bes2600: reset firmware state on wsm_join_confirm failure

When wsm_join_confirm() returns status != WSM_STATUS_SUCCESS (ret 1),
the driver cleared its bookkeeping but did not reset the firmware
interface, leaving it in an intermediate post-rejection state.  A rapid
second JOIN attempt (e.g. wpa_supplicant retrying after the
PREV_AUTH_NOT_VALID deauth that mac80211 emits to clean up) hits an
inconsistent firmware context, causing bes2600_sdio_read_rx_batch to
return SDIO error which cascades into wifi_force_close:

  wsm_join_confirm ret 1
  deauthenticating from <bssid> by local choice (Reason: 2=PREV_AUTH_NOT_VALID)
  [~10 min later]
  bes2600_sdio_read_rx_batch sdio read error
  WARNING: at bes2600_tx_loop_set_enable / bes2600_chrdev_wifi_force_close

Two additions to the failure path in bes2600_join_work():

1. wsm_reset (WSM_REQ_ID_RESET, 0x000A) with reset_statistics=false.
   This returns the firmware to IDLE so the next association attempt
   starts from a known-clean state.  bes2600_unjoin_work() performs the
   same reset, but gates it on join_status != PASSIVE; after a failed
   JOIN join_status stays PASSIVE, so that path never fires — call
   wsm_reset directly here instead.

   Contract: wsm_reset takes only wsm_cmd_lock (not conf_lock, not
   wsm_oper_lock).  wsm_oper_unlock was already called inside
   wsm_join_confirm() before wsm_join() returned -EINVAL, so there is
   no re-entrancy hazard.  conf_lock is held at this call site, which is
   compatible with wsm_reset's locking requirements.

2. queue_work(workqueue, &priv->unjoin_work) instead of direct
   wsm_unlock_tx().  Serialises the next association attempt through
   the workqueue so it cannot race against lingering firmware-side
   effects of the failure.  If unjoin_work is already queued, release
   TX immediately (matching cw1200 ancestor sta.c:1344 comment "Tx lock
   still held, unjoin will clear it.").

Ancestor reference: drivers/net/wireless/st/cw1200/sta.c, function
cw1200_join_work(), lines 1339-1344.  cw1200 queues unjoin_work on join
failure for the same reason.  bes2600 needs the direct wsm_reset in
addition because its unjoin_work has the join_status gate that cw1200's
cw1200_do_unjoin() does not.

Signed-off-by: Claude (noether) <claude@reauktion.de>

bes2600/Makefile

@@ -2,7 +2,7 @@ KERN_DIR = /lib/modules/$(KERNELRELEASE)/build
 # feature option
 BES2600                                 ?= m
 
-CONFIG_BES2600_TESTMODE                 ?= y
+CONFIG_BES2600_TESTMODE                 ?= n
 
 CONFIG_BES2600_ENABLE_DEVEL_LOGS        ?= n
 
@@ -28,6 +28,7 @@ CONFIG_BES2600_WIFI_BOOT_ON             ?= y
 CONFIG_BES2600_BT_BOOT_ON               ?= n
 
 BES2600_GPIO_WAKEUP_AP                  ?= n
+BES2600_WRITE_DPD_TO_FILE               ?= n
 BES2600_TX_MORE_RETRY                   ?= n
 
 # bes evb
@@ -64,8 +65,8 @@ BES2600_DRV_VERSION := bes2600_0.3.5_2024.0116
 
 ifeq ($(CONFIG_BES2600_CALIB_FROM_LINUX),y)
 FACTORY_CRC_CHECK                    ?= n
-STANDARD_FACTORY_EFUSE_FLAG          ?= n
-FACTORY_PATH                 ?= bes2600/bes2600_factory.txt
+STANDARD_FACTORY_EFUSE_FLAG          ?= y
+FACTORY_PATH                 ?= /lib/firmware/bes2600_factory.txt
 endif
 
 # basic function
@@ -92,6 +93,12 @@ ccflags-y += -DBES_UNIFIED_PM
 ccflags-y += -DBES_SDIO_OPTIMIZED_LEN
 ccflags-y += -DBES2600_HOST_TIMESTAMP_DEBUG
 
+ifeq ($(BES2600_WRITE_DPD_TO_FILE),y)
+BES2600_DPD_PATH ?= /data/cfg/bes2600_dpd.bin
+BES2600_DEFAULT_DPD_PATH ?= /lib/firmware/bes2600_dpd.bin
+BES2600_DPD_GOLDEN_PATH ?= /data/cfg/bes2600_dpd_golden.bin
+endif
+
 ifeq ($(BES2600_DUMP_FW_DPD_LOG),y)
 BES2600_DPD_LOG_PATH ?= /data/applog/bes2600_dpd_log.log
 endif
@@ -128,6 +135,9 @@ ccflags-y += $(call boolen_flag,BSS_LOSS_CHECK,y)
 ccflags-y += $(call string_flag,BES2600_LOAD_FW_TOOL_PATH)
 ccflags-y += $(call string_flag,BES2600_LOAD_FW_TOOL_DEVICE)
 ccflags-y += $(call string_flag,BES2600_DRV_VERSION)
+ccflags-y += $(call string_flag,BES2600_DPD_PATH)
+ccflags-y += $(call string_flag,BES2600_DEFAULT_DPD_PATH)
+ccflags-y += $(call string_flag,BES2600_DPD_GOLDEN_PATH)
 
 ccflags-y += $(call boolen_flag,BES2600_INDEPENDENT_EVB,y)
 ccflags-y += $(call boolen_flag,BES2600_INTEGRATED_MODULE_V1,y)
@@ -149,6 +159,8 @@ ccflags-y += $(call boolen_flag,FACTORY_SAVE_MULTI_PATH,y)
 ccflags-y += $(call boolen_flag,FACTORY_CRC_CHECK,y)
 
 ccflags-y += $(call boolen_flag,BES2600_GPIO_WAKEUP_AP,y)
+ccflags-y += $(call boolen_flag,BES2600_WRITE_DPD_TO_FILE,y)
+
 ccflags-y += $(call boolen_flag,BES2600_DUMP_FW_DPD_LOG,y)
 ccflags-y += $(call string_flag,BES2600_DPD_LOG_PATH)
 

bes2600/ap.c

@@ -14,6 +14,7 @@
 #include <linux/umh.h>
 #include "epta_request.h"
 #include "epta_coex.h"
+#include "txrx_opt.h"
 
 #ifdef AP_HT_CAP_UPDATE
 #define HT_INFO_OFFSET 4
@@ -1162,7 +1163,7 @@ void bes2600_multicast_stop_work(struct work_struct *work)
 		container_of(work, struct bes2600_vif, multicast_stop_work);
 
 	if (priv->aid0_bit_set) {
-		del_timer_sync(&priv->mcast_timeout);
+		timer_delete_sync(&priv->mcast_timeout);
 		wsm_lock_tx(priv->hw_priv);
 		priv->aid0_bit_set = false;
 		bes2600_set_tim_impl(priv, false);
@@ -1172,7 +1173,7 @@ void bes2600_multicast_stop_work(struct work_struct *work)
 
 void bes2600_mcast_timeout(struct timer_list *t)
 {
-	struct bes2600_vif *priv = from_timer(priv, t, mcast_timeout);
+	struct bes2600_vif *priv = timer_container_of(priv, t, mcast_timeout);
 
 	wiphy_warn(priv->hw->wiphy,
 		"Multicast delivery timeout.\n");
@@ -1246,7 +1247,7 @@ void bes2600_suspend_resume(struct bes2600_vif *priv,
 		}
 		spin_unlock_bh(&priv->ps_state_lock);
 		if (cancel_tmo)
-			del_timer_sync(&priv->mcast_timeout);
+			timer_delete_sync(&priv->mcast_timeout);
 	} else {
 		spin_lock_bh(&priv->ps_state_lock);
 		bes2600_ps_notify(priv, arg->link_id, arg->stop);

