diff options
10 files changed, 728 insertions, 205 deletions
diff --git a/package/kernel/mac80211/patches/ath11k/0048-wifi-ath11k-fix-BUFFER_DONE-read-on-monitor-ring-rx-.patch b/package/kernel/mac80211/patches/ath11k/0048-wifi-ath11k-fix-BUFFER_DONE-read-on-monitor-ring-rx-.patch new file mode 100644 index 0000000000..3e22645331 --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0048-wifi-ath11k-fix-BUFFER_DONE-read-on-monitor-ring-rx-.patch @@ -0,0 +1,130 @@ +From 68e93ac5a31d4975b25f819b2dfe914c72abc3bb Mon Sep 17 00:00:00 2001 +From: Harshitha Prem <quic_hprem@quicinc.com> +Date: Wed, 15 Mar 2023 12:24:43 +0200 +Subject: [PATCH] wifi: ath11k: fix BUFFER_DONE read on monitor ring rx buffer + +Perform dma_sync_single_for_cpu() on monitor ring rx buffer before +reading BUFFER_DONE tag and do dma_unmap_single() only after device +had set BUFFER_DONE tag to the buffer. + +Also when BUFFER_DONE tag is not set, allow the buffer to get read +next time without freeing skb. + +This helps to fix AP+Monitor VAP with flood traffic scenario to see +monitor ring rx buffer overrun missing BUFFER_DONE tag to be set. + +Also remove redundant rx dma buf free performed on DP +rx_mon_status_refill_ring. + +Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 + +Signed-off-by: Sathishkumar Muruganandam <quic_murugana@quicinc.com> +Signed-off-by: Harshitha Prem <quic_hprem@quicinc.com> +Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> +Link: https://lore.kernel.org/r/20230309164434.32660-1-quic_hprem@quicinc.com +--- + drivers/net/wireless/ath/ath11k/dp_rx.c | 57 ++++++++++--------------- + 1 file changed, 23 insertions(+), 34 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/dp_rx.c ++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c +@@ -435,7 +435,6 @@ fail_free_skb: + static int ath11k_dp_rxdma_buf_ring_free(struct ath11k *ar, + struct dp_rxdma_ring *rx_ring) + { +- struct ath11k_pdev_dp *dp = &ar->dp; + struct sk_buff *skb; + int buf_id; + +@@ -453,28 +452,6 @@ static int ath11k_dp_rxdma_buf_ring_free + idr_destroy(&rx_ring->bufs_idr); + spin_unlock_bh(&rx_ring->idr_lock); + +- /* if rxdma1_enable is false, mon_status_refill_ring +- * isn't setup, so don't clean. +- */ +- if (!ar->ab->hw_params.rxdma1_enable) +- return 0; +- +- rx_ring = &dp->rx_mon_status_refill_ring[0]; +- +- spin_lock_bh(&rx_ring->idr_lock); +- idr_for_each_entry(&rx_ring->bufs_idr, skb, buf_id) { +- idr_remove(&rx_ring->bufs_idr, buf_id); +- /* XXX: Understand where internal driver does this dma_unmap +- * of rxdma_buffer. +- */ +- dma_unmap_single(ar->ab->dev, ATH11K_SKB_RXCB(skb)->paddr, +- skb->len + skb_tailroom(skb), DMA_BIDIRECTIONAL); +- dev_kfree_skb_any(skb); +- } +- +- idr_destroy(&rx_ring->bufs_idr); +- spin_unlock_bh(&rx_ring->idr_lock); +- + return 0; + } + +@@ -3029,39 +3006,51 @@ static int ath11k_dp_rx_reap_mon_status_ + + spin_lock_bh(&rx_ring->idr_lock); + skb = idr_find(&rx_ring->bufs_idr, buf_id); ++ spin_unlock_bh(&rx_ring->idr_lock); ++ + if (!skb) { + ath11k_warn(ab, "rx monitor status with invalid buf_id %d\n", + buf_id); +- spin_unlock_bh(&rx_ring->idr_lock); + pmon->buf_state = DP_MON_STATUS_REPLINISH; + goto move_next; + } + +- idr_remove(&rx_ring->bufs_idr, buf_id); +- spin_unlock_bh(&rx_ring->idr_lock); +- + rxcb = ATH11K_SKB_RXCB(skb); + +- dma_unmap_single(ab->dev, rxcb->paddr, +- skb->len + skb_tailroom(skb), +- DMA_FROM_DEVICE); ++ dma_sync_single_for_cpu(ab->dev, rxcb->paddr, ++ skb->len + skb_tailroom(skb), ++ DMA_FROM_DEVICE); + + tlv = (struct hal_tlv_hdr *)skb->data; + if (FIELD_GET(HAL_TLV_HDR_TAG, tlv->tl) != + HAL_RX_STATUS_BUFFER_DONE) { +- ath11k_warn(ab, "mon status DONE not set %lx\n", ++ ath11k_warn(ab, "mon status DONE not set %lx, buf_id %d\n", + FIELD_GET(HAL_TLV_HDR_TAG, +- tlv->tl)); +- dev_kfree_skb_any(skb); ++ tlv->tl), buf_id); ++ /* If done status is missing, hold onto status ++ * ring until status is done for this status ++ * ring buffer. ++ * Keep HP in mon_status_ring unchanged, ++ * and break from here. ++ * Check status for same buffer for next time ++ */ + pmon->buf_state = DP_MON_STATUS_NO_DMA; +- goto move_next; ++ break; + } + ++ spin_lock_bh(&rx_ring->idr_lock); ++ idr_remove(&rx_ring->bufs_idr, buf_id); ++ spin_unlock_bh(&rx_ring->idr_lock); + if (ab->hw_params.full_monitor_mode) { + ath11k_dp_rx_mon_update_status_buf_state(pmon, tlv); + if (paddr == pmon->mon_status_paddr) + pmon->buf_state = DP_MON_STATUS_MATCH; + } ++ ++ dma_unmap_single(ab->dev, rxcb->paddr, ++ skb->len + skb_tailroom(skb), ++ DMA_FROM_DEVICE); ++ + __skb_queue_tail(skb_list, skb); + } else { + pmon->buf_state = DP_MON_STATUS_REPLINISH; diff --git a/package/kernel/mac80211/patches/ath11k/0049-wifi-ath11k-Optimize-6-GHz-scan-time.patch b/package/kernel/mac80211/patches/ath11k/0049-wifi-ath11k-Optimize-6-GHz-scan-time.patch new file mode 100644 index 0000000000..f468990feb --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0049-wifi-ath11k-Optimize-6-GHz-scan-time.patch @@ -0,0 +1,101 @@ +From 8b4d2f080afbd4280ecca0f4b3ceea943a7a86d0 Mon Sep 17 00:00:00 2001 +From: Manikanta Pubbisetty <quic_mpubbise@quicinc.com> +Date: Thu, 23 Mar 2023 11:39:13 +0530 +Subject: [PATCH] wifi: ath11k: Optimize 6 GHz scan time + +Currently, time taken to scan all supported channels on WCN6750 +is ~8 seconds and connection time is almost 10 seconds. WCN6750 +supports three Wi-Fi bands (i.e., 2.4/5/6 GHz) and the numbers of +channels for scan come around ~100 channels (default case). +Since the chip doesn't have support for DBS (Dual Band Simultaneous), +scans cannot be parallelized resulting in longer scan times. + +Among the 100 odd channels, ~60 channels are in 6 GHz band. Therefore, +optimizing the scan for 6 GHz channels will bring down the overall +scan time. + +WCN6750 firmware has support to scan a 6 GHz channel based on co-located +AP information i.e., RNR IE which is found in the legacy 2.4/5 GHz scan +results. When a scan request with all supported channel list is enqueued +to the firmware, then based on WMI_SCAN_CHAN_FLAG_SCAN_ONLY_IF_RNR_FOUND +scan channel flag, firmware will scan only those 6 GHz channels for which +RNR IEs are found in the legacy scan results. + +In the proposed design, based on NL80211_SCAN_FLAG_COLOCATED_6GHZ scan +flag, driver will set the WMI_SCAN_CHAN_FLAG_SCAN_ONLY_IF_RNR_FOUND flag +for non-PSC channels. Since there is high probability to find 6 GHz APs +on PSC channels, these channels are always scanned. Only non-PSC channels +are selectively scanned based on cached RNR information from the legacy +scan results. + +If NL80211_SCAN_FLAG_COLOCATED_6GHZ is not set in the scan flags, +then scan will happen on all supported channels (default behavior). + +With these optimizations, scan time is improved by 1.5-1.8 seconds on +WCN6750. Similar savings have been observed on WCN6855. + +Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1 +Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.16 + +Signed-off-by: Manikanta Pubbisetty <quic_mpubbise@quicinc.com> +Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> +Link: https://lore.kernel.org/r/20230323060913.10097-1-quic_mpubbise@quicinc.com +--- + drivers/net/wireless/ath/ath11k/mac.c | 25 +++++++++++++++++++++++-- + drivers/net/wireless/ath/ath11k/wmi.h | 4 ++++ + 2 files changed, 27 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/mac.c ++++ b/drivers/net/wireless/ath/ath11k/mac.c +@@ -3819,8 +3819,29 @@ static int ath11k_mac_op_hw_scan(struct + goto exit; + } + +- for (i = 0; i < arg->num_chan; i++) +- arg->chan_list[i] = req->channels[i]->center_freq; ++ for (i = 0; i < arg->num_chan; i++) { ++ if (test_bit(WMI_TLV_SERVICE_SCAN_CONFIG_PER_CHANNEL, ++ ar->ab->wmi_ab.svc_map)) { ++ arg->chan_list[i] = ++ u32_encode_bits(req->channels[i]->center_freq, ++ WMI_SCAN_CONFIG_PER_CHANNEL_MASK); ++ ++ /* If NL80211_SCAN_FLAG_COLOCATED_6GHZ is set in scan ++ * flags, then scan all PSC channels in 6 GHz band and ++ * those non-PSC channels where RNR IE is found during ++ * the legacy 2.4/5 GHz scan. ++ * If NL80211_SCAN_FLAG_COLOCATED_6GHZ is not set, ++ * then all channels in 6 GHz will be scanned. ++ */ ++ if (req->channels[i]->band == NL80211_BAND_6GHZ && ++ req->flags & NL80211_SCAN_FLAG_COLOCATED_6GHZ && ++ !cfg80211_channel_is_psc(req->channels[i])) ++ arg->chan_list[i] |= ++ WMI_SCAN_CH_FLAG_SCAN_ONLY_IF_RNR_FOUND; ++ } else { ++ arg->chan_list[i] = req->channels[i]->center_freq; ++ } ++ } + } + + if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) { +--- a/drivers/net/wireless/ath/ath11k/wmi.h ++++ b/drivers/net/wireless/ath/ath11k/wmi.h +@@ -2100,6 +2100,7 @@ enum wmi_tlv_service { + + /* The second 128 bits */ + WMI_MAX_EXT_SERVICE = 256, ++ WMI_TLV_SERVICE_SCAN_CONFIG_PER_CHANNEL = 265, + WMI_TLV_SERVICE_REG_CC_EXT_EVENT_SUPPORT = 281, + WMI_TLV_SERVICE_BIOS_SAR_SUPPORT = 326, + +@@ -3249,6 +3250,9 @@ struct wmi_start_scan_cmd { + #define WMI_SCAN_DWELL_MODE_SHIFT 21 + #define WMI_SCAN_FLAG_EXT_PASSIVE_SCAN_START_TIME_ENHANCE 0x00000800 + ++#define WMI_SCAN_CONFIG_PER_CHANNEL_MASK GENMASK(19, 0) ++#define WMI_SCAN_CH_FLAG_SCAN_ONLY_IF_RNR_FOUND BIT(20) ++ + enum { + WMI_SCAN_DWELL_MODE_DEFAULT = 0, + WMI_SCAN_DWELL_MODE_CONSERVATIVE = 1, diff --git