Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

-7

MAINTAINERS

··· 27330 27330 W: http://www.marvell.com 27331 27331 F: drivers/i2c/busses/i2c-xlp9xx.c 27332 27332 27333 - XRA1403 GPIO EXPANDER 27334 - M: Nandor Han <nandor.han@ge.com> 27335 - L: linux-gpio@vger.kernel.org 27336 - S: Maintained 27337 - F: Documentation/devicetree/bindings/gpio/gpio-xra1403.txt 27338 - F: drivers/gpio/gpio-xra1403.c 27339 - 27340 27333 XTENSA XTFPGA PLATFORM SUPPORT 27341 27334 M: Max Filippov <jcmvbkbc@gmail.com> 27342 27335 S: Maintained

+1 -1

drivers/base/power/main.c

··· 1236 1236 */ 1237 1237 void dpm_resume_end(pm_message_t state) 1238 1238 { 1239 - pm_restore_gfp_mask(); 1240 1239 dpm_resume(state); 1240 + pm_restore_gfp_mask(); 1241 1241 dpm_complete(state); 1242 1242 } 1243 1243 EXPORT_SYMBOL_GPL(dpm_resume_end);

+1 -1

drivers/gpio/gpiolib-of.c

··· 708 708 unsigned int idx, unsigned long *flags) 709 709 { 710 710 char propname[32]; /* 32 is max size of property name */ 711 - enum of_gpio_flags of_flags; 711 + enum of_gpio_flags of_flags = 0; 712 712 const of_find_gpio_quirk *q; 713 713 struct gpio_desc *desc; 714 714

+3 -2

drivers/gpio/gpiolib.c

··· 3297 3297 static int gpio_chip_get_multiple(struct gpio_chip *gc, 3298 3298 unsigned long *mask, unsigned long *bits) 3299 3299 { 3300 - int ret; 3301 - 3302 3300 lockdep_assert_held(&gc->gpiodev->srcu); 3303 3301 3304 3302 if (gc->get_multiple) { 3303 + int ret; 3304 + 3305 3305 ret = gc->get_multiple(gc, mask, bits); 3306 3306 if (ret > 0) 3307 3307 return -EBADE; 3308 + return ret; 3308 3309 } 3309 3310 3310 3311 if (gc->get) {

+1 -1

drivers/net/can/m_can/m_can.c

··· 665 665 struct can_frame *frame; 666 666 u32 timestamp = 0; 667 667 668 - netdev_err(dev, "msg lost in rxf0\n"); 668 + netdev_dbg(dev, "msg lost in rxf0\n"); 669 669 670 670 stats->rx_errors++; 671 671 stats->rx_over_errors++;

+11 -7

drivers/net/ethernet/broadcom/bnxt/bnxt_coredump.c

··· 368 368 if (!ctxm->mem_valid || !seg_id) 369 369 continue; 370 370 371 - if (trace) 371 + if (trace) { 372 372 extra_hlen = BNXT_SEG_RCD_LEN; 373 + if (buf) { 374 + u16 trace_type = bnxt_bstore_to_trace[type]; 375 + 376 + bnxt_fill_drv_seg_record(bp, &record, ctxm, 377 + trace_type); 378 + } 379 + } 380 + 373 381 if (buf) 374 382 data = buf + BNXT_SEG_HDR_LEN + extra_hlen; 383 + 375 384 seg_len = bnxt_copy_ctx_mem(bp, ctxm, data, 0) + extra_hlen; 376 385 if (buf) { 377 386 bnxt_fill_coredump_seg_hdr(bp, &seg_hdr, NULL, seg_len, 378 387 0, 0, 0, comp_id, seg_id); 379 388 memcpy(buf, &seg_hdr, BNXT_SEG_HDR_LEN); 380 389 buf += BNXT_SEG_HDR_LEN; 381 - if (trace) { 382 - u16 trace_type = bnxt_bstore_to_trace[type]; 383 - 384 - bnxt_fill_drv_seg_record(bp, &record, ctxm, 385 - trace_type); 390 + if (trace) 386 391 memcpy(buf, &record, BNXT_SEG_RCD_LEN); 387 - } 388 392 buf += seg_len; 389 393 } 390 394 len += BNXT_SEG_HDR_LEN + seg_len;

+2

drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c

··· 487 487 488 488 if ((ets->tc_tx_bw[i] || ets->tc_tsa[i]) && i > bp->max_tc) 489 489 return -EINVAL; 490 + } 490 491 492 + for (i = 0; i < max_tc; i++) { 491 493 switch (ets->tc_tsa[i]) { 492 494 case IEEE_8021QAZ_TSA_STRICT: 493 495 break;

+1 -1

drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c

··· 115 115 tx_buf->action = XDP_REDIRECT; 116 116 tx_buf->xdpf = xdpf; 117 117 dma_unmap_addr_set(tx_buf, mapping, mapping); 118 - dma_unmap_len_set(tx_buf, len, 0); 118 + dma_unmap_len_set(tx_buf, len, len); 119 119 } 120 120 121 121 void bnxt_tx_int_xdp(struct bnxt *bp, struct bnxt_napi *bnapi, int budget)

+6 -2

drivers/net/ethernet/ibm/ibmvnic.h

··· 211 211 u8 reserved[72]; 212 212 } __packed __aligned(8); 213 213 214 - #define NUM_TX_STATS 3 215 214 struct ibmvnic_tx_queue_stats { 216 215 u64 batched_packets; 217 216 u64 direct_packets; ··· 218 219 u64 dropped_packets; 219 220 }; 220 221 221 - #define NUM_RX_STATS 3 222 + #define NUM_TX_STATS \ 223 + (sizeof(struct ibmvnic_tx_queue_stats) / sizeof(u64)) 224 + 222 225 struct ibmvnic_rx_queue_stats { 223 226 u64 packets; 224 227 u64 bytes; 225 228 u64 interrupts; 226 229 }; 230 + 231 + #define NUM_RX_STATS \ 232 + (sizeof(struct ibmvnic_rx_queue_stats) / sizeof(u64)) 227 233 228 234 struct ibmvnic_acl_buffer { 229 235 __be32 len;

+7 -2

drivers/net/ethernet/mellanox/mlx5/core/en/fs.h

··· 18 18 19 19 enum { 20 20 MLX5E_TC_PRIO = 0, 21 - MLX5E_NIC_PRIO 21 + MLX5E_PROMISC_PRIO, 22 + MLX5E_NIC_PRIO, 22 23 }; 23 24 24 25 struct mlx5e_flow_table { ··· 69 68 MLX5_HASH_FIELD_SEL_DST_IP |\ 70 69 MLX5_HASH_FIELD_SEL_IPSEC_SPI) 71 70 72 - /* NIC prio FTS */ 71 + /* NIC promisc FT level */ 73 72 enum { 74 73 MLX5E_PROMISC_FT_LEVEL, 74 + }; 75 + 76 + /* NIC prio FTS */ 77 + enum { 75 78 MLX5E_VLAN_FT_LEVEL, 76 79 MLX5E_L2_FT_LEVEL, 77 80 MLX5E_TTC_FT_LEVEL,

+2 -2

drivers/net/ethernet/mellanox/mlx5/core/en_dim.c

··· 113 113 __set_bit(MLX5E_RQ_STATE_DIM, &rq->state); 114 114 } else { 115 115 __clear_bit(MLX5E_RQ_STATE_DIM, &rq->state); 116 - 116 + synchronize_net(); 117 117 mlx5e_dim_disable(rq->dim); 118 118 rq->dim = NULL; 119 119 } ··· 140 140 __set_bit(MLX5E_SQ_STATE_DIM, &sq->state); 141 141 } else { 142 142 __clear_bit(MLX5E_SQ_STATE_DIM, &sq->state); 143 - 143 + synchronize_net(); 144 144 mlx5e_dim_disable(sq->dim); 145 145 sq->dim = NULL; 146 146 }

+1 -1

drivers/net/ethernet/mellanox/mlx5/core/en_fs.c

··· 780 780 ft_attr.max_fte = MLX5E_PROMISC_TABLE_SIZE; 781 781 ft_attr.autogroup.max_num_groups = 1; 782 782 ft_attr.level = MLX5E_PROMISC_FT_LEVEL; 783 - ft_attr.prio = MLX5E_NIC_PRIO; 783 + ft_attr.prio = MLX5E_PROMISC_PRIO; 784 784 785 785 ft->t = mlx5_create_auto_grouped_flow_table(fs->ns, &ft_attr); 786 786 if (IS_ERR(ft->t)) {

+1

drivers/net/ethernet/mellanox/mlx5/core/esw/qos.c

··· 2043 2043 return err; 2044 2044 } 2045 2045 esw_qos_node_set_parent(node, parent); 2046 + node->bw_share = 0; 2046 2047 2047 2048 return 0; 2048 2049 }

+9 -4

drivers/net/ethernet/mellanox/mlx5/core/fs_core.c

··· 113 113 #define ETHTOOL_PRIO_NUM_LEVELS 1 114 114 #define ETHTOOL_NUM_PRIOS 11 115 115 #define ETHTOOL_MIN_LEVEL (KERNEL_MIN_LEVEL + ETHTOOL_NUM_PRIOS) 116 - /* Promiscuous, Vlan, mac, ttc, inner ttc, {UDP/ANY/aRFS/accel/{esp, esp_err}}, IPsec policy, 116 + /* Vlan, mac, ttc, inner ttc, {UDP/ANY/aRFS/accel/{esp, esp_err}}, IPsec policy, 117 117 * {IPsec RoCE MPV,Alias table},IPsec RoCE policy 118 118 */ 119 - #define KERNEL_NIC_PRIO_NUM_LEVELS 11 119 + #define KERNEL_NIC_PRIO_NUM_LEVELS 10 120 120 #define KERNEL_NIC_NUM_PRIOS 1 121 - /* One more level for tc */ 122 - #define KERNEL_MIN_LEVEL (KERNEL_NIC_PRIO_NUM_LEVELS + 1) 121 + /* One more level for tc, and one more for promisc */ 122 + #define KERNEL_MIN_LEVEL (KERNEL_NIC_PRIO_NUM_LEVELS + 2) 123 + 124 + #define KERNEL_NIC_PROMISC_NUM_PRIOS 1 125 + #define KERNEL_NIC_PROMISC_NUM_LEVELS 1 123 126 124 127 #define KERNEL_NIC_TC_NUM_PRIOS 1 125 128 #define KERNEL_NIC_TC_NUM_LEVELS 3 ··· 190 187 ADD_NS(MLX5_FLOW_TABLE_MISS_ACTION_DEF, 191 188 ADD_MULTIPLE_PRIO(KERNEL_NIC_TC_NUM_PRIOS, 192 189 KERNEL_NIC_TC_NUM_LEVELS), 190 + ADD_MULTIPLE_PRIO(KERNEL_NIC_PROMISC_NUM_PRIOS, 191 + KERNEL_NIC_PROMISC_NUM_LEVELS), 193 192 ADD_MULTIPLE_PRIO(KERNEL_NIC_NUM_PRIOS, 194 193 KERNEL_NIC_PRIO_NUM_LEVELS))), 195 194 ADD_PRIO(0, BY_PASS_MIN_LEVEL, 0, FS_CHAINING_CAPS,

