[openwrt/openwrt] mac80211: ath11k: sync with ath-next
LEDE Commits
lede-commits at lists.infradead.org
Wed Apr 12 07:06:51 PDT 2023
ansuel pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/930e702d72b0fc593441c92519cc6515e4f784cc
commit 930e702d72b0fc593441c92519cc6515e4f784cc
Author: Robert Marko <robimarko at gmail.com>
AuthorDate: Wed Apr 12 13:17:03 2023 +0200
mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.
This replaces the management TLV pending fix with the upstreamed one,
fixes traffic flooding when AP and monitor modes are used at the same time,
fixes QCN9074 always showing -95 dBm for station RSSI in dumps,
fixes potential crash on boot if spectral scan is enabled due to writing to
unitialized memory and adds 11d scan offloading for WCN6750 and WCN6855.
Signed-off-by: Robert Marko <robimarko at gmail.com>
---
...-fix-BUFFER_DONE-read-on-monitor-ring-rx-.patch | 130 +++++++++++++
...0049-wifi-ath11k-Optimize-6-GHz-scan-time.patch | 101 +++++++++++
...-Configure-the-FTM-responder-role-using-f.patch | 117 ++++++++++++
...-fix-rssi-station-dump-not-updated-in-QCN.patch | 158 ++++++++++++++++
...-Fix-invalid-management-rx-frame-length-i.patch | 115 ++++++++++++
...k-fix-writing-to-unintended-memory-region.patch | 43 +++++
...-Send-11d-scan-start-before-WMI_START_SCA.patch | 61 +++++++
...-invalid-management-rx-frame-length-issue.patch | 202 ---------------------
...11k-support-setting-FW-memory-mode-via-DT.patch | 4 +-
.../904-wifi-ath11k-restore-160MHz-support.patch | 2 +-
10 files changed, 728 insertions(+), 205 deletions(-)
diff --git a/package/kernel/mac80211/patches/ath11k/0048-wifi-ath11k-fix-BUFFER_DONE-read-on-monitor-ring-rx-.patch b/package/kernel/mac80211/patches/ath11k/0048-wifi-ath11k-fix-BUFFER_DONE-read-on-monitor-ring-rx-.patch
new file mode 100644
index 0000000000..3e22645331
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0048-wifi-ath11k-fix-BUFFER_DONE-read-on-monitor-ring-rx-.patch
@@ -0,0 +1,130 @@
+From 68e93ac5a31d4975b25f819b2dfe914c72abc3bb Mon Sep 17 00:00:00 2001
+From: Harshitha Prem <quic_hprem at quicinc.com>
+Date: Wed, 15 Mar 2023 12:24:43 +0200
+Subject: [PATCH] wifi: ath11k: fix BUFFER_DONE read on monitor ring rx buffer
+
+Perform dma_sync_single_for_cpu() on monitor ring rx buffer before
+reading BUFFER_DONE tag and do dma_unmap_single() only after device
+had set BUFFER_DONE tag to the buffer.
+
+Also when BUFFER_DONE tag is not set, allow the buffer to get read
+next time without freeing skb.
+
+This helps to fix AP+Monitor VAP with flood traffic scenario to see
+monitor ring rx buffer overrun missing BUFFER_DONE tag to be set.
+
+Also remove redundant rx dma buf free performed on DP
+rx_mon_status_refill_ring.
+
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Sathishkumar Muruganandam <quic_murugana at quicinc.com>
+Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230309164434.32660-1-quic_hprem@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 57 ++++++++++---------------
+ 1 file changed, 23 insertions(+), 34 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -435,7 +435,6 @@ fail_free_skb:
+ static int ath11k_dp_rxdma_buf_ring_free(struct ath11k *ar,
+ struct dp_rxdma_ring *rx_ring)
+ {
+- struct ath11k_pdev_dp *dp = &ar->dp;
+ struct sk_buff *skb;
+ int buf_id;
+
+@@ -453,28 +452,6 @@ static int ath11k_dp_rxdma_buf_ring_free
+ idr_destroy(&rx_ring->bufs_idr);
+ spin_unlock_bh(&rx_ring->idr_lock);
+
+- /* if rxdma1_enable is false, mon_status_refill_ring
+- * isn't setup, so don't clean.
+- */
+- if (!ar->ab->hw_params.rxdma1_enable)
+- return 0;
+-
+- rx_ring = &dp->rx_mon_status_refill_ring[0];
+-
+- spin_lock_bh(&rx_ring->idr_lock);
+- idr_for_each_entry(&rx_ring->bufs_idr, skb, buf_id) {
+- idr_remove(&rx_ring->bufs_idr, buf_id);
+- /* XXX: Understand where internal driver does this dma_unmap
+- * of rxdma_buffer.
+- */
+- dma_unmap_single(ar->ab->dev, ATH11K_SKB_RXCB(skb)->paddr,
+- skb->len + skb_tailroom(skb), DMA_BIDIRECTIONAL);
+- dev_kfree_skb_any(skb);
+- }
+-
+- idr_destroy(&rx_ring->bufs_idr);
+- spin_unlock_bh(&rx_ring->idr_lock);
+-
+ return 0;
+ }
+
+@@ -3029,39 +3006,51 @@ static int ath11k_dp_rx_reap_mon_status_
+
+ spin_lock_bh(&rx_ring->idr_lock);
+ skb = idr_find(&rx_ring->bufs_idr, buf_id);
++ spin_unlock_bh(&rx_ring->idr_lock);
++
+ if (!skb) {
+ ath11k_warn(ab, "rx monitor status with invalid buf_id %d\n",
+ buf_id);
+- spin_unlock_bh(&rx_ring->idr_lock);
+ pmon->buf_state = DP_MON_STATUS_REPLINISH;
+ goto move_next;
+ }
+
+- idr_remove(&rx_ring->bufs_idr, buf_id);
+- spin_unlock_bh(&rx_ring->idr_lock);
+-
+ rxcb = ATH11K_SKB_RXCB(skb);
+
+- dma_unmap_single(ab->dev, rxcb->paddr,
+- skb->len + skb_tailroom(skb),
+- DMA_FROM_DEVICE);
++ dma_sync_single_for_cpu(ab->dev, rxcb->paddr,
++ skb->len + skb_tailroom(skb),
++ DMA_FROM_DEVICE);
+
+ tlv = (struct hal_tlv_hdr *)skb->data;
+ if (FIELD_GET(HAL_TLV_HDR_TAG, tlv->tl) !=
+ HAL_RX_STATUS_BUFFER_DONE) {
+- ath11k_warn(ab, "mon status DONE not set %lx\n",
++ ath11k_warn(ab, "mon status DONE not set %lx, buf_id %d\n",
+ FIELD_GET(HAL_TLV_HDR_TAG,
+- tlv->tl));
+- dev_kfree_skb_any(skb);
++ tlv->tl), buf_id);
++ /* If done status is missing, hold onto status
++ * ring until status is done for this status
++ * ring buffer.
