From 7475321f46b83cc04296638d6cf31542d11e3e78 Mon Sep 17 00:00:00 2001 From: Robert Marko Date: Tue, 11 Apr 2023 20:20:18 +0200 Subject: [PATCH 1/6] mac80211: ath11k: Remove regulatory intersection Currently, during initialization ath11k will receive a regulatory event from the firmware in which it will receive the default regulatory domain code and accompanying rules list and report those to the kernel. Then if you try to change the regulatory domain to a different country code it will do a weird thing in which it will send that to the FW and after receiving the appropriate regulatory event it will parse the rules. However, while its parsing there is a weird thing being done, and that is that new raw rules from FW get intersected with the rules from the default domain. This is creating a big issue as the default domain is almost always set to "US" or just "00" aka world so ath11k will unfairly limit you to the most restrictive combination of rules based on the default domain and your desired domain. For example, in ETSI countries this is causing channels 12 and 13 on 2.4GHz to not be usable since "US" limits 2.4GHz to 2472MHz instead of 2482MHz like ETSI countries do. So, lets do what TIP and even QCA do in their ath11k downstream tree and completely get rid of the interesection code in ath11k. Signed-off-by: Robert Marko --- ...tersection-support-for-regulatory-ru.patch | 317 ++++++++++++++++++ 1 file changed, 317 insertions(+) create mode 100644 package/kernel/mac80211/patches/ath11k/905-ath11k-remove-intersection-support-for-regulatory-ru.patch diff --git a/package/kernel/mac80211/patches/ath11k/905-ath11k-remove-intersection-support-for-regulatory-ru.patch b/package/kernel/mac80211/patches/ath11k/905-ath11k-remove-intersection-support-for-regulatory-ru.patch new file mode 100644 index 0000000000..18e1b8a8ce --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/905-ath11k-remove-intersection-support-for-regulatory-ru.patch @@ -0,0 +1,317 @@ +From abdd0985a36189ef2cc0e393b027276e86137ace Mon Sep 17 00:00:00 2001 +From: Aditya Kumar Singh +Date: Tue, 11 Apr 2023 20:08:49 +0200 +Subject: [PATCH] ath11k: remove intersection support for regulatory rules + +Currently, regulatory rules from new country settings is intersected with +rules from default country settings(during initialisation) in order to prevent +users to bypass their default country settings such as power limits, channel +flags, etc. + +However, the country setting in the BDF will take higher higher precendence +and FW will protect it. Therefore, there is no need to handle intersection +on the driver side now. + +Remove regulatory rules intersection logic support. + +Signed-off-by: Aditya Kumar Singh +--- + drivers/net/wireless/ath/ath11k/reg.c | 168 +++----------------------- + drivers/net/wireless/ath/ath11k/reg.h | 2 +- + drivers/net/wireless/ath/ath11k/wmi.c | 24 +--- + 3 files changed, 16 insertions(+), 178 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/reg.c ++++ b/drivers/net/wireless/ath/ath11k/reg.c +@@ -352,129 +352,6 @@ static u32 ath11k_map_fw_reg_flags(u16 r + return flags; + } + +-static bool +-ath11k_reg_can_intersect(struct ieee80211_reg_rule *rule1, +- struct ieee80211_reg_rule *rule2) +-{ +- u32 start_freq1, end_freq1; +- u32 start_freq2, end_freq2; +- +- start_freq1 = rule1->freq_range.start_freq_khz; +- start_freq2 = rule2->freq_range.start_freq_khz; +- +- end_freq1 = rule1->freq_range.end_freq_khz; +- end_freq2 = rule2->freq_range.end_freq_khz; +- +- if ((start_freq1 >= start_freq2 && +- start_freq1 < end_freq2) || +- (start_freq2 > start_freq1 && +- start_freq2 < end_freq1)) +- return true; +- +- /* TODO: Should we restrict intersection feasibility +- * based on min bandwidth of the intersected region also, +- * say the intersected rule should have a min bandwidth +- * of 20MHz? +- */ +- +- return false; +-} +- +-static void ath11k_reg_intersect_rules(struct ieee80211_reg_rule *rule1, +- struct ieee80211_reg_rule *rule2, +- struct ieee80211_reg_rule *new_rule) +-{ +- u32 start_freq1, end_freq1; +- u32 start_freq2, end_freq2; +- u32 freq_diff, max_bw; +- +- start_freq1 = rule1->freq_range.start_freq_khz; +- start_freq2 = rule2->freq_range.start_freq_khz; +- +- end_freq1 = rule1->freq_range.end_freq_khz; +- end_freq2 = rule2->freq_range.end_freq_khz; +- +- new_rule->freq_range.start_freq_khz = max_t(u32, start_freq1, +- start_freq2); +- new_rule->freq_range.end_freq_khz = min_t(u32, end_freq1, end_freq2); +- +- freq_diff = new_rule->freq_range.end_freq_khz - +- new_rule->freq_range.start_freq_khz; +- max_bw = min_t(u32, rule1->freq_range.max_bandwidth_khz, +- rule2->freq_range.max_bandwidth_khz); +- new_rule->freq_range.max_bandwidth_khz = min_t(u32, max_bw, freq_diff); +- +- new_rule->power_rule.max_antenna_gain = +- min_t(u32, rule1->power_rule.max_antenna_gain, +- rule2->power_rule.max_antenna_gain); +- +- new_rule->power_rule.max_eirp = min_t(u32, rule1->power_rule.max_eirp, +- rule2->power_rule.max_eirp); +- +- /* Use the flags of both the rules */ +- new_rule->flags = rule1->flags | rule2->flags; +- +- /* To be safe, lts use the max cac timeout of both rules */ +- new_rule->dfs_cac_ms = max_t(u32, rule1->dfs_cac_ms, +- rule2->dfs_cac_ms); +-} +- +-static struct ieee80211_regdomain * +-ath11k_regd_intersect(struct ieee80211_regdomain *default_regd, +- struct ieee80211_regdomain *curr_regd) +-{ +- u8 num_old_regd_rules, num_curr_regd_rules, num_new_regd_rules; +- struct ieee80211_reg_rule *old_rule, *curr_rule, *new_rule; +- struct ieee80211_regdomain *new_regd = NULL; +- u8 i, j, k; +- +- num_old_regd_rules = default_regd->n_reg_rules; +- num_curr_regd_rules = curr_regd->n_reg_rules; +- num_new_regd_rules = 0; +- +- /* Find the number of intersecting rules to allocate new regd memory */ +- for (i = 0; i < num_old_regd_rules; i++) { +- old_rule = default_regd->reg_rules + i; +- for (j = 0; j < num_curr_regd_rules; j++) { +- curr_rule = curr_regd->reg_rules + j; +- +- if (ath11k_reg_can_intersect(old_rule, curr_rule)) +- num_new_regd_rules++; +- } +- } +- +- if (!num_new_regd_rules) +- return NULL; +- +- new_regd = kzalloc(sizeof(*new_regd) + (num_new_regd_rules * +- sizeof(struct ieee80211_reg_rule)), +- GFP_ATOMIC); +- +- if (!new_regd) +- return NULL; +- +- /* We set the new country and dfs region directly and only trim +- * the freq, power, antenna gain by intersecting with the +- * default regdomain. Also MAX of the dfs cac timeout is selected. +- */ +- new_regd->n_reg_rules = num_new_regd_rules; +- memcpy(new_regd->alpha2, curr_regd->alpha2, sizeof(new_regd->alpha2)); +- new_regd->dfs_region = curr_regd->dfs_region; +- new_rule = new_regd->reg_rules; +- +- for (i = 0, k = 0; i < num_old_regd_rules; i++) { +- old_rule = default_regd->reg_rules + i; +- for (j = 0; j < num_curr_regd_rules; j++) { +- curr_rule = curr_regd->reg_rules + j; +- +- if (ath11k_reg_can_intersect(old_rule, curr_rule)) +- ath11k_reg_intersect_rules(old_rule, curr_rule, +- (new_rule + k++)); +- } +- } +- return new_regd; +-} +- + static const char * + ath11k_reg_get_regdom_str(enum nl80211_dfs_regions dfs_region) + { +@@ -609,9 +486,9 @@ ath11k_reg_update_weather_radar_band(str + + struct ieee80211_regdomain * + ath11k_reg_build_regd(struct ath11k_base *ab, +- struct cur_regulatory_info *reg_info, bool intersect) ++ struct cur_regulatory_info *reg_info) + { +- struct ieee80211_regdomain *tmp_regd, *default_regd, *new_regd = NULL; ++ struct ieee80211_regdomain *new_regd = NULL; + struct cur_reg_rule *reg_rule; + u8 i = 0, j = 0, k = 0; + u8 num_rules; +@@ -628,26 +505,26 @@ ath11k_reg_build_regd(struct ath11k_base + num_rules += reg_info->num_6ghz_rules_ap[WMI_REG_INDOOR_AP]; + + if (!num_rules) +- goto ret; ++ return new_regd; + + /* Add max additional rules to accommodate weather radar band */ + if (reg_info->dfs_region == ATH11K_DFS_REG_ETSI) + num_rules += 2; + +- tmp_regd = kzalloc(sizeof(*tmp_regd) + ++ new_regd = kzalloc(sizeof(*new_regd) + + (num_rules * sizeof(struct ieee80211_reg_rule)), + GFP_ATOMIC); +- if (!tmp_regd) +- goto ret; ++ if (!new_regd) ++ return new_regd; + +- memcpy(tmp_regd->alpha2, reg_info->alpha2, REG_ALPHA2_LEN + 1); ++ memcpy(new_regd->alpha2, reg_info->alpha2, REG_ALPHA2_LEN + 1); + memcpy(alpha2, reg_info->alpha2, REG_ALPHA2_LEN + 1); + alpha2[2] = '\0'; +- tmp_regd->dfs_region = ath11k_map_fw_dfs_region(reg_info->dfs_region); ++ new_regd->dfs_region = ath11k_map_fw_dfs_region(reg_info->dfs_region); + + ath11k_dbg(ab, ATH11K_DBG_REG, + "Country %s, CFG Regdomain %s FW Regdomain %d, num_reg_rules %d\n", +- alpha2, ath11k_reg_get_regdom_str(tmp_regd->dfs_region), ++ alpha2, ath11k_reg_get_regdom_str(new_regd->dfs_region), + reg_info->dfs_region, num_rules); + /* Update reg_rules[] below. Firmware is expected to + * send these rules in order(2 GHz rules first and then 5 GHz) +@@ -686,7 +563,7 @@ ath11k_reg_build_regd(struct ath11k_base + + flags |= ath11k_map_fw_reg_flags(reg_rule->flags); + +- ath11k_reg_update_rule(tmp_regd->reg_rules + i, ++ ath11k_reg_update_rule(new_regd->reg_rules + i, + reg_rule->start_freq, + reg_rule->end_freq, max_bw, + reg_rule->ant_gain, reg_rule->reg_power, +@@ -701,7 +578,7 @@ ath11k_reg_build_regd(struct ath11k_base + reg_info->dfs_region == ATH11K_DFS_REG_ETSI && + (reg_rule->end_freq > ETSI_WEATHER_RADAR_BAND_LOW && + reg_rule->start_freq < ETSI_WEATHER_RADAR_BAND_HIGH)){ +- ath11k_reg_update_weather_radar_band(ab, tmp_regd, ++ ath11k_reg_update_weather_radar_band(ab, new_regd, + reg_rule, &i, + flags, max_bw); + continue; +@@ -712,37 +589,20 @@ ath11k_reg_build_regd(struct ath11k_base + "\t%d. (%d - %d @ %d) (%d, %d) (%d ms) (FLAGS %d) (%d, %d)\n", + i + 1, reg_rule->start_freq, reg_rule->end_freq, + max_bw, reg_rule->ant_gain, reg_rule->reg_power, +- tmp_regd->reg_rules[i].dfs_cac_ms, flags, ++ new_regd->reg_rules[i].dfs_cac_ms, flags, + reg_rule->psd_flag, reg_rule->psd_eirp); + } else { + ath11k_dbg(ab, ATH11K_DBG_REG, + "\t%d. (%d - %d @ %d) (%d, %d) (%d ms) (FLAGS %d)\n", + i + 1, reg_rule->start_freq, reg_rule->end_freq, + max_bw, reg_rule->ant_gain, reg_rule->reg_power, +- tmp_regd->reg_rules[i].dfs_cac_ms, ++ new_regd->reg_rules[i].dfs_cac_ms, + flags); + } + } + +- tmp_regd->n_reg_rules = i; +- +- if (intersect) { +- default_regd = ab->default_regd[reg_info->phy_id]; +- +- /* Get a new regd by intersecting the received regd with +- * our default regd. +- */ +- new_regd = ath11k_regd_intersect(default_regd, tmp_regd); +- kfree(tmp_regd); +- if (!new_regd) { +- ath11k_warn(ab, "Unable to create intersected regdomain\n"); +- goto ret; +- } +- } else { +- new_regd = tmp_regd; +- } ++ new_regd->n_reg_rules = i; + +-ret: + return new_regd; + } + +--- a/drivers/net/wireless/ath/ath11k/reg.h ++++ b/drivers/net/wireless/ath/ath11k/reg.h +@@ -30,7 +30,7 @@ void ath11k_reg_free(struct ath11k_base + void ath11k_regd_update_work(struct work_struct *work); + struct ieee80211_regdomain * + ath11k_reg_build_regd(struct ath11k_base *ab, +- struct cur_regulatory_info *reg_info, bool intersect); ++ struct cur_regulatory_info *reg_info); + int ath11k_regd_update(struct ath11k *ar); + int ath11k_reg_update_chan_list(struct ath11k *ar, bool wait); + #endif +--- a/drivers/net/wireless/ath/ath11k/wmi.c ++++ b/drivers/net/wireless/ath/ath11k/wmi.c +@@ -6979,24 +6979,12 @@ static void ath11k_wmi_htc_tx_complete(s + wake_up(&wmi->tx_ce_desc_wq); + } + +-static bool ath11k_reg_is_world_alpha(char *alpha) +-{ +- if (alpha[0] == '0' && alpha[1] == '0') +- return true; +- +- if (alpha[0] == 'n' && alpha[1] == 'a') +- return true; +- +- return false; +-} +- + static int ath11k_reg_chan_list_event(struct ath11k_base *ab, + struct sk_buff *skb, + enum wmi_reg_chan_list_cmd_type id) + { + struct cur_regulatory_info *reg_info = NULL; + struct ieee80211_regdomain *regd = NULL; +- bool intersect = false; + int ret = 0, pdev_idx, i, j; + struct ath11k *ar; + +@@ -7058,17 +7046,7 @@ static int ath11k_reg_chan_list_event(st + (char *)reg_info->alpha2, 2)) + goto mem_free; + +- /* Intersect new rules with default regd if a new country setting was +- * requested, i.e a default regd was already set during initialization +- * and the regd coming from this event has a valid country info. +- */ +- if (ab->default_regd[pdev_idx] && +- !ath11k_reg_is_world_alpha((char *) +- ab->default_regd[pdev_idx]->alpha2) && +- !ath11k_reg_is_world_alpha((char *)reg_info->alpha2)) +- intersect = true; +- +- regd = ath11k_reg_build_regd(ab, reg_info, intersect); ++ regd = ath11k_reg_build_regd(ab, reg_info); + if (!regd) { + ath11k_warn(ab, "failed to build regd from reg_info\n"); + goto fallback; From 69812bf8ed97e31f978cd9d05f6a181f6ade86c0 Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Wed, 12 Apr 2023 12:02:57 +0200 Subject: [PATCH 2/6] ipq-wifi: bump to latest git HEAD b22487d ath11k: qcn8074: Update regDb in every BDF 3add8be ath11k: ipq8074: Update regDb in every BDF 8bb6039 ath11k: ipq8074: add Netgear RAX120v2 Signed-off-by: Christian Marangi --- package/firmware/ipq-wifi/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/firmware/ipq-wifi/Makefile b/package/firmware/ipq-wifi/Makefile index 8eea981191..396a4c50b5 100644 --- a/package/firmware/ipq-wifi/Makefile +++ b/package/firmware/ipq-wifi/Makefile @@ -6,9 +6,9 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/firmware/qca-wireless.git -PKG_SOURCE_DATE:=2023-03-27 -PKG_SOURCE_VERSION:=ccd7e460cc798d90148a10539b6d94a5fd761004 -PKG_MIRROR_HASH:=e51d28c741aeb0867493a7bfc801b8b1977c942ed5d51d62c1aa8729c91cce32 +PKG_SOURCE_DATE:=2023-04-12 +PKG_SOURCE_VERSION:=b22487d729362feaff7d06354353d005a3a9d6b7 +PKG_MIRROR_HASH:=94eea9db636b2cbf6782ec17d8b8fe36770c61ff283702ec418df1a1b09f54ef PKG_FLAGS:=nonshared From ee1bfd3034af405b2f7cdbc901053e44ceb4706f Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Wed, 12 Apr 2023 12:13:46 +0200 Subject: [PATCH 3/6] Revert "image: update LZMA_XZ_OPTIONS with new squashfs4 tool" This reverts commit a33b97dcb1bd6e68f01c571e92ef02c3ab721523. A new version of the squashfs4 tool patch reintroduced the -Xe option. Signed-off-by: Christian Marangi --- include/image.