~hc/RK356X_SDK_RELEASE.git

..	..	@@ -5,10 +5,9 @@
5	5	*
6	6	* GPL LICENSE SUMMARY
7	7	*
8		- * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
9	8	* Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
10	9	* Copyright(c) 2016 - 2017 Intel Deutschland GmbH
11		- * Copyright(c) 2018 Intel Corporation
	10	+ * Copyright(c) 2012 - 2014, 2018 - 2020 Intel Corporation
12	11	*
13	12	* This program is free software; you can redistribute it and/or modify
14	13	* it under the terms of version 2 of the GNU General Public License as
..	..	@@ -19,11 +18,6 @@
19	18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20	19	* General Public License for more details.
21	20	*
22		- * You should have received a copy of the GNU General Public License
23		- * along with this program; if not, write to the Free Software
24		- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110,
25		- * USA
26		- *
27	21	* The full GNU General Public License is included in this distribution
28	22	* in the file called COPYING.
29	23	*
..	..	@@ -33,10 +27,9 @@
33	27	*
34	28	* BSD LICENSE
35	29	*
36		- * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved.
37	30	* Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH
38	31	* Copyright(c) 2016 - 2017 Intel Deutschland GmbH
39		- * Copyright(c) 2018 Intel Corporation
	32	+ * Copyright(c) 2012 - 2014, 2018 - 2020 Intel Corporation
40	33	* All rights reserved.
41	34	*
42	35	* Redistribution and use in source and binary forms, with or without
..	..	@@ -78,6 +71,7 @@
78	71	#include <net/ieee80211_radiotap.h>
79	72	#include <net/tcp.h>
80	73
	74	+#include "iwl-drv.h"
81	75	#include "iwl-op-mode.h"
82	76	#include "iwl-io.h"
83	77	#include "mvm.h"
..	..	@@ -189,90 +183,37 @@
189	183	};
190	184	#endif
191	185
192		-void iwl_mvm_ref(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type)
193		-{
194		- if (!iwl_mvm_is_d0i3_supported(mvm))
195		- return;
	186	+static const struct cfg80211_pmsr_capabilities iwl_mvm_pmsr_capa = {
	187	+ .max_peers = IWL_MVM_TOF_MAX_APS,
	188	+ .report_ap_tsf = 1,
	189	+ .randomize_mac_addr = 1,
196	190
197		- IWL_DEBUG_RPM(mvm, "Take mvm reference - type %d\n", ref_type);
198		- spin_lock_bh(&mvm->refs_lock);
199		- mvm->refs[ref_type]++;
200		- spin_unlock_bh(&mvm->refs_lock);
201		- iwl_trans_ref(mvm->trans);
202		-}
	191	+ .ftm = {
	192	+ .supported = 1,
	193	+ .asap = 1,
	194	+ .non_asap = 1,
	195	+ .request_lci = 1,
	196	+ .request_civicloc = 1,
	197	+ .trigger_based = 1,
	198	+ .non_trigger_based = 1,
	199	+ .max_bursts_exponent = -1, /* all supported */
	200	+ .max_ftms_per_burst = 0, /* no limits */
	201	+ .bandwidths = BIT(NL80211_CHAN_WIDTH_20_NOHT) \|
	202	+ BIT(NL80211_CHAN_WIDTH_20) \|
	203	+ BIT(NL80211_CHAN_WIDTH_40) \|
	204	+ BIT(NL80211_CHAN_WIDTH_80),
	205	+ .preambles = BIT(NL80211_PREAMBLE_LEGACY) \|
	206	+ BIT(NL80211_PREAMBLE_HT) \|
	207	+ BIT(NL80211_PREAMBLE_VHT) \|
	208	+ BIT(NL80211_PREAMBLE_HE),
	209	+ },
	210	+};
203	211
204		-void iwl_mvm_unref(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type)
205		-{
206		- if (!iwl_mvm_is_d0i3_supported(mvm))
207		- return;
208		-
209		- IWL_DEBUG_RPM(mvm, "Leave mvm reference - type %d\n", ref_type);
210		- spin_lock_bh(&mvm->refs_lock);
211		- if (WARN_ON(!mvm->refs[ref_type])) {
212		- spin_unlock_bh(&mvm->refs_lock);
213		- return;
214		- }
215		- mvm->refs[ref_type]--;
216		- spin_unlock_bh(&mvm->refs_lock);
217		- iwl_trans_unref(mvm->trans);
218		-}
219		-
220		-static void iwl_mvm_unref_all_except(struct iwl_mvm *mvm,
221		- enum iwl_mvm_ref_type except_ref)
222		-{
223		- int i, j;
224		-
225		- if (!iwl_mvm_is_d0i3_supported(mvm))
226		- return;
227		-
228		- spin_lock_bh(&mvm->refs_lock);
229		- for (i = 0; i < IWL_MVM_REF_COUNT; i++) {
230		- if (except_ref == i \|\| !mvm->refs[i])
231		- continue;
232		-
233		- IWL_DEBUG_RPM(mvm, "Cleanup: remove mvm ref type %d (%d)\n",
234		- i, mvm->refs[i]);
235		- for (j = 0; j < mvm->refs[i]; j++)
236		- iwl_trans_unref(mvm->trans);
237		- mvm->refs[i] = 0;
238		- }
239		- spin_unlock_bh(&mvm->refs_lock);
240		-}
241		-
242		-bool iwl_mvm_ref_taken(struct iwl_mvm *mvm)
243		-{
244		- int i;
245		- bool taken = false;
246		-
247		- if (!iwl_mvm_is_d0i3_supported(mvm))
248		- return true;
249		-
250		- spin_lock_bh(&mvm->refs_lock);
251		- for (i = 0; i < IWL_MVM_REF_COUNT; i++) {
252		- if (mvm->refs[i]) {
253		- taken = true;
254		- break;
255		- }
256		- }
257		- spin_unlock_bh(&mvm->refs_lock);
258		-
259		- return taken;
260		-}
261		-
262		-int iwl_mvm_ref_sync(struct iwl_mvm *mvm, enum iwl_mvm_ref_type ref_type)
263		-{
264		- iwl_mvm_ref(mvm, ref_type);
265		-
266		- if (!wait_event_timeout(mvm->d0i3_exit_waitq,
267		- !test_bit(IWL_MVM_STATUS_IN_D0I3, &mvm->status),
268		- HZ)) {
269		- WARN_ON_ONCE(1);
270		- iwl_mvm_unref(mvm, ref_type);
271		- return -EIO;
272		- }
273		-
274		- return 0;
275		-}
	212	+static int __iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
	213	+ enum set_key_cmd cmd,
	214	+ struct ieee80211_vif *vif,
	215	+ struct ieee80211_sta *sta,
	216	+ struct ieee80211_key_conf *key);
276	217
277	218	static void iwl_mvm_reset_phy_ctxts(struct iwl_mvm *mvm)
278	219	{
..	..	@@ -294,6 +235,7 @@
294	235	struct ieee80211_hw *hw = wiphy_to_ieee80211_hw(wiphy);
295	236	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
296	237	struct iwl_mcc_update_resp *resp;
	238	+ u8 resp_ver;
297	239
298	240	IWL_DEBUG_LAR(mvm, "Getting regdomain data for %s from FW\n", alpha2);
299	241
..	..	@@ -312,13 +254,16 @@
312	254	*changed = (status == MCC_RESP_NEW_CHAN_PROFILE \|\|
313	255	status == MCC_RESP_ILLEGAL);
314	256	}
	257	+ resp_ver = iwl_fw_lookup_notif_ver(mvm->fw, IWL_ALWAYS_LONG_GROUP,
	258	+ MCC_UPDATE_CMD, 0);
	259	+ IWL_DEBUG_LAR(mvm, "MCC update response version: %d\n", resp_ver);
315	260
316	261	regd = iwl_parse_nvm_mcc_info(mvm->trans->dev, mvm->cfg,
317	262	__le32_to_cpu(resp->n_channels),
318	263	resp->channels,
319	264	__le16_to_cpu(resp->mcc),
320	265	__le16_to_cpu(resp->geo_info),
321		- __le16_to_cpu(resp->cap));
	266	+ __le16_to_cpu(resp->cap), resp_ver);
322	267	/* Store the return source id */
323	268	src_id = resp->source_id;
324	269	kfree(resp);
..	..	@@ -401,6 +346,30 @@
401	346	return ret;
402	347	}
403	348
	349	+static const u8 he_if_types_ext_capa_sta[] = {
	350	+ [0] = WLAN_EXT_CAPA1_EXT_CHANNEL_SWITCHING,
	351	+ [2] = WLAN_EXT_CAPA3_MULTI_BSSID_SUPPORT,
	352	+ [7] = WLAN_EXT_CAPA8_OPMODE_NOTIF,
	353	+};
	354	+
	355	+static const struct wiphy_iftype_ext_capab he_iftypes_ext_capa[] = {
	356	+ {
	357	+ .iftype = NL80211_IFTYPE_STATION,
	358	+ .extended_capabilities = he_if_types_ext_capa_sta,
	359	+ .extended_capabilities_mask = he_if_types_ext_capa_sta,
	360	+ .extended_capabilities_len = sizeof(he_if_types_ext_capa_sta),
	361	+ },
	362	+};
	363	+
	364	+static int
	365	+iwl_mvm_op_get_antenna(struct ieee80211_hw hw, u32 tx_ant, u32 *rx_ant)
	366	+{
	367	+ struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
	368	+ *tx_ant = iwl_mvm_get_valid_tx_ant(mvm);
	369	+ *rx_ant = iwl_mvm_get_valid_rx_ant(mvm);
	370	+ return 0;
	371	+}
	372	+
404	373	int iwl_mvm_mac_setup_register(struct iwl_mvm *mvm)
405	374	{
406	375	struct ieee80211_hw *hw = mvm->hw;
..	..	@@ -411,12 +380,15 @@
411	380	WLAN_CIPHER_SUITE_TKIP,
412	381	WLAN_CIPHER_SUITE_CCMP,
413	382	};
	383	+#ifdef CONFIG_PM_SLEEP
	384	+ bool unified = fw_has_capa(&mvm->fw->ucode_capa,
	385	+ IWL_UCODE_TLV_CAPA_CNSLDTD_D3_D0_IMG);
	386	+#endif
414	387
415	388	/* Tell mac80211 our characteristics */
416	389	ieee80211_hw_set(hw, SIGNAL_DBM);
417	390	ieee80211_hw_set(hw, SPECTRUM_MGMT);
418	391	ieee80211_hw_set(hw, REPORTS_TX_ACK_STATUS);
419		- ieee80211_hw_set(hw, QUEUE_CONTROL);
420	392	ieee80211_hw_set(hw, WANT_MONITOR_VIF);
421	393	ieee80211_hw_set(hw, SUPPORTS_PS);
422	394	ieee80211_hw_set(hw, SUPPORTS_DYNAMIC_PS);
..	..	@@ -429,6 +401,23 @@
429	401	ieee80211_hw_set(hw, SUPPORTS_AMSDU_IN_AMPDU);
430	402	ieee80211_hw_set(hw, NEEDS_UNIQUE_STA_ADDR);
431	403	ieee80211_hw_set(hw, DEAUTH_NEED_MGD_TX_PREP);
	404	+ ieee80211_hw_set(hw, SUPPORTS_VHT_EXT_NSS_BW);
	405	+ ieee80211_hw_set(hw, BUFF_MMPDU_TXQ);
	406	+ ieee80211_hw_set(hw, STA_MMPDU_TXQ);
	407	+ /*
	408	+ * On older devices, enabling TX A-MSDU occasionally leads to
	409	+ * something getting messed up, the command read from the FIFO
	410	+ * gets out of sync and isn't a TX command, so that we have an
	411	+ * assert EDC.
	412	+ *
	413	+ * It's not clear where the bug is, but since we didn't used to
	414	+ * support A-MSDU until moving the mac80211 iTXQs, just leave it
	415	+ * for older devices. We also don't see this issue on any newer
	416	+ * devices.
	417	+ */
	418	+ if (mvm->trans->trans_cfg->device_family >= IWL_DEVICE_FAMILY_9000)
	419	+ ieee80211_hw_set(hw, TX_AMSDU);
	420	+ ieee80211_hw_set(hw, TX_FRAG_LIST);
432	421
433	422	if (iwl_mvm_has_tlc_offload(mvm)) {
434	423	ieee80211_hw_set(hw, TX_AMPDU_SETUP_IN_HW);
..	..	@@ -474,6 +463,7 @@
474	463
475	464	hw->uapsd_queues = IWL_MVM_UAPSD_QUEUES;
476	465	hw->uapsd_max_sp_len = IWL_UAPSD_MAX_SP;
	466	+ hw->max_tx_fragments = mvm->trans->max_skb_frags;
477	467
478	468	BUILD_BUG_ON(ARRAY_SIZE(mvm->ciphers) < ARRAY_SIZE(mvm_ciphers) + 6);
479	469	memcpy(mvm->ciphers, mvm_ciphers, sizeof(mvm_ciphers));
..	..	@@ -489,23 +479,23 @@
489	479	hw->wiphy->n_cipher_suites++;
490	480	}
491	481
492		- /* Enable 11w if software crypto is not enabled (as the
493		- * firmware will interpret some mgmt packets, so enabling it
494		- * with software crypto isn't safe).
495		- */
496		- if (!iwlwifi_mod_params.swcrypto) {
497		- ieee80211_hw_set(hw, MFP_CAPABLE);
	482	+ if (iwlwifi_mod_params.swcrypto)
	483	+ IWL_ERR(mvm,
	484	+ "iwlmvm doesn't allow to disable HW crypto, check swcrypto module parameter\n");
	485	+ if (!iwlwifi_mod_params.bt_coex_active)
	486	+ IWL_ERR(mvm,
	487	+ "iwlmvm doesn't allow to disable BT Coex, check bt_coex_active module parameter\n");
	488	+
	489	+ ieee80211_hw_set(hw, MFP_CAPABLE);
	490	+ mvm->ciphers[hw->wiphy->n_cipher_suites] = WLAN_CIPHER_SUITE_AES_CMAC;
	491	+ hw->wiphy->n_cipher_suites++;
	492	+ if (iwl_mvm_has_new_rx_api(mvm)) {
498	493	mvm->ciphers[hw->wiphy->n_cipher_suites] =
499		- WLAN_CIPHER_SUITE_AES_CMAC;
	494	+ WLAN_CIPHER_SUITE_BIP_GMAC_128;
500	495	hw->wiphy->n_cipher_suites++;
501		- if (iwl_mvm_has_new_rx_api(mvm)) {
502		- mvm->ciphers[hw->wiphy->n_cipher_suites] =
503		- WLAN_CIPHER_SUITE_BIP_GMAC_128;
504		- hw->wiphy->n_cipher_suites++;
505		- mvm->ciphers[hw->wiphy->n_cipher_suites] =
506		- WLAN_CIPHER_SUITE_BIP_GMAC_256;
507		- hw->wiphy->n_cipher_suites++;
508		- }
	496	+ mvm->ciphers[hw->wiphy->n_cipher_suites] =
	497	+ WLAN_CIPHER_SUITE_BIP_GMAC_256;
	498	+ hw->wiphy->n_cipher_suites++;
509	499	}
510	500
511	501	/* currently FW API supports only one optional cipher scheme */
..	..	@@ -530,6 +520,13 @@
530	520	hw->wiphy->n_cipher_suites++;
531	521	}
532	522
	523	+ if (fw_has_capa(&mvm->fw->ucode_capa,
	524	+ IWL_UCODE_TLV_CAPA_FTM_CALIBRATED)) {
	525	+ wiphy_ext_feature_set(hw->wiphy,
	526	+ NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
	527	+ hw->wiphy->pmsr_capa = &iwl_mvm_pmsr_capa;
	528	+ }
	529	+
533	530	ieee80211_hw_set(hw, SINGLE_SCAN_ON_ALL_BANDS);
534	531	hw->wiphy->features \|=
535	532	NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR \|
..	..	@@ -539,6 +536,7 @@
539	536	hw->sta_data_size = sizeof(struct iwl_mvm_sta);
540	537	hw->vif_data_size = sizeof(struct iwl_mvm_vif);
541	538	hw->chanctx_data_size = sizeof(u16);
	539	+ hw->txq_data_size = sizeof(struct iwl_mvm_txq);
542	540
543	541	hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) \|
544	542	BIT(NL80211_IFTYPE_P2P_CLIENT) \|
..	..	@@ -548,6 +546,17 @@
548	546	BIT(NL80211_IFTYPE_ADHOC);
549	547
550	548	hw->wiphy->flags \|= WIPHY_FLAG_IBSS_RSN;
	549	+ wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
	550	+
	551	+ /* The new Tx API does not allow to pass the key or keyid of a MPDU to
	552	+ * the hw, preventing us to control which key(id) to use per MPDU.
	553	+ * Till that's fixed we can't use Extended Key ID for the newer cards.
