PKG_NAME:=mac80211
-PKG_VERSION:=5.15-rc6-1
+PKG_VERSION:=5.15.8-1
PKG_RELEASE:=1
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.15-rc6/
-PKG_HASH:=9282612c4c02ef9fc9d74405303033f6b53914cd63d631eef0f43155fcd38932
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.15.8/
+PKG_HASH:=9f71b659c034f19d156532ec780fcb606cee3c4ccc42e2f8ef18dd3e9f1b6820
PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)
+++ /dev/null
-From 6f8c8bf4c7c9be1c42088689fd4370e06b46608a Mon Sep 17 00:00:00 2001
-From: Abinaya Kalaiselvan <akalaise@codeaurora.org>
-Date: Wed, 20 Oct 2021 11:59:07 +0300
-Subject: ath10k: fix module load regression with iram-recovery feature
-
-Commit 9af7c32ceca8 ("ath10k: add target IRAM recovery feature support")
-introduced a new firmware feature flag ATH10K_FW_FEATURE_IRAM_RECOVERY. But
-this caused ath10k_pci module load to fail if ATH10K_FW_CRASH_DUMP_RAM_DATA bit
-was not enabled in the ath10k coredump_mask module parameter:
-
-[ 2209.328190] ath10k_pci 0000:02:00.0: qca9984/qca9994 hw1.0 target 0x01000000 chip_id 0x00000000 sub 168c:cafe
-[ 2209.434414] ath10k_pci 0000:02:00.0: kconfig debug 1 debugfs 1 tracing 1 dfs 1 testmode 1
-[ 2209.547191] ath10k_pci 0000:02:00.0: firmware ver 10.4-3.9.0.2-00099 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps,peer-fixed-rate,iram-recovery crc32 cbade90a
-[ 2210.896485] ath10k_pci 0000:02:00.0: board_file api 1 bmi_id 0:1 crc32 a040efc2
-[ 2213.603339] ath10k_pci 0000:02:00.0: failed to copy target iram contents: -12
-[ 2213.839027] ath10k_pci 0000:02:00.0: could not init core (-12)
-[ 2213.933910] ath10k_pci 0000:02:00.0: could not probe fw (-12)
-
-And by default coredump_mask does not have ATH10K_FW_CRASH_DUMP_RAM_DATA
-enabled so anyone using a firmware with iram-recovery feature would fail. To my
-knowledge only QCA9984 firmwares starting from release 10.4-3.9.0.2-00099
-enabled the feature.
-
-The reason for regression was that ath10k_core_copy_target_iram() used
-ath10k_coredump_get_mem_layout() to get the memory layout, but when
-ATH10K_FW_CRASH_DUMP_RAM_DATA was disabled it would get just NULL and bail out
-with an error.
-
-While looking at all this I noticed another bug: if CONFIG_DEV_COREDUMP is
-disabled but the firmware has iram-recovery enabled the module load fails with
-similar error messages. I fixed that by returning 0 from
-ath10k_core_copy_target_iram() when _ath10k_coredump_get_mem_layout() returns
-NULL.
