From: Hauke Mehrtens Date: Sun, 23 Sep 2018 16:48:09 +0000 (+0200) Subject: mac80211: Add patches which were added later X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=ec684ce193be84b3c2a25f6a3cfcc91bf3d75bfd;p=openwrt%2Fstaging%2Fnbd.git mac80211: Add patches which were added later These patches were added after the new matches structure for the mac80211 package was created. All the deleted patches are already integrated in kernel 4.19-rc4. Signed-off-by: Hauke Mehrtens --- diff --git a/package/kernel/mac80211/patches/342-0001-brcmfmac-add-CYW89342-mini-PCIe-device.patch b/package/kernel/mac80211/patches/342-0001-brcmfmac-add-CYW89342-mini-PCIe-device.patch deleted file mode 100644 index d0d9b20373..0000000000 --- a/package/kernel/mac80211/patches/342-0001-brcmfmac-add-CYW89342-mini-PCIe-device.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 2fef681a4cf7994c882190fd2417b95f30510afb Mon Sep 17 00:00:00 2001 -From: Jia-Shyr Chuang -Date: Wed, 15 Aug 2018 04:23:09 -0500 -Subject: [PATCH] brcmfmac: add CYW89342 mini-PCIe device - -CYW89342 is a 2x2 MIMO, 802.11a/b/g/n/ac for WLAN. It is a member of -4355/4359 family. - -Signed-off-by: Jia-Shyr Chuang -Signed-off-by: Chi-Hsien Lin -Signed-off-by: Kalle Valo ---- - drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 1 + - 1 file changed, 1 insertion(+) - ---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c -+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c -@@ -2017,6 +2017,7 @@ static const struct dev_pm_ops brcmf_pci - - static const struct pci_device_id brcmf_pcie_devid_table[] = { - BRCMF_PCIE_DEVICE(BRCM_PCIE_4350_DEVICE_ID), -+ BRCMF_PCIE_DEVICE_SUB(0x4355, BRCM_PCIE_VENDOR_ID_BROADCOM, 0x4355), - BRCMF_PCIE_DEVICE(BRCM_PCIE_4356_DEVICE_ID), - BRCMF_PCIE_DEVICE(BRCM_PCIE_43567_DEVICE_ID), - BRCMF_PCIE_DEVICE(BRCM_PCIE_43570_DEVICE_ID), diff --git a/package/kernel/mac80211/patches/344-0001-brcmfmac-fix-wrong-strnchr-usage.patch b/package/kernel/mac80211/patches/344-0001-brcmfmac-fix-wrong-strnchr-usage.patch deleted file mode 100644 index 8267b37864..0000000000 --- a/package/kernel/mac80211/patches/344-0001-brcmfmac-fix-wrong-strnchr-usage.patch +++ /dev/null @@ -1,38 +0,0 @@ -From cb18e2e9ec71d42409a51b83546686c609780dde Mon Sep 17 00:00:00 2001 -From: Rasmus Villemoes -Date: Wed, 22 Aug 2018 15:22:15 +0200 -Subject: [PATCH] brcmfmac: fix wrong strnchr usage - -strnchr takes arguments in the order of its name: string, max bytes to -read, character to search for. Here we're passing '\n' aka 10 as the -buffer size, and searching for sizeof(buf) aka BRCMF_DCMD_SMLEN aka -256 (aka '\0', since it's implicitly converted to char) within those 10 -bytes. - -Just interchanging the last two arguments would still leave a bug, -because if we've been successful once, there are not sizeof(buf) -characters left after the new value of p. - -Since clmver is immediately afterwards passed as a %s argument, I assume -that it is actually a properly nul-terminated string. For that case, we -have strreplace(). - -Signed-off-by: Rasmus Villemoes -Signed-off-by: Kalle Valo ---- - drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - ---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c -+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c -@@ -296,9 +296,7 @@ int brcmf_c_preinit_dcmds(struct brcmf_i - /* Replace all newline/linefeed characters with space - * character - */ -- ptr = clmver; -- while ((ptr = strnchr(ptr, '\n', sizeof(buf))) != NULL) -- *ptr = ' '; -+ strreplace(clmver, '\n', ' '); - - brcmf_dbg(INFO, "CLM version = %s\n", clmver); - } diff --git a/package/kernel/mac80211/patches/345-0001-brcmfmac-fix-for-proper-support-of-160MHz-bandwidth.patch b/package/kernel/mac80211/patches/345-0001-brcmfmac-fix-for-proper-support-of-160MHz-bandwidth.patch deleted file mode 100644 index 6e96578990..0000000000 --- a/package/kernel/mac80211/patches/345-0001-brcmfmac-fix-for-proper-support-of-160MHz-bandwidth.patch +++ /dev/null @@ -1,117 +0,0 @@ -From: Arend van Spriel -Date: Wed, 5 Sep 2018 09:48:58 +0200 -Subject: [PATCH] brcmfmac: fix for proper support of 160MHz bandwidth - -Decoding of firmware channel information was not complete for 160MHz -support. This resulted in the following warning: - - WARNING: CPU: 2 PID: 2222 at .../broadcom/brcm80211/brcmutil/d11.c:196 - brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil] - Modules linked in: brcmfmac(O) brcmutil(O) sha256_generic cfg80211 ... - CPU: 2 PID: 2222 Comm: kworker/2:0 Tainted: G O - 4.17.0-wt-testing-x64-00002-gf1bed50 #1 - Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011 - Workqueue: events request_firmware_work_func - RIP: 0010:brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil] - RSP: 0018:ffffc90000047bd0 EFLAGS: 00010206 - RAX: 000000000000e832 RBX: ffff8801146fe910 RCX: ffff8801146fd3c0 - RDX: 0000000000002800 RSI: 0000000000000070 RDI: ffffc90000047c30 - RBP: ffffc90000047bd0 R08: 0000000000000000 R09: ffffffffa0798c80 - R10: ffff88012bca55e0 R11: ffff880110a4ea00 R12: ffff8801146f8000 - R13: ffffc90000047c30 R14: ffff8801146fe930 R15: ffff8801138e02e0 - FS: 0000000000000000(0000) GS:ffff88012bc80000(0000) knlGS:0000000000000000 - CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 - CR2: 00007f18ce8b8070 CR3: 000000000200a003 CR4: 00000000000206e0 - Call Trace: - brcmf_setup_wiphybands+0x212/0x780 [brcmfmac] - brcmf_cfg80211_attach+0xae2/0x11a0 [brcmfmac] - brcmf_attach+0x1fc/0x4b0 [brcmfmac] - ? __kmalloc+0x13c/0x1c0 - brcmf_pcie_setup+0x99b/0xe00 [brcmfmac] - brcmf_fw_request_done+0x16a/0x1f0 [brcmfmac] - request_firmware_work_func+0x36/0x60 - process_one_work+0x146/0x350 - worker_thread+0x4a/0x3b0 - kthread+0x102/0x140 - ? process_one_work+0x350/0x350 - ? kthread_bind+0x20/0x20 - ret_from_fork+0x35/0x40 - Code: 66 90 0f b7 07 55 48 89 e5 89 c2 88 47 02 88 47 03 66 81 e2 00 38 - 66 81 fa 00 18 74 6e 66 81 fa 00 20 74 39 66 81 fa 00 10 74 14 <0f> - 0b 66 25 00 c0 74 20 66 3d 00 c0 75 20 c6 47 04 01 5d c3 66 - ---[ end trace 550c46682415b26d ]--- - brcmfmac: brcmf_construct_chaninfo: Ignoring unexpected firmware channel 50 - -This patch adds the missing stuff to properly handle this. - -Reviewed-by: Hante Meuleman -Reviewed-by: Pieter-Paul Giesberts -Reviewed-by: Franky Lin -Signed-off-by: Arend van Spriel ---- - .../net/wireless/broadcom/brcm80211/brcmutil/d11.c | 34 +++++++++++++++++++++- - .../broadcom/brcm80211/include/brcmu_wifi.h | 2 ++ - 2 files changed, 35 insertions(+), 1 deletion(-) - ---- a/drivers/net/wireless/broadcom/brcm80211/brcmutil/d11.c -+++ b/drivers/net/wireless/broadcom/brcm80211/brcmutil/d11.c -@@ -77,6 +77,8 @@ static u16 d11ac_bw(enum brcmu_chan_bw b - return BRCMU_CHSPEC_D11AC_BW_40; - case BRCMU_CHAN_BW_80: - return BRCMU_CHSPEC_D11AC_BW_80; -+ case BRCMU_CHAN_BW_160: -+ return BRCMU_CHSPEC_D11AC_BW_160; - default: - WARN_ON(1); - } -@@ -190,8 +192,38 @@ static void brcmu_d11ac_decchspec(struct - break; - } - break; -- case BRCMU_CHSPEC_D11AC_BW_8080: - case BRCMU_CHSPEC_D11AC_BW_160: -+ switch (ch->sb) { -+ case BRCMU_CHAN_SB_LLL: -+ ch->control_ch_num -= CH_70MHZ_APART; -+ break; -+ case BRCMU_CHAN_SB_LLU: -+ ch->control_ch_num -= CH_50MHZ_APART; -+ break; -+ case BRCMU_CHAN_SB_LUL: -+ ch->control_ch_num -= CH_30MHZ_APART; -+ break; -+ case BRCMU_CHAN_SB_LUU: -+ ch->control_ch_num -= CH_10MHZ_APART; -+ break; -+ case BRCMU_CHAN_SB_ULL: -+ ch->control_ch_num += CH_10MHZ_APART; -+ break; -+ case BRCMU_CHAN_SB_ULU: -+ ch->control_ch_num += CH_30MHZ_APART; -+ break; -+ case BRCMU_CHAN_SB_UUL: -+ ch->control_ch_num += CH_50MHZ_APART; -+ break; -+ case BRCMU_CHAN_SB_UUU: -+ ch->control_ch_num += CH_70MHZ_APART; -+ break; -+ default: -+ WARN_ON_ONCE(1); -+ break; -+ } -+ break; -+ case BRCMU_CHSPEC_D11AC_BW_8080: - default: - WARN_ON_ONCE(1); - break; ---- a/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h -+++ b/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h -@@ -29,6 +29,8 @@ - #define CH_UPPER_SB 0x01 - #define CH_LOWER_SB 0x02 - #define CH_EWA_VALID 0x04 -+#define CH_70MHZ_APART 14 -+#define CH_50MHZ_APART 10 - #define CH_30MHZ_APART 6 - #define CH_20MHZ_APART 4 - #define CH_10MHZ_APART 2 diff --git a/package/kernel/mac80211/patches/345-0002-brcmfmac-increase-buffer-for-obtaining-firmware-capa.patch b/package/kernel/mac80211/patches/345-0002-brcmfmac-increase-buffer-for-obtaining-firmware-capa.patch deleted file mode 100644 index 11fb4bce45..0000000000 --- a/package/kernel/mac80211/patches/345-0002-brcmfmac-increase-buffer-for-obtaining-firmware-capa.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Arend van Spriel -Date: Wed, 5 Sep 2018 09:48:59 +0200 -Subject: [PATCH] brcmfmac: increase buffer for obtaining firmware capabilities - -When obtaining the firmware capability a buffer is provided of 512 -bytes. However, if all features in firmware are supported the buffer -needs to be 565 bytes as otherwise truncated information is retrieved -from firmware. Increasing the buffer to 768 bytes on stack. - -Reviewed-by: Hante Meuleman -Reviewed-by: Pieter-Paul Giesberts -Reviewed-by: Franky Lin -Signed-off-by: Arend van Spriel ---- - drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c -+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c -@@ -178,7 +178,7 @@ static void brcmf_feat_iovar_data_set(st - ifp->fwil_fwerr = false; - } - --#define MAX_CAPS_BUFFER_SIZE 512 -+#define MAX_CAPS_BUFFER_SIZE 768 - static void brcmf_feat_firmware_capabilities(struct brcmf_if *ifp) - { - char caps[MAX_CAPS_BUFFER_SIZE]; diff --git a/package/kernel/mac80211/patches/382-mac80211-Run-TXQ-teardown-code-before-de-registering.patch b/package/kernel/mac80211/patches/382-mac80211-Run-TXQ-teardown-code-before-de-registering.patch deleted file mode 100644 index ad282f9892..0000000000 --- a/package/kernel/mac80211/patches/382-mac80211-Run-TXQ-teardown-code-before-de-registering.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: =?UTF-8?q?Toke=20H=C3=B8iland-J=C3=B8rgensen?= -Date: Mon, 13 Aug 2018 14:16:25 +0200 -Subject: [PATCH] mac80211: Run TXQ teardown code before de-registering - interfaces -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The TXQ teardown code can reference the vif data structures that are -stored in the netdev private memory area if there are still packets on -the queue when it is being freed. Since the TXQ teardown code is run -after the netdevs are freed, this can lead to a use-after-free. Fix this -by moving the TXQ teardown code to earlier in ieee80211_unregister_hw(). - -Reported-by: Ben Greear -Tested-by: Ben Greear -Signed-off-by: Toke Høiland-Jørgensen -Signed-off-by: Johannes Berg ---- - ---- a/net/mac80211/main.c -+++ b/net/mac80211/main.c -@@ -1172,6 +1172,7 @@ void ieee80211_unregister_hw(struct ieee - #if IS_ENABLED(__disabled__CONFIG_IPV6) - unregister_inet6addr_notifier(&local->ifa6_notifier); - #endif -+ ieee80211_txq_teardown_flows(local); - - rtnl_lock(); - -@@ -1200,7 +1201,6 @@ void ieee80211_unregister_hw(struct ieee - skb_queue_purge(&local->skb_queue); - skb_queue_purge(&local->skb_queue_unreliable); - skb_queue_purge(&local->skb_queue_tdls_chsw); -- ieee80211_txq_teardown_flows(local); - - destroy_workqueue(local->workqueue); - wiphy_unregister(local->hw.wiphy); diff --git a/package/kernel/mac80211/patches/383-mac80211-mesh-fix-HWMP-sequence-numbering-to-follow-.patch b/package/kernel/mac80211/patches/383-mac80211-mesh-fix-HWMP-sequence-numbering-to-follow-.patch deleted file mode 100644 index e7b279af55..0000000000 --- a/package/kernel/mac80211/patches/383-mac80211-mesh-fix-HWMP-sequence-numbering-to-follow-.patch +++ /dev/null @@ -1,28 +0,0 @@ -From: Yuan-Chi Pang -Date: Wed, 29 Aug 2018 09:30:08 +0800 -Subject: [PATCH] mac80211: mesh: fix HWMP sequence numbering to follow - standard - -IEEE 802.11-2016 14.10.8.3 HWMP sequence numbering says: -If it is a target mesh STA, it shall update its own HWMP SN to -maximum (current HWMP SN, target HWMP SN in the PREQ element) + 1 -immediately before it generates a PREP element in response to a -PREQ element. - -Signed-off-by: Yuan-Chi Pang -Signed-off-by: Johannes Berg ---- - ---- a/net/mac80211/mesh_hwmp.c -+++ b/net/mac80211/mesh_hwmp.c -@@ -572,6 +572,10 @@ static void hwmp_preq_frame_process(stru - forward = false; - reply = true; - target_metric = 0; -+ -+ if (SN_GT(target_sn, ifmsh->sn)) -+ ifmsh->sn = target_sn; -+ - if (time_after(jiffies, ifmsh->last_sn_update + - net_traversal_jiffies(sdata)) || - time_before(jiffies, ifmsh->last_sn_update)) { diff --git a/package/kernel/mac80211/patches/384-mac80211-avoid-kernel-panic-when-building-AMSDU-from.patch b/package/kernel/mac80211/patches/384-mac80211-avoid-kernel-panic-when-building-AMSDU-from.patch deleted file mode 100644 index 66993839ee..0000000000 --- a/package/kernel/mac80211/patches/384-mac80211-avoid-kernel-panic-when-building-AMSDU-from.patch +++ /dev/null @@ -1,102 +0,0 @@ -From: Sara Sharon -Date: Wed, 29 Aug 2018 08:57:02 +0200 -Subject: [PATCH] mac80211: avoid kernel panic when building AMSDU from - non-linear SKB - -When building building AMSDU from non-linear SKB, we hit a -kernel panic when trying to push the padding to the tail. -Instead, put the padding at the head of the next subframe. -This also fixes the A-MSDU subframes to not have the padding -accounted in the length field and not have pad at all for -the last subframe, both required by the spec. - -Fixes: 6e0456b54545 ("mac80211: add A-MSDU tx support") -Signed-off-by: Sara Sharon -Reviewed-by: Lorenzo Bianconi -Signed-off-by: Johannes Berg ---- - ---- a/net/mac80211/tx.c -+++ b/net/mac80211/tx.c -@@ -3064,27 +3064,18 @@ void ieee80211_clear_fast_xmit(struct st - } - - static bool ieee80211_amsdu_realloc_pad(struct ieee80211_local *local, -- struct sk_buff *skb, int headroom, -- int *subframe_len) -+ struct sk_buff *skb, int headroom) - { -- int amsdu_len = *subframe_len + sizeof(struct ethhdr); -- int padding = (4 - amsdu_len) & 3; -- -- if (skb_headroom(skb) < headroom || skb_tailroom(skb) < padding) { -+ if (skb_headroom(skb) < headroom) { - I802_DEBUG_INC(local->tx_expand_skb_head); - -- if (pskb_expand_head(skb, headroom, padding, GFP_ATOMIC)) { -+ if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) { - wiphy_debug(local->hw.wiphy, - "failed to reallocate TX buffer\n"); - return false; - } - } - -- if (padding) { -- *subframe_len += padding; -- skb_put_zero(skb, padding); -- } -- - return true; - } - -@@ -3108,8 +3099,7 @@ static bool ieee80211_amsdu_prepare_head - if (info->control.flags & IEEE80211_TX_CTRL_AMSDU) - return true; - -- if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(*amsdu_hdr), -- &subframe_len)) -+ if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(*amsdu_hdr))) - return false; - - data = skb_push(skb, sizeof(*amsdu_hdr)); -@@ -3176,7 +3166,8 @@ static bool ieee80211_amsdu_aggregate(st - void *data; - bool ret = false; - unsigned int orig_len; -- int n = 1, nfrags; -+ int n = 1, nfrags, pad = 0; -+ u16 hdrlen; - - if (!ieee80211_hw_check(&local->hw, TX_AMSDU)) - return false; -@@ -3228,8 +3219,19 @@ static bool ieee80211_amsdu_aggregate(st - if (max_frags && nfrags > max_frags) - goto out; - -- if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(rfc1042_header) + 2, -- &subframe_len)) -+ /* -+ * Pad out the previous subframe to a multiple of 4 by adding the -+ * padding to the next one, that's being added. Note that head->len -+ * is the length of the full A-MSDU, but that works since each time -+ * we add a new subframe we pad out the previous one to a multiple -+ * of 4 and thus it no longer matters in the next round. -+ */ -+ hdrlen = fast_tx->hdr_len - sizeof(rfc1042_header); -+ if ((head->len - hdrlen) & 3) -+ pad = 4 - ((head->len - hdrlen) & 3); -+ -+ if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(rfc1042_header) + -+ 2 + pad)) - goto out; - - ret = true; -@@ -3241,6 +3243,8 @@ static bool ieee80211_amsdu_aggregate(st - memcpy(data, &len, 2); - memcpy(data + 2, rfc1042_header, sizeof(rfc1042_header)); - -+ memset(skb_push(skb, pad), 0, pad); -+ - head->len += skb->len; - head->data_len += skb->len; - *frag_tail = skb; diff --git a/package/kernel/mac80211/patches/385-cfg80211-nl80211_update_ft_ies-to-validate-NL80211_A.patch b/package/kernel/mac80211/patches/385-cfg80211-nl80211_update_ft_ies-to-validate-NL80211_A.patch deleted file mode 100644 index f4b14506a6..0000000000 --- a/package/kernel/mac80211/patches/385-cfg80211-nl80211_update_ft_ies-to-validate-NL80211_A.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Arunk Khandavalli -Date: Thu, 30 Aug 2018 00:40:16 +0300 -Subject: [PATCH] cfg80211: nl80211_update_ft_ies() to validate - NL80211_ATTR_IE - -nl80211_update_ft_ies() tried to validate NL80211_ATTR_IE with -is_valid_ie_attr() before dereferencing it, but that helper function -returns true in case of NULL pointer (i.e., attribute not included). -This can result to dereferencing a NULL pointer. Fix that by explicitly -checking that NL80211_ATTR_IE is included. - -Fixes: 355199e02b83 ("cfg80211: Extend support for IEEE 802.11r Fast BSS Transition") -Signed-off-by: Arunk Khandavalli -Signed-off-by: Jouni Malinen -Signed-off-by: Johannes Berg ---- - ---- a/net/wireless/nl80211.c -+++ b/net/wireless/nl80211.c -@@ -11763,6 +11763,7 @@ static int nl80211_update_ft_ies(struct - return -EOPNOTSUPP; - - if (!info->attrs[NL80211_ATTR_MDID] || -+ !info->attrs[NL80211_ATTR_IE] || - !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) - return -EINVAL; - diff --git a/package/kernel/mac80211/patches/386-mac80211-do-not-convert-to-A-MSDU-if-frag-subframe-l.patch b/package/kernel/mac80211/patches/386-mac80211-do-not-convert-to-A-MSDU-if-frag-subframe-l.patch deleted file mode 100644 index 1d88902251..0000000000 --- a/package/kernel/mac80211/patches/386-mac80211-do-not-convert-to-A-MSDU-if-frag-subframe-l.patch +++ /dev/null @@ -1,37 +0,0 @@ -From: Lorenzo Bianconi -Date: Wed, 29 Aug 2018 21:03:25 +0200 -Subject: [PATCH] mac80211: do not convert to A-MSDU if frag/subframe - limited - -Do not start to aggregate packets in a A-MSDU frame (converting the -first subframe to A-MSDU, adding the header) if max_tx_fragments or -max_amsdu_subframes limits are already exceeded by it. In particular, -this happens when drivers set the limit to 1 to avoid A-MSDUs at all. - -Signed-off-by: Lorenzo Bianconi -[reword commit message to be more precise] -Signed-off-by: Johannes Berg ---- - ---- a/net/mac80211/tx.c -+++ b/net/mac80211/tx.c -@@ -3201,9 +3201,6 @@ static bool ieee80211_amsdu_aggregate(st - if (skb->len + head->len > max_amsdu_len) - goto unlock; - -- if (!ieee80211_amsdu_prepare_head(sdata, fast_tx, head)) -- goto out; -- - nfrags = 1 + skb_shinfo(skb)->nr_frags; - nfrags += 1 + skb_shinfo(head)->nr_frags; - frag_tail = &skb_shinfo(head)->frag_list; -@@ -3219,6 +3216,9 @@ static bool ieee80211_amsdu_aggregate(st - if (max_frags && nfrags > max_frags) - goto out; - -+ if (!ieee80211_amsdu_prepare_head(sdata, fast_tx, head)) -+ goto out; -+ - /* - * Pad out the previous subframe to a multiple of 4 by adding the - * padding to the next one, that's being added. Note that head->len diff --git a/package/kernel/mac80211/patches/387-mac80211-always-account-for-A-MSDU-header-changes.patch b/package/kernel/mac80211/patches/387-mac80211-always-account-for-A-MSDU-header-changes.patch deleted file mode 100644 index 47942116bc..0000000000 --- a/package/kernel/mac80211/patches/387-mac80211-always-account-for-A-MSDU-header-changes.patch +++ /dev/null @@ -1,51 +0,0 @@ -From: Johannes Berg -Date: Thu, 30 Aug 2018 10:55:49 +0200 -Subject: [PATCH] mac80211: always account for A-MSDU header changes - -In the error path of changing the SKB headroom of the second -A-MSDU subframe, we would not account for the already-changed -length of the first frame that just got converted to be in -A-MSDU format and thus is a bit longer now. - -Fix this by doing the necessary accounting. - -It would be possible to reorder the operations, but that would -make the code more complex (to calculate the necessary pad), -and the headroom expansion should not fail frequently enough -to make that worthwhile. - -Fixes: 6e0456b54545 ("mac80211: add A-MSDU tx support") -Signed-off-by: Johannes Berg -Acked-by: Lorenzo Bianconi -Signed-off-by: Johannes Berg ---- - ---- a/net/mac80211/tx.c -+++ b/net/mac80211/tx.c -@@ -3232,7 +3232,7 @@ static bool ieee80211_amsdu_aggregate(st - - if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(rfc1042_header) + - 2 + pad)) -- goto out; -+ goto out_recalc; - - ret = true; - data = skb_push(skb, ETH_ALEN + 2); -@@ -3249,11 +3249,13 @@ static bool ieee80211_amsdu_aggregate(st - head->data_len += skb->len; - *frag_tail = skb; - -- flow->backlog += head->len - orig_len; -- tin->backlog_bytes += head->len - orig_len; -- -- fq_recalc_backlog(fq, tin, flow); -+out_recalc: -+ if (head->len != orig_len) { -+ flow->backlog += head->len - orig_len; -+ tin->backlog_bytes += head->len - orig_len; - -+ fq_recalc_backlog(fq, tin, flow); -+ } - out: - fq->memory_usage += head->truesize - orig_truesize; - diff --git a/package/kernel/mac80211/patches/388-mac80211-fix-an-off-by-one-issue-in-A-MSDU-max_subfr.patch b/package/kernel/mac80211/patches/388-mac80211-fix-an-off-by-one-issue-in-A-MSDU-max_subfr.patch deleted file mode 100644 index 455fa29831..0000000000 --- a/package/kernel/mac80211/patches/388-mac80211-fix-an-off-by-one-issue-in-A-MSDU-max_subfr.patch +++ /dev/null @@ -1,26 +0,0 @@ -From: Lorenzo Bianconi -Date: Fri, 31 Aug 2018 01:04:13 +0200 -Subject: [PATCH] mac80211: fix an off-by-one issue in A-MSDU - max_subframe computation - -Initialize 'n' to 2 in order to take into account also the first -packet in the estimation of max_subframe limit for a given A-MSDU -since frag_tail pointer is NULL when ieee80211_amsdu_aggregate -routine analyzes the second frame. - -Fixes: 6e0456b54545 ("mac80211: add A-MSDU tx support") -Signed-off-by: Lorenzo Bianconi -Signed-off-by: Johannes Berg ---- - ---- a/net/mac80211/tx.c -+++ b/net/mac80211/tx.c -@@ -3166,7 +3166,7 @@ static bool ieee80211_amsdu_aggregate(st - void *data; - bool ret = false; - unsigned int orig_len; -- int n = 1, nfrags, pad = 0; -+ int n = 2, nfrags, pad = 0; - u16 hdrlen; - - if (!ieee80211_hw_check(&local->hw, TX_AMSDU)) diff --git a/package/kernel/mac80211/patches/389-cfg80211-fix-a-type-issue-in-ieee80211_chandef_to_op.patch b/package/kernel/mac80211/patches/389-cfg80211-fix-a-type-issue-in-ieee80211_chandef_to_op.patch deleted file mode 100644 index 8437aad6a6..0000000000 --- a/package/kernel/mac80211/patches/389-cfg80211-fix-a-type-issue-in-ieee80211_chandef_to_op.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: Dan Carpenter -Date: Fri, 31 Aug 2018 11:10:55 +0300 -Subject: [PATCH] cfg80211: fix a type issue in - ieee80211_chandef_to_operating_class() - -The "chandef->center_freq1" variable is a u32 but "freq" is a u16 so we -are truncating away the high bits. I noticed this bug because in commit -9cf0a0b4b64a ("cfg80211: Add support for 60GHz band channels 5 and 6") -we made "freq <= 56160 + 2160 * 6" a valid requency when before it was -only "freq <= 56160 + 2160 * 4" that was valid. It introduces a static -checker warning: - - net/wireless/util.c:1571 ieee80211_chandef_to_operating_class() - warn: always true condition '(freq <= 56160 + 2160 * 6) => (0-u16max <= 69120)' - -But really we probably shouldn't have been truncating the high bits -away to begin with. - -Signed-off-by: Dan Carpenter -Signed-off-by: Johannes Berg ---- - ---- a/net/wireless/util.c -+++ b/net/wireless/util.c -@@ -1377,7 +1377,7 @@ bool ieee80211_chandef_to_operating_clas - u8 *op_class) - { - u8 vht_opclass; -- u16 freq = chandef->center_freq1; -+ u32 freq = chandef->center_freq1; - - if (freq >= 2412 && freq <= 2472) { - if (chandef->width > NL80211_CHAN_WIDTH_40) diff --git a/package/kernel/mac80211/patches/390-mac80211-fix-a-race-between-restart-and-CSA-flows.patch b/package/kernel/mac80211/patches/390-mac80211-fix-a-race-between-restart-and-CSA-flows.patch deleted file mode 100644 index db2aa0443f..0000000000 --- a/package/kernel/mac80211/patches/390-mac80211-fix-a-race-between-restart-and-CSA-flows.patch +++ /dev/null @@ -1,86 +0,0 @@ -From: Emmanuel Grumbach -Date: Fri, 31 Aug 2018 11:31:06 +0300 -Subject: [PATCH] mac80211: fix a race between restart and CSA flows - -We hit a problem with iwlwifi that was caused by a bug in -mac80211. A bug in iwlwifi caused the firwmare to crash in -certain cases in channel switch. Because of that bug, -drv_pre_channel_switch would fail and trigger the restart -flow. -Now we had the hw restart worker which runs on the system's -workqueue and the csa_connection_drop_work worker that runs -on mac80211's workqueue that can run together. This is -obviously problematic since the restart work wants to -reconfigure the connection, while the csa_connection_drop_work -worker does the exact opposite: it tries to disconnect. - -Fix this by cancelling the csa_connection_drop_work worker -in the restart worker. - -Note that this can sound racy: we could have: - -driver iface_work CSA_work restart_work -+++++++++++++++++++++++++++++++++++++++++++++ - | - <--drv_cs ---| - --CS FAILED--> - | | - | cancel_work(CSA) - schedule | - CSA work | - | | - Race between those 2 - -But this is not possible because we flush the workqueue -in the restart worker before we cancel the CSA worker. -That would be bullet proof if we could guarantee that -we schedule the CSA worker only from the iface_work -which runs on the workqueue (and not on the system's -workqueue), but unfortunately we do have an instance -in which we schedule the CSA work outside the context -of the workqueue (ieee80211_chswitch_done). - -Note also that we should probably cancel other workers -like beacon_connection_loss_work and possibly others -for different types of interfaces, at the very least, -IBSS should suffer from the exact same problem, but for -now, do the minimum to fix the actual bug that was actually -experienced and reproduced. - -Signed-off-by: Emmanuel Grumbach -Signed-off-by: Luca Coelho -Signed-off-by: Johannes Berg ---- - ---- a/net/mac80211/main.c -+++ b/net/mac80211/main.c -@@ -255,8 +255,27 @@ static void ieee80211_restart_work(struc - - flush_work(&local->radar_detected_work); - rtnl_lock(); -- list_for_each_entry(sdata, &local->interfaces, list) -+ list_for_each_entry(sdata, &local->interfaces, list) { -+ /* -+ * XXX: there may be more work for other vif types and even -+ * for station mode: a good thing would be to run most of -+ * the iface type's dependent _stop (ieee80211_mg_stop, -+ * ieee80211_ibss_stop) etc... -+ * For now, fix only the specific bug that was seen: race -+ * between csa_connection_drop_work and us. -+ */ -+ if (sdata->vif.type == NL80211_IFTYPE_STATION) { -+ /* -+ * This worker is scheduled from the iface worker that -+ * runs on mac80211's workqueue, so we can't be -+ * scheduling this worker after the cancel right here. -+ * The exception is ieee80211_chswitch_done. -+ * Then we can have a race... -+ */ -+ cancel_work_sync(&sdata->u.mgd.csa_connection_drop_work); -+ } - flush_delayed_work(&sdata->dec_tailroom_needed_wk); -+ } - ieee80211_scan_cancel(local); - - /* make sure any new ROC will consider local->in_reconfig */ diff --git a/package/kernel/mac80211/patches/391-mac80211-Fix-station-bandwidth-setting-after-channel.patch b/package/kernel/mac80211/patches/391-mac80211-Fix-station-bandwidth-setting-after-channel.patch deleted file mode 100644 index aa8db32e72..0000000000 --- a/package/kernel/mac80211/patches/391-mac80211-Fix-station-bandwidth-setting-after-channel.patch +++ /dev/null @@ -1,96 +0,0 @@ -From: Ilan Peer -Date: Fri, 31 Aug 2018 11:31:10 +0300 -Subject: [PATCH] mac80211: Fix station bandwidth setting after channel - switch - -When performing a channel switch flow for a managed interface, the -flow did not update the bandwidth of the AP station and the rate -scale algorithm. In case of a channel width downgrade, this would -result with the rate scale algorithm using a bandwidth that does not -match the interface channel configuration. - -Fix this by updating the AP station bandwidth and rate scaling algorithm -before the actual channel change in case of a bandwidth downgrade, or -after the actual channel change in case of a bandwidth upgrade. - -Signed-off-by: Ilan Peer -Signed-off-by: Luca Coelho -Signed-off-by: Johannes Berg ---- - ---- a/net/mac80211/mlme.c -+++ b/net/mac80211/mlme.c -@@ -975,6 +975,10 @@ static void ieee80211_chswitch_work(stru - */ - - if (sdata->reserved_chanctx) { -+ struct ieee80211_supported_band *sband = NULL; -+ struct sta_info *mgd_sta = NULL; -+ enum ieee80211_sta_rx_bandwidth bw = IEEE80211_STA_RX_BW_20; -+ - /* - * with multi-vif csa driver may call ieee80211_csa_finish() - * many times while waiting for other interfaces to use their -@@ -983,6 +987,48 @@ static void ieee80211_chswitch_work(stru - if (sdata->reserved_ready) - goto out; - -+ if (sdata->vif.bss_conf.chandef.width != -+ sdata->csa_chandef.width) { -+ /* -+ * For managed interface, we need to also update the AP -+ * station bandwidth and align the rate scale algorithm -+ * on the bandwidth change. Here we only consider the -+ * bandwidth of the new channel definition (as channel -+ * switch flow does not have the full HT/VHT/HE -+ * information), assuming that if additional changes are -+ * required they would be done as part of the processing -+ * of the next beacon from the AP. -+ */ -+ switch (sdata->csa_chandef.width) { -+ case NL80211_CHAN_WIDTH_20_NOHT: -+ case NL80211_CHAN_WIDTH_20: -+ default: -+ bw = IEEE80211_STA_RX_BW_20; -+ break; -+ case NL80211_CHAN_WIDTH_40: -+ bw = IEEE80211_STA_RX_BW_40; -+ break; -+ case NL80211_CHAN_WIDTH_80: -+ bw = IEEE80211_STA_RX_BW_80; -+ break; -+ case NL80211_CHAN_WIDTH_80P80: -+ case NL80211_CHAN_WIDTH_160: -+ bw = IEEE80211_STA_RX_BW_160; -+ break; -+ } -+ -+ mgd_sta = sta_info_get(sdata, ifmgd->bssid); -+ sband = -+ local->hw.wiphy->bands[sdata->csa_chandef.chan->band]; -+ } -+ -+ if (sdata->vif.bss_conf.chandef.width > -+ sdata->csa_chandef.width) { -+ mgd_sta->sta.bandwidth = bw; -+ rate_control_rate_update(local, sband, mgd_sta, -+ IEEE80211_RC_BW_CHANGED); -+ } -+ - ret = ieee80211_vif_use_reserved_context(sdata); - if (ret) { - sdata_info(sdata, -@@ -993,6 +1039,13 @@ static void ieee80211_chswitch_work(stru - goto out; - } - -+ if (sdata->vif.bss_conf.chandef.width < -+ sdata->csa_chandef.width) { -+ mgd_sta->sta.bandwidth = bw; -+ rate_control_rate_update(local, sband, mgd_sta, -+ IEEE80211_RC_BW_CHANGED); -+ } -+ - goto out; - } - diff --git a/package/kernel/mac80211/patches/392-mac80211-don-t-Tx-a-deauth-frame-if-the-AP-forbade-T.patch b/package/kernel/mac80211/patches/392-mac80211-don-t-Tx-a-deauth-frame-if-the-AP-forbade-T.patch deleted file mode 100644 index 74dd3d3775..0000000000 --- a/package/kernel/mac80211/patches/392-mac80211-don-t-Tx-a-deauth-frame-if-the-AP-forbade-T.patch +++ /dev/null @@ -1,78 +0,0 @@ -From: Emmanuel Grumbach -Date: Fri, 31 Aug 2018 11:31:12 +0300 -Subject: [PATCH] mac80211: don't Tx a deauth frame if the AP forbade Tx - -If the driver fails to properly prepare for the channel -switch, mac80211 will disconnect. If the CSA IE had mode -set to 1, it means that the clients are not allowed to send -any Tx on the current channel, and that includes the -deauthentication frame. - -Make sure that we don't send the deauthentication frame in -this case. - -In iwlwifi, this caused a failure to flush queues since the -firmware already closed the queues after having parsed the -CSA IE. Then mac80211 would wait until the deauthentication -frame would go out (drv_flush(drop=false)) and that would -never happen. - -Signed-off-by: Emmanuel Grumbach -Signed-off-by: Luca Coelho -Signed-off-by: Johannes Berg ---- - ---- a/net/mac80211/mlme.c -+++ b/net/mac80211/mlme.c -@@ -1267,6 +1267,16 @@ ieee80211_sta_process_chanswitch(struct - cbss->beacon_interval)); - return; - drop_connection: -+ /* -+ * This is just so that the disconnect flow will know that -+ * we were trying to switch channel and failed. In case the -+ * mode is 1 (we are not allowed to Tx), we will know not to -+ * send a deauthentication frame. Those two fields will be -+ * reset when the disconnection worker runs. -+ */ -+ sdata->vif.csa_active = true; -+ sdata->csa_block_tx = csa_ie.mode; -+ - ieee80211_queue_work(&local->hw, &ifmgd->csa_connection_drop_work); - mutex_unlock(&local->chanctx_mtx); - mutex_unlock(&local->mtx); -@@ -2437,6 +2447,7 @@ static void __ieee80211_disconnect(struc - struct ieee80211_local *local = sdata->local; - struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; - u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; -+ bool tx; - - sdata_lock(sdata); - if (!ifmgd->associated) { -@@ -2444,6 +2455,8 @@ static void __ieee80211_disconnect(struc - return; - } - -+ tx = !sdata->csa_block_tx; -+ - /* AP is probably out of range (or not reachable for another reason) so - * remove the bss struct for that AP. - */ -@@ -2451,7 +2464,7 @@ static void __ieee80211_disconnect(struc - - ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, - WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, -- true, frame_buf); -+ tx, frame_buf); - mutex_lock(&local->mtx); - sdata->vif.csa_active = false; - ifmgd->csa_waiting_bcn = false; -@@ -2462,7 +2475,7 @@ static void __ieee80211_disconnect(struc - } - mutex_unlock(&local->mtx); - -- ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true, -+ ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx, - WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); - - sdata_unlock(sdata); diff --git a/package/kernel/mac80211/patches/393-mac80211-shorten-the-IBSS-debug-messages.patch b/package/kernel/mac80211/patches/393-mac80211-shorten-the-IBSS-debug-messages.patch deleted file mode 100644 index fb5b282d1d..0000000000 --- a/package/kernel/mac80211/patches/393-mac80211-shorten-the-IBSS-debug-messages.