	554	+ */
	555	+ if (!iwl_mvm_has_new_tx_api(mvm))
	556	+ wiphy_ext_feature_set(hw->wiphy,
	557	+ NL80211_EXT_FEATURE_EXT_KEY_ID);
	558	+ hw->wiphy->features \|= NL80211_FEATURE_HT_IBSS;
	559	+
551	560	hw->wiphy->regulatory_flags \|= REGULATORY_ENABLE_RELAX_NO_IR;
552	561	if (iwl_mvm_is_lar_supported(mvm))
553	562	hw->wiphy->regulatory_flags \|= REGULATORY_WIPHY_SELF_MANAGED;
..	..	@@ -564,8 +573,6 @@
564	573
565	574	hw->wiphy->max_remain_on_channel_duration = 10000;
566	575	hw->max_listen_interval = IWL_CONN_MAX_LISTEN_INTERVAL;
567		- /* we can compensate an offset of up to 3 channels = 15 MHz */
568		- hw->wiphy->max_adj_channel_rssi_comp = 3 * 5;
569	576
570	577	/* Extract MAC address */
571	578	memcpy(mvm->addresses[0].addr, mvm->nvm_data->hw_addr, ETH_ALEN);
..	..	@@ -622,7 +629,7 @@
622	629
623	630	hw->wiphy->max_sched_scan_reqs = 1;
624	631	hw->wiphy->max_sched_scan_ssids = PROBE_OPTION_MAX;
625		- hw->wiphy->max_match_sets = IWL_SCAN_MAX_PROFILES;
	632	+ hw->wiphy->max_match_sets = iwl_umac_scan_get_max_profiles(mvm->fw);
626	633	/* we create the 802.11 header and zero length SSID IE. */
627	634	hw->wiphy->max_sched_scan_ie_len =
628	635	SCAN_OFFLOAD_PROBE_REQ_SIZE - 24 - 2;
..	..	@@ -659,14 +666,17 @@
659	666	IWL_UCODE_TLV_CAPA_WFA_TPC_REP_IE_SUPPORT))
660	667	hw->wiphy->features \|= NL80211_FEATURE_WFA_TPC_IE_IN_PROBES;
661	668
	669	+ if (iwl_fw_lookup_cmd_ver(mvm->fw, IWL_ALWAYS_LONG_GROUP,
	670	+ WOWLAN_KEK_KCK_MATERIAL,
	671	+ IWL_FW_CMD_VER_UNKNOWN) == 3)
	672	+ hw->wiphy->flags \|= WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK;
	673	+
662	674	if (fw_has_api(&mvm->fw->ucode_capa,
663	675	IWL_UCODE_TLV_API_SCAN_TSF_REPORT)) {
664	676	wiphy_ext_feature_set(hw->wiphy,
665	677	NL80211_EXT_FEATURE_SCAN_START_TIME);
666	678	wiphy_ext_feature_set(hw->wiphy,
667	679	NL80211_EXT_FEATURE_BSS_PARENT_TSF);
668		- wiphy_ext_feature_set(hw->wiphy,
669		- NL80211_EXT_FEATURE_SET_SCAN_DWELL);
670	680	}
671	681
672	682	if (iwl_mvm_is_oce_supported(mvm)) {
..	..	@@ -680,16 +690,20 @@
680	690	NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE);
681	691	}
682	692
	693	+ if (mvm->nvm_data->sku_cap_11ax_enable &&
	694	+ !iwlwifi_mod_params.disable_11ax) {
	695	+ hw->wiphy->iftype_ext_capab = he_iftypes_ext_capa;
	696	+ hw->wiphy->num_iftype_ext_capab =
	697	+ ARRAY_SIZE(he_iftypes_ext_capa);
	698	+
	699	+ ieee80211_hw_set(hw, SUPPORTS_MULTI_BSSID);
	700	+ ieee80211_hw_set(hw, SUPPORTS_ONLY_HE_MULTI_BSSID);
	701	+ }
	702	+
683	703	mvm->rts_threshold = IEEE80211_MAX_RTS_THRESHOLD;
684	704
685	705	#ifdef CONFIG_PM_SLEEP
686		- if (iwl_mvm_is_d0i3_supported(mvm) &&
687		- device_can_wakeup(mvm->trans->dev)) {
688		- mvm->wowlan.flags = WIPHY_WOWLAN_ANY;
689		- hw->wiphy->wowlan = &mvm->wowlan;
690		- }
691		-
692		- if (mvm->fw->img[IWL_UCODE_WOWLAN].num_sec &&
	706	+ if ((unified \|\| mvm->fw->img[IWL_UCODE_WOWLAN].num_sec) &&
693	707	mvm->trans->ops->d3_suspend &&
694	708	mvm->trans->ops->d3_resume &&
695	709	device_can_wakeup(mvm->trans->dev)) {
..	..	@@ -698,15 +712,15 @@
698	712	WIPHY_WOWLAN_EAP_IDENTITY_REQ \|
699	713	WIPHY_WOWLAN_RFKILL_RELEASE \|
700	714	WIPHY_WOWLAN_NET_DETECT;
701		- if (!iwlwifi_mod_params.swcrypto)
702		- mvm->wowlan.flags \|= WIPHY_WOWLAN_SUPPORTS_GTK_REKEY \|
703		- WIPHY_WOWLAN_GTK_REKEY_FAILURE \|
704		- WIPHY_WOWLAN_4WAY_HANDSHAKE;
	715	+ mvm->wowlan.flags \|= WIPHY_WOWLAN_SUPPORTS_GTK_REKEY \|
	716	+ WIPHY_WOWLAN_GTK_REKEY_FAILURE \|
	717	+ WIPHY_WOWLAN_4WAY_HANDSHAKE;
705	718
706	719	mvm->wowlan.n_patterns = IWL_WOWLAN_MAX_PATTERNS;
707	720	mvm->wowlan.pattern_min_len = IWL_WOWLAN_MIN_PATTERN_LEN;
708	721	mvm->wowlan.pattern_max_len = IWL_WOWLAN_MAX_PATTERN_LEN;
709		- mvm->wowlan.max_nd_match_sets = IWL_SCAN_MAX_PROFILES;
	722	+ mvm->wowlan.max_nd_match_sets =
	723	+ iwl_umac_scan_get_max_profiles(mvm->fw);
710	724	hw->wiphy->wowlan = &mvm->wowlan;
711	725	}
712	726	#endif
..	..	@@ -742,57 +756,37 @@
742	756	hw->netdev_features \|= IWL_TX_CSUM_NETIF_FLAGS;
743	757	}
744	758
745		- ret = ieee80211_register_hw(mvm->hw);
746		- if (ret)
747		- iwl_mvm_leds_exit(mvm);
748		- mvm->init_status \|= IWL_MVM_INIT_STATUS_REG_HW_INIT_COMPLETE;
749		-
750	759	if (mvm->cfg->vht_mu_mimo_supported)
751	760	wiphy_ext_feature_set(hw->wiphy,
752	761	NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER);
753	762
	763	+ if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_PROTECTED_TWT))
	764	+ wiphy_ext_feature_set(hw->wiphy,
	765	+ NL80211_EXT_FEATURE_PROTECTED_TWT);
	766	+
	767	+ hw->wiphy->available_antennas_tx = iwl_mvm_get_valid_tx_ant(mvm);
	768	+ hw->wiphy->available_antennas_rx = iwl_mvm_get_valid_rx_ant(mvm);
	769	+
	770	+ ret = ieee80211_register_hw(mvm->hw);
	771	+ if (ret) {
	772	+ iwl_mvm_leds_exit(mvm);
	773	+ }
	774	+
754	775	return ret;
755	776	}
756	777
757		-static bool iwl_mvm_defer_tx(struct iwl_mvm *mvm,
758		- struct ieee80211_sta *sta,
759		- struct sk_buff *skb)
	778	+static void iwl_mvm_tx_skb(struct iwl_mvm mvm, struct sk_buff skb,
	779	+ struct ieee80211_sta *sta)
760	780	{
761		- struct iwl_mvm_sta *mvmsta;
762		- bool defer = false;
	781	+ if (likely(sta)) {
	782	+ if (likely(iwl_mvm_tx_skb_sta(mvm, skb, sta) == 0))
	783	+ return;
	784	+ } else {
	785	+ if (likely(iwl_mvm_tx_skb_non_sta(mvm, skb) == 0))
	786	+ return;
	787	+ }
763	788
764		- /*
765		- * double check the IN_D0I3 flag both before and after
766		- * taking the spinlock, in order to prevent taking
767		- * the spinlock when not needed.
768		- */
769		- if (likely(!test_bit(IWL_MVM_STATUS_IN_D0I3, &mvm->status)))
770		- return false;
771		-
772		- spin_lock(&mvm->d0i3_tx_lock);
773		- /*
774		- * testing the flag again ensures the skb dequeue
775		- * loop (on d0i3 exit) hasn't run yet.
776		- */
777		- if (!test_bit(IWL_MVM_STATUS_IN_D0I3, &mvm->status))
778		- goto out;
779		-
780		- mvmsta = iwl_mvm_sta_from_mac80211(sta);
781		- if (mvmsta->sta_id == IWL_MVM_INVALID_STA \|\|
782		- mvmsta->sta_id != mvm->d0i3_ap_sta_id)
783		- goto out;
784		-
785		- __skb_queue_tail(&mvm->d0i3_tx, skb);
786		- ieee80211_stop_queues(mvm->hw);
787		-
788		- /* trigger wakeup */
789		- iwl_mvm_ref(mvm, IWL_MVM_REF_TX);
790		- iwl_mvm_unref(mvm, IWL_MVM_REF_TX);
791		-
792		- defer = true;
793		-out:
794		- spin_unlock(&mvm->d0i3_tx_lock);
795		- return defer;
	789	+ ieee80211_free_txskb(mvm->hw, skb);
796	790	}
797	791
798	792	static void iwl_mvm_mac_tx(struct ieee80211_hw *hw,
..	..	@@ -803,13 +797,15 @@
803	797	struct ieee80211_sta *sta = control->sta;
804	798	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
805	799	struct ieee80211_hdr hdr = (void )skb->data;
	800	+ bool offchannel = IEEE80211_SKB_CB(skb)->flags &
	801	+ IEEE80211_TX_CTL_TX_OFFCHAN;
806	802
807	803	if (iwl_mvm_is_radio_killed(mvm)) {
808	804	IWL_DEBUG_DROP(mvm, "Dropping - RF/CT KILL\n");
809	805	goto drop;
810	806	}
811	807
812		- if (info->hw_queue == IWL_MVM_OFFCHANNEL_QUEUE &&
	808	+ if (offchannel &&
813	809	!test_bit(IWL_MVM_STATUS_ROC_RUNNING, &mvm->status) &&
814	810	!test_bit(IWL_MVM_STATUS_ROC_AUX_RUNNING, &mvm->status))
815	811	goto drop;
..	..	@@ -822,13 +818,13 @@
822	818	sta = NULL;
823	819
824	820	/* If there is no sta, and it's not offchannel - send through AP */
825		- if (info->control.vif->type == NL80211_IFTYPE_STATION &&
826		- info->hw_queue != IWL_MVM_OFFCHANNEL_QUEUE && !sta) {
	821	+ if (!sta && info->control.vif->type == NL80211_IFTYPE_STATION &&
	822	+ !offchannel) {
827	823	struct iwl_mvm_vif *mvmvif =
828	824	iwl_mvm_vif_from_mac80211(info->control.vif);
829	825	u8 ap_sta_id = READ_ONCE(mvmvif->ap_sta_id);
830	826
831		- if (ap_sta_id < IWL_MVM_STATION_COUNT) {
	827	+ if (ap_sta_id < mvm->fw->ucode_capa.num_stations) {
832	828	/* mac80211 holds rcu read lock */
833	829	sta = rcu_dereference(mvm->fw_id_to_mac_id[ap_sta_id]);
834	830	if (IS_ERR_OR_NULL(sta))
..	..	@@ -836,37 +832,104 @@
836	832	}
837	833	}
838	834
839		- if (sta) {
840		- if (iwl_mvm_defer_tx(mvm, sta, skb))
841		- return;
842		- if (iwl_mvm_tx_skb(mvm, skb, sta))
843		- goto drop;
844		- return;
845		- }
846		-
847		- if (iwl_mvm_tx_skb_non_sta(mvm, skb))
848		- goto drop;
	835	+ iwl_mvm_tx_skb(mvm, skb, sta);
849	836	return;
850	837	drop:
851	838	ieee80211_free_txskb(hw, skb);
852	839	}
853	840
854		-static inline bool iwl_enable_rx_ampdu(const struct iwl_cfg *cfg)
	841	+void iwl_mvm_mac_itxq_xmit(struct ieee80211_hw hw, struct ieee80211_txq txq)
855	842	{
856		- if (iwlwifi_mod_params.disable_11n & IWL_DISABLE_HT_RXAGG)
857		- return false;
858		- return true;
	843	+ struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
	844	+ struct iwl_mvm_txq *mvmtxq = iwl_mvm_txq_from_mac80211(txq);
	845	+ struct sk_buff *skb = NULL;
	846	+
	847	+ /*
	848	+ * No need for threads to be pending here, they can leave the first
	849	+ * taker all the work.
	850	+ *
	851	+ * mvmtxq->tx_request logic:
	852	+ *
	853	+ * If 0, no one is currently TXing, set to 1 to indicate current thread
	854	+ * will now start TX and other threads should quit.
	855	+ *
	856	+ * If 1, another thread is currently TXing, set to 2 to indicate to
	857	+ * that thread that there was another request. Since that request may
	858	+ * have raced with the check whether the queue is empty, the TXing
	859	+ * thread should check the queue's status one more time before leaving.
	860	+ * This check is done in order to not leave any TX hanging in the queue
	861	+ * until the next TX invocation (which may not even happen).
	862	+ *
	863	+ * If 2, another thread is currently TXing, and it will already double
	864	+ * check the queue, so do nothing.
	865	+ */
	866	+ if (atomic_fetch_add_unless(&mvmtxq->tx_request, 1, 2))
	867	+ return;
	868	+
	869	+ rcu_read_lock();
	870	+ do {
	871	+ while (likely(!mvmtxq->stopped &&
	872	+ (mvm->trans->system_pm_mode ==
	873	+ IWL_PLAT_PM_MODE_DISABLED))) {
	874	+ skb = ieee80211_tx_dequeue(hw, txq);
	875	+
	876	+ if (!skb) {
	877	+ if (txq->sta)
	878	+ IWL_DEBUG_TX(mvm,
	879	+ "TXQ of sta %pM tid %d is now empty\n",
	880	+ txq->sta->addr,
	881	+ txq->tid);
	882	+ break;
	883	+ }
	884	+
	885	+ iwl_mvm_tx_skb(mvm, skb, txq->sta);
	886	+ }
	887	+ } while (atomic_dec_return(&mvmtxq->tx_request));
	888	+ rcu_read_unlock();
859	889	}
860	890
861		-static inline bool iwl_enable_tx_ampdu(const struct iwl_cfg *cfg)
	891	+static void iwl_mvm_mac_wake_tx_queue(struct ieee80211_hw *hw,
	892	+ struct ieee80211_txq *txq)
862	893	{
863		- if (iwlwifi_mod_params.disable_11n & IWL_DISABLE_HT_TXAGG)
864		- return false;
865		- if (iwlwifi_mod_params.disable_11n & IWL_ENABLE_HT_TXAGG)
866		- return true;
	894	+ struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
	895	+ struct iwl_mvm_txq *mvmtxq = iwl_mvm_txq_from_mac80211(txq);
867	896
868		- /* enabled by default */
869		- return true;
	897	+ /*
	898	+ * Please note that racing is handled very carefully here:
	899	+ * mvmtxq->txq_id is updated during allocation, and mvmtxq->list is
	900	+ * deleted afterwards.
	901	+ * This means that if:
	902	+ * mvmtxq->txq_id != INVALID_QUEUE && list_empty(&mvmtxq->list):
	903	+ * queue is allocated and we can TX.
	904	+ * mvmtxq->txq_id != INVALID_QUEUE && !list_empty(&mvmtxq->list):
	905	+ * a race, should defer the frame.
	906	+ * mvmtxq->txq_id == INVALID_QUEUE && list_empty(&mvmtxq->list):
	907	+ * need to allocate the queue and defer the frame.
	908	+ * mvmtxq->txq_id == INVALID_QUEUE && !list_empty(&mvmtxq->list):
	909	+ * queue is already scheduled for allocation, no need to allocate,
	910	+ * should defer the frame.
	911	+ */
	912	+
	913	+ /* If the queue is allocated TX and return. */
	914	+ if (!txq->sta \|\| mvmtxq->txq_id != IWL_MVM_INVALID_QUEUE) {
	915	+ /*
	916	+ * Check that list is empty to avoid a race where txq_id is
	917	+ * already updated, but the queue allocation work wasn't
	918	+ * finished
	919	+ */
	920	+ if (unlikely(txq->sta && !list_empty(&mvmtxq->list)))
	921	+ return;
	922	+
	923	+ iwl_mvm_mac_itxq_xmit(hw, txq);
	924	+ return;
	925	+ }
	926	+
	927	+ /* The list is being deleted only after the queue is fully allocated. */
	928	+ if (!list_empty(&mvmtxq->list))
	929	+ return;
	930	+
	931	+ list_add_tail(&mvmtxq->list, &mvm->add_stream_txqs);
	932	+ schedule_work(&mvm->add_stream_wk);
870	933	}
871	934
872	935	#define CHECK_BA_TRIGGER(_mvm, _trig, _tid_bm, _tid, _fmt...) \
..	..	@@ -884,15 +947,12 @@
884	947	struct iwl_fw_dbg_trigger_tlv *trig;
885	948	struct iwl_fw_dbg_trigger_ba *ba_trig;
886	949
887		- if (!iwl_fw_dbg_trigger_enabled(mvm->fw, FW_DBG_TRIGGER_BA))
	950	+ trig = iwl_fw_dbg_trigger_on(&mvm->fwrt, ieee80211_vif_to_wdev(vif),
	951	+ FW_DBG_TRIGGER_BA);
	952	+ if (!trig)
888	953	return;
889	954
890		- trig = iwl_fw_dbg_get_trigger(mvm->fw, FW_DBG_TRIGGER_BA);
891	955	ba_trig = (void *)trig->data;
892		-
893		- if (!iwl_fw_dbg_trigger_check_stop(&mvm->fwrt,
894		- ieee80211_vif_to_wdev(vif), trig))
895		- return;
896	956
897	957	switch (action) {
898	958	case IEEE80211_AMPDU_TX_OPERATIONAL: {
..	..	@@ -930,7 +990,6 @@
930	990	{
931	991	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
932	992	int ret;
933		- bool tx_agg_ref = false;
934	993	struct ieee80211_sta *sta = params->sta;
935	994	enum ieee80211_ampdu_mlme_action action = params->action;
936	995	u16 tid = params->tid;
..	..	@@ -944,31 +1003,6 @@
944	1003
945	1004	if (!(mvm->nvm_data->sku_cap_11n_enable))
946	1005	return -EACCES;
947		-
948		- /* return from D0i3 before starting a new Tx aggregation */
949		- switch (action) {
950		- case IEEE80211_AMPDU_TX_START:
951		- case IEEE80211_AMPDU_TX_STOP_CONT:
952		- case IEEE80211_AMPDU_TX_STOP_FLUSH:
953		- case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
954		- case IEEE80211_AMPDU_TX_OPERATIONAL:
955		- /*
956		- * for tx start, wait synchronously until D0i3 exit to
957		- * get the correct sequence number for the tid.
958		- * additionally, some other ampdu actions use direct
959		- * target access, which is not handled automatically
960		- * by the trans layer (unlike commands), so wait for
961		- * d0i3 exit in these cases as well.
