Freifunk-Leipzig
/
gluon-firmware
Archived
13
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2024-05-11. You can view files and clone it, but cannot push or open issues or pull requests.
gluon-firmware/patches/openwrt/0017-mac80211-update-ath10k...

33656 lines
1.0 MiB
Raw Permalink Blame History

From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Tue, 10 Mar 2015 12:40:53 +0100
Subject: mac80211: update ath10k to compat-wireless-2015-03-05
Taken from http://openwrt.reigndropsfall.net/
diff --git a/package/kernel/mac80211/patches/917-mac80211-rx-reordering.patch b/package/kernel/mac80211/patches/917-mac80211-rx-reordering.patch
new file mode 100644
index 0000000..1d0c559
--- /dev/null
+++ b/package/kernel/mac80211/patches/917-mac80211-rx-reordering.patch
@@ -0,0 +1,271 @@
+commit 08cf42e843f9a7e253502011c81677f61f7e5c42
+Author: Michal Kazior <michal.kazior@tieto.com>
+Date: Wed Jul 16 12:12:15 2014 +0200
+
+ mac80211: add support for Rx reordering offloading
+
+ Some drivers may be performing most of Tx/Rx
+ aggregation on their own (e.g. in firmware)
+ including AddBa/DelBa negotiations but may
+ otherwise require Rx reordering assistance.
+
+ The patch exports 2 new functions for establishing
+ Rx aggregation sessions in assumption device
+ driver has taken care of the necessary
+ negotiations.
+
+ Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
+ [fix endian bug]
+ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -4481,6 +4481,40 @@ void ieee80211_stop_rx_ba_session(struct
+ */
+ void ieee80211_send_bar(struct ieee80211_vif *vif, u8 *ra, u16 tid, u16 ssn);
+
++/**
++ * ieee80211_start_rx_ba_session_offl - start a Rx BA session
++ *
++ * Some device drivers may offload part of the Rx aggregation flow including
++ * AddBa/DelBa negotiation but may otherwise be incapable of full Rx
++ * reordering.
++ *
++ * Create structures responsible for reordering so device drivers may call here
++ * when they complete AddBa negotiation.
++ *
++ * @vif: &struct ieee80211_vif pointer from the add_interface callback
++ * @addr: station mac address
++ * @tid: the rx tid
++ */
++void ieee80211_start_rx_ba_session_offl(struct ieee80211_vif *vif,
++ const u8 *addr, u16 tid);
++
++/**
++ * ieee80211_stop_rx_ba_session_offl - stop a Rx BA session
++ *
++ * Some device drivers may offload part of the Rx aggregation flow including
++ * AddBa/DelBa negotiation but may otherwise be incapable of full Rx
++ * reordering.
++ *
++ * Destroy structures responsible for reordering so device drivers may call here
++ * when they complete DelBa negotiation.
++ *
++ * @vif: &struct ieee80211_vif pointer from the add_interface callback
++ * @addr: station mac address
++ * @tid: the rx tid
++ */
++void ieee80211_stop_rx_ba_session_offl(struct ieee80211_vif *vif,
++ const u8 *addr, u16 tid);
++
+ /* Rate control API */
+
+ /**
+--- a/net/mac80211/agg-rx.c
++++ b/net/mac80211/agg-rx.c
+@@ -224,28 +224,15 @@ static void ieee80211_send_addba_resp(st
+ ieee80211_tx_skb(sdata, skb);
+ }
+
+-void ieee80211_process_addba_request(struct ieee80211_local *local,
+- struct sta_info *sta,
+- struct ieee80211_mgmt *mgmt,
+- size_t len)
++void __ieee80211_start_rx_ba_session(struct sta_info *sta,
++ u8 dialog_token, u16 timeout,
++ u16 start_seq_num, u16 ba_policy, u16 tid,
++ u16 buf_size, bool tx)
+ {
++ struct ieee80211_local *local = sta->sdata->local;
+ struct tid_ampdu_rx *tid_agg_rx;
+- u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
+- u8 dialog_token;
+ int ret = -EOPNOTSUPP;
+-
+- /* extract session parameters from addba request frame */
+- dialog_token = mgmt->u.action.u.addba_req.dialog_token;
+- timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
+- start_seq_num =
+- le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
+-
+- capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
+- ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
+- tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
+- buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;
+-
+- status = WLAN_STATUS_REQUEST_DECLINED;
++ u16 status = WLAN_STATUS_REQUEST_DECLINED;
+
+ if (test_sta_flag(sta, WLAN_STA_BLOCK_BA)) {
+ ht_dbg(sta->sdata,
+@@ -264,7 +251,7 @@ void ieee80211_process_addba_request(str
+ status = WLAN_STATUS_INVALID_QOS_PARAM;
+ ht_dbg_ratelimited(sta->sdata,
+ "AddBA Req with bad params from %pM on tid %u. policy %d, buffer size %d\n",
+- mgmt->sa, tid, ba_policy, buf_size);
++ sta->sta.addr, tid, ba_policy, buf_size);
+ goto end_no_lock;
+ }
+ /* determine default buffer size */
+@@ -281,7 +268,7 @@ void ieee80211_process_addba_request(str
+ if (sta->ampdu_mlme.tid_rx[tid]) {
+ ht_dbg_ratelimited(sta->sdata,
+ "unexpected AddBA Req from %pM on tid %u\n",
+- mgmt->sa, tid);
++ sta->sta.addr, tid);
+
+ /* delete existing Rx BA session on the same tid */
+ ___ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT,
+@@ -350,6 +337,74 @@ end:
+ mutex_unlock(&sta->ampdu_mlme.mtx);
+
+ end_no_lock:
+- ieee80211_send_addba_resp(sta->sdata, sta->sta.addr, tid,
+- dialog_token, status, 1, buf_size, timeout);
++ if (tx)
++ ieee80211_send_addba_resp(sta->sdata, sta->sta.addr, tid,
++ dialog_token, status, 1, buf_size,
++ timeout);
++}
++
++void ieee80211_process_addba_request(struct ieee80211_local *local,
++ struct sta_info *sta,
++ struct ieee80211_mgmt *mgmt,
++ size_t len)
++{
++ u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num;
++ u8 dialog_token;
++
++ /* extract session parameters from addba request frame */
++ dialog_token = mgmt->u.action.u.addba_req.dialog_token;
++ timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
++ start_seq_num =
++ le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
++
++ capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
++ ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
++ tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
++ buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;
++
++ __ieee80211_start_rx_ba_session(sta, dialog_token, timeout,
++ start_seq_num, ba_policy, tid,
++ buf_size, true);
++}
++
++void ieee80211_start_rx_ba_session_offl(struct ieee80211_vif *vif,
++ const u8 *addr, u16 tid)
++{
++ struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
++ struct ieee80211_local *local = sdata->local;
++ struct ieee80211_rx_agg *rx_agg;
++ struct sk_buff *skb = dev_alloc_skb(0);
++
++ if (unlikely(!skb))
++ return;
++
++ rx_agg = (struct ieee80211_rx_agg *) &skb->cb;
++ memcpy(&rx_agg->addr, addr, ETH_ALEN);
++ rx_agg->tid = tid;
++
++ skb->pkt_type = IEEE80211_SDATA_QUEUE_RX_AGG_START;
++ skb_queue_tail(&sdata->skb_queue, skb);
++ ieee80211_queue_work(&local->hw, &sdata->work);
++}
++EXPORT_SYMBOL(ieee80211_start_rx_ba_session_offl);
++
++void ieee80211_stop_rx_ba_session_offl(struct ieee80211_vif *vif,
++ const u8 *addr, u16 tid)
++{
++ struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
++ struct ieee80211_local *local = sdata->local;
++ struct ieee80211_rx_agg *rx_agg;
++ struct sk_buff *skb = dev_alloc_skb(0);
++
++ if (unlikely(!skb))
++ return;
++
++ rx_agg = (struct ieee80211_rx_agg *) &skb->cb;
++ memcpy(&rx_agg->addr, addr, ETH_ALEN);
++ rx_agg->tid = tid;
++
++ skb->pkt_type = IEEE80211_SDATA_QUEUE_RX_AGG_STOP;
++ skb_queue_tail(&sdata->skb_queue, skb);
++ ieee80211_queue_work(&local->hw, &sdata->work);
+ }
++EXPORT_SYMBOL(ieee80211_stop_rx_ba_session_offl);
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -902,10 +902,17 @@ ieee80211_vif_get_shift(struct ieee80211
+ return shift;
+ }
+
++struct ieee80211_rx_agg {
++ u8 addr[ETH_ALEN];
++ u16 tid;
++};
++
+ enum sdata_queue_type {
+ IEEE80211_SDATA_QUEUE_TYPE_FRAME = 0,
+ IEEE80211_SDATA_QUEUE_AGG_START = 1,
+ IEEE80211_SDATA_QUEUE_AGG_STOP = 2,
++ IEEE80211_SDATA_QUEUE_RX_AGG_START = 3,
++ IEEE80211_SDATA_QUEUE_RX_AGG_STOP = 4,
+ };
+
+ enum {
+@@ -1554,6 +1561,10 @@ void ___ieee80211_stop_rx_ba_session(str
+ u16 initiator, u16 reason, bool stop);
+ void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
+ u16 initiator, u16 reason, bool stop);
++void __ieee80211_start_rx_ba_session(struct sta_info *sta,
++ u8 dialog_token, u16 timeout,
++ u16 start_seq_num, u16 ba_policy, u16 tid,
++ u16 buf_size, bool tx);
+ void ieee80211_sta_tear_down_BA_sessions(struct sta_info *sta,
+ enum ieee80211_agg_stop_reason reason);
+ void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
+--- a/net/mac80211/iface.c
++++ b/net/mac80211/iface.c
+@@ -1154,6 +1154,7 @@ static void ieee80211_iface_work(struct
+ struct sk_buff *skb;
+ struct sta_info *sta;
+ struct ieee80211_ra_tid *ra_tid;
++ struct ieee80211_rx_agg *rx_agg;
+
+ if (!ieee80211_sdata_running(sdata))
+ return;
+@@ -1181,6 +1182,34 @@ static void ieee80211_iface_work(struct
+ ra_tid = (void *)&skb->cb;
+ ieee80211_stop_tx_ba_cb(&sdata->vif, ra_tid->ra,
+ ra_tid->tid);
++ } else if (skb->pkt_type == IEEE80211_SDATA_QUEUE_RX_AGG_START) {
++ rx_agg = (void *)&skb->cb;
++ mutex_lock(&local->sta_mtx);
++ sta = sta_info_get_bss(sdata, rx_agg->addr);
++ if (sta) {
++ u16 last_seq;
++
++ last_seq = le16_to_cpu(
++ sta->last_seq_ctrl[rx_agg->tid]);
++
++ __ieee80211_start_rx_ba_session(sta,
++ 0, 0,
++ ieee80211_sn_inc(last_seq),
++ 1, rx_agg->tid,
++ IEEE80211_MAX_AMPDU_BUF,
++ false);
++ }
++ mutex_unlock(&local->sta_mtx);
++ } else if (skb->pkt_type == IEEE80211_SDATA_QUEUE_RX_AGG_STOP) {
++ rx_agg = (void *)&skb->cb;
++ mutex_lock(&local->sta_mtx);
++ sta = sta_info_get_bss(sdata, rx_agg->addr);
++ if (sta)
++ __ieee80211_stop_rx_ba_session(sta,
++ rx_agg->tid,
++ WLAN_BACK_RECIPIENT, 0,
++ false);
++ mutex_unlock(&local->sta_mtx);
+ } else if (ieee80211_is_action(mgmt->frame_control) &&
+ mgmt->u.action.category == WLAN_CATEGORY_BACK) {
+ int len = skb->len;
diff --git a/package/kernel/mac80211/patches/918-ath-spectral-debugfs.patch b/package/kernel/mac80211/patches/918-ath-spectral-debugfs.patch
new file mode 100644
index 0000000..d0c1bbd
--- /dev/null
+++ b/package/kernel/mac80211/patches/918-ath-spectral-debugfs.patch
@@ -0,0 +1,192 @@
+--- a/drivers/net/wireless/ath/ath9k/spectral.h
++++ b/drivers/net/wireless/ath/ath9k/spectral.h
+@@ -17,6 +17,8 @@
+ #ifndef SPECTRAL_H
+ #define SPECTRAL_H
+
++#include "../spectral_common.h"
++
+ /* enum spectral_mode:
+ *
+ * @SPECTRAL_DISABLED: spectral mode is disabled
+@@ -54,8 +56,6 @@ struct ath_ht20_mag_info {
+ u8 max_exp;
+ } __packed;
+
+-#define SPECTRAL_HT20_NUM_BINS 56
+-
+ /* WARNING: don't actually use this struct! MAC may vary the amount of
+ * data by -1/+2. This struct is for reference only.
+ */
+@@ -83,8 +83,6 @@ struct ath_ht20_40_mag_info {
+ u8 max_exp;
+ } __packed;
+
+-#define SPECTRAL_HT20_40_NUM_BINS 128
+-
+ /* WARNING: don't actually use this struct! MAC may vary the amount of
+ * data. This struct is for reference only.
+ */
+@@ -125,71 +123,6 @@ static inline u8 spectral_bitmap_weight(
+ return bins[0] & 0x3f;
+ }
+
+-/* FFT sample format given to userspace via debugfs.
+- *
+- * Please keep the type/length at the front position and change
+- * other fields after adding another sample type
+- *
+- * TODO: this might need rework when switching to nl80211-based
+- * interface.
+- */
+-enum ath_fft_sample_type {
+- ATH_FFT_SAMPLE_HT20 = 1,
+- ATH_FFT_SAMPLE_HT20_40,
+-};
+-
+-struct fft_sample_tlv {
+- u8 type; /* see ath_fft_sample */
+- __be16 length;
+- /* type dependent data follows */
+-} __packed;
+-
+-struct fft_sample_ht20 {
+- struct fft_sample_tlv tlv;
+-
+- u8 max_exp;
+-
+- __be16 freq;
+- s8 rssi;
+- s8 noise;
+-
+- __be16 max_magnitude;
+- u8 max_index;
+- u8 bitmap_weight;
+-
+- __be64 tsf;
+-
+- u8 data[SPECTRAL_HT20_NUM_BINS];
+-} __packed;
+-
+-struct fft_sample_ht20_40 {
+- struct fft_sample_tlv tlv;
+-
+- u8 channel_type;
+- __be16 freq;
+-
+- s8 lower_rssi;
+- s8 upper_rssi;
+-
+- __be64 tsf;
+-
+- s8 lower_noise;
+- s8 upper_noise;
+-
+- __be16 lower_max_magnitude;
+- __be16 upper_max_magnitude;
+-
+- u8 lower_max_index;
+- u8 upper_max_index;
+-
+- u8 lower_bitmap_weight;
+- u8 upper_bitmap_weight;
+-
+- u8 max_exp;
+-
+- u8 data[SPECTRAL_HT20_40_NUM_BINS];
+-} __packed;
+-
+ void ath9k_spectral_init_debug(struct ath_softc *sc);
+ void ath9k_spectral_deinit_debug(struct ath_softc *sc);
+
+--- /dev/null
++++ b/drivers/net/wireless/ath/spectral_common.h
+@@ -0,0 +1,88 @@
++/*
++ * Copyright (c) 2013 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#ifndef SPECTRAL_COMMON_H
++#define SPECTRAL_COMMON_H
++
++#define SPECTRAL_HT20_NUM_BINS 56
++#define SPECTRAL_HT20_40_NUM_BINS 128
++
++/* FFT sample format given to userspace via debugfs.
++ *
++ * Please keep the type/length at the front position and change
++ * other fields after adding another sample type
++ *
++ * TODO: this might need rework when switching to nl80211-based
++ * interface.
++ */
++enum ath_fft_sample_type {
++ ATH_FFT_SAMPLE_HT20 = 1,
++ ATH_FFT_SAMPLE_HT20_40,
++};
++
++struct fft_sample_tlv {
++ u8 type; /* see ath_fft_sample */
++ __be16 length;
++ /* type dependent data follows */
++} __packed;
++
++struct fft_sample_ht20 {
++ struct fft_sample_tlv tlv;
++
++ u8 max_exp;
++
++ __be16 freq;
++ s8 rssi;
++ s8 noise;
++
++ __be16 max_magnitude;
++ u8 max_index;
++ u8 bitmap_weight;
++
++ __be64 tsf;
++
++ u8 data[SPECTRAL_HT20_NUM_BINS];
++} __packed;
++
++struct fft_sample_ht20_40 {
++ struct fft_sample_tlv tlv;
++
++ u8 channel_type;
++ __be16 freq;
++
++ s8 lower_rssi;
++ s8 upper_rssi;
++
++ __be64 tsf;
++
++ s8 lower_noise;
++ s8 upper_noise;
++
++ __be16 lower_max_magnitude;
++ __be16 upper_max_magnitude;
++
++ u8 lower_max_index;
++ u8 upper_max_index;
++
++ u8 lower_bitmap_weight;
++ u8 upper_bitmap_weight;
++
++ u8 max_exp;
++
++ u8 data[SPECTRAL_HT20_40_NUM_BINS];
++} __packed;
++
++#endif /* SPECTRAL_COMMON_H */
diff --git a/package/kernel/mac80211/patches/919-update-ath10k.patch b/package/kernel/mac80211/patches/919-update-ath10k.patch
new file mode 100644
index 0000000..45fccb8
--- /dev/null
+++ b/package/kernel/mac80211/patches/919-update-ath10k.patch
@@ -0,0 +1,33023 @@
+--- a/drivers/net/wireless/ath/ath10k/Kconfig
++++ b/drivers/net/wireless/ath/ath10k/Kconfig
+@@ -26,13 +26,15 @@ config ATH10K_DEBUG
+
+ config ATH10K_DEBUGFS
+ bool "Atheros ath10k debugfs support"
+- depends on ATH10K
++ depends on ATH10K && DEBUG_FS
++ depends on RELAY
+ ---help---
+ Enabled debugfs support
+
+ If unsure, say Y to make it easier to debug problems.
+
+ config ATH10K_TRACING
++ depends on !KERNEL_3_4
+ bool "Atheros ath10k tracing support"
+ depends on ATH10K
+ depends on EVENT_TRACING
+--- a/drivers/net/wireless/ath/ath10k/Makefile
++++ b/drivers/net/wireless/ath/ath10k/Makefile
+@@ -8,9 +8,15 @@ ath10k_core-y += mac.o \
+ htt_tx.o \
+ txrx.o \
+ wmi.o \
+- bmi.o
++ wmi-tlv.o \
++ bmi.o \
++ hw.o
+
++ath10k_core-$(CPTCFG_ATH10K_DEBUGFS) += spectral.o
++ath10k_core-$(CPTCFG_NL80211_TESTMODE) += testmode.o
+ ath10k_core-$(CPTCFG_ATH10K_TRACING) += trace.o
++ath10k_core-$(CONFIG_THERMAL) += thermal.o
++ath10k_core-$(CPTCFG_MAC80211_DEBUGFS) += debugfs_sta.o
+
+ obj-$(CPTCFG_ATH10K_PCI) += ath10k_pci.o
+ ath10k_pci-y += pci.o \
+--- a/drivers/net/wireless/ath/ath10k/bmi.c
++++ b/drivers/net/wireless/ath/ath10k/bmi.c
+@@ -22,7 +22,7 @@
+
+ void ath10k_bmi_start(struct ath10k *ar)
+ {
+- ath10k_dbg(ATH10K_DBG_BMI, "bmi start\n");
++ ath10k_dbg(ar, ATH10K_DBG_BMI, "bmi start\n");
+
+ ar->bmi.done_sent = false;
+ }
+@@ -33,10 +33,10 @@ int ath10k_bmi_done(struct ath10k *ar)
+ u32 cmdlen = sizeof(cmd.id) + sizeof(cmd.done);
+ int ret;
+
+- ath10k_dbg(ATH10K_DBG_BMI, "bmi done\n");
++ ath10k_dbg(ar, ATH10K_DBG_BMI, "bmi done\n");
+
+ if (ar->bmi.done_sent) {
+- ath10k_dbg(ATH10K_DBG_BMI, "bmi skipped\n");
++ ath10k_dbg(ar, ATH10K_DBG_BMI, "bmi skipped\n");
+ return 0;
+ }
+
+@@ -45,7 +45,7 @@ int ath10k_bmi_done(struct ath10k *ar)
+
+ ret = ath10k_hif_exchange_bmi_msg(ar, &cmd, cmdlen, NULL, NULL);
+ if (ret) {
+- ath10k_warn("unable to write to the device: %d\n", ret);
++ ath10k_warn(ar, "unable to write to the device: %d\n", ret);
+ return ret;
+ }
+
+@@ -61,10 +61,10 @@ int ath10k_bmi_get_target_info(struct at
+ u32 resplen = sizeof(resp.get_target_info);
+ int ret;
+
+- ath10k_dbg(ATH10K_DBG_BMI, "bmi get target info\n");
++ ath10k_dbg(ar, ATH10K_DBG_BMI, "bmi get target info\n");
+
+ if (ar->bmi.done_sent) {
+- ath10k_warn("BMI Get Target Info Command disallowed\n");
++ ath10k_warn(ar, "BMI Get Target Info Command disallowed\n");
+ return -EBUSY;
+ }
+
+@@ -72,12 +72,12 @@ int ath10k_bmi_get_target_info(struct at
+
+ ret = ath10k_hif_exchange_bmi_msg(ar, &cmd, cmdlen, &resp, &resplen);
+ if (ret) {
+- ath10k_warn("unable to get target info from device\n");
++ ath10k_warn(ar, "unable to get target info from device\n");
+ return ret;
+ }
+
+ if (resplen < sizeof(resp.get_target_info)) {
+- ath10k_warn("invalid get_target_info response length (%d)\n",
++ ath10k_warn(ar, "invalid get_target_info response length (%d)\n",
+ resplen);
+ return -EIO;
+ }
+@@ -97,11 +97,11 @@ int ath10k_bmi_read_memory(struct ath10k
+ u32 rxlen;
+ int ret;
+
+- ath10k_dbg(ATH10K_DBG_BMI, "bmi read address 0x%x length %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_BMI, "bmi read address 0x%x length %d\n",
+ address, length);
+
+ if (ar->bmi.done_sent) {
+- ath10k_warn("command disallowed\n");
++ ath10k_warn(ar, "command disallowed\n");
+ return -EBUSY;
+ }
+
+@@ -115,7 +115,7 @@ int ath10k_bmi_read_memory(struct ath10k
+ ret = ath10k_hif_exchange_bmi_msg(ar, &cmd, cmdlen,
+ &resp, &rxlen);
+ if (ret) {
+- ath10k_warn("unable to read from the device (%d)\n",
++ ath10k_warn(ar, "unable to read from the device (%d)\n",
+ ret);
+ return ret;
+ }
+@@ -137,11 +137,11 @@ int ath10k_bmi_write_memory(struct ath10
+ u32 txlen;
+ int ret;
+
+- ath10k_dbg(ATH10K_DBG_BMI, "bmi write address 0x%x length %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_BMI, "bmi write address 0x%x length %d\n",
+ address, length);
+
+ if (ar->bmi.done_sent) {
+- ath10k_warn("command disallowed\n");
++ ath10k_warn(ar, "command disallowed\n");
+ return -EBUSY;
+ }
+
+@@ -159,7 +159,7 @@ int ath10k_bmi_write_memory(struct ath10
+ ret = ath10k_hif_exchange_bmi_msg(ar, &cmd, hdrlen + txlen,
+ NULL, NULL);
+ if (ret) {
+- ath10k_warn("unable to write to the device (%d)\n",
++ ath10k_warn(ar, "unable to write to the device (%d)\n",
+ ret);
+ return ret;
+ }
+@@ -183,11 +183,11 @@ int ath10k_bmi_execute(struct ath10k *ar
+ u32 resplen = sizeof(resp.execute);
+ int ret;
+
+- ath10k_dbg(ATH10K_DBG_BMI, "bmi execute address 0x%x param 0x%x\n",
++ ath10k_dbg(ar, ATH10K_DBG_BMI, "bmi execute address 0x%x param 0x%x\n",
+ address, param);
+
+ if (ar->bmi.done_sent) {
+- ath10k_warn("command disallowed\n");
++ ath10k_warn(ar, "command disallowed\n");
+ return -EBUSY;
+ }
+
+@@ -197,19 +197,19 @@ int ath10k_bmi_execute(struct ath10k *ar
+
+ ret = ath10k_hif_exchange_bmi_msg(ar, &cmd, cmdlen, &resp, &resplen);
+ if (ret) {
+- ath10k_warn("unable to read from the device\n");
++ ath10k_warn(ar, "unable to read from the device\n");
+ return ret;
+ }
+
+ if (resplen < sizeof(resp.execute)) {
+- ath10k_warn("invalid execute response length (%d)\n",
++ ath10k_warn(ar, "invalid execute response length (%d)\n",
+ resplen);
+ return -EIO;
+ }
+
+ *result = __le32_to_cpu(resp.execute.result);
+
+- ath10k_dbg(ATH10K_DBG_BMI, "bmi execute result 0x%x\n", *result);
++ ath10k_dbg(ar, ATH10K_DBG_BMI, "bmi execute result 0x%x\n", *result);
+
+ return 0;
+ }
+@@ -221,11 +221,11 @@ int ath10k_bmi_lz_data(struct ath10k *ar
+ u32 txlen;
+ int ret;
+
+- ath10k_dbg(ATH10K_DBG_BMI, "bmi lz data buffer 0x%p length %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_BMI, "bmi lz data buffer 0x%p length %d\n",
+ buffer, length);
+
+ if (ar->bmi.done_sent) {
+- ath10k_warn("command disallowed\n");
++ ath10k_warn(ar, "command disallowed\n");
+ return -EBUSY;
+ }
+
+@@ -241,7 +241,7 @@ int ath10k_bmi_lz_data(struct ath10k *ar
+ ret = ath10k_hif_exchange_bmi_msg(ar, &cmd, hdrlen + txlen,
+ NULL, NULL);
+ if (ret) {
+- ath10k_warn("unable to write to the device\n");
++ ath10k_warn(ar, "unable to write to the device\n");
+ return ret;
+ }
+
+@@ -258,11 +258,11 @@ int ath10k_bmi_lz_stream_start(struct at
+ u32 cmdlen = sizeof(cmd.id) + sizeof(cmd.lz_start);
+ int ret;
+
+- ath10k_dbg(ATH10K_DBG_BMI, "bmi lz stream start address 0x%x\n",
++ ath10k_dbg(ar, ATH10K_DBG_BMI, "bmi lz stream start address 0x%x\n",
+ address);
+
+ if (ar->bmi.done_sent) {
+- ath10k_warn("command disallowed\n");
++ ath10k_warn(ar, "command disallowed\n");
+ return -EBUSY;
+ }
+
+@@ -271,7 +271,7 @@ int ath10k_bmi_lz_stream_start(struct at
+
+ ret = ath10k_hif_exchange_bmi_msg(ar, &cmd, cmdlen, NULL, NULL);
+ if (ret) {
+- ath10k_warn("unable to Start LZ Stream to the device\n");
++ ath10k_warn(ar, "unable to Start LZ Stream to the device\n");
+ return ret;
+ }
+
+@@ -286,7 +286,7 @@ int ath10k_bmi_fast_download(struct ath1
+ u32 trailer_len = length - head_len;
+ int ret;
+
+- ath10k_dbg(ATH10K_DBG_BMI,
++ ath10k_dbg(ar, ATH10K_DBG_BMI,
+ "bmi fast download address 0x%x buffer 0x%p length %d\n",
+ address, buffer, length);
+
+--- a/drivers/net/wireless/ath/ath10k/bmi.h
++++ b/drivers/net/wireless/ath/ath10k/bmi.h
+@@ -177,7 +177,6 @@ struct bmi_target_info {
+ u32 type;
+ };
+
+-
+ /* in msec */
+ #define BMI_COMMUNICATION_TIMEOUT_HZ (1*HZ)
+
+@@ -201,7 +200,8 @@ int ath10k_bmi_write_memory(struct ath10
+ \
+ addr = host_interest_item_address(HI_ITEM(item)); \
+ ret = ath10k_bmi_read_memory(ar, addr, (u8 *)&tmp, 4); \
+- *val = __le32_to_cpu(tmp); \
++ if (!ret) \
++ *val = __le32_to_cpu(tmp); \
+ ret; \
+ })
+
+--- a/drivers/net/wireless/ath/ath10k/ce.c
++++ b/drivers/net/wireless/ath/ath10k/ce.c
+@@ -260,7 +260,6 @@ static inline void ath10k_ce_engine_int_
+ ath10k_pci_write32(ar, ce_ctrl_addr + HOST_IS_ADDRESS, mask);
+ }
+
+-
+ /*
+ * Guts of ath10k_ce_send, used by both ath10k_ce_send and
+ * ath10k_ce_sendlist_send.
+@@ -284,13 +283,9 @@ int ath10k_ce_send_nolock(struct ath10k_
+ int ret = 0;
+
+ if (nbytes > ce_state->src_sz_max)
+- ath10k_warn("%s: send more we can (nbytes: %d, max: %d)\n",
++ ath10k_warn(ar, "%s: send more we can (nbytes: %d, max: %d)\n",
+ __func__, nbytes, ce_state->src_sz_max);
+
+- ret = ath10k_pci_wake(ar);
+- if (ret)
+- return ret;
+-
+ if (unlikely(CE_RING_DELTA(nentries_mask,
+ write_index, sw_index - 1) <= 0)) {
+ ret = -ENOSR;
+@@ -325,10 +320,36 @@ int ath10k_ce_send_nolock(struct ath10k_
+
+ src_ring->write_index = write_index;
+ exit:
+- ath10k_pci_sleep(ar);
+ return ret;
+ }
+
++void __ath10k_ce_send_revert(struct ath10k_ce_pipe *pipe)
++{
++ struct ath10k *ar = pipe->ar;
++ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ struct ath10k_ce_ring *src_ring = pipe->src_ring;
++ u32 ctrl_addr = pipe->ctrl_addr;
++
++ lockdep_assert_held(&ar_pci->ce_lock);
++
++ /*
++ * This function must be called only if there is an incomplete
++ * scatter-gather transfer (before index register is updated)
++ * that needs to be cleaned up.
++ */
++ if (WARN_ON_ONCE(src_ring->write_index == src_ring->sw_index))
++ return;
++
++ if (WARN_ON_ONCE(src_ring->write_index ==
++ ath10k_ce_src_ring_write_index_get(ar, ctrl_addr)))
++ return;
++
++ src_ring->write_index--;
++ src_ring->write_index &= src_ring->nentries_mask;
++
++ src_ring->per_transfer_context[src_ring->write_index] = NULL;
++}
++
+ int ath10k_ce_send(struct ath10k_ce_pipe *ce_state,
+ void *per_transfer_context,
+ u32 buffer,
+@@ -363,49 +384,56 @@ int ath10k_ce_num_free_src_entries(struc
+ return delta;
+ }
+
+-int ath10k_ce_recv_buf_enqueue(struct ath10k_ce_pipe *ce_state,
+- void *per_recv_context,
+- u32 buffer)
++int __ath10k_ce_rx_num_free_bufs(struct ath10k_ce_pipe *pipe)
+ {
+- struct ath10k_ce_ring *dest_ring = ce_state->dest_ring;
+- u32 ctrl_addr = ce_state->ctrl_addr;
+- struct ath10k *ar = ce_state->ar;
++ struct ath10k *ar = pipe->ar;
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ struct ath10k_ce_ring *dest_ring = pipe->dest_ring;
+ unsigned int nentries_mask = dest_ring->nentries_mask;
+- unsigned int write_index;
+- unsigned int sw_index;
+- int ret;
++ unsigned int write_index = dest_ring->write_index;
++ unsigned int sw_index = dest_ring->sw_index;
+
+- spin_lock_bh(&ar_pci->ce_lock);
+- write_index = dest_ring->write_index;
+- sw_index = dest_ring->sw_index;
++ lockdep_assert_held(&ar_pci->ce_lock);
+
+- ret = ath10k_pci_wake(ar);
+- if (ret)
+- goto out;
++ return CE_RING_DELTA(nentries_mask, write_index, sw_index - 1);
++}
+
+- if (CE_RING_DELTA(nentries_mask, write_index, sw_index - 1) > 0) {
+- struct ce_desc *base = dest_ring->base_addr_owner_space;
+- struct ce_desc *desc = CE_DEST_RING_TO_DESC(base, write_index);
++int __ath10k_ce_rx_post_buf(struct ath10k_ce_pipe *pipe, void *ctx, u32 paddr)
++{
++ struct ath10k *ar = pipe->ar;
++ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ struct ath10k_ce_ring *dest_ring = pipe->dest_ring;
++ unsigned int nentries_mask = dest_ring->nentries_mask;
++ unsigned int write_index = dest_ring->write_index;
++ unsigned int sw_index = dest_ring->sw_index;
++ struct ce_desc *base = dest_ring->base_addr_owner_space;
++ struct ce_desc *desc = CE_DEST_RING_TO_DESC(base, write_index);
++ u32 ctrl_addr = pipe->ctrl_addr;
+
+- /* Update destination descriptor */
+- desc->addr = __cpu_to_le32(buffer);
+- desc->nbytes = 0;
++ lockdep_assert_held(&ar_pci->ce_lock);
+
+- dest_ring->per_transfer_context[write_index] =
+- per_recv_context;
++ if (CE_RING_DELTA(nentries_mask, write_index, sw_index - 1) == 0)
++ return -EIO;
+
+- /* Update Destination Ring Write Index */
+- write_index = CE_RING_IDX_INCR(nentries_mask, write_index);
+- ath10k_ce_dest_ring_write_index_set(ar, ctrl_addr, write_index);
+- dest_ring->write_index = write_index;
+- ret = 0;
+- } else {
+- ret = -EIO;
+- }
+- ath10k_pci_sleep(ar);
++ desc->addr = __cpu_to_le32(paddr);
++ desc->nbytes = 0;
++
++ dest_ring->per_transfer_context[write_index] = ctx;
++ write_index = CE_RING_IDX_INCR(nentries_mask, write_index);
++ ath10k_ce_dest_ring_write_index_set(ar, ctrl_addr, write_index);
++ dest_ring->write_index = write_index;
++
++ return 0;
++}
+
+-out:
++int ath10k_ce_rx_post_buf(struct ath10k_ce_pipe *pipe, void *ctx, u32 paddr)
++{
++ struct ath10k *ar = pipe->ar;
++ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ int ret;
++
++ spin_lock_bh(&ar_pci->ce_lock);
++ ret = __ath10k_ce_rx_post_buf(pipe, ctx, paddr);
+ spin_unlock_bh(&ar_pci->ce_lock);
+
+ return ret;
+@@ -415,12 +443,12 @@ out:
+ * Guts of ath10k_ce_completed_recv_next.
+ * The caller takes responsibility for any necessary locking.
+ */
+-static int ath10k_ce_completed_recv_next_nolock(struct ath10k_ce_pipe *ce_state,
+- void **per_transfer_contextp,
+- u32 *bufferp,
+- unsigned int *nbytesp,
+- unsigned int *transfer_idp,
+- unsigned int *flagsp)
++int ath10k_ce_completed_recv_next_nolock(struct ath10k_ce_pipe *ce_state,
++ void **per_transfer_contextp,
++ u32 *bufferp,
++ unsigned int *nbytesp,
++ unsigned int *transfer_idp,
++ unsigned int *flagsp)
+ {
+ struct ath10k_ce_ring *dest_ring = ce_state->dest_ring;
+ unsigned int nentries_mask = dest_ring->nentries_mask;
+@@ -530,6 +558,7 @@ int ath10k_ce_revoke_recv_next(struct at
+
+ /* sanity */
+ dest_ring->per_transfer_context[sw_index] = NULL;
++ desc->nbytes = 0;
+
+ /* Update sw_index */
+ sw_index = CE_RING_IDX_INCR(nentries_mask, sw_index);
+@@ -548,11 +577,11 @@ int ath10k_ce_revoke_recv_next(struct at
+ * Guts of ath10k_ce_completed_send_next.
+ * The caller takes responsibility for any necessary locking.
+ */
+-static int ath10k_ce_completed_send_next_nolock(struct ath10k_ce_pipe *ce_state,
+- void **per_transfer_contextp,
+- u32 *bufferp,
+- unsigned int *nbytesp,
+- unsigned int *transfer_idp)
++int ath10k_ce_completed_send_next_nolock(struct ath10k_ce_pipe *ce_state,
++ void **per_transfer_contextp,
++ u32 *bufferp,
++ unsigned int *nbytesp,
++ unsigned int *transfer_idp)
+ {
+ struct ath10k_ce_ring *src_ring = ce_state->src_ring;
+ u32 ctrl_addr = ce_state->ctrl_addr;
+@@ -561,7 +590,6 @@ static int ath10k_ce_completed_send_next
+ unsigned int sw_index = src_ring->sw_index;
+ struct ce_desc *sdesc, *sbase;
+ unsigned int read_index;
+- int ret;
+
+ if (src_ring->hw_index == sw_index) {
+ /*
+@@ -572,20 +600,17 @@ static int ath10k_ce_completed_send_next
+ * value of the HW index has become stale.
+ */
+
+- ret = ath10k_pci_wake(ar);
+- if (ret)
+- return ret;
+-
+- src_ring->hw_index =
+- ath10k_ce_src_ring_read_index_get(ar, ctrl_addr);
+- src_ring->hw_index &= nentries_mask;
++ read_index = ath10k_ce_src_ring_read_index_get(ar, ctrl_addr);
++ if (read_index == 0xffffffff)
++ return -ENODEV;
+
+- ath10k_pci_sleep(ar);
++ read_index &= nentries_mask;
++ src_ring->hw_index = read_index;
+ }
+
+ read_index = src_ring->hw_index;
+
+- if ((read_index == sw_index) || (read_index == 0xffffffff))
++ if (read_index == sw_index)
+ return -EIO;
+
+ sbase = src_ring->shadow_base;
+@@ -701,11 +726,6 @@ void ath10k_ce_per_engine_service(struct
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+ struct ath10k_ce_pipe *ce_state = &ar_pci->ce_states[ce_id];
+ u32 ctrl_addr = ce_state->ctrl_addr;
+- int ret;
+-
+- ret = ath10k_pci_wake(ar);
+- if (ret)
+- return;
+
+ spin_lock_bh(&ar_pci->ce_lock);
+
+@@ -730,7 +750,6 @@ void ath10k_ce_per_engine_service(struct
+ ath10k_ce_engine_int_status_clear(ar, ctrl_addr, CE_WATERMARK_MASK);
+
+ spin_unlock_bh(&ar_pci->ce_lock);
+- ath10k_pci_sleep(ar);
+ }
+
+ /*
+@@ -741,13 +760,9 @@ void ath10k_ce_per_engine_service(struct
+
+ void ath10k_ce_per_engine_service_any(struct ath10k *ar)
+ {
+- int ce_id, ret;
++ int ce_id;
+ u32 intr_summary;
+
+- ret = ath10k_pci_wake(ar);
+- if (ret)
+- return;
+-
+ intr_summary = CE_INTERRUPT_SUMMARY(ar);
+
+ for (ce_id = 0; intr_summary && (ce_id < CE_COUNT); ce_id++) {
+@@ -759,8 +774,6 @@ void ath10k_ce_per_engine_service_any(st
+
+ ath10k_ce_per_engine_service(ar, ce_id);
+ }
+-
+- ath10k_pci_sleep(ar);
+ }
+
+ /*
+@@ -770,16 +783,11 @@ void ath10k_ce_per_engine_service_any(st
+ *
+ * Called with ce_lock held.
+ */
+-static void ath10k_ce_per_engine_handler_adjust(struct ath10k_ce_pipe *ce_state,
+- int disable_copy_compl_intr)
++static void ath10k_ce_per_engine_handler_adjust(struct ath10k_ce_pipe *ce_state)
+ {
+ u32 ctrl_addr = ce_state->ctrl_addr;
+ struct ath10k *ar = ce_state->ar;
+- int ret;
+-
+- ret = ath10k_pci_wake(ar);
+- if (ret)
+- return;
++ bool disable_copy_compl_intr = ce_state->attr_flags & CE_ATTR_DIS_INTR;
+
+ if ((!disable_copy_compl_intr) &&
+ (ce_state->send_cb || ce_state->recv_cb))
+@@ -788,54 +796,33 @@ static void ath10k_ce_per_engine_handler
+ ath10k_ce_copy_complete_intr_disable(ar, ctrl_addr);
+
+ ath10k_ce_watermark_intr_disable(ar, ctrl_addr);
+-
+- ath10k_pci_sleep(ar);
+ }
+
+ int ath10k_ce_disable_interrupts(struct ath10k *ar)
+ {
+- int ce_id, ret;
+-
+- ret = ath10k_pci_wake(ar);
+- if (ret)
+- return ret;
++ int ce_id;
+
+ for (ce_id = 0; ce_id < CE_COUNT; ce_id++) {
+- u32 ctrl_addr = ath10k_ce_base_address(ce_id);
++ u32 ctrl_addr = ath10k_ce_base_address(ar, ce_id);
+
+ ath10k_ce_copy_complete_intr_disable(ar, ctrl_addr);
+ ath10k_ce_error_intr_disable(ar, ctrl_addr);
+ ath10k_ce_watermark_intr_disable(ar, ctrl_addr);
+ }
+
+- ath10k_pci_sleep(ar);
+-
+ return 0;
+ }
+
+-void ath10k_ce_send_cb_register(struct ath10k_ce_pipe *ce_state,
+- void (*send_cb)(struct ath10k_ce_pipe *),
+- int disable_interrupts)
++void ath10k_ce_enable_interrupts(struct ath10k *ar)
+ {
+- struct ath10k *ar = ce_state->ar;
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ int ce_id;
+
+- spin_lock_bh(&ar_pci->ce_lock);
+- ce_state->send_cb = send_cb;
+- ath10k_ce_per_engine_handler_adjust(ce_state, disable_interrupts);
+- spin_unlock_bh(&ar_pci->ce_lock);
+-}
+-
+-void ath10k_ce_recv_cb_register(struct ath10k_ce_pipe *ce_state,
+- void (*recv_cb)(struct ath10k_ce_pipe *))
+-{
+- struct ath10k *ar = ce_state->ar;
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+-
+- spin_lock_bh(&ar_pci->ce_lock);
+- ce_state->recv_cb = recv_cb;
+- ath10k_ce_per_engine_handler_adjust(ce_state, 0);
+- spin_unlock_bh(&ar_pci->ce_lock);
++ /* Skip the last copy engine, CE7 the diagnostic window, as that
++ * uses polling and isn't initialized for interrupts.
++ */
++ for (ce_id = 0; ce_id < CE_COUNT - 1; ce_id++)
++ ath10k_ce_per_engine_handler_adjust(&ar_pci->ce_states[ce_id]);
+ }
+
+ static int ath10k_ce_init_src_ring(struct ath10k *ar,
+@@ -845,12 +832,12 @@ static int ath10k_ce_init_src_ring(struc
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+ struct ath10k_ce_pipe *ce_state = &ar_pci->ce_states[ce_id];
+ struct ath10k_ce_ring *src_ring = ce_state->src_ring;
+- u32 nentries, ctrl_addr = ath10k_ce_base_address(ce_id);
++ u32 nentries, ctrl_addr = ath10k_ce_base_address(ar, ce_id);
+
+ nentries = roundup_pow_of_two(attr->src_nentries);
+
+- memset(src_ring->per_transfer_context, 0,
+- nentries * sizeof(*src_ring->per_transfer_context));
++ memset(src_ring->base_addr_owner_space, 0,
++ nentries * sizeof(struct ce_desc));
+
+ src_ring->sw_index = ath10k_ce_src_ring_read_index_get(ar, ctrl_addr);
+ src_ring->sw_index &= src_ring->nentries_mask;
+@@ -868,7 +855,7 @@ static int ath10k_ce_init_src_ring(struc
+ ath10k_ce_src_ring_lowmark_set(ar, ctrl_addr, 0);
+ ath10k_ce_src_ring_highmark_set(ar, ctrl_addr, nentries);
+
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "boot init ce src ring id %d entries %d base_addr %p\n",
+ ce_id, nentries, src_ring->base_addr_owner_space);
+
+@@ -882,12 +869,12 @@ static int ath10k_ce_init_dest_ring(stru
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+ struct ath10k_ce_pipe *ce_state = &ar_pci->ce_states[ce_id];
+ struct ath10k_ce_ring *dest_ring = ce_state->dest_ring;
+- u32 nentries, ctrl_addr = ath10k_ce_base_address(ce_id);
++ u32 nentries, ctrl_addr = ath10k_ce_base_address(ar, ce_id);
+
+ nentries = roundup_pow_of_two(attr->dest_nentries);
+
+- memset(dest_ring->per_transfer_context, 0,
+- nentries * sizeof(*dest_ring->per_transfer_context));
++ memset(dest_ring->base_addr_owner_space, 0,
++ nentries * sizeof(struct ce_desc));
+
+ dest_ring->sw_index = ath10k_ce_dest_ring_read_index_get(ar, ctrl_addr);
+ dest_ring->sw_index &= dest_ring->nentries_mask;
+@@ -902,7 +889,7 @@ static int ath10k_ce_init_dest_ring(stru
+ ath10k_ce_dest_ring_lowmark_set(ar, ctrl_addr, 0);
+ ath10k_ce_dest_ring_highmark_set(ar, ctrl_addr, nentries);
+
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "boot ce dest ring id %d entries %d base_addr %p\n",
+ ce_id, nentries, dest_ring->base_addr_owner_space);
+
+@@ -1039,59 +1026,32 @@ ath10k_ce_alloc_dest_ring(struct ath10k
+ int ath10k_ce_init_pipe(struct ath10k *ar, unsigned int ce_id,
+ const struct ce_attr *attr)
+ {
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- struct ath10k_ce_pipe *ce_state = &ar_pci->ce_states[ce_id];
+ int ret;
+
+- /*
+- * Make sure there's enough CE ringbuffer entries for HTT TX to avoid
+- * additional TX locking checks.
+- *
+- * For the lack of a better place do the check here.
+- */
+- BUILD_BUG_ON(2*TARGET_NUM_MSDU_DESC >
+- (CE_HTT_H2T_MSG_SRC_NENTRIES - 1));
+- BUILD_BUG_ON(2*TARGET_10X_NUM_MSDU_DESC >
+- (CE_HTT_H2T_MSG_SRC_NENTRIES - 1));
+-
+- ret = ath10k_pci_wake(ar);
+- if (ret)
+- return ret;
+-
+- spin_lock_bh(&ar_pci->ce_lock);
+- ce_state->ar = ar;
+- ce_state->id = ce_id;
+- ce_state->ctrl_addr = ath10k_ce_base_address(ce_id);
+- ce_state->attr_flags = attr->flags;
+- ce_state->src_sz_max = attr->src_sz_max;
+- spin_unlock_bh(&ar_pci->ce_lock);
+-
+ if (attr->src_nentries) {
+ ret = ath10k_ce_init_src_ring(ar, ce_id, attr);
+ if (ret) {
+- ath10k_err("Failed to initialize CE src ring for ID: %d (%d)\n",
++ ath10k_err(ar, "Failed to initialize CE src ring for ID: %d (%d)\n",
+ ce_id, ret);
+- goto out;
++ return ret;
+ }
+ }
+
+ if (attr->dest_nentries) {
+ ret = ath10k_ce_init_dest_ring(ar, ce_id, attr);
+ if (ret) {
+- ath10k_err("Failed to initialize CE dest ring for ID: %d (%d)\n",
++ ath10k_err(ar, "Failed to initialize CE dest ring for ID: %d (%d)\n",
+ ce_id, ret);
+- goto out;
++ return ret;
+ }
+ }
+
+-out:
+- ath10k_pci_sleep(ar);
+- return ret;
++ return 0;
+ }
+
+ static void ath10k_ce_deinit_src_ring(struct ath10k *ar, unsigned int ce_id)
+ {
+- u32 ctrl_addr = ath10k_ce_base_address(ce_id);
++ u32 ctrl_addr = ath10k_ce_base_address(ar, ce_id);
+
+ ath10k_ce_src_ring_base_addr_set(ar, ctrl_addr, 0);
+ ath10k_ce_src_ring_size_set(ar, ctrl_addr, 0);
+@@ -1101,7 +1061,7 @@ static void ath10k_ce_deinit_src_ring(st
+
+ static void ath10k_ce_deinit_dest_ring(struct ath10k *ar, unsigned int ce_id)
+ {
+- u32 ctrl_addr = ath10k_ce_base_address(ce_id);
++ u32 ctrl_addr = ath10k_ce_base_address(ar, ce_id);
+
+ ath10k_ce_dest_ring_base_addr_set(ar, ctrl_addr, 0);
+ ath10k_ce_dest_ring_size_set(ar, ctrl_addr, 0);
+@@ -1110,30 +1070,49 @@ static void ath10k_ce_deinit_dest_ring(s
+
+ void ath10k_ce_deinit_pipe(struct ath10k *ar, unsigned int ce_id)
+ {
+- int ret;
+-
+- ret = ath10k_pci_wake(ar);
+- if (ret)
+- return;
+-
+ ath10k_ce_deinit_src_ring(ar, ce_id);
+ ath10k_ce_deinit_dest_ring(ar, ce_id);
+-
+- ath10k_pci_sleep(ar);
+ }
+
+ int ath10k_ce_alloc_pipe(struct ath10k *ar, int ce_id,
+- const struct ce_attr *attr)
++ const struct ce_attr *attr,
++ void (*send_cb)(struct ath10k_ce_pipe *),
++ void (*recv_cb)(struct ath10k_ce_pipe *))
+ {
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+ struct ath10k_ce_pipe *ce_state = &ar_pci->ce_states[ce_id];
+ int ret;
+
++ /*
++ * Make sure there's enough CE ringbuffer entries for HTT TX to avoid
++ * additional TX locking checks.
++ *
++ * For the lack of a better place do the check here.
++ */
++ BUILD_BUG_ON(2*TARGET_NUM_MSDU_DESC >
++ (CE_HTT_H2T_MSG_SRC_NENTRIES - 1));
++ BUILD_BUG_ON(2*TARGET_10X_NUM_MSDU_DESC >
++ (CE_HTT_H2T_MSG_SRC_NENTRIES - 1));
++ BUILD_BUG_ON(2*TARGET_TLV_NUM_MSDU_DESC >
++ (CE_HTT_H2T_MSG_SRC_NENTRIES - 1));
++
++ ce_state->ar = ar;
++ ce_state->id = ce_id;
++ ce_state->ctrl_addr = ath10k_ce_base_address(ar, ce_id);
++ ce_state->attr_flags = attr->flags;
++ ce_state->src_sz_max = attr->src_sz_max;
++
++ if (attr->src_nentries)
++ ce_state->send_cb = send_cb;
++
++ if (attr->dest_nentries)
++ ce_state->recv_cb = recv_cb;
++
+ if (attr->src_nentries) {
+ ce_state->src_ring = ath10k_ce_alloc_src_ring(ar, ce_id, attr);
+ if (IS_ERR(ce_state->src_ring)) {
+ ret = PTR_ERR(ce_state->src_ring);
+- ath10k_err("failed to allocate copy engine source ring %d: %d\n",
++ ath10k_err(ar, "failed to allocate copy engine source ring %d: %d\n",
+ ce_id, ret);
+ ce_state->src_ring = NULL;
+ return ret;
+@@ -1145,7 +1124,7 @@ int ath10k_ce_alloc_pipe(struct ath10k *
+ attr);
+ if (IS_ERR(ce_state->dest_ring)) {
+ ret = PTR_ERR(ce_state->dest_ring);
+- ath10k_err("failed to allocate copy engine destination ring %d: %d\n",
++ ath10k_err(ar, "failed to allocate copy engine destination ring %d: %d\n",
+ ce_id, ret);
+ ce_state->dest_ring = NULL;
+ return ret;
+--- a/drivers/net/wireless/ath/ath10k/ce.h
++++ b/drivers/net/wireless/ath/ath10k/ce.h
+@@ -20,7 +20,6 @@
+
+ #include "hif.h"
+
+-
+ /* Maximum number of Copy Engine's supported */
+ #define CE_COUNT_MAX 8
+ #define CE_HTT_H2T_MSG_SRC_NENTRIES 4096
+@@ -37,11 +36,10 @@
+
+ struct ath10k_ce_pipe;
+
+-
+ #define CE_DESC_FLAGS_GATHER (1 << 0)
+ #define CE_DESC_FLAGS_BYTE_SWAP (1 << 1)
+ #define CE_DESC_FLAGS_META_DATA_MASK 0xFFFC
+-#define CE_DESC_FLAGS_META_DATA_LSB 3
++#define CE_DESC_FLAGS_META_DATA_LSB 2
+
+ struct ce_desc {
+ __le32 addr;
+@@ -160,30 +158,15 @@ int ath10k_ce_send_nolock(struct ath10k_
+ unsigned int transfer_id,
+ unsigned int flags);
+
+-void ath10k_ce_send_cb_register(struct ath10k_ce_pipe *ce_state,
+- void (*send_cb)(struct ath10k_ce_pipe *),
+- int disable_interrupts);
++void __ath10k_ce_send_revert(struct ath10k_ce_pipe *pipe);
+
+ int ath10k_ce_num_free_src_entries(struct ath10k_ce_pipe *pipe);
+
+ /*==================Recv=======================*/
+
+-/*
+- * Make a buffer available to receive. The buffer must be at least of a
+- * minimal size appropriate for this copy engine (src_sz_max attribute).
+- * ce - which copy engine to use
+- * per_transfer_recv_context - context passed back to caller's recv_cb
+- * buffer - address of buffer in CE space
+- * Returns 0 on success; otherwise an error status.
+- *
+- * Implemenation note: Pushes a buffer to Dest ring.
+- */
+-int ath10k_ce_recv_buf_enqueue(struct ath10k_ce_pipe *ce_state,
+- void *per_transfer_recv_context,
+- u32 buffer);
+-
+-void ath10k_ce_recv_cb_register(struct ath10k_ce_pipe *ce_state,
+- void (*recv_cb)(struct ath10k_ce_pipe *));
++int __ath10k_ce_rx_num_free_bufs(struct ath10k_ce_pipe *pipe);
++int __ath10k_ce_rx_post_buf(struct ath10k_ce_pipe *pipe, void *ctx, u32 paddr);
++int ath10k_ce_rx_post_buf(struct ath10k_ce_pipe *pipe, void *ctx, u32 paddr);
+
+ /* recv flags */
+ /* Data is byte-swapped */
+@@ -204,10 +187,16 @@ int ath10k_ce_completed_recv_next(struct
+ * Pops 1 completed send buffer from Source ring.
+ */
+ int ath10k_ce_completed_send_next(struct ath10k_ce_pipe *ce_state,
+- void **per_transfer_contextp,
+- u32 *bufferp,
+- unsigned int *nbytesp,
+- unsigned int *transfer_idp);
++ void **per_transfer_contextp,
++ u32 *bufferp,
++ unsigned int *nbytesp,
++ unsigned int *transfer_idp);
++
++int ath10k_ce_completed_send_next_nolock(struct ath10k_ce_pipe *ce_state,
++ void **per_transfer_contextp,
++ u32 *bufferp,
++ unsigned int *nbytesp,
++ unsigned int *transfer_idp);
+
+ /*==================CE Engine Initialization=======================*/
+
+@@ -215,7 +204,9 @@ int ath10k_ce_init_pipe(struct ath10k *a
+ const struct ce_attr *attr);
+ void ath10k_ce_deinit_pipe(struct ath10k *ar, unsigned int ce_id);
+ int ath10k_ce_alloc_pipe(struct ath10k *ar, int ce_id,
+- const struct ce_attr *attr);
++ const struct ce_attr *attr,
++ void (*send_cb)(struct ath10k_ce_pipe *),
++ void (*recv_cb)(struct ath10k_ce_pipe *));
+ void ath10k_ce_free_pipe(struct ath10k *ar, int ce_id);
+
+ /*==================CE Engine Shutdown=======================*/
+@@ -228,6 +219,13 @@ int ath10k_ce_revoke_recv_next(struct at
+ void **per_transfer_contextp,
+ u32 *bufferp);
+
++int ath10k_ce_completed_recv_next_nolock(struct ath10k_ce_pipe *ce_state,
++ void **per_transfer_contextp,
++ u32 *bufferp,
++ unsigned int *nbytesp,
++ unsigned int *transfer_idp,
++ unsigned int *flagsp);
++
+ /*
+ * Support clean shutdown by allowing the caller to cancel
+ * pending sends. Target DMA must be stopped before using
+@@ -243,6 +241,7 @@ int ath10k_ce_cancel_send_next(struct at
+ void ath10k_ce_per_engine_service_any(struct ath10k *ar);
+ void ath10k_ce_per_engine_service(struct ath10k *ar, unsigned int ce_id);
+ int ath10k_ce_disable_interrupts(struct ath10k *ar);
++void ath10k_ce_enable_interrupts(struct ath10k *ar);
+
+ /* ce_attr.flags values */
+ /* Use NonSnooping PCIe accesses? */
+@@ -395,8 +394,7 @@ struct ce_attr {
+ #define DST_WATERMARK_HIGH_RESET 0
+ #define DST_WATERMARK_ADDRESS 0x0050
+
+-
+-static inline u32 ath10k_ce_base_address(unsigned int ce_id)
++static inline u32 ath10k_ce_base_address(struct ath10k *ar, unsigned int ce_id)
+ {
+ return CE0_BASE_ADDRESS + (CE1_BASE_ADDRESS - CE0_BASE_ADDRESS) * ce_id;
+ }
+--- a/drivers/net/wireless/ath/ath10k/core.c
++++ b/drivers/net/wireless/ath/ath10k/core.c
+@@ -17,6 +17,7 @@
+
+ #include <linux/module.h>
+ #include <linux/firmware.h>
++#include <linux/of.h>
+
+ #include "core.h"
+ #include "mac.h"
+@@ -26,68 +27,88 @@
+ #include "bmi.h"
+ #include "debug.h"
+ #include "htt.h"
++#include "testmode.h"
++#include "wmi-ops.h"
+
+ unsigned int ath10k_debug_mask;
+ static bool uart_print;
+-static unsigned int ath10k_p2p;
++static bool skip_otp;
++
+ module_param_named(debug_mask, ath10k_debug_mask, uint, 0644);
+ module_param(uart_print, bool, 0644);
+-module_param_named(p2p, ath10k_p2p, uint, 0644);
++module_param(skip_otp, bool, 0644);
++
+ MODULE_PARM_DESC(debug_mask, "Debugging mask");
+ MODULE_PARM_DESC(uart_print, "Uart target debugging");
+-MODULE_PARM_DESC(p2p, "Enable ath10k P2P support");
++MODULE_PARM_DESC(skip_otp, "Skip otp failure for calibration in testmode");
+
+ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
+ {
+ .id = QCA988X_HW_2_0_VERSION,
+ .name = "qca988x hw2.0",
+ .patch_load_addr = QCA988X_HW_2_0_PATCH_LOAD_ADDR,
++ .uart_pin = 7,
+ .fw = {
+ .dir = QCA988X_HW_2_0_FW_DIR,
+ .fw = QCA988X_HW_2_0_FW_FILE,
+ .otp = QCA988X_HW_2_0_OTP_FILE,
+ .board = QCA988X_HW_2_0_BOARD_DATA_FILE,
++ .board_size = QCA988X_BOARD_DATA_SZ,
++ .board_ext_size = QCA988X_BOARD_EXT_DATA_SZ,
++ },
++ },
++ {
++ .id = QCA6174_HW_2_1_VERSION,
++ .name = "qca6174 hw2.1",
++ .patch_load_addr = QCA6174_HW_2_1_PATCH_LOAD_ADDR,
++ .uart_pin = 6,
++ .fw = {
++ .dir = QCA6174_HW_2_1_FW_DIR,
++ .fw = QCA6174_HW_2_1_FW_FILE,
++ .otp = QCA6174_HW_2_1_OTP_FILE,
++ .board = QCA6174_HW_2_1_BOARD_DATA_FILE,
++ .board_size = QCA6174_BOARD_DATA_SZ,
++ .board_ext_size = QCA6174_BOARD_EXT_DATA_SZ,
++ },
++ },
++ {
++ .id = QCA6174_HW_3_0_VERSION,
++ .name = "qca6174 hw3.0",
++ .patch_load_addr = QCA6174_HW_3_0_PATCH_LOAD_ADDR,
++ .uart_pin = 6,
++ .fw = {
++ .dir = QCA6174_HW_3_0_FW_DIR,
++ .fw = QCA6174_HW_3_0_FW_FILE,
++ .otp = QCA6174_HW_3_0_OTP_FILE,
++ .board = QCA6174_HW_3_0_BOARD_DATA_FILE,
++ .board_size = QCA6174_BOARD_DATA_SZ,
++ .board_ext_size = QCA6174_BOARD_EXT_DATA_SZ,
++ },
++ },
++ {
++ .id = QCA6174_HW_3_2_VERSION,
++ .name = "qca6174 hw3.2",
++ .patch_load_addr = QCA6174_HW_3_0_PATCH_LOAD_ADDR,
++ .uart_pin = 6,
++ .fw = {
++ /* uses same binaries as hw3.0 */
++ .dir = QCA6174_HW_3_0_FW_DIR,
++ .fw = QCA6174_HW_3_0_FW_FILE,
++ .otp = QCA6174_HW_3_0_OTP_FILE,
++ .board = QCA6174_HW_3_0_BOARD_DATA_FILE,
++ .board_size = QCA6174_BOARD_DATA_SZ,
++ .board_ext_size = QCA6174_BOARD_EXT_DATA_SZ,
+ },
+ },
+ };
+
+ static void ath10k_send_suspend_complete(struct ath10k *ar)
+ {
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot suspend complete\n");
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot suspend complete\n");
+
+ complete(&ar->target_suspend);
+ }
+
+-static int ath10k_init_connect_htc(struct ath10k *ar)
+-{
+- int status;
+-
+- status = ath10k_wmi_connect_htc_service(ar);
+- if (status)
+- goto conn_fail;
+-
+- /* Start HTC */
+- status = ath10k_htc_start(&ar->htc);
+- if (status)
+- goto conn_fail;
+-
+- /* Wait for WMI event to be ready */
+- status = ath10k_wmi_wait_for_service_ready(ar);
+- if (status <= 0) {
+- ath10k_warn("wmi service ready event not received");
+- status = -ETIMEDOUT;
+- goto timeout;
+- }
+-
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot wmi ready\n");
+- return 0;
+-
+-timeout:
+- ath10k_htc_stop(&ar->htc);
+-conn_fail:
+- return status;
+-}
+-
+ static int ath10k_init_configure_target(struct ath10k *ar)
+ {
+ u32 param_host;
+@@ -97,14 +118,14 @@ static int ath10k_init_configure_target(
+ ret = ath10k_bmi_write32(ar, hi_app_host_interest,
+ HTC_PROTOCOL_VERSION);
+ if (ret) {
+- ath10k_err("settings HTC version failed\n");
++ ath10k_err(ar, "settings HTC version failed\n");
+ return ret;
+ }
+
+ /* set the firmware mode to STA/IBSS/AP */
+ ret = ath10k_bmi_read32(ar, hi_option_flag, &param_host);
+ if (ret) {
+- ath10k_err("setting firmware mode (1/2) failed\n");
++ ath10k_err(ar, "setting firmware mode (1/2) failed\n");
+ return ret;
+ }
+
+@@ -123,14 +144,14 @@ static int ath10k_init_configure_target(
+
+ ret = ath10k_bmi_write32(ar, hi_option_flag, param_host);
+ if (ret) {
+- ath10k_err("setting firmware mode (2/2) failed\n");
++ ath10k_err(ar, "setting firmware mode (2/2) failed\n");
+ return ret;
+ }
+
+ /* We do all byte-swapping on the host */
+ ret = ath10k_bmi_write32(ar, hi_be, 0);
+ if (ret) {
+- ath10k_err("setting host CPU BE mode failed\n");
++ ath10k_err(ar, "setting host CPU BE mode failed\n");
+ return ret;
+ }
+
+@@ -138,7 +159,7 @@ static int ath10k_init_configure_target(
+ ret = ath10k_bmi_write32(ar, hi_fw_swap, 0);
+
+ if (ret) {
+- ath10k_err("setting FW data/desc swap flags failed\n");
++ ath10k_err(ar, "setting FW data/desc swap flags failed\n");
+ return ret;
+ }
+
+@@ -167,79 +188,83 @@ static const struct firmware *ath10k_fet
+ return fw;
+ }
+
+-static int ath10k_push_board_ext_data(struct ath10k *ar)
++static int ath10k_push_board_ext_data(struct ath10k *ar, const void *data,
++ size_t data_len)
+ {
+- u32 board_data_size = QCA988X_BOARD_DATA_SZ;
+- u32 board_ext_data_size = QCA988X_BOARD_EXT_DATA_SZ;
++ u32 board_data_size = ar->hw_params.fw.board_size;
++ u32 board_ext_data_size = ar->hw_params.fw.board_ext_size;
+ u32 board_ext_data_addr;
+ int ret;
+
+ ret = ath10k_bmi_read32(ar, hi_board_ext_data, &board_ext_data_addr);
+ if (ret) {
+- ath10k_err("could not read board ext data addr (%d)\n", ret);
++ ath10k_err(ar, "could not read board ext data addr (%d)\n",
++ ret);
+ return ret;
+ }
+
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "boot push board extended data addr 0x%x\n",
+ board_ext_data_addr);
+
+ if (board_ext_data_addr == 0)
+ return 0;
+
+- if (ar->board_len != (board_data_size + board_ext_data_size)) {
+- ath10k_err("invalid board (ext) data sizes %zu != %d+%d\n",
+- ar->board_len, board_data_size, board_ext_data_size);
++ if (data_len != (board_data_size + board_ext_data_size)) {
++ ath10k_err(ar, "invalid board (ext) data sizes %zu != %d+%d\n",
++ data_len, board_data_size, board_ext_data_size);
+ return -EINVAL;
+ }
+
+ ret = ath10k_bmi_write_memory(ar, board_ext_data_addr,
+- ar->board_data + board_data_size,
++ data + board_data_size,
+ board_ext_data_size);
+ if (ret) {
+- ath10k_err("could not write board ext data (%d)\n", ret);
++ ath10k_err(ar, "could not write board ext data (%d)\n", ret);
+ return ret;
+ }
+
+ ret = ath10k_bmi_write32(ar, hi_board_ext_data_config,
+ (board_ext_data_size << 16) | 1);
+ if (ret) {
+- ath10k_err("could not write board ext data bit (%d)\n", ret);
++ ath10k_err(ar, "could not write board ext data bit (%d)\n",
++ ret);
+ return ret;
+ }
+
+ return 0;
+ }
+
+-static int ath10k_download_board_data(struct ath10k *ar)
++static int ath10k_download_board_data(struct ath10k *ar, const void *data,
++ size_t data_len)
+ {
+- u32 board_data_size = QCA988X_BOARD_DATA_SZ;
++ u32 board_data_size = ar->hw_params.fw.board_size;
+ u32 address;
+ int ret;
+
+- ret = ath10k_push_board_ext_data(ar);
++ ret = ath10k_push_board_ext_data(ar, data, data_len);
+ if (ret) {
+- ath10k_err("could not push board ext data (%d)\n", ret);
++ ath10k_err(ar, "could not push board ext data (%d)\n", ret);
+ goto exit;
+ }
+
+ ret = ath10k_bmi_read32(ar, hi_board_data, &address);
+ if (ret) {
+- ath10k_err("could not read board data addr (%d)\n", ret);
++ ath10k_err(ar, "could not read board data addr (%d)\n", ret);
+ goto exit;
+ }
+
+- ret = ath10k_bmi_write_memory(ar, address, ar->board_data,
++ ret = ath10k_bmi_write_memory(ar, address, data,
+ min_t(u32, board_data_size,
+- ar->board_len));
++ data_len));
+ if (ret) {
+- ath10k_err("could not write board data (%d)\n", ret);
++ ath10k_err(ar, "could not write board data (%d)\n", ret);
+ goto exit;
+ }
+
+ ret = ath10k_bmi_write32(ar, hi_board_data_initialized, 1);
+ if (ret) {
+- ath10k_err("could not write board data bit (%d)\n", ret);
++ ath10k_err(ar, "could not write board data bit (%d)\n", ret);
+ goto exit;
+ }
+
+@@ -247,73 +272,182 @@ exit:
+ return ret;
+ }
+
++static int ath10k_download_cal_file(struct ath10k *ar)
++{
++ int ret;
++
++ if (!ar->cal_file)
++ return -ENOENT;
++
++ if (IS_ERR(ar->cal_file))
++ return PTR_ERR(ar->cal_file);
++
++ ret = ath10k_download_board_data(ar, ar->cal_file->data,
++ ar->cal_file->size);
++ if (ret) {
++ ath10k_err(ar, "failed to download cal_file data: %d\n", ret);
++ return ret;
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot cal file downloaded\n");
++
++ return 0;
++}
++
++static int ath10k_download_cal_dt(struct ath10k *ar)
++{
++ struct device_node *node;
++ int data_len;
++ void *data;
++ int ret;
++
++ node = ar->dev->of_node;
++ if (!node)
++ /* Device Tree is optional, don't print any warnings if
++ * there's no node for ath10k.
++ */
++ return -ENOENT;
++
++ if (!of_get_property(node, "qcom,ath10k-calibration-data",
++ &data_len)) {
++ /* The calibration data node is optional */
++ return -ENOENT;
++ }
++
++ if (data_len != QCA988X_CAL_DATA_LEN) {
++ ath10k_warn(ar, "invalid calibration data length in DT: %d\n",
++ data_len);
++ ret = -EMSGSIZE;
++ goto out;
++ }
++
++ data = kmalloc(data_len, GFP_KERNEL);
++ if (!data) {
++ ret = -ENOMEM;
++ goto out;
++ }
++
++ ret = of_property_read_u8_array(node, "qcom,ath10k-calibration-data",
++ data, data_len);
++ if (ret) {
++ ath10k_warn(ar, "failed to read calibration data from DT: %d\n",
++ ret);
++ goto out_free;
++ }
++
++ ret = ath10k_download_board_data(ar, data, data_len);
++ if (ret) {
++ ath10k_warn(ar, "failed to download calibration data from Device Tree: %d\n",
++ ret);
++ goto out_free;
++ }
++
++ ret = 0;
++
++out_free:
++ kfree(data);
++
++out:
++ return ret;
++}
++
+ static int ath10k_download_and_run_otp(struct ath10k *ar)
+ {
+ u32 result, address = ar->hw_params.patch_load_addr;
+ int ret;
+
++ ret = ath10k_download_board_data(ar, ar->board_data, ar->board_len);
++ if (ret) {
++ ath10k_err(ar, "failed to download board data: %d\n", ret);
++ return ret;
++ }
++
+ /* OTP is optional */
+
+ if (!ar->otp_data || !ar->otp_len) {
+- ath10k_warn("Not running otp, calibration will be incorrect (otp-data %p otp_len %zd)!\n",
++ ath10k_warn(ar, "Not running otp, calibration will be incorrect (otp-data %p otp_len %zd)!\n",
+ ar->otp_data, ar->otp_len);
+ return 0;
+ }
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot upload otp to 0x%x len %zd\n",
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot upload otp to 0x%x len %zd\n",
+ address, ar->otp_len);
+
+ ret = ath10k_bmi_fast_download(ar, address, ar->otp_data, ar->otp_len);
+ if (ret) {
+- ath10k_err("could not write otp (%d)\n", ret);
++ ath10k_err(ar, "could not write otp (%d)\n", ret);
+ return ret;
+ }
+
+ ret = ath10k_bmi_execute(ar, address, 0, &result);
+ if (ret) {
+- ath10k_err("could not execute otp (%d)\n", ret);
++ ath10k_err(ar, "could not execute otp (%d)\n", ret);
+ return ret;
+ }
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot otp execute result %d\n", result);
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot otp execute result %d\n", result);
+
+- if (result != 0) {
+- ath10k_err("otp calibration failed: %d", result);
++ if (!skip_otp && result != 0) {
++ ath10k_err(ar, "otp calibration failed: %d", result);
+ return -EINVAL;
+ }
+
+ return 0;
+ }
+
+-static int ath10k_download_fw(struct ath10k *ar)
++static int ath10k_download_fw(struct ath10k *ar, enum ath10k_firmware_mode mode)
+ {
+- u32 address;
++ u32 address, data_len;
++ const char *mode_name;
++ const void *data;
+ int ret;
+
+ address = ar->hw_params.patch_load_addr;
+
+- ret = ath10k_bmi_fast_download(ar, address, ar->firmware_data,
+- ar->firmware_len);
++ switch (mode) {
++ case ATH10K_FIRMWARE_MODE_NORMAL:
++ data = ar->firmware_data;
++ data_len = ar->firmware_len;
++ mode_name = "normal";
++ break;
++ case ATH10K_FIRMWARE_MODE_UTF:
++ data = ar->testmode.utf->data;
++ data_len = ar->testmode.utf->size;
++ mode_name = "utf";
++ break;
++ default:
++ ath10k_err(ar, "unknown firmware mode: %d\n", mode);
++ return -EINVAL;
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
++ "boot uploading firmware image %p len %d mode %s\n",
++ data, data_len, mode_name);
++
++ ret = ath10k_bmi_fast_download(ar, address, data, data_len);
+ if (ret) {
+- ath10k_err("could not write fw (%d)\n", ret);
+- goto exit;
++ ath10k_err(ar, "failed to download %s firmware: %d\n",
++ mode_name, ret);
++ return ret;
+ }
+
+-exit:
+ return ret;
+ }
+
+ static void ath10k_core_free_firmware_files(struct ath10k *ar)
+ {
+- if (ar->board && !IS_ERR(ar->board))
++ if (!IS_ERR(ar->board))
+ release_firmware(ar->board);
+
+- if (ar->otp && !IS_ERR(ar->otp))
++ if (!IS_ERR(ar->otp))
+ release_firmware(ar->otp);
+
+- if (ar->firmware && !IS_ERR(ar->firmware))
++ if (!IS_ERR(ar->firmware))
+ release_firmware(ar->firmware);
+
++ if (!IS_ERR(ar->cal_file))
++ release_firmware(ar->cal_file);
++
+ ar->board = NULL;
+ ar->board_data = NULL;
+ ar->board_len = 0;
+@@ -325,6 +459,27 @@ static void ath10k_core_free_firmware_fi
+ ar->firmware = NULL;
+ ar->firmware_data = NULL;
+ ar->firmware_len = 0;
++
++ ar->cal_file = NULL;
++}
++
++static int ath10k_fetch_cal_file(struct ath10k *ar)
++{
++ char filename[100];
++
++ /* cal-<bus>-<id>.bin */
++ scnprintf(filename, sizeof(filename), "cal-%s-%s.bin",
++ ath10k_bus_str(ar->hif.bus), dev_name(ar->dev));
++
++ ar->cal_file = ath10k_fetch_fw_file(ar, ATH10K_FW_DIR, filename);
++ if (IS_ERR(ar->cal_file))
++ /* calibration file is optional, don't print any warnings */
++ return PTR_ERR(ar->cal_file);
++
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "found calibration file %s/%s\n",
++ ATH10K_FW_DIR, filename);
++
++ return 0;
+ }
+
+ static int ath10k_core_fetch_firmware_api_1(struct ath10k *ar)
+@@ -332,12 +487,12 @@ static int ath10k_core_fetch_firmware_ap
+ int ret = 0;
+
+ if (ar->hw_params.fw.fw == NULL) {
+- ath10k_err("firmware file not defined\n");
++ ath10k_err(ar, "firmware file not defined\n");
+ return -EINVAL;
+ }
+
+ if (ar->hw_params.fw.board == NULL) {
+- ath10k_err("board data file not defined");
++ ath10k_err(ar, "board data file not defined");
+ return -EINVAL;
+ }
+
+@@ -346,7 +501,7 @@ static int ath10k_core_fetch_firmware_ap
+ ar->hw_params.fw.board);
+ if (IS_ERR(ar->board)) {
+ ret = PTR_ERR(ar->board);
+- ath10k_err("could not fetch board data (%d)\n", ret);
++ ath10k_err(ar, "could not fetch board data (%d)\n", ret);
+ goto err;
+ }
+
+@@ -358,7 +513,7 @@ static int ath10k_core_fetch_firmware_ap
+ ar->hw_params.fw.fw);
+ if (IS_ERR(ar->firmware)) {
+ ret = PTR_ERR(ar->firmware);
+- ath10k_err("could not fetch firmware (%d)\n", ret);
++ ath10k_err(ar, "could not fetch firmware (%d)\n", ret);
+ goto err;
+ }
+
+@@ -374,7 +529,7 @@ static int ath10k_core_fetch_firmware_ap
+ ar->hw_params.fw.otp);
+ if (IS_ERR(ar->otp)) {
+ ret = PTR_ERR(ar->otp);
+- ath10k_err("could not fetch otp (%d)\n", ret);
++ ath10k_err(ar, "could not fetch otp (%d)\n", ret);
+ goto err;
+ }
+
+@@ -394,12 +549,12 @@ static int ath10k_core_fetch_firmware_ap
+ int ie_id, i, index, bit, ret;
+ struct ath10k_fw_ie *hdr;
+ const u8 *data;
+- __le32 *timestamp;
++ __le32 *timestamp, *version;
+
+ /* first fetch the firmware file (firmware-*.bin) */
+ ar->firmware = ath10k_fetch_fw_file(ar, ar->hw_params.fw.dir, name);
+ if (IS_ERR(ar->firmware)) {
+- ath10k_err("could not fetch firmware file '%s/%s': %ld\n",
++ ath10k_err(ar, "could not fetch firmware file '%s/%s': %ld\n",
+ ar->hw_params.fw.dir, name, PTR_ERR(ar->firmware));
+ return PTR_ERR(ar->firmware);
+ }
+@@ -411,14 +566,14 @@ static int ath10k_core_fetch_firmware_ap
+ magic_len = strlen(ATH10K_FIRMWARE_MAGIC) + 1;
+
+ if (len < magic_len) {
+- ath10k_err("firmware file '%s/%s' too small to contain magic: %zu\n",
++ ath10k_err(ar, "firmware file '%s/%s' too small to contain magic: %zu\n",
+ ar->hw_params.fw.dir, name, len);
+ ret = -EINVAL;
+ goto err;
+ }
+
+ if (memcmp(data, ATH10K_FIRMWARE_MAGIC, magic_len) != 0) {
+- ath10k_err("invalid firmware magic\n");
++ ath10k_err(ar, "invalid firmware magic\n");
+ ret = -EINVAL;
+ goto err;
+ }
+@@ -440,7 +595,7 @@ static int ath10k_core_fetch_firmware_ap
+ data += sizeof(*hdr);
+
+ if (len < ie_len) {
+- ath10k_err("invalid length for FW IE %d (%zu < %zu)\n",
++ ath10k_err(ar, "invalid length for FW IE %d (%zu < %zu)\n",
+ ie_id, len, ie_len);
+ ret = -EINVAL;
+ goto err;
+@@ -454,7 +609,7 @@ static int ath10k_core_fetch_firmware_ap
+ memcpy(ar->hw->wiphy->fw_version, data, ie_len);
+ ar->hw->wiphy->fw_version[ie_len] = '\0';
+
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "found fw version %s\n",
+ ar->hw->wiphy->fw_version);
+ break;
+@@ -464,11 +619,11 @@ static int ath10k_core_fetch_firmware_ap
+
+ timestamp = (__le32 *)data;
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "found fw timestamp %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "found fw timestamp %d\n",
+ le32_to_cpup(timestamp));
+ break;
+ case ATH10K_FW_IE_FEATURES:
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "found firmware features ie (%zd B)\n",
+ ie_len);
+
+@@ -480,19 +635,19 @@ static int ath10k_core_fetch_firmware_ap
+ break;
+
+ if (data[index] & (1 << bit)) {
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "Enabling feature bit: %i\n",
+ i);
+ __set_bit(i, ar->fw_features);
+ }
+ }
+
+- ath10k_dbg_dump(ATH10K_DBG_BOOT, "features", "",
++ ath10k_dbg_dump(ar, ATH10K_DBG_BOOT, "features", "",
+ ar->fw_features,
+ sizeof(ar->fw_features));
+ break;
+ case ATH10K_FW_IE_FW_IMAGE:
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "found fw image ie (%zd B)\n",
+ ie_len);
+
+@@ -501,7 +656,7 @@ static int ath10k_core_fetch_firmware_ap
+
+ break;
+ case ATH10K_FW_IE_OTP_IMAGE:
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "found otp image ie (%zd B)\n",
+ ie_len);
+
+@@ -509,8 +664,19 @@ static int ath10k_core_fetch_firmware_ap
+ ar->otp_len = ie_len;
+
+ break;
++ case ATH10K_FW_IE_WMI_OP_VERSION:
++ if (ie_len != sizeof(u32))
++ break;
++
++ version = (__le32 *)data;
++
++ ar->wmi.op_version = le32_to_cpup(version);
++
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "found fw ie wmi op version %d\n",
++ ar->wmi.op_version);
++ break;
+ default:
+- ath10k_warn("Unknown FW IE: %u\n",
++ ath10k_warn(ar, "Unknown FW IE: %u\n",
+ le32_to_cpu(hdr->id));
+ break;
+ }
+@@ -523,7 +689,7 @@ static int ath10k_core_fetch_firmware_ap
+ }
+
+ if (!ar->firmware_data || !ar->firmware_len) {
+- ath10k_warn("No ATH10K_FW_IE_FW_IMAGE found from '%s/%s', skipping\n",
++ ath10k_warn(ar, "No ATH10K_FW_IE_FW_IMAGE found from '%s/%s', skipping\n",
+ ar->hw_params.fw.dir, name);
+ ret = -ENOMEDIUM;
+ goto err;
+@@ -531,7 +697,7 @@ static int ath10k_core_fetch_firmware_ap
+
+ /* now fetch the board file */
+ if (ar->hw_params.fw.board == NULL) {
+- ath10k_err("board data file not defined");
++ ath10k_err(ar, "board data file not defined");
+ ret = -EINVAL;
+ goto err;
+ }
+@@ -541,7 +707,7 @@ static int ath10k_core_fetch_firmware_ap
+ ar->hw_params.fw.board);
+ if (IS_ERR(ar->board)) {
+ ret = PTR_ERR(ar->board);
+- ath10k_err("could not fetch board data '%s/%s' (%d)\n",
++ ath10k_err(ar, "could not fetch board data '%s/%s' (%d)\n",
+ ar->hw_params.fw.dir, ar->hw_params.fw.board,
+ ret);
+ goto err;
+@@ -561,49 +727,79 @@ static int ath10k_core_fetch_firmware_fi
+ {
+ int ret;
+
++ /* calibration file is optional, don't check for any errors */
++ ath10k_fetch_cal_file(ar);
++
++ ar->fw_api = 4;
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "trying fw api %d\n", ar->fw_api);
++
++ ret = ath10k_core_fetch_firmware_api_n(ar, ATH10K_FW_API4_FILE);
++ if (ret == 0)
++ goto success;
++
++ ar->fw_api = 3;
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "trying fw api %d\n", ar->fw_api);
++
++ ret = ath10k_core_fetch_firmware_api_n(ar, ATH10K_FW_API3_FILE);
++ if (ret == 0)
++ goto success;
++
+ ar->fw_api = 2;
+- ath10k_dbg(ATH10K_DBG_BOOT, "trying fw api %d\n", ar->fw_api);
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "trying fw api %d\n", ar->fw_api);
+
+ ret = ath10k_core_fetch_firmware_api_n(ar, ATH10K_FW_API2_FILE);
+ if (ret == 0)
+ goto success;
+
+ ar->fw_api = 1;
+- ath10k_dbg(ATH10K_DBG_BOOT, "trying fw api %d\n", ar->fw_api);
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "trying fw api %d\n", ar->fw_api);
+
+ ret = ath10k_core_fetch_firmware_api_1(ar);
+ if (ret)
+ return ret;
+
+ success:
+- ath10k_dbg(ATH10K_DBG_BOOT, "using fw api %d\n", ar->fw_api);
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "using fw api %d\n", ar->fw_api);
+
+ return 0;
+ }
+
+-static int ath10k_init_download_firmware(struct ath10k *ar)
++static int ath10k_download_cal_data(struct ath10k *ar)
+ {
+ int ret;
+
+- ret = ath10k_download_board_data(ar);
+- if (ret) {
+- ath10k_err("failed to download board data: %d\n", ret);
+- return ret;
++ ret = ath10k_download_cal_file(ar);
++ if (ret == 0) {
++ ar->cal_mode = ATH10K_CAL_MODE_FILE;
++ goto done;
+ }
+
+- ret = ath10k_download_and_run_otp(ar);
+- if (ret) {
+- ath10k_err("failed to run otp: %d\n", ret);
+- return ret;
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
++ "boot did not find a calibration file, try DT next: %d\n",
++ ret);
++
++ ret = ath10k_download_cal_dt(ar);
++ if (ret == 0) {
++ ar->cal_mode = ATH10K_CAL_MODE_DT;
++ goto done;
+ }
+
+- ret = ath10k_download_fw(ar);
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
++ "boot did not find DT entry, try OTP next: %d\n",
++ ret);
++
++ ret = ath10k_download_and_run_otp(ar);
+ if (ret) {
+- ath10k_err("failed to download firmware: %d\n", ret);
++ ath10k_err(ar, "failed to run otp: %d\n", ret);
+ return ret;
+ }
+
+- return ret;
++ ar->cal_mode = ATH10K_CAL_MODE_OTP;
++
++done:
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot using calibration mode %s\n",
++ ath10k_cal_mode_str(ar->cal_mode));
++ return 0;
+ }
+
+ static int ath10k_init_uart(struct ath10k *ar)
+@@ -616,33 +812,33 @@ static int ath10k_init_uart(struct ath10
+ */
+ ret = ath10k_bmi_write32(ar, hi_serial_enable, 0);
+ if (ret) {
+- ath10k_warn("could not disable UART prints (%d)\n", ret);
++ ath10k_warn(ar, "could not disable UART prints (%d)\n", ret);
+ return ret;
+ }
+
+ if (!uart_print)
+ return 0;
+
+- ret = ath10k_bmi_write32(ar, hi_dbg_uart_txpin, 7);
++ ret = ath10k_bmi_write32(ar, hi_dbg_uart_txpin, ar->hw_params.uart_pin);
+ if (ret) {
+- ath10k_warn("could not enable UART prints (%d)\n", ret);
++ ath10k_warn(ar, "could not enable UART prints (%d)\n", ret);
+ return ret;
+ }
+
+ ret = ath10k_bmi_write32(ar, hi_serial_enable, 1);
+ if (ret) {
+- ath10k_warn("could not enable UART prints (%d)\n", ret);
++ ath10k_warn(ar, "could not enable UART prints (%d)\n", ret);
+ return ret;
+ }
+
+ /* Set the UART baud rate to 19200. */
+ ret = ath10k_bmi_write32(ar, hi_desired_baud_rate, 19200);
+ if (ret) {
+- ath10k_warn("could not set the baud rate (%d)\n", ret);
++ ath10k_warn(ar, "could not set the baud rate (%d)\n", ret);
+ return ret;
+ }
+
+- ath10k_info("UART prints enabled\n");
++ ath10k_info(ar, "UART prints enabled\n");
+ return 0;
+ }
+
+@@ -659,14 +855,14 @@ static int ath10k_init_hw_params(struct
+ }
+
+ if (i == ARRAY_SIZE(ath10k_hw_params_list)) {
+- ath10k_err("Unsupported hardware version: 0x%x\n",
++ ath10k_err(ar, "Unsupported hardware version: 0x%x\n",
+ ar->target_version);
+ return -EINVAL;
+ }
+
+ ar->hw_params = *hw_params;
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "Hardware name %s version 0x%x\n",
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "Hardware name %s version 0x%x\n",
+ ar->hw_params.name, ar->target_version);
+
+ return 0;
+@@ -676,101 +872,124 @@ static void ath10k_core_restart(struct w
+ {
+ struct ath10k *ar = container_of(work, struct ath10k, restart_work);
+
++ set_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags);
++
++ /* Place a barrier to make sure the compiler doesn't reorder
++ * CRASH_FLUSH and calling other functions.
++ */
++ barrier();
++
++ ieee80211_stop_queues(ar->hw);
++ ath10k_drain_tx(ar);
++ complete_all(&ar->scan.started);
++ complete_all(&ar->scan.completed);
++ complete_all(&ar->scan.on_channel);
++ complete_all(&ar->offchan_tx_completed);
++ complete_all(&ar->install_key_done);
++ complete_all(&ar->vdev_setup_done);
++ complete_all(&ar->thermal.wmi_sync);
++ wake_up(&ar->htt.empty_tx_wq);
++ wake_up(&ar->wmi.tx_credits_wq);
++ wake_up(&ar->peer_mapping_wq);
++
+ mutex_lock(&ar->conf_mutex);
+
+ switch (ar->state) {
+ case ATH10K_STATE_ON:
+ ar->state = ATH10K_STATE_RESTARTING;
+- ath10k_halt(ar);
++ ath10k_hif_stop(ar);
++ ath10k_scan_finish(ar);
+ ieee80211_restart_hw(ar->hw);
+ break;
+ case ATH10K_STATE_OFF:
+ /* this can happen if driver is being unloaded
+ * or if the crash happens during FW probing */
+- ath10k_warn("cannot restart a device that hasn't been started\n");
++ ath10k_warn(ar, "cannot restart a device that hasn't been started\n");
+ break;
+ case ATH10K_STATE_RESTARTING:
++ /* hw restart might be requested from multiple places */
++ break;
+ case ATH10K_STATE_RESTARTED:
+ ar->state = ATH10K_STATE_WEDGED;
+ /* fall through */
+ case ATH10K_STATE_WEDGED:
+- ath10k_warn("device is wedged, will not restart\n");
++ ath10k_warn(ar, "device is wedged, will not restart\n");
++ break;
++ case ATH10K_STATE_UTF:
++ ath10k_warn(ar, "firmware restart in UTF mode not supported\n");
+ break;
+ }
+
+ mutex_unlock(&ar->conf_mutex);
+ }
+
+-struct ath10k *ath10k_core_create(void *hif_priv, struct device *dev,
+- const struct ath10k_hif_ops *hif_ops)
++static int ath10k_core_init_firmware_features(struct ath10k *ar)
+ {
+- struct ath10k *ar;
+-
+- ar = ath10k_mac_create();
+- if (!ar)
+- return NULL;
+-
+- ar->ath_common.priv = ar;
+- ar->ath_common.hw = ar->hw;
+-
+- ar->p2p = !!ath10k_p2p;
+- ar->dev = dev;
+-
+- ar->hif.priv = hif_priv;
+- ar->hif.ops = hif_ops;
+-
+- init_completion(&ar->scan.started);
+- init_completion(&ar->scan.completed);
+- init_completion(&ar->scan.on_channel);
+- init_completion(&ar->target_suspend);
+-
+- init_completion(&ar->install_key_done);
+- init_completion(&ar->vdev_setup_done);
+-
+- setup_timer(&ar->scan.timeout, ath10k_reset_scan, (unsigned long)ar);
+-
+- ar->workqueue = create_singlethread_workqueue("ath10k_wq");
+- if (!ar->workqueue)
+- goto err_wq;
+-
+- mutex_init(&ar->conf_mutex);
+- spin_lock_init(&ar->data_lock);
+-
+- INIT_LIST_HEAD(&ar->peers);
+- init_waitqueue_head(&ar->peer_mapping_wq);
+-
+- init_completion(&ar->offchan_tx_completed);
+- INIT_WORK(&ar->offchan_tx_work, ath10k_offchan_tx_work);
+- skb_queue_head_init(&ar->offchan_tx_queue);
+-
+- INIT_WORK(&ar->wmi_mgmt_tx_work, ath10k_mgmt_over_wmi_tx_work);
+- skb_queue_head_init(&ar->wmi_mgmt_tx_queue);
+-
+- INIT_WORK(&ar->restart_work, ath10k_core_restart);
++ if (test_bit(ATH10K_FW_FEATURE_WMI_10_2, ar->fw_features) &&
++ !test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features)) {
++ ath10k_err(ar, "feature bits corrupted: 10.2 feature requires 10.x feature to be set as well");
++ return -EINVAL;
++ }
+
+- return ar;
++ if (ar->wmi.op_version >= ATH10K_FW_WMI_OP_VERSION_MAX) {
++ ath10k_err(ar, "unsupported WMI OP version (max %d): %d\n",
++ ATH10K_FW_WMI_OP_VERSION_MAX, ar->wmi.op_version);
++ return -EINVAL;
++ }
+
+-err_wq:
+- ath10k_mac_destroy(ar);
+- return NULL;
+-}
+-EXPORT_SYMBOL(ath10k_core_create);
++ /* Backwards compatibility for firmwares without
++ * ATH10K_FW_IE_WMI_OP_VERSION.
++ */
++ if (ar->wmi.op_version == ATH10K_FW_WMI_OP_VERSION_UNSET) {
++ if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features)) {
++ if (test_bit(ATH10K_FW_FEATURE_WMI_10_2,
++ ar->fw_features))
++ ar->wmi.op_version = ATH10K_FW_WMI_OP_VERSION_10_2;
++ else
++ ar->wmi.op_version = ATH10K_FW_WMI_OP_VERSION_10_1;
++ } else {
++ ar->wmi.op_version = ATH10K_FW_WMI_OP_VERSION_MAIN;
++ }
++ }
+
+-void ath10k_core_destroy(struct ath10k *ar)
+-{
+- flush_workqueue(ar->workqueue);
+- destroy_workqueue(ar->workqueue);
++ switch (ar->wmi.op_version) {
++ case ATH10K_FW_WMI_OP_VERSION_MAIN:
++ ar->max_num_peers = TARGET_NUM_PEERS;
++ ar->max_num_stations = TARGET_NUM_STATIONS;
++ ar->max_num_vdevs = TARGET_NUM_VDEVS;
++ ar->htt.max_num_pending_tx = TARGET_NUM_MSDU_DESC;
++ break;
++ case ATH10K_FW_WMI_OP_VERSION_10_1:
++ case ATH10K_FW_WMI_OP_VERSION_10_2:
++ case ATH10K_FW_WMI_OP_VERSION_10_2_4:
++ ar->max_num_peers = TARGET_10X_NUM_PEERS;
++ ar->max_num_stations = TARGET_10X_NUM_STATIONS;
++ ar->max_num_vdevs = TARGET_10X_NUM_VDEVS;
++ ar->htt.max_num_pending_tx = TARGET_10X_NUM_MSDU_DESC;
++ break;
++ case ATH10K_FW_WMI_OP_VERSION_TLV:
++ ar->max_num_peers = TARGET_TLV_NUM_PEERS;
++ ar->max_num_stations = TARGET_TLV_NUM_STATIONS;
++ ar->max_num_vdevs = TARGET_TLV_NUM_VDEVS;
++ ar->htt.max_num_pending_tx = TARGET_TLV_NUM_MSDU_DESC;
++ break;
++ case ATH10K_FW_WMI_OP_VERSION_UNSET:
++ case ATH10K_FW_WMI_OP_VERSION_MAX:
++ WARN_ON(1);
++ return -EINVAL;
++ }
+
+- ath10k_mac_destroy(ar);
++ return 0;
+ }
+-EXPORT_SYMBOL(ath10k_core_destroy);
+
+-int ath10k_core_start(struct ath10k *ar)
++int ath10k_core_start(struct ath10k *ar, enum ath10k_firmware_mode mode)
+ {
+ int status;
+
+ lockdep_assert_held(&ar->conf_mutex);
+
++ clear_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags);
++
+ ath10k_bmi_start(ar);
+
+ if (ath10k_init_configure_target(ar)) {
+@@ -778,7 +997,11 @@ int ath10k_core_start(struct ath10k *ar)
+ goto err;
+ }
+
+- status = ath10k_init_download_firmware(ar);
++ status = ath10k_download_cal_data(ar);
++ if (status)
++ goto err;
++
++ status = ath10k_download_fw(ar, mode);
+ if (status)
+ goto err;
+
+@@ -791,7 +1014,7 @@ int ath10k_core_start(struct ath10k *ar)
+
+ status = ath10k_htc_init(ar);
+ if (status) {
+- ath10k_err("could not init HTC (%d)\n", status);
++ ath10k_err(ar, "could not init HTC (%d)\n", status);
+ goto err;
+ }
+
+@@ -801,79 +1024,123 @@ int ath10k_core_start(struct ath10k *ar)
+
+ status = ath10k_wmi_attach(ar);
+ if (status) {
+- ath10k_err("WMI attach failed: %d\n", status);
++ ath10k_err(ar, "WMI attach failed: %d\n", status);
+ goto err;
+ }
+
+- status = ath10k_hif_start(ar);
++ status = ath10k_htt_init(ar);
++ if (status) {
++ ath10k_err(ar, "failed to init htt: %d\n", status);
++ goto err_wmi_detach;
++ }
++
++ status = ath10k_htt_tx_alloc(&ar->htt);
+ if (status) {
+- ath10k_err("could not start HIF: %d\n", status);
++ ath10k_err(ar, "failed to alloc htt tx: %d\n", status);
+ goto err_wmi_detach;
+ }
+
++ status = ath10k_htt_rx_alloc(&ar->htt);
++ if (status) {
++ ath10k_err(ar, "failed to alloc htt rx: %d\n", status);
++ goto err_htt_tx_detach;
++ }
++
++ status = ath10k_hif_start(ar);
++ if (status) {
++ ath10k_err(ar, "could not start HIF: %d\n", status);
++ goto err_htt_rx_detach;
++ }
++
+ status = ath10k_htc_wait_target(&ar->htc);
+ if (status) {
+- ath10k_err("failed to connect to HTC: %d\n", status);
++ ath10k_err(ar, "failed to connect to HTC: %d\n", status);
+ goto err_hif_stop;
+ }
+
+- status = ath10k_htt_attach(ar);
++ if (mode == ATH10K_FIRMWARE_MODE_NORMAL) {
++ status = ath10k_htt_connect(&ar->htt);
++ if (status) {
++ ath10k_err(ar, "failed to connect htt (%d)\n", status);
++ goto err_hif_stop;
++ }
++ }
++
++ status = ath10k_wmi_connect(ar);
+ if (status) {
+- ath10k_err("could not attach htt (%d)\n", status);
++ ath10k_err(ar, "could not connect wmi: %d\n", status);
+ goto err_hif_stop;
+ }
+
+- status = ath10k_init_connect_htc(ar);
+- if (status)
+- goto err_htt_detach;
++ status = ath10k_htc_start(&ar->htc);
++ if (status) {
++ ath10k_err(ar, "failed to start htc: %d\n", status);
++ goto err_hif_stop;
++ }
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "firmware %s booted\n",
++ if (mode == ATH10K_FIRMWARE_MODE_NORMAL) {
++ status = ath10k_wmi_wait_for_service_ready(ar);
++ if (status <= 0) {
++ ath10k_warn(ar, "wmi service ready event not received");
++ status = -ETIMEDOUT;
++ goto err_hif_stop;
++ }
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "firmware %s booted\n",
+ ar->hw->wiphy->fw_version);
+
+ status = ath10k_wmi_cmd_init(ar);
+ if (status) {
+- ath10k_err("could not send WMI init command (%d)\n", status);
+- goto err_disconnect_htc;
++ ath10k_err(ar, "could not send WMI init command (%d)\n",
++ status);
++ goto err_hif_stop;
+ }
+
+ status = ath10k_wmi_wait_for_unified_ready(ar);
+ if (status <= 0) {
+- ath10k_err("wmi unified ready event not received\n");
++ ath10k_err(ar, "wmi unified ready event not received\n");
+ status = -ETIMEDOUT;
+- goto err_disconnect_htc;
++ goto err_hif_stop;
+ }
+
+- status = ath10k_htt_attach_target(&ar->htt);
+- if (status)
+- goto err_disconnect_htc;
++ /* If firmware indicates Full Rx Reorder support it must be used in a
++ * slightly different manner. Let HTT code know.
++ */
++ ar->htt.rx_ring.in_ord_rx = !!(test_bit(WMI_SERVICE_RX_FULL_REORDER,
++ ar->wmi.svc_map));
++
++ status = ath10k_htt_rx_ring_refill(ar);
++ if (status) {
++ ath10k_err(ar, "failed to refill htt rx ring: %d\n", status);
++ goto err_hif_stop;
++ }
++
++ /* we don't care about HTT in UTF mode */
++ if (mode == ATH10K_FIRMWARE_MODE_NORMAL) {
++ status = ath10k_htt_setup(&ar->htt);
++ if (status) {
++ ath10k_err(ar, "failed to setup htt: %d\n", status);
++ goto err_hif_stop;
++ }
++ }
+
+ status = ath10k_debug_start(ar);
+ if (status)
+- goto err_disconnect_htc;
+-
+- ar->free_vdev_map = (1 << TARGET_NUM_VDEVS) - 1;
+- INIT_LIST_HEAD(&ar->arvifs);
++ goto err_hif_stop;
+
+- if (!test_bit(ATH10K_FLAG_FIRST_BOOT_DONE, &ar->dev_flags))
+- ath10k_info("%s (0x%08x, 0x%08x) fw %s api %d htt %d.%d\n",
+- ar->hw_params.name,
+- ar->target_version,
+- ar->chip_id,
+- ar->hw->wiphy->fw_version,
+- ar->fw_api,
+- ar->htt.target_version_major,
+- ar->htt.target_version_minor);
++ ar->free_vdev_map = (1LL << ar->max_num_vdevs) - 1;
+
+- __set_bit(ATH10K_FLAG_FIRST_BOOT_DONE, &ar->dev_flags);
++ INIT_LIST_HEAD(&ar->arvifs);
+
+ return 0;
+
+-err_disconnect_htc:
+- ath10k_htc_stop(&ar->htc);
+-err_htt_detach:
+- ath10k_htt_detach(&ar->htt);
+ err_hif_stop:
+ ath10k_hif_stop(ar);
++err_htt_rx_detach:
++ ath10k_htt_rx_free(&ar->htt);
++err_htt_tx_detach:
++ ath10k_htt_tx_free(&ar->htt);
+ err_wmi_detach:
+ ath10k_wmi_detach(ar);
+ err:
+@@ -889,14 +1156,14 @@ int ath10k_wait_for_suspend(struct ath10
+
+ ret = ath10k_wmi_pdev_suspend_target(ar, suspend_opt);
+ if (ret) {
+- ath10k_warn("could not suspend target (%d)\n", ret);
++ ath10k_warn(ar, "could not suspend target (%d)\n", ret);
+ return ret;
+ }
+
+ ret = wait_for_completion_timeout(&ar->target_suspend, 1 * HZ);
+
+ if (ret == 0) {
+- ath10k_warn("suspend timed out - target pause event never came\n");
++ ath10k_warn(ar, "suspend timed out - target pause event never came\n");
+ return -ETIMEDOUT;
+ }
+
+@@ -908,12 +1175,14 @@ void ath10k_core_stop(struct ath10k *ar)
+ lockdep_assert_held(&ar->conf_mutex);
+
+ /* try to suspend target */
+- if (ar->state != ATH10K_STATE_RESTARTING)
++ if (ar->state != ATH10K_STATE_RESTARTING &&
++ ar->state != ATH10K_STATE_UTF)
+ ath10k_wait_for_suspend(ar, WMI_PDEV_SUSPEND_AND_DISABLE_INTR);
+
+ ath10k_debug_stop(ar);
+- ath10k_htc_stop(&ar->htc);
+- ath10k_htt_detach(&ar->htt);
++ ath10k_hif_stop(ar);
++ ath10k_htt_tx_free(&ar->htt);
++ ath10k_htt_rx_free(&ar->htt);
+ ath10k_wmi_detach(ar);
+ }
+ EXPORT_SYMBOL(ath10k_core_stop);
+@@ -929,16 +1198,15 @@ static int ath10k_core_probe_fw(struct a
+
+ ret = ath10k_hif_power_up(ar);
+ if (ret) {
+- ath10k_err("could not start pci hif (%d)\n", ret);
++ ath10k_err(ar, "could not start pci hif (%d)\n", ret);
+ return ret;
+ }
+
+ memset(&target_info, 0, sizeof(target_info));
+ ret = ath10k_bmi_get_target_info(ar, &target_info);
+ if (ret) {
+- ath10k_err("could not get target info (%d)\n", ret);
+- ath10k_hif_power_down(ar);
+- return ret;
++ ath10k_err(ar, "could not get target info (%d)\n", ret);
++ goto err_power_down;
+ }
+
+ ar->target_version = target_info.version;
+@@ -946,118 +1214,233 @@ static int ath10k_core_probe_fw(struct a
+
+ ret = ath10k_init_hw_params(ar);
+ if (ret) {
+- ath10k_err("could not get hw params (%d)\n", ret);
+- ath10k_hif_power_down(ar);
+- return ret;
++ ath10k_err(ar, "could not get hw params (%d)\n", ret);
++ goto err_power_down;
+ }
+
+ ret = ath10k_core_fetch_firmware_files(ar);
+ if (ret) {
+- ath10k_err("could not fetch firmware files (%d)\n", ret);
+- ath10k_hif_power_down(ar);
+- return ret;
++ ath10k_err(ar, "could not fetch firmware files (%d)\n", ret);
++ goto err_power_down;
++ }
++
++ ret = ath10k_core_init_firmware_features(ar);
++ if (ret) {
++ ath10k_err(ar, "fatal problem with firmware features: %d\n",
++ ret);
++ goto err_free_firmware_files;
+ }
+
+ mutex_lock(&ar->conf_mutex);
+
+- ret = ath10k_core_start(ar);
++ ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL);
+ if (ret) {
+- ath10k_err("could not init core (%d)\n", ret);
+- ath10k_core_free_firmware_files(ar);
+- ath10k_hif_power_down(ar);
+- mutex_unlock(&ar->conf_mutex);
+- return ret;
++ ath10k_err(ar, "could not init core (%d)\n", ret);
++ goto err_unlock;
+ }
+
++ ath10k_print_driver_info(ar);
+ ath10k_core_stop(ar);
+
+ mutex_unlock(&ar->conf_mutex);
+
+ ath10k_hif_power_down(ar);
+ return 0;
+-}
+-
+-static int ath10k_core_check_chip_id(struct ath10k *ar)
+-{
+- u32 hw_revision = MS(ar->chip_id, SOC_CHIP_ID_REV);
+-
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot chip_id 0x%08x hw_revision 0x%x\n",
+- ar->chip_id, hw_revision);
+
+- /* Check that we are not using hw1.0 (some of them have same pci id
+- * as hw2.0) before doing anything else as ath10k crashes horribly
+- * due to missing hw1.0 workarounds. */
+- switch (hw_revision) {
+- case QCA988X_HW_1_0_CHIP_ID_REV:
+- ath10k_err("ERROR: qca988x hw1.0 is not supported\n");
+- return -EOPNOTSUPP;
++err_unlock:
++ mutex_unlock(&ar->conf_mutex);
+
+- case QCA988X_HW_2_0_CHIP_ID_REV:
+- /* known hardware revision, continue normally */
+- return 0;
++err_free_firmware_files:
++ ath10k_core_free_firmware_files(ar);
+
+- default:
+- ath10k_warn("Warning: hardware revision unknown (0x%x), expect problems\n",
+- ar->chip_id);
+- return 0;
+- }
++err_power_down:
++ ath10k_hif_power_down(ar);
+
+- return 0;
++ return ret;
+ }
+
+-int ath10k_core_register(struct ath10k *ar, u32 chip_id)
++static void ath10k_core_register_work(struct work_struct *work)
+ {
++ struct ath10k *ar = container_of(work, struct ath10k, register_work);
+ int status;
+
+- ar->chip_id = chip_id;
+-
+- status = ath10k_core_check_chip_id(ar);
+- if (status) {
+- ath10k_err("Unsupported chip id 0x%08x\n", ar->chip_id);
+- return status;
+- }
+-
+ status = ath10k_core_probe_fw(ar);
+ if (status) {
+- ath10k_err("could not probe fw (%d)\n", status);
+- return status;
++ ath10k_err(ar, "could not probe fw (%d)\n", status);
++ goto err;
+ }
+
+ status = ath10k_mac_register(ar);
+ if (status) {
+- ath10k_err("could not register to mac80211 (%d)\n", status);
++ ath10k_err(ar, "could not register to mac80211 (%d)\n", status);
+ goto err_release_fw;
+ }
+
+- status = ath10k_debug_create(ar);
++ status = ath10k_debug_register(ar);
+ if (status) {
+- ath10k_err("unable to initialize debugfs\n");
++ ath10k_err(ar, "unable to initialize debugfs\n");
+ goto err_unregister_mac;
+ }
+
+- return 0;
++ status = ath10k_spectral_create(ar);
++ if (status) {
++ ath10k_err(ar, "failed to initialize spectral\n");
++ goto err_debug_destroy;
++ }
+
++ status = ath10k_thermal_register(ar);
++ if (status) {
++ ath10k_err(ar, "could not register thermal device: %d\n",
++ status);
++ goto err_spectral_destroy;
++ }
++
++ set_bit(ATH10K_FLAG_CORE_REGISTERED, &ar->dev_flags);
++ return;
++
++err_spectral_destroy:
++ ath10k_spectral_destroy(ar);
++err_debug_destroy:
++ ath10k_debug_destroy(ar);
+ err_unregister_mac:
+ ath10k_mac_unregister(ar);
+ err_release_fw:
+ ath10k_core_free_firmware_files(ar);
+- return status;
++err:
++ /* TODO: It's probably a good idea to release device from the driver
++ * but calling device_release_driver() here will cause a deadlock.
++ */
++ return;
++}
++
++int ath10k_core_register(struct ath10k *ar, u32 chip_id)
++{
++ ar->chip_id = chip_id;
++ queue_work(ar->workqueue, &ar->register_work);
++
++ return 0;
+ }
+ EXPORT_SYMBOL(ath10k_core_register);
+
+ void ath10k_core_unregister(struct ath10k *ar)
+ {
++ cancel_work_sync(&ar->register_work);
++
++ if (!test_bit(ATH10K_FLAG_CORE_REGISTERED, &ar->dev_flags))
++ return;
++
++ ath10k_thermal_unregister(ar);
++ /* Stop spectral before unregistering from mac80211 to remove the
++ * relayfs debugfs file cleanly. Otherwise the parent debugfs tree
++ * would be already be free'd recursively, leading to a double free.
++ */
++ ath10k_spectral_destroy(ar);
++
+ /* We must unregister from mac80211 before we stop HTC and HIF.
+ * Otherwise we will fail to submit commands to FW and mac80211 will be
+ * unhappy about callback failures. */
+ ath10k_mac_unregister(ar);
+
++ ath10k_testmode_destroy(ar);
++
+ ath10k_core_free_firmware_files(ar);
+
+- ath10k_debug_destroy(ar);
++ ath10k_debug_unregister(ar);
+ }
+ EXPORT_SYMBOL(ath10k_core_unregister);
+
++struct ath10k *ath10k_core_create(size_t priv_size, struct device *dev,
++ enum ath10k_bus bus,
++ enum ath10k_hw_rev hw_rev,
++ const struct ath10k_hif_ops *hif_ops)
++{
++ struct ath10k *ar;
++ int ret;
++
++ ar = ath10k_mac_create(priv_size);
++ if (!ar)
++ return NULL;
++
++ ar->ath_common.priv = ar;
++ ar->ath_common.hw = ar->hw;
++ ar->dev = dev;
++ ar->hw_rev = hw_rev;
++ ar->hif.ops = hif_ops;
++ ar->hif.bus = bus;
++
++ switch (hw_rev) {
++ case ATH10K_HW_QCA988X:
++ ar->regs = &qca988x_regs;
++ break;
++ case ATH10K_HW_QCA6174:
++ ar->regs = &qca6174_regs;
++ break;
++ default:
++ ath10k_err(ar, "unsupported core hardware revision %d\n",
++ hw_rev);
++ ret = -ENOTSUPP;
++ goto err_free_mac;
++ }
++
++ init_completion(&ar->scan.started);
++ init_completion(&ar->scan.completed);
++ init_completion(&ar->scan.on_channel);
++ init_completion(&ar->target_suspend);
++
++ init_completion(&ar->install_key_done);
++ init_completion(&ar->vdev_setup_done);
++ init_completion(&ar->thermal.wmi_sync);
++
++ INIT_DELAYED_WORK(&ar->scan.timeout, ath10k_scan_timeout_work);
++
++ ar->workqueue = create_singlethread_workqueue("ath10k_wq");
++ if (!ar->workqueue)
++ goto err_free_mac;
++
++ mutex_init(&ar->conf_mutex);
++ spin_lock_init(&ar->data_lock);
++
++ INIT_LIST_HEAD(&ar->peers);
++ init_waitqueue_head(&ar->peer_mapping_wq);
++ init_waitqueue_head(&ar->htt.empty_tx_wq);
++ init_waitqueue_head(&ar->wmi.tx_credits_wq);
++
++ init_completion(&ar->offchan_tx_completed);
++ INIT_WORK(&ar->offchan_tx_work, ath10k_offchan_tx_work);
++ skb_queue_head_init(&ar->offchan_tx_queue);
++
++ INIT_WORK(&ar->wmi_mgmt_tx_work, ath10k_mgmt_over_wmi_tx_work);
++ skb_queue_head_init(&ar->wmi_mgmt_tx_queue);
++
++ INIT_WORK(&ar->register_work, ath10k_core_register_work);
++ INIT_WORK(&ar->restart_work, ath10k_core_restart);
++
++ ret = ath10k_debug_create(ar);
++ if (ret)
++ goto err_free_wq;
++
++ return ar;
++
++err_free_wq:
++ destroy_workqueue(ar->workqueue);
++
++err_free_mac:
++ ath10k_mac_destroy(ar);
++
++ return NULL;
++}
++EXPORT_SYMBOL(ath10k_core_create);
++
++void ath10k_core_destroy(struct ath10k *ar)
++{
++ flush_workqueue(ar->workqueue);
++ destroy_workqueue(ar->workqueue);
++
++ ath10k_debug_destroy(ar);
++ ath10k_mac_destroy(ar);
++}
++EXPORT_SYMBOL(ath10k_core_destroy);
++
+ MODULE_AUTHOR("Qualcomm Atheros");
+ MODULE_DESCRIPTION("Core module for QCA988X PCIe devices.");
+ MODULE_LICENSE("Dual BSD/GPL");
+--- a/drivers/net/wireless/ath/ath10k/core.h
++++ b/drivers/net/wireless/ath/ath10k/core.h
+@@ -22,6 +22,8 @@
+ #include <linux/if_ether.h>
+ #include <linux/types.h>
+ #include <linux/pci.h>
++#include <linux/uuid.h>
++#include <linux/time.h>
+
+ #include "htt.h"
+ #include "htc.h"
+@@ -31,6 +33,8 @@
+ #include "../ath.h"
+ #include "../regd.h"
+ #include "../dfs_pattern_detector.h"
++#include "spectral.h"
++#include "thermal.h"
+
+ #define MS(_v, _f) (((_v) & _f##_MASK) >> _f##_LSB)
+ #define SM(_v, _f) (((_v) << _f##_LSB) & _f##_MASK)
+@@ -60,12 +64,28 @@
+
+ struct ath10k;
+
++enum ath10k_bus {
++ ATH10K_BUS_PCI,
++};
++
++static inline const char *ath10k_bus_str(enum ath10k_bus bus)
++{
++ switch (bus) {
++ case ATH10K_BUS_PCI:
++ return "pci";
++ }
++
++ return "unknown";
++}
++
+ struct ath10k_skb_cb {
+ dma_addr_t paddr;
++ u8 eid;
+ u8 vdev_id;
+
+ struct {
+ u8 tid;
++ u16 freq;
+ bool is_offchan;
+ struct ath10k_htt_txbuf *txbuf;
+ u32 txbuf_paddr;
+@@ -77,6 +97,11 @@ struct ath10k_skb_cb {
+ } bcn;
+ } __packed;
+
++struct ath10k_skb_rxcb {
++ dma_addr_t paddr;
++ struct hlist_node hlist;
++};
++
+ static inline struct ath10k_skb_cb *ATH10K_SKB_CB(struct sk_buff *skb)
+ {
+ BUILD_BUG_ON(sizeof(struct ath10k_skb_cb) >
+@@ -84,6 +109,15 @@ static inline struct ath10k_skb_cb *ATH1
+ return (struct ath10k_skb_cb *)&IEEE80211_SKB_CB(skb)->driver_data;
+ }
+
++static inline struct ath10k_skb_rxcb *ATH10K_SKB_RXCB(struct sk_buff *skb)
++{
++ BUILD_BUG_ON(sizeof(struct ath10k_skb_rxcb) > sizeof(skb->cb));
++ return (struct ath10k_skb_rxcb *)skb->cb;
++}
++
++#define ATH10K_RXCB_SKB(rxcb) \
++ container_of((void *)rxcb, struct sk_buff, cb)
++
+ static inline u32 host_interest_item_address(u32 item_offset)
+ {
+ return QCA988X_HOST_INTEREST_ADDRESS + item_offset;
+@@ -93,8 +127,6 @@ struct ath10k_bmi {
+ bool done_sent;
+ };
+
+-#define ATH10K_MAX_MEM_REQS 16
+-
+ struct ath10k_mem_chunk {
+ void *vaddr;
+ dma_addr_t paddr;
+@@ -103,26 +135,52 @@ struct ath10k_mem_chunk {
+ };
+
+ struct ath10k_wmi {
++ enum ath10k_fw_wmi_op_version op_version;
+ enum ath10k_htc_ep_id eid;
+ struct completion service_ready;
+ struct completion unified_ready;
+ wait_queue_head_t tx_credits_wq;
++ DECLARE_BITMAP(svc_map, WMI_SERVICE_MAX);
+ struct wmi_cmd_map *cmd;
+ struct wmi_vdev_param_map *vdev_param;
+ struct wmi_pdev_param_map *pdev_param;
++ const struct wmi_ops *ops;
+
+ u32 num_mem_chunks;
+- struct ath10k_mem_chunk mem_chunks[ATH10K_MAX_MEM_REQS];
++ struct ath10k_mem_chunk mem_chunks[WMI_MAX_MEM_REQS];
+ };
+
+-struct ath10k_peer_stat {
++struct ath10k_fw_stats_peer {
++ struct list_head list;
++
+ u8 peer_macaddr[ETH_ALEN];
+ u32 peer_rssi;
+ u32 peer_tx_rate;
+ u32 peer_rx_rate; /* 10x only */
+ };
+
+-struct ath10k_target_stats {
++struct ath10k_fw_stats_vdev {
++ struct list_head list;
++
++ u32 vdev_id;
++ u32 beacon_snr;
++ u32 data_snr;
++ u32 num_tx_frames[4];
++ u32 num_rx_frames;
++ u32 num_tx_frames_retries[4];
++ u32 num_tx_frames_failures[4];
++ u32 num_rts_fail;
++ u32 num_rts_success;
++ u32 num_rx_err;
++ u32 num_rx_discard;
++ u32 num_tx_not_acked;
++ u32 tx_rate_history[10];
++ u32 beacon_rssi_history[10];
++};
++
++struct ath10k_fw_stats_pdev {
++ struct list_head list;
++
+ /* PDEV stats */
+ s32 ch_noise_floor;
+ u32 tx_frame_count;
+@@ -177,15 +235,12 @@ struct ath10k_target_stats {
+ s32 phy_errs;
+ s32 phy_err_drop;
+ s32 mpdu_errs;
++};
+
+- /* VDEV STATS */
+-
+- /* PEER STATS */
+- u8 peers;
+- struct ath10k_peer_stat peer_stat[TARGET_NUM_PEERS];
+-
+- /* TODO: Beacon filter stats */
+-
++struct ath10k_fw_stats {
++ struct list_head pdevs;
++ struct list_head vdevs;
++ struct list_head peers;
+ };
+
+ struct ath10k_dfs_stats {
+@@ -203,6 +258,8 @@ struct ath10k_peer {
+ int vdev_id;
+ u8 addr[ETH_ALEN];
+ DECLARE_BITMAP(peer_ids, ATH10K_MAX_NUM_PEER_IDS);
++
++ /* protected by ar->data_lock */
+ struct ieee80211_key_conf *keys[WMI_MAX_KEY_INDEX + 1];
+ };
+
+@@ -216,10 +273,21 @@ struct ath10k_sta {
+ u32 smps;
+
+ struct work_struct update_wk;
++
++#ifdef CPTCFG_MAC80211_DEBUGFS
++ /* protected by conf_mutex */
++ bool aggr_mode;
++#endif
+ };
+
+ #define ATH10K_VDEV_SETUP_TIMEOUT_HZ (5*HZ)
+
++enum ath10k_beacon_state {
++ ATH10K_BEACON_SCHEDULED = 0,
++ ATH10K_BEACON_SENDING,
++ ATH10K_BEACON_SENT,
++};
++
+ struct ath10k_vif {
+ struct list_head list;
+
+@@ -230,20 +298,22 @@ struct ath10k_vif {
+ u32 dtim_period;
+ struct sk_buff *beacon;
+ /* protected by data_lock */
+- bool beacon_sent;
++ enum ath10k_beacon_state beacon_state;
++ void *beacon_buf;
++ dma_addr_t beacon_paddr;
+
+ struct ath10k *ar;
+ struct ieee80211_vif *vif;
+
+ bool is_started;
+ bool is_up;
++ bool spectral_enabled;
++ bool ps;
+ u32 aid;
+ u8 bssid[ETH_ALEN];
+
+- struct work_struct wep_key_work;
+ struct ieee80211_key_conf *wep_keys[WMI_MAX_KEY_INDEX + 1];
+- u8 def_wep_key_idx;
+- u8 def_wep_key_newidx;
++ s8 def_wep_key_idx;
+
+ u16 tx_seq_no;
+
+@@ -269,6 +339,8 @@ struct ath10k_vif {
+ u8 force_sgi;
+ bool use_cts_prot;
+ int num_legacy_stations;
++ int txpower;
++ struct wmi_wmm_params_all_arg wmm_params;
+ };
+
+ struct ath10k_vif_iter {
+@@ -276,20 +348,38 @@ struct ath10k_vif_iter {
+ struct ath10k_vif *arvif;
+ };
+
++/* used for crash-dump storage, protected by data-lock */
++struct ath10k_fw_crash_data {
++ bool crashed_since_read;
++
++ uuid_le uuid;
++ struct timespec timestamp;
++ __le32 registers[REG_DUMP_COUNT_QCA988X];
++};
++
+ struct ath10k_debug {
+ struct dentry *debugfs_phy;
+
+- struct ath10k_target_stats target_stats;
+- u32 wmi_service_bitmap[WMI_SERVICE_BM_SIZE];
+-
+- struct completion event_stats_compl;
++ struct ath10k_fw_stats fw_stats;
++ struct completion fw_stats_complete;
++ bool fw_stats_done;
+
+ unsigned long htt_stats_mask;
+ struct delayed_work htt_stats_dwork;
+ struct ath10k_dfs_stats dfs_stats;
+ struct ath_dfs_pool_stats dfs_pool_stats;
+
++ /* protected by conf_mutex */
+ u32 fw_dbglog_mask;
++ u32 fw_dbglog_level;
++ u32 pktlog_filter;
++ u32 reg_addr;
++ u32 nf_cal_period;
++
++ u8 htt_max_amsdu;
++ u8 htt_max_ampdu;
++
++ struct ath10k_fw_crash_data *fw_crash_data;
+ };
+
+ enum ath10k_state {
+@@ -312,13 +402,24 @@ enum ath10k_state {
+ * prevents completion timeouts and makes the driver more responsive to
+ * userspace commands. This is also prevents recursive recovery. */
+ ATH10K_STATE_WEDGED,
++
++ /* factory tests */
++ ATH10K_STATE_UTF,
++};
++
++enum ath10k_firmware_mode {
++ /* the default mode, standard 802.11 functionality */
++ ATH10K_FIRMWARE_MODE_NORMAL,
++
++ /* factory tests etc */
++ ATH10K_FIRMWARE_MODE_UTF,
+ };
+
+ enum ath10k_fw_features {
+ /* wmi_mgmt_rx_hdr contains extra RSSI information */
+ ATH10K_FW_FEATURE_EXT_WMI_MGMT_RX = 0,
+
+- /* firmware from 10X branch */
++ /* Firmware from 10X branch. Deprecated, don't use in new code. */
+ ATH10K_FW_FEATURE_WMI_10X = 1,
+
+ /* firmware support tx frame management over WMI, otherwise it's HTT */
+@@ -327,6 +428,18 @@ enum ath10k_fw_features {
+ /* Firmware does not support P2P */
+ ATH10K_FW_FEATURE_NO_P2P = 3,
+
++ /* Firmware 10.2 feature bit. The ATH10K_FW_FEATURE_WMI_10X feature
++ * bit is required to be set as well. Deprecated, don't use in new
++ * code.
++ */
++ ATH10K_FW_FEATURE_WMI_10_2 = 4,
++
++ /* Some firmware revisions lack proper multi-interface client powersave
++ * implementation. Enabling PS could result in connection drops,
++ * traffic stalls, etc.
++ */
++ ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT = 5,
++
+ /* keep last */
+ ATH10K_FW_FEATURE_COUNT,
+ };
+@@ -334,15 +447,64 @@ enum ath10k_fw_features {
+ enum ath10k_dev_flags {
+ /* Indicates that ath10k device is during CAC phase of DFS */
+ ATH10K_CAC_RUNNING,
+- ATH10K_FLAG_FIRST_BOOT_DONE,
++ ATH10K_FLAG_CORE_REGISTERED,
++
++ /* Device has crashed and needs to restart. This indicates any pending
++ * waiters should immediately cancel instead of waiting for a time out.
++ */
++ ATH10K_FLAG_CRASH_FLUSH,
++};
++
++enum ath10k_cal_mode {
++ ATH10K_CAL_MODE_FILE,
++ ATH10K_CAL_MODE_OTP,
++ ATH10K_CAL_MODE_DT,
++};
++
++static inline const char *ath10k_cal_mode_str(enum ath10k_cal_mode mode)
++{
++ switch (mode) {
++ case ATH10K_CAL_MODE_FILE:
++ return "file";
++ case ATH10K_CAL_MODE_OTP:
++ return "otp";
++ case ATH10K_CAL_MODE_DT:
++ return "dt";
++ }
++
++ return "unknown";
++}
++
++enum ath10k_scan_state {
++ ATH10K_SCAN_IDLE,
++ ATH10K_SCAN_STARTING,
++ ATH10K_SCAN_RUNNING,
++ ATH10K_SCAN_ABORTING,
+ };
+
++static inline const char *ath10k_scan_state_str(enum ath10k_scan_state state)
++{
++ switch (state) {
++ case ATH10K_SCAN_IDLE:
++ return "idle";
++ case ATH10K_SCAN_STARTING:
++ return "starting";
++ case ATH10K_SCAN_RUNNING:
++ return "running";
++ case ATH10K_SCAN_ABORTING:
++ return "aborting";
++ }
++
++ return "unknown";
++}
++
+ struct ath10k {
+ struct ath_common ath_common;
+ struct ieee80211_hw *hw;
+ struct device *dev;
+ u8 mac_addr[ETH_ALEN];
+
++ enum ath10k_hw_rev hw_rev;
+ u32 chip_id;
+ u32 target_version;
+ u8 fw_version_major;
+@@ -358,18 +520,16 @@ struct ath10k {
+
+ DECLARE_BITMAP(fw_features, ATH10K_FW_FEATURE_COUNT);
+
+- struct targetdef *targetdef;
+- struct hostdef *hostdef;
+-
+ bool p2p;
+
+ struct {
+- void *priv;
++ enum ath10k_bus bus;
+ const struct ath10k_hif_ops *ops;
+ } hif;
+
+ struct completion target_suspend;
+
++ const struct ath10k_hw_regs *regs;
+ struct ath10k_bmi bmi;
+ struct ath10k_wmi wmi;
+ struct ath10k_htc htc;
+@@ -379,12 +539,15 @@ struct ath10k {
+ u32 id;
+ const char *name;
+ u32 patch_load_addr;
++ int uart_pin;
+
+ struct ath10k_hw_params_fw {
+ const char *dir;
+ const char *fw;
+ const char *otp;
+ const char *board;
++ size_t board_size;
++ size_t board_ext_size;
+ } fw;
+ } hw_params;
+
+@@ -400,16 +563,18 @@ struct ath10k {
+ const void *firmware_data;
+ size_t firmware_len;
+
++ const struct firmware *cal_file;
++
+ int fw_api;
++ enum ath10k_cal_mode cal_mode;
+
+ struct {
+ struct completion started;
+ struct completion completed;
+ struct completion on_channel;
+- struct timer_list timeout;
++ struct delayed_work timeout;
++ enum ath10k_scan_state state;
+ bool is_roc;
+- bool in_progress;
+- bool aborting;
+ int vdev_id;
+ int roc_freq;
+ } scan;
+@@ -427,8 +592,7 @@ struct ath10k {
+ /* current operating channel definition */
+ struct cfg80211_chan_def chandef;
+
+- int free_vdev_map;
+- bool promisc;
++ unsigned long long free_vdev_map;
+ bool monitor;
+ int monitor_vdev_id;
+ bool monitor_started;
+@@ -440,7 +604,12 @@ struct ath10k {
+ bool radar_enabled;
+ int num_started_vdevs;
+
+- struct wmi_pdev_set_wmm_params_arg wmm_params;
++ /* Protected by conf-mutex */
++ u8 supp_tx_chainmask;
++ u8 supp_rx_chainmask;
++ u8 cfg_tx_chainmask;
++ u8 cfg_rx_chainmask;
++
+ struct completion install_key_done;
+
+ struct completion vdev_setup_done;
+@@ -457,8 +626,13 @@ struct ath10k {
+ struct list_head peers;
+ wait_queue_head_t peer_mapping_wq;
+
+- /* number of created peers; protected by data_lock */
++ /* protected by conf_mutex */
+ int num_peers;
++ int num_stations;
++
++ int max_num_peers;
++ int max_num_stations;
++ int max_num_vdevs;
+
+ struct work_struct offchan_tx_work;
+ struct sk_buff_head offchan_tx_queue;
+@@ -470,6 +644,7 @@ struct ath10k {
+
+ enum ath10k_state state;
+
++ struct work_struct register_work;
+ struct work_struct restart_work;
+
+ /* cycle count is reported twice for each visited channel during scan.
+@@ -483,13 +658,46 @@ struct ath10k {
+ #ifdef CPTCFG_ATH10K_DEBUGFS
+ struct ath10k_debug debug;
+ #endif
++
++ struct {
++ /* relay(fs) channel for spectral scan */
++ struct rchan *rfs_chan_spec_scan;
++
++ /* spectral_mode and spec_config are protected by conf_mutex */
++ enum ath10k_spectral_mode mode;
++ struct ath10k_spec_scan config;
++ } spectral;
++
++ struct {
++ /* protected by conf_mutex */
++ const struct firmware *utf;
++ DECLARE_BITMAP(orig_fw_features, ATH10K_FW_FEATURE_COUNT);
++ enum ath10k_fw_wmi_op_version orig_wmi_op_version;
++
++ /* protected by data_lock */
++ bool utf_monitor;
++ } testmode;
++
++ struct {
++ /* protected by data_lock */
++ u32 fw_crash_counter;
++ u32 fw_warm_reset_counter;
++ u32 fw_cold_reset_counter;
++ } stats;
++
++ struct ath10k_thermal thermal;
++
++ /* must be last */
++ u8 drv_priv[0] __aligned(sizeof(void *));
+ };
+
+-struct ath10k *ath10k_core_create(void *hif_priv, struct device *dev,
++struct ath10k *ath10k_core_create(size_t priv_size, struct device *dev,
++ enum ath10k_bus bus,
++ enum ath10k_hw_rev hw_rev,
+ const struct ath10k_hif_ops *hif_ops);
+ void ath10k_core_destroy(struct ath10k *ar);
+
+-int ath10k_core_start(struct ath10k *ar);
++int ath10k_core_start(struct ath10k *ar, enum ath10k_firmware_mode mode);
+ int ath10k_wait_for_suspend(struct ath10k *ar, u32 suspend_opt);
+ void ath10k_core_stop(struct ath10k *ar);
+ int ath10k_core_register(struct ath10k *ar, u32 chip_id);
+--- a/drivers/net/wireless/ath/ath10k/debug.c
++++ b/drivers/net/wireless/ath/ath10k/debug.c
+@@ -17,107 +17,176 @@
+
+ #include <linux/module.h>
+ #include <linux/debugfs.h>
++#include <linux/vmalloc.h>
++#include <linux/utsname.h>
+
+ #include "core.h"
+ #include "debug.h"
++#include "hif.h"
++#include "wmi-ops.h"
+
+ /* ms */
+ #define ATH10K_DEBUG_HTT_STATS_INTERVAL 1000
+
+-static int ath10k_printk(const char *level, const char *fmt, ...)
+-{
+- struct va_format vaf;
+- va_list args;
+- int rtn;
++#define ATH10K_FW_CRASH_DUMP_VERSION 1
+
+- va_start(args, fmt);
++/**
++ * enum ath10k_fw_crash_dump_type - types of data in the dump file
++ * @ATH10K_FW_CRASH_DUMP_REGDUMP: Register crash dump in binary format
++ */
++enum ath10k_fw_crash_dump_type {
++ ATH10K_FW_CRASH_DUMP_REGISTERS = 0,
+
+- vaf.fmt = fmt;
+- vaf.va = &args;
++ ATH10K_FW_CRASH_DUMP_MAX,
++};
+
+- rtn = printk("%sath10k: %pV", level, &vaf);
++struct ath10k_tlv_dump_data {
++ /* see ath10k_fw_crash_dump_type above */
++ __le32 type;
+
+- va_end(args);
++ /* in bytes */
++ __le32 tlv_len;
+
+- return rtn;
+-}
++ /* pad to 32-bit boundaries as needed */
++ u8 tlv_data[];
++} __packed;
++
++struct ath10k_dump_file_data {
++ /* dump file information */
++
++ /* "ATH10K-FW-DUMP" */
++ char df_magic[16];
++
++ __le32 len;
++
++ /* file dump version */
++ __le32 version;
++
++ /* some info we can get from ath10k struct that might help */
++
++ u8 uuid[16];
++
++ __le32 chip_id;
++
++ /* 0 for now, in place for later hardware */
++ __le32 bus_type;
++
++ __le32 target_version;
++ __le32 fw_version_major;
++ __le32 fw_version_minor;
++ __le32 fw_version_release;
++ __le32 fw_version_build;
++ __le32 phy_capability;
++ __le32 hw_min_tx_power;
++ __le32 hw_max_tx_power;
++ __le32 ht_cap_info;
++ __le32 vht_cap_info;
++ __le32 num_rf_chains;
++
++ /* firmware version string */
++ char fw_ver[ETHTOOL_FWVERS_LEN];
++
++ /* Kernel related information */
++
++ /* time-of-day stamp */
++ __le64 tv_sec;
++
++ /* time-of-day stamp, nano-seconds */
++ __le64 tv_nsec;
++
++ /* LINUX_VERSION_CODE */
++ __le32 kernel_ver_code;
++
++ /* VERMAGIC_STRING */
++ char kernel_ver[64];
+
+-int ath10k_info(const char *fmt, ...)
++ /* room for growth w/out changing binary format */
++ u8 unused[128];
++
++ /* struct ath10k_tlv_dump_data + more */
++ u8 data[0];
++} __packed;
++
++void ath10k_info(struct ath10k *ar, const char *fmt, ...)
+ {
+ struct va_format vaf = {
+ .fmt = fmt,
+ };
+ va_list args;
+- int ret;
+
+ va_start(args, fmt);
+ vaf.va = &args;
+- ret = ath10k_printk(KERN_INFO, "%pV", &vaf);
+- trace_ath10k_log_info(&vaf);
++ dev_info(ar->dev, "%pV", &vaf);
++ trace_ath10k_log_info(ar, &vaf);
+ va_end(args);
+-
+- return ret;
+ }
+ EXPORT_SYMBOL(ath10k_info);
+
+-int ath10k_err(const char *fmt, ...)
++void ath10k_print_driver_info(struct ath10k *ar)
++{
++ ath10k_info(ar, "%s (0x%08x, 0x%08x) fw %s api %d htt %d.%d wmi %d cal %s max_sta %d\n",
++ ar->hw_params.name,
++ ar->target_version,
++ ar->chip_id,
++ ar->hw->wiphy->fw_version,
++ ar->fw_api,
++ ar->htt.target_version_major,
++ ar->htt.target_version_minor,
++ ar->wmi.op_version,
++ ath10k_cal_mode_str(ar->cal_mode),
++ ar->max_num_stations);
++ ath10k_info(ar, "debug %d debugfs %d tracing %d dfs %d testmode %d\n",
++ config_enabled(CPTCFG_ATH10K_DEBUG),
++ config_enabled(CPTCFG_ATH10K_DEBUGFS),
++ config_enabled(CPTCFG_ATH10K_TRACING),
++ config_enabled(CPTCFG_ATH10K_DFS_CERTIFIED),
++ config_enabled(CPTCFG_NL80211_TESTMODE));
++}
++EXPORT_SYMBOL(ath10k_print_driver_info);
++
++void ath10k_err(struct ath10k *ar, const char *fmt, ...)
+ {
+ struct va_format vaf = {
+ .fmt = fmt,
+ };
+ va_list args;
+- int ret;
+
+ va_start(args, fmt);
+ vaf.va = &args;
+- ret = ath10k_printk(KERN_ERR, "%pV", &vaf);
+- trace_ath10k_log_err(&vaf);
++ dev_err(ar->dev, "%pV", &vaf);
++ trace_ath10k_log_err(ar, &vaf);
+ va_end(args);
+-
+- return ret;
+ }
+ EXPORT_SYMBOL(ath10k_err);
+
+-int ath10k_warn(const char *fmt, ...)
++void ath10k_warn(struct ath10k *ar, const char *fmt, ...)
+ {
+ struct va_format vaf = {
+ .fmt = fmt,
+ };
+ va_list args;
+- int ret = 0;
+
+ va_start(args, fmt);
+ vaf.va = &args;
+-
+- if (net_ratelimit())
+- ret = ath10k_printk(KERN_WARNING, "%pV", &vaf);
+-
+- trace_ath10k_log_warn(&vaf);
++ dev_warn_ratelimited(ar->dev, "%pV", &vaf);
++ trace_ath10k_log_warn(ar, &vaf);
+
+ va_end(args);
+-
+- return ret;
+ }
+ EXPORT_SYMBOL(ath10k_warn);
+
+ #ifdef CPTCFG_ATH10K_DEBUGFS
+
+-void ath10k_debug_read_service_map(struct ath10k *ar,
+- void *service_map,
+- size_t map_size)
+-{
+- memcpy(ar->debug.wmi_service_bitmap, service_map, map_size);
+-}
+-
+ static ssize_t ath10k_read_wmi_services(struct file *file,
+ char __user *user_buf,
+ size_t count, loff_t *ppos)
+ {
+ struct ath10k *ar = file->private_data;
+ char *buf;
+- unsigned int len = 0, buf_len = 1500;
+- const char *status;
++ unsigned int len = 0, buf_len = 4096;
++ const char *name;
+ ssize_t ret_cnt;
++ bool enabled;
+ int i;
+
+ buf = kzalloc(buf_len, GFP_KERNEL);
+@@ -129,16 +198,25 @@ static ssize_t ath10k_read_wmi_services(
+ if (len > buf_len)
+ len = buf_len;
+
+- for (i = 0; i < WMI_SERVICE_LAST; i++) {
+- if (WMI_SERVICE_IS_ENABLED(ar->debug.wmi_service_bitmap, i))
+- status = "enabled";
+- else
+- status = "disabled";
++ spin_lock_bh(&ar->data_lock);
++ for (i = 0; i < WMI_SERVICE_MAX; i++) {
++ enabled = test_bit(i, ar->wmi.svc_map);
++ name = wmi_service_name(i);
++
++ if (!name) {
++ if (enabled)
++ len += scnprintf(buf + len, buf_len - len,
++ "%-40s %s (bit %d)\n",
++ "unknown", "enabled", i);
++
++ continue;
++ }
+
+ len += scnprintf(buf + len, buf_len - len,
+- "0x%02x - %20s - %s\n",
+- i, wmi_service_name(i), status);
++ "%-40s %s\n",
++ name, enabled ? "enabled" : "-");
+ }
++ spin_unlock_bh(&ar->data_lock);
+
+ ret_cnt = simple_read_from_buffer(user_buf, count, ppos, buf, len);
+
+@@ -155,169 +233,221 @@ static const struct file_operations fops
+ .llseek = default_llseek,
+ };
+
+-void ath10k_debug_read_target_stats(struct ath10k *ar,
+- struct wmi_stats_event *ev)
++static void ath10k_debug_fw_stats_pdevs_free(struct list_head *head)
+ {
+- u8 *tmp = ev->data;
+- struct ath10k_target_stats *stats;
+- int num_pdev_stats, num_vdev_stats, num_peer_stats;
+- struct wmi_pdev_stats_10x *ps;
+- int i;
++ struct ath10k_fw_stats_pdev *i, *tmp;
+
++ list_for_each_entry_safe(i, tmp, head, list) {
++ list_del(&i->list);
++ kfree(i);
++ }
++}
++
++static void ath10k_debug_fw_stats_vdevs_free(struct list_head *head)
++{
++ struct ath10k_fw_stats_vdev *i, *tmp;
++
++ list_for_each_entry_safe(i, tmp, head, list) {
++ list_del(&i->list);
++ kfree(i);
++ }
++}
++
++static void ath10k_debug_fw_stats_peers_free(struct list_head *head)
++{
++ struct ath10k_fw_stats_peer *i, *tmp;
++
++ list_for_each_entry_safe(i, tmp, head, list) {
++ list_del(&i->list);
++ kfree(i);
++ }
++}
++
++static void ath10k_debug_fw_stats_reset(struct ath10k *ar)
++{
+ spin_lock_bh(&ar->data_lock);
++ ar->debug.fw_stats_done = false;
++ ath10k_debug_fw_stats_pdevs_free(&ar->debug.fw_stats.pdevs);
++ ath10k_debug_fw_stats_vdevs_free(&ar->debug.fw_stats.vdevs);
++ ath10k_debug_fw_stats_peers_free(&ar->debug.fw_stats.peers);
++ spin_unlock_bh(&ar->data_lock);
++}
+
+- stats = &ar->debug.target_stats;
++static size_t ath10k_debug_fw_stats_num_peers(struct list_head *head)
++{
++ struct ath10k_fw_stats_peer *i;
++ size_t num = 0;
+
+- num_pdev_stats = __le32_to_cpu(ev->num_pdev_stats); /* 0 or 1 */
+- num_vdev_stats = __le32_to_cpu(ev->num_vdev_stats); /* 0 or max vdevs */
+- num_peer_stats = __le32_to_cpu(ev->num_peer_stats); /* 0 or max peers */
+-
+- if (num_pdev_stats) {
+- ps = (struct wmi_pdev_stats_10x *)tmp;
+-
+- stats->ch_noise_floor = __le32_to_cpu(ps->chan_nf);
+- stats->tx_frame_count = __le32_to_cpu(ps->tx_frame_count);
+- stats->rx_frame_count = __le32_to_cpu(ps->rx_frame_count);
+- stats->rx_clear_count = __le32_to_cpu(ps->rx_clear_count);
+- stats->cycle_count = __le32_to_cpu(ps->cycle_count);
+- stats->phy_err_count = __le32_to_cpu(ps->phy_err_count);
+- stats->chan_tx_power = __le32_to_cpu(ps->chan_tx_pwr);
+-
+- stats->comp_queued = __le32_to_cpu(ps->wal.tx.comp_queued);
+- stats->comp_delivered =
+- __le32_to_cpu(ps->wal.tx.comp_delivered);
+- stats->msdu_enqued = __le32_to_cpu(ps->wal.tx.msdu_enqued);
+- stats->mpdu_enqued = __le32_to_cpu(ps->wal.tx.mpdu_enqued);
+- stats->wmm_drop = __le32_to_cpu(ps->wal.tx.wmm_drop);
+- stats->local_enqued = __le32_to_cpu(ps->wal.tx.local_enqued);
+- stats->local_freed = __le32_to_cpu(ps->wal.tx.local_freed);
+- stats->hw_queued = __le32_to_cpu(ps->wal.tx.hw_queued);
+- stats->hw_reaped = __le32_to_cpu(ps->wal.tx.hw_reaped);
+- stats->underrun = __le32_to_cpu(ps->wal.tx.underrun);
+- stats->tx_abort = __le32_to_cpu(ps->wal.tx.tx_abort);
+- stats->mpdus_requed = __le32_to_cpu(ps->wal.tx.mpdus_requed);
+- stats->tx_ko = __le32_to_cpu(ps->wal.tx.tx_ko);
+- stats->data_rc = __le32_to_cpu(ps->wal.tx.data_rc);
+- stats->self_triggers = __le32_to_cpu(ps->wal.tx.self_triggers);
+- stats->sw_retry_failure =
+- __le32_to_cpu(ps->wal.tx.sw_retry_failure);
+- stats->illgl_rate_phy_err =
+- __le32_to_cpu(ps->wal.tx.illgl_rate_phy_err);
+- stats->pdev_cont_xretry =
+- __le32_to_cpu(ps->wal.tx.pdev_cont_xretry);
+- stats->pdev_tx_timeout =
+- __le32_to_cpu(ps->wal.tx.pdev_tx_timeout);
+- stats->pdev_resets = __le32_to_cpu(ps->wal.tx.pdev_resets);
+- stats->phy_underrun = __le32_to_cpu(ps->wal.tx.phy_underrun);
+- stats->txop_ovf = __le32_to_cpu(ps->wal.tx.txop_ovf);
+-
+- stats->mid_ppdu_route_change =
+- __le32_to_cpu(ps->wal.rx.mid_ppdu_route_change);
+- stats->status_rcvd = __le32_to_cpu(ps->wal.rx.status_rcvd);
+- stats->r0_frags = __le32_to_cpu(ps->wal.rx.r0_frags);
+- stats->r1_frags = __le32_to_cpu(ps->wal.rx.r1_frags);
+- stats->r2_frags = __le32_to_cpu(ps->wal.rx.r2_frags);
+- stats->r3_frags = __le32_to_cpu(ps->wal.rx.r3_frags);
+- stats->htt_msdus = __le32_to_cpu(ps->wal.rx.htt_msdus);
+- stats->htt_mpdus = __le32_to_cpu(ps->wal.rx.htt_mpdus);
+- stats->loc_msdus = __le32_to_cpu(ps->wal.rx.loc_msdus);
+- stats->loc_mpdus = __le32_to_cpu(ps->wal.rx.loc_mpdus);
+- stats->oversize_amsdu =
+- __le32_to_cpu(ps->wal.rx.oversize_amsdu);
+- stats->phy_errs = __le32_to_cpu(ps->wal.rx.phy_errs);
+- stats->phy_err_drop = __le32_to_cpu(ps->wal.rx.phy_err_drop);
+- stats->mpdu_errs = __le32_to_cpu(ps->wal.rx.mpdu_errs);
+-
+- if (test_bit(ATH10K_FW_FEATURE_WMI_10X,
+- ar->fw_features)) {
+- stats->ack_rx_bad = __le32_to_cpu(ps->ack_rx_bad);
+- stats->rts_bad = __le32_to_cpu(ps->rts_bad);
+- stats->rts_good = __le32_to_cpu(ps->rts_good);
+- stats->fcs_bad = __le32_to_cpu(ps->fcs_bad);
+- stats->no_beacons = __le32_to_cpu(ps->no_beacons);
+- stats->mib_int_count = __le32_to_cpu(ps->mib_int_count);
+- tmp += sizeof(struct wmi_pdev_stats_10x);
+- } else {
+- tmp += sizeof(struct wmi_pdev_stats_old);
+- }
++ list_for_each_entry(i, head, list)
++ ++num;
++
++ return num;
++}
++
++static size_t ath10k_debug_fw_stats_num_vdevs(struct list_head *head)
++{
++ struct ath10k_fw_stats_vdev *i;
++ size_t num = 0;
++
++ list_for_each_entry(i, head, list)
++ ++num;
++
++ return num;
++}
++
++void ath10k_debug_fw_stats_process(struct ath10k *ar, struct sk_buff *skb)
++{
++ struct ath10k_fw_stats stats = {};
++ bool is_start, is_started, is_end;
++ size_t num_peers;
++ size_t num_vdevs;
++ int ret;
++
++ INIT_LIST_HEAD(&stats.pdevs);
++ INIT_LIST_HEAD(&stats.vdevs);
++ INIT_LIST_HEAD(&stats.peers);
++
++ spin_lock_bh(&ar->data_lock);
++ ret = ath10k_wmi_pull_fw_stats(ar, skb, &stats);
++ if (ret) {
++ ath10k_warn(ar, "failed to pull fw stats: %d\n", ret);
++ goto unlock;
+ }
+
+- /* 0 or max vdevs */
+- /* Currently firmware does not support VDEV stats */
+- if (num_vdev_stats) {
+- struct wmi_vdev_stats *vdev_stats;
+-
+- for (i = 0; i < num_vdev_stats; i++) {
+- vdev_stats = (struct wmi_vdev_stats *)tmp;
+- tmp += sizeof(struct wmi_vdev_stats);
+- }
++ /* Stat data may exceed htc-wmi buffer limit. In such case firmware
++ * splits the stats data and delivers it in a ping-pong fashion of
++ * request cmd-update event.
++ *
++ * However there is no explicit end-of-data. Instead start-of-data is
++ * used as an implicit one. This works as follows:
++ * a) discard stat update events until one with pdev stats is
++ * delivered - this skips session started at end of (b)
++ * b) consume stat update events until another one with pdev stats is
++ * delivered which is treated as end-of-data and is itself discarded
++ */
++
++ if (ar->debug.fw_stats_done) {
++ ath10k_warn(ar, "received unsolicited stats update event\n");
++ goto free;
+ }
+
+- if (num_peer_stats) {
+- struct wmi_peer_stats_10x *peer_stats;
+- struct ath10k_peer_stat *s;
+-
+- stats->peers = num_peer_stats;
+-
+- for (i = 0; i < num_peer_stats; i++) {
+- peer_stats = (struct wmi_peer_stats_10x *)tmp;
+- s = &stats->peer_stat[i];
+-
+- memcpy(s->peer_macaddr, &peer_stats->peer_macaddr.addr,
+- ETH_ALEN);
+- s->peer_rssi = __le32_to_cpu(peer_stats->peer_rssi);
+- s->peer_tx_rate =
+- __le32_to_cpu(peer_stats->peer_tx_rate);
+- if (test_bit(ATH10K_FW_FEATURE_WMI_10X,
+- ar->fw_features)) {
+- s->peer_rx_rate =
+- __le32_to_cpu(peer_stats->peer_rx_rate);
+- tmp += sizeof(struct wmi_peer_stats_10x);
+-
+- } else {
+- tmp += sizeof(struct wmi_peer_stats_old);
+- }
++ num_peers = ath10k_debug_fw_stats_num_peers(&ar->debug.fw_stats.peers);
++ num_vdevs = ath10k_debug_fw_stats_num_vdevs(&ar->debug.fw_stats.vdevs);
++ is_start = (list_empty(&ar->debug.fw_stats.pdevs) &&
++ !list_empty(&stats.pdevs));
++ is_end = (!list_empty(&ar->debug.fw_stats.pdevs) &&
++ !list_empty(&stats.pdevs));
++
++ if (is_start)
++ list_splice_tail_init(&stats.pdevs, &ar->debug.fw_stats.pdevs);
++
++ if (is_end)
++ ar->debug.fw_stats_done = true;
++
++ is_started = !list_empty(&ar->debug.fw_stats.pdevs);
++
++ if (is_started && !is_end) {
++ if (num_peers >= ATH10K_MAX_NUM_PEER_IDS) {
++ /* Although this is unlikely impose a sane limit to
++ * prevent firmware from DoS-ing the host.
++ */
++ ath10k_warn(ar, "dropping fw peer stats\n");
++ goto free;
+ }
++
++ if (num_vdevs >= BITS_PER_LONG) {
++ ath10k_warn(ar, "dropping fw vdev stats\n");
++ goto free;
++ }
++
++ list_splice_tail_init(&stats.peers, &ar->debug.fw_stats.peers);
++ list_splice_tail_init(&stats.vdevs, &ar->debug.fw_stats.vdevs);
+ }
+
++ complete(&ar->debug.fw_stats_complete);
++
++free:
++ /* In some cases lists have been spliced and cleared. Free up
++ * resources if that is not the case.
++ */
++ ath10k_debug_fw_stats_pdevs_free(&stats.pdevs);
++ ath10k_debug_fw_stats_vdevs_free(&stats.vdevs);
++ ath10k_debug_fw_stats_peers_free(&stats.peers);
++
++unlock:
+ spin_unlock_bh(&ar->data_lock);
+- complete(&ar->debug.event_stats_compl);
+ }
+
+-static ssize_t ath10k_read_fw_stats(struct file *file, char __user *user_buf,
+- size_t count, loff_t *ppos)
++static int ath10k_debug_fw_stats_request(struct ath10k *ar)
+ {
+- struct ath10k *ar = file->private_data;
+- struct ath10k_target_stats *fw_stats;
+- char *buf = NULL;
+- unsigned int len = 0, buf_len = 8000;
+- ssize_t ret_cnt = 0;
+- long left;
+- int i;
++ unsigned long timeout;
+ int ret;
+
+- fw_stats = &ar->debug.target_stats;
++ lockdep_assert_held(&ar->conf_mutex);
+
+- mutex_lock(&ar->conf_mutex);
++ timeout = jiffies + msecs_to_jiffies(1*HZ);
+
+- if (ar->state != ATH10K_STATE_ON)
+- goto exit;
++ ath10k_debug_fw_stats_reset(ar);
+
+- buf = kzalloc(buf_len, GFP_KERNEL);
+- if (!buf)
+- goto exit;
++ for (;;) {
++ if (time_after(jiffies, timeout))
++ return -ETIMEDOUT;
+
+- ret = ath10k_wmi_request_stats(ar, WMI_REQUEST_PEER_STAT);
+- if (ret) {
+- ath10k_warn("could not request stats (%d)\n", ret);
+- goto exit;
++ reinit_completion(&ar->debug.fw_stats_complete);
++
++ ret = ath10k_wmi_request_stats(ar,
++ WMI_STAT_PDEV |
++ WMI_STAT_VDEV |
++ WMI_STAT_PEER);
++ if (ret) {
++ ath10k_warn(ar, "could not request stats (%d)\n", ret);
++ return ret;
++ }
++
++ ret = wait_for_completion_timeout(&ar->debug.fw_stats_complete,
++ 1*HZ);
++ if (ret == 0)
++ return -ETIMEDOUT;
++
++ spin_lock_bh(&ar->data_lock);
++ if (ar->debug.fw_stats_done) {
++ spin_unlock_bh(&ar->data_lock);
++ break;
++ }
++ spin_unlock_bh(&ar->data_lock);
+ }
+
+- left = wait_for_completion_timeout(&ar->debug.event_stats_compl, 1*HZ);
+- if (left <= 0)
+- goto exit;
++ return 0;
++}
++
++/* FIXME: How to calculate the buffer size sanely? */
++#define ATH10K_FW_STATS_BUF_SIZE (1024*1024)
++
++static void ath10k_fw_stats_fill(struct ath10k *ar,
++ struct ath10k_fw_stats *fw_stats,
++ char *buf)
++{
++ unsigned int len = 0;
++ unsigned int buf_len = ATH10K_FW_STATS_BUF_SIZE;
++ const struct ath10k_fw_stats_pdev *pdev;
++ const struct ath10k_fw_stats_vdev *vdev;
++ const struct ath10k_fw_stats_peer *peer;
++ size_t num_peers;
++ size_t num_vdevs;
++ int i;
+
+ spin_lock_bh(&ar->data_lock);
++
++ pdev = list_first_entry_or_null(&fw_stats->pdevs,
++ struct ath10k_fw_stats_pdev, list);
++ if (!pdev) {
++ ath10k_warn(ar, "failed to get pdev stats\n");
++ goto unlock;
++ }
++
++ num_peers = ath10k_debug_fw_stats_num_peers(&fw_stats->peers);
++ num_vdevs = ath10k_debug_fw_stats_num_vdevs(&fw_stats->vdevs);
++
+ len += scnprintf(buf + len, buf_len - len, "\n");
+ len += scnprintf(buf + len, buf_len - len, "%30s\n",
+ "ath10k PDEV stats");
+@@ -325,29 +455,29 @@ static ssize_t ath10k_read_fw_stats(stru
+ "=================");
+
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Channel noise floor", fw_stats->ch_noise_floor);
++ "Channel noise floor", pdev->ch_noise_floor);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10u\n",
+- "Channel TX power", fw_stats->chan_tx_power);
++ "Channel TX power", pdev->chan_tx_power);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10u\n",
+- "TX frame count", fw_stats->tx_frame_count);
++ "TX frame count", pdev->tx_frame_count);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10u\n",
+- "RX frame count", fw_stats->rx_frame_count);
++ "RX frame count", pdev->rx_frame_count);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10u\n",
+- "RX clear count", fw_stats->rx_clear_count);
++ "RX clear count", pdev->rx_clear_count);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10u\n",
+- "Cycle count", fw_stats->cycle_count);
++ "Cycle count", pdev->cycle_count);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10u\n",
+- "PHY error count", fw_stats->phy_err_count);
++ "PHY error count", pdev->phy_err_count);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10u\n",
+- "RTS bad count", fw_stats->rts_bad);
++ "RTS bad count", pdev->rts_bad);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10u\n",
+- "RTS good count", fw_stats->rts_good);
++ "RTS good count", pdev->rts_good);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10u\n",
+- "FCS bad count", fw_stats->fcs_bad);
++ "FCS bad count", pdev->fcs_bad);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10u\n",
+- "No beacon count", fw_stats->no_beacons);
++ "No beacon count", pdev->no_beacons);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10u\n",
+- "MIB int count", fw_stats->mib_int_count);
++ "MIB int count", pdev->mib_int_count);
+
+ len += scnprintf(buf + len, buf_len - len, "\n");
+ len += scnprintf(buf + len, buf_len - len, "%30s\n",
+@@ -356,51 +486,51 @@ static ssize_t ath10k_read_fw_stats(stru
+ "=================");
+
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "HTT cookies queued", fw_stats->comp_queued);
++ "HTT cookies queued", pdev->comp_queued);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "HTT cookies disp.", fw_stats->comp_delivered);
++ "HTT cookies disp.", pdev->comp_delivered);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "MSDU queued", fw_stats->msdu_enqued);
++ "MSDU queued", pdev->msdu_enqued);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "MPDU queued", fw_stats->mpdu_enqued);
++ "MPDU queued", pdev->mpdu_enqued);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "MSDUs dropped", fw_stats->wmm_drop);
++ "MSDUs dropped", pdev->wmm_drop);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Local enqued", fw_stats->local_enqued);
++ "Local enqued", pdev->local_enqued);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Local freed", fw_stats->local_freed);
++ "Local freed", pdev->local_freed);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "HW queued", fw_stats->hw_queued);
++ "HW queued", pdev->hw_queued);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "PPDUs reaped", fw_stats->hw_reaped);
++ "PPDUs reaped", pdev->hw_reaped);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Num underruns", fw_stats->underrun);
++ "Num underruns", pdev->underrun);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "PPDUs cleaned", fw_stats->tx_abort);
++ "PPDUs cleaned", pdev->tx_abort);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "MPDUs requed", fw_stats->mpdus_requed);
++ "MPDUs requed", pdev->mpdus_requed);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Excessive retries", fw_stats->tx_ko);
++ "Excessive retries", pdev->tx_ko);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "HW rate", fw_stats->data_rc);
++ "HW rate", pdev->data_rc);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Sched self tiggers", fw_stats->self_triggers);
++ "Sched self tiggers", pdev->self_triggers);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+ "Dropped due to SW retries",
+- fw_stats->sw_retry_failure);
++ pdev->sw_retry_failure);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+ "Illegal rate phy errors",
+- fw_stats->illgl_rate_phy_err);
++ pdev->illgl_rate_phy_err);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Pdev continous xretry", fw_stats->pdev_cont_xretry);
++ "Pdev continous xretry", pdev->pdev_cont_xretry);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "TX timeout", fw_stats->pdev_tx_timeout);
++ "TX timeout", pdev->pdev_tx_timeout);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "PDEV resets", fw_stats->pdev_resets);
++ "PDEV resets", pdev->pdev_resets);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "PHY underrun", fw_stats->phy_underrun);
++ "PHY underrun", pdev->phy_underrun);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "MPDU is more than txop limit", fw_stats->txop_ovf);
++ "MPDU is more than txop limit", pdev->txop_ovf);
+
+ len += scnprintf(buf + len, buf_len - len, "\n");
+ len += scnprintf(buf + len, buf_len - len, "%30s\n",
+@@ -410,84 +540,254 @@ static ssize_t ath10k_read_fw_stats(stru
+
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+ "Mid PPDU route change",
+- fw_stats->mid_ppdu_route_change);
++ pdev->mid_ppdu_route_change);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Tot. number of statuses", fw_stats->status_rcvd);
++ "Tot. number of statuses", pdev->status_rcvd);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Extra frags on rings 0", fw_stats->r0_frags);
++ "Extra frags on rings 0", pdev->r0_frags);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Extra frags on rings 1", fw_stats->r1_frags);
++ "Extra frags on rings 1", pdev->r1_frags);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Extra frags on rings 2", fw_stats->r2_frags);
++ "Extra frags on rings 2", pdev->r2_frags);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Extra frags on rings 3", fw_stats->r3_frags);
++ "Extra frags on rings 3", pdev->r3_frags);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "MSDUs delivered to HTT", fw_stats->htt_msdus);
++ "MSDUs delivered to HTT", pdev->htt_msdus);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "MPDUs delivered to HTT", fw_stats->htt_mpdus);
++ "MPDUs delivered to HTT", pdev->htt_mpdus);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "MSDUs delivered to stack", fw_stats->loc_msdus);
++ "MSDUs delivered to stack", pdev->loc_msdus);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "MPDUs delivered to stack", fw_stats->loc_mpdus);
++ "MPDUs delivered to stack", pdev->loc_mpdus);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "Oversized AMSUs", fw_stats->oversize_amsdu);
++ "Oversized AMSUs", pdev->oversize_amsdu);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "PHY errors", fw_stats->phy_errs);
++ "PHY errors", pdev->phy_errs);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "PHY errors drops", fw_stats->phy_err_drop);
++ "PHY errors drops", pdev->phy_err_drop);
+ len += scnprintf(buf + len, buf_len - len, "%30s %10d\n",
+- "MPDU errors (FCS, MIC, ENC)", fw_stats->mpdu_errs);
++ "MPDU errors (FCS, MIC, ENC)", pdev->mpdu_errs);
++
++ len += scnprintf(buf + len, buf_len - len, "\n");
++ len += scnprintf(buf + len, buf_len - len, "%30s (%zu)\n",
++ "ath10k VDEV stats", num_vdevs);
++ len += scnprintf(buf + len, buf_len - len, "%30s\n\n",
++ "=================");
++
++ list_for_each_entry(vdev, &fw_stats->vdevs, list) {
++ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
++ "vdev id", vdev->vdev_id);
++ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
++ "beacon snr", vdev->beacon_snr);
++ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
++ "data snr", vdev->data_snr);
++ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
++ "num rx frames", vdev->num_rx_frames);
++ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
++ "num rts fail", vdev->num_rts_fail);
++ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
++ "num rts success", vdev->num_rts_success);
++ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
++ "num rx err", vdev->num_rx_err);
++ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
++ "num rx discard", vdev->num_rx_discard);
++ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
++ "num tx not acked", vdev->num_tx_not_acked);
++
++ for (i = 0 ; i < ARRAY_SIZE(vdev->num_tx_frames); i++)
++ len += scnprintf(buf + len, buf_len - len,
++ "%25s [%02d] %u\n",
++ "num tx frames", i,
++ vdev->num_tx_frames[i]);
++
++ for (i = 0 ; i < ARRAY_SIZE(vdev->num_tx_frames_retries); i++)
++ len += scnprintf(buf + len, buf_len - len,
++ "%25s [%02d] %u\n",
++ "num tx frames retries", i,
++ vdev->num_tx_frames_retries[i]);
++
++ for (i = 0 ; i < ARRAY_SIZE(vdev->num_tx_frames_failures); i++)
++ len += scnprintf(buf + len, buf_len - len,
++ "%25s [%02d] %u\n",
++ "num tx frames failures", i,
++ vdev->num_tx_frames_failures[i]);
++
++ for (i = 0 ; i < ARRAY_SIZE(vdev->tx_rate_history); i++)
++ len += scnprintf(buf + len, buf_len - len,
++ "%25s [%02d] 0x%08x\n",
++ "tx rate history", i,
++ vdev->tx_rate_history[i]);
++
++ for (i = 0 ; i < ARRAY_SIZE(vdev->beacon_rssi_history); i++)
++ len += scnprintf(buf + len, buf_len - len,
++ "%25s [%02d] %u\n",
++ "beacon rssi history", i,
++ vdev->beacon_rssi_history[i]);
++
++ len += scnprintf(buf + len, buf_len - len, "\n");
++ }
+
+ len += scnprintf(buf + len, buf_len - len, "\n");
+- len += scnprintf(buf + len, buf_len - len, "%30s (%d)\n",
+- "ath10k PEER stats", fw_stats->peers);
++ len += scnprintf(buf + len, buf_len - len, "%30s (%zu)\n",
++ "ath10k PEER stats", num_peers);
+ len += scnprintf(buf + len, buf_len - len, "%30s\n\n",
+ "=================");
+
+- for (i = 0; i < fw_stats->peers; i++) {
++ list_for_each_entry(peer, &fw_stats->peers, list) {
+ len += scnprintf(buf + len, buf_len - len, "%30s %pM\n",
+- "Peer MAC address",
+- fw_stats->peer_stat[i].peer_macaddr);
++ "Peer MAC address", peer->peer_macaddr);
+ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
+- "Peer RSSI", fw_stats->peer_stat[i].peer_rssi);
++ "Peer RSSI", peer->peer_rssi);
+ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
+- "Peer TX rate",
+- fw_stats->peer_stat[i].peer_tx_rate);
++ "Peer TX rate", peer->peer_tx_rate);
+ len += scnprintf(buf + len, buf_len - len, "%30s %u\n",
+- "Peer RX rate",
+- fw_stats->peer_stat[i].peer_rx_rate);
++ "Peer RX rate", peer->peer_rx_rate);
+ len += scnprintf(buf + len, buf_len - len, "\n");
+ }
++
++unlock:
+ spin_unlock_bh(&ar->data_lock);
+
+- if (len > buf_len)
+- len = buf_len;
++ if (len >= buf_len)
++ buf[len - 1] = 0;
++ else
++ buf[len] = 0;
++}
+
+- ret_cnt = simple_read_from_buffer(user_buf, count, ppos, buf, len);
++static int ath10k_fw_stats_open(struct inode *inode, struct file *file)
++{
++ struct ath10k *ar = inode->i_private;
++ void *buf = NULL;
++ int ret;
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->state != ATH10K_STATE_ON) {
++ ret = -ENETDOWN;
++ goto err_unlock;
++ }
++
++ buf = vmalloc(ATH10K_FW_STATS_BUF_SIZE);
++ if (!buf) {
++ ret = -ENOMEM;
++ goto err_unlock;
++ }
++
++ ret = ath10k_debug_fw_stats_request(ar);
++ if (ret) {
++ ath10k_warn(ar, "failed to request fw stats: %d\n", ret);
++ goto err_free;
++ }
++
++ ath10k_fw_stats_fill(ar, &ar->debug.fw_stats, buf);
++ file->private_data = buf;
+
+-exit:
+ mutex_unlock(&ar->conf_mutex);
+- kfree(buf);
+- return ret_cnt;
++ return 0;
++
++err_free:
++ vfree(buf);
++
++err_unlock:
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
++}
++
++static int ath10k_fw_stats_release(struct inode *inode, struct file *file)
++{
++ vfree(file->private_data);
++
++ return 0;
++}
++
++static ssize_t ath10k_fw_stats_read(struct file *file, char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ const char *buf = file->private_data;
++ unsigned int len = strlen(buf);
++
++ return simple_read_from_buffer(user_buf, count, ppos, buf, len);
+ }
+
+ static const struct file_operations fops_fw_stats = {
+- .read = ath10k_read_fw_stats,
++ .open = ath10k_fw_stats_open,
++ .release = ath10k_fw_stats_release,
++ .read = ath10k_fw_stats_read,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++static ssize_t ath10k_debug_fw_reset_stats_read(struct file *file,
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ int ret, len, buf_len;
++ char *buf;
++
++ buf_len = 500;
++ buf = kmalloc(buf_len, GFP_KERNEL);
++ if (!buf)
++ return -ENOMEM;
++
++ spin_lock_bh(&ar->data_lock);
++
++ len = 0;
++ len += scnprintf(buf + len, buf_len - len,
++ "fw_crash_counter\t\t%d\n", ar->stats.fw_crash_counter);
++ len += scnprintf(buf + len, buf_len - len,
++ "fw_warm_reset_counter\t\t%d\n",
++ ar->stats.fw_warm_reset_counter);
++ len += scnprintf(buf + len, buf_len - len,
++ "fw_cold_reset_counter\t\t%d\n",
++ ar->stats.fw_cold_reset_counter);
++
++ spin_unlock_bh(&ar->data_lock);
++
++ ret = simple_read_from_buffer(user_buf, count, ppos, buf, len);
++
++ kfree(buf);
++
++ return ret;
++}
++
++static const struct file_operations fops_fw_reset_stats = {
+ .open = simple_open,
++ .read = ath10k_debug_fw_reset_stats_read,
+ .owner = THIS_MODULE,
+ .llseek = default_llseek,
+ };
+
++/* This is a clean assert crash in firmware. */
++static int ath10k_debug_fw_assert(struct ath10k *ar)
++{
++ struct wmi_vdev_install_key_cmd *cmd;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd) + 16);
++ if (!skb)
++ return -ENOMEM;
++
++ cmd = (struct wmi_vdev_install_key_cmd *)skb->data;
++ memset(cmd, 0, sizeof(*cmd));
++
++ /* big enough number so that firmware asserts */
++ cmd->vdev_id = __cpu_to_le32(0x7ffe);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->vdev_install_key_cmdid);
++}
++
+ static ssize_t ath10k_read_simulate_fw_crash(struct file *file,
+ char __user *user_buf,
+ size_t count, loff_t *ppos)
+ {
+- const char buf[] = "To simulate firmware crash write one of the"
+- " keywords to this file:\n `soft` - this will send"
+- " WMI_FORCE_FW_HANG_ASSERT to firmware if FW"
+- " supports that command.\n `hard` - this will send"
+- " to firmware command with illegal parameters"
+- " causing firmware crash.\n";
++ const char buf[] =
++ "To simulate firmware crash write one of the keywords to this file:\n"
++ "`soft` - this will send WMI_FORCE_FW_HANG_ASSERT to firmware if FW supports that command.\n"
++ "`hard` - this will send to firmware command with illegal parameters causing firmware crash.\n"
++ "`assert` - this will send special illegal parameter to firmware to cause assert failure and crash.\n"
++ "`hw-restart` - this will simply queue hw restart without fw/hw actually crashing.\n";
+
+ return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
+ }
+@@ -527,19 +827,30 @@ static ssize_t ath10k_write_simulate_fw_
+ }
+
+ if (!strcmp(buf, "soft")) {
+- ath10k_info("simulating soft firmware crash\n");
++ ath10k_info(ar, "simulating soft firmware crash\n");
+ ret = ath10k_wmi_force_fw_hang(ar, WMI_FORCE_FW_HANG_ASSERT, 0);
+ } else if (!strcmp(buf, "hard")) {
+- ath10k_info("simulating hard firmware crash\n");
+- ret = ath10k_wmi_vdev_set_param(ar, TARGET_NUM_VDEVS + 1,
+- ar->wmi.vdev_param->rts_threshold, 0);
++ ath10k_info(ar, "simulating hard firmware crash\n");
++ /* 0x7fff is vdev id, and it is always out of range for all
++ * firmware variants in order to force a firmware crash.
