PKG_NAME:=mac80211
-PKG_VERSION:=6.1-rc8
-PKG_RELEASE:=3
+PKG_VERSION:=6.1.24
+PKG_RELEASE:=1
# PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.15.58/
PKG_SOURCE_URL:=http://mirror2.openwrt.org/sources/
-PKG_HASH:=7f3d96c2573183cd79d6a3ebe5e1b7b73c19d1326d443c85b69c4181f14e6e2b
+PKG_HASH:=5d39aca7e34c33cb9b3e366117b2e86841b7bdd37933679d6b1e61be6b150648
PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)
--- a/drivers/net/wireless/ath/ath10k/core.c
+++ b/drivers/net/wireless/ath/ath10k/core.c
-@@ -3500,6 +3500,16 @@ int ath10k_core_register(struct ath10k *
+@@ -3516,6 +3516,16 @@ int ath10k_core_register(struct ath10k *
queue_work(ar->workqueue, &ar->register_work);
.patch_load_addr = QCA988X_HW_2_0_PATCH_LOAD_ADDR,
.uart_pin = 7,
.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_ALL,
-@@ -144,6 +146,7 @@ static const struct ath10k_hw_params ath
+@@ -146,6 +148,7 @@ static const struct ath10k_hw_params ath
.dev_id = QCA9887_1_0_DEVICE_ID,
.bus = ATH10K_BUS_PCI,
.name = "qca9887 hw1.0",
.patch_load_addr = QCA9887_HW_1_0_PATCH_LOAD_ADDR,
.uart_pin = 7,
.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_ALL,
-@@ -379,6 +382,7 @@ static const struct ath10k_hw_params ath
+@@ -387,6 +390,7 @@ static const struct ath10k_hw_params ath
.dev_id = QCA99X0_2_0_DEVICE_ID,
.bus = ATH10K_BUS_PCI,
.name = "qca99x0 hw2.0",
.patch_load_addr = QCA99X0_HW_2_0_PATCH_LOAD_ADDR,
.uart_pin = 7,
.otp_exe_param = 0x00000700,
-@@ -424,6 +428,7 @@ static const struct ath10k_hw_params ath
+@@ -433,6 +437,7 @@ static const struct ath10k_hw_params ath
.dev_id = QCA9984_1_0_DEVICE_ID,
.bus = ATH10K_BUS_PCI,
.name = "qca9984/qca9994 hw1.0",
.patch_load_addr = QCA9984_HW_1_0_PATCH_LOAD_ADDR,
.uart_pin = 7,
.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_EACH,
-@@ -476,6 +481,7 @@ static const struct ath10k_hw_params ath
+@@ -486,6 +491,7 @@ static const struct ath10k_hw_params ath
.dev_id = QCA9888_2_0_DEVICE_ID,
.bus = ATH10K_BUS_PCI,
.name = "qca9888 hw2.0",
.patch_load_addr = QCA9888_HW_2_0_PATCH_LOAD_ADDR,
.uart_pin = 7,
.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_EACH,
-@@ -3215,6 +3221,10 @@ int ath10k_core_start(struct ath10k *ar,
+@@ -3231,6 +3237,10 @@ int ath10k_core_start(struct ath10k *ar,
goto err_hif_stop;
}
return 0;
err_hif_stop:
-@@ -3473,9 +3483,18 @@ static void ath10k_core_register_work(st
+@@ -3489,9 +3499,18 @@ static void ath10k_core_register_work(st
goto err_spectral_destroy;
}
err_spectral_destroy:
ath10k_spectral_destroy(ar);
err_debug_destroy:
-@@ -3521,6 +3540,8 @@ void ath10k_core_unregister(struct ath10
+@@ -3537,6 +3556,8 @@ void ath10k_core_unregister(struct ath10
if (!test_bit(ATH10K_FLAG_CORE_REGISTERED, &ar->dev_flags))
return;
#include <linux/property.h>
#include <linux/dmi.h>
#include <linux/ctype.h>
-@@ -3391,6 +3392,8 @@ static int ath10k_core_probe_fw(struct a
+@@ -3407,6 +3408,8 @@ static int ath10k_core_probe_fw(struct a
device_get_mac_address(ar->dev, ar->mac_addr);
ath11k_err(ab, "failed to reconfigure driver on crash recovery\n");
--- a/drivers/net/wireless/ath/ath11k/core.h
+++ b/drivers/net/wireless/ath/ath11k/core.h
-@@ -1157,6 +1157,7 @@ int ath11k_core_check_smbios(struct ath1
+@@ -1158,6 +1158,7 @@ int ath11k_core_check_smbios(struct ath1
void ath11k_core_halt(struct ath11k *ar);
int ath11k_core_resume(struct ath11k_base *ab);
int ath11k_core_suspend(struct ath11k_base *ab);
const char *filename);
--- a/drivers/net/wireless/ath/ath11k/qmi.c
+++ b/drivers/net/wireless/ath/ath11k/qmi.c
-@@ -3158,6 +3158,9 @@ static void ath11k_qmi_driver_event_work
+@@ -3164,6 +3164,9 @@ static void ath11k_qmi_driver_event_work
case ATH11K_QMI_EVENT_SERVER_EXIT:
set_bit(ATH11K_FLAG_CRASH_FLUSH, &ab->dev_flags);
set_bit(ATH11K_FLAG_RECOVERY, &ab->dev_flags);
+++ /dev/null
-From f74878433d5ade360447da5d92e9c2e535780d80 Mon Sep 17 00:00:00 2001
-From: Wen Gong <quic_wgong@quicinc.com>
-Date: Wed, 28 Sep 2022 03:38:32 -0400
-Subject: [PATCH] wifi: ath11k: fix warning in dma_free_coherent() of memory
- chunks while recovery
-
-Commit 26f3a021b37c ("ath11k: allocate smaller chunks of memory for
-firmware") and commit f6f92968e1e5 ("ath11k: qmi: try to allocate a
-big block of DMA memory first") change ath11k to allocate the memory
-chunks for target twice while wlan load. It fails for the 1st time
-because of large memory and then changed to allocate many small chunks
-for the 2nd time sometimes as below log.
-
-1st time failed:
-[10411.640620] ath11k_pci 0000:05:00.0: qmi firmware request memory request
-[10411.640625] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 6881280
-[10411.640630] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 3784704
-[10411.640658] ath11k_pci 0000:05:00.0: qmi dma allocation failed (6881280 B type 1), will try later with small size
-[10411.640671] ath11k_pci 0000:05:00.0: qmi delays mem_request 2
-[10411.640677] ath11k_pci 0000:05:00.0: qmi respond memory request delayed 1
-2nd time success:
-[10411.642004] ath11k_pci 0000:05:00.0: qmi firmware request memory request
-[10411.642008] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
-[10411.642012] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
-[10411.642014] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
-[10411.642016] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
-[10411.642018] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
-[10411.642020] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
-[10411.642022] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
-[10411.642024] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
-[10411.642027] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
-[10411.642029] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
-[10411.642031] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 458752
-[10411.642033] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 131072
-[10411.642035] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
-[10411.642037] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
-[10411.642039] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
-[10411.642041] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
-[10411.642043] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
-[10411.642045] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 524288
-[10411.642047] ath11k_pci 0000:05:00.0: qmi mem seg type 4 size 491520
-[10411.642049] ath11k_pci 0000:05:00.0: qmi mem seg type 1 size 524288
-
-And then commit 5962f370ce41 ("ath11k: Reuse the available memory after
-firmware reload") skip the ath11k_qmi_free_resource() which frees the
-memory chunks while recovery, after that, when run recovery test on
-WCN6855, a warning happened every time as below and finally leads fail
-for recovery.
-
-[ 159.570318] BUG: Bad page state in process kworker/u16:5 pfn:33300
-[ 159.570320] page:0000000096ffdbb9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33300
-[ 159.570324] flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)
-[ 159.570329] raw: 000fffffc0000000 0000000000000000 dead000000000122 0000000000000000
-[ 159.570332] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
-[ 159.570334] page dumped because: nonzero _refcount
-[ 159.570440] firewire_ohci syscopyarea sysfillrect psmouse sdhci_pci ahci sysimgblt firewire_core fb_sys_fops libahci crc_itu_t cqhci drm sdhci e1000e wmi video
-[ 159.570460] CPU: 2 PID: 217 Comm: kworker/u16:5 Kdump: loaded Tainted: G B 5.19.0-rc1-wt-ath+ #3
-[ 159.570465] Hardware name: LENOVO 418065C/418065C, BIOS 83ET63WW (1.33 ) 07/29/2011
-[ 159.570467] Workqueue: qmi_msg_handler qmi_data_ready_work [qmi_helpers]
-[ 159.570475] Call Trace:
-[ 159.570476] <TASK>
-[ 159.570478] dump_stack_lvl+0x49/0x5f
-[ 159.570486] dump_stack+0x10/0x12
-[ 159.570493] bad_page+0xab/0xf0
-[ 159.570502] check_free_page_bad+0x66/0x70
-[ 159.570511] __free_pages_ok+0x530/0x9a0
-[ 159.570517] ? __dev_printk+0x58/0x6b
-[ 159.570525] ? _dev_printk+0x56/0x72
-[ 159.570534] ? qmi_decode+0x119/0x470 [qmi_helpers]
-[ 159.570543] __free_pages+0x91/0xd0
-[ 159.570548] dma_free_contiguous+0x50/0x60
-[ 159.570556] dma_direct_free+0xe5/0x140
-[ 159.570564] dma_free_attrs+0x35/0x50
-[ 159.570570] ath11k_qmi_msg_mem_request_cb+0x2ae/0x3c0 [ath11k]
-[ 159.570620] qmi_invoke_handler+0xac/0xe0 [qmi_helpers]
-[ 159.570630] qmi_handle_message+0x6d/0x180 [qmi_helpers]
-[ 159.570643] qmi_data_ready_work+0x2ca/0x440 [qmi_helpers]
-[ 159.570656] process_one_work+0x227/0x440
-[ 159.570667] worker_thread+0x31/0x3d0
-[ 159.570676] ? process_one_work+0x440/0x440
-[ 159.570685] kthread+0xfe/0x130
-[ 159.570692] ? kthread_complete_and_exit+0x20/0x20
-[ 159.570701] ret_from_fork+0x22/0x30
-[ 159.570712] </TASK>
-
-The reason is because when wlan start to recovery, the type, size and
-count is not same for the 1st and 2nd QMI_WLFW_REQUEST_MEM_IND message,
-Then it leads the parameter size is not correct for the dma_free_coherent().
-For the chunk[1], the actual dma size is 524288 which allocate in the
-2nd time of the initial wlan load phase, and the size which pass to
-dma_free_coherent() is 3784704 which is got in the 1st time of recovery
-phase, then warning above happened.
-
-Change to use prev_size of struct target_mem_chunk for the paramter of
-dma_free_coherent() since prev_size is the real size of last load/recovery.
-Also change to check both type and size of struct target_mem_chunk to
-reuse the memory to avoid mismatch buffer size for target. Then the
-warning disappear and recovery success. When the 1st QMI_WLFW_REQUEST_MEM_IND
-for recovery arrived, the trunk[0] is freed in ath11k_qmi_alloc_target_mem_chunk()
-and then dma_alloc_coherent() failed caused by large size, and then
-trunk[1] is freed in ath11k_qmi_free_target_mem_chunk(), the left 18
-trunks will be reuse for the 2nd QMI_WLFW_REQUEST_MEM_IND message.
-
-Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
-
-Fixes: 5962f370ce41 ("ath11k: Reuse the available memory after firmware reload")
-Signed-off-by: Wen Gong <quic_wgong@quicinc.com>
-Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
-Link: https://lore.kernel.org/r/20220928073832.16251-1-quic_wgong@quicinc.com
----
- drivers/net/wireless/ath/ath11k/qmi.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/drivers/net/wireless/ath/ath11k/qmi.c
-+++ b/drivers/net/wireless/ath/ath11k/qmi.c
-@@ -1961,7 +1961,7 @@ static void ath11k_qmi_free_target_mem_c
- continue;
-
- dma_free_coherent(ab->dev,
-- ab->qmi.target_mem[i].size,
-+ ab->qmi.target_mem[i].prev_size,
- ab->qmi.target_mem[i].vaddr,
- ab->qmi.target_mem[i].paddr);
- ab->qmi.target_mem[i].vaddr = NULL;
-@@ -1982,12 +1982,12 @@ static int ath11k_qmi_alloc_target_mem_c
- * in such case, no need to allocate memory for FW again.
