Shayne Chen [Thu, 15 May 2025 03:29:52 +0000 (11:29 +0800)]
wifi: mt76: support power delta calculation for 5 TX paths
One variant of MT7992 has 5 TX paths, so extend the power delta function
to support it. Also, rename nss_delta to path_delta since the value is
based on the number of TX paths rather tha the number of spatial streams.
(path delta [0.5 dBm] = 10 * log(path number) [dBm] * 2)
Co-developed-by: StanleyYP Wang <StanleyYP.Wang@mediatek.com> Signed-off-by: StanleyYP Wang <StanleyYP.Wang@mediatek.com> Signed-off-by: Shayne Chen <shayne.chen@mediatek.com> Link: https://patch.msgid.link/20250515032952.1653494-9-shayne.chen@mediatek.com Signed-off-by: Felix Fietkau <nbd@nbd.name>
Shayne Chen [Thu, 15 May 2025 03:29:51 +0000 (11:29 +0800)]
wifi: mt76: fix available_antennas setting
Check if available_antennas_tx and available_antennas_rx are already set
during the per-chip initialization phase; otherwise, they could be
overwritten with incorrect values.
Shayne Chen [Thu, 15 May 2025 03:29:50 +0000 (11:29 +0800)]
wifi: mt76: mt7996: fix RX buffer size of MCU event
Some management frames are first processed by the firmware and then
passed to the driver through the MCU event rings. In CONNAC3, event rings
do not support scatter-gather and have a size limitation of 2048 bytes.
If a packet sized between 1728 and 2048 bytes arrives from an event ring,
the ring will hang because the driver attempts to use scatter-gather to
process it.
To fix this, include the size of struct skb_shared_info in the MCU RX
buffer size to prevent scatter-gather from being used for event skb in
mt76_dma_rx_fill_buf().
Fixes: 98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices") Co-developed-by: Peter Chiu <chui-hao.chiu@mediatek.com> Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com> Signed-off-by: Shayne Chen <shayne.chen@mediatek.com> Link: https://patch.msgid.link/20250515032952.1653494-7-shayne.chen@mediatek.com Signed-off-by: Felix Fietkau <nbd@nbd.name>
Peter Chiu [Thu, 15 May 2025 03:29:48 +0000 (11:29 +0800)]
wifi: mt76: mt7996: fix invalid NSS setting when TX path differs from NSS
The maximum TX path and NSS may differ on a band. For example, one variant
of the MT7992 has 5 TX paths and 4 NSS on the 5 GHz band. To address this,
add orig_antenna_mask to record the maximum NSS and prevent setting an
invalid NSS in mt7996_set_antenna().
Fixes: 69d54ce7491d ("wifi: mt76: mt7996: switch to single multi-radio wiphy") Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com> Signed-off-by: Shayne Chen <shayne.chen@mediatek.com> Link: https://patch.msgid.link/20250515032952.1653494-5-shayne.chen@mediatek.com Signed-off-by: Felix Fietkau <nbd@nbd.name>
Benjamin Lin [Thu, 15 May 2025 03:29:47 +0000 (11:29 +0800)]
wifi: mt76: mt7996: drop fragments with multicast or broadcast RA
IEEE 802.11 fragmentation can only be applied to unicast frames.
Therefore, drop fragments with multicast or broadcast RA. This patch
addresses vulnerabilities such as CVE-2020-26145.
Peter Chiu [Thu, 15 May 2025 03:29:46 +0000 (11:29 +0800)]
wifi: mt76: mt7996: set EHT max ampdu length capability
Set the max AMPDU length in the EHT MAC CAP. Without this patch, the
peer station cannot obtain the correct capability, which prevents
achieving peak throughput on the 2 GHz band.
Fixes: 1816ad9381e0 ("wifi: mt76: mt7996: add max mpdu len capability") Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com> Signed-off-by: Shayne Chen <shayne.chen@mediatek.com> Link: https://patch.msgid.link/20250515032952.1653494-3-shayne.chen@mediatek.com Signed-off-by: Felix Fietkau <nbd@nbd.name>
Howard Hsu [Thu, 15 May 2025 03:29:45 +0000 (11:29 +0800)]
wifi: mt76: mt7996: fix beamformee SS field
Fix the beamformee SS field for the mt7996, mt7992 and mt7990 chipsets.
For the mt7992, this value shall be set to 0x4, while the others shall
be set to 0x3.
Fixes: 5b20557593d4 ("wifi: mt76: connac: adjust phy capabilities based on band constraints") Signed-off-by: Howard Hsu <howard-yh.hsu@mediatek.com> Signed-off-by: Shayne Chen <shayne.chen@mediatek.com> Link: https://patch.msgid.link/20250515032952.1653494-2-shayne.chen@mediatek.com Signed-off-by: Felix Fietkau <nbd@nbd.name>
Michael Lo [Mon, 5 May 2025 23:36:18 +0000 (16:36 -0700)]
wifi: mt76: mt7925: add test mode support
The test mode interface allows controlled execution of chip-level
operations such as continuous transmission, reception tests, and
register access, which are essential during bring-up, diagnostics,
and factory testing.
Michael Lo [Mon, 14 Apr 2025 01:39:54 +0000 (09:39 +0800)]
wifi: mt76: mt7925: ensure all MCU commands wait for response
Modify MCU command sending functions to wait for a response,
ensuring consistent behavior across all commands and improves
reliability by confirming that each command is processed
successfully.
Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips") Signed-off-by: Michael Lo <michael.lo@mediatek.com> Signed-off-by: Ming Yen Hsieh <mingyen.hsieh@mediatek.com> Link: https://patch.msgid.link/20250414013954.1151774-3-mingyen.hsieh@mediatek.com Signed-off-by: Felix Fietkau <nbd@nbd.name>
Introduce mt76_connac_mcu_build_rnr_scan_param routine for handling
RNR scan. This is a preliminary patch to enable RNR scan in mt7921 and
mt7925 driver.
Baochen Qiang [Wed, 21 May 2025 16:59:31 +0000 (22:29 +0530)]
wifi: ath12k: fix regdomain update failure when connection establishes
Commit 7ed3e88664e3 ("wifi: ath12k: update regulatory rules when connection
established") introduced a call to ath12k_reg_handle_chan_list() upon
connection to update the regulatory domain in cfg80211 based on the power
type received from the AP.
However, this update fails because ah->regd_updated was already set to true
during the earlier regulatory update triggered when the interface was
added.
To resolve this, reset ah->regd_updated before calling
ath12k_reg_handle_chan_list() to ensure the update proceeds correctly.
Baochen Qiang [Wed, 21 May 2025 16:59:30 +0000 (22:29 +0530)]
wifi: ath12k: fix regdomain update failure when adding interface
Commit 4c546023d71a ("wifi: ath12k: update regulatory rules when interface
added"), introduced a call to ath12k_reg_handle_chan_list() during
interface addition to update the regulatory domain based on the interface
type. While this works initially, subsequent updates (e.g., after an
interface delete/re-add cycle) fail because ah->regd_updated is never
reset.
To address this, reset ah->regd_updated before calling
ath12k_reg_handle_chan_list() to allow the update to proceed.
However, this change exposes another issue: a timeout occurs when waiting
for the 11D scan to complete, as seen in the log:
ath12k_pci 0000:05:00.0: failed to receive 11d scan complete: timed out
This happens because during interface down, ar->state_11d is set to
ATH12K_11D_PREPARING, and during interface up, the host waits for
ar->completed_11d_scan even though the scan hasn't started yet.
Fix this by updating the wait condition to check for ATH12K_11D_RUNNING,
which is the only state where a scan complete event is expected.
Baochen Qiang [Wed, 21 May 2025 16:59:29 +0000 (22:29 +0530)]
wifi: ath12k: fix regdomain update failure after 11D scan completes
In the current implementation of ath12k_regd_update(), the ah->regd_updated
flag is used to ensure that the regulatory domain is updated only once per
radio. During MAC registration, this function is called to push the default
regulatory domain to cfg80211. At that point, the hardware state is not on
and hence ah->regd_updated remains false.
However, after commit 4c546023d71a ("wifi: ath12k: update regulatory rules
when interface added"), ath12k_reg_handle_chan_list() is invoked when an
interface is added, which in turn calls ath12k_regd_update(). By this time,
hardware state is on and consecutively ah->regd_updated becomes true.
Later, when the 11D scan completes and a new regulatory domain is received
from the firmware, the host attempts to update cfg80211 again via
ath12k_regd_update(). But since ah->regd_updated is already true, the
update is skipped.
>From the user's perspective, this results in a failure to connect to 6 GHz
APs, as the default regulatory domain (the only one pushed to cfg80211)
does not include 6 GHz support.
To resolve this, reset the ah->regd_updated flag when handling the 11D
regulatory domain update.
Lorenzo Bianconi [Tue, 25 Mar 2025 16:12:05 +0000 (17:12 +0100)]
Revert "wifi: mt76: Check link_conf pointer in mt76_connac_mcu_sta_basic_tlv()"
In mt76_connac_mcu_sta_basic_tlv() link_conf is always not NULL.
Revert the commit '9890624c1b39 ("wifi: mt76: Check link_conf pointer in
mt76_connac_mcu_sta_basic_tlv()")' in order to fix the following
warning:
drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c:394 mt76_connac_mcu_sta_basic_tlv()
warn: variable dereferenced before check 'link_conf'
ensure proper interrupt handling and aligns with the hardware spec by
updating the register offset for MT_WFDMA0_HOST_INT_ENA.
Cc: stable@vger.kernel.org Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips") Signed-off-by: Michael Lo <michael.lo@mediatek.com> Signed-off-by: Ming Yen Hsieh <mingyen.hsieh@mediatek.com> Link: https://patch.msgid.link/20250509083512.455095-1-mingyen.hsieh@mediatek.com Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes the 5G connectibity issue on LiteOn WN4519R module
see https://github.com/openwrt/mt76/issues/971
And may also fix the 5G issues on the XBox One Wireless Adapter
see https://github.com/openwrt/mt76/issues/200
I have looked at the FCC info related to the MT7632U chip as mentioned in here:
https://github.com/openwrt/mt76/issues/459
These confirm the chipset does not support 'ac' mode and hence VHT should be turned of.
wifi: mt76: mt7996: prevent uninit return in mt7996_mac_sta_add_links
If link_conf_dereference_protected() or mt7996_vif_link()
or link_sta_dereference_protected() fail the code jumps to
the error_unlink label and returns ret which is uninitialised.
Fix this by setting err before jumping to error_unlink.
Fixes: c7e4fc362443 ("wifi: mt76: mt7996: Update mt7996_mcu_add_sta to MLO support") Fixes: dd82a9e02c05 ("wifi: mt76: mt7996: Rely on mt7996_sta_link in sta_add/sta_remove callbacks") Signed-off-by: Qasim Ijaz <qasdev00@gmail.com> Link: https://patch.msgid.link/20250421110550.9839-1-qasdev00@gmail.com Signed-off-by: Felix Fietkau <nbd@nbd.name>
The MTK connac3 has introduced new hardware, SDO (Software Defined
Offload), to offload the process of filling the TX descriptor. Initially,
there were some issues, but after several fixes, it should now be stable,
allowing us to revert this commit.
Additionally, activating SDO is essential for the proper functioning of
features like TX checksum offload.
Charles Han [Mon, 7 Apr 2025 09:55:51 +0000 (17:55 +0800)]
wifi: mt76: mt7996: Add NULL check in mt7996_thermal_init
devm_kasprintf() can return a NULL pointer on failure,but this
returned value in mt7996_thermal_init() is not checked.
Add NULL check in mt7996_thermal_init(), to handle kernel NULL
pointer dereference error.
StanleyYP Wang [Thu, 20 Mar 2025 01:59:26 +0000 (09:59 +0800)]
wifi: mt76: mt7996: rework radar HWRDD idx
The definition of MT_RX_SEL (for rdd_rx_sel) is mixed with the
definition of HWRDD idx.
For example, MT_RX_SEL2 is for background HWRDD idx, not an
option of rdd_rx_sel.
Additionally, HWRDD idx does not exactly map to band idx for
Connac 3 chips. So, add mt7996_get_rdd_idx as a helper function.
Finally, remove some parts of the code inherited from the legacy chips.
For instance,
1. rdd_state is used for single-band-dual-HWRDD chips (for 80+80),
especially the 76xx series.
2. rdd_rx_sel is also used for single-band-dual-HWRDD chips
rx_sel = 0 => RDD0 for WF0, RDD1 for WF2
rx_sel = 1 => RDD0 for WF1, RDD1 for WF3
StanleyYP Wang [Thu, 20 Mar 2025 01:59:18 +0000 (09:59 +0800)]
wifi: mt76: mt7915: rework radar HWRDD idx
The definition of MT_RX_SEL (for rdd_rx_sel) is mixed with the
definition of HWRDD idx.
For example, MT_RX_SEL2 is for background HWRDD idx, not an option
of rdd_rx_sel.
Therefore, add mt7915_get_rdd_idx as a helper function to get the
HWRDD idx for each variants.
Additionally, remove some parts of the code inherited from the legacy
chips.
For instance,
1. rdd_state is used for single-band-dual-HWRDD chips (for 80+80),
especially the 76xx series.
2. rdd_rx_sel is also used for single-band-dual-HWRDD chips
rx_sel = 0 => RDD0 for WF0, RDD1 for WF2
rx_sel = 1 => RDD0 for WF1, RDD1 for WF3
StanleyYP Wang [Thu, 20 Mar 2025 01:59:09 +0000 (09:59 +0800)]
wifi: mt76: mt7915: set correct background radar capability
Some of the variants do not support background radar, so add a
helper to report background radar capability.
For mt7916, only the variant of 5G 2T2R + 1R supports background
radar.
wifi: mt76: connac: rework TX descriptor and TX free for mt7990
Adjust the TX descriptor and TX free for updated hardware fields.
This is a preliminary patch to support mt7990 chipset.
Co-developed-by: StanleyYP Wang <StanleyYP.Wang@mediatek.com> Signed-off-by: StanleyYP Wang <StanleyYP.Wang@mediatek.com> Co-developed-by: Benjamin Lin <benjamin-jw.lin@mediatek.com> Signed-off-by: Benjamin Lin <benjamin-jw.lin@mediatek.com> Co-developed-by: Peter Chiu <chui-hao.chiu@mediatek.com> Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com> Signed-off-by: Shayne Chen <shayne.chen@mediatek.com> Link: https://patch.msgid.link/20250409140750.724437-9-shayne.chen@mediatek.com Signed-off-by: Felix Fietkau <nbd@nbd.name>
Peter Chiu [Wed, 9 Apr 2025 14:07:43 +0000 (22:07 +0800)]
wifi: mt76: mt7996: rework WA mcu command for mt7990
Since mt7990 lacks WA firmware, some WA commands are not supported or
need to be refactored to use the SDO command.
This is a preliminary patch to support mt7990 chipset.
wifi: mac80211: accept probe response on link address as well
If a random MAC address is not requested during scan request, unicast probe
response frames are only accepted if the destination address matches the
interface address. This works fine for non-ML interfaces. However, with
MLO, the same interface can have multiple links, and a scan on a link would
be requested with the link address. In such cases, the probe response frame
gets dropped which is incorrect.
Therefore, add logic to check if any of the link addresses match the
destination address if the interface address does not match.
wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO
When an AP interface is already beaconing, a subsequent scan is not allowed
unless the user space explicitly sets the flag NL80211_SCAN_FLAG_AP in the
scan request. If this flag is not set, the scan request will be returned
with the error code -EOPNOTSUPP. However, this restriction currently
applies only to non-ML interfaces. For ML interfaces, scans are allowed
without this flag being explicitly set by the user space which is wrong.
This is because the beaconing check currently uses only the deflink, which
does not get set during MLO.
Hence to fix this, during MLO, use the existing helper
ieee80211_num_beaconing_links() to know if any of the link is beaconing.
Christian Lamparter [Fri, 16 May 2025 18:41:06 +0000 (20:41 +0200)]
wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
Robert Morris reported:
|If a malicious USB device pretends to be an Intersil p54 wifi
|interface and generates an eeprom_readback message with a large
|eeprom->v1.len, p54_rx_eeprom_readback() will copy data from the
|message beyond the end of priv->eeprom.
|
|static void p54_rx_eeprom_readback(struct p54_common *priv,
| struct sk_buff *skb)
|{
| struct p54_hdr *hdr = (struct p54_hdr *) skb->data;
| struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr->data;
|
| if (priv->fw_var >= 0x509) {
| memcpy(priv->eeprom, eeprom->v2.data,
| le16_to_cpu(eeprom->v2.len));
| } else {
| memcpy(priv->eeprom, eeprom->v1.data,
| le16_to_cpu(eeprom->v1.len));
| }
| [...]
The eeprom->v{1,2}.len is set by the driver in p54_download_eeprom().
The device is supposed to provide the same length back to the driver.
But yes, it's possible (like shown in the report) to alter the value
to something that causes a crash/panic due to overrun.
This patch addresses the issue by adding the size to the common device
context, so p54_rx_eeprom_readback no longer relies on possibly tampered
values... That said, it also checks if the "firmware" altered the value
and no longer copies them.
The one, small saving grace is: Before the driver tries to read the eeprom,
it needs to upload >a< firmware. the vendor firmware has a proprietary
license and as a reason, it is not present on most distributions by
default.
Cc: <stable@kernel.org> Reported-by: Robert Morris <rtm@mit.edu> Closes: https://lore.kernel.org/linux-wireless/28782.1747258414@localhost/ Fixes: 7cb770729ba8 ("p54: move eeprom code into common library") Signed-off-by: Christian Lamparter <chunkeey@gmail.com> Link: https://patch.msgid.link/20250516184107.47794-1-chunkeey@gmail.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bert Karwatzki [Tue, 20 May 2025 22:34:29 +0000 (00:34 +0200)]
wifi: check if socket flags are valid
Checking the SOCK_WIFI_STATUS flag bit in sk_flags may give wrong results
since sk_flags are part of a union and the union is used otherwise. Add
sk_requests_wifi_status() which checks if sk is non-NULL, sk is a full
socket (so flags are valid) and checks the flag bit.
The current implementation of per-pdev frequency range updates assumes that
each pdev supports only a single band. As a result in ath12k_regd_update(),
bands are handled using an if-else structure, which limits updates to only
one of the band per pdev. This assumption does not hold for all chipsets.
For example, the WCN7850 supports multiple bands within a single pdev.
Hence to accommodate such cases, update the logic to account for all band
cases by handling each band in a separate if conditions instead of the
previous if-else structure.
The function calls bitmap_empty() just before find_first_bit(). Both
functions are O(N). Because find_first_bit() returns >= nbits in case of
empty bitmap, the bitmap_empty() test may be avoided.
wifi: ath9k_htc: Abort software beacon handling if disabled
A malicious USB device can send a WMI_SWBA_EVENTID event from an
ath9k_htc-managed device before beaconing has been enabled. This causes
a device-by-zero error in the driver, leading to either a crash or an
out of bounds read.
Prevent this by aborting the handling in ath9k_htc_swba() if beacons are
not enabled.
Reported-by: Robert Morris <rtm@csail.mit.edu> Closes: https://lore.kernel.org/r/88967.1743099372@localhost Fixes: 832f6a18fc2a ("ath9k_htc: Add beacon slots") Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk> Link: https://patch.msgid.link/20250402112217.58533-1-toke@toke.dk Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Aishwarya R [Mon, 5 May 2025 03:43:51 +0000 (09:13 +0530)]
wifi: ath12k: remove redundant regulatory rules intersection logic in host
Whenever there is a change in the country code settings from the
user, driver does an intersection of the regulatory rules for this
new country with the original regulatory rules which were reported
during initialization time.
There is also similar logic running in firmware with a difference
that the intersection in firmware is only done when the country code
is configuration during boot up time (BDF/OTP). Firmware logic does
not kick in when no country code is configured during device bring
up time as the device is always expected to have the country code
configured properly in the deployment.
There is a debug/test use case that requires absolute regulatory
rules to be used for a user configured country code when the device
is not configured with a particular country code during boot up time.
To support the above test use case, remove the redundant regulatory
rules intersection logic in the host driver. Depend on the
intersection logic in firmware when the device comes up with
pre-configured country code.
Mohan Kumar G [Mon, 5 May 2025 15:35:36 +0000 (21:05 +0530)]
wifi: ath12k: Send MCS15 support to firmware during peer assoc
As per IEEE 802.11be-2024 - 9.4.2.321, EHT operation element
contains MCS15 Disable subfield as the sixth bit, which is set when
MCS15 support is not enabled.
During association, firmware will use this MCS15 flag to enable or
disable the reception of PPDU with EHT-MCS15 capability.
Send MCS15 support to firmware through WMI command during peer assoc.
During a code review, it is observed that in the scenario
where scan initiation fails, the current code schedules the
ar->scan.timeout workqueue which is not necessary.
In the scan initiation failure scenario, exit the code instead
of scheduling the ar->scan.timeout workqueue.
Fixes: b8a0d83fe4c7 ("wifi: ath12k: move firmware stats out of debugfs") Signed-off-by: P Praneesh <praneesh.p@oss.qualcomm.com> Signed-off-by: Raj Kumar Bhagat <quic_rajkbhag@quicinc.com> Link: https://patch.msgid.link/20250507-fw-stats-mem-leak-v1-1-8d4d1d8ec0e8@quicinc.com Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
which based on a quick look at the ath11k driver seemed to indicate some
kind of ring-buffer corruption.
Miaoqing Pan tracked it down to the host seeing the updated destination
ring head pointer before the updated descriptor, and the error handling
for that in turn leaves the ring buffer in an inconsistent state.
While this has not yet been observed with ath12k, the ring-buffer
implementation is very similar to the ath11k one and it suffers from the
same bugs.
Add the missing memory barrier to make sure that the descriptor is read
after the head pointer to address the root cause of the corruption while
fixing up the error handling in case there are ever any (ordering) bugs
on the device side.
Note that the READ_ONCE() are only needed to avoid compiler mischief in
case the ring-buffer helpers are ever inlined.