+1 -1

drivers/net/ethernet/xilinx/ll_temac_main.c

··· 1309 1309 if (ering->rx_pending > RX_BD_NUM_MAX || 1310 1310 ering->rx_mini_pending || 1311 1311 ering->rx_jumbo_pending || 1312 - ering->rx_pending > TX_BD_NUM_MAX) 1312 + ering->tx_pending > TX_BD_NUM_MAX) 1313 1313 return -EINVAL; 1314 1314 1315 1315 if (netif_running(ndev))

+2 -1

drivers/net/phy/microchip.c

··· 332 332 * As workaround, set to 10 before setting to 100 333 333 * at forced 100 F/H mode. 334 334 */ 335 - if (!phydev->autoneg && phydev->speed == 100) { 335 + if (phydev->state == PHY_NOLINK && !phydev->autoneg && phydev->speed == 100) { 336 336 /* disable phy interrupt */ 337 337 temp = phy_read(phydev, LAN88XX_INT_MASK); 338 338 temp &= ~LAN88XX_INT_MASK_MDINTPIN_EN_; ··· 488 488 .config_init = lan88xx_config_init, 489 489 .config_aneg = lan88xx_config_aneg, 490 490 .link_change_notify = lan88xx_link_change_notify, 491 + .soft_reset = genphy_soft_reset, 491 492 492 493 /* Interrupt handling is broken, do not define related 493 494 * functions to force polling.

+3 -1

drivers/net/wireless/marvell/mwifiex/util.c

··· 459 459 "auth: receive authentication from %pM\n", 460 460 ieee_hdr->addr3); 461 461 } else { 462 - if (!priv->wdev.connected) 462 + if (!priv->wdev.connected || 463 + !ether_addr_equal(ieee_hdr->addr3, 464 + priv->curr_bss_params.bss_descriptor.mac_address)) 463 465 return 0; 464 466 465 467 if (ieee80211_is_deauth(ieee_hdr->frame_control)) {

+10

drivers/net/wireless/mediatek/mt76/mt76.h

··· 1226 1226 #define mt76_dereference(p, dev) \ 1227 1227 rcu_dereference_protected(p, lockdep_is_held(&(dev)->mutex)) 1228 1228 1229 + static inline struct mt76_wcid * 1230 + __mt76_wcid_ptr(struct mt76_dev *dev, u16 idx) 1231 + { 1232 + if (idx >= ARRAY_SIZE(dev->wcid)) 1233 + return NULL; 1234 + return rcu_dereference(dev->wcid[idx]); 1235 + } 1236 + 1237 + #define mt76_wcid_ptr(dev, idx) __mt76_wcid_ptr(&(dev)->mt76, idx) 1238 + 1229 1239 struct mt76_dev *mt76_alloc_device(struct device *pdev, unsigned int size, 1230 1240 const struct ieee80211_ops *ops, 1231 1241 const struct mt76_driver_ops *drv_ops);

+1 -1

drivers/net/wireless/mediatek/mt76/mt7603/dma.c

··· 44 44 if (idx >= MT7603_WTBL_STA - 1) 45 45 goto free; 46 46 47 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 47 + wcid = mt76_wcid_ptr(dev, idx); 48 48 if (!wcid) 49 49 goto free; 50 50

+2 -8

drivers/net/wireless/mediatek/mt76/mt7603/mac.c

··· 487 487 struct mt7603_sta *sta; 488 488 struct mt76_wcid *wcid; 489 489 490 - if (idx >= MT7603_WTBL_SIZE) 491 - return NULL; 492 - 493 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 490 + wcid = mt76_wcid_ptr(dev, idx); 494 491 if (unicast || !wcid) 495 492 return wcid; 496 493 ··· 1263 1266 if (pid == MT_PACKET_ID_NO_ACK) 1264 1267 return; 1265 1268 1266 - if (wcidx >= MT7603_WTBL_SIZE) 1267 - return; 1268 - 1269 1269 rcu_read_lock(); 1270 1270 1271 - wcid = rcu_dereference(dev->mt76.wcid[wcidx]); 1271 + wcid = mt76_wcid_ptr(dev, wcidx); 1272 1272 if (!wcid) 1273 1273 goto out; 1274 1274

+2 -5

drivers/net/wireless/mediatek/mt76/mt7615/mac.c

··· 90 90 struct mt7615_sta *sta; 91 91 struct mt76_wcid *wcid; 92 92 93 - if (idx >= MT7615_WTBL_SIZE) 94 - return NULL; 95 - 96 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 93 + wcid = mt76_wcid_ptr(dev, idx); 97 94 if (unicast || !wcid) 98 95 return wcid; 99 96 ··· 1501 1504 1502 1505 rcu_read_lock(); 1503 1506 1504 - wcid = rcu_dereference(dev->mt76.wcid[wcidx]); 1507 + wcid = mt76_wcid_ptr(dev, wcidx); 1505 1508 if (!wcid) 1506 1509 goto out; 1507 1510

+1 -1

drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c

··· 1172 1172 wcid_idx = wcid->idx; 1173 1173 } else { 1174 1174 wcid_idx = le32_get_bits(txwi[1], MT_TXD1_WLAN_IDX); 1175 - wcid = rcu_dereference(dev->wcid[wcid_idx]); 1175 + wcid = __mt76_wcid_ptr(dev, wcid_idx); 1176 1176 1177 1177 if (wcid && wcid->sta) { 1178 1178 sta = container_of((void *)wcid, struct ieee80211_sta,

+3 -3

drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c

··· 287 287 288 288 mt76_connac_mcu_get_wlan_idx(dev, wcid, &hdr.wlan_idx_lo, 289 289 &hdr.wlan_idx_hi); 290 - skb = mt76_mcu_msg_alloc(dev, NULL, len); 290 + skb = __mt76_mcu_msg_alloc(dev, NULL, len, len, GFP_ATOMIC); 291 291 if (!skb) 292 292 return ERR_PTR(-ENOMEM); 293 293 ··· 1740 1740 if (!sreq->ssids[i].ssid_len) 1741 1741 continue; 1742 1742 1743 - req->ssids[i].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len); 1744 - memcpy(req->ssids[i].ssid, sreq->ssids[i].ssid, 1743 + req->ssids[n_ssids].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len); 1744 + memcpy(req->ssids[n_ssids].ssid, sreq->ssids[i].ssid, 1745 1745 sreq->ssids[i].ssid_len); 1746 1746 n_ssids++; 1747 1747 }

+1 -4

drivers/net/wireless/mediatek/mt76/mt76x02.h

··· 262 262 { 263 263 struct mt76_wcid *wcid; 264 264 265 - if (idx >= MT76x02_N_WCIDS) 266 - return NULL; 267 - 268 - wcid = rcu_dereference(dev->wcid[idx]); 265 + wcid = __mt76_wcid_ptr(dev, idx); 269 266 if (!wcid) 270 267 return NULL; 271 268

+1 -3

drivers/net/wireless/mediatek/mt76/mt76x02_mac.c

··· 564 564 565 565 rcu_read_lock(); 566 566 567 - if (stat->wcid < MT76x02_N_WCIDS) 568 - wcid = rcu_dereference(dev->mt76.wcid[stat->wcid]); 569 - 567 + wcid = mt76_wcid_ptr(dev, stat->wcid); 570 568 if (wcid && wcid->sta) { 571 569 void *priv; 572 570

+3 -9

drivers/net/wireless/mediatek/mt76/mt7915/mac.c

··· 56 56 struct mt7915_sta *sta; 57 57 struct mt76_wcid *wcid; 58 58 59 - if (idx >= ARRAY_SIZE(dev->mt76.wcid)) 60 - return NULL; 61 - 62 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 59 + wcid = mt76_wcid_ptr(dev, idx); 63 60 if (unicast || !wcid) 64 61 return wcid; 65 62 ··· 914 917 u16 idx; 915 918 916 919 idx = FIELD_GET(MT_TX_FREE_WLAN_ID, info); 917 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 920 + wcid = mt76_wcid_ptr(dev, idx); 918 921 sta = wcid_to_sta(wcid); 919 922 if (!sta) 920 923 continue; ··· 1010 1013 if (pid < MT_PACKET_ID_WED) 1011 1014 return; 1012 1015 1013 - if (wcidx >= mt7915_wtbl_size(dev)) 1014 - return; 1015 - 1016 1016 rcu_read_lock(); 1017 1017 1018 - wcid = rcu_dereference(dev->mt76.wcid[wcidx]); 1018 + wcid = mt76_wcid_ptr(dev, wcidx); 1019 1019 if (!wcid) 1020 1020 goto out; 1021 1021

+1 -1

drivers/net/wireless/mediatek/mt76/mt7915/mcu.c

··· 3996 3996 3997 3997 rcu_read_lock(); 3998 3998 3999 - wcid = rcu_dereference(dev->mt76.wcid[wlan_idx]); 3999 + wcid = mt76_wcid_ptr(dev, wlan_idx); 4000 4000 if (wcid) 4001 4001 wcid->stats.tx_packets += le32_to_cpu(res->tx_packets); 4002 4002 else

+1 -4

drivers/net/wireless/mediatek/mt76/mt7915/mmio.c

··· 587 587 588 588 dev = container_of(wed, struct mt7915_dev, mt76.mmio.wed); 589 589 590 - if (idx >= mt7915_wtbl_size(dev)) 591 - return; 592 - 593 590 rcu_read_lock(); 594 591 595 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 592 + wcid = mt76_wcid_ptr(dev, idx); 596 593 if (wcid) { 597 594 wcid->stats.rx_bytes += le32_to_cpu(stats->rx_byte_cnt); 598 595 wcid->stats.rx_packets += le32_to_cpu(stats->rx_pkt_cnt);