a/package/kernel/mac80211/patches/ath11k/0050-wifi-ath11k-Configure-the-FTM-responder-role-using-f.patch b/package/kernel/mac80211/patches/ath11k/0050-wifi-ath11k-Configure-the-FTM-responder-role-using-f.patch new file mode 100644 index 0000000000..bca08b177f --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0050-wifi-ath11k-Configure-the-FTM-responder-role-using-f.patch @@ -0,0 +1,117 @@ +From 813968c24126cc5c8320cd5db0e262069a535063 Mon Sep 17 00:00:00 2001 +From: Ganesh Babu Jothiram <quic_gjothira@quicinc.com> +Date: Fri, 24 Mar 2023 16:57:00 +0200 +Subject: [PATCH] wifi: ath11k: Configure the FTM responder role using firmware + capability flag + +Fine Time Measurement(FTM) is offloaded feature to firmware. +Hence, the configuration of FTM responder role is done using +firmware capability flag instead of hw param. + +Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 + +Signed-off-by: Ganesh Babu Jothiram <quic_gjothira@quicinc.com> +Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> +Link: https://lore.kernel.org/r/20230317072034.8217-1-quic_gjothira@quicinc.com +--- + drivers/net/wireless/ath/ath11k/core.c | 8 -------- + drivers/net/wireless/ath/ath11k/hw.h | 1 - + drivers/net/wireless/ath/ath11k/mac.c | 4 ++-- + 3 files changed, 2 insertions(+), 11 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/core.c ++++ b/drivers/net/wireless/ath/ath11k/core.c +@@ -116,7 +116,6 @@ static const struct ath11k_hw_params ath + .tcl_ring_retry = true, + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, +- .ftm_responder = true, + }, + { + .hw_rev = ATH11K_HW_IPQ6018_HW10, +@@ -199,7 +198,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = false, +- .ftm_responder = true, + }, + { + .name = "qca6390 hw2.0", +@@ -284,7 +282,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = true, +- .ftm_responder = false, + }, + { + .name = "qcn9074 hw1.0", +@@ -366,7 +363,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = false, +- .ftm_responder = true, + }, + { + .name = "wcn6855 hw2.0", +@@ -451,7 +447,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = true, +- .ftm_responder = false, + }, + { + .name = "wcn6855 hw2.1", +@@ -534,7 +529,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = true, +- .ftm_responder = false, + }, + { + .name = "wcn6750 hw1.0", +@@ -615,7 +609,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE_WCN6750, + .smp2p_wow_exit = true, + .support_fw_mac_sequence = true, +- .ftm_responder = false, + }, + { + .hw_rev = ATH11K_HW_IPQ5018_HW10, +@@ -695,7 +688,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = false, +- .ftm_responder = true, + }, + }; + +--- a/drivers/net/wireless/ath/ath11k/hw.h ++++ b/drivers/net/wireless/ath/ath11k/hw.h +@@ -224,7 +224,6 @@ struct ath11k_hw_params { + u32 tx_ring_size; + bool smp2p_wow_exit; + bool support_fw_mac_sequence; +- bool ftm_responder; + }; + + struct ath11k_hw_ops { +--- a/drivers/net/wireless/ath/ath11k/mac.c ++++ b/drivers/net/wireless/ath/ath11k/mac.c +@@ -3538,7 +3538,7 @@ static void ath11k_mac_op_bss_info_chang + + if (changed & BSS_CHANGED_FTM_RESPONDER && + arvif->ftm_responder != info->ftm_responder && +- ar->ab->hw_params.ftm_responder && ++ test_bit(WMI_TLV_SERVICE_RTT, ar->ab->wmi_ab.svc_map) && + (vif->type == NL80211_IFTYPE_AP || + vif->type == NL80211_IFTYPE_MESH_POINT)) { + arvif->ftm_responder = info->ftm_responder; +@@ -9234,7 +9234,7 @@ static int __ath11k_mac_register(struct + wiphy_ext_feature_set(ar->hw->wiphy, + NL80211_EXT_FEATURE_SET_SCAN_DWELL); + +- if (ab->hw_params.ftm_responder) ++ if (test_bit(WMI_TLV_SERVICE_RTT, ar->ab->wmi_ab.svc_map)) + wiphy_ext_feature_set(ar->hw->wiphy, + NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER); + diff --git a/package/kernel/mac80211/patches/ath11k/0051-wifi-ath11k-fix-rssi-station-dump-not-updated-in-QCN.patch b/package/kernel/mac80211/patches/ath11k/0051-wifi-ath11k-fix-rssi-station-dump-not-updated-in-QCN.patch new file mode 100644 index 0000000000..835dece1fe --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0051-wifi-ath11k-fix-rssi-station-dump-not-updated-in-QCN.patch @@ -0,0 +1,158 @@ +From 031ffa6c2cd305a57ccc6d610f2decd956b2e7f6 Mon Sep 17 00:00:00 2001 +From: P Praneesh <quic_ppranees@quicinc.com> +Date: Fri, 24 Mar 2023 16:57:00 +0200 +Subject: [PATCH] wifi: ath11k: fix rssi station dump not updated in QCN9074 + +In QCN9074, station dump signal values display default value which +is -95 dbm, since there is firmware header change for HAL_RX_MPDU_START +between QCN9074 and IPQ8074 which cause wrong peer_id fetch from msdu. +Fix this by updating hal_rx_mpdu_info with corresponding