++ * Keep HP in mon_status_ring unchanged,
++ * and break from here.
++ * Check status for same buffer for next time
++ */
+ pmon->buf_state = DP_MON_STATUS_NO_DMA;
+- goto move_next;
++ break;
+ }
+
++ spin_lock_bh(&rx_ring->idr_lock);
++ idr_remove(&rx_ring->bufs_idr, buf_id);
++ spin_unlock_bh(&rx_ring->idr_lock);
+ if (ab->hw_params.full_monitor_mode) {
+ ath11k_dp_rx_mon_update_status_buf_state(pmon, tlv);
+ if (paddr == pmon->mon_status_paddr)
+ pmon->buf_state = DP_MON_STATUS_MATCH;
+ }
++
++ dma_unmap_single(ab->dev, rxcb->paddr,
++ skb->len + skb_tailroom(skb),
++ DMA_FROM_DEVICE);
++
+ __skb_queue_tail(skb_list, skb);
+ } else {
+ pmon->buf_state = DP_MON_STATUS_REPLINISH;
diff --git a/package/kernel/mac80211/patches/ath11k/0049-wifi-ath11k-Optimize-6-GHz-scan-time.patch b/package/kernel/mac80211/patches/ath11k/0049-wifi-ath11k-Optimize-6-GHz-scan-time.patch
new file mode 100644
index 0000000000..f468990feb
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0049-wifi-ath11k-Optimize-6-GHz-scan-time.patch
@@ -0,0 +1,101 @@
+From 8b4d2f080afbd4280ecca0f4b3ceea943a7a86d0 Mon Sep 17 00:00:00 2001
+From: Manikanta Pubbisetty <quic_mpubbise at quicinc.com>
+Date: Thu, 23 Mar 2023 11:39:13 +0530
+Subject: [PATCH] wifi: ath11k: Optimize 6 GHz scan time
+
+Currently, time taken to scan all supported channels on WCN6750
+is ~8 seconds and connection time is almost 10 seconds. WCN6750
+supports three Wi-Fi bands (i.e., 2.4/5/6 GHz) and the numbers of
+channels for scan come around ~100 channels (default case).
+Since the chip doesn't have support for DBS (Dual Band Simultaneous),
+scans cannot be parallelized resulting in longer scan times.
+
+Among the 100 odd channels, ~60 channels are in 6 GHz band. Therefore,
+optimizing the scan for 6 GHz channels will bring down the overall
+scan time.
+
+WCN6750 firmware has support to scan a 6 GHz channel based on co-located
+AP information i.e., RNR IE which is found in the legacy 2.4/5 GHz scan
+results. When a scan request with all supported channel list is enqueued
+to the firmware, then based on WMI_SCAN_CHAN_FLAG_SCAN_ONLY_IF_RNR_FOUND
+scan channel flag, firmware will scan only those 6 GHz channels for which
+RNR IEs are found in the legacy scan results.
+
+In the proposed design, based on NL80211_SCAN_FLAG_COLOCATED_6GHZ scan
+flag, driver will set the WMI_SCAN_CHAN_FLAG_SCAN_ONLY_IF_RNR_FOUND flag
+for non-PSC channels. Since there is high probability to find 6 GHz APs
+on PSC channels, these channels are always scanned. Only non-PSC channels
+are selectively scanned based on cached RNR information from the legacy
+scan results.
+
+If NL80211_SCAN_FLAG_COLOCATED_6GHZ is not set in the scan flags,
+then scan will happen on all supported channels (default behavior).
+
+With these optimizations, scan time is improved by 1.5-1.8 seconds on
+WCN6750. Similar savings have been observed on WCN6855.
+
+Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1
+Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.16
+
+Signed-off-by: Manikanta Pubbisetty <quic_mpubbise at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230323060913.10097-1-quic_mpubbise@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/mac.c | 25 +++++++++++++++++++++++--
+ drivers/net/wireless/ath/ath11k/wmi.h | 4 ++++
+ 2 files changed, 27 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/mac.c
++++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -3819,8 +3819,29 @@ static int ath11k_mac_op_hw_scan(struct
+ goto exit;
+ }
+
+- for (i = 0; i < arg->num_chan; i++)
+- arg->chan_list[i] = req->channels[i]->center_freq;
++ for (i = 0; i < arg->num_chan; i++) {
++ if (test_bit(WMI_TLV_SERVICE_SCAN_CONFIG_PER_CHANNEL,
++ ar->ab->wmi_ab.svc_map)) {
++ arg->chan_list[i] =
++ u32_encode_bits(req->channels[i]->center_freq,
++ WMI_SCAN_CONFIG_PER_CHANNEL_MASK);
++
++ /* If NL80211_SCAN_FLAG_COLOCATED_6GHZ is set in scan
++ * flags, then scan all PSC channels in 6 GHz band and
++ * those non-PSC channels where RNR IE is found during
++ * the legacy 2.4/5 GHz scan.
++ * If NL80211_SCAN_FLAG_COLOCATED_6GHZ is not set,
++ * then all channels in 6 GHz will be scanned.