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Emmanuel Grumbach -Date: Fri, 31 Aug 2018 11:31:13 +0300 -Subject: [PATCH] mac80211: shorten the IBSS debug messages - -When tracing is enabled, all the debug messages are recorded and must -not exceed MAX_MSG_LEN (100) columns. Longer debug messages grant the -user with: - -WARNING: CPU: 3 PID: 32642 at /tmp/wifi-core-20180806094828/src/iwlwifi-stack-dev/net/mac80211/./trace_msg.h:32 trace_event_raw_event_mac80211_msg_event+0xab/0xc0 [mac80211] -Workqueue: phy1 ieee80211_iface_work [mac80211] - RIP: 0010:trace_event_raw_event_mac80211_msg_event+0xab/0xc0 [mac80211] - Call Trace: - __sdata_dbg+0xbd/0x120 [mac80211] - ieee80211_ibss_rx_queued_mgmt+0x15f/0x510 [mac80211] - ieee80211_iface_work+0x21d/0x320 [mac80211] - -Signed-off-by: Emmanuel Grumbach -Signed-off-by: Luca Coelho -Signed-off-by: Johannes Berg ---- - ---- a/net/mac80211/ibss.c -+++ b/net/mac80211/ibss.c -@@ -947,8 +947,8 @@ static void ieee80211_rx_mgmt_deauth_ibs - if (len < IEEE80211_DEAUTH_FRAME_LEN) - return; - -- ibss_dbg(sdata, "RX DeAuth SA=%pM DA=%pM BSSID=%pM (reason: %d)\n", -- mgmt->sa, mgmt->da, mgmt->bssid, reason); -+ ibss_dbg(sdata, "RX DeAuth SA=%pM DA=%pM\n", mgmt->sa, mgmt->da); -+ ibss_dbg(sdata, "\tBSSID=%pM (reason: %d)\n", mgmt->bssid, reason); - sta_info_destroy_addr(sdata, mgmt->sa); - } - -@@ -966,9 +966,9 @@ static void ieee80211_rx_mgmt_auth_ibss( - auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); - auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); - -- ibss_dbg(sdata, -- "RX Auth SA=%pM DA=%pM BSSID=%pM (auth_transaction=%d)\n", -- mgmt->sa, mgmt->da, mgmt->bssid, auth_transaction); -+ ibss_dbg(sdata, "RX Auth SA=%pM DA=%pM\n", mgmt->sa, mgmt->da); -+ ibss_dbg(sdata, "\tBSSID=%pM (auth_transaction=%d)\n", -+ mgmt->bssid, auth_transaction); - - if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1) - return; -@@ -1175,10 +1175,10 @@ static void ieee80211_rx_bss_info(struct - rx_timestamp = drv_get_tsf(local, sdata); - } - -- ibss_dbg(sdata, -- "RX beacon SA=%pM BSSID=%pM TSF=0x%llx BCN=0x%llx diff=%lld @%lu\n", -+ ibss_dbg(sdata, "RX beacon SA=%pM BSSID=%pM TSF=0x%llx\n", - mgmt->sa, mgmt->bssid, -- (unsigned long long)rx_timestamp, -+ (unsigned long long)rx_timestamp); -+ ibss_dbg(sdata, "\tBCN=0x%llx diff=%lld @%lu\n", - (unsigned long long)beacon_timestamp, - (unsigned long long)(rx_timestamp - beacon_timestamp), - jiffies); -@@ -1537,9 +1537,9 @@ static void ieee80211_rx_mgmt_probe_req( - - tx_last_beacon = drv_tx_last_beacon(local); - -- ibss_dbg(sdata, -- "RX ProbeReq SA=%pM DA=%pM BSSID=%pM (tx_last_beacon=%d)\n", -- mgmt->sa, mgmt->da, mgmt->bssid, tx_last_beacon); -+ ibss_dbg(sdata, "RX ProbeReq SA=%pM DA=%pM\n", mgmt->sa, mgmt->da); -+ ibss_dbg(sdata, "\tBSSID=%pM (tx_last_beacon=%d)\n", -+ mgmt->bssid, tx_last_beacon); - - if (!tx_last_beacon && is_multicast_ether_addr(mgmt->da)) - return; diff --git a/package/kernel/mac80211/patches/394-mac80211-allocate-TXQs-for-active-monitor-interfaces.patch b/package/kernel/mac80211/patches/394-mac80211-allocate-TXQs-for-active-monitor-interfaces.patch deleted file mode 100644 index c5c6586652..0000000000 --- a/package/kernel/mac80211/patches/394-mac80211-allocate-TXQs-for-active-monitor-interfaces.patch +++ /dev/null @@ -1,26 +0,0 @@ -From: Felix Fietkau -Date: Sat, 22 Sep 2018 15:05:59 +0200 -Subject: [PATCH] mac80211: allocate TXQs for active monitor interfaces - -Monitor mode interfaces with the active flag are passed down to the driver. -Drivers using TXQ expect that all interfaces have allocated TXQs before -they get added. - -Fixes: 79af1f866193d ("mac80211: avoid allocating TXQs that won't be used") -Cc: stable@vger.kernel.org -Reported-by: Catrinel Catrinescu -Signed-off-by: Felix Fietkau ---- - ---- a/net/mac80211/iface.c -+++ b/net/mac80211/iface.c -@@ -1816,7 +1816,8 @@ int ieee80211_if_add(struct ieee80211_lo - - if (local->ops->wake_tx_queue && - type != NL80211_IFTYPE_AP_VLAN && -- type != NL80211_IFTYPE_MONITOR) -+ (type != NL80211_IFTYPE_MONITOR || -+ (params->flags & MONITOR_FLAG_ACTIVE))) - txq_size += sizeof(struct txq_info) + - local->hw.txq_data_size; - diff --git a/package/kernel/mac80211/patches/395-ath9k-add-back-support-for-using-active-monitor-inte.patch b/package/kernel/mac80211/patches/395-ath9k-add-back-support-for-using-active-monitor-inte.patch deleted file mode 100644 index abd0fdc210..0000000000 --- a/package/kernel/mac80211/patches/395-ath9k-add-back-support-for-using-active-monitor-inte.patch +++ /dev/null @@ -1,96 +0,0 @@ -From: Felix Fietkau -Date: Sat, 22 Sep 2018 15:20:50 +0200 -Subject: [PATCH] ath9k: add back support for using active monitor interfaces - for tx99 - -Various documented examples on how to set up tx99 with ath9k rely -on setting up a regular monitor interface for setting the channel. -My previous patch "ath9k: fix tx99 with monitor mode interface" made -it possible to set it up this way again. However, it was removing support -for using an active monitor interface, which is required for controlling -the bitrate as well, since the bitrate is not passed down with a regular -monitor interface. - -This patch partially reverts the previous one, but keeps support for using -a regular monitor interface to keep documented steps working in cases -where the bitrate does not matter - -Fixes: d9c52fd17cb48 ("ath9k: fix tx99 with monitor mode interface") -Signed-off-by: Felix Fietkau ---- - ---- a/drivers/net/wireless/ath/ath9k/ath9k.h -+++ b/drivers/net/wireless/ath/ath9k/ath9k.h -@@ -1074,6 +1074,7 @@ struct ath_softc { - - struct ath_spec_scan_priv spec_priv; - -+ struct ieee80211_vif *tx99_vif; - struct sk_buff *tx99_skb; - bool tx99_state; - s16 tx99_power; ---- a/drivers/net/wireless/ath/ath9k/main.c -+++ b/drivers/net/wireless/ath/ath9k/main.c -@@ -1251,8 +1251,13 @@ static int ath9k_add_interface(struct ie - struct ath_vif *avp = (void *)vif->drv_priv; - struct ath_node *an = &avp->mcast_node; - -- if (IS_ENABLED(CPTCFG_ATH9K_TX99)) -- return -EOPNOTSUPP; -+ if (IS_ENABLED(CPTCFG_ATH9K_TX99)) { -+ if (sc->cur_chan->nvifs >= 1) { -+ mutex_unlock(&sc->mutex); -+ return -EOPNOTSUPP; -+ } -+ sc->tx99_vif = vif; -+ } - - mutex_lock(&sc->mutex); - -@@ -1337,6 +1342,7 @@ static void ath9k_remove_interface(struc - ath9k_p2p_remove_vif(sc, vif); - - sc->cur_chan->nvifs--; -+ sc->tx99_vif = NULL; - if (!ath9k_is_chanctx_enabled()) - list_del(&avp->list); - ---- a/drivers/net/wireless/ath/ath9k/tx99.c -+++ b/drivers/net/wireless/ath/ath9k/tx99.c -@@ -54,6 +54,7 @@ static struct sk_buff *ath9k_build_tx99_ - struct ieee80211_hdr *hdr; - struct ieee80211_tx_info *tx_info; - struct sk_buff *skb; -+ struct ath_vif *avp; - - skb = alloc_skb(len, GFP_KERNEL); - if (!skb) -@@ -71,11 +72,17 @@ static struct sk_buff *ath9k_build_tx99_ - memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN); - memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN); - -+ if (sc->tx99_vif) { -+ avp = (struct ath_vif *) sc->tx99_vif->drv_priv; -+ hdr->seq_ctrl |= cpu_to_le16(avp->seq_no); -+ } -+ - tx_info = IEEE80211_SKB_CB(skb); - memset(tx_info, 0, sizeof(*tx_info)); - rate = &tx_info->control.rates[0]; - tx_info->band = sc->cur_chan->chandef.chan->band; - tx_info->flags = IEEE80211_TX_CTL_NO_ACK; -+ tx_info->control.vif = sc->tx99_vif; - rate->count = 1; - if (ah->curchan && IS_CHAN_HT(ah->curchan)) { - rate->flags |= IEEE80211_TX_RC_MCS; ---- a/drivers/net/wireless/ath/ath9k/xmit.c -+++ b/drivers/net/wireless/ath/ath9k/xmit.c -@@ -2973,7 +2973,7 @@ int ath9k_tx99_send(struct