-
-Tested-on: QCA9984 hw2.0 PCI 10.4-3.9.0.2-00139
-
-Fixes: 9af7c32ceca8 ("ath10k: add target IRAM recovery feature support")
-Signed-off-by: Abinaya Kalaiselvan <akalaise@codeaurora.org>
-Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-Link: https://lore.kernel.org/r/20211020075054.23061-1-kvalo@codeaurora.org
----
- drivers/net/wireless/ath/ath10k/core.c | 11 +++++++++--
- drivers/net/wireless/ath/ath10k/coredump.c | 11 ++++++++---
- drivers/net/wireless/ath/ath10k/coredump.h | 7 +++++++
- 3 files changed, 24 insertions(+), 5 deletions(-)
-
---- a/drivers/net/wireless/ath/ath10k/core.c
-+++ b/drivers/net/wireless/ath/ath10k/core.c
-@@ -2690,9 +2690,16 @@ static int ath10k_core_copy_target_iram(
- int i, ret;
- u32 len, remaining_len;
-
-- hw_mem = ath10k_coredump_get_mem_layout(ar);
-+ /* copy target iram feature must work also when
-+ * ATH10K_FW_CRASH_DUMP_RAM_DATA is disabled, so
-+ * _ath10k_coredump_get_mem_layout() to accomplist that
-+ */
-+ hw_mem = _ath10k_coredump_get_mem_layout(ar);
- if (!hw_mem)
-- return -ENOMEM;
-+ /* if CONFIG_DEV_COREDUMP is disabled we get NULL, then
-+ * just silently disable the feature by doing nothing
-+ */
-+ return 0;
-
- for (i = 0; i < hw_mem->region_table.size; i++) {
- tmp = &hw_mem->region_table.regions[i];
---- a/drivers/net/wireless/ath/ath10k/coredump.c
-+++ b/drivers/net/wireless/ath/ath10k/coredump.c
-@@ -1447,11 +1447,17 @@ static u32 ath10k_coredump_get_ramdump_s
-
- const struct ath10k_hw_mem_layout *ath10k_coredump_get_mem_layout(struct ath10k *ar)
- {
-- int i;
--
- if (!test_bit(ATH10K_FW_CRASH_DUMP_RAM_DATA, &ath10k_coredump_mask))
- return NULL;
-
-+ return _ath10k_coredump_get_mem_layout(ar);
-+}
-+EXPORT_SYMBOL(ath10k_coredump_get_mem_layout);
-+
-+const struct ath10k_hw_mem_layout *_ath10k_coredump_get_mem_layout(struct ath10k *ar)
-+{
-+ int i;
-+
- if (WARN_ON(ar->target_version == 0))
- return NULL;
-
-@@ -1464,7 +1470,6 @@ const struct ath10k_hw_mem_layout *ath10
-
- return NULL;
- }
--EXPORT_SYMBOL(ath10k_coredump_get_mem_layout);
-
- struct ath10k_fw_crash_data *ath10k_coredump_new(struct ath10k *ar)
- {
---- a/drivers/net/wireless/ath/ath10k/coredump.h
-+++ b/drivers/net/wireless/ath/ath10k/coredump.h
-@@ -176,6 +176,7 @@ int ath10k_coredump_register(struct ath1
- void ath10k_coredump_unregister(struct ath10k *ar);
- void ath10k_coredump_destroy(struct ath10k *ar);
-
-+const struct ath10k_hw_mem_layout *_ath10k_coredump_get_mem_layout(struct ath10k *ar);
- const struct ath10k_hw_mem_layout *ath10k_coredump_get_mem_layout(struct ath10k *ar);
-
- #else /* CONFIG_DEV_COREDUMP */
-@@ -213,6 +214,12 @@ ath10k_coredump_get_mem_layout(struct at
- {
- return NULL;
- }
-+
-+static inline const struct ath10k_hw_mem_layout *
-+_ath10k_coredump_get_mem_layout(struct ath10k *ar)
-+{
-+ return NULL;
-+}
-
- #endif /* CONFIG_DEV_COREDUMP */
-
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -9820,6 +9820,21 @@ static int ath10k_mac_init_rd(struct ath
+@@ -9843,6 +9843,21 @@ static int ath10k_mac_init_rd(struct ath
return 0;
}
int ath10k_mac_register(struct ath10k *ar)
{
static const u32 cipher_suites[] = {
-@@ -10172,6 +10187,12 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10195,6 +10210,12 @@ int ath10k_mac_register(struct ath10k *a
ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
static const struct wmi_peer_flags_map wmi_tlv_peer_flags_map = {
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
-@@ -7468,6 +7468,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
+@@ -7472,6 +7472,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
return skb;
}
static struct sk_buff *
ath10k_wmi_op_gen_set_psmode(struct ath10k *ar, u32 vdev_id,
enum wmi_sta_ps_mode psmode)
-@@ -9156,6 +9199,9 @@ static const struct wmi_ops wmi_ops = {
+@@ -9160,6 +9203,9 @@ static const struct wmi_ops wmi_ops = {
.fw_stats_fill = ath10k_wmi_main_op_fw_stats_fill,
.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
.gen_echo = ath10k_wmi_op_gen_echo,
/* .gen_bcn_tmpl not implemented */
/* .gen_prb_tmpl not implemented */
/* .gen_p2p_go_bcn_ie not implemented */
-@@ -9226,6 +9272,8 @@ static const struct wmi_ops wmi_10_1_ops
+@@ -9230,6 +9276,8 @@ static const struct wmi_ops wmi_10_1_ops
.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
.gen_echo = ath10k_wmi_op_gen_echo,
/* .gen_bcn_tmpl not implemented */
/* .gen_prb_tmpl not implemented */
/* .gen_p2p_go_bcn_ie not implemented */
-@@ -9298,6 +9346,8 @@ static const struct wmi_ops wmi_10_2_ops
+@@ -9302,6 +9350,8 @@ static const struct wmi_ops wmi_10_2_ops
.gen_delba_send = ath10k_wmi_op_gen_delba_send,
.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
/* .gen_pdev_enable_adaptive_cca not implemented */
};
-@@ -9369,6 +9419,8 @@ static const struct wmi_ops wmi_10_2_4_o
+@@ -9373,6 +9423,8 @@ static const struct wmi_ops wmi_10_2_4_o
ath10k_wmi_op_gen_pdev_enable_adaptive_cca,
.get_vdev_subtype = ath10k_wmi_10_2_4_op_get_vdev_subtype,
.gen_bb_timing = ath10k_wmi_10_2_4_op_gen_bb_timing,
/* .gen_bcn_tmpl not implemented */
/* .gen_prb_tmpl not implemented */
/* .gen_p2p_go_bcn_ie not implemented */
-@@ -9450,6 +9502,8 @@ static const struct wmi_ops wmi_10_4_ops
+@@ -9454,6 +9506,8 @@ static const struct wmi_ops wmi_10_4_ops
.gen_pdev_bss_chan_info_req = ath10k_wmi_10_2_op_gen_pdev_bss_chan_info,
.gen_echo = ath10k_wmi_op_gen_echo,
.gen_pdev_get_tpc_config = ath10k_wmi_10_2_4_op_gen_pdev_get_tpc_config,
int ath10k_wmi_attach(struct ath10k *ar)
--- a/drivers/net/wireless/ath/ath10k/wmi.h
+++ b/drivers/net/wireless/ath/ath10k/wmi.h
-@@ -3027,6 +3027,41 @@ enum wmi_10_4_feature_mask {
+@@ -3030,6 +3030,41 @@ enum wmi_10_4_feature_mask {
};
if (ret)
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -10189,7 +10189,7 @@ int ath10k_mac_register(struct ath10k *a
+@@ -10212,7 +10212,7 @@ int ath10k_mac_register(struct ath10k *a
ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
#ifdef CPTCFG_MAC80211_LEDS
+++ /dev/null
-From: Sven Eckelmann <seckelmann@datto.com>
-Date: Tue, 11 Jun 2019 13:58:35 +0200
-Subject: ath10k: fix max antenna gain unit
-
-Most of the txpower for the ath10k firmware is stored as twicepower (0.5 dB
-steps). This isn't the case for max_antenna_gain - which is still expected
-by the firmware as dB.
-
-The firmware is converting it from dB to the internal (twicepower)
-representation when it calculates the limits of a channel. This can be seen
-in tpc_stats when configuring "12" as max_antenna_gain. Instead of the
-expected 12 (6 dB), the tpc_stats shows 24 (12 dB).