QCN9074 tlv +format. + +Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 +Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.4.0.1-01695-QCAHKSWPL_SILICONZ-1 + +Signed-off-by: P Praneesh <quic_ppranees@quicinc.com> +Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> +Link: https://lore.kernel.org/r/20230320110312.20639-1-quic_ppranees@quicinc.com +--- + drivers/net/wireless/ath/ath11k/hal_rx.c | 10 ++++++++- + drivers/net/wireless/ath/ath11k/hal_rx.h | 18 +++++++++++++++- + drivers/net/wireless/ath/ath11k/hw.c | 27 ++++++++++++++++-------- + drivers/net/wireless/ath/ath11k/hw.h | 2 +- + 4 files changed, 45 insertions(+), 12 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/hal_rx.c ++++ b/drivers/net/wireless/ath/ath11k/hal_rx.c +@@ -865,6 +865,12 @@ ath11k_hal_rx_populate_mu_user_info(void + ath11k_hal_rx_populate_byte_count(rx_tlv, ppdu_info, rx_user_status); + } + ++static u16 ath11k_hal_rx_mpduinfo_get_peerid(struct ath11k_base *ab, ++ struct hal_rx_mpdu_info *mpdu_info) ++{ ++ return ab->hw_params.hw_ops->mpdu_info_get_peerid(mpdu_info); ++} ++ + static enum hal_rx_mon_status + ath11k_hal_rx_parse_mon_status_tlv(struct ath11k_base *ab, + struct hal_rx_mon_ppdu_info *ppdu_info, +@@ -1459,9 +1465,11 @@ ath11k_hal_rx_parse_mon_status_tlv(struc + break; + } + case HAL_RX_MPDU_START: { ++ struct hal_rx_mpdu_info *mpdu_info = ++ (struct hal_rx_mpdu_info *)tlv_data; + u16 peer_id; + +- peer_id = ab->hw_params.hw_ops->mpdu_info_get_peerid(tlv_data); ++ peer_id = ath11k_hal_rx_mpduinfo_get_peerid(ab, mpdu_info); + if (peer_id) + ppdu_info->peer_id = peer_id; + break; +--- a/drivers/net/wireless/ath/ath11k/hal_rx.h ++++ b/drivers/net/wireless/ath/ath11k/hal_rx.h +@@ -405,7 +405,7 @@ struct hal_rx_phyrx_rssi_legacy_info { + #define HAL_RX_MPDU_INFO_INFO0_PEERID_WCN6855 GENMASK(15, 0) + #define HAL_RX_MPDU_INFO_INFO1_MPDU_LEN GENMASK(13, 0) + +-struct hal_rx_mpdu_info { ++struct hal_rx_mpdu_info_ipq8074 { + __le32 rsvd0; + __le32 info0; + __le32 rsvd1[11]; +@@ -413,12 +413,28 @@ struct hal_rx_mpdu_info { + __le32 rsvd2[9]; + } __packed; + ++struct hal_rx_mpdu_info_qcn9074 { ++ __le32 rsvd0[10]; ++ __le32 info0; ++ __le32 rsvd1[2]; ++ __le32 info1; ++ __le32 rsvd2[9]; ++} __packed; ++ + struct hal_rx_mpdu_info_wcn6855 { + __le32 rsvd0[8]; + __le32 info0; + __le32 rsvd1[14]; + } __packed; + ++struct hal_rx_mpdu_info { ++ union { ++ struct hal_rx_mpdu_info_ipq8074 ipq8074; ++ struct hal_rx_mpdu_info_qcn9074 qcn9074; ++ struct hal_rx_mpdu_info_wcn6855 wcn6855; ++ } u; ++} __packed; ++ + #define HAL_RX_PPDU_END_DURATION GENMASK(23, 0) + struct hal_rx_ppdu_end_duration { + __le32 rsvd0[9]; +--- a/drivers/net/wireless/ath/ath11k/hw.c ++++ b/drivers/net/wireless/ath/ath11k/hw.c +@@ -835,26 +835,35 @@ static void ath11k_hw_ipq5018_reo_setup( + ring_hash_map); + } + +-static u16 ath11k_hw_ipq8074_mpdu_info_get_peerid(u8 *tlv_data) ++static u16 ++ath11k_hw_ipq8074_mpdu_info_get_peerid(struct hal_rx_mpdu_info *mpdu_info) + { + u16 peer_id = 0; +- struct hal_rx_mpdu_info *mpdu_info = +- (struct hal_rx_mpdu_info *)tlv_data; + + peer_id = FIELD_GET(HAL_RX_MPDU_INFO_INFO0_PEERID, +- __le32_to_cpu(mpdu_info->info0)); ++ __le32_to_cpu(mpdu_info->u.ipq8074.info0)); + + return peer_id; + } + +-static u16 ath11k_hw_wcn6855_mpdu_info_get_peerid(u8 *tlv_data) ++static u16 ++ath11k_hw_qcn9074_mpdu_info_get_peerid(struct hal_rx_mpdu_info *mpdu_info) ++{ ++ u16 peer_id = 0; ++ ++ peer_id = FIELD_GET(HAL_RX_MPDU_INFO_INFO0_PEERID, ++ __le32_to_cpu(mpdu_info->u.qcn9074.info0)); ++ ++ return peer_id; ++} ++ ++static u16 ++ath11k_hw_wcn6855_mpdu_info_get_peerid(struct hal_rx_mpdu_info *mpdu_info) + { + u16 peer_id = 0; +- struct hal_rx_mpdu_info_wcn6855 *mpdu_info = +- (struct hal_rx_mpdu_info_wcn6855 *)tlv_data; + + peer_id = FIELD_GET(HAL_RX_MPDU_INFO_INFO0_PEERID_WCN6855, +- __le32_to_cpu(mpdu_info->info0)); ++ __le32_to_cpu(mpdu_info->u.wcn6855.info0)); + return peer_id; + } + +@@ -1042,7 +1051,7 @@ const struct ath11k_hw_ops qcn9074_ops = + .rx_desc_get_attention = ath11k_hw_qcn9074_rx_desc_get_attention, + .rx_desc_get_msdu_payload = ath11k_hw_qcn9074_rx_desc_get_msdu_payload, + .reo_setup = ath11k_hw_ipq8074_reo_setup, +- .mpdu_info_get_peerid = ath11k_hw_ipq8074_mpdu_info_get_peerid, ++ .mpdu_info_get_peerid = ath11k_hw_qcn9074_mpdu_info_get_peerid, + .rx_desc_mac_addr2_valid = ath11k_hw_ipq9074_rx_desc_mac_addr2_valid, + .rx_desc_mpdu_start_addr2 = ath11k_hw_ipq9074_rx_desc_mpdu_start_addr2, + .get_ring_selector = ath11k_hw_ipq8074_get_tcl_ring_selector, +--- a/drivers/net/wireless/ath/ath11k/hw.h ++++ b/drivers/net/wireless/ath/ath11k/hw.h +@@ -263,7 +263,7 @@ struct ath11k_hw_ops { + struct rx_attention *(*rx_desc_get_attention)(struct hal_rx_desc *desc); + u8 *(*rx_desc_get_msdu_payload)(struct hal_rx_desc *desc); + void (*reo_setup)(struct ath11k_base *ab); +- u16 (*mpdu_info_get_peerid)(u8 *tlv_data); ++ u16 (*mpdu_info_get_peerid)(struct hal_rx_mpdu_info *mpdu_info); + bool (*rx_desc_mac_addr2_valid)(struct hal_rx_desc *desc); + u8* (*rx_desc_mpdu_start_addr2)(struct hal_rx_desc *desc); + u32 (*get_ring_selector)(struct sk_buff *skb); diff --git a/package/kernel/mac80211/patches/ath11k/0052-wifi-ath11k-Fix-invalid-management-rx-frame-length-i.patch b/package/kernel/mac80211/patches/ath11k/0052-wifi-ath11k-Fix-invalid-management-rx-frame-length-i.patch new file mode 100644 index 0000000000..0c1637fb04 --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0052-wifi-ath11k-Fix-invalid-management-rx-frame-length-i.patch @@ -0,0 +1,115 @@ +From 447b0398a9cd41ca343dfd43e555af92d6214487 Mon Sep 17 00:00:00 2001 +From: Bhagavathi Perumal S <quic_bperumal@quicinc.com> +Date: Fri, 24 Mar 2023 16:57:00 +0200 +Subject: [PATCH] wifi: ath11k: Fix invalid management rx frame length issue + +The WMI management rx event has multiple arrays of TLVs, however the common +WMI TLV parser won't handle multiple TLV tags of same type. +So the multiple array tags of WMI management rx TLV is parsed incorrectly +and the length calculated becomes wrong when the target sends multiple +array tags. + +Add separate TLV parser to handle multiple arrays for WMI management rx +TLV. This fixes invalid length issue when the target sends multiple array +tags. + +Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 + +Signed-off-by: Bhagavathi Perumal S <quic_bperumal@quicinc.com> +Co-developed-by: Nagarajan Maran <quic_nmaran@quicinc.com> +Signed-off-by: Nagarajan Maran <quic_nmaran@quicinc.com> +Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> +Link: https://lore.kernel.org/r/20230320133840.30162-1-quic_nmaran@quicinc.com +--- + drivers/net/wireless/ath/ath11k/wmi.c | 45 +++++++++++++++++++++------ + 1 file changed, 35 insertions(+), 10 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/wmi.c ++++ b/drivers/net/wireless/ath/ath11k/wmi.c +@@ -82,6 +82,12 @@ struct wmi_tlv_fw_stats_parse { + bool chain_rssi_done; + }; + ++struct wmi_tlv_mgmt_rx_parse { ++ const struct wmi_mgmt_rx_hdr *fixed; ++ const u8 *frame_buf; ++ bool frame_buf_done; ++}; ++ + static const struct wmi_tlv_policy wmi_tlv_policies[] = { + [WMI_TAG_ARRAY_BYTE] + = { .min_len = 0 }, +@@ -5633,28 +5639,49 @@ static int ath11k_pull_vdev_stopped_para + return 0; + } + ++static int ath11k_wmi_tlv_mgmt_rx_parse(struct ath11k_base *ab, ++ u16 tag, u16 len, ++ const void *ptr, void *data) ++{ ++ struct wmi_tlv_mgmt_rx_parse *parse = data; ++ ++ switch (tag) { ++ case WMI_TAG_MGMT_RX_HDR: ++ parse->fixed = ptr; ++ break; ++ case WMI_TAG_ARRAY_BYTE: ++ if (!parse->frame_buf_done) { ++ parse->frame_buf = ptr; ++ parse->frame_buf_done = true; ++ } ++ break; ++ } ++ return 0; ++} ++ + static int ath11k_pull_mgmt_rx_params_tlv(struct ath11k_base *ab, + struct sk_buff *skb, + struct mgmt_rx_event_params *hdr) + { +- const void **tb; ++ struct wmi_tlv_mgmt_rx_parse parse = { }; + const struct wmi_mgmt_rx_hdr *ev; + const u8 *frame; + int ret; + +- tb = ath11k_wmi_tlv_parse_alloc(ab, skb->data, skb->len, GFP_ATOMIC); +- if (IS_ERR(tb)) { +- ret = PTR_ERR(tb); +- ath11k_warn(ab, "failed to parse tlv: %d\n", ret); ++ ret = ath11k_wmi_tlv_iter(ab, skb->data, skb->len, ++ ath11k_wmi_tlv_mgmt_rx_parse, ++ &parse); ++ if (ret) { ++ ath11k_warn(ab, "failed to parse mgmt rx tlv %d\n", ++ ret); + return ret; + } + +- ev = tb[WMI_TAG_MGMT_RX_HDR]; +- frame = tb[WMI_TAG_ARRAY_BYTE]; ++ ev = parse.fixed; ++ frame = parse.frame_buf; + + if (!ev || !frame) { + ath11k_warn(ab, "failed to fetch mgmt rx hdr"); +- kfree(tb); + return -EPROTO; + } + +@@ -5673,7 +5700,6 @@ static int ath11k_pull_mgmt_rx_params_tl + + if (skb->len < (frame - skb->data) + hdr->buf_len) { + ath11k_warn(ab, "invalid length in mgmt rx hdr ev"); +- kfree(tb); + return -EPROTO; + } + +@@ -5685,7 +5711,6 @@ static int ath11k_pull_mgmt_rx_params_tl + + ath11k_ce_byte_swap(skb->data, hdr->buf_len); + +- kfree(tb); + return 0; + } + diff --git a/package/kernel/mac80211/patches/ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch b/package/kernel/mac80211/patches/ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch new file mode 100644 index 0000000000..7b8a7d4543 --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch @@ -0,0 +1,43 @@ +From 756a7f90878f0866fd2fe167ef37e90b47326b96 