962		- */
963		- ret = iwl_mvm_ref_sync(mvm, IWL_MVM_REF_TX_AGG);
964		- if (ret)
965		- return ret;
966		-
967		- tx_agg_ref = true;
968		- break;
969		- default:
970		- break;
971		- }
972	1006
973	1007	mutex_lock(&mvm->mutex);
974	1008
..	..	@@ -984,7 +1018,7 @@
984	1018	mvmvif = iwl_mvm_vif_from_mac80211(vif);
985	1019	cancel_delayed_work(&mvmvif->uapsd_nonagg_detected_wk);
986	1020	}
987		- if (!iwl_enable_rx_ampdu(mvm->cfg)) {
	1021	+ if (!iwl_enable_rx_ampdu()) {
988	1022	ret = -EINVAL;
989	1023	break;
990	1024	}
..	..	@@ -996,7 +1030,7 @@
996	1030	timeout);
997	1031	break;
998	1032	case IEEE80211_AMPDU_TX_START:
999		- if (!iwl_enable_tx_ampdu(mvm->cfg)) {
	1033	+ if (!iwl_enable_tx_ampdu()) {
1000	1034	ret = -EINVAL;
1001	1035	break;
1002	1036	}
..	..	@@ -1030,13 +1064,6 @@
1030	1064	}
1031	1065	mutex_unlock(&mvm->mutex);
1032	1066
1033		- /*
1034		- * If the tid is marked as started, we won't use it for offloaded
1035		- * traffic on the next D0i3 entry. It's safe to unref.
1036		- */
1037		- if (tx_agg_ref)
1038		- iwl_mvm_unref(mvm, IWL_MVM_REF_TX_AGG);
1039		-
1040	1067	return ret;
1041	1068	}
1042	1069
..	..	@@ -1055,33 +1082,24 @@
1055	1082
1056	1083	mvmvif->phy_ctxt = NULL;
1057	1084	memset(&mvmvif->bf_data, 0, sizeof(mvmvif->bf_data));
	1085	+ memset(&mvmvif->probe_resp_data, 0, sizeof(mvmvif->probe_resp_data));
1058	1086	}
1059	1087
1060	1088	static void iwl_mvm_restart_cleanup(struct iwl_mvm *mvm)
1061	1089	{
1062		- /* clear the D3 reconfig, we only need it to avoid dumping a
1063		- * firmware coredump on reconfiguration, we shouldn't do that
1064		- * on D3->D0 transition
1065		- */
1066		- if (!test_and_clear_bit(IWL_MVM_STATUS_D3_RECONFIG, &mvm->status)) {
1067		- mvm->fwrt.dump.desc = &iwl_dump_desc_assert;
1068		- iwl_fw_error_dump(&mvm->fwrt);
1069		- }
1070		-
1071		- /* cleanup all stale references (scan, roc), but keep the
1072		- * ucode_down ref until reconfig is complete
1073		- */
1074		- iwl_mvm_unref_all_except(mvm, IWL_MVM_REF_UCODE_DOWN);
1075		-
1076	1090	iwl_mvm_stop_device(mvm);
	1091	+
	1092	+ mvm->cur_aid = 0;
1077	1093
1078	1094	mvm->scan_status = 0;
1079	1095	mvm->ps_disabled = false;
1080		- mvm->calibrating = false;
	1096	+ mvm->rfkill_safe_init_done = false;
1081	1097
1082	1098	/* just in case one was running */
1083	1099	iwl_mvm_cleanup_roc_te(mvm);
1084	1100	ieee80211_remain_on_channel_expired(mvm->hw);
	1101	+
	1102	+ iwl_mvm_ftm_restart(mvm);
1085	1103
1086	1104	/*
1087	1105	* cleanup all interfaces, even inactive ones, as some might have
..	..	@@ -1090,18 +1108,13 @@
1090	1108	ieee80211_iterate_interfaces(mvm->hw, 0, iwl_mvm_cleanup_iterator, mvm);
1091	1109
1092	1110	mvm->p2p_device_vif = NULL;
1093		- mvm->d0i3_ap_sta_id = IWL_MVM_INVALID_STA;
1094	1111
1095	1112	iwl_mvm_reset_phy_ctxts(mvm);
1096	1113	memset(mvm->fw_key_table, 0, sizeof(mvm->fw_key_table));
1097		- memset(mvm->sta_deferred_frames, 0, sizeof(mvm->sta_deferred_frames));
1098	1114	memset(&mvm->last_bt_notif, 0, sizeof(mvm->last_bt_notif));
1099	1115	memset(&mvm->last_bt_ci_cmd, 0, sizeof(mvm->last_bt_ci_cmd));
1100	1116
1101	1117	ieee80211_wake_queues(mvm->hw);
1102		-
1103		- /* clear any stale d0i3 state */
1104		- clear_bit(IWL_MVM_STATUS_IN_D0I3, &mvm->status);
1105	1118
1106	1119	mvm->vif_count = 0;
1107	1120	mvm->rx_ba_sessions = 0;
..	..	@@ -1127,16 +1140,13 @@
1127	1140	clear_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED, &mvm->status);
1128	1141	/* Clean up some internal and mac80211 state on restart */
1129	1142	iwl_mvm_restart_cleanup(mvm);
1130		- } else {
1131		- /* Hold the reference to prevent runtime suspend while
1132		- * the start procedure runs. It's a bit confusing
1133		- * that the UCODE_DOWN reference is taken, but it just
1134		- * means "UCODE is not UP yet". ( TODO: rename this
1135		- * reference).
1136		- */
1137		- iwl_mvm_ref(mvm, IWL_MVM_REF_UCODE_DOWN);
1138	1143	}
1139	1144	ret = iwl_mvm_up(mvm);
	1145	+
	1146	+ iwl_dbg_tlv_time_point(&mvm->fwrt, IWL_FW_INI_TIME_POINT_POST_INIT,
	1147	+ NULL);
	1148	+ iwl_dbg_tlv_time_point(&mvm->fwrt, IWL_FW_INI_TIME_POINT_PERIODIC,
	1149	+ NULL);
1140	1150
1141	1151	if (ret && test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) {
1142	1152	/* Something went wrong - we need to finish some cleanup
..	..	@@ -1144,7 +1154,6 @@
1144	1154	* would do.
1145	1155	*/
1146	1156	clear_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status);
1147		- iwl_mvm_d0i3_enable_tx(mvm, NULL);
1148	1157	}
1149	1158
1150	1159	return ret;
..	..	@@ -1154,22 +1163,30 @@
1154	1163	{
1155	1164	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
1156	1165	int ret;
1157		-
1158		- /* Some hw restart cleanups must not hold the mutex */
1159		- if (test_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status)) {
1160		- /*
1161		- * Make sure we are out of d0i3. This is needed
1162		- * to make sure the reference accounting is correct
1163		- * (and there is no stale d0i3_exit_work).
1164		- */
1165		- wait_event_timeout(mvm->d0i3_exit_waitq,
1166		- !test_bit(IWL_MVM_STATUS_IN_D0I3,
1167		- &mvm->status),
1168		- HZ);
1169		- }
	1166	+ int retry, max_retry = 0;
1170	1167
1171	1168	mutex_lock(&mvm->mutex);
1172		- ret = __iwl_mvm_mac_start(mvm);
	1169	+
	1170	+ /* we are starting the mac not in error flow, and restart is enabled */
	1171	+ if (!test_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED, &mvm->status) &&
	1172	+ iwlwifi_mod_params.fw_restart) {
	1173	+ max_retry = IWL_MAX_INIT_RETRY;
	1174	+ /*
	1175	+ * This will prevent mac80211 recovery flows to trigger during
	1176	+ * init failures
	1177	+ */
	1178	+ set_bit(IWL_MVM_STATUS_STARTING, &mvm->status);
	1179	+ }
	1180	+
	1181	+ for (retry = 0; retry <= max_retry; retry++) {
	1182	+ ret = __iwl_mvm_mac_start(mvm);
	1183	+ if (!ret)
	1184	+ break;
	1185	+
	1186	+ IWL_ERR(mvm, "mac start retry %d\n", retry);
	1187	+ }
	1188	+ clear_bit(IWL_MVM_STATUS_STARTING, &mvm->status);
	1189	+
1173	1190	mutex_unlock(&mvm->mutex);
1174	1191
1175	1192	return ret;
..	..	@@ -1182,14 +1199,13 @@
1182	1199	mutex_lock(&mvm->mutex);
1183	1200
1184	1201	clear_bit(IWL_MVM_STATUS_IN_HW_RESTART, &mvm->status);
1185		- iwl_mvm_d0i3_enable_tx(mvm, NULL);
	1202	+
1186	1203	ret = iwl_mvm_update_quotas(mvm, true, NULL);
1187	1204	if (ret)
1188	1205	IWL_ERR(mvm, "Failed to update quotas after restart (%d)\n",
1189	1206	ret);
1190	1207
1191		- /* allow transport/FW low power modes */
1192		- iwl_mvm_unref(mvm, IWL_MVM_REF_UCODE_DOWN);
	1208	+ iwl_mvm_send_recovery_cmd(mvm, ERROR_RECOVERY_END_OF_RECOVERY);
1193	1209
1194	1210	/*
1195	1211	* If we have TDLS peers, remove them. We don't know the last seqno/PN
..	..	@@ -1198,17 +1214,6 @@
1198	1214	iwl_mvm_teardown_tdls_peers(mvm);
1199	1215
1200	1216	mutex_unlock(&mvm->mutex);
1201		-}
1202		-
1203		-static void iwl_mvm_resume_complete(struct iwl_mvm *mvm)
1204		-{
1205		- if (iwl_mvm_is_d0i3_supported(mvm) &&
1206		- iwl_mvm_enter_d0i3_on_suspend(mvm))
1207		- WARN_ONCE(!wait_event_timeout(mvm->d0i3_exit_waitq,
1208		- !test_bit(IWL_MVM_STATUS_IN_D0I3,
1209		- &mvm->status),
1210		- HZ),
1211		- "D0i3 exit on resume timed out\n");
1212	1217	}
1213	1218
1214	1219	static void
..	..	@@ -1222,7 +1227,6 @@
1222	1227	iwl_mvm_restart_complete(mvm);
1223	1228	break;
1224	1229	case IEEE80211_RECONFIG_TYPE_SUSPEND:
1225		- iwl_mvm_resume_complete(mvm);
1226	1230	break;
1227	1231	}
1228	1232	}
..	..	@@ -1231,6 +1235,8 @@
1231	1235	{
1232	1236	lockdep_assert_held(&mvm->mutex);
1233	1237
	1238	+ iwl_mvm_ftm_initiator_smooth_stop(mvm);
	1239	+
1234	1240	/* firmware counters are obviously reset now, but we shouldn't
1235	1241	* partially track so also clear the fw_reset_accu counters.
1236	1242	*/
..	..	@@ -1238,19 +1244,13 @@
1238	1244
1239	1245	/* async_handlers_wk is now blocked */
1240	1246
1241		- /*
1242		- * The work item could be running or queued if the
1243		- * ROC time event stops just as we get here.
1244		- */
1245		- flush_work(&mvm->roc_done_wk);
	1247	+ if (iwl_fw_lookup_cmd_ver(mvm->fw, LONG_GROUP, ADD_STA, 0) < 12)
	1248	+ iwl_mvm_rm_aux_sta(mvm);
1246	1249
1247	1250	iwl_mvm_stop_device(mvm);
1248	1251
1249	1252	iwl_mvm_async_handlers_purge(mvm);
1250	1253	/* async_handlers_list is empty and will stay empty: HW is stopped */
1251		-
1252		- /* the fw is stopped, the aux sta is dead: clean up driver state */
1253		- iwl_mvm_del_aux_sta(mvm);
1254	1254
1255	1255	/*
1256	1256	* Clear IN_HW_RESTART and HW_RESTART_REQUESTED flag when stopping the
..	..	@@ -1284,7 +1284,6 @@
1284	1284	{
1285	1285	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
1286	1286
1287		- flush_work(&mvm->d0i3_exit_work);
1288	1287	flush_work(&mvm->async_handlers_wk);
1289	1288	flush_work(&mvm->add_stream_wk);
1290	1289
..	..	@@ -1298,10 +1297,14 @@
1298	1297	*/
1299	1298	clear_bit(IWL_MVM_STATUS_FIRMWARE_RUNNING, &mvm->status);
1300	1299
1301		- iwl_fw_cancel_dump(&mvm->fwrt);
1302	1300	cancel_delayed_work_sync(&mvm->cs_tx_unblock_dwork);
1303	1301	cancel_delayed_work_sync(&mvm->scan_timeout_dwork);
1304		- iwl_fw_free_dump_desc(&mvm->fwrt);
	1302	+
	1303	+ /*
	1304	+ * The work item could be running or queued if the
	1305	+ * ROC time event stops just as we get here.
	1306	+ */
	1307	+ flush_work(&mvm->roc_done_wk);
1305	1308
1306	1309	mutex_lock(&mvm->mutex);
1307	1310	__iwl_mvm_mac_stop(mvm);
..	..	@@ -1331,21 +1334,127 @@
1331	1334	static int iwl_mvm_set_tx_power(struct iwl_mvm mvm, struct ieee80211_vif vif,
1332	1335	s16 tx_power)
1333	1336	{
	1337	+ int len;
1334	1338	struct iwl_dev_tx_power_cmd cmd = {
1335		- .v3.set_mode = cpu_to_le32(IWL_TX_POWER_MODE_SET_MAC),
1336		- .v3.mac_context_id =
	1339	+ .common.set_mode = cpu_to_le32(IWL_TX_POWER_MODE_SET_MAC),
	1340	+ .common.mac_context_id =
1337	1341	cpu_to_le32(iwl_mvm_vif_from_mac80211(vif)->id),
1338		- .v3.pwr_restriction = cpu_to_le16(8 * tx_power),
	1342	+ .common.pwr_restriction = cpu_to_le16(8 * tx_power),
1339	1343	};
1340		- int len = sizeof(cmd);
	1344	+ u8 cmd_ver = iwl_fw_lookup_cmd_ver(mvm->fw, LONG_GROUP,
	1345	+ REDUCE_TX_POWER_CMD,
	1346	+ IWL_FW_CMD_VER_UNKNOWN);
1341	1347
1342	1348	if (tx_power == IWL_DEFAULT_MAX_TX_POWER)
1343		- cmd.v3.pwr_restriction = cpu_to_le16(IWL_DEV_MAX_TX_POWER);
	1349	+ cmd.common.pwr_restriction = cpu_to_le16(IWL_DEV_MAX_TX_POWER);
1344	1350
1345		- if (!fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_TX_POWER_ACK))
	1351	+ if (cmd_ver == 6)
	1352	+ len = sizeof(cmd.v6);
	1353	+ else if (fw_has_api(&mvm->fw->ucode_capa,
	1354	+ IWL_UCODE_TLV_API_REDUCE_TX_POWER))
	1355	+ len = sizeof(cmd.v5);
	1356	+ else if (fw_has_capa(&mvm->fw->ucode_capa,
	1357	+ IWL_UCODE_TLV_CAPA_TX_POWER_ACK))
	1358	+ len = sizeof(cmd.v4);
	1359	+ else
1346	1360	len = sizeof(cmd.v3);
1347	1361
	1362	+ /* all structs have the same common part, add it */
	1363	+ len += sizeof(cmd.common);
	1364	+
1348	1365	return iwl_mvm_send_cmd_pdu(mvm, REDUCE_TX_POWER_CMD, 0, len, &cmd);
	1366	+}
	1367	+
	1368	+static int iwl_mvm_post_channel_switch(struct ieee80211_hw *hw,
	1369	+ struct ieee80211_vif *vif)
	1370	+{
	1371	+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
	1372	+ struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
	1373	+ int ret;
	1374	+
	1375	+ mutex_lock(&mvm->mutex);
	1376	+
	1377	+ if (mvmvif->csa_failed) {
	1378	+ mvmvif->csa_failed = false;
	1379	+ ret = -EIO;
	1380	+ goto out_unlock;
	1381	+ }
	1382	+
	1383	+ if (vif->type == NL80211_IFTYPE_STATION) {
	1384	+ struct iwl_mvm_sta *mvmsta;
	1385	+
	1386	+ mvmvif->csa_bcn_pending = false;
	1387	+ mvmsta = iwl_mvm_sta_from_staid_protected(mvm,
	1388	+ mvmvif->ap_sta_id);
	1389	+
	1390	+ if (WARN_ON(!mvmsta)) {
	1391	+ ret = -EIO;
	1392	+ goto out_unlock;
	1393	+ }
	1394	+
	1395	+ iwl_mvm_sta_modify_disable_tx(mvm, mvmsta, false);
	1396	+
	1397	+ iwl_mvm_mac_ctxt_changed(mvm, vif, false, NULL);
	1398	+
	1399	+ if (!fw_has_capa(&mvm->fw->ucode_capa,
	1400	+ IWL_UCODE_TLV_CAPA_CHANNEL_SWITCH_CMD)) {
	1401	+ ret = iwl_mvm_enable_beacon_filter(mvm, vif, 0);
	1402	+ if (ret)
	1403	+ goto out_unlock;
	1404	+
	1405	+ iwl_mvm_stop_session_protection(mvm, vif);
	1406	+ }
	1407	+ }
	1408	+
	1409	+ mvmvif->ps_disabled = false;
	1410	+
	1411	+ ret = iwl_mvm_power_update_ps(mvm);
	1412	+
	1413	+out_unlock:
	1414	+ mutex_unlock(&mvm->mutex);
	1415	+
	1416	+ return ret;
	1417	+}
	1418	+
	1419	+static void iwl_mvm_abort_channel_switch(struct ieee80211_hw *hw,
	1420	+ struct ieee80211_vif *vif)
	1421	+{
	1422	+ struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
	1423	+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
	1424	+ struct iwl_chan_switch_te_cmd cmd = {
	1425	+ .mac_id = cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id,
	1426	+ mvmvif->color)),
	1427	+ .action = cpu_to_le32(FW_CTXT_ACTION_REMOVE),
	1428	+ };
	1429	+
	1430	+ IWL_DEBUG_MAC80211(mvm, "Abort CSA on mac %d\n", mvmvif->id);
	1431	+
	1432	+ mutex_lock(&mvm->mutex);
	1433	+ if (!fw_has_capa(&mvm->fw->ucode_capa,
	1434	+ IWL_UCODE_TLV_CAPA_CHANNEL_SWITCH_CMD))
	1435	+ iwl_mvm_remove_csa_period(mvm, vif);
	1436	+ else
	1437	+ WARN_ON(iwl_mvm_send_cmd_pdu(mvm,
	1438	+ WIDE_ID(MAC_CONF_GROUP,
	1439	+ CHANNEL_SWITCH_TIME_EVENT_CMD),
	1440	+ 0, sizeof(cmd), &cmd));
	1441	+ mutex_unlock(&mvm->mutex);
	1442	+
	1443	+ WARN_ON(iwl_mvm_post_channel_switch(hw, vif));
	1444	+}
	1445	+
	1446	+static void iwl_mvm_channel_switch_disconnect_wk(struct work_struct *wk)
	1447	+{
	1448	+ struct iwl_mvm *mvm;
	1449	+ struct iwl_mvm_vif *mvmvif;
	1450	+ struct ieee80211_vif *vif;
	1451	+
	1452	+ mvmvif = container_of(wk, struct iwl_mvm_vif, csa_work.work);
	1453	+ vif = container_of((void *)mvmvif, struct ieee80211_vif, drv_priv);
	1454	+ mvm = mvmvif->mvm;
	1455	+
	1456	+ iwl_mvm_abort_channel_switch(mvm->hw, vif);
	1457	+ ieee80211_chswitch_done(vif, false);
1349	1458	}
1350	1459
1351	1460	static int iwl_mvm_mac_add_interface(struct ieee80211_hw *hw,
..	..	@@ -1356,15 +1465,7 @@
1356	1465	int ret;
1357	1466
1358	1467	mvmvif->mvm = mvm;
1359		-
1360		- /*
1361		- * make sure D0i3 exit is completed, otherwise a target access
1362		- * during tx queue configuration could be done when still in
1363		- * D0i3 state.