- */
- if (chunk->vaddr) {
-- if (chunk->prev_type == chunk->type ||
-+ if (chunk->prev_type == chunk->type &&
- chunk->prev_size == chunk->size)
- continue;
-
- /* cannot reuse the existing chunk */
-- dma_free_coherent(ab->dev, chunk->size,
-+ dma_free_coherent(ab->dev, chunk->prev_size,
- chunk->vaddr, chunk->paddr);
- chunk->vaddr = NULL;
- }
+++ /dev/null
-From 3ff51d7416ee1ea2d771051a0ffa1ec8be054768 Mon Sep 17 00:00:00 2001
-From: Aditya Kumar Singh <quic_adisi@quicinc.com>
-Date: Wed, 5 Oct 2022 15:24:30 +0530
-Subject: [PATCH 6/9] wifi: ath11k: fix firmware assert during bandwidth change
- for peer sta
-
-Currently, ath11k sends peer assoc command for each peer to
-firmware when bandwidth changes. Peer assoc command is a
-bulky command and if many clients are connected, this could
-lead to firmware buffer getting overflowed leading to a firmware
-assert.
-
-However, during bandwidth change, only phymode and bandwidth
-also can be updated by WMI set peer param command. This makes
-the overall command light when compared to peer assoc and for
-multi-client cases, firmware buffer overflow also does not
-occur.
-
-Remove sending peer assoc command during sta bandwidth change
-and instead add sending WMI set peer param command for phymode
-and bandwidth.
-
-Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.5.0.1-01100-QCAHKSWPL_SILICONZ-1
-
-Fixes: f187fe8e3bc65 ("ath11k: fix firmware crash during channel switch")
-Signed-off-by: Aditya Kumar Singh <quic_adisi@quicinc.com>
-Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
-Link: https://lore.kernel.org/r/20221005095430.19890-1-quic_adisi@quicinc.com
----
- drivers/net/wireless/ath/ath11k/core.h | 2 +
- drivers/net/wireless/ath/ath11k/mac.c | 122 +++++++++++++++++--------
- 2 files changed, 87 insertions(+), 37 deletions(-)
-
---- a/drivers/net/wireless/ath/ath11k/core.h
-+++ b/drivers/net/wireless/ath/ath11k/core.h
-@@ -505,6 +505,8 @@ struct ath11k_sta {
- u64 ps_start_jiffies;
- u64 ps_total_duration;
- bool peer_current_ps_valid;
-+
-+ u32 bw_prev;
- };
-
- #define ATH11K_MIN_5G_FREQ 4150
---- a/drivers/net/wireless/ath/ath11k/mac.c
-+++ b/drivers/net/wireless/ath/ath11k/mac.c
-@@ -4215,10 +4215,11 @@ static void ath11k_sta_rc_update_wk(stru
- const u8 *ht_mcs_mask;
- const u16 *vht_mcs_mask;
- const u16 *he_mcs_mask;
-- u32 changed, bw, nss, smps;
-+ u32 changed, bw, nss, smps, bw_prev;
- int err, num_vht_rates, num_he_rates;
- const struct cfg80211_bitrate_mask *mask;
- struct peer_assoc_params peer_arg;
-+ enum wmi_phy_mode peer_phymode;
-
- arsta = container_of(wk, struct ath11k_sta, update_wk);
- sta = container_of((void *)arsta, struct ieee80211_sta, drv_priv);
-@@ -4239,6 +4240,7 @@ static void ath11k_sta_rc_update_wk(stru
- arsta->changed = 0;
-
- bw = arsta->bw;
-+ bw_prev = arsta->bw_prev;
- nss = arsta->nss;
- smps = arsta->smps;
-
-@@ -4252,26 +4254,57 @@ static void ath11k_sta_rc_update_wk(stru
- ath11k_mac_max_he_nss(he_mcs_mask)));
-
- if (changed & IEEE80211_RC_BW_CHANGED) {
-- /* Send peer assoc command before set peer bandwidth param to
-- * avoid the mismatch between the peer phymode and the peer
-- * bandwidth.
-- */
-- ath11k_peer_assoc_prepare(ar, arvif->vif, sta, &peer_arg, true);
-+ /* Get the peer phymode */
-+ ath11k_peer_assoc_h_phymode(ar, arvif->vif, sta, &peer_arg);
-+ peer_phymode = peer_arg.peer_phymode;
-+
-+ ath11k_dbg(ar->ab, ATH11K_DBG_MAC, "mac update sta %pM peer bw %d phymode %d\n",
-+ sta->addr, bw, peer_phymode);
-+
-+ if (bw > bw_prev) {
-+ /* BW is upgraded. In this case we send WMI_PEER_PHYMODE
-+ * followed by WMI_PEER_CHWIDTH
-+ */
-+ ath11k_dbg(ar->ab, ATH11K_DBG_MAC, "mac BW upgrade for sta %pM new BW %d, old BW %d\n",
-+ sta->addr, bw, bw_prev);
-+
-+ err = ath11k_wmi_set_peer_param(ar, sta->addr, arvif->vdev_id,
-+ WMI_PEER_PHYMODE, peer_phymode);
-+
-+ if (err) {
-+ ath11k_warn(ar->ab, "failed to update STA %pM peer phymode %d: %d\n",
-+ sta->addr, peer_phymode, err);
-+ goto err_rc_bw_changed;
-+ }
-
-- peer_arg.is_assoc = false;
-- err = ath11k_wmi_send_peer_assoc_cmd(ar, &peer_arg);
-- if (err) {
-- ath11k_warn(ar->ab, "failed to send peer assoc for STA %pM vdev %i: %d\n",
-- sta->addr, arvif->vdev_id, err);
-- } else if (wait_for_completion_timeout(&ar->peer_assoc_done, 1 * HZ)) {
- err = ath11k_wmi_set_peer_param(ar, sta->addr, arvif->vdev_id,
- WMI_PEER_CHWIDTH, bw);
-+
- if (err)
- ath11k_warn(ar->ab, "failed to update STA %pM peer bw %d: %d\n",
- sta->addr, bw, err);
- } else {
-- ath11k_warn(ar->ab, "failed to get peer assoc conf event for %pM vdev %i\n",
-- sta->addr, arvif->vdev_id);
-+ /* BW is downgraded. In this case we send WMI_PEER_CHWIDTH
-+ * followed by WMI_PEER_PHYMODE
-+ */
-+ ath11k_dbg(ar->ab, ATH11K_DBG_MAC, "mac BW downgrade for sta %pM new BW %d,old BW %d\n",
-+ sta->addr, bw, bw_prev);
-+
-+ err = ath11k_wmi_set_peer_param(ar, sta->addr, arvif->vdev_id,
-+ WMI_PEER_CHWIDTH, bw);
-+
-+ if (err) {
-+ ath11k_warn(ar->ab, "failed to update STA %pM peer bw %d: %d\n",
-+ sta->addr, bw, err);
-+ goto err_rc_bw_changed;
-+ }
-+
-+ err = ath11k_wmi_set_peer_param(ar, sta->addr, arvif->vdev_id,
-+ WMI_PEER_PHYMODE, peer_phymode);
-+
-+ if (err)
-+ ath11k_warn(ar->ab, "failed to update STA %pM peer phymode %d: %d\n",
-+ sta->addr, peer_phymode, err);
- }
- }
-
-@@ -4352,6 +4385,7 @@ static void ath11k_sta_rc_update_wk(stru
- }
- }
-
-+err_rc_bw_changed:
- mutex_unlock(&ar->conf_mutex);
- }
-
-@@ -4505,6 +4539,34 @@ exit:
- return ret;
- }
-
-+static u32 ath11k_mac_ieee80211_sta_bw_to_wmi(struct ath11k *ar,
-+ struct ieee80211_sta *sta)
-+{
-+ u32 bw = WMI_PEER_CHWIDTH_20MHZ;
-+
-+ switch (sta->deflink.bandwidth) {
-+ case IEEE80211_STA_RX_BW_20:
-+ bw = WMI_PEER_CHWIDTH_20MHZ;
-+ break;
-+ case IEEE80211_STA_RX_BW_40:
-+ bw = WMI_PEER_CHWIDTH_40MHZ;
-+ break;
-+ case IEEE80211_STA_RX_BW_80:
-+ bw = WMI_PEER_CHWIDTH_80MHZ;
-+ break;
-+ case IEEE80211_STA_RX_BW_160:
-+ bw = WMI_PEER_CHWIDTH_160MHZ;
-+ break;
-+ default:
-+ ath11k_warn(ar->ab, "Invalid bandwidth %d for %pM\n",
-+ sta->deflink.bandwidth, sta->addr);
-+ bw = WMI_PEER_CHWIDTH_20MHZ;
-+ break;
-+ }
-+
-+ return bw;
-+}
-+
- static int ath11k_mac_op_sta_state(struct ieee80211_hw *hw,
- struct ieee80211_vif *vif,
- struct ieee80211_sta *sta,
-@@ -4590,6 +4652,12 @@ static int ath11k_mac_op_sta_state(struc
- if (ret)
- ath11k_warn(ar->ab, "Failed to associate station: %pM\n",
- sta->addr);
-+
-+ spin_lock_bh(&ar->data_lock);
-+ /* Set arsta bw and prev bw */
-+ arsta->bw = ath11k_mac_ieee80211_sta_bw_to_wmi(ar, sta);
-+ arsta->bw_prev = arsta->bw;
-+ spin_unlock_bh(&ar->data_lock);
- } else if (old_state == IEEE80211_STA_ASSOC &&
- new_state == IEEE80211_STA_AUTHORIZED) {
- spin_lock_bh(&ar->ab->base_lock);
-@@ -4713,28 +4781,8 @@ static void ath11k_mac_op_sta_rc_update(
- spin_lock_bh(&ar->data_lock);
-
- if (changed & IEEE80211_RC_BW_CHANGED) {
-- bw = WMI_PEER_CHWIDTH_20MHZ;
--
-- switch (sta->deflink.bandwidth) {
-- case IEEE80211_STA_RX_BW_20:
-- bw = WMI_PEER_CHWIDTH_20MHZ;
-- break;
-- case IEEE80211_STA_RX_BW_40:
-- bw = WMI_PEER_CHWIDTH_40MHZ;
-- break;
-- case IEEE80211_STA_RX_BW_80:
-- bw = WMI_PEER_CHWIDTH_80MHZ;
-- break;
-- case IEEE80211_STA_RX_BW_160:
-- bw = WMI_PEER_CHWIDTH_160MHZ;
-- break;
-- default:
-- ath11k_warn(ar->ab, "Invalid bandwidth %d in rc update for %pM\n",
-- sta->deflink.bandwidth, sta->addr);
-- bw = WMI_PEER_CHWIDTH_20MHZ;
-- break;
-- }
--
-+ bw = ath11k_mac_ieee80211_sta_bw_to_wmi(ar, sta);
-+ arsta->bw_prev = arsta->bw;
- arsta->bw = bw;
- }
-
+++ /dev/null
-From 3f9b09ccf7d5f23066b02881a737bee42def9d1a Mon Sep 17 00:00:00 2001
-From: Baochen Qiang <quic_bqiang@quicinc.com>
-Date: Mon, 10 Oct 2022 11:32:37 +0800
-Subject: [PATCH 9/9] wifi: ath11k: Send PME message during wakeup from D3cold
-
-We are seeing system stuck on some specific platforms due to
-WLAN chip fails to wakeup from D3cold state.
-
-With this flag, firmware will send PME message during wakeup
-and this issue is gone.
