[openwrt/openwrt] mac80211: ath11k: sync with ath-next
LEDE Commits
lede-commits at lists.infradead.org
Sat May 6 05:42:30 PDT 2023
ansuel pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/15abf8d18b9cbfe133c66b610bbaeecf50d3842e
commit 15abf8d18b9cbfe133c66b610bbaeecf50d3842e
Author: Robert Marko <robimarko at gmail.com>
AuthorDate: Fri May 5 19:30:15 2023 +0200
mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.
This replaces the 160MHz with the upstreamed one, fixes 6GHz only WIPHY
registration, allows SAR usage on WCN6750 and plenty of REO fixes.
Signed-off-by: Robert Marko <robimarko at gmail.com>
---
...-ath11k-Remove-redundant-pci_clear_master.patch | 58 +++++++++
...-Disable-Spectral-scan-upon-removing-inte.patch | 36 ++++++
...wifi-ath11k-enable-SAR-support-on-WCN6750.patch | 29 +++++
...h11k-pci-Add-more-MODULE_FIRMWARE-entries.patch | 36 ++++++
...-print-a-warning-when-crypto_alloc_shash-.patch | 34 +++++
...-Ignore-frags-from-uninitialized-peer-in-.patch | 104 +++++++++++++++
...k-fix-undefined-behavior-with-__fls-in-dp.patch | 29 +++++
...-fix-double-free-of-peer-rx_tid-during-re.patch | 144 +++++++++++++++++++++
...0063-wifi-ath11k-Prevent-REO-cmd-failures.patch | 43 ++++++
...-add-peer-mac-information-in-failure-case.patch | 74 +++++++++++
...-fix-tx-status-reporting-in-encap-offload.patch | 119 +++++++++++++++++
...k-Fix-incorrect-update-of-radiotap-fields.patch | 49 +++++++
...-Fix-SKB-corruption-in-REO-destination-ri.patch | 70 ++++++++++
...11k-Remove-disabling-of-80-80-and-160-MHz.patch | 49 +++++++
...-fix-registration-of-6Ghz-only-phy-withou.patch | 61 +++++++++
...11k-Remove-disabling-of-80-80-and-160-MHz.patch | 130 -------------------
16 files changed, 935 insertions(+), 130 deletions(-)
diff --git a/package/kernel/mac80211/patches/ath11k/0055-wifi-ath11k-Remove-redundant-pci_clear_master.patch b/package/kernel/mac80211/patches/ath11k/0055-wifi-ath11k-Remove-redundant-pci_clear_master.patch
new file mode 100644
index 0000000000..0439727e72
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0055-wifi-ath11k-Remove-redundant-pci_clear_master.patch
@@ -0,0 +1,58 @@
+From f812e2a9f85d6bea78957ccb5197e4491316848b Mon Sep 17 00:00:00 2001
+From: Cai Huoqing <cai.huoqing at linux.dev>
+Date: Thu, 23 Mar 2023 19:26:09 +0800
+Subject: [PATCH] wifi: ath11k: Remove redundant pci_clear_master
+
+Remove pci_clear_master to simplify the code,
+the bus-mastering is also cleared in do_pci_disable_device,
+like this:
+./drivers/pci/pci.c:2197
+static void do_pci_disable_device(struct pci_dev *dev)
+{
+ u16 pci_command;
+
+ pci_read_config_word(dev, PCI_COMMAND, &pci_command);
+ if (pci_command & PCI_COMMAND_MASTER) {
+ pci_command &= ~PCI_COMMAND_MASTER;
+ pci_write_config_word(dev, PCI_COMMAND, pci_command);
+ }
+
+ pcibios_disable_device(dev);
+}.
+And dev->is_busmaster is set to 0 in pci_disable_device.
+
+Signed-off-by: Cai Huoqing <cai.huoqing at linux.dev>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230323112613.7550-1-cai.huoqing@linux.dev
+---
+ drivers/net/wireless/ath/ath11k/pci.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/pci.c
++++ b/drivers/net/wireless/ath/ath11k/pci.c
+@@ -540,7 +540,7 @@ static int ath11k_pci_claim(struct ath11
+ if (!ab->mem) {
+ ath11k_err(ab, "failed to map pci bar %d\n", ATH11K_PCI_BAR_NUM);
+ ret = -EIO;
+- goto clear_master;
++ goto release_region;
+ }
+
+ ab->mem_ce = ab->mem;
+@@ -548,8 +548,6 @@ static int ath11k_pci_claim(struct ath11
+ ath11k_dbg(ab, ATH11K_DBG_BOOT, "boot pci_mem 0x%pK\n", ab->mem);
+ return 0;
+
+-clear_master:
+- pci_clear_master(pdev);
+ release_region:
+ pci_release_region(pdev, ATH11K_PCI_BAR_NUM);
+ disable_device:
+@@ -565,7 +563,6 @@ static void ath11k_pci_free_region(struc
+
+ pci_iounmap(pci_dev, ab->mem);
+ ab->mem = NULL;
+- pci_clear_master(pci_dev);
+ pci_release_region(pci_dev, ATH11K_PCI_BAR_NUM);
+ if (pci_is_enabled(pci_dev))
+ pci_disable_device(pci_dev);
diff --git a/package/kernel/mac80211/patches/ath11k/0056-wifi-ath11k-Disable-Spectral-scan-upon-removing-inte.patch b/package/kernel/mac80211/patches/ath11k/0056-wifi-ath11k-Disable-Spectral-scan-upon-removing-inte.patch
new file mode 100644
index 0000000000..44532a4d72
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0056-wifi-ath11k-Disable-Spectral-scan-upon-removing-inte.patch
@@ -0,0 +1,36 @@
+From 5c690db63b45c6c4c4932b13173af71df369dba5 Mon Sep 17 00:00:00 2001
+From: Tamizh Chelvam Raja <quic_tamizhr at quicinc.com>
+Date: Tue, 28 Mar 2023 12:41:50 +0530
+Subject: [PATCH] wifi: ath11k: Disable Spectral scan upon removing interface
+
+Host might receive spectral events during interface
+down sequence and this might create below errors.
+
+failed to handle dma buf release event -22
+failed to handle dma buf release event -22
+
+Fix this by disabling spectral config during remove interface.
+
+Tested-on: IPQ5018 hw1.0 AHB WLAN.HK.2.6.0.1-00861-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Tamizh Chelvam Raja <quic_tamizhr at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230328071150.29645-1-quic_tamizhr@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/mac.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/net/wireless/ath/ath11k/mac.c
++++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -6685,6 +6685,11 @@ static void ath11k_mac_op_remove_interfa
+ ath11k_dbg(ab, ATH11K_DBG_MAC, "mac remove interface (vdev %d)\n",
+ arvif->vdev_id);
+
++ ret = ath11k_spectral_vif_stop(arvif);
++ if (ret)
++ ath11k_warn(ab, "failed to stop spectral for vdev %i: %d\n",
++ arvif->vdev_id, ret);
++
+ if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
+ ath11k_mac_11d_scan_stop(ar);
+
diff --git a/package/kernel/mac80211/patches/ath11k/0057-wifi-ath11k-enable-SAR-support-on-WCN6750.patch b/package/kernel/mac80211/patches/ath11k/0057-wifi-ath11k-enable-SAR-support-on-WCN6750.patch
new file mode 100644
index 0000000000..5e64e552c1
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0057-wifi-ath11k-enable-SAR-support-on-WCN6750.patch
@@ -0,0 +1,29 @@
+From abf57d84973ce1abcb67504ac0df8aea1fe09a76 Mon Sep 17 00:00:00 2001
+From: Youghandhar Chintala <quic_youghand at quicinc.com>
+Date: Tue, 28 Mar 2023 17:04:55 +0530
+Subject: [PATCH] wifi: ath11k: enable SAR support on WCN6750
+
+Currently, SAR is enabled only on WCN6855, enable this for WCN6750 too. This
+functionality gets triggered, when the user space application calls
+NL80211_CMD_SET_SAR_SPECS.