Rajat Soni [Wed, 30 Apr 2025 04:55:38 +0000 (10:25 +0530)]
wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event
Currently, in ath12k_service_ready_ext_event(), svc_rdy_ext.mac_phy_caps
is not freed in the failure case, causing a memory leak. The following
trace is observed in kmemleak:
Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Signed-off-by: Rajat Soni <quic_rajson@quicinc.com> Signed-off-by: Raj Kumar Bhagat <quic_rajkbhag@quicinc.com> Link: https://patch.msgid.link/20250430-wmi-mem-leak-v1-1-fcc9b49c2ddc@quicinc.com Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
Miaoqing Pan [Thu, 24 Apr 2025 00:57:03 +0000 (08:57 +0800)]
wifi: ath12k: support usercase-specific firmware overrides
Introduce 'firmware-name' property to allow end-users and/or integrators to
decide which usecase-specific firmware to run on the WCN7850 platform. This
is necessary due to resource limitations such as memory capacity and CPU
capability, or performance and power optimization for different application
scenarios.
Currently, there are two firmwares, both files can be executed
interchangeably.
For example:
The former is the default firmware, suitable for most WiFi 7 STA functions.
The latter adds support for commercial-quality SAP and optimizes power
consumption for IoT applications. And both use the same BDF/regdb data
within the main board-2.bin.
Introduce 'firmware-name' property to allow end-users and/or integrators
to decide which usecase-specific firmware to run on the WCN7850 platform.
This is necessary due to resource limitations such as memory capacity and
CPU capability, or performance and power optimization for different
application scenarios.
Two firmwares are supported: 'WCN7850/hw2.0' and 'WCN7850/hw2.0/ncm825'.
The former is the default firmware, suitable for most WiFi 7 STA
functions. The latter adds support for commercial-quality SAP and
optimizes power consumption for IoT applications.
wifi: ath12k: Adjust the process of resource release for ahb bus
Due to the change in the resource release order in ath12k_core_deinit(),
the resource release order in the AHB bus removal process needs to be
adjusted accordingly.
wifi: ath12k: Reorder and relocate the release of resources in ath12k_core_deinit()
Ath12k panic notifier is registered in driver loading process. But it is not
unregistered if ATH12K_FLAG_QMI_FAIL is set(e.g. load BDF failed) and unload
driver. It causes a dirty node in panic notifier list since ath12k panic
notifier is not unregistered from list but the buffer of this node is freed
in driver unloading process. If load driver again there will be a page fault
error due to this dirty node in panic notifier list.
This issue is caused by asymmetry between ath12k_core_init() and
ath12k_core_deinit(). Reorder and relocate the release of resources in
ath12k_core_deinit() to avoid this asymmetry issue.
Add support for data path related device specific stats. This
information helps to debug connectivity and performance issues
in AP, STA, and Mesh modes.
P Praneesh [Thu, 24 Apr 2025 05:51:04 +0000 (11:21 +0530)]
wifi: ath12k: Fix invalid RSSI values in station dump
When processing a "station dump" command, the driver retrieves RSSI
values from the HAL_PHYRX_RSSI_LEGACY TLV received from the monitor
destination ring, and reports them to userspace. Currently, the RSSI
values reported are improper because the hardware has not been
configured to update them properly.
To fix this, enable the HTT_RX_FILTER_TLV_FLAGS_PPDU_START_USER_INFO in
the filter setup to ensure the correct RSSI values are returned in the
HAL_PHYRX_RSSI_LEGACY TLV, resulting in correct RSSI values being
reported to userspace.
Aloka Dixit [Tue, 8 Apr 2025 18:45:01 +0000 (11:45 -0700)]
wifi: ath12k: pass link_conf for tx_arvif retrieval
Three out of four callers to ath12k_mac_get_tx_arvif() have
link_conf pointer already set for other operations. Pass it
as a parameter. Modify ath12k_control_beaconing() to set
link_conf first.
Ramasamy Kaliappan [Thu, 27 Mar 2025 05:13:20 +0000 (10:43 +0530)]
wifi: ath12k: update EMLSR capabilities of ML Station
When EMLSR operation is enabled for an ML Station, EMLSR transition
timeout, padding delay and transition delay should be updated to
Firmware. Above parameters will be used by Firmware to do EMLSR operation
such as sending EML operation mode notification frame, initial control
frame etc.
Obtain above parameters from EML capabilities information present in
ieee80211_sta object and update the same to Firmware in peer assoc WMI
command sent for ML station.
