From 5ae1fc4069578f50798f3372f36a3c13ee565b66 Mon Sep 17 00:00:00 2001 From: Kavita Kavita Date: Wed, 4 Jun 2025 16:27:56 +0530 Subject: [PATCH 01/16] wifi: cfg80211: Improve the documentation for NL80211_CMD_ASSOC_MLO_RECONF The existing documentation for the NL80211_CMD_ASSOC_MLO_RECONF does not clearly explain handling of link reconfiguration request results from the driver. Add documentation to explain that the command is used as an event to notify userspace about added links information, and that the existing NL80211_CMD_LINKS_REMOVED command is used to notify userspace about removed links information. Signed-off-by: Kavita Kavita Link: https://patch.msgid.link/20250604105757.2542-2-quic_kkavita@quicinc.com Signed-off-by: Johannes Berg --- include/uapi/linux/nl80211.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index e9ccf43fe3c6a..e53840d009d11 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -1330,7 +1330,11 @@ * TID to Link mapping for downlink/uplink traffic. * * @NL80211_CMD_ASSOC_MLO_RECONF: For a non-AP MLD station, request to - * add/remove links to/from the association. + * add/remove links to/from the association. To indicate link + * reconfiguration request results from the driver, this command is also + * used as an event to notify userspace about the added links information. + * For notifying the removed links information, the existing + * %NL80211_CMD_LINKS_REMOVED command is used. * * @NL80211_CMD_EPCS_CFG: EPCS configuration for a station. Used by userland to * control EPCS configuration. Used to notify userland on the current state -- 2.51.0 From 7c598c653ad465138ecc2fe64492633c541effef Mon Sep 17 00:00:00 2001 From: Kavita Kavita Date: Wed, 4 Jun 2025 16:27:57 +0530 Subject: [PATCH 02/16] wifi: cfg80211: Add support for link reconfiguration negotiation offload to driver In the case of SME-in-driver, the driver can internally choose to update the links based on the AP MLD recommendation and do link reconfiguration negotiation with AP MLD. (e.g., After the driver processing the BSS Transition Management request frame received from the AP MLD with Neighbor Report containing Multi-Link element with recommended links information chooses to do link reconfiguration negotiation with AP MLD). To support this, extend cfg80211_mlo_reconf_add_done() and NL80211_CMD_ASSOC_MLO_RECONF to indicate added links information for driver-initiated link reconfiguration requests. For removed links, the driver indicates links information using the NL80211_CMD_LINKS_REMOVED event for driver-initiated cases, the same as supplicant initiated cases. For the driver-initiated case, cfg80211 will receive link reconfiguration result asynchronously from driver so holding BSSes of the accepted add links is needed in the event path. Also, no need of unhold call for the rejected add link BSSes since there was no hold call happened previously. Once the supplicant receives the NL80211_CMD_ASSOC_MLO_RECONF event, it needs to process the information about newly added links and install per-link group keys (e.g., GTK/IGTK/BIGTK etc.). In case of the SME-in-driver, using a vendor interface etc. to notify the supplicant to initiate a link reconfiguration request and then supplicant sending command to the cfg80211 can lead to race conditions. The correct design to avoid this is that the driver indicates the cfg80211 directly with the results of the link reconfiguration negotiation. Signed-off-by: Kavita Kavita Link: https://patch.msgid.link/20250604105757.2542-3-quic_kkavita@quicinc.com Signed-off-by: Johannes Berg --- include/net/cfg80211.h | 6 ++++++ include/uapi/linux/nl80211.h | 6 +++++- net/wireless/mlme.c | 10 ++++++++-- net/wireless/trace.h | 10 ++++++---- 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 7719a90ab4d75..47b4235eea59e 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -9747,6 +9747,11 @@ void cfg80211_links_removed(struct net_device *dev, u16 link_mask); * struct cfg80211_mlo_reconf_done_data - MLO reconfiguration data * @buf: MLO Reconfiguration Response frame (header + body) * @len: length of the frame data + * @driver_initiated: Indicates whether the add links request is initiated by + * driver. This is set to true when the link reconfiguration request + * initiated by driver due to AP link recommendation requests + * (Ex: BTM (BSS Transition Management) request) handling offloaded to + * driver. * @added_links: BIT mask of links successfully added to the association * @links: per-link information indexed by link ID * @links.bss: the BSS that MLO reconfiguration was requested for, ownership of @@ -9759,6 +9764,7 @@ void cfg80211_links_removed(struct net_device *dev, u16 link_mask); struct cfg80211_mlo_reconf_done_data { const u8 *buf; size_t len; + bool driver_initiated; u16 added_links; struct { struct cfg80211_bss *bss; diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index e53840d009d11..a289014abe37d 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h @@ -1334,7 +1334,11 @@ * reconfiguration request results from the driver, this command is also * used as an event to notify userspace about the added links information. * For notifying the removed links information, the existing - * %NL80211_CMD_LINKS_REMOVED command is used. + * %NL80211_CMD_LINKS_REMOVED command is used. This command is also used to + * notify userspace about newly added links for the current connection in + * case of AP-initiated link recommendation requests, received via + * a BTM (BSS Transition Management) request or a link reconfig notify + * frame, where the driver handles the link recommendation offload. * * @NL80211_CMD_EPCS_CFG: EPCS configuration for a station. Used by userland to * control EPCS configuration. Used to notify userland on the current state diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index 05d44a4435189..29e1ce8aff42c 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c @@ -1331,7 +1331,8 @@ void cfg80211_mlo_reconf_add_done(struct net_device *dev, lockdep_assert_wiphy(wiphy); trace_cfg80211_mlo_reconf_add_done(dev, data->added_links, - data->buf, data->len); + data->buf, data->len, + data->driver_initiated); if (WARN_ON(!wdev->valid_links)) return; @@ -1361,11 +1362,16 @@ void cfg80211_mlo_reconf_add_done(struct net_device *dev, wdev->links[link_id].client.current_bss = bss_from_pub(bss); + if (data->driver_initiated) + cfg80211_hold_bss(bss_from_pub(bss)); + memcpy(wdev->links[link_id].addr, data->links[link_id].addr, ETH_ALEN); } else { - cfg80211_unhold_bss(bss_from_pub(bss)); + if (!data->driver_initiated) + cfg80211_unhold_bss(bss_from_pub(bss)); + cfg80211_put_bss(wiphy, bss); } } diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 4ed9fada4ec0e..61a5eca9c5137 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -4126,20 +4126,22 @@ TRACE_EVENT(cfg80211_links_removed, TRACE_EVENT(cfg80211_mlo_reconf_add_done, TP_PROTO(struct net_device *netdev, u16 link_mask, - const u8 *buf, size_t len), - TP_ARGS(netdev, link_mask, buf, len), + const u8 *buf, size_t len, bool driver_initiated), + TP_ARGS(netdev, link_mask, buf, len, driver_initiated), TP_STRUCT__entry( NETDEV_ENTRY __field(u16, link_mask) __dynamic_array(u8, buf, len) + __field(bool, driver_initiated) ), TP_fast_assign( NETDEV_ASSIGN; __entry->link_mask = link_mask; memcpy(__get_dynamic_array(buf), buf, len); + __entry->driver_initiated = driver_initiated; ), - TP_printk(NETDEV_PR_FMT ", link_mask:0x%x", - NETDEV_PR_ARG, __entry->link_mask) + TP_printk(NETDEV_PR_FMT ", link_mask:0x%x, driver_initiated:%d", + NETDEV_PR_ARG, __entry->link_mask, __entry->driver_initiated) ); TRACE_EVENT(rdev_assoc_ml_reconf, -- 2.51.0 From 84ff903bcb7bb19e9ddfe04f1b5b9e42cfb17e45 Mon Sep 17 00:00:00 2001 From: Yuesong Li Date: Thu, 12 Jun 2025 10:14:44 +0800 Subject: [PATCH 03/16] wifi: iwlegacy: convert to use secs_to_jiffies() Since secs_to_jiffies()(commit:b35108a51cf7) has been introduced, we can use it to avoid scaling the time to msec. Signed-off-by: Yuesong Li Acked-by: Stanislaw Gruszka Link: https://patch.msgid.link/20250612021446.3465972-1-liyuesong@vivo.com Signed-off-by: Johannes Berg --- drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/intel/iwlegacy/4965-mac.c b/drivers/net/wireless/intel/iwlegacy/4965-mac.c index e9e007b48645c..3588dec75ebdd 100644 --- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c +++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c @@ -1382,7 +1382,7 @@ il4965_hdl_stats(struct il_priv *il, struct il_rx_buf *rxb) * we get a thermal update even if the uCode doesn't give us one */ mod_timer(&il->stats_periodic, - jiffies + msecs_to_jiffies(recalib_seconds * 1000)); + jiffies + secs_to_jiffies(recalib_seconds)); if (unlikely(!test_bit(S_SCANNING, &il->status)) && (pkt->hdr.cmd == N_STATS)) { -- 2.51.0 From d39d462a397a2ae051cfb0f23380e1d1e001f17b Mon Sep 17 00:00:00 2001 From: Yuesong Li Date: Fri, 13 Jun 2025 18:26:24 +0800 Subject: [PATCH 04/16] wifi: ipw2x00: convert to use secs_to_jiffies Since secs_to_jiffies()(commit:b35108a51cf7) has been introduced, we can use it to avoid scaling the time to msec. Signed-off-by: Yuesong Li Link: https://patch.msgid.link/20250613102624.3077418-1-liyuesong@vivo.com Signed-off-by: Johannes Berg --- drivers/net/wireless/intel/ipw2x00/libipw_module.