Mon Sep 17 00:00:00 2001 +From: P Praneesh <quic_ppranees@quicinc.com> +Date: Fri, 24 Mar 2023 16:57:01 +0200 +Subject: [PATCH] wifi: ath11k: fix writing to unintended memory region + +While initializing spectral, the magic value is getting written to the +invalid memory address leading to random boot-up crash. This occurs +due to the incorrect index increment in ath11k_dbring_fill_magic_value +function. Fix it by replacing the existing logic with memset32 to ensure +there is no invalid memory access. + +Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.4.0.1-01838-QCAHKSWPL_SILICONZ-1 + +Fixes: d3d358efc553 ("ath11k: add spectral/CFR buffer validation support") +Signed-off-by: P Praneesh <quic_ppranees@quicinc.com> +Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> +Link: https://lore.kernel.org/r/20230321052900.16895-1-quic_ppranees@quicinc.com +--- + drivers/net/wireless/ath/ath11k/dbring.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/dbring.c ++++ b/drivers/net/wireless/ath/ath11k/dbring.c +@@ -26,13 +26,13 @@ int ath11k_dbring_validate_buffer(struct + static void ath11k_dbring_fill_magic_value(struct ath11k *ar, + void *buffer, u32 size) + { +- u32 *temp; +- int idx; ++ /* memset32 function fills buffer payload with the ATH11K_DB_MAGIC_VALUE ++ * and the variable size is expected to be the number of u32 values ++ * to be stored, not the number of bytes. ++ */ ++ size = size / sizeof(u32); + +- size = size >> 2; +- +- for (idx = 0, temp = buffer; idx < size; idx++, temp++) +- *temp++ = ATH11K_DB_MAGIC_VALUE; ++ memset32(buffer, ATH11K_DB_MAGIC_VALUE, size); + } + + static int ath11k_dbring_bufs_replenish(struct ath11k *ar, diff --git a/package/kernel/mac80211/patches/ath11k/0054-wifi-ath11k-Send-11d-scan-start-before-WMI_START_SCA.patch b/package/kernel/mac80211/patches/ath11k/0054-wifi-ath11k-Send-11d-scan-start-before-WMI_START_SCA.patch new file mode 100644 index 0000000000..0f8e637592 --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0054-wifi-ath11k-Send-11d-scan-start-before-WMI_START_SCA.patch @@ -0,0 +1,61 @@ +From e89a51aedf380bc60219dc9afa96c36507060fb3 Mon Sep 17 00:00:00 2001 +From: Manikanta Pubbisetty <quic_mpubbise@quicinc.com> +Date: Wed, 15 Mar 2023 21:48:17 +0530 +Subject: [PATCH] wifi: ath11k: Send 11d scan start before WMI_START_SCAN_CMDID + +Firmwares advertising the support of triggering 11d algorithm on the +scan results of a regular scan expects driver to send +WMI_11D_SCAN_START_CMDID before sending WMI_START_SCAN_CMDID. +Triggering 11d algorithm on the scan results of a normal scan helps +in completely avoiding a separate 11d scan for determining regdomain. +This indirectly helps in speeding up connections on station +interfaces on the chipsets supporting 11D scan. + +To enable this feature, send WMI_11D_SCAN_START_CMDID just before +sending WMI_START_SCAN_CMDID if the firmware advertises +WMI_TLV_SERVICE_SUPPORT_11D_FOR_HOST_SCAN service flag. + +WCN6750 & WCN6855 supports this feature. + +Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-01160-QCAMSLSWPLZ-1 +Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 + +Signed-off-by: Manikanta Pubbisetty <quic_mpubbise@quicinc.com> +Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com> +Link: https://lore.kernel.org/r/20230315161817.29627-1-quic_mpubbise@quicinc.com +--- + drivers/net/wireless/ath/ath11k/mac.c | 12 ++++++++++++ + drivers/net/wireless/ath/ath11k/wmi.h | 1 + + 2 files changed, 13 insertions(+) + +--- a/drivers/net/wireless/ath/ath11k/mac.c ++++ b/drivers/net/wireless/ath/ath11k/mac.c +@@ -3755,6 +3755,18 @@ static int ath11k_mac_op_hw_scan(struct + int i; + u32 scan_timeout; + ++ /* Firmwares advertising the support of triggering 11D algorithm ++ * on the scan results of a regular scan expects driver to send ++ * WMI_11D_SCAN_START_CMDID before sending WMI_START_SCAN_CMDID. ++ * With this feature, separate 11D scan can be avoided since ++ * regdomain can be determined with the scan results of the ++ * regular scan. ++ */ ++ if (ar->state_11d == ATH11K_11D_PREPARING && ++ test_bit(WMI_TLV_SERVICE_SUPPORT_11D_FOR_HOST_SCAN, ++ ar->ab->wmi_ab.svc_map)) ++ ath11k_mac_11d_scan_start(ar, arvif->vdev_id); ++ + mutex_lock(&ar->conf_mutex); + + spin_lock_bh(&ar->data_lock); +--- a/drivers/net/wireless/ath/ath11k/wmi.h ++++ b/drivers/net/wireless/ath/ath11k/wmi.h +@@ -2103,6 +2103,7 @@ enum wmi_tlv_service { + WMI_TLV_SERVICE_SCAN_CONFIG_PER_CHANNEL = 265, + WMI_TLV_SERVICE_REG_CC_EXT_EVENT_SUPPORT = 281, + WMI_TLV_SERVICE_BIOS_SAR_SUPPORT = 326, ++ WMI_TLV_SERVICE_SUPPORT_11D_FOR_HOST_SCAN = 357, + + /* The third 128 