-
-Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
-
-Signed-off-by: Baochen Qiang <quic_bqiang@quicinc.com>
-Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
-Link: https://lore.kernel.org/r/20221010033237.415478-1-quic_bqiang@quicinc.com
----
- drivers/net/wireless/ath/ath11k/qmi.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/drivers/net/wireless/ath/ath11k/qmi.c
-+++ b/drivers/net/wireless/ath/ath11k/qmi.c
-@@ -19,6 +19,7 @@
- #define SLEEP_CLOCK_SELECT_INTERNAL_BIT 0x02
- #define HOST_CSTATE_BIT 0x04
- #define PLATFORM_CAP_PCIE_GLOBAL_RESET 0x08
-+#define PLATFORM_CAP_PCIE_PME_D3COLD 0x10
-
- #define FW_BUILD_ID_MASK "QC_IMAGE_VERSION_STRING="
-
-@@ -1752,6 +1753,8 @@ static int ath11k_qmi_host_cap_send(stru
- if (ab->hw_params.global_reset)
- req.nm_modem |= PLATFORM_CAP_PCIE_GLOBAL_RESET;
-
-+ req.nm_modem |= PLATFORM_CAP_PCIE_PME_D3COLD;
-+
- ath11k_dbg(ab, ATH11K_DBG_QMI, "qmi host cap request\n");
-
- ret = qmi_txn_init(&ab->qmi.handle, &txn,
--- a/drivers/net/wireless/ath/ath11k/qmi.c
+++ b/drivers/net/wireless/ath/ath11k/qmi.c
-@@ -3090,6 +3090,9 @@ static const struct qmi_msg_handler ath1
- sizeof(struct qmi_wlfw_fw_init_done_ind_msg_v01),
- .fn = ath11k_qmi_msg_fw_init_done_cb,
+@@ -1702,6 +1702,9 @@ static struct qmi_elem_info qmi_wlfw_fw_
+ .data_type = QMI_EOTI,
+ .array_type = NO_ARRAY,
},
+
+ /* end of list */
+ {},
};
- static int ath11k_qmi_ops_new_server(struct qmi_handle *qmi_hdl,
+ static int ath11k_qmi_host_cap_send(struct ath11k_base *ab)
.rx_mac_buf_ring = false,
--- a/drivers/net/wireless/ath/ath11k/core.h
+++ b/drivers/net/wireless/ath/ath11k/core.h
-@@ -1146,6 +1146,9 @@ extern const struct service_to_pipe ath1
+@@ -1145,6 +1145,9 @@ extern const struct service_to_pipe ath1
extern const struct ce_pipe_config ath11k_target_ce_config_wlan_qca6390[];
extern const struct service_to_pipe ath11k_target_service_to_ce_map_wlan_qca6390[];
+++ /dev/null
-From 950b43f8bd8a4d476d2da6d2a083a89bcd3c90d7 Mon Sep 17 00:00:00 2001
-From: Nagarajan Maran <quic_nmaran@quicinc.com>
-Date: Tue, 29 Nov 2022 19:55:32 +0530
-Subject: [PATCH] wifi: ath11k: fix monitor mode bringup crash
-
-When the interface is brought up in monitor mode, it leads
-to NULL pointer dereference crash. This crash happens when
-the packet type is extracted for a SKB. This extraction
-which is present in the received msdu delivery path,is
-not needed for the monitor ring packets since they are
-all RAW packets. Hence appending the flags with
-"RX_FLAG_ONLY_MONITOR" to skip that extraction.
-
-Observed calltrace:
-
-Unable to handle kernel NULL pointer dereference at virtual address
-0000000000000064
-Mem abort info:
- ESR = 0x0000000096000004
- EC = 0x25: DABT (current EL), IL = 32 bits
- SET = 0, FnV = 0
- EA = 0, S1PTW = 0
- FSC = 0x04: level 0 translation fault
-Data abort info:
- ISV = 0, ISS = 0x00000004
- CM = 0, WnR = 0
-user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048517000
-[0000000000000064] pgd=0000000000000000, p4d=0000000000000000
-Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
-Modules linked in: ath11k_pci ath11k qmi_helpers
-CPU: 2 PID: 1781 Comm: napi/-271 Not tainted
-6.1.0-rc5-wt-ath-656295-gef907406320c-dirty #6
-Hardware name: Qualcomm Technologies, Inc. IPQ8074/AP-HK10-C2 (DT)
-pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
-pc : ath11k_hw_qcn9074_rx_desc_get_decap_type+0x34/0x60 [ath11k]
-lr : ath11k_hw_qcn9074_rx_desc_get_decap_type+0x5c/0x60 [ath11k]
-sp : ffff80000ef5bb10
-x29: ffff80000ef5bb10 x28: 0000000000000000 x27: ffff000007baafa0
-x26: ffff000014a91ed0 x25: 0000000000000000 x24: 0000000000000000
-x23: ffff800002b77378 x22: ffff000014a91ec0 x21: ffff000006c8d600
-x20: 0000000000000000 x19: ffff800002b77740 x18: 0000000000000006
-x17: 736564203634343a x16: 656e694c20657079 x15: 0000000000000143
-x14: 00000000ffffffea x13: ffff80000ef5b8b8 x12: ffff80000ef5b8c8
-x11: ffff80000a591d30 x10: ffff80000a579d40 x9 : c0000000ffffefff
-x8 : 0000000000000003 x7 : 0000000000017fe8 x6 : ffff80000a579ce8
-x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
-x2 : 3a35ec12ed7f8900 x1 : 0000000000000000 x0 : 0000000000000052
-Call trace:
- ath11k_hw_qcn9074_rx_desc_get_decap_type+0x34/0x60 [ath11k]
- ath11k_dp_rx_deliver_msdu.isra.42+0xa4/0x3d0 [ath11k]
- ath11k_dp_rx_mon_deliver.isra.43+0x2f8/0x458 [ath11k]
- ath11k_dp_rx_process_mon_rings+0x310/0x4c0 [ath11k]
- ath11k_dp_service_srng+0x234/0x338 [ath11k]
- ath11k_pcic_ext_grp_napi_poll+0x30/0xb8 [ath11k]
- __napi_poll+0x5c/0x190
- napi_threaded_poll+0xf0/0x118
- kthread+0xf4/0x110
- ret_from_fork+0x10/0x20
-
-Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
-Reported-by: Florian Schmidt <florian@fls.name>
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=216573
-Signed-off-by: Nagarajan Maran <quic_nmaran@quicinc.com>
-Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
-Link: https://lore.kernel.org/r/20221129142532.23421-1-quic_nmaran@quicinc.com
----
- drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/drivers/net/wireless/ath/ath11k/dp_rx.c
-+++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
-@@ -5022,6 +5022,7 @@ static int ath11k_dp_rx_mon_deliver(stru
- } else {
- rxs->flag |= RX_FLAG_ALLOW_SAME_PN;
- }
-+ rxs->flag |= RX_FLAG_ONLY_MONITOR;
- ath11k_update_radiotap(ar, ppduinfo, mon_skb, rxs);
-
- ath11k_dp_rx_deliver_msdu(ar, napi, mon_skb, rxs);
+++ /dev/null
-From 323d91d4684d238f6bc3693fed93caf795378fe0 Mon Sep 17 00:00:00 2001
-From: Kalle Valo <quic_kvalo@quicinc.com>
-Date: Thu, 22 Dec 2022 19:15:59 +0200
-Subject: [PATCH] wifi: ath11k: debugfs: fix to work with multiple PCI devices
-
-ath11k fails to load if there are multiple ath11k PCI devices with same name:
-
- ath11k_pci 0000:01:00.0: Hardware name qcn9074 hw1.0
- debugfs: Directory 'ath11k' with parent '/' already present!
- ath11k_pci 0000:01:00.0: failed to create ath11k debugfs
- ath11k_pci 0000:01:00.0: failed to create soc core: -17
- ath11k_pci 0000:01:00.0: failed to init core: -17
- ath11k_pci: probe of 0000:01:00.0 failed with error -17
-
-Fix this by creating a directory for each ath11k device using schema
-<bus>-<devname>, for example "pci-0000:06:00.0". This directory created under
-the top-level ath11k directory, for example /sys/kernel/debug/ath11k.
-
-The reference to the toplevel ath11k directory is not stored anymore within ath11k, instead
-it's retrieved using debugfs_lookup(). If the directory does not exist it will
-be created. After the last directory from the ath11k directory is removed, for
-example when doing rmmod ath11k, the empty ath11k directory is left in place,
-it's a minor cosmetic issue anyway.
-
-Here's an example hierarchy with one WCN6855:
-
-ath11k
-`-- pci-0000:06:00.0
- |-- mac0
- | |-- dfs_block_radar_events
- | |-- dfs_simulate_radar
- | |-- ext_rx_stats
- | |-- ext_tx_stats
- | |-- fw_dbglog_config
- | |-- fw_stats
- | | |-- beacon_stats
- | | |-- pdev_stats
- | | `-- vdev_stats
- | |-- htt_stats
- | |-- htt_stats_reset
- | |-- htt_stats_type
- | `-- pktlog_filter
- |-- simulate_fw_crash
- `-- soc_dp_stats
-
-I didn't have a test setup where I could connect multiple ath11k devices to the
-same the host, so I have only tested this with one device.
-
-Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.9
-Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
-Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
-
-Tested-by: Robert Marko <robert.marko@sartura.hr>
-Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
-Link: https://lore.kernel.org/r/20221220121231.20120-1-kvalo@kernel.org
----
- drivers/net/wireless/ath/ath11k/core.h | 1 -
- drivers/net/wireless/ath/ath11k/debugfs.c | 48 +++++++++++++++++++----
- 2 files changed, 40 insertions(+), 9 deletions(-)
-
---- a/drivers/net/wireless/ath/ath11k/core.h
-+++ b/drivers/net/wireless/ath/ath11k/core.h
-@@ -921,7 +921,6 @@ struct ath11k_base {
- enum ath11k_dfs_region dfs_region;
- #ifdef CPTCFG_ATH11K_DEBUGFS
- struct dentry *debugfs_soc;
-- struct dentry *debugfs_ath11k;
- #endif
- struct ath11k_soc_dp_stats soc_stats;
-
---- a/drivers/net/wireless/ath/ath11k/debugfs.c
-+++ b/drivers/net/wireless/ath/ath11k/debugfs.c
-@@ -976,10 +976,6 @@ int ath11k_debugfs_pdev_create(struct at
- if (test_bit(ATH11K_FLAG_REGISTERED, &ab->dev_flags))
- return 0;
-
-- ab->debugfs_soc = debugfs_create_dir(ab->hw_params.name, ab->debugfs_ath11k);
-- if (IS_ERR(ab->debugfs_soc))
-- return PTR_ERR(ab->debugfs_soc);
--
- debugfs_create_file("simulate_fw_crash", 0600, ab->debugfs_soc, ab,
- &fops_simulate_fw_crash);
-
-@@ -1001,15 +997,51 @@ void ath11k_debugfs_pdev_destroy(struct
-
- int ath11k_debugfs_soc_create(struct ath11k_base *ab)
- {
-- ab->debugfs_ath11k = debugfs_create_dir("ath11k", NULL);
-+ struct dentry *root;
-+ bool dput_needed;
-+ char name[64];
-+ int ret;
-+
-+ root = debugfs_lookup("ath11k", NULL);
-+ if (!root) {
-+ root = debugfs_create_dir("ath11k", NULL);
-+ if (IS_ERR_OR_NULL(root))
-+ return PTR_ERR(root);
-+
-+ dput_needed = false;
-+ } else {
-+ /* a dentry from lookup() needs dput() after we don't use it */
-+ dput_needed = true;
-+ }
-+
-+ scnprintf(name, sizeof(name), "%s-%s", ath11k_bus_str(ab->hif.bus),
-+ dev_name(ab->dev));
-+
-+ ab->debugfs_soc = debugfs_create_dir(name, root);
-+ if (IS_ERR_OR_NULL(ab->debugfs_soc)) {
-+ ret = PTR_ERR(ab->debugfs_soc);
-+ goto out;
-+ }
-+
-+ ret = 0;
-+
-+out:
-+ if (dput_needed)
-+ dput(root);
-
-- return PTR_ERR_OR_ZERO(ab->debugfs_ath11k);
-+ return ret;
- }
-
- void ath11k_debugfs_soc_destroy(struct ath11k_base *ab)
- {
-- debugfs_remove_recursive(ab->debugfs_ath11k);
-- ab->debugfs_ath11k = NULL;
-+ debugfs_remove_recursive(ab->debugfs_soc);
-+ ab->debugfs_soc = NULL;
-+
-+ /* We are not removing ath11k directory on purpose, even if it
-+ * would be empty. This simplifies the directory handling and it's
-+ * a minor cosmetic issue to leave an empty ath11k directory to
-+ * debugfs.
-+ */
- }
- EXPORT_SYMBOL(ath11k_debugfs_soc_destroy);
-
+++ /dev/null
-From ed3f83b3459a67a3ab9d806490ac304b567b1c2d Mon Sep 17 00:00:00 2001
-From: Miaoqian Lin <linmq006@gmail.com>
-Date: Mon, 2 Jan 2023 12:11:42 +0400
-Subject: [PATCH] wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
-
-crypto_alloc_shash() allocates resources, which should be released by
-crypto_free_shash(). When ath11k_peer_find() fails, there has memory
-leak. Add missing crypto_free_shash() to fix this.
