From: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
To: Matthew Leach <matthew.leach@collabora.com>,
Jeff Johnson <jjohnson@kernel.org>
Cc: linux-wireless@vger.kernel.org, ath11k@lists.infradead.org,
linux-kernel@vger.kernel.org, kernel@collabora.com
Subject: Re: [PATCH] ath11k: workaround firmware bug where peer_id=0
Date: Tue, 14 Apr 2026 15:06:33 +0800 [thread overview]
Message-ID: <7dbc3836-c42c-4cbb-a50a-011d82a0ee81@oss.qualcomm.com> (raw)
In-Reply-To: <87h5pxlpg4.fsf@collabora.com>
On 3/30/2026 3:57 PM, Matthew Leach wrote:
> Hello,
>
> Matthew Leach <matthew.leach@collabora.com> writes:
>
>> This patch caches the peer enctype during the MSDU processing loop,
>> caching it on the first AMSDU sub-frame (is_first_msdu=1
>> is_last_msdu=0) and setting the correct enctype for any subsequent
>> sub-MSDUs.
>
> I've been looking at creating a patch that addresses the root cause,
> rather than patching incoming frame's flags:
>
> --8<---------------cut here---------------start------------->8---
> diff --git a/drivers/net/wireless/ath/ath11k/peer.c b/drivers/net/wireless/ath/ath11k/peer.c
> index 6d0126c39301..98348ccfdfbe 100644
> --- a/drivers/net/wireless/ath/ath11k/peer.c
> +++ b/drivers/net/wireless/ath/ath11k/peer.c
> @@ -347,7 +347,7 @@ static int __ath11k_peer_delete(struct ath11k *ar, u32 vdev_id, const u8 *addr)
> return 0;
> }
>
> -int ath11k_peer_delete(struct ath11k *ar, u32 vdev_id, u8 *addr)
> +int ath11k_peer_delete(struct ath11k *ar, u32 vdev_id, const u8 *addr)
> {
> int ret;
>
> @@ -372,7 +372,7 @@ int ath11k_peer_create(struct ath11k *ar, struct ath11k_vif *arvif,
> {
> struct ath11k_peer *peer;
> struct ath11k_sta *arsta;
> - int ret, fbret;
> + int ret, fbret, retries = 3;
>
> lockdep_assert_held(&ar->conf_mutex);
>
> @@ -400,6 +400,8 @@ int ath11k_peer_create(struct ath11k *ar, struct ath11k_vif *arvif,
> spin_unlock_bh(&ar->ab->base_lock);
> mutex_unlock(&ar->ab->tbl_mtx_lock);
>
> +retry:
> +
> ret = ath11k_wmi_send_peer_create_cmd(ar, param);
> if (ret) {
> ath11k_warn(ar->ab,
> @@ -427,6 +429,18 @@ int ath11k_peer_create(struct ath11k *ar, struct ath11k_vif *arvif,
> goto cleanup;
> }
>
> + if (!peer->peer_id) {
> + if (retries--) {
> + spin_unlock_bh(&ar->ab->base_lock);
> + mutex_unlock(&ar->ab->tbl_mtx_lock);
> + ath11k_peer_delete(ar, param->vdev_id, param->peer_addr);
> + goto retry;
> + } else {
> + ath11k_warn(ar->ab, "Null peer workaround failed for peer %pM, adding anyway",
> + param->peer_addr);
> + }
> + }
> +
> ret = ath11k_peer_rhash_add(ar->ab, peer);
> if (ret) {
> spin_unlock_bh(&ar->ab->base_lock);
> diff --git a/drivers/net/wireless/ath/ath11k/peer.h b/drivers/net/wireless/ath/ath11k/peer.h
> index 3ad2f3355b14..6325c4d157c7 100644
> --- a/drivers/net/wireless/ath/ath11k/peer.h
> +++ b/drivers/net/wireless/ath/ath11k/peer.h
> @@ -47,7 +47,7 @@ struct ath11k_peer *ath11k_peer_find_by_addr(struct ath11k_base *ab,
> const u8 *addr);
> struct ath11k_peer *ath11k_peer_find_by_id(struct ath11k_base *ab, int peer_id);
> void ath11k_peer_cleanup(struct ath11k *ar, u32 vdev_id);
> -int ath11k_peer_delete(struct ath11k *ar, u32 vdev_id, u8 *addr);
> +int ath11k_peer_delete(struct ath11k *ar, u32 vdev_id, const u8 *addr);
> int ath11k_peer_create(struct ath11k *ar, struct ath11k_vif *arvif,
> struct ieee80211_sta *sta, struct peer_create_params *param);
> int ath11k_wait_for_peer_delete_done(struct ath11k *ar, u32 vdev_id,
> --8<---------------cut here---------------end--------------->8---
>
> This patch detects the error condition at the point where a peer map
> request reply is received from the firmware. If the firmware maps with
> peer_id=0, we request that the firmware unmap that peer and map again,
> hoping it selects a peer_id!=0. We attempt this up to three times, at
> which point we give up and let the peer be mapped with an ID of 0.
>
> This patch addresses the root cause, but I think it's more invasive. I'd
> appreciate some comments as to which approach upstream would prefer. If
> the preference is for the above, I'll send out a v2.
for chips like QCA2066 and WCN6855 etc 0 is a valid value, however this is not for chips
like QCN9074 etc.
so a possible fix would be to add hardware ops based on chips: for QCN9074 we keep the
existing validation on 0 in the ops, while for QCA2066 the ops is a null func. Or even
simper we can remove the validation for all chips.
>
> Regards,
next prev parent reply other threads:[~2026-04-14 7:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-26 10:53 [PATCH] ath11k: workaround firmware bug where peer_id=0 Matthew Leach
2026-03-30 7:57 ` Matthew Leach
2026-04-14 7:06 ` Baochen Qiang [this message]
2026-04-14 12:54 ` Matthew Leach
2026-04-15 3:16 ` Baochen Qiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7dbc3836-c42c-4cbb-a50a-011d82a0ee81@oss.qualcomm.com \
--to=baochen.qiang@oss.qualcomm.com \
--cc=ath11k@lists.infradead.org \
--cc=jjohnson@kernel.org \
--cc=kernel@collabora.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=matthew.leach@collabora.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox