[openwrt/openwrt] mac80211: ath11k: sync with ath-next

LEDE Commits lede-commits at lists.infradead.org
Sat May 6 05:42:30 PDT 2023


ansuel pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/15abf8d18b9cbfe133c66b610bbaeecf50d3842e

commit 15abf8d18b9cbfe133c66b610bbaeecf50d3842e
Author: Robert Marko <robimarko at gmail.com>
AuthorDate: Fri May 5 19:30:15 2023 +0200

    mac80211: ath11k: sync with ath-next
    
    Synchronize the ath11k backports with the current ath-next tree.
    
    This replaces the 160MHz with the upstreamed one, fixes 6GHz only WIPHY
    registration, allows SAR usage on WCN6750 and plenty of REO fixes.
    
    Signed-off-by: Robert Marko <robimarko at gmail.com>
---
 ...-ath11k-Remove-redundant-pci_clear_master.patch |  58 +++++++++
 ...-Disable-Spectral-scan-upon-removing-inte.patch |  36 ++++++
 ...wifi-ath11k-enable-SAR-support-on-WCN6750.patch |  29 +++++
 ...h11k-pci-Add-more-MODULE_FIRMWARE-entries.patch |  36 ++++++
 ...-print-a-warning-when-crypto_alloc_shash-.patch |  34 +++++
 ...-Ignore-frags-from-uninitialized-peer-in-.patch | 104 +++++++++++++++
 ...k-fix-undefined-behavior-with-__fls-in-dp.patch |  29 +++++
 ...-fix-double-free-of-peer-rx_tid-during-re.patch | 144 +++++++++++++++++++++
 ...0063-wifi-ath11k-Prevent-REO-cmd-failures.patch |  43 ++++++
 ...-add-peer-mac-information-in-failure-case.patch |  74 +++++++++++
 ...-fix-tx-status-reporting-in-encap-offload.patch | 119 +++++++++++++++++
 ...k-Fix-incorrect-update-of-radiotap-fields.patch |  49 +++++++
 ...-Fix-SKB-corruption-in-REO-destination-ri.patch |  70 ++++++++++
 ...11k-Remove-disabling-of-80-80-and-160-MHz.patch |  49 +++++++
 ...-fix-registration-of-6Ghz-only-phy-withou.patch |  61 +++++++++
 ...11k-Remove-disabling-of-80-80-and-160-MHz.patch | 130 -------------------
 16 files changed, 935 insertions(+), 130 deletions(-)

diff --git a/package/kernel/mac80211/patches/ath11k/0055-wifi-ath11k-Remove-redundant-pci_clear_master.patch b/package/kernel/mac80211/patches/ath11k/0055-wifi-ath11k-Remove-redundant-pci_clear_master.patch
new file mode 100644
index 0000000000..0439727e72
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0055-wifi-ath11k-Remove-redundant-pci_clear_master.patch
@@ -0,0 +1,58 @@
+From f812e2a9f85d6bea78957ccb5197e4491316848b Mon Sep 17 00:00:00 2001
+From: Cai Huoqing <cai.huoqing at linux.dev>
+Date: Thu, 23 Mar 2023 19:26:09 +0800
+Subject: [PATCH] wifi: ath11k: Remove redundant pci_clear_master
+
+Remove pci_clear_master to simplify the code,
+the bus-mastering is also cleared in do_pci_disable_device,
+like this:
+./drivers/pci/pci.c:2197
+static void do_pci_disable_device(struct pci_dev *dev)
+{
+	u16 pci_command;
+
+	pci_read_config_word(dev, PCI_COMMAND, &pci_command);
+	if (pci_command & PCI_COMMAND_MASTER) {
+		pci_command &= ~PCI_COMMAND_MASTER;
+		pci_write_config_word(dev, PCI_COMMAND, pci_command);
+	}
+
+	pcibios_disable_device(dev);
+}.
+And dev->is_busmaster is set to 0 in pci_disable_device.
+
+Signed-off-by: Cai Huoqing <cai.huoqing at linux.dev>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230323112613.7550-1-cai.huoqing@linux.dev
+---
+ drivers/net/wireless/ath/ath11k/pci.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/pci.c
++++ b/drivers/net/wireless/ath/ath11k/pci.c
+@@ -540,7 +540,7 @@ static int ath11k_pci_claim(struct ath11
+ 	if (!ab->mem) {
+ 		ath11k_err(ab, "failed to map pci bar %d\n", ATH11K_PCI_BAR_NUM);
+ 		ret = -EIO;
+-		goto clear_master;
++		goto release_region;
+ 	}
+ 
+ 	ab->mem_ce = ab->mem;
+@@ -548,8 +548,6 @@ static int ath11k_pci_claim(struct ath11
+ 	ath11k_dbg(ab, ATH11K_DBG_BOOT, "boot pci_mem 0x%pK\n", ab->mem);
+ 	return 0;
+ 
+-clear_master:
+-	pci_clear_master(pdev);
+ release_region:
+ 	pci_release_region(pdev, ATH11K_PCI_BAR_NUM);
+ disable_device:
+@@ -565,7 +563,6 @@ static void ath11k_pci_free_region(struc
+ 
+ 	pci_iounmap(pci_dev, ab->mem);
+ 	ab->mem = NULL;
+-	pci_clear_master(pci_dev);
+ 	pci_release_region(pci_dev, ATH11K_PCI_BAR_NUM);
+ 	if (pci_is_enabled(pci_dev))
+ 		pci_disable_device(pci_dev);
diff --git a/package/kernel/mac80211/patches/ath11k/0056-wifi-ath11k-Disable-Spectral-scan-upon-removing-inte.patch b/package/kernel/mac80211/patches/ath11k/0056-wifi-ath11k-Disable-Spectral-scan-upon-removing-inte.patch
new file mode 100644
index 0000000000..44532a4d72
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0056-wifi-ath11k-Disable-Spectral-scan-upon-removing-inte.patch
@@ -0,0 +1,36 @@
+From 5c690db63b45c6c4c4932b13173af71df369dba5 Mon Sep 17 00:00:00 2001
+From: Tamizh Chelvam Raja <quic_tamizhr at quicinc.com>
+Date: Tue, 28 Mar 2023 12:41:50 +0530
+Subject: [PATCH] wifi: ath11k: Disable Spectral scan upon removing interface
+
+Host might receive spectral events during interface
+down sequence and this might create below errors.
+
+failed to handle dma buf release event -22
+failed to handle dma buf release event -22
+
+Fix this by disabling spectral config during remove interface.
+
+Tested-on: IPQ5018 hw1.0 AHB WLAN.HK.2.6.0.1-00861-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Tamizh Chelvam Raja <quic_tamizhr at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230328071150.29645-1-quic_tamizhr@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/mac.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/net/wireless/ath/ath11k/mac.c
++++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -6685,6 +6685,11 @@ static void ath11k_mac_op_remove_interfa
+ 	ath11k_dbg(ab, ATH11K_DBG_MAC, "mac remove interface (vdev %d)\n",
+ 		   arvif->vdev_id);
+ 
++	ret = ath11k_spectral_vif_stop(arvif);
++	if (ret)
++		ath11k_warn(ab, "failed to stop spectral for vdev %i: %d\n",
++			    arvif->vdev_id, ret);
++
+ 	if (arvif->vdev_type == WMI_VDEV_TYPE_STA)
+ 		ath11k_mac_11d_scan_stop(ar);
+ 
diff --git a/package/kernel/mac80211/patches/ath11k/0057-wifi-ath11k-enable-SAR-support-on-WCN6750.patch b/package/kernel/mac80211/patches/ath11k/0057-wifi-ath11k-enable-SAR-support-on-WCN6750.patch
new file mode 100644
index 0000000000..5e64e552c1
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0057-wifi-ath11k-enable-SAR-support-on-WCN6750.patch
@@ -0,0 +1,29 @@
+From abf57d84973ce1abcb67504ac0df8aea1fe09a76 Mon Sep 17 00:00:00 2001
+From: Youghandhar Chintala <quic_youghand at quicinc.com>
+Date: Tue, 28 Mar 2023 17:04:55 +0530
+Subject: [PATCH] wifi: ath11k: enable SAR support on WCN6750
+
+Currently, SAR is enabled only on WCN6855, enable this for WCN6750 too. This
+functionality gets triggered, when the user space application calls
+NL80211_CMD_SET_SAR_SPECS.
