[rdk-b][common][bsp][Refactor and sync kernel/wifi from Openwrt]
[Description]
Refactor and sync kernel/wifi from Openwrt
[Release-log]
N/A
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/303-mac80211-set-up-the-fwd_skb-dev-for-mesh-forwarding.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/303-mac80211-set-up-the-fwd_skb-dev-for-mesh-forwarding.patch
index 1ceb2be..159aad5 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/303-mac80211-set-up-the-fwd_skb-dev-for-mesh-forwarding.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/303-mac80211-set-up-the-fwd_skb-dev-for-mesh-forwarding.patch
@@ -52,7 +52,7 @@
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
-@@ -2948,6 +2948,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
+@@ -2950,6 +2950,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80
if (!fwd_skb)
goto out;
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/307-mac80211_hwsim-make-6-GHz-channels-usable.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/307-mac80211_hwsim-make-6-GHz-channels-usable.patch
index fba0912..80c86e3 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/307-mac80211_hwsim-make-6-GHz-channels-usable.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/307-mac80211_hwsim-make-6-GHz-channels-usable.patch
@@ -11,7 +11,7 @@
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -3004,15 +3004,19 @@ static void mac80211_hwsim_he_capab(stru
+@@ -3003,15 +3003,19 @@ static void mac80211_hwsim_he_capab(stru
{
u16 n_iftype_data;
@@ -34,7 +34,7 @@
return;
}
-@@ -3302,6 +3306,12 @@ static int mac80211_hwsim_new_radio(stru
+@@ -3301,6 +3305,12 @@ static int mac80211_hwsim_new_radio(stru
sband->vht_cap.vht_mcs.tx_mcs_map =
sband->vht_cap.vht_mcs.rx_mcs_map;
break;
@@ -47,7 +47,7 @@
case NL80211_BAND_S1GHZ:
memcpy(&sband->s1g_cap, &hwsim_s1g_cap,
sizeof(sband->s1g_cap));
-@@ -3312,6 +3322,13 @@ static int mac80211_hwsim_new_radio(stru
+@@ -3311,6 +3321,13 @@ static int mac80211_hwsim_new_radio(stru
continue;
}
@@ -61,7 +61,7 @@
sband->ht_cap.ht_supported = true;
sband->ht_cap.cap = IEEE80211_HT_CAP_SUP_WIDTH_20_40 |
IEEE80211_HT_CAP_GRN_FLD |
-@@ -3325,10 +3342,6 @@ static int mac80211_hwsim_new_radio(stru
+@@ -3324,10 +3341,6 @@ static int mac80211_hwsim_new_radio(stru
sband->ht_cap.mcs.rx_mask[0] = 0xff;
sband->ht_cap.mcs.rx_mask[1] = 0xff;
sband->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/308-mac80211-add-support-for-.ndo_fill_forward_path.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/308-mac80211-add-support-for-.ndo_fill_forward_path.patch
index 4b9d874..a9a6182 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/308-mac80211-add-support-for-.ndo_fill_forward_path.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/308-mac80211-add-support-for-.ndo_fill_forward_path.patch
@@ -69,7 +69,7 @@
#endif /* __MAC80211_DRIVER_OPS */
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -1490,7 +1490,7 @@ struct ieee80211_local {
+@@ -1489,7 +1489,7 @@ struct ieee80211_local {
};
static inline struct ieee80211_sub_if_data *
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/324-mac80211-MBSSID-beacon-handling-in-AP-mode.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/324-mac80211-MBSSID-beacon-handling-in-AP-mode.patch
index fdbcce9..e2b0571 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/324-mac80211-MBSSID-beacon-handling-in-AP-mode.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/324-mac80211-MBSSID-beacon-handling-in-AP-mode.patch
@@ -246,7 +246,7 @@
struct rcu_head rcu_head;
};
-@@ -1083,6 +1084,20 @@ ieee80211_vif_get_shift(struct ieee80211
+@@ -1082,6 +1083,20 @@ ieee80211_vif_get_shift(struct ieee80211
return shift;
}
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/330-mac80211-switch-airtime-fairness-back-to-deficit-rou.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/330-mac80211-switch-airtime-fairness-back-to-deficit-rou.patch
index 0ca5386..e59036f 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/330-mac80211-switch-airtime-fairness-back-to-deficit-rou.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/330-mac80211-switch-airtime-fairness-back-to-deficit-rou.patch
@@ -327,7 +327,7 @@
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -863,16 +863,20 @@ enum txq_info_flags {
+@@ -862,16 +862,20 @@ enum txq_info_flags {
* @def_flow: used as a fallback flow when a packet destined to @tin hashes to
* a fq_flow which is already owned by a different tin
* @def_cvars: codel vars for @def_flow
@@ -350,7 +350,7 @@
unsigned long flags;
/* keep last! */
-@@ -949,8 +953,6 @@ struct ieee80211_sub_if_data {
+@@ -948,8 +952,6 @@ struct ieee80211_sub_if_data {
struct ieee80211_tx_queue_params tx_conf[IEEE80211_NUM_ACS];
struct mac80211_qos_map __rcu *qos_map;
@@ -359,7 +359,7 @@
struct work_struct csa_finalize_work;
bool csa_block_tx; /* write-protected by sdata_lock and local->mtx */
struct cfg80211_chan_def csa_chandef;
-@@ -1185,44 +1187,6 @@ enum mac80211_scan_state {
+@@ -1184,44 +1186,6 @@ enum mac80211_scan_state {
SCAN_ABORT,
};
@@ -404,7 +404,7 @@
DECLARE_STATIC_KEY_FALSE(aql_disable);
struct ieee80211_local {
-@@ -1236,8 +1200,13 @@ struct ieee80211_local {
+@@ -1235,8 +1199,13 @@ struct ieee80211_local {
struct codel_params cparams;
/* protects active_txqs and txqi->schedule_order */
@@ -419,7 +419,7 @@
u32 aql_threshold;
atomic_t aql_total_pending_airtime;
-@@ -1654,125 +1623,6 @@ static inline bool txq_has_queue(struct
+@@ -1660,125 +1629,6 @@ static inline bool txq_has_queue(struct
return !(skb_queue_empty(&txqi->frags) && !txqi->tin.backlog_packets);
}
@@ -545,7 +545,7 @@
static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr)
{
return ether_addr_equal(raddr, addr) ||
-@@ -2018,14 +1868,6 @@ int ieee80211_tx_control_port(struct wip
+@@ -2024,14 +1874,6 @@ int ieee80211_tx_control_port(struct wip
u64 *cookie);
int ieee80211_probe_mesh_link(struct wiphy *wiphy, struct net_device *dev,
const u8 *buf, size_t len);
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/334-mac80211-add-a-per-PHY-AQL-limit-to-improve-fairness.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/334-mac80211-add-a-per-PHY-AQL-limit-to-improve-fairness.patch
index 42e1671..fb6fd6e 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/334-mac80211-add-a-per-PHY-AQL-limit-to-improve-fairness.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/334-mac80211-add-a-per-PHY-AQL-limit-to-improve-fairness.patch
@@ -15,7 +15,7 @@
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -1216,6 +1216,7 @@ struct ieee80211_local {
+@@ -1215,6 +1215,7 @@ struct ieee80211_local {
u32 aql_txq_limit_high[IEEE80211_NUM_ACS];
u32 aql_threshold;
atomic_t aql_total_pending_airtime;
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/343-wifi-mac80211-fix-decap-offload-for-stations-on-AP_V.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/343-wifi-mac80211-fix-decap-offload-for-stations-on-AP_V.patch
index 0feb408..0246785 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/343-wifi-mac80211-fix-decap-offload-for-stations-on-AP_V.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/343-wifi-mac80211-fix-decap-offload-for-stations-on-AP_V.patch
@@ -13,7 +13,7 @@
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
-@@ -4265,6 +4265,7 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4267,6 +4267,7 @@ void ieee80211_check_fast_rx(struct sta_
.vif_type = sdata->vif.type,
.control_port_protocol = sdata->control_port_protocol,
}, *old, *new = NULL;
@@ -21,7 +21,7 @@
bool set_offload = false;
bool assign = false;
bool offload;
-@@ -4380,10 +4381,10 @@ void ieee80211_check_fast_rx(struct sta_
+@@ -4382,10 +4383,10 @@ void ieee80211_check_fast_rx(struct sta_
if (assign)
new = kmemdup(&fastrx, sizeof(fastrx), GFP_KERNEL);
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/345-wifi-mac80211-do-not-drop-packets-smaller-than-the-L.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/345-wifi-mac80211-do-not-drop-packets-smaller-than-the-L.patch
index 16cafc4..23047f6 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/345-wifi-mac80211-do-not-drop-packets-smaller-than-the-L.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/345-wifi-mac80211-do-not-drop-packets-smaller-than-the-L.patch
@@ -14,7 +14,7 @@
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
-@@ -4601,7 +4601,7 @@ static bool ieee80211_invoke_fast_rx(str
+@@ -4603,7 +4603,7 @@ static bool ieee80211_invoke_fast_rx(str
if (!(status->rx_flags & IEEE80211_RX_AMSDU)) {
if (!pskb_may_pull(skb, snap_offs + sizeof(*payload)))
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/346-mac80211-mesh-clean-up-rx_bcn_presp-API.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/346-mac80211-mesh-clean-up-rx_bcn_presp-API.patch
deleted file mode 100644
index 3fa70b0..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/346-mac80211-mesh-clean-up-rx_bcn_presp-API.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Mon, 20 Sep 2021 15:40:07 +0200
-Subject: [PATCH] mac80211: mesh: clean up rx_bcn_presp API
-
-commit a5b983c6073140b624f64e79fea6d33c3e4315a0 upstream.
-
-We currently pass the entire elements to the rx_bcn_presp()
-method, but only need mesh_config. Additionally, we use the
-length of the elements to calculate back the entire frame's
-length, but that's confusing - just pass the length of the
-frame instead.
-
-Link: https://lore.kernel.org/r/20210920154009.a18ed3d2da6c.I1824b773a0fbae4453e1433c184678ca14e8df45@changeid
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -645,10 +645,9 @@ struct ieee80211_if_ocb {
- */
- struct ieee802_11_elems;
- struct ieee80211_mesh_sync_ops {
-- void (*rx_bcn_presp)(struct ieee80211_sub_if_data *sdata,
-- u16 stype,
-- struct ieee80211_mgmt *mgmt,
-- struct ieee802_11_elems *elems,
-+ void (*rx_bcn_presp)(struct ieee80211_sub_if_data *sdata, u16 stype,
-+ struct ieee80211_mgmt *mgmt, unsigned int len,
-+ const struct ieee80211_meshconf_ie *mesh_cfg,
- struct ieee80211_rx_status *rx_status);
-
- /* should be called with beacon_data under RCU read lock */
---- a/net/mac80211/mesh.c
-+++ b/net/mac80211/mesh.c
-@@ -1354,8 +1354,8 @@ static void ieee80211_mesh_rx_bcn_presp(
- }
-
- if (ifmsh->sync_ops)
-- ifmsh->sync_ops->rx_bcn_presp(sdata,
-- stype, mgmt, &elems, rx_status);
-+ ifmsh->sync_ops->rx_bcn_presp(sdata, stype, mgmt, len,
-+ elems.mesh_config, rx_status);
- }
-
- int ieee80211_mesh_finish_csa(struct ieee80211_sub_if_data *sdata)
---- a/net/mac80211/mesh_sync.c
-+++ b/net/mac80211/mesh_sync.c
-@@ -3,6 +3,7 @@
- * Copyright 2011-2012, Pavel Zubarev <pavel.zubarev@gmail.com>
- * Copyright 2011-2012, Marco Porsch <marco.porsch@s2005.tu-chemnitz.de>
- * Copyright 2011-2012, cozybit Inc.
-+ * Copyright (C) 2021 Intel Corporation
- */
-
- #include "ieee80211_i.h"
-@@ -35,12 +36,12 @@ struct sync_method {
- /**
- * mesh_peer_tbtt_adjusting - check if an mp is currently adjusting its TBTT
- *
-- * @ie: information elements of a management frame from the mesh peer
-+ * @cfg: mesh config element from the mesh peer (or %NULL)
- */
--static bool mesh_peer_tbtt_adjusting(struct ieee802_11_elems *ie)
-+static bool mesh_peer_tbtt_adjusting(const struct ieee80211_meshconf_ie *cfg)
- {
-- return (ie->mesh_config->meshconf_cap &
-- IEEE80211_MESHCONF_CAPAB_TBTT_ADJUSTING) != 0;
-+ return cfg &&
-+ (cfg->meshconf_cap & IEEE80211_MESHCONF_CAPAB_TBTT_ADJUSTING);
- }
-
- void mesh_sync_adjust_tsf(struct ieee80211_sub_if_data *sdata)
-@@ -76,11 +77,11 @@ void mesh_sync_adjust_tsf(struct ieee802
- }
- }
-
--static void mesh_sync_offset_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
-- u16 stype,
-- struct ieee80211_mgmt *mgmt,
-- struct ieee802_11_elems *elems,
-- struct ieee80211_rx_status *rx_status)
-+static void
-+mesh_sync_offset_rx_bcn_presp(struct ieee80211_sub_if_data *sdata, u16 stype,
-+ struct ieee80211_mgmt *mgmt, unsigned int len,
-+ const struct ieee80211_meshconf_ie *mesh_cfg,
-+ struct ieee80211_rx_status *rx_status)
- {
- struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
- struct ieee80211_local *local = sdata->local;
-@@ -101,10 +102,7 @@ static void mesh_sync_offset_rx_bcn_pres
- */
- if (ieee80211_have_rx_timestamp(rx_status))
- t_r = ieee80211_calculate_rx_timestamp(local, rx_status,
-- 24 + 12 +
-- elems->total_len +
-- FCS_LEN,
-- 24);
-+ len + FCS_LEN, 24);
- else
- t_r = drv_get_tsf(local, sdata);
-
-@@ -119,7 +117,7 @@ static void mesh_sync_offset_rx_bcn_pres
- * dot11MeshNbrOffsetMaxNeighbor non-peer non-MBSS neighbors
- */
-
-- if (elems->mesh_config && mesh_peer_tbtt_adjusting(elems)) {
-+ if (mesh_peer_tbtt_adjusting(mesh_cfg)) {
- msync_dbg(sdata, "STA %pM : is adjusting TBTT\n",
- sta->sta.addr);
- goto no_sync;
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/347-mac80211-move-CRC-into-struct-ieee802_11_elems.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/347-mac80211-move-CRC-into-struct-ieee802_11_elems.patch
deleted file mode 100644
index e44aac5..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/347-mac80211-move-CRC-into-struct-ieee802_11_elems.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Mon, 20 Sep 2021 15:40:08 +0200
-Subject: [PATCH] mac80211: move CRC into struct ieee802_11_elems
-
-commit c6e37ed498f958254b5459253199e816b6bfc52f upstream.
-
-We're currently returning this value, but to prepare for
-returning the allocated structure, move it into there.
-
-Link: https://lore.kernel.org/r/20210920154009.479b8ebf999d.If0d4ba75ee38998dc3eeae25058aa748efcb2fc9@changeid
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -1530,6 +1530,7 @@ struct ieee80211_csa_ie {
- struct ieee802_11_elems {
- const u8 *ie_start;
- size_t total_len;
-+ u32 crc;
-
- /* pointers to IEs */
- const struct ieee80211_tdls_lnkie *lnk_id;
-@@ -2089,10 +2090,10 @@ static inline void ieee80211_tx_skb(stru
- ieee80211_tx_skb_tid(sdata, skb, 7);
- }
-
--u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
-- struct ieee802_11_elems *elems,
-- u64 filter, u32 crc, u8 *transmitter_bssid,
-- u8 *bss_bssid);
-+void ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
-+ struct ieee802_11_elems *elems,
-+ u64 filter, u32 crc, u8 *transmitter_bssid,
-+ u8 *bss_bssid);
- static inline void ieee802_11_parse_elems(const u8 *start, size_t len,
- bool action,
- struct ieee802_11_elems *elems,
---- a/net/mac80211/mlme.c
-+++ b/net/mac80211/mlme.c
-@@ -4102,10 +4102,11 @@ static void ieee80211_rx_mgmt_beacon(str
- */
- if (!ieee80211_is_s1g_beacon(hdr->frame_control))
- ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
-- ncrc = ieee802_11_parse_elems_crc(variable,
-- len - baselen, false, &elems,
-- care_about_ies, ncrc,
-- mgmt->bssid, bssid);
-+ ieee802_11_parse_elems_crc(variable,
-+ len - baselen, false, &elems,
-+ care_about_ies, ncrc,
-+ mgmt->bssid, bssid);
-+ ncrc = elems.crc;
-
- if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
- ieee80211_check_tim(elems.tim, elems.tim_len, bss_conf->aid)) {
---- a/net/mac80211/util.c
-+++ b/net/mac80211/util.c
-@@ -1469,10 +1469,10 @@ static size_t ieee802_11_find_bssid_prof
- return found ? profile_len : 0;
- }
-
--u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
-- struct ieee802_11_elems *elems,
-- u64 filter, u32 crc, u8 *transmitter_bssid,
-- u8 *bss_bssid)
-+void ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
-+ struct ieee802_11_elems *elems,
-+ u64 filter, u32 crc, u8 *transmitter_bssid,
-+ u8 *bss_bssid)
- {
- const struct element *non_inherit = NULL;
- u8 *nontransmitted_profile;
-@@ -1524,7 +1524,7 @@ u32 ieee802_11_parse_elems_crc(const u8
-
- kfree(nontransmitted_profile);
-
-- return crc;
-+ elems->crc = crc;
- }
-
- void ieee80211_regulatory_limit_wmm_params(struct ieee80211_sub_if_data *sdata,
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/348-mac80211-mlme-find-auth-challenge-directly.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/348-mac80211-mlme-find-auth-challenge-directly.patch
deleted file mode 100644
index 3432c25..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/348-mac80211-mlme-find-auth-challenge-directly.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Mon, 20 Sep 2021 15:40:09 +0200
-Subject: [PATCH] mac80211: mlme: find auth challenge directly
-
-commit 49a765d6785e99157ff5091cc37485732496864e upstream.
-
-There's no need to parse all elements etc. just to find the
-authentication challenge - use cfg80211_find_elem() instead.
-This also allows us to remove WLAN_EID_CHALLENGE handling
-from the element parsing entirely.
-
-Link: https://lore.kernel.org/r/20210920154009.45f9b3a15722.Ice3159ffad03a007d6154cbf1fb3a8c48489e86f@changeid
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -1540,7 +1540,6 @@ struct ieee802_11_elems {
- const u8 *supp_rates;
- const u8 *ds_params;
- const struct ieee80211_tim_ie *tim;
-- const u8 *challenge;
- const u8 *rsn;
- const u8 *rsnx;
- const u8 *erp_info;
-@@ -1594,7 +1593,6 @@ struct ieee802_11_elems {
- u8 ssid_len;
- u8 supp_rates_len;
- u8 tim_len;
-- u8 challenge_len;
- u8 rsn_len;
- u8 rsnx_len;
- u8 ext_supp_rates_len;
---- a/net/mac80211/mlme.c
-+++ b/net/mac80211/mlme.c
-@@ -2889,17 +2889,17 @@ static void ieee80211_auth_challenge(str
- {
- struct ieee80211_local *local = sdata->local;
- struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
-+ const struct element *challenge;
- u8 *pos;
-- struct ieee802_11_elems elems;
- u32 tx_flags = 0;
- struct ieee80211_prep_tx_info info = {
- .subtype = IEEE80211_STYPE_AUTH,
- };
-
- pos = mgmt->u.auth.variable;
-- ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems,
-- mgmt->bssid, auth_data->bss->bssid);
-- if (!elems.challenge)
-+ challenge = cfg80211_find_elem(WLAN_EID_CHALLENGE, pos,
-+ len - (pos - (u8 *)mgmt));
-+ if (!challenge)
- return;
- auth_data->expected_transaction = 4;
- drv_mgd_prepare_tx(sdata->local, sdata, &info);
-@@ -2907,7 +2907,8 @@ static void ieee80211_auth_challenge(str
- tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
- IEEE80211_TX_INTFL_MLME_CONN_TX;
- ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
-- elems.challenge - 2, elems.challenge_len + 2,
-+ (void *)challenge,
-+ challenge->datalen + sizeof(*challenge),
- auth_data->bss->bssid, auth_data->bss->bssid,
- auth_data->key, auth_data->key_len,
- auth_data->key_idx, tx_flags);
---- a/net/mac80211/util.c
-+++ b/net/mac80211/util.c
-@@ -1120,10 +1120,6 @@ _ieee802_11_parse_elems_crc(const u8 *st
- } else
- elem_parse_failed = true;
- break;
-- case WLAN_EID_CHALLENGE:
-- elems->challenge = pos;
-- elems->challenge_len = elen;
-- break;
- case WLAN_EID_VENDOR_SPECIFIC:
- if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
- pos[2] == 0xf2) {
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/349-mac80211-always-allocate-struct-ieee802_11_elems.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/349-mac80211-always-allocate-struct-ieee802_11_elems.patch
deleted file mode 100644
index 7565527..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/349-mac80211-always-allocate-struct-ieee802_11_elems.patch
+++ /dev/null
@@ -1,1143 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Mon, 20 Sep 2021 15:40:10 +0200
-Subject: [PATCH] mac80211: always allocate struct ieee802_11_elems
-
-As the 802.11 spec evolves, we need to parse more and more
-elements. This is causing the struct to grow, and we can no
-longer get away with putting it on the stack.
-
-Change the API to always dynamically allocate and return an
-allocated pointer that must be kfree()d later.
-
-As an alternative, I contemplated a scheme whereby we'd say
-in the code which elements we needed, e.g.
-
- DECLARE_ELEMENT_PARSER(elems,
- SUPPORTED_CHANNELS,
- CHANNEL_SWITCH,
- EXT(KEY_DELIVERY));
-
- ieee802_11_parse_elems(..., &elems, ...);
-
-and while I think this is possible and will save us a lot
-since most individual places only care about a small subset
-of the elements, it ended up being a bit more work since a
-lot of places do the parsing and then pass the struct to
-other functions, sometimes with multiple levels.
-
-Link: https://lore.kernel.org/r/20210920154009.26caff6b5998.I05ae58768e990e611aee8eca8abefd9d7bc15e05@changeid
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/agg-rx.c
-+++ b/net/mac80211/agg-rx.c
-@@ -478,7 +478,7 @@ void ieee80211_process_addba_request(str
- size_t len)
- {
- u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num;
-- struct ieee802_11_elems elems = { };
-+ struct ieee802_11_elems *elems = NULL;
- u8 dialog_token;
- int ies_len;
-
-@@ -496,16 +496,17 @@ void ieee80211_process_addba_request(str
- ies_len = len - offsetof(struct ieee80211_mgmt,
- u.action.u.addba_req.variable);
- if (ies_len) {
-- ieee802_11_parse_elems(mgmt->u.action.u.addba_req.variable,
-- ies_len, true, &elems, mgmt->bssid, NULL);
-- if (elems.parse_error)
-+ elems = ieee802_11_parse_elems(mgmt->u.action.u.addba_req.variable,
-+ ies_len, true, mgmt->bssid, NULL);
-+ if (!elems || elems->parse_error)
- return;
- }
-
- __ieee80211_start_rx_ba_session(sta, dialog_token, timeout,
- start_seq_num, ba_policy, tid,
- buf_size, true, false,
-- elems.addba_ext_ie);
-+ elems ? elems->addba_ext_ie : NULL);
-+ kfree(elems);
- }
-
- void ieee80211_manage_rx_ba_offl(struct ieee80211_vif *vif,
---- a/net/mac80211/ibss.c
-+++ b/net/mac80211/ibss.c
-@@ -9,7 +9,7 @@
- * Copyright 2009, Johannes Berg <johannes@sipsolutions.net>
- * Copyright 2013-2014 Intel Mobile Communications GmbH
- * Copyright(c) 2016 Intel Deutschland GmbH
-- * Copyright(c) 2018-2020 Intel Corporation
-+ * Copyright(c) 2018-2021 Intel Corporation
- */
-
- #include <linux/delay.h>
-@@ -1589,7 +1589,7 @@ void ieee80211_rx_mgmt_probe_beacon(stru
- struct ieee80211_rx_status *rx_status)
- {
- size_t baselen;
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems;
-
- BUILD_BUG_ON(offsetof(typeof(mgmt->u.probe_resp), variable) !=
- offsetof(typeof(mgmt->u.beacon), variable));
-@@ -1602,10 +1602,14 @@ void ieee80211_rx_mgmt_probe_beacon(stru
- if (baselen > len)
- return;
-
-- ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
-- false, &elems, mgmt->bssid, NULL);
--
-- ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
-+ elems = ieee802_11_parse_elems(mgmt->u.probe_resp.variable,
-+ len - baselen, false,
-+ mgmt->bssid, NULL);
-+
-+ if (elems) {
-+ ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, elems);
-+ kfree(elems);
-+ }
- }
-
- void ieee80211_ibss_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
-@@ -1614,7 +1618,7 @@ void ieee80211_ibss_rx_queued_mgmt(struc
- struct ieee80211_rx_status *rx_status;
- struct ieee80211_mgmt *mgmt;
- u16 fc;
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems;
- int ies_len;
-
- rx_status = IEEE80211_SKB_RXCB(skb);
-@@ -1651,15 +1655,16 @@ void ieee80211_ibss_rx_queued_mgmt(struc
- if (ies_len < 0)
- break;
-
-- ieee802_11_parse_elems(
-+ elems = ieee802_11_parse_elems(
- mgmt->u.action.u.chan_switch.variable,
-- ies_len, true, &elems, mgmt->bssid, NULL);
-+ ies_len, true, mgmt->bssid, NULL);
-
-- if (elems.parse_error)
-+ if (!elems || elems->parse_error)
- break;
-
- ieee80211_rx_mgmt_spectrum_mgmt(sdata, mgmt, skb->len,
-- rx_status, &elems);
-+ rx_status, elems);
-+ kfree(elems);
- break;
- }
- }
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -2088,18 +2088,18 @@ static inline void ieee80211_tx_skb(stru
- ieee80211_tx_skb_tid(sdata, skb, 7);
- }
-
--void ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
-- struct ieee802_11_elems *elems,
-- u64 filter, u32 crc, u8 *transmitter_bssid,
-- u8 *bss_bssid);
--static inline void ieee802_11_parse_elems(const u8 *start, size_t len,
-- bool action,
-- struct ieee802_11_elems *elems,
-- u8 *transmitter_bssid,
-- u8 *bss_bssid)
-+struct ieee802_11_elems *ieee802_11_parse_elems_crc(const u8 *start, size_t len,
-+ bool action,
-+ u64 filter, u32 crc,
-+ const u8 *transmitter_bssid,
-+ const u8 *bss_bssid);
-+static inline struct ieee802_11_elems *
-+ieee802_11_parse_elems(const u8 *start, size_t len, bool action,
-+ const u8 *transmitter_bssid,
-+ const u8 *bss_bssid)
- {
-- ieee802_11_parse_elems_crc(start, len, action, elems, 0, 0,
-- transmitter_bssid, bss_bssid);
-+ return ieee802_11_parse_elems_crc(start, len, action, 0, 0,
-+ transmitter_bssid, bss_bssid);
- }
-
-
---- a/net/mac80211/mesh.c
-+++ b/net/mac80211/mesh.c
-@@ -1247,7 +1247,7 @@ ieee80211_mesh_rx_probe_req(struct ieee8
- struct sk_buff *presp;
- struct beacon_data *bcn;
- struct ieee80211_mgmt *hdr;
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems;
- size_t baselen;
- u8 *pos;
-
-@@ -1256,22 +1256,24 @@ ieee80211_mesh_rx_probe_req(struct ieee8
- if (baselen > len)
- return;
-
-- ieee802_11_parse_elems(pos, len - baselen, false, &elems, mgmt->bssid,
-- NULL);
--
-- if (!elems.mesh_id)
-+ elems = ieee802_11_parse_elems(pos, len - baselen, false, mgmt->bssid,
-+ NULL);
-+ if (!elems)
- return;
-
-+ if (!elems->mesh_id)
-+ goto free;
-+
- /* 802.11-2012 10.1.4.3.2 */
- if ((!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
- !is_broadcast_ether_addr(mgmt->da)) ||
-- elems.ssid_len != 0)
-- return;
-+ elems->ssid_len != 0)
-+ goto free;
-
-- if (elems.mesh_id_len != 0 &&
-- (elems.mesh_id_len != ifmsh->mesh_id_len ||
-- memcmp(elems.mesh_id, ifmsh->mesh_id, ifmsh->mesh_id_len)))
-- return;
-+ if (elems->mesh_id_len != 0 &&
-+ (elems->mesh_id_len != ifmsh->mesh_id_len ||
-+ memcmp(elems->mesh_id, ifmsh->mesh_id, ifmsh->mesh_id_len)))
-+ goto free;
-
- rcu_read_lock();
- bcn = rcu_dereference(ifmsh->beacon);
-@@ -1295,6 +1297,8 @@ ieee80211_mesh_rx_probe_req(struct ieee8
- ieee80211_tx_skb(sdata, presp);
- out:
- rcu_read_unlock();
-+free:
-+ kfree(elems);
- }
-
- static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
-@@ -1305,7 +1309,7 @@ static void ieee80211_mesh_rx_bcn_presp(
- {
- struct ieee80211_local *local = sdata->local;
- struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems;
- struct ieee80211_channel *channel;
- size_t baselen;
- int freq;
-@@ -1320,42 +1324,47 @@ static void ieee80211_mesh_rx_bcn_presp(
- if (baselen > len)
- return;
-
-- ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
-- false, &elems, mgmt->bssid, NULL);
-+ elems = ieee802_11_parse_elems(mgmt->u.probe_resp.variable,
-+ len - baselen,
-+ false, mgmt->bssid, NULL);
-+ if (!elems)
-+ return;
-
- /* ignore non-mesh or secure / unsecure mismatch */
-- if ((!elems.mesh_id || !elems.mesh_config) ||
-- (elems.rsn && sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) ||
-- (!elems.rsn && sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE))
-- return;
-+ if ((!elems->mesh_id || !elems->mesh_config) ||
-+ (elems->rsn && sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) ||
-+ (!elems->rsn && sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE))
-+ goto free;
-
-- if (elems.ds_params)
-- freq = ieee80211_channel_to_frequency(elems.ds_params[0], band);
-+ if (elems->ds_params)
-+ freq = ieee80211_channel_to_frequency(elems->ds_params[0], band);
- else
- freq = rx_status->freq;
-
- channel = ieee80211_get_channel(local->hw.wiphy, freq);
-
- if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
-- return;
-+ goto free;
-
-- if (mesh_matches_local(sdata, &elems)) {
-+ if (mesh_matches_local(sdata, elems)) {
- mpl_dbg(sdata, "rssi_threshold=%d,rx_status->signal=%d\n",
- sdata->u.mesh.mshcfg.rssi_threshold, rx_status->signal);
- if (!sdata->u.mesh.user_mpm ||
- sdata->u.mesh.mshcfg.rssi_threshold == 0 ||
- sdata->u.mesh.mshcfg.rssi_threshold < rx_status->signal)
-- mesh_neighbour_update(sdata, mgmt->sa, &elems,
-+ mesh_neighbour_update(sdata, mgmt->sa, elems,
- rx_status);
-
- if (ifmsh->csa_role != IEEE80211_MESH_CSA_ROLE_INIT &&
- !sdata->vif.csa_active)
-- ieee80211_mesh_process_chnswitch(sdata, &elems, true);
-+ ieee80211_mesh_process_chnswitch(sdata, elems, true);
- }
-
- if (ifmsh->sync_ops)
- ifmsh->sync_ops->rx_bcn_presp(sdata, stype, mgmt, len,
-- elems.mesh_config, rx_status);
-+ elems->mesh_config, rx_status);
-+free:
-+ kfree(elems);
- }
-
- int ieee80211_mesh_finish_csa(struct ieee80211_sub_if_data *sdata)
-@@ -1447,7 +1456,7 @@ static void mesh_rx_csa_frame(struct iee
- struct ieee80211_mgmt *mgmt, size_t len)
- {
- struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems;
- u16 pre_value;
- bool fwd_csa = true;
- size_t baselen;
-@@ -1460,33 +1469,37 @@ static void mesh_rx_csa_frame(struct iee
- pos = mgmt->u.action.u.chan_switch.variable;
- baselen = offsetof(struct ieee80211_mgmt,
- u.action.u.chan_switch.variable);
-- ieee802_11_parse_elems(pos, len - baselen, true, &elems,
-- mgmt->bssid, NULL);
--
-- if (!mesh_matches_local(sdata, &elems))
-+ elems = ieee802_11_parse_elems(pos, len - baselen, true,
-+ mgmt->bssid, NULL);
-+ if (!elems)
- return;
-
-- ifmsh->chsw_ttl = elems.mesh_chansw_params_ie->mesh_ttl;
-+ if (!mesh_matches_local(sdata, elems))
-+ goto free;
-+
-+ ifmsh->chsw_ttl = elems->mesh_chansw_params_ie->mesh_ttl;
- if (!--ifmsh->chsw_ttl)
- fwd_csa = false;
-
-- pre_value = le16_to_cpu(elems.mesh_chansw_params_ie->mesh_pre_value);
-+ pre_value = le16_to_cpu(elems->mesh_chansw_params_ie->mesh_pre_value);
- if (ifmsh->pre_value >= pre_value)
-- return;
-+ goto free;
-
- ifmsh->pre_value = pre_value;
-
- if (!sdata->vif.csa_active &&
-- !ieee80211_mesh_process_chnswitch(sdata, &elems, false)) {
-+ !ieee80211_mesh_process_chnswitch(sdata, elems, false)) {
- mcsa_dbg(sdata, "Failed to process CSA action frame");
-- return;
-+ goto free;
- }
-
- /* forward or re-broadcast the CSA frame */
- if (fwd_csa) {
-- if (mesh_fwd_csa_frame(sdata, mgmt, len, &elems) < 0)
-+ if (mesh_fwd_csa_frame(sdata, mgmt, len, elems) < 0)
- mcsa_dbg(sdata, "Failed to forward the CSA frame");
- }
-+free:
-+ kfree(elems);
- }
-
- static void ieee80211_mesh_rx_mgmt_action(struct ieee80211_sub_if_data *sdata,
---- a/net/mac80211/mesh_hwmp.c
-+++ b/net/mac80211/mesh_hwmp.c
-@@ -1,7 +1,7 @@
- // SPDX-License-Identifier: GPL-2.0-only
- /*
- * Copyright (c) 2008, 2009 open80211s Ltd.
-- * Copyright (C) 2019 Intel Corporation
-+ * Copyright (C) 2019, 2021 Intel Corporation
- * Author: Luis Carlos Cobo <luisca@cozybit.com>
- */
-
-@@ -908,7 +908,7 @@ static void hwmp_rann_frame_process(stru
- void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
- struct ieee80211_mgmt *mgmt, size_t len)
- {
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems;
- size_t baselen;
- u32 path_metric;
- struct sta_info *sta;
-@@ -926,37 +926,41 @@ void mesh_rx_path_sel_frame(struct ieee8
- rcu_read_unlock();
-
- baselen = (u8 *) mgmt->u.action.u.mesh_action.variable - (u8 *) mgmt;
-- ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable,
-- len - baselen, false, &elems, mgmt->bssid, NULL);
-+ elems = ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable,
-+ len - baselen, false, mgmt->bssid, NULL);
-+ if (!elems)
-+ return;
-
-- if (elems.preq) {
-- if (elems.preq_len != 37)
-+ if (elems->preq) {
-+ if (elems->preq_len != 37)
- /* Right now we support just 1 destination and no AE */
-- return;
-- path_metric = hwmp_route_info_get(sdata, mgmt, elems.preq,
-+ goto free;
-+ path_metric = hwmp_route_info_get(sdata, mgmt, elems->preq,
- MPATH_PREQ);
- if (path_metric)
-- hwmp_preq_frame_process(sdata, mgmt, elems.preq,
-+ hwmp_preq_frame_process(sdata, mgmt, elems->preq,
- path_metric);
- }
-- if (elems.prep) {
-- if (elems.prep_len != 31)
-+ if (elems->prep) {
-+ if (elems->prep_len != 31)
- /* Right now we support no AE */
-- return;
-- path_metric = hwmp_route_info_get(sdata, mgmt, elems.prep,
-+ goto free;
-+ path_metric = hwmp_route_info_get(sdata, mgmt, elems->prep,
- MPATH_PREP);
- if (path_metric)
-- hwmp_prep_frame_process(sdata, mgmt, elems.prep,
-+ hwmp_prep_frame_process(sdata, mgmt, elems->prep,
- path_metric);
- }
-- if (elems.perr) {
-- if (elems.perr_len != 15)
-+ if (elems->perr) {
-+ if (elems->perr_len != 15)
- /* Right now we support only one destination per PERR */
-- return;
-- hwmp_perr_frame_process(sdata, mgmt, elems.perr);
-+ goto free;
-+ hwmp_perr_frame_process(sdata, mgmt, elems->perr);
- }
-- if (elems.rann)
-- hwmp_rann_frame_process(sdata, mgmt, elems.rann);
-+ if (elems->rann)
-+ hwmp_rann_frame_process(sdata, mgmt, elems->rann);
-+free:
-+ kfree(elems);
- }
-
- /**
---- a/net/mac80211/mesh_plink.c
-+++ b/net/mac80211/mesh_plink.c
-@@ -1,7 +1,7 @@
- // SPDX-License-Identifier: GPL-2.0-only
- /*
- * Copyright (c) 2008, 2009 open80211s Ltd.
-- * Copyright (C) 2019 Intel Corporation
-+ * Copyright (C) 2019, 2021 Intel Corporation
- * Author: Luis Carlos Cobo <luisca@cozybit.com>
- */
- #include <linux/gfp.h>
-@@ -1200,7 +1200,7 @@ void mesh_rx_plink_frame(struct ieee8021
- struct ieee80211_mgmt *mgmt, size_t len,
- struct ieee80211_rx_status *rx_status)
- {
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems;
- size_t baselen;
- u8 *baseaddr;
-
-@@ -1228,7 +1228,8 @@ void mesh_rx_plink_frame(struct ieee8021
- if (baselen > len)
- return;
- }
-- ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems,
-- mgmt->bssid, NULL);
-- mesh_process_plink_frame(sdata, mgmt, &elems, rx_status);
-+ elems = ieee802_11_parse_elems(baseaddr, len - baselen, true,
-+ mgmt->bssid, NULL);
-+ mesh_process_plink_frame(sdata, mgmt, elems, rx_status);
-+ kfree(elems);
- }
---- a/net/mac80211/mlme.c
-+++ b/net/mac80211/mlme.c
-@@ -3317,8 +3317,11 @@ static bool ieee80211_assoc_success(stru
- aid = 0; /* TODO */
- }
- capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
-- ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, elems,
-- mgmt->bssid, assoc_data->bss->bssid);
-+ elems = ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false,
-+ mgmt->bssid, assoc_data->bss->bssid);
-+
-+ if (!elems)
-+ return false;
-
- if (elems->aid_resp)
- aid = le16_to_cpu(elems->aid_resp->aid);
-@@ -3340,7 +3343,8 @@ static bool ieee80211_assoc_success(stru
-
- if (!is_s1g && !elems->supp_rates) {
- sdata_info(sdata, "no SuppRates element in AssocResp\n");
-- return false;
-+ ret = false;
-+ goto out;
- }
-
- sdata->vif.bss_conf.aid = aid;
-@@ -3362,7 +3366,7 @@ static bool ieee80211_assoc_success(stru
- (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
- (!elems->vht_cap_elem || !elems->vht_operation)))) {
- const struct cfg80211_bss_ies *ies;
-- struct ieee802_11_elems bss_elems;
-+ struct ieee802_11_elems *bss_elems;
-
- rcu_read_lock();
- ies = rcu_dereference(cbss->ies);
-@@ -3373,13 +3377,17 @@ static bool ieee80211_assoc_success(stru
- if (!bss_ies)
- return false;
-
-- ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
-- false, &bss_elems,
-- mgmt->bssid,
-- assoc_data->bss->bssid);
-+ bss_elems = ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
-+ false, mgmt->bssid,
-+ assoc_data->bss->bssid);
-+ if (!bss_elems) {
-+ ret = false;
-+ goto out;
-+ }
-+
- if (assoc_data->wmm &&
-- !elems->wmm_param && bss_elems.wmm_param) {
-- elems->wmm_param = bss_elems.wmm_param;
-+ !elems->wmm_param && bss_elems->wmm_param) {
-+ elems->wmm_param = bss_elems->wmm_param;
- sdata_info(sdata,
- "AP bug: WMM param missing from AssocResp\n");
- }
-@@ -3388,30 +3396,32 @@ static bool ieee80211_assoc_success(stru
- * Also check if we requested HT/VHT, otherwise the AP doesn't
- * have to include the IEs in the (re)association response.
- */
-- if (!elems->ht_cap_elem && bss_elems.ht_cap_elem &&
-+ if (!elems->ht_cap_elem && bss_elems->ht_cap_elem &&
- !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
-- elems->ht_cap_elem = bss_elems.ht_cap_elem;
-+ elems->ht_cap_elem = bss_elems->ht_cap_elem;
- sdata_info(sdata,
- "AP bug: HT capability missing from AssocResp\n");
- }
-- if (!elems->ht_operation && bss_elems.ht_operation &&
-+ if (!elems->ht_operation && bss_elems->ht_operation &&
- !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
-- elems->ht_operation = bss_elems.ht_operation;
-+ elems->ht_operation = bss_elems->ht_operation;
- sdata_info(sdata,
- "AP bug: HT operation missing from AssocResp\n");
- }
-- if (!elems->vht_cap_elem && bss_elems.vht_cap_elem &&
-+ if (!elems->vht_cap_elem && bss_elems->vht_cap_elem &&
- !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
-- elems->vht_cap_elem = bss_elems.vht_cap_elem;
-+ elems->vht_cap_elem = bss_elems->vht_cap_elem;
- sdata_info(sdata,
- "AP bug: VHT capa missing from AssocResp\n");
- }
-- if (!elems->vht_operation && bss_elems.vht_operation &&
-+ if (!elems->vht_operation && bss_elems->vht_operation &&
- !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
-- elems->vht_operation = bss_elems.vht_operation;
-+ elems->vht_operation = bss_elems->vht_operation;
- sdata_info(sdata,
- "AP bug: VHT operation missing from AssocResp\n");
- }
-+
-+ kfree(bss_elems);
- }
-
- /*
-@@ -3662,6 +3672,7 @@ static bool ieee80211_assoc_success(stru
-
- ret = true;
- out:
-+ kfree(elems);
- kfree(bss_ies);
- return ret;
- }
-@@ -3673,7 +3684,7 @@ static void ieee80211_rx_mgmt_assoc_resp
- struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
- struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
- u16 capab_info, status_code, aid;
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems;
- int ac, uapsd_queues = -1;
- u8 *pos;
- bool reassoc;
-@@ -3730,14 +3741,16 @@ static void ieee80211_rx_mgmt_assoc_resp
- fils_decrypt_assoc_resp(sdata, (u8 *)mgmt, &len, assoc_data) < 0)
- return;
-
-- ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false, &elems,
-- mgmt->bssid, assoc_data->bss->bssid);
-+ elems = ieee802_11_parse_elems(pos, len - (pos - (u8 *)mgmt), false,
-+ mgmt->bssid, assoc_data->bss->bssid);
-+ if (!elems)
-+ goto notify_driver;
-
- if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
-- elems.timeout_int &&
-- elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
-+ elems->timeout_int &&
-+ elems->timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
- u32 tu, ms;
-- tu = le32_to_cpu(elems.timeout_int->value);
-+ tu = le32_to_cpu(elems->timeout_int->value);
- ms = tu * 1024 / 1000;
- sdata_info(sdata,
- "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
-@@ -3757,7 +3770,7 @@ static void ieee80211_rx_mgmt_assoc_resp
- event.u.mlme.reason = status_code;
- drv_event_callback(sdata->local, sdata, &event);
- } else {
-- if (!ieee80211_assoc_success(sdata, cbss, mgmt, len, &elems)) {
-+ if (!ieee80211_assoc_success(sdata, cbss, mgmt, len, elems)) {
- /* oops -- internal error -- send timeout for now */
- ieee80211_destroy_assoc_data(sdata, false, false);
- cfg80211_assoc_timeout(sdata->dev, cbss);
-@@ -3787,6 +3800,7 @@ static void ieee80211_rx_mgmt_assoc_resp
- ifmgd->assoc_req_ies, ifmgd->assoc_req_ies_len);
- notify_driver:
- drv_mgd_complete_tx(sdata->local, sdata, &info);
-+ kfree(elems);
- }
-
- static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
-@@ -3991,7 +4005,7 @@ static void ieee80211_rx_mgmt_beacon(str
- struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
- struct ieee80211_mgmt *mgmt = (void *) hdr;
- size_t baselen;
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems;
- struct ieee80211_local *local = sdata->local;
- struct ieee80211_chanctx_conf *chanctx_conf;
- struct ieee80211_channel *chan;
-@@ -4037,15 +4051,16 @@ static void ieee80211_rx_mgmt_beacon(str
-
- if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
- ieee80211_rx_our_beacon(bssid, ifmgd->assoc_data->bss)) {
-- ieee802_11_parse_elems(variable,
-- len - baselen, false, &elems,
-- bssid,
-- ifmgd->assoc_data->bss->bssid);
-+ elems = ieee802_11_parse_elems(variable, len - baselen, false,
-+ bssid,
-+ ifmgd->assoc_data->bss->bssid);
-+ if (!elems)
-+ return;
-
- ieee80211_rx_bss_info(sdata, mgmt, len, rx_status);
-
-- if (elems.dtim_period)
-- ifmgd->dtim_period = elems.dtim_period;
-+ if (elems->dtim_period)
-+ ifmgd->dtim_period = elems->dtim_period;
- ifmgd->have_beacon = true;
- ifmgd->assoc_data->need_beacon = false;
- if (ieee80211_hw_check(&local->hw, TIMING_BEACON_ONLY)) {
-@@ -4053,17 +4068,17 @@ static void ieee80211_rx_mgmt_beacon(str
- le64_to_cpu(mgmt->u.beacon.timestamp);
- sdata->vif.bss_conf.sync_device_ts =
- rx_status->device_timestamp;
-- sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count;
-+ sdata->vif.bss_conf.sync_dtim_count = elems->dtim_count;
- }
-
-- if (elems.mbssid_config_ie)
-+ if (elems->mbssid_config_ie)
- bss_conf->profile_periodicity =
-- elems.mbssid_config_ie->profile_periodicity;
-+ elems->mbssid_config_ie->profile_periodicity;
- else
- bss_conf->profile_periodicity = 0;
-
-- if (elems.ext_capab_len >= 11 &&
-- (elems.ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
-+ if (elems->ext_capab_len >= 11 &&
-+ (elems->ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT))
- bss_conf->ema_ap = true;
- else
- bss_conf->ema_ap = false;
-@@ -4072,6 +4087,7 @@ static void ieee80211_rx_mgmt_beacon(str
- ifmgd->assoc_data->timeout = jiffies;
- ifmgd->assoc_data->timeout_started = true;
- run_again(sdata, ifmgd->assoc_data->timeout);
-+ kfree(elems);
- return;
- }
-
-@@ -4103,14 +4119,15 @@ static void ieee80211_rx_mgmt_beacon(str
- */
- if (!ieee80211_is_s1g_beacon(hdr->frame_control))
- ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
-- ieee802_11_parse_elems_crc(variable,
-- len - baselen, false, &elems,
-- care_about_ies, ncrc,
-- mgmt->bssid, bssid);
-- ncrc = elems.crc;
-+ elems = ieee802_11_parse_elems_crc(variable, len - baselen,
-+ false, care_about_ies, ncrc,
-+ mgmt->bssid, bssid);
-+ if (!elems)
-+ return;
-+ ncrc = elems->crc;
-
- if (ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK) &&
-- ieee80211_check_tim(elems.tim, elems.tim_len, bss_conf->aid)) {
-+ ieee80211_check_tim(elems->tim, elems->tim_len, bss_conf->aid)) {
- if (local->hw.conf.dynamic_ps_timeout > 0) {
- if (local->hw.conf.flags & IEEE80211_CONF_PS) {
- local->hw.conf.flags &= ~IEEE80211_CONF_PS;
-@@ -4180,12 +4197,12 @@ static void ieee80211_rx_mgmt_beacon(str
- le64_to_cpu(mgmt->u.beacon.timestamp);
- sdata->vif.bss_conf.sync_device_ts =
- rx_status->device_timestamp;
-- sdata->vif.bss_conf.sync_dtim_count = elems.dtim_count;
-+ sdata->vif.bss_conf.sync_dtim_count = elems->dtim_count;
- }
-
- if ((ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid) ||
- ieee80211_is_s1g_short_beacon(mgmt->frame_control))
-- return;
-+ goto free;
- ifmgd->beacon_crc = ncrc;
- ifmgd->beacon_crc_valid = true;
-
-@@ -4193,12 +4210,12 @@ static void ieee80211_rx_mgmt_beacon(str
-
- ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
- rx_status->device_timestamp,
-- &elems, true);
-+ elems, true);
-
- if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) &&
-- ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
-- elems.wmm_param_len,
-- elems.mu_edca_param_set))
-+ ieee80211_sta_wmm_params(local, sdata, elems->wmm_param,
-+ elems->wmm_param_len,
-+ elems->mu_edca_param_set))
- changed |= BSS_CHANGED_QOS;
-
- /*
-@@ -4207,7 +4224,7 @@ static void ieee80211_rx_mgmt_beacon(str
- */
- if (!ifmgd->have_beacon) {
- /* a few bogus AP send dtim_period = 0 or no TIM IE */
-- bss_conf->dtim_period = elems.dtim_period ?: 1;
-+ bss_conf->dtim_period = elems->dtim_period ?: 1;
-
- changed |= BSS_CHANGED_BEACON_INFO;
- ifmgd->have_beacon = true;
-@@ -4219,9 +4236,9 @@ static void ieee80211_rx_mgmt_beacon(str
- ieee80211_recalc_ps_vif(sdata);
- }
-
-- if (elems.erp_info) {
-+ if (elems->erp_info) {
- erp_valid = true;
-- erp_value = elems.erp_info[0];
-+ erp_value = elems->erp_info[0];
- } else {
- erp_valid = false;
- }
-@@ -4234,12 +4251,12 @@ static void ieee80211_rx_mgmt_beacon(str
- mutex_lock(&local->sta_mtx);
- sta = sta_info_get(sdata, bssid);
-
-- changed |= ieee80211_recalc_twt_req(sdata, sta, &elems);
-+ changed |= ieee80211_recalc_twt_req(sdata, sta, elems);
-
-- if (ieee80211_config_bw(sdata, sta, elems.ht_cap_elem,
-- elems.vht_cap_elem, elems.ht_operation,
-- elems.vht_operation, elems.he_operation,
-- elems.s1g_oper, bssid, &changed)) {
-+ if (ieee80211_config_bw(sdata, sta, elems->ht_cap_elem,
-+ elems->vht_cap_elem, elems->ht_operation,
-+ elems->vht_operation, elems->he_operation,
-+ elems->s1g_oper, bssid, &changed)) {
- mutex_unlock(&local->sta_mtx);
- sdata_info(sdata,
- "failed to follow AP %pM bandwidth change, disconnect\n",
-@@ -4251,21 +4268,23 @@ static void ieee80211_rx_mgmt_beacon(str
- sizeof(deauth_buf), true,
- WLAN_REASON_DEAUTH_LEAVING,
- false);
-- return;
-+ goto free;
- }
-
-- if (sta && elems.opmode_notif)
-- ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
-+ if (sta && elems->opmode_notif)
-+ ieee80211_vht_handle_opmode(sdata, sta, *elems->opmode_notif,
- rx_status->band);
- mutex_unlock(&local->sta_mtx);
-
- changed |= ieee80211_handle_pwr_constr(sdata, chan, mgmt,
-- elems.country_elem,
-- elems.country_elem_len,
-- elems.pwr_constr_elem,
-- elems.cisco_dtpc_elem);
-+ elems->country_elem,
-+ elems->country_elem_len,
-+ elems->pwr_constr_elem,
-+ elems->cisco_dtpc_elem);
-
- ieee80211_bss_info_change_notify(sdata, changed);
-+free:
-+ kfree(elems);
- }
-
- void ieee80211_sta_rx_queued_ext(struct ieee80211_sub_if_data *sdata,
-@@ -4294,7 +4313,6 @@ void ieee80211_sta_rx_queued_mgmt(struct
- struct ieee80211_rx_status *rx_status;
- struct ieee80211_mgmt *mgmt;
- u16 fc;
-- struct ieee802_11_elems elems;
- int ies_len;
-
- rx_status = (struct ieee80211_rx_status *) skb->cb;
-@@ -4326,6 +4344,8 @@ void ieee80211_sta_rx_queued_mgmt(struct
- break;
- case IEEE80211_STYPE_ACTION:
- if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
-+ struct ieee802_11_elems *elems;
-+
- ies_len = skb->len -
- offsetof(struct ieee80211_mgmt,
- u.action.u.chan_switch.variable);
-@@ -4334,18 +4354,21 @@ void ieee80211_sta_rx_queued_mgmt(struct
- break;
-
- /* CSA IE cannot be overridden, no need for BSSID */
-- ieee802_11_parse_elems(
-- mgmt->u.action.u.chan_switch.variable,
-- ies_len, true, &elems, mgmt->bssid, NULL);
-+ elems = ieee802_11_parse_elems(
-+ mgmt->u.action.u.chan_switch.variable,
-+ ies_len, true, mgmt->bssid, NULL);
-
-- if (elems.parse_error)
-+ if (!elems || elems->parse_error)
- break;
-
- ieee80211_sta_process_chanswitch(sdata,
- rx_status->mactime,
- rx_status->device_timestamp,
-- &elems, false);
-+ elems, false);
-+ kfree(elems);
- } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
-+ struct ieee802_11_elems *elems;
-+
- ies_len = skb->len -
- offsetof(struct ieee80211_mgmt,
- u.action.u.ext_chan_switch.variable);
-@@ -4357,21 +4380,22 @@ void ieee80211_sta_rx_queued_mgmt(struct
- * extended CSA IE can't be overridden, no need for
- * BSSID
- */
-- ieee802_11_parse_elems(
-- mgmt->u.action.u.ext_chan_switch.variable,
-- ies_len, true, &elems, mgmt->bssid, NULL);
-+ elems = ieee802_11_parse_elems(
-+ mgmt->u.action.u.ext_chan_switch.variable,
-+ ies_len, true, mgmt->bssid, NULL);
-
-- if (elems.parse_error)
-+ if (!elems || elems->parse_error)
- break;
-
- /* for the handling code pretend this was also an IE */
-- elems.ext_chansw_ie =
-+ elems->ext_chansw_ie =
- &mgmt->u.action.u.ext_chan_switch.data;
-
- ieee80211_sta_process_chanswitch(sdata,
- rx_status->mactime,
- rx_status->device_timestamp,
-- &elems, false);
-+ elems, false);
-+ kfree(elems);
- }
- break;
- }
---- a/net/mac80211/scan.c
-+++ b/net/mac80211/scan.c
-@@ -9,7 +9,7 @@
- * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
- * Copyright 2013-2015 Intel Mobile Communications GmbH
- * Copyright 2016-2017 Intel Deutschland GmbH
-- * Copyright (C) 2018-2020 Intel Corporation
-+ * Copyright (C) 2018-2021 Intel Corporation
- */
-
- #include <linux/if_arp.h>
-@@ -155,7 +155,7 @@ ieee80211_bss_info_update(struct ieee802
- };
- bool signal_valid;
- struct ieee80211_sub_if_data *scan_sdata;
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems;
- size_t baselen;
- u8 *elements;
-
-@@ -209,8 +209,10 @@ ieee80211_bss_info_update(struct ieee802
- if (baselen > len)
- return NULL;
-
-- ieee802_11_parse_elems(elements, len - baselen, false, &elems,
-- mgmt->bssid, cbss->bssid);
-+ elems = ieee802_11_parse_elems(elements, len - baselen, false,
-+ mgmt->bssid, cbss->bssid);
-+ if (!elems)
-+ return NULL;
-
- /* In case the signal is invalid update the status */
- signal_valid = channel == cbss->channel;
-@@ -218,15 +220,17 @@ ieee80211_bss_info_update(struct ieee802
- rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL;
-
- bss = (void *)cbss->priv;
-- ieee80211_update_bss_from_elems(local, bss, &elems, rx_status, beacon);
-+ ieee80211_update_bss_from_elems(local, bss, elems, rx_status, beacon);
-
- list_for_each_entry(non_tx_cbss, &cbss->nontrans_list, nontrans_list) {
- non_tx_bss = (void *)non_tx_cbss->priv;
-
-- ieee80211_update_bss_from_elems(local, non_tx_bss, &elems,
-+ ieee80211_update_bss_from_elems(local, non_tx_bss, elems,
- rx_status, beacon);
- }
-
-+ kfree(elems);
-+
- return bss;
- }
-
---- a/net/mac80211/tdls.c
-+++ b/net/mac80211/tdls.c
-@@ -6,7 +6,7 @@
- * Copyright 2014, Intel Corporation
- * Copyright 2014 Intel Mobile Communications GmbH
- * Copyright 2015 - 2016 Intel Deutschland GmbH
-- * Copyright (C) 2019 Intel Corporation
-+ * Copyright (C) 2019, 2021 Intel Corporation
- */
-
- #include <linux/ieee80211.h>
-@@ -1684,7 +1684,7 @@ ieee80211_process_tdls_channel_switch_re
- struct sk_buff *skb)
- {
- struct ieee80211_local *local = sdata->local;
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems = NULL;
- struct sta_info *sta;
- struct ieee80211_tdls_data *tf = (void *)skb->data;
- bool local_initiator;
-@@ -1718,16 +1718,20 @@ ieee80211_process_tdls_channel_switch_re
- goto call_drv;
- }
-
-- ieee802_11_parse_elems(tf->u.chan_switch_resp.variable,
-- skb->len - baselen, false, &elems,
-- NULL, NULL);
-- if (elems.parse_error) {
-+ elems = ieee802_11_parse_elems(tf->u.chan_switch_resp.variable,
-+ skb->len - baselen, false, NULL, NULL);
-+ if (!elems) {
-+ ret = -ENOMEM;
-+ goto out;
-+ }
-+
-+ if (elems->parse_error) {
- tdls_dbg(sdata, "Invalid IEs in TDLS channel switch resp\n");
- ret = -EINVAL;
- goto out;
- }
-
-- if (!elems.ch_sw_timing || !elems.lnk_id) {
-+ if (!elems->ch_sw_timing || !elems->lnk_id) {
- tdls_dbg(sdata, "TDLS channel switch resp - missing IEs\n");
- ret = -EINVAL;
- goto out;
-@@ -1735,15 +1739,15 @@ ieee80211_process_tdls_channel_switch_re
-
- /* validate the initiator is set correctly */
- local_initiator =
-- !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
-+ !memcmp(elems->lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
- if (local_initiator == sta->sta.tdls_initiator) {
- tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n");
- ret = -EINVAL;
- goto out;
- }
-
-- params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time);
-- params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout);
-+ params.switch_time = le16_to_cpu(elems->ch_sw_timing->switch_time);
-+ params.switch_timeout = le16_to_cpu(elems->ch_sw_timing->switch_timeout);
-
- params.tmpl_skb =
- ieee80211_tdls_ch_sw_resp_tmpl_get(sta, ¶ms.ch_sw_tm_ie);
-@@ -1763,6 +1767,7 @@ call_drv:
- out:
- mutex_unlock(&local->sta_mtx);
- dev_kfree_skb_any(params.tmpl_skb);
-+ kfree(elems);
- return ret;
- }
-
-@@ -1771,7 +1776,7 @@ ieee80211_process_tdls_channel_switch_re
- struct sk_buff *skb)
- {
- struct ieee80211_local *local = sdata->local;
-- struct ieee802_11_elems elems;
-+ struct ieee802_11_elems *elems;
- struct cfg80211_chan_def chandef;
- struct ieee80211_channel *chan;
- enum nl80211_channel_type chan_type;
-@@ -1831,22 +1836,27 @@ ieee80211_process_tdls_channel_switch_re
- return -EINVAL;
- }
-
-- ieee802_11_parse_elems(tf->u.chan_switch_req.variable,
-- skb->len - baselen, false, &elems, NULL, NULL);
-- if (elems.parse_error) {
-+ elems = ieee802_11_parse_elems(tf->u.chan_switch_req.variable,
-+ skb->len - baselen, false, NULL, NULL);
-+ if (!elems)
-+ return -ENOMEM;
-+
-+ if (elems->parse_error) {
- tdls_dbg(sdata, "Invalid IEs in TDLS channel switch req\n");
-- return -EINVAL;
-+ ret = -EINVAL;
-+ goto free;
- }
-
-- if (!elems.ch_sw_timing || !elems.lnk_id) {
-+ if (!elems->ch_sw_timing || !elems->lnk_id) {
- tdls_dbg(sdata, "TDLS channel switch req - missing IEs\n");
-- return -EINVAL;
-+ ret = -EINVAL;
-+ goto free;
- }
-
-- if (!elems.sec_chan_offs) {
-+ if (!elems->sec_chan_offs) {
- chan_type = NL80211_CHAN_HT20;
- } else {
-- switch (elems.sec_chan_offs->sec_chan_offs) {
-+ switch (elems->sec_chan_offs->sec_chan_offs) {
- case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
- chan_type = NL80211_CHAN_HT40PLUS;
- break;
-@@ -1865,7 +1875,8 @@ ieee80211_process_tdls_channel_switch_re
- if (!cfg80211_reg_can_beacon_relax(sdata->local->hw.wiphy, &chandef,
- sdata->wdev.iftype)) {
- tdls_dbg(sdata, "TDLS chan switch to forbidden channel\n");
-- return -EINVAL;
-+ ret = -EINVAL;
-+ goto free;
- }
-
- mutex_lock(&local->sta_mtx);
-@@ -1881,7 +1892,7 @@ ieee80211_process_tdls_channel_switch_re
-
- /* validate the initiator is set correctly */
- local_initiator =
-- !memcmp(elems.lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
-+ !memcmp(elems->lnk_id->init_sta, sdata->vif.addr, ETH_ALEN);
- if (local_initiator == sta->sta.tdls_initiator) {
- tdls_dbg(sdata, "TDLS chan switch invalid lnk-id initiator\n");
- ret = -EINVAL;
-@@ -1889,16 +1900,16 @@ ieee80211_process_tdls_channel_switch_re
- }
-
- /* peer should have known better */
-- if (!sta->sta.ht_cap.ht_supported && elems.sec_chan_offs &&
-- elems.sec_chan_offs->sec_chan_offs) {
-+ if (!sta->sta.ht_cap.ht_supported && elems->sec_chan_offs &&
-+ elems->sec_chan_offs->sec_chan_offs) {
- tdls_dbg(sdata, "TDLS chan switch - wide chan unsupported\n");
- ret = -ENOTSUPP;
- goto out;
- }
-
- params.chandef = &chandef;
-- params.switch_time = le16_to_cpu(elems.ch_sw_timing->switch_time);
-- params.switch_timeout = le16_to_cpu(elems.ch_sw_timing->switch_timeout);
-+ params.switch_time = le16_to_cpu(elems->ch_sw_timing->switch_time);
-+ params.switch_timeout = le16_to_cpu(elems->ch_sw_timing->switch_timeout);
-
- params.tmpl_skb =
- ieee80211_tdls_ch_sw_resp_tmpl_get(sta,
-@@ -1917,6 +1928,8 @@ ieee80211_process_tdls_channel_switch_re
- out:
- mutex_unlock(&local->sta_mtx);
- dev_kfree_skb_any(params.tmpl_skb);
-+free:
-+ kfree(elems);
- return ret;
- }
-
---- a/net/mac80211/util.c
-+++ b/net/mac80211/util.c
-@@ -1399,8 +1399,8 @@ _ieee802_11_parse_elems_crc(const u8 *st
-
- static size_t ieee802_11_find_bssid_profile(const u8 *start, size_t len,
- struct ieee802_11_elems *elems,
-- u8 *transmitter_bssid,
-- u8 *bss_bssid,
-+ const u8 *transmitter_bssid,
-+ const u8 *bss_bssid,
- u8 *nontransmitted_profile)
- {
- const struct element *elem, *sub;
-@@ -1465,16 +1465,20 @@ static size_t ieee802_11_find_bssid_prof
- return found ? profile_len : 0;
- }
-
--void ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
-- struct ieee802_11_elems *elems,
-- u64 filter, u32 crc, u8 *transmitter_bssid,
-- u8 *bss_bssid)
-+struct ieee802_11_elems *ieee802_11_parse_elems_crc(const u8 *start, size_t len,
-+ bool action, u64 filter,
-+ u32 crc,
-+ const u8 *transmitter_bssid,
-+ const u8 *bss_bssid)
- {
-+ struct ieee802_11_elems *elems;
- const struct element *non_inherit = NULL;
- u8 *nontransmitted_profile;
- int nontransmitted_profile_len = 0;
-
-- memset(elems, 0, sizeof(*elems));
-+ elems = kzalloc(sizeof(*elems), GFP_ATOMIC);
-+ if (!elems)
-+ return NULL;
- elems->ie_start = start;
- elems->total_len = len;
-
-@@ -1521,6 +1525,8 @@ void ieee802_11_parse_elems_crc(const u8
- kfree(nontransmitted_profile);
-
- elems->crc = crc;
-+
-+ return elems;
- }
-
- void ieee80211_regulatory_limit_wmm_params(struct ieee80211_sub_if_data *sdata,
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/350-mac80211-fix-memory-leaks-with-element-parsing.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/350-mac80211-fix-memory-leaks-with-element-parsing.patch
deleted file mode 100644
index f4906e8..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/350-mac80211-fix-memory-leaks-with-element-parsing.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Fri, 1 Oct 2021 21:11:08 +0200
-Subject: [PATCH] mac80211: fix memory leaks with element parsing
-
-commit 8223ac199a3849257e86ec27865dc63f034b1cf1 upstream.
-
-My previous commit 5d24828d05f3 ("mac80211: always allocate
-struct ieee802_11_elems") had a few bugs and leaked the new
-allocated struct in a few error cases, fix that.
-
-Fixes: 5d24828d05f3 ("mac80211: always allocate struct ieee802_11_elems")
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Link: https://lore.kernel.org/r/20211001211108.9839928e42e0.Ib81ca187d3d3af7ed1bfeac2e00d08a4637c8025@changeid
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/agg-rx.c
-+++ b/net/mac80211/agg-rx.c
-@@ -499,13 +499,14 @@ void ieee80211_process_addba_request(str
- elems = ieee802_11_parse_elems(mgmt->u.action.u.addba_req.variable,
- ies_len, true, mgmt->bssid, NULL);
- if (!elems || elems->parse_error)
-- return;
-+ goto free;
- }
-
- __ieee80211_start_rx_ba_session(sta, dialog_token, timeout,
- start_seq_num, ba_policy, tid,
- buf_size, true, false,
- elems ? elems->addba_ext_ie : NULL);
-+free:
- kfree(elems);
- }
-
---- a/net/mac80211/ibss.c
-+++ b/net/mac80211/ibss.c
-@@ -1659,11 +1659,11 @@ void ieee80211_ibss_rx_queued_mgmt(struc
- mgmt->u.action.u.chan_switch.variable,
- ies_len, true, mgmt->bssid, NULL);
-
-- if (!elems || elems->parse_error)
-- break;
--
-- ieee80211_rx_mgmt_spectrum_mgmt(sdata, mgmt, skb->len,
-- rx_status, elems);
-+ if (elems && !elems->parse_error)
-+ ieee80211_rx_mgmt_spectrum_mgmt(sdata, mgmt,
-+ skb->len,
-+ rx_status,
-+ elems);
- kfree(elems);
- break;
- }
---- a/net/mac80211/mlme.c
-+++ b/net/mac80211/mlme.c
-@@ -3374,8 +3374,10 @@ static bool ieee80211_assoc_success(stru
- bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
- GFP_ATOMIC);
- rcu_read_unlock();
-- if (!bss_ies)
-- return false;
-+ if (!bss_ies) {
-+ ret = false;
-+ goto out;
-+ }
-
- bss_elems = ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
- false, mgmt->bssid,
-@@ -4358,13 +4360,11 @@ void ieee80211_sta_rx_queued_mgmt(struct
- mgmt->u.action.u.chan_switch.variable,
- ies_len, true, mgmt->bssid, NULL);
-
-- if (!elems || elems->parse_error)
-- break;
--
-- ieee80211_sta_process_chanswitch(sdata,
-- rx_status->mactime,
-- rx_status->device_timestamp,
-- elems, false);
-+ if (elems && !elems->parse_error)
-+ ieee80211_sta_process_chanswitch(sdata,
-+ rx_status->mactime,
-+ rx_status->device_timestamp,
-+ elems, false);
- kfree(elems);
- } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
- struct ieee802_11_elems *elems;
-@@ -4384,17 +4384,17 @@ void ieee80211_sta_rx_queued_mgmt(struct
- mgmt->u.action.u.ext_chan_switch.variable,
- ies_len, true, mgmt->bssid, NULL);
-
-- if (!elems || elems->parse_error)
-- break;
-+ if (elems && !elems->parse_error) {
-+ /* for the handling code pretend it was an IE */
-+ elems->ext_chansw_ie =
-+ &mgmt->u.action.u.ext_chan_switch.data;
-+
-+ ieee80211_sta_process_chanswitch(sdata,
-+ rx_status->mactime,
-+ rx_status->device_timestamp,
-+ elems, false);
-+ }
-
-- /* for the handling code pretend this was also an IE */
-- elems->ext_chansw_ie =
-- &mgmt->u.action.u.ext_chan_switch.data;
--
-- ieee80211_sta_process_chanswitch(sdata,
-- rx_status->mactime,
-- rx_status->device_timestamp,
-- elems, false);
- kfree(elems);
- }
- break;
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/351-wifi-cfg80211-fix-u8-overflow-in-cfg80211_update_not.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/351-wifi-cfg80211-fix-u8-overflow-in-cfg80211_update_not.patch
deleted file mode 100644
index 9e1f781..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/351-wifi-cfg80211-fix-u8-overflow-in-cfg80211_update_not.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Wed, 28 Sep 2022 21:56:15 +0200
-Subject: [PATCH] wifi: cfg80211: fix u8 overflow in
- cfg80211_update_notlisted_nontrans()
-
-commit aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d upstream.
-
-In the copy code of the elements, we do the following calculation
-to reach the end of the MBSSID element:
-
- /* copy the IEs after MBSSID */
- cpy_len = mbssid[1] + 2;
-
-This looks fine, however, cpy_len is a u8, the same as mbssid[1],
-so the addition of two can overflow. In this case the subsequent
-memcpy() will overflow the allocated buffer, since it copies 256
-bytes too much due to the way the allocation and memcpy() sizes
-are calculated.
-
-Fix this by using size_t for the cpy_len variable.
-
-This fixes CVE-2022-41674.
-
-Reported-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de>
-Tested-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de>
-Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning")
-Reviewed-by: Kees Cook <keescook@chromium.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/wireless/scan.c
-+++ b/net/wireless/scan.c
-@@ -2238,7 +2238,7 @@ cfg80211_update_notlisted_nontrans(struc
- size_t new_ie_len;
- struct cfg80211_bss_ies *new_ies;
- const struct cfg80211_bss_ies *old;
-- u8 cpy_len;
-+ size_t cpy_len;
-
- lockdep_assert_held(&wiphy_to_rdev(wiphy)->bss_lock);
-
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/352-wifi-cfg80211-mac80211-reject-bad-MBSSID-elements.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/352-wifi-cfg80211-mac80211-reject-bad-MBSSID-elements.patch
deleted file mode 100644
index 4c8e05e..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/352-wifi-cfg80211-mac80211-reject-bad-MBSSID-elements.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Wed, 28 Sep 2022 22:01:37 +0200
-Subject: [PATCH] wifi: cfg80211/mac80211: reject bad MBSSID elements
-
-commit 8f033d2becc24aa6bfd2a5c104407963560caabc upstream
-
-Per spec, the maximum value for the MaxBSSID ('n') indicator is 8,
-and the minimum is 1 since a multiple BSSID set with just one BSSID
-doesn't make sense (the # of BSSIDs is limited by 2^n).
-
-Limit this in the parsing in both cfg80211 and mac80211, rejecting
-any elements with an invalid value.
-
-This fixes potentially bad shifts in the processing of these inside
-the cfg80211_gen_new_bssid() function later.
-
-I found this during the investigation of CVE-2022-41674 fixed by the
-previous patch.
-
-Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning")
-Fixes: 78ac51f81532 ("mac80211: support multi-bssid")
-Reviewed-by: Kees Cook <keescook@chromium.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/util.c
-+++ b/net/mac80211/util.c
-@@ -1413,6 +1413,8 @@ static size_t ieee802_11_find_bssid_prof
- for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, start, len) {
- if (elem->datalen < 2)
- continue;
-+ if (elem->data[0] < 1 || elem->data[0] > 8)
-+ continue;
-
- for_each_element(sub, elem->data + 1, elem->datalen - 1) {
- u8 new_bssid[ETH_ALEN];
---- a/net/wireless/scan.c
-+++ b/net/wireless/scan.c
-@@ -2103,6 +2103,8 @@ static void cfg80211_parse_mbssid_data(s
- for_each_element_id(elem, WLAN_EID_MULTIPLE_BSSID, ie, ielen) {
- if (elem->datalen < 4)
- continue;
-+ if (elem->data[0] < 1 || (int)elem->data[0] > 8)
-+ continue;
- for_each_element(sub, elem->data + 1, elem->datalen - 1) {
- u8 profile_len;
-
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/353-wifi-mac80211-fix-MBSSID-parsing-use-after-free.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/353-wifi-mac80211-fix-MBSSID-parsing-use-after-free.patch
deleted file mode 100644
index 6e97150..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/353-wifi-mac80211-fix-MBSSID-parsing-use-after-free.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Wed, 28 Sep 2022 22:07:15 +0200
-Subject: [PATCH] wifi: mac80211: fix MBSSID parsing use-after-free
-
-commit ff05d4b45dd89b922578dac497dcabf57cf771c6
-
-When we parse a multi-BSSID element, we might point some
-element pointers into the allocated nontransmitted_profile.
-However, we free this before returning, causing UAF when the
-relevant pointers in the parsed elements are accessed.
-
-Fix this by not allocating the scratch buffer separately but
-as part of the returned structure instead, that way, there
-are no lifetime issues with it.
-
-The scratch buffer introduction as part of the returned data
-here is taken from MLO feature work done by Ilan.
-
-This fixes CVE-2022-42719.
-
-Fixes: 5023b14cf4df ("mac80211: support profile split between elements")
-Co-developed-by: Ilan Peer <ilan.peer@intel.com>
-Signed-off-by: Ilan Peer <ilan.peer@intel.com>
-Reviewed-by: Kees Cook <keescook@chromium.org>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/ieee80211_i.h
-+++ b/net/mac80211/ieee80211_i.h
-@@ -1611,6 +1611,14 @@ struct ieee802_11_elems {
-
- /* whether a parse error occurred while retrieving these elements */
- bool parse_error;
-+
-+ /*
-+ * scratch buffer that can be used for various element parsing related
-+ * tasks, e.g., element de-fragmentation etc.
-+ */
-+ size_t scratch_len;
-+ u8 *scratch_pos;
-+ u8 scratch[];
- };
-
- static inline struct ieee80211_local *hw_to_local(
---- a/net/mac80211/util.c
-+++ b/net/mac80211/util.c
-@@ -1478,24 +1478,25 @@ struct ieee802_11_elems *ieee802_11_pars
- u8 *nontransmitted_profile;
- int nontransmitted_profile_len = 0;
-
-- elems = kzalloc(sizeof(*elems), GFP_ATOMIC);
-+ elems = kzalloc(sizeof(*elems) + len, GFP_ATOMIC);
- if (!elems)
- return NULL;
- elems->ie_start = start;
- elems->total_len = len;
-
-- nontransmitted_profile = kmalloc(len, GFP_ATOMIC);
-- if (nontransmitted_profile) {
-- nontransmitted_profile_len =
-- ieee802_11_find_bssid_profile(start, len, elems,
-- transmitter_bssid,
-- bss_bssid,
-- nontransmitted_profile);
-- non_inherit =
-- cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
-- nontransmitted_profile,
-- nontransmitted_profile_len);
-- }
-+ elems->scratch_len = len;
-+ elems->scratch_pos = elems->scratch;
-+
-+ nontransmitted_profile = elems->scratch_pos;
-+ nontransmitted_profile_len =
-+ ieee802_11_find_bssid_profile(start, len, elems,
-+ transmitter_bssid,
-+ bss_bssid,
-+ nontransmitted_profile);
-+ non_inherit =
-+ cfg80211_find_ext_elem(WLAN_EID_EXT_NON_INHERITANCE,
-+ nontransmitted_profile,
-+ nontransmitted_profile_len);
-
- crc = _ieee802_11_parse_elems_crc(start, len, action, elems, filter,
- crc, non_inherit);
-@@ -1524,8 +1525,6 @@ struct ieee802_11_elems *ieee802_11_pars
- offsetofend(struct ieee80211_bssid_index, dtim_count))
- elems->dtim_count = elems->bssid_index->dtim_count;
-
-- kfree(nontransmitted_profile);
--
- elems->crc = crc;
-
- return elems;
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/354-wifi-cfg80211-ensure-length-byte-is-present-before-a.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/354-wifi-cfg80211-ensure-length-byte-is-present-before-a.patch
deleted file mode 100644
index da94840..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/354-wifi-cfg80211-ensure-length-byte-is-present-before-a.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Thu, 29 Sep 2022 21:50:44 +0200
-Subject: [PATCH] wifi: cfg80211: ensure length byte is present before
- access
-
-commit 567e14e39e8f8c6997a1378bc3be615afca86063 upstream.
-
-When iterating the elements here, ensure the length byte is
-present before checking it to see if the entire element will
-fit into the buffer.
-
-Longer term, we should rewrite this code using the type-safe
-element iteration macros that check all of this.
-
-Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning")
-Reported-by: Soenke Huster <shuster@seemoo.tu-darmstadt.de>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/wireless/scan.c
-+++ b/net/wireless/scan.c
-@@ -304,7 +304,8 @@ static size_t cfg80211_gen_new_ie(const
- tmp_old = cfg80211_find_ie(WLAN_EID_SSID, ie, ielen);
- tmp_old = (tmp_old) ? tmp_old + tmp_old[1] + 2 : ie;
-
-- while (tmp_old + tmp_old[1] + 2 - ie <= ielen) {
-+ while (tmp_old + 2 - ie <= ielen &&
-+ tmp_old + tmp_old[1] + 2 - ie <= ielen) {
- if (tmp_old[0] == 0) {
- tmp_old++;
- continue;
-@@ -364,7 +365,8 @@ static size_t cfg80211_gen_new_ie(const
- * copied to new ie, skip ssid, capability, bssid-index ie
- */
- tmp_new = sub_copy;
-- while (tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) {
-+ while (tmp_new + 2 - sub_copy <= subie_len &&
-+ tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) {
- if (!(tmp_new[0] == WLAN_EID_NON_TX_BSSID_CAP ||
- tmp_new[0] == WLAN_EID_SSID)) {
- memcpy(pos, tmp_new, tmp_new[1] + 2);
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/355-wifi-cfg80211-fix-BSS-refcounting-bugs.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/355-wifi-cfg80211-fix-BSS-refcounting-bugs.patch
deleted file mode 100644
index 4680e1e..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/355-wifi-cfg80211-fix-BSS-refcounting-bugs.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Fri, 30 Sep 2022 23:44:23 +0200
-Subject: [PATCH] wifi: cfg80211: fix BSS refcounting bugs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit 0b7808818cb9df6680f98996b8e9a439fa7bcc2f upstream.
