, u32 addr,
212 u32 option)
213{
214 struct {
215 __le32 option;
216 __le32 addr;
217 } req = {
218 .option = cpu_to_le32(option),
219 .addr = cpu_to_le32(addr),
220 };
221 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
222
223 return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_FW_START_REQ,
224 MCU_Q_NA, MCU_S2D_H2N, NULL);
225}
226
227static int mt7615_mcu_restart(struct mt7615_dev *dev)
228{
229 struct sk_buff *skb = mt7615_mcu_msg_alloc(NULL, 0);
230
231 return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_RESTART_DL_REQ,
232 MCU_Q_NA, MCU_S2D_H2N, NULL);
233}
234
235static int mt7615_mcu_patch_sem_ctrl(struct mt7615_dev *dev, bool get)
236{
237 struct {
238 __le32 operation;
239 } req = {
240 .operation = cpu_to_le32(get ? PATCH_SEM_GET :
241 PATCH_SEM_RELEASE),
242 };
243 struct event {
244 u8 status;
245 u8 reserved[3];
246 } *resp;
247 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
248 struct sk_buff *skb_ret;
249 int ret;
250
251 ret = mt7615_mcu_msg_send(dev, skb, -MCU_CMD_PATCH_SEM_CONTROL,
252 MCU_Q_NA, MCU_S2D_H2N, &skb_ret);
253 if (ret)
254 goto out;
255
256 resp = (struct event *)(skb_ret->data);
257 ret = resp->status;
258 dev_kfree_skb(skb_ret);
259
260out:
261 return ret;
262}
263
264static int mt7615_mcu_start_patch(struct mt7615_dev *dev)
265{
266 struct {
267 u8 check_crc;
268 u8 reserved[3];
269 } req = {
270 .check_crc = 0,
271 };
272 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
273
274 return mt7615_mcu_msg_send(dev, skb, -MCU_CMD_PATCH_FINISH_REQ,
275 MCU_Q_NA, MCU_S2D_H2N, NULL);
276}
277
278static int mt7615_driver_own(struct mt7615_dev *dev)
279{
280 mt76_wr(dev, MT_CFG_LPCR_HOST, MT_CFG_LPCR_HOST_DRV_OWN);
281 if (!mt76_poll_msec(dev, MT_CFG_LPCR_HOST,
282 MT_CFG_LPCR_HOST_FW_OWN, 0, 500)) {
283 dev_err(dev->mt76.dev, "Timeout for driver own\n");
284 return -EIO;
285 }
286
287 return 0;
288}
289
290static int mt7615_load_patch(struct mt7615_dev *dev)
291{
292 const struct firmware *fw;
293 const struct mt7615_patch_hdr *hdr;
294 const char *firmware = MT7615_ROM_PATCH;
295 int len, ret, sem;
296
297 sem = mt7615_mcu_patch_sem_ctrl(dev, 1);
298 switch (sem) {
299 case PATCH_IS_DL:
300 return 0;
301 case PATCH_NOT_DL_SEM_SUCCESS:
302 break;
303 default:
304 dev_err(dev->mt76.dev, "Failed to get patch semaphore\n");
305 return -EAGAIN;
306 }
307
308 ret = request_firmware(&fw, firmware, dev->mt76.dev);
309 if (ret)
310 return ret;
311
312 if (!fw || !fw->data || fw->size < sizeof(*hdr)) {
313 dev_err(dev->mt76.dev, "Invalid firmware\n");
314 ret = -EINVAL;
315 goto out;
316 }
317
318 hdr = (const struct mt7615_patch_hdr *)(fw->data);
319
320 dev_info(dev->mt76.dev, "HW/SW Version: 0x%x, Build Time: %.16s\n",
321 be32_to_cpu(hdr->hw_sw_ver), hdr->build_date);
322
323 len = fw->size - sizeof(*hdr);
324
325 ret = mt7615_mcu_init_download(dev, MCU_PATCH_ADDRESS, len,
326 DL_MODE_NEED_RSP);
327 if (ret) {
328 dev_err(dev->mt76.dev, "Download request failed\n");
329 goto out;
330 }
331
332 ret = mt7615_mcu_send_firmware(dev, fw->data + sizeof(*hdr), len);
333 if (ret) {
334 dev_err(dev->mt76.dev, "Failed to send firmware to device\n");
335 goto out;
336 }
337
338 ret = mt7615_mcu_start_patch(dev);
339 if (ret)
340 dev_err(dev->mt76.dev, "Failed to start patch\n");
341
342out:
343 release_firmware(fw);
344
345 sem = mt7615_mcu_patch_sem_ctrl(dev, 0);
346 switch (sem) {
347 case PATCH_REL_SEM_SUCCESS:
348 break;
349 default:
350 ret = -EAGAIN;
351 dev_err(dev->mt76.dev, "Failed to release patch semaphore\n");
352 break;
353 }
354
355 return ret;
356}
357
358static u32 gen_dl_mode(u8 feature_set, bool is_cr4)
359{
360 u32 ret = 0;
361
362 ret |= (feature_set & FW_FEATURE_SET_ENCRYPT) ?
363 (DL_MODE_ENCRYPT | DL_MODE_RESET_SEC_IV) : 0;
364 ret |= FIELD_PREP(DL_MODE_KEY_IDX,
365 FIELD_GET(FW_FEATURE_SET_KEY_IDX, feature_set));
366 ret |= DL_MODE_NEED_RSP;
367 ret |= is_cr4 ? DL_MODE_WORKING_PDA_CR4 : 0;
368
369 return ret;
370}
371
372static int mt7615_load_ram(struct mt7615_dev *dev)
373{
374 const struct firmware *fw;
375 const struct mt7615_fw_trailer *hdr;
376 const char *n9_firmware = MT7615_FIRMWARE_N9;
377 const char *cr4_firmware = MT7615_FIRMWARE_CR4;
378 u32 n9_ilm_addr, offset;
379 int i, ret;
380
381 ret = request_firmware(&fw, n9_firmware, dev->mt76.dev);
382 if (ret)
383 return ret;
384
385 if (!fw || !fw->data || fw->size < N9_REGION_NUM * sizeof(*hdr)) {
386 dev_err(dev->mt76.dev, "Invalid firmware\n");
387 ret = -EINVAL;
388 goto out;
389 }
390
391 hdr = (const struct mt7615_fw_trailer *)(fw->data + fw->size -
392 N9_REGION_NUM * sizeof(*hdr));
393
394 dev_info(dev->mt76.dev, "N9 Firmware Version: %.10s, Build Time: %.15s\n",
395 hdr->fw_ver, hdr->build_date);
396
397 n9_ilm_addr = le32_to_cpu(hdr->addr);
398
399 for (offset = 0, i = 0; i < N9_REGION_NUM; i++) {
400 u32 len, addr, mode;
401
402 len = le32_to_cpu(hdr[i].len) + IMG_CRC_LEN;
403 addr = le32_to_cpu(hdr[i].addr);
404 mode = gen_dl_mode(hdr[i].feature_set, false);
405
406 ret = mt7615_mcu_init_download(dev, addr, len, mode);
407 if (ret) {
408 dev_err(dev->mt76.dev, "Download request failed\n");
409 goto out;
410 }
411
412 ret = mt7615_mcu_send_firmware(dev, fw->data + offset, len);
413 if (ret) {
414 dev_err(dev->mt76.dev, "Failed to send firmware to device\n");
415 goto out;
416 }
417
418 offset += len;
419 }
420
421 ret = mt7615_mcu_start_firmware(dev, n9_ilm_addr, FW_START_OVERRIDE);
422 if (ret) {
423 dev_err(dev->mt76.dev, "Failed to start N9 firmware\n");
424 goto out;
425 }
426
427 release_firmware(fw);
428
429 ret = request_firmware(&fw, cr4_firmware, dev->mt76.dev);
430 if (ret)
431 return ret;
432
433 if (!fw || !fw->data || fw->size < CR4_REGION_NUM * sizeof(*hdr)) {
434 dev_err(dev->mt76.dev, "Invalid firmware\n");
435 ret = -EINVAL;
436 goto out;
437 }
438
439 hdr = (const struct mt7615_fw_trailer *)(fw->data + fw->size -
440 CR4_REGION_NUM * sizeof(*hdr));
441
442 dev_info(dev->mt76.dev, "CR4 Firmware Version: %.10s, Build Time: %.15s\n",
443 hdr->fw_ver, hdr->build_date);
444
445 for (offset = 0, i = 0; i < CR4_REGION_NUM; i++) {
446 u32 len, addr, mode;
447
448 len = le32_to_cpu(hdr[i].len) + IMG_CRC_LEN;
449 addr = le32_to_cpu(hdr[i].addr);
450 mode = gen_dl_mode(hdr[i].feature_set, true);
451
452 ret = mt7615_mcu_init_download(dev, addr, len, mode);
453 if (ret) {
454 dev_err(dev->mt76.dev, "Download request failed\n");
455 goto out;
456 }
457
458 ret = mt7615_mcu_send_firmware(dev, fw->data + offset, len);
459 if (ret) {
460 dev_err(dev->mt76.dev, "Failed to send firmware to device\n");
461 goto out;
462 }
463
464 offset += len;
465 }
466
467 ret = mt7615_mcu_start_firmware(dev, 0, FW_START_WORKING_PDA_CR4);
468 if (ret)
469 dev_err(dev->mt76.dev, "Failed to start CR4 firmware\n");
470
471out:
472 release_firmware(fw);
473
474 return ret;
475}
476
477static int mt7615_load_firmware(struct mt7615_dev *dev)
478{
479 int ret;
480 u32 val;
481
482 val = mt76_get_field(dev, MT_TOP_MISC2, MT_TOP_MISC2_FW_STATE);
483
484 if (val != FW_STATE_FW_DOWNLOAD) {
485 dev_err(dev->mt76.dev, "Firmware is not ready for download\n");
486 return -EIO;
487 }
488
489 ret = mt7615_load_patch(dev);
490 if (ret)
491 return ret;
492
493 ret = mt7615_load_ram(dev);
494 if (ret)
495 return ret;
496
497 if (!mt76_poll_msec(dev, MT_TOP_MISC2, MT_TOP_MISC2_FW_STATE,
498 FIELD_PREP(MT_TOP_MISC2_FW_STATE,
499 FW_STATE_CR4_RDY), 500)) {
500 dev_err(dev->mt76.dev, "Timeout for initializing firmware\n");
501 return -EIO;
502 }
503
504 dev_dbg(dev->mt76.dev, "Firmware init done\n");
505
506 return 0;
507}
508
509int mt7615_mcu_init(struct mt7615_dev *dev)
510{
511 int ret;
512
513 ret = mt7615_driver_own(dev);
514 if (ret)
515 return ret;
516
517 ret = mt7615_load_firmware(dev);
518 if (ret)
519 return ret;
520
521 set_bit(MT76_STATE_MCU_RUNNING, &dev->mt76.state);
522
523 return 0;
524}
525
526void mt7615_mcu_exit(struct mt7615_dev *dev)
527{
528 mt7615_mcu_restart(dev);
529 mt76_wr(dev, MT_CFG_LPCR_HOST, MT_CFG_LPCR_HOST_FW_OWN);
530 skb_queue_purge(&dev->mt76.mmio.mcu.res_q);
531}
532
533int mt7615_mcu_set_eeprom(struct mt7615_dev *dev)
534{
535 struct req_data {
536 u8 val;
537 } __packed;
538 struct {
539 u8 buffer_mode;
540 u8 pad;
541 u16 len;
542 } __packed req_hdr = {
543 .buffer_mode = 1,
544 .len = __MT_EE_MAX - MT_EE_NIC_CONF_0,
545 };
546 struct sk_buff *skb;
547 struct req_data *data;
548 const int size = (__MT_EE_MAX - MT_EE_NIC_CONF_0) *
549 sizeof(struct req_data);
550 u8 *eep = (u8 *)dev->mt76.eeprom.data;
551 u16 off;
552
553 skb = mt7615_mcu_msg_alloc(NULL, size + sizeof(req_hdr));
554 memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr));
555 data = (struct req_data *)skb_put(skb, size);
556 memset(data, 0, size);
557
558 for (off = MT_EE_NIC_CONF_0; off < __MT_EE_MAX; off++)
559 data[off - MT_EE_NIC_CONF_0].val = eep[off];
560
561 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_EFUSE_BUFFER_MODE,
562 MCU_Q_SET, MCU_S2D_H2N, NULL);
563}
564
565int mt7615_mcu_init_mac(struct mt7615_dev *dev)
566{
567 struct {
568 u8 enable;
569 u8 band;
570 u8 rsv[2];
571 } __packed req = {
572 .enable = 1,
573 .band = 0,
574 };
575 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
576
577 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_MAC_INIT_CTRL,
578 MCU_Q_SET, MCU_S2D_H2N, NULL);
579}
580
581int mt7615_mcu_set_rts_thresh(struct mt7615_dev *dev, u32 val)
582{
583 struct {
584 u8 prot_idx;
585 u8 band;
586 u8 rsv[2];
587 __le32 len_thresh;
588 __le32 pkt_thresh;
589 } __packed req = {
590 .prot_idx = 1,
591 .band = 0,
592 .len_thresh = cpu_to_le32(val),
593 .pkt_thresh = cpu_to_le32(0x2),
594 };
595 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
596
597 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_PROTECT_CTRL,
598 MCU_Q_SET, MCU_S2D_H2N, NULL);
599}
600
601int mt7615_mcu_set_wmm(struct mt7615_dev *dev, u8 queue,
602 const struct ieee80211_tx_queue_params *params)
603{
604#define WMM_AIFS_SET BIT(0)
605#define WMM_CW_MIN_SET BIT(1)
606#define WMM_CW_MAX_SET BIT(2)
607#define WMM_TXOP_SET BIT(3)
608 struct req_data {
609 u8 number;
610 u8 rsv[3];
611 u8 queue;
612 u8 valid;
613 u8 aifs;
614 u8 cw_min;
615 __le16 cw_max;
616 __le16 txop;
617 } __packed req = {
618 .number = 1,
619 .queue = queue,