++ */
++ ret = ath10k_wmi_vdev_set_param(ar, 0x7fff,
++ ar->wmi.vdev_param->rts_threshold,
++ 0);
++ } else if (!strcmp(buf, "assert")) {
++ ath10k_info(ar, "simulating firmware assert crash\n");
++ ret = ath10k_debug_fw_assert(ar);
++ } else if (!strcmp(buf, "hw-restart")) {
++ ath10k_info(ar, "user requested hw restart\n");
++ queue_work(ar->workqueue, &ar->restart_work);
++ ret = 0;
+ } else {
+ ret = -EINVAL;
+ goto exit;
+ }
+
+ if (ret) {
+- ath10k_warn("failed to simulate firmware crash: %d\n", ret);
++ ath10k_warn(ar, "failed to simulate firmware crash: %d\n", ret);
+ goto exit;
+ }
+
+@@ -565,13 +876,375 @@ static ssize_t ath10k_read_chip_id(struc
+ unsigned int len;
+ char buf[50];
+
+- len = scnprintf(buf, sizeof(buf), "0x%08x\n", ar->chip_id);
++ len = scnprintf(buf, sizeof(buf), "0x%08x\n", ar->chip_id);
++
++ return simple_read_from_buffer(user_buf, count, ppos, buf, len);
++}
++
++static const struct file_operations fops_chip_id = {
++ .read = ath10k_read_chip_id,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++struct ath10k_fw_crash_data *
++ath10k_debug_get_new_fw_crash_data(struct ath10k *ar)
++{
++ struct ath10k_fw_crash_data *crash_data = ar->debug.fw_crash_data;
++
++ lockdep_assert_held(&ar->data_lock);
++
++ crash_data->crashed_since_read = true;
++ uuid_le_gen(&crash_data->uuid);
++ getnstimeofday(&crash_data->timestamp);
++
++ return crash_data;
++}
++EXPORT_SYMBOL(ath10k_debug_get_new_fw_crash_data);
++
++static struct ath10k_dump_file_data *ath10k_build_dump_file(struct ath10k *ar)
++{
++ struct ath10k_fw_crash_data *crash_data = ar->debug.fw_crash_data;
++ struct ath10k_dump_file_data *dump_data;
++ struct ath10k_tlv_dump_data *dump_tlv;
++ int hdr_len = sizeof(*dump_data);
++ unsigned int len, sofar = 0;
++ unsigned char *buf;
++
++ len = hdr_len;
++ len += sizeof(*dump_tlv) + sizeof(crash_data->registers);
++
++ sofar += hdr_len;
++
++ /* This is going to get big when we start dumping FW RAM and such,
++ * so go ahead and use vmalloc.
++ */
++ buf = vzalloc(len);
++ if (!buf)
++ return NULL;
++
++ spin_lock_bh(&ar->data_lock);
++
++ if (!crash_data->crashed_since_read) {
++ spin_unlock_bh(&ar->data_lock);
++ vfree(buf);
++ return NULL;
++ }
++
++ dump_data = (struct ath10k_dump_file_data *)(buf);
++ strlcpy(dump_data->df_magic, "ATH10K-FW-DUMP",
++ sizeof(dump_data->df_magic));
++ dump_data->len = cpu_to_le32(len);
++
++ dump_data->version = cpu_to_le32(ATH10K_FW_CRASH_DUMP_VERSION);
++
++ memcpy(dump_data->uuid, &crash_data->uuid, sizeof(dump_data->uuid));
++ dump_data->chip_id = cpu_to_le32(ar->chip_id);
++ dump_data->bus_type = cpu_to_le32(0);
++ dump_data->target_version = cpu_to_le32(ar->target_version);
++ dump_data->fw_version_major = cpu_to_le32(ar->fw_version_major);
++ dump_data->fw_version_minor = cpu_to_le32(ar->fw_version_minor);
++ dump_data->fw_version_release = cpu_to_le32(ar->fw_version_release);
++ dump_data->fw_version_build = cpu_to_le32(ar->fw_version_build);
++ dump_data->phy_capability = cpu_to_le32(ar->phy_capability);
++ dump_data->hw_min_tx_power = cpu_to_le32(ar->hw_min_tx_power);
++ dump_data->hw_max_tx_power = cpu_to_le32(ar->hw_max_tx_power);
++ dump_data->ht_cap_info = cpu_to_le32(ar->ht_cap_info);
++ dump_data->vht_cap_info = cpu_to_le32(ar->vht_cap_info);
++ dump_data->num_rf_chains = cpu_to_le32(ar->num_rf_chains);
++
++ strlcpy(dump_data->fw_ver, ar->hw->wiphy->fw_version,
++ sizeof(dump_data->fw_ver));
++
++ dump_data->kernel_ver_code = 0;
++ strlcpy(dump_data->kernel_ver, init_utsname()->release,
++ sizeof(dump_data->kernel_ver));
++
++ dump_data->tv_sec = cpu_to_le64(crash_data->timestamp.tv_sec);
++ dump_data->tv_nsec = cpu_to_le64(crash_data->timestamp.tv_nsec);
++
++ /* Gather crash-dump */
++ dump_tlv = (struct ath10k_tlv_dump_data *)(buf + sofar);
++ dump_tlv->type = cpu_to_le32(ATH10K_FW_CRASH_DUMP_REGISTERS);
++ dump_tlv->tlv_len = cpu_to_le32(sizeof(crash_data->registers));
++ memcpy(dump_tlv->tlv_data, &crash_data->registers,
++ sizeof(crash_data->registers));
++ sofar += sizeof(*dump_tlv) + sizeof(crash_data->registers);
++
++ ar->debug.fw_crash_data->crashed_since_read = false;
++
++ spin_unlock_bh(&ar->data_lock);
++
++ return dump_data;
++}
++
++static int ath10k_fw_crash_dump_open(struct inode *inode, struct file *file)
++{
++ struct ath10k *ar = inode->i_private;
++ struct ath10k_dump_file_data *dump;
++
++ dump = ath10k_build_dump_file(ar);
++ if (!dump)
++ return -ENODATA;
++
++ file->private_data = dump;
++
++ return 0;
++}
++
++static ssize_t ath10k_fw_crash_dump_read(struct file *file,
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k_dump_file_data *dump_file = file->private_data;
++
++ return simple_read_from_buffer(user_buf, count, ppos,
++ dump_file,
++ le32_to_cpu(dump_file->len));
++}
++
++static int ath10k_fw_crash_dump_release(struct inode *inode,
++ struct file *file)
++{
++ vfree(file->private_data);
++
++ return 0;
++}
++
++static const struct file_operations fops_fw_crash_dump = {
++ .open = ath10k_fw_crash_dump_open,
++ .read = ath10k_fw_crash_dump_read,
++ .release = ath10k_fw_crash_dump_release,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++static ssize_t ath10k_reg_addr_read(struct file *file,
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ u8 buf[32];
++ unsigned int len = 0;
++ u32 reg_addr;
++
++ mutex_lock(&ar->conf_mutex);
++ reg_addr = ar->debug.reg_addr;
++ mutex_unlock(&ar->conf_mutex);
++
++ len += scnprintf(buf + len, sizeof(buf) - len, "0x%x\n", reg_addr);
++
++ return simple_read_from_buffer(user_buf, count, ppos, buf, len);
++}
++
++static ssize_t ath10k_reg_addr_write(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ u32 reg_addr;
++ int ret;
++
++ ret = kstrtou32_from_user(user_buf, count, 0, &reg_addr);
++ if (ret)
++ return ret;
++
++ if (!IS_ALIGNED(reg_addr, 4))
++ return -EFAULT;
++
++ mutex_lock(&ar->conf_mutex);
++ ar->debug.reg_addr = reg_addr;
++ mutex_unlock(&ar->conf_mutex);
++
++ return count;
++}
++
++static const struct file_operations fops_reg_addr = {
++ .read = ath10k_reg_addr_read,
++ .write = ath10k_reg_addr_write,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++static ssize_t ath10k_reg_value_read(struct file *file,
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ u8 buf[48];
++ unsigned int len;
++ u32 reg_addr, reg_val;
++ int ret;
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->state != ATH10K_STATE_ON &&
++ ar->state != ATH10K_STATE_UTF) {
++ ret = -ENETDOWN;
++ goto exit;
++ }
++
++ reg_addr = ar->debug.reg_addr;
++
++ reg_val = ath10k_hif_read32(ar, reg_addr);
++ len = scnprintf(buf, sizeof(buf), "0x%08x:0x%08x\n", reg_addr, reg_val);
++
++ ret = simple_read_from_buffer(user_buf, count, ppos, buf, len);
++
++exit:
++ mutex_unlock(&ar->conf_mutex);
++
++ return ret;
++}
++
++static ssize_t ath10k_reg_value_write(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ u32 reg_addr, reg_val;
++ int ret;
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->state != ATH10K_STATE_ON &&
++ ar->state != ATH10K_STATE_UTF) {
++ ret = -ENETDOWN;
++ goto exit;
++ }
++
++ reg_addr = ar->debug.reg_addr;
++
++ ret = kstrtou32_from_user(user_buf, count, 0, &reg_val);
++ if (ret)
++ goto exit;
++
++ ath10k_hif_write32(ar, reg_addr, reg_val);
++
++ ret = count;
++
++exit:
++ mutex_unlock(&ar->conf_mutex);
++
++ return ret;
++}
++
++static const struct file_operations fops_reg_value = {
++ .read = ath10k_reg_value_read,
++ .write = ath10k_reg_value_write,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++static ssize_t ath10k_mem_value_read(struct file *file,
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ u8 *buf;
++ int ret;
++
++ if (*ppos < 0)
++ return -EINVAL;
++
++ if (!count)
++ return 0;
++
++ mutex_lock(&ar->conf_mutex);
++
++ buf = vmalloc(count);
++ if (!buf) {
++ ret = -ENOMEM;
++ goto exit;
++ }
++
++ if (ar->state != ATH10K_STATE_ON &&
++ ar->state != ATH10K_STATE_UTF) {
++ ret = -ENETDOWN;
++ goto exit;
++ }
++
++ ret = ath10k_hif_diag_read(ar, *ppos, buf, count);
++ if (ret) {
++ ath10k_warn(ar, "failed to read address 0x%08x via diagnose window fnrom debugfs: %d\n",
++ (u32)(*ppos), ret);
++ goto exit;
++ }
++
++ ret = copy_to_user(user_buf, buf, count);
++ if (ret) {
++ ret = -EFAULT;
++ goto exit;
++ }
++
++ count -= ret;
++ *ppos += count;
++ ret = count;
++
++exit:
++ vfree(buf);
++ mutex_unlock(&ar->conf_mutex);
++
++ return ret;
++}
++
++static ssize_t ath10k_mem_value_write(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ u8 *buf;
++ int ret;
++
++ if (*ppos < 0)
++ return -EINVAL;
++
++ if (!count)
++ return 0;
++
++ mutex_lock(&ar->conf_mutex);
++
++ buf = vmalloc(count);
++ if (!buf) {
++ ret = -ENOMEM;
++ goto exit;
++ }
++
++ if (ar->state != ATH10K_STATE_ON &&
++ ar->state != ATH10K_STATE_UTF) {
++ ret = -ENETDOWN;
++ goto exit;
++ }
++
++ ret = copy_from_user(buf, user_buf, count);
++ if (ret) {
++ ret = -EFAULT;
++ goto exit;
++ }
++
++ ret = ath10k_hif_diag_write(ar, *ppos, buf, count);
++ if (ret) {
++ ath10k_warn(ar, "failed to write address 0x%08x via diagnose window from debugfs: %d\n",
++ (u32)(*ppos), ret);
++ goto exit;
++ }
++
++ *ppos += count;
++ ret = count;
+
+- return simple_read_from_buffer(user_buf, count, ppos, buf, len);
++exit:
++ vfree(buf);
++ mutex_unlock(&ar->conf_mutex);
++
++ return ret;
+ }
+
+-static const struct file_operations fops_chip_id = {
+- .read = ath10k_read_chip_id,
++static const struct file_operations fops_mem_value = {
++ .read = ath10k_mem_value_read,
++ .write = ath10k_mem_value_write,
+ .open = simple_open,
+ .owner = THIS_MODULE,
+ .llseek = default_llseek,
+@@ -596,7 +1269,7 @@ static int ath10k_debug_htt_stats_req(st
+ ret = ath10k_htt_h2t_stats_req(&ar->htt, ar->debug.htt_stats_mask,
+ cookie);
+ if (ret) {
+- ath10k_warn("failed to send htt stats request: %d\n", ret);
++ ath10k_warn(ar, "failed to send htt stats request: %d\n", ret);
+ return ret;
+ }
+
+@@ -619,8 +1292,8 @@ static void ath10k_debug_htt_stats_dwork
+ }
+
+ static ssize_t ath10k_read_htt_stats_mask(struct file *file,
+- char __user *user_buf,
+- size_t count, loff_t *ppos)
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
+ {
+ struct ath10k *ar = file->private_data;
+ char buf[32];
+@@ -632,8 +1305,8 @@ static ssize_t ath10k_read_htt_stats_mas
+ }
+
+ static ssize_t ath10k_write_htt_stats_mask(struct file *file,
+- const char __user *user_buf,
+- size_t count, loff_t *ppos)
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
+ {
+ struct ath10k *ar = file->private_data;
+ unsigned long mask;
+@@ -671,16 +1344,82 @@ static const struct file_operations fops
+ .llseek = default_llseek,
+ };
+
++static ssize_t ath10k_read_htt_max_amsdu_ampdu(struct file *file,
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ char buf[64];
++ u8 amsdu = 3, ampdu = 64;
++ unsigned int len;
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->debug.htt_max_amsdu)
++ amsdu = ar->debug.htt_max_amsdu;
++
++ if (ar->debug.htt_max_ampdu)
++ ampdu = ar->debug.htt_max_ampdu;
++
++ mutex_unlock(&ar->conf_mutex);
++
++ len = scnprintf(buf, sizeof(buf), "%u %u\n", amsdu, ampdu);
++
++ return simple_read_from_buffer(user_buf, count, ppos, buf, len);
++}
++
++static ssize_t ath10k_write_htt_max_amsdu_ampdu(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ int res;
++ char buf[64];
++ unsigned int amsdu, ampdu;
++
++ simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, user_buf, count);
++
++ /* make sure that buf is null terminated */
++ buf[sizeof(buf) - 1] = 0;
++
++ res = sscanf(buf, "%u %u", &amsdu, &ampdu);
++
++ if (res != 2)
++ return -EINVAL;
++
++ mutex_lock(&ar->conf_mutex);
++
++ res = ath10k_htt_h2t_aggr_cfg_msg(&ar->htt, ampdu, amsdu);
++ if (res)
++ goto out;
++
++ res = count;
++ ar->debug.htt_max_amsdu = amsdu;
++ ar->debug.htt_max_ampdu = ampdu;
++
++out:
++ mutex_unlock(&ar->conf_mutex);
++ return res;
++}
++
++static const struct file_operations fops_htt_max_amsdu_ampdu = {
++ .read = ath10k_read_htt_max_amsdu_ampdu,
++ .write = ath10k_write_htt_max_amsdu_ampdu,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
+ static ssize_t ath10k_read_fw_dbglog(struct file *file,
+- char __user *user_buf,
+- size_t count, loff_t *ppos)
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
+ {
+ struct ath10k *ar = file->private_data;
+ unsigned int len;
+- char buf[32];
++ char buf[64];
+
+- len = scnprintf(buf, sizeof(buf), "0x%08x\n",
+- ar->debug.fw_dbglog_mask);
++ len = scnprintf(buf, sizeof(buf), "0x%08x %u\n",
++ ar->debug.fw_dbglog_mask, ar->debug.fw_dbglog_level);
+
+ return simple_read_from_buffer(user_buf, count, ppos, buf, len);
+ }
+@@ -690,21 +1429,34 @@ static ssize_t ath10k_write_fw_dbglog(st
+ size_t count, loff_t *ppos)
+ {
+ struct ath10k *ar = file->private_data;
+- unsigned long mask;
+ int ret;
++ char buf[64];
++ unsigned int log_level, mask;
+
+- ret = kstrtoul_from_user(user_buf, count, 0, &mask);
+- if (ret)
+- return ret;
++ simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, user_buf, count);
++
++ /* make sure that buf is null terminated */
++ buf[sizeof(buf) - 1] = 0;
++
++ ret = sscanf(buf, "%x %u", &mask, &log_level);
++
++ if (!ret)
++ return -EINVAL;
++
++ if (ret == 1)
++ /* default if user did not specify */
++ log_level = ATH10K_DBGLOG_LEVEL_WARN;
+
+ mutex_lock(&ar->conf_mutex);
+
+ ar->debug.fw_dbglog_mask = mask;
++ ar->debug.fw_dbglog_level = log_level;
+
+ if (ar->state == ATH10K_STATE_ON) {
+- ret = ath10k_wmi_dbglog_cfg(ar, ar->debug.fw_dbglog_mask);
++ ret = ath10k_wmi_dbglog_cfg(ar, ar->debug.fw_dbglog_mask,
++ ar->debug.fw_dbglog_level);
+ if (ret) {
+- ath10k_warn("dbglog cfg failed from debugfs: %d\n",
++ ath10k_warn(ar, "dbglog cfg failed from debugfs: %d\n",
+ ret);
+ goto exit;
+ }
+@@ -718,6 +1470,166 @@ exit:
+ return ret;
+ }
+
++/* TODO: Would be nice to always support ethtool stats, would need to
++ * move the stats storage out of ath10k_debug, or always have ath10k_debug
++ * struct available..
++ */
++
++/* This generally cooresponds to the debugfs fw_stats file */
++static const char ath10k_gstrings_stats[][ETH_GSTRING_LEN] = {
++ "tx_pkts_nic",
++ "tx_bytes_nic",
++ "rx_pkts_nic",
++ "rx_bytes_nic",
++ "d_noise_floor",
++ "d_cycle_count",
++ "d_phy_error",
++ "d_rts_bad",
++ "d_rts_good",
++ "d_tx_power", /* in .5 dbM I think */
++ "d_rx_crc_err", /* fcs_bad */
++ "d_no_beacon",
++ "d_tx_mpdus_queued",
++ "d_tx_msdu_queued",
++ "d_tx_msdu_dropped",
++ "d_local_enqued",
++ "d_local_freed",
++ "d_tx_ppdu_hw_queued",
++ "d_tx_ppdu_reaped",
++ "d_tx_fifo_underrun",
++ "d_tx_ppdu_abort",
++ "d_tx_mpdu_requed",
++ "d_tx_excessive_retries",
++ "d_tx_hw_rate",
++ "d_tx_dropped_sw_retries",
++ "d_tx_illegal_rate",
++ "d_tx_continuous_xretries",
++ "d_tx_timeout",
++ "d_tx_mpdu_txop_limit",
++ "d_pdev_resets",
++ "d_rx_mid_ppdu_route_change",
++ "d_rx_status",
++ "d_rx_extra_frags_ring0",
++ "d_rx_extra_frags_ring1",
++ "d_rx_extra_frags_ring2",
++ "d_rx_extra_frags_ring3",
++ "d_rx_msdu_htt",
++ "d_rx_mpdu_htt",
++ "d_rx_msdu_stack",
++ "d_rx_mpdu_stack",
++ "d_rx_phy_err",
++ "d_rx_phy_err_drops",
++ "d_rx_mpdu_errors", /* FCS, MIC, ENC */
++ "d_fw_crash_count",
++ "d_fw_warm_reset_count",
++ "d_fw_cold_reset_count",
++};
++
++#define ATH10K_SSTATS_LEN ARRAY_SIZE(ath10k_gstrings_stats)
++
++void ath10k_debug_get_et_strings(struct ieee80211_hw *hw,
++ struct ieee80211_vif *vif,
++ u32 sset, u8 *data)
++{
++ if (sset == ETH_SS_STATS)
++ memcpy(data, *ath10k_gstrings_stats,
++ sizeof(ath10k_gstrings_stats));
++}
++
++int ath10k_debug_get_et_sset_count(struct ieee80211_hw *hw,
++ struct ieee80211_vif *vif, int sset)
++{
++ if (sset == ETH_SS_STATS)
++ return ATH10K_SSTATS_LEN;
++
++ return 0;
++}
++
++void ath10k_debug_get_et_stats(struct ieee80211_hw *hw,
++ struct ieee80211_vif *vif,
++ struct ethtool_stats *stats, u64 *data)
++{
++ struct ath10k *ar = hw->priv;
++ static const struct ath10k_fw_stats_pdev zero_stats = {};
++ const struct ath10k_fw_stats_pdev *pdev_stats;
++ int i = 0, ret;
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->state == ATH10K_STATE_ON) {
++ ret = ath10k_debug_fw_stats_request(ar);
++ if (ret) {
++ /* just print a warning and try to use older results */
++ ath10k_warn(ar,
++ "failed to get fw stats for ethtool: %d\n",
++ ret);
++ }
++ }
++
++ pdev_stats = list_first_entry_or_null(&ar->debug.fw_stats.pdevs,
++ struct ath10k_fw_stats_pdev,
++ list);
++ if (!pdev_stats) {
++ /* no results available so just return zeroes */
++ pdev_stats = &zero_stats;
++ }
++
++ spin_lock_bh(&ar->data_lock);
++
++ data[i++] = pdev_stats->hw_reaped; /* ppdu reaped */
++ data[i++] = 0; /* tx bytes */
++ data[i++] = pdev_stats->htt_mpdus;
++ data[i++] = 0; /* rx bytes */
++ data[i++] = pdev_stats->ch_noise_floor;
++ data[i++] = pdev_stats->cycle_count;
++ data[i++] = pdev_stats->phy_err_count;
++ data[i++] = pdev_stats->rts_bad;
++ data[i++] = pdev_stats->rts_good;
++ data[i++] = pdev_stats->chan_tx_power;
++ data[i++] = pdev_stats->fcs_bad;
++ data[i++] = pdev_stats->no_beacons;
++ data[i++] = pdev_stats->mpdu_enqued;
++ data[i++] = pdev_stats->msdu_enqued;
++ data[i++] = pdev_stats->wmm_drop;
++ data[i++] = pdev_stats->local_enqued;
++ data[i++] = pdev_stats->local_freed;
++ data[i++] = pdev_stats->hw_queued;
++ data[i++] = pdev_stats->hw_reaped;
++ data[i++] = pdev_stats->underrun;
++ data[i++] = pdev_stats->tx_abort;
++ data[i++] = pdev_stats->mpdus_requed;
++ data[i++] = pdev_stats->tx_ko;
++ data[i++] = pdev_stats->data_rc;
++ data[i++] = pdev_stats->sw_retry_failure;
++ data[i++] = pdev_stats->illgl_rate_phy_err;
++ data[i++] = pdev_stats->pdev_cont_xretry;
++ data[i++] = pdev_stats->pdev_tx_timeout;
++ data[i++] = pdev_stats->txop_ovf;
++ data[i++] = pdev_stats->pdev_resets;
++ data[i++] = pdev_stats->mid_ppdu_route_change;
++ data[i++] = pdev_stats->status_rcvd;
++ data[i++] = pdev_stats->r0_frags;
++ data[i++] = pdev_stats->r1_frags;
++ data[i++] = pdev_stats->r2_frags;
++ data[i++] = pdev_stats->r3_frags;
++ data[i++] = pdev_stats->htt_msdus;
++ data[i++] = pdev_stats->htt_mpdus;
++ data[i++] = pdev_stats->loc_msdus;
++ data[i++] = pdev_stats->loc_mpdus;
++ data[i++] = pdev_stats->phy_errs;
++ data[i++] = pdev_stats->phy_err_drop;
++ data[i++] = pdev_stats->mpdu_errs;
++ data[i++] = ar->stats.fw_crash_counter;
++ data[i++] = ar->stats.fw_warm_reset_counter;
++ data[i++] = ar->stats.fw_cold_reset_counter;
++
++ spin_unlock_bh(&ar->data_lock);
++
++ mutex_unlock(&ar->conf_mutex);
++
++ WARN_ON(i != ATH10K_SSTATS_LEN);
++}
++
+ static const struct file_operations fops_fw_dbglog = {
+ .read = ath10k_read_fw_dbglog,
+ .write = ath10k_write_fw_dbglog,
+@@ -726,6 +1638,151 @@ static const struct file_operations fops
+ .llseek = default_llseek,
+ };
+
++static int ath10k_debug_cal_data_open(struct inode *inode, struct file *file)
++{
++ struct ath10k *ar = inode->i_private;
++ void *buf;
++ u32 hi_addr;
++ __le32 addr;
++ int ret;
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->state != ATH10K_STATE_ON &&
++ ar->state != ATH10K_STATE_UTF) {
++ ret = -ENETDOWN;
++ goto err;
++ }
++
++ buf = vmalloc(QCA988X_CAL_DATA_LEN);
++ if (!buf) {
++ ret = -ENOMEM;
++ goto err;
++ }
++
++ hi_addr = host_interest_item_address(HI_ITEM(hi_board_data));
++
++ ret = ath10k_hif_diag_read(ar, hi_addr, &addr, sizeof(addr));
++ if (ret) {
++ ath10k_warn(ar, "failed to read hi_board_data address: %d\n", ret);
++ goto err_vfree;
++ }
++
++ ret = ath10k_hif_diag_read(ar, le32_to_cpu(addr), buf,
++ QCA988X_CAL_DATA_LEN);
++ if (ret) {
++ ath10k_warn(ar, "failed to read calibration data: %d\n", ret);
++ goto err_vfree;
++ }
++
++ file->private_data = buf;
++
++ mutex_unlock(&ar->conf_mutex);
++
++ return 0;
++
++err_vfree:
++ vfree(buf);
++
++err:
++ mutex_unlock(&ar->conf_mutex);
++
++ return ret;
++}
++
++static ssize_t ath10k_debug_cal_data_read(struct file *file,
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ void *buf = file->private_data;
++
++ return simple_read_from_buffer(user_buf, count, ppos,
++ buf, QCA988X_CAL_DATA_LEN);
++}
++
++static int ath10k_debug_cal_data_release(struct inode *inode,
++ struct file *file)
++{
++ vfree(file->private_data);
++
++ return 0;
++}
++
++static const struct file_operations fops_cal_data = {
++ .open = ath10k_debug_cal_data_open,
++ .read = ath10k_debug_cal_data_read,
++ .release = ath10k_debug_cal_data_release,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++static ssize_t ath10k_read_nf_cal_period(struct file *file,
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ unsigned int len;
++ char buf[32];
++
++ len = scnprintf(buf, sizeof(buf), "%d\n",
++ ar->debug.nf_cal_period);
++
++ return simple_read_from_buffer(user_buf, count, ppos, buf, len);
++}
++
++static ssize_t ath10k_write_nf_cal_period(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ unsigned long period;
++ int ret;
++
++ ret = kstrtoul_from_user(user_buf, count, 0, &period);
++ if (ret)
++ return ret;
++
++ if (period > WMI_PDEV_PARAM_CAL_PERIOD_MAX)
++ return -EINVAL;
++
++ /* there's no way to switch back to the firmware default */
++ if (period == 0)
++ return -EINVAL;
++
++ mutex_lock(&ar->conf_mutex);
++
++ ar->debug.nf_cal_period = period;
++
++ if (ar->state != ATH10K_STATE_ON) {
++ /* firmware is not running, nothing else to do */
++ ret = count;
++ goto exit;
++ }
++
++ ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->cal_period,
++ ar->debug.nf_cal_period);
++ if (ret) {
++ ath10k_warn(ar, "cal period cfg failed from debugfs: %d\n",
++ ret);
++ goto exit;
++ }
++
++ ret = count;
++
++exit:
++ mutex_unlock(&ar->conf_mutex);
++
++ return ret;
++}
++
++static const struct file_operations fops_nf_cal_period = {
++ .read = ath10k_read_nf_cal_period,
++ .write = ath10k_write_nf_cal_period,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
+ int ath10k_debug_start(struct ath10k *ar)
+ {
+ int ret;
+@@ -735,17 +1792,44 @@ int ath10k_debug_start(struct ath10k *ar
+ ret = ath10k_debug_htt_stats_req(ar);
+ if (ret)
+ /* continue normally anyway, this isn't serious */
+- ath10k_warn("failed to start htt stats workqueue: %d\n", ret);
++ ath10k_warn(ar, "failed to start htt stats workqueue: %d\n",
++ ret);
+
+ if (ar->debug.fw_dbglog_mask) {
+- ret = ath10k_wmi_dbglog_cfg(ar, ar->debug.fw_dbglog_mask);
++ ret = ath10k_wmi_dbglog_cfg(ar, ar->debug.fw_dbglog_mask,
++ ATH10K_DBGLOG_LEVEL_WARN);
+ if (ret)
+ /* not serious */
+- ath10k_warn("failed to enable dbglog during start: %d",
++ ath10k_warn(ar, "failed to enable dbglog during start: %d",
+ ret);
+ }
+
+- return 0;
++ if (ar->debug.pktlog_filter) {
++ ret = ath10k_wmi_pdev_pktlog_enable(ar,
++ ar->debug.pktlog_filter);
++ if (ret)
++ /* not serious */
++ ath10k_warn(ar,
++ "failed to enable pktlog filter %x: %d\n",
++ ar->debug.pktlog_filter, ret);
++ } else {
++ ret = ath10k_wmi_pdev_pktlog_disable(ar);
++ if (ret)
++ /* not serious */
++ ath10k_warn(ar, "failed to disable pktlog: %d\n", ret);
++ }
++
++ if (ar->debug.nf_cal_period) {
++ ret = ath10k_wmi_pdev_set_param(ar,
++ ar->wmi.pdev_param->cal_period,
++ ar->debug.nf_cal_period);
++ if (ret)
++ /* not serious */
++ ath10k_warn(ar, "cal period cfg failed from debug start: %d\n",
++ ret);
++ }
++
++ return ret;
+ }
+
+ void ath10k_debug_stop(struct ath10k *ar)
+@@ -757,6 +1841,11 @@ void ath10k_debug_stop(struct ath10k *ar
+ * warning from del_timer(). */
+ if (ar->debug.htt_stats_mask != 0)
+ cancel_delayed_work(&ar->debug.htt_stats_dwork);
++
++ ar->debug.htt_max_amsdu = 0;
++ ar->debug.htt_max_ampdu = 0;
++
++ ath10k_wmi_pdev_pktlog_disable(ar);
+ }
+
+ static ssize_t ath10k_write_simulate_radar(struct file *file,
+@@ -839,37 +1928,149 @@ static const struct file_operations fops
+ .llseek = default_llseek,
+ };
+
++static ssize_t ath10k_write_pktlog_filter(struct file *file,
++ const char __user *ubuf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ u32 filter;
++ int ret;
++
++ if (kstrtouint_from_user(ubuf, count, 0, &filter))
++ return -EINVAL;
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->state != ATH10K_STATE_ON) {
++ ar->debug.pktlog_filter = filter;
++ ret = count;
++ goto out;
++ }
++
++ if (filter && (filter != ar->debug.pktlog_filter)) {
++ ret = ath10k_wmi_pdev_pktlog_enable(ar, filter);
++ if (ret) {
++ ath10k_warn(ar, "failed to enable pktlog filter %x: %d\n",
++ ar->debug.pktlog_filter, ret);
++ goto out;
++ }
++ } else {
++ ret = ath10k_wmi_pdev_pktlog_disable(ar);
++ if (ret) {
++ ath10k_warn(ar, "failed to disable pktlog: %d\n", ret);
++ goto out;
++ }
++ }
++
++ ar->debug.pktlog_filter = filter;
++ ret = count;
++
++out:
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
++}
++
++static ssize_t ath10k_read_pktlog_filter(struct file *file, char __user *ubuf,
++ size_t count, loff_t *ppos)
++{
++ char buf[32];
++ struct ath10k *ar = file->private_data;
++ int len = 0;
++
++ mutex_lock(&ar->conf_mutex);
++ len = scnprintf(buf, sizeof(buf) - len, "%08x\n",
++ ar->debug.pktlog_filter);
++ mutex_unlock(&ar->conf_mutex);
++
++ return simple_read_from_buffer(ubuf, count, ppos, buf, len);
++}
++
++static const struct file_operations fops_pktlog_filter = {
++ .read = ath10k_read_pktlog_filter,
++ .write = ath10k_write_pktlog_filter,
++ .open = simple_open
++};
++
+ int ath10k_debug_create(struct ath10k *ar)
+ {
++ ar->debug.fw_crash_data = vzalloc(sizeof(*ar->debug.fw_crash_data));
++ if (!ar->debug.fw_crash_data)
++ return -ENOMEM;
++
++ INIT_LIST_HEAD(&ar->debug.fw_stats.pdevs);
++ INIT_LIST_HEAD(&ar->debug.fw_stats.vdevs);
++ INIT_LIST_HEAD(&ar->debug.fw_stats.peers);
++
++ return 0;
++}
++
++void ath10k_debug_destroy(struct ath10k *ar)
++{
++ vfree(ar->debug.fw_crash_data);
++ ar->debug.fw_crash_data = NULL;
++
++ ath10k_debug_fw_stats_reset(ar);
++}
++
++int ath10k_debug_register(struct ath10k *ar)
++{
+ ar->debug.debugfs_phy = debugfs_create_dir("ath10k",
+ ar->hw->wiphy->debugfsdir);
++ if (IS_ERR_OR_NULL(ar->debug.debugfs_phy)) {
++ if (IS_ERR(ar->debug.debugfs_phy))
++ return PTR_ERR(ar->debug.debugfs_phy);
+
+- if (!ar->debug.debugfs_phy)
+ return -ENOMEM;
++ }
+
+ INIT_DELAYED_WORK(&ar->debug.htt_stats_dwork,
+ ath10k_debug_htt_stats_dwork);
+
+- init_completion(&ar->debug.event_stats_compl);
++ init_completion(&ar->debug.fw_stats_complete);
+
+ debugfs_create_file("fw_stats", S_IRUSR, ar->debug.debugfs_phy, ar,
+ &fops_fw_stats);
+
++ debugfs_create_file("fw_reset_stats", S_IRUSR, ar->debug.debugfs_phy,
++ ar, &fops_fw_reset_stats);
++
+ debugfs_create_file("wmi_services", S_IRUSR, ar->debug.debugfs_phy, ar,
+ &fops_wmi_services);
+
+ debugfs_create_file("simulate_fw_crash", S_IRUSR, ar->debug.debugfs_phy,
+ ar, &fops_simulate_fw_crash);
+
++ debugfs_create_file("fw_crash_dump", S_IRUSR, ar->debug.debugfs_phy,
++ ar, &fops_fw_crash_dump);
++
++ debugfs_create_file("reg_addr", S_IRUSR | S_IWUSR,
++ ar->debug.debugfs_phy, ar, &fops_reg_addr);
++
++ debugfs_create_file("reg_value", S_IRUSR | S_IWUSR,
++ ar->debug.debugfs_phy, ar, &fops_reg_value);
++
++ debugfs_create_file("mem_value", S_IRUSR | S_IWUSR,
++ ar->debug.debugfs_phy, ar, &fops_mem_value);
++
+ debugfs_create_file("chip_id", S_IRUSR, ar->debug.debugfs_phy,
+ ar, &fops_chip_id);
+
+ debugfs_create_file("htt_stats_mask", S_IRUSR, ar->debug.debugfs_phy,
+ ar, &fops_htt_stats_mask);
+
++ debugfs_create_file("htt_max_amsdu_ampdu", S_IRUSR | S_IWUSR,
++ ar->debug.debugfs_phy, ar,
++ &fops_htt_max_amsdu_ampdu);
++
+ debugfs_create_file("fw_dbglog", S_IRUSR, ar->debug.debugfs_phy,
+ ar, &fops_fw_dbglog);
+
++ debugfs_create_file("cal_data", S_IRUSR, ar->debug.debugfs_phy,
++ ar, &fops_cal_data);
++
++ debugfs_create_file("nf_cal_period", S_IRUSR | S_IWUSR,
++ ar->debug.debugfs_phy, ar, &fops_nf_cal_period);
++
+ if (config_enabled(CPTCFG_ATH10K_DFS_CERTIFIED)) {
+ debugfs_create_file("dfs_simulate_radar", S_IWUSR,
+ ar->debug.debugfs_phy, ar,
+@@ -884,10 +2085,13 @@ int ath10k_debug_create(struct ath10k *a
+ &fops_dfs_stats);
+ }
+
++ debugfs_create_file("pktlog_filter", S_IRUGO | S_IWUSR,
++ ar->debug.debugfs_phy, ar, &fops_pktlog_filter);
++
+ return 0;
+ }
+
+-void ath10k_debug_destroy(struct ath10k *ar)
++void ath10k_debug_unregister(struct ath10k *ar)
+ {
+ cancel_delayed_work_sync(&ar->debug.htt_stats_dwork);
+ }
+@@ -895,7 +2099,8 @@ void ath10k_debug_destroy(struct ath10k
+ #endif /* CPTCFG_ATH10K_DEBUGFS */
+
+ #ifdef CPTCFG_ATH10K_DEBUG
+-void ath10k_dbg(enum ath10k_debug_mask mask, const char *fmt, ...)
++void ath10k_dbg(struct ath10k *ar, enum ath10k_debug_mask mask,
++ const char *fmt, ...)
+ {
+ struct va_format vaf;
+ va_list args;
+@@ -906,27 +2111,43 @@ void ath10k_dbg(enum ath10k_debug_mask m
+ vaf.va = &args;
+
+ if (ath10k_debug_mask & mask)
+- ath10k_printk(KERN_DEBUG, "%pV", &vaf);
++ dev_printk(KERN_DEBUG, ar->dev, "%pV", &vaf);
+
+- trace_ath10k_log_dbg(mask, &vaf);
++ trace_ath10k_log_dbg(ar, mask, &vaf);
+
+ va_end(args);
+ }
+ EXPORT_SYMBOL(ath10k_dbg);
+
+-void ath10k_dbg_dump(enum ath10k_debug_mask mask,
++void ath10k_dbg_dump(struct ath10k *ar,
++ enum ath10k_debug_mask mask,
+ const char *msg, const char *prefix,
+ const void *buf, size_t len)
+ {
++ char linebuf[256];
++ unsigned int linebuflen;
++ const void *ptr;
++
+ if (ath10k_debug_mask & mask) {
+ if (msg)
+- ath10k_dbg(mask, "%s\n", msg);
++ ath10k_dbg(ar, mask, "%s\n", msg);
+
+- print_hex_dump_bytes(prefix, DUMP_PREFIX_OFFSET, buf, len);
++ for (ptr = buf; (ptr - buf) < len; ptr += 16) {
++ linebuflen = 0;
++ linebuflen += scnprintf(linebuf + linebuflen,
++ sizeof(linebuf) - linebuflen,
++ "%s%08x: ",
++ (prefix ? prefix : ""),
++ (unsigned int)(ptr - buf));
++ hex_dump_to_buffer(ptr, len - (ptr - buf), 16, 1,
++ linebuf + linebuflen,
++ sizeof(linebuf) - linebuflen, true);
++ dev_printk(KERN_DEBUG, ar->dev, "%s\n", linebuf);
++ }
+ }
+
+ /* tracing code doesn't like null strings :/ */
+- trace_ath10k_log_dbg_dump(msg ? msg : "", prefix ? prefix : "",
++ trace_ath10k_log_dbg_dump(ar, msg ? msg : "", prefix ? prefix : "",
+ buf, len);
+ }
+ EXPORT_SYMBOL(ath10k_dbg_dump);
+--- a/drivers/net/wireless/ath/ath10k/debug.h
++++ b/drivers/net/wireless/ath/ath10k/debug.h
+@@ -34,28 +34,55 @@ enum ath10k_debug_mask {
+ ATH10K_DBG_DATA = 0x00000200,
+ ATH10K_DBG_BMI = 0x00000400,
+ ATH10K_DBG_REGULATORY = 0x00000800,
++ ATH10K_DBG_TESTMODE = 0x00001000,
++ ATH10K_DBG_WMI_PRINT = 0x00002000,
+ ATH10K_DBG_ANY = 0xffffffff,
+ };
+
++enum ath10k_pktlog_filter {
++ ATH10K_PKTLOG_RX = 0x000000001,
++ ATH10K_PKTLOG_TX = 0x000000002,
++ ATH10K_PKTLOG_RCFIND = 0x000000004,
++ ATH10K_PKTLOG_RCUPDATE = 0x000000008,
++ ATH10K_PKTLOG_DBG_PRINT = 0x000000010,
++ ATH10K_PKTLOG_ANY = 0x00000001f,
++};
++
++enum ath10k_dbg_aggr_mode {
++ ATH10K_DBG_AGGR_MODE_AUTO,
++ ATH10K_DBG_AGGR_MODE_MANUAL,
++ ATH10K_DBG_AGGR_MODE_MAX,
++};
++
+ extern unsigned int ath10k_debug_mask;
+
+-__printf(1, 2) int ath10k_info(const char *fmt, ...);
+-__printf(1, 2) int ath10k_err(const char *fmt, ...);
+-__printf(1, 2) int ath10k_warn(const char *fmt, ...);
++__printf(2, 3) void ath10k_info(struct ath10k *ar, const char *fmt, ...);
++__printf(2, 3) void ath10k_err(struct ath10k *ar, const char *fmt, ...);
++__printf(2, 3) void ath10k_warn(struct ath10k *ar, const char *fmt, ...);
++void ath10k_print_driver_info(struct ath10k *ar);
+
+ #ifdef CPTCFG_ATH10K_DEBUGFS
+ int ath10k_debug_start(struct ath10k *ar);
+ void ath10k_debug_stop(struct ath10k *ar);
+ int ath10k_debug_create(struct ath10k *ar);
+ void ath10k_debug_destroy(struct ath10k *ar);
+-void ath10k_debug_read_service_map(struct ath10k *ar,
+- void *service_map,
+- size_t map_size);
+-void ath10k_debug_read_target_stats(struct ath10k *ar,
+- struct wmi_stats_event *ev);
++int ath10k_debug_register(struct ath10k *ar);
++void ath10k_debug_unregister(struct ath10k *ar);
++void ath10k_debug_fw_stats_process(struct ath10k *ar, struct sk_buff *skb);
++struct ath10k_fw_crash_data *
++ath10k_debug_get_new_fw_crash_data(struct ath10k *ar);
+
++void ath10k_debug_dbglog_add(struct ath10k *ar, u8 *buffer, int len);
+ #define ATH10K_DFS_STAT_INC(ar, c) (ar->debug.dfs_stats.c++)
+
++void ath10k_debug_get_et_strings(struct ieee80211_hw *hw,
++ struct ieee80211_vif *vif,
++ u32 sset, u8 *data);
++int ath10k_debug_get_et_sset_count(struct ieee80211_hw *hw,
++ struct ieee80211_vif *vif, int sset);
++void ath10k_debug_get_et_stats(struct ieee80211_hw *hw,
++ struct ieee80211_vif *vif,
++ struct ethtool_stats *stats, u64 *data);
+ #else
+ static inline int ath10k_debug_start(struct ath10k *ar)
+ {
+@@ -75,36 +102,62 @@ static inline void ath10k_debug_destroy(
+ {
+ }
+
+-static inline void ath10k_debug_read_service_map(struct ath10k *ar,
+- void *service_map,
+- size_t map_size)
++static inline int ath10k_debug_register(struct ath10k *ar)
++{
++ return 0;
++}
++
++static inline void ath10k_debug_unregister(struct ath10k *ar)
+ {
+ }
+
+-static inline void ath10k_debug_read_target_stats(struct ath10k *ar,
+- struct wmi_stats_event *ev)
++static inline void ath10k_debug_fw_stats_process(struct ath10k *ar,
++ struct sk_buff *skb)
+ {
+ }
+
++static inline void ath10k_debug_dbglog_add(struct ath10k *ar, u8 *buffer,
++ int len)
++{
++}
++
++static inline struct ath10k_fw_crash_data *
++ath10k_debug_get_new_fw_crash_data(struct ath10k *ar)
++{
++ return NULL;
++}
++
+ #define ATH10K_DFS_STAT_INC(ar, c) do { } while (0)
+
++#define ath10k_debug_get_et_strings NULL
++#define ath10k_debug_get_et_sset_count NULL
++#define ath10k_debug_get_et_stats NULL
++
+ #endif /* CPTCFG_ATH10K_DEBUGFS */
++#ifdef CPTCFG_MAC80211_DEBUGFS
++void ath10k_sta_add_debugfs(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
++ struct ieee80211_sta *sta, struct dentry *dir);
++#endif /* CPTCFG_MAC80211_DEBUGFS */
+
+ #ifdef CPTCFG_ATH10K_DEBUG
+-__printf(2, 3) void ath10k_dbg(enum ath10k_debug_mask mask,
++__printf(3, 4) void ath10k_dbg(struct ath10k *ar,
++ enum ath10k_debug_mask mask,
+ const char *fmt, ...);
+-void ath10k_dbg_dump(enum ath10k_debug_mask mask,
++void ath10k_dbg_dump(struct ath10k *ar,
++ enum ath10k_debug_mask mask,
+ const char *msg, const char *prefix,
+ const void *buf, size_t len);
+ #else /* CPTCFG_ATH10K_DEBUG */
+
+-static inline int ath10k_dbg(enum ath10k_debug_mask dbg_mask,
++static inline int ath10k_dbg(struct ath10k *ar,
++ enum ath10k_debug_mask dbg_mask,
+ const char *fmt, ...)
+ {
+ return 0;
+ }
+
+-static inline void ath10k_dbg_dump(enum ath10k_debug_mask mask,
++static inline void ath10k_dbg_dump(struct ath10k *ar,
++ enum ath10k_debug_mask mask,
+ const char *msg, const char *prefix,
+ const void *buf, size_t len)
+ {
+--- a/drivers/net/wireless/ath/ath10k/hif.h
++++ b/drivers/net/wireless/ath/ath10k/hif.h
+@@ -20,6 +20,7 @@
+
+ #include <linux/kernel.h>
+ #include "core.h"
++#include "debug.h"
+
+ struct ath10k_hif_sg_item {
+ u16 transfer_id;
+@@ -31,11 +32,9 @@ struct ath10k_hif_sg_item {
+
+ struct ath10k_hif_cb {
+ int (*tx_completion)(struct ath10k *ar,
+- struct sk_buff *wbuf,
+- unsigned transfer_id);
++ struct sk_buff *wbuf);
+ int (*rx_completion)(struct ath10k *ar,
+- struct sk_buff *wbuf,
+- u8 pipe_id);
++ struct sk_buff *wbuf);
+ };
+
+ struct ath10k_hif_ops {
+@@ -43,6 +42,12 @@ struct ath10k_hif_ops {
+ int (*tx_sg)(struct ath10k *ar, u8 pipe_id,
+ struct ath10k_hif_sg_item *items, int n_items);
+
++ /* read firmware memory through the diagnose interface */
++ int (*diag_read)(struct ath10k *ar, u32 address, void *buf,
++ size_t buf_len);
++
++ int (*diag_write)(struct ath10k *ar, u32 address, const void *data,
++ int nbytes);
+ /*
+ * API to handle HIF-specific BMI message exchanges, this API is
+ * synchronous and only allowed to be called from a context that
+@@ -80,6 +85,10 @@ struct ath10k_hif_ops {
+
+ u16 (*get_free_queue_number)(struct ath10k *ar, u8 pipe_id);
+
++ u32 (*read32)(struct ath10k *ar, u32 address);
++
++ void (*write32)(struct ath10k *ar, u32 address, u32 value);
++
+ /* Power up the device and enter BMI transfer mode for FW download */
+ int (*power_up)(struct ath10k *ar);
+
+@@ -91,7 +100,6 @@ struct ath10k_hif_ops {
+ int (*resume)(struct ath10k *ar);
+ };
+
+-
+ static inline int ath10k_hif_tx_sg(struct ath10k *ar, u8 pipe_id,
+ struct ath10k_hif_sg_item *items,
+ int n_items)
+@@ -99,6 +107,21 @@ static inline int ath10k_hif_tx_sg(struc
+ return ar->hif.ops->tx_sg(ar, pipe_id, items, n_items);
+ }
+
++static inline int ath10k_hif_diag_read(struct ath10k *ar, u32 address, void *buf,
++ size_t buf_len)
++{
++ return ar->hif.ops->diag_read(ar, address, buf, buf_len);
++}
++
++static inline int ath10k_hif_diag_write(struct ath10k *ar, u32 address,
++ const void *data, int nbytes)
++{
++ if (!ar->hif.ops->diag_write)
++ return -EOPNOTSUPP;
++
++ return ar->hif.ops->diag_write(ar, address, data, nbytes);
++}
++
+ static inline int ath10k_hif_exchange_bmi_msg(struct ath10k *ar,
+ void *request, u32 request_len,
+ void *response, u32 *response_len)
+@@ -178,4 +201,25 @@ static inline int ath10k_hif_resume(stru
+ return ar->hif.ops->resume(ar);
+ }
+
++static inline u32 ath10k_hif_read32(struct ath10k *ar, u32 address)
++{
++ if (!ar->hif.ops->read32) {
++ ath10k_warn(ar, "hif read32 not supported\n");
++ return 0xdeaddead;
++ }
++
++ return ar->hif.ops->read32(ar, address);
++}
++
++static inline void ath10k_hif_write32(struct ath10k *ar,
++ u32 address, u32 data)
++{
++ if (!ar->hif.ops->write32) {
++ ath10k_warn(ar, "hif write32 not supported\n");
++ return;
++ }
++
++ ar->hif.ops->write32(ar, address, data);
++}
++
+ #endif /* _HIF_H_ */
+--- a/drivers/net/wireless/ath/ath10k/htc.c
++++ b/drivers/net/wireless/ath/ath10k/htc.c
+@@ -45,10 +45,8 @@ static struct sk_buff *ath10k_htc_build_
+ struct ath10k_skb_cb *skb_cb;
+
+ skb = dev_alloc_skb(ATH10K_HTC_CONTROL_BUFFER_SIZE);
+- if (!skb) {
+- ath10k_warn("Unable to allocate ctrl skb\n");
++ if (!skb)
+ return NULL;
+- }
+
+ skb_reserve(skb, 20); /* FIXME: why 20 bytes? */
+ WARN_ONCE((unsigned long)skb->data & 3, "unaligned skb");
+@@ -56,7 +54,7 @@ static struct sk_buff *ath10k_htc_build_
+ skb_cb = ATH10K_SKB_CB(skb);
+ memset(skb_cb, 0, sizeof(*skb_cb));
+
+- ath10k_dbg(ATH10K_DBG_HTC, "%s: skb %p\n", __func__, skb);
++ ath10k_dbg(ar, ATH10K_DBG_HTC, "%s: skb %p\n", __func__, skb);
+ return skb;
+ }
+
+@@ -72,13 +70,15 @@ static inline void ath10k_htc_restore_tx
+ static void ath10k_htc_notify_tx_completion(struct ath10k_htc_ep *ep,
+ struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_HTC, "%s: ep %d skb %p\n", __func__,
++ struct ath10k *ar = ep->htc->ar;
++
++ ath10k_dbg(ar, ATH10K_DBG_HTC, "%s: ep %d skb %p\n", __func__,
+ ep->eid, skb);
+
+ ath10k_htc_restore_tx_skb(ep->htc, skb);
+
+ if (!ep->ep_ops.ep_tx_complete) {
+- ath10k_warn("no tx handler for eid %d\n", ep->eid);
++ ath10k_warn(ar, "no tx handler for eid %d\n", ep->eid);
+ dev_kfree_skb_any(skb);
+ return;
+ }
+@@ -89,12 +89,14 @@ static void ath10k_htc_notify_tx_complet
+ /* assumes tx_lock is held */
+ static bool ath10k_htc_ep_need_credit_update(struct ath10k_htc_ep *ep)
+ {
++ struct ath10k *ar = ep->htc->ar;
++
+ if (!ep->tx_credit_flow_enabled)
+ return false;
+ if (ep->tx_credits >= ep->tx_credits_per_max_message)
+ return false;
+
+- ath10k_dbg(ATH10K_DBG_HTC, "HTC: endpoint %d needs credit update\n",
++ ath10k_dbg(ar, ATH10K_DBG_HTC, "HTC: endpoint %d needs credit update\n",
+ ep->eid);
+ return true;
+ }
+@@ -123,6 +125,7 @@ int ath10k_htc_send(struct ath10k_htc *h
+ enum ath10k_htc_ep_id eid,
+ struct sk_buff *skb)
+ {
++ struct ath10k *ar = htc->ar;
+ struct ath10k_htc_ep *ep = &htc->endpoint[eid];
+ struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
+ struct ath10k_hif_sg_item sg_item;
+@@ -134,18 +137,10 @@ int ath10k_htc_send(struct ath10k_htc *h
+ return -ECOMM;
+
+ if (eid >= ATH10K_HTC_EP_COUNT) {
+- ath10k_warn("Invalid endpoint id: %d\n", eid);
++ ath10k_warn(ar, "Invalid endpoint id: %d\n", eid);
+ return -ENOENT;
+ }
+
+- /* FIXME: This looks ugly, can we fix it? */
+- spin_lock_bh(&htc->tx_lock);
+- if (htc->stopped) {
+- spin_unlock_bh(&htc->tx_lock);
+- return -ESHUTDOWN;
+- }
+- spin_unlock_bh(&htc->tx_lock);
+-
+ skb_push(skb, sizeof(struct ath10k_htc_hdr));
+
+ if (ep->tx_credit_flow_enabled) {
+@@ -157,7 +152,7 @@ int ath10k_htc_send(struct ath10k_htc *h
+ goto err_pull;
+ }
+ ep->tx_credits -= credits;
+- ath10k_dbg(ATH10K_DBG_HTC,
++ ath10k_dbg(ar, ATH10K_DBG_HTC,
+ "htc ep %d consumed %d credits (total %d)\n",
+ eid, credits, ep->tx_credits);
+ spin_unlock_bh(&htc->tx_lock);
+@@ -165,6 +160,7 @@ int ath10k_htc_send(struct ath10k_htc *h
+
+ ath10k_htc_prepare_tx_skb(ep, skb);
+
++ skb_cb->eid = eid;
+ skb_cb->paddr = dma_map_single(dev, skb->data, skb->len, DMA_TO_DEVICE);
+ ret = dma_mapping_error(dev, skb_cb->paddr);
+ if (ret)
+@@ -188,7 +184,7 @@ err_credits:
+ if (ep->tx_credit_flow_enabled) {
+ spin_lock_bh(&htc->tx_lock);
+ ep->tx_credits += credits;
+- ath10k_dbg(ATH10K_DBG_HTC,
++ ath10k_dbg(ar, ATH10K_DBG_HTC,
+ "htc ep %d reverted %d credits back (total %d)\n",
+ eid, credits, ep->tx_credits);
+ spin_unlock_bh(&htc->tx_lock);
+@@ -202,15 +198,18 @@ err_pull:
+ }
+
+ static int ath10k_htc_tx_completion_handler(struct ath10k *ar,
+- struct sk_buff *skb,
+- unsigned int eid)
++ struct sk_buff *skb)
+ {
+ struct ath10k_htc *htc = &ar->htc;
+- struct ath10k_htc_ep *ep = &htc->endpoint[eid];
++ struct ath10k_skb_cb *skb_cb;
++ struct ath10k_htc_ep *ep;
+
+ if (WARN_ON_ONCE(!skb))
+ return 0;
+
++ skb_cb = ATH10K_SKB_CB(skb);
++ ep = &htc->endpoint[skb_cb->eid];
++
+ ath10k_htc_notify_tx_completion(ep, skb);
+ /* the skb now belongs to the completion handler */
+
+@@ -227,11 +226,12 @@ ath10k_htc_process_credit_report(struct
+ int len,
+ enum ath10k_htc_ep_id eid)
+ {
++ struct ath10k *ar = htc->ar;
+ struct ath10k_htc_ep *ep;
+ int i, n_reports;
+
+ if (len % sizeof(*report))
+- ath10k_warn("Uneven credit report len %d", len);
++ ath10k_warn(ar, "Uneven credit report len %d", len);
+
+ n_reports = len / sizeof(*report);
+
+@@ -243,7 +243,7 @@ ath10k_htc_process_credit_report(struct
+ ep = &htc->endpoint[report->eid];
+ ep->tx_credits += report->credits;
+
+- ath10k_dbg(ATH10K_DBG_HTC, "htc ep %d got %d credits (total %d)\n",
++ ath10k_dbg(ar, ATH10K_DBG_HTC, "htc ep %d got %d credits (total %d)\n",
+ report->eid, report->credits, ep->tx_credits);
+
+ if (ep->ep_ops.ep_tx_credits) {
+@@ -260,6 +260,7 @@ static int ath10k_htc_process_trailer(st
+ int length,
+ enum ath10k_htc_ep_id src_eid)
+ {
++ struct ath10k *ar = htc->ar;
+ int status = 0;
+ struct ath10k_htc_record *record;
+ u8 *orig_buffer;
+@@ -279,7 +280,7 @@ static int ath10k_htc_process_trailer(st
+
+ if (record->hdr.len > length) {
+ /* no room left in buffer for record */
+- ath10k_warn("Invalid record length: %d\n",
++ ath10k_warn(ar, "Invalid record length: %d\n",
+ record->hdr.len);
+ status = -EINVAL;
+ break;
+@@ -289,7 +290,7 @@ static int ath10k_htc_process_trailer(st
+ case ATH10K_HTC_RECORD_CREDITS:
+ len = sizeof(struct ath10k_htc_credit_report);
+ if (record->hdr.len < len) {
+- ath10k_warn("Credit report too long\n");
++ ath10k_warn(ar, "Credit report too long\n");
+ status = -EINVAL;
+ break;
+ }
+@@ -299,7 +300,7 @@ static int ath10k_htc_process_trailer(st
+ src_eid);
+ break;
+ default:
+- ath10k_warn("Unhandled record: id:%d length:%d\n",
++ ath10k_warn(ar, "Unhandled record: id:%d length:%d\n",
+ record->hdr.id, record->hdr.len);
+ break;
+ }
+@@ -313,15 +314,14 @@ static int ath10k_htc_process_trailer(st
+ }
+
+ if (status)
+- ath10k_dbg_dump(ATH10K_DBG_HTC, "htc rx bad trailer", "",
++ ath10k_dbg_dump(ar, ATH10K_DBG_HTC, "htc rx bad trailer", "",
+ orig_buffer, orig_length);
+
+ return status;
+ }
+
+ static int ath10k_htc_rx_completion_handler(struct ath10k *ar,
+- struct sk_buff *skb,
+- u8 pipe_id)
++ struct sk_buff *skb)
+ {
+ int status = 0;
+ struct ath10k_htc *htc = &ar->htc;
+@@ -339,8 +339,8 @@ static int ath10k_htc_rx_completion_hand
+ eid = hdr->eid;
+
+ if (eid >= ATH10K_HTC_EP_COUNT) {
+- ath10k_warn("HTC Rx: invalid eid %d\n", eid);
+- ath10k_dbg_dump(ATH10K_DBG_HTC, "htc bad header", "",
++ ath10k_warn(ar, "HTC Rx: invalid eid %d\n", eid);
++ ath10k_dbg_dump(ar, ATH10K_DBG_HTC, "htc bad header", "",
+ hdr, sizeof(*hdr));
+ status = -EINVAL;
+ goto out;
+@@ -360,19 +360,19 @@ static int ath10k_htc_rx_completion_hand
+ payload_len = __le16_to_cpu(hdr->len);
+
+ if (payload_len + sizeof(*hdr) > ATH10K_HTC_MAX_LEN) {
+- ath10k_warn("HTC rx frame too long, len: %zu\n",
++ ath10k_warn(ar, "HTC rx frame too long, len: %zu\n",
+ payload_len + sizeof(*hdr));
+- ath10k_dbg_dump(ATH10K_DBG_HTC, "htc bad rx pkt len", "",
++ ath10k_dbg_dump(ar, ATH10K_DBG_HTC, "htc bad rx pkt len", "",
+ hdr, sizeof(*hdr));
+ status = -EINVAL;
+ goto out;
+ }
+
+ if (skb->len < payload_len) {
+- ath10k_dbg(ATH10K_DBG_HTC,
++ ath10k_dbg(ar, ATH10K_DBG_HTC,
+ "HTC Rx: insufficient length, got %d, expected %d\n",
+ skb->len, payload_len);
+- ath10k_dbg_dump(ATH10K_DBG_HTC, "htc bad rx pkt len",
++ ath10k_dbg_dump(ar, ATH10K_DBG_HTC, "htc bad rx pkt len",
+ "", hdr, sizeof(*hdr));
+ status = -EINVAL;
+ goto out;
+@@ -388,7 +388,7 @@ static int ath10k_htc_rx_completion_hand
+
+ if ((trailer_len < min_len) ||
+ (trailer_len > payload_len)) {
+- ath10k_warn("Invalid trailer length: %d\n",
++ ath10k_warn(ar, "Invalid trailer length: %d\n",
+ trailer_len);
+ status = -EPROTO;
+ goto out;
+@@ -421,7 +421,7 @@ static int ath10k_htc_rx_completion_hand
+ * this is a fatal error, target should not be
+ * sending unsolicited messages on the ep 0
+ */
+- ath10k_warn("HTC rx ctrl still processing\n");
++ ath10k_warn(ar, "HTC rx ctrl still processing\n");
+ status = -EINVAL;
+ complete(&htc->ctl_resp);
+ goto out;
+@@ -442,7 +442,7 @@ static int ath10k_htc_rx_completion_hand
+ goto out;
+ }
+
+- ath10k_dbg(ATH10K_DBG_HTC, "htc rx completion ep %d skb %p\n",
++ ath10k_dbg(ar, ATH10K_DBG_HTC, "htc rx completion ep %d skb %p\n",
+ eid, skb);
+ ep->ep_ops.ep_rx_complete(ar, skb);
+
+@@ -459,7 +459,7 @@ static void ath10k_htc_control_rx_comple
+ {
+ /* This is unexpected. FW is not supposed to send regular rx on this
+ * endpoint. */
+- ath10k_warn("unexpected htc rx\n");
++ ath10k_warn(ar, "unexpected htc rx\n");
+ kfree_skb(skb);
+ }
+
+@@ -546,7 +546,8 @@ static u8 ath10k_htc_get_credit_allocati
+
+ int ath10k_htc_wait_target(struct ath10k_htc *htc)
+ {
+- int status = 0;
++ struct ath10k *ar = htc->ar;
++ int i, status = 0;
+ struct ath10k_htc_svc_conn_req conn_req;
+ struct ath10k_htc_svc_conn_resp conn_resp;
+ struct ath10k_htc_msg *msg;
+@@ -556,16 +557,32 @@ int ath10k_htc_wait_target(struct ath10k
+
+ status = wait_for_completion_timeout(&htc->ctl_resp,
+ ATH10K_HTC_WAIT_TIMEOUT_HZ);
+- if (status <= 0) {
++ if (status == 0) {
++ /* Workaround: In some cases the PCI HIF doesn't
++ * receive interrupt for the control response message
++ * even if the buffer was completed. It is suspected
++ * iomap writes unmasking PCI CE irqs aren't propagated
++ * properly in KVM PCI-passthrough sometimes.
++ */
++ ath10k_warn(ar, "failed to receive control response completion, polling..\n");
++
++ for (i = 0; i < CE_COUNT; i++)
++ ath10k_hif_send_complete_check(htc->ar, i, 1);
++
++ status = wait_for_completion_timeout(&htc->ctl_resp,
++ ATH10K_HTC_WAIT_TIMEOUT_HZ);
++
+ if (status == 0)
+ status = -ETIMEDOUT;
++ }
+
+- ath10k_err("ctl_resp never came in (%d)\n", status);
++ if (status < 0) {
++ ath10k_err(ar, "ctl_resp never came in (%d)\n", status);
+ return status;
+ }
+
+ if (htc->control_resp_len < sizeof(msg->hdr) + sizeof(msg->ready)) {
+- ath10k_err("Invalid HTC ready msg len:%d\n",
++ ath10k_err(ar, "Invalid HTC ready msg len:%d\n",
+ htc->control_resp_len);
+ return -ECOMM;
+ }
+@@ -576,21 +593,21 @@ int ath10k_htc_wait_target(struct ath10k
+ credit_size = __le16_to_cpu(msg->ready.credit_size);
+
+ if (message_id != ATH10K_HTC_MSG_READY_ID) {
+- ath10k_err("Invalid HTC ready msg: 0x%x\n", message_id);
++ ath10k_err(ar, "Invalid HTC ready msg: 0x%x\n", message_id);
+ return -ECOMM;
+ }
+
+ htc->total_transmit_credits = credit_count;
+ htc->target_credit_size = credit_size;
+
+- ath10k_dbg(ATH10K_DBG_HTC,
++ ath10k_dbg(ar, ATH10K_DBG_HTC,
+ "Target ready! transmit resources: %d size:%d\n",
+ htc->total_transmit_credits,
+ htc->target_credit_size);
+
+ if ((htc->total_transmit_credits == 0) ||
+ (htc->target_credit_size == 0)) {
+- ath10k_err("Invalid credit size received\n");
++ ath10k_err(ar, "Invalid credit size received\n");
+ return -ECOMM;
+ }
+
+@@ -607,7 +624,8 @@ int ath10k_htc_wait_target(struct ath10k
+ /* connect fake service */
+ status = ath10k_htc_connect_service(htc, &conn_req, &conn_resp);
+ if (status) {
+- ath10k_err("could not connect to htc service (%d)\n", status);
++ ath10k_err(ar, "could not connect to htc service (%d)\n",
++ status);
+ return status;
+ }
+
+@@ -618,6 +636,7 @@ int ath10k_htc_connect_service(struct at
+ struct ath10k_htc_svc_conn_req *conn_req,
+ struct ath10k_htc_svc_conn_resp *conn_resp)
+ {
++ struct ath10k *ar = htc->ar;
+ struct ath10k_htc_msg *msg;
+ struct ath10k_htc_conn_svc *req_msg;
+ struct ath10k_htc_conn_svc_response resp_msg_dummy;
+@@ -643,13 +662,13 @@ int ath10k_htc_connect_service(struct at
+ tx_alloc = ath10k_htc_get_credit_allocation(htc,
+ conn_req->service_id);
+ if (!tx_alloc)
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "boot htc service %s does not allocate target credits\n",
+ htc_service_name(conn_req->service_id));
+
+ skb = ath10k_htc_build_tx_ctrl_skb(htc->ar);
+ if (!skb) {
+- ath10k_err("Failed to allocate HTC packet\n");
++ ath10k_err(ar, "Failed to allocate HTC packet\n");
+ return -ENOMEM;
+ }
+
+@@ -684,11 +703,9 @@ int ath10k_htc_connect_service(struct at
+ /* wait for response */
+ status = wait_for_completion_timeout(&htc->ctl_resp,
+ ATH10K_HTC_CONN_SVC_TIMEOUT_HZ);
+- if (status <= 0) {
+- if (status == 0)
+- status = -ETIMEDOUT;
+- ath10k_err("Service connect timeout: %d\n", status);
+- return status;
++ if (status == 0) {
++ ath10k_err(ar, "Service connect timeout: %d\n", status);
++ return -ETIMEDOUT;
+ }
+
+ /* we controlled the buffer creation, it's aligned */
+@@ -700,11 +717,11 @@ int ath10k_htc_connect_service(struct at
+ if ((message_id != ATH10K_HTC_MSG_CONNECT_SERVICE_RESP_ID) ||
+ (htc->control_resp_len < sizeof(msg->hdr) +
+ sizeof(msg->connect_service_response))) {
+- ath10k_err("Invalid resp message ID 0x%x", message_id);
++ ath10k_err(ar, "Invalid resp message ID 0x%x", message_id);
+ return -EPROTO;
+ }
+
+- ath10k_dbg(ATH10K_DBG_HTC,
++ ath10k_dbg(ar, ATH10K_DBG_HTC,
+ "HTC Service %s connect response: status: 0x%x, assigned ep: 0x%x\n",
+ htc_service_name(service_id),
+ resp_msg->status, resp_msg->eid);
+@@ -713,7 +730,7 @@ int ath10k_htc_connect_service(struct at
+
+ /* check response status */
+ if (resp_msg->status != ATH10K_HTC_CONN_SVC_STATUS_SUCCESS) {
+- ath10k_err("HTC Service %s connect request failed: 0x%x)\n",
++ ath10k_err(ar, "HTC Service %s connect request failed: 0x%x)\n",
+ htc_service_name(service_id),
+ resp_msg->status);
+ return -EPROTO;
+@@ -764,18 +781,18 @@ setup:
+ if (status)
+ return status;
+
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "boot htc service '%s' ul pipe %d dl pipe %d eid %d ready\n",
+ htc_service_name(ep->service_id), ep->ul_pipe_id,
+ ep->dl_pipe_id, ep->eid);
+
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "boot htc ep %d ul polled %d dl polled %d\n",
+ ep->eid, ep->ul_is_polled, ep->dl_is_polled);
+
+ if (disable_credit_flow_ctrl && ep->tx_credit_flow_enabled) {
+ ep->tx_credit_flow_enabled = false;
+- ath10k_dbg(ATH10K_DBG_BOOT,
++ ath10k_dbg(ar, ATH10K_DBG_BOOT,
+ "boot htc service '%s' eid %d TX flow control disabled\n",
+ htc_service_name(ep->service_id), assigned_eid);
+ }
+@@ -783,27 +800,26 @@ setup:
+ return status;
+ }
+
+-struct sk_buff *ath10k_htc_alloc_skb(int size)
++struct sk_buff *ath10k_htc_alloc_skb(struct ath10k *ar, int size)
+ {
+ struct sk_buff *skb;
+
+ skb = dev_alloc_skb(size + sizeof(struct ath10k_htc_hdr));
+- if (!skb) {
+- ath10k_warn("could not allocate HTC tx skb\n");
++ if (!skb)
+ return NULL;
+- }
+
+ skb_reserve(skb, sizeof(struct ath10k_htc_hdr));
+
+ /* FW/HTC requires 4-byte aligned streams */
+ if (!IS_ALIGNED((unsigned long)skb->data, 4))
+- ath10k_warn("Unaligned HTC tx skb\n");
++ ath10k_warn(ar, "Unaligned HTC tx skb\n");
+
+ return skb;
+ }
+
+ int ath10k_htc_start(struct ath10k_htc *htc)
+ {
++ struct ath10k *ar = htc->ar;
+ struct sk_buff *skb;
+ int status = 0;
+ struct ath10k_htc_msg *msg;
+@@ -819,7 +835,7 @@ int ath10k_htc_start(struct ath10k_htc *
+ msg->hdr.message_id =
+ __cpu_to_le16(ATH10K_HTC_MSG_SETUP_COMPLETE_EX_ID);
+
+- ath10k_dbg(ATH10K_DBG_HTC, "HTC is using TX credit flow control\n");
++ ath10k_dbg(ar, ATH10K_DBG_HTC, "HTC is using TX credit flow control\n");
+
+ status = ath10k_htc_send(htc, ATH10K_HTC_EP_0, skb);
+ if (status) {
+@@ -830,19 +846,6 @@ int ath10k_htc_start(struct ath10k_htc *
+ return 0;
+ }
+
+-/*
+- * stop HTC communications, i.e. stop interrupt reception, and flush all
+- * queued buffers
+- */
+-void ath10k_htc_stop(struct ath10k_htc *htc)
+-{
+- spin_lock_bh(&htc->tx_lock);
+- htc->stopped = true;
+- spin_unlock_bh(&htc->tx_lock);
+-
+- ath10k_hif_stop(htc->ar);
+-}
+-
+ /* registered target arrival callback from the HIF layer */
+ int ath10k_htc_init(struct ath10k *ar)
+ {
+@@ -852,7 +855,6 @@ int ath10k_htc_init(struct ath10k *ar)
+
+ spin_lock_init(&htc->tx_lock);
+
+- htc->stopped = false;
+ ath10k_htc_reset_endpoint_states(htc);
+
+ /* setup HIF layer callbacks */
+--- a/drivers/net/wireless/ath/ath10k/htc.h
++++ b/drivers/net/wireless/ath/ath10k/htc.h
+@@ -214,7 +214,6 @@ struct ath10k_htc_frame {
+ struct ath10k_htc_record trailer[0];
+ } __packed __aligned(4);
+
+-
+ /*******************/
+ /* Host-side stuff */
+ /*******************/
+@@ -332,7 +331,7 @@ struct ath10k_htc {
+ struct ath10k *ar;
+ struct ath10k_htc_ep endpoint[ATH10K_HTC_EP_COUNT];
+
+- /* protects endpoint and stopped fields */
++ /* protects endpoints */
+ spinlock_t tx_lock;
+
+ struct ath10k_htc_ops htc_ops;
+@@ -345,8 +344,6 @@ struct ath10k_htc {
+ int total_transmit_credits;
+ struct ath10k_htc_svc_tx_credits service_tx_alloc[ATH10K_HTC_EP_COUNT];
+ int target_credit_size;
+-
+- bool stopped;
+ };
+
+ int ath10k_htc_init(struct ath10k *ar);
+@@ -357,7 +354,6 @@ int ath10k_htc_connect_service(struct at
+ struct ath10k_htc_svc_conn_resp *conn_resp);
+ int ath10k_htc_send(struct ath10k_htc *htc, enum ath10k_htc_ep_id eid,
+ struct sk_buff *packet);
+-void ath10k_htc_stop(struct ath10k_htc *htc);
+-struct sk_buff *ath10k_htc_alloc_skb(int size);
++struct sk_buff *ath10k_htc_alloc_skb(struct ath10k *ar, int size);
+
+ #endif
+--- a/drivers/net/wireless/ath/ath10k/htt.c
++++ b/drivers/net/wireless/ath/ath10k/htt.c
+@@ -22,7 +22,7 @@
+ #include "core.h"
+ #include "debug.h"
+
+-static int ath10k_htt_htc_attach(struct ath10k_htt *htt)
++int ath10k_htt_connect(struct ath10k_htt *htt)
+ {
+ struct ath10k_htc_svc_conn_req conn_req;
+ struct ath10k_htc_svc_conn_resp conn_resp;
+@@ -48,37 +48,11 @@ static int ath10k_htt_htc_attach(struct
+ return 0;
+ }
+
+-int ath10k_htt_attach(struct ath10k *ar)
++int ath10k_htt_init(struct ath10k *ar)
+ {
+ struct ath10k_htt *htt = &ar->htt;
+- int ret;
+
+ htt->ar = ar;
+- htt->max_throughput_mbps = 800;
+-
+- /*
+- * Connect to HTC service.
+- * This has to be done before calling ath10k_htt_rx_attach,
+- * since ath10k_htt_rx_attach involves sending a rx ring configure
+- * message to the target.
+- */
+- ret = ath10k_htt_htc_attach(htt);
+- if (ret) {
+- ath10k_err("could not attach htt htc (%d)\n", ret);
+- goto err_htc_attach;
+- }
+-
+- ret = ath10k_htt_tx_attach(htt);
+- if (ret) {
+- ath10k_err("could not attach htt tx (%d)\n", ret);
+- goto err_htc_attach;
+- }
+-
+- ret = ath10k_htt_rx_attach(htt);
+- if (ret) {
+- ath10k_err("could not attach htt rx (%d)\n", ret);
+- goto err_rx_attach;
+- }
+
+ /*
+ * Prefetch enough data to satisfy target
+@@ -93,23 +67,20 @@ int ath10k_htt_attach(struct ath10k *ar)
+ 2; /* ip4 dscp or ip6 priority */
+
+ return 0;
+-
+-err_rx_attach:
+- ath10k_htt_tx_detach(htt);
+-err_htc_attach:
+- return ret;
+ }
+
+ #define HTT_TARGET_VERSION_TIMEOUT_HZ (3*HZ)
+
+ static int ath10k_htt_verify_version(struct ath10k_htt *htt)
+ {
+- ath10k_dbg(ATH10K_DBG_BOOT, "htt target version %d.%d\n",
++ struct ath10k *ar = htt->ar;
++
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "htt target version %d.%d\n",
+ htt->target_version_major, htt->target_version_minor);
+
+ if (htt->target_version_major != 2 &&
+ htt->target_version_major != 3) {
+- ath10k_err("unsupported htt major version %d. supported versions are 2 and 3\n",
++ ath10k_err(ar, "unsupported htt major version %d. supported versions are 2 and 3\n",
+ htt->target_version_major);
+ return -ENOTSUPP;
+ }
+@@ -117,8 +88,9 @@ static int ath10k_htt_verify_version(str
+ return 0;
+ }
+
+-int ath10k_htt_attach_target(struct ath10k_htt *htt)
++int ath10k_htt_setup(struct ath10k_htt *htt)
+ {
++ struct ath10k *ar = htt->ar;
+ int status;
+
+ init_completion(&htt->target_version_received);
+@@ -128,9 +100,9 @@ int ath10k_htt_attach_target(struct ath1
+ return status;
+
+ status = wait_for_completion_timeout(&htt->target_version_received,
+- HTT_TARGET_VERSION_TIMEOUT_HZ);
+- if (status <= 0) {
+- ath10k_warn("htt version request timed out\n");
++ HTT_TARGET_VERSION_TIMEOUT_HZ);
++ if (status == 0) {
++ ath10k_warn(ar, "htt version request timed out\n");
+ return -ETIMEDOUT;
+ }
+
+@@ -140,9 +112,3 @@ int ath10k_htt_attach_target(struct ath1
+
+ return ath10k_htt_send_rx_ring_cfg_ll(htt);
+ }
+-
+-void ath10k_htt_detach(struct ath10k_htt *htt)
+-{
+- ath10k_htt_rx_detach(htt);
+- ath10k_htt_tx_detach(htt);
+-}
+--- a/drivers/net/wireless/ath/ath10k/htt.h
++++ b/drivers/net/wireless/ath/ath10k/htt.h
+@@ -21,6 +21,7 @@
+ #include <linux/bug.h>
+ #include <linux/interrupt.h>
+ #include <linux/dmapool.h>
++#include <linux/hashtable.h>
+ #include <net/mac80211.h>
+
+ #include "htc.h"
+@@ -126,6 +127,7 @@ enum htt_data_tx_ext_tid {
+ * (HL hosts manage queues on the host )
+ * more_in_batch: only for HL hosts. indicates if more packets are
+ * pending. this allows target to wait and aggregate
++ * freq: 0 means home channel of given vdev. intended for offchannel
+ */
+ struct htt_data_tx_desc {
+ u8 flags0; /* %HTT_DATA_TX_DESC_FLAGS0_ */
+@@ -133,7 +135,8 @@ struct htt_data_tx_desc {
+ __le16 len;
+ __le16 id;
+ __le32 frags_paddr;
+- __le32 peerid;
++ __le16 peerid;
++ __le16 freq;
+ u8 prefetch[0]; /* start of frame, for FW classification engine */
+ } __packed;
+
+@@ -156,6 +159,9 @@ enum htt_rx_ring_flags {
+ HTT_RX_RING_FLAGS_PHY_DATA_RX = 1 << 15
+ };
+
++#define HTT_RX_RING_SIZE_MIN 128
++#define HTT_RX_RING_SIZE_MAX 2048
++
+ struct htt_rx_ring_setup_ring {
+ __le32 fw_idx_shadow_reg_paddr;
+ __le32 rx_ring_base_paddr;
+@@ -240,16 +246,10 @@ struct htt_oob_sync_req {
+ __le16 rsvd0;
+ } __packed;
+
+-#define HTT_AGGR_CONF_MAX_NUM_AMSDU_SUBFRAMES_MASK 0x1F
+-#define HTT_AGGR_CONF_MAX_NUM_AMSDU_SUBFRAMES_LSB 0
+-
+ struct htt_aggr_conf {
+ u8 max_num_ampdu_subframes;
+- union {
+- /* dont use bitfields; undefined behaviour */
+- u8 flags; /* see %HTT_AGGR_CONF_MAX_NUM_AMSDU_SUBFRAMES_ */
+- u8 max_num_amsdu_subframes:5;
+- } __packed;
++ /* amsdu_subframes is limited by 0x1F mask */
++ u8 max_num_amsdu_subframes;
+ } __packed;
+
+ #define HTT_MGMT_FRM_HDR_DOWNLOAD_LEN 32
+@@ -271,7 +271,6 @@ enum htt_mgmt_tx_status {
+
+ /*=== target -> host messages ===============================================*/
+
+-
+ enum htt_t2h_msg_type {
+ HTT_T2H_MSG_TYPE_VERSION_CONF = 0x0,
+ HTT_T2H_MSG_TYPE_RX_IND = 0x1,
+@@ -288,7 +287,19 @@ enum htt_t2h_msg_type {
+ HTT_T2H_MSG_TYPE_RC_UPDATE_IND = 0xc,
+ HTT_T2H_MSG_TYPE_TX_INSPECT_IND = 0xd,
+ HTT_T2H_MSG_TYPE_MGMT_TX_COMPLETION = 0xe,
++ HTT_T2H_MSG_TYPE_TX_CREDIT_UPDATE_IND = 0xf,
++ HTT_T2H_MSG_TYPE_RX_PN_IND = 0x10,
++ HTT_T2H_MSG_TYPE_RX_OFFLOAD_DELIVER_IND = 0x11,
++ HTT_T2H_MSG_TYPE_RX_IN_ORD_PADDR_IND = 0x12,
++ /* 0x13 reservd */
++ HTT_T2H_MSG_TYPE_WDI_IPA_OP_RESPONSE = 0x14,
++
++ /* FIXME: Do not depend on this event id. Numbering of this event id is
++ * broken across different firmware revisions and HTT version fails to
++ * indicate this.
++ */
+ HTT_T2H_MSG_TYPE_TEST,
++
+ /* keep this last */
+ HTT_T2H_NUM_MSGS
+ };
+@@ -657,6 +668,53 @@ struct htt_rx_fragment_indication {
+ #define HTT_RX_FRAG_IND_INFO1_FLUSH_SEQ_NUM_END_MASK 0x00000FC0
+ #define HTT_RX_FRAG_IND_INFO1_FLUSH_SEQ_NUM_END_LSB 6
+
++struct htt_rx_pn_ind {
++ __le16 peer_id;
++ u8 tid;
++ u8 seqno_start;
++ u8 seqno_end;
++ u8 pn_ie_count;
++ u8 reserved;
++ u8 pn_ies[0];
++} __packed;
++
++struct htt_rx_offload_msdu {
++ __le16 msdu_len;
++ __le16 peer_id;
++ u8 vdev_id;
++ u8 tid;
++ u8 fw_desc;
++ u8 payload[0];
++} __packed;
++
++struct htt_rx_offload_ind {
++ u8 reserved;
++ __le16 msdu_count;
++} __packed;
++
++struct htt_rx_in_ord_msdu_desc {
++ __le32 msdu_paddr;
++ __le16 msdu_len;
++ u8 fw_desc;
++ u8 reserved;
++} __packed;
++
++struct htt_rx_in_ord_ind {
++ u8 info;
++ __le16 peer_id;
++ u8 vdev_id;
++ u8 reserved;
++ __le16 msdu_count;
++ struct htt_rx_in_ord_msdu_desc msdu_descs[0];
++} __packed;
++
++#define HTT_RX_IN_ORD_IND_INFO_TID_MASK 0x0000001f
++#define HTT_RX_IN_ORD_IND_INFO_TID_LSB 0
++#define HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK 0x00000020
++#define HTT_RX_IN_ORD_IND_INFO_OFFLOAD_LSB 5
++#define HTT_RX_IN_ORD_IND_INFO_FRAG_MASK 0x00000040
++#define HTT_RX_IN_ORD_IND_INFO_FRAG_LSB 6
++
+ /*
+ * target -> host test message definition
+ *
+@@ -732,7 +790,7 @@ static inline u8 *htt_rx_test_get_chars(
+ */
+ struct htt_pktlog_msg {
+ u8 pad[3];
+- __le32 payload[1 /* or more */];
++ u8 payload[0];
+ } __packed;
+
+ struct htt_dbg_stats_rx_reorder_stats {
+@@ -1038,6 +1096,7 @@ static inline struct htt_stats_conf_item
+ {
+ return (void *)item + sizeof(*item) + roundup(item->length, 4);
+ }
++
+ /*
+ * host -> target FRAG DESCRIPTOR/MSDU_EXT DESC bank
+ *
+@@ -1151,10 +1210,12 @@ struct htt_resp {
+ struct htt_rx_test rx_test;
+ struct htt_pktlog_msg pktlog_msg;
+ struct htt_stats_conf stats_conf;
++ struct htt_rx_pn_ind rx_pn_ind;
++ struct htt_rx_offload_ind rx_offload_ind;
++ struct htt_rx_in_ord_ind rx_in_ord_ind;
+ };
+ } __packed;
+
+-
+ /*** host side structures follow ***/
+
+ struct htt_tx_done {
+@@ -1184,7 +1245,6 @@ struct ath10k_htt {
+ struct ath10k *ar;
+ enum ath10k_htc_ep_id eid;
+
+- int max_throughput_mbps;
+ u8 target_version_major;
+ u8 target_version_minor;
+ struct completion target_version_received;
+@@ -1200,6 +1260,20 @@ struct ath10k_htt {
+ * filled.
+ */
+ struct sk_buff **netbufs_ring;
++
++ /* This is used only with firmware supporting IN_ORD_IND.
++ *
++ * With Full Rx Reorder the HTT Rx Ring is more of a temporary
++ * buffer ring from which buffer addresses are copied by the
++ * firmware to MAC Rx ring. Firmware then delivers IN_ORD_IND
++ * pointing to specific (re-ordered) buffers.
++ *
++ * FIXME: With kernel generic hashing functions there's a lot
++ * of hash collisions for sk_buffs.
++ */
++ bool in_ord_rx;
++ DECLARE_HASHTABLE(skb_table, 4);
++
+ /*
+ * Ring of buffer addresses -
+ * This ring holds the "physical" device address of the
+@@ -1254,12 +1328,11 @@ struct ath10k_htt {
+
+ unsigned int prefetch_len;
+
+- /* Protects access to %pending_tx, %used_msdu_ids */
++ /* Protects access to pending_tx, num_pending_tx */
+ spinlock_t tx_lock;
+ int max_num_pending_tx;
+ int num_pending_tx;
+- struct sk_buff **pending_tx;
+- unsigned long *used_msdu_ids; /* bitmap */
++ struct idr pending_tx;
+ wait_queue_head_t empty_tx_wq;
+ struct dma_pool *tx_pool;
+
+@@ -1273,6 +1346,7 @@ struct ath10k_htt {
+ struct tasklet_struct txrx_compl_task;
+ struct sk_buff_head tx_compl_q;
+ struct sk_buff_head rx_compl_q;
++ struct sk_buff_head rx_in_ord_compl_q;
+
+ /* rx_status template */
+ struct ieee80211_rx_status rx_status;
+@@ -1328,22 +1402,28 @@ struct htt_rx_desc {
+ #define HTT_LOG2_MAX_CACHE_LINE_SIZE 7 /* 2^7 = 128 */
+ #define HTT_MAX_CACHE_LINE_SIZE_MASK ((1 << HTT_LOG2_MAX_CACHE_LINE_SIZE) - 1)
+
+-int ath10k_htt_attach(struct ath10k *ar);
+-int ath10k_htt_attach_target(struct ath10k_htt *htt);
+-void ath10k_htt_detach(struct ath10k_htt *htt);
+-
+-int ath10k_htt_tx_attach(struct ath10k_htt *htt);
+-void ath10k_htt_tx_detach(struct ath10k_htt *htt);
+-int ath10k_htt_rx_attach(struct ath10k_htt *htt);
+-void ath10k_htt_rx_detach(struct ath10k_htt *htt);
++int ath10k_htt_connect(struct ath10k_htt *htt);
++int ath10k_htt_init(struct ath10k *ar);
++int ath10k_htt_setup(struct ath10k_htt *htt);
++
++int ath10k_htt_tx_alloc(struct ath10k_htt *htt);
++void ath10k_htt_tx_free(struct ath10k_htt *htt);
++
++int ath10k_htt_rx_alloc(struct ath10k_htt *htt);
++int ath10k_htt_rx_ring_refill(struct ath10k *ar);
++void ath10k_htt_rx_free(struct ath10k_htt *htt);
++
+ void ath10k_htt_htc_tx_complete(struct ath10k *ar, struct sk_buff *skb);
+ void ath10k_htt_t2h_msg_handler(struct ath10k *ar, struct sk_buff *skb);
+ int ath10k_htt_h2t_ver_req_msg(struct ath10k_htt *htt);
+ int ath10k_htt_h2t_stats_req(struct ath10k_htt *htt, u8 mask, u64 cookie);
+ int ath10k_htt_send_rx_ring_cfg_ll(struct ath10k_htt *htt);
++int ath10k_htt_h2t_aggr_cfg_msg(struct ath10k_htt *htt,
++ u8 max_subfrms_ampdu,
++ u8 max_subfrms_amsdu);
+
+ void __ath10k_htt_tx_dec_pending(struct ath10k_htt *htt);
+-int ath10k_htt_tx_alloc_msdu_id(struct ath10k_htt *htt);
++int ath10k_htt_tx_alloc_msdu_id(struct ath10k_htt *htt, struct sk_buff *skb);
+ void ath10k_htt_tx_free_msdu_id(struct ath10k_htt *htt, u16 msdu_id);
+ int ath10k_htt_mgmt_tx(struct ath10k_htt *htt, struct sk_buff *);
+ int ath10k_htt_tx(struct ath10k_htt *htt, struct sk_buff *);
+--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
++++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
+@@ -21,118 +21,84 @@
+ #include "txrx.h"
+ #include "debug.h"
+ #include "trace.h"
++#include "mac.h"
+
+ #include <linux/log2.h>
+
+-/* slightly larger than one large A-MPDU */
+-#define HTT_RX_RING_SIZE_MIN 128
+-
+-/* roughly 20 ms @ 1 Gbps of 1500B MSDUs */
+-#define HTT_RX_RING_SIZE_MAX 2048
+-
+-#define HTT_RX_AVG_FRM_BYTES 1000
+-
+-/* ms, very conservative */
+-#define HTT_RX_HOST_LATENCY_MAX_MS 20
+-
+-/* ms, conservative */
+-#define HTT_RX_HOST_LATENCY_WORST_LIKELY_MS 10
++#define HTT_RX_RING_SIZE HTT_RX_RING_SIZE_MAX
++#define HTT_RX_RING_FILL_LEVEL (((HTT_RX_RING_SIZE) / 2) - 1)
+
+ /* when under memory pressure rx ring refill may fail and needs a retry */
+ #define HTT_RX_RING_REFILL_RETRY_MS 50
+
+-
+ static int ath10k_htt_rx_get_csum_state(struct sk_buff *skb);
+ static void ath10k_htt_txrx_compl_task(unsigned long ptr);
+
+-static int ath10k_htt_rx_ring_size(struct ath10k_htt *htt)
+-{
+- int size;
+-
+- /*
+- * It is expected that the host CPU will typically be able to
+- * service the rx indication from one A-MPDU before the rx
+- * indication from the subsequent A-MPDU happens, roughly 1-2 ms
+- * later. However, the rx ring should be sized very conservatively,
+- * to accomodate the worst reasonable delay before the host CPU
+- * services a rx indication interrupt.
+- *
+- * The rx ring need not be kept full of empty buffers. In theory,
+- * the htt host SW can dynamically track the low-water mark in the
+- * rx ring, and dynamically adjust the level to which the rx ring
+- * is filled with empty buffers, to dynamically meet the desired
+- * low-water mark.
+- *
+- * In contrast, it's difficult to resize the rx ring itself, once
+- * it's in use. Thus, the ring itself should be sized very
+- * conservatively, while the degree to which the ring is filled
+- * with empty buffers should be sized moderately conservatively.
+- */
+-
+- /* 1e6 bps/mbps / 1e3 ms per sec = 1000 */
+- size =
+- htt->max_throughput_mbps +
+- 1000 /
+- (8 * HTT_RX_AVG_FRM_BYTES) * HTT_RX_HOST_LATENCY_MAX_MS;
+-
+- if (size < HTT_RX_RING_SIZE_MIN)
+- size = HTT_RX_RING_SIZE_MIN;
+-
+- if (size > HTT_RX_RING_SIZE_MAX)
+- size = HTT_RX_RING_SIZE_MAX;
+-
+- size = roundup_pow_of_two(size);
+-
+- return size;
+-}
+-
+-static int ath10k_htt_rx_ring_fill_level(struct ath10k_htt *htt)
++static struct sk_buff *
++ath10k_htt_rx_find_skb_paddr(struct ath10k *ar, u32 paddr)
+ {
+- int size;
++ struct ath10k_skb_rxcb *rxcb;
+
+- /* 1e6 bps/mbps / 1e3 ms per sec = 1000 */
+- size =
+- htt->max_throughput_mbps *
+- 1000 /
+- (8 * HTT_RX_AVG_FRM_BYTES) * HTT_RX_HOST_LATENCY_WORST_LIKELY_MS;
+-
+- /*
+- * Make sure the fill level is at least 1 less than the ring size.
+- * Leaving 1 element empty allows the SW to easily distinguish
+- * between a full ring vs. an empty ring.
+- */
+- if (size >= htt->rx_ring.size)
+- size = htt->rx_ring.size - 1;
++ hash_for_each_possible(ar->htt.rx_ring.skb_table, rxcb, hlist, paddr)
++ if (rxcb->paddr == paddr)
++ return ATH10K_RXCB_SKB(rxcb);
+
+- return size;
++ WARN_ON_ONCE(1);
++ return NULL;
+ }
+
+ static void ath10k_htt_rx_ring_free(struct ath10k_htt *htt)
+ {
+ struct sk_buff *skb;
+- struct ath10k_skb_cb *cb;
++ struct ath10k_skb_rxcb *rxcb;
++ struct hlist_node *n;
+ int i;
+
+- for (i = 0; i < htt->rx_ring.fill_cnt; i++) {
+- skb = htt->rx_ring.netbufs_ring[i];
+- cb = ATH10K_SKB_CB(skb);
+- dma_unmap_single(htt->ar->dev, cb->paddr,
+- skb->len + skb_tailroom(skb),
+- DMA_FROM_DEVICE);
+- dev_kfree_skb_any(skb);
++ if (htt->rx_ring.in_ord_rx) {
++ hash_for_each_safe(htt->rx_ring.skb_table, i, n, rxcb, hlist) {
++ skb = ATH10K_RXCB_SKB(rxcb);
++ dma_unmap_single(htt->ar->dev, rxcb->paddr,
++ skb->len + skb_tailroom(skb),
++ DMA_FROM_DEVICE);
++ hash_del(&rxcb->hlist);
++ dev_kfree_skb_any(skb);
++ }
++ } else {
++ for (i = 0; i < htt->rx_ring.size; i++) {
++ skb = htt->rx_ring.netbufs_ring[i];
++ if (!skb)
++ continue;
++
++ rxcb = ATH10K_SKB_RXCB(skb);
++ dma_unmap_single(htt->ar->dev, rxcb->paddr,
++ skb->len + skb_tailroom(skb),
++ DMA_FROM_DEVICE);
++ dev_kfree_skb_any(skb);
++ }
+ }
+
+ htt->rx_ring.fill_cnt = 0;
++ hash_init(htt->rx_ring.skb_table);
++ memset(htt->rx_ring.netbufs_ring, 0,
++ htt->rx_ring.size * sizeof(htt->rx_ring.netbufs_ring[0]));
+ }
+
+ static int __ath10k_htt_rx_ring_fill_n(struct ath10k_htt *htt, int num)
+ {
+ struct htt_rx_desc *rx_desc;
++ struct ath10k_skb_rxcb *rxcb;
+ struct sk_buff *skb;
+ dma_addr_t paddr;
+ int ret = 0, idx;
+
+- idx = __le32_to_cpu(*(htt->rx_ring.alloc_idx.vaddr));
++ /* The Full Rx Reorder firmware has no way of telling the host
++ * implicitly when it copied HTT Rx Ring buffers to MAC Rx Ring.
++ * To keep things simple make sure ring is always half empty. This
++ * guarantees there'll be no replenishment overruns possible.
++ */
++ BUILD_BUG_ON(HTT_RX_RING_FILL_LEVEL >= HTT_RX_RING_SIZE / 2);
++
++ idx = __le32_to_cpu(*htt->rx_ring.alloc_idx.vaddr);
+ while (num > 0) {
+ skb = dev_alloc_skb(HTT_RX_BUF_SIZE + HTT_RX_DESC_ALIGN);
+ if (!skb) {
+@@ -159,18 +125,30 @@ static int __ath10k_htt_rx_ring_fill_n(s
+ goto fail;
+ }
+
+- ATH10K_SKB_CB(skb)->paddr = paddr;
++ rxcb = ATH10K_SKB_RXCB(skb);
++ rxcb->paddr = paddr;
+ htt->rx_ring.netbufs_ring[idx] = skb;
+ htt->rx_ring.paddrs_ring[idx] = __cpu_to_le32(paddr);
+ htt->rx_ring.fill_cnt++;
+
++ if (htt->rx_ring.in_ord_rx) {
++ hash_add(htt->rx_ring.skb_table,
++ &ATH10K_SKB_RXCB(skb)->hlist,
++ (u32)paddr);
++ }
++
+ num--;
+ idx++;
+ idx &= htt->rx_ring.size_mask;
+ }
+
+ fail:
+- *(htt->rx_ring.alloc_idx.vaddr) = __cpu_to_le32(idx);
++ /*
++ * Make sure the rx buffer is updated before available buffer
++ * index to avoid any potential rx ring corruption.
++ */
++ mb();
++ *htt->rx_ring.alloc_idx.vaddr = __cpu_to_le32(idx);
+ return ret;
+ }
+
+@@ -198,7 +176,7 @@ static void ath10k_htt_rx_msdu_buff_repl
+ * automatically balances load wrt to CPU power.
+ *
+ * This probably comes at a cost of lower maximum throughput but
+- * improves the avarage and stability. */
++ * improves the average and stability. */
+ spin_lock_bh(&htt->rx_ring.lock);
+ num_deficit = htt->rx_ring.fill_level - htt->rx_ring.fill_cnt;
+ num_to_fill = min(ATH10K_HTT_MAX_NUM_REFILL, num_deficit);
+@@ -222,32 +200,37 @@ static void ath10k_htt_rx_msdu_buff_repl
+ static void ath10k_htt_rx_ring_refill_retry(unsigned long arg)
+ {
+ struct ath10k_htt *htt = (struct ath10k_htt *)arg;
++
+ ath10k_htt_rx_msdu_buff_replenish(htt);
+ }
+
+-void ath10k_htt_rx_detach(struct ath10k_htt *htt)
++int ath10k_htt_rx_ring_refill(struct ath10k *ar)
+ {
+- int sw_rd_idx = htt->rx_ring.sw_rd_idx.msdu_payld;
++ struct ath10k_htt *htt = &ar->htt;
++ int ret;
++
++ spin_lock_bh(&htt->rx_ring.lock);
++ ret = ath10k_htt_rx_ring_fill_n(htt, (htt->rx_ring.fill_level -
++ htt->rx_ring.fill_cnt));
++ spin_unlock_bh(&htt->rx_ring.lock);
++
++ if (ret)
++ ath10k_htt_rx_ring_free(htt);
++
++ return ret;
++}
+
++void ath10k_htt_rx_free(struct ath10k_htt *htt)
++{
+ del_timer_sync(&htt->rx_ring.refill_retry_timer);
+ tasklet_kill(&htt->rx_replenish_task);
+ tasklet_kill(&htt->txrx_compl_task);
+
+ skb_queue_purge(&htt->tx_compl_q);
+ skb_queue_purge(&htt->rx_compl_q);
++ skb_queue_purge(&htt->rx_in_ord_compl_q);
+
+- while (sw_rd_idx != __le32_to_cpu(*(htt->rx_ring.alloc_idx.vaddr))) {
+- struct sk_buff *skb =
+- htt->rx_ring.netbufs_ring[sw_rd_idx];
+- struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
+-
+- dma_unmap_single(htt->ar->dev, cb->paddr,
+- skb->len + skb_tailroom(skb),
+- DMA_FROM_DEVICE);
+- dev_kfree_skb_any(htt->rx_ring.netbufs_ring[sw_rd_idx]);
+- sw_rd_idx++;
+- sw_rd_idx &= htt->rx_ring.size_mask;
+- }
++ ath10k_htt_rx_ring_free(htt);
+
+ dma_free_coherent(htt->ar->dev,
+ (htt->rx_ring.size *
+@@ -265,66 +248,59 @@ void ath10k_htt_rx_detach(struct ath10k_
+
+ static inline struct sk_buff *ath10k_htt_rx_netbuf_pop(struct ath10k_htt *htt)
+ {
++ struct ath10k *ar = htt->ar;
+ int idx;
+ struct sk_buff *msdu;
+
+ lockdep_assert_held(&htt->rx_ring.lock);
+
+ if (htt->rx_ring.fill_cnt == 0) {
+- ath10k_warn("tried to pop sk_buff from an empty rx ring\n");
++ ath10k_warn(ar, "tried to pop sk_buff from an empty rx ring\n");
+ return NULL;
+ }
+
+ idx = htt->rx_ring.sw_rd_idx.msdu_payld;
+ msdu = htt->rx_ring.netbufs_ring[idx];
++ htt->rx_ring.netbufs_ring[idx] = NULL;
++ htt->rx_ring.paddrs_ring[idx] = 0;
+
+ idx++;
+ idx &= htt->rx_ring.size_mask;
+ htt->rx_ring.sw_rd_idx.msdu_payld = idx;
+ htt->rx_ring.fill_cnt--;
+
+- return msdu;
+-}
+-
+-static void ath10k_htt_rx_free_msdu_chain(struct sk_buff *skb)
+-{
+- struct sk_buff *next;
++ dma_unmap_single(htt->ar->dev,
++ ATH10K_SKB_RXCB(msdu)->paddr,
++ msdu->len + skb_tailroom(msdu),
++ DMA_FROM_DEVICE);
++ ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx netbuf pop: ",
++ msdu->data, msdu->len + skb_tailroom(msdu));
+
+- while (skb) {
+- next = skb->next;
+- dev_kfree_skb_any(skb);
+- skb = next;
+- }
++ return msdu;
+ }
+
+ /* return: < 0 fatal error, 0 - non chained msdu, 1 chained msdu */
+ static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt *htt,
+ u8 **fw_desc, int *fw_desc_len,
+- struct sk_buff **head_msdu,
+- struct sk_buff **tail_msdu)
++ struct sk_buff_head *amsdu)
+ {
++ struct ath10k *ar = htt->ar;
+ int msdu_len, msdu_chaining = 0;
+ struct sk_buff *msdu;
+ struct htt_rx_desc *rx_desc;
+
+ lockdep_assert_held(&htt->rx_ring.lock);
+
+- if (htt->rx_confused) {
+- ath10k_warn("htt is confused. refusing rx\n");
+- return -1;
+- }
+-
+- msdu = *head_msdu = ath10k_htt_rx_netbuf_pop(htt);
+- while (msdu) {
++ for (;;) {
+ int last_msdu, msdu_len_invalid, msdu_chained;
+
+- dma_unmap_single(htt->ar->dev,
+- ATH10K_SKB_CB(msdu)->paddr,
+- msdu->len + skb_tailroom(msdu),
+- DMA_FROM_DEVICE);
++ msdu = ath10k_htt_rx_netbuf_pop(htt);
++ if (!msdu) {
++ __skb_queue_purge(amsdu);
++ return -ENOENT;
++ }
+
+- ath10k_dbg_dump(ATH10K_DBG_HTT_DUMP, NULL, "htt rx pop: ",
+- msdu->data, msdu->len + skb_tailroom(msdu));
++ __skb_queue_tail(amsdu, msdu);
+
+ rx_desc = (struct htt_rx_desc *)msdu->data;
+
+@@ -343,12 +319,8 @@ static int ath10k_htt_rx_amsdu_pop(struc
+ */
+ if (!(__le32_to_cpu(rx_desc->attention.flags)
+ & RX_ATTENTION_FLAGS_MSDU_DONE)) {
+- ath10k_htt_rx_free_msdu_chain(*head_msdu);
+- *head_msdu = NULL;
+- msdu = NULL;
+- ath10k_err("htt rx stopped. cannot recover\n");
+- htt->rx_confused = true;
+- break;
++ __skb_queue_purge(amsdu);
++ return -EIO;
+ }
+
+ /*
+@@ -399,7 +371,6 @@ static int ath10k_htt_rx_amsdu_pop(struc
+ msdu_len = MS(__le32_to_cpu(rx_desc->msdu_start.info0),
+ RX_MSDU_START_INFO0_MSDU_LENGTH);
+ msdu_chained = rx_desc->frag_info.ring2_more_count;
+- msdu_chaining = msdu_chained;
+
+ if (msdu_len_invalid)
+ msdu_len = 0;
+@@ -408,42 +379,32 @@ static int ath10k_htt_rx_amsdu_pop(struc
+ skb_put(msdu, min(msdu_len, HTT_RX_MSDU_SIZE));
+ msdu_len -= msdu->len;
+
+- /* FIXME: Do chained buffers include htt_rx_desc or not? */
++ /* Note: Chained buffers do not contain rx descriptor */
+ while (msdu_chained--) {
+- struct sk_buff *next = ath10k_htt_rx_netbuf_pop(htt);
+-
+- dma_unmap_single(htt->ar->dev,
+- ATH10K_SKB_CB(next)->paddr,
+- next->len + skb_tailroom(next),
+- DMA_FROM_DEVICE);
+-
+- ath10k_dbg_dump(ATH10K_DBG_HTT_DUMP, NULL,
+- "htt rx chained: ", next->data,
+- next->len + skb_tailroom(next));
+-
+- skb_trim(next, 0);
+- skb_put(next, min(msdu_len, HTT_RX_BUF_SIZE));
+- msdu_len -= next->len;
++ msdu = ath10k_htt_rx_netbuf_pop(htt);
++ if (!msdu) {
++ __skb_queue_purge(amsdu);
++ return -ENOENT;
++ }
+
+- msdu->next = next;
+- msdu = next;
++ __skb_queue_tail(amsdu, msdu);
++ skb_trim(msdu, 0);
++ skb_put(msdu, min(msdu_len, HTT_RX_BUF_SIZE));
++ msdu_len -= msdu->len;
++ msdu_chaining = 1;
+ }
+
+ last_msdu = __le32_to_cpu(rx_desc->msdu_end.info0) &
+ RX_MSDU_END_INFO0_LAST_MSDU;
+
+- if (last_msdu) {
+- msdu->next = NULL;
++ trace_ath10k_htt_rx_desc(ar, &rx_desc->attention,
++ sizeof(*rx_desc) - sizeof(u32));
++
++ if (last_msdu)
+ break;
+- } else {
+- struct sk_buff *next = ath10k_htt_rx_netbuf_pop(htt);
+- msdu->next = next;
+- msdu = next;
+- }
+ }
+- *tail_msdu = msdu;
+
+- if (*head_msdu == NULL)
++ if (skb_queue_empty(amsdu))
+ msdu_chaining = -1;
+
+ /*
+@@ -465,43 +426,117 @@ static int ath10k_htt_rx_amsdu_pop(struc
+ static void ath10k_htt_rx_replenish_task(unsigned long ptr)
+ {
+ struct ath10k_htt *htt = (struct ath10k_htt *)ptr;
++
+ ath10k_htt_rx_msdu_buff_replenish(htt);
+ }
+
+-int ath10k_htt_rx_attach(struct ath10k_htt *htt)
++static struct sk_buff *ath10k_htt_rx_pop_paddr(struct ath10k_htt *htt,
++ u32 paddr)
++{
++ struct ath10k *ar = htt->ar;
++ struct ath10k_skb_rxcb *rxcb;
++ struct sk_buff *msdu;
++
++ lockdep_assert_held(&htt->rx_ring.lock);
++
++ msdu = ath10k_htt_rx_find_skb_paddr(ar, paddr);
++ if (!msdu)
++ return NULL;
++
++ rxcb = ATH10K_SKB_RXCB(msdu);
++ hash_del(&rxcb->hlist);
++ htt->rx_ring.fill_cnt--;
++
++ dma_unmap_single(htt->ar->dev, rxcb->paddr,
++ msdu->len + skb_tailroom(msdu),
++ DMA_FROM_DEVICE);
++ ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx netbuf pop: ",
++ msdu->data, msdu->len + skb_tailroom(msdu));
++
++ return msdu;
++}
++
++static int ath10k_htt_rx_pop_paddr_list(struct ath10k_htt *htt,
++ struct htt_rx_in_ord_ind *ev,
++ struct sk_buff_head *list)
+ {
++ struct ath10k *ar = htt->ar;
++ struct htt_rx_in_ord_msdu_desc *msdu_desc = ev->msdu_descs;
++ struct htt_rx_desc *rxd;
++ struct sk_buff *msdu;
++ int msdu_count;
++ bool is_offload;
++ u32 paddr;
++
++ lockdep_assert_held(&htt->rx_ring.lock);
++
++ msdu_count = __le16_to_cpu(ev->msdu_count);
++ is_offload = !!(ev->info & HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK);
++
++ while (msdu_count--) {
++ paddr = __le32_to_cpu(msdu_desc->msdu_paddr);
++
++ msdu = ath10k_htt_rx_pop_paddr(htt, paddr);
++ if (!msdu) {
++ __skb_queue_purge(list);
++ return -ENOENT;
++ }
++
++ __skb_queue_tail(list, msdu);
++
++ if (!is_offload) {
++ rxd = (void *)msdu->data;
++
++ trace_ath10k_htt_rx_desc(ar, rxd, sizeof(*rxd));
++
++ skb_put(msdu, sizeof(*rxd));
++ skb_pull(msdu, sizeof(*rxd));
++ skb_put(msdu, __le16_to_cpu(msdu_desc->msdu_len));
++
++ if (!(__le32_to_cpu(rxd->attention.flags) &
++ RX_ATTENTION_FLAGS_MSDU_DONE)) {
++ ath10k_warn(htt->ar, "tried to pop an incomplete frame, oops!\n");
++ return -EIO;
++ }
++ }
++
++ msdu_desc++;
++ }
++
++ return 0;
++}
++
++int ath10k_htt_rx_alloc(struct ath10k_htt *htt)
++{
++ struct ath10k *ar = htt->ar;
+ dma_addr_t paddr;
+ void *vaddr;
++ size_t size;
+ struct timer_list *timer = &htt->rx_ring.refill_retry_timer;
+
+- htt->rx_ring.size = ath10k_htt_rx_ring_size(htt);
+- if (!is_power_of_2(htt->rx_ring.size)) {
+- ath10k_warn("htt rx ring size is not power of 2\n");
+- return -EINVAL;
+- }
++ htt->rx_confused = false;
+
++ /* XXX: The fill level could be changed during runtime in response to
++ * the host processing latency. Is this really worth it?
++ */
++ htt->rx_ring.size = HTT_RX_RING_SIZE;
+ htt->rx_ring.size_mask = htt->rx_ring.size - 1;
++ htt->rx_ring.fill_level = HTT_RX_RING_FILL_LEVEL;
+
+- /*
+- * Set the initial value for the level to which the rx ring
+- * should be filled, based on the max throughput and the
+- * worst likely latency for the host to fill the rx ring
+- * with new buffers. In theory, this fill level can be
+- * dynamically adjusted from the initial value set here, to
+- * reflect the actual host latency rather than a
+- * conservative assumption about the host latency.
+- */
+- htt->rx_ring.fill_level = ath10k_htt_rx_ring_fill_level(htt);
++ if (!is_power_of_2(htt->rx_ring.size)) {
++ ath10k_warn(ar, "htt rx ring size is not power of 2\n");
++ return -EINVAL;
++ }
+
+ htt->rx_ring.netbufs_ring =
+- kmalloc(htt->rx_ring.size * sizeof(struct sk_buff *),
++ kzalloc(htt->rx_ring.size * sizeof(struct sk_buff *),
+ GFP_KERNEL);
+ if (!htt->rx_ring.netbufs_ring)
+ goto err_netbuf;
+
+- vaddr = dma_alloc_coherent(htt->ar->dev,
+- (htt->rx_ring.size * sizeof(htt->rx_ring.paddrs_ring)),
+- &paddr, GFP_DMA);
++ size = htt->rx_ring.size * sizeof(htt->rx_ring.paddrs_ring);
++
++ vaddr = dma_alloc_coherent(htt->ar->dev, size, &paddr, GFP_DMA);
+ if (!vaddr)
+ goto err_dma_ring;
+
+@@ -516,7 +551,7 @@ int ath10k_htt_rx_attach(struct ath10k_h
+
+ htt->rx_ring.alloc_idx.vaddr = vaddr;
+ htt->rx_ring.alloc_idx.paddr = paddr;
+- htt->rx_ring.sw_rd_idx.msdu_payld = 0;
++ htt->rx_ring.sw_rd_idx.msdu_payld = htt->rx_ring.size_mask;
+ *htt->rx_ring.alloc_idx.vaddr = 0;
+
+ /* Initialize the Rx refill retry timer */
+@@ -525,28 +560,23 @@ int ath10k_htt_rx_attach(struct ath10k_h
+ spin_lock_init(&htt->rx_ring.lock);
+
+ htt->rx_ring.fill_cnt = 0;
+- if (__ath10k_htt_rx_ring_fill_n(htt, htt->rx_ring.fill_level))
+- goto err_fill_ring;
++ htt->rx_ring.sw_rd_idx.msdu_payld = 0;
++ hash_init(htt->rx_ring.skb_table);
+
+ tasklet_init(&htt->rx_replenish_task, ath10k_htt_rx_replenish_task,
+ (unsigned long)htt);
+
+ skb_queue_head_init(&htt->tx_compl_q);
+ skb_queue_head_init(&htt->rx_compl_q);
++ skb_queue_head_init(&htt->rx_in_ord_compl_q);
+
+ tasklet_init(&htt->txrx_compl_task, ath10k_htt_txrx_compl_task,
+ (unsigned long)htt);
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "htt rx ring size %d fill_level %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "htt rx ring size %d fill_level %d\n",
+ htt->rx_ring.size, htt->rx_ring.fill_level);
+ return 0;
+
+-err_fill_ring:
+- ath10k_htt_rx_ring_free(htt);
+- dma_free_coherent(htt->ar->dev,
+- sizeof(*htt->rx_ring.alloc_idx.vaddr),
+- htt->rx_ring.alloc_idx.vaddr,
+- htt->rx_ring.alloc_idx.paddr);
+ err_dma_idx:
+ dma_free_coherent(htt->ar->dev,
+ (htt->rx_ring.size *
+@@ -559,73 +589,54 @@ err_netbuf:
+ return -ENOMEM;
+ }
+
+-static int ath10k_htt_rx_crypto_param_len(enum htt_rx_mpdu_encrypt_type type)
++static int ath10k_htt_rx_crypto_param_len(struct ath10k *ar,
++ enum htt_rx_mpdu_encrypt_type type)
+ {
+ switch (type) {
++ case HTT_RX_MPDU_ENCRYPT_NONE:
++ return 0;
+ case HTT_RX_MPDU_ENCRYPT_WEP40:
+ case HTT_RX_MPDU_ENCRYPT_WEP104:
+- return 4;
++ return IEEE80211_WEP_IV_LEN;
+ case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC:
+- case HTT_RX_MPDU_ENCRYPT_WEP128: /* not tested */
+ case HTT_RX_MPDU_ENCRYPT_TKIP_WPA:
+- case HTT_RX_MPDU_ENCRYPT_WAPI: /* not tested */
++ return IEEE80211_TKIP_IV_LEN;
+ case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2:
+- return 8;
+- case HTT_RX_MPDU_ENCRYPT_NONE:
+- return 0;
++ return IEEE80211_CCMP_HDR_LEN;
++ case HTT_RX_MPDU_ENCRYPT_WEP128:
++ case HTT_RX_MPDU_ENCRYPT_WAPI:
++ break;
+ }
+
+- ath10k_warn("unknown encryption type %d\n", type);
++ ath10k_warn(ar, "unsupported encryption type %d\n", type);
+ return 0;
+ }
+
+-static int ath10k_htt_rx_crypto_tail_len(enum htt_rx_mpdu_encrypt_type type)
++#define MICHAEL_MIC_LEN 8
++
++static int ath10k_htt_rx_crypto_tail_len(struct ath10k *ar,
++ enum htt_rx_mpdu_encrypt_type type)
+ {
+ switch (type) {
+ case HTT_RX_MPDU_ENCRYPT_NONE:
++ return 0;
+ case HTT_RX_MPDU_ENCRYPT_WEP40:
+ case HTT_RX_MPDU_ENCRYPT_WEP104:
+- case HTT_RX_MPDU_ENCRYPT_WEP128:
+- case HTT_RX_MPDU_ENCRYPT_WAPI:
+- return 0;
++ return IEEE80211_WEP_ICV_LEN;
+ case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC:
+ case HTT_RX_MPDU_ENCRYPT_TKIP_WPA:
+- return 4;
++ return IEEE80211_TKIP_ICV_LEN;
+ case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2:
+- return 8;
++ return IEEE80211_CCMP_MIC_LEN;
++ case HTT_RX_MPDU_ENCRYPT_WEP128:
++ case HTT_RX_MPDU_ENCRYPT_WAPI:
++ break;
+ }
+
+- ath10k_warn("unknown encryption type %d\n", type);
++ ath10k_warn(ar, "unsupported encryption type %d\n", type);
+ return 0;
+ }
+
+-/* Applies for first msdu in chain, before altering it. */
+-static struct ieee80211_hdr *ath10k_htt_rx_skb_get_hdr(struct sk_buff *skb)
+-{
+- struct htt_rx_desc *rxd;
+- enum rx_msdu_decap_format fmt;
+-
+- rxd = (void *)skb->data - sizeof(*rxd);
+- fmt = MS(__le32_to_cpu(rxd->msdu_start.info1),
+- RX_MSDU_START_INFO1_DECAP_FORMAT);
+-
+- if (fmt == RX_MSDU_DECAP_RAW)
+- return (void *)skb->data;
+- else
+- return (void *)skb->data - RX_HTT_HDR_STATUS_LEN;
+-}
+-
+-/* This function only applies for first msdu in an msdu chain */
+-static bool ath10k_htt_rx_hdr_is_amsdu(struct ieee80211_hdr *hdr)
+-{
+- if (ieee80211_is_data_qos(hdr->frame_control)) {
+- u8 *qc = ieee80211_get_qos_ctl(hdr);
+- if (qc[0] & 0x80)
+- return true;
+- }
+- return false;
+-}
+-
+ struct rfc1042_hdr {
+ u8 llc_dsap;
+ u8 llc_ssap;
+@@ -660,23 +671,34 @@ static const u8 rx_legacy_rate_idx[] = {
+ };
+
+ static void ath10k_htt_rx_h_rates(struct ath10k *ar,
+- enum ieee80211_band band,
+- u8 info0, u32 info1, u32 info2,
+- struct ieee80211_rx_status *status)
++ struct ieee80211_rx_status *status,
++ struct htt_rx_desc *rxd)
+ {
++ enum ieee80211_band band;
+ u8 cck, rate, rate_idx, bw, sgi, mcs, nss;
+ u8 preamble = 0;
++ u32 info1, info2, info3;
+
+- /* Check if valid fields */
+- if (!(info0 & HTT_RX_INDICATION_INFO0_START_VALID))
++ /* Band value can't be set as undefined but freq can be 0 - use that to
++ * determine whether band is provided.
++ *
++ * FIXME: Perhaps this can go away if CCK rate reporting is a little
++ * reworked?
++ */
++ if (!status->freq)
+ return;
+
+- preamble = MS(info1, HTT_RX_INDICATION_INFO1_PREAMBLE_TYPE);
++ band = status->band;
++ info1 = __le32_to_cpu(rxd->ppdu_start.info1);
++ info2 = __le32_to_cpu(rxd->ppdu_start.info2);
++ info3 = __le32_to_cpu(rxd->ppdu_start.info3);
++
++ preamble = MS(info1, RX_PPDU_START_INFO1_PREAMBLE_TYPE);
+
+ switch (preamble) {
+ case HTT_RX_LEGACY:
+- cck = info0 & HTT_RX_INDICATION_INFO0_LEGACY_RATE_CCK;
+- rate = MS(info0, HTT_RX_INDICATION_INFO0_LEGACY_RATE);
++ cck = info1 & RX_PPDU_START_INFO1_L_SIG_RATE_SELECT;
++ rate = MS(info1, RX_PPDU_START_INFO1_L_SIG_RATE);
+ rate_idx = 0;
+
+ if (rate < 0x08 || rate > 0x0F)
+@@ -703,11 +725,11 @@ static void ath10k_htt_rx_h_rates(struct
+ break;
+ case HTT_RX_HT:
+ case HTT_RX_HT_WITH_TXBF:
+- /* HT-SIG - Table 20-11 in info1 and info2 */
+- mcs = info1 & 0x1F;
++ /* HT-SIG - Table 20-11 in info2 and info3 */
++ mcs = info2 & 0x1F;
+ nss = mcs >> 3;
+- bw = (info1 >> 7) & 1;
+- sgi = (info2 >> 7) & 1;
++ bw = (info2 >> 7) & 1;
++ sgi = (info3 >> 7) & 1;
+
+ status->rate_idx = mcs;
+ status->flag |= RX_FLAG_HT;
+@@ -718,12 +740,12 @@ static void ath10k_htt_rx_h_rates(struct
+ break;
+ case HTT_RX_VHT:
+ case HTT_RX_VHT_WITH_TXBF:
+- /* VHT-SIG-A1 in info 1, VHT-SIG-A2 in info2
++ /* VHT-SIG-A1 in info2, VHT-SIG-A2 in info3
+ TODO check this */
+- mcs = (info2 >> 4) & 0x0F;
+- nss = ((info1 >> 10) & 0x07) + 1;
+- bw = info1 & 3;
+- sgi = info2 & 1;
++ mcs = (info3 >> 4) & 0x0F;
++ nss = ((info2 >> 10) & 0x07) + 1;
++ bw = info2 & 3;
++ sgi = info3 & 1;
+
+ status->rate_idx = mcs;
+ status->vht_nss = nss;
+@@ -751,28 +773,6 @@ static void ath10k_htt_rx_h_rates(struct
+ }
+ }
+
+-static void ath10k_htt_rx_h_protected(struct ath10k_htt *htt,
+- struct ieee80211_rx_status *rx_status,
+- struct sk_buff *skb,
+- enum htt_rx_mpdu_encrypt_type enctype)
+-{
+- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
+-
+-
+- if (enctype == HTT_RX_MPDU_ENCRYPT_NONE) {
+- rx_status->flag &= ~(RX_FLAG_DECRYPTED |
+- RX_FLAG_IV_STRIPPED |
+- RX_FLAG_MMIC_STRIPPED);
+- return;
+- }
+-
+- rx_status->flag |= RX_FLAG_DECRYPTED |
+- RX_FLAG_IV_STRIPPED |
+- RX_FLAG_MMIC_STRIPPED;
+- hdr->frame_control = __cpu_to_le16(__le16_to_cpu(hdr->frame_control) &
+- ~IEEE80211_FCTL_PROTECTED);
+-}
+-
+ static bool ath10k_htt_rx_h_channel(struct ath10k *ar,
+ struct ieee80211_rx_status *status)
+ {
+@@ -793,19 +793,121 @@ static bool ath10k_htt_rx_h_channel(stru
+ return true;
+ }
+
++static void ath10k_htt_rx_h_signal(struct ath10k *ar,
++ struct ieee80211_rx_status *status,
++ struct htt_rx_desc *rxd)
++{
++ /* FIXME: Get real NF */
++ status->signal = ATH10K_DEFAULT_NOISE_FLOOR +
++ rxd->ppdu_start.rssi_comb;
++ status->flag &= ~RX_FLAG_NO_SIGNAL_VAL;
++}
++
++static void ath10k_htt_rx_h_mactime(struct ath10k *ar,
++ struct ieee80211_rx_status *status,
++ struct htt_rx_desc *rxd)
++{
++ /* FIXME: TSF is known only at the end of PPDU, in the last MPDU. This
++ * means all prior MSDUs in a PPDU are reported to mac80211 without the
++ * TSF. Is it worth holding frames until end of PPDU is known?
++ *
++ * FIXME: Can we get/compute 64bit TSF?
++ */
++ status->mactime = __le32_to_cpu(rxd->ppdu_end.common.tsf_timestamp);
++ status->flag |= RX_FLAG_MACTIME_END;
++}
++
++static void ath10k_htt_rx_h_ppdu(struct ath10k *ar,
++ struct sk_buff_head *amsdu,
++ struct ieee80211_rx_status *status)
++{
++ struct sk_buff *first;
++ struct htt_rx_desc *rxd;
++ bool is_first_ppdu;
++ bool is_last_ppdu;
++
++ if (skb_queue_empty(amsdu))
++ return;
++
++ first = skb_peek(amsdu);
++ rxd = (void *)first->data - sizeof(*rxd);
++
++ is_first_ppdu = !!(rxd->attention.flags &
++ __cpu_to_le32(RX_ATTENTION_FLAGS_FIRST_MPDU));
++ is_last_ppdu = !!(rxd->attention.flags &
++ __cpu_to_le32(RX_ATTENTION_FLAGS_LAST_MPDU));
++
++ if (is_first_ppdu) {
++ /* New PPDU starts so clear out the old per-PPDU status. */
++ status->freq = 0;
++ status->rate_idx = 0;
++ status->vht_nss = 0;
++ status->vht_flag &= ~RX_VHT_FLAG_80MHZ;
++ status->flag &= ~(RX_FLAG_HT |
++ RX_FLAG_VHT |
++ RX_FLAG_SHORT_GI |
++ RX_FLAG_40MHZ |
++ RX_FLAG_MACTIME_END);
++ status->flag |= RX_FLAG_NO_SIGNAL_VAL;
++
++ ath10k_htt_rx_h_signal(ar, status, rxd);
++ ath10k_htt_rx_h_channel(ar, status);
++ ath10k_htt_rx_h_rates(ar, status, rxd);
++ }
++
++ if (is_last_ppdu)
++ ath10k_htt_rx_h_mactime(ar, status, rxd);
++}
++
++static const char * const tid_to_ac[] = {
++ "BE",
++ "BK",
++ "BK",
++ "BE",
++ "VI",
++ "VI",
++ "VO",
++ "VO",
++};
++
++static char *ath10k_get_tid(struct ieee80211_hdr *hdr, char *out, size_t size)
++{
++ u8 *qc;
++ int tid;
++
++ if (!ieee80211_is_data_qos(hdr->frame_control))
++ return "";
++
++ qc = ieee80211_get_qos_ctl(hdr);
++ tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
++ if (tid < 8)
++ snprintf(out, size, "tid %d (%s)", tid, tid_to_ac[tid]);
++ else
++ snprintf(out, size, "tid %d", tid);
++
++ return out;
++}
++
+ static void ath10k_process_rx(struct ath10k *ar,
+ struct ieee80211_rx_status *rx_status,
+ struct sk_buff *skb)
+ {
+ struct ieee80211_rx_status *status;
++ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
++ char tid[32];
+
+ status = IEEE80211_SKB_RXCB(skb);
+ *status = *rx_status;
+
+- ath10k_dbg(ATH10K_DBG_DATA,
+- "rx skb %p len %u %s%s%s%s%s %srate_idx %u vht_nss %u freq %u band %u flag 0x%x fcs-err %imic-err %i\n",
++ ath10k_dbg(ar, ATH10K_DBG_DATA,
++ "rx skb %p len %u peer %pM %s %s sn %u %s%s%s%s%s %srate_idx %u vht_nss %u freq %u band %u flag 0x%x fcs-err %i mic-err %i amsdu-more %i\n",
+ skb,
+ skb->len,
++ ieee80211_get_SA(hdr),
++ ath10k_get_tid(hdr, tid, sizeof(tid)),
++ is_multicast_ether_addr(ieee80211_get_DA(hdr)) ?
++ "mcast" : "ucast",
++ (__le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ) >> 4,
+ status->flag == 0 ? "legacy" : "",
+ status->flag & RX_FLAG_HT ? "ht" : "",
+ status->flag & RX_FLAG_VHT ? "vht" : "",
+@@ -817,9 +919,12 @@ static void ath10k_process_rx(struct ath
+ status->freq,
+ status->band, status->flag,
+ !!(status->flag & RX_FLAG_FAILED_FCS_CRC),
+- !!(status->flag & RX_FLAG_MMIC_ERROR));
+- ath10k_dbg_dump(ATH10K_DBG_HTT_DUMP, NULL, "rx skb: ",
++ !!(status->flag & RX_FLAG_MMIC_ERROR),
++ !!(status->flag & RX_FLAG_AMSDU_MORE));
++ ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "rx skb: ",
+ skb->data, skb->len);
++ trace_ath10k_rx_hdr(ar, skb->data, skb->len);
++ trace_ath10k_rx_payload(ar, skb->data, skb->len);
+
+ ieee80211_rx(ar->hw, skb);
+ }
+@@ -830,179 +935,263 @@ static int ath10k_htt_rx_nwifi_hdrlen(st
+ return round_up(ieee80211_hdrlen(hdr->frame_control), 4);
+ }
+
+-static void ath10k_htt_rx_amsdu(struct ath10k_htt *htt,
+- struct ieee80211_rx_status *rx_status,
+- struct sk_buff *skb_in)
++static void ath10k_htt_rx_h_undecap_raw(struct ath10k *ar,
++ struct sk_buff *msdu,
++ struct ieee80211_rx_status *status,
++ enum htt_rx_mpdu_encrypt_type enctype,
++ bool is_decrypted)
+ {
++ struct ieee80211_hdr *hdr;
+ struct htt_rx_desc *rxd;
+- struct sk_buff *skb = skb_in;
+- struct sk_buff *first;
+- enum rx_msdu_decap_format fmt;
+- enum htt_rx_mpdu_encrypt_type enctype;
++ size_t hdr_len;
++ size_t crypto_len;
++ bool is_first;
++ bool is_last;
++
++ rxd = (void *)msdu->data - sizeof(*rxd);
++ is_first = !!(rxd->msdu_end.info0 &
++ __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));
++ is_last = !!(rxd->msdu_end.info0 &
++ __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));
++
++ /* Delivered decapped frame:
++ * [802.11 header]
++ * [crypto param] <-- can be trimmed if !fcs_err &&
++ * !decrypt_err && !peer_idx_invalid
++ * [amsdu header] <-- only if A-MSDU
++ * [rfc1042/llc]
++ * [payload]
++ * [FCS] <-- at end, needs to be trimmed
++ */
++
++ /* This probably shouldn't happen but warn just in case */
++ if (unlikely(WARN_ON_ONCE(!is_first)))
++ return;
++
++ /* This probably shouldn't happen but warn just in case */
++ if (unlikely(WARN_ON_ONCE(!(is_first && is_last))))
++ return;
++
++ skb_trim(msdu, msdu->len - FCS_LEN);
++
++ /* In most cases this will be true for sniffed frames. It makes sense
++ * to deliver them as-is without stripping the crypto param. This would
++ * also make sense for software based decryption (which is not
++ * implemented in ath10k).
++ *
++ * If there's no error then the frame is decrypted. At least that is
++ * the case for frames that come in via fragmented rx indication.
++ */
++ if (!is_decrypted)
++ return;
++
++ /* The payload is decrypted so strip crypto params. Start from tail
++ * since hdr is used to compute some stuff.
++ */
++
++ hdr = (void *)msdu->data;
++
++ /* Tail */
++ skb_trim(msdu, msdu->len - ath10k_htt_rx_crypto_tail_len(ar, enctype));
++
++ /* MMIC */
++ if (!ieee80211_has_morefrags(hdr->frame_control) &&
++ enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
++ skb_trim(msdu, msdu->len - 8);
++
++ /* Head */
++ hdr_len = ieee80211_hdrlen(hdr->frame_control);
++ crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);
++
++ memmove((void *)msdu->data + crypto_len,
++ (void *)msdu->data, hdr_len);
++ skb_pull(msdu, crypto_len);
++}
++
++static void ath10k_htt_rx_h_undecap_nwifi(struct ath10k *ar,
++ struct sk_buff *msdu,
++ struct ieee80211_rx_status *status,
++ const u8 first_hdr[64])
++{
+ struct ieee80211_hdr *hdr;
+- u8 hdr_buf[64], addr[ETH_ALEN], *qos;
+- unsigned int hdr_len;
++ size_t hdr_len;
++ u8 da[ETH_ALEN];
++ u8 sa[ETH_ALEN];
++
++ /* Delivered decapped frame:
++ * [nwifi 802.11 header] <-- replaced with 802.11 hdr
++ * [rfc1042/llc]
++ *
++ * Note: The nwifi header doesn't have QoS Control and is
++ * (always?) a 3addr frame.
++ *
++ * Note2: There's no A-MSDU subframe header. Even if it's part
++ * of an A-MSDU.
++ */
+
+- rxd = (void *)skb->data - sizeof(*rxd);
+- enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0),
+- RX_MPDU_START_INFO0_ENCRYPT_TYPE);
++ /* pull decapped header and copy SA & DA */
++ hdr = (struct ieee80211_hdr *)msdu->data;
++ hdr_len = ath10k_htt_rx_nwifi_hdrlen(hdr);
++ ether_addr_copy(da, ieee80211_get_DA(hdr));
++ ether_addr_copy(sa, ieee80211_get_SA(hdr));
++ skb_pull(msdu, hdr_len);
+
+- hdr = (struct ieee80211_hdr *)rxd->rx_hdr_status;
++ /* push original 802.11 header */
++ hdr = (struct ieee80211_hdr *)first_hdr;
+ hdr_len = ieee80211_hdrlen(hdr->frame_control);
+- memcpy(hdr_buf, hdr, hdr_len);
+- hdr = (struct ieee80211_hdr *)hdr_buf;
++ memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);
+
+- first = skb;
+- while (skb) {
+- void *decap_hdr;
+- int len;
+-
+- rxd = (void *)skb->data - sizeof(*rxd);
+- fmt = MS(__le32_to_cpu(rxd->msdu_start.info1),
+- RX_MSDU_START_INFO1_DECAP_FORMAT);
+- decap_hdr = (void *)rxd->rx_hdr_status;
+-
+- skb->ip_summed = ath10k_htt_rx_get_csum_state(skb);
+-
+- /* First frame in an A-MSDU chain has more decapped data. */
+- if (skb == first) {
+- len = round_up(ieee80211_hdrlen(hdr->frame_control), 4);
+- len += round_up(ath10k_htt_rx_crypto_param_len(enctype),
+- 4);
+- decap_hdr += len;
+- }
++ /* original 802.11 header has a different DA and in
++ * case of 4addr it may also have different SA
++ */
++ hdr = (struct ieee80211_hdr *)msdu->data;
++ ether_addr_copy(ieee80211_get_DA(hdr), da);
++ ether_addr_copy(ieee80211_get_SA(hdr), sa);
++}
+
+- switch (fmt) {
+- case RX_MSDU_DECAP_RAW:
+- /* remove trailing FCS */
+- skb_trim(skb, skb->len - FCS_LEN);
+- break;
+- case RX_MSDU_DECAP_NATIVE_WIFI:
+- /* pull decapped header and copy DA */
+- hdr = (struct ieee80211_hdr *)skb->data;
+- hdr_len = ath10k_htt_rx_nwifi_hdrlen(hdr);
+- memcpy(addr, ieee80211_get_DA(hdr), ETH_ALEN);
+- skb_pull(skb, hdr_len);
+-
+- /* push original 802.11 header */
+- hdr = (struct ieee80211_hdr *)hdr_buf;
+- hdr_len = ieee80211_hdrlen(hdr->frame_control);
+- memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
+-
+- /* original A-MSDU header has the bit set but we're
+- * not including A-MSDU subframe header */
+- hdr = (struct ieee80211_hdr *)skb->data;
+- qos = ieee80211_get_qos_ctl(hdr);
+- qos[0] &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT;
++static void *ath10k_htt_rx_h_find_rfc1042(struct ath10k *ar,
++ struct sk_buff *msdu,
++ enum htt_rx_mpdu_encrypt_type enctype)
++{
++ struct ieee80211_hdr *hdr;
++ struct htt_rx_desc *rxd;
++ size_t hdr_len, crypto_len;
++ void *rfc1042;
++ bool is_first, is_last, is_amsdu;
+
+- /* original 802.11 header has a different DA */
+- memcpy(ieee80211_get_DA(hdr), addr, ETH_ALEN);
+- break;
+- case RX_MSDU_DECAP_ETHERNET2_DIX:
+- /* strip ethernet header and insert decapped 802.11
+- * header, amsdu subframe header and rfc1042 header */
+-
+- len = 0;
+- len += sizeof(struct rfc1042_hdr);
+- len += sizeof(struct amsdu_subframe_hdr);
+-
+- skb_pull(skb, sizeof(struct ethhdr));
+- memcpy(skb_push(skb, len), decap_hdr, len);
+- memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
+- break;
+- case RX_MSDU_DECAP_8023_SNAP_LLC:
+- /* insert decapped 802.11 header making a singly
+- * A-MSDU */
+- memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
+- break;
+- }
++ rxd = (void *)msdu->data - sizeof(*rxd);
++ hdr = (void *)rxd->rx_hdr_status;
+
+- skb_in = skb;
+- ath10k_htt_rx_h_protected(htt, rx_status, skb_in, enctype);
+- skb = skb->next;
+- skb_in->next = NULL;
++ is_first = !!(rxd->msdu_end.info0 &
++ __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));
++ is_last = !!(rxd->msdu_end.info0 &
++ __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));
++ is_amsdu = !(is_first && is_last);
+
+- if (skb)
+- rx_status->flag |= RX_FLAG_AMSDU_MORE;
+- else
+- rx_status->flag &= ~RX_FLAG_AMSDU_MORE;
++ rfc1042 = hdr;
++
++ if (is_first) {
++ hdr_len = ieee80211_hdrlen(hdr->frame_control);
++ crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);
+
+- ath10k_process_rx(htt->ar, rx_status, skb_in);
++ rfc1042 += round_up(hdr_len, 4) +
++ round_up(crypto_len, 4);
+ }
+
+- /* FIXME: It might be nice to re-assemble the A-MSDU when there's a
+- * monitor interface active for sniffing purposes. */
++ if (is_amsdu)
++ rfc1042 += sizeof(struct amsdu_subframe_hdr);
++
++ return rfc1042;
+ }
+
+-static void ath10k_htt_rx_msdu(struct ath10k_htt *htt,
+- struct ieee80211_rx_status *rx_status,
+- struct sk_buff *skb)
++static void ath10k_htt_rx_h_undecap_eth(struct ath10k *ar,
++ struct sk_buff *msdu,
++ struct ieee80211_rx_status *status,
++ const u8 first_hdr[64],
++ enum htt_rx_mpdu_encrypt_type enctype)
+ {
+- struct htt_rx_desc *rxd;
+ struct ieee80211_hdr *hdr;
+- enum rx_msdu_decap_format fmt;
+- enum htt_rx_mpdu_encrypt_type enctype;
+- int hdr_len;
++ struct ethhdr *eth;
++ size_t hdr_len;
+ void *rfc1042;
++ u8 da[ETH_ALEN];
++ u8 sa[ETH_ALEN];
+
+- /* This shouldn't happen. If it does than it may be a FW bug. */
+- if (skb->next) {
+- ath10k_warn("htt rx received chained non A-MSDU frame\n");
+- ath10k_htt_rx_free_msdu_chain(skb->next);
+- skb->next = NULL;
+- }
++ /* Delivered decapped frame:
++ * [eth header] <-- replaced with 802.11 hdr & rfc1042/llc
++ * [payload]
++ */
+
+- rxd = (void *)skb->data - sizeof(*rxd);
+- fmt = MS(__le32_to_cpu(rxd->msdu_start.info1),
+- RX_MSDU_START_INFO1_DECAP_FORMAT);
+- enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0),
+- RX_MPDU_START_INFO0_ENCRYPT_TYPE);
+- hdr = (struct ieee80211_hdr *)rxd->rx_hdr_status;
++ rfc1042 = ath10k_htt_rx_h_find_rfc1042(ar, msdu, enctype);
++ if (WARN_ON_ONCE(!rfc1042))
++ return;
++
++ /* pull decapped header and copy SA & DA */
++ eth = (struct ethhdr *)msdu->data;
++ ether_addr_copy(da, eth->h_dest);
++ ether_addr_copy(sa, eth->h_source);
++ skb_pull(msdu, sizeof(struct ethhdr));
++
++ /* push rfc1042/llc/snap */
++ memcpy(skb_push(msdu, sizeof(struct rfc1042_hdr)), rfc1042,
++ sizeof(struct rfc1042_hdr));
++
++ /* push original 802.11 header */
++ hdr = (struct ieee80211_hdr *)first_hdr;
+ hdr_len = ieee80211_hdrlen(hdr->frame_control);
++ memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);
++
++ /* original 802.11 header has a different DA and in
++ * case of 4addr it may also have different SA
++ */
++ hdr = (struct ieee80211_hdr *)msdu->data;
++ ether_addr_copy(ieee80211_get_DA(hdr), da);
++ ether_addr_copy(ieee80211_get_SA(hdr), sa);
++}
++
++static void ath10k_htt_rx_h_undecap_snap(struct ath10k *ar,
++ struct sk_buff *msdu,
++ struct ieee80211_rx_status *status,
++ const u8 first_hdr[64])
++{
++ struct ieee80211_hdr *hdr;
++ size_t hdr_len;
++
++ /* Delivered decapped frame:
++ * [amsdu header] <-- replaced with 802.11 hdr
++ * [rfc1042/llc]
++ * [payload]
++ */
++
++ skb_pull(msdu, sizeof(struct amsdu_subframe_hdr));
++
++ hdr = (struct ieee80211_hdr *)first_hdr;
++ hdr_len = ieee80211_hdrlen(hdr->frame_control);
++ memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);
++}
++
++static void ath10k_htt_rx_h_undecap(struct ath10k *ar,
++ struct sk_buff *msdu,
++ struct ieee80211_rx_status *status,
++ u8 first_hdr[64],
++ enum htt_rx_mpdu_encrypt_type enctype,
++ bool is_decrypted)
++{
++ struct htt_rx_desc *rxd;
++ enum rx_msdu_decap_format decap;
++ struct ieee80211_hdr *hdr;
++
++ /* First msdu's decapped header:
++ * [802.11 header] <-- padded to 4 bytes long
++ * [crypto param] <-- padded to 4 bytes long
++ * [amsdu header] <-- only if A-MSDU
++ * [rfc1042/llc]
++ *
++ * Other (2nd, 3rd, ..) msdu's decapped header:
++ * [amsdu header] <-- only if A-MSDU
++ * [rfc1042/llc]
++ */
+
+- skb->ip_summed = ath10k_htt_rx_get_csum_state(skb);
++ rxd = (void *)msdu->data - sizeof(*rxd);
++ hdr = (void *)rxd->rx_hdr_status;
++ decap = MS(__le32_to_cpu(rxd->msdu_start.info1),
++ RX_MSDU_START_INFO1_DECAP_FORMAT);
+
+- switch (fmt) {
++ switch (decap) {
+ case RX_MSDU_DECAP_RAW:
+- /* remove trailing FCS */
+- skb_trim(skb, skb->len - FCS_LEN);
++ ath10k_htt_rx_h_undecap_raw(ar, msdu, status, enctype,
++ is_decrypted);
+ break;
+ case RX_MSDU_DECAP_NATIVE_WIFI:
+- /* Pull decapped header */
+- hdr = (struct ieee80211_hdr *)skb->data;
+- hdr_len = ath10k_htt_rx_nwifi_hdrlen(hdr);
+- skb_pull(skb, hdr_len);
+-
+- /* Push original header */
+- hdr = (struct ieee80211_hdr *)rxd->rx_hdr_status;
+- hdr_len = ieee80211_hdrlen(hdr->frame_control);
+- memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
++ ath10k_htt_rx_h_undecap_nwifi(ar, msdu, status, first_hdr);
+ break;
+ case RX_MSDU_DECAP_ETHERNET2_DIX:
+- /* strip ethernet header and insert decapped 802.11 header and
+- * rfc1042 header */
+-
+- rfc1042 = hdr;
+- rfc1042 += roundup(hdr_len, 4);
+- rfc1042 += roundup(ath10k_htt_rx_crypto_param_len(enctype), 4);
+-
+- skb_pull(skb, sizeof(struct ethhdr));
+- memcpy(skb_push(skb, sizeof(struct rfc1042_hdr)),
+- rfc1042, sizeof(struct rfc1042_hdr));
+- memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
++ ath10k_htt_rx_h_undecap_eth(ar, msdu, status, first_hdr, enctype);
+ break;
+ case RX_MSDU_DECAP_8023_SNAP_LLC:
+- /* remove A-MSDU subframe header and insert
+- * decapped 802.11 header. rfc1042 header is already there */
+-
+- skb_pull(skb, sizeof(struct amsdu_subframe_hdr));
+- memcpy(skb_push(skb, hdr_len), hdr, hdr_len);
++ ath10k_htt_rx_h_undecap_snap(ar, msdu, status, first_hdr);
+ break;
+ }
+-
+- ath10k_htt_rx_h_protected(htt, rx_status, skb, enctype);
+-
+- ath10k_process_rx(htt->ar, rx_status, skb);
+ }
+
+ static int ath10k_htt_rx_get_csum_state(struct sk_buff *skb)
+@@ -1036,10 +1225,128 @@ static int ath10k_htt_rx_get_csum_state(
+ return CHECKSUM_UNNECESSARY;
+ }
+
+-static int ath10k_unchain_msdu(struct sk_buff *msdu_head)
++static void ath10k_htt_rx_h_csum_offload(struct sk_buff *msdu)
++{
++ msdu->ip_summed = ath10k_htt_rx_get_csum_state(msdu);
++}
++
++static void ath10k_htt_rx_h_mpdu(struct ath10k *ar,
++ struct sk_buff_head *amsdu,
++ struct ieee80211_rx_status *status)
++{
++ struct sk_buff *first;
++ struct sk_buff *last;
++ struct sk_buff *msdu;
++ struct htt_rx_desc *rxd;
++ struct ieee80211_hdr *hdr;
++ enum htt_rx_mpdu_encrypt_type enctype;
++ u8 first_hdr[64];
++ u8 *qos;
++ size_t hdr_len;
++ bool has_fcs_err;
++ bool has_crypto_err;
++ bool has_tkip_err;
++ bool has_peer_idx_invalid;
++ bool is_decrypted;
++ u32 attention;
++
++ if (skb_queue_empty(amsdu))
++ return;
++
++ first = skb_peek(amsdu);
++ rxd = (void *)first->data - sizeof(*rxd);
++
++ enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0),
++ RX_MPDU_START_INFO0_ENCRYPT_TYPE);
++
++ /* First MSDU's Rx descriptor in an A-MSDU contains full 802.11
++ * decapped header. It'll be used for undecapping of each MSDU.
++ */
++ hdr = (void *)rxd->rx_hdr_status;
++ hdr_len = ieee80211_hdrlen(hdr->frame_control);
++ memcpy(first_hdr, hdr, hdr_len);
++
++ /* Each A-MSDU subframe will use the original header as the base and be
++ * reported as a separate MSDU so strip the A-MSDU bit from QoS Ctl.
++ */
++ hdr = (void *)first_hdr;
++ qos = ieee80211_get_qos_ctl(hdr);
++ qos[0] &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT;
++
++ /* Some attention flags are valid only in the last MSDU. */
++ last = skb_peek_tail(amsdu);
++ rxd = (void *)last->data - sizeof(*rxd);
++ attention = __le32_to_cpu(rxd->attention.flags);
++
++ has_fcs_err = !!(attention & RX_ATTENTION_FLAGS_FCS_ERR);
++ has_crypto_err = !!(attention & RX_ATTENTION_FLAGS_DECRYPT_ERR);
++ has_tkip_err = !!(attention & RX_ATTENTION_FLAGS_TKIP_MIC_ERR);
++ has_peer_idx_invalid = !!(attention & RX_ATTENTION_FLAGS_PEER_IDX_INVALID);
++
++ /* Note: If hardware captures an encrypted frame that it can't decrypt,
++ * e.g. due to fcs error, missing peer or invalid key data it will
++ * report the frame as raw.
++ */
++ is_decrypted = (enctype != HTT_RX_MPDU_ENCRYPT_NONE &&
++ !has_fcs_err &&
++ !has_crypto_err &&
++ !has_peer_idx_invalid);
++
++ /* Clear per-MPDU flags while leaving per-PPDU flags intact. */
++ status->flag &= ~(RX_FLAG_FAILED_FCS_CRC |
++ RX_FLAG_MMIC_ERROR |
++ RX_FLAG_DECRYPTED |
++ RX_FLAG_IV_STRIPPED |
++ RX_FLAG_MMIC_STRIPPED);
++
++ if (has_fcs_err)
++ status->flag |= RX_FLAG_FAILED_FCS_CRC;
++
++ if (has_tkip_err)
++ status->flag |= RX_FLAG_MMIC_ERROR;
++
++ if (is_decrypted)
++ status->flag |= RX_FLAG_DECRYPTED |
++ RX_FLAG_IV_STRIPPED |
++ RX_FLAG_MMIC_STRIPPED;
++
++ skb_queue_walk(amsdu, msdu) {
++ ath10k_htt_rx_h_csum_offload(msdu);
++ ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,
++ is_decrypted);
++
++ /* Undecapping involves copying the original 802.11 header back
++ * to sk_buff. If frame is protected and hardware has decrypted
++ * it then remove the protected bit.
++ */
++ if (!is_decrypted)
++ continue;
++
++ hdr = (void *)msdu->data;
++ hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);
++ }
++}
++
++static void ath10k_htt_rx_h_deliver(struct ath10k *ar,
++ struct sk_buff_head *amsdu,
++ struct ieee80211_rx_status *status)
++{
++ struct sk_buff *msdu;
++
++ while ((msdu = __skb_dequeue(amsdu))) {
++ /* Setup per-MSDU flags */
++ if (skb_queue_empty(amsdu))
++ status->flag &= ~RX_FLAG_AMSDU_MORE;
++ else
++ status->flag |= RX_FLAG_AMSDU_MORE;
++
++ ath10k_process_rx(ar, status, msdu);
++ }
++}
++
++static int ath10k_unchain_msdu(struct sk_buff_head *amsdu)
+ {
+- struct sk_buff *next = msdu_head->next;
+- struct sk_buff *to_free = next;
++ struct sk_buff *skb, *first;
+ int space;
+ int total_len = 0;
+
+@@ -1050,110 +1357,142 @@ static int ath10k_unchain_msdu(struct sk
+ * skb?
+ */
+
+- msdu_head->next = NULL;
++ first = __skb_dequeue(amsdu);
+
+ /* Allocate total length all at once. */
+- while (next) {
+- total_len += next->len;
+- next = next->next;
+- }
++ skb_queue_walk(amsdu, skb)
++ total_len += skb->len;
+
+- space = total_len - skb_tailroom(msdu_head);
++ space = total_len - skb_tailroom(first);
+ if ((space > 0) &&
+- (pskb_expand_head(msdu_head, 0, space, GFP_ATOMIC) < 0)) {
++ (pskb_expand_head(first, 0, space, GFP_ATOMIC) < 0)) {
+ /* TODO: bump some rx-oom error stat */
+ /* put it back together so we can free the
+ * whole list at once.
+ */
+- msdu_head->next = to_free;
++ __skb_queue_head(amsdu, first);
+ return -1;
+ }
+
+ /* Walk list again, copying contents into
+ * msdu_head
+ */
+- next = to_free;
+- while (next) {
+- skb_copy_from_linear_data(next, skb_put(msdu_head, next->len),
+- next->len);
+- next = next->next;
++ while ((skb = __skb_dequeue(amsdu))) {
++ skb_copy_from_linear_data(skb, skb_put(first, skb->len),
++ skb->len);
++ dev_kfree_skb_any(skb);
+ }
+
+- /* If here, we have consolidated skb. Free the
+- * fragments and pass the main skb on up the
+- * stack.
+- */
+- ath10k_htt_rx_free_msdu_chain(to_free);
++ __skb_queue_head(amsdu, first);
+ return 0;
+ }
+
+-static bool ath10k_htt_rx_amsdu_allowed(struct ath10k_htt *htt,
+- struct sk_buff *head,
+- enum htt_rx_mpdu_status status,
+- bool channel_set,
+- u32 attention)
+-{
+- if (head->len == 0) {
+- ath10k_dbg(ATH10K_DBG_HTT,
+- "htt rx dropping due to zero-len\n");
+- return false;
+- }
++static void ath10k_htt_rx_h_unchain(struct ath10k *ar,
++ struct sk_buff_head *amsdu,
++ bool chained)
++{
++ struct sk_buff *first;
++ struct htt_rx_desc *rxd;
++ enum rx_msdu_decap_format decap;
+
+- if (attention & RX_ATTENTION_FLAGS_DECRYPT_ERR) {
+- ath10k_dbg(ATH10K_DBG_HTT,
+- "htt rx dropping due to decrypt-err\n");
+- return false;
+- }
++ first = skb_peek(amsdu);
++ rxd = (void *)first->data - sizeof(*rxd);
++ decap = MS(__le32_to_cpu(rxd->msdu_start.info1),
++ RX_MSDU_START_INFO1_DECAP_FORMAT);
+
+- if (!channel_set) {
+- ath10k_warn("no channel configured; ignoring frame!\n");
+- return false;
++ if (!chained)
++ return;
++
++ /* FIXME: Current unchaining logic can only handle simple case of raw
++ * msdu chaining. If decapping is other than raw the chaining may be
++ * more complex and this isn't handled by the current code. Don't even
++ * try re-constructing such frames - it'll be pretty much garbage.
++ */
++ if (decap != RX_MSDU_DECAP_RAW ||
++ skb_queue_len(amsdu) != 1 + rxd->frag_info.ring2_more_count) {
++ __skb_queue_purge(amsdu);
++ return;
+ }
+
+- /* Skip mgmt frames while we handle this in WMI */
+- if (status == HTT_RX_IND_MPDU_STATUS_MGMT_CTRL ||
+- attention & RX_ATTENTION_FLAGS_MGMT_TYPE) {
+- ath10k_dbg(ATH10K_DBG_HTT, "htt rx mgmt ctrl\n");
++ ath10k_unchain_msdu(amsdu);
++}
++
++static bool ath10k_htt_rx_amsdu_allowed(struct ath10k *ar,
++ struct sk_buff_head *amsdu,
++ struct ieee80211_rx_status *rx_status)
++{
++ struct sk_buff *msdu;
++ struct htt_rx_desc *rxd;
++ bool is_mgmt;
++ bool has_fcs_err;
++
++ msdu = skb_peek(amsdu);
++ rxd = (void *)msdu->data - sizeof(*rxd);
++
++ /* FIXME: It might be a good idea to do some fuzzy-testing to drop
++ * invalid/dangerous frames.
++ */
++
++ if (!rx_status->freq) {
++ ath10k_warn(ar, "no channel configured; ignoring frame(s)!\n");
+ return false;
+ }
+
+- if (status != HTT_RX_IND_MPDU_STATUS_OK &&
+- status != HTT_RX_IND_MPDU_STATUS_TKIP_MIC_ERR &&
+- status != HTT_RX_IND_MPDU_STATUS_ERR_INV_PEER &&
+- !htt->ar->monitor_started) {
+- ath10k_dbg(ATH10K_DBG_HTT,
+- "htt rx ignoring frame w/ status %d\n",
+- status);
++ is_mgmt = !!(rxd->attention.flags &
++ __cpu_to_le32(RX_ATTENTION_FLAGS_MGMT_TYPE));
++ has_fcs_err = !!(rxd->attention.flags &
++ __cpu_to_le32(RX_ATTENTION_FLAGS_FCS_ERR));
++
++ /* Management frames are handled via WMI events. The pros of such
++ * approach is that channel is explicitly provided in WMI events
++ * whereas HTT doesn't provide channel information for Rxed frames.
++ *
++ * However some firmware revisions don't report corrupted frames via
++ * WMI so don't drop them.
++ */
++ if (is_mgmt && !has_fcs_err) {
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx mgmt ctrl\n");
+ return false;
+ }
+
+- if (test_bit(ATH10K_CAC_RUNNING, &htt->ar->dev_flags)) {
+- ath10k_dbg(ATH10K_DBG_HTT,
+- "htt rx CAC running\n");
++ if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags)) {
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx cac running\n");
+ return false;
+ }
+
+ return true;
+ }
+
++static void ath10k_htt_rx_h_filter(struct ath10k *ar,
++ struct sk_buff_head *amsdu,
++ struct ieee80211_rx_status *rx_status)
++{
++ if (skb_queue_empty(amsdu))
++ return;
++
++ if (ath10k_htt_rx_amsdu_allowed(ar, amsdu, rx_status))
++ return;
++
++ __skb_queue_purge(amsdu);
++}
++
+ static void ath10k_htt_rx_handler(struct ath10k_htt *htt,
+ struct htt_rx_indication *rx)
+ {
++ struct ath10k *ar = htt->ar;
+ struct ieee80211_rx_status *rx_status = &htt->rx_status;
+ struct htt_rx_indication_mpdu_range *mpdu_ranges;
+- struct htt_rx_desc *rxd;
+- enum htt_rx_mpdu_status status;
+- struct ieee80211_hdr *hdr;
++ struct sk_buff_head amsdu;
+ int num_mpdu_ranges;
+- u32 attention;
+ int fw_desc_len;
+ u8 *fw_desc;
+- bool channel_set;
+- int i, j;
+- int ret;
++ int i, ret, mpdu_count = 0;
+
+ lockdep_assert_held(&htt->rx_ring.lock);
+
++ if (htt->rx_confused)
++ return;
++
+ fw_desc_len = __le16_to_cpu(rx->prefix.fw_rx_desc_bytes);
+ fw_desc = (u8 *)&rx->fw_desc;
+
+@@ -1161,201 +1500,82 @@ static void ath10k_htt_rx_handler(struct
+ HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES);
+ mpdu_ranges = htt_rx_ind_get_mpdu_ranges(rx);
+
+- /* Fill this once, while this is per-ppdu */
+- if (rx->ppdu.info0 & HTT_RX_INDICATION_INFO0_START_VALID) {
+- memset(rx_status, 0, sizeof(*rx_status));
+- rx_status->signal = ATH10K_DEFAULT_NOISE_FLOOR +
+- rx->ppdu.combined_rssi;
+- }
+-
+- if (rx->ppdu.info0 & HTT_RX_INDICATION_INFO0_END_VALID) {
+- /* TSF available only in 32-bit */
+- rx_status->mactime = __le32_to_cpu(rx->ppdu.tsf) & 0xffffffff;
+- rx_status->flag |= RX_FLAG_MACTIME_END;
+- }
+-
+- channel_set = ath10k_htt_rx_h_channel(htt->ar, rx_status);
+-
+- if (channel_set) {
+- ath10k_htt_rx_h_rates(htt->ar, rx_status->band,
+- rx->ppdu.info0,
+- __le32_to_cpu(rx->ppdu.info1),
+- __le32_to_cpu(rx->ppdu.info2),
+- rx_status);
+- }
+-
+- ath10k_dbg_dump(ATH10K_DBG_HTT_DUMP, NULL, "htt rx ind: ",
++ ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx ind: ",
+ rx, sizeof(*rx) +
+ (sizeof(struct htt_rx_indication_mpdu_range) *
+ num_mpdu_ranges));
+
+- for (i = 0; i < num_mpdu_ranges; i++) {
+- status = mpdu_ranges[i].mpdu_range_status;
+-
+- for (j = 0; j < mpdu_ranges[i].mpdu_count; j++) {
+- struct sk_buff *msdu_head, *msdu_tail;
++ for (i = 0; i < num_mpdu_ranges; i++)
++ mpdu_count += mpdu_ranges[i].mpdu_count;
+
+- msdu_head = NULL;
+- msdu_tail = NULL;
+- ret = ath10k_htt_rx_amsdu_pop(htt,
+- &fw_desc,
+- &fw_desc_len,
+- &msdu_head,
+- &msdu_tail);
+-
+- if (ret < 0) {
+- ath10k_warn("failed to pop amsdu from htt rx ring %d\n",
+- ret);
+- ath10k_htt_rx_free_msdu_chain(msdu_head);
+- continue;
+- }
+-
+- rxd = container_of((void *)msdu_head->data,
+- struct htt_rx_desc,
+- msdu_payload);
+- attention = __le32_to_cpu(rxd->attention.flags);
+-
+- if (!ath10k_htt_rx_amsdu_allowed(htt, msdu_head,
+- status,
+- channel_set,
+- attention)) {
+- ath10k_htt_rx_free_msdu_chain(msdu_head);
+- continue;
+- }
+-
+- if (ret > 0 &&
+- ath10k_unchain_msdu(msdu_head) < 0) {
+- ath10k_htt_rx_free_msdu_chain(msdu_head);
+- continue;
+- }
+-
+- if (attention & RX_ATTENTION_FLAGS_FCS_ERR)
+- rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
+- else
+- rx_status->flag &= ~RX_FLAG_FAILED_FCS_CRC;
+-
+- if (attention & RX_ATTENTION_FLAGS_TKIP_MIC_ERR)
+- rx_status->flag |= RX_FLAG_MMIC_ERROR;
+- else
+- rx_status->flag &= ~RX_FLAG_MMIC_ERROR;
+-
+- hdr = ath10k_htt_rx_skb_get_hdr(msdu_head);
+-
+- if (ath10k_htt_rx_hdr_is_amsdu(hdr))
+- ath10k_htt_rx_amsdu(htt, rx_status, msdu_head);
+- else
+- ath10k_htt_rx_msdu(htt, rx_status, msdu_head);
++ while (mpdu_count--) {
++ __skb_queue_head_init(&amsdu);
++ ret = ath10k_htt_rx_amsdu_pop(htt, &fw_desc,
++ &fw_desc_len, &amsdu);
++ if (ret < 0) {
++ ath10k_warn(ar, "rx ring became corrupted: %d\n", ret);
++ __skb_queue_purge(&amsdu);
++ /* FIXME: It's probably a good idea to reboot the
++ * device instead of leaving it inoperable.
++ */
++ htt->rx_confused = true;
++ break;
+ }
++
++ ath10k_htt_rx_h_ppdu(ar, &amsdu, rx_status);
++ ath10k_htt_rx_h_unchain(ar, &amsdu, ret > 0);
++ ath10k_htt_rx_h_filter(ar, &amsdu, rx_status);
++ ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status);
++ ath10k_htt_rx_h_deliver(ar, &amsdu, rx_status);
+ }
+
+ tasklet_schedule(&htt->rx_replenish_task);
+ }
+
+ static void ath10k_htt_rx_frag_handler(struct ath10k_htt *htt,
+- struct htt_rx_fragment_indication *frag)
++ struct htt_rx_fragment_indication *frag)
+ {
+- struct sk_buff *msdu_head, *msdu_tail;
+- enum htt_rx_mpdu_encrypt_type enctype;
+- struct htt_rx_desc *rxd;
+- enum rx_msdu_decap_format fmt;
++ struct ath10k *ar = htt->ar;
+ struct ieee80211_rx_status *rx_status = &htt->rx_status;
+- struct ieee80211_hdr *hdr;
++ struct sk_buff_head amsdu;
+ int ret;
+- bool tkip_mic_err;
+- bool decrypt_err;
+ u8 *fw_desc;
+- int fw_desc_len, hdrlen, paramlen;
+- int trim;
++ int fw_desc_len;
+
+ fw_desc_len = __le16_to_cpu(frag->fw_rx_desc_bytes);
+ fw_desc = (u8 *)frag->fw_msdu_rx_desc;
+
+- msdu_head = NULL;
+- msdu_tail = NULL;
++ __skb_queue_head_init(&amsdu);
+
+ spin_lock_bh(&htt->rx_ring.lock);
+ ret = ath10k_htt_rx_amsdu_pop(htt, &fw_desc, &fw_desc_len,
+- &msdu_head, &msdu_tail);
++ &amsdu);
+ spin_unlock_bh(&htt->rx_ring.lock);
+
+- ath10k_dbg(ATH10K_DBG_HTT_DUMP, "htt rx frag ahead\n");
++ tasklet_schedule(&htt->rx_replenish_task);
++
++ ath10k_dbg(ar, ATH10K_DBG_HTT_DUMP, "htt rx frag ahead\n");
+
+ if (ret) {
+- ath10k_warn("failed to pop amsdu from httr rx ring for fragmented rx %d\n",
++ ath10k_warn(ar, "failed to pop amsdu from httr rx ring for fragmented rx %d\n",
+ ret);
+- ath10k_htt_rx_free_msdu_chain(msdu_head);
++ __skb_queue_purge(&amsdu);
+ return;
+ }
+
+- /* FIXME: implement signal strength */
+-
+- hdr = (struct ieee80211_hdr *)msdu_head->data;
+- rxd = (void *)msdu_head->data - sizeof(*rxd);
+- tkip_mic_err = !!(__le32_to_cpu(rxd->attention.flags) &
+- RX_ATTENTION_FLAGS_TKIP_MIC_ERR);
+- decrypt_err = !!(__le32_to_cpu(rxd->attention.flags) &
+- RX_ATTENTION_FLAGS_DECRYPT_ERR);
+- fmt = MS(__le32_to_cpu(rxd->msdu_start.info1),
+- RX_MSDU_START_INFO1_DECAP_FORMAT);
+-
+- if (fmt != RX_MSDU_DECAP_RAW) {
+- ath10k_warn("we dont support non-raw fragmented rx yet\n");
+- dev_kfree_skb_any(msdu_head);
+- goto end;
+- }
+-
+- enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0),
+- RX_MPDU_START_INFO0_ENCRYPT_TYPE);
+- ath10k_htt_rx_h_protected(htt, rx_status, msdu_head, enctype);
+- msdu_head->ip_summed = ath10k_htt_rx_get_csum_state(msdu_head);
+-
+- if (tkip_mic_err)
+- ath10k_warn("tkip mic error\n");
+-
+- if (decrypt_err) {
+- ath10k_warn("decryption err in fragmented rx\n");
+- dev_kfree_skb_any(msdu_head);
+- goto end;
+- }
+-
+- if (enctype != HTT_RX_MPDU_ENCRYPT_NONE) {
+- hdrlen = ieee80211_hdrlen(hdr->frame_control);
+- paramlen = ath10k_htt_rx_crypto_param_len(enctype);
+-
+- /* It is more efficient to move the header than the payload */
+- memmove((void *)msdu_head->data + paramlen,
+- (void *)msdu_head->data,
+- hdrlen);
+- skb_pull(msdu_head, paramlen);
+- hdr = (struct ieee80211_hdr *)msdu_head->data;
+- }
+-
+- /* remove trailing FCS */
+- trim = 4;
+-
+- /* remove crypto trailer */
+- trim += ath10k_htt_rx_crypto_tail_len(enctype);
+-
+- /* last fragment of TKIP frags has MIC */
+- if (!ieee80211_has_morefrags(hdr->frame_control) &&
+- enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
+- trim += 8;
+-
+- if (trim > msdu_head->len) {
+- ath10k_warn("htt rx fragment: trailer longer than the frame itself? drop\n");
+- dev_kfree_skb_any(msdu_head);
+- goto end;
++ if (skb_queue_len(&amsdu) != 1) {
++ ath10k_warn(ar, "failed to pop frag amsdu: too many msdus\n");
++ __skb_queue_purge(&amsdu);
++ return;
+ }
+
+- skb_trim(msdu_head, msdu_head->len - trim);
+-
+- ath10k_dbg_dump(ATH10K_DBG_HTT_DUMP, NULL, "htt rx frag mpdu: ",
+- msdu_head->data, msdu_head->len);
+- ath10k_process_rx(htt->ar, rx_status, msdu_head);
++ ath10k_htt_rx_h_ppdu(ar, &amsdu, rx_status);
++ ath10k_htt_rx_h_filter(ar, &amsdu, rx_status);
++ ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status);
++ ath10k_htt_rx_h_deliver(ar, &amsdu, rx_status);
+
+-end:
+ if (fw_desc_len > 0) {
+- ath10k_dbg(ATH10K_DBG_HTT,
++ ath10k_dbg(ar, ATH10K_DBG_HTT,
+ "expecting more fragmented rx in one indication %d\n",
+ fw_desc_len);
+ }
+@@ -1385,12 +1605,12 @@ static void ath10k_htt_rx_frm_tx_compl(s
+ tx_done.discard = true;
+ break;
+ default:
+- ath10k_warn("unhandled tx completion status %d\n", status);
++ ath10k_warn(ar, "unhandled tx completion status %d\n", status);
+ tx_done.discard = true;
+ break;
+ }
+
+- ath10k_dbg(ATH10K_DBG_HTT, "htt tx completion num_msdus %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "htt tx completion num_msdus %d\n",
+ resp->data_tx_completion.num_msdus);
+
+ for (i = 0; i < resp->data_tx_completion.num_msdus; i++) {
+@@ -1400,6 +1620,274 @@ static void ath10k_htt_rx_frm_tx_compl(s
+ }
+ }
+
++static void ath10k_htt_rx_addba(struct ath10k *ar, struct htt_resp *resp)
++{
++ struct htt_rx_addba *ev = &resp->rx_addba;
++ struct ath10k_peer *peer;
++ struct ath10k_vif *arvif;
++ u16 info0, tid, peer_id;
++
++ info0 = __le16_to_cpu(ev->info0);
++ tid = MS(info0, HTT_RX_BA_INFO0_TID);
++ peer_id = MS(info0, HTT_RX_BA_INFO0_PEER_ID);
++
++ ath10k_dbg(ar, ATH10K_DBG_HTT,
++ "htt rx addba tid %hu peer_id %hu size %hhu\n",
++ tid, peer_id, ev->window_size);
++
++ spin_lock_bh(&ar->data_lock);
++ peer = ath10k_peer_find_by_id(ar, peer_id);
++ if (!peer) {
++ ath10k_warn(ar, "received addba event for invalid peer_id: %hu\n",
++ peer_id);
++ spin_unlock_bh(&ar->data_lock);
++ return;
++ }
++
++ arvif = ath10k_get_arvif(ar, peer->vdev_id);
++ if (!arvif) {
++ ath10k_warn(ar, "received addba event for invalid vdev_id: %u\n",
++ peer->vdev_id);
++ spin_unlock_bh(&ar->data_lock);
++ return;
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_HTT,
++ "htt rx start rx ba session sta %pM tid %hu size %hhu\n",
++ peer->addr, tid, ev->window_size);
++
++ ieee80211_start_rx_ba_session_offl(arvif->vif, peer->addr, tid);
++ spin_unlock_bh(&ar->data_lock);
++}
++
++static void ath10k_htt_rx_delba(struct ath10k *ar, struct htt_resp *resp)
++{
++ struct htt_rx_delba *ev = &resp->rx_delba;
++ struct ath10k_peer *peer;
++ struct ath10k_vif *arvif;
++ u16 info0, tid, peer_id;
++
++ info0 = __le16_to_cpu(ev->info0);
++ tid = MS(info0, HTT_RX_BA_INFO0_TID);
++ peer_id = MS(info0, HTT_RX_BA_INFO0_PEER_ID);
++
++ ath10k_dbg(ar, ATH10K_DBG_HTT,
++ "htt rx delba tid %hu peer_id %hu\n",
++ tid, peer_id);
++
++ spin_lock_bh(&ar->data_lock);
++ peer = ath10k_peer_find_by_id(ar, peer_id);
++ if (!peer) {
++ ath10k_warn(ar, "received addba event for invalid peer_id: %hu\n",
++ peer_id);
++ spin_unlock_bh(&ar->data_lock);
++ return;
++ }
++
++ arvif = ath10k_get_arvif(ar, peer->vdev_id);
++ if (!arvif) {
++ ath10k_warn(ar, "received addba event for invalid vdev_id: %u\n",
++ peer->vdev_id);
++ spin_unlock_bh(&ar->data_lock);
++ return;
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_HTT,
++ "htt rx stop rx ba session sta %pM tid %hu\n",
++ peer->addr, tid);
++
++ ieee80211_stop_rx_ba_session_offl(arvif->vif, peer->addr, tid);
++ spin_unlock_bh(&ar->data_lock);
++}
++
++static int ath10k_htt_rx_extract_amsdu(struct sk_buff_head *list,
++ struct sk_buff_head *amsdu)
++{
++ struct sk_buff *msdu;
++ struct htt_rx_desc *rxd;
++
++ if (skb_queue_empty(list))
++ return -ENOBUFS;
++
++ if (WARN_ON(!skb_queue_empty(amsdu)))
++ return -EINVAL;
++
++ while ((msdu = __skb_dequeue(list))) {
++ __skb_queue_tail(amsdu, msdu);
++
++ rxd = (void *)msdu->data - sizeof(*rxd);
++ if (rxd->msdu_end.info0 &
++ __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU))
++ break;
++ }
++
++ msdu = skb_peek_tail(amsdu);
++ rxd = (void *)msdu->data - sizeof(*rxd);
++ if (!(rxd->msdu_end.info0 &
++ __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU))) {
++ skb_queue_splice_init(amsdu, list);
++ return -EAGAIN;
++ }
++
++ return 0;
++}
++
++static void ath10k_htt_rx_h_rx_offload_prot(struct ieee80211_rx_status *status,
++ struct sk_buff *skb)
++{
++ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
++
++ if (!ieee80211_has_protected(hdr->frame_control))
++ return;
++
++ /* Offloaded frames are already decrypted but firmware insists they are
++ * protected in the 802.11 header. Strip the flag. Otherwise mac80211
++ * will drop the frame.