-
-There are multiple refcounting bugs related to multi-BSSID:
- - In bss_ref_get(), if the BSS has a hidden_beacon_bss, then
- the bss pointer is overwritten before checking for the
- transmitted BSS, which is clearly wrong. Fix this by using
- the bss_from_pub() macro.
-
- - In cfg80211_bss_update() we copy the transmitted_bss pointer
- from tmp into new, but then if we release new, we'll unref
- it erroneously. We already set the pointer and ref it, but
- need to NULL it since it was copied from the tmp data.
-
- - In cfg80211_inform_single_bss_data(), if adding to the non-
- transmitted list fails, we unlink the BSS and yet still we
- return it, but this results in returning an entry without
- a reference. We shouldn't return it anyway if it was broken
- enough to not get added there.
-
-This fixes CVE-2022-42720.
-
-Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Fixes: a3584f56de1c ("cfg80211: Properly track transmitting and non-transmitting BSS")
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/wireless/scan.c
-+++ b/net/wireless/scan.c
-@@ -143,18 +143,12 @@ static inline void bss_ref_get(struct cf
- lockdep_assert_held(&rdev->bss_lock);
-
- bss->refcount++;
-- if (bss->pub.hidden_beacon_bss) {
-- bss = container_of(bss->pub.hidden_beacon_bss,
-- struct cfg80211_internal_bss,
-- pub);
-- bss->refcount++;
-- }
-- if (bss->pub.transmitted_bss) {
-- bss = container_of(bss->pub.transmitted_bss,
-- struct cfg80211_internal_bss,
-- pub);
-- bss->refcount++;
-- }
-+
-+ if (bss->pub.hidden_beacon_bss)
-+ bss_from_pub(bss->pub.hidden_beacon_bss)->refcount++;
-+
-+ if (bss->pub.transmitted_bss)
-+ bss_from_pub(bss->pub.transmitted_bss)->refcount++;
- }
-
- static inline void bss_ref_put(struct cfg80211_registered_device *rdev,
-@@ -1743,6 +1737,8 @@ cfg80211_bss_update(struct cfg80211_regi
- new->refcount = 1;
- INIT_LIST_HEAD(&new->hidden_list);
- INIT_LIST_HEAD(&new->pub.nontrans_list);
-+ /* we'll set this later if it was non-NULL */
-+ new->pub.transmitted_bss = NULL;
-
- if (rcu_access_pointer(tmp->pub.proberesp_ies)) {
- hidden = rb_find_bss(rdev, tmp, BSS_CMP_HIDE_ZLEN);
-@@ -1983,10 +1979,15 @@ cfg80211_inform_single_bss_data(struct w
- spin_lock_bh(&rdev->bss_lock);
- if (cfg80211_add_nontrans_list(non_tx_data->tx_bss,
- &res->pub)) {
-- if (__cfg80211_unlink_bss(rdev, res))
-+ if (__cfg80211_unlink_bss(rdev, res)) {
- rdev->bss_generation++;
-+ res = NULL;
-+ }
- }
- spin_unlock_bh(&rdev->bss_lock);
-+
-+ if (!res)
-+ return NULL;
- }
-
- trace_cfg80211_return_bss(&res->pub);
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/356-wifi-cfg80211-avoid-nontransmitted-BSS-list-corrupti.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/356-wifi-cfg80211-avoid-nontransmitted-BSS-list-corrupti.patch
deleted file mode 100644
index db0e51e..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/356-wifi-cfg80211-avoid-nontransmitted-BSS-list-corrupti.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Sat, 1 Oct 2022 00:01:44 +0200
-Subject: [PATCH] wifi: cfg80211: avoid nontransmitted BSS list
- corruption
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit bcca852027e5878aec911a347407ecc88d6fff7f upstream.
-
-If a non-transmitted BSS shares enough information (both
-SSID and BSSID!) with another non-transmitted BSS of a
-different AP, then we can find and update it, and then
-try to add it to the non-transmitted BSS list. We do a
-search for it on the transmitted BSS, but if it's not
-there (but belongs to another transmitted BSS), the list
-gets corrupted.
-
-Since this is an erroneous situation, simply fail the
-list insertion in this case and free the non-transmitted
-BSS.
-
-This fixes CVE-2022-42721.
-
-Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning")
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/wireless/scan.c
-+++ b/net/wireless/scan.c
-@@ -425,6 +425,15 @@ cfg80211_add_nontrans_list(struct cfg802
-
- rcu_read_unlock();
-
-+ /*
-+ * This is a bit weird - it's not on the list, but already on another
-+ * one! The only way that could happen is if there's some BSSID/SSID
-+ * shared by multiple APs in their multi-BSSID profiles, potentially
-+ * with hidden SSID mixed in ... ignore it.
-+ */
-+ if (!list_empty(&nontrans_bss->nontrans_list))
-+ return -EINVAL;
-+
- /* add to the list */
- list_add_tail(&nontrans_bss->nontrans_list, &trans_bss->nontrans_list);
- return 0;
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/357-wifi-mac80211_hwsim-avoid-mac80211-warning-on-bad-ra.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/357-wifi-mac80211_hwsim-avoid-mac80211-warning-on-bad-ra.patch
deleted file mode 100644
index ed834ff..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/357-wifi-mac80211_hwsim-avoid-mac80211-warning-on-bad-ra.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Wed, 5 Oct 2022 15:10:09 +0200
-Subject: [PATCH] wifi: mac80211_hwsim: avoid mac80211 warning on bad
- rate
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit 1833b6f46d7e2830251a063935ab464256defe22 upstream.
-
-If the tool on the other side (e.g. wmediumd) gets confused
-about the rate, we hit a warning in mac80211. Silence that
-by effectively duplicating the check here and dropping the
-frame silently (in mac80211 it's dropped with the warning).
-
-Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/drivers/net/wireless/mac80211_hwsim.c
-+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -3760,6 +3760,8 @@ static int hwsim_cloned_frame_received_n
-
- rx_status.band = channel->band;
- rx_status.rate_idx = nla_get_u32(info->attrs[HWSIM_ATTR_RX_RATE]);
-+ if (rx_status.rate_idx >= data2->hw->wiphy->bands[rx_status.band]->n_bitrates)
-+ goto out;
- rx_status.signal = nla_get_u32(info->attrs[HWSIM_ATTR_SIGNAL]);
-
- hdr = (void *)skb->data;
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/358-wifi-mac80211-fix-crash-in-beacon-protection-for-P2P.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/358-wifi-mac80211-fix-crash-in-beacon-protection-for-P2P.patch
deleted file mode 100644
index 44b8729..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/358-wifi-mac80211-fix-crash-in-beacon-protection-for-P2P.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Wed, 5 Oct 2022 21:24:10 +0200
-Subject: [PATCH] wifi: mac80211: fix crash in beacon protection for
- P2P-device
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit b2d03cabe2b2e150ff5a381731ea0355459be09f upstream.
-
-If beacon protection is active but the beacon cannot be
-decrypted or is otherwise malformed, we call the cfg80211
-API to report this to userspace, but that uses a netdev
-pointer, which isn't present for P2P-Device. Fix this to
-call it only conditionally to ensure cfg80211 won't crash
-in the case of P2P-Device.
-
-This fixes CVE-2022-42722.
-
-Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Fixes: 9eaf183af741 ("mac80211: Report beacon protection failures to user space")
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/mac80211/rx.c
-+++ b/net/mac80211/rx.c
-@@ -1986,10 +1986,11 @@ ieee80211_rx_h_decrypt(struct ieee80211_
-
- if (mmie_keyidx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS ||
- mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
-- NUM_DEFAULT_BEACON_KEYS) {
-- cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
-- skb->data,
-- skb->len);
-+ NUM_DEFAULT_BEACON_KEYS) {
-+ if (rx->sdata->dev)
-+ cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
-+ skb->data,
-+ skb->len);
- return RX_DROP_MONITOR; /* unexpected BIP keyidx */
- }
-
-@@ -2137,7 +2138,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_
- /* either the frame has been decrypted or will be dropped */
- status->flag |= RX_FLAG_DECRYPTED;
-
-- if (unlikely(ieee80211_is_beacon(fc) && result == RX_DROP_UNUSABLE))
-+ if (unlikely(ieee80211_is_beacon(fc) && result == RX_DROP_UNUSABLE &&
-+ rx->sdata->dev))
- cfg80211_rx_unprot_mlme_mgmt(rx->sdata->dev,
- skb->data, skb->len);
-
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/359-wifi-cfg80211-update-hidden-BSSes-to-avoid-WARN_ON.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/359-wifi-cfg80211-update-hidden-BSSes-to-avoid-WARN_ON.patch
deleted file mode 100644
index c689fac..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/359-wifi-cfg80211-update-hidden-BSSes-to-avoid-WARN_ON.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From: Johannes Berg <johannes.berg@intel.com>
-Date: Wed, 5 Oct 2022 23:11:43 +0200
-Subject: [PATCH] wifi: cfg80211: update hidden BSSes to avoid WARN_ON
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit c90b93b5b782891ebfda49d4e5da36632fefd5d1 upstream.
-
-When updating beacon elements in a non-transmitted BSS,
-also update the hidden sub-entries to the same beacon
-elements, so that a future update through other paths
-won't trigger a WARN_ON().
-
-The warning is triggered because the beacon elements in
-the hidden BSSes that are children of the BSS should
-always be the same as in the parent.
-
-Reported-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Tested-by: Sönke Huster <shuster@seemoo.tu-darmstadt.de>
-Fixes: 0b8fb8235be8 ("cfg80211: Parsing of Multiple BSSID information in scanning")
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
----
-
---- a/net/wireless/scan.c
-+++ b/net/wireless/scan.c
-@@ -1609,6 +1609,23 @@ struct cfg80211_non_tx_bss {
- u8 bssid_index;
- };
-
-+static void cfg80211_update_hidden_bsses(struct cfg80211_internal_bss *known,
-+ const struct cfg80211_bss_ies *new_ies,
-+ const struct cfg80211_bss_ies *old_ies)
-+{
-+ struct cfg80211_internal_bss *bss;
-+
-+ /* Assign beacon IEs to all sub entries */
-+ list_for_each_entry(bss, &known->hidden_list, hidden_list) {
-+ const struct cfg80211_bss_ies *ies;
-+
-+ ies = rcu_access_pointer(bss->pub.beacon_ies);
-+ WARN_ON(ies != old_ies);
-+
-+ rcu_assign_pointer(bss->pub.beacon_ies, new_ies);
-+ }
-+}
-+
- static bool
- cfg80211_update_known_bss(struct cfg80211_registered_device *rdev,
- struct cfg80211_internal_bss *known,
-@@ -1632,7 +1649,6 @@ cfg80211_update_known_bss(struct cfg8021
- kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head);
- } else if (rcu_access_pointer(new->pub.beacon_ies)) {
- const struct cfg80211_bss_ies *old;
-- struct cfg80211_internal_bss *bss;
-
- if (known->pub.hidden_beacon_bss &&
- !list_empty(&known->hidden_list)) {
-@@ -1660,16 +1676,7 @@ cfg80211_update_known_bss(struct cfg8021
- if (old == rcu_access_pointer(known->pub.ies))
- rcu_assign_pointer(known->pub.ies, new->pub.beacon_ies);
-
-- /* Assign beacon IEs to all sub entries */
-- list_for_each_entry(bss, &known->hidden_list, hidden_list) {
-- const struct cfg80211_bss_ies *ies;
--
-- ies = rcu_access_pointer(bss->pub.beacon_ies);
-- WARN_ON(ies != old);
--
-- rcu_assign_pointer(bss->pub.beacon_ies,
-- new->pub.beacon_ies);
-- }
-+ cfg80211_update_hidden_bsses(known, new->pub.beacon_ies, old);
-
- if (old)
- kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head);
-@@ -2319,6 +2326,8 @@ cfg80211_update_notlisted_nontrans(struc
- } else {
- old = rcu_access_pointer(nontrans_bss->beacon_ies);
- rcu_assign_pointer(nontrans_bss->beacon_ies, new_ies);
-+ cfg80211_update_hidden_bsses(bss_from_pub(nontrans_bss),
-+ new_ies, old);
- rcu_assign_pointer(nontrans_bss->ies, new_ies);
- if (old)
- kfree_rcu((struct cfg80211_bss_ies *)old, rcu_head);
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/360-mac80211-fix-a-memory-leak-where-sta_info-is-not-fre.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/360-mac80211-fix-a-memory-leak-where-sta_info-is-not-fre.patch
deleted file mode 100644
index ff3cb7b..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/360-mac80211-fix-a-memory-leak-where-sta_info-is-not-fre.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From 4db561ae4a90c2d0e15996634567559e292dc9e5 Mon Sep 17 00:00:00 2001
-From: Ahmed Zaki <anzaki@gmail.com>
-Date: Sat, 2 Oct 2021 08:53:29 -0600
-Subject: [PATCH] mac80211: fix a memory leak where sta_info is not freed
-
-commit 8f9dcc29566626f683843ccac6113a12208315ca upstream.
-
-The following is from a system that went OOM due to a memory leak:
-
-wlan0: Allocated STA 74:83:c2:64:0b:87
-wlan0: Allocated STA 74:83:c2:64:0b:87
-wlan0: IBSS finish 74:83:c2:64:0b:87 (---from ieee80211_ibss_add_sta)
-wlan0: Adding new IBSS station 74:83:c2:64:0b:87
-wlan0: moving STA 74:83:c2:64:0b:87 to state 2
-wlan0: moving STA 74:83:c2:64:0b:87 to state 3
-wlan0: Inserted STA 74:83:c2:64:0b:87
-wlan0: IBSS finish 74:83:c2:64:0b:87 (---from ieee80211_ibss_work)
-wlan0: Adding new IBSS station 74:83:c2:64:0b:87
-wlan0: moving STA 74:83:c2:64:0b:87 to state 2
-wlan0: moving STA 74:83:c2:64:0b:87 to state 3
-.
-.
-wlan0: expiring inactive not authorized STA 74:83:c2:64:0b:87
-wlan0: moving STA 74:83:c2:64:0b:87 to state 2
-wlan0: moving STA 74:83:c2:64:0b:87 to state 1
-wlan0: Removed STA 74:83:c2:64:0b:87
-wlan0: Destroyed STA 74:83:c2:64:0b:87
-
-The ieee80211_ibss_finish_sta() is called twice on the same STA from 2
-different locations. On the second attempt, the allocated STA is not
-destroyed creating a kernel memory leak.
-
-This is happening because sta_info_insert_finish() does not call
-sta_info_free() the second time when the STA already exists (returns
--EEXIST). Note that the caller sta_info_insert_rcu() assumes STA is
-destroyed upon errors.
-
-Same fix is applied to -ENOMEM.
-
-Signed-off-by: Ahmed Zaki <anzaki@gmail.com>
-Link: https://lore.kernel.org/r/20211002145329.3125293-1-anzaki@gmail.com
-[change the error path label to use the existing code]
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: Viacheslav Sablin <sablin@ispras.ru>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/mac80211/sta_info.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/net/mac80211/sta_info.c
-+++ b/net/mac80211/sta_info.c
-@@ -646,13 +646,13 @@ static int sta_info_insert_finish(struct
- /* check if STA exists already */
- if (sta_info_get_bss(sdata, sta->sta.addr)) {
- err = -EEXIST;
-- goto out_err;
-+ goto out_cleanup;
- }
-
- sinfo = kzalloc(sizeof(struct station_info), GFP_KERNEL);
- if (!sinfo) {
- err = -ENOMEM;
-- goto out_err;
-+ goto out_cleanup;
- }
-
- local->num_sta++;
-@@ -708,8 +708,8 @@ static int sta_info_insert_finish(struct
- out_drop_sta:
- local->num_sta--;
- synchronize_net();
-+ out_cleanup:
- cleanup_single_sta(sta);
-- out_err:
- mutex_unlock(&local->sta_mtx);
- kfree(sinfo);
- rcu_read_lock();
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/361-wifi-mac80211-Don-t-finalize-CSA-in-IBSS-mode-if-sta.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/361-wifi-mac80211-Don-t-finalize-CSA-in-IBSS-mode-if-sta.patch
deleted file mode 100644
index dd3e934..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/361-wifi-mac80211-Don-t-finalize-CSA-in-IBSS-mode-if-sta.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 552ba102a6898630a7d16887f29e606d6fabe508 Mon Sep 17 00:00:00 2001
-From: Siddh Raman Pant <code@siddh.me>
-Date: Sun, 14 Aug 2022 20:45:12 +0530
-Subject: [PATCH] wifi: mac80211: Don't finalize CSA in IBSS mode if state is
- disconnected
-
-commit 15bc8966b6d3a5b9bfe4c9facfa02f2b69b1e5f0 upstream.
-
-When we are not connected to a channel, sending channel "switch"
-announcement doesn't make any sense.
-
-The BSS list is empty in that case. This causes the for loop in
-cfg80211_get_bss() to be bypassed, so the function returns NULL
-(check line 1424 of net/wireless/scan.c), causing the WARN_ON()
-in ieee80211_ibss_csa_beacon() to get triggered (check line 500
-of net/mac80211/ibss.c), which was consequently reported on the
-syzkaller dashboard.
-
-Thus, check if we have an existing connection before generating
-the CSA beacon in ieee80211_ibss_finish_csa().
-
-Cc: stable@vger.kernel.org
-Fixes: cd7760e62c2a ("mac80211: add support for CSA in IBSS mode")
-Link: https://syzkaller.appspot.com/bug?id=05603ef4ae8926761b678d2939a3b2ad28ab9ca6
-Reported-by: syzbot+b6c9fe29aefe68e4ad34@syzkaller.appspotmail.com
-Signed-off-by: Siddh Raman Pant <code@siddh.me>
-Tested-by: syzbot+b6c9fe29aefe68e4ad34@syzkaller.appspotmail.com
-Link: https://lore.kernel.org/r/20220814151512.9985-1-code@siddh.me
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/mac80211/ibss.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
---- a/net/mac80211/ibss.c
-+++ b/net/mac80211/ibss.c
-@@ -534,6 +534,10 @@ int ieee80211_ibss_finish_csa(struct iee
-
- sdata_assert_lock(sdata);
-
-+ /* When not connected/joined, sending CSA doesn't make sense. */
-+ if (ifibss->state != IEEE80211_IBSS_MLME_JOINED)
-+ return -ENOLINK;
-+
- /* update cfg80211 bss information with the new channel */
- if (!is_zero_ether_addr(ifibss->bssid)) {
- cbss = cfg80211_get_bss(sdata->local->hw.wiphy,
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/362-wifi-mac80211-Fix-UAF-in-ieee80211_scan_rx.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/362-wifi-mac80211-Fix-UAF-in-ieee80211_scan_rx.patch
deleted file mode 100644
index 50b6b94..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/362-wifi-mac80211-Fix-UAF-in-ieee80211_scan_rx.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 5d20c6f932f2758078d0454729129c894fe353e7 Mon Sep 17 00:00:00 2001
-From: Siddh Raman Pant <code@siddh.me>
-Date: Sat, 20 Aug 2022 01:33:40 +0530
-Subject: [PATCH] wifi: mac80211: Fix UAF in ieee80211_scan_rx()
-
-commit 60deb9f10eec5c6a20252ed36238b55d8b614a2c upstream.
-
-ieee80211_scan_rx() tries to access scan_req->flags after a
-null check, but a UAF is observed when the scan is completed
-and __ieee80211_scan_completed() executes, which then calls
-cfg80211_scan_done() leading to the freeing of scan_req.
-
-Since scan_req is rcu_dereference()'d, prevent the racing in
-__ieee80211_scan_completed() by ensuring that from mac80211's
-POV it is no longer accessed from an RCU read critical section
-before we call cfg80211_scan_done().
-
-Cc: stable@vger.kernel.org
-Link: https://syzkaller.appspot.com/bug?extid=f9acff9bf08a845f225d
-Reported-by: syzbot+f9acff9bf08a845f225d@syzkaller.appspotmail.com
-Suggested-by: Johannes Berg <johannes@sipsolutions.net>
-Signed-off-by: Siddh Raman Pant <code@siddh.me>
-Link: https://lore.kernel.org/r/20220819200340.34826-1-code@siddh.me
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/mac80211/scan.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
---- a/net/mac80211/scan.c
-+++ b/net/mac80211/scan.c
-@@ -465,16 +465,19 @@ static void __ieee80211_scan_completed(s
- scan_req = rcu_dereference_protected(local->scan_req,
- lockdep_is_held(&local->mtx));
-
-- if (scan_req != local->int_scan_req) {
-- local->scan_info.aborted = aborted;
-- cfg80211_scan_done(scan_req, &local->scan_info);
-- }
- RCU_INIT_POINTER(local->scan_req, NULL);
- RCU_INIT_POINTER(local->scan_sdata, NULL);
-
- local->scanning = 0;
- local->scan_chandef.chan = NULL;
-
-+ synchronize_rcu();
-+
-+ if (scan_req != local->int_scan_req) {
-+ local->scan_info.aborted = aborted;
-+ cfg80211_scan_done(scan_req, &local->scan_info);
-+ }
-+
- /* Set power back to normal operating levels. */
- ieee80211_hw_config(local, 0);
-
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/500-mac80211_configure_antenna_gain.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/500-mac80211_configure_antenna_gain.patch
index 50c24a7..0e83e9b 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/500-mac80211_configure_antenna_gain.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/500-mac80211_configure_antenna_gain.patch
@@ -87,7 +87,7 @@
CFG80211_TESTMODE_DUMP(ieee80211_testmode_dump)
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
-@@ -1448,6 +1448,7 @@ struct ieee80211_local {
+@@ -1447,6 +1447,7 @@ struct ieee80211_local {
int dynamic_ps_forced_timeout;
int user_power_level; /* in dBm, for all interfaces */
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/800-mac80211-mask-nested-A-MSDU-support-for-mesh.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/800-mac80211-mask-nested-A-MSDU-support-for-mesh.patch
index e7da94c..a17d6f6 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/800-mac80211-mask-nested-A-MSDU-support-for-mesh.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/800-mac80211-mask-nested-A-MSDU-support-for-mesh.patch
@@ -24,7 +24,7 @@
- capab = u16_encode_bits(amsdu, IEEE80211_ADDBA_PARAM_AMSDU_MASK);
+ capab = 0;
-+#ifdef CONFIG_MAC80211_MESH
++#ifdef CPTCFG_MAC80211_MESH
+ if (!sta->mesh)
+#endif
+ capab = u16_encode_bits(amsdu, IEEE80211_ADDBA_PARAM_AMSDU_MASK);
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/900-mac80211-mtk-export-del-all-station-for-ampdu-amsdu-on-off-function.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/900-mac80211-mtk-export-del-all-station-for-ampdu-amsdu-on-off-function.patch
index ada8e31..388d9cb 100755
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/900-mac80211-mtk-export-del-all-station-for-ampdu-amsdu-on-off-function.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/900-mac80211-mtk-export-del-all-station-for-ampdu-amsdu-on-off-function.patch
@@ -1,6 +1,21 @@
---- b/include/net/mac80211.h 2021-09-22 21:10:45.803721216 +0800
-+++ a/include/net/mac80211.h 2021-09-22 21:19:40.494744637 +0800
-@@ -2639,6 +2639,13 @@
+From ae8bd933a1ef1499863dbb8313a61375b7d00c11 Mon Sep 17 00:00:00 2001
+From: TomLiu <tomml.liu@mediatek.com>
+Date: Wed, 19 Oct 2022 13:33:02 +0800
+Subject: [PATCH 900/914] mac80211: export del all station for ampdu amsdu on
+ off function
+
+Signed-off-by: TomLiu <tomml.liu@mediatek.com>
+---
+ include/net/mac80211.h | 13 +++++++++++++
+ net/mac80211/cfg.c | 13 +++++++++++++
+ net/mac80211/sta_info.c | 3 ++-
+ 3 files changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/include/net/mac80211.h b/include/net/mac80211.h
+index c85050f..edcad3b 100644
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -2662,6 +2662,13 @@ static inline void _ieee80211_hw_set(struct ieee80211_hw *hw,
}
#define ieee80211_hw_set(hw, flg) _ieee80211_hw_set(hw, IEEE80211_HW_##flg)
@@ -14,22 +29,24 @@
/**
* struct ieee80211_scan_request - hw scan request
*
-@@ -4989,6 +4996,12 @@
+@@ -5056,6 +5063,12 @@ void ieee80211_beacon_set_cntdwn(struct ieee80211_vif *vif, u8 counter);
+ */
void ieee80211_csa_finish(struct ieee80211_vif *vif);
- /**
++/**
+ * ieee80211_del_all_station - request mac80211 to delete all stations
+ * @hw: pointer obtained from ieee80211_alloc_hw().
+ */
+void ieee80211_del_all_station(struct ieee80211_hw *hw);
+
-+/**
+ /**
* ieee80211_beacon_cntdwn_is_complete - find out if countdown reached 1
* @vif: &struct ieee80211_vif pointer from the add_interface callback.