bits */ + WMI_MAX_EXT2_SERVICE = 384 diff --git a/package/kernel/mac80211/patches/ath11k/101-Fix-invalid-management-rx-frame-length-issue.patch b/package/kernel/mac80211/patches/ath11k/101-Fix-invalid-management-rx-frame-length-issue.patch deleted file mode 100644 index 7b650a5342..0000000000 --- a/package/kernel/mac80211/patches/ath11k/101-Fix-invalid-management-rx-frame-length-issue.patch +++ /dev/null @@ -1,202 +0,0 @@ -From patchwork Mon Mar 20 13:38:40 2023 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -X-Patchwork-Submitter: Nagarajan Maran <quic_nmaran@quicinc.com> -X-Patchwork-Id: 13181272 -X-Patchwork-Delegate: kvalo@adurom.com -Return-Path: <linux-wireless-owner@vger.kernel.org> -X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on - aws-us-west-2-korg-lkml-1.web.codeaurora.org -Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) - by smtp.lore.kernel.org (Postfix) with ESMTP id 6F899C6FD1D - for <linux-wireless@archiver.kernel.org>; - Mon, 20 Mar 2023 13:39:52 +0000 (UTC) -Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand - id S231824AbjCTNjm (ORCPT - <rfc822;linux-wireless@archiver.kernel.org>); - Mon, 20 Mar 2023 09:39:42 -0400 -Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44860 "EHLO - lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org - with ESMTP id S231795AbjCTNjT (ORCPT - <rfc822;linux-wireless@vger.kernel.org>); - Mon, 20 Mar 2023 09:39:19 -0400 -Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com - [205.220.180.131]) - by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD4CC1A66C - for <linux-wireless@vger.kernel.org>; - Mon, 20 Mar 2023 06:39:10 -0700 (PDT) -Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) - by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id - 32KBvFZ2004731; - Mon, 20 Mar 2023 13:39:05 GMT -DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; - h=from : to : cc : - subject : date : message-id : mime-version : content-type; s=qcppdkim1; - bh=jMz2u2+gyjJJcj5tuRPYVv0di+sn1S5ni8sqhMu/9Kg=; - b=BNz+KGi99iSZhDkes9KWF52w7CzSYjHOAYXTfBPlCQk7pM1ZZAIsxB8H3zGnapUkas/r - 1FfSr/9GpQ+5F6LsOEhJ4KF4Us8wsGi/jZnw25FoCqH4jPqhHPQzcC4jaVzVtNdjiA/0 - PlEKhMhP6ULKuRkpbM7RDNigSEYSRmhgqbWkVUL69mwPEJi2oHbhQgxFGFO75Rmfk+Gt - 8w4fd4JPJXA1PNOxL3X8nGYxxzxTsUvQi80R1Tm683dJg7fwBKlNOyD/BlmnrBGBeIqv - CMVmf/KTnEUEFt7WWsvQInmEBZG+JH8TvwUAZ9ndRKqA4kCNXqS5+79KGzUuBP80f3yv ow== -Received: from nalasppmta01.qualcomm.com (Global_NAT1.qualcomm.com - [129.46.96.20]) - by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3pen6hrh12-1 - (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 - verify=NOT); - Mon, 20 Mar 2023 13:39:05 +0000 -Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com - [10.47.209.196]) - by NALASPPMTA01.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id - 32KDd4H6010152 - (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 - verify=NOT); - Mon, 20 Mar 2023 13:39:04 GMT -Received: from nmaran-linux.qualcomm.com (10.80.80.8) by - nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server - (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id - 15.2.986.41; Mon, 20 Mar 2023 06:39:02 -0700 -From: Nagarajan Maran <quic_nmaran@quicinc.com> -To: <ath11k@lists.infradead.org> -CC: <linux-wireless@vger.kernel.org>, - Bhagavathi Perumal S <quic_bperumal@quicinc.com>, - Nagarajan Maran <quic_nmaran@quicinc.com> -Subject: [PATCH] wifi: ath11k: Fix invalid management rx frame length issue -Date: Mon, 20 Mar 2023 19:08:40 +0530 -Message-ID: <20230320133840.30162-1-quic_nmaran@quicinc.com> -X-Mailer: git-send-email 2.17.1 -MIME-Version: 1.0 -X-Originating-IP: [10.80.80.8] -X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To - nalasex01a.na.qualcomm.com (10.47.209.196) -X-QCInternal: smtphost -X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 - signatures=585085 -X-Proofpoint-ORIG-GUID: 8NkXcGNm6eXVpjTaeMT1e0VxZ9FeT59R -X-Proofpoint-GUID: 8NkXcGNm6eXVpjTaeMT1e0VxZ9FeT59R -X-Proofpoint-Virus-Version: vendor=baseguard - engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 - definitions=2023-03-20_09,2023-03-20_02,2023-02-09_01 -X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 - mlxlogscore=999 - malwarescore=0 priorityscore=1501 mlxscore=0 bulkscore=0 adultscore=0 - spamscore=0 impostorscore=0 phishscore=0 clxscore=1011 suspectscore=0 - lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 - engine=8.12.0-2303150002 definitions=main-2303200115 -Precedence: bulk -List-ID: <linux-wireless.vger.kernel.org> -X-Mailing-List: linux-wireless@vger.kernel.org - -From: Bhagavathi Perumal S <quic_bperumal@quicinc.com> - -The WMI management rx