bes2600/bes2600_btuart.c

@@ -0,0 +1,509 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Bestechnic BES2600 BT UART driver
+ *
+ * Copyright (c) 2025 Dang Huynh <dang.huynh@mainlining.org>
+ */
+
+#include <linux/module.h>
+
+#include <linux/kernel.h>
+#include <linux/init.h>
+#include <linux/slab.h>
+#include <linux/types.h>
+#include <linux/errno.h>
+#include <linux/skbuff.h>
+
+#include <linux/of.h>
+#include <linux/of_irq.h>
+
+#include <linux/device.h>
+#include <linux/pm.h>
+#include <linux/pm_wakeirq.h>
+
+#include <linux/gpio/consumer.h>
+#include <linux/pinctrl/consumer.h>
+#include <linux/serdev.h>
+
+#include <net/bluetooth/bluetooth.h>
+#include <net/bluetooth/hci_core.h>
+
+#include "bes2600.h"
+#include "bes_chardev.h"
+
+#include "h4_recv.h"
+
+struct bes2600_btuart_data {
+	struct serdev_device *serdev;
+	struct hci_dev *hdev;
+
+	struct pinctrl *pinctrl;
+	struct pinctrl_state *pinctrl_default;
+
+	/* Device tree properties */
+	struct gpio_desc *power;
+	struct gpio_desc *wakeup;
+	int speed;
+
+	unsigned long state;
+
+	int wake_irq;
+	bool opened;
+
+	int err_count; /* workaround for broken firmware */
+
+	struct sk_buff_head txq;
+	struct work_struct tx_work;
+	rwlock_t lock;
+
+	struct sk_buff *rx_skb;
+};
+
+static const struct h4_recv_pkt bes2600_btuart_recv_pkts[] = {
+	{ H4_RECV_ACL,      .recv = hci_recv_frame },
+	{ H4_RECV_SCO,      .recv = hci_recv_frame },
+	{ H4_RECV_EVENT,    .recv = hci_recv_frame },
+};
+
+static int bes2600_btuart_power(struct bes2600_btuart_data *data, bool enable)
+{
+	int ret, val;
+
+	if (enable)
+		val = 1;
+	else
+		val = 0;
+
+	ret = gpiod_set_value_cansleep(data->power, val);
+	if (ret)
+		return ret;
+
+	ret = bes2600_chrdev_switch_subsys_glb(-1, val);
+	if (ret)
+		return ret;
+
+	return 0;
+}
+
+/*
+ * HACK: Potential DOS issue, not sure if the firmware can filter it but
+ * there needs to be a better way to detect this. Even better, fix the firmware.
+ */
+static int bes2600_btuart_bug_recovery(struct bes2600_btuart_data *data)
+{
+	struct hci_dev *hdev = data->hdev;
+	struct serdev_device *serdev = data->serdev;
+
+	bt_dev_info(hdev, "Attempting to recover from Firmware bug (might not work)");
+
+	serdev_device_set_flow_control(serdev, false);
+	bes2600_btuart_power(data, false);
+	msleep(20);
+	bes2600_btuart_power(data, true);
+	serdev_device_set_flow_control(serdev, true);
+	msleep(100);
+
+	hci_reset_dev(hdev);
+
+	return 0;
+}
+
+static int bes2600_btuart_recv(struct bes2600_btuart_data *data, const void *buffer, int count)
+{
+	struct hci_dev *hdev = data->hdev;
+	int err = 0;
+
+	data->rx_skb = h4_recv_buf(hdev, data->rx_skb, buffer, count,
+				   bes2600_btuart_recv_pkts, ARRAY_SIZE(bes2600_btuart_recv_pkts));
+	if (IS_ERR(data->rx_skb))
+		err = PTR_ERR(data->rx_skb);
+
+	return err;
+}
+
+static size_t bes2600_btuart_receive_buf(struct serdev_device *serdev,
+					 const u8 *buf, size_t count)
+{
+	struct bes2600_btuart_data *data = serdev_device_get_drvdata(serdev);
+	struct hci_dev *hdev = data->hdev;
+	int ret;
+
+	read_lock(&data->lock);
+	ret = bes2600_btuart_recv(data, buf, count);
+	if (ret) {
+		bt_dev_err(hdev, "Failed to receive packet (%d)", ret);
+		data->err_count++;
+		ret = 0;
+	} else {
+		hdev->stat.byte_rx += count;
+		ret = count;
+	}
+	read_unlock(&data->lock);
+
+	/* Attempting to recovery from a bugged firmware */
+	if (data->err_count > 10) {
+		bes2600_btuart_bug_recovery(data);
+		data->err_count = 0;
+	}
+
+	return ret;
+}
+
+static const struct serdev_device_ops bes2600_btuart_serdev_client_ops = {
+	.receive_buf = bes2600_btuart_receive_buf,
+	.write_wakeup = serdev_device_write_wakeup,
+};
+
+static void bes2600_btuart_wake(struct hci_dev *hdev, bool enable)
+{
+	struct bes2600_btuart_data *data = hci_get_drvdata(hdev);
+
+	if (enable)
+		gpiod_set_value_cansleep(data->wakeup, 1);
+	else
+		gpiod_set_value_cansleep(data->wakeup, 0);
+}
+
+static int bes2600_btuart_open(struct hci_dev *hdev)
+{
+	struct bes2600_btuart_data *data = hci_get_drvdata(hdev);
+	struct serdev_device *serdev = data->serdev;
+	int ret;
+
+	ret = serdev_device_open(serdev);
+	if (ret < 0) {
+		bt_dev_err(hdev, "Failed to open serial device");
+		return ret;
+	}
+
+	serdev_device_set_flow_control(serdev, false);
+
+	ret = serdev_device_set_baudrate(serdev, data->speed);
+	if (ret < 0) {
+		bt_dev_err(hdev, "Failed to set baud rate");
+		return ret;
+	}
+
+	serdev_device_set_flow_control(serdev, true);
+
+	data->opened = true;
+
+	bes2600_btuart_wake(hdev, true);
+	return 0;
+}
+
+static int bes2600_btuart_flush(struct hci_dev *hdev)
+{
+	struct bes2600_btuart_data *data = hci_get_drvdata(hdev);
+	struct serdev_device *serdev = data->serdev;
+
+	serdev_device_write_flush(serdev);
+
+	read_lock(&data->lock);
+	skb_queue_purge(&data->txq);
+	cancel_work_sync(&data->tx_work);
+	read_unlock(&data->lock);
+
+	return 0;
+}
+
+static int bes2600_btuart_close(struct hci_dev *hdev)
+{
+	struct bes2600_btuart_data *data = hci_get_drvdata(hdev);
+	struct serdev_device *serdev = data->serdev;
+
+	bes2600_btuart_wake(hdev, false);
+
+	serdev_device_set_flow_control(serdev, false);
+	serdev_device_close(serdev);
+
+	data->opened = false;
+
+	return 0;
+}
+
+static int bes2600_btuart_setup(struct hci_dev *hdev)
+{
+	struct bes2600_btuart_data *data = hci_get_drvdata(hdev);
+	int ret;
+
+	if (bes2600_chrdev_is_bus_error())
+		return -EFAULT;
+
+	/* Set pinctrl state to default */
+	ret = pinctrl_select_state(data->pinctrl, data->pinctrl_default);
+	if (ret < 0) {
+		bt_dev_err(hdev, "Failed to setup pinctrl state");
+		return ret;
+	}
+
+	/* Set power GPIO to high and tell chardev to switch to BT */
+	bes2600_btuart_power(data, true);
+
+	return 0;
+}
+
+static int bes2600_btuart_shutdown(struct hci_dev *hdev)
+{
+	struct bes2600_btuart_data *data = hci_get_drvdata(hdev);
+
+	if (bes2600_chrdev_is_bus_error())
+		return -EFAULT;
+
+	bes2600_btuart_power(data, false);
+
+	return 0;
+}
+
+static int bes2600_btuart_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
+{
+	char *pkt_type = NULL;
+	struct bes2600_btuart_data *data = hci_get_drvdata(hdev);
+
+	switch (hci_skb_pkt_type(skb)) {
+	case HCI_COMMAND_PKT:
+		hdev->stat.cmd_tx++;
+		break;
+	case HCI_ACLDATA_PKT:
+		hdev->stat.acl_tx++;
+		break;
+	case HCI_SCODATA_PKT:
+		hdev->stat.sco_tx++;
+		break;
+	default:
+		return -EILSEQ;
+	}
+	pkt_type = skb_push(skb, 1);
+	pkt_type[0] = hci_skb_pkt_type(skb);
+	read_lock(&data->lock);
+	skb_queue_tail(&data->txq, skb);
+	read_unlock(&data->lock);
+
+	schedule_work(&data->tx_work);
+	return 0;
+}
+
+static ssize_t bes2600_btuart_send(struct bes2600_btuart_data *data, struct sk_buff *skb)
+{
+	struct hci_dev *hdev = data->hdev;
+	int len;
+
+	len = serdev_device_write_buf(data->serdev, skb->data, skb->len);
+	if (len < 0) {
+		bt_dev_err(data->hdev, "Failed to write buffer to TTY");
+		return -EIO;
+	}
+	serdev_device_wait_until_sent(data->serdev, 0);
+
+	hdev->stat.byte_tx += len;
+
+	skb_pull(skb, len);
+
+	return skb->len;
+}
+
+static void bes2600_btuart_work(struct work_struct *work)
+{
+	struct bes2600_btuart_data *data = container_of(work, struct bes2600_btuart_data, tx_work);
+	struct sk_buff *skb;
+
+	while ((skb = skb_dequeue(&data->txq))) {
+		if (bes2600_btuart_send(data, skb) > 0) {
+			skb_queue_head(&data->txq, skb);
+			break;
+		}
+
+		kfree_skb(skb);
+	}
+}
+
+static void bes2600_btuart_parse_dt(struct serdev_device *serdev)
+{
+	struct bes2600_btuart_data *data = serdev_device_get_drvdata(serdev);
+	struct device_node *node = serdev->dev.of_node;
+	int speed = 1500000;
+
+	of_property_read_u32(node, "current-speed", &speed);
+	data->speed = speed;
+}
+
+static irqreturn_t bes2600_btuart_wakeup_handler(int irq, void *priv)
+{
+	struct bes2600_btuart_data *data = (struct bes2600_btuart_data *)priv;
+
+	dev_info(&data->serdev->dev, "IRQ wake\n");
+
+	return IRQ_HANDLED;
+}
+
+#ifdef CONFIG_PM_SLEEP
+static int bes2600_btuart_suspend(struct device *dev)
+{
+	struct serdev_device *serdev = to_serdev_device(dev);
+	struct bes2600_btuart_data *data = serdev_device_get_drvdata(serdev);
+
+	if (data->opened) {
+		bes2600_btuart_wake(data->hdev, false);
+
+		if (device_may_wakeup(dev) && data->wake_irq)
+			enable_irq_wake(data->wake_irq);
+	}
+
+	return 0;
+}
+
+static int bes2600_btuart_resume(struct device *dev)
+{
+	struct serdev_device *serdev = to_serdev_device(dev);
+	struct bes2600_btuart_data *data = serdev_device_get_drvdata(serdev);
+
+	if (data->opened) {
+		bes2600_btuart_wake(data->hdev, true);
+
+		if (device_may_wakeup(dev) && data->wake_irq)
+			disable_irq_wake(data->wake_irq);
+	}
+
+	return 0;
+}
+#endif
+
+static SIMPLE_DEV_PM_OPS(bes2600_btuart_pm_ops,
+			bes2600_btuart_suspend, bes2600_btuart_resume);
+
+static int bes2600_btuart_probe(struct serdev_device *serdev)
+{
+	struct device *dev = &serdev->dev;
+	struct bes2600_btuart_data *data;
+	struct hci_dev *hdev;
+	int ret;
+
+	data = devm_kzalloc(dev, sizeof(*data), GFP_KERNEL);
+	if (!data)
+		return -ENOMEM;
+
+	skb_queue_head_init(&data->txq);
+
+	data->pinctrl = devm_pinctrl_get(dev);
+	if (IS_ERR(data->pinctrl))
+		return dev_err_probe(dev, PTR_ERR(data->pinctrl), "Cannot get pinctrl\n");
+
+	data->pinctrl_default = pinctrl_lookup_state(data->pinctrl, PINCTRL_STATE_DEFAULT);
+	if (IS_ERR(data->pinctrl_default))
+		return dev_err_probe(dev, PTR_ERR(data->pinctrl_default),
+				"Cannot get default pinctrl state\n");
+
+	data->power = devm_gpiod_get_index(dev, "power", 0, GPIOD_OUT_HIGH);
+	if (IS_ERR(data->power))
+		return dev_err_probe(dev, PTR_ERR(data->power), "Failed to get power gpio\n");
+
+	data->wakeup = devm_gpiod_get_index_optional(dev, "wakeup", 0, GPIOD_OUT_HIGH);
+	if (!data->wakeup)
+		dev_err(dev, "Failed to get wakeup gpio\n");
+
+	data->wake_irq = of_irq_get_byname(dev->of_node, "wakeup");
+	if (data->wake_irq <= 0) {
+		ret = data->wake_irq;
+		dev_err(dev, "Failed to get IRQ number, host will not wake up (ret=%d)\n", ret);
+	}
+
+	if (data->wake_irq > 0) {
+		ret = devm_device_init_wakeup(dev);
+		if (ret)
+			return dev_err_probe(dev, ret, "Failed to initialize device wakeup\n");
+
+		ret = devm_request_threaded_irq(dev, data->wake_irq, NULL,
+						bes2600_btuart_wakeup_handler,
+						IRQF_ONESHOT | IRQF_TRIGGER_HIGH,
+						"bes2600_btwakeup_irq", data);
+		if (ret < 0)
+			return dev_err_probe(dev, ret, "Cannot request IRQ\n");
+
+		ret = devm_pm_set_wake_irq(dev, data->wake_irq);
+		if (ret < 0)
+			return dev_err_probe(dev, ret, "Failed to set wake irq\n");
+	}
+
+	data->err_count = 0;
+
+	hdev = hci_alloc_dev();
+	if (!hdev)
+		return -ENOMEM;
+
+	rwlock_init(&data->lock);
+
+	data->serdev = serdev;
+	data->hdev = hdev;
+
+	serdev_device_set_drvdata(serdev, data);
+	serdev_device_set_client_ops(serdev, &bes2600_btuart_serdev_client_ops);
+
+	bes2600_btuart_parse_dt(serdev);
+
+	INIT_WORK(&data->tx_work, bes2600_btuart_work);
+
+	hdev->bus = HCI_UART;
+	hci_set_drvdata(hdev, data);
+
+	hdev->open = bes2600_btuart_open;
+	hdev->close = bes2600_btuart_close;
+	hdev->flush = bes2600_btuart_flush;
+	hdev->setup = bes2600_btuart_setup;
+	hdev->shutdown = bes2600_btuart_shutdown;
+	hdev->send = bes2600_btuart_send_frame;
+	hdev->manufacturer = 0x02B0;
+
+	SET_HCIDEV_DEV(hdev, &serdev->dev);
+
+	hci_set_quirk(hdev, HCI_QUIRK_BROKEN_STORED_LINK_KEY);
+
+	/* Firmware claims to support HCI_OP_LE_READ_BUFFER_SIZE_V2 but broken */
+	hci_set_quirk(hdev, HCI_QUIRK_BROKEN_BUFFER_SIZE_V2);
+
+	/*
+	 * Once shutdown() is ran, it turns off the Bluetooth regulator and
+	 * would not power back on unless setup() is run again.
+	 */
+	hci_set_quirk(hdev, HCI_QUIRK_NON_PERSISTENT_SETUP);
+
+	ret = hci_register_dev(hdev);
+	if (ret < 0) {
+		hci_free_dev(hdev);
+		return dev_err_probe(dev, ret, "Failed to register HCI device\n");
+	}
+
+	return 0;
+}
+
+static void bes2600_btuart_remove(struct serdev_device *serdev)
+{
+	struct bes2600_btuart_data *data = serdev_device_get_drvdata(serdev);
+	struct hci_dev *hdev = data->hdev;
+
+	cancel_work_sync(&data->tx_work);
+	if (hdev) {
+		hci_unregister_dev(hdev);
+		hci_free_dev(hdev);
+	}
+}
+
+static const struct of_device_id bes2600_btuart_of_match[] = {
+	{ .compatible = "bestechnic,bes2600-btuart", },
+	{},
+};
+MODULE_DEVICE_TABLE(of, bes2600_btuart_of_match);
+
+static struct serdev_device_driver bes2600_btuart_driver = {
+	.probe = bes2600_btuart_probe,
+	.remove = bes2600_btuart_remove,
+	.driver = {
+		.name = "bes2600_btuart",
+		.pm = &bes2600_btuart_pm_ops,
+		.of_match_table = of_match_ptr(bes2600_btuart_of_match),
+	},
+};
+module_serdev_device_driver(bes2600_btuart_driver);
+
+MODULE_AUTHOR("Dang Huynh <dang.huynh@mainlining.org>");
+MODULE_DESCRIPTION("BES2600 BT UART driver");
+MODULE_LICENSE("GPL");

bes2600/bes2600_factory.c

@@ -9,7 +9,6 @@
 #include <linux/module.h>
 #include <linux/sched.h>
 #include <linux/fs.h>
-#include <linux/firmware.h>
 #include <linux/slab.h>
 #include <linux/mutex.h>
 #include <linux/crc32.h>
@@ -28,18 +27,6 @@
 
 static DEFINE_MUTEX(factory_lock);
 
-/*
- * struct device * for request_firmware() context. Set once at SDIO
- * probe via bes2600_factory_set_dev(). NULL is tolerated (falls back
- * to the udev-less firmware-class path) but loses per-device logging.
- */
-static struct device *bes2600_factory_dev;
-
-void bes2600_factory_set_dev(struct device *dev)
-{
-	bes2600_factory_dev = dev;
-}
-
 /*
  * It is only used for temporary storage.
  * Every time get the factory, it will read from the
@@ -147,32 +134,66 @@ static int bes2600_factory_crc_check(struct factory_t *factory_data)
  */
 static int factory_section_read_file(char *path, void *buffer)
 {
-	const struct firmware *fw;
-	int ret;
+	int ret = 0;
+	struct file *fp;
 
 	if (!path || !buffer) {
 		bes_err("%s NULL pointer err\n", __func__);
 		return -1;
 	}
 
-	bes_devel("requesting firmware-class %s\n", path);
+	bes_devel("reading %s \n", path);
 
-	ret = request_firmware(&fw, path, bes2600_factory_dev);
-	if (ret) {
-		bes_devel("BES2600: request_firmware(%s) failed: %d\n", path, ret);
+	fp = filp_open(path, O_RDONLY, 0); //S_IRUSR
+	if (IS_ERR(fp)) {
+		bes_devel("BES2600 : can't open %s\n",path);
 		return -1;
 	}
 
-	if (fw->size == 0 || fw->size > FACTORY_MAX_SIZE) {
-		bes_err("bes2600_factory.txt size check failed, read_size: %zu max_size: %d\n",
-			fw->size, FACTORY_MAX_SIZE);
-		release_firmware(fw);
+	if (fp->f_inode->i_size <= 0 || fp->f_inode->i_size > FACTORY_MAX_SIZE) {
+		bes_err(			"bes2600_factory.txt size check failed, read_size: %lld max_size: %d\n",
+			fp->f_inode->i_size, FACTORY_MAX_SIZE);
+		filp_close(fp, NULL);
 		return -1;
 	}
 
-	memcpy(buffer, fw->data, fw->size);
-	ret = (int)fw->size;
-	release_firmware(fw);
+	ret = kernel_read(fp, buffer, fp->f_inode->i_size, &fp->f_pos);
+
+	filp_close(fp, NULL);
+
+	if (ret != fp->f_inode->i_size) {
+		bes_err("bes2600_factory.txt read fail\n");
+		ret = -1;
+	}
+
+	return ret;
+}
+
+/**
+ * factory_section_write_file - Write data of specified length to file
+ * @path:	path of the file
+ * @buffer:	storage of write data
+ * @size:	length of data to write
+ *
+ * Return: length on success, negative error code otherwise.
+ */
+static int factory_section_write_file(char *path, void *buffer, int size)
+{
+	int ret = 0;
+	struct file *fp;
+
+	bes_devel("writing %s \n", path);
+
+	fp = filp_open(path, O_TRUNC | O_CREAT | O_RDWR, S_IRUSR);
+	if (IS_ERR(fp)) {
+		bes_devel("BES2600 : can't open %s\n",path);
+		return -1;
+	}
+
+	ret = kernel_write(fp, buffer, size, &fp->f_pos);
+
+	filp_close(fp,NULL);
+
 	return ret;
 }
 
@@ -867,22 +888,9 @@ static inline int factory_build(uint8_t *dest_buf, struct factory_t *factory)
 #endif
 }
 
-/*
- * Rebuild the serialised calibration blob in file_buffer from the live
- * in-memory factory_save_p. Previously this function also persisted the
- * blob back to FACTORY_PATH via filp_open(O_CREAT) + kernel_write(); that
- * is not acceptable in mainline, so the persistence step has been removed.
- *
- * The in-memory factory_save_p remains authoritative for the duration of
- * the session; on the next probe the firmware-class file is read back
- * read-only via request_firmware(). If cross-reboot persistence of runtime
- * calibration updates becomes a requirement, the expected route is a
- * userspace-facing dump interface (debugfs read-only blob, or nl80211
- * vendor command) that lets userspace read the serialised form and store
- * it under its own privileges.
- */
 static int bes2600_wifi_cali_table_save(u8 *file_buffer, struct factory_t *factory_save_p)
 {
+	int ret = 0;
 	int w_size;
 	u32 crc_len = sizeof(factory_data_t);
 #ifndef STANDARD_FACTORY_EFUSE_FLAG
@@ -891,11 +899,13 @@ static int bes2600_wifi_cali_table_save(u8 *file_buffer, struct factory_t *facto
 
 	bes_devel("enter %s\n", __func__);
 
-	if (!file_buffer)
+	if (!file_buffer) {
 		return -ENOMEM;
+	}
 
-	if (!factory_save_p)
+	if (!factory_save_p) {
 		return -ENOENT;
+	}
 
 	/* All initialized to space */
 	memset(file_buffer, 32, FACTORY_MAX_SIZE);
@@ -907,10 +917,22 @@ static int bes2600_wifi_cali_table_save(u8 *file_buffer, struct factory_t *facto
 	w_size = factory_build(file_buffer, factory_save_p);
 
 	if (w_size < 0 || w_size > FACTORY_MAX_SIZE) {
-		bes_err("%s: build failed! w_size = %d.", __func__, w_size);
+		bes_err("%s: build failed! ret = %d.", __func__, ret);
 		return -ETXTBSY;
 	}
 
+#ifdef FACTORY_SAVE_MULTI_PATH
+	/* avoid trailing characters '\0' */
+	file_buffer[w_size] = 32;
+	ret = factory_section_write_file(FACTORY_PATH, file_buffer, FACTORY_MAX_SIZE);
+#else
+	ret = factory_section_write_file(FACTORY_PATH, file_buffer, w_size);
+#endif
+	if(ret < 0) {
+		bes_err("%s: write failed! ret = %d.", __func__, ret);
+		return ret;
+	}
+
 	return 0;
 }
 

bes2600/bes2600_factory.h

@@ -196,9 +196,6 @@ enum factory_cali_status {
 /* just calibrate 11n, other protocols are automatically mapped */
 #define WIFI_RF_11N_MODE 0x15
 
-/* set the struct device * used for request_firmware() context */
-void bes2600_factory_set_dev(struct device *dev);
-
 /* read wifi & bt factory cali value*/
 u8* bes2600_get_factory_cali_data(u8 *file_buffer, u32 *data_len, char *path);
 void factory_little_endian_cvrt(u8 *data);

bes2600/bes2600_sdio.c

@@ -33,7 +33,6 @@
 #include "bh.h"
 #include "sbus.h"
 #include "bes2600_plat.h"
-#include "bes2600_factory.h"
 #include "hwio.h"
 #include "bes_chardev.h"
 #include "bes_log.h"
@@ -1938,9 +1937,6 @@ static int bes2600_sdio_probe(struct sdio_func *func,
 	if (ret)
 		goto err;
 