MLO is not enabled in WCN7850 and hence this change is not applicable to
it as of now. This can be a leverage once it is enabled in future.
wifi: ath12k: Prevent multicast duplication for dynamic VLAN
Since dynamic VLAN traffic is software encrypted and encapsulated,
mac80211 handles the duplication on each link for MLO dynamic VLAN
multicast.
Currently in ath12k_mac_op_tx(), all multicast frames are duplicated
and are assigned a mcbc_gsn. This is causing dynamic VLAN multicast
traffic to be dropped in hardware.
Prevent dynamic VLAN multicast traffic from being duplicated again in
the driver. Check if incoming packet is a dynamic VLAN packet and
avoid defaulting to multicast conditional.
wifi: ath12k: Enable AST index based address search in Station Mode
Currently, TCL performs the TX address search for each entry during
transmission, which may lead to packet delays.
To mitigate this issue, enable AST index-based address search during
transmission in station mode. This AST index-based search is not
enabled in AP mode due to the complexity involved in fetching peer
information.
Implement changes to retrieve the offset of ast_idx/ast_hash values
from the PEER_MAP3 event, update the vdev search type to ADDRX, and
enable AST lookup in the bank configuration.
Kang Yang [Mon, 21 Apr 2025 02:34:43 +0000 (10:34 +0800)]
wifi: ath12k: use different packet offset for WCN7850
In ath12k_dp_mon_rx_merg_msdus(), will set packet offset to 8. This is a
right value for QCN9274.
But WCN7850 use different hardware rings for monitor mode because it
doesn't have RX MON component. So the packet offset is different. With
current offset, upper-layer application will failed to parse the payload
correctly.
Should use different value for those who don't have RX MON component.
Kang Yang [Mon, 21 Apr 2025 02:34:41 +0000 (10:34 +0800)]
wifi: ath12k: add support to reap and process mon dest ring
WCN7850 uses error dst ring as mon dest ring. Each time hardware
receives a packet, will fill the payload into mon dest ring.
The mon dest ring may store many MSDUs, which belonged to different
MPDUs. Need to retrieve MSDUs based on the PPDU ID, only processing the
MSDUs with same PPDU ID each time.
The PPDU ID is used in cycles, the difference between the PPDU IDs
of the two rings must be checked. If the status PPDU ID minus the
dest PPDU ID is greater than 20000, it is considered a wrap-around
case.
After reaping the mon dest ring, should prepare packet and deliver it to
mac80211 when status PPDU ID is equal to dest PPDU ID. Then start to
process next PPDU if exists.
But if dest PPDU ID > status PPDU ID, should hold on to mon dest ring
processing. If it exceeds 16 consecutive times, status PPDU ID will be
forcibly set to dest PPDU ID to avoid backpressure issue.
Kang Yang [Mon, 21 Apr 2025 02:34:40 +0000 (10:34 +0800)]
wifi: ath12k: use ath12k_buffer_addr in ath12k_dp_rx_link_desc_return()
Currently, ath12k_dp_rx_link_desc_return() takes struct
hal_reo_dest_ring as its second input. This struct is converted to
struct hal_wbm_release_ring and passed into
ath12k_hal_rx_msdu_link_desc_set(), where it is converted again.
This double conversion is both strange and inefficient.
In ath12k_hal_rx_msdu_link_desc_set(), only buf_addr_info is actually
used. To simplify the code and improve readability, directly passes
buf_addr_info when calling ath12k_dp_rx_link_desc_return().
Kang Yang [Mon, 21 Apr 2025 02:34:38 +0000 (10:34 +0800)]
wifi: ath12k: add support to reap and process monitor status ring
WCN7850 uses monitor status ring to store status buffer. Status buffer
contains many TLVs such as MPDU START/END. From these TLVs, can get
necessary information about related payload, such as PPDU ID.
Add helper function to reap status buffer from monitor status ring so
that can parse TLVs later by ath12k_dp_mon_parse_rx_dest().
Kang Yang [Mon, 21 Apr 2025 02:34:36 +0000 (10:34 +0800)]
wifi: ath12k: add interrupt configuration for mon status ring
The monitor mode design is:
1. Hardware captures packets on the air.
2. Hardware stores the packets into related rings.
3. When the ring buffer reaches the interrupt threshold, it triggers
the interrupt.
4. Reap and process the ring buffer in ath12k_dp_service_srng().
Here the interrupt thresholds are intr_timer_thres_us, low_threshold and
intr_batch_cntr_thres_entries. An interrupt will be triggered once:
1. Number of packets in the ring reaches intr_batch_cntr_thres_entries.
2. Number of packets in the ring reaches low_threshold(by timer).
3. Timer reaches intr_timer_thres_us.
So, add interrupt configuration for the mon status ring, then start
to process ring buffers when the interrupt arrives.