event has multiple arrays of TLVs, however the common -WMI TLV parser won't handle multiple TLV tags of same type. -So the multiple array tags of WMI management rx TLV is parsed incorrectly -and the length calculated becomes wrong when the target sends multiple -array tags. - -Add separate TLV parser to handle multiple arrays for WMI management rx -TLV. This fixes invalid length issue when the target sends multiple array -tags. - -Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 - -Signed-off-by: Bhagavathi Perumal S <quic_bperumal@quicinc.com> -Co-developed-by: Nagarajan Maran <quic_nmaran@quicinc.com> -Signed-off-by: Nagarajan Maran <quic_nmaran@quicinc.com> ---- - drivers/net/wireless/ath/ath11k/wmi.c | 45 +++++++++++++++++++++------ - 1 file changed, 35 insertions(+), 10 deletions(-) - - -base-commit: 3df3715e556027e94246b2cb30986563362a65f4 - ---- a/drivers/net/wireless/ath/ath11k/wmi.c -+++ b/drivers/net/wireless/ath/ath11k/wmi.c -@@ -82,6 +82,12 @@ struct wmi_tlv_fw_stats_parse { - bool chain_rssi_done; - }; - -+struct wmi_tlv_mgmt_rx_parse { -+ const struct wmi_mgmt_rx_hdr *fixed; -+ const u8 *frame_buf; -+ bool frame_buf_done; -+}; -+ - static const struct wmi_tlv_policy wmi_tlv_policies[] = { - [WMI_TAG_ARRAY_BYTE] - = { .min_len = 0 }, -@@ -5633,28 +5639,49 @@ static int ath11k_pull_vdev_stopped_para - return 0; - } - -+static int ath11k_wmi_tlv_mgmt_rx_parse(struct ath11k_base *ab, -+ u16 tag, u16 len, -+ const void *ptr, void *data) -+{ -+ struct wmi_tlv_mgmt_rx_parse *parse = data; -+ -+ switch (tag) { -+ case WMI_TAG_MGMT_RX_HDR: -+ parse->fixed = ptr; -+ break; -+ case WMI_TAG_ARRAY_BYTE: -+ if (!parse->frame_buf_done) { -+ parse->frame_buf = ptr; -+ parse->frame_buf_done = true; -+ } -+ break; -+ } -+ return 0; -+} -+ - static int ath11k_pull_mgmt_rx_params_tlv(struct ath11k_base *ab, - struct sk_buff *skb, - struct mgmt_rx_event_params *hdr) - { -- const void **tb; -+ struct wmi_tlv_mgmt_rx_parse parse = { }; - const struct wmi_mgmt_rx_hdr *ev; - const u8 *frame; - int ret; - -- tb = ath11k_wmi_tlv_parse_alloc(ab, skb->data, skb->len, GFP_ATOMIC); -- if (IS_ERR(tb)) { -- ret = PTR_ERR(tb); -- ath11k_warn(ab, "failed to parse tlv: %d\n", ret); -+ ret = ath11k_wmi_tlv_iter(ab, skb->data, skb->len, -+ ath11k_wmi_tlv_mgmt_rx_parse, -+ &parse); -+ if (ret) { -+ ath11k_warn(ab, "failed to parse mgmt rx tlv %d\n", -+ ret); - return ret; - } - -- ev = tb[WMI_TAG_MGMT_RX_HDR]; -- frame = tb[WMI_TAG_ARRAY_BYTE]; -+ ev = parse.fixed; -+ frame = parse.frame_buf; - - if (!ev || !frame) { - ath11k_warn(ab, "failed to fetch mgmt rx hdr"); -- kfree(tb); - return -EPROTO; - } - -@@ -5673,7 +5700,6 @@ static int ath11k_pull_mgmt_rx_params_tl - - if (skb->len < (frame - skb->data) + hdr->buf_len) { - ath11k_warn(ab, "invalid length in mgmt rx hdr ev"); -- kfree(tb); - return -EPROTO; - } - -@@ -5685,7 +5711,6 @@ static int ath11k_pull_mgmt_rx_params_tl - - ath11k_ce_byte_swap(skb->data, hdr->buf_len); - -- kfree(tb); - return 0; - } - diff --git a/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch b/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch index 87cbcbe315..a93871eca5 100644 --- a/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch +++ b/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch @@ -31,7 +31,7 @@ Signed-off-by: Robert Marko <robimarko@gmail.com> { .hw_rev = ATH11K_HW_IPQ8074, .name = "ipq8074 hw2.0", -@@ -1919,7 +1919,8 @@ static void ath11k_core_reset(struct wor +@@ -1911,7 +1911,8 @@ static void ath11k_core_reset(struct wor static int ath11k_init_hw_params(struct ath11k_base *ab) { const struct ath11k_hw_params *hw_params = NULL; @@ -41,7 +41,7 @@ Signed-off-by: Robert Marko <robimarko@gmail.com> for (i = 0; i < ARRAY_SIZE(ath11k_hw_params); i++) { hw_params = &ath11k_hw_params[i]; -@@ -1935,7 +1936,30 @@ static int ath11k_init_hw_params(struct +@@ -1927,7 +1928,30 @@ static int ath11k_init_hw_params(struct ab->hw_params = *hw_params; diff --git a/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch b/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch index 61abb847d0..b5d9473597 100644 --- a/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch +++ b/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch @@ -16,7 +16,7 @@ Signed-off-by: Robert Marko <robimarko@gmail.com> --- a/drivers/net/wireless/ath/ath11k/mac.c +++ b/drivers/net/wireless/ath/ath11k/mac.c -@@ -5552,10 +5552,6 @@ static int ath11k_mac_copy_he_cap(struct +@@ -5585,10 +5585,6 @@ static int ath11k_mac_copy_he_cap(struct he_cap_elem->mac_cap_info[1] &= IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_MASK; |