-
-Fixes: 243874c64c81 ("ath11k: handle RX fragments")
-Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
-Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
-Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
-Link: https://lore.kernel.org/r/20230102081142.3937570-1-linmq006@gmail.com
----
- drivers/net/wireless/ath/ath11k/dp_rx.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/drivers/net/wireless/ath/ath11k/dp_rx.c
-+++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
-@@ -3126,6 +3126,7 @@ int ath11k_peer_rx_frag_setup(struct ath
- if (!peer) {
- ath11k_warn(ab, "failed to find the peer to set up fragment info\n");
- spin_unlock_bh(&ab->base_lock);
-+ crypto_free_shash(tfm);
- return -ENOENT;
- }
-
--- a/drivers/net/wireless/ath/ath11k/pci.c
+++ b/drivers/net/wireless/ath/ath11k/pci.c
-@@ -981,7 +981,7 @@ static __maybe_unused int ath11k_pci_pm_
+@@ -998,7 +998,7 @@ static __maybe_unused int ath11k_pci_pm_
if (ret)
- ath11k_warn(ab, "failed to suspend core: %d\n", ret);
+ ath11k_warn(ab, "failed to resume core: %d\n", ret);
- return ret;
+ return 0;
}
- static __maybe_unused int ath11k_pci_pm_resume(struct device *dev)
+ static SIMPLE_DEV_PM_OPS(ath11k_pci_pm_ops,
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -710,8 +710,36 @@ static struct wireless_dev *brcmf_cfg802
+@@ -713,8 +713,36 @@ static struct wireless_dev *brcmf_cfg802
struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
struct brcmf_pub *drvr = cfg->pub;
struct wireless_dev *wdev;
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
-@@ -2973,6 +2973,10 @@ brcmf_cfg80211_set_power_mgmt(struct wip
+@@ -2976,6 +2976,10 @@ brcmf_cfg80211_set_power_mgmt(struct wip
* preference in cfg struct to apply this to
* FW later while initializing the dongle
*/
void brcmf_of_probe(struct device *dev, enum brcmf_bus_type bus_type,
struct brcmf_mp_device *settings)
{
-@@ -105,6 +135,8 @@ void brcmf_of_probe(struct device *dev,
+@@ -106,6 +136,8 @@ void brcmf_of_probe(struct device *dev,
of_node_put(root);
}
#include "of.h"
static int brcmf_of_get_country_codes(struct device *dev,
-@@ -167,3 +168,38 @@ void brcmf_of_probe(struct device *dev,
+@@ -168,3 +169,38 @@ void brcmf_of_probe(struct device *dev,
sdio->oob_irq_nr = irq;
sdio->oob_irq_flags = irqf;
}
#define TXCTL_CREDITS 2
static void pkt_align(struct sk_buff *p, int len, int align)
-@@ -4192,6 +4196,9 @@ static const struct brcmf_bus_ops brcmf_
+@@ -4193,6 +4197,9 @@ static const struct brcmf_bus_ops brcmf_
#define BRCMF_SDIO_FW_NVRAM 1
#define BRCMF_SDIO_FW_CLM 2
static void brcmf_sdio_firmware_callback(struct device *dev, int err,
struct brcmf_fw_request *fwreq)
{
-@@ -4207,6 +4214,22 @@ static void brcmf_sdio_firmware_callback
+@@ -4208,6 +4215,22 @@ static void brcmf_sdio_firmware_callback
brcmf_dbg(TRACE, "Enter: dev=%s, err=%d\n", dev_name(dev), err);
if (err)
goto fail;
-@@ -4417,7 +4440,7 @@ brcmf_sdio_prepare_fw_request(struct brc
+@@ -4418,7 +4441,7 @@ brcmf_sdio_prepare_fw_request(struct brc
fwreq = brcmf_fw_alloc_request(bus->ci->chip, bus->ci->chiprev,
brcmf_sdio_fwnames,
fwnames, ARRAY_SIZE(fwnames));
if (!fwreq)
return NULL;
-@@ -4437,6 +4460,9 @@ struct brcmf_sdio *brcmf_sdio_probe(stru
+@@ -4438,6 +4461,9 @@ struct brcmf_sdio *brcmf_sdio_probe(stru
struct brcmf_sdio *bus;
struct workqueue_struct *wq;
struct brcmf_fw_request *fwreq;
brcmf_dbg(TRACE, "Enter\n");
-@@ -4519,6 +4545,21 @@ struct brcmf_sdio *brcmf_sdio_probe(stru
+@@ -4520,6 +4546,21 @@ struct brcmf_sdio *brcmf_sdio_probe(stru
brcmf_dbg(INFO, "completed!!\n");
};
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -17232,7 +17232,9 @@ static struct genl_family nl80211_fam __
+@@ -17233,7 +17233,9 @@ static struct genl_family nl80211_fam __
.n_ops = ARRAY_SIZE(nl80211_ops),
.small_ops = nl80211_small_ops,
.n_small_ops = ARRAY_SIZE(nl80211_small_ops),
--- a/backport-include/linux/skbuff.h
+++ b/backport-include/linux/skbuff.h
-@@ -140,4 +140,8 @@ static inline u64 skb_get_kcov_handle(st
- }
+@@ -144,4 +144,8 @@ static inline u64 skb_get_kcov_handle(st
+ #define napi_build_skb build_skb
#endif
+#if LINUX_VERSION_IS_LESS(5,11,0)
err_wiphy_new:
--- a/drivers/net/wireless/marvell/libertas/main.c
+++ b/drivers/net/wireless/marvell/libertas/main.c
-@@ -934,6 +934,7 @@ struct lbs_private *lbs_add_card(void *c
+@@ -935,6 +935,7 @@ struct lbs_private *lbs_add_card(void *c
goto err_adapter;
}
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -1512,7 +1512,6 @@ static int ieee80211_stop_ap(struct wiph
- link_conf->ftmr_params = NULL;
+@@ -1519,7 +1519,6 @@ static int ieee80211_stop_ap(struct wiph
+ link_conf->bssid_indicator = 0;
__sta_info_flush(sdata, true);
- ieee80211_free_keys(sdata, true);
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -2720,6 +2720,8 @@ static int ieee80211_scan(struct wiphy *
+@@ -2727,6 +2727,8 @@ static int ieee80211_scan(struct wiphy *
*/
fallthrough;
case NL80211_IFTYPE_AP:
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
-@@ -3976,7 +3976,7 @@ struct ieee80211_txq *ieee80211_next_txq
+@@ -3984,7 +3984,7 @@ struct ieee80211_txq *ieee80211_next_txq
if (deficit < 0)
sta->airtime[txqi->txq.ac].deficit +=
if (deficit < 0 || !aql_check) {
list_move_tail(&txqi->schedule_order,
-@@ -4119,7 +4119,8 @@ bool ieee80211_txq_may_transmit(struct i
+@@ -4127,7 +4127,8 @@ bool ieee80211_txq_may_transmit(struct i
}
sta = container_of(iter->txq.sta, struct sta_info, sta);
if (ieee80211_sta_deficit(sta, ac) < 0)
list_move_tail(&iter->schedule_order, &local->active_txqs[ac]);
}
-@@ -4127,7 +4128,7 @@ bool ieee80211_txq_may_transmit(struct i
+@@ -4135,7 +4136,7 @@ bool ieee80211_txq_may_transmit(struct i
if (sta->airtime[ac].deficit >= 0)
goto out;
*
* Drivers can optionally delegate responsibility for scheduling queues to
* mac80211, to take advantage of airtime fairness accounting. In this case, to
-@@ -1826,7 +1827,7 @@ struct ieee80211_vif_cfg {
- * for this interface.
- * @drv_priv: data area for driver use, will always be aligned to
- * sizeof(void \*).
-- * @txq: the multicast data TX queue (if driver uses the TXQ abstraction)
-+ * @txq: the multicast data TX queue
- * @txqs_stopped: per AC flag to indicate that intermediate TXQs are stopped,
- * protected by fq->lock.
- * @offload_flags: 802.3 -> 802.11 enapsulation offload flags, see
-@@ -2252,8 +2253,8 @@ struct ieee80211_link_sta {
+@@ -2248,8 +2249,8 @@ struct ieee80211_link_sta {
* For non MLO STA it will point to the deflink data. For MLO STA
* ieee80211_sta_recalc_aggregates() must be called to update it.
* @support_p2p_ps: indicates whether the STA supports P2P PS mechanism or not.
* @deflink: This holds the default link STA information, for non MLO STA all link
* specific STA information is accessed through @deflink or through
* link[0] which points to address of @deflink. For MLO Link STA
-@@ -5691,7 +5692,7 @@ void ieee80211_key_replay(struct ieee802
+@@ -5687,7 +5688,7 @@ void ieee80211_key_replay(struct ieee802
* @hw: pointer as obtained from ieee80211_alloc_hw().
* @queue: queue number (counted from zero).
*
*/
void ieee80211_wake_queue(struct ieee80211_hw *hw, int queue);
-@@ -5700,7 +5701,7 @@ void ieee80211_wake_queue(struct ieee802
+@@ -5696,7 +5697,7 @@ void ieee80211_wake_queue(struct ieee802
* @hw: pointer as obtained from ieee80211_alloc_hw().
* @queue: queue number (counted from zero).
*
*/
void ieee80211_stop_queue(struct ieee80211_hw *hw, int queue);
-@@ -5709,7 +5710,7 @@ void ieee80211_stop_queue(struct ieee802
+@@ -5705,7 +5706,7 @@ void ieee80211_stop_queue(struct ieee802
* @hw: pointer as obtained from ieee80211_alloc_hw().
* @queue: queue number (counted from zero).
*
*
* Return: %true if the queue is stopped. %false otherwise.
*/
-@@ -5720,7 +5721,7 @@ int ieee80211_queue_stopped(struct ieee8
+@@ -5716,7 +5717,7 @@ int ieee80211_queue_stopped(struct ieee8
* ieee80211_stop_queues - stop all queues
* @hw: pointer as obtained from ieee80211_alloc_hw().
*
*/
void ieee80211_stop_queues(struct ieee80211_hw *hw);
-@@ -5728,7 +5729,7 @@ void ieee80211_stop_queues(struct ieee80
+@@ -5724,7 +5725,7 @@ void ieee80211_stop_queues(struct ieee80
* ieee80211_wake_queues - wake all queues
* @hw: pointer as obtained from ieee80211_alloc_hw().