+3 -3

drivers/net/wireless/mediatek/mt76/mt7921/mac.c

··· 465 465 466 466 rcu_read_lock(); 467 467 468 - wcid = rcu_dereference(dev->mt76.wcid[wcidx]); 468 + wcid = mt76_wcid_ptr(dev, wcidx); 469 469 if (!wcid) 470 470 goto out; 471 471 ··· 516 516 517 517 count++; 518 518 idx = FIELD_GET(MT_TX_FREE_WLAN_ID, info); 519 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 519 + wcid = mt76_wcid_ptr(dev, idx); 520 520 sta = wcid_to_sta(wcid); 521 521 if (!sta) 522 522 continue; ··· 818 818 u16 idx; 819 819 820 820 idx = le32_get_bits(txwi[1], MT_TXD1_WLAN_IDX); 821 - wcid = rcu_dereference(mdev->wcid[idx]); 821 + wcid = __mt76_wcid_ptr(mdev, idx); 822 822 sta = wcid_to_sta(wcid); 823 823 824 824 if (sta && likely(e->skb->protocol != cpu_to_be16(ETH_P_PAE)))

+3

drivers/net/wireless/mediatek/mt76/mt7921/main.c

··· 1182 1182 struct mt792x_sta *msta = (struct mt792x_sta *)sta->drv_priv; 1183 1183 struct mt792x_dev *dev = mt792x_hw_dev(hw); 1184 1184 1185 + if (!msta->deflink.wcid.sta) 1186 + return; 1187 + 1185 1188 mt792x_mutex_acquire(dev); 1186 1189 1187 1190 if (enabled)

+2

drivers/net/wireless/mediatek/mt76/mt7925/init.c

··· 52 52 53 53 name = devm_kasprintf(&wiphy->dev, GFP_KERNEL, "mt7925_%s", 54 54 wiphy_name(wiphy)); 55 + if (!name) 56 + return -ENOMEM; 55 57 56 58 hwmon = devm_hwmon_device_register_with_groups(&wiphy->dev, name, phy, 57 59 mt7925_hwmon_groups);

+3 -3

drivers/net/wireless/mediatek/mt76/mt7925/mac.c

··· 1040 1040 1041 1041 rcu_read_lock(); 1042 1042 1043 - wcid = rcu_dereference(dev->mt76.wcid[wcidx]); 1043 + wcid = mt76_wcid_ptr(dev, wcidx); 1044 1044 if (!wcid) 1045 1045 goto out; 1046 1046 ··· 1122 1122 u16 idx; 1123 1123 1124 1124 idx = FIELD_GET(MT_TXFREE_INFO_WLAN_ID, info); 1125 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 1125 + wcid = mt76_wcid_ptr(dev, idx); 1126 1126 sta = wcid_to_sta(wcid); 1127 1127 if (!sta) 1128 1128 continue; ··· 1445 1445 u16 idx; 1446 1446 1447 1447 idx = le32_get_bits(txwi[1], MT_TXD1_WLAN_IDX); 1448 - wcid = rcu_dereference(mdev->wcid[idx]); 1448 + wcid = __mt76_wcid_ptr(mdev, idx); 1449 1449 sta = wcid_to_sta(wcid); 1450 1450 1451 1451 if (sta && likely(e->skb->protocol != cpu_to_be16(ETH_P_PAE)))

+7 -1

drivers/net/wireless/mediatek/mt76/mt7925/main.c

··· 1482 1482 1483 1483 mt792x_mutex_acquire(dev); 1484 1484 1485 - err = mt7925_mcu_sched_scan_req(mphy, vif, req); 1485 + err = mt7925_mcu_sched_scan_req(mphy, vif, req, ies); 1486 1486 if (err < 0) 1487 1487 goto out; 1488 1488 ··· 1605 1605 unsigned long valid = mvif->valid_links; 1606 1606 u8 i; 1607 1607 1608 + if (!msta->vif) 1609 + return; 1610 + 1608 1611 mt792x_mutex_acquire(dev); 1609 1612 1610 1613 valid = ieee80211_vif_is_mld(vif) ? mvif->valid_links : BIT(0); ··· 1621 1618 set_bit(MT_WCID_FLAG_HDR_TRANS, &mlink->wcid.flags); 1622 1619 else 1623 1620 clear_bit(MT_WCID_FLAG_HDR_TRANS, &mlink->wcid.flags); 1621 + 1622 + if (!mlink->wcid.sta) 1623 + continue; 1624 1624 1625 1625 mt7925_mcu_wtbl_update_hdr_trans(dev, vif, sta, i); 1626 1626 }

+61 -18

drivers/net/wireless/mediatek/mt76/mt7925/mcu.c

··· 164 164 bool suspend, struct cfg80211_wowlan *wowlan) 165 165 { 166 166 struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv; 167 + struct ieee80211_scan_ies ies = {}; 167 168 struct mt76_dev *dev = phy->dev; 168 169 struct { 169 170 struct { ··· 195 194 req.wow_ctrl_tlv.trigger |= (UNI_WOW_DETECT_TYPE_DISCONNECT | 196 195 UNI_WOW_DETECT_TYPE_BCN_LOST); 197 196 if (wowlan->nd_config) { 198 - mt7925_mcu_sched_scan_req(phy, vif, wowlan->nd_config); 197 + mt7925_mcu_sched_scan_req(phy, vif, wowlan->nd_config, &ies); 199 198 req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_SCH_SCAN_HIT; 200 199 mt7925_mcu_sched_scan_enable(phy, vif, suspend); 201 200 } ··· 2819 2818 return err; 2820 2819 } 2821 2820 2821 + static void 2822 + mt7925_mcu_build_scan_ie_tlv(struct mt76_dev *mdev, 2823 + struct sk_buff *skb, 2824 + struct ieee80211_scan_ies *scan_ies) 2825 + { 2826 + u32 max_len = sizeof(struct scan_ie_tlv) + MT76_CONNAC_SCAN_IE_LEN; 2827 + struct scan_ie_tlv *ie; 2828 + enum nl80211_band i; 2829 + struct tlv *tlv; 2830 + const u8 *ies; 2831 + u16 ies_len; 2832 + 2833 + for (i = 0; i <= NL80211_BAND_6GHZ; i++) { 2834 + if (i == NL80211_BAND_60GHZ) 2835 + continue; 2836 + 2837 + ies = scan_ies->ies[i]; 2838 + ies_len = scan_ies->len[i]; 2839 + 2840 + if (!ies || !ies_len) 2841 + continue; 2842 + 2843 + if (ies_len > max_len) 2844 + return; 2845 + 2846 + tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, 2847 + sizeof(*ie) + ies_len); 2848 + ie = (struct scan_ie_tlv *)tlv; 2849 + 2850 + memcpy(ie->ies, ies, ies_len); 2851 + ie->ies_len = cpu_to_le16(ies_len); 2852 + 2853 + switch (i) { 2854 + case NL80211_BAND_2GHZ: 2855 + ie->band = 1; 2856 + break; 2857 + case NL80211_BAND_6GHZ: 2858 + ie->band = 3; 2859 + break; 2860 + default: 2861 + ie->band = 2; 2862 + break; 2863 + } 2864 + 2865 + max_len -= (sizeof(*ie) + ies_len); 2866 + } 2867 + } 2868 + 2822 2869 int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif, 2823 2870 struct ieee80211_scan_request *scan_req) 2824 2871 { ··· 2892 2843 2893 2844 max_len = sizeof(*hdr) + sizeof(*req) + sizeof(*ssid) + 2894 2845 sizeof(*bssid) * MT7925_RNR_SCAN_MAX_BSSIDS + 2895 - sizeof(*chan_info) + sizeof(*misc) + sizeof(*ie); 2846 + sizeof(*chan_info) + sizeof(*misc) + sizeof(*ie) + 2847 + MT76_CONNAC_SCAN_IE_LEN; 2896 2848 2897 2849 skb = mt76_mcu_msg_alloc(mdev, NULL, max_len); 2898 2850 if (!skb) ··· 2919 2869 if (i >= MT7925_RNR_SCAN_MAX_BSSIDS) 2920 2870 break; 2921 2871 2922 - ssid->ssids[i].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len); 2923 - memcpy(ssid->ssids[i].ssid, sreq->ssids[i].ssid, 2872 + ssid->ssids[n_ssids].ssid_len = cpu_to_le32(sreq->ssids[i].ssid_len); 2873 + memcpy(ssid->ssids[n_ssids].ssid, sreq->ssids[i].ssid, 2924 2874 sreq->ssids[i].ssid_len); 2925 2875 n_ssids++; 2926 2876 } ··· 2975 2925 } 2976 2926 chan_info->channel_type = sreq->n_channels ? 4 : 0; 2977 2927 2978 - tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie)); 2979 - ie = (struct scan_ie_tlv *)tlv; 2980 - if (sreq->ie_len > 0) { 2981 - memcpy(ie->ies, sreq->ie, sreq->ie_len); 2982 - ie->ies_len = cpu_to_le16(sreq->ie_len); 2983 - } 2984 - 2985 2928 req->scan_func |= SCAN_FUNC_SPLIT_SCAN; 2986 2929 2987 2930 tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_MISC, sizeof(*misc)); ··· 2984 2941 sreq->mac_addr_mask); 2985 2942 req->scan_func |= SCAN_FUNC_RANDOM_MAC; 2986 2943 } 2944 + 2945 + /* Append scan probe IEs as the last tlv */ 2946 + mt7925_mcu_build_scan_ie_tlv(mdev, skb, &scan_req->ies); 2987 2947 2988 2948 err = mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ), 2989 2949 true); ··· 2999 2953 3000 2954 int mt7925_mcu_sched_scan_req(struct mt76_phy *phy, 3001 2955 struct ieee80211_vif *vif, 3002 - struct cfg80211_sched_scan_request *sreq) 2956 + struct cfg80211_sched_scan_request *sreq, 2957 + struct ieee80211_scan_ies *ies) 3003 2958 { 3004 2959 struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv; 3005 2960 struct ieee80211_channel **scan_list = sreq->channels; ··· 3088 3041 } 3089 3042 chan_info->channel_type = sreq->n_channels ? 4 : 0; 3090 3043 3091 - tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie)); 3092 - ie = (struct scan_ie_tlv *)tlv; 3093 - if (sreq->ie_len > 0) { 3094 - memcpy(ie->ies, sreq->ie, sreq->ie_len); 3095 - ie->ies_len = cpu_to_le16(sreq->ie_len); 3096 - } 3044 + /* Append scan probe IEs as the last tlv */ 3045 + mt7925_mcu_build_scan_ie_tlv(mdev, skb, ies); 3097 3046 3098 3047 return mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ), 3099 3048 true);