++ */
++ if (req->channels[i]->band == NL80211_BAND_6GHZ &&
++ req->flags & NL80211_SCAN_FLAG_COLOCATED_6GHZ &&
++ !cfg80211_channel_is_psc(req->channels[i]))
++ arg->chan_list[i] |=
++ WMI_SCAN_CH_FLAG_SCAN_ONLY_IF_RNR_FOUND;
++ } else {
++ arg->chan_list[i] = req->channels[i]->center_freq;
++ }
++ }
+ }
+
+ if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
+--- a/drivers/net/wireless/ath/ath11k/wmi.h
++++ b/drivers/net/wireless/ath/ath11k/wmi.h
+@@ -2100,6 +2100,7 @@ enum wmi_tlv_service {
+
+ /* The second 128 bits */
+ WMI_MAX_EXT_SERVICE = 256,
++ WMI_TLV_SERVICE_SCAN_CONFIG_PER_CHANNEL = 265,
+ WMI_TLV_SERVICE_REG_CC_EXT_EVENT_SUPPORT = 281,
+ WMI_TLV_SERVICE_BIOS_SAR_SUPPORT = 326,
+
+@@ -3249,6 +3250,9 @@ struct wmi_start_scan_cmd {
+ #define WMI_SCAN_DWELL_MODE_SHIFT 21
+ #define WMI_SCAN_FLAG_EXT_PASSIVE_SCAN_START_TIME_ENHANCE 0x00000800
+
++#define WMI_SCAN_CONFIG_PER_CHANNEL_MASK GENMASK(19, 0)
++#define WMI_SCAN_CH_FLAG_SCAN_ONLY_IF_RNR_FOUND BIT(20)
++
+ enum {
+ WMI_SCAN_DWELL_MODE_DEFAULT = 0,
+ WMI_SCAN_DWELL_MODE_CONSERVATIVE = 1,
diff --git a/package/kernel/mac80211/patches/ath11k/0050-wifi-ath11k-Configure-the-FTM-responder-role-using-f.patch b/package/kernel/mac80211/patches/ath11k/0050-wifi-ath11k-Configure-the-FTM-responder-role-using-f.patch
new file mode 100644
index 0000000000..bca08b177f
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0050-wifi-ath11k-Configure-the-FTM-responder-role-using-f.patch
@@ -0,0 +1,117 @@
+From 813968c24126cc5c8320cd5db0e262069a535063 Mon Sep 17 00:00:00 2001
+From: Ganesh Babu Jothiram <quic_gjothira at quicinc.com>
+Date: Fri, 24 Mar 2023 16:57:00 +0200
+Subject: [PATCH] wifi: ath11k: Configure the FTM responder role using firmware
+ capability flag
+
+Fine Time Measurement(FTM) is offloaded feature to firmware.
+Hence, the configuration of FTM responder role is done using
+firmware capability flag instead of hw param.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Ganesh Babu Jothiram <quic_gjothira at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230317072034.8217-1-quic_gjothira@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/core.c | 8 --------
+ drivers/net/wireless/ath/ath11k/hw.h | 1 -
+ drivers/net/wireless/ath/ath11k/mac.c | 4 ++--
+ 3 files changed, 2 insertions(+), 11 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/core.c
++++ b/drivers/net/wireless/ath/ath11k/core.c
+@@ -116,7 +116,6 @@ static const struct ath11k_hw_params ath
+ .tcl_ring_retry = true,
+ .tx_ring_size = DP_TCL_DATA_RING_SIZE,
+ .smp2p_wow_exit = false,
+- .ftm_responder = true,
+ },
+ {
+ .hw_rev = ATH11K_HW_IPQ6018_HW10,
+@@ -199,7 +198,6 @@ static const struct ath11k_hw_params ath
+ .tx_ring_size = DP_TCL_DATA_RING_SIZE,
+ .smp2p_wow_exit = false,
+ .support_fw_mac_sequence = false,
+- .ftm_responder = true,
+ },
+ {
+ .name = "qca6390 hw2.0",
+@@ -284,7 +282,6 @@ static const struct ath11k_hw_params ath
+ .tx_ring_size = DP_TCL_DATA_RING_SIZE,
+ .smp2p_wow_exit = false,
+ .support_fw_mac_sequence = true,
+- .ftm_responder = false,
+ },
+ {
+ .name = "qcn9074 hw1.0",
+@@ -366,7 +363,6 @@ static const struct ath11k_hw_params ath
+ .tx_ring_size = DP_TCL_DATA_RING_SIZE,
+ .smp2p_wow_exit = false,
+ .support_fw_mac_sequence = false,
+- .ftm_responder = true,
+ },
+ {
+ .name = "wcn6855 hw2.0",
+@@ -451,7 +447,6 @@ static const struct ath11k_hw_params ath
+ .tx_ring_size = DP_TCL_DATA_RING_SIZE,
+ .smp2p_wow_exit = false,
+ .support_fw_mac_sequence = true,
+- .ftm_responder = false,
+ },
+ {
+ .name = "wcn6855 hw2.1",
+@@ -534,7 +529,6 @@ static const struct ath11k_hw_params ath
+ .tx_ring_size = DP_TCL_DATA_RING_SIZE,
+ .smp2p_wow_exit = false,
+ .support_fw_mac_sequence = true,
+- .ftm_responder = false,
+ },
+ {
+ .name = "wcn6750 hw1.0",
+@@ -615,7 +609,6 @@ static const struct ath11k_hw_params ath
+ .tx_ring_size = DP_TCL_DATA_RING_SIZE_WCN6750,
+ .smp2p_wow_exit = true,
+ .support_fw_mac_sequence = true,
+- .ftm_responder = false,
+ },
+ {
+ .hw_rev = ATH11K_HW_IPQ5018_HW10,
+@@ -695,7 +688,6 @@ static const struct ath11k_hw_params ath
+ .tx_ring_size = DP_TCL_DATA_RING_SIZE,
+ .smp2p_wow_exit = false,
+ .support_fw_mac_sequence = false,
+- .ftm_responder = true,
+ },
+ };
+
+--- a/drivers/net/wireless/ath/ath11k/hw.h
++++ b/drivers/net/wireless/ath/ath11k/hw.h
+@@ -224,7 +224,6 @@ struct ath11k_hw_params {
+ u32 tx_ring_size;
+ bool smp2p_wow_exit;
+ bool support_fw_mac_sequence;
+- bool ftm_responder;
+ };
+
+ struct ath11k_hw_ops {
+--- a/drivers/net/wireless/ath/ath11k/mac.c
++++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -3538,7 +3538,7 @@ static void ath11k_mac_op_bss_info_chang
+
+ if (changed & BSS_CHANGED_FTM_RESPONDER &&
+ arvif->ftm_responder != info->ftm_responder &&
+- ar->ab->hw_params.ftm_responder &&
++ test_bit(WMI_TLV_SERVICE_RTT, ar->ab->wmi_ab.svc_map) &&
+ (vif->type == NL80211_IFTYPE_AP ||
+ vif->type == NL80211_IFTYPE_MESH_POINT)) {
+ arvif->ftm_responder = info->ftm_responder;
+@@ -9234,7 +9234,7 @@ static int __ath11k_mac_register(struct
+ wiphy_ext_feature_set(ar->hw->wiphy,
+ NL80211_EXT_FEATURE_SET_SCAN_DWELL);
+
+- if (ab->hw_params.ftm_responder)
++ if (test_bit(WMI_TLV_SERVICE_RTT, ar->ab->wmi_ab.svc_map))
+ wiphy_ext_feature_set(ar->hw->wiphy,
+ NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER);
+
diff --git a/package/kernel/mac80211/patches/ath11k/0051-wifi-ath11k-fix-rssi-station-dump-not-updated-in-QCN.patch b/package/kernel/mac80211/patches/ath11k/0051-wifi-ath11k-fix-rssi-station-dump-not-updated-in-QCN.patch
new file mode 100644
index 0000000000..835dece1fe
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0051-wifi-ath11k-fix-rssi-station-dump-not-updated-in-QCN.patch
@@ -0,0 +1,158 @@
+From 031ffa6c2cd305a57ccc6d610f2decd956b2e7f6 Mon Sep 17 00:00:00 2001
+From: P Praneesh <quic_ppranees at quicinc.com>
+Date: Fri, 24 Mar 2023 16:57:00 +0200
+Subject: [PATCH] wifi: ath11k: fix rssi station dump not updated in QCN9074
+
+In QCN9074, station dump signal values display default value which
+is -95 dbm, since there is firmware header change for HAL_RX_MPDU_START
+between QCN9074 and IPQ8074 which cause wrong peer_id fetch from msdu.