-	/* wire struct device into factory.c for request_firmware() context */
-	bes2600_factory_set_dev(dev);
-
 	self->pdata = bes2600_get_platform_data();
 	self->func = func;
 	self->dev = &func->dev;
@@ -1997,7 +1993,6 @@ static int bes2600_sdio_probe(struct sdio_func *func,
 
 out:
 	bes2600_chrdev_set_sbus_priv_data(self, false);
-	bes2600_switch_bt(true);
 	bes2600_gpio_allow_mcu_sleep(self, GPIO_WAKE_FLAG_SDIO_PROBE);
 	return 0;
 
@@ -2032,8 +2027,8 @@ int bes2600_unregister_net_dev(struct sbus_priv *bus_priv)
 	BUG_ON(!bus_priv);
 	if (bus_priv->core && !bus_priv->unregister_in_process) {
 		bus_priv->unregister_in_process = true;
-		bes2600_core_release(bus_priv->core);
 		bes2600_pwr_unregister_en_lp_cb(bus_priv->core, bes2600_sdio_en_lp_cb);
+		bes2600_core_release(bus_priv->core);
 		bus_priv->core = NULL;
 
 		if (bus_priv->sdio_wq) {

bes2600/bes_chardev.c

@@ -40,6 +40,12 @@ enum bus_probe_state {
 };
 
 struct bes_cdev {
+	struct cdev cdev;
+	dev_t dev_id;
+	int major;
+	int minor;
+	struct class *class;
+	struct device *device;
 	atomic_t num_proc;
 	wait_queue_head_t open_wq;
 	spinlock_t status_lock;
@@ -60,6 +66,9 @@ struct bes_cdev {
 	struct delayed_work probe_timeout_work;
 	enum bus_probe_state bus_probe;
 	struct work_struct wifi_force_close_work;
+#ifdef BES2600_WRITE_DPD_TO_FILE
+	int no_dpd;
+#endif
 	enum pend_read_op read_flag;
 	enum wakeup_event wakeup_by_event;	/* used to filter unwanted event wakeup reason report */
 	u16 wakeup_state; /* for userspace check wakeup reason */
@@ -79,6 +88,9 @@ struct bes2600_op_map {
 
 static struct bes_cdev bes2600_cdev;
 module_param_named(fw_type, bes2600_cdev.fw_type, int, 0644);
+#ifdef BES2600_WRITE_DPD_TO_FILE
+module_param_named(no_dpd, bes2600_cdev.no_dpd, int, 0644);
+#endif
 
 extern int bes2600_register_net_dev(struct sbus_priv *bus_priv);
 extern int bes2600_unregister_net_dev(struct sbus_priv *bus_priv);
@@ -181,7 +193,7 @@ static int bes2600_switch_wifi(bool on)
 	return ret;
 }
 
-int bes2600_switch_bt(bool on)
+static int bes2600_switch_bt(bool on)
 {
 	int ret = 0;
 	long status = 0;
@@ -214,11 +226,11 @@ int bes2600_switch_bt(bool on)
 			/* check if there is a error when bootup */
 			ret = (status <= 0 || bes2600_chrdev_is_bus_error()) ? -1 : 0;
 		} else {
-			bes_info("enable BT\n");
+			bes_devel("bes2600 activate bt.\n");
 			ret = bes2600_chrdev_switch_subsys(GPIO_WAKE_FLAG_BT_ON, SUBSYSTEM_BT, true);
 		}
 	} else {
-		bes_info("disable BT\n");
+		bes_devel("bes2600 deactivate bt.\n");
 		bes2600_chrdev_switch_subsys(GPIO_WAKE_FLAG_BT_OFF, SUBSYSTEM_BT, false);
 	}
 
@@ -234,18 +246,392 @@ int bes2600_switch_bt(bool on)
 	return ret;
 }
 
+/*
+ * This is a global function so we don't have to make many changes to
+ * the driver.
+ *
+ * @wifi: 1 to turn on, 0 to turn off. Otherwise, leave unchanged
+ * @bt: 1 to turn on, 0 to turn off. Otherwise, leave unchanged
+ */
+int bes2600_chrdev_switch_subsys_glb(int wifi, int bt)
+{
+	int ret = 0;
+
+	switch (wifi) {
+	case 0:
+		ret = bes2600_switch_wifi(false);
+		break;
+	case 1:
+		ret = bes2600_switch_wifi(true);
+		break;
+	default:
+		break;
+	}
+
+	if (ret)
+		goto result;
+
+	switch (bt) {
+	case 0:
+		ret = bes2600_switch_bt(false);
+		break;
+	case 1:
+		ret = bes2600_switch_bt(true);
+		break;
+	default:
+		break;
+	}
+
+result:
+	return ret;
+}
+EXPORT_SYMBOL_GPL(bes2600_chrdev_switch_subsys_glb);
+
+static int bes2600_get_cmd_and_ifname(const char *str, char **result)
+{
+	int cmd_len = 0;
+	int ifname_len = 0;
+	char *sp = NULL;
+	char *tmp_ptr = NULL;
+	char *cmd_ptr = NULL;
+
+	/* check if input arguments is valid */
+	if (!str || strncmp(str, "ifname:", 7) != 0)
+		return -1;
+
+	sp = strchr(str, ' ');
+	if (strncmp(sp + 1, "cmd:", 4) != 0)
+		return -1;
+
+	/* extract interface name */
+	ifname_len = sp - str - 7;
+	tmp_ptr = kmalloc(ifname_len + 1, GFP_KERNEL);
+	if (!tmp_ptr) {
+		return -2;
+	}
+
+	strncpy(tmp_ptr, str+7, ifname_len);
+	tmp_ptr[ifname_len] = '\0';
+	result[0] = tmp_ptr;
+
+	/* get command length */
+	cmd_ptr = strstr(str, "cmd:");
+	cmd_ptr += 4;
+	sp = strchr(cmd_ptr, ' ');
+	if (!sp) {	/* the command don't have any parameter */
+		cmd_len = strlen(cmd_ptr);
+		if (cmd_ptr[cmd_len - 1] == '\n')
+			--cmd_len;
+	} else {	/* the command have one or more parameter */
+		cmd_len = sp - cmd_ptr;
+	}
+
+	/* copy command to out buffer */
+	tmp_ptr = kmalloc( cmd_len + 1, GFP_KERNEL);
+	if (!tmp_ptr) {
+		kfree(result[0]);
+		result[0] = NULL;
+		return -3;
+	}
+
+	strncpy(tmp_ptr, cmd_ptr, cmd_len);
+	tmp_ptr[cmd_len] = '\0';
+	result[1] = tmp_ptr;
+
+	return 0;
+}
+
+static void bes2600_recyle_cmd_and_ifname_mem(char **info)
+{
+	if (info[0]) {
+		kfree(info[0]);
+		info[0] = NULL;
+	}
+
+	if (info[1]) {
+		kfree(info[1]);
+		info[1] = NULL;
+	}
+
+}
+
+static int bes2600_op_default_handler(const char *str)
+{
+	char *info[2] = {0};
+
+	if (bes2600_get_cmd_and_ifname(str, info) == 0) {
+		bes_devel("cmd(%s) on %s not handled\n", info[1], info[0]);
+	} else {
+		bes_err("%s get command fail, the origin string is %s\n", __func__, str);
+	}
+
+	bes2600_recyle_cmd_and_ifname_mem(info);
+
+	return 0;
+}
+
+static int bes2600_op_wifi_bt_on_off(const char *str)
+{
+	char *info[2] = {0};
+	int ret = 0;
+	enum wait_state wait_state;
+	enum bus_probe_state probe_state;
+	unsigned long status = 0;
+
+	spin_lock(&bes2600_cdev.status_lock);
+	probe_state = bes2600_cdev.bus_probe;
+	wait_state = bes2600_cdev.wait_state;
+	spin_unlock(&bes2600_cdev.status_lock);
+
+	/* only work for wifi signal mode */
+	if (bes2600_cdev.fw_type != BES2600_FW_TYPE_WIFI_SIGNAL)
+		return -EFAULT;
+
+	/* wait bus probe operation end */
+	if (probe_state == BES2600_BUS_PROBE_START) {
+		bes_devel("wait bus probe operation end\n");
+		status = wait_event_timeout(bes2600_cdev.probe_done_wq,
+					(bes2600_cdev.bus_probe > BES2600_BUS_PROBE_START),
+					HZ);
+		WARN_ON(status <= 0);
+	}
+
+	/* must wait previous operation end in critical section */
+	if (wait_state != BES2600_BOOT_WAIT_NONE) {
+		bes_devel("wait previous operation end\n");
+		status = wait_event_timeout(bes2600_cdev.probe_done_wq,
+					(bes2600_cdev.wait_state == BES2600_BOOT_WAIT_NONE),
+					HZ * 8);
+		WARN_ON(status <= 0);
+	}
+
+	/* if dpd calibration is doing, modify wifi and bt state directly */
+	spin_lock(&bes2600_cdev.status_lock);
+	if (bes2600_cdev.bus_probe == BES2600_BUS_PROBE_OK && !bes2600_cdev.dpd_calied) {
+		if (bes2600_get_cmd_and_ifname(str, info) == 0) {
+			if (strncmp(info[1], "WIFI_ON", 7) == 0) {
+				bes2600_cdev.wifi_opened = true;
+			} else if (strncmp(info[1], "WIFI_OFF", 8) == 0) {
+				bes2600_cdev.wifi_opened = false;
+			} else if (strncmp(info[1], "BT_ON", 5) == 0) {
+				bes2600_cdev.bt_opened = true;
+				bes2600_cdev.bton_pending = true;
+			} else if (strncmp(info[1], "BT_OFF", 6) == 0) {
+				bes2600_cdev.bt_opened = false;
+				bes2600_cdev.bton_pending = false;
+			}
+		}
+		bes2600_recyle_cmd_and_ifname_mem(info);
+		spin_unlock(&bes2600_cdev.status_lock);
+
+		/* wait probe done event */
+		status = wait_event_timeout(bes2600_cdev.probe_done_wq,
+				bes2600_bootup_end(), HZ * 8);
+		WARN_ON(status <= 0);
+
+		return (status <= 0 || bes2600_chrdev_is_bus_error()) ? -EFAULT : 0;
+	}
+	spin_unlock(&bes2600_cdev.status_lock);
+
+	/* process wifi/bt on/off operation */
+	if (bes2600_get_cmd_and_ifname(str, info) == 0) {
+		if (strncmp(info[1], "WIFI_ON", 7) == 0) {
+			ret = bes2600_switch_wifi(1);
+		} else if (strncmp(info[1], "WIFI_OFF", 8) == 0) {
+			ret = bes2600_switch_wifi(0);
+		} else if (strncmp(info[1], "BT_ON", 5) == 0) {
+			ret = bes2600_switch_bt(1);
+		} else if (strncmp(info[1], "BT_OFF", 6) == 0) {
+			ret = bes2600_switch_bt(0);
+		}
+	}
+
+	if (!ret && bes2600_chrdev_check_system_close())
+		ret = bes2600_chrdev_do_system_close(bes2600_cdev.sbus_ops,
+						bes2600_cdev.sbus_priv);
+
+	bes2600_recyle_cmd_and_ifname_mem(info);
+
+	return ret ;
+}
 
 
+static int bes2600_op_change_fw_type(const char *str)
+{
+	int ret = 0;
+	int temp = 0;
+	long status = 0;
+	char *cmd_ptr = NULL;
+	char fw_type[5] = {0};
+	bool sys_closed = bes2600_chrdev_check_system_close();
+
+	bes_devel("%s is called, arg:%s\n", __func__, str);
+
+	if (!bes2600_cdev.sbus_ops->power_switch && !bes2600_cdev.sbus_ops->reboot)
+		return -EPERM;
+
+	/* check if user input is valid */
+	cmd_ptr = strstr(str, "CHANGE_FW_TYPE ");
+	if (strlen(str) < 16 || !cmd_ptr) {
+		bes_err("the format of \"%s\" is error\n", str);
+		return -EINVAL;
+	}
+
+	/* convert fw_type from string to int */
+	strncpy(fw_type, cmd_ptr + 14, 4);
+	fw_type[0] = '+';
+	ret = kstrtoint(fw_type, 10, &temp);
+	if (ret < 0) {
+		bes_err("%s parse error\n", __func__);
+		return -EINVAL;
+	}
+
+	/* no need to realod firmware if new fw_type is equal to the old */
+	if (temp == bes2600_cdev.fw_type ) {
+		bes_devel("fw type is equal\n");
+		return 0;
+	}
+
+	/* close wifi net device */
+	if (bes2600_cdev.sbus_priv
+	    && bes2600_is_net_dev_created(bes2600_cdev.sbus_priv)) {
+		bes2600_unregister_net_dev(bes2600_cdev.sbus_priv);
+	}
+
+	/* update firmware type */
+	bes2600_cdev.fw_type = temp;
+	bes2600_chrdev_update_signal_mode();
+
+	if (!sys_closed) {
+		/* close device to call disconnect function */
+		if (bes2600_cdev.sbus_ops->power_switch)
+			bes2600_cdev.sbus_ops->power_switch(bes2600_cdev.sbus_priv, 0);
+		else if (bes2600_cdev.sbus_ops->reboot)
+			bes2600_cdev.sbus_ops->reboot(bes2600_cdev.sbus_priv);
+	}
+
+	if (bes2600_cdev.sbus_ops->reboot)
+		bes2600_chrdev_start_bus_probe();
+
+	/* wait disconnect event */
+	status = wait_event_timeout(bes2600_cdev.probe_done_wq, (bes2600_cdev.sbus_priv == NULL), HZ * 10);
+	WARN_ON(status <= 0);
+
+	if (bes2600_cdev.dpd_calied
+	   && bes2600_chrdev_check_system_close()) {
+		bes_devel("no need to reload firmware\n");
+		return 0;
+	}
+
+	bes_devel("reload firmware...\n");
+	/* power on device to call probe function */
+	if (bes2600_cdev.sbus_ops->power_switch)
+		bes2600_cdev.sbus_ops->power_switch(NULL, 1);
+
+	/* wait probe done event */
+	status = wait_event_timeout(bes2600_cdev.probe_done_wq,
+			bes2600_bootup_end(), HZ * 10);
+	WARN_ON(status <= 0);
+
+	ret = (status <= 0 || bes2600_chrdev_is_bus_error()) ? -1 : 0;
 
 
+	return ret;
+}
 
+static int bes2600_op_bt_wakeup(const char *str)
+{
+	int ret = 0;
+	unsigned long status = 0;
 
+	spin_lock(&bes2600_cdev.status_lock);
+	if (!bes2600_cdev.bt_opened) {
+		spin_unlock(&bes2600_cdev.status_lock);
+		return -EFAULT;
+	}
+	spin_unlock(&bes2600_cdev.status_lock);
 
+	/* wait probe done event */
+	status = wait_event_timeout(bes2600_cdev.probe_done_wq,
+			bes2600_bootup_end(), HZ * 8);
+	if (status <= 0 || bes2600_chrdev_is_bus_error())
+		return -EFAULT;
 
+	bes_devel("bes2600 wakeup bt.\n");
+	ret = bes2600_chrdev_switch_subsys(GPIO_WAKE_FLAG_BT_LP_ON, SUBSYSTEM_BT_LP, true);
+
+	return ret;
+}
+
+static int bes2600_op_bt_sleep(const char *str)
+{
+	int ret = 0;
+	unsigned long status = 0;
+
+	spin_lock(&bes2600_cdev.status_lock);
+	if (!bes2600_cdev.bt_opened) {
+		spin_unlock(&bes2600_cdev.status_lock);
+		return -EFAULT;
+	}
+	spin_unlock(&bes2600_cdev.status_lock);
+
+	/* wait probe done event */
+	status = wait_event_timeout(bes2600_cdev.probe_done_wq,
+			bes2600_bootup_end(), HZ * 8);
+	if (status <= 0 || bes2600_chrdev_is_bus_error())
+		return -EFAULT;
+
+	bes_devel("bes2600 allow bt sleep.\n");
+	ret = bes2600_chrdev_switch_subsys(GPIO_WAKE_FLAG_BT_LP_OFF, SUBSYSTEM_BT_LP, false);
+
+	return ret;
+}
+
+static int bes2600_op_set_wakeup_read_flag(const char *str)
+{
+	bes_devel("%s is called, arg:%s\n", __func__, str);
+	spin_lock(&bes2600_cdev.status_lock);
+	bes2600_cdev.read_flag = BES_CDEV_READ_WAKEUP_STATE;
+	spin_unlock(&bes2600_cdev.status_lock);
+
+	return 0;
+}
 