++ */
++
++ hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);
++ status->flag |= RX_FLAG_DECRYPTED |
++ RX_FLAG_IV_STRIPPED |
++ RX_FLAG_MMIC_STRIPPED;
++}
++
++static void ath10k_htt_rx_h_rx_offload(struct ath10k *ar,
++ struct sk_buff_head *list)
++{
++ struct ath10k_htt *htt = &ar->htt;
++ struct ieee80211_rx_status *status = &htt->rx_status;
++ struct htt_rx_offload_msdu *rx;
++ struct sk_buff *msdu;
++ size_t offset;
++
++ while ((msdu = __skb_dequeue(list))) {
++ /* Offloaded frames don't have Rx descriptor. Instead they have
++ * a short meta information header.
++ */
++
++ rx = (void *)msdu->data;
++
++ skb_put(msdu, sizeof(*rx));
++ skb_pull(msdu, sizeof(*rx));
++
++ if (skb_tailroom(msdu) < __le16_to_cpu(rx->msdu_len)) {
++ ath10k_warn(ar, "dropping frame: offloaded rx msdu is too long!\n");
++ dev_kfree_skb_any(msdu);
++ continue;
++ }
++
++ skb_put(msdu, __le16_to_cpu(rx->msdu_len));
++
++ /* Offloaded rx header length isn't multiple of 2 nor 4 so the
++ * actual payload is unaligned. Align the frame. Otherwise
++ * mac80211 complains. This shouldn't reduce performance much
++ * because these offloaded frames are rare.
++ */
++ offset = 4 - ((unsigned long)msdu->data & 3);
++ skb_put(msdu, offset);
++ memmove(msdu->data + offset, msdu->data, msdu->len);
++ skb_pull(msdu, offset);
++
++ /* FIXME: The frame is NWifi. Re-construct QoS Control
++ * if possible later.
++ */
++
++ memset(status, 0, sizeof(*status));
++ status->flag |= RX_FLAG_NO_SIGNAL_VAL;
++
++ ath10k_htt_rx_h_rx_offload_prot(status, msdu);
++ ath10k_htt_rx_h_channel(ar, status);
++ ath10k_process_rx(ar, status, msdu);
++ }
++}
++
++static void ath10k_htt_rx_in_ord_ind(struct ath10k *ar, struct sk_buff *skb)
++{
++ struct ath10k_htt *htt = &ar->htt;
++ struct htt_resp *resp = (void *)skb->data;
++ struct ieee80211_rx_status *status = &htt->rx_status;
++ struct sk_buff_head list;
++ struct sk_buff_head amsdu;
++ u16 peer_id;
++ u16 msdu_count;
++ u8 vdev_id;
++ u8 tid;
++ bool offload;
++ bool frag;
++ int ret;
++
++ lockdep_assert_held(&htt->rx_ring.lock);
++
++ if (htt->rx_confused)
++ return;
++
++ skb_pull(skb, sizeof(resp->hdr));
++ skb_pull(skb, sizeof(resp->rx_in_ord_ind));
++
++ peer_id = __le16_to_cpu(resp->rx_in_ord_ind.peer_id);
++ msdu_count = __le16_to_cpu(resp->rx_in_ord_ind.msdu_count);
++ vdev_id = resp->rx_in_ord_ind.vdev_id;
++ tid = SM(resp->rx_in_ord_ind.info, HTT_RX_IN_ORD_IND_INFO_TID);
++ offload = !!(resp->rx_in_ord_ind.info &
++ HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK);
++ frag = !!(resp->rx_in_ord_ind.info & HTT_RX_IN_ORD_IND_INFO_FRAG_MASK);
++
++ ath10k_dbg(ar, ATH10K_DBG_HTT,
++ "htt rx in ord vdev %i peer %i tid %i offload %i frag %i msdu count %i\n",
++ vdev_id, peer_id, tid, offload, frag, msdu_count);
++
++ if (skb->len < msdu_count * sizeof(*resp->rx_in_ord_ind.msdu_descs)) {
++ ath10k_warn(ar, "dropping invalid in order rx indication\n");
++ return;
++ }
++
++ /* The event can deliver more than 1 A-MSDU. Each A-MSDU is later
++ * extracted and processed.
++ */
++ __skb_queue_head_init(&list);
++ ret = ath10k_htt_rx_pop_paddr_list(htt, &resp->rx_in_ord_ind, &list);
++ if (ret < 0) {
++ ath10k_warn(ar, "failed to pop paddr list: %d\n", ret);
++ htt->rx_confused = true;
++ return;
++ }
++
++ /* Offloaded frames are very different and need to be handled
++ * separately.
++ */
++ if (offload)
++ ath10k_htt_rx_h_rx_offload(ar, &list);
++
++ while (!skb_queue_empty(&list)) {
++ __skb_queue_head_init(&amsdu);
++ ret = ath10k_htt_rx_extract_amsdu(&list, &amsdu);
++ switch (ret) {
++ case 0:
++ /* Note: The in-order indication may report interleaved
++ * frames from different PPDUs meaning reported rx rate
++ * to mac80211 isn't accurate/reliable. It's still
++ * better to report something than nothing though. This
++ * should still give an idea about rx rate to the user.
++ */
++ ath10k_htt_rx_h_ppdu(ar, &amsdu, status);
++ ath10k_htt_rx_h_filter(ar, &amsdu, status);
++ ath10k_htt_rx_h_mpdu(ar, &amsdu, status);
++ ath10k_htt_rx_h_deliver(ar, &amsdu, status);
++ break;
++ case -EAGAIN:
++ /* fall through */
++ default:
++ /* Should not happen. */
++ ath10k_warn(ar, "failed to extract amsdu: %d\n", ret);
++ htt->rx_confused = true;
++ __skb_queue_purge(&list);
++ return;
++ }
++ }
++
++ tasklet_schedule(&htt->rx_replenish_task);
++}
++
+ void ath10k_htt_t2h_msg_handler(struct ath10k *ar, struct sk_buff *skb)
+ {
+ struct ath10k_htt *htt = &ar->htt;
+@@ -1407,9 +1895,9 @@ void ath10k_htt_t2h_msg_handler(struct a
+
+ /* confirm alignment */
+ if (!IS_ALIGNED((unsigned long)skb->data, 4))
+- ath10k_warn("unaligned htt message, expect trouble\n");
++ ath10k_warn(ar, "unaligned htt message, expect trouble\n");
+
+- ath10k_dbg(ATH10K_DBG_HTT, "htt rx, msg_type: 0x%0X\n",
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx, msg_type: 0x%0X\n",
+ resp->hdr.msg_type);
+ switch (resp->hdr.msg_type) {
+ case HTT_T2H_MSG_TYPE_VERSION_CONF: {
+@@ -1473,7 +1961,7 @@ void ath10k_htt_t2h_msg_handler(struct a
+ struct ath10k *ar = htt->ar;
+ struct htt_security_indication *ev = &resp->security_indication;
+
+- ath10k_dbg(ATH10K_DBG_HTT,
++ ath10k_dbg(ar, ATH10K_DBG_HTT,
+ "sec ind peer_id %d unicast %d type %d\n",
+ __le16_to_cpu(ev->peer_id),
+ !!(ev->flags & HTT_SECURITY_IS_UNICAST),
+@@ -1482,7 +1970,7 @@ void ath10k_htt_t2h_msg_handler(struct a
+ break;
+ }
+ case HTT_T2H_MSG_TYPE_RX_FRAG_IND: {
+- ath10k_dbg_dump(ATH10K_DBG_HTT_DUMP, NULL, "htt event: ",
++ ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt event: ",
+ skb->data, skb->len);
+ ath10k_htt_rx_frag_handler(htt, &resp->rx_frag_ind);
+ break;
+@@ -1491,16 +1979,55 @@ void ath10k_htt_t2h_msg_handler(struct a
+ /* FIX THIS */
+ break;
+ case HTT_T2H_MSG_TYPE_STATS_CONF:
+- trace_ath10k_htt_stats(skb->data, skb->len);
++ trace_ath10k_htt_stats(ar, skb->data, skb->len);
+ break;
+ case HTT_T2H_MSG_TYPE_TX_INSPECT_IND:
++ /* Firmware can return tx frames if it's unable to fully
++ * process them and suspects host may be able to fix it. ath10k
++ * sends all tx frames as already inspected so this shouldn't
++ * happen unless fw has a bug.
++ */
++ ath10k_warn(ar, "received an unexpected htt tx inspect event\n");
++ break;
+ case HTT_T2H_MSG_TYPE_RX_ADDBA:
++ ath10k_htt_rx_addba(ar, resp);
++ break;
+ case HTT_T2H_MSG_TYPE_RX_DELBA:
+- case HTT_T2H_MSG_TYPE_RX_FLUSH:
++ ath10k_htt_rx_delba(ar, resp);
++ break;
++ case HTT_T2H_MSG_TYPE_PKTLOG: {
++ struct ath10k_pktlog_hdr *hdr =
++ (struct ath10k_pktlog_hdr *)resp->pktlog_msg.payload;
++
++ trace_ath10k_htt_pktlog(ar, resp->pktlog_msg.payload,
++ sizeof(*hdr) +
++ __le16_to_cpu(hdr->size));
++ break;
++ }
++ case HTT_T2H_MSG_TYPE_RX_FLUSH: {
++ /* Ignore this event because mac80211 takes care of Rx
++ * aggregation reordering.
++ */
++ break;
++ }
++ case HTT_T2H_MSG_TYPE_RX_IN_ORD_PADDR_IND: {
++ spin_lock_bh(&htt->rx_ring.lock);
++ __skb_queue_tail(&htt->rx_in_ord_compl_q, skb);
++ spin_unlock_bh(&htt->rx_ring.lock);
++ tasklet_schedule(&htt->txrx_compl_task);
++ return;
++ }
++ case HTT_T2H_MSG_TYPE_TX_CREDIT_UPDATE_IND:
++ /* FIXME: This WMI-TLV event is overlapping with 10.2
++ * CHAN_CHANGE - both being 0xF. Neither is being used in
++ * practice so no immediate action is necessary. Nevertheless
++ * HTT may need an abstraction layer like WMI has one day.
++ */
++ break;
+ default:
+- ath10k_dbg(ATH10K_DBG_HTT, "htt event (%d) not handled\n",
+- resp->hdr.msg_type);
+- ath10k_dbg_dump(ATH10K_DBG_HTT_DUMP, NULL, "htt event: ",
++ ath10k_warn(ar, "htt event (%d) not handled\n",
++ resp->hdr.msg_type);
++ ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt event: ",
+ skb->data, skb->len);
+ break;
+ };
+@@ -1512,6 +2039,7 @@ void ath10k_htt_t2h_msg_handler(struct a
+ static void ath10k_htt_txrx_compl_task(unsigned long ptr)
+ {
+ struct ath10k_htt *htt = (struct ath10k_htt *)ptr;
++ struct ath10k *ar = htt->ar;
+ struct htt_resp *resp;
+ struct sk_buff *skb;
+
+@@ -1528,5 +2056,10 @@ static void ath10k_htt_txrx_compl_task(u
+ ath10k_htt_rx_handler(htt, &resp->rx_ind);
+ dev_kfree_skb_any(skb);
+ }
++
++ while ((skb = __skb_dequeue(&htt->rx_in_ord_compl_q))) {
++ ath10k_htt_rx_in_ord_ind(ar, skb);
++ dev_kfree_skb_any(skb);
++ }
+ spin_unlock_bh(&htt->rx_ring.lock);
+ }
+--- a/drivers/net/wireless/ath/ath10k/htt_tx.c
++++ b/drivers/net/wireless/ath/ath10k/htt_tx.c
+@@ -56,98 +56,74 @@ exit:
+ return ret;
+ }
+
+-int ath10k_htt_tx_alloc_msdu_id(struct ath10k_htt *htt)
++int ath10k_htt_tx_alloc_msdu_id(struct ath10k_htt *htt, struct sk_buff *skb)
+ {
+- int msdu_id;
++ struct ath10k *ar = htt->ar;
++ int ret;
+
+ lockdep_assert_held(&htt->tx_lock);
+
+- msdu_id = find_first_zero_bit(htt->used_msdu_ids,
+- htt->max_num_pending_tx);
+- if (msdu_id == htt->max_num_pending_tx)
+- return -ENOBUFS;
+-
+- ath10k_dbg(ATH10K_DBG_HTT, "htt tx alloc msdu_id %d\n", msdu_id);
+- __set_bit(msdu_id, htt->used_msdu_ids);
+- return msdu_id;
++ ret = idr_alloc(&htt->pending_tx, skb, 0, 0x10000, GFP_ATOMIC);
++
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "htt tx alloc msdu_id %d\n", ret);
++
++ return ret;
+ }
+
+ void ath10k_htt_tx_free_msdu_id(struct ath10k_htt *htt, u16 msdu_id)
+ {
++ struct ath10k *ar = htt->ar;
++
+ lockdep_assert_held(&htt->tx_lock);
+
+- if (!test_bit(msdu_id, htt->used_msdu_ids))
+- ath10k_warn("trying to free unallocated msdu_id %d\n", msdu_id);
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "htt tx free msdu_id %hu\n", msdu_id);
+
+- ath10k_dbg(ATH10K_DBG_HTT, "htt tx free msdu_id %hu\n", msdu_id);
+- __clear_bit(msdu_id, htt->used_msdu_ids);
++ idr_remove(&htt->pending_tx, msdu_id);
+ }
+
+-int ath10k_htt_tx_attach(struct ath10k_htt *htt)
++int ath10k_htt_tx_alloc(struct ath10k_htt *htt)
+ {
+- spin_lock_init(&htt->tx_lock);
+- init_waitqueue_head(&htt->empty_tx_wq);
+-
+- if (test_bit(ATH10K_FW_FEATURE_WMI_10X, htt->ar->fw_features))
+- htt->max_num_pending_tx = TARGET_10X_NUM_MSDU_DESC;
+- else
+- htt->max_num_pending_tx = TARGET_NUM_MSDU_DESC;
++ struct ath10k *ar = htt->ar;
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "htt tx max num pending tx %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "htt tx max num pending tx %d\n",
+ htt->max_num_pending_tx);
+
+- htt->pending_tx = kzalloc(sizeof(*htt->pending_tx) *
+- htt->max_num_pending_tx, GFP_KERNEL);
+- if (!htt->pending_tx)
+- return -ENOMEM;
+-
+- htt->used_msdu_ids = kzalloc(sizeof(unsigned long) *
+- BITS_TO_LONGS(htt->max_num_pending_tx),
+- GFP_KERNEL);
+- if (!htt->used_msdu_ids) {
+- kfree(htt->pending_tx);
+- return -ENOMEM;
+- }
++ spin_lock_init(&htt->tx_lock);
++ idr_init(&htt->pending_tx);
+
+ htt->tx_pool = dma_pool_create("ath10k htt tx pool", htt->ar->dev,
+ sizeof(struct ath10k_htt_txbuf), 4, 0);
+ if (!htt->tx_pool) {
+- kfree(htt->used_msdu_ids);
+- kfree(htt->pending_tx);
++ idr_destroy(&htt->pending_tx);
+ return -ENOMEM;
+ }
+
+ return 0;
+ }
+
+-static void ath10k_htt_tx_cleanup_pending(struct ath10k_htt *htt)
++static int ath10k_htt_tx_clean_up_pending(int msdu_id, void *skb, void *ctx)
+ {
++ struct ath10k *ar = ctx;
++ struct ath10k_htt *htt = &ar->htt;
+ struct htt_tx_done tx_done = {0};
+- int msdu_id;
+-
+- spin_lock_bh(&htt->tx_lock);
+- for (msdu_id = 0; msdu_id < htt->max_num_pending_tx; msdu_id++) {
+- if (!test_bit(msdu_id, htt->used_msdu_ids))
+- continue;
+
+- ath10k_dbg(ATH10K_DBG_HTT, "force cleanup msdu_id %hu\n",
+- msdu_id);
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "force cleanup msdu_id %hu\n", msdu_id);
+
+- tx_done.discard = 1;
+- tx_done.msdu_id = msdu_id;
++ tx_done.discard = 1;
++ tx_done.msdu_id = msdu_id;
+
+- ath10k_txrx_tx_unref(htt, &tx_done);
+- }
++ spin_lock_bh(&htt->tx_lock);
++ ath10k_txrx_tx_unref(htt, &tx_done);
+ spin_unlock_bh(&htt->tx_lock);
++
++ return 0;
+ }
+
+-void ath10k_htt_tx_detach(struct ath10k_htt *htt)
++void ath10k_htt_tx_free(struct ath10k_htt *htt)
+ {
+- ath10k_htt_tx_cleanup_pending(htt);
+- kfree(htt->pending_tx);
+- kfree(htt->used_msdu_ids);
++ idr_for_each(&htt->pending_tx, ath10k_htt_tx_clean_up_pending, htt->ar);
++ idr_destroy(&htt->pending_tx);
+ dma_pool_destroy(htt->tx_pool);
+- return;
+ }
+
+ void ath10k_htt_htc_tx_complete(struct ath10k *ar, struct sk_buff *skb)
+@@ -157,6 +133,7 @@ void ath10k_htt_htc_tx_complete(struct a
+
+ int ath10k_htt_h2t_ver_req_msg(struct ath10k_htt *htt)
+ {
++ struct ath10k *ar = htt->ar;
+ struct sk_buff *skb;
+ struct htt_cmd *cmd;
+ int len = 0;
+@@ -165,7 +142,7 @@ int ath10k_htt_h2t_ver_req_msg(struct at
+ len += sizeof(cmd->hdr);
+ len += sizeof(cmd->ver_req);
+
+- skb = ath10k_htc_alloc_skb(len);
++ skb = ath10k_htc_alloc_skb(ar, len);
+ if (!skb)
+ return -ENOMEM;
+
+@@ -184,6 +161,7 @@ int ath10k_htt_h2t_ver_req_msg(struct at
+
+ int ath10k_htt_h2t_stats_req(struct ath10k_htt *htt, u8 mask, u64 cookie)
+ {
++ struct ath10k *ar = htt->ar;
+ struct htt_stats_req *req;
+ struct sk_buff *skb;
+ struct htt_cmd *cmd;
+@@ -192,7 +170,7 @@ int ath10k_htt_h2t_stats_req(struct ath1
+ len += sizeof(cmd->hdr);
+ len += sizeof(cmd->stats_req);
+
+- skb = ath10k_htc_alloc_skb(len);
++ skb = ath10k_htc_alloc_skb(ar, len);
+ if (!skb)
+ return -ENOMEM;
+
+@@ -214,7 +192,8 @@ int ath10k_htt_h2t_stats_req(struct ath1
+
+ ret = ath10k_htc_send(&htt->ar->htc, htt->eid, skb);
+ if (ret) {
+- ath10k_warn("failed to send htt type stats request: %d", ret);
++ ath10k_warn(ar, "failed to send htt type stats request: %d",
++ ret);
+ dev_kfree_skb_any(skb);
+ return ret;
+ }
+@@ -224,6 +203,7 @@ int ath10k_htt_h2t_stats_req(struct ath1
+
+ int ath10k_htt_send_rx_ring_cfg_ll(struct ath10k_htt *htt)
+ {
++ struct ath10k *ar = htt->ar;
+ struct sk_buff *skb;
+ struct htt_cmd *cmd;
+ struct htt_rx_ring_setup_ring *ring;
+@@ -242,7 +222,7 @@ int ath10k_htt_send_rx_ring_cfg_ll(struc
+
+ len = sizeof(cmd->hdr) + sizeof(cmd->rx_setup.hdr)
+ + (sizeof(*ring) * num_rx_ring);
+- skb = ath10k_htc_alloc_skb(len);
++ skb = ath10k_htc_alloc_skb(ar, len);
+ if (!skb)
+ return -ENOMEM;
+
+@@ -307,9 +287,57 @@ int ath10k_htt_send_rx_ring_cfg_ll(struc
+ return 0;
+ }
+
++int ath10k_htt_h2t_aggr_cfg_msg(struct ath10k_htt *htt,
++ u8 max_subfrms_ampdu,
++ u8 max_subfrms_amsdu)
++{
++ struct ath10k *ar = htt->ar;
++ struct htt_aggr_conf *aggr_conf;
++ struct sk_buff *skb;
++ struct htt_cmd *cmd;
++ int len;
++ int ret;
++
++ /* Firmware defaults are: amsdu = 3 and ampdu = 64 */
++
++ if (max_subfrms_ampdu == 0 || max_subfrms_ampdu > 64)
++ return -EINVAL;
++
++ if (max_subfrms_amsdu == 0 || max_subfrms_amsdu > 31)
++ return -EINVAL;
++
++ len = sizeof(cmd->hdr);
++ len += sizeof(cmd->aggr_conf);
++
++ skb = ath10k_htc_alloc_skb(ar, len);
++ if (!skb)
++ return -ENOMEM;
++
++ skb_put(skb, len);
++ cmd = (struct htt_cmd *)skb->data;
++ cmd->hdr.msg_type = HTT_H2T_MSG_TYPE_AGGR_CFG;
++
++ aggr_conf = &cmd->aggr_conf;
++ aggr_conf->max_num_ampdu_subframes = max_subfrms_ampdu;
++ aggr_conf->max_num_amsdu_subframes = max_subfrms_amsdu;
++
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "htt h2t aggr cfg msg amsdu %d ampdu %d",
++ aggr_conf->max_num_amsdu_subframes,
++ aggr_conf->max_num_ampdu_subframes);
++
++ ret = ath10k_htc_send(&htt->ar->htc, htt->eid, skb);
++ if (ret) {
++ dev_kfree_skb_any(skb);
++ return ret;
++ }
++
++ return 0;
++}
++
+ int ath10k_htt_mgmt_tx(struct ath10k_htt *htt, struct sk_buff *msdu)
+ {
+- struct device *dev = htt->ar->dev;
++ struct ath10k *ar = htt->ar;
++ struct device *dev = ar->dev;
+ struct sk_buff *txdesc = NULL;
+ struct htt_cmd *cmd;
+ struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(msdu);
+@@ -318,7 +346,6 @@ int ath10k_htt_mgmt_tx(struct ath10k_htt
+ int msdu_id = -1;
+ int res;
+
+-
+ res = ath10k_htt_tx_inc_pending(htt);
+ if (res)
+ goto err;
+@@ -327,16 +354,15 @@ int ath10k_htt_mgmt_tx(struct ath10k_htt
+ len += sizeof(cmd->mgmt_tx);
+
+ spin_lock_bh(&htt->tx_lock);
+- res = ath10k_htt_tx_alloc_msdu_id(htt);
++ res = ath10k_htt_tx_alloc_msdu_id(htt, msdu);
+ if (res < 0) {
+ spin_unlock_bh(&htt->tx_lock);
+ goto err_tx_dec;
+ }
+ msdu_id = res;
+- htt->pending_tx[msdu_id] = msdu;
+ spin_unlock_bh(&htt->tx_lock);
+
+- txdesc = ath10k_htc_alloc_skb(len);
++ txdesc = ath10k_htc_alloc_skb(ar, len);
+ if (!txdesc) {
+ res = -ENOMEM;
+ goto err_free_msdu_id;
+@@ -372,7 +398,6 @@ err_free_txdesc:
+ dev_kfree_skb_any(txdesc);
+ err_free_msdu_id:
+ spin_lock_bh(&htt->tx_lock);
+- htt->pending_tx[msdu_id] = NULL;
+ ath10k_htt_tx_free_msdu_id(htt, msdu_id);
+ spin_unlock_bh(&htt->tx_lock);
+ err_tx_dec:
+@@ -383,7 +408,8 @@ err:
+
+ int ath10k_htt_tx(struct ath10k_htt *htt, struct sk_buff *msdu)
+ {
+- struct device *dev = htt->ar->dev;
++ struct ath10k *ar = htt->ar;
++ struct device *dev = ar->dev;
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)msdu->data;
+ struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(msdu);
+ struct ath10k_hif_sg_item sg_items[2];
+@@ -403,13 +429,12 @@ int ath10k_htt_tx(struct ath10k_htt *htt
+ goto err;
+
+ spin_lock_bh(&htt->tx_lock);
+- res = ath10k_htt_tx_alloc_msdu_id(htt);
++ res = ath10k_htt_tx_alloc_msdu_id(htt, msdu);
+ if (res < 0) {
+ spin_unlock_bh(&htt->tx_lock);
+ goto err_tx_dec;
+ }
+ msdu_id = res;
+- htt->pending_tx[msdu_id] = msdu;
+ spin_unlock_bh(&htt->tx_lock);
+
+ prefetch_len = min(htt->prefetch_len, msdu->len);
+@@ -423,10 +448,18 @@ int ath10k_htt_tx(struct ath10k_htt *htt
+
+ skb_cb->htt.txbuf = dma_pool_alloc(htt->tx_pool, GFP_ATOMIC,
+ &paddr);
+- if (!skb_cb->htt.txbuf)
++ if (!skb_cb->htt.txbuf) {
++ res = -ENOMEM;
+ goto err_free_msdu_id;
++ }
+ skb_cb->htt.txbuf_paddr = paddr;
+
++ if ((ieee80211_is_action(hdr->frame_control) ||
++ ieee80211_is_deauth(hdr->frame_control) ||
++ ieee80211_is_disassoc(hdr->frame_control)) &&
++ ieee80211_has_protected(hdr->frame_control))
++ skb_put(msdu, IEEE80211_CCMP_MIC_LEN);
++
+ skb_cb->paddr = dma_map_single(dev, msdu->data, msdu->len,
+ DMA_TO_DEVICE);
+ res = dma_mapping_error(dev, skb_cb->paddr);
+@@ -482,8 +515,16 @@ int ath10k_htt_tx(struct ath10k_htt *htt
+
+ flags1 |= SM((u16)vdev_id, HTT_DATA_TX_DESC_FLAGS1_VDEV_ID);
+ flags1 |= SM((u16)tid, HTT_DATA_TX_DESC_FLAGS1_EXT_TID);
+- flags1 |= HTT_DATA_TX_DESC_FLAGS1_CKSUM_L3_OFFLOAD;
+- flags1 |= HTT_DATA_TX_DESC_FLAGS1_CKSUM_L4_OFFLOAD;
++ if (msdu->ip_summed == CHECKSUM_PARTIAL) {
++ flags1 |= HTT_DATA_TX_DESC_FLAGS1_CKSUM_L3_OFFLOAD;
++ flags1 |= HTT_DATA_TX_DESC_FLAGS1_CKSUM_L4_OFFLOAD;
++ }
++
++ /* Prevent firmware from sending up tx inspection requests. There's
++ * nothing ath10k can do with frames requested for inspection so force
++ * it to simply rely a regular tx completion with discard status.
++ */
++ flags1 |= HTT_DATA_TX_DESC_FLAGS1_POSTPONED;
+
+ skb_cb->htt.txbuf->cmd_hdr.msg_type = HTT_H2T_MSG_TYPE_TX_FRM;
+ skb_cb->htt.txbuf->cmd_tx.flags0 = flags0;
+@@ -491,14 +532,18 @@ int ath10k_htt_tx(struct ath10k_htt *htt
+ skb_cb->htt.txbuf->cmd_tx.len = __cpu_to_le16(msdu->len);
+ skb_cb->htt.txbuf->cmd_tx.id = __cpu_to_le16(msdu_id);
+ skb_cb->htt.txbuf->cmd_tx.frags_paddr = __cpu_to_le32(frags_paddr);
+- skb_cb->htt.txbuf->cmd_tx.peerid = __cpu_to_le32(HTT_INVALID_PEERID);
++ skb_cb->htt.txbuf->cmd_tx.peerid = __cpu_to_le16(HTT_INVALID_PEERID);
++ skb_cb->htt.txbuf->cmd_tx.freq = __cpu_to_le16(skb_cb->htt.freq);
+
+- ath10k_dbg(ATH10K_DBG_HTT,
+- "htt tx flags0 %hhu flags1 %hu len %d id %hu frags_paddr %08x, msdu_paddr %08x vdev %hhu tid %hhu\n",
++ trace_ath10k_htt_tx(ar, msdu_id, msdu->len, vdev_id, tid);
++ ath10k_dbg(ar, ATH10K_DBG_HTT,
++ "htt tx flags0 %hhu flags1 %hu len %d id %hu frags_paddr %08x, msdu_paddr %08x vdev %hhu tid %hhu freq %hu\n",
+ flags0, flags1, msdu->len, msdu_id, frags_paddr,
+- (u32)skb_cb->paddr, vdev_id, tid);
+- ath10k_dbg_dump(ATH10K_DBG_HTT_DUMP, NULL, "htt tx msdu: ",
++ (u32)skb_cb->paddr, vdev_id, tid, skb_cb->htt.freq);
++ ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt tx msdu: ",
+ msdu->data, msdu->len);
++ trace_ath10k_tx_hdr(ar, msdu->data, msdu->len);
++ trace_ath10k_tx_payload(ar, msdu->data, msdu->len);
+
+ sg_items[0].transfer_id = 0;
+ sg_items[0].transfer_context = NULL;
+@@ -531,7 +576,6 @@ err_free_txbuf:
+ skb_cb->htt.txbuf_paddr);
+ err_free_msdu_id:
+ spin_lock_bh(&htt->tx_lock);
+- htt->pending_tx[msdu_id] = NULL;
+ ath10k_htt_tx_free_msdu_id(htt, msdu_id);
+ spin_unlock_bh(&htt->tx_lock);
+ err_tx_dec:
+--- a/drivers/net/wireless/ath/ath10k/hw.h
++++ b/drivers/net/wireless/ath/ath10k/hw.h
+@@ -20,24 +20,73 @@
+
+ #include "targaddrs.h"
+
++#define ATH10K_FW_DIR "ath10k"
++
+ /* QCA988X 1.0 definitions (unsupported) */
+ #define QCA988X_HW_1_0_CHIP_ID_REV 0x0
+
+ /* QCA988X 2.0 definitions */
+ #define QCA988X_HW_2_0_VERSION 0x4100016c
+ #define QCA988X_HW_2_0_CHIP_ID_REV 0x2
+-#define QCA988X_HW_2_0_FW_DIR "ath10k/QCA988X/hw2.0"
++#define QCA988X_HW_2_0_FW_DIR ATH10K_FW_DIR "/QCA988X/hw2.0"
+ #define QCA988X_HW_2_0_FW_FILE "firmware.bin"
+-#define QCA988X_HW_2_0_FW_2_FILE "firmware-2.bin"
+ #define QCA988X_HW_2_0_OTP_FILE "otp.bin"
+ #define QCA988X_HW_2_0_BOARD_DATA_FILE "board.bin"
+ #define QCA988X_HW_2_0_PATCH_LOAD_ADDR 0x1234
+
++/* QCA6174 target BMI version signatures */
++#define QCA6174_HW_1_0_VERSION 0x05000000
++#define QCA6174_HW_1_1_VERSION 0x05000001
++#define QCA6174_HW_1_3_VERSION 0x05000003
++#define QCA6174_HW_2_1_VERSION 0x05010000
++#define QCA6174_HW_3_0_VERSION 0x05020000
++#define QCA6174_HW_3_2_VERSION 0x05030000
++
++enum qca6174_pci_rev {
++ QCA6174_PCI_REV_1_1 = 0x11,
++ QCA6174_PCI_REV_1_3 = 0x13,
++ QCA6174_PCI_REV_2_0 = 0x20,
++ QCA6174_PCI_REV_3_0 = 0x30,
++};
++
++enum qca6174_chip_id_rev {
++ QCA6174_HW_1_0_CHIP_ID_REV = 0,
++ QCA6174_HW_1_1_CHIP_ID_REV = 1,
++ QCA6174_HW_1_3_CHIP_ID_REV = 2,
++ QCA6174_HW_2_1_CHIP_ID_REV = 4,
++ QCA6174_HW_2_2_CHIP_ID_REV = 5,
++ QCA6174_HW_3_0_CHIP_ID_REV = 8,
++ QCA6174_HW_3_1_CHIP_ID_REV = 9,
++ QCA6174_HW_3_2_CHIP_ID_REV = 10,
++};
++
++#define QCA6174_HW_2_1_FW_DIR "ath10k/QCA6174/hw2.1"
++#define QCA6174_HW_2_1_FW_FILE "firmware.bin"
++#define QCA6174_HW_2_1_OTP_FILE "otp.bin"
++#define QCA6174_HW_2_1_BOARD_DATA_FILE "board.bin"
++#define QCA6174_HW_2_1_PATCH_LOAD_ADDR 0x1234
++
++#define QCA6174_HW_3_0_FW_DIR "ath10k/QCA6174/hw3.0"
++#define QCA6174_HW_3_0_FW_FILE "firmware.bin"
++#define QCA6174_HW_3_0_OTP_FILE "otp.bin"
++#define QCA6174_HW_3_0_BOARD_DATA_FILE "board.bin"
++#define QCA6174_HW_3_0_PATCH_LOAD_ADDR 0x1234
++
+ #define ATH10K_FW_API2_FILE "firmware-2.bin"
++#define ATH10K_FW_API3_FILE "firmware-3.bin"
++
++/* added support for ATH10K_FW_IE_WMI_OP_VERSION */
++#define ATH10K_FW_API4_FILE "firmware-4.bin"
++
++#define ATH10K_FW_UTF_FILE "utf.bin"
+
+ /* includes also the null byte */
+ #define ATH10K_FIRMWARE_MAGIC "QCA-ATH10K"
+
++#define REG_DUMP_COUNT_QCA988X 60
++
++#define QCA988X_CAL_DATA_LEN 2116
++
+ struct ath10k_fw_ie {
+ __le32 id;
+ __le32 len;
+@@ -50,8 +99,57 @@ enum ath10k_fw_ie_type {
+ ATH10K_FW_IE_FEATURES = 2,
+ ATH10K_FW_IE_FW_IMAGE = 3,
+ ATH10K_FW_IE_OTP_IMAGE = 4,
++
++ /* WMI "operations" interface version, 32 bit value. Supported from
++ * FW API 4 and above.
++ */
++ ATH10K_FW_IE_WMI_OP_VERSION = 5,
++};
++
++enum ath10k_fw_wmi_op_version {
++ ATH10K_FW_WMI_OP_VERSION_UNSET = 0,
++
++ ATH10K_FW_WMI_OP_VERSION_MAIN = 1,
++ ATH10K_FW_WMI_OP_VERSION_10_1 = 2,
++ ATH10K_FW_WMI_OP_VERSION_10_2 = 3,
++ ATH10K_FW_WMI_OP_VERSION_TLV = 4,
++ ATH10K_FW_WMI_OP_VERSION_10_2_4 = 5,
++
++ /* keep last */
++ ATH10K_FW_WMI_OP_VERSION_MAX,
++};
++
++enum ath10k_hw_rev {
++ ATH10K_HW_QCA988X,
++ ATH10K_HW_QCA6174,
++};
++
++struct ath10k_hw_regs {
++ u32 rtc_state_cold_reset_mask;
++ u32 rtc_soc_base_address;
++ u32 rtc_wmac_base_address;
++ u32 soc_core_base_address;
++ u32 ce_wrapper_base_address;
++ u32 ce0_base_address;
++ u32 ce1_base_address;
++ u32 ce2_base_address;
++ u32 ce3_base_address;
++ u32 ce4_base_address;
++ u32 ce5_base_address;
++ u32 ce6_base_address;
++ u32 ce7_base_address;
++ u32 soc_reset_control_si0_rst_mask;
++ u32 soc_reset_control_ce_rst_mask;
++ u32 soc_chip_id_address;
++ u32 scratch_3_address;
+ };
+
++extern const struct ath10k_hw_regs qca988x_regs;
++extern const struct ath10k_hw_regs qca6174_regs;
++
++#define QCA_REV_988X(ar) ((ar)->hw_rev == ATH10K_HW_QCA988X)
++#define QCA_REV_6174(ar) ((ar)->hw_rev == ATH10K_HW_QCA6174)
++
+ /* Known pecularities:
+ * - current FW doesn't support raw rx mode (last tested v599)
+ * - current FW dumps upon raw tx mode (last tested v599)
+@@ -73,6 +171,15 @@ enum ath10k_mcast2ucast_mode {
+ ATH10K_MCAST2UCAST_ENABLED = 1,
+ };
+
++struct ath10k_pktlog_hdr {
++ __le16 flags;
++ __le16 missed_cnt;
++ __le16 log_type;
++ __le16 size;
++ __le32 timestamp;
++ u8 payload[0];
++} __packed;
++
+ /* Target specific defines for MAIN firmware */
+ #define TARGET_NUM_VDEVS 8
+ #define TARGET_NUM_PEER_AST 2
+@@ -80,11 +187,13 @@ enum ath10k_mcast2ucast_mode {
+ #define TARGET_DMA_BURST_SIZE 0
+ #define TARGET_MAC_AGGR_DELIM 0
+ #define TARGET_AST_SKID_LIMIT 16
+-#define TARGET_NUM_PEERS 16
++#define TARGET_NUM_STATIONS 16
++#define TARGET_NUM_PEERS ((TARGET_NUM_STATIONS) + \
++ (TARGET_NUM_VDEVS))
+ #define TARGET_NUM_OFFLOAD_PEERS 0
+ #define TARGET_NUM_OFFLOAD_REORDER_BUFS 0
+ #define TARGET_NUM_PEER_KEYS 2
+-#define TARGET_NUM_TIDS (2 * ((TARGET_NUM_PEERS) + (TARGET_NUM_VDEVS)))
++#define TARGET_NUM_TIDS ((TARGET_NUM_PEERS) * 2)
+ #define TARGET_TX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2))
+ #define TARGET_RX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2))
+ #define TARGET_RX_TIMEOUT_LO_PRI 100
+@@ -115,12 +224,15 @@ enum ath10k_mcast2ucast_mode {
+ #define TARGET_10X_DMA_BURST_SIZE 0
+ #define TARGET_10X_MAC_AGGR_DELIM 0
+ #define TARGET_10X_AST_SKID_LIMIT 16
+-#define TARGET_10X_NUM_PEERS (128 + (TARGET_10X_NUM_VDEVS))
+-#define TARGET_10X_NUM_PEERS_MAX 128
++#define TARGET_10X_NUM_STATIONS 128
++#define TARGET_10X_NUM_PEERS ((TARGET_10X_NUM_STATIONS) + \
++ (TARGET_10X_NUM_VDEVS))
+ #define TARGET_10X_NUM_OFFLOAD_PEERS 0
+ #define TARGET_10X_NUM_OFFLOAD_REORDER_BUFS 0
+ #define TARGET_10X_NUM_PEER_KEYS 2
+-#define TARGET_10X_NUM_TIDS 256
++#define TARGET_10X_NUM_TIDS_MAX 256
++#define TARGET_10X_NUM_TIDS min((TARGET_10X_NUM_TIDS_MAX), \
++ (TARGET_10X_NUM_PEERS) * 2)
+ #define TARGET_10X_TX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2))
+ #define TARGET_10X_RX_CHAIN_MASK (BIT(0) | BIT(1) | BIT(2))
+ #define TARGET_10X_RX_TIMEOUT_LO_PRI 100
+@@ -140,6 +252,18 @@ enum ath10k_mcast2ucast_mode {
+ #define TARGET_10X_NUM_MSDU_DESC (1024 + 400)
+ #define TARGET_10X_MAX_FRAG_ENTRIES 0
+
++/* 10.2 parameters */
++#define TARGET_10_2_DMA_BURST_SIZE 1
++
++/* Target specific defines for WMI-TLV firmware */
++#define TARGET_TLV_NUM_VDEVS 3
++#define TARGET_TLV_NUM_STATIONS 32
++#define TARGET_TLV_NUM_PEERS ((TARGET_TLV_NUM_STATIONS) + \
++ (TARGET_TLV_NUM_VDEVS) + \
++ 2)
++#define TARGET_TLV_NUM_TIDS ((TARGET_TLV_NUM_PEERS) * 2)
++#define TARGET_TLV_NUM_MSDU_DESC (1024 + 32)
++
+ /* Number of Copy Engines supported */
+ #define CE_COUNT 8
+
+@@ -170,7 +294,7 @@ enum ath10k_mcast2ucast_mode {
+ /* as of IP3.7.1 */
+ #define RTC_STATE_V_ON 3
+
+-#define RTC_STATE_COLD_RESET_MASK 0x00000400
++#define RTC_STATE_COLD_RESET_MASK ar->regs->rtc_state_cold_reset_mask
+ #define RTC_STATE_V_LSB 0
+ #define RTC_STATE_V_MASK 0x00000007
+ #define RTC_STATE_ADDRESS 0x0000
+@@ -179,12 +303,12 @@ enum ath10k_mcast2ucast_mode {
+ #define PCIE_SOC_WAKE_RESET 0x00000000
+ #define SOC_GLOBAL_RESET_ADDRESS 0x0008
+
+-#define RTC_SOC_BASE_ADDRESS 0x00004000
+-#define RTC_WMAC_BASE_ADDRESS 0x00005000
++#define RTC_SOC_BASE_ADDRESS ar->regs->rtc_soc_base_address
++#define RTC_WMAC_BASE_ADDRESS ar->regs->rtc_wmac_base_address
+ #define MAC_COEX_BASE_ADDRESS 0x00006000
+ #define BT_COEX_BASE_ADDRESS 0x00007000
+ #define SOC_PCIE_BASE_ADDRESS 0x00008000
+-#define SOC_CORE_BASE_ADDRESS 0x00009000
++#define SOC_CORE_BASE_ADDRESS ar->regs->soc_core_base_address
+ #define WLAN_UART_BASE_ADDRESS 0x0000c000
+ #define WLAN_SI_BASE_ADDRESS 0x00010000
+ #define WLAN_GPIO_BASE_ADDRESS 0x00014000
+@@ -193,23 +317,23 @@ enum ath10k_mcast2ucast_mode {
+ #define EFUSE_BASE_ADDRESS 0x00030000
+ #define FPGA_REG_BASE_ADDRESS 0x00039000
+ #define WLAN_UART2_BASE_ADDRESS 0x00054c00
+-#define CE_WRAPPER_BASE_ADDRESS 0x00057000
+-#define CE0_BASE_ADDRESS 0x00057400
+-#define CE1_BASE_ADDRESS 0x00057800
+-#define CE2_BASE_ADDRESS 0x00057c00
+-#define CE3_BASE_ADDRESS 0x00058000
+-#define CE4_BASE_ADDRESS 0x00058400
+-#define CE5_BASE_ADDRESS 0x00058800
+-#define CE6_BASE_ADDRESS 0x00058c00
+-#define CE7_BASE_ADDRESS 0x00059000
++#define CE_WRAPPER_BASE_ADDRESS ar->regs->ce_wrapper_base_address
++#define CE0_BASE_ADDRESS ar->regs->ce0_base_address
++#define CE1_BASE_ADDRESS ar->regs->ce1_base_address
++#define CE2_BASE_ADDRESS ar->regs->ce2_base_address
++#define CE3_BASE_ADDRESS ar->regs->ce3_base_address
++#define CE4_BASE_ADDRESS ar->regs->ce4_base_address
++#define CE5_BASE_ADDRESS ar->regs->ce5_base_address
++#define CE6_BASE_ADDRESS ar->regs->ce6_base_address
++#define CE7_BASE_ADDRESS ar->regs->ce7_base_address
+ #define DBI_BASE_ADDRESS 0x00060000
+ #define WLAN_ANALOG_INTF_PCIE_BASE_ADDRESS 0x0006c000
+ #define PCIE_LOCAL_BASE_ADDRESS 0x00080000
+
+ #define SOC_RESET_CONTROL_ADDRESS 0x00000000
+ #define SOC_RESET_CONTROL_OFFSET 0x00000000
+-#define SOC_RESET_CONTROL_SI0_RST_MASK 0x00000001
+-#define SOC_RESET_CONTROL_CE_RST_MASK 0x00040000
++#define SOC_RESET_CONTROL_SI0_RST_MASK ar->regs->soc_reset_control_si0_rst_mask
++#define SOC_RESET_CONTROL_CE_RST_MASK ar->regs->soc_reset_control_ce_rst_mask
+ #define SOC_RESET_CONTROL_CPU_WARM_RST_MASK 0x00000040
+ #define SOC_CPU_CLOCK_OFFSET 0x00000020
+ #define SOC_CPU_CLOCK_STANDARD_LSB 0
+@@ -223,7 +347,7 @@ enum ath10k_mcast2ucast_mode {
+ #define SOC_LF_TIMER_CONTROL0_ADDRESS 0x00000050
+ #define SOC_LF_TIMER_CONTROL0_ENABLE_MASK 0x00000004
+
+-#define SOC_CHIP_ID_ADDRESS 0x000000ec
++#define SOC_CHIP_ID_ADDRESS ar->regs->soc_chip_id_address
+ #define SOC_CHIP_ID_REV_LSB 8
+ #define SOC_CHIP_ID_REV_MASK 0x00000f00
+
+@@ -274,11 +398,12 @@ enum ath10k_mcast2ucast_mode {
+ #define SI_RX_DATA1_OFFSET 0x00000014
+
+ #define CORE_CTRL_CPU_INTR_MASK 0x00002000
++#define CORE_CTRL_PCIE_REG_31_MASK 0x00000800
+ #define CORE_CTRL_ADDRESS 0x0000
+ #define PCIE_INTR_ENABLE_ADDRESS 0x0008
+ #define PCIE_INTR_CAUSE_ADDRESS 0x000c
+ #define PCIE_INTR_CLR_ADDRESS 0x0014
+-#define SCRATCH_3_ADDRESS 0x0030
++#define SCRATCH_3_ADDRESS ar->regs->scratch_3_address
+ #define CPU_INTR_ADDRESS 0x0010
+
+ /* Firmware indications to the Host via SCRATCH_3 register. */
+--- a/drivers/net/wireless/ath/ath10k/mac.c
++++ b/drivers/net/wireless/ath/ath10k/mac.c
+@@ -26,6 +26,9 @@
+ #include "wmi.h"
+ #include "htt.h"
+ #include "txrx.h"
++#include "testmode.h"
++#include "wmi.h"
++#include "wmi-ops.h"
+
+ /**********/
+ /* Crypto */
+@@ -34,8 +37,9 @@
+ static int ath10k_send_key(struct ath10k_vif *arvif,
+ struct ieee80211_key_conf *key,
+ enum set_key_cmd cmd,
+- const u8 *macaddr)
++ const u8 *macaddr, bool def_idx)
+ {
++ struct ath10k *ar = arvif->ar;
+ struct wmi_vdev_install_key_arg arg = {
+ .vdev_id = arvif->vdev_id,
+ .key_idx = key->keyidx,
+@@ -54,7 +58,7 @@ static int ath10k_send_key(struct ath10k
+ switch (key->cipher) {
+ case WLAN_CIPHER_SUITE_CCMP:
+ arg.key_cipher = WMI_CIPHER_AES_CCM;
+- key->flags |= IEEE80211_KEY_FLAG_SW_MGMT_TX;
++ key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV_MGMT;
+ break;
+ case WLAN_CIPHER_SUITE_TKIP:
+ arg.key_cipher = WMI_CIPHER_TKIP;
+@@ -68,9 +72,12 @@ static int ath10k_send_key(struct ath10k
+ * Otherwise pairwise key must be set */
+ if (memcmp(macaddr, arvif->vif->addr, ETH_ALEN))
+ arg.key_flags = WMI_KEY_PAIRWISE;
++
++ if (def_idx)
++ arg.key_flags |= WMI_KEY_TX_USAGE;
+ break;
+ default:
+- ath10k_warn("cipher %d is not supported\n", key->cipher);
++ ath10k_warn(ar, "cipher %d is not supported\n", key->cipher);
+ return -EOPNOTSUPP;
+ }
+
+@@ -85,7 +92,7 @@ static int ath10k_send_key(struct ath10k
+ static int ath10k_install_key(struct ath10k_vif *arvif,
+ struct ieee80211_key_conf *key,
+ enum set_key_cmd cmd,
+- const u8 *macaddr)
++ const u8 *macaddr, bool def_idx)
+ {
+ struct ath10k *ar = arvif->ar;
+ int ret;
+@@ -94,7 +101,7 @@ static int ath10k_install_key(struct ath
+
+ reinit_completion(&ar->install_key_done);
+
+- ret = ath10k_send_key(arvif, key, cmd, macaddr);
++ ret = ath10k_send_key(arvif, key, cmd, macaddr, def_idx);
+ if (ret)
+ return ret;
+
+@@ -112,6 +119,7 @@ static int ath10k_install_peer_wep_keys(
+ struct ath10k_peer *peer;
+ int ret;
+ int i;
++ bool def_idx;
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+@@ -125,13 +133,20 @@ static int ath10k_install_peer_wep_keys(
+ for (i = 0; i < ARRAY_SIZE(arvif->wep_keys); i++) {
+ if (arvif->wep_keys[i] == NULL)
+ continue;
++ /* set TX_USAGE flag for default key id */
++ if (arvif->def_wep_key_idx == i)
++ def_idx = true;
++ else
++ def_idx = false;
+
+ ret = ath10k_install_key(arvif, arvif->wep_keys[i], SET_KEY,
+- addr);
++ addr, def_idx);
+ if (ret)
+ return ret;
+
++ spin_lock_bh(&ar->data_lock);
+ peer->keys[i] = arvif->wep_keys[i];
++ spin_unlock_bh(&ar->data_lock);
+ }
+
+ return 0;
+@@ -159,21 +174,49 @@ static int ath10k_clear_peer_keys(struct
+ if (peer->keys[i] == NULL)
+ continue;
+
++ /* key flags are not required to delete the key */
+ ret = ath10k_install_key(arvif, peer->keys[i],
+- DISABLE_KEY, addr);
++ DISABLE_KEY, addr, false);
+ if (ret && first_errno == 0)
+ first_errno = ret;
+
+ if (ret)
+- ath10k_warn("failed to remove peer wep key %d: %d\n",
++ ath10k_warn(ar, "failed to remove peer wep key %d: %d\n",
+ i, ret);
+
++ spin_lock_bh(&ar->data_lock);
+ peer->keys[i] = NULL;
++ spin_unlock_bh(&ar->data_lock);
+ }
+
+ return first_errno;
+ }
+
++bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
++ u8 keyidx)
++{
++ struct ath10k_peer *peer;
++ int i;
++
++ lockdep_assert_held(&ar->data_lock);
++
++ /* We don't know which vdev this peer belongs to,
++ * since WMI doesn't give us that information.
++ *
++ * FIXME: multi-bss needs to be handled.
++ */
++ peer = ath10k_peer_find(ar, 0, addr);
++ if (!peer)
++ return false;
++
++ for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
++ if (peer->keys[i] && peer->keys[i]->keyidx == keyidx)
++ return true;
++ }
++
++ return false;
++}
++
+ static int ath10k_clear_vdev_key(struct ath10k_vif *arvif,
+ struct ieee80211_key_conf *key)
+ {
+@@ -194,7 +237,7 @@ static int ath10k_clear_vdev_key(struct
+ list_for_each_entry(peer, &ar->peers, list) {
+ for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {
+ if (peer->keys[i] == key) {
+- memcpy(addr, peer->addr, ETH_ALEN);
++ ether_addr_copy(addr, peer->addr);
+ peer->keys[i] = NULL;
+ break;
+ }
+@@ -207,20 +250,19 @@ static int ath10k_clear_vdev_key(struct
+
+ if (i == ARRAY_SIZE(peer->keys))
+ break;
+-
+- ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr);
++ /* key flags are not required to delete the key */
++ ret = ath10k_install_key(arvif, key, DISABLE_KEY, addr, false);
+ if (ret && first_errno == 0)
+ first_errno = ret;
+
+ if (ret)
+- ath10k_warn("failed to remove key for %pM: %d\n",
++ ath10k_warn(ar, "failed to remove key for %pM: %d\n",
+ addr, ret);
+ }
+
+ return first_errno;
+ }
+
+-
+ /*********************/
+ /* General utilities */
+ /*********************/
+@@ -234,7 +276,10 @@ chan_to_phymode(const struct cfg80211_ch
+ case IEEE80211_BAND_2GHZ:
+ switch (chandef->width) {
+ case NL80211_CHAN_WIDTH_20_NOHT:
+- phymode = MODE_11G;
++ if (chandef->chan->flags & IEEE80211_CHAN_NO_OFDM)
++ phymode = MODE_11B;
++ else
++ phymode = MODE_11G;
+ break;
+ case NL80211_CHAN_WIDTH_20:
+ phymode = MODE_11NG_HT20;
+@@ -322,22 +367,24 @@ static int ath10k_peer_create(struct ath
+
+ lockdep_assert_held(&ar->conf_mutex);
+
++ if (ar->num_peers >= ar->max_num_peers)
++ return -ENOBUFS;
++
+ ret = ath10k_wmi_peer_create(ar, vdev_id, addr);
+ if (ret) {
+- ath10k_warn("failed to create wmi peer %pM on vdev %i: %i\n",
++ ath10k_warn(ar, "failed to create wmi peer %pM on vdev %i: %i\n",
+ addr, vdev_id, ret);
+ return ret;
+ }
+
+ ret = ath10k_wait_for_peer_created(ar, vdev_id, addr);
+ if (ret) {
+- ath10k_warn("failed to wait for created wmi peer %pM on vdev %i: %i\n",
++ ath10k_warn(ar, "failed to wait for created wmi peer %pM on vdev %i: %i\n",
+ addr, vdev_id, ret);
+ return ret;
+ }
+- spin_lock_bh(&ar->data_lock);
++
+ ar->num_peers++;
+- spin_unlock_bh(&ar->data_lock);
+
+ return 0;
+ }
+@@ -352,7 +399,7 @@ static int ath10k_mac_set_kickout(struct
+ ret = ath10k_wmi_pdev_set_param(ar, param,
+ ATH10K_KICKOUT_THRESHOLD);
+ if (ret) {
+- ath10k_warn("failed to set kickout threshold on vdev %i: %d\n",
++ ath10k_warn(ar, "failed to set kickout threshold on vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+@@ -361,7 +408,7 @@ static int ath10k_mac_set_kickout(struct
+ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
+ ATH10K_KEEPALIVE_MIN_IDLE);
+ if (ret) {
+- ath10k_warn("failed to set keepalive minimum idle time on vdev %i: %d\n",
++ ath10k_warn(ar, "failed to set keepalive minimum idle time on vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+@@ -370,7 +417,7 @@ static int ath10k_mac_set_kickout(struct
+ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
+ ATH10K_KEEPALIVE_MAX_IDLE);
+ if (ret) {
+- ath10k_warn("failed to set keepalive maximum idle time on vdev %i: %d\n",
++ ath10k_warn(ar, "failed to set keepalive maximum idle time on vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+@@ -379,7 +426,7 @@ static int ath10k_mac_set_kickout(struct
+ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param,
+ ATH10K_KEEPALIVE_MAX_UNRESPONSIVE);
+ if (ret) {
+- ath10k_warn("failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
++ ath10k_warn(ar, "failed to set keepalive maximum unresponsive time on vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+@@ -387,15 +434,11 @@ static int ath10k_mac_set_kickout(struct
+ return 0;
+ }
+
+-static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
++static int ath10k_mac_set_rts(struct ath10k_vif *arvif, u32 value)
+ {
+ struct ath10k *ar = arvif->ar;
+ u32 vdev_param;
+
+- if (value != 0xFFFFFFFF)
+- value = min_t(u32, arvif->ar->hw->wiphy->rts_threshold,
+- ATH10K_RTS_MAX);
+-
+ vdev_param = ar->wmi.vdev_param->rts_threshold;
+ return ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param, value);
+ }
+@@ -428,9 +471,7 @@ static int ath10k_peer_delete(struct ath
+ if (ret)
+ return ret;
+
+- spin_lock_bh(&ar->data_lock);
+ ar->num_peers--;
+- spin_unlock_bh(&ar->data_lock);
+
+ return 0;
+ }
+@@ -446,7 +487,7 @@ static void ath10k_peer_cleanup(struct a
+ if (peer->vdev_id != vdev_id)
+ continue;
+
+- ath10k_warn("removing stale peer %pM from vdev_id %d\n",
++ ath10k_warn(ar, "removing stale peer %pM from vdev_id %d\n",
+ peer->addr, vdev_id);
+
+ list_del(&peer->list);
+@@ -467,20 +508,63 @@ static void ath10k_peer_cleanup_all(stru
+ list_del(&peer->list);
+ kfree(peer);
+ }
+- ar->num_peers = 0;
+ spin_unlock_bh(&ar->data_lock);
++
++ ar->num_peers = 0;
++ ar->num_stations = 0;
+ }
+
+ /************************/
+ /* Interface management */
+ /************************/
+
++void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif)
++{
++ struct ath10k *ar = arvif->ar;
++
++ lockdep_assert_held(&ar->data_lock);
++
++ if (!arvif->beacon)
++ return;
++
++ if (!arvif->beacon_buf)
++ dma_unmap_single(ar->dev, ATH10K_SKB_CB(arvif->beacon)->paddr,
++ arvif->beacon->len, DMA_TO_DEVICE);
++
++ if (WARN_ON(arvif->beacon_state != ATH10K_BEACON_SCHEDULED &&
++ arvif->beacon_state != ATH10K_BEACON_SENT))
++ return;
++
++ dev_kfree_skb_any(arvif->beacon);
++
++ arvif->beacon = NULL;
++ arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
++}
++
++static void ath10k_mac_vif_beacon_cleanup(struct ath10k_vif *arvif)
++{
++ struct ath10k *ar = arvif->ar;
++
++ lockdep_assert_held(&ar->data_lock);
++
++ ath10k_mac_vif_beacon_free(arvif);
++
++ if (arvif->beacon_buf) {
++ dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
++ arvif->beacon_buf, arvif->beacon_paddr);
++ arvif->beacon_buf = NULL;
++ }
++}
++
+ static inline int ath10k_vdev_setup_sync(struct ath10k *ar)
+ {
+ int ret;
+
+ lockdep_assert_held(&ar->conf_mutex);
+
++ if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
++ return -ESHUTDOWN;
++
+ ret = wait_for_completion_timeout(&ar->vdev_setup_done,
+ ATH10K_VDEV_SETUP_TIMEOUT_HZ);
+ if (ret == 0)
+@@ -489,19 +573,6 @@ static inline int ath10k_vdev_setup_sync
+ return 0;
+ }
+
+-static bool ath10k_monitor_is_enabled(struct ath10k *ar)
+-{
+- lockdep_assert_held(&ar->conf_mutex);
+-
+- ath10k_dbg(ATH10K_DBG_MAC,
+- "mac monitor refs: promisc %d monitor %d cac %d\n",
+- ar->promisc, ar->monitor,
+- test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags));
+-
+- return ar->promisc || ar->monitor ||
+- test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
+-}
+-
+ static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
+ {
+ struct cfg80211_chan_def *chandef = &ar->chandef;
+@@ -526,37 +597,39 @@ static int ath10k_monitor_vdev_start(str
+ arg.channel.max_reg_power = channel->max_reg_power * 2;
+ arg.channel.max_antenna_gain = channel->max_antenna_gain * 2;
+
++ reinit_completion(&ar->vdev_setup_done);
++
+ ret = ath10k_wmi_vdev_start(ar, &arg);
+ if (ret) {
+- ath10k_warn("failed to request monitor vdev %i start: %d\n",
++ ath10k_warn(ar, "failed to request monitor vdev %i start: %d\n",
+ vdev_id, ret);
+ return ret;
+ }
+
+ ret = ath10k_vdev_setup_sync(ar);
+ if (ret) {
+- ath10k_warn("failed to synchronize setup for monitor vdev %i: %d\n",
++ ath10k_warn(ar, "failed to synchronize setup for monitor vdev %i start: %d\n",
+ vdev_id, ret);
+ return ret;
+ }
+
+ ret = ath10k_wmi_vdev_up(ar, vdev_id, 0, ar->mac_addr);
+ if (ret) {
+- ath10k_warn("failed to put up monitor vdev %i: %d\n",
++ ath10k_warn(ar, "failed to put up monitor vdev %i: %d\n",
+ vdev_id, ret);
+ goto vdev_stop;
+ }
+
+ ar->monitor_vdev_id = vdev_id;
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i started\n",
+ ar->monitor_vdev_id);
+ return 0;
+
+ vdev_stop:
+ ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
+ if (ret)
+- ath10k_warn("failed to stop monitor vdev %i after start failure: %d\n",
++ ath10k_warn(ar, "failed to stop monitor vdev %i after start failure: %d\n",
+ ar->monitor_vdev_id, ret);
+
+ return ret;
+@@ -570,20 +643,22 @@ static int ath10k_monitor_vdev_stop(stru
+
+ ret = ath10k_wmi_vdev_down(ar, ar->monitor_vdev_id);
+ if (ret)
+- ath10k_warn("failed to put down monitor vdev %i: %d\n",
++ ath10k_warn(ar, "failed to put down monitor vdev %i: %d\n",
+ ar->monitor_vdev_id, ret);
+
++ reinit_completion(&ar->vdev_setup_done);
++
+ ret = ath10k_wmi_vdev_stop(ar, ar->monitor_vdev_id);
+ if (ret)
+- ath10k_warn("failed to to request monitor vdev %i stop: %d\n",
++ ath10k_warn(ar, "failed to to request monitor vdev %i stop: %d\n",
+ ar->monitor_vdev_id, ret);
+
+ ret = ath10k_vdev_setup_sync(ar);
+ if (ret)
+- ath10k_warn("failed to synchronise monitor vdev %i: %d\n",
++ ath10k_warn(ar, "failed to synchronize monitor vdev %i stop: %d\n",
+ ar->monitor_vdev_id, ret);
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %i stopped\n",
+ ar->monitor_vdev_id);
+ return ret;
+ }
+@@ -594,35 +669,29 @@ static int ath10k_monitor_vdev_create(st
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+- bit = ffs(ar->free_vdev_map);
+- if (bit == 0) {
+- ath10k_warn("failed to find free vdev id for monitor vdev\n");
++ if (ar->free_vdev_map == 0) {
++ ath10k_warn(ar, "failed to find free vdev id for monitor vdev\n");
+ return -ENOMEM;
+ }
+
+- ar->monitor_vdev_id = bit - 1;
+- ar->free_vdev_map &= ~(1 << ar->monitor_vdev_id);
++ bit = __ffs64(ar->free_vdev_map);
++
++ ar->monitor_vdev_id = bit;
+
+ ret = ath10k_wmi_vdev_create(ar, ar->monitor_vdev_id,
+ WMI_VDEV_TYPE_MONITOR,
+ 0, ar->mac_addr);
+ if (ret) {
+- ath10k_warn("failed to request monitor vdev %i creation: %d\n",
++ ath10k_warn(ar, "failed to request monitor vdev %i creation: %d\n",
+ ar->monitor_vdev_id, ret);
+- goto vdev_fail;
++ return ret;
+ }
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
++ ar->free_vdev_map &= ~(1LL << ar->monitor_vdev_id);
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d created\n",
+ ar->monitor_vdev_id);
+
+ return 0;
+-
+-vdev_fail:
+- /*
+- * Restore the ID to the global map.
+- */
+- ar->free_vdev_map |= 1 << (ar->monitor_vdev_id);
+- return ret;
+ }
+
+ static int ath10k_monitor_vdev_delete(struct ath10k *ar)
+@@ -633,14 +702,14 @@ static int ath10k_monitor_vdev_delete(st
+
+ ret = ath10k_wmi_vdev_delete(ar, ar->monitor_vdev_id);
+ if (ret) {
+- ath10k_warn("failed to request wmi monitor vdev %i removal: %d\n",
++ ath10k_warn(ar, "failed to request wmi monitor vdev %i removal: %d\n",
+ ar->monitor_vdev_id, ret);
+ return ret;
+ }
+
+- ar->free_vdev_map |= 1 << (ar->monitor_vdev_id);
++ ar->free_vdev_map |= 1LL << ar->monitor_vdev_id;
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor vdev %d deleted\n",
+ ar->monitor_vdev_id);
+ return ret;
+ }
+@@ -651,63 +720,70 @@ static int ath10k_monitor_start(struct a
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+- if (!ath10k_monitor_is_enabled(ar)) {
+- ath10k_warn("trying to start monitor with no references\n");
+- return 0;
+- }
+-
+- if (ar->monitor_started) {
+- ath10k_dbg(ATH10K_DBG_MAC, "mac monitor already started\n");
+- return 0;
+- }
+-
+ ret = ath10k_monitor_vdev_create(ar);
+ if (ret) {
+- ath10k_warn("failed to create monitor vdev: %d\n", ret);
++ ath10k_warn(ar, "failed to create monitor vdev: %d\n", ret);
+ return ret;
+ }
+
+ ret = ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
+ if (ret) {
+- ath10k_warn("failed to start monitor vdev: %d\n", ret);
++ ath10k_warn(ar, "failed to start monitor vdev: %d\n", ret);
+ ath10k_monitor_vdev_delete(ar);
+ return ret;
+ }
+
+ ar->monitor_started = true;
+- ath10k_dbg(ATH10K_DBG_MAC, "mac monitor started\n");
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor started\n");
+
+ return 0;
+ }
+
+-static void ath10k_monitor_stop(struct ath10k *ar)
++static int ath10k_monitor_stop(struct ath10k *ar)
+ {
+ int ret;
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+- if (ath10k_monitor_is_enabled(ar)) {
+- ath10k_dbg(ATH10K_DBG_MAC,
+- "mac monitor will be stopped later\n");
+- return;
++ ret = ath10k_monitor_vdev_stop(ar);
++ if (ret) {
++ ath10k_warn(ar, "failed to stop monitor vdev: %d\n", ret);
++ return ret;
+ }
+
+- if (!ar->monitor_started) {
+- ath10k_dbg(ATH10K_DBG_MAC,
+- "mac monitor probably failed to start earlier\n");
+- return;
++ ret = ath10k_monitor_vdev_delete(ar);
++ if (ret) {
++ ath10k_warn(ar, "failed to delete monitor vdev: %d\n", ret);
++ return ret;
+ }
+
+- ret = ath10k_monitor_vdev_stop(ar);
+- if (ret)
+- ath10k_warn("failed to stop monitor vdev: %d\n", ret);
++ ar->monitor_started = false;
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac monitor stopped\n");
+
+- ret = ath10k_monitor_vdev_delete(ar);
+- if (ret)
+- ath10k_warn("failed to delete monitor vdev: %d\n", ret);
++ return 0;
++}
+
+- ar->monitor_started = false;
+- ath10k_dbg(ATH10K_DBG_MAC, "mac monitor stopped\n");
++static int ath10k_monitor_recalc(struct ath10k *ar)
++{
++ bool should_start;
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ should_start = ar->monitor ||
++ ar->filter_flags & FIF_PROMISC_IN_BSS ||
++ test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
++
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
++ "mac monitor recalc started? %d should? %d\n",
++ ar->monitor_started, should_start);
++
++ if (should_start == ar->monitor_started)
++ return 0;
++
++ if (should_start)
++ return ath10k_monitor_start(ar);
++
++ return ath10k_monitor_stop(ar);
+ }
+
+ static int ath10k_recalc_rtscts_prot(struct ath10k_vif *arvif)
+@@ -738,14 +814,14 @@ static int ath10k_start_cac(struct ath10
+
+ set_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
+
+- ret = ath10k_monitor_start(ar);
++ ret = ath10k_monitor_recalc(ar);
+ if (ret) {
+- ath10k_warn("failed to start monitor (cac): %d\n", ret);
++ ath10k_warn(ar, "failed to start monitor (cac): %d\n", ret);
+ clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
+ return ret;
+ }
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac start monitor vdev %d\n",
+ ar->monitor_vdev_id);
+
+ return 0;
+@@ -762,7 +838,7 @@ static int ath10k_stop_cac(struct ath10k
+ clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
+ ath10k_monitor_stop(ar);
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac cac finished\n");
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac cac finished\n");
+
+ return 0;
+ }
+@@ -788,12 +864,12 @@ static void ath10k_recalc_radar_detectio
+ * radiation is not allowed, make this channel DFS_UNAVAILABLE
+ * by indicating that radar was detected.
+ */
+- ath10k_warn("failed to start CAC: %d\n", ret);
++ ath10k_warn(ar, "failed to start CAC: %d\n", ret);
+ ieee80211_radar_detected(ar->hw);
+ }
+ }
+
+-static int ath10k_vdev_start(struct ath10k_vif *arvif)
++static int ath10k_vdev_start_restart(struct ath10k_vif *arvif, bool restart)
+ {
+ struct ath10k *ar = arvif->ar;
+ struct cfg80211_chan_def *chandef = &ar->chandef;
+@@ -830,22 +906,27 @@ static int ath10k_vdev_start(struct ath1
+ arg.ssid_len = arvif->vif->bss_conf.ssid_len;
+ }
+
+- ath10k_dbg(ATH10K_DBG_MAC,
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "mac vdev %d start center_freq %d phymode %s\n",
+ arg.vdev_id, arg.channel.freq,
+ ath10k_wmi_phymode_str(arg.channel.mode));
+
+- ret = ath10k_wmi_vdev_start(ar, &arg);
++ if (restart)
++ ret = ath10k_wmi_vdev_restart(ar, &arg);
++ else
++ ret = ath10k_wmi_vdev_start(ar, &arg);
++
+ if (ret) {
+- ath10k_warn("failed to start WMI vdev %i: %d\n",
++ ath10k_warn(ar, "failed to start WMI vdev %i: %d\n",
+ arg.vdev_id, ret);
+ return ret;
+ }
+
+ ret = ath10k_vdev_setup_sync(ar);
+ if (ret) {
+- ath10k_warn("failed to synchronise setup for vdev %i: %d\n",
+- arg.vdev_id, ret);
++ ath10k_warn(ar,
++ "failed to synchronize setup for vdev %i restart %d: %d\n",
++ arg.vdev_id, restart, ret);
+ return ret;
+ }
+
+@@ -855,6 +936,16 @@ static int ath10k_vdev_start(struct ath1
+ return ret;
+ }
+
++static int ath10k_vdev_start(struct ath10k_vif *arvif)
++{
++ return ath10k_vdev_start_restart(arvif, false);
++}
++
++static int ath10k_vdev_restart(struct ath10k_vif *arvif)
++{
++ return ath10k_vdev_start_restart(arvif, true);
++}
++
+ static int ath10k_vdev_stop(struct ath10k_vif *arvif)
+ {
+ struct ath10k *ar = arvif->ar;
+@@ -866,14 +957,14 @@ static int ath10k_vdev_stop(struct ath10
+
+ ret = ath10k_wmi_vdev_stop(ar, arvif->vdev_id);
+ if (ret) {
+- ath10k_warn("failed to stop WMI vdev %i: %d\n",
++ ath10k_warn(ar, "failed to stop WMI vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+
+ ret = ath10k_vdev_setup_sync(ar);
+ if (ret) {
+- ath10k_warn("failed to syncronise setup for vdev %i: %d\n",
++ ath10k_warn(ar, "failed to synchronize setup for vdev %i stop: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+@@ -888,9 +979,147 @@ static int ath10k_vdev_stop(struct ath10
+ return ret;
+ }
+
++static int ath10k_mac_setup_bcn_p2p_ie(struct ath10k_vif *arvif,
++ struct sk_buff *bcn)
++{
++ struct ath10k *ar = arvif->ar;
++ struct ieee80211_mgmt *mgmt;
++ const u8 *p2p_ie;
++ int ret;
++
++ if (arvif->vdev_type != WMI_VDEV_TYPE_AP)
++ return 0;
++
++ if (arvif->vdev_subtype != WMI_VDEV_SUBTYPE_P2P_GO)
++ return 0;
++
++ mgmt = (void *)bcn->data;
++ p2p_ie = cfg80211_find_vendor_ie(WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
++ mgmt->u.beacon.variable,
++ bcn->len - (mgmt->u.beacon.variable -
++ bcn->data));
++ if (!p2p_ie)
++ return -ENOENT;
++
++ ret = ath10k_wmi_p2p_go_bcn_ie(ar, arvif->vdev_id, p2p_ie);
++ if (ret) {
++ ath10k_warn(ar, "failed to submit p2p go bcn ie for vdev %i: %d\n",
++ arvif->vdev_id, ret);
++ return ret;
++ }
++
++ return 0;
++}
++
++static int ath10k_mac_remove_vendor_ie(struct sk_buff *skb, unsigned int oui,
++ u8 oui_type, size_t ie_offset)
++{
++ size_t len;
++ const u8 *next;
++ const u8 *end;
++ u8 *ie;
++
++ if (WARN_ON(skb->len < ie_offset))
++ return -EINVAL;
++
++ ie = (u8 *)cfg80211_find_vendor_ie(oui, oui_type,
++ skb->data + ie_offset,
++ skb->len - ie_offset);
++ if (!ie)
++ return -ENOENT;
++
++ len = ie[1] + 2;
++ end = skb->data + skb->len;
++ next = ie + len;
++
++ if (WARN_ON(next > end))
++ return -EINVAL;
++
++ memmove(ie, next, end - next);
++ skb_trim(skb, skb->len - len);
++
++ return 0;
++}
++
++static int ath10k_mac_setup_bcn_tmpl(struct ath10k_vif *arvif)
++{
++ struct ath10k *ar = arvif->ar;
++ struct ieee80211_hw *hw = ar->hw;
++ struct ieee80211_vif *vif = arvif->vif;
++ struct ieee80211_mutable_offsets offs = {};
++ struct sk_buff *bcn;
++ int ret;
++
++ if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
++ return 0;
++
++ bcn = ieee80211_beacon_get_template(hw, vif, &offs);
++ if (!bcn) {
++ ath10k_warn(ar, "failed to get beacon template from mac80211\n");
++ return -EPERM;
++ }
++
++ ret = ath10k_mac_setup_bcn_p2p_ie(arvif, bcn);
++ if (ret) {
++ ath10k_warn(ar, "failed to setup p2p go bcn ie: %d\n", ret);
++ kfree_skb(bcn);
++ return ret;
++ }
++
++ /* P2P IE is inserted by firmware automatically (as configured above)
++ * so remove it from the base beacon template to avoid duplicate P2P
++ * IEs in beacon frames.
++ */
++ ath10k_mac_remove_vendor_ie(bcn, WLAN_OUI_WFA, WLAN_OUI_TYPE_WFA_P2P,
++ offsetof(struct ieee80211_mgmt,
++ u.beacon.variable));
++
++ ret = ath10k_wmi_bcn_tmpl(ar, arvif->vdev_id, offs.tim_offset, bcn, 0,
++ 0, NULL, 0);
++ kfree_skb(bcn);
++
++ if (ret) {
++ ath10k_warn(ar, "failed to submit beacon template command: %d\n",
++ ret);
++ return ret;
++ }
++
++ return 0;
++}
++
++static int ath10k_mac_setup_prb_tmpl(struct ath10k_vif *arvif)
++{
++ struct ath10k *ar = arvif->ar;
++ struct ieee80211_hw *hw = ar->hw;
++ struct ieee80211_vif *vif = arvif->vif;
++ struct sk_buff *prb;
++ int ret;
++
++ if (!test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map))
++ return 0;
++
++ prb = ieee80211_proberesp_get(hw, vif);
++ if (!prb) {
++ ath10k_warn(ar, "failed to get probe resp template from mac80211\n");
++ return -EPERM;
++ }
++
++ ret = ath10k_wmi_prb_tmpl(ar, arvif->vdev_id, prb);
++ kfree_skb(prb);
++
++ if (ret) {
++ ath10k_warn(ar, "failed to submit probe resp template command: %d\n",
++ ret);
++ return ret;
++ }
++
++ return 0;
++}
++
+ static void ath10k_control_beaconing(struct ath10k_vif *arvif,
+- struct ieee80211_bss_conf *info)
++ struct ieee80211_bss_conf *info)
+ {
++ struct ath10k *ar = arvif->ar;
+ int ret = 0;
+
+ lockdep_assert_held(&arvif->ar->conf_mutex);
+@@ -902,15 +1131,7 @@ static void ath10k_control_beaconing(str
+ arvif->is_up = false;
+
+ spin_lock_bh(&arvif->ar->data_lock);
+- if (arvif->beacon) {
+- dma_unmap_single(arvif->ar->dev,
+- ATH10K_SKB_CB(arvif->beacon)->paddr,
+- arvif->beacon->len, DMA_TO_DEVICE);
+- dev_kfree_skb_any(arvif->beacon);
+-
+- arvif->beacon = NULL;
+- arvif->beacon_sent = false;
+- }
++ ath10k_mac_vif_beacon_free(arvif);
+ spin_unlock_bh(&arvif->ar->data_lock);
+
+ return;
+@@ -923,12 +1144,12 @@ static void ath10k_control_beaconing(str
+ return;
+
+ arvif->aid = 0;
+- memcpy(arvif->bssid, info->bssid, ETH_ALEN);
++ ether_addr_copy(arvif->bssid, info->bssid);
+
+ ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
+ arvif->bssid);
+ if (ret) {
+- ath10k_warn("failed to bring up vdev %d: %i\n",
++ ath10k_warn(ar, "failed to bring up vdev %d: %i\n",
+ arvif->vdev_id, ret);
+ ath10k_vdev_stop(arvif);
+ return;
+@@ -937,13 +1158,14 @@ static void ath10k_control_beaconing(str
+ arvif->is_started = true;
+ arvif->is_up = true;
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d up\n", arvif->vdev_id);
+ }
+
+ static void ath10k_control_ibss(struct ath10k_vif *arvif,
+ struct ieee80211_bss_conf *info,
+ const u8 self_peer[ETH_ALEN])
+ {
++ struct ath10k *ar = arvif->ar;
+ u32 vdev_param;
+ int ret = 0;
+
+@@ -952,20 +1174,12 @@ static void ath10k_control_ibss(struct a
+ if (!info->ibss_joined) {
+ ret = ath10k_peer_delete(arvif->ar, arvif->vdev_id, self_peer);
+ if (ret)
+- ath10k_warn("failed to delete IBSS self peer %pM for vdev %d: %d\n",
++ ath10k_warn(ar, "failed to delete IBSS self peer %pM for vdev %d: %d\n",
+ self_peer, arvif->vdev_id, ret);
+
+ if (is_zero_ether_addr(arvif->bssid))
+ return;
+
+- ret = ath10k_peer_delete(arvif->ar, arvif->vdev_id,
+- arvif->bssid);
+- if (ret) {
+- ath10k_warn("failed to delete IBSS BSSID peer %pM for vdev %d: %d\n",
+- arvif->bssid, arvif->vdev_id, ret);
+- return;
+- }
+-
+ memset(arvif->bssid, 0, ETH_ALEN);
+
+ return;
+@@ -973,7 +1187,7 @@ static void ath10k_control_ibss(struct a
+
+ ret = ath10k_peer_create(arvif->ar, arvif->vdev_id, self_peer);
+ if (ret) {
+- ath10k_warn("failed to create IBSS self peer %pM for vdev %d: %d\n",
++ ath10k_warn(ar, "failed to create IBSS self peer %pM for vdev %d: %d\n",
+ self_peer, arvif->vdev_id, ret);
+ return;
+ }
+@@ -982,103 +1196,211 @@ static void ath10k_control_ibss(struct a
+ ret = ath10k_wmi_vdev_set_param(arvif->ar, arvif->vdev_id, vdev_param,
+ ATH10K_DEFAULT_ATIM);
+ if (ret)
+- ath10k_warn("failed to set IBSS ATIM for vdev %d: %d\n",
++ ath10k_warn(ar, "failed to set IBSS ATIM for vdev %d: %d\n",
+ arvif->vdev_id, ret);
+ }
+
+-/*
+- * Review this when mac80211 gains per-interface powersave support.
+- */
+-static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
++static int ath10k_mac_vif_recalc_ps_wake_threshold(struct ath10k_vif *arvif)
+ {
+ struct ath10k *ar = arvif->ar;
+- struct ieee80211_conf *conf = &ar->hw->conf;
+- enum wmi_sta_powersave_param param;
+- enum wmi_sta_ps_mode psmode;
++ u32 param;
++ u32 value;
+ int ret;
+
+ lockdep_assert_held(&arvif->ar->conf_mutex);
+
+- if (arvif->vif->type != NL80211_IFTYPE_STATION)
+- return 0;
+-
+- if (conf->flags & IEEE80211_CONF_PS) {
+- psmode = WMI_STA_PS_MODE_ENABLED;
+- param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
++ if (arvif->u.sta.uapsd)
++ value = WMI_STA_PS_TX_WAKE_THRESHOLD_NEVER;
++ else
++ value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
+
+- ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
+- conf->dynamic_ps_timeout);
+- if (ret) {
+- ath10k_warn("failed to set inactivity time for vdev %d: %i\n",
+- arvif->vdev_id, ret);
+- return ret;
+- }
+- } else {
+- psmode = WMI_STA_PS_MODE_DISABLED;
++ param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
++ ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param, value);
++ if (ret) {
++ ath10k_warn(ar, "failed to submit ps wake threshold %u on vdev %i: %d\n",
++ value, arvif->vdev_id, ret);
++ return ret;
+ }
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
+- arvif->vdev_id, psmode ? "enable" : "disable");
++ return 0;
++}
+
+- ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
++static int ath10k_mac_vif_recalc_ps_poll_count(struct ath10k_vif *arvif)
++{
++ struct ath10k *ar = arvif->ar;
++ u32 param;
++ u32 value;
++ int ret;
++
++ lockdep_assert_held(&arvif->ar->conf_mutex);
++
++ if (arvif->u.sta.uapsd)
++ value = WMI_STA_PS_PSPOLL_COUNT_UAPSD;
++ else
++ value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
++
++ param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
++ ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
++ param, value);
+ if (ret) {
+- ath10k_warn("failed to set PS Mode %d for vdev %d: %d\n",
+- psmode, arvif->vdev_id, ret);
++ ath10k_warn(ar, "failed to submit ps poll count %u on vdev %i: %d\n",
++ value, arvif->vdev_id, ret);
+ return ret;
+ }
+
+ return 0;
+ }
+
+-/**********************/
+-/* Station management */
+-/**********************/
+-
+-static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
+- struct ath10k_vif *arvif,
+- struct ieee80211_sta *sta,
+- struct ieee80211_bss_conf *bss_conf,
+- struct wmi_peer_assoc_complete_arg *arg)
++static int ath10k_mac_ps_vif_count(struct ath10k *ar)
+ {
++ struct ath10k_vif *arvif;
++ int num = 0;
++
+ lockdep_assert_held(&ar->conf_mutex);
+
+- memcpy(arg->addr, sta->addr, ETH_ALEN);
+- arg->vdev_id = arvif->vdev_id;
+- arg->peer_aid = sta->aid;
+- arg->peer_flags |= WMI_PEER_AUTH;
++ list_for_each_entry(arvif, &ar->arvifs, list)
++ if (arvif->ps)
++ num++;
+
+- if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
+- /*
+- * Seems FW have problems with Power Save in STA
+- * mode when we setup this parameter to high (eg. 5).
+- * Often we see that FW don't send NULL (with clean P flags)
+- * frame even there is info about buffered frames in beacons.
+- * Sometimes we have to wait more than 10 seconds before FW
+- * will wakeup. Often sending one ping from AP to our device
+- * just fail (more than 50%).
+- *
+- * Seems setting this FW parameter to 1 couse FW
+- * will check every beacon and will wakup immediately
+- * after detection buffered data.
+- */
+- arg->peer_listen_intval = 1;
+- else
+- arg->peer_listen_intval = ar->hw->conf.listen_interval;
++ return num;
++}
+
+- arg->peer_num_spatial_streams = 1;
++static int ath10k_mac_vif_setup_ps(struct ath10k_vif *arvif)
++{
++ struct ath10k *ar = arvif->ar;
++ struct ieee80211_vif *vif = arvif->vif;
++ struct ieee80211_conf *conf = &ar->hw->conf;
++ enum wmi_sta_powersave_param param;
++ enum wmi_sta_ps_mode psmode;
++ int ret;
++ int ps_timeout;
++ bool enable_ps;
+
+- /*
+- * The assoc capabilities are available only in managed mode.
++ lockdep_assert_held(&arvif->ar->conf_mutex);
++
++ if (arvif->vif->type != NL80211_IFTYPE_STATION)
++ return 0;
++
++ enable_ps = arvif->ps;
++
++ if (enable_ps && ath10k_mac_ps_vif_count(ar) > 1 &&
++ !test_bit(ATH10K_FW_FEATURE_MULTI_VIF_PS_SUPPORT,
++ ar->fw_features)) {
++ ath10k_warn(ar, "refusing to enable ps on vdev %i: not supported by fw\n",
++ arvif->vdev_id);
++ enable_ps = false;
++ }
++
++ if (enable_ps) {
++ psmode = WMI_STA_PS_MODE_ENABLED;
++ param = WMI_STA_PS_PARAM_INACTIVITY_TIME;
++
++ ps_timeout = conf->dynamic_ps_timeout;
++ if (ps_timeout == 0) {
++ /* Firmware doesn't like 0 */
++ ps_timeout = ieee80211_tu_to_usec(
++ vif->bss_conf.beacon_int) / 1000;
++ }
++
++ ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id, param,
++ ps_timeout);
++ if (ret) {
++ ath10k_warn(ar, "failed to set inactivity time for vdev %d: %i\n",
++ arvif->vdev_id, ret);
++ return ret;
++ }
++ } else {
++ psmode = WMI_STA_PS_MODE_DISABLED;
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d psmode %s\n",
++ arvif->vdev_id, psmode ? "enable" : "disable");
++
++ ret = ath10k_wmi_set_psmode(ar, arvif->vdev_id, psmode);
++ if (ret) {
++ ath10k_warn(ar, "failed to set PS Mode %d for vdev %d: %d\n",
++ psmode, arvif->vdev_id, ret);
++ return ret;
++ }
++
++ return 0;
++}
++
++static int ath10k_mac_vif_disable_keepalive(struct ath10k_vif *arvif)
++{
++ struct ath10k *ar = arvif->ar;
++ struct wmi_sta_keepalive_arg arg = {};
++ int ret;
++
++ lockdep_assert_held(&arvif->ar->conf_mutex);
++
++ if (arvif->vdev_type != WMI_VDEV_TYPE_STA)
++ return 0;
++
++ if (!test_bit(WMI_SERVICE_STA_KEEP_ALIVE, ar->wmi.svc_map))
++ return 0;
++
++ /* Some firmware revisions have a bug and ignore the `enabled` field.
++ * Instead use the interval to disable the keepalive.
++ */
++ arg.vdev_id = arvif->vdev_id;
++ arg.enabled = 1;
++ arg.method = WMI_STA_KEEPALIVE_METHOD_NULL_FRAME;
++ arg.interval = WMI_STA_KEEPALIVE_INTERVAL_DISABLE;
++
++ ret = ath10k_wmi_sta_keepalive(ar, &arg);
++ if (ret) {
++ ath10k_warn(ar, "failed to submit keepalive on vdev %i: %d\n",
++ arvif->vdev_id, ret);
++ return ret;
++ }
++
++ return 0;
++}
++
++/**********************/
++/* Station management */
++/**********************/
++
++static u32 ath10k_peer_assoc_h_listen_intval(struct ath10k *ar,
++ struct ieee80211_vif *vif)
++{
++ /* Some firmware revisions have unstable STA powersave when listen
++ * interval is set too high (e.g. 5). The symptoms are firmware doesn't
++ * generate NullFunc frames properly even if buffered frames have been
++ * indicated in Beacon TIM. Firmware would seldom wake up to pull
++ * buffered frames. Often pinging the device from AP would simply fail.
++ *
++ * As a workaround set it to 1.
+ */
+- if (arvif->vdev_type == WMI_VDEV_TYPE_STA && bss_conf)
+- arg->peer_caps = bss_conf->assoc_capability;
++ if (vif->type == NL80211_IFTYPE_STATION)
++ return 1;
++
++ return ar->hw->conf.listen_interval;
++}
++
++static void ath10k_peer_assoc_h_basic(struct ath10k *ar,
++ struct ieee80211_vif *vif,
++ struct ieee80211_sta *sta,
++ struct wmi_peer_assoc_complete_arg *arg)
++{
++ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ ether_addr_copy(arg->addr, sta->addr);
++ arg->vdev_id = arvif->vdev_id;
++ arg->peer_aid = sta->aid;
++ arg->peer_flags |= WMI_PEER_AUTH;
++ arg->peer_listen_intval = ath10k_peer_assoc_h_listen_intval(ar, vif);
++ arg->peer_num_spatial_streams = 1;
++ arg->peer_caps = vif->bss_conf.assoc_capability;
+ }
+
+ static void ath10k_peer_assoc_h_crypto(struct ath10k *ar,
+- struct ath10k_vif *arvif,
++ struct ieee80211_vif *vif,
+ struct wmi_peer_assoc_complete_arg *arg)
+ {
+- struct ieee80211_vif *vif = arvif->vif;
+ struct ieee80211_bss_conf *info = &vif->bss_conf;
+ struct cfg80211_bss *bss;
+ const u8 *rsnie = NULL;
+@@ -1097,21 +1419,21 @@ static void ath10k_peer_assoc_h_crypto(s
+ ies = rcu_dereference(bss->ies);
+
+ wpaie = cfg80211_find_vendor_ie(WLAN_OUI_MICROSOFT,
+- WLAN_OUI_TYPE_MICROSOFT_WPA,
+- ies->data,
+- ies->len);
++ WLAN_OUI_TYPE_MICROSOFT_WPA,
++ ies->data,
++ ies->len);
+ rcu_read_unlock();
+ cfg80211_put_bss(ar->hw->wiphy, bss);
+ }
+
+ /* FIXME: base on RSN IE/WPA IE is a correct idea? */
+ if (rsnie || wpaie) {
+- ath10k_dbg(ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: rsn ie found\n", __func__);
+ arg->peer_flags |= WMI_PEER_NEED_PTK_4_WAY;
+ }
+
+ if (wpaie) {
+- ath10k_dbg(ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "%s: wpa ie found\n", __func__);
+ arg->peer_flags |= WMI_PEER_NEED_GTK_2_WAY;
+ }
+ }
+@@ -1149,6 +1471,7 @@ static void ath10k_peer_assoc_h_ht(struc
+ {
+ const struct ieee80211_sta_ht_cap *ht_cap = &sta->ht_cap;
+ int i, n;
++ u32 stbc;
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+@@ -1185,7 +1508,6 @@ static void ath10k_peer_assoc_h_ht(struc
+ }
+
+ if (ht_cap->cap & IEEE80211_HT_CAP_RX_STBC) {
+- u32 stbc;
+ stbc = ht_cap->cap & IEEE80211_HT_CAP_RX_STBC;
+ stbc = stbc >> IEEE80211_HT_CAP_RX_STBC_SHIFT;
+ stbc = stbc << WMI_RC_RX_STBC_FLAG_S;
+@@ -1220,7 +1542,7 @@ static void ath10k_peer_assoc_h_ht(struc
+ arg->peer_num_spatial_streams = sta->rx_nss;
+ }
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ht peer %pM mcs cnt %d nss %d\n",
+ arg->addr,
+ arg->peer_ht_rates.num_rates,
+ arg->peer_num_spatial_streams);
+@@ -1237,7 +1559,7 @@ static int ath10k_peer_assoc_qos_ap(stru
+ lockdep_assert_held(&ar->conf_mutex);
+
+ if (sta->wme && sta->uapsd_queues) {
+- ath10k_dbg(ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac uapsd_queues 0x%x max_sp %d\n",
+ sta->uapsd_queues, sta->max_sp);
+
+ if (sta->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
+@@ -1253,7 +1575,6 @@ static int ath10k_peer_assoc_qos_ap(stru
+ uapsd |= WMI_AP_PS_UAPSD_AC0_DELIVERY_EN |
+ WMI_AP_PS_UAPSD_AC0_TRIGGER_EN;
+
+-
+ if (sta->max_sp < MAX_WMI_AP_PS_PEER_PARAM_MAX_SP)
+ max_sp = sta->max_sp;
+
+@@ -1262,7 +1583,7 @@ static int ath10k_peer_assoc_qos_ap(stru
+ WMI_AP_PS_PEER_PARAM_UAPSD,
+ uapsd);
+ if (ret) {
+- ath10k_warn("failed to set ap ps peer param uapsd for vdev %i: %d\n",
++ ath10k_warn(ar, "failed to set ap ps peer param uapsd for vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+@@ -1272,7 +1593,7 @@ static int ath10k_peer_assoc_qos_ap(stru
+ WMI_AP_PS_PEER_PARAM_MAX_SP,
+ max_sp);
+ if (ret) {
+- ath10k_warn("failed to set ap ps peer param max sp for vdev %i: %d\n",
++ ath10k_warn(ar, "failed to set ap ps peer param max sp for vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+@@ -1282,9 +1603,10 @@ static int ath10k_peer_assoc_qos_ap(stru
+ sta->listen_interval - mac80211 patch required.
+ Currently use 10 seconds */
+ ret = ath10k_wmi_set_ap_ps_param(ar, arvif->vdev_id, sta->addr,
+- WMI_AP_PS_PEER_PARAM_AGEOUT_TIME, 10);
++ WMI_AP_PS_PEER_PARAM_AGEOUT_TIME,
++ 10);
+ if (ret) {
+- ath10k_warn("failed to set ap ps peer param ageout time for vdev %i: %d\n",
++ ath10k_warn(ar, "failed to set ap ps peer param ageout time for vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+@@ -1304,8 +1626,11 @@ static void ath10k_peer_assoc_h_vht(stru
+ return;
+
+ arg->peer_flags |= WMI_PEER_VHT;
+- arg->peer_vht_caps = vht_cap->cap;
+
++ if (ar->hw->conf.chandef.chan->band == IEEE80211_BAND_2GHZ)
++ arg->peer_flags |= WMI_PEER_VHT_2G;
++
++ arg->peer_vht_caps = vht_cap->cap;
+
+ ampdu_factor = (vht_cap->cap &
+ IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK) >>
+@@ -1331,16 +1656,17 @@ static void ath10k_peer_assoc_h_vht(stru
+ arg->peer_vht_rates.tx_mcs_set =
+ __le16_to_cpu(vht_cap->vht_mcs.tx_mcs_map);
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vht peer %pM max_mpdu %d flags 0x%x\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vht peer %pM max_mpdu %d flags 0x%x\n",
+ sta->addr, arg->peer_max_mpdu, arg->peer_flags);
+ }
+
+ static void ath10k_peer_assoc_h_qos(struct ath10k *ar,
+- struct ath10k_vif *arvif,
++ struct ieee80211_vif *vif,
+ struct ieee80211_sta *sta,
+- struct ieee80211_bss_conf *bss_conf,
+ struct wmi_peer_assoc_complete_arg *arg)
+ {
++ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
++
+ switch (arvif->vdev_type) {
+ case WMI_VDEV_TYPE_AP:
+ if (sta->wme)
+@@ -1352,16 +1678,29 @@ static void ath10k_peer_assoc_h_qos(stru
+ }
+ break;
+ case WMI_VDEV_TYPE_STA:
+- if (bss_conf->qos)
++ if (vif->bss_conf.qos)
++ arg->peer_flags |= WMI_PEER_QOS;
++ break;
++ case WMI_VDEV_TYPE_IBSS:
++ if (sta->wme)
+ arg->peer_flags |= WMI_PEER_QOS;
+ break;
+ default:
+ break;
+ }
++
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM qos %d\n",
++ sta->addr, !!(arg->peer_flags & WMI_PEER_QOS));
++}
++
++static bool ath10k_mac_sta_has_11g_rates(struct ieee80211_sta *sta)
++{
++ /* First 4 rates in ath10k_rates are CCK (11b) rates. */
++ return sta->supp_rates[IEEE80211_BAND_2GHZ] >> 4;
+ }
+
+ static void ath10k_peer_assoc_h_phymode(struct ath10k *ar,
+- struct ath10k_vif *arvif,
++ struct ieee80211_vif *vif,
+ struct ieee80211_sta *sta,
+ struct wmi_peer_assoc_complete_arg *arg)
+ {
+@@ -1369,13 +1708,20 @@ static void ath10k_peer_assoc_h_phymode(
+
+ switch (ar->hw->conf.chandef.chan->band) {
+ case IEEE80211_BAND_2GHZ:
+- if (sta->ht_cap.ht_supported) {
++ if (sta->vht_cap.vht_supported) {
++ if (sta->bandwidth == IEEE80211_STA_RX_BW_40)
++ phymode = MODE_11AC_VHT40;
++ else
++ phymode = MODE_11AC_VHT20;
++ } else if (sta->ht_cap.ht_supported) {
+ if (sta->bandwidth == IEEE80211_STA_RX_BW_40)
+ phymode = MODE_11NG_HT40;
+ else
+ phymode = MODE_11NG_HT20;
+- } else {
++ } else if (ath10k_mac_sta_has_11g_rates(sta)) {
+ phymode = MODE_11G;
++ } else {
++ phymode = MODE_11B;
+ }
+
+ break;
+@@ -1404,7 +1750,7 @@ static void ath10k_peer_assoc_h_phymode(
+ break;
+ }
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac peer %pM phymode %s\n",
+ sta->addr, ath10k_wmi_phymode_str(phymode));
+
+ arg->peer_phymode = phymode;
+@@ -1412,22 +1758,21 @@ static void ath10k_peer_assoc_h_phymode(
+ }
+
+ static int ath10k_peer_assoc_prepare(struct ath10k *ar,
+- struct ath10k_vif *arvif,
++ struct ieee80211_vif *vif,
+ struct ieee80211_sta *sta,
+- struct ieee80211_bss_conf *bss_conf,
+ struct wmi_peer_assoc_complete_arg *arg)
+ {
+ lockdep_assert_held(&ar->conf_mutex);
+
+ memset(arg, 0, sizeof(*arg));
+
+- ath10k_peer_assoc_h_basic(ar, arvif, sta, bss_conf, arg);
+- ath10k_peer_assoc_h_crypto(ar, arvif, arg);
++ ath10k_peer_assoc_h_basic(ar, vif, sta, arg);
++ ath10k_peer_assoc_h_crypto(ar, vif, arg);
+ ath10k_peer_assoc_h_rates(ar, sta, arg);
+ ath10k_peer_assoc_h_ht(ar, sta, arg);
+ ath10k_peer_assoc_h_vht(ar, sta, arg);
+- ath10k_peer_assoc_h_qos(ar, arvif, sta, bss_conf, arg);
+- ath10k_peer_assoc_h_phymode(ar, arvif, sta, arg);
++ ath10k_peer_assoc_h_qos(ar, vif, sta, arg);
++ ath10k_peer_assoc_h_phymode(ar, vif, sta, arg);
+
+ return 0;
+ }
+@@ -1459,6 +1804,68 @@ static int ath10k_setup_peer_smps(struct
+ ath10k_smps_map[smps]);
+ }
+
++static int ath10k_mac_vif_recalc_txbf(struct ath10k *ar,
++ struct ieee80211_vif *vif,
++ struct ieee80211_sta_vht_cap vht_cap)
++{
++ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
++ int ret;
++ u32 param;
++ u32 value;
++
++ if (!(ar->vht_cap_info &
++ (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
++ IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE |
++ IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
++ IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)))
++ return 0;
++
++ param = ar->wmi.vdev_param->txbf;
++ value = 0;
++
++ if (WARN_ON(param == WMI_VDEV_PARAM_UNSUPPORTED))
++ return 0;
++
++ /* The following logic is correct. If a remote STA advertises support
++ * for being a beamformer then we should enable us being a beamformee.
++ */
++
++ if (ar->vht_cap_info &
++ (IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE |
++ IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)) {
++ if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)
++ value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
++
++ if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)
++ value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFEE;
++ }
++
++ if (ar->vht_cap_info &
++ (IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE |
++ IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE)) {
++ if (vht_cap.cap & IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE)
++ value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
++
++ if (vht_cap.cap & IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE)
++ value |= WMI_VDEV_PARAM_TXBF_MU_TX_BFER;
++ }
++
++ if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFEE)
++ value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFEE;
++
++ if (value & WMI_VDEV_PARAM_TXBF_MU_TX_BFER)
++ value |= WMI_VDEV_PARAM_TXBF_SU_TX_BFER;
++
++ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, param, value);
++ if (ret) {
++ ath10k_warn(ar, "failed to submit vdev param txbf 0x%x: %d\n",
++ value, ret);
++ return ret;
++ }
++
++ return 0;
++}
++
+ /* can be called only in mac80211 callbacks due to `key_count` usage */
+ static void ath10k_bss_assoc(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif,
+@@ -1467,17 +1874,21 @@ static void ath10k_bss_assoc(struct ieee
+ struct ath10k *ar = hw->priv;
+ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
+ struct ieee80211_sta_ht_cap ht_cap;
++ struct ieee80211_sta_vht_cap vht_cap;
+ struct wmi_peer_assoc_complete_arg peer_arg;
+ struct ieee80211_sta *ap_sta;
+ int ret;
+
+ lockdep_assert_held(&ar->conf_mutex);
+
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i assoc bssid %pM aid %d\n",
++ arvif->vdev_id, arvif->bssid, arvif->aid);
++
+ rcu_read_lock();
+
+ ap_sta = ieee80211_find_sta(vif, bss_conf->bssid);
+ if (!ap_sta) {
+- ath10k_warn("failed to find station entry for bss %pM vdev %i\n",
++ ath10k_warn(ar, "failed to find station entry for bss %pM vdev %i\n",
+ bss_conf->bssid, arvif->vdev_id);
+ rcu_read_unlock();
+ return;
+@@ -1486,11 +1897,11 @@ static void ath10k_bss_assoc(struct ieee
+ /* ap_sta must be accessed only within rcu section which must be left
+ * before calling ath10k_setup_peer_smps() which might sleep. */
+ ht_cap = ap_sta->ht_cap;
++ vht_cap = ap_sta->vht_cap;
+
+- ret = ath10k_peer_assoc_prepare(ar, arvif, ap_sta,
+- bss_conf, &peer_arg);
++ ret = ath10k_peer_assoc_prepare(ar, vif, ap_sta, &peer_arg);
+ if (ret) {
+- ath10k_warn("failed to prepare peer assoc for %pM vdev %i: %d\n",
++ ath10k_warn(ar, "failed to prepare peer assoc for %pM vdev %i: %d\n",
+ bss_conf->bssid, arvif->vdev_id, ret);
+ rcu_read_unlock();
+ return;
+@@ -1500,88 +1911,100 @@ static void ath10k_bss_assoc(struct ieee
+
+ ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
+ if (ret) {
+- ath10k_warn("failed to run peer assoc for %pM vdev %i: %d\n",
++ ath10k_warn(ar, "failed to run peer assoc for %pM vdev %i: %d\n",
+ bss_conf->bssid, arvif->vdev_id, ret);
+ return;
+ }
+
+ ret = ath10k_setup_peer_smps(ar, arvif, bss_conf->bssid, &ht_cap);
+ if (ret) {
+- ath10k_warn("failed to setup peer SMPS for vdev %i: %d\n",
++ ath10k_warn(ar, "failed to setup peer SMPS for vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ return;
+ }
+
+- ath10k_dbg(ATH10K_DBG_MAC,
++ ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
++ if (ret) {
++ ath10k_warn(ar, "failed to recalc txbf for vdev %i on bss %pM: %d\n",
++ arvif->vdev_id, bss_conf->bssid, ret);
++ return;
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "mac vdev %d up (associated) bssid %pM aid %d\n",
+ arvif->vdev_id, bss_conf->bssid, bss_conf->aid);
+
++ WARN_ON(arvif->is_up);
++
+ arvif->aid = bss_conf->aid;
+- memcpy(arvif->bssid, bss_conf->bssid, ETH_ALEN);
++ ether_addr_copy(arvif->bssid, bss_conf->bssid);
+
+ ret = ath10k_wmi_vdev_up(ar, arvif->vdev_id, arvif->aid, arvif->bssid);
+ if (ret) {
+- ath10k_warn("failed to set vdev %d up: %d\n",
++ ath10k_warn(ar, "failed to set vdev %d up: %d\n",
+ arvif->vdev_id, ret);
+ return;
+ }
+
+ arvif->is_up = true;
++
++ /* Workaround: Some firmware revisions (tested with qca6174
++ * WLAN.RM.2.0-00073) have buggy powersave state machine and must be
++ * poked with peer param command.
++ */
++ ret = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, arvif->bssid,
++ WMI_PEER_DUMMY_VAR, 1);
++ if (ret) {
++ ath10k_warn(ar, "failed to poke peer %pM param for ps workaround on vdev %i: %d\n",
++ arvif->bssid, arvif->vdev_id, ret);
++ return;
++ }
+ }
+
+-/*
+- * FIXME: flush TIDs
+- */
+ static void ath10k_bss_disassoc(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif)
+ {
+ struct ath10k *ar = hw->priv;
+ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
++ struct ieee80211_sta_vht_cap vht_cap = {};
+ int ret;
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+- /*
+- * For some reason, calling VDEV-DOWN before VDEV-STOP
+- * makes the FW to send frames via HTT after disassociation.
+- * No idea why this happens, even though VDEV-DOWN is supposed
+- * to be analogous to link down, so just stop the VDEV.
+- */
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vdev %d stop (disassociated\n",
+- arvif->vdev_id);
+-
+- /* FIXME: check return value */
+- ret = ath10k_vdev_stop(arvif);
+-
+- /*
+- * If we don't call VDEV-DOWN after VDEV-STOP FW will remain active and
+- * report beacons from previously associated network through HTT.
+- * This in turn would spam mac80211 WARN_ON if we bring down all
+- * interfaces as it expects there is no rx when no interface is
+- * running.
+- */
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vdev %d down\n", arvif->vdev_id);
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i disassoc bssid %pM\n",
++ arvif->vdev_id, arvif->bssid);
+
+- /* FIXME: why don't we print error if wmi call fails? */
+ ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
++ if (ret)
++ ath10k_warn(ar, "faield to down vdev %i: %d\n",
++ arvif->vdev_id, ret);
+
+- arvif->def_wep_key_idx = 0;
++ arvif->def_wep_key_idx = -1;
++
++ ret = ath10k_mac_vif_recalc_txbf(ar, vif, vht_cap);
++ if (ret) {
++ ath10k_warn(ar, "failed to recalc txbf for vdev %i: %d\n",
++ arvif->vdev_id, ret);
++ return;
++ }
+
+- arvif->is_started = false;
+ arvif->is_up = false;
+ }
+
+-static int ath10k_station_assoc(struct ath10k *ar, struct ath10k_vif *arvif,
+- struct ieee80211_sta *sta, bool reassoc)
++static int ath10k_station_assoc(struct ath10k *ar,
++ struct ieee80211_vif *vif,
++ struct ieee80211_sta *sta,
++ bool reassoc)
+ {
++ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
+ struct wmi_peer_assoc_complete_arg peer_arg;
+ int ret = 0;
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+- ret = ath10k_peer_assoc_prepare(ar, arvif, sta, NULL, &peer_arg);
++ ret = ath10k_peer_assoc_prepare(ar, vif, sta, &peer_arg);
+ if (ret) {
+- ath10k_warn("failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
++ ath10k_warn(ar, "failed to prepare WMI peer assoc for %pM vdev %i: %i\n",
+ sta->addr, arvif->vdev_id, ret);
+ return ret;
+ }
+@@ -1589,48 +2012,59 @@ static int ath10k_station_assoc(struct a
+ peer_arg.peer_reassoc = reassoc;
+ ret = ath10k_wmi_peer_assoc(ar, &peer_arg);
+ if (ret) {
+- ath10k_warn("failed to run peer assoc for STA %pM vdev %i: %d\n",
++ ath10k_warn(ar, "failed to run peer assoc for STA %pM vdev %i: %d\n",
+ sta->addr, arvif->vdev_id, ret);
+ return ret;
+ }
+
+- ret = ath10k_setup_peer_smps(ar, arvif, sta->addr, &sta->ht_cap);
+- if (ret) {
+- ath10k_warn("failed to setup peer SMPS for vdev %d: %d\n",
+- arvif->vdev_id, ret);
+- return ret;
+- }
+-
+- if (!sta->wme) {
+- arvif->num_legacy_stations++;
+- ret = ath10k_recalc_rtscts_prot(arvif);
++ /* Re-assoc is run only to update supported rates for given station. It
++ * doesn't make much sense to reconfigure the peer completely.
++ */
++ if (!reassoc) {
++ ret = ath10k_setup_peer_smps(ar, arvif, sta->addr,
++ &sta->ht_cap);
+ if (ret) {
+- ath10k_warn("failed to recalculate rts/cts prot for vdev %d: %d\n",
++ ath10k_warn(ar, "failed to setup peer SMPS for vdev %d: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+- }
+
+- ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
+- if (ret) {
+- ath10k_warn("failed to install peer wep keys for vdev %i: %d\n",
+- arvif->vdev_id, ret);
+- return ret;
+- }
++ ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
++ if (ret) {
++ ath10k_warn(ar, "failed to set qos params for STA %pM for vdev %i: %d\n",
++ sta->addr, arvif->vdev_id, ret);
++ return ret;
++ }
+
+- ret = ath10k_peer_assoc_qos_ap(ar, arvif, sta);
+- if (ret) {
+- ath10k_warn("failed to set qos params for STA %pM for vdev %i: %d\n",
+- sta->addr, arvif->vdev_id, ret);
+- return ret;
++ if (!sta->wme) {
++ arvif->num_legacy_stations++;
++ ret = ath10k_recalc_rtscts_prot(arvif);
++ if (ret) {
++ ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
++ arvif->vdev_id, ret);
++ return ret;
++ }
++ }
++
++ /* Plumb cached keys only for static WEP */
++ if (arvif->def_wep_key_idx != -1) {
++ ret = ath10k_install_peer_wep_keys(arvif, sta->addr);
++ if (ret) {
++ ath10k_warn(ar, "failed to install peer wep keys for vdev %i: %d\n",
++ arvif->vdev_id, ret);
++ return ret;
++ }
++ }
+ }
+
+ return ret;
+ }
+
+-static int ath10k_station_disassoc(struct ath10k *ar, struct ath10k_vif *arvif,
++static int ath10k_station_disassoc(struct ath10k *ar,
++ struct ieee80211_vif *vif,
+ struct ieee80211_sta *sta)
+ {
++ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
+ int ret = 0;
+
+ lockdep_assert_held(&ar->conf_mutex);
+@@ -1639,7 +2073,7 @@ static int ath10k_station_disassoc(struc
+ arvif->num_legacy_stations--;
+ ret = ath10k_recalc_rtscts_prot(arvif);
+ if (ret) {
+- ath10k_warn("failed to recalculate rts/cts prot for vdev %d: %d\n",
++ ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+@@ -1647,7 +2081,7 @@ static int ath10k_station_disassoc(struc
+
+ ret = ath10k_clear_peer_keys(arvif, sta->addr);
+ if (ret) {
+- ath10k_warn("failed to clear all peer wep keys for vdev %i: %d\n",
++ ath10k_warn(ar, "failed to clear all peer wep keys for vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ return ret;
+ }
+@@ -1722,6 +2156,7 @@ static int ath10k_update_channel_list(st
+ ch->passive = passive;
+
+ ch->freq = channel->center_freq;
++ ch->band_center_freq1 = channel->center_freq;
+ ch->min_power = 0;
+ ch->max_power = channel->max_power * 2;
+ ch->max_reg_power = channel->max_reg_power * 2;
+@@ -1739,7 +2174,7 @@ static int ath10k_update_channel_list(st
+ if (WARN_ON_ONCE(ch->mode == MODE_UNKNOWN))
+ continue;
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "mac channel [%zd/%d] freq %d maxpower %d regpower %d antenna %d mode %d\n",
+ ch - arg.channels, arg.n_channels,
+ ch->freq, ch->max_power, ch->max_reg_power,
+@@ -1782,7 +2217,7 @@ static void ath10k_regd_update(struct at
+
+ ret = ath10k_update_channel_list(ar);
+ if (ret)
+- ath10k_warn("failed to update channel list: %d\n", ret);
++ ath10k_warn(ar, "failed to update channel list: %d\n", ret);
+
+ regpair = ar->ath_common.regulatory.regpair;
+
+@@ -1803,7 +2238,7 @@ static void ath10k_regd_update(struct at
+ regpair->reg_5ghz_ctl,
+ wmi_dfs_reg);
+ if (ret)
+- ath10k_warn("failed to set pdev regdomain: %d\n", ret);
++ ath10k_warn(ar, "failed to set pdev regdomain: %d\n", ret);
+ }
+
+ static void ath10k_reg_notifier(struct wiphy *wiphy,
+@@ -1816,12 +2251,12 @@ static void ath10k_reg_notifier(struct w
+ ath_reg_notifier_apply(wiphy, request, &ar->ath_common.regulatory);
+
+ if (config_enabled(CPTCFG_ATH10K_DFS_CERTIFIED) && ar->dfs_detector) {
+- ath10k_dbg(ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs region 0x%x\n",
+ request->dfs_region);
+ result = ar->dfs_detector->set_dfs_domain(ar->dfs_detector,
+ request->dfs_region);
+ if (!result)
+- ath10k_warn("DFS region 0x%X not supported, will trigger radar for every pulse\n",
++ ath10k_warn(ar, "DFS region 0x%X not supported, will trigger radar for every pulse\n",
+ request->dfs_region);
+ }
+
+@@ -1849,28 +2284,25 @@ static u8 ath10k_tx_h_get_tid(struct iee
+ return ieee80211_get_qos_ctl(hdr)[0] & IEEE80211_QOS_CTL_TID_MASK;
+ }
+
+-static u8 ath10k_tx_h_get_vdev_id(struct ath10k *ar,
+- struct ieee80211_tx_info *info)
++static u8 ath10k_tx_h_get_vdev_id(struct ath10k *ar, struct ieee80211_vif *vif)
+ {
+- if (info->control.vif)
+- return ath10k_vif_to_arvif(info->control.vif)->vdev_id;
++ if (vif)
++ return ath10k_vif_to_arvif(vif)->vdev_id;
+
+ if (ar->monitor_started)
+ return ar->monitor_vdev_id;
+
+- ath10k_warn("failed to resolve vdev id\n");
++ ath10k_warn(ar, "failed to resolve vdev id\n");
+ return 0;
+ }
+
+-/*
+- * Frames sent to the FW have to be in "Native Wifi" format.
+- * Strip the QoS field from the 802.11 header.
++/* HTT Tx uses Native Wifi tx mode which expects 802.11 frames without QoS
++ * Control in the header.
+ */
+-static void ath10k_tx_h_qos_workaround(struct ieee80211_hw *hw,
+- struct ieee80211_tx_control *control,
+- struct sk_buff *skb)
++static void ath10k_tx_h_nwifi(struct ieee80211_hw *hw, struct sk_buff *skb)
+ {
+ struct ieee80211_hdr *hdr = (void *)skb->data;
++ struct ath10k_skb_cb *cb = ATH10K_SKB_CB(skb);
+ u8 *qos_ctl;
+
+ if (!ieee80211_is_data_qos(hdr->frame_control))
+@@ -1880,68 +2312,24 @@ static void ath10k_tx_h_qos_workaround(s
+ memmove(skb->data + IEEE80211_QOS_CTL_LEN,
+ skb->data, (void *)qos_ctl - (void *)skb->data);
+ skb_pull(skb, IEEE80211_QOS_CTL_LEN);
+-}
+-
+-static void ath10k_tx_wep_key_work(struct work_struct *work)
+-{
+- struct ath10k_vif *arvif = container_of(work, struct ath10k_vif,
+- wep_key_work);
+- int ret, keyidx = arvif->def_wep_key_newidx;
+-
+- if (arvif->def_wep_key_idx == keyidx)
+- return;
+-
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
+- arvif->vdev_id, keyidx);
+
+- ret = ath10k_wmi_vdev_set_param(arvif->ar,
+- arvif->vdev_id,
+- arvif->ar->wmi.vdev_param->def_keyid,
+- keyidx);
+- if (ret) {
+- ath10k_warn("failed to update wep key index for vdev %d: %d\n",
+- arvif->vdev_id,
+- ret);
+- return;
++ /* Fw/Hw generates a corrupted QoS Control Field for QoS NullFunc
++ * frames. Powersave is handled by the fw/hw so QoS NyllFunc frames are
++ * used only for CQM purposes (e.g. hostapd station keepalive ping) so
++ * it is safe to downgrade to NullFunc.
++ */
++ hdr = (void *)skb->data;
++ if (ieee80211_is_qos_nullfunc(hdr->frame_control)) {
++ hdr->frame_control &= ~__cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
++ cb->htt.tid = HTT_DATA_TX_EXT_TID_NON_QOS_MCAST_BCAST;
+ }
+-
+- arvif->def_wep_key_idx = keyidx;
+ }
+
+-static void ath10k_tx_h_update_wep_key(struct sk_buff *skb)
+-{
+- struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+- struct ieee80211_vif *vif = info->control.vif;
+- struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
+- struct ath10k *ar = arvif->ar;
+- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
+- struct ieee80211_key_conf *key = info->control.hw_key;
+-
+- if (!ieee80211_has_protected(hdr->frame_control))
+- return;
+-
+- if (!key)
+- return;
+-
+- if (key->cipher != WLAN_CIPHER_SUITE_WEP40 &&
+- key->cipher != WLAN_CIPHER_SUITE_WEP104)
+- return;
+-
+- if (key->keyidx == arvif->def_wep_key_idx)
+- return;
+-
+- /* FIXME: Most likely a few frames will be TXed with an old key. Simply
+- * queueing frames until key index is updated is not an option because
+- * sk_buff may need more processing to be done, e.g. offchannel */
+- arvif->def_wep_key_newidx = key->keyidx;
+- ieee80211_queue_work(ar->hw, &arvif->wep_key_work);
+-}
+-
+-static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar, struct sk_buff *skb)
++static void ath10k_tx_h_add_p2p_noa_ie(struct ath10k *ar,
++ struct ieee80211_vif *vif,
++ struct sk_buff *skb)
+ {
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
+- struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+- struct ieee80211_vif *vif = info->control.vif;
+ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
+
+ /* This is case only for P2P_GO */
+@@ -1961,6 +2349,18 @@ static void ath10k_tx_h_add_p2p_noa_ie(s
+ }
+ }
+
++static bool ath10k_mac_need_offchan_tx_work(struct ath10k *ar)
++{
++ /* FIXME: Not really sure since when the behaviour changed. At some
++ * point new firmware stopped requiring creation of peer entries for
++ * offchannel tx (and actually creating them causes issues with wmi-htc
++ * tx credit replenishment and reliability). Assuming it's at least 3.4
++ * because that's when the `freq` was introduced to TX_FRM HTT command.
++ */
++ return !(ar->htt.target_version_major >= 3 &&
++ ar->htt.target_version_minor >= 4);
++}
++
+ static void ath10k_tx_htt(struct ath10k *ar, struct sk_buff *skb)
+ {
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
+@@ -1977,7 +2377,7 @@ static void ath10k_tx_htt(struct ath10k
+ ar->fw_features)) {
+ if (skb_queue_len(&ar->wmi_mgmt_tx_queue) >=
+ ATH10K_MAX_NUM_MGMT_PENDING) {
+- ath10k_warn("reached WMI management tranmist queue limit\n");
++ ath10k_warn(ar, "reached WMI management transmit queue limit\n");
+ ret = -EBUSY;
+ goto exit;
+ }
+@@ -2001,7 +2401,8 @@ static void ath10k_tx_htt(struct ath10k
+
+ exit:
+ if (ret) {
+- ath10k_warn("failed to transmit packet, dropping: %d\n", ret);
++ ath10k_warn(ar, "failed to transmit packet, dropping: %d\n",
++ ret);
+ ieee80211_free_txskb(ar->hw, skb);
+ }
+ }
+@@ -2043,7 +2444,7 @@ void ath10k_offchan_tx_work(struct work_
+
+ mutex_lock(&ar->conf_mutex);
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac offchannel skb %p\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac offchannel skb %p\n",
+ skb);
+
+ hdr = (struct ieee80211_hdr *)skb->data;
+@@ -2056,13 +2457,13 @@ void ath10k_offchan_tx_work(struct work_
+
+ if (peer)
+ /* FIXME: should this use ath10k_warn()? */
+- ath10k_dbg(ATH10K_DBG_MAC, "peer %pM on vdev %d already present\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "peer %pM on vdev %d already present\n",
+ peer_addr, vdev_id);
+
+ if (!peer) {
+ ret = ath10k_peer_create(ar, vdev_id, peer_addr);
+ if (ret)
+- ath10k_warn("failed to create peer %pM on vdev %d: %d\n",
++ ath10k_warn(ar, "failed to create peer %pM on vdev %d: %d\n",
+ peer_addr, vdev_id, ret);
+ }
+
+@@ -2075,14 +2476,14 @@ void ath10k_offchan_tx_work(struct work_
+
+ ret = wait_for_completion_timeout(&ar->offchan_tx_completed,
+ 3 * HZ);
+- if (ret <= 0)
+- ath10k_warn("timed out waiting for offchannel skb %p\n",
++ if (ret == 0)
++ ath10k_warn(ar, "timed out waiting for offchannel skb %p\n",
+ skb);
+
+ if (!peer) {
+ ret = ath10k_peer_delete(ar, vdev_id, peer_addr);
+ if (ret)
+- ath10k_warn("failed to delete peer %pM on vdev %d: %d\n",
++ ath10k_warn(ar, "failed to delete peer %pM on vdev %d: %d\n",
+ peer_addr, vdev_id, ret);
+ }
+
+@@ -2116,7 +2517,7 @@ void ath10k_mgmt_over_wmi_tx_work(struct
+
+ ret = ath10k_wmi_mgmt_tx(ar, skb);
+ if (ret) {
+- ath10k_warn("failed to transmit management frame via WMI: %d\n",
++ ath10k_warn(ar, "failed to transmit management frame via WMI: %d\n",
+ ret);
+ ieee80211_free_txskb(ar->hw, skb);
+ }
+@@ -2127,34 +2528,41 @@ void ath10k_mgmt_over_wmi_tx_work(struct
+ /* Scanning */
+ /************/
+
+-/*
+- * This gets called if we dont get a heart-beat during scan.
+- * This may indicate the FW has hung and we need to abort the
+- * scan manually to prevent cancel_hw_scan() from deadlocking
+- */
+-void ath10k_reset_scan(unsigned long ptr)
++void __ath10k_scan_finish(struct ath10k *ar)
+ {
+- struct ath10k *ar = (struct ath10k *)ptr;
+-
+- spin_lock_bh(&ar->data_lock);
+- if (!ar->scan.in_progress) {
+- spin_unlock_bh(&ar->data_lock);
+- return;
+- }
++ lockdep_assert_held(&ar->data_lock);
+
+- ath10k_warn("scan timed out, firmware problem?\n");
+-
+- if (ar->scan.is_roc)
+- ieee80211_remain_on_channel_expired(ar->hw);
+- else
+- ieee80211_scan_completed(ar->hw, 1 /* aborted */);
++ switch (ar->scan.state) {
++ case ATH10K_SCAN_IDLE:
++ break;
++ case ATH10K_SCAN_RUNNING:
++ if (ar->scan.is_roc)
++ ieee80211_remain_on_channel_expired(ar->hw);
++ /* fall through */
++ case ATH10K_SCAN_ABORTING:
++ if (!ar->scan.is_roc)
++ ieee80211_scan_completed(ar->hw,
++ (ar->scan.state ==
++ ATH10K_SCAN_ABORTING));
++ /* fall through */
++ case ATH10K_SCAN_STARTING:
++ ar->scan.state = ATH10K_SCAN_IDLE;
++ ar->scan_channel = NULL;
++ ath10k_offchan_tx_purge(ar);
++ cancel_delayed_work(&ar->scan.timeout);
++ complete_all(&ar->scan.completed);
++ break;
++ }
++}
+
+- ar->scan.in_progress = false;
+- complete_all(&ar->scan.completed);
++void ath10k_scan_finish(struct ath10k *ar)
++{
++ spin_lock_bh(&ar->data_lock);
++ __ath10k_scan_finish(ar);
+ spin_unlock_bh(&ar->data_lock);
+ }
+
+-static int ath10k_abort_scan(struct ath10k *ar)
++static int ath10k_scan_stop(struct ath10k *ar)
+ {
+ struct wmi_stop_scan_arg arg = {
+ .req_id = 1, /* FIXME */
+@@ -2165,47 +2573,79 @@ static int ath10k_abort_scan(struct ath1
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+- del_timer_sync(&ar->scan.timeout);
++ ret = ath10k_wmi_stop_scan(ar, &arg);
++ if (ret) {
++ ath10k_warn(ar, "failed to stop wmi scan: %d\n", ret);
++ goto out;
++ }
+
+- spin_lock_bh(&ar->data_lock);
+- if (!ar->scan.in_progress) {
+- spin_unlock_bh(&ar->data_lock);
+- return 0;
++ ret = wait_for_completion_timeout(&ar->scan.completed, 3*HZ);
++ if (ret == 0) {
++ ath10k_warn(ar, "failed to receive scan abortion completion: timed out\n");
++ ret = -ETIMEDOUT;
++ } else if (ret > 0) {
++ ret = 0;
+ }
+
+- ar->scan.aborting = true;
++out:
++ /* Scan state should be updated upon scan completion but in case
++ * firmware fails to deliver the event (for whatever reason) it is
++ * desired to clean up scan state anyway. Firmware may have just
++ * dropped the scan completion event delivery due to transport pipe
++ * being overflown with data and/or it can recover on its own before
++ * next scan request is submitted.
++ */
++ spin_lock_bh(&ar->data_lock);
++ if (ar->scan.state != ATH10K_SCAN_IDLE)
++ __ath10k_scan_finish(ar);
+ spin_unlock_bh(&ar->data_lock);
+
+- ret = ath10k_wmi_stop_scan(ar, &arg);
+- if (ret) {
+- ath10k_warn("failed to stop wmi scan: %d\n", ret);
+- spin_lock_bh(&ar->data_lock);
+- ar->scan.in_progress = false;
+- ath10k_offchan_tx_purge(ar);
+- spin_unlock_bh(&ar->data_lock);
+- return -EIO;
+- }
++ return ret;
++}
+
+- ret = wait_for_completion_timeout(&ar->scan.completed, 3*HZ);
+- if (ret == 0)
+- ath10k_warn("timed out while waiting for scan to stop\n");
++static void ath10k_scan_abort(struct ath10k *ar)
++{
++ int ret;
+
+- /* scan completion may be done right after we timeout here, so let's
+- * check the in_progress and tell mac80211 scan is completed. if we
+- * don't do that and FW fails to send us scan completion indication
+- * then userspace won't be able to scan anymore */
+- ret = 0;
++ lockdep_assert_held(&ar->conf_mutex);
+
+ spin_lock_bh(&ar->data_lock);
+- if (ar->scan.in_progress) {
+- ath10k_warn("failed to stop scan, it's still in progress\n");
+- ar->scan.in_progress = false;
+- ath10k_offchan_tx_purge(ar);
+- ret = -ETIMEDOUT;
++
++ switch (ar->scan.state) {
++ case ATH10K_SCAN_IDLE:
++ /* This can happen if timeout worker kicked in and called
++ * abortion while scan completion was being processed.
++ */
++ break;
++ case ATH10K_SCAN_STARTING:
++ case ATH10K_SCAN_ABORTING:
++ ath10k_warn(ar, "refusing scan abortion due to invalid scan state: %s (%d)\n",
++ ath10k_scan_state_str(ar->scan.state),
++ ar->scan.state);
++ break;
++ case ATH10K_SCAN_RUNNING:
++ ar->scan.state = ATH10K_SCAN_ABORTING;
++ spin_unlock_bh(&ar->data_lock);
++
++ ret = ath10k_scan_stop(ar);
++ if (ret)
++ ath10k_warn(ar, "failed to abort scan: %d\n", ret);
++
++ spin_lock_bh(&ar->data_lock);
++ break;
+ }
++
+ spin_unlock_bh(&ar->data_lock);
++}
+
+- return ret;
++void ath10k_scan_timeout_work(struct work_struct *work)
++{
++ struct ath10k *ar = container_of(work, struct ath10k,
++ scan.timeout.work);
++
++ mutex_lock(&ar->conf_mutex);
++ ath10k_scan_abort(ar);
++ mutex_unlock(&ar->conf_mutex);
+ }
+
+ static int ath10k_start_scan(struct ath10k *ar,
+@@ -2221,17 +2661,27 @@ static int ath10k_start_scan(struct ath1
+
+ ret = wait_for_completion_timeout(&ar->scan.started, 1*HZ);
+ if (ret == 0) {
+- ath10k_abort_scan(ar);
+- return ret;
++ ret = ath10k_scan_stop(ar);
++ if (ret)
++ ath10k_warn(ar, "failed to stop scan: %d\n", ret);
++
++ return -ETIMEDOUT;
++ }
++
++ /* If we failed to start the scan, return error code at
++ * this point. This is probably due to some issue in the
++ * firmware, but no need to wedge the driver due to that...
++ */
++ spin_lock_bh(&ar->data_lock);
++ if (ar->scan.state == ATH10K_SCAN_IDLE) {
++ spin_unlock_bh(&ar->data_lock);
++ return -EINVAL;
+ }
++ spin_unlock_bh(&ar->data_lock);
+
+- /* the scan can complete earlier, before we even
+- * start the timer. in that case the timer handler
+- * checks ar->scan.in_progress and bails out if its
+- * false. Add a 200ms margin to account event/command
+- * processing. */
+- mod_timer(&ar->scan.timeout, jiffies +
+- msecs_to_jiffies(arg->max_scan_time+200));
++ /* Add a 200ms margin to account for event/command processing */
++ ieee80211_queue_delayed_work(ar->hw, &ar->scan.timeout,
++ msecs_to_jiffies(arg->max_scan_time+200));
+ return 0;
+ }
+
+@@ -2243,90 +2693,163 @@ static void ath10k_tx(struct ieee80211_h
+ struct ieee80211_tx_control *control,
+ struct sk_buff *skb)
+ {
++ struct ath10k *ar = hw->priv;
+ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
++ struct ieee80211_vif *vif = info->control.vif;
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
+- struct ath10k *ar = hw->priv;
+- u8 tid, vdev_id;
+
+ /* We should disable CCK RATE due to P2P */
+ if (info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)
+- ath10k_dbg(ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "IEEE80211_TX_CTL_NO_CCK_RATE\n");
+
+- /* we must calculate tid before we apply qos workaround
+- * as we'd lose the qos control field */
+- tid = ath10k_tx_h_get_tid(hdr);
+- vdev_id = ath10k_tx_h_get_vdev_id(ar, info);
++ ATH10K_SKB_CB(skb)->htt.is_offchan = false;
++ ATH10K_SKB_CB(skb)->htt.tid = ath10k_tx_h_get_tid(hdr);
++ ATH10K_SKB_CB(skb)->vdev_id = ath10k_tx_h_get_vdev_id(ar, vif);
+
+ /* it makes no sense to process injected frames like that */
+- if (info->control.vif &&
+- info->control.vif->type != NL80211_IFTYPE_MONITOR) {
+- ath10k_tx_h_qos_workaround(hw, control, skb);
+- ath10k_tx_h_update_wep_key(skb);
+- ath10k_tx_h_add_p2p_noa_ie(ar, skb);
+- ath10k_tx_h_seq_no(skb);
++ if (vif && vif->type != NL80211_IFTYPE_MONITOR) {
++ ath10k_tx_h_nwifi(hw, skb);
++ ath10k_tx_h_add_p2p_noa_ie(ar, vif, skb);
++ ath10k_tx_h_seq_no(vif, skb);
+ }
+
+- ATH10K_SKB_CB(skb)->vdev_id = vdev_id;
+- ATH10K_SKB_CB(skb)->htt.is_offchan = false;
+- ATH10K_SKB_CB(skb)->htt.tid = tid;
+-
+ if (info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) {
+ spin_lock_bh(&ar->data_lock);
+- ATH10K_SKB_CB(skb)->htt.is_offchan = true;
++ ATH10K_SKB_CB(skb)->htt.freq = ar->scan.roc_freq;
+ ATH10K_SKB_CB(skb)->vdev_id = ar->scan.vdev_id;
+ spin_unlock_bh(&ar->data_lock);
+
+- ath10k_dbg(ATH10K_DBG_MAC, "queued offchannel skb %p\n", skb);
++ if (ath10k_mac_need_offchan_tx_work(ar)) {
++ ATH10K_SKB_CB(skb)->htt.freq = 0;
++ ATH10K_SKB_CB(skb)->htt.is_offchan = true;
+
+- skb_queue_tail(&ar->offchan_tx_queue, skb);
+- ieee80211_queue_work(hw, &ar->offchan_tx_work);
+- return;
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "queued offchannel skb %p\n",
++ skb);
++
++ skb_queue_tail(&ar->offchan_tx_queue, skb);
++ ieee80211_queue_work(hw, &ar->offchan_tx_work);
++ return;
++ }
+ }
+
+ ath10k_tx_htt(ar, skb);
+ }
+
+-/*
+- * Initialize various parameters with default vaules.
+- */
++/* Must not be called with conf_mutex held as workers can use that also. */
++void ath10k_drain_tx(struct ath10k *ar)
++{
++ /* make sure rcu-protected mac80211 tx path itself is drained */
++ synchronize_net();
++
++ ath10k_offchan_tx_purge(ar);
++ ath10k_mgmt_over_wmi_tx_purge(ar);
++
++ cancel_work_sync(&ar->offchan_tx_work);
++ cancel_work_sync(&ar->wmi_mgmt_tx_work);
++}
++
+ void ath10k_halt(struct ath10k *ar)
+ {
+ struct ath10k_vif *arvif;
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+- if (ath10k_monitor_is_enabled(ar)) {
+- clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
+- ar->promisc = false;
+- ar->monitor = false;
++ clear_bit(ATH10K_CAC_RUNNING, &ar->dev_flags);
++ ar->filter_flags = 0;
++ ar->monitor = false;
++
++ if (ar->monitor_started)
+ ath10k_monitor_stop(ar);
+- }
+
+- del_timer_sync(&ar->scan.timeout);
+- ath10k_offchan_tx_purge(ar);
+- ath10k_mgmt_over_wmi_tx_purge(ar);
++ ar->monitor_started = false;
++
++ ath10k_scan_finish(ar);
+ ath10k_peer_cleanup_all(ar);
+ ath10k_core_stop(ar);
+ ath10k_hif_power_down(ar);
+
+ spin_lock_bh(&ar->data_lock);
+- if (ar->scan.in_progress) {
+- del_timer(&ar->scan.timeout);
+- ar->scan.in_progress = false;
+- ieee80211_scan_completed(ar->hw, true);
++ list_for_each_entry(arvif, &ar->arvifs, list)
++ ath10k_mac_vif_beacon_cleanup(arvif);
++ spin_unlock_bh(&ar->data_lock);
++}
++
++static int ath10k_get_antenna(struct ieee80211_hw *hw, u32 *tx_ant, u32 *rx_ant)
++{
++ struct ath10k *ar = hw->priv;
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->cfg_tx_chainmask) {
++ *tx_ant = ar->cfg_tx_chainmask;
++ *rx_ant = ar->cfg_rx_chainmask;
++ } else {
++ *tx_ant = ar->supp_tx_chainmask;
++ *rx_ant = ar->supp_rx_chainmask;
+ }
+
+- list_for_each_entry(arvif, &ar->arvifs, list) {
+- if (!arvif->beacon)
+- continue;
++ mutex_unlock(&ar->conf_mutex);
+
+- dma_unmap_single(arvif->ar->dev,
+- ATH10K_SKB_CB(arvif->beacon)->paddr,
+- arvif->beacon->len, DMA_TO_DEVICE);
+- dev_kfree_skb_any(arvif->beacon);
+- arvif->beacon = NULL;
++ return 0;
++}
++
++static void ath10k_check_chain_mask(struct ath10k *ar, u32 cm, const char *dbg)
++{
++ /* It is not clear that allowing gaps in chainmask
++ * is helpful. Probably it will not do what user
++ * is hoping for, so warn in that case.
++ */
++ if (cm == 15 || cm == 7 || cm == 3 || cm == 1 || cm == 0)
++ return;
++
++ ath10k_warn(ar, "mac %s antenna chainmask may be invalid: 0x%x. Suggested values: 15, 7, 3, 1 or 0.\n",
++ dbg, cm);
++}
++
++static int __ath10k_set_antenna(struct ath10k *ar, u32 tx_ant, u32 rx_ant)
++{
++ int ret;
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ ath10k_check_chain_mask(ar, tx_ant, "tx");
++ ath10k_check_chain_mask(ar, rx_ant, "rx");
++
++ ar->cfg_tx_chainmask = tx_ant;
++ ar->cfg_rx_chainmask = rx_ant;
++
++ if ((ar->state != ATH10K_STATE_ON) &&
++ (ar->state != ATH10K_STATE_RESTARTED))
++ return 0;
++
++ ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->tx_chain_mask,
++ tx_ant);
++ if (ret) {
++ ath10k_warn(ar, "failed to set tx-chainmask: %d, req 0x%x\n",
++ ret, tx_ant);
++ return ret;
+ }
+- spin_unlock_bh(&ar->data_lock);
++
++ ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->rx_chain_mask,
++ rx_ant);
++ if (ret) {
++ ath10k_warn(ar, "failed to set rx-chainmask: %d, req 0x%x\n",
++ ret, rx_ant);
++ return ret;
++ }
++
++ return 0;
++}
++
++static int ath10k_set_antenna(struct ieee80211_hw *hw, u32 tx_ant, u32 rx_ant)
++{
++ struct ath10k *ar = hw->priv;
++ int ret;
++
++ mutex_lock(&ar->conf_mutex);
++ ret = __ath10k_set_antenna(ar, tx_ant, rx_ant);
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
+ }
+
+ static int ath10k_start(struct ieee80211_hw *hw)
+@@ -2334,41 +2857,61 @@ static int ath10k_start(struct ieee80211
+ struct ath10k *ar = hw->priv;
+ int ret = 0;
+
++ /*
++ * This makes sense only when restarting hw. It is harmless to call
++ * uncoditionally. This is necessary to make sure no HTT/WMI tx
++ * commands will be submitted while restarting.
++ */
++ ath10k_drain_tx(ar);
++
+ mutex_lock(&ar->conf_mutex);
+
+- if (ar->state != ATH10K_STATE_OFF &&
+- ar->state != ATH10K_STATE_RESTARTING) {
++ switch (ar->state) {
++ case ATH10K_STATE_OFF:
++ ar->state = ATH10K_STATE_ON;
++ break;
++ case ATH10K_STATE_RESTARTING:
++ ath10k_halt(ar);
++ ar->state = ATH10K_STATE_RESTARTED;
++ break;
++ case ATH10K_STATE_ON:
++ case ATH10K_STATE_RESTARTED:
++ case ATH10K_STATE_WEDGED:
++ WARN_ON(1);
+ ret = -EINVAL;
+- goto exit;
++ goto err;
++ case ATH10K_STATE_UTF:
++ ret = -EBUSY;
++ goto err;
+ }
+
+ ret = ath10k_hif_power_up(ar);
+ if (ret) {
+- ath10k_err("Could not init hif: %d\n", ret);
+- ar->state = ATH10K_STATE_OFF;
+- goto exit;
++ ath10k_err(ar, "Could not init hif: %d\n", ret);
++ goto err_off;
+ }
+
+- ret = ath10k_core_start(ar);
++ ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_NORMAL);
+ if (ret) {
+- ath10k_err("Could not init core: %d\n", ret);
+- ath10k_hif_power_down(ar);
+- ar->state = ATH10K_STATE_OFF;
+- goto exit;
++ ath10k_err(ar, "Could not init core: %d\n", ret);
++ goto err_power_down;
+ }
+
+- if (ar->state == ATH10K_STATE_OFF)
+- ar->state = ATH10K_STATE_ON;
+- else if (ar->state == ATH10K_STATE_RESTARTING)
+- ar->state = ATH10K_STATE_RESTARTED;
+-
+ ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->pmf_qos, 1);
+- if (ret)
+- ath10k_warn("failed to enable PMF QOS: %d\n", ret);
++ if (ret) {
++ ath10k_warn(ar, "failed to enable PMF QOS: %d\n", ret);
++ goto err_core_stop;
++ }
+
+ ret = ath10k_wmi_pdev_set_param(ar, ar->wmi.pdev_param->dynamic_bw, 1);
+- if (ret)
+- ath10k_warn("failed to enable dynamic BW: %d\n", ret);
++ if (ret) {
++ ath10k_warn(ar, "failed to enable dynamic BW: %d\n", ret);
++ goto err_core_stop;
++ }
++
++ if (ar->cfg_tx_chainmask)
++ __ath10k_set_antenna(ar, ar->cfg_tx_chainmask,
++ ar->cfg_rx_chainmask);
+
+ /*
+ * By default FW set ARP frames ac to voice (6). In that case ARP
+@@ -2382,16 +2925,29 @@ static int ath10k_start(struct ieee80211
+ ret = ath10k_wmi_pdev_set_param(ar,
+ ar->wmi.pdev_param->arp_ac_override, 0);
+ if (ret) {
+- ath10k_warn("failed to set arp ac override parameter: %d\n",
++ ath10k_warn(ar, "failed to set arp ac override parameter: %d\n",
+ ret);
+- goto exit;
++ goto err_core_stop;
+ }
+
+ ar->num_started_vdevs = 0;
+ ath10k_regd_update(ar);
+- ret = 0;
+
+-exit:
++ ath10k_spectral_start(ar);
++
++ mutex_unlock(&ar->conf_mutex);
++ return 0;
++
++err_core_stop:
++ ath10k_core_stop(ar);
++
++err_power_down:
++ ath10k_hif_power_down(ar);
++
++err_off:
++ ar->state = ATH10K_STATE_OFF;
++
++err:
+ mutex_unlock(&ar->conf_mutex);
+ return ret;
+ }
+@@ -2400,19 +2956,16 @@ static void ath10k_stop(struct ieee80211
+ {
+ struct ath10k *ar = hw->priv;
+
++ ath10k_drain_tx(ar);
++
+ mutex_lock(&ar->conf_mutex);
+- if (ar->state == ATH10K_STATE_ON ||
+- ar->state == ATH10K_STATE_RESTARTED ||
+- ar->state == ATH10K_STATE_WEDGED)
++ if (ar->state != ATH10K_STATE_OFF) {
+ ath10k_halt(ar);
+-
+- ar->state = ATH10K_STATE_OFF;
++ ar->state = ATH10K_STATE_OFF;
++ }
+ mutex_unlock(&ar->conf_mutex);
+
+- ath10k_mgmt_over_wmi_tx_purge(ar);
+-
+- cancel_work_sync(&ar->offchan_tx_work);
+- cancel_work_sync(&ar->wmi_mgmt_tx_work);
++ cancel_delayed_work_sync(&ar->scan.timeout);
+ cancel_work_sync(&ar->restart_work);
+ }
+
+@@ -2426,7 +2979,7 @@ static int ath10k_config_ps(struct ath10
+ list_for_each_entry(arvif, &ar->arvifs, list) {
+ ret = ath10k_mac_vif_setup_ps(arvif);
+ if (ret) {
+- ath10k_warn("failed to setup powersave: %d\n", ret);
++ ath10k_warn(ar, "failed to setup powersave: %d\n", ret);
+ break;
+ }
+ }
+@@ -2464,7 +3017,7 @@ static void ath10k_config_chan(struct at
+
+ lockdep_assert_held(&ar->conf_mutex);
+
+- ath10k_dbg(ATH10K_DBG_MAC,
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "mac config channel to %dMHz (cf1 %dMHz cf2 %dMHz width %s)\n",
+ ar->chandef.chan->center_freq,
+ ar->chandef.center_freq1,
+@@ -2474,24 +3027,27 @@ static void ath10k_config_chan(struct at
+ /* First stop monitor interface. Some FW versions crash if there's a
+ * lone monitor interface. */
+ if (ar->monitor_started)
+- ath10k_monitor_vdev_stop(ar);
++ ath10k_monitor_stop(ar);
+
+ list_for_each_entry(arvif, &ar->arvifs, list) {
+ if (!arvif->is_started)
+ continue;
+
++ if (!arvif->is_up)
++ continue;
++
+ if (arvif->vdev_type == WMI_VDEV_TYPE_MONITOR)
+ continue;
+
+- ret = ath10k_vdev_stop(arvif);
++ ret = ath10k_wmi_vdev_down(ar, arvif->vdev_id);
+ if (ret) {
+- ath10k_warn("failed to stop vdev %d: %d\n",
++ ath10k_warn(ar, "failed to down vdev %d: %d\n",
+ arvif->vdev_id, ret);
+ continue;
+ }
+ }
+
+- /* all vdevs are now stopped - now attempt to restart them */
++ /* all vdevs are downed now - attempt to restart and re-up them */
+
+ list_for_each_entry(arvif, &ar->arvifs, list) {
+ if (!arvif->is_started)
+@@ -2500,9 +3056,9 @@ static void ath10k_config_chan(struct at
+ if (arvif->vdev_type == WMI_VDEV_TYPE_MONITOR)
+ continue;
+
+- ret = ath10k_vdev_start(arvif);
++ ret = ath10k_vdev_restart(arvif);
+ if (ret) {
+- ath10k_warn("failed to start vdev %d: %d\n",
++ ath10k_warn(ar, "failed to restart vdev %d: %d\n",
+ arvif->vdev_id, ret);
+ continue;
+ }
+@@ -2513,14 +3069,70 @@ static void ath10k_config_chan(struct at
+ ret = ath10k_wmi_vdev_up(arvif->ar, arvif->vdev_id, arvif->aid,
+ arvif->bssid);
+ if (ret) {
+- ath10k_warn("failed to bring vdev up %d: %d\n",
++ ath10k_warn(ar, "failed to bring vdev up %d: %d\n",
+ arvif->vdev_id, ret);
+ continue;
+ }
+ }
+
+- if (ath10k_monitor_is_enabled(ar))
+- ath10k_monitor_vdev_start(ar, ar->monitor_vdev_id);
++ ath10k_monitor_recalc(ar);
++}
++
++static int ath10k_mac_txpower_setup(struct ath10k *ar, int txpower)
++{
++ int ret;
++ u32 param;
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac txpower %d\n", txpower);
++
++ param = ar->wmi.pdev_param->txpower_limit2g;
++ ret = ath10k_wmi_pdev_set_param(ar, param, txpower * 2);
++ if (ret) {
++ ath10k_warn(ar, "failed to set 2g txpower %d: %d\n",
++ txpower, ret);
++ return ret;
++ }
++
++ param = ar->wmi.pdev_param->txpower_limit5g;
++ ret = ath10k_wmi_pdev_set_param(ar, param, txpower * 2);
++ if (ret) {
++ ath10k_warn(ar, "failed to set 5g txpower %d: %d\n",
++ txpower, ret);
++ return ret;
++ }
++
++ return 0;
++}
++
++static int ath10k_mac_txpower_recalc(struct ath10k *ar)
++{
++ struct ath10k_vif *arvif;
++ int ret, txpower = -1;
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ list_for_each_entry(arvif, &ar->arvifs, list) {
++ WARN_ON(arvif->txpower < 0);
++
++ if (txpower == -1)
++ txpower = arvif->txpower;
++ else
++ txpower = min(txpower, arvif->txpower);
++ }
++
++ if (WARN_ON(txpower == -1))
++ return -EINVAL;
++
++ ret = ath10k_mac_txpower_setup(ar, txpower);
++ if (ret) {
++ ath10k_warn(ar, "failed to setup tx power %d: %d\n",
++ txpower, ret);
++ return ret;
++ }
++
++ return 0;
+ }
+
+ static int ath10k_config(struct ieee80211_hw *hw, u32 changed)
+@@ -2528,12 +3140,11 @@ static int ath10k_config(struct ieee8021
+ struct ath10k *ar = hw->priv;
+ struct ieee80211_conf *conf = &hw->conf;
+ int ret = 0;
+- u32 param;
+
+ mutex_lock(&ar->conf_mutex);
+
+ if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
+- ath10k_dbg(ATH10K_DBG_MAC,
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "mac config channel %dMHz flags 0x%x radar %d\n",
+ conf->chandef.chan->center_freq,
+ conf->chandef.chan->flags,
+@@ -2552,48 +3163,31 @@ static int ath10k_config(struct ieee8021
+ }
+ }
+
+- if (changed & IEEE80211_CONF_CHANGE_POWER) {
+- ath10k_dbg(ATH10K_DBG_MAC, "mac config power %d\n",
+- hw->conf.power_level);
+-
+- param = ar->wmi.pdev_param->txpower_limit2g;
+- ret = ath10k_wmi_pdev_set_param(ar, param,
+- hw->conf.power_level * 2);
+- if (ret)
+- ath10k_warn("failed to set 2g txpower %d: %d\n",
+- hw->conf.power_level, ret);
+-
+- param = ar->wmi.pdev_param->txpower_limit5g;
+- ret = ath10k_wmi_pdev_set_param(ar, param,
+- hw->conf.power_level * 2);
+- if (ret)
+- ath10k_warn("failed to set 5g txpower %d: %d\n",
+- hw->conf.power_level, ret);
+- }
+-
+ if (changed & IEEE80211_CONF_CHANGE_PS)
+ ath10k_config_ps(ar);
+
+ if (changed & IEEE80211_CONF_CHANGE_MONITOR) {
+- if (conf->flags & IEEE80211_CONF_MONITOR && !ar->monitor) {
+- ar->monitor = true;
+- ret = ath10k_monitor_start(ar);
+- if (ret) {
+- ath10k_warn("failed to start monitor (config): %d\n",
+- ret);
+- ar->monitor = false;
+- }
+- } else if (!(conf->flags & IEEE80211_CONF_MONITOR) &&
+- ar->monitor) {
+- ar->monitor = false;
+- ath10k_monitor_stop(ar);
+- }
++ ar->monitor = conf->flags & IEEE80211_CONF_MONITOR;
++ ret = ath10k_monitor_recalc(ar);
++ if (ret)
++ ath10k_warn(ar, "failed to recalc monitor: %d\n", ret);
+ }
+
+ mutex_unlock(&ar->conf_mutex);
+ return ret;
+ }
+
++static u32 get_nss_from_chainmask(u16 chain_mask)
++{
++ if ((chain_mask & 0x15) == 0x15)
++ return 4;
++ else if ((chain_mask & 0x7) == 0x7)
++ return 3;
++ else if ((chain_mask & 0x3) == 0x3)
++ return 2;
++ return 1;
++}
++
+ /*
+ * TODO:
+ * Figure out how to handle WMI_VDEV_SUBTYPE_P2P_DEVICE,
+@@ -2619,22 +3213,26 @@ static int ath10k_add_interface(struct i
+ arvif->ar = ar;
+ arvif->vif = vif;
+
+- INIT_WORK(&arvif->wep_key_work, ath10k_tx_wep_key_work);
+ INIT_LIST_HEAD(&arvif->list);
+
+- bit = ffs(ar->free_vdev_map);
+- if (bit == 0) {
++ if (ar->free_vdev_map == 0) {
++ ath10k_warn(ar, "Free vdev map is empty, no more interfaces allowed.\n");
+ ret = -EBUSY;
+ goto err;
+ }
++ bit = __ffs64(ar->free_vdev_map);
+
+- arvif->vdev_id = bit - 1;
+- arvif->vdev_subtype = WMI_VDEV_SUBTYPE_NONE;
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac create vdev %i map %llx\n",
++ bit, ar->free_vdev_map);
+
+- if (ar->p2p)
+- arvif->vdev_subtype = WMI_VDEV_SUBTYPE_P2P_DEVICE;
++ arvif->vdev_id = bit;
++ arvif->vdev_subtype = WMI_VDEV_SUBTYPE_NONE;
+
+ switch (vif->type) {
++ case NL80211_IFTYPE_P2P_DEVICE:
++ arvif->vdev_type = WMI_VDEV_TYPE_STA;
++ arvif->vdev_subtype = WMI_VDEV_SUBTYPE_P2P_DEVICE;
++ break;
+ case NL80211_IFTYPE_UNSPECIFIED:
+ case NL80211_IFTYPE_STATION:
+ arvif->vdev_type = WMI_VDEV_TYPE_STA;
+@@ -2658,50 +3256,98 @@ static int ath10k_add_interface(struct i
+ break;
+ }
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d\n",
+- arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype);
++ /* Some firmware revisions don't wait for beacon tx completion before
++ * sending another SWBA event. This could lead to hardware using old
++ * (freed) beacon data in some cases, e.g. tx credit starvation
++ * combined with missed TBTT. This is very very rare.
++ *
++ * On non-IOMMU-enabled hosts this could be a possible security issue
++ * because hw could beacon some random data on the air. On
++ * IOMMU-enabled hosts DMAR faults would occur in most cases and target
++ * device would crash.
++ *
++ * Since there are no beacon tx completions (implicit nor explicit)
++ * propagated to host the only workaround for this is to allocate a
++ * DMA-coherent buffer for a lifetime of a vif and use it for all
++ * beacon tx commands. Worst case for this approach is some beacons may
++ * become corrupted, e.g. have garbled IEs or out-of-date TIM bitmap.
++ */
++ if (vif->type == NL80211_IFTYPE_ADHOC ||
++ vif->type == NL80211_IFTYPE_AP) {
++ arvif->beacon_buf = dma_zalloc_coherent(ar->dev,
++ IEEE80211_MAX_FRAME_LEN,
++ &arvif->beacon_paddr,
++ GFP_ATOMIC);
++ if (!arvif->beacon_buf) {
++ ret = -ENOMEM;
++ ath10k_warn(ar, "failed to allocate beacon buffer: %d\n",
++ ret);
++ goto err;
++ }
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev create %d (add interface) type %d subtype %d bcnmode %s\n",
++ arvif->vdev_id, arvif->vdev_type, arvif->vdev_subtype,
++ arvif->beacon_buf ? "single-buf" : "per-skb");
+
+ ret = ath10k_wmi_vdev_create(ar, arvif->vdev_id, arvif->vdev_type,
+ arvif->vdev_subtype, vif->addr);
+ if (ret) {
+- ath10k_warn("failed to create WMI vdev %i: %d\n",
++ ath10k_warn(ar, "failed to create WMI vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ goto err;
+ }
+
+- ar->free_vdev_map &= ~BIT(arvif->vdev_id);
++ ar->free_vdev_map &= ~(1LL << arvif->vdev_id);
+ list_add(&arvif->list, &ar->arvifs);
+
+- vdev_param = ar->wmi.vdev_param->def_keyid;
+- ret = ath10k_wmi_vdev_set_param(ar, 0, vdev_param,
+- arvif->def_wep_key_idx);
++ /* It makes no sense to have firmware do keepalives. mac80211 already
++ * takes care of this with idle connection polling.
++ */
++ ret = ath10k_mac_vif_disable_keepalive(arvif);
+ if (ret) {
+- ath10k_warn("failed to set vdev %i default key id: %d\n",
++ ath10k_warn(ar, "failed to disable keepalive on vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ goto err_vdev_delete;
+ }
+
++ arvif->def_wep_key_idx = -1;
++
+ vdev_param = ar->wmi.vdev_param->tx_encap_type;
+ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
+ ATH10K_HW_TXRX_NATIVE_WIFI);
+ /* 10.X firmware does not support this VDEV parameter. Do not warn */
+ if (ret && ret != -EOPNOTSUPP) {
+- ath10k_warn("failed to set vdev %i TX encapsulation: %d\n",
++ ath10k_warn(ar, "failed to set vdev %i TX encapsulation: %d\n",
+ arvif->vdev_id, ret);
+ goto err_vdev_delete;
+ }
+
++ if (ar->cfg_tx_chainmask) {
++ u16 nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
++
++ vdev_param = ar->wmi.vdev_param->nss;
++ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
++ nss);
++ if (ret) {
++ ath10k_warn(ar, "failed to set vdev %i chainmask 0x%x, nss %i: %d\n",
++ arvif->vdev_id, ar->cfg_tx_chainmask, nss,
++ ret);
++ goto err_vdev_delete;
++ }
++ }
++
+ if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
+ ret = ath10k_peer_create(ar, arvif->vdev_id, vif->addr);
+ if (ret) {
+- ath10k_warn("failed to create vdev %i peer for AP: %d\n",
++ ath10k_warn(ar, "failed to create vdev %i peer for AP: %d\n",
+ arvif->vdev_id, ret);
+ goto err_vdev_delete;
+ }
+
+ ret = ath10k_mac_set_kickout(arvif);
+ if (ret) {
+- ath10k_warn("failed to set vdev %i kickout parameters: %d\n",
++ ath10k_warn(ar, "failed to set vdev %i kickout parameters: %d\n",
+ arvif->vdev_id, ret);
+ goto err_peer_delete;
+ }
+@@ -2713,27 +3359,21 @@ static int ath10k_add_interface(struct i
+ ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
+ param, value);
+ if (ret) {
+- ath10k_warn("failed to set vdev %i RX wake policy: %d\n",
++ ath10k_warn(ar, "failed to set vdev %i RX wake policy: %d\n",
+ arvif->vdev_id, ret);
+ goto err_peer_delete;
+ }
+
+- param = WMI_STA_PS_PARAM_TX_WAKE_THRESHOLD;
+- value = WMI_STA_PS_TX_WAKE_THRESHOLD_ALWAYS;
+- ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
+- param, value);
++ ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
+ if (ret) {
+- ath10k_warn("failed to set vdev %i TX wake thresh: %d\n",
++ ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ goto err_peer_delete;
+ }
+
+- param = WMI_STA_PS_PARAM_PSPOLL_COUNT;
+- value = WMI_STA_PS_PSPOLL_COUNT_NO_MAX;
+- ret = ath10k_wmi_set_sta_ps_param(ar, arvif->vdev_id,
+- param, value);
++ ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
+ if (ret) {
+- ath10k_warn("failed to set vdev %i PSPOLL count: %d\n",
++ ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ goto err_peer_delete;
+ }
+@@ -2741,15 +3381,22 @@ static int ath10k_add_interface(struct i
+
+ ret = ath10k_mac_set_rts(arvif, ar->hw->wiphy->rts_threshold);
+ if (ret) {
+- ath10k_warn("failed to set rts threshold for vdev %d: %d\n",
++ ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
++ arvif->vdev_id, ret);
++ goto err_peer_delete;
++ }
++
++ ret = ath10k_mac_set_frag(arvif, ar->hw->wiphy->frag_threshold);
++ if (ret) {
++ ath10k_warn(ar, "failed to set frag threshold for vdev %d: %d\n",
+ arvif->vdev_id, ret);
+ goto err_peer_delete;
+ }
+
+- ret = ath10k_mac_set_frag(arvif, ar->hw->wiphy->frag_threshold);
++ arvif->txpower = vif->bss_conf.txpower;
++ ret = ath10k_mac_txpower_recalc(ar);
+ if (ret) {
+- ath10k_warn("failed to set frag threshold for vdev %d: %d\n",
+- arvif->vdev_id, ret);
++ ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
+ goto err_peer_delete;
+ }
+
+@@ -2762,10 +3409,16 @@ err_peer_delete:
+
+ err_vdev_delete:
+ ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
+- ar->free_vdev_map &= ~BIT(arvif->vdev_id);
++ ar->free_vdev_map |= 1LL << arvif->vdev_id;
+ list_del(&arvif->list);
+
+ err:
++ if (arvif->beacon_buf) {
++ dma_free_coherent(ar->dev, IEEE80211_MAX_FRAME_LEN,
++ arvif->beacon_buf, arvif->beacon_paddr);
++ arvif->beacon_buf = NULL;
++ }
++
+ mutex_unlock(&ar->conf_mutex);
+
+ return ret;
+@@ -2780,38 +3433,51 @@ static void ath10k_remove_interface(stru
+
+ mutex_lock(&ar->conf_mutex);
+
+- cancel_work_sync(&arvif->wep_key_work);
+-
+ spin_lock_bh(&ar->data_lock);
+- if (arvif->beacon) {
+- dma_unmap_single(arvif->ar->dev,
+- ATH10K_SKB_CB(arvif->beacon)->paddr,
+- arvif->beacon->len, DMA_TO_DEVICE);
+- dev_kfree_skb_any(arvif->beacon);
+- arvif->beacon = NULL;
+- }
++ ath10k_mac_vif_beacon_cleanup(arvif);
+ spin_unlock_bh(&ar->data_lock);
+
+- ar->free_vdev_map |= 1 << (arvif->vdev_id);
++ ret = ath10k_spectral_vif_stop(arvif);
++ if (ret)
++ ath10k_warn(ar, "failed to stop spectral for vdev %i: %d\n",
++ arvif->vdev_id, ret);
++
++ ar->free_vdev_map |= 1LL << arvif->vdev_id;
+ list_del(&arvif->list);
+
+ if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
+- ret = ath10k_peer_delete(arvif->ar, arvif->vdev_id, vif->addr);
++ ret = ath10k_wmi_peer_delete(arvif->ar, arvif->vdev_id,
++ vif->addr);
+ if (ret)
+- ath10k_warn("failed to remove peer for AP vdev %i: %d\n",
++ ath10k_warn(ar, "failed to submit AP self-peer removal on vdev %i: %d\n",
+ arvif->vdev_id, ret);
+
+ kfree(arvif->u.ap.noa_data);
+ }
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %i delete (remove interface)\n",
+ arvif->vdev_id);
+
+ ret = ath10k_wmi_vdev_delete(ar, arvif->vdev_id);
+ if (ret)
+- ath10k_warn("failed to delete WMI vdev %i: %d\n",
++ ath10k_warn(ar, "failed to delete WMI vdev %i: %d\n",
+ arvif->vdev_id, ret);
+
++ /* Some firmware revisions don't notify host about self-peer removal
++ * until after associated vdev is deleted.
++ */
++ if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
++ ret = ath10k_wait_for_peer_deleted(ar, arvif->vdev_id,
++ vif->addr);
++ if (ret)
++ ath10k_warn(ar, "failed to remove AP self-peer on vdev %i: %d\n",
++ arvif->vdev_id, ret);
++
++ spin_lock_bh(&ar->data_lock);
++ ar->num_peers--;
++ spin_unlock_bh(&ar->data_lock);
++ }
++
+ ath10k_peer_cleanup(ar, arvif->vdev_id);
+
+ mutex_unlock(&ar->conf_mutex);
+@@ -2844,18 +3510,9 @@ static void ath10k_configure_filter(stru
+ *total_flags &= SUPPORTED_FILTERS;
+ ar->filter_flags = *total_flags;
+
+- if (ar->filter_flags & FIF_PROMISC_IN_BSS && !ar->promisc) {
+- ar->promisc = true;
+- ret = ath10k_monitor_start(ar);
+- if (ret) {
+- ath10k_warn("failed to start monitor (promisc): %d\n",
+- ret);
+- ar->promisc = false;
+- }
+- } else if (!(ar->filter_flags & FIF_PROMISC_IN_BSS) && ar->promisc) {
+- ar->promisc = false;
+- ath10k_monitor_stop(ar);
+- }
++ ret = ath10k_monitor_recalc(ar);
++ if (ret)
++ ath10k_warn(ar, "failed to recalc montior: %d\n", ret);
+
+ mutex_unlock(&ar->conf_mutex);
+ }
+@@ -2868,7 +3525,7 @@ static void ath10k_bss_info_changed(stru
+ struct ath10k *ar = hw->priv;
+ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
+ int ret = 0;
+- u32 vdev_param, pdev_param;
++ u32 vdev_param, pdev_param, slottime, preamble;
+
+ mutex_lock(&ar->conf_mutex);
+
+@@ -2880,17 +3537,17 @@ static void ath10k_bss_info_changed(stru
+ vdev_param = ar->wmi.vdev_param->beacon_interval;
+ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
+ arvif->beacon_interval);
+- ath10k_dbg(ATH10K_DBG_MAC,
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "mac vdev %d beacon_interval %d\n",
+ arvif->vdev_id, arvif->beacon_interval);
+
+ if (ret)
+- ath10k_warn("failed to set beacon interval for vdev %d: %i\n",
++ ath10k_warn(ar, "failed to set beacon interval for vdev %d: %i\n",
+ arvif->vdev_id, ret);
+ }
+
+ if (changed & BSS_CHANGED_BEACON) {
+- ath10k_dbg(ATH10K_DBG_MAC,
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "vdev %d set beacon tx mode to staggered\n",
+ arvif->vdev_id);
+
+@@ -2898,14 +3555,26 @@ static void ath10k_bss_info_changed(stru
+ ret = ath10k_wmi_pdev_set_param(ar, pdev_param,
+ WMI_BEACON_STAGGERED_MODE);
+ if (ret)
+- ath10k_warn("failed to set beacon mode for vdev %d: %i\n",
++ ath10k_warn(ar, "failed to set beacon mode for vdev %d: %i\n",
++ arvif->vdev_id, ret);
++
++ ret = ath10k_mac_setup_bcn_tmpl(arvif);
++ if (ret)
++ ath10k_warn(ar, "failed to update beacon template: %d\n",
++ ret);
++ }
++
++ if (changed & BSS_CHANGED_AP_PROBE_RESP) {
++ ret = ath10k_mac_setup_prb_tmpl(arvif);
++ if (ret)
++ ath10k_warn(ar, "failed to setup probe resp template on vdev %i: %d\n",
+ arvif->vdev_id, ret);
+ }
+
+- if (changed & BSS_CHANGED_BEACON_INFO) {
++ if (changed & (BSS_CHANGED_BEACON_INFO | BSS_CHANGED_BEACON)) {
+ arvif->dtim_period = info->dtim_period;
+
+- ath10k_dbg(ATH10K_DBG_MAC,
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "mac vdev %d dtim_period %d\n",
+ arvif->vdev_id, arvif->dtim_period);
+
+@@ -2913,7 +3582,7 @@ static void ath10k_bss_info_changed(stru
+ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
+ arvif->dtim_period);
+ if (ret)
+- ath10k_warn("failed to set dtim period for vdev %d: %i\n",
++ ath10k_warn(ar, "failed to set dtim period for vdev %d: %i\n",
+ arvif->vdev_id, ret);
+ }
+
+@@ -2925,91 +3594,48 @@ static void ath10k_bss_info_changed(stru
+ arvif->u.ap.hidden_ssid = info->hidden_ssid;
+ }
+
+- if (changed & BSS_CHANGED_BSSID) {
+- if (!is_zero_ether_addr(info->bssid)) {
+- ath10k_dbg(ATH10K_DBG_MAC,
+- "mac vdev %d create peer %pM\n",
+- arvif->vdev_id, info->bssid);
+-
+- ret = ath10k_peer_create(ar, arvif->vdev_id,
+- info->bssid);
+- if (ret)
+- ath10k_warn("failed to add peer %pM for vdev %d when changing bssid: %i\n",
+- info->bssid, arvif->vdev_id, ret);
+-
+- if (vif->type == NL80211_IFTYPE_STATION) {
+- /*
+- * this is never erased as we it for crypto key
+- * clearing; this is FW requirement
+- */
+- memcpy(arvif->bssid, info->bssid, ETH_ALEN);
+-
+- ath10k_dbg(ATH10K_DBG_MAC,
+- "mac vdev %d start %pM\n",
+- arvif->vdev_id, info->bssid);
+-
+- ret = ath10k_vdev_start(arvif);
+- if (ret) {
+- ath10k_warn("failed to start vdev %i: %d\n",
+- arvif->vdev_id, ret);
+- goto exit;
+- }
+-
+- arvif->is_started = true;
+- }
+-
+- /*
+- * Mac80211 does not keep IBSS bssid when leaving IBSS,
+- * so driver need to store it. It is needed when leaving
+- * IBSS in order to remove BSSID peer.
