tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'wireless-2026-03-04' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless

Johannes Berg says:

====================
Some more fixes:
- mt76 gets three almost identical new length checks
- cw1200 & ti: locking fixes
- mac80211 has a fix for the recent EML frame handling
- rsi driver no longer oddly responds to config, which
had triggered a warning in mac80211
- ath12k has two fixes for station statistics handling

* tag 'wireless-2026-03-04' of https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless:
wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()
wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
wifi: wlcore: Fix a locking bug
wifi: cw1200: Fix locking in error paths
wifi: mac80211: fix missing ieee80211_eml_params member initialization
wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config
wifi: ath12k: fix station lookup failure when disconnecting from AP
wifi: ath12k: use correct pdev id when requesting firmware stats
====================

Link: https://patch.msgid.link/20260304112500.169639-3-johannes@sipsolutions.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski 2697c45a 126fe7ef

+25 -29
+3 -3
drivers/net/wireless/ath/ath12k/mac.c
··· 5430 5430 ar->last_tx_power_update)) 5431 5431 goto send_tx_power; 5432 5432 5433 - params.pdev_id = ar->pdev->pdev_id; 5433 + params.pdev_id = ath12k_mac_get_target_pdev_id(ar); 5434 5434 params.vdev_id = arvif->vdev_id; 5435 5435 params.stats_id = WMI_REQUEST_PDEV_STAT; 5436 5436 ret = ath12k_mac_get_fw_stats(ar, &params); ··· 13452 13452 /* TODO: Use real NF instead of default one. */ 13453 13453 signal = rate_info.rssi_comb; 13454 13454 13455 - params.pdev_id = ar->pdev->pdev_id; 13455 + params.pdev_id = ath12k_mac_get_target_pdev_id(ar); 13456 13456 params.vdev_id = 0; 13457 13457 params.stats_id = WMI_REQUEST_VDEV_STAT; 13458 13458 ··· 13580 13580 spin_unlock_bh(&ar->ab->dp->dp_lock); 13581 13581 13582 13582 if (!signal && ahsta->ahvif->vdev_type == WMI_VDEV_TYPE_STA) { 13583 - params.pdev_id = ar->pdev->pdev_id; 13583 + params.pdev_id = ath12k_mac_get_target_pdev_id(ar); 13584 13584 params.vdev_id = 0; 13585 13585 params.stats_id = WMI_REQUEST_VDEV_STAT; 13586 13586
+13 -23
drivers/net/wireless/ath/ath12k/wmi.c
··· 8241 8241 struct ath12k_fw_stats *stats = parse->stats; 8242 8242 struct ath12k *ar; 8243 8243 struct ath12k_link_vif *arvif; 8244 - struct ieee80211_sta *sta; 8245 - struct ath12k_sta *ahsta; 8246 8244 struct ath12k_link_sta *arsta; 8247 8245 int i, ret = 0; 8248 8246 const void *data = ptr; ··· 8276 8278 8277 8279 arvif = ath12k_mac_get_arvif(ar, le32_to_cpu(src->vdev_id)); 8278 8280 if (arvif) { 8279 - sta = ieee80211_find_sta_by_ifaddr(ath12k_ar_to_hw(ar), 8280 - arvif->bssid, 8281 - NULL); 8282 - if (sta) { 8283 - ahsta = ath12k_sta_to_ahsta(sta); 8284 - arsta = &ahsta->deflink; 8281 + spin_lock_bh(&ab->base_lock); 8282 + arsta = ath12k_link_sta_find_by_addr(ab, arvif->bssid); 8283 + if (arsta) { 8285 8284 arsta->rssi_beacon = le32_to_cpu(src->beacon_snr); 8286 8285 ath12k_dbg(ab, ATH12K_DBG_WMI, 8287 8286 "wmi stats vdev id %d snr %d\n", 8288 8287 src->vdev_id, src->beacon_snr); 8289 8288 } else { 8290 - ath12k_dbg(ab, ATH12K_DBG_WMI, 8291 - "not found station bssid %pM for vdev stat\n", 8292 - arvif->bssid); 8289 + ath12k_warn(ab, 8290 + "not found link sta with bssid %pM for vdev stat\n", 8291 + arvif->bssid); 8293 8292 } 8293 + spin_unlock_bh(&ab->base_lock); 8294 8294 } 8295 8295 8296 8296 data += sizeof(*src); ··· 8359 8363 struct ath12k_fw_stats *stats = parse->stats; 8360 8364 struct ath12k_link_vif *arvif; 8361 8365 struct ath12k_link_sta *arsta; 8362 - struct ieee80211_sta *sta; 8363 - struct ath12k_sta *ahsta; 8364 8366 struct ath12k *ar; 8365 8367 int vdev_id; 8366 8368 int j; ··· 8394 8400 "stats bssid %pM vif %p\n", 8395 8401 arvif->bssid, arvif->ahvif->vif); 8396 8402 8397 - sta = ieee80211_find_sta_by_ifaddr(ath12k_ar_to_hw(ar), 8398 - arvif->bssid, 8399 - NULL); 8400 - if (!sta) { 8401 - ath12k_dbg(ab, ATH12K_DBG_WMI, 8402 - "not found station of bssid %pM for rssi chain\n", 8403 - arvif->bssid); 8403 + guard(spinlock_bh)(&ab->base_lock); 8404 + arsta = ath12k_link_sta_find_by_addr(ab, arvif->bssid); 8405 + if (!arsta) { 8406 + ath12k_warn(ab, 8407 + "not found link sta with bssid %pM for rssi chain\n", 8408 + arvif->bssid); 8404 8409 return -EPROTO; 8405 8410 } 8406 - 8407 - ahsta = ath12k_sta_to_ahsta(sta); 8408 - arsta = &ahsta->deflink; 8409 8411 8410 8412 BUILD_BUG_ON(ARRAY_SIZE(arsta->chain_signal) > 8411 8413 ARRAY_SIZE(stats_rssi->rssi_avg_beacon));
+1
drivers/net/wireless/mediatek/mt76/mt76_connac_mac.c
··· 413 413 u32 val; 414 414 415 415 if (ieee80211_is_action(fc) && 416 + skb->len >= IEEE80211_MIN_ACTION_SIZE + 1 + 1 + 2 && 416 417 mgmt->u.action.category == WLAN_CATEGORY_BACK && 417 418 mgmt->u.action.u.addba_req.action_code == WLAN_ACTION_ADDBA_REQ) { 418 419 u16 capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
+1
drivers/net/wireless/mediatek/mt76/mt7925/mac.c
··· 668 668 u32 val; 669 669 670 670 if (ieee80211_is_action(fc) && 671 + skb->len >= IEEE80211_MIN_ACTION_SIZE + 1 && 671 672 mgmt->u.action.category == WLAN_CATEGORY_BACK && 672 673 mgmt->u.action.u.addba_req.action_code == WLAN_ACTION_ADDBA_REQ) 673 674 tid = MT_TX_ADDBA;
+1
drivers/net/wireless/mediatek/mt76/mt7996/mac.c
··· 800 800 u32 val; 801 801 802 802 if (ieee80211_is_action(fc) && 803 + skb->len >= IEEE80211_MIN_ACTION_SIZE + 1 && 803 804 mgmt->u.action.category == WLAN_CATEGORY_BACK && 804 805 mgmt->u.action.u.addba_req.action_code == WLAN_ACTION_ADDBA_REQ) { 805 806 if (is_mt7990(&dev->mt76))
+1 -1
drivers/net/wireless/rsi/rsi_91x_mac80211.c
··· 668 668 struct rsi_hw *adapter = hw->priv; 669 669 struct rsi_common *common = adapter->priv; 670 670 struct ieee80211_conf *conf = &hw->conf; 671 - int status = -EOPNOTSUPP; 671 + int status = 0; 672 672 673 673 mutex_lock(&common->mutex); 674 674
+2
drivers/net/wireless/st/cw1200/pm.c
··· 264 264 wiphy_err(priv->hw->wiphy, 265 265 "PM request failed: %d. WoW is disabled.\n", ret); 266 266 cw1200_wow_resume(hw); 267 + mutex_unlock(&priv->conf_mutex); 267 268 return -EBUSY; 268 269 } 269 270 270 271 /* Force resume if event is coming from the device. */ 271 272 if (atomic_read(&priv->bh_rx)) { 272 273 cw1200_wow_resume(hw); 274 + mutex_unlock(&priv->conf_mutex); 273 275 return -EAGAIN; 274 276 } 275 277
+2 -2
drivers/net/wireless/ti/wlcore/main.c
··· 1875 1875 wl->wow_enabled); 1876 1876 WARN_ON(!wl->wow_enabled); 1877 1877 1878 + mutex_lock(&wl->mutex); 1879 + 1878 1880 ret = pm_runtime_force_resume(wl->dev); 1879 1881 if (ret < 0) { 1880 1882 wl1271_error("ELP wakeup failure!"); ··· 1892 1890 if (test_and_clear_bit(WL1271_FLAG_PENDING_WORK, &wl->flags)) 1893 1891 run_irq_work = true; 1894 1892 spin_unlock_irqrestore(&wl->wl_lock, flags); 1895 - 1896 - mutex_lock(&wl->mutex); 1897 1893 1898 1894 /* test the recovery flag before calling any SDIO functions */ 1899 1895 pending_recovery = test_bit(WL1271_FLAG_RECOVERY_IN_PROGRESS,
+1
net/mac80211/eht.c
··· 154 154 u8 *ptr = mgmt->u.action.u.eml_omn.variable; 155 155 struct ieee80211_eml_params eml_params = { 156 156 .link_id = status->link_id, 157 + .control = control, 157 158 }; 158 159 struct sta_info *sta; 159 160 int opt_len = 0;