 #ifdef FW_DOWNLOAD_UART_DAEMON
+int bes2600_load_uevent(char *env[])
+{
+	return kobject_uevent_env(&bes2600_cdev.device->kobj, KOBJ_CHANGE, env);
+}
 #endif
 
+static struct bes2600_op_map bes2600_op_map_tab[] ={
+	/*op			op_len	handler				*/
+	{"P2P_SET_NOA", 	11,	bes2600_op_default_handler},
+	{"P2P_SET_PS", 		10,	bes2600_op_default_handler},
+	{"SET_AP_WPS_P2P_IE",	17, 	bes2600_op_default_handler},
+	{"LINKSPEED", 		9,	bes2600_op_default_handler},
+	{"RSSI",		4,	bes2600_op_default_handler},
+	{"GETBAND", 		7,	bes2600_op_default_handler},
+	{"WLS_BATCHING", 	12,	bes2600_op_default_handler},
+	{"MACADDR",		7,	bes2600_op_default_handler},
+	{"RXFILTER-START",	14,	bes2600_op_default_handler},
+	{"RXFILTER-STOP",	13,	bes2600_op_default_handler},
+	{"RXFILTER-ADD",	12,	bes2600_op_default_handler},
+	{"RXFILTER-REMOVE",	15,	bes2600_op_default_handler},
+	{"BTCOEXMODE",		10,	bes2600_op_default_handler},
+	{"BTCOEXSCAN-START",	16,	bes2600_op_default_handler},
+	{"BTCOEXSCAN-STOP",	15,	bes2600_op_default_handler},
+	{"SETSUSPENDMODE",	14,	bes2600_op_default_handler},
+	{"COUNTRY",		7,	bes2600_op_default_handler},
+	{"WIFI_ON", 		7,	bes2600_op_wifi_bt_on_off},
+	{"WIFI_OFF", 		8,	bes2600_op_wifi_bt_on_off},
+	{"BT_ON", 		5,	bes2600_op_wifi_bt_on_off},
+	{"BT_OFF", 		6,	bes2600_op_wifi_bt_on_off},
+	{"CHANGE_FW_TYPE",	14,	bes2600_op_change_fw_type},
+	{"BT_WAKEUP",		9,	bes2600_op_bt_wakeup},
+	{"BT_SLEEP",		8,	bes2600_op_bt_sleep},
+	{"WAKEUP_STATE",	12,	bes2600_op_set_wakeup_read_flag},
+};
 
 static int bes2600_chrdev_check_system_close_internal(void)
 {
@@ -255,13 +641,255 @@ static int bes2600_chrdev_check_system_close_internal(void)
 		&& (bes2600_cdev.wifi_opened == false);
 }
 
+static int bes2600_chrdev_open(struct inode *inode, struct file *filp)
+{
+	if (atomic_read(&bes2600_cdev.num_proc) > 0) {
+		wait_event_timeout(bes2600_cdev.open_wq,
+			(atomic_read(&bes2600_cdev.num_proc) == 0),
+			MAX_SCHEDULE_TIMEOUT);
+	}
 
+	bes_devel("bes2600 char device is opened\n");
+	atomic_inc(&bes2600_cdev.num_proc);
 
+        return 0;
+}
 
+static ssize_t bes2600_chrdev_read(struct file *file, char __user *user_buf,
+			     size_t count, loff_t *ppos)
+{
+	char buf[64] = {0};
+	unsigned int len;
+	long status = 0;
 
+	switch (bes2600_cdev.read_flag) {
+	case BES_CDEV_READ_WAKEUP_STATE:
+		if (bes2600_chrdev_wakeup_by_event_get() > WAKEUP_EVENT_NONE) {
+			status = wait_event_timeout(bes2600_cdev.wakeup_reason_wq,
+				bes2600_chrdev_wakeup_by_event_get() ==  WAKEUP_EVENT_NONE, HZ * 2);
+			WARN_ON(status <= 0);
+		}
+		len = sprintf(buf, "wakeup_reason: %u, src_port: %u\n",
+		              bes2600_cdev.wakeup_state, bes2600_cdev.src_port);
+		break;
+	default:
+		len = sprintf(buf, "dpd_calied:%d wifi_opened:%d bt_opened:%d fw_type:%d\n",
+				bes2600_cdev.dpd_calied,
+				bes2600_cdev.wifi_opened,
+				bes2600_cdev.bt_opened,
+				bes2600_cdev.fw_type);
+		break;
+	}
+
+	len = sizeof(buf);
+	/* reset read flag */
+	spin_lock(&bes2600_cdev.status_lock);
+	bes2600_cdev.read_flag = BES_CDEV_READ_NUM_MAX;
+	spin_unlock(&bes2600_cdev.status_lock);
+
+	return simple_read_from_buffer(user_buf, count, ppos, buf, len);
+}
+
+static ssize_t bes2600_chrdev_write(struct file *file,
+		 const char __user *user_buf, size_t count, loff_t *ppos)
+{
+	int i = 0;
+	int cmd_num = ARRAY_SIZE(bes2600_op_map_tab);
+	int cmd_len = 0;
+	int ret = 0;
+	char *info[2] = {0};
+	char *buf = NULL;
+
+	/* copy content from user space to kernel */
+	/* message format:"ifname:wlanx cmd:xxx arg1 arg2 ..." */
+	buf = kmalloc(count + 1, GFP_KERNEL);
+	if (copy_from_user(buf, user_buf, count))
+		return -EFAULT;
+
+	/* add terminal character */
+	buf[count] = '\0';
+
+	/* extract comand and interface */
+	if (bes2600_get_cmd_and_ifname(buf, info) != 0) {
+		bes_err("%s get command fail, the origin string is %s\n", __func__, buf);
+		kfree(buf);
+		return -EINVAL;
+	}
+
+	/* match operation item and execure its handler */
+	cmd_len = strlen(info[1]);
+	for (i = 0; i < cmd_num; i++) {
+		if (cmd_len < bes2600_op_map_tab[i].op_len)
+			continue;
+
+		if (strncasecmp(info[1], bes2600_op_map_tab[i].op, bes2600_op_map_tab[i].op_len) == 0) {
+			ret = bes2600_op_map_tab[i].handler(buf);
+			break;
+		}
+	}
+
+	/* operation item mismatch */
+	if (i == cmd_num) {
+		bes_err("cmd(%s) mismatch\n", info[1]);
+	}
+
+	bes2600_recyle_cmd_and_ifname_mem(info);
+	kfree(buf);
+
+	return (ret == 0) ? count : ret;
+}
+
+static int bes2600_chrdev_release (struct inode *inode, struct file *file)
+{
+	if (atomic_dec_and_test(&bes2600_cdev.num_proc)) {
+		wake_up(&bes2600_cdev.open_wq);
+	}
+
+	bes_devel("bes2600 char device is closed\n");
+
+	return 0;
+}
+
+static struct file_operations bes2600_chardev_fops =
+{
+	.owner = THIS_MODULE,
+	.open = bes2600_chrdev_open,
+	.read = bes2600_chrdev_read,
+	.write = bes2600_chrdev_write,
+	.release = bes2600_chrdev_release,
+};
+
+#ifdef BES2600_WRITE_DPD_TO_FILE
+static int bes2600_chrdev_write_dpd_data_to_file(const char *path, void *buffer, int size)
+{
+	int ret = 0;
+	struct file *fp;
+
+	if (buffer == NULL || size == 0)
+		return 0;
+
+	fp = filp_open(path, O_TRUNC | O_CREAT | O_RDWR, S_IRUSR);
+	if (IS_ERR(fp)) {
+		bes_err("BES2600 : can't open %s\n",path);
+		return -1;
+	}
+
+	ret = kernel_write(fp, buffer, size, &fp->f_pos);
+	if (ret < 0)
+		bes_err("write dpd to file failed\n");
+
+	filp_close(fp,NULL);
+
+	bes_devel("write dpd to %s\n", path);
+
+	return ret;
+}
+
+static bool bes2600_chrdev_dpd_is_vaild(u8 *dpd_data)
+{
+	u32 cal_crc = 0;
+	u32 dpd_crc = le32_to_cpup((__le32 *)(dpd_data));
+	u32 dpd_ver = le32_to_cpup((__le32 *)(dpd_data + DPD_VERSION_OFFSET));
+
+	/* check version */
+	if (dpd_ver < DPD_CUR_VERSION)
+		return false;
+
+	cal_crc ^= 0xffffffffL;
+	cal_crc = crc32_le(cal_crc, dpd_data + 4, DPD_BIN_SIZE - 4);
+	cal_crc ^= 0xffffffffL;
+
+	/* check if the dpd data is valid */
+	if (cal_crc != dpd_crc) {
+		bes_err(
+			"bes2600 dpd data from file check failed, calc_crc:0x%08x dpd_crc: 0x%08x\n",
+			cal_crc, dpd_crc);
+		return false;
+	}
+
+	return true;
+}
+
+static int bes2600_chrdev_read_and_check_dpd_data(const char *file, u8 **data, u32 *len)
+{
+	int ret = 0;
+	u8* read_data = NULL;
+	struct file *fp;
+
+	/* open file */
+	fp = filp_open(file, O_RDONLY, 0);//S_IRUSR
+	if (IS_ERR(fp)) {
+		bes_devel("BES2600 : can't open %s\n",file);
+		return -1;
+	}
+
+#ifdef BES2600_WRITE_DPD_TO_FILE
+	if (fp->f_inode->i_size != DPD_BIN_FILE_SIZE) {
+		bes_err(
+			"bes2600 dpd data file size check failed, read_size: %lld file_size: %d\n",
+			fp->f_inode->i_size, DPD_BIN_FILE_SIZE);
+		filp_close(fp, NULL);
+		return -1;
+	}
+#endif
+
+	/* allocate memory for storing reading data */
+	read_data = kmalloc(fp->f_inode->i_size, GFP_KERNEL);
+	if (read_data == NULL) {
+		bes_devel("%s alloc mem fail\n", __func__);
+		goto err1;
+	}
+
+	/* read data  from file */
+	ret = kernel_read(fp, read_data, fp->f_inode->i_size, &fp->f_pos);
+	if (ret < DPD_BIN_SIZE) {
+		bes_err("%s read fail, ret=%d\n", __func__, ret);
+		goto err2;
+	}
+
+	/* check dpd version and crc */
+	if (!bes2600_chrdev_dpd_is_vaild(read_data))
+		goto err2;
+
+	/* close file */
+	filp_close(fp, NULL);
+
+	/* copy data to external */
+	*data = read_data;
+	*len = DPD_BIN_SIZE;;
+
+	/* output debug information */
+	bes_devel("read dpd data from %s\n", file);
+
+	return 0;
+
+err2:
+	kfree(read_data);
+err1:
+	filp_close(fp, NULL);
+	*data = NULL;
+	*len = 0;
+	return -1;
+}
+#endif
 
 const u8* bes2600_chrdev_get_dpd_data(u32 *len)
 {
+#ifdef BES2600_WRITE_DPD_TO_FILE
+	if (!bes2600_cdev.dpd_calied && bes2600_cdev.no_dpd) {
+		/* read dpd data from file that stores factory dpd calibration data */
+		if ((bes2600_chrdev_read_and_check_dpd_data(BES2600_DPD_GOLDEN_PATH,
+		   	&bes2600_cdev.dpd_data, &bes2600_cdev.dpd_len) < 0) &&
+		   (bes2600_chrdev_read_and_check_dpd_data(BES2600_DEFAULT_DPD_PATH,
+			&bes2600_cdev.dpd_data, &bes2600_cdev.dpd_len) < 0)) {
+			bes_err("%s read dpd data fail\n", __func__);
+			return NULL;
+		} else {
+			bes2600_cdev.dpd_calied = true;
+		}
+	}
+#endif
+
 	if (!bes2600_cdev.dpd_calied)
 		return NULL;
 	if (len)
@@ -322,6 +950,14 @@ int bes2600_chrdev_update_dpd_data(void)
 	}
 	spin_unlock(&bes2600_cdev.status_lock);
 
+#ifdef BES2600_WRITE_DPD_TO_FILE
+	/* write dpd data to file */
+	memset(bes2600_cdev.dpd_data + DPD_BIN_SIZE, 0, DPD_BIN_FILE_SIZE - DPD_BIN_SIZE);
+	bes2600_chrdev_write_dpd_data_to_file(BES2600_DPD_PATH,
+		bes2600_cdev.dpd_data, DPD_BIN_FILE_SIZE);
+#endif
+
+
 	return 0;
 }
 
@@ -480,6 +1116,7 @@ int bes2600_chrdev_do_bus_reset(const struct sbus_ops *sbus_ops, struct sbus_pri
 
 	return 0;
 }
+EXPORT_SYMBOL_GPL(bes2600_chrdev_do_bus_reset);
 
 /*
  * Trigger bes2600_chrdev_do_bus_reset() against the file-global
@@ -492,6 +1129,7 @@ int bes2600_chrdev_trigger_bus_reset(void)
 	return bes2600_chrdev_do_bus_reset(bes2600_cdev.sbus_ops,
 					   bes2600_cdev.sbus_priv);
 }
+EXPORT_SYMBOL_GPL(bes2600_chrdev_trigger_bus_reset);
 
 bool bes2600_chrdev_is_wifi_opened(void)
 {
@@ -541,6 +1179,7 @@ void bes2600_chrdev_wakeup_bt(void)
 			bes_err("Wakeup BT fail in resume\n");
 	}
 }
+EXPORT_SYMBOL_GPL(bes2600_chrdev_wakeup_bt);
 
 int bes2600_chrdev_get_fw_type(void)
 {
@@ -562,6 +1201,7 @@ bool bes2600_chrdev_is_bus_error(void)
 
 	return error;
 }
+EXPORT_SYMBOL_GPL(bes2600_chrdev_is_bus_error);
 
 void bes2600_chrdev_update_signal_mode(void)
 {
@@ -580,6 +1220,12 @@ void bes2600_chrdev_update_signal_mode(void)
 
 static void bes2600_chrdev_wifi_force_close_work(struct work_struct *work)
 {
+	char wifi_state[15];
+	char bt_state[15];
+	char fw_type[15];
+	char *env[] = { wifi_state, bt_state, fw_type, NULL };
+	int ret;
+
 	if (bes2600_chrdev_is_wifi_opened()) {
 		bes_devel("system exeception, force wifi down\n");
 
@@ -609,6 +1255,14 @@ static void bes2600_chrdev_wifi_force_close_work(struct work_struct *work)
 			bes2600_chrdev_do_system_close(bes2600_cdev.sbus_ops,
 						bes2600_cdev.sbus_priv);
 		}
+
+		/* notify userspace */
+		snprintf(wifi_state, sizeof(wifi_state), "WIFI_OPENED=%d", bes2600_cdev.wifi_opened);
+		snprintf(bt_state, sizeof(bt_state), "BT_OPENED=%d", bes2600_cdev.bt_opened);
+		snprintf(fw_type, sizeof(fw_type), "FW_TYPE=%d", bes2600_cdev.fw_type);
+		ret = kobject_uevent_env(&bes2600_cdev.device->kobj, KOBJ_CHANGE, env);
+		if (!ret)
+			bes_err("bes2600 notify userspace failed\n");
 	}
 }
 