- *
---- b/net/mac80211/cfg.c 2021-09-22 21:10:45.675720709 +0800
-+++ a/net/mac80211/cfg.c 2021-09-22 21:11:23.456352549 +0800
-@@ -1718,6 +1718,19 @@
+diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
+index abe7318..b582730 100644
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -1822,6 +1822,19 @@ static int ieee80211_del_station(struct wiphy *wiphy, struct net_device *dev,
return 0;
}
@@ -49,9 +66,11 @@
static int ieee80211_change_station(struct wiphy *wiphy,
struct net_device *dev, const u8 *mac,
struct station_parameters *params)
---- b/net/mac80211/sta_info.c 2021-09-22 21:10:45.599720409 +0800
-+++ a/net/mac80211/sta_info.c 2021-09-22 20:50:39.158775251 +0800
-@@ -683,7 +683,8 @@
+diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
+index 541c769..a703e83 100644
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -683,7 +683,8 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
}
/* accept BA sessions now */
@@ -61,3 +80,6 @@
ieee80211_sta_debugfs_add(sta);
rate_control_add_sta_debugfs(sta);
+--
+2.18.0
+
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/901-mac80211-mtk-check-twt-responder-when-setu-twt.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/901-mac80211-mtk-check-twt-responder-when-setu-twt.patch
index e2f24b4..92e853f 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/901-mac80211-mtk-check-twt-responder-when-setu-twt.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/901-mac80211-mtk-check-twt-responder-when-setu-twt.patch
@@ -1,17 +1,18 @@
-From fa2d47980f56462c5767a0ad9537f3e58f5864f4 Mon Sep 17 00:00:00 2001
+From 0f0d127d843c67f076af380d49e42bb2c3ea3f15 Mon Sep 17 00:00:00 2001
From: Peter Chiu <chui-hao.chiu@mediatek.com>
Date: Tue, 18 Jan 2022 20:29:44 +0800
-Subject: [PATCH] mac80211: do not setup twt when twt responder is false
+Subject: [PATCH 901/914] mac80211: do not setup twt when twt responder is
+ false
---
net/mac80211/rx.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
-index 41c3f22..3961270 100644
+index 873daea..a92bd1a 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
-@@ -3231,6 +3231,9 @@ ieee80211_process_rx_twt_action(struct ieee80211_rx_data *rx)
+@@ -3281,6 +3281,9 @@ ieee80211_process_rx_twt_action(struct ieee80211_rx_data *rx)
if (sdata->vif.type != NL80211_IFTYPE_AP)
return false;
@@ -22,5 +23,5 @@
return false;
--
-2.29.2
+2.18.0
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/902-nl80211-mtk-internal-extend-CAC-time-for-weather-radar-c.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/902-nl80211-mtk-internal-extend-CAC-time-for-weather-radar-c.patch
index b6f6d69..7a5c812 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/902-nl80211-mtk-internal-extend-CAC-time-for-weather-radar-c.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/902-nl80211-mtk-internal-extend-CAC-time-for-weather-radar-c.patch
@@ -1,7 +1,8 @@
-From 686d2b968461c441f18ae18eec36980728706b87 Mon Sep 17 00:00:00 2001
+From 16266ba15b8f0de668d45f9b15cc379d38d09b0f Mon Sep 17 00:00:00 2001
From: Shayne Chen <shayne.chen@mediatek.com>
Date: Tue, 29 Mar 2022 16:06:30 +0800
-Subject: [PATCH] nl80211: internal: extend CAC time for weather radar channels
+Subject: [PATCH 902/914] nl80211: internal: extend CAC time for weather radar
+ channels
Signed-off-by: Shayne Chen <shayne.chen@mediatek.com>
---
@@ -9,10 +10,10 @@
1 file changed, 7 insertions(+)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
-index f54cb1a..07f8d3a 100644
+index bc6b5ac..3c6c1df 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -9336,6 +9336,13 @@ static int nl80211_start_radar_detection(struct sk_buff *skb,
+@@ -9354,6 +9354,13 @@ static int nl80211_start_radar_detection(struct sk_buff *skb,
if (WARN_ON(!cac_time_ms))
cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
@@ -27,5 +28,5 @@
if (!err) {
wdev->chandef = chandef;
--
-2.25.1
+2.18.0
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/903-mac80211-mtk-it-s-invalid-case-when-frag_threshold-is-gr.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/903-mac80211-mtk-it-s-invalid-case-when-frag_threshold-is-gr.patch
index 2f1d96c..86c46d6 100755
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/903-mac80211-mtk-it-s-invalid-case-when-frag_threshold-is-gr.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/903-mac80211-mtk-it-s-invalid-case-when-frag_threshold-is-gr.patch
@@ -1,8 +1,8 @@
-From a0b3ac0fe37b3f2bcc5a9593524556b971bb98f5 Mon Sep 17 00:00:00 2001
+From 44c44546d83d2711a84dc5456f4cb0c34bf544dc Mon Sep 17 00:00:00 2001
From: Bo Jiao <Bo.Jiao@mediatek.com>
Date: Fri, 1 Apr 2022 09:15:21 +0800
-Subject: [PATCH] mac80211: it's invalid case when frag_threshold is greater
- than 2346
+Subject: [PATCH 903/914] mac80211: it's invalid case when frag_threshold is
+ greater than 2346
Signed-off-by: Bo Jiao <Bo.Jiao@mediatek.com>
---
@@ -10,10 +10,10 @@
1 file changed, 3 insertions(+)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
-index f54cb1a..10f3131 100644
+index 3c6c1df..1292634 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -3478,6 +3478,9 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
+@@ -3495,6 +3495,9 @@ static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
goto out;
}
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/904-mac80211-mtk-correct-legacy-rates-check-in-ieee80211_cal.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/904-mac80211-mtk-correct-legacy-rates-check-in-ieee80211_cal.patch
index f5fbc82..7981d52 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/904-mac80211-mtk-correct-legacy-rates-check-in-ieee80211_cal.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/904-mac80211-mtk-correct-legacy-rates-check-in-ieee80211_cal.patch
@@ -1,7 +1,7 @@
-From 3f85b72dca38f56b112505b79e7f8fc4841b3f3d Mon Sep 17 00:00:00 2001
+From c837634171320f2cb39f43153208538683ac5fdb Mon Sep 17 00:00:00 2001
From: MeiChia Chiu <MeiChia.Chiu@mediatek.com>
Date: Mon, 7 Mar 2022 15:18:00 +0800
-Subject: [PATCH] mac80211: correct legacy rates check in
+Subject: [PATCH 904/914] mac80211: correct legacy rates check in
ieee80211_calc_rx_airtime
There are no legacy rates on 60GHz or sub-1Ghz band, so modify the check.
@@ -13,7 +13,7 @@
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/mac80211/airtime.c b/net/mac80211/airtime.c
-index 26d2f8ba7029..c0e58eb7c7fb 100644
+index 26d2f8b..c0e58eb 100644
--- a/net/mac80211/airtime.c
+++ b/net/mac80211/airtime.c
@@ -477,7 +477,9 @@ u32 ieee80211_calc_rx_airtime(struct ieee80211_hw *hw,
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/905-mac80211-mtk-airtime_flags-depends-on-NL80211_EXT_FEATUR.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/905-mac80211-mtk-airtime_flags-depends-on-NL80211_EXT_FEATUR.patch
index 8325e96..ea2fa77 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/905-mac80211-mtk-airtime_flags-depends-on-NL80211_EXT_FEATUR.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/905-mac80211-mtk-airtime_flags-depends-on-NL80211_EXT_FEATUR.patch
@@ -1,10 +1,21 @@
+From f85db6e56ba3b559d3affffc3baad9f21d60c5f6 Mon Sep 17 00:00:00 2001
+From: Evelyn Tsai <evelyn.tsai@mediatek.com>
+Date: Wed, 19 Oct 2022 13:42:43 +0800
+Subject: [PATCH 905/914] mac80211: airtime_flags depends on
+ NL80211_EXT_FEATURE
+
+Signed-off-by: Evelyn Tsai <evelyn.tsai@mediatek.com>
+---
+ net/mac80211/main.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
-index 3a442d8..f355cd3 100644
+index 09e5bf1..8c005f1 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
-@@ -723,8 +723,9 @@ struct ieee80211_hw *ieee80211_alloc_hw_nm(size_t priv_data_len,
- air_sched->aql_txq_limit_high =
+@@ -721,8 +721,9 @@ struct ieee80211_hw *ieee80211_alloc_hw_nm(size_t priv_data_len,
IEEE80211_DEFAULT_AQL_TXQ_LIMIT_H;
+ atomic_set(&local->aql_ac_pending_airtime[i], 0);
}
-
- local->airtime_flags = AIRTIME_USE_TX | AIRTIME_USE_RX;
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/906-mac80211-mtk-add-support-for-runtime-set-inband-discovery.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/906-mac80211-mtk-add-support-for-runtime-set-inband-discovery.patch
index 6046344..86f3931 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/906-mac80211-mtk-add-support-for-runtime-set-inband-discovery.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/906-mac80211-mtk-add-support-for-runtime-set-inband-discovery.patch
@@ -1,4 +1,20 @@
+From b4551b622d6a57b6613200bee2f83729e64ba64e Mon Sep 17 00:00:00 2001
+From: MeiChia Chiu <meichia.chiu@mediatek.com>
+Date: Wed, 19 Oct 2022 13:45:42 +0800
+Subject: [PATCH 906/914] mac80211: add support for runtime set inband
+ discovery
+
+Signed-off-by: MeiChia Chiu <meichia.chiu@mediatek.com>
+---
+ include/net/cfg80211.h | 1 +
+ include/net/mac80211.h | 1 +
+ include/uapi/linux/nl80211.h | 1 +
+ net/mac80211/cfg.c | 32 +++++++++++++++++++++++++++++++-
+ net/wireless/nl80211.c | 31 +++++++++++++++++++++++++++----
+ 5 files changed, 61 insertions(+), 5 deletions(-)
+
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
+index ab83553..f594914 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -1158,6 +1158,7 @@ struct cfg80211_fils_discovery {
@@ -10,6 +26,7 @@
/**
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
+index edcad3b..bde3495 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -505,6 +505,7 @@ struct ieee80211_ftm_responder_params {
@@ -21,6 +38,7 @@
/**
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
+index 019f065..e674aa7 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -7242,6 +7242,7 @@ enum nl80211_fils_discovery_attributes {
@@ -32,9 +50,10 @@
/* keep last */
__NL80211_FILS_DISCOVERY_ATTR_LAST,
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
+index b582730..1328827 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -906,6 +906,7 @@ static int ieee80211_set_fils_discovery(
+@@ -906,6 +906,7 @@ static int ieee80211_set_fils_discovery(struct ieee80211_sub_if_data *sdata,
fd = &sdata->vif.bss_conf.fils_discovery;
fd->min_interval = params->min_interval;
fd->max_interval = params->max_interval;
@@ -42,7 +61,7 @@
old = sdata_dereference(sdata->u.ap.fils_discovery, sdata);
new = kzalloc(sizeof(*new) + params->tmpl_len, GFP_KERNEL);
-@@ -1316,6 +1317,9 @@ static int ieee80211_change_beacon(struc
+@@ -1316,6 +1317,9 @@ static int ieee80211_change_beacon(struct wiphy *wiphy, struct net_device *dev,
{
struct ieee80211_sub_if_data *sdata;
struct beacon_data *old;
@@ -52,7 +71,7 @@
int err;
sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-@@ -1334,7 +1338,33 @@ static int ieee80211_change_beacon(struc
+@@ -1334,7 +1338,33 @@ static int ieee80211_change_beacon(struct wiphy *wiphy, struct net_device *dev,
err = ieee80211_assign_beacon(sdata, params, NULL, NULL);
if (err < 0)
return err;
@@ -88,9 +107,10 @@
}
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
+index 1292634..a20aba5 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
-@@ -421,6 +421,7 @@ nl80211_fils_discovery_policy[NL80211_FI
+@@ -421,6 +421,7 @@ nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
[NL80211_FILS_DISCOVERY_ATTR_TMPL] = { .type = NLA_BINARY,
.len = IEEE80211_MAX_DATA_LEN },
#endif
@@ -98,7 +118,7 @@
};
static const struct nla_policy
-@@ -5349,6 +5350,8 @@ static int nl80211_parse_fils_discovery(
+@@ -5364,6 +5365,8 @@ static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
@@ -107,7 +127,7 @@
return 0;
}
-@@ -5754,7 +5757,8 @@ static int nl80211_set_beacon(struct sk_
+@@ -5769,7 +5772,8 @@ static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
struct cfg80211_registered_device *rdev = info->user_ptr[0];
struct net_device *dev = info->user_ptr[1];
struct wireless_dev *wdev = dev->ieee80211_ptr;
@@ -117,7 +137,7 @@
int err;
if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
-@@ -5767,16 +5771,35 @@ static int nl80211_set_beacon(struct sk_
+@@ -5782,16 +5786,35 @@ static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
if (!wdev->beacon_interval)
return -EINVAL;
@@ -156,3 +176,6 @@
return err;
}
+--
+2.18.0
+
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/908-mac80211-mtk-add-s1g-category-to-_ieee80211_is_robust_mg.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/907-mac80211-mtk-add-s1g-category-to-_ieee80211_is_robust_mg.patch
similarity index 71%
rename from recipes-kernel/linux-mac80211/files/patches/subsys/908-mac80211-mtk-add-s1g-category-to-_ieee80211_is_robust_mg.patch
rename to recipes-kernel/linux-mac80211/files/patches/subsys/907-mac80211-mtk-add-s1g-category-to-_ieee80211_is_robust_mg.patch
index 03c81c6..541f25e 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/908-mac80211-mtk-add-s1g-category-to-_ieee80211_is_robust_mg.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/907-mac80211-mtk-add-s1g-category-to-_ieee80211_is_robust_mg.patch
@@ -1,7 +1,8 @@
-From 3e8e9d601b30cc0d141108e93579fe72462039d5 Mon Sep 17 00:00:00 2001
+From de6defeb50a0b5eab25eedffd6f54f495c6ecf78 Mon Sep 17 00:00:00 2001
From: Peter Chiu <chui-hao.chiu@mediatek.com>
Date: Wed, 8 Jun 2022 10:26:39 +0800
-Subject: [PATCH] mac80211: add s1g category to _ieee80211_is_robust_mgmt_frame
+Subject: [PATCH 907/914] mac80211: add s1g category to
+ _ieee80211_is_robust_mgmt_frame
Unprotected S1G with code 22 is not robust mgmt frame.
---
@@ -9,10 +10,10 @@
1 file changed, 1 insertion(+)
diff --git a/include/linux/ieee80211.h b/include/linux/ieee80211.h
-index 4d00f7a..6735494 100644
+index 6942645..195835f 100644
--- a/include/linux/ieee80211.h
+++ b/include/linux/ieee80211.h
-@@ -3999,6 +3999,7 @@ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)
+@@ -3696,6 +3696,7 @@ static inline bool _ieee80211_is_robust_mgmt_frame(struct ieee80211_hdr *hdr)
*category != WLAN_CATEGORY_SELF_PROTECTED &&
*category != WLAN_CATEGORY_UNPROT_DMG &&
*category != WLAN_CATEGORY_VHT &&
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/910-mac80211-mtk-offload.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/908-mac80211-mtk-mask-kernel-version-limitation-and-fill-for.patch
old mode 100755
new mode 100644
similarity index 81%
rename from recipes-kernel/linux-mac80211/files/patches/subsys/910-mac80211-mtk-offload.patch
rename to recipes-kernel/linux-mac80211/files/patches/subsys/908-mac80211-mtk-mask-kernel-version-limitation-and-fill-for.patch
index 3650a3e..5ac1559
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/910-mac80211-mtk-offload.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/908-mac80211-mtk-mask-kernel-version-limitation-and-fill-for.patch
@@ -1,8 +1,8 @@
-From 03e816970e354ae3521f94dc56b94e2ff046a305 Mon Sep 17 00:00:00 2001
+From bb2d81974833d5ee908efc2a2cb033304cff1f51 Mon Sep 17 00:00:00 2001
From: Sujuan Chen <sujuan.chen@mediatek.com>
Date: Fri, 11 Mar 2022 11:34:11 +0800
-Subject: [PATCH] mask kernel version limitation and fill forward path in
- kernel 5.4
+Subject: [PATCH 908/914] mac80211: mask kernel version limitation and fill
+ forward path in kernel 5.4
Signed-off-by: Sujuan Chen <sujuan.chen@mediatek.com>
---
@@ -13,10 +13,10 @@
4 files changed, 10 deletions(-)
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
-index 54df8c4..0fb2de9 100644
+index bde3495..35dbf62 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
-@@ -4279,13 +4279,11 @@ struct ieee80211_ops {
+@@ -4294,13 +4294,11 @@ struct ieee80211_ops {
struct ieee80211_sta *sta, u8 flowid);
int (*set_radar_background)(struct ieee80211_hw *hw,
struct cfg80211_chan_def *chandef);
@@ -31,10 +31,10 @@
/**
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
-index 5c4adca..ce90549 100644
+index 2df420b..d2b68ef 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
-@@ -1483,7 +1483,6 @@ static inline void drv_twt_teardown_request(struct ieee80211_local *local,
+@@ -1486,7 +1486,6 @@ static inline void drv_twt_teardown_request(struct ieee80211_local *local,
trace_drv_return_void(local);
}
@@ -42,7 +42,7 @@
static inline int drv_net_fill_forward_path(struct ieee80211_local *local,
struct ieee80211_sub_if_data *sdata,
struct ieee80211_sta *sta,
-@@ -1505,6 +1504,5 @@ static inline int drv_net_fill_forward_path(struct ieee80211_local *local,
+@@ -1508,6 +1507,5 @@ static inline int drv_net_fill_forward_path(struct ieee80211_local *local,
return ret;
}
@@ -50,10 +50,10 @@
#endif /* __MAC80211_DRIVER_OPS */
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
-index 6a44826..98b6d1c 100644
+index b777921..e7c85ce 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
-@@ -822,7 +822,6 @@ static const struct net_device_ops ieee80211_monitorif_ops = {
+@@ -852,7 +852,6 @@ static const struct net_device_ops ieee80211_monitorif_ops = {
};
@@ -61,7 +61,7 @@
static int ieee80211_netdev_fill_forward_path(struct net_device_path_ctx *ctx,
struct net_device_path *path)
{
-@@ -880,7 +879,6 @@ out:
+@@ -910,7 +909,6 @@ out:
return ret;
}
@@ -69,7 +69,7 @@
static const struct net_device_ops ieee80211_dataif_8023_ops = {
#if LINUX_VERSION_IS_LESS(4,10,0)
-@@ -899,9 +897,7 @@ static const struct net_device_ops ieee80211_dataif_8023_ops = {
+@@ -929,9 +927,7 @@ static const struct net_device_ops ieee80211_dataif_8023_ops = {
#else
.ndo_get_stats64 = bp_ieee80211_get_stats64,
#endif
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/911-mac80211-mtk-add-fill-receive-path-ops-to-get-wed-idx-v2.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/909-mac80211-mtk-add-fill-receive-path-ops-to-get-wed-idx.patch
old mode 100755
new mode 100644
similarity index 90%
rename from recipes-kernel/linux-mac80211/files/patches/subsys/911-mac80211-mtk-add-fill-receive-path-ops-to-get-wed-idx-v2.patch
rename to recipes-kernel/linux-mac80211/files/patches/subsys/909-mac80211-mtk-add-fill-receive-path-ops-to-get-wed-idx.patch
index 3c2cd27..7129a3f
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/911-mac80211-mtk-add-fill-receive-path-ops-to-get-wed-idx-v2.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/909-mac80211-mtk-add-fill-receive-path-ops-to-get-wed-idx.patch
@@ -1,7 +1,7 @@
-From bf39e0bef2dff4419f51b7a8bb7da3de04a38bd7 Mon Sep 17 00:00:00 2001
+From 670b284d0098d142aa5144dfdc8fa57ac4a6c23f Mon Sep 17 00:00:00 2001
From: Sujuan Chen <sujuan.chen@mediatek.com>
Date: Wed, 18 May 2022 15:10:22 +0800
-Subject: [PATCH] add fill receive path ops to get wed idx
+Subject: [PATCH 909/914] mac80211: add fill receive path ops to get wed idx
Signed-off-by: Sujuan Chen <sujuan.chen@mediatek.com>
---
@@ -16,7 +16,7 @@
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
old mode 100644
new mode 100755
-index 1f6ddf6..17672ac
+index 35dbf62..43a4ddb
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -1791,6 +1791,13 @@ struct ieee80211_vif *wdev_to_ieee80211_vif(struct wireless_dev *wdev);
@@ -33,7 +33,7 @@
/**
* enum ieee80211_key_flags - key flags
*
-@@ -3957,6 +3964,8 @@ struct ieee80211_prep_tx_info {
+@@ -3964,6 +3971,8 @@ struct ieee80211_prep_tx_info {
* disable background CAC/radar detection.
* @net_fill_forward_path: Called from .ndo_fill_forward_path in order to
* resolve a path for hardware flow offloading
@@ -42,7 +42,7 @@
*/
struct ieee80211_ops {
void (*tx)(struct ieee80211_hw *hw,
-@@ -4292,6 +4301,9 @@ struct ieee80211_ops {
+@@ -4299,6 +4308,9 @@ struct ieee80211_ops {
struct ieee80211_sta *sta,
struct net_device_path_ctx *ctx,
struct net_device_path *path);
@@ -75,10 +75,10 @@
+
#endif /* __MAC80211_DRIVER_OPS */
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
-index 797fe24..a72bdea 100644
+index e7c85ce..c222348 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
-@@ -911,6 +911,29 @@ out:
+@@ -910,6 +910,29 @@ out:
return ret;
}
@@ -108,7 +108,7 @@
static const struct net_device_ops ieee80211_dataif_8023_ops = {
#if LINUX_VERSION_IS_LESS(4,10,0)
.ndo_change_mtu = __change_mtu,
-@@ -929,6 +952,7 @@ static const struct net_device_ops ieee80211_dataif_8023_ops = {
+@@ -928,6 +951,7 @@ static const struct net_device_ops ieee80211_dataif_8023_ops = {
.ndo_get_stats64 = bp_ieee80211_get_stats64,
#endif
.ndo_fill_forward_path = ieee80211_netdev_fill_forward_path,
@@ -119,7 +119,7 @@
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
old mode 100644
new mode 100755
-index d85a39a..d515956
+index fb9d0a0..f799e63
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -898,6 +898,15 @@ struct wireless_dev *ieee80211_vif_to_wdev(struct ieee80211_vif *vif)
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/912-mac80211-mtk-make-4addr-null-frames-using-min-rate-for-WDS.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/910-mac80211-mtk-make-4addr-null-frames-using-min_rate-.patch
similarity index 81%
rename from recipes-kernel/linux-mac80211/files/patches/subsys/912-mac80211-mtk-make-4addr-null-frames-using-min-rate-for-WDS.patch
rename to recipes-kernel/linux-mac80211/files/patches/subsys/910-mac80211-mtk-make-4addr-null-frames-using-min_rate-.patch
index 62a7d3f..ec81394 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/912-mac80211-mtk-make-4addr-null-frames-using-min-rate-for-WDS.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/910-mac80211-mtk-make-4addr-null-frames-using-min_rate-.patch
@@ -1,7 +1,8 @@
-From de1d3b1259574aac2dcb4d830c34030bc20cc280 Mon Sep 17 00:00:00 2001
+From e7f4d518cdecfce077b4cf7a68678e1781dfe974 Mon Sep 17 00:00:00 2001
From: Lian Chen <lian.chen@mediatek.com>
Date: Thu, 14 Jul 2022 16:33:58 +0800
-Subject: [PATCH] wifi: mac80211: make 4addr null frames using min_rate for WDS
+Subject: [PATCH 910/914] wifi: mac80211: make 4addr null frames using min_rate
+ for WDS
WDS needs 4addr packets to trigger AP for wlan0.sta creation.