+
+Tested-on: WCN6750 hw1.0 AHB WLAN.MSL.1.0.1-00887-QCAMSLSWPLZ-1
+
+Signed-off-by: Youghandhar Chintala <quic_youghand at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230328113455.11252-1-quic_youghand@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/core.c
++++ b/drivers/net/wireless/ath/ath11k/core.c
+@@ -593,7 +593,7 @@ static const struct ath11k_hw_params ath
+ 		.current_cc_support = true,
+ 		.dbr_debug_support = false,
+ 		.global_reset = false,
+-		.bios_sar_capa = NULL,
++		.bios_sar_capa = &ath11k_hw_sar_capa_wcn6855,
+ 		.m3_fw_support = false,
+ 		.fixed_bdf_addr = false,
+ 		.fixed_mem_region = false,
diff --git a/package/kernel/mac80211/patches/ath11k/0058-wifi-ath11k-pci-Add-more-MODULE_FIRMWARE-entries.patch b/package/kernel/mac80211/patches/ath11k/0058-wifi-ath11k-pci-Add-more-MODULE_FIRMWARE-entries.patch
new file mode 100644
index 0000000000..585864eff2
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0058-wifi-ath11k-pci-Add-more-MODULE_FIRMWARE-entries.patch
@@ -0,0 +1,36 @@
+From 06c58473969239e00d76b683edd511952060ca56 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai at suse.de>
+Date: Thu, 30 Mar 2023 16:37:18 +0200
+Subject: [PATCH] wifi: ath11k: pci: Add more MODULE_FIRMWARE() entries
+
+As there are a few more models supported by the driver, let's add the
+missing MODULE_FIRMWARE() entries for them.  The lack of them resulted
+in the missing device enablement on some systems, such as the
+installation image of openSUSE.
+
+While we are at it, use the wildcard instead of listing each firmware
+files individually for each.
+
+Signed-off-by: Takashi Iwai <tiwai at suse.de>
+Reviewed-by: Simon Horman <simon.horman at corigine.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230330143718.19511-1-tiwai@suse.de
+---
+ drivers/net/wireless/ath/ath11k/pci.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/pci.c
++++ b/drivers/net/wireless/ath/ath11k/pci.c
+@@ -1036,7 +1036,8 @@ module_exit(ath11k_pci_exit);
+ MODULE_DESCRIPTION("Driver support for Qualcomm Technologies 802.11ax WLAN PCIe devices");
+ MODULE_LICENSE("Dual BSD/GPL");
+ 
+-/* QCA639x 2.0 firmware files */
+-MODULE_FIRMWARE(ATH11K_FW_DIR "/QCA6390/hw2.0/" ATH11K_BOARD_API2_FILE);
+-MODULE_FIRMWARE(ATH11K_FW_DIR "/QCA6390/hw2.0/" ATH11K_AMSS_FILE);
+-MODULE_FIRMWARE(ATH11K_FW_DIR "/QCA6390/hw2.0/" ATH11K_M3_FILE);
++/* firmware files */
++MODULE_FIRMWARE(ATH11K_FW_DIR "/QCA6390/hw2.0/*");
++MODULE_FIRMWARE(ATH11K_FW_DIR "/QCN9074/hw1.0/*");
++MODULE_FIRMWARE(ATH11K_FW_DIR "/WCN6855/hw2.0/*");
++MODULE_FIRMWARE(ATH11K_FW_DIR "/WCN6855/hw2.1/*");
diff --git a/package/kernel/mac80211/patches/ath11k/0059-wifi-ath11k-print-a-warning-when-crypto_alloc_shash-.patch b/package/kernel/mac80211/patches/ath11k/0059-wifi-ath11k-print-a-warning-when-crypto_alloc_shash-.patch
new file mode 100644
index 0000000000..fab52a0fa7
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0059-wifi-ath11k-print-a-warning-when-crypto_alloc_shash-.patch
@@ -0,0 +1,34 @@
+From a87a9110ac0dcbfd9458b6665c141fa1c16a669d Mon Sep 17 00:00:00 2001
+From: Kalle Valo <quic_kvalo at quicinc.com>
+Date: Wed, 5 Apr 2023 12:04:25 +0300
+Subject: [PATCH] wifi: ath11k: print a warning when crypto_alloc_shash() fails
+
+Christoph reported that ath11k failed to initialise when michael_mic.ko
+module was not installed. To make it easier to notice that case print a
+warning when crypto_alloc_shash() fails.
+
+Compile tested only.
+
+Reported-by: Christoph Hellwig <hch at lst.de>
+Link: https://lore.kernel.org/all/20221130133016.GC3055@lst.de/
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230405090425.1351-1-kvalo@kernel.org
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -3106,8 +3106,11 @@ int ath11k_peer_rx_frag_setup(struct ath
+ 	int i;
+ 
+ 	tfm = crypto_alloc_shash("michael_mic", 0, 0);
+-	if (IS_ERR(tfm))
++	if (IS_ERR(tfm)) {
++		ath11k_warn(ab, "failed to allocate michael_mic shash: %ld\n",
++			    PTR_ERR(tfm));
+ 		return PTR_ERR(tfm);
++	}
+ 
+ 	spin_lock_bh(&ab->base_lock);
+ 
diff --git a/package/kernel/mac80211/patches/ath11k/0060-wifi-ath11k-Ignore-frags-from-uninitialized-peer-in-.patch b/package/kernel/mac80211/patches/ath11k/0060-wifi-ath11k-Ignore-frags-from-uninitialized-peer-in-.patch
new file mode 100644
index 0000000000..5bbf9e04a4
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0060-wifi-ath11k-Ignore-frags-from-uninitialized-peer-in-.patch
@@ -0,0 +1,104 @@
+From a06bfb3c9f69f303692cdae87bc0899d2ae8b2a6 Mon Sep 17 00:00:00 2001
+From: Harshitha Prem <quic_hprem at quicinc.com>
+Date: Tue, 4 Apr 2023 00:11:54 +0530
+Subject: [PATCH] wifi: ath11k: Ignore frags from uninitialized peer in dp.
+
+When max virtual ap interfaces are configured in all the bands with
+ACS and hostapd restart is done every 60s, a crash is observed at
+random times.
+In this certain scenario, a fragmented packet is received for
+self peer, for which rx_tid and rx_frags are not initialized in
+datapath. While handling this fragment, crash is observed as the
+rx_frag list is uninitialised and when we walk in
+ath11k_dp_rx_h_sort_frags, skb null leads to exception.
+
+To address this, before processing received fragments we check
+dp_setup_done flag is set to ensure that peer has completed its
+dp peer setup for fragment queue, else ignore processing the
+fragments.