-
-Tested on QCA9888 and IPQ4019 with firmware 10.4-3.5.3-00057.
-
-Fixes: 02256930d9b8 ("ath10k: use proper tx power unit")
-Signed-off-by: Sven Eckelmann <seckelmann@datto.com>
-
-Forwarded: https://patchwork.kernel.org/patch/10986723/
-
---- a/drivers/net/wireless/ath/ath10k/mac.c
-+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -1049,7 +1049,7 @@ static int ath10k_monitor_vdev_start(str
- arg.channel.min_power = 0;
- arg.channel.max_power = channel->max_power * 2;
- arg.channel.max_reg_power = channel->max_reg_power * 2;
-- arg.channel.max_antenna_gain = channel->max_antenna_gain * 2;
-+ arg.channel.max_antenna_gain = channel->max_antenna_gain;
-
- reinit_completion(&ar->vdev_setup_done);
- reinit_completion(&ar->vdev_delete_done);
-@@ -1495,7 +1495,7 @@ static int ath10k_vdev_start_restart(str
- arg.channel.min_power = 0;
- arg.channel.max_power = chandef->chan->max_power * 2;
- arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
-- arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain * 2;
-+ arg.channel.max_antenna_gain = chandef->chan->max_antenna_gain;
-
- if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
- arg.ssid = arvif->u.ap.ssid;
-@@ -3423,7 +3423,7 @@ static int ath10k_update_channel_list(st
- ch->min_power = 0;
- ch->max_power = channel->max_power * 2;
- ch->max_reg_power = channel->max_reg_power * 2;
-- ch->max_antenna_gain = channel->max_antenna_gain * 2;
-+ ch->max_antenna_gain = channel->max_antenna_gain;
- ch->reg_class_id = 0; /* FIXME */
-
- /* FIXME: why use only legacy modes, why not any
--- a/drivers/net/wireless/ath/ath10k/mac.c
+++ b/drivers/net/wireless/ath/ath10k/mac.c
-@@ -1017,6 +1017,40 @@ static inline int ath10k_vdev_setup_sync
+@@ -1021,6 +1021,40 @@ static inline int ath10k_vdev_setup_sync
return ar->last_wmi_vdev_start_status;
}
static int ath10k_monitor_vdev_start(struct ath10k *ar, int vdev_id)
{
struct cfg80211_chan_def *chandef = NULL;
-@@ -1049,7 +1083,8 @@ static int ath10k_monitor_vdev_start(str
+@@ -1053,7 +1087,8 @@ static int ath10k_monitor_vdev_start(str
arg.channel.min_power = 0;
arg.channel.max_power = channel->max_power * 2;
arg.channel.max_reg_power = channel->max_reg_power * 2;
reinit_completion(&ar->vdev_setup_done);
reinit_completion(&ar->vdev_delete_done);
-@@ -1495,7 +1530,8 @@ static int ath10k_vdev_start_restart(str
+@@ -1499,7 +1534,8 @@ static int ath10k_vdev_start_restart(str
arg.channel.min_power = 0;
arg.channel.max_power = chandef->chan->max_power * 2;
arg.channel.max_reg_power = chandef->chan->max_reg_power * 2;
if (arvif->vdev_type == WMI_VDEV_TYPE_AP) {
arg.ssid = arvif->u.ap.ssid;
-@@ -3423,7 +3459,8 @@ static int ath10k_update_channel_list(st
+@@ -3427,7 +3463,8 @@ static int ath10k_update_channel_list(st
ch->min_power = 0;
ch->max_power = channel->max_power * 2;
ch->max_reg_power = channel->max_reg_power * 2;
REG_SET_BIT(ah, AR_BTCOEX_WL_LNADIV, AR_BTCOEX_WL_LNADIV_FORCE_ON);
--- a/drivers/net/wireless/ath/ath9k/main.c
+++ b/drivers/net/wireless/ath/ath9k/main.c
-@@ -536,6 +536,11 @@ irqreturn_t ath_isr(int irq, void *dev)
- if (test_bit(ATH_OP_HW_RESET, &common->op_flags))