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/intel/ipw2x00/libipw_module.c b/drivers/net/wireless/intel/ipw2x00/libipw_module.c index 0a16127bfd68d..2ad085b1f4922 100644 --- a/drivers/net/wireless/intel/ipw2x00/libipw_module.c +++ b/drivers/net/wireless/intel/ipw2x00/libipw_module.c @@ -83,7 +83,7 @@ void libipw_networks_age(struct libipw_device *ieee, { struct libipw_network *network = NULL; unsigned long flags; - unsigned long age_jiffies = msecs_to_jiffies(age_secs * MSEC_PER_SEC); + unsigned long age_jiffies = secs_to_jiffies(age_secs); spin_lock_irqsave(&ieee->lock, flags); list_for_each_entry(network, &ieee->network_list, list) { -- 2.51.0 From 9410e28990e1b0d1df58ab4a03e08e77be163c1d Mon Sep 17 00:00:00 2001 From: Colin Ian King Date: Thu, 19 Jun 2025 09:25:54 +0100 Subject: [PATCH 05/16] wifi: brcmfmac: Make read-only array cfg_offset static const Don't populate the read-only array cfg_offset on the stack at run time, instead make it static const. Signed-off-by: Colin Ian King Acked-by: Arend van Spriel Link: https://patch.msgid.link/20250619082554.1834654-1-colin.i.king@gmail.com Signed-off-by: Johannes Berg --- .../broadcom/brcm80211/brcmfmac/pcie.c | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c index 8f97562811d7f..9747928a36509 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c @@ -654,17 +654,19 @@ brcmf_pcie_select_core(struct brcmf_pciedev_info *devinfo, u16 coreid) static void brcmf_pcie_reset_device(struct brcmf_pciedev_info *devinfo) { struct brcmf_core *core; - u16 cfg_offset[] = { BRCMF_PCIE_CFGREG_STATUS_CMD, - BRCMF_PCIE_CFGREG_PM_CSR, - BRCMF_PCIE_CFGREG_MSI_CAP, - BRCMF_PCIE_CFGREG_MSI_ADDR_L, - BRCMF_PCIE_CFGREG_MSI_ADDR_H, - BRCMF_PCIE_CFGREG_MSI_DATA, - BRCMF_PCIE_CFGREG_LINK_STATUS_CTRL2, - BRCMF_PCIE_CFGREG_RBAR_CTRL, - BRCMF_PCIE_CFGREG_PML1_SUB_CTRL1, - BRCMF_PCIE_CFGREG_REG_BAR2_CONFIG, - BRCMF_PCIE_CFGREG_REG_BAR3_CONFIG }; + static const u16 cfg_offset[] = { + BRCMF_PCIE_CFGREG_STATUS_CMD, + BRCMF_PCIE_CFGREG_PM_CSR, + BRCMF_PCIE_CFGREG_MSI_CAP, + BRCMF_PCIE_CFGREG_MSI_ADDR_L, + BRCMF_PCIE_CFGREG_MSI_ADDR_H, + BRCMF_PCIE_CFGREG_MSI_DATA, + BRCMF_PCIE_CFGREG_LINK_STATUS_CTRL2, + BRCMF_PCIE_CFGREG_RBAR_CTRL, + BRCMF_PCIE_CFGREG_PML1_SUB_CTRL1, + BRCMF_PCIE_CFGREG_REG_BAR2_CONFIG, + BRCMF_PCIE_CFGREG_REG_BAR3_CONFIG + }; u32 i; u32 val; u32 lsc; -- 2.51.0 From 757259db79fc6054780e07bb284f768b01cf8fa9 Mon Sep 17 00:00:00 2001 From: Bartosz Golaszewski Date: Tue, 10 Jun 2025 14:39:42 +0200 Subject: [PATCH 06/16] ssb: use new GPIO line value setter callbacks struct gpio_chip now has callbacks for setting line values that return an integer, allowing to indicate failures. Convert the driver to using them. Signed-off-by: Bartosz Golaszewski Link: https://patch.msgid.link/20250610-gpiochip-set-rv-ssb-v1-1-0bee5b45b411@linaro.org Signed-off-by: Johannes Berg --- drivers/ssb/driver_gpio.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/ssb/driver_gpio.c b/drivers/ssb/driver_gpio.c index f9426a5866536..14ad57954a662 100644 --- a/drivers/ssb/driver_gpio.c +++ b/drivers/ssb/driver_gpio.c @@ -45,12 +45,14 @@ static int ssb_gpio_chipco_get_value(struct gpio_chip *chip, unsigned int gpio) return !!ssb_chipco_gpio_in(&bus->chipco, 1 << gpio); } -static void ssb_gpio_chipco_set_value(struct gpio_chip *chip, unsigned int gpio, - int value) +static int ssb_gpio_chipco_set_value(struct gpio_chip *chip, unsigned int gpio, + int value) { struct ssb_bus *bus = gpiochip_get_data(chip); ssb_chipco_gpio_out(&bus->chipco, 1 << gpio, value ? 1 << gpio : 0); + + return 0; } static int ssb_gpio_chipco_direction_input(struct gpio_chip *chip, @@ -223,7 +225,7 @@ static int ssb_gpio_chipco_init(struct ssb_bus *bus) chip->request = ssb_gpio_chipco_request; chip->free = ssb_gpio_chipco_free; chip->get = ssb_gpio_chipco_get_value; - chip->set = ssb_gpio_chipco_set_value; + chip->set_rv = ssb_gpio_chipco_set_value; chip->direction_input = ssb_gpio_chipco_direction_input; chip->direction_output = ssb_gpio_chipco_direction_output; #if IS_ENABLED(CONFIG_SSB_EMBEDDED) -- 2.51.0 From 36670b67de18f1e5d34900c5d2ac60a8970c293c Mon Sep 17 00:00:00 2001 From: Rameshkumar Sundaram Date: Thu, 19 Jun 2025 00:26:35 +0530 Subject: [PATCH 07/16] wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces (vifs) and attempts to access the radio object (ar) via arvif->deflink->ar. However, after commit aa80f12f3bed ("wifi: ath12k: defer vdev creation for MLO"), arvif is linked to a radio only after vdev creation, typically when a channel is assigned or a scan is requested. For P2P capable devices, a default P2P interface is created by wpa_supplicant along with regular station interfaces, these serve as dummy interfaces for P2P-capable stations, lack an associated netdev and initiate frequent scans to discover neighbor p2p devices. When a scan is initiated on such P2P vifs, driver selects destination radio (ar) based on scan frequency, creates a scan vdev, and attaches arvif to the radio. Once the scan completes or is aborted, the scan vdev is deleted, detaching arvif from the radio and leaving arvif->ar uninitialized. While handling beacon miss for station interfaces, P2P interface is also encountered in the vif iteration and ath12k_mac_handle_beacon_miss_iter() tries to dereference the uninitialized arvif->deflink->ar. Fix this by verifying that vdev is created for the arvif before accessing its ar during beacon miss handling and similar vif iterator callbacks. ========================================================================== wlp6s0: detected beacon loss from AP (missed 7 beacons) - probing KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 5 UID: 0 PID: 0 Comm: swapper/5 Not tainted 6.16.0-rc1-wt-ath+ #2 PREEMPT(full) RIP: 0010:ath12k_mac_handle_beacon_miss_iter+0xb5/0x1a0 [ath12k] Call Trace: __iterate_interfaces+0x11a/0x410 [mac80211] ieee80211_iterate_active_interfaces_atomic+0x61/0x140 [mac80211] ath12k_mac_handle_beacon_miss+0xa1/0xf0 [ath12k] ath12k_roam_event+0x393/0x560 [ath12k] ath12k_wmi_op_rx+0x1486/0x28c0 [ath12k] ath12k_htc_process_trailer.isra.0+0x2fb/0x620 [ath12k] ath12k_htc_rx_completion_handler+0x448/0x830 [ath12k] ath12k_ce_recv_process_cb+0x549/0x9e0 [ath12k] ath12k_ce_per_engine_service+0xbe/0xf0 [ath12k] ath12k_pci_ce_workqueue+0x69/0x120 [ath12k] process_one_work+0xe3a/0x1430 Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00284.1-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Fixes: aa80f12f3bed ("wifi: ath12k: defer vdev creation for MLO") Signed-off-by: Rameshkumar Sundaram Reviewed-by: Vasanthakumar Thiagarajan Link: https://patch.msgid.link/20250618185635.750470-1-rameshkumar.sundaram@oss.qualcomm.com Signed-off-by: Jeff Johnson --- drivers/net/wireless/ath/ath12k/mac.c | 15 +++++++++------ drivers/net/wireless/ath/ath12k/p2p.c | 3 ++- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 59ec422992d30..5be7b79db3410 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -693,6 +693,9 @@ static void ath12k_get_arvif_iter(void *data, u8 *mac, if (WARN_ON(!arvif)) continue; + if (!arvif->is_created) + continue; + if (arvif->vdev_id == arvif_iter->vdev_id && arvif->ar == arvif_iter->ar) { arvif_iter->arvif = arvif; @@ -1755,7 +1758,7 @@ static void ath12k_mac_handle_beacon_iter(void *data, u8 *mac, struct ath12k_vif *ahvif = ath12k_vif_to_ahvif(vif); struct ath12k_link_vif *arvif = &ahvif->deflink; - if (vif->type != NL80211_IFTYPE_STATION) + if (vif->type != NL80211_IFTYPE_STATION || !arvif->is_created) return; if (!ether_addr_equal(mgmt->bssid, vif->bss_conf.bssid)) @@ -1778,16 +1781,16 @@ static void ath12k_mac_handle_beacon_miss_iter(void *data, u8 *mac, u32 *vdev_id = data; struct ath12k_vif *ahvif = ath12k_vif_to_ahvif(vif); struct ath12k_link_vif *arvif = &ahvif->deflink; - struct ath12k *ar = arvif->ar; - struct ieee80211_hw *hw = ath12k_ar_to_hw(ar); + struct ieee80211_hw *hw; - if (arvif->vdev_id != *vdev_id) + if (!arvif->is_created || arvif->vdev_id != *vdev_id) return; if (!arvif->is_up) return; ieee80211_beacon_loss(vif); + hw = ath12k_ar_to_hw(arvif->ar); /* Firmware doesn't report beacon loss events repeatedly. If AP probe * (done by mac80211) succeeds but beacons do not resume then it @@ -9818,7 +9821,7 @@ ath12k_mac_change_chanctx_cnt_iter(void *data, u8 *mac, if (WARN_ON(!arvif)) continue; - if (arvif->ar != arg->ar) + if (!arvif->is_created || arvif->ar != arg->ar) continue; link_conf = wiphy_dereference(ahvif->ah->hw->wiphy, @@ -9853,7 +9856,7 @@ ath12k_mac_change_chanctx_fill_iter(void *data, u8 *mac, if (WARN_ON(!arvif)) continue; - if (arvif->ar != arg->ar) + if (!arvif->is_created || arvif->ar != arg->ar) continue; link_conf = wiphy_dereference(ahvif->ah->hw->wiphy, diff --git a/drivers/net/wireless/ath/ath12k/p2p.c b/drivers/net/wireless/ath/ath12k/p2p.c index 84cccf7d91e72..59589748f1a8c 100644 --- a/drivers/net/wireless/ath/ath12k/p2p.c +++ b/drivers/net/wireless/ath/ath12k/p2p.