+
+Call trace:
+  ath11k_dp_process_rx_err+0x550/0x1084 [ath11k]
+  ath11k_dp_service_srng+0x70/0x370 [ath11k]
+  0xffffffc009693a04
+  __napi_poll+0x30/0xa4
+  net_rx_action+0x118/0x270
+  __do_softirq+0x10c/0x244
+  irq_exit+0x64/0xb4
+  __handle_domain_irq+0x88/0xac
+  gic_handle_irq+0x74/0xbc
+  el1_irq+0xf0/0x1c0
+  arch_cpu_idle+0x10/0x18
+  do_idle+0x104/0x248
+  cpu_startup_entry+0x20/0x64
+  rest_init+0xd0/0xdc
+  arch_call_rest_init+0xc/0x14
+  start_kernel+0x480/0x4b8
+  Code: f9400281 f94066a2 91405021 b94a0023 (f9406401)
+
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
+Signed-off-by: Nagarajan Maran <quic_nmaran at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403184155.8670-2-quic_nmaran@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp.c    | 4 +++-
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 8 ++++++++
+ drivers/net/wireless/ath/ath11k/peer.h  | 1 +
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp.c
++++ b/drivers/net/wireless/ath/ath11k/dp.c
+@@ -36,6 +36,7 @@ void ath11k_dp_peer_cleanup(struct ath11
+ 	}
+ 
+ 	ath11k_peer_rx_tid_cleanup(ar, peer);
++	peer->dp_setup_done = false;
+ 	crypto_free_shash(peer->tfm_mmic);
+ 	spin_unlock_bh(&ab->base_lock);
+ }
+@@ -72,7 +73,8 @@ int ath11k_dp_peer_setup(struct ath11k *
+ 	ret = ath11k_peer_rx_frag_setup(ar, addr, vdev_id);
+ 	if (ret) {
+ 		ath11k_warn(ab, "failed to setup rx defrag context\n");
+-		return ret;
++		tid--;
++		goto peer_clean;
+ 	}
+ 
+ 	/* TODO: Setup other peer specific resource used in data path */
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -3130,6 +3130,7 @@ int ath11k_peer_rx_frag_setup(struct ath
+ 	}
+ 
+ 	peer->tfm_mmic = tfm;
++	peer->dp_setup_done = true;
+ 	spin_unlock_bh(&ab->base_lock);
+ 
+ 	return 0;
+@@ -3575,6 +3576,13 @@ static int ath11k_dp_rx_frag_h_mpdu(stru
+ 		ret = -ENOENT;
+ 		goto out_unlock;
+ 	}
++	if (!peer->dp_setup_done) {
++		ath11k_warn(ab, "The peer %pM [%d] has uninitialized datapath\n",
++			    peer->addr, peer_id);
++		ret = -ENOENT;
++		goto out_unlock;
++	}
++
+ 	rx_tid = &peer->rx_tid[tid];
+ 
+ 	if ((!skb_queue_empty(&rx_tid->rx_frags) && seqno != rx_tid->cur_sn) ||
+--- a/drivers/net/wireless/ath/ath11k/peer.h
++++ b/drivers/net/wireless/ath/ath11k/peer.h
+@@ -35,6 +35,7 @@ struct ath11k_peer {
+ 	u16 sec_type;
+ 	u16 sec_type_grp;
+ 	bool is_authorized;
++	bool dp_setup_done;
+ };
+ 
+ void ath11k_peer_unmap_event(struct ath11k_base *ab, u16 peer_id);
diff --git a/package/kernel/mac80211/patches/ath11k/0061-wifi-ath11k-fix-undefined-behavior-with-__fls-in-dp.patch b/package/kernel/mac80211/patches/ath11k/0061-wifi-ath11k-fix-undefined-behavior-with-__fls-in-dp.patch
new file mode 100644
index 0000000000..d68c19f160
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0061-wifi-ath11k-fix-undefined-behavior-with-__fls-in-dp.patch
@@ -0,0 +1,29 @@
+From 41e02bf4ae32cf2ac47b08b4caaa9c1a032e4ce7 Mon Sep 17 00:00:00 2001
+From: Harshitha Prem <quic_hprem at quicinc.com>
+Date: Tue, 4 Apr 2023 00:11:55 +0530
+Subject: [PATCH] wifi: ath11k: fix undefined behavior with __fls in dp
+
+"__fls" would have an undefined behavior if the argument is passed
+as "0". Hence, added changes to handle the same.
+
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
+Signed-off-by: Nagarajan Maran <quic_nmaran at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403184155.8670-3-quic_nmaran@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -3598,7 +3598,7 @@ static int ath11k_dp_rx_frag_h_mpdu(stru
+ 		goto out_unlock;
+ 	}
+ 
+-	if (frag_no > __fls(rx_tid->rx_frag_bitmap))
++	if (!rx_tid->rx_frag_bitmap || (frag_no > __fls(rx_tid->rx_frag_bitmap)))
+ 		__skb_queue_tail(&rx_tid->rx_frags, msdu);
+ 	else
+ 		ath11k_dp_rx_h_sort_frags(ar, &rx_tid->rx_frags, msdu);
diff --git a/package/kernel/mac80211/patches/ath11k/0062-wifi-ath11k-fix-double-free-of-peer-rx_tid-during-re.patch b/package/kernel/mac80211/patches/ath11k/0062-wifi-ath11k-fix-double-free-of-peer-rx_tid-during-re.patch
new file mode 100644
index 0000000000..dd37b1e4fa
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0062-wifi-ath11k-fix-double-free-of-peer-rx_tid-during-re.patch
@@ -0,0 +1,144 @@
+From 93a91f40c25c3d0e61f8540a7accf105090f9995 Mon Sep 17 00:00:00 2001
+From: Harshitha Prem <quic_hprem at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:00 +0300
+Subject: [PATCH] wifi: ath11k: fix double free of peer rx_tid during reo cmd
+ failure
+
+Peer rx_tid is locally copied thrice during peer_rx_tid_cleanup to
+send REO_CMD_UPDATE_RX_QUEUE followed by REO_CMD_FLUSH_CACHE to flush
+all aged REO descriptors from HW cache.
+
+When sending REO_CMD_FLUSH_CACHE fails, we do dma unmap of already
+mapped rx_tid->vaddr and free it. This is not checked during
+reo_cmd_list_cleanup() and dp_reo_cmd_free() before trying to free and
+unmap again.