+- */
+- if (vif->type == NL80211_IFTYPE_ADHOC)
+- memcpy(arvif->bssid, info->bssid,
+- ETH_ALEN);
+- }
+- }
++ if (changed & BSS_CHANGED_BSSID && !is_zero_ether_addr(info->bssid))
++ ether_addr_copy(arvif->bssid, info->bssid);
+
+ if (changed & BSS_CHANGED_BEACON_ENABLED)
+ ath10k_control_beaconing(arvif, info);
+
+ if (changed & BSS_CHANGED_ERP_CTS_PROT) {
+ arvif->use_cts_prot = info->use_cts_prot;
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vdev %d cts_prot %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d cts_prot %d\n",
+ arvif->vdev_id, info->use_cts_prot);
+
+ ret = ath10k_recalc_rtscts_prot(arvif);
+ if (ret)
+- ath10k_warn("failed to recalculate rts/cts prot for vdev %d: %d\n",
++ ath10k_warn(ar, "failed to recalculate rts/cts prot for vdev %d: %d\n",
+ arvif->vdev_id, ret);
+ }
+
+ if (changed & BSS_CHANGED_ERP_SLOT) {
+- u32 slottime;
+ if (info->use_short_slot)
+ slottime = WMI_VDEV_SLOT_TIME_SHORT; /* 9us */
+
+ else
+ slottime = WMI_VDEV_SLOT_TIME_LONG; /* 20us */
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d slot_time %d\n",
+ arvif->vdev_id, slottime);
+
+ vdev_param = ar->wmi.vdev_param->slot_time;
+ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
+ slottime);
+ if (ret)
+- ath10k_warn("failed to set erp slot for vdev %d: %i\n",
++ ath10k_warn(ar, "failed to set erp slot for vdev %d: %i\n",
+ arvif->vdev_id, ret);
+ }
+
+ if (changed & BSS_CHANGED_ERP_PREAMBLE) {
+- u32 preamble;
+ if (info->use_short_preamble)
+ preamble = WMI_VDEV_PREAMBLE_SHORT;
+ else
+ preamble = WMI_VDEV_PREAMBLE_LONG;
+
+- ath10k_dbg(ATH10K_DBG_MAC,
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "mac vdev %d preamble %dn",
+ arvif->vdev_id, preamble);
+
+@@ -3017,16 +3643,44 @@ static void ath10k_bss_info_changed(stru
+ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
+ preamble);
+ if (ret)
+- ath10k_warn("failed to set preamble for vdev %d: %i\n",
++ ath10k_warn(ar, "failed to set preamble for vdev %d: %i\n",
+ arvif->vdev_id, ret);
+ }
+
+ if (changed & BSS_CHANGED_ASSOC) {
+- if (info->assoc)
++ if (info->assoc) {
++ /* Workaround: Make sure monitor vdev is not running
++ * when associating to prevent some firmware revisions
++ * (e.g. 10.1 and 10.2) from crashing.
++ */
++ if (ar->monitor_started)
++ ath10k_monitor_stop(ar);
+ ath10k_bss_assoc(hw, vif, info);
++ ath10k_monitor_recalc(ar);
++ } else {
++ ath10k_bss_disassoc(hw, vif);
++ }
++ }
++
++ if (changed & BSS_CHANGED_TXPOWER) {
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev_id %i txpower %d\n",
++ arvif->vdev_id, info->txpower);
++
++ arvif->txpower = info->txpower;
++ ret = ath10k_mac_txpower_recalc(ar);
++ if (ret)
++ ath10k_warn(ar, "failed to recalc tx power: %d\n", ret);
++ }
++
++ if (changed & BSS_CHANGED_PS) {
++ arvif->ps = vif->bss_conf.ps;
++
++ ret = ath10k_config_ps(ar);
++ if (ret)
++ ath10k_warn(ar, "failed to setup ps on vdev %i: %d\n",
++ arvif->vdev_id, ret);
+ }
+
+-exit:
+ mutex_unlock(&ar->conf_mutex);
+ }
+
+@@ -3043,20 +3697,26 @@ static int ath10k_hw_scan(struct ieee802
+ mutex_lock(&ar->conf_mutex);
+
+ spin_lock_bh(&ar->data_lock);
+- if (ar->scan.in_progress) {
+- spin_unlock_bh(&ar->data_lock);
++ switch (ar->scan.state) {
++ case ATH10K_SCAN_IDLE:
++ reinit_completion(&ar->scan.started);
++ reinit_completion(&ar->scan.completed);
++ ar->scan.state = ATH10K_SCAN_STARTING;
++ ar->scan.is_roc = false;
++ ar->scan.vdev_id = arvif->vdev_id;
++ ret = 0;
++ break;
++ case ATH10K_SCAN_STARTING:
++ case ATH10K_SCAN_RUNNING:
++ case ATH10K_SCAN_ABORTING:
+ ret = -EBUSY;
+- goto exit;
++ break;
+ }
+-
+- reinit_completion(&ar->scan.started);
+- reinit_completion(&ar->scan.completed);
+- ar->scan.in_progress = true;
+- ar->scan.aborting = false;
+- ar->scan.is_roc = false;
+- ar->scan.vdev_id = arvif->vdev_id;
+ spin_unlock_bh(&ar->data_lock);
+
++ if (ret)
++ goto exit;
++
+ memset(&arg, 0, sizeof(arg));
+ ath10k_wmi_start_scan_init(ar, &arg);
+ arg.vdev_id = arvif->vdev_id;
+@@ -3088,9 +3748,9 @@ static int ath10k_hw_scan(struct ieee802
+
+ ret = ath10k_start_scan(ar, &arg);
+ if (ret) {
+- ath10k_warn("failed to start hw scan: %d\n", ret);
++ ath10k_warn(ar, "failed to start hw scan: %d\n", ret);
+ spin_lock_bh(&ar->data_lock);
+- ar->scan.in_progress = false;
++ ar->scan.state = ATH10K_SCAN_IDLE;
+ spin_unlock_bh(&ar->data_lock);
+ }
+
+@@ -3103,15 +3763,12 @@ static void ath10k_cancel_hw_scan(struct
+ struct ieee80211_vif *vif)
+ {
+ struct ath10k *ar = hw->priv;
+- int ret;
+
+ mutex_lock(&ar->conf_mutex);
+- ret = ath10k_abort_scan(ar);
+- if (ret) {
+- ath10k_warn("failed to abort scan: %d\n", ret);
+- ieee80211_scan_completed(hw, 1 /* aborted */);
+- }
++ ath10k_scan_abort(ar);
+ mutex_unlock(&ar->conf_mutex);
++
++ cancel_delayed_work_sync(&ar->scan.timeout);
+ }
+
+ static void ath10k_set_key_h_def_keyidx(struct ath10k *ar,
+@@ -3148,7 +3805,7 @@ static void ath10k_set_key_h_def_keyidx(
+ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
+ key->keyidx);
+ if (ret)
+- ath10k_warn("failed to set vdev %i group key as default key: %d\n",
++ ath10k_warn(ar, "failed to set vdev %i group key as default key: %d\n",
+ arvif->vdev_id, ret);
+ }
+
+@@ -3162,6 +3819,7 @@ static int ath10k_set_key(struct ieee802
+ const u8 *peer_addr;
+ bool is_wep = key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
+ key->cipher == WLAN_CIPHER_SUITE_WEP104;
++ bool def_idx = false;
+ int ret = 0;
+
+ if (key->keyidx > WMI_MAX_KEY_INDEX)
+@@ -3186,7 +3844,7 @@ static int ath10k_set_key(struct ieee802
+
+ if (!peer) {
+ if (cmd == SET_KEY) {
+- ath10k_warn("failed to install key for non-existent peer %pM\n",
++ ath10k_warn(ar, "failed to install key for non-existent peer %pM\n",
+ peer_addr);
+ ret = -EOPNOTSUPP;
+ goto exit;
+@@ -3207,9 +3865,16 @@ static int ath10k_set_key(struct ieee802
+ ath10k_clear_vdev_key(arvif, key);
+ }
+
+- ret = ath10k_install_key(arvif, key, cmd, peer_addr);
++ /* set TX_USAGE flag for all the keys incase of dot1x-WEP. For
++ * static WEP, do not set this flag for the keys whose key id
++ * is greater than default key id.
++ */
++ if (arvif->def_wep_key_idx == -1)
++ def_idx = true;
++
++ ret = ath10k_install_key(arvif, key, cmd, peer_addr, def_idx);
+ if (ret) {
+- ath10k_warn("failed to install key for vdev %i peer %pM: %d\n",
++ ath10k_warn(ar, "failed to install key for vdev %i peer %pM: %d\n",
+ arvif->vdev_id, peer_addr, ret);
+ goto exit;
+ }
+@@ -3224,7 +3889,7 @@ static int ath10k_set_key(struct ieee802
+ peer->keys[key->keyidx] = NULL;
+ else if (peer == NULL)
+ /* impossible unless FW goes crazy */
+- ath10k_warn("Peer %pM disappeared!\n", peer_addr);
++ ath10k_warn(ar, "Peer %pM disappeared!\n", peer_addr);
+ spin_unlock_bh(&ar->data_lock);
+
+ exit:
+@@ -3232,6 +3897,39 @@ exit:
+ return ret;
+ }
+
++static void ath10k_set_default_unicast_key(struct ieee80211_hw *hw,
++ struct ieee80211_vif *vif,
++ int keyidx)
++{
++ struct ath10k *ar = hw->priv;
++ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
++ int ret;
++
++ mutex_lock(&arvif->ar->conf_mutex);
++
++ if (arvif->ar->state != ATH10K_STATE_ON)
++ goto unlock;
++
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d set keyidx %d\n",
++ arvif->vdev_id, keyidx);
++
++ ret = ath10k_wmi_vdev_set_param(arvif->ar,
++ arvif->vdev_id,
++ arvif->ar->wmi.vdev_param->def_keyid,
++ keyidx);
++
++ if (ret) {
++ ath10k_warn(ar, "failed to update wep key index for vdev %d: %d\n",
++ arvif->vdev_id,
++ ret);
++ goto unlock;
++ }
++
++ arvif->def_wep_key_idx = keyidx;
++unlock:
++ mutex_unlock(&arvif->ar->conf_mutex);
++}
++
+ static void ath10k_sta_rc_update_wk(struct work_struct *wk)
+ {
+ struct ath10k *ar;
+@@ -3260,51 +3958,83 @@ static void ath10k_sta_rc_update_wk(stru
+ mutex_lock(&ar->conf_mutex);
+
+ if (changed & IEEE80211_RC_BW_CHANGED) {
+- ath10k_dbg(ATH10K_DBG_MAC, "mac update sta %pM peer bw %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM peer bw %d\n",
+ sta->addr, bw);
+
+ err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
+ WMI_PEER_CHAN_WIDTH, bw);
+ if (err)
+- ath10k_warn("failed to update STA %pM peer bw %d: %d\n",
++ ath10k_warn(ar, "failed to update STA %pM peer bw %d: %d\n",
+ sta->addr, bw, err);
+ }
+
+ if (changed & IEEE80211_RC_NSS_CHANGED) {
+- ath10k_dbg(ATH10K_DBG_MAC, "mac update sta %pM nss %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM nss %d\n",
+ sta->addr, nss);
+
+ err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
+ WMI_PEER_NSS, nss);
+ if (err)
+- ath10k_warn("failed to update STA %pM nss %d: %d\n",
++ ath10k_warn(ar, "failed to update STA %pM nss %d: %d\n",
+ sta->addr, nss, err);
+ }
+
+ if (changed & IEEE80211_RC_SMPS_CHANGED) {
+- ath10k_dbg(ATH10K_DBG_MAC, "mac update sta %pM smps %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM smps %d\n",
+ sta->addr, smps);
+
+ err = ath10k_wmi_peer_set_param(ar, arvif->vdev_id, sta->addr,
+ WMI_PEER_SMPS_STATE, smps);
+ if (err)
+- ath10k_warn("failed to update STA %pM smps %d: %d\n",
++ ath10k_warn(ar, "failed to update STA %pM smps %d: %d\n",
+ sta->addr, smps, err);
+ }
+
+- if (changed & IEEE80211_RC_SUPP_RATES_CHANGED) {
+- ath10k_dbg(ATH10K_DBG_MAC, "mac update sta %pM supp rates\n",
++ if (changed & IEEE80211_RC_SUPP_RATES_CHANGED ||
++ changed & IEEE80211_RC_NSS_CHANGED) {
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac update sta %pM supp rates/nss\n",
+ sta->addr);
+
+- err = ath10k_station_assoc(ar, arvif, sta, true);
++ err = ath10k_station_assoc(ar, arvif->vif, sta, true);
+ if (err)
+- ath10k_warn("failed to reassociate station: %pM\n",
++ ath10k_warn(ar, "failed to reassociate station: %pM\n",
+ sta->addr);
+ }
+
+ mutex_unlock(&ar->conf_mutex);
+ }
+
++static int ath10k_mac_inc_num_stations(struct ath10k_vif *arvif)
++{
++ struct ath10k *ar = arvif->ar;
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
++ arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
++ return 0;
++
++ if (ar->num_stations >= ar->max_num_stations)
++ return -ENOBUFS;
++
++ ar->num_stations++;
++
++ return 0;
++}
++
++static void ath10k_mac_dec_num_stations(struct ath10k_vif *arvif)
++{
++ struct ath10k *ar = arvif->ar;
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ if (arvif->vdev_type != WMI_VDEV_TYPE_AP &&
++ arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
++ return;
++
++ ar->num_stations--;
++}
++
+ static int ath10k_sta_state(struct ieee80211_hw *hw,
+ struct ieee80211_vif *vif,
+ struct ieee80211_sta *sta,
+@@ -3314,7 +4044,6 @@ static int ath10k_sta_state(struct ieee8
+ struct ath10k *ar = hw->priv;
+ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
+ struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
+- int max_num_peers;
+ int ret = 0;
+
+ if (old_state == IEEE80211_STA_NOTEXIST &&
+@@ -3332,46 +4061,72 @@ static int ath10k_sta_state(struct ieee8
+ mutex_lock(&ar->conf_mutex);
+
+ if (old_state == IEEE80211_STA_NOTEXIST &&
+- new_state == IEEE80211_STA_NONE &&
+- vif->type != NL80211_IFTYPE_STATION) {
++ new_state == IEEE80211_STA_NONE) {
+ /*
+ * New station addition.
+ */
+- if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features))
+- max_num_peers = TARGET_10X_NUM_PEERS_MAX - 1;
+- else
+- max_num_peers = TARGET_NUM_PEERS;
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
++ "mac vdev %d peer create %pM (new sta) sta %d / %d peer %d / %d\n",
++ arvif->vdev_id, sta->addr,
++ ar->num_stations + 1, ar->max_num_stations,
++ ar->num_peers + 1, ar->max_num_peers);
+
+- if (ar->num_peers >= max_num_peers) {
+- ath10k_warn("number of peers exceeded: peers number %d (max peers %d)\n",
+- ar->num_peers, max_num_peers);
+- ret = -ENOBUFS;
++ ret = ath10k_mac_inc_num_stations(arvif);
++ if (ret) {
++ ath10k_warn(ar, "refusing to associate station: too many connected already (%d)\n",
++ ar->max_num_stations);
+ goto exit;
+ }
+
+- ath10k_dbg(ATH10K_DBG_MAC,
+- "mac vdev %d peer create %pM (new sta) num_peers %d\n",
+- arvif->vdev_id, sta->addr, ar->num_peers);
+-
+ ret = ath10k_peer_create(ar, arvif->vdev_id, sta->addr);
+- if (ret)
+- ath10k_warn("failed to add peer %pM for vdev %d when adding a new sta: %i\n",
++ if (ret) {
++ ath10k_warn(ar, "failed to add peer %pM for vdev %d when adding a new sta: %i\n",
+ sta->addr, arvif->vdev_id, ret);
++ ath10k_mac_dec_num_stations(arvif);
++ goto exit;
++ }
++
++ if (vif->type == NL80211_IFTYPE_STATION) {
++ WARN_ON(arvif->is_started);
++
++ ret = ath10k_vdev_start(arvif);
++ if (ret) {
++ ath10k_warn(ar, "failed to start vdev %i: %d\n",
++ arvif->vdev_id, ret);
++ WARN_ON(ath10k_peer_delete(ar, arvif->vdev_id,
++ sta->addr));
++ ath10k_mac_dec_num_stations(arvif);
++ goto exit;
++ }
++
++ arvif->is_started = true;
++ }
+ } else if ((old_state == IEEE80211_STA_NONE &&
+ new_state == IEEE80211_STA_NOTEXIST)) {
+ /*
+ * Existing station deletion.
+ */
+- ath10k_dbg(ATH10K_DBG_MAC,
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "mac vdev %d peer delete %pM (sta gone)\n",
+ arvif->vdev_id, sta->addr);
++
++ if (vif->type == NL80211_IFTYPE_STATION) {
++ WARN_ON(!arvif->is_started);
++
++ ret = ath10k_vdev_stop(arvif);
++ if (ret)
++ ath10k_warn(ar, "failed to stop vdev %i: %d\n",
++ arvif->vdev_id, ret);
++
++ arvif->is_started = false;
++ }
++
+ ret = ath10k_peer_delete(ar, arvif->vdev_id, sta->addr);
+ if (ret)
+- ath10k_warn("failed to delete peer %pM for vdev %d: %i\n",
++ ath10k_warn(ar, "failed to delete peer %pM for vdev %d: %i\n",
+ sta->addr, arvif->vdev_id, ret);
+
+- if (vif->type == NL80211_IFTYPE_STATION)
+- ath10k_bss_disassoc(hw, vif);
++ ath10k_mac_dec_num_stations(arvif);
+ } else if (old_state == IEEE80211_STA_AUTH &&
+ new_state == IEEE80211_STA_ASSOC &&
+ (vif->type == NL80211_IFTYPE_AP ||
+@@ -3379,12 +4134,12 @@ static int ath10k_sta_state(struct ieee8
+ /*
+ * New association.
+ */
+- ath10k_dbg(ATH10K_DBG_MAC, "mac sta %pM associated\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac sta %pM associated\n",
+ sta->addr);
+
+- ret = ath10k_station_assoc(ar, arvif, sta, false);
++ ret = ath10k_station_assoc(ar, vif, sta, false);
+ if (ret)
+- ath10k_warn("failed to associate station %pM for vdev %i: %i\n",
++ ath10k_warn(ar, "failed to associate station %pM for vdev %i: %i\n",
+ sta->addr, arvif->vdev_id, ret);
+ } else if (old_state == IEEE80211_STA_ASSOC &&
+ new_state == IEEE80211_STA_AUTH &&
+@@ -3393,12 +4148,12 @@ static int ath10k_sta_state(struct ieee8
+ /*
+ * Disassociation.
+ */
+- ath10k_dbg(ATH10K_DBG_MAC, "mac sta %pM disassociated\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac sta %pM disassociated\n",
+ sta->addr);
+
+- ret = ath10k_station_disassoc(ar, arvif, sta);
++ ret = ath10k_station_disassoc(ar, vif, sta);
+ if (ret)
+- ath10k_warn("failed to disassociate station: %pM vdev %i: %i\n",
++ ath10k_warn(ar, "failed to disassociate station: %pM vdev %i: %i\n",
+ sta->addr, arvif->vdev_id, ret);
+ }
+ exit:
+@@ -3407,9 +4162,11 @@ exit:
+ }
+
+ static int ath10k_conf_tx_uapsd(struct ath10k *ar, struct ieee80211_vif *vif,
+- u16 ac, bool enable)
++ u16 ac, bool enable)
+ {
+ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
++ struct wmi_sta_uapsd_auto_trig_arg arg = {};
++ u32 prio = 0, acc = 0;
+ u32 value = 0;
+ int ret = 0;
+
+@@ -3422,18 +4179,26 @@ static int ath10k_conf_tx_uapsd(struct a
+ case IEEE80211_AC_VO:
+ value = WMI_STA_PS_UAPSD_AC3_DELIVERY_EN |
+ WMI_STA_PS_UAPSD_AC3_TRIGGER_EN;
++ prio = 7;
++ acc = 3;
+ break;
+ case IEEE80211_AC_VI:
+ value = WMI_STA_PS_UAPSD_AC2_DELIVERY_EN |
+ WMI_STA_PS_UAPSD_AC2_TRIGGER_EN;
++ prio = 5;
++ acc = 2;
+ break;
+ case IEEE80211_AC_BE:
+ value = WMI_STA_PS_UAPSD_AC1_DELIVERY_EN |
+ WMI_STA_PS_UAPSD_AC1_TRIGGER_EN;
++ prio = 2;
++ acc = 1;
+ break;
+ case IEEE80211_AC_BK:
+ value = WMI_STA_PS_UAPSD_AC0_DELIVERY_EN |
+ WMI_STA_PS_UAPSD_AC0_TRIGGER_EN;
++ prio = 0;
++ acc = 0;
+ break;
+ }
+
+@@ -3446,7 +4211,7 @@ static int ath10k_conf_tx_uapsd(struct a
+ WMI_STA_PS_PARAM_UAPSD,
+ arvif->u.sta.uapsd);
+ if (ret) {
+- ath10k_warn("failed to set uapsd params: %d\n", ret);
++ ath10k_warn(ar, "failed to set uapsd params: %d\n", ret);
+ goto exit;
+ }
+
+@@ -3459,7 +4224,44 @@ static int ath10k_conf_tx_uapsd(struct a
+ WMI_STA_PS_PARAM_RX_WAKE_POLICY,
+ value);
+ if (ret)
+- ath10k_warn("failed to set rx wake param: %d\n", ret);
++ ath10k_warn(ar, "failed to set rx wake param: %d\n", ret);
++
++ ret = ath10k_mac_vif_recalc_ps_wake_threshold(arvif);
++ if (ret) {
++ ath10k_warn(ar, "failed to recalc ps wake threshold on vdev %i: %d\n",
++ arvif->vdev_id, ret);
++ return ret;
++ }
++
++ ret = ath10k_mac_vif_recalc_ps_poll_count(arvif);
++ if (ret) {
++ ath10k_warn(ar, "failed to recalc ps poll count on vdev %i: %d\n",
++ arvif->vdev_id, ret);
++ return ret;
++ }
++
++ if (test_bit(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, ar->wmi.svc_map) ||
++ test_bit(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, ar->wmi.svc_map)) {
++ /* Only userspace can make an educated decision when to send
++ * trigger frame. The following effectively disables u-UAPSD
++ * autotrigger in firmware (which is enabled by default
++ * provided the autotrigger service is available).
++ */
++
++ arg.wmm_ac = acc;
++ arg.user_priority = prio;
++ arg.service_interval = 0;
++ arg.suspend_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
++ arg.delay_interval = WMI_STA_UAPSD_MAX_INTERVAL_MSEC;
++
++ ret = ath10k_wmi_vdev_sta_uapsd(ar, arvif->vdev_id,
++ arvif->bssid, &arg, 1);
++ if (ret) {
++ ath10k_warn(ar, "failed to set uapsd auto trigger %d\n",
++ ret);
++ return ret;
++ }
++ }
+
+ exit:
+ return ret;
+@@ -3470,6 +4272,7 @@ static int ath10k_conf_tx(struct ieee802
+ const struct ieee80211_tx_queue_params *params)
+ {
+ struct ath10k *ar = hw->priv;
++ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
+ struct wmi_wmm_params_arg *p = NULL;
+ int ret;
+
+@@ -3477,16 +4280,16 @@ static int ath10k_conf_tx(struct ieee802
+
+ switch (ac) {
+ case IEEE80211_AC_VO:
+- p = &ar->wmm_params.ac_vo;
++ p = &arvif->wmm_params.ac_vo;
+ break;
+ case IEEE80211_AC_VI:
+- p = &ar->wmm_params.ac_vi;
++ p = &arvif->wmm_params.ac_vi;
+ break;
+ case IEEE80211_AC_BE:
+- p = &ar->wmm_params.ac_be;
++ p = &arvif->wmm_params.ac_be;
+ break;
+ case IEEE80211_AC_BK:
+- p = &ar->wmm_params.ac_bk;
++ p = &arvif->wmm_params.ac_bk;
+ break;
+ }
+
+@@ -3506,16 +4309,28 @@ static int ath10k_conf_tx(struct ieee802
+ */
+ p->txop = params->txop * 32;
+
+- /* FIXME: FW accepts wmm params per hw, not per vif */
+- ret = ath10k_wmi_pdev_set_wmm_params(ar, &ar->wmm_params);
+- if (ret) {
+- ath10k_warn("failed to set wmm params: %d\n", ret);
+- goto exit;
++ if (ar->wmi.ops->gen_vdev_wmm_conf) {
++ ret = ath10k_wmi_vdev_wmm_conf(ar, arvif->vdev_id,
++ &arvif->wmm_params);
++ if (ret) {
++ ath10k_warn(ar, "failed to set vdev wmm params on vdev %i: %d\n",
++ arvif->vdev_id, ret);
++ goto exit;
++ }
++ } else {
++ /* This won't work well with multi-interface cases but it's
++ * better than nothing.
++ */
++ ret = ath10k_wmi_pdev_set_wmm_params(ar, &arvif->wmm_params);
++ if (ret) {
++ ath10k_warn(ar, "failed to set wmm params: %d\n", ret);
++ goto exit;
++ }
+ }
+
+ ret = ath10k_conf_tx_uapsd(ar, vif, ac, params->uapsd);
+ if (ret)
+- ath10k_warn("failed to set sta uapsd: %d\n", ret);
++ ath10k_warn(ar, "failed to set sta uapsd: %d\n", ret);
+
+ exit:
+ mutex_unlock(&ar->conf_mutex);
+@@ -3533,27 +4348,35 @@ static int ath10k_remain_on_channel(stru
+ struct ath10k *ar = hw->priv;
+ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
+ struct wmi_start_scan_arg arg;
+- int ret;
++ int ret = 0;
+
+ mutex_lock(&ar->conf_mutex);
+
+ spin_lock_bh(&ar->data_lock);
+- if (ar->scan.in_progress) {
+- spin_unlock_bh(&ar->data_lock);
++ switch (ar->scan.state) {
++ case ATH10K_SCAN_IDLE:
++ reinit_completion(&ar->scan.started);
++ reinit_completion(&ar->scan.completed);
++ reinit_completion(&ar->scan.on_channel);
++ ar->scan.state = ATH10K_SCAN_STARTING;
++ ar->scan.is_roc = true;
++ ar->scan.vdev_id = arvif->vdev_id;
++ ar->scan.roc_freq = chan->center_freq;
++ ret = 0;
++ break;
++ case ATH10K_SCAN_STARTING:
++ case ATH10K_SCAN_RUNNING:
++ case ATH10K_SCAN_ABORTING:
+ ret = -EBUSY;
+- goto exit;
++ break;
+ }
+-
+- reinit_completion(&ar->scan.started);
+- reinit_completion(&ar->scan.completed);
+- reinit_completion(&ar->scan.on_channel);
+- ar->scan.in_progress = true;
+- ar->scan.aborting = false;
+- ar->scan.is_roc = true;
+- ar->scan.vdev_id = arvif->vdev_id;
+- ar->scan.roc_freq = chan->center_freq;
+ spin_unlock_bh(&ar->data_lock);
+
++ if (ret)
++ goto exit;
++
++ duration = max(duration, WMI_SCAN_CHAN_MIN_TIME_MSEC);
++
+ memset(&arg, 0, sizeof(arg));
+ ath10k_wmi_start_scan_init(ar, &arg);
+ arg.vdev_id = arvif->vdev_id;
+@@ -3568,17 +4391,21 @@ static int ath10k_remain_on_channel(stru
+
+ ret = ath10k_start_scan(ar, &arg);
+ if (ret) {
+- ath10k_warn("failed to start roc scan: %d\n", ret);
++ ath10k_warn(ar, "failed to start roc scan: %d\n", ret);
+ spin_lock_bh(&ar->data_lock);
+- ar->scan.in_progress = false;
++ ar->scan.state = ATH10K_SCAN_IDLE;
+ spin_unlock_bh(&ar->data_lock);
+ goto exit;
+ }
+
+ ret = wait_for_completion_timeout(&ar->scan.on_channel, 3*HZ);
+ if (ret == 0) {
+- ath10k_warn("failed to switch to channel for roc scan\n");
+- ath10k_abort_scan(ar);
++ ath10k_warn(ar, "failed to switch to channel for roc scan\n");
++
++ ret = ath10k_scan_stop(ar);
++ if (ret)
++ ath10k_warn(ar, "failed to stop scan: %d\n", ret);
++
+ ret = -ETIMEDOUT;
+ goto exit;
+ }
+@@ -3594,9 +4421,11 @@ static int ath10k_cancel_remain_on_chann
+ struct ath10k *ar = hw->priv;
+
+ mutex_lock(&ar->conf_mutex);
+- ath10k_abort_scan(ar);
++ ath10k_scan_abort(ar);
+ mutex_unlock(&ar->conf_mutex);
+
++ cancel_delayed_work_sync(&ar->scan.timeout);
++
+ return 0;
+ }
+
+@@ -3613,35 +4442,12 @@ static int ath10k_set_rts_threshold(stru
+
+ mutex_lock(&ar->conf_mutex);
+ list_for_each_entry(arvif, &ar->arvifs, list) {
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
+- arvif->vdev_id, value);
+-
+- ret = ath10k_mac_set_rts(arvif, value);
+- if (ret) {
+- ath10k_warn("failed to set rts threshold for vdev %d: %d\n",
+- arvif->vdev_id, ret);
+- break;
+- }
+- }
+- mutex_unlock(&ar->conf_mutex);
+-
+- return ret;
+-}
+-
+-static int ath10k_set_frag_threshold(struct ieee80211_hw *hw, u32 value)
+-{
+- struct ath10k *ar = hw->priv;
+- struct ath10k_vif *arvif;
+- int ret = 0;
+-
+- mutex_lock(&ar->conf_mutex);
+- list_for_each_entry(arvif, &ar->arvifs, list) {
+- ath10k_dbg(ATH10K_DBG_MAC, "mac vdev %d fragmentation threshold %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac vdev %d rts threshold %d\n",
+ arvif->vdev_id, value);
+
+ ret = ath10k_mac_set_rts(arvif, value);
+ if (ret) {
+- ath10k_warn("failed to set fragmentation threshold for vdev %d: %d\n",
++ ath10k_warn(ar, "failed to set rts threshold for vdev %d: %d\n",
+ arvif->vdev_id, ret);
+ break;
+ }
+@@ -3675,13 +4481,15 @@ static void ath10k_flush(struct ieee8021
+ empty = (ar->htt.num_pending_tx == 0);
+ spin_unlock_bh(&ar->htt.tx_lock);
+
+- skip = (ar->state == ATH10K_STATE_WEDGED);
++ skip = (ar->state == ATH10K_STATE_WEDGED) ||
++ test_bit(ATH10K_FLAG_CRASH_FLUSH,
++ &ar->dev_flags);
+
+ (empty || skip);
+ }), ATH10K_FLUSH_TIMEOUT_HZ);
+
+ if (ret <= 0 || skip)
+- ath10k_warn("failed to flush transmit queue (skip %i ar-state %i): %i\n",
++ ath10k_warn(ar, "failed to flush transmit queue (skip %i ar-state %i): %i\n",
+ skip, ar->state, ret);
+
+ skip:
+@@ -3716,7 +4524,7 @@ static int ath10k_suspend(struct ieee802
+
+ ret = ath10k_hif_suspend(ar);
+ if (ret) {
+- ath10k_warn("failed to suspend hif: %d\n", ret);
++ ath10k_warn(ar, "failed to suspend hif: %d\n", ret);
+ goto resume;
+ }
+
+@@ -3725,7 +4533,7 @@ static int ath10k_suspend(struct ieee802
+ resume:
+ ret = ath10k_wmi_pdev_resume_target(ar);
+ if (ret)
+- ath10k_warn("failed to resume target: %d\n", ret);
++ ath10k_warn(ar, "failed to resume target: %d\n", ret);
+
+ ret = 1;
+ exit:
+@@ -3742,14 +4550,14 @@ static int ath10k_resume(struct ieee8021
+
+ ret = ath10k_hif_resume(ar);
+ if (ret) {
+- ath10k_warn("failed to resume hif: %d\n", ret);
++ ath10k_warn(ar, "failed to resume hif: %d\n", ret);
+ ret = 1;
+ goto exit;
+ }
+
+ ret = ath10k_wmi_pdev_resume_target(ar);
+ if (ret) {
+- ath10k_warn("failed to resume target: %d\n", ret);
++ ath10k_warn(ar, "failed to resume target: %d\n", ret);
+ ret = 1;
+ goto exit;
+ }
+@@ -3770,8 +4578,9 @@ static void ath10k_restart_complete(stru
+ /* If device failed to restart it will be in a different state, e.g.
+ * ATH10K_STATE_WEDGED */
+ if (ar->state == ATH10K_STATE_RESTARTED) {
+- ath10k_info("device successfully recovered\n");
++ ath10k_info(ar, "device successfully recovered\n");
+ ar->state = ATH10K_STATE_ON;
++ ieee80211_wake_queues(ar->hw);
+ }
+
+ mutex_unlock(&ar->conf_mutex);
+@@ -3807,6 +4616,9 @@ static int ath10k_get_survey(struct ieee
+
+ survey->channel = &sband->channels[idx];
+
++ if (ar->rx_channel == survey->channel)
++ survey->filled |= SURVEY_INFO_IN_USE;
++
+ exit:
+ mutex_unlock(&ar->conf_mutex);
+ return ret;
+@@ -3854,6 +4666,10 @@ ath10k_default_bitrate_mask(struct ath10
+ u32 legacy = 0x00ff;
+ u8 ht = 0xff, i;
+ u16 vht = 0x3ff;
++ u16 nrf = ar->num_rf_chains;
++
++ if (ar->cfg_tx_chainmask)
++ nrf = get_nss_from_chainmask(ar->cfg_tx_chainmask);
+
+ switch (band) {
+ case IEEE80211_BAND_2GHZ:
+@@ -3869,11 +4685,11 @@ ath10k_default_bitrate_mask(struct ath10
+ if (mask->control[band].legacy != legacy)
+ return false;
+
+- for (i = 0; i < ar->num_rf_chains; i++)
++ for (i = 0; i < nrf; i++)
+ if (mask->control[band].ht_mcs[i] != ht)
+ return false;
+
+- for (i = 0; i < ar->num_rf_chains; i++)
++ for (i = 0; i < nrf; i++)
+ if (mask->control[band].vht_mcs[i] != vht)
+ return false;
+
+@@ -3897,8 +4713,8 @@ ath10k_bitrate_mask_nss(const struct cfg
+ continue;
+ else if (mask->control[band].ht_mcs[i] == 0x00)
+ break;
+- else
+- return false;
++
++ return false;
+ }
+
+ ht_nss = i;
+@@ -3909,8 +4725,8 @@ ath10k_bitrate_mask_nss(const struct cfg
+ continue;
+ else if (mask->control[band].vht_mcs[i] == 0x0000)
+ break;
+- else
+- return false;
++
++ return false;
+ }
+
+ vht_nss = i;
+@@ -3967,7 +4783,8 @@ ath10k_bitrate_mask_correct(const struct
+ }
+
+ static bool
+-ath10k_bitrate_mask_rate(const struct cfg80211_bitrate_mask *mask,
++ath10k_bitrate_mask_rate(struct ath10k *ar,
++ const struct cfg80211_bitrate_mask *mask,
+ enum ieee80211_band band,
+ u8 *fixed_rate,
+ u8 *fixed_nss)
+@@ -4025,7 +4842,7 @@ ath10k_bitrate_mask_rate(const struct cf
+ nss <<= 4;
+ pream <<= 6;
+
+- ath10k_dbg(ATH10K_DBG_MAC, "mac fixed rate pream 0x%02x nss 0x%02x rate 0x%02x\n",
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac fixed rate pream 0x%02x nss 0x%02x rate 0x%02x\n",
+ pream, nss, rate);
+
+ *fixed_rate = pream | nss | rate;
+@@ -4033,7 +4850,8 @@ ath10k_bitrate_mask_rate(const struct cf
+ return true;
+ }
+
+-static bool ath10k_get_fixed_rate_nss(const struct cfg80211_bitrate_mask *mask,
++static bool ath10k_get_fixed_rate_nss(struct ath10k *ar,
++ const struct cfg80211_bitrate_mask *mask,
+ enum ieee80211_band band,
+ u8 *fixed_rate,
+ u8 *fixed_nss)
+@@ -4043,7 +4861,7 @@ static bool ath10k_get_fixed_rate_nss(co
+ return true;
+
+ /* Next Check single rate is set */
+- return ath10k_bitrate_mask_rate(mask, band, fixed_rate, fixed_nss);
++ return ath10k_bitrate_mask_rate(ar, mask, band, fixed_rate, fixed_nss);
+ }
+
+ static int ath10k_set_fixed_rate_param(struct ath10k_vif *arvif,
+@@ -4063,16 +4881,16 @@ static int ath10k_set_fixed_rate_param(s
+ goto exit;
+
+ if (fixed_rate == WMI_FIXED_RATE_NONE)
+- ath10k_dbg(ATH10K_DBG_MAC, "mac disable fixed bitrate mask\n");
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac disable fixed bitrate mask\n");
+
+ if (force_sgi)
+- ath10k_dbg(ATH10K_DBG_MAC, "mac force sgi\n");
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac force sgi\n");
+
+ vdev_param = ar->wmi.vdev_param->fixed_rate;
+ ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
+ vdev_param, fixed_rate);
+ if (ret) {
+- ath10k_warn("failed to set fixed rate param 0x%02x: %d\n",
++ ath10k_warn(ar, "failed to set fixed rate param 0x%02x: %d\n",
+ fixed_rate, ret);
+ ret = -EINVAL;
+ goto exit;
+@@ -4085,7 +4903,7 @@ static int ath10k_set_fixed_rate_param(s
+ vdev_param, fixed_nss);
+
+ if (ret) {
+- ath10k_warn("failed to set fixed nss param %d: %d\n",
++ ath10k_warn(ar, "failed to set fixed nss param %d: %d\n",
+ fixed_nss, ret);
+ ret = -EINVAL;
+ goto exit;
+@@ -4098,7 +4916,7 @@ static int ath10k_set_fixed_rate_param(s
+ force_sgi);
+
+ if (ret) {
+- ath10k_warn("failed to set sgi param %d: %d\n",
++ ath10k_warn(ar, "failed to set sgi param %d: %d\n",
+ force_sgi, ret);
+ ret = -EINVAL;
+ goto exit;
+@@ -4122,19 +4940,22 @@ static int ath10k_set_bitrate_mask(struc
+ u8 fixed_nss = ar->num_rf_chains;
+ u8 force_sgi;
+
++ if (ar->cfg_tx_chainmask)
++ fixed_nss = get_nss_from_chainmask(ar->cfg_tx_chainmask);
++
+ force_sgi = mask->control[band].gi;
+ if (force_sgi == NL80211_TXRATE_FORCE_LGI)
+ return -EINVAL;
+
+ if (!ath10k_default_bitrate_mask(ar, band, mask)) {
+- if (!ath10k_get_fixed_rate_nss(mask, band,
++ if (!ath10k_get_fixed_rate_nss(ar, mask, band,
+ &fixed_rate,
+ &fixed_nss))
+ return -EINVAL;
+ }
+
+ if (fixed_rate == WMI_FIXED_RATE_NONE && force_sgi) {
+- ath10k_warn("failed to force SGI usage for default rate settings\n");
++ ath10k_warn(ar, "failed to force SGI usage for default rate settings\n");
+ return -EINVAL;
+ }
+
+@@ -4153,7 +4974,7 @@ static void ath10k_sta_rc_update(struct
+
+ spin_lock_bh(&ar->data_lock);
+
+- ath10k_dbg(ATH10K_DBG_MAC,
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
+ "mac sta rc update for %pM changed %08x bw %d nss %d smps %d\n",
+ sta->addr, changed, sta->bandwidth, sta->rx_nss,
+ sta->smps_mode);
+@@ -4172,7 +4993,7 @@ static void ath10k_sta_rc_update(struct
+ bw = WMI_PEER_CHWIDTH_80MHZ;
+ break;
+ case IEEE80211_STA_RX_BW_160:
+- ath10k_warn("Invalid bandwith %d in rc update for %pM\n",
++ ath10k_warn(ar, "Invalid bandwith %d in rc update for %pM\n",
+ sta->bandwidth, sta->addr);
+ bw = WMI_PEER_CHWIDTH_20MHZ;
+ break;
+@@ -4199,7 +5020,7 @@ static void ath10k_sta_rc_update(struct
+ smps = WMI_PEER_SMPS_DYNAMIC;
+ break;
+ case IEEE80211_SMPS_NUM_MODES:
+- ath10k_warn("Invalid smps %d in sta rc update for %pM\n",
++ ath10k_warn(ar, "Invalid smps %d in sta rc update for %pM\n",
+ sta->smps_mode, sta->addr);
+ smps = WMI_PEER_SMPS_PS_NONE;
+ break;
+@@ -4225,6 +5046,39 @@ static u64 ath10k_get_tsf(struct ieee802
+ return 0;
+ }
+
++static int ath10k_ampdu_action(struct ieee80211_hw *hw,
++ struct ieee80211_vif *vif,
++ enum ieee80211_ampdu_mlme_action action,
++ struct ieee80211_sta *sta, u16 tid, u16 *ssn,
++ u8 buf_size)
++{
++ struct ath10k *ar = hw->priv;
++ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
++
++ ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %hu action %d\n",
++ arvif->vdev_id, sta->addr, tid, action);
++
++ switch (action) {
++ case IEEE80211_AMPDU_RX_START:
++ case IEEE80211_AMPDU_RX_STOP:
++ /* HTT AddBa/DelBa events trigger mac80211 Rx BA session
++ * creation/removal. Do we need to verify this?
++ */
++ return 0;
++ case IEEE80211_AMPDU_TX_START:
++ case IEEE80211_AMPDU_TX_STOP_CONT:
++ case IEEE80211_AMPDU_TX_STOP_FLUSH:
++ case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
++ case IEEE80211_AMPDU_TX_OPERATIONAL:
++ /* Firmware offloads Tx aggregation entirely so deny mac80211
++ * Tx aggregation requests.
++ */
++ return -EOPNOTSUPP;
++ }
++
++ return -EINVAL;
++}
++
+ static const struct ieee80211_ops ath10k_ops = {
+ .tx = ath10k_tx,
+ .start = ath10k_start,
+@@ -4237,23 +5091,35 @@ static const struct ieee80211_ops ath10k
+ .hw_scan = ath10k_hw_scan,
+ .cancel_hw_scan = ath10k_cancel_hw_scan,
+ .set_key = ath10k_set_key,
++ .set_default_unicast_key = ath10k_set_default_unicast_key,
+ .sta_state = ath10k_sta_state,
+ .conf_tx = ath10k_conf_tx,
+ .remain_on_channel = ath10k_remain_on_channel,
+ .cancel_remain_on_channel = ath10k_cancel_remain_on_channel,
+ .set_rts_threshold = ath10k_set_rts_threshold,
+- .set_frag_threshold = ath10k_set_frag_threshold,
+ .flush = ath10k_flush,
+ .tx_last_beacon = ath10k_tx_last_beacon,
++ .set_antenna = ath10k_set_antenna,
++ .get_antenna = ath10k_get_antenna,
+ .restart_complete = ath10k_restart_complete,
+ .get_survey = ath10k_get_survey,
+ .set_bitrate_mask = ath10k_set_bitrate_mask,
+ .sta_rc_update = ath10k_sta_rc_update,
+ .get_tsf = ath10k_get_tsf,
++ .ampdu_action = ath10k_ampdu_action,
++ .get_et_sset_count = ath10k_debug_get_et_sset_count,
++ .get_et_stats = ath10k_debug_get_et_stats,
++ .get_et_strings = ath10k_debug_get_et_strings,
++
++ CFG80211_TESTMODE_CMD(ath10k_tm_cmd)
++
+ #ifdef CONFIG_PM
+ .suspend = ath10k_suspend,
+ .resume = ath10k_resume,
+ #endif
++#ifdef CPTCFG_MAC80211_DEBUGFS
++ .sta_add_debugfs = ath10k_sta_add_debugfs,
++#endif
+ };
+
+ #define RATETAB_ENT(_rate, _rateid, _flags) { \
+@@ -4324,6 +5190,9 @@ static const struct ieee80211_channel at
+ CHAN5G(165, 5825, 0),
+ };
+
++/* Note: Be careful if you re-order these. There is code which depends on this
++ * ordering.
++ */
+ static struct ieee80211_rate ath10k_rates[] = {
+ /* CCK */
+ RATETAB_ENT(10, 0x82, 0),
+@@ -4346,12 +5215,12 @@ static struct ieee80211_rate ath10k_rate
+ #define ath10k_g_rates (ath10k_rates + 0)
+ #define ath10k_g_rates_size (ARRAY_SIZE(ath10k_rates))
+
+-struct ath10k *ath10k_mac_create(void)
++struct ath10k *ath10k_mac_create(size_t priv_size)
+ {
+ struct ieee80211_hw *hw;
+ struct ath10k *ar;
+
+- hw = ieee80211_alloc_hw(sizeof(struct ath10k), &ath10k_ops);
++ hw = ieee80211_alloc_hw(sizeof(struct ath10k) + priv_size, &ath10k_ops);
+ if (!hw)
+ return NULL;
+
+@@ -4377,6 +5246,10 @@ static const struct ieee80211_iface_limi
+ .types = BIT(NL80211_IFTYPE_P2P_GO)
+ },
+ {
++ .max = 1,
++ .types = BIT(NL80211_IFTYPE_P2P_DEVICE)
++ },
++ {
+ .max = 7,
+ .types = BIT(NL80211_IFTYPE_AP)
+ },
+@@ -4501,7 +5374,6 @@ static struct ieee80211_sta_ht_cap ath10
+ return ht_cap;
+ }
+
+-
+ static void ath10k_get_arvif_iter(void *data, u8 *mac,
+ struct ieee80211_vif *vif)
+ {
+@@ -4526,7 +5398,7 @@ struct ath10k_vif *ath10k_get_arvif(stru
+ ath10k_get_arvif_iter,
+ &arvif_iter);
+ if (!arvif_iter.arvif) {
+- ath10k_warn("No VIF found for vdev %d\n", vdev_id);
++ ath10k_warn(ar, "No VIF found for vdev %d\n", vdev_id);
+ return NULL;
+ }
+
+@@ -4564,7 +5436,8 @@ int ath10k_mac_register(struct ath10k *a
+ band->bitrates = ath10k_g_rates;
+ band->ht_cap = ht_cap;
+
+- /* vht is not supported in 2.4 GHz */
++ /* Enable the VHT support at 2.4 GHz */
++ band->vht_cap = vht_cap;
+
+ ar->hw->wiphy->bands[IEEE80211_BAND_2GHZ] = band;
+ }
+@@ -4590,18 +5463,20 @@ int ath10k_mac_register(struct ath10k *a
+
+ ar->hw->wiphy->interface_modes =
+ BIT(NL80211_IFTYPE_STATION) |
+- BIT(NL80211_IFTYPE_ADHOC) |
+ BIT(NL80211_IFTYPE_AP);
+
++ ar->hw->wiphy->available_antennas_rx = ar->supp_rx_chainmask;
++ ar->hw->wiphy->available_antennas_tx = ar->supp_tx_chainmask;
++
+ if (!test_bit(ATH10K_FW_FEATURE_NO_P2P, ar->fw_features))
+ ar->hw->wiphy->interface_modes |=
++ BIT(NL80211_IFTYPE_P2P_DEVICE) |
+ BIT(NL80211_IFTYPE_P2P_CLIENT) |
+ BIT(NL80211_IFTYPE_P2P_GO);
+
+ ar->hw->flags = IEEE80211_HW_SIGNAL_DBM |
+ IEEE80211_HW_SUPPORTS_PS |
+ IEEE80211_HW_SUPPORTS_DYNAMIC_PS |
+- IEEE80211_HW_SUPPORTS_UAPSD |
+ IEEE80211_HW_MFP_CAPABLE |
+ IEEE80211_HW_REPORTS_TX_ACK_STATUS |
+ IEEE80211_HW_HAS_RATE_CONTROL |
+@@ -4609,10 +5484,6 @@ int ath10k_mac_register(struct ath10k *a
+ IEEE80211_HW_AP_LINK_PS |
+ IEEE80211_HW_SPECTRUM_MGMT;
+
+- /* MSDU can have HTT TX fragment pushed in front. The additional 4
+- * bytes is used for padding/alignment if necessary. */
+- ar->hw->extra_tx_headroom += sizeof(struct htt_data_tx_desc_frag)*2 + 4;
+-
+ if (ar->ht_cap_info & WMI_HT_CAP_DYNAMIC_SMPS)
+ ar->hw->flags |= IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS;
+
+@@ -4629,25 +5500,52 @@ int ath10k_mac_register(struct ath10k *a
+
+ ar->hw->max_listen_interval = ATH10K_MAX_HW_LISTEN_INTERVAL;
+
++ if (test_bit(WMI_SERVICE_BEACON_OFFLOAD, ar->wmi.svc_map)) {
++ ar->hw->wiphy->flags |= WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD;
++
++ /* Firmware delivers WPS/P2P Probe Requests frames to driver so
++ * that userspace (e.g. wpa_supplicant/hostapd) can generate
++ * correct Probe Responses. This is more of a hack advert..
++ */
++ ar->hw->wiphy->probe_resp_offload |=
++ NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS |
++ NL80211_PROBE_RESP_OFFLOAD_SUPPORT_WPS2 |
++ NL80211_PROBE_RESP_OFFLOAD_SUPPORT_P2P;
++ }
++
+ ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
+ ar->hw->wiphy->flags |= WIPHY_FLAG_HAS_CHANNEL_SWITCH;
+ ar->hw->wiphy->max_remain_on_channel_duration = 5000;
+
+ ar->hw->wiphy->flags |= WIPHY_FLAG_AP_UAPSD;
++ ar->hw->wiphy->features |= NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE;
++
+ /*
+ * on LL hardware queues are managed entirely by the FW
+ * so we only advertise to mac we can do the queues thing
+ */
+ ar->hw->queues = 4;
+
+- if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features)) {
+- ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
+- ar->hw->wiphy->n_iface_combinations =
+- ARRAY_SIZE(ath10k_10x_if_comb);
+- } else {
++ switch (ar->wmi.op_version) {
++ case ATH10K_FW_WMI_OP_VERSION_MAIN:
++ case ATH10K_FW_WMI_OP_VERSION_TLV:
+ ar->hw->wiphy->iface_combinations = ath10k_if_comb;
+ ar->hw->wiphy->n_iface_combinations =
+ ARRAY_SIZE(ath10k_if_comb);
++ ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
++ break;
++ case ATH10K_FW_WMI_OP_VERSION_10_1:
++ case ATH10K_FW_WMI_OP_VERSION_10_2:
++ case ATH10K_FW_WMI_OP_VERSION_10_2_4:
++ ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
++ ar->hw->wiphy->n_iface_combinations =
++ ARRAY_SIZE(ath10k_10x_if_comb);
++ break;
++ case ATH10K_FW_WMI_OP_VERSION_UNSET:
++ case ATH10K_FW_WMI_OP_VERSION_MAX:
++ WARN_ON(1);
++ ret = -EINVAL;
++ goto err_free;
+ }
+
+ ar->hw->netdev_features = NETIF_F_HW_CSUM;
+@@ -4659,19 +5557,19 @@ int ath10k_mac_register(struct ath10k *a
+ NL80211_DFS_UNSET);
+
+ if (!ar->dfs_detector)
+- ath10k_warn("failed to initialise DFS pattern detector\n");
++ ath10k_warn(ar, "failed to initialise DFS pattern detector\n");
+ }
+
+ ret = ath_regd_init(&ar->ath_common.regulatory, ar->hw->wiphy,
+ ath10k_reg_notifier);
+ if (ret) {
+- ath10k_err("failed to initialise regulatory: %i\n", ret);
++ ath10k_err(ar, "failed to initialise regulatory: %i\n", ret);
+ goto err_free;
+ }
+
+ ret = ieee80211_register_hw(ar->hw);
+ if (ret) {
+- ath10k_err("failed to register ieee80211: %d\n", ret);
++ ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
+ goto err_free;
+ }
+
+--- a/drivers/net/wireless/ath/ath10k/mac.h
++++ b/drivers/net/wireless/ath/ath10k/mac.h
+@@ -21,33 +21,41 @@
+ #include <net/mac80211.h>
+ #include "core.h"
+
++#define WEP_KEYID_SHIFT 6
++
+ struct ath10k_generic_iter {
+ struct ath10k *ar;
+ int ret;
+ };
+
+-struct ath10k *ath10k_mac_create(void);
++struct ath10k *ath10k_mac_create(size_t priv_size);
+ void ath10k_mac_destroy(struct ath10k *ar);
+ int ath10k_mac_register(struct ath10k *ar);
+ void ath10k_mac_unregister(struct ath10k *ar);
+ struct ath10k_vif *ath10k_get_arvif(struct ath10k *ar, u32 vdev_id);
+-void ath10k_reset_scan(unsigned long ptr);
++void __ath10k_scan_finish(struct ath10k *ar);
++void ath10k_scan_finish(struct ath10k *ar);
++void ath10k_scan_timeout_work(struct work_struct *work);
+ void ath10k_offchan_tx_purge(struct ath10k *ar);
+ void ath10k_offchan_tx_work(struct work_struct *work);
+ void ath10k_mgmt_over_wmi_tx_purge(struct ath10k *ar);
+ void ath10k_mgmt_over_wmi_tx_work(struct work_struct *work);
+ void ath10k_halt(struct ath10k *ar);
++void ath10k_mac_vif_beacon_free(struct ath10k_vif *arvif);
++void ath10k_drain_tx(struct ath10k *ar);
++bool ath10k_mac_is_peer_wep_key_set(struct ath10k *ar, const u8 *addr,
++ u8 keyidx);
+
+ static inline struct ath10k_vif *ath10k_vif_to_arvif(struct ieee80211_vif *vif)
+ {
+ return (struct ath10k_vif *)vif->drv_priv;
+ }
+
+-static inline void ath10k_tx_h_seq_no(struct sk_buff *skb)
++static inline void ath10k_tx_h_seq_no(struct ieee80211_vif *vif,
++ struct sk_buff *skb)
+ {
+ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
+- struct ieee80211_vif *vif = info->control.vif;
+ struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif);
+
+ if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) {
+--- a/drivers/net/wireless/ath/ath10k/pci.c
++++ b/drivers/net/wireless/ath/ath10k/pci.c
+@@ -44,13 +44,9 @@ enum ath10k_pci_reset_mode {
+ ATH10K_PCI_RESET_WARM_ONLY = 1,
+ };
+
+-static unsigned int ath10k_pci_target_ps;
+ static unsigned int ath10k_pci_irq_mode = ATH10K_PCI_IRQ_AUTO;
+ static unsigned int ath10k_pci_reset_mode = ATH10K_PCI_RESET_AUTO;
+
+-module_param_named(target_ps, ath10k_pci_target_ps, uint, 0644);
+-MODULE_PARM_DESC(target_ps, "Enable ath10k Target (SoC) PS option");
+-
+ module_param_named(irq_mode, ath10k_pci_irq_mode, uint, 0644);
+ MODULE_PARM_DESC(irq_mode, "0: auto, 1: legacy, 2: msi (default: 0)");
+
+@@ -59,21 +55,31 @@ MODULE_PARM_DESC(reset_mode, "0: auto, 1
+
+ /* how long wait to wait for target to initialise, in ms */
+ #define ATH10K_PCI_TARGET_WAIT 3000
++#define ATH10K_PCI_NUM_WARM_RESET_ATTEMPTS 3
+
+ #define QCA988X_2_0_DEVICE_ID (0x003c)
++#define QCA6174_2_1_DEVICE_ID (0x003e)
+
+-static DEFINE_PCI_DEVICE_TABLE(ath10k_pci_id_table) = {
++static const struct pci_device_id ath10k_pci_id_table[] = {
+ { PCI_VDEVICE(ATHEROS, QCA988X_2_0_DEVICE_ID) }, /* PCI-E QCA988X V2 */
++ { PCI_VDEVICE(ATHEROS, QCA6174_2_1_DEVICE_ID) }, /* PCI-E QCA6174 V2.1 */
+ {0}
+ };
+
+-static int ath10k_pci_diag_read_access(struct ath10k *ar, u32 address,
+- u32 *data);
++static const struct ath10k_pci_supp_chip ath10k_pci_supp_chips[] = {
++ /* QCA988X pre 2.0 chips are not supported because they need some nasty
++ * hacks. ath10k doesn't have them and these devices crash horribly
++ * because of that.
++ */
++ { QCA988X_2_0_DEVICE_ID, QCA988X_HW_2_0_CHIP_ID_REV },
++ { QCA6174_2_1_DEVICE_ID, QCA6174_HW_2_1_CHIP_ID_REV },
++ { QCA6174_2_1_DEVICE_ID, QCA6174_HW_2_2_CHIP_ID_REV },
++ { QCA6174_2_1_DEVICE_ID, QCA6174_HW_3_0_CHIP_ID_REV },
++ { QCA6174_2_1_DEVICE_ID, QCA6174_HW_3_1_CHIP_ID_REV },
++ { QCA6174_2_1_DEVICE_ID, QCA6174_HW_3_2_CHIP_ID_REV },
++};
+
+-static int ath10k_pci_post_rx(struct ath10k *ar);
+-static int ath10k_pci_post_rx_pipe(struct ath10k_pci_pipe *pipe_info,
+- int num);
+-static void ath10k_pci_rx_pipe_cleanup(struct ath10k_pci_pipe *pipe_info);
++static void ath10k_pci_buffer_cleanup(struct ath10k *ar);
+ static int ath10k_pci_cold_reset(struct ath10k *ar);
+ static int ath10k_pci_warm_reset(struct ath10k *ar);
+ static int ath10k_pci_wait_for_target_init(struct ath10k *ar);
+@@ -98,7 +104,7 @@ static const struct ce_attr host_ce_conf
+ {
+ .flags = CE_ATTR_FLAGS,
+ .src_nentries = 0,
+- .src_sz_max = 512,
++ .src_sz_max = 2048,
+ .dest_nentries = 512,
+ },
+
+@@ -155,79 +161,175 @@ static const struct ce_attr host_ce_conf
+ static const struct ce_pipe_config target_ce_config_wlan[] = {
+ /* CE0: host->target HTC control and raw streams */
+ {
+- .pipenum = 0,
+- .pipedir = PIPEDIR_OUT,
+- .nentries = 32,
+- .nbytes_max = 256,
+- .flags = CE_ATTR_FLAGS,
+- .reserved = 0,
++ .pipenum = __cpu_to_le32(0),
++ .pipedir = __cpu_to_le32(PIPEDIR_OUT),
++ .nentries = __cpu_to_le32(32),
++ .nbytes_max = __cpu_to_le32(256),
++ .flags = __cpu_to_le32(CE_ATTR_FLAGS),
++ .reserved = __cpu_to_le32(0),
+ },
+
+ /* CE1: target->host HTT + HTC control */
+ {
+- .pipenum = 1,
+- .pipedir = PIPEDIR_IN,
+- .nentries = 32,
+- .nbytes_max = 512,
+- .flags = CE_ATTR_FLAGS,
+- .reserved = 0,
++ .pipenum = __cpu_to_le32(1),
++ .pipedir = __cpu_to_le32(PIPEDIR_IN),
++ .nentries = __cpu_to_le32(32),
++ .nbytes_max = __cpu_to_le32(2048),
++ .flags = __cpu_to_le32(CE_ATTR_FLAGS),
++ .reserved = __cpu_to_le32(0),
+ },
+
+ /* CE2: target->host WMI */
+ {
+- .pipenum = 2,
+- .pipedir = PIPEDIR_IN,
+- .nentries = 32,
+- .nbytes_max = 2048,
+- .flags = CE_ATTR_FLAGS,
+- .reserved = 0,
++ .pipenum = __cpu_to_le32(2),
++ .pipedir = __cpu_to_le32(PIPEDIR_IN),
++ .nentries = __cpu_to_le32(32),
++ .nbytes_max = __cpu_to_le32(2048),
++ .flags = __cpu_to_le32(CE_ATTR_FLAGS),
++ .reserved = __cpu_to_le32(0),
+ },
+
+ /* CE3: host->target WMI */
+ {
+- .pipenum = 3,
+- .pipedir = PIPEDIR_OUT,
+- .nentries = 32,
+- .nbytes_max = 2048,
+- .flags = CE_ATTR_FLAGS,
+- .reserved = 0,
++ .pipenum = __cpu_to_le32(3),
++ .pipedir = __cpu_to_le32(PIPEDIR_OUT),
++ .nentries = __cpu_to_le32(32),
++ .nbytes_max = __cpu_to_le32(2048),
++ .flags = __cpu_to_le32(CE_ATTR_FLAGS),
++ .reserved = __cpu_to_le32(0),
+ },
+
+ /* CE4: host->target HTT */
+ {
+- .pipenum = 4,
+- .pipedir = PIPEDIR_OUT,
+- .nentries = 256,
+- .nbytes_max = 256,
+- .flags = CE_ATTR_FLAGS,
+- .reserved = 0,
++ .pipenum = __cpu_to_le32(4),
++ .pipedir = __cpu_to_le32(PIPEDIR_OUT),
++ .nentries = __cpu_to_le32(256),
++ .nbytes_max = __cpu_to_le32(256),
++ .flags = __cpu_to_le32(CE_ATTR_FLAGS),
++ .reserved = __cpu_to_le32(0),
+ },
+
+ /* NB: 50% of src nentries, since tx has 2 frags */
+
+ /* CE5: unused */
+ {
+- .pipenum = 5,
+- .pipedir = PIPEDIR_OUT,
+- .nentries = 32,
+- .nbytes_max = 2048,
+- .flags = CE_ATTR_FLAGS,
+- .reserved = 0,
++ .pipenum = __cpu_to_le32(5),
++ .pipedir = __cpu_to_le32(PIPEDIR_OUT),
++ .nentries = __cpu_to_le32(32),
++ .nbytes_max = __cpu_to_le32(2048),
++ .flags = __cpu_to_le32(CE_ATTR_FLAGS),
++ .reserved = __cpu_to_le32(0),
+ },
+
+ /* CE6: Reserved for target autonomous hif_memcpy */
+ {
+- .pipenum = 6,
+- .pipedir = PIPEDIR_INOUT,
+- .nentries = 32,
+- .nbytes_max = 4096,
+- .flags = CE_ATTR_FLAGS,
+- .reserved = 0,
++ .pipenum = __cpu_to_le32(6),
++ .pipedir = __cpu_to_le32(PIPEDIR_INOUT),
++ .nentries = __cpu_to_le32(32),
++ .nbytes_max = __cpu_to_le32(4096),
++ .flags = __cpu_to_le32(CE_ATTR_FLAGS),
++ .reserved = __cpu_to_le32(0),
+ },
+
+ /* CE7 used only by Host */
+ };
+
++/*
++ * Map from service/endpoint to Copy Engine.
++ * This table is derived from the CE_PCI TABLE, above.
++ * It is passed to the Target at startup for use by firmware.
++ */
++static const struct service_to_pipe target_service_to_ce_map_wlan[] = {
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_WMI_DATA_VO),
++ __cpu_to_le32(PIPEDIR_OUT), /* out = UL = host -> target */
++ __cpu_to_le32(3),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_WMI_DATA_VO),
++ __cpu_to_le32(PIPEDIR_IN), /* in = DL = target -> host */
++ __cpu_to_le32(2),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_WMI_DATA_BK),
++ __cpu_to_le32(PIPEDIR_OUT), /* out = UL = host -> target */
++ __cpu_to_le32(3),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_WMI_DATA_BK),
++ __cpu_to_le32(PIPEDIR_IN), /* in = DL = target -> host */
++ __cpu_to_le32(2),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_WMI_DATA_BE),
++ __cpu_to_le32(PIPEDIR_OUT), /* out = UL = host -> target */
++ __cpu_to_le32(3),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_WMI_DATA_BE),
++ __cpu_to_le32(PIPEDIR_IN), /* in = DL = target -> host */
++ __cpu_to_le32(2),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_WMI_DATA_VI),
++ __cpu_to_le32(PIPEDIR_OUT), /* out = UL = host -> target */
++ __cpu_to_le32(3),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_WMI_DATA_VI),
++ __cpu_to_le32(PIPEDIR_IN), /* in = DL = target -> host */
++ __cpu_to_le32(2),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_WMI_CONTROL),
++ __cpu_to_le32(PIPEDIR_OUT), /* out = UL = host -> target */
++ __cpu_to_le32(3),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_WMI_CONTROL),
++ __cpu_to_le32(PIPEDIR_IN), /* in = DL = target -> host */
++ __cpu_to_le32(2),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_RSVD_CTRL),
++ __cpu_to_le32(PIPEDIR_OUT), /* out = UL = host -> target */
++ __cpu_to_le32(0),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_RSVD_CTRL),
++ __cpu_to_le32(PIPEDIR_IN), /* in = DL = target -> host */
++ __cpu_to_le32(1),
++ },
++ { /* not used */
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_TEST_RAW_STREAMS),
++ __cpu_to_le32(PIPEDIR_OUT), /* out = UL = host -> target */
++ __cpu_to_le32(0),
++ },
++ { /* not used */
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_TEST_RAW_STREAMS),
++ __cpu_to_le32(PIPEDIR_IN), /* in = DL = target -> host */
++ __cpu_to_le32(1),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_HTT_DATA_MSG),
++ __cpu_to_le32(PIPEDIR_OUT), /* out = UL = host -> target */
++ __cpu_to_le32(4),
++ },
++ {
++ __cpu_to_le32(ATH10K_HTC_SVC_ID_HTT_DATA_MSG),
++ __cpu_to_le32(PIPEDIR_IN), /* in = DL = target -> host */
++ __cpu_to_le32(1),
++ },
++
++ /* (Additions here) */
++
++ { /* must be last */
++ __cpu_to_le32(0),
++ __cpu_to_le32(0),
++ __cpu_to_le32(0),
++ },
++};
++
+ static bool ath10k_pci_irq_pending(struct ath10k *ar)
+ {
+ u32 cause;
+@@ -253,8 +355,8 @@ static void ath10k_pci_disable_and_clear
+
+ /* IMPORTANT: this extra read transaction is required to
+ * flush the posted write buffer. */
+- (void) ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS +
+- PCIE_INTR_ENABLE_ADDRESS);
++ (void)ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS +
++ PCIE_INTR_ENABLE_ADDRESS);
+ }
+
+ static void ath10k_pci_enable_legacy_irq(struct ath10k *ar)
+@@ -265,48 +367,116 @@ static void ath10k_pci_enable_legacy_irq
+
+ /* IMPORTANT: this extra read transaction is required to
+ * flush the posted write buffer. */
+- (void) ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS +
+- PCIE_INTR_ENABLE_ADDRESS);
++ (void)ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS +
++ PCIE_INTR_ENABLE_ADDRESS);
+ }
+
+-static irqreturn_t ath10k_pci_early_irq_handler(int irq, void *arg)
++static inline const char *ath10k_pci_get_irq_method(struct ath10k *ar)
+ {
+- struct ath10k *ar = arg;
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+
+- if (ar_pci->num_msi_intrs == 0) {
+- if (!ath10k_pci_irq_pending(ar))
+- return IRQ_NONE;
+-
+- ath10k_pci_disable_and_clear_legacy_irq(ar);
+- }
++ if (ar_pci->num_msi_intrs > 1)
++ return "msi-x";
+
+- tasklet_schedule(&ar_pci->early_irq_tasklet);
++ if (ar_pci->num_msi_intrs == 1)
++ return "msi";
+
+- return IRQ_HANDLED;
++ return "legacy";
+ }
+
+-static int ath10k_pci_request_early_irq(struct ath10k *ar)
++static int __ath10k_pci_rx_post_buf(struct ath10k_pci_pipe *pipe)
+ {
++ struct ath10k *ar = pipe->hif_ce_state;
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ struct ath10k_ce_pipe *ce_pipe = pipe->ce_hdl;
++ struct sk_buff *skb;
++ dma_addr_t paddr;
+ int ret;
+
+- /* Regardless whether MSI-X/MSI/legacy irqs have been set up the first
+- * interrupt from irq vector is triggered in all cases for FW
+- * indication/errors */
+- ret = request_irq(ar_pci->pdev->irq, ath10k_pci_early_irq_handler,
+- IRQF_SHARED, "ath10k_pci (early)", ar);
++ lockdep_assert_held(&ar_pci->ce_lock);
++
++ skb = dev_alloc_skb(pipe->buf_sz);
++ if (!skb)
++ return -ENOMEM;
++
++ WARN_ONCE((unsigned long)skb->data & 3, "unaligned skb");
++
++ paddr = dma_map_single(ar->dev, skb->data,
++ skb->len + skb_tailroom(skb),
++ DMA_FROM_DEVICE);
++ if (unlikely(dma_mapping_error(ar->dev, paddr))) {
++ ath10k_warn(ar, "failed to dma map pci rx buf\n");
++ dev_kfree_skb_any(skb);
++ return -EIO;
++ }
++
++ ATH10K_SKB_RXCB(skb)->paddr = paddr;
++
++ ret = __ath10k_ce_rx_post_buf(ce_pipe, skb, paddr);
+ if (ret) {
+- ath10k_warn("failed to request early irq: %d\n", ret);
++ ath10k_warn(ar, "failed to post pci rx buf: %d\n", ret);
++ dma_unmap_single(ar->dev, paddr, skb->len + skb_tailroom(skb),
++ DMA_FROM_DEVICE);
++ dev_kfree_skb_any(skb);
+ return ret;
+ }
+
+ return 0;
+ }
+
+-static void ath10k_pci_free_early_irq(struct ath10k *ar)
++static void __ath10k_pci_rx_post_pipe(struct ath10k_pci_pipe *pipe)
++{
++ struct ath10k *ar = pipe->hif_ce_state;
++ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ struct ath10k_ce_pipe *ce_pipe = pipe->ce_hdl;
++ int ret, num;
++
++ lockdep_assert_held(&ar_pci->ce_lock);
++
++ if (pipe->buf_sz == 0)
++ return;
++
++ if (!ce_pipe->dest_ring)
++ return;
++
++ num = __ath10k_ce_rx_num_free_bufs(ce_pipe);
++ while (num--) {
++ ret = __ath10k_pci_rx_post_buf(pipe);
++ if (ret) {
++ ath10k_warn(ar, "failed to post pci rx buf: %d\n", ret);
++ mod_timer(&ar_pci->rx_post_retry, jiffies +
++ ATH10K_PCI_RX_POST_RETRY_MS);
++ break;
++ }
++ }
++}
++
++static void ath10k_pci_rx_post_pipe(struct ath10k_pci_pipe *pipe)
++{
++ struct ath10k *ar = pipe->hif_ce_state;
++ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++
++ spin_lock_bh(&ar_pci->ce_lock);
++ __ath10k_pci_rx_post_pipe(pipe);
++ spin_unlock_bh(&ar_pci->ce_lock);
++}
++
++static void ath10k_pci_rx_post(struct ath10k *ar)
++{
++ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ int i;
++
++ spin_lock_bh(&ar_pci->ce_lock);
++ for (i = 0; i < CE_COUNT; i++)
++ __ath10k_pci_rx_post_pipe(&ar_pci->pipe_info[i]);
++ spin_unlock_bh(&ar_pci->ce_lock);
++}
++
++static void ath10k_pci_rx_replenish_retry(unsigned long ptr)
+ {
+- free_irq(ath10k_pci_priv(ar)->pdev->irq, ar);
++ struct ath10k *ar = (void *)ptr;
++
++ ath10k_pci_rx_post(ar);
+ }
+
+ /*
+@@ -330,24 +500,7 @@ static int ath10k_pci_diag_read_mem(stru
+ void *data_buf = NULL;
+ int i;
+
+- /*
+- * This code cannot handle reads to non-memory space. Redirect to the
+- * register read fn but preserve the multi word read capability of
+- * this fn
+- */
+- if (address < DRAM_BASE_ADDRESS) {
+- if (!IS_ALIGNED(address, 4) ||
+- !IS_ALIGNED((unsigned long)data, 4))
+- return -EIO;
+-
+- while ((nbytes >= 4) && ((ret = ath10k_pci_diag_read_access(
+- ar, address, (u32 *)data)) == 0)) {
+- nbytes -= sizeof(u32);
+- address += sizeof(u32);
+- data += sizeof(u32);
+- }
+- return ret;
+- }
++ spin_lock_bh(&ar_pci->ce_lock);
+
+ ce_diag = ar_pci->ce_diag;
+
+@@ -375,7 +528,7 @@ static int ath10k_pci_diag_read_mem(stru
+ nbytes = min_t(unsigned int, remaining_bytes,
+ DIAG_TRANSFER_LIMIT);
+
+- ret = ath10k_ce_recv_buf_enqueue(ce_diag, NULL, ce_data);
++ ret = __ath10k_ce_rx_post_buf(ce_diag, NULL, ce_data);
+ if (ret != 0)
+ goto done;
+
+@@ -388,20 +541,18 @@ static int ath10k_pci_diag_read_mem(stru
+ * convert it from Target CPU virtual address space
+ * to CE address space
+ */
+- ath10k_pci_wake(ar);
+ address = TARG_CPU_SPACE_TO_CE_SPACE(ar, ar_pci->mem,
+ address);
+- ath10k_pci_sleep(ar);
+
+- ret = ath10k_ce_send(ce_diag, NULL, (u32)address, nbytes, 0,
+- 0);
++ ret = ath10k_ce_send_nolock(ce_diag, NULL, (u32)address, nbytes, 0,
++ 0);
+ if (ret)
+ goto done;
+
+ i = 0;
+- while (ath10k_ce_completed_send_next(ce_diag, NULL, &buf,
+- &completed_nbytes,
+- &id) != 0) {
++ while (ath10k_ce_completed_send_next_nolock(ce_diag, NULL, &buf,
++ &completed_nbytes,
++ &id) != 0) {
+ mdelay(1);
+ if (i++ > DIAG_ACCESS_CE_TIMEOUT_MS) {
+ ret = -EBUSY;
+@@ -414,15 +565,15 @@ static int ath10k_pci_diag_read_mem(stru
+ goto done;
+ }
+
+- if (buf != (u32) address) {
++ if (buf != (u32)address) {
+ ret = -EIO;
+ goto done;
+ }
+
+ i = 0;
+- while (ath10k_ce_completed_recv_next(ce_diag, NULL, &buf,
+- &completed_nbytes,
+- &id, &flags) != 0) {
++ while (ath10k_ce_completed_recv_next_nolock(ce_diag, NULL, &buf,
++ &completed_nbytes,
++ &id, &flags) != 0) {
+ mdelay(1);
+
+ if (i++ > DIAG_ACCESS_CE_TIMEOUT_MS) {
+@@ -447,38 +598,60 @@ static int ath10k_pci_diag_read_mem(stru
+ }
+
+ done:
+- if (ret == 0) {
+- /* Copy data from allocated DMA buf to caller's buf */
+- WARN_ON_ONCE(orig_nbytes & 3);
+- for (i = 0; i < orig_nbytes / sizeof(__le32); i++) {
+- ((u32 *)data)[i] =
+- __le32_to_cpu(((__le32 *)data_buf)[i]);
+- }
+- } else
+- ath10k_warn("failed to read diag value at 0x%x: %d\n",
++ if (ret == 0)
++ memcpy(data, data_buf, orig_nbytes);
++ else
++ ath10k_warn(ar, "failed to read diag value at 0x%x: %d\n",
+ address, ret);
+
+ if (data_buf)
+ dma_free_coherent(ar->dev, orig_nbytes, data_buf,
+ ce_data_base);
+
++ spin_unlock_bh(&ar_pci->ce_lock);
++
+ return ret;
+ }
+
+-/* Read 4-byte aligned data from Target memory or register */
+-static int ath10k_pci_diag_read_access(struct ath10k *ar, u32 address,
+- u32 *data)
+-{
+- /* Assume range doesn't cross this boundary */
+- if (address >= DRAM_BASE_ADDRESS)
+- return ath10k_pci_diag_read_mem(ar, address, data, sizeof(u32));
++static int ath10k_pci_diag_read32(struct ath10k *ar, u32 address, u32 *value)
++{
++ __le32 val = 0;
++ int ret;
++
++ ret = ath10k_pci_diag_read_mem(ar, address, &val, sizeof(val));
++ *value = __le32_to_cpu(val);
++
++ return ret;
++}
++
++static int __ath10k_pci_diag_read_hi(struct ath10k *ar, void *dest,
++ u32 src, u32 len)
++{
++ u32 host_addr, addr;
++ int ret;
++
++ host_addr = host_interest_item_address(src);
++
++ ret = ath10k_pci_diag_read32(ar, host_addr, &addr);
++ if (ret != 0) {
++ ath10k_warn(ar, "failed to get memcpy hi address for firmware address %d: %d\n",
++ src, ret);
++ return ret;
++ }
++
++ ret = ath10k_pci_diag_read_mem(ar, addr, dest, len);
++ if (ret != 0) {
++ ath10k_warn(ar, "failed to memcpy firmware memory from %d (%d B): %d\n",
++ addr, len, ret);
++ return ret;
++ }
+
+- ath10k_pci_wake(ar);
+- *data = ath10k_pci_read32(ar, address);
+- ath10k_pci_sleep(ar);
+ return 0;
+ }
+
++#define ath10k_pci_diag_read_hi(ar, dest, src, len) \
++ __ath10k_pci_diag_read_hi(ar, dest, HI_ITEM(src), len)
++
+ static int ath10k_pci_diag_write_mem(struct ath10k *ar, u32 address,
+ const void *data, int nbytes)
+ {
+@@ -494,6 +667,8 @@ static int ath10k_pci_diag_write_mem(str
+ dma_addr_t ce_data_base = 0;
+ int i;
+
++ spin_lock_bh(&ar_pci->ce_lock);
++
+ ce_diag = ar_pci->ce_diag;
+
+ /*
+@@ -513,9 +688,7 @@ static int ath10k_pci_diag_write_mem(str
+ }
+
+ /* Copy caller's data to allocated DMA buf */
+- WARN_ON_ONCE(orig_nbytes & 3);
+- for (i = 0; i < orig_nbytes / sizeof(__le32); i++)
+- ((__le32 *)data_buf)[i] = __cpu_to_le32(((u32 *)data)[i]);
++ memcpy(data_buf, data, orig_nbytes);
+
+ /*
+ * The address supplied by the caller is in the
+@@ -527,9 +700,7 @@ static int ath10k_pci_diag_write_mem(str
+ * to
+ * CE address space
+ */
+- ath10k_pci_wake(ar);
+ address = TARG_CPU_SPACE_TO_CE_SPACE(ar, ar_pci->mem, address);
+- ath10k_pci_sleep(ar);
+
+ remaining_bytes = orig_nbytes;
+ ce_data = ce_data_base;
+@@ -538,7 +709,7 @@ static int ath10k_pci_diag_write_mem(str
+ nbytes = min_t(int, remaining_bytes, DIAG_TRANSFER_LIMIT);
+
+ /* Set up to receive directly into Target(!) address */
+- ret = ath10k_ce_recv_buf_enqueue(ce_diag, NULL, address);
++ ret = __ath10k_ce_rx_post_buf(ce_diag, NULL, address);
+ if (ret != 0)
+ goto done;
+
+@@ -546,15 +717,15 @@ static int ath10k_pci_diag_write_mem(str
+ * Request CE to send caller-supplied data that
+ * was copied to bounce buffer to Target(!) address.
+ */
+- ret = ath10k_ce_send(ce_diag, NULL, (u32) ce_data,
+- nbytes, 0, 0);
++ ret = ath10k_ce_send_nolock(ce_diag, NULL, (u32)ce_data,
++ nbytes, 0, 0);
+ if (ret != 0)
+ goto done;
+
+ i = 0;
+- while (ath10k_ce_completed_send_next(ce_diag, NULL, &buf,
+- &completed_nbytes,
+- &id) != 0) {
++ while (ath10k_ce_completed_send_next_nolock(ce_diag, NULL, &buf,
++ &completed_nbytes,
++ &id) != 0) {
+ mdelay(1);
+
+ if (i++ > DIAG_ACCESS_CE_TIMEOUT_MS) {
+@@ -574,9 +745,9 @@ static int ath10k_pci_diag_write_mem(str
+ }
+
+ i = 0;
+- while (ath10k_ce_completed_recv_next(ce_diag, NULL, &buf,
+- &completed_nbytes,
+- &id, &flags) != 0) {
++ while (ath10k_ce_completed_recv_next_nolock(ce_diag, NULL, &buf,
++ &completed_nbytes,
++ &id, &flags) != 0) {
+ mdelay(1);
+
+ if (i++ > DIAG_ACCESS_CE_TIMEOUT_MS) {
+@@ -607,66 +778,36 @@ done:
+ }
+
+ if (ret != 0)
+- ath10k_warn("failed to write diag value at 0x%x: %d\n",
++ ath10k_warn(ar, "failed to write diag value at 0x%x: %d\n",
+ address, ret);
+
++ spin_unlock_bh(&ar_pci->ce_lock);
++
+ return ret;
+ }
+
+-/* Write 4B data to Target memory or register */
+-static int ath10k_pci_diag_write_access(struct ath10k *ar, u32 address,
+- u32 data)
+-{
+- /* Assume range doesn't cross this boundary */
+- if (address >= DRAM_BASE_ADDRESS)
+- return ath10k_pci_diag_write_mem(ar, address, &data,
+- sizeof(u32));
++static int ath10k_pci_diag_write32(struct ath10k *ar, u32 address, u32 value)
++{
++ __le32 val = __cpu_to_le32(value);
+
+- ath10k_pci_wake(ar);
+- ath10k_pci_write32(ar, address, data);
+- ath10k_pci_sleep(ar);
+- return 0;
++ return ath10k_pci_diag_write_mem(ar, address, &val, sizeof(val));
+ }
+
+-static bool ath10k_pci_target_is_awake(struct ath10k *ar)
++static bool ath10k_pci_is_awake(struct ath10k *ar)
+ {
+- void __iomem *mem = ath10k_pci_priv(ar)->mem;
+- u32 val;
+- val = ioread32(mem + PCIE_LOCAL_BASE_ADDRESS +
+- RTC_STATE_ADDRESS);
+- return (RTC_STATE_V_GET(val) == RTC_STATE_V_ON);
++ u32 val = ath10k_pci_reg_read32(ar, RTC_STATE_ADDRESS);
++
++ return RTC_STATE_V_GET(val) == RTC_STATE_V_ON;
+ }
+
+-int ath10k_do_pci_wake(struct ath10k *ar)
++static int ath10k_pci_wake_wait(struct ath10k *ar)
+ {
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- void __iomem *pci_addr = ar_pci->mem;
+ int tot_delay = 0;
+ int curr_delay = 5;
+
+- if (atomic_read(&ar_pci->keep_awake_count) == 0) {
+- /* Force AWAKE */
+- iowrite32(PCIE_SOC_WAKE_V_MASK,
+- pci_addr + PCIE_LOCAL_BASE_ADDRESS +
+- PCIE_SOC_WAKE_ADDRESS);
+- }
+- atomic_inc(&ar_pci->keep_awake_count);
+-
+- if (ar_pci->verified_awake)
+- return 0;
+-
+- for (;;) {
+- if (ath10k_pci_target_is_awake(ar)) {
+- ar_pci->verified_awake = true;
++ while (tot_delay < PCIE_WAKE_TIMEOUT) {
++ if (ath10k_pci_is_awake(ar))
+ return 0;
+- }
+-
+- if (tot_delay > PCIE_WAKE_TIMEOUT) {
+- ath10k_warn("target took longer %d us to wake up (awake count %d)\n",
+- PCIE_WAKE_TIMEOUT,
+- atomic_read(&ar_pci->keep_awake_count));
+- return -ETIMEDOUT;
+- }
+
+ udelay(curr_delay);
+ tot_delay += curr_delay;
+@@ -674,20 +815,21 @@ int ath10k_do_pci_wake(struct ath10k *ar
+ if (curr_delay < 50)
+ curr_delay += 5;
+ }
++
++ return -ETIMEDOUT;
+ }
+
+-void ath10k_do_pci_sleep(struct ath10k *ar)
++static int ath10k_pci_wake(struct ath10k *ar)
+ {
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- void __iomem *pci_addr = ar_pci->mem;
++ ath10k_pci_reg_write32(ar, PCIE_SOC_WAKE_ADDRESS,
++ PCIE_SOC_WAKE_V_MASK);
++ return ath10k_pci_wake_wait(ar);
++}
+
+- if (atomic_dec_and_test(&ar_pci->keep_awake_count)) {
+- /* Allow sleep */
+- ar_pci->verified_awake = false;
+- iowrite32(PCIE_SOC_WAKE_RESET,
+- pci_addr + PCIE_LOCAL_BASE_ADDRESS +
+- PCIE_SOC_WAKE_ADDRESS);
+- }
++static void ath10k_pci_sleep(struct ath10k *ar)
++{
++ ath10k_pci_reg_write32(ar, PCIE_SOC_WAKE_ADDRESS,
++ PCIE_SOC_WAKE_RESET);
+ }
+
+ /* Called by lower (CE) layer when a send to Target completes. */
+@@ -696,20 +838,24 @@ static void ath10k_pci_ce_send_done(stru
+ struct ath10k *ar = ce_state->ar;
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+ struct ath10k_hif_cb *cb = &ar_pci->msg_callbacks_current;
+- void *transfer_context;
++ struct sk_buff_head list;
++ struct sk_buff *skb;
+ u32 ce_data;
+ unsigned int nbytes;
+ unsigned int transfer_id;
+
+- while (ath10k_ce_completed_send_next(ce_state, &transfer_context,
+- &ce_data, &nbytes,
+- &transfer_id) == 0) {
++ __skb_queue_head_init(&list);
++ while (ath10k_ce_completed_send_next(ce_state, (void **)&skb, &ce_data,
++ &nbytes, &transfer_id) == 0) {
+ /* no need to call tx completion for NULL pointers */
+- if (transfer_context == NULL)
++ if (skb == NULL)
+ continue;
+
+- cb->tx_completion(ar, transfer_context, transfer_id);
++ __skb_queue_tail(&list, skb);
+ }
++
++ while ((skb = __skb_dequeue(&list)))
++ cb->tx_completion(ar, skb);
+ }
+
+ /* Called by lower (CE) layer when data is received from the Target. */
+@@ -720,38 +866,43 @@ static void ath10k_pci_ce_recv_data(stru
+ struct ath10k_pci_pipe *pipe_info = &ar_pci->pipe_info[ce_state->id];
+ struct ath10k_hif_cb *cb = &ar_pci->msg_callbacks_current;
+ struct sk_buff *skb;
++ struct sk_buff_head list;
+ void *transfer_context;
+ u32 ce_data;
+ unsigned int nbytes, max_nbytes;
+ unsigned int transfer_id;
+ unsigned int flags;
+- int err;
+
++ __skb_queue_head_init(&list);
+ while (ath10k_ce_completed_recv_next(ce_state, &transfer_context,
+ &ce_data, &nbytes, &transfer_id,
+ &flags) == 0) {
+- err = ath10k_pci_post_rx_pipe(pipe_info, 1);
+- if (unlikely(err)) {
+- /* FIXME: retry */
+- ath10k_warn("failed to replenish CE rx ring %d: %d\n",
+- pipe_info->pipe_num, err);
+- }
+-
+ skb = transfer_context;
+ max_nbytes = skb->len + skb_tailroom(skb);
+- dma_unmap_single(ar->dev, ATH10K_SKB_CB(skb)->paddr,
++ dma_unmap_single(ar->dev, ATH10K_SKB_RXCB(skb)->paddr,
+ max_nbytes, DMA_FROM_DEVICE);
+
+ if (unlikely(max_nbytes < nbytes)) {
+- ath10k_warn("rxed more than expected (nbytes %d, max %d)",
++ ath10k_warn(ar, "rxed more than expected (nbytes %d, max %d)",
+ nbytes, max_nbytes);
+ dev_kfree_skb_any(skb);
+ continue;
+ }
+
+ skb_put(skb, nbytes);
+- cb->rx_completion(ar, skb, pipe_info->pipe_num);
++ __skb_queue_tail(&list, skb);
++ }
++
++ while ((skb = __skb_dequeue(&list))) {
++ ath10k_dbg(ar, ATH10K_DBG_PCI, "pci rx ce pipe %d len %d\n",
++ ce_state->id, skb->len);
++ ath10k_dbg_dump(ar, ATH10K_DBG_PCI_DUMP, NULL, "pci rx: ",
++ skb->data, skb->len);
++
++ cb->rx_completion(ar, skb);
+ }
++
++ ath10k_pci_rx_post_pipe(pipe_info);
+ }
+
+ static int ath10k_pci_hif_tx_sg(struct ath10k *ar, u8 pipe_id,
+@@ -761,24 +912,28 @@ static int ath10k_pci_hif_tx_sg(struct a
+ struct ath10k_pci_pipe *pci_pipe = &ar_pci->pipe_info[pipe_id];
+ struct ath10k_ce_pipe *ce_pipe = pci_pipe->ce_hdl;
+ struct ath10k_ce_ring *src_ring = ce_pipe->src_ring;
+- unsigned int nentries_mask = src_ring->nentries_mask;
+- unsigned int sw_index = src_ring->sw_index;
+- unsigned int write_index = src_ring->write_index;
+- int err, i;
++ unsigned int nentries_mask;
++ unsigned int sw_index;
++ unsigned int write_index;
++ int err, i = 0;
+
+ spin_lock_bh(&ar_pci->ce_lock);
+
++ nentries_mask = src_ring->nentries_mask;
++ sw_index = src_ring->sw_index;
++ write_index = src_ring->write_index;
++
+ if (unlikely(CE_RING_DELTA(nentries_mask,
+ write_index, sw_index - 1) < n_items)) {
+ err = -ENOBUFS;
+- goto unlock;
++ goto err;
+ }
+
+ for (i = 0; i < n_items - 1; i++) {
+- ath10k_dbg(ATH10K_DBG_PCI,
++ ath10k_dbg(ar, ATH10K_DBG_PCI,
+ "pci tx item %d paddr 0x%08x len %d n_items %d\n",
+ i, items[i].paddr, items[i].len, n_items);
+- ath10k_dbg_dump(ATH10K_DBG_PCI_DUMP, NULL, "item data: ",
++ ath10k_dbg_dump(ar, ATH10K_DBG_PCI_DUMP, NULL, "pci tx data: ",
+ items[i].vaddr, items[i].len);
+
+ err = ath10k_ce_send_nolock(ce_pipe,
+@@ -788,15 +943,15 @@ static int ath10k_pci_hif_tx_sg(struct a
+ items[i].transfer_id,
+ CE_SEND_FLAG_GATHER);
+ if (err)
+- goto unlock;
++ goto err;
+ }
+
+ /* `i` is equal to `n_items -1` after for() */
+
+- ath10k_dbg(ATH10K_DBG_PCI,
++ ath10k_dbg(ar, ATH10K_DBG_PCI,
+ "pci tx item %d paddr 0x%08x len %d n_items %d\n",
+ i, items[i].paddr, items[i].len, n_items);
+- ath10k_dbg_dump(ATH10K_DBG_PCI_DUMP, NULL, "item data: ",
++ ath10k_dbg_dump(ar, ATH10K_DBG_PCI_DUMP, NULL, "pci tx data: ",
+ items[i].vaddr, items[i].len);
+
+ err = ath10k_ce_send_nolock(ce_pipe,
+@@ -806,64 +961,89 @@ static int ath10k_pci_hif_tx_sg(struct a
+ items[i].transfer_id,
+ 0);
+ if (err)
+- goto unlock;
++ goto err;
++
++ spin_unlock_bh(&ar_pci->ce_lock);
++ return 0;
++
++err:
++ for (; i > 0; i--)
++ __ath10k_ce_send_revert(ce_pipe);
+
+- err = 0;
+-unlock:
+ spin_unlock_bh(&ar_pci->ce_lock);
+ return err;
+ }
+
++static int ath10k_pci_hif_diag_read(struct ath10k *ar, u32 address, void *buf,
++ size_t buf_len)
++{
++ return ath10k_pci_diag_read_mem(ar, address, buf, buf_len);
++}
++
+ static u16 ath10k_pci_hif_get_free_queue_number(struct ath10k *ar, u8 pipe)
+ {
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+
+- ath10k_dbg(ATH10K_DBG_PCI, "pci hif get free queue number\n");
++ ath10k_dbg(ar, ATH10K_DBG_PCI, "pci hif get free queue number\n");
+
+ return ath10k_ce_num_free_src_entries(ar_pci->pipe_info[pipe].ce_hdl);
+ }
+
+-static void ath10k_pci_hif_dump_area(struct ath10k *ar)
++static void ath10k_pci_dump_registers(struct ath10k *ar,
++ struct ath10k_fw_crash_data *crash_data)
+ {
+- u32 reg_dump_area = 0;
+- u32 reg_dump_values[REG_DUMP_COUNT_QCA988X] = {};
+- u32 host_addr;
+- int ret;
+- u32 i;
+-
+- ath10k_err("firmware crashed!\n");
+- ath10k_err("hardware name %s version 0x%x\n",
+- ar->hw_params.name, ar->target_version);
+- ath10k_err("firmware version: %s\n", ar->hw->wiphy->fw_version);
+-
+- host_addr = host_interest_item_address(HI_ITEM(hi_failure_state));
+- ret = ath10k_pci_diag_read_mem(ar, host_addr,
+- &reg_dump_area, sizeof(u32));
+- if (ret) {
+- ath10k_err("failed to read FW dump area address: %d\n", ret);
+- return;
+- }
++ __le32 reg_dump_values[REG_DUMP_COUNT_QCA988X] = {};
++ int i, ret;
+
+- ath10k_err("target register Dump Location: 0x%08X\n", reg_dump_area);
++ lockdep_assert_held(&ar->data_lock);
+
+- ret = ath10k_pci_diag_read_mem(ar, reg_dump_area,
+- &reg_dump_values[0],
+- REG_DUMP_COUNT_QCA988X * sizeof(u32));
+- if (ret != 0) {
+- ath10k_err("failed to read FW dump area: %d\n", ret);
++ ret = ath10k_pci_diag_read_hi(ar, &reg_dump_values[0],
++ hi_failure_state,
++ REG_DUMP_COUNT_QCA988X * sizeof(__le32));
++ if (ret) {
++ ath10k_err(ar, "failed to read firmware dump area: %d\n", ret);
+ return;
+ }
+
+ BUILD_BUG_ON(REG_DUMP_COUNT_QCA988X % 4);
+
+- ath10k_err("target Register Dump\n");
++ ath10k_err(ar, "firmware register dump:\n");
+ for (i = 0; i < REG_DUMP_COUNT_QCA988X; i += 4)
+- ath10k_err("[%02d]: 0x%08X 0x%08X 0x%08X 0x%08X\n",
++ ath10k_err(ar, "[%02d]: 0x%08X 0x%08X 0x%08X 0x%08X\n",
+ i,
+- reg_dump_values[i],
+- reg_dump_values[i + 1],
+- reg_dump_values[i + 2],
+- reg_dump_values[i + 3]);
++ __le32_to_cpu(reg_dump_values[i]),
++ __le32_to_cpu(reg_dump_values[i + 1]),
++ __le32_to_cpu(reg_dump_values[i + 2]),
++ __le32_to_cpu(reg_dump_values[i + 3]));
++
++ if (!crash_data)
++ return;
++
++ for (i = 0; i < REG_DUMP_COUNT_QCA988X; i++)
++ crash_data->registers[i] = reg_dump_values[i];
++}
++
++static void ath10k_pci_fw_crashed_dump(struct ath10k *ar)
++{
++ struct ath10k_fw_crash_data *crash_data;
++ char uuid[50];
++
++ spin_lock_bh(&ar->data_lock);
++
++ ar->stats.fw_crash_counter++;
++
++ crash_data = ath10k_debug_get_new_fw_crash_data(ar);
++
++ if (crash_data)
++ scnprintf(uuid, sizeof(uuid), "%pUl", &crash_data->uuid);
++ else
++ scnprintf(uuid, sizeof(uuid), "n/a");
++
++ ath10k_err(ar, "firmware crashed! (uuid %s)\n", uuid);
++ ath10k_print_driver_info(ar);
++ ath10k_pci_dump_registers(ar, crash_data);
++
++ spin_unlock_bh(&ar->data_lock);
+
+ queue_work(ar->workqueue, &ar->restart_work);
+ }
+@@ -871,7 +1051,7 @@ static void ath10k_pci_hif_dump_area(str
+ static void ath10k_pci_hif_send_complete_check(struct ath10k *ar, u8 pipe,
+ int force)
+ {
+- ath10k_dbg(ATH10K_DBG_PCI, "pci hif send complete check\n");
++ ath10k_dbg(ar, ATH10K_DBG_PCI, "pci hif send complete check\n");
+
+ if (!force) {
+ int resources;
+@@ -899,43 +1079,12 @@ static void ath10k_pci_hif_set_callbacks
+ {
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+
+- ath10k_dbg(ATH10K_DBG_PCI, "pci hif set callbacks\n");
++ ath10k_dbg(ar, ATH10K_DBG_PCI, "pci hif set callbacks\n");
+
+ memcpy(&ar_pci->msg_callbacks_current, callbacks,
+ sizeof(ar_pci->msg_callbacks_current));
+ }
+
+-static int ath10k_pci_setup_ce_irq(struct ath10k *ar)
+-{
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- const struct ce_attr *attr;
+- struct ath10k_pci_pipe *pipe_info;
+- int pipe_num, disable_interrupts;
+-
+- for (pipe_num = 0; pipe_num < CE_COUNT; pipe_num++) {
+- pipe_info = &ar_pci->pipe_info[pipe_num];
+-
+- /* Handle Diagnostic CE specially */
+- if (pipe_info->ce_hdl == ar_pci->ce_diag)
+- continue;
+-
+- attr = &host_ce_config_wlan[pipe_num];
+-
+- if (attr->src_nentries) {
+- disable_interrupts = attr->flags & CE_ATTR_DIS_INTR;
+- ath10k_ce_send_cb_register(pipe_info->ce_hdl,
+- ath10k_pci_ce_send_done,
+- disable_interrupts);
+- }
+-
+- if (attr->dest_nentries)
+- ath10k_ce_recv_cb_register(pipe_info->ce_hdl,
+- ath10k_pci_ce_recv_data);
+- }
+-
+- return 0;
+-}
+-
+ static void ath10k_pci_kill_tasklet(struct ath10k *ar)
+ {
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+@@ -943,82 +1092,72 @@ static void ath10k_pci_kill_tasklet(stru
+
+ tasklet_kill(&ar_pci->intr_tq);
+ tasklet_kill(&ar_pci->msi_fw_err);
+- tasklet_kill(&ar_pci->early_irq_tasklet);
+
+ for (i = 0; i < CE_COUNT; i++)
+ tasklet_kill(&ar_pci->pipe_info[i].intr);
++
++ del_timer_sync(&ar_pci->rx_post_retry);
+ }
+
+-/* TODO - temporary mapping while we have too few CE's */
+ static int ath10k_pci_hif_map_service_to_pipe(struct ath10k *ar,
+ u16 service_id, u8 *ul_pipe,
+ u8 *dl_pipe, int *ul_is_polled,
+ int *dl_is_polled)
+ {
+- int ret = 0;
++ const struct service_to_pipe *entry;
++ bool ul_set = false, dl_set = false;
++ int i;
+
+- ath10k_dbg(ATH10K_DBG_PCI, "pci hif map service\n");
++ ath10k_dbg(ar, ATH10K_DBG_PCI, "pci hif map service\n");
+
+ /* polling for received messages not supported */
+ *dl_is_polled = 0;
+
+- switch (service_id) {
+- case ATH10K_HTC_SVC_ID_HTT_DATA_MSG:
+- /*
+- * Host->target HTT gets its own pipe, so it can be polled
+- * while other pipes are interrupt driven.
+- */
+- *ul_pipe = 4;
+- /*
+- * Use the same target->host pipe for HTC ctrl, HTC raw
+- * streams, and HTT.
+- */
+- *dl_pipe = 1;
+- break;
++ for (i = 0; i < ARRAY_SIZE(target_service_to_ce_map_wlan); i++) {
++ entry = &target_service_to_ce_map_wlan[i];
+
+- case ATH10K_HTC_SVC_ID_RSVD_CTRL:
+- case ATH10K_HTC_SVC_ID_TEST_RAW_STREAMS:
+- /*
+- * Note: HTC_RAW_STREAMS_SVC is currently unused, and
+- * HTC_CTRL_RSVD_SVC could share the same pipe as the
+- * WMI services. So, if another CE is needed, change
+- * this to *ul_pipe = 3, which frees up CE 0.
+- */
+- /* *ul_pipe = 3; */
+- *ul_pipe = 0;
+- *dl_pipe = 1;
+- break;
++ if (__le32_to_cpu(entry->service_id) != service_id)
++ continue;
+
+- case ATH10K_HTC_SVC_ID_WMI_DATA_BK:
+- case ATH10K_HTC_SVC_ID_WMI_DATA_BE:
+- case ATH10K_HTC_SVC_ID_WMI_DATA_VI:
+- case ATH10K_HTC_SVC_ID_WMI_DATA_VO:
+-
+- case ATH10K_HTC_SVC_ID_WMI_CONTROL:
+- *ul_pipe = 3;
+- *dl_pipe = 2;
+- break;
++ switch (__le32_to_cpu(entry->pipedir)) {
++ case PIPEDIR_NONE:
++ break;
++ case PIPEDIR_IN:
++ WARN_ON(dl_set);
++ *dl_pipe = __le32_to_cpu(entry->pipenum);
++ dl_set = true;
++ break;
++ case PIPEDIR_OUT:
++ WARN_ON(ul_set);
++ *ul_pipe = __le32_to_cpu(entry->pipenum);
++ ul_set = true;
++ break;
++ case PIPEDIR_INOUT:
++ WARN_ON(dl_set);
++ WARN_ON(ul_set);
++ *dl_pipe = __le32_to_cpu(entry->pipenum);
++ *ul_pipe = __le32_to_cpu(entry->pipenum);
++ dl_set = true;
++ ul_set = true;
++ break;
++ }
++ }
+
+- /* pipe 5 unused */
+- /* pipe 6 reserved */
+- /* pipe 7 reserved */
++ if (WARN_ON(!ul_set || !dl_set))
++ return -ENOENT;
+
+- default:
+- ret = -1;
+- break;
+- }
+ *ul_is_polled =
+ (host_ce_config_wlan[*ul_pipe].flags & CE_ATTR_DIS_INTR) != 0;
+
+- return ret;
++ return 0;
+ }
+
+ static void ath10k_pci_hif_get_default_pipe(struct ath10k *ar,
+- u8 *ul_pipe, u8 *dl_pipe)
++ u8 *ul_pipe, u8 *dl_pipe)
+ {
+ int ul_is_polled, dl_is_polled;
+
+- ath10k_dbg(ATH10K_DBG_PCI, "pci hif get default pipe\n");
++ ath10k_dbg(ar, ATH10K_DBG_PCI, "pci hif get default pipe\n");
+
+ (void)ath10k_pci_hif_map_service_to_pipe(ar,
+ ATH10K_HTC_SVC_ID_RSVD_CTRL,
+@@ -1028,209 +1167,127 @@ static void ath10k_pci_hif_get_default_p
+ &dl_is_polled);
+ }
+
+-static int ath10k_pci_post_rx_pipe(struct ath10k_pci_pipe *pipe_info,
+- int num)
++static void ath10k_pci_irq_msi_fw_mask(struct ath10k *ar)
+ {
+- struct ath10k *ar = pipe_info->hif_ce_state;
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- struct ath10k_ce_pipe *ce_state = pipe_info->ce_hdl;
+- struct sk_buff *skb;
+- dma_addr_t ce_data;
+- int i, ret = 0;
++ u32 val;
+
+- if (pipe_info->buf_sz == 0)
+- return 0;
++ val = ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS + CORE_CTRL_ADDRESS);
++ val &= ~CORE_CTRL_PCIE_REG_31_MASK;
+
+- for (i = 0; i < num; i++) {
+- skb = dev_alloc_skb(pipe_info->buf_sz);
+- if (!skb) {
+- ath10k_warn("failed to allocate skbuff for pipe %d\n",
+- num);
+- ret = -ENOMEM;
+- goto err;
+- }
++ ath10k_pci_write32(ar, SOC_CORE_BASE_ADDRESS + CORE_CTRL_ADDRESS, val);
++}
+
+- WARN_ONCE((unsigned long)skb->data & 3, "unaligned skb");
++static void ath10k_pci_irq_msi_fw_unmask(struct ath10k *ar)
++{
++ u32 val;
+
+- ce_data = dma_map_single(ar->dev, skb->data,
+- skb->len + skb_tailroom(skb),
+- DMA_FROM_DEVICE);
++ val = ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS + CORE_CTRL_ADDRESS);
++ val |= CORE_CTRL_PCIE_REG_31_MASK;
+
+- if (unlikely(dma_mapping_error(ar->dev, ce_data))) {
+- ath10k_warn("failed to DMA map sk_buff\n");
+- dev_kfree_skb_any(skb);
+- ret = -EIO;
+- goto err;
+- }
++ ath10k_pci_write32(ar, SOC_CORE_BASE_ADDRESS + CORE_CTRL_ADDRESS, val);
++}
+
+- ATH10K_SKB_CB(skb)->paddr = ce_data;
++static void ath10k_pci_irq_disable(struct ath10k *ar)
++{
++ ath10k_ce_disable_interrupts(ar);
++ ath10k_pci_disable_and_clear_legacy_irq(ar);
++ ath10k_pci_irq_msi_fw_mask(ar);
++}
+
+- pci_dma_sync_single_for_device(ar_pci->pdev, ce_data,
+- pipe_info->buf_sz,
+- PCI_DMA_FROMDEVICE);
+-
+- ret = ath10k_ce_recv_buf_enqueue(ce_state, (void *)skb,
+- ce_data);
+- if (ret) {
+- ath10k_warn("failed to enqueue to pipe %d: %d\n",
+- num, ret);
+- goto err;
+- }
+- }
+-
+- return ret;
+-
+-err:
+- ath10k_pci_rx_pipe_cleanup(pipe_info);
+- return ret;
+-}
+-
+-static int ath10k_pci_post_rx(struct ath10k *ar)
++static void ath10k_pci_irq_sync(struct ath10k *ar)
+ {
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- struct ath10k_pci_pipe *pipe_info;
+- const struct ce_attr *attr;
+- int pipe_num, ret = 0;
+-
+- for (pipe_num = 0; pipe_num < CE_COUNT; pipe_num++) {
+- pipe_info = &ar_pci->pipe_info[pipe_num];
+- attr = &host_ce_config_wlan[pipe_num];
+-
+- if (attr->dest_nentries == 0)
+- continue;
+-
+- ret = ath10k_pci_post_rx_pipe(pipe_info,
+- attr->dest_nentries - 1);
+- if (ret) {
+- ath10k_warn("failed to post RX buffer for pipe %d: %d\n",
+- pipe_num, ret);
++ int i;
+
+- for (; pipe_num >= 0; pipe_num--) {
+- pipe_info = &ar_pci->pipe_info[pipe_num];
+- ath10k_pci_rx_pipe_cleanup(pipe_info);
+- }
+- return ret;
+- }
+- }
++ for (i = 0; i < max(1, ar_pci->num_msi_intrs); i++)
++ synchronize_irq(ar_pci->pdev->irq + i);
++}
+
+- return 0;
++static void ath10k_pci_irq_enable(struct ath10k *ar)
++{
++ ath10k_ce_enable_interrupts(ar);
++ ath10k_pci_enable_legacy_irq(ar);
++ ath10k_pci_irq_msi_fw_unmask(ar);
+ }
+
+ static int ath10k_pci_hif_start(struct ath10k *ar)
+ {
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- int ret, ret_early;
+-
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot hif start\n");
+-
+- ath10k_pci_free_early_irq(ar);
+- ath10k_pci_kill_tasklet(ar);
+-
+- ret = ath10k_pci_request_irq(ar);
+- if (ret) {
+- ath10k_warn("failed to post RX buffers for all pipes: %d\n",
+- ret);
+- goto err_early_irq;
+- }
+-
+- ret = ath10k_pci_setup_ce_irq(ar);
+- if (ret) {
+- ath10k_warn("failed to setup CE interrupts: %d\n", ret);
+- goto err_stop;
+- }
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot hif start\n");
+
+- /* Post buffers once to start things off. */
+- ret = ath10k_pci_post_rx(ar);
+- if (ret) {
+- ath10k_warn("failed to post RX buffers for all pipes: %d\n",
+- ret);
+- goto err_stop;
+- }
++ ath10k_pci_irq_enable(ar);
++ ath10k_pci_rx_post(ar);
+
+- ar_pci->started = 1;
+ return 0;
+-
+-err_stop:
+- ath10k_ce_disable_interrupts(ar);
+- ath10k_pci_free_irq(ar);
+- ath10k_pci_kill_tasklet(ar);
+-err_early_irq:
+- /* Though there should be no interrupts (device was reset)
+- * power_down() expects the early IRQ to be installed as per the
+- * driver lifecycle. */
+- ret_early = ath10k_pci_request_early_irq(ar);
+- if (ret_early)
+- ath10k_warn("failed to re-enable early irq: %d\n", ret_early);
+-
+- return ret;
+ }
+
+-static void ath10k_pci_rx_pipe_cleanup(struct ath10k_pci_pipe *pipe_info)
++static void ath10k_pci_rx_pipe_cleanup(struct ath10k_pci_pipe *pci_pipe)
+ {
+ struct ath10k *ar;
+- struct ath10k_pci *ar_pci;
+- struct ath10k_ce_pipe *ce_hdl;
+- u32 buf_sz;
+- struct sk_buff *netbuf;
+- u32 ce_data;
++ struct ath10k_ce_pipe *ce_pipe;
++ struct ath10k_ce_ring *ce_ring;
++ struct sk_buff *skb;
++ int i;
+
+- buf_sz = pipe_info->buf_sz;
++ ar = pci_pipe->hif_ce_state;
++ ce_pipe = pci_pipe->ce_hdl;
++ ce_ring = ce_pipe->dest_ring;
+
+- /* Unused Copy Engine */
+- if (buf_sz == 0)
++ if (!ce_ring)
+ return;
+
+- ar = pipe_info->hif_ce_state;
+- ar_pci = ath10k_pci_priv(ar);
+-
+- if (!ar_pci->started)
++ if (!pci_pipe->buf_sz)
+ return;
+
+- ce_hdl = pipe_info->ce_hdl;
++ for (i = 0; i < ce_ring->nentries; i++) {
++ skb = ce_ring->per_transfer_context[i];
++ if (!skb)
++ continue;
++
++ ce_ring->per_transfer_context[i] = NULL;
+
+- while (ath10k_ce_revoke_recv_next(ce_hdl, (void **)&netbuf,
+- &ce_data) == 0) {
+- dma_unmap_single(ar->dev, ATH10K_SKB_CB(netbuf)->paddr,
+- netbuf->len + skb_tailroom(netbuf),
++ dma_unmap_single(ar->dev, ATH10K_SKB_RXCB(skb)->paddr,
++ skb->len + skb_tailroom(skb),
+ DMA_FROM_DEVICE);
+- dev_kfree_skb_any(netbuf);
++ dev_kfree_skb_any(skb);
+ }
+ }
+
+-static void ath10k_pci_tx_pipe_cleanup(struct ath10k_pci_pipe *pipe_info)
++static void ath10k_pci_tx_pipe_cleanup(struct ath10k_pci_pipe *pci_pipe)
+ {
+ struct ath10k *ar;
+ struct ath10k_pci *ar_pci;
+- struct ath10k_ce_pipe *ce_hdl;
+- struct sk_buff *netbuf;
+- u32 ce_data;
+- unsigned int nbytes;
++ struct ath10k_ce_pipe *ce_pipe;
++ struct ath10k_ce_ring *ce_ring;
++ struct ce_desc *ce_desc;
++ struct sk_buff *skb;
+ unsigned int id;
+- u32 buf_sz;
++ int i;
+
+- buf_sz = pipe_info->buf_sz;
++ ar = pci_pipe->hif_ce_state;
++ ar_pci = ath10k_pci_priv(ar);
++ ce_pipe = pci_pipe->ce_hdl;
++ ce_ring = ce_pipe->src_ring;
+
+- /* Unused Copy Engine */
+- if (buf_sz == 0)
++ if (!ce_ring)
+ return;
+
+- ar = pipe_info->hif_ce_state;
+- ar_pci = ath10k_pci_priv(ar);
+-
+- if (!ar_pci->started)
++ if (!pci_pipe->buf_sz)
+ return;
+
+- ce_hdl = pipe_info->ce_hdl;
++ ce_desc = ce_ring->shadow_base;
++ if (WARN_ON(!ce_desc))
++ return;
+
+- while (ath10k_ce_cancel_send_next(ce_hdl, (void **)&netbuf,
+- &ce_data, &nbytes, &id) == 0) {
+- /* no need to call tx completion for NULL pointers */
+- if (!netbuf)
++ for (i = 0; i < ce_ring->nentries; i++) {
++ skb = ce_ring->per_transfer_context[i];
++ if (!skb)
+ continue;
+
+- ar_pci->msg_callbacks_current.tx_completion(ar,
+- netbuf,
+- id);
++ ce_ring->per_transfer_context[i] = NULL;
++ id = MS(__le16_to_cpu(ce_desc[i].flags),
++ CE_DESC_FLAGS_META_DATA);
++
++ ar_pci->msg_callbacks_current.tx_completion(ar, skb);
+ }
+ }
+
+@@ -1264,38 +1321,32 @@ static void ath10k_pci_ce_deinit(struct
+ ath10k_ce_deinit_pipe(ar, i);
+ }
+
+-static void ath10k_pci_hif_stop(struct ath10k *ar)
++static void ath10k_pci_flush(struct ath10k *ar)
+ {
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- int ret;
+-
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot hif stop\n");
+-
+- ret = ath10k_ce_disable_interrupts(ar);
+- if (ret)
+- ath10k_warn("failed to disable CE interrupts: %d\n", ret);
+-
+- ath10k_pci_free_irq(ar);
+ ath10k_pci_kill_tasklet(ar);
+-
+- ret = ath10k_pci_request_early_irq(ar);
+- if (ret)
+- ath10k_warn("failed to re-enable early irq: %d\n", ret);
+-
+- /* At this point, asynchronous threads are stopped, the target should
+- * not DMA nor interrupt. We process the leftovers and then free
+- * everything else up. */
+-
+ ath10k_pci_buffer_cleanup(ar);
++}
+
+- /* Make the sure the device won't access any structures on the host by
+- * resetting it. The device was fed with PCI CE ringbuffer
+- * configuration during init. If ringbuffers are freed and the device
+- * were to access them this could lead to memory corruption on the
+- * host. */
++static void ath10k_pci_hif_stop(struct ath10k *ar)
++{
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot hif stop\n");
++
++ /* Most likely the device has HTT Rx ring configured. The only way to
++ * prevent the device from accessing (and possible corrupting) host
++ * memory is to reset the chip now.
++ *
++ * There's also no known way of masking MSI interrupts on the device.
++ * For ranged MSI the CE-related interrupts can be masked. However
++ * regardless how many MSI interrupts are assigned the first one
++ * is always used for firmware indications (crashes) and cannot be
++ * masked. To prevent the device from asserting the interrupt reset it
++ * before proceeding with cleanup.
++ */
+ ath10k_pci_warm_reset(ar);
+
+- ar_pci->started = 0;
++ ath10k_pci_irq_disable(ar);
++ ath10k_pci_irq_sync(ar);
++ ath10k_pci_flush(ar);
+ }
+
+ static int ath10k_pci_hif_exchange_bmi_msg(struct ath10k *ar,
+@@ -1346,11 +1397,9 @@ static int ath10k_pci_hif_exchange_bmi_m
+ xfer.wait_for_resp = true;
+ xfer.resp_len = 0;
+
+- ath10k_ce_recv_buf_enqueue(ce_rx, &xfer, resp_paddr);
++ ath10k_ce_rx_post_buf(ce_rx, &xfer, resp_paddr);
+ }
+
+- init_completion(&xfer.done);
+-
+ ret = ath10k_ce_send(ce_tx, &xfer, req_paddr, req_len, -1, 0);
+ if (ret)
+ goto err_resp;
+@@ -1401,14 +1450,12 @@ static void ath10k_pci_bmi_send_done(str
+ &nbytes, &transfer_id))
+ return;
+
+- if (xfer->wait_for_resp)
+- return;
+-
+- complete(&xfer->done);
++ xfer->tx_done = true;
+ }
+
+ static void ath10k_pci_bmi_recv_data(struct ath10k_ce_pipe *ce_state)
+ {
++ struct ath10k *ar = ce_state->ar;
+ struct bmi_xfer *xfer;
+ u32 ce_data;
+ unsigned int nbytes;
+@@ -1419,13 +1466,16 @@ static void ath10k_pci_bmi_recv_data(str
+ &nbytes, &transfer_id, &flags))
+ return;
+
++ if (WARN_ON_ONCE(!xfer))
++ return;
++
+ if (!xfer->wait_for_resp) {
+- ath10k_warn("unexpected: BMI data received; ignoring\n");
++ ath10k_warn(ar, "unexpected: BMI data received; ignoring\n");
+ return;
+ }
+
+ xfer->resp_len = nbytes;
+- complete(&xfer->done);
++ xfer->rx_done = true;
+ }
+
+ static int ath10k_pci_bmi_wait(struct ath10k_ce_pipe *tx_pipe,
+@@ -1438,7 +1488,7 @@ static int ath10k_pci_bmi_wait(struct at
+ ath10k_pci_bmi_send_done(tx_pipe);
+ ath10k_pci_bmi_recv_data(rx_pipe);
+
+- if (completion_done(&xfer->done))
++ if (xfer->tx_done && (xfer->rx_done == xfer->wait_for_resp))
+ return 0;
+
+ schedule();
+@@ -1448,131 +1498,48 @@ static int ath10k_pci_bmi_wait(struct at
+ }
+
+ /*
+- * Map from service/endpoint to Copy Engine.
+- * This table is derived from the CE_PCI TABLE, above.
+- * It is passed to the Target at startup for use by firmware.
+- */
+-static const struct service_to_pipe target_service_to_ce_map_wlan[] = {
+- {
+- ATH10K_HTC_SVC_ID_WMI_DATA_VO,
+- PIPEDIR_OUT, /* out = UL = host -> target */
+- 3,
+- },
+- {
+- ATH10K_HTC_SVC_ID_WMI_DATA_VO,
+- PIPEDIR_IN, /* in = DL = target -> host */
+- 2,
+- },
+- {
+- ATH10K_HTC_SVC_ID_WMI_DATA_BK,
+- PIPEDIR_OUT, /* out = UL = host -> target */
+- 3,
+- },
+- {
+- ATH10K_HTC_SVC_ID_WMI_DATA_BK,
+- PIPEDIR_IN, /* in = DL = target -> host */
+- 2,
+- },
+- {
+- ATH10K_HTC_SVC_ID_WMI_DATA_BE,
+- PIPEDIR_OUT, /* out = UL = host -> target */
+- 3,
+- },
+- {
+- ATH10K_HTC_SVC_ID_WMI_DATA_BE,
+- PIPEDIR_IN, /* in = DL = target -> host */
+- 2,
+- },
+- {
+- ATH10K_HTC_SVC_ID_WMI_DATA_VI,
+- PIPEDIR_OUT, /* out = UL = host -> target */
+- 3,
+- },
+- {
+- ATH10K_HTC_SVC_ID_WMI_DATA_VI,
+- PIPEDIR_IN, /* in = DL = target -> host */
+- 2,
+- },
+- {
+- ATH10K_HTC_SVC_ID_WMI_CONTROL,
+- PIPEDIR_OUT, /* out = UL = host -> target */
+- 3,
+- },
+- {
+- ATH10K_HTC_SVC_ID_WMI_CONTROL,
+- PIPEDIR_IN, /* in = DL = target -> host */
+- 2,
+- },
+- {
+- ATH10K_HTC_SVC_ID_RSVD_CTRL,
+- PIPEDIR_OUT, /* out = UL = host -> target */
+- 0, /* could be moved to 3 (share with WMI) */
+- },
+- {
+- ATH10K_HTC_SVC_ID_RSVD_CTRL,
+- PIPEDIR_IN, /* in = DL = target -> host */
+- 1,
+- },
+- {
+- ATH10K_HTC_SVC_ID_TEST_RAW_STREAMS, /* not currently used */
+- PIPEDIR_OUT, /* out = UL = host -> target */
+- 0,
+- },
+- {
+- ATH10K_HTC_SVC_ID_TEST_RAW_STREAMS, /* not currently used */
+- PIPEDIR_IN, /* in = DL = target -> host */
+- 1,
+- },
+- {
+- ATH10K_HTC_SVC_ID_HTT_DATA_MSG,
+- PIPEDIR_OUT, /* out = UL = host -> target */
+- 4,
+- },
+- {
+- ATH10K_HTC_SVC_ID_HTT_DATA_MSG,
+- PIPEDIR_IN, /* in = DL = target -> host */
+- 1,
+- },
+-
+- /* (Additions here) */
+-
+- { /* Must be last */
+- 0,
+- 0,
+- 0,
+- },
+-};
+-
+-/*
+ * Send an interrupt to the device to wake up the Target CPU
+ * so it has an opportunity to notice any changed state.
+ */
+ static int ath10k_pci_wake_target_cpu(struct ath10k *ar)
+ {
+- int ret;
+- u32 core_ctrl;
++ u32 addr, val;
+
+- ret = ath10k_pci_diag_read_access(ar, SOC_CORE_BASE_ADDRESS |
+- CORE_CTRL_ADDRESS,
+- &core_ctrl);
+- if (ret) {
+- ath10k_warn("failed to read core_ctrl: %d\n", ret);
+- return ret;
+- }
++ addr = SOC_CORE_BASE_ADDRESS | CORE_CTRL_ADDRESS;
++ val = ath10k_pci_read32(ar, addr);
++ val |= CORE_CTRL_CPU_INTR_MASK;
++ ath10k_pci_write32(ar, addr, val);
+
+- /* A_INUM_FIRMWARE interrupt to Target CPU */
+- core_ctrl |= CORE_CTRL_CPU_INTR_MASK;
++ return 0;
++}
+
+- ret = ath10k_pci_diag_write_access(ar, SOC_CORE_BASE_ADDRESS |
+- CORE_CTRL_ADDRESS,
+- core_ctrl);
+- if (ret) {
+- ath10k_warn("failed to set target CPU interrupt mask: %d\n",
+- ret);
+- return ret;
++static int ath10k_pci_get_num_banks(struct ath10k *ar)
++{
++ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++
++ switch (ar_pci->pdev->device) {
++ case QCA988X_2_0_DEVICE_ID:
++ return 1;
++ case QCA6174_2_1_DEVICE_ID:
++ switch (MS(ar->chip_id, SOC_CHIP_ID_REV)) {
++ case QCA6174_HW_1_0_CHIP_ID_REV:
++ case QCA6174_HW_1_1_CHIP_ID_REV:
++ return 3;
++ case QCA6174_HW_1_3_CHIP_ID_REV:
++ return 2;
++ case QCA6174_HW_2_1_CHIP_ID_REV:
++ case QCA6174_HW_2_2_CHIP_ID_REV:
++ return 6;
++ case QCA6174_HW_3_0_CHIP_ID_REV:
++ case QCA6174_HW_3_1_CHIP_ID_REV:
++ case QCA6174_HW_3_2_CHIP_ID_REV:
++ return 9;
++ }
++ break;
+ }
+
+- return 0;
++ ath10k_warn(ar, "unknown number of banks, assuming 1\n");
++ return 1;
+ }
+
+ static int ath10k_pci_init_config(struct ath10k *ar)
+@@ -1593,144 +1560,162 @@ static int ath10k_pci_init_config(struct
+ host_interest_item_address(HI_ITEM(hi_interconnect_state));
+
+ /* Supply Target-side CE configuration */
+- ret = ath10k_pci_diag_read_access(ar, interconnect_targ_addr,
+- &pcie_state_targ_addr);
++ ret = ath10k_pci_diag_read32(ar, interconnect_targ_addr,
++ &pcie_state_targ_addr);
+ if (ret != 0) {
+- ath10k_err("Failed to get pcie state addr: %d\n", ret);
++ ath10k_err(ar, "Failed to get pcie state addr: %d\n", ret);
+ return ret;
+ }
+
+ if (pcie_state_targ_addr == 0) {
+ ret = -EIO;
+- ath10k_err("Invalid pcie state addr\n");
++ ath10k_err(ar, "Invalid pcie state addr\n");
+ return ret;
+ }
+
+- ret = ath10k_pci_diag_read_access(ar, pcie_state_targ_addr +
++ ret = ath10k_pci_diag_read32(ar, (pcie_state_targ_addr +
+ offsetof(struct pcie_state,
+- pipe_cfg_addr),
+- &pipe_cfg_targ_addr);
++ pipe_cfg_addr)),
++ &pipe_cfg_targ_addr);
+ if (ret != 0) {
+- ath10k_err("Failed to get pipe cfg addr: %d\n", ret);
++ ath10k_err(ar, "Failed to get pipe cfg addr: %d\n", ret);
+ return ret;
+ }
+
+ if (pipe_cfg_targ_addr == 0) {
+ ret = -EIO;
+- ath10k_err("Invalid pipe cfg addr\n");
++ ath10k_err(ar, "Invalid pipe cfg addr\n");
+ return ret;
+ }
+
+ ret = ath10k_pci_diag_write_mem(ar, pipe_cfg_targ_addr,
+- target_ce_config_wlan,
+- sizeof(target_ce_config_wlan));
++ target_ce_config_wlan,
++ sizeof(target_ce_config_wlan));
+
+ if (ret != 0) {
+- ath10k_err("Failed to write pipe cfg: %d\n", ret);
++ ath10k_err(ar, "Failed to write pipe cfg: %d\n", ret);
+ return ret;
+ }
+
+- ret = ath10k_pci_diag_read_access(ar, pcie_state_targ_addr +
++ ret = ath10k_pci_diag_read32(ar, (pcie_state_targ_addr +
+ offsetof(struct pcie_state,
+- svc_to_pipe_map),
+- &svc_to_pipe_map);
++ svc_to_pipe_map)),
++ &svc_to_pipe_map);
+ if (ret != 0) {
+- ath10k_err("Failed to get svc/pipe map: %d\n", ret);
++ ath10k_err(ar, "Failed to get svc/pipe map: %d\n", ret);
+ return ret;
+ }
+
+ if (svc_to_pipe_map == 0) {
+ ret = -EIO;
+- ath10k_err("Invalid svc_to_pipe map\n");
++ ath10k_err(ar, "Invalid svc_to_pipe map\n");
+ return ret;
+ }
+
+ ret = ath10k_pci_diag_write_mem(ar, svc_to_pipe_map,
+- target_service_to_ce_map_wlan,
+- sizeof(target_service_to_ce_map_wlan));
++ target_service_to_ce_map_wlan,
++ sizeof(target_service_to_ce_map_wlan));
+ if (ret != 0) {
+- ath10k_err("Failed to write svc/pipe map: %d\n", ret);
++ ath10k_err(ar, "Failed to write svc/pipe map: %d\n", ret);
+ return ret;
+ }
+
+- ret = ath10k_pci_diag_read_access(ar, pcie_state_targ_addr +
++ ret = ath10k_pci_diag_read32(ar, (pcie_state_targ_addr +
+ offsetof(struct pcie_state,
+- config_flags),
+- &pcie_config_flags);
++ config_flags)),
++ &pcie_config_flags);
+ if (ret != 0) {
+- ath10k_err("Failed to get pcie config_flags: %d\n", ret);
++ ath10k_err(ar, "Failed to get pcie config_flags: %d\n", ret);
+ return ret;
+ }
+
+ pcie_config_flags &= ~PCIE_CONFIG_FLAG_ENABLE_L1;
+
+- ret = ath10k_pci_diag_write_mem(ar, pcie_state_targ_addr +
+- offsetof(struct pcie_state, config_flags),
+- &pcie_config_flags,
+- sizeof(pcie_config_flags));
++ ret = ath10k_pci_diag_write32(ar, (pcie_state_targ_addr +
++ offsetof(struct pcie_state,
++ config_flags)),
++ pcie_config_flags);
+ if (ret != 0) {
+- ath10k_err("Failed to write pcie config_flags: %d\n", ret);
++ ath10k_err(ar, "Failed to write pcie config_flags: %d\n", ret);
+ return ret;
+ }
+
+ /* configure early allocation */
+ ealloc_targ_addr = host_interest_item_address(HI_ITEM(hi_early_alloc));
+
+- ret = ath10k_pci_diag_read_access(ar, ealloc_targ_addr, &ealloc_value);
++ ret = ath10k_pci_diag_read32(ar, ealloc_targ_addr, &ealloc_value);
+ if (ret != 0) {
+- ath10k_err("Faile to get early alloc val: %d\n", ret);
++ ath10k_err(ar, "Faile to get early alloc val: %d\n", ret);
+ return ret;
+ }
+
+ /* first bank is switched to IRAM */
+ ealloc_value |= ((HI_EARLY_ALLOC_MAGIC << HI_EARLY_ALLOC_MAGIC_SHIFT) &
+ HI_EARLY_ALLOC_MAGIC_MASK);
+- ealloc_value |= ((1 << HI_EARLY_ALLOC_IRAM_BANKS_SHIFT) &
++ ealloc_value |= ((ath10k_pci_get_num_banks(ar) <<
++ HI_EARLY_ALLOC_IRAM_BANKS_SHIFT) &
+ HI_EARLY_ALLOC_IRAM_BANKS_MASK);
+
+- ret = ath10k_pci_diag_write_access(ar, ealloc_targ_addr, ealloc_value);
++ ret = ath10k_pci_diag_write32(ar, ealloc_targ_addr, ealloc_value);
+ if (ret != 0) {
+- ath10k_err("Failed to set early alloc val: %d\n", ret);
++ ath10k_err(ar, "Failed to set early alloc val: %d\n", ret);
+ return ret;
+ }
+
+ /* Tell Target to proceed with initialization */
+ flag2_targ_addr = host_interest_item_address(HI_ITEM(hi_option_flag2));
+
+- ret = ath10k_pci_diag_read_access(ar, flag2_targ_addr, &flag2_value);
++ ret = ath10k_pci_diag_read32(ar, flag2_targ_addr, &flag2_value);
+ if (ret != 0) {
+- ath10k_err("Failed to get option val: %d\n", ret);
++ ath10k_err(ar, "Failed to get option val: %d\n", ret);
+ return ret;
+ }
+
+ flag2_value |= HI_OPTION_EARLY_CFG_DONE;
+
+- ret = ath10k_pci_diag_write_access(ar, flag2_targ_addr, flag2_value);
++ ret = ath10k_pci_diag_write32(ar, flag2_targ_addr, flag2_value);
+ if (ret != 0) {
+- ath10k_err("Failed to set option val: %d\n", ret);
++ ath10k_err(ar, "Failed to set option val: %d\n", ret);
+ return ret;
+ }
+
+ return 0;
+ }
+
+-static int ath10k_pci_alloc_ce(struct ath10k *ar)
++static int ath10k_pci_alloc_pipes(struct ath10k *ar)
+ {
++ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ struct ath10k_pci_pipe *pipe;
+ int i, ret;
+
+ for (i = 0; i < CE_COUNT; i++) {
+- ret = ath10k_ce_alloc_pipe(ar, i, &host_ce_config_wlan[i]);
++ pipe = &ar_pci->pipe_info[i];
++ pipe->ce_hdl = &ar_pci->ce_states[i];
++ pipe->pipe_num = i;
++ pipe->hif_ce_state = ar;
++
++ ret = ath10k_ce_alloc_pipe(ar, i, &host_ce_config_wlan[i],
++ ath10k_pci_ce_send_done,
++ ath10k_pci_ce_recv_data);
+ if (ret) {
+- ath10k_err("failed to allocate copy engine pipe %d: %d\n",
++ ath10k_err(ar, "failed to allocate copy engine pipe %d: %d\n",
+ i, ret);
+ return ret;
+ }
++
++ /* Last CE is Diagnostic Window */
++ if (i == CE_COUNT - 1) {
++ ar_pci->ce_diag = pipe->ce_hdl;
++ continue;
++ }
++
++ pipe->buf_sz = (size_t)(host_ce_config_wlan[i].src_sz_max);
+ }
+
+ return 0;
+ }
+
+-static void ath10k_pci_free_ce(struct ath10k *ar)
++static void ath10k_pci_free_pipes(struct ath10k *ar)
+ {
+ int i;
+
+@@ -1738,305 +1723,319 @@ static void ath10k_pci_free_ce(struct at
+ ath10k_ce_free_pipe(ar, i);
+ }
+
+-static int ath10k_pci_ce_init(struct ath10k *ar)
++static int ath10k_pci_init_pipes(struct ath10k *ar)
+ {
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- struct ath10k_pci_pipe *pipe_info;
+- const struct ce_attr *attr;
+- int pipe_num, ret;
+-
+- for (pipe_num = 0; pipe_num < CE_COUNT; pipe_num++) {
+- pipe_info = &ar_pci->pipe_info[pipe_num];
+- pipe_info->ce_hdl = &ar_pci->ce_states[pipe_num];
+- pipe_info->pipe_num = pipe_num;
+- pipe_info->hif_ce_state = ar;
+- attr = &host_ce_config_wlan[pipe_num];
++ int i, ret;
+
+- ret = ath10k_ce_init_pipe(ar, pipe_num, attr);
++ for (i = 0; i < CE_COUNT; i++) {
++ ret = ath10k_ce_init_pipe(ar, i, &host_ce_config_wlan[i]);
+ if (ret) {
+- ath10k_err("failed to initialize copy engine pipe %d: %d\n",
+- pipe_num, ret);
++ ath10k_err(ar, "failed to initialize copy engine pipe %d: %d\n",
++ i, ret);
+ return ret;
+ }
+-
+- if (pipe_num == CE_COUNT - 1) {
+- /*
+- * Reserve the ultimate CE for
+- * diagnostic Window support
+- */
+- ar_pci->ce_diag = pipe_info->ce_hdl;
+- continue;
+- }
+-
+- pipe_info->buf_sz = (size_t) (attr->src_sz_max);
+ }
+
+ return 0;
+ }
+
+-static void ath10k_pci_fw_interrupt_handler(struct ath10k *ar)
++static bool ath10k_pci_has_fw_crashed(struct ath10k *ar)
+ {
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- u32 fw_indicator;
+-
+- ath10k_pci_wake(ar);
+-
+- fw_indicator = ath10k_pci_read32(ar, FW_INDICATOR_ADDRESS);
+-
+- if (fw_indicator & FW_IND_EVENT_PENDING) {
+- /* ACK: clear Target-side pending event */
+- ath10k_pci_write32(ar, FW_INDICATOR_ADDRESS,
+- fw_indicator & ~FW_IND_EVENT_PENDING);
+-
+- if (ar_pci->started) {
+- ath10k_pci_hif_dump_area(ar);
+- } else {
+- /*
+- * Probable Target failure before we're prepared
+- * to handle it. Generally unexpected.
+- */
+- ath10k_warn("early firmware event indicated\n");
+- }
+- }
+-
+- ath10k_pci_sleep(ar);
++ return ath10k_pci_read32(ar, FW_INDICATOR_ADDRESS) &
++ FW_IND_EVENT_PENDING;
+ }
+
+-static int ath10k_pci_warm_reset(struct ath10k *ar)
++static void ath10k_pci_fw_crashed_clear(struct ath10k *ar)
+ {
+- int ret = 0;
+ u32 val;
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot warm reset\n");
++ val = ath10k_pci_read32(ar, FW_INDICATOR_ADDRESS);
++ val &= ~FW_IND_EVENT_PENDING;
++ ath10k_pci_write32(ar, FW_INDICATOR_ADDRESS, val);
++}
+
+- ret = ath10k_do_pci_wake(ar);
+- if (ret) {
+- ath10k_err("failed to wake up target: %d\n", ret);
+- return ret;
+- }
++/* this function effectively clears target memory controller assert line */
++static void ath10k_pci_warm_reset_si0(struct ath10k *ar)
++{
++ u32 val;
+
+- /* debug */
+- val = ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS +
+- PCIE_INTR_CAUSE_ADDRESS);
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot host cpu intr cause: 0x%08x\n", val);
++ val = ath10k_pci_soc_read32(ar, SOC_RESET_CONTROL_ADDRESS);
++ ath10k_pci_soc_write32(ar, SOC_RESET_CONTROL_ADDRESS,
++ val | SOC_RESET_CONTROL_SI0_RST_MASK);
++ val = ath10k_pci_soc_read32(ar, SOC_RESET_CONTROL_ADDRESS);
+
+- val = ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS +
+- CPU_INTR_ADDRESS);
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot target cpu intr cause: 0x%08x\n",
+- val);
++ msleep(10);
+
+- /* disable pending irqs */
+- ath10k_pci_write32(ar, SOC_CORE_BASE_ADDRESS +
+- PCIE_INTR_ENABLE_ADDRESS, 0);
++ val = ath10k_pci_soc_read32(ar, SOC_RESET_CONTROL_ADDRESS);
++ ath10k_pci_soc_write32(ar, SOC_RESET_CONTROL_ADDRESS,
++ val & ~SOC_RESET_CONTROL_SI0_RST_MASK);
++ val = ath10k_pci_soc_read32(ar, SOC_RESET_CONTROL_ADDRESS);
+
+- ath10k_pci_write32(ar, SOC_CORE_BASE_ADDRESS +
+- PCIE_INTR_CLR_ADDRESS, ~0);
++ msleep(10);
++}
+
+- msleep(100);
++static void ath10k_pci_warm_reset_cpu(struct ath10k *ar)
++{
++ u32 val;
+
+- /* clear fw indicator */
+ ath10k_pci_write32(ar, FW_INDICATOR_ADDRESS, 0);
+
+- /* clear target LF timer interrupts */
+ val = ath10k_pci_read32(ar, RTC_SOC_BASE_ADDRESS +
+- SOC_LF_TIMER_CONTROL0_ADDRESS);
+- ath10k_pci_write32(ar, RTC_SOC_BASE_ADDRESS +
+- SOC_LF_TIMER_CONTROL0_ADDRESS,
+- val & ~SOC_LF_TIMER_CONTROL0_ENABLE_MASK);
++ SOC_RESET_CONTROL_ADDRESS);
++ ath10k_pci_write32(ar, RTC_SOC_BASE_ADDRESS + SOC_RESET_CONTROL_ADDRESS,
++ val | SOC_RESET_CONTROL_CPU_WARM_RST_MASK);
++}
++
++static void ath10k_pci_warm_reset_ce(struct ath10k *ar)
++{
++ u32 val;
+
+- /* reset CE */
+ val = ath10k_pci_read32(ar, RTC_SOC_BASE_ADDRESS +
+ SOC_RESET_CONTROL_ADDRESS);
++
+ ath10k_pci_write32(ar, RTC_SOC_BASE_ADDRESS + SOC_RESET_CONTROL_ADDRESS,
+ val | SOC_RESET_CONTROL_CE_RST_MASK);
+- val = ath10k_pci_read32(ar, RTC_SOC_BASE_ADDRESS +
+- SOC_RESET_CONTROL_ADDRESS);
+ msleep(10);
+-
+- /* unreset CE */
+ ath10k_pci_write32(ar, RTC_SOC_BASE_ADDRESS + SOC_RESET_CONTROL_ADDRESS,
+ val & ~SOC_RESET_CONTROL_CE_RST_MASK);
+- val = ath10k_pci_read32(ar, RTC_SOC_BASE_ADDRESS +
+- SOC_RESET_CONTROL_ADDRESS);
+- msleep(10);
++}
+
+- /* debug */
+- val = ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS +
+- PCIE_INTR_CAUSE_ADDRESS);
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot host cpu intr cause: 0x%08x\n", val);
+-
+- val = ath10k_pci_read32(ar, SOC_CORE_BASE_ADDRESS +
+- CPU_INTR_ADDRESS);
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot target cpu intr cause: 0x%08x\n",
+- val);
++static void ath10k_pci_warm_reset_clear_lf(struct ath10k *ar)
++{
++ u32 val;
+
+- /* CPU warm reset */
+ val = ath10k_pci_read32(ar, RTC_SOC_BASE_ADDRESS +
+- SOC_RESET_CONTROL_ADDRESS);
+- ath10k_pci_write32(ar, RTC_SOC_BASE_ADDRESS + SOC_RESET_CONTROL_ADDRESS,
+- val | SOC_RESET_CONTROL_CPU_WARM_RST_MASK);
++ SOC_LF_TIMER_CONTROL0_ADDRESS);
++ ath10k_pci_write32(ar, RTC_SOC_BASE_ADDRESS +
++ SOC_LF_TIMER_CONTROL0_ADDRESS,
++ val & ~SOC_LF_TIMER_CONTROL0_ENABLE_MASK);
++}
+
+- val = ath10k_pci_read32(ar, RTC_SOC_BASE_ADDRESS +
+- SOC_RESET_CONTROL_ADDRESS);
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot target reset state: 0x%08x\n", val);
++static int ath10k_pci_warm_reset(struct ath10k *ar)
++{
++ int ret;
+
+- msleep(100);
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot warm reset\n");
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot warm reset complete\n");
++ spin_lock_bh(&ar->data_lock);
++ ar->stats.fw_warm_reset_counter++;
++ spin_unlock_bh(&ar->data_lock);
++
++ ath10k_pci_irq_disable(ar);
++
++ /* Make sure the target CPU is not doing anything dangerous, e.g. if it
++ * were to access copy engine while host performs copy engine reset
++ * then it is possible for the device to confuse pci-e controller to
++ * the point of bringing host system to a complete stop (i.e. hang).
++ */
++ ath10k_pci_warm_reset_si0(ar);
++ ath10k_pci_warm_reset_cpu(ar);
++ ath10k_pci_init_pipes(ar);
++ ath10k_pci_wait_for_target_init(ar);
++
++ ath10k_pci_warm_reset_clear_lf(ar);
++ ath10k_pci_warm_reset_ce(ar);
++ ath10k_pci_warm_reset_cpu(ar);
++ ath10k_pci_init_pipes(ar);
+
+- ath10k_do_pci_sleep(ar);
+- return ret;
++ ret = ath10k_pci_wait_for_target_init(ar);
++ if (ret) {
++ ath10k_warn(ar, "failed to wait for target init: %d\n", ret);
++ return ret;
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot warm reset complete\n");
++
++ return 0;
+ }
+
+-static int __ath10k_pci_hif_power_up(struct ath10k *ar, bool cold_reset)
++static int ath10k_pci_qca988x_chip_reset(struct ath10k *ar)
+ {
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- const char *irq_mode;
+- int ret;
++ int i, ret;
++ u32 val;
+
+- /*
+- * Bring the target up cleanly.
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot 988x chip reset\n");
++
++ /* Some hardware revisions (e.g. CUS223v2) has issues with cold reset.
++ * It is thus preferred to use warm reset which is safer but may not be
++ * able to recover the device from all possible fail scenarios.
+ *
+- * The target may be in an undefined state with an AUX-powered Target
+- * and a Host in WoW mode. If the Host crashes, loses power, or is
+- * restarted (without unloading the driver) then the Target is left
+- * (aux) powered and running. On a subsequent driver load, the Target
+- * is in an unexpected state. We try to catch that here in order to
+- * reset the Target and retry the probe.
++ * Warm reset doesn't always work on first try so attempt it a few
++ * times before giving up.
+ */
+- if (cold_reset)
+- ret = ath10k_pci_cold_reset(ar);
+- else
++ for (i = 0; i < ATH10K_PCI_NUM_WARM_RESET_ATTEMPTS; i++) {
+ ret = ath10k_pci_warm_reset(ar);
++ if (ret) {
++ ath10k_warn(ar, "failed to warm reset attempt %d of %d: %d\n",
++ i + 1, ATH10K_PCI_NUM_WARM_RESET_ATTEMPTS,
++ ret);
++ continue;
++ }
++
++ /* FIXME: Sometimes copy engine doesn't recover after warm
++ * reset. In most cases this needs cold reset. In some of these
++ * cases the device is in such a state that a cold reset may
++ * lock up the host.
++ *
++ * Reading any host interest register via copy engine is
++ * sufficient to verify if device is capable of booting
++ * firmware blob.
++ */
++ ret = ath10k_pci_init_pipes(ar);
++ if (ret) {
++ ath10k_warn(ar, "failed to init copy engine: %d\n",
++ ret);
++ continue;
++ }
++
++ ret = ath10k_pci_diag_read32(ar, QCA988X_HOST_INTEREST_ADDRESS,
++ &val);
++ if (ret) {
++ ath10k_warn(ar, "failed to poke copy engine: %d\n",
++ ret);
++ continue;
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot chip reset complete (warm)\n");
++ return 0;
++ }
+
++ if (ath10k_pci_reset_mode == ATH10K_PCI_RESET_WARM_ONLY) {
++ ath10k_warn(ar, "refusing cold reset as requested\n");
++ return -EPERM;
++ }
++
++ ret = ath10k_pci_cold_reset(ar);
+ if (ret) {
+- ath10k_err("failed to reset target: %d\n", ret);
+- goto err;
++ ath10k_warn(ar, "failed to cold reset: %d\n", ret);
++ return ret;
++ }
++
++ ret = ath10k_pci_wait_for_target_init(ar);
++ if (ret) {
++ ath10k_warn(ar, "failed to wait for target after cold reset: %d\n",
++ ret);
++ return ret;
+ }
+
+- if (!test_bit(ATH10K_PCI_FEATURE_SOC_POWER_SAVE, ar_pci->features))
+- /* Force AWAKE forever */
+- ath10k_do_pci_wake(ar);
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot qca988x chip reset complete (cold)\n");
+
+- ret = ath10k_pci_ce_init(ar);
++ return 0;
++}
++
++static int ath10k_pci_qca6174_chip_reset(struct ath10k *ar)
++{
++ int ret;
++
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot qca6174 chip reset\n");
++
++ /* FIXME: QCA6174 requires cold + warm reset to work. */
++
++ ret = ath10k_pci_cold_reset(ar);
+ if (ret) {
+- ath10k_err("failed to initialize CE: %d\n", ret);
+- goto err_ps;
++ ath10k_warn(ar, "failed to cold reset: %d\n", ret);
++ return ret;
+ }
+
+- ret = ath10k_ce_disable_interrupts(ar);
++ ret = ath10k_pci_wait_for_target_init(ar);
+ if (ret) {
+- ath10k_err("failed to disable CE interrupts: %d\n", ret);
+- goto err_ce;
++ ath10k_warn(ar, "failed to wait for target after cold reset: %d\n",
++ ret);
++ return ret;
+ }
+
+- ret = ath10k_pci_init_irq(ar);
++ ret = ath10k_pci_warm_reset(ar);
++ if (ret) {
++ ath10k_warn(ar, "failed to warm reset: %d\n", ret);
++ return ret;
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot qca6174 chip reset complete (cold)\n");
++
++ return 0;
++}
++
++static int ath10k_pci_chip_reset(struct ath10k *ar)
++{
++ if (QCA_REV_988X(ar))
++ return ath10k_pci_qca988x_chip_reset(ar);
++ else if (QCA_REV_6174(ar))
++ return ath10k_pci_qca6174_chip_reset(ar);
++ else
++ return -ENOTSUPP;
++}
++
++static int ath10k_pci_hif_power_up(struct ath10k *ar)
++{
++ int ret;
++
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot hif power up\n");
++
++ ret = ath10k_pci_wake(ar);
++ if (ret) {
++ ath10k_err(ar, "failed to wake up target: %d\n", ret);
++ return ret;
++ }
++
++ /*
++ * Bring the target up cleanly.
++ *
++ * The target may be in an undefined state with an AUX-powered Target
++ * and a Host in WoW mode. If the Host crashes, loses power, or is
++ * restarted (without unloading the driver) then the Target is left
++ * (aux) powered and running. On a subsequent driver load, the Target
++ * is in an unexpected state. We try to catch that here in order to
++ * reset the Target and retry the probe.
++ */
++ ret = ath10k_pci_chip_reset(ar);
+ if (ret) {
+- ath10k_err("failed to init irqs: %d\n", ret);
+- goto err_ce;
+- }
++ if (ath10k_pci_has_fw_crashed(ar)) {
++ ath10k_warn(ar, "firmware crashed during chip reset\n");
++ ath10k_pci_fw_crashed_clear(ar);
++ ath10k_pci_fw_crashed_dump(ar);
++ }
+
+- ret = ath10k_pci_request_early_irq(ar);
+- if (ret) {
+- ath10k_err("failed to request early irq: %d\n", ret);
+- goto err_deinit_irq;
++ ath10k_err(ar, "failed to reset chip: %d\n", ret);
++ goto err_sleep;
+ }
+
+- ret = ath10k_pci_wait_for_target_init(ar);
++ ret = ath10k_pci_init_pipes(ar);
+ if (ret) {
+- ath10k_err("failed to wait for target to init: %d\n", ret);
+- goto err_free_early_irq;
++ ath10k_err(ar, "failed to initialize CE: %d\n", ret);
++ goto err_sleep;
+ }
+
+ ret = ath10k_pci_init_config(ar);
+ if (ret) {
+- ath10k_err("failed to setup init config: %d\n", ret);
+- goto err_free_early_irq;
++ ath10k_err(ar, "failed to setup init config: %d\n", ret);
++ goto err_ce;
+ }
+
+ ret = ath10k_pci_wake_target_cpu(ar);
+ if (ret) {
+- ath10k_err("could not wake up target CPU: %d\n", ret);
+- goto err_free_early_irq;
++ ath10k_err(ar, "could not wake up target CPU: %d\n", ret);
++ goto err_ce;
+ }
+
+- if (ar_pci->num_msi_intrs > 1)
+- irq_mode = "MSI-X";
+- else if (ar_pci->num_msi_intrs == 1)
+- irq_mode = "MSI";
+- else
+- irq_mode = "legacy";
+-
+- if (!test_bit(ATH10K_FLAG_FIRST_BOOT_DONE, &ar->dev_flags))
+- ath10k_info("pci irq %s irq_mode %d reset_mode %d\n",
+- irq_mode, ath10k_pci_irq_mode,
+- ath10k_pci_reset_mode);
+-
+ return 0;
+
+-err_free_early_irq:
+- ath10k_pci_free_early_irq(ar);
+-err_deinit_irq:
+- ath10k_pci_deinit_irq(ar);
+ err_ce:
+ ath10k_pci_ce_deinit(ar);
+- ath10k_pci_warm_reset(ar);
+-err_ps:
+- if (!test_bit(ATH10K_PCI_FEATURE_SOC_POWER_SAVE, ar_pci->features))
+- ath10k_do_pci_sleep(ar);
+-err:
+- return ret;
+-}
+-
+-static int ath10k_pci_hif_power_up(struct ath10k *ar)
+-{
+- int ret;
+-
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot hif power up\n");
+-
+- /*
+- * Hardware CUS232 version 2 has some issues with cold reset and the
+- * preferred (and safer) way to perform a device reset is through a
+- * warm reset.
+- *
+- * Warm reset doesn't always work though (notably after a firmware
+- * crash) so fall back to cold reset if necessary.
+- */
+- ret = __ath10k_pci_hif_power_up(ar, false);
+- if (ret) {
+- ath10k_warn("failed to power up target using warm reset: %d\n",
+- ret);
+-
+- if (ath10k_pci_reset_mode == ATH10K_PCI_RESET_WARM_ONLY)
+- return ret;
+
+- ath10k_warn("trying cold reset\n");
+-
+- ret = __ath10k_pci_hif_power_up(ar, true);
+- if (ret) {
+- ath10k_err("failed to power up target using cold reset too (%d)\n",
+- ret);
+- return ret;
+- }
+- }
+-
+- return 0;
++err_sleep:
++ ath10k_pci_sleep(ar);
++ return ret;
+ }
+
+ static void ath10k_pci_hif_power_down(struct ath10k *ar)
+ {
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot hif power down\n");
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot hif power down\n");
+-
+- ath10k_pci_free_early_irq(ar);
+- ath10k_pci_kill_tasklet(ar);
+- ath10k_pci_deinit_irq(ar);
+- ath10k_pci_ce_deinit(ar);
+- ath10k_pci_warm_reset(ar);
++ /* Currently hif_power_up performs effectively a reset and hif_stop
++ * resets the chip as well so there's no point in resetting here.
++ */
+
+- if (!test_bit(ATH10K_PCI_FEATURE_SOC_POWER_SAVE, ar_pci->features))
+- ath10k_do_pci_sleep(ar);
++ ath10k_pci_sleep(ar);
+ }
+
+ #ifdef CONFIG_PM
+@@ -2090,6 +2089,8 @@ static int ath10k_pci_hif_resume(struct
+
+ static const struct ath10k_hif_ops ath10k_pci_hif_ops = {
+ .tx_sg = ath10k_pci_hif_tx_sg,
++ .diag_read = ath10k_pci_hif_diag_read,
++ .diag_write = ath10k_pci_diag_write_mem,
+ .exchange_bmi_msg = ath10k_pci_hif_exchange_bmi_msg,
+ .start = ath10k_pci_hif_start,
+ .stop = ath10k_pci_hif_stop,
+@@ -2100,6 +2101,8 @@ static const struct ath10k_hif_ops ath10
+ .get_free_queue_number = ath10k_pci_hif_get_free_queue_number,
+ .power_up = ath10k_pci_hif_power_up,
+ .power_down = ath10k_pci_hif_power_down,
++ .read32 = ath10k_pci_read32,
++ .write32 = ath10k_pci_write32,
+ #ifdef CONFIG_PM
+ .suspend = ath10k_pci_hif_suspend,
+ .resume = ath10k_pci_hif_resume,
+@@ -2118,7 +2121,14 @@ static void ath10k_msi_err_tasklet(unsig
+ {
+ struct ath10k *ar = (struct ath10k *)data;
+
+- ath10k_pci_fw_interrupt_handler(ar);
++ if (!ath10k_pci_has_fw_crashed(ar)) {
++ ath10k_warn(ar, "received unsolicited fw crash interrupt\n");
++ return;
++ }
++
++ ath10k_pci_irq_disable(ar);
++ ath10k_pci_fw_crashed_clear(ar);
++ ath10k_pci_fw_crashed_dump(ar);
+ }
+
+ /*
+@@ -2132,7 +2142,8 @@ static irqreturn_t ath10k_pci_per_engine
+ int ce_id = irq - ar_pci->pdev->irq - MSI_ASSIGN_CE_INITIAL;
+
+ if (ce_id < 0 || ce_id >= ARRAY_SIZE(ar_pci->pipe_info)) {
+- ath10k_warn("unexpected/invalid irq %d ce_id %d\n", irq, ce_id);
++ ath10k_warn(ar, "unexpected/invalid irq %d ce_id %d\n", irq,
++ ce_id);
+ return IRQ_HANDLED;
+ }
+
+@@ -2179,39 +2190,18 @@ static irqreturn_t ath10k_pci_interrupt_
+ return IRQ_HANDLED;
+ }
+
+-static void ath10k_pci_early_irq_tasklet(unsigned long data)
++static void ath10k_pci_tasklet(unsigned long data)
+ {
+ struct ath10k *ar = (struct ath10k *)data;
+- u32 fw_ind;
+- int ret;
++ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+
+- ret = ath10k_pci_wake(ar);
+- if (ret) {
+- ath10k_warn("failed to wake target in early irq tasklet: %d\n",
+- ret);
++ if (ath10k_pci_has_fw_crashed(ar)) {
++ ath10k_pci_irq_disable(ar);
++ ath10k_pci_fw_crashed_clear(ar);
++ ath10k_pci_fw_crashed_dump(ar);
+ return;
+ }
+
+- fw_ind = ath10k_pci_read32(ar, FW_INDICATOR_ADDRESS);
+- if (fw_ind & FW_IND_EVENT_PENDING) {
+- ath10k_pci_write32(ar, FW_INDICATOR_ADDRESS,
+- fw_ind & ~FW_IND_EVENT_PENDING);
+-
+- /* Some structures are unavailable during early boot or at
+- * driver teardown so just print that the device has crashed. */
+- ath10k_warn("device crashed - no diagnostics available\n");
+- }
+-
+- ath10k_pci_sleep(ar);
+- ath10k_pci_enable_legacy_irq(ar);
+-}
+-
+-static void ath10k_pci_tasklet(unsigned long data)
+-{
+- struct ath10k *ar = (struct ath10k *)data;
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+-
+- ath10k_pci_fw_interrupt_handler(ar); /* FIXME: Handle FW error */
+ ath10k_ce_per_engine_service_any(ar);
+
+ /* Re-enable legacy irq that was disabled in the irq handler */
+@@ -2228,7 +2218,7 @@ static int ath10k_pci_request_irq_msix(s
+ ath10k_pci_msi_fw_handler,
+ IRQF_SHARED, "ath10k_pci", ar);
+ if (ret) {
+- ath10k_warn("failed to request MSI-X fw irq %d: %d\n",
++ ath10k_warn(ar, "failed to request MSI-X fw irq %d: %d\n",
+ ar_pci->pdev->irq + MSI_ASSIGN_FW, ret);
+ return ret;
+ }
+@@ -2238,7 +2228,7 @@ static int ath10k_pci_request_irq_msix(s
+ ath10k_pci_per_engine_handler,
+ IRQF_SHARED, "ath10k_pci", ar);
+ if (ret) {
+- ath10k_warn("failed to request MSI-X ce irq %d: %d\n",
++ ath10k_warn(ar, "failed to request MSI-X ce irq %d: %d\n",
+ ar_pci->pdev->irq + i, ret);
+
+ for (i--; i >= MSI_ASSIGN_CE_INITIAL; i--)
+@@ -2261,7 +2251,7 @@ static int ath10k_pci_request_irq_msi(st
+ ath10k_pci_interrupt_handler,
+ IRQF_SHARED, "ath10k_pci", ar);
+ if (ret) {
+- ath10k_warn("failed to request MSI irq %d: %d\n",
++ ath10k_warn(ar, "failed to request MSI irq %d: %d\n",
+ ar_pci->pdev->irq, ret);
+ return ret;
+ }
+@@ -2278,7 +2268,7 @@ static int ath10k_pci_request_irq_legacy
+ ath10k_pci_interrupt_handler,
+ IRQF_SHARED, "ath10k_pci", ar);
+ if (ret) {
+- ath10k_warn("failed to request legacy irq %d: %d\n",
++ ath10k_warn(ar, "failed to request legacy irq %d: %d\n",
+ ar_pci->pdev->irq, ret);
+ return ret;
+ }
+@@ -2299,7 +2289,7 @@ static int ath10k_pci_request_irq(struct
+ return ath10k_pci_request_irq_msix(ar);
+ }
+
+- ath10k_warn("unknown irq configuration upon request\n");
++ ath10k_warn(ar, "unknown irq configuration upon request\n");
+ return -EINVAL;
+ }
+
+@@ -2322,8 +2312,6 @@ static void ath10k_pci_init_irq_tasklets
+ tasklet_init(&ar_pci->intr_tq, ath10k_pci_tasklet, (unsigned long)ar);
+ tasklet_init(&ar_pci->msi_fw_err, ath10k_msi_err_tasklet,
+ (unsigned long)ar);
+- tasklet_init(&ar_pci->early_irq_tasklet, ath10k_pci_early_irq_tasklet,
+- (unsigned long)ar);
+
+ for (i = 0; i < CE_COUNT; i++) {
+ ar_pci->pipe_info[i].ar_pci = ar_pci;
+@@ -2335,21 +2323,19 @@ static void ath10k_pci_init_irq_tasklets
+ static int ath10k_pci_init_irq(struct ath10k *ar)
+ {
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+- bool msix_supported = test_bit(ATH10K_PCI_FEATURE_MSI_X,
+- ar_pci->features);
+ int ret;
+
+ ath10k_pci_init_irq_tasklets(ar);
+
+- if (ath10k_pci_irq_mode != ATH10K_PCI_IRQ_AUTO &&
+- !test_bit(ATH10K_FLAG_FIRST_BOOT_DONE, &ar->dev_flags))
+- ath10k_info("limiting irq mode to: %d\n", ath10k_pci_irq_mode);
++ if (ath10k_pci_irq_mode != ATH10K_PCI_IRQ_AUTO)
++ ath10k_info(ar, "limiting irq mode to: %d\n",
++ ath10k_pci_irq_mode);
+
+ /* Try MSI-X */
+- if (ath10k_pci_irq_mode == ATH10K_PCI_IRQ_AUTO && msix_supported) {
++ if (ath10k_pci_irq_mode == ATH10K_PCI_IRQ_AUTO) {
+ ar_pci->num_msi_intrs = MSI_NUM_REQUEST;
+ ret = pci_enable_msi_range(ar_pci->pdev, ar_pci->num_msi_intrs,
+- ar_pci->num_msi_intrs);
++ ar_pci->num_msi_intrs);
+ if (ret > 0)
+ return 0;
+
+@@ -2376,34 +2362,16 @@ static int ath10k_pci_init_irq(struct at
+ * synchronization checking. */
+ ar_pci->num_msi_intrs = 0;
+
+- ret = ath10k_pci_wake(ar);
+- if (ret) {
+- ath10k_warn("failed to wake target: %d\n", ret);
+- return ret;
+- }
+-
+ ath10k_pci_write32(ar, SOC_CORE_BASE_ADDRESS + PCIE_INTR_ENABLE_ADDRESS,
+ PCIE_INTR_FIRMWARE_MASK | PCIE_INTR_CE_MASK_ALL);
+- ath10k_pci_sleep(ar);
+
+ return 0;
+ }
+
+-static int ath10k_pci_deinit_irq_legacy(struct ath10k *ar)
++static void ath10k_pci_deinit_irq_legacy(struct ath10k *ar)
+ {
+- int ret;
+-
+- ret = ath10k_pci_wake(ar);
+- if (ret) {
+- ath10k_warn("failed to wake target: %d\n", ret);
+- return ret;
+- }
+-
+ ath10k_pci_write32(ar, SOC_CORE_BASE_ADDRESS + PCIE_INTR_ENABLE_ADDRESS,
+ 0);
+- ath10k_pci_sleep(ar);
+-
+- return 0;
+ }
+
+ static int ath10k_pci_deinit_irq(struct ath10k *ar)
+@@ -2412,7 +2380,8 @@ static int ath10k_pci_deinit_irq(struct
+
+ switch (ar_pci->num_msi_intrs) {
+ case 0:
+- return ath10k_pci_deinit_irq_legacy(ar);
++ ath10k_pci_deinit_irq_legacy(ar);
++ return 0;
+ case 1:
+ /* fall-through */
+ case MSI_NUM_REQUEST:
+@@ -2422,7 +2391,7 @@ static int ath10k_pci_deinit_irq(struct
+ pci_disable_msi(ar_pci->pdev);
+ }
+
+- ath10k_warn("unknown irq configuration upon deinit\n");
++ ath10k_warn(ar, "unknown irq configuration upon deinit\n");
+ return -EINVAL;
+ }
+
+@@ -2430,23 +2399,17 @@ static int ath10k_pci_wait_for_target_in
+ {
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+ unsigned long timeout;
+- int ret;
+ u32 val;
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot waiting target to initialise\n");
+-
+- ret = ath10k_pci_wake(ar);
+- if (ret) {
+- ath10k_err("failed to wake up target for init: %d\n", ret);
+- return ret;
+- }
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot waiting target to initialise\n");
+
+ timeout = jiffies + msecs_to_jiffies(ATH10K_PCI_TARGET_WAIT);
+
+ do {
+ val = ath10k_pci_read32(ar, FW_INDICATOR_ADDRESS);
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot target indicator %x\n", val);
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot target indicator %x\n",
++ val);
+
+ /* target should never return this */
+ if (val == 0xffffffff)
+@@ -2461,52 +2424,46 @@ static int ath10k_pci_wait_for_target_in
+
+ if (ar_pci->num_msi_intrs == 0)
+ /* Fix potential race by repeating CORE_BASE writes */
+- ath10k_pci_soc_write32(ar, PCIE_INTR_ENABLE_ADDRESS,
+- PCIE_INTR_FIRMWARE_MASK |
+- PCIE_INTR_CE_MASK_ALL);
++ ath10k_pci_enable_legacy_irq(ar);
+
+ mdelay(10);
+ } while (time_before(jiffies, timeout));
+
++ ath10k_pci_disable_and_clear_legacy_irq(ar);
++ ath10k_pci_irq_msi_fw_mask(ar);
++
+ if (val == 0xffffffff) {
+- ath10k_err("failed to read device register, device is gone\n");
+- ret = -EIO;
+- goto out;
++ ath10k_err(ar, "failed to read device register, device is gone\n");
++ return -EIO;
+ }
+
+ if (val & FW_IND_EVENT_PENDING) {
+- ath10k_warn("device has crashed during init\n");
+- ret = -ECOMM;
+- goto out;
++ ath10k_warn(ar, "device has crashed during init\n");
++ return -ECOMM;
+ }
+
+ if (!(val & FW_IND_INITIALIZED)) {
+- ath10k_err("failed to receive initialized event from target: %08x\n",
++ ath10k_err(ar, "failed to receive initialized event from target: %08x\n",
+ val);
+- ret = -ETIMEDOUT;
+- goto out;
++ return -ETIMEDOUT;
+ }
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot target initialised\n");
+-
+-out:
+- ath10k_pci_sleep(ar);
+- return ret;
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot target initialised\n");
++ return 0;
+ }
+
+ static int ath10k_pci_cold_reset(struct ath10k *ar)
+ {
+- int i, ret;
++ int i;
+ u32 val;
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot cold reset\n");
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot cold reset\n");
+
+- ret = ath10k_do_pci_wake(ar);
+- if (ret) {
+- ath10k_err("failed to wake up target: %d\n",
+- ret);
+- return ret;
+- }
++ spin_lock_bh(&ar->data_lock);
++
++ ar->stats.fw_cold_reset_counter++;
++
++ spin_unlock_bh(&ar->data_lock);
+
+ /* Put Target, including PCIe, into RESET. */
+ val = ath10k_pci_reg_read32(ar, SOC_GLOBAL_RESET_ADDRESS);
+@@ -2531,181 +2488,227 @@ static int ath10k_pci_cold_reset(struct
+ msleep(1);
+ }
+
+- ath10k_do_pci_sleep(ar);
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot cold reset complete\n");
++
++ return 0;
++}
++
++static int ath10k_pci_claim(struct ath10k *ar)
++{
++ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ struct pci_dev *pdev = ar_pci->pdev;
++ u32 lcr_val;
++ int ret;
++
++ pci_set_drvdata(pdev, ar);
++
++ ret = pci_enable_device(pdev);
++ if (ret) {
++ ath10k_err(ar, "failed to enable pci device: %d\n", ret);
++ return ret;
++ }
++
++ ret = pci_request_region(pdev, BAR_NUM, "ath");
++ if (ret) {
++ ath10k_err(ar, "failed to request region BAR%d: %d\n", BAR_NUM,
++ ret);
++ goto err_device;
++ }
++
++ /* Target expects 32 bit DMA. Enforce it. */
++ ret = pci_set_dma_mask(pdev, DMA_BIT_MASK(32));
++ if (ret) {
++ ath10k_err(ar, "failed to set dma mask to 32-bit: %d\n", ret);
++ goto err_region;
++ }
++
++ ret = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32));
++ if (ret) {
++ ath10k_err(ar, "failed to set consistent dma mask to 32-bit: %d\n",
++ ret);
++ goto err_region;
++ }
++
++ pci_set_master(pdev);
++
++ /* Workaround: Disable ASPM */
++ pci_read_config_dword(pdev, 0x80, &lcr_val);
++ pci_write_config_dword(pdev, 0x80, (lcr_val & 0xffffff00));
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot cold reset complete\n");
++ /* Arrange for access to Target SoC registers. */
++ ar_pci->mem = pci_iomap(pdev, BAR_NUM, 0);
++ if (!ar_pci->mem) {
++ ath10k_err(ar, "failed to iomap BAR%d\n", BAR_NUM);
++ ret = -EIO;
++ goto err_master;
++ }
+
++ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot pci_mem 0x%p\n", ar_pci->mem);
+ return 0;
++
++err_master:
++ pci_clear_master(pdev);
++
++err_region:
++ pci_release_region(pdev, BAR_NUM);
++
++err_device:
++ pci_disable_device(pdev);
++
++ return ret;
+ }
+
+-static void ath10k_pci_dump_features(struct ath10k_pci *ar_pci)
++static void ath10k_pci_release(struct ath10k *ar)
+ {
++ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
++ struct pci_dev *pdev = ar_pci->pdev;
++
++ pci_iounmap(pdev, ar_pci->mem);
++ pci_release_region(pdev, BAR_NUM);
++ pci_clear_master(pdev);
++ pci_disable_device(pdev);
++}
++
++static bool ath10k_pci_chip_is_supported(u32 dev_id, u32 chip_id)
++{
++ const struct ath10k_pci_supp_chip *supp_chip;
+ int i;
++ u32 rev_id = MS(chip_id, SOC_CHIP_ID_REV);
+
+- for (i = 0; i < ATH10K_PCI_FEATURE_COUNT; i++) {
+- if (!test_bit(i, ar_pci->features))
+- continue;
++ for (i = 0; i < ARRAY_SIZE(ath10k_pci_supp_chips); i++) {
++ supp_chip = &ath10k_pci_supp_chips[i];
+
+- switch (i) {
+- case ATH10K_PCI_FEATURE_MSI_X:
+- ath10k_dbg(ATH10K_DBG_BOOT, "device supports MSI-X\n");
+- break;
+- case ATH10K_PCI_FEATURE_SOC_POWER_SAVE:
+- ath10k_dbg(ATH10K_DBG_BOOT, "QCA98XX SoC power save enabled\n");
+- break;
+- }
++ if (supp_chip->dev_id == dev_id &&
++ supp_chip->rev_id == rev_id)
++ return true;
+ }
++
++ return false;
+ }
+
+ static int ath10k_pci_probe(struct pci_dev *pdev,
+ const struct pci_device_id *pci_dev)
+ {
+- void __iomem *mem;
+ int ret = 0;
+ struct ath10k *ar;
+ struct ath10k_pci *ar_pci;
+- u32 lcr_val, chip_id;
+-
+- ath10k_dbg(ATH10K_DBG_PCI, "pci probe\n");
+-
+- ar_pci = kzalloc(sizeof(*ar_pci), GFP_KERNEL);
+- if (ar_pci == NULL)
+- return -ENOMEM;
+-
+- ar_pci->pdev = pdev;
+- ar_pci->dev = &pdev->dev;
++ enum ath10k_hw_rev hw_rev;
++ u32 chip_id;
+
+ switch (pci_dev->device) {
+ case QCA988X_2_0_DEVICE_ID:
+- set_bit(ATH10K_PCI_FEATURE_MSI_X, ar_pci->features);
++ hw_rev = ATH10K_HW_QCA988X;
++ break;
++ case QCA6174_2_1_DEVICE_ID:
++ hw_rev = ATH10K_HW_QCA6174;
+ break;
+ default:
+- ret = -ENODEV;
+- ath10k_err("Unknown device ID: %d\n", pci_dev->device);
+- goto err_ar_pci;
++ WARN_ON(1);
++ return -ENOTSUPP;
+ }
+
+- if (ath10k_pci_target_ps)
+- set_bit(ATH10K_PCI_FEATURE_SOC_POWER_SAVE, ar_pci->features);
+-
+- ath10k_pci_dump_features(ar_pci);
+-
+- ar = ath10k_core_create(ar_pci, ar_pci->dev, &ath10k_pci_hif_ops);
++ ar = ath10k_core_create(sizeof(*ar_pci), &pdev->dev, ATH10K_BUS_PCI,
++ hw_rev, &ath10k_pci_hif_ops);
+ if (!ar) {
+- ath10k_err("failed to create driver core\n");
+- ret = -EINVAL;
+- goto err_ar_pci;
++ dev_err(&pdev->dev, "failed to allocate core\n");
++ return -ENOMEM;
+ }
+
++ ath10k_dbg(ar, ATH10K_DBG_PCI, "pci probe\n");
++
++ ar_pci = ath10k_pci_priv(ar);
++ ar_pci->pdev = pdev;
++ ar_pci->dev = &pdev->dev;
+ ar_pci->ar = ar;
+- atomic_set(&ar_pci->keep_awake_count, 0);
+
+- pci_set_drvdata(pdev, ar);
++ spin_lock_init(&ar_pci->ce_lock);
++ setup_timer(&ar_pci->rx_post_retry, ath10k_pci_rx_replenish_retry,
++ (unsigned long)ar);
+
+- /*
+- * Without any knowledge of the Host, the Target may have been reset or
+- * power cycled and its Config Space may no longer reflect the PCI
+- * address space that was assigned earlier by the PCI infrastructure.
