[PATCH ath-current] wifi: ath12k: fix EAPOL TX failure caused by stale tcl_metadata bits
Rameshkumar Sundaram
rameshkumar.sundaram at oss.qualcomm.com
Tue Jun 9 04:06:06 PDT 2026
On 6/9/2026 7:40 AM, Baochen Qiang wrote:
> On WCN7850, after the following sequence:
>
> 1. load ath12k and connect to a non-MLO AP
> 2. disconnect and connect to an MLO AP
> 3. disconnect and reconnect to the non-MLO AP
>
> the third connection always fails with a 4-Way handshake timeout. The
> supplicant transmits message 2 of 4 four times in response to AP
> retries of message 1, but the AP never sees any of them.
>
> ath12k_dp_vdev_tx_attach() composes dp_link_vif->tcl_metadata using |=,
> but dp_link_vif is embedded in struct ath12k_dp_vif and its slots are
> reused across vif/peer teardown and setup. Since tcl_metadata is never
> cleared on detach, vdev_id bits from a previous attach remain set when
> the same link slot is reused with a different vdev_id. In this specific
> issue, the same link slot is used for vdev_id 0, then vdev_id 1, then
> vdev_id 0 again, the OR yields tcl_metadata == 0x9, which encodes
> vdev_id 1 in the HTT_TCL_META_DATA_VDEV_ID field even though
> ti.vdev_id is 0. Firmware then routes the EAPOL frame to the wrong
> vdev and the AP never receives message 2.
>
> Use plain assignment instead of |= so the field is fully recomputed
> from the current arvif on every attach.
>
> Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c7-00108-QCAHMTSWPL_V1.0_V2.0_SILICONZ_UPSTREAM-3
>
> Fixes: af66c7640cf9 ("wifi: ath12k: Refactor ath12k_vif structure")
> Signed-off-by: Baochen Qiang <baochen.qiang at oss.qualcomm.com>
Reviewed-by: Rameshkumar Sundaram <rameshkumar.sundaram at oss.qualcomm.com>
More information about the ath12k
mailing list