+
+Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1
+
+Signed-off-by: Youghandhar Chintala <quic_youghand at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230328113455.11252-1-quic_youghand@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/core.c
++++ b/drivers/net/wireless/ath/ath11k/core.c
+@@ -593,7 +593,7 @@ static const struct ath11k_hw_params ath
+ .current_cc_support = true,
+ .dbr_debug_support = false,
+ .global_reset = false,
+- .bios_sar_capa = NULL,
++ .bios_sar_capa = &ath11k_hw_sar_capa_wcn6855,
+ .m3_fw_support = false,
+ .fixed_bdf_addr = false,
+ .fixed_mem_region = false,
diff --git a/package/kernel/mac80211/patches/ath11k/0058-wifi-ath11k-pci-Add-more-MODULE_FIRMWARE-entries.patch b/package/kernel/mac80211/patches/ath11k/0058-wifi-ath11k-pci-Add-more-MODULE_FIRMWARE-entries.patch
new file mode 100644
index 0000000000..585864eff2
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0058-wifi-ath11k-pci-Add-more-MODULE_FIRMWARE-entries.patch
@@ -0,0 +1,36 @@
+From 06c58473969239e00d76b683edd511952060ca56 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai at suse.de>
+Date: Thu, 30 Mar 2023 16:37:18 +0200
+Subject: [PATCH] wifi: ath11k: pci: Add more MODULE_FIRMWARE() entries
+
+As there are a few more models supported by the driver, let's add the
+missing MODULE_FIRMWARE() entries for them. The lack of them resulted
+in the missing device enablement on some systems, such as the
+installation image of openSUSE.
+
+While we are at it, use the wildcard instead of listing each firmware
+files individually for each.
+
+Signed-off-by: Takashi Iwai <tiwai at suse.de>
+Reviewed-by: Simon Horman <simon.horman at corigine.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230330143718.19511-1-tiwai@suse.de
+---
+ drivers/net/wireless/ath/ath11k/pci.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/pci.c
++++ b/drivers/net/wireless/ath/ath11k/pci.c
+@@ -1036,7 +1036,8 @@ module_exit(ath11k_pci_exit);
+ MODULE_DESCRIPTION("Driver support for Qualcomm Technologies 802.11ax WLAN PCIe devices");
+ MODULE_LICENSE("Dual BSD/GPL");
+
+-/* QCA639x 2.0 firmware files */
+-MODULE_FIRMWARE(ATH11K_FW_DIR "/QCA6390/hw2.0/" ATH11K_BOARD_API2_FILE);
+-MODULE_FIRMWARE(ATH11K_FW_DIR "/QCA6390/hw2.0/" ATH11K_AMSS_FILE);
+-MODULE_FIRMWARE(ATH11K_FW_DIR "/QCA6390/hw2.0/" ATH11K_M3_FILE);
++/* firmware files */
++MODULE_FIRMWARE(ATH11K_FW_DIR "/QCA6390/hw2.0/*");
++MODULE_FIRMWARE(ATH11K_FW_DIR "/QCN9074/hw1.0/*");
++MODULE_FIRMWARE(ATH11K_FW_DIR "/WCN6855/hw2.0/*");
++MODULE_FIRMWARE(ATH11K_FW_DIR "/WCN6855/hw2.1/*");
diff --git a/package/kernel/mac80211/patches/ath11k/0059-wifi-ath11k-print-a-warning-when-crypto_alloc_shash-.patch b/package/kernel/mac80211/patches/ath11k/0059-wifi-ath11k-print-a-warning-when-crypto_alloc_shash-.patch
new file mode 100644
index 0000000000..fab52a0fa7
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0059-wifi-ath11k-print-a-warning-when-crypto_alloc_shash-.patch
@@ -0,0 +1,34 @@
+From a87a9110ac0dcbfd9458b6665c141fa1c16a669d Mon Sep 17 00:00:00 2001
+From: Kalle Valo <quic_kvalo at quicinc.com>
+Date: Wed, 5 Apr 2023 12:04:25 +0300
+Subject: [PATCH] wifi: ath11k: print a warning when crypto_alloc_shash() fails
+
+Christoph reported that ath11k failed to initialise when michael_mic.ko
+module was not installed. To make it easier to notice that case print a
+warning when crypto_alloc_shash() fails.
+
+Compile tested only.
+
+Reported-by: Christoph Hellwig <hch at lst.de>
+Link: https://lore.kernel.org/all/20221130133016.GC3055@lst.de/
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230405090425.1351-1-kvalo@kernel.org
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -3106,8 +3106,11 @@ int ath11k_peer_rx_frag_setup(struct ath
+ int i;
+
+ tfm = crypto_alloc_shash("michael_mic", 0, 0);
+- if (IS_ERR(tfm))
++ if (IS_ERR(tfm)) {
++ ath11k_warn(ab, "failed to allocate michael_mic shash: %ld\n",
++ PTR_ERR(tfm));
+ return PTR_ERR(tfm);
++ }
+
+ spin_lock_bh(&ab->base_lock);
+
diff --git a/package/kernel/mac80211/patches/ath11k/0060-wifi-ath11k-Ignore-frags-from-uninitialized-peer-in-.patch b/package/kernel/mac80211/patches/ath11k/0060-wifi-ath11k-Ignore-frags-from-uninitialized-peer-in-.patch
new file mode 100644
index 0000000000..5bbf9e04a4
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0060-wifi-ath11k-Ignore-frags-from-uninitialized-peer-in-.patch
@@ -0,0 +1,104 @@
+From a06bfb3c9f69f303692cdae87bc0899d2ae8b2a6 Mon Sep 17 00:00:00 2001
+From: Harshitha Prem <quic_hprem at quicinc.com>
+Date: Tue, 4 Apr 2023 00:11:54 +0530
+Subject: [PATCH] wifi: ath11k: Ignore frags from uninitialized peer in dp.
+
+When max virtual ap interfaces are configured in all the bands with
+ACS and hostapd restart is done every 60s, a crash is observed at
+random times.
+In this certain scenario, a fragmented packet is received for
+self peer, for which rx_tid and rx_frags are not initialized in
+datapath. While handling this fragment, crash is observed as the
+rx_frag list is uninitialised and when we walk in
+ath11k_dp_rx_h_sort_frags, skb null leads to exception.
+
+To address this, before processing received fragments we check
+dp_setup_done flag is set to ensure that peer has completed its
+dp peer setup for fragment queue, else ignore processing the
+fragments.