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/image.mk b/include/image.mk index ef242db96e..b801ef993c 100644 --- a/include/image.mk +++ b/include/image.mk @@ -77,7 +77,7 @@ SQUASHFSOPT := -b $(SQUASHFS_BLOCKSIZE) SQUASHFSOPT += -p '/dev d 755 0 0' -p '/dev/console c 600 0 0 5 1' SQUASHFSOPT += $(if $(CONFIG_SELINUX),-xattrs,-no-xattrs) SQUASHFSCOMP := gzip -LZMA_XZ_OPTIONS := -Xpreset extreme -Xlc 0 -Xlp 2 -Xpb 2 +LZMA_XZ_OPTIONS := -Xpreset 9 -Xe -Xlc 0 -Xlp 2 -Xpb 2 ifeq ($(CONFIG_SQUASHFS_XZ),y) ifneq ($(filter arm x86 powerpc sparc,$(LINUX_KARCH)),) BCJ_FILTER:=-Xbcj $(LINUX_KARCH) From 45329197119e5d23c379c938f6025af5a80fd6ad Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Wed, 12 Apr 2023 12:18:19 +0200 Subject: [PATCH 4/6] tools/squashfs4: refresh multiple lzma configuration option patch Refresh multiple lzma configuration option patch with new version proposed upstream. (Reintroduce -Xe option and add more checks and general better code quality) Signed-off-by: Christian Marangi --- tools/squashfs4/Makefile | 2 +- ...rt-multiple-lzma-configuration-optio.patch | 68 ++++++++++++------- 2 files changed, 45 insertions(+), 25 deletions(-) diff --git a/tools/squashfs4/Makefile b/tools/squashfs4/Makefile index 8f281c704d..1ab4b536ae 100644 --- a/tools/squashfs4/Makefile +++ b/tools/squashfs4/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=squashfs4 PKG_CPE_ID:=cpe:/a:phillip_lougher:squashfs PKG_VERSION:=4.6.1 -PKG_RELEASE=1 +PKG_RELEASE=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/plougher/squashfs-tools diff --git a/tools/squashfs4/patches/100-xz_wrapper-support-multiple-lzma-configuration-optio.patch b/tools/squashfs4/patches/100-xz_wrapper-support-multiple-lzma-configuration-optio.patch index c882529cad..bcc962a9de 100644 --- a/tools/squashfs4/patches/100-xz_wrapper-support-multiple-lzma-configuration-optio.patch +++ b/tools/squashfs4/patches/100-xz_wrapper-support-multiple-lzma-configuration-optio.patch @@ -1,22 +1,24 @@ -From f49793cfbd72fdc40ab75dbffef42dca774701d1 Mon Sep 17 00:00:00 2001 +From dcb976fe4ee40e4bac8ae0dcc836629c625a6fd4 Mon Sep 17 00:00:00 2001 From: Christian Marangi Date: Fri, 14 Oct 2022 15:59:16 +0200 Subject: [PATCH] xz_wrapper: support multiple lzma configuration options Add option to configure preset, lc, lp and pb lzma parameters. --Xpreset can be both a level or set to 'extreme' to use the lzma extreme -compression options. +-Xpreset can be used to set the compression level. +-Xe can be used to set the 'EXTREME' flag to use the lzma compression +options tweaking additional settings on top of the compression level set. New option added: -Xpreset + -Xe -Xlc -Xlp -Xpb Signed-off-by: Christian Marangi --- - squashfs-tools/xz_wrapper.c | 112 +++++++++++++++++++++++++++++++++++- - 1 file changed, 109 insertions(+), 3 deletions(-) + squashfs-tools/xz_wrapper.c | 119 ++++++++++++++++++++++++++++++++++-- + 1 file changed, 115 insertions(+), 4 deletions(-) --- a/squashfs-tools/xz_wrapper.c +++ b/squashfs-tools/xz_wrapper.c @@ -53,26 +55,26 @@ Signed-off-by: Christian Marangi + long val; + + if(argc < 2) { -+ fprintf(stderr, "xz: -Xpreset missing preset-level\n"); ++ fprintf(stderr, "xz: -Xpreset missing preset-level " ++ "(valid value 0-9)\n"); + goto failed; + } + -+ if (strcmp(argv[1], "extreme") == 0) { -+ preset = LZMA_PRESET_EXTREME; -+ -+ return 1; -+ } -+ + val = strtol(argv[1], &b, 10); -+ if ((int) val < 0 || (int) val & ~LZMA_PRESET_LEVEL_MASK) { ++ if (*b != '\0' || (int) val < 0 || (int) val & ~LZMA_PRESET_LEVEL_MASK) { + fprintf(stderr, "xz: -Xpreset can't be " + "negative or more than the max preset\n"); + goto failed; + } + -+ preset = (int) val; ++ preset &= ~LZMA_PRESET_LEVEL_MASK; ++ preset |= (int) val; + + return 1; ++ } else if(strcmp(argv[0], "-Xe") == 0) { ++ preset |= LZMA_PRESET_EXTREME; ++ ++ return 0; + } else if(strcmp(argv[0], "-Xlc") == 0) { + char *b; + long val; @@ -83,7 +85,7 @@ Signed-off-by: Christian Marangi + } + + val = strtol(argv[1], &b, 10); -+ if ((int) val < LZMA_LCLP_MIN || (int) val > LZMA_LCLP_MAX) { ++ if (*b != '\0' || (int) val < LZMA_LCLP_MIN || (int) val > LZMA_LCLP_MAX) { + fprintf(stderr, "xz: -Xlc invalid value\n"); + goto failed; + } @@ -101,8 +103,8 @@ Signed-off-by: Christian Marangi + } + + val = strtol(argv[1], &b, 10); -+ if ((int) val < LZMA_LCLP_MIN || (int) val > LZMA_LCLP_MAX) { -+ fprintf(stderr, "xz: -Xlc invalid value\n"); ++ if (*b != '\0' || (int) val < LZMA_LCLP_MIN || (int) val > LZMA_LCLP_MAX) { ++ fprintf(stderr, "xz: -Xlp invalid value\n"); + goto failed; + } + @@ -119,8 +121,8 @@ Signed-off-by: Christian Marangi + } + + val = strtol(argv[1], &b, 10); -+ if ((int) val < LZMA_PB_MIN || (int) val > LZMA_PB_MAX) { -+ fprintf(stderr, "xz: -Xlc invalid value\n"); ++ if (*b != '\0' || (int) val < LZMA_PB_MIN || (int) val > LZMA_PB_MAX) { ++ fprintf(stderr, "xz: -Xpb invalid value\n"); + goto failed; + } + @@ -135,8 +137,9 @@ Signed-off-by: Christian Marangi struct filter *filter = &stream->filter[i]; - if(lzma_lzma_preset(&stream->opt, LZMA_PRESET_DEFAULT)) -+ if(lzma_lzma_preset(&stream->opt, preset)) - goto failed; +- goto failed; ++ if(lzma_lzma_preset(&stream->opt, preset)) ++ goto failed; stream->opt.dict_size = stream->dictionary_size; @@ -152,16 +155,33 @@ Signed-off-by: Christian Marangi filter->length = 0; res = lzma_stream_buffer_encode(filter->filter, LZMA_CHECK_CRC32, NULL, src, size, filter->buffer, -@@ -521,6 +617,12 @@ static void xz_usage(FILE *stream) +@@ -521,13 +617,28 @@ static void xz_usage(FILE *stream) fprintf(stream, " header as either 2^n or as 2^n+2^(n+1).\n\t\t"); fprintf(stream, "Example dict-sizes are 75%%, 50%%, 37.5%%, 25%%, or"); fprintf(stream, " 32K, 16K, 8K\n\t\tetc.\n"); -+ fprintf(stream, "\t -Xpreset \n"); ++ fprintf(stream, "\t -Xpreset \n"); + fprintf(stream, "\t\tUse as the custom preset to use"); -+ fprintf(stream, " on compress. Can be a level number or extreme.\n"); ++ fprintf(stream, " on compress.\n\t\t should be 0 .. 9"); ++ fprintf(stream, " (default 6)\n"); ++ fprintf(stream, "\t -Xe\n"); ++ fprintf(stream, "\t\tEnable additional compression settings by passing"); ++ fprintf(stream, " the EXTREME\n\t\tflag to the compression flags.\n"); + fprintf(stream, "\t -Xlc \n"); + fprintf(stream, "\t -Xlp \n"); + fprintf(stream, "\t -Xpb \n"); } + static int option_args(char *option) + { + if(strcmp(option, "-Xbcj") == 0 || +- strcmp(option, "-Xdict-size") == 0) ++ strcmp(option, "-Xdict-size") == 0 || ++ strcmp(option, "-Xpreset") == 0 || ++ strcmp(option, "-Xe") == 0 || ++ strcmp(option, "-Xlc") == 0 || ++ strcmp(option, "-Xlp") == 0 || ++ strcmp(option, "-Xpb") == 0) + return 1; + + return 0; From e04356362ce3bf84dc554cf27bcc6a991e5fa604 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Sun, 9 Apr 2023 01:12:08 +0200 Subject: [PATCH 5/6] firmware-utils: update to latest HEAD 6a58f45 tplink-safeloader: add US-CA-TW support-list entries for Archer AX23v1 Signed-off-by: David Bauer --- tools/firmware-utils/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/firmware-utils/Makefile b/tools/firmware-utils/Makefile index 39a4076cda..a8d52f92f8 100644 --- a/tools/firmware-utils/Makefile +++ b/tools/firmware-utils/Makefile @@ -11,9 +11,9 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/firmware-utils.git -PKG_SOURCE_DATE:=2023-03-14 -PKG_SOURCE_VERSION:=a2c80c586b81efc1662fec23202b88e2790e305e -PKG_MIRROR_HASH:=86d528f5c5e5571d2e3d36da8557913185c252dba9cc18f24d9450a2dcadf744 +PKG_SOURCE_DATE:=2023-04-09 +PKG_SOURCE_VERSION:=6a58f456109008620dd15267a7ff0594095e0d77 +PKG_MIRROR_HASH:=ce2df83e2ef548f5ffab972dd6f78ce274a382543284aecf09b88237566120e4 include $(INCLUDE_DIR)/host-build.mk include $(INCLUDE_DIR)/cmake.mk From 930e702d72b0fc593441c92519cc6515e4f784cc Mon Sep 17 00:00:00 2001 From: Robert Marko Date: Wed, 12 Apr 2023 13:17:03 +0200 Subject: [PATCH 6/6] mac80211: ath11k: sync with ath-next Synchronize the ath11k backports with the current ath-next tree. This replaces the management TLV pending fix with the upstreamed one, fixes traffic flooding when AP and monitor modes are used at the same time, fixes QCN9074 always showing -95 dBm for station RSSI in dumps, fixes potential crash on boot if spectral scan is enabled due to writing to unitialized memory and adds 11d scan offloading for WCN6750 and WCN6855. Signed-off-by: Robert Marko --- ...BUFFER_DONE-read-on-monitor-ring-rx-.patch | 130 +++++++++++ ...wifi-ath11k-Optimize-6-GHz-scan-time.patch | 101 +++++++++ ...igure-the-FTM-responder-role-using-f.patch | 117 ++++++++++ ...rssi-station-dump-not-updated-in-QCN.patch | 158 ++++++++++++++ ...invalid-management-rx-frame-length-i.patch | 115 ++++++++++ ...