Kang Yang [Mon, 21 Apr 2025 02:34:35 +0000 (10:34 +0800)]
wifi: ath12k: add ring config for monitor mode on WCN7850
For WCN7850, it doesn't have an RX MON component(RX MON dest ring and
RX MON buffer ring). So it can only reuse the mon status ring, RX
refill ring, and error dst ring for monitor mode.
Every time the hardware captures a packet, it will store status
information into the status ring and store the MSDU payload buffer
address into the error dst ring. When host reaps the MSDU payload and
consumes a buffer, it will replenish the RX refill ring to indicate a
new buffer.
The configuration of the error dst/RX ring already exists. But there is
no configuration for mon status ring. So add ring configuration for it.
Kang Yang [Mon, 21 Apr 2025 02:34:32 +0000 (10:34 +0800)]
wifi: ath12k: parse msdu_end tlv in ath12k_dp_mon_rx_parse_status_tlv()
Currently, error bitmap and decap format are parsed in
ath12k_dp_mon_parse_rx_dest_tlv(). Then stored into dp_rx_mon_mpdu_list.
ath12k_dp_mon_parse_rx_dest_tlv() and dp_rx_mon_mpdu_list are only used
by QCN9274.
For WCN7850, error bitmap and decap format are also needed. So need to
parse MSDU END TLV in ath12k_dp_mon_rx_parse_status_tlv(), this is the
common function for WCN7850 and QCN9274. Then store error bitmap and
decap format so that QCN9274 can fetch them when processing MSDU payload.
Lingbo Kong [Fri, 18 Apr 2025 06:40:08 +0000 (14:40 +0800)]
wifi: ath12k: Abort scan before removing link interface to prevent duplicate deletion
Currently, when ath12k performs the remove link interface operation, if
there is an ongoing scan operation on the arvif, ath12k may execute the
remove link interface operation multiple times on the same arvif. This
occurs because, during the remove link operation, if a scan operation is
present on the arvif, ath12k may receive a WMI_SCAN_EVENT_COMPLETED event
from the firmware. Upon receiving this event, ath12k will continue to
execute the ath12k_scan_vdev_clean_work() function, performing the remove
link interface operation on the same arvif again.
To address this issue, before executing the remove link interface
operation, ath12k needs to check if there is an ongoing scan operation on
the current arvif. If such an operation exists, it should be aborted.
Signed-off-by: Lingbo Kong <quic_lingbok@quicinc.com> Tested-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com> Link: https://patch.msgid.link/20250418064008.7172-1-quic_lingbok@quicinc.com Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
wifi: ath12k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz
When station is connected to a 6 GHz AP, there are 2 ways to configure the
power limit to firmware. The first way is to send 2 WMI commands
WMI_PDEV_PARAM_TXPOWER_LIMIT2G/WMI_PDEV_PARAM_TXPOWER_LIMIT5G to firmware,
the second way is to send WMI_VDEV_SET_TPC_POWER_CMDID to firmware which
includes more parameters for power control.
When firmware advertises WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT, it supports
WMI_VDEV_SET_TPC_POWER_CMDID, ath12k uses it to send more parameters to
firmware. As chanctx is needed to extract necessary info for this command,
save it beforehand in ath12k_mac_op_assign_vif_chanctx().
wifi: ath12k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID
Add the handler for WMI_VDEV_SET_TPC_POWER_CMDID, it is for 6 GHz band.
A subsequent patch will call this handler to send power parameters to
firmware.
wifi: ath12k: add parse of transmit power envelope element
The Transmit Power Envelope element conveys the local maximum transmit
power for various transmission bandwidths, this element is present in
various frames, e.g. beacon and probe response etc, transmitted by AP.
A station shall determine a local maximum transmit power from it.
wifi: ath12k: save power spectral density(PSD) of regulatory rule
Currently the power spectral density (PSD) report from firmware is ignored.
Since it is needed by cfg80211, report it in struct ieee80211_reg_rule such
that cfg80211 can use it.
wifi: ath12k: update regulatory rules when interface added
There are two power types for 6 GHz regulatory, one is AP, another is
client. The client power type is used for station interface, and AP
power type is used for AP/mesh point interface.
When firmware boots up, WMI_REG_CHAN_LIST_CC_EXT_EVENTID is sent from
firmware at an early stage, the interface mode is not decided at this
point, then ath12k select reg rules of AP type as default.
After interface created, ath12k needs to update reg rules to the exact
power type matching the interface type.
projects / users / jedix / linux-maple.git / log