+
+Call trace:
+ ath11k_dp_process_rx_err+0x550/0x1084 [ath11k]
+ ath11k_dp_service_srng+0x70/0x370 [ath11k]
+ 0xffffffc009693a04
+ __napi_poll+0x30/0xa4
+ net_rx_action+0x118/0x270
+ __do_softirq+0x10c/0x244
+ irq_exit+0x64/0xb4
+ __handle_domain_irq+0x88/0xac
+ gic_handle_irq+0x74/0xbc
+ el1_irq+0xf0/0x1c0
+ arch_cpu_idle+0x10/0x18
+ do_idle+0x104/0x248
+ cpu_startup_entry+0x20/0x64
+ rest_init+0xd0/0xdc
+ arch_call_rest_init+0xc/0x14
+ start_kernel+0x480/0x4b8
+ Code: f9400281 f94066a2 91405021 b94a0023 (f9406401)
+
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
+Signed-off-by: Nagarajan Maran <quic_nmaran at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403184155.8670-2-quic_nmaran@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp.c | 4 +++-
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 8 ++++++++
+ drivers/net/wireless/ath/ath11k/peer.h | 1 +
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp.c
++++ b/drivers/net/wireless/ath/ath11k/dp.c
+@@ -36,6 +36,7 @@ void ath11k_dp_peer_cleanup(struct ath11
+ }
+
+ ath11k_peer_rx_tid_cleanup(ar, peer);
++ peer->dp_setup_done = false;
+ crypto_free_shash(peer->tfm_mmic);
+ spin_unlock_bh(&ab->base_lock);
+ }
+@@ -72,7 +73,8 @@ int ath11k_dp_peer_setup(struct ath11k *
+ ret = ath11k_peer_rx_frag_setup(ar, addr, vdev_id);
+ if (ret) {
+ ath11k_warn(ab, "failed to setup rx defrag context\n");
+- return ret;
++ tid--;
++ goto peer_clean;
+ }
+
+ /* TODO: Setup other peer specific resource used in data path */
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -3130,6 +3130,7 @@ int ath11k_peer_rx_frag_setup(struct ath
+ }
+
+ peer->tfm_mmic = tfm;
++ peer->dp_setup_done = true;
+ spin_unlock_bh(&ab->base_lock);
+
+ return 0;
+@@ -3575,6 +3576,13 @@ static int ath11k_dp_rx_frag_h_mpdu(stru
+ ret = -ENOENT;
+ goto out_unlock;
+ }
++ if (!peer->dp_setup_done) {
++ ath11k_warn(ab, "The peer %pM [%d] has uninitialized datapath\n",
++ peer->addr, peer_id);
++ ret = -ENOENT;
++ goto out_unlock;
++ }
++
+ rx_tid = &peer->rx_tid[tid];
+
+ if ((!skb_queue_empty(&rx_tid->rx_frags) && seqno != rx_tid->cur_sn) ||
+--- a/drivers/net/wireless/ath/ath11k/peer.h
++++ b/drivers/net/wireless/ath/ath11k/peer.h
+@@ -35,6 +35,7 @@ struct ath11k_peer {
+ u16 sec_type;
+ u16 sec_type_grp;
+ bool is_authorized;
++ bool dp_setup_done;
+ };
+
+ void ath11k_peer_unmap_event(struct ath11k_base *ab, u16 peer_id);
diff --git a/package/kernel/mac80211/patches/ath11k/0061-wifi-ath11k-fix-undefined-behavior-with-__fls-in-dp.patch b/package/kernel/mac80211/patches/ath11k/0061-wifi-ath11k-fix-undefined-behavior-with-__fls-in-dp.patch
new file mode 100644
index 0000000000..d68c19f160
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0061-wifi-ath11k-fix-undefined-behavior-with-__fls-in-dp.patch
@@ -0,0 +1,29 @@
+From 41e02bf4ae32cf2ac47b08b4caaa9c1a032e4ce7 Mon Sep 17 00:00:00 2001
+From: Harshitha Prem <quic_hprem at quicinc.com>
+Date: Tue, 4 Apr 2023 00:11:55 +0530
+Subject: [PATCH] wifi: ath11k: fix undefined behavior with __fls in dp
+
+"__fls" would have an undefined behavior if the argument is passed
+as "0". Hence, added changes to handle the same.
+
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
+Signed-off-by: Nagarajan Maran <quic_nmaran at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403184155.8670-3-quic_nmaran@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -3598,7 +3598,7 @@ static int ath11k_dp_rx_frag_h_mpdu(stru
+ goto out_unlock;
+ }
+
+- if (frag_no > __fls(rx_tid->rx_frag_bitmap))
++ if (!rx_tid->rx_frag_bitmap || (frag_no > __fls(rx_tid->rx_frag_bitmap)))
+ __skb_queue_tail(&rx_tid->rx_frags, msdu);
+ else
+ ath11k_dp_rx_h_sort_frags(ar, &rx_tid->rx_frags, msdu);
diff --git a/package/kernel/mac80211/patches/ath11k/0062-wifi-ath11k-fix-double-free-of-peer-rx_tid-during-re.patch b/package/kernel/mac80211/patches/ath11k/0062-wifi-ath11k-fix-double-free-of-peer-rx_tid-during-re.patch
new file mode 100644
index 0000000000..dd37b1e4fa
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0062-wifi-ath11k-fix-double-free-of-peer-rx_tid-during-re.patch
@@ -0,0 +1,144 @@
+From 93a91f40c25c3d0e61f8540a7accf105090f9995 Mon Sep 17 00:00:00 2001
+From: Harshitha Prem <quic_hprem at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:00 +0300
+Subject: [PATCH] wifi: ath11k: fix double free of peer rx_tid during reo cmd
+ failure
+
+Peer rx_tid is locally copied thrice during peer_rx_tid_cleanup to
+send REO_CMD_UPDATE_RX_QUEUE followed by REO_CMD_FLUSH_CACHE to flush
+all aged REO descriptors from HW cache.
+
+When sending REO_CMD_FLUSH_CACHE fails, we do dma unmap of already
+mapped rx_tid->vaddr and free it. This is not checked during
+reo_cmd_list_cleanup() and dp_reo_cmd_free() before trying to free and
+unmap again.