@@ -702,6 +1356,46 @@ int bes2600_chrdev_wakeup_by_event_get(void)
 
 int bes2600_chrdev_init(struct sbus_ops *ops)
 {
+	int ret = 0;
+
+	/* allocate devide id */
+	ret = alloc_chrdev_region(&bes2600_cdev.dev_id, 0, 1, "bes2600_chrdev");
+	if (ret < 0){
+		bes_err("bes2600 alloc device id fail\n");
+		ret =  -EFAULT;
+		goto fail;
+	}
+
+	/* extract major and minor device id */
+	bes2600_cdev.major = MAJOR(bes2600_cdev.dev_id);
+	bes2600_cdev.minor = MINOR(bes2600_cdev.dev_id);
+
+	/* add char device and bind operation function */
+	bes2600_cdev.cdev.owner = THIS_MODULE;
+	cdev_init(&bes2600_cdev.cdev, &bes2600_chardev_fops);
+	ret = cdev_add(&bes2600_cdev.cdev, bes2600_cdev.dev_id, 1);
+	if (ret < 0){
+		bes_err("bes2600 char device add fail\n");
+		ret =  -EFAULT;
+		goto fail1;
+	}
+
+	/* create class for creating device node */
+	bes2600_cdev.class = class_create("bes2600_chrdev");
+	if (IS_ERR(bes2600_cdev.class)){
+		bes_err("bes2600 char device add fail\n");
+		ret = -EFAULT;
+		goto fail2;
+	}
+
+	/* get char device pointer */
+	bes2600_cdev.device = device_create(bes2600_cdev.class, NULL, bes2600_cdev.dev_id, NULL, "bes2600");
+	if (IS_ERR(bes2600_cdev.device)){
+		bes_err("bes2600 char device create fail\n");
+		ret =  -EFAULT;
+		goto fail3;
+	}
+
 	/* initialise global variable */
 	atomic_set(&bes2600_cdev.num_proc, 0);
 	init_waitqueue_head(&bes2600_cdev.open_wq);
@@ -733,6 +1427,15 @@ int bes2600_chrdev_init(struct sbus_ops *ops)
 	bes_devel("%s done\n", __func__);
 
 	return 0;
+
+fail3:
+	class_destroy(bes2600_cdev.class);
+fail2:
+	cdev_del(&bes2600_cdev.cdev);
+fail1:
+	unregister_chrdev_region(bes2600_cdev.dev_id, 1);
+fail:
+	return ret;
 }
 
 void bes2600_chrdev_free(void)
@@ -742,5 +1445,9 @@ void bes2600_chrdev_free(void)
 	bes2600_free_dpd_log_buffer();
 #endif
 	bes2600_chrdev_free_dpd_data();
+	cdev_del(&bes2600_cdev.cdev);
+	unregister_chrdev_region(bes2600_cdev.dev_id, 1);
+	device_destroy(bes2600_cdev.class, bes2600_cdev.dev_id);
+	class_destroy(bes2600_cdev.class);
 	bes_devel("%s done\n", __func__);
 }

bes2600/bes_chardev.h

@@ -62,6 +62,7 @@ int bes2600_chrdev_trigger_bus_reset(void);
 void bes2600_chrdev_wakeup_bt(void);
 void bes2600_chrdev_wifi_force_close(struct bes2600_common *hw_priv, bool halt_dev);
 void bes2600_chrdev_usb_remove(struct bes2600_common *hw_priv);
+int bes2600_chrdev_switch_subsys_glb(int wifi, int bt);
 
 /* get and set internal state */
 bool bes2600_chrdev_is_wifi_opened(void);
@@ -90,6 +91,4 @@ u8* bes2600_alloc_dpd_log_buffer(u16 len);
 void bes2600_get_dpd_log(char **data, size_t *len);
 #endif
 
-int bes2600_switch_bt(bool);
-
 #endif /* __BES_CHARDEV_H__ */

bes2600/bes_fw.c

@@ -122,6 +122,8 @@ int bes_host_slave_sync(struct bes2600_common *hw_priv)
 }
 */
 
+//#define DATA_DUMP_OBSERVE
+
 static int bes_firmware_download_write_reg(struct platform_fw_t *fw_data, u32 addr, u32 val)
 {
 	u8 frame_num = 0;
@@ -463,6 +465,14 @@ static int bes_firmware_download(struct platform_fw_t *fw_data, const char *fw_n
 
 const struct firmware *fw_bin;
 
+#ifdef DATA_DUMP_OBSERVE
+	char *observe;
+	size_t observe_len;
+	loff_t observe_off = 0;
+	mm_segment_t old_fs;
+	struct file *observe_file = NULL;
+#endif
+
 	struct fw_msg_hdr_t header;
 	struct fw_info_t fw_info;
 	struct download_fw_t download_addr;
@@ -570,6 +580,14 @@ retry:
 	}
 	download_addr.addr = fw_info.addr;
 
+#ifdef DATA_DUMP_OBSERVE
+	observe_file = filp_open("/lib/firmware/bes2002_fw_write.bin", O_CREAT | O_RDWR, 0);
+	if (IS_ERR(observe_file)) {
+		bes_err("create data_dump file err:%ld\n", IS_ERR(observe_file));
+		observe_file = NULL;
+	}
+#endif
+
 	while (code_length) {
 
 #if 1
@@ -619,6 +637,17 @@ retry:
 		//mdelay(5000);
 		bes_devel("tx_download_firmware_data:%x %d\n", download_addr.addr, length);
 
+#ifdef DATA_DUMP_OBSERVE
+		if (observe_file) {
+			observe = (char *)(long_buf + sizeof(struct fw_msg_hdr_t) + sizeof(struct download_fw_t));
+			observe_len = length - sizeof(struct fw_msg_hdr_t) - sizeof(struct download_fw_t);
+			old_fs = get_fs();
+			set_fs(KERNEL_DS);
+			vfs_write(observe_file, observe, observe_len, &observe_off);
+			set_fs(old_fs);
+		}
+#endif
+
 		ret = bes2600_data_write(long_buf, length > 512 ? length : 512);
 		if (ret) {
 			bes_err("tx download fw data err:%d\n", ret);
@@ -800,6 +829,11 @@ retry:
 
 err2:
 	kfree(long_buf);
+#ifdef DATA_DUMP_OBSERVE
+	if (observe_file) {
+		filp_close(observe_file, NULL);
+	}
+#endif
 err1:
 	kfree(short_buf);
 	release_firmware(fw_bin);

bes2600/bes_log.h

@@ -15,26 +15,3 @@ extern struct device *global_dev;
 #define bes_info(fmt, ...) dev_info(global_dev, fmt, ##__VA_ARGS__)
 #define bes_warn(fmt, ...) dev_warn(global_dev, fmt, ##__VA_ARGS__)
 #define bes_err(fmt, ...) dev_err(global_dev, fmt, ##__VA_ARGS__)
-
-/*
- * Legacy debug-subsystem-tagged log macros. The per-subsystem filtering
- * was never implemented in-tree; these shims let code paths gated by
- * CONFIG_BES2600_TESTMODE / CONFIG_BES2600_ITP / BES2600_DETECTION_LOGIC
- * build when their conditions are enabled. The first argument is
- * currently unused; pick one of the BES2600_DBG_* constants below for
- * documentation.
- */
-#define BES2600_DBG_SBUS       0
-#define BES2600_DBG_DOWNLOAD   0
-#define BES2600_DBG_ITP        0
-#define BES2600_DBG_TEST_MODE  0
-
-#define bes2600_info(_dbg, fmt, ...) bes_info(fmt, ##__VA_ARGS__)
-#define bes2600_err(_dbg, fmt, ...) bes_err(fmt, ##__VA_ARGS__)
-#define bes2600_warn(_dbg, fmt, ...) bes_warn(fmt, ##__VA_ARGS__)
-#define bes2600_dbg(_dbg, fmt, ...) bes_devel(fmt, ##__VA_ARGS__)
-#define bes2600_err_with_cond(_cond, _dbg, fmt, ...)		\
-	do {							\
-		if (_cond)					\
-			bes_err(fmt, ##__VA_ARGS__);		\
-	} while (0)

bes2600/bes_pwr.c

@@ -586,8 +586,6 @@ static int bes2600_pwr_enter_lp_mode(struct bes2600_common *hw_priv)
 				if (ret) {
 					atomic_set(&hw_priv->bes_power.pm_set_in_process, 0);
 					bes_err("%s, set operation mode fail\n", __func__);
-					timeouts++;
-					continue;
 				}
 
 				/* wait power save mode changed indication */

bes2600/bh.c

@@ -22,6 +22,7 @@
 #include "debug.h"
 #include "epta_coex.h"
 #include "bes_chardev.h"
+#include "txrx_opt.h"
 #include "sta.h"
 #include "bes_log.h"
 
@@ -834,6 +835,8 @@ int bes2600_bh_sw_process(struct bes2600_common *hw_priv,
 		delta_time = jiffies + ((unsigned long)0xffffffff - timestamp);
 	else
 		delta_time =  jiffies - timestamp;
+	bes2600_add_tx_delta_time(delta_time);
+	bes2600_add_tx_ac_delta_time(queue_id, delta_time);
 
 	if (bes2600_need_retry_type(skb, tx_confirm->status) == 0)
 		return -1;
@@ -842,8 +845,12 @@ int bes2600_bh_sw_process(struct bes2600_common *hw_priv,
 		return -1;
 
 	if (txpriv->retry_count < CW1200_MAX_SW_RETRY_CNT ) {
+		struct bes2600_vif *priv =
+		__cw12xx_hwpriv_to_vifpriv(hw_priv, txpriv->if_id);
 		txpriv->retry_count++;
 
+		bes2600_tx_status(priv,skb);
+
 		bes2600_pwr_set_busy_event_with_timeout_async(
 			hw_priv, BES_PWR_LOCK_ON_TX, BES_PWR_EVENT_TX_TIMEOUT);
 
@@ -879,14 +886,14 @@ void bes2600_bh_dec_pending_count(struct bes2600_common *hw_priv, int idx)
 	}
 
 	if (--hw_priv->wsm_tx_pending[idx] == 0)
-		del_timer_sync(timer);
+		timer_delete_sync(timer);
 	else
 		mod_timer(timer, jiffies + 3 * HZ);
 }
 
 void bes2600_bh_mcu_active_monitor(struct timer_list* t)
 {
-	struct bes2600_common *hw_priv = from_timer(hw_priv, t, mcu_mon_timer);
+	struct bes2600_common *hw_priv = timer_container_of(hw_priv, t, mcu_mon_timer);
 
 	bes_err("link break between mcu and host, hw_buf_used:%d pending:%d\n", 
 				hw_priv->hw_bufs_used, hw_priv->wsm_tx_pending[1]);
@@ -895,7 +902,7 @@ void bes2600_bh_mcu_active_monitor(struct timer_list* t)
 
 void bes2600_bh_lmac_active_monitor(struct timer_list* t)
 {
-	struct bes2600_common *hw_priv = from_timer(hw_priv, t, lmac_mon_timer);
+	struct bes2600_common *hw_priv = timer_container_of(hw_priv, t, lmac_mon_timer);
 
 	bes_err("link break between lmac and host, hw_buf_used:%d pending:%d\n", 
 				hw_priv->hw_bufs_used, hw_priv->wsm_tx_pending[0]);

bes2600/h4_recv.h

@@ -0,0 +1,154 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ *  Copy of drivers/bluetooth/h4_recv.h
+ *
+ *  Generic Bluetooth HCI UART driver
+ *
+ *  Copyright (C) 2015-2018  Intel Corporation
+ */
+
+#include <linux/unaligned.h>
+
+struct h4_recv_pkt {
+	u8  type;	/* Packet type */
+	u8  hlen;	/* Header length */
+	u8  loff;	/* Data length offset in header */
+	u8  lsize;	/* Data length field size */
+	u16 maxlen;	/* Max overall packet length */
+	int (*recv)(struct hci_dev *hdev, struct sk_buff *skb);
+};
+
+#define H4_RECV_ACL \
+	.type = HCI_ACLDATA_PKT, \
+	.hlen = HCI_ACL_HDR_SIZE, \
+	.loff = 2, \
+	.lsize = 2, \
+	.maxlen = HCI_MAX_FRAME_SIZE \
+
+#define H4_RECV_SCO \
+	.type = HCI_SCODATA_PKT, \
+	.hlen = HCI_SCO_HDR_SIZE, \
+	.loff = 2, \
+	.lsize = 1, \
+	.maxlen = HCI_MAX_SCO_SIZE
+
+#define H4_RECV_EVENT \
+	.type = HCI_EVENT_PKT, \
+	.hlen = HCI_EVENT_HDR_SIZE, \
+	.loff = 1, \
+	.lsize = 1, \
+	.maxlen = HCI_MAX_EVENT_SIZE
+
+#define H4_RECV_ISO \
+	.type = HCI_ISODATA_PKT, \
+	.hlen = HCI_ISO_HDR_SIZE, \
+	.loff = 2, \
+	.lsize = 2, \
+	.maxlen = HCI_MAX_FRAME_SIZE
+
+static inline struct sk_buff *h4_recv_buf(struct hci_dev *hdev,
+					  struct sk_buff *skb,
+					  const unsigned char *buffer,
+					  int count,
+					  const struct h4_recv_pkt *pkts,
+					  int pkts_count)
+{
+	/* Check for error from previous call */
+	if (IS_ERR(skb))
+		skb = NULL;
+
+	while (count) {
+		int i, len;
+
+		if (!skb) {
+			for (i = 0; i < pkts_count; i++) {
+				if (buffer[0] != (&pkts[i])->type)
+					continue;
+
+				skb = bt_skb_alloc((&pkts[i])->maxlen,
+						   GFP_ATOMIC);
+				if (!skb)
+					return ERR_PTR(-ENOMEM);
+
+				hci_skb_pkt_type(skb) = (&pkts[i])->type;
+				hci_skb_expect(skb) = (&pkts[i])->hlen;
+				break;
+			}
+
+			/* Check for invalid packet type */
+			if (!skb)
+				return ERR_PTR(-EILSEQ);
+
+			count -= 1;
+			buffer += 1;
+		}
+
+		len = min_t(uint, hci_skb_expect(skb) - skb->len, count);
+		skb_put_data(skb, buffer, len);
+
+		count -= len;
+		buffer += len;
+
+		/* Check for partial packet */
+		if (skb->len < hci_skb_expect(skb))
+			continue;
+
+		for (i = 0; i < pkts_count; i++) {
+			if (hci_skb_pkt_type(skb) == (&pkts[i])->type)
+				break;
+		}
+
+		if (i >= pkts_count) {
+			kfree_skb(skb);
+			return ERR_PTR(-EILSEQ);
+		}
+
+		if (skb->len == (&pkts[i])->hlen) {
+			u16 dlen;
+
+			switch ((&pkts[i])->lsize) {
+			case 0:
+				/* No variable data length */
+				dlen = 0;
+				break;
+			case 1:
+				/* Single octet variable length */
+				dlen = skb->data[(&pkts[i])->loff];
+				hci_skb_expect(skb) += dlen;
+
+				if (skb_tailroom(skb) < dlen) {
+					kfree_skb(skb);
+					return ERR_PTR(-EMSGSIZE);
+				}
+				break;
+			case 2:
+				/* Double octet variable length */
+				dlen = get_unaligned_le16(skb->data +
+							  (&pkts[i])->loff);
+				hci_skb_expect(skb) += dlen;
+
+				if (skb_tailroom(skb) < dlen) {
+					kfree_skb(skb);
+					return ERR_PTR(-EMSGSIZE);
+				}
+				break;
+			default:
+				/* Unsupported variable length */
+				kfree_skb(skb);
+				return ERR_PTR(-EILSEQ);
+			}
+
+			if (!dlen) {
+				/* No more data, complete frame */
+				(&pkts[i])->recv(hdev, skb);
+				skb = NULL;
+			}
+		} else {
+			/* Complete frame */
+			(&pkts[i])->recv(hdev, skb);
+			skb = NULL;
+		}
+	}
+
+	return skb;
+}

bes2600/main.c

@@ -38,6 +38,7 @@
 #include "pm.h"
 #include "bes2600_factory.h"
 #include "bes_chardev.h"
+#include "txrx_opt.h"
 
 MODULE_AUTHOR("Dmitry Tarnyagin <dmitry.tarnyagin@stericsson.com>");
 MODULE_DESCRIPTION("Softmac BES2600 common code");
@@ -204,7 +205,11 @@ static const struct ieee80211_iface_limit bes2600_if_limits[] = {
 			     BIT(NL80211_IFTYPE_P2P_CLIENT) |
 			     BIT(NL80211_IFTYPE_P2P_GO) },
 #ifdef P2P_MULTIVIF
-	{ .max = 1, .types = BIT(NL80211_IFTYPE_P2P_DEVICE) },
+	/*
+	 * HACK: Disable P2P_DEVICE implementation for BES2600
+	 *       as the code is a little buggy.
+	 */
+	//{ .max = 1, .types = BIT(NL80211_IFTYPE_P2P_DEVICE) },
 #endif
 };
 