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: BSD-3-Clause-Clear /* * Copyright (c) 2024 Qualcomm Innovation Center, Inc. All rights reserved. + * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. */ #include @@ -124,7 +125,7 @@ static void ath12k_p2p_noa_update_vdev_iter(void *data, u8 *mac, WARN_ON(!rcu_read_lock_any_held()); arvif = &ahvif->deflink; - if (arvif->ar != arg->ar || arvif->vdev_id != arg->vdev_id) + if (!arvif->is_created || arvif->ar != arg->ar || arvif->vdev_id != arg->vdev_id) return; ath12k_p2p_noa_update(arvif, arg->noa); -- 2.51.0 From 0f9842b0b0e58173ae0d4f9838e4d9375b29a38b Mon Sep 17 00:00:00 2001 From: Karthik M Date: Tue, 6 May 2025 14:49:30 -0700 Subject: [PATCH 08/16] wifi: ath12k: disable pdev for non supported country In MLO configuration, ath12k_mac_radio_start() iterates through all the radios and makes the ar state 'ON'. Even though some bands are not supported in certain countries, ath12k_reg_update_chan_list() tries to update the channel list for all the active pdevs and ends up in the warn_on for non-supported band. To prevent this, disable the pdev when the number of channels across all bands supported by the pdev is zero for a particular country. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Signed-off-by: Karthik M Signed-off-by: Muna Sinada Reviewed-by: Vasanthakumar Thiagarajan Link: https://patch.msgid.link/20250506214930.3561348-1-muna.sinada@oss.qualcomm.com Signed-off-by: Jeff Johnson --- drivers/net/wireless/ath/ath12k/mac.c | 12 +++++++++++- drivers/net/wireless/ath/ath12k/reg.c | 7 +++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 5be7b79db3410..1077b19a89c9c 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -8117,7 +8117,17 @@ static int ath12k_mac_start(struct ath12k *ar) /* TODO: Do we need to enable ANI? */ - ath12k_reg_update_chan_list(ar, false); + ret = ath12k_reg_update_chan_list(ar, false); + + /* The ar state alone can be turned off for non supported country + * without returning the error value. As we need to update the channel + * for the next ar. + */ + if (ret) { + if (ret == -EINVAL) + ret = 0; + goto err; + } ar->num_started_vdevs = 0; ar->num_created_vdevs = 0; diff --git a/drivers/net/wireless/ath/ath12k/reg.c b/drivers/net/wireless/ath/ath12k/reg.c index 2598b39d5d7ee..28bb26d2dd82a 100644 --- a/drivers/net/wireless/ath/ath12k/reg.c +++ b/drivers/net/wireless/ath/ath12k/reg.c @@ -65,7 +65,7 @@ ath12k_reg_notifier(struct wiphy *wiphy, struct regulatory_request *request) for_each_ar(ah, ar, i) { ret = ath12k_reg_update_chan_list(ar, true); - if (ret) { + if (ret && ret != -EINVAL) { ath12k_warn(ar->ab, "failed to update chan list for pdev %u, ret %d\n", i, ret); @@ -181,8 +181,11 @@ int ath12k_reg_update_chan_list(struct ath12k *ar, bool wait) } } - if (WARN_ON(!num_channels)) + if (!num_channels) { + ath12k_dbg(ar->ab, ATH12K_DBG_REG, + "pdev is not supported for this country\n"); return -EINVAL; + } arg = kzalloc(struct_size(arg, channel, num_channels), GFP_KERNEL); -- 2.51.0 From 14c7d7eac1bfc29917acedb894e09dae6c00a014 Mon Sep 17 00:00:00 2001 From: Rameshkumar Sundaram Date: Thu, 8 May 2025 01:18:31 +0530 Subject: [PATCH 09/16] wifi: ath12k: Prepare ahvif scan link for parallel scan When two split-phy devices that support overlapping frequency ranges within the same band(say 5 GHz low and 5 GHz high) are grouped into an ath12k hardware (HW) setup, they share a common wiphy instance. Consequently, the channel list (wiphy->bands[]) becomes unified across all associated radios (ar). When a scan is triggered with frequency list containing frequencies of both 5 GHz low and 5 GHz high, mac80211 generates a single scan request to driver with all the frequencies. This is because mac80211 splits the scan request based on band. ath12k checks the first frequency in the requested scan frequency list and initiates scan to corresponding radio's(ar) firmware with all the frequencies. Firmware rejects this scan since some of the frequencies in the scan request are not supported, resulting in a scan failure. To fix this ath12k driver should split the scan request into multiple scans based on requested frequencies and schedule them to corresponding underlying radio(s) in parallel. Currently, ath12k driver assigns the scan link (link 15) in ahvif->links[] for scan vdev creation. However, with parallel scan support being introduced in the following patch, multiple radios (e.g., 5 GHz low and 5 GHz high) in the same HW group may attempt to use the same scan link concurrently, causing conflicts where the vdev created by one radio could be deleted and re-initialized by another. To address this, reserve space for additional scan links for each radio in a MLO group and allow subsequent radios to use different available scan links (ahvif->link[15..MAX_SCAN_LINKS]) when scan link (15) is pre-occupied. While at it, rename ATH12K_DEFAULT_SCAN_LINK as ATH12K_FIRST_SCAN_LINK as there is no longer only one scan link. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 Signed-off-by: Rameshkumar Sundaram Reviewed-by: Mahendran P Link: https://patch.msgid.link/20250507194832.2501668-2-rameshkumar.sundaram@oss.qualcomm.com Signed-off-by: Jeff Johnson --- drivers/net/wireless/ath/ath12k/core.h | 2 +- drivers/net/wireless/ath/ath12k/mac.c | 49 +++++++++++++++++++------- drivers/net/wireless/ath/ath12k/mac.h | 7 ++-- 3 files changed, 42 insertions(+), 16 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/core.h b/drivers/net/wireless/ath/ath12k/core.h index 7bcd9c70309fd..9021e44e17e5a 100644 --- a/drivers/net/wireless/ath/ath12k/core.h +++ b/drivers/net/wireless/ath/ath12k/core.h @@ -380,7 +380,7 @@ struct ath12k_vif { struct ath12k_link_vif __rcu *link[ATH12K_NUM_MAX_LINKS]; struct ath12k_vif_cache *cache[IEEE80211_MLD_MAX_NUM_LINKS]; /* indicates bitmap of link vif created in FW */ - u16 links_map; + u32 links_map; u8 last_scan_link; /* Must be last - ends in a flexible-array member. diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 1077b19a89c9c..d6bd54e48521c 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -3499,7 +3499,7 @@ static struct ath12k_link_vif *ath12k_mac_assign_link_vif(struct ath12k_hw *ah, /* If this is the first link arvif being created for an ML VIF * use the preallocated deflink memory except for scan arvifs */ - if (!ahvif->links_map && link_id != ATH12K_DEFAULT_SCAN_LINK) { + if (!ahvif->links_map && link_id < ATH12K_FIRST_SCAN_LINK) { arvif = &ahvif->deflink; if (vif->type == NL80211_IFTYPE_STATION) @@ -4491,11 +4491,12 @@ ath12k_mac_find_link_id_by_ar(struct ath12k_vif *ahvif, struct ath12k *ar) struct ath12k_link_vif *arvif; struct ath12k_hw *ah = ahvif->ah; unsigned long links = ahvif->links_map; + unsigned long scan_links_map; u8 link_id; lockdep_assert_wiphy(ah->hw->wiphy); - for_each_set_bit(link_id, &links, IEEE80211_MLD_MAX_NUM_LINKS) { + for_each_set_bit(link_id, &links, ATH12K_NUM_MAX_LINKS) { arvif = wiphy_dereference(ah->hw->wiphy, ahvif->link[link_id]); if (!arvif || !arvif->is_created) @@ -4505,10 +4506,20 @@ ath12k_mac_find_link_id_by_ar(struct ath12k_vif *ahvif, struct ath12k *ar) return link_id; } - /* input ar is not assigned to any of the links of ML VIF, use scan - * link (15) for scan vdev creation. + /* input ar is not assigned to any of the links of ML VIF, use next + * available scan link for scan vdev creation. There are cases where + * single scan req needs to be split in driver and initiate separate + * scan requests to firmware based on device. */ - return ATH12K_DEFAULT_SCAN_LINK; + + /* Unset all non-scan links (0-14) of scan_links_map so that ffs() will + * choose an available link among scan links (i.e link id >= 15) + */ + scan_links_map = ~ahvif->links_map & ATH12K_SCAN_LINKS_MASK; + if (scan_links_map) + return __ffs(scan_links_map); + + return ATH12K_FIRST_SCAN_LINK; } static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw, @@ -4539,9 +4550,16 @@ static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw, /* check if any of the links of ML VIF is already started on * radio(ar) corresponding to given scan frequency and use it, - * if not use scan link (link 15) for scan purpose. + * if not use scan link (link id >= 15) for scan purpose. */ link_id = ath12k_mac_find_link_id_by_ar(ahvif, ar); + /* All scan links are occupied. ideally this shouldn't happen as + * mac80211 won't schedule scan for same band until ongoing scan is + * completed, don't try to exceed max links just in case if it happens. + */ + if (link_id >= ATH12K_NUM_MAX_LINKS) + return -EBUSY; + arvif = ath12k_mac_assign_link_vif(ah, vif, link_id); ath12k_dbg(ar->ab, ATH12K_DBG_MAC, "mac link ID %d selected for scan", @@ -9068,7 +9086,8 @@ static struct ath12k *ath12k_mac_assign_vif_to_vdev(struct ieee80211_hw *hw, struct ath12k_hw *ah = hw->priv; struct ath12k *ar; struct ath12k_base *ab; - u8 link_id = arvif->link_id; + u8 link_id = arvif->link_id, scan_link_id; + unsigned long scan_link_map; int ret; lockdep_assert_wiphy(hw->wiphy); @@ -9087,12 +9106,16 @@ static struct ath12k *ath12k_mac_assign_vif_to_vdev(struct ieee80211_hw *hw, * and now we want to create for actual usage. */ if (ieee80211_vif_is_mld(vif)) { - scan_arvif = wiphy_dereference(hw->wiphy, - ahvif->link[ATH12K_DEFAULT_SCAN_LINK]); - if (scan_arvif && scan_arvif->ar == ar) { - ar->scan.arvif = NULL; - ath12k_mac_remove_link_interface(hw, scan_arvif); - ath12k_mac_unassign_link_vif(scan_arvif); + scan_link_map = ahvif->links_map & ATH12K_SCAN_LINKS_MASK; + for_each_set_bit(scan_link_id, &scan_link_map, ATH12K_NUM_MAX_LINKS) { + scan_arvif = wiphy_dereference(hw->wiphy, + ahvif->link[scan_link_id]); + if (scan_arvif && scan_arvif->ar == ar) { + ar->scan.arvif = NULL; + ath12k_mac_remove_link_interface(hw, scan_arvif); + ath12k_mac_unassign_link_vif(scan_arvif); + break; + } } } diff --git a/drivers/net/wireless/ath/ath12k/mac.h b/drivers/net/wireless/ath/ath12k/mac.h index cc81b1f5680f4..473611bfccdc3 100644 --- a/drivers/net/wireless/ath/ath12k/mac.h +++ b/drivers/net/wireless/ath/ath12k/mac.h @@ -51,8 +51,11 @@ struct ath12k_generic_iter { /* Default link after the IEEE802.11 defined Max link id limit * for driver usage purpose. */ -#define ATH12K_DEFAULT_SCAN_LINK IEEE80211_MLD_MAX_NUM_LINKS -#define ATH12K_NUM_MAX_LINKS (IEEE80211_MLD_MAX_NUM_LINKS + 1) +#define ATH12K_FIRST_SCAN_LINK IEEE80211_MLD_MAX_NUM_LINKS +#define ATH12K_SCAN_MAX_LINKS ATH12K_GROUP_MAX_RADIO +/* Define 1 scan link for each radio for parallel scan purposes */ +#define ATH12K_NUM_MAX_LINKS (IEEE80211_MLD_MAX_NUM_LINKS + ATH12K_SCAN_MAX_LINKS) +#define ATH12K_SCAN_LINKS_MASK GENMASK(ATH12K_NUM_MAX_LINKS, IEEE80211_MLD_MAX_NUM_LINKS) #define ATH12K_NUM_MAX_ACTIVE_LINKS_PER_DEVICE 2 -- 2.51.0 From feed05f1526e81677f508b026fd2d66d178f65f8 Mon Sep 17 00:00:00 2001 From: Rameshkumar Sundaram Date: Thu, 8 May 2025 01:18:32 +0530 Subject: [PATCH 10/16] wifi: ath12k: Split scan request for split band device When two split-phy devices having supported frequency range in same band (as mentioned below) are combined into an ath12k HW group, they will be part of same wiphy and hence the channel list (wiphy->bands[]) will be common for all of the radios (ar). 1 - 2.4 GHz + 5 GHz Low band 2 - 5 GHz High band + 6 GHz When a scan is triggered with frequency list containing frequencies of both 5 GHz low and 5 GHz high, mac80211 generates a single scan request to driver with both the frequencies. This is because mac80211 splits the scan request based on band. ath12k checks the first frequency in the requested scan frequency list and initiates scan to corresponding radio's(ar) firmware with all the frequencies. Firmware rejects this scan as some frequencies in the scan request are not supported, resulting is scan failure. Fix this by splitting the scan request into multiples scans in driver based on the supported frequency range of different radios in a band and schedule scans in parallel to them. Finally send scan completion/abort notification to mac80211 after all the radios complete their scheduled scan. Also, last_scan_link is not needed anymore as ath12k internally schedules multiple scans, remove the same and use ahvif->links_map to identify scan links when scan is cancelled. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 Co-developed-by: Vignesh C Signed-off-by: Vignesh C Signed-off-by: Rameshkumar Sundaram Reviewed-by: Mahendran P Link: https://patch.msgid.link/20250507194832.2501668-3-rameshkumar.sundaram@oss.qualcomm.com Signed-off-by: Jeff Johnson --- drivers/net/wireless/ath/ath12k/core.h | 2 - drivers/net/wireless/ath/ath12k/mac.c | 148 ++++++++++++++++++++----- 2 files changed, 118 insertions(+), 32 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/core.h b/drivers/net/wireless/ath/ath12k/core.h index 9021e44e17e5a..6b5e6fab9cccc 100644 --- a/drivers/net/wireless/ath/ath12k/core.h +++ b/drivers/net/wireless/ath/ath12k/core.h @@ -381,8 +381,6 @@ struct ath12k_vif { struct ath12k_vif_cache *cache[IEEE80211_MLD_MAX_NUM_LINKS]; /* indicates bitmap of link vif created in FW */ u32 links_map; - u8 last_scan_link; - /* Must be last - ends in a flexible-array member. * * FIXME: Driver should not copy struct ieee80211_chanctx_conf, diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index d6bd54e48521c..302ad6da48f48 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -4277,6 +4277,23 @@ static void ath12k_scan_timeout_work(struct work_struct *work) wiphy_unlock(ath12k_ar_to_hw(ar)->wiphy); } +static void ath12k_mac_scan_send_complete(struct ath12k *ar, + struct cfg80211_scan_info *info) +{ + struct ath12k_hw *ah = ar->ah; + struct ath12k *partner_ar; + int i; + + lockdep_assert_wiphy(ah->hw->wiphy); + + for_each_ar(ah, partner_ar, i) + if (partner_ar != ar && + partner_ar->scan.state == ATH12K_SCAN_RUNNING) + return; + + ieee80211_scan_completed(ah->hw, info); +} + static void ath12k_scan_vdev_clean_work(struct wiphy *wiphy, struct wiphy_work *work) { struct ath12k *ar = container_of(work, struct ath12k, @@ -4315,7 +4332,7 @@ work_complete: ATH12K_SCAN_STARTING)), }; - ieee80211_scan_completed(ar->ah->hw, &info); + ath12k_mac_scan_send_complete(ar, &info); } ar->scan.state = ATH12K_SCAN_IDLE; @@ -4522,12 +4539,14 @@ ath12k_mac_find_link_id_by_ar(struct ath12k_vif *ahvif, struct ath12k *ar) return ATH12K_FIRST_SCAN_LINK; } -static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw, - struct ieee80211_vif *vif, - struct ieee80211_scan_request *hw_req) +static int ath12k_mac_initiate_hw_scan(struct ieee80211_hw *hw, + struct ieee80211_vif *vif, + struct ieee80211_scan_request *hw_req, + int n_channels, + struct ieee80211_channel **chan_list, + struct ath12k *ar) { struct ath12k_hw *ah = ath12k_hw_to_ah(hw); - struct ath12k *ar; struct ath12k_vif *ahvif = ath12k_vif_to_ahvif(vif); struct ath12k_link_vif *arvif; struct cfg80211_scan_request *req = &hw_req->req; @@ -4541,13 +4560,6 @@ static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw, arvif = &ahvif->deflink; - /* Since the targeted scan device could depend on the frequency - * requested in the hw_req, select the corresponding radio - */ - ar = ath12k_mac_select_scan_device(hw, vif, hw_req->req.channels[0]->center_freq); - if (!ar) - return -EINVAL; - /* check if any of the links of ML VIF is already started on * radio(ar) corresponding to given scan frequency and use it, * if not use scan link (link id >= 15) for scan purpose. @@ -4650,8 +4662,8 @@ static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw, arg->scan_f_passive = 1; } - if (req->n_channels) { - arg->num_chan = req->n_channels; + if (n_channels) { + arg->num_chan = n_channels; arg->chan_list = kcalloc(arg->num_chan, sizeof(*arg->chan_list), GFP_KERNEL); if (!arg->chan_list) { @@ -4660,7 +4672,7 @@ static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw, } for (i = 0; i < arg->num_chan; i++) - arg->chan_list[i] = req->channels[i]->center_freq; + arg->chan_list[i] = chan_list[i]->center_freq; } ret = ath12k_start_scan(ar, arg); @@ -4679,13 +4691,6 @@ static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw, ath12k_dbg(ar->ab, ATH12K_DBG_MAC, "mac scan started"); - /* As per cfg80211/mac80211 scan design, it allows only one - * scan at a time. Hence last_scan link id is used for - * tracking the link id on which the scan is been done on - * this vif. - */ - ahvif->last_scan_link = arvif->link_id; - /* Add a margin to account for event/command processing */ ieee80211_queue_delayed_work(ath12k_ar_to_hw(ar), &ar->scan.timeout, msecs_to_jiffies(arg->max_scan_time + @@ -4706,25 +4711,108 @@ exit: return ret; } +static int ath12k_mac_op_hw_scan(struct ieee80211_hw *hw, + struct ieee80211_vif *vif, + struct ieee80211_scan_request *hw_req) +{ + struct ath12k_vif *ahvif = ath12k_vif_to_ahvif(vif); + struct ieee80211_channel **chan_list, *chan; + struct ath12k_hw *ah = ath12k_hw_to_ah(hw); + unsigned long links_map, link_id; + struct ath12k_link_vif *arvif; + struct ath12k *ar, *scan_ar; + int i, j, ret = 0; + + lockdep_assert_wiphy(hw->wiphy); + + chan_list = kcalloc(hw_req->req.n_channels, sizeof(*chan_list), GFP_KERNEL); + if (!chan_list) + return -ENOMEM; + + /* There could be channels that belong to multiple underlying radio + * in same scan request as mac80211 sees it as single band. In that + * case split the hw_req based on frequency range and schedule scans to + * corresponding radio. + */ + for_each_ar(ah, ar, i) { + int n_chans = 0; + + for (j = 0; j < hw_req->req.n_channels; j++) { + chan = hw_req->req.channels[j]; + scan_ar = ath12k_mac_select_scan_device(hw, vif, + chan->center_freq); + if (!scan_ar) { + ath12k_hw_warn(ah, "unable to select scan device for freq %d\n", + chan->center_freq); + ret = -EINVAL; + goto abort; + } + if (ar != scan_ar) + continue; + + chan_list[n_chans++] = chan; + } + if (n_chans) { + ret = ath12k_mac_initiate_hw_scan(hw, vif, hw_req, n_chans, + chan_list, ar); + if (ret) + goto abort; + } + } +abort: + /* If any of the parallel scans initiated fails, abort all and + * remove the scan interfaces created. Return complete scan + * failure as mac80211 assumes this as single scan request. + */ + if (ret) { + ath12k_hw_warn(ah, "Scan failed %d , cleanup all scan vdevs\n", ret); + links_map = ahvif->links_map; + for_each_set_bit(link_id, &links_map, ATH12K_NUM_MAX_LINKS) { + arvif = wiphy_dereference(hw->wiphy, ahvif->link[link_id]); + if (!arvif) + continue; + + ar = arvif->ar; + if (ar->scan.arvif == arvif) { + wiphy_work_cancel(hw->wiphy, &ar->scan.vdev_clean_wk); + spin_lock_bh(&ar->data_lock); + ar->scan.arvif = NULL; + ar->scan.state = ATH12K_SCAN_IDLE; + ar->scan_channel = NULL; + ar->scan.roc_freq = 0; + spin_unlock_bh(&ar->data_lock); + } + if (link_id >= ATH12K_FIRST_SCAN_LINK) { + ath12k_mac_remove_link_interface(hw, arvif); + ath12k_mac_unassign_link_vif(arvif); + } + } + } + kfree(chan_list); + return ret; +} + static void ath12k_mac_op_cancel_hw_scan(struct