+Fix this by updating hal_rx_mpdu_info with corresponding QCN9074 tlv
+format.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.4.0.1-01695-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: P Praneesh <quic_ppranees at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230320110312.20639-1-quic_ppranees@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/hal_rx.c | 10 ++++++++-
+ drivers/net/wireless/ath/ath11k/hal_rx.h | 18 +++++++++++++++-
+ drivers/net/wireless/ath/ath11k/hw.c | 27 ++++++++++++++++--------
+ drivers/net/wireless/ath/ath11k/hw.h | 2 +-
+ 4 files changed, 45 insertions(+), 12 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/hal_rx.c
++++ b/drivers/net/wireless/ath/ath11k/hal_rx.c
+@@ -865,6 +865,12 @@ ath11k_hal_rx_populate_mu_user_info(void
+ ath11k_hal_rx_populate_byte_count(rx_tlv, ppdu_info, rx_user_status);
+ }
+
++static u16 ath11k_hal_rx_mpduinfo_get_peerid(struct ath11k_base *ab,
++ struct hal_rx_mpdu_info *mpdu_info)
++{
++ return ab->hw_params.hw_ops->mpdu_info_get_peerid(mpdu_info);
++}
++
+ static enum hal_rx_mon_status
+ ath11k_hal_rx_parse_mon_status_tlv(struct ath11k_base *ab,
+ struct hal_rx_mon_ppdu_info *ppdu_info,
+@@ -1459,9 +1465,11 @@ ath11k_hal_rx_parse_mon_status_tlv(struc
+ break;
+ }
+ case HAL_RX_MPDU_START: {
++ struct hal_rx_mpdu_info *mpdu_info =
++ (struct hal_rx_mpdu_info *)tlv_data;
+ u16 peer_id;
+
+- peer_id = ab->hw_params.hw_ops->mpdu_info_get_peerid(tlv_data);
++ peer_id = ath11k_hal_rx_mpduinfo_get_peerid(ab, mpdu_info);
+ if (peer_id)
+ ppdu_info->peer_id = peer_id;
+ break;
+--- a/drivers/net/wireless/ath/ath11k/hal_rx.h
++++ b/drivers/net/wireless/ath/ath11k/hal_rx.h
+@@ -405,7 +405,7 @@ struct hal_rx_phyrx_rssi_legacy_info {
+ #define HAL_RX_MPDU_INFO_INFO0_PEERID_WCN6855 GENMASK(15, 0)
+ #define HAL_RX_MPDU_INFO_INFO1_MPDU_LEN GENMASK(13, 0)
+
+-struct hal_rx_mpdu_info {
++struct hal_rx_mpdu_info_ipq8074 {
+ __le32 rsvd0;
+ __le32 info0;
+ __le32 rsvd1[11];
+@@ -413,12 +413,28 @@ struct hal_rx_mpdu_info {
+ __le32 rsvd2[9];
+ } __packed;
+
++struct hal_rx_mpdu_info_qcn9074 {
++ __le32 rsvd0[10];
++ __le32 info0;
++ __le32 rsvd1[2];
++ __le32 info1;
++ __le32 rsvd2[9];
++} __packed;
++
+ struct hal_rx_mpdu_info_wcn6855 {
+ __le32 rsvd0[8];
+ __le32 info0;
+ __le32 rsvd1[14];
+ } __packed;
+
++struct hal_rx_mpdu_info {
++ union {
++ struct hal_rx_mpdu_info_ipq8074 ipq8074;
++ struct hal_rx_mpdu_info_qcn9074 qcn9074;
++ struct hal_rx_mpdu_info_wcn6855 wcn6855;
++ } u;
++} __packed;
++
+ #define HAL_RX_PPDU_END_DURATION GENMASK(23, 0)
+ struct hal_rx_ppdu_end_duration {
+ __le32 rsvd0[9];
+--- a/drivers/net/wireless/ath/ath11k/hw.c
++++ b/drivers/net/wireless/ath/ath11k/hw.c
+@@ -835,26 +835,35 @@ static void ath11k_hw_ipq5018_reo_setup(
+ ring_hash_map);
+ }
+
+-static u16 ath11k_hw_ipq8074_mpdu_info_get_peerid(u8 *tlv_data)
++static u16
++ath11k_hw_ipq8074_mpdu_info_get_peerid(struct hal_rx_mpdu_info *mpdu_info)
+ {
+ u16 peer_id = 0;
+- struct hal_rx_mpdu_info *mpdu_info =
+- (struct hal_rx_mpdu_info *)tlv_data;
+
+ peer_id = FIELD_GET(HAL_RX_MPDU_INFO_INFO0_PEERID,
+- __le32_to_cpu(mpdu_info->info0));
++ __le32_to_cpu(mpdu_info->u.ipq8074.info0));
+
+ return peer_id;
+ }
+
+-static u16 ath11k_hw_wcn6855_mpdu_info_get_peerid(u8 *tlv_data)
++static u16
++ath11k_hw_qcn9074_mpdu_info_get_peerid(struct hal_rx_mpdu_info *mpdu_info)
++{
++ u16 peer_id = 0;
++
++ peer_id = FIELD_GET(HAL_RX_MPDU_INFO_INFO0_PEERID,
++ __le32_to_cpu(mpdu_info->u.qcn9074.info0));
++
++ return peer_id;
++}
++
++static u16
++ath11k_hw_wcn6855_mpdu_info_get_peerid(struct hal_rx_mpdu_info *mpdu_info)
+ {
+ u16 peer_id = 0;
+- struct hal_rx_mpdu_info_wcn6855 *mpdu_info =
+- (struct hal_rx_mpdu_info_wcn6855 *)tlv_data;
+
+ peer_id = FIELD_GET(HAL_RX_MPDU_INFO_INFO0_PEERID_WCN6855,
+- __le32_to_cpu(mpdu_info->info0));
++ __le32_to_cpu(mpdu_info->u.wcn6855.info0));
+ return peer_id;
+ }
+
+@@ -1042,7 +1051,7 @@ const struct ath11k_hw_ops qcn9074_ops =
+ .rx_desc_get_attention = ath11k_hw_qcn9074_rx_desc_get_attention,
+ .rx_desc_get_msdu_payload = ath11k_hw_qcn9074_rx_desc_get_msdu_payload,
+ .reo_setup = ath11k_hw_ipq8074_reo_setup,
+- .mpdu_info_get_peerid = ath11k_hw_ipq8074_mpdu_info_get_peerid,
++ .mpdu_info_get_peerid = ath11k_hw_qcn9074_mpdu_info_get_peerid,
+ .rx_desc_mac_addr2_valid = ath11k_hw_ipq9074_rx_desc_mac_addr2_valid,