+3 -2

drivers/net/wireless/mediatek/mt76/mt7925/mcu.h

··· 269 269 __le16 ies_len; 270 270 u8 band; 271 271 u8 pad; 272 - u8 ies[MT76_CONNAC_SCAN_IE_LEN]; 272 + u8 ies[]; 273 273 }; 274 274 275 275 struct scan_misc_tlv { ··· 673 673 struct ieee80211_vif *vif); 674 674 int mt7925_mcu_sched_scan_req(struct mt76_phy *phy, 675 675 struct ieee80211_vif *vif, 676 - struct cfg80211_sched_scan_request *sreq); 676 + struct cfg80211_sched_scan_request *sreq, 677 + struct ieee80211_scan_ies *ies); 677 678 int mt7925_mcu_sched_scan_enable(struct mt76_phy *phy, 678 679 struct ieee80211_vif *vif, 679 680 bool enable);

+1 -1

drivers/net/wireless/mediatek/mt76/mt7925/regs.h

··· 58 58 59 59 #define MT_INT_TX_DONE_MCU (MT_INT_TX_DONE_MCU_WM | \ 60 60 MT_INT_TX_DONE_FWDL) 61 - #define MT_INT_TX_DONE_ALL (MT_INT_TX_DONE_MCU_WM | \ 61 + #define MT_INT_TX_DONE_ALL (MT_INT_TX_DONE_MCU | \ 62 62 MT_INT_TX_DONE_BAND0 | \ 63 63 GENMASK(18, 4)) 64 64

+27 -5

drivers/net/wireless/mediatek/mt76/mt792x_core.c

··· 28 28 }, 29 29 }; 30 30 31 - static const struct ieee80211_iface_limit if_limits_chanctx[] = { 31 + static const struct ieee80211_iface_limit if_limits_chanctx_mcc[] = { 32 32 { 33 33 .max = 2, 34 34 .types = BIT(NL80211_IFTYPE_STATION) | ··· 36 36 }, 37 37 { 38 38 .max = 1, 39 - .types = BIT(NL80211_IFTYPE_AP) | 40 - BIT(NL80211_IFTYPE_P2P_GO) 39 + .types = BIT(NL80211_IFTYPE_P2P_GO) 40 + }, 41 + { 42 + .max = 1, 43 + .types = BIT(NL80211_IFTYPE_P2P_DEVICE) 44 + } 45 + }; 46 + 47 + static const struct ieee80211_iface_limit if_limits_chanctx_scc[] = { 48 + { 49 + .max = 2, 50 + .types = BIT(NL80211_IFTYPE_STATION) | 51 + BIT(NL80211_IFTYPE_P2P_CLIENT) 52 + }, 53 + { 54 + .max = 1, 55 + .types = BIT(NL80211_IFTYPE_AP) 41 56 }, 42 57 { 43 58 .max = 1, ··· 62 47 63 48 static const struct ieee80211_iface_combination if_comb_chanctx[] = { 64 49 { 65 - .limits = if_limits_chanctx, 66 - .n_limits = ARRAY_SIZE(if_limits_chanctx), 50 + .limits = if_limits_chanctx_mcc, 51 + .n_limits = ARRAY_SIZE(if_limits_chanctx_mcc), 67 52 .max_interfaces = 3, 68 53 .num_different_channels = 2, 54 + .beacon_int_infra_match = false, 55 + }, 56 + { 57 + .limits = if_limits_chanctx_scc, 58 + .n_limits = ARRAY_SIZE(if_limits_chanctx_scc), 59 + .max_interfaces = 3, 60 + .num_different_channels = 1, 69 61 .beacon_int_infra_match = false, 70 62 } 71 63 };

+1 -4

drivers/net/wireless/mediatek/mt76/mt792x_mac.c

··· 142 142 struct mt792x_sta *sta; 143 143 struct mt76_wcid *wcid; 144 144 145 - if (idx >= ARRAY_SIZE(dev->mt76.wcid)) 146 - return NULL; 147 - 148 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 145 + wcid = mt76_wcid_ptr(dev, idx); 149 146 if (unicast || !wcid) 150 147 return wcid; 151 148

+10 -42

drivers/net/wireless/mediatek/mt76/mt7996/mac.c

··· 61 61 struct mt76_wcid *wcid; 62 62 int i; 63 63 64 - if (idx >= ARRAY_SIZE(dev->mt76.wcid)) 65 - return NULL; 66 - 67 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 64 + wcid = mt76_wcid_ptr(dev, idx); 68 65 if (!wcid) 69 66 return NULL; 70 67 ··· 1241 1244 u16 idx; 1242 1245 1243 1246 idx = FIELD_GET(MT_TXFREE_INFO_WLAN_ID, info); 1244 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 1247 + wcid = mt76_wcid_ptr(dev, idx); 1245 1248 sta = wcid_to_sta(wcid); 1246 1249 if (!sta) 1247 1250 goto next; ··· 1466 1469 if (pid < MT_PACKET_ID_NO_SKB) 1467 1470 return; 1468 1471 1469 - if (wcidx >= mt7996_wtbl_size(dev)) 1470 - return; 1471 - 1472 1472 rcu_read_lock(); 1473 1473 1474 - wcid = rcu_dereference(dev->mt76.wcid[wcidx]); 1474 + wcid = mt76_wcid_ptr(dev, wcidx); 1475 1475 if (!wcid) 1476 1476 goto out; 1477 1477 ··· 2345 2351 void mt7996_mac_sta_rc_work(struct work_struct *work) 2346 2352 { 2347 2353 struct mt7996_dev *dev = container_of(work, struct mt7996_dev, rc_work); 2348 - struct ieee80211_bss_conf *link_conf; 2349 - struct ieee80211_link_sta *link_sta; 2350 2354 struct mt7996_sta_link *msta_link; 2351 - struct mt7996_vif_link *link; 2352 - struct mt76_vif_link *mlink; 2353 - struct ieee80211_sta *sta; 2354 2355 struct ieee80211_vif *vif; 2355 - struct mt7996_sta *msta; 2356 2356 struct mt7996_vif *mvif; 2357 2357 LIST_HEAD(list); 2358 2358 u32 changed; 2359 - u8 link_id; 2360 2359 2361 - rcu_read_lock(); 2362 2360 spin_lock_bh(&dev->mt76.sta_poll_lock); 2363 2361 list_splice_init(&dev->sta_rc_list, &list); 2364 2362 ··· 2361 2375 2362 2376 changed = msta_link->changed; 2363 2377 msta_link->changed = 0; 2364 - 2365 - sta = wcid_to_sta(&msta_link->wcid); 2366 - link_id = msta_link->wcid.link_id; 2367 - msta = msta_link->sta; 2368 - mvif = msta->vif; 2369 - vif = container_of((void *)mvif, struct ieee80211_vif, drv_priv); 2370 - 2371 - mlink = rcu_dereference(mvif->mt76.link[link_id]); 2372 - if (!mlink) 2373 - continue; 2374 - 2375 - link_sta = rcu_dereference(sta->link[link_id]); 2376 - if (!link_sta) 2377 - continue; 2378 - 2379 - link_conf = rcu_dereference(vif->link_conf[link_id]); 2380 - if (!link_conf) 2381 - continue; 2378 + mvif = msta_link->sta->vif; 2379 + vif = container_of((void *)mvif, struct ieee80211_vif, 2380 + drv_priv); 2382 2381 2383 2382 spin_unlock_bh(&dev->mt76.sta_poll_lock); 2384 - 2385 - link = (struct mt7996_vif_link *)mlink; 2386 2383 2387 2384 if (changed & (IEEE80211_RC_SUPP_RATES_CHANGED | 2388 2385 IEEE80211_RC_NSS_CHANGED | 2389 2386 IEEE80211_RC_BW_CHANGED)) 2390 - mt7996_mcu_add_rate_ctrl(dev, vif, link_conf, 2391 - link_sta, link, msta_link, 2387 + mt7996_mcu_add_rate_ctrl(dev, msta_link->sta, vif, 2388 + msta_link->wcid.link_id, 2392 2389 true); 2393 2390 2394 2391 if (changed & IEEE80211_RC_SMPS_CHANGED) 2395 - mt7996_mcu_set_fixed_field(dev, link_sta, link, 2396 - msta_link, NULL, 2392 + mt7996_mcu_set_fixed_field(dev, msta_link->sta, NULL, 2393 + msta_link->wcid.link_id, 2397 2394 RATE_PARAM_MMPS_UPDATE); 2398 2395 2399 2396 spin_lock_bh(&dev->mt76.sta_poll_lock); 2400 2397 } 2401 2398 2402 2399 spin_unlock_bh(&dev->mt76.sta_poll_lock); 2403 - rcu_read_unlock(); 2404 2400 } 2405 2401 2406 2402 void mt7996_mac_work(struct work_struct *work)

+2 -3

drivers/net/wireless/mediatek/mt76/mt7996/main.c

··· 1127 1127 if (err) 1128 1128 return err; 1129 1129 1130 - err = mt7996_mcu_add_rate_ctrl(dev, vif, link_conf, 1131 - link_sta, link, 1132 - msta_link, false); 1130 + err = mt7996_mcu_add_rate_ctrl(dev, msta_link->sta, vif, 1131 + link_id, false); 1133 1132 if (err) 1134 1133 return err; 1135 1134