+
+Fix this by setting rx_tid->vaddr NULL in rx tid delete and also
+wherever freeing it to check in reo_cmd_list_cleanup() and
+reo_cmd_free() before trying to free again.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Sathishkumar Muruganandam <quic_murugana at quicinc.com>
+Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403182420.23375-2-quic_hprem@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 43 ++++++++++++++++++-------
+ 1 file changed, 31 insertions(+), 12 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -668,13 +668,18 @@ void ath11k_dp_reo_cmd_list_cleanup(stru
+ 	struct ath11k_dp *dp = &ab->dp;
+ 	struct dp_reo_cmd *cmd, *tmp;
+ 	struct dp_reo_cache_flush_elem *cmd_cache, *tmp_cache;
++	struct dp_rx_tid *rx_tid;
+ 
+ 	spin_lock_bh(&dp->reo_cmd_lock);
+ 	list_for_each_entry_safe(cmd, tmp, &dp->reo_cmd_list, list) {
+ 		list_del(&cmd->list);
+-		dma_unmap_single(ab->dev, cmd->data.paddr,
+-				 cmd->data.size, DMA_BIDIRECTIONAL);
+-		kfree(cmd->data.vaddr);
++		rx_tid = &cmd->data;
++		if (rx_tid->vaddr) {
++			dma_unmap_single(ab->dev, rx_tid->paddr,
++					 rx_tid->size, DMA_BIDIRECTIONAL);
++			kfree(rx_tid->vaddr);
++			rx_tid->vaddr = NULL;
++		}
+ 		kfree(cmd);
+ 	}
+ 
+@@ -682,9 +687,13 @@ void ath11k_dp_reo_cmd_list_cleanup(stru
+ 				 &dp->reo_cmd_cache_flush_list, list) {
+ 		list_del(&cmd_cache->list);
+ 		dp->reo_cmd_cache_flush_count--;
+-		dma_unmap_single(ab->dev, cmd_cache->data.paddr,
+-				 cmd_cache->data.size, DMA_BIDIRECTIONAL);
+-		kfree(cmd_cache->data.vaddr);
++		rx_tid = &cmd_cache->data;
++		if (rx_tid->vaddr) {
++			dma_unmap_single(ab->dev, rx_tid->paddr,
++					 rx_tid->size, DMA_BIDIRECTIONAL);
++			kfree(rx_tid->vaddr);
++			rx_tid->vaddr = NULL;
++		}
+ 		kfree(cmd_cache);
+ 	}
+ 	spin_unlock_bh(&dp->reo_cmd_lock);
+@@ -698,10 +707,12 @@ static void ath11k_dp_reo_cmd_free(struc
+ 	if (status != HAL_REO_CMD_SUCCESS)
+ 		ath11k_warn(dp->ab, "failed to flush rx tid hw desc, tid %d status %d\n",
+ 			    rx_tid->tid, status);
+-
+-	dma_unmap_single(dp->ab->dev, rx_tid->paddr, rx_tid->size,
+-			 DMA_BIDIRECTIONAL);
+-	kfree(rx_tid->vaddr);
++	if (rx_tid->vaddr) {
++		dma_unmap_single(dp->ab->dev, rx_tid->paddr, rx_tid->size,
++				 DMA_BIDIRECTIONAL);
++		kfree(rx_tid->vaddr);
++		rx_tid->vaddr = NULL;
++	}
+ }
+ 
+ static void ath11k_dp_reo_cache_flush(struct ath11k_base *ab,
+@@ -740,6 +751,7 @@ static void ath11k_dp_reo_cache_flush(st
+ 		dma_unmap_single(ab->dev, rx_tid->paddr, rx_tid->size,
+ 				 DMA_BIDIRECTIONAL);
+ 		kfree(rx_tid->vaddr);
++		rx_tid->vaddr = NULL;
+ 	}
+ }
+ 
+@@ -792,6 +804,7 @@ free_desc:
+ 	dma_unmap_single(ab->dev, rx_tid->paddr, rx_tid->size,
+ 			 DMA_BIDIRECTIONAL);
+ 	kfree(rx_tid->vaddr);
++	rx_tid->vaddr = NULL;
+ }
+ 
+ void ath11k_peer_rx_tid_delete(struct ath11k *ar,
+@@ -804,6 +817,8 @@ void ath11k_peer_rx_tid_delete(struct at
+ 	if (!rx_tid->active)
+ 		return;
+ 
++	rx_tid->active = false;
++
+ 	cmd.flag = HAL_REO_CMD_FLG_NEED_STATUS;
+ 	cmd.addr_lo = lower_32_bits(rx_tid->paddr);
+ 	cmd.addr_hi = upper_32_bits(rx_tid->paddr);
+@@ -818,9 +833,11 @@ void ath11k_peer_rx_tid_delete(struct at
+ 		dma_unmap_single(ar->ab->dev, rx_tid->paddr, rx_tid->size,
+ 				 DMA_BIDIRECTIONAL);
+ 		kfree(rx_tid->vaddr);
++		rx_tid->vaddr = NULL;
+ 	}
+ 
+-	rx_tid->active = false;
++	rx_tid->paddr = 0;
++	rx_tid->size = 0;
+ }
+ 
+ static int ath11k_dp_rx_link_desc_return(struct ath11k_base *ab,
+@@ -967,6 +984,7 @@ static void ath11k_dp_rx_tid_mem_free(st
+ 	dma_unmap_single(ab->dev, rx_tid->paddr, rx_tid->size,
+ 			 DMA_BIDIRECTIONAL);
+ 	kfree(rx_tid->vaddr);
++	rx_tid->vaddr = NULL;
+ 
+ 	rx_tid->active = false;
+ 
+@@ -1067,7 +1085,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+ 	return ret;
+ 
+ err_mem_free:
+-	kfree(vaddr);
++	kfree(rx_tid->vaddr);
++	rx_tid->vaddr = NULL;
+ 
+ 	return ret;
+ }
diff --git a/package/kernel/mac80211/patches/ath11k/0063-wifi-ath11k-Prevent-REO-cmd-failures.patch b/package/kernel/mac80211/patches/ath11k/0063-wifi-ath11k-Prevent-REO-cmd-failures.patch
new file mode 100644
index 0000000000..4b9af18062
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0063-wifi-ath11k-Prevent-REO-cmd-failures.patch
@@ -0,0 +1,43 @@
+From a8ae833657a45746debde85c38bb7f070d344026 Mon Sep 17 00:00:00 2001
+From: Harshitha Prem <quic_hprem at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:01 +0300
+Subject: [PATCH] wifi: ath11k: Prevent REO cmd failures
+
+Prevent REO cmd failures causing double free by increasing REO cmd
+ring size and moving REO status ring mask to IRQ group 3 from group
+0 to separate from tx completion ring on IRQ group 0 which may delay
+reo status processing.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Sathishkumar Muruganandam <quic_murugana at quicinc.com>
+Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403182420.23375-3-quic_hprem@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp.h | 2 +-
+ drivers/net/wireless/ath/ath11k/hw.c | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp.h
++++ b/drivers/net/wireless/ath/ath11k/dp.h
+@@ -214,7 +214,7 @@ struct ath11k_pdev_dp {
+ #define DP_REO_REINJECT_RING_SIZE	32
+ #define DP_RX_RELEASE_RING_SIZE		1024
+ #define DP_REO_EXCEPTION_RING_SIZE	128
+-#define DP_REO_CMD_RING_SIZE		128
++#define DP_REO_CMD_RING_SIZE		256
+ #define DP_REO_STATUS_RING_SIZE		2048
+ #define DP_RXDMA_BUF_RING_SIZE		4096
+ #define DP_RXDMA_REFILL_RING_SIZE	2048
+--- a/drivers/net/wireless/ath/ath11k/hw.c
++++ b/drivers/net/wireless/ath/ath11k/hw.c
+@@ -1233,6 +1233,7 @@ const struct ath11k_hw_ring_mask ath11k_
+ 		ATH11K_RX_WBM_REL_RING_MASK_0,
+ 	},
+ 	.reo_status = {
++		0, 0, 0,
+ 		ATH11K_REO_STATUS_RING_MASK_0,
+ 	},
+ 	.rxdma2host = {
diff --git a/package/kernel/mac80211/patches/ath11k/0064-wifi-ath11k-add-peer-mac-information-in-failure-case.patch b/package/kernel/mac80211/patches/ath11k/0064-wifi-ath11k-add-peer-mac-information-in-failure-case.patch
new file mode 100644
index 0000000000..fbcbdfff71
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0064-wifi-ath11k-add-peer-mac-information-in-failure-case.patch
@@ -0,0 +1,74 @@
+From 20487cc3ff36bbfa9505f0a078ba98f09abfc717 Mon Sep 17 00:00:00 2001
+From: Harshitha Prem <quic_hprem at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:01 +0300
+Subject: [PATCH] wifi: ath11k: add peer mac information in failure cases
+
+During reo command failure, the peer mac detail for which the reo
+command was not successful is unknown. Hence, to improve the
+debuggability, add the peer mac information in the failure cases
+which would be useful during multi client cases.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Sathishkumar Muruganandam <quic_murugana at quicinc.com>
+Signed-off-by: Harshitha Prem <quic_hprem at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403182420.23375-4-quic_hprem@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -1009,7 +1009,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+ 
+ 	peer = ath11k_peer_find(ab, vdev_id, peer_mac);
+ 	if (!peer) {
+-		ath11k_warn(ab, "failed to find the peer to set up rx tid\n");
++		ath11k_warn(ab, "failed to find the peer %pM to set up rx tid\n",
++			    peer_mac);
+ 		spin_unlock_bh(&ab->base_lock);
+ 		return -ENOENT;
+ 	}