+ .rx_desc_mpdu_start_addr2 = ath11k_hw_ipq9074_rx_desc_mpdu_start_addr2,
+ .get_ring_selector = ath11k_hw_ipq8074_get_tcl_ring_selector,
+--- a/drivers/net/wireless/ath/ath11k/hw.h
++++ b/drivers/net/wireless/ath/ath11k/hw.h
+@@ -263,7 +263,7 @@ struct ath11k_hw_ops {
+ struct rx_attention *(*rx_desc_get_attention)(struct hal_rx_desc *desc);
+ u8 *(*rx_desc_get_msdu_payload)(struct hal_rx_desc *desc);
+ void (*reo_setup)(struct ath11k_base *ab);
+- u16 (*mpdu_info_get_peerid)(u8 *tlv_data);
++ u16 (*mpdu_info_get_peerid)(struct hal_rx_mpdu_info *mpdu_info);
+ bool (*rx_desc_mac_addr2_valid)(struct hal_rx_desc *desc);
+ u8* (*rx_desc_mpdu_start_addr2)(struct hal_rx_desc *desc);
+ u32 (*get_ring_selector)(struct sk_buff *skb);
diff --git a/package/kernel/mac80211/patches/ath11k/0052-wifi-ath11k-Fix-invalid-management-rx-frame-length-i.patch b/package/kernel/mac80211/patches/ath11k/0052-wifi-ath11k-Fix-invalid-management-rx-frame-length-i.patch
new file mode 100644
index 0000000000..0c1637fb04
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0052-wifi-ath11k-Fix-invalid-management-rx-frame-length-i.patch
@@ -0,0 +1,115 @@
+From 447b0398a9cd41ca343dfd43e555af92d6214487 Mon Sep 17 00:00:00 2001
+From: Bhagavathi Perumal S <quic_bperumal at quicinc.com>
+Date: Fri, 24 Mar 2023 16:57:00 +0200
+Subject: [PATCH] wifi: ath11k: Fix invalid management rx frame length issue
+
+The WMI management rx event has multiple arrays of TLVs, however the common
+WMI TLV parser won't handle multiple TLV tags of same type.
+So the multiple array tags of WMI management rx TLV is parsed incorrectly
+and the length calculated becomes wrong when the target sends multiple
+array tags.
+
+Add separate TLV parser to handle multiple arrays for WMI management rx
+TLV. This fixes invalid length issue when the target sends multiple array
+tags.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Bhagavathi Perumal S <quic_bperumal at quicinc.com>
+Co-developed-by: Nagarajan Maran <quic_nmaran at quicinc.com>
+Signed-off-by: Nagarajan Maran <quic_nmaran at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230320133840.30162-1-quic_nmaran@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/wmi.c | 45 +++++++++++++++++++++------
+ 1 file changed, 35 insertions(+), 10 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/wmi.c
++++ b/drivers/net/wireless/ath/ath11k/wmi.c
+@@ -82,6 +82,12 @@ struct wmi_tlv_fw_stats_parse {
+ bool chain_rssi_done;
+ };
+
++struct wmi_tlv_mgmt_rx_parse {
++ const struct wmi_mgmt_rx_hdr *fixed;
++ const u8 *frame_buf;
++ bool frame_buf_done;
++};
++
+ static const struct wmi_tlv_policy wmi_tlv_policies[] = {
+ [WMI_TAG_ARRAY_BYTE]
+ = { .min_len = 0 },
+@@ -5633,28 +5639,49 @@ static int ath11k_pull_vdev_stopped_para
+ return 0;
+ }
+
++static int ath11k_wmi_tlv_mgmt_rx_parse(struct ath11k_base *ab,
++ u16 tag, u16 len,
++ const void *ptr, void *data)
++{
++ struct wmi_tlv_mgmt_rx_parse *parse = data;
++
++ switch (tag) {
++ case WMI_TAG_MGMT_RX_HDR:
++ parse->fixed = ptr;
++ break;
++ case WMI_TAG_ARRAY_BYTE:
++ if (!parse->frame_buf_done) {
++ parse->frame_buf = ptr;
++ parse->frame_buf_done = true;
++ }
++ break;
++ }
++ return 0;
++}
++
+ static int ath11k_pull_mgmt_rx_params_tlv(struct ath11k_base *ab,
+ struct sk_buff *skb,
+ struct mgmt_rx_event_params *hdr)
+ {
+- const void **tb;
++ struct wmi_tlv_mgmt_rx_parse parse = { };
+ const struct wmi_mgmt_rx_hdr *ev;
+ const u8 *frame;
+ int ret;
+
+- tb = ath11k_wmi_tlv_parse_alloc(ab, skb->data, skb->len, GFP_ATOMIC);
+- if (IS_ERR(tb)) {
+- ret = PTR_ERR(tb);
+- ath11k_warn(ab, "failed to parse tlv: %d\n", ret);
++ ret = ath11k_wmi_tlv_iter(ab, skb->data, skb->len,
++ ath11k_wmi_tlv_mgmt_rx_parse,
++ &parse);
++ if (ret) {
++ ath11k_warn(ab, "failed to parse mgmt rx tlv %d\n",
++ ret);
+ return ret;
+ }
+
+- ev = tb[WMI_TAG_MGMT_RX_HDR];
+- frame = tb[WMI_TAG_ARRAY_BYTE];
++ ev = parse.fixed;
++ frame = parse.frame_buf;
+
+ if (!ev || !frame) {
+ ath11k_warn(ab, "failed to fetch mgmt rx hdr");
+- kfree(tb);
+ return -EPROTO;
+ }
+
+@@ -5673,7 +5700,6 @@ static int ath11k_pull_mgmt_rx_params_tl
+
+ if (skb->len < (frame - skb->data) + hdr->buf_len) {
+ ath11k_warn(ab, "invalid length in mgmt rx hdr ev");
+- kfree(tb);
+ return -EPROTO;
+ }
+
+@@ -5685,7 +5711,6 @@ static int ath11k_pull_mgmt_rx_params_tl
+