+141 -58

drivers/net/wireless/mediatek/mt76/mt7996/mcu.c

··· 555 555 switch (le16_to_cpu(res->tag)) { 556 556 case UNI_ALL_STA_TXRX_RATE: 557 557 wlan_idx = le16_to_cpu(res->rate[i].wlan_idx); 558 - wcid = rcu_dereference(dev->mt76.wcid[wlan_idx]); 558 + wcid = mt76_wcid_ptr(dev, wlan_idx); 559 559 560 560 if (!wcid) 561 561 break; ··· 565 565 break; 566 566 case UNI_ALL_STA_TXRX_ADM_STAT: 567 567 wlan_idx = le16_to_cpu(res->adm_stat[i].wlan_idx); 568 - wcid = rcu_dereference(dev->mt76.wcid[wlan_idx]); 568 + wcid = mt76_wcid_ptr(dev, wlan_idx); 569 569 570 570 if (!wcid) 571 571 break; ··· 579 579 break; 580 580 case UNI_ALL_STA_TXRX_MSDU_COUNT: 581 581 wlan_idx = le16_to_cpu(res->msdu_cnt[i].wlan_idx); 582 - wcid = rcu_dereference(dev->mt76.wcid[wlan_idx]); 582 + wcid = mt76_wcid_ptr(dev, wlan_idx); 583 583 584 584 if (!wcid) 585 585 break; ··· 676 676 677 677 e = (void *)skb->data; 678 678 idx = le16_to_cpu(e->wlan_id); 679 - if (idx >= ARRAY_SIZE(dev->mt76.wcid)) 680 - break; 681 - 682 - wcid = rcu_dereference(dev->mt76.wcid[idx]); 679 + wcid = mt76_wcid_ptr(dev, idx); 683 680 if (!wcid || !wcid->sta) 684 681 break; 685 682 ··· 1902 1905 MCU_WM_UNI_CMD(RA), true); 1903 1906 } 1904 1907 1905 - int mt7996_mcu_set_fixed_field(struct mt7996_dev *dev, 1906 - struct ieee80211_link_sta *link_sta, 1907 - struct mt7996_vif_link *link, 1908 - struct mt7996_sta_link *msta_link, 1909 - void *data, u32 field) 1908 + int mt7996_mcu_set_fixed_field(struct mt7996_dev *dev, struct mt7996_sta *msta, 1909 + void *data, u8 link_id, u32 field) 1910 1910 { 1911 - struct sta_phy_uni *phy = data; 1911 + struct mt7996_vif *mvif = msta->vif; 1912 + struct mt7996_sta_link *msta_link; 1912 1913 struct sta_rec_ra_fixed_uni *ra; 1914 + struct sta_phy_uni *phy = data; 1915 + struct mt76_vif_link *mlink; 1913 1916 struct sk_buff *skb; 1917 + int err = -ENODEV; 1914 1918 struct tlv *tlv; 1915 1919 1916 - skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &link->mt76, 1920 + rcu_read_lock(); 1921 + 1922 + mlink = rcu_dereference(mvif->mt76.link[link_id]); 1923 + if (!mlink) 1924 + goto error_unlock; 1925 + 1926 + msta_link = rcu_dereference(msta->link[link_id]); 1927 + if (!msta_link) 1928 + goto error_unlock; 1929 + 1930 + skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, mlink, 1917 1931 &msta_link->wcid, 1918 1932 MT7996_STA_UPDATE_MAX_SIZE); 1919 - if (IS_ERR(skb)) 1920 - return PTR_ERR(skb); 1933 + if (IS_ERR(skb)) { 1934 + err = PTR_ERR(skb); 1935 + goto error_unlock; 1936 + } 1921 1937 1922 1938 tlv = mt76_connac_mcu_add_tlv(skb, STA_REC_RA_UPDATE, sizeof(*ra)); 1923 1939 ra = (struct sta_rec_ra_fixed_uni *)tlv; ··· 1945 1935 if (phy) 1946 1936 ra->phy = *phy; 1947 1937 break; 1948 - case RATE_PARAM_MMPS_UPDATE: 1938 + case RATE_PARAM_MMPS_UPDATE: { 1939 + struct ieee80211_sta *sta = wcid_to_sta(&msta_link->wcid); 1940 + struct ieee80211_link_sta *link_sta; 1941 + 1942 + link_sta = rcu_dereference(sta->link[link_id]); 1943 + if (!link_sta) { 1944 + dev_kfree_skb(skb); 1945 + goto error_unlock; 1946 + } 1947 + 1949 1948 ra->mmps_mode = mt7996_mcu_get_mmps_mode(link_sta->smps_mode); 1950 1949 break; 1950 + } 1951 1951 default: 1952 1952 break; 1953 1953 } 1954 1954 ra->field = cpu_to_le32(field); 1955 1955 1956 + rcu_read_unlock(); 1957 + 1956 1958 return mt76_mcu_skb_send_msg(&dev->mt76, skb, 1957 1959 MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true); 1960 + error_unlock: 1961 + rcu_read_unlock(); 1962 + 1963 + return err; 1958 1964 } 1959 1965 1960 1966 static int 1961 - mt7996_mcu_add_rate_ctrl_fixed(struct mt7996_dev *dev, 1962 - struct ieee80211_link_sta *link_sta, 1963 - struct mt7996_vif_link *link, 1964 - struct mt7996_sta_link *msta_link) 1967 + mt7996_mcu_add_rate_ctrl_fixed(struct mt7996_dev *dev, struct mt7996_sta *msta, 1968 + struct ieee80211_vif *vif, u8 link_id) 1965 1969 { 1966 - struct cfg80211_chan_def *chandef = &link->phy->mt76->chandef; 1967 - struct cfg80211_bitrate_mask *mask = &link->bitrate_mask; 1968 - enum nl80211_band band = chandef->chan->band; 1970 + struct ieee80211_link_sta *link_sta; 1971 + struct cfg80211_bitrate_mask mask; 1972 + struct mt7996_sta_link *msta_link; 1973 + struct mt7996_vif_link *link; 1969 1974 struct sta_phy_uni phy = {}; 1970 - int ret, nrates = 0; 1975 + struct ieee80211_sta *sta; 1976 + int ret, nrates = 0, idx; 1977 + enum nl80211_band band; 1978 + bool has_he; 1971 1979 1972 1980 #define __sta_phy_bitrate_mask_check(_mcs, _gi, _ht, _he) \ 1973 1981 do { \ 1974 - u8 i, gi = mask->control[band]._gi; \ 1982 + u8 i, gi = mask.control[band]._gi; \ 1975 1983 gi = (_he) ? gi : gi == NL80211_TXRATE_FORCE_SGI; \ 1976 1984 phy.sgi = gi; \ 1977 - phy.he_ltf = mask->control[band].he_ltf; \ 1978 - for (i = 0; i < ARRAY_SIZE(mask->control[band]._mcs); i++) { \ 1979 - if (!mask->control[band]._mcs[i]) \ 1985 + phy.he_ltf = mask.control[band].he_ltf; \ 1986 + for (i = 0; i < ARRAY_SIZE(mask.control[band]._mcs); i++) { \ 1987 + if (!mask.control[band]._mcs[i]) \ 1980 1988 continue; \ 1981 - nrates += hweight16(mask->control[band]._mcs[i]); \ 1982 - phy.mcs = ffs(mask->control[band]._mcs[i]) - 1; \ 1989 + nrates += hweight16(mask.control[band]._mcs[i]); \ 1990 + phy.mcs = ffs(mask.control[band]._mcs[i]) - 1; \ 1983 1991 if (_ht) \ 1984 1992 phy.mcs += 8 * i; \ 1985 1993 } \ 1986 1994 } while (0) 1987 1995 1988 - if (link_sta->he_cap.has_he) { 1996 + rcu_read_lock(); 1997 + 1998 + link = mt7996_vif_link(dev, vif, link_id); 1999 + if (!link) 2000 + goto error_unlock; 2001 + 2002 + msta_link = rcu_dereference(msta->link[link_id]); 2003 + if (!msta_link) 2004 + goto error_unlock; 2005 + 2006 + sta = wcid_to_sta(&msta_link->wcid); 2007 + link_sta = rcu_dereference(sta->link[link_id]); 2008 + if (!link_sta) 2009 + goto error_unlock; 2010 + 2011 + band = link->phy->mt76->chandef.chan->band; 2012 + has_he = link_sta->he_cap.has_he; 2013 + mask = link->bitrate_mask; 2014 + idx = msta_link->wcid.idx; 2015 + 2016 + if (has_he) { 1989 2017 __sta_phy_bitrate_mask_check(he_mcs, he_gi, 0, 1); 1990 2018 } else if (link_sta->vht_cap.vht_supported) { 1991 2019 __sta_phy_bitrate_mask_check(vht_mcs, gi, 0, 0); 1992 2020 } else if (link_sta->ht_cap.ht_supported) { 1993 2021 __sta_phy_bitrate_mask_check(ht_mcs, gi, 1, 0); 1994 2022 } else { 1995 - nrates = hweight32(mask->control[band].legacy); 1996 - phy.mcs = ffs(mask->control[band].legacy) - 1; 2023 + nrates = hweight32(mask.control[band].legacy); 2024 + phy.mcs = ffs(mask.control[band].legacy) - 1; 1997 2025 } 2026 + 2027 + rcu_read_unlock(); 2028 + 1998 2029 #undef __sta_phy_bitrate_mask_check 1999 2030 2000 2031 /* fall back to auto rate control */ 2001 - if (mask->control[band].gi == NL80211_TXRATE_DEFAULT_GI && 2002 - mask->control[band].he_gi == GENMASK(7, 0) && 2003 - mask->control[band].he_ltf == GENMASK(7, 0) && 2032 + if (mask.control[band].gi == NL80211_TXRATE_DEFAULT_GI && 2033 + mask.control[band].he_gi == GENMASK(7, 0) && 2034 + mask.control[band].he_ltf == GENMASK(7, 0) && 2004 2035 nrates != 1) 2005 2036 return 0; 2006 2037 2007 2038 /* fixed single rate */ 2008 2039 if (nrates == 1) { 2009 - ret = mt7996_mcu_set_fixed_field(dev, link_sta, link, 2010 - msta_link, &phy, 2040 + ret = mt7996_mcu_set_fixed_field(dev, msta, &phy, link_id, 2011 2041 RATE_PARAM_FIXED_MCS); 2012 2042 if (ret) 2013 2043 return ret; 2014 2044 } 2015 2045 2016 2046 /* fixed GI */ 2017 - if (mask->control[band].gi != NL80211_TXRATE_DEFAULT_GI || 2018 - mask->control[band].he_gi != GENMASK(7, 0)) { 2047 + if (mask.control[band].gi != NL80211_TXRATE_DEFAULT_GI || 2048 + mask.control[band].he_gi != GENMASK(7, 0)) { 2019 2049 u32 addr; 2020 2050 2021 2051 /* firmware updates only TXCMD but doesn't take WTBL into 2022 2052 * account, so driver should update here to reflect the 2023 2053 * actual txrate hardware sends out. 2024 2054 */ 2025 - addr = mt7996_mac_wtbl_lmac_addr(dev, msta_link->wcid.idx, 7); 2026 - if (link_sta->he_cap.has_he) 2055 + addr = mt7996_mac_wtbl_lmac_addr(dev, idx, 7); 2056 + if (has_he) 2027 2057 mt76_rmw_field(dev, addr, GENMASK(31, 24), phy.sgi); 2028 2058 else 2029 2059 mt76_rmw_field(dev, addr, GENMASK(15, 12), phy.sgi); 2030 2060 2031 - ret = mt7996_mcu_set_fixed_field(dev, link_sta, link, 2032 - msta_link, &phy, 2061 + ret = mt7996_mcu_set_fixed_field(dev, msta, &phy, link_id, 2033 2062 RATE_PARAM_FIXED_GI); 2034 2063 if (ret) 2035 2064 return ret; 2036 2065 } 2037 2066 2038 2067 /* fixed HE_LTF */ 2039 - if (mask->control[band].he_ltf != GENMASK(7, 0)) { 2040 - ret = mt7996_mcu_set_fixed_field(dev, link_sta, link, 2041 - msta_link, &phy, 2068 + if (mask.control[band].he_ltf != GENMASK(7, 0)) { 2069 + ret = mt7996_mcu_set_fixed_field(dev, msta, &phy, link_id, 2042 2070 RATE_PARAM_FIXED_HE_LTF); 2043 2071 if (ret) 2044 2072 return ret; 2045 2073 } 2046 2074 2047 2075 return 0; 2076 + 2077 + error_unlock: 2078 + rcu_read_unlock(); 2079 + 2080 + return -ENODEV; 2048 2081 } 2049 2082 2050 2083 static void ··· 2198 2145 memset(ra->rx_rcpi, INIT_RCPI, sizeof(ra->rx_rcpi)); 2199 2146 } 2200 2147 2201 - int mt7996_mcu_add_rate_ctrl(struct mt7996_dev *dev, 2202 - struct ieee80211_vif *vif, 2203 - struct ieee80211_bss_conf *link_conf, 2204 - struct ieee80211_link_sta *link_sta, 2205 - struct mt7996_vif_link *link, 2206 - struct mt7996_sta_link *msta_link, bool changed) 2148 + int mt7996_mcu_add_rate_ctrl(struct mt7996_dev *dev, struct mt7996_sta *msta, 2149 + struct ieee80211_vif *vif, u8 link_id, 2150 + bool changed) 2207 2151 { 2152 + struct ieee80211_bss_conf *link_conf; 2153 + struct ieee80211_link_sta *link_sta; 2154 + struct mt7996_sta_link *msta_link; 2155 + struct mt7996_vif_link *link; 2156 + struct ieee80211_sta *sta; 2208 2157 struct sk_buff *skb; 2209 - int ret; 2158 + int ret = -ENODEV; 2159 + 2160 + rcu_read_lock(); 2161 + 2162 + link = mt7996_vif_link(dev, vif, link_id); 2163 + if (!link) 2164 + goto error_unlock; 2165 + 2166 + msta_link = rcu_dereference(msta->link[link_id]); 2167 + if (!msta_link) 2168 + goto error_unlock; 2169 + 2170 + sta = wcid_to_sta(&msta_link->wcid); 2171 + link_sta = rcu_dereference(sta->link[link_id]); 2172 + if (!link_sta) 2173 + goto error_unlock; 2174 + 2175 + link_conf = rcu_dereference(vif->link_conf[link_id]); 2176 + if (!link_conf) 2177 + goto error_unlock; 2210 2178 2211 2179 skb = __mt76_connac_mcu_alloc_sta_req(&dev->mt76, &link->mt76, 2212 2180 &msta_link->wcid, 2213 2181 MT7996_STA_UPDATE_MAX_SIZE); 2214 - if (IS_ERR(skb)) 2215 - return PTR_ERR(skb); 2182 + if (IS_ERR(skb)) { 2183 + ret = PTR_ERR(skb); 2184 + goto error_unlock; 2185 + } 2216 2186 2217 2187 /* firmware rc algorithm refers to sta_rec_he for HE control. 2218 2188 * once dev->rc_work changes the settings driver should also ··· 2249 2173 */ 2250 2174 mt7996_mcu_sta_rate_ctrl_tlv(skb, dev, vif, link_conf, link_sta, link); 2251 2175 2176 + rcu_read_unlock(); 2177 + 2252 2178 ret = mt76_mcu_skb_send_msg(&dev->mt76, skb, 2253 2179 MCU_WMWA_UNI_CMD(STA_REC_UPDATE), true); 2254 2180 if (ret) 2255 2181 return ret; 2256 2182 2257 - return mt7996_mcu_add_rate_ctrl_fixed(dev, link_sta, link, msta_link); 2183 + return mt7996_mcu_add_rate_ctrl_fixed(dev, msta, vif, link_id); 2184 + 2185 + error_unlock: 2186 + rcu_read_unlock(); 2187 + 2188 + return ret; 2258 2189 } 2259 2190 2260 2191 static int