@@ -603,7 +608,7 @@ static void bes2600_unregister_common(struct ieee80211_hw *dev)
 
 	ieee80211_unregister_hw(dev);
 
-	del_timer_sync(&hw_priv->ba_timer);
+	timer_delete_sync(&hw_priv->ba_timer);
 
 	hw_priv->sbus_ops->irq_unsubscribe(hw_priv->sbus_priv);
 	bes2600_unregister_bh(hw_priv);
@@ -800,6 +805,41 @@ void bes2600_core_release(struct bes2600_common *self)
 	return;
 }
 
+#if (GET_MAC_ADDR_METHOD == 2) || (GET_MAC_ADDR_METHOD == 3) /* To use macaddr and ps mode of customers */
+int access_file(char *path, char *buffer, int size, int isRead)
+{
+	int ret=0;
+	struct file *fp;
+	mm_segment_t old_fs = get_fs();
+
+	if(isRead)
+		fp = filp_open(path,O_RDONLY,S_IRUSR);
+	else
+		fp = filp_open(path,O_CREAT|O_WRONLY,S_IRUSR);
+
+	if (IS_ERR(fp)) {
+		bes_err("BES2600 : can't open %s\n", path);
+		return -1;
+	}
+
+	if (isRead) {
+			fp->f_pos = 0;
+			set_fs(KERNEL_DS);
+			ret = vfs_read(fp,buffer,size,&fp->f_pos);
+			set_fs(old_fs);
+	} else {
+			fp->f_pos = 0;
+			set_fs(KERNEL_DS);
+			ret = vfs_write(fp,buffer,size,&fp->f_pos);
+			set_fs(old_fs);
+	}
+	filp_close(fp,NULL);
+
+	bes_info("BES2600 : access_file return code(%d)\n", ret);
+	return ret;
+}
+#endif
+
 int bes2600_wifi_start(struct bes2600_common *hw_priv)
 {
 	int ret = 0, if_id;
@@ -871,8 +911,8 @@ int bes2600_wifi_stop(struct bes2600_common *hw_priv)
 	hw_priv->wsm_tx_seq[1] = 0;
 	hw_priv->wsm_tx_pending[0] = 0;
 	hw_priv->wsm_tx_pending[1] = 0;
-	del_timer_sync(&hw_priv->mcu_mon_timer);
-	del_timer_sync(&hw_priv->lmac_mon_timer);
+	timer_delete_sync(&hw_priv->mcu_mon_timer);
+	timer_delete_sync(&hw_priv->lmac_mon_timer);
 #ifdef CONFIG_BES2600_STATIC_SDD
 	hw_priv->sdd = NULL;
 #else

bes2600/queue.c

@@ -119,10 +119,9 @@ static void bes2600_queue_register_post_gc(struct list_head *gc_list,
 				     struct bes2600_queue_item *item)
 {
 	struct bes2600_queue_item *gc_item;
-	gc_item = kmalloc(sizeof(struct bes2600_queue_item),
+	gc_item = kmemdup(item, sizeof(struct bes2600_queue_item),
 			GFP_ATOMIC);
 	BUG_ON(!gc_item);
-	memcpy(gc_item, item, sizeof(struct bes2600_queue_item));
 	list_add_tail(&gc_item->head, gc_list);
 }
 
@@ -131,9 +130,9 @@ static void bes2600_queue_pending_record(struct list_head *pending_record_list,
 {
 	struct bes2600_queue_item *record_item;
 
-	record_item = kmalloc(sizeof(struct bes2600_queue_item),GFP_ATOMIC);
+	record_item = kmemdup(pending_item, sizeof(struct bes2600_queue_item),
+			GFP_ATOMIC);
 	BUG_ON(!record_item);
-	memcpy(record_item, pending_item, sizeof(struct bes2600_queue_item));
 	record_item->skb = skb_clone(pending_item->skb, GFP_ATOMIC);
 	list_add_tail(&record_item->head, pending_record_list);
 }
@@ -196,7 +195,7 @@ static void __bes2600_queue_gc(struct bes2600_queue *queue,
 static void bes2600_queue_gc(struct timer_list *t)
 {
 	LIST_HEAD(list);
-	struct bes2600_queue *queue = from_timer(queue, t, gc);
+	struct bes2600_queue *queue = timer_container_of(queue, t, gc);
 
 	spin_lock_bh(&queue->lock);
 	__bes2600_queue_gc(queue, &list, true);
@@ -218,7 +217,7 @@ int bes2600_queue_stats_init(struct bes2600_queue_stats *stats,
 	spin_lock_init(&stats->lock);
 	init_waitqueue_head(&stats->wait_link_id_empty);
 	for (i = 0; i < CW12XX_MAX_VIFS; i++) {
-		stats->link_map_cache[i] = kzalloc(map_capacity * sizeof(int),
+		stats->link_map_cache[i] = kcalloc(map_capacity, sizeof(int),
 			GFP_KERNEL);
 		if (!stats->link_map_cache[i]) {
 			for (; i >= 0; i--)
@@ -249,14 +248,14 @@ int bes2600_queue_init(struct bes2600_queue *queue,
 	queue->queue_all_lock = false;
 	spin_lock_init(&queue->lock);
 	timer_setup(&queue->gc, bes2600_queue_gc, 0);
-	queue->pool = kzalloc(sizeof(struct bes2600_queue_item) * capacity,
+	queue->pool = kcalloc(capacity, sizeof(struct bes2600_queue_item),
 			GFP_KERNEL);
 	if (!queue->pool)
 		return -ENOMEM;
 
 	for (i = 0; i < CW12XX_MAX_VIFS; i++) {
 		queue->link_map_cache[i] =
-				kzalloc(stats->map_capacity * sizeof(int),
+				kcalloc(stats->map_capacity, sizeof(int),
 			GFP_KERNEL);
 		if (!queue->link_map_cache[i]) {
 			for (; i >= 0; i--)
@@ -363,7 +362,7 @@ void bes2600_queue_deinit(struct bes2600_queue *queue)
 	int i;
 
 	bes2600_queue_clear(queue, CW12XX_ALL_IFS);
-	del_timer_sync(&queue->gc);
+	timer_delete_sync(&queue->gc);
 	INIT_LIST_HEAD(&queue->free_pool);
 	kfree(queue->pool);
 	for (i = 0; i < CW12XX_MAX_VIFS; i++) {
@@ -410,7 +409,6 @@ int bes2600_queue_put(struct bes2600_queue *queue,
 	struct timespec64 tmval;
 #endif /*CONFIG_BES2600_TESTMODE*/
 
-	LIST_HEAD(gc_list);
 	struct bes2600_queue_stats *stats = queue->stats;
 	/* TODO:COMBO: Add interface ID info to queue item */
 

bes2600/scan.c

@@ -238,36 +238,6 @@ int bes2600_hw_scan(struct ieee80211_hw *hw,
 	/* Scan when P2P_GO corrupt firmware MiniAP mode */
 	if (priv->join_status == BES2600_JOIN_STATUS_AP)
 		return -EOPNOTSUPP;
-
-	/*
-	 * Firmware refuses WSM start-scan for 5 GHz with status 2 ("rejected
-	 * by policy"); see besser issue #1.  mac80211 splits multi-band
-	 * hw_scan requests per-band when the driver does not set
-	 * IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS (we don't -- see
-	 * ieee80211_hw_set() calls in bes2600_main.c), so each per-band call
-	 * has req->channels[] from one band only (see ieee80211_prep_hw_scan
-	 * in net/mac80211/scan.c).  Refuse the 5 GHz iteration at the driver
-	 * boundary so userspace gets a clean aborted-scan for that portion
-	 * rather than waiting for the firmware reject to cascade up.
-	 *
-	 * Only the multi-channel case is refused (n_channels > 1): that's
-	 * the per-band-sweep pattern mac80211 issues internally and the
-	 * one that triggers the firmware storm at the per-band loop
-	 * boundary.  Single-channel 5 GHz scans (BSS verification, NM's
-	 * per-freq iteration when 802-11-wireless.band=a is set) pass
-	 * through to firmware, which generally accepts them since the
-	 * storm is the back-to-back per-band issue, not a blanket 5 GHz
-	 * reject.  This preserves 5 GHz association via the
-	 * "wpa_supplicant iterates freq_list per channel" path.
-	 *
-	 * Contract: per include/net/mac80211.h struct ieee80211_ops.hw_scan
-	 * documentation, a negative return aborts the scan without requiring
-	 * ieee80211_scan_completed().
-	 */
-	if (req->n_channels > 1 &&
-	    req->channels[0]->band == NL80211_BAND_5GHZ)
-		return -EOPNOTSUPP;
-
 #if 0
 	if (work_pending(&priv->offchannel_work) ||
 			(hw_priv->roc_if_id != -1)) {
@@ -622,10 +592,10 @@ void bes2600_scan_work(struct work_struct *work)
 					"[SCAN] Scan failed (%d).\n",
 					hw_priv->scan.status);
 		else if (hw_priv->scan.req)
-			wiphy_info(priv->hw->wiphy,
+			wiphy_dbg(priv->hw->wiphy,
 					"[SCAN] Scan completed.\n");
 		else
-			wiphy_info(priv->hw->wiphy,
+			wiphy_dbg(priv->hw->wiphy,
 					"[SCAN] Scan canceled.\n");
 
 #ifdef WIFI_BT_COEXIST_EPTA_ENABLE
@@ -710,8 +680,9 @@ void bes2600_scan_work(struct work_struct *work)
 			scan.scanType = WSM_SCAN_TYPE_BACKGROUND;
 			scan.scanFlags = WSM_SCAN_FLAG_FORCE_BACKGROUND;
 		}
-		scan.ch = kzalloc((it - hw_priv->scan.curr) *
-			sizeof(struct wsm_scan_ch), GFP_KERNEL);
+		scan.ch = kcalloc((it - hw_priv->scan.curr),
+				   sizeof(struct wsm_scan_ch),
+				   GFP_KERNEL);
 		if (!scan.ch) {
 			hw_priv->scan.status = -ENOMEM;
 			goto fail;
@@ -1013,7 +984,7 @@ void bes2600_scan_complete_cb(struct bes2600_common *hw_priv,
 	// recover EPTA timer after scan wsm msg complete, in case of epta state error
 	// bwifi_change_current_status(hw_priv, BWIFI_STATUS_SCANNING_COMP);
 #endif
-	wiphy_info(hw_priv->hw->wiphy, "bes2600_scan_complete_cb status: %u", arg->status);
+	wiphy_dbg(hw_priv->hw->wiphy, "bes2600_scan_complete_cb status: %u", arg->status);
 
 	if(hw_priv->scan.status == -ETIMEDOUT)
 		wiphy_warn(hw_priv->hw->wiphy,

bes2600/sta.c

@@ -42,6 +42,8 @@
 #include "bes2600_factory.h"
 #endif
 
+#include "txrx_opt.h"
+
 #define WEP_ENCRYPT_HDR_SIZE    4
 #define WEP_ENCRYPT_TAIL_SIZE   4
 #define WPA_ENCRYPT_HDR_SIZE    8
@@ -219,7 +221,7 @@ void bes2600_stop(struct ieee80211_hw *dev, bool suspend)
 	cancel_delayed_work_sync(&hw_priv->advance_scan_timeout);
 #endif
 	flush_workqueue(hw_priv->workqueue);
-	del_timer_sync(&hw_priv->ba_timer);
+	timer_delete_sync(&hw_priv->ba_timer);
 
 	down(&hw_priv->conf_lock);
 
@@ -259,7 +261,7 @@ void bes2600_stop(struct ieee80211_hw *dev, bool suspend)
 		cancel_delayed_work_sync(&priv->bss_loss_work);
 		cancel_delayed_work_sync(&priv->connection_loss_work);
 		cancel_delayed_work_sync(&priv->link_id_gc_work);
-		del_timer_sync(&priv->mcast_timeout);
+		timer_delete_sync(&priv->mcast_timeout);
 	}
 
 #ifdef WIFI_BT_COEXIST_EPTA_ENABLE
@@ -376,9 +378,23 @@ void bes2600_remove_interface(struct ieee80211_hw *dev,
 	atomic_set(&priv->enabled, 0);
 	down(&hw_priv->scan.lock);
 	down(&hw_priv->conf_lock);
-	if (!__cw12xx_hwpriv_to_vifpriv(hw_priv, priv->if_id)) {
+
+	/*
+	 * There's a chance remove_interface will run again on the same
+	 * (already removed) interface.
+	 *
+	 * Currently this only happens when NetworkManager creates a P2P_DEVICE
+	 * alongside a STA.
+	 *
+	 * But there can be other cases where this may run as well. So if that
+	 * happens, let's throw a warning and decrease the vifs count by one.
+	 */
+	if (WARN_ON(!__cw12xx_hwpriv_to_vifpriv(hw_priv, priv->if_id))) {
 		bes_devel(" !!! %s: interface addr %pM already removed\n",
 			     __func__, vif->addr);
+
+		atomic_dec(&hw_priv->num_vifs);
+
 	        up(&hw_priv->conf_lock);
 	        up(&hw_priv->scan.lock);
 		return;
@@ -451,7 +467,7 @@ void bes2600_remove_interface(struct ieee80211_hw *dev,
 	cancel_delayed_work_sync(&priv->pending_offchanneltx_work);
 	cancel_work_sync(&priv->decrypt_storm_recover_work);
 
-	del_timer_sync(&priv->mcast_timeout);
+	timer_delete_sync(&priv->mcast_timeout);
 	/* TODO:COMBO: May be reset of these variables "delayed_link_loss and
 	 * join_status to default can be removed as dev_priv will be freed by
 	 * mac80211 */
@@ -504,7 +520,7 @@ int bes2600_change_interface(struct ieee80211_hw *dev,
 	return ret;
 }
 
-int bes2600_config(struct ieee80211_hw *dev, u32 changed)
+int bes2600_config(struct ieee80211_hw *dev, int radio_idx, u32 changed)
 {
 	int ret = 0;
 	struct bes2600_common *hw_priv = dev->priv;
@@ -1139,7 +1155,7 @@ void bes2600_wep_key_work(struct work_struct *work)
 	wsm_unlock_tx(hw_priv);
 }
 
-int bes2600_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
+int bes2600_set_rts_threshold(struct ieee80211_hw *hw, int radio_idx, u32 value)
 {
 	struct bes2600_common *hw_priv = hw->priv;
 	int ret;
@@ -2248,6 +2264,8 @@ void bes2600_join_work(struct work_struct *work)
 		wsm_unlock_tx(hw_priv);
 		return;
 	}
+
+	rcu_read_lock();
 	ssidie = ieee80211_bss_get_ie(bss, WLAN_EID_SSID);
 	dtimie = ieee80211_bss_get_ie(bss, WLAN_EID_TIM);
 	if (dtimie)
@@ -2331,6 +2349,8 @@ void bes2600_join_work(struct work_struct *work)
 				bes2600_rate_mask_to_wsm(hw_priv, 0xFF0);
 		}
 
+		rcu_read_unlock();
+
 		bes2600_pwr_set_busy_event(hw_priv, BES_PWR_LOCK_ON_JOIN);
 		wsm_flush_tx(hw_priv);
 
@@ -2480,7 +2500,7 @@ void bes2600_unjoin_work(struct work_struct *work)
 	int i;
 	struct bes2600_vif *tmp_priv;
 
-	del_timer_sync(&hw_priv->ba_timer);
+	timer_delete_sync(&hw_priv->ba_timer);
 	down(&hw_priv->conf_lock);
 	if (unlikely(atomic_read(&hw_priv->scan.in_progress)
 		|| atomic_read(&priv->connect_in_process))) {
@@ -2691,7 +2711,7 @@ void bes2600_ba_timer(struct timer_list *t)
 {
 	bool ba_ena;
 	int cnt, acc, cnt_rx, acc_rx;
-	struct bes2600_common *hw_priv = from_timer(hw_priv, t, ba_timer);
+	struct bes2600_common *hw_priv = timer_container_of(hw_priv, t, ba_timer);
 