+- * Refresh it now.
+- */
+- ret = pci_assign_resource(pdev, BAR_NUM);
++ ret = ath10k_pci_claim(ar);
+ if (ret) {
+- ath10k_err("failed to assign PCI space: %d\n", ret);
+- goto err_ar;
++ ath10k_err(ar, "failed to claim device: %d\n", ret);
++ goto err_core_destroy;
+ }
+
+- ret = pci_enable_device(pdev);
++ ret = ath10k_pci_wake(ar);
+ if (ret) {
+- ath10k_err("failed to enable PCI device: %d\n", ret);
+- goto err_ar;
++ ath10k_err(ar, "failed to wake up: %d\n", ret);
++ goto err_release;
+ }
+
+- /* Request MMIO resources */
+- ret = pci_request_region(pdev, BAR_NUM, "ath");
++ ret = ath10k_pci_alloc_pipes(ar);
+ if (ret) {
+- ath10k_err("failed to request MMIO region: %d\n", ret);
+- goto err_device;
++ ath10k_err(ar, "failed to allocate copy engine pipes: %d\n",
++ ret);
++ goto err_sleep;
+ }
+
+- /*
+- * Target structures have a limit of 32 bit DMA pointers.
+- * DMA pointers can be wider than 32 bits by default on some systems.
+- */
+- ret = pci_set_dma_mask(pdev, DMA_BIT_MASK(32));
+- if (ret) {
+- ath10k_err("failed to set DMA mask to 32-bit: %d\n", ret);
+- goto err_region;
+- }
++ ath10k_pci_ce_deinit(ar);
++ ath10k_pci_irq_disable(ar);
+
+- ret = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32));
++ ret = ath10k_pci_init_irq(ar);
+ if (ret) {
+- ath10k_err("failed to set consistent DMA mask to 32-bit\n");
+- goto err_region;
++ ath10k_err(ar, "failed to init irqs: %d\n", ret);
++ goto err_free_pipes;
+ }
+
+- /* Set bus master bit in PCI_COMMAND to enable DMA */
+- pci_set_master(pdev);
+-
+- /*
+- * Temporary FIX: disable ASPM
+- * Will be removed after the OTP is programmed
+- */
+- pci_read_config_dword(pdev, 0x80, &lcr_val);
+- pci_write_config_dword(pdev, 0x80, (lcr_val & 0xffffff00));
++ ath10k_info(ar, "pci irq %s interrupts %d irq_mode %d reset_mode %d\n",
++ ath10k_pci_get_irq_method(ar), ar_pci->num_msi_intrs,
++ ath10k_pci_irq_mode, ath10k_pci_reset_mode);
+
+- /* Arrange for access to Target SoC registers. */
+- mem = pci_iomap(pdev, BAR_NUM, 0);
+- if (!mem) {
+- ath10k_err("failed to perform IOMAP for BAR%d\n", BAR_NUM);
+- ret = -EIO;
+- goto err_master;
++ ret = ath10k_pci_request_irq(ar);
++ if (ret) {
++ ath10k_warn(ar, "failed to request irqs: %d\n", ret);
++ goto err_deinit_irq;
+ }
+
+- ar_pci->mem = mem;
+-
+- spin_lock_init(&ar_pci->ce_lock);
+-
+- ret = ath10k_do_pci_wake(ar);
++ ret = ath10k_pci_chip_reset(ar);
+ if (ret) {
+- ath10k_err("Failed to get chip id: %d\n", ret);
+- goto err_iomap;
++ ath10k_err(ar, "failed to reset chip: %d\n", ret);
++ goto err_free_irq;
+ }
+
+ chip_id = ath10k_pci_soc_read32(ar, SOC_CHIP_ID_ADDRESS);
++ if (chip_id == 0xffffffff) {
++ ath10k_err(ar, "failed to get chip id\n");
++ goto err_free_irq;
++ }
+
+- ath10k_do_pci_sleep(ar);
+-
+- ret = ath10k_pci_alloc_ce(ar);
+- if (ret) {
+- ath10k_err("failed to allocate copy engine pipes: %d\n", ret);
+- goto err_iomap;
++ if (!ath10k_pci_chip_is_supported(pdev->device, chip_id)) {
++ ath10k_err(ar, "device %04x with chip_id %08x isn't supported\n",
++ pdev->device, chip_id);
++ goto err_sleep;
+ }
+
+- ath10k_dbg(ATH10K_DBG_BOOT, "boot pci_mem 0x%p\n", ar_pci->mem);
++ ath10k_pci_sleep(ar);
+
+ ret = ath10k_core_register(ar, chip_id);
+ if (ret) {
+- ath10k_err("failed to register driver core: %d\n", ret);
+- goto err_free_ce;
++ ath10k_err(ar, "failed to register driver core: %d\n", ret);
++ goto err_free_irq;
+ }
+
+ return 0;
+
+-err_free_ce:
+- ath10k_pci_free_ce(ar);
+-err_iomap:
+- pci_iounmap(pdev, mem);
+-err_master:
+- pci_clear_master(pdev);
+-err_region:
+- pci_release_region(pdev, BAR_NUM);
+-err_device:
+- pci_disable_device(pdev);
+-err_ar:
++err_free_irq:
++ ath10k_pci_free_irq(ar);
++ ath10k_pci_kill_tasklet(ar);
++
++err_deinit_irq:
++ ath10k_pci_deinit_irq(ar);
++
++err_free_pipes:
++ ath10k_pci_free_pipes(ar);
++
++err_sleep:
++ ath10k_pci_sleep(ar);
++
++err_release:
++ ath10k_pci_release(ar);
++
++err_core_destroy:
+ ath10k_core_destroy(ar);
+-err_ar_pci:
+- /* call HIF PCI free here */
+- kfree(ar_pci);
+
+ return ret;
+ }
+@@ -2715,7 +2718,7 @@ static void ath10k_pci_remove(struct pci
+ struct ath10k *ar = pci_get_drvdata(pdev);
+ struct ath10k_pci *ar_pci;
+
+- ath10k_dbg(ATH10K_DBG_PCI, "pci remove\n");
++ ath10k_dbg(ar, ATH10K_DBG_PCI, "pci remove\n");
+
+ if (!ar)
+ return;
+@@ -2725,18 +2728,14 @@ static void ath10k_pci_remove(struct pci
+ if (!ar_pci)
+ return;
+
+- tasklet_kill(&ar_pci->msi_fw_err);
+-
+ ath10k_core_unregister(ar);
+- ath10k_pci_free_ce(ar);
+-
+- pci_iounmap(pdev, ar_pci->mem);
+- pci_release_region(pdev, BAR_NUM);
+- pci_clear_master(pdev);
+- pci_disable_device(pdev);
+-
++ ath10k_pci_free_irq(ar);
++ ath10k_pci_kill_tasklet(ar);
++ ath10k_pci_deinit_irq(ar);
++ ath10k_pci_ce_deinit(ar);
++ ath10k_pci_free_pipes(ar);
++ ath10k_pci_release(ar);
+ ath10k_core_destroy(ar);
+- kfree(ar_pci);
+ }
+
+ MODULE_DEVICE_TABLE(pci, ath10k_pci_id_table);
+@@ -2754,7 +2753,8 @@ static int __init ath10k_pci_init(void)
+
+ ret = pci_register_driver(&ath10k_pci_driver);
+ if (ret)
+- ath10k_err("failed to register PCI driver: %d\n", ret);
++ printk(KERN_ERR "failed to register ath10k pci driver: %d\n",
++ ret);
+
+ return ret;
+ }
+@@ -2770,5 +2770,7 @@ module_exit(ath10k_pci_exit);
+ MODULE_AUTHOR("Qualcomm Atheros");
+ MODULE_DESCRIPTION("Driver support for Atheros QCA988X PCIe devices");
+ MODULE_LICENSE("Dual BSD/GPL");
+-MODULE_FIRMWARE(QCA988X_HW_2_0_FW_DIR "/" QCA988X_HW_2_0_FW_2_FILE);
++MODULE_FIRMWARE(QCA988X_HW_2_0_FW_DIR "/" QCA988X_HW_2_0_FW_FILE);
++MODULE_FIRMWARE(QCA988X_HW_2_0_FW_DIR "/" ATH10K_FW_API2_FILE);
++MODULE_FIRMWARE(QCA988X_HW_2_0_FW_DIR "/" ATH10K_FW_API3_FILE);
+ MODULE_FIRMWARE(QCA988X_HW_2_0_FW_DIR "/" QCA988X_HW_2_0_BOARD_DATA_FILE);
+--- a/drivers/net/wireless/ath/ath10k/pci.h
++++ b/drivers/net/wireless/ath/ath10k/pci.h
+@@ -23,9 +23,6 @@
+ #include "hw.h"
+ #include "ce.h"
+
+-/* FW dump area */
+-#define REG_DUMP_COUNT_QCA988X 60
+-
+ /*
+ * maximum number of bytes that can be handled atomically by DiagRead/DiagWrite
+ */
+@@ -38,7 +35,8 @@
+ #define DIAG_TRANSFER_LIMIT 2048
+
+ struct bmi_xfer {
+- struct completion done;
++ bool tx_done;
++ bool rx_done;
+ bool wait_for_resp;
+ u32 resp_len;
+ };
+@@ -102,12 +100,12 @@ struct pcie_state {
+ * NOTE: Structure is shared between Host software and Target firmware!
+ */
+ struct ce_pipe_config {
+- u32 pipenum;
+- u32 pipedir;
+- u32 nentries;
+- u32 nbytes_max;
+- u32 flags;
+- u32 reserved;
++ __le32 pipenum;
++ __le32 pipedir;
++ __le32 nentries;
++ __le32 nbytes_max;
++ __le32 flags;
++ __le32 reserved;
+ };
+
+ /*
+@@ -129,17 +127,9 @@ struct ce_pipe_config {
+
+ /* Establish a mapping between a service/direction and a pipe. */
+ struct service_to_pipe {
+- u32 service_id;
+- u32 pipedir;
+- u32 pipenum;
+-};
+-
+-enum ath10k_pci_features {
+- ATH10K_PCI_FEATURE_MSI_X = 0,
+- ATH10K_PCI_FEATURE_SOC_POWER_SAVE = 1,
+-
+- /* keep last */
+- ATH10K_PCI_FEATURE_COUNT
++ __le32 service_id;
++ __le32 pipedir;
++ __le32 pipenum;
+ };
+
+ /* Per-pipe state. */
+@@ -162,14 +152,17 @@ struct ath10k_pci_pipe {
+ struct tasklet_struct intr;
+ };
+
++struct ath10k_pci_supp_chip {
++ u32 dev_id;
++ u32 rev_id;
++};
++
+ struct ath10k_pci {
+ struct pci_dev *pdev;
+ struct device *dev;
+ struct ath10k *ar;
+ void __iomem *mem;
+
+- DECLARE_BITMAP(features, ATH10K_PCI_FEATURE_COUNT);
+-
+ /*
+ * Number of MSI interrupts granted, 0 --> using legacy PCI line
+ * interrupts.
+@@ -178,12 +171,6 @@ struct ath10k_pci {
+
+ struct tasklet_struct intr_tq;
+ struct tasklet_struct msi_fw_err;
+- struct tasklet_struct early_irq_tasklet;
+-
+- int started;
+-
+- atomic_t keep_awake_count;
+- bool verified_awake;
+
+ struct ath10k_pci_pipe pipe_info[CE_COUNT_MAX];
+
+@@ -197,29 +184,17 @@ struct ath10k_pci {
+
+ /* Map CE id to ce_state */
+ struct ath10k_ce_pipe ce_states[CE_COUNT_MAX];
++ struct timer_list rx_post_retry;
+ };
+
+ static inline struct ath10k_pci *ath10k_pci_priv(struct ath10k *ar)
+ {
+- return ar->hif.priv;
+-}
+-
+-static inline u32 ath10k_pci_reg_read32(struct ath10k *ar, u32 addr)
+-{
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+-
+- return ioread32(ar_pci->mem + PCIE_LOCAL_BASE_ADDRESS + addr);
+-}
+-
+-static inline void ath10k_pci_reg_write32(struct ath10k *ar, u32 addr, u32 val)
+-{
+- struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+-
+- iowrite32(val, ar_pci->mem + PCIE_LOCAL_BASE_ADDRESS + addr);
++ return (struct ath10k_pci *)ar->drv_priv;
+ }
+
++#define ATH10K_PCI_RX_POST_RETRY_MS 50
+ #define ATH_PCI_RESET_WAIT_MAX 10 /* ms */
+-#define PCIE_WAKE_TIMEOUT 5000 /* 5ms */
++#define PCIE_WAKE_TIMEOUT 10000 /* 10ms */
+
+ #define BAR_NUM 0
+
+@@ -241,35 +216,17 @@ static inline void ath10k_pci_reg_write3
+ /* Wait up to this many Ms for a Diagnostic Access CE operation to complete */
+ #define DIAG_ACCESS_CE_TIMEOUT_MS 10
+
+-/*
+- * This API allows the Host to access Target registers directly
+- * and relatively efficiently over PCIe.
+- * This allows the Host to avoid extra overhead associated with
+- * sending a message to firmware and waiting for a response message
+- * from firmware, as is done on other interconnects.
+- *
+- * Yet there is some complexity with direct accesses because the
+- * Target's power state is not known a priori. The Host must issue
+- * special PCIe reads/writes in order to explicitly wake the Target
+- * and to verify that it is awake and will remain awake.
+- *
+- * Usage:
++/* Target exposes its registers for direct access. However before host can
++ * access them it needs to make sure the target is awake (ath10k_pci_wake,
++ * ath10k_pci_wake_wait, ath10k_pci_is_awake). Once target is awake it won't go
++ * to sleep unless host tells it to (ath10k_pci_sleep).
+ *
+- * Use ath10k_pci_read32 and ath10k_pci_write32 to access Target space.
+- * These calls must be bracketed by ath10k_pci_wake and
+- * ath10k_pci_sleep. A single BEGIN/END pair is adequate for
+- * multiple READ/WRITE operations.
++ * If host tries to access target registers without waking it up it can
++ * scribble over host memory.
+ *
+- * Use ath10k_pci_wake to put the Target in a state in
+- * which it is legal for the Host to directly access it. This
+- * may involve waking the Target from a low power state, which
+- * may take up to 2Ms!
+- *
+- * Use ath10k_pci_sleep to tell the Target that as far as
+- * this code path is concerned, it no longer needs to remain
+- * directly accessible. BEGIN/END is under a reference counter;
+- * multiple code paths may issue BEGIN/END on a single targid.
++ * If target is asleep waking it up may take up to even 2ms.
+ */
++
+ static inline void ath10k_pci_write32(struct ath10k *ar, u32 offset,
+ u32 value)
+ {
+@@ -295,25 +252,18 @@ static inline void ath10k_pci_soc_write3
+ ath10k_pci_write32(ar, RTC_SOC_BASE_ADDRESS + addr, val);
+ }
+
+-int ath10k_do_pci_wake(struct ath10k *ar);
+-void ath10k_do_pci_sleep(struct ath10k *ar);
+-
+-static inline int ath10k_pci_wake(struct ath10k *ar)
++static inline u32 ath10k_pci_reg_read32(struct ath10k *ar, u32 addr)
+ {
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+
+- if (test_bit(ATH10K_PCI_FEATURE_SOC_POWER_SAVE, ar_pci->features))
+- return ath10k_do_pci_wake(ar);
+-
+- return 0;
++ return ioread32(ar_pci->mem + PCIE_LOCAL_BASE_ADDRESS + addr);
+ }
+
+-static inline void ath10k_pci_sleep(struct ath10k *ar)
++static inline void ath10k_pci_reg_write32(struct ath10k *ar, u32 addr, u32 val)
+ {
+ struct ath10k_pci *ar_pci = ath10k_pci_priv(ar);
+
+- if (test_bit(ATH10K_PCI_FEATURE_SOC_POWER_SAVE, ar_pci->features))
+- ath10k_do_pci_sleep(ar);
++ iowrite32(val, ar_pci->mem + PCIE_LOCAL_BASE_ADDRESS + addr);
+ }
+
+ #endif /* _PCI_H_ */
+--- a/drivers/net/wireless/ath/ath10k/rx_desc.h
++++ b/drivers/net/wireless/ath/ath10k/rx_desc.h
+@@ -839,7 +839,6 @@ struct rx_ppdu_start {
+ * Reserved: HW should fill with 0, FW should ignore.
+ */
+
+-
+ #define RX_PPDU_END_FLAGS_PHY_ERR (1 << 0)
+ #define RX_PPDU_END_FLAGS_RX_LOCATION (1 << 1)
+ #define RX_PPDU_END_FLAGS_TXBF_H_INFO (1 << 2)
+@@ -851,7 +850,7 @@ struct rx_ppdu_start {
+
+ #define RX_PPDU_END_INFO1_PPDU_DONE (1 << 15)
+
+-struct rx_ppdu_end {
++struct rx_ppdu_end_common {
+ __le32 evm_p0;
+ __le32 evm_p1;
+ __le32 evm_p2;
+@@ -874,10 +873,33 @@ struct rx_ppdu_end {
+ u8 phy_err_code;
+ __le16 flags; /* %RX_PPDU_END_FLAGS_ */
+ __le32 info0; /* %RX_PPDU_END_INFO0_ */
++} __packed;
++
++struct rx_ppdu_end_qca988x {
++ __le16 bb_length;
++ __le16 info1; /* %RX_PPDU_END_INFO1_ */
++} __packed;
++
++#define RX_PPDU_END_RTT_CORRELATION_VALUE_MASK 0x00ffffff
++#define RX_PPDU_END_RTT_CORRELATION_VALUE_LSB 0
++#define RX_PPDU_END_RTT_UNUSED_MASK 0x7f000000
++#define RX_PPDU_END_RTT_UNUSED_LSB 24
++#define RX_PPDU_END_RTT_NORMAL_MODE BIT(31)
++
++struct rx_ppdu_end_qca6174 {
++ __le32 rtt; /* %RX_PPDU_END_RTT_ */
+ __le16 bb_length;
+ __le16 info1; /* %RX_PPDU_END_INFO1_ */
+ } __packed;
+
++struct rx_ppdu_end {
++ struct rx_ppdu_end_common common;
++ union {
++ struct rx_ppdu_end_qca988x qca988x;
++ struct rx_ppdu_end_qca6174 qca6174;
++ } __packed;
++} __packed;
++
+ /*
+ * evm_p0
+ * EVM for pilot 0. Contain EVM for streams: 0, 1, 2 and 3.
+--- a/drivers/net/wireless/ath/ath10k/targaddrs.h
++++ b/drivers/net/wireless/ath/ath10k/targaddrs.h
+@@ -18,6 +18,8 @@
+ #ifndef __TARGADDRS_H__
+ #define __TARGADDRS_H__
+
++#include "hw.h"
++
+ /*
+ * xxx_HOST_INTEREST_ADDRESS is the address in Target RAM of the
+ * host_interest structure. It must match the address of the _host_interest
+@@ -284,7 +286,6 @@ Fw Mode/SubMode Mask
+ #define HI_OPTION_ALL_FW_SUBMODE_MASK 0xFF00
+ #define HI_OPTION_ALL_FW_SUBMODE_SHIFT 0x8
+
+-
+ /* hi_option_flag2 options */
+ #define HI_OPTION_OFFLOAD_AMSDU 0x01
+ #define HI_OPTION_DFS_SUPPORT 0x02 /* Enable DFS support */
+@@ -446,4 +447,7 @@ Fw Mode/SubMode Mask
+ #define QCA988X_BOARD_DATA_SZ 7168
+ #define QCA988X_BOARD_EXT_DATA_SZ 0
+
++#define QCA6174_BOARD_DATA_SZ 8192
++#define QCA6174_BOARD_EXT_DATA_SZ 0
++
+ #endif /* __TARGADDRS_H__ */
+--- a/drivers/net/wireless/ath/ath10k/trace.h
++++ b/drivers/net/wireless/ath/ath10k/trace.h
+@@ -18,6 +18,16 @@
+ #if !defined(_TRACE_H_) || defined(TRACE_HEADER_MULTI_READ)
+
+ #include <linux/tracepoint.h>
++#include "core.h"
++
++#if !defined(_TRACE_H_)
++static inline u32 ath10k_frm_hdr_len(const void *buf)
++{
++ const struct ieee80211_hdr *hdr = buf;
++
++ return ieee80211_hdrlen(hdr->frame_control);
++}
++#endif
+
+ #define _TRACE_H_
+
+@@ -39,59 +49,79 @@ static inline void trace_ ## name(proto)
+ #define ATH10K_MSG_MAX 200
+
+ DECLARE_EVENT_CLASS(ath10k_log_event,
+- TP_PROTO(struct va_format *vaf),
+- TP_ARGS(vaf),
++ TP_PROTO(struct ath10k *ar, struct va_format *vaf),
++ TP_ARGS(ar, vaf),
+ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
+ __dynamic_array(char, msg, ATH10K_MSG_MAX)
+ ),
+ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
+ WARN_ON_ONCE(vsnprintf(__get_dynamic_array(msg),
+ ATH10K_MSG_MAX,
+ vaf->fmt,
+ *vaf->va) >= ATH10K_MSG_MAX);
+ ),
+- TP_printk("%s", __get_str(msg))
++ TP_printk(
++ "%s %s %s",
++ __get_str(driver),
++ __get_str(device),
++ __get_str(msg)
++ )
+ );
+
+ DEFINE_EVENT(ath10k_log_event, ath10k_log_err,
+- TP_PROTO(struct va_format *vaf),
+- TP_ARGS(vaf)
++ TP_PROTO(struct ath10k *ar, struct va_format *vaf),
++ TP_ARGS(ar, vaf)
+ );
+
+ DEFINE_EVENT(ath10k_log_event, ath10k_log_warn,
+- TP_PROTO(struct va_format *vaf),
+- TP_ARGS(vaf)
++ TP_PROTO(struct ath10k *ar, struct va_format *vaf),
++ TP_ARGS(ar, vaf)
+ );
+
+ DEFINE_EVENT(ath10k_log_event, ath10k_log_info,
+- TP_PROTO(struct va_format *vaf),
+- TP_ARGS(vaf)
++ TP_PROTO(struct ath10k *ar, struct va_format *vaf),
++ TP_ARGS(ar, vaf)
+ );
+
+ TRACE_EVENT(ath10k_log_dbg,
+- TP_PROTO(unsigned int level, struct va_format *vaf),
+- TP_ARGS(level, vaf),
++ TP_PROTO(struct ath10k *ar, unsigned int level, struct va_format *vaf),
++ TP_ARGS(ar, level, vaf),
+ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
+ __field(unsigned int, level)
+ __dynamic_array(char, msg, ATH10K_MSG_MAX)
+ ),
+ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
+ __entry->level = level;
+ WARN_ON_ONCE(vsnprintf(__get_dynamic_array(msg),
+ ATH10K_MSG_MAX,
+ vaf->fmt,
+ *vaf->va) >= ATH10K_MSG_MAX);
+ ),
+- TP_printk("%s", __get_str(msg))
++ TP_printk(
++ "%s %s %s",
++ __get_str(driver),
++ __get_str(device),
++ __get_str(msg)
++ )
+ );
+
+ TRACE_EVENT(ath10k_log_dbg_dump,
+- TP_PROTO(const char *msg, const char *prefix,
++ TP_PROTO(struct ath10k *ar, const char *msg, const char *prefix,
+ const void *buf, size_t buf_len),
+
+- TP_ARGS(msg, prefix, buf, buf_len),
++ TP_ARGS(ar, msg, prefix, buf, buf_len),
+
+ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
+ __string(msg, msg)
+ __string(prefix, prefix)
+ __field(size_t, buf_len)
+@@ -99,6 +129,8 @@ TRACE_EVENT(ath10k_log_dbg_dump,
+ ),
+
+ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
+ __assign_str(msg, msg);
+ __assign_str(prefix, prefix);
+ __entry->buf_len = buf_len;
+@@ -106,16 +138,23 @@ TRACE_EVENT(ath10k_log_dbg_dump,
+ ),
+
+ TP_printk(
+- "%s/%s\n", __get_str(prefix), __get_str(msg)
++ "%s %s %s/%s\n",
++ __get_str(driver),
++ __get_str(device),
++ __get_str(prefix),
++ __get_str(msg)
+ )
+ );
+
+ TRACE_EVENT(ath10k_wmi_cmd,
+- TP_PROTO(int id, void *buf, size_t buf_len, int ret),
++ TP_PROTO(struct ath10k *ar, int id, const void *buf, size_t buf_len,
++ int ret),
+
+- TP_ARGS(id, buf, buf_len, ret),
++ TP_ARGS(ar, id, buf, buf_len, ret),
+
+ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
+ __field(unsigned int, id)
+ __field(size_t, buf_len)
+ __dynamic_array(u8, buf, buf_len)
+@@ -123,6 +162,8 @@ TRACE_EVENT(ath10k_wmi_cmd,
+ ),
+
+ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
+ __entry->id = id;
+ __entry->buf_len = buf_len;
+ __entry->ret = ret;
+@@ -130,7 +171,9 @@ TRACE_EVENT(ath10k_wmi_cmd,
+ ),
+
+ TP_printk(
+- "id %d len %zu ret %d",
++ "%s %s id %d len %zu ret %d",
++ __get_str(driver),
++ __get_str(device),
+ __entry->id,
+ __entry->buf_len,
+ __entry->ret
+@@ -138,71 +181,346 @@ TRACE_EVENT(ath10k_wmi_cmd,
+ );
+
+ TRACE_EVENT(ath10k_wmi_event,
+- TP_PROTO(int id, void *buf, size_t buf_len),
++ TP_PROTO(struct ath10k *ar, int id, const void *buf, size_t buf_len),
+
+- TP_ARGS(id, buf, buf_len),
++ TP_ARGS(ar, id, buf, buf_len),
+
+ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
+ __field(unsigned int, id)
+ __field(size_t, buf_len)
+ __dynamic_array(u8, buf, buf_len)
+ ),
+
+ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
+ __entry->id = id;
+ __entry->buf_len = buf_len;
+ memcpy(__get_dynamic_array(buf), buf, buf_len);
+ ),
+
+ TP_printk(
+- "id %d len %zu",
++ "%s %s id %d len %zu",
++ __get_str(driver),
++ __get_str(device),
+ __entry->id,
+ __entry->buf_len
+ )
+ );
+
+ TRACE_EVENT(ath10k_htt_stats,
+- TP_PROTO(void *buf, size_t buf_len),
++ TP_PROTO(struct ath10k *ar, const void *buf, size_t buf_len),
+
+- TP_ARGS(buf, buf_len),
++ TP_ARGS(ar, buf, buf_len),
+
+ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
+ __field(size_t, buf_len)
+ __dynamic_array(u8, buf, buf_len)
+ ),
+
+ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
+ __entry->buf_len = buf_len;
+ memcpy(__get_dynamic_array(buf), buf, buf_len);
+ ),
+
+ TP_printk(
+- "len %zu",
++ "%s %s len %zu",
++ __get_str(driver),
++ __get_str(device),
+ __entry->buf_len
+ )
+ );
+
+ TRACE_EVENT(ath10k_wmi_dbglog,
+- TP_PROTO(void *buf, size_t buf_len),
++ TP_PROTO(struct ath10k *ar, const void *buf, size_t buf_len),
+
+- TP_ARGS(buf, buf_len),
++ TP_ARGS(ar, buf, buf_len),
+
+ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
+ __field(size_t, buf_len)
+ __dynamic_array(u8, buf, buf_len)
+ ),
+
+ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
+ __entry->buf_len = buf_len;
+ memcpy(__get_dynamic_array(buf), buf, buf_len);
+ ),
+
+ TP_printk(
+- "len %zu",
++ "%s %s len %zu",
++ __get_str(driver),
++ __get_str(device),
+ __entry->buf_len
+ )
+ );
+
++TRACE_EVENT(ath10k_htt_pktlog,
++ TP_PROTO(struct ath10k *ar, const void *buf, u16 buf_len),
++
++ TP_ARGS(ar, buf, buf_len),
++
++ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
++ __field(u16, buf_len)
++ __dynamic_array(u8, pktlog, buf_len)
++ ),
++
++ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
++ __entry->buf_len = buf_len;
++ memcpy(__get_dynamic_array(pktlog), buf, buf_len);
++ ),
++
++ TP_printk(
++ "%s %s size %hu",
++ __get_str(driver),
++ __get_str(device),
++ __entry->buf_len
++ )
++);
++
++TRACE_EVENT(ath10k_htt_tx,
++ TP_PROTO(struct ath10k *ar, u16 msdu_id, u16 msdu_len,
++ u8 vdev_id, u8 tid),
++
++ TP_ARGS(ar, msdu_id, msdu_len, vdev_id, tid),
++
++ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
++ __field(u16, msdu_id)
++ __field(u16, msdu_len)
++ __field(u8, vdev_id)
++ __field(u8, tid)
++ ),
++
++ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
++ __entry->msdu_id = msdu_id;
++ __entry->msdu_len = msdu_len;
++ __entry->vdev_id = vdev_id;
++ __entry->tid = tid;
++ ),
++
++ TP_printk(
++ "%s %s msdu_id %d msdu_len %d vdev_id %d tid %d",
++ __get_str(driver),
++ __get_str(device),
++ __entry->msdu_id,
++ __entry->msdu_len,
++ __entry->vdev_id,
++ __entry->tid
++ )
++);
++
++TRACE_EVENT(ath10k_txrx_tx_unref,
++ TP_PROTO(struct ath10k *ar, u16 msdu_id),
++
++ TP_ARGS(ar, msdu_id),
++
++ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
++ __field(u16, msdu_id)
++ ),
++
++ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
++ __entry->msdu_id = msdu_id;
++ ),
++
++ TP_printk(
++ "%s %s msdu_id %d",
++ __get_str(driver),
++ __get_str(device),
++ __entry->msdu_id
++ )
++);
++
++DECLARE_EVENT_CLASS(ath10k_hdr_event,
++ TP_PROTO(struct ath10k *ar, const void *data, size_t len),
++
++ TP_ARGS(ar, data, len),
++
++ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
++ __field(size_t, len)
++ __dynamic_array(u8, data, ath10k_frm_hdr_len(data))
++ ),
++
++ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
++ __entry->len = ath10k_frm_hdr_len(data);
++ memcpy(__get_dynamic_array(data), data, __entry->len);
++ ),
++
++ TP_printk(
++ "%s %s len %zu\n",
++ __get_str(driver),
++ __get_str(device),
++ __entry->len
++ )
++);
++
++DECLARE_EVENT_CLASS(ath10k_payload_event,
++ TP_PROTO(struct ath10k *ar, const void *data, size_t len),
++
++ TP_ARGS(ar, data, len),
++
++ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
++ __field(size_t, len)
++ __dynamic_array(u8, payload, (len - ath10k_frm_hdr_len(data)))
++ ),
++
++ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
++ __entry->len = len - ath10k_frm_hdr_len(data);
++ memcpy(__get_dynamic_array(payload),
++ data + ath10k_frm_hdr_len(data), __entry->len);
++ ),
++
++ TP_printk(
++ "%s %s len %zu\n",
++ __get_str(driver),
++ __get_str(device),
++ __entry->len
++ )
++);
++
++DEFINE_EVENT(ath10k_hdr_event, ath10k_tx_hdr,
++ TP_PROTO(struct ath10k *ar, const void *data, size_t len),
++ TP_ARGS(ar, data, len)
++);
++
++DEFINE_EVENT(ath10k_payload_event, ath10k_tx_payload,
++ TP_PROTO(struct ath10k *ar, const void *data, size_t len),
++ TP_ARGS(ar, data, len)
++);
++
++DEFINE_EVENT(ath10k_hdr_event, ath10k_rx_hdr,
++ TP_PROTO(struct ath10k *ar, const void *data, size_t len),
++ TP_ARGS(ar, data, len)
++);
++
++DEFINE_EVENT(ath10k_payload_event, ath10k_rx_payload,
++ TP_PROTO(struct ath10k *ar, const void *data, size_t len),
++ TP_ARGS(ar, data, len)
++);
++
++TRACE_EVENT(ath10k_htt_rx_desc,
++ TP_PROTO(struct ath10k *ar, const void *data, size_t len),
++
++ TP_ARGS(ar, data, len),
++
++ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
++ __field(u16, len)
++ __dynamic_array(u8, rxdesc, len)
++ ),
++
++ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
++ __entry->len = len;
++ memcpy(__get_dynamic_array(rxdesc), data, len);
++ ),
++
++ TP_printk(
++ "%s %s rxdesc len %d",
++ __get_str(driver),
++ __get_str(device),
++ __entry->len
++ )
++);
++
++TRACE_EVENT(ath10k_wmi_diag_container,
++ TP_PROTO(struct ath10k *ar,
++ u8 type,
++ u32 timestamp,
++ u32 code,
++ u16 len,
++ const void *data),
++
++ TP_ARGS(ar, type, timestamp, code, len, data),
++
++ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
++ __field(u8, type)
++ __field(u32, timestamp)
++ __field(u32, code)
++ __field(u16, len)
++ __dynamic_array(u8, data, len)
++ ),
++
++ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
++ __entry->type = type;
++ __entry->timestamp = timestamp;
++ __entry->code = code;
++ __entry->len = len;
++ memcpy(__get_dynamic_array(data), data, len);
++ ),
++
++ TP_printk(
++ "%s %s diag container type %hhu timestamp %u code %u len %d",
++ __get_str(driver),
++ __get_str(device),
++ __entry->type,
++ __entry->timestamp,
++ __entry->code,
++ __entry->len
++ )
++);
++
++TRACE_EVENT(ath10k_wmi_diag,
++ TP_PROTO(struct ath10k *ar, const void *data, size_t len),
++
++ TP_ARGS(ar, data, len),
++
++ TP_STRUCT__entry(
++ __string(device, dev_name(ar->dev))
++ __string(driver, dev_driver_string(ar->dev))
++ __field(u16, len)
++ __dynamic_array(u8, data, len)
++ ),
++
++ TP_fast_assign(
++ __assign_str(device, dev_name(ar->dev));
++ __assign_str(driver, dev_driver_string(ar->dev));
++ __entry->len = len;
++ memcpy(__get_dynamic_array(data), data, len);
++ ),
++
++ TP_printk(
++ "%s %s tlv diag len %d",
++ __get_str(driver),
++ __get_str(device),
++ __entry->len
++ )
++);
++
+ #endif /* _TRACE_H_ || TRACE_HEADER_MULTI_READ*/
+
+ /* we don't want to use include/trace/events */
+--- a/drivers/net/wireless/ath/ath10k/txrx.c
++++ b/drivers/net/wireless/ath/ath10k/txrx.c
+@@ -32,14 +32,14 @@ static void ath10k_report_offchan_tx(str
+ * offchan_tx_skb. */
+ spin_lock_bh(&ar->data_lock);
+ if (ar->offchan_tx_skb != skb) {
+- ath10k_warn("completed old offchannel frame\n");
++ ath10k_warn(ar, "completed old offchannel frame\n");
+ goto out;
+ }
+
+ complete(&ar->offchan_tx_completed);
+ ar->offchan_tx_skb = NULL; /* just for sanity */
+
+- ath10k_dbg(ATH10K_DBG_HTT, "completed offchannel skb %p\n", skb);
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "completed offchannel skb %p\n", skb);
+ out:
+ spin_unlock_bh(&ar->data_lock);
+ }
+@@ -47,23 +47,30 @@ out:
+ void ath10k_txrx_tx_unref(struct ath10k_htt *htt,
+ const struct htt_tx_done *tx_done)
+ {
+- struct device *dev = htt->ar->dev;
++ struct ath10k *ar = htt->ar;
++ struct device *dev = ar->dev;
+ struct ieee80211_tx_info *info;
+ struct ath10k_skb_cb *skb_cb;
+ struct sk_buff *msdu;
+
+ lockdep_assert_held(&htt->tx_lock);
+
+- ath10k_dbg(ATH10K_DBG_HTT, "htt tx completion msdu_id %u discard %d no_ack %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "htt tx completion msdu_id %u discard %d no_ack %d\n",
+ tx_done->msdu_id, !!tx_done->discard, !!tx_done->no_ack);
+
+ if (tx_done->msdu_id >= htt->max_num_pending_tx) {
+- ath10k_warn("warning: msdu_id %d too big, ignoring\n",
++ ath10k_warn(ar, "warning: msdu_id %d too big, ignoring\n",
++ tx_done->msdu_id);
++ return;
++ }
++
++ msdu = idr_find(&htt->pending_tx, tx_done->msdu_id);
++ if (!msdu) {
++ ath10k_warn(ar, "received tx completion for invalid msdu_id: %d\n",
+ tx_done->msdu_id);
+ return;
+ }
+
+- msdu = htt->pending_tx[tx_done->msdu_id];
+ skb_cb = ATH10K_SKB_CB(msdu);
+
+ dma_unmap_single(dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);
+@@ -77,6 +84,7 @@ void ath10k_txrx_tx_unref(struct ath10k_
+
+ info = IEEE80211_SKB_CB(msdu);
+ memset(&info->status, 0, sizeof(info->status));
++ trace_ath10k_txrx_tx_unref(ar, tx_done->msdu_id);
+
+ if (tx_done->discard) {
+ ieee80211_free_txskb(htt->ar->hw, msdu);
+@@ -93,7 +101,6 @@ void ath10k_txrx_tx_unref(struct ath10k_
+ /* we do not own the msdu anymore */
+
+ exit:
+- htt->pending_tx[tx_done->msdu_id] = NULL;
+ ath10k_htt_tx_free_msdu_id(htt, tx_done->msdu_id);
+ __ath10k_htt_tx_dec_pending(htt);
+ if (htt->num_pending_tx == 0)
+@@ -119,8 +126,7 @@ struct ath10k_peer *ath10k_peer_find(str
+ return NULL;
+ }
+
+-static struct ath10k_peer *ath10k_peer_find_by_id(struct ath10k *ar,
+- int peer_id)
++struct ath10k_peer *ath10k_peer_find_by_id(struct ath10k *ar, int peer_id)
+ {
+ struct ath10k_peer *peer;
+
+@@ -145,7 +151,8 @@ static int ath10k_wait_for_peer_common(s
+ mapped = !!ath10k_peer_find(ar, vdev_id, addr);
+ spin_unlock_bh(&ar->data_lock);
+
+- mapped == expect_mapped;
++ (mapped == expect_mapped ||
++ test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags));
+ }), 3*HZ);
+
+ if (ret <= 0)
+@@ -178,12 +185,12 @@ void ath10k_peer_map_event(struct ath10k
+ goto exit;
+
+ peer->vdev_id = ev->vdev_id;
+- memcpy(peer->addr, ev->addr, ETH_ALEN);
++ ether_addr_copy(peer->addr, ev->addr);
+ list_add(&peer->list, &ar->peers);
+ wake_up(&ar->peer_mapping_wq);
+ }
+
+- ath10k_dbg(ATH10K_DBG_HTT, "htt peer map vdev %d peer %pM id %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "htt peer map vdev %d peer %pM id %d\n",
+ ev->vdev_id, ev->addr, ev->peer_id);
+
+ set_bit(ev->peer_id, peer->peer_ids);
+@@ -200,12 +207,12 @@ void ath10k_peer_unmap_event(struct ath1
+ spin_lock_bh(&ar->data_lock);
+ peer = ath10k_peer_find_by_id(ar, ev->peer_id);
+ if (!peer) {
+- ath10k_warn("peer-unmap-event: unknown peer id %d\n",
++ ath10k_warn(ar, "peer-unmap-event: unknown peer id %d\n",
+ ev->peer_id);
+ goto exit;
+ }
+
+- ath10k_dbg(ATH10K_DBG_HTT, "htt peer unmap vdev %d peer %pM id %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_HTT, "htt peer unmap vdev %d peer %pM id %d\n",
+ peer->vdev_id, peer->addr, ev->peer_id);
+
+ clear_bit(ev->peer_id, peer->peer_ids);
+--- a/drivers/net/wireless/ath/ath10k/txrx.h
++++ b/drivers/net/wireless/ath/ath10k/txrx.h
+@@ -24,6 +24,7 @@ void ath10k_txrx_tx_unref(struct ath10k_
+
+ struct ath10k_peer *ath10k_peer_find(struct ath10k *ar, int vdev_id,
+ const u8 *addr);
++struct ath10k_peer *ath10k_peer_find_by_id(struct ath10k *ar, int peer_id);
+ int ath10k_wait_for_peer_created(struct ath10k *ar, int vdev_id,
+ const u8 *addr);
+ int ath10k_wait_for_peer_deleted(struct ath10k *ar, int vdev_id,
+--- a/drivers/net/wireless/ath/ath10k/wmi.c
++++ b/drivers/net/wireless/ath/ath10k/wmi.c
+@@ -22,7 +22,10 @@
+ #include "htc.h"
+ #include "debug.h"
+ #include "wmi.h"
++#include "wmi-tlv.h"
+ #include "mac.h"
++#include "testmode.h"
++#include "wmi-ops.h"
+
+ /* MAIN WMI cmd track */
+ static struct wmi_cmd_map wmi_cmd_map = {
+@@ -142,6 +145,7 @@ static struct wmi_cmd_map wmi_cmd_map =
+ .force_fw_hang_cmdid = WMI_FORCE_FW_HANG_CMDID,
+ .gpio_config_cmdid = WMI_GPIO_CONFIG_CMDID,
+ .gpio_output_cmdid = WMI_GPIO_OUTPUT_CMDID,
++ .pdev_get_temperature_cmdid = WMI_CMD_UNSUPPORTED,
+ };
+
+ /* 10.X WMI cmd track */
+@@ -264,6 +268,129 @@ static struct wmi_cmd_map wmi_10x_cmd_ma
+ .force_fw_hang_cmdid = WMI_CMD_UNSUPPORTED,
+ .gpio_config_cmdid = WMI_10X_GPIO_CONFIG_CMDID,
+ .gpio_output_cmdid = WMI_10X_GPIO_OUTPUT_CMDID,
++ .pdev_get_temperature_cmdid = WMI_CMD_UNSUPPORTED,
++};
++
++/* 10.2.4 WMI cmd track */
++static struct wmi_cmd_map wmi_10_2_4_cmd_map = {
++ .init_cmdid = WMI_10_2_INIT_CMDID,
++ .start_scan_cmdid = WMI_10_2_START_SCAN_CMDID,
++ .stop_scan_cmdid = WMI_10_2_STOP_SCAN_CMDID,
++ .scan_chan_list_cmdid = WMI_10_2_SCAN_CHAN_LIST_CMDID,
++ .scan_sch_prio_tbl_cmdid = WMI_CMD_UNSUPPORTED,
++ .pdev_set_regdomain_cmdid = WMI_10_2_PDEV_SET_REGDOMAIN_CMDID,
++ .pdev_set_channel_cmdid = WMI_10_2_PDEV_SET_CHANNEL_CMDID,
++ .pdev_set_param_cmdid = WMI_10_2_PDEV_SET_PARAM_CMDID,
++ .pdev_pktlog_enable_cmdid = WMI_10_2_PDEV_PKTLOG_ENABLE_CMDID,
++ .pdev_pktlog_disable_cmdid = WMI_10_2_PDEV_PKTLOG_DISABLE_CMDID,
++ .pdev_set_wmm_params_cmdid = WMI_10_2_PDEV_SET_WMM_PARAMS_CMDID,
++ .pdev_set_ht_cap_ie_cmdid = WMI_10_2_PDEV_SET_HT_CAP_IE_CMDID,
++ .pdev_set_vht_cap_ie_cmdid = WMI_10_2_PDEV_SET_VHT_CAP_IE_CMDID,
++ .pdev_set_quiet_mode_cmdid = WMI_10_2_PDEV_SET_QUIET_MODE_CMDID,
++ .pdev_green_ap_ps_enable_cmdid = WMI_10_2_PDEV_GREEN_AP_PS_ENABLE_CMDID,
++ .pdev_get_tpc_config_cmdid = WMI_10_2_PDEV_GET_TPC_CONFIG_CMDID,
++ .pdev_set_base_macaddr_cmdid = WMI_10_2_PDEV_SET_BASE_MACADDR_CMDID,
++ .vdev_create_cmdid = WMI_10_2_VDEV_CREATE_CMDID,
++ .vdev_delete_cmdid = WMI_10_2_VDEV_DELETE_CMDID,
++ .vdev_start_request_cmdid = WMI_10_2_VDEV_START_REQUEST_CMDID,
++ .vdev_restart_request_cmdid = WMI_10_2_VDEV_RESTART_REQUEST_CMDID,
++ .vdev_up_cmdid = WMI_10_2_VDEV_UP_CMDID,
++ .vdev_stop_cmdid = WMI_10_2_VDEV_STOP_CMDID,
++ .vdev_down_cmdid = WMI_10_2_VDEV_DOWN_CMDID,
++ .vdev_set_param_cmdid = WMI_10_2_VDEV_SET_PARAM_CMDID,
++ .vdev_install_key_cmdid = WMI_10_2_VDEV_INSTALL_KEY_CMDID,
++ .peer_create_cmdid = WMI_10_2_PEER_CREATE_CMDID,
++ .peer_delete_cmdid = WMI_10_2_PEER_DELETE_CMDID,
++ .peer_flush_tids_cmdid = WMI_10_2_PEER_FLUSH_TIDS_CMDID,
++ .peer_set_param_cmdid = WMI_10_2_PEER_SET_PARAM_CMDID,
++ .peer_assoc_cmdid = WMI_10_2_PEER_ASSOC_CMDID,
++ .peer_add_wds_entry_cmdid = WMI_10_2_PEER_ADD_WDS_ENTRY_CMDID,
++ .peer_remove_wds_entry_cmdid = WMI_10_2_PEER_REMOVE_WDS_ENTRY_CMDID,
++ .peer_mcast_group_cmdid = WMI_10_2_PEER_MCAST_GROUP_CMDID,
++ .bcn_tx_cmdid = WMI_10_2_BCN_TX_CMDID,
++ .pdev_send_bcn_cmdid = WMI_10_2_PDEV_SEND_BCN_CMDID,
++ .bcn_tmpl_cmdid = WMI_CMD_UNSUPPORTED,
++ .bcn_filter_rx_cmdid = WMI_10_2_BCN_FILTER_RX_CMDID,
++ .prb_req_filter_rx_cmdid = WMI_10_2_PRB_REQ_FILTER_RX_CMDID,
++ .mgmt_tx_cmdid = WMI_10_2_MGMT_TX_CMDID,
++ .prb_tmpl_cmdid = WMI_CMD_UNSUPPORTED,
++ .addba_clear_resp_cmdid = WMI_10_2_ADDBA_CLEAR_RESP_CMDID,
++ .addba_send_cmdid = WMI_10_2_ADDBA_SEND_CMDID,
++ .addba_status_cmdid = WMI_10_2_ADDBA_STATUS_CMDID,
++ .delba_send_cmdid = WMI_10_2_DELBA_SEND_CMDID,
++ .addba_set_resp_cmdid = WMI_10_2_ADDBA_SET_RESP_CMDID,
++ .send_singleamsdu_cmdid = WMI_10_2_SEND_SINGLEAMSDU_CMDID,
++ .sta_powersave_mode_cmdid = WMI_10_2_STA_POWERSAVE_MODE_CMDID,
++ .sta_powersave_param_cmdid = WMI_10_2_STA_POWERSAVE_PARAM_CMDID,
++ .sta_mimo_ps_mode_cmdid = WMI_10_2_STA_MIMO_PS_MODE_CMDID,
++ .pdev_dfs_enable_cmdid = WMI_10_2_PDEV_DFS_ENABLE_CMDID,
++ .pdev_dfs_disable_cmdid = WMI_10_2_PDEV_DFS_DISABLE_CMDID,
++ .roam_scan_mode = WMI_10_2_ROAM_SCAN_MODE,
++ .roam_scan_rssi_threshold = WMI_10_2_ROAM_SCAN_RSSI_THRESHOLD,
++ .roam_scan_period = WMI_10_2_ROAM_SCAN_PERIOD,
++ .roam_scan_rssi_change_threshold =
++ WMI_10_2_ROAM_SCAN_RSSI_CHANGE_THRESHOLD,
++ .roam_ap_profile = WMI_10_2_ROAM_AP_PROFILE,
++ .ofl_scan_add_ap_profile = WMI_10_2_OFL_SCAN_ADD_AP_PROFILE,
++ .ofl_scan_remove_ap_profile = WMI_10_2_OFL_SCAN_REMOVE_AP_PROFILE,
++ .ofl_scan_period = WMI_10_2_OFL_SCAN_PERIOD,
++ .p2p_dev_set_device_info = WMI_10_2_P2P_DEV_SET_DEVICE_INFO,
++ .p2p_dev_set_discoverability = WMI_10_2_P2P_DEV_SET_DISCOVERABILITY,
++ .p2p_go_set_beacon_ie = WMI_10_2_P2P_GO_SET_BEACON_IE,
++ .p2p_go_set_probe_resp_ie = WMI_10_2_P2P_GO_SET_PROBE_RESP_IE,
++ .p2p_set_vendor_ie_data_cmdid = WMI_CMD_UNSUPPORTED,
++ .ap_ps_peer_param_cmdid = WMI_10_2_AP_PS_PEER_PARAM_CMDID,
++ .ap_ps_peer_uapsd_coex_cmdid = WMI_CMD_UNSUPPORTED,
++ .peer_rate_retry_sched_cmdid = WMI_10_2_PEER_RATE_RETRY_SCHED_CMDID,
++ .wlan_profile_trigger_cmdid = WMI_10_2_WLAN_PROFILE_TRIGGER_CMDID,
++ .wlan_profile_set_hist_intvl_cmdid =
++ WMI_10_2_WLAN_PROFILE_SET_HIST_INTVL_CMDID,
++ .wlan_profile_get_profile_data_cmdid =
++ WMI_10_2_WLAN_PROFILE_GET_PROFILE_DATA_CMDID,
++ .wlan_profile_enable_profile_id_cmdid =
++ WMI_10_2_WLAN_PROFILE_ENABLE_PROFILE_ID_CMDID,
++ .wlan_profile_list_profile_id_cmdid =
++ WMI_10_2_WLAN_PROFILE_LIST_PROFILE_ID_CMDID,
++ .pdev_suspend_cmdid = WMI_10_2_PDEV_SUSPEND_CMDID,
++ .pdev_resume_cmdid = WMI_10_2_PDEV_RESUME_CMDID,
++ .add_bcn_filter_cmdid = WMI_10_2_ADD_BCN_FILTER_CMDID,
++ .rmv_bcn_filter_cmdid = WMI_10_2_RMV_BCN_FILTER_CMDID,
++ .wow_add_wake_pattern_cmdid = WMI_10_2_WOW_ADD_WAKE_PATTERN_CMDID,
++ .wow_del_wake_pattern_cmdid = WMI_10_2_WOW_DEL_WAKE_PATTERN_CMDID,
++ .wow_enable_disable_wake_event_cmdid =
++ WMI_10_2_WOW_ENABLE_DISABLE_WAKE_EVENT_CMDID,
++ .wow_enable_cmdid = WMI_10_2_WOW_ENABLE_CMDID,
++ .wow_hostwakeup_from_sleep_cmdid =
++ WMI_10_2_WOW_HOSTWAKEUP_FROM_SLEEP_CMDID,
++ .rtt_measreq_cmdid = WMI_10_2_RTT_MEASREQ_CMDID,
++ .rtt_tsf_cmdid = WMI_10_2_RTT_TSF_CMDID,
++ .vdev_spectral_scan_configure_cmdid =
++ WMI_10_2_VDEV_SPECTRAL_SCAN_CONFIGURE_CMDID,
++ .vdev_spectral_scan_enable_cmdid =
++ WMI_10_2_VDEV_SPECTRAL_SCAN_ENABLE_CMDID,
++ .request_stats_cmdid = WMI_10_2_REQUEST_STATS_CMDID,
++ .set_arp_ns_offload_cmdid = WMI_CMD_UNSUPPORTED,
++ .network_list_offload_config_cmdid = WMI_CMD_UNSUPPORTED,
++ .gtk_offload_cmdid = WMI_CMD_UNSUPPORTED,
++ .csa_offload_enable_cmdid = WMI_CMD_UNSUPPORTED,
++ .csa_offload_chanswitch_cmdid = WMI_CMD_UNSUPPORTED,
++ .chatter_set_mode_cmdid = WMI_CMD_UNSUPPORTED,
++ .peer_tid_addba_cmdid = WMI_CMD_UNSUPPORTED,
++ .peer_tid_delba_cmdid = WMI_CMD_UNSUPPORTED,
++ .sta_dtim_ps_method_cmdid = WMI_CMD_UNSUPPORTED,
++ .sta_uapsd_auto_trig_cmdid = WMI_CMD_UNSUPPORTED,
++ .sta_keepalive_cmd = WMI_CMD_UNSUPPORTED,
++ .echo_cmdid = WMI_10_2_ECHO_CMDID,
++ .pdev_utf_cmdid = WMI_10_2_PDEV_UTF_CMDID,
++ .dbglog_cfg_cmdid = WMI_10_2_DBGLOG_CFG_CMDID,
++ .pdev_qvit_cmdid = WMI_10_2_PDEV_QVIT_CMDID,
++ .pdev_ftm_intg_cmdid = WMI_CMD_UNSUPPORTED,
++ .vdev_set_keepalive_cmdid = WMI_CMD_UNSUPPORTED,
++ .vdev_get_keepalive_cmdid = WMI_CMD_UNSUPPORTED,
++ .force_fw_hang_cmdid = WMI_CMD_UNSUPPORTED,
++ .gpio_config_cmdid = WMI_10_2_GPIO_CONFIG_CMDID,
++ .gpio_output_cmdid = WMI_10_2_GPIO_OUTPUT_CMDID,
++ .pdev_get_temperature_cmdid = WMI_10_2_PDEV_GET_TEMPERATURE_CMDID,
+ };
+
+ /* MAIN WMI VDEV param map */
+@@ -384,6 +511,64 @@ static struct wmi_vdev_param_map wmi_10x
+ WMI_10X_VDEV_PARAM_AP_DETECT_OUT_OF_SYNC_SLEEPING_STA_TIME_SECS,
+ };
+
++static struct wmi_vdev_param_map wmi_10_2_4_vdev_param_map = {
++ .rts_threshold = WMI_10X_VDEV_PARAM_RTS_THRESHOLD,
++ .fragmentation_threshold = WMI_10X_VDEV_PARAM_FRAGMENTATION_THRESHOLD,
++ .beacon_interval = WMI_10X_VDEV_PARAM_BEACON_INTERVAL,
++ .listen_interval = WMI_10X_VDEV_PARAM_LISTEN_INTERVAL,
++ .multicast_rate = WMI_10X_VDEV_PARAM_MULTICAST_RATE,
++ .mgmt_tx_rate = WMI_10X_VDEV_PARAM_MGMT_TX_RATE,
++ .slot_time = WMI_10X_VDEV_PARAM_SLOT_TIME,
++ .preamble = WMI_10X_VDEV_PARAM_PREAMBLE,
++ .swba_time = WMI_10X_VDEV_PARAM_SWBA_TIME,
++ .wmi_vdev_stats_update_period = WMI_10X_VDEV_STATS_UPDATE_PERIOD,
++ .wmi_vdev_pwrsave_ageout_time = WMI_10X_VDEV_PWRSAVE_AGEOUT_TIME,
++ .wmi_vdev_host_swba_interval = WMI_10X_VDEV_HOST_SWBA_INTERVAL,
++ .dtim_period = WMI_10X_VDEV_PARAM_DTIM_PERIOD,
++ .wmi_vdev_oc_scheduler_air_time_limit =
++ WMI_10X_VDEV_OC_SCHEDULER_AIR_TIME_LIMIT,
++ .wds = WMI_10X_VDEV_PARAM_WDS,
++ .atim_window = WMI_10X_VDEV_PARAM_ATIM_WINDOW,
++ .bmiss_count_max = WMI_10X_VDEV_PARAM_BMISS_COUNT_MAX,
++ .bmiss_first_bcnt = WMI_VDEV_PARAM_UNSUPPORTED,
++ .bmiss_final_bcnt = WMI_VDEV_PARAM_UNSUPPORTED,
++ .feature_wmm = WMI_10X_VDEV_PARAM_FEATURE_WMM,
++ .chwidth = WMI_10X_VDEV_PARAM_CHWIDTH,
++ .chextoffset = WMI_10X_VDEV_PARAM_CHEXTOFFSET,
++ .disable_htprotection = WMI_10X_VDEV_PARAM_DISABLE_HTPROTECTION,
++ .sta_quickkickout = WMI_10X_VDEV_PARAM_STA_QUICKKICKOUT,
++ .mgmt_rate = WMI_10X_VDEV_PARAM_MGMT_RATE,
++ .protection_mode = WMI_10X_VDEV_PARAM_PROTECTION_MODE,
++ .fixed_rate = WMI_10X_VDEV_PARAM_FIXED_RATE,
++ .sgi = WMI_10X_VDEV_PARAM_SGI,
++ .ldpc = WMI_10X_VDEV_PARAM_LDPC,
++ .tx_stbc = WMI_10X_VDEV_PARAM_TX_STBC,
++ .rx_stbc = WMI_10X_VDEV_PARAM_RX_STBC,
++ .intra_bss_fwd = WMI_10X_VDEV_PARAM_INTRA_BSS_FWD,
++ .def_keyid = WMI_10X_VDEV_PARAM_DEF_KEYID,
++ .nss = WMI_10X_VDEV_PARAM_NSS,
++ .bcast_data_rate = WMI_10X_VDEV_PARAM_BCAST_DATA_RATE,
++ .mcast_data_rate = WMI_10X_VDEV_PARAM_MCAST_DATA_RATE,
++ .mcast_indicate = WMI_10X_VDEV_PARAM_MCAST_INDICATE,
++ .dhcp_indicate = WMI_10X_VDEV_PARAM_DHCP_INDICATE,
++ .unknown_dest_indicate = WMI_10X_VDEV_PARAM_UNKNOWN_DEST_INDICATE,
++ .ap_keepalive_min_idle_inactive_time_secs =
++ WMI_10X_VDEV_PARAM_AP_KEEPALIVE_MIN_IDLE_INACTIVE_TIME_SECS,
++ .ap_keepalive_max_idle_inactive_time_secs =
++ WMI_10X_VDEV_PARAM_AP_KEEPALIVE_MAX_IDLE_INACTIVE_TIME_SECS,
++ .ap_keepalive_max_unresponsive_time_secs =
++ WMI_10X_VDEV_PARAM_AP_KEEPALIVE_MAX_UNRESPONSIVE_TIME_SECS,
++ .ap_enable_nawds = WMI_10X_VDEV_PARAM_AP_ENABLE_NAWDS,
++ .mcast2ucast_set = WMI_10X_VDEV_PARAM_MCAST2UCAST_SET,
++ .enable_rtscts = WMI_10X_VDEV_PARAM_ENABLE_RTSCTS,
++ .txbf = WMI_VDEV_PARAM_UNSUPPORTED,
++ .packet_powersave = WMI_VDEV_PARAM_UNSUPPORTED,
++ .drop_unencry = WMI_VDEV_PARAM_UNSUPPORTED,
++ .tx_encap_type = WMI_VDEV_PARAM_UNSUPPORTED,
++ .ap_detect_out_of_sync_sleeping_sta_time_secs =
++ WMI_10X_VDEV_PARAM_AP_DETECT_OUT_OF_SYNC_SLEEPING_STA_TIME_SECS,
++};
++
+ static struct wmi_pdev_param_map wmi_pdev_param_map = {
+ .tx_chain_mask = WMI_PDEV_PARAM_TX_CHAIN_MASK,
+ .rx_chain_mask = WMI_PDEV_PARAM_RX_CHAIN_MASK,
+@@ -433,6 +618,7 @@ static struct wmi_pdev_param_map wmi_pde
+ .fast_channel_reset = WMI_PDEV_PARAM_UNSUPPORTED,
+ .burst_dur = WMI_PDEV_PARAM_UNSUPPORTED,
+ .burst_enable = WMI_PDEV_PARAM_UNSUPPORTED,
++ .cal_period = WMI_PDEV_PARAM_UNSUPPORTED,
+ };
+
+ static struct wmi_pdev_param_map wmi_10x_pdev_param_map = {
+@@ -485,11 +671,221 @@ static struct wmi_pdev_param_map wmi_10x
+ .fast_channel_reset = WMI_10X_PDEV_PARAM_FAST_CHANNEL_RESET,
+ .burst_dur = WMI_10X_PDEV_PARAM_BURST_DUR,
+ .burst_enable = WMI_10X_PDEV_PARAM_BURST_ENABLE,
++ .cal_period = WMI_10X_PDEV_PARAM_CAL_PERIOD,
++};
++
++static struct wmi_pdev_param_map wmi_10_2_4_pdev_param_map = {
++ .tx_chain_mask = WMI_10X_PDEV_PARAM_TX_CHAIN_MASK,
++ .rx_chain_mask = WMI_10X_PDEV_PARAM_RX_CHAIN_MASK,
++ .txpower_limit2g = WMI_10X_PDEV_PARAM_TXPOWER_LIMIT2G,
++ .txpower_limit5g = WMI_10X_PDEV_PARAM_TXPOWER_LIMIT5G,
++ .txpower_scale = WMI_10X_PDEV_PARAM_TXPOWER_SCALE,
++ .beacon_gen_mode = WMI_10X_PDEV_PARAM_BEACON_GEN_MODE,
++ .beacon_tx_mode = WMI_10X_PDEV_PARAM_BEACON_TX_MODE,
++ .resmgr_offchan_mode = WMI_10X_PDEV_PARAM_RESMGR_OFFCHAN_MODE,
++ .protection_mode = WMI_10X_PDEV_PARAM_PROTECTION_MODE,
++ .dynamic_bw = WMI_10X_PDEV_PARAM_DYNAMIC_BW,
++ .non_agg_sw_retry_th = WMI_10X_PDEV_PARAM_NON_AGG_SW_RETRY_TH,
++ .agg_sw_retry_th = WMI_10X_PDEV_PARAM_AGG_SW_RETRY_TH,
++ .sta_kickout_th = WMI_10X_PDEV_PARAM_STA_KICKOUT_TH,
++ .ac_aggrsize_scaling = WMI_10X_PDEV_PARAM_AC_AGGRSIZE_SCALING,
++ .ltr_enable = WMI_10X_PDEV_PARAM_LTR_ENABLE,
++ .ltr_ac_latency_be = WMI_10X_PDEV_PARAM_LTR_AC_LATENCY_BE,
++ .ltr_ac_latency_bk = WMI_10X_PDEV_PARAM_LTR_AC_LATENCY_BK,
++ .ltr_ac_latency_vi = WMI_10X_PDEV_PARAM_LTR_AC_LATENCY_VI,
++ .ltr_ac_latency_vo = WMI_10X_PDEV_PARAM_LTR_AC_LATENCY_VO,
++ .ltr_ac_latency_timeout = WMI_10X_PDEV_PARAM_LTR_AC_LATENCY_TIMEOUT,
++ .ltr_sleep_override = WMI_10X_PDEV_PARAM_LTR_SLEEP_OVERRIDE,
++ .ltr_rx_override = WMI_10X_PDEV_PARAM_LTR_RX_OVERRIDE,
++ .ltr_tx_activity_timeout = WMI_10X_PDEV_PARAM_LTR_TX_ACTIVITY_TIMEOUT,
++ .l1ss_enable = WMI_10X_PDEV_PARAM_L1SS_ENABLE,
++ .dsleep_enable = WMI_10X_PDEV_PARAM_DSLEEP_ENABLE,
++ .pcielp_txbuf_flush = WMI_PDEV_PARAM_UNSUPPORTED,
++ .pcielp_txbuf_watermark = WMI_PDEV_PARAM_UNSUPPORTED,
++ .pcielp_txbuf_tmo_en = WMI_PDEV_PARAM_UNSUPPORTED,
++ .pcielp_txbuf_tmo_value = WMI_PDEV_PARAM_UNSUPPORTED,
++ .pdev_stats_update_period = WMI_10X_PDEV_PARAM_PDEV_STATS_UPDATE_PERIOD,
++ .vdev_stats_update_period = WMI_10X_PDEV_PARAM_VDEV_STATS_UPDATE_PERIOD,
++ .peer_stats_update_period = WMI_10X_PDEV_PARAM_PEER_STATS_UPDATE_PERIOD,
++ .bcnflt_stats_update_period =
++ WMI_10X_PDEV_PARAM_BCNFLT_STATS_UPDATE_PERIOD,
++ .pmf_qos = WMI_10X_PDEV_PARAM_PMF_QOS,
++ .arp_ac_override = WMI_10X_PDEV_PARAM_ARPDHCP_AC_OVERRIDE,
++ .dcs = WMI_10X_PDEV_PARAM_DCS,
++ .ani_enable = WMI_10X_PDEV_PARAM_ANI_ENABLE,
++ .ani_poll_period = WMI_10X_PDEV_PARAM_ANI_POLL_PERIOD,
++ .ani_listen_period = WMI_10X_PDEV_PARAM_ANI_LISTEN_PERIOD,
++ .ani_ofdm_level = WMI_10X_PDEV_PARAM_ANI_OFDM_LEVEL,
++ .ani_cck_level = WMI_10X_PDEV_PARAM_ANI_CCK_LEVEL,
++ .dyntxchain = WMI_10X_PDEV_PARAM_DYNTXCHAIN,
++ .proxy_sta = WMI_PDEV_PARAM_UNSUPPORTED,
++ .idle_ps_config = WMI_PDEV_PARAM_UNSUPPORTED,
++ .power_gating_sleep = WMI_PDEV_PARAM_UNSUPPORTED,
++ .fast_channel_reset = WMI_10X_PDEV_PARAM_FAST_CHANNEL_RESET,
++ .burst_dur = WMI_10X_PDEV_PARAM_BURST_DUR,
++ .burst_enable = WMI_10X_PDEV_PARAM_BURST_ENABLE,
++ .cal_period = WMI_10X_PDEV_PARAM_CAL_PERIOD,
++};
++
++/* firmware 10.2 specific mappings */
++static struct wmi_cmd_map wmi_10_2_cmd_map = {
++ .init_cmdid = WMI_10_2_INIT_CMDID,
++ .start_scan_cmdid = WMI_10_2_START_SCAN_CMDID,
++ .stop_scan_cmdid = WMI_10_2_STOP_SCAN_CMDID,
++ .scan_chan_list_cmdid = WMI_10_2_SCAN_CHAN_LIST_CMDID,
++ .scan_sch_prio_tbl_cmdid = WMI_CMD_UNSUPPORTED,
++ .pdev_set_regdomain_cmdid = WMI_10_2_PDEV_SET_REGDOMAIN_CMDID,
++ .pdev_set_channel_cmdid = WMI_10_2_PDEV_SET_CHANNEL_CMDID,
++ .pdev_set_param_cmdid = WMI_10_2_PDEV_SET_PARAM_CMDID,
++ .pdev_pktlog_enable_cmdid = WMI_10_2_PDEV_PKTLOG_ENABLE_CMDID,
++ .pdev_pktlog_disable_cmdid = WMI_10_2_PDEV_PKTLOG_DISABLE_CMDID,
++ .pdev_set_wmm_params_cmdid = WMI_10_2_PDEV_SET_WMM_PARAMS_CMDID,
++ .pdev_set_ht_cap_ie_cmdid = WMI_10_2_PDEV_SET_HT_CAP_IE_CMDID,
++ .pdev_set_vht_cap_ie_cmdid = WMI_10_2_PDEV_SET_VHT_CAP_IE_CMDID,
++ .pdev_set_quiet_mode_cmdid = WMI_10_2_PDEV_SET_QUIET_MODE_CMDID,
++ .pdev_green_ap_ps_enable_cmdid = WMI_10_2_PDEV_GREEN_AP_PS_ENABLE_CMDID,
++ .pdev_get_tpc_config_cmdid = WMI_10_2_PDEV_GET_TPC_CONFIG_CMDID,
++ .pdev_set_base_macaddr_cmdid = WMI_10_2_PDEV_SET_BASE_MACADDR_CMDID,
++ .vdev_create_cmdid = WMI_10_2_VDEV_CREATE_CMDID,
++ .vdev_delete_cmdid = WMI_10_2_VDEV_DELETE_CMDID,
++ .vdev_start_request_cmdid = WMI_10_2_VDEV_START_REQUEST_CMDID,
++ .vdev_restart_request_cmdid = WMI_10_2_VDEV_RESTART_REQUEST_CMDID,
++ .vdev_up_cmdid = WMI_10_2_VDEV_UP_CMDID,
++ .vdev_stop_cmdid = WMI_10_2_VDEV_STOP_CMDID,
++ .vdev_down_cmdid = WMI_10_2_VDEV_DOWN_CMDID,
++ .vdev_set_param_cmdid = WMI_10_2_VDEV_SET_PARAM_CMDID,
++ .vdev_install_key_cmdid = WMI_10_2_VDEV_INSTALL_KEY_CMDID,
++ .peer_create_cmdid = WMI_10_2_PEER_CREATE_CMDID,
++ .peer_delete_cmdid = WMI_10_2_PEER_DELETE_CMDID,
++ .peer_flush_tids_cmdid = WMI_10_2_PEER_FLUSH_TIDS_CMDID,
++ .peer_set_param_cmdid = WMI_10_2_PEER_SET_PARAM_CMDID,
++ .peer_assoc_cmdid = WMI_10_2_PEER_ASSOC_CMDID,
++ .peer_add_wds_entry_cmdid = WMI_10_2_PEER_ADD_WDS_ENTRY_CMDID,
++ .peer_remove_wds_entry_cmdid = WMI_10_2_PEER_REMOVE_WDS_ENTRY_CMDID,
++ .peer_mcast_group_cmdid = WMI_10_2_PEER_MCAST_GROUP_CMDID,
++ .bcn_tx_cmdid = WMI_10_2_BCN_TX_CMDID,
++ .pdev_send_bcn_cmdid = WMI_10_2_PDEV_SEND_BCN_CMDID,
++ .bcn_tmpl_cmdid = WMI_CMD_UNSUPPORTED,
++ .bcn_filter_rx_cmdid = WMI_10_2_BCN_FILTER_RX_CMDID,
++ .prb_req_filter_rx_cmdid = WMI_10_2_PRB_REQ_FILTER_RX_CMDID,
++ .mgmt_tx_cmdid = WMI_10_2_MGMT_TX_CMDID,
++ .prb_tmpl_cmdid = WMI_CMD_UNSUPPORTED,
++ .addba_clear_resp_cmdid = WMI_10_2_ADDBA_CLEAR_RESP_CMDID,
++ .addba_send_cmdid = WMI_10_2_ADDBA_SEND_CMDID,
++ .addba_status_cmdid = WMI_10_2_ADDBA_STATUS_CMDID,
++ .delba_send_cmdid = WMI_10_2_DELBA_SEND_CMDID,
++ .addba_set_resp_cmdid = WMI_10_2_ADDBA_SET_RESP_CMDID,
++ .send_singleamsdu_cmdid = WMI_10_2_SEND_SINGLEAMSDU_CMDID,
++ .sta_powersave_mode_cmdid = WMI_10_2_STA_POWERSAVE_MODE_CMDID,
++ .sta_powersave_param_cmdid = WMI_10_2_STA_POWERSAVE_PARAM_CMDID,
++ .sta_mimo_ps_mode_cmdid = WMI_10_2_STA_MIMO_PS_MODE_CMDID,
++ .pdev_dfs_enable_cmdid = WMI_10_2_PDEV_DFS_ENABLE_CMDID,
++ .pdev_dfs_disable_cmdid = WMI_10_2_PDEV_DFS_DISABLE_CMDID,
++ .roam_scan_mode = WMI_10_2_ROAM_SCAN_MODE,
++ .roam_scan_rssi_threshold = WMI_10_2_ROAM_SCAN_RSSI_THRESHOLD,
++ .roam_scan_period = WMI_10_2_ROAM_SCAN_PERIOD,
++ .roam_scan_rssi_change_threshold =
++ WMI_10_2_ROAM_SCAN_RSSI_CHANGE_THRESHOLD,
++ .roam_ap_profile = WMI_10_2_ROAM_AP_PROFILE,
++ .ofl_scan_add_ap_profile = WMI_10_2_OFL_SCAN_ADD_AP_PROFILE,
++ .ofl_scan_remove_ap_profile = WMI_10_2_OFL_SCAN_REMOVE_AP_PROFILE,
++ .ofl_scan_period = WMI_10_2_OFL_SCAN_PERIOD,
++ .p2p_dev_set_device_info = WMI_10_2_P2P_DEV_SET_DEVICE_INFO,
++ .p2p_dev_set_discoverability = WMI_10_2_P2P_DEV_SET_DISCOVERABILITY,
++ .p2p_go_set_beacon_ie = WMI_10_2_P2P_GO_SET_BEACON_IE,
++ .p2p_go_set_probe_resp_ie = WMI_10_2_P2P_GO_SET_PROBE_RESP_IE,
++ .p2p_set_vendor_ie_data_cmdid = WMI_CMD_UNSUPPORTED,
++ .ap_ps_peer_param_cmdid = WMI_10_2_AP_PS_PEER_PARAM_CMDID,
++ .ap_ps_peer_uapsd_coex_cmdid = WMI_CMD_UNSUPPORTED,
++ .peer_rate_retry_sched_cmdid = WMI_10_2_PEER_RATE_RETRY_SCHED_CMDID,
++ .wlan_profile_trigger_cmdid = WMI_10_2_WLAN_PROFILE_TRIGGER_CMDID,
++ .wlan_profile_set_hist_intvl_cmdid =
++ WMI_10_2_WLAN_PROFILE_SET_HIST_INTVL_CMDID,
++ .wlan_profile_get_profile_data_cmdid =
++ WMI_10_2_WLAN_PROFILE_GET_PROFILE_DATA_CMDID,
++ .wlan_profile_enable_profile_id_cmdid =
++ WMI_10_2_WLAN_PROFILE_ENABLE_PROFILE_ID_CMDID,
++ .wlan_profile_list_profile_id_cmdid =
++ WMI_10_2_WLAN_PROFILE_LIST_PROFILE_ID_CMDID,
++ .pdev_suspend_cmdid = WMI_10_2_PDEV_SUSPEND_CMDID,
++ .pdev_resume_cmdid = WMI_10_2_PDEV_RESUME_CMDID,
++ .add_bcn_filter_cmdid = WMI_10_2_ADD_BCN_FILTER_CMDID,
++ .rmv_bcn_filter_cmdid = WMI_10_2_RMV_BCN_FILTER_CMDID,
++ .wow_add_wake_pattern_cmdid = WMI_10_2_WOW_ADD_WAKE_PATTERN_CMDID,
++ .wow_del_wake_pattern_cmdid = WMI_10_2_WOW_DEL_WAKE_PATTERN_CMDID,
++ .wow_enable_disable_wake_event_cmdid =
++ WMI_10_2_WOW_ENABLE_DISABLE_WAKE_EVENT_CMDID,
++ .wow_enable_cmdid = WMI_10_2_WOW_ENABLE_CMDID,
++ .wow_hostwakeup_from_sleep_cmdid =
++ WMI_10_2_WOW_HOSTWAKEUP_FROM_SLEEP_CMDID,
++ .rtt_measreq_cmdid = WMI_10_2_RTT_MEASREQ_CMDID,
++ .rtt_tsf_cmdid = WMI_10_2_RTT_TSF_CMDID,
++ .vdev_spectral_scan_configure_cmdid =
++ WMI_10_2_VDEV_SPECTRAL_SCAN_CONFIGURE_CMDID,
++ .vdev_spectral_scan_enable_cmdid =
++ WMI_10_2_VDEV_SPECTRAL_SCAN_ENABLE_CMDID,
++ .request_stats_cmdid = WMI_10_2_REQUEST_STATS_CMDID,
++ .set_arp_ns_offload_cmdid = WMI_CMD_UNSUPPORTED,
++ .network_list_offload_config_cmdid = WMI_CMD_UNSUPPORTED,
++ .gtk_offload_cmdid = WMI_CMD_UNSUPPORTED,
++ .csa_offload_enable_cmdid = WMI_CMD_UNSUPPORTED,
++ .csa_offload_chanswitch_cmdid = WMI_CMD_UNSUPPORTED,
++ .chatter_set_mode_cmdid = WMI_CMD_UNSUPPORTED,
++ .peer_tid_addba_cmdid = WMI_CMD_UNSUPPORTED,
++ .peer_tid_delba_cmdid = WMI_CMD_UNSUPPORTED,
++ .sta_dtim_ps_method_cmdid = WMI_CMD_UNSUPPORTED,
++ .sta_uapsd_auto_trig_cmdid = WMI_CMD_UNSUPPORTED,
++ .sta_keepalive_cmd = WMI_CMD_UNSUPPORTED,
++ .echo_cmdid = WMI_10_2_ECHO_CMDID,
++ .pdev_utf_cmdid = WMI_10_2_PDEV_UTF_CMDID,
++ .dbglog_cfg_cmdid = WMI_10_2_DBGLOG_CFG_CMDID,
++ .pdev_qvit_cmdid = WMI_10_2_PDEV_QVIT_CMDID,
++ .pdev_ftm_intg_cmdid = WMI_CMD_UNSUPPORTED,
++ .vdev_set_keepalive_cmdid = WMI_CMD_UNSUPPORTED,
++ .vdev_get_keepalive_cmdid = WMI_CMD_UNSUPPORTED,
++ .force_fw_hang_cmdid = WMI_CMD_UNSUPPORTED,
++ .gpio_config_cmdid = WMI_10_2_GPIO_CONFIG_CMDID,
++ .gpio_output_cmdid = WMI_10_2_GPIO_OUTPUT_CMDID,
++ .pdev_get_temperature_cmdid = WMI_CMD_UNSUPPORTED,
+ };
+
++void ath10k_wmi_put_wmi_channel(struct wmi_channel *ch,
++ const struct wmi_channel_arg *arg)
++{
++ u32 flags = 0;
++
++ memset(ch, 0, sizeof(*ch));
++
++ if (arg->passive)
++ flags |= WMI_CHAN_FLAG_PASSIVE;
++ if (arg->allow_ibss)
++ flags |= WMI_CHAN_FLAG_ADHOC_ALLOWED;
++ if (arg->allow_ht)
++ flags |= WMI_CHAN_FLAG_ALLOW_HT;
++ if (arg->allow_vht)
++ flags |= WMI_CHAN_FLAG_ALLOW_VHT;
++ if (arg->ht40plus)
++ flags |= WMI_CHAN_FLAG_HT40_PLUS;
++ if (arg->chan_radar)
++ flags |= WMI_CHAN_FLAG_DFS;
++
++ ch->mhz = __cpu_to_le32(arg->freq);
++ ch->band_center_freq1 = __cpu_to_le32(arg->band_center_freq1);
++ ch->band_center_freq2 = 0;
++ ch->min_power = arg->min_power;
++ ch->max_power = arg->max_power;
++ ch->reg_power = arg->max_reg_power;
++ ch->antenna_max = arg->max_antenna_gain;
++
++ /* mode & flags share storage */
++ ch->mode = arg->mode;
++ ch->flags |= __cpu_to_le32(flags);
++}
++
+ int ath10k_wmi_wait_for_service_ready(struct ath10k *ar)
+ {
+ int ret;
++
+ ret = wait_for_completion_timeout(&ar->wmi.service_ready,
+ WMI_SERVICE_READY_TIMEOUT_HZ);
+ return ret;
+@@ -498,23 +894,24 @@ int ath10k_wmi_wait_for_service_ready(st
+ int ath10k_wmi_wait_for_unified_ready(struct ath10k *ar)
+ {
+ int ret;
++
+ ret = wait_for_completion_timeout(&ar->wmi.unified_ready,
+ WMI_UNIFIED_READY_TIMEOUT_HZ);
+ return ret;
+ }
+
+-static struct sk_buff *ath10k_wmi_alloc_skb(u32 len)
++struct sk_buff *ath10k_wmi_alloc_skb(struct ath10k *ar, u32 len)
+ {
+ struct sk_buff *skb;
+ u32 round_len = roundup(len, 4);
+
+- skb = ath10k_htc_alloc_skb(WMI_SKB_HEADROOM + round_len);
++ skb = ath10k_htc_alloc_skb(ar, WMI_SKB_HEADROOM + round_len);
+ if (!skb)
+ return NULL;
+
+ skb_reserve(skb, WMI_SKB_HEADROOM);
+ if (!IS_ALIGNED((unsigned long)skb->data, 4))
+- ath10k_warn("Unaligned WMI skb\n");
++ ath10k_warn(ar, "Unaligned WMI skb\n");
+
+ skb_put(skb, round_len);
+ memset(skb->data, 0, round_len);
+@@ -527,8 +924,8 @@ static void ath10k_wmi_htc_tx_complete(s
+ dev_kfree_skb(skb);
+ }
+
+-static int ath10k_wmi_cmd_send_nowait(struct ath10k *ar, struct sk_buff *skb,
+- u32 cmd_id)
++int ath10k_wmi_cmd_send_nowait(struct ath10k *ar, struct sk_buff *skb,
++ u32 cmd_id)
+ {
+ struct ath10k_skb_cb *skb_cb = ATH10K_SKB_CB(skb);
+ struct wmi_cmd_hdr *cmd_hdr;
+@@ -545,7 +942,7 @@ static int ath10k_wmi_cmd_send_nowait(st
+
+ memset(skb_cb, 0, sizeof(*skb_cb));
+ ret = ath10k_htc_send(&ar->htc, ar->wmi.eid, skb);
+- trace_ath10k_wmi_cmd(cmd_id, skb->data, skb->len, ret);
++ trace_ath10k_wmi_cmd(ar, cmd_id, skb->data, skb->len, ret);
+
+ if (ret)
+ goto err_pull;
+@@ -559,23 +956,45 @@ err_pull:
+
+ static void ath10k_wmi_tx_beacon_nowait(struct ath10k_vif *arvif)
+ {
++ struct ath10k *ar = arvif->ar;
++ struct ath10k_skb_cb *cb;
++ struct sk_buff *bcn;
+ int ret;
+
+- lockdep_assert_held(&arvif->ar->data_lock);
++ spin_lock_bh(&ar->data_lock);
+
+- if (arvif->beacon == NULL)
+- return;
++ bcn = arvif->beacon;
+
+- if (arvif->beacon_sent)
+- return;
++ if (!bcn)
++ goto unlock;
+
+- ret = ath10k_wmi_beacon_send_ref_nowait(arvif);
+- if (ret)
+- return;
++ cb = ATH10K_SKB_CB(bcn);
++
++ switch (arvif->beacon_state) {
++ case ATH10K_BEACON_SENDING:
++ case ATH10K_BEACON_SENT:
++ break;
++ case ATH10K_BEACON_SCHEDULED:
++ arvif->beacon_state = ATH10K_BEACON_SENDING;
++ spin_unlock_bh(&ar->data_lock);
++
++ ret = ath10k_wmi_beacon_send_ref_nowait(arvif->ar,
++ arvif->vdev_id,
++ bcn->data, bcn->len,
++ cb->paddr,
++ cb->bcn.dtim_zero,
++ cb->bcn.deliver_cab);
++
++ spin_lock_bh(&ar->data_lock);
+
+- /* We need to retain the arvif->beacon reference for DMA unmapping and
+- * freeing the skbuff later. */
+- arvif->beacon_sent = true;
++ if (ret == 0)
++ arvif->beacon_state = ATH10K_BEACON_SENT;
++ else
++ arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
++ }
++
++unlock:
++ spin_unlock_bh(&ar->data_lock);
+ }
+
+ static void ath10k_wmi_tx_beacons_iter(void *data, u8 *mac,
+@@ -588,12 +1007,10 @@ static void ath10k_wmi_tx_beacons_iter(v
+
+ static void ath10k_wmi_tx_beacons_nowait(struct ath10k *ar)
+ {
+- spin_lock_bh(&ar->data_lock);
+ ieee80211_iterate_active_interfaces_atomic(ar->hw,
+ IEEE80211_IFACE_ITER_NORMAL,
+ ath10k_wmi_tx_beacons_iter,
+ NULL);
+- spin_unlock_bh(&ar->data_lock);
+ }
+
+ static void ath10k_wmi_op_ep_tx_credits(struct ath10k *ar)
+@@ -604,15 +1021,14 @@ static void ath10k_wmi_op_ep_tx_credits(
+ wake_up(&ar->wmi.tx_credits_wq);
+ }
+
+-static int ath10k_wmi_cmd_send(struct ath10k *ar, struct sk_buff *skb,
+- u32 cmd_id)
++int ath10k_wmi_cmd_send(struct ath10k *ar, struct sk_buff *skb, u32 cmd_id)
+ {
+ int ret = -EOPNOTSUPP;
+
+ might_sleep();
+
+ if (cmd_id == WMI_CMD_UNSUPPORTED) {
+- ath10k_warn("wmi command %d is not supported by firmware\n",
++ ath10k_warn(ar, "wmi command %d is not supported by firmware\n",
+ cmd_id);
+ return ret;
+ }
+@@ -622,6 +1038,10 @@ static int ath10k_wmi_cmd_send(struct at
+ ath10k_wmi_tx_beacons_nowait(ar);
+
+ ret = ath10k_wmi_cmd_send_nowait(ar, skb, cmd_id);
++
++ if (ret && test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags))
++ ret = -ESHUTDOWN;
++
+ (ret != -EAGAIN);
+ }), 3*HZ);
+
+@@ -631,147 +1051,270 @@ static int ath10k_wmi_cmd_send(struct at
+ return ret;
+ }
+
+-int ath10k_wmi_mgmt_tx(struct ath10k *ar, struct sk_buff *skb)
++static struct sk_buff *
++ath10k_wmi_op_gen_mgmt_tx(struct ath10k *ar, struct sk_buff *msdu)
+ {
+- int ret = 0;
+ struct wmi_mgmt_tx_cmd *cmd;
+ struct ieee80211_hdr *hdr;
+- struct sk_buff *wmi_skb;
+- struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
++ struct sk_buff *skb;
+ int len;
++ u32 buf_len = msdu->len;
+ u16 fc;
+
+- hdr = (struct ieee80211_hdr *)skb->data;
++ hdr = (struct ieee80211_hdr *)msdu->data;
+ fc = le16_to_cpu(hdr->frame_control);
+
+ if (WARN_ON_ONCE(!ieee80211_is_mgmt(hdr->frame_control)))
+- return -EINVAL;
++ return ERR_PTR(-EINVAL);
++
++ len = sizeof(cmd->hdr) + msdu->len;
++
++ if ((ieee80211_is_action(hdr->frame_control) ||
++ ieee80211_is_deauth(hdr->frame_control) ||
++ ieee80211_is_disassoc(hdr->frame_control)) &&
++ ieee80211_has_protected(hdr->frame_control)) {
++ len += IEEE80211_CCMP_MIC_LEN;
++ buf_len += IEEE80211_CCMP_MIC_LEN;
++ }
+
+- len = sizeof(cmd->hdr) + skb->len;
+ len = round_up(len, 4);
+
+- wmi_skb = ath10k_wmi_alloc_skb(len);
+- if (!wmi_skb)
+- return -ENOMEM;
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
+
+- cmd = (struct wmi_mgmt_tx_cmd *)wmi_skb->data;
++ cmd = (struct wmi_mgmt_tx_cmd *)skb->data;
+
+- cmd->hdr.vdev_id = __cpu_to_le32(ATH10K_SKB_CB(skb)->vdev_id);
++ cmd->hdr.vdev_id = __cpu_to_le32(ATH10K_SKB_CB(msdu)->vdev_id);
+ cmd->hdr.tx_rate = 0;
+ cmd->hdr.tx_power = 0;
+- cmd->hdr.buf_len = __cpu_to_le32((u32)(skb->len));
++ cmd->hdr.buf_len = __cpu_to_le32(buf_len);
+
+- memcpy(cmd->hdr.peer_macaddr.addr, ieee80211_get_DA(hdr), ETH_ALEN);
+- memcpy(cmd->buf, skb->data, skb->len);
++ ether_addr_copy(cmd->hdr.peer_macaddr.addr, ieee80211_get_DA(hdr));
++ memcpy(cmd->buf, msdu->data, msdu->len);
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi mgmt tx skb %p len %d ftype %02x stype %02x\n",
+- wmi_skb, wmi_skb->len, fc & IEEE80211_FCTL_FTYPE,
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi mgmt tx skb %p len %d ftype %02x stype %02x\n",
++ msdu, skb->len, fc & IEEE80211_FCTL_FTYPE,
+ fc & IEEE80211_FCTL_STYPE);
++ trace_ath10k_tx_hdr(ar, skb->data, skb->len);
++ trace_ath10k_tx_payload(ar, skb->data, skb->len);
+
+- /* Send the management frame buffer to the target */
+- ret = ath10k_wmi_cmd_send(ar, wmi_skb, ar->wmi.cmd->mgmt_tx_cmdid);
+- if (ret)
+- return ret;
+-
+- /* TODO: report tx status to mac80211 - temporary just ACK */
+- info->flags |= IEEE80211_TX_STAT_ACK;
+- ieee80211_tx_status_irqsafe(ar->hw, skb);
+-
+- return ret;
++ return skb;
+ }
+
+-static int ath10k_wmi_event_scan(struct ath10k *ar, struct sk_buff *skb)
++static void ath10k_wmi_event_scan_started(struct ath10k *ar)
+ {
+- struct wmi_scan_event *event = (struct wmi_scan_event *)skb->data;
+- enum wmi_scan_event_type event_type;
+- enum wmi_scan_completion_reason reason;
+- u32 freq;
+- u32 req_id;
+- u32 scan_id;
+- u32 vdev_id;
+-
+- event_type = __le32_to_cpu(event->event_type);
+- reason = __le32_to_cpu(event->reason);
+- freq = __le32_to_cpu(event->channel_freq);
+- req_id = __le32_to_cpu(event->scan_req_id);
+- scan_id = __le32_to_cpu(event->scan_id);
+- vdev_id = __le32_to_cpu(event->vdev_id);
+-
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_SCAN_EVENTID\n");
+- ath10k_dbg(ATH10K_DBG_WMI,
+- "scan event type %d reason %d freq %d req_id %d "
+- "scan_id %d vdev_id %d\n",
+- event_type, reason, freq, req_id, scan_id, vdev_id);
++ lockdep_assert_held(&ar->data_lock);
+
+- spin_lock_bh(&ar->data_lock);
++ switch (ar->scan.state) {
++ case ATH10K_SCAN_IDLE:
++ case ATH10K_SCAN_RUNNING:
++ case ATH10K_SCAN_ABORTING:
++ ath10k_warn(ar, "received scan started event in an invalid scan state: %s (%d)\n",
++ ath10k_scan_state_str(ar->scan.state),
++ ar->scan.state);
++ break;
++ case ATH10K_SCAN_STARTING:
++ ar->scan.state = ATH10K_SCAN_RUNNING;
+
+- switch (event_type) {
+- case WMI_SCAN_EVENT_STARTED:
+- ath10k_dbg(ATH10K_DBG_WMI, "SCAN_EVENT_STARTED\n");
+- if (ar->scan.in_progress && ar->scan.is_roc)
++ if (ar->scan.is_roc)
+ ieee80211_ready_on_channel(ar->hw);
+
+ complete(&ar->scan.started);
+ break;
+- case WMI_SCAN_EVENT_COMPLETED:
+- ath10k_dbg(ATH10K_DBG_WMI, "SCAN_EVENT_COMPLETED\n");
+- switch (reason) {
+- case WMI_SCAN_REASON_COMPLETED:
+- ath10k_dbg(ATH10K_DBG_WMI, "SCAN_REASON_COMPLETED\n");
+- break;
+- case WMI_SCAN_REASON_CANCELLED:
+- ath10k_dbg(ATH10K_DBG_WMI, "SCAN_REASON_CANCELED\n");
+- break;
+- case WMI_SCAN_REASON_PREEMPTED:
+- ath10k_dbg(ATH10K_DBG_WMI, "SCAN_REASON_PREEMPTED\n");
+- break;
+- case WMI_SCAN_REASON_TIMEDOUT:
+- ath10k_dbg(ATH10K_DBG_WMI, "SCAN_REASON_TIMEDOUT\n");
+- break;
+- default:
+- break;
+- }
+-
+- ar->scan_channel = NULL;
+- if (!ar->scan.in_progress) {
+- ath10k_warn("no scan requested, ignoring\n");
+- break;
+- }
+-
+- if (ar->scan.is_roc) {
+- ath10k_offchan_tx_purge(ar);
++ }
++}
+
+- if (!ar->scan.aborting)
+- ieee80211_remain_on_channel_expired(ar->hw);
+- } else {
+- ieee80211_scan_completed(ar->hw, ar->scan.aborting);
+- }
++static void ath10k_wmi_event_scan_start_failed(struct ath10k *ar)
++{
++ lockdep_assert_held(&ar->data_lock);
+
+- del_timer(&ar->scan.timeout);
+- complete_all(&ar->scan.completed);
+- ar->scan.in_progress = false;
++ switch (ar->scan.state) {
++ case ATH10K_SCAN_IDLE:
++ case ATH10K_SCAN_RUNNING:
++ case ATH10K_SCAN_ABORTING:
++ ath10k_warn(ar, "received scan start failed event in an invalid scan state: %s (%d)\n",
++ ath10k_scan_state_str(ar->scan.state),
++ ar->scan.state);
+ break;
+- case WMI_SCAN_EVENT_BSS_CHANNEL:
+- ath10k_dbg(ATH10K_DBG_WMI, "SCAN_EVENT_BSS_CHANNEL\n");
+- ar->scan_channel = NULL;
++ case ATH10K_SCAN_STARTING:
++ complete(&ar->scan.started);
++ __ath10k_scan_finish(ar);
+ break;
+- case WMI_SCAN_EVENT_FOREIGN_CHANNEL:
+- ath10k_dbg(ATH10K_DBG_WMI, "SCAN_EVENT_FOREIGN_CHANNEL\n");
++ }
++}
++
++static void ath10k_wmi_event_scan_completed(struct ath10k *ar)
++{
++ lockdep_assert_held(&ar->data_lock);
++
++ switch (ar->scan.state) {
++ case ATH10K_SCAN_IDLE:
++ case ATH10K_SCAN_STARTING:
++ /* One suspected reason scan can be completed while starting is
++ * if firmware fails to deliver all scan events to the host,
++ * e.g. when transport pipe is full. This has been observed
++ * with spectral scan phyerr events starving wmi transport
++ * pipe. In such case the "scan completed" event should be (and
++ * is) ignored by the host as it may be just firmware's scan
++ * state machine recovering.
++ */
++ ath10k_warn(ar, "received scan completed event in an invalid scan state: %s (%d)\n",
++ ath10k_scan_state_str(ar->scan.state),
++ ar->scan.state);
++ break;
++ case ATH10K_SCAN_RUNNING:
++ case ATH10K_SCAN_ABORTING:
++ __ath10k_scan_finish(ar);
++ break;
++ }
++}
++
++static void ath10k_wmi_event_scan_bss_chan(struct ath10k *ar)
++{
++ lockdep_assert_held(&ar->data_lock);
++
++ switch (ar->scan.state) {
++ case ATH10K_SCAN_IDLE:
++ case ATH10K_SCAN_STARTING:
++ ath10k_warn(ar, "received scan bss chan event in an invalid scan state: %s (%d)\n",
++ ath10k_scan_state_str(ar->scan.state),
++ ar->scan.state);
++ break;
++ case ATH10K_SCAN_RUNNING:
++ case ATH10K_SCAN_ABORTING:
++ ar->scan_channel = NULL;
++ break;
++ }
++}
++
++static void ath10k_wmi_event_scan_foreign_chan(struct ath10k *ar, u32 freq)
++{
++ lockdep_assert_held(&ar->data_lock);
++
++ switch (ar->scan.state) {
++ case ATH10K_SCAN_IDLE:
++ case ATH10K_SCAN_STARTING:
++ ath10k_warn(ar, "received scan foreign chan event in an invalid scan state: %s (%d)\n",
++ ath10k_scan_state_str(ar->scan.state),
++ ar->scan.state);
++ break;
++ case ATH10K_SCAN_RUNNING:
++ case ATH10K_SCAN_ABORTING:
+ ar->scan_channel = ieee80211_get_channel(ar->hw->wiphy, freq);
+- if (ar->scan.in_progress && ar->scan.is_roc &&
+- ar->scan.roc_freq == freq) {
++
++ if (ar->scan.is_roc && ar->scan.roc_freq == freq)
+ complete(&ar->scan.on_channel);
+- }
+ break;
++ }
++}
++
++static const char *
++ath10k_wmi_event_scan_type_str(enum wmi_scan_event_type type,
++ enum wmi_scan_completion_reason reason)
++{
++ switch (type) {
++ case WMI_SCAN_EVENT_STARTED:
++ return "started";
++ case WMI_SCAN_EVENT_COMPLETED:
++ switch (reason) {
++ case WMI_SCAN_REASON_COMPLETED:
++ return "completed";
++ case WMI_SCAN_REASON_CANCELLED:
++ return "completed [cancelled]";
++ case WMI_SCAN_REASON_PREEMPTED:
++ return "completed [preempted]";
++ case WMI_SCAN_REASON_TIMEDOUT:
++ return "completed [timedout]";
++ case WMI_SCAN_REASON_MAX:
++ break;
++ }
++ return "completed [unknown]";
++ case WMI_SCAN_EVENT_BSS_CHANNEL:
++ return "bss channel";
++ case WMI_SCAN_EVENT_FOREIGN_CHANNEL:
++ return "foreign channel";
+ case WMI_SCAN_EVENT_DEQUEUED:
+- ath10k_dbg(ATH10K_DBG_WMI, "SCAN_EVENT_DEQUEUED\n");
+- break;
++ return "dequeued";
+ case WMI_SCAN_EVENT_PREEMPTED:
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_SCAN_EVENT_PREEMPTED\n");
++ return "preempted";
++ case WMI_SCAN_EVENT_START_FAILED:
++ return "start failed";
++ default:
++ return "unknown";
++ }
++}
++
++static int ath10k_wmi_op_pull_scan_ev(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_scan_ev_arg *arg)
++{
++ struct wmi_scan_event *ev = (void *)skb->data;
++
++ if (skb->len < sizeof(*ev))
++ return -EPROTO;
++
++ skb_pull(skb, sizeof(*ev));
++ arg->event_type = ev->event_type;
++ arg->reason = ev->reason;
++ arg->channel_freq = ev->channel_freq;
++ arg->scan_req_id = ev->scan_req_id;
++ arg->scan_id = ev->scan_id;
++ arg->vdev_id = ev->vdev_id;
++
++ return 0;
++}
++
++int ath10k_wmi_event_scan(struct ath10k *ar, struct sk_buff *skb)
++{
++ struct wmi_scan_ev_arg arg = {};
++ enum wmi_scan_event_type event_type;
++ enum wmi_scan_completion_reason reason;
++ u32 freq;
++ u32 req_id;
++ u32 scan_id;
++ u32 vdev_id;
++ int ret;
++
++ ret = ath10k_wmi_pull_scan(ar, skb, &arg);
++ if (ret) {
++ ath10k_warn(ar, "failed to parse scan event: %d\n", ret);
++ return ret;
++ }
++
++ event_type = __le32_to_cpu(arg.event_type);
++ reason = __le32_to_cpu(arg.reason);
++ freq = __le32_to_cpu(arg.channel_freq);
++ req_id = __le32_to_cpu(arg.scan_req_id);
++ scan_id = __le32_to_cpu(arg.scan_id);
++ vdev_id = __le32_to_cpu(arg.vdev_id);
++
++ spin_lock_bh(&ar->data_lock);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "scan event %s type %d reason %d freq %d req_id %d scan_id %d vdev_id %d state %s (%d)\n",
++ ath10k_wmi_event_scan_type_str(event_type, reason),
++ event_type, reason, freq, req_id, scan_id, vdev_id,
++ ath10k_scan_state_str(ar->scan.state), ar->scan.state);
++
++ switch (event_type) {
++ case WMI_SCAN_EVENT_STARTED:
++ ath10k_wmi_event_scan_started(ar);
++ break;
++ case WMI_SCAN_EVENT_COMPLETED:
++ ath10k_wmi_event_scan_completed(ar);
++ break;
++ case WMI_SCAN_EVENT_BSS_CHANNEL:
++ ath10k_wmi_event_scan_bss_chan(ar);
++ break;
++ case WMI_SCAN_EVENT_FOREIGN_CHANNEL:
++ ath10k_wmi_event_scan_foreign_chan(ar, freq);
+ break;
+ case WMI_SCAN_EVENT_START_FAILED:
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_SCAN_EVENT_START_FAILED\n");
++ ath10k_warn(ar, "received scan start failure event\n");
++ ath10k_wmi_event_scan_start_failed(ar);
+ break;
++ case WMI_SCAN_EVENT_DEQUEUED:
++ case WMI_SCAN_EVENT_PREEMPTED:
+ default:
+ break;
+ }
+@@ -865,13 +1408,86 @@ static inline u8 get_rate_idx(u32 rate,
+ return rate_idx;
+ }
+
+-static int ath10k_wmi_event_mgmt_rx(struct ath10k *ar, struct sk_buff *skb)
++/* If keys are configured, HW decrypts all frames
++ * with protected bit set. Mark such frames as decrypted.
++ */
++static void ath10k_wmi_handle_wep_reauth(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct ieee80211_rx_status *status)
++{
++ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
++ unsigned int hdrlen;
++ bool peer_key;
++ u8 *addr, keyidx;
++
++ if (!ieee80211_is_auth(hdr->frame_control) ||
++ !ieee80211_has_protected(hdr->frame_control))
++ return;
++
++ hdrlen = ieee80211_hdrlen(hdr->frame_control);
++ if (skb->len < (hdrlen + IEEE80211_WEP_IV_LEN))
++ return;
++
++ keyidx = skb->data[hdrlen + (IEEE80211_WEP_IV_LEN - 1)] >> WEP_KEYID_SHIFT;
++ addr = ieee80211_get_SA(hdr);
++
++ spin_lock_bh(&ar->data_lock);
++ peer_key = ath10k_mac_is_peer_wep_key_set(ar, addr, keyidx);
++ spin_unlock_bh(&ar->data_lock);
++
++ if (peer_key) {
++ ath10k_dbg(ar, ATH10K_DBG_MAC,
++ "mac wep key present for peer %pM\n", addr);
++ status->flag |= RX_FLAG_DECRYPTED;
++ }
++}
++
++static int ath10k_wmi_op_pull_mgmt_rx_ev(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_mgmt_rx_ev_arg *arg)
+ {
+ struct wmi_mgmt_rx_event_v1 *ev_v1;
+ struct wmi_mgmt_rx_event_v2 *ev_v2;
+ struct wmi_mgmt_rx_hdr_v1 *ev_hdr;
++ size_t pull_len;
++ u32 msdu_len;
++
++ if (test_bit(ATH10K_FW_FEATURE_EXT_WMI_MGMT_RX, ar->fw_features)) {
++ ev_v2 = (struct wmi_mgmt_rx_event_v2 *)skb->data;
++ ev_hdr = &ev_v2->hdr.v1;
++ pull_len = sizeof(*ev_v2);
++ } else {
++ ev_v1 = (struct wmi_mgmt_rx_event_v1 *)skb->data;
++ ev_hdr = &ev_v1->hdr;
++ pull_len = sizeof(*ev_v1);
++ }
++
++ if (skb->len < pull_len)
++ return -EPROTO;
++
++ skb_pull(skb, pull_len);
++ arg->channel = ev_hdr->channel;
++ arg->buf_len = ev_hdr->buf_len;
++ arg->status = ev_hdr->status;
++ arg->snr = ev_hdr->snr;
++ arg->phy_mode = ev_hdr->phy_mode;
++ arg->rate = ev_hdr->rate;
++
++ msdu_len = __le32_to_cpu(arg->buf_len);
++ if (skb->len < msdu_len)
++ return -EPROTO;
++
++ /* the WMI buffer might've ended up being padded to 4 bytes due to HTC
++ * trailer with credit update. Trim the excess garbage.
++ */
++ skb_trim(skb, msdu_len);
++
++ return 0;
++}
++
++int ath10k_wmi_event_mgmt_rx(struct ath10k *ar, struct sk_buff *skb)
++{
++ struct wmi_mgmt_rx_ev_arg arg = {};
+ struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
+- struct ieee80211_channel *ch;
+ struct ieee80211_hdr *hdr;
+ u32 rx_status;
+ u32 channel;
+@@ -880,28 +1496,24 @@ static int ath10k_wmi_event_mgmt_rx(stru
+ u32 rate;
+ u32 buf_len;
+ u16 fc;
+- int pull_len;
++ int ret;
+
+- if (test_bit(ATH10K_FW_FEATURE_EXT_WMI_MGMT_RX, ar->fw_features)) {
+- ev_v2 = (struct wmi_mgmt_rx_event_v2 *)skb->data;
+- ev_hdr = &ev_v2->hdr.v1;
+- pull_len = sizeof(*ev_v2);
+- } else {
+- ev_v1 = (struct wmi_mgmt_rx_event_v1 *)skb->data;
+- ev_hdr = &ev_v1->hdr;
+- pull_len = sizeof(*ev_v1);
++ ret = ath10k_wmi_pull_mgmt_rx(ar, skb, &arg);
++ if (ret) {
++ ath10k_warn(ar, "failed to parse mgmt rx event: %d\n", ret);
++ return ret;
+ }
+
+- channel = __le32_to_cpu(ev_hdr->channel);
+- buf_len = __le32_to_cpu(ev_hdr->buf_len);
+- rx_status = __le32_to_cpu(ev_hdr->status);
+- snr = __le32_to_cpu(ev_hdr->snr);
+- phy_mode = __le32_to_cpu(ev_hdr->phy_mode);
+- rate = __le32_to_cpu(ev_hdr->rate);
++ channel = __le32_to_cpu(arg.channel);
++ buf_len = __le32_to_cpu(arg.buf_len);
++ rx_status = __le32_to_cpu(arg.status);
++ snr = __le32_to_cpu(arg.snr);
++ phy_mode = __le32_to_cpu(arg.phy_mode);
++ rate = __le32_to_cpu(arg.rate);
+
+ memset(status, 0, sizeof(*status));
+
+- ath10k_dbg(ATH10K_DBG_MGMT,
++ ath10k_dbg(ar, ATH10K_DBG_MGMT,
+ "event mgmt rx status %08x\n", rx_status);
+
+ if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags)) {
+@@ -919,66 +1531,70 @@ static int ath10k_wmi_event_mgmt_rx(stru
+ return 0;
+ }
+
+- if (rx_status & WMI_RX_STATUS_ERR_CRC)
+- status->flag |= RX_FLAG_FAILED_FCS_CRC;
++ if (rx_status & WMI_RX_STATUS_ERR_CRC) {
++ dev_kfree_skb(skb);
++ return 0;
++ }
++
+ if (rx_status & WMI_RX_STATUS_ERR_MIC)
+ status->flag |= RX_FLAG_MMIC_ERROR;
+
+- /* HW can Rx CCK rates on 5GHz. In that case phy_mode is set to
++ /* Hardware can Rx CCK rates on 5GHz. In that case phy_mode is set to
+ * MODE_11B. This means phy_mode is not a reliable source for the band
+- * of mgmt rx. */
+-
+- ch = ar->scan_channel;
+- if (!ch)
+- ch = ar->rx_channel;
+-
+- if (ch) {
+- status->band = ch->band;
+-
+- if (phy_mode == MODE_11B &&
+- status->band == IEEE80211_BAND_5GHZ)
+- ath10k_dbg(ATH10K_DBG_MGMT, "wmi mgmt rx 11b (CCK) on 5GHz\n");
++ * of mgmt rx.
++ */
++ if (channel >= 1 && channel <= 14) {
++ status->band = IEEE80211_BAND_2GHZ;
++ } else if (channel >= 36 && channel <= 165) {
++ status->band = IEEE80211_BAND_5GHZ;
+ } else {
+- ath10k_warn("using (unreliable) phy_mode to extract band for mgmt rx\n");
+- status->band = phy_mode_to_band(phy_mode);
++ /* Shouldn't happen unless list of advertised channels to
++ * mac80211 has been changed.
++ */
++ WARN_ON_ONCE(1);
++ dev_kfree_skb(skb);
++ return 0;
+ }
+
++ if (phy_mode == MODE_11B && status->band == IEEE80211_BAND_5GHZ)
++ ath10k_dbg(ar, ATH10K_DBG_MGMT, "wmi mgmt rx 11b (CCK) on 5GHz\n");
++
+ status->freq = ieee80211_channel_to_frequency(channel, status->band);
+ status->signal = snr + ATH10K_DEFAULT_NOISE_FLOOR;
+ status->rate_idx = get_rate_idx(rate, status->band);
+
+- skb_pull(skb, pull_len);
+-
+ hdr = (struct ieee80211_hdr *)skb->data;
+ fc = le16_to_cpu(hdr->frame_control);
+
++ ath10k_wmi_handle_wep_reauth(ar, skb, status);
++
+ /* FW delivers WEP Shared Auth frame with Protected Bit set and
+ * encrypted payload. However in case of PMF it delivers decrypted
+ * frames with Protected Bit set. */
+ if (ieee80211_has_protected(hdr->frame_control) &&
+ !ieee80211_is_auth(hdr->frame_control)) {
+- status->flag |= RX_FLAG_DECRYPTED | RX_FLAG_IV_STRIPPED |
+- RX_FLAG_MMIC_STRIPPED;
+- hdr->frame_control = __cpu_to_le16(fc &
++ status->flag |= RX_FLAG_DECRYPTED;
++
++ if (!ieee80211_is_action(hdr->frame_control) &&
++ !ieee80211_is_deauth(hdr->frame_control) &&
++ !ieee80211_is_disassoc(hdr->frame_control)) {
++ status->flag |= RX_FLAG_IV_STRIPPED |
++ RX_FLAG_MMIC_STRIPPED;
++ hdr->frame_control = __cpu_to_le16(fc &
+ ~IEEE80211_FCTL_PROTECTED);
++ }
+ }
+
+- ath10k_dbg(ATH10K_DBG_MGMT,
++ ath10k_dbg(ar, ATH10K_DBG_MGMT,
+ "event mgmt rx skb %p len %d ftype %02x stype %02x\n",
+ skb, skb->len,
+ fc & IEEE80211_FCTL_FTYPE, fc & IEEE80211_FCTL_STYPE);
+
+- ath10k_dbg(ATH10K_DBG_MGMT,
++ ath10k_dbg(ar, ATH10K_DBG_MGMT,
+ "event mgmt rx freq %d band %d snr %d, rate_idx %d\n",
+ status->freq, status->band, status->signal,
+ status->rate_idx);
+
+- /*
+- * packets from HTC come aligned to 4byte boundaries
+- * because they can originally come in along with a trailer
+- */
+- skb_trim(skb, buf_len);
+-
+ ieee80211_rx(ar->hw, skb);
+ return 0;
+ }
+@@ -1002,37 +1618,65 @@ exit:
+ return idx;
+ }
+
+-static void ath10k_wmi_event_chan_info(struct ath10k *ar, struct sk_buff *skb)
++static int ath10k_wmi_op_pull_ch_info_ev(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_ch_info_ev_arg *arg)
++{
++ struct wmi_chan_info_event *ev = (void *)skb->data;
++
++ if (skb->len < sizeof(*ev))
++ return -EPROTO;
++
++ skb_pull(skb, sizeof(*ev));
++ arg->err_code = ev->err_code;
++ arg->freq = ev->freq;
++ arg->cmd_flags = ev->cmd_flags;
++ arg->noise_floor = ev->noise_floor;
++ arg->rx_clear_count = ev->rx_clear_count;
++ arg->cycle_count = ev->cycle_count;
++
++ return 0;
++}
++
++void ath10k_wmi_event_chan_info(struct ath10k *ar, struct sk_buff *skb)
+ {
+- struct wmi_chan_info_event *ev;
++ struct wmi_ch_info_ev_arg arg = {};
+ struct survey_info *survey;
+ u32 err_code, freq, cmd_flags, noise_floor, rx_clear_count, cycle_count;
+- int idx;
++ int idx, ret;
+
+- ev = (struct wmi_chan_info_event *)skb->data;
++ ret = ath10k_wmi_pull_ch_info(ar, skb, &arg);
++ if (ret) {
++ ath10k_warn(ar, "failed to parse chan info event: %d\n", ret);
++ return;
++ }
+
+- err_code = __le32_to_cpu(ev->err_code);
+- freq = __le32_to_cpu(ev->freq);
+- cmd_flags = __le32_to_cpu(ev->cmd_flags);
+- noise_floor = __le32_to_cpu(ev->noise_floor);
+- rx_clear_count = __le32_to_cpu(ev->rx_clear_count);
+- cycle_count = __le32_to_cpu(ev->cycle_count);
++ err_code = __le32_to_cpu(arg.err_code);
++ freq = __le32_to_cpu(arg.freq);
++ cmd_flags = __le32_to_cpu(arg.cmd_flags);
++ noise_floor = __le32_to_cpu(arg.noise_floor);
++ rx_clear_count = __le32_to_cpu(arg.rx_clear_count);
++ cycle_count = __le32_to_cpu(arg.cycle_count);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "chan info err_code %d freq %d cmd_flags %d noise_floor %d rx_clear_count %d cycle_count %d\n",
+ err_code, freq, cmd_flags, noise_floor, rx_clear_count,
+ cycle_count);
+
+ spin_lock_bh(&ar->data_lock);
+
+- if (!ar->scan.in_progress) {
+- ath10k_warn("chan info event without a scan request?\n");
++ switch (ar->scan.state) {
++ case ATH10K_SCAN_IDLE:
++ case ATH10K_SCAN_STARTING:
++ ath10k_warn(ar, "received chan info event without a scan request, ignoring\n");
+ goto exit;
++ case ATH10K_SCAN_RUNNING:
++ case ATH10K_SCAN_ABORTING:
++ break;
+ }
+
+ idx = freq_to_idx(ar, freq);
+ if (idx >= ARRAY_SIZE(ar->survey)) {
+- ath10k_warn("chan info: invalid frequency %d (idx %d out of bounds)\n",
++ ath10k_warn(ar, "chan info: invalid frequency %d (idx %d out of bounds)\n",
+ freq, idx);
+ goto exit;
+ }
+@@ -1061,191 +1705,579 @@ exit:
+ spin_unlock_bh(&ar->data_lock);
+ }
+
+-static void ath10k_wmi_event_echo(struct ath10k *ar, struct sk_buff *skb)
++void ath10k_wmi_event_echo(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_ECHO_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_ECHO_EVENTID\n");
+ }
+
+-static int ath10k_wmi_event_debug_mesg(struct ath10k *ar, struct sk_buff *skb)
++int ath10k_wmi_event_debug_mesg(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi event debug mesg len %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi event debug mesg len %d\n",
+ skb->len);
+
+- trace_ath10k_wmi_dbglog(skb->data, skb->len);
++ trace_ath10k_wmi_dbglog(ar, skb->data, skb->len);
+
+ return 0;
+ }
+
+-static void ath10k_wmi_event_update_stats(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_pull_pdev_stats_base(const struct wmi_pdev_stats_base *src,
++ struct ath10k_fw_stats_pdev *dst)
+ {
+- struct wmi_stats_event *ev = (struct wmi_stats_event *)skb->data;
+-
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_UPDATE_STATS_EVENTID\n");
+-
+- ath10k_debug_read_target_stats(ar, ev);
+-}
+-
+-static void ath10k_wmi_event_vdev_start_resp(struct ath10k *ar,
+- struct sk_buff *skb)
++ dst->ch_noise_floor = __le32_to_cpu(src->chan_nf);
++ dst->tx_frame_count = __le32_to_cpu(src->tx_frame_count);
++ dst->rx_frame_count = __le32_to_cpu(src->rx_frame_count);
++ dst->rx_clear_count = __le32_to_cpu(src->rx_clear_count);
++ dst->cycle_count = __le32_to_cpu(src->cycle_count);
++ dst->phy_err_count = __le32_to_cpu(src->phy_err_count);
++ dst->chan_tx_power = __le32_to_cpu(src->chan_tx_pwr);
++}
++
++void ath10k_wmi_pull_pdev_stats_tx(const struct wmi_pdev_stats_tx *src,
++ struct ath10k_fw_stats_pdev *dst)
++{
++ dst->comp_queued = __le32_to_cpu(src->comp_queued);
++ dst->comp_delivered = __le32_to_cpu(src->comp_delivered);
++ dst->msdu_enqued = __le32_to_cpu(src->msdu_enqued);
++ dst->mpdu_enqued = __le32_to_cpu(src->mpdu_enqued);
++ dst->wmm_drop = __le32_to_cpu(src->wmm_drop);
++ dst->local_enqued = __le32_to_cpu(src->local_enqued);
++ dst->local_freed = __le32_to_cpu(src->local_freed);
++ dst->hw_queued = __le32_to_cpu(src->hw_queued);
++ dst->hw_reaped = __le32_to_cpu(src->hw_reaped);
++ dst->underrun = __le32_to_cpu(src->underrun);
++ dst->tx_abort = __le32_to_cpu(src->tx_abort);
++ dst->mpdus_requed = __le32_to_cpu(src->mpdus_requed);
++ dst->tx_ko = __le32_to_cpu(src->tx_ko);
++ dst->data_rc = __le32_to_cpu(src->data_rc);
++ dst->self_triggers = __le32_to_cpu(src->self_triggers);
++ dst->sw_retry_failure = __le32_to_cpu(src->sw_retry_failure);
++ dst->illgl_rate_phy_err = __le32_to_cpu(src->illgl_rate_phy_err);
++ dst->pdev_cont_xretry = __le32_to_cpu(src->pdev_cont_xretry);
++ dst->pdev_tx_timeout = __le32_to_cpu(src->pdev_tx_timeout);
++ dst->pdev_resets = __le32_to_cpu(src->pdev_resets);
++ dst->phy_underrun = __le32_to_cpu(src->phy_underrun);
++ dst->txop_ovf = __le32_to_cpu(src->txop_ovf);
++}
++
++void ath10k_wmi_pull_pdev_stats_rx(const struct wmi_pdev_stats_rx *src,
++ struct ath10k_fw_stats_pdev *dst)
++{
++ dst->mid_ppdu_route_change = __le32_to_cpu(src->mid_ppdu_route_change);
++ dst->status_rcvd = __le32_to_cpu(src->status_rcvd);
++ dst->r0_frags = __le32_to_cpu(src->r0_frags);
++ dst->r1_frags = __le32_to_cpu(src->r1_frags);
++ dst->r2_frags = __le32_to_cpu(src->r2_frags);
++ dst->r3_frags = __le32_to_cpu(src->r3_frags);
++ dst->htt_msdus = __le32_to_cpu(src->htt_msdus);
++ dst->htt_mpdus = __le32_to_cpu(src->htt_mpdus);
++ dst->loc_msdus = __le32_to_cpu(src->loc_msdus);
++ dst->loc_mpdus = __le32_to_cpu(src->loc_mpdus);
++ dst->oversize_amsdu = __le32_to_cpu(src->oversize_amsdu);
++ dst->phy_errs = __le32_to_cpu(src->phy_errs);
++ dst->phy_err_drop = __le32_to_cpu(src->phy_err_drop);
++ dst->mpdu_errs = __le32_to_cpu(src->mpdu_errs);
++}
++
++void ath10k_wmi_pull_pdev_stats_extra(const struct wmi_pdev_stats_extra *src,
++ struct ath10k_fw_stats_pdev *dst)
++{
++ dst->ack_rx_bad = __le32_to_cpu(src->ack_rx_bad);
++ dst->rts_bad = __le32_to_cpu(src->rts_bad);
++ dst->rts_good = __le32_to_cpu(src->rts_good);
++ dst->fcs_bad = __le32_to_cpu(src->fcs_bad);
++ dst->no_beacons = __le32_to_cpu(src->no_beacons);
++ dst->mib_int_count = __le32_to_cpu(src->mib_int_count);
++}
++
++void ath10k_wmi_pull_peer_stats(const struct wmi_peer_stats *src,
++ struct ath10k_fw_stats_peer *dst)
++{
++ ether_addr_copy(dst->peer_macaddr, src->peer_macaddr.addr);
++ dst->peer_rssi = __le32_to_cpu(src->peer_rssi);
++ dst->peer_tx_rate = __le32_to_cpu(src->peer_tx_rate);
++}
++
++static int ath10k_wmi_main_op_pull_fw_stats(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct ath10k_fw_stats *stats)
+ {
+- struct wmi_vdev_start_response_event *ev;
++ const struct wmi_stats_event *ev = (void *)skb->data;
++ u32 num_pdev_stats, num_vdev_stats, num_peer_stats;
++ int i;
+
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_VDEV_START_RESP_EVENTID\n");
++ if (!skb_pull(skb, sizeof(*ev)))
++ return -EPROTO;
+
+- ev = (struct wmi_vdev_start_response_event *)skb->data;
++ num_pdev_stats = __le32_to_cpu(ev->num_pdev_stats);
++ num_vdev_stats = __le32_to_cpu(ev->num_vdev_stats);
++ num_peer_stats = __le32_to_cpu(ev->num_peer_stats);
++
++ for (i = 0; i < num_pdev_stats; i++) {
++ const struct wmi_pdev_stats *src;
++ struct ath10k_fw_stats_pdev *dst;
++
++ src = (void *)skb->data;
++ if (!skb_pull(skb, sizeof(*src)))
++ return -EPROTO;
+
+- if (WARN_ON(__le32_to_cpu(ev->status)))
+- return;
++ dst = kzalloc(sizeof(*dst), GFP_ATOMIC);
++ if (!dst)
++ continue;
+
+- complete(&ar->vdev_setup_done);
+-}
++ ath10k_wmi_pull_pdev_stats_base(&src->base, dst);
++ ath10k_wmi_pull_pdev_stats_tx(&src->tx, dst);
++ ath10k_wmi_pull_pdev_stats_rx(&src->rx, dst);
+
+-static void ath10k_wmi_event_vdev_stopped(struct ath10k *ar,
+- struct sk_buff *skb)
+-{
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_VDEV_STOPPED_EVENTID\n");
+- complete(&ar->vdev_setup_done);
+-}
++ list_add_tail(&dst->list, &stats->pdevs);
++ }
+
+-static void ath10k_wmi_event_peer_sta_kickout(struct ath10k *ar,
+- struct sk_buff *skb)
+-{
+- struct wmi_peer_sta_kickout_event *ev;
+- struct ieee80211_sta *sta;
++ /* fw doesn't implement vdev stats */
+
+- ev = (struct wmi_peer_sta_kickout_event *)skb->data;
++ for (i = 0; i < num_peer_stats; i++) {
++ const struct wmi_peer_stats *src;
++ struct ath10k_fw_stats_peer *dst;
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi event peer sta kickout %pM\n",
+- ev->peer_macaddr.addr);
++ src = (void *)skb->data;
++ if (!skb_pull(skb, sizeof(*src)))
++ return -EPROTO;
+
+- rcu_read_lock();
++ dst = kzalloc(sizeof(*dst), GFP_ATOMIC);
++ if (!dst)
++ continue;
+
+- sta = ieee80211_find_sta_by_ifaddr(ar->hw, ev->peer_macaddr.addr, NULL);
+- if (!sta) {
+- ath10k_warn("Spurious quick kickout for STA %pM\n",
+- ev->peer_macaddr.addr);
+- goto exit;
++ ath10k_wmi_pull_peer_stats(src, dst);
++ list_add_tail(&dst->list, &stats->peers);
+ }
+
+- ieee80211_report_low_ack(sta, 10);
+-
+-exit:
+- rcu_read_unlock();
++ return 0;
+ }
+
+-/*
+- * FIXME
+- *
+- * We don't report to mac80211 sleep state of connected
+- * stations. Due to this mac80211 can't fill in TIM IE
+- * correctly.
+- *
+- * I know of no way of getting nullfunc frames that contain
+- * sleep transition from connected stations - these do not
+- * seem to be sent from the target to the host. There also
+- * doesn't seem to be a dedicated event for that. So the
+- * only way left to do this would be to read tim_bitmap
+- * during SWBA.
+- *
+- * We could probably try using tim_bitmap from SWBA to tell
+- * mac80211 which stations are asleep and which are not. The
+- * problem here is calling mac80211 functions so many times
+- * could take too long and make us miss the time to submit
+- * the beacon to the target.
+- *
+- * So as a workaround we try to extend the TIM IE if there
+- * is unicast buffered for stations with aid > 7 and fill it
+- * in ourselves.
+- */
+-static void ath10k_wmi_update_tim(struct ath10k *ar,
+- struct ath10k_vif *arvif,
+- struct sk_buff *bcn,
+- struct wmi_bcn_info *bcn_info)
++static int ath10k_wmi_10x_op_pull_fw_stats(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct ath10k_fw_stats *stats)
+ {
+- struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)bcn->data;
+- struct ieee80211_tim_ie *tim;
+- u8 *ies, *ie;
+- u8 ie_len, pvm_len;
++ const struct wmi_stats_event *ev = (void *)skb->data;
++ u32 num_pdev_stats, num_vdev_stats, num_peer_stats;
++ int i;
+
+- /* if next SWBA has no tim_changed the tim_bitmap is garbage.
+- * we must copy the bitmap upon change and reuse it later */
+- if (__le32_to_cpu(bcn_info->tim_info.tim_changed)) {
+- int i;
++ if (!skb_pull(skb, sizeof(*ev)))
++ return -EPROTO;
+
+- BUILD_BUG_ON(sizeof(arvif->u.ap.tim_bitmap) !=
+- sizeof(bcn_info->tim_info.tim_bitmap));
++ num_pdev_stats = __le32_to_cpu(ev->num_pdev_stats);
++ num_vdev_stats = __le32_to_cpu(ev->num_vdev_stats);
++ num_peer_stats = __le32_to_cpu(ev->num_peer_stats);
++
++ for (i = 0; i < num_pdev_stats; i++) {
++ const struct wmi_10x_pdev_stats *src;
++ struct ath10k_fw_stats_pdev *dst;
++
++ src = (void *)skb->data;
++ if (!skb_pull(skb, sizeof(*src)))
++ return -EPROTO;
+
+- for (i = 0; i < sizeof(arvif->u.ap.tim_bitmap); i++) {
+- __le32 t = bcn_info->tim_info.tim_bitmap[i / 4];
+- u32 v = __le32_to_cpu(t);
+- arvif->u.ap.tim_bitmap[i] = (v >> ((i % 4) * 8)) & 0xFF;
+- }
++ dst = kzalloc(sizeof(*dst), GFP_ATOMIC);
++ if (!dst)
++ continue;
+
+- /* FW reports either length 0 or 16
+- * so we calculate this on our own */
+- arvif->u.ap.tim_len = 0;
+- for (i = 0; i < sizeof(arvif->u.ap.tim_bitmap); i++)
+- if (arvif->u.ap.tim_bitmap[i])
+- arvif->u.ap.tim_len = i;
++ ath10k_wmi_pull_pdev_stats_base(&src->base, dst);
++ ath10k_wmi_pull_pdev_stats_tx(&src->tx, dst);
++ ath10k_wmi_pull_pdev_stats_rx(&src->rx, dst);
++ ath10k_wmi_pull_pdev_stats_extra(&src->extra, dst);
+
+- arvif->u.ap.tim_len++;
++ list_add_tail(&dst->list, &stats->pdevs);
+ }
+
+- ies = bcn->data;
+- ies += ieee80211_hdrlen(hdr->frame_control);
+- ies += 12; /* fixed parameters */
++ /* fw doesn't implement vdev stats */
+
+- ie = (u8 *)cfg80211_find_ie(WLAN_EID_TIM, ies,
+- (u8 *)skb_tail_pointer(bcn) - ies);
+- if (!ie) {
+- if (arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
+- ath10k_warn("no tim ie found;\n");
+- return;
+- }
++ for (i = 0; i < num_peer_stats; i++) {
++ const struct wmi_10x_peer_stats *src;
++ struct ath10k_fw_stats_peer *dst;
+
+- tim = (void *)ie + 2;
+- ie_len = ie[1];
+- pvm_len = ie_len - 3; /* exclude dtim count, dtim period, bmap ctl */
++ src = (void *)skb->data;
++ if (!skb_pull(skb, sizeof(*src)))
++ return -EPROTO;
+
+- if (pvm_len < arvif->u.ap.tim_len) {
+- int expand_size = sizeof(arvif->u.ap.tim_bitmap) - pvm_len;
+- int move_size = skb_tail_pointer(bcn) - (ie + 2 + ie_len);
+- void *next_ie = ie + 2 + ie_len;
++ dst = kzalloc(sizeof(*dst), GFP_ATOMIC);
++ if (!dst)
++ continue;
+
+- if (skb_put(bcn, expand_size)) {
+- memmove(next_ie + expand_size, next_ie, move_size);
++ ath10k_wmi_pull_peer_stats(&src->old, dst);
+
+- ie[1] += expand_size;
+- ie_len += expand_size;
+- pvm_len += expand_size;
+- } else {
+- ath10k_warn("tim expansion failed\n");
+- }
+- }
++ dst->peer_rx_rate = __le32_to_cpu(src->peer_rx_rate);
+
+- if (pvm_len > sizeof(arvif->u.ap.tim_bitmap)) {
+- ath10k_warn("tim pvm length is too great (%d)\n", pvm_len);
+- return;
++ list_add_tail(&dst->list, &stats->peers);
+ }
+
+- tim->bitmap_ctrl = !!__le32_to_cpu(bcn_info->tim_info.tim_mcast);
+- memcpy(tim->virtual_map, arvif->u.ap.tim_bitmap, pvm_len);
++ return 0;
++}
+
+- if (tim->dtim_count == 0) {
+- ATH10K_SKB_CB(bcn)->bcn.dtim_zero = true;
++static int ath10k_wmi_10_2_op_pull_fw_stats(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct ath10k_fw_stats *stats)
++{
++ const struct wmi_10_2_stats_event *ev = (void *)skb->data;
++ u32 num_pdev_stats;
++ u32 num_pdev_ext_stats;
++ u32 num_vdev_stats;
++ u32 num_peer_stats;
++ int i;
+
+- if (__le32_to_cpu(bcn_info->tim_info.tim_mcast) == 1)
+- ATH10K_SKB_CB(bcn)->bcn.deliver_cab = true;
+- }
++ if (!skb_pull(skb, sizeof(*ev)))
++ return -EPROTO;
+
+- ath10k_dbg(ATH10K_DBG_MGMT, "dtim %d/%d mcast %d pvmlen %d\n",
+- tim->dtim_count, tim->dtim_period,
+- tim->bitmap_ctrl, pvm_len);
++ num_pdev_stats = __le32_to_cpu(ev->num_pdev_stats);
++ num_pdev_ext_stats = __le32_to_cpu(ev->num_pdev_ext_stats);
++ num_vdev_stats = __le32_to_cpu(ev->num_vdev_stats);
++ num_peer_stats = __le32_to_cpu(ev->num_peer_stats);
++
++ for (i = 0; i < num_pdev_stats; i++) {
++ const struct wmi_10_2_pdev_stats *src;
++ struct ath10k_fw_stats_pdev *dst;
++
++ src = (void *)skb->data;
++ if (!skb_pull(skb, sizeof(*src)))
++ return -EPROTO;
++
++ dst = kzalloc(sizeof(*dst), GFP_ATOMIC);
++ if (!dst)
++ continue;
++
++ ath10k_wmi_pull_pdev_stats_base(&src->base, dst);
++ ath10k_wmi_pull_pdev_stats_tx(&src->tx, dst);
++ ath10k_wmi_pull_pdev_stats_rx(&src->rx, dst);
++ ath10k_wmi_pull_pdev_stats_extra(&src->extra, dst);
++ /* FIXME: expose 10.2 specific values */
++
++ list_add_tail(&dst->list, &stats->pdevs);
++ }
++
++ for (i = 0; i < num_pdev_ext_stats; i++) {
++ const struct wmi_10_2_pdev_ext_stats *src;
++
++ src = (void *)skb->data;
++ if (!skb_pull(skb, sizeof(*src)))
++ return -EPROTO;
++
++ /* FIXME: expose values to userspace
++ *
++ * Note: Even though this loop seems to do nothing it is
++ * required to parse following sub-structures properly.
++ */
++ }
++
++ /* fw doesn't implement vdev stats */
++
++ for (i = 0; i < num_peer_stats; i++) {
++ const struct wmi_10_2_peer_stats *src;
++ struct ath10k_fw_stats_peer *dst;
++
++ src = (void *)skb->data;
++ if (!skb_pull(skb, sizeof(*src)))
++ return -EPROTO;
++
++ dst = kzalloc(sizeof(*dst), GFP_ATOMIC);
++ if (!dst)
++ continue;
++
++ ath10k_wmi_pull_peer_stats(&src->old, dst);
++
++ dst->peer_rx_rate = __le32_to_cpu(src->peer_rx_rate);
++ /* FIXME: expose 10.2 specific values */
++
++ list_add_tail(&dst->list, &stats->peers);
++ }
++
++ return 0;
++}
++
++static int ath10k_wmi_10_2_4_op_pull_fw_stats(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct ath10k_fw_stats *stats)
++{
++ const struct wmi_10_2_stats_event *ev = (void *)skb->data;
++ u32 num_pdev_stats;
++ u32 num_pdev_ext_stats;
++ u32 num_vdev_stats;
++ u32 num_peer_stats;
++ int i;
++
++ if (!skb_pull(skb, sizeof(*ev)))
++ return -EPROTO;
++
++ num_pdev_stats = __le32_to_cpu(ev->num_pdev_stats);
++ num_pdev_ext_stats = __le32_to_cpu(ev->num_pdev_ext_stats);
++ num_vdev_stats = __le32_to_cpu(ev->num_vdev_stats);
++ num_peer_stats = __le32_to_cpu(ev->num_peer_stats);
++
++ for (i = 0; i < num_pdev_stats; i++) {
++ const struct wmi_10_2_pdev_stats *src;
++ struct ath10k_fw_stats_pdev *dst;
++
++ src = (void *)skb->data;
++ if (!skb_pull(skb, sizeof(*src)))
++ return -EPROTO;
++
++ dst = kzalloc(sizeof(*dst), GFP_ATOMIC);
++ if (!dst)
++ continue;
++
++ ath10k_wmi_pull_pdev_stats_base(&src->base, dst);
++ ath10k_wmi_pull_pdev_stats_tx(&src->tx, dst);
++ ath10k_wmi_pull_pdev_stats_rx(&src->rx, dst);
++ ath10k_wmi_pull_pdev_stats_extra(&src->extra, dst);
++ /* FIXME: expose 10.2 specific values */
++
++ list_add_tail(&dst->list, &stats->pdevs);
++ }
++
++ for (i = 0; i < num_pdev_ext_stats; i++) {
++ const struct wmi_10_2_pdev_ext_stats *src;
++
++ src = (void *)skb->data;
++ if (!skb_pull(skb, sizeof(*src)))
++ return -EPROTO;
++
++ /* FIXME: expose values to userspace
++ *
++ * Note: Even though this loop seems to do nothing it is
++ * required to parse following sub-structures properly.
++ */
++ }
++
++ /* fw doesn't implement vdev stats */
++
++ for (i = 0; i < num_peer_stats; i++) {
++ const struct wmi_10_2_4_peer_stats *src;
++ struct ath10k_fw_stats_peer *dst;
++
++ src = (void *)skb->data;
++ if (!skb_pull(skb, sizeof(*src)))
++ return -EPROTO;
++
++ dst = kzalloc(sizeof(*dst), GFP_ATOMIC);
++ if (!dst)
++ continue;
++
++ ath10k_wmi_pull_peer_stats(&src->common.old, dst);
++
++ dst->peer_rx_rate = __le32_to_cpu(src->common.peer_rx_rate);
++ /* FIXME: expose 10.2 specific values */
++
++ list_add_tail(&dst->list, &stats->peers);
++ }
++
++ return 0;
++}
++
++void ath10k_wmi_event_update_stats(struct ath10k *ar, struct sk_buff *skb)
++{
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_UPDATE_STATS_EVENTID\n");
++ ath10k_debug_fw_stats_process(ar, skb);
++}
++
++static int
++ath10k_wmi_op_pull_vdev_start_ev(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_vdev_start_ev_arg *arg)
++{
++ struct wmi_vdev_start_response_event *ev = (void *)skb->data;
++
++ if (skb->len < sizeof(*ev))
++ return -EPROTO;
++
++ skb_pull(skb, sizeof(*ev));
++ arg->vdev_id = ev->vdev_id;
++ arg->req_id = ev->req_id;
++ arg->resp_type = ev->resp_type;
++ arg->status = ev->status;
++
++ return 0;
++}
++
++void ath10k_wmi_event_vdev_start_resp(struct ath10k *ar, struct sk_buff *skb)
++{
++ struct wmi_vdev_start_ev_arg arg = {};
++ int ret;
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_VDEV_START_RESP_EVENTID\n");
++
++ ret = ath10k_wmi_pull_vdev_start(ar, skb, &arg);
++ if (ret) {
++ ath10k_warn(ar, "failed to parse vdev start event: %d\n", ret);
++ return;
++ }
++
++ if (WARN_ON(__le32_to_cpu(arg.status)))
++ return;
++
++ complete(&ar->vdev_setup_done);
++}
++
++void ath10k_wmi_event_vdev_stopped(struct ath10k *ar, struct sk_buff *skb)
++{
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_VDEV_STOPPED_EVENTID\n");
++ complete(&ar->vdev_setup_done);
++}
++
++static int
++ath10k_wmi_op_pull_peer_kick_ev(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_peer_kick_ev_arg *arg)
++{
++ struct wmi_peer_sta_kickout_event *ev = (void *)skb->data;
++
++ if (skb->len < sizeof(*ev))
++ return -EPROTO;
++
++ skb_pull(skb, sizeof(*ev));
++ arg->mac_addr = ev->peer_macaddr.addr;
++
++ return 0;
++}
++
++void ath10k_wmi_event_peer_sta_kickout(struct ath10k *ar, struct sk_buff *skb)
++{
++ struct wmi_peer_kick_ev_arg arg = {};
++ struct ieee80211_sta *sta;
++ int ret;
++
++ ret = ath10k_wmi_pull_peer_kick(ar, skb, &arg);
++ if (ret) {
++ ath10k_warn(ar, "failed to parse peer kickout event: %d\n",
++ ret);
++ return;
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi event peer sta kickout %pM\n",
++ arg.mac_addr);
++
++ rcu_read_lock();
++
++ sta = ieee80211_find_sta_by_ifaddr(ar->hw, arg.mac_addr, NULL);
++ if (!sta) {
++ ath10k_warn(ar, "Spurious quick kickout for STA %pM\n",
++ arg.mac_addr);
++ goto exit;
++ }
++
++ ieee80211_report_low_ack(sta, 10);
++
++exit:
++ rcu_read_unlock();
++}
++
++/*
++ * FIXME
++ *
++ * We don't report to mac80211 sleep state of connected
++ * stations. Due to this mac80211 can't fill in TIM IE
++ * correctly.
++ *
++ * I know of no way of getting nullfunc frames that contain
++ * sleep transition from connected stations - these do not
++ * seem to be sent from the target to the host. There also
++ * doesn't seem to be a dedicated event for that. So the
++ * only way left to do this would be to read tim_bitmap
++ * during SWBA.
++ *
++ * We could probably try using tim_bitmap from SWBA to tell
++ * mac80211 which stations are asleep and which are not. The
++ * problem here is calling mac80211 functions so many times
++ * could take too long and make us miss the time to submit
++ * the beacon to the target.
++ *
++ * So as a workaround we try to extend the TIM IE if there
++ * is unicast buffered for stations with aid > 7 and fill it
++ * in ourselves.
++ */
++static void ath10k_wmi_update_tim(struct ath10k *ar,
++ struct ath10k_vif *arvif,
++ struct sk_buff *bcn,
++ const struct wmi_tim_info *tim_info)
++{
++ struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)bcn->data;
++ struct ieee80211_tim_ie *tim;
++ u8 *ies, *ie;
++ u8 ie_len, pvm_len;
++ __le32 t;
++ u32 v;
++
++ /* if next SWBA has no tim_changed the tim_bitmap is garbage.
++ * we must copy the bitmap upon change and reuse it later */
++ if (__le32_to_cpu(tim_info->tim_changed)) {
++ int i;
++
++ BUILD_BUG_ON(sizeof(arvif->u.ap.tim_bitmap) !=
++ sizeof(tim_info->tim_bitmap));
++
++ for (i = 0; i < sizeof(arvif->u.ap.tim_bitmap); i++) {
++ t = tim_info->tim_bitmap[i / 4];
++ v = __le32_to_cpu(t);
++ arvif->u.ap.tim_bitmap[i] = (v >> ((i % 4) * 8)) & 0xFF;
++ }
++
++ /* FW reports either length 0 or 16
++ * so we calculate this on our own */
++ arvif->u.ap.tim_len = 0;
++ for (i = 0; i < sizeof(arvif->u.ap.tim_bitmap); i++)
++ if (arvif->u.ap.tim_bitmap[i])
++ arvif->u.ap.tim_len = i;
++
++ arvif->u.ap.tim_len++;
++ }
++
++ ies = bcn->data;
++ ies += ieee80211_hdrlen(hdr->frame_control);
++ ies += 12; /* fixed parameters */
++
++ ie = (u8 *)cfg80211_find_ie(WLAN_EID_TIM, ies,
++ (u8 *)skb_tail_pointer(bcn) - ies);
++ if (!ie) {
++ if (arvif->vdev_type != WMI_VDEV_TYPE_IBSS)
++ ath10k_warn(ar, "no tim ie found;\n");
++ return;
++ }
++
++ tim = (void *)ie + 2;
++ ie_len = ie[1];
++ pvm_len = ie_len - 3; /* exclude dtim count, dtim period, bmap ctl */
++
++ if (pvm_len < arvif->u.ap.tim_len) {
++ int expand_size = sizeof(arvif->u.ap.tim_bitmap) - pvm_len;
++ int move_size = skb_tail_pointer(bcn) - (ie + 2 + ie_len);
++ void *next_ie = ie + 2 + ie_len;
++
++ if (skb_put(bcn, expand_size)) {
++ memmove(next_ie + expand_size, next_ie, move_size);
++
++ ie[1] += expand_size;
++ ie_len += expand_size;
++ pvm_len += expand_size;
++ } else {
++ ath10k_warn(ar, "tim expansion failed\n");
++ }
++ }
++
++ if (pvm_len > sizeof(arvif->u.ap.tim_bitmap)) {
++ ath10k_warn(ar, "tim pvm length is too great (%d)\n", pvm_len);
++ return;
++ }
++
++ tim->bitmap_ctrl = !!__le32_to_cpu(tim_info->tim_mcast);
++ memcpy(tim->virtual_map, arvif->u.ap.tim_bitmap, pvm_len);
++
++ if (tim->dtim_count == 0) {
++ ATH10K_SKB_CB(bcn)->bcn.dtim_zero = true;
++
++ if (__le32_to_cpu(tim_info->tim_mcast) == 1)
++ ATH10K_SKB_CB(bcn)->bcn.deliver_cab = true;
++ }
++
++ ath10k_dbg(ar, ATH10K_DBG_MGMT, "dtim %d/%d mcast %d pvmlen %d\n",
++ tim->dtim_count, tim->dtim_period,
++ tim->bitmap_ctrl, pvm_len);
+ }
+
+ static void ath10k_p2p_fill_noa_ie(u8 *data, u32 len,
+- struct wmi_p2p_noa_info *noa)
++ const struct wmi_p2p_noa_info *noa)
+ {
+ struct ieee80211_p2p_noa_attr *noa_attr;
+ u8 ctwindow_oppps = noa->ctwindow_oppps;
+@@ -1287,14 +2319,13 @@ static void ath10k_p2p_fill_noa_ie(u8 *d
+ *noa_attr_len = __cpu_to_le16(attr_len);
+ }
+
+-static u32 ath10k_p2p_calc_noa_ie_len(struct wmi_p2p_noa_info *noa)
++static u32 ath10k_p2p_calc_noa_ie_len(const struct wmi_p2p_noa_info *noa)
+ {
+ u32 len = 0;
+ u8 noa_descriptors = noa->num_descriptors;
+ u8 opp_ps_info = noa->ctwindow_oppps;
+ bool opps_enabled = !!(opp_ps_info & WMI_P2P_OPPPS_ENABLE_BIT);
+
+-
+ if (!noa_descriptors && !opps_enabled)
+ return len;
+
+@@ -1308,16 +2339,15 @@ static u32 ath10k_p2p_calc_noa_ie_len(st
+
+ static void ath10k_wmi_update_noa(struct ath10k *ar, struct ath10k_vif *arvif,
+ struct sk_buff *bcn,
+- struct wmi_bcn_info *bcn_info)
++ const struct wmi_p2p_noa_info *noa)
+ {
+- struct wmi_p2p_noa_info *noa = &bcn_info->p2p_noa_info;
+ u8 *new_data, *old_data = arvif->u.ap.noa_data;
+ u32 new_len;
+
+ if (arvif->vdev_subtype != WMI_VDEV_SUBTYPE_P2P_GO)
+ return;
+
+- ath10k_dbg(ATH10K_DBG_MGMT, "noa changed: %d\n", noa->changed);
++ ath10k_dbg(ar, ATH10K_DBG_MGMT, "noa changed: %d\n", noa->changed);
+ if (noa->changed & WMI_P2P_NOA_CHANGED_BIT) {
+ new_len = ath10k_p2p_calc_noa_ie_len(noa);
+ if (!new_len)
+@@ -1351,22 +2381,59 @@ cleanup:
+ kfree(old_data);
+ }
+
++static int ath10k_wmi_op_pull_swba_ev(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_swba_ev_arg *arg)
++{
++ struct wmi_host_swba_event *ev = (void *)skb->data;
++ u32 map;
++ size_t i;
++
++ if (skb->len < sizeof(*ev))
++ return -EPROTO;
++
++ skb_pull(skb, sizeof(*ev));
++ arg->vdev_map = ev->vdev_map;
++
++ for (i = 0, map = __le32_to_cpu(ev->vdev_map); map; map >>= 1) {
++ if (!(map & BIT(0)))
++ continue;
++
++ /* If this happens there were some changes in firmware and
++ * ath10k should update the max size of tim_info array.