However, the 4addr null frame is sent at a high rate
@@ -14,7 +15,7 @@
1 file changed, 1 insertion(+)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
-index c833245..09f54be 100644
+index 1548f53..4d6d469 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1133,6 +1133,7 @@ void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/911-mac80211-mtk-remove-timerout-handle-for-ax210-iot-issue.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/911-mac80211-mtk-remove-timerout-handle-for-ax210-iot-issue.patch
new file mode 100644
index 0000000..acbd4c8
--- /dev/null
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/911-mac80211-mtk-remove-timerout-handle-for-ax210-iot-issue.patch
@@ -0,0 +1,34 @@
+From 1219001aaad2726e02f4b23e33cad3ae51806cd1 Mon Sep 17 00:00:00 2001
+From: Evelyn Tsai <evelyn.tsai@mediatek.com>
+Date: Wed, 19 Oct 2022 13:49:21 +0800
+Subject: [PATCH 911/914] mac80211: remove timerout handle for ax210 iot issue
+
+Signed-off-by: Evelyn Tsai <evelyn.tsai@mediatek.com>
+---
+ net/mac80211/agg-tx.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+ mode change 100644 => 100755 net/mac80211/agg-tx.c
+
+diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
+old mode 100644
+new mode 100755
+index 1deb3d8..c30f02d
+--- a/net/mac80211/agg-tx.c
++++ b/net/mac80211/agg-tx.c
+@@ -568,10 +568,9 @@ static void sta_tx_agg_session_timer_expired(struct timer_list *t)
+ }
+
+ timeout = tid_tx->last_tx + TU_TO_JIFFIES(tid_tx->timeout);
+- if (time_is_after_jiffies(timeout)) {
+- mod_timer(&tid_tx->session_timer, timeout);
+- return;
+- }
++ /* remove timerout handle for ax210 iot issue */
++ mod_timer(&tid_tx->session_timer, timeout);
++ return;
+
+ ht_dbg(sta->sdata, "tx session timer expired on %pM tid %d\n",
+ sta->sta.addr, tid);
+--
+2.18.0
+
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/912-cfg80211-mtk-implement-DFS-status-show-cac-and-nop-skip-.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/912-cfg80211-mtk-implement-DFS-status-show-cac-and-nop-skip-.patch
new file mode 100644
index 0000000..d60e8d8
--- /dev/null
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/912-cfg80211-mtk-implement-DFS-status-show-cac-and-nop-skip-.patch
@@ -0,0 +1,458 @@
+From 3ff7c67f8b03762e096ed9ac6eaa5d9d6c80bb65 Mon Sep 17 00:00:00 2001
+From: StanleyYP Wang <StanleyYP.Wang@mediatek.com>
+Date: Thu, 22 Sep 2022 14:27:41 +0800
+Subject: [PATCH 912/914] cfg80211: implement DFS status show, cac and nop skip
+ command via debugfs
+
+Signed-off-by: StanleyYP Wang <StanleyYP.Wang@mediatek.com>
+---
+ include/net/cfg80211.h | 1 +
+ net/mac80211/cfg.c | 19 +++
+ net/wireless/core.h | 3 +
+ net/wireless/debugfs.c | 270 ++++++++++++++++++++++++++++++++++++++--
+ net/wireless/mlme.c | 6 +
+ net/wireless/rdev-ops.h | 14 +++
+ net/wireless/trace.h | 12 ++
+ 7 files changed, 318 insertions(+), 7 deletions(-)
+
+diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
+index f594914..7d20b98 100644
+--- a/include/net/cfg80211.h
++++ b/include/net/cfg80211.h
+@@ -4401,6 +4401,7 @@ struct cfg80211_ops {
+ struct cfg80211_color_change_settings *params);
+ int (*set_radar_background)(struct wiphy *wiphy,
+ struct cfg80211_chan_def *chandef);
++ void (*skip_cac)(struct wireless_dev *wdev);
+ };
+
+ /*
+diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
+index 1328827..d1fc54d 100644
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -4517,6 +4517,24 @@ ieee80211_set_radar_background(struct wiphy *wiphy,
+ return local->ops->set_radar_background(&local->hw, chandef);
+ }
+
++static void
++ieee80211_skip_cac(struct wireless_dev *wdev)
++{
++ struct net_device *dev = wdev->netdev;
++ struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
++ unsigned int cac_time_ms;
++
++ cancel_delayed_work(&sdata->dfs_cac_timer_work);
++ if (wdev->cac_started) {
++ ieee80211_vif_release_channel(sdata);
++ cac_time_ms = wdev->cac_time_ms;
++ wdev->cac_start_time = jiffies -
++ msecs_to_jiffies(cac_time_ms + 1);
++ cfg80211_cac_event(wdev->netdev, &wdev->chandef,
++ NL80211_RADAR_CAC_FINISHED, GFP_KERNEL);
++ }
++}
++
+ const struct cfg80211_ops mac80211_config_ops = {
+ .add_virtual_intf = ieee80211_add_iface,
+ .del_virtual_intf = ieee80211_del_iface,
+@@ -4623,4 +4641,5 @@ const struct cfg80211_ops mac80211_config_ops = {
+ .set_sar_specs = ieee80211_set_sar_specs,
+ .color_change = ieee80211_color_change,
+ .set_radar_background = ieee80211_set_radar_background,
++ .skip_cac = ieee80211_skip_cac,
+ };
+diff --git a/net/wireless/core.h b/net/wireless/core.h
+index b588e5a..10e8981 100644
+--- a/net/wireless/core.h
++++ b/net/wireless/core.h
+@@ -86,6 +86,9 @@ struct cfg80211_registered_device {
+
+ struct wireless_dev *background_radar_wdev;
+ struct cfg80211_chan_def background_radar_chandef;
++ bool background_cac_started;
++ unsigned long background_cac_start_time;
++ unsigned int background_cac_time_ms;
+ struct delayed_work background_cac_done_wk;
+ struct work_struct background_cac_abort_wk;
+
+diff --git a/net/wireless/debugfs.c b/net/wireless/debugfs.c
+index aab4346..517e09f 100644
+--- a/net/wireless/debugfs.c
++++ b/net/wireless/debugfs.c
+@@ -9,6 +9,7 @@
+ #include <linux/slab.h>
+ #include "core.h"
+ #include "debugfs.h"
++#include "rdev-ops.h"
+
+ #define DEBUGFS_READONLY_FILE(name, buflen, fmt, value...) \
+ static ssize_t name## _read(struct file *file, char __user *userbuf, \
+@@ -95,16 +96,271 @@ static const struct file_operations ht40allow_map_ops = {
+ .llseek = default_llseek,
+ };
+
+-#define DEBUGFS_ADD(name) \
+- debugfs_create_file(#name, 0444, phyd, &rdev->wiphy, &name## _ops)
++static int dfs_print_chan(struct ieee80211_channel *chan, int remain_time, int wait_time,
++ char *buf, int buf_size, int offset, bool is_background)
++{
++ if (WARN_ON(offset > buf_size))
++ return 0;
++
++ if (chan->dfs_state == NL80211_DFS_UNAVAILABLE) {
++ offset += scnprintf(buf + offset, buf_size - offset,
++ " Channel = %d, DFS_state = Unavailable",
++ chan->hw_value);
++ if (remain_time > 0)
++ offset += scnprintf(buf + offset, buf_size - offset,
++ ", Non-occupancy Remain Time = %d / %d [sec]",
++ remain_time, wait_time);
++ else
++ offset += scnprintf(buf + offset, buf_size - offset,
++ ", Changing state...");
++ } else if (chan->dfs_state == NL80211_DFS_USABLE) {
++ offset += scnprintf(buf + offset, buf_size - offset,
++ " Channel = %d, DFS_state = Usable",
++ chan->hw_value);
++ if (remain_time > 0)
++ offset += scnprintf(buf + offset, buf_size - offset,
++ ", CAC Remain Time = %d / %d [sec]",
++ remain_time, wait_time);
++ } else if (chan->dfs_state == NL80211_DFS_AVAILABLE) {
++ offset += scnprintf(buf + offset, buf_size - offset,
++ " Channel = %d, DFS_state = Available",
++ chan->hw_value);
++ } else {
++ offset += scnprintf(buf + offset, buf_size - offset,
++ " Channel = %d, DFS_state = Unknown",
++ chan->hw_value);
++ }
++
++ if (is_background)
++ offset += scnprintf(buf + offset, buf_size - offset,
++ " (background chain)");
++ offset += scnprintf(buf + offset, buf_size - offset, "\n");
++
++ return offset;
++}
++
++static int dfs_status_read_wdev(struct wiphy *wiphy, struct wireless_dev *wdev, char *buf,
++ unsigned int buf_size, unsigned int offset)
++{
++ struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
++ struct cfg80211_chan_def *chandef = &wdev->chandef;
++ struct cfg80211_chan_def *background_chandef = &rdev->background_radar_chandef;
++ enum nl80211_band band;
++ struct ieee80211_supported_band *sband;
++ struct ieee80211_channel *chan;
++ unsigned long jiffies_passed;
++ int i, remain_time = 0, wait_time_ms = 0;
++ bool is_background;
++
++ offset += scnprintf(buf + offset, buf_size - offset, "DFS Channel:\n");
++
++ for (band = 0; band < NUM_NL80211_BANDS; band++) {
++ sband = wiphy->bands[band];
++ if (!sband)
++ continue;
++ for (i = 0; i < sband->n_channels; i++) {
++ is_background = false;
++ chan = &sband->channels[i];
++
++ if (!(chan->flags & IEEE80211_CHAN_RADAR))
++ continue;
++
++ if (chan->dfs_state == NL80211_DFS_UNAVAILABLE) {
++ jiffies_passed = jiffies - chan->dfs_state_entered;
++ wait_time_ms = IEEE80211_DFS_MIN_NOP_TIME_MS;
++ remain_time = (wait_time_ms - jiffies_to_msecs(jiffies_passed));
++ if (remain_time > wait_time_ms)
++ remain_time = 0;
++ } else if (chan->dfs_state == NL80211_DFS_USABLE) {
++ if (wdev->cac_started && cfg80211_is_sub_chan(chandef, chan)) {
++ jiffies_passed = jiffies - wdev->cac_start_time;
++ wait_time_ms = wdev->cac_time_ms;
++ remain_time = (wait_time_ms -
++ jiffies_to_msecs(jiffies_passed));
++ }
++
++ if (rdev->background_radar_wdev == wdev &&
++ rdev->background_cac_started &&
++ cfg80211_is_sub_chan(background_chandef, chan)) {
++ jiffies_passed = jiffies - rdev->background_cac_start_time;
++ wait_time_ms = rdev->background_cac_time_ms;
++ remain_time = (wait_time_ms -
++ jiffies_to_msecs(jiffies_passed));
++ is_background = true;
++ }
++
++ if (remain_time > wait_time_ms)
++ remain_time = 0;
++
++ } else {
++ if (rdev->background_radar_wdev == wdev &&
++ cfg80211_is_sub_chan(background_chandef, chan))
++ is_background = true;
++ }
++
++ offset = dfs_print_chan(chan, remain_time / 1000, wait_time_ms / 1000,
++ buf, buf_size, offset, is_background);
++ remain_time = 0;
++ }
++ }
++
++ return offset;
++}
++
++static ssize_t dfs_status_read(struct file *file, char __user *user_buf,
++ size_t count, loff_t *ppos)
++{
++ struct wiphy *wiphy = file->private_data;
++ struct wireless_dev *wdev;
++ char *buf;
++ unsigned int offset = 0, buf_size = PAGE_SIZE, r;
++ const char * const iftype_str[] = {
++ [NL80211_IFTYPE_UNSPECIFIED] = "unspecified",
++ [NL80211_IFTYPE_ADHOC] = "adhoc",
++ [NL80211_IFTYPE_STATION] = "station",
++ [NL80211_IFTYPE_AP] = "ap",
++ [NL80211_IFTYPE_AP_VLAN] = "ap vlan",
++ [NL80211_IFTYPE_WDS] = "wds",
++ [NL80211_IFTYPE_MONITOR] = "monitor",
++ [NL80211_IFTYPE_MESH_POINT] = "mesh point",
++ [NL80211_IFTYPE_P2P_CLIENT] = "p2p client",
++ [NL80211_IFTYPE_P2P_GO] = "p2p go",
++ [NL80211_IFTYPE_P2P_DEVICE] = "p2p device",
++ [NL80211_IFTYPE_OCB] = "ocb",
++ [NL80211_IFTYPE_NAN] = "nan",
++ };
++
++ buf = kzalloc(buf_size, GFP_KERNEL);
++ if (!buf)
++ return -ENOMEM;
++
++ list_for_each_entry(wdev, &wiphy->wdev_list, list) {
++ offset += scnprintf(buf + offset, buf_size - offset,
++ "wdev 0x%x\n"
++ "interface type %s\n",
++ wdev->identifier, iftype_str[wdev->iftype]);
++ offset = dfs_status_read_wdev(wiphy, wdev, buf, buf_size, offset);
++ }
++
++ r = simple_read_from_buffer(user_buf, count, ppos, buf, offset);
++
++ kfree(buf);
++
++ return r;
++}
++
++static const struct file_operations dfs_status_ops = {
++ .read = dfs_status_read,
++ .open = simple_open,
++ .llseek = default_llseek,
++};
++
++static int
++dfs_nop_skip(void *data, u64 val)
++{
++ struct wiphy *wiphy = data;
++ struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
++ bool en = !!val;
++ enum nl80211_band band;
++ struct ieee80211_supported_band *sband;
++ struct ieee80211_channel *chan;
++ u32 nop_time = IEEE80211_DFS_MIN_NOP_TIME_MS;
++ int i;
++
++ if (!en)
++ return 0;
++
++ for (band = 0; band < NUM_NL80211_BANDS; band++) {
++ sband = wiphy->bands[band];
++ if (!sband)
++ continue;
++ for (i = 0; i < sband->n_channels; i++) {
++ chan = &sband->channels[i];
++
++ if (!(chan->flags & IEEE80211_CHAN_RADAR))
++ continue;
++
++ if (chan->dfs_state == NL80211_DFS_UNAVAILABLE) {
++ // Let current jiffies > dfs_state_entered_jiffies + NOP time
++ chan->dfs_state_entered = jiffies -
++ msecs_to_jiffies(nop_time + 1);
++ }
++ }
++ }
++
++ cfg80211_sched_dfs_chan_update(rdev);
++
++ return 0;
++}
++
++DEFINE_DEBUGFS_ATTRIBUTE(dfs_skip_nop_ops, NULL,
++ dfs_nop_skip, "0x%08llx\n");
++
++static int
++dfs_cac_skip(void *data, u64 val)
++{
++#define CAC_SKIP_MASK BIT(0)
++#define CAC_SKIP_BACKGROUND_MASK BIT(1)
++ struct wiphy *wiphy = data;
++ struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
++ struct wireless_dev *wdev;
++ struct cfg80211_chan_def *chandef;
++ unsigned int skip_mode = val;
++ unsigned long cac_time;
++ struct ieee80211_channel *chan;
++
++ if (!skip_mode || skip_mode > (CAC_SKIP_MASK | CAC_SKIP_BACKGROUND_MASK))
++ return 0;
++
++ list_for_each_entry(wdev, &wiphy->wdev_list, list) {
++ if ((skip_mode & CAC_SKIP_MASK) && wdev->chandef.chan) {
++ chandef = &wdev->chandef;
++ chan = chandef->chan;
++
++ if ((chan->flags & IEEE80211_CHAN_RADAR) &&
++ chan->dfs_state == NL80211_DFS_USABLE && wdev->cac_started) {
++ rdev_skip_cac(rdev, wdev);
++ }
++ }
++
++ if ((skip_mode & CAC_SKIP_BACKGROUND_MASK) &&
++ rdev->background_radar_wdev == wdev &&
++ rdev->background_radar_chandef.chan) {
++ chandef = &rdev->background_radar_chandef;
++ chan = chandef->chan;
++
++ if ((chan->flags & IEEE80211_CHAN_RADAR) &&
++ chan->dfs_state == NL80211_DFS_USABLE &&
++ rdev->background_cac_started) {
++ // Let current jiffies > dfs_state_entered_jiffies + CAC time
++ cac_time = rdev->background_cac_time_ms;
++ rdev->background_cac_start_time = jiffies -
++ msecs_to_jiffies(cac_time + 1);
++ cancel_delayed_work(&rdev->background_cac_done_wk);
++ queue_delayed_work(cfg80211_wq, &rdev->background_cac_done_wk, 0);
++ }
++ }
++ }
++
++ return 0;
++}
++
++DEFINE_DEBUGFS_ATTRIBUTE(dfs_skip_cac_ops, NULL,
++ dfs_cac_skip, "0x%08llx\n");
++
++#define DEBUGFS_ADD(name, chmod) \
++ debugfs_create_file(#name, chmod, phyd, &rdev->wiphy, &name## _ops)
+
+ void cfg80211_debugfs_rdev_add(struct cfg80211_registered_device *rdev)
+ {
+ struct dentry *phyd = rdev->wiphy.debugfsdir;
+
+- DEBUGFS_ADD(rts_threshold);
+- DEBUGFS_ADD(fragmentation_threshold);
+- DEBUGFS_ADD(short_retry_limit);
+- DEBUGFS_ADD(long_retry_limit);
+- DEBUGFS_ADD(ht40allow_map);
++ DEBUGFS_ADD(rts_threshold, 0444);
++ DEBUGFS_ADD(fragmentation_threshold, 0444);
++ DEBUGFS_ADD(short_retry_limit, 0444);
++ DEBUGFS_ADD(long_retry_limit, 0444);
++ DEBUGFS_ADD(ht40allow_map, 0444);
++ DEBUGFS_ADD(dfs_status, 0444);
++ DEBUGFS_ADD(dfs_skip_nop, 0600);
++ DEBUGFS_ADD(dfs_skip_cac, 0600);
+ }
+diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
+index 00370ca..205c1bc 100644
+--- a/net/wireless/mlme.c
++++ b/net/wireless/mlme.c
+@@ -998,13 +998,16 @@ __cfg80211_background_cac_event(struct cfg80211_registered_device *rdev,
+ queue_work(cfg80211_wq, &rdev->propagate_cac_done_wk);
+ cfg80211_sched_dfs_chan_update(rdev);
+ wdev = rdev->background_radar_wdev;
++ rdev->background_cac_started = false;
+ break;
+ case NL80211_RADAR_CAC_ABORTED:
+ if (!cancel_delayed_work(&rdev->background_cac_done_wk))
+ return;
+ wdev = rdev->background_radar_wdev;
++ rdev->background_cac_started = false;
+ break;
+ case NL80211_RADAR_CAC_STARTED:
++ rdev->background_cac_started = true;
+ break;
+ default:
+ return;
+@@ -1024,6 +1027,7 @@ cfg80211_background_cac_event(struct cfg80211_registered_device *rdev,
+ chandef, event);
+ wiphy_unlock(&rdev->wiphy);
+ }
++EXPORT_SYMBOL(cfg80211_background_cac_event);
+
+ void cfg80211_background_cac_done_wk(struct work_struct *work)
+ {
+@@ -1085,8 +1089,10 @@ cfg80211_start_background_radar_detection(struct cfg80211_registered_device *rde
+ if (!cac_time_ms)
+ cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
+
++ rdev->background_cac_time_ms = cac_time_ms;
+ rdev->background_radar_chandef = *chandef;
+ rdev->background_radar_wdev = wdev; /* Get offchain ownership */
++ rdev->background_cac_start_time = jiffies;
+
+ __cfg80211_background_cac_event(rdev, wdev, chandef,
+ NL80211_RADAR_CAC_STARTED);
+diff --git a/net/wireless/rdev-ops.h b/net/wireless/rdev-ops.h
+index 8555468..26f4604 100644
+--- a/net/wireless/rdev-ops.h
++++ b/net/wireless/rdev-ops.h
+@@ -1398,4 +1398,18 @@ rdev_set_radar_background(struct cfg80211_registered_device *rdev,
+ return ret;
+ }
+
++static inline int
++rdev_skip_cac(struct cfg80211_registered_device *rdev,
++ struct wireless_dev *wdev)
++{
++ if (!rdev->ops->skip_cac)
++ return -EOPNOTSUPP;
++
++ trace_rdev_skip_cac(wdev);
++ rdev->ops->skip_cac(wdev);
++ trace_rdev_return_void(&rdev->wiphy);
++
++ return 0;
++}
++
+ #endif /* __CFG80211_RDEV_OPS */
+diff --git a/net/wireless/trace.h b/net/wireless/trace.h
+index 97a2937..eadabfa 100644
+--- a/net/wireless/trace.h
++++ b/net/wireless/trace.h
+@@ -3665,6 +3665,18 @@ TRACE_EVENT(rdev_set_radar_background,
+ WIPHY_PR_ARG, CHAN_DEF_PR_ARG)
+ );
+
++TRACE_EVENT(rdev_skip_cac,
++ TP_PROTO(struct wireless_dev *wdev),
++
++ TP_ARGS(wdev),
++
++ TP_STRUCT__entry(WDEV_ENTRY),
++
++ TP_fast_assign(WDEV_ASSIGN;),
++
++ TP_printk(WDEV_PR_FMT, WDEV_PR_ARG)
++);
++
+ #endif /* !__RDEV_OPS_TRACE || TRACE_HEADER_MULTI_READ */
+
+ #undef TRACE_INCLUDE_PATH
+--
+2.18.0
+
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/915-mac80211-mtk-Set-TWT-Information-Frame-Disabled-bit-as-1.-This-mo.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/913-mac80211-mtk-Set-TWT-Information-Frame-Disabled-bit-as-1.patch
similarity index 73%
rename from recipes-kernel/linux-mac80211/files/patches/subsys/915-mac80211-mtk-Set-TWT-Information-Frame-Disabled-bit-as-1.-This-mo.patch
rename to recipes-kernel/linux-mac80211/files/patches/subsys/913-mac80211-mtk-Set-TWT-Information-Frame-Disabled-bit-as-1.patch
index a9c78aa..a5d1de6 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/915-mac80211-mtk-Set-TWT-Information-Frame-Disabled-bit-as-1.-This-mo.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/913-mac80211-mtk-Set-TWT-Information-Frame-Disabled-bit-as-1.patch
@@ -1,9 +1,9 @@
-From 9fc161afbc474cdcc3acaf42d93295d5272afbb4 Mon Sep 17 00:00:00 2001
+From 4b13f8c000233eaca0dfb184724ff787148fc2bc Mon Sep 17 00:00:00 2001
From: Howard Hsu <howard-yh.hsu@mediatek.com>
Date: Tue, 4 Oct 2022 10:47:05 +0800
-Subject: [PATCH] Set TWT Information Frame Disabled bit as 1. This
- modification means that current implementation do not support twt information
- frame.
+Subject: [PATCH 913/914] mac80211: Set TWT Information Frame Disabled bit as
+ 1. This modification means that current implementation do not support twt
+ information frame.