620 .valid = WMM_AIFS_SET | WMM_TXOP_SET,
621 .aifs = params->aifs,
622 .txop = cpu_to_le16(params->txop),
623 };
624 struct sk_buff *skb;
625
626 if (params->cw_min) {
627 req.valid |= WMM_CW_MIN_SET;
628 req.cw_min = params->cw_min;
629 }
630 if (params->cw_max) {
631 req.valid |= WMM_CW_MAX_SET;
632 req.cw_max = cpu_to_le16(params->cw_max);
633 }
634
635 skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
636 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_EDCA_UPDATE,
637 MCU_Q_SET, MCU_S2D_H2N, NULL);
638}
639
640int mt7615_mcu_ctrl_pm_state(struct mt7615_dev *dev, int enter)
641{
642#define ENTER_PM_STATE 1
643#define EXIT_PM_STATE 2
644 struct {
645 u8 pm_number;
646 u8 pm_state;
647 u8 bssid[ETH_ALEN];
648 u8 dtim_period;
649 u8 wlan_idx;
650 __le16 bcn_interval;
651 __le32 aid;
652 __le32 rx_filter;
653 u8 band_idx;
654 u8 rsv[3];
655 __le32 feature;
656 u8 omac_idx;
657 u8 wmm_idx;
658 u8 bcn_loss_cnt;
659 u8 bcn_sp_duration;
660 } __packed req = {
661 .pm_number = 5,
662 .pm_state = (enter) ? ENTER_PM_STATE : EXIT_PM_STATE,
663 .band_idx = 0,
664 };
665 struct sk_buff *skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
666
667 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_PM_STATE_CTRL,
668 MCU_Q_SET, MCU_S2D_H2N, NULL);
669}
670
671static int __mt7615_mcu_set_dev_info(struct mt7615_dev *dev,
672 struct dev_info *dev_info)
673{
674 struct req_hdr {
675 u8 omac_idx;
676 u8 band_idx;
677 __le16 tlv_num;
678 u8 is_tlv_append;
679 u8 rsv[3];
680 } __packed req_hdr = {0};
681 struct req_tlv {
682 __le16 tag;
683 __le16 len;
684 u8 active;
685 u8 band_idx;
686 u8 omac_addr[ETH_ALEN];
687 } __packed;
688 struct sk_buff *skb;
689 u16 tlv_num = 0;
690
691 skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) +
692 sizeof(struct req_tlv));
693 skb_reserve(skb, sizeof(req_hdr));
694
695 if (dev_info->feature & BIT(DEV_INFO_ACTIVE)) {
696 struct req_tlv req_tlv = {
697 .tag = cpu_to_le16(DEV_INFO_ACTIVE),
698 .len = cpu_to_le16(sizeof(req_tlv)),
699 .active = dev_info->enable,
700 .band_idx = dev_info->band_idx,
701 };
702 memcpy(req_tlv.omac_addr, dev_info->omac_addr, ETH_ALEN);
703 memcpy(skb_put(skb, sizeof(req_tlv)), &req_tlv,
704 sizeof(req_tlv));
705 tlv_num++;
706 }
707
708 req_hdr.omac_idx = dev_info->omac_idx;
709 req_hdr.band_idx = dev_info->band_idx;
710 req_hdr.tlv_num = cpu_to_le16(tlv_num);
711 req_hdr.is_tlv_append = tlv_num ? 1 : 0;
712
713 memcpy(skb_push(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr));
714
715 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_DEV_INFO_UPDATE,
716 MCU_Q_SET, MCU_S2D_H2N, NULL);
717}
718
719int mt7615_mcu_set_dev_info(struct mt7615_dev *dev, struct ieee80211_vif *vif,
720 int en)
721{
722 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
723 struct dev_info dev_info = {0};
724
725 dev_info.omac_idx = mvif->omac_idx;
726 memcpy(dev_info.omac_addr, vif->addr, ETH_ALEN);
727 dev_info.band_idx = mvif->band_idx;
728 dev_info.enable = en;
729 dev_info.feature = BIT(DEV_INFO_ACTIVE);
730
731 return __mt7615_mcu_set_dev_info(dev, &dev_info);
732}
733
734static void bss_info_omac_handler (struct mt7615_dev *dev,
735 struct bss_info *bss_info,
736 struct sk_buff *skb)
737{
738 struct bss_info_omac tlv = {0};
739
740 tlv.tag = cpu_to_le16(BSS_INFO_OMAC);
741 tlv.len = cpu_to_le16(sizeof(tlv));
742 tlv.hw_bss_idx = (bss_info->omac_idx > EXT_BSSID_START) ?
743 HW_BSSID_0 : bss_info->omac_idx;
744 tlv.omac_idx = bss_info->omac_idx;
745 tlv.band_idx = bss_info->band_idx;
746 tlv.conn_type = cpu_to_le32(bss_info->conn_type);
747
748 memcpy(skb_put(skb, sizeof(tlv)), &tlv, sizeof(tlv));
749}
750
751static void bss_info_basic_handler (struct mt7615_dev *dev,
752 struct bss_info *bss_info,
753 struct sk_buff *skb)
754{
755 struct bss_info_basic tlv = {0};
756
757 tlv.tag = cpu_to_le16(BSS_INFO_BASIC);
758 tlv.len = cpu_to_le16(sizeof(tlv));
759 tlv.network_type = cpu_to_le32(bss_info->network_type);
760 tlv.active = bss_info->enable;
761 tlv.bcn_interval = cpu_to_le16(bss_info->bcn_interval);
762 memcpy(tlv.bssid, bss_info->bssid, ETH_ALEN);
763 tlv.wmm_idx = bss_info->wmm_idx;
764 tlv.dtim_period = bss_info->dtim_period;
765 tlv.bmc_tx_wlan_idx = bss_info->bmc_tx_wlan_idx;
766
767 memcpy(skb_put(skb, sizeof(tlv)), &tlv, sizeof(tlv));
768}
769
770static void bss_info_ext_bss_handler (struct mt7615_dev *dev,
771 struct bss_info *bss_info,
772 struct sk_buff *skb)
773{
774
775#define BCN_TX_ESTIMATE_TIME (4096 + 20)
776 struct bss_info_ext_bss tlv = {0};
777 int ext_bss_idx;
778
779 ext_bss_idx = bss_info->omac_idx - EXT_BSSID_START;
780
781 if (ext_bss_idx < 0)
782 return;
783
784 tlv.tag = cpu_to_le16(BSS_INFO_EXT_BSS);
785 tlv.len = cpu_to_le16(sizeof(tlv));
786 tlv.mbss_tsf_offset = ext_bss_idx * BCN_TX_ESTIMATE_TIME;
787
788 memcpy(skb_put(skb, sizeof(tlv)), &tlv, sizeof(tlv));
789}
790
791static struct bss_info_tag_handler bss_info_tag_handler[] = {
792 {BSS_INFO_OMAC, sizeof(struct bss_info_omac), bss_info_omac_handler},
793 {BSS_INFO_BASIC, sizeof(struct bss_info_basic), bss_info_basic_handler},
794 {BSS_INFO_RF_CH, sizeof(struct bss_info_rf_ch), NULL},