+@@ -538,6 +538,11 @@ irqreturn_t ath_isr(int irq, void *dev)
return IRQ_HANDLED;
+ }
+ if (test_bit(ATH_DIAG_TRIGGER_ERROR, &ah->diag)) {
+ status |= ATH9K_INT_FATAL;
static void ath9k_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
u32 queues, bool drop);
-@@ -657,6 +658,7 @@ void ath_reset_work(struct work_struct *
+@@ -659,6 +660,7 @@ void ath_reset_work(struct work_struct *
static int ath9k_start(struct ieee80211_hw *hw)
{
struct ath_softc *sc = hw->priv;
struct ath_hw *ah = sc->sc_ah;
struct ath_common *common = ath9k_hw_common(ah);
struct ieee80211_channel *curchan = sc->cur_chan->chandef.chan;
-@@ -735,6 +737,11 @@ static int ath9k_start(struct ieee80211_
+@@ -737,6 +739,11 @@ static int ath9k_start(struct ieee80211_
AR_GPIO_OUTPUT_MUX_AS_OUTPUT);
}
+++ /dev/null
-From d49395058c6bd4fb7b8bcc5ff7b4d7fbd9b6f97b Mon Sep 17 00:00:00 2001
-From: Hauke Mehrtens <hauke@hauke-m.de>
-Date: Sun, 24 Oct 2021 14:49:55 +0200
-Subject: [PATCH] headers: Add devm_platform_get_and_ioremap_resource()
-
-This function is copied from kernel 5.7 and used by mt76, ath10k and
-ath11k. devm_platform_ioremap_resource() was changed to make sue of
-this new function.
-
-Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
----
- .../backport-include/linux/platform_device.h | 45 ++++++++++++++++---
- 1 file changed, 38 insertions(+), 7 deletions(-)
-
---- a/backport-include/linux/platform_device.h
-+++ b/backport-include/linux/platform_device.h
-@@ -33,7 +33,39 @@ module_exit(__platform_driver##_exit);
- platform_driver_unregister)
- #endif
-
-+#if LINUX_VERSION_IS_LESS(5,7,0)
-+#ifdef CONFIG_HAS_IOMEM
-+#define devm_platform_get_and_ioremap_resource LINUX_BACKPORT(devm_platform_get_and_ioremap_resource)
-+/**
-+ * devm_platform_get_and_ioremap_resource - call devm_ioremap_resource() for a
-+ * platform device and get resource
-+ *
-+ * @pdev: platform device to use both for memory resource lookup as well as
-+ * resource management
-+ * @index: resource index
-+ * @res: optional output parameter to store a pointer to the obtained resource.
-+ *
-+ * Return: a pointer to the remapped memory or an ERR_PTR() encoded error code
-+ * on failure.
-+ */
-+static inline void __iomem *
-+devm_platform_get_and_ioremap_resource(struct platform_device *pdev,
-+ unsigned int index, struct resource **res)
-+{
-+ struct resource *r;
-+
-+ r = platform_get_resource(pdev, IORESOURCE_MEM, index);
-+ if (res)
-+ *res = r;
-+ return devm_ioremap_resource(&pdev->dev, r);
-+}
-+#endif /* CONFIG_HAS_IOMEM */
-+#endif /* < 5.7 */
-+
- #if LINUX_VERSION_IS_LESS(5,1,0)
-+
-+#ifdef CONFIG_HAS_IOMEM
-+#define devm_platform_ioremap_resource LINUX_BACKPORT(devm_platform_ioremap_resource)
- /**
- * devm_platform_ioremap_resource - call devm_ioremap_resource() for a platform
- * device
-@@ -41,16 +73,15 @@ module_exit(__platform_driver##_exit);
- * @pdev: platform device to use both for memory resource lookup as well as
- * resource management
- * @index: resource index
-+ *
-+ * Return: a pointer to the remapped memory or an ERR_PTR() encoded error code
-+ * on failure.