-writing-to-unintended-memory-region.patch | 43 ++++ ...-11d-scan-start-before-WMI_START_SCA.patch | 61 ++++++ ...lid-management-rx-frame-length-issue.patch | 202 ------------------ ...upport-setting-FW-memory-mode-via-DT.patch | 4 +- ...4-wifi-ath11k-restore-160MHz-support.patch | 2 +- 10 files changed, 728 insertions(+), 205 deletions(-) create mode 100644 package/kernel/mac80211/patches/ath11k/0048-wifi-ath11k-fix-BUFFER_DONE-read-on-monitor-ring-rx-.patch create mode 100644 package/kernel/mac80211/patches/ath11k/0049-wifi-ath11k-Optimize-6-GHz-scan-time.patch create mode 100644 package/kernel/mac80211/patches/ath11k/0050-wifi-ath11k-Configure-the-FTM-responder-role-using-f.patch create mode 100644 package/kernel/mac80211/patches/ath11k/0051-wifi-ath11k-fix-rssi-station-dump-not-updated-in-QCN.patch create mode 100644 package/kernel/mac80211/patches/ath11k/0052-wifi-ath11k-Fix-invalid-management-rx-frame-length-i.patch create mode 100644 package/kernel/mac80211/patches/ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch create mode 100644 package/kernel/mac80211/patches/ath11k/0054-wifi-ath11k-Send-11d-scan-start-before-WMI_START_SCA.patch delete mode 100644 package/kernel/mac80211/patches/ath11k/101-Fix-invalid-management-rx-frame-length-issue.patch diff --git a/package/kernel/mac80211/patches/ath11k/0048-wifi-ath11k-fix-BUFFER_DONE-read-on-monitor-ring-rx-.patch b/package/kernel/mac80211/patches/ath11k/0048-wifi-ath11k-fix-BUFFER_DONE-read-on-monitor-ring-rx-.patch new file mode 100644 index 0000000000..3e22645331 --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0048-wifi-ath11k-fix-BUFFER_DONE-read-on-monitor-ring-rx-.patch @@ -0,0 +1,130 @@ +From 68e93ac5a31d4975b25f819b2dfe914c72abc3bb Mon Sep 17 00:00:00 2001 +From: Harshitha Prem +Date: Wed, 15 Mar 2023 12:24:43 +0200 +Subject: [PATCH] wifi: ath11k: fix BUFFER_DONE read on monitor ring rx buffer + +Perform dma_sync_single_for_cpu() on monitor ring rx buffer before +reading BUFFER_DONE tag and do dma_unmap_single() only after device +had set BUFFER_DONE tag to the buffer. + +Also when BUFFER_DONE tag is not set, allow the buffer to get read +next time without freeing skb. + +This helps to fix AP+Monitor VAP with flood traffic scenario to see +monitor ring rx buffer overrun missing BUFFER_DONE tag to be set. + +Also remove redundant rx dma buf free performed on DP +rx_mon_status_refill_ring. + +Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 + +Signed-off-by: Sathishkumar Muruganandam +Signed-off-by: Harshitha Prem +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20230309164434.32660-1-quic_hprem@quicinc.com +--- + drivers/net/wireless/ath/ath11k/dp_rx.c | 57 ++++++++++--------------- + 1 file changed, 23 insertions(+), 34 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/dp_rx.c ++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c +@@ -435,7 +435,6 @@ fail_free_skb: + static int ath11k_dp_rxdma_buf_ring_free(struct ath11k *ar, + struct dp_rxdma_ring *rx_ring) + { +- struct ath11k_pdev_dp *dp = &ar->dp; + struct sk_buff *skb; + int buf_id; + +@@ -453,28 +452,6 @@ static int ath11k_dp_rxdma_buf_ring_free + idr_destroy(&rx_ring->bufs_idr); + spin_unlock_bh(&rx_ring->idr_lock); + +- /* if rxdma1_enable is false, mon_status_refill_ring +- * isn't setup, so don't clean. +- */ +- if (!ar->ab->hw_params.rxdma1_enable) +- return 0; +- +- rx_ring = &dp->rx_mon_status_refill_ring[0]; +- +- spin_lock_bh(&rx_ring->idr_lock); +- idr_for_each_entry(&rx_ring->bufs_idr, skb, buf_id) { +- idr_remove(&rx_ring->bufs_idr, buf_id); +- /* XXX: Understand where internal driver does this dma_unmap +- * of rxdma_buffer. +- */ +- dma_unmap_single(ar->ab->dev, ATH11K_SKB_RXCB(skb)->paddr, +- skb->len + skb_tailroom(skb), DMA_BIDIRECTIONAL); +- dev_kfree_skb_any(skb); +- } +- +- idr_destroy(&rx_ring->bufs_idr); +- spin_unlock_bh(&rx_ring->idr_lock); +- + return 0; + } + +@@ -3029,39 +3006,51 @@ static int ath11k_dp_rx_reap_mon_status_ + + spin_lock_bh(&rx_ring->idr_lock); + skb = idr_find(&rx_ring->bufs_idr, buf_id); ++ spin_unlock_bh(&rx_ring->idr_lock); ++ + if (!skb) { + ath11k_warn(ab, "rx monitor status with invalid buf_id %d\n", + buf_id); +- spin_unlock_bh(&rx_ring->idr_lock); + pmon->buf_state = DP_MON_STATUS_REPLINISH; + goto move_next; + } + +- idr_remove(&rx_ring->bufs_idr, buf_id); +- spin_unlock_bh(&rx_ring->idr_lock); +- + rxcb = ATH11K_SKB_RXCB(skb); + +- dma_unmap_single(ab->dev, rxcb->paddr, +- skb->len + skb_tailroom(skb), +- DMA_FROM_DEVICE); ++ dma_sync_single_for_cpu(ab->dev, rxcb->paddr, ++ skb->len + skb_tailroom(skb), ++ DMA_FROM_DEVICE); + + tlv = (struct hal_tlv_hdr *)skb->data; + if (FIELD_GET(HAL_TLV_HDR_TAG, tlv->tl) != + HAL_RX_STATUS_BUFFER_DONE) { +- ath11k_warn(ab, "mon status DONE not set %lx\n", ++ ath11k_warn(ab, "mon status DONE not set %lx, buf_id %d\n", + FIELD_GET(HAL_TLV_HDR_TAG, +- tlv->tl)); +- dev_kfree_skb_any(skb); ++ tlv->tl), buf_id); ++ /* If done status is missing, hold onto status ++ * ring until status is done for this status ++ * ring buffer. ++ * Keep HP in mon_status_ring unchanged, ++ * and break from here. ++ * Check status for same buffer for next time ++ */ + pmon->buf_state = DP_MON_STATUS_NO_DMA; +- goto move_next; ++ break; + } + ++ spin_lock_bh(&rx_ring->idr_lock); ++ idr_remove(&rx_ring->bufs_idr, buf_id); ++ spin_unlock_bh(&rx_ring->idr_lock); + if (ab->hw_params.full_monitor_mode) { + ath11k_dp_rx_mon_update_status_buf_state(pmon, tlv); + if (paddr == pmon->mon_status_paddr) + pmon->buf_state = DP_MON_STATUS_MATCH; + } ++ ++ dma_unmap_single(ab->dev, rxcb->paddr, ++ skb->len + skb_tailroom(skb), ++ DMA_FROM_DEVICE); ++ + __skb_queue_tail(skb_list, skb); + } else { + pmon->buf_state = DP_MON_STATUS_REPLINISH; diff --git a/package/kernel/mac80211/patches/ath11k/0049-wifi-ath11k-Optimize-6-GHz-scan-time.patch b/package/kernel/mac80211/patches/ath11k/0049-wifi-ath11k-Optimize-6-GHz-scan-time.patch new file mode 100644 index 0000000000..f468990feb --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0049-wifi-ath11k-Optimize-6-GHz-scan-time.patch @@ -0,0 +1,101 @@ +From 8b4d2f080afbd4280ecca0f4b3ceea943a7a86d0 Mon Sep 17 00:00:00 2001 +From: Manikanta Pubbisetty +Date: Thu, 23 Mar 2023 11:39:13 +0530 +Subject: [PATCH] wifi: ath11k: Optimize 6 GHz scan time + +Currently, time taken to scan all supported channels on WCN6750 +is ~8 seconds and connection time is almost 10 seconds. WCN6750 +supports three Wi-Fi bands (i.e., 2.4/5/6 GHz) and the numbers of +channels for scan come around ~100 channels (default case). +Since the chip doesn't have support for DBS (Dual Band Simultaneous), +scans cannot be parallelized resulting in longer scan times. + +Among the 100 odd channels, ~60 channels are in 6 GHz band. Therefore, +optimizing the scan for 6 GHz channels will bring down the overall +scan time. + +WCN6750 firmware has support to scan a 6 GHz channel based on co-located +AP information i.e., RNR IE which is found in the legacy 2.4/5 GHz scan +results. When a scan request with all supported channel list is enqueued +to the firmware, then based on