+@@ -1022,7 +1023,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+ 						    ba_win_sz, ssn, true);
+ 		spin_unlock_bh(&ab->base_lock);
+ 		if (ret) {
+-			ath11k_warn(ab, "failed to update reo for rx tid %d\n", tid);
++			ath11k_warn(ab, "failed to update reo for peer %pM rx tid %d\n: %d",
++				    peer_mac, tid, ret);
+ 			return ret;
+ 		}
+ 
+@@ -1030,8 +1032,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+ 							     peer_mac, paddr,
+ 							     tid, 1, ba_win_sz);
+ 		if (ret)
+-			ath11k_warn(ab, "failed to send wmi command to update rx reorder queue, tid :%d (%d)\n",
+-				    tid, ret);
++			ath11k_warn(ab, "failed to send wmi rx reorder queue for peer %pM tid %d: %d\n",
++				    peer_mac, tid, ret);
+ 		return ret;
+ 	}
+ 
+@@ -1064,6 +1066,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+ 	ret = dma_mapping_error(ab->dev, paddr);
+ 	if (ret) {
+ 		spin_unlock_bh(&ab->base_lock);
++		ath11k_warn(ab, "failed to setup dma map for peer %pM rx tid %d: %d\n",
++			    peer_mac, tid, ret);
+ 		goto err_mem_free;
+ 	}
+ 
+@@ -1077,8 +1081,8 @@ int ath11k_peer_rx_tid_setup(struct ath1
+ 	ret = ath11k_wmi_peer_rx_reorder_queue_setup(ar, vdev_id, peer_mac,
+ 						     paddr, tid, 1, ba_win_sz);
+ 	if (ret) {
+-		ath11k_warn(ar->ab, "failed to setup rx reorder queue, tid :%d (%d)\n",
+-			    tid, ret);
++		ath11k_warn(ar->ab, "failed to setup rx reorder queue for peer %pM tid %d: %d\n",
++			    peer_mac, tid, ret);
+ 		ath11k_dp_rx_tid_mem_free(ab, peer_mac, vdev_id, tid);
+ 	}
+ 
diff --git a/package/kernel/mac80211/patches/ath11k/0065-wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch b/package/kernel/mac80211/patches/ath11k/0065-wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch
new file mode 100644
index 0000000000..e2fe419158
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0065-wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch
@@ -0,0 +1,119 @@
+From 6257c702264c44d74c6b71f0c62a7665da2dc356 Mon Sep 17 00:00:00 2001
+From: Pradeep Kumar Chitrapu <quic_pradeepc at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:02 +0300
+Subject: [PATCH] wifi: ath11k: fix tx status reporting in encap offload mode
+
+ieee80211_tx_status() treats packets in 802.11 frame format and
+tries to extract sta address from packet header. When tx encap
+offload is enabled, this becomes invalid operation. Hence, switch
+to using ieee80211_tx_status_ext() after filling in station
+address for handling both 802.11 and 802.3 frames.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403195738.25367-2-quic_pradeepc@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp.h    |  4 +++
+ drivers/net/wireless/ath/ath11k/dp_tx.c | 33 ++++++++++++++++++++++++-
+ drivers/net/wireless/ath/ath11k/dp_tx.h |  1 +
+ 3 files changed, 37 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp.h
++++ b/drivers/net/wireless/ath/ath11k/dp.h
+@@ -303,12 +303,16 @@ struct ath11k_dp {
+ 
+ #define HTT_TX_WBM_COMP_STATUS_OFFSET 8
+ 
++#define HTT_INVALID_PEER_ID	0xffff
++
+ /* HTT tx completion is overlaid in wbm_release_ring */
+ #define HTT_TX_WBM_COMP_INFO0_STATUS		GENMASK(12, 9)
+ #define HTT_TX_WBM_COMP_INFO0_REINJECT_REASON	GENMASK(16, 13)
+ #define HTT_TX_WBM_COMP_INFO0_REINJECT_REASON	GENMASK(16, 13)
+ 
+ #define HTT_TX_WBM_COMP_INFO1_ACK_RSSI		GENMASK(31, 24)
++#define HTT_TX_WBM_COMP_INFO2_SW_PEER_ID	GENMASK(15, 0)
++#define HTT_TX_WBM_COMP_INFO2_VALID		BIT(21)
+ 
+ struct htt_tx_wbm_completion {
+ 	u32 info0;
+--- a/drivers/net/wireless/ath/ath11k/dp_tx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_tx.c
+@@ -316,10 +316,12 @@ ath11k_dp_tx_htt_tx_complete_buf(struct
+ 				 struct dp_tx_ring *tx_ring,
+ 				 struct ath11k_dp_htt_wbm_tx_status *ts)
+ {
++	struct ieee80211_tx_status status = { 0 };
+ 	struct sk_buff *msdu;
+ 	struct ieee80211_tx_info *info;
+ 	struct ath11k_skb_cb *skb_cb;
+ 	struct ath11k *ar;
++	struct ath11k_peer *peer;
+ 
+ 	spin_lock(&tx_ring->tx_idr_lock);
+ 	msdu = idr_remove(&tx_ring->txbuf_idr, ts->msdu_id);
+@@ -341,6 +343,11 @@ ath11k_dp_tx_htt_tx_complete_buf(struct
+ 
+ 	dma_unmap_single(ab->dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);
+ 
++	if (!skb_cb->vif) {
++		dev_kfree_skb_any(msdu);
++		return;
++	}
++
+ 	memset(&info->status, 0, sizeof(info->status));
+ 
+ 	if (ts->acked) {
+@@ -355,7 +362,23 @@ ath11k_dp_tx_htt_tx_complete_buf(struct
+ 		}
+ 	}
+ 
+-	ieee80211_tx_status(ar->hw, msdu);
++	spin_lock_bh(&ab->base_lock);
++	peer = ath11k_peer_find_by_id(ab, ts->peer_id);
++	if (!peer || !peer->sta) {
++		ath11k_dbg(ab, ATH11K_DBG_DATA,
++			   "dp_tx: failed to find the peer with peer_id %d\n",
++			    ts->peer_id);
++		spin_unlock_bh(&ab->base_lock);
++		dev_kfree_skb_any(msdu);
++		return;
++	}
++	spin_unlock_bh(&ab->base_lock);
++
++	status.sta = peer->sta;
++	status.info = info;
++	status.skb = msdu;
++
++	ieee80211_tx_status_ext(ar->hw, &status);
+ }
+ 
+ static void
+@@ -379,7 +402,15 @@ ath11k_dp_tx_process_htt_tx_complete(str
+ 		ts.msdu_id = msdu_id;
+ 		ts.ack_rssi = FIELD_GET(HTT_TX_WBM_COMP_INFO1_ACK_RSSI,
+ 					status_desc->info1);
++
++		if (FIELD_GET(HTT_TX_WBM_COMP_INFO2_VALID, status_desc->info2))
++			ts.peer_id = FIELD_GET(HTT_TX_WBM_COMP_INFO2_SW_PEER_ID,
++					       status_desc->info2);
++		else
++			ts.peer_id = HTT_INVALID_PEER_ID;
++
+ 		ath11k_dp_tx_htt_tx_complete_buf(ab, tx_ring, &ts);
++
+ 		break;
+ 	case HAL_WBM_REL_HTT_TX_COMP_STATUS_REINJ:
+ 	case HAL_WBM_REL_HTT_TX_COMP_STATUS_INSPECT:
+--- a/drivers/net/wireless/ath/ath11k/dp_tx.h
++++ b/drivers/net/wireless/ath/ath11k/dp_tx.h
+@@ -13,6 +13,7 @@ struct ath11k_dp_htt_wbm_tx_status {
+ 	u32 msdu_id;
+ 	bool acked;
+ 	int ack_rssi;
++	u16 peer_id;
+ };
+ 
+ void ath11k_dp_tx_update_txcompl(struct ath11k *ar, struct hal_tx_status *ts);
diff --git a/package/kernel/mac80211/patches/ath11k/0066-wifi-ath11k-Fix-incorrect-update-of-radiotap-fields.patch b/package/kernel/mac80211/patches/ath11k/0066-wifi-ath11k-Fix-incorrect-update-of-radiotap-fields.patch
new file mode 100644
index 0000000000..4f94580100
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0066-wifi-ath11k-Fix-incorrect-update-of-radiotap-fields.patch
@@ -0,0 +1,49 @@
+From 2f0c9ac8362da09c80f1cd422ef7fd6fa9b252b9 Mon Sep 17 00:00:00 2001
+From: Pradeep Kumar Chitrapu <quic_pradeepc at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:02 +0300
+Subject: [PATCH] wifi: ath11k: Fix incorrect update of radiotap fields
+
+Fix incorrect update of ppdu stats causing incorrect radiotap
+fields.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403195738.25367-3-quic_pradeepc@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/hal_rx.c | 4 ++--
+ drivers/net/wireless/ath/ath11k/hal_rx.h | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/hal_rx.c
++++ b/drivers/net/wireless/ath/ath11k/hal_rx.c
+@@ -1029,7 +1029,7 @@ ath11k_hal_rx_parse_mon_status_tlv(struc
+ 		info1 = __le32_to_cpu(vht_sig->info1);
+ 
+ 		ppdu_info->ldpc = FIELD_GET(HAL_RX_VHT_SIG_A_INFO_INFO1_SU_MU_CODING,
+-					    info0);
++					    info1);
+ 		ppdu_info->mcs = FIELD_GET(HAL_RX_VHT_SIG_A_INFO_INFO1_MCS,
+ 					   info1);
+ 		gi_setting = FIELD_GET(HAL_RX_VHT_SIG_A_INFO_INFO1_GI_SETTING,
+@@ -1452,7 +1452,7 @@ ath11k_hal_rx_parse_mon_status_tlv(struc
+ 		 * PHYRX_OTHER_RECEIVE_INFO TLV.