- */
--#ifdef CONFIG_HAS_IOMEM
--#define devm_platform_ioremap_resource LINUX_BACKPORT(devm_platform_ioremap_resource)
--static inline void __iomem *devm_platform_ioremap_resource(struct platform_device *pdev,
-+static inline void __iomem *
-+devm_platform_ioremap_resource(struct platform_device *pdev,
- unsigned int index)
- {
-- struct resource *res;
--
-- res = platform_get_resource(pdev, IORESOURCE_MEM, index);
-- return devm_ioremap_resource(&pdev->dev, res);
-+ return devm_platform_get_and_ioremap_resource(pdev, index, NULL);
- }
- #endif /* CONFIG_HAS_IOMEM */
- #endif
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -1314,7 +1314,6 @@ static int ieee80211_stop_ap(struct wiph
+@@ -1316,7 +1316,6 @@ static int ieee80211_stop_ap(struct wiph
sdata->vif.bss_conf.ftmr_params = NULL;
__sta_info_flush(sdata, true);
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -2495,7 +2495,7 @@ static int ieee80211_scan(struct wiphy *
+@@ -2497,7 +2497,7 @@ static int ieee80211_scan(struct wiphy *
* the frames sent while scanning on other channel will be
* lost)
*/
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Wed, 10 Nov 2021 22:17:13 +0100
-Subject: [PATCH] mac80211: drop check for DONT_REORDER in
- __ieee80211_select_queue
-
-When __ieee80211_select_queue is called, skb->cb has not been cleared yet,
-which means that info->control.flags can contain garbage.
-In some cases this leads to IEEE80211_TX_CTRL_DONT_REORDER being set, causing
-packets marked for other queues to randomly end up in BE instead.
-
-This flag only needs to be checked in ieee80211_select_queue_80211, since
-the radiotap parser is the only piece of code that sets it
-
-Fixes: 66d06c84730c ("mac80211: adhere to Tx control flag that prevents frame reordering")
-Cc: stable@vger.kernel.org
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/net/mac80211/wme.c
-+++ b/net/mac80211/wme.c
-@@ -143,7 +143,6 @@ u16 ieee80211_select_queue_80211(struct
- u16 __ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
- struct sta_info *sta, struct sk_buff *skb)
- {
-- struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
- struct mac80211_qos_map *qos_map;
- bool qos;
-
-@@ -156,7 +155,7 @@ u16 __ieee80211_select_queue(struct ieee
- else
- qos = false;
-
-- if (!qos || (info->control.flags & IEEE80211_TX_CTRL_DONT_REORDER)) {
-+ if (!qos) {
- skb->priority = 0; /* required for correct WPA/11i MIC */
- return IEEE80211_AC_BE;
- }
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
-@@ -1825,15 +1825,15 @@ static int invoke_tx_handlers_late(struc
+@@ -1821,15 +1821,15 @@ static int invoke_tx_handlers_late(struc
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
ieee80211_tx_result res = TX_CONTINUE;
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
-@@ -2947,6 +2947,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
+@@ -2948,6 +2948,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
if (!fwd_skb)
goto out;
+++ /dev/null
-From: Xing Song <xing.song@mediatek.com>
-Date: Mon, 1 Nov 2021 10:46:57 +0800
-Subject: [PATCH] mac80211: do not access the IV when it was stripped
-
-ieee80211_get_keyid() will return false value if IV has been stripped,
-such as return 0 for IP/ARP frames due to LLC header, and return -EINVAL
-for disassociation frames due to its length... etc. Don't try to access
-it if it's not present.