1364		- */
1365		- ret = iwl_mvm_ref_sync(mvm, IWL_MVM_REF_ADD_IF);
1366		- if (ret)
1367		- return ret;
	1468	+ RCU_INIT_POINTER(mvmvif->probe_resp_data, NULL);
1368	1469
1369	1470	/*
1370	1471	* Not much to do here. The stack will not allow interface
..	..	@@ -1383,6 +1484,8 @@
1383	1484	ret = iwl_mvm_mac_ctxt_init(mvm, vif);
1384	1485	if (ret)
1385	1486	goto out_unlock;
	1487	+
	1488	+ rcu_assign_pointer(mvm->vif_id_to_mac[mvmvif->id], vif);
1386	1489
1387	1490	/* Counting number of interfaces is needed for legacy PM */
1388	1491	if (vif->type != NL80211_IFTYPE_P2P_DEVICE)
..	..	@@ -1471,6 +1574,8 @@
1471	1574	}
1472	1575
1473	1576	iwl_mvm_tcm_add_vif(mvm, vif);
	1577	+ INIT_DELAYED_WORK(&mvmvif->csa_work,
	1578	+ iwl_mvm_channel_switch_disconnect_wk);
1474	1579
1475	1580	if (vif->type == NL80211_IFTYPE_MONITOR)
1476	1581	mvm->monitor_on = true;
..	..	@@ -1497,8 +1602,6 @@
1497	1602	out_unlock:
1498	1603	mutex_unlock(&mvm->mutex);
1499	1604
1500		- iwl_mvm_unref(mvm, IWL_MVM_REF_ADD_IF);
1501		-
1502	1605	return ret;
1503	1606	}
1504	1607
..	..	@@ -1520,6 +1623,7 @@
1520	1623	{
1521	1624	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
1522	1625	struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
	1626	+ struct iwl_probe_resp_data *probe_data;
1523	1627
1524	1628	iwl_mvm_prepare_mac_removal(mvm, vif);
1525	1629
..	..	@@ -1529,11 +1633,20 @@
1529	1633
1530	1634	mutex_lock(&mvm->mutex);
1531	1635
	1636	+ probe_data = rcu_dereference_protected(mvmvif->probe_resp_data,
	1637	+ lockdep_is_held(&mvm->mutex));
	1638	+ RCU_INIT_POINTER(mvmvif->probe_resp_data, NULL);
	1639	+ if (probe_data)
	1640	+ kfree_rcu(probe_data, rcu_head);
	1641	+
1532	1642	if (mvm->bf_allowed_vif == mvmvif) {
1533	1643	mvm->bf_allowed_vif = NULL;
1534	1644	vif->driver_flags &= ~(IEEE80211_VIF_BEACON_FILTER \|
1535	1645	IEEE80211_VIF_SUPPORTS_CQM_RSSI);
1536	1646	}
	1647	+
	1648	+ if (vif->bss_conf.ftm_responder)
	1649	+ memset(&mvm->ftm_resp_stats, 0, sizeof(mvm->ftm_resp_stats));
1537	1650
1538	1651	iwl_mvm_vif_dbgfs_clean(mvm, vif);
1539	1652
..	..	@@ -1567,6 +1680,8 @@
1567	1680
1568	1681	iwl_mvm_power_update_mac(mvm);
1569	1682	iwl_mvm_mac_ctxt_remove(mvm, vif);
	1683	+
	1684	+ RCU_INIT_POINTER(mvm->vif_id_to_mac[mvmvif->id], NULL);
1570	1685
1571	1686	if (vif->type == NL80211_IFTYPE_MONITOR)
1572	1687	mvm->monitor_on = false;
..	..	@@ -1972,11 +2087,15 @@
1972	2087	struct iwl_he_sta_context_cmd sta_ctxt_cmd = {
1973	2088	.sta_id = sta_id,
1974	2089	.tid_limit = IWL_MAX_TID_COUNT,
1975		- .bss_color = vif->bss_conf.bss_color,
	2090	+ .bss_color = vif->bss_conf.he_bss_color.color,
1976	2091	.htc_trig_based_pkt_ext = vif->bss_conf.htc_trig_based_pkt_ext,
1977	2092	.frame_time_rts_th =
1978	2093	cpu_to_le16(vif->bss_conf.frame_time_rts_th),
1979	2094	};
	2095	+ int size = fw_has_api(&mvm->fw->ucode_capa,
	2096	+ IWL_UCODE_TLV_API_MBSSID_HE) ?
	2097	+ sizeof(sta_ctxt_cmd) :
	2098	+ sizeof(struct iwl_he_sta_context_cmd_v1);
1980	2099	struct ieee80211_sta *sta;
1981	2100	u32 flags;
1982	2101	int i;
..	..	@@ -1984,7 +2103,7 @@
1984	2103	rcu_read_lock();
1985	2104
1986	2105	sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_ctxt_cmd.sta_id]);
1987		- if (IS_ERR(sta)) {
	2106	+ if (IS_ERR_OR_NULL(sta)) {
1988	2107	rcu_read_unlock();
1989	2108	WARN(1, "Can't find STA to configure HE\n");
1990	2109	return;
..	..	@@ -1996,6 +2115,10 @@
1996	2115	}
1997	2116
1998	2117	flags = 0;
	2118	+
	2119	+ /* Block 26-tone RU OFDMA transmissions */
	2120	+ if (mvmvif->he_ru_2mhz_block)
	2121	+ flags \|= STA_CTXT_HE_RU_2MHZ_BLOCK;
1999	2122
2000	2123	/* HTC flags */
2001	2124	if (sta->he_cap.he_cap_elem.mac_cap_info[0] &
..	..	@@ -2018,10 +2141,6 @@
2018	2141	sta_ctxt_cmd.htc_flags \|=
2019	2142	cpu_to_le32(IWL_HE_HTC_LINK_ADAP_BOTH);
2020	2143	}
2021		- if (sta->he_cap.he_cap_elem.mac_cap_info[2] &
2022		- IEEE80211_HE_MAC_CAP2_UL_MU_RESP_SCHED)
2023		- sta_ctxt_cmd.htc_flags \|=
2024		- cpu_to_le32(IWL_HE_HTC_UL_MU_RESP_SCHED);
2025	2144	if (sta->he_cap.he_cap_elem.mac_cap_info[2] & IEEE80211_HE_MAC_CAP2_BSR)
2026	2145	sta_ctxt_cmd.htc_flags \|= cpu_to_le32(IWL_HE_HTC_BSR_SUPP);
2027	2146	if (sta->he_cap.he_cap_elem.mac_cap_info[3] &
..	..	@@ -2083,35 +2202,82 @@
2083	2202	}
2084	2203
2085	2204	flags \|= STA_CTXT_HE_PACKET_EXT;
	2205	+ } else if ((sta->he_cap.he_cap_elem.phy_cap_info[9] &
	2206	+ IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_MASK) !=
	2207	+ IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_RESERVED) {
	2208	+ int low_th = -1;
	2209	+ int high_th = -1;
	2210	+
	2211	+ /* Take the PPE thresholds from the nominal padding info */
	2212	+ switch (sta->he_cap.he_cap_elem.phy_cap_info[9] &
	2213	+ IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_MASK) {
	2214	+ case IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_0US:
	2215	+ low_th = IWL_HE_PKT_EXT_NONE;
	2216	+ high_th = IWL_HE_PKT_EXT_NONE;
	2217	+ break;
	2218	+ case IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_8US:
	2219	+ low_th = IWL_HE_PKT_EXT_BPSK;
	2220	+ high_th = IWL_HE_PKT_EXT_NONE;
	2221	+ break;
	2222	+ case IEEE80211_HE_PHY_CAP9_NOMIMAL_PKT_PADDING_16US:
	2223	+ low_th = IWL_HE_PKT_EXT_NONE;
	2224	+ high_th = IWL_HE_PKT_EXT_BPSK;
	2225	+ break;
	2226	+ }
	2227	+
	2228	+ /* Set the PPE thresholds accordingly */
	2229	+ if (low_th >= 0 && high_th >= 0) {
	2230	+ struct iwl_he_pkt_ext *pkt_ext =
	2231	+ (struct iwl_he_pkt_ext *)&sta_ctxt_cmd.pkt_ext;
	2232	+
	2233	+ for (i = 0; i < MAX_HE_SUPP_NSS; i++) {
	2234	+ u8 bw;
	2235	+
	2236	+ for (bw = 0; bw < MAX_HE_CHANNEL_BW_INDX;
	2237	+ bw++) {
	2238	+ pkt_ext->pkt_ext_qam_th[i][bw][0] =
	2239	+ low_th;
	2240	+ pkt_ext->pkt_ext_qam_th[i][bw][1] =
	2241	+ high_th;
	2242	+ }
	2243	+ }
	2244	+
	2245	+ flags \|= STA_CTXT_HE_PACKET_EXT;
	2246	+ }
2086	2247	}
	2248	+
	2249	+ if (sta->he_cap.he_cap_elem.mac_cap_info[2] &
	2250	+ IEEE80211_HE_MAC_CAP2_32BIT_BA_BITMAP)
	2251	+ flags \|= STA_CTXT_HE_32BIT_BA_BITMAP;
	2252	+
	2253	+ if (sta->he_cap.he_cap_elem.mac_cap_info[2] &
	2254	+ IEEE80211_HE_MAC_CAP2_ACK_EN)
	2255	+ flags \|= STA_CTXT_HE_ACK_ENABLED;
	2256	+
2087	2257	rcu_read_unlock();
2088	2258
2089	2259	/* Mark MU EDCA as enabled, unless none detected on some AC */
2090	2260	flags \|= STA_CTXT_HE_MU_EDCA_CW;
2091		- for (i = 0; i < AC_NUM; i++) {
	2261	+ for (i = 0; i < IEEE80211_NUM_ACS; i++) {
2092	2262	struct ieee80211_he_mu_edca_param_ac_rec *mu_edca =
2093	2263	&mvmvif->queue_params[i].mu_edca_param_rec;
	2264	+ u8 ac = iwl_mvm_mac80211_ac_to_ucode_ac(i);
2094	2265
2095	2266	if (!mvmvif->queue_params[i].mu_edca) {
2096	2267	flags &= ~STA_CTXT_HE_MU_EDCA_CW;
2097	2268	break;
2098	2269	}
2099	2270
2100		- sta_ctxt_cmd.trig_based_txf[i].cwmin =
	2271	+ sta_ctxt_cmd.trig_based_txf[ac].cwmin =
2101	2272	cpu_to_le16(mu_edca->ecw_min_max & 0xf);
2102		- sta_ctxt_cmd.trig_based_txf[i].cwmax =
	2273	+ sta_ctxt_cmd.trig_based_txf[ac].cwmax =
2103	2274	cpu_to_le16((mu_edca->ecw_min_max & 0xf0) >> 4);
2104		- sta_ctxt_cmd.trig_based_txf[i].aifsn =
	2275	+ sta_ctxt_cmd.trig_based_txf[ac].aifsn =
2105	2276	cpu_to_le16(mu_edca->aifsn);
2106		- sta_ctxt_cmd.trig_based_txf[i].mu_time =
	2277	+ sta_ctxt_cmd.trig_based_txf[ac].mu_time =
2107	2278	cpu_to_le16(mu_edca->mu_edca_timer);
2108	2279	}
2109	2280
2110		- if (vif->bss_conf.multi_sta_back_32bit)
2111		- flags \|= STA_CTXT_HE_32BIT_BA_BITMAP;
2112		-
2113		- if (vif->bss_conf.ack_enabled)
2114		- flags \|= STA_CTXT_HE_ACK_ENABLED;
2115	2281
2116	2282	if (vif->bss_conf.uora_exists) {
2117	2283	flags \|= STA_CTXT_HE_TRIG_RND_ALLOC;
..	..	@@ -2122,13 +2288,23 @@
2122	2288	(vif->bss_conf.uora_ocw_range >> 3) & 0x7;
2123	2289	}
2124	2290
2125		- /* TODO: support Multi BSSID IE */
	2291	+ if (vif->bss_conf.nontransmitted) {
	2292	+ flags \|= STA_CTXT_HE_REF_BSSID_VALID;
	2293	+ ether_addr_copy(sta_ctxt_cmd.ref_bssid_addr,
	2294	+ vif->bss_conf.transmitter_bssid);
	2295	+ sta_ctxt_cmd.max_bssid_indicator =
	2296	+ vif->bss_conf.bssid_indicator;
	2297	+ sta_ctxt_cmd.bssid_index = vif->bss_conf.bssid_index;
	2298	+ sta_ctxt_cmd.ema_ap = vif->bss_conf.ema_ap;
	2299	+ sta_ctxt_cmd.profile_periodicity =
	2300	+ vif->bss_conf.profile_periodicity;
	2301	+ }
2126	2302
2127	2303	sta_ctxt_cmd.flags = cpu_to_le32(flags);
2128	2304
2129	2305	if (iwl_mvm_send_cmd_pdu(mvm, iwl_cmd_id(STA_HE_CTXT_CMD,
2130	2306	DATA_PATH_GROUP, 0),
2131		- 0, sizeof(sta_ctxt_cmd), &sta_ctxt_cmd))
	2307	+ 0, size, &sta_ctxt_cmd))
2132	2308	IWL_ERR(mvm, "Failed to config FW to work HE!\n");
2133	2309	}
2134	2310
..	..	@@ -2141,9 +2317,9 @@
2141	2317	int ret;
2142	2318
2143	2319	/*
2144		- * Re-calculate the tsf id, as the master-slave relations depend on the
2145		- * beacon interval, which was not known when the station interface was
2146		- * added.
	2320	+ * Re-calculate the tsf id, as the leader-follower relations depend
	2321	+ * on the beacon interval, which was not known when the station
	2322	+ * interface was added.
2147	2323	*/
2148	2324	if (changes & BSS_CHANGED_ASSOC && bss_conf->assoc) {
2149	2325	if (vif->bss_conf.he_support &&
..	..	@@ -2152,6 +2328,12 @@
2152	2328
2153	2329	iwl_mvm_mac_ctxt_recalc_tsf_id(mvm, vif);
2154	2330	}
	2331	+
	2332	+ /* Update MU EDCA params */
	2333	+ if (changes & BSS_CHANGED_QOS && mvmvif->associated &&
	2334	+ bss_conf->assoc && vif->bss_conf.he_support &&
	2335	+ !iwlwifi_mod_params.disable_11ax)
	2336	+ iwl_mvm_cfg_he_sta(mvm, vif, mvmvif->ap_sta_id);
2155	2337
2156	2338	/*
2157	2339	* If we're not associated yet, take the (new) BSSID before associating
..	..	@@ -2185,7 +2367,9 @@
2185	2367	}
2186	2368
2187	2369	if (test_bit(IWL_MVM_STATUS_IN_HW_RESTART,
2188		- &mvm->status)) {
	2370	+ &mvm->status) &&
	2371	+ !fw_has_capa(&mvm->fw->ucode_capa,
	2372	+ IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD)) {
2189	2373	/*
2190	2374	* If we're restarting then the firmware will
2191	2375	* obviously have lost synchronisation with
..	..	@@ -2199,6 +2383,10 @@
2199	2383	*
2200	2384	* Set a large maximum delay to allow for more
2201	2385	* than a single interface.
	2386	+ *
	2387	+ * For new firmware versions, rely on the
	2388	+ * firmware. This is relevant for DCM scenarios
	2389	+ * only anyway.
2202	2390	*/
2203	2391	u32 dur = (11 * vif->bss_conf.beacon_int) / 10;
2204	2392	iwl_mvm_protect_session(mvm, vif, dur, dur,
..	..	@@ -2208,7 +2396,6 @@
2208	2396	iwl_mvm_sf_update(mvm, vif, false);
2209	2397	iwl_mvm_power_vif_assoc(mvm, vif);
2210	2398	if (vif->p2p) {
2211		- iwl_mvm_ref(mvm, IWL_MVM_REF_P2P_CLIENT);
2212	2399	iwl_mvm_update_smps(mvm, vif,
2213	2400	IWL_MVM_SMPS_REQ_PROT,
2214	2401	IEEE80211_SMPS_DYNAMIC);
..	..	@@ -2218,7 +2405,10 @@
2218	2405	* If update fails - SF might be running in associated
2219	2406	* mode while disassociated - which is forbidden.
2220	2407	*/
2221		- WARN_ONCE(iwl_mvm_sf_update(mvm, vif, false),
	2408	+ ret = iwl_mvm_sf_update(mvm, vif, false);
	2409	+ WARN_ONCE(ret &&
	2410	+ !test_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED,
	2411	+ &mvm->status),
2222	2412	"Failed to update SF upon disassociation\n");
2223	2413
2224	2414	/*
..	..	@@ -2241,9 +2431,6 @@
2241	2431	IWL_ERR(mvm,
2242	2432	"failed to remove AP station\n");
2243	2433
2244		- if (mvm->d0i3_ap_sta_id == mvmvif->ap_sta_id)
2245		- mvm->d0i3_ap_sta_id =
2246		- IWL_MVM_INVALID_STA;
2247	2434	mvmvif->ap_sta_id = IWL_MVM_INVALID_STA;
2248	2435	}
2249	2436
..	..	@@ -2251,9 +2438,6 @@
2251	2438	ret = iwl_mvm_update_quotas(mvm, false, NULL);
2252	2439	if (ret)
2253	2440	IWL_ERR(mvm, "failed to update quotas\n");
2254		-
2255		- if (vif->p2p)
2256		- iwl_mvm_unref(mvm, IWL_MVM_REF_P2P_CLIENT);
2257	2441
2258	2442	/* this will take the cleared BSSID from bss_conf */
2259	2443	ret = iwl_mvm_mac_ctxt_changed(mvm, vif, false, NULL);
..	..	@@ -2293,8 +2477,11 @@
2293	2477	/*
2294	2478	* We received a beacon from the associated AP so
2295	2479	* remove the session protection.