 	/*
 	 * Patch D: ba_lock removed.  Snapshot atomic counters into locals
@@ -2923,6 +2943,7 @@ void bes2600_dynamic_opt_txrx_work(struct work_struct *work)
 	if (priv != NULL && priv->join_status > BES2600_JOIN_STATUS_MONITOR) {
 		multivif_connected = true;
 	}
+	bes2600_txrx_opt_multivif_connected_handler(hw_priv, multivif_connected);
 }
 
 
@@ -3767,7 +3788,7 @@ static int bes2600_set_power_save(struct ieee80211_hw *hw,
  *
  * Returns: 0 on success or non zero value on failure
  */
-static int bes2600_start_stop_tsm(struct ieee80211_hw *hw, void *data)
+int bes2600_start_stop_tsm(struct ieee80211_hw *hw, void *data)
 {
 	struct bes_msg_start_stop_tsm *start_stop_tsm =
 		(struct bes_msg_start_stop_tsm *) data;
@@ -3797,7 +3818,7 @@ static int bes2600_start_stop_tsm(struct ieee80211_hw *hw, void *data)
  *
  * Returns: TSM parameters collected
  */
-static int bes2600_get_tsm_params(struct ieee80211_hw *hw)
+int bes2600_get_tsm_params(struct ieee80211_hw *hw)
 {
 	struct bes2600_common *hw_priv = hw->priv;
 	struct bes_tsm_stats tsm_stats;
@@ -3837,7 +3858,7 @@ static int bes2600_get_tsm_params(struct ieee80211_hw *hw)
  *
  * Returns: Returns the last measured roam delay
  */
-static int bes2600_get_roam_delay(struct ieee80211_hw *hw)
+int bes2600_get_roam_delay(struct ieee80211_hw *hw)
 {
 	struct bes2600_common *hw_priv = hw->priv;
 	u16 roam_delay = hw_priv->tsm_info.roam_delay / 1000;

bes2600/sta.h

@@ -26,7 +26,7 @@ int bes2600_change_interface(struct ieee80211_hw *dev,
 				enum nl80211_iftype new_type,
 				bool p2p);
 
-int bes2600_config(struct ieee80211_hw *dev, u32 changed);
+int bes2600_config(struct ieee80211_hw *dev, int radio_idx, u32 changed);
 int bes2600_change_interface(struct ieee80211_hw *dev,
                                 struct ieee80211_vif *vif,
                                 enum nl80211_iftype new_type,
@@ -48,7 +48,7 @@ int bes2600_set_key(struct ieee80211_hw *dev, enum set_key_cmd cmd,
 		   struct ieee80211_vif *vif, struct ieee80211_sta *sta,
 		   struct ieee80211_key_conf *key);
 
-int bes2600_set_rts_threshold(struct ieee80211_hw *hw, u32 value);
+int bes2600_set_rts_threshold(struct ieee80211_hw *hw, int radio_idx, u32 value);
 
 void bes2600_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
 		  u32 queues, bool drop);

bes2600/txrx.c

@@ -21,6 +21,7 @@
 #include "debug.h"
 #include "sta.h"
 #include "sbus.h"
+#include "txrx_opt.h"
 #include "bes_log.h"
 
 #define BES2600_INVALID_RATE_ID (0xFF)
@@ -1549,14 +1550,35 @@ void bes2600_skb_dtor(struct bes2600_common *hw_priv,
 	struct bes2600_vif *priv =
 		__cw12xx_hwpriv_to_vifpriv(hw_priv, txpriv->if_id);
 
+
+	if (!skb)
+		return;
+
+	/*
+	 * There should be no reason for skb buffer being larger
+	 * than the offset..
+	 */
+	if(WARN_ON(txpriv->offset > skb->len)) {
+		ieee80211_free_txskb(hw_priv->hw, skb);
+		return;
+	}
+
+	bes_devel("%s: txpriv->offset: %d - skb->len: %d\n",
+		  __func__, txpriv->offset, skb->len);
+
 	skb_pull(skb, txpriv->offset);
 	if (priv && txpriv->rate_id != BES2600_INVALID_RATE_ID) {
 		bes2600_notify_buffered_tx(priv, skb,
 				txpriv->raw_link_id, txpriv->tid);
 		tx_policy_put(hw_priv, txpriv->rate_id);
 	}
-	if (likely(!bes2600_is_itp(hw_priv)))
+	if (likely(!bes2600_is_itp(hw_priv))) {
+		if (priv) {
+			/* The interface may be already removed */
+			bes2600_tx_status(priv, skb);
+		}
 		ieee80211_tx_status_skb(hw_priv->hw, skb);
+	}
 
 }
 #ifdef CONFIG_BES2600_TESTMODE
@@ -1926,6 +1948,7 @@ void bes2600_rx_cb(struct bes2600_vif *priv,
 
 	if (ieee80211_is_data(frame->frame_control)) {
 		bes2600_rx_h_ba_stat(priv, hdrlen, skb->len);
+		bes2600_rx_status(priv, skb);
 	}
 