ieee80211_hw *hw, struct ieee80211_vif *vif) { struct ath12k_vif *ahvif = ath12k_vif_to_ahvif(vif); - u16 link_id = ahvif->last_scan_link; + unsigned long link_id, links_map = ahvif->links_map; struct ath12k_link_vif *arvif; struct ath12k *ar; lockdep_assert_wiphy(hw->wiphy); - arvif = wiphy_dereference(hw->wiphy, ahvif->link[link_id]); - if (!arvif || arvif->is_started) - return; + for_each_set_bit(link_id, &links_map, ATH12K_NUM_MAX_LINKS) { + arvif = wiphy_dereference(hw->wiphy, ahvif->link[link_id]); + if (!arvif || arvif->is_started) + continue; - ar = arvif->ar; + ar = arvif->ar; - ath12k_scan_abort(ar); + ath12k_scan_abort(ar); - cancel_delayed_work_sync(&ar->scan.timeout); + cancel_delayed_work_sync(&ar->scan.timeout); + } } static int ath12k_install_key(struct ath12k_link_vif *arvif, @@ -9350,7 +9438,7 @@ static void ath12k_mac_op_remove_interface(struct ieee80211_hw *hw, .aborted = true, }; - ieee80211_scan_completed(ar->ah->hw, &info); + ath12k_mac_scan_send_complete(ar, &info); } ar->scan.state = ATH12K_SCAN_IDLE; -- 2.51.0 From acc152f9be205d76771f8156002d55c3fcd21252 Mon Sep 17 00:00:00 2001 From: Rameshkumar Sundaram Date: Thu, 22 May 2025 16:45:14 +0530 Subject: [PATCH 11/16] wifi: ath12k: combine channel list for split-phy devices in single-wiphy When two split-phy devices that support overlapping frequency ranges within the same band are grouped into an ath12k hardware (HW) setup, they share a common wiphy instance. Consequently, the channel list (wiphy->bands[]) becomes unified across all associated radios (ar). For reference, the devices are: 2.4 GHz + 5 GHz Low Band 5 GHz High Band + 6 GHz The first radio probed within the 5 GHz range (say 5 GHz Low Band) updates its sband reference (&ar->mac.sbands[NL80211_BAND_5GHZ]) within wiphy->bands[]. However, when the second 5 GHz radio (5 GHz High Band) is probed, it replaces the existing wiphy->bands[] entry with its own sub-band reference. As a result, wiphy->bands[] always reflects the channel list from the most recently probed radio in that band, restricting supported channels to those within its specific range for upper-layer. Fix this by updating the wiphy->bands[] to just enable the channels of current radio when there exist a radio which already has set it. This will make sure wiphy->bands[] holds reference of first radio which got probed in 5 GHz band and subsequent radio just updates the channel list in the same address space. Since same sband memory space is shared between radios of a band, while determining the allowed frequency range of radio, its frequency limits (ar->freq_range.start_freq, end_freq) should be used. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00284-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1 Signed-off-by: Rameshkumar Sundaram Reviewed-by: Vasanthakumar Thiagarajan Link: https://patch.msgid.link/20250522111514.3735107-1-rameshkumar.sundaram@oss.qualcomm.com Signed-off-by: Jeff Johnson --- drivers/net/wireless/ath/ath12k/mac.c | 93 +++++++++++++++++++++++++-- drivers/net/wireless/ath/ath12k/reg.c | 13 ++++ drivers/net/wireless/ath/ath12k/wmi.c | 9 ++- 3 files changed, 109 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 302ad6da48f48..fa069ac30e0d9 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -4152,8 +4152,9 @@ ath12k_mac_select_scan_device(struct ieee80211_hw *hw, band = NL80211_BAND_6GHZ; for_each_ar(ah, ar, i) { - /* TODO 5 GHz low high split changes */ - if (ar->mac.sbands[band].channels) + if (ar->mac.sbands[band].channels && + center_freq >= KHZ_TO_MHZ(ar->freq_range.start_freq) && + center_freq <= KHZ_TO_MHZ(ar->freq_range.end_freq)) return ar; } @@ -11881,6 +11882,32 @@ static u32 ath12k_get_phy_id(struct ath12k *ar, u32 band) return 0; } +static int ath12k_mac_update_band(struct ath12k *ar, + struct ieee80211_supported_band *orig_band, + struct ieee80211_supported_band *new_band) +{ + int i; + + if (!orig_band || !new_band) + return -EINVAL; + + if (orig_band->band != new_band->band) + return -EINVAL; + + for (i = 0; i < new_band->n_channels; i++) { + if (new_band->channels[i].flags & IEEE80211_CHAN_DISABLED) + continue; + /* An enabled channel in new_band should not be already enabled + * in the orig_band + */ + if (WARN_ON(!(orig_band->channels[i].flags & + IEEE80211_CHAN_DISABLED))) + return -EINVAL; + orig_band->channels[i].flags &= ~IEEE80211_CHAN_DISABLED; + } + return 0; +} + static int ath12k_mac_setup_channels_rates(struct ath12k *ar, u32 supported_bands, struct ieee80211_supported_band *bands[]) @@ -11891,6 +11918,7 @@ static int ath12k_mac_setup_channels_rates(struct ath12k *ar, u32 phy_id, freq_low, freq_high; struct ath12k_hw *ah = ar->ah; void *channels; + int ret; BUILD_BUG_ON((ARRAY_SIZE(ath12k_2ghz_channels) + ARRAY_SIZE(ath12k_5ghz_channels) + @@ -11912,7 +11940,6 @@ static int ath12k_mac_setup_channels_rates(struct ath12k *ar, band->channels = channels; band->n_bitrates = ath12k_g_rates_size; band->bitrates = ath12k_g_rates; - bands[NL80211_BAND_2GHZ] = band; if (ab->hw_params->single_pdev_only) { phy_id = ath12k_get_phy_id(ar, WMI_HOST_WLAN_2GHZ_CAP); @@ -11929,6 +11956,22 @@ static int ath12k_mac_setup_channels_rates(struct ath12k *ar, reg_cap->high_2ghz_chan); ath12k_mac_update_freq_range(ar, freq_low, freq_high); + + if (!bands[NL80211_BAND_2GHZ]) { + bands[NL80211_BAND_2GHZ] = band; + } else { + /* Split mac in same band under same wiphy */ + ret = ath12k_mac_update_band(ar, bands[NL80211_BAND_2GHZ], band); + if (ret) { + kfree(channels); + band->channels = NULL; + return ret; + } + ath12k_dbg(ar->ab, ATH12K_DBG_MAC, "mac pdev %u identified as 2 GHz split mac with start freq %d end freq %d", + ar->pdev->pdev_id, + KHZ_TO_MHZ(ar->freq_range.start_freq), + KHZ_TO_MHZ(ar->freq_range.end_freq)); + } } if (supported_bands & WMI_HOST_WLAN_5GHZ_CAP) { @@ -11947,7 +11990,6 @@ static int ath12k_mac_setup_channels_rates(struct ath12k *ar, band->channels = channels; band->n_bitrates = ath12k_a_rates_size; band->bitrates = ath12k_a_rates; - bands[NL80211_BAND_6GHZ] = band; freq_low = max(reg_cap->low_5ghz_chan, ab->reg_freq_6ghz.start_freq); @@ -11960,6 +12002,26 @@ static int ath12k_mac_setup_channels_rates(struct ath12k *ar, ath12k_mac_update_freq_range(ar, freq_low, freq_high); ah->use_6ghz_regd = true; + + if (!bands[NL80211_BAND_6GHZ]) { + bands[NL80211_BAND_6GHZ] = band; + } else { + /* Split mac in same band under same wiphy */ + ret = ath12k_mac_update_band(ar, + bands[NL80211_BAND_6GHZ], + band); + if (ret) { + kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels); + ar->mac.sbands[NL80211_BAND_2GHZ].channels = NULL; + kfree(channels); + band->channels = NULL; + return ret; + } + ath12k_dbg(ar->ab, ATH12K_DBG_MAC, "mac pdev %u identified as 6 GHz split mac with start freq %d end freq %d", + ar->pdev->pdev_id, + KHZ_TO_MHZ(ar->freq_range.start_freq), + KHZ_TO_MHZ(ar->freq_range.end_freq)); + } } if (reg_cap->low_5ghz_chan < ATH12K_MIN_6GHZ_FREQ) { @@ -11978,7 +12040,6 @@ static int ath12k_mac_setup_channels_rates(struct ath12k *ar, band->channels = channels; band->n_bitrates = ath12k_a_rates_size; band->bitrates = ath12k_a_rates; - bands[NL80211_BAND_5GHZ] = band; if (ab->hw_params->single_pdev_only) { phy_id = ath12k_get_phy_id(ar, WMI_HOST_WLAN_5GHZ_CAP); @@ -11995,6 +12056,28 @@ static int ath12k_mac_setup_channels_rates(struct ath12k *ar, reg_cap->high_5ghz_chan); ath12k_mac_update_freq_range(ar, freq_low, freq_high); + + if (!bands[NL80211_BAND_5GHZ]) { + bands[NL80211_BAND_5GHZ] = band; + } else { + /* Split mac in same band under same wiphy */ + ret = ath12k_mac_update_band(ar, + bands[NL80211_BAND_5GHZ], + band); + if (ret) { + kfree(ar->mac.sbands[NL80211_BAND_2GHZ].channels); + ar->mac.sbands[NL80211_BAND_2GHZ].channels = NULL; + kfree(ar->mac.sbands[NL80211_BAND_6GHZ].channels); + ar->mac.sbands[NL80211_BAND_2GHZ].channels = NULL; + kfree(channels); + band->channels = NULL; + return ret; + } + ath12k_dbg(ar->ab, ATH12K_DBG_MAC, "mac pdev %u identified as 5 GHz split mac with start freq %d end freq %d", + ar->pdev->pdev_id, + KHZ_TO_MHZ(ar->freq_range.start_freq), + KHZ_TO_MHZ(ar->freq_range.end_freq)); + } } } diff --git a/drivers/net/wireless/ath/ath12k/reg.c b/drivers/net/wireless/ath/ath12k/reg.c index 28bb26d2dd82a..a7b9ecc14c391 100644 --- a/drivers/net/wireless/ath/ath12k/reg.c +++ b/drivers/net/wireless/ath/ath12k/reg.c @@ -176,6 +176,12 @@ int ath12k_reg_update_chan_list(struct ath12k *ar, bool wait) if (bands[band]->channels[i].flags & IEEE80211_CHAN_DISABLED) continue; + /* Skip Channels that are not in current radio's range */ + if (bands[band]->channels[i].center_freq < + KHZ_TO_MHZ(ar->freq_range.start_freq) || + bands[band]->channels[i].center_freq > + KHZ_TO_MHZ(ar->freq_range.end_freq)) + continue; num_channels++; } @@ -207,6 +213,13 @@ int ath12k_reg_update_chan_list(struct ath12k *ar, bool wait) if (channel->flags & IEEE80211_CHAN_DISABLED) continue; + /* Skip Channels that are not in current radio's range */ + if (bands[band]->channels[i].center_freq < + KHZ_TO_MHZ(ar->freq_range.start_freq) || + bands[band]->channels[i].center_freq > + KHZ_TO_MHZ(ar->freq_range.end_freq)) + continue; + /* TODO: Set to true/false based on some condition? */ ch->allow_ht = true; ch->allow_vht = true; diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c