+
+Fix this by setting rx_tid->vaddr NULL in rx tid delete and also
+wherever freeing it to check in reo_cmd_list_cleanup() and
+reo_cmd_free() before trying to free again.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Sathishkumar Muruganandam <quic_murugana at quicinc.com>
+Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403182420.23375-2-quic_hprem@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 43 ++++++++++++++++++-------
+ 1 file changed, 31 insertions(+), 12 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -668,13 +668,18 @@ void ath11k_dp_reo_cmd_list_cleanup(stru
+ struct ath11k_dp *dp = &ab->dp;
+ struct dp_reo_cmd *cmd, *tmp;
+ struct dp_reo_cache_flush_elem *cmd_cache, *tmp_cache;
++ struct dp_rx_tid *rx_tid;
+
+ spin_lock_bh(&dp->reo_cmd_lock);
+ list_for_each_entry_safe(cmd, tmp, &dp->reo_cmd_list, list) {
+ list_del(&cmd->list);
+- dma_unmap_single(ab->dev, cmd->data.paddr,
+- cmd->data.size, DMA_BIDIRECTIONAL);
+- kfree(cmd->data.vaddr);
++ rx_tid = &cmd->data;
++ if (rx_tid->vaddr) {
++ dma_unmap_single(ab->dev, rx_tid->paddr,
++ rx_tid->size, DMA_BIDIRECTIONAL);
++ kfree(rx_tid->vaddr);
++ rx_tid->vaddr = NULL;
++ }
+ kfree(cmd);
+ }
+
+@@ -682,9 +687,13 @@ void ath11k_dp_reo_cmd_list_cleanup(stru
+ &dp->reo_cmd_cache_flush_list, list) {
+ list_del(&cmd_cache->list);
+ dp->reo_cmd_cache_flush_count--;
+- dma_unmap_single(ab->dev, cmd_cache->data.paddr,
+- cmd_cache->data.size, DMA_BIDIRECTIONAL);
+- kfree(cmd_cache->data.vaddr);
++ rx_tid = &cmd_cache->data;
++ if (rx_tid->vaddr) {
++ dma_unmap_single(ab->dev, rx_tid->paddr,
++ rx_tid->size, DMA_BIDIRECTIONAL);
++ kfree(rx_tid->vaddr);
++ rx_tid->vaddr = NULL;
++ }
+ kfree(cmd_cache);
+ }
+ spin_unlock_bh(&dp->reo_cmd_lock);
+@@ -698,10 +707,12 @@ static void ath11k_dp_reo_cmd_free(struc
+ if (status != HAL_REO_CMD_SUCCESS)
+ ath11k_warn(dp->ab, "failed to flush rx tid hw desc, tid %d status %d\n",
+ rx_tid->tid, status);
+-
+- dma_unmap_single(dp->ab->dev, rx_tid->paddr, rx_tid->size,
+- DMA_BIDIRECTIONAL);
+- kfree(rx_tid->vaddr);
++ if (rx_tid->vaddr) {
++ dma_unmap_single(dp->ab->dev, rx_tid->paddr, rx_tid->size,
++ DMA_BIDIRECTIONAL);
++ kfree(rx_tid->vaddr);
++ rx_tid->vaddr = NULL;
++ }
+ }
+
+ static void ath11k_dp_reo_cache_flush(struct ath11k_base *ab,
+@@ -740,6 +751,7 @@ static void ath11k_dp_reo_cache_flush(st
+ dma_unmap_single(ab->dev, rx_tid->paddr, rx_tid->size,
+ DMA_BIDIRECTIONAL);
+ kfree(rx_tid->vaddr);
++ rx_tid->vaddr = NULL;
+ }
+ }
+
+@@ -792,6 +804,7 @@ free_desc:
+ dma_unmap_single(ab->dev, rx_tid->paddr, rx_tid->size,
+ DMA_BIDIRECTIONAL);
+ kfree(rx_tid->vaddr);
++ rx_tid->vaddr = NULL;
+ }
+
+ void ath11k_peer_rx_tid_delete(struct ath11k *ar,
+@@ -804,6 +817,8 @@ void ath11k_peer_rx_tid_delete(struct at
+ if (!rx_tid->active)
+ return;
+
++ rx_tid->active = false;
++
+ cmd.flag = HAL_REO_CMD_FLG_NEED_STATUS;
+ cmd.addr_lo = lower_32_bits(rx_tid->paddr);
+ cmd.addr_hi = upper_32_bits(rx_tid->paddr);
+@@ -818,9 +833,11 @@ void ath11k_peer_rx_tid_delete(struct at
+ dma_unmap_single(ar->ab->dev, rx_tid->paddr, rx_tid->size,
+ DMA_BIDIRECTIONAL);
+ kfree(rx_tid->vaddr);
++ rx_tid->vaddr = NULL;
+ }
+
+- rx_tid->active = false;
++ rx_tid->paddr = 0;
++ rx_tid->size = 0;
+ }
+
+ static int ath11k_dp_rx_link_desc_return(struct ath11k_base *ab,
+@@ -967,6 +984,7 @@ static void ath11k_dp_rx_tid_mem_free(st
+ dma_unmap_single(ab->dev, rx_tid->paddr, rx_tid->size,
+ DMA_BIDIRECTIONAL);
+ kfree(rx_tid->vaddr);
++ rx_tid->vaddr = NULL;
+
+ rx_tid->active = false;
+
+@@ -1067,7 +1085,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+ return ret;
+
+ err_mem_free:
+- kfree(vaddr);
++ kfree(rx_tid->vaddr);
++ rx_tid->vaddr = NULL;
+
+ return ret;
+ }
diff --git a/package/kernel/mac80211/patches/ath11k/0063-wifi-ath11k-Prevent-REO-cmd-failures.patch b/package/kernel/mac80211/patches/ath11k/0063-wifi-ath11k-Prevent-REO-cmd-failures.patch
new file mode 100644
index 0000000000..4b9af18062
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0063-wifi-ath11k-Prevent-REO-cmd-failures.patch
@@ -0,0 +1,43 @@
+From a8ae833657a45746debde85c38bb7f070d344026 Mon Sep 17 00:00:00 2001
+From: Harshitha Prem <quic_hprem at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:01 +0300
+Subject: [PATCH] wifi: ath11k: Prevent REO cmd failures
+
+Prevent REO cmd failures causing double free by increasing REO cmd
+ring size and moving REO status ring mask to IRQ group 3 from group
+0 to separate from tx completion ring on IRQ group 0 which may delay
+reo status processing.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Sathishkumar Muruganandam <quic_murugana at quicinc.com>
+Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403182420.23375-3-quic_hprem@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp.h | 2 +-
+ drivers/net/wireless/ath/ath11k/hw.c | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp.h
++++ b/drivers/net/wireless/ath/ath11k/dp.h
+@@ -214,7 +214,7 @@ struct ath11k_pdev_dp {
+ #define DP_REO_REINJECT_RING_SIZE 32
+ #define DP_RX_RELEASE_RING_SIZE 1024
+ #define DP_REO_EXCEPTION_RING_SIZE 128
+-#define DP_REO_CMD_RING_SIZE 128
++#define DP_REO_CMD_RING_SIZE 256
+ #define DP_REO_STATUS_RING_SIZE 2048
+ #define DP_RXDMA_BUF_RING_SIZE 4096
+ #define DP_RXDMA_REFILL_RING_SIZE 2048
+--- a/drivers/net/wireless/ath/ath11k/hw.c
++++ b/drivers/net/wireless/ath/ath11k/hw.c
+@@ -1233,6 +1233,7 @@ const struct ath11k_hw_ring_mask ath11k_
+ ATH11K_RX_WBM_REL_RING_MASK_0,
+ },
+ .reo_status = {
++ 0, 0, 0,
+ ATH11K_REO_STATUS_RING_MASK_0,
+ },
+ .rxdma2host = {
diff --git a/package/kernel/mac80211/patches/ath11k/0064-wifi-ath11k-add-peer-mac-information-in-failure-case.patch b/package/kernel/mac80211/patches/ath11k/0064-wifi-ath11k-add-peer-mac-information-in-failure-case.patch
new file mode 100644
index 0000000000..fbcbdfff71
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0064-wifi-ath11k-add-peer-mac-information-in-failure-case.patch
@@ -0,0 +1,74 @@
+From 20487cc3ff36bbfa9505f0a078ba98f09abfc717 Mon Sep 17 00:00:00 2001
+From: Harshitha Prem <quic_hprem at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:01 +0300
+Subject: [PATCH] wifi: ath11k: add peer mac information in failure cases
+
+During reo command failure, the peer mac detail for which the reo