+ 		 */
+ 		ppdu_info->rssi_comb =
+-			FIELD_GET(HAL_RX_PHYRX_RSSI_LEGACY_INFO_INFO1_RSSI_COMB,
++			FIELD_GET(HAL_RX_PHYRX_RSSI_LEGACY_INFO_INFO0_RSSI_COMB,
+ 				  __le32_to_cpu(rssi->info0));
+ 
+ 		if (db2dbm) {
+--- a/drivers/net/wireless/ath/ath11k/hal_rx.h
++++ b/drivers/net/wireless/ath/ath11k/hal_rx.h
+@@ -385,7 +385,7 @@ struct hal_rx_he_sig_b2_ofdma_info {
+ 	__le32 info0;
+ } __packed;
+ 
+-#define HAL_RX_PHYRX_RSSI_LEGACY_INFO_INFO1_RSSI_COMB	GENMASK(15, 8)
++#define HAL_RX_PHYRX_RSSI_LEGACY_INFO_INFO0_RSSI_COMB	GENMASK(15, 8)
+ 
+ #define HAL_RX_PHYRX_RSSI_PREAMBLE_PRI20	GENMASK(7, 0)
+ 
diff --git a/package/kernel/mac80211/patches/ath11k/0067-wifi-ath11k-Fix-SKB-corruption-in-REO-destination-ri.patch b/package/kernel/mac80211/patches/ath11k/0067-wifi-ath11k-Fix-SKB-corruption-in-REO-destination-ri.patch
new file mode 100644
index 0000000000..8b300f3a79
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0067-wifi-ath11k-Fix-SKB-corruption-in-REO-destination-ri.patch
@@ -0,0 +1,70 @@
+From f9fff67d2d7ca6fa8066132003a3deef654c55b1 Mon Sep 17 00:00:00 2001
+From: Nagarajan Maran <quic_nmaran at quicinc.com>
+Date: Mon, 17 Apr 2023 13:35:02 +0300
+Subject: [PATCH] wifi: ath11k: Fix SKB corruption in REO destination ring
+
+While running traffics for a long time, randomly an RX descriptor
+filled with value "0" from REO destination ring is received.
+This descriptor which is invalid causes the wrong SKB (SKB stored in
+the IDR lookup with buffer id "0") to be fetched which in turn
+causes SKB memory corruption issue and the same leads to crash
+after some time.
+
+Changed the start id for idr allocation to "1" and the buffer id "0"
+is reserved for error validation. Introduced Sanity check to validate
+the descriptor, before processing the SKB.
+
+Crash Signature :
+
+Unable to handle kernel paging request at virtual address 3f004900
+PC points to "b15_dma_inv_range+0x30/0x50"
+LR points to "dma_cache_maint_page+0x8c/0x128".
+The Backtrace obtained is as follows:
+[<8031716c>] (b15_dma_inv_range) from [<80313a4c>] (dma_cache_maint_page+0x8c/0x128)
+[<80313a4c>] (dma_cache_maint_page) from [<80313b90>] (__dma_page_dev_to_cpu+0x28/0xcc)
+[<80313b90>] (__dma_page_dev_to_cpu) from [<7fb5dd68>] (ath11k_dp_process_rx+0x1e8/0x4a4 [ath11k])
+[<7fb5dd68>] (ath11k_dp_process_rx [ath11k]) from [<7fb53c20>] (ath11k_dp_service_srng+0xb0/0x2ac [ath11k])
+[<7fb53c20>] (ath11k_dp_service_srng [ath11k]) from [<7f67bba4>] (ath11k_pci_ext_grp_napi_poll+0x1c/0x78 [ath11k_pci])
+[<7f67bba4>] (ath11k_pci_ext_grp_napi_poll [ath11k_pci]) from [<807d5cf4>] (__napi_poll+0x28/0xb8)
+[<807d5cf4>] (__napi_poll) from [<807d5f28>] (net_rx_action+0xf0/0x280)
+[<807d5f28>] (net_rx_action) from [<80302148>] (__do_softirq+0xd0/0x280)
+[<80302148>] (__do_softirq) from [<80320408>] (irq_exit+0x74/0xd4)
+[<80320408>] (irq_exit) from [<803638a4>] (__handle_domain_irq+0x90/0xb4)
+[<803638a4>] (__handle_domain_irq) from [<805bedec>] (gic_handle_irq+0x58/0x90)
+[<805bedec>] (gic_handle_irq) from [<80301a78>] (__irq_svc+0x58/0x8c)
+
+Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Nagarajan Maran <quic_nmaran at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230403191533.28114-1-quic_nmaran@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/dp_rx.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/dp_rx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_rx.c
+@@ -389,10 +389,10 @@ int ath11k_dp_rxbufs_replenish(struct at
+ 			goto fail_free_skb;
+ 
+ 		spin_lock_bh(&rx_ring->idr_lock);
+-		buf_id = idr_alloc(&rx_ring->bufs_idr, skb, 0,
+-				   rx_ring->bufs_max * 3, GFP_ATOMIC);
++		buf_id = idr_alloc(&rx_ring->bufs_idr, skb, 1,
++				   (rx_ring->bufs_max * 3) + 1, GFP_ATOMIC);
+ 		spin_unlock_bh(&rx_ring->idr_lock);
+-		if (buf_id < 0)
++		if (buf_id <= 0)
+ 			goto fail_dma_unmap;
+ 
+ 		desc = ath11k_hal_srng_src_get_next_entry(ab, srng);
+@@ -2665,6 +2665,9 @@ try_again:
+ 				   cookie);
+ 		mac_id = FIELD_GET(DP_RXDMA_BUF_COOKIE_PDEV_ID, cookie);
+ 
++		if (unlikely(buf_id == 0))
++			continue;
++
+ 		ar = ab->pdevs[mac_id].ar;
+ 		rx_ring = &ar->dp.rx_refill_buf_ring;
+ 		spin_lock_bh(&rx_ring->idr_lock);
diff --git a/package/kernel/mac80211/patches/ath11k/0068-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch b/package/kernel/mac80211/patches/ath11k/0068-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch
new file mode 100644
index 0000000000..ce5ffd273b
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0068-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch
@@ -0,0 +1,49 @@
+From b100722a777f6455d913666a376f81342b2cb995 Mon Sep 17 00:00:00 2001
+From: Muna Sinada <quic_msinada at quicinc.com>
+Date: Mon, 17 Apr 2023 13:22:27 -0700
+Subject: [PATCH] wifi: ath11k: Remove disabling of 80+80 and 160 MHz
+
+This is a regression fix for 80+80 and 160 MHz support bits being
+cleared, therefore not adverised. Remove disable of 80+80 and 160 MHz
+capability flags and assign valid center frequency 2 similar to
+VHT80_80.
