From 36f002a3e36efd3370f5b6abfc157e7481ecb1e0 Mon Sep 17 00:00:00 2001 From: Aditya Kumar Singh Date: Fri, 24 Jan 2025 11:46:38 +0530 Subject: [PATCH] wifi: ath12k: prevent CSA counter to reach 0 and hit WARN_ON_ONCE Currently, when the driver receives a channel switch count WMI event from the firmware with a count greater than 1, it calls ieee80211_beacon_update_cntdwn(). If the beacon transmission fails, the event will be received again with the previous count value. In this scenario, the host decrements the mac80211 counter again, causing it to move ahead of the firmware counter. Ultimately, when the firmware count reaches 1, the mac80211 counter will reach zero, triggering a WARN_ON_ONCE(). Therefore, there is a need to check the count value in the event. Hence to fix this, maintain the current ongoing counter in arvif. If the count in the event does not match the expected value, silently discard the event. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Signed-off-by: Aditya Kumar Singh Link: https://patch.msgid.link/20250124-ath12k_mlo_csa-v2-4-420c42fcfecf@quicinc.com Signed-off-by: Jeff Johnson --- drivers/net/wireless/ath/ath12k/core.h | 2 ++ drivers/net/wireless/ath/ath12k/wmi.c | 19 ++++++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/core.h b/drivers/net/wireless/ath/ath12k/core.h index 28db100cfac06..407404e7abb75 100644 --- a/drivers/net/wireless/ath/ath12k/core.h +++ b/drivers/net/wireless/ath/ath12k/core.h @@ -301,6 +301,8 @@ struct ath12k_link_vif { u8 link_id; struct ath12k_vif *ahvif; struct ath12k_rekey_data rekey_data; + + u8 current_cntdown_counter; }; struct ath12k_vif { diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c index fdbb604e4fb09..b43ab621a74e0 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.c +++ b/drivers/net/wireless/ath/ath12k/wmi.c @@ -1973,6 +1973,7 @@ int ath12k_wmi_bcn_tmpl(struct ath12k_link_vif *arvif, cmd->ext_csa_switch_count_offset = cpu_to_le32(offs->cntdwn_counter_offs[1]); cmd->csa_event_bitmap = cpu_to_le32(0xFFFFFFFF); + arvif->current_cntdown_counter = bcn->data[offs->cntdwn_counter_offs[0]]; } cmd->buf_len = cpu_to_le32(bcn->len); @@ -7532,10 +7533,22 @@ ath12k_wmi_process_csa_switch_count_event(struct ath12k_base *ab, continue; /* Finish CSA when counter reaches zero */ - if (!current_switch_count) + if (!current_switch_count) { ieee80211_csa_finish(ahvif->vif, arvif->link_id); - else if (current_switch_count > 1) - ieee80211_beacon_update_cntdwn(ahvif->vif, arvif->link_id); + arvif->current_cntdown_counter = 0; + } else if (current_switch_count > 1) { + /* If the count in event is not what we expect, don't update the + * mac80211 count. Since during beacon Tx failure, count in the + * firmware will not decrement and this event will come with the + * previous count value again + */ + if (current_switch_count != arvif->current_cntdown_counter) + continue; + + arvif->current_cntdown_counter = + ieee80211_beacon_update_cntdwn(ahvif->vif, + arvif->link_id); + } } rcu_read_unlock(); } -- 2.50.1