+5 -11

drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h

··· 620 620 int mt7996_mcu_add_obss_spr(struct mt7996_phy *phy, 621 621 struct mt7996_vif_link *link, 622 622 struct ieee80211_he_obss_pd *he_obss_pd); 623 - int mt7996_mcu_add_rate_ctrl(struct mt7996_dev *dev, 624 - struct ieee80211_vif *vif, 625 - struct ieee80211_bss_conf *link_conf, 626 - struct ieee80211_link_sta *link_sta, 627 - struct mt7996_vif_link *link, 628 - struct mt7996_sta_link *msta_link, bool changed); 623 + int mt7996_mcu_add_rate_ctrl(struct mt7996_dev *dev, struct mt7996_sta *msta, 624 + struct ieee80211_vif *vif, u8 link_id, 625 + bool changed); 629 626 int mt7996_set_channel(struct mt76_phy *mphy); 630 627 int mt7996_mcu_set_chan_info(struct mt7996_phy *phy, u16 tag); 631 628 int mt7996_mcu_set_tx(struct mt7996_dev *dev, struct ieee80211_vif *vif, 632 629 struct ieee80211_bss_conf *link_conf); 633 630 int mt7996_mcu_set_fixed_rate_ctrl(struct mt7996_dev *dev, 634 631 void *data, u16 version); 635 - int mt7996_mcu_set_fixed_field(struct mt7996_dev *dev, 636 - struct ieee80211_link_sta *link_sta, 637 - struct mt7996_vif_link *link, 638 - struct mt7996_sta_link *msta_link, 639 - void *data, u32 field); 632 + int mt7996_mcu_set_fixed_field(struct mt7996_dev *dev, struct mt7996_sta *msta, 633 + void *data, u8 link_id, u32 field); 640 634 int mt7996_mcu_set_eeprom(struct mt7996_dev *dev); 641 635 int mt7996_mcu_get_eeprom(struct mt7996_dev *dev, u32 offset, u8 *buf, u32 buf_len); 642 636 int mt7996_mcu_get_eeprom_free_block(struct mt7996_dev *dev, u8 *block_num);

+5 -6

drivers/net/wireless/mediatek/mt76/tx.c

··· 64 64 struct mt76_tx_cb *cb = mt76_tx_skb_cb(skb); 65 65 struct mt76_wcid *wcid; 66 66 67 - wcid = rcu_dereference(dev->wcid[cb->wcid]); 67 + wcid = __mt76_wcid_ptr(dev, cb->wcid); 68 68 if (wcid) { 69 69 status.sta = wcid_to_sta(wcid); 70 70 if (status.sta && (wcid->rate.flags || wcid->rate.legacy)) { ··· 251 251 252 252 rcu_read_lock(); 253 253 254 - if (wcid_idx < ARRAY_SIZE(dev->wcid)) 255 - wcid = rcu_dereference(dev->wcid[wcid_idx]); 256 - 254 + wcid = __mt76_wcid_ptr(dev, wcid_idx); 257 255 mt76_tx_check_non_aql(dev, wcid, skb); 258 256 259 257 #ifdef CONFIG_NL80211_TESTMODE ··· 536 538 break; 537 539 538 540 mtxq = (struct mt76_txq *)txq->drv_priv; 539 - wcid = rcu_dereference(dev->wcid[mtxq->wcid]); 541 + wcid = __mt76_wcid_ptr(dev, mtxq->wcid); 540 542 if (!wcid || test_bit(MT_WCID_FLAG_PS, &wcid->flags)) 541 543 continue; 542 544 ··· 615 617 if ((dev->drv->drv_flags & MT_DRV_HW_MGMT_TXQ) && 616 618 !(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) && 617 619 !ieee80211_is_data(hdr->frame_control) && 618 - !ieee80211_is_bufferable_mmpdu(skb)) 620 + (!ieee80211_is_bufferable_mmpdu(skb) || 621 + ieee80211_is_deauth(hdr->frame_control))) 619 622 qid = MT_TXQ_PSD; 620 623 621 624 q = phy->q_tx[qid];

+1 -1

drivers/net/wireless/mediatek/mt76/util.c

··· 83 83 if (!(mask & 1)) 84 84 continue; 85 85 86 - wcid = rcu_dereference(dev->wcid[j]); 86 + wcid = __mt76_wcid_ptr(dev, j); 87 87 if (!wcid || wcid->phy_idx != phy_idx) 88 88 continue; 89 89

+1 -3

drivers/net/wireless/ralink/rt2x00/rt2x00soc.c

··· 108 108 } 109 109 EXPORT_SYMBOL_GPL(rt2x00soc_probe); 110 110 111 - int rt2x00soc_remove(struct platform_device *pdev) 111 + void rt2x00soc_remove(struct platform_device *pdev) 112 112 { 113 113 struct ieee80211_hw *hw = platform_get_drvdata(pdev); 114 114 struct rt2x00_dev *rt2x00dev = hw->priv; ··· 119 119 rt2x00lib_remove_dev(rt2x00dev); 120 120 rt2x00soc_free_reg(rt2x00dev); 121 121 ieee80211_free_hw(hw); 122 - 123 - return 0; 124 122 } 125 123 EXPORT_SYMBOL_GPL(rt2x00soc_remove); 126 124

+1 -1

drivers/net/wireless/ralink/rt2x00/rt2x00soc.h

··· 17 17 * SoC driver handlers. 18 18 */ 19 19 int rt2x00soc_probe(struct platform_device *pdev, const struct rt2x00_ops *ops); 20 - int rt2x00soc_remove(struct platform_device *pdev); 20 + void rt2x00soc_remove(struct platform_device *pdev); 21 21 #ifdef CONFIG_PM 22 22 int rt2x00soc_suspend(struct platform_device *pdev, pm_message_t state); 23 23 int rt2x00soc_resume(struct platform_device *pdev);

+5 -1

drivers/net/wireless/zydas/zd1211rw/zd_mac.c

··· 583 583 584 584 skb_queue_tail(q, skb); 585 585 while (skb_queue_len(q) > ZD_MAC_MAX_ACK_WAITERS) { 586 - zd_mac_tx_status(hw, skb_dequeue(q), 586 + skb = skb_dequeue(q); 587 + if (!skb) 588 + break; 589 + 590 + zd_mac_tx_status(hw, skb, 587 591 mac->ack_pending ? mac->ack_signal : 0, 588 592 NULL); 589 593 mac->ack_pending = 0;