-
-Signed-off-by: Xing Song <xing.song@mediatek.com>
-Link: https://lore.kernel.org/r/20211101024657.143026-1-xing.song@mediatek.com
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -1952,7 +1952,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_
- int keyid = rx->sta->ptk_idx;
- sta_ptk = rcu_dereference(rx->sta->ptk[keyid]);
-
-- if (ieee80211_has_protected(fc)) {
-+ if (ieee80211_has_protected(fc) &&
-+ !(status->flag & RX_FLAG_IV_STRIPPED)) {
- cs = rx->sta->cipher_scheme;
- keyid = ieee80211_get_keyid(rx->skb, cs);
-
+++ /dev/null
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Tue, 9 Nov 2021 10:02:04 +0100
-Subject: [PATCH] mac80211: fix radiotap header generation
-
-In commit 8c89f7b3d3f2 ("mac80211: Use flex-array for radiotap header
-bitmap") we accidentally pointed the position to the wrong place, so
-we overwrite a present bitmap, and thus cause all kinds of trouble.
-
-To see the issue, note that the previous code read:
-
- pos = (void *)(it_present + 1);
-
-The requirement now is that we need to calculate pos via it_optional,
-to not trigger the compiler hardening checks, as:
-
- pos = (void *)&rthdr->it_optional[...];
-
-Rewriting the original expression, we get (obviously, since that just
-adds "+ x - x" terms):
-
- pos = (void *)(it_present + 1 + rthdr->it_optional - rthdr->it_optional)
-
-and moving the "+ rthdr->it_optional" outside to be used as an array:
-
- pos = (void *)&rthdr->it_optional[it_present + 1 - rthdr->it_optional];
-
-The original is off by one, fix it.
-
-Cc: stable@vger.kernel.org
-Fixes: 8c89f7b3d3f2 ("mac80211: Use flex-array for radiotap header bitmap")
-Reported-by: Sid Hayn <sidhayn@gmail.com>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Tested-by: Sid Hayn <sidhayn@gmail.com>
-Reviewed-by: Kees Cook <keescook@chromium.org>
-Link: https://lore.kernel.org/r/20211109100203.c61007433ed6.I1dade57aba7de9c4f48d68249adbae62636fd98c@changeid
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -364,7 +364,7 @@ ieee80211_add_rx_radiotap_header(struct
- * the compiler to think we have walked past the end of the
- * struct member.
- */
-- pos = (void *)&rthdr->it_optional[it_present - rthdr->it_optional];
-+ pos = (void *)&rthdr->it_optional[it_present + 1 - rthdr->it_optional];
-
- /* the order of the following fields is important */
-
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
-@@ -629,21 +629,6 @@ static int wiphy_verify_combinations(str
+@@ -630,21 +630,6 @@ static int wiphy_verify_combinations(str
c->limits[j].max > 1))
return -EINVAL;
__NL80211_ATTR_AFTER_LAST,
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -2760,6 +2760,19 @@ static int ieee80211_get_tx_power(struct
+@@ -2764,6 +2764,19 @@ static int ieee80211_get_tx_power(struct
return 0;
}
static void ieee80211_rfkill_poll(struct wiphy *wiphy)
{
struct ieee80211_local *local = wiphy_priv(wiphy);
-@@ -4395,6 +4408,7 @@ const struct cfg80211_ops mac80211_confi
+@@ -4399,6 +4412,7 @@ const struct cfg80211_ops mac80211_confi
.set_wiphy_params = ieee80211_set_wiphy_params,
.set_tx_power = ieee80211_set_tx_power,
.get_tx_power = ieee80211_get_tx_power,
};
/* policy for the key attributes */
-@@ -3324,6 +3325,22 @@ static int nl80211_set_wiphy(struct sk_b
+@@ -3328,6 +3329,22 @@ static int nl80211_set_wiphy(struct sk_b
if (result)
goto out;
}