*
*/
void ieee80211_wake_queues(struct ieee80211_hw *hw);
-@@ -6950,6 +6951,18 @@ static inline struct sk_buff *ieee80211_
+@@ -6946,6 +6947,18 @@ static inline struct sk_buff *ieee80211_
}
/**
.add_interface = adm8211_add_interface,
--- a/drivers/net/wireless/ath/ar5523/ar5523.c
+++ b/drivers/net/wireless/ath/ar5523/ar5523.c
-@@ -1355,6 +1355,7 @@ static const struct ieee80211_ops ar5523
+@@ -1361,6 +1361,7 @@ static const struct ieee80211_ops ar5523
.start = ar5523_start,
.stop = ar5523_stop,
.tx = ar5523_tx,
.remove_interface = ar5523_remove_interface,
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
-@@ -8539,6 +8539,7 @@ err_fallback:
+@@ -8587,6 +8587,7 @@ err_fallback:
static const struct ieee80211_ops ath11k_ops = {
.tx = ath11k_mac_op_tx,
.add_interface = brcms_ops_add_interface,
--- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c
+++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c
-@@ -3435,6 +3435,7 @@ static const struct attribute_group il39
+@@ -3439,6 +3439,7 @@ static const struct attribute_group il39
static struct ieee80211_ops il3945_mac_ops __ro_after_init = {
.tx = il3945_mac_tx,
.add_interface = il_mac_add_interface,
--- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c
+++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c
-@@ -6304,6 +6304,7 @@ il4965_tx_queue_set_status(struct il_pri
+@@ -6308,6 +6308,7 @@ il4965_tx_queue_set_status(struct il_pri
static const struct ieee80211_ops il4965_mac_ops = {
.tx = il4965_mac_tx,
.add_interface = rtl8187_add_interface,
--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
+++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c
-@@ -6561,6 +6561,7 @@ static void rtl8xxxu_stop(struct ieee802
+@@ -6548,6 +6548,7 @@ static void rtl8xxxu_stop(struct ieee802
static const struct ieee80211_ops rtl8xxxu_ops = {
.tx = rtl8xxxu_tx,
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -4339,9 +4339,6 @@ static int ieee80211_get_txq_stats(struc
+@@ -4346,9 +4346,6 @@ static int ieee80211_get_txq_stats(struc
struct ieee80211_sub_if_data *sdata;
int ret = 0;
}
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
-@@ -1056,10 +1056,8 @@ void ieee80211_sta_debugfs_add(struct st
+@@ -1057,10 +1057,8 @@ void ieee80211_sta_debugfs_add(struct st
DEBUGFS_ADD_COUNTER(rx_fragments, deflink.rx_stats.fragments);
DEBUGFS_ADD_COUNTER(tx_filtered, deflink.status_stats.filtered);
NL80211_EXT_FEATURE_AQL))
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -2290,7 +2290,6 @@ void ieee80211_wake_queue_by_reason(stru
+@@ -2294,7 +2294,6 @@ void ieee80211_wake_queue_by_reason(stru
void ieee80211_stop_queue_by_reason(struct ieee80211_hw *hw, int queue,
enum queue_stop_reason reason,
bool refcounted);
void ieee80211_add_pending_skbs(struct ieee80211_local *local,
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
-@@ -458,12 +458,6 @@ static void ieee80211_do_stop(struct iee
+@@ -460,12 +460,6 @@ static void ieee80211_do_stop(struct iee
if (cancel_scan)
ieee80211_scan_cancel(local);
ieee80211_roc_purge(local, sdata);
switch (sdata->vif.type) {
-@@ -811,13 +805,6 @@ static void ieee80211_uninit(struct net_
+@@ -813,13 +807,6 @@ static void ieee80211_uninit(struct net_
ieee80211_teardown_sdata(IEEE80211_DEV_TO_SUB_IF(dev));
}
static void
ieee80211_get_stats64(struct net_device *dev, struct rtnl_link_stats64 *stats)
{
-@@ -831,7 +818,6 @@ static const struct net_device_ops ieee8
+@@ -833,7 +820,6 @@ static const struct net_device_ops ieee8
.ndo_start_xmit = ieee80211_subif_start_xmit,
.ndo_set_rx_mode = ieee80211_set_multicast_list,
.ndo_set_mac_address = ieee80211_change_mac,
.ndo_get_stats64 = ieee80211_get_stats64,
};
-@@ -939,7 +925,6 @@ static const struct net_device_ops ieee8
+@@ -941,7 +927,6 @@ static const struct net_device_ops ieee8
.ndo_start_xmit = ieee80211_subif_start_xmit_8023,
.ndo_set_rx_mode = ieee80211_set_multicast_list,
.ndo_set_mac_address = ieee80211_change_mac,
.ndo_get_stats64 = ieee80211_get_stats64,
.ndo_fill_forward_path = ieee80211_netdev_fill_forward_path,
};
-@@ -1441,35 +1426,6 @@ int ieee80211_do_open(struct wireless_de
+@@ -1443,35 +1428,6 @@ int ieee80211_do_open(struct wireless_de
ieee80211_recalc_ps(local);
set_bit(SDATA_STATE_RUNNING, &sdata->state);
return 0;
-@@ -1499,17 +1455,12 @@ static void ieee80211_if_setup(struct ne
+@@ -1501,17 +1457,12 @@ static void ieee80211_if_setup(struct ne
{
ether_setup(dev);
dev->priv_flags &= ~IFF_TX_SKB_SHARING;
static void ieee80211_iface_process_skb(struct ieee80211_local *local,
struct ieee80211_sub_if_data *sdata,
struct sk_buff *skb)
-@@ -2094,9 +2045,7 @@ int ieee80211_if_add(struct ieee80211_lo
+@@ -2096,9 +2047,7 @@ int ieee80211_if_add(struct ieee80211_lo
struct net_device *ndev = NULL;
struct ieee80211_sub_if_data *sdata = NULL;
struct txq_info *txqi;
ASSERT_RTNL();
-@@ -2119,30 +2068,18 @@ int ieee80211_if_add(struct ieee80211_lo
+@@ -2121,30 +2070,18 @@ int ieee80211_if_add(struct ieee80211_lo
sizeof(void *));
int txq_size = 0;
free:
sta_info_free_link(&sta->deflink);
#ifdef CPTCFG_MAC80211_MESH
-@@ -1959,9 +1954,6 @@ ieee80211_sta_ps_deliver_response(struct
+@@ -1960,9 +1955,6 @@ ieee80211_sta_ps_deliver_response(struct
* TIM recalculation.
*/
for (tid = 0; tid < ARRAY_SIZE(sta->sta.txq); tid++) {
if (!sta->sta.txq[tid] ||
!(driver_release_tids & BIT(tid)) ||
-@@ -2446,7 +2438,7 @@ static void sta_set_tidstats(struct sta_
+@@ -2447,7 +2439,7 @@ static void sta_set_tidstats(struct sta_
tidstats->tx_msdu_failed = sta->deflink.status_stats.msdu_failed[tid];
}
spin_lock_bh(&local->fq.lock);
rcu_read_lock();
-@@ -2774,9 +2766,6 @@ unsigned long ieee80211_sta_last_active(
+@@ -2775,9 +2767,6 @@ unsigned long ieee80211_sta_last_active(
static void sta_update_codel_params(struct sta_info *sta, u32 thr)
{
* Set the WLAN_TDLS_TEARDOWN flag to indicate a teardown in progress.
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
-@@ -1599,9 +1599,6 @@ int ieee80211_txq_setup_flows(struct iee
+@@ -1600,9 +1600,6 @@ int ieee80211_txq_setup_flows(struct iee
bool supp_vht = false;
enum nl80211_band band;
ret = fq_init(fq, 4096);
if (ret)
return ret;
-@@ -1649,9 +1646,6 @@ void ieee80211_txq_teardown_flows(struct
+@@ -1650,9 +1647,6 @@ void ieee80211_txq_teardown_flows(struct
{
struct fq *fq = &local->fq;
kfree(local->cvars);
local->cvars = NULL;
-@@ -1668,8 +1662,7 @@ static bool ieee80211_queue_skb(struct i
+@@ -1669,8 +1663,7 @@ static bool ieee80211_queue_skb(struct i
struct ieee80211_vif *vif;
struct txq_info *txqi;
return false;
if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
-@@ -4185,12 +4178,7 @@ void __ieee80211_subif_start_xmit(struct
+@@ -4193,12 +4186,7 @@ void __ieee80211_subif_start_xmit(struct
if (IS_ERR(sta))
sta = NULL;
ieee80211_aggr_check(sdata, sta, skb);
sk_pacing_shift_update(skb->sk, sdata->local->hw.tx_sk_pacing_shift);
-@@ -4501,11 +4489,7 @@ static void ieee80211_8023_xmit(struct i
+@@ -4509,11 +4497,7 @@ static void ieee80211_8023_xmit(struct i
struct tid_ampdu_tx *tid_tx;
u8 tid;
if (unlikely(test_bit(SCAN_SW_SCANNING, &local->scanning)) &&
test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state))
-@@ -4759,9 +4743,6 @@ void ieee80211_tx_pending(struct tasklet
+@@ -4767,9 +4751,6 @@ void ieee80211_tx_pending(struct tasklet
if (!txok)
break;
}
}
spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
-@@ -5954,10 +5935,9 @@ int ieee80211_tx_control_port(struct wip
+@@ -5962,10 +5943,9 @@ int ieee80211_tx_control_port(struct wip
}
if (!IS_ERR(sta)) {
* for MLO STA, the SA should be the AP MLD address, but
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
-@@ -446,39 +446,6 @@ void ieee80211_wake_txqs(struct tasklet_
+@@ -444,39 +444,6 @@ void ieee80211_wake_txqs(struct tasklet_
spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
}
static void __ieee80211_wake_queue(struct ieee80211_hw *hw, int queue,
enum queue_stop_reason reason,
bool refcounted,
-@@ -509,11 +476,7 @@ static void __ieee80211_wake_queue(struc
+@@ -507,11 +474,7 @@ static void __ieee80211_wake_queue(struc
/* someone still has this queue stopped */
return;
tasklet_schedule(&local->tx_pending_tasklet);
/*
-@@ -523,12 +486,10 @@ static void __ieee80211_wake_queue(struc
+@@ -521,12 +484,10 @@ static void __ieee80211_wake_queue(struc
* release someone's lock, but it is fine because all the callers of
* __ieee80211_wake_queue call it right before releasing the lock.
*/
}
void ieee80211_wake_queue_by_reason(struct ieee80211_hw *hw, int queue,
-@@ -585,10 +546,6 @@ static void __ieee80211_stop_queue(struc
- for (ac = 0; ac < n_acs; ac++) {
- if (sdata->vif.hw_queue[ac] == queue ||
- sdata->vif.cab_queue == queue) {
-- if (!local->ops->wake_tx_queue) {
-- netif_stop_subqueue(sdata->dev, ac);
-- continue;
-- }
- spin_lock(&local->fq.lock);
- sdata->vif.txqs_stopped[ac] = true;
- spin_unlock(&local->fq.lock);
+@@ -554,8 +515,6 @@ static void __ieee80211_stop_queue(struc
+ bool refcounted)
+ {
+ struct ieee80211_local *local = hw_to_local(hw);
+- struct ieee80211_sub_if_data *sdata;
+- int n_acs = IEEE80211_NUM_ACS;
+
+ trace_stop_queue(local, queue, reason);
+
+@@ -567,27 +526,7 @@ static void __ieee80211_stop_queue(struc
+ else
+ local->q_stop_reasons[queue][reason]++;
+
+- if (__test_and_set_bit(reason, &local->queue_stop_reasons[queue]))
+- return;
+-
+- if (local->hw.queues < IEEE80211_NUM_ACS)
+- n_acs = 1;
+-
+- rcu_read_lock();
+- list_for_each_entry_rcu(sdata, &local->interfaces, list) {
+- int ac;
+-
+- if (!sdata->dev)
+- continue;
+-
+- for (ac = 0; ac < n_acs; ac++) {
+- if (!local->ops->wake_tx_queue &&
+- (sdata->vif.hw_queue[ac] == queue ||
+- sdata->vif.cab_queue == queue))
+- netif_stop_subqueue(sdata->dev, ac);
+- }
+- }
+- rcu_read_unlock();
++ set_bit(reason, &local->queue_stop_reasons[queue]);
+ }
+
+ void ieee80211_stop_queue_by_reason(struct ieee80211_hw *hw, int queue,
--- a/net/mac80211/wme.c
+++ b/net/mac80211/wme.c
@@ -122,6 +122,9 @@ u16 ieee80211_select_queue_80211(struct
if ((info->control.flags & IEEE80211_TX_CTRL_DONT_REORDER) ||
local->hw.queues < IEEE80211_NUM_ACS)
return 0;
-@@ -141,12 +144,15 @@ u16 ieee80211_select_queue_80211(struct
+@@ -141,13 +144,16 @@ u16 ieee80211_select_queue_80211(struct
return ieee80211_downgrade_queue(sdata, NULL, skb);
}
+u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
+ struct sta_info *sta, struct sk_buff *skb)
{
+ const struct ethhdr *eth = (void *)skb->data;
struct mac80211_qos_map *qos_map;
bool qos;
+ skb_get_hash(skb);
+
/* all mesh/ocb stations are required to support WME */
- if (sta && (sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
- sdata->vif.type == NL80211_IFTYPE_OCB))
-@@ -176,59 +182,6 @@ u16 __ieee80211_select_queue(struct ieee
+ if ((sdata->vif.type == NL80211_IFTYPE_MESH_POINT &&
+ !is_multicast_ether_addr(eth->h_dest)) ||
+@@ -178,59 +184,6 @@ u16 __ieee80211_select_queue(struct ieee
return ieee80211_downgrade_queue(sdata, sta, skb);
}
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Tue, 13 Dec 2022 21:03:19 +0100
-Subject: [PATCH] wifi: mac80211: fix initialization of rx->link and
- rx->link_sta
-
-There are some codepaths that do not initialize rx->link_sta properly. This
-causes a crash in places which assume that rx->link_sta is valid if rx->sta
-is valid.
-One known instance is triggered by __ieee80211_rx_h_amsdu being called from
-fast-rx.
-
-Since the initialization of rx->link and rx->link_sta is rather convoluted
-and duplicated in many places, clean it up by using a helper function to
-set it.