+command was not successful is unknown. Hence, to improve the
+debuggability, add the peer mac information in the failure cases
+which would be useful during multi client cases.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Sathishkumar Muruganandam <quic_murugana at quicinc.com>
+Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403182420.23375-4-quic_hprem@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -1009,7 +1009,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+
+ peer = ath11k_peer_find(ab, vdev_id, peer_mac);
+ if (!peer) {
+- ath11k_warn(ab, "failed to find the peer to set up rx tid\n");
++ ath11k_warn(ab, "failed to find the peer %pM to set up rx tid\n",
++ peer_mac);
+ spin_unlock_bh(&ab->base_lock);
+ return -ENOENT;
+ }
+@@ -1022,7 +1023,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+ ba_win_sz, ssn, true);
+ spin_unlock_bh(&ab->base_lock);
+ if (ret) {
+- ath11k_warn(ab, "failed to update reo for rx tid %d\n", tid);
++ ath11k_warn(ab, "failed to update reo for peer %pM rx tid %d\n: %d",
++ peer_mac, tid, ret);
+ return ret;
+ }
+
+@@ -1030,8 +1032,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+ peer_mac, paddr,
+ tid, 1, ba_win_sz);
+ if (ret)
+- ath11k_warn(ab, "failed to send wmi command to update rx reorder queue, tid :%d (%d)\n",
+- tid, ret);
++ ath11k_warn(ab, "failed to send wmi rx reorder queue for peer %pM tid %d: %d\n",
++ peer_mac, tid, ret);
+ return ret;
+ }
+
+@@ -1064,6 +1066,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+ ret = dma_mapping_error(ab->dev, paddr);
+ if (ret) {
+ spin_unlock_bh(&ab->base_lock);
++ ath11k_warn(ab, "failed to setup dma map for peer %pM rx tid %d: %d\n",
++ peer_mac, tid, ret);
+ goto err_mem_free;
+ }
+
+@@ -1077,8 +1081,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+ ret = ath11k_wmi_peer_rx_reorder_queue_setup(ar, vdev_id, peer_mac,
+ paddr, tid, 1, ba_win_sz);
+ if (ret) {
+- ath11k_warn(ar->ab, "failed to setup rx reorder queue, tid :%d (%d)\n",
+- tid, ret);
++ ath11k_warn(ar->ab, "failed to setup rx reorder queue for peer %pM tid %d: %d\n",
++ peer_mac, tid, ret);
+ ath11k_dp_rx_tid_mem_free(ab, peer_mac, vdev_id, tid);
+ }
+
diff --git a/package/kernel/mac80211/patches/ath11k/0065-wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch b/package/kernel/mac80211/patches/ath11k/0065-wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch
new file mode 100644
index 0000000000..e2fe419158
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0065-wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch
@@ -0,0 +1,119 @@
+From 6257c702264c44d74c6b71f0c62a7665da2dc356 Mon Sep 17 00:00:00 2001
+From: Pradeep Kumar Chitrapu <quic_pradeepc at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:02 +0300
+Subject: [PATCH] wifi: ath11k: fix tx status reporting in encap offload mode
+
+ieee80211_tx_status() treats packets in 802.11 frame format and
+tries to extract sta address from packet header. When tx encap
+offload is enabled, this becomes invalid operation. Hence, switch
+to using ieee80211_tx_status_ext() after filling in station
+address for handling both 802.11 and 802.3 frames.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403195738.25367-2-quic_pradeepc@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp.h | 4 +++
+ drivers/net/wireless/ath/ath11k/dp_tx.c | 33 ++++++++++++++++++++++++-
+ drivers/net/wireless/ath/ath11k/dp_tx.h | 1 +
+ 3 files changed, 37 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp.h
++++ b/drivers/net/wireless/ath/ath11k/dp.h
+@@ -303,12 +303,16 @@ struct ath11k_dp {
+
+ #define HTT_TX_WBM_COMP_STATUS_OFFSET 8
+
++#define HTT_INVALID_PEER_ID 0xffff
++
+ /* HTT tx completion is overlaid in wbm_release_ring */
+ #define HTT_TX_WBM_COMP_INFO0_STATUS GENMASK(12, 9)
+ #define HTT_TX_WBM_COMP_INFO0_REINJECT_REASON GENMASK(16, 13)
+ #define HTT_TX_WBM_COMP_INFO0_REINJECT_REASON GENMASK(16, 13)
+
+ #define HTT_TX_WBM_COMP_INFO1_ACK_RSSI GENMASK(31, 24)
++#define HTT_TX_WBM_COMP_INFO2_SW_PEER_ID GENMASK(15, 0)
++#define HTT_TX_WBM_COMP_INFO2_VALID BIT(21)
+
+ struct htt_tx_wbm_completion {
+ u32 info0;
+--- a/drivers/net/wireless/ath/ath11k/dp_tx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_tx.c
+@@ -316,10 +316,12 @@ ath11k_dp_tx_htt_tx_complete_buf(struct
+ struct dp_tx_ring *tx_ring,
+ struct ath11k_dp_htt_wbm_tx_status *ts)
+ {
++ struct ieee80211_tx_status status = { 0 };
+ struct sk_buff *msdu;
+ struct ieee80211_tx_info *info;
+ struct ath11k_skb_cb *skb_cb;
+ struct ath11k *ar;
++ struct ath11k_peer *peer;
+
+ spin_lock(&tx_ring->tx_idr_lock);
+ msdu = idr_remove(&tx_ring->txbuf_idr, ts->msdu_id);
+@@ -341,6 +343,11 @@ ath11k_dp_tx_htt_tx_complete_buf(struct
+
+ dma_unmap_single(ab->dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);
+
++ if (!skb_cb->vif) {
++ dev_kfree_skb_any(msdu);
++ return;
++ }
++
+ memset(&info->status, 0, sizeof(info->status));
+
+ if (ts->acked) {
+@@ -355,7 +362,23 @@ ath11k_dp_tx_htt_tx_complete_buf(struct
+ }
+ }
+
+- ieee80211_tx_status(ar->hw, msdu);
++ spin_lock_bh(&ab->base_lock);
++ peer = ath11k_peer_find_by_id(ab, ts->peer_id);
++ if (!peer || !peer->sta) {
++ ath11k_dbg(ab, ATH11K_DBG_DATA,
++ "dp_tx: failed to find the peer with peer_id %d\n",
++ ts->peer_id);
++ spin_unlock_bh(&ab->base_lock);
++ dev_kfree_skb_any(msdu);
++ return;
++ }
++ spin_unlock_bh(&ab->base_lock);
++
++ status.sta = peer->sta;
++ status.info = info;
++ status.skb = msdu;
++
++ ieee80211_tx_status_ext(ar->hw, &status);
+ }
+
+ static void
+@@ -379,7 +402,15 @@ ath11k_dp_tx_process_htt_tx_complete(str
+ ts.msdu_id = msdu_id;
+ ts.ack_rssi = FIELD_GET(HTT_TX_WBM_COMP_INFO1_ACK_RSSI,
+ status_desc->info1);
++
++ if (FIELD_GET(HTT_TX_WBM_COMP_INFO2_VALID, status_desc->info2))
++ ts.peer_id = FIELD_GET(HTT_TX_WBM_COMP_INFO2_SW_PEER_ID,
++ status_desc->info2);
++ else
++ ts.peer_id = HTT_INVALID_PEER_ID;
++
+ ath11k_dp_tx_htt_tx_complete_buf(ab, tx_ring, &ts);
++
+ break;
+ case HAL_WBM_REL_HTT_TX_COMP_STATUS_REINJ:
+ case HAL_WBM_REL_HTT_TX_COMP_STATUS_INSPECT:
+--- a/drivers/net/wireless/ath/ath11k/dp_tx.h
++++ b/drivers/net/wireless/ath/ath11k/dp_tx.h
+@@ -13,6 +13,7 @@ struct ath11k_dp_htt_wbm_tx_status {
+ u32 msdu_id;
+ bool acked;
+ int ack_rssi;
++ u16 peer_id;
+ };
+
+ void ath11k_dp_tx_update_txcompl(struct ath11k *ar, struct hal_tx_status *ts);