	2480	+ * A firmware with the new API will remove it automatically.
2296	2481	*/
2297		- iwl_mvm_stop_session_protection(mvm, vif);
	2482	+ if (!fw_has_capa(&mvm->fw->ucode_capa,
	2483	+ IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD))
	2484	+ iwl_mvm_stop_session_protection(mvm, vif);
2298	2485
2299	2486	iwl_mvm_sf_update(mvm, vif, false);
2300	2487	WARN_ON(iwl_mvm_enable_beacon_filter(mvm, vif, 0));
..	..	@@ -2340,15 +2527,7 @@
2340	2527	{
2341	2528	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
2342	2529	struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
2343		- int ret;
2344		-
2345		- /*
2346		- * iwl_mvm_mac_ctxt_add() might read directly from the device
2347		- * (the system time), so make sure it is available.
2348		- */
2349		- ret = iwl_mvm_ref_sync(mvm, IWL_MVM_REF_START_AP);
2350		- if (ret)
2351		- return ret;
	2530	+ int ret, i;
2352	2531
2353	2532	mutex_lock(&mvm->mutex);
2354	2533
..	..	@@ -2358,8 +2537,9 @@
2358	2537	goto out_unlock;
2359	2538
2360	2539	/*
2361		- * Re-calculate the tsf id, as the master-slave relations depend on the
2362		- * beacon interval, which was not known when the AP interface was added.
	2540	+ * Re-calculate the tsf id, as the leader-follower relations depend on
	2541	+ * the beacon interval, which was not known when the AP interface
	2542	+ * was added.
2363	2543	*/
2364	2544	if (vif->type == NL80211_IFTYPE_AP)
2365	2545	iwl_mvm_mac_ctxt_recalc_tsf_id(mvm, vif);
..	..	@@ -2414,6 +2594,26 @@
2414	2594	/* must be set before quota calculations */
2415	2595	mvmvif->ap_ibss_active = true;
2416	2596
	2597	+ /* send all the early keys to the device now */
	2598	+ for (i = 0; i < ARRAY_SIZE(mvmvif->ap_early_keys); i++) {
	2599	+ struct ieee80211_key_conf *key = mvmvif->ap_early_keys[i];
	2600	+
	2601	+ if (!key)
	2602	+ continue;
	2603	+
	2604	+ mvmvif->ap_early_keys[i] = NULL;
	2605	+
	2606	+ ret = __iwl_mvm_mac_set_key(hw, SET_KEY, vif, NULL, key);
	2607	+ if (ret)
	2608	+ goto out_quota_failed;
	2609	+ }
	2610	+
	2611	+ if (vif->type == NL80211_IFTYPE_AP && !vif->p2p) {
	2612	+ iwl_mvm_vif_set_low_latency(mvmvif, true,
	2613	+ LOW_LATENCY_VIF_TYPE);
	2614	+ iwl_mvm_send_low_latency_cmd(mvm, true, mvmvif->id);
	2615	+ }
	2616	+
2417	2617	/* power updated needs to be done before quotas */
2418	2618	iwl_mvm_power_update_mac(mvm);
2419	2619
..	..	@@ -2425,13 +2625,13 @@
2425	2625	if (vif->p2p && mvm->p2p_device_vif)
2426	2626	iwl_mvm_mac_ctxt_changed(mvm, mvm->p2p_device_vif, false, NULL);
2427	2627
2428		- iwl_mvm_ref(mvm, IWL_MVM_REF_AP_IBSS);
2429		-
2430	2628	iwl_mvm_bt_coex_vif_change(mvm);
2431	2629
2432	2630	/* we don't support TDLS during DCM */
2433	2631	if (iwl_mvm_phy_ctx_count(mvm) > 1)
2434	2632	iwl_mvm_teardown_tdls_peers(mvm);
	2633	+
	2634	+ iwl_mvm_ftm_restart_responder(mvm, vif);
2435	2635
2436	2636	goto out_unlock;
2437	2637
..	..	@@ -2446,7 +2646,6 @@
2446	2646	iwl_mvm_mac_ctxt_remove(mvm, vif);
2447	2647	out_unlock:
2448	2648	mutex_unlock(&mvm->mutex);
2449		- iwl_mvm_unref(mvm, IWL_MVM_REF_START_AP);
2450	2649	return ret;
2451	2650	}
2452	2651
..	..	@@ -2476,15 +2675,21 @@
2476	2675	mvmvif->ap_ibss_active = false;
2477	2676	mvm->ap_last_beacon_gp2 = 0;
2478	2677
2479		- iwl_mvm_bt_coex_vif_change(mvm);
	2678	+ if (vif->type == NL80211_IFTYPE_AP && !vif->p2p) {
	2679	+ iwl_mvm_vif_set_low_latency(mvmvif, false,
	2680	+ LOW_LATENCY_VIF_TYPE);
	2681	+ iwl_mvm_send_low_latency_cmd(mvm, false, mvmvif->id);
	2682	+ }
2480	2683
2481		- iwl_mvm_unref(mvm, IWL_MVM_REF_AP_IBSS);
	2684	+ iwl_mvm_bt_coex_vif_change(mvm);
2482	2685
2483	2686	/* Need to update the P2P Device MAC (only GO, IBSS is single vif) */
2484	2687	if (vif->p2p && mvm->p2p_device_vif)
2485	2688	iwl_mvm_mac_ctxt_changed(mvm, mvm->p2p_device_vif, false, NULL);
2486	2689
2487	2690	iwl_mvm_update_quotas(mvm, false, NULL);
	2691	+
	2692	+ iwl_mvm_ftm_responder_clear(mvm, vif);
2488	2693
2489	2694	/*
2490	2695	* This is not very nice, but the simplest:
..	..	@@ -2535,6 +2740,15 @@
2535	2740	bss_conf->txpower);
2536	2741	iwl_mvm_set_tx_power(mvm, vif, bss_conf->txpower);
2537	2742	}
	2743	+
	2744	+ if (changes & BSS_CHANGED_FTM_RESPONDER) {
	2745	+ int ret = iwl_mvm_ftm_start_responder(mvm, vif);
	2746	+
	2747	+ if (ret)
	2748	+ IWL_WARN(mvm, "Failed to enable FTM responder (%d)\n",
	2749	+ ret);
	2750	+ }
	2751	+
2538	2752	}
2539	2753
2540	2754	static void iwl_mvm_bss_info_changed(struct ieee80211_hw *hw,
..	..	@@ -2543,14 +2757,6 @@
2543	2757	u32 changes)
2544	2758	{
2545	2759	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
2546		-
2547		- /*
2548		- * iwl_mvm_bss_info_changed_station() might call
2549		- * iwl_mvm_protect_session(), which reads directly from
2550		- * the device (the system time), so make sure it is available.
2551		- */
2552		- if (iwl_mvm_ref_sync(mvm, IWL_MVM_REF_BSS_CHANGED))
2553		- return;
2554	2760
2555	2761	mutex_lock(&mvm->mutex);
2556	2762
..	..	@@ -2575,7 +2781,6 @@
2575	2781	}
2576	2782
2577	2783	mutex_unlock(&mvm->mutex);
2578		- iwl_mvm_unref(mvm, IWL_MVM_REF_BSS_CHANGED);
2579	2784	}
2580	2785
2581	2786	static int iwl_mvm_mac_hw_scan(struct ieee80211_hw *hw,
..	..	@@ -2664,7 +2869,7 @@
2664	2869	return;
2665	2870
2666	2871	spin_lock_bh(&mvmsta->lock);
2667		- for (tid = 0; tid < IWL_MAX_TID_COUNT; tid++) {
	2872	+ for (tid = 0; tid < ARRAY_SIZE(mvmsta->tid_data); tid++) {
2668	2873	struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid];
2669	2874
2670	2875	if (tid_data->txq_id == IWL_MVM_INVALID_QUEUE)
..	..	@@ -2721,7 +2926,7 @@
2721	2926	struct iwl_mvm_sta *mvmsta;
2722	2927	bool sleeping = (notif->type != IWL_MVM_PM_EVENT_AWAKE);
2723	2928
2724		- if (WARN_ON(notif->sta_id >= ARRAY_SIZE(mvm->fw_id_to_mac_id)))
	2929	+ if (WARN_ON(notif->sta_id >= mvm->fw->ucode_capa.num_stations))
2725	2930	return;
2726	2931
2727	2932	rcu_read_lock();
..	..	@@ -2834,14 +3039,12 @@
2834	3039	struct iwl_fw_dbg_trigger_tlv *trig;
2835	3040	struct iwl_fw_dbg_trigger_tdls *tdls_trig;
2836	3041
2837		- if (!iwl_fw_dbg_trigger_enabled(mvm->fw, FW_DBG_TRIGGER_TDLS))
	3042	+ trig = iwl_fw_dbg_trigger_on(&mvm->fwrt, ieee80211_vif_to_wdev(vif),
	3043	+ FW_DBG_TRIGGER_TDLS);
	3044	+ if (!trig)
2838	3045	return;
2839	3046
2840		- trig = iwl_fw_dbg_get_trigger(mvm->fw, FW_DBG_TRIGGER_TDLS);
2841	3047	tdls_trig = (void *)trig->data;
2842		- if (!iwl_fw_dbg_trigger_check_stop(&mvm->fwrt,
2843		- ieee80211_vif_to_wdev(vif), trig))
2844		- return;
2845	3048
2846	3049	if (!(tdls_trig->action_bitmap & BIT(action)))
2847	3050	return;
..	..	@@ -2855,30 +3058,53 @@
2855	3058	peer_addr, action);
2856	3059	}
2857	3060
2858		-static void iwl_mvm_purge_deferred_tx_frames(struct iwl_mvm *mvm,
2859		- struct iwl_mvm_sta *mvm_sta)
	3061	+struct iwl_mvm_he_obss_narrow_bw_ru_data {
	3062	+ bool tolerated;
	3063	+};
	3064	+
	3065	+static void iwl_mvm_check_he_obss_narrow_bw_ru_iter(struct wiphy *wiphy,
	3066	+ struct cfg80211_bss *bss,
	3067	+ void *_data)
2860	3068	{
2861		- struct iwl_mvm_tid_data *tid_data;
2862		- struct sk_buff *skb;
2863		- int i;
	3069	+ struct iwl_mvm_he_obss_narrow_bw_ru_data *data = _data;
	3070	+ const struct cfg80211_bss_ies *ies;
	3071	+ const struct element *elem;
2864	3072
2865		- spin_lock_bh(&mvm_sta->lock);
2866		- for (i = 0; i <= IWL_MAX_TID_COUNT; i++) {
2867		- tid_data = &mvm_sta->tid_data[i];
	3073	+ rcu_read_lock();
	3074	+ ies = rcu_dereference(bss->ies);
	3075	+ elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY, ies->data,
	3076	+ ies->len);
2868	3077
2869		- while ((skb = __skb_dequeue(&tid_data->deferred_tx_frames))) {
2870		- struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2871		-
2872		- /*
2873		- * The first deferred frame should've stopped the MAC
2874		- * queues, so we should never get a second deferred
2875		- * frame for the RA/TID.
2876		- */
2877		- iwl_mvm_start_mac_queues(mvm, BIT(info->hw_queue));
2878		- ieee80211_free_txskb(mvm->hw, skb);
2879		- }
	3078	+ if (!elem \|\| elem->datalen < 10 \|\|
	3079	+ !(elem->data[10] &
	3080	+ WLAN_EXT_CAPA10_OBSS_NARROW_BW_RU_TOLERANCE_SUPPORT)) {
	3081	+ data->tolerated = false;
2880	3082	}
2881		- spin_unlock_bh(&mvm_sta->lock);
	3083	+ rcu_read_unlock();
	3084	+}
	3085	+
	3086	+static void iwl_mvm_check_he_obss_narrow_bw_ru(struct ieee80211_hw *hw,
	3087	+ struct ieee80211_vif *vif)
	3088	+{
	3089	+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
	3090	+ struct iwl_mvm_he_obss_narrow_bw_ru_data iter_data = {
	3091	+ .tolerated = true,
	3092	+ };
	3093	+
	3094	+ if (!(vif->bss_conf.chandef.chan->flags & IEEE80211_CHAN_RADAR)) {
	3095	+ mvmvif->he_ru_2mhz_block = false;
	3096	+ return;
	3097	+ }
	3098	+
	3099	+ cfg80211_bss_iter(hw->wiphy, &vif->bss_conf.chandef,
	3100	+ iwl_mvm_check_he_obss_narrow_bw_ru_iter,
	3101	+ &iter_data);
	3102	+
	3103	+ /*
	3104	+ * If there is at least one AP on radar channel that cannot
	3105	+ * tolerate 26-tone RU UL OFDMA transmissions using HE TB PPDU.
	3106	+ */
	3107	+ mvmvif->he_ru_2mhz_block = !iter_data.tolerated;
2882	3108	}
2883	3109
2884	3110	static int iwl_mvm_mac_sta_state(struct ieee80211_hw *hw,
..	..	@@ -2914,7 +3140,6 @@
2914	3140	*/
2915	3141	if (old_state == IEEE80211_STA_NONE &&
2916	3142	new_state == IEEE80211_STA_NOTEXIST) {
2917		- iwl_mvm_purge_deferred_tx_frames(mvm, mvm_sta);
2918	3143	flush_work(&mvm->add_stream_wk);
2919	3144
2920	3145	/*
..	..	@@ -2934,7 +3159,7 @@
2934	3159	* than 16. We can't avoid connecting at all, so refuse the
2935	3160	* station state change, this will cause mac80211 to abandon
2936	3161	* attempts to connect to this AP, and eventually wpa_s will
2937		- * blacklist the AP...
	3162	+ * blocklist the AP...
2938	3163	*/
2939	3164	if (vif->type == NL80211_IFTYPE_STATION &&
2940	3165	vif->bss_conf.beacon_int < 16) {
..	..	@@ -2944,6 +3169,9 @@
2944	3169	ret = -EINVAL;
2945	3170	goto out_unlock;
2946	3171	}
	3172	+
	3173	+ if (vif->type == NL80211_IFTYPE_STATION)
	3174	+ vif->bss_conf.he_support = sta->he_cap.has_he;
2947	3175
2948	3176	if (sta->tdls &&
2949	3177	(vif->p2p \|\|
..	..	@@ -2961,6 +3189,8 @@
2961	3189	iwl_mvm_tdls_check_trigger(mvm, vif, sta->addr,
2962	3190	NL80211_TDLS_SETUP);
2963	3191	}
	3192	+
	3193	+ sta->max_rc_amsdu_len = 1;
2964	3194	} else if (old_state == IEEE80211_STA_NONE &&
2965	3195	new_state == IEEE80211_STA_AUTH) {
2966	3196	/*
..	..	@@ -2973,7 +3203,19 @@
2973	3203	} else if (old_state == IEEE80211_STA_AUTH &&
2974	3204	new_state == IEEE80211_STA_ASSOC) {
2975	3205	if (vif->type == NL80211_IFTYPE_AP) {
	3206	+ vif->bss_conf.he_support = sta->he_cap.has_he;
2976	3207	mvmvif->ap_assoc_sta_count++;
	3208	+ iwl_mvm_mac_ctxt_changed(mvm, vif, false, NULL);
	3209	+ if (vif->bss_conf.he_support &&
	3210	+ !iwlwifi_mod_params.disable_11ax)
	3211	+ iwl_mvm_cfg_he_sta(mvm, vif, mvm_sta->sta_id);
	3212	+ } else if (vif->type == NL80211_IFTYPE_STATION) {
	3213	+ vif->bss_conf.he_support = sta->he_cap.has_he;
	3214	+
	3215	+ mvmvif->he_ru_2mhz_block = false;
	3216	+ if (sta->he_cap.has_he)
	3217	+ iwl_mvm_check_he_obss_narrow_bw_ru(hw, vif);
	3218	+
2977	3219	iwl_mvm_mac_ctxt_changed(mvm, vif, false, NULL);
2978	3220	}
2979	3221
..	..	@@ -2982,6 +3224,7 @@
2982	3224	ret = iwl_mvm_update_sta(mvm, vif, sta);
2983	3225	} else if (old_state == IEEE80211_STA_ASSOC &&
2984	3226	new_state == IEEE80211_STA_AUTHORIZED) {
	3227	+ ret = 0;
2985	3228
2986	3229	/* we don't support TDLS during DCM */
2987	3230	if (iwl_mvm_phy_ctx_count(mvm) > 1)
..	..	@@ -2994,14 +3237,25 @@
2994	3237	/* enable beacon filtering */
2995	3238	WARN_ON(iwl_mvm_enable_beacon_filter(mvm, vif, 0));
2996	3239
	3240	+ /*
	3241	+ * Now that the station is authorized, i.e., keys were already
	3242	+ * installed, need to indicate to the FW that
	3243	+ * multicast data frames can be forwarded to the driver
	3244	+ */
	3245	+ iwl_mvm_mac_ctxt_changed(mvm, vif, false, NULL);
	3246	+
2997	3247	iwl_mvm_rs_rate_init(mvm, sta, mvmvif->phy_ctxt->channel->band,
2998	3248	true);
2999		-
3000		- ret = 0;
3001	3249	} else if (old_state == IEEE80211_STA_AUTHORIZED &&
3002	3250	new_state == IEEE80211_STA_ASSOC) {
	3251	+ /* Multicast data frames are no longer allowed */
	3252	+ iwl_mvm_mac_ctxt_changed(mvm, vif, false, NULL);
	3253	+
3003	3254	/* disable beacon filtering */
3004		- WARN_ON(iwl_mvm_disable_beacon_filter(mvm, vif, 0));
	3255	+ ret = iwl_mvm_disable_beacon_filter(mvm, vif, 0);
	3256	+ WARN_ON(ret &&
	3257	+ !test_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED,
	3258	+ &mvm->status));
3005	3259	ret = 0;
3006	3260	} else if (old_state == IEEE80211_STA_ASSOC &&
3007	3261	new_state == IEEE80211_STA_AUTH) {
..	..	@@ -3021,6 +3275,11 @@
3021	3275	iwl_mvm_tdls_check_trigger(mvm, vif, sta->addr,
3022	3276	NL80211_TDLS_DISABLE_LINK);
3023	3277	}
	3278	+
	3279	+ if (unlikely(ret &&
	3280	+ test_bit(IWL_MVM_STATUS_HW_RESTART_REQUESTED,
	3281	+ &mvm->status)))
	3282	+ ret = 0;
3024	3283	} else {
3025	3284	ret = -EIO;
3026	3285	}
..	..	@@ -3053,6 +3312,13 @@
3053	3312	struct ieee80211_sta *sta, u32 changed)
3054	3313	{
3055	3314	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
	3315	+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
	3316	+
	3317	+ if (changed & (IEEE80211_RC_BW_CHANGED \|
	3318	+ IEEE80211_RC_SUPP_RATES_CHANGED \|
	3319	+ IEEE80211_RC_NSS_CHANGED))
	3320	+ iwl_mvm_rs_rate_init(mvm, sta, mvmvif->phy_ctxt->channel->band,
	3321	+ true);
3056	3322
3057	3323	if (vif->type == NL80211_IFTYPE_STATION &&
3058	3324	changed & IEEE80211_RC_NSS_CHANGED)
..	..	@@ -3091,22 +3357,27 @@
3091	3357	u32 duration = IWL_MVM_TE_SESSION_PROTECTION_MAX_TIME_MS;
3092	3358	u32 min_duration = IWL_MVM_TE_SESSION_PROTECTION_MIN_TIME_MS;
3093	3359
3094		- /*
3095		- * iwl_mvm_protect_session() reads directly from the device
3096		- * (the system time), so make sure it is available.