WMI_SCAN_CHAN_FLAG_SCAN_ONLY_IF_RNR_FOUND +scan channel flag, firmware will scan only those 6 GHz channels for which +RNR IEs are found in the legacy scan results. + +In the proposed design, based on NL80211_SCAN_FLAG_COLOCATED_6GHZ scan +flag, driver will set the WMI_SCAN_CHAN_FLAG_SCAN_ONLY_IF_RNR_FOUND flag +for non-PSC channels. Since there is high probability to find 6 GHz APs +on PSC channels, these channels are always scanned. Only non-PSC channels +are selectively scanned based on cached RNR information from the legacy +scan results. + +If NL80211_SCAN_FLAG_COLOCATED_6GHZ is not set in the scan flags, +then scan will happen on all supported channels (default behavior). + +With these optimizations, scan time is improved by 1.5-1.8 seconds on +WCN6750. Similar savings have been observed on WCN6855. + +Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1 +Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.16 + +Signed-off-by: Manikanta Pubbisetty +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20230323060913.10097-1-quic_mpubbise@quicinc.com +--- + drivers/net/wireless/ath/ath11k/mac.c | 25 +++++++++++++++++++++++-- + drivers/net/wireless/ath/ath11k/wmi.h | 4 ++++ + 2 files changed, 27 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/mac.c ++++ b/drivers/net/wireless/ath/ath11k/mac.c +@@ -3819,8 +3819,29 @@ static int ath11k_mac_op_hw_scan(struct + goto exit; + } + +- for (i = 0; i < arg->num_chan; i++) +- arg->chan_list[i] = req->channels[i]->center_freq; ++ for (i = 0; i < arg->num_chan; i++) { ++ if (test_bit(WMI_TLV_SERVICE_SCAN_CONFIG_PER_CHANNEL, ++ ar->ab->wmi_ab.svc_map)) { ++ arg->chan_list[i] = ++ u32_encode_bits(req->channels[i]->center_freq, ++ WMI_SCAN_CONFIG_PER_CHANNEL_MASK); ++ ++ /* If NL80211_SCAN_FLAG_COLOCATED_6GHZ is set in scan ++ * flags, then scan all PSC channels in 6 GHz band and ++ * those non-PSC channels where RNR IE is found during ++ * the legacy 2.4/5 GHz scan. ++ * If NL80211_SCAN_FLAG_COLOCATED_6GHZ is not set, ++ * then all channels in 6 GHz will be scanned. ++ */ ++ if (req->channels[i]->band == NL80211_BAND_6GHZ && ++ req->flags & NL80211_SCAN_FLAG_COLOCATED_6GHZ && ++ !cfg80211_channel_is_psc(req->channels[i])) ++ arg->chan_list[i] |= ++ WMI_SCAN_CH_FLAG_SCAN_ONLY_IF_RNR_FOUND; ++ } else { ++ arg->chan_list[i] = req->channels[i]->center_freq; ++ } ++ } + } + + if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) { +--- a/drivers/net/wireless/ath/ath11k/wmi.h ++++ b/drivers/net/wireless/ath/ath11k/wmi.h +@@ -2100,6 +2100,7 @@ enum wmi_tlv_service { + + /* The second 128 bits */ + WMI_MAX_EXT_SERVICE = 256, ++ WMI_TLV_SERVICE_SCAN_CONFIG_PER_CHANNEL = 265, + WMI_TLV_SERVICE_REG_CC_EXT_EVENT_SUPPORT = 281, + WMI_TLV_SERVICE_BIOS_SAR_SUPPORT = 326, + +@@ -3249,6 +3250,9 @@ struct wmi_start_scan_cmd { + #define WMI_SCAN_DWELL_MODE_SHIFT 21 + #define WMI_SCAN_FLAG_EXT_PASSIVE_SCAN_START_TIME_ENHANCE 0x00000800 + ++#define WMI_SCAN_CONFIG_PER_CHANNEL_MASK GENMASK(19, 0) ++#define WMI_SCAN_CH_FLAG_SCAN_ONLY_IF_RNR_FOUND BIT(20) ++ + enum { + WMI_SCAN_DWELL_MODE_DEFAULT = 0, + WMI_SCAN_DWELL_MODE_CONSERVATIVE = 1, diff --git a/package/kernel/mac80211/patches/ath11k/0050-wifi-ath11k-Configure-the-FTM-responder-role-using-f.patch b/package/kernel/mac80211/patches/ath11k/0050-wifi-ath11k-Configure-the-FTM-responder-role-using-f.patch new file mode 100644 index 0000000000..bca08b177f --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0050-wifi-ath11k-Configure-the-FTM-responder-role-using-f.patch @@ -0,0 +1,117 @@ +From 813968c24126cc5c8320cd5db0e262069a535063 Mon Sep 17 00:00:00 2001 +From: Ganesh Babu Jothiram +Date: Fri, 24 Mar 2023 16:57:00 +0200 +Subject: [PATCH] wifi: ath11k: Configure the FTM responder role using firmware + capability flag + +Fine Time Measurement(FTM) is offloaded feature to firmware. +Hence, the configuration of FTM responder role is done using +firmware capability flag instead of hw param. + +Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 + +Signed-off-by: Ganesh Babu Jothiram +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20230317072034.8217-1-quic_gjothira@quicinc.com +--- + drivers/net/wireless/ath/ath11k/core.c | 8 -------- + drivers/net/wireless/ath/ath11k/hw.h | 1 - + drivers/net/wireless/ath/ath11k/mac.c | 4 ++-- + 3 files changed, 2 insertions(+), 11 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/core.c ++++ b/drivers/net/wireless/ath/ath11k/core.c +@@ -116,7 +116,6 @@ static const struct ath11k_hw_params ath + .tcl_ring_retry = true, + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, +- .ftm_responder = true, + }, + { + .hw_rev = ATH11K_HW_IPQ6018_HW10, +@@ -199,7 +198,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = false, +- .ftm_responder = true, + }, + { + .name = "qca6390 hw2.0", +@@ -284,7 +282,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = true, +- .ftm_responder = false, + }, + { + .name = "qcn9074 hw1.0", +@@ -366,7 +363,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = false, +- .ftm_responder = true, + }, + { + .name = "wcn6855 hw2.0", +@@ -451,7 +447,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = true, +- .ftm_responder = false, + }, + { + .name = "wcn6855 hw2.1", +@@ -534,7 +529,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = true, +- .ftm_responder = false, + }, + { + .name = "wcn6750 hw1.0", +@@ -615,7 +609,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE_WCN6750, + .smp2p_wow_exit = true, + .support_fw_mac_sequence = true, +- .ftm_responder = false, + }, + { + .hw_rev = ATH11K_HW_IPQ5018_HW10, +@@ -695,7 +688,6 @@ static const struct ath11k_hw_params ath + .tx_ring_size = DP_TCL_DATA_RING_SIZE, + .smp2p_wow_exit = false, + .support_fw_mac_sequence = false, +- .ftm_responder = true, + }, + }; + +--- a/drivers/net/wireless/ath/ath11k/hw.h ++++ b/drivers/net/wireless/ath/ath11k/hw.h +@@ -224,7 +224,6 @@ struct ath11k_hw_params { + u32 tx_ring_size; + bool smp2p_wow_exit; + bool support_fw_mac_sequence; +- bool ftm_responder; + }; + + struct ath11k_hw_ops { +--- a/drivers/net/wireless/ath/ath11k/mac.c ++++ b/drivers/net/wireless/ath/ath11k/mac.c +@@ -3538,7 +3538,7 @@ static void ath11k_mac_op_bss_info_chang + + if (changed & BSS_CHANGED_FTM_RESPONDER && + arvif->ftm_responder != info->ftm_responder && +- ar->ab->hw_params.ftm_responder && ++ test_bit(WMI_TLV_SERVICE_RTT, ar->ab->wmi_ab.svc_map) && + (vif->type == NL80211_IFTYPE_AP || + vif->type == NL80211_IFTYPE_MESH_POINT)) { + arvif->ftm_responder = info->ftm_responder; +@@ -9234,7 +9234,7 @@ static int __ath11k_mac_register(struct + wiphy_ext_feature_set(ar->hw->wiphy, + NL80211_EXT_FEATURE_SET_SCAN_DWELL); + +- if (ab->hw_params.ftm_responder) ++ if (test_bit(WMI_TLV_SERVICE_RTT, ar->ab->wmi_ab.svc_map)) + wiphy_ext_feature_set(ar->hw->wiphy, + NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER); + diff --git a/package/kernel/mac80211/patches/ath11k/0051-wifi-ath11k-fix-rssi-station-dump-not-updated-in-QCN.patch b/package/kernel/mac80211/patches/ath11k/0051-wifi-ath11k-fix-rssi-station-dump-not-updated-in-QCN.patch new file mode 100644 index 0000000000..835dece1fe --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0051-wifi-ath11k-fix-rssi-station-dump-not-updated-in-QCN.patch @@ -0,0 +1,158 @@ +From 031ffa6c2cd305a57ccc6d610f2decd956b2e7f6 Mon Sep 17 00:00:00 2001 +From: P Praneesh +Date: Fri, 24 Mar 2023 16:57:00 +0200 +Subject: [PATCH] wifi: ath11k: fix rssi station dump not updated in QCN9074 + +In