-
-Fixes: ccdde7c74ffd ("wifi: mac80211: properly implement MLO key handling")
-Fixes: b320d6c456ff ("wifi: mac80211: use correct rx link_sta instead of default")
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -4067,6 +4067,58 @@ static void ieee80211_invoke_rx_handlers
- #undef CALL_RXH
- }
-
-+static bool
-+ieee80211_rx_is_valid_sta_link_id(struct ieee80211_sta *sta, u8 link_id)
-+{
-+ if (!sta->mlo)
-+ return false;
-+
-+ return !!(sta->valid_links & BIT(link_id));
-+}
-+
-+static bool ieee80211_rx_data_set_link(struct ieee80211_rx_data *rx,
-+ u8 link_id)
-+{
-+ rx->link_id = link_id;
-+ rx->link = rcu_dereference(rx->sdata->link[link_id]);
-+
-+ if (!rx->sta || !rx->sta->sta.mlo)
-+ return rx->link;
-+
-+ if (!ieee80211_rx_is_valid_sta_link_id(&rx->sta->sta, link_id))
-+ return false;
-+
-+ rx->link_sta = rcu_dereference(rx->sta->link[link_id]);
-+
-+ return rx->link && rx->link_sta;
-+}
-+
-+static bool ieee80211_rx_data_set_sta(struct ieee80211_rx_data *rx,
-+ struct ieee80211_sta *pubsta,
-+ int link_id)
-+{
-+ struct sta_info *sta;
-+
-+ sta = container_of(pubsta, struct sta_info, sta);
-+
-+ rx->link_id = link_id;
-+ rx->sta = sta;
-+
-+ if (sta) {
-+ rx->local = sta->sdata->local;
-+ if (!rx->sdata)
-+ rx->sdata = sta->sdata;
-+ rx->link_sta = &sta->deflink;
-+ }
-+
-+ if (link_id < 0)
-+ rx->link = &rx->sdata->deflink;
-+ else if (!ieee80211_rx_data_set_link(rx, link_id))
-+ return false;
-+
-+ return true;
-+}
-+
- /*
- * This function makes calls into the RX path, therefore
- * it has to be invoked under RCU read lock.
-@@ -4075,16 +4127,19 @@ void ieee80211_release_reorder_timeout(s
- {
- struct sk_buff_head frames;
- struct ieee80211_rx_data rx = {
-- .sta = sta,
-- .sdata = sta->sdata,
-- .local = sta->local,
- /* This is OK -- must be QoS data frame */
- .security_idx = tid,
- .seqno_idx = tid,
-- .link_id = -1,
- };
- struct tid_ampdu_rx *tid_agg_rx;
-- u8 link_id;
-+ int link_id = -1;
-+
-+ /* FIXME: statistics won't be right with this */
-+ if (sta->sta.valid_links)
-+ link_id = ffs(sta->sta.valid_links) - 1;
-+
-+ if (!ieee80211_rx_data_set_sta(&rx, &sta->sta, link_id))
-+ return;
-
- tid_agg_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[tid]);
- if (!tid_agg_rx)
-@@ -4104,10 +4159,6 @@ void ieee80211_release_reorder_timeout(s
- };
- drv_event_callback(rx.local, rx.sdata, &event);
- }
-- /* FIXME: statistics won't be right with this */
-- link_id = sta->sta.valid_links ? ffs(sta->sta.valid_links) - 1 : 0;
-- rx.link = rcu_dereference(sta->sdata->link[link_id]);
-- rx.link_sta = rcu_dereference(sta->link[link_id]);
-
- ieee80211_rx_handlers(&rx, &frames);
- }
-@@ -4123,7 +4174,6 @@ void ieee80211_mark_rx_ba_filtered_frame
- /* This is OK -- must be QoS data frame */
- .security_idx = tid,
- .seqno_idx = tid,
-- .link_id = -1,
- };
- int i, diff;
-
-@@ -4134,10 +4184,8 @@ void ieee80211_mark_rx_ba_filtered_frame
-
- sta = container_of(pubsta, struct sta_info, sta);
-
-- rx.sta = sta;
-- rx.sdata = sta->sdata;
-- rx.link = &rx.sdata->deflink;
-- rx.local = sta->local;
-+ if (!ieee80211_rx_data_set_sta(&rx, pubsta, -1))
-+ return;
-
- rcu_read_lock();
- tid_agg_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[tid]);
-@@ -4524,15 +4572,6 @@ void ieee80211_check_fast_rx_iface(struc
- mutex_unlock(&local->sta_mtx);
- }
-
--static bool
--ieee80211_rx_is_valid_sta_link_id(struct ieee80211_sta *sta, u8 link_id)
--{
-- if (!sta->mlo)
-- return false;
--
-- return !!(sta->valid_links & BIT(link_id));
--}
--
- static void ieee80211_rx_8023(struct ieee80211_rx_data *rx,
- struct ieee80211_fast_rx *fast_rx,
- int orig_len)
-@@ -4643,7 +4682,6 @@ static bool ieee80211_invoke_fast_rx(str
- struct sk_buff *skb = rx->skb;
- struct ieee80211_hdr *hdr = (void *)skb->data;
- struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
-- struct sta_info *sta = rx->sta;
- int orig_len = skb->len;
- int hdrlen = ieee80211_hdrlen(hdr->frame_control);
- int snap_offs = hdrlen;
-@@ -4655,7 +4693,6 @@ static bool ieee80211_invoke_fast_rx(str
- u8 da[ETH_ALEN];
- u8 sa[ETH_ALEN];
- } addrs __aligned(2);
-- struct link_sta_info *link_sta;
- struct ieee80211_sta_rx_stats *stats;
-
- /* for parallel-rx, we need to have DUP_VALIDATED, otherwise we write
-@@ -4758,18 +4795,10 @@ static bool ieee80211_invoke_fast_rx(str
- drop:
- dev_kfree_skb(skb);
-
-- if (rx->link_id >= 0) {
-- link_sta = rcu_dereference(sta->link[rx->link_id]);
-- if (!link_sta)
-- return true;
-- } else {
-- link_sta = &sta->deflink;
-- }
--
- if (fast_rx->uses_rss)
-- stats = this_cpu_ptr(link_sta->pcpu_rx_stats);
-+ stats = this_cpu_ptr(rx->link_sta->pcpu_rx_stats);
- else
-- stats = &link_sta->rx_stats;
-+ stats = &rx->link_sta->rx_stats;
-
- stats->dropped++;
- return true;
-@@ -4787,8 +4816,8 @@ static bool ieee80211_prepare_and_rx_han
- struct ieee80211_local *local = rx->local;
- struct ieee80211_sub_if_data *sdata = rx->sdata;
- struct ieee80211_hdr *hdr = (void *)skb->data;
-- struct link_sta_info *link_sta = NULL;
-- struct ieee80211_link_data *link;
-+ struct link_sta_info *link_sta = rx->link_sta;
-+ struct ieee80211_link_data *link = rx->link;
-
- rx->skb = skb;
-
-@@ -4810,35 +4839,6 @@ static bool ieee80211_prepare_and_rx_han
- if (!ieee80211_accept_frame(rx))
- return false;
-
-- if (rx->link_id >= 0) {
-- link = rcu_dereference(rx->sdata->link[rx->link_id]);
--
-- /* we might race link removal */
-- if (!link)
-- return true;
-- rx->link = link;
--
-- if (rx->sta) {
-- rx->link_sta =
-- rcu_dereference(rx->sta->link[rx->link_id]);
-- if (!rx->link_sta)
-- return true;
-- }
-- } else {
-- if (rx->sta)
-- rx->link_sta = &rx->sta->deflink;
--
-- rx->link = &sdata->deflink;
-- }
--
-- if (unlikely(!is_multicast_ether_addr(hdr->addr1) &&
-- rx->link_id >= 0 && rx->sta && rx->sta->sta.mlo)) {
-- link_sta = rcu_dereference(rx->sta->link[rx->link_id]);
--
-- if (WARN_ON_ONCE(!link_sta))
-- return true;
-- }
--
- if (!consume) {
- struct skb_shared_hwtstamps *shwt;
-
-@@ -4858,7 +4858,7 @@ static bool ieee80211_prepare_and_rx_han
- shwt->hwtstamp = skb_hwtstamps(skb)->hwtstamp;
- }
-
-- if (unlikely(link_sta)) {
-+ if (unlikely(rx->sta && rx->sta->sta.mlo)) {
- /* translate to MLD addresses */
- if (ether_addr_equal(link->conf->addr, hdr->addr1))
- ether_addr_copy(hdr->addr1, rx->sdata->vif.addr);
-@@ -4888,6 +4888,7 @@ static void __ieee80211_rx_handle_8023(s
- struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
- struct ieee80211_fast_rx *fast_rx;
- struct ieee80211_rx_data rx;
-+ int link_id = -1;
-
- memset(&rx, 0, sizeof(rx));
- rx.skb = skb;
-@@ -4904,12 +4905,8 @@ static void __ieee80211_rx_handle_8023(s
- if (!pubsta)
- goto drop;
-
-- rx.sta = container_of(pubsta, struct sta_info, sta);
-- rx.sdata = rx.sta->sdata;
--
-- if (status->link_valid &&
-- !ieee80211_rx_is_valid_sta_link_id(pubsta, status->link_id))
-- goto drop;
-+ if (status->link_valid)
-+ link_id = status->link_id;
-
- /*
- * TODO: Should the frame be dropped if the right link_id is not
-@@ -4918,19 +4915,8 @@ static void __ieee80211_rx_handle_8023(s
- * link_id is used only for stats purpose and updating the stats on
- * the deflink is fine?
- */
-- if (status->link_valid)
-- rx.link_id = status->link_id;
--
-- if (rx.link_id >= 0) {
-- struct ieee80211_link_data *link;
--
-- link = rcu_dereference(rx.sdata->link[rx.link_id]);
-- if (!link)
-- goto drop;
-- rx.link = link;
-- } else {
-- rx.link = &rx.sdata->deflink;
-- }
-+ if (!ieee80211_rx_data_set_sta(&rx, pubsta, link_id))
-+ goto drop;
-
- fast_rx = rcu_dereference(rx.sta->fast_rx);
- if (!fast_rx)
-@@ -4948,6 +4934,8 @@ static bool ieee80211_rx_for_interface(s
- {
- struct link_sta_info *link_sta;
- struct ieee80211_hdr *hdr = (void *)skb->data;
-+ struct sta_info *sta;
-+ int link_id = -1;
-
- /*
- * Look up link station first, in case there's a
-@@ -4957,24 +4945,19 @@ static bool ieee80211_rx_for_interface(s
- */
- link_sta = link_sta_info_get_bss(rx->sdata, hdr->addr2);
- if (link_sta) {
-- rx->sta = link_sta->sta;
-- rx->link_id = link_sta->link_id;
-+ sta = link_sta->sta;
-+ link_id = link_sta->link_id;
- } else {
- struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
-
-- rx->sta = sta_info_get_bss(rx->sdata, hdr->addr2);
-- if (rx->sta) {
-- if (status->link_valid &&
-- !ieee80211_rx_is_valid_sta_link_id(&rx->sta->sta,
-- status->link_id))
-- return false;
--
-- rx->link_id = status->link_valid ? status->link_id : -1;
-- } else {
-- rx->link_id = -1;
-- }
-+ sta = sta_info_get_bss(rx->sdata, hdr->addr2);
-+ if (status->link_valid)
-+ link_id = status->link_id;
- }
-
-+ if (!ieee80211_rx_data_set_sta(rx, &sta->sta, link_id))
-+ return false;
-+
- return ieee80211_prepare_and_rx_handle(rx, skb, consume);
- }
-
-@@ -5033,19 +5016,15 @@ static void __ieee80211_rx_handle_packet
-
- if (ieee80211_is_data(fc)) {
- struct sta_info *sta, *prev_sta;
-- u8 link_id = status->link_id;
-+ int link_id = -1;
-
-- if (pubsta) {
-- rx.sta = container_of(pubsta, struct sta_info, sta);
-- rx.sdata = rx.sta->sdata;
-+ if (status->link_valid)
-+ link_id = status->link_id;
-
-- if (status->link_valid &&
-- !ieee80211_rx_is_valid_sta_link_id(pubsta, link_id))
-+ if (pubsta) {
-+ if (!ieee80211_rx_data_set_sta(&rx, pubsta, link_id))
- goto out;
-
-- if (status->link_valid)
-- rx.link_id = status->link_id;
--
- /*
- * In MLO connection, fetch the link_id using addr2
- * when the driver does not pass link_id in status.