3097		- */
3098		- if (iwl_mvm_ref_sync(mvm, IWL_MVM_REF_PREPARE_TX))
3099		- return;
3100		-
3101	3360	if (req_duration > duration)
3102	3361	duration = req_duration;
3103	3362
3104	3363	mutex_lock(&mvm->mutex);
3105		- /* Try really hard to protect the session and hear a beacon */
3106		- iwl_mvm_protect_session(mvm, vif, duration, min_duration, 500, false);
	3364	+ /* Try really hard to protect the session and hear a beacon
	3365	+ * The new session protection command allows us to protect the
	3366	+ * session for a much longer time since the firmware will internally
	3367	+ * create two events: a 300TU one with a very high priority that
	3368	+ * won't be fragmented which should be enough for 99% of the cases,
	3369	+ * and another one (which we configure here to be 900TU long) which
	3370	+ * will have a slightly lower priority, but more importantly, can be
	3371	+ * fragmented so that it'll allow other activities to run.
	3372	+ */
	3373	+ if (fw_has_capa(&mvm->fw->ucode_capa,
	3374	+ IWL_UCODE_TLV_CAPA_SESSION_PROT_CMD))
	3375	+ iwl_mvm_schedule_session_protection(mvm, vif, 900,
	3376	+ min_duration, false);
	3377	+ else
	3378	+ iwl_mvm_protect_session(mvm, vif, duration,
	3379	+ min_duration, 500, false);
3107	3380	mutex_unlock(&mvm->mutex);
3108		-
3109		- iwl_mvm_unref(mvm, IWL_MVM_REF_PREPARE_TX);
3110	3381	}
3111	3382
3112	3383	static int iwl_mvm_mac_sched_scan_start(struct ieee80211_hw *hw,
..	..	@@ -3160,28 +3431,31 @@
3160	3431	return ret;
3161	3432	}
3162	3433
3163		-static int iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
3164		- enum set_key_cmd cmd,
3165		- struct ieee80211_vif *vif,
3166		- struct ieee80211_sta *sta,
3167		- struct ieee80211_key_conf *key)
	3434	+static int __iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
	3435	+ enum set_key_cmd cmd,
	3436	+ struct ieee80211_vif *vif,
	3437	+ struct ieee80211_sta *sta,
	3438	+ struct ieee80211_key_conf *key)
3168	3439	{
	3440	+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
3169	3441	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
3170	3442	struct iwl_mvm_sta *mvmsta;
3171	3443	struct iwl_mvm_key_pn *ptk_pn;
3172	3444	int keyidx = key->keyidx;
3173		- int ret;
	3445	+ int ret, i;
3174	3446	u8 key_offset;
3175		-
3176		- if (iwlwifi_mod_params.swcrypto) {
3177		- IWL_DEBUG_MAC80211(mvm, "leave - hwcrypto disabled\n");
3178		- return -EOPNOTSUPP;
3179		- }
3180	3447
3181	3448	switch (key->cipher) {
3182	3449	case WLAN_CIPHER_SUITE_TKIP:
3183		- key->flags \|= IEEE80211_KEY_FLAG_GENERATE_MMIC;
3184		- key->flags \|= IEEE80211_KEY_FLAG_PUT_IV_SPACE;
	3450	+ if (!mvm->trans->trans_cfg->gen2) {
	3451	+ key->flags \|= IEEE80211_KEY_FLAG_GENERATE_MMIC;
	3452	+ key->flags \|= IEEE80211_KEY_FLAG_PUT_IV_SPACE;
	3453	+ } else if (vif->type == NL80211_IFTYPE_STATION) {
	3454	+ key->flags \|= IEEE80211_KEY_FLAG_PUT_MIC_SPACE;
	3455	+ } else {
	3456	+ IWL_DEBUG_MAC80211(mvm, "Use SW encryption for TKIP\n");
	3457	+ return -EOPNOTSUPP;
	3458	+ }
3185	3459	break;
3186	3460	case WLAN_CIPHER_SUITE_CCMP:
3187	3461	case WLAN_CIPHER_SUITE_GCMP:
..	..	@@ -3196,16 +3470,12 @@
3196	3470	break;
3197	3471	case WLAN_CIPHER_SUITE_WEP40:
3198	3472	case WLAN_CIPHER_SUITE_WEP104:
3199		- /* For non-client mode, only use WEP keys for TX as we probably
3200		- * don't have a station yet anyway and would then have to keep
3201		- * track of the keys, linking them to each of the clients/peers
3202		- * as they appear. For now, don't do that, for performance WEP
3203		- * offload doesn't really matter much, but we need it for some
3204		- * other offload features in client mode.
3205		- */
3206		- if (vif->type != NL80211_IFTYPE_STATION)
3207		- return 0;
3208		- break;
	3473	+ if (vif->type == NL80211_IFTYPE_STATION)
	3474	+ break;
	3475	+ if (iwl_mvm_has_new_tx_api(mvm))
	3476	+ return -EOPNOTSUPP;
	3477	+ /* support HW crypto on TX */
	3478	+ return 0;
3209	3479	default:
3210	3480	/* currently FW supports only one optional cipher scheme */
3211	3481	if (hw->n_cipher_schemes &&
..	..	@@ -3214,8 +3484,6 @@
3214	3484	else
3215	3485	return -EOPNOTSUPP;
3216	3486	}
3217		-
3218		- mutex_lock(&mvm->mutex);
3219	3487
3220	3488	switch (cmd) {
3221	3489	case SET_KEY:
..	..	@@ -3229,15 +3497,34 @@
3229	3497	*/
3230	3498	if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC \|\|
3231	3499	key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_128 \|\|
3232		- key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256)
	3500	+ key->cipher == WLAN_CIPHER_SUITE_BIP_GMAC_256) {
3233	3501	ret = -EOPNOTSUPP;
3234		- else
3235		- ret = 0;
	3502	+ break;
	3503	+ }
3236	3504
3237	3505	if (key->cipher != WLAN_CIPHER_SUITE_GCMP &&
3238	3506	key->cipher != WLAN_CIPHER_SUITE_GCMP_256 &&
3239	3507	!iwl_mvm_has_new_tx_api(mvm)) {
3240	3508	key->hw_key_idx = STA_KEY_IDX_INVALID;
	3509	+ ret = 0;
	3510	+ break;
	3511	+ }
	3512	+
	3513	+ if (!mvmvif->ap_ibss_active) {
	3514	+ for (i = 0;
	3515	+ i < ARRAY_SIZE(mvmvif->ap_early_keys);
	3516	+ i++) {
	3517	+ if (!mvmvif->ap_early_keys[i]) {
	3518	+ mvmvif->ap_early_keys[i] = key;
	3519	+ break;
	3520	+ }
	3521	+ }
	3522	+
	3523	+ if (i >= ARRAY_SIZE(mvmvif->ap_early_keys))
	3524	+ ret = -ENOSPC;
	3525	+ else
	3526	+ ret = 0;
	3527	+
3241	3528	break;
3242	3529	}
3243	3530	}
..	..	@@ -3293,16 +3580,33 @@
3293	3580	ret = iwl_mvm_set_sta_key(mvm, vif, sta, key, key_offset);
3294	3581	if (ret) {
3295	3582	IWL_WARN(mvm, "set key failed\n");
	3583	+ key->hw_key_idx = STA_KEY_IDX_INVALID;
3296	3584	/*
3297	3585	* can't add key for RX, but we don't need it
3298		- * in the device for TX so still return 0
	3586	+ * in the device for TX so still return 0,
	3587	+ * unless we have new TX API where we cannot
	3588	+ * put key material into the TX_CMD
3299	3589	*/
3300		- key->hw_key_idx = STA_KEY_IDX_INVALID;
3301		- ret = 0;
	3590	+ if (iwl_mvm_has_new_tx_api(mvm))
	3591	+ ret = -EOPNOTSUPP;
	3592	+ else
	3593	+ ret = 0;
3302	3594	}
3303	3595
3304	3596	break;
3305	3597	case DISABLE_KEY:
	3598	+ ret = -ENOENT;
	3599	+ for (i = 0; i < ARRAY_SIZE(mvmvif->ap_early_keys); i++) {
	3600	+ if (mvmvif->ap_early_keys[i] == key) {
	3601	+ mvmvif->ap_early_keys[i] = NULL;
	3602	+ ret = 0;
	3603	+ }
	3604	+ }
	3605	+
	3606	+ /* found in pending list - don't do anything else */
	3607	+ if (ret == 0)
	3608	+ break;
	3609	+
3306	3610	if (key->hw_key_idx == STA_KEY_IDX_INVALID) {
3307	3611	ret = 0;
3308	3612	break;
..	..	@@ -3329,7 +3633,22 @@
3329	3633	ret = -EINVAL;
3330	3634	}
3331	3635
	3636	+ return ret;
	3637	+}
	3638	+
	3639	+static int iwl_mvm_mac_set_key(struct ieee80211_hw *hw,
	3640	+ enum set_key_cmd cmd,
	3641	+ struct ieee80211_vif *vif,
	3642	+ struct ieee80211_sta *sta,
	3643	+ struct ieee80211_key_conf *key)
	3644	+{
	3645	+ struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
	3646	+ int ret;
	3647	+
	3648	+ mutex_lock(&mvm->mutex);
	3649	+ ret = __iwl_mvm_mac_set_key(hw, cmd, vif, sta, key);
3332	3650	mutex_unlock(&mvm->mutex);
	3651	+
3333	3652	return ret;
3334	3653	}
3335	3654
..	..	@@ -3368,7 +3687,7 @@
3368	3687	resp = (void *)pkt->data;
3369	3688
3370	3689	IWL_DEBUG_TE(mvm,
3371		- "Aux ROC: Recieved response from ucode: status=%d uid=%d\n",
	3690	+ "Aux ROC: Received response from ucode: status=%d uid=%d\n",
3372	3691	resp->status, resp->event_unique_id);
3373	3692
3374	3693	te_data->uid = le32_to_cpu(resp->event_unique_id);
..	..	@@ -3392,7 +3711,7 @@
3392	3711	struct ieee80211_vif *vif,
3393	3712	int duration)
3394	3713	{
3395		- int res, time_reg = DEVICE_SYSTEM_TIME_REG;
	3714	+ int res;
3396	3715	struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
3397	3716	struct iwl_mvm_time_event_data *te_data = &mvmvif->hs_time_event_data;
3398	3717	static const u16 time_event_response[] = { HOT_SPOT_CMD };
..	..	@@ -3405,14 +3724,19 @@
3405	3724	.id_and_color =
3406	3725	cpu_to_le32(FW_CMD_ID_AND_COLOR(MAC_INDEX_AUX, 0)),
3407	3726	.sta_id_and_color = cpu_to_le32(mvm->aux_sta.sta_id),
3408		- /* Set the channel info data */
3409		- .channel_info.band = (channel->band == NL80211_BAND_2GHZ) ?
3410		- PHY_BAND_24 : PHY_BAND_5,
3411		- .channel_info.channel = channel->hw_value,
3412		- .channel_info.width = PHY_VHT_CHANNEL_MODE20,
3413		- /* Set the time and duration */
3414		- .apply_time = cpu_to_le32(iwl_read_prph(mvm->trans, time_reg)),
3415		- };
	3727	+ };
	3728	+ struct iwl_hs20_roc_req_tail *tail = iwl_mvm_chan_info_cmd_tail(mvm,
	3729	+ &aux_roc_req.channel_info);
	3730	+ u16 len = sizeof(aux_roc_req) - iwl_mvm_chan_info_padding(mvm);
	3731	+
	3732	+ /* Set the channel info data */
	3733	+ iwl_mvm_set_chan_info(mvm, &aux_roc_req.channel_info, channel->hw_value,
	3734	+ iwl_mvm_phy_band_from_nl80211(channel->band),
	3735	+ PHY_VHT_CHANNEL_MODE20,
	3736	+ 0);
	3737	+
	3738	+ /* Set the time and duration */
	3739	+ tail->apply_time = cpu_to_le32(iwl_mvm_get_systime(mvm));
3416	3740
3417	3741	delay = AUX_ROC_MIN_DELAY;
3418	3742	req_dur = MSEC_TO_TU(duration);
..	..	@@ -3437,8 +3761,8 @@
3437	3761	}
3438	3762	}
3439	3763
3440		- aux_roc_req.duration = cpu_to_le32(req_dur);
3441		- aux_roc_req.apply_time_max_delay = cpu_to_le32(delay);
	3764	+ tail->duration = cpu_to_le32(req_dur);
	3765	+ tail->apply_time_max_delay = cpu_to_le32(delay);
3442	3766
3443	3767	IWL_DEBUG_TE(mvm,
3444	3768	"ROC: Requesting to remain on channel %u for %ums\n",
..	..	@@ -3448,7 +3772,7 @@
3448	3772	duration, delay, dtim_interval);
3449	3773
3450	3774	/* Set the node address */
3451		- memcpy(aux_roc_req.node_addr, vif->addr, ETH_ALEN);
	3775	+ memcpy(tail->node_addr, vif->addr, ETH_ALEN);
3452	3776
3453	3777	lockdep_assert_held(&mvm->mutex);
3454	3778
..	..	@@ -3479,7 +3803,7 @@
3479	3803	ARRAY_SIZE(time_event_response),
3480	3804	iwl_mvm_rx_aux_roc, te_data);
3481	3805
3482		- res = iwl_mvm_send_cmd_pdu(mvm, HOT_SPOT_CMD, 0, sizeof(aux_roc_req),
	3806	+ res = iwl_mvm_send_cmd_pdu(mvm, HOT_SPOT_CMD, 0, len,
3483	3807	&aux_roc_req);
3484	3808
3485	3809	if (res) {
..	..	@@ -3532,6 +3856,17 @@
3532	3856	if (fw_has_capa(&mvm->fw->ucode_capa,
3533	3857	IWL_UCODE_TLV_CAPA_HOTSPOT_SUPPORT)) {
3534	3858	/* Use aux roc framework (HS20) */
	3859	+ if (iwl_fw_lookup_cmd_ver(mvm->fw, LONG_GROUP,
	3860	+ ADD_STA, 0) >= 12) {
	3861	+ u32 lmac_id;
	3862	+
	3863	+ lmac_id = iwl_mvm_get_lmac_id(mvm->fw,
	3864	+ channel->band);
	3865	+ ret = iwl_mvm_add_aux_sta(mvm, lmac_id);
	3866	+ if (WARN(ret,
	3867	+ "Failed to allocate aux station"))
	3868	+ goto out_unlock;
	3869	+ }
3535	3870	ret = iwl_mvm_send_aux_roc_cmd(mvm, channel,
3536	3871	vif, duration);
3537	3872	goto out_unlock;
..	..	@@ -3648,18 +3983,49 @@
3648	3983	return ret;
3649	3984	}
3650	3985
3651		-static int iwl_mvm_cancel_roc(struct ieee80211_hw *hw)
	3986	+static int iwl_mvm_cancel_roc(struct ieee80211_hw *hw,
	3987	+ struct ieee80211_vif *vif)
3652	3988	{
3653	3989	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
3654	3990
3655	3991	IWL_DEBUG_MAC80211(mvm, "enter\n");
3656	3992
3657	3993	mutex_lock(&mvm->mutex);
3658		- iwl_mvm_stop_roc(mvm);
	3994	+ iwl_mvm_stop_roc(mvm, vif);
3659	3995	mutex_unlock(&mvm->mutex);
3660	3996
3661	3997	IWL_DEBUG_MAC80211(mvm, "leave\n");
3662	3998	return 0;
	3999	+}
	4000	+
	4001	+struct iwl_mvm_ftm_responder_iter_data {
	4002	+ bool responder;
	4003	+ struct ieee80211_chanctx_conf *ctx;
	4004	+};
	4005	+
	4006	+static void iwl_mvm_ftm_responder_chanctx_iter(void _data, u8 mac,
	4007	+ struct ieee80211_vif *vif)
	4008	+{
	4009	+ struct iwl_mvm_ftm_responder_iter_data *data = _data;
	4010	+
	4011	+ if (rcu_access_pointer(vif->chanctx_conf) == data->ctx &&
	4012	+ vif->type == NL80211_IFTYPE_AP && vif->bss_conf.ftmr_params)
	4013	+ data->responder = true;
	4014	+}
	4015	+
	4016	+static bool iwl_mvm_is_ftm_responder_chanctx(struct iwl_mvm *mvm,
	4017	+ struct ieee80211_chanctx_conf *ctx)
	4018	+{
	4019	+ struct iwl_mvm_ftm_responder_iter_data data = {
	4020	+ .responder = false,
	4021	+ .ctx = ctx,
	4022	+ };
	4023	+
	4024	+ ieee80211_iterate_active_interfaces_atomic(mvm->hw,
	4025	+ IEEE80211_IFACE_ITER_NORMAL,
	4026	+ iwl_mvm_ftm_responder_chanctx_iter,
	4027	+ &data);
	4028	+ return data.responder;
3663	4029	}
3664	4030
3665	4031	static int __iwl_mvm_add_chanctx(struct iwl_mvm *mvm,
..	..	@@ -3667,6 +4033,8 @@
3667	4033	{
3668	4034	u16 phy_ctxt_id = (u16 )ctx->drv_priv;
3669	4035	struct iwl_mvm_phy_ctxt *phy_ctxt;
	4036	+ bool responder = iwl_mvm_is_ftm_responder_chanctx(mvm, ctx);
	4037	+ struct cfg80211_chan_def *def = responder ? &ctx->def : &ctx->min_def;
3670	4038	int ret;
3671	4039
3672	4040	lockdep_assert_held(&mvm->mutex);
..	..	@@ -3679,7 +4047,7 @@
3679	4047	goto out;
3680	4048	}
3681	4049
3682		- ret = iwl_mvm_phy_ctxt_changed(mvm, phy_ctxt, &ctx->min_def,
	4050	+ ret = iwl_mvm_phy_ctxt_changed(mvm, phy_ctxt, def,
3683	4051	ctx->rx_chains_static,
3684	4052	ctx->rx_chains_dynamic);
3685	4053	if (ret) {
..	..	@@ -3734,6 +4102,8 @@
3734	4102	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
3735	4103	u16 phy_ctxt_id = (u16 )ctx->drv_priv;
3736	4104	struct iwl_mvm_phy_ctxt phy_ctxt = &mvm->phy_ctxts[phy_ctxt_id];
	4105	+ bool responder = iwl_mvm_is_ftm_responder_chanctx(mvm, ctx);
	4106	+ struct cfg80211_chan_def *def = responder ? &ctx->def : &ctx->min_def;
3737	4107
3738	4108	if (WARN_ONCE((phy_ctxt->ref > 1) &&
3739	4109	(changed & ~(IEEE80211_CHANCTX_CHANGE_WIDTH \|
..	..	@@ -3748,17 +4118,17 @@
3748	4118
3749	4119	/* we are only changing the min_width, may be a noop */
3750	4120	if (changed == IEEE80211_CHANCTX_CHANGE_MIN_WIDTH) {
3751		- if (phy_ctxt->width == ctx->min_def.width)
	4121	+ if (phy_ctxt->width == def->width)
3752	4122	goto out_unlock;
3753	4123
3754	4124	/* we are just toggling between 20_NOHT and 20 */
3755	4125	if (phy_ctxt->width <= NL80211_CHAN_WIDTH_20 &&
3756		- ctx->min_def.width <= NL80211_CHAN_WIDTH_20)
	4126	+ def->width <= NL80211_CHAN_WIDTH_20)
3757	4127	goto out_unlock;
3758	4128	}
3759	4129
3760	4130	iwl_mvm_bt_coex_vif_change(mvm);
3761		- iwl_mvm_phy_ctxt_changed(mvm, phy_ctxt, &ctx->min_def,
	4131	+ iwl_mvm_phy_ctxt_changed(mvm, phy_ctxt, def,
3762	4132	ctx->rx_chains_static,
3763	4133	ctx->rx_chains_dynamic);
3764	4134
..	..	@@ -3787,6 +4157,7 @@
3787	4157	mvmvif->ap_ibss_active = true;
3788	4158	break;
3789	4159	}
	4160	+ /* fall through */
3790	4161	case NL80211_IFTYPE_ADHOC:
3791	4162	/*
3792	4163	* The AP binding flow is handled as part of the start_ap flow
..	..	@@ -3839,25 +4210,19 @@
3839	4210	}
3840	4211
3841	4212	if (switching_chanctx && vif->type == NL80211_IFTYPE_STATION) {
3842		- u32 duration = 3 * vif->bss_conf.beacon_int;
3843		-
3844		- /* iwl_mvm_protect_session() reads directly from the
3845		- * device (the system time), so make sure it is
3846		- * available.