++ */
++ if (WARN_ON_ONCE(i == ARRAY_SIZE(arg->tim_info)))
++ break;
++
++ arg->tim_info[i] = &ev->bcn_info[i].tim_info;
++ arg->noa_info[i] = &ev->bcn_info[i].p2p_noa_info;
++ i++;
++ }
++
++ return 0;
++}
+
+-static void ath10k_wmi_event_host_swba(struct ath10k *ar, struct sk_buff *skb)
++void ath10k_wmi_event_host_swba(struct ath10k *ar, struct sk_buff *skb)
+ {
+- struct wmi_host_swba_event *ev;
++ struct wmi_swba_ev_arg arg = {};
+ u32 map;
+ int i = -1;
+- struct wmi_bcn_info *bcn_info;
++ const struct wmi_tim_info *tim_info;
++ const struct wmi_p2p_noa_info *noa_info;
+ struct ath10k_vif *arvif;
+ struct sk_buff *bcn;
++ dma_addr_t paddr;
+ int ret, vdev_id = 0;
+
+- ev = (struct wmi_host_swba_event *)skb->data;
+- map = __le32_to_cpu(ev->vdev_map);
++ ret = ath10k_wmi_pull_swba(ar, skb, &arg);
++ if (ret) {
++ ath10k_warn(ar, "failed to parse swba event: %d\n", ret);
++ return;
++ }
++
++ map = __le32_to_cpu(arg.vdev_map);
+
+- ath10k_dbg(ATH10K_DBG_MGMT, "mgmt swba vdev_map 0x%x\n",
+- ev->vdev_map);
++ ath10k_dbg(ar, ATH10K_DBG_MGMT, "mgmt swba vdev_map 0x%x\n",
++ map);
+
+ for (; map; map >>= 1, vdev_id++) {
+ if (!(map & 0x1))
+@@ -1375,27 +2442,29 @@ static void ath10k_wmi_event_host_swba(s
+ i++;
+
+ if (i >= WMI_MAX_AP_VDEV) {
+- ath10k_warn("swba has corrupted vdev map\n");
++ ath10k_warn(ar, "swba has corrupted vdev map\n");
+ break;
+ }
+
+- bcn_info = &ev->bcn_info[i];
++ tim_info = arg.tim_info[i];
++ noa_info = arg.noa_info[i];
+
+- ath10k_dbg(ATH10K_DBG_MGMT,
++ ath10k_dbg(ar, ATH10K_DBG_MGMT,
+ "mgmt event bcn_info %d tim_len %d mcast %d changed %d num_ps_pending %d bitmap 0x%08x%08x%08x%08x\n",
+ i,
+- __le32_to_cpu(bcn_info->tim_info.tim_len),
+- __le32_to_cpu(bcn_info->tim_info.tim_mcast),
+- __le32_to_cpu(bcn_info->tim_info.tim_changed),
+- __le32_to_cpu(bcn_info->tim_info.tim_num_ps_pending),
+- __le32_to_cpu(bcn_info->tim_info.tim_bitmap[3]),
+- __le32_to_cpu(bcn_info->tim_info.tim_bitmap[2]),
+- __le32_to_cpu(bcn_info->tim_info.tim_bitmap[1]),
+- __le32_to_cpu(bcn_info->tim_info.tim_bitmap[0]));
++ __le32_to_cpu(tim_info->tim_len),
++ __le32_to_cpu(tim_info->tim_mcast),
++ __le32_to_cpu(tim_info->tim_changed),
++ __le32_to_cpu(tim_info->tim_num_ps_pending),
++ __le32_to_cpu(tim_info->tim_bitmap[3]),
++ __le32_to_cpu(tim_info->tim_bitmap[2]),
++ __le32_to_cpu(tim_info->tim_bitmap[1]),
++ __le32_to_cpu(tim_info->tim_bitmap[0]));
+
+ arvif = ath10k_get_arvif(ar, vdev_id);
+ if (arvif == NULL) {
+- ath10k_warn("no vif for vdev_id %d found\n", vdev_id);
++ ath10k_warn(ar, "no vif for vdev_id %d found\n",
++ vdev_id);
+ continue;
+ }
+
+@@ -1412,57 +2481,77 @@ static void ath10k_wmi_event_host_swba(s
+
+ bcn = ieee80211_beacon_get(ar->hw, arvif->vif);
+ if (!bcn) {
+- ath10k_warn("could not get mac80211 beacon\n");
++ ath10k_warn(ar, "could not get mac80211 beacon\n");
+ continue;
+ }
+
+- ath10k_tx_h_seq_no(bcn);
+- ath10k_wmi_update_tim(ar, arvif, bcn, bcn_info);
+- ath10k_wmi_update_noa(ar, arvif, bcn, bcn_info);
++ ath10k_tx_h_seq_no(arvif->vif, bcn);
++ ath10k_wmi_update_tim(ar, arvif, bcn, tim_info);
++ ath10k_wmi_update_noa(ar, arvif, bcn, noa_info);
+
+ spin_lock_bh(&ar->data_lock);
+
+ if (arvif->beacon) {
+- if (!arvif->beacon_sent)
+- ath10k_warn("SWBA overrun on vdev %d\n",
++ switch (arvif->beacon_state) {
++ case ATH10K_BEACON_SENT:
++ break;
++ case ATH10K_BEACON_SCHEDULED:
++ ath10k_warn(ar, "SWBA overrun on vdev %d, skipped old beacon\n",
+ arvif->vdev_id);
++ break;
++ case ATH10K_BEACON_SENDING:
++ ath10k_warn(ar, "SWBA overrun on vdev %d, skipped new beacon\n",
++ arvif->vdev_id);
++ dev_kfree_skb(bcn);
++ goto skip;
++ }
+
+- dma_unmap_single(arvif->ar->dev,
+- ATH10K_SKB_CB(arvif->beacon)->paddr,
+- arvif->beacon->len, DMA_TO_DEVICE);
+- dev_kfree_skb_any(arvif->beacon);
+- arvif->beacon = NULL;
++ ath10k_mac_vif_beacon_free(arvif);
+ }
+
+- ATH10K_SKB_CB(bcn)->paddr = dma_map_single(arvif->ar->dev,
+- bcn->data, bcn->len,
+- DMA_TO_DEVICE);
+- ret = dma_mapping_error(arvif->ar->dev,
+- ATH10K_SKB_CB(bcn)->paddr);
+- if (ret) {
+- ath10k_warn("failed to map beacon: %d\n", ret);
+- dev_kfree_skb_any(bcn);
+- goto skip;
++ if (!arvif->beacon_buf) {
++ paddr = dma_map_single(arvif->ar->dev, bcn->data,
++ bcn->len, DMA_TO_DEVICE);
++ ret = dma_mapping_error(arvif->ar->dev, paddr);
++ if (ret) {
++ ath10k_warn(ar, "failed to map beacon: %d\n",
++ ret);
++ dev_kfree_skb_any(bcn);
++ goto skip;
++ }
++
++ ATH10K_SKB_CB(bcn)->paddr = paddr;
++ } else {
++ if (bcn->len > IEEE80211_MAX_FRAME_LEN) {
++ ath10k_warn(ar, "trimming beacon %d -> %d bytes!\n",
++ bcn->len, IEEE80211_MAX_FRAME_LEN);
++ skb_trim(bcn, IEEE80211_MAX_FRAME_LEN);
++ }
++ memcpy(arvif->beacon_buf, bcn->data, bcn->len);
++ ATH10K_SKB_CB(bcn)->paddr = arvif->beacon_paddr;
+ }
+
+ arvif->beacon = bcn;
+- arvif->beacon_sent = false;
++ arvif->beacon_state = ATH10K_BEACON_SCHEDULED;
++
++ trace_ath10k_tx_hdr(ar, bcn->data, bcn->len);
++ trace_ath10k_tx_payload(ar, bcn->data, bcn->len);
+
+- ath10k_wmi_tx_beacon_nowait(arvif);
+ skip:
+ spin_unlock_bh(&ar->data_lock);
+ }
++
++ ath10k_wmi_tx_beacons_nowait(ar);
+ }
+
+-static void ath10k_wmi_event_tbttoffset_update(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_tbttoffset_update(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_TBTTOFFSET_UPDATE_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_TBTTOFFSET_UPDATE_EVENTID\n");
+ }
+
+ static void ath10k_dfs_radar_report(struct ath10k *ar,
+- struct wmi_single_phyerr_rx_event *event,
+- struct phyerr_radar_report *rr,
++ const struct wmi_phyerr *phyerr,
++ const struct phyerr_radar_report *rr,
+ u64 tsf)
+ {
+ u32 reg0, reg1, tsf32l;
+@@ -1473,20 +2562,20 @@ static void ath10k_dfs_radar_report(stru
+ reg0 = __le32_to_cpu(rr->reg0);
+ reg1 = __le32_to_cpu(rr->reg1);
+
+- ath10k_dbg(ATH10K_DBG_REGULATORY,
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY,
+ "wmi phyerr radar report chirp %d max_width %d agc_total_gain %d pulse_delta_diff %d\n",
+ MS(reg0, RADAR_REPORT_REG0_PULSE_IS_CHIRP),
+ MS(reg0, RADAR_REPORT_REG0_PULSE_IS_MAX_WIDTH),
+ MS(reg0, RADAR_REPORT_REG0_AGC_TOTAL_GAIN),
+ MS(reg0, RADAR_REPORT_REG0_PULSE_DELTA_DIFF));
+- ath10k_dbg(ATH10K_DBG_REGULATORY,
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY,
+ "wmi phyerr radar report pulse_delta_pean %d pulse_sidx %d fft_valid %d agc_mb_gain %d subchan_mask %d\n",
+ MS(reg0, RADAR_REPORT_REG0_PULSE_DELTA_PEAK),
+ MS(reg0, RADAR_REPORT_REG0_PULSE_SIDX),
+ MS(reg1, RADAR_REPORT_REG1_PULSE_SRCH_FFT_VALID),
+ MS(reg1, RADAR_REPORT_REG1_PULSE_AGC_MB_GAIN),
+ MS(reg1, RADAR_REPORT_REG1_PULSE_SUBCHAN_MASK));
+- ath10k_dbg(ATH10K_DBG_REGULATORY,
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY,
+ "wmi phyerr radar report pulse_tsf_offset 0x%X pulse_dur: %d\n",
+ MS(reg1, RADAR_REPORT_REG1_PULSE_TSF_OFFSET),
+ MS(reg1, RADAR_REPORT_REG1_PULSE_DUR));
+@@ -1495,12 +2584,12 @@ static void ath10k_dfs_radar_report(stru
+ return;
+
+ /* report event to DFS pattern detector */
+- tsf32l = __le32_to_cpu(event->hdr.tsf_timestamp);
++ tsf32l = __le32_to_cpu(phyerr->tsf_timestamp);
+ tsf64 = tsf & (~0xFFFFFFFFULL);
+ tsf64 |= tsf32l;
+
+ width = MS(reg1, RADAR_REPORT_REG1_PULSE_DUR);
+- rssi = event->hdr.rssi_combined;
++ rssi = phyerr->rssi_combined;
+
+ /* hardware store this as 8 bit signed value,
+ * set to zero if negative number
+@@ -1513,25 +2602,25 @@ static void ath10k_dfs_radar_report(stru
+ pe.width = width;
+ pe.rssi = rssi;
+
+- ath10k_dbg(ATH10K_DBG_REGULATORY,
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY,
+ "dfs add pulse freq: %d, width: %d, rssi %d, tsf: %llX\n",
+ pe.freq, pe.width, pe.rssi, pe.ts);
+
+ ATH10K_DFS_STAT_INC(ar, pulses_detected);
+
+ if (!ar->dfs_detector->add_pulse(ar->dfs_detector, &pe)) {
+- ath10k_dbg(ATH10K_DBG_REGULATORY,
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY,
+ "dfs no pulse pattern detected, yet\n");
+ return;
+ }
+
+- ath10k_dbg(ATH10K_DBG_REGULATORY, "dfs radar detected\n");
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs radar detected\n");
+ ATH10K_DFS_STAT_INC(ar, radar_detected);
+
+ /* Control radar events reporting in debugfs file
+ dfs_block_radar_events */
+ if (ar->dfs_block_radar_events) {
+- ath10k_info("DFS Radar detected, but ignored as requested\n");
++ ath10k_info(ar, "DFS Radar detected, but ignored as requested\n");
+ return;
+ }
+
+@@ -1539,8 +2628,8 @@ static void ath10k_dfs_radar_report(stru
+ }
+
+ static int ath10k_dfs_fft_report(struct ath10k *ar,
+- struct wmi_single_phyerr_rx_event *event,
+- struct phyerr_fft_report *fftr,
++ const struct wmi_phyerr *phyerr,
++ const struct phyerr_fft_report *fftr,
+ u64 tsf)
+ {
+ u32 reg0, reg1;
+@@ -1548,15 +2637,15 @@ static int ath10k_dfs_fft_report(struct
+
+ reg0 = __le32_to_cpu(fftr->reg0);
+ reg1 = __le32_to_cpu(fftr->reg1);
+- rssi = event->hdr.rssi_combined;
++ rssi = phyerr->rssi_combined;
+
+- ath10k_dbg(ATH10K_DBG_REGULATORY,
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY,
+ "wmi phyerr fft report total_gain_db %d base_pwr_db %d fft_chn_idx %d peak_sidx %d\n",
+ MS(reg0, SEARCH_FFT_REPORT_REG0_TOTAL_GAIN_DB),
+ MS(reg0, SEARCH_FFT_REPORT_REG0_BASE_PWR_DB),
+ MS(reg0, SEARCH_FFT_REPORT_REG0_FFT_CHN_IDX),
+ MS(reg0, SEARCH_FFT_REPORT_REG0_PEAK_SIDX));
+- ath10k_dbg(ATH10K_DBG_REGULATORY,
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY,
+ "wmi phyerr fft report rel_pwr_db %d avgpwr_db %d peak_mag %d num_store_bin %d\n",
+ MS(reg1, SEARCH_FFT_REPORT_REG1_RELPWR_DB),
+ MS(reg1, SEARCH_FFT_REPORT_REG1_AVGPWR_DB),
+@@ -1568,7 +2657,7 @@ static int ath10k_dfs_fft_report(struct
+ /* false event detection */
+ if (rssi == DFS_RSSI_POSSIBLY_FALSE &&
+ peak_mag < 2 * DFS_PEAK_MAG_THOLD_POSSIBLY_FALSE) {
+- ath10k_dbg(ATH10K_DBG_REGULATORY, "dfs false pulse detected\n");
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY, "dfs false pulse detected\n");
+ ATH10K_DFS_STAT_INC(ar, pulses_discarded);
+ return -EINVAL;
+ }
+@@ -1576,21 +2665,21 @@ static int ath10k_dfs_fft_report(struct
+ return 0;
+ }
+
+-static void ath10k_wmi_event_dfs(struct ath10k *ar,
+- struct wmi_single_phyerr_rx_event *event,
+- u64 tsf)
++void ath10k_wmi_event_dfs(struct ath10k *ar,
++ const struct wmi_phyerr *phyerr,
++ u64 tsf)
+ {
+ int buf_len, tlv_len, res, i = 0;
+- struct phyerr_tlv *tlv;
+- struct phyerr_radar_report *rr;
+- struct phyerr_fft_report *fftr;
+- u8 *tlv_buf;
++ const struct phyerr_tlv *tlv;
++ const struct phyerr_radar_report *rr;
++ const struct phyerr_fft_report *fftr;
++ const u8 *tlv_buf;
+
+- buf_len = __le32_to_cpu(event->hdr.buf_len);
+- ath10k_dbg(ATH10K_DBG_REGULATORY,
++ buf_len = __le32_to_cpu(phyerr->buf_len);
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY,
+ "wmi event dfs err_code %d rssi %d tsfl 0x%X tsf64 0x%llX len %d\n",
+- event->hdr.phy_err_code, event->hdr.rssi_combined,
+- __le32_to_cpu(event->hdr.tsf_timestamp), tsf, buf_len);
++ phyerr->phy_err_code, phyerr->rssi_combined,
++ __le32_to_cpu(phyerr->tsf_timestamp), tsf, buf_len);
+
+ /* Skip event if DFS disabled */
+ if (!config_enabled(CPTCFG_ATH10K_DFS_CERTIFIED))
+@@ -1600,36 +2689,38 @@ static void ath10k_wmi_event_dfs(struct
+
+ while (i < buf_len) {
+ if (i + sizeof(*tlv) > buf_len) {
+- ath10k_warn("too short buf for tlv header (%d)\n", i);
++ ath10k_warn(ar, "too short buf for tlv header (%d)\n",
++ i);
+ return;
+ }
+
+- tlv = (struct phyerr_tlv *)&event->bufp[i];
++ tlv = (struct phyerr_tlv *)&phyerr->buf[i];
+ tlv_len = __le16_to_cpu(tlv->len);
+- tlv_buf = &event->bufp[i + sizeof(*tlv)];
+- ath10k_dbg(ATH10K_DBG_REGULATORY,
++ tlv_buf = &phyerr->buf[i + sizeof(*tlv)];
++ ath10k_dbg(ar, ATH10K_DBG_REGULATORY,
+ "wmi event dfs tlv_len %d tlv_tag 0x%02X tlv_sig 0x%02X\n",
+ tlv_len, tlv->tag, tlv->sig);
+
+ switch (tlv->tag) {
+ case PHYERR_TLV_TAG_RADAR_PULSE_SUMMARY:
+ if (i + sizeof(*tlv) + sizeof(*rr) > buf_len) {
+- ath10k_warn("too short radar pulse summary (%d)\n",
++ ath10k_warn(ar, "too short radar pulse summary (%d)\n",
+ i);
+ return;
+ }
+
+ rr = (struct phyerr_radar_report *)tlv_buf;
+- ath10k_dfs_radar_report(ar, event, rr, tsf);
++ ath10k_dfs_radar_report(ar, phyerr, rr, tsf);
+ break;
+ case PHYERR_TLV_TAG_SEARCH_FFT_REPORT:
+ if (i + sizeof(*tlv) + sizeof(*fftr) > buf_len) {
+- ath10k_warn("too short fft report (%d)\n", i);
++ ath10k_warn(ar, "too short fft report (%d)\n",
++ i);
+ return;
+ }
+
+ fftr = (struct phyerr_fft_report *)tlv_buf;
+- res = ath10k_dfs_fft_report(ar, event, fftr, tsf);
++ res = ath10k_dfs_fft_report(ar, phyerr, fftr, tsf);
+ if (res)
+ return;
+ break;
+@@ -1639,58 +2730,122 @@ static void ath10k_wmi_event_dfs(struct
+ }
+ }
+
+-static void ath10k_wmi_event_spectral_scan(struct ath10k *ar,
+- struct wmi_single_phyerr_rx_event *event,
+- u64 tsf)
+-{
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi event spectral scan\n");
+-}
+-
+-static void ath10k_wmi_event_phyerr(struct ath10k *ar, struct sk_buff *skb)
++void ath10k_wmi_event_spectral_scan(struct ath10k *ar,
++ const struct wmi_phyerr *phyerr,
++ u64 tsf)
+ {
+- struct wmi_comb_phyerr_rx_event *comb_event;
+- struct wmi_single_phyerr_rx_event *event;
+- u32 count, i, buf_len, phy_err_code;
+- u64 tsf;
+- int left_len = skb->len;
+-
+- ATH10K_DFS_STAT_INC(ar, phy_errors);
+-
+- /* Check if combined event available */
+- if (left_len < sizeof(*comb_event)) {
+- ath10k_warn("wmi phyerr combined event wrong len\n");
+- return;
+- }
+-
+- left_len -= sizeof(*comb_event);
++ int buf_len, tlv_len, res, i = 0;
++ struct phyerr_tlv *tlv;
++ const void *tlv_buf;
++ const struct phyerr_fft_report *fftr;
++ size_t fftr_len;
+
+- /* Check number of included events */
+- comb_event = (struct wmi_comb_phyerr_rx_event *)skb->data;
+- count = __le32_to_cpu(comb_event->hdr.num_phyerr_events);
++ buf_len = __le32_to_cpu(phyerr->buf_len);
+
+- tsf = __le32_to_cpu(comb_event->hdr.tsf_u32);
+- tsf <<= 32;
+- tsf |= __le32_to_cpu(comb_event->hdr.tsf_l32);
++ while (i < buf_len) {
++ if (i + sizeof(*tlv) > buf_len) {
++ ath10k_warn(ar, "failed to parse phyerr tlv header at byte %d\n",
++ i);
++ return;
++ }
+
+- ath10k_dbg(ATH10K_DBG_WMI,
+- "wmi event phyerr count %d tsf64 0x%llX\n",
+- count, tsf);
++ tlv = (struct phyerr_tlv *)&phyerr->buf[i];
++ tlv_len = __le16_to_cpu(tlv->len);
++ tlv_buf = &phyerr->buf[i + sizeof(*tlv)];
+
+- event = (struct wmi_single_phyerr_rx_event *)comb_event->bufp;
+- for (i = 0; i < count; i++) {
+- /* Check if we can read event header */
+- if (left_len < sizeof(*event)) {
+- ath10k_warn("single event (%d) wrong head len\n", i);
++ if (i + sizeof(*tlv) + tlv_len > buf_len) {
++ ath10k_warn(ar, "failed to parse phyerr tlv payload at byte %d\n",
++ i);
+ return;
+ }
+
+- left_len -= sizeof(*event);
+-
+- buf_len = __le32_to_cpu(event->hdr.buf_len);
+- phy_err_code = event->hdr.phy_err_code;
++ switch (tlv->tag) {
++ case PHYERR_TLV_TAG_SEARCH_FFT_REPORT:
++ if (sizeof(*fftr) > tlv_len) {
++ ath10k_warn(ar, "failed to parse fft report at byte %d\n",
++ i);
++ return;
++ }
++
++ fftr_len = tlv_len - sizeof(*fftr);
++ fftr = tlv_buf;
++ res = ath10k_spectral_process_fft(ar, phyerr,
++ fftr, fftr_len,
++ tsf);
++ if (res < 0) {
++ ath10k_warn(ar, "failed to process fft report: %d\n",
++ res);
++ return;
++ }
++ break;
++ }
++
++ i += sizeof(*tlv) + tlv_len;
++ }
++}
++
++static int ath10k_wmi_op_pull_phyerr_ev(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_phyerr_ev_arg *arg)
++{
++ struct wmi_phyerr_event *ev = (void *)skb->data;
++
++ if (skb->len < sizeof(*ev))
++ return -EPROTO;
++
++ arg->num_phyerrs = ev->num_phyerrs;
++ arg->tsf_l32 = ev->tsf_l32;
++ arg->tsf_u32 = ev->tsf_u32;
++ arg->buf_len = __cpu_to_le32(skb->len - sizeof(*ev));
++ arg->phyerrs = ev->phyerrs;
++
++ return 0;
++}
++
++void ath10k_wmi_event_phyerr(struct ath10k *ar, struct sk_buff *skb)
++{
++ struct wmi_phyerr_ev_arg arg = {};
++ const struct wmi_phyerr *phyerr;
++ u32 count, i, buf_len, phy_err_code;
++ u64 tsf;
++ int left_len, ret;
++
++ ATH10K_DFS_STAT_INC(ar, phy_errors);
++
++ ret = ath10k_wmi_pull_phyerr(ar, skb, &arg);
++ if (ret) {
++ ath10k_warn(ar, "failed to parse phyerr event: %d\n", ret);
++ return;
++ }
++
++ left_len = __le32_to_cpu(arg.buf_len);
++
++ /* Check number of included events */
++ count = __le32_to_cpu(arg.num_phyerrs);
++
++ tsf = __le32_to_cpu(arg.tsf_u32);
++ tsf <<= 32;
++ tsf |= __le32_to_cpu(arg.tsf_l32);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi event phyerr count %d tsf64 0x%llX\n",
++ count, tsf);
++
++ phyerr = arg.phyerrs;
++ for (i = 0; i < count; i++) {
++ /* Check if we can read event header */
++ if (left_len < sizeof(*phyerr)) {
++ ath10k_warn(ar, "single event (%d) wrong head len\n",
++ i);
++ return;
++ }
++
++ left_len -= sizeof(*phyerr);
++
++ buf_len = __le32_to_cpu(phyerr->buf_len);
++ phy_err_code = phyerr->phy_err_code;
+
+ if (left_len < buf_len) {
+- ath10k_warn("single event (%d) wrong buf len\n", i);
++ ath10k_warn(ar, "single event (%d) wrong buf len\n", i);
+ return;
+ }
+
+@@ -1698,36 +2853,34 @@ static void ath10k_wmi_event_phyerr(stru
+
+ switch (phy_err_code) {
+ case PHY_ERROR_RADAR:
+- ath10k_wmi_event_dfs(ar, event, tsf);
++ ath10k_wmi_event_dfs(ar, phyerr, tsf);
+ break;
+ case PHY_ERROR_SPECTRAL_SCAN:
+- ath10k_wmi_event_spectral_scan(ar, event, tsf);
++ ath10k_wmi_event_spectral_scan(ar, phyerr, tsf);
+ break;
+ case PHY_ERROR_FALSE_RADAR_EXT:
+- ath10k_wmi_event_dfs(ar, event, tsf);
+- ath10k_wmi_event_spectral_scan(ar, event, tsf);
++ ath10k_wmi_event_dfs(ar, phyerr, tsf);
++ ath10k_wmi_event_spectral_scan(ar, phyerr, tsf);
+ break;
+ default:
+ break;
+ }
+
+- event += sizeof(*event) + buf_len;
++ phyerr = (void *)phyerr + sizeof(*phyerr) + buf_len;
+ }
+ }
+
+-static void ath10k_wmi_event_roam(struct ath10k *ar, struct sk_buff *skb)
++void ath10k_wmi_event_roam(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_ROAM_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_ROAM_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_profile_match(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_profile_match(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_PROFILE_MATCH\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_PROFILE_MATCH\n");
+ }
+
+-static void ath10k_wmi_event_debug_print(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_debug_print(struct ath10k *ar, struct sk_buff *skb)
+ {
+ char buf[101], c;
+ int i;
+@@ -1748,7 +2901,7 @@ static void ath10k_wmi_event_debug_print
+ }
+
+ if (i == sizeof(buf) - 1)
+- ath10k_warn("wmi debug print truncated: %d\n", skb->len);
++ ath10k_warn(ar, "wmi debug print truncated: %d\n", skb->len);
+
+ /* for some reason the debug prints end with \n, remove that */
+ if (skb->data[i - 1] == '\n')
+@@ -1757,112 +2910,99 @@ static void ath10k_wmi_event_debug_print
+ /* the last byte is always reserved for the null character */
+ buf[i] = '\0';
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi event debug print '%s'\n", buf);
++ ath10k_dbg(ar, ATH10K_DBG_WMI_PRINT, "wmi print '%s'\n", buf);
+ }
+
+-static void ath10k_wmi_event_pdev_qvit(struct ath10k *ar, struct sk_buff *skb)
++void ath10k_wmi_event_pdev_qvit(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_PDEV_QVIT_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_PDEV_QVIT_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_wlan_profile_data(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_wlan_profile_data(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_WLAN_PROFILE_DATA_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_WLAN_PROFILE_DATA_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_rtt_measurement_report(struct ath10k *ar,
++void ath10k_wmi_event_rtt_measurement_report(struct ath10k *ar,
+ struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_RTT_MEASUREMENT_REPORT_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_RTT_MEASUREMENT_REPORT_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_tsf_measurement_report(struct ath10k *ar,
++void ath10k_wmi_event_tsf_measurement_report(struct ath10k *ar,
+ struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_TSF_MEASUREMENT_REPORT_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_TSF_MEASUREMENT_REPORT_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_rtt_error_report(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_rtt_error_report(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_RTT_ERROR_REPORT_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_RTT_ERROR_REPORT_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_wow_wakeup_host(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_wow_wakeup_host(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_WOW_WAKEUP_HOST_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_WOW_WAKEUP_HOST_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_dcs_interference(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_dcs_interference(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_DCS_INTERFERENCE_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_DCS_INTERFERENCE_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_pdev_tpc_config(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_pdev_tpc_config(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_PDEV_TPC_CONFIG_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_PDEV_TPC_CONFIG_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_pdev_ftm_intg(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_pdev_ftm_intg(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_PDEV_FTM_INTG_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_PDEV_FTM_INTG_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_gtk_offload_status(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_gtk_offload_status(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_GTK_OFFLOAD_STATUS_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_GTK_OFFLOAD_STATUS_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_gtk_rekey_fail(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_gtk_rekey_fail(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_GTK_REKEY_FAIL_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_GTK_REKEY_FAIL_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_delba_complete(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_delba_complete(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_TX_DELBA_COMPLETE_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_TX_DELBA_COMPLETE_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_addba_complete(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_addba_complete(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_TX_ADDBA_COMPLETE_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_TX_ADDBA_COMPLETE_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_vdev_install_key_complete(struct ath10k *ar,
++void ath10k_wmi_event_vdev_install_key_complete(struct ath10k *ar,
+ struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_VDEV_INSTALL_KEY_COMPLETE_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_VDEV_INSTALL_KEY_COMPLETE_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_inst_rssi_stats(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_inst_rssi_stats(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_INST_RSSI_STATS_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_INST_RSSI_STATS_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_vdev_standby_req(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_vdev_standby_req(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_VDEV_STANDBY_REQ_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_VDEV_STANDBY_REQ_EVENTID\n");
+ }
+
+-static void ath10k_wmi_event_vdev_resume_req(struct ath10k *ar,
+- struct sk_buff *skb)
++void ath10k_wmi_event_vdev_resume_req(struct ath10k *ar, struct sk_buff *skb)
+ {
+- ath10k_dbg(ATH10K_DBG_WMI, "WMI_VDEV_RESUME_REQ_EVENTID\n");
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "WMI_VDEV_RESUME_REQ_EVENTID\n");
+ }
+
+ static int ath10k_wmi_alloc_host_mem(struct ath10k *ar, u32 req_id,
+- u32 num_units, u32 unit_len)
++ u32 num_units, u32 unit_len)
+ {
+ dma_addr_t paddr;
+ u32 pool_size;
+@@ -1878,7 +3018,7 @@ static int ath10k_wmi_alloc_host_mem(str
+ &paddr,
+ GFP_ATOMIC);
+ if (!ar->wmi.mem_chunks[idx].vaddr) {
+- ath10k_warn("failed to allocate memory chunk\n");
++ ath10k_warn(ar, "failed to allocate memory chunk\n");
+ return -ENOMEM;
+ }
+
+@@ -1892,45 +3032,124 @@ static int ath10k_wmi_alloc_host_mem(str
+ return 0;
+ }
+
+-static void ath10k_wmi_service_ready_event_rx(struct ath10k *ar,
+- struct sk_buff *skb)
++static int
++ath10k_wmi_main_op_pull_svc_rdy_ev(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_svc_rdy_ev_arg *arg)
++{
++ struct wmi_service_ready_event *ev;
++ size_t i, n;
++
++ if (skb->len < sizeof(*ev))
++ return -EPROTO;
++
++ ev = (void *)skb->data;
++ skb_pull(skb, sizeof(*ev));
++ arg->min_tx_power = ev->hw_min_tx_power;
++ arg->max_tx_power = ev->hw_max_tx_power;
++ arg->ht_cap = ev->ht_cap_info;
++ arg->vht_cap = ev->vht_cap_info;
++ arg->sw_ver0 = ev->sw_version;
++ arg->sw_ver1 = ev->sw_version_1;
++ arg->phy_capab = ev->phy_capability;
++ arg->num_rf_chains = ev->num_rf_chains;
++ arg->eeprom_rd = ev->hal_reg_capabilities.eeprom_rd;
++ arg->num_mem_reqs = ev->num_mem_reqs;
++ arg->service_map = ev->wmi_service_bitmap;
++ arg->service_map_len = sizeof(ev->wmi_service_bitmap);
++
++ n = min_t(size_t, __le32_to_cpu(arg->num_mem_reqs),
++ ARRAY_SIZE(arg->mem_reqs));
++ for (i = 0; i < n; i++)
++ arg->mem_reqs[i] = &ev->mem_reqs[i];
++
++ if (skb->len <
++ __le32_to_cpu(arg->num_mem_reqs) * sizeof(arg->mem_reqs[0]))
++ return -EPROTO;
++
++ return 0;
++}
++
++static int
++ath10k_wmi_10x_op_pull_svc_rdy_ev(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_svc_rdy_ev_arg *arg)
++{
++ struct wmi_10x_service_ready_event *ev;
++ int i, n;
++
++ if (skb->len < sizeof(*ev))
++ return -EPROTO;
++
++ ev = (void *)skb->data;
++ skb_pull(skb, sizeof(*ev));
++ arg->min_tx_power = ev->hw_min_tx_power;
++ arg->max_tx_power = ev->hw_max_tx_power;
++ arg->ht_cap = ev->ht_cap_info;
++ arg->vht_cap = ev->vht_cap_info;
++ arg->sw_ver0 = ev->sw_version;
++ arg->phy_capab = ev->phy_capability;
++ arg->num_rf_chains = ev->num_rf_chains;
++ arg->eeprom_rd = ev->hal_reg_capabilities.eeprom_rd;
++ arg->num_mem_reqs = ev->num_mem_reqs;
++ arg->service_map = ev->wmi_service_bitmap;
++ arg->service_map_len = sizeof(ev->wmi_service_bitmap);
++
++ n = min_t(size_t, __le32_to_cpu(arg->num_mem_reqs),
++ ARRAY_SIZE(arg->mem_reqs));
++ for (i = 0; i < n; i++)
++ arg->mem_reqs[i] = &ev->mem_reqs[i];
++
++ if (skb->len <
++ __le32_to_cpu(arg->num_mem_reqs) * sizeof(arg->mem_reqs[0]))
++ return -EPROTO;
++
++ return 0;
++}
++
++void ath10k_wmi_event_service_ready(struct ath10k *ar, struct sk_buff *skb)
+ {
+- struct wmi_service_ready_event *ev = (void *)skb->data;
++ struct wmi_svc_rdy_ev_arg arg = {};
++ u32 num_units, req_id, unit_size, num_mem_reqs, num_unit_info, i;
++ int ret;
+
+- if (skb->len < sizeof(*ev)) {
+- ath10k_warn("Service ready event was %d B but expected %zu B. Wrong firmware version?\n",
+- skb->len, sizeof(*ev));
++ ret = ath10k_wmi_pull_svc_rdy(ar, skb, &arg);
++ if (ret) {
++ ath10k_warn(ar, "failed to parse service ready: %d\n", ret);
+ return;
+ }
+
+- ar->hw_min_tx_power = __le32_to_cpu(ev->hw_min_tx_power);
+- ar->hw_max_tx_power = __le32_to_cpu(ev->hw_max_tx_power);
+- ar->ht_cap_info = __le32_to_cpu(ev->ht_cap_info);
+- ar->vht_cap_info = __le32_to_cpu(ev->vht_cap_info);
++ memset(&ar->wmi.svc_map, 0, sizeof(ar->wmi.svc_map));
++ ath10k_wmi_map_svc(ar, arg.service_map, ar->wmi.svc_map,
++ arg.service_map_len);
++
++ ar->hw_min_tx_power = __le32_to_cpu(arg.min_tx_power);
++ ar->hw_max_tx_power = __le32_to_cpu(arg.max_tx_power);
++ ar->ht_cap_info = __le32_to_cpu(arg.ht_cap);
++ ar->vht_cap_info = __le32_to_cpu(arg.vht_cap);
+ ar->fw_version_major =
+- (__le32_to_cpu(ev->sw_version) & 0xff000000) >> 24;
+- ar->fw_version_minor = (__le32_to_cpu(ev->sw_version) & 0x00ffffff);
++ (__le32_to_cpu(arg.sw_ver0) & 0xff000000) >> 24;
++ ar->fw_version_minor = (__le32_to_cpu(arg.sw_ver0) & 0x00ffffff);
+ ar->fw_version_release =
+- (__le32_to_cpu(ev->sw_version_1) & 0xffff0000) >> 16;
+- ar->fw_version_build = (__le32_to_cpu(ev->sw_version_1) & 0x0000ffff);
+- ar->phy_capability = __le32_to_cpu(ev->phy_capability);
+- ar->num_rf_chains = __le32_to_cpu(ev->num_rf_chains);
++ (__le32_to_cpu(arg.sw_ver1) & 0xffff0000) >> 16;
++ ar->fw_version_build = (__le32_to_cpu(arg.sw_ver1) & 0x0000ffff);
++ ar->phy_capability = __le32_to_cpu(arg.phy_capab);
++ ar->num_rf_chains = __le32_to_cpu(arg.num_rf_chains);
++ ar->ath_common.regulatory.current_rd = __le32_to_cpu(arg.eeprom_rd);
++
++ ath10k_dbg_dump(ar, ATH10K_DBG_WMI, NULL, "wmi svc: ",
++ arg.service_map, arg.service_map_len);
+
+ /* only manually set fw features when not using FW IE format */
+ if (ar->fw_api == 1 && ar->fw_version_build > 636)
+ set_bit(ATH10K_FW_FEATURE_EXT_WMI_MGMT_RX, ar->fw_features);
+
+ if (ar->num_rf_chains > WMI_MAX_SPATIAL_STREAM) {
+- ath10k_warn("hardware advertises support for more spatial streams than it should (%d > %d)\n",
++ ath10k_warn(ar, "hardware advertises support for more spatial streams than it should (%d > %d)\n",
+ ar->num_rf_chains, WMI_MAX_SPATIAL_STREAM);
+ ar->num_rf_chains = WMI_MAX_SPATIAL_STREAM;
+ }
+
+- ar->ath_common.regulatory.current_rd =
+- __le32_to_cpu(ev->hal_reg_capabilities.eeprom_rd);
+-
+- ath10k_debug_read_service_map(ar, ev->wmi_service_bitmap,
+- sizeof(ev->wmi_service_bitmap));
++ ar->supp_tx_chainmask = (1 << ar->num_rf_chains) - 1;
++ ar->supp_rx_chainmask = (1 << ar->num_rf_chains) - 1;
+
+ if (strlen(ar->hw->wiphy->fw_version) == 0) {
+ snprintf(ar->hw->wiphy->fw_version,
+@@ -1942,90 +3161,18 @@ static void ath10k_wmi_service_ready_eve
+ ar->fw_version_build);
+ }
+
+- /* FIXME: it probably should be better to support this */
+- if (__le32_to_cpu(ev->num_mem_reqs) > 0) {
+- ath10k_warn("target requested %d memory chunks; ignoring\n",
+- __le32_to_cpu(ev->num_mem_reqs));
+- }
+-
+- ath10k_dbg(ATH10K_DBG_WMI,
+- "wmi event service ready sw_ver 0x%08x sw_ver1 0x%08x abi_ver %u phy_cap 0x%08x ht_cap 0x%08x vht_cap 0x%08x vht_supp_msc 0x%08x sys_cap_info 0x%08x mem_reqs %u num_rf_chains %u\n",
+- __le32_to_cpu(ev->sw_version),
+- __le32_to_cpu(ev->sw_version_1),
+- __le32_to_cpu(ev->abi_version),
+- __le32_to_cpu(ev->phy_capability),
+- __le32_to_cpu(ev->ht_cap_info),
+- __le32_to_cpu(ev->vht_cap_info),
+- __le32_to_cpu(ev->vht_supp_mcs),
+- __le32_to_cpu(ev->sys_cap_info),
+- __le32_to_cpu(ev->num_mem_reqs),
+- __le32_to_cpu(ev->num_rf_chains));
+-
+- complete(&ar->wmi.service_ready);
+-}
+-
+-static void ath10k_wmi_10x_service_ready_event_rx(struct ath10k *ar,
+- struct sk_buff *skb)
+-{
+- u32 num_units, req_id, unit_size, num_mem_reqs, num_unit_info, i;
+- int ret;
+- struct wmi_service_ready_event_10x *ev = (void *)skb->data;
+-
+- if (skb->len < sizeof(*ev)) {
+- ath10k_warn("Service ready event was %d B but expected %zu B. Wrong firmware version?\n",
+- skb->len, sizeof(*ev));
+- return;
+- }
+-
+- ar->hw_min_tx_power = __le32_to_cpu(ev->hw_min_tx_power);
+- ar->hw_max_tx_power = __le32_to_cpu(ev->hw_max_tx_power);
+- ar->ht_cap_info = __le32_to_cpu(ev->ht_cap_info);
+- ar->vht_cap_info = __le32_to_cpu(ev->vht_cap_info);
+- ar->fw_version_major =
+- (__le32_to_cpu(ev->sw_version) & 0xff000000) >> 24;
+- ar->fw_version_minor = (__le32_to_cpu(ev->sw_version) & 0x00ffffff);
+- ar->phy_capability = __le32_to_cpu(ev->phy_capability);
+- ar->num_rf_chains = __le32_to_cpu(ev->num_rf_chains);
+-
+- if (ar->num_rf_chains > WMI_MAX_SPATIAL_STREAM) {
+- ath10k_warn("hardware advertises support for more spatial streams than it should (%d > %d)\n",
+- ar->num_rf_chains, WMI_MAX_SPATIAL_STREAM);
+- ar->num_rf_chains = WMI_MAX_SPATIAL_STREAM;
+- }
+-
+- ar->ath_common.regulatory.current_rd =
+- __le32_to_cpu(ev->hal_reg_capabilities.eeprom_rd);
+-
+- ath10k_debug_read_service_map(ar, ev->wmi_service_bitmap,
+- sizeof(ev->wmi_service_bitmap));
+-
+- if (strlen(ar->hw->wiphy->fw_version) == 0) {
+- snprintf(ar->hw->wiphy->fw_version,
+- sizeof(ar->hw->wiphy->fw_version),
+- "%u.%u",
+- ar->fw_version_major,
+- ar->fw_version_minor);
+- }
+-
+- num_mem_reqs = __le32_to_cpu(ev->num_mem_reqs);
+-
+- if (num_mem_reqs > ATH10K_MAX_MEM_REQS) {
+- ath10k_warn("requested memory chunks number (%d) exceeds the limit\n",
++ num_mem_reqs = __le32_to_cpu(arg.num_mem_reqs);
++ if (num_mem_reqs > WMI_MAX_MEM_REQS) {
++ ath10k_warn(ar, "requested memory chunks number (%d) exceeds the limit\n",
+ num_mem_reqs);
+ return;
+ }
+
+- if (!num_mem_reqs)
+- goto exit;
+-
+- ath10k_dbg(ATH10K_DBG_WMI, "firmware has requested %d memory chunks\n",
+- num_mem_reqs);
+-
+ for (i = 0; i < num_mem_reqs; ++i) {
+- req_id = __le32_to_cpu(ev->mem_reqs[i].req_id);
+- num_units = __le32_to_cpu(ev->mem_reqs[i].num_units);
+- unit_size = __le32_to_cpu(ev->mem_reqs[i].unit_size);
+- num_unit_info = __le32_to_cpu(ev->mem_reqs[i].num_unit_info);
++ req_id = __le32_to_cpu(arg.mem_reqs[i]->req_id);
++ num_units = __le32_to_cpu(arg.mem_reqs[i]->num_units);
++ unit_size = __le32_to_cpu(arg.mem_reqs[i]->unit_size);
++ num_unit_info = __le32_to_cpu(arg.mem_reqs[i]->num_unit_info);
+
+ if (num_unit_info & NUM_UNITS_IS_NUM_PEERS)
+ /* number of units to allocate is number of
+@@ -2036,10 +3183,10 @@ static void ath10k_wmi_10x_service_ready
+ else if (num_unit_info & NUM_UNITS_IS_NUM_VDEVS)
+ num_units = TARGET_10X_NUM_VDEVS + 1;
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi mem_req_id %d num_units %d num_unit_info %d unit size %d actual units %d\n",
+ req_id,
+- __le32_to_cpu(ev->mem_reqs[i].num_units),
++ __le32_to_cpu(arg.mem_reqs[i]->num_units),
+ num_unit_info,
+ unit_size,
+ num_units);
+@@ -2050,47 +3197,79 @@ static void ath10k_wmi_10x_service_ready
+ return;
+ }
+
+-exit:
+- ath10k_dbg(ATH10K_DBG_WMI,
+- "wmi event service ready sw_ver 0x%08x abi_ver %u phy_cap 0x%08x ht_cap 0x%08x vht_cap 0x%08x vht_supp_msc 0x%08x sys_cap_info 0x%08x mem_reqs %u num_rf_chains %u\n",
+- __le32_to_cpu(ev->sw_version),
+- __le32_to_cpu(ev->abi_version),
+- __le32_to_cpu(ev->phy_capability),
+- __le32_to_cpu(ev->ht_cap_info),
+- __le32_to_cpu(ev->vht_cap_info),
+- __le32_to_cpu(ev->vht_supp_mcs),
+- __le32_to_cpu(ev->sys_cap_info),
+- __le32_to_cpu(ev->num_mem_reqs),
+- __le32_to_cpu(ev->num_rf_chains));
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi event service ready min_tx_power 0x%08x max_tx_power 0x%08x ht_cap 0x%08x vht_cap 0x%08x sw_ver0 0x%08x sw_ver1 0x%08x fw_build 0x%08x phy_capab 0x%08x num_rf_chains 0x%08x eeprom_rd 0x%08x num_mem_reqs 0x%08x\n",
++ __le32_to_cpu(arg.min_tx_power),
++ __le32_to_cpu(arg.max_tx_power),
++ __le32_to_cpu(arg.ht_cap),
++ __le32_to_cpu(arg.vht_cap),
++ __le32_to_cpu(arg.sw_ver0),
++ __le32_to_cpu(arg.sw_ver1),
++ __le32_to_cpu(arg.fw_build),
++ __le32_to_cpu(arg.phy_capab),
++ __le32_to_cpu(arg.num_rf_chains),
++ __le32_to_cpu(arg.eeprom_rd),
++ __le32_to_cpu(arg.num_mem_reqs));
+
+ complete(&ar->wmi.service_ready);
+ }
+
+-static int ath10k_wmi_ready_event_rx(struct ath10k *ar, struct sk_buff *skb)
++static int ath10k_wmi_op_pull_rdy_ev(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_rdy_ev_arg *arg)
+ {
+- struct wmi_ready_event *ev = (struct wmi_ready_event *)skb->data;
++ struct wmi_ready_event *ev = (void *)skb->data;
+
+- if (WARN_ON(skb->len < sizeof(*ev)))
+- return -EINVAL;
++ if (skb->len < sizeof(*ev))
++ return -EPROTO;
++
++ skb_pull(skb, sizeof(*ev));
++ arg->sw_version = ev->sw_version;
++ arg->abi_version = ev->abi_version;
++ arg->status = ev->status;
++ arg->mac_addr = ev->mac_addr.addr;
++
++ return 0;
++}
++
++int ath10k_wmi_event_ready(struct ath10k *ar, struct sk_buff *skb)
++{
++ struct wmi_rdy_ev_arg arg = {};
++ int ret;
+
+- memcpy(ar->mac_addr, ev->mac_addr.addr, ETH_ALEN);
++ ret = ath10k_wmi_pull_rdy(ar, skb, &arg);
++ if (ret) {
++ ath10k_warn(ar, "failed to parse ready event: %d\n", ret);
++ return ret;
++ }
+
+- ath10k_dbg(ATH10K_DBG_WMI,
+- "wmi event ready sw_version %u abi_version %u mac_addr %pM status %d skb->len %i ev-sz %zu\n",
+- __le32_to_cpu(ev->sw_version),
+- __le32_to_cpu(ev->abi_version),
+- ev->mac_addr.addr,
+- __le32_to_cpu(ev->status), skb->len, sizeof(*ev));
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi event ready sw_version %u abi_version %u mac_addr %pM status %d\n",
++ __le32_to_cpu(arg.sw_version),
++ __le32_to_cpu(arg.abi_version),
++ arg.mac_addr,
++ __le32_to_cpu(arg.status));
+
++ ether_addr_copy(ar->mac_addr, arg.mac_addr);
+ complete(&ar->wmi.unified_ready);
+ return 0;
+ }
+
+-static void ath10k_wmi_main_process_rx(struct ath10k *ar, struct sk_buff *skb)
++static int ath10k_wmi_event_temperature(struct ath10k *ar, struct sk_buff *skb)
++{
++ const struct wmi_pdev_temperature_event *ev;
++
++ ev = (struct wmi_pdev_temperature_event *)skb->data;
++ if (WARN_ON(skb->len < sizeof(*ev)))
++ return -EPROTO;
++
++ ath10k_thermal_event_temperature(ar, __le32_to_cpu(ev->temperature));
++ return 0;
++}
++
++static void ath10k_wmi_op_rx(struct ath10k *ar, struct sk_buff *skb)
+ {
+ struct wmi_cmd_hdr *cmd_hdr;
+ enum wmi_event_id id;
+- u16 len;
+
+ cmd_hdr = (struct wmi_cmd_hdr *)skb->data;
+ id = MS(__le32_to_cpu(cmd_hdr->cmd_id), WMI_CMD_HDR_CMD_ID);
+@@ -2098,9 +3277,7 @@ static void ath10k_wmi_main_process_rx(s
+ if (skb_pull(skb, sizeof(struct wmi_cmd_hdr)) == NULL)
+ return;
+
+- len = skb->len;
+-
+- trace_ath10k_wmi_event(id, skb->data, skb->len);
++ trace_ath10k_wmi_event(ar, id, skb->data, skb->len);
+
+ switch (id) {
+ case WMI_MGMT_RX_EVENTID:
+@@ -2192,24 +3369,24 @@ static void ath10k_wmi_main_process_rx(s
+ ath10k_wmi_event_vdev_install_key_complete(ar, skb);
+ break;
+ case WMI_SERVICE_READY_EVENTID:
+- ath10k_wmi_service_ready_event_rx(ar, skb);
++ ath10k_wmi_event_service_ready(ar, skb);
+ break;
+ case WMI_READY_EVENTID:
+- ath10k_wmi_ready_event_rx(ar, skb);
++ ath10k_wmi_event_ready(ar, skb);
+ break;
+ default:
+- ath10k_warn("Unknown eventid: %d\n", id);
++ ath10k_warn(ar, "Unknown eventid: %d\n", id);
+ break;
+ }
+
+ dev_kfree_skb(skb);
+ }
+
+-static void ath10k_wmi_10x_process_rx(struct ath10k *ar, struct sk_buff *skb)
++static void ath10k_wmi_10_1_op_rx(struct ath10k *ar, struct sk_buff *skb)
+ {
+ struct wmi_cmd_hdr *cmd_hdr;
+ enum wmi_10x_event_id id;
+- u16 len;
++ bool consumed;
+
+ cmd_hdr = (struct wmi_cmd_hdr *)skb->data;
+ id = MS(__le32_to_cpu(cmd_hdr->cmd_id), WMI_CMD_HDR_CMD_ID);
+@@ -2217,9 +3394,19 @@ static void ath10k_wmi_10x_process_rx(st
+ if (skb_pull(skb, sizeof(struct wmi_cmd_hdr)) == NULL)
+ return;
+
+- len = skb->len;
++ trace_ath10k_wmi_event(ar, id, skb->data, skb->len);
++
++ consumed = ath10k_tm_event_wmi(ar, id, skb);
+
+- trace_ath10k_wmi_event(id, skb->data, skb->len);
++ /* Ready event must be handled normally also in UTF mode so that we
++ * know the UTF firmware has booted, others we are just bypass WMI
++ * events to testmode.
++ */
++ if (consumed && id != WMI_10X_READY_EVENTID) {
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi testmode consumed 0x%x\n", id);
++ goto out;
++ }
+
+ switch (id) {
+ case WMI_10X_MGMT_RX_EVENTID:
+@@ -2302,64 +3489,153 @@ static void ath10k_wmi_10x_process_rx(st
+ ath10k_wmi_event_vdev_resume_req(ar, skb);
+ break;
+ case WMI_10X_SERVICE_READY_EVENTID:
+- ath10k_wmi_10x_service_ready_event_rx(ar, skb);
++ ath10k_wmi_event_service_ready(ar, skb);
+ break;
+ case WMI_10X_READY_EVENTID:
+- ath10k_wmi_ready_event_rx(ar, skb);
++ ath10k_wmi_event_ready(ar, skb);
++ break;
++ case WMI_10X_PDEV_UTF_EVENTID:
++ /* ignore utf events */
+ break;
+ default:
+- ath10k_warn("Unknown eventid: %d\n", id);
++ ath10k_warn(ar, "Unknown eventid: %d\n", id);
+ break;
+ }
+
++out:
+ dev_kfree_skb(skb);
+ }
+
+-
+-static void ath10k_wmi_process_rx(struct ath10k *ar, struct sk_buff *skb)
++static void ath10k_wmi_10_2_op_rx(struct ath10k *ar, struct sk_buff *skb)
+ {
+- if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features))
+- ath10k_wmi_10x_process_rx(ar, skb);
+- else
+- ath10k_wmi_main_process_rx(ar, skb);
+-}
++ struct wmi_cmd_hdr *cmd_hdr;
++ enum wmi_10_2_event_id id;
+
+-/* WMI Initialization functions */
+-int ath10k_wmi_attach(struct ath10k *ar)
+-{
+- if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features)) {
+- ar->wmi.cmd = &wmi_10x_cmd_map;
+- ar->wmi.vdev_param = &wmi_10x_vdev_param_map;
+- ar->wmi.pdev_param = &wmi_10x_pdev_param_map;
+- } else {
+- ar->wmi.cmd = &wmi_cmd_map;
+- ar->wmi.vdev_param = &wmi_vdev_param_map;
+- ar->wmi.pdev_param = &wmi_pdev_param_map;
+- }
++ cmd_hdr = (struct wmi_cmd_hdr *)skb->data;
++ id = MS(__le32_to_cpu(cmd_hdr->cmd_id), WMI_CMD_HDR_CMD_ID);
+
+- init_completion(&ar->wmi.service_ready);
+- init_completion(&ar->wmi.unified_ready);
+- init_waitqueue_head(&ar->wmi.tx_credits_wq);
++ if (skb_pull(skb, sizeof(struct wmi_cmd_hdr)) == NULL)
++ return;
+
+- return 0;
++ trace_ath10k_wmi_event(ar, id, skb->data, skb->len);
++
++ switch (id) {
++ case WMI_10_2_MGMT_RX_EVENTID:
++ ath10k_wmi_event_mgmt_rx(ar, skb);
++ /* mgmt_rx() owns the skb now! */
++ return;
++ case WMI_10_2_SCAN_EVENTID:
++ ath10k_wmi_event_scan(ar, skb);
++ break;
++ case WMI_10_2_CHAN_INFO_EVENTID:
++ ath10k_wmi_event_chan_info(ar, skb);
++ break;
++ case WMI_10_2_ECHO_EVENTID:
++ ath10k_wmi_event_echo(ar, skb);
++ break;
++ case WMI_10_2_DEBUG_MESG_EVENTID:
++ ath10k_wmi_event_debug_mesg(ar, skb);
++ break;
++ case WMI_10_2_UPDATE_STATS_EVENTID:
++ ath10k_wmi_event_update_stats(ar, skb);
++ break;
++ case WMI_10_2_VDEV_START_RESP_EVENTID:
++ ath10k_wmi_event_vdev_start_resp(ar, skb);
++ break;
++ case WMI_10_2_VDEV_STOPPED_EVENTID:
++ ath10k_wmi_event_vdev_stopped(ar, skb);
++ break;
++ case WMI_10_2_PEER_STA_KICKOUT_EVENTID:
++ ath10k_wmi_event_peer_sta_kickout(ar, skb);
++ break;
++ case WMI_10_2_HOST_SWBA_EVENTID:
++ ath10k_wmi_event_host_swba(ar, skb);
++ break;
++ case WMI_10_2_TBTTOFFSET_UPDATE_EVENTID:
++ ath10k_wmi_event_tbttoffset_update(ar, skb);
++ break;
++ case WMI_10_2_PHYERR_EVENTID:
++ ath10k_wmi_event_phyerr(ar, skb);
++ break;
++ case WMI_10_2_ROAM_EVENTID:
++ ath10k_wmi_event_roam(ar, skb);
++ break;
++ case WMI_10_2_PROFILE_MATCH:
++ ath10k_wmi_event_profile_match(ar, skb);
++ break;
++ case WMI_10_2_DEBUG_PRINT_EVENTID:
++ ath10k_wmi_event_debug_print(ar, skb);
++ break;
++ case WMI_10_2_PDEV_QVIT_EVENTID:
++ ath10k_wmi_event_pdev_qvit(ar, skb);
++ break;
++ case WMI_10_2_WLAN_PROFILE_DATA_EVENTID:
++ ath10k_wmi_event_wlan_profile_data(ar, skb);
++ break;
++ case WMI_10_2_RTT_MEASUREMENT_REPORT_EVENTID:
++ ath10k_wmi_event_rtt_measurement_report(ar, skb);
++ break;
++ case WMI_10_2_TSF_MEASUREMENT_REPORT_EVENTID:
++ ath10k_wmi_event_tsf_measurement_report(ar, skb);
++ break;
++ case WMI_10_2_RTT_ERROR_REPORT_EVENTID:
++ ath10k_wmi_event_rtt_error_report(ar, skb);
++ break;
++ case WMI_10_2_WOW_WAKEUP_HOST_EVENTID:
++ ath10k_wmi_event_wow_wakeup_host(ar, skb);
++ break;
++ case WMI_10_2_DCS_INTERFERENCE_EVENTID:
++ ath10k_wmi_event_dcs_interference(ar, skb);
++ break;
++ case WMI_10_2_PDEV_TPC_CONFIG_EVENTID:
++ ath10k_wmi_event_pdev_tpc_config(ar, skb);
++ break;
++ case WMI_10_2_INST_RSSI_STATS_EVENTID:
++ ath10k_wmi_event_inst_rssi_stats(ar, skb);
++ break;
++ case WMI_10_2_VDEV_STANDBY_REQ_EVENTID:
++ ath10k_wmi_event_vdev_standby_req(ar, skb);
++ break;
++ case WMI_10_2_VDEV_RESUME_REQ_EVENTID:
++ ath10k_wmi_event_vdev_resume_req(ar, skb);
++ break;
++ case WMI_10_2_SERVICE_READY_EVENTID:
++ ath10k_wmi_event_service_ready(ar, skb);
++ break;
++ case WMI_10_2_READY_EVENTID:
++ ath10k_wmi_event_ready(ar, skb);
++ break;
++ case WMI_10_2_PDEV_TEMPERATURE_EVENTID:
++ ath10k_wmi_event_temperature(ar, skb);
++ break;
++ case WMI_10_2_RTT_KEEPALIVE_EVENTID:
++ case WMI_10_2_GPIO_INPUT_EVENTID:
++ case WMI_10_2_PEER_RATECODE_LIST_EVENTID:
++ case WMI_10_2_GENERIC_BUFFER_EVENTID:
++ case WMI_10_2_MCAST_BUF_RELEASE_EVENTID:
++ case WMI_10_2_MCAST_LIST_AGEOUT_EVENTID:
++ case WMI_10_2_WDS_PEER_EVENTID:
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "received event id %d not implemented\n", id);
++ break;
++ default:
++ ath10k_warn(ar, "Unknown eventid: %d\n", id);
++ break;
++ }
++
++ dev_kfree_skb(skb);
+ }
+
+-void ath10k_wmi_detach(struct ath10k *ar)
++static void ath10k_wmi_process_rx(struct ath10k *ar, struct sk_buff *skb)
+ {
+- int i;
+-
+- /* free the host memory chunks requested by firmware */
+- for (i = 0; i < ar->wmi.num_mem_chunks; i++) {
+- dma_free_coherent(ar->dev,
+- ar->wmi.mem_chunks[i].len,
+- ar->wmi.mem_chunks[i].vaddr,
+- ar->wmi.mem_chunks[i].paddr);
+- }
++ int ret;
+
+- ar->wmi.num_mem_chunks = 0;
++ ret = ath10k_wmi_rx(ar, skb);
++ if (ret)
++ ath10k_warn(ar, "failed to process wmi rx: %d\n", ret);
+ }
+
+-int ath10k_wmi_connect_htc_service(struct ath10k *ar)
++int ath10k_wmi_connect(struct ath10k *ar)
+ {
+ int status;
+ struct ath10k_htc_svc_conn_req conn_req;
+@@ -2378,7 +3654,7 @@ int ath10k_wmi_connect_htc_service(struc
+
+ status = ath10k_htc_connect_service(&ar->htc, &conn_req, &conn_resp);
+ if (status) {
+- ath10k_warn("failed to connect to WMI CONTROL service status: %d\n",
++ ath10k_warn(ar, "failed to connect to WMI CONTROL service status: %d\n",
+ status);
+ return status;
+ }
+@@ -2387,16 +3663,17 @@ int ath10k_wmi_connect_htc_service(struc
+ return 0;
+ }
+
+-static int ath10k_wmi_main_pdev_set_regdomain(struct ath10k *ar, u16 rd,
+- u16 rd2g, u16 rd5g, u16 ctl2g,
+- u16 ctl5g)
++static struct sk_buff *
++ath10k_wmi_op_gen_pdev_set_rd(struct ath10k *ar, u16 rd, u16 rd2g, u16 rd5g,
++ u16 ctl2g, u16 ctl5g,
++ enum wmi_dfs_region dfs_reg)
+ {
+ struct wmi_pdev_set_regdomain_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_pdev_set_regdomain_cmd *)skb->data;
+ cmd->reg_domain = __cpu_to_le32(rd);
+@@ -2405,25 +3682,23 @@ static int ath10k_wmi_main_pdev_set_regd
+ cmd->conformance_test_limit_2G = __cpu_to_le32(ctl2g);
+ cmd->conformance_test_limit_5G = __cpu_to_le32(ctl5g);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi pdev regdomain rd %x rd2g %x rd5g %x ctl2g %x ctl5g %x\n",
+ rd, rd2g, rd5g, ctl2g, ctl5g);
+-
+- return ath10k_wmi_cmd_send(ar, skb,
+- ar->wmi.cmd->pdev_set_regdomain_cmdid);
++ return skb;
+ }
+
+-static int ath10k_wmi_10x_pdev_set_regdomain(struct ath10k *ar, u16 rd,
+- u16 rd2g, u16 rd5g,
+- u16 ctl2g, u16 ctl5g,
+- enum wmi_dfs_region dfs_reg)
++static struct sk_buff *
++ath10k_wmi_10x_op_gen_pdev_set_rd(struct ath10k *ar, u16 rd, u16 rd2g, u16
++ rd5g, u16 ctl2g, u16 ctl5g,
++ enum wmi_dfs_region dfs_reg)
+ {
+ struct wmi_pdev_set_regdomain_cmd_10x *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_pdev_set_regdomain_cmd_10x *)skb->data;
+ cmd->reg_domain = __cpu_to_le32(rd);
+@@ -2433,121 +3708,96 @@ static int ath10k_wmi_10x_pdev_set_regdo
+ cmd->conformance_test_limit_5G = __cpu_to_le32(ctl5g);
+ cmd->dfs_domain = __cpu_to_le32(dfs_reg);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi pdev regdomain rd %x rd2g %x rd5g %x ctl2g %x ctl5g %x dfs_region %x\n",
+ rd, rd2g, rd5g, ctl2g, ctl5g, dfs_reg);
+-
+- return ath10k_wmi_cmd_send(ar, skb,
+- ar->wmi.cmd->pdev_set_regdomain_cmdid);
+-}
+-
+-int ath10k_wmi_pdev_set_regdomain(struct ath10k *ar, u16 rd, u16 rd2g,
+- u16 rd5g, u16 ctl2g, u16 ctl5g,
+- enum wmi_dfs_region dfs_reg)
+-{
+- if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features))
+- return ath10k_wmi_10x_pdev_set_regdomain(ar, rd, rd2g, rd5g,
+- ctl2g, ctl5g, dfs_reg);
+- else
+- return ath10k_wmi_main_pdev_set_regdomain(ar, rd, rd2g, rd5g,
+- ctl2g, ctl5g);
+-}
+-
+-int ath10k_wmi_pdev_set_channel(struct ath10k *ar,
+- const struct wmi_channel_arg *arg)
+-{
+- struct wmi_set_channel_cmd *cmd;
+- struct sk_buff *skb;
+- u32 ch_flags = 0;
+-
+- if (arg->passive)
+- return -EINVAL;
+-
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
+- if (!skb)
+- return -ENOMEM;
+-
+- if (arg->chan_radar)
+- ch_flags |= WMI_CHAN_FLAG_DFS;
+-
+- cmd = (struct wmi_set_channel_cmd *)skb->data;
+- cmd->chan.mhz = __cpu_to_le32(arg->freq);
+- cmd->chan.band_center_freq1 = __cpu_to_le32(arg->freq);
+- cmd->chan.mode = arg->mode;
+- cmd->chan.flags |= __cpu_to_le32(ch_flags);
+- cmd->chan.min_power = arg->min_power;
+- cmd->chan.max_power = arg->max_power;
+- cmd->chan.reg_power = arg->max_reg_power;
+- cmd->chan.reg_classid = arg->reg_class_id;
+- cmd->chan.antenna_max = arg->max_antenna_gain;
+-
+- ath10k_dbg(ATH10K_DBG_WMI,
+- "wmi set channel mode %d freq %d\n",
+- arg->mode, arg->freq);
+-
+- return ath10k_wmi_cmd_send(ar, skb,
+- ar->wmi.cmd->pdev_set_channel_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_pdev_suspend_target(struct ath10k *ar, u32 suspend_opt)
++static struct sk_buff *
++ath10k_wmi_op_gen_pdev_suspend(struct ath10k *ar, u32 suspend_opt)
+ {
+ struct wmi_pdev_suspend_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_pdev_suspend_cmd *)skb->data;
+ cmd->suspend_opt = __cpu_to_le32(suspend_opt);
+
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->pdev_suspend_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_pdev_resume_target(struct ath10k *ar)
++static struct sk_buff *
++ath10k_wmi_op_gen_pdev_resume(struct ath10k *ar)
+ {
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(0);
+- if (skb == NULL)
+- return -ENOMEM;
++ skb = ath10k_wmi_alloc_skb(ar, 0);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
+
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->pdev_resume_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_pdev_set_param(struct ath10k *ar, u32 id, u32 value)
++static struct sk_buff *
++ath10k_wmi_op_gen_pdev_set_param(struct ath10k *ar, u32 id, u32 value)
+ {
+ struct wmi_pdev_set_param_cmd *cmd;
+ struct sk_buff *skb;
+
+ if (id == WMI_PDEV_PARAM_UNSUPPORTED) {
+- ath10k_warn("pdev param %d not supported by firmware\n", id);
+- return -EOPNOTSUPP;
++ ath10k_warn(ar, "pdev param %d not supported by firmware\n",
++ id);
++ return ERR_PTR(-EOPNOTSUPP);
+ }
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_pdev_set_param_cmd *)skb->data;
+ cmd->param_id = __cpu_to_le32(id);
+ cmd->param_value = __cpu_to_le32(value);
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi pdev set param %d value %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi pdev set param %d value %d\n",
+ id, value);
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->pdev_set_param_cmdid);
++ return skb;
+ }
+
+-static int ath10k_wmi_main_cmd_init(struct ath10k *ar)
++void ath10k_wmi_put_host_mem_chunks(struct ath10k *ar,
++ struct wmi_host_mem_chunks *chunks)
+ {
+- struct wmi_init_cmd *cmd;
+- struct sk_buff *buf;
+- struct wmi_resource_config config = {};
+- u32 len, val;
++ struct host_memory_chunk *chunk;
+ int i;
+
+- config.num_vdevs = __cpu_to_le32(TARGET_NUM_VDEVS);
+- config.num_peers = __cpu_to_le32(TARGET_NUM_PEERS + TARGET_NUM_VDEVS);
++ chunks->count = __cpu_to_le32(ar->wmi.num_mem_chunks);
++
++ for (i = 0; i < ar->wmi.num_mem_chunks; i++) {
++ chunk = &chunks->items[i];
++ chunk->ptr = __cpu_to_le32(ar->wmi.mem_chunks[i].paddr);
++ chunk->size = __cpu_to_le32(ar->wmi.mem_chunks[i].len);
++ chunk->req_id = __cpu_to_le32(ar->wmi.mem_chunks[i].req_id);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi chunk %d len %d requested, addr 0x%llx\n",
++ i,
++ ar->wmi.mem_chunks[i].len,
++ (unsigned long long)ar->wmi.mem_chunks[i].paddr);
++ }
++}
++
++static struct sk_buff *ath10k_wmi_op_gen_init(struct ath10k *ar)
++{
++ struct wmi_init_cmd *cmd;
++ struct sk_buff *buf;
++ struct wmi_resource_config config = {};
++ u32 len, val;
++
++ config.num_vdevs = __cpu_to_le32(TARGET_NUM_VDEVS);
++ config.num_peers = __cpu_to_le32(TARGET_NUM_PEERS);
+ config.num_offload_peers = __cpu_to_le32(TARGET_NUM_OFFLOAD_PEERS);
+
+ config.num_offload_reorder_bufs =
+@@ -2600,50 +3850,25 @@ static int ath10k_wmi_main_cmd_init(stru
+ len = sizeof(*cmd) +
+ (sizeof(struct host_memory_chunk) * ar->wmi.num_mem_chunks);
+
+- buf = ath10k_wmi_alloc_skb(len);
++ buf = ath10k_wmi_alloc_skb(ar, len);
+ if (!buf)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_init_cmd *)buf->data;
+
+- if (ar->wmi.num_mem_chunks == 0) {
+- cmd->num_host_mem_chunks = 0;
+- goto out;
+- }
+-
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi sending %d memory chunks info.\n",
+- ar->wmi.num_mem_chunks);
+-
+- cmd->num_host_mem_chunks = __cpu_to_le32(ar->wmi.num_mem_chunks);
+-
+- for (i = 0; i < ar->wmi.num_mem_chunks; i++) {
+- cmd->host_mem_chunks[i].ptr =
+- __cpu_to_le32(ar->wmi.mem_chunks[i].paddr);
+- cmd->host_mem_chunks[i].size =
+- __cpu_to_le32(ar->wmi.mem_chunks[i].len);
+- cmd->host_mem_chunks[i].req_id =
+- __cpu_to_le32(ar->wmi.mem_chunks[i].req_id);
+-
+- ath10k_dbg(ATH10K_DBG_WMI,
+- "wmi chunk %d len %d requested, addr 0x%llx\n",
+- i,
+- ar->wmi.mem_chunks[i].len,
+- (unsigned long long)ar->wmi.mem_chunks[i].paddr);
+- }
+-out:
+ memcpy(&cmd->resource_config, &config, sizeof(config));
++ ath10k_wmi_put_host_mem_chunks(ar, &cmd->mem_chunks);
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi init\n");
+- return ath10k_wmi_cmd_send(ar, buf, ar->wmi.cmd->init_cmdid);
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi init\n");
++ return buf;
+ }
+
+-static int ath10k_wmi_10x_cmd_init(struct ath10k *ar)
++static struct sk_buff *ath10k_wmi_10_1_op_gen_init(struct ath10k *ar)
+ {
+ struct wmi_init_cmd_10x *cmd;
+ struct sk_buff *buf;
+ struct wmi_resource_config_10x config = {};
+ u32 len, val;
+- int i;
+
+ config.num_vdevs = __cpu_to_le32(TARGET_10X_NUM_VDEVS);
+ config.num_peers = __cpu_to_le32(TARGET_10X_NUM_PEERS);
+@@ -2691,101 +3916,132 @@ static int ath10k_wmi_10x_cmd_init(struc
+ len = sizeof(*cmd) +
+ (sizeof(struct host_memory_chunk) * ar->wmi.num_mem_chunks);
+
+- buf = ath10k_wmi_alloc_skb(len);
++ buf = ath10k_wmi_alloc_skb(ar, len);
+ if (!buf)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_init_cmd_10x *)buf->data;
+
+- if (ar->wmi.num_mem_chunks == 0) {
+- cmd->num_host_mem_chunks = 0;
+- goto out;
+- }
++ memcpy(&cmd->resource_config, &config, sizeof(config));
++ ath10k_wmi_put_host_mem_chunks(ar, &cmd->mem_chunks);
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi sending %d memory chunks info.\n",
+- ar->wmi.num_mem_chunks);
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi init 10x\n");
++ return buf;
++}
+
+- cmd->num_host_mem_chunks = __cpu_to_le32(ar->wmi.num_mem_chunks);
++static struct sk_buff *ath10k_wmi_10_2_op_gen_init(struct ath10k *ar)
++{
++ struct wmi_init_cmd_10_2 *cmd;
++ struct sk_buff *buf;
++ struct wmi_resource_config_10x config = {};
++ u32 len, val, features;
+
+- for (i = 0; i < ar->wmi.num_mem_chunks; i++) {
+- cmd->host_mem_chunks[i].ptr =
+- __cpu_to_le32(ar->wmi.mem_chunks[i].paddr);
+- cmd->host_mem_chunks[i].size =
+- __cpu_to_le32(ar->wmi.mem_chunks[i].len);
+- cmd->host_mem_chunks[i].req_id =
+- __cpu_to_le32(ar->wmi.mem_chunks[i].req_id);
++ config.num_vdevs = __cpu_to_le32(TARGET_10X_NUM_VDEVS);
++ config.num_peers = __cpu_to_le32(TARGET_10X_NUM_PEERS);
++ config.num_peer_keys = __cpu_to_le32(TARGET_10X_NUM_PEER_KEYS);
++ config.num_tids = __cpu_to_le32(TARGET_10X_NUM_TIDS);
++ config.ast_skid_limit = __cpu_to_le32(TARGET_10X_AST_SKID_LIMIT);
++ config.tx_chain_mask = __cpu_to_le32(TARGET_10X_TX_CHAIN_MASK);
++ config.rx_chain_mask = __cpu_to_le32(TARGET_10X_RX_CHAIN_MASK);
++ config.rx_timeout_pri_vo = __cpu_to_le32(TARGET_10X_RX_TIMEOUT_LO_PRI);
++ config.rx_timeout_pri_vi = __cpu_to_le32(TARGET_10X_RX_TIMEOUT_LO_PRI);
++ config.rx_timeout_pri_be = __cpu_to_le32(TARGET_10X_RX_TIMEOUT_LO_PRI);
++ config.rx_timeout_pri_bk = __cpu_to_le32(TARGET_10X_RX_TIMEOUT_HI_PRI);
++ config.rx_decap_mode = __cpu_to_le32(TARGET_10X_RX_DECAP_MODE);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
+- "wmi chunk %d len %d requested, addr 0x%llx\n",
+- i,
+- ar->wmi.mem_chunks[i].len,
+- (unsigned long long)ar->wmi.mem_chunks[i].paddr);
+- }
+-out:
+- memcpy(&cmd->resource_config, &config, sizeof(config));
++ config.scan_max_pending_reqs =
++ __cpu_to_le32(TARGET_10X_SCAN_MAX_PENDING_REQS);
++
++ config.bmiss_offload_max_vdev =
++ __cpu_to_le32(TARGET_10X_BMISS_OFFLOAD_MAX_VDEV);
++
++ config.roam_offload_max_vdev =
++ __cpu_to_le32(TARGET_10X_ROAM_OFFLOAD_MAX_VDEV);
++
++ config.roam_offload_max_ap_profiles =
++ __cpu_to_le32(TARGET_10X_ROAM_OFFLOAD_MAX_AP_PROFILES);
++
++ config.num_mcast_groups = __cpu_to_le32(TARGET_10X_NUM_MCAST_GROUPS);
++ config.num_mcast_table_elems =
++ __cpu_to_le32(TARGET_10X_NUM_MCAST_TABLE_ELEMS);
++
++ config.mcast2ucast_mode = __cpu_to_le32(TARGET_10X_MCAST2UCAST_MODE);
++ config.tx_dbg_log_size = __cpu_to_le32(TARGET_10X_TX_DBG_LOG_SIZE);
++ config.num_wds_entries = __cpu_to_le32(TARGET_10X_NUM_WDS_ENTRIES);
++ config.dma_burst_size = __cpu_to_le32(TARGET_10_2_DMA_BURST_SIZE);
++ config.mac_aggr_delim = __cpu_to_le32(TARGET_10X_MAC_AGGR_DELIM);
++
++ val = TARGET_10X_RX_SKIP_DEFRAG_TIMEOUT_DUP_DETECTION_CHECK;
++ config.rx_skip_defrag_timeout_dup_detection_check = __cpu_to_le32(val);
++
++ config.vow_config = __cpu_to_le32(TARGET_10X_VOW_CONFIG);
++
++ config.num_msdu_desc = __cpu_to_le32(TARGET_10X_NUM_MSDU_DESC);
++ config.max_frag_entries = __cpu_to_le32(TARGET_10X_MAX_FRAG_ENTRIES);
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi init 10x\n");
+- return ath10k_wmi_cmd_send(ar, buf, ar->wmi.cmd->init_cmdid);
++ len = sizeof(*cmd) +
++ (sizeof(struct host_memory_chunk) * ar->wmi.num_mem_chunks);
++
++ buf = ath10k_wmi_alloc_skb(ar, len);
++ if (!buf)
++ return ERR_PTR(-ENOMEM);
++
++ cmd = (struct wmi_init_cmd_10_2 *)buf->data;
++
++ features = WMI_10_2_RX_BATCH_MODE;
++ cmd->resource_config.feature_mask = __cpu_to_le32(features);
++
++ memcpy(&cmd->resource_config.common, &config, sizeof(config));
++ ath10k_wmi_put_host_mem_chunks(ar, &cmd->mem_chunks);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi init 10.2\n");
++ return buf;
+ }
+
+-int ath10k_wmi_cmd_init(struct ath10k *ar)
++int ath10k_wmi_start_scan_verify(const struct wmi_start_scan_arg *arg)
+ {
+- int ret;
++ if (arg->ie_len && !arg->ie)
++ return -EINVAL;
++ if (arg->n_channels && !arg->channels)
++ return -EINVAL;
++ if (arg->n_ssids && !arg->ssids)
++ return -EINVAL;
++ if (arg->n_bssids && !arg->bssids)
++ return -EINVAL;
+
+- if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features))
+- ret = ath10k_wmi_10x_cmd_init(ar);
+- else
+- ret = ath10k_wmi_main_cmd_init(ar);
++ if (arg->ie_len > WLAN_SCAN_PARAMS_MAX_IE_LEN)
++ return -EINVAL;
++ if (arg->n_channels > ARRAY_SIZE(arg->channels))
++ return -EINVAL;
++ if (arg->n_ssids > WLAN_SCAN_PARAMS_MAX_SSID)
++ return -EINVAL;
++ if (arg->n_bssids > WLAN_SCAN_PARAMS_MAX_BSSID)
++ return -EINVAL;
+
+- return ret;
++ return 0;
+ }
+
+-static int ath10k_wmi_start_scan_calc_len(struct ath10k *ar,
+- const struct wmi_start_scan_arg *arg)
++static size_t
++ath10k_wmi_start_scan_tlvs_len(const struct wmi_start_scan_arg *arg)
+ {
+- int len;
+-
+- if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features))
+- len = sizeof(struct wmi_start_scan_cmd_10x);
+- else
+- len = sizeof(struct wmi_start_scan_cmd);
++ int len = 0;
+
+ if (arg->ie_len) {
+- if (!arg->ie)
+- return -EINVAL;
+- if (arg->ie_len > WLAN_SCAN_PARAMS_MAX_IE_LEN)
+- return -EINVAL;
+-
+ len += sizeof(struct wmi_ie_data);
+ len += roundup(arg->ie_len, 4);
+ }
+
+ if (arg->n_channels) {
+- if (!arg->channels)
+- return -EINVAL;
+- if (arg->n_channels > ARRAY_SIZE(arg->channels))
+- return -EINVAL;
+-
+ len += sizeof(struct wmi_chan_list);
+ len += sizeof(__le32) * arg->n_channels;
+ }
+
+ if (arg->n_ssids) {
+- if (!arg->ssids)
+- return -EINVAL;
+- if (arg->n_ssids > WLAN_SCAN_PARAMS_MAX_SSID)
+- return -EINVAL;
+-
+ len += sizeof(struct wmi_ssid_list);
+ len += sizeof(struct wmi_ssid) * arg->n_ssids;
+ }
+
+ if (arg->n_bssids) {
+- if (!arg->bssids)
+- return -EINVAL;
+- if (arg->n_bssids > WLAN_SCAN_PARAMS_MAX_BSSID)
+- return -EINVAL;
+-
+ len += sizeof(struct wmi_bssid_list);
+ len += sizeof(struct wmi_mac_addr) * arg->n_bssids;
+ }
+@@ -2793,28 +4049,11 @@ static int ath10k_wmi_start_scan_calc_le
+ return len;
+ }
+
+-int ath10k_wmi_start_scan(struct ath10k *ar,
+- const struct wmi_start_scan_arg *arg)
++void ath10k_wmi_put_start_scan_common(struct wmi_start_scan_common *cmn,
++ const struct wmi_start_scan_arg *arg)
+ {
+- struct wmi_start_scan_cmd *cmd;
+- struct sk_buff *skb;
+- struct wmi_ie_data *ie;
+- struct wmi_chan_list *channels;
+- struct wmi_ssid_list *ssids;
+- struct wmi_bssid_list *bssids;
+ u32 scan_id;
+ u32 scan_req_id;
+- int off;
+- int len = 0;
+- int i;
+-
+- len = ath10k_wmi_start_scan_calc_len(ar, arg);
+- if (len < 0)
+- return len; /* len contains error code here */
+-
+- skb = ath10k_wmi_alloc_skb(len);
+- if (!skb)
+- return -ENOMEM;
+
+ scan_id = WMI_HOST_SCAN_REQ_ID_PREFIX;
+ scan_id |= arg->scan_id;
+@@ -2822,48 +4061,49 @@ int ath10k_wmi_start_scan(struct ath10k
+ scan_req_id = WMI_HOST_SCAN_REQUESTOR_ID_PREFIX;
+ scan_req_id |= arg->scan_req_id;
+
+- cmd = (struct wmi_start_scan_cmd *)skb->data;
+- cmd->scan_id = __cpu_to_le32(scan_id);
+- cmd->scan_req_id = __cpu_to_le32(scan_req_id);
+- cmd->vdev_id = __cpu_to_le32(arg->vdev_id);
+- cmd->scan_priority = __cpu_to_le32(arg->scan_priority);
+- cmd->notify_scan_events = __cpu_to_le32(arg->notify_scan_events);
+- cmd->dwell_time_active = __cpu_to_le32(arg->dwell_time_active);
+- cmd->dwell_time_passive = __cpu_to_le32(arg->dwell_time_passive);
+- cmd->min_rest_time = __cpu_to_le32(arg->min_rest_time);
+- cmd->max_rest_time = __cpu_to_le32(arg->max_rest_time);
+- cmd->repeat_probe_time = __cpu_to_le32(arg->repeat_probe_time);
+- cmd->probe_spacing_time = __cpu_to_le32(arg->probe_spacing_time);
+- cmd->idle_time = __cpu_to_le32(arg->idle_time);
+- cmd->max_scan_time = __cpu_to_le32(arg->max_scan_time);
+- cmd->probe_delay = __cpu_to_le32(arg->probe_delay);
+- cmd->scan_ctrl_flags = __cpu_to_le32(arg->scan_ctrl_flags);
+-
+- /* TLV list starts after fields included in the struct */
+- /* There's just one filed that differes the two start_scan
+- * structures - burst_duration, which we are not using btw,
+- no point to make the split here, just shift the buffer to fit with
+- given FW */
+- if (test_bit(ATH10K_FW_FEATURE_WMI_10X, ar->fw_features))
+- off = sizeof(struct wmi_start_scan_cmd_10x);
+- else
+- off = sizeof(struct wmi_start_scan_cmd);
++ cmn->scan_id = __cpu_to_le32(scan_id);
++ cmn->scan_req_id = __cpu_to_le32(scan_req_id);
++ cmn->vdev_id = __cpu_to_le32(arg->vdev_id);
++ cmn->scan_priority = __cpu_to_le32(arg->scan_priority);
++ cmn->notify_scan_events = __cpu_to_le32(arg->notify_scan_events);
++ cmn->dwell_time_active = __cpu_to_le32(arg->dwell_time_active);
++ cmn->dwell_time_passive = __cpu_to_le32(arg->dwell_time_passive);
++ cmn->min_rest_time = __cpu_to_le32(arg->min_rest_time);
++ cmn->max_rest_time = __cpu_to_le32(arg->max_rest_time);
++ cmn->repeat_probe_time = __cpu_to_le32(arg->repeat_probe_time);
++ cmn->probe_spacing_time = __cpu_to_le32(arg->probe_spacing_time);
++ cmn->idle_time = __cpu_to_le32(arg->idle_time);
++ cmn->max_scan_time = __cpu_to_le32(arg->max_scan_time);
++ cmn->probe_delay = __cpu_to_le32(arg->probe_delay);
++ cmn->scan_ctrl_flags = __cpu_to_le32(arg->scan_ctrl_flags);
++}
++
++static void
++ath10k_wmi_put_start_scan_tlvs(struct wmi_start_scan_tlvs *tlvs,
++ const struct wmi_start_scan_arg *arg)
++{
++ struct wmi_ie_data *ie;
++ struct wmi_chan_list *channels;
++ struct wmi_ssid_list *ssids;
++ struct wmi_bssid_list *bssids;
++ void *ptr = tlvs->tlvs;
++ int i;
+
+ if (arg->n_channels) {
+- channels = (void *)skb->data + off;
++ channels = ptr;
+ channels->tag = __cpu_to_le32(WMI_CHAN_LIST_TAG);
+ channels->num_chan = __cpu_to_le32(arg->n_channels);
+
+ for (i = 0; i < arg->n_channels; i++)
+- channels->channel_list[i] =
+- __cpu_to_le32(arg->channels[i]);
++ channels->channel_list[i].freq =
++ __cpu_to_le16(arg->channels[i]);
+
+- off += sizeof(*channels);
+- off += sizeof(__le32) * arg->n_channels;
++ ptr += sizeof(*channels);
++ ptr += sizeof(__le32) * arg->n_channels;
+ }
+
+ if (arg->n_ssids) {
+- ssids = (void *)skb->data + off;
++ ssids = ptr;
+ ssids->tag = __cpu_to_le32(WMI_SSID_LIST_TAG);
+ ssids->num_ssids = __cpu_to_le32(arg->n_ssids);
+
+@@ -2875,12 +4115,12 @@ int ath10k_wmi_start_scan(struct ath10k
+ arg->ssids[i].len);
+ }
+
+- off += sizeof(*ssids);
+- off += sizeof(struct wmi_ssid) * arg->n_ssids;
++ ptr += sizeof(*ssids);
++ ptr += sizeof(struct wmi_ssid) * arg->n_ssids;
+ }
+
+ if (arg->n_bssids) {
+- bssids = (void *)skb->data + off;
++ bssids = ptr;
+ bssids->tag = __cpu_to_le32(WMI_BSSID_LIST_TAG);
+ bssids->num_bssid = __cpu_to_le32(arg->n_bssids);
+
+@@ -2889,27 +4129,75 @@ int ath10k_wmi_start_scan(struct ath10k
+ arg->bssids[i].bssid,
+ ETH_ALEN);
+
+- off += sizeof(*bssids);
+- off += sizeof(struct wmi_mac_addr) * arg->n_bssids;
++ ptr += sizeof(*bssids);
++ ptr += sizeof(struct wmi_mac_addr) * arg->n_bssids;
+ }
+
+ if (arg->ie_len) {
+- ie = (void *)skb->data + off;
++ ie = ptr;
+ ie->tag = __cpu_to_le32(WMI_IE_TAG);
+ ie->ie_len = __cpu_to_le32(arg->ie_len);
+ memcpy(ie->ie_data, arg->ie, arg->ie_len);
+
+- off += sizeof(*ie);
+- off += roundup(arg->ie_len, 4);
++ ptr += sizeof(*ie);
++ ptr += roundup(arg->ie_len, 4);
+ }
++}
+
+- if (off != skb->len) {
+- dev_kfree_skb(skb);
+- return -EINVAL;
+- }
++static struct sk_buff *
++ath10k_wmi_op_gen_start_scan(struct ath10k *ar,
++ const struct wmi_start_scan_arg *arg)
++{
++ struct wmi_start_scan_cmd *cmd;
++ struct sk_buff *skb;
++ size_t len;
++ int ret;
++
++ ret = ath10k_wmi_start_scan_verify(arg);
++ if (ret)
++ return ERR_PTR(ret);
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi start scan\n");
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->start_scan_cmdid);
++ len = sizeof(*cmd) + ath10k_wmi_start_scan_tlvs_len(arg);
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ cmd = (struct wmi_start_scan_cmd *)skb->data;
++
++ ath10k_wmi_put_start_scan_common(&cmd->common, arg);
++ ath10k_wmi_put_start_scan_tlvs(&cmd->tlvs, arg);
++
++ cmd->burst_duration_ms = __cpu_to_le32(0);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi start scan\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_10x_op_gen_start_scan(struct ath10k *ar,
++ const struct wmi_start_scan_arg *arg)
++{
++ struct wmi_10x_start_scan_cmd *cmd;
++ struct sk_buff *skb;
++ size_t len;
++ int ret;
++
++ ret = ath10k_wmi_start_scan_verify(arg);
++ if (ret)
++ return ERR_PTR(ret);
++
++ len = sizeof(*cmd) + ath10k_wmi_start_scan_tlvs_len(arg);
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ cmd = (struct wmi_10x_start_scan_cmd *)skb->data;
++
++ ath10k_wmi_put_start_scan_common(&cmd->common, arg);
++ ath10k_wmi_put_start_scan_tlvs(&cmd->tlvs, arg);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi 10x start scan\n");
++ return skb;
+ }
+
+ void ath10k_wmi_start_scan_init(struct ath10k *ar,
+@@ -2938,7 +4226,9 @@ void ath10k_wmi_start_scan_init(struct a
+ arg->bssids[0].bssid = "\xFF\xFF\xFF\xFF\xFF\xFF";
+ }
+
+-int ath10k_wmi_stop_scan(struct ath10k *ar, const struct wmi_stop_scan_arg *arg)
++static struct sk_buff *
++ath10k_wmi_op_gen_stop_scan(struct ath10k *ar,
++ const struct wmi_stop_scan_arg *arg)
+ {
+ struct wmi_stop_scan_cmd *cmd;
+ struct sk_buff *skb;
+@@ -2946,13 +4236,13 @@ int ath10k_wmi_stop_scan(struct ath10k *
+ u32 req_id;
+
+ if (arg->req_id > 0xFFF)
+- return -EINVAL;
++ return ERR_PTR(-EINVAL);
+ if (arg->req_type == WMI_SCAN_STOP_ONE && arg->u.scan_id > 0xFFF)
+- return -EINVAL;
++ return ERR_PTR(-EINVAL);
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ scan_id = arg->u.scan_id;
+ scan_id |= WMI_HOST_SCAN_REQ_ID_PREFIX;
+@@ -2966,92 +4256,85 @@ int ath10k_wmi_stop_scan(struct ath10k *
+ cmd->scan_id = __cpu_to_le32(scan_id);
+ cmd->scan_req_id = __cpu_to_le32(req_id);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi stop scan reqid %d req_type %d vdev/scan_id %d\n",
+ arg->req_id, arg->req_type, arg->u.scan_id);
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->stop_scan_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_vdev_create(struct ath10k *ar, u32 vdev_id,
+- enum wmi_vdev_type type,
+- enum wmi_vdev_subtype subtype,
+- const u8 macaddr[ETH_ALEN])
++static struct sk_buff *
++ath10k_wmi_op_gen_vdev_create(struct ath10k *ar, u32 vdev_id,
++ enum wmi_vdev_type type,
++ enum wmi_vdev_subtype subtype,
++ const u8 macaddr[ETH_ALEN])
+ {
+ struct wmi_vdev_create_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_vdev_create_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+ cmd->vdev_type = __cpu_to_le32(type);
+ cmd->vdev_subtype = __cpu_to_le32(subtype);
+- memcpy(cmd->vdev_macaddr.addr, macaddr, ETH_ALEN);
++ ether_addr_copy(cmd->vdev_macaddr.addr, macaddr);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "WMI vdev create: id %d type %d subtype %d macaddr %pM\n",
+ vdev_id, type, subtype, macaddr);
+-
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_create_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_vdev_delete(struct ath10k *ar, u32 vdev_id)
++static struct sk_buff *
++ath10k_wmi_op_gen_vdev_delete(struct ath10k *ar, u32 vdev_id)
+ {
+ struct wmi_vdev_delete_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_vdev_delete_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "WMI vdev delete id %d\n", vdev_id);
+-
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_delete_cmdid);
++ return skb;
+ }
+
+-static int ath10k_wmi_vdev_start_restart(struct ath10k *ar,
+- const struct wmi_vdev_start_request_arg *arg,
+- u32 cmd_id)
++static struct sk_buff *
++ath10k_wmi_op_gen_vdev_start(struct ath10k *ar,
++ const struct wmi_vdev_start_request_arg *arg,
++ bool restart)
+ {
+ struct wmi_vdev_start_request_cmd *cmd;
+ struct sk_buff *skb;
+ const char *cmdname;
+ u32 flags = 0;
+- u32 ch_flags = 0;
+
+- if (cmd_id != ar->wmi.cmd->vdev_start_request_cmdid &&
+- cmd_id != ar->wmi.cmd->vdev_restart_request_cmdid)
+- return -EINVAL;
+ if (WARN_ON(arg->ssid && arg->ssid_len == 0))
+- return -EINVAL;
++ return ERR_PTR(-EINVAL);
+ if (WARN_ON(arg->hidden_ssid && !arg->ssid))
+- return -EINVAL;
++ return ERR_PTR(-EINVAL);
+ if (WARN_ON(arg->ssid_len > sizeof(cmd->ssid.ssid)))
+- return -EINVAL;
++ return ERR_PTR(-EINVAL);
+
+- if (cmd_id == ar->wmi.cmd->vdev_start_request_cmdid)
+- cmdname = "start";
+- else if (cmd_id == ar->wmi.cmd->vdev_restart_request_cmdid)
++ if (restart)
+ cmdname = "restart";
+ else
+- return -EINVAL; /* should not happen, we already check cmd_id */
++ cmdname = "start";
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ if (arg->hidden_ssid)
+ flags |= WMI_VDEV_START_HIDDEN_SSID;
+ if (arg->pmf_enabled)
+ flags |= WMI_VDEV_START_PMF_ENABLED;
+- if (arg->channel.chan_radar)
+- ch_flags |= WMI_CHAN_FLAG_DFS;
+
+ cmd = (struct wmi_vdev_start_request_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(arg->vdev_id);
+@@ -3067,143 +4350,118 @@ static int ath10k_wmi_vdev_start_restart
+ memcpy(cmd->ssid.ssid, arg->ssid, arg->ssid_len);
+ }
+
+- cmd->chan.mhz = __cpu_to_le32(arg->channel.freq);
++ ath10k_wmi_put_wmi_channel(&cmd->chan, &arg->channel);
+
+- cmd->chan.band_center_freq1 =
+- __cpu_to_le32(arg->channel.band_center_freq1);
+-
+- cmd->chan.mode = arg->channel.mode;
+- cmd->chan.flags |= __cpu_to_le32(ch_flags);
+- cmd->chan.min_power = arg->channel.min_power;
+- cmd->chan.max_power = arg->channel.max_power;
+- cmd->chan.reg_power = arg->channel.max_reg_power;
+- cmd->chan.reg_classid = arg->channel.reg_class_id;
+- cmd->chan.antenna_max = arg->channel.max_antenna_gain;
+-
+- ath10k_dbg(ATH10K_DBG_WMI,
+- "wmi vdev %s id 0x%x flags: 0x%0X, freq %d, mode %d, "
+- "ch_flags: 0x%0X, max_power: %d\n", cmdname, arg->vdev_id,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi vdev %s id 0x%x flags: 0x%0X, freq %d, mode %d, ch_flags: 0x%0X, max_power: %d\n",
++ cmdname, arg->vdev_id,
+ flags, arg->channel.freq, arg->channel.mode,
+ cmd->chan.flags, arg->channel.max_power);
+
+- return ath10k_wmi_cmd_send(ar, skb, cmd_id);
+-}
+-
+-int ath10k_wmi_vdev_start(struct ath10k *ar,
+- const struct wmi_vdev_start_request_arg *arg)
+-{
+- u32 cmd_id = ar->wmi.cmd->vdev_start_request_cmdid;
+-
+- return ath10k_wmi_vdev_start_restart(ar, arg, cmd_id);
+-}
+-
+-int ath10k_wmi_vdev_restart(struct ath10k *ar,
+- const struct wmi_vdev_start_request_arg *arg)
+-{
+- u32 cmd_id = ar->wmi.cmd->vdev_restart_request_cmdid;
+-
+- return ath10k_wmi_vdev_start_restart(ar, arg, cmd_id);
++ return skb;
+ }
+
+-int ath10k_wmi_vdev_stop(struct ath10k *ar, u32 vdev_id)
++static struct sk_buff *
++ath10k_wmi_op_gen_vdev_stop(struct ath10k *ar, u32 vdev_id)
+ {
+ struct wmi_vdev_stop_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_vdev_stop_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi vdev stop id 0x%x\n", vdev_id);
+-
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_stop_cmdid);
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi vdev stop id 0x%x\n", vdev_id);
++ return skb;
+ }
+
+-int ath10k_wmi_vdev_up(struct ath10k *ar, u32 vdev_id, u32 aid, const u8 *bssid)
++static struct sk_buff *
++ath10k_wmi_op_gen_vdev_up(struct ath10k *ar, u32 vdev_id, u32 aid,
++ const u8 *bssid)
+ {
+ struct wmi_vdev_up_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_vdev_up_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+ cmd->vdev_assoc_id = __cpu_to_le32(aid);
+- memcpy(&cmd->vdev_bssid.addr, bssid, ETH_ALEN);
++ ether_addr_copy(cmd->vdev_bssid.addr, bssid);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi mgmt vdev up id 0x%x assoc id %d bssid %pM\n",
+ vdev_id, aid, bssid);
+-
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_up_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_vdev_down(struct ath10k *ar, u32 vdev_id)
++static struct sk_buff *
++ath10k_wmi_op_gen_vdev_down(struct ath10k *ar, u32 vdev_id)
+ {
+ struct wmi_vdev_down_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_vdev_down_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi mgmt vdev down id 0x%x\n", vdev_id);
+-
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_down_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_vdev_set_param(struct ath10k *ar, u32 vdev_id,
+- u32 param_id, u32 param_value)
++static struct sk_buff *
++ath10k_wmi_op_gen_vdev_set_param(struct ath10k *ar, u32 vdev_id,
++ u32 param_id, u32 param_value)
+ {
+ struct wmi_vdev_set_param_cmd *cmd;
+ struct sk_buff *skb;
+
+ if (param_id == WMI_VDEV_PARAM_UNSUPPORTED) {
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "vdev param %d not supported by firmware\n",
+ param_id);
+- return -EOPNOTSUPP;
++ return ERR_PTR(-EOPNOTSUPP);
+ }
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_vdev_set_param_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+ cmd->param_id = __cpu_to_le32(param_id);
+ cmd->param_value = __cpu_to_le32(param_value);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi vdev id 0x%x set param %d value %d\n",
+ vdev_id, param_id, param_value);
+-
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_set_param_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_vdev_install_key(struct ath10k *ar,
+- const struct wmi_vdev_install_key_arg *arg)
++static struct sk_buff *
++ath10k_wmi_op_gen_vdev_install_key(struct ath10k *ar,
++ const struct wmi_vdev_install_key_arg *arg)
+ {
+ struct wmi_vdev_install_key_cmd *cmd;
+ struct sk_buff *skb;
+
+ if (arg->key_cipher == WMI_CIPHER_NONE && arg->key_data != NULL)
+- return -EINVAL;
++ return ERR_PTR(-EINVAL);
+ if (arg->key_cipher != WMI_CIPHER_NONE && arg->key_data == NULL)
+- return -EINVAL;
++ return ERR_PTR(-EINVAL);
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd) + arg->key_len);
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd) + arg->key_len);
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_vdev_install_key_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(arg->vdev_id);
+@@ -3215,176 +4473,232 @@ int ath10k_wmi_vdev_install_key(struct a
+ cmd->key_rxmic_len = __cpu_to_le32(arg->key_rxmic_len);
+
+ if (arg->macaddr)
+- memcpy(cmd->peer_macaddr.addr, arg->macaddr, ETH_ALEN);
++ ether_addr_copy(cmd->peer_macaddr.addr, arg->macaddr);
+ if (arg->key_data)
+ memcpy(cmd->key_data, arg->key_data, arg->key_len);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi vdev install key idx %d cipher %d len %d\n",
+ arg->key_idx, arg->key_cipher, arg->key_len);
+- return ath10k_wmi_cmd_send(ar, skb,
+- ar->wmi.cmd->vdev_install_key_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_peer_create(struct ath10k *ar, u32 vdev_id,
+- const u8 peer_addr[ETH_ALEN])
++static struct sk_buff *
++ath10k_wmi_op_gen_vdev_spectral_conf(struct ath10k *ar,
++ const struct wmi_vdev_spectral_conf_arg *arg)
++{
++ struct wmi_vdev_spectral_conf_cmd *cmd;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ cmd = (struct wmi_vdev_spectral_conf_cmd *)skb->data;
++ cmd->vdev_id = __cpu_to_le32(arg->vdev_id);
++ cmd->scan_count = __cpu_to_le32(arg->scan_count);
++ cmd->scan_period = __cpu_to_le32(arg->scan_period);
++ cmd->scan_priority = __cpu_to_le32(arg->scan_priority);
++ cmd->scan_fft_size = __cpu_to_le32(arg->scan_fft_size);
++ cmd->scan_gc_ena = __cpu_to_le32(arg->scan_gc_ena);
++ cmd->scan_restart_ena = __cpu_to_le32(arg->scan_restart_ena);
++ cmd->scan_noise_floor_ref = __cpu_to_le32(arg->scan_noise_floor_ref);
++ cmd->scan_init_delay = __cpu_to_le32(arg->scan_init_delay);
++ cmd->scan_nb_tone_thr = __cpu_to_le32(arg->scan_nb_tone_thr);
++ cmd->scan_str_bin_thr = __cpu_to_le32(arg->scan_str_bin_thr);
++ cmd->scan_wb_rpt_mode = __cpu_to_le32(arg->scan_wb_rpt_mode);
++ cmd->scan_rssi_rpt_mode = __cpu_to_le32(arg->scan_rssi_rpt_mode);
++ cmd->scan_rssi_thr = __cpu_to_le32(arg->scan_rssi_thr);
++ cmd->scan_pwr_format = __cpu_to_le32(arg->scan_pwr_format);
++ cmd->scan_rpt_mode = __cpu_to_le32(arg->scan_rpt_mode);
++ cmd->scan_bin_scale = __cpu_to_le32(arg->scan_bin_scale);
++ cmd->scan_dbm_adj = __cpu_to_le32(arg->scan_dbm_adj);
++ cmd->scan_chn_mask = __cpu_to_le32(arg->scan_chn_mask);
++
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_op_gen_vdev_spectral_enable(struct ath10k *ar, u32 vdev_id,
++ u32 trigger, u32 enable)
++{
++ struct wmi_vdev_spectral_enable_cmd *cmd;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ cmd = (struct wmi_vdev_spectral_enable_cmd *)skb->data;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->trigger_cmd = __cpu_to_le32(trigger);
++ cmd->enable_cmd = __cpu_to_le32(enable);
++
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_op_gen_peer_create(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN])
+ {
+ struct wmi_peer_create_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_peer_create_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+- memcpy(cmd->peer_macaddr.addr, peer_addr, ETH_ALEN);
++ ether_addr_copy(cmd->peer_macaddr.addr, peer_addr);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi peer create vdev_id %d peer_addr %pM\n",
+ vdev_id, peer_addr);
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->peer_create_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_peer_delete(struct ath10k *ar, u32 vdev_id,
+- const u8 peer_addr[ETH_ALEN])
++static struct sk_buff *
++ath10k_wmi_op_gen_peer_delete(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN])
+ {
+ struct wmi_peer_delete_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_peer_delete_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+- memcpy(cmd->peer_macaddr.addr, peer_addr, ETH_ALEN);
++ ether_addr_copy(cmd->peer_macaddr.addr, peer_addr);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi peer delete vdev_id %d peer_addr %pM\n",
+ vdev_id, peer_addr);
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->peer_delete_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_peer_flush(struct ath10k *ar, u32 vdev_id,
+- const u8 peer_addr[ETH_ALEN], u32 tid_bitmap)
++static struct sk_buff *
++ath10k_wmi_op_gen_peer_flush(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN], u32 tid_bitmap)
+ {
+ struct wmi_peer_flush_tids_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_peer_flush_tids_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+ cmd->peer_tid_bitmap = __cpu_to_le32(tid_bitmap);
+- memcpy(cmd->peer_macaddr.addr, peer_addr, ETH_ALEN);
++ ether_addr_copy(cmd->peer_macaddr.addr, peer_addr);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi peer flush vdev_id %d peer_addr %pM tids %08x\n",
+ vdev_id, peer_addr, tid_bitmap);
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->peer_flush_tids_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_peer_set_param(struct ath10k *ar, u32 vdev_id,
+- const u8 *peer_addr, enum wmi_peer_param param_id,
+- u32 param_value)
++static struct sk_buff *
++ath10k_wmi_op_gen_peer_set_param(struct ath10k *ar, u32 vdev_id,
++ const u8 *peer_addr,
++ enum wmi_peer_param param_id,
++ u32 param_value)
+ {
+ struct wmi_peer_set_param_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_peer_set_param_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+ cmd->param_id = __cpu_to_le32(param_id);
+ cmd->param_value = __cpu_to_le32(param_value);
+- memcpy(&cmd->peer_macaddr.addr, peer_addr, ETH_ALEN);
++ ether_addr_copy(cmd->peer_macaddr.addr, peer_addr);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi vdev %d peer 0x%pM set param %d value %d\n",
+ vdev_id, peer_addr, param_id, param_value);
+-
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->peer_set_param_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_set_psmode(struct ath10k *ar, u32 vdev_id,
+- enum wmi_sta_ps_mode psmode)
++static struct sk_buff *
++ath10k_wmi_op_gen_set_psmode(struct ath10k *ar, u32 vdev_id,
++ enum wmi_sta_ps_mode psmode)
+ {
+ struct wmi_sta_powersave_mode_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_sta_powersave_mode_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+ cmd->sta_ps_mode = __cpu_to_le32(psmode);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi set powersave id 0x%x mode %d\n",
+ vdev_id, psmode);
+-
+- return ath10k_wmi_cmd_send(ar, skb,
+- ar->wmi.cmd->sta_powersave_mode_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_set_sta_ps_param(struct ath10k *ar, u32 vdev_id,
+- enum wmi_sta_powersave_param param_id,
+- u32 value)
++static struct sk_buff *
++ath10k_wmi_op_gen_set_sta_ps(struct ath10k *ar, u32 vdev_id,
++ enum wmi_sta_powersave_param param_id,
++ u32 value)
+ {
+ struct wmi_sta_powersave_param_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_sta_powersave_param_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+ cmd->param_id = __cpu_to_le32(param_id);
+ cmd->param_value = __cpu_to_le32(value);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi sta ps param vdev_id 0x%x param %d value %d\n",
+ vdev_id, param_id, value);
+- return ath10k_wmi_cmd_send(ar, skb,
+- ar->wmi.cmd->sta_powersave_param_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_set_ap_ps_param(struct ath10k *ar, u32 vdev_id, const u8 *mac,
+- enum wmi_ap_ps_peer_param param_id, u32 value)
++static struct sk_buff *
++ath10k_wmi_op_gen_set_ap_ps(struct ath10k *ar, u32 vdev_id, const u8 *mac,
++ enum wmi_ap_ps_peer_param param_id, u32 value)
+ {
+ struct wmi_ap_ps_peer_cmd *cmd;
+ struct sk_buff *skb;
+
+ if (!mac)
+- return -EINVAL;
++ return ERR_PTR(-EINVAL);
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_ap_ps_peer_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(vdev_id);
+ cmd->param_id = __cpu_to_le32(param_id);
+ cmd->param_value = __cpu_to_le32(value);
+- memcpy(&cmd->peer_macaddr, mac, ETH_ALEN);
++ ether_addr_copy(cmd->peer_macaddr.addr, mac);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi ap ps param vdev_id 0x%X param %d value %d mac_addr %pM\n",
+ vdev_id, param_id, value, mac);
+-
+- return ath10k_wmi_cmd_send(ar, skb,
+- ar->wmi.cmd->ap_ps_peer_param_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_scan_chan_list(struct ath10k *ar,
+- const struct wmi_scan_chan_list_arg *arg)
++static struct sk_buff *
++ath10k_wmi_op_gen_scan_chan_list(struct ath10k *ar,
++ const struct wmi_scan_chan_list_arg *arg)
+ {
+ struct wmi_scan_chan_list_cmd *cmd;
+ struct sk_buff *skb;
+@@ -3395,66 +4709,29 @@ int ath10k_wmi_scan_chan_list(struct ath
+
+ len = sizeof(*cmd) + arg->n_channels * sizeof(struct wmi_channel);
+
+- skb = ath10k_wmi_alloc_skb(len);
++ skb = ath10k_wmi_alloc_skb(ar, len);
+ if (!skb)
+- return -EINVAL;
++ return ERR_PTR(-EINVAL);
+
+ cmd = (struct wmi_scan_chan_list_cmd *)skb->data;
+ cmd->num_scan_chans = __cpu_to_le32(arg->n_channels);
+
+ for (i = 0; i < arg->n_channels; i++) {
+- u32 flags = 0;
+-
+ ch = &arg->channels[i];
+ ci = &cmd->chan_info[i];
+
+- if (ch->passive)
+- flags |= WMI_CHAN_FLAG_PASSIVE;
+- if (ch->allow_ibss)
+- flags |= WMI_CHAN_FLAG_ADHOC_ALLOWED;
+- if (ch->allow_ht)
+- flags |= WMI_CHAN_FLAG_ALLOW_HT;
+- if (ch->allow_vht)
+- flags |= WMI_CHAN_FLAG_ALLOW_VHT;
+- if (ch->ht40plus)
+- flags |= WMI_CHAN_FLAG_HT40_PLUS;
+- if (ch->chan_radar)
+- flags |= WMI_CHAN_FLAG_DFS;
+-
+- ci->mhz = __cpu_to_le32(ch->freq);
+- ci->band_center_freq1 = __cpu_to_le32(ch->freq);
+- ci->band_center_freq2 = 0;
+- ci->min_power = ch->min_power;
+- ci->max_power = ch->max_power;
+- ci->reg_power = ch->max_reg_power;
+- ci->antenna_max = ch->max_antenna_gain;
+-
+- /* mode & flags share storage */
+- ci->mode = ch->mode;
+- ci->flags |= __cpu_to_le32(flags);
++ ath10k_wmi_put_wmi_channel(ci, ch);
+ }
+
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->scan_chan_list_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_peer_assoc(struct ath10k *ar,
+- const struct wmi_peer_assoc_complete_arg *arg)
++static void
++ath10k_wmi_peer_assoc_fill(struct ath10k *ar, void *buf,
++ const struct wmi_peer_assoc_complete_arg *arg)
+ {
+- struct wmi_peer_assoc_complete_cmd *cmd;
+- struct sk_buff *skb;
++ struct wmi_common_peer_assoc_complete_cmd *cmd = buf;
+
+- if (arg->peer_mpdu_density > 16)
+- return -EINVAL;
+- if (arg->peer_legacy_rates.num_rates > MAX_SUPPORTED_RATES)
+- return -EINVAL;
+- if (arg->peer_ht_rates.num_rates > MAX_SUPPORTED_RATES)
+- return -EINVAL;
+-
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
+- if (!skb)
+- return -ENOMEM;
+-
+- cmd = (struct wmi_peer_assoc_complete_cmd *)skb->data;
+ cmd->vdev_id = __cpu_to_le32(arg->vdev_id);
+ cmd->peer_new_assoc = __cpu_to_le32(arg->peer_reassoc ? 0 : 1);
+ cmd->peer_associd = __cpu_to_le32(arg->peer_aid);
+@@ -3469,7 +4746,7 @@ int ath10k_wmi_peer_assoc(struct ath10k
+ cmd->peer_vht_caps = __cpu_to_le32(arg->peer_vht_caps);
+ cmd->peer_phymode = __cpu_to_le32(arg->peer_phymode);
+
+- memcpy(cmd->peer_macaddr.addr, arg->addr, ETH_ALEN);
++ ether_addr_copy(cmd->peer_macaddr.addr, arg->addr);
+
+ cmd->peer_legacy_rates.num_rates =
+ __cpu_to_le32(arg->peer_legacy_rates.num_rates);
+@@ -3489,57 +4766,183 @@ int ath10k_wmi_peer_assoc(struct ath10k
+ __cpu_to_le32(arg->peer_vht_rates.tx_max_rate);
+ cmd->peer_vht_rates.tx_mcs_set =
+ __cpu_to_le32(arg->peer_vht_rates.tx_mcs_set);
++}
++
++static void
++ath10k_wmi_peer_assoc_fill_main(struct ath10k *ar, void *buf,
++ const struct wmi_peer_assoc_complete_arg *arg)
++{
++ struct wmi_main_peer_assoc_complete_cmd *cmd = buf;
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_wmi_peer_assoc_fill(ar, buf, arg);
++ memset(cmd->peer_ht_info, 0, sizeof(cmd->peer_ht_info));
++}
++
++static void
++ath10k_wmi_peer_assoc_fill_10_1(struct ath10k *ar, void *buf,
++ const struct wmi_peer_assoc_complete_arg *arg)
++{
++ ath10k_wmi_peer_assoc_fill(ar, buf, arg);
++}
++
++static void
++ath10k_wmi_peer_assoc_fill_10_2(struct ath10k *ar, void *buf,
++ const struct wmi_peer_assoc_complete_arg *arg)
++{
++ struct wmi_10_2_peer_assoc_complete_cmd *cmd = buf;
++ int max_mcs, max_nss;
++ u32 info0;
++
++ /* TODO: Is using max values okay with firmware? */
++ max_mcs = 0xf;
++ max_nss = 0xf;
++
++ info0 = SM(max_mcs, WMI_PEER_ASSOC_INFO0_MAX_MCS_IDX) |
++ SM(max_nss, WMI_PEER_ASSOC_INFO0_MAX_NSS);
++
++ ath10k_wmi_peer_assoc_fill(ar, buf, arg);
++ cmd->info0 = __cpu_to_le32(info0);
++}
++
++static int
++ath10k_wmi_peer_assoc_check_arg(const struct wmi_peer_assoc_complete_arg *arg)
++{
++ if (arg->peer_mpdu_density > 16)
++ return -EINVAL;
++ if (arg->peer_legacy_rates.num_rates > MAX_SUPPORTED_RATES)
++ return -EINVAL;
++ if (arg->peer_ht_rates.num_rates > MAX_SUPPORTED_RATES)
++ return -EINVAL;
++
++ return 0;
++}
++
++static struct sk_buff *
++ath10k_wmi_op_gen_peer_assoc(struct ath10k *ar,
++ const struct wmi_peer_assoc_complete_arg *arg)
++{
++ size_t len = sizeof(struct wmi_main_peer_assoc_complete_cmd);
++ struct sk_buff *skb;
++ int ret;
++
++ ret = ath10k_wmi_peer_assoc_check_arg(arg);
++ if (ret)
++ return ERR_PTR(ret);
++
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ath10k_wmi_peer_assoc_fill_main(ar, skb->data, arg);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi peer assoc vdev %d addr %pM (%s)\n",
++ arg->vdev_id, arg->addr,
++ arg->peer_reassoc ? "reassociate" : "new");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_10_1_op_gen_peer_assoc(struct ath10k *ar,
++ const struct wmi_peer_assoc_complete_arg *arg)
++{
++ size_t len = sizeof(struct wmi_10_1_peer_assoc_complete_cmd);
++ struct sk_buff *skb;
++ int ret;
++
++ ret = ath10k_wmi_peer_assoc_check_arg(arg);
++ if (ret)
++ return ERR_PTR(ret);
++
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ath10k_wmi_peer_assoc_fill_10_1(ar, skb->data, arg);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi peer assoc vdev %d addr %pM (%s)\n",
++ arg->vdev_id, arg->addr,
++ arg->peer_reassoc ? "reassociate" : "new");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_10_2_op_gen_peer_assoc(struct ath10k *ar,
++ const struct wmi_peer_assoc_complete_arg *arg)
++{
++ size_t len = sizeof(struct wmi_10_2_peer_assoc_complete_cmd);
++ struct sk_buff *skb;
++ int ret;
++
++ ret = ath10k_wmi_peer_assoc_check_arg(arg);
++ if (ret)
++ return ERR_PTR(ret);
++
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ath10k_wmi_peer_assoc_fill_10_2(ar, skb->data, arg);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi peer assoc vdev %d addr %pM (%s)\n",
+ arg->vdev_id, arg->addr,
+ arg->peer_reassoc ? "reassociate" : "new");
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->peer_assoc_cmdid);
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_10_2_op_gen_pdev_get_temperature(struct ath10k *ar)
++{
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, 0);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi pdev get temperature\n");
++ return skb;
+ }
+
+ /* This function assumes the beacon is already DMA mapped */
+-int ath10k_wmi_beacon_send_ref_nowait(struct ath10k_vif *arvif)
++static struct sk_buff *
++ath10k_wmi_op_gen_beacon_dma(struct ath10k *ar, u32 vdev_id, const void *bcn,
++ size_t bcn_len, u32 bcn_paddr, bool dtim_zero,
++ bool deliver_cab)
+ {
+ struct wmi_bcn_tx_ref_cmd *cmd;
+ struct sk_buff *skb;
+- struct sk_buff *beacon = arvif->beacon;
+- struct ath10k *ar = arvif->ar;
+ struct ieee80211_hdr *hdr;
+- int ret;
+ u16 fc;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+- hdr = (struct ieee80211_hdr *)beacon->data;
++ hdr = (struct ieee80211_hdr *)bcn;
+ fc = le16_to_cpu(hdr->frame_control);
+
+ cmd = (struct wmi_bcn_tx_ref_cmd *)skb->data;
+- cmd->vdev_id = __cpu_to_le32(arvif->vdev_id);
+- cmd->data_len = __cpu_to_le32(beacon->len);
+- cmd->data_ptr = __cpu_to_le32(ATH10K_SKB_CB(beacon)->paddr);
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->data_len = __cpu_to_le32(bcn_len);
++ cmd->data_ptr = __cpu_to_le32(bcn_paddr);
+ cmd->msdu_id = 0;
+ cmd->frame_control = __cpu_to_le32(fc);
+ cmd->flags = 0;
++ cmd->antenna_mask = __cpu_to_le32(WMI_BCN_TX_REF_DEF_ANTENNA);
+
+- if (ATH10K_SKB_CB(beacon)->bcn.dtim_zero)
++ if (dtim_zero)
+ cmd->flags |= __cpu_to_le32(WMI_BCN_TX_REF_FLAG_DTIM_ZERO);
+
+- if (ATH10K_SKB_CB(beacon)->bcn.deliver_cab)
++ if (deliver_cab)
+ cmd->flags |= __cpu_to_le32(WMI_BCN_TX_REF_FLAG_DELIVER_CAB);
+
+- ret = ath10k_wmi_cmd_send_nowait(ar, skb,
+- ar->wmi.cmd->pdev_send_bcn_cmdid);
+-
+- if (ret)
+- dev_kfree_skb(skb);
+-
+- return ret;
++ return skb;
+ }
+
+-static void ath10k_wmi_pdev_set_wmm_param(struct wmi_wmm_params *params,
+- const struct wmi_wmm_params_arg *arg)
++void ath10k_wmi_set_wmm_param(struct wmi_wmm_params *params,
++ const struct wmi_wmm_params_arg *arg)
+ {
+ params->cwmin = __cpu_to_le32(arg->cwmin);
+ params->cwmax = __cpu_to_le32(arg->cwmax);
+@@ -3549,76 +4952,81 @@ static void ath10k_wmi_pdev_set_wmm_para
+ params->no_ack = __cpu_to_le32(arg->no_ack);
+ }
+
+-int ath10k_wmi_pdev_set_wmm_params(struct ath10k *ar,
+- const struct wmi_pdev_set_wmm_params_arg *arg)
++static struct sk_buff *
++ath10k_wmi_op_gen_pdev_set_wmm(struct ath10k *ar,
++ const struct wmi_wmm_params_all_arg *arg)
+ {
+ struct wmi_pdev_set_wmm_params *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_pdev_set_wmm_params *)skb->data;
+- ath10k_wmi_pdev_set_wmm_param(&cmd->ac_be, &arg->ac_be);
+- ath10k_wmi_pdev_set_wmm_param(&cmd->ac_bk, &arg->ac_bk);
+- ath10k_wmi_pdev_set_wmm_param(&cmd->ac_vi, &arg->ac_vi);
+- ath10k_wmi_pdev_set_wmm_param(&cmd->ac_vo, &arg->ac_vo);
++ ath10k_wmi_set_wmm_param(&cmd->ac_be, &arg->ac_be);
++ ath10k_wmi_set_wmm_param(&cmd->ac_bk, &arg->ac_bk);
++ ath10k_wmi_set_wmm_param(&cmd->ac_vi, &arg->ac_vi);
++ ath10k_wmi_set_wmm_param(&cmd->ac_vo, &arg->ac_vo);
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi pdev set wmm params\n");
+- return ath10k_wmi_cmd_send(ar, skb,
+- ar->wmi.cmd->pdev_set_wmm_params_cmdid);
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi pdev set wmm params\n");
++ return skb;
+ }
+
+-int ath10k_wmi_request_stats(struct ath10k *ar, enum wmi_stats_id stats_id)
++static struct sk_buff *
++ath10k_wmi_op_gen_request_stats(struct ath10k *ar, u32 stats_mask)
+ {
+ struct wmi_request_stats_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_request_stats_cmd *)skb->data;
+- cmd->stats_id = __cpu_to_le32(stats_id);
++ cmd->stats_id = __cpu_to_le32(stats_mask);
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi request stats %d\n", (int)stats_id);
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->request_stats_cmdid);
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi request stats 0x%08x\n",
++ stats_mask);
++ return skb;
+ }
+
+-int ath10k_wmi_force_fw_hang(struct ath10k *ar,
+- enum wmi_force_fw_hang_type type, u32 delay_ms)
++static struct sk_buff *
++ath10k_wmi_op_gen_force_fw_hang(struct ath10k *ar,
++ enum wmi_force_fw_hang_type type, u32 delay_ms)
+ {
+ struct wmi_force_fw_hang_cmd *cmd;
+ struct sk_buff *skb;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_force_fw_hang_cmd *)skb->data;
+ cmd->type = __cpu_to_le32(type);
+ cmd->delay_ms = __cpu_to_le32(delay_ms);
+
+- ath10k_dbg(ATH10K_DBG_WMI, "wmi force fw hang %d delay %d\n",
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi force fw hang %d delay %d\n",
+ type, delay_ms);
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->force_fw_hang_cmdid);
++ return skb;
+ }
+
+-int ath10k_wmi_dbglog_cfg(struct ath10k *ar, u32 module_enable)
++static struct sk_buff *
++ath10k_wmi_op_gen_dbglog_cfg(struct ath10k *ar, u32 module_enable,
++ u32 log_level)
+ {
+ struct wmi_dbglog_cfg_cmd *cmd;
+ struct sk_buff *skb;
+ u32 cfg;
+
+- skb = ath10k_wmi_alloc_skb(sizeof(*cmd));
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
+ if (!skb)
+- return -ENOMEM;
++ return ERR_PTR(-ENOMEM);
+
+ cmd = (struct wmi_dbglog_cfg_cmd *)skb->data;
+
+ if (module_enable) {
+- cfg = SM(ATH10K_DBGLOG_LEVEL_VERBOSE,
++ cfg = SM(log_level,
+ ATH10K_DBGLOG_CFG_LOG_LVL);
+ } else {
+ /* set back defaults, all modules with WARN level */
+@@ -3632,12 +5040,474 @@ int ath10k_wmi_dbglog_cfg(struct ath10k
+ cmd->config_enable = __cpu_to_le32(cfg);
+ cmd->config_valid = __cpu_to_le32(ATH10K_DBGLOG_CFG_LOG_LVL_MASK);
+
+- ath10k_dbg(ATH10K_DBG_WMI,
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
+ "wmi dbglog cfg modules %08x %08x config %08x %08x\n",
+ __le32_to_cpu(cmd->module_enable),
+ __le32_to_cpu(cmd->module_valid),
+ __le32_to_cpu(cmd->config_enable),
+ __le32_to_cpu(cmd->config_valid));
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_op_gen_pktlog_enable(struct ath10k *ar, u32 ev_bitmap)
++{
++ struct wmi_pdev_pktlog_enable_cmd *cmd;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ev_bitmap &= ATH10K_PKTLOG_ANY;
++
++ cmd = (struct wmi_pdev_pktlog_enable_cmd *)skb->data;
++ cmd->ev_bitmap = __cpu_to_le32(ev_bitmap);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi enable pktlog filter 0x%08x\n",
++ ev_bitmap);
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_op_gen_pktlog_disable(struct ath10k *ar)
++{
++ struct sk_buff *skb;
+
+- return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->dbglog_cfg_cmdid);
++ skb = ath10k_wmi_alloc_skb(ar, 0);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi disable pktlog\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_op_gen_pdev_set_quiet_mode(struct ath10k *ar, u32 period,
++ u32 duration, u32 next_offset,
++ u32 enabled)
++{
++ struct wmi_pdev_set_quiet_cmd *cmd;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ cmd = (struct wmi_pdev_set_quiet_cmd *)skb->data;
++ cmd->period = __cpu_to_le32(period);
++ cmd->duration = __cpu_to_le32(duration);
++ cmd->next_start = __cpu_to_le32(next_offset);
++ cmd->enabled = __cpu_to_le32(enabled);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi quiet param: period %u duration %u enabled %d\n",
++ period, duration, enabled);
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_op_gen_addba_clear_resp(struct ath10k *ar, u32 vdev_id,
++ const u8 *mac)
++{
++ struct wmi_addba_clear_resp_cmd *cmd;
++ struct sk_buff *skb;
++
++ if (!mac)
++ return ERR_PTR(-EINVAL);
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ cmd = (struct wmi_addba_clear_resp_cmd *)skb->data;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ ether_addr_copy(cmd->peer_macaddr.addr, mac);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi addba clear resp vdev_id 0x%X mac_addr %pM\n",
++ vdev_id, mac);
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_op_gen_addba_send(struct ath10k *ar, u32 vdev_id, const u8 *mac,
++ u32 tid, u32 buf_size)
++{
++ struct wmi_addba_send_cmd *cmd;
++ struct sk_buff *skb;
++
++ if (!mac)
++ return ERR_PTR(-EINVAL);
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ cmd = (struct wmi_addba_send_cmd *)skb->data;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ ether_addr_copy(cmd->peer_macaddr.addr, mac);
++ cmd->tid = __cpu_to_le32(tid);
++ cmd->buffersize = __cpu_to_le32(buf_size);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi addba send vdev_id 0x%X mac_addr %pM tid %u bufsize %u\n",
++ vdev_id, mac, tid, buf_size);
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_op_gen_addba_set_resp(struct ath10k *ar, u32 vdev_id, const u8 *mac,
++ u32 tid, u32 status)
++{
++ struct wmi_addba_setresponse_cmd *cmd;
++ struct sk_buff *skb;
++
++ if (!mac)
++ return ERR_PTR(-EINVAL);
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ cmd = (struct wmi_addba_setresponse_cmd *)skb->data;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ ether_addr_copy(cmd->peer_macaddr.addr, mac);
++ cmd->tid = __cpu_to_le32(tid);
++ cmd->statuscode = __cpu_to_le32(status);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi addba set resp vdev_id 0x%X mac_addr %pM tid %u status %u\n",
++ vdev_id, mac, tid, status);
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_op_gen_delba_send(struct ath10k *ar, u32 vdev_id, const u8 *mac,
++ u32 tid, u32 initiator, u32 reason)
++{
++ struct wmi_delba_send_cmd *cmd;
++ struct sk_buff *skb;
++
++ if (!mac)
++ return ERR_PTR(-EINVAL);
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ cmd = (struct wmi_delba_send_cmd *)skb->data;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ ether_addr_copy(cmd->peer_macaddr.addr, mac);
++ cmd->tid = __cpu_to_le32(tid);
++ cmd->initiator = __cpu_to_le32(initiator);
++ cmd->reasoncode = __cpu_to_le32(reason);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi delba send vdev_id 0x%X mac_addr %pM tid %u initiator %u reason %u\n",
++ vdev_id, mac, tid, initiator, reason);
++ return skb;
++}
++
++static const struct wmi_ops wmi_ops = {
++ .rx = ath10k_wmi_op_rx,
++ .map_svc = wmi_main_svc_map,
++
++ .pull_scan = ath10k_wmi_op_pull_scan_ev,
++ .pull_mgmt_rx = ath10k_wmi_op_pull_mgmt_rx_ev,
++ .pull_ch_info = ath10k_wmi_op_pull_ch_info_ev,
++ .pull_vdev_start = ath10k_wmi_op_pull_vdev_start_ev,
++ .pull_peer_kick = ath10k_wmi_op_pull_peer_kick_ev,
++ .pull_swba = ath10k_wmi_op_pull_swba_ev,
++ .pull_phyerr = ath10k_wmi_op_pull_phyerr_ev,
++ .pull_svc_rdy = ath10k_wmi_main_op_pull_svc_rdy_ev,
++ .pull_rdy = ath10k_wmi_op_pull_rdy_ev,
++ .pull_fw_stats = ath10k_wmi_main_op_pull_fw_stats,
++
++ .gen_pdev_suspend = ath10k_wmi_op_gen_pdev_suspend,
++ .gen_pdev_resume = ath10k_wmi_op_gen_pdev_resume,
++ .gen_pdev_set_rd = ath10k_wmi_op_gen_pdev_set_rd,
++ .gen_pdev_set_param = ath10k_wmi_op_gen_pdev_set_param,
++ .gen_init = ath10k_wmi_op_gen_init,
++ .gen_start_scan = ath10k_wmi_op_gen_start_scan,
++ .gen_stop_scan = ath10k_wmi_op_gen_stop_scan,
++ .gen_vdev_create = ath10k_wmi_op_gen_vdev_create,
++ .gen_vdev_delete = ath10k_wmi_op_gen_vdev_delete,
++ .gen_vdev_start = ath10k_wmi_op_gen_vdev_start,
++ .gen_vdev_stop = ath10k_wmi_op_gen_vdev_stop,
++ .gen_vdev_up = ath10k_wmi_op_gen_vdev_up,
++ .gen_vdev_down = ath10k_wmi_op_gen_vdev_down,
++ .gen_vdev_set_param = ath10k_wmi_op_gen_vdev_set_param,
++ .gen_vdev_install_key = ath10k_wmi_op_gen_vdev_install_key,
++ .gen_vdev_spectral_conf = ath10k_wmi_op_gen_vdev_spectral_conf,
++ .gen_vdev_spectral_enable = ath10k_wmi_op_gen_vdev_spectral_enable,
++ /* .gen_vdev_wmm_conf not implemented */
++ .gen_peer_create = ath10k_wmi_op_gen_peer_create,
++ .gen_peer_delete = ath10k_wmi_op_gen_peer_delete,
++ .gen_peer_flush = ath10k_wmi_op_gen_peer_flush,
++ .gen_peer_set_param = ath10k_wmi_op_gen_peer_set_param,
++ .gen_peer_assoc = ath10k_wmi_op_gen_peer_assoc,
++ .gen_set_psmode = ath10k_wmi_op_gen_set_psmode,
++ .gen_set_sta_ps = ath10k_wmi_op_gen_set_sta_ps,
++ .gen_set_ap_ps = ath10k_wmi_op_gen_set_ap_ps,
++ .gen_scan_chan_list = ath10k_wmi_op_gen_scan_chan_list,
++ .gen_beacon_dma = ath10k_wmi_op_gen_beacon_dma,
++ .gen_pdev_set_wmm = ath10k_wmi_op_gen_pdev_set_wmm,
++ .gen_request_stats = ath10k_wmi_op_gen_request_stats,
++ .gen_force_fw_hang = ath10k_wmi_op_gen_force_fw_hang,
++ .gen_mgmt_tx = ath10k_wmi_op_gen_mgmt_tx,
++ .gen_dbglog_cfg = ath10k_wmi_op_gen_dbglog_cfg,
++ .gen_pktlog_enable = ath10k_wmi_op_gen_pktlog_enable,
++ .gen_pktlog_disable = ath10k_wmi_op_gen_pktlog_disable,
++ .gen_pdev_set_quiet_mode = ath10k_wmi_op_gen_pdev_set_quiet_mode,
++ /* .gen_pdev_get_temperature not implemented */
++ .gen_addba_clear_resp = ath10k_wmi_op_gen_addba_clear_resp,
++ .gen_addba_send = ath10k_wmi_op_gen_addba_send,
++ .gen_addba_set_resp = ath10k_wmi_op_gen_addba_set_resp,
++ .gen_delba_send = ath10k_wmi_op_gen_delba_send,
++ /* .gen_bcn_tmpl not implemented */
++ /* .gen_prb_tmpl not implemented */
++ /* .gen_p2p_go_bcn_ie not implemented */
++};
++
++static const struct wmi_ops wmi_10_1_ops = {
++ .rx = ath10k_wmi_10_1_op_rx,
++ .map_svc = wmi_10x_svc_map,
++ .pull_svc_rdy = ath10k_wmi_10x_op_pull_svc_rdy_ev,
++ .pull_fw_stats = ath10k_wmi_10x_op_pull_fw_stats,
++ .gen_init = ath10k_wmi_10_1_op_gen_init,
++ .gen_pdev_set_rd = ath10k_wmi_10x_op_gen_pdev_set_rd,
++ .gen_start_scan = ath10k_wmi_10x_op_gen_start_scan,
++ .gen_peer_assoc = ath10k_wmi_10_1_op_gen_peer_assoc,
++ /* .gen_pdev_get_temperature not implemented */
++
++ /* shared with main branch */
++ .pull_scan = ath10k_wmi_op_pull_scan_ev,
++ .pull_mgmt_rx = ath10k_wmi_op_pull_mgmt_rx_ev,
++ .pull_ch_info = ath10k_wmi_op_pull_ch_info_ev,
++ .pull_vdev_start = ath10k_wmi_op_pull_vdev_start_ev,
++ .pull_peer_kick = ath10k_wmi_op_pull_peer_kick_ev,
++ .pull_swba = ath10k_wmi_op_pull_swba_ev,
++ .pull_phyerr = ath10k_wmi_op_pull_phyerr_ev,
++ .pull_rdy = ath10k_wmi_op_pull_rdy_ev,
++
++ .gen_pdev_suspend = ath10k_wmi_op_gen_pdev_suspend,
++ .gen_pdev_resume = ath10k_wmi_op_gen_pdev_resume,
++ .gen_pdev_set_param = ath10k_wmi_op_gen_pdev_set_param,
++ .gen_stop_scan = ath10k_wmi_op_gen_stop_scan,
++ .gen_vdev_create = ath10k_wmi_op_gen_vdev_create,
++ .gen_vdev_delete = ath10k_wmi_op_gen_vdev_delete,
++ .gen_vdev_start = ath10k_wmi_op_gen_vdev_start,
++ .gen_vdev_stop = ath10k_wmi_op_gen_vdev_stop,
++ .gen_vdev_up = ath10k_wmi_op_gen_vdev_up,
++ .gen_vdev_down = ath10k_wmi_op_gen_vdev_down,
++ .gen_vdev_set_param = ath10k_wmi_op_gen_vdev_set_param,
++ .gen_vdev_install_key = ath10k_wmi_op_gen_vdev_install_key,
++ .gen_vdev_spectral_conf = ath10k_wmi_op_gen_vdev_spectral_conf,
++ .gen_vdev_spectral_enable = ath10k_wmi_op_gen_vdev_spectral_enable,
++ /* .gen_vdev_wmm_conf not implemented */
++ .gen_peer_create = ath10k_wmi_op_gen_peer_create,
++ .gen_peer_delete = ath10k_wmi_op_gen_peer_delete,
++ .gen_peer_flush = ath10k_wmi_op_gen_peer_flush,
++ .gen_peer_set_param = ath10k_wmi_op_gen_peer_set_param,
++ .gen_set_psmode = ath10k_wmi_op_gen_set_psmode,
++ .gen_set_sta_ps = ath10k_wmi_op_gen_set_sta_ps,
++ .gen_set_ap_ps = ath10k_wmi_op_gen_set_ap_ps,
++ .gen_scan_chan_list = ath10k_wmi_op_gen_scan_chan_list,
++ .gen_beacon_dma = ath10k_wmi_op_gen_beacon_dma,
++ .gen_pdev_set_wmm = ath10k_wmi_op_gen_pdev_set_wmm,
++ .gen_request_stats = ath10k_wmi_op_gen_request_stats,
++ .gen_force_fw_hang = ath10k_wmi_op_gen_force_fw_hang,
++ .gen_mgmt_tx = ath10k_wmi_op_gen_mgmt_tx,
++ .gen_dbglog_cfg = ath10k_wmi_op_gen_dbglog_cfg,
++ .gen_pktlog_enable = ath10k_wmi_op_gen_pktlog_enable,
++ .gen_pktlog_disable = ath10k_wmi_op_gen_pktlog_disable,
++ .gen_pdev_set_quiet_mode = ath10k_wmi_op_gen_pdev_set_quiet_mode,
++ .gen_addba_clear_resp = ath10k_wmi_op_gen_addba_clear_resp,
++ .gen_addba_send = ath10k_wmi_op_gen_addba_send,
++ .gen_addba_set_resp = ath10k_wmi_op_gen_addba_set_resp,
++ .gen_delba_send = ath10k_wmi_op_gen_delba_send,
++ /* .gen_bcn_tmpl not implemented */
++ /* .gen_prb_tmpl not implemented */
++ /* .gen_p2p_go_bcn_ie not implemented */
++};
++
++static const struct wmi_ops wmi_10_2_ops = {
++ .rx = ath10k_wmi_10_2_op_rx,
++ .pull_fw_stats = ath10k_wmi_10_2_op_pull_fw_stats,
++ .gen_init = ath10k_wmi_10_2_op_gen_init,
++ .gen_peer_assoc = ath10k_wmi_10_2_op_gen_peer_assoc,
++ /* .gen_pdev_get_temperature not implemented */
++
++ /* shared with 10.1 */
++ .map_svc = wmi_10x_svc_map,
++ .pull_svc_rdy = ath10k_wmi_10x_op_pull_svc_rdy_ev,
++ .gen_pdev_set_rd = ath10k_wmi_10x_op_gen_pdev_set_rd,
++ .gen_start_scan = ath10k_wmi_10x_op_gen_start_scan,
++
++ .pull_scan = ath10k_wmi_op_pull_scan_ev,
++ .pull_mgmt_rx = ath10k_wmi_op_pull_mgmt_rx_ev,
++ .pull_ch_info = ath10k_wmi_op_pull_ch_info_ev,
++ .pull_vdev_start = ath10k_wmi_op_pull_vdev_start_ev,
++ .pull_peer_kick = ath10k_wmi_op_pull_peer_kick_ev,
++ .pull_swba = ath10k_wmi_op_pull_swba_ev,
++ .pull_phyerr = ath10k_wmi_op_pull_phyerr_ev,
++ .pull_rdy = ath10k_wmi_op_pull_rdy_ev,
++
++ .gen_pdev_suspend = ath10k_wmi_op_gen_pdev_suspend,
++ .gen_pdev_resume = ath10k_wmi_op_gen_pdev_resume,
++ .gen_pdev_set_param = ath10k_wmi_op_gen_pdev_set_param,
++ .gen_stop_scan = ath10k_wmi_op_gen_stop_scan,
++ .gen_vdev_create = ath10k_wmi_op_gen_vdev_create,
++ .gen_vdev_delete = ath10k_wmi_op_gen_vdev_delete,
++ .gen_vdev_start = ath10k_wmi_op_gen_vdev_start,
++ .gen_vdev_stop = ath10k_wmi_op_gen_vdev_stop,
++ .gen_vdev_up = ath10k_wmi_op_gen_vdev_up,
++ .gen_vdev_down = ath10k_wmi_op_gen_vdev_down,
++ .gen_vdev_set_param = ath10k_wmi_op_gen_vdev_set_param,
++ .gen_vdev_install_key = ath10k_wmi_op_gen_vdev_install_key,
++ .gen_vdev_spectral_conf = ath10k_wmi_op_gen_vdev_spectral_conf,
++ .gen_vdev_spectral_enable = ath10k_wmi_op_gen_vdev_spectral_enable,
++ /* .gen_vdev_wmm_conf not implemented */
++ .gen_peer_create = ath10k_wmi_op_gen_peer_create,
++ .gen_peer_delete = ath10k_wmi_op_gen_peer_delete,
++ .gen_peer_flush = ath10k_wmi_op_gen_peer_flush,
++ .gen_peer_set_param = ath10k_wmi_op_gen_peer_set_param,
++ .gen_set_psmode = ath10k_wmi_op_gen_set_psmode,
++ .gen_set_sta_ps = ath10k_wmi_op_gen_set_sta_ps,
++ .gen_set_ap_ps = ath10k_wmi_op_gen_set_ap_ps,
++ .gen_scan_chan_list = ath10k_wmi_op_gen_scan_chan_list,
++ .gen_beacon_dma = ath10k_wmi_op_gen_beacon_dma,
++ .gen_pdev_set_wmm = ath10k_wmi_op_gen_pdev_set_wmm,
++ .gen_request_stats = ath10k_wmi_op_gen_request_stats,
++ .gen_force_fw_hang = ath10k_wmi_op_gen_force_fw_hang,
++ .gen_mgmt_tx = ath10k_wmi_op_gen_mgmt_tx,
++ .gen_dbglog_cfg = ath10k_wmi_op_gen_dbglog_cfg,
++ .gen_pktlog_enable = ath10k_wmi_op_gen_pktlog_enable,
++ .gen_pktlog_disable = ath10k_wmi_op_gen_pktlog_disable,
++ .gen_pdev_set_quiet_mode = ath10k_wmi_op_gen_pdev_set_quiet_mode,
++ .gen_addba_clear_resp = ath10k_wmi_op_gen_addba_clear_resp,
++ .gen_addba_send = ath10k_wmi_op_gen_addba_send,
++ .gen_addba_set_resp = ath10k_wmi_op_gen_addba_set_resp,
++ .gen_delba_send = ath10k_wmi_op_gen_delba_send,
++};
++
++static const struct wmi_ops wmi_10_2_4_ops = {
++ .rx = ath10k_wmi_10_2_op_rx,
++ .pull_fw_stats = ath10k_wmi_10_2_4_op_pull_fw_stats,
++ .gen_init = ath10k_wmi_10_2_op_gen_init,
++ .gen_peer_assoc = ath10k_wmi_10_2_op_gen_peer_assoc,
++ .gen_pdev_get_temperature = ath10k_wmi_10_2_op_gen_pdev_get_temperature,
++
++ /* shared with 10.1 */
++ .map_svc = wmi_10x_svc_map,
++ .pull_svc_rdy = ath10k_wmi_10x_op_pull_svc_rdy_ev,
++ .gen_pdev_set_rd = ath10k_wmi_10x_op_gen_pdev_set_rd,
++ .gen_start_scan = ath10k_wmi_10x_op_gen_start_scan,
++
++ .pull_scan = ath10k_wmi_op_pull_scan_ev,
++ .pull_mgmt_rx = ath10k_wmi_op_pull_mgmt_rx_ev,
++ .pull_ch_info = ath10k_wmi_op_pull_ch_info_ev,
++ .pull_vdev_start = ath10k_wmi_op_pull_vdev_start_ev,
++ .pull_peer_kick = ath10k_wmi_op_pull_peer_kick_ev,
++ .pull_swba = ath10k_wmi_op_pull_swba_ev,
++ .pull_phyerr = ath10k_wmi_op_pull_phyerr_ev,
++ .pull_rdy = ath10k_wmi_op_pull_rdy_ev,
++
++ .gen_pdev_suspend = ath10k_wmi_op_gen_pdev_suspend,
++ .gen_pdev_resume = ath10k_wmi_op_gen_pdev_resume,
++ .gen_pdev_set_param = ath10k_wmi_op_gen_pdev_set_param,
++ .gen_stop_scan = ath10k_wmi_op_gen_stop_scan,
++ .gen_vdev_create = ath10k_wmi_op_gen_vdev_create,
++ .gen_vdev_delete = ath10k_wmi_op_gen_vdev_delete,
++ .gen_vdev_start = ath10k_wmi_op_gen_vdev_start,
++ .gen_vdev_stop = ath10k_wmi_op_gen_vdev_stop,
++ .gen_vdev_up = ath10k_wmi_op_gen_vdev_up,
++ .gen_vdev_down = ath10k_wmi_op_gen_vdev_down,
++ .gen_vdev_set_param = ath10k_wmi_op_gen_vdev_set_param,
++ .gen_vdev_install_key = ath10k_wmi_op_gen_vdev_install_key,
++ .gen_vdev_spectral_conf = ath10k_wmi_op_gen_vdev_spectral_conf,
++ .gen_vdev_spectral_enable = ath10k_wmi_op_gen_vdev_spectral_enable,
++ .gen_peer_create = ath10k_wmi_op_gen_peer_create,
++ .gen_peer_delete = ath10k_wmi_op_gen_peer_delete,
++ .gen_peer_flush = ath10k_wmi_op_gen_peer_flush,
++ .gen_peer_set_param = ath10k_wmi_op_gen_peer_set_param,
++ .gen_set_psmode = ath10k_wmi_op_gen_set_psmode,
++ .gen_set_sta_ps = ath10k_wmi_op_gen_set_sta_ps,
++ .gen_set_ap_ps = ath10k_wmi_op_gen_set_ap_ps,
++ .gen_scan_chan_list = ath10k_wmi_op_gen_scan_chan_list,
++ .gen_beacon_dma = ath10k_wmi_op_gen_beacon_dma,
++ .gen_pdev_set_wmm = ath10k_wmi_op_gen_pdev_set_wmm,
++ .gen_request_stats = ath10k_wmi_op_gen_request_stats,
++ .gen_force_fw_hang = ath10k_wmi_op_gen_force_fw_hang,
++ .gen_mgmt_tx = ath10k_wmi_op_gen_mgmt_tx,
++ .gen_dbglog_cfg = ath10k_wmi_op_gen_dbglog_cfg,
++ .gen_pktlog_enable = ath10k_wmi_op_gen_pktlog_enable,
++ .gen_pktlog_disable = ath10k_wmi_op_gen_pktlog_disable,
++ .gen_pdev_set_quiet_mode = ath10k_wmi_op_gen_pdev_set_quiet_mode,
++ .gen_addba_clear_resp = ath10k_wmi_op_gen_addba_clear_resp,
++ .gen_addba_send = ath10k_wmi_op_gen_addba_send,
++ .gen_addba_set_resp = ath10k_wmi_op_gen_addba_set_resp,
++ .gen_delba_send = ath10k_wmi_op_gen_delba_send,
++ /* .gen_bcn_tmpl not implemented */
++ /* .gen_prb_tmpl not implemented */
++ /* .gen_p2p_go_bcn_ie not implemented */
++};
++
++int ath10k_wmi_attach(struct ath10k *ar)
++{
++ switch (ar->wmi.op_version) {
++ case ATH10K_FW_WMI_OP_VERSION_10_2_4:
++ ar->wmi.cmd = &wmi_10_2_4_cmd_map;
++ ar->wmi.ops = &wmi_10_2_4_ops;
++ ar->wmi.vdev_param = &wmi_10_2_4_vdev_param_map;
++ ar->wmi.pdev_param = &wmi_10_2_4_pdev_param_map;
++ break;
++ case ATH10K_FW_WMI_OP_VERSION_10_2:
++ ar->wmi.cmd = &wmi_10_2_cmd_map;
++ ar->wmi.ops = &wmi_10_2_ops;
++ ar->wmi.vdev_param = &wmi_10x_vdev_param_map;
++ ar->wmi.pdev_param = &wmi_10x_pdev_param_map;
++ break;
++ case ATH10K_FW_WMI_OP_VERSION_10_1:
++ ar->wmi.cmd = &wmi_10x_cmd_map;
++ ar->wmi.ops = &wmi_10_1_ops;
++ ar->wmi.vdev_param = &wmi_10x_vdev_param_map;
++ ar->wmi.pdev_param = &wmi_10x_pdev_param_map;
++ break;
++ case ATH10K_FW_WMI_OP_VERSION_MAIN:
++ ar->wmi.cmd = &wmi_cmd_map;
++ ar->wmi.ops = &wmi_ops;
++ ar->wmi.vdev_param = &wmi_vdev_param_map;
++ ar->wmi.pdev_param = &wmi_pdev_param_map;
++ break;
++ case ATH10K_FW_WMI_OP_VERSION_TLV:
++ ath10k_wmi_tlv_attach(ar);
++ break;
++ case ATH10K_FW_WMI_OP_VERSION_UNSET:
++ case ATH10K_FW_WMI_OP_VERSION_MAX:
++ ath10k_err(ar, "unsupported WMI op version: %d\n",
++ ar->wmi.op_version);
++ return -EINVAL;
++ }
++
++ init_completion(&ar->wmi.service_ready);
++ init_completion(&ar->wmi.unified_ready);
++
++ return 0;
++}
++
++void ath10k_wmi_detach(struct ath10k *ar)
++{
++ int i;
++
++ /* free the host memory chunks requested by firmware */
++ for (i = 0; i < ar->wmi.num_mem_chunks; i++) {
++ dma_free_coherent(ar->dev,
++ ar->wmi.mem_chunks[i].len,
++ ar->wmi.mem_chunks[i].vaddr,
++ ar->wmi.mem_chunks[i].paddr);
++ }
++
++ ar->wmi.num_mem_chunks = 0;
+ }
+--- a/drivers/net/wireless/ath/ath10k/wmi.h
++++ b/drivers/net/wireless/ath/ath10k/wmi.h
+@@ -73,119 +73,361 @@ struct wmi_cmd_hdr {
+ #define HTC_PROTOCOL_VERSION 0x0002
+ #define WMI_PROTOCOL_VERSION 0x0002
+
+-enum wmi_service_id {
+- WMI_SERVICE_BEACON_OFFLOAD = 0, /* beacon offload */
+- WMI_SERVICE_SCAN_OFFLOAD, /* scan offload */
+- WMI_SERVICE_ROAM_OFFLOAD, /* roam offload */
+- WMI_SERVICE_BCN_MISS_OFFLOAD, /* beacon miss offload */
+- WMI_SERVICE_STA_PWRSAVE, /* fake sleep + basic power save */
+- WMI_SERVICE_STA_ADVANCED_PWRSAVE, /* uapsd, pspoll, force sleep */
+- WMI_SERVICE_AP_UAPSD, /* uapsd on AP */
+- WMI_SERVICE_AP_DFS, /* DFS on AP */
+- WMI_SERVICE_11AC, /* supports 11ac */
+- WMI_SERVICE_BLOCKACK, /* Supports triggering ADDBA/DELBA from host*/
+- WMI_SERVICE_PHYERR, /* PHY error */
+- WMI_SERVICE_BCN_FILTER, /* Beacon filter support */
+- WMI_SERVICE_RTT, /* RTT (round trip time) support */
+- WMI_SERVICE_RATECTRL, /* Rate-control */
+- WMI_SERVICE_WOW, /* WOW Support */
+- WMI_SERVICE_RATECTRL_CACHE, /* Rate-control caching */
+- WMI_SERVICE_IRAM_TIDS, /* TIDs in IRAM */
+- WMI_SERVICE_ARPNS_OFFLOAD, /* ARP NS Offload support */
+- WMI_SERVICE_NLO, /* Network list offload service */
+- WMI_SERVICE_GTK_OFFLOAD, /* GTK offload */
+- WMI_SERVICE_SCAN_SCH, /* Scan Scheduler Service */
+- WMI_SERVICE_CSA_OFFLOAD, /* CSA offload service */
+- WMI_SERVICE_CHATTER, /* Chatter service */
+- WMI_SERVICE_COEX_FREQAVOID, /* FW report freq range to avoid */
+- WMI_SERVICE_PACKET_POWER_SAVE, /* packet power save service */
+- WMI_SERVICE_FORCE_FW_HANG, /* To test fw recovery mechanism */
+- WMI_SERVICE_GPIO, /* GPIO service */
+- WMI_SERVICE_STA_DTIM_PS_MODULATED_DTIM, /* Modulated DTIM support */
+- WMI_STA_UAPSD_BASIC_AUTO_TRIG, /* UAPSD AC Trigger Generation */
+- WMI_STA_UAPSD_VAR_AUTO_TRIG, /* -do- */
+- WMI_SERVICE_STA_KEEP_ALIVE, /* STA keep alive mechanism support */
+- WMI_SERVICE_TX_ENCAP, /* Packet type for TX encapsulation */
+-
+- WMI_SERVICE_LAST,
+- WMI_MAX_SERVICE = 64 /* max service */
++enum wmi_service {
++ WMI_SERVICE_BEACON_OFFLOAD = 0,
++ WMI_SERVICE_SCAN_OFFLOAD,
++ WMI_SERVICE_ROAM_OFFLOAD,
++ WMI_SERVICE_BCN_MISS_OFFLOAD,
++ WMI_SERVICE_STA_PWRSAVE,
++ WMI_SERVICE_STA_ADVANCED_PWRSAVE,
++ WMI_SERVICE_AP_UAPSD,
++ WMI_SERVICE_AP_DFS,
++ WMI_SERVICE_11AC,
++ WMI_SERVICE_BLOCKACK,
++ WMI_SERVICE_PHYERR,
++ WMI_SERVICE_BCN_FILTER,
++ WMI_SERVICE_RTT,
++ WMI_SERVICE_RATECTRL,
++ WMI_SERVICE_WOW,
++ WMI_SERVICE_RATECTRL_CACHE,
++ WMI_SERVICE_IRAM_TIDS,
++ WMI_SERVICE_ARPNS_OFFLOAD,
++ WMI_SERVICE_NLO,
++ WMI_SERVICE_GTK_OFFLOAD,
++ WMI_SERVICE_SCAN_SCH,
++ WMI_SERVICE_CSA_OFFLOAD,
++ WMI_SERVICE_CHATTER,
++ WMI_SERVICE_COEX_FREQAVOID,
++ WMI_SERVICE_PACKET_POWER_SAVE,
++ WMI_SERVICE_FORCE_FW_HANG,
++ WMI_SERVICE_GPIO,
++ WMI_SERVICE_STA_DTIM_PS_MODULATED_DTIM,
++ WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG,
++ WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG,
++ WMI_SERVICE_STA_KEEP_ALIVE,
++ WMI_SERVICE_TX_ENCAP,
++ WMI_SERVICE_BURST,
++ WMI_SERVICE_SMART_ANTENNA_SW_SUPPORT,
++ WMI_SERVICE_SMART_ANTENNA_HW_SUPPORT,
++ WMI_SERVICE_ROAM_SCAN_OFFLOAD,
++ WMI_SERVICE_AP_PS_DETECT_OUT_OF_SYNC,
++ WMI_SERVICE_EARLY_RX,
++ WMI_SERVICE_STA_SMPS,
++ WMI_SERVICE_FWTEST,
++ WMI_SERVICE_STA_WMMAC,
++ WMI_SERVICE_TDLS,
++ WMI_SERVICE_MCC_BCN_INTERVAL_CHANGE,
++ WMI_SERVICE_ADAPTIVE_OCS,
++ WMI_SERVICE_BA_SSN_SUPPORT,
++ WMI_SERVICE_FILTER_IPSEC_NATKEEPALIVE,
++ WMI_SERVICE_WLAN_HB,
++ WMI_SERVICE_LTE_ANT_SHARE_SUPPORT,
++ WMI_SERVICE_BATCH_SCAN,
++ WMI_SERVICE_QPOWER,
++ WMI_SERVICE_PLMREQ,
++ WMI_SERVICE_THERMAL_MGMT,
++ WMI_SERVICE_RMC,
++ WMI_SERVICE_MHF_OFFLOAD,
++ WMI_SERVICE_COEX_SAR,
++ WMI_SERVICE_BCN_TXRATE_OVERRIDE,
++ WMI_SERVICE_NAN,
++ WMI_SERVICE_L1SS_STAT,
++ WMI_SERVICE_ESTIMATE_LINKSPEED,
++ WMI_SERVICE_OBSS_SCAN,
++ WMI_SERVICE_TDLS_OFFCHAN,
++ WMI_SERVICE_TDLS_UAPSD_BUFFER_STA,
++ WMI_SERVICE_TDLS_UAPSD_SLEEP_STA,
++ WMI_SERVICE_IBSS_PWRSAVE,
++ WMI_SERVICE_LPASS,
++ WMI_SERVICE_EXTSCAN,
++ WMI_SERVICE_D0WOW,
++ WMI_SERVICE_HSOFFLOAD,
++ WMI_SERVICE_ROAM_HO_OFFLOAD,
++ WMI_SERVICE_RX_FULL_REORDER,
++ WMI_SERVICE_DHCP_OFFLOAD,
++ WMI_SERVICE_STA_RX_IPA_OFFLOAD_SUPPORT,
++ WMI_SERVICE_MDNS_OFFLOAD,
++ WMI_SERVICE_SAP_AUTH_OFFLOAD,
++
++ /* keep last */
++ WMI_SERVICE_MAX,
++};
++
++enum wmi_10x_service {
++ WMI_10X_SERVICE_BEACON_OFFLOAD = 0,
++ WMI_10X_SERVICE_SCAN_OFFLOAD,
++ WMI_10X_SERVICE_ROAM_OFFLOAD,
++ WMI_10X_SERVICE_BCN_MISS_OFFLOAD,
++ WMI_10X_SERVICE_STA_PWRSAVE,
++ WMI_10X_SERVICE_STA_ADVANCED_PWRSAVE,
++ WMI_10X_SERVICE_AP_UAPSD,
++ WMI_10X_SERVICE_AP_DFS,
++ WMI_10X_SERVICE_11AC,
++ WMI_10X_SERVICE_BLOCKACK,
++ WMI_10X_SERVICE_PHYERR,
++ WMI_10X_SERVICE_BCN_FILTER,
++ WMI_10X_SERVICE_RTT,
++ WMI_10X_SERVICE_RATECTRL,
++ WMI_10X_SERVICE_WOW,
++ WMI_10X_SERVICE_RATECTRL_CACHE,
++ WMI_10X_SERVICE_IRAM_TIDS,
++ WMI_10X_SERVICE_BURST,
++
++ /* introduced in 10.2 */
++ WMI_10X_SERVICE_SMART_ANTENNA_SW_SUPPORT,
++ WMI_10X_SERVICE_FORCE_FW_HANG,
++ WMI_10X_SERVICE_SMART_ANTENNA_HW_SUPPORT,
++};
++
++enum wmi_main_service {
++ WMI_MAIN_SERVICE_BEACON_OFFLOAD = 0,
++ WMI_MAIN_SERVICE_SCAN_OFFLOAD,
++ WMI_MAIN_SERVICE_ROAM_OFFLOAD,
++ WMI_MAIN_SERVICE_BCN_MISS_OFFLOAD,
++ WMI_MAIN_SERVICE_STA_PWRSAVE,
++ WMI_MAIN_SERVICE_STA_ADVANCED_PWRSAVE,
++ WMI_MAIN_SERVICE_AP_UAPSD,
++ WMI_MAIN_SERVICE_AP_DFS,
++ WMI_MAIN_SERVICE_11AC,
++ WMI_MAIN_SERVICE_BLOCKACK,
++ WMI_MAIN_SERVICE_PHYERR,
++ WMI_MAIN_SERVICE_BCN_FILTER,
++ WMI_MAIN_SERVICE_RTT,
++ WMI_MAIN_SERVICE_RATECTRL,
++ WMI_MAIN_SERVICE_WOW,
++ WMI_MAIN_SERVICE_RATECTRL_CACHE,
++ WMI_MAIN_SERVICE_IRAM_TIDS,
++ WMI_MAIN_SERVICE_ARPNS_OFFLOAD,
++ WMI_MAIN_SERVICE_NLO,
++ WMI_MAIN_SERVICE_GTK_OFFLOAD,
++ WMI_MAIN_SERVICE_SCAN_SCH,
++ WMI_MAIN_SERVICE_CSA_OFFLOAD,
++ WMI_MAIN_SERVICE_CHATTER,
++ WMI_MAIN_SERVICE_COEX_FREQAVOID,
++ WMI_MAIN_SERVICE_PACKET_POWER_SAVE,
++ WMI_MAIN_SERVICE_FORCE_FW_HANG,
++ WMI_MAIN_SERVICE_GPIO,
++ WMI_MAIN_SERVICE_STA_DTIM_PS_MODULATED_DTIM,
++ WMI_MAIN_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG,
++ WMI_MAIN_SERVICE_STA_UAPSD_VAR_AUTO_TRIG,
++ WMI_MAIN_SERVICE_STA_KEEP_ALIVE,
++ WMI_MAIN_SERVICE_TX_ENCAP,
+ };
+
+ static inline char *wmi_service_name(int service_id)
+ {
++#define SVCSTR(x) case x: return #x
++
+ switch (service_id) {
+- case WMI_SERVICE_BEACON_OFFLOAD:
+- return "BEACON_OFFLOAD";
+- case WMI_SERVICE_SCAN_OFFLOAD:
+- return "SCAN_OFFLOAD";
+- case WMI_SERVICE_ROAM_OFFLOAD:
+- return "ROAM_OFFLOAD";
+- case WMI_SERVICE_BCN_MISS_OFFLOAD:
+- return "BCN_MISS_OFFLOAD";
+- case WMI_SERVICE_STA_PWRSAVE:
+- return "STA_PWRSAVE";
+- case WMI_SERVICE_STA_ADVANCED_PWRSAVE:
+- return "STA_ADVANCED_PWRSAVE";
+- case WMI_SERVICE_AP_UAPSD:
+- return "AP_UAPSD";
+- case WMI_SERVICE_AP_DFS:
+- return "AP_DFS";
+- case WMI_SERVICE_11AC:
+- return "11AC";
+- case WMI_SERVICE_BLOCKACK:
+- return "BLOCKACK";
+- case WMI_SERVICE_PHYERR:
+- return "PHYERR";
+- case WMI_SERVICE_BCN_FILTER:
+- return "BCN_FILTER";
+- case WMI_SERVICE_RTT:
+- return "RTT";
+- case WMI_SERVICE_RATECTRL:
+- return "RATECTRL";
+- case WMI_SERVICE_WOW:
+- return "WOW";
+- case WMI_SERVICE_RATECTRL_CACHE:
+- return "RATECTRL CACHE";
+- case WMI_SERVICE_IRAM_TIDS:
+- return "IRAM TIDS";
+- case WMI_SERVICE_ARPNS_OFFLOAD:
+- return "ARPNS_OFFLOAD";
+- case WMI_SERVICE_NLO:
+- return "NLO";
+- case WMI_SERVICE_GTK_OFFLOAD:
+- return "GTK_OFFLOAD";
+- case WMI_SERVICE_SCAN_SCH:
+- return "SCAN_SCH";
+- case WMI_SERVICE_CSA_OFFLOAD:
+- return "CSA_OFFLOAD";
+- case WMI_SERVICE_CHATTER:
+- return "CHATTER";
+- case WMI_SERVICE_COEX_FREQAVOID:
+- return "COEX_FREQAVOID";
+- case WMI_SERVICE_PACKET_POWER_SAVE:
+- return "PACKET_POWER_SAVE";
+- case WMI_SERVICE_FORCE_FW_HANG:
+- return "FORCE FW HANG";
+- case WMI_SERVICE_GPIO:
+- return "GPIO";
+- case WMI_SERVICE_STA_DTIM_PS_MODULATED_DTIM:
+- return "MODULATED DTIM";
+- case WMI_STA_UAPSD_BASIC_AUTO_TRIG:
+- return "BASIC UAPSD";
+- case WMI_STA_UAPSD_VAR_AUTO_TRIG:
+- return "VAR UAPSD";
+- case WMI_SERVICE_STA_KEEP_ALIVE:
+- return "STA KEEP ALIVE";
+- case WMI_SERVICE_TX_ENCAP:
+- return "TX ENCAP";
++ SVCSTR(WMI_SERVICE_BEACON_OFFLOAD);
++ SVCSTR(WMI_SERVICE_SCAN_OFFLOAD);
++ SVCSTR(WMI_SERVICE_ROAM_OFFLOAD);
++ SVCSTR(WMI_SERVICE_BCN_MISS_OFFLOAD);
++ SVCSTR(WMI_SERVICE_STA_PWRSAVE);
++ SVCSTR(WMI_SERVICE_STA_ADVANCED_PWRSAVE);
++ SVCSTR(WMI_SERVICE_AP_UAPSD);
++ SVCSTR(WMI_SERVICE_AP_DFS);
++ SVCSTR(WMI_SERVICE_11AC);
++ SVCSTR(WMI_SERVICE_BLOCKACK);
++ SVCSTR(WMI_SERVICE_PHYERR);
++ SVCSTR(WMI_SERVICE_BCN_FILTER);
++ SVCSTR(WMI_SERVICE_RTT);
++ SVCSTR(WMI_SERVICE_RATECTRL);
++ SVCSTR(WMI_SERVICE_WOW);
++ SVCSTR(WMI_SERVICE_RATECTRL_CACHE);
++ SVCSTR(WMI_SERVICE_IRAM_TIDS);
++ SVCSTR(WMI_SERVICE_ARPNS_OFFLOAD);
++ SVCSTR(WMI_SERVICE_NLO);
++ SVCSTR(WMI_SERVICE_GTK_OFFLOAD);
++ SVCSTR(WMI_SERVICE_SCAN_SCH);
++ SVCSTR(WMI_SERVICE_CSA_OFFLOAD);
++ SVCSTR(WMI_SERVICE_CHATTER);
++ SVCSTR(WMI_SERVICE_COEX_FREQAVOID);
++ SVCSTR(WMI_SERVICE_PACKET_POWER_SAVE);
++ SVCSTR(WMI_SERVICE_FORCE_FW_HANG);
++ SVCSTR(WMI_SERVICE_GPIO);
++ SVCSTR(WMI_SERVICE_STA_DTIM_PS_MODULATED_DTIM);
++ SVCSTR(WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG);
++ SVCSTR(WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG);
++ SVCSTR(WMI_SERVICE_STA_KEEP_ALIVE);
++ SVCSTR(WMI_SERVICE_TX_ENCAP);
++ SVCSTR(WMI_SERVICE_BURST);
++ SVCSTR(WMI_SERVICE_SMART_ANTENNA_SW_SUPPORT);
++ SVCSTR(WMI_SERVICE_SMART_ANTENNA_HW_SUPPORT);
++ SVCSTR(WMI_SERVICE_ROAM_SCAN_OFFLOAD);
++ SVCSTR(WMI_SERVICE_AP_PS_DETECT_OUT_OF_SYNC);
++ SVCSTR(WMI_SERVICE_EARLY_RX);
++ SVCSTR(WMI_SERVICE_STA_SMPS);
++ SVCSTR(WMI_SERVICE_FWTEST);
++ SVCSTR(WMI_SERVICE_STA_WMMAC);
++ SVCSTR(WMI_SERVICE_TDLS);
++ SVCSTR(WMI_SERVICE_MCC_BCN_INTERVAL_CHANGE);
++ SVCSTR(WMI_SERVICE_ADAPTIVE_OCS);
++ SVCSTR(WMI_SERVICE_BA_SSN_SUPPORT);
++ SVCSTR(WMI_SERVICE_FILTER_IPSEC_NATKEEPALIVE);
++ SVCSTR(WMI_SERVICE_WLAN_HB);
++ SVCSTR(WMI_SERVICE_LTE_ANT_SHARE_SUPPORT);
++ SVCSTR(WMI_SERVICE_BATCH_SCAN);
++ SVCSTR(WMI_SERVICE_QPOWER);
++ SVCSTR(WMI_SERVICE_PLMREQ);
++ SVCSTR(WMI_SERVICE_THERMAL_MGMT);
++ SVCSTR(WMI_SERVICE_RMC);
++ SVCSTR(WMI_SERVICE_MHF_OFFLOAD);
++ SVCSTR(WMI_SERVICE_COEX_SAR);
++ SVCSTR(WMI_SERVICE_BCN_TXRATE_OVERRIDE);
++ SVCSTR(WMI_SERVICE_NAN);
++ SVCSTR(WMI_SERVICE_L1SS_STAT);
++ SVCSTR(WMI_SERVICE_ESTIMATE_LINKSPEED);
++ SVCSTR(WMI_SERVICE_OBSS_SCAN);
++ SVCSTR(WMI_SERVICE_TDLS_OFFCHAN);
++ SVCSTR(WMI_SERVICE_TDLS_UAPSD_BUFFER_STA);
++ SVCSTR(WMI_SERVICE_TDLS_UAPSD_SLEEP_STA);
++ SVCSTR(WMI_SERVICE_IBSS_PWRSAVE);
++ SVCSTR(WMI_SERVICE_LPASS);
++ SVCSTR(WMI_SERVICE_EXTSCAN);
++ SVCSTR(WMI_SERVICE_D0WOW);
++ SVCSTR(WMI_SERVICE_HSOFFLOAD);
++ SVCSTR(WMI_SERVICE_ROAM_HO_OFFLOAD);
++ SVCSTR(WMI_SERVICE_RX_FULL_REORDER);
++ SVCSTR(WMI_SERVICE_DHCP_OFFLOAD);
++ SVCSTR(WMI_SERVICE_STA_RX_IPA_OFFLOAD_SUPPORT);
++ SVCSTR(WMI_SERVICE_MDNS_OFFLOAD);
++ SVCSTR(WMI_SERVICE_SAP_AUTH_OFFLOAD);
+ default:
+- return "UNKNOWN SERVICE\n";
++ return NULL;
+ }
++
++#undef SVCSTR
+ }
+
++#define WMI_SERVICE_IS_ENABLED(wmi_svc_bmap, svc_id, len) \
++ ((svc_id) < (len) && \
++ __le32_to_cpu((wmi_svc_bmap)[(svc_id)/(sizeof(u32))]) & \
++ BIT((svc_id)%(sizeof(u32))))
++
++#define SVCMAP(x, y, len) \
++ do { \
++ if (WMI_SERVICE_IS_ENABLED((in), (x), (len))) \
++ __set_bit(y, out); \
++ } while (0)
++
++static inline void wmi_10x_svc_map(const __le32 *in, unsigned long *out,
++ size_t len)
++{
++ SVCMAP(WMI_10X_SERVICE_BEACON_OFFLOAD,
++ WMI_SERVICE_BEACON_OFFLOAD, len);
++ SVCMAP(WMI_10X_SERVICE_SCAN_OFFLOAD,
++ WMI_SERVICE_SCAN_OFFLOAD, len);
++ SVCMAP(WMI_10X_SERVICE_ROAM_OFFLOAD,
++ WMI_SERVICE_ROAM_OFFLOAD, len);
++ SVCMAP(WMI_10X_SERVICE_BCN_MISS_OFFLOAD,
++ WMI_SERVICE_BCN_MISS_OFFLOAD, len);
++ SVCMAP(WMI_10X_SERVICE_STA_PWRSAVE,
++ WMI_SERVICE_STA_PWRSAVE, len);
++ SVCMAP(WMI_10X_SERVICE_STA_ADVANCED_PWRSAVE,
++ WMI_SERVICE_STA_ADVANCED_PWRSAVE, len);
++ SVCMAP(WMI_10X_SERVICE_AP_UAPSD,
++ WMI_SERVICE_AP_UAPSD, len);
++ SVCMAP(WMI_10X_SERVICE_AP_DFS,
++ WMI_SERVICE_AP_DFS, len);
++ SVCMAP(WMI_10X_SERVICE_11AC,
++ WMI_SERVICE_11AC, len);
++ SVCMAP(WMI_10X_SERVICE_BLOCKACK,
++ WMI_SERVICE_BLOCKACK, len);
++ SVCMAP(WMI_10X_SERVICE_PHYERR,
++ WMI_SERVICE_PHYERR, len);
++ SVCMAP(WMI_10X_SERVICE_BCN_FILTER,
++ WMI_SERVICE_BCN_FILTER, len);
++ SVCMAP(WMI_10X_SERVICE_RTT,
++ WMI_SERVICE_RTT, len);
++ SVCMAP(WMI_10X_SERVICE_RATECTRL,
++ WMI_SERVICE_RATECTRL, len);
++ SVCMAP(WMI_10X_SERVICE_WOW,
++ WMI_SERVICE_WOW, len);
++ SVCMAP(WMI_10X_SERVICE_RATECTRL_CACHE,
++ WMI_SERVICE_RATECTRL_CACHE, len);
++ SVCMAP(WMI_10X_SERVICE_IRAM_TIDS,
++ WMI_SERVICE_IRAM_TIDS, len);
++ SVCMAP(WMI_10X_SERVICE_BURST,
++ WMI_SERVICE_BURST, len);
++ SVCMAP(WMI_10X_SERVICE_SMART_ANTENNA_SW_SUPPORT,
++ WMI_SERVICE_SMART_ANTENNA_SW_SUPPORT, len);
++ SVCMAP(WMI_10X_SERVICE_FORCE_FW_HANG,
++ WMI_SERVICE_FORCE_FW_HANG, len);
++ SVCMAP(WMI_10X_SERVICE_SMART_ANTENNA_HW_SUPPORT,
++ WMI_SERVICE_SMART_ANTENNA_HW_SUPPORT, len);
++}
++
++static inline void wmi_main_svc_map(const __le32 *in, unsigned long *out,
++ size_t len)
++{
++ SVCMAP(WMI_MAIN_SERVICE_BEACON_OFFLOAD,
++ WMI_SERVICE_BEACON_OFFLOAD, len);
++ SVCMAP(WMI_MAIN_SERVICE_SCAN_OFFLOAD,
++ WMI_SERVICE_SCAN_OFFLOAD, len);
++ SVCMAP(WMI_MAIN_SERVICE_ROAM_OFFLOAD,
++ WMI_SERVICE_ROAM_OFFLOAD, len);
++ SVCMAP(WMI_MAIN_SERVICE_BCN_MISS_OFFLOAD,
++ WMI_SERVICE_BCN_MISS_OFFLOAD, len);
++ SVCMAP(WMI_MAIN_SERVICE_STA_PWRSAVE,
++ WMI_SERVICE_STA_PWRSAVE, len);
++ SVCMAP(WMI_MAIN_SERVICE_STA_ADVANCED_PWRSAVE,
++ WMI_SERVICE_STA_ADVANCED_PWRSAVE, len);
++ SVCMAP(WMI_MAIN_SERVICE_AP_UAPSD,
++ WMI_SERVICE_AP_UAPSD, len);
++ SVCMAP(WMI_MAIN_SERVICE_AP_DFS,
++ WMI_SERVICE_AP_DFS, len);
++ SVCMAP(WMI_MAIN_SERVICE_11AC,
++ WMI_SERVICE_11AC, len);
++ SVCMAP(WMI_MAIN_SERVICE_BLOCKACK,
++ WMI_SERVICE_BLOCKACK, len);
++ SVCMAP(WMI_MAIN_SERVICE_PHYERR,
++ WMI_SERVICE_PHYERR, len);
++ SVCMAP(WMI_MAIN_SERVICE_BCN_FILTER,
++ WMI_SERVICE_BCN_FILTER, len);
++ SVCMAP(WMI_MAIN_SERVICE_RTT,
++ WMI_SERVICE_RTT, len);
++ SVCMAP(WMI_MAIN_SERVICE_RATECTRL,
++ WMI_SERVICE_RATECTRL, len);
++ SVCMAP(WMI_MAIN_SERVICE_WOW,
++ WMI_SERVICE_WOW, len);
++ SVCMAP(WMI_MAIN_SERVICE_RATECTRL_CACHE,
++ WMI_SERVICE_RATECTRL_CACHE, len);
++ SVCMAP(WMI_MAIN_SERVICE_IRAM_TIDS,
++ WMI_SERVICE_IRAM_TIDS, len);
++ SVCMAP(WMI_MAIN_SERVICE_ARPNS_OFFLOAD,
++ WMI_SERVICE_ARPNS_OFFLOAD, len);
++ SVCMAP(WMI_MAIN_SERVICE_NLO,
++ WMI_SERVICE_NLO, len);
++ SVCMAP(WMI_MAIN_SERVICE_GTK_OFFLOAD,
++ WMI_SERVICE_GTK_OFFLOAD, len);
++ SVCMAP(WMI_MAIN_SERVICE_SCAN_SCH,
++ WMI_SERVICE_SCAN_SCH, len);
++ SVCMAP(WMI_MAIN_SERVICE_CSA_OFFLOAD,
++ WMI_SERVICE_CSA_OFFLOAD, len);
++ SVCMAP(WMI_MAIN_SERVICE_CHATTER,
++ WMI_SERVICE_CHATTER, len);
++ SVCMAP(WMI_MAIN_SERVICE_COEX_FREQAVOID,
++ WMI_SERVICE_COEX_FREQAVOID, len);
++ SVCMAP(WMI_MAIN_SERVICE_PACKET_POWER_SAVE,
++ WMI_SERVICE_PACKET_POWER_SAVE, len);
++ SVCMAP(WMI_MAIN_SERVICE_FORCE_FW_HANG,
++ WMI_SERVICE_FORCE_FW_HANG, len);
++ SVCMAP(WMI_MAIN_SERVICE_GPIO,
++ WMI_SERVICE_GPIO, len);
++ SVCMAP(WMI_MAIN_SERVICE_STA_DTIM_PS_MODULATED_DTIM,
++ WMI_SERVICE_STA_DTIM_PS_MODULATED_DTIM, len);
++ SVCMAP(WMI_MAIN_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG,
++ WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, len);
++ SVCMAP(WMI_MAIN_SERVICE_STA_UAPSD_VAR_AUTO_TRIG,
++ WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, len);
++ SVCMAP(WMI_MAIN_SERVICE_STA_KEEP_ALIVE,
++ WMI_SERVICE_STA_KEEP_ALIVE, len);
++ SVCMAP(WMI_MAIN_SERVICE_TX_ENCAP,
++ WMI_SERVICE_TX_ENCAP, len);
++}
+
+-#define WMI_SERVICE_BM_SIZE \
+- ((WMI_MAX_SERVICE + sizeof(u32) - 1)/sizeof(u32))
++#undef SVCMAP
+
+ /* 2 word representation of MAC addr */
+ struct wmi_mac_addr {
+@@ -308,6 +550,8 @@ struct wmi_cmd_map {
+ u32 force_fw_hang_cmdid;
+ u32 gpio_config_cmdid;
+ u32 gpio_output_cmdid;
++ u32 pdev_get_temperature_cmdid;
++ u32 vdev_set_wmm_params_cmdid;
+ };
+
+ /*
+@@ -803,6 +1047,166 @@ enum wmi_10x_event_id {
+ WMI_10X_PDEV_UTF_EVENTID = WMI_10X_END_EVENTID-1,
+ };
+
++enum wmi_10_2_cmd_id {
++ WMI_10_2_START_CMDID = 0x9000,
++ WMI_10_2_END_CMDID = 0x9FFF,
++ WMI_10_2_INIT_CMDID,
++ WMI_10_2_START_SCAN_CMDID = WMI_10_2_START_CMDID,
++ WMI_10_2_STOP_SCAN_CMDID,
++ WMI_10_2_SCAN_CHAN_LIST_CMDID,
++ WMI_10_2_ECHO_CMDID,
++ WMI_10_2_PDEV_SET_REGDOMAIN_CMDID,
++ WMI_10_2_PDEV_SET_CHANNEL_CMDID,
++ WMI_10_2_PDEV_SET_PARAM_CMDID,
++ WMI_10_2_PDEV_PKTLOG_ENABLE_CMDID,
++ WMI_10_2_PDEV_PKTLOG_DISABLE_CMDID,
++ WMI_10_2_PDEV_SET_WMM_PARAMS_CMDID,
++ WMI_10_2_PDEV_SET_HT_CAP_IE_CMDID,
++ WMI_10_2_PDEV_SET_VHT_CAP_IE_CMDID,
++ WMI_10_2_PDEV_SET_BASE_MACADDR_CMDID,
++ WMI_10_2_PDEV_SET_QUIET_MODE_CMDID,
++ WMI_10_2_PDEV_GREEN_AP_PS_ENABLE_CMDID,
++ WMI_10_2_PDEV_GET_TPC_CONFIG_CMDID,
++ WMI_10_2_VDEV_CREATE_CMDID,
++ WMI_10_2_VDEV_DELETE_CMDID,
++ WMI_10_2_VDEV_START_REQUEST_CMDID,
++ WMI_10_2_VDEV_RESTART_REQUEST_CMDID,
++ WMI_10_2_VDEV_UP_CMDID,
++ WMI_10_2_VDEV_STOP_CMDID,
++ WMI_10_2_VDEV_DOWN_CMDID,
++ WMI_10_2_VDEV_STANDBY_RESPONSE_CMDID,
++ WMI_10_2_VDEV_RESUME_RESPONSE_CMDID,
++ WMI_10_2_VDEV_SET_PARAM_CMDID,
++ WMI_10_2_VDEV_INSTALL_KEY_CMDID,
++ WMI_10_2_VDEV_SET_DSCP_TID_MAP_CMDID,
++ WMI_10_2_PEER_CREATE_CMDID,
++ WMI_10_2_PEER_DELETE_CMDID,
++ WMI_10_2_PEER_FLUSH_TIDS_CMDID,
++ WMI_10_2_PEER_SET_PARAM_CMDID,
++ WMI_10_2_PEER_ASSOC_CMDID,
++ WMI_10_2_PEER_ADD_WDS_ENTRY_CMDID,
++ WMI_10_2_PEER_UPDATE_WDS_ENTRY_CMDID,
++ WMI_10_2_PEER_REMOVE_WDS_ENTRY_CMDID,
++ WMI_10_2_PEER_MCAST_GROUP_CMDID,
++ WMI_10_2_BCN_TX_CMDID,
++ WMI_10_2_BCN_PRB_TMPL_CMDID,
++ WMI_10_2_BCN_FILTER_RX_CMDID,
++ WMI_10_2_PRB_REQ_FILTER_RX_CMDID,
++ WMI_10_2_MGMT_TX_CMDID,
++ WMI_10_2_ADDBA_CLEAR_RESP_CMDID,
++ WMI_10_2_ADDBA_SEND_CMDID,
++ WMI_10_2_ADDBA_STATUS_CMDID,
++ WMI_10_2_DELBA_SEND_CMDID,
++ WMI_10_2_ADDBA_SET_RESP_CMDID,
++ WMI_10_2_SEND_SINGLEAMSDU_CMDID,
++ WMI_10_2_STA_POWERSAVE_MODE_CMDID,
++ WMI_10_2_STA_POWERSAVE_PARAM_CMDID,
++ WMI_10_2_STA_MIMO_PS_MODE_CMDID,
++ WMI_10_2_DBGLOG_CFG_CMDID,
++ WMI_10_2_PDEV_DFS_ENABLE_CMDID,
++ WMI_10_2_PDEV_DFS_DISABLE_CMDID,
++ WMI_10_2_PDEV_QVIT_CMDID,
++ WMI_10_2_ROAM_SCAN_MODE,
++ WMI_10_2_ROAM_SCAN_RSSI_THRESHOLD,
++ WMI_10_2_ROAM_SCAN_PERIOD,
++ WMI_10_2_ROAM_SCAN_RSSI_CHANGE_THRESHOLD,
++ WMI_10_2_ROAM_AP_PROFILE,
++ WMI_10_2_OFL_SCAN_ADD_AP_PROFILE,
++ WMI_10_2_OFL_SCAN_REMOVE_AP_PROFILE,
++ WMI_10_2_OFL_SCAN_PERIOD,
++ WMI_10_2_P2P_DEV_SET_DEVICE_INFO,
++ WMI_10_2_P2P_DEV_SET_DISCOVERABILITY,
++ WMI_10_2_P2P_GO_SET_BEACON_IE,
++ WMI_10_2_P2P_GO_SET_PROBE_RESP_IE,
++ WMI_10_2_AP_PS_PEER_PARAM_CMDID,
++ WMI_10_2_AP_PS_PEER_UAPSD_COEX_CMDID,
++ WMI_10_2_PEER_RATE_RETRY_SCHED_CMDID,
++ WMI_10_2_WLAN_PROFILE_TRIGGER_CMDID,
++ WMI_10_2_WLAN_PROFILE_SET_HIST_INTVL_CMDID,
++ WMI_10_2_WLAN_PROFILE_GET_PROFILE_DATA_CMDID,
++ WMI_10_2_WLAN_PROFILE_ENABLE_PROFILE_ID_CMDID,
++ WMI_10_2_WLAN_PROFILE_LIST_PROFILE_ID_CMDID,
++ WMI_10_2_PDEV_SUSPEND_CMDID,
++ WMI_10_2_PDEV_RESUME_CMDID,
++ WMI_10_2_ADD_BCN_FILTER_CMDID,
++ WMI_10_2_RMV_BCN_FILTER_CMDID,
++ WMI_10_2_WOW_ADD_WAKE_PATTERN_CMDID,
++ WMI_10_2_WOW_DEL_WAKE_PATTERN_CMDID,
++ WMI_10_2_WOW_ENABLE_DISABLE_WAKE_EVENT_CMDID,
++ WMI_10_2_WOW_ENABLE_CMDID,
++ WMI_10_2_WOW_HOSTWAKEUP_FROM_SLEEP_CMDID,
++ WMI_10_2_RTT_MEASREQ_CMDID,
++ WMI_10_2_RTT_TSF_CMDID,
++ WMI_10_2_RTT_KEEPALIVE_CMDID,
++ WMI_10_2_PDEV_SEND_BCN_CMDID,
++ WMI_10_2_VDEV_SPECTRAL_SCAN_CONFIGURE_CMDID,
++ WMI_10_2_VDEV_SPECTRAL_SCAN_ENABLE_CMDID,
++ WMI_10_2_REQUEST_STATS_CMDID,
++ WMI_10_2_GPIO_CONFIG_CMDID,
++ WMI_10_2_GPIO_OUTPUT_CMDID,
++ WMI_10_2_VDEV_RATEMASK_CMDID,
++ WMI_10_2_PDEV_SMART_ANT_ENABLE_CMDID,
++ WMI_10_2_PDEV_SMART_ANT_SET_RX_ANTENNA_CMDID,
++ WMI_10_2_PEER_SMART_ANT_SET_TX_ANTENNA_CMDID,
++ WMI_10_2_PEER_SMART_ANT_SET_TRAIN_INFO_CMDID,
++ WMI_10_2_PEER_SMART_ANT_SET_NODE_CONFIG_OPS_CMDID,
++ WMI_10_2_FORCE_FW_HANG_CMDID,
++ WMI_10_2_PDEV_SET_ANTENNA_SWITCH_TABLE_CMDID,
++ WMI_10_2_PDEV_SET_CTL_TABLE_CMDID,
++ WMI_10_2_PDEV_SET_MIMOGAIN_TABLE_CMDID,
++ WMI_10_2_PDEV_RATEPWR_TABLE_CMDID,
++ WMI_10_2_PDEV_RATEPWR_CHAINMSK_TABLE_CMDID,
++ WMI_10_2_PDEV_GET_INFO,
++ WMI_10_2_VDEV_GET_INFO,
++ WMI_10_2_VDEV_ATF_REQUEST_CMDID,
++ WMI_10_2_PEER_ATF_REQUEST_CMDID,
++ WMI_10_2_PDEV_GET_TEMPERATURE_CMDID,
++ WMI_10_2_PDEV_UTF_CMDID = WMI_10_2_END_CMDID - 1,
++};
++
++enum wmi_10_2_event_id {
++ WMI_10_2_SERVICE_READY_EVENTID = 0x8000,
++ WMI_10_2_READY_EVENTID,
++ WMI_10_2_DEBUG_MESG_EVENTID,
++ WMI_10_2_START_EVENTID = 0x9000,
++ WMI_10_2_END_EVENTID = 0x9FFF,
++ WMI_10_2_SCAN_EVENTID = WMI_10_2_START_EVENTID,
++ WMI_10_2_ECHO_EVENTID,
++ WMI_10_2_UPDATE_STATS_EVENTID,
++ WMI_10_2_INST_RSSI_STATS_EVENTID,
++ WMI_10_2_VDEV_START_RESP_EVENTID,
++ WMI_10_2_VDEV_STANDBY_REQ_EVENTID,
++ WMI_10_2_VDEV_RESUME_REQ_EVENTID,
++ WMI_10_2_VDEV_STOPPED_EVENTID,
++ WMI_10_2_PEER_STA_KICKOUT_EVENTID,
++ WMI_10_2_HOST_SWBA_EVENTID,
++ WMI_10_2_TBTTOFFSET_UPDATE_EVENTID,
++ WMI_10_2_MGMT_RX_EVENTID,
++ WMI_10_2_CHAN_INFO_EVENTID,
++ WMI_10_2_PHYERR_EVENTID,
++ WMI_10_2_ROAM_EVENTID,
++ WMI_10_2_PROFILE_MATCH,
++ WMI_10_2_DEBUG_PRINT_EVENTID,
++ WMI_10_2_PDEV_QVIT_EVENTID,
++ WMI_10_2_WLAN_PROFILE_DATA_EVENTID,
++ WMI_10_2_RTT_MEASUREMENT_REPORT_EVENTID,
++ WMI_10_2_TSF_MEASUREMENT_REPORT_EVENTID,
++ WMI_10_2_RTT_ERROR_REPORT_EVENTID,
++ WMI_10_2_RTT_KEEPALIVE_EVENTID,
++ WMI_10_2_WOW_WAKEUP_HOST_EVENTID,
++ WMI_10_2_DCS_INTERFERENCE_EVENTID,
++ WMI_10_2_PDEV_TPC_CONFIG_EVENTID,
++ WMI_10_2_GPIO_INPUT_EVENTID,
++ WMI_10_2_PEER_RATECODE_LIST_EVENTID,
++ WMI_10_2_GENERIC_BUFFER_EVENTID,
++ WMI_10_2_MCAST_BUF_RELEASE_EVENTID,
++ WMI_10_2_MCAST_LIST_AGEOUT_EVENTID,
++ WMI_10_2_WDS_PEER_EVENTID,
++ WMI_10_2_PEER_STA_PS_STATECHG_EVENTID,
++ WMI_10_2_PDEV_TEMPERATURE_EVENTID,
++ WMI_10_2_PDEV_UTF_EVENTID = WMI_10_2_END_EVENTID - 1,
++};
++
+ enum wmi_phy_mode {
+ MODE_11A = 0, /* 11a Mode */
+ MODE_11G = 1, /* 11b/g Mode */
+@@ -955,7 +1359,6 @@ enum wmi_channel_change_cause {
+ WMI_HT_CAP_RX_STBC | \
+ WMI_HT_CAP_LDPC)
+
+-
+ /*
+ * WMI_VHT_CAP_* these maps to ieee 802.11ac vht capability information
+ * field. The fields not defined here are not supported, or reserved.
+@@ -1076,10 +1479,6 @@ struct wlan_host_mem_req {
+ __le32 num_units;
+ } __packed;
+
+-#define WMI_SERVICE_IS_ENABLED(wmi_svc_bmap, svc_id) \
+- ((((wmi_svc_bmap)[(svc_id)/(sizeof(u32))]) & \
+- (1 << ((svc_id)%(sizeof(u32))))) != 0)
+-
+ /*
+ * The following struct holds optional payload for
+ * wmi_service_ready_event,e.g., 11ac pass some of the
+@@ -1093,7 +1492,7 @@ struct wmi_service_ready_event {
+ __le32 phy_capability;
+ /* Maximum number of frag table entries that SW will populate less 1 */
+ __le32 max_frag_entry;
+- __le32 wmi_service_bitmap[WMI_SERVICE_BM_SIZE];
++ __le32 wmi_service_bitmap[16];
+ __le32 num_rf_chains;
+ /*
+ * The following field is only valid for service type
+@@ -1119,11 +1518,11 @@ struct wmi_service_ready_event {
+ * where FW can access this memory directly (or) by DMA.
+ */
+ __le32 num_mem_reqs;
+- struct wlan_host_mem_req mem_reqs[1];
++ struct wlan_host_mem_req mem_reqs[0];
+ } __packed;
+
+ /* This is the definition from 10.X firmware branch */
+-struct wmi_service_ready_event_10x {
++struct wmi_10x_service_ready_event {
+ __le32 sw_version;
+ __le32 abi_version;
+
+@@ -1132,7 +1531,7 @@ struct wmi_service_ready_event_10x {
+
+ /* Maximum number of frag table entries that SW will populate less 1 */
+ __le32 max_frag_entry;
+- __le32 wmi_service_bitmap[WMI_SERVICE_BM_SIZE];
++ __le32 wmi_service_bitmap[16];
+ __le32 num_rf_chains;
+
+ /*
+@@ -1158,10 +1557,9 @@ struct wmi_service_ready_event_10x {
+ */
+ __le32 num_mem_reqs;
+
+- struct wlan_host_mem_req mem_reqs[1];
++ struct wlan_host_mem_req mem_reqs[0];
+ } __packed;
+
+-
+ #define WMI_SERVICE_READY_TIMEOUT_HZ (5*HZ)
+ #define WMI_UNIFIED_READY_TIMEOUT_HZ (5*HZ)
+
+@@ -1255,7 +1653,7 @@ struct wmi_resource_config {
+ */
+ __le32 rx_decap_mode;
+
+- /* what is the maximum scan requests than can be queued */
++ /* what is the maximum number of scan requests that can be queued */
+ __le32 scan_max_pending_reqs;
+
+ /* maximum VDEV that could use BMISS offload */
+@@ -1440,7 +1838,7 @@ struct wmi_resource_config_10x {
+ */
+ __le32 rx_decap_mode;
+
+- /* what is the maximum scan requests than can be queued */
++ /* what is the maximum number of scan requests that can be queued */
+ __le32 scan_max_pending_reqs;
+
+ /* maximum VDEV that could use BMISS offload */
+@@ -1551,6 +1949,21 @@ struct wmi_resource_config_10x {
+ __le32 max_frag_entries;
+ } __packed;
+
++enum wmi_10_2_feature_mask {
++ WMI_10_2_RX_BATCH_MODE = BIT(0),
++ WMI_10_2_ATF_CONFIG = BIT(1),
++};
++
++struct wmi_resource_config_10_2 {
++ struct wmi_resource_config_10x common;
++ __le32 max_peer_ext_stats;
++ __le32 smart_ant_cap; /* 0-disable, 1-enable */
++ __le32 bk_min_free;
++ __le32 be_min_free;
++ __le32 vi_min_free;
++ __le32 vo_min_free;
++ __le32 feature_mask;
++} __packed;
+
+ #define NUM_UNITS_IS_NUM_VDEVS 0x1
+ #define NUM_UNITS_IS_NUM_PEERS 0x2
+@@ -1565,34 +1978,39 @@ struct host_memory_chunk {
+ __le32 size;
+ } __packed;
+
++struct wmi_host_mem_chunks {
++ __le32 count;
++ /* some fw revisions require at least 1 chunk regardless of count */
++ struct host_memory_chunk items[1];
++} __packed;
++
+ struct wmi_init_cmd {
+ struct wmi_resource_config resource_config;
+- __le32 num_host_mem_chunks;
+-
+- /*
+- * variable number of host memory chunks.
+- * This should be the last element in the structure
+- */
+- struct host_memory_chunk host_mem_chunks[1];
++ struct wmi_host_mem_chunks mem_chunks;
+ } __packed;
+
+ /* _10x stucture is from 10.X FW API */
+ struct wmi_init_cmd_10x {
+ struct wmi_resource_config_10x resource_config;
+- __le32 num_host_mem_chunks;
++ struct wmi_host_mem_chunks mem_chunks;
++} __packed;
+
+- /*
+- * variable number of host memory chunks.