diff --git a/package/kernel/mac80211/patches/ath11k/0066-wifi-ath11k-Fix-incorrect-update-of-radiotap-fields.patch b/package/kernel/mac80211/patches/ath11k/0066-wifi-ath11k-Fix-incorrect-update-of-radiotap-fields.patch
new file mode 100644
index 0000000000..4f94580100
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0066-wifi-ath11k-Fix-incorrect-update-of-radiotap-fields.patch
@@ -0,0 +1,49 @@
+From 2f0c9ac8362da09c80f1cd422ef7fd6fa9b252b9 Mon Sep 17 00:00:00 2001
+From: Pradeep Kumar Chitrapu <quic_pradeepc at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:02 +0300
+Subject: [PATCH] wifi: ath11k: Fix incorrect update of radiotap fields
+
+Fix incorrect update of ppdu stats causing incorrect radiotap
+fields.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403195738.25367-3-quic_pradeepc@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/hal_rx.c | 4 ++--
+ drivers/net/wireless/ath/ath11k/hal_rx.h | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/hal_rx.c
++++ b/drivers/net/wireless/ath/ath11k/hal_rx.c
+@@ -1029,7 +1029,7 @@ ath11k_hal_rx_parse_mon_status_tlv(struc
+ info1 = __le32_to_cpu(vht_sig->info1);
+
+ ppdu_info->ldpc = FIELD_GET(HAL_RX_VHT_SIG_A_INFO_INFO1_SU_MU_CODING,
+- info0);
++ info1);
+ ppdu_info->mcs = FIELD_GET(HAL_RX_VHT_SIG_A_INFO_INFO1_MCS,
+ info1);
+ gi_setting = FIELD_GET(HAL_RX_VHT_SIG_A_INFO_INFO1_GI_SETTING,
+@@ -1452,7 +1452,7 @@ ath11k_hal_rx_parse_mon_status_tlv(struc
+ * PHYRX_OTHER_RECEIVE_INFO TLV.
+ */
+ ppdu_info->rssi_comb =
+- FIELD_GET(HAL_RX_PHYRX_RSSI_LEGACY_INFO_INFO1_RSSI_COMB,
++ FIELD_GET(HAL_RX_PHYRX_RSSI_LEGACY_INFO_INFO0_RSSI_COMB,
+ __le32_to_cpu(rssi->info0));
+
+ if (db2dbm) {
+--- a/drivers/net/wireless/ath/ath11k/hal_rx.h
++++ b/drivers/net/wireless/ath/ath11k/hal_rx.h
+@@ -385,7 +385,7 @@ struct hal_rx_he_sig_b2_ofdma_info {
+ __le32 info0;
+ } __packed;
+
+-#define HAL_RX_PHYRX_RSSI_LEGACY_INFO_INFO1_RSSI_COMB GENMASK(15, 8)
++#define HAL_RX_PHYRX_RSSI_LEGACY_INFO_INFO0_RSSI_COMB GENMASK(15, 8)
+
+ #define HAL_RX_PHYRX_RSSI_PREAMBLE_PRI20 GENMASK(7, 0)
+
diff --git a/package/kernel/mac80211/patches/ath11k/0067-wifi-ath11k-Fix-SKB-corruption-in-REO-destination-ri.patch b/package/kernel/mac80211/patches/ath11k/0067-wifi-ath11k-Fix-SKB-corruption-in-REO-destination-ri.patch
new file mode 100644
index 0000000000..8b300f3a79
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0067-wifi-ath11k-Fix-SKB-corruption-in-REO-destination-ri.patch
@@ -0,0 +1,70 @@
+From f9fff67d2d7ca6fa8066132003a3deef654c55b1 Mon Sep 17 00:00:00 2001
+From: Nagarajan Maran <quic_nmaran at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:02 +0300
+Subject: [PATCH] wifi: ath11k: Fix SKB corruption in REO destination ring
+
+While running traffics for a long time, randomly an RX descriptor
+filled with value "0" from REO destination ring is received.
+This descriptor which is invalid causes the wrong SKB (SKB stored in
+the IDR lookup with buffer id "0") to be fetched which in turn
+causes SKB memory corruption issue and the same leads to crash
+after some time.
+
+Changed the start id for idr allocation to "1" and the buffer id "0"
+is reserved for error validation. Introduced Sanity check to validate
+the descriptor, before processing the SKB.
+
+Crash Signature :
+
+Unable to handle kernel paging request at virtual address 3f004900
+PC points to "b15_dma_inv_range+0x30/0x50"
+LR points to "dma_cache_maint_page+0x8c/0x128".
+The Backtrace obtained is as follows:
+[<8031716c>] (b15_dma_inv_range) from [<80313a4c>] (dma_cache_maint_page+0x8c/0x128)
+[<80313a4c>] (dma_cache_maint_page) from [<80313b90>] (__dma_page_dev_to_cpu+0x28/0xcc)
+[<80313b90>] (__dma_page_dev_to_cpu) from [<7fb5dd68>] (ath11k_dp_process_rx+0x1e8/0x4a4 [ath11k])
+[<7fb5dd68>] (ath11k_dp_process_rx [ath11k]) from [<7fb53c20>] (ath11k_dp_service_srng+0xb0/0x2ac [ath11k])
+[<7fb53c20>] (ath11k_dp_service_srng [ath11k]) from [<7f67bba4>] (ath11k_pci_ext_grp_napi_poll+0x1c/0x78 [ath11k_pci])
+[<7f67bba4>] (ath11k_pci_ext_grp_napi_poll [ath11k_pci]) from [<807d5cf4>] (__napi_poll+0x28/0xb8)
+[<807d5cf4>] (__napi_poll) from [<807d5f28>] (net_rx_action+0xf0/0x280)
+[<807d5f28>] (net_rx_action) from [<80302148>] (__do_softirq+0xd0/0x280)
+[<80302148>] (__do_softirq) from [<80320408>] (irq_exit+0x74/0xd4)
+[<80320408>] (irq_exit) from [<803638a4>] (__handle_domain_irq+0x90/0xb4)
+[<803638a4>] (__handle_domain_irq) from [<805bedec>] (gic_handle_irq+0x58/0x90)
+[<805bedec>] (gic_handle_irq) from [<80301a78>] (__irq_svc+0x58/0x8c)
+
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Nagarajan Maran <quic_nmaran at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403191533.28114-1-quic_nmaran@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -389,10 +389,10 @@ int ath11k_dp_rxbufs_replenish(struct at
+ goto fail_free_skb;
+
+ spin_lock_bh(&rx_ring->idr_lock);
+- buf_id = idr_alloc(&rx_ring->bufs_idr, skb, 0,
+- rx_ring->bufs_max * 3, GFP_ATOMIC);
++ buf_id = idr_alloc(&rx_ring->bufs_idr, skb, 1,
++ (rx_ring->bufs_max * 3) + 1, GFP_ATOMIC);
+ spin_unlock_bh(&rx_ring->idr_lock);
+- if (buf_id < 0)
++ if (buf_id <= 0)
+ goto fail_dma_unmap;
+
+ desc = ath11k_hal_srng_src_get_next_entry(ab, srng);
+@@ -2665,6 +2665,9 @@ try_again:
+ cookie);
+ mac_id = FIELD_GET(DP_RXDMA_BUF_COOKIE_PDEV_ID, cookie);
+
++ if (unlikely(buf_id == 0))
++ continue;
++
+ ar = ab->pdevs[mac_id].ar;
+ rx_ring = &ar->dp.rx_refill_buf_ring;
+ spin_lock_bh(&rx_ring->idr_lock);
diff --git a/package/kernel/mac80211/patches/ath11k/0068-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch b/package/kernel/mac80211/patches/ath11k/0068-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch
new file mode 100644
index 0000000000..ce5ffd273b
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0068-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch
@@ -0,0 +1,49 @@
+From b100722a777f6455d913666a376f81342b2cb995 Mon Sep 17 00:00:00 2001
+From: Muna Sinada <quic_msinada at quicinc.com>
+Date: Mon, 17 Apr 2023 13:22:27 -0700
+Subject: [PATCH] wifi: ath11k: Remove disabling of 80+80 and 160 MHz
+
+This is a regression fix for 80+80 and 160 MHz support bits being
+cleared, therefore not adverised. Remove disable of 80+80 and 160 MHz
+capability flags and assign valid center frequency 2 similar to
+VHT80_80.