-@@ -5063,7 +5042,7 @@ static void __ieee80211_rx_handle_packet
- if (!link_sta)
- goto out;
-
-- rx.link_id = link_sta->link_id;
-+ ieee80211_rx_data_set_link(&rx, link_sta->link_id);
- }
-
- if (ieee80211_prepare_and_rx_handle(&rx, skb, true))
-@@ -5079,30 +5058,27 @@ static void __ieee80211_rx_handle_packet
- continue;
- }
-
-- if ((status->link_valid &&
-- !ieee80211_rx_is_valid_sta_link_id(&prev_sta->sta,
-- link_id)) ||
-- (!status->link_valid && prev_sta->sta.mlo))
-+ rx.sdata = prev_sta->sdata;
-+ if (!ieee80211_rx_data_set_sta(&rx, &prev_sta->sta,
-+ link_id))
-+ goto out;
-+
-+ if (!status->link_valid && prev_sta->sta.mlo)
- continue;
-
-- rx.link_id = status->link_valid ? link_id : -1;
-- rx.sta = prev_sta;
-- rx.sdata = prev_sta->sdata;
- ieee80211_prepare_and_rx_handle(&rx, skb, false);
-
- prev_sta = sta;
- }
-
- if (prev_sta) {
-- if ((status->link_valid &&
-- !ieee80211_rx_is_valid_sta_link_id(&prev_sta->sta,
-- link_id)) ||
-- (!status->link_valid && prev_sta->sta.mlo))
-+ rx.sdata = prev_sta->sdata;
-+ if (!ieee80211_rx_data_set_sta(&rx, &prev_sta->sta,
-+ link_id))
- goto out;
-
-- rx.link_id = status->link_valid ? link_id : -1;
-- rx.sta = prev_sta;
-- rx.sdata = prev_sta->sdata;
-+ if (!status->link_valid && prev_sta->sta.mlo)
-+ goto out;
-
- if (ieee80211_prepare_and_rx_handle(&rx, skb, true))
- return;
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Wed, 14 Dec 2022 13:46:38 +0100
-Subject: [PATCH] wifi: mac80211: fix MLO + AP_VLAN check
-
-Instead of preventing adding AP_VLAN to MLO enabled APs, this check was
-preventing adding more than one 4-addr AP_VLAN regardless of the MLO status.
-Fix this by adding missing extra checks.
-
-Fixes: ae960ee90bb1 ("wifi: mac80211: prevent VLANs on MLDs")
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/net/mac80211/iface.c
-+++ b/net/mac80211/iface.c
-@@ -364,7 +364,9 @@ static int ieee80211_check_concurrent_if
-
- /* No support for VLAN with MLO yet */
- if (iftype == NL80211_IFTYPE_AP_VLAN &&
-- nsdata->wdev.use_4addr)
-+ sdata->wdev.use_4addr &&
-+ nsdata->vif.type == NL80211_IFTYPE_AP &&
-+ nsdata->vif.valid_links)
- return -EOPNOTSUPP;
-
- /*
* @driver_flags: flags/capabilities the driver has for this interface,
* these need to be set (or cleared) when the interface is added
* or, if supported by the driver, the interface type is changed
-@@ -1848,6 +1852,7 @@ struct ieee80211_vif {
+@@ -1846,6 +1850,7 @@ struct ieee80211_vif {
struct ieee80211_txq *txq;
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
-@@ -1355,7 +1355,11 @@ static struct txq_info *ieee80211_get_tx
+@@ -1356,7 +1356,11 @@ static struct txq_info *ieee80211_get_tx
static void ieee80211_set_skb_enqueue_time(struct sk_buff *skb)
{
}
static u32 codel_skb_len_func(const struct sk_buff *skb)
-@@ -3578,55 +3582,79 @@ ieee80211_xmit_fast_finish(struct ieee80
+@@ -3579,55 +3583,79 @@ ieee80211_xmit_fast_finish(struct ieee80
return TX_CONTINUE;
}
/* will not be crypto-handled beyond what we do here, so use false
* as the may-encrypt argument for the resize to not account for
-@@ -3635,10 +3663,8 @@ static bool ieee80211_xmit_fast(struct i
+@@ -3636,10 +3664,8 @@ static bool ieee80211_xmit_fast(struct i
if (unlikely(ieee80211_skb_resize(sdata, skb,
max_t(int, extra_head + hw_headroom -
skb_headroom(skb), 0),
memcpy(ð, skb->data, ETH_HLEN - 2);
hdr = skb_push(skb, extra_head);
-@@ -3652,7 +3678,7 @@ static bool ieee80211_xmit_fast(struct i
+@@ -3653,7 +3679,7 @@ static bool ieee80211_xmit_fast(struct i
info->control.vif = &sdata->vif;
info->flags = IEEE80211_TX_CTL_FIRST_FRAGMENT |
IEEE80211_TX_CTL_DONTFRAG |
info->control.flags = IEEE80211_TX_CTRL_FAST_XMIT |
u32_encode_bits(IEEE80211_LINK_UNSPECIFIED,
IEEE80211_TX_CTRL_MLO_LINK);
-@@ -3676,16 +3702,14 @@ static bool ieee80211_xmit_fast(struct i
+@@ -3677,16 +3703,14 @@ static bool ieee80211_xmit_fast(struct i
tx.key = fast_tx->key;
if (ieee80211_queue_skb(local, sdata, sta, skb))
if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
sdata = container_of(sdata->bss,
-@@ -3693,6 +3717,56 @@ static bool ieee80211_xmit_fast(struct i
+@@ -3694,6 +3718,56 @@ static bool ieee80211_xmit_fast(struct i
__skb_queue_tail(&tx.skbs, skb);
ieee80211_tx_frags(local, &sdata->vif, sta, &tx.skbs, false);
return true;
}
-@@ -4193,31 +4267,14 @@ void __ieee80211_subif_start_xmit(struct
+@@ -4201,31 +4275,14 @@ void __ieee80211_subif_start_xmit(struct
goto out;
}
}
skb_list_walk_safe(skb, skb, next) {
-@@ -4435,9 +4492,11 @@ normal:
+@@ -4443,9 +4500,11 @@ normal:
return NETDEV_TX_OK;
}
{
struct ieee80211_local *local = sdata->local;
struct ieee80211_tx_control control = {};
-@@ -4446,14 +4505,6 @@ static bool ieee80211_tx_8023(struct iee
+@@ -4454,14 +4513,6 @@ static bool ieee80211_tx_8023(struct iee
unsigned long flags;
int q = info->hw_queue;
spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
if (local->queue_stop_reasons[q] ||
-@@ -4480,6 +4531,26 @@ static bool ieee80211_tx_8023(struct iee
+@@ -4488,6 +4539,26 @@ static bool ieee80211_tx_8023(struct iee
return true;
}
static void ieee80211_8023_xmit(struct ieee80211_sub_if_data *sdata,
struct net_device *dev, struct sta_info *sta,
struct ieee80211_key *key, struct sk_buff *skb)
-@@ -4487,9 +4558,13 @@ static void ieee80211_8023_xmit(struct i
+@@ -4495,9 +4566,13 @@ static void ieee80211_8023_xmit(struct i
struct ieee80211_tx_info *info;
struct ieee80211_local *local = sdata->local;
struct tid_ampdu_tx *tid_tx;
if (unlikely(test_bit(SCAN_SW_SCANNING, &local->scanning)) &&
test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state))
-@@ -4499,9 +4574,6 @@ static void ieee80211_8023_xmit(struct i
+@@ -4507,9 +4582,6 @@ static void ieee80211_8023_xmit(struct i
if (unlikely(!skb))
return;
ieee80211_aggr_check(sdata, sta, skb);
tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
-@@ -4515,22 +4587,20 @@ static void ieee80211_8023_xmit(struct i
+@@ -4523,22 +4595,20 @@ static void ieee80211_8023_xmit(struct i
return;
}
if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
sdata = container_of(sdata->bss,
-@@ -4542,6 +4612,24 @@ static void ieee80211_8023_xmit(struct i
+@@ -4550,6 +4620,24 @@ static void ieee80211_8023_xmit(struct i
if (key)
info->control.hw_key = &key->conf;
ieee80211_tx_8023(sdata, skb, sta, false);
return;
-@@ -4583,6 +4671,7 @@ netdev_tx_t ieee80211_subif_start_xmit_8
+@@ -4591,6 +4679,7 @@ netdev_tx_t ieee80211_subif_start_xmit_8
key->conf.cipher == WLAN_CIPHER_SUITE_TKIP))
goto skip_offload;
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Wed, 15 Feb 2023 15:11:54 +0100
-Subject: [PATCH] wifi: mac80211: fix qos on mesh interfaces
-
-When ieee80211_select_queue is called for mesh, the sta pointer is usually
-NULL, since the nexthop is looked up much later in the tx path.
-Explicitly check for unicast address in that case in order to make qos work
-again.
-
-Fixes: 50e2ab392919 ("wifi: mac80211: fix queue selection for mesh/OCB interfaces")
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/net/mac80211/wme.c
-+++ b/net/mac80211/wme.c
-@@ -147,6 +147,7 @@ u16 ieee80211_select_queue_80211(struct
- u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
- struct sta_info *sta, struct sk_buff *skb)
- {
-+ const struct ethhdr *eth = (void *)skb->data;
- struct mac80211_qos_map *qos_map;
- bool qos;
-
-@@ -154,8 +155,9 @@ u16 ieee80211_select_queue(struct ieee80
- skb_get_hash(skb);
-
- /* all mesh/ocb stations are required to support WME */
-- if (sta && (sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
-- sdata->vif.type == NL80211_IFTYPE_OCB))
-+ if ((sdata->vif.type == NL80211_IFTYPE_MESH_POINT &&
-+ !is_multicast_ether_addr(eth->h_dest)) ||
-+ (sdata->vif.type == NL80211_IFTYPE_OCB && sta))
- qos = true;
- else if (sta)
- qos = sta->sta.wme;
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -695,7 +695,7 @@ struct ieee80211_if_mesh {
+@@ -696,7 +696,7 @@ struct ieee80211_if_mesh {
struct mesh_stats mshstats;
struct mesh_config mshcfg;
atomic_t estab_plinks;
/* Maximum number of broadcast/multicast frames to buffer when some of the
* associated stations are using power saving. */
-@@ -655,6 +656,19 @@ struct mesh_table {
+@@ -656,6 +657,19 @@ struct mesh_table {
atomic_t entries; /* Up to MAX_MESH_NEIGHBOURS */
};
struct ieee80211_if_mesh {
struct timer_list housekeeping_timer;
struct timer_list mesh_path_timer;
-@@ -733,6 +747,7 @@ struct ieee80211_if_mesh {
+@@ -734,6 +748,7 @@ struct ieee80211_if_mesh {
struct mesh_table mpp_paths; /* Store paths for MPP&MAP */
int mesh_paths_generation;
int mpp_paths_generation;
};
#ifdef CPTCFG_MAC80211_MESH
-@@ -1998,6 +2013,11 @@ int ieee80211_tx_control_port(struct wip
+@@ -2002,6 +2017,11 @@ int ieee80211_tx_control_port(struct wip
int link_id, u64 *cookie);
int ieee80211_probe_mesh_link(struct wiphy *wiphy, struct net_device *dev,
const u8 *buf, size_t len);
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
-@@ -3021,6 +3021,9 @@ void ieee80211_check_fast_xmit(struct st
+@@ -3022,6 +3022,9 @@ void ieee80211_check_fast_xmit(struct st
if (!ieee80211_hw_check(&local->hw, SUPPORT_FAST_XMIT))
return;
/* Locking here protects both the pointer itself, and against concurrent
* invocations winning data access races to, e.g., the key pointer that
* is used.