+
+Fixes: 38dfe775d0ab ("wifi: ath11k: push MU-MIMO params from hostapd to hardware")
+Reported-by: Robert Marko <robert.marko at sartura.hr>
+Tested-by: Robert Marko <robert.marko at sartura.hr> # IPQ8074 WLAN.HK.2.9.0.1-01385-QCAHKSWPL_SILICONZ-1
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=217299
+Co-developed-by: P Praneesh <quic_ppranees at quicinc.com>
+Signed-off-by: P Praneesh <quic_ppranees at quicinc.com>
+Signed-off-by: Muna Sinada <quic_msinada at quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/1681762947-13882-1-git-send-email-quic_msinada@quicinc.com
+---
+ drivers/net/wireless/ath/ath11k/mac.c | 4 ----
+ drivers/net/wireless/ath/ath11k/wmi.c | 3 ++-
+ 2 files changed, 2 insertions(+), 5 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/mac.c
++++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -5585,10 +5585,6 @@ static int ath11k_mac_copy_he_cap(struct
+ 
+ 		he_cap_elem->mac_cap_info[1] &=
+ 			IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_MASK;
+-		he_cap_elem->phy_cap_info[0] &=
+-			~IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
+-		he_cap_elem->phy_cap_info[0] &=
+-			~IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G;
+ 
+ 		he_cap_elem->phy_cap_info[5] &=
+ 			~IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK;
+--- a/drivers/net/wireless/ath/ath11k/wmi.c
++++ b/drivers/net/wireless/ath/ath11k/wmi.c
+@@ -871,7 +871,8 @@ static void ath11k_wmi_put_wmi_channel(s
+ 
+ 		chan->band_center_freq2 = arg->channel.band_center_freq1;
+ 
+-	} else if (arg->channel.mode == MODE_11AC_VHT80_80) {
++	} else if ((arg->channel.mode == MODE_11AC_VHT80_80) ||
++		   (arg->channel.mode == MODE_11AX_HE80_80)) {
+ 		chan->band_center_freq2 = arg->channel.band_center_freq2;
+ 	} else {
+ 		chan->band_center_freq2 = 0;
diff --git a/package/kernel/mac80211/patches/ath11k/0069-wifi-ath11k-fix-registration-of-6Ghz-only-phy-withou.patch b/package/kernel/mac80211/patches/ath11k/0069-wifi-ath11k-fix-registration-of-6Ghz-only-phy-withou.patch
new file mode 100644
index 0000000000..32468dbc4c
--- /dev/null
+++ b/package/kernel/mac80211/patches/ath11k/0069-wifi-ath11k-fix-registration-of-6Ghz-only-phy-withou.patch
@@ -0,0 +1,61 @@
+From e2ceb1de2f83aafd8003f0b72dfd4b7441e97d14 Mon Sep 17 00:00:00 2001
+From: Maxime Bizon <mbizon at freebox.fr>
+Date: Fri, 21 Apr 2023 16:54:45 +0200
+Subject: [PATCH] wifi: ath11k: fix registration of 6Ghz-only phy without the
+ full channel range
+
+Because of what seems to be a typo, a 6Ghz-only phy for which the BDF
+does not allow the 7115Mhz channel will fail to register:
+
+  WARNING: CPU: 2 PID: 106 at net/wireless/core.c:907 wiphy_register+0x914/0x954
+  Modules linked in: ath11k_pci sbsa_gwdt
+  CPU: 2 PID: 106 Comm: kworker/u8:5 Not tainted 6.3.0-rc7-next-20230418-00549-g1e096a17625a-dirty #9
+  Hardware name: Freebox V7R Board (DT)
+  Workqueue: ath11k_qmi_driver_event ath11k_qmi_driver_event_work
+  pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+  pc : wiphy_register+0x914/0x954
+  lr : ieee80211_register_hw+0x67c/0xc10
+  sp : ffffff800b123aa0
+  x29: ffffff800b123aa0 x28: 0000000000000000 x27: 0000000000000000
+  x26: 0000000000000000 x25: 0000000000000006 x24: ffffffc008d51418
+  x23: ffffffc008cb0838 x22: ffffff80176c2460 x21: 0000000000000168
+  x20: ffffff80176c0000 x19: ffffff80176c03e0 x18: 0000000000000014
+  x17: 00000000cbef338c x16: 00000000d2a26f21 x15: 00000000ad6bb85f
+  x14: 0000000000000020 x13: 0000000000000020 x12: 00000000ffffffbd
+  x11: 0000000000000208 x10: 00000000fffffdf7 x9 : ffffffc009394718
+  x8 : ffffff80176c0528 x7 : 000000007fffffff x6 : 0000000000000006
+  x5 : 0000000000000005 x4 : ffffff800b304284 x3 : ffffff800b304284
+  x2 : ffffff800b304d98 x1 : 0000000000000000 x0 : 0000000000000000
+  Call trace:
+   wiphy_register+0x914/0x954
+   ieee80211_register_hw+0x67c/0xc10
+   ath11k_mac_register+0x7c4/0xe10
+   ath11k_core_qmi_firmware_ready+0x1f4/0x570
+   ath11k_qmi_driver_event_work+0x198/0x590
+   process_one_work+0x1b8/0x328
+   worker_thread+0x6c/0x414
+   kthread+0x100/0x104
+   ret_from_fork+0x10/0x20
+  ---[ end trace 0000000000000000 ]---
+  ath11k_pci 0002:01:00.0: ieee80211 registration failed: -22
+  ath11k_pci 0002:01:00.0: failed register the radio with mac80211: -22
+  ath11k_pci 0002:01:00.0: failed to create pdev core: -22
+
+Signed-off-by: Maxime Bizon <mbizon at freebox.fr>
+Signed-off-by: Kalle Valo <quic_kvalo at quicinc.com>
+Link: https://lore.kernel.org/r/20230421145445.2612280-1-mbizon@freebox.fr
+---
+ drivers/net/wireless/ath/ath11k/mac.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/ath/ath11k/mac.c
++++ b/drivers/net/wireless/ath/ath11k/mac.c
+@@ -8892,7 +8892,7 @@ static int ath11k_mac_setup_channels_rat
+ 	}
+ 
+ 	if (supported_bands & WMI_HOST_WLAN_5G_CAP) {
+-		if (reg_cap->high_5ghz_chan >= ATH11K_MAX_6G_FREQ) {
++		if (reg_cap->high_5ghz_chan >= ATH11K_MIN_6G_FREQ) {
+ 			channels = kmemdup(ath11k_6ghz_channels,
+ 					   sizeof(ath11k_6ghz_channels), GFP_KERNEL);
+ 			if (!channels) {
diff --git a/package/kernel/mac80211/patches/ath11k/101-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch b/package/kernel/mac80211/patches/ath11k/101-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch
deleted file mode 100644
index 6fcd76b1a7..0000000000
--- a/package/kernel/mac80211/patches/ath11k/101-wifi-ath11k-Remove-disabling-of-80-80-and-160-MHz.patch
+++ /dev/null
@@ -1,130 +0,0 @@
-From patchwork Mon Apr 17 20:22:27 2023
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-X-Patchwork-Submitter: Muna Sinada <quic_msinada at quicinc.com>
-X-Patchwork-Id: 13214540
-X-Patchwork-Delegate: kvalo at adurom.com
-Return-Path: <linux-wireless-owner at vger.kernel.org>
-X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