 #ifdef CONFIG_BES2600_TESTMODE

bes2600/txrx_opt.c

@@ -0,0 +1,569 @@
+/***************************************************************************
+ *
+ * Copyright 2015-2022 BES.
+ * All rights reserved. All unpublished rights reserved.
+ *
+ * No part of this work may be used or reproduced in any form or by any
+ * means, or stored in a database or retrieval system, without prior written
+ * permission of BES.
+ *
+ * Use of this work is governed by a license granted by BES.
+ * This work contains confidential and proprietary information of
+ * BES. which is protected by copyright, trade secret,
+ * trademark and other intellectual property rights.
+ *
+ ****************************************************************************/
+#include <net/mac80211.h>
+#include <linux/etherdevice.h>
+#include <linux/skbuff.h>
+#include <linux/timer.h>
+
+#include "bes2600.h"
+#include "wsm.h"
+#include "bh.h"
+#include "ap.h"
+#include "debug.h"
+#include "sta.h"
+#include "sbus.h"
+#include "bes_pwr.h"
+#include "txrx_opt.h"
+
+#define TXRX_OPT_CLOSE_EDCA     0
+#define TXRX_OPT_EDCA_MAX_LEVEL 4
+#define TX_AVG_TIME_COUNT       10
+#define TXRX_OPT_PEROID         500
+#define TXRX_OPT_DEBUG          1
+
+#define TXRX_HIGH_TP_THRESHOLD_2G4    	30000   // unit is kbps
+#define TXRX_HIGH_TP_THRESHOLD_5G    	40000   // unit is kbps
+#define TXRX_HIGH_TP_DELTA_TIME_2G4   	8       // unit ms
+#define TXRX_HIGH_TP_DELTA_TIME_5G   	6       // unit ms
+
+#define TXRX_RTS_PROT_TRIG_THRESH		80		// percent * 100
+#define TXRX_RTS_PROT_DURATION			10		// unit second
+
+#define TXRX_RTS_PROT_OPEN(x)			(x = 512)
+#define TXRX_RTS_PROT_CLOSE(x)			(x = 2437)
+#define TXRX_RTS_PROT_OPENED(x)			(x < 1536)
+
+static uint32_t tx_delta_time_arr[4][TX_AVG_TIME_COUNT];
+static uint32_t tx_queue_arr[4] = {0};
+static uint32_t tx_delta_time_total = 0;
+static uint32_t tx_delta_time_total_cnt = 0;
+static u8 cur_pwr_tbl = 1;
+static u16 cur_rts_thres = 2437;
+static unsigned long last_rts_set_time = -1;
+
+void bes2600_add_tx_delta_time(uint32_t tx_delta_time)
+{
+	tx_delta_time_total += tx_delta_time;
+	tx_delta_time_total_cnt++;
+}
+
+static uint32_t bes2600_get_tx_delta_time(void)
+{
+	if (tx_delta_time_total_cnt != 0)
+		return tx_delta_time_total / tx_delta_time_total_cnt;
+	else
+		return 0;
+}
+
+static void bes2600_clear_tx_delta_time(void)
+{
+	tx_delta_time_total_cnt = 0;
+	tx_delta_time_total = 0;
+	return ;
+}
+
+static uint32_t bes2600_get_tx_ac_delta_time(int ac)
+{
+	uint32_t avg_time = 0;
+	int i = 0;
+	for (i = 0; i < TX_AVG_TIME_COUNT; i++) {
+		avg_time += tx_delta_time_arr[ac][i];
+	}
+	return avg_time / TX_AVG_TIME_COUNT;
+}
+
+static void bes2600_clear_tx_ac_delta_time(int ac)
+{
+	int i = 0;
+	for (i = 0; i < TX_AVG_TIME_COUNT; i++) {
+		tx_delta_time_arr[ac][i] = 0;
+	}
+	return ;
+}
+
+void bes2600_add_tx_ac_delta_time(int ac, uint32_t del_time)
+{
+#if 0
+	if (tx_queue_arr[ac] >= (TX_AVG_TIME_COUNT - 1)) {
+		static int num = 0;
+		if ((num ++ % 10) == 0)
+			bes_devel( "%s %d %d %d %d %d del=%d\n\r", __func__, tx_delta_time_arr[ac][0],
+				     tx_delta_time_arr[ac][2],  tx_delta_time_arr[ac][4],  tx_delta_time_arr[ac][6],
+				     tx_delta_time_arr[ac][8], del_time);
+	}
+#endif
+	tx_delta_time_arr[ac][tx_queue_arr[ac]] = del_time;
+	tx_queue_arr[ac] = (tx_queue_arr[ac] >= (TX_AVG_TIME_COUNT - 1)) ? 0 : (tx_queue_arr[ac] + 1);
+
+}
+
+
+static int bes2600_set_txrx_opt_param(struct bes2600_common *hw_priv,
+			       struct bes2600_vif *priv,
+			       MIB_TXRX_OPT_PARAM  *para)
+{
+
+	int ret = 0;
+	ret = WARN_ON(wsm_write_mib(hw_priv,
+				    WSM_MIB_ID_EXT_TXRX_OPT_PARAM,
+				    (u8 *)para,
+				    sizeof(MIB_TXRX_OPT_PARAM),
+				    priv->if_id));
+	return ret;
+}
+
+static int bes2600_enable_tx_shortgi(struct bes2600_common *hw_priv,
+			      struct bes2600_vif *priv,
+			      u8 onoff)
+{
+	int ret = 0;
+	static u8 en = 0xff;
+
+	bes_devel( "%s onoff=%d\n\r", __func__, onoff);
+
+	if (en != onoff) {
+		en = onoff;
+		ret = WARN_ON(wsm_write_mib(hw_priv,
+					    WSM_MIB_ID_EXT_TX_SHORT_GI_ENABLED,
+					    (u8 *)&onoff,
+					    sizeof(onoff),
+					    priv->if_id));
+	}
+	return ret;
+}
+
+void bes2600_rx_status(struct bes2600_vif *priv, struct sk_buff *skb)
+{
+	priv->dot11ReceivedFragmentCount++;
+	priv->dot11ReceivedDataBytes += skb->len;
+}
+
+void bes2600_tx_status(struct bes2600_vif *priv, struct sk_buff *skb)
+{
+	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
+	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+	int i;
+	int retry_count = -1;
+
+	if(WARN_ON(!priv->hw))
+		return;
+
+	if (!ieee80211_is_data(hdr->frame_control))
+		return;
+
+	for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
+		if (info->status.rates[i].idx < 0)
+			break;
+
+		retry_count += info->status.rates[i].count;
+	}
+	if (retry_count < 0)
+		retry_count = 0;
+
+	if (info->flags & IEEE80211_TX_STAT_ACK) {
+		priv->dot11TransmittedFrameCount++;
+		priv->dot11TransmittedDataBytes += (skb->len + 4);
+		if (retry_count > 0)
+			priv->dot11RetryCount += retry_count;
+
+	} else {
+		/* tx fail.*/
+		priv->dot11FailedCount++;
+	}
+}
+void bes2600_set_default_params(struct bes2600_common *hw_priv, struct bes2600_vif *priv);
+
+static int bes2600_set_high_edca_params(struct bes2600_common *hw_priv, struct bes2600_vif *priv, int level)
+{
+	struct wsm_edca_params arg;
+	int i = 0;
+	static int lev = 0;
+	bes_devel( "set edca level=%d\n\r", level);
+
+	if (lev == level)
+		return 0;
+
+	lev = level;
+
+	memcpy(&arg, &(priv->edca), sizeof(struct wsm_edca_params));
+
+	if (level == 0) {
+		bes2600_set_default_params(hw_priv, priv);
+		return 0;
+	} else if (level == 1) {
+		for ( i = 0; i < 4; i++) {
+			arg.params[i].aifns = 2;
+			arg.params[i].cwMax = 7;
+			arg.params[i].cwMin = 3;
+			/*
+			 * tx op must set 0
+			 * set other, some AP may not response BA when rx data.
+			*/
+			arg.params[i].txOpLimit = 0;
+			arg.params[i].maxReceiveLifetime = 0xc8;
+		}
+	} else if (level == 2) {
+		for ( i = 0; i < 4; i++) {
+			arg.params[i].aifns = 2;
+			arg.params[i].cwMax = 5;
+			arg.params[i].cwMin = 1;
+			arg.params[i].txOpLimit = 0;
+			arg.params[i].maxReceiveLifetime = 0xc8;
+		}
+	} else if (level == 3) {
+		for ( i = 0; i < 4; i++) {
+			arg.params[i].aifns = 2;
+			arg.params[i].cwMax = 3;
+			arg.params[i].cwMin = 1;
+			arg.params[i].txOpLimit = 0;
+			arg.params[i].maxReceiveLifetime = 0xc8;
+		}
+	} else if (level == 4) {
+		for ( i = 0; i < 4; i++) {
+			arg.params[i].aifns = 1;
+			arg.params[i].cwMax = 3;
+			arg.params[i].cwMin = 1;
+			arg.params[i].txOpLimit = 0;
+			arg.params[i].maxReceiveLifetime = 0xc8;
+		}
+	}
+	wsm_set_edca_params(hw_priv, &arg, priv->if_id);
+	return 0;
+}
+void bes2600_set_default_params(struct bes2600_common *hw_priv, struct bes2600_vif *priv)
+{
+	bes_devel( "set edca default\n\r");
+	wsm_set_edca_params(hw_priv, &priv->edca, priv->if_id);
+}
+static void bes2600_set_cca_method(struct bes2600_common *hw_priv, struct bes2600_vif *priv, int value)
+{
+// todo set cca alg
+}
+
+static void bes2600_set_dynamic_agc(struct bes2600_common *hw_priv, struct bes2600_vif *priv, int value)
+{
+// todo set agc alg
+}
+
+static int bes2600_update_pwr_table(struct bes2600_common *hw_priv,
+			      struct bes2600_vif *priv,
+			      u8 pwr_tbl_idx)
+{
+	int ret = 0;
+	static u8 cur_pwr_tbl_idx = 0xff;
+
+	if (cur_pwr_tbl_idx != pwr_tbl_idx) {
+		cur_pwr_tbl_idx = pwr_tbl_idx;
+		ret = WARN_ON(wsm_write_mib(hw_priv,
+					    WSM_MIB_ID_EXT_PWR_TBL_UPDATE,
+					    (u8 *)&cur_pwr_tbl_idx,
+					    sizeof(cur_pwr_tbl_idx),
+					    priv->if_id));
+		bes_devel( "%s pwr_tbl_idx=%d\n\r", __func__, pwr_tbl_idx);
+	}
+	return ret;
+}
+
+static int bes2600_get_tx_av_max_delta_time(void)
+{
+	int max_avg = 0;
+	int i = 0;
+
+	for (i = 0; i < 4; i++) {
+		if (max_avg < bes2600_get_tx_ac_delta_time(i)) {
+			max_avg = bes2600_get_tx_ac_delta_time(i);
+		}
+		//bes2600_clear_tx_ac_delta_time(i);
+	}
+	return max_avg;
+}
+
+static bool bes2600_station_is_ap_ht40(struct bes2600_common *hw_priv)
+{
+
+	if (hw_priv->hw) {
+		struct ieee80211_conf *conf = &hw_priv->hw->conf;
+		if (conf !=  NULL)
+			if (conf->chandef.width == NL80211_CHAN_WIDTH_40)
+				return true;
+	}
+	return false;
+}
+
+void bes2600_dynamic_opt_rxtx(struct bes2600_common *hw_priv, struct bes2600_vif *priv, int rssi)
+{
+	u32 succPro = 0, tx_cnt, tx_retry, rx_cnt, tx_fail;
+	static u32 l_tx_cnt = 0, l_tx_fail = 0, l_tx_retry = 0, l_rx_cnt = 0;
+	static u32 tx_bps = 0, rx_bps = 0;
+	u32 total_kbps = 0;
+	static int level;
+
+	/* calculate real time throughput */
+	if (hw_priv == NULL || priv == NULL) {
+		return;
+	}
+	tx_bps = abs (priv->dot11TransmittedDataBytes - tx_bps);
+	rx_bps = abs (priv->dot11ReceivedDataBytes  - rx_bps);
+	total_kbps = (tx_bps / 128 + rx_bps / 128);
+
+	total_kbps *= 1000;
+	total_kbps /= TXRX_OPT_PEROID;
+
+	/*  if tx/rx < 100k/s, close*/
+	if (total_kbps < 100) {
+		level = 0;
+		last_rts_set_time = -1;
+		TXRX_RTS_PROT_CLOSE(cur_rts_thres);
+		goto txrx_opt_clear;
+	}
+
+	/* calculate tx_cnt, tx_retry, rx_cnt */
+	tx_cnt = (priv->dot11TransmittedFrameCount - l_tx_cnt);
+	tx_fail = (priv->dot11FailedCount - l_tx_fail);
+	tx_retry = (priv->dot11RetryCount - l_tx_retry);
+	rx_cnt = (priv->dot11ReceivedFragmentCount - l_rx_cnt);
+	( (tx_cnt + tx_retry) > 0 ) ? (succPro = tx_cnt * 100 / (tx_cnt + tx_retry)) : (succPro = 0);
+
+	bes_devel( "%s, tx_cnt:%d prob:%d\n", __func__, tx_cnt, succPro);
+
+	/* set rts/cts protection dynamically */
+	if (tx_cnt > 50 && succPro != 0) {
+		if (succPro > TXRX_RTS_PROT_TRIG_THRESH &&
+			TXRX_RTS_PROT_OPENED(cur_rts_thres) &&
+		    time_after(jiffies, last_rts_set_time + TXRX_RTS_PROT_DURATION * HZ)) {
+			TXRX_RTS_PROT_CLOSE(cur_rts_thres);
+		} else if (succPro <= TXRX_RTS_PROT_TRIG_THRESH){
+			TXRX_RTS_PROT_OPEN(cur_rts_thres);
+			last_rts_set_time = jiffies;
+		}
+	}
+
+	/* dynamic set edca param */
+	if (succPro != 0) {
+		if (bes2600_station_is_ap_ht40(hw_priv)) {
+			if (bes2600_get_tx_delta_time() > 8 || bes2600_get_tx_av_max_delta_time() > 8) {
+				if (level < 4)
+					level++;
+			} else {
+				if (level > 0)
+					level--;
+			}
+			/* high throughput force level = 0 */
+			if (total_kbps > TXRX_HIGH_TP_THRESHOLD_5G && level > 0 && priv->hw_value > 19) {
+				level = 0;
+			}
+
+		} else {//shiled room 13, office 8
+			if (bes2600_get_tx_delta_time() > (TXRX_HIGH_TP_DELTA_TIME_5G + total_kbps / 8000)
+			    || bes2600_get_tx_av_max_delta_time() > (TXRX_HIGH_TP_DELTA_TIME_5G + total_kbps / 8000)) {
+				if (level < 4)
+					level++;
+			} else {
+				if (level > 0)
+					level--;
+			}
+			/* high throughput force level = 0 */
+			if (total_kbps > TXRX_HIGH_TP_THRESHOLD_2G4 && level > 0) {
+				level = 0;
+			}
+
+		}
+	}
+
+	/* dynamic set power table */
+	if (rssi <= BES2600_TX_RSSI_LOW)
+		cur_pwr_tbl = 2;	// use high power table
+	else if(rssi >= BES2600_TX_RSSI_HIGH)
+		cur_pwr_tbl = 1;	// use standard power table
+
+#if TXRX_OPT_CLOSE_EDCA
+	level = 0;
+#endif
+	if (level > TXRX_OPT_EDCA_MAX_LEVEL)
+		level = TXRX_OPT_EDCA_MAX_LEVEL;
+
+	bes_devel( "txrx_opt: tx(cnt=%d retry=%d psr=%d tx_fail=%d (wsm level=%d) tx=%dk/s)\n\r",
+	       tx_cnt, tx_retry, succPro, tx_fail, level, tx_bps / 128);
+	bes_devel( "txrx_opt: rx(cnt=%d  rx=%dk/s) total=%dk/s\n\r", rx_cnt, rx_bps / 128, total_kbps);
+	bes_devel( "txrx_opt: tx_delta_time=%d [%d %d %d %d] hw_value=%d ht=%d maxtxcnt=%d\n\r",
+	       bes2600_get_tx_delta_time(), bes2600_get_tx_ac_delta_time(0), bes2600_get_tx_ac_delta_time(1),
+	       bes2600_get_tx_ac_delta_time(2), bes2600_get_tx_ac_delta_time(3), priv->hw_value,
+	       bes2600_station_is_ap_ht40(hw_priv), hw_priv->long_frame_max_tx_count);
+
+
+	/* dynamic set cca */
+	bes2600_set_cca_method(hw_priv, priv, 0);
+	/* dynamic set agc */
+	bes2600_set_dynamic_agc(hw_priv, priv, 0);
+	bes2600_update_pwr_table(hw_priv, priv, cur_pwr_tbl);
+txrx_opt_clear:
+	bes2600_set_high_edca_params(hw_priv, priv, level);
+	bes2600_set_rts_threshold(hw_priv->hw, -1, cur_rts_thres);
+	bes2600_clear_tx_delta_time();
+	bes2600_clear_tx_ac_delta_time(0);
+	bes2600_clear_tx_ac_delta_time(1);
+	bes2600_clear_tx_ac_delta_time(2);
+	bes2600_clear_tx_ac_delta_time(3);
+	tx_bps = priv->dot11TransmittedDataBytes;
+	rx_bps = priv->dot11ReceivedDataBytes;
+	l_tx_cnt = priv->dot11TransmittedFrameCount;
+	l_tx_fail = priv->dot11FailedCount;
+	l_tx_retry = priv->dot11RetryCount;
+	l_rx_cnt = priv->dot11ReceivedFragmentCount;
+	return ;
+}
+
+static struct bes2600_common *txrx_hw_priv = NULL;
+
+static bool bes2600_is_sta_connected(void)
+{
+	if (txrx_hw_priv == NULL)
+		return false;
+	else
+		return true;
+}
+
+void bes2600_txrx_opt_timer_restore(void)
+{
+	if (bes2600_is_sta_connected()) {
+		mod_timer(&txrx_hw_priv->txrx_opt_timer, jiffies + msecs_to_jiffies(TXRX_OPT_PEROID));
+	}
+}
+
+static void txrx_opt_timer_callback(struct timer_list* data)
+{
+	bes_devel( "####Timer callback function Called time = %lu\n", jiffies);
+	queue_work(txrx_hw_priv->workqueue, &txrx_hw_priv->dynamic_opt_txrx_work);
+}
+
+static void txrx_opt_timer_start(struct bes2600_common *hw_priv)
+{
+	mod_timer(&hw_priv->txrx_opt_timer, jiffies + msecs_to_jiffies(TXRX_OPT_PEROID));
+}
+
+static void txrx_opt_timer_stop(struct bes2600_common *hw_priv)
+{
+	timer_delete_sync(&hw_priv->txrx_opt_timer);
+}
+
+static void bes2600_set_txrx_opt_default_param(struct bes2600_common * hw_priv)
+{
+	MIB_TXRX_OPT_PARAM g_txrx_param = {2, (PROCTECT_MODE_RTS_CTS | PROCTECT_MODE_RTS_CTS_RETRY), 3000};
+	struct bes2600_vif *priv = __cw12xx_hwpriv_to_vifpriv(hw_priv, 0);
+	struct ieee80211_sta *sta = NULL;
+	int shortgi = 0;
+
+	if (priv == NULL)
+		return;
+
+	/* reset states */
+	cur_pwr_tbl = 1;
+	TXRX_RTS_PROT_CLOSE(cur_rts_thres);
+	last_rts_set_time = -1;
+	memcpy(&hw_priv->txrx_opt_param, &g_txrx_param, sizeof(MIB_TXRX_OPT_PARAM));
+
+	/* reset device states */
+	bes2600_set_txrx_opt_param(hw_priv, priv, &hw_priv->txrx_opt_param);
+	bes2600_set_rts_threshold(hw_priv->hw, -1, cur_rts_thres);	// close rts/cts
+	bes2600_update_pwr_table(hw_priv, priv, cur_pwr_tbl);	// use standard pwr table
+
+	if (priv->join_status == BES2600_JOIN_STATUS_STA) {
+		rcu_read_lock();
+
+		sta = ieee80211_find_sta(priv->vif, priv->vif->bss_conf.bssid);
+		if (sta) {
+			if (sta->deflink.ht_cap.ht_supported &&
+			    ((priv->vif->bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_20 &&
+				 sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SGI_20) ||
+				(priv->vif->bss_conf.chanreq.oper.width == NL80211_CHAN_WIDTH_40 &&
+				 sta->deflink.ht_cap.cap & IEEE80211_HT_CAP_SGI_40))) {
+				shortgi = 1;
+			}
+		}
+
+		rcu_read_unlock();
+
+		bes_devel("short gi tx status: %d\n", shortgi);
+		bes2600_enable_tx_shortgi(hw_priv, priv, shortgi);
+	}
+}
+
+static int bes2600_set_txrx_opt_unjoin_param(struct bes2600_common * hw_priv)
+{
+	MIB_TXRX_OPT_PARAM g_txrx_param = {1, 0, 2002};
+	struct bes2600_vif *priv = __cw12xx_hwpriv_to_vifpriv(hw_priv, 0);
+	if (priv == NULL)
+		return 0;
+
+	/* reset states */
+	cur_pwr_tbl = 1;
+	bes2600_update_pwr_table(hw_priv, priv, cur_pwr_tbl);
+	memcpy(&hw_priv->txrx_opt_param, &g_txrx_param, sizeof(MIB_TXRX_OPT_PARAM));
+	bes2600_set_txrx_opt_param(hw_priv, priv, &hw_priv->txrx_opt_param);
+	return 0;
+}
+
+void bes2600_txrx_opt_multivif_connected_handler(struct bes2600_common *hw_priv, bool multivif_connected)
+{
+	struct bes2600_vif *priv = __cw12xx_hwpriv_to_vifpriv(hw_priv, 0);
+
+	if (multivif_connected) {
+		bes2600_set_txrx_opt_default_param(hw_priv);
+	} else {
+		bes_devel("%s, rssi:%d\n", __func__, priv->signal);
+		bes2600_dynamic_opt_rxtx(hw_priv, priv, priv->signal);
+		mod_timer(&hw_priv->txrx_opt_timer, jiffies + msecs_to_jiffies(TXRX_OPT_PEROID));
+	}
+}
+
+int txrx_opt_timer_init(struct bes2600_vif *priv)
+{
+	struct bes2600_common *hw_priv = cw12xx_vifpriv_to_hwpriv(priv);
+	bes_devel( "txrx_opt_timer_init:%p", txrx_hw_priv);
+	if (priv->if_id != 0)
+		return 0;
+
+	if (!txrx_hw_priv) {
+		txrx_hw_priv = hw_priv;
+		bes_devel( "####Timer init hw_priv = %p\n", txrx_hw_priv);
+		timer_setup(&hw_priv->txrx_opt_timer, txrx_opt_timer_callback, 0);
+		bes2600_set_txrx_opt_default_param(hw_priv);
+	}
+
+	mod_timer(&hw_priv->txrx_opt_timer, jiffies + msecs_to_jiffies(TXRX_OPT_PEROID));
+	bes2600_pwr_register_en_lp_cb(hw_priv, txrx_opt_timer_stop);
+	bes2600_pwr_register_exit_lp_cb(hw_priv, txrx_opt_timer_start);
+	return 0;
+}
+
+void txrx_opt_timer_exit(struct bes2600_vif *priv)
+{
+	struct bes2600_common *hw_priv = cw12xx_vifpriv_to_hwpriv(priv);
+	bes_devel( "txrx_opt_timer_exit");
+
+	if (priv->if_id == 0) {
+		timer_delete_sync(&hw_priv->txrx_opt_timer);
+		cancel_work_sync(&hw_priv->dynamic_opt_txrx_work);
+		bes2600_pwr_unregister_en_lp_cb(hw_priv, txrx_opt_timer_stop);
+		bes2600_pwr_unregister_exit_lp_cb(hw_priv, txrx_opt_timer_start);
+		txrx_hw_priv = NULL;
+		bes2600_set_txrx_opt_unjoin_param(hw_priv);
+	} else if (priv->if_id == 1) {
+		bes2600_txrx_opt_timer_restore();
+	}
+}
+
+

bes2600/txrx_opt.h

@@ -0,0 +1,38 @@
+
+/***************************************************************************
+ *
+ * Copyright 2015-2022 BES.
+ * All rights reserved. All unpublished rights reserved.
+ *
+ * No part of this work may be used or reproduced in any form or by any
+ * means, or stored in a database or retrieval system, without prior written
+ * permission of BES.
+ *
+ * Use of this work is governed by a license granted by BES.
+ * This work contains confidential and proprietary information of
+ * BES. which is protected by copyright, trade secret,
+ * trademark and other intellectual property rights.
+ *
+ ****************************************************************************/
+#ifndef bes2600_TXRX_OPT_H
+#define bes2600_TXRX_OPT_H
+#include <linux/list.h>
+/* open it for enhance wifi throughput */
+#define BES2600_TX_RX_OPT   1
+
+/* Threshold for powrt table switch */
+#define BES2600_TX_RSSI_LOW     -65
+#define BES2600_TX_RSSI_HIGH    -60
+
+void bes2600_add_tx_ac_delta_time(int ac, uint32_t del_time);
+void bes2600_add_tx_delta_time(uint32_t tx_time);
+void bes2600_rx_status(struct bes2600_vif *priv, struct sk_buff *skb);
+void bes2600_tx_status(struct bes2600_vif *priv, struct sk_buff *skb);
+void bes2600_dynamic_opt_rxtx(struct bes2600_common *hw_priv,struct bes2600_vif *priv, int rssi);
+void bes2600_txrx_opt_multivif_connected_handler(struct bes2600_common *hw_priv, bool multivif_connected);
+void bes2600_txrx_opt_timer_restore(void);
+int txrx_opt_timer_init(struct bes2600_vif *priv);
+void txrx_opt_timer_exit(struct bes2600_vif *priv);
+
+#endif
+

bes2600/wsm.h

@@ -2232,5 +2232,7 @@ int wsm_cpu_usage_cmd(struct bes2600_common *hw_priv);
 
 int wsm_wifi_status_cmd(struct bes2600_common *hw_priv, uint32_t status);
 
+#if defined(STANDARD_FACTORY_EFUSE_FLAG)
 int wsm_save_factory_txt_to_mcu(struct bes2600_common *hw_priv, const u8 *data, int if_id, enum bes2600_rf_cmd_type cmd_type);
+#endif
 #endif /* BES2600_HWIO_H_INCLUDED */

debian/copyright

@@ -18,7 +18,8 @@ License: LGPL-2.1
  License for more details.
  .
  You should have received a copy of the GNU Lesser General Public License
- along with this library; if not, see <https://www.gnu.org/licenses/>.
+ along with this library; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  .
  On Debian systems, the full text of the GNU Lesser General Public License
  version 2.1 can be found in the file "/usr/share/common-licenses/LGPL-2.1".