-@@ -3402,6 +3405,9 @@ static bool ieee80211_amsdu_aggregate(st
+@@ -3403,6 +3406,9 @@ static bool ieee80211_amsdu_aggregate(st
if (sdata->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED)
return false;
if (skb_is_gso(skb))
return false;
-@@ -3634,10 +3640,11 @@ free:
+@@ -3635,10 +3641,11 @@ free:
return NULL;
}
{
struct ieee80211_local *local = sdata->local;
struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
-@@ -3646,7 +3653,6 @@ static void __ieee80211_xmit_fast(struct
+@@ -3647,7 +3654,6 @@ static void __ieee80211_xmit_fast(struct
ieee80211_tx_result r;
int hw_headroom = sdata->local->hw.extra_tx_headroom;
int extra_head = fast_tx->hdr_len - (ETH_HLEN - 2);
skb = skb_share_check(skb, GFP_ATOMIC);
if (unlikely(!skb))
-@@ -3666,11 +3672,10 @@ static void __ieee80211_xmit_fast(struct
+@@ -3667,11 +3673,10 @@ static void __ieee80211_xmit_fast(struct
ENCRYPT_NO)))
goto free;
info = IEEE80211_SKB_CB(skb);
memset(info, 0, sizeof(*info));
-@@ -3689,7 +3694,8 @@ static void __ieee80211_xmit_fast(struct
+@@ -3690,7 +3695,8 @@ static void __ieee80211_xmit_fast(struct
#endif
if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
*ieee80211_get_qos_ctl(hdr) = tid;
}
-@@ -3732,6 +3738,7 @@ static bool ieee80211_xmit_fast(struct i
+@@ -3733,6 +3739,7 @@ static bool ieee80211_xmit_fast(struct i
struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
struct tid_ampdu_tx *tid_tx = NULL;
struct sk_buff *next;
u8 tid = IEEE80211_NUM_TIDS;
/* control port protocol needs a lot of special handling */
-@@ -3757,6 +3764,8 @@ static bool ieee80211_xmit_fast(struct i
+@@ -3758,6 +3765,8 @@ static bool ieee80211_xmit_fast(struct i
}
}
/* after this point (skb is modified) we cannot return false */
skb = ieee80211_tx_skb_fixup(skb, ieee80211_sdata_netdev_features(sdata));
if (!skb)
-@@ -3764,7 +3773,8 @@ static bool ieee80211_xmit_fast(struct i
+@@ -3765,7 +3774,8 @@ static bool ieee80211_xmit_fast(struct i
skb_list_walk_safe(skb, skb, next) {
skb_mark_not_on_list(skb);
}
return true;
-@@ -4244,8 +4254,15 @@ void __ieee80211_subif_start_xmit(struct
+@@ -4252,8 +4262,15 @@ void __ieee80211_subif_start_xmit(struct
return;
}
if (ieee80211_lookup_ra_sta(sdata, skb, &sta))
goto out_free;
-@@ -4255,8 +4272,6 @@ void __ieee80211_subif_start_xmit(struct
+@@ -4263,8 +4280,6 @@ void __ieee80211_subif_start_xmit(struct
skb_set_queue_mapping(skb, ieee80211_select_queue(sdata, sta, skb));
ieee80211_aggr_check(sdata, sta, skb);
rx_accept:
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -2018,6 +2018,8 @@ void __ieee80211_xmit_fast(struct ieee80
+@@ -2022,6 +2022,8 @@ void __ieee80211_xmit_fast(struct ieee80
struct ieee80211_fast_tx *fast_tx,
struct sk_buff *skb, bool ampdu,
const u8 *da, const u8 *sa);
/**
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -1251,6 +1251,21 @@ static int ieee80211_start_ap(struct wip
+@@ -1252,6 +1252,21 @@ static int ieee80211_start_ap(struct wip
prev_beacon_int = link_conf->beacon_int;
link_conf->beacon_int = params->beacon_interval;
/**
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -1280,6 +1280,21 @@ static int ieee80211_start_ap(struct wip
+@@ -1281,6 +1281,21 @@ static int ieee80211_start_ap(struct wip
changed |= BSS_CHANGED_HE_BSS_COLOR;
}
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
-@@ -5968,6 +5968,18 @@ void ieee80211_queue_delayed_work(struct
+@@ -5964,6 +5964,18 @@ void ieee80211_queue_delayed_work(struct
unsigned long delay);
/**
* @tid: the TID to BA on.
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
-@@ -552,6 +552,23 @@ void ieee80211_tx_ba_session_handle_star
+@@ -554,6 +554,23 @@ void ieee80211_tx_ba_session_handle_star
ieee80211_send_addba_with_timeout(sta, tid_tx);
}
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
-@@ -4572,6 +4572,12 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4564,6 +4564,12 @@ void ieee80211_check_fast_rx(struct sta_
}
break;
default:
goto clear;
}
-@@ -4780,6 +4786,7 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4772,6 +4778,7 @@ static bool ieee80211_invoke_fast_rx(str
struct sk_buff *skb = rx->skb;
struct ieee80211_hdr *hdr = (void *)skb->data;
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
int orig_len = skb->len;
int hdrlen = ieee80211_hdrlen(hdr->frame_control);
int snap_offs = hdrlen;
-@@ -4841,7 +4848,8 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4833,7 +4840,8 @@ static bool ieee80211_invoke_fast_rx(str
snap_offs += IEEE80211_CCMP_HDR_LEN;
}
if (!pskb_may_pull(skb, snap_offs + sizeof(*payload)))
return false;
-@@ -4880,13 +4888,29 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4872,13 +4880,29 @@ static bool ieee80211_invoke_fast_rx(str
/* do the header conversion - first grab the addresses */
ether_addr_copy(addrs.da, skb->data + fast_rx->da_offs);
ether_addr_copy(addrs.sa, skb->data + fast_rx->sa_offs);
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
-@@ -4196,6 +4196,10 @@ struct ieee80211_prep_tx_info {
+@@ -4192,6 +4192,10 @@ struct ieee80211_prep_tx_info {
* Note that a sta can also be inserted or removed with valid links,
* i.e. passed to @sta_add/@sta_state with sta->valid_links not zero.
* In fact, cannot change from having valid_links and not having them.
*/
struct ieee80211_ops {
void (*tx)(struct ieee80211_hw *hw,
-@@ -4551,6 +4555,11 @@ struct ieee80211_ops {
+@@ -4547,6 +4551,11 @@ struct ieee80211_ops {
struct ieee80211_vif *vif,
struct ieee80211_sta *sta,
u16 old_links, u16 new_links);
u16 old_links, u16 new_links,
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -1935,7 +1935,8 @@ void ieee80211_color_change_finalize_wor
+@@ -1939,7 +1939,8 @@ void ieee80211_color_collision_detection
/* interface handling */
#define MAC80211_SUPPORTED_FEATURES_TX (NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM | \
NETIF_F_HW_CSUM | NETIF_F_SG | \
+++ /dev/null
-From: Felix Fietkau <nbd@nbd.name>
-Date: Fri, 24 Mar 2023 13:04:17 +0100
-Subject: [PATCH] wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for
- non-uploaded sta
-
-Avoid potential data corruption issues caused by uninitialized driver
-private data structures.
-
-Reported-by: Brian Coverstone <brian@mainsequence.net>
-Fixes: 6a9d1b91f34d ("mac80211: add pre-RCU-sync sta removal driver operation")
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
-
---- a/net/mac80211/sta_info.c
-+++ b/net/mac80211/sta_info.c
-@@ -1241,7 +1241,8 @@ static int __must_check __sta_info_destr
- list_del_rcu(&sta->list);
- sta->removed = true;
-
-- drv_sta_pre_rcu_remove(local, sta->sdata, sta);
-+ if (sta->uploaded)
-+ drv_sta_pre_rcu_remove(local, sta->sdata, sta);
-
- if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
- rcu_access_pointer(sdata->u.vlan.sta) == sta)
info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
return TX_CONTINUE;
}
-@@ -1325,7 +1325,7 @@ static struct txq_info *ieee80211_get_tx
+@@ -1326,7 +1326,7 @@ static struct txq_info *ieee80211_get_tx
if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) &&
unlikely(!ieee80211_is_data_present(hdr->frame_control))) {
if ((!ieee80211_is_mgmt(hdr->frame_control) ||
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
-@@ -3922,6 +3922,10 @@ struct ieee80211_prep_tx_info {
+@@ -3918,6 +3918,10 @@ struct ieee80211_prep_tx_info {
* Note that vif can be NULL.
* The callback can sleep.
*
* @channel_switch: Drivers that need (or want) to offload the channel
* switch operation for CSAs received from the AP may implement this
* callback. They must then call ieee80211_chswitch_done() to indicate
-@@ -4376,6 +4380,8 @@ struct ieee80211_ops {
+@@ -4372,6 +4376,8 @@ struct ieee80211_ops {
#endif
void (*flush)(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
u32 queues, bool drop);
--- /dev/null
+From: Ryder Lee <ryder.lee@mediatek.com>
+Date: Sat, 18 Feb 2023 01:49:25 +0800
+Subject: [PATCH] wifi: mac80211: add LDPC related flags in ieee80211_bss_conf
+
+This is utilized to pass LDPC configurations from user space
+(i.e. hostapd) to driver.
+
+Signed-off-by: Ryder Lee <ryder.lee@mediatek.com>
+Link: https://lore.kernel.org/r/1de696aaa34efd77a926eb657b8c0fda05aaa177.1676628065.git.ryder.lee@mediatek.com
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -653,6 +653,9 @@ struct ieee80211_fils_discovery {
+ * write-protected by sdata_lock and local->mtx so holding either is fine
+ * for read access.
+ * @color_change_color: the bss color that will be used after the change.
++ * @ht_ldpc: in AP mode, indicates interface has HT LDPC capability.
++ * @vht_ldpc: in AP mode, indicates interface has VHT LDPC capability.
++ * @he_ldpc: in AP mode, indicates interface has HE LDPC capability.
+ * @vht_su_beamformer: in AP mode, does this BSS support operation as an VHT SU
+ * beamformer
+ * @vht_su_beamformee: in AP mode, does this BSS support operation as an VHT SU
+@@ -744,6 +747,9 @@ struct ieee80211_bss_conf {
+ bool color_change_active;
+ u8 color_change_color;
+
++ bool ht_ldpc;
++ bool vht_ldpc;
++ bool he_ldpc;
+ bool vht_su_beamformer;
+ bool vht_su_beamformee;
+ bool vht_mu_beamformer;
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -1252,7 +1252,15 @@ static int ieee80211_start_ap(struct wip
+ prev_beacon_int = link_conf->beacon_int;
+ link_conf->beacon_int = params->beacon_interval;
+
++ if (params->ht_cap)
++ link_conf->ht_ldpc =
++ params->ht_cap->cap_info &
++ cpu_to_le16(IEEE80211_HT_CAP_LDPC_CODING);
++
+ if (params->vht_cap) {
++ link_conf->vht_ldpc =
++ params->vht_cap->vht_cap_info &
++ cpu_to_le32(IEEE80211_VHT_CAP_RXLDPC);
+ link_conf->vht_su_beamformer =
+ params->vht_cap->vht_cap_info &
+ cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
+@@ -1282,6 +1290,9 @@ static int ieee80211_start_ap(struct wip
+ }
+
+ if (params->he_cap) {
++ link_conf->he_ldpc =
++ params->he_cap->phy_cap_info[1] &
++ IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD;
+ link_conf->he_su_beamformer =
+ params->he_cap->phy_cap_info[3] &
+ IEEE80211_HE_PHY_CAP3_SU_BEAMFORMER;
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
-@@ -1671,6 +1671,7 @@ enum ieee80211_smps_mode {
+@@ -1677,6 +1677,7 @@ enum ieee80211_smps_mode {
*
* @power_level: requested transmit power (in dBm), backward compatibility
* value only that is set to the minimum of all interfaces
*
* @chandef: the channel definition to tune to
* @radar_enabled: whether radar detection is enabled
-@@ -1691,6 +1692,7 @@ enum ieee80211_smps_mode {
+@@ -1697,6 +1698,7 @@ enum ieee80211_smps_mode {
struct ieee80211_conf {
u32 flags;
int power_level, dynamic_ps_timeout;
__NL80211_ATTR_AFTER_LAST,
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -3028,6 +3028,19 @@ static int ieee80211_get_tx_power(struct
+@@ -3046,6 +3046,19 @@ static int ieee80211_get_tx_power(struct
return 0;
}
static void ieee80211_rfkill_poll(struct wiphy *wiphy)
{
struct ieee80211_local *local = wiphy_priv(wiphy);
-@@ -4911,6 +4924,7 @@ const struct cfg80211_ops mac80211_confi
+@@ -4953,6 +4966,7 @@ const struct cfg80211_ops mac80211_confi
.set_wiphy_params = ieee80211_set_wiphy_params,
.set_tx_power = ieee80211_set_tx_power,
.get_tx_power = ieee80211_get_tx_power,
CFG80211_TESTMODE_DUMP(ieee80211_testmode_dump)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -1535,6 +1535,7 @@ struct ieee80211_local {
+@@ -1538,6 +1538,7 @@ struct ieee80211_local {
int dynamic_ps_forced_timeout;
int user_power_level; /* in dBm, for all interfaces */