-	aws-us-west-2-korg-lkml-1.web.codeaurora.org
-Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
-	by smtp.lore.kernel.org (Postfix) with ESMTP id 8C359C77B76
-	for <linux-wireless at archiver.kernel.org>;
- Mon, 17 Apr 2023 20:26:40 +0000 (UTC)
-Received: (majordomo at vger.kernel.org) by vger.kernel.org via listexpand
-        id S230070AbjDQU0j (ORCPT
-        <rfc822;linux-wireless at archiver.kernel.org>);
-        Mon, 17 Apr 2023 16:26:39 -0400
-Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53306 "EHLO
-        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
-        with ESMTP id S229914AbjDQU0h (ORCPT
-        <rfc822;linux-wireless at vger.kernel.org>);
-        Mon, 17 Apr 2023 16:26:37 -0400
-Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com
- [205.220.180.131])
-        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67CE24C33
-        for <linux-wireless at vger.kernel.org>;
- Mon, 17 Apr 2023 13:26:24 -0700 (PDT)
-Received: from pps.filterd (m0279873.ppops.net [127.0.0.1])
-        by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
- 33HIsf5q010173;
-        Mon, 17 Apr 2023 20:22:47 GMT
-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com;
- h=from : to : cc :
- subject : date : message-id : mime-version : content-type; s=qcppdkim1;
- bh=FGtbeAR6pG0KxyEKVLIRzkq1RXlKfaVfRT1iixzMcII=;
- b=jSdZBeFj4RAdCiUPrL/F9n+ufnpxT1pJNfZuA0tfEnUf54SCGUuHT5LtRdojYVh31YSS
- aAGDRFvl7tIKqq/c6h4tm7SDdlhWF+MU3sH1YJNrwDeMAUZD+RnviJjo+GfgnEtp9+z7
- PA75vGkpKiuMh6M8QFYB+/XxrJmx/XJBNESfMdAjBuMXnQf4S2yJ/IMwSxPkYKMU3lC6
- DNnUAcgC/8wawYt8T1d8gKWq5CgWls4i1quveZghsbGUuL01i7SRXdKVianDJJsHEa0G
- /brUp6LMMeJUgEI8wBfFAtcknzN0ADMVEqsJr+AHvQXnb1iHZyafl6BAeupXNS+Yi+fJ sw==
-Received: from nalasppmta05.qualcomm.com (Global_NAT1.qualcomm.com
- [129.46.96.20])
-        by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3q171gh1hb-1
-        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
- verify=NOT);
-        Mon, 17 Apr 2023 20:22:47 +0000
-Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com
- [10.47.209.196])
-        by NALASPPMTA05.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id
- 33HKMjHs007640
-        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
- verify=NOT);
-        Mon, 17 Apr 2023 20:22:46 GMT
-Received: from msinada-linux.qualcomm.com (10.80.80.8) by
- nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server
- (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
- 15.2.986.42; Mon, 17 Apr 2023 13:22:44 -0700
-From: Muna Sinada <quic_msinada at quicinc.com>
-To: <ath11k at lists.infradead.org>
-CC: <linux-wireless at vger.kernel.org>,
-        Muna Sinada <quic_msinada at quicinc.com>,
-        P Praneesh <quic_ppranees at quicinc.com>
-Subject: [PATCH] wifi: ath11k: Remove disabling of 80+80 and 160 MHz
-Date: Mon, 17 Apr 2023 13:22:27 -0700
-Message-ID: <1681762947-13882-1-git-send-email-quic_msinada at quicinc.com>
-X-Mailer: git-send-email 2.7.4
-MIME-Version: 1.0
-X-Originating-IP: [10.80.80.8]
-X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To
- nalasex01a.na.qualcomm.com (10.47.209.196)
-X-QCInternal: smtphost
-X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800
- signatures=585085
-X-Proofpoint-GUID: wqGG1zw0KpXNYk_yFYb16HwLWt9V-6o4
-X-Proofpoint-ORIG-GUID: wqGG1zw0KpXNYk_yFYb16HwLWt9V-6o4
-X-Proofpoint-Virus-Version: vendor=baseguard
- engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22
- definitions=2023-04-17_13,2023-04-17_01,2023-02-09_01
-X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
- priorityscore=1501 mlxscore=0
- mlxlogscore=796 suspectscore=0 impostorscore=0 bulkscore=0 spamscore=0
- clxscore=1015 phishscore=0 lowpriorityscore=0 malwarescore=0 adultscore=0
- classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000
- definitions=main-2304170181
-Precedence: bulk
-List-ID: <linux-wireless.vger.kernel.org>
-X-Mailing-List: linux-wireless at vger.kernel.org
-
-This is a regression fix for 80+80 and 160 MHz support bits being
-cleared, therefore not adverised. Remove disable of 80+80 and 160 MHz
-capability flags and assign valid center frequency 2 similar to
-VHT80_80.
-
-Fixes: 38dfe775d0ab ("wifi: ath11k: push MU-MIMO params from hostapd to hardware")
-Reported-by: Robert Marko <robert.marko at sartura.hr>
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=217299
-Co-developed-by: P Praneesh <quic_ppranees at quicinc.com>
-Signed-off-by: P Praneesh <quic_ppranees at quicinc.com>
-Signed-off-by: Muna Sinada <quic_msinada at quicinc.com>
----
- drivers/net/wireless/ath/ath11k/mac.c | 4 ----
- drivers/net/wireless/ath/ath11k/wmi.c | 3 ++-
- 2 files changed, 2 insertions(+), 5 deletions(-)
-
---- a/drivers/net/wireless/ath/ath11k/mac.c
-+++ b/drivers/net/wireless/ath/ath11k/mac.c
-@@ -5585,10 +5585,6 @@ static int ath11k_mac_copy_he_cap(struct
- 
- 		he_cap_elem->mac_cap_info[1] &=
- 			IEEE80211_HE_MAC_CAP1_TF_MAC_PAD_DUR_MASK;
--		he_cap_elem->phy_cap_info[0] &=
--			~IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G;
--		he_cap_elem->phy_cap_info[0] &=
--			~IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G;
- 
- 		he_cap_elem->phy_cap_info[5] &=
- 			~IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_UNDER_80MHZ_MASK;
---- a/drivers/net/wireless/ath/ath11k/wmi.c
-+++ b/drivers/net/wireless/ath/ath11k/wmi.c
-@@ -871,7 +871,8 @@ static void ath11k_wmi_put_wmi_channel(s
- 
- 		chan->band_center_freq2 = arg->channel.band_center_freq1;
- 
--	} else if (arg->channel.mode == MODE_11AC_VHT80_80) {
-+	} else if ((arg->channel.mode == MODE_11AC_VHT80_80) ||
-+		   (arg->channel.mode == MODE_11AX_HE80_80)) {
- 		chan->band_center_freq2 = arg->channel.band_center_freq2;
- 	} else {
- 		chan->band_center_freq2 = 0;




More information about the lede-commits mailing list