795 {BSS_INFO_PM, 0, NULL},
796 {BSS_INFO_UAPSD, 0, NULL},
797 {BSS_INFO_ROAM_DETECTION, 0, NULL},
798 {BSS_INFO_LQ_RM, 0, NULL},
799 {BSS_INFO_EXT_BSS, sizeof(struct bss_info_ext_bss), bss_info_ext_bss_handler},
800 {BSS_INFO_BMC_INFO, 0, NULL},
801 {BSS_INFO_SYNC_MODE, 0, NULL},
802 {BSS_INFO_RA, 0, NULL},
803 {BSS_INFO_MAX_NUM, 0, NULL},
804};
805
806static int __mt7615_mcu_set_bss_info(struct mt7615_dev *dev,
807 struct bss_info *bss_info)
808{
809 struct req_hdr {
810 u8 bss_idx;
811 u8 rsv0;
812 __le16 tlv_num;
813 u8 is_tlv_append;
814 u8 rsv1[3];
815 } __packed req_hdr = {0};
816 struct sk_buff *skb;
817 u16 tlv_num = 0;
818 u32 size = 0;
819 int i;
820
821 for (i = 0; i < BSS_INFO_MAX_NUM; i++)
822 if ((BIT(bss_info_tag_handler[i].tag) & bss_info->feature) &&
823 bss_info_tag_handler[i].handler) {
824 tlv_num++;
825 size += bss_info_tag_handler[i].len;
826 }
827
828 skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) + size);
829
830 req_hdr.bss_idx = bss_info->bss_idx;
831 req_hdr.tlv_num = cpu_to_le16(tlv_num);
832 req_hdr.is_tlv_append = tlv_num ? 1 : 0;
833
834 memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr));
835
836 for (i = 0; i < BSS_INFO_MAX_NUM; i++)
837 if ((BIT(bss_info_tag_handler[i].tag) & bss_info->feature) &&
838 bss_info_tag_handler[i].handler)
839 bss_info_tag_handler[i].handler(dev, bss_info, skb);
840
841 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_BSS_INFO_UPDATE,
842 MCU_Q_SET, MCU_S2D_H2N, NULL);
843}
844
845static void bss_info_convert_vif_type(enum nl80211_iftype type,
846 u32 *network_type, u32 *conn_type)
847{
848 switch (type) {
849 case NL80211_IFTYPE_AP:
850 if (network_type)
851 *network_type = NETWORK_INFRA;
852 if (conn_type)
853 *conn_type = CONNECTION_INFRA_AP;
854 break;
855 case NL80211_IFTYPE_STATION:
856 if (network_type)
857 *network_type = NETWORK_INFRA;
858 if (conn_type)
859 *conn_type = CONNECTION_INFRA_STA;
860 break;
861 default:
862 WARN_ON(1);
863 break;
864 };
865}
866
867int mt7615_mcu_set_bss_info(struct mt7615_dev *dev, struct ieee80211_vif *vif,
868 int en)
869{
870 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
871 struct bss_info bss_info = {0};
872 u8 bmc_tx_wlan_idx = 0;
873 u32 network_type = 0, conn_type = 0;
874
875 if (vif->type == NL80211_IFTYPE_AP) {
876 bmc_tx_wlan_idx = mvif->sta.wcid.idx;
877 } else if (vif->type == NL80211_IFTYPE_STATION) {
878
879 struct ieee80211_sta *ap_sta;
880 struct mt7615_sta *msta;
881
882 rcu_read_lock();
883
884 ap_sta = ieee80211_find_sta(vif, vif->bss_conf.bssid);
885 if (!ap_sta) {
886 rcu_read_unlock();
887 return -EINVAL;
888 }
889
890 msta = (struct mt7615_sta *)ap_sta->drv_priv;
891 bmc_tx_wlan_idx = msta->wcid.idx;
892
893 rcu_read_unlock();
894 } else {
895 WARN_ON(1);
896 }
897
898 bss_info_convert_vif_type(vif->type, &network_type, &conn_type);
899
900 bss_info.bss_idx = mvif->idx;
901 memcpy(bss_info.bssid, vif->bss_conf.bssid, ETH_ALEN);
902 bss_info.omac_idx = mvif->omac_idx;
903 bss_info.band_idx = mvif->band_idx;
904 bss_info.bmc_tx_wlan_idx = bmc_tx_wlan_idx;
905 bss_info.wmm_idx = mvif->wmm_idx;
906 bss_info.network_type = network_type;
907 bss_info.conn_type = conn_type;
908 bss_info.bcn_interval = vif->bss_conf.beacon_int;
909 bss_info.dtim_period = vif->bss_conf.dtim_period;
910 bss_info.enable = en;
911 bss_info.feature = BIT(BSS_INFO_BASIC);
912 if (en) {
913 bss_info.feature |= BIT(BSS_INFO_OMAC);
914 if (mvif->omac_idx > EXT_BSSID_START)
915 bss_info.feature |= BIT(BSS_INFO_EXT_BSS);
916 }
917
918 return __mt7615_mcu_set_bss_info(dev, &bss_info);
919}
920
921static int __mt7615_mcu_set_wtbl(struct mt7615_dev *dev, int wlan_idx,
922 int operation, void *buf, int buf_len)
923{
924 struct req_hdr {
925 u8 wlan_idx;
926 u8 operation;
927 __le16 tlv_num;
928 u8 rsv[4];
929 } __packed req_hdr = {0};
930 struct tlv {
931 __le16 tag;
932 __le16 len;
933 u8 buf[0];
934 } __packed;
935 struct sk_buff *skb;
936 u16 tlv_num = 0;
937 int offset = 0;
938
939 while (offset < buf_len) {
940 struct tlv *tlv = (struct tlv *)((u8 *)buf + offset);
941
942 tlv_num++;
943 offset += tlv->len;
944 }
945
946 skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) + buf_len);
947
948 req_hdr.wlan_idx = wlan_idx;
949 req_hdr.operation = operation;
950 req_hdr.tlv_num = cpu_to_le16(tlv_num);
951
952 memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr));
953
954 if (buf && buf_len)
955 memcpy(skb_put(skb, buf_len), buf, buf_len);
956
957 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_WTBL_UPDATE,
958 MCU_Q_SET, MCU_S2D_H2N, NULL);
959}
960
961static enum mt7615_cipher_type
962mt7615_get_key_info(struct ieee80211_key_conf *key, u8 *key_data)
963{
964 if (!key || key->keylen > 32)
965 return MT_CIPHER_NONE;
966
967 memcpy(key_data, key->key, key->keylen);
968
969 switch (key->cipher) {
970 case WLAN_CIPHER_SUITE_WEP40:
971 return MT_CIPHER_WEP40;
972 case WLAN_CIPHER_SUITE_WEP104:
973 return MT_CIPHER_WEP104;
974 case WLAN_CIPHER_SUITE_TKIP:
975
976 memcpy(key_data + 16, key->key + 24, 8);
977 memcpy(key_data + 24, key->key + 16, 8);
978 return MT_CIPHER_TKIP;
979 case WLAN_CIPHER_SUITE_CCMP:
980 return MT_CIPHER_AES_CCMP;
981 case WLAN_CIPHER_SUITE_CCMP_256:
982 return MT_CIPHER_CCMP_256;
983 case WLAN_CIPHER_SUITE_GCMP:
984 return MT_CIPHER_GCMP;
985 case WLAN_CIPHER_SUITE_GCMP_256:
986 return MT_CIPHER_GCMP_256;
987 case WLAN_CIPHER_SUITE_SMS4:
988 return MT_CIPHER_WAPI;
989 default:
990 return MT_CIPHER_NONE;
991 }
992}
993
994int mt7615_mcu_set_wtbl_key(struct mt7615_dev *dev, int wcid,
995 struct ieee80211_key_conf *key,
996 enum set_key_cmd cmd)
997{
998 struct wtbl_sec_key wtbl_sec_key = {0};
999 int buf_len = sizeof(struct wtbl_sec_key);
1000 u8 cipher;
1001
1002 wtbl_sec_key.tag = cpu_to_le16(WTBL_SEC_KEY);
1003 wtbl_sec_key.len = cpu_to_le16(buf_len);
1004 wtbl_sec_key.add = cmd;
1005
1006 if (cmd == SET_KEY) {
1007 cipher = mt7615_get_key_info(key, wtbl_sec_key.key_material);
1008 if (cipher == MT_CIPHER_NONE && key)
1009 return -EOPNOTSUPP;
1010
1011 wtbl_sec_key.cipher_id = cipher;
1012 wtbl_sec_key.key_id = key->keyidx;
1013 wtbl_sec_key.key_len = key->keylen;
1014 } else {
1015 wtbl_sec_key.key_len = sizeof(wtbl_sec_key.key_material);
1016 }
1017
1018 return __mt7615_mcu_set_wtbl(dev, wcid, WTBL_SET, &wtbl_sec_key,
1019 buf_len);
1020}
1021
1022int mt7615_mcu_add_wtbl_bmc(struct mt7615_dev *dev, struct ieee80211_vif *vif)
1023{
1024 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1025 struct wtbl_generic *wtbl_generic;
1026 struct wtbl_rx *wtbl_rx;
1027 int buf_len, ret;
1028 u8 *buf;
1029
1030 buf = kzalloc(MT7615_WTBL_UPDATE_MAX_SIZE, GFP_KERNEL);
1031 if (!buf)
1032 return -ENOMEM;
1033
1034 wtbl_generic = (struct wtbl_generic *)buf;
1035 buf_len = sizeof(*wtbl_generic);
1036 wtbl_generic->tag = cpu_to_le16(WTBL_GENERIC);
1037 wtbl_generic->len = cpu_to_le16(buf_len);
1038 eth_broadcast_addr(wtbl_generic->peer_addr);
1039 wtbl_generic->muar_idx = 0xe;
1040
1041 wtbl_rx = (struct wtbl_rx *)(buf + buf_len);
1042 buf_len += sizeof(*wtbl_rx);
1043 wtbl_rx->tag = cpu_to_le16(WTBL_RX);
1044 wtbl_rx->len = cpu_to_le16(sizeof(*wtbl_rx));
1045 wtbl_rx->rca1 = 1;
1046 wtbl_rx->rca2 = 1;
1047 wtbl_rx->rv = 1;
1048
1049 ret = __mt7615_mcu_set_wtbl(dev, mvif->sta.wcid.idx,
1050 WTBL_RESET_AND_SET, buf, buf_len);
1051
1052 kfree(buf);
1053 return ret;
1054}
1055
1056int mt7615_mcu_del_wtbl_bmc(struct mt7615_dev *dev, struct ieee80211_vif *vif)
1057{
1058 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1059
1060 return __mt7615_mcu_set_wtbl(dev, mvif->sta.wcid.idx,
1061 WTBL_RESET_AND_SET, NULL, 0);
1062}
1063
1064int mt7615_mcu_add_wtbl(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1065 struct ieee80211_sta *sta)
1066{
1067 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1068 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1069 struct wtbl_generic *wtbl_generic;
1070 struct wtbl_rx *wtbl_rx;
1071 int buf_len, ret;
1072 u8 *buf;
1073
1074 buf = kzalloc(MT7615_WTBL_UPDATE_MAX_SIZE, GFP_KERNEL);
1075 if (!buf)
1076 return -ENOMEM;
1077
1078 wtbl_generic = (struct wtbl_generic *)buf;
1079 buf_len = sizeof(*wtbl_generic);
1080 wtbl_generic->tag = cpu_to_le16(WTBL_GENERIC);
1081 wtbl_generic->len = cpu_to_le16(buf_len);
1082 memcpy(wtbl_generic->peer_addr, sta->addr, ETH_ALEN);
1083 wtbl_generic->muar_idx = mvif->omac_idx;
1084 wtbl_generic->qos = sta->wme;
1085 wtbl_generic->partial_aid = cpu_to_le16(sta->aid);
1086
1087 wtbl_rx = (struct wtbl_rx *)(buf + buf_len);
1088 buf_len += sizeof(*wtbl_rx);
1089 wtbl_rx->tag = cpu_to_le16(WTBL_RX);
1090 wtbl_rx->len = cpu_to_le16(sizeof(*wtbl_rx));
1091 wtbl_rx->rca1 = (vif->type == NL80211_IFTYPE_AP) ? 0 : 1;
1092 wtbl_rx->rca2 = 1;
1093 wtbl_rx->rv = 1;
1094
1095 ret = __mt7615_mcu_set_wtbl(dev, msta->wcid.idx,
1096 WTBL_RESET_AND_SET, buf, buf_len);
1097
1098 kfree(buf);
1099 return ret;
1100}
1101
1102int mt7615_mcu_del_wtbl(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1103 struct ieee80211_sta *sta)
1104{
1105 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1106
1107 return __mt7615_mcu_set_wtbl(dev, msta->wcid.idx,
1108 WTBL_RESET_AND_SET, NULL, 0);
1109}
1110
1111int mt7615_mcu_del_wtbl_all(struct mt7615_dev *dev)
1112{
1113 return __mt7615_mcu_set_wtbl(dev, 0, WTBL_RESET_ALL, NULL, 0);
1114}
1115
1116static int __mt7615_mcu_set_sta_rec(struct mt7615_dev *dev, int bss_idx,
1117 int wlan_idx, int muar_idx, void *buf,
1118 int buf_len)
1119{
1120 struct req_hdr {
1121 u8 bss_idx;
1122 u8 wlan_idx;
1123 __le16 tlv_num;
1124 u8 is_tlv_append;
1125 u8 muar_idx;
1126 u8 rsv[2];
1127 } __packed req_hdr = {0};
1128 struct tlv {
1129 __le16 tag;
1130 __le16 len;
1131 u8 buf[0];
1132 } __packed;
1133 struct sk_buff *skb;
1134 u16 tlv_num = 0;
1135 int offset = 0;
1136
1137 while (offset < buf_len) {
1138 struct tlv *tlv = (struct tlv *)((u8 *)buf + offset);
1139
1140 tlv_num++;
1141 offset += tlv->len;
1142 }
1143
1144 skb = mt7615_mcu_msg_alloc(NULL, sizeof(req_hdr) + buf_len);
1145
1146 req_hdr.bss_idx = bss_idx;
1147 req_hdr.wlan_idx = wlan_idx;
1148 req_hdr.tlv_num = cpu_to_le16(tlv_num);
1149 req_hdr.is_tlv_append = tlv_num ? 1 : 0;
1150 req_hdr.muar_idx = muar_idx;
1151
1152 memcpy(skb_put(skb, sizeof(req_hdr)), &req_hdr, sizeof(req_hdr));
1153