+33 -12

include/linux/ieee80211.h

··· 663 663 } 664 664 665 665 /** 666 - * ieee80211_is_s1g_short_beacon - check if frame is an S1G short beacon 667 - * @fc: frame control bytes in little-endian byteorder 668 - * Return: whether or not the frame is an S1G short beacon, 669 - * i.e. it is an S1G beacon with 'next TBTT' flag set 670 - */ 671 - static inline bool ieee80211_is_s1g_short_beacon(__le16 fc) 672 - { 673 - return ieee80211_is_s1g_beacon(fc) && 674 - (fc & cpu_to_le16(IEEE80211_S1G_BCN_NEXT_TBTT)); 675 - } 676 - 677 - /** 678 666 * ieee80211_is_atim - check if IEEE80211_FTYPE_MGMT && IEEE80211_STYPE_ATIM 679 667 * @fc: frame control bytes in little-endian byteorder 680 668 * Return: whether or not the frame is an ATIM frame ··· 4919 4931 return true; 4920 4932 4921 4933 return false; 4934 + } 4935 + 4936 + /** 4937 + * ieee80211_is_s1g_short_beacon - check if frame is an S1G short beacon 4938 + * @fc: frame control bytes in little-endian byteorder 4939 + * @variable: pointer to the beacon frame elements 4940 + * @variable_len: length of the frame elements 4941 + * Return: whether or not the frame is an S1G short beacon. As per 4942 + * IEEE80211-2024 11.1.3.10.1, The S1G beacon compatibility element shall 4943 + * always be present as the first element in beacon frames generated at a 4944 + * TBTT (Target Beacon Transmission Time), so any frame not containing 4945 + * this element must have been generated at a TSBTT (Target Short Beacon 4946 + * Transmission Time) that is not a TBTT. Additionally, short beacons are 4947 + * prohibited from containing the S1G beacon compatibility element as per 4948 + * IEEE80211-2024 9.3.4.3 Table 9-76, so if we have an S1G beacon with 4949 + * either no elements or the first element is not the beacon compatibility 4950 + * element, we have a short beacon. 4951 + */ 4952 + static inline bool ieee80211_is_s1g_short_beacon(__le16 fc, const u8 *variable, 4953 + size_t variable_len) 4954 + { 4955 + if (!ieee80211_is_s1g_beacon(fc)) 4956 + return false; 4957 + 4958 + /* 4959 + * If the frame does not contain at least 1 element (this is perfectly 4960 + * valid in a short beacon) and is an S1G beacon, we have a short 4961 + * beacon. 4962 + */ 4963 + if (variable_len < 2) 4964 + return true; 4965 + 4966 + return variable[0] != WLAN_EID_S1G_BCN_COMPAT; 4922 4967 } 4923 4968 4924 4969 struct element {

+1 -1

include/net/netfilter/nf_flow_table.h

··· 370 370 371 371 static inline bool nf_flow_pppoe_proto(struct sk_buff *skb, __be16 *inner_proto) 372 372 { 373 - if (!pskb_may_pull(skb, PPPOE_SES_HLEN)) 373 + if (!pskb_may_pull(skb, ETH_HLEN + PPPOE_SES_HLEN)) 374 374 return false; 375 375 376 376 *inner_proto = __nf_flow_pppoe_proto(skb);

+4 -1

kernel/dma/contiguous.c

··· 222 222 if (size_cmdline != -1) { 223 223 selected_size = size_cmdline; 224 224 selected_base = base_cmdline; 225 - selected_limit = min_not_zero(limit_cmdline, limit); 225 + 226 + /* Hornor the user setup dma address limit */ 227 + selected_limit = limit_cmdline ?: limit; 228 + 226 229 if (base_cmdline + size_cmdline == limit_cmdline) 227 230 fixed = true; 228 231 } else {

+1

net/appletalk/ddp.c

··· 576 576 577 577 /* Fill in the routing entry */ 578 578 rt->target = ta->sat_addr; 579 + dev_put(rt->dev); /* Release old device */ 579 580 dev_hold(devhint); 580 581 rt->dev = devhint; 581 582 rt->flags = r->rt_flags;

+2 -7

net/ipv6/addrconf.c

··· 3522 3522 3523 3523 ASSERT_RTNL(); 3524 3524 3525 - idev = ipv6_find_idev(dev); 3526 - if (IS_ERR(idev)) { 3527 - pr_debug("%s: add_dev failed\n", __func__); 3525 + idev = addrconf_add_dev(dev); 3526 + if (IS_ERR(idev)) 3528 3527 return; 3529 - } 3530 3528 3531 3529 /* Generate the IPv6 link-local address using addrconf_addr_gen(), 3532 3530 * unless we have an IPv4 GRE device not bound to an IP address and ··· 3538 3540 } 3539 3541 3540 3542 add_v4_addrs(idev); 3541 - 3542 - if (dev->flags & IFF_POINTOPOINT) 3543 - addrconf_add_mroute(dev); 3544 3543 } 3545 3544 #endif 3546 3545

+14

net/mac80211/cfg.c

··· 1981 1981 ieee80211_sta_init_nss(link_sta); 1982 1982 1983 1983 if (params->opmode_notif_used) { 1984 + enum nl80211_chan_width width = link->conf->chanreq.oper.width; 1985 + 1986 + switch (width) { 1987 + case NL80211_CHAN_WIDTH_20: 1988 + case NL80211_CHAN_WIDTH_40: 1989 + case NL80211_CHAN_WIDTH_80: 1990 + case NL80211_CHAN_WIDTH_160: 1991 + case NL80211_CHAN_WIDTH_80P80: 1992 + case NL80211_CHAN_WIDTH_320: /* not VHT, allowed for HE/EHT */ 1993 + break; 1994 + default: 1995 + return -EINVAL; 1996 + } 1997 + 1984 1998 /* returned value is only needed for rc update, but the 1985 1999 * rc isn't initialized here yet, so ignore it 1986 2000 */

+2 -2

net/mac80211/iface.c

··· 1150 1150 { 1151 1151 sdata->local = local; 1152 1152 1153 + INIT_LIST_HEAD(&sdata->key_list); 1154 + 1153 1155 /* 1154 1156 * Initialize the default link, so we can use link_id 0 for non-MLD, 1155 1157 * and that continues to work for non-MLD-aware drivers that use just ··· 2211 2209 ieee80211_sdata_init(local, sdata); 2212 2210 2213 2211 ieee80211_init_frag_cache(&sdata->frags); 2214 - 2215 - INIT_LIST_HEAD(&sdata->key_list); 2216 2212 2217 2213 wiphy_delayed_work_init(&sdata->dec_tailroom_needed_wk, 2218 2214 ieee80211_delayed_tailroom_dec);

+9 -3

net/mac80211/mlme.c

··· 3980 3980 3981 3981 lockdep_assert_wiphy(local->hw.wiphy); 3982 3982 3983 + if (frame_buf) 3984 + memset(frame_buf, 0, IEEE80211_DEAUTH_FRAME_LEN); 3985 + 3983 3986 if (WARN_ON(!ap_sta)) 3984 3987 return; 3985 3988 ··· 7258 7255 struct ieee80211_bss_conf *bss_conf = link->conf; 7259 7256 struct ieee80211_vif_cfg *vif_cfg = &sdata->vif.cfg; 7260 7257 struct ieee80211_mgmt *mgmt = (void *) hdr; 7258 + struct ieee80211_ext *ext = NULL; 7261 7259 size_t baselen; 7262 7260 struct ieee802_11_elems *elems; 7263 7261 struct ieee80211_local *local = sdata->local; ··· 7284 7280 /* Process beacon from the current BSS */ 7285 7281 bssid = ieee80211_get_bssid(hdr, len, sdata->vif.type); 7286 7282 if (ieee80211_is_s1g_beacon(mgmt->frame_control)) { 7287 - struct ieee80211_ext *ext = (void *) mgmt; 7283 + ext = (void *)mgmt; 7288 7284 variable = ext->u.s1g_beacon.variable + 7289 7285 ieee80211_s1g_optional_len(ext->frame_control); 7290 7286 } ··· 7471 7467 } 7472 7468 7473 7469 if ((ncrc == link->u.mgd.beacon_crc && link->u.mgd.beacon_crc_valid) || 7474 - ieee80211_is_s1g_short_beacon(mgmt->frame_control)) 7470 + (ext && ieee80211_is_s1g_short_beacon(ext->frame_control, 7471 + parse_params.start, 7472 + parse_params.len))) 7475 7473 goto free; 7476 7474 link->u.mgd.beacon_crc = ncrc; 7477 7475 link->u.mgd.beacon_crc_valid = true; ··· 10813 10807 */ 10814 10808 for_each_mle_subelement(sub, (const u8 *)elems->ml_epcs, 10815 10809 elems->ml_epcs_len) { 10810 + struct ieee802_11_elems *link_elems __free(kfree) = NULL; 10816 10811 struct ieee80211_link_data *link; 10817 - struct ieee802_11_elems *link_elems __free(kfree); 10818 10812 u8 *pos = (void *)sub->data; 10819 10813 u16 control; 10820 10814 ssize_t len;

+2 -4

net/mac80211/parse.c

··· 758 758 { 759 759 const struct element *elem, *sub; 760 760 size_t profile_len = 0; 761 - bool found = false; 762 761 763 762 if (!bss || !bss->transmitted_bss) 764 763 return profile_len; ··· 808 809 index[2], 809 810 new_bssid); 810 811 if (ether_addr_equal(new_bssid, bss->bssid)) { 811 - found = true; 812 812 elems->bssid_index_len = index[1]; 813 813 elems->bssid_index = (void *)&index[2]; 814 - break; 814 + return profile_len; 815 815 } 816 816 } 817 817 } 818 818 819 - return found ? profile_len : 0; 819 + return 0; 820 820 } 821 821 822 822 static void

+4 -5

net/mac80211/util.c

··· 2152 2152 cfg80211_sched_scan_stopped_locked(local->hw.wiphy, 0); 2153 2153 2154 2154 wake_up: 2155 - 2156 - if (local->virt_monitors > 0 && 2157 - local->virt_monitors == local->open_count) 2158 - ieee80211_add_virtual_monitor(local); 2159 - 2160 2155 /* 2161 2156 * Clear the WLAN_STA_BLOCK_BA flag so new aggregation 2162 2157 * sessions can be established after a resume. ··· 2204 2209 ieee80211_sta_restart(sdata); 2205 2210 } 2206 2211 } 2212 + 2213 + if (local->virt_monitors > 0 && 2214 + local->virt_monitors == local->open_count) 2215 + ieee80211_add_virtual_monitor(local); 2207 2216 2208 2217 if (!suspended) 2209 2218 return 0;