ath_softc *sc - return -EINVAL; - } - -- ath_set_rates(NULL, NULL, bf); -+ ath_set_rates(sc->tx99_vif, NULL, bf); - - ath9k_hw_set_desc_link(sc->sc_ah, bf->bf_desc, bf->bf_daddr); - ath9k_hw_tx99_start(sc->sc_ah, txctl->txq->axq_qnum); diff --git a/package/kernel/mac80211/patches/ath/395-ath9k-add-back-support-for-using-active-monitor-inte.patch b/package/kernel/mac80211/patches/ath/395-ath9k-add-back-support-for-using-active-monitor-inte.patch new file mode 100644 index 0000000000..abd0fdc210 --- /dev/null +++ b/package/kernel/mac80211/patches/ath/395-ath9k-add-back-support-for-using-active-monitor-inte.patch @@ -0,0 +1,96 @@ +From: Felix Fietkau +Date: Sat, 22 Sep 2018 15:20:50 +0200 +Subject: [PATCH] ath9k: add back support for using active monitor interfaces + for tx99 + +Various documented examples on how to set up tx99 with ath9k rely +on setting up a regular monitor interface for setting the channel. +My previous patch "ath9k: fix tx99 with monitor mode interface" made +it possible to set it up this way again. However, it was removing support +for using an active monitor interface, which is required for controlling +the bitrate as well, since the bitrate is not passed down with a regular +monitor interface. + +This patch partially reverts the previous one, but keeps support for using +a regular monitor interface to keep documented steps working in cases +where the bitrate does not matter + +Fixes: d9c52fd17cb48 ("ath9k: fix tx99 with monitor mode interface") +Signed-off-by: Felix Fietkau +--- + +--- a/drivers/net/wireless/ath/ath9k/ath9k.h ++++ b/drivers/net/wireless/ath/ath9k/ath9k.h +@@ -1074,6 +1074,7 @@ struct ath_softc { + + struct ath_spec_scan_priv spec_priv; + ++ struct ieee80211_vif *tx99_vif; + struct sk_buff *tx99_skb; + bool tx99_state; + s16 tx99_power; +--- a/drivers/net/wireless/ath/ath9k/main.c ++++ b/drivers/net/wireless/ath/ath9k/main.c +@@ -1251,8 +1251,13 @@ static int ath9k_add_interface(struct ie + struct ath_vif *avp = (void *)vif->drv_priv; + struct ath_node *an = &avp->mcast_node; + +- if (IS_ENABLED(CPTCFG_ATH9K_TX99)) +- return -EOPNOTSUPP; ++ if (IS_ENABLED(CPTCFG_ATH9K_TX99)) { ++ if (sc->cur_chan->nvifs >= 1) { ++ mutex_unlock(&sc->mutex); ++ return -EOPNOTSUPP; ++ } ++ sc->tx99_vif = vif; ++ } + + mutex_lock(&sc->mutex); + +@@ -1337,6 +1342,7 @@ static void ath9k_remove_interface(struc + ath9k_p2p_remove_vif(sc, vif); + + sc->cur_chan->nvifs--; ++ sc->tx99_vif = NULL; + if (!ath9k_is_chanctx_enabled()) + list_del(&avp->list); + +--- a/drivers/net/wireless/ath/ath9k/tx99.c ++++ b/drivers/net/wireless/ath/ath9k/tx99.c +@@ -54,6 +54,7 @@ static struct sk_buff *ath9k_build_tx99_ + struct ieee80211_hdr *hdr; + struct ieee80211_tx_info *tx_info; + struct sk_buff *skb; ++ struct ath_vif *avp; + + skb = alloc_skb(len, GFP_KERNEL); + if (!skb) +@@ -71,11 +72,17 @@ static struct sk_buff *ath9k_build_tx99_ + memcpy(hdr->addr2, hw->wiphy->perm_addr, ETH_ALEN); + memcpy(hdr->addr3, hw->wiphy->perm_addr, ETH_ALEN); + ++ if (sc->tx99_vif) { ++ avp = (struct ath_vif *) sc->tx99_vif->drv_priv; ++ hdr->seq_ctrl |= cpu_to_le16(avp->seq_no); ++ } ++ + tx_info = IEEE80211_SKB_CB(skb); + memset(tx_info, 0, sizeof(*tx_info)); + rate = &tx_info->control.rates[0]; + tx_info->band = sc->cur_chan->chandef.chan->band; + tx_info->flags = IEEE80211_TX_CTL_NO_ACK; ++ tx_info->control.vif = sc->tx99_vif; + rate->count = 1; + if (ah->curchan && IS_CHAN_HT(ah->curchan)) { + rate->flags |= IEEE80211_TX_RC_MCS; +--- a/drivers/net/wireless/ath/ath9k/xmit.c ++++ b/drivers/net/wireless/ath/ath9k/xmit.c +@@ -2973,7 +2973,7 @@ int ath9k_tx99_send(struct ath_softc *sc + return -EINVAL; + } + +- ath_set_rates(NULL, NULL, bf); ++ ath_set_rates(sc->tx99_vif, NULL, bf); + + ath9k_hw_set_desc_link(sc->sc_ah, bf->bf_desc, bf->bf_daddr); + ath9k_hw_tx99_start(sc->sc_ah, txctl->txq->axq_qnum); diff --git a/package/kernel/mac80211/patches/brcm/342-0001-brcmfmac-add-CYW89342-mini-PCIe-device.patch b/package/kernel/mac80211/patches/brcm/342-0001-brcmfmac-add-CYW89342-mini-PCIe-device.patch new file mode 100644 index 0000000000..d0d9b20373 --- /dev/null +++ b/package/kernel/mac80211/patches/brcm/342-0001-brcmfmac-add-CYW89342-mini-PCIe-device.patch @@ -0,0 +1,25 @@ +From 2fef681a4cf7994c882190fd2417b95f30510afb Mon Sep 17 00:00:00 2001 +From: Jia-Shyr Chuang +Date: Wed, 15 Aug 2018 04:23:09 -0500 +Subject: [PATCH] brcmfmac: add CYW89342 mini-PCIe device + +CYW89342 is a 2x2 MIMO, 802.11a/b/g/n/ac for WLAN. It is a member of +4355/4359 family. + +Signed-off-by: Jia-Shyr Chuang +Signed-off-by: Chi-Hsien Lin +Signed-off-by: Kalle Valo +--- + drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c +@@ -2017,6 +2017,7 @@ static const struct dev_pm_ops brcmf_pci + + static const struct pci_device_id brcmf_pcie_devid_table[] = { + BRCMF_PCIE_DEVICE(BRCM_PCIE_4350_DEVICE_ID), ++ BRCMF_PCIE_DEVICE_SUB(0x4355, BRCM_PCIE_VENDOR_ID_BROADCOM, 0x4355), + BRCMF_PCIE_DEVICE(BRCM_PCIE_4356_DEVICE_ID), + BRCMF_PCIE_DEVICE(BRCM_PCIE_43567_DEVICE_ID), + BRCMF_PCIE_DEVICE(BRCM_PCIE_43570_DEVICE_ID), diff --git a/package/kernel/mac80211/patches/brcm/344-0001-brcmfmac-fix-wrong-strnchr-usage.patch b/package/kernel/mac80211/patches/brcm/344-0001-brcmfmac-fix-wrong-strnchr-usage.patch new file mode 100644 index 0000000000..8267b37864 --- /dev/null +++ b/package/kernel/mac80211/patches/brcm/344-0001-brcmfmac-fix-wrong-strnchr-usage.patch @@ -0,0 +1,38 @@ +From cb18e2e9ec71d42409a51b83546686c609780dde Mon Sep 17 00:00:00 2001 +From: Rasmus Villemoes +Date: Wed, 22 Aug 2018 15:22:15 +0200 +Subject: [PATCH] brcmfmac: fix wrong strnchr usage + +strnchr takes arguments in the order of its name: string, max bytes to +read, character to search for. Here we're passing '\n' aka 10 as the +buffer size, and searching for sizeof(buf) aka BRCMF_DCMD_SMLEN aka +256 (aka '\0', since it's implicitly converted to char) within those 10 +bytes. + +Just interchanging the last two arguments would still leave a bug, +because if we've been successful once, there are not sizeof(buf) +characters left after the new value of p. + +Since clmver is immediately afterwards passed as a %s argument, I assume +that it is actually a properly nul-terminated string. For that case, we +have strreplace(). + +Signed-off-by: Rasmus Villemoes +Signed-off-by: Kalle Valo +--- + drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c +@@ -296,9 +296,7 @@ int brcmf_c_preinit_dcmds(struct brcmf_i + /* Replace all newline/linefeed characters with space + * character + */ +- ptr = clmver; +- while ((ptr = strnchr(ptr, '\n', sizeof(buf))) != NULL) +- *ptr = ' '; ++ strreplace(clmver, '\n', ' '); + + brcmf_dbg(INFO, "CLM version = %s\n", clmver); + } diff --git a/package/kernel/mac80211/patches/brcm/345-0001-brcmfmac-fix-for-proper-support-of-160MHz-bandwidth.patch b/package/kernel/mac80211/patches/brcm/345-0001-brcmfmac-fix-for-proper-support-of-160MHz-bandwidth.patch new