3847		- */
3848		- ret = iwl_mvm_ref_sync(mvm, IWL_MVM_REF_PROTECT_CSA);
3849		- if (ret)
3850		- goto out_remove_binding;
3851		-
3852		- /* Protect the session to make sure we hear the first
3853		- * beacon on the new channel.
3854		- */
3855	4213	mvmvif->csa_bcn_pending = true;
3856		- iwl_mvm_protect_session(mvm, vif, duration, duration,
3857		- vif->bss_conf.beacon_int / 2,
3858		- true);
3859	4214
3860		- iwl_mvm_unref(mvm, IWL_MVM_REF_PROTECT_CSA);
	4215	+ if (!fw_has_capa(&mvm->fw->ucode_capa,
	4216	+ IWL_UCODE_TLV_CAPA_CHANNEL_SWITCH_CMD)) {
	4217	+ u32 duration = 3 * vif->bss_conf.beacon_int;
	4218	+
	4219	+ /* Protect the session to make sure we hear the first
	4220	+ * beacon on the new channel.
	4221	+ */
	4222	+ iwl_mvm_protect_session(mvm, vif, duration, duration,
	4223	+ vif->bss_conf.beacon_int / 2,
	4224	+ true);
	4225	+ }
3861	4226
3862	4227	iwl_mvm_update_quotas(mvm, false, NULL);
3863	4228	}
..	..	@@ -3927,7 +4292,9 @@
3927	4292
3928	4293	disabled_vif = vif;
3929	4294
3930		- iwl_mvm_mac_ctxt_changed(mvm, vif, true, NULL);
	4295	+ if (!fw_has_capa(&mvm->fw->ucode_capa,
	4296	+ IWL_UCODE_TLV_CAPA_CHANNEL_SWITCH_CMD))
	4297	+ iwl_mvm_mac_ctxt_changed(mvm, vif, true, NULL);
3931	4298	break;
3932	4299	default:
3933	4300	break;
..	..	@@ -3937,6 +4304,9 @@
3937	4304	iwl_mvm_binding_remove_vif(mvm, vif);
3938	4305
3939	4306	out:
	4307	+ if (fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_CHANNEL_SWITCH_CMD) &&
	4308	+ switching_chanctx)
	4309	+ return;
3940	4310	mvmvif->phy_ctxt = NULL;
3941	4311	iwl_mvm_power_update_mac(mvm);
3942	4312	}
..	..	@@ -4111,8 +4481,8 @@
4111	4481	int err;
4112	4482	u32 noa_duration;
4113	4483
4114		- err = nla_parse(tb, IWL_MVM_TM_ATTR_MAX, data, len, iwl_mvm_tm_policy,
4115		- NULL);
	4484	+ err = nla_parse_deprecated(tb, IWL_MVM_TM_ATTR_MAX, data, len,
	4485	+ iwl_mvm_tm_policy, NULL);
4116	4486	if (err)
4117	4487	return err;
4118	4488
..	..	@@ -4178,6 +4548,69 @@
4178	4548	"dummy channel switch op\n");
4179	4549	}
4180	4550
	4551	+static int iwl_mvm_schedule_client_csa(struct iwl_mvm *mvm,
	4552	+ struct ieee80211_vif *vif,
	4553	+ struct ieee80211_channel_switch *chsw)
	4554	+{
	4555	+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
	4556	+ struct iwl_chan_switch_te_cmd cmd = {
	4557	+ .mac_id = cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id,
	4558	+ mvmvif->color)),
	4559	+ .action = cpu_to_le32(FW_CTXT_ACTION_ADD),
	4560	+ .tsf = cpu_to_le32(chsw->timestamp),
	4561	+ .cs_count = chsw->count,
	4562	+ .cs_mode = chsw->block_tx,
	4563	+ };
	4564	+
	4565	+ lockdep_assert_held(&mvm->mutex);
	4566	+
	4567	+ if (chsw->delay)
	4568	+ cmd.cs_delayed_bcn_count =
	4569	+ DIV_ROUND_UP(chsw->delay, vif->bss_conf.beacon_int);
	4570	+
	4571	+ return iwl_mvm_send_cmd_pdu(mvm,
	4572	+ WIDE_ID(MAC_CONF_GROUP,
	4573	+ CHANNEL_SWITCH_TIME_EVENT_CMD),
	4574	+ 0, sizeof(cmd), &cmd);
	4575	+}
	4576	+
	4577	+static int iwl_mvm_old_pre_chan_sw_sta(struct iwl_mvm *mvm,
	4578	+ struct ieee80211_vif *vif,
	4579	+ struct ieee80211_channel_switch *chsw)
	4580	+{
	4581	+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
	4582	+ u32 apply_time;
	4583	+
	4584	+ /* Schedule the time event to a bit before beacon 1,
	4585	+ * to make sure we're in the new channel when the
	4586	+ * GO/AP arrives. In case count <= 1 immediately schedule the
	4587	+ * TE (this might result with some packet loss or connection
	4588	+ * loss).
	4589	+ */
	4590	+ if (chsw->count <= 1)
	4591	+ apply_time = 0;
	4592	+ else
	4593	+ apply_time = chsw->device_timestamp +
	4594	+ ((vif->bss_conf.beacon_int * (chsw->count - 1) -
	4595	+ IWL_MVM_CHANNEL_SWITCH_TIME_CLIENT) * 1024);
	4596	+
	4597	+ if (chsw->block_tx)
	4598	+ iwl_mvm_csa_client_absent(mvm, vif);
	4599	+
	4600	+ if (mvmvif->bf_data.bf_enabled) {
	4601	+ int ret = iwl_mvm_disable_beacon_filter(mvm, vif, 0);
	4602	+
	4603	+ if (ret)
	4604	+ return ret;
	4605	+ }
	4606	+
	4607	+ iwl_mvm_schedule_csa_period(mvm, vif, vif->bss_conf.beacon_int,
	4608	+ apply_time);
	4609	+
	4610	+ return 0;
	4611	+}
	4612	+
	4613	+#define IWL_MAX_CSA_BLOCK_TX 1500
4181	4614	static int iwl_mvm_pre_channel_switch(struct ieee80211_hw *hw,
4182	4615	struct ieee80211_vif *vif,
4183	4616	struct ieee80211_channel_switch *chsw)
..	..	@@ -4185,7 +4618,6 @@
4185	4618	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
4186	4619	struct ieee80211_vif *csa_vif;
4187	4620	struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
4188		- u32 apply_time;
4189	4621	int ret;
4190	4622
4191	4623	mutex_lock(&mvm->mutex);
..	..	@@ -4229,30 +4661,29 @@
4229	4661
4230	4662	break;
4231	4663	case NL80211_IFTYPE_STATION:
4232		- /* Schedule the time event to a bit before beacon 1,
4233		- * to make sure we're in the new channel when the
4234		- * GO/AP arrives. In case count <= 1 immediately schedule the
4235		- * TE (this might result with some packet loss or connection
4236		- * loss).
4237		- */
4238		- if (chsw->count <= 1)
4239		- apply_time = 0;
4240		- else
4241		- apply_time = chsw->device_timestamp +
4242		- ((vif->bss_conf.beacon_int * (chsw->count - 1) -
4243		- IWL_MVM_CHANNEL_SWITCH_TIME_CLIENT) * 1024);
4244		-
4245		- if (chsw->block_tx)
4246		- iwl_mvm_csa_client_absent(mvm, vif);
4247		-
4248		- iwl_mvm_schedule_csa_period(mvm, vif, vif->bss_conf.beacon_int,
4249		- apply_time);
4250		- if (mvmvif->bf_data.bf_enabled) {
4251		- ret = iwl_mvm_disable_beacon_filter(mvm, vif, 0);
4252		- if (ret)
4253		- goto out_unlock;
	4664	+ if (chsw->block_tx) {
	4665	+ /*
	4666	+ * In case of undetermined / long time with immediate
	4667	+ * quiet monitor status to gracefully disconnect
	4668	+ */
	4669	+ if (!chsw->count \|\|
	4670	+ chsw->count * vif->bss_conf.beacon_int >
	4671	+ IWL_MAX_CSA_BLOCK_TX)
	4672	+ schedule_delayed_work(&mvmvif->csa_work,
	4673	+ msecs_to_jiffies(IWL_MAX_CSA_BLOCK_TX));
4254	4674	}
4255	4675
	4676	+ if (!fw_has_capa(&mvm->fw->ucode_capa,
	4677	+ IWL_UCODE_TLV_CAPA_CHANNEL_SWITCH_CMD)) {
	4678	+ ret = iwl_mvm_old_pre_chan_sw_sta(mvm, vif, chsw);
	4679	+ if (ret)
	4680	+ goto out_unlock;
	4681	+ } else {
	4682	+ iwl_mvm_schedule_client_csa(mvm, vif, chsw);
	4683	+ }
	4684	+
	4685	+ mvmvif->csa_count = chsw->count;
	4686	+ mvmvif->csa_misbehave = false;
4256	4687	break;
4257	4688	default:
4258	4689	break;
..	..	@@ -4273,52 +4704,42 @@
4273	4704	return ret;
4274	4705	}
4275	4706
4276		-static int iwl_mvm_post_channel_switch(struct ieee80211_hw *hw,
4277		- struct ieee80211_vif *vif)
	4707	+static void iwl_mvm_channel_switch_rx_beacon(struct ieee80211_hw *hw,
	4708	+ struct ieee80211_vif *vif,
	4709	+ struct ieee80211_channel_switch *chsw)
4278	4710	{
4279		- struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
4280	4711	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
4281		- int ret;
	4712	+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
	4713	+ struct iwl_chan_switch_te_cmd cmd = {
	4714	+ .mac_id = cpu_to_le32(FW_CMD_ID_AND_COLOR(mvmvif->id,
	4715	+ mvmvif->color)),
	4716	+ .action = cpu_to_le32(FW_CTXT_ACTION_MODIFY),
	4717	+ .tsf = cpu_to_le32(chsw->timestamp),
	4718	+ .cs_count = chsw->count,
	4719	+ .cs_mode = chsw->block_tx,
	4720	+ };
4282	4721
4283		- mutex_lock(&mvm->mutex);
	4722	+ if (!fw_has_capa(&mvm->fw->ucode_capa, IWL_UCODE_TLV_CAPA_CS_MODIFY))
	4723	+ return;
4284	4724
4285		- if (mvmvif->csa_failed) {
4286		- mvmvif->csa_failed = false;
4287		- ret = -EIO;
4288		- goto out_unlock;
4289		- }
4290		-
4291		- if (vif->type == NL80211_IFTYPE_STATION) {
4292		- struct iwl_mvm_sta *mvmsta;
4293		-
4294		- mvmvif->csa_bcn_pending = false;
4295		- mvmsta = iwl_mvm_sta_from_staid_protected(mvm,
4296		- mvmvif->ap_sta_id);
4297		-
4298		- if (WARN_ON(!mvmsta)) {
4299		- ret = -EIO;
4300		- goto out_unlock;
	4725	+ if (chsw->count >= mvmvif->csa_count && chsw->block_tx) {
	4726	+ if (mvmvif->csa_misbehave) {
	4727	+ /* Second time, give up on this AP*/
	4728	+ iwl_mvm_abort_channel_switch(hw, vif);
	4729	+ ieee80211_chswitch_done(vif, false);
	4730	+ mvmvif->csa_misbehave = false;
	4731	+ return;
4301	4732	}
4302		-
4303		- iwl_mvm_sta_modify_disable_tx(mvm, mvmsta, false);
4304		-
4305		- iwl_mvm_mac_ctxt_changed(mvm, vif, false, NULL);
4306		-
4307		- ret = iwl_mvm_enable_beacon_filter(mvm, vif, 0);
4308		- if (ret)
4309		- goto out_unlock;
4310		-
4311		- iwl_mvm_stop_session_protection(mvm, vif);
	4733	+ mvmvif->csa_misbehave = true;
4312	4734	}
	4735	+ mvmvif->csa_count = chsw->count;
4313	4736
4314		- mvmvif->ps_disabled = false;
	4737	+ IWL_DEBUG_MAC80211(mvm, "Modify CSA on mac %d\n", mvmvif->id);
4315	4738
4316		- ret = iwl_mvm_power_update_ps(mvm);
4317		-
4318		-out_unlock:
4319		- mutex_unlock(&mvm->mutex);
4320		-
4321		- return ret;
	4739	+ WARN_ON(iwl_mvm_send_cmd_pdu(mvm,
	4740	+ WIDE_ID(MAC_CONF_GROUP,
	4741	+ CHANNEL_SWITCH_TIME_EVENT_CMD),
	4742	+ CMD_ASYNC, sizeof(cmd), &cmd));
4322	4743	}
4323	4744
4324	4745	static void iwl_mvm_flush_no_vif(struct iwl_mvm *mvm, u32 queues, bool drop)
..	..	@@ -4338,7 +4759,7 @@
4338	4759	}
4339	4760
4340	4761	mutex_lock(&mvm->mutex);
4341		- for (i = 0; i < ARRAY_SIZE(mvm->fw_id_to_mac_id); i++) {
	4762	+ for (i = 0; i < mvm->fw->ucode_capa.num_stations; i++) {
4342	4763	struct ieee80211_sta *sta;
4343	4764
4344	4765	sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[i],
..	..	@@ -4347,7 +4768,7 @@
4347	4768	continue;
4348	4769
4349	4770	if (drop)
4350		- iwl_mvm_flush_sta_tids(mvm, i, 0xFF, 0);
	4771	+ iwl_mvm_flush_sta_tids(mvm, i, 0xFFFF, 0);
4351	4772	else
4352	4773	iwl_mvm_wait_sta_queues_empty(mvm,
4353	4774	iwl_mvm_sta_from_mac80211(sta));
..	..	@@ -4380,7 +4801,7 @@
4380	4801	mvmvif = iwl_mvm_vif_from_mac80211(vif);
4381	4802
4382	4803	/* flush the AP-station and all TDLS peers */
4383		- for (i = 0; i < ARRAY_SIZE(mvm->fw_id_to_mac_id); i++) {
	4804	+ for (i = 0; i < mvm->fw->ucode_capa.num_stations; i++) {
4384	4805	sta = rcu_dereference_protected(mvm->fw_id_to_mac_id[i],
4385	4806	lockdep_is_held(&mvm->mutex));
4386	4807	if (IS_ERR_OR_NULL(sta))
..	..	@@ -4394,7 +4815,7 @@
4394	4815	WARN_ON(i != mvmvif->ap_sta_id && !sta->tdls);
4395	4816
4396	4817	if (drop) {
4397		- if (iwl_mvm_flush_sta(mvm, mvmsta, false, 0))
	4818	+ if (iwl_mvm_flush_sta(mvm, mvmsta, false))
4398	4819	IWL_ERR(mvm, "flush request fail\n");
4399	4820	} else {
4400	4821	msk \|= mvmsta->tfd_queue_msk;
..	..	@@ -4462,6 +4883,125 @@
4462	4883	return ret;
4463	4884	}
4464	4885
	4886	+static void iwl_mvm_set_sta_rate(u32 rate_n_flags, struct rate_info *rinfo)
	4887	+{
	4888	+ switch (rate_n_flags & RATE_MCS_CHAN_WIDTH_MSK) {
	4889	+ case RATE_MCS_CHAN_WIDTH_20:
	4890	+ rinfo->bw = RATE_INFO_BW_20;
	4891	+ break;
	4892	+ case RATE_MCS_CHAN_WIDTH_40:
	4893	+ rinfo->bw = RATE_INFO_BW_40;
	4894	+ break;
	4895	+ case RATE_MCS_CHAN_WIDTH_80:
	4896	+ rinfo->bw = RATE_INFO_BW_80;
	4897	+ break;
	4898	+ case RATE_MCS_CHAN_WIDTH_160:
	4899	+ rinfo->bw = RATE_INFO_BW_160;
	4900	+ break;
	4901	+ }
	4902	+
	4903	+ if (rate_n_flags & RATE_MCS_HT_MSK) {