1154 if (buf && buf_len)
1155 memcpy(skb_put(skb, buf_len), buf, buf_len);
1156
1157 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_STA_REC_UPDATE,
1158 MCU_Q_SET, MCU_S2D_H2N, NULL);
1159}
1160
1161int mt7615_mcu_set_sta_rec_bmc(struct mt7615_dev *dev,
1162 struct ieee80211_vif *vif, bool en)
1163{
1164 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1165 struct sta_rec_basic sta_rec_basic = {0};
1166 int buf_len = sizeof(struct sta_rec_basic);
1167
1168 sta_rec_basic.tag = cpu_to_le16(STA_REC_BASIC);
1169 sta_rec_basic.len = cpu_to_le16(buf_len);
1170 sta_rec_basic.conn_type = cpu_to_le32(CONNECTION_INFRA_BC);
1171 eth_broadcast_addr(sta_rec_basic.peer_addr);
1172 if (en) {
1173 sta_rec_basic.conn_state = CONN_STATE_PORT_SECURE;
1174 sta_rec_basic.extra_info =
1175 cpu_to_le16(EXTRA_INFO_VER | EXTRA_INFO_NEW);
1176 } else {
1177 sta_rec_basic.conn_state = CONN_STATE_DISCONNECT;
1178 sta_rec_basic.extra_info = cpu_to_le16(EXTRA_INFO_VER);
1179 }
1180
1181 return __mt7615_mcu_set_sta_rec(dev, mvif->idx, mvif->sta.wcid.idx,
1182 mvif->omac_idx, &sta_rec_basic,
1183 buf_len);
1184}
1185
1186static void sta_rec_convert_vif_type(enum nl80211_iftype type, u32 *conn_type)
1187{
1188 switch (type) {
1189 case NL80211_IFTYPE_AP:
1190 if (conn_type)
1191 *conn_type = CONNECTION_INFRA_STA;
1192 break;
1193 case NL80211_IFTYPE_STATION:
1194 if (conn_type)
1195 *conn_type = CONNECTION_INFRA_AP;
1196 break;
1197 default:
1198 WARN_ON(1);
1199 break;
1200 };
1201}
1202
1203int mt7615_mcu_set_sta_rec(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1204 struct ieee80211_sta *sta, bool en)
1205{
1206 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1207 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1208 struct sta_rec_basic sta_rec_basic = {0};
1209 int buf_len = sizeof(struct sta_rec_basic);
1210 u32 conn_type = 0;
1211
1212 sta_rec_convert_vif_type(vif->type, &conn_type);
1213
1214 sta_rec_basic.tag = cpu_to_le16(STA_REC_BASIC);
1215 sta_rec_basic.len = cpu_to_le16(buf_len);
1216 sta_rec_basic.conn_type = cpu_to_le32(conn_type);
1217 sta_rec_basic.qos = sta->wme;
1218 sta_rec_basic.aid = cpu_to_le16(sta->aid);
1219 memcpy(sta_rec_basic.peer_addr, sta->addr, ETH_ALEN);
1220
1221 if (en) {
1222 sta_rec_basic.conn_state = CONN_STATE_PORT_SECURE;
1223 sta_rec_basic.extra_info =
1224 cpu_to_le16(EXTRA_INFO_VER | EXTRA_INFO_NEW);
1225 } else {
1226 sta_rec_basic.conn_state = CONN_STATE_DISCONNECT;
1227 sta_rec_basic.extra_info = cpu_to_le16(EXTRA_INFO_VER);
1228 }
1229
1230 return __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx,
1231 mvif->omac_idx, &sta_rec_basic,
1232 buf_len);
1233}
1234
1235int mt7615_mcu_set_bcn(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1236 int en)
1237{
1238 struct req {
1239 u8 omac_idx;
1240 u8 enable;
1241 u8 wlan_idx;
1242 u8 band_idx;
1243 u8 pkt_type;
1244 u8 need_pre_tbtt_int;
1245 __le16 csa_ie_pos;
1246 __le16 pkt_len;
1247 __le16 tim_ie_pos;
1248 u8 pkt[512];
1249 u8 csa_cnt;
1250
1251 u8 bcc_cnt;
1252 __le16 bcc_ie_pos;
1253 } __packed req = {0};
1254 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1255 struct mt76_wcid *wcid = &dev->mt76.global_wcid;
1256 struct sk_buff *skb;
1257 u16 tim_off, tim_len;
1258
1259 skb = ieee80211_beacon_get_tim(mt76_hw(dev), vif, &tim_off, &tim_len);
1260
1261 if (!skb)
1262 return -EINVAL;
1263
1264 if (skb->len > 512 - MT_TXD_SIZE) {
1265 dev_err(dev->mt76.dev, "Bcn size limit exceed\n");
1266 dev_kfree_skb(skb);
1267 return -EINVAL;
1268 }
1269
1270 mt7615_mac_write_txwi(dev, (__le32 *)(req.pkt), skb, wcid, NULL,
1271 0, NULL);
1272 memcpy(req.pkt + MT_TXD_SIZE, skb->data, skb->len);
1273 dev_kfree_skb(skb);
1274
1275 req.omac_idx = mvif->omac_idx;
1276 req.enable = en;
1277 req.wlan_idx = wcid->idx;
1278 req.band_idx = mvif->band_idx;
1279
1280 req.pkt_type = 0;
1281 req.pkt_len = cpu_to_le16(MT_TXD_SIZE + skb->len);
1282 req.tim_ie_pos = cpu_to_le16(MT_TXD_SIZE + tim_off);
1283
1284 skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
1285
1286 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_BCN_OFFLOAD,
1287 MCU_Q_SET, MCU_S2D_H2N, NULL);
1288}
1289
1290int mt7615_mcu_set_channel(struct mt7615_dev *dev)
1291{
1292 struct cfg80211_chan_def *chdef = &dev->mt76.chandef;
1293 struct {
1294 u8 control_chan;
1295 u8 center_chan;
1296 u8 bw;
1297 u8 tx_streams;
1298 u8 rx_streams_mask;
1299 u8 switch_reason;
1300 u8 band_idx;
1301
1302 u8 center_chan2;
1303 __le16 cac_case;
1304 u8 channel_band;
1305 u8 rsv0;
1306 __le32 outband_freq;
1307 u8 txpower_drop;
1308 u8 rsv1[3];
1309 u8 txpower_sku[53];
1310 u8 rsv2[3];
1311 } req = {0};
1312 struct sk_buff *skb;
1313 int ret;
1314
1315 req.control_chan = chdef->chan->hw_value;
1316 req.center_chan = ieee80211_frequency_to_channel(chdef->center_freq1);
1317 req.tx_streams = (dev->mt76.chainmask >> 8) & 0xf;
1318 req.rx_streams_mask = dev->mt76.antenna_mask;
1319 req.switch_reason = CH_SWITCH_NORMAL;
1320 req.band_idx = 0;
1321 req.center_chan2 = ieee80211_frequency_to_channel(chdef->center_freq2);
1322 req.txpower_drop = 0;
1323
1324 switch (dev->mt76.chandef.width) {
1325 case NL80211_CHAN_WIDTH_40:
1326 req.bw = CMD_CBW_40MHZ;
1327 break;
1328 case NL80211_CHAN_WIDTH_80:
1329 req.bw = CMD_CBW_80MHZ;
1330 break;
1331 case NL80211_CHAN_WIDTH_80P80:
1332 req.bw = CMD_CBW_8080MHZ;
1333 break;
1334 case NL80211_CHAN_WIDTH_160:
1335 req.bw = CMD_CBW_160MHZ;
1336 break;
1337 case NL80211_CHAN_WIDTH_5:
1338 req.bw = CMD_CBW_5MHZ;
1339 break;
1340 case NL80211_CHAN_WIDTH_10:
1341 req.bw = CMD_CBW_10MHZ;
1342 break;
1343 case NL80211_CHAN_WIDTH_20_NOHT:
1344 case NL80211_CHAN_WIDTH_20:
1345 default:
1346 req.bw = CMD_CBW_20MHZ;
1347 }
1348
1349 memset(req.txpower_sku, 0x3f, 49);
1350
1351 skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
1352 ret = mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_CHANNEL_SWITCH,
1353 MCU_Q_SET, MCU_S2D_H2N, NULL);
1354 if (ret)
1355 return ret;
1356
1357 skb = mt7615_mcu_msg_alloc(&req, sizeof(req));
1358 return mt7615_mcu_msg_send(dev, skb, MCU_EXT_CMD_SET_RX_PATH,
1359 MCU_Q_SET, MCU_S2D_H2N, NULL);
1360}
1361
1362int mt7615_mcu_set_ht_cap(struct mt7615_dev *dev, struct ieee80211_vif *vif,
1363 struct ieee80211_sta *sta)
1364{
1365 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1366 struct mt7615_vif *mvif = (struct mt7615_vif *)vif->drv_priv;
1367 struct wtbl_ht *wtbl_ht;
1368 struct wtbl_raw *wtbl_raw;
1369 struct sta_rec_ht *sta_rec_ht;
1370 int buf_len, ret;
1371 u32 msk, val = 0;
1372 u8 *buf;
1373
1374 buf = kzalloc(MT7615_WTBL_UPDATE_MAX_SIZE, GFP_KERNEL);
1375 if (!buf)
1376 return -ENOMEM;
1377
1378
1379 buf_len = sizeof(*wtbl_ht);
1380 wtbl_ht = (struct wtbl_ht *)buf;
1381 wtbl_ht->tag = cpu_to_le16(WTBL_HT);
1382 wtbl_ht->len = cpu_to_le16(sizeof(*wtbl_ht));
1383 wtbl_ht->ht = 1;
1384 wtbl_ht->ldpc = sta->ht_cap.cap & IEEE80211_HT_CAP_LDPC_CODING;
1385 wtbl_ht->af = sta->ht_cap.ampdu_factor;
1386 wtbl_ht->mm = sta->ht_cap.ampdu_density;
1387
1388 if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_20)
1389 val |= MT_WTBL_W5_SHORT_GI_20;
1390 if (sta->ht_cap.cap & IEEE80211_HT_CAP_SGI_40)
1391 val |= MT_WTBL_W5_SHORT_GI_40;
1392
1393
1394 if (sta->vht_cap.vht_supported) {
1395 struct wtbl_vht *wtbl_vht;
1396
1397 wtbl_vht = (struct wtbl_vht *)(buf + buf_len);
1398 buf_len += sizeof(*wtbl_vht);
1399 wtbl_vht->tag = cpu_to_le16(WTBL_VHT);
1400 wtbl_vht->len = cpu_to_le16(sizeof(*wtbl_vht));
1401 wtbl_vht->ldpc = sta->vht_cap.cap & IEEE80211_VHT_CAP_RXLDPC;
1402 wtbl_vht->vht = 1;
1403
1404 if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_80)
1405 val |= MT_WTBL_W5_SHORT_GI_80;
1406 if (sta->vht_cap.cap & IEEE80211_VHT_CAP_SHORT_GI_160)
1407 val |= MT_WTBL_W5_SHORT_GI_160;
1408 }
1409
1410
1411 if (sta->smps_mode == IEEE80211_SMPS_DYNAMIC) {
1412 struct wtbl_smps *wtbl_smps;
1413
1414 wtbl_smps = (struct wtbl_smps *)(buf + buf_len);
1415 buf_len += sizeof(*wtbl_smps);
1416 wtbl_smps->tag = cpu_to_le16(WTBL_SMPS);
1417 wtbl_smps->len = cpu_to_le16(sizeof(*wtbl_smps));
1418 wtbl_smps->smps = 1;
1419 }
1420
1421
1422 msk = MT_WTBL_W5_SHORT_GI_20 | MT_WTBL_W5_SHORT_GI_40 |
1423 MT_WTBL_W5_SHORT_GI_80 | MT_WTBL_W5_SHORT_GI_160;
1424
1425 wtbl_raw = (struct wtbl_raw *)(buf + buf_len);
1426 buf_len += sizeof(*wtbl_raw);
1427 wtbl_raw->tag = cpu_to_le16(WTBL_RAW_DATA);
1428 wtbl_raw->len = cpu_to_le16(sizeof(*wtbl_raw));
1429 wtbl_raw->wtbl_idx = 1;
1430 wtbl_raw->dw = 5;
1431 wtbl_raw->msk = cpu_to_le32(~msk);
1432 wtbl_raw->val = cpu_to_le32(val);
1433
1434 ret = __mt7615_mcu_set_wtbl(dev, msta->wcid.idx, WTBL_SET, buf,
1435 buf_len);
1436 if (ret) {
1437 kfree(buf);
1438 return ret;
1439 }
1440
1441 memset(buf, 0, MT7615_WTBL_UPDATE_MAX_SIZE);
1442
1443 buf_len = sizeof(*sta_rec_ht);
1444 sta_rec_ht = (struct sta_rec_ht *)buf;
1445 sta_rec_ht->tag = cpu_to_le16(STA_REC_HT);
1446 sta_rec_ht->len = cpu_to_le16(sizeof(*sta_rec_ht));
1447 sta_rec_ht->ht_cap = cpu_to_le16(sta->ht_cap.cap);
1448
1449 if (sta->vht_cap.vht_supported) {
1450 struct sta_rec_vht *sta_rec_vht;
1451
1452 sta_rec_vht = (struct sta_rec_vht *)(buf + buf_len);
1453 buf_len += sizeof(*sta_rec_vht);
1454 sta_rec_vht->tag = cpu_to_le16(STA_REC_VHT);
1455 sta_rec_vht->len = cpu_to_le16(sizeof(*sta_rec_vht));
1456 sta_rec_vht->vht_cap = cpu_to_le32(sta->vht_cap.cap);
1457 sta_rec_vht->vht_rx_mcs_map =
1458 cpu_to_le16(sta->vht_cap.vht_mcs.rx_mcs_map);
1459 sta_rec_vht->vht_tx_mcs_map =
1460 cpu_to_le16(sta->vht_cap.vht_mcs.tx_mcs_map);
1461 }
1462
1463 ret = __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx,
1464 mvif->omac_idx, buf, buf_len);
1465 kfree(buf);
1466 return ret;
1467}
1468
1469int mt7615_mcu_set_tx_ba(struct mt7615_dev *dev,
1470 struct ieee80211_ampdu_params *params,
1471 bool add)
1472{
1473 struct ieee80211_sta *sta = params->sta;
1474 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1475 struct mt7615_vif *mvif = msta->vif;
1476 u8 ba_range[8] = {4, 8, 12, 24, 36, 48, 54, 64};
1477 u16 tid = params->tid;
1478 u16 ba_size = params->buf_size;
1479 u16 ssn = params->ssn;
1480 struct wtbl_ba wtbl_ba = {0};
1481 struct sta_rec_ba sta_rec_ba = {0};
1482 int ret, buf_len;
1483
1484 buf_len = sizeof(struct wtbl_ba);
1485
1486 wtbl_ba.tag = cpu_to_le16(WTBL_BA);