+ ath11k_ce_byte_swap(skb->data, hdr->buf_len);
+
+- kfree(tb);
+ return 0;
+ }
+
diff --git a/package/kernel/mac80211/patches/ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch b/package/kernel/mac80211/patches/ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch
new file mode 100644
index 0000000000..7b8a7d4543
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch
@@ -0,0 +1,43 @@
+From 756a7f90878f0866fd2fe167ef37e90b47326b96 Mon Sep 17 00:00:00 2001
+From: P Praneesh <quic_ppranees at quicinc.com>
+Date: Fri, 24 Mar 2023 16:57:01 +0200
+Subject: [PATCH] wifi: ath11k: fix writing to unintended memory region
+
+While initializing spectral, the magic value is getting written to the
+invalid memory address leading to random boot-up crash. This occurs
+due to the incorrect index increment in ath11k_dbring_fill_magic_value
+function. Fix it by replacing the existing logic with memset32 to ensure
+there is no invalid memory access.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.4.0.1-01838-QCAHKSWPL_SILICONZ-1
+
+Fixes: d3d358efc553 ("ath11k: add spectral/CFR buffer validation support")
+Signed-off-by: P Praneesh <quic_ppranees at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230321052900.16895-1-quic_ppranees@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dbring.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dbring.c
++++ b/drivers/net/wireless/ath/ath11k/dbring.c
+@@ -26,13 +26,13 @@ int ath11k_dbring_validate_buffer(struct
+ static void ath11k_dbring_fill_magic_value(struct ath11k *ar,
+ void *buffer, u32 size)
+ {
+- u32 *temp;
+- int idx;
++ /* memset32 function fills buffer payload with the ATH11K_DB_MAGIC_VALUE
++ * and the variable size is expected to be the number of u32 values
++ * to be stored, not the number of bytes.
++ */
++ size = size / sizeof(u32);
+
+- size = size >> 2;
+-
+- for (idx = 0, temp = buffer; idx < size; idx++, temp++)
+- *temp++ = ATH11K_DB_MAGIC_VALUE;
++ memset32(buffer, ATH11K_DB_MAGIC_VALUE, size);
+ }
+
+ static int ath11k_dbring_bufs_replenish(struct ath11k *ar,
diff --git a/package/kernel/mac80211/patches/ath11k/0054-wifi-ath11k-Send-11d-scan-start-before-WMI_START_SCA.patch b/package/kernel/mac80211/patches/ath11k/0054-wifi-ath11k-Send-11d-scan-start-before-WMI_START_SCA.patch
new file mode 100644
index 0000000000..0f8e637592
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0054-wifi-ath11k-Send-11d-scan-start-before-WMI_START_SCA.patch
@@ -0,0 +1,61 @@
+From e89a51aedf380bc60219dc9afa96c36507060fb3 Mon Sep 17 00:00:00 2001
+From: Manikanta Pubbisetty <quic_mpubbise at quicinc.com>
+Date: Wed, 15 Mar 2023 21:48:17 +0530
+Subject: [PATCH] wifi: ath11k: Send 11d scan start before WMI_START_SCAN_CMDID
+
+Firmwares advertising the support of triggering 11d algorithm on the
+scan results of a regular scan expects driver to send
+WMI_11D_SCAN_START_CMDID before sending WMI_START_SCAN_CMDID.
+Triggering 11d algorithm on the scan results of a normal scan helps
+in completely avoiding a separate 11d scan for determining regdomain.
+This indirectly helps in speeding up connections on station
+interfaces on the chipsets supporting 11D scan.
+
+To enable this feature, send WMI_11D_SCAN_START_CMDID just before
+sending WMI_START_SCAN_CMDID if the firmware advertises
+WMI_TLV_SERVICE_SUPPORT_11D_FOR_HOST_SCAN service flag.
+
+WCN6750 & WCN6855 supports this feature.
+
+Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-01160-QCAMSLSWPLZ-1
+Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.23
+
+Signed-off-by: Manikanta Pubbisetty <quic_mpubbise at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230315161817.29627-1-quic_mpubbise@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/mac.c | 12 ++++++++++++
+ drivers/net/wireless/ath/ath11k/wmi.h | 1 +
+ 2 files changed, 13 insertions(+)
+
+--- a/drivers/net/wireless/ath/ath11k/mac.c
++++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -3755,6 +3755,18 @@ static int ath11k_mac_op_hw_scan(struct
+ int i;
+ u32 scan_timeout;
+
++ /* Firmwares advertising the support of triggering 11D algorithm
++ * on the scan results of a regular scan expects driver to send
++ * WMI_11D_SCAN_START_CMDID before sending WMI_START_SCAN_CMDID.
++ * With this feature, separate 11D scan can be avoided since
++ * regdomain can be determined with the scan results of the
++ * regular scan.