index 465f877fc0fb4..1b82fe0e50993 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.c +++ b/drivers/net/wireless/ath/ath12k/wmi.c @@ -6445,9 +6445,16 @@ static int freq_to_idx(struct ath12k *ar, int freq) if (!sband) continue; - for (ch = 0; ch < sband->n_channels; ch++, idx++) + for (ch = 0; ch < sband->n_channels; ch++, idx++) { + if (sband->channels[ch].center_freq < + KHZ_TO_MHZ(ar->freq_range.start_freq) || + sband->channels[ch].center_freq > + KHZ_TO_MHZ(ar->freq_range.end_freq)) + continue; + if (sband->channels[ch].center_freq == freq) goto exit; + } } exit: -- 2.51.0 From 437c7a2db6a34db2a9048920694a2bf9b0169726 Mon Sep 17 00:00:00 2001 From: Kang Yang Date: Thu, 5 Jun 2025 16:25:28 +0800 Subject: [PATCH 12/16] wifi: ath12k: update channel list in worker when wait flag is set With previous patch [1], ath12k_reg_update_chan_list() will be called during reg_process_self_managed_hint(). reg_process_self_managed_hint() will hold rtnl_lock all the time. But ath12k_reg_update_chan_list() may increase the occupation time of rtnl_lock, because when wait flag is set, wait_for_completion_timeout() will be called during 11d/hw scan. Should minimize the occupation time of rtnl_lock as much as possible to avoid interfering with rest of the system. So move the update channel list operation to a new worker, so that wait_for_completion_timeout() won't be called with the rtnl_lock held. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Fixes: f335295aa29c ("wifi: ath12k: avoid deadlock during regulatory update in ath12k_regd_update()") #[1] Signed-off-by: Kang Yang Reviewed-by: Aditya Kumar Singh Link: https://patch.msgid.link/20250605082528.701-1-kang.yang@oss.qualcomm.com Signed-off-by: Jeff Johnson --- drivers/net/wireless/ath/ath12k/core.c | 1 + drivers/net/wireless/ath/ath12k/core.h | 4 +- drivers/net/wireless/ath/ath12k/mac.c | 13 ++++ drivers/net/wireless/ath/ath12k/reg.c | 85 ++++++++++++++++++-------- drivers/net/wireless/ath/ath12k/reg.h | 1 + drivers/net/wireless/ath/ath12k/wmi.h | 1 + 6 files changed, 78 insertions(+), 27 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/core.c b/drivers/net/wireless/ath/ath12k/core.c index 89ae80934b304..cd58ab9c23223 100644 --- a/drivers/net/wireless/ath/ath12k/core.c +++ b/drivers/net/wireless/ath/ath12k/core.c @@ -1409,6 +1409,7 @@ void ath12k_core_halt(struct ath12k *ar) ath12k_mac_peer_cleanup_all(ar); cancel_delayed_work_sync(&ar->scan.timeout); cancel_work_sync(&ar->regd_update_work); + cancel_work_sync(&ar->regd_channel_update_work); cancel_work_sync(&ab->rfkill_work); cancel_work_sync(&ab->update_11d_work); diff --git a/drivers/net/wireless/ath/ath12k/core.h b/drivers/net/wireless/ath/ath12k/core.h index 6b5e6fab9cccc..46fc14dce4c7c 100644 --- a/drivers/net/wireless/ath/ath12k/core.h +++ b/drivers/net/wireless/ath/ath12k/core.h @@ -717,7 +717,7 @@ struct ath12k { /* protects the radio specific data like debug stats, ppdu_stats_info stats, * vdev_stop_status info, scan data, ath12k_sta info, ath12k_link_vif info, - * channel context data, survey info, test mode data. + * channel context data, survey info, test mode data, regd_channel_update_queue. */ spinlock_t data_lock; @@ -776,6 +776,8 @@ struct ath12k { struct completion bss_survey_done; struct work_struct regd_update_work; + struct work_struct regd_channel_update_work; + struct list_head regd_channel_update_queue; struct wiphy_work wmi_mgmt_tx_work; struct sk_buff_head wmi_mgmt_tx_queue; diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index fa069ac30e0d9..b9c8854786b4f 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -8406,6 +8406,7 @@ static void ath12k_mac_stop(struct ath12k *ar) { struct ath12k_hw *ah = ar->ah; struct htt_ppdu_stats_info *ppdu_stats, *tmp; + struct ath12k_wmi_scan_chan_list_arg *arg; int ret; lockdep_assert_held(&ah->hw_mutex); @@ -8420,6 +8421,7 @@ static void ath12k_mac_stop(struct ath12k *ar) cancel_delayed_work_sync(&ar->scan.timeout); wiphy_work_cancel(ath12k_ar_to_hw(ar)->wiphy, &ar->scan.vdev_clean_wk); + cancel_work_sync(&ar->regd_channel_update_work); cancel_work_sync(&ar->regd_update_work); cancel_work_sync(&ar->ab->rfkill_work); cancel_work_sync(&ar->ab->update_11d_work); @@ -8427,10 +8429,18 @@ static void ath12k_mac_stop(struct ath12k *ar) complete(&ar->completed_11d_scan); spin_lock_bh(&ar->data_lock); + list_for_each_entry_safe(ppdu_stats, tmp, &ar->ppdu_stats_info, list) { list_del(&ppdu_stats->list); kfree(ppdu_stats); } + + while ((arg = list_first_entry_or_null(&ar->regd_channel_update_queue, + struct ath12k_wmi_scan_chan_list_arg, + list))) { + list_del(&arg->list); + kfree(arg); + } spin_unlock_bh(&ar->data_lock); rcu_assign_pointer(ar->ab->pdevs_active[ar->pdev_idx], NULL); @@ -12411,6 +12421,7 @@ static void ath12k_mac_hw_unregister(struct ath12k_hw *ah) int i; for_each_ar(ah, ar, i) { + cancel_work_sync(&ar->regd_channel_update_work); cancel_work_sync(&ar->regd_update_work); ath12k_debugfs_unregister(ar); ath12k_fw_stats_reset(ar); @@ -12771,6 +12782,8 @@ static void ath12k_mac_setup(struct ath12k *ar) INIT_DELAYED_WORK(&ar->scan.timeout, ath12k_scan_timeout_work); wiphy_work_init(&ar->scan.vdev_clean_wk, ath12k_scan_vdev_clean_work); + INIT_WORK(&ar->regd_channel_update_work, ath12k_regd_update_chan_list_work); + INIT_LIST_HEAD(&ar->regd_channel_update_queue); INIT_WORK(&ar->regd_update_work, ath12k_regd_update_work); wiphy_work_init(&ar->wmi_mgmt_tx_work, ath12k_mgmt_over_wmi_tx_work); diff --git a/drivers/net/wireless/ath/ath12k/reg.c b/drivers/net/wireless/ath/ath12k/reg.c index a7b9ecc14c391..7c997c9dad4d8 100644 --- a/drivers/net/wireless/ath/ath12k/reg.c +++ b/drivers/net/wireless/ath/ath12k/reg.c @@ -137,32 +137,7 @@ int ath12k_reg_update_chan_list(struct ath12k *ar, bool wait) struct ath12k_wmi_channel_arg *ch; enum nl80211_band band; int num_channels = 0; - int i, ret, left; - - if (wait && ar->state_11d == ATH12K_11D_RUNNING) { - left = wait_for_completion_timeout(&ar->completed_11d_scan, - ATH12K_SCAN_TIMEOUT_HZ); - if (!left) { - ath12k_dbg(ar->ab, ATH12K_DBG_REG, - "failed to receive 11d scan complete: timed out\n"); - ar->state_11d = ATH12K_11D_IDLE; - } - ath12k_dbg(ar->ab, ATH12K_DBG_REG, - "reg 11d scan wait left time %d\n", left); - } - - if (wait && - (ar->scan.state == ATH12K_SCAN_STARTING || - ar->scan.state == ATH12K_SCAN_RUNNING)) { - left = wait_for_completion_timeout(&ar->scan.completed, - ATH12K_SCAN_TIMEOUT_HZ); - if (!left) - ath12k_dbg(ar->ab, ATH12K_DBG_REG, - "failed to receive hw scan complete: timed out\n"); - - ath12k_dbg(ar->ab, ATH12K_DBG_REG, - "reg hw scan wait left time %d\n", left); - } + int i, ret = 0; if (ar->ah->state == ATH12K_HW_STATE_RESTARTING) return 0; @@ -260,6 +235,16 @@ int ath12k_reg_update_chan_list(struct ath12k *ar, bool wait) } } + if (wait) { + spin_lock_bh(&ar->data_lock); + list_add_tail(&arg->list, &ar->regd_channel_update_queue); + spin_unlock_bh(&ar->data_lock); + + queue_work(ar->ab->workqueue, &ar->regd_channel_update_work); + + return 0; + } + ret = ath12k_wmi_send_scan_chan_list_cmd(ar, arg); kfree(arg); @@ -780,6 +765,54 @@ ret: return new_regd; } +void ath12k_regd_update_chan_list_work(struct work_struct *work) +{ + struct ath12k *ar = container_of(work, struct ath12k, + regd_channel_update_work); + struct ath12k_wmi_scan_chan_list_arg *arg; + struct list_head local_update_list; + int left; + + INIT_LIST_HEAD(&local_update_list); + + spin_lock_bh(&ar->data_lock); + list_splice_tail_init(&ar->regd_channel_update_queue, &local_update_list); + spin_unlock_bh(&ar->data_lock); + + while ((arg = list_first_entry_or_null(&local_update_list, + struct ath12k_wmi_scan_chan_list_arg, + list))) { + if (ar->state_11d != ATH12K_11D_IDLE) { + left = wait_for_completion_timeout(&ar->completed_11d_scan, + ATH12K_SCAN_TIMEOUT_HZ); + if (!left) { + ath12k_dbg(ar->ab, ATH12K_DBG_REG, + "failed to receive 11d scan complete: timed out\n"); + ar->state_11d = ATH12K_11D_IDLE; + } + + ath12k_dbg(ar->ab, ATH12K_DBG_REG, + "reg 11d scan wait left time %d\n", left); + } + + if ((ar->scan.state == ATH12K_SCAN_STARTING || + ar->scan.state == ATH12K_SCAN_RUNNING)) { + left = wait_for_completion_timeout(&ar->scan.completed, + ATH12K_SCAN_TIMEOUT_HZ); + if (!left) + ath12k_dbg(ar->ab, ATH12K_DBG_REG, + "failed to receive hw scan complete: timed out\n"); + + ath12k_dbg(ar->ab, ATH12K_DBG_REG, + "reg hw scan wait left time %d\n", left); + } + + ath12k_wmi_send_scan_chan_list_cmd(ar, arg); + list_del(&arg->list); + kfree(arg); + } +} + void ath12k_regd_update_work(struct work_struct *work) { struct ath12k *ar = container_of(work, struct ath12k, diff --git a/drivers/net/wireless/ath/ath12k/reg.h b/drivers/net/wireless/ath/ath12k/reg.h index 8af8e9ba462e9..0aeba06182c50 100644 --- a/drivers/net/wireless/ath/ath12k/reg.h +++ b/drivers/net/wireless/ath/ath12k/reg.h @@ -113,6 +113,7 @@ int ath12k_reg_handle_chan_list(struct ath12k_base *ab, struct ath12k_reg_info *reg_info, enum wmi_vdev_type vdev_type, enum ieee80211_ap_reg_power power_type); +void ath12k_regd_update_chan_list_work(struct work_struct *work); enum wmi_reg_6g_ap_type ath12k_reg_ap_pwr_convert(enum ieee80211_ap_reg_power power_type); enum ath12k_reg_status ath12k_reg_validate_reg_info(struct ath12k_base *ab, diff --git