+4 -3

net/netlink/af_netlink.c

··· 1395 1395 rmem = atomic_add_return(skb->truesize, &sk->sk_rmem_alloc); 1396 1396 rcvbuf = READ_ONCE(sk->sk_rcvbuf); 1397 1397 1398 - if ((rmem != skb->truesize || rmem <= rcvbuf) && 1398 + if ((rmem == skb->truesize || rmem <= rcvbuf) && 1399 1399 !test_bit(NETLINK_S_CONGESTED, &nlk->state)) { 1400 1400 netlink_skb_set_owner_r(skb, sk); 1401 1401 __netlink_sendskb(sk, skb); ··· 2258 2258 struct netlink_ext_ack extack = {}; 2259 2259 struct netlink_callback *cb; 2260 2260 struct sk_buff *skb = NULL; 2261 + unsigned int rmem, rcvbuf; 2261 2262 size_t max_recvmsg_len; 2262 2263 struct module *module; 2263 2264 int err = -ENOBUFS; 2264 2265 int alloc_min_size; 2265 - unsigned int rmem; 2266 2266 int alloc_size; 2267 2267 2268 2268 if (!lock_taken) ··· 2294 2294 if (!skb) 2295 2295 goto errout_skb; 2296 2296 2297 + rcvbuf = READ_ONCE(sk->sk_rcvbuf); 2297 2298 rmem = atomic_add_return(skb->truesize, &sk->sk_rmem_alloc); 2298 - if (rmem >= READ_ONCE(sk->sk_rcvbuf)) { 2299 + if (rmem != skb->truesize && rmem >= rcvbuf) { 2299 2300 atomic_sub(skb->truesize, &sk->sk_rmem_alloc); 2300 2301 goto errout_skb; 2301 2302 }

+5 -2

net/wireless/nl80211.c

··· 229 229 unsigned int len = nla_len(attr); 230 230 const struct element *elem; 231 231 const struct ieee80211_mgmt *mgmt = (void *)data; 232 + const struct ieee80211_ext *ext; 232 233 unsigned int fixedlen, hdrlen; 233 234 bool s1g_bcn; 234 235 ··· 238 237 239 238 s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control); 240 239 if (s1g_bcn) { 241 - fixedlen = offsetof(struct ieee80211_ext, 242 - u.s1g_beacon.variable); 240 + ext = (struct ieee80211_ext *)mgmt; 241 + fixedlen = 242 + offsetof(struct ieee80211_ext, u.s1g_beacon.variable) + 243 + ieee80211_s1g_optional_len(ext->frame_control); 243 244 hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon); 244 245 } else { 245 246 fixedlen = offsetof(struct ieee80211_mgmt,

+50 -2

net/wireless/util.c

··· 820 820 } 821 821 EXPORT_SYMBOL(ieee80211_is_valid_amsdu); 822 822 823 + 824 + /* 825 + * Detects if an MSDU frame was maliciously converted into an A-MSDU 826 + * frame by an adversary. This is done by parsing the received frame 827 + * as if it were a regular MSDU, even though the A-MSDU flag is set. 828 + * 829 + * For non-mesh interfaces, detection involves checking whether the 830 + * payload, when interpreted as an MSDU, begins with a valid RFC1042 831 + * header. This is done by comparing the A-MSDU subheader's destination 832 + * address to the start of the RFC1042 header. 833 + * 834 + * For mesh interfaces, the MSDU includes a 6-byte Mesh Control field 835 + * and an optional variable-length Mesh Address Extension field before 836 + * the RFC1042 header. The position of the RFC1042 header must therefore 837 + * be calculated based on the mesh header length. 838 + * 839 + * Since this function intentionally parses an A-MSDU frame as an MSDU, 840 + * it only assumes that the A-MSDU subframe header is present, and 841 + * beyond this it performs its own bounds checks under the assumption 842 + * that the frame is instead parsed as a non-aggregated MSDU. 843 + */ 844 + static bool 845 + is_amsdu_aggregation_attack(struct ethhdr *eth, struct sk_buff *skb, 846 + enum nl80211_iftype iftype) 847 + { 848 + int offset; 849 + 850 + /* Non-mesh case can be directly compared */ 851 + if (iftype != NL80211_IFTYPE_MESH_POINT) 852 + return ether_addr_equal(eth->h_dest, rfc1042_header); 853 + 854 + offset = __ieee80211_get_mesh_hdrlen(eth->h_dest[0]); 855 + if (offset == 6) { 856 + /* Mesh case with empty address extension field */ 857 + return ether_addr_equal(eth->h_source, rfc1042_header); 858 + } else if (offset + ETH_ALEN <= skb->len) { 859 + /* Mesh case with non-empty address extension field */ 860 + u8 temp[ETH_ALEN]; 861 + 862 + skb_copy_bits(skb, offset, temp, ETH_ALEN); 863 + return ether_addr_equal(temp, rfc1042_header); 864 + } 865 + 866 + return false; 867 + } 868 + 823 869 void ieee80211_amsdu_to_8023s(struct sk_buff *skb, struct sk_buff_head *list, 824 870 const u8 *addr, enum nl80211_iftype iftype, 825 871 const unsigned int extra_headroom, ··· 907 861 /* the last MSDU has no padding */ 908 862 if (subframe_len > remaining) 909 863 goto purge; 910 - /* mitigate A-MSDU aggregation injection attacks */ 911 - if (ether_addr_equal(hdr.eth.h_dest, rfc1042_header)) 864 + /* mitigate A-MSDU aggregation injection attacks, to be 865 + * checked when processing first subframe (offset == 0). 866 + */ 867 + if (offset == 0 && is_amsdu_aggregation_attack(&hdr.eth, skb, iftype)) 912 868 goto purge; 913 869 914 870 offset += sizeof(struct ethhdr);

+17 -10

tools/testing/selftests/net/gre_ipv6_lladdr.sh

··· 24 24 ip -netns "${NS0}" address add dev lo 2001:db8::10/64 nodad 25 25 } 26 26 27 - # Check if network device has an IPv6 link-local address assigned. 27 + # Check the IPv6 configuration of a network device. 28 + # 29 + # We currently check the generation of the link-local IPv6 address and the 30 + # creation of the ff00::/8 multicast route. 28 31 # 29 32 # Parameters: 30 33 # ··· 38 35 # a link-local address) 39 36 # * $4: The user visible name for the scenario being tested 40 37 # 41 - check_ipv6_ll_addr() 38 + check_ipv6_device_config() 42 39 { 43 40 local DEV="$1" 44 41 local EXTRA_MATCH="$2" ··· 48 45 RET=0 49 46 set +e 50 47 ip -netns "${NS0}" -6 address show dev "${DEV}" scope link | grep "fe80::" | grep -q "${EXTRA_MATCH}" 51 - check_err_fail "${XRET}" $? "" 48 + check_err_fail "${XRET}" $? "IPv6 link-local address generation" 49 + 50 + ip -netns "${NS0}" -6 route show table local type multicast ff00::/8 proto kernel | grep -q "${DEV}" 51 + check_err_fail 0 $? "IPv6 multicast route creation" 52 + 52 53 log_test "${MSG}" 53 54 set -e 54 55 } ··· 109 102 ;; 110 103 esac 111 104 112 - # Check that IPv6 link-local address is generated when device goes up 105 + # Check the IPv6 device configuration when it goes up 113 106 ip netns exec "${NS0}" sysctl -qw net.ipv6.conf.gretest.addr_gen_mode="${ADDR_GEN_MODE}" 114 107 ip -netns "${NS0}" link set dev gretest up 115 - check_ipv6_ll_addr gretest "${MATCH_REGEXP}" "${XRET}" "config: ${MSG}" 108 + check_ipv6_device_config gretest "${MATCH_REGEXP}" "${XRET}" "config: ${MSG}" 116 109 117 110 # Now disable link-local address generation 118 111 ip -netns "${NS0}" link set dev gretest down 119 112 ip netns exec "${NS0}" sysctl -qw net.ipv6.conf.gretest.addr_gen_mode=1 120 113 ip -netns "${NS0}" link set dev gretest up 121 114 122 - # Check that link-local address generation works when re-enabled while 123 - # the device is already up 115 + # Check the IPv6 device configuration when link-local address 116 + # generation is re-enabled while the device is already up 124 117 ip netns exec "${NS0}" sysctl -qw net.ipv6.conf.gretest.addr_gen_mode="${ADDR_GEN_MODE}" 125 - check_ipv6_ll_addr gretest "${MATCH_REGEXP}" "${XRET}" "update: ${MSG}" 118 + check_ipv6_device_config gretest "${MATCH_REGEXP}" "${XRET}" "update: ${MSG}" 126 119 127 120 ip -netns "${NS0}" link del dev gretest 128 121 } ··· 133 126 local MODE 134 127 135 128 for GRE_TYPE in "gre" "gretap"; do 136 - printf "\n####\nTesting IPv6 link-local address generation on ${GRE_TYPE} devices\n####\n\n" 129 + printf "\n####\nTesting IPv6 configuration of ${GRE_TYPE} devices\n####\n\n" 137 130 138 131 for MODE in "eui64" "none" "stable-privacy" "random"; do 139 132 test_gre_device "${GRE_TYPE}" 192.0.2.10 192.0.2.11 "${MODE}" ··· 149 142 local MODE 150 143 151 144 for GRE_TYPE in "ip6gre" "ip6gretap"; do 152 - printf "\n####\nTesting IPv6 link-local address generation on ${GRE_TYPE} devices\n####\n\n" 145 + printf "\n####\nTesting IPv6 configuration of ${GRE_TYPE} devices\n####\n\n" 153 146 154 147 for MODE in "eui64" "none" "stable-privacy" "random"; do 155 148 test_gre_device "${GRE_TYPE}" 2001:db8::10 2001:db8::11 "${MODE}"

+1 -1

tools/testing/selftests/net/lib.sh

··· 312 312 local test_name=$1; shift 313 313 local opt_str=$1; shift 314 314 local result=$1; shift 315 - local retmsg=$1; shift 315 + local retmsg=$1 316 316 317 317 printf "TEST: %-60s [%s]\n" "$test_name $opt_str" "$result" 318 318 if [[ $retmsg ]]; then

Configure Feed

Configure Feed