++ */
++ if (ar->state_11d == ATH11K_11D_PREPARING &&
++ test_bit(WMI_TLV_SERVICE_SUPPORT_11D_FOR_HOST_SCAN,
++ ar->ab->wmi_ab.svc_map))
++ ath11k_mac_11d_scan_start(ar, arvif->vdev_id);
++
+ mutex_lock(&ar->conf_mutex);
+
+ spin_lock_bh(&ar->data_lock);
+--- a/drivers/net/wireless/ath/ath11k/wmi.h
++++ b/drivers/net/wireless/ath/ath11k/wmi.h
+@@ -2103,6 +2103,7 @@ enum wmi_tlv_service {
+ WMI_TLV_SERVICE_SCAN_CONFIG_PER_CHANNEL = 265,
+ WMI_TLV_SERVICE_REG_CC_EXT_EVENT_SUPPORT = 281,
+ WMI_TLV_SERVICE_BIOS_SAR_SUPPORT = 326,
++ WMI_TLV_SERVICE_SUPPORT_11D_FOR_HOST_SCAN = 357,
+
+ /* The third 128 bits */
+ WMI_MAX_EXT2_SERVICE = 384
diff --git a/package/kernel/mac80211/patches/ath11k/101-Fix-invalid-management-rx-frame-length-issue.patch b/package/kernel/mac80211/patches/ath11k/101-Fix-invalid-management-rx-frame-length-issue.patch
deleted file mode 100644
index 7b650a5342..0000000000
--- a/package/kernel/mac80211/patches/ath11k/101-Fix-invalid-management-rx-frame-length-issue.patch
+++ /dev/null
@@ -1,202 +0,0 @@
-From patchwork Mon Mar 20 13:38:40 2023
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: Nagarajan Maran <quic_nmaran at quicinc.com>
-X-Patchwork-Id: 13181272
-X-Patchwork-Delegate: kvalo at adurom.com
-Return-Path: <linux-wireless-owner at vger.kernel.org>
-X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
- aws-us-west-2-korg-lkml-1.web.codeaurora.org
-Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
- by smtp.lore.kernel.org (Postfix) with ESMTP id 6F899C6FD1D
- for <linux-wireless at archiver.kernel.org>;
- Mon, 20 Mar 2023 13:39:52 +0000 (UTC)
-Received: (majordomo at vger.kernel.org) by vger.kernel.org via listexpand
- id S231824AbjCTNjm (ORCPT
- <rfc822;linux-wireless at archiver.kernel.org>);
- Mon, 20 Mar 2023 09:39:42 -0400
-Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44860 "EHLO
- lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
- with ESMTP id S231795AbjCTNjT (ORCPT
- <rfc822;linux-wireless at vger.kernel.org>);
- Mon, 20 Mar 2023 09:39:19 -0400
-Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com
- [205.220.180.131])
- by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD4CC1A66C
- for <linux-wireless at vger.kernel.org>;
- Mon, 20 Mar 2023 06:39:10 -0700 (PDT)
-Received: from pps.filterd (m0279872.ppops.net [127.0.0.1])
- by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
- 32KBvFZ2004731;
- Mon, 20 Mar 2023 13:39:05 GMT
-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com;
- h=from : to : cc :
- subject : date : message-id : mime-version : content-type; s=qcppdkim1;
- bh=jMz2u2+gyjJJcj5tuRPYVv0di+sn1S5ni8sqhMu/9Kg=;
- b=BNz+KGi99iSZhDkes9KWF52w7CzSYjHOAYXTfBPlCQk7pM1ZZAIsxB8H3zGnapUkas/r
- 1FfSr/9GpQ+5F6LsOEhJ4KF4Us8wsGi/jZnw25FoCqH4jPqhHPQzcC4jaVzVtNdjiA/0
- PlEKhMhP6ULKuRkpbM7RDNigSEYSRmhgqbWkVUL69mwPEJi2oHbhQgxFGFO75Rmfk+Gt
- 8w4fd4JPJXA1PNOxL3X8nGYxxzxTsUvQi80R1Tm683dJg7fwBKlNOyD/BlmnrBGBeIqv
- CMVmf/KTnEUEFt7WWsvQInmEBZG+JH8TvwUAZ9ndRKqA4kCNXqS5+79KGzUuBP80f3yv ow==
-Received: from nalasppmta01.qualcomm.com (Global_NAT1.qualcomm.com
- [129.46.96.20])
- by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3pen6hrh12-1
- (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
- verify=NOT);
- Mon, 20 Mar 2023 13:39:05 +0000
-Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com
- [10.47.209.196])
- by NALASPPMTA01.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id
- 32KDd4H6010152
- (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
- verify=NOT);
- Mon, 20 Mar 2023 13:39:04 GMT
-Received: from nmaran-linux.qualcomm.com (10.80.80.8) by
- nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server
- (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
- 15.2.986.41; Mon, 20 Mar 2023 06:39:02 -0700
-From: Nagarajan Maran <quic_nmaran at quicinc.com>
-To: <ath11k at lists.infradead.org>
-CC: <linux-wireless at vger.kernel.org>,
- Bhagavathi Perumal S <quic_bperumal at quicinc.com>,
- Nagarajan Maran <quic_nmaran at quicinc.com>
-Subject: [PATCH] wifi: ath11k: Fix invalid management rx frame length issue
-Date: Mon, 20 Mar 2023 19:08:40 +0530
-Message-ID: <20230320133840.30162-1-quic_nmaran at quicinc.com>
-X-Mailer: git-send-email 2.17.1
-MIME-Version: 1.0
-X-Originating-IP: [10.80.80.8]
-X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To
- nalasex01a.na.qualcomm.com (10.47.209.196)
-X-QCInternal: smtphost
-X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800
- signatures=585085
-X-Proofpoint-ORIG-GUID: 8NkXcGNm6eXVpjTaeMT1e0VxZ9FeT59R
-X-Proofpoint-GUID: 8NkXcGNm6eXVpjTaeMT1e0VxZ9FeT59R
-X-Proofpoint-Virus-Version: vendor=baseguard
- engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22
- definitions=2023-03-20_09,2023-03-20_02,2023-02-09_01
-X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
- mlxlogscore=999
- malwarescore=0 priorityscore=1501 mlxscore=0 bulkscore=0 adultscore=0
- spamscore=0 impostorscore=0 phishscore=0 clxscore=1011 suspectscore=0
- lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1
- engine=8.12.0-2303150002 definitions=main-2303200115
-Precedence: bulk
-List-ID: <linux-wireless.vger.kernel.org>
-X-Mailing-List: linux-wireless at vger.kernel.org
-
-From: Bhagavathi Perumal S <quic_bperumal at quicinc.com>
-
-The WMI management rx event has multiple arrays of TLVs, however the common
-WMI TLV parser won't handle multiple TLV tags of same type.