+
+Fixes: 38dfe775d0ab ("wifi: ath11k: push MU-MIMO params from hostapd to hardware")
+Reported-by: Robert Marko <robert.marko at sartura.hr>
+Tested-by: Robert Marko <robert.marko at sartura.hr> # IPQ8074 WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=217299
+Co-developed-by: P Praneesh <quic_ppranees at quicinc.com>
+Signed-off-by: P Praneesh <quic_ppranees at quicinc.com>
+Signed-off-by: Muna Sinada <quic_msinada at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/1681762947-13882-1-git-send-email-quic_msinada@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/mac.c | 4 ----
+ drivers/net/wireless/ath/ath11k/wmi.c | 3 ++-
+ 2 files changed, 2 insertions(+), 5 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/mac.c
++++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -5585,10 +5585,6 @@ static int ath11k_mac_copy_he_cap(struct
+
+ he_cap_elem->mac_cap_info[1] &=
+ IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_MASK;
+- he_cap_elem->phy_cap_info[0] &=
+- ~IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
+- he_cap_elem->phy_cap_info[0] &=
+- ~IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G;
+
+ he_cap_elem->phy_cap_info[5] &=
+ ~IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK;
+--- a/drivers/net/wireless/ath/ath11k/wmi.c
++++ b/drivers/net/wireless/ath/ath11k/wmi.c
+@@ -871,7 +871,8 @@ static void ath11k_wmi_put_wmi_channel(s
+
+ chan->band_center_freq2 = arg->channel.band_center_freq1;
+
+- } else if (arg->channel.mode == MODE_11AC_VHT80_80) {
++ } else if ((arg->channel.mode == MODE_11AC_VHT80_80) ||
++ (arg->channel.mode == MODE_11AX_HE80_80)) {
+ chan->band_center_freq2 = arg->channel.band_center_freq2;
+ } else {
+ chan->band_center_freq2 = 0;
diff --git a/package/kernel/mac80211/patches/ath11k/0069-wifi-ath11k-fix-registration-of-6Ghz-only-phy-withou.patch b/package/kernel/mac80211/patches/ath11k/0069-wifi-ath11k-fix-registration-of-6Ghz-only-phy-withou.patch
new file mode 100644
index 0000000000..32468dbc4c
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0069-wifi-ath11k-fix-registration-of-6Ghz-only-phy-withou.patch
@@ -0,0 +1,61 @@
+From e2ceb1de2f83aafd8003f0b72dfd4b7441e97d14 Mon Sep 17 00:00:00 2001
+From: Maxime Bizon <mbizon at freebox.fr>
+Date: Fri, 21 Apr 2023 16:54:45 +0200
+Subject: [PATCH] wifi: ath11k: fix registration of 6Ghz-only phy without the
+ full channel range
+
+Because of what seems to be a typo, a 6Ghz-only phy for which the BDF
+does not allow the 7115Mhz channel will fail to register:
+
+ WARNING: CPU: 2 PID: 106 at net/wireless/core.c:907 wiphy_register+0x914/0x954
+ Modules linked in: ath11k_pci sbsa_gwdt
+ CPU: 2 PID: 106 Comm: kworker/u8:5 Not tainted 6.3.0-rc7-next-20230418-00549-g1e096a17625a-dirty #9
+ Hardware name: Freebox V7R Board (DT)
+ Workqueue: ath11k_qmi_driver_event ath11k_qmi_driver_event_work
+ pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+ pc : wiphy_register+0x914/0x954
+ lr : ieee80211_register_hw+0x67c/0xc10
+ sp : ffffff800b123aa0
+ x29: ffffff800b123aa0 x28: 0000000000000000 x27: 0000000000000000
+ x26: 0000000000000000 x25: 0000000000000006 x24: ffffffc008d51418
+ x23: ffffffc008cb0838 x22: ffffff80176c2460 x21: 0000000000000168
+ x20: ffffff80176c0000 x19: ffffff80176c03e0 x18: 0000000000000014
+ x17: 00000000cbef338c x16: 00000000d2a26f21 x15: 00000000ad6bb85f
+ x14: 0000000000000020 x13: 0000000000000020 x12: 00000000ffffffbd
+ x11: 0000000000000208 x10: 00000000fffffdf7 x9 : ffffffc009394718
+ x8 : ffffff80176c0528 x7 : 000000007fffffff x6 : 0000000000000006
+ x5 : 0000000000000005 x4 : ffffff800b304284 x3 : ffffff800b304284
+ x2 : ffffff800b304d98 x1 : 0000000000000000 x0 : 0000000000000000
+ Call trace:
+ wiphy_register+0x914/0x954
+ ieee80211_register_hw+0x67c/0xc10
+ ath11k_mac_register+0x7c4/0xe10
+ ath11k_core_qmi_firmware_ready+0x1f4/0x570
+ ath11k_qmi_driver_event_work+0x198/0x590
+ process_one_work+0x1b8/0x328
+ worker_thread+0x6c/0x414
+ kthread+0x100/0x104
+ ret_from_fork+0x10/0x20
+ ---[ end trace 0000000000000000 ]---
+ ath11k_pci 0002:01:00.0: ieee80211 registration failed: -22
+ ath11k_pci 0002:01:00.0: failed register the radio with mac80211: -22
+ ath11k_pci 0002:01:00.0: failed to create pdev core: -22
+
+Signed-off-by: Maxime Bizon <mbizon at freebox.fr>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230421145445.2612280-1-mbizon@freebox.fr
+---
+ drivers/net/wireless/ath/ath11k/mac.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/mac.c
++++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -8892,7 +8892,7 @@ static int ath11k_mac_setup_channels_rat
+ }
+
+ if (supported_bands & WMI_HOST_WLAN_5G_CAP) {
+- if (reg_cap->high_5ghz_chan >= ATH11K_MAX_6G_FREQ) {
++ if (reg_cap->high_5ghz_chan >= ATH11K_MIN_6G_FREQ) {
+ channels = kmemdup(ath11k_6ghz_channels,
+ sizeof(ath11k_6ghz_channels), GFP_KERNEL);
+ if (!channels) {
diff --git a/package/kernel/mac80211/patches/ath11k/101-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch b/package/kernel/mac80211/patches/ath11k/101-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch
deleted file mode 100644
index 6fcd76b1a7..0000000000
--- a/package/kernel/mac80211/patches/ath11k/101-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-From patchwork Mon Apr 17 20:22:27 2023
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: Muna Sinada <quic_msinada at quicinc.com>
-X-Patchwork-Id: 13214540
-X-Patchwork-Delegate: kvalo at adurom.com
-Return-Path: <linux-wireless-owner at vger.kernel.org>
-X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
- aws-us-west-2-korg-lkml-1.web.codeaurora.org
-Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
- by smtp.lore.kernel.org (Postfix) with ESMTP id 8C359C77B76
- for <linux-wireless at archiver.kernel.org>;
- Mon, 17 Apr 2023 20:26:40 +0000 (UTC)
-Received: (majordomo at vger.kernel.org) by vger.kernel.org via listexpand
- id S230070AbjDQU0j (ORCPT
- <rfc822;linux-wireless at archiver.kernel.org>);
- Mon, 17 Apr 2023 16:26:39 -0400
-Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53306 "EHLO
- lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
- with ESMTP id S229914AbjDQU0h (ORCPT
- <rfc822;linux-wireless at vger.kernel.org>);
- Mon, 17 Apr 2023 16:26:37 -0400
-Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com
- [205.220.180.131])
- by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67CE24C33
- for <linux-wireless at vger.kernel.org>;
- Mon, 17 Apr 2023 13:26:24 -0700 (PDT)
-Received: from pps.filterd (m0279873.ppops.net [127.0.0.1])
- by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
- 33HIsf5q010173;
- Mon, 17 Apr 2023 20:22:47 GMT
-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com;
- h=from : to : cc :
- subject : date : message-id : mime-version : content-type; s=qcppdkim1;
- bh=FGtbeAR6pG0KxyEKVLIRzkq1RXlKfaVfRT1iixzMcII=;
- b=jSdZBeFj4RAdCiUPrL/F9n+ufnpxT1pJNfZuA0tfEnUf54SCGUuHT5LtRdojYVh31YSS
- aAGDRFvl7tIKqq/c6h4tm7SDdlhWF+MU3sH1YJNrwDeMAUZD+RnviJjo+GfgnEtp9+z7
- PA75vGkpKiuMh6M8QFYB+/XxrJmx/XJBNESfMdAjBuMXnQf4S2yJ/IMwSxPkYKMU3lC6
- DNnUAcgC/8wawYt8T1d8gKWq5CgWls4i1quveZghsbGUuL01i7SRXdKVianDJJsHEa0G
- /brUp6LMMeJUgEI8wBfFAtcknzN0ADMVEqsJr+AHvQXnb1iHZyafl6BAeupXNS+Yi+fJ sw==
-Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com
- [129.46.96.20])
- by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3q171gh1hb-1
- (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
- verify=NOT);
- Mon, 17 Apr 2023 20:22:47 +0000
-Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com
- [10.47.209.196])
- by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id
- 33HKMjHs007640
- (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
- verify=NOT);
- Mon, 17 Apr 2023 20:22:46 GMT
-Received: from msinada-linux.qualcomm.com (10.80.80.8) by
- nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server
- (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
- 15.2.986.42; Mon, 17 Apr 2023 13:22:44 -0700
-From: Muna Sinada <quic_msinada at quicinc.com>
-To: <ath11k at lists.infradead.org>
-CC: <linux-wireless at vger.kernel.org>,
- Muna Sinada <quic_msinada at quicinc.com>,
- P Praneesh <quic_ppranees at quicinc.com>
-Subject: [PATCH] wifi: ath11k: Remove disabling of 80+80 and 160 MHz
-Date: Mon, 17 Apr 2023 13:22:27 -0700
-Message-ID: <1681762947-13882-1-git-send-email-quic_msinada at quicinc.com>
-X-Mailer: git-send-email 2.7.4
-MIME-Version: 1.0
-X-Originating-IP: [10.80.80.8]
-X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To
- nalasex01a.na.qualcomm.com (10.47.209.196)
-X-QCInternal: smtphost
-X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800
- signatures=585085
-X-Proofpoint-GUID: wqGG1zw0KpXNYk_yFYb16HwLWt9V-6o4
-X-Proofpoint-ORIG-GUID: wqGG1zw0KpXNYk_yFYb16HwLWt9V-6o4
-X-Proofpoint-Virus-Version: vendor=baseguard
- engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22
- definitions=2023-04-17_13,2023-04-17_01,2023-02-09_01
-X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
- priorityscore=1501 mlxscore=0
- mlxlogscore=796 suspectscore=0 impostorscore=0 bulkscore=0 spamscore=0
- clxscore=1015 phishscore=0 lowpriorityscore=0 malwarescore=0 adultscore=0
- classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000
- definitions=main-2304170181
-Precedence: bulk
-List-ID: <linux-wireless.vger.kernel.org>
-X-Mailing-List: linux-wireless at vger.kernel.org
-
-This is a regression fix for 80+80 and 160 MHz support bits being
-cleared, therefore not adverised. Remove disable of 80+80 and 160 MHz
-capability flags and assign valid center frequency 2 similar to
-VHT80_80.
-
-Fixes: 38dfe775d0ab ("wifi: ath11k: push MU-MIMO params from hostapd to hardware")
-Reported-by: Robert Marko <robert.marko at sartura.hr>
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=217299
-Co-developed-by: P Praneesh <quic_ppranees at quicinc.com>
-Signed-off-by: P Praneesh <quic_ppranees at quicinc.com>
-Signed-off-by: Muna Sinada <quic_msinada at quicinc.com>
----
- drivers/net/wireless/ath/ath11k/mac.c | 4 ----
- drivers/net/wireless/ath/ath11k/wmi.c | 3 ++-
- 2 files changed, 2 insertions(+), 5 deletions(-)
-
---- a/drivers/net/wireless/ath/ath11k/mac.c
-+++ b/drivers/net/wireless/ath/ath11k/mac.c
-@@ -5585,10 +5585,6 @@ static int ath11k_mac_copy_he_cap(struct
-
- he_cap_elem->mac_cap_info[1] &=
- IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_MASK;
-- he_cap_elem->phy_cap_info[0] &=
-- ~IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
-- he_cap_elem->phy_cap_info[0] &=
-- ~IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G;
-
- he_cap_elem->phy_cap_info[5] &=
- ~IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK;
---- a/drivers/net/wireless/ath/ath11k/wmi.c
-+++ b/drivers/net/wireless/ath/ath11k/wmi.c
-@@ -871,7 +871,8 @@ static void ath11k_wmi_put_wmi_channel(s
-
- chan->band_center_freq2 = arg->channel.band_center_freq1;
-
-- } else if (arg->channel.mode == MODE_11AC_VHT80_80) {
-+ } else if ((arg->channel.mode == MODE_11AC_VHT80_80) ||
-+ (arg->channel.mode == MODE_11AX_HE80_80)) {
- chan->band_center_freq2 = arg->channel.band_center_freq2;
- } else {
- chan->band_center_freq2 = 0;
More information about the lede-commits
mailing list