1487 wtbl_ba.len = cpu_to_le16(buf_len);
1488 wtbl_ba.tid = tid;
1489 wtbl_ba.ba_type = MT_BA_TYPE_ORIGINATOR;
1490
1491 if (add) {
1492 u8 idx;
1493
1494 for (idx = 7; idx > 0; idx--) {
1495 if (ba_size >= ba_range[idx])
1496 break;
1497 }
1498
1499 wtbl_ba.sn = cpu_to_le16(ssn);
1500 wtbl_ba.ba_en = 1;
1501 wtbl_ba.ba_winsize_idx = idx;
1502 }
1503
1504 ret = __mt7615_mcu_set_wtbl(dev, msta->wcid.idx, WTBL_SET, &wtbl_ba,
1505 buf_len);
1506 if (ret)
1507 return ret;
1508
1509 buf_len = sizeof(struct sta_rec_ba);
1510
1511 sta_rec_ba.tag = cpu_to_le16(STA_REC_BA);
1512 sta_rec_ba.len = cpu_to_le16(buf_len);
1513 sta_rec_ba.tid = tid;
1514 sta_rec_ba.ba_type = MT_BA_TYPE_ORIGINATOR;
1515 sta_rec_ba.amsdu = params->amsdu;
1516 sta_rec_ba.ba_en = add << tid;
1517 sta_rec_ba.ssn = cpu_to_le16(ssn);
1518 sta_rec_ba.winsize = cpu_to_le16(ba_size);
1519
1520 return __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx,
1521 mvif->omac_idx, &sta_rec_ba, buf_len);
1522}
1523
1524int mt7615_mcu_set_rx_ba(struct mt7615_dev *dev,
1525 struct ieee80211_ampdu_params *params,
1526 bool add)
1527{
1528 struct ieee80211_sta *sta = params->sta;
1529 struct mt7615_sta *msta = (struct mt7615_sta *)sta->drv_priv;
1530 struct mt7615_vif *mvif = msta->vif;
1531 u16 tid = params->tid;
1532 struct wtbl_ba wtbl_ba = {0};
1533 struct sta_rec_ba sta_rec_ba = {0};
1534 int ret, buf_len;
1535
1536 buf_len = sizeof(struct sta_rec_ba);
1537
1538 sta_rec_ba.tag = cpu_to_le16(STA_REC_BA);
1539 sta_rec_ba.len = cpu_to_le16(buf_len);
1540 sta_rec_ba.tid = tid;
1541 sta_rec_ba.ba_type = MT_BA_TYPE_RECIPIENT;
1542 sta_rec_ba.amsdu = params->amsdu;
1543 sta_rec_ba.ba_en = add << tid;
1544 sta_rec_ba.ssn = cpu_to_le16(params->ssn);
1545 sta_rec_ba.winsize = cpu_to_le16(params->buf_size);
1546
1547 ret = __mt7615_mcu_set_sta_rec(dev, mvif->idx, msta->wcid.idx,
1548 mvif->omac_idx, &sta_rec_ba, buf_len);
1549 if (ret || !add)
1550 return ret;
1551
1552 buf_len = sizeof(struct wtbl_ba);
1553
1554 wtbl_ba.tag = cpu_to_le16(WTBL_BA);
1555 wtbl_ba.len = cpu_to_le16(buf_len);
1556 wtbl_ba.tid = tid;
1557 wtbl_ba.ba_type = MT_BA_TYPE_RECIPIENT;
1558 memcpy(wtbl_ba.peer_addr, sta->addr, ETH_ALEN);
1559 wtbl_ba.rst_ba_tid = tid;
1560 wtbl_ba.rst_ba_sel = RST_BA_MAC_TID_MATCH;
1561 wtbl_ba.rst_ba_sb = 1;
1562
1563 return __mt7615_mcu_set_wtbl(dev, msta->wcid.idx, WTBL_SET,
1564 &wtbl_ba, buf_len);
1565}
1566
1567void mt7615_mcu_set_rates(struct mt7615_dev *dev, struct mt7615_sta *sta,
1568 struct ieee80211_tx_rate *probe_rate,
1569 struct ieee80211_tx_rate *rates)
1570{
1571 int wcid = sta->wcid.idx;
1572 u32 addr = MT_WTBL_BASE + wcid * MT_WTBL_ENTRY_SIZE;
1573 bool stbc = false;
1574 int n_rates = sta->n_rates;
1575 u8 bw, bw_prev, bw_idx = 0;
1576 u16 val[4];
1577 u16 probe_val;
1578 u32 w5, w27;
1579 int i;
1580
1581 if (!mt76_poll(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_BUSY, 0, 5000))
1582 return;
1583
1584 for (i = n_rates; i < 4; i++)
1585 rates[i] = rates[n_rates - 1];
1586
1587 val[0] = mt7615_mac_tx_rate_val(dev, &rates[0], stbc, &bw);
1588 bw_prev = bw;
1589
1590 if (probe_rate) {
1591 probe_val = mt7615_mac_tx_rate_val(dev, probe_rate, stbc, &bw);
1592 if (bw)
1593 bw_idx = 1;
1594 else
1595 bw_prev = 0;
1596 } else {
1597 probe_val = val[0];
1598 }
1599
1600 val[1] = mt7615_mac_tx_rate_val(dev, &rates[1], stbc, &bw);
1601 if (bw_prev) {
1602 bw_idx = 3;
1603 bw_prev = bw;
1604 }
1605
1606 val[2] = mt7615_mac_tx_rate_val(dev, &rates[2], stbc, &bw);
1607 if (bw_prev) {
1608 bw_idx = 5;
1609 bw_prev = bw;
1610 }
1611
1612 val[3] = mt7615_mac_tx_rate_val(dev, &rates[3], stbc, &bw);
1613 if (bw_prev)
1614 bw_idx = 7;
1615
1616 w27 = mt76_rr(dev, addr + 27 * 4);
1617 w27 &= ~MT_WTBL_W27_CC_BW_SEL;
1618 w27 |= FIELD_PREP(MT_WTBL_W27_CC_BW_SEL, bw);
1619
1620 w5 = mt76_rr(dev, addr + 5 * 4);
1621 w5 &= ~(MT_WTBL_W5_BW_CAP | MT_WTBL_W5_CHANGE_BW_RATE);
1622 w5 |= FIELD_PREP(MT_WTBL_W5_BW_CAP, bw) |
1623 FIELD_PREP(MT_WTBL_W5_CHANGE_BW_RATE, bw_idx ? bw_idx - 1 : 7);
1624
1625 mt76_wr(dev, MT_WTBL_RIUCR0, w5);
1626
1627 mt76_wr(dev, MT_WTBL_RIUCR1,
1628 FIELD_PREP(MT_WTBL_RIUCR1_RATE0, probe_val) |
1629 FIELD_PREP(MT_WTBL_RIUCR1_RATE1, val[0]) |
1630 FIELD_PREP(MT_WTBL_RIUCR1_RATE2_LO, val[0]));
1631
1632 mt76_wr(dev, MT_WTBL_RIUCR2,
1633 FIELD_PREP(MT_WTBL_RIUCR2_RATE2_HI, val[0] >> 8) |
1634 FIELD_PREP(MT_WTBL_RIUCR2_RATE3, val[1]) |
1635 FIELD_PREP(MT_WTBL_RIUCR2_RATE4, val[1]) |
1636 FIELD_PREP(MT_WTBL_RIUCR2_RATE5_LO, val[2]));
1637
1638 mt76_wr(dev, MT_WTBL_RIUCR3,
1639 FIELD_PREP(MT_WTBL_RIUCR3_RATE5_HI, val[2] >> 4) |
1640 FIELD_PREP(MT_WTBL_RIUCR3_RATE6, val[2]) |
1641 FIELD_PREP(MT_WTBL_RIUCR3_RATE7, val[3]));
1642
1643 mt76_wr(dev, MT_WTBL_UPDATE,
1644 FIELD_PREP(MT_WTBL_UPDATE_WLAN_IDX, wcid) |
1645 MT_WTBL_UPDATE_RATE_UPDATE |
1646 MT_WTBL_UPDATE_TX_COUNT_CLEAR);
1647
1648 mt76_wr(dev, addr + 27 * 4, w27);
1649
1650 if (!(sta->wcid.tx_info & MT_WCID_TX_INFO_SET))
1651 mt76_poll(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_BUSY, 0, 5000);
1652
1653 sta->rate_count = 2 * MT7615_RATE_RETRY * n_rates;
1654 sta->wcid.tx_info |= MT_WCID_TX_INFO_SET;
1655}
1656