file mode 100644 index 0000000000..6e96578990 --- /dev/null +++ b/package/kernel/mac80211/patches/brcm/345-0001-brcmfmac-fix-for-proper-support-of-160MHz-bandwidth.patch @@ -0,0 +1,117 @@ +From: Arend van Spriel +Date: Wed, 5 Sep 2018 09:48:58 +0200 +Subject: [PATCH] brcmfmac: fix for proper support of 160MHz bandwidth + +Decoding of firmware channel information was not complete for 160MHz +support. This resulted in the following warning: + + WARNING: CPU: 2 PID: 2222 at .../broadcom/brcm80211/brcmutil/d11.c:196 + brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil] + Modules linked in: brcmfmac(O) brcmutil(O) sha256_generic cfg80211 ... + CPU: 2 PID: 2222 Comm: kworker/2:0 Tainted: G O + 4.17.0-wt-testing-x64-00002-gf1bed50 #1 + Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011 + Workqueue: events request_firmware_work_func + RIP: 0010:brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil] + RSP: 0018:ffffc90000047bd0 EFLAGS: 00010206 + RAX: 000000000000e832 RBX: ffff8801146fe910 RCX: ffff8801146fd3c0 + RDX: 0000000000002800 RSI: 0000000000000070 RDI: ffffc90000047c30 + RBP: ffffc90000047bd0 R08: 0000000000000000 R09: ffffffffa0798c80 + R10: ffff88012bca55e0 R11: ffff880110a4ea00 R12: ffff8801146f8000 + R13: ffffc90000047c30 R14: ffff8801146fe930 R15: ffff8801138e02e0 + FS: 0000000000000000(0000) GS:ffff88012bc80000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00007f18ce8b8070 CR3: 000000000200a003 CR4: 00000000000206e0 + Call Trace: + brcmf_setup_wiphybands+0x212/0x780 [brcmfmac] + brcmf_cfg80211_attach+0xae2/0x11a0 [brcmfmac] + brcmf_attach+0x1fc/0x4b0 [brcmfmac] + ? __kmalloc+0x13c/0x1c0 + brcmf_pcie_setup+0x99b/0xe00 [brcmfmac] + brcmf_fw_request_done+0x16a/0x1f0 [brcmfmac] + request_firmware_work_func+0x36/0x60 + process_one_work+0x146/0x350 + worker_thread+0x4a/0x3b0 + kthread+0x102/0x140 + ? process_one_work+0x350/0x350 + ? kthread_bind+0x20/0x20 + ret_from_fork+0x35/0x40 + Code: 66 90 0f b7 07 55 48 89 e5 89 c2 88 47 02 88 47 03 66 81 e2 00 38 + 66 81 fa 00 18 74 6e 66 81 fa 00 20 74 39 66 81 fa 00 10 74 14 <0f> + 0b 66 25 00 c0 74 20 66 3d 00 c0 75 20 c6 47 04 01 5d c3 66 + ---[ end trace 550c46682415b26d ]--- + brcmfmac: brcmf_construct_chaninfo: Ignoring unexpected firmware channel 50 + +This patch adds the missing stuff to properly handle this. + +Reviewed-by: Hante Meuleman +Reviewed-by: Pieter-Paul Giesberts +Reviewed-by: Franky Lin +Signed-off-by: Arend van Spriel +--- + .../net/wireless/broadcom/brcm80211/brcmutil/d11.c | 34 +++++++++++++++++++++- + .../broadcom/brcm80211/include/brcmu_wifi.h | 2 ++ + 2 files changed, 35 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmutil/d11.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmutil/d11.c +@@ -77,6 +77,8 @@ static u16 d11ac_bw(enum brcmu_chan_bw b + return BRCMU_CHSPEC_D11AC_BW_40; + case BRCMU_CHAN_BW_80: + return BRCMU_CHSPEC_D11AC_BW_80; ++ case BRCMU_CHAN_BW_160: ++ return BRCMU_CHSPEC_D11AC_BW_160; + default: + WARN_ON(1); + } +@@ -190,8 +192,38 @@ static void brcmu_d11ac_decchspec(struct + break; + } + break; +- case BRCMU_CHSPEC_D11AC_BW_8080: + case BRCMU_CHSPEC_D11AC_BW_160: ++ switch (ch->sb) { ++ case BRCMU_CHAN_SB_LLL: ++ ch->control_ch_num -= CH_70MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_LLU: ++ ch->control_ch_num -= CH_50MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_LUL: ++ ch->control_ch_num -= CH_30MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_LUU: ++ ch->control_ch_num -= CH_10MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_ULL: ++ ch->control_ch_num += CH_10MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_ULU: ++ ch->control_ch_num += CH_30MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_UUL: ++ ch->control_ch_num += CH_50MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_UUU: ++ ch->control_ch_num += CH_70MHZ_APART; ++ break; ++ default: ++ WARN_ON_ONCE(1); ++ break; ++ } ++ break; ++ case BRCMU_CHSPEC_D11AC_BW_8080: + default: + WARN_ON_ONCE(1); + break; +--- a/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h ++++ b/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h +@@ -29,6 +29,8 @@ + #define CH_UPPER_SB 0x01 + #define CH_LOWER_SB 0x02 + #define CH_EWA_VALID 0x04 ++#define CH_70MHZ_APART 14 ++#define CH_50MHZ_APART 10 + #define CH_30MHZ_APART 6 + #define CH_20MHZ_APART 4 + #define CH_10MHZ_APART 2 diff --git a/package/kernel/mac80211/patches/brcm/345-0002-brcmfmac-increase-buffer-for-obtaining-firmware-capa.patch b/package/kernel/mac80211/patches/brcm/345-0002-brcmfmac-increase-buffer-for-obtaining-firmware-capa.patch new file mode 100644 index 0000000000..11fb4bce45 --- /dev/null +++ b/package/kernel/mac80211/patches/brcm/345-0002-brcmfmac-increase-buffer-for-obtaining-firmware-capa.patch @@ -0,0 +1,28 @@ +From: Arend van Spriel +Date: Wed, 5 Sep 2018 09:48:59 +0200 +Subject: [PATCH] brcmfmac: increase buffer for obtaining firmware capabilities + +When obtaining the firmware capability a buffer is provided of 512 +bytes. However, if all features in firmware are supported the buffer +needs to be 565 bytes as otherwise truncated information is retrieved +from firmware. Increasing the buffer to 768 bytes on stack. + +Reviewed-by: Hante Meuleman +Reviewed-by: Pieter-Paul Giesberts +Reviewed-by: Franky Lin +Signed-off-by: Arend van Spriel +--- + drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c +@@ -178,7 +178,7 @@ static void brcmf_feat_iovar_data_set(st + ifp->fwil_fwerr = false; + } + +-#define MAX_CAPS_BUFFER_SIZE 512 ++#define MAX_CAPS_BUFFER_SIZE 768 + static void brcmf_feat_firmware_capabilities(struct brcmf_if *ifp) + { + char caps[MAX_CAPS_BUFFER_SIZE]; diff --git a/package/kernel/mac80211/patches/subsys/394-mac80211-allocate-TXQs-for-active-monitor-interfaces.patch b/package/kernel/mac80211/patches/subsys/394-mac80211-allocate-TXQs-for-active-monitor-interfaces.patch new file mode 100644 index 0000000000..e959bc91ab --- /dev/null +++ b/package/kernel/mac80211/patches/subsys/394-mac80211-allocate-TXQs-for-active-monitor-interfaces.patch @@ -0,0 +1,26 @@ +From: Felix Fietkau +Date: Sat, 22 Sep 2018 15:05:59 +0200 +Subject: [PATCH] mac80211: allocate TXQs for active monitor interfaces + +Monitor mode interfaces with the active flag are passed down to the driver. +Drivers using TXQ expect that all interfaces have allocated TXQs before +they get added. + +Fixes: 79af1f866193d ("mac80211: avoid allocating TXQs that won't be used") +Cc: stable@vger.kernel.org +Reported-by: Catrinel Catrinescu +Signed-off-by: Felix Fietkau +--- + +--- a/net/mac80211/iface.c ++++ b/net/mac80211/iface.c +@@ -1834,7 +1834,8 @@ int ieee80211_if_add(struct ieee80211_lo + + if (local->ops->wake_tx_queue && + type != NL80211_IFTYPE_AP_VLAN && +- type != NL80211_IFTYPE_MONITOR) ++ (type != NL80211_IFTYPE_MONITOR || ++ (params->flags & MONITOR_FLAG_ACTIVE))) + txq_size += sizeof(struct txq_info) + + local->hw.txq_data_size; +