QCN9074, station dump signal values display default value which +is -95 dbm, since there is firmware header change for HAL_RX_MPDU_START +between QCN9074 and IPQ8074 which cause wrong peer_id fetch from msdu. +Fix this by updating hal_rx_mpdu_info with corresponding QCN9074 tlv +format. + +Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 +Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.4.0.1-01695-QCAHKSWPL_SILICONZ-1 + +Signed-off-by: P Praneesh +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20230320110312.20639-1-quic_ppranees@quicinc.com +--- + drivers/net/wireless/ath/ath11k/hal_rx.c | 10 ++++++++- + drivers/net/wireless/ath/ath11k/hal_rx.h | 18 +++++++++++++++- + drivers/net/wireless/ath/ath11k/hw.c | 27 ++++++++++++++++-------- + drivers/net/wireless/ath/ath11k/hw.h | 2 +- + 4 files changed, 45 insertions(+), 12 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/hal_rx.c ++++ b/drivers/net/wireless/ath/ath11k/hal_rx.c +@@ -865,6 +865,12 @@ ath11k_hal_rx_populate_mu_user_info(void + ath11k_hal_rx_populate_byte_count(rx_tlv, ppdu_info, rx_user_status); + } + ++static u16 ath11k_hal_rx_mpduinfo_get_peerid(struct ath11k_base *ab, ++ struct hal_rx_mpdu_info *mpdu_info) ++{ ++ return ab->hw_params.hw_ops->mpdu_info_get_peerid(mpdu_info); ++} ++ + static enum hal_rx_mon_status + ath11k_hal_rx_parse_mon_status_tlv(struct ath11k_base *ab, + struct hal_rx_mon_ppdu_info *ppdu_info, +@@ -1459,9 +1465,11 @@ ath11k_hal_rx_parse_mon_status_tlv(struc + break; + } + case HAL_RX_MPDU_START: { ++ struct hal_rx_mpdu_info *mpdu_info = ++ (struct hal_rx_mpdu_info *)tlv_data; + u16 peer_id; + +- peer_id = ab->hw_params.hw_ops->mpdu_info_get_peerid(tlv_data); ++ peer_id = ath11k_hal_rx_mpduinfo_get_peerid(ab, mpdu_info); + if (peer_id) + ppdu_info->peer_id = peer_id; + break; +--- a/drivers/net/wireless/ath/ath11k/hal_rx.h ++++ b/drivers/net/wireless/ath/ath11k/hal_rx.h +@@ -405,7 +405,7 @@ struct hal_rx_phyrx_rssi_legacy_info { + #define HAL_RX_MPDU_INFO_INFO0_PEERID_WCN6855 GENMASK(15, 0) + #define HAL_RX_MPDU_INFO_INFO1_MPDU_LEN GENMASK(13, 0) + +-struct hal_rx_mpdu_info { ++struct hal_rx_mpdu_info_ipq8074 { + __le32 rsvd0; + __le32 info0; + __le32 rsvd1[11]; +@@ -413,12 +413,28 @@ struct hal_rx_mpdu_info { + __le32 rsvd2[9]; + } __packed; + ++struct hal_rx_mpdu_info_qcn9074 { ++ __le32 rsvd0[10]; ++ __le32 info0; ++ __le32 rsvd1[2]; ++ __le32 info1; ++ __le32 rsvd2[9]; ++} __packed; ++ + struct hal_rx_mpdu_info_wcn6855 { + __le32 rsvd0[8]; + __le32 info0; + __le32 rsvd1[14]; + } __packed; + ++struct hal_rx_mpdu_info { ++ union { ++ struct hal_rx_mpdu_info_ipq8074 ipq8074; ++ struct hal_rx_mpdu_info_qcn9074 qcn9074; ++ struct hal_rx_mpdu_info_wcn6855 wcn6855; ++ } u; ++} __packed; ++ + #define HAL_RX_PPDU_END_DURATION GENMASK(23, 0) + struct hal_rx_ppdu_end_duration { + __le32 rsvd0[9]; +--- a/drivers/net/wireless/ath/ath11k/hw.c ++++ b/drivers/net/wireless/ath/ath11k/hw.c +@@ -835,26 +835,35 @@ static void ath11k_hw_ipq5018_reo_setup( + ring_hash_map); + } + +-static u16 ath11k_hw_ipq8074_mpdu_info_get_peerid(u8 *tlv_data) ++static u16 ++ath11k_hw_ipq8074_mpdu_info_get_peerid(struct hal_rx_mpdu_info *mpdu_info) + { + u16 peer_id = 0; +- struct hal_rx_mpdu_info *mpdu_info = +- (struct hal_rx_mpdu_info *)tlv_data; + + peer_id = FIELD_GET(HAL_RX_MPDU_INFO_INFO0_PEERID, +- __le32_to_cpu(mpdu_info->info0)); ++ __le32_to_cpu(mpdu_info->u.ipq8074.info0)); + + return peer_id; + } + +-static u16 ath11k_hw_wcn6855_mpdu_info_get_peerid(u8 *tlv_data) ++static u16 ++ath11k_hw_qcn9074_mpdu_info_get_peerid(struct hal_rx_mpdu_info *mpdu_info) ++{ ++ u16 peer_id = 0; ++ ++ peer_id = FIELD_GET(HAL_RX_MPDU_INFO_INFO0_PEERID, ++ __le32_to_cpu(mpdu_info->u.qcn9074.info0)); ++ ++ return peer_id; ++} ++ ++static u16 ++ath11k_hw_wcn6855_mpdu_info_get_peerid(struct hal_rx_mpdu_info *mpdu_info) + { + u16 peer_id = 0; +- struct hal_rx_mpdu_info_wcn6855 *mpdu_info = +- (struct hal_rx_mpdu_info_wcn6855 *)tlv_data; + + peer_id = FIELD_GET(HAL_RX_MPDU_INFO_INFO0_PEERID_WCN6855, +- __le32_to_cpu(mpdu_info->info0)); ++ __le32_to_cpu(mpdu_info->u.wcn6855.info0)); + return peer_id; + } + +@@ -1042,7 +1051,7 @@ const struct ath11k_hw_ops qcn9074_ops = + .rx_desc_get_attention = ath11k_hw_qcn9074_rx_desc_get_attention, + .rx_desc_get_msdu_payload = ath11k_hw_qcn9074_rx_desc_get_msdu_payload, + .reo_setup = ath11k_hw_ipq8074_reo_setup, +- .mpdu_info_get_peerid = ath11k_hw_ipq8074_mpdu_info_get_peerid, ++ .mpdu_info_get_peerid = ath11k_hw_qcn9074_mpdu_info_get_peerid, + .rx_desc_mac_addr2_valid = ath11k_hw_ipq9074_rx_desc_mac_addr2_valid, + .rx_desc_mpdu_start_addr2 = ath11k_hw_ipq9074_rx_desc_mpdu_start_addr2, + .get_ring_selector = ath11k_hw_ipq8074_get_tcl_ring_selector, +--- a/drivers/net/wireless/ath/ath11k/hw.h ++++ b/drivers/net/wireless/ath/ath11k/hw.h +@@ -263,7 +263,7 @@ struct ath11k_hw_ops { + struct rx_attention *(*rx_desc_get_attention)(struct hal_rx_desc *desc); + u8 *(*rx_desc_get_msdu_payload)(struct hal_rx_desc *desc); + void (*reo_setup)(struct ath11k_base *ab); +- u16 (*mpdu_info_get_peerid)(u8 *tlv_data); ++ u16 (*mpdu_info_get_peerid)(struct hal_rx_mpdu_info *mpdu_info); + bool (*rx_desc_mac_addr2_valid)(struct hal_rx_desc *desc); + u8* (*rx_desc_mpdu_start_addr2)(struct hal_rx_desc *desc); + u32 (*get_ring_selector)(struct sk_buff *skb); diff --git a/package/kernel/mac80211/patches/ath11k/0052-wifi-ath11k-Fix-invalid-management-rx-frame-length-i.patch b/package/kernel/mac80211/patches/ath11k/0052-wifi-ath11k-Fix-invalid-management-rx-frame-length-i.patch new file mode 100644 index 0000000000..0c1637fb04 --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0052-wifi-ath11k-Fix-invalid-management-rx-frame-length-i.patch @@ -0,0 +1,115 @@ +From 447b0398a9cd41ca343dfd43e555af92d6214487 Mon Sep 17 00:00:00 2001 +From: Bhagavathi Perumal S +Date: Fri, 24 Mar 2023 16:57:00 +0200 +Subject: [PATCH] wifi: ath11k: Fix invalid management rx frame length issue + +The WMI management rx event has multiple arrays of TLVs, however the common +WMI TLV parser won't handle multiple TLV tags of same type. +So the multiple array tags of WMI management rx TLV is parsed incorrectly +and the length calculated becomes wrong when the target sends multiple +array tags. + +Add separate TLV parser to handle multiple arrays for WMI management rx +TLV. This fixes invalid length issue when the target sends multiple array +tags. + +Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 + +Signed-off-by: Bhagavathi Perumal S +Co-developed-by: Nagarajan Maran +Signed-off-by: Nagarajan Maran +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20230320133840.30162-1-quic_nmaran@quicinc.com +--- + drivers/net/wireless/ath/ath11k/wmi.c | 45 +++++++++++++++++++++------ + 1 file changed, 35 insertions(+), 10 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/wmi.c ++++ b/drivers/net/wireless/ath/ath11k/wmi.c +@@ -82,6 +82,12 @@ struct wmi_tlv_fw_stats_parse { + bool chain_rssi_done; + }; + ++struct wmi_tlv_mgmt_rx_parse { ++ const struct wmi_mgmt_rx_hdr *fixed; ++ const u8 *frame_buf; ++ bool frame_buf_done; ++}; ++ + static const struct wmi_tlv_policy wmi_tlv_policies[] = { + [WMI_TAG_ARRAY_BYTE] + = { .min_len = 0 }, +@@ -5633,28 +5639,49 @@ static int ath11k_pull_vdev_stopped_para + return 0; + } + ++static int ath11k_wmi_tlv_mgmt_rx_parse(struct ath11k_base *ab, ++ u16 tag, u16 len, ++ const void *ptr, void *data) ++{ ++ struct wmi_tlv_mgmt_rx_parse *parse = data; ++ ++ switch (tag) { ++ case WMI_TAG_MGMT_RX_HDR: ++ parse->fixed = ptr; ++ break; ++ case WMI_TAG_ARRAY_BYTE: ++ if (!parse->frame_buf_done) { ++ parse->frame_buf = ptr; ++ parse->frame_buf_done = true; ++ } ++ break; ++ } ++ return 0; ++} ++ + static int ath11k_pull_mgmt_rx_params_tlv(struct ath11k_base *ab, + struct sk_buff *skb, + struct mgmt_rx_event_params *hdr) + { +- const void **tb; ++ struct wmi_tlv_mgmt_rx_parse parse = { }; + const struct wmi_mgmt_rx_hdr *ev; + const u8 *frame; + int ret; + +- tb = ath11k_wmi_tlv_parse_alloc(ab, skb->data, skb->len, GFP_ATOMIC); +- if (IS_ERR(tb)) { +- ret = PTR_ERR(tb); +- ath11k_warn(ab, "failed to parse tlv: %d\n", ret); ++ ret = ath11k_wmi_tlv_iter(ab, skb->data, skb->len, ++ ath11k_wmi_tlv_mgmt_rx_parse, ++ &parse); ++ if (ret) { ++ ath11k_warn(ab, "failed to parse mgmt rx tlv %d\n", ++ ret); + return ret; + } + +- ev = tb[WMI_TAG_MGMT_RX_HDR]; +- frame = tb[WMI_TAG_ARRAY_BYTE]; ++ ev = parse.fixed; ++ frame = parse.frame_buf; + + if (!ev || !frame) { + ath11k_warn(ab, "failed to fetch mgmt rx hdr"); +- kfree(tb); + return -EPROTO; + } + +@@ -5673,7 +5700,6 @@ static int ath11k_pull_mgmt_rx_params_tl + + if (skb->len < (frame - skb->data) + hdr->buf_len) { + ath11k_warn(ab, "invalid length in mgmt rx hdr ev"); +- kfree(tb); + return -EPROTO; + } + +@@ -5685,7 +5711,6 @@ static int ath11k_pull_mgmt_rx_params_tl + + ath11k_ce_byte_swap(skb->data, hdr->buf_len); + +- kfree(tb); + return 0; + } + diff --git a/package/kernel/mac80211/patches/ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch b/package/kernel/mac80211/patches/ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch new file mode 100644 index 0000000000..7b8a7d4543 --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch @@ -0,0 +1,43 @@ +From 756a7f90878f0866fd2fe167ef37e90b47326b96 Mon Sep 17 00:00:00 2001 +From: P Praneesh +Date: Fri, 24 Mar 2023 16:57:01 +0200 +Subject: [PATCH] wifi: ath11k: fix writing to unintended memory region + +While initializing spectral, the magic value is getting written to the +invalid memory address leading to random boot-up crash. This occurs +due to the incorrect index increment in ath11k_dbring_fill_magic_value +function. Fix it by replacing the existing logic with memset32 to ensure +there is no invalid memory access. + +Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.4.0.1-01838-QCAHKSWPL_SILICONZ-1 + +Fixes: d3d358efc553 ("ath11k: add spectral/CFR buffer validation support") +Signed-off-by: P Praneesh +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20230321052900.16895-1-quic_ppranees@quicinc.com +--- + drivers/net/wireless/ath/ath11k/dbring.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/net/wireless/ath/ath11k/dbring.c ++++ b/drivers/net/wireless/ath/ath11k/dbring.c +@@ -26,13 +26,13 @@ int ath11k_dbring_validate_buffer(struct + static void ath11k_dbring_fill_magic_value(struct ath11k *ar, + void *buffer, u32 size) + { +- u32 *temp; +- int idx; ++ /* memset32 function fills buffer payload with the ATH11K_DB_MAGIC_VALUE ++ * and the variable size is expected to be the number of u32 values ++ * to be stored, not the number of bytes. ++ */ ++ size = size / sizeof(u32); + +- size = size >> 2; +- +- for (idx = 0, temp = buffer; idx < size; idx++, temp++) +- *temp++ = ATH11K_DB_MAGIC_VALUE; ++ memset32(buffer, ATH11K_DB_MAGIC_VALUE, size); + } + + static int ath11k_dbring_bufs_replenish(struct ath11k *ar, diff --git a/package/kernel/mac80211/patches/ath11k/0054-wifi-ath11k-Send-11d-scan-start-before-WMI_START_SCA.patch b/package/kernel/mac80211/patches/ath11k/0054-wifi-ath11k-Send-11d-scan-start-before-WMI_START_SCA.patch new file mode 100644 index 0000000000..0f8e637592 --- /dev/null +++ b/package/kernel/mac80211/patches/ath11k/0054-wifi-ath11k-Send-11d-scan-start-before-WMI_START_SCA.patch @@ -0,0 +1,61 @@ +From e89a51aedf380bc60219dc9afa96c36507060fb3 Mon Sep 17 00:00:00 2001 +From: Manikanta Pubbisetty +Date: Wed, 15 Mar 2023 21:48:17 +0530 +Subject: [PATCH] wifi: ath11k: Send 11d scan start before WMI_START_SCAN_CMDID + +Firmwares advertising the support of triggering 11d algorithm on the +scan results of a regular scan expects driver to send +WMI_11D_SCAN_START_CMDID before sending WMI_START_SCAN_CMDID. +Triggering 11d algorithm on the scan results of a normal scan helps +in completely avoiding a separate 11d scan for determining regdomain. +This indirectly helps in speeding up connections on station +interfaces on the chipsets supporting 11D scan. + +To enable this feature, send WMI_11D_SCAN_START_CMDID just before +sending WMI_START_SCAN_CMDID if the firmware advertises +WMI_TLV_SERVICE_SUPPORT_11D_FOR_HOST_SCAN service flag. + +WCN6750 & WCN6855 supports this feature. + +Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-01160-QCAMSLSWPLZ-1 +Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23 + +Signed-off-by: Manikanta Pubbisetty +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20230315161817.29627-1-quic_mpubbise@quicinc.com +--- + drivers/net/wireless/ath/ath11k/mac.c | 12 ++++++++++++ + drivers/net/wireless/ath/ath11k/wmi.h | 1 + + 2 files changed, 13 insertions(+) + +--- a/drivers/net/wireless/ath/ath11k/mac.c ++++ b/drivers/net/wireless/ath/ath11k/mac.c +@@ -3755,6 +3755,18 @@ static int ath11k_mac_op_hw_scan(struct + int i; + u32 scan_timeout; + ++ /* Firmwares advertising the support of triggering 11D algorithm ++ * on the scan results of a regular scan expects driver to send ++ * WMI_11D_SCAN_START_CMDID before sending WMI_START_SCAN_CMDID. ++ * With this feature, separate 11D scan can be avoided since ++ * regdomain can be determined with the scan results of the ++ * regular scan. ++ */ ++ if (ar->state_11d == ATH11K_11D_PREPARING && ++ test_bit(WMI_TLV_SERVICE_SUPPORT_11D_FOR_HOST_SCAN, ++ ar->ab->wmi_ab.svc_map)) ++ ath11k_mac_11d_scan_start(ar, arvif->vdev_id); ++ + mutex_lock(&ar->conf_mutex); + + spin_lock_bh(&ar->data_lock); +--- a/drivers/net/wireless/ath/ath11k/wmi.h ++++ b/drivers/net/wireless/ath/ath11k/wmi.h +@@ -2103,6 +2103,7 @@ enum wmi_tlv_service { + WMI_TLV_SERVICE_SCAN_CONFIG_PER_CHANNEL = 265, + WMI_TLV_SERVICE_REG_CC_EXT_EVENT_SUPPORT = 281, + WMI_TLV_SERVICE_BIOS_SAR_SUPPORT = 326, ++ WMI_TLV_SERVICE_SUPPORT_11D_FOR_HOST_SCAN = 357, + + /* The third 128 bits */ + WMI_MAX_EXT2_SERVICE = 384 diff --git a/package/kernel/mac80211/patches/ath11k/101-Fix-invalid-management-rx-frame-length-issue.patch b/package/kernel/mac80211/patches/ath11k/101-Fix-invalid-management-rx-frame-length-issue.patch deleted file mode 100644 index 7b650a5342..0000000000 --- a/package/kernel/mac80211/patches/ath11k/101-Fix-invalid-management-rx-frame-length-issue.patch +++ /dev/null @@ -1,202 +0,0 @@ -From patchwork Mon Mar 20 13:38:40 2023 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -X-Patchwork-Submitter: Nagarajan Maran -X-Patchwork-Id: 13181272 -X-Patchwork-Delegate: kvalo@adurom.com -Return-Path: -X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on - aws-us-west-2-korg-lkml-1.web.codeaurora.org -Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) - by smtp.lore.kernel.org (Postfix) with ESMTP id 6F899C6FD1D - for ; - Mon, 20 Mar 2023 13:39:52 +0000 (UTC) -Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand - id S231824AbjCTNjm (ORCPT - ); - Mon, 20 Mar 2023 09:39:42 -0400 -Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44860 "EHLO - lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org - with ESMTP id S231795AbjCTNjT (ORCPT - ); - Mon, 20 Mar 2023 09:39:19 -0400 -Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com - [205.220.180.131]) - by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD4CC1A66C - for ; - Mon, 20 Mar 2023 06:39:10 -0700 (PDT) -Received: from pps.filterd (m0279872.ppops.net [127.0.0.1]) - by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id - 32KBvFZ2004731; - Mon, 20 Mar 2023 13:39:05 GMT -DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; - h=from : to : cc : - subject : date : message-id : mime-version : content-type; s=qcppdkim1; - bh=jMz2u2+gyjJJcj5tuRPYVv0di+sn1S5ni8sqhMu/9Kg=; - b=BNz+KGi99iSZhDkes9KWF52w7CzSYjHOAYXTfBPlCQk7pM1ZZAIsxB8H3zGnapUkas/r - 1FfSr/9GpQ+5F6LsOEhJ4KF4Us8wsGi/jZnw25FoCqH4jPqhHPQzcC4jaVzVtNdjiA/0 - PlEKhMhP6ULKuRkpbM7RDNigSEYSRmhgqbWkVUL69mwPEJi2oHbhQgxFGFO75Rmfk+Gt - 8w4fd4JPJXA1PNOxL3X8nGYxxzxTsUvQi80R1Tm683dJg7fwBKlNOyD/BlmnrBGBeIqv - CMVmf/KTnEUEFt7WWsvQInmEBZG+JH8TvwUAZ9ndRKqA4kCNXqS5+79KGzUuBP80f3yv ow== -Received: from nalasppmta01.qualcomm.com (Global_NAT1.qualcomm.com - [129.46.96.20]) - by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3pen6hrh12-1 - (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 - verify=NOT); - Mon, 20 Mar 2023 13:39:05 +0000 -Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com - [10.47.209.196]) - by NALASPPMTA01.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id - 32KDd4H6010152 - (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 - verify=NOT); - Mon, 20 Mar 2023 13:39:04 GMT -Received: from nmaran-linux.qualcomm.com (10.80.80.8) by - nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server - (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id - 15.2.986.41; Mon, 20 Mar 2023 06:39:02 -0700 -From: Nagarajan Maran -To: -CC: , - Bhagavathi Perumal S , - Nagarajan Maran -Subject: [PATCH] wifi: ath11k: Fix invalid management rx frame length issue -Date: Mon, 20 Mar 2023 19:08:40 +0530 -Message-ID: <20230320133840.30162-1-quic_nmaran@quicinc.com> -X-Mailer: git-send-email 2.17.1 -MIME-Version: 1.0 -X-Originating-IP: [10.80.80.8] -X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To - nalasex01a.na.qualcomm.com (10.47.209.196) -X-QCInternal: smtphost -X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 - signatures=585085 -X-Proofpoint-ORIG-GUID: 8NkXcGNm6eXVpjTaeMT1e0VxZ9FeT59R -X-Proofpoint-GUID: 8NkXcGNm6eXVpjTaeMT1e0VxZ9FeT59R -X-Proofpoint-Virus-Version: vendor=baseguard - engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22 - definitions=2023-03-20_09,2023-03-20_02,2023-02-09_01 -X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 - mlxlogscore=999 - malwarescore=0 priorityscore=1501 mlxscore=0 bulkscore=0 adultscore=0 - spamscore=0 impostorscore=0 phishscore=0 clxscore=1011 suspectscore=0 - lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 - engine=8.12.0-2303150002 definitions=main-2303200115 -Precedence: bulk -List-ID: -X-Mailing-List: linux-wireless@vger.kernel.org - -From: Bhagavathi Perumal S - -The WMI management rx event has multiple arrays of TLVs, however the common -WMI TLV parser won't handle multiple TLV tags of same type. -So the multiple array tags of WMI management rx TLV is parsed incorrectly -and the length calculated becomes wrong when the target sends multiple -array tags. - -Add separate TLV parser to handle multiple arrays for WMI management rx -TLV. This fixes invalid length issue when the target sends multiple array -tags. - -Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 - -Signed-off-by: Bhagavathi Perumal S -Co-developed-by: Nagarajan Maran -Signed-off-by: Nagarajan Maran ---- - drivers/net/wireless/ath/ath11k/wmi.c | 45 +++++++++++++++++++++------ - 1 file changed, 35 insertions(+), 10 deletions(-) - - -base-commit: 3df3715e556027e94246b2cb30986563362a65f4 - ---- a/drivers/net/wireless/ath/ath11k/wmi.c -+++ b/drivers/net/wireless/ath/ath11k/wmi.c -@@ -82,6 +82,12 @@ struct wmi_tlv_fw_stats_parse { - bool chain_rssi_done; - }; - -+struct wmi_tlv_mgmt_rx_parse { -+ const struct wmi_mgmt_rx_hdr *fixed; -+ const u8 *frame_buf; -+ bool frame_buf_done; -+}; -+ - static const struct wmi_tlv_policy wmi_tlv_policies[] = { - [WMI_TAG_ARRAY_BYTE] - = { .min_len = 0 }, -@@ -5633,28 +5639,49 @@ static int ath11k_pull_vdev_stopped_para - return 0; - } - -+static int ath11k_wmi_tlv_mgmt_rx_parse(struct ath11k_base *ab, -+ u16 tag, u16 len, -+ const void *ptr, void *data) -+{ -+ struct wmi_tlv_mgmt_rx_parse *parse = data; -+ -+ switch (tag) { -+ case WMI_TAG_MGMT_RX_HDR: -+ parse->fixed = ptr; -+ break; -+ case WMI_TAG_ARRAY_BYTE: -+ if (!parse->frame_buf_done) { -+ parse->frame_buf = ptr; -+ parse->frame_buf_done = true; -+ } -+ break; -+ } -+ return 0; -+} -+ - static int ath11k_pull_mgmt_rx_params_tlv(struct ath11k_base *ab, - struct sk_buff *skb, - struct mgmt_rx_event_params *hdr) - { -- const void **tb; -+ struct wmi_tlv_mgmt_rx_parse parse = { }; - const struct wmi_mgmt_rx_hdr *ev; - const u8 *frame; - int ret; - -- tb = ath11k_wmi_tlv_parse_alloc(ab, skb->data, skb->len, GFP_ATOMIC); -- if (IS_ERR(tb)) { -- ret = PTR_ERR(tb); -- ath11k_warn(ab, "failed to parse tlv: %d\n", ret); -+ ret = ath11k_wmi_tlv_iter(ab, skb->data, skb->len, -+ ath11k_wmi_tlv_mgmt_rx_parse, -+ &parse); -+ if (ret) { -+ ath11k_warn(ab, "failed to parse mgmt rx tlv %d\n", -+ ret); - return ret; - } - -- ev = tb[WMI_TAG_MGMT_RX_HDR]; -- frame = tb[WMI_TAG_ARRAY_BYTE]; -+ ev = parse.fixed; -+ frame = parse.frame_buf; - - if (!ev || !frame) { - ath11k_warn(ab, "failed to fetch mgmt rx hdr"); -- kfree(tb); - return -EPROTO; - } - -@@ -5673,7 +5700,6 @@ static int ath11k_pull_mgmt_rx_params_tl - - if (skb->len < (frame - skb->data) + hdr->buf_len) { - ath11k_warn(ab, "invalid length in mgmt rx hdr ev"); -- kfree(tb); - return -EPROTO; - } - -@@ -5685,7 +5711,6 @@ static int ath11k_pull_mgmt_rx_params_tl - - ath11k_ce_byte_swap(skb->data, hdr->buf_len); - -- kfree(tb); - return 0; - } - diff --git a/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch b/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch index 87cbcbe315..a93871eca5 100644 --- a/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch +++ b/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch @@ -31,7 +31,7 @@ Signed-off-by: Robert Marko { .hw_rev = ATH11K_HW_IPQ8074, .name = "ipq8074 hw2.0", -@@ -1919,7 +1919,8 @@ static void ath11k_core_reset(struct wor +@@ -1911,7 +1911,8 @@ static void ath11k_core_reset(struct wor static int ath11k_init_hw_params(struct ath11k_base *ab) { const struct ath11k_hw_params *hw_params = NULL; @@ -41,7 +41,7 @@ Signed-off-by: Robert Marko for (i = 0; i < ARRAY_SIZE(ath11k_hw_params); i++) { hw_params = &ath11k_hw_params[i]; -@@ -1935,7 +1936,30 @@ static int ath11k_init_hw_params(struct +@@ -1927,7 +1928,30 @@ static int ath11k_init_hw_params(struct ab->hw_params = *hw_params; diff --git a/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch b/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch index 61abb847d0..b5d9473597 100644 --- a/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch +++ b/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch @@ -16,7 +16,7 @@ Signed-off-by: Robert Marko --- a/drivers/net/wireless/ath/ath11k/mac.c +++ b/drivers/net/wireless/ath/ath11k/mac.c -@@ -5552,10 +5552,6 @@ static int ath11k_mac_copy_he_cap(struct +@@ -5585,10 +5585,6 @@ static int ath11k_mac_copy_he_cap(struct he_cap_elem->mac_cap_info[1] &= IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_MASK;