---
net/mac80211/s1g.c | 1 +
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/913-mac80211-mtk-remove-timerout-handle-for-ax210-iot-issue.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/913-mac80211-mtk-remove-timerout-handle-for-ax210-iot-issue.patch
deleted file mode 100755
index 4d3b674..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/913-mac80211-mtk-remove-timerout-handle-for-ax210-iot-issue.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
-index 1deb3d8..c30f02d 100755
---- a/net/mac80211/agg-tx.c
-+++ b/net/mac80211/agg-tx.c
-@@ -568,10 +568,9 @@ static void sta_tx_agg_session_timer_expired(struct timer_list *t)
- }
-
- timeout = tid_tx->last_tx + TU_TO_JIFFIES(tid_tx->timeout);
-- if (time_is_after_jiffies(timeout)) {
-- mod_timer(&tid_tx->session_timer, timeout);
-- return;
-- }
-+ /* remove timerout handle for ax210 iot issue */
-+ mod_timer(&tid_tx->session_timer, timeout);
-+ return;
-
- ht_dbg(sta->sdata, "tx session timer expired on %pM tid %d\n",
- sta->sta.addr, tid);
---
-2.18.0
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/914-cfg80211-mtk-implement-DFS-status-show-cac-and-nop-skip-command.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/914-cfg80211-mtk-implement-DFS-status-show-cac-and-nop-skip-command.patch
deleted file mode 100644
index 2aaf114..0000000
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/914-cfg80211-mtk-implement-DFS-status-show-cac-and-nop-skip-command.patch
+++ /dev/null
@@ -1,256 +0,0 @@
-From eca521242b94855825f085d1bca67a5958420baa Mon Sep 17 00:00:00 2001
-From: StanleyYP Wang <StanleyYP.Wang@mediatek.com>
-Date: Thu, 22 Sep 2022 14:27:41 +0800
-Subject: [PATCH] cfg80211: implement DFS status show, cac and nop skip command
- via debugfs
-
-Signed-off-by: StanleyYP Wang <StanleyYP.Wang@mediatek.com>
----
- net/wireless/debugfs.c | 228 +++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 221 insertions(+), 7 deletions(-)
-
-diff --git a/net/wireless/debugfs.c b/net/wireless/debugfs.c
-index aab4346..19c3091 100644
---- a/net/wireless/debugfs.c
-+++ b/net/wireless/debugfs.c
-@@ -95,16 +95,230 @@ static const struct file_operations ht40allow_map_ops = {
- .llseek = default_llseek,
- };
-
--#define DEBUGFS_ADD(name) \
-- debugfs_create_file(#name, 0444, phyd, &rdev->wiphy, &name## _ops)
-+static int dfs_print_chan(struct ieee80211_channel *chan, int remain_time,
-+ char *buf, int buf_size, int offset)
-+{
-+ if (WARN_ON(offset > buf_size))
-+ return 0;
-+
-+ if (chan->dfs_state == NL80211_DFS_UNAVAILABLE) {
-+ offset += scnprintf(buf + offset, buf_size - offset,
-+ " Channel = %d, DFS_state = Unavailable",
-+ chan->hw_value);
-+ if (remain_time > 0)
-+ offset += scnprintf(buf + offset, buf_size - offset,
-+ ", Non-occupancy Remain Time = %d [sec]\n",
-+ remain_time);
-+ else
-+ offset += scnprintf(buf + offset, buf_size - offset,
-+ ", Changing state...\n");
-+ } else if (chan->dfs_state == NL80211_DFS_USABLE) {
-+ offset += scnprintf(buf + offset, buf_size - offset,
-+ " Channel = %d, DFS_state = Usable",
-+ chan->hw_value);
-+ if (remain_time > 0)
-+ offset += scnprintf(buf + offset, buf_size - offset,
-+ ", CAC Remain Time = %d [sec]\n",
-+ remain_time);
-+ else
-+ offset += scnprintf(buf + offset, buf_size - offset,
-+ "\n");
-+ } else if (chan->dfs_state == NL80211_DFS_AVAILABLE) {
-+ offset += scnprintf(buf + offset, buf_size - offset,
-+ " Channel = %d, DFS_state = Available\n",
-+ chan->hw_value);
-+ } else {
-+ offset += scnprintf(buf + offset, buf_size - offset,
-+ " Channel = %d, DFS_state = Unknown\n",
-+ chan->hw_value);
-+ }
-+
-+ return offset;
-+}
-+
-+static int dfs_status_read_wdev(struct wiphy *wiphy, struct wireless_dev *wdev, char *buf,
-+ unsigned int buf_size, unsigned int offset)
-+{
-+ struct cfg80211_chan_def *chandef;
-+ enum nl80211_band band;
-+ struct ieee80211_supported_band *sband;
-+ struct ieee80211_channel *chan;
-+ unsigned long jiffies_passed;
-+ int i, remain_time = 0;
-+
-+ offset += scnprintf(buf + offset, buf_size - offset, "DFS Channel:\n");
-+
-+ for (band = 0; band < NUM_NL80211_BANDS; band++) {
-+ sband = wiphy->bands[band];
-+ if (!sband)
-+ continue;
-+ for (i = 0; i < sband->n_channels; i++) {
-+ chan = &sband->channels[i];
-+
-+ if (!(chan->flags & IEEE80211_CHAN_RADAR))
-+ continue;
-+
-+ if (chan->dfs_state == NL80211_DFS_UNAVAILABLE) {
-+ jiffies_passed = jiffies - chan->dfs_state_entered;
-+ remain_time = (IEEE80211_DFS_MIN_NOP_TIME_MS -
-+ jiffies_to_msecs(jiffies_passed));
-+ if (remain_time > IEEE80211_DFS_MIN_NOP_TIME_MS)
-+ remain_time = 0;
-+ } else if (chan->dfs_state == NL80211_DFS_USABLE) {
-+ chandef = &wdev->chandef;
-+ if (wdev->cac_started && cfg80211_is_sub_chan(chandef, chan)) {
-+ jiffies_passed = jiffies - wdev->cac_start_time;
-+ remain_time = (wdev->cac_time_ms -
-+ jiffies_to_msecs(jiffies_passed));
-+ }
-+ if (remain_time > wdev->cac_time_ms)
-+ remain_time = 0;
-+ }
-+ offset = dfs_print_chan(chan, remain_time / 1000, buf, buf_size, offset);
-+ remain_time = 0;
-+ }
-+ }
-+
-+ return offset;
-+}
-+
-+static ssize_t dfs_status_read(struct file *file, char __user *user_buf,
-+ size_t count, loff_t *ppos)
-+{
-+ struct wiphy *wiphy = file->private_data;
-+ struct wireless_dev *wdev;
-+ char *buf;
-+ unsigned int offset = 0, buf_size = PAGE_SIZE, r;
-+ const char * const iftype_str[] = {
-+ [NL80211_IFTYPE_UNSPECIFIED] = "unspecified",
-+ [NL80211_IFTYPE_ADHOC] = "adhoc",
-+ [NL80211_IFTYPE_STATION] = "station",
-+ [NL80211_IFTYPE_AP] = "ap",
-+ [NL80211_IFTYPE_AP_VLAN] = "ap vlan",
-+ [NL80211_IFTYPE_WDS] = "wds",
-+ [NL80211_IFTYPE_MONITOR] = "monitor",
-+ [NL80211_IFTYPE_MESH_POINT] = "mesh point",
-+ [NL80211_IFTYPE_P2P_CLIENT] = "p2p client",
-+ [NL80211_IFTYPE_P2P_GO] = "p2p go",
-+ [NL80211_IFTYPE_P2P_DEVICE] = "p2p device",
-+ [NL80211_IFTYPE_OCB] = "ocb",
-+ [NL80211_IFTYPE_NAN] = "nan",
-+ };
-+
-+ buf = kzalloc(buf_size, GFP_KERNEL);
-+ if (!buf)
-+ return -ENOMEM;
-+
-+ list_for_each_entry(wdev, &wiphy->wdev_list, list) {
-+ offset += scnprintf(buf + offset, buf_size - offset,
-+ "wdev 0x%x\n"
-+ "interface type %s\n",
-+ wdev->identifier, iftype_str[wdev->iftype]);
-+ offset = dfs_status_read_wdev(wiphy, wdev, buf, buf_size, offset);
-+ }
-+
-+ r = simple_read_from_buffer(user_buf, count, ppos, buf, offset);
-+
-+ kfree(buf);
-+
-+ return r;
-+}
-+
-+static const struct file_operations dfs_status_ops = {
-+ .read = dfs_status_read,
-+ .open = simple_open,
-+ .llseek = default_llseek,
-+};
-+
-+static int
-+dfs_nop_skip(void *data, u64 val)
-+{
-+ struct wiphy *wiphy = data;
-+ struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
-+ bool en = !!val;
-+ enum nl80211_band band;
-+ struct ieee80211_supported_band *sband;
-+ struct ieee80211_channel *chan;
-+ u32 nop_time = IEEE80211_DFS_MIN_NOP_TIME_MS;
-+ int i;
-+
-+ if (!en)
-+ return 0;
-+
-+ for (band = 0; band < NUM_NL80211_BANDS; band++) {
-+ sband = wiphy->bands[band];
-+ if (!sband)
-+ continue;
-+ for (i = 0; i < sband->n_channels; i++) {
-+ chan = &sband->channels[i];
-+
-+ if (!(chan->flags & IEEE80211_CHAN_RADAR))
-+ continue;
-+
-+ if (chan->dfs_state == NL80211_DFS_UNAVAILABLE) {
-+ // Let current jiffies > dfs_state_entered_jiffies + NOP time
-+ chan->dfs_state_entered = jiffies -
-+ msecs_to_jiffies(nop_time + 1);
-+ }
-+ }
-+ }
-+
-+ cfg80211_sched_dfs_chan_update(rdev);
-+
-+ return 0;
-+}
-+
-+DEFINE_DEBUGFS_ATTRIBUTE(dfs_skip_nop_ops, NULL,
-+ dfs_nop_skip, "0x%08llx\n");
-+
-+static int
-+dfs_cac_skip(void *data, u64 val)
-+{
-+ struct wiphy *wiphy = data;
-+ struct wireless_dev *wdev;
-+ struct cfg80211_chan_def *chandef;
-+ bool en = !!val;
-+ struct ieee80211_channel *chan;
-+
-+ if (!en)
-+ return 0;
-+
-+ list_for_each_entry(wdev, &wiphy->wdev_list, list) {
-+ chandef = &wdev->chandef;
-+ if (chandef->chan) {
-+ chan = chandef->chan;
-+ if (!(chan->flags & IEEE80211_CHAN_RADAR))
-+ continue;
-+
-+ if (chan->dfs_state == NL80211_DFS_USABLE && wdev->cac_started) {
-+ // Let current jiffies > dfs_state_entered_jiffies + CAC time
-+ wdev->cac_start_time = jiffies -
-+ msecs_to_jiffies(wdev->cac_time_ms + 1);
-+ cfg80211_cac_event(wdev->netdev, chandef,
-+ NL80211_RADAR_CAC_FINISHED, GFP_KERNEL);
-+ }
-+ }
-+ }
-+
-+ return 0;
-+}
-+
-+DEFINE_DEBUGFS_ATTRIBUTE(dfs_skip_cac_ops, NULL,
-+ dfs_cac_skip, "0x%08llx\n");
-+
-+#define DEBUGFS_ADD(name, chmod) \
-+ debugfs_create_file(#name, chmod, phyd, &rdev->wiphy, &name## _ops)
-
- void cfg80211_debugfs_rdev_add(struct cfg80211_registered_device *rdev)
- {
- struct dentry *phyd = rdev->wiphy.debugfsdir;
-
-- DEBUGFS_ADD(rts_threshold);
-- DEBUGFS_ADD(fragmentation_threshold);
-- DEBUGFS_ADD(short_retry_limit);
-- DEBUGFS_ADD(long_retry_limit);
-- DEBUGFS_ADD(ht40allow_map);
-+ DEBUGFS_ADD(rts_threshold, 0444);
-+ DEBUGFS_ADD(fragmentation_threshold, 0444);
-+ DEBUGFS_ADD(short_retry_limit, 0444);
-+ DEBUGFS_ADD(long_retry_limit, 0444);
-+ DEBUGFS_ADD(ht40allow_map, 0444);
-+ DEBUGFS_ADD(dfs_status, 0444);
-+ DEBUGFS_ADD(dfs_skip_nop, 0600);
-+ DEBUGFS_ADD(dfs_skip_cac, 0600);
- }
---
-2.18.0
-
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/916-mac80211-mtk-fix-the-issue-of-AP-and-STA-starting-on-DFS-channel-concurrently.patch b/recipes-kernel/linux-mac80211/files/patches/subsys/914-mac80211-mtk-fix-the-issue-of-AP-and-STA-starting-on-DFS.patch
similarity index 83%
rename from recipes-kernel/linux-mac80211/files/patches/subsys/916-mac80211-mtk-fix-the-issue-of-AP-and-STA-starting-on-DFS-channel-concurrently.patch
rename to recipes-kernel/linux-mac80211/files/patches/subsys/914-mac80211-mtk-fix-the-issue-of-AP-and-STA-starting-on-DFS.patch
index f5fc0f9..8022163 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/916-mac80211-mtk-fix-the-issue-of-AP-and-STA-starting-on-DFS-channel-concurrently.patch
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/914-mac80211-mtk-fix-the-issue-of-AP-and-STA-starting-on-DFS.patch
@@ -1,23 +1,23 @@
-From a58aa02645052470e6bacb9e6c1eb7adfb9fc0d8 Mon Sep 17 00:00:00 2001
+From 4cd2b159ef1f560721a830d6c0e0ae69169521b4 Mon Sep 17 00:00:00 2001
From: StanleyYP Wang <StanleyYP.Wang@mediatek.com>
Date: Wed, 5 Oct 2022 19:13:43 +0800
-Subject: [PATCH] mac80211: fix the issue of AP and STA starting on DFS channel
- concurrently
+Subject: [PATCH 914/914] mac80211: fix the issue of AP and STA starting on DFS
+ channel concurrently
Signed-off-by: StanleyYP Wang <StanleyYP.Wang@mediatek.com>
---
- include/net/cfg80211.h | 21 ++++++++++++++++
+ include/net/cfg80211.h | 21 +++++++++++++++++
include/uapi/linux/nl80211.h | 2 +-
- net/mac80211/cfg.c | 48 ++++++++++++++++++++++++++++++++++++
+ net/mac80211/cfg.c | 44 ++++++++++++++++++++++++++++++++++++
net/mac80211/chan.c | 2 +-
net/wireless/chan.c | 6 ++---
- net/wireless/nl80211.c | 8 ++++++
- net/wireless/rdev-ops.h | 16 ++++++++++++
- net/wireless/trace.h | 15 +++++++++++
- 8 files changed, 113 insertions(+), 5 deletions(-)
+ net/wireless/nl80211.c | 8 +++++++
+ net/wireless/rdev-ops.h | 16 +++++++++++++
+ net/wireless/trace.h | 15 ++++++++++++
+ 8 files changed, 109 insertions(+), 5 deletions(-)
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
-index f594914..0af069d 100644
+index 7d20b98..defce1e 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -800,6 +800,24 @@ cfg80211_chandef_identical(const struct cfg80211_chan_def *chandef1,
@@ -45,16 +45,16 @@
/**
* cfg80211_chandef_is_edmg - check if chandef represents an EDMG channel
*
-@@ -4401,6 +4419,8 @@ struct cfg80211_ops {
- struct cfg80211_color_change_settings *params);
+@@ -4402,6 +4420,8 @@ struct cfg80211_ops {
int (*set_radar_background)(struct wiphy *wiphy,
struct cfg80211_chan_def *chandef);
+ void (*skip_cac)(struct wireless_dev *wdev);
+ void (*check_cac_skip)(struct wiphy *wiphy,
+ struct cfg80211_chan_def *chandef);
};
/*
-@@ -5554,6 +5574,7 @@ struct wireless_dev {
+@@ -5555,6 +5575,7 @@ struct wireless_dev {
struct work_struct pmsr_free_wk;
unsigned long unprot_beacon_reported;
@@ -76,11 +76,11 @@
NUM_NL80211_ATTR = __NL80211_ATTR_AFTER_LAST,
NL80211_ATTR_MAX = __NL80211_ATTR_AFTER_LAST - 1
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
-index bf71594..73fb432 100644
+index d1fc54d..c40256d 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -4504,6 +4504,53 @@ ieee80211_set_radar_background(struct wiphy *wiphy,
- return local->ops->set_radar_background(&local->hw, chandef);
+@@ -4535,6 +4535,49 @@ ieee80211_skip_cac(struct wireless_dev *wdev)
+ }
}
+static void
@@ -117,11 +117,7 @@
+ chan->dfs_state == NL80211_DFS_USABLE && wdev->cac_started &&
+ cfg80211_chan_fully_overlap(&sdata_sta->vif.bss_conf.chandef,
+ &s2->vif.bss_conf.chandef)) {
-+ cac_time_ms = wdev->cac_time_ms;
-+ wdev->cac_start_time = jiffies -
-+ msecs_to_jiffies(cac_time_ms + 1);
-+ cfg80211_cac_event(wdev->netdev, &wdev->chandef,
-+ NL80211_RADAR_CAC_FINISHED, GFP_KERNEL);
++ ieee80211_skip_cac(wdev);
+ sdata_info(s2, "Skip CAC on the associated STA's chan\n");
+ }
+ }
@@ -133,10 +129,10 @@
const struct cfg80211_ops mac80211_config_ops = {
.add_virtual_intf = ieee80211_add_iface,
.del_virtual_intf = ieee80211_del_iface,
-@@ -4610,4 +4657,5 @@ const struct cfg80211_ops mac80211_config_ops = {
- .set_sar_specs = ieee80211_set_sar_specs,
+@@ -4642,4 +4685,5 @@ const struct cfg80211_ops mac80211_config_ops = {
.color_change = ieee80211_color_change,
.set_radar_background = ieee80211_set_radar_background,
+ .skip_cac = ieee80211_skip_cac,
+ .check_cac_skip = ieee80211_check_cac_skip,
};
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
@@ -207,11 +203,11 @@
unlock:
wiphy_unlock(wiphy);
diff --git a/net/wireless/rdev-ops.h b/net/wireless/rdev-ops.h
-index 8555468..e7d0064 100644
+index 26f4604..c38aea1 100644
--- a/net/wireless/rdev-ops.h
+++ b/net/wireless/rdev-ops.h
-@@ -1398,4 +1398,20 @@ rdev_set_radar_background(struct cfg80211_registered_device *rdev,
- return ret;
+@@ -1412,4 +1412,20 @@ rdev_skip_cac(struct cfg80211_registered_device *rdev,
+ return 0;
}
+static inline int
@@ -232,11 +228,11 @@
+
#endif /* __CFG80211_RDEV_OPS */
diff --git a/net/wireless/trace.h b/net/wireless/trace.h
-index 97a2937..e3f1c79 100644
+index eadabfa..a7b0c82 100644
--- a/net/wireless/trace.h
+++ b/net/wireless/trace.h
-@@ -3665,6 +3665,21 @@ TRACE_EVENT(rdev_set_radar_background,
- WIPHY_PR_ARG, CHAN_DEF_PR_ARG)
+@@ -3677,6 +3677,21 @@ TRACE_EVENT(rdev_skip_cac,
+ TP_printk(WDEV_PR_FMT, WDEV_PR_ARG)
);
+TRACE_EVENT(rdev_check_cac_skip,
diff --git a/recipes-kernel/linux-mac80211/files/patches/subsys/subsys.inc b/recipes-kernel/linux-mac80211/files/patches/subsys/subsys.inc
index 10725d1..d56faa4 100644
--- a/recipes-kernel/linux-mac80211/files/patches/subsys/subsys.inc
+++ b/recipes-kernel/linux-mac80211/files/patches/subsys/subsys.inc
@@ -41,23 +41,6 @@
file://343-wifi-mac80211-fix-decap-offload-for-stations-on-AP_V.patch \
file://344-wifi-cfg80211-fix-ieee80211_data_to_8023_exthdr-hand.patch \
file://345-wifi-mac80211-do-not-drop-packets-smaller-than-the-L.patch \
- file://346-mac80211-mesh-clean-up-rx_bcn_presp-API.patch \
- file://347-mac80211-move-CRC-into-struct-ieee802_11_elems.patch \
- file://348-mac80211-mlme-find-auth-challenge-directly.patch \
- file://349-mac80211-always-allocate-struct-ieee802_11_elems.patch \
- file://350-mac80211-fix-memory-leaks-with-element-parsing.patch \
- file://351-wifi-cfg80211-fix-u8-overflow-in-cfg80211_update_not.patch \
- file://352-wifi-cfg80211-mac80211-reject-bad-MBSSID-elements.patch \
- file://353-wifi-mac80211-fix-MBSSID-parsing-use-after-free.patch \
- file://354-wifi-cfg80211-ensure-length-byte-is-present-before-a.patch \
- file://355-wifi-cfg80211-fix-BSS-refcounting-bugs.patch \
- file://356-wifi-cfg80211-avoid-nontransmitted-BSS-list-corrupti.patch \
- file://357-wifi-mac80211_hwsim-avoid-mac80211-warning-on-bad-ra.patch \
- file://358-wifi-mac80211-fix-crash-in-beacon-protection-for-P2P.patch \
- file://359-wifi-cfg80211-update-hidden-BSSes-to-avoid-WARN_ON.patch \
- file://360-mac80211-fix-a-memory-leak-where-sta_info-is-not-fre.patch \
- file://361-wifi-mac80211-Don-t-finalize-CSA-in-IBSS-mode-if-sta.patch \
- file://362-wifi-mac80211-Fix-UAF-in-ieee80211_scan_rx.patch \
file://363-bss-color-collision.patch \
file://364-mac80211-add-support-for-restricting-netdev-features.patch \
file://400-allow-ibss-mixed.patch \
@@ -72,12 +55,12 @@
file://904-mac80211-mtk-correct-legacy-rates-check-in-ieee80211_cal.patch \
file://905-mac80211-mtk-airtime_flags-depends-on-NL80211_EXT_FEATUR.patch \
file://906-mac80211-mtk-add-support-for-runtime-set-inband-discovery.patch \
- file://908-mac80211-mtk-add-s1g-category-to-_ieee80211_is_robust_mg.patch \
- file://910-mac80211-mtk-offload.patch \
- file://911-mac80211-mtk-add-fill-receive-path-ops-to-get-wed-idx-v2.patch \
- file://912-mac80211-mtk-make-4addr-null-frames-using-min-rate-for-WDS.patch \
- file://913-mac80211-mtk-remove-timerout-handle-for-ax210-iot-issue.patch \
- file://914-cfg80211-mtk-implement-DFS-status-show-cac-and-nop-skip-command.patch \
- file://915-mac80211-mtk-Set-TWT-Information-Frame-Disabled-bit-as-1.-This-mo.patch \
- file://916-mac80211-mtk-fix-the-issue-of-AP-and-STA-starting-on-DFS-channel-concurrently.patch \
+ file://907-mac80211-mtk-add-s1g-category-to-_ieee80211_is_robust_mg.patch \
+ file://908-mac80211-mtk-mask-kernel-version-limitation-and-fill-for.patch \
+ file://909-mac80211-mtk-add-fill-receive-path-ops-to-get-wed-idx.patch \
+ file://910-mac80211-mtk-make-4addr-null-frames-using-min_rate-.patch \
+ file://911-mac80211-mtk-remove-timerout-handle-for-ax210-iot-issue.patch \
+ file://912-cfg80211-mtk-implement-DFS-status-show-cac-and-nop-skip-.patch \
+ file://913-mac80211-mtk-Set-TWT-Information-Frame-Disabled-bit-as-1.patch \
+ file://914-mac80211-mtk-fix-the-issue-of-AP-and-STA-starting-on-DFS.patch \
"
diff --git a/recipes-kernel/linux-mac80211/linux-mac80211.bb b/recipes-kernel/linux-mac80211/linux-mac80211.bb
index 8e49672..81ed644 100644
--- a/recipes-kernel/linux-mac80211/linux-mac80211.bb
+++ b/recipes-kernel/linux-mac80211/linux-mac80211.bb
@@ -6,14 +6,14 @@
inherit module
-PV = "5.15.58"
+PV = "5.15.74"
SRC_URI = " \
https://cdn.kernel.org/pub/linux/kernel/projects/backports/stable/v${PV}/backports-${PV}-1.tar.xz \
file://config \
file://0001-rdkb-fix_build_issue-mac80211-without_depmod.patch;apply=no \
"
-SRC_URI[sha256sum] = "a3c2a2b7bbaf8943c65fd72f4e7d7ad5e205aeae28b26c835f9d8afa0f9810bf"
+SRC_URI[sha256sum] = "98098d0cab24cc76a04db738dc746a0c8d38d180398805481224f141cca06423"
DEPENDS += "virtual/kernel"
DEPENDS += "bison-native coreutils-native flex-native"
diff --git a/recipes-kernel/linux-mt76/files/patches/0004-mt76-connac-update-nss-calculation-in-txs.patch b/recipes-kernel/linux-mt76/files/patches/0004-mt76-connac-update-nss-calculation-in-txs.patch
new file mode 100644
index 0000000..8e61a3b
--- /dev/null
+++ b/recipes-kernel/linux-mt76/files/patches/0004-mt76-connac-update-nss-calculation-in-txs.patch
@@ -0,0 +1,39 @@
+From 7280bc1aba9fa30d3a16660c8afba8656d831cb8 Mon Sep 17 00:00:00 2001
+From: Peter Chiu <chui-hao.chiu@mediatek.com>
+Date: Wed, 19 Oct 2022 16:04:10 +0800
+Subject: [PATCH] mt76: connac: update nss calculation in txs
+
+The nss is nsts divided by 2 when stbc is 1.
+
+Signed-off-by: Peter Chiu <chui-hao.chiu@mediatek.com>
+---
+ mt76_connac_mac.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/mt76_connac_mac.c b/mt76_connac_mac.c
+index 8b7ec64a..fd60123f 100644
+--- a/mt76_connac_mac.c
++++ b/mt76_connac_mac.c
+@@ -567,7 +567,7 @@ bool mt76_connac2_mac_fill_txs(struct mt76_dev *dev, struct mt76_wcid *wcid,
+ struct mt76_phy *mphy;
+ struct rate_info rate = {};
+ bool cck = false;
+- u32 txrate, txs, mode;
++ u32 txrate, txs, mode, stbc;
+
+ txs = le32_to_cpu(txs_data[0]);
+
+@@ -587,6 +587,10 @@ bool mt76_connac2_mac_fill_txs(struct mt76_dev *dev, struct mt76_wcid *wcid,
+
+ rate.mcs = FIELD_GET(MT_TX_RATE_IDX, txrate);
+ rate.nss = FIELD_GET(MT_TX_RATE_NSS, txrate) + 1;
++ stbc = FIELD_GET(MT_TX_RATE_STBC, txrate);
++
++ if (stbc && rate.nss > 1)
++ rate.nss >>= 1;
+
+ if (rate.nss - 1 < ARRAY_SIZE(stats->tx_nss))
+ stats->tx_nss[rate.nss - 1]++;
+--
+2.18.0
+
diff --git a/recipes-kernel/linux-mt76/files/patches/100-aggregation-definitions.patch b/recipes-kernel/linux-mt76/files/patches/100-aggregation-definitions.patch
new file mode 100644
index 0000000..a88d571
--- /dev/null
+++ b/recipes-kernel/linux-mt76/files/patches/100-aggregation-definitions.patch
@@ -0,0 +1,13 @@
+--- a/mt7915/init.c
++++ b/mt7915/init.c
+@@ -327,8 +327,8 @@ mt7915_init_wiphy(struct ieee80211_hw *h
+ struct mt7915_dev *dev = phy->dev;
+
+ hw->queues = 4;
+- hw->max_rx_aggregation_subframes = IEEE80211_MAX_AMPDU_BUF;
+- hw->max_tx_aggregation_subframes = IEEE80211_MAX_AMPDU_BUF;
++ hw->max_rx_aggregation_subframes = IEEE80211_MAX_AMPDU_BUF_HE;
++ hw->max_tx_aggregation_subframes = IEEE80211_MAX_AMPDU_BUF_HE;
+ hw->netdev_features = NETIF_F_RXCSUM;
+
+ hw->radiotap_timestamp.units_pos =
diff --git a/recipes-kernel/linux-mt76/files/patches/patches.inc b/recipes-kernel/linux-mt76/files/patches/patches.inc
index f771e06..cd457a5 100644
--- a/recipes-kernel/linux-mt76/files/patches/patches.inc
+++ b/recipes-kernel/linux-mt76/files/patches/patches.inc
@@ -3,7 +3,9 @@
file://0001-mt76-mt7915-rework-testmode-init-registers.patch \
file://0002-mt76-mt7915-rework-rx-testmode-stats.patch \
file://0003-mt76-mt7915-drop-undefined-action-frame.patch \
+ file://0004-mt76-connac-update-nss-calculation-in-txs.patch \
file://100-Revert-of-net-pass-the-dst-buffer-to-of_get_mac_addr.patch \
+ file://100-aggregation-definitions.patch \
file://1001-mt76-mt7915-add-mtk-internal-debug-tools-for-mt76.patch \
file://1002-mt76-mt7915-csi-implement-csi-support.patch \
file://1003-mt76-mt7915-air-monitor-support.patch \
diff --git a/recipes-kernel/linux-mt76/files/src/firmware/mt7996_eeprom.bin b/recipes-kernel/linux-mt76/files/src/firmware/mt7996_eeprom.bin
new file mode 100644
index 0000000..19d8126
--- /dev/null
+++ b/recipes-kernel/linux-mt76/files/src/firmware/mt7996_eeprom.bin
Binary files differ
diff --git a/recipes-kernel/linux-mt76/files/src/firmware/mt7996_rom_patch.bin b/recipes-kernel/linux-mt76/files/src/firmware/mt7996_rom_patch.bin
new file mode 100644
index 0000000..c954b15
--- /dev/null
+++ b/recipes-kernel/linux-mt76/files/src/firmware/mt7996_rom_patch.bin
Binary files differ
diff --git a/recipes-kernel/linux-mt76/files/src/firmware/mt7996_wa.bin b/recipes-kernel/linux-mt76/files/src/firmware/mt7996_wa.bin
new file mode 100644
index 0000000..c239864
--- /dev/null
+++ b/recipes-kernel/linux-mt76/files/src/firmware/mt7996_wa.bin
Binary files differ
diff --git a/recipes-kernel/linux-mt76/files/src/firmware/mt7996_wm.bin b/recipes-kernel/linux-mt76/files/src/firmware/mt7996_wm.bin
new file mode 100644
index 0000000..dcfc7f4
--- /dev/null
+++ b/recipes-kernel/linux-mt76/files/src/firmware/mt7996_wm.bin
Binary files differ
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/generic/backport-5.4/416-v6.1-mtd-core-add-missing-of_node_get-in-dynamic-partitio.patch b/recipes-kernel/linux/linux-mediatek-5.4/generic/backport-5.4/416-v6.1-mtd-core-add-missing-of_node_get-in-dynamic-partitio.patch
new file mode 100644
index 0000000..a22eda1
--- /dev/null
+++ b/recipes-kernel/linux/linux-mediatek-5.4/generic/backport-5.4/416-v6.1-mtd-core-add-missing-of_node_get-in-dynamic-partitio.patch
@@ -0,0 +1,101 @@
+From 12b58961de0bd88b3c7dfa5d21f6d67f4678b780 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Tue, 18 Oct 2022 07:18:22 +0200
+Subject: [PATCH] mtd: core: add missing of_node_get() in dynamic partitions
+ code
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This fixes unbalanced of_node_put():
+[ 1.078910] 6 cmdlinepart partitions found on MTD device gpmi-nand
+[ 1.085116] Creating 6 MTD partitions on "gpmi-nand":
+[ 1.090181] 0x000000000000-0x000008000000 : "nandboot"
+[ 1.096952] 0x000008000000-0x000009000000 : "nandfit"
+[ 1.103547] 0x000009000000-0x00000b000000 : "nandkernel"
+[ 1.110317] 0x00000b000000-0x00000c000000 : "nanddtb"
+[ 1.115525] ------------[ cut here ]------------
+[ 1.120141] refcount_t: addition on 0; use-after-free.