	4904	+ rinfo->flags \|= RATE_INFO_FLAGS_MCS;
	4905	+ rinfo->mcs = u32_get_bits(rate_n_flags, RATE_HT_MCS_INDEX_MSK);
	4906	+ rinfo->nss = u32_get_bits(rate_n_flags,
	4907	+ RATE_HT_MCS_NSS_MSK) + 1;
	4908	+ if (rate_n_flags & RATE_MCS_SGI_MSK)
	4909	+ rinfo->flags \|= RATE_INFO_FLAGS_SHORT_GI;
	4910	+ } else if (rate_n_flags & RATE_MCS_VHT_MSK) {
	4911	+ rinfo->flags \|= RATE_INFO_FLAGS_VHT_MCS;
	4912	+ rinfo->mcs = u32_get_bits(rate_n_flags,
	4913	+ RATE_VHT_MCS_RATE_CODE_MSK);
	4914	+ rinfo->nss = u32_get_bits(rate_n_flags,
	4915	+ RATE_VHT_MCS_NSS_MSK) + 1;
	4916	+ if (rate_n_flags & RATE_MCS_SGI_MSK)
	4917	+ rinfo->flags \|= RATE_INFO_FLAGS_SHORT_GI;
	4918	+ } else if (rate_n_flags & RATE_MCS_HE_MSK) {
	4919	+ u32 gi_ltf = u32_get_bits(rate_n_flags,
	4920	+ RATE_MCS_HE_GI_LTF_MSK);
	4921	+
	4922	+ rinfo->flags \|= RATE_INFO_FLAGS_HE_MCS;
	4923	+ rinfo->mcs = u32_get_bits(rate_n_flags,
	4924	+ RATE_VHT_MCS_RATE_CODE_MSK);
	4925	+ rinfo->nss = u32_get_bits(rate_n_flags,
	4926	+ RATE_VHT_MCS_NSS_MSK) + 1;
	4927	+
	4928	+ if (rate_n_flags & RATE_MCS_HE_106T_MSK) {
	4929	+ rinfo->bw = RATE_INFO_BW_HE_RU;
	4930	+ rinfo->he_ru_alloc = NL80211_RATE_INFO_HE_RU_ALLOC_106;
	4931	+ }
	4932	+
	4933	+ switch (rate_n_flags & RATE_MCS_HE_TYPE_MSK) {
	4934	+ case RATE_MCS_HE_TYPE_SU:
	4935	+ case RATE_MCS_HE_TYPE_EXT_SU:
	4936	+ if (gi_ltf == 0 \|\| gi_ltf == 1)
	4937	+ rinfo->he_gi = NL80211_RATE_INFO_HE_GI_0_8;
	4938	+ else if (gi_ltf == 2)
	4939	+ rinfo->he_gi = NL80211_RATE_INFO_HE_GI_1_6;
	4940	+ else if (rate_n_flags & RATE_MCS_SGI_MSK)
	4941	+ rinfo->he_gi = NL80211_RATE_INFO_HE_GI_0_8;
	4942	+ else
	4943	+ rinfo->he_gi = NL80211_RATE_INFO_HE_GI_3_2;
	4944	+ break;
	4945	+ case RATE_MCS_HE_TYPE_MU:
	4946	+ if (gi_ltf == 0 \|\| gi_ltf == 1)
	4947	+ rinfo->he_gi = NL80211_RATE_INFO_HE_GI_0_8;
	4948	+ else if (gi_ltf == 2)
	4949	+ rinfo->he_gi = NL80211_RATE_INFO_HE_GI_1_6;
	4950	+ else
	4951	+ rinfo->he_gi = NL80211_RATE_INFO_HE_GI_3_2;
	4952	+ break;
	4953	+ case RATE_MCS_HE_TYPE_TRIG:
	4954	+ if (gi_ltf == 0 \|\| gi_ltf == 1)
	4955	+ rinfo->he_gi = NL80211_RATE_INFO_HE_GI_1_6;
	4956	+ else
	4957	+ rinfo->he_gi = NL80211_RATE_INFO_HE_GI_3_2;
	4958	+ break;
	4959	+ }
	4960	+
	4961	+ if (rate_n_flags & RATE_HE_DUAL_CARRIER_MODE_MSK)
	4962	+ rinfo->he_dcm = 1;
	4963	+ } else {
	4964	+ switch (u32_get_bits(rate_n_flags, RATE_LEGACY_RATE_MSK)) {
	4965	+ case IWL_RATE_1M_PLCP:
	4966	+ rinfo->legacy = 10;
	4967	+ break;
	4968	+ case IWL_RATE_2M_PLCP:
	4969	+ rinfo->legacy = 20;
	4970	+ break;
	4971	+ case IWL_RATE_5M_PLCP:
	4972	+ rinfo->legacy = 55;
	4973	+ break;
	4974	+ case IWL_RATE_11M_PLCP:
	4975	+ rinfo->legacy = 110;
	4976	+ break;
	4977	+ case IWL_RATE_6M_PLCP:
	4978	+ rinfo->legacy = 60;
	4979	+ break;
	4980	+ case IWL_RATE_9M_PLCP:
	4981	+ rinfo->legacy = 90;
	4982	+ break;
	4983	+ case IWL_RATE_12M_PLCP:
	4984	+ rinfo->legacy = 120;
	4985	+ break;
	4986	+ case IWL_RATE_18M_PLCP:
	4987	+ rinfo->legacy = 180;
	4988	+ break;
	4989	+ case IWL_RATE_24M_PLCP:
	4990	+ rinfo->legacy = 240;
	4991	+ break;
	4992	+ case IWL_RATE_36M_PLCP:
	4993	+ rinfo->legacy = 360;
	4994	+ break;
	4995	+ case IWL_RATE_48M_PLCP:
	4996	+ rinfo->legacy = 480;
	4997	+ break;
	4998	+ case IWL_RATE_54M_PLCP:
	4999	+ rinfo->legacy = 540;
	5000	+ break;
	5001	+ }
	5002	+ }
	5003	+}
	5004	+
4465	5005	static void iwl_mvm_mac_sta_statistics(struct ieee80211_hw *hw,
4466	5006	struct ieee80211_vif *vif,
4467	5007	struct ieee80211_sta *sta,
..	..	@@ -4472,8 +5012,15 @@
4472	5012	struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta);
4473	5013
4474	5014	if (mvmsta->avg_energy) {
4475		- sinfo->signal_avg = mvmsta->avg_energy;
	5015	+ sinfo->signal_avg = -(s8)mvmsta->avg_energy;
4476	5016	sinfo->filled \|= BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG);
	5017	+ }
	5018	+
	5019	+ if (iwl_mvm_has_tlc_offload(mvm)) {
	5020	+ struct iwl_lq_sta_rs_fw *lq_sta = &mvmsta->lq_sta.rs_fw;
	5021	+
	5022	+ iwl_mvm_set_sta_rate(lq_sta->last_rate_n_flags, &sinfo->txrate);
	5023	+ sinfo->filled \|= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
4477	5024	}
4478	5025
4479	5026	/* if beacon filtering isn't on mac80211 does it anyway */
..	..	@@ -4517,14 +5064,12 @@
4517	5064	struct iwl_fw_dbg_trigger_tlv *trig;
4518	5065	struct iwl_fw_dbg_trigger_mlme *trig_mlme;
4519	5066
4520		- if (!iwl_fw_dbg_trigger_enabled(mvm->fw, FW_DBG_TRIGGER_MLME))
	5067	+ trig = iwl_fw_dbg_trigger_on(&mvm->fwrt, ieee80211_vif_to_wdev(vif),
	5068	+ FW_DBG_TRIGGER_MLME);
	5069	+ if (!trig)
4521	5070	return;
4522	5071
4523		- trig = iwl_fw_dbg_get_trigger(mvm->fw, FW_DBG_TRIGGER_MLME);
4524	5072	trig_mlme = (void *)trig->data;
4525		- if (!iwl_fw_dbg_trigger_check_stop(&mvm->fwrt,
4526		- ieee80211_vif_to_wdev(vif), trig))
4527		- return;
4528	5073
4529	5074	if (event->u.mlme.data == ASSOC_EVENT) {
4530	5075	if (event->u.mlme.status == MLME_DENIED)
..	..	@@ -4559,14 +5104,12 @@
4559	5104	struct iwl_fw_dbg_trigger_tlv *trig;
4560	5105	struct iwl_fw_dbg_trigger_ba *ba_trig;
4561	5106
4562		- if (!iwl_fw_dbg_trigger_enabled(mvm->fw, FW_DBG_TRIGGER_BA))
	5107	+ trig = iwl_fw_dbg_trigger_on(&mvm->fwrt, ieee80211_vif_to_wdev(vif),
	5108	+ FW_DBG_TRIGGER_BA);
	5109	+ if (!trig)
4563	5110	return;
4564	5111
4565		- trig = iwl_fw_dbg_get_trigger(mvm->fw, FW_DBG_TRIGGER_BA);
4566	5112	ba_trig = (void *)trig->data;
4567		- if (!iwl_fw_dbg_trigger_check_stop(&mvm->fwrt,
4568		- ieee80211_vif_to_wdev(vif), trig))
4569		- return;
4570	5113
4571	5114	if (!(le16_to_cpu(ba_trig->rx_bar) & BIT(event->u.ba.tid)))
4572	5115	return;
..	..	@@ -4606,24 +5149,25 @@
4606	5149	u32 qmask = BIT(mvm->trans->num_rx_queues) - 1;
4607	5150	int ret;
4608	5151
4609		- lockdep_assert_held(&mvm->mutex);
4610	5152
4611	5153	if (!iwl_mvm_has_new_rx_api(mvm))
4612	5154	return;
4613	5155
4614		- notif->cookie = mvm->queue_sync_cookie;
4615		-
4616		- if (notif->sync)
	5156	+ if (notif->sync) {
	5157	+ notif->cookie = mvm->queue_sync_cookie;
4617	5158	atomic_set(&mvm->queue_sync_counter,
4618	5159	mvm->trans->num_rx_queues);
	5160	+ }
4619	5161
4620		- ret = iwl_mvm_notify_rx_queue(mvm, qmask, (u8 *)notif, size);
	5162	+ ret = iwl_mvm_notify_rx_queue(mvm, qmask, (u8 *)notif,
	5163	+ size, !notif->sync);
4621	5164	if (ret) {
4622	5165	IWL_ERR(mvm, "Failed to trigger RX queues sync (%d)\n", ret);
4623	5166	goto out;
4624	5167	}
4625	5168
4626	5169	if (notif->sync) {
	5170	+ lockdep_assert_held(&mvm->mutex);
4627	5171	ret = wait_event_timeout(mvm->rx_sync_waitq,
4628	5172	atomic_read(&mvm->queue_sync_counter) == 0 \|\|
4629	5173	iwl_mvm_is_radio_killed(mvm),
..	..	@@ -4633,7 +5177,8 @@
4633	5177
4634	5178	out:
4635	5179	atomic_set(&mvm->queue_sync_counter, 0);
4636		- mvm->queue_sync_cookie++;
	5180	+ if (notif->sync)
	5181	+ mvm->queue_sync_cookie++;
4637	5182	}
4638	5183
4639	5184	static void iwl_mvm_sync_rx_queues(struct ieee80211_hw *hw)
..	..	@@ -4649,9 +5194,91 @@
4649	5194	mutex_unlock(&mvm->mutex);
4650	5195	}
4651	5196
	5197	+static int
	5198	+iwl_mvm_mac_get_ftm_responder_stats(struct ieee80211_hw *hw,
	5199	+ struct ieee80211_vif *vif,
	5200	+ struct cfg80211_ftm_responder_stats *stats)
	5201	+{
	5202	+ struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
	5203	+ struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
	5204	+
	5205	+ if (vif->p2p \|\| vif->type != NL80211_IFTYPE_AP \|\|
	5206	+ !mvmvif->ap_ibss_active \|\| !vif->bss_conf.ftm_responder)
	5207	+ return -EINVAL;
	5208	+
	5209	+ mutex_lock(&mvm->mutex);
	5210	+ *stats = mvm->ftm_resp_stats;
	5211	+ mutex_unlock(&mvm->mutex);
	5212	+
	5213	+ stats->filled = BIT(NL80211_FTM_STATS_SUCCESS_NUM) \|
	5214	+ BIT(NL80211_FTM_STATS_PARTIAL_NUM) \|
	5215	+ BIT(NL80211_FTM_STATS_FAILED_NUM) \|
	5216	+ BIT(NL80211_FTM_STATS_ASAP_NUM) \|
	5217	+ BIT(NL80211_FTM_STATS_NON_ASAP_NUM) \|
	5218	+ BIT(NL80211_FTM_STATS_TOTAL_DURATION_MSEC) \|
	5219	+ BIT(NL80211_FTM_STATS_UNKNOWN_TRIGGERS_NUM) \|
	5220	+ BIT(NL80211_FTM_STATS_RESCHEDULE_REQUESTS_NUM) \|
	5221	+ BIT(NL80211_FTM_STATS_OUT_OF_WINDOW_TRIGGERS_NUM);
	5222	+
	5223	+ return 0;
	5224	+}
	5225	+
	5226	+static int iwl_mvm_start_pmsr(struct ieee80211_hw *hw,
	5227	+ struct ieee80211_vif *vif,
	5228	+ struct cfg80211_pmsr_request *request)
	5229	+{
	5230	+ struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
	5231	+ int ret;
	5232	+
	5233	+ mutex_lock(&mvm->mutex);
	5234	+ ret = iwl_mvm_ftm_start(mvm, vif, request);
	5235	+ mutex_unlock(&mvm->mutex);
	5236	+
	5237	+ return ret;
	5238	+}
	5239	+
	5240	+static void iwl_mvm_abort_pmsr(struct ieee80211_hw *hw,
	5241	+ struct ieee80211_vif *vif,
	5242	+ struct cfg80211_pmsr_request *request)
	5243	+{
	5244	+ struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
	5245	+
	5246	+ mutex_lock(&mvm->mutex);
	5247	+ iwl_mvm_ftm_abort(mvm, request);
	5248	+ mutex_unlock(&mvm->mutex);
	5249	+}
	5250	+
	5251	+static bool iwl_mvm_can_hw_csum(struct sk_buff *skb)
	5252	+{
	5253	+ u8 protocol = ip_hdr(skb)->protocol;
	5254	+
	5255	+ if (!IS_ENABLED(CONFIG_INET))
	5256	+ return false;
	5257	+
	5258	+ return protocol == IPPROTO_TCP \|\| protocol == IPPROTO_UDP;
	5259	+}
	5260	+
	5261	+static bool iwl_mvm_mac_can_aggregate(struct ieee80211_hw *hw,
	5262	+ struct sk_buff *head,
	5263	+ struct sk_buff *skb)
	5264	+{
	5265	+ struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
	5266	+
	5267	+ /* For now don't aggregate IPv6 in AMSDU */
	5268	+ if (skb->protocol != htons(ETH_P_IP))
	5269	+ return false;
	5270	+
	5271	+ if (!iwl_mvm_is_csum_supported(mvm))
	5272	+ return true;
	5273	+
	5274	+ return iwl_mvm_can_hw_csum(skb) == iwl_mvm_can_hw_csum(head);
	5275	+}
	5276	+
4652	5277	const struct ieee80211_ops iwl_mvm_hw_ops = {
4653	5278	.tx = iwl_mvm_mac_tx,
	5279	+ .wake_tx_queue = iwl_mvm_mac_wake_tx_queue,
4654	5280	.ampdu_action = iwl_mvm_mac_ampdu_action,
	5281	+ .get_antenna = iwl_mvm_op_get_antenna,
4655	5282	.start = iwl_mvm_mac_start,
4656	5283	.reconfig_complete = iwl_mvm_mac_reconfig_complete,
4657	5284	.stop = iwl_mvm_mac_stop,
..	..	@@ -4700,6 +5327,8 @@
4700	5327	.channel_switch = iwl_mvm_channel_switch,
4701	5328	.pre_channel_switch = iwl_mvm_pre_channel_switch,
4702	5329	.post_channel_switch = iwl_mvm_post_channel_switch,
	5330	+ .abort_channel_switch = iwl_mvm_abort_channel_switch,
	5331	+ .channel_switch_rx_beacon = iwl_mvm_channel_switch_rx_beacon,
4703	5332
4704	5333	.tdls_channel_switch = iwl_mvm_tdls_channel_switch,
4705	5334	.tdls_cancel_channel_switch = iwl_mvm_tdls_cancel_channel_switch,
..	..	@@ -4724,6 +5353,11 @@
4724	5353	#endif
4725	5354	.get_survey = iwl_mvm_mac_get_survey,
4726	5355	.sta_statistics = iwl_mvm_mac_sta_statistics,
	5356	+ .get_ftm_responder_stats = iwl_mvm_mac_get_ftm_responder_stats,
	5357	+ .start_pmsr = iwl_mvm_start_pmsr,
	5358	+ .abort_pmsr = iwl_mvm_abort_pmsr,
	5359	+
	5360	+ .can_aggregate_in_amsdu = iwl_mvm_mac_can_aggregate,
4727	5361	#ifdef CONFIG_IWLWIFI_DEBUGFS
4728	5362	.sta_add_debugfs = iwl_mvm_sta_add_debugfs,
4729	5363	#endif