a/drivers/net/wireless/ath/ath12k/wmi.h b/drivers/net/wireless/ath/ath12k/wmi.h index c640ffa180c88..117150220b997 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.h +++ b/drivers/net/wireless/ath/ath12k/wmi.h @@ -3948,6 +3948,7 @@ struct wmi_stop_scan_cmd { } __packed; struct ath12k_wmi_scan_chan_list_arg { + struct list_head list; u32 pdev_id; u16 nallchans; struct ath12k_wmi_channel_arg channel[]; -- 2.51.0 From 906619a0096747adbce9415e10b639cfd2c5e714 Mon Sep 17 00:00:00 2001 From: Aditya Kumar Singh Date: Tue, 17 Jun 2025 09:05:59 +0530 Subject: [PATCH 13/16] wifi: ath12k: handle regulatory hints during mac registration If a regulatory notification is there in the system while the hardware is being registered, it attempts to set the new regulatory country. However, ath12k currently boots with a default country derived from the BDF. If this default country differs from the one provided in the notification, a race condition can occur while updating the regulatory information back to userspace. This potentially leads to driver having the incorrect regulatory applied. For example, suppose the regulatory domain for France (FR) is already applied, and then the driver is loaded with a BDF that has the United States (US) country programmed. When the driver finishes loading, the regulatory domain shown in phyX still reflects the US regulatory settings. This is incorrect, as the driver had already received a notification for FR during hardware registration, but failed to process it properly due to the race condition. The race condition exists during driver initialization and hardware registration: - On driver load, the firmware sends BDF-based country regulatory rules, which are stored in default_regd via ath12k_reg_handle_chan_list(). - During hardware registration, a regulatory notification is triggered through: ath12k_mac_hw_register() -> ieee80211_register_hw() -> wiphy_register() -> wiphy_regulatory_register() -> reg_call_notifier() This sends a country code to the firmware, which responds with updated regulatory rules. - After registration, ath12k_mac_hw_register() calls ath12k_regd_update(), which copies default_regd and passes it to the upper layers. The race occurs between the firmware's response and the execution of ath12k_regd_update(). If the firmware's new rules are processed before the update call, the correct values are used. Otherwise, outdated boot-time country settings are exposed to userspace. To resolve this issue, introduce a completion mechanism within the hardware group (ah). Trigger this completion whenever a regulatory change is requested from the firmware. Then, in ath12k_regd_update(), wait for the firmware to complete its regulatory processing before proceeding with the update. This ensures that during driver load, the default country is processed first. However, before ath12k_regd_update() is called, the new regulatory notification will have already been received by the driver. As a result, it will wait for the firmware's regulatory processing to complete, and only the final, correct regulatory domain will be updated to userspace. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 Signed-off-by: Aditya Kumar Singh Reviewed-by: Vasanthakumar Thiagarajan Link: https://patch.msgid.link/20250617-handle_user_regd_update_hints_during_insmod-v2-1-10a6a48efe81@oss.qualcomm.com Signed-off-by: Jeff Johnson --- drivers/net/wireless/ath/ath12k/core.c | 4 ++++ drivers/net/wireless/ath/ath12k/core.h | 1 + drivers/net/wireless/ath/ath12k/mac.c | 15 +++++++++++++++ drivers/net/wireless/ath/ath12k/reg.c | 12 ++++++++++++ drivers/net/wireless/ath/ath12k/reg.h | 2 ++ drivers/net/wireless/ath/ath12k/wmi.c | 17 +++++++++++++++-- 6 files changed, 49 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/core.c b/drivers/net/wireless/ath/ath12k/core.c index cd58ab9c23223..d47cf17ed430d 100644 --- a/drivers/net/wireless/ath/ath12k/core.c +++ b/drivers/net/wireless/ath/ath12k/core.c @@ -1473,6 +1473,7 @@ static void ath12k_core_pre_reconfigure_recovery(struct ath12k_base *ab) complete(&ar->vdev_setup_done); complete(&ar->vdev_delete_done); complete(&ar->bss_survey_done); + complete(&ar->regd_update_completed); wake_up(&ar->dp.tx_empty_waitq); idr_for_each(&ar->txmgmt_idr, @@ -1512,6 +1513,9 @@ static void ath12k_update_11d(struct work_struct *work) ar = pdev->ar; memcpy(&ar->alpha2, &arg.alpha2, 2); + + reinit_completion(&ar->regd_update_completed); + ret = ath12k_wmi_send_set_current_country_cmd(ar, &arg); if (ret) ath12k_warn(ar->ab, diff --git a/drivers/net/wireless/ath/ath12k/core.h b/drivers/net/wireless/ath/ath12k/core.h index 46fc14dce4c7c..cf10c62d4751a 100644 --- a/drivers/net/wireless/ath/ath12k/core.h +++ b/drivers/net/wireless/ath/ath12k/core.h @@ -811,6 +811,7 @@ struct ath12k { enum ath12k_11d_state state_11d; u8 alpha2[REG_ALPHA2_LEN]; bool regdom_set_by_user; + struct completion regd_update_completed; struct completion fw_stats_complete; struct completion fw_stats_done; diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index b9c8854786b4f..3c9c9066d3201 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -11381,6 +11381,7 @@ ath12k_mac_op_reconfig_complete(struct ieee80211_hw *hw, struct wmi_set_current_country_arg arg = {}; memcpy(&arg.alpha2, ar->alpha2, 2); + reinit_completion(&ar->regd_update_completed); ath12k_wmi_send_set_current_country_cmd(ar, &arg); } @@ -12680,6 +12681,16 @@ static int ath12k_mac_hw_register(struct ath12k_hw *ah) goto err_cleanup_if_combs; } + /* Boot-time regulatory updates have already been processed. + * Mark them as complete now, because after registration, + * cfg80211 will notify us again if there are any pending hints. + * We need to wait for those hints to be processed, so it's + * important to mark the boot-time updates as complete before + * proceeding with registration. + */ + for_each_ar(ah, ar, i) + complete(&ar->regd_update_completed); + ret = ieee80211_register_hw(hw); if (ret) { ath12k_err(ab, "ieee80211 registration failed: %d\n", ret); @@ -12707,6 +12718,9 @@ static int ath12k_mac_hw_register(struct ath12k_hw *ah) memcpy(¤t_cc.alpha2, ab->new_alpha2, 2); memcpy(&ar->alpha2, ab->new_alpha2, 2); + + reinit_completion(&ar->regd_update_completed); + ret = ath12k_wmi_send_set_current_country_cmd(ar, ¤t_cc); if (ret) ath12k_warn(ar->ab, @@ -12779,6 +12793,7 @@ static void ath12k_mac_setup(struct ath12k *ar) init_completion(&ar->scan.on_channel); init_completion(&ar->mlo_setup_done); init_completion(&ar->completed_11d_scan); + init_completion(&ar->regd_update_completed); INIT_DELAYED_WORK(&ar->scan.timeout, ath12k_scan_timeout_work); wiphy_work_init(&ar->scan.vdev_clean_wk, ath12k_scan_vdev_clean_work); diff --git a/drivers/net/wireless/ath/ath12k/reg.c b/drivers/net/wireless/ath/ath12k/reg.c index 7c997c9dad4d8..96254d6fc6757 100644 --- a/drivers/net/wireless/ath/ath12k/reg.c +++ b/drivers/net/wireless/ath/ath12k/reg.c @@ -102,6 +102,8 @@ ath12k_reg_notifier(struct wiphy *wiphy, struct regulatory_request *request) /* Send the reg change request to all the radios */ for_each_ar(ah, ar, i) { + reinit_completion(&ar->regd_update_completed); + if (ar->ab->hw_params->current_cc_support) { memcpy(¤t_arg.alpha2, request->alpha2, 2); memcpy(&ar->alpha2, ¤t_arg.alpha2, 2); @@ -273,9 +275,19 @@ int ath12k_regd_update(struct ath12k *ar, bool init) struct ieee80211_regdomain *regd, *regd_copy = NULL; int ret, regd_len, pdev_id; struct ath12k_base *ab; + long time_left; ab = ar->ab; + time_left = wait_for_completion_timeout(&ar->regd_update_completed, + ATH12K_REG_UPDATE_TIMEOUT_HZ); + if (time_left == 0) { + ath12k_warn(ab, "Timeout while waiting for regulatory update"); + /* Even though timeout has occurred, still continue since at least boot + * time data would be there to process + */ + } + supported_bands = ar->pdev->cap.supported_bands; reg_cap = &ab->hal_reg_cap[ar->pdev_idx]; diff --git a/drivers/net/wireless/ath/ath12k/reg.h b/drivers/net/wireless/ath/ath12k/reg.h index 0aeba06182c50..da5128b8c97f5 100644 --- a/drivers/net/wireless/ath/ath12k/reg.h +++ b/drivers/net/wireless/ath/ath12k/reg.h @@ -13,6 +13,8 @@ struct ath12k_base; struct ath12k; +#define ATH12K_REG_UPDATE_TIMEOUT_HZ (3 * HZ) + #define ATH12K_2GHZ_MAX_FREQUENCY 2495 #define ATH12K_5GHZ_MAX_FREQUENCY 5920 diff --git a/drivers/net/wireless/ath/ath12k/wmi.c b/drivers/net/wireless/ath/ath12k/wmi.c index 1b82fe0e50993..b38f22118d732 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.c +++ b/drivers/net/wireless/ath/ath12k/wmi.c @@ -6684,7 +6684,8 @@ static void ath12k_wmi_htc_tx_complete(struct ath12k_base *ab, static int ath12k_reg_chan_list_event(struct ath12k_base *ab, struct sk_buff *skb) { struct ath12k_reg_info *reg_info; - u8 pdev_idx; + struct ath12k *ar = NULL; + u8 pdev_idx = 255; int ret; reg_info = kzalloc(sizeof(*reg_info), GFP_ATOMIC); @@ -6739,7 +6740,7 @@ mem_free: kfree(reg_info); if (ret == ATH12K_REG_STATUS_VALID) - return ret; + goto out; fallback: /* Fallback to older reg (by sending previous country setting @@ -6753,6 +6754,18 @@ fallback: WARN_ON(1); out: + /* In some error cases, even a valid pdev_idx might not be available */ + if (pdev_idx != 255) + ar = ab->pdevs[pdev_idx].ar; + + /* During the boot-time update, 'ar' might not be allocated, + * so the completion cannot be marked at that point. + * This boot-time update is handled in ath12k_mac_hw_register() + * before registering the hardware. + */ + if (ar) + complete(&ar->regd_update_completed); + return ret; } -- 2.51.0 From 49375e11819b0d0f59ba59726d8e0b47656f5406 Mon Sep 17 00:00:00 2001 From: Baochen Qiang Date: Fri, 23 May 2025 11:49:01 +0800 Subject: [PATCH 14/16] wifi: ath12k: avoid bit operation on key flags WMI_KEY_PAIRWISE and WMI_KEY_GROUP are not bit fields, change bit operation to direct assignment to avoid confusion. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00217-QCAHKSWPL_SILICONZ-1 Signed-off-by: Baochen Qiang Reviewed-by: Vasanthakumar Thiagarajan Link: https://patch.msgid.link/20250523-ath12k-unicast-key-first-v1-1-f53c3880e6d8@quicinc.com Signed-off-by: Jeff Johnson --- drivers/net/wireless/ath/ath12k/mac.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 3c9c9066d3201..18c42b714ef37 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -4979,9 +4979,9 @@ static int ath12k_mac_set_key(struct ath12k *ar, enum set_key_cmd cmd, } if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE) - flags |= WMI_KEY_PAIRWISE; + flags = WMI_KEY_PAIRWISE; else - flags |= WMI_KEY_GROUP; + flags = WMI_KEY_GROUP; ret = ath12k_install_key(arvif, key, cmd, peer_addr, flags); if (ret) { -- 2.51.0 From 66e865f9dc78d00e6d1c8c6624cb0c9004e5aafb Mon Sep 17 00:00:00 2001 From: Baochen Qiang Date: Fri, 23 May 2025 11:49:02 +0800 Subject: [PATCH 15/16] wifi: ath12k: install pairwise key first As station, WCN7850 firmware requires pairwise key to be installed before group key. Currently host does not care about this, so it is up to kernel or userspace to decide which one will be installed first. In case above requirement is not met, WCN7850 firmware's EAPOL station machine is messed up, and finally connection fails [1]. Reorder key install for station interface in that case: this is done by caching group key first; Later when pairwise key arrives, both can be installed in required order. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0-03427-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1.15378.4 Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00217-QCAHKSWPL_SILICONZ-1 Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218733 Link: https://lore.kernel.org/all/AS8P190MB12051DDBD84CD88E71C40AD7873F2@AS8P190MB1205.EURP190.PROD.OUTLOOK.COM # [1] Signed-off-by: Baochen Qiang Reviewed-by: Vasanthakumar Thiagarajan Link: https://patch.msgid.link/20250523-ath12k-unicast-key-first-v1-2-f53c3880e6d8@quicinc.com Signed-off-by: Jeff Johnson --- drivers/net/wireless/ath/ath12k/core.h | 4 ++ drivers/net/wireless/ath/ath12k/mac.c | 76 +++++++++++++++++++++++--- drivers/net/wireless/ath/ath12k/wmi.h | 1 + 3 files changed, 74 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/core.h b/drivers/net/wireless/ath/ath12k/core.h index cf10c62d4751a..0c1a6df7a02e7 100644 --- a/drivers/net/wireless/ath/ath12k/core.h +++ b/drivers/net/wireless/ath/ath12k/core.h @@ -345,6 +345,10 @@ struct ath12k_link_vif { bool is_sta_assoc_link; struct ath12k_reg_tpc_power_info reg_tpc_info; + + bool group_key_valid; + struct wmi_vdev_install_key_arg group_key; + bool pairwise_key_done; }; struct ath12k_vif { diff --git a/drivers/net/wireless/ath/ath12k/mac.c b/drivers/net/wireless/ath/ath12k/mac.c index 18c42b714ef37..8a1b0c5599783 100644 --- a/drivers/net/wireless/ath/ath12k/mac.c +++ b/drivers/net/wireless/ath/ath12k/mac.c @@ -4829,14 +4829,13 @@ static int ath12k_install_key(struct ath12k_link_vif *arvif, .key_len = key->keylen, .key_data = key->key, .key_flags = flags, + .ieee80211_key_cipher = key->cipher, .macaddr = macaddr, }; struct ath12k_vif *ahvif = arvif->ahvif; lockdep_assert_wiphy(ath12k_ar_to_hw(ar)->wiphy); - reinit_completion(&ar->install_key_done); - if (test_bit(ATH12K_FLAG_HW_CRYPTO_DISABLED, &ar->ab->dev_flags)) return 0; @@ -4845,7 +4844,7 @@ static int ath12k_install_key(struct ath12k_link_vif *arvif, /* arg.key_cipher = WMI_CIPHER_NONE; */ arg.key_len = 0; arg.key_data = NULL; - goto install; + goto check_order; } switch (key->cipher) { @@ -4873,19 +4872,82 @@ static int ath12k_install_key(struct ath12k_link_vif *arvif, key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV | IEEE80211_KEY_FLAG_RESERVE_TAILROOM; +check_order: + if (ahvif->vdev_type == WMI_VDEV_TYPE_STA && + arg.key_flags == WMI_KEY_GROUP) { + if (cmd == SET_KEY) { + if (arvif->pairwise_key_done) { + ath12k_dbg(ar->ab, ATH12K_DBG_MAC, + "vdev %u pairwise key done, go install group key\n", + arg.vdev_id); + goto install; + } else { + /* WCN7850 firmware requires pairwise key to be installed + * before group key. In case group key comes first, cache + * it and return. Will revisit it once pairwise key gets + * installed. + */ + arvif->group_key = arg; + arvif->group_key_valid = true; + ath12k_dbg(ar->ab, ATH12K_DBG_MAC, + "vdev %u group key before pairwise key, cache and skip\n", + arg.vdev_id); + + ret = 0; + goto out; + } + } else { + arvif->group_key_valid = false; + } + } + install: - ret = ath12k_wmi_vdev_install_key(arvif->ar, &arg); + reinit_completion(&ar->install_key_done); + ret = ath12k_wmi_vdev_install_key(arvif->ar, &arg); if (ret) return ret; if (!wait_for_completion_timeout(&ar->install_key_done, 1 * HZ)) return -ETIMEDOUT; - if (ether_addr_equal(macaddr, arvif->bssid)) - ahvif->key_cipher = key->cipher; + if (ether_addr_equal(arg.macaddr, arvif->bssid)) + ahvif->key_cipher = arg.ieee80211_key_cipher; + + if (ar->install_key_status) { + ret = -EINVAL; + goto out; + } + + if (ahvif->vdev_type == WMI_VDEV_TYPE_STA && + arg.key_flags == WMI_KEY_PAIRWISE) { + if (cmd == SET_KEY) { + arvif->pairwise_key_done = true; + if (arvif->group_key_valid) { + /* Install cached GTK */ + arvif->group_key_valid = false; + arg = arvif->group_key; + ath12k_dbg(ar->ab, ATH12K_DBG_MAC, + "vdev %u pairwise key done, group key ready, go install\n", + arg.vdev_id); + goto install; + } + } else { + arvif->pairwise_key_done = false; + } + } + +out: + if (ret) { + /* In case of failure userspace may not do DISABLE_KEY + * but triggers re-connection directly, so manually reset + * status here. + */ + arvif->group_key_valid = false; + arvif->pairwise_key_done = false; + } - return ar->install_key_status ? -EINVAL : 0; + return ret; } static int ath12k_clear_peer_keys(struct ath12k_link_vif *arvif, diff --git a/drivers/net/wireless/ath/ath12k/wmi.h b/drivers/net/wireless/ath/ath12k/wmi.h index 117150220b997..8627154f1680f 100644 --- a/drivers/net/wireless/ath/ath12k/wmi.h +++ b/drivers/net/wireless/ath/ath12k/wmi.h @@ -3760,6 +3760,7 @@ struct wmi_vdev_install_key_arg { u32 key_idx; u32 key_flags; u32 key_cipher; + u32 ieee80211_key_cipher; u32 key_len; u32 key_txmic_len; u32 key_rxmic_len; -- 2.51.0 From 359d69285adc4f4a6a4bdafac30f3bd917873bbc Mon Sep 17 00:00:00 2001 From: P Praneesh Date: Thu, 5 Jun 2025 11:14:38 +0530 Subject: [PATCH 16/16] wifi: ath12k: remove monitor handling from ath12k_dp_rx_deliver_msdu() ath12k_dp_rx_deliver_msdu() currently includes logic related to monitor mode handling. This code was inherited from the ath11k driver, where a single rx handler was used for both regular and monitor mode packets. In ath12k, however, monitor mode packets are handled separately via ath12k_dp_mon_rx_deliver_msdu(), which contains all the necessary monitor-specific logic. Therefore, monitor-related checks and operations in ath12k_dp_rx_deliver_msdu() are no longer needed. Remove this dead code to simplify the rx path and avoid unnecessary per-packet checks. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Signed-off-by: P Praneesh Reviewed-by: Vasanthakumar Thiagarajan Link: https://patch.msgid.link/20250605054438.1855365-1-praneesh.p@oss.qualcomm.com Signed-off-by: Jeff Johnson --- drivers/net/wireless/ath/ath12k/dp_rx.c | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/dp_rx.c b/drivers/net/wireless/ath/ath12k/dp_rx.c index 57648febc4a4f..420a9b161f4a2 100644 --- a/drivers/net/wireless/ath/ath12k/dp_rx.c +++ b/drivers/net/wireless/ath/ath12k/dp_rx.c @@ -2533,31 +2533,15 @@ static void ath12k_dp_rx_deliver_msdu(struct ath12k *ar, struct napi_struct *nap struct ath12k_dp_rx_info *rx_info) { struct ath12k_base *ab = ar->ab; - static const struct ieee80211_radiotap_he known = { - .data1 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_DATA_MCS_KNOWN | - IEEE80211_RADIOTAP_HE_DATA1_BW_RU_ALLOC_KNOWN), - .data2 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA2_GI_KNOWN), - }; - struct ieee80211_radiotap_he *he; struct ieee80211_rx_status *rx_status; struct ieee80211_sta *pubsta; struct ath12k_peer *peer; struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu); struct ieee80211_rx_status *status = rx_info->rx_status; - u8 decap = DP_RX_DECAP_TYPE_RAW; + u8 decap = rx_info->decap_type; bool is_mcbc = rxcb->is_mcbc; bool is_eapol = rxcb->is_eapol; - if (status->encoding == RX_ENC_HE && !(status->flag & RX_FLAG_RADIOTAP_HE) && - !(status->flag & RX_FLAG_SKIP_MONITOR)) { - he = skb_push(msdu, sizeof(known)); - memcpy(he, &known, sizeof(known)); - status->flag |= RX_FLAG_RADIOTAP_HE; - } - - if (!(status->flag & RX_FLAG_ONLY_MONITOR)) - decap = rx_info->decap_type; - spin_lock_bh(&ab->base_lock); peer = ath12k_dp_rx_h_find_peer(ab, msdu, rx_info); -- 2.51.0