-So the multiple array tags of WMI management rx TLV is parsed incorrectly
-and the length calculated becomes wrong when the target sends multiple
-array tags.
-
-Add separate TLV parser to handle multiple arrays for WMI management rx
-TLV. This fixes invalid length issue when the target sends multiple array
-tags.
-
-Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
-
-Signed-off-by: Bhagavathi Perumal S <quic_bperumal at quicinc.com>
-Co-developed-by: Nagarajan Maran <quic_nmaran at quicinc.com>
-Signed-off-by: Nagarajan Maran <quic_nmaran at quicinc.com>
----
- drivers/net/wireless/ath/ath11k/wmi.c | 45 +++++++++++++++++++++------
- 1 file changed, 35 insertions(+), 10 deletions(-)
-
-
-base-commit: 3df3715e556027e94246b2cb30986563362a65f4
-
---- a/drivers/net/wireless/ath/ath11k/wmi.c
-+++ b/drivers/net/wireless/ath/ath11k/wmi.c
-@@ -82,6 +82,12 @@ struct wmi_tlv_fw_stats_parse {
- bool chain_rssi_done;
- };
-
-+struct wmi_tlv_mgmt_rx_parse {
-+ const struct wmi_mgmt_rx_hdr *fixed;
-+ const u8 *frame_buf;
-+ bool frame_buf_done;
-+};
-+
- static const struct wmi_tlv_policy wmi_tlv_policies[] = {
- [WMI_TAG_ARRAY_BYTE]
- = { .min_len = 0 },
-@@ -5633,28 +5639,49 @@ static int ath11k_pull_vdev_stopped_para
- return 0;
- }
-
-+static int ath11k_wmi_tlv_mgmt_rx_parse(struct ath11k_base *ab,
-+ u16 tag, u16 len,
-+ const void *ptr, void *data)
-+{
-+ struct wmi_tlv_mgmt_rx_parse *parse = data;
-+
-+ switch (tag) {
-+ case WMI_TAG_MGMT_RX_HDR:
-+ parse->fixed = ptr;
-+ break;
-+ case WMI_TAG_ARRAY_BYTE:
-+ if (!parse->frame_buf_done) {
-+ parse->frame_buf = ptr;
-+ parse->frame_buf_done = true;
-+ }
-+ break;
-+ }
-+ return 0;
-+}
-+
- static int ath11k_pull_mgmt_rx_params_tlv(struct ath11k_base *ab,
- struct sk_buff *skb,
- struct mgmt_rx_event_params *hdr)
- {
-- const void **tb;
-+ struct wmi_tlv_mgmt_rx_parse parse = { };
- const struct wmi_mgmt_rx_hdr *ev;
- const u8 *frame;
- int ret;
-
-- tb = ath11k_wmi_tlv_parse_alloc(ab, skb->data, skb->len, GFP_ATOMIC);
-- if (IS_ERR(tb)) {
-- ret = PTR_ERR(tb);
-- ath11k_warn(ab, "failed to parse tlv: %d\n", ret);
-+ ret = ath11k_wmi_tlv_iter(ab, skb->data, skb->len,
-+ ath11k_wmi_tlv_mgmt_rx_parse,
-+ &parse);
-+ if (ret) {
-+ ath11k_warn(ab, "failed to parse mgmt rx tlv %d\n",
-+ ret);
- return ret;
- }
-
-- ev = tb[WMI_TAG_MGMT_RX_HDR];
-- frame = tb[WMI_TAG_ARRAY_BYTE];
-+ ev = parse.fixed;
-+ frame = parse.frame_buf;
-
- if (!ev || !frame) {
- ath11k_warn(ab, "failed to fetch mgmt rx hdr");
-- kfree(tb);
- return -EPROTO;
- }
-
-@@ -5673,7 +5700,6 @@ static int ath11k_pull_mgmt_rx_params_tl
-
- if (skb->len < (frame - skb->data) + hdr->buf_len) {
- ath11k_warn(ab, "invalid length in mgmt rx hdr ev");
-- kfree(tb);
- return -EPROTO;
- }
-
-@@ -5685,7 +5711,6 @@ static int ath11k_pull_mgmt_rx_params_tl
-
- ath11k_ce_byte_swap(skb->data, hdr->buf_len);
-
-- kfree(tb);
- return 0;
- }
-
diff --git a/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch b/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch
index 87cbcbe315..a93871eca5 100644
--- a/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch
+++ b/package/kernel/mac80211/patches/ath11k/903-ath11k-support-setting-FW-memory-mode-via-DT.patch
@@ -31,7 +31,7 @@ Signed-off-by: Robert Marko <robimarko at gmail.com>
{
.hw_rev = ATH11K_HW_IPQ8074,
.name = "ipq8074 hw2.0",
-@@ -1919,7 +1919,8 @@ static void ath11k_core_reset(struct wor
+@@ -1911,7 +1911,8 @@ static void ath11k_core_reset(struct wor
static int ath11k_init_hw_params(struct ath11k_base *ab)
{
const struct ath11k_hw_params *hw_params = NULL;
@@ -41,7 +41,7 @@ Signed-off-by: Robert Marko <robimarko at gmail.com>
for (i = 0; i < ARRAY_SIZE(ath11k_hw_params); i++) {
hw_params = &ath11k_hw_params[i];
-@@ -1935,7 +1936,30 @@ static int ath11k_init_hw_params(struct
+@@ -1927,7 +1928,30 @@ static int ath11k_init_hw_params(struct
ab->hw_params = *hw_params;
diff --git a/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch b/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch
index 61abb847d0..b5d9473597 100644
--- a/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch
+++ b/package/kernel/mac80211/patches/ath11k/904-wifi-ath11k-restore-160MHz-support.patch
@@ -16,7 +16,7 @@ Signed-off-by: Robert Marko <robimarko at gmail.com>
--- a/drivers/net/wireless/ath/ath11k/mac.c
+++ b/drivers/net/wireless/ath/ath11k/mac.c
-@@ -5552,10 +5552,6 @@ static int ath11k_mac_copy_he_cap(struct
+@@ -5585,10 +5585,6 @@ static int ath11k_mac_copy_he_cap(struct
he_cap_elem->mac_cap_info[1] &=
IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_MASK;
More information about the lede-commits
mailing list