+- * This should be the last element in the structure
+- */
+- struct host_memory_chunk host_mem_chunks[1];
++struct wmi_init_cmd_10_2 {
++ struct wmi_resource_config_10_2 resource_config;
++ struct wmi_host_mem_chunks mem_chunks;
++} __packed;
++
++struct wmi_chan_list_entry {
++ __le16 freq;
++ u8 phy_mode; /* valid for 10.2 only */
++ u8 reserved;
+ } __packed;
+
+ /* TLV for channel list */
+ struct wmi_chan_list {
+ __le32 tag; /* WMI_CHAN_LIST_TAG */
+ __le32 num_chan;
+- __le32 channel_list[0];
++ struct wmi_chan_list_entry channel_list[0];
+ } __packed;
+
+ struct wmi_bssid_list {
+@@ -1629,6 +2047,11 @@ struct wmi_ssid_list {
+ #define WLAN_SCAN_PARAMS_MAX_BSSID 4
+ #define WLAN_SCAN_PARAMS_MAX_IE_LEN 256
+
++/* Values lower than this may be refused by some firmware revisions with a scan
++ * completion with a timedout reason.
++ */
++#define WMI_SCAN_CHAN_MIN_TIME_MSEC 40
++
+ /* Scan priority numbers must be sequential, starting with 0 */
+ enum wmi_scan_priority {
+ WMI_SCAN_PRIORITY_VERY_LOW = 0,
+@@ -1639,7 +2062,7 @@ enum wmi_scan_priority {
+ WMI_SCAN_PRIORITY_COUNT /* number of priorities supported */
+ };
+
+-struct wmi_start_scan_cmd {
++struct wmi_start_scan_common {
+ /* Scan ID */
+ __le32 scan_id;
+ /* Scan requestor ID */
+@@ -1697,97 +2120,26 @@ struct wmi_start_scan_cmd {
+ __le32 probe_delay;
+ /* Scan control flags */
+ __le32 scan_ctrl_flags;
+-
+- /* Burst duration time in msecs */
+- __le32 burst_duration;
+- /*
+- * TLV (tag length value ) paramerters follow the scan_cmd structure.
+- * TLV can contain channel list, bssid list, ssid list and
+- * ie. the TLV tags are defined above;
+- */
+ } __packed;
+
+-/* This is the definition from 10.X firmware branch */
+-struct wmi_start_scan_cmd_10x {
+- /* Scan ID */
+- __le32 scan_id;
+-
+- /* Scan requestor ID */
+- __le32 scan_req_id;
+-
+- /* VDEV id(interface) that is requesting scan */
+- __le32 vdev_id;
+-
+- /* Scan Priority, input to scan scheduler */
+- __le32 scan_priority;
+-
+- /* Scan events subscription */
+- __le32 notify_scan_events;
+-
+- /* dwell time in msec on active channels */
+- __le32 dwell_time_active;
+-
+- /* dwell time in msec on passive channels */
+- __le32 dwell_time_passive;
+-
+- /*
+- * min time in msec on the BSS channel,only valid if atleast one
+- * VDEV is active
+- */
+- __le32 min_rest_time;
+-
+- /*
+- * max rest time in msec on the BSS channel,only valid if at least
+- * one VDEV is active
+- */
+- /*
+- * the scanner will rest on the bss channel at least min_rest_time
+- * after min_rest_time the scanner will start checking for tx/rx
+- * activity on all VDEVs. if there is no activity the scanner will
+- * switch to off channel. if there is activity the scanner will let
+- * the radio on the bss channel until max_rest_time expires.at
+- * max_rest_time scanner will switch to off channel irrespective of
+- * activity. activity is determined by the idle_time parameter.
+- */
+- __le32 max_rest_time;
+-
+- /*
+- * time before sending next set of probe requests.
+- * The scanner keeps repeating probe requests transmission with
+- * period specified by repeat_probe_time.
+- * The number of probe requests specified depends on the ssid_list
+- * and bssid_list
+- */
+- __le32 repeat_probe_time;
+-
+- /* time in msec between 2 consequetive probe requests with in a set. */
+- __le32 probe_spacing_time;
+-
+- /*
+- * data inactivity time in msec on bss channel that will be used by
+- * scanner for measuring the inactivity.
++struct wmi_start_scan_tlvs {
++ /* TLV parameters. These includes channel list, ssid list, bssid list,
++ * extra ies.
+ */
+- __le32 idle_time;
+-
+- /* maximum time in msec allowed for scan */
+- __le32 max_scan_time;
+-
+- /*
+- * delay in msec before sending first probe request after switching
+- * to a channel
+- */
+- __le32 probe_delay;
+-
+- /* Scan control flags */
+- __le32 scan_ctrl_flags;
++ u8 tlvs[0];
++} __packed;
+
+- /*
+- * TLV (tag length value ) paramerters follow the scan_cmd structure.
+- * TLV can contain channel list, bssid list, ssid list and
+- * ie. the TLV tags are defined above;
+- */
++struct wmi_start_scan_cmd {
++ struct wmi_start_scan_common common;
++ __le32 burst_duration_ms;
++ struct wmi_start_scan_tlvs tlvs;
+ } __packed;
+
++/* This is the definition from 10.X firmware branch */
++struct wmi_10x_start_scan_cmd {
++ struct wmi_start_scan_common common;
++ struct wmi_start_scan_tlvs tlvs;
++} __packed;
+
+ struct wmi_ssid_arg {
+ int len;
+@@ -1821,7 +2173,7 @@ struct wmi_start_scan_arg {
+ u32 n_bssids;
+
+ u8 ie[WLAN_SCAN_PARAMS_MAX_IE_LEN];
+- u32 channels[64];
++ u16 channels[64];
+ struct wmi_ssid_arg ssids[WLAN_SCAN_PARAMS_MAX_SSID];
+ struct wmi_bssid_arg bssids[WLAN_SCAN_PARAMS_MAX_BSSID];
+ };
+@@ -1849,7 +2201,6 @@ struct wmi_start_scan_arg {
+ /* WMI_SCAN_CLASS_MASK must be the same value as IEEE80211_SCAN_CLASS_MASK */
+ #define WMI_SCAN_CLASS_MASK 0xFF000000
+
+-
+ enum wmi_stop_scan_type {
+ WMI_SCAN_STOP_ONE = 0x00000000, /* stop by scan_id */
+ WMI_SCAN_STOP_VDEV_ALL = 0x01000000, /* stop by vdev_id */
+@@ -1973,100 +2324,31 @@ struct wmi_mgmt_rx_event_v2 {
+ #define PHY_ERROR_FALSE_RADAR_EXT 0x24
+ #define PHY_ERROR_RADAR 0x05
+
+-struct wmi_single_phyerr_rx_hdr {
+- /* TSF timestamp */
++struct wmi_phyerr {
+ __le32 tsf_timestamp;
+-
+- /*
+- * Current freq1, freq2
+- *
+- * [7:0]: freq1[lo]
+- * [15:8] : freq1[hi]
+- * [23:16]: freq2[lo]
+- * [31:24]: freq2[hi]
+- */
+ __le16 freq1;
+ __le16 freq2;
+-
+- /*
+- * Combined RSSI over all chains and channel width for this PHY error
+- *
+- * [7:0]: RSSI combined
+- * [15:8]: Channel width (MHz)
+- * [23:16]: PHY error code
+- * [24:16]: reserved (future use)
+- */
+ u8 rssi_combined;
+ u8 chan_width_mhz;
+ u8 phy_err_code;
+ u8 rsvd0;
+-
+- /*
+- * RSSI on chain 0 through 3
+- *
+- * This is formatted the same as the PPDU_START RX descriptor
+- * field:
+- *
+- * [7:0]: pri20
+- * [15:8]: sec20
+- * [23:16]: sec40
+- * [31:24]: sec80
+- */
+-
+- __le32 rssi_chain0;
+- __le32 rssi_chain1;
+- __le32 rssi_chain2;
+- __le32 rssi_chain3;
+-
+- /*
+- * Last calibrated NF value for chain 0 through 3
+- *
+- * nf_list_1:
+- *
+- * + [15:0] - chain 0
+- * + [31:16] - chain 1
+- *
+- * nf_list_2:
+- *
+- * + [15:0] - chain 2
+- * + [31:16] - chain 3
+- */
+- __le32 nf_list_1;
+- __le32 nf_list_2;
+-
+-
+- /* Length of the frame */
++ __le32 rssi_chains[4];
++ __le16 nf_chains[4];
+ __le32 buf_len;
++ u8 buf[0];
+ } __packed;
+
+-struct wmi_single_phyerr_rx_event {
+- /* Phy error event header */
+- struct wmi_single_phyerr_rx_hdr hdr;
+- /* frame buffer */
+- u8 bufp[0];
+-} __packed;
+-
+-struct wmi_comb_phyerr_rx_hdr {
+- /* Phy error phy error count */
+- __le32 num_phyerr_events;
++struct wmi_phyerr_event {
++ __le32 num_phyerrs;
+ __le32 tsf_l32;
+ __le32 tsf_u32;
+-} __packed;
+-
+-struct wmi_comb_phyerr_rx_event {
+- /* Phy error phy error count */
+- struct wmi_comb_phyerr_rx_hdr hdr;
+- /*
+- * frame buffer - contains multiple payloads in the order:
+- * header - payload, header - payload...
+- * (The header is of type: wmi_single_phyerr_rx_hdr)
+- */
+- u8 bufp[0];
++ struct wmi_phyerr phyerrs[0];
+ } __packed;
+
+ #define PHYERR_TLV_SIG 0xBB
+ #define PHYERR_TLV_TAG_SEARCH_FFT_REPORT 0xFB
+ #define PHYERR_TLV_TAG_RADAR_PULSE_SUMMARY 0xF8
++#define PHYERR_TLV_TAG_SPECTRAL_SUMMARY_REPORT 0xF9
+
+ struct phyerr_radar_report {
+ __le32 reg0; /* RADAR_REPORT_REG0_* */
+@@ -2135,7 +2417,6 @@ struct phyerr_fft_report {
+ #define SEARCH_FFT_REPORT_REG1_NUM_STR_BINS_IB_MASK 0x000000FF
+ #define SEARCH_FFT_REPORT_REG1_NUM_STR_BINS_IB_LSB 0
+
+-
+ struct phyerr_tlv {
+ __le16 len;
+ u8 tag;
+@@ -2166,7 +2447,6 @@ struct wmi_echo_cmd {
+ __le32 value;
+ } __packed;
+
+-
+ struct wmi_pdev_set_regdomain_cmd {
+ __le32 reg_domain;
+ __le32 reg_domain_2G;
+@@ -2215,7 +2495,6 @@ struct wmi_pdev_set_quiet_cmd {
+ __le32 enabled;
+ } __packed;
+
+-
+ /*
+ * 802.11g protection mode.
+ */
+@@ -2318,14 +2597,15 @@ struct wmi_pdev_param_map {
+ u32 fast_channel_reset;
+ u32 burst_dur;
+ u32 burst_enable;
++ u32 cal_period;
+ };
+
+ #define WMI_PDEV_PARAM_UNSUPPORTED 0
+
+ enum wmi_pdev_param {
+- /* TX chian mask */
++ /* TX chain mask */
+ WMI_PDEV_PARAM_TX_CHAIN_MASK = 0x1,
+- /* RX chian mask */
++ /* RX chain mask */
+ WMI_PDEV_PARAM_RX_CHAIN_MASK,
+ /* TX power limit for 2G Radio */
+ WMI_PDEV_PARAM_TXPOWER_LIMIT2G,
+@@ -2515,6 +2795,22 @@ enum wmi_10x_pdev_param {
+ WMI_10X_PDEV_PARAM_BURST_DUR,
+ /* Set Bursting Enable*/
+ WMI_10X_PDEV_PARAM_BURST_ENABLE,
++
++ /* following are available as of firmware 10.2 */
++ WMI_10X_PDEV_PARAM_SMART_ANTENNA_DEFAULT_ANTENNA,
++ WMI_10X_PDEV_PARAM_IGMPMLD_OVERRIDE,
++ WMI_10X_PDEV_PARAM_IGMPMLD_TID,
++ WMI_10X_PDEV_PARAM_ANTENNA_GAIN,
++ WMI_10X_PDEV_PARAM_RX_DECAP_MODE,
++ WMI_10X_PDEV_PARAM_RX_FILTER,
++ WMI_10X_PDEV_PARAM_SET_MCAST_TO_UCAST_TID,
++ WMI_10X_PDEV_PARAM_PROXY_STA_MODE,
++ WMI_10X_PDEV_PARAM_SET_MCAST2UCAST_MODE,
++ WMI_10X_PDEV_PARAM_SET_MCAST2UCAST_BUFFER,
++ WMI_10X_PDEV_PARAM_REMOVE_MCAST2UCAST_BUFFER,
++ WMI_10X_PDEV_PARAM_PEER_STA_PS_STATECHG_ENABLE,
++ WMI_10X_PDEV_PARAM_RTS_FIXED_RATE,
++ WMI_10X_PDEV_PARAM_CAL_PERIOD
+ };
+
+ struct wmi_pdev_set_param_cmd {
+@@ -2522,6 +2818,9 @@ struct wmi_pdev_set_param_cmd {
+ __le32 param_value;
+ } __packed;
+
++/* valid period is 1 ~ 60000ms, unit in millisecond */
++#define WMI_PDEV_PARAM_CAL_PERIOD_MAX 60000
++
+ struct wmi_pdev_get_tpc_config_cmd {
+ /* parameter */
+ __le32 param;
+@@ -2565,11 +2864,6 @@ enum wmi_tp_scale {
+ WMI_TP_SCALE_SIZE = 5, /* max num of enum */
+ };
+
+-struct wmi_set_channel_cmd {
+- /* channel (only frequency and mode info are used) */
+- struct wmi_channel chan;
+-} __packed;
+-
+ struct wmi_pdev_chanlist_update_event {
+ /* number of channels */
+ __le32 num_chan;
+@@ -2600,6 +2894,10 @@ struct wmi_pdev_set_channel_cmd {
+ struct wmi_channel chan;
+ } __packed;
+
++struct wmi_pdev_pktlog_enable_cmd {
++ __le32 ev_bitmap;
++} __packed;
++
+ /* Customize the DSCP (bit) to TID (0-7) mapping for QOS */
+ #define WMI_DSCP_MAP_MAX (64)
+ struct wmi_pdev_set_dscp_tid_map_cmd {
+@@ -2642,14 +2940,14 @@ struct wmi_wmm_params_arg {
+ u32 no_ack;
+ };
+
+-struct wmi_pdev_set_wmm_params_arg {
++struct wmi_wmm_params_all_arg {
+ struct wmi_wmm_params_arg ac_be;
+ struct wmi_wmm_params_arg ac_bk;
+ struct wmi_wmm_params_arg ac_vi;
+ struct wmi_wmm_params_arg ac_vo;
+ };
+
+-struct wal_dbg_tx_stats {
++struct wmi_pdev_stats_tx {
+ /* Num HTT cookies queued to dispatch list */
+ __le32 comp_queued;
+
+@@ -2719,7 +3017,7 @@ struct wal_dbg_tx_stats {
+ __le32 txop_ovf;
+ } __packed;
+
+-struct wal_dbg_rx_stats {
++struct wmi_pdev_stats_rx {
+ /* Cnts any change in ring routing mid-ppdu */
+ __le32 mid_ppdu_route_change;
+
+@@ -2753,20 +3051,18 @@ struct wal_dbg_rx_stats {
+ __le32 mpdu_errs;
+ } __packed;
+
+-struct wal_dbg_peer_stats {
++struct wmi_pdev_stats_peer {
+ /* REMOVE THIS ONCE REAL PEER STAT COUNTERS ARE ADDED */
+ __le32 dummy;
+ } __packed;
+
+-struct wal_dbg_stats {
+- struct wal_dbg_tx_stats tx;
+- struct wal_dbg_rx_stats rx;
+- struct wal_dbg_peer_stats peer;
+-} __packed;
+-
+ enum wmi_stats_id {
+- WMI_REQUEST_PEER_STAT = 0x01,
+- WMI_REQUEST_AP_STAT = 0x02
++ WMI_STAT_PEER = BIT(0),
++ WMI_STAT_AP = BIT(1),
++ WMI_STAT_PDEV = BIT(2),
++ WMI_STAT_VDEV = BIT(3),
++ WMI_STAT_BCNFLT = BIT(4),
++ WMI_STAT_VDEV_RATE = BIT(5),
+ };
+
+ struct wlan_inst_rssi_args {
+@@ -2801,7 +3097,7 @@ struct wmi_pdev_suspend_cmd {
+ } __packed;
+
+ struct wmi_stats_event {
+- __le32 stats_id; /* %WMI_REQUEST_ */
++ __le32 stats_id; /* WMI_STAT_ */
+ /*
+ * number of pdev stats event structures
+ * (wmi_pdev_stats) 0 or 1
+@@ -2830,30 +3126,38 @@ struct wmi_stats_event {
+ u8 data[0];
+ } __packed;
+
++struct wmi_10_2_stats_event {
++ __le32 stats_id; /* %WMI_REQUEST_ */
++ __le32 num_pdev_stats;
++ __le32 num_pdev_ext_stats;
++ __le32 num_vdev_stats;
++ __le32 num_peer_stats;
++ __le32 num_bcnflt_stats;
++ u8 data[0];
++} __packed;
++
+ /*
+ * PDEV statistics
+ * TODO: add all PDEV stats here
+ */
+-struct wmi_pdev_stats_old {
+- __le32 chan_nf; /* Channel noise floor */
+- __le32 tx_frame_count; /* TX frame count */
+- __le32 rx_frame_count; /* RX frame count */
+- __le32 rx_clear_count; /* rx clear count */
+- __le32 cycle_count; /* cycle count */
+- __le32 phy_err_count; /* Phy error count */
+- __le32 chan_tx_pwr; /* channel tx power */
+- struct wal_dbg_stats wal; /* WAL dbg stats */
+-} __packed;
+-
+-struct wmi_pdev_stats_10x {
+- __le32 chan_nf; /* Channel noise floor */
+- __le32 tx_frame_count; /* TX frame count */
+- __le32 rx_frame_count; /* RX frame count */
+- __le32 rx_clear_count; /* rx clear count */
+- __le32 cycle_count; /* cycle count */
+- __le32 phy_err_count; /* Phy error count */
+- __le32 chan_tx_pwr; /* channel tx power */
+- struct wal_dbg_stats wal; /* WAL dbg stats */
++struct wmi_pdev_stats_base {
++ __le32 chan_nf;
++ __le32 tx_frame_count;
++ __le32 rx_frame_count;
++ __le32 rx_clear_count;
++ __le32 cycle_count;
++ __le32 phy_err_count;
++ __le32 chan_tx_pwr;
++} __packed;
++
++struct wmi_pdev_stats {
++ struct wmi_pdev_stats_base base;
++ struct wmi_pdev_stats_tx tx;
++ struct wmi_pdev_stats_rx rx;
++ struct wmi_pdev_stats_peer peer;
++} __packed;
++
++struct wmi_pdev_stats_extra {
+ __le32 ack_rx_bad;
+ __le32 rts_bad;
+ __le32 rts_good;
+@@ -2862,6 +3166,30 @@ struct wmi_pdev_stats_10x {
+ __le32 mib_int_count;
+ } __packed;
+
++struct wmi_10x_pdev_stats {
++ struct wmi_pdev_stats_base base;
++ struct wmi_pdev_stats_tx tx;
++ struct wmi_pdev_stats_rx rx;
++ struct wmi_pdev_stats_peer peer;
++ struct wmi_pdev_stats_extra extra;
++} __packed;
++
++struct wmi_pdev_stats_mem {
++ __le32 dram_free;
++ __le32 iram_free;
++} __packed;
++
++struct wmi_10_2_pdev_stats {
++ struct wmi_pdev_stats_base base;
++ struct wmi_pdev_stats_tx tx;
++ __le32 mc_drop;
++ struct wmi_pdev_stats_rx rx;
++ __le32 pdev_rx_timeout;
++ struct wmi_pdev_stats_mem mem;
++ struct wmi_pdev_stats_peer peer;
++ struct wmi_pdev_stats_extra extra;
++} __packed;
++
+ /*
+ * VDEV statistics
+ * TODO: add all VDEV stats here
+@@ -2874,19 +3202,43 @@ struct wmi_vdev_stats {
+ * peer statistics.
+ * TODO: add more stats
+ */
+-struct wmi_peer_stats_old {
++struct wmi_peer_stats {
+ struct wmi_mac_addr peer_macaddr;
+ __le32 peer_rssi;
+ __le32 peer_tx_rate;
+ } __packed;
+
+-struct wmi_peer_stats_10x {
+- struct wmi_mac_addr peer_macaddr;
+- __le32 peer_rssi;
+- __le32 peer_tx_rate;
++struct wmi_10x_peer_stats {
++ struct wmi_peer_stats old;
+ __le32 peer_rx_rate;
+ } __packed;
+
++struct wmi_10_2_peer_stats {
++ struct wmi_peer_stats old;
++ __le32 peer_rx_rate;
++ __le32 current_per;
++ __le32 retries;
++ __le32 tx_rate_count;
++ __le32 max_4ms_frame_len;
++ __le32 total_sub_frames;
++ __le32 tx_bytes;
++ __le32 num_pkt_loss_overflow[4];
++ __le32 num_pkt_loss_excess_retry[4];
++} __packed;
++
++struct wmi_10_2_4_peer_stats {
++ struct wmi_10_2_peer_stats common;
++ __le32 unknown_value; /* FIXME: what is this word? */
++} __packed;
++
++struct wmi_10_2_pdev_ext_stats {
++ __le32 rx_rssi_comb;
++ __le32 rx_rssi[4];
++ __le32 rx_mcs[10];
++ __le32 tx_mcs[10];
++ __le32 ack_rssi;
++} __packed;
++
+ struct wmi_vdev_create_cmd {
+ __le32 vdev_id;
+ __le32 vdev_type;
+@@ -3387,8 +3739,21 @@ enum wmi_10x_vdev_param {
+ WMI_10X_VDEV_PARAM_ENABLE_RTSCTS,
+
+ WMI_10X_VDEV_PARAM_AP_DETECT_OUT_OF_SYNC_SLEEPING_STA_TIME_SECS,
++
++ /* following are available as of firmware 10.2 */
++ WMI_10X_VDEV_PARAM_TX_ENCAP_TYPE,
++ WMI_10X_VDEV_PARAM_CABQ_MAXDUR,
++ WMI_10X_VDEV_PARAM_MFPTEST_SET,
++ WMI_10X_VDEV_PARAM_RTS_FIXED_RATE,
++ WMI_10X_VDEV_PARAM_VHT_SGIMASK,
++ WMI_10X_VDEV_PARAM_VHT80_RATEMASK,
+ };
+
++#define WMI_VDEV_PARAM_TXBF_SU_TX_BFEE BIT(0)
++#define WMI_VDEV_PARAM_TXBF_MU_TX_BFEE BIT(1)
++#define WMI_VDEV_PARAM_TXBF_SU_TX_BFER BIT(2)
++#define WMI_VDEV_PARAM_TXBF_MU_TX_BFER BIT(3)
++
+ /* slot time long */
+ #define WMI_VDEV_SLOT_TIME_LONG 0x1
+ /* slot time short */
+@@ -3444,6 +3809,98 @@ struct wmi_vdev_simple_event {
+ /* unsupported VDEV combination */
+ #define WMI_INIFIED_VDEV_START_RESPONSE_NOT_SUPPORTED 0x2
+
++/* TODO: please add more comments if you have in-depth information */
++struct wmi_vdev_spectral_conf_cmd {
++ __le32 vdev_id;
++
++ /* number of fft samples to send (0 for infinite) */
++ __le32 scan_count;
++ __le32 scan_period;
++ __le32 scan_priority;
++
++ /* number of bins in the FFT: 2^(fft_size - bin_scale) */
++ __le32 scan_fft_size;
++ __le32 scan_gc_ena;
++ __le32 scan_restart_ena;
++ __le32 scan_noise_floor_ref;
++ __le32 scan_init_delay;
++ __le32 scan_nb_tone_thr;
++ __le32 scan_str_bin_thr;
++ __le32 scan_wb_rpt_mode;
++ __le32 scan_rssi_rpt_mode;
++ __le32 scan_rssi_thr;
++ __le32 scan_pwr_format;
++
++ /* rpt_mode: Format of FFT report to software for spectral scan
++ * triggered FFTs:
++ * 0: No FFT report (only spectral scan summary report)
++ * 1: 2-dword summary of metrics for each completed FFT + spectral
++ * scan summary report
++ * 2: 2-dword summary of metrics for each completed FFT +
++ * 1x- oversampled bins(in-band) per FFT + spectral scan summary
++ * report
++ * 3: 2-dword summary of metrics for each completed FFT +
++ * 2x- oversampled bins (all) per FFT + spectral scan summary
++ */
++ __le32 scan_rpt_mode;
++ __le32 scan_bin_scale;
++ __le32 scan_dbm_adj;
++ __le32 scan_chn_mask;
++} __packed;
++
++struct wmi_vdev_spectral_conf_arg {
++ u32 vdev_id;
++ u32 scan_count;
++ u32 scan_period;
++ u32 scan_priority;
++ u32 scan_fft_size;
++ u32 scan_gc_ena;
++ u32 scan_restart_ena;
++ u32 scan_noise_floor_ref;
++ u32 scan_init_delay;
++ u32 scan_nb_tone_thr;
++ u32 scan_str_bin_thr;
++ u32 scan_wb_rpt_mode;
++ u32 scan_rssi_rpt_mode;
++ u32 scan_rssi_thr;
++ u32 scan_pwr_format;
++ u32 scan_rpt_mode;
++ u32 scan_bin_scale;
++ u32 scan_dbm_adj;
++ u32 scan_chn_mask;
++};
++
++#define WMI_SPECTRAL_ENABLE_DEFAULT 0
++#define WMI_SPECTRAL_COUNT_DEFAULT 0
++#define WMI_SPECTRAL_PERIOD_DEFAULT 35
++#define WMI_SPECTRAL_PRIORITY_DEFAULT 1
++#define WMI_SPECTRAL_FFT_SIZE_DEFAULT 7
++#define WMI_SPECTRAL_GC_ENA_DEFAULT 1
++#define WMI_SPECTRAL_RESTART_ENA_DEFAULT 0
++#define WMI_SPECTRAL_NOISE_FLOOR_REF_DEFAULT -96
++#define WMI_SPECTRAL_INIT_DELAY_DEFAULT 80
++#define WMI_SPECTRAL_NB_TONE_THR_DEFAULT 12
++#define WMI_SPECTRAL_STR_BIN_THR_DEFAULT 8
++#define WMI_SPECTRAL_WB_RPT_MODE_DEFAULT 0
++#define WMI_SPECTRAL_RSSI_RPT_MODE_DEFAULT 0
++#define WMI_SPECTRAL_RSSI_THR_DEFAULT 0xf0
++#define WMI_SPECTRAL_PWR_FORMAT_DEFAULT 0
++#define WMI_SPECTRAL_RPT_MODE_DEFAULT 2
++#define WMI_SPECTRAL_BIN_SCALE_DEFAULT 1
++#define WMI_SPECTRAL_DBM_ADJ_DEFAULT 1
++#define WMI_SPECTRAL_CHN_MASK_DEFAULT 1
++
++struct wmi_vdev_spectral_enable_cmd {
++ __le32 vdev_id;
++ __le32 trigger_cmd;
++ __le32 enable_cmd;
++} __packed;
++
++#define WMI_SPECTRAL_TRIGGER_CMD_TRIGGER 1
++#define WMI_SPECTRAL_TRIGGER_CMD_CLEAR 2
++#define WMI_SPECTRAL_ENABLE_CMD_ENABLE 1
++#define WMI_SPECTRAL_ENABLE_CMD_DISABLE 2
++
+ /* Beacon processing related command and event structures */
+ struct wmi_bcn_tx_hdr {
+ __le32 vdev_id;
+@@ -3470,6 +3927,11 @@ enum wmi_bcn_tx_ref_flags {
+ WMI_BCN_TX_REF_FLAG_DELIVER_CAB = 0x2,
+ };
+
++/* TODO: It is unclear why "no antenna" works while any other seemingly valid
++ * chainmask yields no beacons on the air at all.
++ */
++#define WMI_BCN_TX_REF_DEF_ANTENNA 0
++
+ struct wmi_bcn_tx_ref_cmd {
+ __le32 vdev_id;
+ __le32 data_len;
+@@ -3481,6 +3943,8 @@ struct wmi_bcn_tx_ref_cmd {
+ __le32 frame_control;
+ /* to control CABQ traffic: WMI_BCN_TX_REF_FLAG_ */
+ __le32 flags;
++ /* introduced in 10.2 */
++ __le32 antenna_mask;
+ } __packed;
+
+ /* Beacon filter */
+@@ -3633,6 +4097,13 @@ enum wmi_sta_ps_param_pspoll_count {
+ * Values greater than 0 indicate the maximum numer of PS-Poll frames
+ * FW will send before waking up.
+ */
++
++ /* When u-APSD is enabled the firmware will be very reluctant to exit
++ * STA PS. This could result in very poor Rx performance with STA doing
++ * PS-Poll for each and every buffered frame. This value is a bit
++ * arbitrary.
++ */
++ WMI_STA_PS_PSPOLL_COUNT_UAPSD = 3,
+ };
+
+ /*
+@@ -3658,6 +4129,30 @@ enum wmi_sta_ps_param_uapsd {
+ WMI_STA_PS_UAPSD_AC3_TRIGGER_EN = (1 << 7),
+ };
+
++#define WMI_STA_UAPSD_MAX_INTERVAL_MSEC UINT_MAX
++
++struct wmi_sta_uapsd_auto_trig_param {
++ __le32 wmm_ac;
++ __le32 user_priority;
++ __le32 service_interval;
++ __le32 suspend_interval;
++ __le32 delay_interval;
++};
++
++struct wmi_sta_uapsd_auto_trig_cmd_fixed_param {
++ __le32 vdev_id;
++ struct wmi_mac_addr peer_macaddr;
++ __le32 num_ac;
++};
++
++struct wmi_sta_uapsd_auto_trig_arg {
++ u32 wmm_ac;
++ u32 user_priority;
++ u32 service_interval;
++ u32 suspend_interval;
++ u32 delay_interval;
++};
++
+ enum wmi_sta_powersave_param {
+ /*
+ * Controls how frames are retrievd from AP while STA is sleeping
+@@ -3823,7 +4318,7 @@ struct wmi_bcn_info {
+
+ struct wmi_host_swba_event {
+ __le32 vdev_map;
+- struct wmi_bcn_info bcn_info[1];
++ struct wmi_bcn_info bcn_info[0];
+ } __packed;
+
+ #define WMI_MAX_AP_VDEV 16
+@@ -3833,7 +4328,6 @@ struct wmi_tbtt_offset_event {
+ __le32 tbttoffset_list[WMI_MAX_AP_VDEV];
+ } __packed;
+
+-
+ struct wmi_peer_create_cmd {
+ __le32 vdev_id;
+ struct wmi_mac_addr peer_macaddr;
+@@ -3951,7 +4445,8 @@ enum wmi_peer_param {
+ WMI_PEER_AUTHORIZE = 0x3,
+ WMI_PEER_CHAN_WIDTH = 0x4,
+ WMI_PEER_NSS = 0x5,
+- WMI_PEER_USE_4ADDR = 0x6
++ WMI_PEER_USE_4ADDR = 0x6,
++ WMI_PEER_DUMMY_VAR = 0xff, /* dummy parameter for STA PS workaround */
+ };
+
+ struct wmi_peer_set_param_cmd {
+@@ -4029,7 +4524,7 @@ struct wmi_peer_set_q_empty_callback_cmd
+ #define WMI_PEER_SPATIAL_MUX 0x00200000
+ #define WMI_PEER_VHT 0x02000000
+ #define WMI_PEER_80MHZ 0x04000000
+-#define WMI_PEER_PMF 0x08000000
++#define WMI_PEER_VHT_2G 0x08000000
+
+ /*
+ * Peer rate capabilities.
+@@ -4053,7 +4548,7 @@ struct wmi_peer_set_q_empty_callback_cmd
+ /* Maximum listen interval supported by hw in units of beacon interval */
+ #define ATH10K_MAX_HW_LISTEN_INTERVAL 5
+
+-struct wmi_peer_assoc_complete_cmd {
++struct wmi_common_peer_assoc_complete_cmd {
+ struct wmi_mac_addr peer_macaddr;
+ __le32 vdev_id;
+ __le32 peer_new_assoc; /* 1=assoc, 0=reassoc */
+@@ -4071,11 +4566,30 @@ struct wmi_peer_assoc_complete_cmd {
+ __le32 peer_vht_caps;
+ __le32 peer_phymode;
+ struct wmi_vht_rate_set peer_vht_rates;
++};
++
++struct wmi_main_peer_assoc_complete_cmd {
++ struct wmi_common_peer_assoc_complete_cmd cmd;
++
+ /* HT Operation Element of the peer. Five bytes packed in 2
+ * INT32 array and filled from lsb to msb. */
+ __le32 peer_ht_info[2];
+ } __packed;
+
++struct wmi_10_1_peer_assoc_complete_cmd {
++ struct wmi_common_peer_assoc_complete_cmd cmd;
++} __packed;
++
++#define WMI_PEER_ASSOC_INFO0_MAX_MCS_IDX_LSB 0
++#define WMI_PEER_ASSOC_INFO0_MAX_MCS_IDX_MASK 0x0f
++#define WMI_PEER_ASSOC_INFO0_MAX_NSS_LSB 4
++#define WMI_PEER_ASSOC_INFO0_MAX_NSS_MASK 0xf0
++
++struct wmi_10_2_peer_assoc_complete_cmd {
++ struct wmi_common_peer_assoc_complete_cmd cmd;
++ __le32 info0; /* WMI_PEER_ASSOC_INFO0_ */
++} __packed;
++
+ struct wmi_peer_assoc_complete_arg {
+ u8 addr[ETH_ALEN];
+ u32 vdev_id;
+@@ -4161,6 +4675,11 @@ enum wmi_sta_keepalive_method {
+ WMI_STA_KEEPALIVE_METHOD_UNSOLICITATED_ARP_RESPONSE = 2,
+ };
+
++#define WMI_STA_KEEPALIVE_INTERVAL_DISABLE 0
++
++/* Firmware crashes if keepalive interval exceeds this limit */
++#define WMI_STA_KEEPALIVE_INTERVAL_MAX_SECONDS 0xffff
++
+ /* note: ip4 addresses are in network byte order, i.e. big endian */
+ struct wmi_sta_keepalive_arp_resp {
+ __be32 src_ip4_addr;
+@@ -4176,6 +4695,16 @@ struct wmi_sta_keepalive_cmd {
+ struct wmi_sta_keepalive_arp_resp arp_resp;
+ } __packed;
+
++struct wmi_sta_keepalive_arg {
++ u32 vdev_id;
++ u32 enabled;
++ u32 method;
++ u32 interval;
++ __be32 src_ip4_addr;
++ __be32 dest_ip4_addr;
++ const u8 dest_mac_addr[ETH_ALEN];
++};
++
+ enum wmi_force_fw_hang_type {
+ WMI_FORCE_FW_HANG_ASSERT = 1,
+ WMI_FORCE_FW_HANG_NO_DETECT,
+@@ -4240,7 +4769,6 @@ struct wmi_dbglog_cfg_cmd {
+ __le32 config_valid;
+ } __packed;
+
+-#define ATH10K_RTS_MAX 2347
+ #define ATH10K_FRAGMT_THRESHOLD_MIN 540
+ #define ATH10K_FRAGMT_THRESHOLD_MAX 2346
+
+@@ -4251,72 +4779,170 @@ struct wmi_dbglog_cfg_cmd {
+ /* By default disable power save for IBSS */
+ #define ATH10K_DEFAULT_ATIM 0
+
++#define WMI_MAX_MEM_REQS 16
++
++struct wmi_scan_ev_arg {
++ __le32 event_type; /* %WMI_SCAN_EVENT_ */
++ __le32 reason; /* %WMI_SCAN_REASON_ */
++ __le32 channel_freq; /* only valid for WMI_SCAN_EVENT_FOREIGN_CHANNEL */
++ __le32 scan_req_id;
++ __le32 scan_id;
++ __le32 vdev_id;
++};
++
++struct wmi_mgmt_rx_ev_arg {
++ __le32 channel;
++ __le32 snr;
++ __le32 rate;
++ __le32 phy_mode;
++ __le32 buf_len;
++ __le32 status; /* %WMI_RX_STATUS_ */
++};
++
++struct wmi_ch_info_ev_arg {
++ __le32 err_code;
++ __le32 freq;
++ __le32 cmd_flags;
++ __le32 noise_floor;
++ __le32 rx_clear_count;
++ __le32 cycle_count;
++};
++
++struct wmi_vdev_start_ev_arg {
++ __le32 vdev_id;
++ __le32 req_id;
++ __le32 resp_type; /* %WMI_VDEV_RESP_ */
++ __le32 status;
++};
++
++struct wmi_peer_kick_ev_arg {
++ const u8 *mac_addr;
++};
++
++struct wmi_swba_ev_arg {
++ __le32 vdev_map;
++ const struct wmi_tim_info *tim_info[WMI_MAX_AP_VDEV];
++ const struct wmi_p2p_noa_info *noa_info[WMI_MAX_AP_VDEV];
++};
++
++struct wmi_phyerr_ev_arg {
++ __le32 num_phyerrs;
++ __le32 tsf_l32;
++ __le32 tsf_u32;
++ __le32 buf_len;
++ const struct wmi_phyerr *phyerrs;
++};
++
++struct wmi_svc_rdy_ev_arg {
++ __le32 min_tx_power;
++ __le32 max_tx_power;
++ __le32 ht_cap;
++ __le32 vht_cap;
++ __le32 sw_ver0;
++ __le32 sw_ver1;
++ __le32 fw_build;
++ __le32 phy_capab;
++ __le32 num_rf_chains;
++ __le32 eeprom_rd;
++ __le32 num_mem_reqs;
++ const __le32 *service_map;
++ size_t service_map_len;
++ const struct wlan_host_mem_req *mem_reqs[WMI_MAX_MEM_REQS];
++};
++
++struct wmi_rdy_ev_arg {
++ __le32 sw_version;
++ __le32 abi_version;
++ __le32 status;
++ const u8 *mac_addr;
++};
++
++struct wmi_pdev_temperature_event {
++ /* temperature value in Celcius degree */
++ __le32 temperature;
++} __packed;
++
+ struct ath10k;
+ struct ath10k_vif;
++struct ath10k_fw_stats_pdev;
++struct ath10k_fw_stats_peer;
+
+ int ath10k_wmi_attach(struct ath10k *ar);
+ void ath10k_wmi_detach(struct ath10k *ar);
+ int ath10k_wmi_wait_for_service_ready(struct ath10k *ar);
+ int ath10k_wmi_wait_for_unified_ready(struct ath10k *ar);
+
+-int ath10k_wmi_connect_htc_service(struct ath10k *ar);
+-int ath10k_wmi_pdev_set_channel(struct ath10k *ar,
+- const struct wmi_channel_arg *);
+-int ath10k_wmi_pdev_suspend_target(struct ath10k *ar, u32 suspend_opt);
+-int ath10k_wmi_pdev_resume_target(struct ath10k *ar);
+-int ath10k_wmi_pdev_set_regdomain(struct ath10k *ar, u16 rd, u16 rd2g,
+- u16 rd5g, u16 ctl2g, u16 ctl5g,
+- enum wmi_dfs_region dfs_reg);
+-int ath10k_wmi_pdev_set_param(struct ath10k *ar, u32 id, u32 value);
+-int ath10k_wmi_cmd_init(struct ath10k *ar);
+-int ath10k_wmi_start_scan(struct ath10k *ar, const struct wmi_start_scan_arg *);
++struct sk_buff *ath10k_wmi_alloc_skb(struct ath10k *ar, u32 len);
++int ath10k_wmi_connect(struct ath10k *ar);
++
++struct sk_buff *ath10k_wmi_alloc_skb(struct ath10k *ar, u32 len);
++int ath10k_wmi_cmd_send(struct ath10k *ar, struct sk_buff *skb, u32 cmd_id);
++int ath10k_wmi_cmd_send_nowait(struct ath10k *ar, struct sk_buff *skb,
++ u32 cmd_id);
+ void ath10k_wmi_start_scan_init(struct ath10k *ar, struct wmi_start_scan_arg *);
+-int ath10k_wmi_stop_scan(struct ath10k *ar,
+- const struct wmi_stop_scan_arg *arg);
+-int ath10k_wmi_vdev_create(struct ath10k *ar, u32 vdev_id,
+- enum wmi_vdev_type type,
+- enum wmi_vdev_subtype subtype,
+- const u8 macaddr[ETH_ALEN]);
+-int ath10k_wmi_vdev_delete(struct ath10k *ar, u32 vdev_id);
+-int ath10k_wmi_vdev_start(struct ath10k *ar,
+- const struct wmi_vdev_start_request_arg *);
+-int ath10k_wmi_vdev_restart(struct ath10k *ar,
+- const struct wmi_vdev_start_request_arg *);
+-int ath10k_wmi_vdev_stop(struct ath10k *ar, u32 vdev_id);
+-int ath10k_wmi_vdev_up(struct ath10k *ar, u32 vdev_id, u32 aid,
+- const u8 *bssid);
+-int ath10k_wmi_vdev_down(struct ath10k *ar, u32 vdev_id);
+-int ath10k_wmi_vdev_set_param(struct ath10k *ar, u32 vdev_id,
+- u32 param_id, u32 param_value);
+-int ath10k_wmi_vdev_install_key(struct ath10k *ar,
+- const struct wmi_vdev_install_key_arg *arg);
+-int ath10k_wmi_peer_create(struct ath10k *ar, u32 vdev_id,
+- const u8 peer_addr[ETH_ALEN]);
+-int ath10k_wmi_peer_delete(struct ath10k *ar, u32 vdev_id,
+- const u8 peer_addr[ETH_ALEN]);
+-int ath10k_wmi_peer_flush(struct ath10k *ar, u32 vdev_id,
+- const u8 peer_addr[ETH_ALEN], u32 tid_bitmap);
+-int ath10k_wmi_peer_set_param(struct ath10k *ar, u32 vdev_id,
+- const u8 *peer_addr,
+- enum wmi_peer_param param_id, u32 param_value);
+-int ath10k_wmi_peer_assoc(struct ath10k *ar,
+- const struct wmi_peer_assoc_complete_arg *arg);
+-int ath10k_wmi_set_psmode(struct ath10k *ar, u32 vdev_id,
+- enum wmi_sta_ps_mode psmode);
+-int ath10k_wmi_set_sta_ps_param(struct ath10k *ar, u32 vdev_id,
+- enum wmi_sta_powersave_param param_id,
+- u32 value);
+-int ath10k_wmi_set_ap_ps_param(struct ath10k *ar, u32 vdev_id, const u8 *mac,
+- enum wmi_ap_ps_peer_param param_id, u32 value);
+-int ath10k_wmi_scan_chan_list(struct ath10k *ar,
+- const struct wmi_scan_chan_list_arg *arg);
+-int ath10k_wmi_beacon_send_ref_nowait(struct ath10k_vif *arvif);
+-int ath10k_wmi_pdev_set_wmm_params(struct ath10k *ar,
+- const struct wmi_pdev_set_wmm_params_arg *arg);
+-int ath10k_wmi_request_stats(struct ath10k *ar, enum wmi_stats_id stats_id);
+-int ath10k_wmi_force_fw_hang(struct ath10k *ar,
+- enum wmi_force_fw_hang_type type, u32 delay_ms);
+-int ath10k_wmi_mgmt_tx(struct ath10k *ar, struct sk_buff *skb);
+-int ath10k_wmi_dbglog_cfg(struct ath10k *ar, u32 module_enable);
++
++void ath10k_wmi_pull_pdev_stats_base(const struct wmi_pdev_stats_base *src,
++ struct ath10k_fw_stats_pdev *dst);
++void ath10k_wmi_pull_pdev_stats_tx(const struct wmi_pdev_stats_tx *src,
++ struct ath10k_fw_stats_pdev *dst);
++void ath10k_wmi_pull_pdev_stats_rx(const struct wmi_pdev_stats_rx *src,
++ struct ath10k_fw_stats_pdev *dst);
++void ath10k_wmi_pull_pdev_stats_extra(const struct wmi_pdev_stats_extra *src,
++ struct ath10k_fw_stats_pdev *dst);
++void ath10k_wmi_pull_peer_stats(const struct wmi_peer_stats *src,
++ struct ath10k_fw_stats_peer *dst);
++void ath10k_wmi_put_host_mem_chunks(struct ath10k *ar,
++ struct wmi_host_mem_chunks *chunks);
++void ath10k_wmi_put_start_scan_common(struct wmi_start_scan_common *cmn,
++ const struct wmi_start_scan_arg *arg);
++void ath10k_wmi_set_wmm_param(struct wmi_wmm_params *params,
++ const struct wmi_wmm_params_arg *arg);
++void ath10k_wmi_put_wmi_channel(struct wmi_channel *ch,
++ const struct wmi_channel_arg *arg);
++int ath10k_wmi_start_scan_verify(const struct wmi_start_scan_arg *arg);
++
++int ath10k_wmi_event_scan(struct ath10k *ar, struct sk_buff *skb);
++int ath10k_wmi_event_mgmt_rx(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_chan_info(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_echo(struct ath10k *ar, struct sk_buff *skb);
++int ath10k_wmi_event_debug_mesg(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_update_stats(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_vdev_start_resp(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_vdev_stopped(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_peer_sta_kickout(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_host_swba(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_tbttoffset_update(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_dfs(struct ath10k *ar,
++ const struct wmi_phyerr *phyerr, u64 tsf);
++void ath10k_wmi_event_spectral_scan(struct ath10k *ar,
++ const struct wmi_phyerr *phyerr,
++ u64 tsf);
++void ath10k_wmi_event_phyerr(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_roam(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_profile_match(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_debug_print(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_pdev_qvit(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_wlan_profile_data(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_rtt_measurement_report(struct ath10k *ar,
++ struct sk_buff *skb);
++void ath10k_wmi_event_tsf_measurement_report(struct ath10k *ar,
++ struct sk_buff *skb);
++void ath10k_wmi_event_rtt_error_report(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_wow_wakeup_host(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_dcs_interference(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_pdev_tpc_config(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_pdev_ftm_intg(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_gtk_offload_status(struct ath10k *ar,
++ struct sk_buff *skb);
++void ath10k_wmi_event_gtk_rekey_fail(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_delba_complete(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_addba_complete(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_vdev_install_key_complete(struct ath10k *ar,
++ struct sk_buff *skb);
++void ath10k_wmi_event_inst_rssi_stats(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_vdev_standby_req(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_vdev_resume_req(struct ath10k *ar, struct sk_buff *skb);
++void ath10k_wmi_event_service_ready(struct ath10k *ar, struct sk_buff *skb);
++int ath10k_wmi_event_ready(struct ath10k *ar, struct sk_buff *skb);
+
+ #endif /* _WMI_H_ */
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/spectral.c
+@@ -0,0 +1,552 @@
++/*
++ * Copyright (c) 2013 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#include <linux/relay.h>
++#include "core.h"
++#include "debug.h"
++#include "wmi-ops.h"
++
++static void send_fft_sample(struct ath10k *ar,
++ const struct fft_sample_tlv *fft_sample_tlv)
++{
++ int length;
++
++ if (!ar->spectral.rfs_chan_spec_scan)
++ return;
++
++ length = __be16_to_cpu(fft_sample_tlv->length) +
++ sizeof(*fft_sample_tlv);
++ relay_write(ar->spectral.rfs_chan_spec_scan, fft_sample_tlv, length);
++}
++
++static uint8_t get_max_exp(s8 max_index, u16 max_magnitude, size_t bin_len,
++ u8 *data)
++{
++ int dc_pos;
++ u8 max_exp;
++
++ dc_pos = bin_len / 2;
++
++ /* peak index outside of bins */
++ if (dc_pos < max_index || -dc_pos >= max_index)
++ return 0;
++
++ for (max_exp = 0; max_exp < 8; max_exp++) {
++ if (data[dc_pos + max_index] == (max_magnitude >> max_exp))
++ break;
++ }
++
++ /* max_exp not found */
++ if (data[dc_pos + max_index] != (max_magnitude >> max_exp))
++ return 0;
++
++ return max_exp;
++}
++
++int ath10k_spectral_process_fft(struct ath10k *ar,
++ const struct wmi_phyerr *phyerr,
++ const struct phyerr_fft_report *fftr,
++ size_t bin_len, u64 tsf)
++{
++ struct fft_sample_ath10k *fft_sample;
++ u8 buf[sizeof(*fft_sample) + SPECTRAL_ATH10K_MAX_NUM_BINS];
++ u16 freq1, freq2, total_gain_db, base_pwr_db, length, peak_mag;
++ u32 reg0, reg1;
++ u8 chain_idx, *bins;
++ int dc_pos;
++
++ fft_sample = (struct fft_sample_ath10k *)&buf;
++
++ if (bin_len < 64 || bin_len > SPECTRAL_ATH10K_MAX_NUM_BINS)
++ return -EINVAL;
++
++ reg0 = __le32_to_cpu(fftr->reg0);
++ reg1 = __le32_to_cpu(fftr->reg1);
++
++ length = sizeof(*fft_sample) - sizeof(struct fft_sample_tlv) + bin_len;
++ fft_sample->tlv.type = ATH_FFT_SAMPLE_ATH10K;
++ fft_sample->tlv.length = __cpu_to_be16(length);
++
++ /* TODO: there might be a reason why the hardware reports 20/40/80 MHz,
++ * but the results/plots suggest that its actually 22/44/88 MHz.
++ */
++ switch (phyerr->chan_width_mhz) {
++ case 20:
++ fft_sample->chan_width_mhz = 22;
++ break;
++ case 40:
++ fft_sample->chan_width_mhz = 44;
++ break;
++ case 80:
++ /* TODO: As experiments with an analogue sender and various
++ * configuaritions (fft-sizes of 64/128/256 and 20/40/80 Mhz)
++ * show, the particular configuration of 80 MHz/64 bins does
++ * not match with the other smaples at all. Until the reason
++ * for that is found, don't report these samples.
++ */
++ if (bin_len == 64)
++ return -EINVAL;
++ fft_sample->chan_width_mhz = 88;
++ break;
++ default:
++ fft_sample->chan_width_mhz = phyerr->chan_width_mhz;
++ }
++
++ fft_sample->relpwr_db = MS(reg1, SEARCH_FFT_REPORT_REG1_RELPWR_DB);
++ fft_sample->avgpwr_db = MS(reg1, SEARCH_FFT_REPORT_REG1_AVGPWR_DB);
++
++ peak_mag = MS(reg1, SEARCH_FFT_REPORT_REG1_PEAK_MAG);
++ fft_sample->max_magnitude = __cpu_to_be16(peak_mag);
++ fft_sample->max_index = MS(reg0, SEARCH_FFT_REPORT_REG0_PEAK_SIDX);
++ fft_sample->rssi = phyerr->rssi_combined;
++
++ total_gain_db = MS(reg0, SEARCH_FFT_REPORT_REG0_TOTAL_GAIN_DB);
++ base_pwr_db = MS(reg0, SEARCH_FFT_REPORT_REG0_BASE_PWR_DB);
++ fft_sample->total_gain_db = __cpu_to_be16(total_gain_db);
++ fft_sample->base_pwr_db = __cpu_to_be16(base_pwr_db);
++
++ freq1 = __le16_to_cpu(phyerr->freq1);
++ freq2 = __le16_to_cpu(phyerr->freq2);
++ fft_sample->freq1 = __cpu_to_be16(freq1);
++ fft_sample->freq2 = __cpu_to_be16(freq2);
++
++ chain_idx = MS(reg0, SEARCH_FFT_REPORT_REG0_FFT_CHN_IDX);
++
++ fft_sample->noise = __cpu_to_be16(
++ __le16_to_cpu(phyerr->nf_chains[chain_idx]));
++
++ bins = (u8 *)fftr;
++ bins += sizeof(*fftr);
++
++ fft_sample->tsf = __cpu_to_be64(tsf);
++
++ /* max_exp has been directly reported by previous hardware (ath9k),
++ * maybe its possible to get it by other means?
++ */
++ fft_sample->max_exp = get_max_exp(fft_sample->max_index, peak_mag,
++ bin_len, bins);
++
++ memcpy(fft_sample->data, bins, bin_len);
++
++ /* DC value (value in the middle) is the blind spot of the spectral
++ * sample and invalid, interpolate it.
++ */
++ dc_pos = bin_len / 2;
++ fft_sample->data[dc_pos] = (fft_sample->data[dc_pos + 1] +
++ fft_sample->data[dc_pos - 1]) / 2;
++
++ send_fft_sample(ar, &fft_sample->tlv);
++
++ return 0;
++}
++
++static struct ath10k_vif *ath10k_get_spectral_vdev(struct ath10k *ar)
++{
++ struct ath10k_vif *arvif;
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ if (list_empty(&ar->arvifs))
++ return NULL;
++
++ /* if there already is a vif doing spectral, return that. */
++ list_for_each_entry(arvif, &ar->arvifs, list)
++ if (arvif->spectral_enabled)
++ return arvif;
++
++ /* otherwise, return the first vif. */
++ return list_first_entry(&ar->arvifs, typeof(*arvif), list);
++}
++
++static int ath10k_spectral_scan_trigger(struct ath10k *ar)
++{
++ struct ath10k_vif *arvif;
++ int res;
++ int vdev_id;
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ arvif = ath10k_get_spectral_vdev(ar);
++ if (!arvif)
++ return -ENODEV;
++ vdev_id = arvif->vdev_id;
++
++ if (ar->spectral.mode == SPECTRAL_DISABLED)
++ return 0;
++
++ res = ath10k_wmi_vdev_spectral_enable(ar, vdev_id,
++ WMI_SPECTRAL_TRIGGER_CMD_CLEAR,
++ WMI_SPECTRAL_ENABLE_CMD_ENABLE);
++ if (res < 0)
++ return res;
++
++ res = ath10k_wmi_vdev_spectral_enable(ar, vdev_id,
++ WMI_SPECTRAL_TRIGGER_CMD_TRIGGER,
++ WMI_SPECTRAL_ENABLE_CMD_ENABLE);
++ if (res < 0)
++ return res;
++
++ return 0;
++}
++
++static int ath10k_spectral_scan_config(struct ath10k *ar,
++ enum ath10k_spectral_mode mode)
++{
++ struct wmi_vdev_spectral_conf_arg arg;
++ struct ath10k_vif *arvif;
++ int vdev_id, count, res = 0;
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ arvif = ath10k_get_spectral_vdev(ar);
++ if (!arvif)
++ return -ENODEV;
++
++ vdev_id = arvif->vdev_id;
++
++ arvif->spectral_enabled = (mode != SPECTRAL_DISABLED);
++ ar->spectral.mode = mode;
++
++ res = ath10k_wmi_vdev_spectral_enable(ar, vdev_id,
++ WMI_SPECTRAL_TRIGGER_CMD_CLEAR,
++ WMI_SPECTRAL_ENABLE_CMD_DISABLE);
++ if (res < 0) {
++ ath10k_warn(ar, "failed to enable spectral scan: %d\n", res);
++ return res;
++ }
++
++ if (mode == SPECTRAL_DISABLED)
++ return 0;
++
++ if (mode == SPECTRAL_BACKGROUND)
++ count = WMI_SPECTRAL_COUNT_DEFAULT;
++ else
++ count = max_t(u8, 1, ar->spectral.config.count);
++
++ arg.vdev_id = vdev_id;
++ arg.scan_count = count;
++ arg.scan_period = WMI_SPECTRAL_PERIOD_DEFAULT;
++ arg.scan_priority = WMI_SPECTRAL_PRIORITY_DEFAULT;
++ arg.scan_fft_size = ar->spectral.config.fft_size;
++ arg.scan_gc_ena = WMI_SPECTRAL_GC_ENA_DEFAULT;
++ arg.scan_restart_ena = WMI_SPECTRAL_RESTART_ENA_DEFAULT;
++ arg.scan_noise_floor_ref = WMI_SPECTRAL_NOISE_FLOOR_REF_DEFAULT;
++ arg.scan_init_delay = WMI_SPECTRAL_INIT_DELAY_DEFAULT;
++ arg.scan_nb_tone_thr = WMI_SPECTRAL_NB_TONE_THR_DEFAULT;
++ arg.scan_str_bin_thr = WMI_SPECTRAL_STR_BIN_THR_DEFAULT;
++ arg.scan_wb_rpt_mode = WMI_SPECTRAL_WB_RPT_MODE_DEFAULT;
++ arg.scan_rssi_rpt_mode = WMI_SPECTRAL_RSSI_RPT_MODE_DEFAULT;
++ arg.scan_rssi_thr = WMI_SPECTRAL_RSSI_THR_DEFAULT;
++ arg.scan_pwr_format = WMI_SPECTRAL_PWR_FORMAT_DEFAULT;
++ arg.scan_rpt_mode = WMI_SPECTRAL_RPT_MODE_DEFAULT;
++ arg.scan_bin_scale = WMI_SPECTRAL_BIN_SCALE_DEFAULT;
++ arg.scan_dbm_adj = WMI_SPECTRAL_DBM_ADJ_DEFAULT;
++ arg.scan_chn_mask = WMI_SPECTRAL_CHN_MASK_DEFAULT;
++
++ res = ath10k_wmi_vdev_spectral_conf(ar, &arg);
++ if (res < 0) {
++ ath10k_warn(ar, "failed to configure spectral scan: %d\n", res);
++ return res;
++ }
++
++ return 0;
++}
++
++static ssize_t read_file_spec_scan_ctl(struct file *file, char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ char *mode = "";
++ unsigned int len;
++ enum ath10k_spectral_mode spectral_mode;
++
++ mutex_lock(&ar->conf_mutex);
++ spectral_mode = ar->spectral.mode;
++ mutex_unlock(&ar->conf_mutex);
++
++ switch (spectral_mode) {
++ case SPECTRAL_DISABLED:
++ mode = "disable";
++ break;
++ case SPECTRAL_BACKGROUND:
++ mode = "background";
++ break;
++ case SPECTRAL_MANUAL:
++ mode = "manual";
++ break;
++ }
++
++ len = strlen(mode);
++ return simple_read_from_buffer(user_buf, count, ppos, mode, len);
++}
++
++static ssize_t write_file_spec_scan_ctl(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ char buf[32];
++ ssize_t len;
++ int res;
++
++ len = min(count, sizeof(buf) - 1);
++ if (copy_from_user(buf, user_buf, len))
++ return -EFAULT;
++
++ buf[len] = '\0';
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (strncmp("trigger", buf, 7) == 0) {
++ if (ar->spectral.mode == SPECTRAL_MANUAL ||
++ ar->spectral.mode == SPECTRAL_BACKGROUND) {
++ /* reset the configuration to adopt possibly changed
++ * debugfs parameters
++ */
++ res = ath10k_spectral_scan_config(ar,
++ ar->spectral.mode);
++ if (res < 0) {
++ ath10k_warn(ar, "failed to reconfigure spectral scan: %d\n",
++ res);
++ }
++ res = ath10k_spectral_scan_trigger(ar);
++ if (res < 0) {
++ ath10k_warn(ar, "failed to trigger spectral scan: %d\n",
++ res);
++ }
++ } else {
++ res = -EINVAL;
++ }
++ } else if (strncmp("background", buf, 9) == 0) {
++ res = ath10k_spectral_scan_config(ar, SPECTRAL_BACKGROUND);
++ } else if (strncmp("manual", buf, 6) == 0) {
++ res = ath10k_spectral_scan_config(ar, SPECTRAL_MANUAL);
++ } else if (strncmp("disable", buf, 7) == 0) {
++ res = ath10k_spectral_scan_config(ar, SPECTRAL_DISABLED);
++ } else {
++ res = -EINVAL;
++ }
++
++ mutex_unlock(&ar->conf_mutex);
++
++ if (res < 0)
++ return res;
++
++ return count;
++}
++
++static const struct file_operations fops_spec_scan_ctl = {
++ .read = read_file_spec_scan_ctl,
++ .write = write_file_spec_scan_ctl,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++static ssize_t read_file_spectral_count(struct file *file,
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ char buf[32];
++ unsigned int len;
++ u8 spectral_count;
++
++ mutex_lock(&ar->conf_mutex);
++ spectral_count = ar->spectral.config.count;
++ mutex_unlock(&ar->conf_mutex);
++
++ len = sprintf(buf, "%d\n", spectral_count);
++ return simple_read_from_buffer(user_buf, count, ppos, buf, len);
++}
++
++static ssize_t write_file_spectral_count(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ unsigned long val;
++ char buf[32];
++ ssize_t len;
++
++ len = min(count, sizeof(buf) - 1);
++ if (copy_from_user(buf, user_buf, len))
++ return -EFAULT;
++
++ buf[len] = '\0';
++ if (kstrtoul(buf, 0, &val))
++ return -EINVAL;
++
++ if (val < 0 || val > 255)
++ return -EINVAL;
++
++ mutex_lock(&ar->conf_mutex);
++ ar->spectral.config.count = val;
++ mutex_unlock(&ar->conf_mutex);
++
++ return count;
++}
++
++static const struct file_operations fops_spectral_count = {
++ .read = read_file_spectral_count,
++ .write = write_file_spectral_count,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++static ssize_t read_file_spectral_bins(struct file *file,
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ char buf[32];
++ unsigned int len, bins, fft_size, bin_scale;
++
++ mutex_lock(&ar->conf_mutex);
++
++ fft_size = ar->spectral.config.fft_size;
++ bin_scale = WMI_SPECTRAL_BIN_SCALE_DEFAULT;
++ bins = 1 << (fft_size - bin_scale);
++
++ mutex_unlock(&ar->conf_mutex);
++
++ len = sprintf(buf, "%d\n", bins);
++ return simple_read_from_buffer(user_buf, count, ppos, buf, len);
++}
++
++static ssize_t write_file_spectral_bins(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ath10k *ar = file->private_data;
++ unsigned long val;
++ char buf[32];
++ ssize_t len;
++
++ len = min(count, sizeof(buf) - 1);
++ if (copy_from_user(buf, user_buf, len))
++ return -EFAULT;
++
++ buf[len] = '\0';
++ if (kstrtoul(buf, 0, &val))
++ return -EINVAL;
++
++ if (val < 64 || val > SPECTRAL_ATH10K_MAX_NUM_BINS)
++ return -EINVAL;
++
++ if (!is_power_of_2(val))
++ return -EINVAL;
++
++ mutex_lock(&ar->conf_mutex);
++ ar->spectral.config.fft_size = ilog2(val);
++ ar->spectral.config.fft_size += WMI_SPECTRAL_BIN_SCALE_DEFAULT;
++ mutex_unlock(&ar->conf_mutex);
++
++ return count;
++}
++
++static const struct file_operations fops_spectral_bins = {
++ .read = read_file_spectral_bins,
++ .write = write_file_spectral_bins,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++static struct dentry *create_buf_file_handler(const char *filename,
++ struct dentry *parent,
++#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,3,0))
++ umode_t mode,
++#else
++ int mode,
++#endif
++ struct rchan_buf *buf,
++ int *is_global)
++{
++ struct dentry *buf_file;
++
++ buf_file = debugfs_create_file(filename, mode, parent, buf,
++ &relay_file_operations);
++ *is_global = 1;
++ return buf_file;
++}
++
++static int remove_buf_file_handler(struct dentry *dentry)
++{
++ debugfs_remove(dentry);
++
++ return 0;
++}
++
++static struct rchan_callbacks rfs_spec_scan_cb = {
++ .create_buf_file = create_buf_file_handler,
++ .remove_buf_file = remove_buf_file_handler,
++};
++
++int ath10k_spectral_start(struct ath10k *ar)
++{
++ struct ath10k_vif *arvif;
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ list_for_each_entry(arvif, &ar->arvifs, list)
++ arvif->spectral_enabled = 0;
++
++ ar->spectral.mode = SPECTRAL_DISABLED;
++ ar->spectral.config.count = WMI_SPECTRAL_COUNT_DEFAULT;
++ ar->spectral.config.fft_size = WMI_SPECTRAL_FFT_SIZE_DEFAULT;
++
++ return 0;
++}
++
++int ath10k_spectral_vif_stop(struct ath10k_vif *arvif)
++{
++ if (!arvif->spectral_enabled)
++ return 0;
++
++ return ath10k_spectral_scan_config(arvif->ar, SPECTRAL_DISABLED);
++}
++
++int ath10k_spectral_create(struct ath10k *ar)
++{
++ ar->spectral.rfs_chan_spec_scan = relay_open("spectral_scan",
++ ar->debug.debugfs_phy,
++ 1024, 256,
++ &rfs_spec_scan_cb, NULL);
++ debugfs_create_file("spectral_scan_ctl",
++ S_IRUSR | S_IWUSR,
++ ar->debug.debugfs_phy, ar,
++ &fops_spec_scan_ctl);
++ debugfs_create_file("spectral_count",
++ S_IRUSR | S_IWUSR,
++ ar->debug.debugfs_phy, ar,
++ &fops_spectral_count);
++ debugfs_create_file("spectral_bins",
++ S_IRUSR | S_IWUSR,
++ ar->debug.debugfs_phy, ar,
++ &fops_spectral_bins);
++
++ return 0;
++}
++
++void ath10k_spectral_destroy(struct ath10k *ar)
++{
++ if (ar->spectral.rfs_chan_spec_scan) {
++ relay_close(ar->spectral.rfs_chan_spec_scan);
++ ar->spectral.rfs_chan_spec_scan = NULL;
++ }
++}
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/spectral.h
+@@ -0,0 +1,90 @@
++/*
++ * Copyright (c) 2013 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#ifndef SPECTRAL_H
++#define SPECTRAL_H
++
++#include "../spectral_common.h"
++
++/**
++ * struct ath10k_spec_scan - parameters for Atheros spectral scan
++ *
++ * @count: number of scan results requested for manual mode
++ * @fft_size: number of bins to be requested = 2^(fft_size - bin_scale)
++ */
++struct ath10k_spec_scan {
++ u8 count;
++ u8 fft_size;
++};
++
++/* enum ath10k_spectral_mode:
++ *
++ * @SPECTRAL_DISABLED: spectral mode is disabled
++ * @SPECTRAL_BACKGROUND: hardware sends samples when it is not busy with
++ * something else.
++ * @SPECTRAL_MANUAL: spectral scan is enabled, triggering for samples
++ * is performed manually.
++ */
++enum ath10k_spectral_mode {
++ SPECTRAL_DISABLED = 0,
++ SPECTRAL_BACKGROUND,
++ SPECTRAL_MANUAL,
++};
++
++#ifdef CPTCFG_ATH10K_DEBUGFS
++
++int ath10k_spectral_process_fft(struct ath10k *ar,
++ const struct wmi_phyerr *phyerr,
++ const struct phyerr_fft_report *fftr,
++ size_t bin_len, u64 tsf);
++int ath10k_spectral_start(struct ath10k *ar);
++int ath10k_spectral_vif_stop(struct ath10k_vif *arvif);
++int ath10k_spectral_create(struct ath10k *ar);
++void ath10k_spectral_destroy(struct ath10k *ar);
++
++#else
++
++static inline int
++ath10k_spectral_process_fft(struct ath10k *ar,
++ const struct wmi_phyerr *phyerr,
++ const struct phyerr_fft_report *fftr,
++ size_t bin_len, u64 tsf)
++{
++ return 0;
++}
++
++static inline int ath10k_spectral_start(struct ath10k *ar)
++{
++ return 0;
++}
++
++static inline int ath10k_spectral_vif_stop(struct ath10k_vif *arvif)
++{
++ return 0;
++}
++
++static inline int ath10k_spectral_create(struct ath10k *ar)
++{
++ return 0;
++}
++
++static inline void ath10k_spectral_destroy(struct ath10k *ar)
++{
++}
++
++#endif /* CPTCFG_ATH10K_DEBUGFS */
++
++#endif /* SPECTRAL_H */
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/testmode.c
+@@ -0,0 +1,385 @@
++/*
++ * Copyright (c) 2014 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#include "testmode.h"
++
++#include <net/netlink.h>
++#include <linux/firmware.h>
++
++#include "debug.h"
++#include "wmi.h"
++#include "hif.h"
++#include "hw.h"
++
++#include "testmode_i.h"
++
++static const struct nla_policy ath10k_tm_policy[ATH10K_TM_ATTR_MAX + 1] = {
++ [ATH10K_TM_ATTR_CMD] = { .type = NLA_U32 },
++ [ATH10K_TM_ATTR_DATA] = { .type = NLA_BINARY,
++ .len = ATH10K_TM_DATA_MAX_LEN },
++ [ATH10K_TM_ATTR_WMI_CMDID] = { .type = NLA_U32 },
++ [ATH10K_TM_ATTR_VERSION_MAJOR] = { .type = NLA_U32 },
++ [ATH10K_TM_ATTR_VERSION_MINOR] = { .type = NLA_U32 },
++};
++
++/* Returns true if callee consumes the skb and the skb should be discarded.
++ * Returns false if skb is not used. Does not sleep.
++ */
++bool ath10k_tm_event_wmi(struct ath10k *ar, u32 cmd_id, struct sk_buff *skb)
++{
++ struct sk_buff *nl_skb;
++ bool consumed;
++ int ret;
++
++ ath10k_dbg(ar, ATH10K_DBG_TESTMODE,
++ "testmode event wmi cmd_id %d skb %p skb->len %d\n",
++ cmd_id, skb, skb->len);
++
++ ath10k_dbg_dump(ar, ATH10K_DBG_TESTMODE, NULL, "", skb->data, skb->len);
++
++ spin_lock_bh(&ar->data_lock);
++
++ if (!ar->testmode.utf_monitor) {
++ consumed = false;
++ goto out;
++ }
++
++ /* Only testmode.c should be handling events from utf firmware,
++ * otherwise all sort of problems will arise as mac80211 operations
++ * are not initialised.
++ */
++ consumed = true;
++
++ nl_skb = cfg80211_testmode_alloc_event_skb(ar->hw->wiphy,
++ 2 * sizeof(u32) + skb->len,
++ GFP_ATOMIC);
++ if (!nl_skb) {
++ ath10k_warn(ar,
++ "failed to allocate skb for testmode wmi event\n");
++ goto out;
++ }
++
++ ret = nla_put_u32(nl_skb, ATH10K_TM_ATTR_CMD, ATH10K_TM_CMD_WMI);
++ if (ret) {
++ ath10k_warn(ar,
++ "failed to to put testmode wmi event cmd attribute: %d\n",
++ ret);
++ kfree_skb(nl_skb);
++ goto out;
++ }
++
++ ret = nla_put_u32(nl_skb, ATH10K_TM_ATTR_WMI_CMDID, cmd_id);
++ if (ret) {
++ ath10k_warn(ar,
++ "failed to to put testmode wmi even cmd_id: %d\n",
++ ret);
++ kfree_skb(nl_skb);
++ goto out;
++ }
++
++ ret = nla_put(nl_skb, ATH10K_TM_ATTR_DATA, skb->len, skb->data);
++ if (ret) {
++ ath10k_warn(ar,
++ "failed to copy skb to testmode wmi event: %d\n",
++ ret);
++ kfree_skb(nl_skb);
++ goto out;
++ }
++
++ cfg80211_testmode_event(nl_skb, GFP_ATOMIC);
++
++out:
++ spin_unlock_bh(&ar->data_lock);
++
++ return consumed;
++}
++
++static int ath10k_tm_cmd_get_version(struct ath10k *ar, struct nlattr *tb[])
++{
++ struct sk_buff *skb;
++ int ret;
++
++ ath10k_dbg(ar, ATH10K_DBG_TESTMODE,
++ "testmode cmd get version_major %d version_minor %d\n",
++ ATH10K_TESTMODE_VERSION_MAJOR,
++ ATH10K_TESTMODE_VERSION_MINOR);
++
++ skb = cfg80211_testmode_alloc_reply_skb(ar->hw->wiphy,
++ nla_total_size(sizeof(u32)));
++ if (!skb)
++ return -ENOMEM;
++
++ ret = nla_put_u32(skb, ATH10K_TM_ATTR_VERSION_MAJOR,
++ ATH10K_TESTMODE_VERSION_MAJOR);
++ if (ret) {
++ kfree_skb(skb);
++ return ret;
++ }
++
++ ret = nla_put_u32(skb, ATH10K_TM_ATTR_VERSION_MINOR,
++ ATH10K_TESTMODE_VERSION_MINOR);
++ if (ret) {
++ kfree_skb(skb);
++ return ret;
++ }
++
++ return cfg80211_testmode_reply(skb);
++}
++
++static int ath10k_tm_cmd_utf_start(struct ath10k *ar, struct nlattr *tb[])
++{
++ char filename[100];
++ int ret;
++
++ ath10k_dbg(ar, ATH10K_DBG_TESTMODE, "testmode cmd utf start\n");
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->state == ATH10K_STATE_UTF) {
++ ret = -EALREADY;
++ goto err;
++ }
++
++ /* start utf only when the driver is not in use */
++ if (ar->state != ATH10K_STATE_OFF) {
++ ret = -EBUSY;
++ goto err;
++ }
++
++ if (WARN_ON(ar->testmode.utf != NULL)) {
++ /* utf image is already downloaded, it shouldn't be */
++ ret = -EEXIST;
++ goto err;
++ }
++
++ snprintf(filename, sizeof(filename), "%s/%s",
++ ar->hw_params.fw.dir, ATH10K_FW_UTF_FILE);
++
++ /* load utf firmware image */
++ ret = request_firmware(&ar->testmode.utf, filename, ar->dev);
++ if (ret) {
++ ath10k_warn(ar, "failed to retrieve utf firmware '%s': %d\n",
++ filename, ret);
++ goto err;
++ }
++
++ spin_lock_bh(&ar->data_lock);
++
++ ar->testmode.utf_monitor = true;
++
++ spin_unlock_bh(&ar->data_lock);
++
++ BUILD_BUG_ON(sizeof(ar->fw_features) !=
++ sizeof(ar->testmode.orig_fw_features));
++
++ memcpy(ar->testmode.orig_fw_features, ar->fw_features,
++ sizeof(ar->fw_features));
++ ar->testmode.orig_wmi_op_version = ar->wmi.op_version;
++
++ /* utf.bin firmware image does not advertise firmware features. Do
++ * an ugly hack where we force the firmware features so that wmi.c
++ * will use the correct WMI interface.
++ */
++ memset(ar->fw_features, 0, sizeof(ar->fw_features));
++ ar->wmi.op_version = ATH10K_FW_WMI_OP_VERSION_10_1;
++
++ ret = ath10k_hif_power_up(ar);
++ if (ret) {
++ ath10k_err(ar, "failed to power up hif (testmode): %d\n", ret);
++ ar->state = ATH10K_STATE_OFF;
++ goto err_fw_features;
++ }
++
++ ret = ath10k_core_start(ar, ATH10K_FIRMWARE_MODE_UTF);
++ if (ret) {
++ ath10k_err(ar, "failed to start core (testmode): %d\n", ret);
++ ar->state = ATH10K_STATE_OFF;
++ goto err_power_down;
++ }
++
++ ar->state = ATH10K_STATE_UTF;
++
++ ath10k_info(ar, "UTF firmware started\n");
++
++ mutex_unlock(&ar->conf_mutex);
++
++ return 0;
++
++err_power_down:
++ ath10k_hif_power_down(ar);
++
++err_fw_features:
++ /* return the original firmware features */
++ memcpy(ar->fw_features, ar->testmode.orig_fw_features,
++ sizeof(ar->fw_features));
++ ar->wmi.op_version = ar->testmode.orig_wmi_op_version;
++
++ release_firmware(ar->testmode.utf);
++ ar->testmode.utf = NULL;
++
++err:
++ mutex_unlock(&ar->conf_mutex);
++
++ return ret;
++}
++
++static void __ath10k_tm_cmd_utf_stop(struct ath10k *ar)
++{
++ lockdep_assert_held(&ar->conf_mutex);
++
++ ath10k_core_stop(ar);
++ ath10k_hif_power_down(ar);
++
++ spin_lock_bh(&ar->data_lock);
++
++ ar->testmode.utf_monitor = false;
++
++ spin_unlock_bh(&ar->data_lock);
++
++ /* return the original firmware features */
++ memcpy(ar->fw_features, ar->testmode.orig_fw_features,
++ sizeof(ar->fw_features));
++ ar->wmi.op_version = ar->testmode.orig_wmi_op_version;
++
++ release_firmware(ar->testmode.utf);
++ ar->testmode.utf = NULL;
++
++ ar->state = ATH10K_STATE_OFF;
++}
++
++static int ath10k_tm_cmd_utf_stop(struct ath10k *ar, struct nlattr *tb[])
++{
++ int ret;
++
++ ath10k_dbg(ar, ATH10K_DBG_TESTMODE, "testmode cmd utf stop\n");
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->state != ATH10K_STATE_UTF) {
++ ret = -ENETDOWN;
++ goto out;
++ }
++
++ __ath10k_tm_cmd_utf_stop(ar);
++
++ ret = 0;
++
++ ath10k_info(ar, "UTF firmware stopped\n");
++
++out:
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
++}
++
++static int ath10k_tm_cmd_wmi(struct ath10k *ar, struct nlattr *tb[])
++{
++ struct sk_buff *skb;
++ int ret, buf_len;
++ u32 cmd_id;
++ void *buf;
++
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->state != ATH10K_STATE_UTF) {
++ ret = -ENETDOWN;
++ goto out;
++ }
++
++ if (!tb[ATH10K_TM_ATTR_DATA]) {
++ ret = -EINVAL;
++ goto out;
++ }
++
++ if (!tb[ATH10K_TM_ATTR_WMI_CMDID]) {
++ ret = -EINVAL;
++ goto out;
++ }
++
++ buf = nla_data(tb[ATH10K_TM_ATTR_DATA]);
++ buf_len = nla_len(tb[ATH10K_TM_ATTR_DATA]);
++ cmd_id = nla_get_u32(tb[ATH10K_TM_ATTR_WMI_CMDID]);
++
++ ath10k_dbg(ar, ATH10K_DBG_TESTMODE,
++ "testmode cmd wmi cmd_id %d buf %p buf_len %d\n",
++ cmd_id, buf, buf_len);
++
++ ath10k_dbg_dump(ar, ATH10K_DBG_TESTMODE, NULL, "", buf, buf_len);
++
++ skb = ath10k_wmi_alloc_skb(ar, buf_len);
++ if (!skb) {
++ ret = -ENOMEM;
++ goto out;
++ }
++
++ memcpy(skb->data, buf, buf_len);
++
++ ret = ath10k_wmi_cmd_send(ar, skb, cmd_id);
++ if (ret) {
++ ath10k_warn(ar, "failed to transmit wmi command (testmode): %d\n",
++ ret);
++ goto out;
++ }
++
++ ret = 0;
++
++out:
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
++}
++
++int ath10k_tm_cmd(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
++ void *data, int len)
++{
++ struct ath10k *ar = hw->priv;
++ struct nlattr *tb[ATH10K_TM_ATTR_MAX + 1];
++ int ret;
++
++ ret = nla_parse(tb, ATH10K_TM_ATTR_MAX, data, len,
++ ath10k_tm_policy);
++ if (ret)
++ return ret;
++
++ if (!tb[ATH10K_TM_ATTR_CMD])
++ return -EINVAL;
++
++ switch (nla_get_u32(tb[ATH10K_TM_ATTR_CMD])) {
++ case ATH10K_TM_CMD_GET_VERSION:
++ return ath10k_tm_cmd_get_version(ar, tb);
++ case ATH10K_TM_CMD_UTF_START:
++ return ath10k_tm_cmd_utf_start(ar, tb);
++ case ATH10K_TM_CMD_UTF_STOP:
++ return ath10k_tm_cmd_utf_stop(ar, tb);
++ case ATH10K_TM_CMD_WMI:
++ return ath10k_tm_cmd_wmi(ar, tb);
++ default:
++ return -EOPNOTSUPP;
++ }
++}
++
++void ath10k_testmode_destroy(struct ath10k *ar)
++{
++ mutex_lock(&ar->conf_mutex);
++
++ if (ar->state != ATH10K_STATE_UTF) {
++ /* utf firmware is not running, nothing to do */
++ goto out;
++ }
++
++ __ath10k_tm_cmd_utf_stop(ar);
++
++out:
++ mutex_unlock(&ar->conf_mutex);
++}
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/testmode.h
+@@ -0,0 +1,46 @@
++/*
++ * Copyright (c) 2014 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#include "core.h"
++
++#ifdef CPTCFG_NL80211_TESTMODE
++
++void ath10k_testmode_destroy(struct ath10k *ar);
++
++bool ath10k_tm_event_wmi(struct ath10k *ar, u32 cmd_id, struct sk_buff *skb);
++int ath10k_tm_cmd(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
++ void *data, int len);
++
++#else
++
++static inline void ath10k_testmode_destroy(struct ath10k *ar)
++{
++}
++
++static inline bool ath10k_tm_event_wmi(struct ath10k *ar, u32 cmd_id,
++ struct sk_buff *skb)
++{
++ return false;
++}
++
++static inline int ath10k_tm_cmd(struct ieee80211_hw *hw,
++ struct ieee80211_vif *vif,
++ void *data, int len)
++{
++ return 0;
++}
++
++#endif
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/testmode_i.h
+@@ -0,0 +1,70 @@
++/*
++ * Copyright (c) 2014 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++/* "API" level of the ath10k testmode interface. Bump it after every
++ * incompatible interface change.
++ */
++#define ATH10K_TESTMODE_VERSION_MAJOR 1
++
++/* Bump this after every _compatible_ interface change, for example
++ * addition of a new command or an attribute.
++ */
++#define ATH10K_TESTMODE_VERSION_MINOR 0
++
++#define ATH10K_TM_DATA_MAX_LEN 5000
++
++enum ath10k_tm_attr {
++ __ATH10K_TM_ATTR_INVALID = 0,
++ ATH10K_TM_ATTR_CMD = 1,
++ ATH10K_TM_ATTR_DATA = 2,
++ ATH10K_TM_ATTR_WMI_CMDID = 3,
++ ATH10K_TM_ATTR_VERSION_MAJOR = 4,
++ ATH10K_TM_ATTR_VERSION_MINOR = 5,
++
++ /* keep last */
++ __ATH10K_TM_ATTR_AFTER_LAST,
++ ATH10K_TM_ATTR_MAX = __ATH10K_TM_ATTR_AFTER_LAST - 1,
++};
++
++/* All ath10k testmode interface commands specified in
++ * ATH10K_TM_ATTR_CMD
++ */
++enum ath10k_tm_cmd {
++ /* Returns the supported ath10k testmode interface version in
++ * ATH10K_TM_ATTR_VERSION. Always guaranteed to work. User space
++ * uses this to verify it's using the correct version of the
++ * testmode interface
++ */
++ ATH10K_TM_CMD_GET_VERSION = 0,
++
++ /* Boots the UTF firmware, the netdev interface must be down at the
++ * time.
++ */
++ ATH10K_TM_CMD_UTF_START = 1,
++
++ /* Shuts down the UTF firmware and puts the driver back into OFF
++ * state.
++ */
++ ATH10K_TM_CMD_UTF_STOP = 2,
++
++ /* The command used to transmit a WMI command to the firmware and
++ * the event to receive WMI events from the firmware. Without
++ * struct wmi_cmd_hdr header, only the WMI payload. Command id is
++ * provided with ATH10K_TM_ATTR_WMI_CMDID and payload in
++ * ATH10K_TM_ATTR_DATA.
++ */
++ ATH10K_TM_CMD_WMI = 3,
++};
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/debugfs_sta.c
+@@ -0,0 +1,243 @@
++/*
++ * Copyright (c) 2014 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#include "core.h"
++#include "wmi-ops.h"
++#include "debug.h"
++
++static ssize_t ath10k_dbg_sta_read_aggr_mode(struct file *file,
++ char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ieee80211_sta *sta = file->private_data;
++ struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
++ struct ath10k *ar = arsta->arvif->ar;
++ char buf[32];
++ int len = 0;
++
++ mutex_lock(&ar->conf_mutex);
++ len = scnprintf(buf, sizeof(buf) - len, "aggregation mode: %s\n",
++ (arsta->aggr_mode == ATH10K_DBG_AGGR_MODE_AUTO) ?
++ "auto" : "manual");
++ mutex_unlock(&ar->conf_mutex);
++
++ return simple_read_from_buffer(user_buf, count, ppos, buf, len);
++}
++
++static ssize_t ath10k_dbg_sta_write_aggr_mode(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ieee80211_sta *sta = file->private_data;
++ struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
++ struct ath10k *ar = arsta->arvif->ar;
++ u32 aggr_mode;
++ int ret;
++
++ if (kstrtouint_from_user(user_buf, count, 0, &aggr_mode))
++ return -EINVAL;
++
++ if (aggr_mode >= ATH10K_DBG_AGGR_MODE_MAX)
++ return -EINVAL;
++
++ mutex_lock(&ar->conf_mutex);
++ if ((ar->state != ATH10K_STATE_ON) ||
++ (aggr_mode == arsta->aggr_mode)) {
++ ret = count;
++ goto out;
++ }
++
++ ret = ath10k_wmi_addba_clear_resp(ar, arsta->arvif->vdev_id, sta->addr);
++ if (ret) {
++ ath10k_warn(ar, "failed to clear addba session ret: %d\n", ret);
++ goto out;
++ }
++
++ arsta->aggr_mode = aggr_mode;
++out:
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
++}
++
++static const struct file_operations fops_aggr_mode = {
++ .read = ath10k_dbg_sta_read_aggr_mode,
++ .write = ath10k_dbg_sta_write_aggr_mode,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++static ssize_t ath10k_dbg_sta_write_addba(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ieee80211_sta *sta = file->private_data;
++ struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
++ struct ath10k *ar = arsta->arvif->ar;
++ u32 tid, buf_size;
++ int ret;
++ char buf[64];
++
++ simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, user_buf, count);
++
++ /* make sure that buf is null terminated */
++ buf[sizeof(buf) - 1] = '\0';
++
++ ret = sscanf(buf, "%u %u", &tid, &buf_size);
++ if (ret != 2)
++ return -EINVAL;
++
++ /* Valid TID values are 0 through 15 */
++ if (tid > HTT_DATA_TX_EXT_TID_MGMT - 2)
++ return -EINVAL;
++
++ mutex_lock(&ar->conf_mutex);
++ if ((ar->state != ATH10K_STATE_ON) ||
++ (arsta->aggr_mode != ATH10K_DBG_AGGR_MODE_MANUAL)) {
++ ret = count;
++ goto out;
++ }
++
++ ret = ath10k_wmi_addba_send(ar, arsta->arvif->vdev_id, sta->addr,
++ tid, buf_size);
++ if (ret) {
++ ath10k_warn(ar, "failed to send addba request: vdev_id %u peer %pM tid %u buf_size %u\n",
++ arsta->arvif->vdev_id, sta->addr, tid, buf_size);
++ }
++
++ ret = count;
++out:
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
++}
++
++static const struct file_operations fops_addba = {
++ .write = ath10k_dbg_sta_write_addba,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++static ssize_t ath10k_dbg_sta_write_addba_resp(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ieee80211_sta *sta = file->private_data;
++ struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
++ struct ath10k *ar = arsta->arvif->ar;
++ u32 tid, status;
++ int ret;
++ char buf[64];
++
++ simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, user_buf, count);
++
++ /* make sure that buf is null terminated */
++ buf[sizeof(buf) - 1] = '\0';
++
++ ret = sscanf(buf, "%u %u", &tid, &status);
++ if (ret != 2)
++ return -EINVAL;
++
++ /* Valid TID values are 0 through 15 */
++ if (tid > HTT_DATA_TX_EXT_TID_MGMT - 2)
++ return -EINVAL;
++
++ mutex_lock(&ar->conf_mutex);
++ if ((ar->state != ATH10K_STATE_ON) ||
++ (arsta->aggr_mode != ATH10K_DBG_AGGR_MODE_MANUAL)) {
++ ret = count;
++ goto out;
++ }
++
++ ret = ath10k_wmi_addba_set_resp(ar, arsta->arvif->vdev_id, sta->addr,
++ tid, status);
++ if (ret) {
++ ath10k_warn(ar, "failed to send addba response: vdev_id %u peer %pM tid %u status%u\n",
++ arsta->arvif->vdev_id, sta->addr, tid, status);
++ }
++ ret = count;
++out:
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
++}
++
++static const struct file_operations fops_addba_resp = {
++ .write = ath10k_dbg_sta_write_addba_resp,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++static ssize_t ath10k_dbg_sta_write_delba(struct file *file,
++ const char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct ieee80211_sta *sta = file->private_data;
++ struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;
++ struct ath10k *ar = arsta->arvif->ar;
++ u32 tid, initiator, reason;
++ int ret;
++ char buf[64];
++
++ simple_write_to_buffer(buf, sizeof(buf) - 1, ppos, user_buf, count);
++
++ /* make sure that buf is null terminated */
++ buf[sizeof(buf) - 1] = '\0';
++
++ ret = sscanf(buf, "%u %u %u", &tid, &initiator, &reason);
++ if (ret != 3)
++ return -EINVAL;
++
++ /* Valid TID values are 0 through 15 */
++ if (tid > HTT_DATA_TX_EXT_TID_MGMT - 2)
++ return -EINVAL;
++
++ mutex_lock(&ar->conf_mutex);
++ if ((ar->state != ATH10K_STATE_ON) ||
++ (arsta->aggr_mode != ATH10K_DBG_AGGR_MODE_MANUAL)) {
++ ret = count;
++ goto out;
++ }
++
++ ret = ath10k_wmi_delba_send(ar, arsta->arvif->vdev_id, sta->addr,
++ tid, initiator, reason);
++ if (ret) {
++ ath10k_warn(ar, "failed to send delba: vdev_id %u peer %pM tid %u initiator %u reason %u\n",
++ arsta->arvif->vdev_id, sta->addr, tid, initiator,
++ reason);
++ }
++ ret = count;
++out:
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
++}
++
++static const struct file_operations fops_delba = {
++ .write = ath10k_dbg_sta_write_delba,
++ .open = simple_open,
++ .owner = THIS_MODULE,
++ .llseek = default_llseek,
++};
++
++void ath10k_sta_add_debugfs(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
++ struct ieee80211_sta *sta, struct dentry *dir)
++{
++ debugfs_create_file("aggr_mode", S_IRUGO | S_IWUSR, dir, sta,
++ &fops_aggr_mode);
++ debugfs_create_file("addba", S_IWUSR, dir, sta, &fops_addba);
++ debugfs_create_file("addba_resp", S_IWUSR, dir, sta, &fops_addba_resp);
++ debugfs_create_file("delba", S_IWUSR, dir, sta, &fops_delba);
++}
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/hw.c
+@@ -0,0 +1,58 @@
++/*
++ * Copyright (c) 2014-2015 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#include <linux/types.h>
++#include "hw.h"
++
++const struct ath10k_hw_regs qca988x_regs = {
++ .rtc_state_cold_reset_mask = 0x00000400,
++ .rtc_soc_base_address = 0x00004000,
++ .rtc_wmac_base_address = 0x00005000,
++ .soc_core_base_address = 0x00009000,
++ .ce_wrapper_base_address = 0x00057000,
++ .ce0_base_address = 0x00057400,
++ .ce1_base_address = 0x00057800,
++ .ce2_base_address = 0x00057c00,
++ .ce3_base_address = 0x00058000,
++ .ce4_base_address = 0x00058400,
++ .ce5_base_address = 0x00058800,
++ .ce6_base_address = 0x00058c00,
++ .ce7_base_address = 0x00059000,
++ .soc_reset_control_si0_rst_mask = 0x00000001,
++ .soc_reset_control_ce_rst_mask = 0x00040000,
++ .soc_chip_id_address = 0x00ec,
++ .scratch_3_address = 0x0030,
++};
++
++const struct ath10k_hw_regs qca6174_regs = {
++ .rtc_state_cold_reset_mask = 0x00002000,
++ .rtc_soc_base_address = 0x00000800,
++ .rtc_wmac_base_address = 0x00001000,
++ .soc_core_base_address = 0x0003a000,
++ .ce_wrapper_base_address = 0x00034000,
++ .ce0_base_address = 0x00034400,
++ .ce1_base_address = 0x00034800,
++ .ce2_base_address = 0x00034c00,
++ .ce3_base_address = 0x00035000,
++ .ce4_base_address = 0x00035400,
++ .ce5_base_address = 0x00035800,
++ .ce6_base_address = 0x00035c00,
++ .ce7_base_address = 0x00036000,
++ .soc_reset_control_si0_rst_mask = 0x00000000,
++ .soc_reset_control_ce_rst_mask = 0x00000001,
++ .soc_chip_id_address = 0x000f0,
++ .scratch_3_address = 0x0028,
++};
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/thermal.c
+@@ -0,0 +1,244 @@
++/*
++ * Copyright (c) 2014 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#include <linux/device.h>
++#include <linux/sysfs.h>
++#include <linux/thermal.h>
++#include <linux/hwmon.h>
++#include <linux/hwmon-sysfs.h>
++#include "core.h"
++#include "debug.h"
++#include "wmi-ops.h"
++
++static int ath10k_thermal_get_active_vifs(struct ath10k *ar,
++ enum wmi_vdev_type type)
++{
++ struct ath10k_vif *arvif;
++ int count = 0;
++
++ lockdep_assert_held(&ar->conf_mutex);
++
++ list_for_each_entry(arvif, &ar->arvifs, list) {
++ if (!arvif->is_started)
++ continue;
++
++ if (!arvif->is_up)
++ continue;
++
++ if (arvif->vdev_type != type)
++ continue;
++
++ count++;
++ }
++ return count;
++}
++
++static int ath10k_thermal_get_max_dutycycle(struct thermal_cooling_device *cdev,
++ unsigned long *state)
++{
++ *state = ATH10K_QUIET_DUTY_CYCLE_MAX;
++
++ return 0;
++}
++
++static int ath10k_thermal_get_cur_dutycycle(struct thermal_cooling_device *cdev,
++ unsigned long *state)
++{
++ struct ath10k *ar = cdev->devdata;
++
++ mutex_lock(&ar->conf_mutex);
++ *state = ar->thermal.duty_cycle;
++ mutex_unlock(&ar->conf_mutex);
++
++ return 0;
++}
++
++static int ath10k_thermal_set_cur_dutycycle(struct thermal_cooling_device *cdev,
++ unsigned long duty_cycle)
++{
++ struct ath10k *ar = cdev->devdata;
++ u32 period, duration, enabled;
++ int num_bss, ret = 0;
++
++ mutex_lock(&ar->conf_mutex);
++ if (ar->state != ATH10K_STATE_ON) {
++ ret = -ENETDOWN;
++ goto out;
++ }
++
++ if (duty_cycle > ATH10K_QUIET_DUTY_CYCLE_MAX) {
++ ath10k_warn(ar, "duty cycle %ld is exceeding the limit %d\n",
++ duty_cycle, ATH10K_QUIET_DUTY_CYCLE_MAX);
++ ret = -EINVAL;
++ goto out;
++ }
++ /* TODO: Right now, thermal mitigation is handled only for single/multi
++ * vif AP mode. Since quiet param is not validated in STA mode, it needs
++ * to be investigated further to handle multi STA and multi-vif (AP+STA)
++ * mode properly.
++ */
++ num_bss = ath10k_thermal_get_active_vifs(ar, WMI_VDEV_TYPE_AP);
++ if (!num_bss) {
++ ath10k_warn(ar, "no active AP interfaces\n");
++ ret = -ENETDOWN;
++ goto out;
++ }
++ period = max(ATH10K_QUIET_PERIOD_MIN,
++ (ATH10K_QUIET_PERIOD_DEFAULT / num_bss));
++ duration = (period * duty_cycle) / 100;
++ enabled = duration ? 1 : 0;
++
++ ret = ath10k_wmi_pdev_set_quiet_mode(ar, period, duration,
++ ATH10K_QUIET_START_OFFSET,
++ enabled);
++ if (ret) {
++ ath10k_warn(ar, "failed to set quiet mode period %u duarion %u enabled %u ret %d\n",
++ period, duration, enabled, ret);
++ goto out;
++ }
++ ar->thermal.duty_cycle = duty_cycle;
++out:
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
++}
++
++static struct thermal_cooling_device_ops ath10k_thermal_ops = {
++ .get_max_state = ath10k_thermal_get_max_dutycycle,
++ .get_cur_state = ath10k_thermal_get_cur_dutycycle,
++ .set_cur_state = ath10k_thermal_set_cur_dutycycle,
++};
++
++static ssize_t ath10k_thermal_show_temp(struct device *dev,
++ struct device_attribute *attr,
++ char *buf)
++{
++ struct ath10k *ar = dev_get_drvdata(dev);
++ int ret, temperature;
++
++ mutex_lock(&ar->conf_mutex);
++
++ /* Can't get temperature when the card is off */
++ if (ar->state != ATH10K_STATE_ON) {
++ ret = -ENETDOWN;
++ goto out;
++ }
++
++ reinit_completion(&ar->thermal.wmi_sync);
++ ret = ath10k_wmi_pdev_get_temperature(ar);
++ if (ret) {
++ ath10k_warn(ar, "failed to read temperature %d\n", ret);
++ goto out;
++ }
++
++ if (test_bit(ATH10K_FLAG_CRASH_FLUSH, &ar->dev_flags)) {
++ ret = -ESHUTDOWN;
++ goto out;
++ }
++
++ ret = wait_for_completion_timeout(&ar->thermal.wmi_sync,
++ ATH10K_THERMAL_SYNC_TIMEOUT_HZ);
++ if (ret == 0) {
++ ath10k_warn(ar, "failed to synchronize thermal read\n");
++ ret = -ETIMEDOUT;
++ goto out;
++ }
++
++ spin_lock_bh(&ar->data_lock);
++ temperature = ar->thermal.temperature;
++ spin_unlock_bh(&ar->data_lock);
++
++ /* display in millidegree celcius */
++ ret = snprintf(buf, PAGE_SIZE, "%d\n", temperature * 1000);
++out:
++ mutex_unlock(&ar->conf_mutex);
++ return ret;
++}
++
++void ath10k_thermal_event_temperature(struct ath10k *ar, int temperature)
++{
++ spin_lock_bh(&ar->data_lock);
++ ar->thermal.temperature = temperature;
++ spin_unlock_bh(&ar->data_lock);
++ complete(&ar->thermal.wmi_sync);
++}
++
++static SENSOR_DEVICE_ATTR(temp1_input, S_IRUGO, ath10k_thermal_show_temp,
++ NULL, 0);
++
++static struct attribute *ath10k_hwmon_attrs[] = {
++ &sensor_dev_attr_temp1_input.dev_attr.attr,
++ NULL,
++};
++ATTRIBUTE_GROUPS(ath10k_hwmon);
++
++int ath10k_thermal_register(struct ath10k *ar)
++{
++ struct thermal_cooling_device *cdev;
++ struct device *hwmon_dev;
++ int ret;
++
++ cdev = thermal_cooling_device_register("ath10k_thermal", ar,
++ &ath10k_thermal_ops);
++
++ if (IS_ERR(cdev)) {
++ ath10k_err(ar, "failed to setup thermal device result: %ld\n",
++ PTR_ERR(cdev));
++ return -EINVAL;
++ }
++
++ ret = sysfs_create_link(&ar->dev->kobj, &cdev->device.kobj,
++ "cooling_device");
++ if (ret) {
++ ath10k_err(ar, "failed to create thermal symlink\n");
++ goto err_cooling_destroy;
++ }
++
++ ar->thermal.cdev = cdev;
++
++ /* Do not register hwmon device when temperature reading is not
++ * supported by firmware
++ */
++ if (ar->wmi.op_version != ATH10K_FW_WMI_OP_VERSION_10_2_4)
++ return 0;
++
++ /* Avoid linking error on devm_hwmon_device_register_with_groups, I
++ * guess linux/hwmon.h is missing proper stubs. */
++ if (!config_enabled(CPTCFG_HWMON))
++ return 0;
++
++ hwmon_dev = devm_hwmon_device_register_with_groups(ar->dev,
++ "ath10k_hwmon", ar,
++ ath10k_hwmon_groups);
++ if (IS_ERR(hwmon_dev)) {
++ ath10k_err(ar, "failed to register hwmon device: %ld\n",
++ PTR_ERR(hwmon_dev));
++ ret = -EINVAL;
++ goto err_remove_link;
++ }
++ return 0;
++
++err_remove_link:
++ sysfs_remove_link(&ar->dev->kobj, "thermal_sensor");
++err_cooling_destroy:
++ thermal_cooling_device_unregister(cdev);
++ return ret;
++}
++
++void ath10k_thermal_unregister(struct ath10k *ar)
++{
++ thermal_cooling_device_unregister(ar->thermal.cdev);
++ sysfs_remove_link(&ar->dev->kobj, "cooling_device");
++}
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/thermal.h
+@@ -0,0 +1,58 @@
++/*
++ * Copyright (c) 2014 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++#ifndef _THERMAL_
++#define _THERMAL_
++
++#define ATH10K_QUIET_PERIOD_DEFAULT 100
++#define ATH10K_QUIET_PERIOD_MIN 25
++#define ATH10K_QUIET_START_OFFSET 10
++#define ATH10K_QUIET_DUTY_CYCLE_MAX 70
++#define ATH10K_HWMON_NAME_LEN 15
++#define ATH10K_THERMAL_SYNC_TIMEOUT_HZ (5*HZ)
++
++struct ath10k_thermal {
++ struct thermal_cooling_device *cdev;
++ struct completion wmi_sync;
++
++ /* protected by conf_mutex */
++ u32 duty_cycle;
++ /* temperature value in Celcius degree
++ * protected by data_lock
++ */
++ int temperature;
++};
++
++#ifdef CONFIG_THERMAL
++int ath10k_thermal_register(struct ath10k *ar);
++void ath10k_thermal_unregister(struct ath10k *ar);
++void ath10k_thermal_event_temperature(struct ath10k *ar, int temperature);
++#else
++static inline int ath10k_thermal_register(struct ath10k *ar)
++{
++ return 0;
++}
++
++static inline void ath10k_thermal_unregister(struct ath10k *ar)
++{
++}
++
++static inline void ath10k_thermal_event_temperature(struct ath10k *ar,
++ int temperature)
++{
++}
++
++#endif
++#endif /* _THERMAL_ */
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/wmi-ops.h
+@@ -0,0 +1,1063 @@
++/*
++ * Copyright (c) 2005-2011 Atheros Communications Inc.
++ * Copyright (c) 2011-2014 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#ifndef _WMI_OPS_H_
++#define _WMI_OPS_H_
++
++struct ath10k;
++struct sk_buff;
++
++struct wmi_ops {
++ void (*rx)(struct ath10k *ar, struct sk_buff *skb);
++ void (*map_svc)(const __le32 *in, unsigned long *out, size_t len);
++
++ int (*pull_scan)(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_scan_ev_arg *arg);
++ int (*pull_mgmt_rx)(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_mgmt_rx_ev_arg *arg);
++ int (*pull_ch_info)(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_ch_info_ev_arg *arg);
++ int (*pull_vdev_start)(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_vdev_start_ev_arg *arg);
++ int (*pull_peer_kick)(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_peer_kick_ev_arg *arg);
++ int (*pull_swba)(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_swba_ev_arg *arg);
++ int (*pull_phyerr)(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_phyerr_ev_arg *arg);
++ int (*pull_svc_rdy)(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_svc_rdy_ev_arg *arg);
++ int (*pull_rdy)(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_rdy_ev_arg *arg);
++ int (*pull_fw_stats)(struct ath10k *ar, struct sk_buff *skb,
++ struct ath10k_fw_stats *stats);
++
++ struct sk_buff *(*gen_pdev_suspend)(struct ath10k *ar, u32 suspend_opt);
++ struct sk_buff *(*gen_pdev_resume)(struct ath10k *ar);
++ struct sk_buff *(*gen_pdev_set_rd)(struct ath10k *ar, u16 rd, u16 rd2g,
++ u16 rd5g, u16 ctl2g, u16 ctl5g,
++ enum wmi_dfs_region dfs_reg);
++ struct sk_buff *(*gen_pdev_set_param)(struct ath10k *ar, u32 id,
++ u32 value);
++ struct sk_buff *(*gen_init)(struct ath10k *ar);
++ struct sk_buff *(*gen_start_scan)(struct ath10k *ar,
++ const struct wmi_start_scan_arg *arg);
++ struct sk_buff *(*gen_stop_scan)(struct ath10k *ar,
++ const struct wmi_stop_scan_arg *arg);
++ struct sk_buff *(*gen_vdev_create)(struct ath10k *ar, u32 vdev_id,
++ enum wmi_vdev_type type,
++ enum wmi_vdev_subtype subtype,
++ const u8 macaddr[ETH_ALEN]);
++ struct sk_buff *(*gen_vdev_delete)(struct ath10k *ar, u32 vdev_id);
++ struct sk_buff *(*gen_vdev_start)(struct ath10k *ar,
++ const struct wmi_vdev_start_request_arg *arg,
++ bool restart);
++ struct sk_buff *(*gen_vdev_stop)(struct ath10k *ar, u32 vdev_id);
++ struct sk_buff *(*gen_vdev_up)(struct ath10k *ar, u32 vdev_id, u32 aid,
++ const u8 *bssid);
++ struct sk_buff *(*gen_vdev_down)(struct ath10k *ar, u32 vdev_id);
++ struct sk_buff *(*gen_vdev_set_param)(struct ath10k *ar, u32 vdev_id,
++ u32 param_id, u32 param_value);
++ struct sk_buff *(*gen_vdev_install_key)(struct ath10k *ar,
++ const struct wmi_vdev_install_key_arg *arg);
++ struct sk_buff *(*gen_vdev_spectral_conf)(struct ath10k *ar,
++ const struct wmi_vdev_spectral_conf_arg *arg);
++ struct sk_buff *(*gen_vdev_spectral_enable)(struct ath10k *ar, u32 vdev_id,
++ u32 trigger, u32 enable);
++ struct sk_buff *(*gen_vdev_wmm_conf)(struct ath10k *ar, u32 vdev_id,
++ const struct wmi_wmm_params_all_arg *arg);
++ struct sk_buff *(*gen_peer_create)(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN]);
++ struct sk_buff *(*gen_peer_delete)(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN]);
++ struct sk_buff *(*gen_peer_flush)(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN],
++ u32 tid_bitmap);
++ struct sk_buff *(*gen_peer_set_param)(struct ath10k *ar, u32 vdev_id,
++ const u8 *peer_addr,
++ enum wmi_peer_param param_id,
++ u32 param_value);
++ struct sk_buff *(*gen_peer_assoc)(struct ath10k *ar,
++ const struct wmi_peer_assoc_complete_arg *arg);
++ struct sk_buff *(*gen_set_psmode)(struct ath10k *ar, u32 vdev_id,
++ enum wmi_sta_ps_mode psmode);
++ struct sk_buff *(*gen_set_sta_ps)(struct ath10k *ar, u32 vdev_id,
++ enum wmi_sta_powersave_param param_id,
++ u32 value);
++ struct sk_buff *(*gen_set_ap_ps)(struct ath10k *ar, u32 vdev_id,
++ const u8 *mac,
++ enum wmi_ap_ps_peer_param param_id,
++ u32 value);
++ struct sk_buff *(*gen_scan_chan_list)(struct ath10k *ar,
++ const struct wmi_scan_chan_list_arg *arg);
++ struct sk_buff *(*gen_beacon_dma)(struct ath10k *ar, u32 vdev_id,
++ const void *bcn, size_t bcn_len,
++ u32 bcn_paddr, bool dtim_zero,
++ bool deliver_cab);
++ struct sk_buff *(*gen_pdev_set_wmm)(struct ath10k *ar,
++ const struct wmi_wmm_params_all_arg *arg);
++ struct sk_buff *(*gen_request_stats)(struct ath10k *ar, u32 stats_mask);
++ struct sk_buff *(*gen_force_fw_hang)(struct ath10k *ar,
++ enum wmi_force_fw_hang_type type,
++ u32 delay_ms);
++ struct sk_buff *(*gen_mgmt_tx)(struct ath10k *ar, struct sk_buff *skb);
++ struct sk_buff *(*gen_dbglog_cfg)(struct ath10k *ar, u32 module_enable,
++ u32 log_level);
++ struct sk_buff *(*gen_pktlog_enable)(struct ath10k *ar, u32 filter);
++ struct sk_buff *(*gen_pktlog_disable)(struct ath10k *ar);
++ struct sk_buff *(*gen_pdev_set_quiet_mode)(struct ath10k *ar,
++ u32 period, u32 duration,
++ u32 next_offset,
++ u32 enabled);
++ struct sk_buff *(*gen_pdev_get_temperature)(struct ath10k *ar);
++ struct sk_buff *(*gen_addba_clear_resp)(struct ath10k *ar, u32 vdev_id,
++ const u8 *mac);
++ struct sk_buff *(*gen_addba_send)(struct ath10k *ar, u32 vdev_id,
++ const u8 *mac, u32 tid, u32 buf_size);
++ struct sk_buff *(*gen_addba_set_resp)(struct ath10k *ar, u32 vdev_id,
++ const u8 *mac, u32 tid,
++ u32 status);
++ struct sk_buff *(*gen_delba_send)(struct ath10k *ar, u32 vdev_id,
++ const u8 *mac, u32 tid, u32 initiator,
++ u32 reason);
++ struct sk_buff *(*gen_bcn_tmpl)(struct ath10k *ar, u32 vdev_id,
++ u32 tim_ie_offset, struct sk_buff *bcn,
++ u32 prb_caps, u32 prb_erp,
++ void *prb_ies, size_t prb_ies_len);
++ struct sk_buff *(*gen_prb_tmpl)(struct ath10k *ar, u32 vdev_id,
++ struct sk_buff *bcn);
++ struct sk_buff *(*gen_p2p_go_bcn_ie)(struct ath10k *ar, u32 vdev_id,
++ const u8 *p2p_ie);
++ struct sk_buff *(*gen_vdev_sta_uapsd)(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN],
++ const struct wmi_sta_uapsd_auto_trig_arg *args,
++ u32 num_ac);
++ struct sk_buff *(*gen_sta_keepalive)(struct ath10k *ar,
++ const struct wmi_sta_keepalive_arg *arg);
++};
++
++int ath10k_wmi_cmd_send(struct ath10k *ar, struct sk_buff *skb, u32 cmd_id);
++
++static inline int
++ath10k_wmi_rx(struct ath10k *ar, struct sk_buff *skb)
++{
++ if (WARN_ON_ONCE(!ar->wmi.ops->rx))
++ return -EOPNOTSUPP;
++
++ ar->wmi.ops->rx(ar, skb);
++ return 0;
++}
++
++static inline int
++ath10k_wmi_map_svc(struct ath10k *ar, const __le32 *in, unsigned long *out,
++ size_t len)
++{
++ if (!ar->wmi.ops->map_svc)
++ return -EOPNOTSUPP;
++
++ ar->wmi.ops->map_svc(in, out, len);
++ return 0;
++}
++
++static inline int
++ath10k_wmi_pull_scan(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_scan_ev_arg *arg)
++{
++ if (!ar->wmi.ops->pull_scan)
++ return -EOPNOTSUPP;
++
++ return ar->wmi.ops->pull_scan(ar, skb, arg);
++}
++
++static inline int
++ath10k_wmi_pull_mgmt_rx(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_mgmt_rx_ev_arg *arg)
++{
++ if (!ar->wmi.ops->pull_mgmt_rx)
++ return -EOPNOTSUPP;
++
++ return ar->wmi.ops->pull_mgmt_rx(ar, skb, arg);
++}
++
++static inline int
++ath10k_wmi_pull_ch_info(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_ch_info_ev_arg *arg)
++{
++ if (!ar->wmi.ops->pull_ch_info)
++ return -EOPNOTSUPP;
++
++ return ar->wmi.ops->pull_ch_info(ar, skb, arg);
++}
++
++static inline int
++ath10k_wmi_pull_vdev_start(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_vdev_start_ev_arg *arg)
++{
++ if (!ar->wmi.ops->pull_vdev_start)
++ return -EOPNOTSUPP;
++
++ return ar->wmi.ops->pull_vdev_start(ar, skb, arg);
++}
++
++static inline int
++ath10k_wmi_pull_peer_kick(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_peer_kick_ev_arg *arg)
++{
++ if (!ar->wmi.ops->pull_peer_kick)
++ return -EOPNOTSUPP;
++
++ return ar->wmi.ops->pull_peer_kick(ar, skb, arg);
++}
++
++static inline int
++ath10k_wmi_pull_swba(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_swba_ev_arg *arg)
++{
++ if (!ar->wmi.ops->pull_swba)
++ return -EOPNOTSUPP;
++
++ return ar->wmi.ops->pull_swba(ar, skb, arg);
++}
++
++static inline int
++ath10k_wmi_pull_phyerr(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_phyerr_ev_arg *arg)
++{
++ if (!ar->wmi.ops->pull_phyerr)
++ return -EOPNOTSUPP;
++
++ return ar->wmi.ops->pull_phyerr(ar, skb, arg);
++}
++
++static inline int
++ath10k_wmi_pull_svc_rdy(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_svc_rdy_ev_arg *arg)
++{
++ if (!ar->wmi.ops->pull_svc_rdy)
++ return -EOPNOTSUPP;
++
++ return ar->wmi.ops->pull_svc_rdy(ar, skb, arg);
++}
++
++static inline int
++ath10k_wmi_pull_rdy(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_rdy_ev_arg *arg)
++{
++ if (!ar->wmi.ops->pull_rdy)
++ return -EOPNOTSUPP;
++
++ return ar->wmi.ops->pull_rdy(ar, skb, arg);
++}
++
++static inline int
++ath10k_wmi_pull_fw_stats(struct ath10k *ar, struct sk_buff *skb,
++ struct ath10k_fw_stats *stats)
++{
++ if (!ar->wmi.ops->pull_fw_stats)
++ return -EOPNOTSUPP;
++
++ return ar->wmi.ops->pull_fw_stats(ar, skb, stats);
++}
++
++static inline int
++ath10k_wmi_mgmt_tx(struct ath10k *ar, struct sk_buff *msdu)
++{
++ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(msdu);
++ struct sk_buff *skb;
++ int ret;
++
++ if (!ar->wmi.ops->gen_mgmt_tx)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_mgmt_tx(ar, msdu);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ ret = ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->mgmt_tx_cmdid);
++ if (ret)
++ return ret;
++
++ /* FIXME There's no ACK event for Management Tx. This probably
++ * shouldn't be called here either. */
++ info->flags |= IEEE80211_TX_STAT_ACK;
++ ieee80211_tx_status_irqsafe(ar->hw, msdu);
++
++ return 0;
++}
++
++static inline int
++ath10k_wmi_pdev_set_regdomain(struct ath10k *ar, u16 rd, u16 rd2g, u16 rd5g,
++ u16 ctl2g, u16 ctl5g,
++ enum wmi_dfs_region dfs_reg)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_pdev_set_rd)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_pdev_set_rd(ar, rd, rd2g, rd5g, ctl2g, ctl5g,
++ dfs_reg);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->pdev_set_regdomain_cmdid);
++}
++
++static inline int
++ath10k_wmi_pdev_suspend_target(struct ath10k *ar, u32 suspend_opt)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_pdev_suspend)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_pdev_suspend(ar, suspend_opt);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->pdev_suspend_cmdid);
++}
++
++static inline int
++ath10k_wmi_pdev_resume_target(struct ath10k *ar)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_pdev_resume)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_pdev_resume(ar);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->pdev_resume_cmdid);
++}
++
++static inline int
++ath10k_wmi_pdev_set_param(struct ath10k *ar, u32 id, u32 value)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_pdev_set_param)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_pdev_set_param(ar, id, value);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->pdev_set_param_cmdid);
++}
++
++static inline int
++ath10k_wmi_cmd_init(struct ath10k *ar)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_init)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_init(ar);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->init_cmdid);
++}
++
++static inline int
++ath10k_wmi_start_scan(struct ath10k *ar,
++ const struct wmi_start_scan_arg *arg)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_start_scan)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_start_scan(ar, arg);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->start_scan_cmdid);
++}
++
++static inline int
++ath10k_wmi_stop_scan(struct ath10k *ar, const struct wmi_stop_scan_arg *arg)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_stop_scan)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_stop_scan(ar, arg);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->stop_scan_cmdid);
++}
++
++static inline int
++ath10k_wmi_vdev_create(struct ath10k *ar, u32 vdev_id,
++ enum wmi_vdev_type type,
++ enum wmi_vdev_subtype subtype,
++ const u8 macaddr[ETH_ALEN])
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_vdev_create)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_vdev_create(ar, vdev_id, type, subtype, macaddr);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_create_cmdid);
++}
++
++static inline int
++ath10k_wmi_vdev_delete(struct ath10k *ar, u32 vdev_id)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_vdev_delete)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_vdev_delete(ar, vdev_id);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_delete_cmdid);
++}
++
++static inline int
++ath10k_wmi_vdev_start(struct ath10k *ar,
++ const struct wmi_vdev_start_request_arg *arg)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_vdev_start)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_vdev_start(ar, arg, false);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->vdev_start_request_cmdid);
++}
++
++static inline int
++ath10k_wmi_vdev_restart(struct ath10k *ar,
++ const struct wmi_vdev_start_request_arg *arg)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_vdev_start)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_vdev_start(ar, arg, true);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->vdev_restart_request_cmdid);
++}
++
++static inline int
++ath10k_wmi_vdev_stop(struct ath10k *ar, u32 vdev_id)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_vdev_stop)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_vdev_stop(ar, vdev_id);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_stop_cmdid);
++}
++
++static inline int
++ath10k_wmi_vdev_up(struct ath10k *ar, u32 vdev_id, u32 aid, const u8 *bssid)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_vdev_up)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_vdev_up(ar, vdev_id, aid, bssid);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_up_cmdid);
++}
++
++static inline int
++ath10k_wmi_vdev_down(struct ath10k *ar, u32 vdev_id)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_vdev_down)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_vdev_down(ar, vdev_id);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_down_cmdid);
++}
++
++static inline int
++ath10k_wmi_vdev_set_param(struct ath10k *ar, u32 vdev_id, u32 param_id,
++ u32 param_value)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_vdev_set_param)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_vdev_set_param(ar, vdev_id, param_id,
++ param_value);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->vdev_set_param_cmdid);
++}
++
++static inline int
++ath10k_wmi_vdev_install_key(struct ath10k *ar,
++ const struct wmi_vdev_install_key_arg *arg)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_vdev_install_key)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_vdev_install_key(ar, arg);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->vdev_install_key_cmdid);
++}
++
++static inline int
++ath10k_wmi_vdev_spectral_conf(struct ath10k *ar,
++ const struct wmi_vdev_spectral_conf_arg *arg)
++{
++ struct sk_buff *skb;
++ u32 cmd_id;
++
++ skb = ar->wmi.ops->gen_vdev_spectral_conf(ar, arg);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ cmd_id = ar->wmi.cmd->vdev_spectral_scan_configure_cmdid;
++ return ath10k_wmi_cmd_send(ar, skb, cmd_id);
++}
++
++static inline int
++ath10k_wmi_vdev_spectral_enable(struct ath10k *ar, u32 vdev_id, u32 trigger,
++ u32 enable)
++{
++ struct sk_buff *skb;
++ u32 cmd_id;
++
++ skb = ar->wmi.ops->gen_vdev_spectral_enable(ar, vdev_id, trigger,
++ enable);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ cmd_id = ar->wmi.cmd->vdev_spectral_scan_enable_cmdid;
++ return ath10k_wmi_cmd_send(ar, skb, cmd_id);
++}
++
++static inline int
++ath10k_wmi_vdev_sta_uapsd(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN],
++ const struct wmi_sta_uapsd_auto_trig_arg *args,
++ u32 num_ac)
++{
++ struct sk_buff *skb;
++ u32 cmd_id;
++
++ if (!ar->wmi.ops->gen_vdev_sta_uapsd)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_vdev_sta_uapsd(ar, vdev_id, peer_addr, args,
++ num_ac);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ cmd_id = ar->wmi.cmd->sta_uapsd_auto_trig_cmdid;
++ return ath10k_wmi_cmd_send(ar, skb, cmd_id);
++}
++
++static inline int
++ath10k_wmi_vdev_wmm_conf(struct ath10k *ar, u32 vdev_id,
++ const struct wmi_wmm_params_all_arg *arg)
++{
++ struct sk_buff *skb;
++ u32 cmd_id;
++
++ skb = ar->wmi.ops->gen_vdev_wmm_conf(ar, vdev_id, arg);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ cmd_id = ar->wmi.cmd->vdev_set_wmm_params_cmdid;
++ return ath10k_wmi_cmd_send(ar, skb, cmd_id);
++}
++
++static inline int
++ath10k_wmi_peer_create(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN])
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_peer_create)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_peer_create(ar, vdev_id, peer_addr);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->peer_create_cmdid);
++}
++
++static inline int
++ath10k_wmi_peer_delete(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN])
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_peer_delete)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_peer_delete(ar, vdev_id, peer_addr);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->peer_delete_cmdid);
++}
++
++static inline int
++ath10k_wmi_peer_flush(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN], u32 tid_bitmap)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_peer_flush)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_peer_flush(ar, vdev_id, peer_addr, tid_bitmap);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->peer_flush_tids_cmdid);
++}
++
++static inline int
++ath10k_wmi_peer_set_param(struct ath10k *ar, u32 vdev_id, const u8 *peer_addr,
++ enum wmi_peer_param param_id, u32 param_value)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_peer_set_param)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_peer_set_param(ar, vdev_id, peer_addr, param_id,
++ param_value);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->peer_set_param_cmdid);
++}
++
++static inline int
++ath10k_wmi_set_psmode(struct ath10k *ar, u32 vdev_id,
++ enum wmi_sta_ps_mode psmode)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_set_psmode)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_set_psmode(ar, vdev_id, psmode);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->sta_powersave_mode_cmdid);
++}
++
++static inline int
++ath10k_wmi_set_sta_ps_param(struct ath10k *ar, u32 vdev_id,
++ enum wmi_sta_powersave_param param_id, u32 value)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_set_sta_ps)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_set_sta_ps(ar, vdev_id, param_id, value);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->sta_powersave_param_cmdid);
++}
++
++static inline int
++ath10k_wmi_set_ap_ps_param(struct ath10k *ar, u32 vdev_id, const u8 *mac,
++ enum wmi_ap_ps_peer_param param_id, u32 value)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_set_ap_ps)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_set_ap_ps(ar, vdev_id, mac, param_id, value);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->ap_ps_peer_param_cmdid);
++}
++
++static inline int
++ath10k_wmi_scan_chan_list(struct ath10k *ar,
++ const struct wmi_scan_chan_list_arg *arg)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_scan_chan_list)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_scan_chan_list(ar, arg);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->scan_chan_list_cmdid);
++}
++
++static inline int
++ath10k_wmi_peer_assoc(struct ath10k *ar,
++ const struct wmi_peer_assoc_complete_arg *arg)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_peer_assoc)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_peer_assoc(ar, arg);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->peer_assoc_cmdid);
++}
++
++static inline int
++ath10k_wmi_beacon_send_ref_nowait(struct ath10k *ar, u32 vdev_id,
++ const void *bcn, size_t bcn_len,
++ u32 bcn_paddr, bool dtim_zero,
++ bool deliver_cab)
++{
++ struct sk_buff *skb;
++ int ret;
++
++ if (!ar->wmi.ops->gen_beacon_dma)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_beacon_dma(ar, vdev_id, bcn, bcn_len, bcn_paddr,
++ dtim_zero, deliver_cab);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ ret = ath10k_wmi_cmd_send_nowait(ar, skb,
++ ar->wmi.cmd->pdev_send_bcn_cmdid);
++ if (ret) {
++ dev_kfree_skb(skb);
++ return ret;
++ }
++
++ return 0;
++}
++
++static inline int
++ath10k_wmi_pdev_set_wmm_params(struct ath10k *ar,
++ const struct wmi_wmm_params_all_arg *arg)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_pdev_set_wmm)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_pdev_set_wmm(ar, arg);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->pdev_set_wmm_params_cmdid);
++}
++
++static inline int
++ath10k_wmi_request_stats(struct ath10k *ar, u32 stats_mask)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_request_stats)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_request_stats(ar, stats_mask);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->request_stats_cmdid);
++}
++
++static inline int
++ath10k_wmi_force_fw_hang(struct ath10k *ar,
++ enum wmi_force_fw_hang_type type, u32 delay_ms)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_force_fw_hang)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_force_fw_hang(ar, type, delay_ms);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->force_fw_hang_cmdid);
++}
++
++static inline int
++ath10k_wmi_dbglog_cfg(struct ath10k *ar, u32 module_enable, u32 log_level)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_dbglog_cfg)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_dbglog_cfg(ar, module_enable, log_level);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->dbglog_cfg_cmdid);
++}
++
++static inline int
++ath10k_wmi_pdev_pktlog_enable(struct ath10k *ar, u32 filter)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_pktlog_enable)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_pktlog_enable(ar, filter);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->pdev_pktlog_enable_cmdid);
++}
++
++static inline int
++ath10k_wmi_pdev_pktlog_disable(struct ath10k *ar)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_pktlog_disable)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_pktlog_disable(ar);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->pdev_pktlog_disable_cmdid);
++}
++
++static inline int
++ath10k_wmi_pdev_set_quiet_mode(struct ath10k *ar, u32 period, u32 duration,
++ u32 next_offset, u32 enabled)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_pdev_set_quiet_mode)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_pdev_set_quiet_mode(ar, period, duration,
++ next_offset, enabled);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->pdev_set_quiet_mode_cmdid);
++}
++
++static inline int
++ath10k_wmi_pdev_get_temperature(struct ath10k *ar)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_pdev_get_temperature)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_pdev_get_temperature(ar);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->pdev_get_temperature_cmdid);
++}
++
++static inline int
++ath10k_wmi_addba_clear_resp(struct ath10k *ar, u32 vdev_id, const u8 *mac)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_addba_clear_resp)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_addba_clear_resp(ar, vdev_id, mac);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->addba_clear_resp_cmdid);
++}
++
++static inline int
++ath10k_wmi_addba_send(struct ath10k *ar, u32 vdev_id, const u8 *mac,
++ u32 tid, u32 buf_size)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_addba_send)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_addba_send(ar, vdev_id, mac, tid, buf_size);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->addba_send_cmdid);
++}
++
++static inline int
++ath10k_wmi_addba_set_resp(struct ath10k *ar, u32 vdev_id, const u8 *mac,
++ u32 tid, u32 status)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_addba_set_resp)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_addba_set_resp(ar, vdev_id, mac, tid, status);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->addba_set_resp_cmdid);
++}
++
++static inline int
++ath10k_wmi_delba_send(struct ath10k *ar, u32 vdev_id, const u8 *mac,
++ u32 tid, u32 initiator, u32 reason)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_delba_send)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_delba_send(ar, vdev_id, mac, tid, initiator,
++ reason);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb,
++ ar->wmi.cmd->delba_send_cmdid);
++}
++
++static inline int
++ath10k_wmi_bcn_tmpl(struct ath10k *ar, u32 vdev_id, u32 tim_ie_offset,
++ struct sk_buff *bcn, u32 prb_caps, u32 prb_erp,
++ void *prb_ies, size_t prb_ies_len)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_bcn_tmpl)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_bcn_tmpl(ar, vdev_id, tim_ie_offset, bcn,
++ prb_caps, prb_erp, prb_ies,
++ prb_ies_len);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->bcn_tmpl_cmdid);
++}
++
++static inline int
++ath10k_wmi_prb_tmpl(struct ath10k *ar, u32 vdev_id, struct sk_buff *prb)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_prb_tmpl)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_prb_tmpl(ar, vdev_id, prb);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->prb_tmpl_cmdid);
++}
++
++static inline int
++ath10k_wmi_p2p_go_bcn_ie(struct ath10k *ar, u32 vdev_id, const u8 *p2p_ie)
++{
++ struct sk_buff *skb;
++
++ if (!ar->wmi.ops->gen_p2p_go_bcn_ie)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_p2p_go_bcn_ie(ar, vdev_id, p2p_ie);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->p2p_go_set_beacon_ie);
++}
++
++static inline int
++ath10k_wmi_sta_keepalive(struct ath10k *ar,
++ const struct wmi_sta_keepalive_arg *arg)
++{
++ struct sk_buff *skb;
++ u32 cmd_id;
++
++ if (!ar->wmi.ops->gen_sta_keepalive)
++ return -EOPNOTSUPP;
++
++ skb = ar->wmi.ops->gen_sta_keepalive(ar, arg);
++ if (IS_ERR(skb))
++ return PTR_ERR(skb);
++
++ cmd_id = ar->wmi.cmd->sta_keepalive_cmd;
++ return ath10k_wmi_cmd_send(ar, skb, cmd_id);
++}
++
++#endif
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.c
+@@ -0,0 +1,2796 @@
++/*
++ * Copyright (c) 2005-2011 Atheros Communications Inc.
++ * Copyright (c) 2011-2014 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++#include "core.h"
++#include "debug.h"
++#include "hw.h"
++#include "wmi.h"
++#include "wmi-ops.h"
++#include "wmi-tlv.h"
++
++/***************/
++/* TLV helpers */
++/**************/
++
++struct wmi_tlv_policy {
++ size_t min_len;
++};
++
++static const struct wmi_tlv_policy wmi_tlv_policies[] = {
++ [WMI_TLV_TAG_ARRAY_BYTE]
++ = { .min_len = sizeof(u8) },
++ [WMI_TLV_TAG_ARRAY_UINT32]
++ = { .min_len = sizeof(u32) },
++ [WMI_TLV_TAG_STRUCT_SCAN_EVENT]
++ = { .min_len = sizeof(struct wmi_scan_event) },
++ [WMI_TLV_TAG_STRUCT_MGMT_RX_HDR]
++ = { .min_len = sizeof(struct wmi_tlv_mgmt_rx_ev) },
++ [WMI_TLV_TAG_STRUCT_CHAN_INFO_EVENT]
++ = { .min_len = sizeof(struct wmi_chan_info_event) },
++ [WMI_TLV_TAG_STRUCT_VDEV_START_RESPONSE_EVENT]
++ = { .min_len = sizeof(struct wmi_vdev_start_response_event) },
++ [WMI_TLV_TAG_STRUCT_PEER_STA_KICKOUT_EVENT]
++ = { .min_len = sizeof(struct wmi_peer_sta_kickout_event) },
++ [WMI_TLV_TAG_STRUCT_HOST_SWBA_EVENT]
++ = { .min_len = sizeof(struct wmi_host_swba_event) },
++ [WMI_TLV_TAG_STRUCT_TIM_INFO]
++ = { .min_len = sizeof(struct wmi_tim_info) },
++ [WMI_TLV_TAG_STRUCT_P2P_NOA_INFO]
++ = { .min_len = sizeof(struct wmi_p2p_noa_info) },
++ [WMI_TLV_TAG_STRUCT_SERVICE_READY_EVENT]
++ = { .min_len = sizeof(struct wmi_tlv_svc_rdy_ev) },
++ [WMI_TLV_TAG_STRUCT_HAL_REG_CAPABILITIES]
++ = { .min_len = sizeof(struct hal_reg_capabilities) },
++ [WMI_TLV_TAG_STRUCT_WLAN_HOST_MEM_REQ]
++ = { .min_len = sizeof(struct wlan_host_mem_req) },
++ [WMI_TLV_TAG_STRUCT_READY_EVENT]
++ = { .min_len = sizeof(struct wmi_tlv_rdy_ev) },
++ [WMI_TLV_TAG_STRUCT_OFFLOAD_BCN_TX_STATUS_EVENT]
++ = { .min_len = sizeof(struct wmi_tlv_bcn_tx_status_ev) },
++ [WMI_TLV_TAG_STRUCT_DIAG_DATA_CONTAINER_EVENT]
++ = { .min_len = sizeof(struct wmi_tlv_diag_data_ev) },
++};
++
++static int
++ath10k_wmi_tlv_iter(struct ath10k *ar, const void *ptr, size_t len,
++ int (*iter)(struct ath10k *ar, u16 tag, u16 len,
++ const void *ptr, void *data),
++ void *data)
++{
++ const void *begin = ptr;
++ const struct wmi_tlv *tlv;
++ u16 tlv_tag, tlv_len;
++ int ret;
++
++ while (len > 0) {
++ if (len < sizeof(*tlv)) {
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi tlv parse failure at byte %zd (%zu bytes left, %zu expected)\n",
++ ptr - begin, len, sizeof(*tlv));
++ return -EINVAL;
++ }
++
++ tlv = ptr;
++ tlv_tag = __le16_to_cpu(tlv->tag);
++ tlv_len = __le16_to_cpu(tlv->len);
++ ptr += sizeof(*tlv);
++ len -= sizeof(*tlv);
++
++ if (tlv_len > len) {
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi tlv parse failure of tag %hhu at byte %zd (%zu bytes left, %hhu expected)\n",
++ tlv_tag, ptr - begin, len, tlv_len);
++ return -EINVAL;
++ }
++
++ if (tlv_tag < ARRAY_SIZE(wmi_tlv_policies) &&
++ wmi_tlv_policies[tlv_tag].min_len &&
++ wmi_tlv_policies[tlv_tag].min_len > tlv_len) {
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi tlv parse failure of tag %hhu at byte %zd (%hhu bytes is less than min length %zu)\n",
++ tlv_tag, ptr - begin, tlv_len,
++ wmi_tlv_policies[tlv_tag].min_len);
++ return -EINVAL;
++ }
++
++ ret = iter(ar, tlv_tag, tlv_len, ptr, data);
++ if (ret)
++ return ret;
++
++ ptr += tlv_len;
++ len -= tlv_len;
++ }
++
++ return 0;
++}
++
++static int ath10k_wmi_tlv_iter_parse(struct ath10k *ar, u16 tag, u16 len,
++ const void *ptr, void *data)
++{
++ const void **tb = data;
++
++ if (tag < WMI_TLV_TAG_MAX)
++ tb[tag] = ptr;
++
++ return 0;
++}
++
++static int ath10k_wmi_tlv_parse(struct ath10k *ar, const void **tb,
++ const void *ptr, size_t len)
++{
++ return ath10k_wmi_tlv_iter(ar, ptr, len, ath10k_wmi_tlv_iter_parse,
++ (void *)tb);
++}
++
++static const void **
++ath10k_wmi_tlv_parse_alloc(struct ath10k *ar, const void *ptr,
++ size_t len, gfp_t gfp)
++{
++ const void **tb;
++ int ret;
++
++ tb = kzalloc(sizeof(*tb) * WMI_TLV_TAG_MAX, gfp);
++ if (!tb)
++ return ERR_PTR(-ENOMEM);
++
++ ret = ath10k_wmi_tlv_parse(ar, tb, ptr, len);
++ if (ret) {
++ kfree(tb);
++ return ERR_PTR(ret);
++ }
++
++ return tb;
++}
++
++static u16 ath10k_wmi_tlv_len(const void *ptr)
++{
++ return __le16_to_cpu((((const struct wmi_tlv *)ptr) - 1)->len);
++}
++
++/**************/
++/* TLV events */
++/**************/
++static int ath10k_wmi_tlv_event_bcn_tx_status(struct ath10k *ar,
++ struct sk_buff *skb)
++{
++ const void **tb;
++ const struct wmi_tlv_bcn_tx_status_ev *ev;
++ u32 vdev_id, tx_status;
++ int ret;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ ev = tb[WMI_TLV_TAG_STRUCT_OFFLOAD_BCN_TX_STATUS_EVENT];
++ if (!ev) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ tx_status = __le32_to_cpu(ev->tx_status);
++ vdev_id = __le32_to_cpu(ev->vdev_id);
++
++ switch (tx_status) {
++ case WMI_TLV_BCN_TX_STATUS_OK:
++ break;
++ case WMI_TLV_BCN_TX_STATUS_XRETRY:
++ case WMI_TLV_BCN_TX_STATUS_DROP:
++ case WMI_TLV_BCN_TX_STATUS_FILTERED:
++ /* FIXME: It's probably worth telling mac80211 to stop the
++ * interface as it is crippled.
++ */
++ ath10k_warn(ar, "received bcn tmpl tx status on vdev %i: %d",
++ vdev_id, tx_status);
++ break;
++ }
++
++ kfree(tb);
++ return 0;
++}
++
++static int ath10k_wmi_tlv_event_diag_data(struct ath10k *ar,
++ struct sk_buff *skb)
++{
++ const void **tb;
++ const struct wmi_tlv_diag_data_ev *ev;
++ const struct wmi_tlv_diag_item *item;
++ const void *data;
++ int ret, num_items, len;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ ev = tb[WMI_TLV_TAG_STRUCT_DIAG_DATA_CONTAINER_EVENT];
++ data = tb[WMI_TLV_TAG_ARRAY_BYTE];
++ if (!ev || !data) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ num_items = __le32_to_cpu(ev->num_items);
++ len = ath10k_wmi_tlv_len(data);
++
++ while (num_items--) {
++ if (len == 0)
++ break;
++ if (len < sizeof(*item)) {
++ ath10k_warn(ar, "failed to parse diag data: can't fit item header\n");
++ break;
++ }
++
++ item = data;
++
++ if (len < sizeof(*item) + __le16_to_cpu(item->len)) {
++ ath10k_warn(ar, "failed to parse diag data: item is too long\n");
++ break;
++ }
++
++ trace_ath10k_wmi_diag_container(ar,
++ item->type,
++ __le32_to_cpu(item->timestamp),
++ __le32_to_cpu(item->code),
++ __le16_to_cpu(item->len),
++ item->payload);
++
++ len -= sizeof(*item);
++ len -= roundup(__le16_to_cpu(item->len), 4);
++
++ data += sizeof(*item);
++ data += roundup(__le16_to_cpu(item->len), 4);
++ }
++
++ if (num_items != -1 || len != 0)
++ ath10k_warn(ar, "failed to parse diag data event: num_items %d len %d\n",
++ num_items, len);
++
++ kfree(tb);
++ return 0;
++}
++
++static int ath10k_wmi_tlv_event_diag(struct ath10k *ar,
++ struct sk_buff *skb)
++{
++ const void **tb;
++ const void *data;
++ int ret, len;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ data = tb[WMI_TLV_TAG_ARRAY_BYTE];
++ if (!data) {
++ kfree(tb);
++ return -EPROTO;
++ }
++ len = ath10k_wmi_tlv_len(data);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv diag event len %d\n", len);
++ trace_ath10k_wmi_diag(ar, data, len);
++
++ kfree(tb);
++ return 0;
++}
++
++/***********/
++/* TLV ops */
++/***********/
++
++static void ath10k_wmi_tlv_op_rx(struct ath10k *ar, struct sk_buff *skb)
++{
++ struct wmi_cmd_hdr *cmd_hdr;
++ enum wmi_tlv_event_id id;
++
++ cmd_hdr = (struct wmi_cmd_hdr *)skb->data;
++ id = MS(__le32_to_cpu(cmd_hdr->cmd_id), WMI_CMD_HDR_CMD_ID);
++
++ if (skb_pull(skb, sizeof(struct wmi_cmd_hdr)) == NULL)
++ return;
++
++ trace_ath10k_wmi_event(ar, id, skb->data, skb->len);
++
++ switch (id) {
++ case WMI_TLV_MGMT_RX_EVENTID:
++ ath10k_wmi_event_mgmt_rx(ar, skb);
++ /* mgmt_rx() owns the skb now! */
++ return;
++ case WMI_TLV_SCAN_EVENTID:
++ ath10k_wmi_event_scan(ar, skb);
++ break;
++ case WMI_TLV_CHAN_INFO_EVENTID:
++ ath10k_wmi_event_chan_info(ar, skb);
++ break;
++ case WMI_TLV_ECHO_EVENTID:
++ ath10k_wmi_event_echo(ar, skb);
++ break;
++ case WMI_TLV_DEBUG_MESG_EVENTID:
++ ath10k_wmi_event_debug_mesg(ar, skb);
++ break;
++ case WMI_TLV_UPDATE_STATS_EVENTID:
++ ath10k_wmi_event_update_stats(ar, skb);
++ break;
++ case WMI_TLV_VDEV_START_RESP_EVENTID:
++ ath10k_wmi_event_vdev_start_resp(ar, skb);
++ break;
++ case WMI_TLV_VDEV_STOPPED_EVENTID:
++ ath10k_wmi_event_vdev_stopped(ar, skb);
++ break;
++ case WMI_TLV_PEER_STA_KICKOUT_EVENTID:
++ ath10k_wmi_event_peer_sta_kickout(ar, skb);
++ break;
++ case WMI_TLV_HOST_SWBA_EVENTID:
++ ath10k_wmi_event_host_swba(ar, skb);
++ break;
++ case WMI_TLV_TBTTOFFSET_UPDATE_EVENTID:
++ ath10k_wmi_event_tbttoffset_update(ar, skb);
++ break;
++ case WMI_TLV_PHYERR_EVENTID:
++ ath10k_wmi_event_phyerr(ar, skb);
++ break;
++ case WMI_TLV_ROAM_EVENTID:
++ ath10k_wmi_event_roam(ar, skb);
++ break;
++ case WMI_TLV_PROFILE_MATCH:
++ ath10k_wmi_event_profile_match(ar, skb);
++ break;
++ case WMI_TLV_DEBUG_PRINT_EVENTID:
++ ath10k_wmi_event_debug_print(ar, skb);
++ break;
++ case WMI_TLV_PDEV_QVIT_EVENTID:
++ ath10k_wmi_event_pdev_qvit(ar, skb);
++ break;
++ case WMI_TLV_WLAN_PROFILE_DATA_EVENTID:
++ ath10k_wmi_event_wlan_profile_data(ar, skb);
++ break;
++ case WMI_TLV_RTT_MEASUREMENT_REPORT_EVENTID:
++ ath10k_wmi_event_rtt_measurement_report(ar, skb);
++ break;
++ case WMI_TLV_TSF_MEASUREMENT_REPORT_EVENTID:
++ ath10k_wmi_event_tsf_measurement_report(ar, skb);
++ break;
++ case WMI_TLV_RTT_ERROR_REPORT_EVENTID:
++ ath10k_wmi_event_rtt_error_report(ar, skb);
++ break;
++ case WMI_TLV_WOW_WAKEUP_HOST_EVENTID:
++ ath10k_wmi_event_wow_wakeup_host(ar, skb);
++ break;
++ case WMI_TLV_DCS_INTERFERENCE_EVENTID:
++ ath10k_wmi_event_dcs_interference(ar, skb);
++ break;
++ case WMI_TLV_PDEV_TPC_CONFIG_EVENTID:
++ ath10k_wmi_event_pdev_tpc_config(ar, skb);
++ break;
++ case WMI_TLV_PDEV_FTM_INTG_EVENTID:
++ ath10k_wmi_event_pdev_ftm_intg(ar, skb);
++ break;
++ case WMI_TLV_GTK_OFFLOAD_STATUS_EVENTID:
++ ath10k_wmi_event_gtk_offload_status(ar, skb);
++ break;
++ case WMI_TLV_GTK_REKEY_FAIL_EVENTID:
++ ath10k_wmi_event_gtk_rekey_fail(ar, skb);
++ break;
++ case WMI_TLV_TX_DELBA_COMPLETE_EVENTID:
++ ath10k_wmi_event_delba_complete(ar, skb);
++ break;
++ case WMI_TLV_TX_ADDBA_COMPLETE_EVENTID:
++ ath10k_wmi_event_addba_complete(ar, skb);
++ break;
++ case WMI_TLV_VDEV_INSTALL_KEY_COMPLETE_EVENTID:
++ ath10k_wmi_event_vdev_install_key_complete(ar, skb);
++ break;
++ case WMI_TLV_SERVICE_READY_EVENTID:
++ ath10k_wmi_event_service_ready(ar, skb);
++ break;
++ case WMI_TLV_READY_EVENTID:
++ ath10k_wmi_event_ready(ar, skb);
++ break;
++ case WMI_TLV_OFFLOAD_BCN_TX_STATUS_EVENTID:
++ ath10k_wmi_tlv_event_bcn_tx_status(ar, skb);
++ break;
++ case WMI_TLV_DIAG_DATA_CONTAINER_EVENTID:
++ ath10k_wmi_tlv_event_diag_data(ar, skb);
++ break;
++ case WMI_TLV_DIAG_EVENTID:
++ ath10k_wmi_tlv_event_diag(ar, skb);
++ break;
++ default:
++ ath10k_warn(ar, "Unknown eventid: %d\n", id);
++ break;
++ }
++
++ dev_kfree_skb(skb);
++}
++
++static int ath10k_wmi_tlv_op_pull_scan_ev(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct wmi_scan_ev_arg *arg)
++{
++ const void **tb;
++ const struct wmi_scan_event *ev;
++ int ret;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ ev = tb[WMI_TLV_TAG_STRUCT_SCAN_EVENT];
++ if (!ev) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ arg->event_type = ev->event_type;
++ arg->reason = ev->reason;
++ arg->channel_freq = ev->channel_freq;
++ arg->scan_req_id = ev->scan_req_id;
++ arg->scan_id = ev->scan_id;
++ arg->vdev_id = ev->vdev_id;
++
++ kfree(tb);
++ return 0;
++}
++
++static int ath10k_wmi_tlv_op_pull_mgmt_rx_ev(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct wmi_mgmt_rx_ev_arg *arg)
++{
++ const void **tb;
++ const struct wmi_tlv_mgmt_rx_ev *ev;
++ const u8 *frame;
++ u32 msdu_len;
++ int ret;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ ev = tb[WMI_TLV_TAG_STRUCT_MGMT_RX_HDR];
++ frame = tb[WMI_TLV_TAG_ARRAY_BYTE];
++
++ if (!ev || !frame) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ arg->channel = ev->channel;
++ arg->buf_len = ev->buf_len;
++ arg->status = ev->status;
++ arg->snr = ev->snr;
++ arg->phy_mode = ev->phy_mode;
++ arg->rate = ev->rate;
++
++ msdu_len = __le32_to_cpu(arg->buf_len);
++
++ if (skb->len < (frame - skb->data) + msdu_len) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ /* shift the sk_buff to point to `frame` */
++ skb_trim(skb, 0);
++ skb_put(skb, frame - skb->data);
++ skb_pull(skb, frame - skb->data);
++ skb_put(skb, msdu_len);
++
++ kfree(tb);
++ return 0;
++}
++
++static int ath10k_wmi_tlv_op_pull_ch_info_ev(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct wmi_ch_info_ev_arg *arg)
++{
++ const void **tb;
++ const struct wmi_chan_info_event *ev;
++ int ret;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ ev = tb[WMI_TLV_TAG_STRUCT_CHAN_INFO_EVENT];
++ if (!ev) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ arg->err_code = ev->err_code;
++ arg->freq = ev->freq;
++ arg->cmd_flags = ev->cmd_flags;
++ arg->noise_floor = ev->noise_floor;
++ arg->rx_clear_count = ev->rx_clear_count;
++ arg->cycle_count = ev->cycle_count;
++
++ kfree(tb);
++ return 0;
++}
++
++static int
++ath10k_wmi_tlv_op_pull_vdev_start_ev(struct ath10k *ar, struct sk_buff *skb,
++ struct wmi_vdev_start_ev_arg *arg)
++{
++ const void **tb;
++ const struct wmi_vdev_start_response_event *ev;
++ int ret;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ ev = tb[WMI_TLV_TAG_STRUCT_VDEV_START_RESPONSE_EVENT];
++ if (!ev) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ skb_pull(skb, sizeof(*ev));
++ arg->vdev_id = ev->vdev_id;
++ arg->req_id = ev->req_id;
++ arg->resp_type = ev->resp_type;
++ arg->status = ev->status;
++
++ kfree(tb);
++ return 0;
++}
++
++static int ath10k_wmi_tlv_op_pull_peer_kick_ev(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct wmi_peer_kick_ev_arg *arg)
++{
++ const void **tb;
++ const struct wmi_peer_sta_kickout_event *ev;
++ int ret;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ ev = tb[WMI_TLV_TAG_STRUCT_PEER_STA_KICKOUT_EVENT];
++ if (!ev) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ arg->mac_addr = ev->peer_macaddr.addr;
++
++ kfree(tb);
++ return 0;
++}
++
++struct wmi_tlv_swba_parse {
++ const struct wmi_host_swba_event *ev;
++ bool tim_done;
++ bool noa_done;
++ size_t n_tim;
++ size_t n_noa;
++ struct wmi_swba_ev_arg *arg;
++};
++
++static int ath10k_wmi_tlv_swba_tim_parse(struct ath10k *ar, u16 tag, u16 len,
++ const void *ptr, void *data)
++{
++ struct wmi_tlv_swba_parse *swba = data;
++
++ if (tag != WMI_TLV_TAG_STRUCT_TIM_INFO)
++ return -EPROTO;
++
++ if (swba->n_tim >= ARRAY_SIZE(swba->arg->tim_info))
++ return -ENOBUFS;
++
++ swba->arg->tim_info[swba->n_tim++] = ptr;
++ return 0;
++}
++
++static int ath10k_wmi_tlv_swba_noa_parse(struct ath10k *ar, u16 tag, u16 len,
++ const void *ptr, void *data)
++{
++ struct wmi_tlv_swba_parse *swba = data;
++
++ if (tag != WMI_TLV_TAG_STRUCT_P2P_NOA_INFO)
++ return -EPROTO;
++
++ if (swba->n_noa >= ARRAY_SIZE(swba->arg->noa_info))
++ return -ENOBUFS;
++
++ swba->arg->noa_info[swba->n_noa++] = ptr;
++ return 0;
++}
++
++static int ath10k_wmi_tlv_swba_parse(struct ath10k *ar, u16 tag, u16 len,
++ const void *ptr, void *data)
++{
++ struct wmi_tlv_swba_parse *swba = data;
++ int ret;
++
++ switch (tag) {
++ case WMI_TLV_TAG_STRUCT_HOST_SWBA_EVENT:
++ swba->ev = ptr;
++ break;
++ case WMI_TLV_TAG_ARRAY_STRUCT:
++ if (!swba->tim_done) {
++ swba->tim_done = true;
++ ret = ath10k_wmi_tlv_iter(ar, ptr, len,
++ ath10k_wmi_tlv_swba_tim_parse,
++ swba);
++ if (ret)
++ return ret;
++ } else if (!swba->noa_done) {
++ swba->noa_done = true;
++ ret = ath10k_wmi_tlv_iter(ar, ptr, len,
++ ath10k_wmi_tlv_swba_noa_parse,
++ swba);
++ if (ret)
++ return ret;
++ }
++ break;
++ default:
++ break;
++ }
++ return 0;
++}
++
++static int ath10k_wmi_tlv_op_pull_swba_ev(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct wmi_swba_ev_arg *arg)
++{
++ struct wmi_tlv_swba_parse swba = { .arg = arg };
++ u32 map;
++ size_t n_vdevs;
++ int ret;
++
++ ret = ath10k_wmi_tlv_iter(ar, skb->data, skb->len,
++ ath10k_wmi_tlv_swba_parse, &swba);
++ if (ret) {
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ if (!swba.ev)
++ return -EPROTO;
++
++ arg->vdev_map = swba.ev->vdev_map;
++
++ for (map = __le32_to_cpu(arg->vdev_map), n_vdevs = 0; map; map >>= 1)
++ if (map & BIT(0))
++ n_vdevs++;
++
++ if (n_vdevs != swba.n_tim ||
++ n_vdevs != swba.n_noa)
++ return -EPROTO;
++
++ return 0;
++}
++
++static int ath10k_wmi_tlv_op_pull_phyerr_ev(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct wmi_phyerr_ev_arg *arg)
++{
++ const void **tb;
++ const struct wmi_tlv_phyerr_ev *ev;
++ const void *phyerrs;
++ int ret;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ ev = tb[WMI_TLV_TAG_STRUCT_COMB_PHYERR_RX_HDR];
++ phyerrs = tb[WMI_TLV_TAG_ARRAY_BYTE];
++
++ if (!ev || !phyerrs) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ arg->num_phyerrs = ev->num_phyerrs;
++ arg->tsf_l32 = ev->tsf_l32;
++ arg->tsf_u32 = ev->tsf_u32;
++ arg->buf_len = ev->buf_len;
++ arg->phyerrs = phyerrs;
++
++ kfree(tb);
++ return 0;
++}
++
++#define WMI_TLV_ABI_VER_NS0 0x5F414351
++#define WMI_TLV_ABI_VER_NS1 0x00004C4D
++#define WMI_TLV_ABI_VER_NS2 0x00000000
++#define WMI_TLV_ABI_VER_NS3 0x00000000
++
++#define WMI_TLV_ABI_VER0_MAJOR 1
++#define WMI_TLV_ABI_VER0_MINOR 0
++#define WMI_TLV_ABI_VER0 ((((WMI_TLV_ABI_VER0_MAJOR) << 24) & 0xFF000000) | \
++ (((WMI_TLV_ABI_VER0_MINOR) << 0) & 0x00FFFFFF))
++#define WMI_TLV_ABI_VER1 53
++
++static int
++ath10k_wmi_tlv_parse_mem_reqs(struct ath10k *ar, u16 tag, u16 len,
++ const void *ptr, void *data)
++{
++ struct wmi_svc_rdy_ev_arg *arg = data;
++ int i;
++
++ if (tag != WMI_TLV_TAG_STRUCT_WLAN_HOST_MEM_REQ)
++ return -EPROTO;
++
++ for (i = 0; i < ARRAY_SIZE(arg->mem_reqs); i++) {
++ if (!arg->mem_reqs[i]) {
++ arg->mem_reqs[i] = ptr;
++ return 0;
++ }
++ }
++
++ return -ENOMEM;
++}
++
++static int ath10k_wmi_tlv_op_pull_svc_rdy_ev(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct wmi_svc_rdy_ev_arg *arg)
++{
++ const void **tb;
++ const struct hal_reg_capabilities *reg;
++ const struct wmi_tlv_svc_rdy_ev *ev;
++ const __le32 *svc_bmap;
++ const struct wlan_host_mem_req *mem_reqs;
++ int ret;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ ev = tb[WMI_TLV_TAG_STRUCT_SERVICE_READY_EVENT];
++ reg = tb[WMI_TLV_TAG_STRUCT_HAL_REG_CAPABILITIES];
++ svc_bmap = tb[WMI_TLV_TAG_ARRAY_UINT32];
++ mem_reqs = tb[WMI_TLV_TAG_ARRAY_STRUCT];
++
++ if (!ev || !reg || !svc_bmap || !mem_reqs) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ /* This is an internal ABI compatibility check for WMI TLV so check it
++ * here instead of the generic WMI code.
++ */
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi tlv abi 0x%08x ?= 0x%08x, 0x%08x ?= 0x%08x, 0x%08x ?= 0x%08x, 0x%08x ?= 0x%08x, 0x%08x ?= 0x%08x\n",
++ __le32_to_cpu(ev->abi.abi_ver0), WMI_TLV_ABI_VER0,
++ __le32_to_cpu(ev->abi.abi_ver_ns0), WMI_TLV_ABI_VER_NS0,
++ __le32_to_cpu(ev->abi.abi_ver_ns1), WMI_TLV_ABI_VER_NS1,
++ __le32_to_cpu(ev->abi.abi_ver_ns2), WMI_TLV_ABI_VER_NS2,
++ __le32_to_cpu(ev->abi.abi_ver_ns3), WMI_TLV_ABI_VER_NS3);
++
++ if (__le32_to_cpu(ev->abi.abi_ver0) != WMI_TLV_ABI_VER0 ||
++ __le32_to_cpu(ev->abi.abi_ver_ns0) != WMI_TLV_ABI_VER_NS0 ||
++ __le32_to_cpu(ev->abi.abi_ver_ns1) != WMI_TLV_ABI_VER_NS1 ||
++ __le32_to_cpu(ev->abi.abi_ver_ns2) != WMI_TLV_ABI_VER_NS2 ||
++ __le32_to_cpu(ev->abi.abi_ver_ns3) != WMI_TLV_ABI_VER_NS3) {
++ kfree(tb);
++ return -ENOTSUPP;
++ }
++
++ arg->min_tx_power = ev->hw_min_tx_power;
++ arg->max_tx_power = ev->hw_max_tx_power;
++ arg->ht_cap = ev->ht_cap_info;
++ arg->vht_cap = ev->vht_cap_info;
++ arg->sw_ver0 = ev->abi.abi_ver0;
++ arg->sw_ver1 = ev->abi.abi_ver1;
++ arg->fw_build = ev->fw_build_vers;
++ arg->phy_capab = ev->phy_capability;
++ arg->num_rf_chains = ev->num_rf_chains;
++ arg->eeprom_rd = reg->eeprom_rd;
++ arg->num_mem_reqs = ev->num_mem_reqs;
++ arg->service_map = svc_bmap;
++ arg->service_map_len = ath10k_wmi_tlv_len(svc_bmap);
++
++ ret = ath10k_wmi_tlv_iter(ar, mem_reqs, ath10k_wmi_tlv_len(mem_reqs),
++ ath10k_wmi_tlv_parse_mem_reqs, arg);
++ if (ret) {
++ kfree(tb);
++ ath10k_warn(ar, "failed to parse mem_reqs tlv: %d\n", ret);
++ return ret;
++ }
++
++ kfree(tb);
++ return 0;
++}
++
++static int ath10k_wmi_tlv_op_pull_rdy_ev(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct wmi_rdy_ev_arg *arg)
++{
++ const void **tb;
++ const struct wmi_tlv_rdy_ev *ev;
++ int ret;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ ev = tb[WMI_TLV_TAG_STRUCT_READY_EVENT];
++ if (!ev) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ arg->sw_version = ev->abi.abi_ver0;
++ arg->abi_version = ev->abi.abi_ver1;
++ arg->status = ev->status;
++ arg->mac_addr = ev->mac_addr.addr;
++
++ kfree(tb);
++ return 0;
++}
++
++static void ath10k_wmi_tlv_pull_vdev_stats(const struct wmi_tlv_vdev_stats *src,
++ struct ath10k_fw_stats_vdev *dst)
++{
++ int i;
++
++ dst->vdev_id = __le32_to_cpu(src->vdev_id);
++ dst->beacon_snr = __le32_to_cpu(src->beacon_snr);
++ dst->data_snr = __le32_to_cpu(src->data_snr);
++ dst->num_rx_frames = __le32_to_cpu(src->num_rx_frames);
++ dst->num_rts_fail = __le32_to_cpu(src->num_rts_fail);
++ dst->num_rts_success = __le32_to_cpu(src->num_rts_success);
++ dst->num_rx_err = __le32_to_cpu(src->num_rx_err);
++ dst->num_rx_discard = __le32_to_cpu(src->num_rx_discard);
++ dst->num_tx_not_acked = __le32_to_cpu(src->num_tx_not_acked);
++
++ for (i = 0; i < ARRAY_SIZE(src->num_tx_frames); i++)
++ dst->num_tx_frames[i] =
++ __le32_to_cpu(src->num_tx_frames[i]);
++
++ for (i = 0; i < ARRAY_SIZE(src->num_tx_frames_retries); i++)
++ dst->num_tx_frames_retries[i] =
++ __le32_to_cpu(src->num_tx_frames_retries[i]);
++
++ for (i = 0; i < ARRAY_SIZE(src->num_tx_frames_failures); i++)
++ dst->num_tx_frames_failures[i] =
++ __le32_to_cpu(src->num_tx_frames_failures[i]);
++
++ for (i = 0; i < ARRAY_SIZE(src->tx_rate_history); i++)
++ dst->tx_rate_history[i] =
++ __le32_to_cpu(src->tx_rate_history[i]);
++
++ for (i = 0; i < ARRAY_SIZE(src->beacon_rssi_history); i++)
++ dst->beacon_rssi_history[i] =
++ __le32_to_cpu(src->beacon_rssi_history[i]);
++}
++
++static int ath10k_wmi_tlv_op_pull_fw_stats(struct ath10k *ar,
++ struct sk_buff *skb,
++ struct ath10k_fw_stats *stats)
++{
++ const void **tb;
++ const struct wmi_tlv_stats_ev *ev;
++ const void *data;
++ u32 num_pdev_stats;
++ u32 num_vdev_stats;
++ u32 num_peer_stats;
++ u32 num_bcnflt_stats;
++ u32 num_chan_stats;
++ size_t data_len;
++ int ret;
++ int i;
++
++ tb = ath10k_wmi_tlv_parse_alloc(ar, skb->data, skb->len, GFP_ATOMIC);
++ if (IS_ERR(tb)) {
++ ret = PTR_ERR(tb);
++ ath10k_warn(ar, "failed to parse tlv: %d\n", ret);
++ return ret;
++ }
++
++ ev = tb[WMI_TLV_TAG_STRUCT_STATS_EVENT];
++ data = tb[WMI_TLV_TAG_ARRAY_BYTE];
++
++ if (!ev || !data) {
++ kfree(tb);
++ return -EPROTO;
++ }
++
++ data_len = ath10k_wmi_tlv_len(data);
++ num_pdev_stats = __le32_to_cpu(ev->num_pdev_stats);
++ num_vdev_stats = __le32_to_cpu(ev->num_vdev_stats);
++ num_peer_stats = __le32_to_cpu(ev->num_peer_stats);
++ num_bcnflt_stats = __le32_to_cpu(ev->num_bcnflt_stats);
++ num_chan_stats = __le32_to_cpu(ev->num_chan_stats);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi tlv stats update pdev %i vdev %i peer %i bcnflt %i chan %i\n",
++ num_pdev_stats, num_vdev_stats, num_peer_stats,
++ num_bcnflt_stats, num_chan_stats);
++
++ for (i = 0; i < num_pdev_stats; i++) {
++ const struct wmi_pdev_stats *src;
++ struct ath10k_fw_stats_pdev *dst;
++
++ src = data;
++ if (data_len < sizeof(*src))
++ return -EPROTO;
++
++ data += sizeof(*src);
++ data_len -= sizeof(*src);
++
++ dst = kzalloc(sizeof(*dst), GFP_ATOMIC);
++ if (!dst)
++ continue;
++
++ ath10k_wmi_pull_pdev_stats_base(&src->base, dst);
++ ath10k_wmi_pull_pdev_stats_tx(&src->tx, dst);
++ ath10k_wmi_pull_pdev_stats_rx(&src->rx, dst);
++ list_add_tail(&dst->list, &stats->pdevs);
++ }
++
++ for (i = 0; i < num_vdev_stats; i++) {
++ const struct wmi_tlv_vdev_stats *src;
++ struct ath10k_fw_stats_vdev *dst;
++
++ src = data;
++ if (data_len < sizeof(*src))
++ return -EPROTO;
++
++ data += sizeof(*src);
++ data_len -= sizeof(*src);
++
++ dst = kzalloc(sizeof(*dst), GFP_ATOMIC);
++ if (!dst)
++ continue;
++
++ ath10k_wmi_tlv_pull_vdev_stats(src, dst);
++ list_add_tail(&dst->list, &stats->vdevs);
++ }
++
++ for (i = 0; i < num_peer_stats; i++) {
++ const struct wmi_10x_peer_stats *src;
++ struct ath10k_fw_stats_peer *dst;
++
++ src = data;
++ if (data_len < sizeof(*src))
++ return -EPROTO;
++
++ data += sizeof(*src);
++ data_len -= sizeof(*src);
++
++ dst = kzalloc(sizeof(*dst), GFP_ATOMIC);
++ if (!dst)
++ continue;
++
++ ath10k_wmi_pull_peer_stats(&src->old, dst);
++ dst->peer_rx_rate = __le32_to_cpu(src->peer_rx_rate);
++ list_add_tail(&dst->list, &stats->peers);
++ }
++
++ kfree(tb);
++ return 0;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_pdev_suspend(struct ath10k *ar, u32 opt)
++{
++ struct wmi_tlv_pdev_suspend *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PDEV_SUSPEND_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->opt = __cpu_to_le32(opt);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv pdev suspend\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_pdev_resume(struct ath10k *ar)
++{
++ struct wmi_tlv_resume_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PDEV_RESUME_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->reserved = __cpu_to_le32(0);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv pdev resume\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_pdev_set_rd(struct ath10k *ar,
++ u16 rd, u16 rd2g, u16 rd5g,
++ u16 ctl2g, u16 ctl5g,
++ enum wmi_dfs_region dfs_reg)
++{
++ struct wmi_tlv_pdev_set_rd_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PDEV_SET_REGDOMAIN_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->regd = __cpu_to_le32(rd);
++ cmd->regd_2ghz = __cpu_to_le32(rd2g);
++ cmd->regd_5ghz = __cpu_to_le32(rd5g);
++ cmd->conform_limit_2ghz = __cpu_to_le32(rd2g);
++ cmd->conform_limit_5ghz = __cpu_to_le32(rd5g);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv pdev set rd\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_pdev_set_param(struct ath10k *ar, u32 param_id,
++ u32 param_value)
++{
++ struct wmi_tlv_pdev_set_param_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PDEV_SET_PARAM_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->param_id = __cpu_to_le32(param_id);
++ cmd->param_value = __cpu_to_le32(param_value);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv pdev set param\n");
++ return skb;
++}
++
++static struct sk_buff *ath10k_wmi_tlv_op_gen_init(struct ath10k *ar)
++{
++ struct sk_buff *skb;
++ struct wmi_tlv *tlv;
++ struct wmi_tlv_init_cmd *cmd;
++ struct wmi_tlv_resource_config *cfg;
++ struct wmi_host_mem_chunks *chunks;
++ size_t len, chunks_len;
++ void *ptr;
++
++ chunks_len = ar->wmi.num_mem_chunks * sizeof(struct host_memory_chunk);
++ len = (sizeof(*tlv) + sizeof(*cmd)) +
++ (sizeof(*tlv) + sizeof(*cfg)) +
++ (sizeof(*tlv) + chunks_len);
++
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = skb->data;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_INIT_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_RESOURCE_CONFIG);
++ tlv->len = __cpu_to_le16(sizeof(*cfg));
++ cfg = (void *)tlv->value;
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cfg);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_STRUCT);
++ tlv->len = __cpu_to_le16(chunks_len);
++ chunks = (void *)tlv->value;
++
++ ptr += sizeof(*tlv);
++ ptr += chunks_len;
++
++ cmd->abi.abi_ver0 = __cpu_to_le32(WMI_TLV_ABI_VER0);
++ cmd->abi.abi_ver1 = __cpu_to_le32(WMI_TLV_ABI_VER1);
++ cmd->abi.abi_ver_ns0 = __cpu_to_le32(WMI_TLV_ABI_VER_NS0);
++ cmd->abi.abi_ver_ns1 = __cpu_to_le32(WMI_TLV_ABI_VER_NS1);
++ cmd->abi.abi_ver_ns2 = __cpu_to_le32(WMI_TLV_ABI_VER_NS2);
++ cmd->abi.abi_ver_ns3 = __cpu_to_le32(WMI_TLV_ABI_VER_NS3);
++ cmd->num_host_mem_chunks = __cpu_to_le32(ar->wmi.num_mem_chunks);
++
++ cfg->num_vdevs = __cpu_to_le32(TARGET_TLV_NUM_VDEVS);
++ cfg->num_peers = __cpu_to_le32(TARGET_TLV_NUM_PEERS);
++
++ if (test_bit(WMI_SERVICE_RX_FULL_REORDER, ar->wmi.svc_map)) {
++ cfg->num_offload_peers = __cpu_to_le32(3);
++ cfg->num_offload_reorder_bufs = __cpu_to_le32(3);
++ } else {
++ cfg->num_offload_peers = __cpu_to_le32(0);
++ cfg->num_offload_reorder_bufs = __cpu_to_le32(0);
++ }
++
++ cfg->num_peer_keys = __cpu_to_le32(2);
++ cfg->num_tids = __cpu_to_le32(TARGET_TLV_NUM_TIDS);
++ cfg->ast_skid_limit = __cpu_to_le32(0x10);
++ cfg->tx_chain_mask = __cpu_to_le32(0x7);
++ cfg->rx_chain_mask = __cpu_to_le32(0x7);
++ cfg->rx_timeout_pri[0] = __cpu_to_le32(0x64);
++ cfg->rx_timeout_pri[1] = __cpu_to_le32(0x64);
++ cfg->rx_timeout_pri[2] = __cpu_to_le32(0x64);
++ cfg->rx_timeout_pri[3] = __cpu_to_le32(0x28);
++ cfg->rx_decap_mode = __cpu_to_le32(1);
++ cfg->scan_max_pending_reqs = __cpu_to_le32(4);
++ cfg->bmiss_offload_max_vdev = __cpu_to_le32(3);
++ cfg->roam_offload_max_vdev = __cpu_to_le32(3);
++ cfg->roam_offload_max_ap_profiles = __cpu_to_le32(8);
++ cfg->num_mcast_groups = __cpu_to_le32(0);
++ cfg->num_mcast_table_elems = __cpu_to_le32(0);
++ cfg->mcast2ucast_mode = __cpu_to_le32(0);
++ cfg->tx_dbg_log_size = __cpu_to_le32(0x400);
++ cfg->num_wds_entries = __cpu_to_le32(0x20);
++ cfg->dma_burst_size = __cpu_to_le32(0);
++ cfg->mac_aggr_delim = __cpu_to_le32(0);
++ cfg->rx_skip_defrag_timeout_dup_detection_check = __cpu_to_le32(0);
++ cfg->vow_config = __cpu_to_le32(0);
++ cfg->gtk_offload_max_vdev = __cpu_to_le32(2);
++ cfg->num_msdu_desc = __cpu_to_le32(TARGET_TLV_NUM_MSDU_DESC);
++ cfg->max_frag_entries = __cpu_to_le32(2);
++ cfg->num_tdls_vdevs = __cpu_to_le32(1);
++ cfg->num_tdls_conn_table_entries = __cpu_to_le32(0x20);
++ cfg->beacon_tx_offload_max_vdev = __cpu_to_le32(2);
++ cfg->num_multicast_filter_entries = __cpu_to_le32(5);
++ cfg->num_wow_filters = __cpu_to_le32(0x16);
++ cfg->num_keep_alive_pattern = __cpu_to_le32(6);
++ cfg->keep_alive_pattern_size = __cpu_to_le32(0);
++ cfg->max_tdls_concurrent_sleep_sta = __cpu_to_le32(1);
++ cfg->max_tdls_concurrent_buffer_sta = __cpu_to_le32(1);
++
++ ath10k_wmi_put_host_mem_chunks(ar, chunks);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv init\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_start_scan(struct ath10k *ar,
++ const struct wmi_start_scan_arg *arg)
++{
++ struct wmi_tlv_start_scan_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ size_t len, chan_len, ssid_len, bssid_len, ie_len;
++ __le32 *chans;
++ struct wmi_ssid *ssids;
++ struct wmi_mac_addr *addrs;
++ void *ptr;
++ int i, ret;
++
++ ret = ath10k_wmi_start_scan_verify(arg);
++ if (ret)
++ return ERR_PTR(ret);
++
++ chan_len = arg->n_channels * sizeof(__le32);
++ ssid_len = arg->n_ssids * sizeof(struct wmi_ssid);
++ bssid_len = arg->n_bssids * sizeof(struct wmi_mac_addr);
++ ie_len = roundup(arg->ie_len, 4);
++ len = (sizeof(*tlv) + sizeof(*cmd)) +
++ (arg->n_channels ? sizeof(*tlv) + chan_len : 0) +
++ (arg->n_ssids ? sizeof(*tlv) + ssid_len : 0) +
++ (arg->n_bssids ? sizeof(*tlv) + bssid_len : 0) +
++ (arg->ie_len ? sizeof(*tlv) + ie_len : 0);
++
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_START_SCAN_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++
++ ath10k_wmi_put_start_scan_common(&cmd->common, arg);
++ cmd->burst_duration_ms = __cpu_to_le32(0);
++ cmd->num_channels = __cpu_to_le32(arg->n_channels);
++ cmd->num_ssids = __cpu_to_le32(arg->n_ssids);
++ cmd->num_bssids = __cpu_to_le32(arg->n_bssids);
++ cmd->ie_len = __cpu_to_le32(arg->ie_len);
++ cmd->num_probes = __cpu_to_le32(3);
++
++ /* FIXME: There are some scan flag inconsistencies across firmwares,
++ * e.g. WMI-TLV inverts the logic behind the following flag.