+[ 1.125328] WARNING: CPU: 0 PID: 1 at lib/refcount.c:25 refcount_warn_saturate+0xdc/0x148
+[ 1.133528] Modules linked in:
+[ 1.136589] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.0.0-rc7-next-20220930-04543-g8cf3f7
+[ 1.146342] Hardware name: Freescale i.MX8DXL DDR3L EVK (DT)
+[ 1.151999] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+[ 1.158965] pc : refcount_warn_saturate+0xdc/0x148
+[ 1.163760] lr : refcount_warn_saturate+0xdc/0x148
+[ 1.168556] sp : ffff800009ddb080
+[ 1.171866] x29: ffff800009ddb080 x28: ffff800009ddb35a x27: 0000000000000002
+[ 1.179015] x26: ffff8000098b06ad x25: ffffffffffffffff x24: ffff0a00ffffff05
+[ 1.186165] x23: ffff00001fdf6470 x22: ffff800009ddb367 x21: 0000000000000000
+[ 1.193314] x20: ffff00001fdfebe8 x19: ffff00001fdfec50 x18: ffffffffffffffff
+[ 1.200464] x17: 0000000000000000 x16: 0000000000000118 x15: 0000000000000004
+[ 1.207614] x14: 0000000000000fff x13: ffff800009bca248 x12: 0000000000000003
+[ 1.214764] x11: 00000000ffffefff x10: c0000000ffffefff x9 : 4762cb2ccb52de00
+[ 1.221914] x8 : 4762cb2ccb52de00 x7 : 205d313431303231 x6 : 312e31202020205b
+[ 1.229063] x5 : ffff800009d55c1f x4 : 0000000000000001 x3 : 0000000000000000
+[ 1.236213] x2 : 0000000000000000 x1 : ffff800009954be6 x0 : 000000000000002a
+[ 1.243365] Call trace:
+[ 1.245806] refcount_warn_saturate+0xdc/0x148
+[ 1.250253] kobject_get+0x98/0x9c
+[ 1.253658] of_node_get+0x20/0x34
+[ 1.257072] of_fwnode_get+0x3c/0x54
+[ 1.260652] fwnode_get_nth_parent+0xd8/0xf4
+[ 1.264926] fwnode_full_name_string+0x3c/0xb4
+[ 1.269373] device_node_string+0x498/0x5b4
+[ 1.273561] pointer+0x41c/0x5d0
+[ 1.276793] vsnprintf+0x4d8/0x694
+[ 1.280198] vprintk_store+0x164/0x528
+[ 1.283951] vprintk_emit+0x98/0x164
+[ 1.287530] vprintk_default+0x44/0x6c
+[ 1.291284] vprintk+0xf0/0x134
+[ 1.294428] _printk+0x54/0x7c
+[ 1.297486] of_node_release+0xe8/0x128
+[ 1.301326] kobject_put+0x98/0xfc
+[ 1.304732] of_node_put+0x1c/0x28
+[ 1.308137] add_mtd_device+0x484/0x6d4
+[ 1.311977] add_mtd_partitions+0xf0/0x1d0
+[ 1.316078] parse_mtd_partitions+0x45c/0x518
+[ 1.320439] mtd_device_parse_register+0xb0/0x274
+[ 1.325147] gpmi_nand_probe+0x51c/0x650
+[ 1.329074] platform_probe+0xa8/0xd0
+[ 1.332740] really_probe+0x130/0x334
+[ 1.336406] __driver_probe_device+0xb4/0xe0
+[ 1.340681] driver_probe_device+0x3c/0x1f8
+[ 1.344869] __driver_attach+0xdc/0x1a4
+[ 1.348708] bus_for_each_dev+0x80/0xcc
+[ 1.352548] driver_attach+0x24/0x30
+[ 1.356127] bus_add_driver+0x108/0x1f4
+[ 1.359967] driver_register+0x78/0x114
+[ 1.363807] __platform_driver_register+0x24/0x30
+[ 1.368515] gpmi_nand_driver_init+0x1c/0x28
+[ 1.372798] do_one_initcall+0xbc/0x238
+[ 1.376638] do_initcall_level+0x94/0xb4
+[ 1.380565] do_initcalls+0x54/0x94
+[ 1.384058] do_basic_setup+0x1c/0x28
+[ 1.387724] kernel_init_freeable+0x110/0x188
+[ 1.392084] kernel_init+0x20/0x1a0
+[ 1.395578] ret_from_fork+0x10/0x20
+[ 1.399157] ---[ end trace 0000000000000000 ]---
+[ 1.403782] ------------[ cut here ]------------
+
+Reported-by: Han Xu <han.xu@nxp.com>
+Fixes: ad9b10d1eaada169 ("mtd: core: introduce of support for dynamic partitions")
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+Tested-by: Han Xu <han.xu@nxp.com>
+Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
+Link: https://lore.kernel.org/linux-mtd/20221018051822.28685-1-zajec5@gmail.com
+---
+ drivers/mtd/mtdcore.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/mtd/mtdcore.c
++++ b/drivers/mtd/mtdcore.c
+@@ -605,7 +605,7 @@ static void mtd_check_of_node(struct mtd
+ if (!mtd_is_partition(mtd))
+ return;
+ parent = mtd_get_master(mtd);
+- parent_dn = dev_of_node(&parent->dev);
++ parent_dn = of_node_get(dev_of_node(&parent->dev));
+ if (!parent_dn)
+ return;
+
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/generic/backport-5.4/backport-5.4.inc b/recipes-kernel/linux/linux-mediatek-5.4/generic/backport-5.4/backport-5.4.inc
index 7dc0b8d..1da3a5a 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/generic/backport-5.4/backport-5.4.inc
+++ b/recipes-kernel/linux/linux-mediatek-5.4/generic/backport-5.4/backport-5.4.inc
@@ -170,6 +170,7 @@
file://413-v6.0-mtd-next-mtd-core-introduce-of-support-for-dynamic-partitions.patch \
file://414-v6.1-mtd-allow-getting-MTD-device-associated-with-a-speci.patch \
file://415-v6.0-mtd-core-check-partition-before-dereference.patch \
+ file://416-v6.1-mtd-core-add-missing-of_node_get-in-dynamic-partitio.patch \
file://430-mtd-spinand-macronix-Add-support-for-MX31LF1GE4BC.patch \
file://431-mtd-spinand-macronix-Add-support-for-MX31UF1GE4BC.patch \
file://432-mtd-spinand-macronix-Add-support-for-MX35LFxGE4AD.patch \
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988.dtsi b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988.dtsi
index a4d3f2f..604f5aa 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988.dtsi
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988.dtsi
@@ -397,6 +397,11 @@
<0 0x0f0f0000 0 0x200>;
};
+ boottrap: boottrap@1001f6f0 {
+ compatible = "mediatek,boottrap";
+ reg = <0 0x1001f6f0 0 0x20>;
+ };
+
gic: interrupt-controller@c000000 {
compatible = "arm,gic-v3";
#interrupt-cells = <3>;
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-emmc.dts b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-emmc.dts
index 21eab01..373fdc3 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-emmc.dts
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-emmc.dts
@@ -210,21 +210,29 @@
port@0 {
reg = <0>;
label = "lan0";
+ phy-mode = "gmii";
+ phy-handle = <&sphy0>;
};
port@1 {
reg = <1>;
label = "lan1";
+ phy-mode = "gmii";
+ phy-handle = <&sphy1>;
};
port@2 {
reg = <2>;
label = "lan2";
+ phy-mode = "gmii";
+ phy-handle = <&sphy2>;
};
port@3 {
reg = <3>;
label = "lan3";
+ phy-mode = "gmii";
+ phy-handle = <&sphy3>;
};
port@6 {
@@ -240,6 +248,52 @@
};
};
};
+
+ mdio {
+ compatible = "mediatek,dsa-slave-mdio";
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ sphy0: switch_phy0@0 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <0>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p0>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy1: switch_phy1@1 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <1>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p1>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy2: switch_phy2@2 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <2>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p2>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy3: switch_phy3@3 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <3>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p3>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+ };
};
};
};
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-sd.dts b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-sd.dts
index bc2d427..2b20e0b 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-sd.dts
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-sd.dts
@@ -201,21 +201,29 @@
port@0 {
reg = <0>;
label = "lan0";
+ phy-mode = "gmii";
+ phy-handle = <&sphy0>;
};
port@1 {
reg = <1>;
label = "lan1";
+ phy-mode = "gmii";
+ phy-handle = <&sphy1>;
};
port@2 {
reg = <2>;
label = "lan2";
+ phy-mode = "gmii";
+ phy-handle = <&sphy2>;
};
port@3 {
reg = <3>;
label = "lan3";
+ phy-mode = "gmii";
+ phy-handle = <&sphy3>;
};
port@6 {
@@ -231,6 +239,52 @@
};
};
};
+
+ mdio {
+ compatible = "mediatek,dsa-slave-mdio";
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ sphy0: switch_phy0@0 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <0>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p0>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy1: switch_phy1@1 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <1>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p1>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy2: switch_phy2@2 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <2>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p2>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy3: switch_phy3@3 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <3>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p3>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+ };
};
};
};
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-snfi-nand.dts b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-snfi-nand.dts
index 15d38ec..8e49212 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-snfi-nand.dts
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-snfi-nand.dts
@@ -236,21 +236,29 @@
port@0 {
reg = <0>;
label = "lan0";
+ phy-mode = "gmii";
+ phy-handle = <&sphy0>;
};
port@1 {
reg = <1>;
label = "lan1";
+ phy-mode = "gmii";
+ phy-handle = <&sphy1>;
};
port@2 {
reg = <2>;
label = "lan2";
+ phy-mode = "gmii";
+ phy-handle = <&sphy2>;
};
port@3 {
reg = <3>;
label = "lan3";
+ phy-mode = "gmii";
+ phy-handle = <&sphy3>;
};
port@6 {
@@ -266,6 +274,52 @@
};
};
};
+
+ mdio {
+ compatible = "mediatek,dsa-slave-mdio";
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ sphy0: switch_phy0@0 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <0>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p0>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy1: switch_phy1@1 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <1>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p1>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy2: switch_phy2@2 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <2>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p2>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy3: switch_phy3@3 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <3>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p3>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+ };
};
};
};
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-spim-nand.dts b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-spim-nand.dts
index 6a289ff..c707291 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-spim-nand.dts
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-spim-nand.dts
@@ -249,21 +249,29 @@
port@0 {
reg = <0>;
label = "lan0";
+ phy-mode = "gmii";
+ phy-handle = <&sphy0>;
};
port@1 {
reg = <1>;
label = "lan1";
+ phy-mode = "gmii";
+ phy-handle = <&sphy1>;
};
port@2 {
reg = <2>;
label = "lan2";
+ phy-mode = "gmii";
+ phy-handle = <&sphy2>;
};
port@3 {
reg = <3>;
label = "lan3";
+ phy-mode = "gmii";
+ phy-handle = <&sphy3>;
};
port@6 {
@@ -279,6 +287,52 @@
};
};
};
+
+ mdio {
+ compatible = "mediatek,dsa-slave-mdio";
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ sphy0: switch_phy0@0 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <0>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p0>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy1: switch_phy1@1 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <1>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p1>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy2: switch_phy2@2 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <2>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p2>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy3: switch_phy3@3 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <3>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p3>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+ };
};
};
};
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-spim-nor.dts b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-spim-nor.dts
index 4edf1f0..8e832f3 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-spim-nor.dts
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-10g-spim-nor.dts
@@ -226,21 +226,29 @@
port@0 {
reg = <0>;
label = "lan0";
+ phy-mode = "gmii";
+ phy-handle = <&sphy0>;
};
port@1 {
reg = <1>;
label = "lan1";
+ phy-mode = "gmii";
+ phy-handle = <&sphy1>;
};
port@2 {
reg = <2>;
label = "lan2";
+ phy-mode = "gmii";
+ phy-handle = <&sphy2>;
};
port@3 {
reg = <3>;
label = "lan3";
+ phy-mode = "gmii";
+ phy-handle = <&sphy3>;
};
port@6 {
@@ -256,6 +264,52 @@
};
};
};
+
+ mdio {
+ compatible = "mediatek,dsa-slave-mdio";
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ sphy0: switch_phy0@0 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <0>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p0>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy1: switch_phy1@1 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <1>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p1>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy2: switch_phy2@2 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <2>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p2>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy3: switch_phy3@3 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <3>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p3>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+ };
};
};
};
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-e2p5g-spim-nand.dts b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-e2p5g-spim-nand.dts
index ed60643..8f0d5c9 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-e2p5g-spim-nand.dts
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-e2p5g-spim-nand.dts
@@ -322,21 +322,29 @@
port@0 {
reg = <0>;
label = "lan0";
+ phy-mode = "gmii";
+ phy-handle = <&sphy0>;
};
port@1 {
reg = <1>;
label = "lan1";
+ phy-mode = "gmii";
+ phy-handle = <&sphy1>;
};
port@2 {
reg = <2>;
label = "lan2";
+ phy-mode = "gmii";
+ phy-handle = <&sphy2>;
};
port@3 {
reg = <3>;
label = "lan3";
+ phy-mode = "gmii";
+ phy-handle = <&sphy3>;
};
port@6 {
@@ -352,6 +360,52 @@
};
};
};
+
+ mdio {
+ compatible = "mediatek,dsa-slave-mdio";
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ sphy0: switch_phy0@0 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <0>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p0>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy1: switch_phy1@1 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <1>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p1>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy2: switch_phy2@2 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <2>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p2>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy3: switch_phy3@3 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <3>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p3>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+ };
};
};
};
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-i2p5g-spim-nand.dts b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-i2p5g-spim-nand.dts
index d07634b..e0ffe52 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-i2p5g-spim-nand.dts
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/arch/arm64/boot/dts/mediatek/mt7988a-dsa-i2p5g-spim-nand.dts
@@ -239,21 +239,29 @@
port@0 {
reg = <0>;
label = "lan0";
+ phy-mode = "gmii";
+ phy-handle = <&sphy0>;
};
port@1 {
reg = <1>;
label = "lan1";
+ phy-mode = "gmii";
+ phy-handle = <&sphy1>;
};
port@2 {
reg = <2>;
label = "lan2";
+ phy-mode = "gmii";
+ phy-handle = <&sphy2>;
};
port@3 {
reg = <3>;
label = "lan3";
+ phy-mode = "gmii";
+ phy-handle = <&sphy3>;
};
port@6 {
@@ -269,6 +277,52 @@
};
};
};
+
+ mdio {
+ compatible = "mediatek,dsa-slave-mdio";
+ #address-cells = <1>;
+ #size-cells = <0>;
+
+ sphy0: switch_phy0@0 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <0>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p0>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy1: switch_phy1@1 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <1>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p1>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy2: switch_phy2@2 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <2>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p2>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+
+ sphy3: switch_phy3@3 {
+ compatible = "ethernet-phy-id03a2.9481";
+ reg = <3>;
+ phy-mode = "gmii";
+ rext = "efuse";
+ tx_r50 = "efuse";
+ nvmem-cells = <&phy_calibration_p3>;
+ nvmem-cell-names = "phy-cal-data";
+ };
+ };
};
};
};
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
index b86c1b9..8221cbc 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
@@ -1357,7 +1357,7 @@
if (hnat_priv->data->per_flow_accounting)
entry.ipv4_dslite.iblk2.mibf = 1;
/* Map-E LAN->WAN record inner IPv4 header info. */
-#if defined(CONFIG_MEDIATEK_NETSYS_V2)
+#if defined(CONFIG_MEDIATEK_NETSYS_V2) || defined(CONFIG_MEDIATEK_NETSYS_V3)
if (mape_toggle) {
entry.ipv4_dslite.iblk2.dscp = foe->ipv4_dslite.iblk2.dscp;
entry.ipv4_mape.new_sip = foe->ipv4_mape.new_sip;
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_usxgmii.c b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_usxgmii.c
index aaefa80..363de90 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_usxgmii.c
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_usxgmii.c
@@ -316,7 +316,7 @@
break;
}
- udelay(100);
+ mdelay(1);
}
int mtk_usxgmii_setup_mode_an(struct mtk_xgmii *ss, int mac_id, int max_speed)
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/phy/mediatek-ge.c b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/phy/mediatek-ge.c
index 50729d6..fd3022f 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/phy/mediatek-ge.c
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/phy/mediatek-ge.c
@@ -2,6 +2,7 @@
#include <linux/bitfield.h>
#include <linux/module.h>
#include <linux/nvmem-consumer.h>
+#include <linux/of_address.h>
#include <linux/of_platform.h>
#include <linux/phy.h>
@@ -177,6 +178,30 @@
/* Registers on MDIO_MMD_VEND2 */
+#define MTK_PHY_LED0_ON_CTRL (0x24)
+#define MTK_PHY_LED0_ON_MASK GENMASK(6, 0)
+#define MTK_PHY_LED0_ON_LINK1000 BIT(0)
+#define MTK_PHY_LED0_ON_LINK100 BIT(1)
+#define MTK_PHY_LED0_ON_LINK10 BIT(2)
+#define MTK_PHY_LED0_ON_LINKDOWN BIT(3)
+#define MTK_PHY_LED0_ON_FDX BIT(4) /* Full duplex */
+#define MTK_PHY_LED0_ON_HDX BIT(5) /* Half duplex */
+#define MTK_PHY_LED0_FORCE_ON BIT(6)
+#define MTK_PHY_LED0_POLARITY BIT(14)
+#define MTK_PHY_LED0_ENABLE BIT(15)
+
+#define MTK_PHY_LED0_BLINK_CTRL (0x25)
+#define MTK_PHY_LED0_1000TX BIT(0)
+#define MTK_PHY_LED0_1000RX BIT(1)
+#define MTK_PHY_LED0_100TX BIT(2)
+#define MTK_PHY_LED0_100RX BIT(3)
+#define MTK_PHY_LED0_10TX BIT(4)
+#define MTK_PHY_LED0_10RX BIT(5)
+#define MTK_PHY_LED0_COLLISION BIT(6)
+#define MTK_PHY_LED0_RX_CRC_ERR BIT(7)
+#define MTK_PHY_LED0_RX_IDLE_ERR BIT(8)
+#define MTK_PHY_LED0_FORCE_BLINK BIT(9)
+
#define MTK_PHY_ANA_TEST_BUS_CTRL_RG (0x100)
#define MTK_PHY_ANA_TEST_MODE_MASK GENMASK(15, 8)
@@ -217,6 +242,13 @@
PAIR_D,
} phy_cal_pair_t;
+enum {
+ GPHY_PORT0,
+ GPHY_PORT1,
+ GPHY_PORT2,
+ GPHY_PORT3,
+};
+
const u8 mt798x_zcal_to_r50[64] = {
7, 8, 9, 9, 10, 10, 11, 11,
12, 13, 13, 14, 14, 15, 16, 16,
@@ -958,6 +990,38 @@
static int mt7988_phy_config_init(struct phy_device *phydev)
{
+ struct device_node *np;
+ void __iomem *boottrap;
+ u32 reg;
+ int port;
+
+ /* Setup LED polarity according to boottrap's polarity */
+ np = of_find_compatible_node(NULL, NULL, "mediatek,boottrap");
+ if (!np)
+ return -ENOENT;
+ boottrap = of_iomap(np, 0);
+ if (!boottrap)
+ return -ENOMEM;
+ reg = readl(boottrap);
+ port = phydev->mdio.addr;
+ if ((port == GPHY_PORT0 && reg & BIT(8)) ||
+ (port == GPHY_PORT1 && reg & BIT(9)) ||
+ (port == GPHY_PORT2 && reg & BIT(10)) ||
+ (port == GPHY_PORT3 && reg & BIT(11))) {
+ phy_write_mmd(phydev, MDIO_MMD_VEND2, MTK_PHY_LED0_ON_CTRL,
+ MTK_PHY_LED0_ENABLE | MTK_PHY_LED0_ON_LINK10 |
+ MTK_PHY_LED0_ON_LINK100 | MTK_PHY_LED0_ON_LINK1000);
+ } else {
+ phy_write_mmd(phydev, MDIO_MMD_VEND2, MTK_PHY_LED0_ON_CTRL,
+ MTK_PHY_LED0_ENABLE | MTK_PHY_LED0_POLARITY |
+ MTK_PHY_LED0_ON_LINK10 | MTK_PHY_LED0_ON_LINK100 |
+ MTK_PHY_LED0_ON_LINK1000);
+ }
+ phy_write_mmd(phydev, MDIO_MMD_VEND2, MTK_PHY_LED0_BLINK_CTRL,
+ MTK_PHY_LED0_1000TX | MTK_PHY_LED0_1000RX |
+ MTK_PHY_LED0_100TX | MTK_PHY_LED0_100RX |
+ MTK_PHY_LED0_10TX | MTK_PHY_LED0_10RX);
+
mt7988_phy_finetune(phydev);
return mt798x_phy_calibration(phydev);
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/pinctrl/mediatek/pinctrl-mt7988.c b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/pinctrl/mediatek/pinctrl-mt7988.c
index 3be91dd..7521c14 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/pinctrl/mediatek/pinctrl-mt7988.c
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/pinctrl/mediatek/pinctrl-mt7988.c
@@ -1026,9 +1026,13 @@
static int mt7988_udi_pins[] = { 32, 33, 34, 35, 36 };
static int mt7988_udi_funcs[] = { 4, 4, 4, 4, 4 };
+/* i2s */
+static int mt7988_i2s_pins[] = { 50, 51, 52, 53, 54 };
+static int mt7988_i2s_funcs[] = { 1, 1, 1, 1, 1 };
+
/* pcm */
-static int mt7988_pcm_pins[] = { 50, 51, 52, 53, 54 };
-static int mt7988_pcm_funcs[] = { 1, 1, 1, 1, 1 };
+static int mt7988_pcm_pins[] = { 50, 51, 52, 53 };
+static int mt7988_pcm_funcs[] = { 1, 1, 1, 1 };
/* led */
static int mt7988_gbe_led1_pins[] = { 58, 59, 60, 61 };
@@ -1179,7 +1183,9 @@
PINCTRL_PIN_GROUP("2p5g_ext_mdio", mt7988_2p5g_ext_mdio),
/* @GPIO(30,31) gbe_ext_mdio */
PINCTRL_PIN_GROUP("gbe_ext_mdio", mt7988_gbe_ext_mdio),
- /* @GPIO(50,51,52,53,54) pcm */
+ /* @GPIO(50,51,52,53,54) i2s */
+ PINCTRL_PIN_GROUP("i2s", mt7988_i2s),
+ /* @GPIO(50,51,52,53) pcm */
PINCTRL_PIN_GROUP("pcm", mt7988_pcm),
/* @GPIO(55,56) uart0 */
PINCTRL_PIN_GROUP("uart0", mt7988_uart0),
@@ -1373,8 +1379,8 @@
static const char * const mt7988_udi_groups[] = {
"udi",
};
-static const char * const mt7988_pcm_groups[] = {
- "pcm",
+static const char * const mt7988_audio_groups[] = {
+ "i2s", "pcm",
};
static const char * const mt7988_led_groups[] = {
"gbe_led1", "2p5gbe_led1", "gbe_led0",
@@ -1386,6 +1392,7 @@
};
static const struct function_desc mt7988_functions[] = {
+ { "audio", mt7988_audio_groups, ARRAY_SIZE(mt7988_audio_groups) },
{ "jtag", mt7988_jtag_groups, ARRAY_SIZE(mt7988_jtag_groups) },
{ "int_usxgmii", mt7988_int_usxgmii_groups,
ARRAY_SIZE(mt7988_int_usxgmii_groups) },
@@ -1400,7 +1407,6 @@
{ "flash", mt7988_flash_groups, ARRAY_SIZE(mt7988_flash_groups) },
{ "uart", mt7988_uart_groups, ARRAY_SIZE(mt7988_uart_groups) },
{ "udi", mt7988_udi_groups, ARRAY_SIZE(mt7988_udi_groups) },
- { "pcm", mt7988_pcm_groups, ARRAY_SIZE(mt7988_pcm_groups) },
{ "usb", mt7988_usb_groups, ARRAY_SIZE(mt7988_usb_groups) },
{ "led", mt7988_led_groups, ARRAY_SIZE(mt7988_led_groups) },
};
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/mt7986.cfg b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/mt7986.cfg
index a8ecb3d..22f75b1 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/mt7986.cfg
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/mt7986.cfg
@@ -101,6 +101,7 @@
# CONFIG_COMMON_CLK_MT7622_HIFSYS is not set
# CONFIG_COMMON_CLK_MT7981 is not set
CONFIG_COMMON_CLK_MT7986=y
+# CONFIG_COMMON_CLK_MT7988 is not set
# CONFIG_COMMON_CLK_MT8173 is not set
CONFIG_COMMON_CLK_MT8183=y
# CONFIG_COMMON_CLK_MT8183_AUDIOSYS is not set
@@ -298,6 +299,7 @@
CONFIG_MD=y
CONFIG_MDIO_BUS=y
CONFIG_MDIO_DEVICE=y
+# CONFIG_MEDIATEK_2P5GE_PHY is not set
# CONFIG_MEDIATEK_GE_PHY is not set
CONFIG_MEDIATEK_MT6577_AUXADC=y
CONFIG_MEDIATEK_NETSYS_V2=y
@@ -335,6 +337,7 @@
CONFIG_MTK_INFRACFG=y
CONFIG_MTK_PMIC_WRAP=y
CONFIG_MTK_SCPSYS=y
+# CONFIG_MTK_SOC_THERMAL_LVTS is not set
CONFIG_MTK_SPI_NAND=y
CONFIG_MTK_THERMAL=y
CONFIG_MTK_TIMER=y
@@ -408,6 +411,7 @@
# CONFIG_PINCTRL_MT7622 is not set
# CONFIG_PINCTRL_MT7981 is not set
CONFIG_PINCTRL_MT7986=y
+CONFIG_PINCTRL_MT7988=y
# CONFIG_PINCTRL_MT8173 is not set
# CONFIG_PINCTRL_MT8183 is not set
CONFIG_PINCTRL_MT8516=y
@@ -434,12 +438,12 @@
CONFIG_RCU_NEED_SEGCBLIST=y
CONFIG_RCU_STALL_COMMON=y
CONFIG_REALTEK_PHY=y
-CONFIG_REFCOUNT_FULL=y
CONFIG_REGMAP=y
CONFIG_REGMAP_MMIO=y
CONFIG_REGULATOR=y
CONFIG_REGULATOR_FIXED_VOLTAGE=y
CONFIG_REGULATOR_MT6380=y
+# CONFIG_REGULATOR_RT5190A is not set
CONFIG_RESET_CONTROLLER=y
CONFIG_RESET_TI_SYSCON=y
CONFIG_RFS_ACCEL=y
@@ -532,7 +536,3 @@
CONFIG_ZLIB_DEFLATE=y
CONFIG_ZLIB_INFLATE=y
CONFIG_ZONE_DMA32=y
-# CONFIG_BPF_KPROBE_OVERRIDE is not set
-# CONFIG_KPROBE_EVENTS_ON_NOTRACE is not set
-# CONFIG_PREEMPTIRQ_DELAY_TEST is not set
-# CONFIG_HIST_TRIGGERS is not set
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/0491-mtd-spinand-macronix-suppress-mx35lf1ge4ab-warning-log.patch b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/0491-mtd-spinand-macronix-suppress-mx35lf1ge4ab-warning-log.patch
new file mode 100644
index 0000000..7951d63
--- /dev/null
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/0491-mtd-spinand-macronix-suppress-mx35lf1ge4ab-warning-log.patch
@@ -0,0 +1,11 @@
+--- a/drivers/mtd/nand/spi/macronix.c
++++ b/drivers/mtd/nand/spi/macronix.c
+@@ -86,7 +86,7 @@ static int mx35lf1ge4ab_ecc_get_status(s
+ if (mx35lf1ge4ab_get_eccsr(spinand, &eccsr))
+ return nand->eccreq.strength;
+
+- if (WARN_ON(eccsr > nand->eccreq.strength || !eccsr))
++ if (eccsr > nand->eccreq.strength || !eccsr)
+ return nand->eccreq.strength;
+
+ return eccsr;
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/patches-5.4.inc b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/patches-5.4.inc
index d63d381..01c12d3 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/patches-5.4.inc
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/patches-5.4.inc
@@ -35,6 +35,7 @@
file://0401-sound-refine-hw-params-and-hw-prepare.patch \
file://0402-sound-add-mt7986-driver.patch \
file://0490-mtd-spinand-winbond-Support-for-W25MxxGV-W25NxxKV-series.patch \
+ file://0491-mtd-spinand-macronix-suppress-mx35lf1ge4ab-warning-log.patch \
file://0500-v5.6-crypto-backport-inside-secure.patch \
file://0501-crypto-add-eip97-inside-secure-support.patch \
file://0502-dts-mt7623-eip97-inside-secure-support.patch \