++ */
++ cmd->common.scan_ctrl_flags ^= __cpu_to_le32(WMI_SCAN_FILTER_PROBE_REQ);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_UINT32);
++ tlv->len = __cpu_to_le16(chan_len);
++ chans = (void *)tlv->value;
++ for (i = 0; i < arg->n_channels; i++)
++ chans[i] = __cpu_to_le32(arg->channels[i]);
++
++ ptr += sizeof(*tlv);
++ ptr += chan_len;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_FIXED_STRUCT);
++ tlv->len = __cpu_to_le16(ssid_len);
++ ssids = (void *)tlv->value;
++ for (i = 0; i < arg->n_ssids; i++) {
++ ssids[i].ssid_len = __cpu_to_le32(arg->ssids[i].len);
++ memcpy(ssids[i].ssid, arg->ssids[i].ssid, arg->ssids[i].len);
++ }
++
++ ptr += sizeof(*tlv);
++ ptr += ssid_len;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_FIXED_STRUCT);
++ tlv->len = __cpu_to_le16(bssid_len);
++ addrs = (void *)tlv->value;
++ for (i = 0; i < arg->n_bssids; i++)
++ ether_addr_copy(addrs[i].addr, arg->bssids[i].bssid);
++
++ ptr += sizeof(*tlv);
++ ptr += bssid_len;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_BYTE);
++ tlv->len = __cpu_to_le16(ie_len);
++ memcpy(tlv->value, arg->ie, arg->ie_len);
++
++ ptr += sizeof(*tlv);
++ ptr += ie_len;
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv start scan\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_stop_scan(struct ath10k *ar,
++ const struct wmi_stop_scan_arg *arg)
++{
++ struct wmi_stop_scan_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ u32 scan_id;
++ u32 req_id;
++
++ if (arg->req_id > 0xFFF)
++ return ERR_PTR(-EINVAL);
++ if (arg->req_type == WMI_SCAN_STOP_ONE && arg->u.scan_id > 0xFFF)
++ return ERR_PTR(-EINVAL);
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ scan_id = arg->u.scan_id;
++ scan_id |= WMI_HOST_SCAN_REQ_ID_PREFIX;
++
++ req_id = arg->req_id;
++ req_id |= WMI_HOST_SCAN_REQUESTOR_ID_PREFIX;
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_STOP_SCAN_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->req_type = __cpu_to_le32(arg->req_type);
++ cmd->vdev_id = __cpu_to_le32(arg->u.vdev_id);
++ cmd->scan_id = __cpu_to_le32(scan_id);
++ cmd->scan_req_id = __cpu_to_le32(req_id);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv stop scan\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_vdev_create(struct ath10k *ar,
++ u32 vdev_id,
++ enum wmi_vdev_type vdev_type,
++ enum wmi_vdev_subtype vdev_subtype,
++ const u8 mac_addr[ETH_ALEN])
++{
++ struct wmi_vdev_create_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_VDEV_CREATE_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->vdev_type = __cpu_to_le32(vdev_type);
++ cmd->vdev_subtype = __cpu_to_le32(vdev_subtype);
++ ether_addr_copy(cmd->vdev_macaddr.addr, mac_addr);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv vdev create\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_vdev_delete(struct ath10k *ar, u32 vdev_id)
++{
++ struct wmi_vdev_delete_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_VDEV_DELETE_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv vdev delete\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_vdev_start(struct ath10k *ar,
++ const struct wmi_vdev_start_request_arg *arg,
++ bool restart)
++{
++ struct wmi_tlv_vdev_start_cmd *cmd;
++ struct wmi_channel *ch;
++ struct wmi_p2p_noa_descriptor *noa;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ size_t len;
++ void *ptr;
++ u32 flags = 0;
++
++ if (WARN_ON(arg->ssid && arg->ssid_len == 0))
++ return ERR_PTR(-EINVAL);
++ if (WARN_ON(arg->hidden_ssid && !arg->ssid))
++ return ERR_PTR(-EINVAL);
++ if (WARN_ON(arg->ssid_len > sizeof(cmd->ssid.ssid)))
++ return ERR_PTR(-EINVAL);
++
++ len = (sizeof(*tlv) + sizeof(*cmd)) +
++ (sizeof(*tlv) + sizeof(*ch)) +
++ (sizeof(*tlv) + 0);
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ if (arg->hidden_ssid)
++ flags |= WMI_VDEV_START_HIDDEN_SSID;
++ if (arg->pmf_enabled)
++ flags |= WMI_VDEV_START_PMF_ENABLED;
++
++ ptr = (void *)skb->data;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_VDEV_START_REQUEST_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(arg->vdev_id);
++ cmd->bcn_intval = __cpu_to_le32(arg->bcn_intval);
++ cmd->dtim_period = __cpu_to_le32(arg->dtim_period);
++ cmd->flags = __cpu_to_le32(flags);
++ cmd->bcn_tx_rate = __cpu_to_le32(arg->bcn_tx_rate);
++ cmd->bcn_tx_power = __cpu_to_le32(arg->bcn_tx_power);
++ cmd->disable_hw_ack = __cpu_to_le32(arg->disable_hw_ack);
++
++ if (arg->ssid) {
++ cmd->ssid.ssid_len = __cpu_to_le32(arg->ssid_len);
++ memcpy(cmd->ssid.ssid, arg->ssid, arg->ssid_len);
++ }
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_CHANNEL);
++ tlv->len = __cpu_to_le16(sizeof(*ch));
++ ch = (void *)tlv->value;
++ ath10k_wmi_put_wmi_channel(ch, &arg->channel);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*ch);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_STRUCT);
++ tlv->len = 0;
++ noa = (void *)tlv->value;
++
++ /* Note: This is a nested TLV containing:
++ * [wmi_tlv][wmi_p2p_noa_descriptor][wmi_tlv]..
++ */
++
++ ptr += sizeof(*tlv);
++ ptr += 0;
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv vdev start\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_vdev_stop(struct ath10k *ar, u32 vdev_id)
++{
++ struct wmi_vdev_stop_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_VDEV_STOP_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv vdev stop\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_vdev_up(struct ath10k *ar, u32 vdev_id, u32 aid,
++ const u8 *bssid)
++
++{
++ struct wmi_vdev_up_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_VDEV_UP_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->vdev_assoc_id = __cpu_to_le32(aid);
++ ether_addr_copy(cmd->vdev_bssid.addr, bssid);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv vdev up\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_vdev_down(struct ath10k *ar, u32 vdev_id)
++{
++ struct wmi_vdev_down_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_VDEV_DOWN_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv vdev down\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_vdev_set_param(struct ath10k *ar, u32 vdev_id,
++ u32 param_id, u32 param_value)
++{
++ struct wmi_vdev_set_param_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_VDEV_SET_PARAM_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->param_id = __cpu_to_le32(param_id);
++ cmd->param_value = __cpu_to_le32(param_value);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv vdev set param\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_vdev_install_key(struct ath10k *ar,
++ const struct wmi_vdev_install_key_arg *arg)
++{
++ struct wmi_vdev_install_key_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ size_t len;
++ void *ptr;
++
++ if (arg->key_cipher == WMI_CIPHER_NONE && arg->key_data != NULL)
++ return ERR_PTR(-EINVAL);
++ if (arg->key_cipher != WMI_CIPHER_NONE && arg->key_data == NULL)
++ return ERR_PTR(-EINVAL);
++
++ len = sizeof(*tlv) + sizeof(*cmd) +
++ sizeof(*tlv) + roundup(arg->key_len, sizeof(__le32));
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_VDEV_INSTALL_KEY_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(arg->vdev_id);
++ cmd->key_idx = __cpu_to_le32(arg->key_idx);
++ cmd->key_flags = __cpu_to_le32(arg->key_flags);
++ cmd->key_cipher = __cpu_to_le32(arg->key_cipher);
++ cmd->key_len = __cpu_to_le32(arg->key_len);
++ cmd->key_txmic_len = __cpu_to_le32(arg->key_txmic_len);
++ cmd->key_rxmic_len = __cpu_to_le32(arg->key_rxmic_len);
++
++ if (arg->macaddr)
++ ether_addr_copy(cmd->peer_macaddr.addr, arg->macaddr);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_BYTE);
++ tlv->len = __cpu_to_le16(roundup(arg->key_len, sizeof(__le32)));
++ if (arg->key_data)
++ memcpy(tlv->value, arg->key_data, arg->key_len);
++
++ ptr += sizeof(*tlv);
++ ptr += roundup(arg->key_len, sizeof(__le32));
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv vdev install key\n");
++ return skb;
++}
++
++static void *ath10k_wmi_tlv_put_uapsd_ac(struct ath10k *ar, void *ptr,
++ const struct wmi_sta_uapsd_auto_trig_arg *arg)
++{
++ struct wmi_sta_uapsd_auto_trig_param *ac;
++ struct wmi_tlv *tlv;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_STA_UAPSD_AUTO_TRIG_PARAM);
++ tlv->len = __cpu_to_le16(sizeof(*ac));
++ ac = (void *)tlv->value;
++
++ ac->wmm_ac = __cpu_to_le32(arg->wmm_ac);
++ ac->user_priority = __cpu_to_le32(arg->user_priority);
++ ac->service_interval = __cpu_to_le32(arg->service_interval);
++ ac->suspend_interval = __cpu_to_le32(arg->suspend_interval);
++ ac->delay_interval = __cpu_to_le32(arg->delay_interval);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI,
++ "wmi tlv vdev sta uapsd auto trigger ac %d prio %d svc int %d susp int %d delay int %d\n",
++ ac->wmm_ac, ac->user_priority, ac->service_interval,
++ ac->suspend_interval, ac->delay_interval);
++
++ return ptr + sizeof(*tlv) + sizeof(*ac);
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_vdev_sta_uapsd(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN],
++ const struct wmi_sta_uapsd_auto_trig_arg *args,
++ u32 num_ac)
++{
++ struct wmi_sta_uapsd_auto_trig_cmd_fixed_param *cmd;
++ struct wmi_sta_uapsd_auto_trig_param *ac;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ size_t len;
++ size_t ac_tlv_len;
++ void *ptr;
++ int i;
++
++ ac_tlv_len = num_ac * (sizeof(*tlv) + sizeof(*ac));
++ len = sizeof(*tlv) + sizeof(*cmd) +
++ sizeof(*tlv) + ac_tlv_len;
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_STA_UAPSD_AUTO_TRIG_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->num_ac = __cpu_to_le32(num_ac);
++ ether_addr_copy(cmd->peer_macaddr.addr, peer_addr);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_STRUCT);
++ tlv->len = __cpu_to_le16(ac_tlv_len);
++ ac = (void *)tlv->value;
++
++ ptr += sizeof(*tlv);
++ for (i = 0; i < num_ac; i++)
++ ptr = ath10k_wmi_tlv_put_uapsd_ac(ar, ptr, &args[i]);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv vdev sta uapsd auto trigger\n");
++ return skb;
++}
++
++static void *ath10k_wmi_tlv_put_wmm(void *ptr,
++ const struct wmi_wmm_params_arg *arg)
++{
++ struct wmi_wmm_params *wmm;
++ struct wmi_tlv *tlv;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_WMM_PARAMS);
++ tlv->len = __cpu_to_le16(sizeof(*wmm));
++ wmm = (void *)tlv->value;
++ ath10k_wmi_set_wmm_param(wmm, arg);
++
++ return ptr + sizeof(*tlv) + sizeof(*wmm);
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_vdev_wmm_conf(struct ath10k *ar, u32 vdev_id,
++ const struct wmi_wmm_params_all_arg *arg)
++{
++ struct wmi_tlv_vdev_set_wmm_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ size_t len;
++ void *ptr;
++
++ len = sizeof(*tlv) + sizeof(*cmd);
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_VDEV_SET_WMM_PARAMS_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++
++ ath10k_wmi_set_wmm_param(&cmd->vdev_wmm_params[0].params, &arg->ac_be);
++ ath10k_wmi_set_wmm_param(&cmd->vdev_wmm_params[1].params, &arg->ac_bk);
++ ath10k_wmi_set_wmm_param(&cmd->vdev_wmm_params[2].params, &arg->ac_vi);
++ ath10k_wmi_set_wmm_param(&cmd->vdev_wmm_params[3].params, &arg->ac_vo);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv vdev wmm conf\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_sta_keepalive(struct ath10k *ar,
++ const struct wmi_sta_keepalive_arg *arg)
++{
++ struct wmi_tlv_sta_keepalive_cmd *cmd;
++ struct wmi_sta_keepalive_arp_resp *arp;
++ struct sk_buff *skb;
++ struct wmi_tlv *tlv;
++ void *ptr;
++ size_t len;
++
++ len = sizeof(*tlv) + sizeof(*cmd) +
++ sizeof(*tlv) + sizeof(*arp);
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_STA_KEEPALIVE_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(arg->vdev_id);
++ cmd->enabled = __cpu_to_le32(arg->enabled);
++ cmd->method = __cpu_to_le32(arg->method);
++ cmd->interval = __cpu_to_le32(arg->interval);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_STA_KEEPALVE_ARP_RESPONSE);
++ tlv->len = __cpu_to_le16(sizeof(*arp));
++ arp = (void *)tlv->value;
++
++ arp->src_ip4_addr = arg->src_ip4_addr;
++ arp->dest_ip4_addr = arg->dest_ip4_addr;
++ ether_addr_copy(arp->dest_mac_addr.addr, arg->dest_mac_addr);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv sta keepalive vdev %d enabled %d method %d inverval %d\n",
++ arg->vdev_id, arg->enabled, arg->method, arg->interval);
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_peer_create(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN])
++{
++ struct wmi_tlv_peer_create_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PEER_CREATE_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->peer_type = __cpu_to_le32(WMI_TLV_PEER_TYPE_DEFAULT); /* FIXME */
++ ether_addr_copy(cmd->peer_addr.addr, peer_addr);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv peer create\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_peer_delete(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN])
++{
++ struct wmi_peer_delete_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PEER_DELETE_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ ether_addr_copy(cmd->peer_macaddr.addr, peer_addr);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv peer delete\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_peer_flush(struct ath10k *ar, u32 vdev_id,
++ const u8 peer_addr[ETH_ALEN], u32 tid_bitmap)
++{
++ struct wmi_peer_flush_tids_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PEER_FLUSH_TIDS_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->peer_tid_bitmap = __cpu_to_le32(tid_bitmap);
++ ether_addr_copy(cmd->peer_macaddr.addr, peer_addr);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv peer flush\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_peer_set_param(struct ath10k *ar, u32 vdev_id,
++ const u8 *peer_addr,
++ enum wmi_peer_param param_id,
++ u32 param_value)
++{
++ struct wmi_peer_set_param_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PEER_SET_PARAM_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->param_id = __cpu_to_le32(param_id);
++ cmd->param_value = __cpu_to_le32(param_value);
++ ether_addr_copy(cmd->peer_macaddr.addr, peer_addr);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv peer set param\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_peer_assoc(struct ath10k *ar,
++ const struct wmi_peer_assoc_complete_arg *arg)
++{
++ struct wmi_tlv_peer_assoc_cmd *cmd;
++ struct wmi_vht_rate_set *vht_rate;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ size_t len, legacy_rate_len, ht_rate_len;
++ void *ptr;
++
++ if (arg->peer_mpdu_density > 16)
++ return ERR_PTR(-EINVAL);
++ if (arg->peer_legacy_rates.num_rates > MAX_SUPPORTED_RATES)
++ return ERR_PTR(-EINVAL);
++ if (arg->peer_ht_rates.num_rates > MAX_SUPPORTED_RATES)
++ return ERR_PTR(-EINVAL);
++
++ legacy_rate_len = roundup(arg->peer_legacy_rates.num_rates,
++ sizeof(__le32));
++ ht_rate_len = roundup(arg->peer_ht_rates.num_rates, sizeof(__le32));
++ len = (sizeof(*tlv) + sizeof(*cmd)) +
++ (sizeof(*tlv) + legacy_rate_len) +
++ (sizeof(*tlv) + ht_rate_len) +
++ (sizeof(*tlv) + sizeof(*vht_rate));
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PEER_ASSOC_COMPLETE_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++
++ cmd->vdev_id = __cpu_to_le32(arg->vdev_id);
++ cmd->new_assoc = __cpu_to_le32(arg->peer_reassoc ? 0 : 1);
++ cmd->assoc_id = __cpu_to_le32(arg->peer_aid);
++ cmd->flags = __cpu_to_le32(arg->peer_flags);
++ cmd->caps = __cpu_to_le32(arg->peer_caps);
++ cmd->listen_intval = __cpu_to_le32(arg->peer_listen_intval);
++ cmd->ht_caps = __cpu_to_le32(arg->peer_ht_caps);
++ cmd->max_mpdu = __cpu_to_le32(arg->peer_max_mpdu);
++ cmd->mpdu_density = __cpu_to_le32(arg->peer_mpdu_density);
++ cmd->rate_caps = __cpu_to_le32(arg->peer_rate_caps);
++ cmd->nss = __cpu_to_le32(arg->peer_num_spatial_streams);
++ cmd->vht_caps = __cpu_to_le32(arg->peer_vht_caps);
++ cmd->phy_mode = __cpu_to_le32(arg->peer_phymode);
++ cmd->num_legacy_rates = __cpu_to_le32(arg->peer_legacy_rates.num_rates);
++ cmd->num_ht_rates = __cpu_to_le32(arg->peer_ht_rates.num_rates);
++ ether_addr_copy(cmd->mac_addr.addr, arg->addr);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_BYTE);
++ tlv->len = __cpu_to_le16(legacy_rate_len);
++ memcpy(tlv->value, arg->peer_legacy_rates.rates,
++ arg->peer_legacy_rates.num_rates);
++
++ ptr += sizeof(*tlv);
++ ptr += legacy_rate_len;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_BYTE);
++ tlv->len = __cpu_to_le16(ht_rate_len);
++ memcpy(tlv->value, arg->peer_ht_rates.rates,
++ arg->peer_ht_rates.num_rates);
++
++ ptr += sizeof(*tlv);
++ ptr += ht_rate_len;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_VHT_RATE_SET);
++ tlv->len = __cpu_to_le16(sizeof(*vht_rate));
++ vht_rate = (void *)tlv->value;
++
++ vht_rate->rx_max_rate = __cpu_to_le32(arg->peer_vht_rates.rx_max_rate);
++ vht_rate->rx_mcs_set = __cpu_to_le32(arg->peer_vht_rates.rx_mcs_set);
++ vht_rate->tx_max_rate = __cpu_to_le32(arg->peer_vht_rates.tx_max_rate);
++ vht_rate->tx_mcs_set = __cpu_to_le32(arg->peer_vht_rates.tx_mcs_set);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*vht_rate);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv peer assoc\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_set_psmode(struct ath10k *ar, u32 vdev_id,
++ enum wmi_sta_ps_mode psmode)
++{
++ struct wmi_sta_powersave_mode_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_STA_POWERSAVE_MODE_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->sta_ps_mode = __cpu_to_le32(psmode);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv set psmode\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_set_sta_ps(struct ath10k *ar, u32 vdev_id,
++ enum wmi_sta_powersave_param param_id,
++ u32 param_value)
++{
++ struct wmi_sta_powersave_param_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_STA_POWERSAVE_PARAM_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->param_id = __cpu_to_le32(param_id);
++ cmd->param_value = __cpu_to_le32(param_value);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv set sta ps\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_set_ap_ps(struct ath10k *ar, u32 vdev_id, const u8 *mac,
++ enum wmi_ap_ps_peer_param param_id, u32 value)
++{
++ struct wmi_ap_ps_peer_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ if (!mac)
++ return ERR_PTR(-EINVAL);
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_AP_PS_PEER_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->param_id = __cpu_to_le32(param_id);
++ cmd->param_value = __cpu_to_le32(value);
++ ether_addr_copy(cmd->peer_macaddr.addr, mac);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv ap ps param\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_scan_chan_list(struct ath10k *ar,
++ const struct wmi_scan_chan_list_arg *arg)
++{
++ struct wmi_tlv_scan_chan_list_cmd *cmd;
++ struct wmi_channel *ci;
++ struct wmi_channel_arg *ch;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ size_t chans_len, len;
++ int i;
++ void *ptr, *chans;
++
++ chans_len = arg->n_channels * (sizeof(*tlv) + sizeof(*ci));
++ len = (sizeof(*tlv) + sizeof(*cmd)) +
++ (sizeof(*tlv) + chans_len);
++
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_SCAN_CHAN_LIST_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->num_scan_chans = __cpu_to_le32(arg->n_channels);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_STRUCT);
++ tlv->len = __cpu_to_le16(chans_len);
++ chans = (void *)tlv->value;
++
++ for (i = 0; i < arg->n_channels; i++) {
++ ch = &arg->channels[i];
++
++ tlv = chans;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_CHANNEL);
++ tlv->len = __cpu_to_le16(sizeof(*ci));
++ ci = (void *)tlv->value;
++
++ ath10k_wmi_put_wmi_channel(ci, ch);
++
++ chans += sizeof(*tlv);
++ chans += sizeof(*ci);
++ }
++
++ ptr += sizeof(*tlv);
++ ptr += chans_len;
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv scan chan list\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_beacon_dma(struct ath10k *ar, u32 vdev_id,
++ const void *bcn, size_t bcn_len,
++ u32 bcn_paddr, bool dtim_zero,
++ bool deliver_cab)
++
++{
++ struct wmi_bcn_tx_ref_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ struct ieee80211_hdr *hdr;
++ u16 fc;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ hdr = (struct ieee80211_hdr *)bcn;
++ fc = le16_to_cpu(hdr->frame_control);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_BCN_SEND_FROM_HOST_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->data_len = __cpu_to_le32(bcn_len);
++ cmd->data_ptr = __cpu_to_le32(bcn_paddr);
++ cmd->msdu_id = 0;
++ cmd->frame_control = __cpu_to_le32(fc);
++ cmd->flags = 0;
++
++ if (dtim_zero)
++ cmd->flags |= __cpu_to_le32(WMI_BCN_TX_REF_FLAG_DTIM_ZERO);
++
++ if (deliver_cab)
++ cmd->flags |= __cpu_to_le32(WMI_BCN_TX_REF_FLAG_DELIVER_CAB);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv beacon dma\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_pdev_set_wmm(struct ath10k *ar,
++ const struct wmi_wmm_params_all_arg *arg)
++{
++ struct wmi_tlv_pdev_set_wmm_cmd *cmd;
++ struct wmi_wmm_params *wmm;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ size_t len;
++ void *ptr;
++
++ len = (sizeof(*tlv) + sizeof(*cmd)) +
++ (4 * (sizeof(*tlv) + sizeof(*wmm)));
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PDEV_SET_WMM_PARAMS_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++
++ /* nothing to set here */
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ ptr = ath10k_wmi_tlv_put_wmm(ptr, &arg->ac_be);
++ ptr = ath10k_wmi_tlv_put_wmm(ptr, &arg->ac_bk);
++ ptr = ath10k_wmi_tlv_put_wmm(ptr, &arg->ac_vi);
++ ptr = ath10k_wmi_tlv_put_wmm(ptr, &arg->ac_vo);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv pdev set wmm\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_request_stats(struct ath10k *ar, u32 stats_mask)
++{
++ struct wmi_request_stats_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_REQUEST_STATS_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->stats_id = __cpu_to_le32(stats_mask);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv request stats\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_force_fw_hang(struct ath10k *ar,
++ enum wmi_force_fw_hang_type type,
++ u32 delay_ms)
++{
++ struct wmi_force_fw_hang_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++
++ skb = ath10k_wmi_alloc_skb(ar, sizeof(*tlv) + sizeof(*cmd));
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ tlv = (void *)skb->data;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_FORCE_FW_HANG_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->type = __cpu_to_le32(type);
++ cmd->delay_ms = __cpu_to_le32(delay_ms);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv force fw hang\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_dbglog_cfg(struct ath10k *ar, u32 module_enable,
++ u32 log_level) {
++ struct wmi_tlv_dbglog_cmd *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ size_t len, bmap_len;
++ u32 value;
++ void *ptr;
++
++ if (module_enable) {
++ value = WMI_TLV_DBGLOG_LOG_LEVEL_VALUE(
++ module_enable,
++ WMI_TLV_DBGLOG_LOG_LEVEL_VERBOSE);
++ } else {
++ value = WMI_TLV_DBGLOG_LOG_LEVEL_VALUE(
++ WMI_TLV_DBGLOG_ALL_MODULES,
++ WMI_TLV_DBGLOG_LOG_LEVEL_WARN);
++ }
++
++ bmap_len = 0;
++ len = sizeof(*tlv) + sizeof(*cmd) + sizeof(*tlv) + bmap_len;
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_DEBUG_LOG_CONFIG_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->param = __cpu_to_le32(WMI_TLV_DBGLOG_PARAM_LOG_LEVEL);
++ cmd->value = __cpu_to_le32(value);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_UINT32);
++ tlv->len = __cpu_to_le16(bmap_len);
++
++ /* nothing to do here */
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(bmap_len);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv dbglog value 0x%08x\n", value);
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_pktlog_enable(struct ath10k *ar, u32 filter)
++{
++ struct wmi_tlv_pktlog_enable *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ void *ptr;
++ size_t len;
++
++ len = sizeof(*tlv) + sizeof(*cmd);
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PDEV_PKTLOG_ENABLE_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->filter = __cpu_to_le32(filter);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv pktlog enable filter 0x%08x\n",
++ filter);
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_pktlog_disable(struct ath10k *ar)
++{
++ struct wmi_tlv_pktlog_disable *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ void *ptr;
++ size_t len;
++
++ len = sizeof(*tlv) + sizeof(*cmd);
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PDEV_PKTLOG_DISABLE_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv pktlog disable\n");
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_bcn_tmpl(struct ath10k *ar, u32 vdev_id,
++ u32 tim_ie_offset, struct sk_buff *bcn,
++ u32 prb_caps, u32 prb_erp, void *prb_ies,
++ size_t prb_ies_len)
++{
++ struct wmi_tlv_bcn_tmpl_cmd *cmd;
++ struct wmi_tlv_bcn_prb_info *info;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ void *ptr;
++ size_t len;
++
++ if (WARN_ON(prb_ies_len > 0 && !prb_ies))
++ return ERR_PTR(-EINVAL);
++
++ len = sizeof(*tlv) + sizeof(*cmd) +
++ sizeof(*tlv) + sizeof(*info) + prb_ies_len +
++ sizeof(*tlv) + roundup(bcn->len, 4);
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_BCN_TMPL_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->tim_ie_offset = __cpu_to_le32(tim_ie_offset);
++ cmd->buf_len = __cpu_to_le32(bcn->len);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ /* FIXME: prb_ies_len should be probably aligned to 4byte boundary but
++ * then it is then impossible to pass original ie len.
++ * This chunk is not used yet so if setting probe resp template yields
++ * problems with beaconing or crashes firmware look here.
++ */
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_BCN_PRB_INFO);
++ tlv->len = __cpu_to_le16(sizeof(*info) + prb_ies_len);
++ info = (void *)tlv->value;
++ info->caps = __cpu_to_le32(prb_caps);
++ info->erp = __cpu_to_le32(prb_erp);
++ memcpy(info->ies, prb_ies, prb_ies_len);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*info);
++ ptr += prb_ies_len;
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_BYTE);
++ tlv->len = __cpu_to_le16(roundup(bcn->len, 4));
++ memcpy(tlv->value, bcn->data, bcn->len);
++
++ /* FIXME: Adjust TSF? */
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv bcn tmpl vdev_id %i\n",
++ vdev_id);
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_prb_tmpl(struct ath10k *ar, u32 vdev_id,
++ struct sk_buff *prb)
++{
++ struct wmi_tlv_prb_tmpl_cmd *cmd;
++ struct wmi_tlv_bcn_prb_info *info;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ void *ptr;
++ size_t len;
++
++ len = sizeof(*tlv) + sizeof(*cmd) +
++ sizeof(*tlv) + sizeof(*info) +
++ sizeof(*tlv) + roundup(prb->len, 4);
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_PRB_TMPL_CMD);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->buf_len = __cpu_to_le32(prb->len);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_BCN_PRB_INFO);
++ tlv->len = __cpu_to_le16(sizeof(*info));
++ info = (void *)tlv->value;
++ info->caps = 0;
++ info->erp = 0;
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*info);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_BYTE);
++ tlv->len = __cpu_to_le16(roundup(prb->len, 4));
++ memcpy(tlv->value, prb->data, prb->len);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv prb tmpl vdev_id %i\n",
++ vdev_id);
++ return skb;
++}
++
++static struct sk_buff *
++ath10k_wmi_tlv_op_gen_p2p_go_bcn_ie(struct ath10k *ar, u32 vdev_id,
++ const u8 *p2p_ie)
++{
++ struct wmi_tlv_p2p_go_bcn_ie *cmd;
++ struct wmi_tlv *tlv;
++ struct sk_buff *skb;
++ void *ptr;
++ size_t len;
++
++ len = sizeof(*tlv) + sizeof(*cmd) +
++ sizeof(*tlv) + roundup(p2p_ie[1] + 2, 4);
++ skb = ath10k_wmi_alloc_skb(ar, len);
++ if (!skb)
++ return ERR_PTR(-ENOMEM);
++
++ ptr = (void *)skb->data;
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_STRUCT_P2P_GO_SET_BEACON_IE);
++ tlv->len = __cpu_to_le16(sizeof(*cmd));
++ cmd = (void *)tlv->value;
++ cmd->vdev_id = __cpu_to_le32(vdev_id);
++ cmd->ie_len = __cpu_to_le32(p2p_ie[1] + 2);
++
++ ptr += sizeof(*tlv);
++ ptr += sizeof(*cmd);
++
++ tlv = ptr;
++ tlv->tag = __cpu_to_le16(WMI_TLV_TAG_ARRAY_BYTE);
++ tlv->len = __cpu_to_le16(roundup(p2p_ie[1] + 2, 4));
++ memcpy(tlv->value, p2p_ie, p2p_ie[1] + 2);
++
++ ptr += sizeof(*tlv);
++ ptr += roundup(p2p_ie[1] + 2, 4);
++
++ ath10k_dbg(ar, ATH10K_DBG_WMI, "wmi tlv p2p go bcn ie for vdev %i\n",
++ vdev_id);
++ return skb;
++}
++
++/****************/
++/* TLV mappings */
++/****************/
++
++static struct wmi_cmd_map wmi_tlv_cmd_map = {
++ .init_cmdid = WMI_TLV_INIT_CMDID,
++ .start_scan_cmdid = WMI_TLV_START_SCAN_CMDID,
++ .stop_scan_cmdid = WMI_TLV_STOP_SCAN_CMDID,
++ .scan_chan_list_cmdid = WMI_TLV_SCAN_CHAN_LIST_CMDID,
++ .scan_sch_prio_tbl_cmdid = WMI_TLV_SCAN_SCH_PRIO_TBL_CMDID,
++ .pdev_set_regdomain_cmdid = WMI_TLV_PDEV_SET_REGDOMAIN_CMDID,
++ .pdev_set_channel_cmdid = WMI_TLV_PDEV_SET_CHANNEL_CMDID,
++ .pdev_set_param_cmdid = WMI_TLV_PDEV_SET_PARAM_CMDID,
++ .pdev_pktlog_enable_cmdid = WMI_TLV_PDEV_PKTLOG_ENABLE_CMDID,
++ .pdev_pktlog_disable_cmdid = WMI_TLV_PDEV_PKTLOG_DISABLE_CMDID,
++ .pdev_set_wmm_params_cmdid = WMI_TLV_PDEV_SET_WMM_PARAMS_CMDID,
++ .pdev_set_ht_cap_ie_cmdid = WMI_TLV_PDEV_SET_HT_CAP_IE_CMDID,
++ .pdev_set_vht_cap_ie_cmdid = WMI_TLV_PDEV_SET_VHT_CAP_IE_CMDID,
++ .pdev_set_dscp_tid_map_cmdid = WMI_TLV_PDEV_SET_DSCP_TID_MAP_CMDID,
++ .pdev_set_quiet_mode_cmdid = WMI_TLV_PDEV_SET_QUIET_MODE_CMDID,
++ .pdev_green_ap_ps_enable_cmdid = WMI_TLV_PDEV_GREEN_AP_PS_ENABLE_CMDID,
++ .pdev_get_tpc_config_cmdid = WMI_TLV_PDEV_GET_TPC_CONFIG_CMDID,
++ .pdev_set_base_macaddr_cmdid = WMI_TLV_PDEV_SET_BASE_MACADDR_CMDID,
++ .vdev_create_cmdid = WMI_TLV_VDEV_CREATE_CMDID,
++ .vdev_delete_cmdid = WMI_TLV_VDEV_DELETE_CMDID,
++ .vdev_start_request_cmdid = WMI_TLV_VDEV_START_REQUEST_CMDID,
++ .vdev_restart_request_cmdid = WMI_TLV_VDEV_RESTART_REQUEST_CMDID,
++ .vdev_up_cmdid = WMI_TLV_VDEV_UP_CMDID,
++ .vdev_stop_cmdid = WMI_TLV_VDEV_STOP_CMDID,
++ .vdev_down_cmdid = WMI_TLV_VDEV_DOWN_CMDID,
++ .vdev_set_param_cmdid = WMI_TLV_VDEV_SET_PARAM_CMDID,
++ .vdev_install_key_cmdid = WMI_TLV_VDEV_INSTALL_KEY_CMDID,
++ .peer_create_cmdid = WMI_TLV_PEER_CREATE_CMDID,
++ .peer_delete_cmdid = WMI_TLV_PEER_DELETE_CMDID,
++ .peer_flush_tids_cmdid = WMI_TLV_PEER_FLUSH_TIDS_CMDID,
++ .peer_set_param_cmdid = WMI_TLV_PEER_SET_PARAM_CMDID,
++ .peer_assoc_cmdid = WMI_TLV_PEER_ASSOC_CMDID,
++ .peer_add_wds_entry_cmdid = WMI_TLV_PEER_ADD_WDS_ENTRY_CMDID,
++ .peer_remove_wds_entry_cmdid = WMI_TLV_PEER_REMOVE_WDS_ENTRY_CMDID,
++ .peer_mcast_group_cmdid = WMI_TLV_PEER_MCAST_GROUP_CMDID,
++ .bcn_tx_cmdid = WMI_TLV_BCN_TX_CMDID,
++ .pdev_send_bcn_cmdid = WMI_TLV_PDEV_SEND_BCN_CMDID,
++ .bcn_tmpl_cmdid = WMI_TLV_BCN_TMPL_CMDID,
++ .bcn_filter_rx_cmdid = WMI_TLV_BCN_FILTER_RX_CMDID,
++ .prb_req_filter_rx_cmdid = WMI_TLV_PRB_REQ_FILTER_RX_CMDID,
++ .mgmt_tx_cmdid = WMI_TLV_MGMT_TX_CMDID,
++ .prb_tmpl_cmdid = WMI_TLV_PRB_TMPL_CMDID,
++ .addba_clear_resp_cmdid = WMI_TLV_ADDBA_CLEAR_RESP_CMDID,
++ .addba_send_cmdid = WMI_TLV_ADDBA_SEND_CMDID,
++ .addba_status_cmdid = WMI_TLV_ADDBA_STATUS_CMDID,
++ .delba_send_cmdid = WMI_TLV_DELBA_SEND_CMDID,
++ .addba_set_resp_cmdid = WMI_TLV_ADDBA_SET_RESP_CMDID,
++ .send_singleamsdu_cmdid = WMI_TLV_SEND_SINGLEAMSDU_CMDID,
++ .sta_powersave_mode_cmdid = WMI_TLV_STA_POWERSAVE_MODE_CMDID,
++ .sta_powersave_param_cmdid = WMI_TLV_STA_POWERSAVE_PARAM_CMDID,
++ .sta_mimo_ps_mode_cmdid = WMI_TLV_STA_MIMO_PS_MODE_CMDID,
++ .pdev_dfs_enable_cmdid = WMI_TLV_PDEV_DFS_ENABLE_CMDID,
++ .pdev_dfs_disable_cmdid = WMI_TLV_PDEV_DFS_DISABLE_CMDID,
++ .roam_scan_mode = WMI_TLV_ROAM_SCAN_MODE,
++ .roam_scan_rssi_threshold = WMI_TLV_ROAM_SCAN_RSSI_THRESHOLD,
++ .roam_scan_period = WMI_TLV_ROAM_SCAN_PERIOD,
++ .roam_scan_rssi_change_threshold =
++ WMI_TLV_ROAM_SCAN_RSSI_CHANGE_THRESHOLD,
++ .roam_ap_profile = WMI_TLV_ROAM_AP_PROFILE,
++ .ofl_scan_add_ap_profile = WMI_TLV_ROAM_AP_PROFILE,
++ .ofl_scan_remove_ap_profile = WMI_TLV_OFL_SCAN_REMOVE_AP_PROFILE,
++ .ofl_scan_period = WMI_TLV_OFL_SCAN_PERIOD,
++ .p2p_dev_set_device_info = WMI_TLV_P2P_DEV_SET_DEVICE_INFO,
++ .p2p_dev_set_discoverability = WMI_TLV_P2P_DEV_SET_DISCOVERABILITY,
++ .p2p_go_set_beacon_ie = WMI_TLV_P2P_GO_SET_BEACON_IE,
++ .p2p_go_set_probe_resp_ie = WMI_TLV_P2P_GO_SET_PROBE_RESP_IE,
++ .p2p_set_vendor_ie_data_cmdid = WMI_TLV_P2P_SET_VENDOR_IE_DATA_CMDID,
++ .ap_ps_peer_param_cmdid = WMI_TLV_AP_PS_PEER_PARAM_CMDID,
++ .ap_ps_peer_uapsd_coex_cmdid = WMI_TLV_AP_PS_PEER_UAPSD_COEX_CMDID,
++ .peer_rate_retry_sched_cmdid = WMI_TLV_PEER_RATE_RETRY_SCHED_CMDID,
++ .wlan_profile_trigger_cmdid = WMI_TLV_WLAN_PROFILE_TRIGGER_CMDID,
++ .wlan_profile_set_hist_intvl_cmdid =
++ WMI_TLV_WLAN_PROFILE_SET_HIST_INTVL_CMDID,
++ .wlan_profile_get_profile_data_cmdid =
++ WMI_TLV_WLAN_PROFILE_GET_PROFILE_DATA_CMDID,
++ .wlan_profile_enable_profile_id_cmdid =
++ WMI_TLV_WLAN_PROFILE_ENABLE_PROFILE_ID_CMDID,
++ .wlan_profile_list_profile_id_cmdid =
++ WMI_TLV_WLAN_PROFILE_LIST_PROFILE_ID_CMDID,
++ .pdev_suspend_cmdid = WMI_TLV_PDEV_SUSPEND_CMDID,
++ .pdev_resume_cmdid = WMI_TLV_PDEV_RESUME_CMDID,
++ .add_bcn_filter_cmdid = WMI_TLV_ADD_BCN_FILTER_CMDID,
++ .rmv_bcn_filter_cmdid = WMI_TLV_RMV_BCN_FILTER_CMDID,
++ .wow_add_wake_pattern_cmdid = WMI_TLV_WOW_ADD_WAKE_PATTERN_CMDID,
++ .wow_del_wake_pattern_cmdid = WMI_TLV_WOW_DEL_WAKE_PATTERN_CMDID,
++ .wow_enable_disable_wake_event_cmdid =
++ WMI_TLV_WOW_ENABLE_DISABLE_WAKE_EVENT_CMDID,
++ .wow_enable_cmdid = WMI_TLV_WOW_ENABLE_CMDID,
++ .wow_hostwakeup_from_sleep_cmdid =
++ WMI_TLV_WOW_HOSTWAKEUP_FROM_SLEEP_CMDID,
++ .rtt_measreq_cmdid = WMI_TLV_RTT_MEASREQ_CMDID,
++ .rtt_tsf_cmdid = WMI_TLV_RTT_TSF_CMDID,
++ .vdev_spectral_scan_configure_cmdid = WMI_TLV_SPECTRAL_SCAN_CONF_CMDID,
++ .vdev_spectral_scan_enable_cmdid = WMI_TLV_SPECTRAL_SCAN_ENABLE_CMDID,
++ .request_stats_cmdid = WMI_TLV_REQUEST_STATS_CMDID,
++ .set_arp_ns_offload_cmdid = WMI_TLV_SET_ARP_NS_OFFLOAD_CMDID,
++ .network_list_offload_config_cmdid =
++ WMI_TLV_NETWORK_LIST_OFFLOAD_CONFIG_CMDID,
++ .gtk_offload_cmdid = WMI_TLV_GTK_OFFLOAD_CMDID,
++ .csa_offload_enable_cmdid = WMI_TLV_CSA_OFFLOAD_ENABLE_CMDID,
++ .csa_offload_chanswitch_cmdid = WMI_TLV_CSA_OFFLOAD_CHANSWITCH_CMDID,
++ .chatter_set_mode_cmdid = WMI_TLV_CHATTER_SET_MODE_CMDID,
++ .peer_tid_addba_cmdid = WMI_TLV_PEER_TID_ADDBA_CMDID,
++ .peer_tid_delba_cmdid = WMI_TLV_PEER_TID_DELBA_CMDID,
++ .sta_dtim_ps_method_cmdid = WMI_TLV_STA_DTIM_PS_METHOD_CMDID,
++ .sta_uapsd_auto_trig_cmdid = WMI_TLV_STA_UAPSD_AUTO_TRIG_CMDID,
++ .sta_keepalive_cmd = WMI_TLV_STA_KEEPALIVE_CMDID,
++ .echo_cmdid = WMI_TLV_ECHO_CMDID,
++ .pdev_utf_cmdid = WMI_TLV_PDEV_UTF_CMDID,
++ .dbglog_cfg_cmdid = WMI_TLV_DBGLOG_CFG_CMDID,
++ .pdev_qvit_cmdid = WMI_TLV_PDEV_QVIT_CMDID,
++ .pdev_ftm_intg_cmdid = WMI_TLV_PDEV_FTM_INTG_CMDID,
++ .vdev_set_keepalive_cmdid = WMI_TLV_VDEV_SET_KEEPALIVE_CMDID,
++ .vdev_get_keepalive_cmdid = WMI_TLV_VDEV_GET_KEEPALIVE_CMDID,
++ .force_fw_hang_cmdid = WMI_TLV_FORCE_FW_HANG_CMDID,
++ .gpio_config_cmdid = WMI_TLV_GPIO_CONFIG_CMDID,
++ .gpio_output_cmdid = WMI_TLV_GPIO_OUTPUT_CMDID,
++ .pdev_get_temperature_cmdid = WMI_TLV_CMD_UNSUPPORTED,
++ .vdev_set_wmm_params_cmdid = WMI_TLV_VDEV_SET_WMM_PARAMS_CMDID,
++};
++
++static struct wmi_pdev_param_map wmi_tlv_pdev_param_map = {
++ .tx_chain_mask = WMI_TLV_PDEV_PARAM_TX_CHAIN_MASK,
++ .rx_chain_mask = WMI_TLV_PDEV_PARAM_RX_CHAIN_MASK,
++ .txpower_limit2g = WMI_TLV_PDEV_PARAM_TXPOWER_LIMIT2G,
++ .txpower_limit5g = WMI_TLV_PDEV_PARAM_TXPOWER_LIMIT5G,
++ .txpower_scale = WMI_TLV_PDEV_PARAM_TXPOWER_SCALE,
++ .beacon_gen_mode = WMI_TLV_PDEV_PARAM_BEACON_GEN_MODE,
++ .beacon_tx_mode = WMI_TLV_PDEV_PARAM_BEACON_TX_MODE,
++ .resmgr_offchan_mode = WMI_TLV_PDEV_PARAM_RESMGR_OFFCHAN_MODE,
++ .protection_mode = WMI_TLV_PDEV_PARAM_PROTECTION_MODE,
++ .dynamic_bw = WMI_TLV_PDEV_PARAM_DYNAMIC_BW,
++ .non_agg_sw_retry_th = WMI_TLV_PDEV_PARAM_NON_AGG_SW_RETRY_TH,
++ .agg_sw_retry_th = WMI_TLV_PDEV_PARAM_AGG_SW_RETRY_TH,
++ .sta_kickout_th = WMI_TLV_PDEV_PARAM_STA_KICKOUT_TH,
++ .ac_aggrsize_scaling = WMI_TLV_PDEV_PARAM_AC_AGGRSIZE_SCALING,
++ .ltr_enable = WMI_TLV_PDEV_PARAM_LTR_ENABLE,
++ .ltr_ac_latency_be = WMI_TLV_PDEV_PARAM_LTR_AC_LATENCY_BE,
++ .ltr_ac_latency_bk = WMI_TLV_PDEV_PARAM_LTR_AC_LATENCY_BK,
++ .ltr_ac_latency_vi = WMI_TLV_PDEV_PARAM_LTR_AC_LATENCY_VI,
++ .ltr_ac_latency_vo = WMI_TLV_PDEV_PARAM_LTR_AC_LATENCY_VO,
++ .ltr_ac_latency_timeout = WMI_TLV_PDEV_PARAM_LTR_AC_LATENCY_TIMEOUT,
++ .ltr_sleep_override = WMI_TLV_PDEV_PARAM_LTR_SLEEP_OVERRIDE,
++ .ltr_rx_override = WMI_TLV_PDEV_PARAM_LTR_RX_OVERRIDE,
++ .ltr_tx_activity_timeout = WMI_TLV_PDEV_PARAM_LTR_TX_ACTIVITY_TIMEOUT,
++ .l1ss_enable = WMI_TLV_PDEV_PARAM_L1SS_ENABLE,
++ .dsleep_enable = WMI_TLV_PDEV_PARAM_DSLEEP_ENABLE,
++ .pcielp_txbuf_flush = WMI_TLV_PDEV_PARAM_PCIELP_TXBUF_FLUSH,
++ .pcielp_txbuf_watermark = WMI_TLV_PDEV_PARAM_PCIELP_TXBUF_TMO_EN,
++ .pcielp_txbuf_tmo_en = WMI_TLV_PDEV_PARAM_PCIELP_TXBUF_TMO_EN,
++ .pcielp_txbuf_tmo_value = WMI_TLV_PDEV_PARAM_PCIELP_TXBUF_TMO_VALUE,
++ .pdev_stats_update_period = WMI_TLV_PDEV_PARAM_PDEV_STATS_UPDATE_PERIOD,
++ .vdev_stats_update_period = WMI_TLV_PDEV_PARAM_VDEV_STATS_UPDATE_PERIOD,
++ .peer_stats_update_period = WMI_TLV_PDEV_PARAM_PEER_STATS_UPDATE_PERIOD,
++ .bcnflt_stats_update_period =
++ WMI_TLV_PDEV_PARAM_BCNFLT_STATS_UPDATE_PERIOD,
++ .pmf_qos = WMI_TLV_PDEV_PARAM_PMF_QOS,
++ .arp_ac_override = WMI_TLV_PDEV_PARAM_ARP_AC_OVERRIDE,
++ .dcs = WMI_TLV_PDEV_PARAM_DCS,
++ .ani_enable = WMI_TLV_PDEV_PARAM_ANI_ENABLE,
++ .ani_poll_period = WMI_TLV_PDEV_PARAM_ANI_POLL_PERIOD,
++ .ani_listen_period = WMI_TLV_PDEV_PARAM_ANI_LISTEN_PERIOD,
++ .ani_ofdm_level = WMI_TLV_PDEV_PARAM_ANI_OFDM_LEVEL,
++ .ani_cck_level = WMI_TLV_PDEV_PARAM_ANI_CCK_LEVEL,
++ .dyntxchain = WMI_TLV_PDEV_PARAM_DYNTXCHAIN,
++ .proxy_sta = WMI_TLV_PDEV_PARAM_PROXY_STA,
++ .idle_ps_config = WMI_TLV_PDEV_PARAM_IDLE_PS_CONFIG,
++ .power_gating_sleep = WMI_TLV_PDEV_PARAM_POWER_GATING_SLEEP,
++ .fast_channel_reset = WMI_TLV_PDEV_PARAM_UNSUPPORTED,
++ .burst_dur = WMI_TLV_PDEV_PARAM_BURST_DUR,
++ .burst_enable = WMI_TLV_PDEV_PARAM_BURST_ENABLE,
++ .cal_period = WMI_PDEV_PARAM_UNSUPPORTED,
++};
++
++static struct wmi_vdev_param_map wmi_tlv_vdev_param_map = {
++ .rts_threshold = WMI_TLV_VDEV_PARAM_RTS_THRESHOLD,
++ .fragmentation_threshold = WMI_TLV_VDEV_PARAM_FRAGMENTATION_THRESHOLD,
++ .beacon_interval = WMI_TLV_VDEV_PARAM_BEACON_INTERVAL,
++ .listen_interval = WMI_TLV_VDEV_PARAM_LISTEN_INTERVAL,
++ .multicast_rate = WMI_TLV_VDEV_PARAM_MULTICAST_RATE,
++ .mgmt_tx_rate = WMI_TLV_VDEV_PARAM_MGMT_TX_RATE,
++ .slot_time = WMI_TLV_VDEV_PARAM_SLOT_TIME,
++ .preamble = WMI_TLV_VDEV_PARAM_PREAMBLE,
++ .swba_time = WMI_TLV_VDEV_PARAM_SWBA_TIME,
++ .wmi_vdev_stats_update_period = WMI_TLV_VDEV_STATS_UPDATE_PERIOD,
++ .wmi_vdev_pwrsave_ageout_time = WMI_TLV_VDEV_PWRSAVE_AGEOUT_TIME,
++ .wmi_vdev_host_swba_interval = WMI_TLV_VDEV_HOST_SWBA_INTERVAL,
++ .dtim_period = WMI_TLV_VDEV_PARAM_DTIM_PERIOD,
++ .wmi_vdev_oc_scheduler_air_time_limit =
++ WMI_TLV_VDEV_OC_SCHEDULER_AIR_TIME_LIMIT,
++ .wds = WMI_TLV_VDEV_PARAM_WDS,
++ .atim_window = WMI_TLV_VDEV_PARAM_ATIM_WINDOW,
++ .bmiss_count_max = WMI_TLV_VDEV_PARAM_BMISS_COUNT_MAX,
++ .bmiss_first_bcnt = WMI_TLV_VDEV_PARAM_BMISS_FIRST_BCNT,
++ .bmiss_final_bcnt = WMI_TLV_VDEV_PARAM_BMISS_FINAL_BCNT,
++ .feature_wmm = WMI_TLV_VDEV_PARAM_FEATURE_WMM,
++ .chwidth = WMI_TLV_VDEV_PARAM_CHWIDTH,
++ .chextoffset = WMI_TLV_VDEV_PARAM_CHEXTOFFSET,
++ .disable_htprotection = WMI_TLV_VDEV_PARAM_DISABLE_HTPROTECTION,
++ .sta_quickkickout = WMI_TLV_VDEV_PARAM_STA_QUICKKICKOUT,
++ .mgmt_rate = WMI_TLV_VDEV_PARAM_MGMT_RATE,
++ .protection_mode = WMI_TLV_VDEV_PARAM_PROTECTION_MODE,
++ .fixed_rate = WMI_TLV_VDEV_PARAM_FIXED_RATE,
++ .sgi = WMI_TLV_VDEV_PARAM_SGI,
++ .ldpc = WMI_TLV_VDEV_PARAM_LDPC,
++ .tx_stbc = WMI_TLV_VDEV_PARAM_TX_STBC,
++ .rx_stbc = WMI_TLV_VDEV_PARAM_RX_STBC,
++ .intra_bss_fwd = WMI_TLV_VDEV_PARAM_INTRA_BSS_FWD,
++ .def_keyid = WMI_TLV_VDEV_PARAM_DEF_KEYID,
++ .nss = WMI_TLV_VDEV_PARAM_NSS,
++ .bcast_data_rate = WMI_TLV_VDEV_PARAM_BCAST_DATA_RATE,
++ .mcast_data_rate = WMI_TLV_VDEV_PARAM_MCAST_DATA_RATE,
++ .mcast_indicate = WMI_TLV_VDEV_PARAM_MCAST_INDICATE,
++ .dhcp_indicate = WMI_TLV_VDEV_PARAM_DHCP_INDICATE,
++ .unknown_dest_indicate = WMI_TLV_VDEV_PARAM_UNKNOWN_DEST_INDICATE,
++ .ap_keepalive_min_idle_inactive_time_secs =
++ WMI_TLV_VDEV_PARAM_AP_KEEPALIVE_MIN_IDLE_INACTIVE_TIME_SECS,
++ .ap_keepalive_max_idle_inactive_time_secs =
++ WMI_TLV_VDEV_PARAM_AP_KEEPALIVE_MAX_IDLE_INACTIVE_TIME_SECS,
++ .ap_keepalive_max_unresponsive_time_secs =
++ WMI_TLV_VDEV_PARAM_AP_KEEPALIVE_MAX_UNRESPONSIVE_TIME_SECS,
++ .ap_enable_nawds = WMI_TLV_VDEV_PARAM_AP_ENABLE_NAWDS,
++ .mcast2ucast_set = WMI_TLV_VDEV_PARAM_UNSUPPORTED,
++ .enable_rtscts = WMI_TLV_VDEV_PARAM_ENABLE_RTSCTS,
++ .txbf = WMI_TLV_VDEV_PARAM_TXBF,
++ .packet_powersave = WMI_TLV_VDEV_PARAM_PACKET_POWERSAVE,
++ .drop_unencry = WMI_TLV_VDEV_PARAM_DROP_UNENCRY,
++ .tx_encap_type = WMI_TLV_VDEV_PARAM_TX_ENCAP_TYPE,
++ .ap_detect_out_of_sync_sleeping_sta_time_secs =
++ WMI_TLV_VDEV_PARAM_UNSUPPORTED,
++};
++
++static const struct wmi_ops wmi_tlv_ops = {
++ .rx = ath10k_wmi_tlv_op_rx,
++ .map_svc = wmi_tlv_svc_map,
++
++ .pull_scan = ath10k_wmi_tlv_op_pull_scan_ev,
++ .pull_mgmt_rx = ath10k_wmi_tlv_op_pull_mgmt_rx_ev,
++ .pull_ch_info = ath10k_wmi_tlv_op_pull_ch_info_ev,
++ .pull_vdev_start = ath10k_wmi_tlv_op_pull_vdev_start_ev,
++ .pull_peer_kick = ath10k_wmi_tlv_op_pull_peer_kick_ev,
++ .pull_swba = ath10k_wmi_tlv_op_pull_swba_ev,
++ .pull_phyerr = ath10k_wmi_tlv_op_pull_phyerr_ev,
++ .pull_svc_rdy = ath10k_wmi_tlv_op_pull_svc_rdy_ev,
++ .pull_rdy = ath10k_wmi_tlv_op_pull_rdy_ev,
++ .pull_fw_stats = ath10k_wmi_tlv_op_pull_fw_stats,
++
++ .gen_pdev_suspend = ath10k_wmi_tlv_op_gen_pdev_suspend,
++ .gen_pdev_resume = ath10k_wmi_tlv_op_gen_pdev_resume,
++ .gen_pdev_set_rd = ath10k_wmi_tlv_op_gen_pdev_set_rd,
++ .gen_pdev_set_param = ath10k_wmi_tlv_op_gen_pdev_set_param,
++ .gen_init = ath10k_wmi_tlv_op_gen_init,
++ .gen_start_scan = ath10k_wmi_tlv_op_gen_start_scan,
++ .gen_stop_scan = ath10k_wmi_tlv_op_gen_stop_scan,
++ .gen_vdev_create = ath10k_wmi_tlv_op_gen_vdev_create,
++ .gen_vdev_delete = ath10k_wmi_tlv_op_gen_vdev_delete,
++ .gen_vdev_start = ath10k_wmi_tlv_op_gen_vdev_start,
++ .gen_vdev_stop = ath10k_wmi_tlv_op_gen_vdev_stop,
++ .gen_vdev_up = ath10k_wmi_tlv_op_gen_vdev_up,
++ .gen_vdev_down = ath10k_wmi_tlv_op_gen_vdev_down,
++ .gen_vdev_set_param = ath10k_wmi_tlv_op_gen_vdev_set_param,
++ .gen_vdev_install_key = ath10k_wmi_tlv_op_gen_vdev_install_key,
++ .gen_vdev_wmm_conf = ath10k_wmi_tlv_op_gen_vdev_wmm_conf,
++ .gen_peer_create = ath10k_wmi_tlv_op_gen_peer_create,
++ .gen_peer_delete = ath10k_wmi_tlv_op_gen_peer_delete,
++ .gen_peer_flush = ath10k_wmi_tlv_op_gen_peer_flush,
++ .gen_peer_set_param = ath10k_wmi_tlv_op_gen_peer_set_param,
++ .gen_peer_assoc = ath10k_wmi_tlv_op_gen_peer_assoc,
++ .gen_set_psmode = ath10k_wmi_tlv_op_gen_set_psmode,
++ .gen_set_sta_ps = ath10k_wmi_tlv_op_gen_set_sta_ps,
++ .gen_set_ap_ps = ath10k_wmi_tlv_op_gen_set_ap_ps,
++ .gen_scan_chan_list = ath10k_wmi_tlv_op_gen_scan_chan_list,
++ .gen_beacon_dma = ath10k_wmi_tlv_op_gen_beacon_dma,
++ .gen_pdev_set_wmm = ath10k_wmi_tlv_op_gen_pdev_set_wmm,
++ .gen_request_stats = ath10k_wmi_tlv_op_gen_request_stats,
++ .gen_force_fw_hang = ath10k_wmi_tlv_op_gen_force_fw_hang,
++ /* .gen_mgmt_tx = not implemented; HTT is used */
++ .gen_dbglog_cfg = ath10k_wmi_tlv_op_gen_dbglog_cfg,
++ .gen_pktlog_enable = ath10k_wmi_tlv_op_gen_pktlog_enable,
++ .gen_pktlog_disable = ath10k_wmi_tlv_op_gen_pktlog_disable,
++ /* .gen_pdev_set_quiet_mode not implemented */
++ /* .gen_pdev_get_temperature not implemented */
++ /* .gen_addba_clear_resp not implemented */
++ /* .gen_addba_send not implemented */
++ /* .gen_addba_set_resp not implemented */
++ /* .gen_delba_send not implemented */
++ .gen_bcn_tmpl = ath10k_wmi_tlv_op_gen_bcn_tmpl,
++ .gen_prb_tmpl = ath10k_wmi_tlv_op_gen_prb_tmpl,
++ .gen_p2p_go_bcn_ie = ath10k_wmi_tlv_op_gen_p2p_go_bcn_ie,
++ .gen_vdev_sta_uapsd = ath10k_wmi_tlv_op_gen_vdev_sta_uapsd,
++ .gen_sta_keepalive = ath10k_wmi_tlv_op_gen_sta_keepalive,
++};
++
++/************/
++/* TLV init */
++/************/
++
++void ath10k_wmi_tlv_attach(struct ath10k *ar)
++{
++ ar->wmi.cmd = &wmi_tlv_cmd_map;
++ ar->wmi.vdev_param = &wmi_tlv_vdev_param_map;
++ ar->wmi.pdev_param = &wmi_tlv_pdev_param_map;
++ ar->wmi.ops = &wmi_tlv_ops;
++}
+--- /dev/null
++++ b/drivers/net/wireless/ath/ath10k/wmi-tlv.h
+@@ -0,0 +1,1459 @@
++/*
++ * Copyright (c) 2005-2011 Atheros Communications Inc.
++ * Copyright (c) 2011-2014 Qualcomm Atheros, Inc.
++ *
++ * Permission to use, copy, modify, and/or distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++#ifndef _WMI_TLV_H
++#define _WMI_TLV_H
++
++#define WMI_TLV_CMD(grp_id) (((grp_id) << 12) | 0x1)
++#define WMI_TLV_EV(grp_id) (((grp_id) << 12) | 0x1)
++#define WMI_TLV_CMD_UNSUPPORTED 0
++#define WMI_TLV_PDEV_PARAM_UNSUPPORTED 0
++#define WMI_TLV_VDEV_PARAM_UNSUPPORTED 0
++
++enum wmi_tlv_grp_id {
++ WMI_TLV_GRP_START = 0x3,
++ WMI_TLV_GRP_SCAN = WMI_TLV_GRP_START,
++ WMI_TLV_GRP_PDEV,
++ WMI_TLV_GRP_VDEV,
++ WMI_TLV_GRP_PEER,
++ WMI_TLV_GRP_MGMT,
++ WMI_TLV_GRP_BA_NEG,
++ WMI_TLV_GRP_STA_PS,
++ WMI_TLV_GRP_DFS,
++ WMI_TLV_GRP_ROAM,
++ WMI_TLV_GRP_OFL_SCAN,
++ WMI_TLV_GRP_P2P,
++ WMI_TLV_GRP_AP_PS,
++ WMI_TLV_GRP_RATECTL,
++ WMI_TLV_GRP_PROFILE,
++ WMI_TLV_GRP_SUSPEND,
++ WMI_TLV_GRP_BCN_FILTER,
++ WMI_TLV_GRP_WOW,
++ WMI_TLV_GRP_RTT,
++ WMI_TLV_GRP_SPECTRAL,
++ WMI_TLV_GRP_STATS,
++ WMI_TLV_GRP_ARP_NS_OFL,
++ WMI_TLV_GRP_NLO_OFL,
++ WMI_TLV_GRP_GTK_OFL,
++ WMI_TLV_GRP_CSA_OFL,
++ WMI_TLV_GRP_CHATTER,
++ WMI_TLV_GRP_TID_ADDBA,
++ WMI_TLV_GRP_MISC,
++ WMI_TLV_GRP_GPIO,
++ WMI_TLV_GRP_FWTEST,
++ WMI_TLV_GRP_TDLS,
++ WMI_TLV_GRP_RESMGR,
++ WMI_TLV_GRP_STA_SMPS,
++ WMI_TLV_GRP_WLAN_HB,
++ WMI_TLV_GRP_RMC,
++ WMI_TLV_GRP_MHF_OFL,
++ WMI_TLV_GRP_LOCATION_SCAN,
++ WMI_TLV_GRP_OEM,
++ WMI_TLV_GRP_NAN,
++ WMI_TLV_GRP_COEX,
++ WMI_TLV_GRP_OBSS_OFL,
++ WMI_TLV_GRP_LPI,
++ WMI_TLV_GRP_EXTSCAN,
++ WMI_TLV_GRP_DHCP_OFL,
++ WMI_TLV_GRP_IPA,
++ WMI_TLV_GRP_MDNS_OFL,
++ WMI_TLV_GRP_SAP_OFL,
++};
++
++enum wmi_tlv_cmd_id {
++ WMI_TLV_INIT_CMDID = 0x1,
++ WMI_TLV_START_SCAN_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_SCAN),
++ WMI_TLV_STOP_SCAN_CMDID,
++ WMI_TLV_SCAN_CHAN_LIST_CMDID,
++ WMI_TLV_SCAN_SCH_PRIO_TBL_CMDID,
++ WMI_TLV_SCAN_UPDATE_REQUEST_CMDID,
++ WMI_TLV_SCAN_PROB_REQ_OUI_CMDID,
++ WMI_TLV_PDEV_SET_REGDOMAIN_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_PDEV),
++ WMI_TLV_PDEV_SET_CHANNEL_CMDID,
++ WMI_TLV_PDEV_SET_PARAM_CMDID,
++ WMI_TLV_PDEV_PKTLOG_ENABLE_CMDID,
++ WMI_TLV_PDEV_PKTLOG_DISABLE_CMDID,
++ WMI_TLV_PDEV_SET_WMM_PARAMS_CMDID,
++ WMI_TLV_PDEV_SET_HT_CAP_IE_CMDID,
++ WMI_TLV_PDEV_SET_VHT_CAP_IE_CMDID,
++ WMI_TLV_PDEV_SET_DSCP_TID_MAP_CMDID,
++ WMI_TLV_PDEV_SET_QUIET_MODE_CMDID,
++ WMI_TLV_PDEV_GREEN_AP_PS_ENABLE_CMDID,
++ WMI_TLV_PDEV_GET_TPC_CONFIG_CMDID,
++ WMI_TLV_PDEV_SET_BASE_MACADDR_CMDID,
++ WMI_TLV_PDEV_DUMP_CMDID,
++ WMI_TLV_PDEV_SET_LED_CONFIG_CMDID,
++ WMI_TLV_PDEV_GET_TEMPERATURE_CMDID,
++ WMI_TLV_PDEV_SET_LED_FLASHING_CMDID,
++ WMI_TLV_VDEV_CREATE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_VDEV),
++ WMI_TLV_VDEV_DELETE_CMDID,
++ WMI_TLV_VDEV_START_REQUEST_CMDID,
++ WMI_TLV_VDEV_RESTART_REQUEST_CMDID,
++ WMI_TLV_VDEV_UP_CMDID,
++ WMI_TLV_VDEV_STOP_CMDID,
++ WMI_TLV_VDEV_DOWN_CMDID,
++ WMI_TLV_VDEV_SET_PARAM_CMDID,
++ WMI_TLV_VDEV_INSTALL_KEY_CMDID,
++ WMI_TLV_VDEV_WNM_SLEEPMODE_CMDID,
++ WMI_TLV_VDEV_WMM_ADDTS_CMDID,
++ WMI_TLV_VDEV_WMM_DELTS_CMDID,
++ WMI_TLV_VDEV_SET_WMM_PARAMS_CMDID,
++ WMI_TLV_VDEV_SET_GTX_PARAMS_CMDID,
++ WMI_TLV_VDEV_IPSEC_NATKEEPALIVE_FILTER_CMDID,
++ WMI_TLV_VDEV_PLMREQ_START_CMDID,
++ WMI_TLV_VDEV_PLMREQ_STOP_CMDID,
++ WMI_TLV_PEER_CREATE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_PEER),
++ WMI_TLV_PEER_DELETE_CMDID,
++ WMI_TLV_PEER_FLUSH_TIDS_CMDID,
++ WMI_TLV_PEER_SET_PARAM_CMDID,
++ WMI_TLV_PEER_ASSOC_CMDID,
++ WMI_TLV_PEER_ADD_WDS_ENTRY_CMDID,
++ WMI_TLV_PEER_REMOVE_WDS_ENTRY_CMDID,
++ WMI_TLV_PEER_MCAST_GROUP_CMDID,
++ WMI_TLV_PEER_INFO_REQ_CMDID,
++ WMI_TLV_PEER_GET_ESTIMATED_LINKSPEED_CMDID,
++ WMI_TLV_BCN_TX_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_MGMT),
++ WMI_TLV_PDEV_SEND_BCN_CMDID,
++ WMI_TLV_BCN_TMPL_CMDID,
++ WMI_TLV_BCN_FILTER_RX_CMDID,
++ WMI_TLV_PRB_REQ_FILTER_RX_CMDID,
++ WMI_TLV_MGMT_TX_CMDID,
++ WMI_TLV_PRB_TMPL_CMDID,
++ WMI_TLV_ADDBA_CLEAR_RESP_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_BA_NEG),
++ WMI_TLV_ADDBA_SEND_CMDID,
++ WMI_TLV_ADDBA_STATUS_CMDID,
++ WMI_TLV_DELBA_SEND_CMDID,
++ WMI_TLV_ADDBA_SET_RESP_CMDID,
++ WMI_TLV_SEND_SINGLEAMSDU_CMDID,
++ WMI_TLV_STA_POWERSAVE_MODE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_STA_PS),
++ WMI_TLV_STA_POWERSAVE_PARAM_CMDID,
++ WMI_TLV_STA_MIMO_PS_MODE_CMDID,
++ WMI_TLV_PDEV_DFS_ENABLE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_DFS),
++ WMI_TLV_PDEV_DFS_DISABLE_CMDID,
++ WMI_TLV_DFS_PHYERR_FILTER_ENA_CMDID,
++ WMI_TLV_DFS_PHYERR_FILTER_DIS_CMDID,
++ WMI_TLV_ROAM_SCAN_MODE = WMI_TLV_CMD(WMI_TLV_GRP_ROAM),
++ WMI_TLV_ROAM_SCAN_RSSI_THRESHOLD,
++ WMI_TLV_ROAM_SCAN_PERIOD,
++ WMI_TLV_ROAM_SCAN_RSSI_CHANGE_THRESHOLD,
++ WMI_TLV_ROAM_AP_PROFILE,
++ WMI_TLV_ROAM_CHAN_LIST,
++ WMI_TLV_ROAM_SCAN_CMD,
++ WMI_TLV_ROAM_SYNCH_COMPLETE,
++ WMI_TLV_ROAM_SET_RIC_REQUEST_CMDID,
++ WMI_TLV_ROAM_INVOKE_CMDID,
++ WMI_TLV_OFL_SCAN_ADD_AP_PROFILE = WMI_TLV_CMD(WMI_TLV_GRP_OFL_SCAN),
++ WMI_TLV_OFL_SCAN_REMOVE_AP_PROFILE,
++ WMI_TLV_OFL_SCAN_PERIOD,
++ WMI_TLV_P2P_DEV_SET_DEVICE_INFO = WMI_TLV_CMD(WMI_TLV_GRP_P2P),
++ WMI_TLV_P2P_DEV_SET_DISCOVERABILITY,
++ WMI_TLV_P2P_GO_SET_BEACON_IE,
++ WMI_TLV_P2P_GO_SET_PROBE_RESP_IE,
++ WMI_TLV_P2P_SET_VENDOR_IE_DATA_CMDID,
++ WMI_TLV_P2P_DISC_OFFLOAD_CONFIG_CMDID,
++ WMI_TLV_P2P_DISC_OFFLOAD_APPIE_CMDID,
++ WMI_TLV_P2P_DISC_OFFLOAD_PATTERN_CMDID,
++ WMI_TLV_P2P_SET_OPPPS_PARAM_CMDID,
++ WMI_TLV_AP_PS_PEER_PARAM_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_AP_PS),
++ WMI_TLV_AP_PS_PEER_UAPSD_COEX_CMDID,
++ WMI_TLV_PEER_RATE_RETRY_SCHED_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_RATECTL),
++ WMI_TLV_WLAN_PROFILE_TRIGGER_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_PROFILE),
++ WMI_TLV_WLAN_PROFILE_SET_HIST_INTVL_CMDID,
++ WMI_TLV_WLAN_PROFILE_GET_PROFILE_DATA_CMDID,
++ WMI_TLV_WLAN_PROFILE_ENABLE_PROFILE_ID_CMDID,
++ WMI_TLV_WLAN_PROFILE_LIST_PROFILE_ID_CMDID,
++ WMI_TLV_PDEV_SUSPEND_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_SUSPEND),
++ WMI_TLV_PDEV_RESUME_CMDID,
++ WMI_TLV_ADD_BCN_FILTER_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_BCN_FILTER),
++ WMI_TLV_RMV_BCN_FILTER_CMDID,
++ WMI_TLV_WOW_ADD_WAKE_PATTERN_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_WOW),
++ WMI_TLV_WOW_DEL_WAKE_PATTERN_CMDID,
++ WMI_TLV_WOW_ENABLE_DISABLE_WAKE_EVENT_CMDID,
++ WMI_TLV_WOW_ENABLE_CMDID,
++ WMI_TLV_WOW_HOSTWAKEUP_FROM_SLEEP_CMDID,
++ WMI_TLV_WOW_ACER_IOAC_ADD_KEEPALIVE_CMDID,
++ WMI_TLV_WOW_ACER_IOAC_DEL_KEEPALIVE_CMDID,
++ WMI_TLV_WOW_ACER_IOAC_ADD_WAKE_PATTERN_CMDID,
++ WMI_TLV_WOW_ACER_IOAC_DEL_WAKE_PATTERN_CMDID,
++ WMI_TLV_D0_WOW_ENABLE_DISABLE_CMDID,
++ WMI_TLV_EXTWOW_ENABLE_CMDID,
++ WMI_TLV_EXTWOW_SET_APP_TYPE1_PARAMS_CMDID,
++ WMI_TLV_EXTWOW_SET_APP_TYPE2_PARAMS_CMDID,
++ WMI_TLV_RTT_MEASREQ_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_RTT),
++ WMI_TLV_RTT_TSF_CMDID,
++ WMI_TLV_SPECTRAL_SCAN_CONF_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_SPECTRAL),
++ WMI_TLV_SPECTRAL_SCAN_ENABLE_CMDID,
++ WMI_TLV_REQUEST_STATS_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_STATS),
++ WMI_TLV_MCC_SCHED_TRAFFIC_STATS_CMDID,
++ WMI_TLV_REQUEST_STATS_EXT_CMDID,
++ WMI_TLV_REQUEST_LINK_STATS_CMDID,
++ WMI_TLV_START_LINK_STATS_CMDID,
++ WMI_TLV_CLEAR_LINK_STATS_CMDID,
++ WMI_TLV_SET_ARP_NS_OFFLOAD_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_ARP_NS_OFL),
++ WMI_TLV_ADD_PROACTIVE_ARP_RSP_PATTERN_CMDID,
++ WMI_TLV_DEL_PROACTIVE_ARP_RSP_PATTERN_CMDID,
++ WMI_TLV_NETWORK_LIST_OFFLOAD_CONFIG_CMDID =
++ WMI_TLV_CMD(WMI_TLV_GRP_NLO_OFL),
++ WMI_TLV_APFIND_CMDID,
++ WMI_TLV_GTK_OFFLOAD_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_GTK_OFL),
++ WMI_TLV_CSA_OFFLOAD_ENABLE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_CSA_OFL),
++ WMI_TLV_CSA_OFFLOAD_CHANSWITCH_CMDID,
++ WMI_TLV_CHATTER_SET_MODE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_CHATTER),
++ WMI_TLV_CHATTER_ADD_COALESCING_FILTER_CMDID,
++ WMI_TLV_CHATTER_DELETE_COALESCING_FILTER_CMDID,
++ WMI_TLV_CHATTER_COALESCING_QUERY_CMDID,
++ WMI_TLV_PEER_TID_ADDBA_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_TID_ADDBA),
++ WMI_TLV_PEER_TID_DELBA_CMDID,
++ WMI_TLV_STA_DTIM_PS_METHOD_CMDID,
++ WMI_TLV_STA_UAPSD_AUTO_TRIG_CMDID,
++ WMI_TLV_STA_KEEPALIVE_CMDID,
++ WMI_TLV_BA_REQ_SSN_CMDID,
++ WMI_TLV_ECHO_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_MISC),
++ WMI_TLV_PDEV_UTF_CMDID,
++ WMI_TLV_DBGLOG_CFG_CMDID,
++ WMI_TLV_PDEV_QVIT_CMDID,
++ WMI_TLV_PDEV_FTM_INTG_CMDID,
++ WMI_TLV_VDEV_SET_KEEPALIVE_CMDID,
++ WMI_TLV_VDEV_GET_KEEPALIVE_CMDID,
++ WMI_TLV_FORCE_FW_HANG_CMDID,
++ WMI_TLV_SET_MCASTBCAST_FILTER_CMDID,
++ WMI_TLV_THERMAL_MGMT_CMDID,
++ WMI_TLV_HOST_AUTO_SHUTDOWN_CFG_CMDID,
++ WMI_TLV_TPC_CHAINMASK_CONFIG_CMDID,
++ WMI_TLV_SET_ANTENNA_DIVERSITY_CMDID,
++ WMI_TLV_GPIO_CONFIG_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_GPIO),
++ WMI_TLV_GPIO_OUTPUT_CMDID,
++ WMI_TLV_TXBF_CMDID,
++ WMI_TLV_FWTEST_VDEV_MCC_SET_TBTT_MODE_CMDID =
++ WMI_TLV_CMD(WMI_TLV_GRP_FWTEST),
++ WMI_TLV_FWTEST_P2P_SET_NOA_PARAM_CMDID,
++ WMI_TLV_UNIT_TEST_CMDID,
++ WMI_TLV_TDLS_SET_STATE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_TDLS),
++ WMI_TLV_TDLS_PEER_UPDATE_CMDID,
++ WMI_TLV_TDLS_SET_OFFCHAN_MODE_CMDID,
++ WMI_TLV_RESMGR_ADAPTIVE_OCS_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_RESMGR),
++ WMI_TLV_RESMGR_SET_CHAN_TIME_QUOTA_CMDID,
++ WMI_TLV_RESMGR_SET_CHAN_LATENCY_CMDID,
++ WMI_TLV_STA_SMPS_FORCE_MODE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_STA_SMPS),
++ WMI_TLV_STA_SMPS_PARAM_CMDID,
++ WMI_TLV_HB_SET_ENABLE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_WLAN_HB),
++ WMI_TLV_HB_SET_TCP_PARAMS_CMDID,
++ WMI_TLV_HB_SET_TCP_PKT_FILTER_CMDID,
++ WMI_TLV_HB_SET_UDP_PARAMS_CMDID,
++ WMI_TLV_HB_SET_UDP_PKT_FILTER_CMDID,
++ WMI_TLV_RMC_SET_MODE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_RMC),
++ WMI_TLV_RMC_SET_ACTION_PERIOD_CMDID,
++ WMI_TLV_RMC_CONFIG_CMDID,
++ WMI_TLV_MHF_OFFLOAD_SET_MODE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_MHF_OFL),
++ WMI_TLV_MHF_OFFLOAD_PLUMB_ROUTING_TBL_CMDID,
++ WMI_TLV_BATCH_SCAN_ENABLE_CMDID =
++ WMI_TLV_CMD(WMI_TLV_GRP_LOCATION_SCAN),
++ WMI_TLV_BATCH_SCAN_DISABLE_CMDID,
++ WMI_TLV_BATCH_SCAN_TRIGGER_RESULT_CMDID,
++ WMI_TLV_OEM_REQ_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_OEM),
++ WMI_TLV_NAN_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_NAN),
++ WMI_TLV_MODEM_POWER_STATE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_COEX),
++ WMI_TLV_CHAN_AVOID_UPDATE_CMDID,
++ WMI_TLV_OBSS_SCAN_ENABLE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_OBSS_OFL),
++ WMI_TLV_OBSS_SCAN_DISABLE_CMDID,
++ WMI_TLV_LPI_MGMT_SNOOPING_CONFIG_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_LPI),
++ WMI_TLV_LPI_START_SCAN_CMDID,
++ WMI_TLV_LPI_STOP_SCAN_CMDID,
++ WMI_TLV_EXTSCAN_START_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_EXTSCAN),
++ WMI_TLV_EXTSCAN_STOP_CMDID,
++ WMI_TLV_EXTSCAN_CONFIGURE_WLAN_CHANGE_MONITOR_CMDID,
++ WMI_TLV_EXTSCAN_CONFIGURE_HOTLIST_MONITOR_CMDID,
++ WMI_TLV_EXTSCAN_GET_CACHED_RESULTS_CMDID,
++ WMI_TLV_EXTSCAN_GET_WLAN_CHANGE_RESULTS_CMDID,
++ WMI_TLV_EXTSCAN_SET_CAPABILITIES_CMDID,
++ WMI_TLV_EXTSCAN_GET_CAPABILITIES_CMDID,
++ WMI_TLV_SET_DHCP_SERVER_OFFLOAD_CMDID =
++ WMI_TLV_CMD(WMI_TLV_GRP_DHCP_OFL),
++ WMI_TLV_IPA_OFFLOAD_ENABLE_DISABLE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_IPA),
++ WMI_TLV_MDNS_OFFLOAD_ENABLE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_MDNS_OFL),
++ WMI_TLV_MDNS_SET_FQDN_CMDID,
++ WMI_TLV_MDNS_SET_RESPONSE_CMDID,
++ WMI_TLV_MDNS_GET_STATS_CMDID,
++ WMI_TLV_SAP_OFL_ENABLE_CMDID = WMI_TLV_CMD(WMI_TLV_GRP_SAP_OFL),
++};
++
++enum wmi_tlv_event_id {
++ WMI_TLV_SERVICE_READY_EVENTID = 0x1,
++ WMI_TLV_READY_EVENTID,
++ WMI_TLV_SCAN_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_SCAN),
++ WMI_TLV_PDEV_TPC_CONFIG_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_PDEV),
++ WMI_TLV_CHAN_INFO_EVENTID,
++ WMI_TLV_PHYERR_EVENTID,
++ WMI_TLV_PDEV_DUMP_EVENTID,
++ WMI_TLV_TX_PAUSE_EVENTID,
++ WMI_TLV_DFS_RADAR_EVENTID,
++ WMI_TLV_PDEV_L1SS_TRACK_EVENTID,
++ WMI_TLV_PDEV_TEMPERATURE_EVENTID,
++ WMI_TLV_VDEV_START_RESP_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_VDEV),
++ WMI_TLV_VDEV_STOPPED_EVENTID,
++ WMI_TLV_VDEV_INSTALL_KEY_COMPLETE_EVENTID,
++ WMI_TLV_VDEV_MCC_BCN_INTERVAL_CHANGE_REQ_EVENTID,
++ WMI_TLV_PEER_STA_KICKOUT_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_PEER),
++ WMI_TLV_PEER_INFO_EVENTID,
++ WMI_TLV_PEER_TX_FAIL_CNT_THR_EVENTID,
++ WMI_TLV_PEER_ESTIMATED_LINKSPEED_EVENTID,
++ WMI_TLV_PEER_STATE_EVENTID,
++ WMI_TLV_MGMT_RX_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_MGMT),
++ WMI_TLV_HOST_SWBA_EVENTID,
++ WMI_TLV_TBTTOFFSET_UPDATE_EVENTID,
++ WMI_TLV_OFFLOAD_BCN_TX_STATUS_EVENTID,
++ WMI_TLV_OFFLOAD_PROB_RESP_TX_STATUS_EVENTID,
++ WMI_TLV_TX_DELBA_COMPLETE_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_BA_NEG),
++ WMI_TLV_TX_ADDBA_COMPLETE_EVENTID,
++ WMI_TLV_BA_RSP_SSN_EVENTID,
++ WMI_TLV_AGGR_STATE_TRIG_EVENTID,
++ WMI_TLV_ROAM_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_ROAM),
++ WMI_TLV_PROFILE_MATCH,
++ WMI_TLV_ROAM_SYNCH_EVENTID,
++ WMI_TLV_P2P_DISC_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_P2P),
++ WMI_TLV_P2P_NOA_EVENTID,
++ WMI_TLV_PDEV_RESUME_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_SUSPEND),
++ WMI_TLV_WOW_WAKEUP_HOST_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_WOW),
++ WMI_TLV_D0_WOW_DISABLE_ACK_EVENTID,
++ WMI_TLV_RTT_MEASUREMENT_REPORT_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_RTT),
++ WMI_TLV_TSF_MEASUREMENT_REPORT_EVENTID,
++ WMI_TLV_RTT_ERROR_REPORT_EVENTID,
++ WMI_TLV_STATS_EXT_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_STATS),
++ WMI_TLV_IFACE_LINK_STATS_EVENTID,
++ WMI_TLV_PEER_LINK_STATS_EVENTID,
++ WMI_TLV_RADIO_LINK_STATS_EVENTID,
++ WMI_TLV_NLO_MATCH_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_NLO_OFL),
++ WMI_TLV_NLO_SCAN_COMPLETE_EVENTID,
++ WMI_TLV_APFIND_EVENTID,
++ WMI_TLV_GTK_OFFLOAD_STATUS_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_GTK_OFL),
++ WMI_TLV_GTK_REKEY_FAIL_EVENTID,
++ WMI_TLV_CSA_HANDLING_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_CSA_OFL),
++ WMI_TLV_CHATTER_PC_QUERY_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_CHATTER),
++ WMI_TLV_ECHO_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_MISC),
++ WMI_TLV_PDEV_UTF_EVENTID,
++ WMI_TLV_DEBUG_MESG_EVENTID,
++ WMI_TLV_UPDATE_STATS_EVENTID,
++ WMI_TLV_DEBUG_PRINT_EVENTID,
++ WMI_TLV_DCS_INTERFERENCE_EVENTID,
++ WMI_TLV_PDEV_QVIT_EVENTID,
++ WMI_TLV_WLAN_PROFILE_DATA_EVENTID,
++ WMI_TLV_PDEV_FTM_INTG_EVENTID,
++ WMI_TLV_WLAN_FREQ_AVOID_EVENTID,
++ WMI_TLV_VDEV_GET_KEEPALIVE_EVENTID,
++ WMI_TLV_THERMAL_MGMT_EVENTID,
++ WMI_TLV_DIAG_DATA_CONTAINER_EVENTID,
++ WMI_TLV_HOST_AUTO_SHUTDOWN_EVENTID,
++ WMI_TLV_UPDATE_WHAL_MIB_STATS_EVENTID,
++ WMI_TLV_UPDATE_VDEV_RATE_STATS_EVENTID,
++ WMI_TLV_DIAG_EVENTID,
++ WMI_TLV_GPIO_INPUT_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_GPIO),
++ WMI_TLV_UPLOADH_EVENTID,
++ WMI_TLV_CAPTUREH_EVENTID,
++ WMI_TLV_RFKILL_STATE_CHANGE_EVENTID,
++ WMI_TLV_TDLS_PEER_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_TDLS),
++ WMI_TLV_BATCH_SCAN_ENABLED_EVENTID =
++ WMI_TLV_EV(WMI_TLV_GRP_LOCATION_SCAN),
++ WMI_TLV_BATCH_SCAN_RESULT_EVENTID,
++ WMI_TLV_OEM_CAPABILITY_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_OEM),
++ WMI_TLV_OEM_MEASUREMENT_REPORT_EVENTID,
++ WMI_TLV_OEM_ERROR_REPORT_EVENTID,
++ WMI_TLV_NAN_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_NAN),
++ WMI_TLV_LPI_RESULT_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_LPI),
++ WMI_TLV_LPI_STATUS_EVENTID,
++ WMI_TLV_LPI_HANDOFF_EVENTID,
++ WMI_TLV_EXTSCAN_START_STOP_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_EXTSCAN),
++ WMI_TLV_EXTSCAN_OPERATION_EVENTID,
++ WMI_TLV_EXTSCAN_TABLE_USAGE_EVENTID,
++ WMI_TLV_EXTSCAN_CACHED_RESULTS_EVENTID,
++ WMI_TLV_EXTSCAN_WLAN_CHANGE_RESULTS_EVENTID,
++ WMI_TLV_EXTSCAN_HOTLIST_MATCH_EVENTID,
++ WMI_TLV_EXTSCAN_CAPABILITIES_EVENTID,
++ WMI_TLV_MDNS_STATS_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_MDNS_OFL),
++ WMI_TLV_SAP_OFL_ADD_STA_EVENTID = WMI_TLV_EV(WMI_TLV_GRP_SAP_OFL),
++ WMI_TLV_SAP_OFL_DEL_STA_EVENTID,
++};
++
++enum wmi_tlv_pdev_param {
++ WMI_TLV_PDEV_PARAM_TX_CHAIN_MASK = 0x1,
++ WMI_TLV_PDEV_PARAM_RX_CHAIN_MASK,
++ WMI_TLV_PDEV_PARAM_TXPOWER_LIMIT2G,
++ WMI_TLV_PDEV_PARAM_TXPOWER_LIMIT5G,
++ WMI_TLV_PDEV_PARAM_TXPOWER_SCALE,
++ WMI_TLV_PDEV_PARAM_BEACON_GEN_MODE,
++ WMI_TLV_PDEV_PARAM_BEACON_TX_MODE,
++ WMI_TLV_PDEV_PARAM_RESMGR_OFFCHAN_MODE,
++ WMI_TLV_PDEV_PARAM_PROTECTION_MODE,
++ WMI_TLV_PDEV_PARAM_DYNAMIC_BW,
++ WMI_TLV_PDEV_PARAM_NON_AGG_SW_RETRY_TH,
++ WMI_TLV_PDEV_PARAM_AGG_SW_RETRY_TH,
++ WMI_TLV_PDEV_PARAM_STA_KICKOUT_TH,
++ WMI_TLV_PDEV_PARAM_AC_AGGRSIZE_SCALING,
++ WMI_TLV_PDEV_PARAM_LTR_ENABLE,
++ WMI_TLV_PDEV_PARAM_LTR_AC_LATENCY_BE,
++ WMI_TLV_PDEV_PARAM_LTR_AC_LATENCY_BK,
++ WMI_TLV_PDEV_PARAM_LTR_AC_LATENCY_VI,
++ WMI_TLV_PDEV_PARAM_LTR_AC_LATENCY_VO,
++ WMI_TLV_PDEV_PARAM_LTR_AC_LATENCY_TIMEOUT,
++ WMI_TLV_PDEV_PARAM_LTR_SLEEP_OVERRIDE,
++ WMI_TLV_PDEV_PARAM_LTR_RX_OVERRIDE,
++ WMI_TLV_PDEV_PARAM_LTR_TX_ACTIVITY_TIMEOUT,
++ WMI_TLV_PDEV_PARAM_L1SS_ENABLE,
++ WMI_TLV_PDEV_PARAM_DSLEEP_ENABLE,
++ WMI_TLV_PDEV_PARAM_PCIELP_TXBUF_FLUSH,
++ WMI_TLV_PDEV_PARAM_PCIELP_TXBUF_WATERMARK,
++ WMI_TLV_PDEV_PARAM_PCIELP_TXBUF_TMO_EN,
++ WMI_TLV_PDEV_PARAM_PCIELP_TXBUF_TMO_VALUE,
++ WMI_TLV_PDEV_PARAM_PDEV_STATS_UPDATE_PERIOD,
++ WMI_TLV_PDEV_PARAM_VDEV_STATS_UPDATE_PERIOD,
++ WMI_TLV_PDEV_PARAM_PEER_STATS_UPDATE_PERIOD,
++ WMI_TLV_PDEV_PARAM_BCNFLT_STATS_UPDATE_PERIOD,
++ WMI_TLV_PDEV_PARAM_PMF_QOS,
++ WMI_TLV_PDEV_PARAM_ARP_AC_OVERRIDE,
++ WMI_TLV_PDEV_PARAM_DCS,
++ WMI_TLV_PDEV_PARAM_ANI_ENABLE,
++ WMI_TLV_PDEV_PARAM_ANI_POLL_PERIOD,
++ WMI_TLV_PDEV_PARAM_ANI_LISTEN_PERIOD,
++ WMI_TLV_PDEV_PARAM_ANI_OFDM_LEVEL,
++ WMI_TLV_PDEV_PARAM_ANI_CCK_LEVEL,
++ WMI_TLV_PDEV_PARAM_DYNTXCHAIN,
++ WMI_TLV_PDEV_PARAM_PROXY_STA,
++ WMI_TLV_PDEV_PARAM_IDLE_PS_CONFIG,
++ WMI_TLV_PDEV_PARAM_POWER_GATING_SLEEP,
++ WMI_TLV_PDEV_PARAM_RFKILL_ENABLE,
++ WMI_TLV_PDEV_PARAM_BURST_DUR,
++ WMI_TLV_PDEV_PARAM_BURST_ENABLE,
++ WMI_TLV_PDEV_PARAM_HW_RFKILL_CONFIG,
++ WMI_TLV_PDEV_PARAM_LOW_POWER_RF_ENABLE,
++ WMI_TLV_PDEV_PARAM_L1SS_TRACK,
++ WMI_TLV_PDEV_PARAM_HYST_EN,
++ WMI_TLV_PDEV_PARAM_POWER_COLLAPSE_ENABLE,
++ WMI_TLV_PDEV_PARAM_LED_SYS_STATE,
++ WMI_TLV_PDEV_PARAM_LED_ENABLE,
++ WMI_TLV_PDEV_PARAM_AUDIO_OVER_WLAN_LATENCY,
++ WMI_TLV_PDEV_PARAM_AUDIO_OVER_WLAN_ENABLE,
++ WMI_TLV_PDEV_PARAM_WHAL_MIB_STATS_UPDATE_ENABLE,
++ WMI_TLV_PDEV_PARAM_VDEV_RATE_STATS_UPDATE_PERIOD,
++ WMI_TLV_PDEV_PARAM_TXPOWER_REASON_NONE,
++ WMI_TLV_PDEV_PARAM_TXPOWER_REASON_SAR,
++ WMI_TLV_PDEV_PARAM_TXPOWER_REASON_MAX,
++};
++
++enum wmi_tlv_vdev_param {
++ WMI_TLV_VDEV_PARAM_RTS_THRESHOLD = 0x1,
++ WMI_TLV_VDEV_PARAM_FRAGMENTATION_THRESHOLD,
++ WMI_TLV_VDEV_PARAM_BEACON_INTERVAL,
++ WMI_TLV_VDEV_PARAM_LISTEN_INTERVAL,
++ WMI_TLV_VDEV_PARAM_MULTICAST_RATE,
++ WMI_TLV_VDEV_PARAM_MGMT_TX_RATE,
++ WMI_TLV_VDEV_PARAM_SLOT_TIME,
++ WMI_TLV_VDEV_PARAM_PREAMBLE,
++ WMI_TLV_VDEV_PARAM_SWBA_TIME,
++ WMI_TLV_VDEV_STATS_UPDATE_PERIOD,
++ WMI_TLV_VDEV_PWRSAVE_AGEOUT_TIME,
++ WMI_TLV_VDEV_HOST_SWBA_INTERVAL,
++ WMI_TLV_VDEV_PARAM_DTIM_PERIOD,
++ WMI_TLV_VDEV_OC_SCHEDULER_AIR_TIME_LIMIT,
++ WMI_TLV_VDEV_PARAM_WDS,
++ WMI_TLV_VDEV_PARAM_ATIM_WINDOW,
++ WMI_TLV_VDEV_PARAM_BMISS_COUNT_MAX,
++ WMI_TLV_VDEV_PARAM_BMISS_FIRST_BCNT,
++ WMI_TLV_VDEV_PARAM_BMISS_FINAL_BCNT,
++ WMI_TLV_VDEV_PARAM_FEATURE_WMM,
++ WMI_TLV_VDEV_PARAM_CHWIDTH,
++ WMI_TLV_VDEV_PARAM_CHEXTOFFSET,
++ WMI_TLV_VDEV_PARAM_DISABLE_HTPROTECTION,
++ WMI_TLV_VDEV_PARAM_STA_QUICKKICKOUT,
++ WMI_TLV_VDEV_PARAM_MGMT_RATE,
++ WMI_TLV_VDEV_PARAM_PROTECTION_MODE,
++ WMI_TLV_VDEV_PARAM_FIXED_RATE,
++ WMI_TLV_VDEV_PARAM_SGI,
++ WMI_TLV_VDEV_PARAM_LDPC,
++ WMI_TLV_VDEV_PARAM_TX_STBC,
++ WMI_TLV_VDEV_PARAM_RX_STBC,
++ WMI_TLV_VDEV_PARAM_INTRA_BSS_FWD,
++ WMI_TLV_VDEV_PARAM_DEF_KEYID,
++ WMI_TLV_VDEV_PARAM_NSS,
++ WMI_TLV_VDEV_PARAM_BCAST_DATA_RATE,
++ WMI_TLV_VDEV_PARAM_MCAST_DATA_RATE,
++ WMI_TLV_VDEV_PARAM_MCAST_INDICATE,
++ WMI_TLV_VDEV_PARAM_DHCP_INDICATE,
++ WMI_TLV_VDEV_PARAM_UNKNOWN_DEST_INDICATE,
++ WMI_TLV_VDEV_PARAM_AP_KEEPALIVE_MIN_IDLE_INACTIVE_TIME_SECS,
++ WMI_TLV_VDEV_PARAM_AP_KEEPALIVE_MAX_IDLE_INACTIVE_TIME_SECS,
++ WMI_TLV_VDEV_PARAM_AP_KEEPALIVE_MAX_UNRESPONSIVE_TIME_SECS,
++ WMI_TLV_VDEV_PARAM_AP_ENABLE_NAWDS,
++ WMI_TLV_VDEV_PARAM_ENABLE_RTSCTS,
++ WMI_TLV_VDEV_PARAM_TXBF,
++ WMI_TLV_VDEV_PARAM_PACKET_POWERSAVE,
++ WMI_TLV_VDEV_PARAM_DROP_UNENCRY,
++ WMI_TLV_VDEV_PARAM_TX_ENCAP_TYPE,
++ WMI_TLV_VDEV_PARAM_AP_DETECT_OUT_OF_SYNC_SLEEPING_STA_TIME_SECS,
++ WMI_TLV_VDEV_PARAM_EARLY_RX_ADJUST_ENABLE,
++ WMI_TLV_VDEV_PARAM_EARLY_RX_TGT_BMISS_NUM,
++ WMI_TLV_VDEV_PARAM_EARLY_RX_BMISS_SAMPLE_CYCLE,
++ WMI_TLV_VDEV_PARAM_EARLY_RX_SLOP_STEP,
++ WMI_TLV_VDEV_PARAM_EARLY_RX_INIT_SLOP,
++ WMI_TLV_VDEV_PARAM_EARLY_RX_ADJUST_PAUSE,
++ WMI_TLV_VDEV_PARAM_TX_PWRLIMIT,
++ WMI_TLV_VDEV_PARAM_SNR_NUM_FOR_CAL,
++ WMI_TLV_VDEV_PARAM_ROAM_FW_OFFLOAD,
++ WMI_TLV_VDEV_PARAM_ENABLE_RMC,
++ WMI_TLV_VDEV_PARAM_IBSS_MAX_BCN_LOST_MS,
++ WMI_TLV_VDEV_PARAM_MAX_RATE,
++ WMI_TLV_VDEV_PARAM_EARLY_RX_DRIFT_SAMPLE,
++ WMI_TLV_VDEV_PARAM_SET_IBSS_TX_FAIL_CNT_THR,
++ WMI_TLV_VDEV_PARAM_EBT_RESYNC_TIMEOUT,
++ WMI_TLV_VDEV_PARAM_AGGR_TRIG_EVENT_ENABLE,
++ WMI_TLV_VDEV_PARAM_IS_IBSS_POWER_SAVE_ALLOWED,
++ WMI_TLV_VDEV_PARAM_IS_POWER_COLLAPSE_ALLOWED,
++ WMI_TLV_VDEV_PARAM_IS_AWAKE_ON_TXRX_ENABLED,
++ WMI_TLV_VDEV_PARAM_INACTIVITY_CNT,
++ WMI_TLV_VDEV_PARAM_TXSP_END_INACTIVITY_TIME_MS,
++ WMI_TLV_VDEV_PARAM_DTIM_POLICY,
++ WMI_TLV_VDEV_PARAM_IBSS_PS_WARMUP_TIME_SECS,
++ WMI_TLV_VDEV_PARAM_IBSS_PS_1RX_CHAIN_IN_ATIM_WINDOW_ENABLE,
++};
++
++enum wmi_tlv_tag {
++ WMI_TLV_TAG_LAST_RESERVED = 15,
++
++ WMI_TLV_TAG_FIRST_ARRAY_ENUM,
++ WMI_TLV_TAG_ARRAY_UINT32 = WMI_TLV_TAG_FIRST_ARRAY_ENUM,
++ WMI_TLV_TAG_ARRAY_BYTE,
++ WMI_TLV_TAG_ARRAY_STRUCT,
++ WMI_TLV_TAG_ARRAY_FIXED_STRUCT,
++ WMI_TLV_TAG_LAST_ARRAY_ENUM = 31,
++
++ WMI_TLV_TAG_STRUCT_SERVICE_READY_EVENT,
++ WMI_TLV_TAG_STRUCT_HAL_REG_CAPABILITIES,
++ WMI_TLV_TAG_STRUCT_WLAN_HOST_MEM_REQ,
++ WMI_TLV_TAG_STRUCT_READY_EVENT,
++ WMI_TLV_TAG_STRUCT_SCAN_EVENT,
++ WMI_TLV_TAG_STRUCT_PDEV_TPC_CONFIG_EVENT,
++ WMI_TLV_TAG_STRUCT_CHAN_INFO_EVENT,
++ WMI_TLV_TAG_STRUCT_COMB_PHYERR_RX_HDR,
++ WMI_TLV_TAG_STRUCT_VDEV_START_RESPONSE_EVENT,
++ WMI_TLV_TAG_STRUCT_VDEV_STOPPED_EVENT,
++ WMI_TLV_TAG_STRUCT_VDEV_INSTALL_KEY_COMPLETE_EVENT,
++ WMI_TLV_TAG_STRUCT_PEER_STA_KICKOUT_EVENT,
++ WMI_TLV_TAG_STRUCT_MGMT_RX_HDR,
++ WMI_TLV_TAG_STRUCT_TBTT_OFFSET_EVENT,
++ WMI_TLV_TAG_STRUCT_TX_DELBA_COMPLETE_EVENT,
++ WMI_TLV_TAG_STRUCT_TX_ADDBA_COMPLETE_EVENT,
++ WMI_TLV_TAG_STRUCT_ROAM_EVENT,
++ WMI_TLV_TAG_STRUCT_WOW_EVENT_INFO,
++ WMI_TLV_TAG_STRUCT_WOW_EVENT_INFO_SECTION_BITMAP,
++ WMI_TLV_TAG_STRUCT_RTT_EVENT_HEADER,
++ WMI_TLV_TAG_STRUCT_RTT_ERROR_REPORT_EVENT,
++ WMI_TLV_TAG_STRUCT_RTT_MEAS_EVENT,
++ WMI_TLV_TAG_STRUCT_ECHO_EVENT,
++ WMI_TLV_TAG_STRUCT_FTM_INTG_EVENT,
++ WMI_TLV_TAG_STRUCT_VDEV_GET_KEEPALIVE_EVENT,
++ WMI_TLV_TAG_STRUCT_GPIO_INPUT_EVENT,
++ WMI_TLV_TAG_STRUCT_CSA_EVENT,
++ WMI_TLV_TAG_STRUCT_GTK_OFFLOAD_STATUS_EVENT,
++ WMI_TLV_TAG_STRUCT_IGTK_INFO,
++ WMI_TLV_TAG_STRUCT_DCS_INTERFERENCE_EVENT,
++ WMI_TLV_TAG_STRUCT_ATH_DCS_CW_INT,
++ WMI_TLV_TAG_STRUCT_ATH_DCS_WLAN_INT_STAT,
++ WMI_TLV_TAG_STRUCT_WLAN_PROFILE_CTX_T,
++ WMI_TLV_TAG_STRUCT_WLAN_PROFILE_T,
++ WMI_TLV_TAG_STRUCT_PDEV_QVIT_EVENT,
++ WMI_TLV_TAG_STRUCT_HOST_SWBA_EVENT,
++ WMI_TLV_TAG_STRUCT_TIM_INFO,
++ WMI_TLV_TAG_STRUCT_P2P_NOA_INFO,
++ WMI_TLV_TAG_STRUCT_STATS_EVENT,
++ WMI_TLV_TAG_STRUCT_AVOID_FREQ_RANGES_EVENT,
++ WMI_TLV_TAG_STRUCT_AVOID_FREQ_RANGE_DESC,
++ WMI_TLV_TAG_STRUCT_GTK_REKEY_FAIL_EVENT,
++ WMI_TLV_TAG_STRUCT_INIT_CMD,
++ WMI_TLV_TAG_STRUCT_RESOURCE_CONFIG,
++ WMI_TLV_TAG_STRUCT_WLAN_HOST_MEMORY_CHUNK,
++ WMI_TLV_TAG_STRUCT_START_SCAN_CMD,
++ WMI_TLV_TAG_STRUCT_STOP_SCAN_CMD,
++ WMI_TLV_TAG_STRUCT_SCAN_CHAN_LIST_CMD,
++ WMI_TLV_TAG_STRUCT_CHANNEL,
++ WMI_TLV_TAG_STRUCT_PDEV_SET_REGDOMAIN_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_SET_PARAM_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_SET_WMM_PARAMS_CMD,
++ WMI_TLV_TAG_STRUCT_WMM_PARAMS,
++ WMI_TLV_TAG_STRUCT_PDEV_SET_QUIET_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_CREATE_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_DELETE_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_START_REQUEST_CMD,
++ WMI_TLV_TAG_STRUCT_P2P_NOA_DESCRIPTOR,
++ WMI_TLV_TAG_STRUCT_P2P_GO_SET_BEACON_IE,
++ WMI_TLV_TAG_STRUCT_GTK_OFFLOAD_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_UP_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_STOP_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_DOWN_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_SET_PARAM_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_INSTALL_KEY_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_CREATE_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_DELETE_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_FLUSH_TIDS_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_SET_PARAM_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_ASSOC_COMPLETE_CMD,
++ WMI_TLV_TAG_STRUCT_VHT_RATE_SET,
++ WMI_TLV_TAG_STRUCT_BCN_TMPL_CMD,
++ WMI_TLV_TAG_STRUCT_PRB_TMPL_CMD,
++ WMI_TLV_TAG_STRUCT_BCN_PRB_INFO,
++ WMI_TLV_TAG_STRUCT_PEER_TID_ADDBA_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_TID_DELBA_CMD,
++ WMI_TLV_TAG_STRUCT_STA_POWERSAVE_MODE_CMD,
++ WMI_TLV_TAG_STRUCT_STA_POWERSAVE_PARAM_CMD,
++ WMI_TLV_TAG_STRUCT_STA_DTIM_PS_METHOD_CMD,
++ WMI_TLV_TAG_STRUCT_ROAM_SCAN_MODE,
++ WMI_TLV_TAG_STRUCT_ROAM_SCAN_RSSI_THRESHOLD,
++ WMI_TLV_TAG_STRUCT_ROAM_SCAN_PERIOD,
++ WMI_TLV_TAG_STRUCT_ROAM_SCAN_RSSI_CHANGE_THRESHOLD,
++ WMI_TLV_TAG_STRUCT_PDEV_SUSPEND_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_RESUME_CMD,
++ WMI_TLV_TAG_STRUCT_ADD_BCN_FILTER_CMD,
++ WMI_TLV_TAG_STRUCT_RMV_BCN_FILTER_CMD,
++ WMI_TLV_TAG_STRUCT_WOW_ENABLE_CMD,
++ WMI_TLV_TAG_STRUCT_WOW_HOSTWAKEUP_FROM_SLEEP_CMD,
++ WMI_TLV_TAG_STRUCT_STA_UAPSD_AUTO_TRIG_CMD,
++ WMI_TLV_TAG_STRUCT_STA_UAPSD_AUTO_TRIG_PARAM,
++ WMI_TLV_TAG_STRUCT_SET_ARP_NS_OFFLOAD_CMD,
++ WMI_TLV_TAG_STRUCT_ARP_OFFLOAD_TUPLE,
++ WMI_TLV_TAG_STRUCT_NS_OFFLOAD_TUPLE,
++ WMI_TLV_TAG_STRUCT_FTM_INTG_CMD,
++ WMI_TLV_TAG_STRUCT_STA_KEEPALIVE_CMD,
++ WMI_TLV_TAG_STRUCT_STA_KEEPALVE_ARP_RESPONSE,
++ WMI_TLV_TAG_STRUCT_P2P_SET_VENDOR_IE_DATA_CMD,
++ WMI_TLV_TAG_STRUCT_AP_PS_PEER_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_RATE_RETRY_SCHED_CMD,
++ WMI_TLV_TAG_STRUCT_WLAN_PROFILE_TRIGGER_CMD,
++ WMI_TLV_TAG_STRUCT_WLAN_PROFILE_SET_HIST_INTVL_CMD,
++ WMI_TLV_TAG_STRUCT_WLAN_PROFILE_GET_PROF_DATA_CMD,
++ WMI_TLV_TAG_STRUCT_WLAN_PROFILE_ENABLE_PROFILE_ID_CMD,
++ WMI_TLV_TAG_STRUCT_WOW_DEL_PATTERN_CMD,
++ WMI_TLV_TAG_STRUCT_WOW_ADD_DEL_EVT_CMD,
++ WMI_TLV_TAG_STRUCT_RTT_MEASREQ_HEAD,
++ WMI_TLV_TAG_STRUCT_RTT_MEASREQ_BODY,
++ WMI_TLV_TAG_STRUCT_RTT_TSF_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_SPECTRAL_CONFIGURE_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_SPECTRAL_ENABLE_CMD,
++ WMI_TLV_TAG_STRUCT_REQUEST_STATS_CMD,
++ WMI_TLV_TAG_STRUCT_NLO_CONFIG_CMD,
++ WMI_TLV_TAG_STRUCT_NLO_CONFIGURED_PARAMETERS,
++ WMI_TLV_TAG_STRUCT_CSA_OFFLOAD_ENABLE_CMD,
++ WMI_TLV_TAG_STRUCT_CSA_OFFLOAD_CHANSWITCH_CMD,
++ WMI_TLV_TAG_STRUCT_CHATTER_SET_MODE_CMD,
++ WMI_TLV_TAG_STRUCT_ECHO_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_SET_KEEPALIVE_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_GET_KEEPALIVE_CMD,
++ WMI_TLV_TAG_STRUCT_FORCE_FW_HANG_CMD,
++ WMI_TLV_TAG_STRUCT_GPIO_CONFIG_CMD,
++ WMI_TLV_TAG_STRUCT_GPIO_OUTPUT_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_ADD_WDS_ENTRY_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_REMOVE_WDS_ENTRY_CMD,
++ WMI_TLV_TAG_STRUCT_BCN_TX_HDR,
++ WMI_TLV_TAG_STRUCT_BCN_SEND_FROM_HOST_CMD,
++ WMI_TLV_TAG_STRUCT_MGMT_TX_HDR,
++ WMI_TLV_TAG_STRUCT_ADDBA_CLEAR_RESP_CMD,
++ WMI_TLV_TAG_STRUCT_ADDBA_SEND_CMD,
++ WMI_TLV_TAG_STRUCT_DELBA_SEND_CMD,
++ WMI_TLV_TAG_STRUCT_ADDBA_SETRESPONSE_CMD,
++ WMI_TLV_TAG_STRUCT_SEND_SINGLEAMSDU_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_PKTLOG_ENABLE_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_PKTLOG_DISABLE_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_SET_HT_IE_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_SET_VHT_IE_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_SET_DSCP_TID_MAP_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_GREEN_AP_PS_ENABLE_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_GET_TPC_CONFIG_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_SET_BASE_MACADDR_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_MCAST_GROUP_CMD,
++ WMI_TLV_TAG_STRUCT_ROAM_AP_PROFILE,
++ WMI_TLV_TAG_STRUCT_AP_PROFILE,
++ WMI_TLV_TAG_STRUCT_SCAN_SCH_PRIORITY_TABLE_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_DFS_ENABLE_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_DFS_DISABLE_CMD,
++ WMI_TLV_TAG_STRUCT_WOW_ADD_PATTERN_CMD,
++ WMI_TLV_TAG_STRUCT_WOW_BITMAP_PATTERN_T,
++ WMI_TLV_TAG_STRUCT_WOW_IPV4_SYNC_PATTERN_T,
++ WMI_TLV_TAG_STRUCT_WOW_IPV6_SYNC_PATTERN_T,
++ WMI_TLV_TAG_STRUCT_WOW_MAGIC_PATTERN_CMD,
++ WMI_TLV_TAG_STRUCT_SCAN_UPDATE_REQUEST_CMD,
++ WMI_TLV_TAG_STRUCT_CHATTER_PKT_COALESCING_FILTER,
++ WMI_TLV_TAG_STRUCT_CHATTER_COALESCING_ADD_FILTER_CMD,
++ WMI_TLV_TAG_STRUCT_CHATTER_COALESCING_DELETE_FILTER_CMD,
++ WMI_TLV_TAG_STRUCT_CHATTER_COALESCING_QUERY_CMD,
++ WMI_TLV_TAG_STRUCT_TXBF_CMD,
++ WMI_TLV_TAG_STRUCT_DEBUG_LOG_CONFIG_CMD,
++ WMI_TLV_TAG_STRUCT_NLO_EVENT,
++ WMI_TLV_TAG_STRUCT_CHATTER_QUERY_REPLY_EVENT,
++ WMI_TLV_TAG_STRUCT_UPLOAD_H_HDR,
++ WMI_TLV_TAG_STRUCT_CAPTURE_H_EVENT_HDR,
++ WMI_TLV_TAG_STRUCT_VDEV_WNM_SLEEPMODE_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_IPSEC_NATKEEPALIVE_FILTER_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_WMM_ADDTS_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_WMM_DELTS_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_SET_WMM_PARAMS_CMD,
++ WMI_TLV_TAG_STRUCT_TDLS_SET_STATE_CMD,
++ WMI_TLV_TAG_STRUCT_TDLS_PEER_UPDATE_CMD,
++ WMI_TLV_TAG_STRUCT_TDLS_PEER_EVENT,
++ WMI_TLV_TAG_STRUCT_TDLS_PEER_CAPABILITIES,
++ WMI_TLV_TAG_STRUCT_VDEV_MCC_SET_TBTT_MODE_CMD,
++ WMI_TLV_TAG_STRUCT_ROAM_CHAN_LIST,
++ WMI_TLV_TAG_STRUCT_VDEV_MCC_BCN_INTVL_CHANGE_EVENT,
++ WMI_TLV_TAG_STRUCT_RESMGR_ADAPTIVE_OCS_CMD,
++ WMI_TLV_TAG_STRUCT_RESMGR_SET_CHAN_TIME_QUOTA_CMD,
++ WMI_TLV_TAG_STRUCT_RESMGR_SET_CHAN_LATENCY_CMD,
++ WMI_TLV_TAG_STRUCT_BA_REQ_SSN_CMD,
++ WMI_TLV_TAG_STRUCT_BA_RSP_SSN_EVENT,
++ WMI_TLV_TAG_STRUCT_STA_SMPS_FORCE_MODE_CMD,
++ WMI_TLV_TAG_STRUCT_SET_MCASTBCAST_FILTER_CMD,
++ WMI_TLV_TAG_STRUCT_P2P_SET_OPPPS_CMD,
++ WMI_TLV_TAG_STRUCT_P2P_SET_NOA_CMD,
++ WMI_TLV_TAG_STRUCT_BA_REQ_SSN_CMD_SUB_STRUCT_PARAM,
++ WMI_TLV_TAG_STRUCT_BA_REQ_SSN_EVENT_SUB_STRUCT_PARAM,
++ WMI_TLV_TAG_STRUCT_STA_SMPS_PARAM_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_SET_GTX_PARAMS_CMD,
++ WMI_TLV_TAG_STRUCT_MCC_SCHED_TRAFFIC_STATS_CMD,
++ WMI_TLV_TAG_STRUCT_MCC_SCHED_STA_TRAFFIC_STATS,
++ WMI_TLV_TAG_STRUCT_OFFLOAD_BCN_TX_STATUS_EVENT,
++ WMI_TLV_TAG_STRUCT_P2P_NOA_EVENT,
++ WMI_TLV_TAG_STRUCT_HB_SET_ENABLE_CMD,
++ WMI_TLV_TAG_STRUCT_HB_SET_TCP_PARAMS_CMD,
++ WMI_TLV_TAG_STRUCT_HB_SET_TCP_PKT_FILTER_CMD,
++ WMI_TLV_TAG_STRUCT_HB_SET_UDP_PARAMS_CMD,
++ WMI_TLV_TAG_STRUCT_HB_SET_UDP_PKT_FILTER_CMD,
++ WMI_TLV_TAG_STRUCT_HB_IND_EVENT,
++ WMI_TLV_TAG_STRUCT_TX_PAUSE_EVENT,
++ WMI_TLV_TAG_STRUCT_RFKILL_EVENT,
++ WMI_TLV_TAG_STRUCT_DFS_RADAR_EVENT,
++ WMI_TLV_TAG_STRUCT_DFS_PHYERR_FILTER_ENA_CMD,
++ WMI_TLV_TAG_STRUCT_DFS_PHYERR_FILTER_DIS_CMD,
++ WMI_TLV_TAG_STRUCT_BATCH_SCAN_RESULT_SCAN_LIST,
++ WMI_TLV_TAG_STRUCT_BATCH_SCAN_RESULT_NETWORK_INFO,
++ WMI_TLV_TAG_STRUCT_BATCH_SCAN_ENABLE_CMD,
++ WMI_TLV_TAG_STRUCT_BATCH_SCAN_DISABLE_CMD,
++ WMI_TLV_TAG_STRUCT_BATCH_SCAN_TRIGGER_RESULT_CMD,
++ WMI_TLV_TAG_STRUCT_BATCH_SCAN_ENABLED_EVENT,
++ WMI_TLV_TAG_STRUCT_BATCH_SCAN_RESULT_EVENT,
++ WMI_TLV_TAG_STRUCT_VDEV_PLMREQ_START_CMD,
++ WMI_TLV_TAG_STRUCT_VDEV_PLMREQ_STOP_CMD,
++ WMI_TLV_TAG_STRUCT_THERMAL_MGMT_CMD,
++ WMI_TLV_TAG_STRUCT_THERMAL_MGMT_EVENT,
++ WMI_TLV_TAG_STRUCT_PEER_INFO_REQ_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_INFO_EVENT,
++ WMI_TLV_TAG_STRUCT_PEER_INFO,
++ WMI_TLV_TAG_STRUCT_PEER_TX_FAIL_CNT_THR_EVENT,
++ WMI_TLV_TAG_STRUCT_RMC_SET_MODE_CMD,
++ WMI_TLV_TAG_STRUCT_RMC_SET_ACTION_PERIOD_CMD,
++ WMI_TLV_TAG_STRUCT_RMC_CONFIG_CMD,
++ WMI_TLV_TAG_STRUCT_MHF_OFFLOAD_SET_MODE_CMD,
++ WMI_TLV_TAG_STRUCT_MHF_OFFLOAD_PLUMB_ROUTING_TABLE_CMD,
++ WMI_TLV_TAG_STRUCT_ADD_PROACTIVE_ARP_RSP_PATTERN_CMD,
++ WMI_TLV_TAG_STRUCT_DEL_PROACTIVE_ARP_RSP_PATTERN_CMD,
++ WMI_TLV_TAG_STRUCT_NAN_CMD_PARAM,
++ WMI_TLV_TAG_STRUCT_NAN_EVENT_HDR,
++ WMI_TLV_TAG_STRUCT_PDEV_L1SS_TRACK_EVENT,
++ WMI_TLV_TAG_STRUCT_DIAG_DATA_CONTAINER_EVENT,
++ WMI_TLV_TAG_STRUCT_MODEM_POWER_STATE_CMD_PARAM,
++ WMI_TLV_TAG_STRUCT_PEER_GET_ESTIMATED_LINKSPEED_CMD,
++ WMI_TLV_TAG_STRUCT_PEER_ESTIMATED_LINKSPEED_EVENT,
++ WMI_TLV_TAG_STRUCT_AGGR_STATE_TRIG_EVENT,
++ WMI_TLV_TAG_STRUCT_MHF_OFFLOAD_ROUTING_TABLE_ENTRY,
++ WMI_TLV_TAG_STRUCT_ROAM_SCAN_CMD,
++ WMI_TLV_TAG_STRUCT_REQ_STATS_EXT_CMD,
++ WMI_TLV_TAG_STRUCT_STATS_EXT_EVENT,
++ WMI_TLV_TAG_STRUCT_OBSS_SCAN_ENABLE_CMD,
++ WMI_TLV_TAG_STRUCT_OBSS_SCAN_DISABLE_CMD,
++ WMI_TLV_TAG_STRUCT_OFFLOAD_PRB_RSP_TX_STATUS_EVENT,
++ WMI_TLV_TAG_STRUCT_PDEV_SET_LED_CONFIG_CMD,
++ WMI_TLV_TAG_STRUCT_HOST_AUTO_SHUTDOWN_CFG_CMD,
++ WMI_TLV_TAG_STRUCT_HOST_AUTO_SHUTDOWN_EVENT,
++ WMI_TLV_TAG_STRUCT_UPDATE_WHAL_MIB_STATS_EVENT,
++ WMI_TLV_TAG_STRUCT_CHAN_AVOID_UPDATE_CMD_PARAM,
++ WMI_TLV_TAG_STRUCT_WOW_ACER_IOAC_PKT_PATTERN_T,
++ WMI_TLV_TAG_STRUCT_WOW_ACER_IOAC_TMR_PATTERN_T,
++ WMI_TLV_TAG_STRUCT_WOW_IOAC_ADD_KEEPALIVE_CMD,
++ WMI_TLV_TAG_STRUCT_WOW_IOAC_DEL_KEEPALIVE_CMD,
++ WMI_TLV_TAG_STRUCT_WOW_IOAC_KEEPALIVE_T,
++ WMI_TLV_TAG_STRUCT_WOW_ACER_IOAC_ADD_PATTERN_CMD,
++ WMI_TLV_TAG_STRUCT_WOW_ACER_IOAC_DEL_PATTERN_CMD,
++ WMI_TLV_TAG_STRUCT_START_LINK_STATS_CMD,
++ WMI_TLV_TAG_STRUCT_CLEAR_LINK_STATS_CMD,
++ WMI_TLV_TAG_STRUCT_REQUEST_LINK_STATS_CMD,
++ WMI_TLV_TAG_STRUCT_IFACE_LINK_STATS_EVENT,
++ WMI_TLV_TAG_STRUCT_RADIO_LINK_STATS_EVENT,
++ WMI_TLV_TAG_STRUCT_PEER_STATS_EVENT,
++ WMI_TLV_TAG_STRUCT_CHANNEL_STATS,
++ WMI_TLV_TAG_STRUCT_RADIO_LINK_STATS,
++ WMI_TLV_TAG_STRUCT_RATE_STATS,
++ WMI_TLV_TAG_STRUCT_PEER_LINK_STATS,
++ WMI_TLV_TAG_STRUCT_WMM_AC_STATS,
++ WMI_TLV_TAG_STRUCT_IFACE_LINK_STATS,
++ WMI_TLV_TAG_STRUCT_LPI_MGMT_SNOOPING_CONFIG_CMD,
++ WMI_TLV_TAG_STRUCT_LPI_START_SCAN_CMD,
++ WMI_TLV_TAG_STRUCT_LPI_STOP_SCAN_CMD,
++ WMI_TLV_TAG_STRUCT_LPI_RESULT_EVENT,
++ WMI_TLV_TAG_STRUCT_PEER_STATE_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_BUCKET_CMD,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_BUCKET_CHANNEL_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_START_CMD,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_STOP_CMD,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_CONFIGURE_WLAN_CHANGE_MONITOR_CMD,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_WLAN_CHANGE_BSSID_PARAM_CMD,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_CONFIGURE_HOTLIST_MONITOR_CMD,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_GET_CACHED_RESULTS_CMD,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_GET_WLAN_CHANGE_RESULTS_CMD,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_SET_CAPABILITIES_CMD,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_GET_CAPABILITIES_CMD,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_OPERATION_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_START_STOP_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_TABLE_USAGE_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_WLAN_DESCRIPTOR_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_RSSI_INFO_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_CACHED_RESULTS_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_WLAN_CHANGE_RESULTS_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_WLAN_CHANGE_RESULT_BSSID_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_HOTLIST_MATCH_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_CAPABILITIES_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_CACHE_CAPABILITIES_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_WLAN_CHANGE_MONITOR_CAPABILITIES_EVENT,
++ WMI_TLV_TAG_STRUCT_EXTSCAN_HOTLIST_MONITOR_CAPABILITIES_EVENT,
++ WMI_TLV_TAG_STRUCT_D0_WOW_ENABLE_DISABLE_CMD,
++ WMI_TLV_TAG_STRUCT_D0_WOW_DISABLE_ACK_EVENT,
++ WMI_TLV_TAG_STRUCT_UNIT_TEST_CMD,
++ WMI_TLV_TAG_STRUCT_ROAM_OFFLOAD_TLV_PARAM,
++ WMI_TLV_TAG_STRUCT_ROAM_11I_OFFLOAD_TLV_PARAM,
++ WMI_TLV_TAG_STRUCT_ROAM_11R_OFFLOAD_TLV_PARAM,
++ WMI_TLV_TAG_STRUCT_ROAM_ESE_OFFLOAD_TLV_PARAM,
++ WMI_TLV_TAG_STRUCT_ROAM_SYNCH_EVENT,
++ WMI_TLV_TAG_STRUCT_ROAM_SYNCH_COMPLETE,
++ WMI_TLV_TAG_STRUCT_EXTWOW_ENABLE_CMD,
++ WMI_TLV_TAG_STRUCT_EXTWOW_SET_APP_TYPE1_PARAMS_CMD,
++ WMI_TLV_TAG_STRUCT_EXTWOW_SET_APP_TYPE2_PARAMS_CMD,
++ WMI_TLV_TAG_STRUCT_LPI_STATUS_EVENT,
++ WMI_TLV_TAG_STRUCT_LPI_HANDOFF_EVENT,
++ WMI_TLV_TAG_STRUCT_VDEV_RATE_STATS_EVENT,
++ WMI_TLV_TAG_STRUCT_VDEV_RATE_HT_INFO,
++ WMI_TLV_TAG_STRUCT_RIC_REQUEST,
++ WMI_TLV_TAG_STRUCT_PDEV_GET_TEMPERATURE_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_TEMPERATURE_EVENT,
++ WMI_TLV_TAG_STRUCT_SET_DHCP_SERVER_OFFLOAD_CMD,
++ WMI_TLV_TAG_STRUCT_TPC_CHAINMASK_CONFIG_CMD,
++ WMI_TLV_TAG_STRUCT_RIC_TSPEC,
++ WMI_TLV_TAG_STRUCT_TPC_CHAINMASK_CONFIG,
++ WMI_TLV_TAG_STRUCT_IPA_OFFLOAD_CMD,
++ WMI_TLV_TAG_STRUCT_SCAN_PROB_REQ_OUI_CMD,
++ WMI_TLV_TAG_STRUCT_KEY_MATERIAL,
++ WMI_TLV_TAG_STRUCT_TDLS_SET_OFFCHAN_MODE_CMD,
++ WMI_TLV_TAG_STRUCT_SET_LED_FLASHING_CMD,
++ WMI_TLV_TAG_STRUCT_MDNS_OFFLOAD_CMD,
++ WMI_TLV_TAG_STRUCT_MDNS_SET_FQDN_CMD,
++ WMI_TLV_TAG_STRUCT_MDNS_SET_RESP_CMD,
++ WMI_TLV_TAG_STRUCT_MDNS_GET_STATS_CMD,
++ WMI_TLV_TAG_STRUCT_MDNS_STATS_EVENT,
++ WMI_TLV_TAG_STRUCT_ROAM_INVOKE_CMD,
++ WMI_TLV_TAG_STRUCT_PDEV_RESUME_EVENT,
++ WMI_TLV_TAG_STRUCT_PDEV_SET_ANTENNA_DIVERSITY_CMD,
++ WMI_TLV_TAG_STRUCT_SAP_OFL_ENABLE_CMD,
++ WMI_TLV_TAG_STRUCT_SAP_OFL_ADD_STA_EVENT,
++ WMI_TLV_TAG_STRUCT_SAP_OFL_DEL_STA_EVENT,
++ WMI_TLV_TAG_STRUCT_APFIND_CMD_PARAM,
++ WMI_TLV_TAG_STRUCT_APFIND_EVENT_HDR,
++
++ WMI_TLV_TAG_MAX
++};
++
++enum wmi_tlv_service {
++ WMI_TLV_SERVICE_BEACON_OFFLOAD = 0,
++ WMI_TLV_SERVICE_SCAN_OFFLOAD,
++ WMI_TLV_SERVICE_ROAM_SCAN_OFFLOAD,
++ WMI_TLV_SERVICE_BCN_MISS_OFFLOAD,
++ WMI_TLV_SERVICE_STA_PWRSAVE,
++ WMI_TLV_SERVICE_STA_ADVANCED_PWRSAVE,
++ WMI_TLV_SERVICE_AP_UAPSD,
++ WMI_TLV_SERVICE_AP_DFS,
++ WMI_TLV_SERVICE_11AC,
++ WMI_TLV_SERVICE_BLOCKACK,
++ WMI_TLV_SERVICE_PHYERR,
++ WMI_TLV_SERVICE_BCN_FILTER,
++ WMI_TLV_SERVICE_RTT,
++ WMI_TLV_SERVICE_WOW,
++ WMI_TLV_SERVICE_RATECTRL_CACHE,
++ WMI_TLV_SERVICE_IRAM_TIDS,
++ WMI_TLV_SERVICE_ARPNS_OFFLOAD,
++ WMI_TLV_SERVICE_NLO,
++ WMI_TLV_SERVICE_GTK_OFFLOAD,
++ WMI_TLV_SERVICE_SCAN_SCH,
++ WMI_TLV_SERVICE_CSA_OFFLOAD,
++ WMI_TLV_SERVICE_CHATTER,
++ WMI_TLV_SERVICE_COEX_FREQAVOID,
++ WMI_TLV_SERVICE_PACKET_POWER_SAVE,
++ WMI_TLV_SERVICE_FORCE_FW_HANG,
++ WMI_TLV_SERVICE_GPIO,
++ WMI_TLV_SERVICE_STA_DTIM_PS_MODULATED_DTIM,
++ WMI_TLV_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG,
++ WMI_TLV_SERVICE_STA_UAPSD_VAR_AUTO_TRIG,
++ WMI_TLV_SERVICE_STA_KEEP_ALIVE,
++ WMI_TLV_SERVICE_TX_ENCAP,
++ WMI_TLV_SERVICE_AP_PS_DETECT_OUT_OF_SYNC,
++ WMI_TLV_SERVICE_EARLY_RX,
++ WMI_TLV_SERVICE_STA_SMPS,
++ WMI_TLV_SERVICE_FWTEST,
++ WMI_TLV_SERVICE_STA_WMMAC,
++ WMI_TLV_SERVICE_TDLS,
++ WMI_TLV_SERVICE_BURST,
++ WMI_TLV_SERVICE_MCC_BCN_INTERVAL_CHANGE,
++ WMI_TLV_SERVICE_ADAPTIVE_OCS,
++ WMI_TLV_SERVICE_BA_SSN_SUPPORT,
++ WMI_TLV_SERVICE_FILTER_IPSEC_NATKEEPALIVE,
++ WMI_TLV_SERVICE_WLAN_HB,
++ WMI_TLV_SERVICE_LTE_ANT_SHARE_SUPPORT,
++ WMI_TLV_SERVICE_BATCH_SCAN,
++ WMI_TLV_SERVICE_QPOWER,
++ WMI_TLV_SERVICE_PLMREQ,
++ WMI_TLV_SERVICE_THERMAL_MGMT,
++ WMI_TLV_SERVICE_RMC,
++ WMI_TLV_SERVICE_MHF_OFFLOAD,
++ WMI_TLV_SERVICE_COEX_SAR,
++ WMI_TLV_SERVICE_BCN_TXRATE_OVERRIDE,
++ WMI_TLV_SERVICE_NAN,
++ WMI_TLV_SERVICE_L1SS_STAT,
++ WMI_TLV_SERVICE_ESTIMATE_LINKSPEED,
++ WMI_TLV_SERVICE_OBSS_SCAN,
++ WMI_TLV_SERVICE_TDLS_OFFCHAN,
++ WMI_TLV_SERVICE_TDLS_UAPSD_BUFFER_STA,
++ WMI_TLV_SERVICE_TDLS_UAPSD_SLEEP_STA,
++ WMI_TLV_SERVICE_IBSS_PWRSAVE,
++ WMI_TLV_SERVICE_LPASS,
++ WMI_TLV_SERVICE_EXTSCAN,
++ WMI_TLV_SERVICE_D0WOW,
++ WMI_TLV_SERVICE_HSOFFLOAD,
++ WMI_TLV_SERVICE_ROAM_HO_OFFLOAD,
++ WMI_TLV_SERVICE_RX_FULL_REORDER,
++ WMI_TLV_SERVICE_DHCP_OFFLOAD,
++ WMI_TLV_SERVICE_STA_RX_IPA_OFFLOAD_SUPPORT,
++ WMI_TLV_SERVICE_MDNS_OFFLOAD,
++ WMI_TLV_SERVICE_SAP_AUTH_OFFLOAD,
++};
++
++#define WMI_SERVICE_IS_ENABLED(wmi_svc_bmap, svc_id, len) \
++ ((svc_id) < (len) && \
++ __le32_to_cpu((wmi_svc_bmap)[(svc_id)/(sizeof(u32))]) & \
++ BIT((svc_id)%(sizeof(u32))))
++
++#define SVCMAP(x, y, len) \
++ do { \
++ if (WMI_SERVICE_IS_ENABLED((in), (x), (len))) \
++ __set_bit(y, out); \
++ } while (0)
++
++static inline void
++wmi_tlv_svc_map(const __le32 *in, unsigned long *out, size_t len)
++{
++ SVCMAP(WMI_TLV_SERVICE_BEACON_OFFLOAD,
++ WMI_SERVICE_BEACON_OFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_SCAN_OFFLOAD,
++ WMI_SERVICE_SCAN_OFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_ROAM_SCAN_OFFLOAD,
++ WMI_SERVICE_ROAM_SCAN_OFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_BCN_MISS_OFFLOAD,
++ WMI_SERVICE_BCN_MISS_OFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_STA_PWRSAVE,
++ WMI_SERVICE_STA_PWRSAVE, len);
++ SVCMAP(WMI_TLV_SERVICE_STA_ADVANCED_PWRSAVE,
++ WMI_SERVICE_STA_ADVANCED_PWRSAVE, len);
++ SVCMAP(WMI_TLV_SERVICE_AP_UAPSD,
++ WMI_SERVICE_AP_UAPSD, len);
++ SVCMAP(WMI_TLV_SERVICE_AP_DFS,
++ WMI_SERVICE_AP_DFS, len);
++ SVCMAP(WMI_TLV_SERVICE_11AC,
++ WMI_SERVICE_11AC, len);
++ SVCMAP(WMI_TLV_SERVICE_BLOCKACK,
++ WMI_SERVICE_BLOCKACK, len);
++ SVCMAP(WMI_TLV_SERVICE_PHYERR,
++ WMI_SERVICE_PHYERR, len);
++ SVCMAP(WMI_TLV_SERVICE_BCN_FILTER,
++ WMI_SERVICE_BCN_FILTER, len);
++ SVCMAP(WMI_TLV_SERVICE_RTT,
++ WMI_SERVICE_RTT, len);
++ SVCMAP(WMI_TLV_SERVICE_WOW,
++ WMI_SERVICE_WOW, len);
++ SVCMAP(WMI_TLV_SERVICE_RATECTRL_CACHE,
++ WMI_SERVICE_RATECTRL_CACHE, len);
++ SVCMAP(WMI_TLV_SERVICE_IRAM_TIDS,
++ WMI_SERVICE_IRAM_TIDS, len);
++ SVCMAP(WMI_TLV_SERVICE_ARPNS_OFFLOAD,
++ WMI_SERVICE_ARPNS_OFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_NLO,
++ WMI_SERVICE_NLO, len);
++ SVCMAP(WMI_TLV_SERVICE_GTK_OFFLOAD,
++ WMI_SERVICE_GTK_OFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_SCAN_SCH,
++ WMI_SERVICE_SCAN_SCH, len);
++ SVCMAP(WMI_TLV_SERVICE_CSA_OFFLOAD,
++ WMI_SERVICE_CSA_OFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_CHATTER,
++ WMI_SERVICE_CHATTER, len);
++ SVCMAP(WMI_TLV_SERVICE_COEX_FREQAVOID,
++ WMI_SERVICE_COEX_FREQAVOID, len);
++ SVCMAP(WMI_TLV_SERVICE_PACKET_POWER_SAVE,
++ WMI_SERVICE_PACKET_POWER_SAVE, len);
++ SVCMAP(WMI_TLV_SERVICE_FORCE_FW_HANG,
++ WMI_SERVICE_FORCE_FW_HANG, len);
++ SVCMAP(WMI_TLV_SERVICE_GPIO,
++ WMI_SERVICE_GPIO, len);
++ SVCMAP(WMI_TLV_SERVICE_STA_DTIM_PS_MODULATED_DTIM,
++ WMI_SERVICE_STA_DTIM_PS_MODULATED_DTIM, len);
++ SVCMAP(WMI_TLV_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG,
++ WMI_SERVICE_STA_UAPSD_BASIC_AUTO_TRIG, len);
++ SVCMAP(WMI_TLV_SERVICE_STA_UAPSD_VAR_AUTO_TRIG,
++ WMI_SERVICE_STA_UAPSD_VAR_AUTO_TRIG, len);
++ SVCMAP(WMI_TLV_SERVICE_STA_KEEP_ALIVE,
++ WMI_SERVICE_STA_KEEP_ALIVE, len);
++ SVCMAP(WMI_TLV_SERVICE_TX_ENCAP,
++ WMI_SERVICE_TX_ENCAP, len);
++ SVCMAP(WMI_TLV_SERVICE_AP_PS_DETECT_OUT_OF_SYNC,
++ WMI_SERVICE_AP_PS_DETECT_OUT_OF_SYNC, len);
++ SVCMAP(WMI_TLV_SERVICE_EARLY_RX,
++ WMI_SERVICE_EARLY_RX, len);
++ SVCMAP(WMI_TLV_SERVICE_STA_SMPS,
++ WMI_SERVICE_STA_SMPS, len);
++ SVCMAP(WMI_TLV_SERVICE_FWTEST,
++ WMI_SERVICE_FWTEST, len);
++ SVCMAP(WMI_TLV_SERVICE_STA_WMMAC,
++ WMI_SERVICE_STA_WMMAC, len);
++ SVCMAP(WMI_TLV_SERVICE_TDLS,
++ WMI_SERVICE_TDLS, len);
++ SVCMAP(WMI_TLV_SERVICE_BURST,
++ WMI_SERVICE_BURST, len);
++ SVCMAP(WMI_TLV_SERVICE_MCC_BCN_INTERVAL_CHANGE,
++ WMI_SERVICE_MCC_BCN_INTERVAL_CHANGE, len);
++ SVCMAP(WMI_TLV_SERVICE_ADAPTIVE_OCS,
++ WMI_SERVICE_ADAPTIVE_OCS, len);
++ SVCMAP(WMI_TLV_SERVICE_BA_SSN_SUPPORT,
++ WMI_SERVICE_BA_SSN_SUPPORT, len);
++ SVCMAP(WMI_TLV_SERVICE_FILTER_IPSEC_NATKEEPALIVE,
++ WMI_SERVICE_FILTER_IPSEC_NATKEEPALIVE, len);
++ SVCMAP(WMI_TLV_SERVICE_WLAN_HB,
++ WMI_SERVICE_WLAN_HB, len);
++ SVCMAP(WMI_TLV_SERVICE_LTE_ANT_SHARE_SUPPORT,
++ WMI_SERVICE_LTE_ANT_SHARE_SUPPORT, len);
++ SVCMAP(WMI_TLV_SERVICE_BATCH_SCAN,
++ WMI_SERVICE_BATCH_SCAN, len);
++ SVCMAP(WMI_TLV_SERVICE_QPOWER,
++ WMI_SERVICE_QPOWER, len);
++ SVCMAP(WMI_TLV_SERVICE_PLMREQ,
++ WMI_SERVICE_PLMREQ, len);
++ SVCMAP(WMI_TLV_SERVICE_THERMAL_MGMT,
++ WMI_SERVICE_THERMAL_MGMT, len);
++ SVCMAP(WMI_TLV_SERVICE_RMC,
++ WMI_SERVICE_RMC, len);
++ SVCMAP(WMI_TLV_SERVICE_MHF_OFFLOAD,
++ WMI_SERVICE_MHF_OFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_COEX_SAR,
++ WMI_SERVICE_COEX_SAR, len);
++ SVCMAP(WMI_TLV_SERVICE_BCN_TXRATE_OVERRIDE,
++ WMI_SERVICE_BCN_TXRATE_OVERRIDE, len);
++ SVCMAP(WMI_TLV_SERVICE_NAN,
++ WMI_SERVICE_NAN, len);
++ SVCMAP(WMI_TLV_SERVICE_L1SS_STAT,
++ WMI_SERVICE_L1SS_STAT, len);
++ SVCMAP(WMI_TLV_SERVICE_ESTIMATE_LINKSPEED,
++ WMI_SERVICE_ESTIMATE_LINKSPEED, len);
++ SVCMAP(WMI_TLV_SERVICE_OBSS_SCAN,
++ WMI_SERVICE_OBSS_SCAN, len);
++ SVCMAP(WMI_TLV_SERVICE_TDLS_OFFCHAN,
++ WMI_SERVICE_TDLS_OFFCHAN, len);
++ SVCMAP(WMI_TLV_SERVICE_TDLS_UAPSD_BUFFER_STA,
++ WMI_SERVICE_TDLS_UAPSD_BUFFER_STA, len);
++ SVCMAP(WMI_TLV_SERVICE_TDLS_UAPSD_SLEEP_STA,
++ WMI_SERVICE_TDLS_UAPSD_SLEEP_STA, len);
++ SVCMAP(WMI_TLV_SERVICE_IBSS_PWRSAVE,
++ WMI_SERVICE_IBSS_PWRSAVE, len);
++ SVCMAP(WMI_TLV_SERVICE_LPASS,
++ WMI_SERVICE_LPASS, len);
++ SVCMAP(WMI_TLV_SERVICE_EXTSCAN,
++ WMI_SERVICE_EXTSCAN, len);
++ SVCMAP(WMI_TLV_SERVICE_D0WOW,
++ WMI_SERVICE_D0WOW, len);
++ SVCMAP(WMI_TLV_SERVICE_HSOFFLOAD,
++ WMI_SERVICE_HSOFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_ROAM_HO_OFFLOAD,
++ WMI_SERVICE_ROAM_HO_OFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_RX_FULL_REORDER,
++ WMI_SERVICE_RX_FULL_REORDER, len);
++ SVCMAP(WMI_TLV_SERVICE_DHCP_OFFLOAD,
++ WMI_SERVICE_DHCP_OFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_STA_RX_IPA_OFFLOAD_SUPPORT,
++ WMI_SERVICE_STA_RX_IPA_OFFLOAD_SUPPORT, len);
++ SVCMAP(WMI_TLV_SERVICE_MDNS_OFFLOAD,
++ WMI_SERVICE_MDNS_OFFLOAD, len);
++ SVCMAP(WMI_TLV_SERVICE_SAP_AUTH_OFFLOAD,
++ WMI_SERVICE_SAP_AUTH_OFFLOAD, len);
++}
++
++#undef SVCMAP
++
++struct wmi_tlv {
++ __le16 len;
++ __le16 tag;
++ u8 value[0];
++} __packed;
++
++#define WMI_TLV_MGMT_RX_NUM_RSSI 4
++
++struct wmi_tlv_mgmt_rx_ev {
++ __le32 channel;
++ __le32 snr;
++ __le32 rate;
++ __le32 phy_mode;
++ __le32 buf_len;
++ __le32 status;
++ __le32 rssi[WMI_TLV_MGMT_RX_NUM_RSSI];
++} __packed;
++
++struct wmi_tlv_abi_version {
++ __le32 abi_ver0;
++ __le32 abi_ver1;
++ __le32 abi_ver_ns0;
++ __le32 abi_ver_ns1;
++ __le32 abi_ver_ns2;
++ __le32 abi_ver_ns3;
++} __packed;
++
++enum wmi_tlv_hw_bd_id {
++ WMI_TLV_HW_BD_LEGACY = 0,
++ WMI_TLV_HW_BD_QCA6174 = 1,
++ WMI_TLV_HW_BD_QCA2582 = 2,
++};
++
++struct wmi_tlv_hw_bd_info {
++ u8 rev;
++ u8 project_id;
++ u8 custom_id;
++ u8 reference_design_id;
++} __packed;
++
++struct wmi_tlv_svc_rdy_ev {
++ __le32 fw_build_vers;
++ struct wmi_tlv_abi_version abi;
++ __le32 phy_capability;
++ __le32 max_frag_entry;
++ __le32 num_rf_chains;
++ __le32 ht_cap_info;
++ __le32 vht_cap_info;
++ __le32 vht_supp_mcs;
++ __le32 hw_min_tx_power;
++ __le32 hw_max_tx_power;
++ __le32 sys_cap_info;
++ __le32 min_pkt_size_enable;
++ __le32 max_bcn_ie_size;
++ __le32 num_mem_reqs;
++ __le32 max_num_scan_chans;
++ __le32 hw_bd_id; /* 0 means hw_bd_info is invalid */
++ struct wmi_tlv_hw_bd_info hw_bd_info[5];
++} __packed;
++
++struct wmi_tlv_rdy_ev {
++ struct wmi_tlv_abi_version abi;
++ struct wmi_mac_addr mac_addr;
++ __le32 status;
++} __packed;
++
++struct wmi_tlv_resource_config {
++ __le32 num_vdevs;
++ __le32 num_peers;
++ __le32 num_offload_peers;
++ __le32 num_offload_reorder_bufs;
++ __le32 num_peer_keys;
++ __le32 num_tids;
++ __le32 ast_skid_limit;
++ __le32 tx_chain_mask;
++ __le32 rx_chain_mask;
++ __le32 rx_timeout_pri[4];
++ __le32 rx_decap_mode;
++ __le32 scan_max_pending_reqs;
++ __le32 bmiss_offload_max_vdev;
++ __le32 roam_offload_max_vdev;
++ __le32 roam_offload_max_ap_profiles;
++ __le32 num_mcast_groups;
++ __le32 num_mcast_table_elems;
++ __le32 mcast2ucast_mode;
++ __le32 tx_dbg_log_size;
++ __le32 num_wds_entries;
++ __le32 dma_burst_size;
++ __le32 mac_aggr_delim;
++ __le32 rx_skip_defrag_timeout_dup_detection_check;
++ __le32 vow_config;
++ __le32 gtk_offload_max_vdev;
++ __le32 num_msdu_desc;
++ __le32 max_frag_entries;
++ __le32 num_tdls_vdevs;
++ __le32 num_tdls_conn_table_entries;
++ __le32 beacon_tx_offload_max_vdev;
++ __le32 num_multicast_filter_entries;
++ __le32 num_wow_filters;
++ __le32 num_keep_alive_pattern;
++ __le32 keep_alive_pattern_size;
++ __le32 max_tdls_concurrent_sleep_sta;
++ __le32 max_tdls_concurrent_buffer_sta;
++} __packed;
++
++struct wmi_tlv_init_cmd {
++ struct wmi_tlv_abi_version abi;
++ __le32 num_host_mem_chunks;
++} __packed;
++
++struct wmi_tlv_pdev_set_param_cmd {
++ __le32 pdev_id; /* not used yet */
++ __le32 param_id;
++ __le32 param_value;
++} __packed;
++
++struct wmi_tlv_pdev_set_rd_cmd {
++ __le32 pdev_id; /* not used yet */
++ __le32 regd;
++ __le32 regd_2ghz;
++ __le32 regd_5ghz;
++ __le32 conform_limit_2ghz;
++ __le32 conform_limit_5ghz;
++} __packed;
++
++struct wmi_tlv_scan_chan_list_cmd {
++ __le32 num_scan_chans;
++} __packed;
++
++struct wmi_tlv_start_scan_cmd {
++ struct wmi_start_scan_common common;
++ __le32 burst_duration_ms;
++ __le32 num_channels;
++ __le32 num_bssids;
++ __le32 num_ssids;
++ __le32 ie_len;
++ __le32 num_probes;
++} __packed;
++
++struct wmi_tlv_vdev_start_cmd {
++ __le32 vdev_id;
++ __le32 requestor_id;
++ __le32 bcn_intval;
++ __le32 dtim_period;
++ __le32 flags;
++ struct wmi_ssid ssid;
++ __le32 bcn_tx_rate;
++ __le32 bcn_tx_power;
++ __le32 num_noa_descr;
++ __le32 disable_hw_ack;
++} __packed;
++
++enum {
++ WMI_TLV_PEER_TYPE_DEFAULT = 0, /* generic / non-BSS / self-peer */
++ WMI_TLV_PEER_TYPE_BSS = 1,
++ WMI_TLV_PEER_TYPE_TDLS = 2,
++ WMI_TLV_PEER_TYPE_HOST_MAX = 127,
++ WMI_TLV_PEER_TYPE_ROAMOFFLOAD_TMP = 128,
++};
++
++struct wmi_tlv_peer_create_cmd {
++ __le32 vdev_id;
++ struct wmi_mac_addr peer_addr;
++ __le32 peer_type;
++} __packed;
++
++struct wmi_tlv_peer_assoc_cmd {
++ struct wmi_mac_addr mac_addr;
++ __le32 vdev_id;
++ __le32 new_assoc;
++ __le32 assoc_id;
++ __le32 flags;
++ __le32 caps;
++ __le32 listen_intval;
++ __le32 ht_caps;
++ __le32 max_mpdu;
++ __le32 mpdu_density;
++ __le32 rate_caps;
++ __le32 nss;
++ __le32 vht_caps;
++ __le32 phy_mode;
++ __le32 ht_info[2];
++ __le32 num_legacy_rates;
++ __le32 num_ht_rates;
++} __packed;
++
++struct wmi_tlv_pdev_suspend {
++ __le32 pdev_id; /* not used yet */
++ __le32 opt;
++} __packed;
++
++struct wmi_tlv_pdev_set_wmm_cmd {
++ __le32 pdev_id; /* not used yet */
++ __le32 dg_type; /* no idea.. */
++} __packed;
++
++struct wmi_tlv_vdev_wmm_params {
++ __le32 dummy;
++ struct wmi_wmm_params params;
++} __packed;
++
++struct wmi_tlv_vdev_set_wmm_cmd {
++ __le32 vdev_id;
++ struct wmi_tlv_vdev_wmm_params vdev_wmm_params[4];
++} __packed;
++
++struct wmi_tlv_phyerr_ev {
++ __le32 num_phyerrs;
++ __le32 tsf_l32;
++ __le32 tsf_u32;
++ __le32 buf_len;
++} __packed;
++
++enum wmi_tlv_dbglog_param {
++ WMI_TLV_DBGLOG_PARAM_LOG_LEVEL = 1,
++ WMI_TLV_DBGLOG_PARAM_VDEV_ENABLE,
++ WMI_TLV_DBGLOG_PARAM_VDEV_DISABLE,
++ WMI_TLV_DBGLOG_PARAM_VDEV_ENABLE_BITMAP,
++ WMI_TLV_DBGLOG_PARAM_VDEV_DISABLE_BITMAP,
++};
++
++enum wmi_tlv_dbglog_log_level {
++ WMI_TLV_DBGLOG_LOG_LEVEL_VERBOSE = 0,
++ WMI_TLV_DBGLOG_LOG_LEVEL_INFO,
++ WMI_TLV_DBGLOG_LOG_LEVEL_INFO_LVL_1,
++ WMI_TLV_DBGLOG_LOG_LEVEL_INFO_LVL_2,
++ WMI_TLV_DBGLOG_LOG_LEVEL_WARN,
++ WMI_TLV_DBGLOG_LOG_LEVEL_ERR,
++};
++
++#define WMI_TLV_DBGLOG_BITMAP_MAX_IDS 512
++#define WMI_TLV_DBGLOG_BITMAP_MAX_WORDS (WMI_TLV_DBGLOG_BITMAP_MAX_IDS / \
++ sizeof(__le32))
++#define WMI_TLV_DBGLOG_ALL_MODULES 0xffff
++#define WMI_TLV_DBGLOG_LOG_LEVEL_VALUE(module_id, log_level) \
++ (((module_id << 16) & 0xffff0000) | \
++ ((log_level << 0) & 0x000000ff))
++
++struct wmi_tlv_dbglog_cmd {
++ __le32 param;
++ __le32 value;
++} __packed;
++
++struct wmi_tlv_resume_cmd {
++ __le32 reserved;
++} __packed;
++
++struct wmi_tlv_req_stats_cmd {
++ __le32 stats_id; /* wmi_stats_id */
++ __le32 vdev_id;
++ struct wmi_mac_addr peer_macaddr;
++} __packed;
++
++struct wmi_tlv_vdev_stats {
++ __le32 vdev_id;
++ __le32 beacon_snr;
++ __le32 data_snr;
++ __le32 num_tx_frames[4]; /* per-AC */
++ __le32 num_rx_frames;
++ __le32 num_tx_frames_retries[4];
++ __le32 num_tx_frames_failures[4];
++ __le32 num_rts_fail;
++ __le32 num_rts_success;
++ __le32 num_rx_err;
++ __le32 num_rx_discard;
++ __le32 num_tx_not_acked;
++ __le32 tx_rate_history[10];
++ __le32 beacon_rssi_history[10];
++} __packed;
++
++struct wmi_tlv_pktlog_enable {
++ __le32 reserved;
++ __le32 filter;
++} __packed;
++
++struct wmi_tlv_pktlog_disable {
++ __le32 reserved;
++} __packed;
++
++enum wmi_tlv_bcn_tx_status {
++ WMI_TLV_BCN_TX_STATUS_OK,
++ WMI_TLV_BCN_TX_STATUS_XRETRY,
++ WMI_TLV_BCN_TX_STATUS_DROP,
++ WMI_TLV_BCN_TX_STATUS_FILTERED,
++};
++
++struct wmi_tlv_bcn_tx_status_ev {
++ __le32 vdev_id;
++ __le32 tx_status;
++} __packed;
++
++struct wmi_tlv_bcn_prb_info {
++ __le32 caps;
++ __le32 erp;
++ u8 ies[0];
++} __packed;
++
++struct wmi_tlv_bcn_tmpl_cmd {
++ __le32 vdev_id;
++ __le32 tim_ie_offset;
++ __le32 buf_len;
++} __packed;
++
++struct wmi_tlv_prb_tmpl_cmd {
++ __le32 vdev_id;
++ __le32 buf_len;
++} __packed;
++
++struct wmi_tlv_p2p_go_bcn_ie {
++ __le32 vdev_id;
++ __le32 ie_len;
++} __packed;
++
++enum wmi_tlv_diag_item_type {
++ WMI_TLV_DIAG_ITEM_TYPE_FW_EVENT,
++ WMI_TLV_DIAG_ITEM_TYPE_FW_LOG,
++ WMI_TLV_DIAG_ITEM_TYPE_FW_DEBUG_MSG,
++};
++
++struct wmi_tlv_diag_item {
++ u8 type;
++ u8 reserved;
++ __le16 len;
++ __le32 timestamp;
++ __le32 code;
++ u8 payload[0];
++} __packed;
++
++struct wmi_tlv_diag_data_ev {
++ __le32 num_items;
++} __packed;
++
++struct wmi_tlv_sta_keepalive_cmd {
++ __le32 vdev_id;
++ __le32 enabled;
++ __le32 method; /* WMI_STA_KEEPALIVE_METHOD_ */
++ __le32 interval; /* in seconds */
++} __packed;
++
++struct wmi_tlv_stats_ev {
++ __le32 stats_id; /* WMI_STAT_ */
++ __le32 num_pdev_stats;
++ __le32 num_vdev_stats;
++ __le32 num_peer_stats;
++ __le32 num_bcnflt_stats;
++ __le32 num_chan_stats;
++} __packed;
++
++void ath10k_wmi_tlv_attach(struct ath10k *ar);
++
++#endif
+--- a/backport-include/linux/etherdevice.h
++++ b/backport-include/linux/etherdevice.h
+@@ -148,6 +148,29 @@ static inline bool ether_addr_equal_unal
+ return memcmp(addr1, addr2, ETH_ALEN) == 0;
+ #endif
+ }
++
++/**
++ * ether_addr_copy - Copy an Ethernet address
++ * @dst: Pointer to a six-byte array Ethernet address destination
++ * @src: Pointer to a six-byte array Ethernet address source
++ *
++ * Please note: dst & src must both be aligned to u16.
++ */
++#define ether_addr_copy LINUX_BACKPORT(ether_addr_copy)
++static inline void ether_addr_copy(u8 *dst, const u8 *src)
++{
++#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
++ *(u32 *)dst = *(const u32 *)src;
++ *(u16 *)(dst + 4) = *(const u16 *)(src + 4);
++#else
++ u16 *a = (u16 *)dst;
++ const u16 *b = (const u16 *)src;
++
++ a[0] = b[0];
++ a[1] = b[1];
++ a[2] = b[2];
++#endif
++}
+ #endif /* LINUX_VERSION_CODE < KERNEL_VERSION(3,14,0) */
+
+ #endif /* _BACKPORT_LINUX_ETHERDEVICE_H */
+--- a/drivers/net/wireless/ath/spectral_common.h
++++ b/drivers/net/wireless/ath/spectral_common.h
+@@ -20,6 +20,11 @@
+ #define SPECTRAL_HT20_NUM_BINS 56
+ #define SPECTRAL_HT20_40_NUM_BINS 128
+
++/* TODO: could possibly be 512, but no samples this large
++ * could be acquired so far.
++ */
++#define SPECTRAL_ATH10K_MAX_NUM_BINS 256
++
+ /* FFT sample format given to userspace via debugfs.
+ *
+ * Please keep the type/length at the front position and change
+@@ -31,6 +36,7 @@
+ enum ath_fft_sample_type {
+ ATH_FFT_SAMPLE_HT20 = 1,
+ ATH_FFT_SAMPLE_HT20_40,
++ ATH_FFT_SAMPLE_ATH10K,
+ };
+
+ struct fft_sample_tlv {
+@@ -85,4 +91,23 @@ struct fft_sample_ht20_40 {
+ u8 data[SPECTRAL_HT20_40_NUM_BINS];
+ } __packed;
+
++struct fft_sample_ath10k {
++ struct fft_sample_tlv tlv;
++ u8 chan_width_mhz;
++ __be16 freq1;
++ __be16 freq2;
++ __be16 noise;
++ __be16 max_magnitude;
++ __be16 total_gain_db;
++ __be16 base_pwr_db;
++ __be64 tsf;
++ s8 max_index;
++ u8 rssi;
++ u8 relpwr_db;
++ u8 avgpwr_db;
++ u8 max_exp;
++
++ u8 data[0];
++} __packed;
++
+ #endif /* SPECTRAL_COMMON_H */
+--- a/compat/backport-3.13.c
++++ b/compat/backport-3.13.c
+@@ -12,6 +12,10 @@
+ #include <linux/version.h>
+ #include <linux/kernel.h>
+ #include <net/genetlink.h>
++#include <linux/delay.h>
++#include <linux/pci.h>
++#include <linux/device.h>
++#include <linux/hwmon.h>
+
+ #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,5,0))
+ #ifdef CPTCFG_REGULATOR
+@@ -200,3 +204,103 @@ bool __net_get_random_once(void *buf, in
+ }
+ EXPORT_SYMBOL_GPL(__net_get_random_once);
+ #endif /* __BACKPORT_NET_GET_RANDOM_ONCE */
++
++#ifdef CPTCFG_PCI
++#define pci_bus_read_dev_vendor_id LINUX_BACKPORT(pci_bus_read_dev_vendor_id)
++static bool pci_bus_read_dev_vendor_id(struct pci_bus *bus, int devfn, u32 *l,
++ int crs_timeout)
++{
++ int delay = 1;
++
++ if (pci_bus_read_config_dword(bus, devfn, PCI_VENDOR_ID, l))
++ return false;
++
++ /* some broken boards return 0 or ~0 if a slot is empty: */
++ if (*l == 0xffffffff || *l == 0x00000000 ||
++ *l == 0x0000ffff || *l == 0xffff0000)
++ return false;
++
++ /*
++ * Configuration Request Retry Status. Some root ports return the
++ * actual device ID instead of the synthetic ID (0xFFFF) required
++ * by the PCIe spec. Ignore the device ID and only check for
++ * (vendor id == 1).
++ */
++ while ((*l & 0xffff) == 0x0001) {
++ if (!crs_timeout)
++ return false;
++
++ msleep(delay);
++ delay *= 2;
++ if (pci_bus_read_config_dword(bus, devfn, PCI_VENDOR_ID, l))
++ return false;
++ /* Card hasn't responded in 60 seconds? Must be stuck. */
++ if (delay > crs_timeout) {
++ printk(KERN_WARNING "pci %04x:%02x:%02x.%d: not responding\n",
++ pci_domain_nr(bus), bus->number, PCI_SLOT(devfn),
++ PCI_FUNC(devfn));
++ return false;
++ }
++ }
++
++ return true;
++}
++
++bool pci_device_is_present(struct pci_dev *pdev)
++{
++ u32 v;
++
++ return pci_bus_read_dev_vendor_id(pdev->bus, pdev->devfn, &v, 0);
++}
++EXPORT_SYMBOL_GPL(pci_device_is_present);
++#endif /* CPTCFG_PCI */
++
++#ifdef CPTCFG_HWMON
++struct device*
++hwmon_device_register_with_groups(struct device *dev, const char *name,
++ void *drvdata,
++ const struct attribute_group **groups)
++{
++ struct device *hwdev;
++
++ hwdev = hwmon_device_register(dev);
++ hwdev->groups = groups;
++ dev_set_drvdata(hwdev, drvdata);
++ return hwdev;
++}
++
++static void devm_hwmon_release(struct device *dev, void *res)
++{
++ struct device *hwdev = *(struct device **)res;
++
++ hwmon_device_unregister(hwdev);
++}
++
++struct device *
++devm_hwmon_device_register_with_groups(struct device *dev, const char *name,
++ void *drvdata,
++ const struct attribute_group **groups)
++{
++ struct device **ptr, *hwdev;
++
++ if (!dev)
++ return ERR_PTR(-EINVAL);
++
++ ptr = devres_alloc(devm_hwmon_release, sizeof(*ptr), GFP_KERNEL);
++ if (!ptr)
++ return ERR_PTR(-ENOMEM);
++
++ hwdev = hwmon_device_register_with_groups(dev, name, drvdata, groups);
++ if (IS_ERR(hwdev))
++ goto error;
++
++ *ptr = hwdev;
++ devres_add(dev, ptr);
++ return hwdev;
++
++error:
++ devres_free(ptr);
++ return hwdev;
++}
++EXPORT_SYMBOL_GPL(devm_hwmon_device_register_with_groups);
++#endif
+--- /dev/null
++++ b/backport-include/linux/hwmon.h
+@@ -0,0 +1,34 @@
++#ifndef __BACKPORT_LINUX_HWMON_H
++#define __BACKPORT_LINUX_HWMON_H
++#include_next <linux/hwmon.h>
++#include <linux/version.h>
++
++#if LINUX_VERSION_CODE < KERNEL_VERSION(3,13,0)
++/*
++ * Backports
++ *
++ * commit bab2243ce1897865e31ea6d59b0478391f51812b
++ * Author: Guenter Roeck <linux@roeck-us.net>
++ * Date: Sat Jul 6 13:57:23 2013 -0700
++ *
++ * hwmon: Introduce hwmon_device_register_with_groups
++ *
++ * hwmon_device_register_with_groups() lets callers register a hwmon device
++ * together with all sysfs attributes in a single call.
++ *
++ * When using hwmon_device_register_with_groups(), hwmon attributes are attached
++ * to the hwmon device directly and no longer with its parent device.
++ *
++ * Signed-off-by: Guenter Roeck <linux@roeck-us.net>
++ */
++struct device *
++hwmon_device_register_with_groups(struct device *dev, const char *name,
++ void *drvdata,
++ const struct attribute_group **groups);
++struct device *
++devm_hwmon_device_register_with_groups(struct device *dev, const char *name,
++ void *drvdata,
++ const struct attribute_group **groups);
++#endif /* LINUX_VERSION_CODE < KERNEL_VERSION(3,13,0) */
++
++#endif /* __BACKPORT_LINUX_HWMON_H */
diff --git a/package/kernel/mac80211/patches/920-ath10k_allow_fallback_to_board_bin_on_empty_otp_stream.patch b/package/kernel/mac80211/patches/920-ath10k_allow_fallback_to_board_bin_on_empty_otp_stream.patch
index 6a5c766..6a3d2a4 100644
--- a/package/kernel/mac80211/patches/920-ath10k_allow_fallback_to_board_bin_on_empty_otp_stream.patch
+++ b/package/kernel/mac80211/patches/920-ath10k_allow_fallback_to_board_bin_on_empty_otp_stream.patch
@@ -1,14 +1,14 @@
--- a/drivers/net/wireless/ath/ath10k/core.c
+++ b/drivers/net/wireless/ath/ath10k/core.c
-@@ -277,7 +277,10 @@ static int ath10k_download_and_run_otp(s
+@@ -387,7 +387,10 @@ static int ath10k_download_and_run_otp(s
- ath10k_dbg(ATH10K_DBG_BOOT, "boot otp execute result %d\n", result);
+ ath10k_dbg(ar, ATH10K_DBG_BOOT, "boot otp execute result %d\n", result);
-- if (result != 0) {
+- if (!skip_otp && result != 0) {
+ if (result == 2) {
-+ ath10k_warn("otp stream is empty, using board.bin contents");
++ ath10k_warn(ar, "otp stream is empty, using board.bin contents");
+ return 0;
-+ } else if (result != 0) {
- ath10k_err("otp calibration failed: %d", result);
++ } else if (!skip_otp && result != 0) {
+ ath10k_err(ar, "otp calibration failed: %d", result);
return -EINVAL;
}
diff --git a/package/kernel/mac80211/patches/921-ath10k_init_devices_synchronously.patch b/package/kernel/mac80211/patches/921-ath10k_init_devices_synchronously.patch
new file mode 100644
index 0000000..c664faa
--- /dev/null
+++ b/package/kernel/mac80211/patches/921-ath10k_init_devices_synchronously.patch
@@ -0,0 +1,33 @@
+From: Sven Eckelmann <sven@open-mesh.com>
+Date: Tue, 18 Nov 2014 12:29:28 +0100
+Subject: [PATCH] ath10k: Don't initialize devices asynchronously
+
+OpenWrt requires all PHYs to be initialized to create the configuration files
+during bootup. ath10k violates this because it delays the creation of the PHY
+to a not well defined point in the future.
+
+Forcing the work to be done immediately works around this problem but may also
+delay the boot when firmware images cannot be found.
+
+Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
+---
+
+--- a/drivers/net/wireless/ath/ath10k/core.c
++++ b/drivers/net/wireless/ath/ath10k/core.c
+@@ -1321,6 +1321,16 @@ int ath10k_core_register(struct ath10k *
+ ar->chip_id = chip_id;
+ queue_work(ar->workqueue, &ar->register_work);
+
++ /* OpenWrt requires all PHYs to be initialized to create the
++ * configuration files during bootup. ath10k violates this
++ * because it delays the creation of the PHY to a not well defined
++ * point in the future.
++ *
++ * Forcing the work to be done immediately works around this problem
++ * but may also delay the boot when firmware images cannot be found.
++ */
++ flush_workqueue(ar->workqueue);
++
+ return 0;
+ }
+ EXPORT_SYMBOL(ath10k_core_register);
diff --git a/package/kernel/mac80211/patches/930-ath10k_add_tpt_led_trigger.patch b/package/kernel/mac80211/patches/930-ath10k_add_tpt_led_trigger.patch
new file mode 100644
index 0000000..54174b1
--- /dev/null
+++ b/package/kernel/mac80211/patches/930-ath10k_add_tpt_led_trigger.patch
@@ -0,0 +1,37 @@
+--- a/drivers/net/wireless/ath/ath10k/mac.c
++++ b/drivers/net/wireless/ath/ath10k/mac.c
+@@ -5405,6 +5405,21 @@ struct ath10k_vif *ath10k_get_arvif(stru
+ return arvif_iter.arvif;
+ }
+
++#ifdef CPTCFG_MAC80211_LEDS
++static const struct ieee80211_tpt_blink ath10k_tpt_blink[] = {
++ { .throughput = 0 * 1024, .blink_time = 334 },
++ { .throughput = 1 * 1024, .blink_time = 260 },
++ { .throughput = 2 * 1024, .blink_time = 220 },
++ { .throughput = 5 * 1024, .blink_time = 190 },
++ { .throughput = 10 * 1024, .blink_time = 170 },
++ { .throughput = 25 * 1024, .blink_time = 150 },
++ { .throughput = 54 * 1024, .blink_time = 130 },
++ { .throughput = 120 * 1024, .blink_time = 110 },
++ { .throughput = 265 * 1024, .blink_time = 80 },
++ { .throughput = 586 * 1024, .blink_time = 50 },
++};
++#endif
++
+ int ath10k_mac_register(struct ath10k *ar)
+ {
+ struct ieee80211_supported_band *band;
+@@ -5567,6 +5582,12 @@ int ath10k_mac_register(struct ath10k *a
+ goto err_free;
+ }
+
++#if CPTCFG_MAC80211_LEDS
++ ieee80211_create_tpt_led_trigger(ar->hw,
++ IEEE80211_TPT_LEDTRIG_FL_RADIO, ath10k_tpt_blink,
++ ARRAY_SIZE(ath10k_tpt_blink));
++#endif
++
+ ret = ieee80211_register_hw(ar->hw);
+ if (ret) {
+ ath10k_err(ar, "failed to register ieee80211: %d\n", ret);
diff --git a/package/kernel/mac80211/patches/950-ath10k_AP_IBSS.patch b/package/kernel/mac80211/patches/950-ath10k_AP_IBSS.patch
new file mode 100644
index 0000000..0011b5d
--- /dev/null
+++ b/package/kernel/mac80211/patches/950-ath10k_AP_IBSS.patch
@@ -0,0 +1,32 @@
+--- a/drivers/net/wireless/ath/ath10k/mac.c
++++ b/drivers/net/wireless/ath/ath10k/mac.c
+@@ -5253,6 +5253,10 @@ static const struct ieee80211_iface_limi
+ .max = 7,
+ .types = BIT(NL80211_IFTYPE_AP)
+ },
++ {
++ .max = 1,
++ .types = BIT(NL80211_IFTYPE_ADHOC)
++ },
+ };
+
+ static const struct ieee80211_iface_limit ath10k_10x_if_limits[] = {
+@@ -5260,6 +5264,10 @@ static const struct ieee80211_iface_limi
+ .max = 8,
+ .types = BIT(NL80211_IFTYPE_AP)
+ },
++ {
++ .max = 1,
++ .types = BIT(NL80211_IFTYPE_ADHOC)
++ },
+ };
+
+ static const struct ieee80211_iface_combination ath10k_if_comb[] = {
+@@ -5555,6 +5563,7 @@ int ath10k_mac_register(struct ath10k *a
+ ar->hw->wiphy->iface_combinations = ath10k_10x_if_comb;
+ ar->hw->wiphy->n_iface_combinations =
+ ARRAY_SIZE(ath10k_10x_if_comb);
++ ar->hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_ADHOC);
+ break;
+ case ATH10K_FW_WMI_OP_VERSION_UNSET:
+ case ATH10K_FW_WMI_OP_VERSION_MAX:
Reference in New Issue View Git Blame Copy Permalink